<?php

// by 请勿倒卖,已申请软著,否则追究法律责任
include "../../system/db.class.php";
$aid = intval($_POST["aid"]);
$uid = intval($_POST["uid"]);
$upw = SafeSql($_POST["upw"]);
$row = db("app")->where("in_id", $aid)->find();
$row || exit("-1");
$userid = db("user")->where("in_userid", $uid)->where("in_userpassword", $upw)->value("in_userid");
$row["in_uid"] == $userid || exit("-2");
if (!empty($_FILES)) {
	$in_icon = stristr($row["in_icon"], "/") ? substr(strrchr($row["in_icon"], "/"), 1) : $row["in_icon"];
	$filepart = pathinfo($_FILES["icon"]["name"]);
	if (in_array(strtolower($filepart["extension"]), array("jpg", "jpeg", "gif", "png"))) {
		$file = IN_ROOT . "data/attachment/" . $in_icon;
		@move_uploaded_file($_FILES["icon"]["tmp_name"], $file);
		db("app")->where("in_id", $aid)->update(array("in_icon" => $in_icon));
		echo "1";
	} else {
		echo "-3";
	}
}