*
* $Id: admin/bin_upload.php, 2005/11/13 17:41:50 Exp $
*/
$cd = '..';
require_once $cd . '/include/config.inc.php';
require_once $cd . '/include/fnc_error_msgs.inc.php';
require_once $cd . '/include/http_headers.inc.php';
require_once './include/fnc_admin.inc.php';
session_control();
// No Header sendings
against_xss();
if ($session_status == 'on') {
if (isset($_POST['bin_title'], $_POST['bin_category'], $_POST['bincomment'])) {
$bin_title = insert_safe($_POST['bin_title']);
$bin_category = preg_replace('/,+$/', '', insert_safe($_POST['bin_category']));
$bincomment = insert_tag_safe($_POST['bincomment']);
if ($cfg['enable_unicode'] == 'on') {
mb_convert_variables($cfg['mysql_lang'], "auto", $bin_title, $bincomment, $bin_category);
}
$binfile = $_FILES['binfile'];
if (isset($binfile)) {
clearstatcache();
//initialize
$bin_src = $binfile["tmp_name"];
$bin_type = $binfile["type"];
$bin_name = $binfile["name"];
$bin_size = filesize($bin_src);
//get the size of it
if (isset($_POST['bindate']) && preg_match("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", $_POST['bindate'])) {
$bin_date = insert_safe($_POST['bindate']);
$cmod = preg_replace("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", "\$1\$2\$3\$4\$5\$6", $bin_date);
require_once $cd . '/include/http_headers.inc.php';
require_once './include/fnc_search.inc.php';
require_once './include/fnc_forum.inc.php';
// Block Spams
if ($_POST['comment_title'] != '' || $_POST['name'] != '' || $_POST['mail'] != '' || $_POST['address'] != '' || $_POST['comment'] != '' || $_POST['url_key'] != '') {
// echo 'Hi, Spammer! :-P';
header('Location: ' . $cd . '/forum/index.php');
exit;
}
if (isset($_POST['user_name'], $_POST['title'], $_POST['color'], $_POST['user_pass'], $_POST['refer_id'])) {
// comment field name
$comment_field_name = md5($block_spam['comment_field_name']);
$user_name = insert_safe($_POST['user_name']);
$mail = insert_safe($_POST['user_email']);
$title = insert_tag_safe($_POST['title']);
$comment = insert_tag_safe($_POST[$comment_field_name]);
$color = insert_safe($_POST['color']);
$user_pass = insert_safe($_POST['user_pass']);
$refer_id = insert_safe(intval($_POST['refer_id']));
// Unicode conversion
if ($cfg['enable_unicode'] == 'on') {
mb_convert_variables($cfg['mysql_lang'], 'auto', $user_name, $title, $comment);
}
// If title is empty
$title = $title == '' ? 'Untitled' : $title;
// Block Spams
if (isset($_POST['user_uri']) && substr_count($_POST['user_uri'], "@") > 0 || substr_count($comment, "http://") >= (int) $block_spam['uri_count'] || preg_match($block_spam['tags'], $_POST[$comment_field_name]) || preg_match($block_spam['keywords'], $_POST[$comment_field_name]) || $block_spam['deny_1byteonly'] == 'yes' && !preg_match('/.*[\\x80-\\xff]/', $_POST[$comment_field_name]) || preg_match($block_spam['tags'], $_POST['title']) || check_spammer() > 0) {
// echo 'Hi, Spammer! :-p';
header('Location: ' . $cd . '/forum/index.php');
exit;
}
} else {
$href = insert_safe($_POST['href']);
}
// if date time is set, insert it. if not, set current timestamp (UTC + Offset).
if (isset($_POST['date']) && isset($_POST['custom_date']) == 'yes' && preg_match("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", $_POST['date'])) {
$date = insert_safe($_POST['date']);
$fdate = $date;
$cmod = preg_replace("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", "\$1\$2\$3\$4\$5\$6", $date);
} else {
$fdate = gmdate('Y-m-d H:i:s', time() + $cfg['tz'] * 3600);
$cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600);
}
$name = insert_safe($_POST['name']);
// if posted category value were ended with ",(comma)", remove it.
$category = preg_replace('/,+$/', '', insert_safe($_POST['category']));
$comment = insert_tag_safe($_POST['comment']);
if ($cfg['enable_unicode'] == 'on') {
$name = mb_convert_encoding($name, $cfg['mysql_lang'], 'auto');
$category = mb_convert_encoding($category, $cfg['mysql_lang'], 'auto');
$comment = mb_convert_encoding($comment, $cfg['mysql_lang'], 'auto');
}
// First, upload the attachment files
file_upload();
// Save Trackback Ping URI
if ($cfg['trackback'] == 'on') {
if (!empty($_POST['send_ping_uri'])) {
$tb_table = ', `ping_uri`';
$senduri = insert_safe($_POST['send_ping_uri']);
$tb_table_value = ", '" . $senduri . "'";
$tb_encode = '&encode=' . insert_safe($_POST['encode']);
} else {
