Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
var
/
www
/
ridazz
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
//var/www/ridazz/admin/forumsTopicEdit.php
<? include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon2.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); include_once('includes/static/util.php'); include_once('includes/appTop2.php'); $page_id = str_replace(".php","",basename($_SERVER['PHP_SELF'])); if(!has_permission($page_id)){ die("You don't have permission to view this page!"); } $html=""; $topic_id = 0; if(isset($_REQUEST['topicId'])){ $topic_id = isNum($_REQUEST['topicId'], 0); } $reply_id = 0; if(isset($_REQUEST['replyId'])){ $reply_id = isNum($_REQUEST['replyId'], 0); } if(isset($_REQUEST['action'])){ if($_REQUEST['action'] == 'delete'){ $sql = "DELETE FROM 50mm_forum_replies WHERE reply_id='$reply_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $html.= "<div class=\"hilite\">operation successful</div>"; } } if(isset($_REQUEST['update'])){ $cur_file = $_FILES['file']['name']; $cur_temp = $_FILES['file']['tmp_name']; $cur_size = $_FILES['file']['size']; $cur_type = $_FILES['file']['type']; $cur_mime = $_FILES['file']['type']; $cur_error = $_FILES['file']['error']; $title = $db->sanitize_input(sanitize_title($_REQUEST['title'])); $body = $db->sanitize_input(sanitize_body($_REQUEST['body'])); if(!empty($cur_file)){ $valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,FORUM_MAX_KB); if($valid['result']){ $type = explode("/",$cur_mime); $cur_type = trim($type[0]); $unique_name = $db->sanitize_input(get_unique_filename($cur_file)); //create full image if (!copy($cur_temp, ROOT_DIR.FORUM_LIMG_DIR.$unique_name)) { die("Failed Image Upload"); } $image_info = getimagesize($cur_temp); //create image resource $gd = new gd_img($cur_mime,$cur_temp); if(!$gd->img_id){ die($gd->gd_error);} //check to see if thumb image needs resizing if(($image_info[0] > FORUM_THUMB_WIDTH) || ($image_info[1] > FORUM_THUMB_HEIGHT)){ //resize $id_t = $gd->gd_scale_img(FORUM_THUMB_WIDTH,FORUM_THUMB_WIDTH,IMG_QUALITY); if(!$id_t){ die($gd->gd_error);} $res = $gd->gd_create_img($id_t,ROOT_DIR.FORUM_SIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} }else{ //don't resize $res = $gd->gd_create_img($gd->img_id,ROOT_DIR.FORUM_SIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} } //create watermark image $w_type = getimagesize(WATERMARK_FILE); $gdw = new gd_img($w_type['mime'],WATERMARK_FILE); if(!$gdw->img_id){ die($gdw->gd_error);} //check to see if full size image needs resizing if(($image_info[0] > FORUM_IMG_WIDTH) || ($image_info[1] > FORUM_IMG_HEIGHT)){ //scale image $id = $gd->gd_scale_img(FORUM_IMG_WIDTH,FORUM_IMG_WIDTH,IMG_QUALITY); if(!$id){ die($gd->gd_error);} //apply watermark $res = $gd->gd_merge_ids($id,$gdw->img_id); if(!$res){ die($gd->gd_error);} //create scaled image $res = $gd->gd_create_img($id,ROOT_DIR.FORUM_LIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} }else{ $id = $gd->img_id; //apply watermark $res = $gd->gd_merge_ids($id,$gdw->img_id); if(!$res){ die($gd->gd_error);} //create full image $res = $gd->gd_create_img($gd->img_id,ROOT_DIR.FORUM_LIMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} } $sql = "UPDATE 50mm_forum_topics SET title='".apply_filter($title)."',body='".apply_filter($body)."', image='$unique_name' WHERE topic_id='$topic_id'"; }else{ $html.="<div class=\"error\">Unable to store the following content $cur_file<br> Reason: ".$valid['error']."</div>"; } }else{ //store text $sql = "UPDATE 50mm_forum_topics SET title='".apply_filter($title)."',body='".apply_filter($body)."' WHERE topic_id='$topic_id'"; } if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $html.= "<div class=\"hilite\">operation successful</div>"; } include_once('includes/header.php'); $html = ""; $sql="SELECT topic_id, title, body, image, entry_time FROM 50mm_forum_topics WHERE topic_id='$topic_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); if(!empty($row['image'])){ $image_info = @getimagesize(ROOT_DIR.FORUM_LIMG_DIR.$row['image']); $js = "popImage('".urlencode(FORUM_LIMG_DIR.$row['image'])."','".$image_info[0]."','".$image_info[1]."');"; $row['image'] ="<img src=\"".FORUM_SIMG_DIR.$row['image']."\" border=\"0\" style=\"cursor:pointer;\" onClick=\"".$js."\">"; } ?> <!-- begin forum content --> <script> divs = new Array('title','body'); </script> <form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,divs,'errorForum');"> <?echo $row['entry_time']?> <table cellspacing="0" cellpadding="4" border="0"> <tr> <td><?echo $row['image']?></td> </tr> <tr> <td>Replace Image:<br> <input type="file" name="file" class="field"> </td> </tr> <tr> <td> Title:<span id="errtitle" class="error" style="visibility:hidden;"> *</span><br> <input name="title" type="text" class="field" value="<?echo $row['title']?>" style="width: 200px;"> </td> </tr> <tr> <td> Body:<span id="errbody" class="error" style="visibility:hidden;"> *</span><br> <textarea name="body" class="body" style="width: 350px; height: 200px;"><?echo $row['body']?></textarea> </td> </tr> <tr> <td align="center"> <input name="update" type="submit" value="Update Thread" class="button"> <div id="errorForum" class="error" style="visibility:hidden;">Please correct the fields marked by *</div> </td> </tr> </table> <input type="hidden" name="topicId" value="<?echo $topic_id?>"> </form> <!-- end forum content --> <div class="adminthreads"> <? //get topic title $sql = "SELECT t.title,t.entry_time,u.username,u.user_id,t.body,t.image FROM 50mm_forum_topics t,50mm_users u WHERE t.topic_id = '$topic_id' AND u.user_id=t.user_id"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $thread =""; if($db->sql_numrows($result) > 0){ $row = $db->sql_fetchrow($result); $unix = get_unix_time($row['entry_time']); $date = date("m.j.y - g:i a",$unix); $thread.= "<div class=\"title\">".$row['title']."</div>"; $thread.= "Thread started by <a href=\"viewProfile.php?userId=".$row['user_id']."\">".$row['username']."</a> at $date<br><br>"; if(!empty($row['image'])){ $image_info = @getimagesize(ROOT_DIR.FORUM_LIMG_DIR.$row['image']); $js = "popImage('".urlencode(FORUM_LIMG_DIR.$row['image'])."','".$image_info[0]."','".$image_info[1]."');"; $thread.="<img src=\"".FORUM_SIMG_DIR.$row['image']."\" border=\"0\" hspace=\"10\" align=\"right\" style=\"cursor:pointer;\" onClick=\"".$js."\">"; } $thread.=$row['body']; } $thread.="<br clear=\"all\"><br>"; $thread.="<div style=\"background-color:#000000;line-height:1px;font-size:1px;\" height=\"1\"> </div><br>\n"; echo $thread; $sql = "SELECT r.body,r.image,r.entry_time,u.username,u.user_id,reply_id FROM 50mm_forum_replies r,50mm_users u WHERE r.topic_id = '$topic_id' AND u.user_id=r.user_id ORDER BY r.entry_time DESC"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $replies = ""; if($db->sql_numrows($result) > 0){ while($row = $db->sql_fetchrow($result)){ $replies.="<div>\n"; $unix = get_unix_time($row['entry_time']); $date = date("m.j.y - g:i a",$unix); if(!empty($row['image'])){ $image_info = @getimagesize(ROOT_DIR.FORUM_LIMG_DIR.$row['image']); $js = "popImage('".urlencode(FORUM_LIMG_DIR.$row['image'])."','".$image_info[0]."','".$image_info[1]."');"; $replies.="<img src=\"".FORUM_SIMG_DIR.$row['image']."\" border=\"0\" hspace=\"10\" align=\"right\" style=\"cursor:pointer;\" onClick=\"".$js."\">"; } $replies.=$row['body']."<br><br>\n"; $replies.="<a href=\"/viewProfile.php?userId=".$row['user_id']."\" target=\"_top\">".$row['username']."</a><br>\n"; $replies.=$date."<br><br>\n"; $replies.="<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" enctype=\"multipart/form-data\">\n"; if(has_permission("forumsReplyEdit")){ $replies.="<a href=\"forumsReplyEdit.php?replyId=".$row['reply_id']."\">edit</a> | \n"; } if(has_permission("forumsTopicDelete")){ $replies.="<a href=\"".$_SERVER['PHP_SELF']."?replyId=".$row['reply_id']."&topicId=$topic_id&action=delete\" onClick=\"return validateDelete(this.form);\">delete</a>\n"; } $replies.="</form>"; $replies.="<br clear=\"all\"><br>"; $replies.="<div style=\"background-color:#000000;line-height:1px;font-size:1px;\" height=\"1\"> </div><br>\n"; $replies.="</div>\n"; } echo $replies; } ?> </div> <?echo $html?> <br> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?>