function copy_ftp($update_id) { global $settings; deleteupdatedfile($update_id); //no file in upload-folder? error! if ($_POST['filename'] == "") { die("<p class=\"msg\">No file defined!</p>"); } $oldfilename = $_POST['filename']; //rename or not?? if ($settings['rename'] == 1) { $newfilename = freshaudioname(); } else { $newfilename = tunefilename(urldecode($oldfilename)); } //copy the file and delete the old one $oldpath = $GLOBALS['uploadpath'] . urldecode($oldfilename); $newfilepath = $GLOBALS['audiopath'] . $newfilename; copy($oldpath, $newfilepath); unlink($oldpath); $filesize = filesize($newfilepath); //make a valid temp-title $temptitle = stripsuffix(htmlspecialchars(urldecode($oldfilename), ENT_QUOTES)); //big question: are we just updating or creating a new file? if (!$update_id) { //insert a new row to the database and fill it with some nice data $dosql = "INSERT INTO {$GLOBALS['prefix']}lb_postings\n (author_id, title, posted, \n filelocal, audio_file, audio_type, audio_size, status)\n VALUES\n ('{$_SESSION['authorid']}', '{$temptitle}', '" . date('Y-m-d H:i:s') . "',\n '1', '{$newfilename}', '" . type_suffix($newfilename) . "', \n '{$filesize}', '1');"; $result = mysql_query($dosql) or die(mysql_error()); //if the parser gets until here, all should be good echo "<p class=\"msg\">{$newfilename} - Copying was successful.</p>"; } else { //update an existing row in the database $dosql = "UPDATE {$GLOBALS['prefix']}lb_postings SET\n\n author_id = '{$_SESSION['authorid']}',\n posted = '" . date('Y-m-d H:i:s') . "',\n filelocal = '1', \n audio_file= '{$newfilename}',\n audio_type= '" . type_suffix($newfilename) . "',\n audio_length= '',\n audio_size= '{$filesize}' \n WHERE id = '{$update_id}';"; $result = mysql_query($dosql) or die(mysql_error()); } //get id for editing data after finishing this function $dosql = "SELECT id FROM {$GLOBALS['prefix']}lb_postings \n WHERE audio_file='{$newfilename}';"; $result = mysql_query($dosql) or die(mysql_error()); $row = mysql_fetch_assoc($result); return $row['id']; }
function area_comments($content) { //only parse this area if comment stuff is to be shown global $settings; global $currentid; global $postings; global $tempfilename; $tempfilename = ""; $return = ""; $freshfile = false; //before we show stuff, we have to handle data from post or save things in database and so on... //check if there is a new uploadad file and make a shorter meta data variable if (isset($_FILES['commentfile']) and $_FILES['commentfile']['error'] == "0") { $freshfile = $_FILES['commentfile']; } //We are only previewing? if (isset($_POST['commentpreview'])) { //add http:// to previewed urls if (substr($_POST['commentweb'], 0, 4) != "http") { $_POST['commentweb'] = "http://" . $_POST['commentweb']; } //a new posted file has the highest priority if ($freshfile != false and checksuffix($freshfile['name']) and $freshfile['size'] <= $postings[$currentid]['comment_size']) { $tempfilename = freshaudioname(strrchr($freshfile['name'], "."), "temp"); //put the uploaded file into the desired directory move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $tempfilename) or die("<p>Error!</p>"); //change the chmod chmod($GLOBALS['audiopath'] . $tempfilename, 0777); } else { //put previously uploaded file through to another preview if (isset($_POST['filethrough'])) { $tempfilename = $_POST['filethrough']; } if ($freshfile['size'] > $postings[$currentid]['comment_size']) { die("<p>Sorry! The file size of your audio comment is too big.<p>"); } } } //oh, we are submitting? It's getting serious! if (isset($_POST['commentsubmit'])) { //in dubio contra audio $audioexists = false; //do a lot of things, if we have got a new uploaded file if ($freshfile != false and checksuffix($freshfile['name'])) { $filename = freshaudioname(strrchr($freshfile['name'], "."), "comment"); //put the uploaded file into the desired directory move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>"); $audioexists = true; //but we can take the previewed audio file, too... } else { if (isset($_POST['filethrough'])) { //rename audio file and get audio meta data $tempfilename = $_POST['filethrough']; $filename = freshaudioname(strrchr($tempfilename, "."), "comment"); rename($GLOBALS['audiopath'] . $tempfilename, $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>"); $audioexists = true; } } //there is an audio file? if ($audioexists) { //get metadata from getid3-class $id3 = getid3data($GLOBALS['audiopath'] . $filename, "front"); } else { //make empty values for audio data (cause we dont have audio data) $filename = ""; $id3['duration'] = "0:00"; $id3['size'] = 0; } //prepare non-audio data if ($_POST['commentname'] == "") { $name = "Anonymous"; } else { $name = htmlentities(strip_tags($_POST['commentname']), ENT_QUOTES, "UTF-8"); } $mail = strip_tags($_POST['commentmail']); $web = strip_tags($_POST['commentweb']); $ip = $_SERVER['REMOTE_ADDR']; $message_input = change_entities($_POST['commentmessage']); $message_html = trim(no_amp(makehtml(htmlentities($_POST['commentmessage'], ENT_QUOTES, "UTF-8")))); //write data into database (doesn't matter, with or without audio) $dosql = "INSERT INTO {$GLOBALS['prefix']}lb_comments\n (posting_id, posted, name, mail, web, ip, message_input, message_html,\n audio_file, audio_type, audio_length, audio_size)\n VALUES\n (\n '" . $currentid . "',\n '" . date('Y-m-d H:i:s') . "',\n '" . $name . "', '" . $mail . "', '" . $web . "', '" . $ip . "',\n '" . $message_input . "', '" . $message_html . "',\n '" . $filename . "',\n '" . type_suffix($filename) . "',\n '" . getseconds($id3['duration']) . "',\n '" . $id3['size'] . "'\n );"; //last controls before we put the data into the database $commentingokay = true; if ($settings['preventspam'] == "1") { if (isset($_POST['commentspam'])) { $givenanswer = trim(strtolower($_POST['commentspam'])); $rightanswer = trim(strtolower($settings['spamanswer'])); if ($givenanswer != $rightanswer) { $commentingokay = false; echo "<p style=\"font-size: 20px;\">Possible spam attack! Don't do this again!</p>\n"; } } else { $commentingokay = false; echo "<p style=\"font-size: 20px;\">Possible spam attack! (The administrator of this podcast has to deactivate anti spam or add an appropriate input field to the template.)</p>\n"; } } if ($settings['acceptcomments'] == "0") { $commentingokay = false; } if ($commentingokay) { //finally!! $GLOBALS['lbdata']->Execute($dosql); //sending an email to author of the posting notify($postings[$currentid], $name, $mail, $web, $message_html); //looking for orphaned comments deleteorphans(); } } //submitting actions are finished. thank you for your attention. //do we show comments at all? if (isset($_GET['id']) and $postings[$currentid]['comment_on'] == 1) { $return .= "<div id=\"comments\">\n"; $return .= fullparse(stripcontainer($content)); $return .= "\n</div>"; } else { $return = ""; } return $return; }
function area_comments($content) { //only parse this area if comment stuff is to be shown global $settings; global $currentid; global $postings; global $tempfilename; $tempfilename = ""; $return = ""; $freshfile = false; //before we show stuff, we have to handle data from post or save things in database and so on... //check if there is a new uploadad file and make a shorter meta data variable if (isset($_FILES['commentfile']) and $_FILES['commentfile']['error'] == "0") { $freshfile = $_FILES['commentfile']; } //We are only previewing? if (isset($_POST['commentpreview'])) { //add http:// to previewed urls if (substr($_POST['commentweb'], 0, 4) != "http") { $_POST['commentweb'] = "http://" . $_POST['commentweb']; } //a new posted file has the highest priority if ($freshfile != false and checksuffix($freshfile['name']) and $freshfile['size'] <= $postings[$currentid]['comment_size']) { $tempfilename = freshaudioname(strrchr($freshfile['name'], "."), "temp"); //put the uploaded file into the desired directory move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $tempfilename) or die("<p>Error!</p>"); } else { //put previously uploaded file through to another preview if (isset($_POST['filethrough'])) { $tempfilename = $_POST['filethrough']; } } } //oh, we are submitting? It's getting serious! if (isset($_POST['commentsubmit'])) { //in dubio contra audio $audioexists = false; //do a lot of things, if we have got a new uploaded file if ($freshfile != false and checksuffix($freshfile['file'])) { $filename = freshaudioname(strrchr($freshfile['name'], "."), "comment"); //put the uploaded file into the desired directory move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>"); $audioexists = true; //but we can take the previewed audio file, too... } else { if (isset($_POST['filethrough'])) { //rename audio file and get audio meta data $tempfilename = $_POST['filethrough']; $filename = freshaudioname(strrchr($tempfilename, "."), "comment"); rename($GLOBALS['audiopath'] . $tempfilename, $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>"); $audioexists = true; } } //there is an audio file? if ($audioexists) { //get metadata from getid3-class $id3 = getid3data($GLOBALS['audiopath'] . $filename, "front"); } else { //make empty values for audio data (cause we dont have audio data) $filename = ""; $id3['duration'] = "0:00"; $id3['size'] = 0; } //prepare non-audio data if ($_POST['commentname'] == "") { $name = "Anonymous"; } else { $name = htmlentities(strip_tags($_POST['commentname']), ENT_QUOTES, "UTF-8"); } $mail = strip_tags($_POST['commentmail']); $web = strip_tags($_POST['commentweb']); $ip = $_SERVER['REMOTE_ADDR']; $message_input = htmlentities($_POST['commentmessage'], ENT_QUOTES, "UTF-8"); $message_html = makehtml(strip_tags($_POST['commentmessage'])); //write data into database (doesn't matter, with or without audio) $dosql = "INSERT INTO {$GLOBALS['prefix']}lb_comments\n (posting_id, posted, name, mail, web, ip, message_input, message_html,\n audio_file, audio_type, audio_length, audio_size)\n VALUES\n (\n '" . $currentid . "',\n '" . date('Y-m-d H:i:s') . "',\n '" . $name . "', '" . $mail . "', '" . $web . "', '" . $ip . "', \n '" . $message_input . "', '" . $message_html . "',\n '" . $filename . "',\n '" . type_suffix($filename) . "',\n '" . getseconds($id3['duration']) . "',\n '" . $id3['size'] . "'\n );"; $result = mysql_query($dosql) or die(mysql_error()); } //submitting actions are finished. thank you for your attention. //do we show comments at all? if (isset($_GET['id']) and $postings[$currentid]['comment_on'] == 1) { $return .= "<div id=\"comments\">\n"; $return .= fullparse(stripcontainer($content)); $return .= "\n</div>"; } else { $return = ""; } return $return; }
function copy_ftp($update_id) { global $settings; deleteupdatedfile($update_id); //no file in upload-folder? error! if ($_POST['filename'] == "") { die("<p class=\"msg\">" . bla("msg_noaudio") . "</p>"); } $oldfilename = $_POST['filename']; //do we rename the audio file? if ($settings['rename'] == 1) { //generate filename from posting date, if we update the file if ($update_id) { $dosql = "SELECT posted FROM " . $GLOBALS['prefix'] . "lb_postings WHERE id = '" . $update_id . "'"; $result = $GLOBALS['lbdata']->GetArray($dosql); $newfilename = buildaudioname(strrchr($_POST['filename'], "."), $settings['filename'], $result[0]['posted']); //get a fresh filename if we have a new posting } else { $newfilename = freshaudioname(strrchr($_POST['filename'], "."), $settings['filename']); } //if we don't rename, we will at least tune the filename } else { $newfilename = tunefilename(urldecode($oldfilename)); } //copy the file and delete the old one $oldpath = $GLOBALS['uploadpath'] . urldecode($oldfilename); $newfilepath = $GLOBALS['audiopath'] . $newfilename; copy($oldpath, $newfilepath); unlink($oldpath); //change the chmod chmod($newfilepath, 0777); $filesize = filesize($newfilepath); //make a valid temp-title $temptitle = stripsuffix(htmlspecialchars(urldecode($oldfilename), ENT_QUOTES)); //big question: are we just updating or creating a new file? if (!$update_id) { //insert a new row to the database and fill it with some nice data $dosql = "INSERT INTO {$GLOBALS['prefix']}lb_postings\n (author_id, title, posted, \n filelocal, audio_file, audio_type, audio_size, status, \n countweb, countfla, countpod, countall)\n VALUES\n ('{$_SESSION['authorid']}', '{$temptitle}', '" . date('Y-m-d H:i:s') . "',\n '1', '{$newfilename}', '" . type_suffix($newfilename) . "', \n '{$filesize}', '1','0','0','0','0')"; $GLOBALS['lbdata']->Execute($dosql); //add default id3 tags, if needed defaultid3tags($GLOBALS['audiopath'] . $newfilename, $temptitle); //if the parser gets until here, all should be good echo "<p class=\"msg\">" . $newfilename . " - " . bla("msg_copysuccess") . "</p>"; } else { //update an existing row in the database $dosql = "UPDATE {$GLOBALS['prefix']}lb_postings SET\n\n author_id = '{$_SESSION['authorid']}',\n filelocal = '1', \n audio_file= '{$newfilename}',\n audio_type= '" . type_suffix($newfilename) . "',\n audio_length= '',\n audio_size= '{$filesize}' \n WHERE id = '{$update_id}'"; $GLOBALS['lbdata']->Execute($dosql); //add default id3 tags, if needed defaultid3tags($GLOBALS['audiopath'] . $newfilename, gettitlefromid($update_id)); } //get id for editing data after finishing this function $dosql = "SELECT id FROM {$GLOBALS['prefix']}lb_postings \n WHERE audio_file='{$newfilename}'"; $result = $GLOBALS['lbdata']->GetArray($dosql); return $result[0]['id']; }