Thanks.
Code: Select all
<?php
$category=$_POST['category'];
$catid = $_POST['catid'];
$subid = $_POST['subid'];
$catname = $_POST['catname'];
$subname = $_POST['subname'];
$video=$_POST['video'];
$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$postage = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['postage']));
$postage_location=$_POST['postage_location'];
$photo=$_POST['photo'];
$pic=($_FILES['photo']['name']);
$p=$_GET['p'];
if(isset($_POST['catname']))
{
$catname = $_POST['catname'];
$_SESSION['catname']=$catname;
} else { $catname=$_SESSION['catname'];}
if(isset($_POST['subname']))
{
$subname = $_POST['subname'];
$_SESSION['subname']=$subname;
} else { $subname=$_SESSION['subname'];}
if(isset($_POST['catid']))
{
$catid = $_POST['catid'];
$_SESSION['catid']=$catid;
} else { $catid=$_SESSION['catid'];}
if(isset($_POST['subid']))
{
$subid = $_POST['subid'];
$_SESSION['subid']=$subid;
} else { $subid=$_SESSION['subid'];}
if(isset($_POST['title'])) {
$title = $_POST['title'];
$title = str_replace("'", '', $title);
$_SESSION['title']=$title;
}
else { $title=$_SESSION['title'];}
if(isset($_POST['description']))
{
$description = str_replace("'", '', $description);
$_SESSION['description']=$description;
} else { $description=$_SESSION['description'];}
if(isset($_POST['video']))
{
$video = $_POST['video'];
$_SESSION['video']=$video;
} else { $video=$_SESSION['video'];}
if(isset($_POST['price']))
{
$price = $_POST['price'];
$_SESSION['price']=$price;
} else { $price=$_SESSION['price'];}
if(isset($_POST['postage']))
{
$postage = $_POST['postage'];
$_SESSION['postage']=$postage;
} else { $postage=$_SESSION['postage'];}
if(isset($_POST['postage_location']))
{
$postage_location = $_POST['postage_location'];
$_SESSION['postage_location']=$postage_location;
} else { $postage_location=$_SESSION['postage_location'];}
if(isset($_FILES['photo']))
{
$photo = $_FILES['photo'];
$_SESSION['photo']=$photo;
} else { $photo=$_SESSION['photo'];}
include "dbconn.php";
$cookietype=$_COOKIE['type'];
$cookieid=$_COOKIE['userid'];
$todaydate = (date('Y-m-d'));
if ($cookietype != NULL)
{
if ($p == NULL)
{
echo "<div class='head'>Adding your product</div>
INFO HERE ON HOW TO PAY FOR THIS";
}
if ($p == "y")
{
$pp = $_GET['pp'];
if ($pp == '1')
{
$ppdate = date('Y-m-d', strtotime('+7 days'));
}
if ($pp == '4')
{
$ppdate = date('Y-m-d', strtotime('+1 year'));
}
if ($photo == NULL)
{
mysql_query("INSERT INTO products
(catid, userid, catname, subid, subname, title, description, video, price, postage, status, postage_location) VALUES
('$catid', '$cookieid', '$catname', '$subid', '$subname', '$title', '$description', '$video', '$price', '$postage', 'live', '$postage_location')") or die(mysql_error());
$newid = mysql_insert_id();
echo "
<script>
window.location.replace('index.php?page=product&product=$newid&s=$subid&c=$catid&cname=$catname&sname=$subname&menu=sub')
</script>";
}
elseif ($photo != NULL)
{
if(get_magic_quotes_gpc()) {
$input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
while(list($k, $v) = each($input)) {
foreach($v as $key => $val) {
if(!is_array($val)) {
$input[$k][$key] = stripslashes($val);
continue;
}
$input[] =& $input[$k][$key];
}
}
unset($input);
}
error_reporting(0);
$change="";
$abc="";
define ("MAX_SIZE","400");
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
$errors=0;
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$image =$_FILES["photo"]["name"];
$uploadedfile = $_FILES['photo']['tmp_name'];
if ($image)
{
$filename = stripslashes($_FILES['photo']['name']);
$extension = getExtension($_FILES['photo']['name']);
$extension = strtolower($extension);
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
$change='<div class="msgdiv">Unknown Image extension </div> ';
$errors=1;
}
else
{
$sizechange=filesize($_FILES['photo']['tmp_name']);
if ($sizechange > MAX_*1024)
{
$change='<div class="msgdiv">You have exceeded the size limit!</div> ';
$errors=1;
}
if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);
}
else if($extension=="png")
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);
}
else
{
$src = imagecreatefromgif($uploadedfile);
}
echo $scr;
list($width,$height)=getimagesize($uploadedfile);
$tmp=imagecreatetruecolor($width,$height);
$newwidth1=142;
$newheight1=($height/$width)*$newwidth1;
$tmp1=imagecreatetruecolor($newwidth1,$newheight1);
imagecopyresampled($tmp,$src,0,0,0,0,$width,$height,$width,$height);
imagecopyresampled($tmp1,$src,0,0,0,0,$newwidth1,$newheight1,$width,$height);
$pic=($_FILES['photo']['name']);
srand(time());
$random = (rand()%99999999);
$newname="$random"."$pic";
$filename = "images/productphotos/". $newname;
$filename1 = "images/productphotos/small/". $newname;
imagejpeg($tmp,$filename,100);
imagejpeg($tmp1,$filename1,100);
imagedestroy($src);
imagedestroy($tmp);
imagedestroy($tmp1);
}}
}
mysql_query("INSERT INTO products
(catid, userid, catname, subid, subname, title, description, video, price, postage, photoprimary, status, postage_location) VALUES
('$catid', '$cookieid', '$catname', '$subid', '$subname', '$title', '$description', '$video', '$price', '$postage', '$newname', 'live', '$postage_location')") or die(mysql_error());
$newid = mysql_insert_id();
}
echo "
<script>
window.location.replace('index.php?page=product&product=$newid&s=$subid&c=$catid&cname=$catname&sname=$subname&menu=sub')
</script>";
}
if ($p == "n")
{
echo "
<script>window.location.replace('index.php?page=myproducts&p=nn')
</script>";
}
}
?>