Location: PHPKode > projects > PHP Enter > post.php
<?php @session_start();
/* * ********************************************************************
*  Copyright notice PHP Enter 4.1.6.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpenter[dot]net
*  All rights reserved
*
*  This script is part of the PHP Enter project. 
*  The PHP Enter project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
include ('settings.php');
require_once ('languages/lang_'.$langs.'.php');
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
  {
    die();
  }
if (!$_SESSION['inecsess'])
  {
    die();
  }
$arecordSet =&$conn->Execute('SELECT * FROM categori ORDER BY name ASC');
if (!$arecordSet)
    print $conn->ErrorMsg();
else
    while (!$arecordSet->EOF) {
        if ($arecordSet->fields['cord'] == 0) {
            $aval[] = $arecordSet->fields;
        } else {
            $nval[] = $arecordSet->fields;
        }
        $arecordSet->MoveNext();
    }
$smarty->assign('categori',$aval);
$smarty->assign('subcat', @$nval);
if($editortrue == 2) {
	$smarty->display('submit.php');
}
if($editortrue == 1) {
	$smarty->display('submit1.php');
}
$shouter = @$_SESSION['INC_USER_ID'];
$drecordSet = &$conn->Execute('SELECT * FROM users WHERE usid = ? LIMIT 1', array($shouter));
if(!$drecordSet)
	print $conn->ErrorMsg();
else
	while(!$drecordSet->EOF) {
		$priv = $drecordSet->fields['privilege'];
		$kori = $drecordSet->fields['usid'];
		$usercc = $drecordSet->fields['username'];
		$thumbs = $drecordSet->fields['thumbs'];
		if($priv == 1) {
			echo "<div id=\"error\">".$lang['MUSTPR']."&nbsp;".$lang['MUSTCO']."&nbsp;<a href=\"mailto:".$sitemail."\">".
				$lang['MUSTWE']."</a>&nbsp".$lang['MUSTSI']."</div></div>";
			$smarty->display('footer.php');
			die();
		}
		$drecordSet->MoveNext();
	}
if(isset($_POST['query'])) {
	if($editortrue == 2) {
		$editor = '2';
	}
	if($editortrue == 1) {
		$editor = '1';
	}
	$cuniver = $_POST['bname'];
	$current_image = $_FILES['image']['name'];
	$extension = substr(strrchr($current_image,'.'),1);
	$time = date("Yhis");
	if(get_magic_quotes_gpc()) {
		$univer = stripslashes($_POST['univer']);
		$idblog = stripslashes($_POST['idblog']);
		$bname = stripslashes($_POST['bname']);
		$summary = stripslashes($_POST['summary']);
		$badress = stripslashes($_POST['badress']);
		$amess = stripslashes($_POST['amess']);
		$amess = htmlspecialchars($amess);
	} else {
		$univer = $_POST['univer'];
		$idblog = $_POST['idblog'];
		$bname = $_POST['bname'];
		$summary = $_POST['summary'];
		$badress = $_POST['badress'];
		$amess = $_POST['amess'];
		$amess = htmlspecialchars($amess);
	}
	if(@$_SESSION["reloadse"] == $cuniver) {
		echo "$lang[BOOKERR9].</div>";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/</",$bname)) {
		echo "$lang[INVALIDCHAR] '<' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/]/",$bname)) {
		echo ">$lang[INVALIDCHAR] '[' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/</",$summary)) {
		echo "$lang[INVALIDCHAR] '<' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(preg_match("/]/",$summary)) {
		echo ">$lang[INVALIDCHAR] '[' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($bname) < 3) {
		echo "$lang[POSTERR1] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($bname) > 250) {
		echo "$lang[POSTERR2] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($summary) > 430) {
		echo "$lang[POSTERR4] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($amess) < 10) {
		echo "$lang[POSTERR3] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($amess) > $maxposting) {
		echo "Error [23] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
		$smarty->display('footer.php');
		die();
	}
	$blacklist = array(".msi",".exe",".php",".phtml",".php3",".php4",".js",".shtml",
		".pl",".py",".tpl",".zip",".gzip",".tar"," ");
	foreach($blacklist as $file) {
		if(preg_match("/$file\$/i",$_FILES['image']['name'])) {
			echo "$lang[POSTERR5]\n</div>";
			$smarty->display('footer.php');
			die();
		}
	}
	if($_FILES['image']['name'] == "") {
		$new_image = "";
	} else {
		if(($extension !== "jpg" && $extension !== "jpeg")) {
			echo "$lang[POSTERR6] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
			$smarty->display('footer.php');
			die();
		}
		$time = date("Yhis");
		$new_image = $time.".".$extension;
		$destination = "uploads/".$new_image;
		$action = copy($_FILES['image']['tmp_name'],$destination);
		/**
		 * ccthumb()
		 * 
		 * @param mixed $imgSrc
		 * @param mixed $filename
		 * @param mixed $thumbnail_width
		 * @param mixed $thumbnail_height
		 * @return
		 */
		function ccthumb($imgSrc,$filename,$thumbnail_width,$thumbnail_height) {
			list($width_orig,$height_orig) = getimagesize($imgSrc);
			if($width_orig > 1280 || $height_orig > 1280) {
				echo "$lang[POSTERR7]</div>";
				exit();
			}
			$tag = explode('.',$imgSrc);
			if(preg_match('/jpg|jpeg/',$tag[1])) {
				if(@$cimage = imagecreatefromjpeg($imgSrc) == true) {
					$cimage = imagecreatefromjpeg($imgSrc);
				} else {
					echo "</div>";
					$smarty->display('footer.php');
					die("wrong file");
				}
			}
			$ratio_orig = $width_orig / $height_orig;
			if($thumbnail_width / $thumbnail_height > $ratio_orig) {
				$new_height = $thumbnail_width / $ratio_orig;
				$new_width = $thumbnail_width;
			} else {
				$new_width = $thumbnail_height * $ratio_orig;
				$new_height = $thumbnail_height;
			}
			$x_mid = $new_width / 2;
			$y_mid = $new_height / 2;
			$process = imagecreatetruecolor(round($new_width),round($new_height));
			imagecopyresampled($process,$cimage,0,0,0,0,$new_width,$new_height,$width_orig,
				$height_orig);
			$thumb = imagecreatetruecolor($thumbnail_width,$thumbnail_height);
			imagecopyresampled($thumb,$process,0,0,($x_mid - ($thumbnail_width / 2)),0,$thumbnail_width,
				$thumbnail_height,$thumbnail_width,$thumbnail_height);
			imagejpeg($thumb,$filename,80);
			return $thumb;
		}
		ccthumb($destination,'maxthumb/'.$new_image,300,250);
		ccthumb($destination,'minthumb/'.$new_image,144,82);
	}
        @$_SESSION["reloadse"] = $cuniver;
        $time = date("Y-m-d H:i:s");
        $hcta = array("onload", "onclick");
        $ycta   = array("-", "-");
        $amess = str_replace($hcta, $ycta, $amess);
        $sql = $conn->Prepare('INSERT INTO newser (univer,idblog,editor,buserid,buser,btexty,brief,badress,images,bimgs,bdate,bamess) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
        if($conn->Execute($sql,array($univer,$idblog,$editor,$kori,$usercc,$bname,$summary,$badress,$new_image,$thumbs,$time,$amess)) === false) {
                print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
        $amess = htmlspecialchars_decode($amess);
        $amess = strip_tags($amess);
        $hcta = array("<", ">", "[", "]","onload", "onclick");
        $ycta   = array("-", "-", "-", "-", "-", "-");
        $amess = str_replace($hcta, $ycta, $amess);
        $sql2 = $conn->Prepare('INSERT INTO onewse (oniver,omages,otexty,oamess) VALUES (?, ?, ?, ?)');
        if($conn->Execute($sql2,array($univer,$new_image,$bname,$amess)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
        $sql3 = $conn->Prepare('UPDATE categori SET ccount = ccount +  ? WHERE catid = ?');
        if($conn->Execute($sql3,array("1",$idblog)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
        }
	$conn->Close();
	$cname = "New Post - ".$bname."\r\nvia ".$usercc;
	$ctitle = "New Post [".$sitetitle."]";
	$headers = 'From:'.$sitemail."\r\n".'Reply-To: $ccmail'."\r\n".'X-Mailer: PHP/'. phpversion();
	mail($sitemail,$ctitle,$cname,$headers);
    ?>
<script type="text/javascript">
<!--
function delayer(){
window.location = "index.php"
}
//-->
</script>
</head>
<body onLoad="setTimeout('delayer()', 2000)">
<div id="loader"><?php echo $lang['SIGSEC'] ?><br /><br /><img src="themes/<?php echo $themes; ?>/styles/images/ajax-loader.gif" border="0"><br /></div>
<?php } else {
	$univer = date("Yhis"); ?>
<h3>New Story</h3>
<form action="post.php" enctype="multipart/form-data" method="post">
<?php echo $lang['POSTCAT']; ?>:<br />
<input type="hidden" name="univer" value="<?php echo $univer; ?>" />
<?php if($aval == false) {
		echo "$lang[POSTNOCAT].</br /></div>";
		$smarty->display('footer.php');
		die();
	}
	$smarty->display('submit_tree.php');
	@$incname = $_POST['incname'];
	if($incname == true) {
		@$url = addslashes($incname);
		if(!preg_match("/^[a-zA-Z]+[:\/\/]+[A-Za-z0-9\-_]+\\.+[A-Za-z0-9\.\/%&=\?\-_+]+$/i",
			$url)) {
			echo "$lang[BOOKERR3]";
			echo "</div>";
			$smarty->display('footer.php');
			die();
		}
		if(strlen($url) < 8) {
			echo "<center>Field must be at least 8 characters long:<a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></center></div>";
			$smarty->display('footer.php');
			die();
		}
		if(strlen($url) > 220) {
			echo "<center>Max Characters Field: 220<a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></center></div>";
			$smarty->display('footer.php');
			die();
		}
		/**
		 * getUrlData()
		 * 
		 * @param mixed $url
		 * @return
		 */
		function getUrlData($url) {
			$result = false;
			$contents = getUrlContents($url);
			if(isset($contents) && is_string($contents)) {
				$title = null;
				$metaTags = null;
				preg_match('/<title>([^>]*)<\/title>/si',$contents,$match);
				if(isset($match) && is_array($match) && count($match) > 0) {
					$title = strip_tags($match[1]);
				}
				preg_match_all('/<[\s]*meta[\s]*name="?'.'([^>"]*)"?[\s]*'.
					'[lang="]*[^>"]*["]*'.'[\s]*content="?([^>"]*)"?[\s]*[\/]?[\s]*>/si',$contents,
					$match);
				if(isset($match) && is_array($match) && count($match) == 3) {
					$originals = $match[0];
					$names = $match[1];
					$values = $match[2];
					if(count($originals) == count($names) && count($names) == count($values)) {
						$metaTags = array();
						for($i = 0,$limiti = count($names); $i < $limiti; $i++) {
							$metaname = strtolower($names[$i]);
							$metaname = str_replace("'",'',$metaname);
							$metaname = str_replace("/",'',$metaname);
							$metaTags[$metaname] = array('html' => htmlentities($originals[$i]),'value' => $values[$i]);
						}
					}
				}
				if(sizeof($metaTags) == 0) {
					preg_match_all('/<[\s]*meta[\s]*content="?'.'([^>"]*)"?[\s]*'.
						'[lang="]*[^>"]*["]*'.'[\s]*name="?([^>"]*)"?[\s]*[\/]?[\s]*>/si',$contents,$match);
					if(isset($match) && is_array($match) && count($match) == 3) {
						$originals = $match[0];
						$names = $match[2];
						$values = $match[1];
						if(count($originals) == count($names) && count($names) == count($values)) {
							$metaTags = array();
							for($i = 0,$limiti = count($names); $i < $limiti; $i++) {
								$metaname = strtolower($names[$i]);
								$metaname = str_replace("'",'',$metaname);
								$metaname = str_replace("/",'',$metaname);
								$metaTags[$metaname] = array('html' => htmlentities($originals[$i]),'value' => $values[$i]);
							}
						}
					}
				}
				$result = array('title' => $title,'metaTags' => $metaTags);
			}
			return $result;
		}
		/**
		 * getUrlContents()
		 * 
		 * @param mixed $url
		 * @param mixed $maximumRedirections
		 * @param integer $currentRedirection
		 * @return
		 */
		function getUrlContents($url,$maximumRedirections = null,$currentRedirection = 0) {
			$result = false;
			$contents = @file_get_contents($url);
			if(isset($contents) && is_string($contents)) {
				preg_match_all('/<[\s]*meta[\s]*http-equiv="?REFRESH"?'.'[\s]*content="?[0-9]*;[\s]*URL[\s]*=[\s]*([^>"]*)"?'.
					'[\s]*[\/]?[\s]*>/si',$contents,$match);
				if(isset($match) && is_array($match) && count($match) == 2 && count($match[1]) ==
					1) {
					if(!isset($maximumRedirections) || $currentRedirection < $maximumRedirections) {
						return getUrlContents($match[1][0],$maximumRedirections,++$currentRedirection);
					}
					$result = false;
				} else {
					$result = $contents;
				}
			}
			return $contents;
		}
		$Domain = $url;
		$result = getUrlData($Domain);
		if($result['title'] == "") {
			$title = $lang['POSTNODAT'];
			echo "<br />$lang[POSTNODAT]";
			die();
		} else {
			$title = $result['title'];
		}
		if(@$result['metaTags']['description']['value'] == "") {
			$description = $lang['POSTNODAT'];
		} else {
			$description = $result['metaTags']['description']['value'];
		}
		if(@$result['metaTags']['keywords']['value'] == "") {
			$keywords = $lang['POSTNODAT'];
		} else {
			$keywords = $result['metaTags']['keywords']['value'];
		} ?>
<input type="hidden" name="badress" value="<?php echo $incname; ?>" />
<br /><br /><?php echo $lang['POSTURL']; ?>: 
<?php echo $url; ?><br />
<br /><?php echo $lang['BOOKFIELD1']; ?>:<br />
<input type="text" name="bname" value="<?php echo $title; ?>" class="incc" />
<br />
<br />
<?php echo $lang['POSTSUM']; ?>:
<br />
<input type="text" name="summary"  class="incc" />
<br />
<br />
<?php } else { ?>
<input type="hidden" name="badress" value="0" class="incc" />
<br /><br />
<?php echo $lang['BOOKFIELD1']; ?>:
<br />
<input type="text" name="bname" class="incc" />
<br />
<br />
<?php echo $lang['POSTSUM']; ?>:
<br />
<input type="text" name="summary" class="incc" />
<br />
<br />
<?php } ?>
<?php echo $lang['POSTIMG']; ?>:
<br />
<input type="file" name="image" />
<br />
<br />
<?php echo $lang['POSTDES']; ?>:
<br />
<br />
<textarea name="amess" class="incc"></textarea><br /><br />
<input class="buton" type="submit" value="<?php echo $lang['LINKSUB']; ?>" name="query" />
</form>
<br />
<br />
<?php } ?>
</div>
<?php
$smarty->display('footer.php');
$arecordSet->Close();
$conn->Close();
######################################
##post.php                    4.1.4.##
######################################
?>
Return current item: PHP Enter