$total_comments = intval(trim($_POST['total_comments']));
$total_favorites = intval(trim($_POST['total_favorites']));
$status = intval(trim($_POST['status']));
if (strlen($title) < 3) {
$errors[] = 'Game title field cannot be blank!';
} elseif (strlen($tags) < 3) {
$errors[] = 'Game keyword(tags) field cannot be blank!';
} elseif ($category === 0) {
$errors[] = 'Select at least one category and no more then 3!';
}
if (!$errors) {
if ($_FILES['thumb']['tmp_name'] != '' && is_uploaded_file($_FILES['thumb']['tmp_name'])) {
require $config['BASE_DIR'] . '/classes/image.class.php';
$src = $_FILES['thumb']['tmp_name'];
$dst = $config['BASE_DIR'] . '/media/games/tmb/' . $GID . '.jpg';
$image = new VImageConv();
$image->process($src, $dst, 'MAX_WIDTH', 256, 144);
$image->canvas(256, 144, '000000', true);
}
$sql = "UPDATE game SET title = '" . mysql_real_escape_string($title) . "', tags = '" . mysql_real_escape_string($tags) . "',\n category = '" . $category . "', type = '" . mysql_real_escape_string($type) . "',\n be_commented = '" . mysql_real_escape_string($be_commented) . "',\n be_rated = '" . mysql_real_escape_string($be_rated) . "', rate = '" . mysql_real_escape_string($rate) . "',\n ratedby = '" . mysql_real_escape_string($ratedby) . "', total_plays = '" . mysql_real_escape_string($total_plays) . "',\n total_comments = '" . mysql_real_escape_string($total_comments) . "', total_favorites = '" . mysql_real_escape_string($total_favorites) . "',\n status = '" . mysql_real_escape_string($status) . "' WHERE GID = '" . mysql_real_escape_string($GID) . "' LIMIT 1";
$conn->execute($sql);
$messages[] = 'Game information updated successfuly!';
}
}
$sql = "SELECT * FROM game WHERE GID = '" . $GID . "' LIMIT 1";
$rs = $conn->execute($sql);
if (mysql_affected_rows() == 1) {
$game = $rs->getrows();
} else {
$errors[] = 'Invalid Game ID. This game does not exist!';
}
$total_comments = intval(trim($_POST['total_comments']));
$total_favorites = intval(trim($_POST['total_favorites']));
$status = intval(trim($_POST['status']));
if (strlen($title) < 3) {
$errors[] = 'Game title field cannot be blank!';
} elseif (strlen($tags) < 3) {
$errors[] = 'Game keyword(tags) field cannot be blank!';
} elseif ($category === 0) {
$errors[] = 'Select at least one category and no more then 3!';
}
if (!$errors) {
if ($_FILES['thumb']['tmp_name'] != '' && is_uploaded_file($_FILES['thumb']['tmp_name'])) {
require $config['BASE_DIR'] . '/classes/image.class.php';
$src = $_FILES['thumb']['tmp_name'];
$dst = $config['BASE_DIR'] . '/media/games/tmb/' . $GID . '.jpg';
$image = new VImageConv();
$image->process($src, $dst, 'MAX_WIDTH', 160, 120);
$image->canvas(160, 120, '000000', true);
}
$sql = "UPDATE game SET title = '" . mysql_real_escape_string($title) . "', tags = '" . mysql_real_escape_string($tags) . "',\n category = '" . $category . "', type = '" . mysql_real_escape_string($type) . "',\n be_commented = '" . mysql_real_escape_string($be_commented) . "',\n be_rated = '" . mysql_real_escape_string($be_rated) . "', rate = '" . mysql_real_escape_string($rate) . "',\n ratedby = '" . mysql_real_escape_string($ratedby) . "', total_plays = '" . mysql_real_escape_string($total_plays) . "',\n total_comments = '" . mysql_real_escape_string($total_comments) . "', total_favorites = '" . mysql_real_escape_string($total_favorites) . "',\n status = '" . mysql_real_escape_string($status) . "' WHERE GID = '" . mysql_real_escape_string($GID) . "' LIMIT 1";
$conn->execute($sql);
$messages[] = 'Game information updated successfuly!';
}
}
$sql = "SELECT * FROM game WHERE GID = '" . $GID . "' LIMIT 1";
$rs = $conn->execute($sql);
if (mysql_affected_rows() == 1) {
$game = $rs->getrows();
} else {
$errors[] = 'Invalid Game ID. This game does not exist!';
}
} else {
$sql = "SELECT category_id FROM game_categories\n WHERE category_name = '" . mysql_real_escape_string($name) . "' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() > 0) {
$errors[] = 'Category name \'' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . ' is already used. Please choose another name!';
} else {
$channel['name'] = $name;
}
}
if ($_FILES['picture']['tmp_name'] == '') {
$errors[] = 'Please provide a category image!';
}
if (!$errors) {
$sql = "INSERT INTO game_categories (category_name) VALUES ('" . mysql_real_escape_string($name) . "')";
$conn->execute($sql);
$chid = $conn->Insert_ID();
require $config['BASE_DIR'] . '/classes/image.class.php';
$image = new VImageConv();
$image->process($_FILES['picture']['tmp_name'], $chimg . '/' . $chid . '.jpg', 'MAX_WIDTH', 384, 216);
$image->canvas(384, 216, '000000', true);
if ($errors) {
$sql = "DELETE FROM game_categories WHERE category_id = '" . mysql_real_escape_string($chid) . "' LIMIT 1";
$conn->execute($sql);
}
}
if (!$errors) {
$msg = 'Category Successfuly added!';
VRedirect::go('channels.php?m=listgame&msg=' . $msg);
}
}
$smarty->assign('channel', $channel);
$image->process($avatar_tmp, $dst, 'MAX_HEIGHT', 240, 200);
$image->resize(true);
if (file_exists($dst) && filesize($dst) > 100) {
$_SESSION['message'] = $lang['user.avatar_upload_msg'];
$_SESSION['uploaded'] = true;
VRedirect::go($config['BASE_URL'] . '/user/avatar');
}
}
}
}
if (isset($_POST['avatar_crop_submit'])) {
$filter = new VFilter();
$x = $filter->get('x1', 'INTEGER');
$y = $filter->get('y1', 'INTEGER');
$width = $filter->get('width', 'INTEGER');
$height = $filter->get('height', 'INTEGER');
$uid = $user['UID'];
$src = $config['BASE_DIR'] . '/media/users/orig/' . $uid . '.jpg';
$dst = $config['BASE_DIR'] . '/media/users/' . $uid . '.jpg';
$image = new VImageConv();
$image->process($src, $dst, 'EXACT', 100, 120);
$image->crop($x, $y, $width, $height, true);
if (file_exists($dst) && filesize($dst) > 100) {
$sql = "UPDATE signup SET photo = '" . intval($user['UID']) . ".jpg' WHERE UID = " . intval($uid) . " LIMIT 1";
$conn->execute($sql);
$_SESSION['message'] = $lang['user.avatar_crop_msg'];
VRedirect::go($config['BASE_URL'] . '/user/avatar');
}
}
$smarty->assign('crop', $crop);
$smarty->assign('uploaded', $uploaded);
} elseif ($imagesize['2'] == 2) {
$ext = 'jpg';
} elseif ($imagesize['2'] == 3) {
$ext = 'png';
}
if ($ext == '') {
$errors[] = 'Invalid image format uploaded. Allowed formats: jpg, gif and png!';
}
}
if (!$errors) {
$src = $_FILES['avatar']['tmp_name'];
$dst_tmp = $config['BASE_DIR'] . '/tmp/avatars/' . $UID . '.' . $ext;
if (move_uploaded_file($src, $dst_tmp)) {
require $config['BASE_DIR'] . '/classes/image.class.php';
$dst = $config['BASE_DIR'] . '/media/users/orig/' . $UID . '.jpg';
$image = new VImageConv();
$image->process($dst_tmp, $dst, 'MAX_HEIGHT', 240, 200);
$image->resize(true);
$src = $dst;
$dst = $config['BASE_DIR'] . '/media/users/' . $UID . '.jpg';
$image->process($src, $dst, 'EXACT', 100, 120);
$image->resize(true);
$photo_new = TRUE;
} else {
$errors[] = 'Failed to move uploaded file (invalid permissions?)!';
}
}
}
if (!$errors) {
$sql_add = NULL;
if ($password != '') {
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/image.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
$auth = new Auth();
$auth->check();
if (isset($_SESSION['uid']) && $uid != $_SESSION['uid']) {
session_write_close();
header('Location: ' . $config['BASE_URL'] . '/error/album_permission');
die;
}
if (isset($_POST['add_photos_submit'])) {
$photos = 0;
$filter = new VFilter();
$image = new VImageConv();
foreach ($_FILES as $key => $values) {
if ($values['tmp_name'] != '') {
if (is_uploaded_file($values['tmp_name']) && ($check = getimagesize($values['tmp_name']))) {
$ext = strtolower(substr($values['name'], strrpos($values['name'], '.') + 1));
if (!check_image($values['tmp_name'], $ext)) {
continue;
}
$photo_expl = explode('_', $key);
$photo_nr = $photo_expl['1'];
$caption = $filter->get('caption_' . $photo_nr);
$sql_add = NULL;
if ($caption != '') {
$sql_add = ", caption = '" . mysql_real_escape_string($caption) . "'";
}
$sql = "INSERT INTO photos SET AID = " . $aid . $sql_add;
} else {
$album['category'] = $category;
}
if ($_FILES['photo_1']['tmp_name'] == '') {
$errors[] = 'Please select at least one photo for your album!';
} elseif (!is_uploaded_file($_FILES['photo_1']['tmp_name'])) {
$errors[] = 'First album photo is not a valid uploaded file!';
}
if (!$errors) {
require $config['BASE_DIR'] . '/classes/image.class.php';
$album['type'] = $type == 'public' ? 'public' : 'private';
$sql = "INSERT INTO albums (UID, name, category, tags, type, addtime, adddate, status) \n VALUES (" . $uid . ", '" . mysql_real_escape_string($name) . "', " . $category . ", \n '" . mysql_real_escape_string($tags) . "', '" . $type . "', " . time() . ", '" . date('Y-m-d') . "', '1')";
$conn->execute($sql);
$album_id = mysql_insert_id();
$photos = 0;
$image = new VImageConv();
foreach ($_FILES as $key => $values) {
if ($values['tmp_name'] != '') {
if (is_uploaded_file($values['tmp_name'])) {
++$photos;
$photo_expl = explode('_', $key);
$photo_nr = $photo_expl['1'];
$caption = $filter->get('caption_' . $photo_nr);
$sql_add = NULL;
if ($caption != '') {
$sql_add = ", caption = '" . mysql_real_escape_string($caption) . "'";
}
$sql = "INSERT INTO photos SET AID = " . $album_id . $sql_add;
$conn->execute($sql);
$photo_id = mysql_insert_id();
$src = $values['tmp_name'];
<?php
defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
require $config['BASE_DIR'] . '/classes/image.class.php';
$images = 0;
if (isset($_POST['submit_add_image'])) {
$image = new VImageConv();
foreach ($_FILES as $key => $values) {
if ($values['tmp_name'] != '') {
if (is_uploaded_file($values['tmp_name'])) {
$filename = substr($values['name'], strrpos($values['name'], DIRECTORY_SEPARATOR) + 1);
$extension = strtolower(substr($values['name'], strrpos($values['name'], '.') + 1));
$extensions_allowed = explode(',', trim($config['image_allowed_extensions']));
if (in_array($extension, $extensions_allowed)) {
$sql = "INSERT INTO notice_images (addtime, extension) VALUES (" . time() . ", '" . $extension . "')";
$conn->execute($sql);
$image_id = mysql_insert_id();
$dst_orig = $config['BASE_DIR'] . '/images/notice_images/' . $image_id . '.' . $extension;
if (move_uploaded_file($values['tmp_name'], $dst_orig)) {
$src = $dst_orig;
$dst = $config['BASE_DIR'] . '/images/notice_images/thumbs/' . $image_id . '.jpg';
$image->process($src, $dst, 'MAX_WIDTH', 150, 0);
$image->resize(true, true);
++$images;
} else {
$sql = "DELETE FROM notice_images WHERE image_id = " . $image_id . " LIMIT 1";
$conn->execute($sql);
}
}
}
} else {
$sql = "SELECT category_id FROM game_categories\n WHERE category_name = '" . mysql_real_escape_string($name) . "' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() > 0) {
$errors[] = 'Category name \'' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . ' is already used. Please choose another name!';
} else {
$channel['name'] = $name;
}
}
if ($_FILES['picture']['tmp_name'] == '') {
$errors[] = 'Please provide a category image!';
}
if (!$errors) {
$sql = "INSERT INTO game_categories (category_name) VALUES ('" . mysql_real_escape_string($name) . "')";
$conn->execute($sql);
$chid = $conn->Insert_ID();
require $config['BASE_DIR'] . '/classes/image.class.php';
$image = new VImageConv();
$image->process($_FILES['picture']['tmp_name'], $chimg . '/' . $chid . '.jpg', 'MAX_WIDTH', 140, 105);
$image->canvas(140, 105, '000000', true);
if ($errors) {
$sql = "DELETE FROM game_categories WHERE category_id = '" . mysql_real_escape_string($chid) . "' LIMIT 1";
$conn->execute($sql);
}
}
if (!$errors) {
$msg = 'Category Successfuly added!';
VRedirect::go('channels.php?m=listgame&msg=' . $msg);
}
}
$smarty->assign('channel', $channel);
} elseif ($imagesize['2'] == 2) {
$ext = 'jpg';
} elseif ($imagesize['2'] == 3) {
$ext = 'png';
}
if ($ext == '') {
$errors[] = 'Invalid image format uploaded. Allowed formats: jpg, gif and png!';
}
}
if (!$errors) {
$src = $_FILES['avatar']['tmp_name'];
$dst_tmp = $config['BASE_DIR'] . '/tmp/avatars/' . $UID . '.' . $ext;
if (move_uploaded_file($src, $dst_tmp)) {
require $config['BASE_DIR'] . '/classes/image.class.php';
$dst_orig = $config['BASE_DIR'] . '/media/users/orig/' . $UID . '.jpg';
$image = new VImageConv();
$image->process($dst_tmp, $dst_orig, 'MAX_WIDTH', 500, 0);
$image->resize(true, true);
list($width, $height) = getimagesize($dst_orig);
$crop_w = min($width, $height);
$crop_h = $crop_w;
if ($width > $height) {
$crop_x = floor(($width - $crop_w) / 2);
$crop_y = 0;
} else {
$crop_x = 0;
$crop_y = floor(($height - $crop_h) / 2);
}
$dst = $config['BASE_DIR'] . '/media/users/' . $UID . '.jpg';
$image->process($dst_orig, $dst, 'EXACT', $crop_w, $crop_h);
$image->crop($crop_x, $crop_y, $crop_w, $crop_h, true);
if ($size < 2 * 1024 * 1024) {
$thumb = TRUE;
}
}
}
}
}
if (!$thumb) {
$errors[] = 'Please upload at least one video thumb!';
}
if (!$errors) {
$sql = "INSERT INTO video\n\t\t SET UID = " . $uid . ",\n\t\t\t\t\t\t title = '" . mysql_real_escape_string($title) . "',\n\t\t\t\t\t\t\tkeyword = '" . mysql_real_escape_string($tags) . "',\n\t\t\t\t\t\t\tchannel = '" . $category . "',\n\t\t\t\t\t\t\ttype = '" . $video['type'] . "',\n\t\t\t\t\t\t\tembed_code = '" . mysql_real_escape_string($embed_code) . "',\n\t\t\t\t\t\t\tduration = " . duration_to_seconds($duration) . ",\n\t\t\t\t\t\t\tvkey = '" . mt_rand() . "',\n\t\t\t\t\t\t\taddtime = " . time() . ",\n\t\t\t\t\t\t\tadddate = '" . date('Y-m-d') . "',\n\t\t\t\t\t\t\tactive = '0'";
$conn->execute($sql);
$vid = mysql_insert_id();
require $config['BASE_DIR'] . '/classes/image.class.php';
$image = new VImageConv();
$tmb_dir = $config['BASE_DIR'] . '/media/videos/tmb/' . $vid;
$tmp_dir = $config['BASE_DIR'] . '/tmp/thumbs/' . $vid;
@mkdir($tmb_dir);
@mkdir($tmp_dir);
$width = (int) $config['img_max_width'];
$height = (int) $config['img_max_height'];
$i = 1;
foreach ($_FILES as $file) {
$tmb = $i . '.jpg';
if (move_uploaded_file($file['tmp_name'], $tmp_dir . '/' . $tmb)) {
$src = $tmp_dir . '/' . $tmb;
$dst = $tmb_dir . '/' . $tmb;
$dst_tmp = $tmp_dir . '/' . $tmb . '.tmp.jpg';
$image->process($src, $dst_tmp, 'MAX_WIDTH', $width, 0);
$image->resize(true, true);
if (!in_array($extension, $extensions_allowed)) {
$errors[] = translate('upload.album_ext_invalid', $config['image_allowed_extensions']);
}
}
$album['type'] = $type == 'private' ? 'private' : 'public';
$album['anonymous'] = $anonymous == 'yes' ? 'yes' : 'no';
$uid = $anonymous == 'yes' ? getAnonymousUID() : intval($_SESSION['uid']);
if (!$errors) {
require $config['BASE_DIR'] . '/classes/image.class.php';
$type = $type == 'public' ? 'public' : 'private';
$status = $config['approve_photos'] == '1' ? 0 : 1;
$sql = "INSERT INTO albums (UID, name, category, tags, type, addtime, adddate, status)\n VALUES (" . $uid . ", '" . mysql_real_escape_string($name) . "', " . $category . ",\n '" . mysql_real_escape_string($tags) . "', '" . $type . "', " . time() . ", '" . date('Y-m-d') . "', '" . $status . "')";
$conn->execute($sql);
$album_id = mysql_insert_id();
$photos = 0;
$image = new VImageConv();
foreach ($_FILES as $key => $values) {
if ($values['tmp_name'] != '') {
if (is_uploaded_file($values['tmp_name']) && getimagesize($values['tmp_name'])) {
$ext = strtolower(substr($values['name'], strrpos($values['name'], '.') + 1));
if (!check_image($values['tmp_name'], $ext)) {
continue;
}
++$photos;
$photo_expl = explode('_', $key);
$photo_nr = $photo_expl['1'];
$caption = $filter->get('caption_' . $photo_nr);
$sql_add = NULL;
if ($caption != '') {
$sql_add = ", caption = '" . mysql_real_escape_string($caption) . "'";
}
