fixed bugs, all working now.

html/config.php

@@ -10,6 +10,24 @@
  *
  */
 
+//	Description: Fully Qualified Domain Name (FQDN), with no trailing slash. Do not include the protocol (i.e.: HTTP or HTTPS).
+//	Default Example: "ugc.example.com"
+define("FQDN", "ugc2.dbmxpca.com");
+
+//	Description: HTTP protocol to use. Use "http" for plain-text HTTP or "https" for HTTP Secure protocol.
+//	Default Example: "ugc.example.com"
+define("HTTP_PROTOCOL", "https");
+
+//	Description: The public URL path to the UCD. For example, by default this is "/u" (short for "/users"). This value is appended to the FQDN to determine the final image path. For example, with the default configuration, an image path could be: "https://ugc.example.com/u/13940/3198590318.png". Otherwise if you set the setting to something like "/users" then an image path could be "https://ugc.example.com/users/13940/3198590318.png". Without any URL-Rewrite or mod_rewrite modules, this would usually correspond to the setting "USER_CONTENT_DIR" found below.
+//	Default: "/u"
+define("PUBLIC_USER_CONTENT_DIR", "/u");
+
+
+//	Description: Full filesystem path to the root of the user content directory. Must be writeable by the script. Do not include trailing slash.
+//	Default: $_SERVER['DOCUMENT_ROOT'] . "/u"
+//	Default Example: "https://ugc.dbmxpca.com/u/13940/3198590318.png"
+define("USER_CONTENT_DIR", $_SERVER['DOCUMENT_ROOT'] . "/u");
+
 
 //	Description: Allowed MIME types.
 //	Default: array('image/png', 'image/jpeg', 'image/gif', 'video/webm');
@@ -22,12 +40,6 @@ $allowed_mime_types = array('image/png', 'image/jpeg', 'image/gif', 'video/webm'
 define("USERS_JSON", $_SERVER['DOCUMENT_ROOT'] . "/users.json");
 
 
-//	Description: Full path to the root of the user content directory. Must be writeable by the script. Do not include trailing slash.
-//	Default: "/u"
-//	Default Example: "https://ugc.dbmxpca.com/u/13940/3198590318.png"
-define("USER_CONTENT_DIR", $_SERVER['DOCUMENT_ROOT'] . "/u");
-
-
 //	Description: If true, API keys are case-sensitive: requests will only succeed if requesting with the API key with correct case (i.e.: "PaSSword123" != "password123").
 //	Default: false
 //	Default Example: "https://ugc.dbmxpca.com/u/13940/3198590318.png"
@@ -46,6 +58,11 @@ define("DETAILED_ERRORS", true);
 // define("DETAILED_ERRORS", false);
 
 
+//	Description: Random length of a default random string. Currently unused.
+//	Default: 10
+define("RANDOM_STRING_DEFAULT_LENGTH", 10);
+
+
 
 
 

html/core.php

@@ -36,6 +36,56 @@ function ARE_STRINGS_EQUAL($str1, $str2, $case_sensitive = false){
 	return false;	
 }
 
+//	@BRIEF		Generates a secure, random string.
+//	@RETURNS	Returns the generated string.
+//	@CREDITS	https://stackoverflow.com/questions/4356289/php-random-string-generator/31107425#31107425
+function GET_RANDOM_STRING($length = RANDOM_STRING_DEFAULT_LENGTH, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'){
+	
+    $pieces = [];
+    $max = mb_strlen($keyspace, '8bit') - 1;
+    for ($i = 0; $i < $length; ++$i) {
+        $pieces []= $keyspace[random_int(0, $max)];
+    }
+    return implode('', $pieces);
+}
+
+//	@BRIEF		Generates a random filename.
+//	@CREDITS	php-image-serve.
+function GET_RANDOM_FILENAME($username, $type){
+	
+	$an = '0123456789';
+	$str = '';
+	for ($i = 0; $i < 5; $i++){
+		
+		$str .= substr($an, rand(0, strlen($an) - 1), 1);
+	}
+	
+	if (!file_exists(GET_USER_CONTENT_DIR_PATH($username) . $str . "." . $type)){
+		
+		return $str;
+	}
+	else{
+		
+		return GET_RANDOM_FILENAME($username, $type);
+	}
+}
+
+function SAVE_IMAGE($username, $mime_type, $tmp_name){
+	
+	$save_dir = GET_USER_CONTENT_DIR_PATH($username);
+	$mime_type_arr = explode('/', $mime_type);
+	$type = $mime_type_arr[1];
+	
+	$name = GET_RANDOM_FILENAME($username, $type);
+	$final_filename = $name . "." . $type;
+	
+	if (move_uploaded_file($tmp_name, $save_dir . "/" . $final_filename)){
+		$img_url = HTTP_PROTOCOL . "://" . FQDN . PUBLIC_USER_CONTENT_DIR . "/" . $username . "/" . $final_filename;
+		echo $img_url;
+	}
+	
+}
+
 function GET_JSON_DATA_FROM_FILE($full_path_to_file){
 	
 	$filename = $full_path_to_file;
@@ -182,6 +232,8 @@ function CHECK_USER(&$err){
 //	Check image prelim data.
 function CHECK_IMAGE_PRELIM_DATA(&$err){
 	
+	global $allowed_mime_types;
+	
 	if (empty($_FILES)){
 		
 		$err = "error_415_1";
@@ -190,7 +242,7 @@ function CHECK_IMAGE_PRELIM_DATA(&$err){
 	
 	if (filesize($_FILES['image']['tmp_name']) > 0){
 		
-		if (!in_array($_FILES['image']['type'], $allowed_mime_types)){
+		if (in_array($_FILES['image']['type'], $allowed_mime_types)){
 			
 			$err = null;
 			return true;

html/upload.php

@@ -37,7 +37,8 @@ if (CHECK_USER($err)){
 			//	Attempt to create user's directory within UCD.
 			if (CREATE_USER_CONTENT_DIR($_REQUEST['u'])){
 				
-				echo "ok";
+				//echo "ok";
+				SAVE_IMAGE($_REQUEST['u'], $_FILES['image']['type'], $_FILES['image']['tmp_name']);