* * $Id: admin/bin_upload.php, 2005/11/13 17:41:50 Exp $ */ $cd = '..'; require_once $cd . '/include/config.inc.php'; require_once $cd . '/include/fnc_error_msgs.inc.php'; require_once $cd . '/include/http_headers.inc.php'; require_once './include/fnc_admin.inc.php'; session_control(); // No Header sendings against_xss(); if ($session_status == 'on') { if (isset($_POST['bin_title'], $_POST['bin_category'], $_POST['bincomment'])) { $bin_title = insert_safe($_POST['bin_title']); $bin_category = preg_replace('/,+$/', '', insert_safe($_POST['bin_category'])); $bincomment = insert_tag_safe($_POST['bincomment']); if ($cfg['enable_unicode'] == 'on') { mb_convert_variables($cfg['mysql_lang'], "auto", $bin_title, $bincomment, $bin_category); } $binfile = $_FILES['binfile']; if (isset($binfile)) { clearstatcache(); //initialize $bin_src = $binfile["tmp_name"]; $bin_type = $binfile["type"]; $bin_name = $binfile["name"]; $bin_size = filesize($bin_src); //get the size of it if (isset($_POST['bindate']) && preg_match("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", $_POST['bindate'])) { $bin_date = insert_safe($_POST['bindate']); $cmod = preg_replace("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", "\$1\$2\$3\$4\$5\$6", $bin_date);
require_once $cd . '/include/http_headers.inc.php'; require_once './include/fnc_search.inc.php'; require_once './include/fnc_forum.inc.php'; // Block Spams if ($_POST['comment_title'] != '' || $_POST['name'] != '' || $_POST['mail'] != '' || $_POST['address'] != '' || $_POST['comment'] != '' || $_POST['url_key'] != '') { // echo 'Hi, Spammer! :-P'; header('Location: ' . $cd . '/forum/index.php'); exit; } if (isset($_POST['user_name'], $_POST['title'], $_POST['color'], $_POST['user_pass'], $_POST['refer_id'])) { // comment field name $comment_field_name = md5($block_spam['comment_field_name']); $user_name = insert_safe($_POST['user_name']); $mail = insert_safe($_POST['user_email']); $title = insert_tag_safe($_POST['title']); $comment = insert_tag_safe($_POST[$comment_field_name]); $color = insert_safe($_POST['color']); $user_pass = insert_safe($_POST['user_pass']); $refer_id = insert_safe(intval($_POST['refer_id'])); // Unicode conversion if ($cfg['enable_unicode'] == 'on') { mb_convert_variables($cfg['mysql_lang'], 'auto', $user_name, $title, $comment); } // If title is empty $title = $title == '' ? 'Untitled' : $title; // Block Spams if (isset($_POST['user_uri']) && substr_count($_POST['user_uri'], "@") > 0 || substr_count($comment, "http://") >= (int) $block_spam['uri_count'] || preg_match($block_spam['tags'], $_POST[$comment_field_name]) || preg_match($block_spam['keywords'], $_POST[$comment_field_name]) || $block_spam['deny_1byteonly'] == 'yes' && !preg_match('/.*[\\x80-\\xff]/', $_POST[$comment_field_name]) || preg_match($block_spam['tags'], $_POST['title']) || check_spammer() > 0) { // echo 'Hi, Spammer! :-p'; header('Location: ' . $cd . '/forum/index.php'); exit; }
} else { $href = insert_safe($_POST['href']); } // if date time is set, insert it. if not, set current timestamp (UTC + Offset). if (isset($_POST['date']) && isset($_POST['custom_date']) == 'yes' && preg_match("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", $_POST['date'])) { $date = insert_safe($_POST['date']); $fdate = $date; $cmod = preg_replace("/^([0-9]+)-([0-9]+)-([0-9]+).([0-9]+):([0-9]+):([0-9]+)\$/", "\$1\$2\$3\$4\$5\$6", $date); } else { $fdate = gmdate('Y-m-d H:i:s', time() + $cfg['tz'] * 3600); $cmod = gmdate('YmdHis', time() + $cfg['tz'] * 3600); } $name = insert_safe($_POST['name']); // if posted category value were ended with ",(comma)", remove it. $category = preg_replace('/,+$/', '', insert_safe($_POST['category'])); $comment = insert_tag_safe($_POST['comment']); if ($cfg['enable_unicode'] == 'on') { $name = mb_convert_encoding($name, $cfg['mysql_lang'], 'auto'); $category = mb_convert_encoding($category, $cfg['mysql_lang'], 'auto'); $comment = mb_convert_encoding($comment, $cfg['mysql_lang'], 'auto'); } // First, upload the attachment files file_upload(); // Save Trackback Ping URI if ($cfg['trackback'] == 'on') { if (!empty($_POST['send_ping_uri'])) { $tb_table = ', `ping_uri`'; $senduri = insert_safe($_POST['send_ping_uri']); $tb_table_value = ", '" . $senduri . "'"; $tb_encode = '&encode=' . insert_safe($_POST['encode']); } else {