1 files changed, 54 insertions, 0 deletions

diff --git a/pages/api/design.php b/pages/api/design.php
new file mode 100644
index 0000000..512677d
--- /dev/null
+++ b/pages/api/design.php
@@ -0,0 +1,54 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn;
+require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/random.inc";
+
+if (!$isLoggedIn || !isset($_GET["type"]) || !isset($_GET["member"])) die("Not logged in or missing operand");
+if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/assets/ponies/" . $_GET["member"] . ".png")) die("No initial Pony Town character");
+
+$designs = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/data/designs/" . $_GET["member"] . ".json"), true);
+
+$inputJSON = file_get_contents('php://input');
+$input = json_decode($inputJSON, true);
+
+switch ($_GET["type"]) {
+    case "name":
+        $designs[$_GET["id"]]["name"] = trim(strip_tags(substr(base64_decode($_GET["value"]), 0, 100)));
+
+        if (trim(strip_tags(substr(base64_decode($_GET["value"]), 0, 100))) === "" && $_GET["id"] !== "_main") {
+            unset($designs[$_GET["id"]]);
+            echo("&");
+        }
+
+        break;
+
+    case "note":
+        $designs[$_GET["id"]]["note"] = trim(strip_tags(substr(base64_decode($_GET["value"]), 0, 100)));
+        break;
+
+    case "upload":
+        $id = random();
+
+        $file = base64_decode($input["file"]);
+        $image = @imagecreatefromstring($file);
+
+        imagealphablending($image, false);
+        imagesavealpha($image, true);
+
+        imagepng($image, "/tmp/temp-" . $id . ".png");
+        $text = base64_encode(file_get_contents("/tmp/temp-" . $id . ".png"));
+        unlink("/tmp/temp-" . $id . ".png");
+
+        $designs[$id] = [
+            "name" => "Untitled",
+            "note" => "ID: " . $id,
+            "image" => $text
+        ];
+
+        break;
+
+    default:
+        die("Invalid type");
+}
+
+file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/data/designs/" . $_GET["member"] . ".json", json_encode($designs));
\ No newline at end of file