php-gallery/app/image/image.php

<?php
session_start();
// Include server connection
include dirname(__DIR__)."/server/conn.php";
include dirname(__DIR__)."/app.php";

use App\Account;
use App\Image;
use App\Make;

$user_info = new Account();
$image_info = new Image();
$make_stuff = new Make();

$user_ip = $user_info->get_ip();

/*
 |-------------------------------------------------------------
 | Delete image
 |-------------------------------------------------------------
 | This is the scarries code I written. I hate writing anything
 | like this, please help
 |-------------------------------------------------------------
*/
if (isset($_POST['submit_delete'])) {
  // Get all image info
  $image_array = $image_info->get_image_info($conn, $_POST['id']);

  // If user owns image or has the ID of 1
  if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
    // Delete from table
    $sql = "DELETE FROM images WHERE id = ?";
    if ($stmt = mysqli_prepare($conn, $sql)) {
      mysqli_stmt_bind_param($stmt, "i", $_POST['id']);

      // Attempt to execute the prepared statement
      if (mysqli_stmt_execute($stmt)) {
        // See if image is in the directory
        if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) {
          unlink(dirname(__DIR__)."/images/".$image_array['imagename']);
        }
        // Delete thumbnail if exitsts
        if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) {
          unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']);
        }
        // Delete preview if exitsts
        if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) {
          unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']);
        }
        // TP user to the homepage with a success message
        mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image ".$_POST['id']."')");
        $_SESSION['del'] = $_POST['id'];
        ?>
        <script>
          window.location.replace("index.php");
        </script>
        <?php
      } else {
        ?>
        <script>
          sniffleAdd('Oopsie', 'The image failed to delete off of the servers, contact Fluffy about his terrible programming', 'var(--warning)', 'assets/icons/cross.svg');
          flyoutClose();
        </script>
        <?php
      }
    } else {
      ?>
      <script>
        sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
        flyoutClose();
      </script>
      <?php
    }
  } else {
    ?>
    <script>
      sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
      flyoutClose();
    </script>
    <?php
  }
}


/*
 |-------------------------------------------------------------
 | Edit Description
 |-------------------------------------------------------------
 | This script took probably over 24hours to write, mostly
 | because of my stupidity. But it (mostly) works now which is
 | good. Reason for all the includes and session_start is due
 | to the need of checking if the person owns the image. If this
 | check is not done, someone could come by and just edit the
 | Jquery code on the front-end and change the image ID. Which
 | isnt too great :p
 |-------------------------------------------------------------
*/
if (isset($_POST['submit_description'])) {
  // Get all image info
  $image_array = $image_info->get_image_info($conn, $_POST['id']);
  // If user owns image or has the ID of 1
  if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
    // getting ready forSQL asky asky
    $sql = "UPDATE images SET alt=? WHERE id=?";

    // Checking if databse is doing ok
    if ($stmt = mysqli_prepare($conn, $sql)) {
      mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);

      // Setting parameters
      $param_alt = $_POST['input'];
      $param_id = $_POST['id'];

      // Attempt to execute the prepared statement
      if (mysqli_stmt_execute($stmt)) {
        ?>
        <script>
          sniffleAdd('Success!!!', 'Description has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
          flyoutClose();
        </script>
        <?php
      } else {
        ?>
        <script>
          sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
          flyoutClose();
        </script>
        <?php
      }
    } else {
      ?>
      <script>
        sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
        flyoutClose();
      </script>
      <?php
    }
  } else {
    ?>
    <script>
      sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
      flyoutClose();
    </script>
    <?php
  }
}


/*
 |-------------------------------------------------------------
 | Edit Tags
 |-------------------------------------------------------------
 | This is so garbage lmfao
 |-------------------------------------------------------------
*/
if (isset($_POST['submit_tags'])) {
  // Get all image info
  $image_array = $image_info->get_image_info($conn, $_POST['id']);
  // If user owns image or has the ID of 1
  if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
    // Clean input
    $tags_string = $make_stuff->tags(trim($_POST['input']));

    // getting ready forSQL asky asky
    $sql = "UPDATE images SET tags=? WHERE id=?";

    // Checking if databse is doing ok
    if ($stmt = mysqli_prepare($conn, $sql)) {
      mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id);

      // Setting parameters
      $param_tags = $tags_string;
      $param_id = $_POST['id'];

      // Attempt to execute the prepared statement
      if (mysqli_stmt_execute($stmt)) {
        ?>
        <script>
          sniffleAdd('Success!!!', 'Tags have been modified successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
          flyoutClose();
        </script>
        <?php
      } else {
        ?>
        <script>
          sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
          flyoutClose();
        </script>
        <?php
      }
    } else {
      ?>
      <script>
        sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
        flyoutClose();
      </script>
      <?php
    }
  } else {
    ?>
    <script>
      sniffleAdd('Denied', 'It seems that you do not have the right permitions to modify tags here.', 'var(--warning)', 'assets/icons/cross.svg');
      flyoutClose();
    </script>
    <?php
  }
}


/*
 |-------------------------------------------------------------
 | Edit Author
 |-------------------------------------------------------------
 | If this has security problems I'm so fucked
 |-------------------------------------------------------------
*/
if (isset($_POST['submit_author'])) {
  // If user has the ID of 1
  if ($user_info->is_admin($conn, $_SESSION['id'])) {
    // getting ready forSQL asky asky
    $sql = "UPDATE images SET author=? WHERE id=?";

    // Checking if databse is doing ok
    if ($stmt = mysqli_prepare($conn, $sql)) {
      mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id);

      // Setting parameters
      $param_author = $_POST['input'];
      $param_id = $_POST["id"];

      // Attempt to execute the prepared statement
      if (mysqli_stmt_execute($stmt)) {
        ?>
        <script>
          sniffleAdd('Success!!!', 'The Author has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
          flyoutClose();
        </script>
        <?php
      } else {
        ?>
        <script>
          sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
          flyoutClose();
        </script>
        <?php
      }
    }
  } else {
    ?>
    <script>
      sniffleAdd('Denied', 'Sussy wussy.', 'var(--warning)', 'assets/icons/cross.svg');
      flyoutClose();
    </script>
    <?php
  }
}
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`<?php`
			`session_start();`
			`// Include server connection`
Fixing directory and required file issues 2022-09-13 16:07:01 +00:00			`include dirname(__DIR__)."/server/conn.php";`
			`include dirname(__DIR__)."/app.php";`
Moved functions into classes 2022-09-12 14:15:16 +00:00
			`use App\Account;`
			`use App\Image;`
			`use App\Make;`

			`$user_info = new Account();`
			`$image_info = new Image();`
			`$make_stuff = new Make();`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00
Logs section added 2022-09-14 14:08:50 +00:00			`$user_ip = $user_info->get_ip();`

Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`/*`
			`\|-------------------------------------------------------------`
			`\| Delete image`
			`\|-------------------------------------------------------------`
			`\| This is the scarries code I written. I hate writing anything`
			`\| like this, please help`
			`\|-------------------------------------------------------------`
			`*/`
			`if (isset($_POST['submit_delete'])) {`
			`// Get all image info`
Moved functions into classes 2022-09-12 14:15:16 +00:00			`$image_array = $image_info->get_image_info($conn, $_POST['id']);`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00
			`// If user owns image or has the ID of 1`
In progress admin page 2022-09-16 16:39:13 +00:00			`if ($image_info->image_privilage($image_array['author']) \|\| $user_info->is_admin($conn, $_SESSION['id'])) {`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`// Delete from table`
Normalising names of tables 2022-09-14 10:41:20 +00:00			`$sql = "DELETE FROM images WHERE id = ?";`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`if ($stmt = mysqli_prepare($conn, $sql)) {`
Random Group fixes 2022-09-25 12:01:23 +00:00			`mysqli_stmt_bind_param($stmt, "i", $_POST['id']);`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00
			`// Attempt to execute the prepared statement`
			`if (mysqli_stmt_execute($stmt)) {`
			`// See if image is in the directory`
Fixing directory and required file issues 2022-09-13 16:07:01 +00:00			`if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) {`
			`unlink(dirname(__DIR__)."/images/".$image_array['imagename']);`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`}`
			`// Delete thumbnail if exitsts`
Fixing directory and required file issues 2022-09-13 16:07:01 +00:00			`if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) {`
			`unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']);`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`}`
Lower resolution image preview 2022-09-09 15:37:34 +00:00			`// Delete preview if exitsts`
Fixing directory and required file issues 2022-09-13 16:07:01 +00:00			`if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) {`
			`unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']);`
Lower resolution image preview 2022-09-09 15:37:34 +00:00			`}`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`// TP user to the homepage with a success message`
Logs section added 2022-09-14 14:08:50 +00:00			`mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image ".$_POST['id']."')");`
Random Group fixes 2022-09-25 12:01:23 +00:00			`$_SESSION['del'] = $_POST['id'];`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`?>`
			`<script>`
Random Group fixes 2022-09-25 12:01:23 +00:00			`window.location.replace("index.php");`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`</script>`
			`<?php`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Oopsie', 'The image failed to delete off of the servers, contact Fluffy about his terrible programming', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`}`


			`/*`
			`\|-------------------------------------------------------------`
			`\| Edit Description`
			`\|-------------------------------------------------------------`
			`\| This script took probably over 24hours to write, mostly`
			`\| because of my stupidity. But it (mostly) works now which is`
			`\| good. Reason for all the includes and session_start is due`
			`\| to the need of checking if the person owns the image. If this`
			`\| check is not done, someone could come by and just edit the`
			`\| Jquery code on the front-end and change the image ID. Which`
			`\| isnt too great :p`
			`\|-------------------------------------------------------------`
			`*/`
			`if (isset($_POST['submit_description'])) {`
			`// Get all image info`
Moved functions into classes 2022-09-12 14:15:16 +00:00			`$image_array = $image_info->get_image_info($conn, $_POST['id']);`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`// If user owns image or has the ID of 1`
In progress admin page 2022-09-16 16:39:13 +00:00			`if ($image_info->image_privilage($image_array['author']) \|\| $user_info->is_admin($conn, $_SESSION['id'])) {`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`// getting ready forSQL asky asky`
Normalising names of tables 2022-09-14 10:41:20 +00:00			`$sql = "UPDATE images SET alt=? WHERE id=?";`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00
			`// Checking if databse is doing ok`
			`if ($stmt = mysqli_prepare($conn, $sql)) {`
			`mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);`

			`// Setting parameters`
			`$param_alt = $_POST['input'];`
			`$param_id = $_POST['id'];`

			`// Attempt to execute the prepared statement`
			`if (mysqli_stmt_execute($stmt)) {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Success!!!', 'Description has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`}`


			`/*`
			`\|-------------------------------------------------------------`
			`\| Edit Tags`
			`\|-------------------------------------------------------------`
			`\| This is so garbage lmfao`
			`\|-------------------------------------------------------------`
			`*/`
			`if (isset($_POST['submit_tags'])) {`
			`// Get all image info`
Moved functions into classes 2022-09-12 14:15:16 +00:00			`$image_array = $image_info->get_image_info($conn, $_POST['id']);`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`// If user owns image or has the ID of 1`
In progress admin page 2022-09-16 16:39:13 +00:00			`if ($image_info->image_privilage($image_array['author']) \|\| $user_info->is_admin($conn, $_SESSION['id'])) {`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`// Clean input`
Moved functions into classes 2022-09-12 14:15:16 +00:00			`$tags_string = $make_stuff->tags(trim($_POST['input']));`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00
			`// getting ready forSQL asky asky`
Normalising names of tables 2022-09-14 10:41:20 +00:00			`$sql = "UPDATE images SET tags=? WHERE id=?";`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00
			`// Checking if databse is doing ok`
			`if ($stmt = mysqli_prepare($conn, $sql)) {`
			`mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id);`

			`// Setting parameters`
			`$param_tags = $tags_string;`
			`$param_id = $_POST['id'];`

			`// Attempt to execute the prepared statement`
			`if (mysqli_stmt_execute($stmt)) {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Success!!!', 'Tags have been modified successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Denied', 'It seems that you do not have the right permitions to modify tags here.', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`}`


			`/*`
			`\|-------------------------------------------------------------`
			`\| Edit Author`
			`\|-------------------------------------------------------------`
			`\| If this has security problems I'm so fucked`
			`\|-------------------------------------------------------------`
			`*/`
			`if (isset($_POST['submit_author'])) {`
			`// If user has the ID of 1`
In progress admin page 2022-09-16 16:39:13 +00:00			`if ($user_info->is_admin($conn, $_SESSION['id'])) {`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`// getting ready forSQL asky asky`
Normalising names of tables 2022-09-14 10:41:20 +00:00			`$sql = "UPDATE images SET author=? WHERE id=?";`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00
			`// Checking if databse is doing ok`
			`if ($stmt = mysqli_prepare($conn, $sql)) {`
			`mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id);`

			`// Setting parameters`
			`$param_author = $_POST['input'];`
			`$param_id = $_POST["id"];`

			`// Attempt to execute the prepared statement`
			`if (mysqli_stmt_execute($stmt)) {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Success!!!', 'The Author has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`}`
			`} else {`
			`?>`
			`<script>`
Updating naming of alert variables 2022-09-27 21:39:02 +00:00			`sniffleAdd('Denied', 'Sussy wussy.', 'var(--warning)', 'assets/icons/cross.svg');`
Moved all image controlls to one file Added option to add tags on upload Working on .env support 2022-09-09 11:41:41 +00:00			`flyoutClose();`
			`</script>`
			`<?php`
			`}`
			`}`