function copy_ftp($update_id)
{
global $settings;
deleteupdatedfile($update_id);
//no file in upload-folder? error!
if ($_POST['filename'] == "") {
die("<p class=\"msg\">No file defined!</p>");
}
$oldfilename = $_POST['filename'];
//rename or not??
if ($settings['rename'] == 1) {
$newfilename = freshaudioname();
} else {
$newfilename = tunefilename(urldecode($oldfilename));
}
//copy the file and delete the old one
$oldpath = $GLOBALS['uploadpath'] . urldecode($oldfilename);
$newfilepath = $GLOBALS['audiopath'] . $newfilename;
copy($oldpath, $newfilepath);
unlink($oldpath);
$filesize = filesize($newfilepath);
//make a valid temp-title
$temptitle = stripsuffix(htmlspecialchars(urldecode($oldfilename), ENT_QUOTES));
//big question: are we just updating or creating a new file?
if (!$update_id) {
//insert a new row to the database and fill it with some nice data
$dosql = "INSERT INTO {$GLOBALS['prefix']}lb_postings\n (author_id, title, posted, \n filelocal, audio_file, audio_type, audio_size, status)\n VALUES\n ('{$_SESSION['authorid']}', '{$temptitle}', '" . date('Y-m-d H:i:s') . "',\n '1', '{$newfilename}', '" . type_suffix($newfilename) . "', \n '{$filesize}', '1');";
$result = mysql_query($dosql) or die(mysql_error());
//if the parser gets until here, all should be good
echo "<p class=\"msg\">{$newfilename} - Copying was successful.</p>";
} else {
//update an existing row in the database
$dosql = "UPDATE {$GLOBALS['prefix']}lb_postings SET\n\n author_id = '{$_SESSION['authorid']}',\n posted = '" . date('Y-m-d H:i:s') . "',\n filelocal = '1', \n audio_file= '{$newfilename}',\n audio_type= '" . type_suffix($newfilename) . "',\n audio_length= '',\n audio_size= '{$filesize}' \n WHERE id = '{$update_id}';";
$result = mysql_query($dosql) or die(mysql_error());
}
//get id for editing data after finishing this function
$dosql = "SELECT id FROM {$GLOBALS['prefix']}lb_postings \n WHERE audio_file='{$newfilename}';";
$result = mysql_query($dosql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
return $row['id'];
}
function area_comments($content)
{
//only parse this area if comment stuff is to be shown
global $settings;
global $currentid;
global $postings;
global $tempfilename;
$tempfilename = "";
$return = "";
$freshfile = false;
//before we show stuff, we have to handle data from post or save things in database and so on...
//check if there is a new uploadad file and make a shorter meta data variable
if (isset($_FILES['commentfile']) and $_FILES['commentfile']['error'] == "0") {
$freshfile = $_FILES['commentfile'];
}
//We are only previewing?
if (isset($_POST['commentpreview'])) {
//add http:// to previewed urls
if (substr($_POST['commentweb'], 0, 4) != "http") {
$_POST['commentweb'] = "http://" . $_POST['commentweb'];
}
//a new posted file has the highest priority
if ($freshfile != false and checksuffix($freshfile['name']) and $freshfile['size'] <= $postings[$currentid]['comment_size']) {
$tempfilename = freshaudioname(strrchr($freshfile['name'], "."), "temp");
//put the uploaded file into the desired directory
move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $tempfilename) or die("<p>Error!</p>");
//change the chmod
chmod($GLOBALS['audiopath'] . $tempfilename, 0777);
} else {
//put previously uploaded file through to another preview
if (isset($_POST['filethrough'])) {
$tempfilename = $_POST['filethrough'];
}
if ($freshfile['size'] > $postings[$currentid]['comment_size']) {
die("<p>Sorry! The file size of your audio comment is too big.<p>");
}
}
}
//oh, we are submitting? It's getting serious!
if (isset($_POST['commentsubmit'])) {
//in dubio contra audio
$audioexists = false;
//do a lot of things, if we have got a new uploaded file
if ($freshfile != false and checksuffix($freshfile['name'])) {
$filename = freshaudioname(strrchr($freshfile['name'], "."), "comment");
//put the uploaded file into the desired directory
move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>");
$audioexists = true;
//but we can take the previewed audio file, too...
} else {
if (isset($_POST['filethrough'])) {
//rename audio file and get audio meta data
$tempfilename = $_POST['filethrough'];
$filename = freshaudioname(strrchr($tempfilename, "."), "comment");
rename($GLOBALS['audiopath'] . $tempfilename, $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>");
$audioexists = true;
}
}
//there is an audio file?
if ($audioexists) {
//get metadata from getid3-class
$id3 = getid3data($GLOBALS['audiopath'] . $filename, "front");
} else {
//make empty values for audio data (cause we dont have audio data)
$filename = "";
$id3['duration'] = "0:00";
$id3['size'] = 0;
}
//prepare non-audio data
if ($_POST['commentname'] == "") {
$name = "Anonymous";
} else {
$name = htmlentities(strip_tags($_POST['commentname']), ENT_QUOTES, "UTF-8");
}
$mail = strip_tags($_POST['commentmail']);
$web = strip_tags($_POST['commentweb']);
$ip = $_SERVER['REMOTE_ADDR'];
$message_input = change_entities($_POST['commentmessage']);
$message_html = trim(no_amp(makehtml(htmlentities($_POST['commentmessage'], ENT_QUOTES, "UTF-8"))));
//write data into database (doesn't matter, with or without audio)
$dosql = "INSERT INTO {$GLOBALS['prefix']}lb_comments\n (posting_id, posted, name, mail, web, ip, message_input, message_html,\n audio_file, audio_type, audio_length, audio_size)\n VALUES\n (\n '" . $currentid . "',\n '" . date('Y-m-d H:i:s') . "',\n '" . $name . "', '" . $mail . "', '" . $web . "', '" . $ip . "',\n '" . $message_input . "', '" . $message_html . "',\n '" . $filename . "',\n '" . type_suffix($filename) . "',\n '" . getseconds($id3['duration']) . "',\n '" . $id3['size'] . "'\n );";
//last controls before we put the data into the database
$commentingokay = true;
if ($settings['preventspam'] == "1") {
if (isset($_POST['commentspam'])) {
$givenanswer = trim(strtolower($_POST['commentspam']));
$rightanswer = trim(strtolower($settings['spamanswer']));
if ($givenanswer != $rightanswer) {
$commentingokay = false;
echo "<p style=\"font-size: 20px;\">Possible spam attack! Don't do this again!</p>\n";
}
} else {
$commentingokay = false;
echo "<p style=\"font-size: 20px;\">Possible spam attack! (The administrator of this podcast has to deactivate anti spam or add an appropriate input field to the template.)</p>\n";
}
}
if ($settings['acceptcomments'] == "0") {
$commentingokay = false;
}
if ($commentingokay) {
//finally!!
$GLOBALS['lbdata']->Execute($dosql);
//sending an email to author of the posting
notify($postings[$currentid], $name, $mail, $web, $message_html);
//looking for orphaned comments
deleteorphans();
}
}
//submitting actions are finished. thank you for your attention.
//do we show comments at all?
if (isset($_GET['id']) and $postings[$currentid]['comment_on'] == 1) {
$return .= "<div id=\"comments\">\n";
$return .= fullparse(stripcontainer($content));
$return .= "\n</div>";
} else {
$return = "";
}
return $return;
}
function area_comments($content)
{
//only parse this area if comment stuff is to be shown
global $settings;
global $currentid;
global $postings;
global $tempfilename;
$tempfilename = "";
$return = "";
$freshfile = false;
//before we show stuff, we have to handle data from post or save things in database and so on...
//check if there is a new uploadad file and make a shorter meta data variable
if (isset($_FILES['commentfile']) and $_FILES['commentfile']['error'] == "0") {
$freshfile = $_FILES['commentfile'];
}
//We are only previewing?
if (isset($_POST['commentpreview'])) {
//add http:// to previewed urls
if (substr($_POST['commentweb'], 0, 4) != "http") {
$_POST['commentweb'] = "http://" . $_POST['commentweb'];
}
//a new posted file has the highest priority
if ($freshfile != false and checksuffix($freshfile['name']) and $freshfile['size'] <= $postings[$currentid]['comment_size']) {
$tempfilename = freshaudioname(strrchr($freshfile['name'], "."), "temp");
//put the uploaded file into the desired directory
move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $tempfilename) or die("<p>Error!</p>");
} else {
//put previously uploaded file through to another preview
if (isset($_POST['filethrough'])) {
$tempfilename = $_POST['filethrough'];
}
}
}
//oh, we are submitting? It's getting serious!
if (isset($_POST['commentsubmit'])) {
//in dubio contra audio
$audioexists = false;
//do a lot of things, if we have got a new uploaded file
if ($freshfile != false and checksuffix($freshfile['file'])) {
$filename = freshaudioname(strrchr($freshfile['name'], "."), "comment");
//put the uploaded file into the desired directory
move_uploaded_file($freshfile['tmp_name'], $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>");
$audioexists = true;
//but we can take the previewed audio file, too...
} else {
if (isset($_POST['filethrough'])) {
//rename audio file and get audio meta data
$tempfilename = $_POST['filethrough'];
$filename = freshaudioname(strrchr($tempfilename, "."), "comment");
rename($GLOBALS['audiopath'] . $tempfilename, $GLOBALS['audiopath'] . $filename) or die("<p>Error!</p>");
$audioexists = true;
}
}
//there is an audio file?
if ($audioexists) {
//get metadata from getid3-class
$id3 = getid3data($GLOBALS['audiopath'] . $filename, "front");
} else {
//make empty values for audio data (cause we dont have audio data)
$filename = "";
$id3['duration'] = "0:00";
$id3['size'] = 0;
}
//prepare non-audio data
if ($_POST['commentname'] == "") {
$name = "Anonymous";
} else {
$name = htmlentities(strip_tags($_POST['commentname']), ENT_QUOTES, "UTF-8");
}
$mail = strip_tags($_POST['commentmail']);
$web = strip_tags($_POST['commentweb']);
$ip = $_SERVER['REMOTE_ADDR'];
$message_input = htmlentities($_POST['commentmessage'], ENT_QUOTES, "UTF-8");
$message_html = makehtml(strip_tags($_POST['commentmessage']));
//write data into database (doesn't matter, with or without audio)
$dosql = "INSERT INTO {$GLOBALS['prefix']}lb_comments\n (posting_id, posted, name, mail, web, ip, message_input, message_html,\n audio_file, audio_type, audio_length, audio_size)\n VALUES\n (\n '" . $currentid . "',\n '" . date('Y-m-d H:i:s') . "',\n '" . $name . "', '" . $mail . "', '" . $web . "', '" . $ip . "', \n '" . $message_input . "', '" . $message_html . "',\n '" . $filename . "',\n '" . type_suffix($filename) . "',\n '" . getseconds($id3['duration']) . "',\n '" . $id3['size'] . "'\n );";
$result = mysql_query($dosql) or die(mysql_error());
}
//submitting actions are finished. thank you for your attention.
//do we show comments at all?
if (isset($_GET['id']) and $postings[$currentid]['comment_on'] == 1) {
$return .= "<div id=\"comments\">\n";
$return .= fullparse(stripcontainer($content));
$return .= "\n</div>";
} else {
$return = "";
}
return $return;
}
function copy_ftp($update_id)
{
global $settings;
deleteupdatedfile($update_id);
//no file in upload-folder? error!
if ($_POST['filename'] == "") {
die("<p class=\"msg\">" . bla("msg_noaudio") . "</p>");
}
$oldfilename = $_POST['filename'];
//do we rename the audio file?
if ($settings['rename'] == 1) {
//generate filename from posting date, if we update the file
if ($update_id) {
$dosql = "SELECT posted FROM " . $GLOBALS['prefix'] . "lb_postings WHERE id = '" . $update_id . "'";
$result = $GLOBALS['lbdata']->GetArray($dosql);
$newfilename = buildaudioname(strrchr($_POST['filename'], "."), $settings['filename'], $result[0]['posted']);
//get a fresh filename if we have a new posting
} else {
$newfilename = freshaudioname(strrchr($_POST['filename'], "."), $settings['filename']);
}
//if we don't rename, we will at least tune the filename
} else {
$newfilename = tunefilename(urldecode($oldfilename));
}
//copy the file and delete the old one
$oldpath = $GLOBALS['uploadpath'] . urldecode($oldfilename);
$newfilepath = $GLOBALS['audiopath'] . $newfilename;
copy($oldpath, $newfilepath);
unlink($oldpath);
//change the chmod
chmod($newfilepath, 0777);
$filesize = filesize($newfilepath);
//make a valid temp-title
$temptitle = stripsuffix(htmlspecialchars(urldecode($oldfilename), ENT_QUOTES));
//big question: are we just updating or creating a new file?
if (!$update_id) {
//insert a new row to the database and fill it with some nice data
$dosql = "INSERT INTO {$GLOBALS['prefix']}lb_postings\n (author_id, title, posted, \n filelocal, audio_file, audio_type, audio_size, status, \n countweb, countfla, countpod, countall)\n VALUES\n ('{$_SESSION['authorid']}', '{$temptitle}', '" . date('Y-m-d H:i:s') . "',\n '1', '{$newfilename}', '" . type_suffix($newfilename) . "', \n '{$filesize}', '1','0','0','0','0')";
$GLOBALS['lbdata']->Execute($dosql);
//add default id3 tags, if needed
defaultid3tags($GLOBALS['audiopath'] . $newfilename, $temptitle);
//if the parser gets until here, all should be good
echo "<p class=\"msg\">" . $newfilename . " - " . bla("msg_copysuccess") . "</p>";
} else {
//update an existing row in the database
$dosql = "UPDATE {$GLOBALS['prefix']}lb_postings SET\n\n author_id = '{$_SESSION['authorid']}',\n filelocal = '1', \n audio_file= '{$newfilename}',\n audio_type= '" . type_suffix($newfilename) . "',\n audio_length= '',\n audio_size= '{$filesize}' \n WHERE id = '{$update_id}'";
$GLOBALS['lbdata']->Execute($dosql);
//add default id3 tags, if needed
defaultid3tags($GLOBALS['audiopath'] . $newfilename, gettitlefromid($update_id));
}
//get id for editing data after finishing this function
$dosql = "SELECT id FROM {$GLOBALS['prefix']}lb_postings \n WHERE audio_file='{$newfilename}'";
$result = $GLOBALS['lbdata']->GetArray($dosql);
return $result[0]['id'];
}
