* @Author PCD-GROUP (contact@dinhpc.com) * @Copyright (C) 2015 PCD-GROUP. All rights reserved * @Update to 4.x webvang (hoang.nguyen@webvang.vn) * @License GNU/GPL version 2 or any later version * @Createdate Fri, 29 May 2015 07:49:53 GMT if ( ! defined( 'NV_IS_ADMIN' ) ) { $nv_redirect = NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name; redict_link ( 'ban khong co quyen han', '', $nv_redirect ); }; */ if (!defined('NV_IS_MOD_ARCHIVES')) { die('Stop!!!'); } check_upload(); $page_title = $lang_module['content']; $month_dir_module = nv_mkdir(NV_UPLOADS_REAL_DIR . '/' . $module_name, date("Y_m"), true); if (defined('NV_EDITOR')) { require_once NV_ROOTDIR . '/' . NV_EDITORSDIR . '/' . NV_EDITOR . '/nv.php'; } else { if (!function_exists('nv_aleditor') and file_exists(NV_ROOTDIR . '/' . NV_EDITORSDIR . '/ckeditor/ckeditor_php5.php')) { define('NV_EDITOR', TRUE); define('NV_IS_CKEDITOR', TRUE); require_once NV_ROOTDIR . '/' . NV_EDITORSDIR . '/ckeditor/ckeditor_php5.php'; function nv_aleditor($textareaname, $width = "100%", $height = '450px', $val = '') { // Create class instance. $editortoolbar = array(array('Link', 'Unlink', 'Image', 'Table', 'Font', 'FontSize', 'RemoveFormat'), array('Bold', 'Italic', 'Underline', 'StrikeThrough', '-', 'Subscript', 'Superscript', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock', 'OrderedList', 'UnorderedList', '-', 'Outdent', 'Indent', 'TextColor', 'BGColor', 'Source')); $CKEditor = new CKEditor(); // Do not print the code directly to the browser, return it instead
break; case 4: $check_screen2_err = $language["QUAR_OUTPUT"]; break; case 5: default: $check_screen2_err = ""; break; } if ($check_screen2_err != "") { stderr($language["ERROR"], $check_screen2_err); } } $screen3 = $_FILES["screen3"]; if (isset($screen3["tmp_name"]) && !empty($screen3["tmp_name"]) && (isset($screen3["name"]) && !empty($screen3["name"]))) { $check_screen3 = check_upload($screen3["tmp_name"], $screen3["name"]); switch ($check_screen3) { case 1: case 2: $check_screen3_err = $language["ERR_MISSING_DATA"]; if (file_exists($screen3["tmp_name"])) { @unlink($screen3["tmp_name"]); } break; case 3: $check_screen3_err = $language["QUAR_TMP_FILE_MISS"]; break; case 4: $check_screen3_err = $language["QUAR_OUTPUT"]; break; case 5:
require load_language("lang_upload.php"); require_once "include/BDecode.php"; require_once "include/BEncode.php"; //// Configuration// function_exists("sha1") or die("<font color=\"red\">" . $language["NOT_SHA"] . "</font></body></html>"); if (!$CURUSER || $CURUSER["can_upload"] == "no") { err_msg($language["SORRY"], $language["ERROR"] . $language["NOT_AUTHORIZED_UPLOAD"]); stdfoot(); exit; } if (isset($_FILES["torrent"])) { if ($_FILES["torrent"]["error"] != 4) { $fd = fopen($_FILES["torrent"]["tmp_name"], "rb") or stderr($language["ERROR"], $language["FILE_UPLOAD_ERROR_1"]); is_uploaded_file($_FILES["torrent"]["tmp_name"]) or stderr($language["ERROR"], $language["FILE_UPLOAD_ERROR_2"]); if (isset($_FILES["torrent"]["tmp_name"]) && !empty($_FILES["torrent"]["tmp_name"]) && (isset($_FILES["torrent"]["name"]) && !empty($_FILES["torrent"]["name"]))) { $check_torr = check_upload($_FILES["torrent"]["tmp_name"], $_FILES["torrent"]["name"]); switch ($check_torr) { case 1: case 2: $check_torr_err = $language["ERR_MISSING_DATA"]; if (file_exists($_FILES["torrent"]["tmp_name"])) { @unlink($_FILES["torrent"]["tmp_name"]); } break; case 3: $check_torr_err = $language["QUAR_TMP_FILE_MISS"]; break; case 4: $check_torr_err = $language["QUAR_OUTPUT"]; break; case 5:
} else { $pass = false; $error_msg = 'Picture size is limited on 100px X 100px!'; } } else { $pass = false; $error_msg = 'File not temp-uploaded!'; } } else { $pass = false; $error_msg = 'Picture size in KB > 1!'; } } if (isset($_FILES['silver_picture']) && $_FILES['silver_picture']['name'] != '') { if (isset($_FILES["silver_picture"]["tmp_name"]) && !empty($_FILES["silver_picture"]["tmp_name"]) && (isset($_FILES["silver_picture"]["name"]) && !empty($_FILES["silver_picture"]["name"]))) { $check_silver = check_upload($_FILES["silver_picture"]["tmp_name"], $_FILES["silver_picture"]["name"]); switch ($check_silver) { case 1: case 2: $check_silver_err = $language["ERR_MISSING_DATA"]; if (file_exists($_FILES["silver_picture"]["tmp_name"])) { @unlink($_FILES["silver_picture"]["tmp_name"]); } break; case 3: $check_silver_err = $language["QUAR_TMP_FILE_MISS"]; break; case 4: $check_silver_err = $language["QUAR_OUTPUT"]; break; case 5:
$category = $_POST['category']; // prepare the file if ($_FILES['userfile'] != "") { $userfile = strtolower($_FILES['userfile']['name']); $uploadfile = $upload_dir . $userfile; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { chmod($uploadfile, 0644); $result = check_upload($_FILES['userfile']['error']); $filnamn = strtolower($_FILES['userfile']['name']); $filtyp = $_FILES['userfile']['type']; $filstorlek = $_FILES['userfile']['size']; $status = "ok"; } else { // something went wrong, try to describe what echo "Error"; $result = check_upload($_FILES['userfile']['error']); echo "<br>{$result}<hr>"; $status = "no"; } // end move } // end prepare of file // insert post in mysql $image = $filnamn; if ($status == "ok") { $query = "insert into " . $pixelpost_db_prefix . "pixelpost(id,datetime,headline,body,image, category)\r\n\t VALUES('NULL','{$datetime}','{$headline}','{$body}','{$image}','{$category}')"; $result = mysql_query($query) || die("Error: " . mysql_error()); // done echo "\r\n <div id='caption'>\r\n\t POSTED: " . $_POST['headline'] . "\r\n\t </div>\r\n\t <div id='content'>\r\n\t " . $_POST['body'] . "<br>\r\n\t {$datetime}<p>\r\n\t <img src='../images/{$filnamn}' />\r\n </div>\r\n\t "; //create thumbnail if (function_exists('gd_info')) {
$r = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT id FROM {$TABLE_PREFIX}dox WHERE title=" . sqlesc($title)) or sqlesc(); if (mysqli_num_rows($r) > 0) { stderr("Error", "A file with the title <b>" . htmlspecialchars($title) . "</b> already exists!"); stdfoot(); die; } $url = $_POST["url"]; if ($url != "") { if (substr($url, 0, 7) != "http://" && substr($url, 0, 6) != "ftp://") { stderr("Error", "The URL <b>" . htmlspecialchars($url) . "</b> does not seem to be valid."); stdfoot(); die; } } if (isset($file["tmp_name"]) && !empty($file["tmp_name"]) && (isset($file["name"]) && !empty($file["name"]))) { $check_dox = check_upload($file["tmp_name"], $file["name"]); switch ($check_dox) { case 1: case 2: $check_dox_err = $language["ERR_MISSING_DATA"]; if (file_exists($file["tmp_name"])) { @unlink($file["tmp_name"]); } break; case 3: $check_dox_err = $language["QUAR_TMP_FILE_MISS"]; break; case 4: $check_dox_err = $language["QUAR_OUTPUT"]; break; case 5: