Добавил проверку изображения в апи постов и ещё по мелочи

api/post/create.php

@@ -2,6 +2,7 @@
 
 require_once("../_auth.php");
 require_once("../_utils.php");
+require_once("../user/index.php");
 
 
 
@@ -30,7 +31,31 @@ if (ThisFileIsRequested(__FILE__)) {
 	if (!(isset($_POST["tags"]) && isset($_FILES["pic"])))
 		ReturnJSONError($Err_RDP_InvalidArgs, "not enough arguments");
 
-	// TODO
+	// TODO: add rate-limiting, instead of this
+	// Check user privs
+	if (User_HasRole($THIS_USER, "newbie"))
+		ReturnJSONError($Err_DP_NotEnoughRole, "newbies cant create posts");
+
+	// Check image properties
+
+	// If size is too large
+	if ($_FILES["pic"]["size"] > $Config["media"]["max_pic_size"])
+		ReturnJSONError($Err_DP_FileTooLarge, "picture is too large");
+
+	$TmpFilePath = $_FILES["pic"]["tmp_name"];
+	$Ext = strtolower(pathinfo($TmpFilePath, PATHINFO_EXTENSION));
+
+	// If file extension is not in list of allowed
+	if (in_array($Ext, $Config["media"]["allowed_exts"]))
+		ReturnJSONError($Err_DP_FileWrongType, "file extension is invalid");
+	// If file mime type is not in list of allowed
+	if (in_array(mime_content_type($TmpFilePath), $Config["media"]["allowed_mimetypes"]))
+		ReturnJSONError($Err_DP_FileWrongType, "file mime type is invalid");
+
+	// Check if resolution is bigger than allowed or have unacceptable aspect ratio
+	list($SzX, $SzY, $Type, $Attr) = getimagesize($TmpFilePath);
+	if ($SzX > $Config["media"]["max_pic_res"]["x"] || $SzY > $Config["media"]["max_pic_res"]["y"] || (GetAspectRatio($SzX, $SzY) > $Config["media"]["max_pic_res"]["ratio"]))
+		ReturnJSONError($Err_DP_ImageWrongRes, "image with that resolution or aspect ratio cant be accepted");
 }
 
 ?>