Location: PHPKode > projects > PHP Enter > edit.php
<?php @session_start();
/* * ********************************************************************
*  Copyright notice PHP Enter 4.1.6.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpenter[dot]net
*  All rights reserved
*
*  This script is part of the PHP Enter project. 
*  The PHP Enter project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
include ('settings.php');
require_once ('languages/lang_'.$langs.'.php');
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
  {
    die();
  }
if (!$_SESSION['inecsess'])
  {
    die();
  }
$arecordSet =&$conn->Execute('SELECT * FROM categori ORDER BY name ASC');
if (!$arecordSet)
    print $conn->ErrorMsg();
else
    while (!$arecordSet->EOF) {
        if ($arecordSet->fields['cord'] == 0) {
            $aval[] = $arecordSet->fields;
        } else {
            $nval[] = $arecordSet->fields;
        }
        $arecordSet->MoveNext();
    }
$smarty->assign('categori',$aval);
$smarty->assign('subcat', @$nval);

	$smarty->display('blank.php');


if($incitem == 0) {
	echo "<a href='javascript:history.go(-1)'>$lang[EDITDISB]</a></center>";
	echo "</div>";
	$smarty->display('footer.php');
	die();
}
$id = $_GET['id'];
if(isset($_POST['submit'])) {
	$univer = $_POST['univer'];
	$btextyx = $_POST['btextyx'];
	$briefyx = $_POST['briefyx'];
	$bamessy = $_POST['bamessy'];
	$gruppe = $_POST['gruppe'];
	@$option = $_POST['option'];
	$current_image = $_FILES['image']['name'];
	$extension = substr(strrchr($current_image,'.'),1);
	$time = date("Yhis");
	if(get_magic_quotes_gpc()) {
		$univer = stripslashes($univer);
		$btextyx = stripslashes($btextyx);
		$briefyx = stripslashes($briefyx);
		$bamessy = stripslashes($bamessy);
		$gruppe = stripslashes($gruppe);
		$option = stripslashes($option);
	}
        $bamessy = htmlspecialchars($bamessy);
	if(preg_match("/</",$btextyx)) {
		echo "$lang[INVALIDCHAR] '<' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/]/",$btextyx)) {
		echo ">$lang[INVALIDCHAR] '[' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/</",$briefyx)) {
		echo "$lang[INVALIDCHAR] '<' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/]/",$briefyx)) {
		echo ">$lang[INVALIDCHAR] '[' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($btextyx) < 3) {
		echo "$lang[POSTERR1] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($btextyx) > 150) {
		echo "$lang[POSTERR2] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($briefyx) > 400) {
		echo "$lang[POSTERR4] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($bamessy) < 10) {
		echo "$lang[POSTERR3] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($bamessy) > 25800) {
		echo "Error [23] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	$extension = substr(strrchr($current_image,'.'),1);
	$current_image = $_FILES['image']['name'];
	if($_FILES['image']['name'] == "") {
		$new_image = "";
	} else {
		if(($extension !== "jpg" && $extension !== "jpeg")) {
			die('Please Upload Valid .jpg or .jpeg File');
		}
		$blacklist = array(".msi",".exe",".php",".phtml",".php3",".php4",".js",".shtml",".pl",".py",".tpl");
		foreach($blacklist as $file) {
			if(preg_match("/$file\$/i",$_FILES['image']['name'])) {
				echo "ERROR: Uploading executable files Not Allowed\n";
				exit;
			}
		}
		$time = date("Yhis");
		$new_image = $time.".".$extension;
		$destination = "uploads/".$new_image;
		$action = copy($_FILES['image']['tmp_name'],$destination);
		/**
		 * ccthumb()
		 * 
		 * @param mixed $imgSrc
		 * @param mixed $filename
		 * @param mixed $thumbnail_width
		 * @param mixed $thumbnail_height
		 * @return
		 */
		function ccthumb($imgSrc,$filename,$thumbnail_width,$thumbnail_height) {
			list($width_orig,$height_orig) = getimagesize($imgSrc);
			if($width_orig > 1280 || $height_orig > 1280) {
				echo "<br>$lang[POSTERR7]";
				exit();
			}
			$tag = explode('.',$imgSrc);
			if(preg_match('/jpg|jpeg/',$tag[1])) {
				if(@$cimage = imagecreatefromjpeg($imgSrc) == true) {
					$cimage = imagecreatefromjpeg($imgSrc);
				} else {
					die("wrong file");
				}
			}
			$ratio_orig = $width_orig / $height_orig;
			if($thumbnail_width / $thumbnail_height > $ratio_orig) {
				$new_height = $thumbnail_width / $ratio_orig;
				$new_width = $thumbnail_width;
			} else {
				$new_width = $thumbnail_height * $ratio_orig;
				$new_height = $thumbnail_height;
			}
			$x_mid = $new_width / 2;
			$y_mid = $new_height / 2;
			$process = imagecreatetruecolor(round($new_width),round($new_height));
			imagecopyresampled($process,$cimage,0,0,0,0,$new_width,$new_height,$width_orig,$height_orig);
			$thumb = imagecreatetruecolor($thumbnail_width,$thumbnail_height);
			imagecopyresampled($thumb,$process,0,0,($x_mid - ($thumbnail_width / 2)),0,$thumbnail_width,$thumbnail_height,
				$thumbnail_width,$thumbnail_height);
			imagejpeg($thumb,$filename,100);
			return $thumb;
		}
		ccthumb($destination,'maxthumb/'.$new_image,300,250);
		ccthumb($destination,'minthumb/'.$new_image,144,82);
	}
                $shouter = @$_SESSION['INC_USER_ID'];
        if($option == 1) {
                $sql = $conn->Prepare('UPDATE newser SET idblog = ?, btexty = ?, brief = ?, images = ?, bamess = ? WHERE  `blogid` = ? and buserid = ?');
                if($conn->Execute($sql,array($gruppe,$btextyx,$briefyx,$new_image,$bamessy,$id,$shouter)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
                $bamessy = htmlspecialchars_decode($bamessy);
                $bamessy = strip_tags($bamessy);
                $sql2 = $conn->Prepare('UPDATE onewse SET  otexty = ?, omages = ?, oamess = ? WHERE  `oniver` = ?');
                if($conn->Execute($sql2,array($btextyx,$new_image,$bamessy,$univer)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}

	} else {
                $hcta = array("onload", "onclick");
                $ycta   = array("-", "-");
                $bamessy = str_replace($hcta, $ycta, $bamessy);
                $sql3 = $conn->Prepare('UPDATE newser SET idblog = ?, btexty = ?, brief = ?, bamess = ? WHERE `blogid` = ? and buserid = ?');
                if($conn->Execute($sql3,array($gruppe,$btextyx,$briefyx,$bamessy,$id,$shouter)) === false) {
	        print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
                $bamessy = htmlspecialchars_decode($bamessy);
                $bamessy = strip_tags($bamessy);
                $hcta = array("<", ">", "[", "]","onload", "onclick");
                $ycta   = array("-", "-", "-", "-", "-", "-");
                $bamessy = str_replace($hcta, $ycta, $bamessy);
                $sql4 = $conn->Prepare('UPDATE onewse SET  otexty = ?, oamess = ? WHERE `oniver` = ?');
                if($conn->Execute($sql4,array($btextyx,$bamessy,$univer)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
}
	$conn->Close();
	echo "$lang[EDITSUCC]<br />";
    ?>
- <a href="news.php?name=<?php echo $univer ?>"><?php echo stripslashes($btextyx) ?> [View]</a>
<?php } else {
	$id = $_GET['id'];
	$shouter = $_SESSION['INC_USER_ID'];
	$arecordSet = &$conn->Execute('SELECT * FROM newser WHERE blogid = ? and buserid = ? LIMIT 1', array($id, $shouter));
	if($arecordSet->fields == 0) {
		echo "<div id='error'>Error [88]</div></div>";
		$smarty->display('footer.php');
		$arecordSet->Close();
		$conn->Close();
		die();
	}
	while(!$arecordSet->EOF) {
		$univer = $arecordSet->fields['univer'];
		$idblog = $arecordSet->fields['idblog'];
		$images = $arecordSet->fields['images'];
		if($arecordSet->fields['editor'] == 1) {
		  ?>
<script type="text/javascript" src="scripts/tiny_mce/tiny_mce.js" ></script >
<script type="text/javascript">
tinyMCE.init({
// General options
mode : "textareas",
height : '400',
theme : "advanced",
plugins : "autolink,style,advimage,advlink,insertdatetime,preview,media,contextmenu,paste,directionality,fullscreen,visualchars,xhtmlxtras,template",
// Theme options
theme_advanced_buttons1 : "newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect,fontselect,fontsizeselect",
theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
theme_advanced_buttons3 : "styleprops,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,blockquote,|,insertfile,insertimage,|,removeformat,visualaid,|,sub,sup,|,charmap,media,|,ltr,rtl,|,fullscreen",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",
theme_advanced_resizing : true,
// Skin options
skin : "o2k7",
skin_variant : "silver",
// Example content CSS (should be your site CSS)
content_css : "css/example.css",
// Drop lists for link/image/media/template dialogs
template_external_list_url : "js/template_list.js",
external_link_list_url : "js/link_list.js",
external_image_list_url : "js/image_list.js",
media_external_list_url : "js/media_list.js",
// Replace values for the template plugin
template_replace_values : {
username : "Some User",
staffid : "991234"
}
});
</script>
<?php } ?>
<div style="width:615px;;height:52px">
<div style="float:left">
<h3><?php echo $lang['EDITNEWS'] ?></h3>
</div>
</div>
<form method="post" action="edit.php?id=<?php echo $arecordSet->fields['blogid'] ?>" enctype="multipart/form-data" method="post">
<input name="univer" value = "<?php echo $arecordSet->fields['univer']; ?>" type="hidden" />
Title:<br /> <input style="width:428px;" name="btextyx" value = "<?php echo $arecordSet->fields['btexty']; ?>" maxlength="255" />
<br /><br />
Summary:<br /> <input style="width:428px;" name="briefyx" value = "<?php echo $arecordSet->fields['brief']; ?>" maxlength="255" />
<br /><br />
Description:<br /><textarea style="width:444px;background:#ffffff;" name="bamessy"><?php echo stripslashes($arecordSet->fields['bamess']); ?></textarea>
<br /><br />
Category:<br />
<?php
        $result = "SELECT * FROM categori group by cord, catid, name ORDER by catid, cord ASC";
		$brecordSet = &$conn->Execute($result);
		echo "<select name='gruppe' onChange='Load_id()'>";
		echo "<option value>---</option>";
		if(!$brecordSet)
			print $conn->ErrorMsg();
		else
			while(!$brecordSet->EOF) {
				if($brecordSet->fields['catid'] == $idblog) {
					echo "<option value=\"".$brecordSet->fields['catid']."\" selected> - - ".$brecordSet->fields['name'].
						" </option>";
				} else {
					echo "<option value=\"".$brecordSet->fields['catid']."\" > - - ".$brecordSet->fields['name']."</option>";
				}
				$brecordSet->MoveNext();
			}
		echo '</select>';
        ?>
<br /><br />
<?php if($images == true) { ?>
<img style="padding:2px;border:1px solid #ccc;" width="144" height="82" src="<?php echo 'minthumb/'.$images; ?>">
<br />
<?php } ?>
<br />Upload New Image<br />
<input style="float:left;width:28px;" type="checkbox" name="option" value="1">
<br /><br />
New Image:(only .jpg .jpeg formats);
<br /><br />
<input type="file" name="image" />
<br /><br />
<input type="submit" class="buton" name="submit" value="Edit News" />
</form>
<?php
        $arecordSet->MoveNext();
	}
	$arecordSet->Close();
	$conn->Close();
}
?>
</div>
<?php
$smarty->display('footer.php');
######################################
##edit.php                    4.1.4.##
######################################
?>
Return current item: PHP Enter