API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 6th, 2017
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Pawn 16.98 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. $info_query = mysql_query("SELECT * FROM ".$prefix."ProFolio_info ORDER BY id DESC LIMIT 0,1");
  3.  
  4. if(mysql_num_rows($info_query) < 1){
  5.     $red = "Location: install.php";
  6.     header($red);
  7.     die();
  8. }
  9.  
  10. while($info_row = mysql_fetch_array($info_query)){
  11.     //Login Information
  12.     $username = $info_row['username'];
  13.     $password = $info_row['password'];
  14.    
  15.     //Specific Variables
  16.     $info_id = $info_row['id'];
  17.     $firstname = html_entity_decode($info_row['firstname']);
  18.     $lastname = html_entity_decode($info_row['lastname']);
  19.     $email = html_entity_decode($info_row['email']);
  20.     $phone = html_entity_decode($info_row['phone']);
  21.     $about_page = html_entity_decode($info_row['page_about']);
  22.     $contact_page = html_entity_decode($info_row['page_contact']);
  23.     $sitename = ucwords(strtolower($firstname)).' '.ucwords(strtolower($lastname));
  24. }
  25.  
  26. //You can change these headings below. They will affect the words that show up on the lefthand side links.
  27. $link1 = "home";
  28. $link2 = "portfolio";
  29. $link3 = "about";
  30. $link4 = "contact";
  31. $link5 = "";
  32.  
  33. //Login System - For Security Reasons, Do Not Change The Following Unless Your Know What You're Changing
  34. $LOGGEDIN = 'no';
  35. $username = trim(strtolower($username));
  36. $password = trim(strtolower($password));
  37.     if($_GET['logout'] == 'yes'){
  38.         setcookie("PFlogin", "", mktime(12,0,0,1, 1, 1000));
  39.         setcookie("PFpassw", "", mktime(12,0,0,1, 1, 1000));
  40.         $self = "Location: ".str_replace("?logout=yes", "", $_SERVER['REQUEST_URI']);
  41.         header( "$self" );
  42.     }
  43.  
  44.     if($_COOKIE['PFlogin'] == md5($username)){
  45.         if($_COOKIE['PFpassw'] == md5($password)){
  46.             $LOGGEDIN = 'yes';
  47.         }
  48.     }
  49. if(isset($_POST['login_button'])){
  50.     $sub_username = trim(strtolower($_POST['username']));
  51.     $sub_password = trim(strtolower($_POST['password']));
  52.     if($username == $sub_username && $password == $sub_password){
  53.         $time = 86400 + time();
  54.         setcookie('PFlogin', md5($username), $time);
  55.         setcookie('PFpassw', md5($password), $time);
  56.         $LOGGEDIN = "yes";
  57.     }
  58. }
  59.  
  60. //General Variables
  61. $default_title = '';
  62. $reply = '';
  63. $show_customize = 0;
  64. $show_manage = 0;
  65. $show_settings = 0;
  66. $show_add = 0;
  67. $imagetypes = array("image/gif", "image/jpeg", "image/pjpeg", "image/jpg", "image/png", "image/png-x");
  68. $image_extensions = array("jpg", "pjpeg", "png-x", "png", "jpeg", "gif");
  69. $ok = 0;
  70.  
  71. if($LOGGEDIN == 'yes'){
  72.  
  73.     //Show Manage if After Delete
  74. if(isset($_POST['add_button']) && $_POST['human'] == '' && $LOGGEDIN == 'yes')
  75. {
  76.     if($_GET['s'] == 'm'){
  77.         $show_manage = 1;
  78.     }
  79.     if($_GET['s'] == 'e'){
  80.         $show_settings = 1;
  81.     }
  82. }
  83.    
  84.     function clean($n){
  85.         $n = trim(strip_tags($n));
  86.         $n = htmlentities($n, ENT_QUOTES);
  87.         return $n;
  88.     }
  89.     function clean_page($n){
  90.         $n = nl2br(trim($n));
  91.         $n = htmlentities($n, ENT_QUOTES);
  92.         return $n;
  93.     }
  94.    
  95.     //Add To Portfolio If Set (Make sure it isn't a bot)
  96.     if(isset($_POST['add_button']) && $_POST['human'] == '' && $LOGGEDIN == 'yes'){
  97.         $show_manage = 0;
  98.         $show_add = 1;
  99.         if(!file_exists('Files')){
  100.             mkdir('Files', 0777);
  101.         }
  102.         if(!file_exists('Files_Icons')){
  103.             mkdir('Files_Icons', 0777);
  104.         }
  105.         if(!file_exists('Files_Previews')){
  106.             mkdir('Files_Previews', 0777);
  107.         }
  108.         function file_clean($n){
  109.             $n = str_replace(' ', '_', $n);
  110.             $n = str_replace("'", '', $n);
  111.             $n = str_replace('"', '', $n);
  112.             $n = str_replace('/', '', $n);
  113.             $n = str_replace('\\', '', $n);
  114.             return $n;
  115.         }
  116.            
  117.         $title = clean($_POST['title']);
  118.         $type = $_POST['type'];
  119.         $file = file_clean($_FILES['file']['name']);
  120.         $file = time().'.'.end(explode(".", $file));
  121.         $file_type = strtolower($_FILES['file']['type']);
  122.         $file_tmpname = $_FILES['file']['tmp_name'];
  123.         $preview = file_clean($_FILES['preview']['name']);
  124.         $preview = time().'.'.end(explode(".", $preview));
  125.         $preview_type = strtolower($_FILES['preview']['type']);
  126.         $preview_tmpname = $_FILES['preview']['tmp_name'];
  127.        
  128.         $all_types = array("image/gif", "image/jpeg", "image/pjpeg", "image/jpg", "image/png", "image/png-x", "application/x-shockwave-flash");
  129.        
  130.         //Check to see if all fields were filled out
  131.         if($title == '' || $title == $default_title || $type == '' || $file == ''){
  132.             $reply = "Please give this piece a title, category and choose a file for it.";
  133.         } else {
  134.             if(!in_array($file_type, $all_types)){
  135.                 $reply = "Your file's type isn't allowed.";
  136.             } else {
  137.                 if(!in_array($file_type, $imagetypes) && !in_array($preview_type, $imagetypes)){
  138.                     $reply = "Please select an image preview for your piece.";
  139.                 }
  140.                 if(in_array($file_type, $imagetypes) || in_array($preview_type, $imagetypes)){
  141.                    
  142.                     //New Paths for files
  143.                     $file_path = "Files/".$file;
  144.                     if($preview != ''){
  145.                         $preview_path = "Files_Previews/".$preview;
  146.                     }
  147.                     //Determine endings we'll use for file creations
  148.                     if(!in_array($file_type, $imagetypes)){
  149.                         $ending = $preview;
  150.                     } else {
  151.                         $ending = $file;
  152.                     }
  153.                     $icon_path = "Files_Icons/".$ending;
  154.                    
  155.                     //Move Files
  156.                     move_uploaded_file($file_tmpname, $file_path);
  157.                     if($preview != ''){
  158.                         move_uploaded_file($preview_tmpname, $preview_path);
  159.                     }
  160.                    
  161.                     //Determine if we'll use the file or preview image
  162.                     if(!in_array($file_type, $imagetypes)){
  163.                         $source = $preview_path;
  164.                     } else {
  165.                         $source = $file_path;
  166.                     }
  167.                    
  168.                     //Make Icon
  169.                     include_once('Includes/thumbnail.inc.php');
  170.                    
  171.                     list($width, $height) = getimagesize($source);
  172.                     $thumb = new Thumbnail($source);
  173.                    
  174.                     if($width > $height){
  175.                         $thumb->resize(9999,150);
  176.                     } else {
  177.                         $thumb->resize(150,9999);
  178.                     }
  179.                     $thumb->cropFromCenter(120);
  180.                     $thumb->crop(0,0,120,85);
  181.                     $thumb->save($icon_path,100);
  182.                     $thumb->destruct();
  183.                    
  184.                     //Resize either file or preview, depending on which is the image
  185.                     $thumb2 = new Thumbnail($source);
  186.                     if($width > 680 || $height > 850){
  187.                         $thumb2-> resize(850,680);
  188.                     }
  189.                     if(!in_array($file_type, $imagetypes)){
  190.                         $thumb2->save($preview_path,100);
  191.                         move_uploaded_file($file_tmpname, $file_path);
  192.                     } else {
  193.                         $thumb2->save($file_path,100);
  194.                     }
  195.                     $thumb2->destruct();
  196.                    
  197.                     //Insert Informaiton Into Database
  198.                     $date = time();
  199.                     $query = mysql_query("INSERT INTO ".$prefix."ProFolio_work (date, title, type, file, preview, icon) VALUES ('$date', '$title', '$type', '$file_path', '$preview_path', '$icon_path')");
  200.                     if($query){
  201.                         $title = "";
  202.                         $ok = 1;
  203.                         $red = "Location: index.php?add=$title";
  204.                         header($red);
  205.                     } else {
  206.                         $reply = "There was a problem inserting the information into the database.";
  207.                     }
  208.                 }
  209.             }
  210.         }
  211.         $default_title = $title;
  212.     }
  213.     if (isset($_POST['add']))
  214.     {
  215.         if($_GET['add'] != ''){
  216.             $reply = "<b>".$_GET['add']."</b> was add to your portfolio!";
  217.         }
  218.     }
  219.    
  220.     //Delete From Portfolio If Set
  221.     if (isset($_POST['f']))
  222.     {
  223.     if($_GET['f'] == 'de' && $LOGGEDIN == 'yes'){
  224.         $id = mysql_real_escape_string($_GET['i']);
  225.         if($id > 0){
  226.             $query = mysql_query("SELECT file, icon, preview FROM ".$prefix."ProFolio_work WHERE id = $id");
  227.             while($row = mysql_fetch_array($query)){
  228.                 $file = $row['file'];
  229.                 $preview = $row['preview'];
  230.                 $icon = $row['icon'];
  231.             }
  232.             if(file_exists($file)){
  233.                 unlink($file);
  234.             }
  235.             if(file_exists($preview)){
  236.                 unlink($preview);
  237.             }
  238.             if(file_exists($icon)){
  239.                 unlink($icon);
  240.             }
  241.             mysql_query("DELETE FROM ".$prefix."ProFolio_work WHERE id = '$id'");
  242.            
  243.             $red = "Location: index.php?s=m";
  244.             header($red);
  245.         }
  246.     }
  247.     }
  248.    
  249.     //Edit Portfolio Items If Set
  250.     if(isset($_POST['editButton'])){
  251.         if($LOGGEDIN == 'yes'){
  252.             $show_manage = 1;
  253.             $edit_id = clean($_POST['id']);
  254.             $edit_title = clean($_POST['title_form']);
  255.             $edit_type = clean($_POST['type']);
  256.            
  257.             $exists = mysql_num_rows(mysql_query("SELECT title FROM ".$prefix."ProFolio_work WHERE id = '$edit_id'"));
  258.             if($exists == 1){
  259.                 if($edit_title != ''){
  260.                     mysql_query("UPDATE ".$prefix."ProFolio_work SET title = '$edit_title' WHERE id = '$edit_id'");
  261.                 }
  262.                 if($edit_type != ''){
  263.                     mysql_query("UPDATE ".$prefix."ProFolio_work SET type = '$edit_type' WHERE id = '$edit_id'");
  264.                 }
  265.             }
  266.         }
  267.     }
  268.    
  269.     //Reorder Portfolio Items If Set
  270.     if (isset($_POST['f']))
  271.     {
  272.     if($_GET['f'] == 'up' && $LOGGEDIN == 'yes'){
  273.         $show_manage = 1;
  274.         $id = mysql_real_escape_string($_GET['i']);
  275.         if($id > 0){
  276.             //Find type of piece
  277.             $query = mysql_query("SELECT type FROM ".$prefix."ProFolio_work WHERE id = '$id'");
  278.             $type = mysql_fetch_assoc($query);
  279.             $type = $type['type'];
  280.            
  281.             //Reorder only if others in type
  282.             if(mysql_num_rows(mysql_query("SELECT id FROM ".$prefix."ProFolio_work WHERE type = '$type' AND id > '$id'")) > 0){
  283.                 //Get id of piece that current piece will switch with.
  284.                 $new_query = mysql_query("SELECT id, date FROM ".$prefix."ProFolio_work WHERE type = '$type' AND id > '$id' ORDER BY id ASC LIMIT 0, 1");
  285.                 while($row = mysql_fetch_assoc($new_query)){
  286.                     $new_id = $row['id'];
  287.                 }
  288.                 mysql_query("UPDATE ".$prefix."ProFolio_work SET id = '0' WHERE id = '$id'");
  289.                 mysql_query("UPDATE ".$prefix."ProFolio_work SET id = '$id' WHERE id = '$new_id'");
  290.                 mysql_query("UPDATE ".$prefix."ProFolio_work SET id = '$new_id' WHERE id = '0'");
  291.                 $red = "Location: index.php?s=m";
  292.                 header($red);
  293.             }
  294.         }
  295.     }
  296.     }
  297.     if (isset($_POST['f']))
  298.     {
  299.     if($_GET['f'] == 'dwn' && $LOGGEDIN == 'yes'){
  300.         $show_manage = 1;
  301.         $id = mysql_real_escape_string($_GET['i']);
  302.         if($id > 0){
  303.             //Find type of piece
  304.             $query = mysql_query("SELECT type FROM ".$prefix."ProFolio_work WHERE id = '$id'");
  305.             $type = mysql_fetch_assoc($query);
  306.             $type = $type['type'];
  307.            
  308.             //Reorder only if others in type
  309.             if(mysql_num_rows(mysql_query("SELECT id FROM ".$prefix."ProFolio_work WHERE type = '$type' AND id < '$id'")) > 0){
  310.                 //Get id of piece that current piece will switch with.
  311.                 $new_query = mysql_query("SELECT id, date FROM ".$prefix."ProFolio_work WHERE type = '$type' AND id < '$id' ORDER BY id DESC LIMIT 0, 1");
  312.                 while($row = mysql_fetch_assoc($new_query)){
  313.                     $new_id = $row['id'];
  314.                 }
  315.                 mysql_query("UPDATE ".$prefix."ProFolio_work SET id = '0' WHERE id = '$id'");
  316.                 mysql_query("UPDATE ".$prefix."ProFolio_work SET id = '$id' WHERE id = '$new_id'");
  317.                 mysql_query("UPDATE ".$prefix."ProFolio_work SET id = '$new_id' WHERE id = '0'");
  318.                 $red = "Location: index.php?s=m";
  319.                 header($red);
  320.             }
  321.         }
  322.     }
  323.     }
  324.    
  325.     //Edit Settings And Information If Set
  326.     if(isset($_POST['change_settings']) && $LOGGEDIN == 'yes'){
  327.         $new_username = clean($_POST['username']);
  328.         $new_password = clean($_POST['new_password']);
  329.         $confirm_password = clean($_POST['confirm_password']);
  330.         $new_firstname = clean($_POST['firstname']);
  331.         $new_lastname = clean($_POST['lastname']);
  332.         $new_email = clean($_POST['email']);
  333.         $new_phone = clean($_POST['phone']);
  334.         $new_aboutpage = clean_page($_POST['about_page']);
  335.         $new_contactpage = clean_page($_POST['contact_page']);
  336.         $relogin = 0;
  337.         $show_settings = 1;
  338.        
  339.         if($new_username != clean($username) && $new_username != ''){
  340.             mysql_query("UPDATE ".$prefix."ProFolio_info SET username = '$new_username' WHERE id = '$info_id'");
  341.             $relogin = 1;
  342.         }
  343.         if($new_password != clean($password) && $new_password != ''){
  344.             if( $new_password == $confirm_password){
  345.                 mysql_query("UPDATE ".$prefix."ProFolio_info SET password = '$new_password' WHERE id = '$info_id'");
  346.                 $relogin = 1;
  347.             } else {
  348.                 $reply = 'Your new passwords didn\'t match. Enter the exact same password in the "new password" field and "confirm password" field.<br />';
  349.             }
  350.         }
  351.         if($relogin == 1){
  352.             $reply = "<br />You now need to re-login in order for your new username/password to take effect.<br /><span style='color:#999;'>You are now being logged out...</span>";
  353.             $reply .= '<meta http-equiv="refresh" content="4">';
  354.             $show_settings = 0;
  355.         }
  356.         if($new_email != clean($email)){
  357.             mysql_query("UPDATE ".$prefix."ProFolio_info SET email = '$new_email' WHERE id = '$info_id'");
  358.         }
  359.         if($new_phone != clean($phone)){
  360.             mysql_query("UPDATE ".$prefix."ProFolio_info SET phone = '$new_phone' WHERE id = '$info_id'");
  361.         }
  362.         if($about_page != $new_aboutpage){
  363.             mysql_query("UPDATE ".$prefix."ProFolio_info SET page_about = '$new_aboutpage' WHERE id = '$info_id'");
  364.         }
  365.         if($contact_page != $new_contactpage){
  366.             mysql_query("UPDATE ".$prefix."ProFolio_info SET page_contact = '$new_contactpage' WHERE id = '$info_id'");
  367.         }
  368.         if($new_firstname != clean($firstname)){
  369.             mysql_query("UPDATE ".$prefix."ProFolio_info SET firstname = '$new_firstname' WHERE id = '$info_id'");
  370.         }
  371.         if($new_lastname != clean($lastname)){
  372.             mysql_query("UPDATE ".$prefix."ProFolio_info SET lastname = '$new_lastname' WHERE id = '$info_id'");
  373.         }
  374.        
  375.         if($relogin == 1){
  376.             $reply = "<br />You now need to re-login in order for your new username/password to take effect.<br /><span style='color:#999;'>You are now being logged out...</span>";
  377.             $reply .= '<meta http-equiv="refresh" content="4">';
  378.             $show_settings = 0;
  379.         }
  380.        
  381.         //Re-query database to get updated information for display
  382.         $info_query = mysql_query("SELECT * FROM ".$prefix."ProFolio_info ORDER BY id DESC LIMIT 0,1");
  383.         while($info_row = mysql_fetch_array($info_query)){
  384.             //Login Information
  385.             $username = $info_row['username'];
  386.             $password = $info_row['password'];
  387.            
  388.             //Specific Variables
  389.             $firstname = html_entity_decode($info_row['firstname']);
  390.             $lastname = html_entity_decode($info_row['lastname']);
  391.             $email = html_entity_decode($info_row['email']);
  392.             $phone = html_entity_decode($info_row['phone']);
  393.             $about_page = html_entity_decode($info_row['page_about']);
  394.             $contact_page = html_entity_decode($info_row['page_contact']);
  395.             $sitename = ucfirst(strtolower($firstname)).' '.ucfirst(strtolower($lastname));
  396.         }
  397.     }
  398.    
  399.     //Customize ProFolio if set
  400.     if(isset($_POST['change_customize']) && $LOGGEDIN == 'yes'){
  401.         function makeColor($n){
  402.             $n = trim($n);
  403.             $n = str_replace('#', '', $n);
  404.             $n = substr($n, 0, 6);
  405.             $n = '#'.$n;
  406.             return $n;
  407.         }
  408.         $show_customize = 1;
  409.         $new_categories = clean($_POST['categories']);
  410.         $new_firstname_color = makeColor($_POST['firstname_color']);
  411.         $new_lastname_color = makeColor($_POST['lastname_color']);
  412.         $new_link_color = makeColor($_POST['link_color']);
  413.         $new_text_color = makeColor($_POST['text_color']);
  414.         $new_bg_color = makeColor($_POST['bg_color']);
  415.         $new_lb_color = makeColor($_POST['lb_color']);
  416.         $new_bg_image = clean($_POST['bg_image']);
  417.         $new_bg_pos = clean($_POST['bg_pos']);
  418.         $new_bg_repeat = clean($_POST['bg_repeat']);
  419.         if($new_categories != ''){
  420.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET categories = '$new_categories'");
  421.         }
  422.         if($new_firstname_color != ''){
  423.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET color_firstname = '$new_firstname_color'");
  424.         }
  425.         if($new_lastname_color != ''){
  426.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET color_lastname = '$new_lastname_color'");
  427.         }
  428.         if($new_link_color != ''){
  429.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET color_links = '$new_link_color'");
  430.         }
  431.         if($new_text_color != ''){
  432.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET color_text = '$new_text_color'");
  433.         }
  434.         if($new_bg_color != ''){
  435.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET color_background = '$new_bg_color'");
  436.         }
  437.         if($new_lb_color != ''){
  438.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET color_lightbox = '$new_lb_color'");
  439.         }
  440.         if($new_bg_image != 'no'){
  441.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET opt_backgroundimg = '$new_bg_image'");
  442.         }
  443.         if($new_bg_pos != ''){
  444.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET opt_backgroundpos = '$new_bg_pos'");
  445.         }
  446.         if($new_bg_repeat != ''){
  447.             mysql_query("UPDATE ".$prefix."ProFolio_customize SET opt_backgroundrep = '$new_bg_repeat'");
  448.         }
  449.     }
  450.    
  451. } //Ending IF LOGGEDIN Bracket
  452.  
  453. //Query Data for Customize
  454. $query = mysql_query("SELECT * FROM ".$prefix."ProFolio_customize ORDER BY id DESC LIMIT 0,1");
  455. while($row = mysql_fetch_array($query)){
  456.     $categories = html_entity_decode($row['categories']);
  457.     function createCategories($list){
  458.         $list = explode(',', $list);
  459.         $output = '<select id="type" name="type"><option selected="selected" value="">Please Choose A Category &nbsp;&nbsp;</option><option disabled="disabled">&nbsp;</option>';
  460.         foreach($list as $option){
  461.             if(trim($option) != ''){
  462.                 $option = trim($option);
  463.                 $option = '<option value="'.ucwords($option).'">'.ucwords($option).'</option>';
  464.                 $output .= $option;
  465.             }
  466.         }
  467.         $output .= '<option disabled="disabled">&nbsp;</option><option value="Animation" id="animation_select">Animation (Beta)</option>';
  468.         $output .= '</select>';
  469.         return $output;
  470.     }
  471.     $firstname_color = $row['color_firstname'];
  472.     $lastname_color = $row['color_lastname'];
  473.     $link_color = $row['color_links'];
  474.     $text_color = $row['color_text'];
  475.     $bg_color = $row['color_background'];
  476.     $lb_color = $row['color_lightbox'];
  477.     $bg_image = $row['opt_backgroundimg'];
  478.     $bg_pos = $row['opt_backgroundpos'];
  479.     $bg_repeat = $row['opt_backgroundrep'];
  480. }
  481. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!