Location: PHPKode > scripts > Ja2BU > link.php
<?php session_start();
/**********************************************************************
*  Copyright notice Ja2BU 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpform[dot]net
*  All rights reserved
*
*  This script is part of the Ja2BU project. 
*  The Ja2BU project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
************************************************************************/
error_reporting(E_ERROR | E_WARNING | E_PARSE);
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if(!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
	header('Location: signin.php');
	die();
}
if(!$_SESSION['inecsess']) {
	header('Location: signin.php');
	die();
}
include ('settings.php');
include('session.php');
$smarty->display('blank.php');
?>
<body>
<div style="float:left;margin-top:4px;color:#555;">
<div id="linkpanel">
<?php $shouter = @$_SESSION['INC_USER_ID'];
$brecordSet = &$conn->Execute('SELECT * FROM users WHERE usid = ?',array($shouter));
if(!$brecordSet)
	print $conn->ErrorMsg();
else
	while(!$brecordSet->EOF) {
		$cfullname = $brecordSet->fields['fullname'];
		$cusername = $brecordSet->fields['username'];
		$chomep = $brecordSet->fields['homep'];
		$cbiosi = $brecordSet->fields['biosi'];
		$cthumbs = $brecordSet->fields['thumbs'];
		$cgoogle = $brecordSet->fields['google'];
		$cskype = $brecordSet->fields['skype'];
		$cmsn = $brecordSet->fields['msn'];
		$cyahoo = $brecordSet->fields['yahoo'];
		$brecordSet->MoveNext();
	}
?>
<span class="featuredcontainer">
<div id="blockhead"><?php echo $lang['LINKPROF'] ?>
<?php if($cthumbs == true) { ?>
<a href="uploads/<?php echo $cthumbs ?>"><img style="position:relative;top:-3px;" src="minthumb/<?php echo $cthumbs ?>" width="25px" height="25px" border="0"></a></div>
<?php } else { ?>
<img style="position:relative;top:-3px;" src="themes/<?php echo $themes; ?>/styles/images/noavatar25.png" width="25px" height="25px" border="0"></a></div>
<?php } ?>
<br />
</span>
<?php
if(isset($_POST['query'])) {
	if(get_magic_quotes_gpc()) {
		$fullname = stripslashes($_POST['fullname']);
		$homep = stripslashes($_POST['homep']);
		$biosi = stripslashes($_POST['biosi']);
		$mygoogle = stripslashes($_POST['mygoogle']);
		$myskype = stripslashes($_POST['myskype']);
		$mymsn = stripslashes($_POST['mymsn']);
		$myyahoo = stripslashes($_POST['myyahoo']);
	} else {
		$fullname = $_POST['fullname'];
		$homep = $_POST['homep'];
		$biosi = $_POST['biosi'];
		$mygoogle = $_POST['mygoogle'];
		$myskype = $_POST['myskype'];
		$mymsn = $_POST['mymsn'];
		$myyahoo = $_POST['myyahoo'];
	}
	@$coption = $_POST['coption'];
	if($coption == 1) {
		$file = $cthumbs;
		$file1 = $cthumbs;
		$file2 = $cthumbs;
		$file = "uploads/".$file;
		$file1 = "maxthumb/".$file1;
		$file2 = "minthumb/".$file2;
		//@unlink($file);
		//@unlink($file1);
		//@unlink($file2);
	}
	$name = array($fullname,$homep,$biosi,$mygoogle,$myskype,$mymsn,$myyahoo);
	foreach($name as $name) {
		if(preg_match("/%/",$name)) {
			echo "$lang[NOTVALID] '%'</div></div></div>";
			$smarty->display('footer.php');
			die();
		}
		if(preg_match("/;/",$name)) {
			echo "$lang[NOTVALID] ';'</div></div></div>";
			$smarty->display('footer.php');
			die();
		}
		if(preg_match("/</",$name)) {
			echo "$lang[NOTVALID] '<'</div></div></div>";
			$smarty->display('footer.php');
			die();
		}
		if(preg_match("/\\[/",$name)) {
			echo "$lang[NOTVALID] '['</div></div></div>";
			$smarty->display('footer.php');
			die();
		}
	}
	if(strlen($homep) > 0) {
		if(!preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i",$homep)) {
			echo "<center>$lang[VIDOERR1]&nbsp;<a href=\"javascript:history.go(-1)\">$lang[BOOKBACK]</a></center>";
			die();
		}
	}
	if(strlen($homep) > 120) {
		echo "$lang[MAXCHAR] ($lang[LINKHOME]): 120 <a href='javascript:history.go(-1)'>$lang[GOBACK]</a></div></div></div>";
		$smarty->display('footer.php');
	}
	if(strlen($biosi) > 800) {
		echo "$lang[MAXCHAR] ($lang[LINKABOUT]): 800 <a href='javascript:history.go(-1)'>$lang[GOBACK]</a></div></div></div>";
		$smarty->display('footer.php');
		die();
	}
	if(strlen($fullname) > 100) {
		echo "$lang[MAXCHAR] ($lang[LINKFULL]): 100 <a href='javascript:history.go(-1)'>$lang[GOBACK]</a></div></div></div>";
		$smarty->display('footer.php');
	}
	if($_FILES['image']['name'] == "") {
		die('Please Upload Valid .jpg or .jpeg File');
	} else {
		$current_image = $_FILES['image']['name'];
		$extension = substr(strrchr($current_image,'.'),1);
		if(($extension !== "jpg" && $extension !== "jpeg")) {
			die('Please Upload Valid .jpg or .jpeg File');
		}
		$time = date("fYhis");
		$new_image = $time.".".$extension;
		$destination = "uploads/".$new_image;
		$action = copy($_FILES['image']['tmp_name'],$destination);
		/**
		 * ccthumb()
		 * 
		 * @param mixed $image_source
		 * @param mixed $file
		 * @param mixed $xthumbnail
		 * @param mixed $ythumbnail
		 * @return
		 */
		function ccthumb($image_source,$file,$xthumbnail,$ythumbnail) {
			list($origx,$yorig) = getimagesize($image_source);
			if($origx > 1280 || $yorig > 1280) {
				echo "<div id='error'>Maximum width and height exceeded. Please upload images below  1280 x 1280 px size.</div></div>";
				exit();
			}
			$tag = explode('.',$image_source);
			if(preg_match('/jpg|jpeg/',$tag[1])) {
				if(@$cimage = imagecreatefromjpeg($image_source) == true) {
					$cimage = imagecreatefromjpeg($image_source);
				} else {
					echo "<div id='error'>Wrong File</div></div>";
					exit();
				}
			}
			$ratio = $origx / $yorig;
			if($xthumbnail / $ythumbnail > $ratio) {
				$yheight = $xthumbnail / $ratio;
				$xwidth = $xthumbnail;
			} else {
				$xwidth = $ythumbnail * $ratio;
				$yheight = $ythumbnail;
			}
			$action = imagecreatetruecolor(round($xwidth),round($yheight));
			imagecopyresampled($action,$cimage,0,0,0,0,$xwidth,$yheight,$origx,$yorig);
			$thumbnail = imagecreatetruecolor($xthumbnail,$ythumbnail);
			$xos = $xwidth / 2;
			$yos = $yheight / 2;
			imagecopyresampled($thumbnail,$action,0,0,($xos - ($xthumbnail / 2)),($yos - ($ythumbnail / 2)),$xthumbnail,
				$ythumbnail,$xthumbnail,$ythumbnail);
			imagejpeg($thumbnail,$file,80);
			return $thumbnail;
		}
		ccthumb($destination,'maxthumb/'.$new_image,50,50);
		ccthumb($destination,'minthumb/'.$new_image,25,25);
	}
	if($coption == 1) {
		$sql = $conn->Prepare('UPDATE users SET fullname = ?, homep = ?, biosi = ?, thumbs = ?, google = ?, skype = ?, msn = ?, yahoo = ? WHERE usid = ?');
		if($conn->Execute($sql,array($fullname,$homep,$biosi,$new_image,$mygoogle,$myskype,$mymsn,
			$myyahoo,$shouter)) === false) {
			print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
		}
		$sql2 = $conn->Prepare('UPDATE reviews SET comimage = ? WHERE comenter = ?');
		if($conn->Execute($sql2,array($new_image,$cusername)) === false) {
			print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
		}
		$sql3 = $conn->Prepare('UPDATE article SET bimgs = ? WHERE buserid = ?');
		if($conn->Execute($sql3,array($new_image,$shouter)) === false) {
			print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
		}
	} else {
		$sql = $conn->Prepare('UPDATE users SET fullname = ?, homep = ?, biosi = ?, thumbs = ?, google = ?, skype = ?, msn = ?, yahoo = ? WHERE usid = ?');
		if($conn->Execute($sql,array($fullname,$homep,$biosi,$cthumbs,$mygoogle,$myskype,$mymsn,
			$myyahoo,$shouter)) === false) {
			print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
		}
	}
	echo "<br />Successfully <a href='link.php'> $lang[BOOKBACK]</a></center>";
} else {
?>
<form method="post" action="link.php" id="panelform"  name="form"  enctype="multipart/form-data" />
<?php echo $lang['LINKFULL']; ?><br />
<input type="text" name="fullname" class="incc" value="<?php echo $cfullname ?>"><br /><br />
<?php echo $lang['LINKHOME']; ?><br />
<input type="text" name="homep" class="incc" value="<?php echo $chomep ?>"><br /><br />
<?php echo $lang['LINKABOUT']; ?><br />
<input type="text" name="biosi" class="incc" value="<?php echo $cbiosi ?>"><br /><br />


<?php echo $lang['LINKGOOGLE']; ?><br />
<input type="text" name="mygoogle" class="incc" value="<?php echo $cgoogle ?>"><br /><br />
<?php echo $lang['LINKSKYPE']; ?><br />
<input type="text" name="myskype" class="incc" value="<?php echo $cskype ?>"><br /><br />
<?php echo $lang['LINKMSN']; ?><br />
<input type="text" name="mymsn" class="incc" value="<?php echo $cmsn ?>"><br /><br />
<?php echo $lang['LINKYAHOO']; ?><br />
<input type="text" name="myyahoo" class="incc" value="<?php echo $cyahoo ?>"><br /><br />
<?php echo $lang['LINKNIMG']; ?>&nbsp;<?php echo $lang['POSTIMG']; ?><br />
<input id="check" type="checkbox" name="coption" value="1"><br /><br />
<input type="file" name="image" /><br /><br />
<input type="submit" value="<?php echo $lang['LINKSUB']; ?>" name="query" class="buton" />
</form>
<?php } ?>
</div>

</div>
<div style="float:right;margin-top:4px;margin-left:5px;color:#555;">


<div id="linkpanel">
<script>
function goto(site) {
var msg = confirm("<?php echo $lang['LINKALER'] ?>")
if (msg) {window.location.href = site}
else (null)
}
</script>
<div id="blockhead"><?php echo $lang['LINKNEWS'] ?></div><br />
<?php
$shouter = @$_SESSION['INC_USER_ID'];
$crecordSet = &$conn->Execute('SELECT * FROM article where buserid = ? ORDER by blogid desc',array($shouter));
if(!$crecordSet)
	print $conn->ErrorMsg();
else
	while(!$crecordSet->EOF) {
		echo "".stripslashes($crecordSet->fields['btexty'])."<br /><a href=\"edit.php?id=".$crecordSet->fields['blogid']."\">[$lang[LINKEDIT]]</a> <a href=\"javascript:goto('delete.php?id=".$crecordSet->fields['blogid']."')\">[$lang[LINKDEL]]</a>";
		if($crecordSet->fields['main'] == 0 && $payoffon == 1) { ?>
&nbsp;<a href="sponsored.php?id=<?php echo $crecordSet->fields['blogid']; ?>">[<?php echo $lang['MAKESPONSOR']; ?>]</a><br /><br />
<?php
} else {
if($payoffon == 1) { ?>&nbsp;[<?php echo $lang['SPONSOR']; ?>]<br /><br /><?php } else { ?> <br /><br /> <?php } ?>
<?php
}
$crecordSet->MoveNext();
}
?>
</div>
</div>
</div>
</div>
<?php
$smarty->display('footer.php');
$conn->Close();
######################################
##link.php                      1.1.##
######################################
?>
100% Free PHP Newsletter Script! Download now!
Return current item: Ja2BU