Mini Shell Moded By TiGER HeX

/mnt/volume_sfo2_01/50mmla/forumReply.php

<?php
include_once('includes/static/configure.php');
include_once('includes/static/util.php');
include_once('includes/static/dbcon.php');
include_once('includes/static/gdimg.php');
include_once('includes/static/sessions.php');
include_once('includes/appTop.php');
?>
<?
if(!is_authorized()){
   header("Location: login.php?refurl=".urlencode($_SERVER['REQUEST_URI']));
   exit();
}
if(is_banned()){
   header("Location: banned.php");
   exit();
}
$topic_id = 0;
if(isset($_REQUEST['topicId'])){
   $topic_id = $_REQUEST['topicId'];
}
$pgnum = 1;
if(isset($_REQUEST['pgnum'])){
   $pgnum = $_REQUEST['pgnum'];
}
$html_msg = "";
if(isset($_REQUEST['reply'])){
   $body = apply_filter($_REQUEST['body']);
   $cur_file = $_FILES['file']['name'];
   $cur_temp = $_FILES['file']['tmp_name'];
   $cur_mime = $_FILES['file']['type'];
   $cur_size = $_FILES['file']['size'];
   $cur_error = $_FILES['file']['error'];
   $uid = $_SESSION['user_id'];

//store image
	$upload_error = false;
	$unique_name = "";
	if(!empty($cur_file)){
		$valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,FORUM_MAX_KB);
		if($valid['result']){
		    $type = explode("/",$cur_mime);
		    $cur_type = trim($type[0]);
		    $unique_name = get_unique_filename($cur_file);

$image_info = getimagesize($cur_temp);
			//create image resource
			$gd = new gd_img($cur_mime,$cur_temp);
			if(!$gd->img_id){ die($gd->gd_error);}

//check to see if thumb image needs resizing
			if(($image_info[0] > FORUM_THUMB_WIDTH) || ($image_info[1] > FORUM_THUMB_HEIGHT)){
				//resize
				$id_t = $gd->gd_scale_img(FORUM_THUMB_WIDTH,FORUM_THUMB_WIDTH,IMG_QUALITY);
				if(!$id_t){ die($gd->gd_error);}
				$res = $gd->gd_create_img($id_t,ROOT_DIR.FORUM_SIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}else{
                //don't resize
				$res = $gd->gd_create_img($gd->img_id,ROOT_DIR.FORUM_SIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}

//create watermark image
			$w_type = getimagesize(WATERMARK_FILE);
			$gdw = new gd_img($w_type['mime'],WATERMARK_FILE);
			if(!$gdw->img_id){ die($gdw->gd_error);}

//check to see if full size image needs resizing
			if(($image_info[0] > FORUM_IMG_WIDTH) || ($image_info[1] > FORUM_IMG_HEIGHT)){
				//scale image
				$id = $gd->gd_scale_img(FORUM_IMG_WIDTH,FORUM_IMG_WIDTH,IMG_QUALITY);
				if(!$id){ die($gd->gd_error);}

//apply watermark
				$res = $gd->gd_merge_ids($id,$gdw->img_id);
				if(!$res){ die($gd->gd_error);}

//create scaled image
				$res = $gd->gd_create_img($id,ROOT_DIR.FORUM_LIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}else{
                $id = $gd->img_id;

//apply watermark
				$res = $gd->gd_merge_ids($id,$gdw->img_id);
				if(!$res){ die($gd->gd_error);}

//create full image
				$res = $gd->gd_create_img($gd->img_id,ROOT_DIR.FORUM_LIMG_DIR.$unique_name);
				if(!$res){ die($gd->gd_error);}
			}
		}else{
            $html_msg ="<div class=\"error\">".$valid['error']."</div>";
			$upload_error = true;
		}
	}

if(!$upload_error){
		//store reply body
		$body = get_html_text($body);
		$sql = "INSERT INTO 50mm_forum_replies (user_id,topic_id,body,image,entry_time) VALUES ('$uid','$topic_id','$body','$unique_name',NOW())";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}
		$sql = "UPDATE 50mm_forum_topics SET last_reply=NOW() WHERE topic_id='$topic_id'";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}

$sql = "SELECT LAST_INSERT_ID() AS reply_id";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}
		$row = $db->sql_fetchrow($result);
        $reply_id = $row['reply_id'];

/*
        $topic_id = $topic_id;

$ip = get_client_ip();
        $sess_id = session_id();

$sql = "INSERT INTO 50mm_hack (user_id,user_id_sess,session_id,username,ip,topic_id,reply_id,forum_type,entry_time) VALUES ('$uid','".$_SESSION['user_id']."','$sess_id','".$_SESSION['username']."','$ip','$topic_id','$reply_id','reply',NOW())";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}
*/
		$url = append_query("forums.php","topicId",$topic_id);
	    $url = append_query($url,"pgnum",$pgnum);
		header("Location: $url");
		exit();
	}
}
$pg_name = basename($_SERVER['PHP_SELF']);
include_once('includes/header.php');

//content
$sql = "SELECT page_body FROM 50mm_pages WHERE page_name ='forums'";
if( !($result = $db->sql_query($sql)) ){
   $sql_error = $db->sql_error();
   die($sql_error['message']);
}
$row = $db->sql_fetchrow($result);
echo stripslashes($row['page_body']);
?>

<table border="0" cellspacing="0" cellpadding="0">
  <tr valign="top">
    <td>
	   <?
	    include_once('includes/forumNav.php');
	    include_once('includes/forumTopics.php');
		
	   ?>
	   <br>

	 </td>
    <td width="20">&nbsp;</td>
    <td>
	  <img src="images/spacer.gif" height="45"><br>
	  
		<script>
		divs = new Array('body');
		</script>
		<form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,divs,'forumError');">
		<table cellspacing="0" cellpadding="4" border="0">
		   <tr>
			  <td>Image</td>
			  <td><input type="file" name="file" class="field"></td>
		   </tr>
		   <tr>
			  <td>Body<span id="errbody" class="error" style="visibility:hidden;"> *</span></td>
			  <td><textarea name="body" class="body" style="width: 350px; height: 200px;"></textarea></td>
		   </tr>
		   <tr>
			  <td colspan="2" align="center">
							<table width="250" border="0" cellspacing="2" cellpadding="0">
								<tr>
									<td>By clicking the &quot;Post Reply&quot; button you agree that your message does not contain inciteful comments, pornographic imagery, threats, personal information, or irrelevant content. Failure to comply may lead to expulsion from the forum and loss of membership. <h1>WARNING: IF YOU POST PORNOGRAPHY OR PERSONAL INFO. YOU WILL GET THE BOOT. NO SECOND CHANCES</H1>If you get the boot, be sure to cancel your subscription. We do not cancel subscriptions for you. <br>
										<br>
									</td>
								</tr>
							</table>
							<input name="reply" type="submit" value="Post Reply" class="button">
							<div id="forumError" class="error" style="visibility:hidden;">Please correct the fields marked by *</div>
			  </td>
		   </tr>
		</table>
		<input type="hidden" name="topicId" value="<?echo $topic_id?>">
		<input type="hidden" name="pgnum" value="<?echo $pgnum?>">
		<div class="error"><?echo $html_msg?></div>
		</form>
	   
	</td>
  </tr>
</table>
<br>
<?
include_once('includes/onlineUsers.php');
include_once('includes/footer.php');
include_once('includes/appBottom.php');
?>