<!--DAN's CODE FOR UPLOADING TEXT--><?php//user has logged into the admin

1. <!--DAN's CODE FOR UPLOADING TEXT-->
2.  
3. <?php
4. //user has logged into the admin part of the site
5. include '../inc/connect_db.php';
6.  
7. print("<h1>Epilepsy Durham Region - Admin Area</h1> <br />
8. <h2>Create An Event</h2></br >");
9.  
10.  
11. $x=0;
12. $result = mysql_query('SELECT * FROM EDR_events');
13. while($row = mysql_fetch_array($result)){
14.  
15. print("<form id='form1' action='main.php' method='GET'>");
16. $a = $row['Title'];
17. print("Event Title: <input type='text' id='eventTitle' size='30' value='$a' /><br />");
18. $b = $row['Date'];
19. print("Event Date: <input type='text' id='eventDate' size='30' value='$b' /><br />");
20. $c = $row['Details'];
21. print("Event Details:<br /><textarea id='eventDetails' rows='6' cols='60'>$c</textarea><br />
22. <input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Submit\" />
23. ");
24. $x++;
25. print("</form>");
26.  
27. $test1 = stripslashes($row[2]);
28.  
29. /*
30. if(isset($_GET['submit'])){
31.  
32. $result2 = mysql_query("UPDATE EDR_events SET Title='$test1', Date='$test2', Details='$test3'; ");
33. $result2;
34.  
35. }
36. */
37. }
38.  
39.  
40.  
41.  
42. //if title, and date are full, and submit is pressed, upload info to server
43.  
44.  
45.  
46. /*
47. print("
48. $result = mysql_query('SELECT * FROM users');
49. while($row = mysql_fetch_array($result)){
50. if(
51. (($_POST['userEmail']) == ($row['email']))&&
52. (md5($_POST['userPassword']) == ($row['password']))
53. ) {
54. $_SESSION['loggedIn'] = 'LI';
55. $_SESSION['idKey'] = ($row['id']);
56. header( 'refresh:0.1;' );
57. }
58. }
59. ");
60.  
61.  
62.  
63.  
64.  
65.  
66.  
67. <br />
68. <h3>Event 2:</h3></br />
69. Event Title: <input type='text' id='title' size='30' value='' /><br />
70. Event Date: <input type='text' id='title' size='30' value='' /><br />
71. Event Details:<br /><textarea rows='6' cols='60'> </textarea><br />
72. <br />
73. <h3>Event 3:</h3></br />
74. Event Title: <input type='text' id='title' size='30' value='' /><br />
75. Event Date: <input type='text' id='title' size='30' value='' /><br />
76. Event Details:<br /><textarea rows='6' cols='60'> </textarea><br />
77. <br />
78. <h3>Event 4:</h3></br />
79. Event Title: <input type='text' id='title' size='30' value='' /><br />
80. Event Date: <input type='text' id='title' size='30' value='' /><br />
81. Event Details:<br /><textarea rows='6' cols='60'> </textarea><br />
82. <br />
83. <h3>Event 5:</h3></br />
84. Event Title: <input type='text' id='title' size='30' value='' /><br />
85. Event Date: <input type='text' id='title' size='30' value='' /><br />
86. Event Details:<br /><textarea rows='6' cols='60'> </textarea><br />
87.  
88.  
89.  
90.  
91. */
92.  
93. ?>
94.  
95.  
96.  
97.  
98.  
99.  
100.  
101.  
102.  
103.  
104.  
105.  
106.  
107.  
108.  
109.  
110.  
111. <!--tYLERS's CODE FOR UPLOADING iMAGES-->
112.  
113. <?php
114. $db_host = 'markhamt.db.7548211.hostedresource.com'; // don't forget to change
115. $db_user = 'markhamt';
116. $db_pwd = 'db.Qh9qxv';
117.  
118. $database = 'markhamt';
119. $table = 'test_gallery';
120. // use the same name as SQL table
121.  
122. $password = 'EDR';
123. // simple upload restriction,
124. // to disallow uploading to everyone
125.  
126.  
127. if (!mysql_connect($db_host, $db_user, $db_pwd))
128. die("Can't connect to database");
129.  
130. if (!mysql_select_db($database))
131. die("Can't select database");
132.  
133. // This function makes usage of
134. // $_GET, $_POST, etc... variables
135. // completly safe in SQL queries
136. function sql_safe($s)
137. {
138. if (get_magic_quotes_gpc())
139. $s = stripslashes($s);
140.  
141. return mysql_real_escape_string($s);
142. }
143.  
144. // If user pressed submit in one of the forms
145. if ($_SERVER['REQUEST_METHOD'] == 'POST')
146. {
147. // cleaning title field
148. $title = trim(sql_safe($_POST['title']));
149.  
150. if ($title == '') // if title is not set
151. $title = 'untitled';// use (empty title) string
152.  
153. if ($_POST['password'] != $password) // checking passwords
154. $msg = 'Error: wrong upload password';
155. else
156. {
157. if (isset($_FILES['photo']))
158. {
159. @list(, , $imtype, ) = getimagesize($_FILES['photo']['tmp_name']);
160. // Get image type.
161. // We use @ to omit errors
162.  
163. if ($imtype == 3) // checking image type
164. $ext="png"; // to use it later in HTTP headers
165. elseif ($imtype == 2)
166. $ext="jpeg";
167. elseif ($imtype == 1)
168. $ext="gif";
169. else
170. $msg = 'Error: unknown file format';
171.  
172. if (!isset($msg)) // If there was no error
173. {
174. $data = file_get_contents($_FILES['photo']['tmp_name']);
175. $data = mysql_real_escape_string($data);
176. // Preparing data to be used in MySQL query
177.  
178. mysql_query("INSERT INTO {$table}
179. SET ext='$ext', title='$title',
180. data='$data'");
181.  
182. $msg = 'Success: image uploaded';
183. }
184. }
185. elseif (isset($_GET['title'])) // isset(..title) needed
186. $msg = 'Error: file not loaded';// to make sure we've using
187. // upload form, not form
188. // for deletion
189.  
190.  
191. if (isset($_POST['del'])) // If used selected some photo to delete
192. { // in 'uploaded images form';
193. $id = intval($_POST['del']);
194. mysql_query("DELETE FROM {$table} WHERE id=$id");
195. $msg = 'Photo deleted';
196. }
197. }
198. }
199. elseif (isset($_GET['show']))
200. {
201. $id = intval($_GET['show']);
202.  
203. $result = mysql_query("SELECT ext, UNIX_TIMESTAMP(image_time), data
204. FROM {$table}
205. WHERE id=$id LIMIT 1");
206.  
207. if (mysql_num_rows($result) == 0)
208. die('no image');
209.  
210. list($ext, $image_time, $data) = mysql_fetch_row($result);
211.  
212. $send_304 = false;
213. if (php_sapi_name() == 'apache') {
214. // if our web server is apache
215. // we get check HTTP
216. // If-Modified-Since header
217. // and do not send image
218. // if there is a cached version
219.  
220. $ar = apache_request_headers();
221. if (isset($ar['If-Modified-Since']) && // If-Modified-Since should exists
222. ($ar['If-Modified-Since'] != '') && // not empty
223. (strtotime($ar['If-Modified-Since']) >= $image_time)) // and grater than
224. $send_304 = true; // image_time
225. }
226.  
227.  
228. if ($send_304)
229. {
230. // Sending 304 response to browser
231. // "Browser, your cached version of image is OK
232. // we're not sending anything new to you"
233. header('Last-Modified: '.gmdate('D, d M Y H:i:s', $ts).' GMT', true, 304);
234.  
235. exit(); // bye-bye
236. }
237.  
238. // outputing Last-Modified header
239. header('Last-Modified: '.gmdate('D, d M Y H:i:s', $image_time).' GMT',
240. true, 200);
241.  
242. // Set expiration time +1 year
243. // We do not have any photo re-uploading
244. // so, browser may cache this photo for quite a long time
245. header('Expires: '.gmdate('D, d M Y H:i:s', $image_time + 86400*365).' GMT',
246. true, 200);
247.  
248. // outputing HTTP headers
249. header('Content-Length: '.strlen($data));
250. header("Content-type: image/{$ext}");
251.  
252. // outputing image
253. echo $data;
254. exit();
255. }
256. ?>
257. <html><head>
258. <title>Epilepsy Durham Region - Admin</title>
259. </head>
260. <body>
261. <?php
262. if (isset($msg)) // this is special section for
263. // outputing message
264. {
265. ?>
266. <p style="font-weight: bold;"><?=$msg?>
267. <br>
268. <a href="<?=$PHP_SELF?>">reload page</a>
269. <!-- I've added reloading link, because
270. refreshing POST queries is not good idea -->
271. </p>
272. <?php
273. }
274. ?>
275. <h1>Epilepsy Durham Region Photo Gallery - Admin Area</h1>
276. <h2>Uploaded images:</h2>
277. <form action="<?=$PHP_SELF?>" method="post">
278. <!-- This form is used for image deletion -->
279.  
280. <?php
281. $result = mysql_query("SELECT id, image_time, title FROM {$table} ORDER BY id DESC");
282. if (mysql_num_rows($result) == 0) // table is empty
283. echo '<ul><li>No images loaded</li></ul>';
284. else
285. {
286. echo '<ul>';
287. while(list($id, $image_time, $title) = mysql_fetch_row($result))
288. {
289. // outputing list
290. echo "<li><input type='radio' name='del' value='{$id}'>";
291. echo "<a href='{$PHP_SELF}?show={$id}'>{$title}</a> &ndash; ";
292. echo "<small>{$image_time}</small></li>";
293. }
294.  
295. echo '</ul>';
296.  
297. echo '<label for="password">Password:</label><br>';
298. echo '<input type="password" name="password" id="password"><br><br>';
299.  
300. echo '<input type="submit" value="Delete selected">';
301. }
302. ?>
303.  
304. </form>
305. <h2>Upload new image:</h2>
306. <form action="<?=$PHP_SELF?>" method="POST" enctype="multipart/form-data">
307. <label for="title">Title:</label><br>
308. <input type="text" name="title" id="title" size="64"><br><br>
309.  
310. <label for="photo">Photo:</label><br>
311. <input type="file" name="photo" id="photo"><br><br>
312.  
313. <label for="password">Password:</label><br>
314. <input type="password" name="password" id="password"><br><br>
315.  
316. <input type="submit" value="upload">
317. </form>
318. </body>
319. </html>
320.  
321.  
322.  
323.  
324.  
325.  
326.  
327.  
328.  
329.  
330.  
331.  
332. <!--tYLERS's ADDITIONAL CODE-->
333.  
334. <?php
335. require_once("./inc/connect_dbo.php");
336. require_once("./inc/upload.class.php");
337. require_once("./inc/html.class.php");
338.  
339. //print("$my_string,$bold,$italic,$size<br />");
340. //$oOop1 = new oop1 ($my_string,$bold,$italic,$size);
341. $oUpload = new Upload($odb, $albums_id);
342.  
343. $oHtml = new Html();
344.  
345.  
346.  
347. //section 2
348. $oUpload->doUpload($_FILES);
349.  
350.  
351.  
352. //section 3
353.  
354.  
355. //section 4
356.  
357. print($oHtml->showHeader());
358.  
359. print($oUpload->displayForm());
360.  
361. print($oHtml->showFooter());
362.  
363. ?>