+<?php
+
+require_once __DIR__ . '/db.php';
+require_once __DIR__ . '/auth.php';
+require_once __DIR__ . '/uuid.php';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ $user = check_auth();
+ $db = get_db();
+ $db->exec('BEGIN TRANSACTION');
+ $post_id = uuid_v4();
+ $post_time = time();
+ $images = $_FILES['image'];
+ $num_files = count($images['name']);
+ for ($i = 0; $i < $num_files; $i++) {
+ $name = $images['name'][$i];
+ $mime_type = $images['type'][$i];
+ $tmp_file = $images['tmp_name'][$i];
+ $error = $images['error'][$i];
+ $size = $images['size'][$i];
+ // strip EXIF
+ $img = new Imagick($tmp_file);
+ // keep ICC for quality
+ $profiles = $img->getImageProfiles("icc", true);
+ $img->stripImage();
+ if(!empty($profiles)) {
+ $img->profileImage('icc', $profiles['icc']);
+ }
+
+ $file_b64 = base64_encode($img->getImageBlob());
+ $pic_id = uuid_v4();
+ $upload_stmt = $db->prepare('INSERT into pics values (:id, :post_id, :mime_type, :b64_bytes)');
+ $upload_stmt->bindValue(':id', $pic_id);
+ $upload_stmt->bindValue(':post_id', $post_id);
+ $upload_stmt->bindValue(':mime_type', $mime_type);
+ $upload_stmt->bindValue(':b64_bytes', $file_b64);
+ $upload_stmt->execute();
+
+ echo "<img src='data:{$mime_type};base64,{$file_b64}' alt='$name'/>";
+ }
+
+ $post_stmt = $db->prepare('INSERT into posts VALUES(:id, :user, :time)');
+ $post_stmt->bindValue(':id', $post_id);
+ $post_stmt->bindValue(':user', $user);
+ $post_stmt->bindValue(':time', $post_time);
+ $post_stmt->execute();
+
+ $db->exec('COMMIT');
+} else {
+echo '
+ <html>
+ <body>
+ <form enctype="multipart/form-data" method="POST" action="upload.php">
+ <label>Pick Images:<input type="file" id="upload" name="image[]" multiple>
+ </input></label>
+ <br/>
+ <textarea id="comment" name="comment">Title/comment your post</textarea>
+ <br/>
+ <input type="submit" value="Upload"/>
+ </form>
+ </body>
+ </html>
+';
+}