<?php
/* * ********************************************************************
* Copyright notice PHP Enter 4.1.6.
*
* (c) 2011 Predrag Rukavina - admin[at]phpenter[dot]net
* All rights reserved
*
* This script is part of the PHP Enter project.
* The PHP Enter project is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*
* This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
include ('admin/admheader.php');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
?>
<head>
<meta charset="UTF-8" />
<link rel="stylesheet" type="text/css" href="admin/style.css" />
</head>
<body>
<div id="aforms">
<div id="cconfig">New Story</div>
<?php if(isset($_POST['query'])) {
$cuniver = $_POST['bname'];
$current_image = $_FILES['image']['name'];
$extension = substr(strrchr($current_image,'.'),1);
$time = date("Yhis");
if(get_magic_quotes_gpc()) {
$univer = stripslashes($_POST['univer']);
$idblog = stripslashes($_POST['idblog']);
$editor = stripslashes($_POST['editor']);
$bname = stripslashes($_POST['bname']);
$usercc = stripslashes($_POST['usercc']);
$summary = stripslashes($_POST['summary']);
$badress = stripslashes($_POST['badress']);
$amess = stripslashes($_POST['amess']);
$amess = htmlspecialchars($amess);
} else {
$univer = $_POST['univer'];
$idblog = $_POST['idblog'];
$editor = $_POST['editor'];
$bname = $_POST['bname'];
$usercc = $_POST['usercc'];
$summary = $_POST['summary'];
$badress = $_POST['badress'];
$amess = $_POST['amess'];
$amess = htmlspecialchars($amess);
}
if(preg_match("/</",$summary)) {
echo "<center><div id='toprow'>Invalid Characters [Summary] '<' </div>";
Die();
}
if(preg_match("/]/",$summary)) {
echo "<center><div id='toprow'>Invalid Characters [Summary] '[' </div>";
Die();
}
if(strlen($bname) < 3) {
echo "<center>Field must be at least 3 characters long:<a href='javascript:history.go(-1)'>Go Back</a></center>";
die();
}
if(strlen($bname) > 150) {
echo "<center>Max Characters Field: 150<a href='javascript:history.go(-1)'>Go Back</a></center>";
die();
}
if(strlen($summary) > 400) {
echo "<center>Field [summary] must be at least 400 characters long:<a href='javascript:history.go(-1)'>Go Back</a></center>";
die();
}
if(strlen($amess) < 10) {
echo "<center>Field description must be at least 10 characters long:<a href='javascript:history.go(-1)'>Go Back</a></center>";
die();
}
if(strlen($amess) > 25800) {
echo "<center>Max Characters Field Description.<a href='javascript:history.go(-1)'>Go Back</a></center>";
die();
}
$extension = substr(strrchr($current_image,'.'),1);
$current_image = $_FILES['image']['name'];
if($_FILES['image']['name'] == "") {
$new_image = "";
} else {
if(($extension !== "jpg" && $extension !== "jpeg")) {
die('Please Upload Valid .jpg or .jpeg File');
}
$blacklist = array(".msi",".exe",".php",".phtml",".php3",".php4",".js",".shtml",
".pl",".py",".tpl");
foreach($blacklist as $file) {
if(preg_match("/$file\$/i",$_FILES['image']['name'])) {
echo "ERROR: Uploading executable files Not Allowed\n";
exit;
}
}
$time = date("Yhis");
$new_image = $time.".".$extension;
$destination = "uploads/".$new_image;
$action = copy($_FILES['image']['tmp_name'],$destination);
/**
* ccthumb()
*
* @param mixed $imgSrc
* @param mixed $filename
* @param mixed $thumbnail_width
* @param mixed $thumbnail_height
* @return
*/
function ccthumb($imgSrc,$filename,$thumbnail_width,$thumbnail_height) {
list($width_orig,$height_orig) = getimagesize($imgSrc);
if($width_orig > 1480 || $height_orig > 1480) {
echo "<br>Maximum width and height exceeded. Please upload images below 1480 x 1480 px size";
exit();
}
$tag = explode('.',$imgSrc);
if(preg_match('/jpg|jpeg/',$tag[1])) {
if(@$cimage = imagecreatefromjpeg($imgSrc) == true) {
$cimage = imagecreatefromjpeg($imgSrc);
} else {
die("wrong file");
}
}
$ratio_orig = $width_orig / $height_orig;
if($thumbnail_width / $thumbnail_height > $ratio_orig) {
$new_height = $thumbnail_width / $ratio_orig;
$new_width = $thumbnail_width;
} else {
$new_width = $thumbnail_height * $ratio_orig;
$new_height = $thumbnail_height;
}
$x_mid = $new_width / 2; //horizontal middle
$y_mid = $new_height / 2; //vertical middle
$process = imagecreatetruecolor(round($new_width),round($new_height));
imagecopyresampled($process,$cimage,0,0,0,0,$new_width,$new_height,$width_orig,
$height_orig);
$thumb = imagecreatetruecolor($thumbnail_width,$thumbnail_height);
imagecopyresampled($thumb,$process,0,0,($x_mid - ($thumbnail_width / 2)),0,$thumbnail_width,
$thumbnail_height,$thumbnail_width,$thumbnail_height);
imagejpeg($thumb,$filename,100);
return $thumb;
}
ccthumb($destination,'maxthumb/'.$new_image,300,250);
ccthumb($destination,'minthumb/'.$new_image,144,82);
}
$zero = '0';
$admin_image = 'admin.jpg';
$time = date("Y-m-d H:i:s");
$sql = $conn->Prepare('INSERT INTO newser (univer,idblog,editor,buserid,buser,btexty,brief,badress,images,bimgs,bdate,bamess) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
if($conn->Execute($sql,array($univer,$idblog,$editor,$zero,$usercc,$bname,$summary,$badress,$new_image,$admin_image,$time,$amess)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$amess = htmlspecialchars_decode($amess);
$amess = strip_tags($amess);
$sql2 = $conn->Prepare('INSERT INTO onewse (oniver,omages,otexty,oamess) VALUES (?, ?, ?, ?)');
if($conn->Execute($sql2,array($univer,$new_image,$bname,$amess)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$sql3 = $conn->Prepare('UPDATE categori SET ccount = ccount + ? WHERE catid = ?');
if($conn->Execute($sql3,array("1",$idblog)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$conn->Close();
?>
<head>
<script type="text/javascript">
<!--
function delayer(){
window.location = "addnews.php"
}
//-->
</script>
<link type="text/css" href="admin/style.css" rel="stylesheet" />
</head>
<body onLoad="setTimeout('delayer()', 10000)">
<div class="redir">
<center><font style="font-family:verdana;font-size:13px;color:#555;">You will be automatically redirected to the "Submit New Story" in 10 seconds<br /><br />
<a href="news.php?name=<?php echo $univer ?>">View "<?php echo stripslashes($bname); ?>"</font></center>
</div>
<?php } else {
$univer = date("Yhis"); ?>
<h3>New Story [Admin Mode]</h3>
<form action="addnews.php" enctype="multipart/form-data" method="post">
Category:<br />
<input type="hidden" name="univer" value="<?php echo $univer; ?>" />
<?php $arecordSet = &$conn->Execute('SELECT * FROM categori ORDER by catid ASC');
echo "<select name='idblog' onChange='Load_id()'>";
if(!$arecordSet)
print $conn->ErrorMsg();
else
while(!$arecordSet->EOF) {
$catid = $arecordSet->fields['catid'];
$name = $arecordSet->fields['name'];
echo "<option value='".$catid."'> - - ".$name." </option>";
$arecordSet->MoveNext();
}
echo '</select>';
$brecordSet = &$conn->Execute('SELECT * FROM cpadmin LIMIT 1');
if(!$brecordSet)
print $conn->ErrorMsg();
else
while(!$brecordSet->EOF) {
$ausername = $brecordSet->fields['ausername'];
echo " <input type='hidden' name='usercc' value='".$ausername."'>";
$brecordSet->MoveNext();
}
if($editortrue == 2) {
echo " <input type='hidden' name='editor' value='2'>";
}
if($editortrue == 1) { ?>
<script type="text/javascript" src="scripts/tiny_mce/tiny_mce.js" ></script >
<script type="text/javascript">
tinyMCE.init({
mode : "textareas",
height : '400',
theme : "advanced",
plugins : "autolink,style,advimage,advlink,insertdatetime,preview,media,contextmenu,paste,directionality,fullscreen,visualchars,xhtmlxtras,template",
theme_advanced_buttons1 : "newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect,fontselect,fontsizeselect",
theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
theme_advanced_buttons3 : "styleprops,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,blockquote,|,insertfile,insertimage,|,removeformat,visualaid,|,sub,sup,|,charmap,media,|,ltr,rtl,|,fullscreen",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",
theme_advanced_resizing : true,
// Skin options
skin : "o2k7",
skin_variant : "silver",
content_css : "css/example.css",
template_external_list_url : "js/template_list.js",
external_link_list_url : "js/link_list.js",
external_image_list_url : "js/image_list.js",
media_external_list_url : "js/media_list.js",
template_replace_values : {
username : "Some User",
staffid : "991234"
}
});
</script>
<?php echo " <input type='hidden' name='editor' value='1'>"; } ?>
<input type="hidden" name="badress" value="0" class="incc" />
<br /><br />
Title:
<br />
<input type="text" name="bname" id="incc" />
<br />
<br />
Summary (optional; max 250 characters):
<br />
<input type="text" name="summary" id="incc" />
<br />
<br />
Image:(only .jpg .jpeg formats);
<br />
<input type="file" name="image" />
<br />
<br />
Description:
<br />
<br />
<textarea name="amess" style="width:550px;height:250px;"></textarea><br />
<input class="incc" type="submit" value="Submit" name="query" style="color:#555;border:1px solid #ccc;background:#f8f8f8" />
</form>
<?php
$arecordSet->Close();
$brecordSet->Close();
$conn->Close();
}
?>
</div>
<?php
include ('admin/admfooter.php');
######################################
##addnews.php 4.1.4.##
######################################
?>