diff --git a/admin/index.php b/admin/index.php index 504e3b0..a8e1d46 100644 --- a/admin/index.php +++ b/admin/index.php @@ -3,9 +3,9 @@ * Ideenmelder * Autor: Walter Hupfeld, Hamm * E-Mail: info@hupfeld-software.de - * Version: 1.0 + * Version: 3.0 * Datum: 18.05.2021 - * zuletzte bearbeitet: 21.02.2024 + * zuletzte bearbeitet: 15.03.2024 ******************************** */ session_start(); @@ -33,12 +33,13 @@ } $numDelete = (int)$_GET['delid']; - if ($superAmdin) { - $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");} + if ($boolSuperAdmin) { + $stmt = $db->prepare("DELETE FROM location WHERE id = :id");} else { - $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district");} + $stmt = $db->prepare("DELETE FROM location WHERE id = :id AND district=:district"); + $stmt->bindValue(":district",$strDistrict); + } $stmt->bindValue(":id",$numDelete); - $stmt->bindValue(":district",$strDistrict); $stmt->execute(); $stmt = $db->prepare("DELETE FROM comment WHERE loc_id= :loc_id"); diff --git a/ajax/ajax_location_push.php b/ajax/ajax_location_push.php index 2938bd3..e962beb 100644 --- a/ajax/ajax_location_push.php +++ b/ajax/ajax_location_push.php @@ -5,6 +5,8 @@ require_once("../config.php"); require_once("../lib/functions.php"); require_once("../lib/geocoding.php"); +$allowed_extensions = array("jpg", "jpeg", "png", "gif"); + $strUsername = htmlentities(trim($_POST['username'])); $strUsername = addslashes($strUsername); $strAge = (isset($_POST['ext_age'])) ? $_POST['ext_age'] : ""; @@ -23,21 +25,26 @@ if (empty($strUsername) || empty($numLng) || empty($numLat)) { die("not valid!"); } + if ($boolUpload && !empty($_FILES['uploadfile']['name'])) { - $uploadfile = $uploaddir . basename($_FILES['uploadfile']['name']); - $fileinfo = @getimagesize($_FILES["uploadfile"]["tmp_name"]); + $file=$_FILES['uploadfile']; + $uploadfile = $uploaddir . basename($file['name']); + $fileinfo = @getimagesize($file["tmp_name"]); if (!empty($fileinfo)) { //$info=read_gps_location($_FILES["uploadfile"]["tmp_name"]); - $i=1; - while (file_exists($uploadfile)) { - $uploadfile=$uploaddir.$i."_".basename($_FILES['uploadfile']['name']); - $i++; + $file_extension = pathinfo($file["name"], PATHINFO_EXTENSION); + if (!in_array(strtolower($file_extension), $allowed_extensions)) { + echo "Invalid file type. Please upload only jpg, jpeg, png, or gif images."; + exit(); } - if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $uploadfile)) { - $filename=$_FILES['uploadfile']['name']; - $filesize=$_FILES['uploadfile']['size']; - $filetype=$_FILES['uploadfile']['type']; - //echo "Filetype: ".$filetype; + $strNewfilename = uniqid("", true) . "." . $file_extension; + while (file_exists($uploaddir . $strNewfilename)) { + $strNewfilename = uniqid("", true) . "." . $file_extension; + } + if (move_uploaded_file($file['tmp_name'], $uploaddir.$strNewfilename)) { + $filename=$strNewfilename;//$file['name']; + $filesize=$file['size']; + $filetype=$file['type']; $boolUploadOk = true; } else { die("Upload failed with error code " . $_FILES['file']['error']); diff --git a/index.php b/index.php index 92ea058..490c203 100644 --- a/index.php +++ b/index.php @@ -72,13 +72,15 @@ - + + +