$submit_criteria = unserialize($data['submit_criteria']);
$photo_title = stripinput($_POST['photo_title']);
$photo_description = stripinput($_POST['photo_description']);
$album_id = isnum($_POST['album_id']) ? $_POST['album_id'] : "0";
$photo_name = strtolower(substr($submit_criteria['photo_file'], 0, strrpos($submit_criteria['photo_file'], ".")));
$photo_ext = strtolower(strrchr($submit_criteria['photo_file'], "."));
$photo_dest = PHOTOS . (!SAFEMODE ? "album_" . $album_id . "/" : "");
$photo_file = image_exists($photo_dest, $photo_name . $photo_ext);
copy(PHOTOS . "submissions/" . $submit_criteria['photo_file'], $photo_dest . $photo_file);
chmod($photo_dest . $photo_file, 0644);
unlink(PHOTOS . "submissions/" . $submit_criteria['photo_file']);
$imagefile = @getimagesize($photo_dest . $photo_file);
$photo_thumb1 = image_exists($photo_dest, $photo_name . "_t1" . $photo_ext);
createthumbnail($imagefile[2], $photo_dest . $photo_file, $photo_dest . $photo_thumb1, $settings['thumb_w'], $settings['thumb_h']);
if ($imagefile[0] > $settings['photo_w'] || $imagefile[1] > $settings['photo_h']) {
$photo_thumb2 = image_exists($photo_dest, $photo_name . "_t2" . $photo_ext);
createthumbnail($imagefile[2], $photo_dest . $photo_file, $photo_dest . $photo_thumb2, $settings['photo_w'], $settings['photo_h']);
}
$photo_order = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='{$album_id}'"), 0) + 1;
$result = dbquery("INSERT INTO " . DB_PHOTOS . " (album_id, photo_title, photo_description, photo_filename, photo_thumb1, photo_thumb2, photo_datestamp, photo_user, photo_views, photo_order, photo_allow_comments, photo_allow_ratings) VALUES ('{$album_id}', '{$photo_title}', '{$photo_description}', '{$photo_file}', '{$photo_thumb1}', '{$photo_thumb2}', '" . time() . "', '" . $data['submit_user'] . "', '0', '{$photo_order}', '1', '1' ,'" . LANGUAGE . "')");
$result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'");
opentable($locale['580']);
echo "<br /><div style='text-align:center'>" . $locale['581'] . "<br /><br />\n";
echo "<a href='" . FUSION_SELF . $aidlink . "'>" . $locale['402'] . "</a><br /><br />\n";
echo "<a href='index.php" . $aidlink . "'>" . $locale['403'] . "</a></div><br />\n";
closetable();
} else {
redirect(FUSION_SELF . $aidlink);
}
} else {
if (isset($_POST['delete']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) {
if (!preg_match("/^[-0-9A-Z_\\.\\[\\]\\s]+\$/i", $album_pic['name'])) {
$error = 1;
} elseif ($album_pic['size'] > $settings['photo_max_b']) {
$error = 2;
} elseif (!in_array($album_ext, $album_types)) {
$error = 3;
} else {
@unlink(PHOTOS . "temp" . $album_ext);
move_uploaded_file($album_pic['tmp_name'], PHOTOS . "temp" . $album_ext);
chmod(PHOTOS . "temp" . $album_ext, 0644);
$imagefile = @getimagesize(PHOTOS . "temp" . $album_ext);
if ($imagefile[0] > $settings['photo_max_w'] || $imagefile[1] > $settings['photo_max_h']) {
$error = 4;
@unlink(PHOTOS . "temp" . $album_ext);
} else {
$album_thumb = image_exists(PHOTOS, $album_pic['name']);
createthumbnail($imagefile[2], PHOTOS . "temp" . $album_ext, PHOTOS . $album_thumb, $settings['thumb_w'], $settings['thumb_h']);
@unlink(PHOTOS . "temp" . $album_ext);
}
}
}
if (!$error) {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['album_id']) && isnum($_GET['album_id']))) {
$old_album_order = dbresult(dbquery("SELECT album_order FROM " . DB_PHOTO_ALBUMS . " WHERE album_id='" . $_GET['album_id'] . "'"), 0);
if ($album_order > $old_album_order) {
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order-1)\r\n\t\t\t\t\t\tWHERE album_order>'{$old_album_order}' AND album_order<='{$album_order}'");
} elseif ($album_order < $old_album_order) {
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order+1)\r\n\t\t\t\t\t\tWHERE album_order<'{$old_album_order}' AND album_order>='{$album_order}'");
}
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_title='{$album_title}', album_description='{$album_description}',\r\n\t\t\t\t\t" . (isset($album_thumb) ? " album_thumb='{$album_thumb}'," : "") . " album_user='******'user_id'] . "',\r\n\t\t\t\t\talbum_parent='{$album_parent}', album_access='{$album_access}', album_order='{$album_order}' WHERE album_id='" . $_GET['album_id'] . "'");
// Pimped: Subcategories
$t->set_var("product_new_class", "");
$t->set_var("product_new_image", "");
}
if (!$allowed_items_ids || !in_array($item_id, $allowed_items_ids)) {
$t->set_var("restricted_class", " restrictedItem");
$t->sparse("restricted_image", false);
} else {
$t->set_var("restricted_class", "");
$t->set_var("restricted_image", "");
}
$small_image = $db->f("small_image");
$small_image_alt = get_translation($db->f("small_image_alt"));
if (!strlen($small_image)) {
$image_exists = false;
$small_image = $product_no_image;
} elseif (!image_exists($small_image)) {
$image_exists = false;
$small_image = $product_no_image;
} else {
$image_exists = true;
}
if ($small_image) {
if (preg_match("/^http\\:\\/\\//", $small_image)) {
$image_size = "";
} else {
$image_size = @GetImageSize($small_image);
if ($image_exists && ($watermark || $restrict_products_images)) {
$small_image = "image_show.php?item_id=" . $item_id . "&type=" . $image_type_name . "&vc=" . md5($small_image);
}
}
if (!strlen($small_image_alt)) {
}
$t->set_var("a_super_image_js", $a_super_image_js);
$t->set_var("img_super_image_js", $img_super_image_js);
$big_image = $db->f("big_image");
if (!$big_image) {
$big_image = $db->f("small_image");
$watermark = $watermark_small_image;
$watermark_type = "small";
} else {
$watermark = $watermark_big_image;
$watermark_type = "large";
}
if (!$big_image) {
$image_exists = false;
$big_image = $product_no_image_large;
} elseif (!image_exists($big_image)) {
$image_exists = false;
$big_image = $product_no_image_large;
} else {
$image_exists = true;
}
$big_image_alt = get_translation($db->f("big_image_alt"));
if (!$big_image_alt) {
$big_image_alt = get_translation($db->f("small_image_alt"));
}
$product_image_width = 0;
if ($big_image) {
if (preg_match("/^http(s)?:\\/\\//", $big_image)) {
$image_size = "";
} else {
$image_size = @getimagesize($big_image);
if (!preg_match("/^[-0-9A-Z_\\.\\[\\]\\s]+\$/i", $album_name)) {
$error = 1;
} elseif ($album_pic['size'] > $settings['photo_max_b']) {
$error = 2;
} elseif (!in_array($album_ext, $album_types)) {
$error = 3;
} else {
// @unlink(PHOTOS."temp".$album_ext);
move_uploaded_file($album_pic['tmp_name'], PHOTOS . "temp" . $album_ext);
chmod(PHOTOS . "temp" . $album_ext, 0644);
$imagefile = @getimagesize(PHOTOS . "temp" . $album_ext);
if ($imagefile[0] > $settings['photo_max_w'] || $imagefile[1] > $settings['photo_max_h']) {
$error = 4;
@unlink(PHOTOS . "temp" . $album_ext);
} else {
$album_thumb = image_exists(PHOTOS, $album_name . $album_ext);
createthumbnail($imagefile[2], PHOTOS . "temp" . $album_ext, PHOTOS . $album_thumb, $settings['thumb_w'], $settings['thumb_h']);
@unlink(PHOTOS . "temp" . $album_ext);
}
}
}
if (!$error) {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['album_id']) && isnum($_GET['album_id']))) {
$old_album_order = dbresult(dbquery("SELECT album_order FROM " . DB_PHOTO_ALBUMS . " WHERE album_id='" . $_GET['album_id'] . "'"), 0);
if ($album_order > $old_album_order) {
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order-1) WHERE album_order>'{$old_album_order}' AND album_order<='{$album_order}'");
} elseif ($album_order < $old_album_order) {
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order+1) WHERE album_order<'{$old_album_order}' AND album_order>='{$album_order}'");
}
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_title='{$album_title}', album_description='{$album_description}'," . (isset($album_thumb) ? " album_thumb='{$album_thumb}'," : "") . " album_user='******'user_id'] . "', album_access='{$album_access}', album_order='{$album_order}' WHERE album_id='" . $_GET['album_id'] . "'");
$rowstart = $album_order > $settings['thumbs_per_page'] ? (ceil($album_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0";
$description2 = get_translation($db->f("short_description"));
} elseif ($desc_type == 1) {
$description = get_translation($db->f("short_description"));
}
$image = "";
$image_alt = "";
if ($desc_image == 3) {
$image = $db->f("image_large");
$image_alt = get_translation($db->f("image_large_alt"));
} elseif ($desc_image == 2) {
$image = $db->f("image");
$image_alt = get_translation($db->f("image_alt"));
}
if (!strlen($image)) {
$image_exists = false;
} elseif (!image_exists($image)) {
$image_exists = false;
} else {
$image_exists = true;
}
if (strlen($description) || $image_exists) {
$html_template = get_setting_value($block, "html_template", "block_category_description.html");
$t->set_file("block_body", $html_template);
if ($image_exists) {
if (preg_match("/^http\\:\\/\\//", $image)) {
$image_size = "";
} else {
$image_size = @GetImageSize($image);
if (isset($restrict_categories_images) && $restrict_categories_images) {
$image = "image_show.php?category_id=" . $category_id . "&type=large";
}
function route_request($request)
{
if (!empty($request['p'])) {
if ($request['p'] === 'index') {
// Display a full list of images
return display_index();
} else {
// Display the requested image if it exists, the latest otherwise
if (image_exists($request['p'] . '.jpg')) {
return display_image($request['p'] . '.jpg');
} else {
return display_latest();
}
}
} else {
// Display the latest image
return display_latest();
}
}
$filetype = 2;
} elseif ($image_ext == ".png") {
$filetype = 3;
} else {
$filetype = false;
}
if (!preg_match("/^[-0-9A-Z_\\.\\[\\]]+\$/i", $image_name)) {
$error = 1;
} elseif ($image['size'] > $settings['news_photo_max_b']) {
$error = 2;
} elseif (!$filetype) {
$error = 3;
} else {
$image_t1 = image_exists(IMAGES_N_T, $image_name . "_t1" . $image_ext);
$image_t2 = image_exists(IMAGES_N_T, $image_name . "_t2" . $image_ext);
$image_full = image_exists(IMAGES_N, $image_name . $image_ext);
move_uploaded_file($_FILES['news_image']['tmp_name'], IMAGES_N . $image_full);
if (function_exists("chmod")) {
@chmod(IMAGES_N . $image_full, 0644);
}
$imagefile = @getimagesize(IMAGES_N . $image_full);
if ($imagefile[0] > $settings['news_photo_max_w'] || $imagefile[1] > $settings['news_photo_max_h']) {
$error = 4;
unlink(IMAGES_N . $image_full);
} else {
createthumbnail($filetype, IMAGES_N . $image_full, IMAGES_N_T . $image_t1, $settings['news_photo_w'], $settings['news_photo_h']);
if ($settings['news_thumb_ratio'] == 0) {
createthumbnail($filetype, IMAGES_N . $image_full, IMAGES_N_T . $image_t2, $settings['news_thumb_w'], $settings['news_thumb_h']);
} else {
createsquarethumbnail($filetype, IMAGES_N . $image_full, IMAGES_N_T . $image_t2, $settings['news_thumb_w']);
}
require_once INCLUDES . "photo_functions_include.php";
$avatarname = strrchr(stripinput($_POST['user_avatarnet']), "/");
$avatarname = str_replace("/", "", $avatarname);
$avatarext = strrchr($avatarname, ".");
$avatarname = substr($avatarname, 0, strrpos($avatarname, "."));
if (preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $avatarname) && preg_match("/(\\.gif|\\.GIF|\\.jpg|\\.JPG|\\.jpeg|\\.JPEG|\\.png|\\.PNG)\$/", $avatarext)) {
$avatarname = $avatarname . "[" . $userdata['user_id'] . "]" . $avatarext;
$image = stripinput($_POST['user_avatarnet']);
copy($image, IMAGES_AVA . $avatarname);
// Some more checks
if (!verify_image(IMAGES_AVA . $avatarname)) {
@unlink(IMAGES_AVA . $avatarname);
$set_avatar = "";
} else {
$imagefile = getimagesize(IMAGES_AVA . $avatarname);
$avatarname_thumb = image_exists(IMAGES_AVA, $avatarname);
if ($imagefile[0] > $settings['avatar_width'] || $imagefile[1] > $settings['avatar_height']) {
if ($settings['avatar_ratio'] == 0) {
createthumbnail($imagefile[2], IMAGES_AVA . $avatarname, IMAGES_AVA . $avatarname_thumb, $settings['avatar_width'], $settings['avatar_height']);
} else {
createsquarethumbnail($imagefile[2], IMAGES_AVA . $avatarname, IMAGES_AVA . $avatarname_thumb, $settings['avatar_width']);
}
@unlink(IMAGES_AVA . $avatarname);
$set_avatar = ", user_avatar='" . $avatarname_thumb . "'";
} else {
$set_avatar = ", user_avatar='" . $avatarname . "'";
}
}
}
}
}
/**
* Copy a file from any source to any destination
* @param $source -- copy file from URL
* @param $destination -- copy file to folder
*/
function copy_file($source, $destination)
{
$upload['name'] = '';
$upload['error'] = true;
function getimg($url)
{
$headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg';
$headers[] = 'Connection: Keep-Alive';
$headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8';
$user_agent = 'php';
$process = curl_init($url);
curl_setopt($process, CURLOPT_HTTPHEADER, $headers);
curl_setopt($process, CURLOPT_HEADER, 0);
curl_setopt($process, CURLOPT_USERAGENT, $useragent);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
$return = curl_exec($process);
curl_close($process);
return $return;
}
$file = basename($source);
$image_name = image_exists($destination, $file);
$image = getimg($source);
if ($image) {
$fopen = file_put_contents($destination . '/' . $image_name, $image);
if (!empty($fopen)) {
$upload['name'] = $file;
$upload['error'] = false;
}
}
return $upload;
}
$submit_info['photo_description'] = stripinput($_POST['photo_description']);
$submit_info['album_id'] = isnum($_POST['album_id']) ? $_POST['album_id'] : "0";
if (is_uploaded_file($_FILES['photo_pic_file']['tmp_name'])) {
$photo_types = array(".gif", ".jpg", ".jpeg", ".png");
$photo_pic = $_FILES['photo_pic_file'];
$photo_name = stripfilename(strtolower(substr($photo_pic['name'], 0, strrpos($photo_pic['name'], "."))));
$photo_ext = strtolower(strrchr($photo_pic['name'], "."));
$photo_dest = PHOTOS . "submissions/";
if (!preg_match("/^[-0-9A-Z_\\[\\]]+\$/i", $photo_name)) {
$error = 1;
} elseif ($photo_pic['size'] > $settings['photo_max_b']) {
$error = 2;
} elseif (!in_array($photo_ext, $photo_types)) {
$error = 3;
} else {
$photo_file = image_exists($photo_dest, $photo_name . $photo_ext);
move_uploaded_file($photo_pic['tmp_name'], $photo_dest . $photo_file);
chmod($photo_dest . $photo_file, 0644);
$imagefile = @getimagesize($photo_dest . $photo_file);
if (!verify_image($photo_dest . $photo_file)) {
$error = 3;
unlink($photo_dest . $photo_file);
} elseif ($imagefile[0] > $settings['photo_max_w'] || $imagefile[1] > $settings['photo_max_h']) {
$error = 4;
unlink($photo_dest . $photo_file);
} else {
$submit_info['photo_file'] = $photo_file;
}
}
}
add_to_title($locale['global_200'] . $locale['570']);
function db_query_series_whats_trending($mysqli, $where_clause)
{
if (empty($where_clause)) {
$query = "SELECT * FROM series";
} else {
$where_clause = trim($where_clause);
$query = "SELECT * FROM series WHERE title='" . $where_clause . "'";
}
// echo "query: " . $query . "\n";
if ($result = $mysqli->query($query)) {
$return_str = "";
while ($row = $result->fetch_assoc()) {
$year = $row["year"];
$year_exploded = explode("-", $year);
$start_year = $year_exploded[0];
if (intval($start_year) == 2015) {
$title = $row["title"];
$poster = $row["poster"];
$poster = substr($poster, 34);
$poster = image_exists($poster);
$return_str .= "<series>";
$return_str .= '<title>' . $title . '</title>';
$return_str .= '<year>' . $year . '</year>';
$return_str .= '<rated>' . $row["rated"] . '</rated>';
$return_str .= '<released>' . $row["released"] . '</released>';
$return_str .= '<runtime>' . $row["runtime"] . '</runtime>';
$return_str .= '<genre>' . $row["genre"] . '</genre>';
$return_str .= '<director>' . $row["director"] . '</director>';
$return_str .= '<actors>' . $row["actors"] . '</actors>';
$return_str .= '<plot>' . $row["plot"] . '</plot>';
$return_str .= '<language>' . $row["language"] . '</language>';
$return_str .= '<country>' . $row["country"] . '</country>';
$return_str .= '<poster>' . $poster . '</poster>';
// $return_str .= '<awards>'.$row["awards"].'</awards>';
$return_str .= "</series>";
}
}
mysqli_free_result($result);
return $return_str;
}
}
