function poll_upload()
{
global $_G;
$this->uid = intval($_G['gp_uid']);
$swfhash = md5(substr(md5($_G['config']['security']['authkey']), 8) . $this->uid);
if (!$_FILES['Filedata']['error'] && $_G['gp_hash'] == $swfhash && $this->uid) {
$this->aid = 0;
$this->simple = 0;
$this->user = getuserbyuid($this->uid);
if (empty($this->user['adminid'])) {
$this->uploadmsg(9);
}
$_G['uid'] = $this->uid;
$this->pollid = !empty($_G['gp_pollid']) ? intval($_G['gp_pollid']) : 0;
if ($this->pollid <= 0 || !intval(DB::result_first("SELECT contenttype FROM " . DB::table('poll_item') . " WHERE itemid='{$this->pollid}'"))) {
$this->uploadmsg(9);
}
$attach = upload_images($_FILES['Filedata'], 'poll', 176, 176);
$caption = dhtmlspecialchars(trim($attach['name']));
$caption = substr($caption, 0, -(strlen(fileext($caption)) + 1));
$data = array('itemid' => $this->pollid, 'caption' => $caption, 'displayorder' => 0, 'imageurl' => $attach['attachment'], 'aid' => $attach['aid']);
DB::insert('poll_choice', $data);
$this->aid = $this->pollid;
$this->uploadmsg(0);
}
}
<?php
/***************************************************************************
* copyright : (C) 2008 - 2016 WeBid
* site : http://www.webidsupport.com/
***************************************************************************/
/***************************************************************************
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. Although none of the code may be
* sold. If you have been sold this script, get a refund.
***************************************************************************/
include 'common.php';
include INCLUDE_PATH . 'functions_ajax.php';
$do = alphanumeric($_GET['do']);
switch ($do) {
case 'uploadaucimages':
upload_images();
break;
case 'getupldtable':
getupldtable();
break;
}
showsubmit('optiondetailsubmit', 'submit');
showtablefooter();
showformfooter();
$bbcode = '[poll=' . $itemid . ',' . $choiceid . ']' . $_G['siteurl'] . '[/poll]';
$jscode = '<script type="text/javascript" src="' . $_G['siteurl'] . 'api/poll.php?action=pollnum&itemid=' . $itemid . '&choiceid=' . $choiceid . '" charset="' . CHARSET . '"></script>';
showtableheader('poll_option_code', 'fixpadding');
showsetting('poll_option_bbcode', '', $bbcode, 'textarea');
showsetting('poll_option_jscode', '', $jscode, 'textarea');
showtablefooter();
} else {
if (empty($_G['gp_captionnew'])) {
cpmsg('poll_add_invalid', '', 'error');
}
if ($_FILES['urlnew']['name']) {
delete_images($optiondata['aid']);
$attach = upload_images($_FILES['urlnew'], 'poll', 176, 176);
} else {
$attach['attachment'] = $optiondata['imageurl'];
$attach['aid'] = $optiondata['aid'];
}
$optiondata = array('caption' => dhtmlspecialchars(trim($_G['gp_captionnew'])), 'pollnum' => intval($_G['gp_pollnumnew']), 'imageurl' => $attach['attachment'], 'detailurl' => dhtmlspecialchars(trim($_G['gp_detailurlnew'])), 'aid' => $attach['aid']);
DB::update('poll_choice', $optiondata, "choiceid='{$choiceid}'");
$pollnum = DB::result_first("SELECT SUM(pollnum) FROM " . DB::table('poll_choice') . " WHERE itemid = '{$itemid}'");
DB::update('poll_item', array('totalnum' => $pollnum), "itemid = '{$itemid}'");
cpmsg('poll_option_succeed', $returnurl, 'succeed');
}
} elseif ($operation == 'rlist') {
$choiceid = intval($_G['gp_choiceid']);
$adminurl = ADMINSCRIPT . '?action=poll&operation=rlist';
shownav('poll', 'nav_poll_manage', 'nav_poll_choose_rlist');
$poll_setting['title'] = $poll_setting['title'] . '(<a href="poll.php?id=' . $itemid . '" target="_blank">' . cplang('preview') . '</a>)';
$theme_options_styles = unserialize($theme_options->styles);
@removeDir("$webDir/courses/theme_data/$theme_id");
Database::get()->query("DELETE FROM theme_options WHERE id = ?d", $theme_id);
if($_GET['delThemeId'] == $active_theme) {
Database::get()->query("UPDATE config SET value = ?d WHERE `key` = ?s", 0, 'theme_options_id');
} else {
unset($_SESSION['theme_options_id']);
}
redirect_to_home_page('modules/admin/theme_options.php');
} elseif (isset($_POST['themeOptionsName'])) {
$theme_options_name = $_POST['themeOptionsName'];
$new_theme_id = Database::get()->query("INSERT INTO theme_options (name, styles) VALUES(?s, '')", $theme_options_name)->lastInsertID;
clear_default_settings();
clone_images($new_theme_id); //clone images
upload_images($new_theme_id); //upload new images
$serialized_data = serialize($_POST);
Database::get()->query("UPDATE theme_options SET styles = ?s WHERE id = ?d", $serialized_data, $new_theme_id);
$_SESSION['theme_options_id'] = $new_theme_id;
redirect_to_home_page('modules/admin/theme_options.php');
} elseif (isset($_POST['active_theme_options'])) {
if (isset($_POST['preview'])){
if ($_POST['active_theme_options'] == $active_theme) {
unset($_SESSION['theme_options_id']);
} else {
$_SESSION['theme_options_id'] = $_POST['active_theme_options'];
}
} else {
Database::get()->query("UPDATE config SET value = ?d WHERE `key` = ?s", $_POST['active_theme_options'], 'theme_options_id');
unset($_SESSION['theme_options_id']);
}
return $uploadSuccess;
}
/* Upload files here */
$validItem = true;
$upload_dir = "../img/shop/";
echo "<b>CATID</b> {$catId}<br />\n";
echo "<b>TITLE</b> {$title}<br />\n";
echo "<b>PRICE:</b> {$price}<br />\n";
echo "<b>MAX IMAGES:</b> {$numimages} <br />\n";
if (!check_images($upload_dir, $numimages)) {
$validItem = false;
}
$item = new gallery_item($catId, $title, $price, $numimages, $images, $description);
$skipImages = $mode == 'edit' ? TRUE : FALSE;
if ($item->validate($skipImages) && $validItem) {
if (!upload_images($upload_dir, $numimages)) {
"<p><b>ERROR!</b> Images did not upload! Critical server error!</p>\n";
$validItem = false;
}
} else {
$validItem = false;
}
echo "<b>DESCRIPTION:</b> {$description}<br /><br />\n";
if ($validItem) {
echo "<b>ITEM VALID!</b><br />\n";
echo "<hr>\n";
$item->display();
echo "<div class=\"footer\">\n";
echo "<hr>\n";
echo "<form enctype=\"multipart/form-data\" action=\"admin.php?p=item_add\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"8000000\" />\n";