function uploadMedia() { global $dir; $sMediaDir = $this->getProfileMediaDir(); if (!$sMediaDir) { return false; } $sFileName = time(); $ext = moveUploadedImage($_FILES, 'photo', $sMediaDir . $sFileName, $this->aMediaConfig['max']['photoFile'], false); if (0 == $_FILES[$this->sMediaType]['error']) { if (getParam('enable_watermark') == 'on') { $iTransparent = getParam('transparent1'); $sWaterMark = $dir['profileImage'] . getParam('Water_Mark'); if (strlen(getParam('Water_Mark')) && file_exists($sWaterMark)) { $sFile = $sMediaDir . $sFileName . $ext; applyWatermark($sFile, $sFile, $sWaterMark, $iTransparent); } } if (strlen($ext) && !(int) $ext) { imageResize($sMediaDir . $sFileName . $ext, $sMediaDir . 'icon_' . $sFileName . $ext, $this->aMediaConfig['size']['iconWidth'], $this->aMediaConfig['size']['iconHeight'], true); imageResize($sMediaDir . $sFileName . $ext, $sMediaDir . 'thumb_' . $sFileName . $ext, $this->aMediaConfig['size']['thumbWidth'], $this->aMediaConfig['size']['thumbHeight'], true); imageResize($sMediaDir . $sFileName . $ext, $sMediaDir . 'photo_' . $sFileName . $ext, $this->aMediaConfig['size']['photoWidth'], $this->aMediaConfig['size']['photoHeight'], true); $this->insertMediaToDb($sFileName . $ext); if (0 == $this->iMediaCount || $this->aMedia['0']['PrimPhoto'] == 0) { $iLastID = mysql_insert_id(); $this->oMediaQuery->setPrimaryPhoto($this->iProfileID, $iLastID); } @unlink($sMediaDir . $sFileName . $ext); } } }
/** * function for New/Edit event * @return Text Result */ function SDAddEvent($iEventID = -1) { //for update event //print $iEventID; global $dir; global $logged; global $site; if (!$logged['member'] && !$logged['admin']) { member_auth(0); } // collect information about current member $aMember['ID'] = (int) $_COOKIE['memberID']; $aMemberData = getProfileInfo($aMember['ID']); // common $sEventTitle = process_db_input($_POST['event_title']); $sEventDesc = $this->process_html_db_input($_POST['event_desc']); $sEventStatusMessage = process_db_input($_POST['event_statusmsg']); // event place $sEventCountry = process_db_input($_POST['event_country']); $sEventCity = process_db_input($_POST['event_city']); $EventPlace = process_db_input($_POST['event_place']); $sTags = process_db_input($_POST['event_tags']); $aTags = explodeTags($sTags); $sTags = implode(",", $aTags); $sPictureName = $sBaseName; $aScan = getimagesize($_FILES['event_photo']['tmp_name']); if (in_array($aScan[2], array(1, 2, 3, 6)) && 0 < strlen($_FILES['event_photo']['name'])) { $sCurrentTime = time(); if ($iEventID == -1) { $sBaseName = 'g_' . $sCurrentTime . '_1'; } else { $sBaseName = db_value("SELECT `PhotoFilename` FROM `SDatingEvents` WHERE `ID`={$iEventID} LIMIT 1"); if ($sBaseName != "") { if (ereg("([a-z0-9_]+)\\.", $sBaseName, $aRegs)) { $sBaseName = $aRegs[1]; } } else { $sBaseName = $sBaseName != "" ? $sBaseName : 'g_' . $sCurrentTime . '_1'; } } $sExt = moveUploadedImage($_FILES, 'event_photo', $dir['tmp'] . $sBaseName, '', false); $sBaseName .= $sExt; $sPictureName = $sBaseName; $sThumbName = 'thumb_' . $sBaseName; $sIconName = 'icon_' . $sBaseName; // resize for thumbnail $vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sThumbName, $this->iThumbSize, $this->iThumbSize); if ($vRes != IMAGE_ERROR_SUCCESS) { return SDATING_ERROR_PHOTO_PROCESS; } $vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sPictureName, $this->iImgSize, $this->iImgSize); if ($vRes != IMAGE_ERROR_SUCCESS) { return SDATING_ERROR_PHOTO_PROCESS; } $vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sIconName, $this->iIconSize, $this->iIconSize); if ($vRes != IMAGE_ERROR_SUCCESS) { return SDATING_ERROR_PHOTO_PROCESS; } unlink($dir['tmp'] . $sBaseName); chmod($dir['sdatingImage'] . $sPictureName, 0644); chmod($dir['sdatingImage'] . $sThumbName, 0644); chmod($dir['sdatingImage'] . $sIconName, 0644); $sEventPhotoFilename = process_db_input($sPictureName); } else { $sEventPhotoFilename = ''; } $sPictureSQL = ''; if ($iEventID > 0 && $sEventPhotoFilename != '') { $sPictureSQL = "`PhotoFilename` = '{$sEventPhotoFilename}',"; } // event date $sEventStart = strtotime($_REQUEST['event_start']); if ($sEventStart == -1) { return SDATING_ERROR_WRONG_DATE_FORMAT; } if ($this->bAdminMode) { $sEventEnd = strtotime($_POST['event_end']); //if ( $sEventEnd == -1 ) // return SDATING_ERROR_WRONG_DATE_FORMAT; $sEventSaleStart = strtotime($_POST['event_sale_start']); //if ( $sEventSaleStart == -1 ) // return SDATING_ERROR_WRONG_DATE_FORMAT; $sEventSaleEnd = strtotime($_POST['event_sale_end']); //if ( $sEventSaleEnd == -1 ) // return SDATING_ERROR_WRONG_DATE_FORMAT; //if ( $sEventEnd < $sEventStart || $sEventSaleEnd < $sEventSaleStart || $sEventStart < $sEventSaleStart ) // return SDATING_ERROR_WRONG_DATE_FORMAT; $sEventEndVal = "FROM_UNIXTIME( {$sEventEnd} )"; $sEventSaleStartVal = "FROM_UNIXTIME( {$sEventSaleStart} )"; $sEventSaleEndVal = "FROM_UNIXTIME( {$sEventSaleEnd} )"; } else { $sEventEndVal = 'NOW()'; $sEventSaleStartVal = 'NOW()'; $sEventSaleEndVal = 'NOW()'; } // event responsible $sEventRespId = $this->bAdminMode ? 0 : process_db_input($aMemberData['ID'], 0, 1); $sEventRespName = $this->bAdminMode ? _t('Admin') : process_db_input($aMemberData['NickName'], 0, 1); $sEventRespEmail = $this->bAdminMode ? $site['email'] : process_db_input($aMemberData['Email'], 0, 1); $sEventRespPhone = $this->bAdminMode ? '666' : process_db_input($aMemberData['Phone'], 0, 1); $iEventAgeLowerFilter = (int) getParam('search_start_age'); $iEventAgeUpperFilter = (int) getParam('search_end_age'); $sEventMembershipFilter = "\\'all\\'"; $iEventCountF = (int) $_POST['event_count_female']; $iEventCountM = (int) $_POST['event_count_male']; $dEventPriceF = '0.00'; $dEventPriceM = '0.00'; $dEventPriceC = '0.00'; // choose options $iEventChoosePeriod = 5; // allow to view participants $iEventAllowView = '1'; if ($iEventID == -1) { $sNewUri = uriGenerate($sEventTitle, 'SDatingEvents', 'EntryUri', 100); //Commented elements /*`EventEnd` = FROM_UNIXTIME( {$sEventEnd} ),*/ /*`TicketSaleStart` = FROM_UNIXTIME( {$sEventSaleStart} ),*/ /*`TicketSaleEnd` = FROM_UNIXTIME( {$sEventSaleEnd} ),*/ $vRes = db_res("INSERT INTO `SDatingEvents` SET\r\n\t\t\t\t\t\t`Title` = '{$sEventTitle}',\r\n\t\t\t\t\t\t`EntryUri` = '{$sNewUri}',\r\n\t\t\t\t\t\t`Description` = '{$sEventDesc}',\r\n\t\t\t\t\t\t`Status` = 'Active',\r\n\t\t\t\t\t\t`StatusMessage` = '{$sEventStatusMessage}',\r\n\t\t\t\t\t\t`Country` = '{$sEventCountry}',\r\n\t\t\t\t\t\t`City` = '{$sEventCity}',\r\n\t\t\t\t\t\t`Place` = '{$EventPlace}',\r\n\t\t\t\t\t\t`PhotoFilename` = '{$sEventPhotoFilename}',\r\n\t\t\t\t\t\t`EventStart` = FROM_UNIXTIME( {$sEventStart} ),\r\n\t\t\t\t\t\t`EventEnd` = {$sEventEndVal},\r\n\t\t\t\t\t\t`TicketSaleStart` = {$sEventSaleStartVal},\r\n\t\t\t\t\t\t`TicketSaleEnd` = {$sEventSaleEndVal},\r\n\t\t\t\t\t\t`ResponsibleID` = '{$sEventRespId}',\r\n\t\t\t\t\t\t`ResponsibleName` = '{$sEventRespName}',\r\n\t\t\t\t\t\t`ResponsibleEmail` = '{$sEventRespEmail}',\r\n\t\t\t\t\t\t`ResponsiblePhone` = '{$sEventRespPhone}',\r\n\t\t\t\t\t\t`EventSexFilter` = 'female,male',\r\n\t\t\t\t\t\t`EventAgeLowerFilter` = {$iEventAgeLowerFilter},\r\n\t\t\t\t\t\t`EventAgeUpperFilter` = {$iEventAgeUpperFilter},\r\n\t\t\t\t\t\t`EventMembershipFilter` = '{$sEventMembershipFilter}',\r\n\t\t\t\t\t\t`TicketCountFemale` = {$iEventCountF},\r\n\t\t\t\t\t\t`TicketCountMale` = {$iEventCountM},\r\n\t\t\t\t\t\t`TicketPriceFemale` = {$dEventPriceF},\r\n\t\t\t\t\t\t`TicketPriceMale` = {$dEventPriceM},\r\n\t\t\t\t\t\t`ChoosePeriod` = {$iEventChoosePeriod},\r\n\t\t\t\t\t\t`AllowViewParticipants` = {$iEventAllowView},\r\n\t\t\t\t\t\t`Tags` = '{$sTags}'\r\n\t\t\t\t\t\t"); $iLastID = mysql_insert_id(); if ($iLastID > 0) { $this->iLastInsertedID = $iLastID; reparseObjTags('event', $iLastID); } } else { //$sNewUri = uriGenerate($sEventTitle, 'SDatingEvents', 'EntryUri', 100); //Commented elements /*`EventEnd` = FROM_UNIXTIME( {$sEventEnd} ),*/ /*`TicketSaleStart` = FROM_UNIXTIME( {$sEventSaleStart} ),*/ /*`TicketSaleEnd` = FROM_UNIXTIME( {$sEventSaleEnd} ),*/ $vRes = db_res("UPDATE `SDatingEvents` SET\r\n\t\t\t\t\t\t`Title` = '{$sEventTitle}',\r\n\t\t\t\t\t\t`Description` = '{$sEventDesc}',\r\n\t\t\t\t\t\t`Status` = 'Active',\r\n\t\t\t\t\t\t`StatusMessage` = '{$sEventStatusMessage}',\r\n\t\t\t\t\t\t`Country` = '{$sEventCountry}',\r\n\t\t\t\t\t\t`City` = '{$sEventCity}',\r\n\t\t\t\t\t\t`Place` = '{$EventPlace}',\r\n\t\t\t\t\t\t{$sPictureSQL}\r\n\t\t\t\t\t\t`EventStart` = FROM_UNIXTIME( {$sEventStart} ),\r\n\t\t\t\t\t\t`EventEnd` = {$sEventEndVal},\r\n\t\t\t\t\t\t`TicketSaleStart` = {$sEventSaleStartVal},\r\n\t\t\t\t\t\t`TicketSaleEnd` = {$sEventSaleEndVal},\r\n\t\t\t\t\t\t`ResponsibleID` = '{$sEventRespId}',\r\n\t\t\t\t\t\t`ResponsibleName` = '{$sEventRespName}',\r\n\t\t\t\t\t\t`ResponsibleEmail` = '{$sEventRespEmail}',\r\n\t\t\t\t\t\t`ResponsiblePhone` = '{$sEventRespPhone}',\r\n\t\t\t\t\t\t`EventSexFilter` = 'female,male',\r\n\t\t\t\t\t\t`EventAgeLowerFilter` = {$iEventAgeLowerFilter},\r\n\t\t\t\t\t\t`EventAgeUpperFilter` = {$iEventAgeUpperFilter},\r\n\t\t\t\t\t\t`EventMembershipFilter` = '{$sEventMembershipFilter}',\r\n\t\t\t\t\t\t`TicketCountFemale` = {$iEventCountF},\r\n\t\t\t\t\t\t`TicketCountMale` = {$iEventCountM},\r\n\t\t\t\t\t\t`TicketPriceFemale` = {$dEventPriceF},\r\n\t\t\t\t\t\t`TicketPriceMale` = {$dEventPriceM},\r\n\t\t\t\t\t\t`ChoosePeriod` = {$iEventChoosePeriod},\r\n\t\t\t\t\t\t`AllowViewParticipants` = {$iEventAllowView},\r\n\t\t\t\t\t\t`Tags` = '{$sTags}'\r\n\t\t\t\t\t\tWHERE `ID` = {$iEventID}\r\n\t\t\t\t\t\t"); reparseObjTags('event', $iEventID); } return SDATING_ERROR_SUCCESS; }
/** * Update (Adding or Editing) a Category * * @param $bEditMode - Update (Editing) mode * @return MsgBox result */ function ActionUpdateCategory($bEditMode = FALSE) { global $aBlogConfig; global $dir; $this->CheckLogged(); $ownerID = (int) process_db_input($_REQUEST['ownerID']); $iCategoryID = process_db_input((int) $_POST['categoryID']); $sCheckPostSQL = "SELECT `BlogCategories`.`OwnerID`\n\t\t\t\t\t\t\tFROM `BlogCategories`\n\t\t\t\t\t\t\tWHERE `BlogCategories`.`CategoryID`={$iCategoryID}\n\t\t\t\t\t\t"; $aCategoryOwner = db_arr($sCheckPostSQL); $iCategoryOwnerID = $aCategoryOwner['OwnerID']; if (($this->aBlogConf['visitorID'] == $iCategoryOwnerID || $this->bAdminMode == TRUE) && $iCategoryID > 0 && $bEditMode == TRUE || $bEditMode == FALSE && $iCategoryID == 0 && $ownerID == $this->aBlogConf['visitorID']) { $ret = ''; $categoryCaption = process_db_input($_POST['categoryCaption']); $categoryPhoto = process_db_input($_POST['categoryPhoto']); if ($bEditMode == TRUE) { $addQuery = "\n\t\t\t\t\tUPDATE `BlogCategories`\n\t\t\t\t\tSET\n\t\t\t\t\t`CategoryName` = '{$categoryCaption}',\n\t\t\t\t\t`Date` = NOW( ) WHERE `CategoryID` = '{$iCategoryID}'\n\t\t\t\t\tLIMIT 1\n\t\t\t\t"; } else { $sCategoryUri = uriGenerate($categoryCaption, 'BlogCategories', 'CategoryUri', 150); $addQuery = "\n\t\t\t\t\tINSERT INTO `BlogCategories`\n\t\t\t\t\tSET\n\t\t\t\t\t`OwnerID` = '{$ownerID}',\n\t\t\t\t\t`CategoryName` = '{$categoryCaption}',\n\t\t\t\t\t`CategoryUri` = '{$sCategoryUri}',\n\t\t\t\t\t`CategoryPhoto` = '{$categoryPhoto}',\n\t\t\t\t\t`Date` = NOW()\n\t\t\t\t"; } if ($bEditMode == true) { $aCatInfo = db_arr("SELECT `CategoryPhoto`, `CategoryID` FROM `BlogCategories` WHERE `CategoryID`= {$iCategoryID}"); $sFileName = $aCatInfo['CategoryPhoto']; if ($sFileName == '') { $sFileName = 'category_' . $aCatInfo['CategoryID']; } } db_res($addQuery); $iID = $bEditMode == true ? $iCategoryID : mysql_insert_id(); if (mysql_affected_rows() == 1 || $_FILES['CategPic']['size'] > 0) { if (0 < $_FILES['CategPic']['size'] && 0 < strlen($_FILES['CategPic']['name'])) { if ($bEditMode == false) { $iCategoryID = mysql_insert_id(); $sFileName = 'category_' . $iID; } //$sFileName = 'category_' . $iLastId; $sExt = moveUploadedImage($_FILES, 'CategPic', $dir['blogImage'] . $sFileName, '', false); if (strlen($sExt) && !(int) $sExt) { imageResize($dir['blogImage'] . $sFileName . $sExt, $dir['blogImage'] . 'small_' . $sFileName . $sExt, 25, 25, false); imageResize($dir['blogImage'] . $sFileName . $sExt, $dir['blogImage'] . 'big_' . $sFileName . $sExt, 150, 150, false); chmod($dir['blogImage'] . 'small_' . $sFileName . $sExt, 0644); chmod($dir['blogImage'] . 'big_' . $sFileName . $sExt, 0644); $query = "UPDATE `BlogCategories` SET `CategoryPhoto` = '" . $sFileName . $sExt . "' WHERE `categoryID` = '{$iID}'"; db_res($query); @unlink($dir['blogImage'] . $sFileName . $sExt); } } $ret .= $bEditMode == true ? _t('_changes_successfully_applied') : _t('_category_successfully_added'); } else { $ret .= _t('_failed_to_add_category'); } return MsgBox($ret); } elseif ($this->aBlogConf['visitorID'] != $iCategoryOwnerID) { return MsgBox(_t('_Hacker String')); } else { return MsgBox(_t('_Error Occured')); } }
} $query = "DELETE FROM `ProfilesSettings` WHERE `IDMember`='{$ID}' LIMIT 1"; db_res($query); } else { if ($_POST['save']) { $query = "SELECT * FROM `ProfilesSettings` WHERE `IDMember` = '{$ID}';"; $custom_arr = db_arr($query); $record_created = $custom_arr['IDMember'] ? 'ok' : ''; // bg image ---------------------------------------------------------------------------- if ($_FILES['bgimg']['name'] && !$_POST['bgdel']) { if (strlen($custom_arr['BackgroundFilename']) && file_exists($dir['profileBackground'] . $custom_arr['BackgroundFilename']) && is_file($dir['profileBackground'] . $custom_arr['BackgroundFilename'])) { @unlink($dir['profileBackground'] . $custom_arr['BackgroundFilename']); } srand(time()); $pic_name = $ID . '_bg_' . rand(100, 999); if (!is_int($ext = moveUploadedImage($_FILES, 'bgimg', $dir['profileBackground'] . $pic_name, '', false))) { if (!$record_created) { $query = "INSERT INTO ProfilesSettings (`IDMember`, `BackgroundFilename` ) VALUES ( '{$ID}', '{$pic_name}{$ext}' )"; $record_created = 'ok'; } else { $query = "UPDATE ProfilesSettings SET `BackgroundFilename` = '{$pic_name}{$ext}', `Status` = 'Approval' WHERE `IDMember` = '{$ID}'"; } $res = db_res($query); } } else { if ($_POST['bgdel']) { if ($custom_arr['BackgroundFilename']) { if (file_exists($dir['profileBackground'] . $custom_arr['BackgroundFilename'])) { unlink($dir['profileBackground'] . $custom_arr['BackgroundFilename']); } $query = "UPDATE ProfilesSettings SET `BackgroundFilename` = '' WHERE `IDMember` = '{$ID}'";