$extension = pathinfo($_FILES['Filedata']['name']);
$extension = strtolower($extension[extension]);
$valid_ext_types = array('jpeg', 'jpg', 'gif', 'png');
if (!in_array($extension, $valid_ext_types)) {
    $error .= "File type does not appear to be a supported image (" . $extension . "). Please try another format.<br>";
}
if (strlen($error) == 0) {
    $uploaddir = 'storage/originals/';
    $newfilename = randomfilename() . "." . $extension;
    $uploadfile = $uploaddir . $newfilename;
    if (!move_uploaded_file($_FILES['Filedata']['tmp_name'], $uploadfile)) {
        $error .= "Could not move file into storage, please try again later.";
        log_data("ERROR: " . $error);
    } else {
        // add to db
        $userip = $_SERVER['REMOTE_ADDR'];
        list($originalwidth, $originalheight, $type, $attr) = getimagesize($uploadfile);
        $tracker = randomfilename();
        $insert_image = "INSERT INTO images (dateadded, mimetype, originalfilename, filename, filesize, description, originalip, originalwidth, originalheight, lastaccessed, tracker, mutracker) VALUES (NOW(), '" . preparedata($contenttype) . "', '" . preparedata($filename) . "', '" . preparedata($newfilename) . "', '" . preparedata($filesize) . "', '', '" . preparedata($userip) . "', '" . $originalwidth . "', '" . $originalheight . "', NOW(), '" . preparedata($tracker) . "', '" . preparedata($mutracker) . "')";
        $do_insert_image = @mysql_query($insert_image);
        $item_id = mysql_insert_id();
        if ($do_insert_image) {
            log_data("SUCCESS: Image successfully uploaded. Ref: " . $item_id);
        } else {
            log_data("ERROR: SQL INSERT FAILED - " . $insert_image);
        }
    }
} else {
    log_data("ERROR: " . $error);
}
log_data("Finished import process for " . $_FILES['Filedata']['name'] . "\n\r");
Example #2
0
        $pref .= "0";
    }
    return $pref . $num;
}
if (isset($_POST['syncmode'])) {
    $logFile = "maninfo_" . date('Y_m_d_H_i') . ".log";
} else {
    $logFile = "fininfo_" . date('Y_m_d_H_i') . ".log";
}
$lg = fopen($logFile, 'w') or die("Can't open log file");
//gather POST variables, sanitize and populate into assoc array
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $formData = array();
    //get POST params
    foreach ($_POST as $field => $value) {
        $formData[$field] = preparedata($value);
    }
} else {
    exit;
}
//load API and MAIL settings into an asso array from evl_miscsettings table
//get mysql connection
$dbhandle = mysql_connect($MYSQL_SERVER, $MYSQL_USER, $MYSQL_PASS) or die("Couldn't connect to MySQL Server");
//select a database to work with
$selected = mysql_select_db($MYSQL_DB, $dbhandle) or die("Couldn't open database {$MYSQL_DB}");
$sqlmisc = "SELECT `key`, `value` from evl_miscsettings";
$resultmisc = mysql_query($sqlmisc);
$miscsettings = array();
while ($rowmisc = mysql_fetch_assoc($resultmisc)) {
    $miscsettings[$rowmisc['key']] = $rowmisc['value'];
}
Example #3
0
     $fieldsudt['u_country'] = preparedata($rowstageudt['u_country']);
 }
 if (strlen($rowstageudt['u_phone']) > 0) {
     $fieldsudt['u_phone'] = preparedata($rowstageudt['u_phone']);
 }
 if (strlen($rowstageudt['u_email']) > 0) {
     $fieldsudt['u_email'] = preparedata($rowstageudt['u_email']);
 }
 if (strlen($rowstageudt['u_company']) > 0) {
     $fieldsudt['u_company'] = preparedata($rowstageudt['u_company']);
 }
 if (strlen($rowstageudt['conname']) > 0) {
     $fieldsudt['u_notes_1'] = preparedata($rowstageudt['conname']);
 }
 if (strlen($rowstageudt['conemail']) > 0) {
     $fieldsudt['u_notes_2'] = preparedata($rowstageudt['conemail']);
 }
 $fieldsudt_string = "";
 //url-ify the data for the POST
 foreach ($fieldsudt as $key => $value) {
     $fieldsudt_string .= $key . '=' . $value . '&';
 }
 $fieldsudt_string = rtrim($fieldsudt_string, "&");
 fwrite($lg, "INFO: POST URL" . $APIURL . "/?" . $fieldsudt_string . "\n");
 curl_setopt_array($chudt, array(CURLOPT_HTTPHEADER => array("Content-Type: text/xml"), CURLOPT_HEADER => 0, CURLOPT_TIMEOUT => 30, CURLOPT_FOLLOWLOCATION => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_URL => $APIURL . "/?" . $fieldsudt_string));
 //execute post
 $respudt = curl_exec($chudt);
 $xmludt = simplexml_load_string($respudt);
 $successudt = 0;
 $icidudt = 0;
 $messageudt = '';
include_once "config.php";
include_once "function-library.php";
?>
<html>
<head>
<title></title>
    <link rel="stylesheet" href="<?php 
echo "http://" . $site_url . "/";
?>
styles.css" type="text/css">
</head>

<body style="margin-top:5px;margin-bottom:0px;margin-right:0px;margin-left:0px;background-color:transparent;">
<?php 
if (strlen($password) > 4) {
    $userip = GetHostByName($REMOTE_ADDR);
    $add_pass = mysql_query("UPDATE images SET password = '******' WHERE id = " . $im . " AND originalip = '" . $userip . "' LIMIT 1");
    if ($add_pass) {
        echo "<b>Password set!</b>";
    } else {
        echo "<b>ERROR: Could not set password, please contact support.</b>";
    }
} else {
    echo "<b>Optional: Specify A Password:</b><br>Restrict access to this image by requesting a password for anyone attempting to view it.<br>";
    echo "<table width='100%' cellpadding='3' cellspacing='0' style='margin-top:6px;'><form method='POST' action='set-pass.php'><tr><td width='65'>Password:</td><td><input name='password' value='' type='password' style='font-size:10px;'>&nbsp;&nbsp;<input name='submit' type='submit' value='set' style='font-size:10px;'></td></tr><input name='im' type='hidden' value='" . $im . "'></form></table>";
}
?>

</body>
</html>