<?php
include "../php/header.php";
include "{$BASE_FILES}/mapimageclass.php";
$error = "OK";
$map = new mapImageClass();
$mapfile = $HTTP_POST_FILES['mapfile'];
$comment = $HTTP_POST_VARS['blurb'];
$level = $HTTP_POST_VARS['id'];
if ($userdata['session_logged_in'] == false) {
$error = "Not logged in";
} else {
if (isset($HTTP_POST_VARS['id']) == false) {
$error = "Missing data";
} else {
if (mcGetOwnerFromLevelId($level) != $userdata['user_id']) {
$error = "Not owner";
} else {
if (is_uploaded_file($mapfile['tmp_name']) == false) {
$error = "File not uploaded";
} else {
$map->setup();
if ($map->readMap($mapfile['tmp_name']) == false) {
$error = "Not a valid WinBolo Map";
} else {
$gif = $map->getImg();
$tmpfname = tempnam("/tmp", "IMG");
$name = stripslashes(trim($mapfile['name']));
$end = substr($name, -4);
if (strstr(strtolower($end), ".map") != false) {
# trim off end .map
<?php
require "../php/header.php";
$id = stripslashes($HTTP_POST_VARS['id']);
$name = stripslashes($HTTP_POST_VARS['name']);
$comment = stripslashes($HTTP_POST_VARS['comment']);
if ($userdata['session_logged_in'] == true && isset($HTTP_POST_VARS['id']) && isset($HTTP_POST_VARS['name'])) {
$name = trim($name);
$comment = trim($comment);
$owner = mcGetOwnerFromLevelId($id);
$pid = $userdata['user_id'];
if (strlen($name) > 0 && $owner != -1 && $owner == $pid && mcFolderNameExists($id, $name) == false) {
$name = mysql_escape_string($name);
$sqlId = mysql_escape_string($id);
$comment = mysql_escape_string($comment);
$sql = "insert into map_structure (ms_pid, ms_name, ms_parent, ms_comment) values ('{$pid}', '{$name}', '{$sqlId}', '{$comment}')";
mysql_query($sql);
}
}
header("Location: mapcollection.php?id={$id}");