27 lines
650 B
PHP
27 lines
650 B
PHP
|
<?php
|
||
|
session_start();
|
||
|
if(!isset($_SESSION['uid'])) { $err = 1; }
|
||
|
if($_SESSION['uid'] != 10022) { $err = 2; }
|
||
|
|
||
|
$valid_extensions = array('jpeg', 'jpg', 'png', 'gif', 'bmp');
|
||
|
$path = 'uploads/';
|
||
|
|
||
|
if(isset($_FILES['image']) && !$err) {
|
||
|
$img = $_FILES['image']['name'];
|
||
|
$tmp = $_FILES['image']['tmp_name'];
|
||
|
$ext = strtolower(pathinfo($img, PATHINFO_EXTENSION));
|
||
|
|
||
|
if(in_array($ext, $valid_extensions)) {
|
||
|
$path = $path.strtolower($img);
|
||
|
if(move_uploaded_file($tmp, $path)) {
|
||
|
echo "<img src='$path' title='$img' />";
|
||
|
}
|
||
|
} else {
|
||
|
echo 'invalid';
|
||
|
}
|
||
|
} elseif($err == 1) {
|
||
|
echo 'noUser';
|
||
|
} elseif($err == 2) {
|
||
|
echo 'noAcces';
|
||
|
}
|
||
|
?>
|