Mini Shell Moded By TiGER HeX

/mnt/volume_sfo2_01/50mmla/forumCreatenohtml030706.php

<?php
include_once('includes/static/configure.php');
include_once('includes/static/util.php');
include_once('includes/static/dbcon.php');
include_once('includes/static/gdimg.php');
include_once('includes/static/sessions.php');
include_once('includes/appTop.php');
?>
<?
if(!is_authorized()){
   header("Location: login.php?refurl=".urlencode($_SERVER['REQUEST_URI']));
   exit();
}
if(is_banned()){
   header("Location: banned.php");
   exit();
}
$topic_id = 0;
if(isset($_REQUEST['topicId'])){
   $topic_id = $_REQUEST['topicId'];
}
$pgnum = 1;
if(isset($_REQUEST['pgnum'])){
   $pgnum = $_REQUEST['pgnum'];
}
$html_msg = "";
if(isset($_REQUEST['create'])){
   $body = apply_filter($_REQUEST['body']);
   $title = apply_filter($_REQUEST['title']);
   $title = strip_tags($title);
   $body = strip_tags($body);
   $cur_file = $_FILES['file']['name'];
   $cur_temp = $_FILES['file']['tmp_name'];
   $cur_mime = $_FILES['file']['type'];
   $cur_size = $_FILES['file']['size'];
   $cur_error = $_FILES['file']['error'];
   $uid = $_SESSION['user_id'];

//store image
   	$upload_error = false;
	$unique_name = "";
	if(!empty($cur_file)){
		$valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,FORUM_MAX_KB);
		if($valid['result']){
		    $type = explode("/",$cur_mime);
		    $cur_type = trim($type[0]);
		    $unique_name = get_unique_filename($cur_file);

$image_info = getimagesize($cur_temp);
			//create image resource
			$gd = new gd_img($cur_mime,$cur_temp);
			if(!$gd->img_id){ die($gd->gd_error);}

//check to see if thumb image needs resizing
			if(($image_info[0] > FORUM_THUMB_WIDTH) || ($image_info[1] > FORUM_THUMB_HEIGHT)){
				//resize
				$id_t = $gd->gd_scale_img(FORUM_THUMB_WIDTH,FORUM_THUMB_WIDTH,IMG_QUALITY);
				if(!$id_t){ die($gd->gd_error);}
				$res = $gd->gd_create_img($id_t,ROOT_DIR.FORUM_SIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}else{
                //don't resize
				$res = $gd->gd_create_img($gd->img_id,ROOT_DIR.FORUM_SIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}

//create watermark image
			$w_type = getimagesize(WATERMARK_FILE);
			$gdw = new gd_img($w_type['mime'],WATERMARK_FILE);
			if(!$gdw->img_id){ die($gdw->gd_error);}

//check to see if full size image needs resizing
			if(($image_info[0] > FORUM_IMG_WIDTH) || ($image_info[1] > FORUM_IMG_HEIGHT)){
				//scale image
				$id = $gd->gd_scale_img(FORUM_IMG_WIDTH,FORUM_IMG_WIDTH,IMG_QUALITY);
				if(!$id){ die($gd->gd_error);}

//apply watermark
				$res = $gd->gd_merge_ids($id,$gdw->img_id);
				if(!$res){ die($gd->gd_error);}

//create scaled image
				$res = $gd->gd_create_img($id,ROOT_DIR.FORUM_LIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}else{
                $id = $gd->img_id;

//apply watermark
				$res = $gd->gd_merge_ids($id,$gdw->img_id);
				if(!$res){ die($gd->gd_error);}

//create full image
				$res = $gd->gd_create_img($gd->img_id,ROOT_DIR.FORUM_LIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}
		}else{
            $html_msg ="<div class=\"error\">".$valid['error']."</div>";
			$upload_error = true;
		}
	}
	if(!$upload_error){
		//store reply body
		$body = get_html_text($body);
		$sql = "INSERT INTO 50mm_forum_topics (user_id,title,body,image,entry_time,last_reply) VALUES ('$uid','$title','$body','$unique_name',NOW(),NOW())";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}

$sql = "SELECT LAST_INSERT_ID() AS topic_id";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}
		$row = $db->sql_fetchrow($result);
		$url = append_query("forums.php","topicId",$row['topic_id']);
	    //$url = append_query($url,"pgnum",$pgnum);

/*
		$ip = get_client_ip();
        $topic_id = $row['topic_id'];
		$reply_id = 0;
        $sess_id = session_id();

$sql = "INSERT INTO 50mm_hack (user_id,user_id_sess,session_id,username,ip,topic_id,reply_id,forum_type,entry_time) VALUES ('$uid','".$_SESSION['user_id']."','$sess_id','".$_SESSION['username']."','$ip','$topic_id','$reply_id','topic',NOW())";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}
*/
		header("Location: $url");
		exit();
	}
}

$pg_name = basename($_SERVER['PHP_SELF']);
include_once('includes/header.php');

//content
$sql = "SELECT page_body FROM 50mm_pages WHERE page_name ='forums'";
if( !($result = $db->sql_query($sql)) ){
   $sql_error = $db->sql_error();
   die($sql_error['message']);
}
$row = $db->sql_fetchrow($result);
echo stripslashes($row['page_body']);
?>

<table border="0" cellspacing="0" cellpadding="0">
  <tr valign="top">
    <td>
	   <?
	    include_once('includes/forumNav.php');
	    include_once('includes/forumTopics.php');
		
	   ?>
	   <br>

	 </td>
    <td width="20">&nbsp;</td>
    <td>
	  <img src="images/spacer.gif" height="45"><br>
	  
		<script>
		divs = new Array('title','body');
		</script>
		<form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,divs,'errorForum');">
		<table cellspacing="0" cellpadding="4" border="0">
		   <tr>
			  <td>Image</td>
			  <td><input type="file" name="file" class="field"></td>
		   </tr>
			<tr>
			  <td>Title<span id="errtitle" class="error" style="visibility:hidden;"> *</span></td>
			  <td><input name="title" type="text" class="field"></td>
		   </tr>
		   <tr>
			  <td>Body<span id="errbody" class="error" style="visibility:hidden;"> *</span></td>
			  <td><textarea name="body" class="body" style="width: 350px; height: 200px;"></textarea></td>
		   </tr>
		   <tr>
			  <td colspan="2" align="center">
				 <input name="create" type="submit" value="Create Thread" class="button">
				 <div id="errorForum" class="error" style="visibility:hidden;">Please correct the fields marked by *</div>
			  </td>
		   </tr>
		</table>
		<input type="hidden" name="topicId" value="<?echo $topic_id?>">
		<input type="hidden" name="pgnum" value="<?echo $pgnum?>">
		<div class="error"><?echo $html_msg?></div>
		</form>
	   
	</td>
  </tr>
</table>
<br>
<?
include_once('includes/onlineUsers.php');
include_once('includes/footer.php');
include_once('includes/appBottom.php');
?>