<?php @session_start();
/* * ********************************************************************
* Copyright notice PHP Enter 4.1.6.
*
* (c) 2011 Predrag Rukavina - admin[at]phpenter[dot]net
* All rights reserved
*
* This script is part of the PHP Enter project.
* The PHP Enter project is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*
* This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
include ('settings.php');
require_once ('languages/lang_'.$langs.'.php');
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin'])
{
die();
}
if (!$_SESSION['inecsess'])
{
die();
}
$arecordSet =&$conn->Execute('SELECT * FROM categori ORDER BY name ASC');
if (!$arecordSet)
print $conn->ErrorMsg();
else
while (!$arecordSet->EOF) {
if ($arecordSet->fields['cord'] == 0) {
$aval[] = $arecordSet->fields;
} else {
$nval[] = $arecordSet->fields;
}
$arecordSet->MoveNext();
}
$smarty->assign('categori',$aval);
$smarty->assign('subcat', @$nval);
if($editortrue == 2) {
$smarty->display('submit.php');
}
if($editortrue == 1) {
$smarty->display('submit1.php');
}
$shouter = @$_SESSION['INC_USER_ID'];
$drecordSet = &$conn->Execute('SELECT * FROM users WHERE usid = ? LIMIT 1', array($shouter));
if(!$drecordSet)
print $conn->ErrorMsg();
else
while(!$drecordSet->EOF) {
$priv = $drecordSet->fields['privilege'];
$kori = $drecordSet->fields['usid'];
$usercc = $drecordSet->fields['username'];
$thumbs = $drecordSet->fields['thumbs'];
if($priv == 1) {
echo "<div id=\"error\">".$lang['MUSTPR']." ".$lang['MUSTCO']." <a href=\"mailto:".$sitemail."\">".
$lang['MUSTWE']."</a> ".$lang['MUSTSI']."</div></div>";
$smarty->display('footer.php');
die();
}
$drecordSet->MoveNext();
}
if(isset($_POST['query'])) {
if($editortrue == 2) {
$editor = '2';
}
if($editortrue == 1) {
$editor = '1';
}
$cuniver = $_POST['bname'];
$current_image = $_FILES['image']['name'];
$extension = substr(strrchr($current_image,'.'),1);
$time = date("Yhis");
if(get_magic_quotes_gpc()) {
$univer = stripslashes($_POST['univer']);
$idblog = stripslashes($_POST['idblog']);
$bname = stripslashes($_POST['bname']);
$summary = stripslashes($_POST['summary']);
$badress = stripslashes($_POST['badress']);
$amess = stripslashes($_POST['amess']);
$amess = htmlspecialchars($amess);
} else {
$univer = $_POST['univer'];
$idblog = $_POST['idblog'];
$bname = $_POST['bname'];
$summary = $_POST['summary'];
$badress = $_POST['badress'];
$amess = $_POST['amess'];
$amess = htmlspecialchars($amess);
}
if(@$_SESSION["reloadse"] == $cuniver) {
echo "$lang[BOOKERR9].</div>";
$smarty->display('footer.php');
die();
}
if(preg_match("/</",$bname)) {
echo "$lang[INVALIDCHAR] '<' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
if(preg_match("/]/",$bname)) {
echo ">$lang[INVALIDCHAR] '[' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
if(preg_match("/</",$summary)) {
echo "$lang[INVALIDCHAR] '<' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
if(preg_match("/]/",$summary)) {
echo ">$lang[INVALIDCHAR] '[' <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
if(strlen($bname) < 3) {
echo "$lang[POSTERR1] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
if(strlen($bname) > 250) {
echo "$lang[POSTERR2] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
if(strlen($summary) > 430) {
echo "$lang[POSTERR4] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
if(strlen($amess) < 10) {
echo "$lang[POSTERR3] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
if(strlen($amess) > $maxposting) {
echo "Error [23] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
$blacklist = array(".msi",".exe",".php",".phtml",".php3",".php4",".js",".shtml",
".pl",".py",".tpl",".zip",".gzip",".tar"," ");
foreach($blacklist as $file) {
if(preg_match("/$file\$/i",$_FILES['image']['name'])) {
echo "$lang[POSTERR5]\n</div>";
$smarty->display('footer.php');
die();
}
}
if($_FILES['image']['name'] == "") {
$new_image = "";
} else {
if(($extension !== "jpg" && $extension !== "jpeg")) {
echo "$lang[POSTERR6] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div>";
$smarty->display('footer.php');
die();
}
$time = date("Yhis");
$new_image = $time.".".$extension;
$destination = "uploads/".$new_image;
$action = copy($_FILES['image']['tmp_name'],$destination);
/**
* ccthumb()
*
* @param mixed $imgSrc
* @param mixed $filename
* @param mixed $thumbnail_width
* @param mixed $thumbnail_height
* @return
*/
function ccthumb($imgSrc,$filename,$thumbnail_width,$thumbnail_height) {
list($width_orig,$height_orig) = getimagesize($imgSrc);
if($width_orig > 1280 || $height_orig > 1280) {
echo "$lang[POSTERR7]</div>";
exit();
}
$tag = explode('.',$imgSrc);
if(preg_match('/jpg|jpeg/',$tag[1])) {
if(@$cimage = imagecreatefromjpeg($imgSrc) == true) {
$cimage = imagecreatefromjpeg($imgSrc);
} else {
echo "</div>";
$smarty->display('footer.php');
die("wrong file");
}
}
$ratio_orig = $width_orig / $height_orig;
if($thumbnail_width / $thumbnail_height > $ratio_orig) {
$new_height = $thumbnail_width / $ratio_orig;
$new_width = $thumbnail_width;
} else {
$new_width = $thumbnail_height * $ratio_orig;
$new_height = $thumbnail_height;
}
$x_mid = $new_width / 2;
$y_mid = $new_height / 2;
$process = imagecreatetruecolor(round($new_width),round($new_height));
imagecopyresampled($process,$cimage,0,0,0,0,$new_width,$new_height,$width_orig,
$height_orig);
$thumb = imagecreatetruecolor($thumbnail_width,$thumbnail_height);
imagecopyresampled($thumb,$process,0,0,($x_mid - ($thumbnail_width / 2)),0,$thumbnail_width,
$thumbnail_height,$thumbnail_width,$thumbnail_height);
imagejpeg($thumb,$filename,80);
return $thumb;
}
ccthumb($destination,'maxthumb/'.$new_image,300,250);
ccthumb($destination,'minthumb/'.$new_image,144,82);
}
@$_SESSION["reloadse"] = $cuniver;
$time = date("Y-m-d H:i:s");
$hcta = array("onload", "onclick");
$ycta = array("-", "-");
$amess = str_replace($hcta, $ycta, $amess);
$sql = $conn->Prepare('INSERT INTO newser (univer,idblog,editor,buserid,buser,btexty,brief,badress,images,bimgs,bdate,bamess) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
if($conn->Execute($sql,array($univer,$idblog,$editor,$kori,$usercc,$bname,$summary,$badress,$new_image,$thumbs,$time,$amess)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$amess = htmlspecialchars_decode($amess);
$amess = strip_tags($amess);
$hcta = array("<", ">", "[", "]","onload", "onclick");
$ycta = array("-", "-", "-", "-", "-", "-");
$amess = str_replace($hcta, $ycta, $amess);
$sql2 = $conn->Prepare('INSERT INTO onewse (oniver,omages,otexty,oamess) VALUES (?, ?, ?, ?)');
if($conn->Execute($sql2,array($univer,$new_image,$bname,$amess)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$sql3 = $conn->Prepare('UPDATE categori SET ccount = ccount + ? WHERE catid = ?');
if($conn->Execute($sql3,array("1",$idblog)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$conn->Close();
$cname = "New Post - ".$bname."\r\nvia ".$usercc;
$ctitle = "New Post [".$sitetitle."]";
$headers = 'From:'.$sitemail."\r\n".'Reply-To: $ccmail'."\r\n".'X-Mailer: PHP/'. phpversion();
mail($sitemail,$ctitle,$cname,$headers);
?>
<script type="text/javascript">
<!--
function delayer(){
window.location = "index.php"
}
//-->
</script>
</head>
<body onLoad="setTimeout('delayer()', 2000)">
<div id="loader"><?php echo $lang['SIGSEC'] ?><br /><br /><img src="themes/<?php echo $themes; ?>/styles/images/ajax-loader.gif" border="0"><br /></div>
<?php } else {
$univer = date("Yhis"); ?>
<h3>New Story</h3>
<form action="post.php" enctype="multipart/form-data" method="post">
<?php echo $lang['POSTCAT']; ?>:<br />
<input type="hidden" name="univer" value="<?php echo $univer; ?>" />
<?php if($aval == false) {
echo "$lang[POSTNOCAT].</br /></div>";
$smarty->display('footer.php');
die();
}
$smarty->display('submit_tree.php');
@$incname = $_POST['incname'];
if($incname == true) {
@$url = addslashes($incname);
if(!preg_match("/^[a-zA-Z]+[:\/\/]+[A-Za-z0-9\-_]+\\.+[A-Za-z0-9\.\/%&=\?\-_+]+$/i",
$url)) {
echo "$lang[BOOKERR3]";
echo "</div>";
$smarty->display('footer.php');
die();
}
if(strlen($url) < 8) {
echo "<center>Field must be at least 8 characters long:<a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></center></div>";
$smarty->display('footer.php');
die();
}
if(strlen($url) > 220) {
echo "<center>Max Characters Field: 220<a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></center></div>";
$smarty->display('footer.php');
die();
}
/**
* getUrlData()
*
* @param mixed $url
* @return
*/
function getUrlData($url) {
$result = false;
$contents = getUrlContents($url);
if(isset($contents) && is_string($contents)) {
$title = null;
$metaTags = null;
preg_match('/<title>([^>]*)<\/title>/si',$contents,$match);
if(isset($match) && is_array($match) && count($match) > 0) {
$title = strip_tags($match[1]);
}
preg_match_all('/<[\s]*meta[\s]*name="?'.'([^>"]*)"?[\s]*'.
'[lang="]*[^>"]*["]*'.'[\s]*content="?([^>"]*)"?[\s]*[\/]?[\s]*>/si',$contents,
$match);
if(isset($match) && is_array($match) && count($match) == 3) {
$originals = $match[0];
$names = $match[1];
$values = $match[2];
if(count($originals) == count($names) && count($names) == count($values)) {
$metaTags = array();
for($i = 0,$limiti = count($names); $i < $limiti; $i++) {
$metaname = strtolower($names[$i]);
$metaname = str_replace("'",'',$metaname);
$metaname = str_replace("/",'',$metaname);
$metaTags[$metaname] = array('html' => htmlentities($originals[$i]),'value' => $values[$i]);
}
}
}
if(sizeof($metaTags) == 0) {
preg_match_all('/<[\s]*meta[\s]*content="?'.'([^>"]*)"?[\s]*'.
'[lang="]*[^>"]*["]*'.'[\s]*name="?([^>"]*)"?[\s]*[\/]?[\s]*>/si',$contents,$match);
if(isset($match) && is_array($match) && count($match) == 3) {
$originals = $match[0];
$names = $match[2];
$values = $match[1];
if(count($originals) == count($names) && count($names) == count($values)) {
$metaTags = array();
for($i = 0,$limiti = count($names); $i < $limiti; $i++) {
$metaname = strtolower($names[$i]);
$metaname = str_replace("'",'',$metaname);
$metaname = str_replace("/",'',$metaname);
$metaTags[$metaname] = array('html' => htmlentities($originals[$i]),'value' => $values[$i]);
}
}
}
}
$result = array('title' => $title,'metaTags' => $metaTags);
}
return $result;
}
/**
* getUrlContents()
*
* @param mixed $url
* @param mixed $maximumRedirections
* @param integer $currentRedirection
* @return
*/
function getUrlContents($url,$maximumRedirections = null,$currentRedirection = 0) {
$result = false;
$contents = @file_get_contents($url);
if(isset($contents) && is_string($contents)) {
preg_match_all('/<[\s]*meta[\s]*http-equiv="?REFRESH"?'.'[\s]*content="?[0-9]*;[\s]*URL[\s]*=[\s]*([^>"]*)"?'.
'[\s]*[\/]?[\s]*>/si',$contents,$match);
if(isset($match) && is_array($match) && count($match) == 2 && count($match[1]) ==
1) {
if(!isset($maximumRedirections) || $currentRedirection < $maximumRedirections) {
return getUrlContents($match[1][0],$maximumRedirections,++$currentRedirection);
}
$result = false;
} else {
$result = $contents;
}
}
return $contents;
}
$Domain = $url;
$result = getUrlData($Domain);
if($result['title'] == "") {
$title = $lang['POSTNODAT'];
echo "<br />$lang[POSTNODAT]";
die();
} else {
$title = $result['title'];
}
if(@$result['metaTags']['description']['value'] == "") {
$description = $lang['POSTNODAT'];
} else {
$description = $result['metaTags']['description']['value'];
}
if(@$result['metaTags']['keywords']['value'] == "") {
$keywords = $lang['POSTNODAT'];
} else {
$keywords = $result['metaTags']['keywords']['value'];
} ?>
<input type="hidden" name="badress" value="<?php echo $incname; ?>" />
<br /><br /><?php echo $lang['POSTURL']; ?>:
<?php echo $url; ?><br />
<br /><?php echo $lang['BOOKFIELD1']; ?>:<br />
<input type="text" name="bname" value="<?php echo $title; ?>" class="incc" />
<br />
<br />
<?php echo $lang['POSTSUM']; ?>:
<br />
<input type="text" name="summary" class="incc" />
<br />
<br />
<?php } else { ?>
<input type="hidden" name="badress" value="0" class="incc" />
<br /><br />
<?php echo $lang['BOOKFIELD1']; ?>:
<br />
<input type="text" name="bname" class="incc" />
<br />
<br />
<?php echo $lang['POSTSUM']; ?>:
<br />
<input type="text" name="summary" class="incc" />
<br />
<br />
<?php } ?>
<?php echo $lang['POSTIMG']; ?>:
<br />
<input type="file" name="image" />
<br />
<br />
<?php echo $lang['POSTDES']; ?>:
<br />
<br />
<textarea name="amess" class="incc"></textarea><br /><br />
<input class="buton" type="submit" value="<?php echo $lang['LINKSUB']; ?>" name="query" />
</form>
<br />
<br />
<?php } ?>
</div>
<?php
$smarty->display('footer.php');
$arecordSet->Close();
$conn->Close();
######################################
##post.php 4.1.4.##
######################################
?>