Automated Uploading

[LoneAngelIbesu]

So, I toyed around with Graal's personaluploads feature, after reading Dusty's post in the improvement forum. It's pretty straight-forward and I made sure to comment it thoroughly. For security, it checks file extensions and headers against a predefined whitelist. The script requires minimal configuration, but it's meant to be a learning experience, not a full-fledged, out-of-the-box program; in fact, it's pretty bare-bones. Needless to say, if your server is prone to immature kids uploading inappropriate graphics, I would not suggest using this. There is no moderation, whatsoever.

Comments, critiques, suggestions all welcome.

PHP Code:

function onActionServerside() {
  // Get personaluploads directory and filename
  temp.dir = player.getPersonalUploadFolder();
  temp.folder.loadfolder(temp.dir @ "*", 0);
  temp.file = temp.folder[0];
  
  // Establish extension and header whitelists
  temp.extensions = {"gif", "png"};
  temp.headers = {"GIF8", "PNG"};
  
  // Establish folders
  // Edit these to fit your server's file structure
  temp.bodyfolder = "levels/graphics/player/bodies/";
  temp.headfolder = "levels/graphics/player/heads/";
  temp.hatfolder = "levels/graphics/player/hats/";
  temp.shieldfolder = "levels/graphics/player/shields/";
  temp.packfolder = "levels/graphics/player/packs/";
  
  // Extract file extension and header
  temp.fileext = temp.file.tokenize(".")[1];
  temp.rawfilehead.loadlines(temp.dir @ temp.file);
  temp.filehead = this.analyzeheader(temp.rawfilehead[0], temp.headers);
  
  // Check if file extention is in whitelist
  if(temp.fileext in temp.extensions) {
    // If true, check if file header is in whitelist
    if(temp.filehead != false) {
      // If true, move file to correct directory, based on file name
      // Check if file starts with correct prefix
      if(temp.file.starts("valp")) { // Replace with your server's prefix, or remove the check altogether
        // Check type of file, based on file name
        if(temp.file.pos("head") => 0) {
          movefile(temp.dir @ temp.file, temp.headfolder @ temp.file);
        }
        else if(temp.file.pos("body") => 0) {
          movefile(temp.dir @ temp.file, temp.bodyfolder @ temp.file);
        }
        else if(temp.file.pos("hat") => 0) {
          movefile(temp.dir @ temp.file, temp.hatfolder @ temp.file);
        }
        else if(temp.file.pos("shield") => 0) {
          movefile(temp.dir @ temp.file, temp.shieldfolder @ temp.file);
        }
        else if(temp.file.pos("pack") => 0) {
          movefile(temp.dir @ temp.file, temp.packfolder @ temp.file);
        }
        else {
          // If file is not named correctly, delete it.
          deletefile(temp.dir @ temp.file);
        }
      }
      else {
        // If file is not named correctly, delete it.
        deletefile(temp.dir @ temp.file);
      }
    }
    else {
      // If false, delete file: this file is not allowed
      deletefile(temp.dir @ temp.file);
    }
  }
  else {
    // If false, delete file: this file is not allowed
    deletefile(temp.dir @ temp.file);
  }
}
function analyzeheader(header, whitelist) {
  for(temp.i: temp.whitelist) {
    if(temp.header.pos(temp.i) => 0) {
      return temp.i;
    }
  }
  return false;
}
//#CLIENTSIDE
function onCreated() {
  // Restriction feature. Add player account to array.
  temp.restricted = {};
  if(player.account in temp.restricted) {
    this.destroy();
  }
}
function onPlayerChats() {
  if(player.chat == "/upload") {
    requesttext("folder", "PERSONAL");
    selectFileforUpload();
  }
}
function onFilesUploaded() {
  triggerserver("gui", this.name);
}