$clid = 0;
}
if ($click_url == "http://") {
$click_url = "";
}
if (empty($title)) {
$error = $lang_module['title_empty'];
} elseif (empty($pid) or !isset($plans[$pid])) {
$error = $lang_module['plan_not_selected'];
} elseif (!empty($click_url) and !nv_is_url($click_url)) {
$error = $lang_module['click_url_invalid'];
} else {
if (isset($_FILES['banner']) and is_uploaded_file($_FILES['banner']['tmp_name'])) {
require_once NV_ROOTDIR . "/includes/class/upload.class.php";
$upload = new upload($contents['file_allowed_ext'], $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
$upload_info = $upload->save_file($_FILES['banner'], NV_UPLOADS_REAL_DIR . '/' . NV_BANNER_DIR, false);
@unlink($_FILES['banner']['tmp_name']);
if (!empty($upload_info['error'])) {
$error = $upload_info['error'];
} else {
@chmod($upload_info['name'], 0644);
if (!empty($file_name) and is_file(NV_ROOTDIR . '/' . $file_name)) {
@nv_deletefile(NV_ROOTDIR . '/' . $file_name);
}
$file_name = $upload_info['basename'];
$file_ext = $upload_info['ext'];
$file_mime = $upload_info['mime'];
$width = $upload_info['img_info'][0];
$height = $upload_info['img_info'][1];
}
}
$data['signtime'] = 0;
} else {
$phour = date('H');
$pmin = date('i');
unset($m);
preg_match("/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})\$/", $signtime, $m);
$data['signtime'] = mktime($phour, $pmin, 0, $m[2], $m[1], $m[3]);
}
if (empty($data['title'])) {
$error = $lang_module['content_title_erorr'];
} else {
if (is_uploaded_file($_FILES['fileup']["tmp_name"])) {
require_once NV_ROOTDIR . "/includes/class/upload.class.php";
$allow_files_type = array("adobe", "application", "archives", "documents", "flash", "images");
$upload = new upload($allow_files_type, $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
$upload_info = $upload->save_file($_FILES['fileup'], NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $module_name . '/' . date("Y_m"), false);
if (!empty($upload_info['error'])) {
$error = $upload_info['error'];
} else {
$data['filepath'] = NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_name . '/' . date("Y_m") . '/' . $upload_info['basename'];
$lu = strlen(NV_BASE_SITEURL . NV_UPLOADS_DIR . "/" . $module_name . "/");
$data['filepath'] = substr($data['filepath'], $lu);
}
}
if ($id == 0 && empty($error)) {
//insert data
$sql = 'INSERT INTO ' . NV_PREFIXLANG . '_' . $module_data . '_rows
(catid, title, alias, hometext, bodytext, keywords, filepath,otherpath, roomid,fieldid, addtime, edittime, down, view, userid, status, type,sign,signtime,organid) VALUES
(' . intval($data['catid']) . ',
:title,
:alias,
// Get post data
$array['x1'] = $nv_Request->get_int('x1', 'post', 0);
$array['y1'] = $nv_Request->get_int('y1', 'post', 0);
$array['x2'] = $nv_Request->get_int('x2', 'post', 0);
$array['y2'] = $nv_Request->get_int('y2', 'post', 0);
$array['w'] = $nv_Request->get_int('w', 'post', 0);
$array['h'] = $nv_Request->get_int('h', 'post', 0);
// Caculate crop size
$array['avatar_width'] = intval($array['x2'] - $array['x1']);
$array['avatar_height'] = intval($array['y2'] - $array['y1']);
if (sizeof(array_filter(array($array['x1'], $array['y1'], $array['x2'], $array['y2'], $array['w'], $array['h']))) < 4 or $array['avatar_width'] < $global_config['avatar_width'] or $array['avatar_height'] < $global_config['avatar_height']) {
$array['error'] = $lang_module['avata_error_data'];
} else {
$upload = new upload(array('images'), $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
// Storage in temp dir
$upload_info = $upload->save_file($_FILES['image_file'], NV_ROOTDIR . '/' . NV_TEMP_DIR, false);
// Delete upload tmp
@unlink($_FILES['image_file']['tmp_name']);
if (empty($upload_info['error'])) {
$basename = $upload_info['basename'];
$basename = preg_replace('/(.*)(\\.[a-zA-Z]+)$/', '\\1_' . nv_genpass(8) . "_" . $user_info['userid'] . '\\2', $basename);
$image = new image($upload_info['name'], NV_MAX_WIDTH, NV_MAX_HEIGHT);
// Resize image, crop image
$image->resizeXY($array['w'], $array['h']);
$image->cropFromLeft($array['x1'], $array['y1'], $array['avatar_width'], $array['avatar_height']);
$image->resizeXY($global_config['avatar_width'], $global_config['avatar_height']);
// Save new image
$image->save(NV_ROOTDIR . '/' . NV_TEMP_DIR, $basename);
$image->close();
if (file_exists($image->create_Image_info['src'])) {
$array['success'] = true;
} else {
$is_error = true;
$error = $upload_info['error'];
}
unset($upload, $upload_info);
}
}
if (!$is_error) {
if (empty($fileupload) and empty($array['linkdirect'])) {
$is_error = true;
$error = $lang_module['file_error_fileupload'];
} else {
$fileimage = '';
if (isset($_FILES['upload_fileimage']) and is_uploaded_file($_FILES['upload_fileimage']['tmp_name'])) {
$upload = new upload(array('images'), $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
$upload_info = $upload->save_file($_FILES['upload_fileimage'], NV_UPLOADS_REAL_DIR . '/' . $module_upload . '/temp', false);
@unlink($_FILES['upload_fileimage']['tmp_name']);
if (empty($upload_info['error'])) {
mt_srand((double) microtime() * 1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
$random_num = md5($random_num);
$nv_pathinfo_filename = nv_pathinfo_filename($upload_info['name']);
$new_name = NV_UPLOADS_REAL_DIR . '/' . $module_upload . '/temp/' . $nv_pathinfo_filename . '.' . $random_num . '.' . $upload_info['ext'];
$rename = nv_renamefile($upload_info['name'], $new_name);
if ($rename[0] == 1) {
$fileimage = $new_name;
} else {
$fileimage = $upload_info['name'];
}
@chmod($fileimage, 0644);
}
if (preg_match("/^([0-9]{1,2})\\.([0-9]{1,2})\\.([0-9]{4})\$/", $_user['birthday'], $m)) {
$_user['birthday'] = mktime(0, 0, 0, $m[2], $m[1], $m[3]);
} else {
$_user['birthday'] = 0;
}
$data_in_groups = !empty($_user['in_groups']) ? implode(',', $_user['in_groups']) : '';
$password = $crypt->hash($_user['password1']);
$sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (\n `userid`, `username`, `md5username`, `password`, `email`, `full_name`, `gender`, `birthday`, `sig`, `regdate`, \n `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, \n `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) \n VALUES(\n\t\tNULL, \n\t\t" . $db->dbescape($_user['username']) . ",\n\t\t" . $db->dbescape(md5($_user['username'])) . ",\n\t\t" . $db->dbescape($password) . ",\n\t\t" . $db->dbescape($_user['email']) . ",\n\t\t" . $db->dbescape($_user['full_name']) . ",\n\t\t" . $db->dbescape($_user['gender']) . ",\n\t\t" . $_user['birthday'] . ",\n\t\t" . $db->dbescape($_user['sig']) . ",\n\t\t" . NV_CURRENTTIME . ",\n\t\t" . $db->dbescape($_user['website']) . ",\n\t\t" . $db->dbescape($_user['location']) . ",\n\t\t" . $db->dbescape($_user['yim']) . ",\n\t\t" . $db->dbescape($_user['telephone']) . ",\n\t\t" . $db->dbescape($_user['fax']) . ",\n\t\t" . $db->dbescape($_user['mobile']) . ",\n\t\t" . $db->dbescape($_user['question']) . ",\n\t\t" . $db->dbescape($_user['answer']) . ",\n\t\t'', \n " . $_user['view_mail'] . ", \n 1, \n " . $db->dbescape_string($data_in_groups) . ", \n 1, '', 0, '', '', '')";
$userid = $db->sql_query_insert_id($sql);
if ($userid) {
nv_insert_logs(NV_LANG_DATA, $module_name, 'log_add_user', "userid " . $userid, $admin_info['userid']);
if (isset($_FILES['photo']) and is_uploaded_file($_FILES['photo']['tmp_name'])) {
@(require_once NV_ROOTDIR . "/includes/class/upload.class.php");
$upload = new upload(array('images'), $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, 80, 80);
$upload_info = $upload->save_file($_FILES['photo'], NV_UPLOADS_REAL_DIR . '/' . $module_name, false);
@unlink($_FILES['photo']['tmp_name']);
if (empty($upload_info['error'])) {
@chmod($upload_info['name'], 0644);
$file_name = str_replace(NV_ROOTDIR . "/", "", $upload_info['name']);
$sql = "UPDATE `" . NV_USERS_GLOBALTABLE . "` SET `photo`=" . $db->dbescape($file_name) . " WHERE `userid`=" . $userid;
$db->sql_query($sql);
}
}
if (!empty($_user['in_groups'])) {
foreach ($_user['in_groups'] as $group_id_i) {
$query = "SELECT `users` FROM `" . NV_GROUPS_GLOBALTABLE . "` WHERE `group_id`=" . $group_id_i;
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if ($numrows) {
$row_users = $db->sql_fetchrow($result);
} else {
$is_error = true;
$error = $upload_info['error'];
}
unset($upload, $upload_info);
}
}
if (!$is_error) {
if (empty($fileupload) and empty($array['linkdirect'])) {
$is_error = true;
$error = $lang_module['file_error_fileupload'];
} else {
$fileimage = "";
if (isset($_FILES['upload_fileimage']) and is_uploaded_file($_FILES['upload_fileimage']['tmp_name'])) {
$upload = new upload(array('images'), $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
$upload_info = $upload->save_file($_FILES['upload_fileimage'], NV_UPLOADS_REAL_DIR . '/' . $module_name . '/' . $download_config['temp_dir'], false);
@unlink($_FILES['upload_fileimage']['tmp_name']);
if (empty($upload_info['error'])) {
mt_srand((double) microtime() * 1000000);
$maxran = 1000000;
$random_num = mt_rand(0, $maxran);
$random_num = md5($random_num);
$nv_pathinfo_filename = nv_pathinfo_filename($upload_info['name']);
$new_name = NV_UPLOADS_REAL_DIR . '/' . $module_name . '/' . $download_config['temp_dir'] . '/' . $nv_pathinfo_filename . '.' . $random_num . '.' . $upload_info['ext'];
$rename = nv_renamefile($upload_info['name'], $new_name);
if ($rename[0] == 1) {
$fileimage = $new_name;
} else {
$fileimage = $upload_info['name'];
}
@chmod($fileimage, 0644);
}
$page_title = $lang_module['upload_manager'];
# config
$path = htmlspecialchars(trim($nv_Request->get_string('path', 'get', NV_UPLOADS_DIR)), ENT_QUOTES);
$currentPath = htmlspecialchars(trim($nv_Request->get_string('currentpath', 'post,get')), ENT_QUOTES);
$area = "";
$popup = $nv_Request->get_int('popup', 'get', 0);
$selectedfile = '';
$uploadflag = $nv_Request->isset_request('confirm', 'post');
if ($uploadflag) {
$imgurl = htmlspecialchars(trim($nv_Request->get_string('imgurl', 'post')), ENT_QUOTES);
$imgfolder = htmlspecialchars(trim($nv_Request->get_string('path', 'post')), ENT_QUOTES);
if (is_uploaded_file($_FILES['fileupload']['tmp_name']) && nv_check_allow_upload_dir($imgfolder)) {
require_once NV_ROOTDIR . "/includes/class/upload.class.php";
$upload = new upload($admin_info['allow_files_type'], $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
$upload_info = $upload->save_file($_FILES['fileupload'], NV_ROOTDIR . '/' . $imgfolder, false);
if (!empty($upload_info['error'])) {
$errors[] = $upload_info['error'];
} else {
$selectedfile = $upload_info['basename'];
}
} elseif (!empty($imgurl)) {
$prover = @getimagesize($imgurl);
if ($prover) {
$imgname = end(explode("/", $imgurl));
$imgname = str_replace('%', '_', $imgname);
$file_type = strtolower($types[$prover[2]]);
if (in_array($file_type, $allowed_extensions)) {
include NV_ROOTDIR . "/includes/class/geturl.class.php";
$getContent = new UrlGetContents($global_config);
$content = '';
@chmod($upload_info['name'], 0644);
if (!empty($file_name) and is_file(NV_ROOTDIR . '/' . $file_name)) {
@nv_deletefile(NV_UPLOADS_REAL_DIR . '/' . NV_BANNER_DIR . '/' . $file_name);
}
$file_name = $upload_info['basename'];
$file_ext = $upload_info['ext'];
$file_mime = $upload_info['mime'];
$width = $upload_info['img_info'][0];
$height = $upload_info['img_info'][1];
}
}
if ($file_ext == 'swf') {
if (isset($_FILES['imageforswf']) and is_uploaded_file($_FILES['imageforswf']['tmp_name'])) {
require_once NV_ROOTDIR . '/includes/class/upload.class.php';
$upload = new upload($contents['file_allowed_ext'], $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
$upload_info = $upload->save_file($_FILES['imageforswf'], NV_UPLOADS_REAL_DIR . '/' . NV_BANNER_DIR, false);
@unlink($_FILES['imageforswf']['tmp_name']);
if (!empty($upload_info['error'])) {
$error = $upload_info['error'];
} else {
@chmod($upload_info['name'], 0644);
if (!empty($imageforswf) and is_file(NV_ROOTDIR . '/' . $imageforswf)) {
@nv_deletefile(NV_UPLOADS_REAL_DIR . '/' . NV_BANNER_DIR . '/' . $imageforswf);
}
$imageforswf = $upload_info['basename'];
}
}
} else {
if (!empty($imageforswf) and is_file(NV_ROOTDIR . '/' . $imageforswf)) {
@nv_deletefile(NV_UPLOADS_REAL_DIR . '/' . NV_BANNER_DIR . '/' . $imageforswf);
}
$second = 'albumid';
$condition = 'listcatid';
} elseif ($type == 'album') {
$data = $allalbs;
$main = 'albumid';
$second = 'catid';
$condition = 'listalbid';
}
$np->CheckAdminAccess($condition, $typeid);
if ($np->status() == false) {
die('nperror*You cannot access this action');
}
require_once NV_ROOTDIR . "/includes/class/upload.class.php";
$upload = new upload($admin_info['allow_files_type'], $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
if (is_uploaded_file($_FILES['file']['tmp_name'])) {
$upload_info = $upload->save_file($_FILES['file'], NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $module_name . '/' . $type . '/' . $data[$typeid]['imgfolder'], false);
if (empty($upload_info['error'])) {
$imgpath = NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $module_name . '/' . $type . '/' . $data[$typeid]['imgfolder'] . '/' . $upload_info['basename'];
$thumbpath = NV_ROOTDIR . '/' . NV_UPLOADS_DIR . '/' . $module_name . '/' . $type . '/' . $data[$typeid]['imgfolder'] . '/thumbs/';
if (!file_exists($thumbpath . '/' . $upload_info['basename'])) {
$imgdata['thumbpath'] = createthumb($imgpath, $thumbpath, '', 180, 180);
}
$src = NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_name . '/' . $type . '/' . $data[$typeid]['imgfolder'] . '/' . $upload_info['basename'];
$lu = strlen('.' . $upload_info['ext']);
$alias = substr($upload_info['basename'], 0, -$lu);
$alias = np_get_alias('photos', 0, $alias);
$imgdata['pid'] = 'NULL';
$imgdata['filename'] = $upload_info['basename'];
$imgdata['filetype'] = $upload_info['mime'];
$imgdata['filepath'] = $type . '/' . $data[$typeid]['imgfolder'];
$imgdata[$main] = intval($typeid);
}
$path = nv_check_path_upload($nv_Request->get_string('path', 'post', NV_UPLOADS_DIR));
$check_allow_upload_dir = nv_check_allow_upload_dir($path);
if (!isset($check_allow_upload_dir['upload_file'])) {
die("ERROR_" . $lang_module['notlevel']);
}
if (!isset($_FILES, $_FILES['fileupload'], $_FILES['fileupload']['tmp_name']) and !$nv_Request->isset_request('fileurl', 'post')) {
die("ERROR_" . $lang_module['uploadError1']);
}
if (!isset($_FILES) and !nv_is_url($nv_Request->get_string('fileurl', 'post'))) {
die("ERROR_" . $lang_module['uploadError2']);
}
require_once NV_ROOTDIR . "/includes/class/upload.class.php";
$upload = new upload($admin_info['allow_files_type'], $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
if (isset($_FILES['fileupload']['tmp_name']) and is_uploaded_file($_FILES['fileupload']['tmp_name'])) {
$upload_info = $upload->save_file($_FILES['fileupload'], NV_ROOTDIR . '/' . $path, false);
} else {
$urlfile = trim($nv_Request->get_string('fileurl', 'post'));
$upload_info = $upload->save_urlfile($urlfile, NV_ROOTDIR . '/' . $path, false);
}
if (!empty($upload_info['error'])) {
die("ERROR_" . $upload_info['error']);
}
if ($upload_info['is_img']) {
$autologomod = explode(',', $global_config['autologomod']);
$dir = str_replace("\\", "/", $path);
$dir = rtrim($dir, "/");
$arr_dir = explode("/", $dir);
if ($global_config['autologomod'] == 'all' or $arr_dir[0] == NV_UPLOADS_DIR and isset($arr_dir[1]) and in_array($arr_dir[1], $autologomod)) {
$upload_logo = '';
if (file_exists(NV_ROOTDIR . '/' . $global_config['upload_logo'])) {
$error = $lang_module['uploadError2'];
} else {
$type = $nv_Request->get_string('type', 'post,get');
if ($type == 'image' and in_array('images', $admin_info['allow_files_type'])) {
$allow_files_type = array('images');
} elseif ($type == 'flash' and in_array('flash', $admin_info['allow_files_type'])) {
$allow_files_type = array('flash');
} elseif (empty($type)) {
$allow_files_type = $admin_info['allow_files_type'];
} else {
$allow_files_type = array();
}
require_once NV_ROOTDIR . '/includes/class/upload.class.php';
$upload = new upload($allow_files_type, $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
if (isset($_FILES['upload']['tmp_name']) and is_uploaded_file($_FILES['upload']['tmp_name'])) {
$upload_info = $upload->save_file($_FILES['upload'], NV_ROOTDIR . '/' . $path, false, $global_config['nv_auto_resize']);
} else {
$urlfile = rawurldecode(trim($nv_Request->get_string('fileurl', 'post')));
$upload_info = $upload->save_urlfile($urlfile, NV_ROOTDIR . '/' . $path, false, $global_config['nv_auto_resize']);
}
if (!empty($upload_info['error'])) {
$error = $upload_info['error'];
} elseif (preg_match('#image\\/[x\\-]*([a-z]+)#', $upload_info['mime'])) {
if ($global_config['nv_auto_resize'] and ($upload_info['img_info'][0] > NV_MAX_WIDTH or $upload_info['img_info'][0] > NV_MAX_HEIGHT)) {
require_once NV_ROOTDIR . '/includes/class/image.class.php';
$createImage = new image(NV_ROOTDIR . '/' . $path . '/' . $upload_info['basename'], $upload_info['img_info'][0], $upload_info['img_info'][1]);
$createImage->resizeXY(NV_MAX_WIDTH, NV_MAX_HEIGHT);
$createImage->save(NV_ROOTDIR . '/' . $path, $upload_info['basename'], 90);
$createImage->close();
$info = $createImage->create_Image_info;
$upload_info['img_info'][0] = $info['width'];
if (!isset($_POST['submit'])) {
redirect('view.php');
} else {
if (!isset($_POST['description']) || empty($_POST['description'])) {
$Form->setError('error', 'Fill The form perfectly.');
}
if (!isset($_FILES['file']) || empty($_FILES['file'])) {
$Form->setError('error', 'Fill The form perfectly.');
} else {
$Upload = new upload($_FILES['file']);
if ($Upload->extension != "jpg" && $Upload->extension != "jpeg" && $Upload->extension != "png" && $Upload->extension != "jpg") {
$Form->setError('extension', 'Only images can be uploaded.');
}
}
if ($Form->num_errors > 0) {
$Form->return_msg_to('add-banner.php');
} else {
// save Image
$Upload->save_file();
$file_name = $Upload->basename;
$description = cleanData($_POST['description']);
$bannerAdd = insertQuery(TBL_BANNER, array('file_name' => $file_name, 'description' => $description, 'create_date' => 'NOW()'));
if (!$bannerAdd) {
$Form->setError('error', 'Database error! Please try again.');
$Form->return_msg_to('add-banner.php');
} else {
$Form->setError('success', 'New Banner added successfully');
$Form->return_msg_to('banner.php');
}
}
}