$db_read = get_db_read(); $db_write = get_db_write(); if (!$me) { show_error_redirect_back("Please log in before uploading an image"); } if (isset($_SESSION['image_filename']) == false) { show_error_redirect_back("Error uploading image! A session variable is missing set, so either there was a session timeout or you tried to reload the page. Please try again."); } $image_filename = $_SESSION['image_filename']; $_SESSION['image_filename'] = null; if (isset($_POST['category_id']) == false || is_numeric($_POST['category_id']) == false) { show_error_redirect_back("Error -- category wasn't found"); } $title = mysql_escape_string(htmlentities(trim($_POST['title']))); $caption = mysql_escape_string(nl2br(htmlentities(trim($_POST['caption'])))); $category = get_category_by_category_id($_POST['category_id'], $db_read); if (validate_title($title) == false) { show_error_redirect_back("Invalid title. Titles have to be 0-{$max_length_title} characters."); } if (validate_comment($caption) == false) { show_error_redirect_back("Invalid caption. Captions have to be 0-{$max_length_comment} characters."); } # Make sure he's uploading to his own category $result = try_mysql_query("SELECT * FROM categories WHERE user_id='" . $me['user_id'] . "' AND category_id='" . $category['category_id'] . "'", $db_read); if (mysql_num_rows($result) == 0) { show_error_redirect_back("Invalid category."); } mysql_free_result($result); # Insert the new picture try_mysql_query("INSERT INTO pictures (category_id, title, filename, caption, date_added) VALUES ('" . $category['category_id'] . "', '{$title}', '{$image_filename}', '{$caption}', NOW())", $db_write); $picture_id = mysql_insert_id($db_write);
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # show_category.php # This shows a list of the pictures in a category. Hopefully, eventually, with # thumbnails. # header('Pragma: no-cache'); require 'shared.php'; $db = get_db_read(); $_SESSION['back'] = $_SERVER['REQUEST_URI']; if (isset($_GET['category_id']) == false || is_numeric($_GET['category_id']) == false) { show_error_redirect_back("No category_id specified"); } $category_id = $_GET['category_id']; $category_information = get_category_by_category_id($category_id, $db); if (!$category_information || !$me && $category_information['private'] != 0) { show_error_redirect_back("invalid category_id"); } $user_information = get_user_by_user_id($category_information['user_id'], $db); # Check if the category is private $pictures = get_pictures_by_category_id($category_id, $db); # Display the table of pictures $new_pictures = array(); foreach ($pictures as $picture) { $picture['url'] = "show_picture.php?picture_id=" . $picture['picture_id']; $picture['picture_url'] = "picture.php?picture_id=" . $picture['picture_id']; $picture['tn_url'] = "picture.php?tn=true&picture_id=" . $picture['picture_id']; $picture['num_comments'] = count(get_comments_by_picture_id($picture['picture_id'], $db)); array_push($new_pictures, $picture); }
# show_picture.php # This shows the selected picture, with information about it. # header('Pragma: no-cache'); require 'shared.php'; # Make a connection to the database $db = get_db_read(); $_SESSION['back'] = $_SERVER['REQUEST_URI']; if (isset($_GET['picture_id']) == false || is_numeric($_GET['picture_id']) == false) { show_error_redirect_back("Invalid picture"); } $picture_id = $_GET['picture_id']; # Get the current picture $picture = get_picture_from_picture_id($picture_id, $db) or show_error_redirect_back("Invalid picture"); # Get the category $category = get_category_by_category_id($picture['category_id'], $db) or show_error_redirect_back("Invalid picture"); # Get the user $user = get_user_by_user_id($category['user_id'], $db) or show_error_redirect_back("Invalid picture"); # Check if the category is private if (!$me && $category['private'] == '1') { show_error_redirect_back("Invalid picture"); } # Get the images in the category $pictures = get_pictures_by_category_id($category['category_id'], $db); $prev_picture = null; $next_picture = null; # Find the next and previous picture $done = false; while (!$done && ($this_picture = array_shift($pictures))) { if ($this_picture['picture_id'] == $picture_id) { if ($this_picture = array_shift($pictures)) {
} if (isset($_GET['tn']) && $_GET['tn'] == "true") { $tn = true; } else { $tn = false; } $picture_id = $_GET['picture_id']; $db = get_db_read(); # Check if this board requires registration if (!$me && $require_registration) { show_error_image("Login required"); } # Get the information on the picture $picture = get_picture_from_picture_id($picture_id, $db); # Get information ont he category $category = get_category_by_category_id($picture['category_id'], $db); # Die if the picture doesn't exist if (!$picture) { show_error_image("Couldn't find picture"); } # If they aren't logged in, make sure they have access if (!$me && $category['private'] == '1') { if ($category['private'] == 1) { show_error_image("Couldn't find picture"); } } $file = $picture['filename']; if ($tn == true) { show_image("{$upload_directory}/tn-{$file}"); } else { show_image("{$upload_directory}/{$file}");