Code: Select all
<?php
if (isset($_SESSION['sid'])){
$dbsid = $_SESSION['sid'];
$dbusername = $_SESSION['username'];
$conn = include($_SERVER['DOCUMENT_ROOT']."/webadmin/library/openconndb.php");
$query = "SELECT * from userlogin WHERE username = '$dbusername'";
$result = mysql_query($query, $conn);
$userinfo = mysql_fetch_array($result);
if ($dbsid == $userinfo['sid'] && $userinfo['approved'] == 1 && $userinfo['deleted'] == 0){
if ( $userinfo['privileges'] == 'Administrator' || $userinfo['privileges'] == 'Moderator' || $userinfo['privileges'] == 'Picture Moderator' || $userinfo['privileges'] == 'Picture Account' || $userinfo['privileges'] == 'Members/Page' || $userinfo['privileges'] == 'Calendar/Events'){
if (isset($_POST['formid']) && $_POST['formid'] == $_SESSION['formid']){
$file_upload = "true";
$msg = " ";
if($_FILES['userfile']['size'] > 8388608){
$msg="Your uploaded file size is more than 8mb so please reduce the file size and try again. Visit the help page to learn more about this.<br>";
$file_upload="false";
}
if(!($_FILES['userfile']['type'] == "image/pjpeg" || $_FILES['userfile']['type'] == "image/jpeg" || $_FILES['userfile']['type'] == "image/gif")){
$msg = $msg."Your uploaded file needs to be a JPEG or a GIF. Other file types are not allowed.<br>";
$file_upload="false";
}
if($file_upload == "true"){
$random = mt_rand(10000000, 99999999);
if($_FILES['userfile']['type']=="image/gif"){
$add = "upload/".$random.".gif"; //path to be stored
$addsrc = $_FILES['userfile']['tmp_name'];
}elseif($_FILES['userfile']['type']=="image/pjpeg" || $_FILES['userfile']['type']=="image/jpeg"){
$add = "upload/".$random.".jpeg"; //path to be stored
$addsrc = $_FILES['userfile']['tmp_name'];
}
$n_width = 1024;
$n_height = 1024;
if($_FILES['userfile']['type']=="image/gif"){
$resize = "upload/".$random.".gif"; //path to be stored
$resizesrc = "../".$resize;
}elseif($_FILES['userfile']['type']=="image/pjpeg" || $_FILES['userfile']['type']=="image/jpeg"){
$resize = "upload/".$random.".jpeg"; //path to be stored
$resizesrc = "../".$resize;
}
if($_FILES['userfile']['type']=="image/gif"){
$im = imagecreatefromgif($addsrc);
}elseif($_FILES['userfile']['type']=="image/pjpeg" || $_FILES['userfile']['type']=="image/jpeg"){
$im = imagecreatefromjpeg($addsrc);
}
$width = imagesx($im);
$height = imagesy($im);
if($width > $n_width || $height > $n_height){
if($height > $width){
$ratio = $n_height/$height;
$n_width = $ratio*$width;
}elseif($width > $height){
$ratio = $n_width/$width;
$n_height = $ratio*$height;
}
}else{
$n_width = $width;
$n_height = $height;
}
$newimage = imagecreatetruecolor($n_width, $n_height);
imagecopyresized($newimage,$im,0,0,0,0,$n_width,$n_height,$width,$height);
if($_FILES['userfile']['type']=="image/gif"){
imagegif($newimage, $resizesrc);
}elseif($_FILES['userfile']['type']=="image/pjpeg" || $_FILES['userfile']['type']=="image/jpeg"){
imagejpeg($newimage, $resizesrc);
}
print "Thanks for uploading your file. Your picture has been submited for review by the moderators and will be approved shortly.";
chmod($resizesrc,0777);
$n_width = 150;
$n_height = 150;
if($_FILES['userfile']['type']=="image/gif"){
$tsrc = "thimg/".$random.".gif"; //path to be stored
$tstoresrc = "../".$tsrc;
}elseif($_FILES['userfile']['type']=="image/pjpeg" || $_FILES['userfile']['type']=="image/jpeg"){
$tsrc = "thimg/".$random.".jpeg"; //path to be stored
$tstoresrc = "../".$tsrc;
}
if($_FILES['userfile']['type']=="image/gif"){
$im = imagecreatefromgif($addsrc);
}elseif($_FILES['userfile']['type']=="image/pjpeg" || $_FILES['userfile']['type']=="image/jpeg"){
$im = imagecreatefromjpeg($addsrc);
}
$width = imagesx($im);
$height = imagesy($im);
if($height > $width){
$ratio = $n_height/$height;
$n_width = $ratio*$width;
}elseif($width > $height){
$ratio = $n_width/$width;
$n_height = $ratio*$height;
}
$newimage = imagecreatetruecolor($n_width, $n_height);
imagecopyresized($newimage,$im,0,0,0,0,$n_width,$n_height,$width,$height);
if($_FILES['userfile']['type']=="image/gif"){
imagegif($newimage, $tstoresrc);
}elseif($_FILES['userfile']['type']=="image/pjpeg" || $_FILES['userfile']['type']=="image/jpeg"){
imagejpeg($newimage, $tstoresrc);
}
$cleanname = mysql_real_escape_string($_POST['name']);
$cleandescription = mysql_real_escape_string($_POST['description']);
$cleancategoryid = mysql_real_escape_string($_POST['categoryid']);
$cleanimage = $add;
$cleanthumb = $tsrc;
$cleanuploader = $_SESSION['username'];
$timestamp = mktime();
$query = "INSERT INTO picture_database (`name`, `description`, `categoryid`, `imagelocation`, `thumblocation`, `uploader`, `timestamp`, `approved`) VALUES ('$cleanname', '$cleandescription', '$cleancategoryid', '$cleanimage', '$cleanthumb', '$cleanuploader', '$timestamp', '1')";
$result = mysql_query($query, $conn);
}else{
print "The following errors were encountered while uploading your photo:".$msg;
}
}elseif(!isset($_POST['formid'])){
?>
<h1>Submit a Picture</h1>
<table border=0>
<tr>
<form action="index.php?pageid=addpicture" method="POST" enctype="multipart/form-data">
<td>
Name:
</td><td>
<input type="text" name="name" value="" size="25" maxlength="25" />
</td></tr>
<tr><td>
Description:
</td><td>
<input type="text" name="description" value="" size="25" maxlength="200" />
</td></tr>
<tr><td>
File:
<br>(Must be smaller then 8Mb)
</td><td>
<input type="file" name="userfile">
<input type="hidden" name="formid" value="<?php $formid = sha1(md5(mt_rand(100000, 999999))); $_SESSION['formid'] = $formid; print $formid; ?>" />
<input type="hidden" name="categoryid" value=<?php print $_REQUEST['catid'];?> />
</td></tr>
<tr><td colspan=2>
<center>
<input type="submit" value="Submit Picture" />
</center>
</form>
</td></tr></table>
<?php
}
}else{
print "You do not have sufficient privileges to access this area";
}
}else{
print "Your session has timed out or failed.<br /> Please <a href=\"login.php\">Login</a> again.";
}
}else{
print "Your login has expired<br /> \n Please <a href=\"login.php\">login</a> again \n ";
}
?>