From 4d52abb2ae7cde67f9f49fe15a60a52172e2f9c9 Mon Sep 17 00:00:00 2001
From: printempw <h@prinzeugen.net>
Date: Sun, 3 Apr 2016 10:19:12 +0800
Subject: [PATCH] added limit of uploading texture

---
 admin/options.php         |  9 ++++++--
 ajax.php                  | 46 +++++++++++++++++++++++++++++----------
 assets/js/upload.utils.js |  6 ++---
 3 files changed, 45 insertions(+), 16 deletions(-)

diff --git a/admin/options.php b/admin/options.php
index f31321c5..b33f5e73 100644
--- a/admin/options.php
+++ b/admin/options.php
@@ -3,7 +3,7 @@
  * @Author: printempw
  * @Date:   2016-03-18 22:50:25
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-04-03 07:55:54
+ * @Last Modified time: 2016-04-03 10:17:18
  */
 require "../libraries/session.inc.php";
 if (!$user->is_admin) Utils::redirect('../index.php?msg=看起来你并不是管理员');
@@ -38,7 +38,6 @@ $db = new Database\Database('users');
                                 foreach ($_POST as $key => $value) {
                                     if ($key != "option" && $key != "submit") {
                                         Option::set($key, $value);
-                                        // echo $key."=".$value."<br />";
                                     }
                                 }
                                 echo '<div class="callout callout-success">设置已保存。</div>';
@@ -77,6 +76,12 @@ $db = new Database\Database('users');
                                            <input type="text" class="form-control" name="regs_per_ip" value="<?php echo Option::get('regs_per_ip'); ?>">
                                         </td>
                                     </tr>
+                                    <tr data-toggle="tooltip" data-placement="bottom" title="PHP 限制：<?php echo ini_get('post_max_size'); ?>，定义在 php.ini 中。">
+                                        <td class="key">最大允许上传大小（KB）</td>
+                                        <td class="value">
+                                           <input type="text" class="form-control" name="upload_max_size" value="<?php echo Option::get('upload_max_size'); ?>">
+                                        </td>
+                                    </tr>
                                     <tr>
                                         <td class="key">首选 JSON API</td>
                                         <td class="value">
diff --git a/ajax.php b/ajax.php
index 8886865b..a113d3e1 100644
--- a/ajax.php
+++ b/ajax.php
@@ -3,7 +3,7 @@
  * @Author: printempw
  * @Date:   2016-01-16 23:01:33
  * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-27 11:50:32
+ * @Last Modified time: 2016-04-03 10:16:00
  *
  * - login, register, logout
  * - upload, change, delete
@@ -154,15 +154,27 @@ function checkFile() {
                                             $_FILES['skin_file']['type'] == "image/x-png"))
     {
         // if error occured while uploading file
-        if (isset($_FILES['skin_file']) && $_FILES['skin_file']["error"] > 0) {
-            $json['errno'] = 1;
-            $json['msg'] = $_FILES['skin_file']["error"];
+        if ($_FILES['skin_file']["error"] > 0) {
+            $json['skin']['errno'] = 1;
+            $json['skin']['msg'] = $_FILES['skin_file']["error"];
+            return false;
+        }
+        if ($_FILES['skin_file']['size'] > (Option::get('upload_max_size')) * 1024) {
+            $json['skin']['errno'] = 1;
+            $json['skin']['msg'] = "本站最大只允许上传 ".Option::get('upload_max_size')." KB 的材质。";
+            return false;
+        }
+        $size = getimagesize($_FILES['skin_file']["tmp_name"]);
+        $ratio = $size[0] / $size[1];
+        if ($ratio != 2 && $ratio != 1) {
+            $json['skin']['errno'] = 1;
+            $json['skin']['msg'] = "不是有效的皮肤文件（宽 {$size[0]}，高 {$size[1]}）";
             return false;
         }
     } else {
         if (Utils::getValue('skin_file', $_FILES)) {
-            $json['errno'] = 1;
-            $json['msg'] = '错误的皮肤文件类型。';
+            $json['skin']['errno'] = 1;
+            $json['skin']['msg'] = '错误的皮肤文件类型。';
             return false;
         } else {
             $json['skin']['errno'] = 0;
@@ -177,15 +189,27 @@ function checkFile() {
                                             $_FILES['cape_file']['type'] == "image/x-png"))
     {
         // if error occured while uploading file
-        if (isset($_FILES['cape_file']) && $_FILES['cape_file']["error"] > 0) {
-            $json['errno'] = 1;
-            $json['msg'] = $_FILES['cape_file']["error"];
+        if ($_FILES['cape_file']["error"] > 0) {
+            $json['cape']['errno'] = 1;
+            $json['cape']['msg'] = $_FILES['cape_file']["error"];
+            return false;
+        }
+        if ($_FILES['cape_file']['size'] > (Option::get('upload_max_size')) * 1024) {
+            $json['cape']['errno'] = 1;
+            $json['cape']['msg'] = "本站最大只允许上传 ".(Option::get('upload_max_size') * 1024)." KB 的材质。";
+            return false;
+        }
+        $size = getimagesize($_FILES['cape_file']["tmp_name"]);
+        $ratio = $size[0] / $size[1];
+        if ($ratio != 2) {
+            $json['cape']['errno'] = 1;
+            $json['cape']['msg'] = "不是有效的披风文件（宽 {$size[0]}，高 {$size[1]}）";
             return false;
         }
     } else {
         if (Utils::getValue('cape_file', $_FILES)) {
-            $json['errno'] = 1;
-            $json['msg'] = '错误的披风文件类型。';
+            $json['cape']['errno'] = 1;
+            $json['cape']['msg'] = '错误的披风文件类型。';
             return false;
         } else {
             $json['cape']['errno'] = 0;
diff --git a/assets/js/upload.utils.js b/assets/js/upload.utils.js
index 77fe706a..94a20ecb 100644
--- a/assets/js/upload.utils.js
+++ b/assets/js/upload.utils.js
@@ -2,7 +2,7 @@
 * @Author: printempw
 * @Date:   2016-03-18 21:58:09
 * @Last Modified by:   printempw
-* @Last Modified time: 2016-03-19 16:12:11
+* @Last Modified time: 2016-04-03 10:18:30
 */
 
 'use strict';
@@ -33,10 +33,10 @@ $("#upload").click(function(){
                     showCallout('callout-success', '上传成功！');
                 }
                 if (json.skin.errno != 0) {
-                    showCallout('callout-danger', '上传皮肤的时候出错了：\n'+json.skin.msg);
+                    showCallout('callout-warning', '上传皮肤的时候出错了：\n'+json.skin.msg);
                 }
                 if (json.cape.errno != 0) {
-                    showCallout('callout-danger', '上传披风的时候出错了：\n'+json.cape.msg);
+                    showCallout('callout-warning', '上传披风的时候出错了：\n'+json.cape.msg);
                 }
             },
             error: function(json) {