<?php
session_start();
include '../class-db.php';
include '../objects/class-news.php';
$ez_news = new ezLeague_News();
if (isset($_POST['form'])) {
$form = $_POST['form'];
switch ($form) {
case 'add-comment':
$post_id = $_POST['post_id'];
$author = $_POST['author'];
$author_id = $_POST['author_id'];
$comment = $_POST['comment'];
$ez_news->add_comment($author, $author_id, $comment, $post_id);
break;
default:
break;
}
} else {
print "nothing was submitted";
}
<?php
session_start();
include '../class-db.php';
include '../objects/class-news.php';
$ez_news = new ezLeague_News();
if (isset($_SESSION['ez_username'])) {
$profile = $ez_user->get_user($_SESSION['ez_username']);
$rand = rand('100', '5000');
$now = strtotime('now');
$new_file = $now . '-' . $rand;
$allowedExts = array("jpg", "png", "gif", "bmp", "jpeg", "PNG", "JPG", "JPEG", "GIF", "BMP");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if (($_FILES["file"]["type"] == "image/gif" || $_FILES["file"]["type"] == "image/jpeg" || $_FILES["file"]["type"] == "image/jpg" || $_FILES["file"]["type"] == "image/pjpeg" || $_FILES["file"]["type"] == "image/x-png" || $_FILES["file"]["type"] == "image/png") && $_FILES["file"]["size"] < 1000000 && in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
if (file_exists("../../../news/" . $now . "-" . $_FILES["file"]["name"])) {
echo $now . "-" . $_FILES["file"]["name"] . " already exists. ";
} else {
move_uploaded_file($_FILES["file"]["tmp_name"], "../../../news/" . $now . "-" . $_FILES["file"]["name"]);
$filename = $now . "-" . $_FILES["file"]["name"];
$title = $_POST['title'];
$body = $_POST['body'];
$author = $_POST['author'];
$game = $_POST['game'];
$category = $_POST['category'];
$ez_news->addNews($title, $body, $author, $category, $game, $filename);
header('Location: news.php?page=view');
}