function reserve_pixels_for_temp_order($temp_order_row)
{
    // check if the user can get the order
    if (!can_user_order(load_banner_row($temp_order_row['banner_id']), $_SESSION['MDS_ID'], $temp_order_row['package_id'])) {
        echo 'can\'t touch this<br>';
        return false;
    }
    require_once '../include/ads.inc.php';
    ###################################################
    if (USE_LOCK_TABLES == 'Y') {
        $sql = "LOCK TABLES blocks WRITE, orders WRITE, ads WRITE, temp_orders WRITE,  currencies READ, prices READ, banners READ, form_fields READ, form_field_translations READ";
        $result = mysql_query($sql) or die(" <b>Dear Webmaster: The current MySQL user does not have permission to lock tables. Please give this user permission to lock tables, or turn off locking in the Admin. To turn off locking in the Admin, please go to Main Config and look under the MySQL Settings.<b>");
    } else {
        // poor man's lock
        $sql = "UPDATE `config` SET `val`='YES' WHERE `key`='SELECT_RUNNING' AND `val`='NO' ";
        $result = mysql_query($sql) or die(mysql_error());
        if (mysql_affected_rows() == 0) {
            // make sure it cannot be locked for more than 30 secs
            // This is in case the proccess fails inside the lock
            // and does not release it.
            $unix_time = time();
            // get the time of last run
            $sql = "SELECT * FROM `config` where `key` = 'LAST_SELECT_RUN' ";
            $result = @mysql_query($sql);
            $t_row = @mysql_fetch_array($result);
            if ($unix_time > $t_row['val'] + 30) {
                // release the lock
                $sql = "UPDATE `config` SET `val`='NO' WHERE `key`='SELECT_RUNNING' ";
                $result = @mysql_query($sql) or die(mysql_error());
                // update timestamp
                $sql = "REPLACE INTO config (`key`, `val`) VALUES ('LAST_SELECT_RUN', '{$unix_time}')  ";
                $result = @mysql_query($sql) or die(mysql_error());
            }
            usleep(5000000);
            // this function is executing in another process. sleep for half a second
            reserve_pixels_for_temp_order($temp_order_row);
            return;
        }
    }
    ####################################################
    $filename = SERVER_PATH_TO_ADMIN . 'temp/' . "info_" . md5(session_id()) . ".txt";
    $fh = fopen($filename, 'rb');
    $block_info = fread($fh, filesize($filename));
    fclose($fh);
    //$block_info = unserialize($temp_order_row['block_info']);
    $block_info = unserialize($block_info);
    //echo "block info:";
    //print_r($block_info);
    $in_str = $temp_order_row['blocks'];
    $sql = "select block_id from blocks where banner_id='" . $temp_order_row['banner_id'] . "' and block_id IN(" . $in_str . ") ";
    //echo $sql."<br>";
    $result = mysql_query($sql) or die($sql . mysql_error());
    if (mysql_num_rows($result) > 0) {
        return false;
        // the pixels are not available!
    }
    // approval status, default is N
    $banner_row = load_banner_row($temp_order_row['banner_id']);
    $approved = $banner_row['auto_approve'];
    $now = gmdate("Y-m-d H:i:s");
    $sql = "REPLACE INTO orders (user_id, order_id, blocks, status, order_date, price, quantity, banner_id, currency, days_expire, date_stamp, package_id, ad_id, approved) VALUES ('" . $_SESSION['MDS_ID'] . "', '', '" . $in_str . "', 'new', '" . $now . "', '" . $temp_order_row['price'] . "', '" . $temp_order_row['quantity'] . "', '" . $temp_order_row['banner_id'] . "', '" . get_default_currency() . "', " . $temp_order_row['days_expire'] . ", '" . $now . "', " . $temp_order_row['package_id'] . ", " . $temp_order_row['ad_id'] . ", '" . $approved . "') ";
    $result = mysql_query($sql) or die(mysql_error() . $sql);
    $order_id = mysql_insert_id();
    mds_log("Changed temp order to a real order - " . $sql);
    //echo "<hr>";echo $sql; echo "<hr>";
    $sql = "UPDATE ads SET user_id='" . $_SESSION['MDS_ID'] . "', order_id='" . $order_id . "' where ad_id='" . $temp_order_row['ad_id'] . "' ";
    //echo $sql;
    mysql_query($sql) or die(mysql_error() . $sql);
    $sql = "UPDATE orders SET original_order_id='" . $order_id . "' where order_id='" . $order_id . "' ";
    //echo $sql;
    mysql_query($sql) or die(mysql_error() . $sql);
    global $prams;
    $prams = load_ad_values($temp_order_row['ad_id']);
    $url = get_template_value('URL', 1);
    $alt_text = get_template_value('ALT_TEXT', 1);
    //print_R($block_info);
    //echo "<P>url: $url, alt_text: $alt_text </p>";
    foreach ($block_info as $key => $block) {
        $sql = "REPLACE INTO `blocks` ( `block_id` , `user_id` , `status` , `x` , `y` , `image_data` , `url` , `alt_text`, `approved`, `banner_id`, `currency`, `price`, `order_id`, `ad_id`) VALUES ('" . $key . "',  '" . $_SESSION['MDS_ID'] . "' , 'reserved' , '" . $block['map_x'] . "' , '" . $block['map_y'] . "' , '" . $block['image_data'] . "' , '" . addslashes($url) . "' , '" . addslashes($alt_text) . "', '" . $approved . "', '" . $temp_order_row['banner_id'] . "', '" . get_default_currency() . "', '" . $block['price'] . "', '" . $order_id . "', '" . $temp_order_row['ad_id'] . "')";
        //echo $sql."<br>";
        mds_log("Updated block - " . $sql);
        mysql_query($sql) or die(mysql_error() . $sql);
    }
    delete_temp_order(session_id(), false);
    // false = do not delete the ad...
    ###################################################
    if (USE_LOCK_TABLES == 'Y') {
        $sql = "UNLOCK TABLES";
        $result = mysql_query($sql) or die(mysql_error() . " <b>Dear Webmaster: The current MySQL user set in config.php does not have permission to lock tables. Please give this user permission to lock tables, or set USE_LOCK_TABLES to 'No' in the Main Config section in the Admin.<b>");
    } else {
        // release the poor man's lock
        $sql = "UPDATE `config` SET `val`='NO' WHERE `key`='SELECT_RUNNING' ";
        mysql_query($sql);
        $unix_time = time();
        // update timestamp
        $sql = "REPLACE INTO config (`key`, `val`) VALUES ('LAST_SELECT_RUN', '{$unix_time}')  ";
        $result = @mysql_query($sql) or die(mysql_error());
    }
    ####################################################
    return $order_id;
}
 $uploaddir = SERVER_PATH_TO_ADMIN . "temp/";
 $parts = split('\\.', $_FILES['graphic']['name']);
 $ext = strtolower(array_pop($parts));
 // CHECK THE EXTENSION TO MAKE SURE IT IS ALLOWED
 $ALLOWED_EXT = 'jpg, jpeg, gif, png';
 $ext_list = preg_split("/[\\s,]+/i", $ALLOWED_EXT);
 if (!in_array($ext, $ext_list)) {
     $error .= "<b><font color='red'>" . $label['advertiser_file_type_not_supp'] . " ({$ext})</font></b><br>";
     $image_changed_flag = false;
 }
 if ($error) {
     //echo "<font color='red'>Error, image upload failed</font>";
     echo $error;
 } else {
     // clean up is handled by the delete_temp_order($sid) function...
     delete_temp_order(session_id());
     // delete temp_* files older than 24 hours
     $dh = opendir($uploaddir);
     while (($file = readdir($dh)) !== false) {
         $elapsed_time = 60 * 60 * 24;
         // 24 hours
         // delete old files
         $stat = stat($uploaddir . $file);
         if ($stat[9] < time() - $elapsed_time) {
             if (strpos($file, 'tmp_' . md5(session_id())) !== false) {
                 unlink($uploaddir . $file);
             }
         }
     }
     $uploadfile = $uploaddir . "tmp_" . md5(session_id()) . ".{$ext}";
     if (move_uploaded_file($_FILES['graphic']['tmp_name'], $uploadfile)) {