$extension = pathinfo($_FILES['Filedata']['name']); $extension = strtolower($extension[extension]); $valid_ext_types = array('jpeg', 'jpg', 'gif', 'png'); if (!in_array($extension, $valid_ext_types)) { $error .= "File type does not appear to be a supported image (" . $extension . "). Please try another format.<br>"; } if (strlen($error) == 0) { $uploaddir = 'storage/originals/'; $newfilename = randomfilename() . "." . $extension; $uploadfile = $uploaddir . $newfilename; if (!move_uploaded_file($_FILES['Filedata']['tmp_name'], $uploadfile)) { $error .= "Could not move file into storage, please try again later."; log_data("ERROR: " . $error); } else { // add to db $userip = $_SERVER['REMOTE_ADDR']; list($originalwidth, $originalheight, $type, $attr) = getimagesize($uploadfile); $tracker = randomfilename(); $insert_image = "INSERT INTO images (dateadded, mimetype, originalfilename, filename, filesize, description, originalip, originalwidth, originalheight, lastaccessed, tracker, mutracker) VALUES (NOW(), '" . preparedata($contenttype) . "', '" . preparedata($filename) . "', '" . preparedata($newfilename) . "', '" . preparedata($filesize) . "', '', '" . preparedata($userip) . "', '" . $originalwidth . "', '" . $originalheight . "', NOW(), '" . preparedata($tracker) . "', '" . preparedata($mutracker) . "')"; $do_insert_image = @mysql_query($insert_image); $item_id = mysql_insert_id(); if ($do_insert_image) { log_data("SUCCESS: Image successfully uploaded. Ref: " . $item_id); } else { log_data("ERROR: SQL INSERT FAILED - " . $insert_image); } } } else { log_data("ERROR: " . $error); } log_data("Finished import process for " . $_FILES['Filedata']['name'] . "\n\r");
$pref .= "0"; } return $pref . $num; } if (isset($_POST['syncmode'])) { $logFile = "maninfo_" . date('Y_m_d_H_i') . ".log"; } else { $logFile = "fininfo_" . date('Y_m_d_H_i') . ".log"; } $lg = fopen($logFile, 'w') or die("Can't open log file"); //gather POST variables, sanitize and populate into assoc array if ($_SERVER["REQUEST_METHOD"] == "POST") { $formData = array(); //get POST params foreach ($_POST as $field => $value) { $formData[$field] = preparedata($value); } } else { exit; } //load API and MAIL settings into an asso array from evl_miscsettings table //get mysql connection $dbhandle = mysql_connect($MYSQL_SERVER, $MYSQL_USER, $MYSQL_PASS) or die("Couldn't connect to MySQL Server"); //select a database to work with $selected = mysql_select_db($MYSQL_DB, $dbhandle) or die("Couldn't open database {$MYSQL_DB}"); $sqlmisc = "SELECT `key`, `value` from evl_miscsettings"; $resultmisc = mysql_query($sqlmisc); $miscsettings = array(); while ($rowmisc = mysql_fetch_assoc($resultmisc)) { $miscsettings[$rowmisc['key']] = $rowmisc['value']; }
$fieldsudt['u_country'] = preparedata($rowstageudt['u_country']); } if (strlen($rowstageudt['u_phone']) > 0) { $fieldsudt['u_phone'] = preparedata($rowstageudt['u_phone']); } if (strlen($rowstageudt['u_email']) > 0) { $fieldsudt['u_email'] = preparedata($rowstageudt['u_email']); } if (strlen($rowstageudt['u_company']) > 0) { $fieldsudt['u_company'] = preparedata($rowstageudt['u_company']); } if (strlen($rowstageudt['conname']) > 0) { $fieldsudt['u_notes_1'] = preparedata($rowstageudt['conname']); } if (strlen($rowstageudt['conemail']) > 0) { $fieldsudt['u_notes_2'] = preparedata($rowstageudt['conemail']); } $fieldsudt_string = ""; //url-ify the data for the POST foreach ($fieldsudt as $key => $value) { $fieldsudt_string .= $key . '=' . $value . '&'; } $fieldsudt_string = rtrim($fieldsudt_string, "&"); fwrite($lg, "INFO: POST URL" . $APIURL . "/?" . $fieldsudt_string . "\n"); curl_setopt_array($chudt, array(CURLOPT_HTTPHEADER => array("Content-Type: text/xml"), CURLOPT_HEADER => 0, CURLOPT_TIMEOUT => 30, CURLOPT_FOLLOWLOCATION => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_URL => $APIURL . "/?" . $fieldsudt_string)); //execute post $respudt = curl_exec($chudt); $xmludt = simplexml_load_string($respudt); $successudt = 0; $icidudt = 0; $messageudt = '';
include_once "config.php"; include_once "function-library.php"; ?> <html> <head> <title></title> <link rel="stylesheet" href="<?php echo "http://" . $site_url . "/"; ?> styles.css" type="text/css"> </head> <body style="margin-top:5px;margin-bottom:0px;margin-right:0px;margin-left:0px;background-color:transparent;"> <?php if (strlen($password) > 4) { $userip = GetHostByName($REMOTE_ADDR); $add_pass = mysql_query("UPDATE images SET password = '******' WHERE id = " . $im . " AND originalip = '" . $userip . "' LIMIT 1"); if ($add_pass) { echo "<b>Password set!</b>"; } else { echo "<b>ERROR: Could not set password, please contact support.</b>"; } } else { echo "<b>Optional: Specify A Password:</b><br>Restrict access to this image by requesting a password for anyone attempting to view it.<br>"; echo "<table width='100%' cellpadding='3' cellspacing='0' style='margin-top:6px;'><form method='POST' action='set-pass.php'><tr><td width='65'>Password:</td><td><input name='password' value='' type='password' style='font-size:10px;'> <input name='submit' type='submit' value='set' style='font-size:10px;'></td></tr><input name='im' type='hidden' value='" . $im . "'></form></table>"; } ?> </body> </html>