Mini Shell Moded By TiGER HeX

/mnt/volume_sfo2_01/50mmla/forumCreate.php

<?php
include_once('includes/static/configure.php');
include_once('includes/static/util.php');
include_once('includes/static/dbcon.php');
include_once('includes/static/gdimg.php');
include_once('includes/static/sessions.php');
include_once('includes/appTop.php');
?>
<?
if(!is_authorized()){
   header("Location: login.php?refurl=".urlencode($_SERVER['REQUEST_URI']));
   exit();
}
if(is_banned()){
   header("Location: banned.php");
   exit();
}
$topic_id = 0;
if(isset($_REQUEST['topicId'])){
   $topic_id = $_REQUEST['topicId'];
}
$pgnum = 1;
if(isset($_REQUEST['pgnum'])){
   $pgnum = $_REQUEST['pgnum'];
}
$html_msg = "";
if(isset($_REQUEST['create'])){
   $body = apply_filter($_REQUEST['body']);
   $title = apply_filter($_REQUEST['title']);
   $cur_file = $_FILES['file']['name'];
   $cur_temp = $_FILES['file']['tmp_name'];
   $cur_mime = $_FILES['file']['type'];
   $cur_size = $_FILES['file']['size'];
   $cur_error = $_FILES['file']['error'];
   $uid = $_SESSION['user_id'];

//store image
   	$upload_error = false;
	$unique_name = "";
	if(!empty($cur_file)){
		$valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,FORUM_MAX_KB);
		if($valid['result']){
		    $type = explode("/",$cur_mime);
		    $cur_type = trim($type[0]);
		    $unique_name = get_unique_filename($cur_file);

$image_info = getimagesize($cur_temp);
			//create image resource
			$gd = new gd_img($cur_mime,$cur_temp);
			if(!$gd->img_id){ die($gd->gd_error);}

//check to see if thumb image needs resizing
			if(($image_info[0] > FORUM_THUMB_WIDTH) || ($image_info[1] > FORUM_THUMB_HEIGHT)){
				//resize
				$id_t = $gd->gd_scale_img(FORUM_THUMB_WIDTH,FORUM_THUMB_WIDTH,IMG_QUALITY);
				if(!$id_t){ die($gd->gd_error);}
				$res = $gd->gd_create_img($id_t,ROOT_DIR.FORUM_SIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}else{
                //don't resize
				$res = $gd->gd_create_img($gd->img_id,ROOT_DIR.FORUM_SIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}

//create watermark image
			$w_type = getimagesize(WATERMARK_FILE);
			$gdw = new gd_img($w_type['mime'],WATERMARK_FILE);
			if(!$gdw->img_id){ die($gdw->gd_error);}

//check to see if full size image needs resizing
			if(($image_info[0] > FORUM_IMG_WIDTH) || ($image_info[1] > FORUM_IMG_HEIGHT)){
				//scale image
				$id = $gd->gd_scale_img(FORUM_IMG_WIDTH,FORUM_IMG_WIDTH,IMG_QUALITY);
				if(!$id){ die($gd->gd_error);}

//apply watermark
				$res = $gd->gd_merge_ids($id,$gdw->img_id);
				if(!$res){ die($gd->gd_error);}

//create scaled image
				$res = $gd->gd_create_img($id,ROOT_DIR.FORUM_LIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}else{
                $id = $gd->img_id;

//apply watermark
				$res = $gd->gd_merge_ids($id,$gdw->img_id);
				if(!$res){ die($gd->gd_error);}

//create full image
				$res = $gd->gd_create_img($gd->img_id,ROOT_DIR.FORUM_LIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}
		}else{
            $html_msg ="<div class=\"error\">".$valid['error']."</div>";
			$upload_error = true;
		}
	}
	if(!$upload_error){
		//store reply body
		$body = get_html_text($body);
		$sql = "INSERT INTO 50mm_forum_topics (user_id,title,body,image,entry_time,last_reply) VALUES ('$uid','$title','$body','$unique_name',NOW(),NOW())";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}

$sql = "SELECT LAST_INSERT_ID() AS topic_id";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}
		$row = $db->sql_fetchrow($result);
		$url = append_query("forums.php","topicId",$row['topic_id']);
	    //$url = append_query($url,"pgnum",$pgnum);

/*
		$ip = get_client_ip();
        $topic_id = $row['topic_id'];
		$reply_id = 0;
        $sess_id = session_id();

$sql = "INSERT INTO 50mm_hack (user_id,user_id_sess,session_id,username,ip,topic_id,reply_id,forum_type,entry_time) VALUES ('$uid','".$_SESSION['user_id']."','$sess_id','".$_SESSION['username']."','$ip','$topic_id','$reply_id','topic',NOW())";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}
*/
		header("Location: $url");
		exit();
	}
}

$pg_name = basename($_SERVER['PHP_SELF']);
include_once('includes/header.php');

//content
$sql = "SELECT page_body FROM 50mm_pages WHERE page_name ='forums'";
if( !($result = $db->sql_query($sql)) ){
   $sql_error = $db->sql_error();
   die($sql_error['message']);
}
$row = $db->sql_fetchrow($result);
echo stripslashes($row['page_body']);
?>

<table border="0" cellspacing="0" cellpadding="0">
  <tr valign="top">
    <td>
	   <?
	    include_once('includes/forumNav.php');
	    include_once('includes/forumTopics.php');
		
	   ?>
	   <br>

	 </td>
    <td width="20">&nbsp;</td>
    <td>
	  <img src="images/spacer.gif" height="45"><br>
	  
		<script>
		divs = new Array('title','body');
		</script>
		<form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,divs,'errorForum');">
		<table cellspacing="0" cellpadding="4" border="0">
		   <tr>
			  <td>Image</td>
			  <td><input type="file" name="file" class="field"></td>
		   </tr>
			<tr>
			  <td>Title<span id="errtitle" class="error" style="visibility:hidden;"> *</span></td>
			  <td><input name="title" type="text" class="field"></td>
		   </tr>
		   <tr>
			  <td>Body<span id="errbody" class="error" style="visibility:hidden;"> *</span></td>
			  <td><textarea name="body" class="body" style="width: 350px; height: 200px;"></textarea></td>
		   </tr>
		   <tr>
			  <td colspan="2" align="center">
							<table width="250" border="0" cellspacing="2" cellpadding="0">
								<tr>
									<td>By clicking the &quot;Create Thread&quot; button you agree that your message does not contain inciteful comments, pornographic imagery, threats, personal information, or irrelevant content. Failure to comply may lead to expulsion from the forum and loss of membership.<br>
										<br>
									</td>
								</tr>
							</table>
							<input name="create" type="submit" value="Create Thread" class="button">
				 <div id="errorForum" class="error" style="visibility:hidden;">Please correct the fields marked by *</div>
			  </td>
		   </tr>
		</table>
		<input type="hidden" name="topicId" value="<?echo $topic_id?>">
		<input type="hidden" name="pgnum" value="<?echo $pgnum?>">
		<div class="error"><?echo $html_msg?></div>
		</form>
	   
	</td>
  </tr>
</table>
<br>
<?
include_once('includes/onlineUsers.php');
include_once('includes/footer.php');
include_once('includes/appBottom.php');
?>