$db_read = get_db_read();
$db_write = get_db_write();
if (!$me) {
show_error_redirect_back("Please log in before uploading an image");
}
if (isset($_SESSION['image_filename']) == false) {
show_error_redirect_back("Error uploading image! A session variable is missing set, so either there was a session timeout or you tried to reload the page. Please try again.");
}
$image_filename = $_SESSION['image_filename'];
$_SESSION['image_filename'] = null;
if (isset($_POST['category_id']) == false || is_numeric($_POST['category_id']) == false) {
show_error_redirect_back("Error -- category wasn't found");
}
$title = mysql_escape_string(htmlentities(trim($_POST['title'])));
$caption = mysql_escape_string(nl2br(htmlentities(trim($_POST['caption']))));
$category = get_category_by_category_id($_POST['category_id'], $db_read);
if (validate_title($title) == false) {
show_error_redirect_back("Invalid title. Titles have to be 0-{$max_length_title} characters.");
}
if (validate_comment($caption) == false) {
show_error_redirect_back("Invalid caption. Captions have to be 0-{$max_length_comment} characters.");
}
# Make sure he's uploading to his own category
$result = try_mysql_query("SELECT * FROM categories WHERE user_id='" . $me['user_id'] . "' AND category_id='" . $category['category_id'] . "'", $db_read);
if (mysql_num_rows($result) == 0) {
show_error_redirect_back("Invalid category.");
}
mysql_free_result($result);
# Insert the new picture
try_mysql_query("INSERT INTO pictures (category_id, title, filename, caption, date_added) VALUES ('" . $category['category_id'] . "', '{$title}', '{$image_filename}', '{$caption}', NOW())", $db_write);
$picture_id = mysql_insert_id($db_write);
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# show_category.php
# This shows a list of the pictures in a category. Hopefully, eventually, with
# thumbnails.
#
header('Pragma: no-cache');
require 'shared.php';
$db = get_db_read();
$_SESSION['back'] = $_SERVER['REQUEST_URI'];
if (isset($_GET['category_id']) == false || is_numeric($_GET['category_id']) == false) {
show_error_redirect_back("No category_id specified");
}
$category_id = $_GET['category_id'];
$category_information = get_category_by_category_id($category_id, $db);
if (!$category_information || !$me && $category_information['private'] != 0) {
show_error_redirect_back("invalid category_id");
}
$user_information = get_user_by_user_id($category_information['user_id'], $db);
# Check if the category is private
$pictures = get_pictures_by_category_id($category_id, $db);
# Display the table of pictures
$new_pictures = array();
foreach ($pictures as $picture) {
$picture['url'] = "show_picture.php?picture_id=" . $picture['picture_id'];
$picture['picture_url'] = "picture.php?picture_id=" . $picture['picture_id'];
$picture['tn_url'] = "picture.php?tn=true&picture_id=" . $picture['picture_id'];
$picture['num_comments'] = count(get_comments_by_picture_id($picture['picture_id'], $db));
array_push($new_pictures, $picture);
}
# show_picture.php
# This shows the selected picture, with information about it.
#
header('Pragma: no-cache');
require 'shared.php';
# Make a connection to the database
$db = get_db_read();
$_SESSION['back'] = $_SERVER['REQUEST_URI'];
if (isset($_GET['picture_id']) == false || is_numeric($_GET['picture_id']) == false) {
show_error_redirect_back("Invalid picture");
}
$picture_id = $_GET['picture_id'];
# Get the current picture
$picture = get_picture_from_picture_id($picture_id, $db) or show_error_redirect_back("Invalid picture");
# Get the category
$category = get_category_by_category_id($picture['category_id'], $db) or show_error_redirect_back("Invalid picture");
# Get the user
$user = get_user_by_user_id($category['user_id'], $db) or show_error_redirect_back("Invalid picture");
# Check if the category is private
if (!$me && $category['private'] == '1') {
show_error_redirect_back("Invalid picture");
}
# Get the images in the category
$pictures = get_pictures_by_category_id($category['category_id'], $db);
$prev_picture = null;
$next_picture = null;
# Find the next and previous picture
$done = false;
while (!$done && ($this_picture = array_shift($pictures))) {
if ($this_picture['picture_id'] == $picture_id) {
if ($this_picture = array_shift($pictures)) {
}
if (isset($_GET['tn']) && $_GET['tn'] == "true") {
$tn = true;
} else {
$tn = false;
}
$picture_id = $_GET['picture_id'];
$db = get_db_read();
# Check if this board requires registration
if (!$me && $require_registration) {
show_error_image("Login required");
}
# Get the information on the picture
$picture = get_picture_from_picture_id($picture_id, $db);
# Get information ont he category
$category = get_category_by_category_id($picture['category_id'], $db);
# Die if the picture doesn't exist
if (!$picture) {
show_error_image("Couldn't find picture");
}
# If they aren't logged in, make sure they have access
if (!$me && $category['private'] == '1') {
if ($category['private'] == 1) {
show_error_image("Couldn't find picture");
}
}
$file = $picture['filename'];
if ($tn == true) {
show_image("{$upload_directory}/tn-{$file}");
} else {
show_image("{$upload_directory}/{$file}");
