From 71937e5897c3dea1c418e4ebbd5ebd4c9f762b89 Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Wed, 7 May 2025 14:43:37 +0500
Subject: feat: additional checks for pfp & banner upload in /account

---
 public/account/index.php | 56 ++++++++++++++++++++++++++++++++----------------
 1 file changed, 38 insertions(+), 18 deletions(-)

(limited to 'public')

diff --git a/public/account/index.php b/public/account/index.php
index 5455727..80af380 100644
--- a/public/account/index.php
+++ b/public/account/index.php
@@ -36,28 +36,48 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
         }
     }
 
-    if (isset($_FILES["pfp"])) {
+    if (isset($_FILES["pfp"]) && !empty($_FILES["pfp"]["tmp_name"])) {
         $pfp = $_FILES["pfp"];
-        resize_image(
-            $pfp["tmp_name"],
-            "../static/userdata/avatars/" . $_SESSION["user_id"],
-            ACCOUNT_PFP_MAX_SIZE[0],
-            ACCOUNT_PFP_MAX_SIZE[1],
-            false,
-            true
-        );
+
+        if (!is_dir("../static/userdata/avatars")) {
+            mkdir("../static/userdata/avatars", 0777, true);
+        }
+
+        if (
+            $err = resize_image(
+                $pfp["tmp_name"],
+                $_SERVER["DOCUMENT_ROOT"] . "/static/userdata/avatars/" . $_SESSION["user_id"],
+                ACCOUNT_PFP_MAX_SIZE[0],
+                ACCOUNT_PFP_MAX_SIZE[1],
+                false,
+                true
+            )
+        ) {
+            generate_alert("/account", sprintf("Error occurred while processing the profile picture (%d)", $err));
+            exit;
+        }
     }
 
-    if (isset($_FILES["banner"])) {
+    if (isset($_FILES["banner"]) && !empty($_FILES["banner"]["tmp_name"])) {
         $banner = $_FILES["banner"];
-        resize_image(
-            $banner["tmp_name"],
-            "../static/userdata/banners/" . $_SESSION["user_id"],
-            ACCOUNT_BANNER_MAX_SIZE[0],
-            ACCOUNT_BANNER_MAX_SIZE[1],
-            false,
-            true
-        );
+
+        if (!is_dir("../static/userdata/banners")) {
+            mkdir("../static/userdata/banners", 0777, true);
+        }
+
+        if (
+            $err = resize_image(
+                $banner["tmp_name"],
+                $_SERVER["DOCUMENT_ROOT"] . "/static/userdata/banners/" . $_SESSION["user_id"],
+                ACCOUNT_BANNER_MAX_SIZE[0],
+                ACCOUNT_BANNER_MAX_SIZE[1],
+                false,
+                true
+            )
+        ) {
+            generate_alert("/account", sprintf("Error occurred while processing the profile banner (%d)", $err));
+            exit;
+        }
     }
 
     $db = null;
-- 
cgit v1.2.3