<?PHPinclude_once("config.php");$full_path=str_replace("submit.php","",$_S

1. <?PHP
2. include_once("config.php");
3.  
4. $full_path=str_replace("submit.php","",$_SERVER[SCRIPT_FILENAME]);
5. if($full_path==""){$full_path=str_replace("/submit.php","",$_SERVER[SCRIPT_FILENAME]);}
6.  
7. if(!$_GET[a])
8. {
9. include_once("header.php");
10. $categories="<select name=category>\n";
11. $result=mysql_query("SELECT * FROM babeloggerv3_categories ORDER BY id");
12. while($row=mysql_fetch_array($result))
13. {
14. $categories.="<option value=\"$row[name]\">$row[name]</option>\n";
15. }
16. $categories.="</select>\n";
17. $temp=$template_submit;
18. if(strstr($temp,"%url%")){$submit=str_replace("%url%","<input name=url size=45>",$temp);}else{$submit=$temp;}
19. if(strstr($submit,"%title%")){$submit=str_replace("%title%","<input name=title size=30>",$submit);}else{$submit=$submit;}
20. if(strstr($submit,"%description%")){$submit=str_replace("%description%","<textarea name=description cols=34 rows=5></textarea>",$submit);}else{$submit=$submit;}
21. if(strstr($submit,"%username%")){$submit=str_replace("%username%","<input name=username value='$_COOKIE[username]'>",$submit);}else{$submit=$submit;}
22. if(strstr($submit,"%password%")){$submit=str_replace("%password%","<input name=password value='$_COOKIE[password]' type=password> <input name=remember type=checkbox $_COOKIE[remember]> Remember Me",$submit);}else{$submit=$submit;}
23. if(strstr($submit,"%categories%")){$submit=str_replace("%categories%",$categories,$submit);}else{$submit=$submit;}
24. if(strstr($submit,"%image%")){$submit=str_replace("%image%","<input name=image type=radio value='1' checked> Image URL <span class=smallfont>(JPEG and JPG only, $max_image_filesize bytes max)</span>:<br><input name=imageurl size=45><br><b>OR</b><br><input name=image type=radio value='2'> Upload Image <span class=smallfont>(JPEG and JPG only, $max_image_filesize bytes max)</span>:<br><input name=uploadimg type=file size=33>",$submit);}else{$submit=$submit;}
25. print $submit;
26. include_once("footer.php");
27. }
28.  
29. elseif($_GET[a]=="submit")
30. {
31. $temp=$template_submit;
32. $username=stripslashes($_POST[username]);
33. $password=stripslashes($_POST[password]);
34. $title=stripslashes(addslashes($_POST[title]));
35. $description=stripslashes(addslashes($_POST[description]));
36. $url=stripslashes($_POST[url]);
37. $category=stripslashes($_POST[category]);
38. if(strstr($temp,"%url%") && !$url){die(header("Location: $script_url/msgs.php?msg=submiterror"));}
39. if(strstr($temp,"%title%") && !$title){die(header("Location: $script_url/msgs.php?msg=submiterror"));}
40. if(strstr($temp,"%description%") && !$description){die(header("Location: $script_url/msgs.php?msg=submiterror"));}
41. if(strstr($temp,"%categories%") && !$category){die(header("Location: $script_url/msgs.php?msg=submiterror"));}
42. if(strstr($temp,"%image%") && (!$_POST[imageurl] && !$_FILES['uploadimg']['name'])){die(header("Location: $script_url/msgs.php?msg=submiterror"));}elseif(strstr($temp,"%image%")){$crop_image=true;}
43. if(strstr($temp,"%username%") && !$username)
44. {
45. die(header("Location: $script_url/msgs.php?msg=submiterror"));
46. }
47. else
48. {
49. $result=mysql_query("SELECT username,password,preferred,count(*) as matches FROM babeloggerv3_users GROUP BY username HAVING username='$username'");
50. $row=mysql_fetch_row($result);
51. if(strstr($temp,"%password%") && $password)
52. {
53. if($password!=$row[1]){die(header("Location: $script_url/msgs.php?msg=invalidlogin"));}
54. }
55. if($row[3] && !$password){die(header("Location: $script_url/msgs.php?msg=registereduser"));}
56. $poster=$username;
57. if($row[2]=="yes"){$approved="yes";}
58. }
59. if($_POST[remember]=="on")
60. {
61. setcookie("username",$username,time()+$cookie_time);
62. setcookie("password",$password,time()+$cookie_time);
63. setcookie("remember","checked",time()+$cookie_time);
64. }
65. elseif(isset($_COOKIE['username']))
66. {
67. setcookie("username","",time()-$cookie_time);
68. setcookie("password","",time()-$cookie_time);
69. setcookie("remember","",time()-$cookie_time);
70. }
71. if($crop_image)
72. {
73. if($_POST[image]==1 && $_POST[imageurl])
74. {
75. if(!preg_match("/(.+)\.(jpeg|jpg)$/i", $_POST[imageurl], $matches)){die(header("Location: $script_url/msgs.php?msg=wrongimgfiletype"));}
76. if(!$_POST[imageurl]){die(header("Location: $script_url/msgs.php?msg=submiterror"));}
77. $rnd=rand(0,1000000).".jpg";
78. save_image("$_POST[imageurl]",$full_path.$images_path.$rnd);
79. }
80. elseif($_POST[image]==2 && $_FILES['uploadimg']['name'])
81. {
82. $imgname=$_FILES['uploadimg']['name'];
83. if(!preg_match("/(.+)\.(jpeg|jpg)$/i",$imgname,$matches)){die(header("Location: $script_url/msgs.php?msg=wrongimgfiletype"));}
84. $extension=$matches[2];
85. $rnd=rand(0,10000000).".$extension";
86. copy($_FILES['uploadimg']['tmp_name'],$full_path.$images_path.$rnd) or die(header("Location: $script_url/msgs.php?msg=erroruploadingimage"));
87. $filesize=filesize($full_path.$images_path.$rnd);
88. if($filesize>$max_image_filesize){unlink($full_path.$images_path.$rnd);die(header("Location: $script_url/msgs.php?msg=errorimgsize"));}
89. }
90. $img_area=getimagesize($full_path.$images_path.$rnd);
91. if(($img_area[0]==$max_image_width AND $img_area[1]==$max_image_height) OR $allow_cropping=="no"){$size_match=true;$crop=$approved;}else{$crop="cropping";}
92. mysql_query("INSERT INTO babeloggerv3 (time,title,description,url,category,approved,poster,imgname) VALUES ('".time()."','$title','$description','$url','$category','$crop','$poster','$rnd')");
93. if($allow_cropping=="yes" AND !$size_match)
94. {
95. ?>
96. <link href='babeloggerv3.css' type=text/css rel=stylesheet>
97. <body onload="initPage()" leftmargin="0" topmargin="0" class="body">
98. <script language="JavaScript" src="babeloggerv3.js"></script>
99.  
100. <table style="top: 556px; left: 610px; width: 200px; height: 300px;" id="img_cover" onmousedown="mouseDownImg(event);" onmousemove="mouseMoveImg(event)"><tbody><tr><td>
101. </td></tr></tbody></table>
102. <table style="top: 0pt; left: 0pt; width: 5px; height: 5px; cursor: move;" id="selection" onmousedown="mouseDownSel(event);" onmousemove="mouseMoveSel(event)"><tbody><tr><td>
103. </td></tr></tbody></table>
104.  
105. <table width=400 align=center cellspacing=0 cellpadding=3>
106. <tr>
107. <td class=tdheaderstyle colspan=2 align=center><b>Crop your image</b></td>
108. </tr>
109. <tr>
110. <td align=center>
111. <form style="display:inline" name="thumbForm" action="?a=crop_image" method="post" onsubmit="return fillForm();">
112. <input id="thumbWidth" name="thumbWidth" value="<?php print $max_image_width;?>" size="3" onchange="changeWidth()" type="hidden">
113. <input id="thumbHeight" name="thumbHeight" value="<?php print $max_image_height;?>" size="3" onchange="changeHeight()" type="hidden"></span>
114. <input name="selX" type="hidden">
115. <input name="selY" type="hidden">
116. <input name="selWidth" type="hidden">
117. <input name="selHeight" type="hidden">
118. <input name="image" type="hidden" value="<?php print $rnd;?>">
119. <input name="id" type="hidden" value="<?php print mysql_insert_id();?>">
120. <input name="approved" type="hidden" value="<?php print $approved;?>">
121. <input type="submit" value="crop image">
122. </form><br />
123. Thank you! Please take a moment to crop your image.<br />Click and drag your cursor on the image to crop<br />
124. <img id="img_main" src="<?php print $script_url.$images_path.$rnd;?>" onload="imageLoaded()">
125. </td>
126. </tr>
127. </table>
128. <?php
129. }
130. else{header("Location: $script_url/msgs.php?msg=linksubmitted");}
131. }
132. else
133. {
134. mysql_query("INSERT INTO babeloggerv3 (time,title,description,url,category,approved,poster,imgname) VALUES ('".time()."','$title','$description','$url','$category','$approved','$poster','$rnd')");
135. header("Location: $script_url/msgs.php?msg=linksubmitted");
136. }
137. }
138.  
139. elseif($_GET[a]=="crop_image")
140. {
141. if(0>$_POST[selX] OR 0>$_POST[selY]){die(header("Location: $script_url/msgs.php?msg=didnotcrop"));}
142. $file=$full_path.$images_path.$_POST[image];
143. $image_p=imagecreatetruecolor($_POST[thumbWidth], $_POST[thumbHeight]);
144. $image=imagecreatefromjpeg($file);
145. imagecopyresampled($image_p, $image, 0, 0, $_POST[selX], $_POST[selY], $_POST[thumbWidth], $_POST[thumbHeight], $_POST[selWidth], $_POST[selHeight]);
146. imagejpeg($image_p, $file, $image_quality);
147. imagedestroy($image_p);
148. imagedestroy($image);
149. mysql_query("UPDATE babeloggerv3 SET approved='$_POST[approved]' WHERE id='$_POST[id]'");
150. header("Location: $script_url/msgs.php?msg=linksubmitted");
151. }
152.  
153. function save_image($name,$filename)
154. {
155. global $script_url, $image_quality;
156. $src_img=imagecreatefromjpeg($name) or die(header("Location: $script_url/msgs.php?msg=erroruploadingimage"));
157. imagejpeg($src_img,$filename,$image_quality) or die(header("Location: $script_url/msgs.php?msg=erroruploadingimage"));
158. imagedestroy($src_img);
159. }
160. ?>