<?php
-ob_clean();
-
-if (!$User or !$User->admin('edit'))
+if (!$User->admin("edit {$Page->link}"))
abort("geen beheersrechten", '401 unauthorised');
if ($_FILES) {
$response = ['uploaded' => 0];
try {
require_once('upload.inc.php');
- $datadir = implode('/', ['data', date('Y')]);
- if ($Args) $datadir .= $Args;
+ $datadir = implode('/', ['data', date('Y'), $User->login]);
+ if ($Page->path) $datadir .= $Page->path;
$target = userupload(@$_FILES['upload'], $datadir);
if ($target) {
+ $target = "/thumb/640x/$target";
$response['fileName'] = $_FILES['upload']['name'];
$response['url'] = str_replace('%2F', '/', urlencode($target));
$response['uploaded']++;
if (!$_POST)
abort("niets te doen", '405 post error');
-if (!$Args)
- abort("geen bestand aangeleverd", '409 input error');
-$filename = ltrim($Args, '/').'.html';
+$filename = trim($Page->path, '/') ?: 'index';
if (preg_match('{^\.}', $filename))
abort("ongeldige bestandsnaam: $filename", '403 input error');
+if (is_dir($filename) && !file_exists("$filename.html"))
+ $filename .= '/index';
+$filename .= '.html';
if (file_exists($filename) and !is_writable($filename))
abort("onwijzigbaar bestand: $filename", '403 input error');