fwrite($handle, $str);
//把刚才替换的内容写进生成的HTML文件
fclose($handle);
}
if (@$_GET['delete'] != '') {
$query = "SELECT * FROM post WHERE uid = '{$_GET['delete']}'";
$query_result = mysql_query($query);
$row = mysql_fetch_array($query_result);
$query = "SELECT * FROM user WHERE name = '{$row['user']}'";
$query_result = mysql_query($query);
$psw_row = mysql_fetch_array($query_result);
$path = "{$_COOKIE['name']}/{$row['path']}.html";
unlink($path);
if ($row['user'] == @$_COOKIE['name'] && $psw_row['password'] == @$_COOKIE['password']) {
$query = "DELETE FROM post WHERE uid = '{$row['uid']}'";
mysql_query($query);
$query = "SELECT * FROM post WHERE user = '******'name']}' ORDER BY `id` DESC";
$query_results = mysql_query($query);
$lists = '';
while ($row = mysql_fetch_array($query_results)) {
$time = substr($row['time'], 0, 10);
$lists .= "<li><span style='color:gray'>{$time}</span> » <a href='{$row['path']}.html'>{$row['title']}</a></li>";
}
$path = "{$_COOKIE['name']}/index.html";
makehtml($file = 'achieve.html', $title = '', $body = '', $path = $path, $user = $_COOKIE['name'], $time = '', $list = $lists);
echo "<head><script>window.location = '{$_SERVER['HTTP_REFERER']}'</script></head>";
echo "已经删除了~马上返回!";
} else {
echo "bad request!";
}
}
/**
* takes html, javascript, css and makes files - the folder structure will be :
* --> md5(timestamp)/index.html
* --> md5(timestamp)/js/local.js
* --> md5(timestamp)/css/local.css
*
* @param array $options - to scale for the future needs this is made an array - individual items are explained below
* @param sting $options['filepath'] path to where individual files are to be stored
* @param sting $options['html'] this is the content that is inside <body></body> tag
* @param sting $options['css'] css content
* @param sting $options['javascript'] javascript content
* @return all integrated html content
*/
function makefiles($options) {
mkdir($options['filepath'],0777, true);
if(!empty($options['javascript'])) {
if(mkdir($options['filepath'].'/js/',0777, true)) {
if(!file_put_contents($options['filepath'].'/js/local.js', $options['javascript'])) {
return false;
}
}
else {
return false;
}
}
if(!empty($options['css'])) {
if(mkdir($options['filepath'].'/css/',0777, true)) {
if(!file_put_contents($options['filepath'].'/css/local.css', $options['css'])) {
return false;
}
}
else {
return false;
}
}
if(!file_put_contents($options['filepath'].'/index_part.html',$options['html'])) {
return false;
}
if(!file_put_contents($options['filepath'].'/README.txt',$options['text'])) {
return false;
}
$html = makehtml(array('html'=>$options['html'], 'javascript'=>$options['filepath'].'/js/local.js', 'css'=>$options['filepath'].'/css/site.css', 'arefiles'=>true));
if(!file_put_contents($options['filepath'].'/index.html',$html)) {
return false;
}
return true;
}
//build the date string
if (!isset($_POST['now'])) {
$posted = $_POST['post1'] . "-" . $_POST['post2'] . "-" . $_POST['post3'] . " " . $_POST['post4'] . ":" . $_POST['post5'] . ":00";
} else {
$posted = date("Y-m-d H:i:s");
}
//make a valid temp-title and put textile onto the posted bodytext
$temptitle = htmlentities($_POST['title'], ENT_QUOTES, "UTF-8");
$tempmess = htmlentities($_POST['message'], ENT_QUOTES, "UTF-8");
//extract duration- and size integer from input
$pieces = explode(" ", $_POST['audio_length']);
$lengthint = round($pieces[0], 1);
$pieces2 = explode(" ", $_POST['audio_size']);
$sizeint = round($pieces2[0], 1) * 1024 * 1024;
//use preferred html-helper tool
$temphtml = makehtml($_POST['message']);
//get the data for comment-options
if ($_POST['comment_on'] == "on") {
$comments = "1";
} else {
$comments = "0";
}
//write things from post-data into database
$dosql = "UPDATE " . $GLOBALS['prefix'] . "lb_postings SET\n \n title = '" . $temptitle . "',\n message_input = '" . $tempmess . "',\n message_html = '" . $temphtml . "',\n posted = '" . $posted . "',\n comment_on = '" . $comments . "',\n audio_length = '" . $lengthint . "', \n audio_size = '" . $sizeint . "', \n comment_size = '" . $_POST['comment_size'] . "',\n category1_id = '" . $_POST['cat1'] . "',\n category2_id = '" . $_POST['cat2'] . "',\n category3_id = '" . $_POST['cat3'] . "',\n category4_id = '" . $_POST['cat4'] . "',\n audio_type = '" . $_POST['audio_type'] . "',\n status = '" . $_POST['status'] . "'\n \n WHERE id = '" . $edit_id . "';";
$result = mysql_query($dosql) or die(mysql_error());
//deleting links from database
$dosql = "DELETE FROM " . $GLOBALS['prefix'] . "lb_links \n WHERE posting_id=" . $edit_id . ";";
$result = mysql_query($dosql) or die(mysql_error());
//put posted links into database
for ($i = 0; $i < $settings['showlinks']; $i++) {
$temptit = "linktit" . $i;
function loop_comments($content)
{
//show a loop of all comments of a certain posting
global $currentid;
global $currentcomment;
global $comments;
global $tempfilename;
global $allcomm;
$att = getattributes($content);
if (isset($att['global'])) {
$allcomm = $att['global'];
} else {
$allcomm = "false";
}
if (isset($att['number'])) {
$number = $att['number'];
} else {
$number = 5;
}
$content = trim(stripcontainer($content));
$return = "";
//do we get the comments of the current posting?
if ($allcomm == "false") {
//getting some data from comments-table
$dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_comments \n WHERE posting_id='" . $currentid . "' ORDER BY posted ASC;";
$result = mysql_query($dosql) or die(mysql_error());
$i = 0;
$comments = "";
while ($temp = mysql_fetch_assoc($result)) {
$i += 1;
$comments[$i] = $temp;
}
//only here for previewing?
if (isset($_POST['commentpreview'])) {
if ($tempfilename != "") {
$id3 = getid3data($GLOBALS['audiopath'] . $tempfilename, "front");
$tempfilesize = $id3['size'];
$tempfilelength = getseconds($id3['duration']);
} else {
$tempfilesize = "0";
$tempfilelength = "0";
}
$i += 1;
$comments[$i]['id'] = 0;
$comments[$i]['posting_id'] = $currentid;
$comments[$i]['posted'] = date('Y-m-d H:i:s');
if ($_POST['commentname'] == "") {
$comments[$i]['name'] = "Anonymus";
} else {
$comments[$i]['name'] = htmlentities($_POST['commentname'], ENT_QUOTES, "UTF-8");
}
$comments[$i]['name'] = $comments[$i]['name'];
$comments[$i]['mail'] = strip_tags($_POST['commentmail']);
$comments[$i]['web'] = strip_tags($_POST['commentweb']);
$comments[$i]['ip'] = $_SERVER['REMOTE_ADDR'];
$comments[$i]['message_input'] = htmlentities(strip_tags($_POST['commentmessage']), ENT_QUOTES, "UTF-8");
$comments[$i]['message_html'] = "<p>[PREVIEW]</p> " . makehtml(strip_tags($_POST['commentmessage']));
$comments[$i]['audio_file'] = $tempfilename;
$comments[$i]['audio_size'] = $tempfilesize;
$comments[$i]['audio_length'] = $tempfilelength;
$comments[$i]['audio_type'] = type_suffix($tempfilename);
}
//okay, we show a list af ALL recent comments
} else {
$dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_comments \n ORDER BY posted DESC LIMIT 0," . $number . ";";
$result = mysql_query($dosql) or die(mysql_error());
$i = 0;
$comments = "";
while ($temp = mysql_fetch_assoc($result)) {
$i += 1;
$comments[$i] = $temp;
}
}
//is there one or more comments?
if ($i > 0) {
$i = 1;
//show every comment, one by one
foreach ($comments as $thiscomment) {
$currentcomment = $i;
if ($allcomm == "false") {
$return .= "<span id=\"com" . $comments[$i]['id'] . "\"></span>";
}
$return .= fullparse($content);
$i += 1;
}
}
return $return;
}
function loop_comments($content)
{
//show a loop of all comments of a certain posting
global $currentid;
global $currentcomment;
global $comments;
global $tempfilename;
global $allcomm;
$att = getattributes($content);
if (isset($att['global'])) {
$allcomm = $att['global'];
} else {
$allcomm = "false";
}
if (isset($att['number'])) {
$number = $att['number'];
} else {
$number = 5;
}
$content = trim(stripcontainer($content));
$return = "";
//do we get the comments of the current posting?
if ($allcomm == "false") {
//getting some data from comments-table
$dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_comments\n WHERE posting_id = " . $currentid . " ORDER BY posted ASC;";
$result = $GLOBALS['lbdata']->Execute($dosql);
$comments = $result->GetArray();
if ($comments == false) {
$numbcom = 0;
} else {
$numbcom = count($comments);
}
//only here for previewing?
if (isset($_POST['commentpreview'])) {
if ($tempfilename != "") {
$id3 = getid3data($GLOBALS['audiopath'] . $tempfilename, "front");
$tempfilesize = $id3['size'];
$tempfilelength = getseconds($id3['duration']);
} else {
$tempfilesize = "0";
$tempfilelength = "0";
}
$comments[$numbcom]['id'] = 0;
$comments[$numbcom]['posting_id'] = $currentid;
$comments[$numbcom]['posted'] = date('Y-m-d H:i:s');
if ($_POST['commentname'] == "") {
$comments[$numbcom]['name'] = "Anonymus";
} else {
$comments[$numbcom]['name'] = htmlentities(strip_tags($_POST['commentname']), ENT_QUOTES, "UTF-8");
}
$comments[$numbcom]['mail'] = strip_tags($_POST['commentmail']);
$comments[$numbcom]['web'] = strip_tags($_POST['commentweb']);
$comments[$numbcom]['ip'] = $_SERVER['REMOTE_ADDR'];
$comments[$numbcom]['message_input'] = $_POST['commentmessage'];
$comments[$numbcom]['message_html'] = "<p>[PREVIEW]</p> " . strip_tags(no_amp(makehtml(htmlentities($_POST['commentmessage'], ENT_QUOTES, "UTF-8"))));
$comments[$numbcom]['audio_file'] = $tempfilename;
$comments[$numbcom]['audio_size'] = $tempfilesize;
$comments[$numbcom]['audio_length'] = $tempfilelength;
$comments[$numbcom]['audio_type'] = type_suffix($tempfilename);
}
//okay, we show a list af ALL recent comments
} else {
$dosql = "SELECT * FROM " . $GLOBALS['prefix'] . "lb_comments ORDER BY posted DESC";
$result = $GLOBALS['lbdata']->SelectLimit($dosql, $number, 0);
$comments = $result->GetArray();
if ($comments == false) {
$comments = array();
}
}
//show every comment, one by one
$i = 0;
foreach ($comments as $thiscomment) {
$currentcomment = $i;
if ($allcomm == "false") {
$return .= "<span id=\"com" . $thiscomment['id'] . "\"></span>";
}
$return .= fullparse($content);
$i += 1;
}
return $return;
}
}
$rowval = "";
if (isset($p['rowval'])) {
$rowval = $p['rowval'];
}
//which column do we manipulate or read?
$colpick = "";
if (isset($p['colpick'])) {
$colpick = $p['colpick'];
}
$colval = "";
if (isset($p['colval'])) {
$colval = $p['colval'];
}
if (isset($p['makehtml'])) {
$colval = makehtml($p['colval']);
}
// do the request action!!
if ($p['action'] == "singleread") {
$dosql = "SELECT " . $colpick . " FROM " . $table . " WHERE " . $rowpick . " = '" . $rowval . "'";
$return = $GLOBALS['lbdata']->GetArray($dosql);
echo $return[0][$colpick];
}
if ($p['action'] == "singleupdate") {
$dosql = "UPDATE " . $table . " SET " . $colpick . " = '" . $colval . "' WHERE " . $rowpick . " = '" . $rowval . "'";
$GLOBALS['lbdata']->Execute($dosql);
echo $colval;
}
} else {
echo "access denied!";
}
function verify()
{
$_SESSION['makemix_class'] = "class=\"active\"";
menu();
echo "<div id=\"content\">\n\t<div align=\"center\"<h2>Make a Mix - Processing Upload...</h2></div>\n\t<div class=\"selections\">\n\tYour choices so far:\n\tThe title for your mix will be: " . $_SESSION['mw_mix_title'] . "<br />\n\tThe artist for your mix is: " . $_SESSION['mw_mix_artist'] . "<br />\n\tYour selected skin image is:<br />\n\t<img height=\"64\" width=\"100\" src= \"" . $_SESSION['mwbe_site_url'] . "/skins/" . $_SESSION['mw_skin_img'] . "\"><br />\n\t</div>";
$zip_ext_whitelist = array('zip');
$mp3_ext_whitelist = array('mp3');
$img_whitelist = array('jpg');
$mp3_type = array('audio/mpeg3', 'audio/x-mpeg-3', 'audio/x-mpg', 'audio/mpeg', 'audio/x-mpeg', 'audio/x-mp3', 'audio/x-mpeg3', 'audio/x-mpg', 'audio/x-mpegaudio');
$zip_type = array('application/x-compressed', 'application/x-zip-compressed', 'application/zip');
$zip_type_blacklist = 'multipart/x-zip';
$blacklist = array('php', 'php3', 'php4', 'phtml', 'exe');
$ver_tracks_dir = $_SESSION['mwbe_server_path'] . $_SESSION['mw_mix_tracks_dir'];
$up_archive = $_SESSION['mwbe_server_path'] . $_SESSION['mw_mix_archive'];
$up_name_only = basename($up_name);
$up_archive_name_only = basename($up_archive);
if ($_FILES['zipfile']['size'] > 0) {
$up_name = $_SESSION['mwbe_server_path'] . $_SESSION['mwbe_writable_dirs']['archives'] . basename($_FILES['zipfile']['name']);
$up_lc = strtolower($_FILES['zipfile']['name']);
if (!move_uploaded_file($_FILES['zipfile']['tmp_name'], $up_name)) {
echo "uploaded file: " . $_FILES['zipfile']['tmp_name'] . "<br />\n";
echo "f_name: {$f_name} <br />\n";
echo "up_name: {$up_name} <br />\n";
echo "<text class=\"bad\">There was an error uploading the file.</text><br />\n";
exit(0);
} elseif (!in_array(end(explode('.', $up_lc)), $zip_ext_whitelist)) {
echo "<text class=\"bad\">" . $_FILES['zipfile']['name'] . " is not a .zip file and has been removed.</text><br />\n";
exit(0);
}
} elseif (isset($_POST['localzipfile'])) {
$local_zip_name = $_POST['localzipfile'];
$up_name = $_SESSION['mwbe_server_path'] . $_SESSION['mwbe_writable_dirs']['archives'] . "/" . basename($_POST['localzipfile']);
if (!copy($local_zip_name, $up_name)) {
echo "<text class=\"bad\">The local file could not be copied for use with MixWidget backend. Please check the path and your file permissions and try again.</text><br />\n";
exit(0);
} elseif (!in_array(explode('.', strtolower($_POST['localzipfile'])), $zip_ext_whitelist)) {
}
}
$zip = new ZipArchive();
if ($zip->open("{$up_name}") === TRUE) {
mkdir("{$ver_tracks_dir}", 0775);
$zip->extractTo($ver_tracks_dir);
$zip->close();
echo "Tracks for " . $_SESSION['mw_mix_title'] . "extracted from {$up_name_only} successfully!<br />\n";
if (rename("{$up_name}", "{$up_archive}")) {
echo "Uploaded file: {$up_name_only} has been renamed to {$up_archive_name_only} to allow downloading of the track archive...<br /><br />\n";
} else {
echo "There was a problem re-naming {$up_name_only} to {$up_archive_name_only}. No track archive will be available for download.<br />\n";
}
} else {
echo "There was a problem extracting the files from {$up_name_only} and it has been removed for security reasons.<br />\n";
unlink($up_name);
exit(0);
}
$pl_playlist = $_SESSION['mwbe_server_path'] . $_SESSION['mw_mix_playlist'];
$pl_head = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n\t<!-- generator=\"MixWidget Back End\" -->\n\t<playlist version=\"1\" xmlns=\"http://xspf.org/ns/0/\">\n\t\t<trackList>\n";
$f_pl_head = fopen("{$pl_playlist}", "w");
fwrite($f_pl_head, $pl_head);
fclose($f_pl_head);
echo "<h3>Processing MP3s now...</h3>\n\t<div class=\"process\">\n";
foreach (glob("{$ver_tracks_dir}*.mp3") as $pre_song) {
$pre_song_name_only = basename($pre_song);
echo "<text class=\"pr_head\">Processing {$pre_song_name_only}...<br /></text>\n";
$post_song = basename($pre_song, ".mp3");
$post_song = str_replace("/[^a-zA-Z0-9s]/", "", $post_song);
// remove any non alpha-numeric characters
$post_song = str_replace(" ", "", $post_song);
//remove any spaces
$post_song = strtolower($post_song);
// make it lower case to avoid issues on case sensitive systems
$post_song = $_SESSION['mwbe_server_path'] . $_SESSION['mw_mix_tracks_dir'] . $post_song . ".mp3";
$post_song_name_only = basename($post_song);
if (!rename("{$pre_song}", "{$post_song}")) {
echo "failed to rename {$pre_song_name_only} to {$post_song_name_only}<br />\n";
} else {
if (!in_array(end(explode('.', $post_song)), $mp3_ext_whitelist)) {
echo "{$post_song_name_only} is not an MP3 and has been removed for security reasons.<br />\n";
fclose($post_song);
unlink($post_song);
} else {
echo "...attempting to process ID3 fields for {$post_song_name_only}<br />\n";
$getid3 = new getID3();
$getid3->analyze("{$post_song}");
echo "...{$post_song_name_only} is a valid MP3 and is being added to your playlist<br />\n";
if (@$getid3->info['tags']) {
foreach ($getid3->info['tags'] as $tag => $tag_info) {
if (@$getid3->info['tags'][$tag]['title']) {
$pl_artist = @$getid3->info['tags'][$tag]['artist'][0];
$pl_title = @$getid3->info['tags'][$tag]['title'][0];
$pl_time = @$getids->info['playtime_seconds'];
$pl_mp3 = basename($post_song);
} else {
$pl_title = basename($pre_song, ".mp3");
$pl_mp3 = basename($post_song);
}
}
} else {
$pl_title = basename($pre_song, ".mp3");
$pl_mp3 = basename($post_song);
}
}
echo "<text class=\"pr_foot\">...{$pl_title} by {$pl_artist} has been added to your playlist!</text><br /><br />\n";
$pl_full_path = $_SESSION['mwbe_site_url'] . $_SESSION['mwbe_writable_dirs']['tracks'] . $_SESSION['mw_mix_title_short'] . "/" . htmlentities($pl_mp3, ENT_QUOTES);
$tr_text = "\t\t<track>\n\t\t\t\t\t\t<location>{$pl_full_path}</location>\n\t\t\t\t\t\t<creator>{$pl_artist}</creator>\n\t\t\t\t\t\t<album>" . $_SESSION['mw_mix_title'] . "</album>\n\t\t\t\t\t\t<title>{$pl_title}</title>\n\t\t\t\t\t\t<duration>{$pl_time}</duration>\n\t\t\t\t\t</track>\n";
$f_pl_tr = fopen("{$pl_playlist}", "a");
fwrite($f_pl_tr, $tr_text);
fclose($f_pl_tr);
}
}
echo "</div>";
$pl_foot = "\t</trackList>\n\t</playlist>";
$f_pl_foot = fopen("{$pl_playlist}", "a");
fwrite($f_pl_foot, $pl_foot);
fclose($f_pl_foot);
echo "<text class=\"pr_foot\">Your playlist has been created...</text><br />\n<text class=\"pr_foot\">Creating the MixWidget configuration file now...</text><br />\n";
makeconf();
echo "<text class=\"pr_foot\">Configuration file complete making html file now...</text><br />\n";
makehtml();
echo "<text class=\"pr_foot\">Your mix has been successfully created!</text><br /><br />\n\tYou may:\n\t<ul>\n\t<li><a href=\"" . $_SESSION['mwbe_site_url'] . $_SESSION['mwbe_writable_dirs']['mixes'] . $_SESSION['mw_mix_title_short'] . ".html\">View the .html file</a></li>\n\t<li><a href=\"index.php\">Return to the Mix Widget Backend \"Main\" page.</li>\n\t<li><a href=\"" . $_SESSION['mwbe_site_url'] . $_SESSION['mwbe_mixes_index'] . "\">View your Mix Widget Backend site index</a></li>\n\t</ul>";
}
