Mini Shell Moded By TiGER HeX

/mnt/volume_sfo2_01/50mmla/submitFlickfuckedup2.php

<?php
include_once('includes/static/configure.php');
include_once('includes/static/util.php');
include_once('includes/static/dbcon.php');
include_once('includes/static/gdimg.php');
include_once('includes/static/sessions.php');
include_once('includes/appTop.php');

if(!is_authorized()){
   header("Location: login.php?refurl=".urlencode($_SERVER['REQUEST_URI']));
   exit();
}
if(is_banned()){
   header("Location: banned.php");
   exit();
}

$html_msg = "";
$story_title = "";
$story_body = "";
$add_photo = false;
if(isset($_POST['submit'])){
	$cur_file = $_FILES['file']['name'];
	$cur_temp = $_FILES['file']['tmp_name'];
	$cur_mime = $_FILES['file']['type'];
	$cur_size = $_FILES['file']['size'];
	$cur_error = $_FILES['file']['error'];
    $uid = $_SESSION['user_id'];
	$comment = $_REQUEST['comment'];
	$location = $_REQUEST['location'];
	$year= $_REQUEST['year'];
	$artist_id = $_REQUEST['artist'];
	if(empty($artist_id)){
		$artist_id = 0;
	}
	$new_artist = $_REQUEST['newArtist'];
	$valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,GALLERY_MAX_KB);
	if($valid['result']){
		$add_photo = true;
		$type = explode("/",$cur_mime);
		$cur_type = trim($type[0]);
		$unique_name = get_unique_filename($cur_file);

$gd = new gd_img($cur_mime,$cur_temp);
		if(!$gd->img_id){ die($gd->gd_error);}
        
		$good_img = true;
		//check to see if image needs resizing
		$image_info = getimagesize($cur_temp);
		if($image_info[0] < $image_info[1]){
            //portrait
			if(($image_info[1] >=PORTRAIT_TOLERENCE)  && ($image_info[1] <= PORTRAIT_HEIGHT)){
                //don't resize
				$id = $gd->img_id;
				if(!$id){ die($gd->gd_error);}
			}elseif($image_info[0] <= PORTRAIT_WIDTH){
                //don't scale up if width is undersized
				$id = $gd->img_id;
				if(!$id){ die($gd->gd_error);}
			}elseif($image_info[1] >= PORTRAIT_TOLERENCE){
				//resize image 
				$w_reduction = PORTRAIT_WIDTH/$image_info[0];
				$h_reduction = PORTRAIT_HEIGHT/$image_info[1];
                if($w_reduction < $h_reduction){
					//width is the limit. don't scale less than this
					$w = PORTRAIT_WIDTH;
					$h = round( $w_reduction*$image_info[1] );     
				}else{
					//height is the limit. don't scale less than this
					$w = round( $h_reduction *$image_info[0] );
					$h = PORTRAIT_HEIGHT;
				}
				$id = $gd->gd_scale_img($w,$h,IMG_QUALITY);
				if(!$id){ die($gd->gd_error);}
			}else{
				$good_img = false;
			}
		}else{
			//landscape 
			if(($image_info[0] >=LANDSCAPE_TOLERENCE)  && ($image_info[0] <= LANDSCAPE_WIDTH)){
                //don't scale up if witdh is undersized
				$id = $gd->img_id;
				if(!$id){ die($gd->gd_error);}
			}elseif($image_info[1] <= LANDSCAPE_HEIGHT){
                //don't scale up if height is undersized
				$id = $gd->img_id;
				if(!$id){ die($gd->gd_error);}
			}elseif($image_info[0] > LANDSCAPE_WIDTH){
                //resize image to a height of 350 or width of 700.  What ever comes first
				$w_reduction = LANDSCAPE_WIDTH/$image_info[0];
				$h_reduction = LANDSCAPE_HEIGHT/$image_info[1];
                if($h_reduction < $w_reduction){
					//width is the limit. don't scale less than this
					$w = LANDSCAPE_WIDTH;
					$h = round( $w_reduction*$image_info[1] );  
				}else{
					//height is the limit. don't scale less than this
					$w = round( $h_reduction *$image_info[0] );
					$h = LANDSCAPE_HEIGHT;
				}
				$id = $gd->gd_scale_img($w,$h,IMG_QUALITY);
				if(!$id){ die($gd->gd_error);}
			}else{
               $good_img = false;
			}
		}
        if($good_img){
			//create thumbnail
			$id_t = $gd->gd_crop_img(GALLERY_THUMB_WIDTH,GALLERY_THUMB_HEIGHT,IMG_QUALITY);
			if(!$id_t){ die($gd->gd_error);}

$res = $gd->gd_create_img($id_t,ROOT_DIR.GALLERY_SIMG_DIR.$unique_name);
			if(!$res){ die($gd->gd_error);}

//create watermark image
			$w_type = getimagesize(WATERMARK_FILE);
			$gdw = new gd_img($w_type['mime'],WATERMARK_FILE);
			if(!$gdw->img_id){ die($gdw->gd_error);}

//apply watermark
			$res = $gd->gd_merge_ids($id,$gdw->img_id);
			if(!$res){ die($gd->gd_error);}

//create image
			$res = $gd->gd_create_img($id,ROOT_DIR.GALLERY_LIMG_DIR.$unique_name);
			if(!$res){ die($gd->gd_error);}
		}else{
            $html_msg.="<div class=\"error\">The file you've attempted to add does not meet the specifed requirements. Please make sure the flick is at least 700 pixels WIDE in dimension and not more than 500k in filesize. </div>";
		}

//add new artist
		if(!empty($new_artist)){
			$sql = "SELECT artist_id FROM 50mm_artists WHERE artist_name='$new_artist'";
			if( !($result = $db->sql_query($sql)) ){
			   $sql_error = $db->sql_error();
			   die($sql_error['message']);
			}
			$row = $db->sql_fetchrow($result);
			if($db->sql_numrows($result) > 0){
                //we've got a duplicate so add the flick to this artist
				$add_photo = true;
                $artist_id = $row['artist_id'];
			}else{
				$add_photo = true;
				$sql = "INSERT INTO 50mm_artists (artist_name,location,user_id,approved,entry_time) VALUES ('$new_artist','$location','$uid',0,NOW())";
				if( !($result = $db->sql_query($sql)) ){
				   $sql_error = $db->sql_error();
				   die($sql_error['message']);
				}
				$sql = "SELECT LAST_INSERT_ID() AS artist_id";
				if( !($result = $db->sql_query($sql)) ){
				   $sql_error = $db->sql_error();
				   die($sql_error['message']);
				}
				$row = $db->sql_fetchrow($result);
				$artist_id = $row['artist_id'];
			}
	    }
	}
	if(($add_photo) && ($good_img)){
		//add photo
		$sql = "INSERT INTO 50mm_gallery (artist_id,image,user_id,comment,year_painted,location,entry_time) VALUES ('$artist_id','$unique_name','$uid','$comment','$year','$location',NOW())";
		if( !($result = $db->sql_query($sql)) ){
		   $sql_error = $db->sql_error();
		   die($sql_error['message']);
		}
		$html_msg.= "<div class=\"hilite\">Your have successfully added your flick!  Add another below.</div>";
	}else{
        $html_msg.="<div class=\"error\">Unable to store the following content $cur_file</div>";
	}
}
$pg_name = basename($_SERVER['PHP_SELF']);
include_once('includes/header.php');
?>
<?
//content
$sql = "SELECT page_body FROM 50mm_pages WHERE page_name ='submitFlick'";
if( !($result = $db->sql_query($sql)) ){
   $sql_error = $db->sql_error();
   die($sql_error['message']);
}
$row = $db->sql_fetchrow($result);
$content = stripslashes($row['page_body']);
echo $content;
?>
<br>
<?echo $html_msg;?>
<script>
count=0;
function validateFlickForm(theForm) {
	err = false;
	divs = new Array('errfile','errartist','flickError','artistError');
	for(i=0;i<divs.length;i++){
       var div = divs[i];
	   visibleOff(div);//turn off every div
	}
	if(theForm['file'].value == ""){
		err = true;visibleOn('errfile');
	}
	if((theForm['artist'].value == "")&&(theForm['newArtist'].value == "")){
		err = true;
		visibleOn('errartist');
		visibleOn('artistError');
	}

if (err) {
	   visibleOn('flickError');
       return false;
    }
	count++;
	if(count==1){
	  return true;
	}else{
	  alert ("We are currently processing your request.");
	  return false;
	}
}
</script>
<form id="gallery" action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateFlickForm(this);">
<table cellspacing="0" cellpadding="4" border="0">
  <tr>
    <td>Upload Image<span id="errfile" class="error" style="visibility:hidden;"> *</span></td>
    <td><input type="file" name="file" class="field"></td>
  </tr>
  <tr>
    <td>Artist Name<span id="errartist" class="error" style="visibility:hidden;"> *</span></td>
    <td>
       <table cellspacing="0" cellpadding="0" border="0">
          <tr>
		     <td>
			   Select an existing 50mm artist.<br>
			   <?//make drop down menu
				$sql = "SELECT artist_name,artist_id FROM 50mm_artists WHERE approved = 1 ORDER BY artist_name ASC;";
				if( !($result = $db->sql_query($sql)) ){
				   $sql_error = $db->sql_error();
				   die($sql_error['message']);
				}
				$options = '<select name="artist">'."\n";
				$options.= '<option value="">-- select artist --</option>'."\n";
				while($row = $db->sql_fetchrow($result)){
					 $options.= '<option value="'.$row['artist_id'].'">'.$row['artist_name'].'</option>'."\n";
				}
				$options.= '</select>'."\n";
				echo $options;
			   ?>
			  </td>
			  <td width="30" align="center" style="padding-top:10px;">OR</td>
			  <td>
			     Add a new 50mm artist.<br>
	             <input type="text" name="newArtist" value="" class="field">
			  </td>
			</tr>
		</table>
	</td>
  </tr>
  <tr>
    <td>City/Country</td>
    <td><input type="text" name="location" value="" class="field"></td>
  </tr>
  <tr valign="top">
    <td><b>Comments about the flick<br>Or<br>Additonal Artists</b></td>
    <td><textarea wrap="on" name="comment" class="body" style="width: 400px; height: 200px;"></textarea></td>
  </tr>
  <tr>
    <td>Year Painted</td>
    <td>
	   <?//make drop down menu
	      $year = 1901;
		  $year_end = date('Y') + 1;
		  $options = '<select name="year">'."\n";
          $options.= '<option value="">-- select year --</option>'."\n";
		  for($year;$year<=$year_end;$year++){
 		     $options.= '<option value="'.$year.'">'.$year.'</option>'."\n";
		  }
          $options.= '</select>'."\n";
		  echo $options;
	   ?>
     </td>
  </tr>
  <tr>
    <td colspan="2" align="center">
	   <input name="submit" type="submit" class="button" value="Submit Photo">
	   <div id="flickError" class="error" style="visibility:hidden;">SUBMISSION FAILURE: Please correct the fields marked by *</div>
	   <div id="artistError" class="error" style="visibility:hidden;">You must specify a new artist, or choose an artist name from the pulldown menu.</div>
	</td>
  </tr>
</table>
</form>
<?
include_once('includes/footer.php');
include_once('includes/appBottom.php');
?>