Location: PHPKode > projects > phpBannerEx > addsite.php
<?
#################################################################################################
#
#  project              : phpBannerEx
#  filename             : addsite.php
#  last modified by     : 
#  e-mail               : hide@address.com
#  purpose              : add sites
#
#################################################################################################

#  Include Configs & Variables
#################################################################################################
require("admin/config.php");
require("library.php");

db_connect();
ReadConfig();

$user = authorize();

function main_form() {
  global $auto_entersize, $max_banner_height, $max_banner_width, $max_banner_filesize,
         $show_categories, $lang;

  if($auto_entersize) {
    $banner_height=$max_banner_height;
    $banner_width=$max_banner_width;
  }

  echo "<table class=\"standard\">\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\"><center><b>".get_msg(addrules,$lang)."</b></center></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\">\n";
  echo get_msg(rules,$lang);
  echo "    </td>\n";
  echo "  </tr>\n";
  echo "</table>\n";
  echo "<br><br>\n";

  if ($show_categories) {
    if($lang) {
      $sql = "SELECT ct_id, cl_name FROM cat LEFT JOIN cat_l ON (ct_id = cl_cat_ref) WHERE cl_lang_ref='$lang' ORDER BY cl_name";
    } else {
      $sql = "SELECT ct_id, ct_name FROM cat ORDER BY ct_name";
    }
    $res = db_query($sql);

    $catstr.="<div class=\"mainleft\">".get_msg(category,$lang).":<br></div>\n";
    $catstr.="<select name=\"st_cat_ref\">";
    while ($row = mysql_fetch_row($res)) {
      $catstr.= "<option value=\"$row[0]\">$row[1]</option>\n";
    }
    $catstr.="</select><br>\n";
  }

  echo "<table class=\"standard\">\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\"><center><b>".get_msg(addyoursite,$lang)."</b></center></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\">\n";
  echo "      <FORM ACTION=\"addsite.php\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\">\n";
  echo "        <div class=\"mainleft\">".get_msg(siteurl,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"st_url\" VALUE=\"http://\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(sitetitle,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"st_name\" VALUE=\"\" SIZE=\"60\" MAXLENGTH=\"100\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(sitedesc,$lang).":<br></div>\n";
  echo "        <textarea NAME=\"st_desc\" cols=45 rows=7></textarea>\n";
  echo "        $catstr\n";
  echo "        <div class=\"mainleft\">".get_msg(banner,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"$max_banner_filesize\">\n";
  echo "        <INPUT TYPE=\"file\" name=\"banner\" SIZE=\"50\" VALUE=\"\">\n";
  echo "        <br>\n";
  echo "        <INPUT TYPE=\"hidden\" NAME=\"act\" VALUE=\"add_site\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "        <input type=\"submit\" value=\"".get_msg(submit,$lang)."\" onclick=\"exit=false\" >\n"; //
  echo "      </FORM>\n";
  echo "    </td>\n";
  echo "  </tr>\n";
  echo "</table>\n";
}

function add_site() {
  global $st_url, $st_name, $st_desc, $st_cat_ref, $banner,
         $max_banner_height, $max_banner_width,$banner_path,
         $webmasterapproval, $emailapproval, $user, $lang, $notify_email;

  if($banner != 'none') { $bannerinfo=GetImageSize("$banner"); }

  if ($bannerinfo[2] == "1" || $bannerinfo[2] == "2" || $bannerinfo[2] == "3") {
    switch ($bannerinfo[2]) {
      case 1 : $ext = ".gif"; break;
      case 2 : $ext = ".jpg"; break;
      case 3 : $ext = ".png"; break;
    }
  } else {
    $errorbanner=1;
    $errorbannertype=1;
  }

  if ($bannerinfo[1] > $max_banner_height ) {
    $errorbanner=1;
    $errorbannerheight=1;
  }

  if ($bannerinfo[0] > $max_banner_width ) {
    $errorbanner=1;
    $errorbannerwidth=1;
  }

  # check duplicate
  $sql = "SELECT st_url FROM site WHERE st_url='$st_url'";
  $res = db_query($sql);
  $row = mysql_fetch_row($res);
  $dup = ($row[0] == $st_url);

  // Check Input
  if(!$st_url || ($st_url == "http://") || !$st_name || !$st_desc ||
     check_bad_words($st_desc) || check_bad_words($st_name)
     || $dup || $errorbanner) {

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "    <td class=\"standard\">\n";

    if($dup)                  { echo get_msg(error_duplicate,$lang)."<br>\n"; }
    if(!$st_url)              { echo get_msg(error_emptysiteurl,$lang)."<br>\n"; }
    if($st_url == "http://")  { echo get_msg(error_emptysiteurl,$lang)."<br>\n"; }
    if(!$st_name)             { echo get_msg(error_emptysitename,$lang)."<br>\n"; }
    if(!$st_desc)             { echo get_msg(error_emptysitedesc,$lang)."<br>\n"; }

    if(check_bad_words($st_name)) { echo get_msg(error_badsitename,$lang)."<br>\n"; }
    if(check_bad_words($st_desc)) { echo get_msg(error_badsitedesc,$lang)."<br>\n"; }

    if($errorbannertype)   { echo get_msg(error_bannertype,$lang)."<br>\n"; }
    if($errorbannerheight) { echo get_msg(error_bannerheight,$lang)."<br>\n"; }
    if($errorbannerwidth)  { echo get_msg(error_bannerwidth,$lang)."<br>\n"; }

    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "</center>\n";

  } else {

    // What it does if the forms are all correct
    $st_name = addslashesnew(strip_tags($st_name));
    $st_desc = addslashesnew(strip_tags($st_desc));
    if (!$st_cat_ref) { $st_cat_ref = 0; }

    if ($webmasterapproval) { $st_status = 0; } else { $st_status = 1; }

    $banner_bin_temp = fread(fopen($banner, "r"), filesize($banner));

    $sql = "INSERT INTO site
              (st_user_ref, st_cat_ref, st_name, st_url, st_desc, st_status) VALUES
              ('$user[ur_id]', '$st_cat_ref', '$st_name','$st_url','$st_desc','$st_status')";
    $res = db_query($sql);
    $st_id = mysql_insert_id();

    $banner_bin = addslashes($banner_bin_temp);
    $sql = "INSERT INTO banner VALUES ('$st_id', '$banner_bin')";
    $res = db_query($sql);

    if (!$banner_store_db && $banner_path) {	// write to file
	$file = fopen($banner_path."/".$st_id.$ext,"wb");
	fwrite($file,$banner_bin_temp);
	fclose($file);
    }

    // takes out all slashes then sends out emails

    $st_name = stripslashes($st_name);
    $st_desc = stripslashes($st_desc);
    mail_newnotifyuser($user,$st_id,$st_name,$st_url,$st_desc);
    if($notify_email){
      mail_newnotifyadm($user,$st_id,$st_name,$st_url,$st_desc);
    }

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(addthanks,$lang)."</b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo get_msg(addsendmail,$lang)."<br>\n";
    if ($webmasterapproval) {
      echo get_msg(addapproval,$lang)."<p>\n";
    }
    help($st_id);
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>";
  }

  echo "<p>\n";
  echo "<FORM action=\"index.php\" method=\"POST\">\n";
  echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "</FORM>\n";
  echo "<p>\n";
}

include($addheader);
include("menu.inc");

if(!$act) { main_form(); }
if($act == "add_site") { add_site(); }

include("$addfooter");
?>
Return current item: phpBannerEx