function icUpload() { $name = escape($_POST['name'], 'string'); $version = escape($_POST['version'], 'string'); $autor = escape($_POST['autor'], 'string'); $surl = escape($_POST['surl'], 'string'); $ssurl = escape($_POST['ssurl'], 'string'); $url = empty($_POST['url']) ? '' : escape($_POST['url'], 'string'); $desc = escape($_POST['desc'], 'string'); $descl = escape($_POST['descl'], 'textarea'); if (empty($name)) { return 'keinen Namen angegeben.'; } if (empty($desc) or empty($descl)) { return 'kein langer oder/und kein kurzer Text angegeben.'; } if (empty($url) and empty($_FILES['file']['name'])) { return 'Keine Datei oder Link angegeben.'; } if (!empty($_FILES['file']['name'])) { $rtype = trim(ic_mime_type($_FILES['file']['tmp_name'])); $fname = escape($_FILES['file']['name'], 'string'); $fende = preg_replace("/.+\\.([a-zA-Z]+)\$/", "\\1", $fname); $fende = strtolower($fende); if ($_FILES['file']['size'] > 2097000) { # 2 mb (2 097 152) return 'Die Datei darf NICHT grösser als 2 MBytes sein.'; } if ($fende != 'rar' and $fende != 'zip' and $fende != 'tar' or $rtype != 'application/x-rar' and $rtype != 'application/x-zip' and $rtype != 'application/x-tar') { return 'Die Datei darf nur die Endungen: .zip, .tar oder .rar haben.'; } $fname = str_replace('.' . $fende, '', $fname); $fname = preg_replace("/[^a-zA-Z0-9]/", "", $fname); $fname = $fname . '.' . $fende; if (file_exists('include/downs/downloads/user_upload/' . $fname)) { return 'Die Datei existiert bereits und kann nicht überschrieben werden.'; } if (move_uploaded_file($_FILES['file']['tmp_name'], 'include/downs/downloads/user_upload/' . $fname)) { $url = 'include/downs/downloads/user_upload/' . $fname; @chmod($url, 0777); } } if (empty($url)) { return 'Keine Datei oder Link angegeben'; } db_query("INSERT INTO prefix_downloads (`time`,`cat`,`creater`,`version`,`url`,surl,`ssurl`,`name`,`desc`,`descl`,pos) VALUES (NOW(),-1,'" . $autor . "','" . $version . "','" . $url . "','" . $surl . "','" . $ssurl . "','" . $name . "','" . $desc . "','" . $descl . "','0')"); return true; }
$newpw = user_pw_crypt($_POST['np1']); db_query("UPDATE prefix_user SET pass = '******' WHERE id = " . $_SESSION['authid']); user_set_cookie($_SESSION['authid'], $newpw); $fmsg = $lang['passwortchanged']; } else { $fmsg = $lang['passwortwrong']; } } else { $fmsg = $lang['passwortnotequal']; } } # avatar speichern START $avatar_sql_update = ''; if (!empty($_FILES['avatarfile']['name']) and $allgAr['forum_avatar_upload']) { $file_tmpe = $_FILES['avatarfile']['tmp_name']; $rile_type = ic_mime_type($_FILES['avatarfile']['tmp_name']); $file_type = $_FILES['avatarfile']['type']; $file_size = $_FILES['avatarfile']['size']; $fmsg = $lang['avatarisnopicture']; $size = @getimagesize($file_tmpe); $endar = array(1 => 'gif', 2 => 'jpg', 3 => 'png'); if (($size[2] == 1 or $size[2] == 2 or $size[2] == 3) and $size[0] > 10 and $size[1] > 10 and substr($file_type, 0, 6) == 'image/' and substr($rile_type, 0, 6) == 'image/') { $endung = $endar[$size[2]]; $breite = $size[0]; $hoehe = $size[1]; $fmsg = $lang['avatarcannotupload']; if ($file_size <= $allgAr['Fasize'] and $breite <= $allgAr['Fabreite'] and $hoehe <= $allgAr['Fahohe']) { $neuer_name = 'include/images/avatars/' . $_SESSION['authid'] . '.' . $endung; @unlink(db_result(db_query("SELECT avatar FROM prefix_user WHERE id = " . $_SESSION['authid']), 0)); move_uploaded_file($file_tmpe, $neuer_name); @chmod($neuer_name, 0777);
$design->header(); $tpl = new tpl('user/gallery'); $tpl->set('uid', $uid); $tpl->set('uname', $uname); // bild loeschen... if ($menu->getA(4) == 'd' and is_numeric($menu->getE(4)) and loggedin() and (is_siteadmin() or $uid == $_SESSION['authid'])) { $delid = escape($menu->getE(4), 'integer'); $x = @db_result(db_query("SELECT `endung` FROM `prefix_usergallery` WHERE `uid` = " . $uid . " AND `id` = " . $delid), 0, 0); if (!empty($x)) { @unlink('include/images/usergallery/img_thumb_' . $delid . '.' . $x); @unlink('include/images/usergallery/img_' . $delid . '.' . $x); @db_query("DELETE FROM `prefix_usergallery` WHERE `uid` = " . $uid . " AND `id` = " . $delid); } } // bild hochladen if (!empty($_FILES['file']['name']) and is_writeable('include/images/usergallery') and loggedin() and $uid == $_SESSION['authid'] and substr(ic_mime_type($_FILES['file']['tmp_name']), 0, 6) == 'image/') { require_once 'include/includes/func/gallery.php'; $size = @getimagesize($_FILES['file']['tmp_name']); $fende = preg_replace("/.+\\.([a-zA-Z]+)\$/", "\\1", $_FILES['file']['name']); $fende = strtolower($fende); if (!empty($_FILES['file']['name']) and $size[0] > 10 and $size[1] > 10 and ($size[2] == 2 or $size[2] == 3 or $size[2] == 1) and ($fende == 'gif' or $fende == 'jpg' or $fende == 'jpeg' or $fende == 'png')) { $name = $_FILES['file']['name']; $tmp = explode('.', $name); $tm1 = count($tmp) - 1; $endung = escape($tmp[$tm1], 'string'); unset($tmp[$tm1]); $name = escape(implode('', $tmp), 'string'); $besch = escape($_POST['text'], 'string'); $id = db_result(db_query("SHOW TABLE STATUS FROM `" . DBDATE . "` LIKE 'prefix_usergallery'"), 0, 'Auto_increment'); $bild_url = 'include/images/usergallery/img_' . $id . '.' . $endung; if (@move_uploaded_file($_FILES['file']['tmp_name'], $bild_url)) {
@chmod($neuer_name, 0777); $avatar_sql_update = "avatar = '" . $neuer_name . "',"; $fmsg = $lang['pictureuploaded']; } } } elseif (isset($_POST['avatarloeschen'])) { $fmsg = $lang['picturedelete']; @unlink(db_result(db_query("SELECT avatar FROM prefix_user WHERE id = " . $_SESSION['authid']), 0)); $avatar_sql_update = "avatar = '',"; } # avatar speichern ENDE # titelbild speichern START $titelbild_sql_update = ''; if (!empty($_FILES['titelbildfile']['name']) and $allgAr['forum_avatar_upload']) { $file_tmpe = $_FILES['titelbildfile']['tmp_name']; $rile_type = ic_mime_type($_FILES['titelbildfile']['tmp_name']); $file_type = $_FILES['titelbildfile']['type']; $file_size = $_FILES['titelbildfile']['size']; $fmsg = $lang['avatarisnopicture']; $size = @getimagesize($file_tmpe); $endar = array(1 => 'gif', 2 => 'jpg', 3 => 'png'); if (($size[2] == 1 or $size[2] == 2 or $size[2] == 3) and $size[0] > 10 and $size[1] > 10 and substr($file_type, 0, 6) == 'image/' and substr($rile_type, 0, 6) == 'image/') { $endung = $endar[$size[2]]; $breite = $size[0]; $hoehe = $size[1]; $fmsg = $lang['avatarcannotupload']; if ($file_size <= $allgAr['Fasize'] and $breite <= '600' and $hoehe <= '200') { $neuer_name = 'include/images/titelbild/' . $_SESSION['authid'] . '.' . $endung; @unlink(db_result(db_query("SELECT titelbild FROM prefix_user WHERE id = " . $_SESSION['authid']), 0)); move_uploaded_file($file_tmpe, $neuer_name); @chmod($neuer_name, 0777);