INT, 'noflash' => INT));
typecast($_POST, array('process' => STRING, 'category' => STRING, 'skipupload' => STRING, 'processall' => STRING,
'upuser' => STRING, 'deftitle' => STRING,'defdesc' => STRING, 'defkeywords' => STRING, 'updir' => STRING,
'downloadurl' => STRING, 'skipwater' => STRING, 'albumsel' => INT, 'dthumbs' => STRING,
'notify' => STRING, 'rating' => STRING, 'comments' => STRING, 'numprocess' => INT,
'keywords' => STRING, 'mature' => STRING) );
$noflash = ( $noflash == 1 ? 1 : 0 );
$allowed = array ( 'img' => array('src') );
function check_tags( $data, $allowed )
{
$data = preg_replace("/<(.*?)>/e", "process_tag(stripslashes('\\1'), \$allowed)", $data);
$data = str_replace('javascript:','#',$data);
return( $data );
}
function process_tag( $data, $allowed )
{
global $imgtags;
# ending tags
if ( preg_match("/^\/([a-z0-9]+)/i", $data, $matches) )
{
$name = strtolower($matches[1]);
if (in_array($name, array_keys($allowed)))
{
return "" . $name . ">";
}
else
{
return "";
}
}
# starting tags
if ( preg_match("/^([a-z0-9]+)(.*?)(\/?)$/i", $data, $matches) )
{
$name = strtolower($matches[1]);
$body = $matches[2];
$ending = $matches[3];
if ( in_array($name, array_keys($allowed)) )
{
$params = null;
preg_match_all("/([a-z0-9]+)=\"(.*?)\"/i", $body, $matches_2, PREG_SET_ORDER);
preg_match_all("/([a-z0-9]+)=([^\"\s]+)/i", $body, $matches_1, PREG_SET_ORDER);
$matches = array_merge($matches_1, $matches_2);
foreach( $matches as $match )
{
$pname = strtolower($match[1]);
if ( in_array($pname, $allowed[$name]) )
{
$params .= " $pname=\"$match[2]\"";
}
}
$imgtags[] .= "<" . $name.$params.$ending . ">";
return "<" . $name.$params.$ending . ">";
}
else
{
return "";
}
}
# garbage, ignore it
return "";
}
function myPreExtractCallBack($p_event, &$p_header)
{
if ( is_image($p_header['filename']) || is_multimedia($p_header['filename']) )
{
return 1;
}
return 0;
}
if ( is_array($_FILES) )
{
while( list($key,$value) = each($_FILES) )
{
${$key} = $value;
}
}
authenticate();
if ( $Globals['ppboards'] == "closed" && $User['adminedit'] != 1 )
{
diewell( $Globals['closedmsg'] );
}
if ( $User['adminedit'] == 0 && !$Globals['allowup'] )
{
diewell( $Globals['pp_lang']['upnot'] );
}
$querystring = findenv("QUERY_STRING");
if ( ($User['uploads'] == 0 && $gologin==1) || $querystring == "gologin" )
{
login( "{$Globals['maindir']}/uploadphoto.php" );
exit;
}
if ( $User['uploads'] == 0 )
{
diewell($Globals['pp_lang']['noupload']);
}
if ( $User['uploads'] == 2 )
{
diewell($Globals['pp_lang']['noverify']);
}
if ( $User['uploadlimit'] > 0 )
{
$upload = ppmysql_query("SELECT COUNT(*) FROM {$Globals['pp_db_prefix']}photos WHERE userid={$User['userid']} AND date > UNIX_TIMESTAMP( DATE_SUB(NOW(), INTERVAL 24 HOUR) )", $link);
list( $uploadchk ) = mysql_fetch_row($upload);
if ( $uploadchk >= $User['uploadlimit'] )
{
$Globals['pp_lang']['uplimit'] = str_replace( "%pics%", $uploadchk, $Globals['pp_lang']['uplimit'] );
diewell($Globals['pp_lang']['uplimit']);
}
}
topmenu();
if ( isset($cat) && !empty($cat) )
{
$ctitleq = ppmysql_query("SELECT id,catname,thumbs,cattype,parent,password,theme FROM {$Globals['pp_db_prefix']}categories WHERE id=$cat", $link);
list( $catid, $thecatname, $catthumbs, $cattype, $catparent, $thiscatpass, $cattheme ) = mysql_fetch_row($ctitleq);
if ( $cattheme != "" && !$Globals['forumstyle'] )
{
$Globals['theme'] = $cattheme;
if ( is_dir( "{$Globals['PP_PATH']}/stylesheets/{$Globals['theme']}" ) )
{
$Globals['idir'] = "{$Globals['maindir']}/stylesheets/{$Globals['theme']}";
}
}
}
else
{
$cat = 500;
}
if ( empty($process) )
{
printheader( $cat, $Globals['pp_lang']['uploadphoto'] );
$selected = $cat;
catmoveopt(0,0,0,1);
$albumcats = $catoptions;
$catoptions = null;
catmoveopt(0,1);
$resulta = ppmysql_query("SELECT SUM(filesize) AS fsize FROM {$Globals['pp_db_prefix']}photos WHERE userid={$User['userid']} AND storecat=0", $link);
list( $diskuse ) = mysql_fetch_row($resulta);
// $disk_k is set in login-inc and is their max upload space
$disk_b = $disk_k * 1024;
// For graph of status
$usedpx = 0;
$availpx = 100;
if ( $disk_k > 0 )
{
$diskbytes = $disk_b - $diskuse;
if ( $diskbytes < 0 )
{
diewell( $Globals['pp_lang']['overquota'] );
}
$diskspace = ( $diskbytes / 1024 );
if ( $diskuse > 0 )
{
$usedpx = 100 - round(($diskbytes/$disk_b)*100);
$availpx = round(100 - $usedpx);
}
$diskspace = number_format( sprintf("%1.1f", $diskspace) ). "{$Globals['pp_lang']['kb']} ($diskbytes {$Globals['pp_lang']['bytes']})";
$diskbytes = number_format( $diskbytes );
$disk_b = number_format($disk_b);
$disk_k = number_format($disk_k) . "{$Globals['pp_lang']['kb']} ($disk_b {$Globals['pp_lang']['bytes']})";
}
else
{
$diskspace = $Globals['pp_lang']['unlimit'];
$disk_k = $Globals['pp_lang']['unlimit'];
}
// Grab number of queued images
$inpath = "{$Globals['zipuploaddir']}/{$User['userid']}";
$photocount = 0;
if ( $handle = @opendir( $inpath ) )
{
while ( $realname = readdir( $handle ) )
{
if (( $realname != ".") && ( $realname != ".." ) )
{
$filepath = "$inpath/$realname";
if ( !is_image($realname) && !is_multimedia($realname) )
{
@unlink( $filepath );
continue;
}
$diskuse += filesize( $filepath );
$photocount++;
}
}
if ( $photocount > 0 )
{
$photocount = "$photocount";
}
}
$diskusekb = $diskuse/1024;
$diskusekb = number_format( sprintf("%1.1f", $diskusekb ));
$diskuse = number_format( $diskusekb ) ."{$Globals['pp_lang']['kb']} ($diskuse {$Globals['pp_lang']['bytes']})";
$Globals['pp_lang']['uplimit2'] = str_replace( "%pictures%", $User['uploadlimit'], $Globals['pp_lang']['uplimit2'] );
$imagetype = str_replace( ".", "", $Globals['acceptimg']);
if ( $Globals['allowmedia'] )
{
$imagetype .= "
" . str_replace( ".", "", $Globals['acceptmm']);
}
if ( $User['adminedit'] == 1 )
{
$imgdir = "{$Globals['zipuploaddir']}/{$User['userid']}";
//if you have a low number of users you can use this drop down list box, otherwise you have to input the name manually
//$useroptions = "";
$utemp = $User['username'];
if ( $Globals['vbversion'] == "ib3" || $Globals['vbversion'] == "fusion" || $Globals['vbversion'] == "threads" || $Globals['vbversion'] == "threads7" )
{
$utemp = $User['login'];
}
$useroptions = "
", " ", $Globals['pp_lang']['topcat'] );
$moreinfo = null;
if ( $Globals['maxfiles'] > 1 && $Globals['allowmedia'] )
{
if ( $Globals['allowzip'] )
{
$moreinfo = "
{$Globals['pp_lang']['multizips']}";
}
else
{
$moreinfo = "
{$Globals['pp_lang']['multifile']}";
}
}
include( "$Globals[tmpldir]/menubar.tmpl" );
if ( $User['userid'] < 1 || !$Globals['flashupload'] || $noflash == 1 )
{
include( "$Globals[tmpldir]/uploadphoto.tmpl" );
}
else
{
$_SESSION['userid'] = $User['userid'];
include( "$Globals[tmpldir]/uploadphoto2.tmpl" );
}
printfooter();
}
else
{
$wasuploaded = FALSE;
$deftitle = pp_ban_list( $deftitle );
$defdesc = pp_ban_list( $defdesc );
$defkeywords = pp_ban_list( $defkeywords );
if ( $category == 0 )
{
$category = 500;
}
if ( $albumsel > 0 )
{
$category = $albumsel;
}
if ( $processall != "processall" )
{
$processall = "no";
}
// If we are uploading as a different user, set us to that user
$uploaduser = $User['userid'];
check_user_dir( $uploaduser );
if ( isset($upuser) )
{
if ( !empty($upuser) && $upuser != $User['username'] )
{
list( $upuserid, $tusername, $tmail ) = get_userinfo($upuser);
if ( empty($upuserid) )
{
diewell( "$upuser: {$Globals['pp_lang']['nofind']}" );
}
}
check_user_dir( $upuserid );
}
if ( $category == "notcat" )
{
diewell( $Globals['pp_lang']['topcat'] );
}
if ( $skipupload == "skipupload" )
{
$upuser = urlencode(stripslashes(un_htmlspecialchars($upuser)));
$deftitle = urlencode(stripslashes(un_htmlspecialchars($deftitle)));
$defdesc = urlencode(stripslashes(un_htmlspecialchars($defdesc)));
$defkeywords = urlencode(stripslashes(un_htmlspecialchars($defkeywords)));
$updir = urlencode(stripslashes(un_htmlspecialchars($updir)));
$ismature = ( $mature == "yes" ? 1 : 0 );
if( isset($skipwater) )
{
forward( "bulkupload.php?ppaction=addphotos&do=preview&photopath=$uploaduser&upuser=$upuser¬ify=$notify&defcat=$category&numprocess=$numprocess&deftitle=$deftitle&defdesc=$defdesc&defkeywords=$defkeywords&updir=$updir&processall=$processall&skipwater=true&dthumbs=$dthumbs&mature=$ismature", $Globals['pp_lang']['prepare'] );
}
else {
forward( "bulkupload.php?ppaction=addphotos&do=preview&photopath=$uploaduser&upuser=$upuser¬ify=$notify&defcat=$category&numprocess=$numprocess&deftitle=$deftitle&defdesc=$defdesc&defkeywords=$defkeywords&updir=$updir&processall=$processall&dthumbs=$dthumbs&mature=$ismature", $Globals['pp_lang']['prepare'] );
}
}
// Grab any URL images (if specified)
if ( isset($downloadurl) && !empty($downloadurl) )
{
// Process a single image?
if ( is_image($downloadurl) )
{
$handle = @fopen( $downloadurl, "rb" );
if ( !$handle )
{
$tryagain = "{$thishost}$downloadurl";
$handle = @fopen( $tryagain, "rb" );
}
$imgstring = null;
if ( $handle )
{
// Read in 4k blocks
while ( !feof($handle) )
{
$imgstring .= fread( $handle, 4096 ) ;
}
fclose($handle);
$realname = substr( $downloadurl, strrpos($downloadurl, "/")+1 );
$filepath = "{$Globals['zipuploaddir']}/{$User['userid']}/$realname";
$handle = fopen( $filepath, "wb+" );
fwrite( $handle, $imgstring, strlen($imgstring) ) ;
fclose($handle);
}
}
elseif (preg_match("/^(http|https|ftp):\/\/(([A-Z0-9][A-Z0-9_-]*)(:[A-Z0-9][A-Z0-9_-]*)?@)?(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+)(:(\d+))?(\/)?/i", $downloadurl) )
{
// Process a page?
$getUrl = @file($downloadurl);
$imgtags = array();
$processed_data = check_tags($getUrl, $allowed);
if ( count($imgtags) > 0 )
{
$parseurl = parse_url($downloadurl);
$thishost = "{$parseurl[scheme]}://{$parseurl[host]}";
for ( $x=0; $x