function metaWeblog_newMediaObject($values)
{
//2006-12-2 add support for uploading files
global $config, $defualtcategoryid, $db_prefix, $mbcon, $nowtime;
$userdetail = check_user($values['username'], $values['password']);
$struct = $values['struct'];
//writetofile ('text1.php', $struct['bits']); //debug only
if ($struct['bits'] && $struct['name']) {
$writefilecontent = base64_decode($struct['bits']);
$ext = strtolower(strrchr($struct['name'], '.'));
$ext = str_replace(".", '', $ext);
$upload_filename = time() . '_' . rand(1000, 9999) . substr(md5($struct['name']), 0, 4) . '.' . $ext;
if ($mbcon['uploadfolders'] == '1') {
$targetfolder_ym = date("Ym") . '/';
$targetfolder = "attachment/{$targetfolder_ym}";
if (!is_dir($targetfolder)) {
$mktargetfolder = @mkdir($targetfolder, 0777);
if (!$mktargetfolder) {
xml_error("Sorry, uploading file ({$struct['name']}) failed because PHP was unable to create a new directory.");
}
}
} else {
$targetfolder_ym = '';
$targetfolder = 'attachment';
}
$filenum = @fopen("{$targetfolder}/{$upload_filename}", "wb");
if (!$filenum) {
xml_error("Sorry, uploading file ({$struct['name']}) failed.");
}
flock($filenum, LOCK_EX);
fwrite($filenum, $writefilecontent);
fclose($filenum);
//DB updating, new function in 2.1.0
$blog = new boblog();
$blog->query("INSERT INTO `{$db_prefix}upload` (fid,filepath,originalname,uploadtime,uploaduser) VALUES (null, \"attachment/{$targetfolder_ym}{$upload_filename}\", \"{$struct['name']}\", {$nowtime['timestamp']}, {$userdetail['userid']})");
$currentid = db_insert_id();
if ($mbcon['wmenable'] == '1') {
//Add watermark
$imgext_watermark = array('jpg', 'gif', 'png');
if (in_array($ext, $imgext_watermark)) {
create_watermark("attachment/{$targetfolder_ym}{$upload_filename}");
}
}
}
$xml_content = make_xml_piece("struct", array('url' => "{$config['blogurl']}/attachment.php?fid={$currentid}"));
$body_xml = xml_generate($xml_content);
send_response($body_xml);
}
$customtemplate = basename($_REQUEST['tem']);
setcookie('blogtemplate', $customtemplate);
} else {
$customtemplate = basename($_COOKIE['blogtemplate']);
}
if (!empty($customtemplate) && file_exists("template/{$customtemplate}/info.php")) {
require "template/{$customtemplate}/info.php";
} else {
require "data/mod_template.php";
}
define('elementfile', $template['structure']);
//2006-7-2 Seurity Fix, 2006-7-5 modified
acceptcookie("userid,userpsw");
$userid = safe_convert($userid);
$userpsw = safe_convert($userpsw);
$blog = new boblog();
//Initialize Time Info
$nowtime['timestamp'] = time();
$nowtime += array('year' => gmdate('Y', $nowtime['timestamp'] + 3600 * $config['timezone']), 'month' => gmdate('n', $nowtime['timestamp'] + 3600 * $config['timezone']), 'day' => gmdate('j', $nowtime['timestamp'] + 3600 * $config['timezone']), 'Ymd' => gmdate('Ymd', $nowtime['timestamp'] + 3600 * $config['timezone']), 'Ym' => gmdate('Ym', $nowtime['timestamp'] + 3600 * $config['timezone']));
//Sessions and Cookies
$userdetail = array();
if (empty($userid) || empty($userpsw)) {
$userdetail['usergroup'] = 0;
$userdetail['userid'] = -1;
$logstat = 0;
} else {
$userdetail = $blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE `userid`='{$userid}' AND `userpsw`='{$userpsw}'");
if (!$userdetail) {
$userdetail['usergroup'] = 0;
$userdetail['userid'] = -1;
$logstat = 0;
