. * * File Name: control.php * Description: Works with uploader.php * $Date: 2010-02-21 23:16:57 +0000 (Sun, 21 Feb 2010) $ * $Revision: 12 $ */ include_once ("../includes/settings.inc") ; // connect to a database $link = mysql_connect($db_host, $db_user, $db_password) or die('Could not connect: '.mysql_error()) ; mysql_select_db($db_database) or die('Could not select database') ; srand(time()) ; if (isset($_GET['sitepath'])) { $sitepath = uninject($_GET['sitepath']) ; } if (isset($_GET['group'])) { $group = uninject($_GET['group']) ; echo "

group id is ".$group ; } if (isset($_GET['category'])) { $category = uninject($_GET['category']) ; echo "

category id is ".$category ; } if (isset($_GET['name'])) { $name = uninject($_GET['name']) ; } else { $name = "Untitled_".rand() ; } if (isset($_GET['title'])) { $title = str_replace("_", " ", uninject($_GET['title'])) ; } else { $title = str_replace("_", " ", $name) ; } if (isset($_GET['desc'])) { $desc = uninject($_GET['desc']) ; } else { $desc = "" ; } if (isset($_GET['keywords'])) { $keywords = uninject($_GET['keywords']) ; } else { $keywords = "" ; } if (isset($_GET['thumburl'])) { $thumburl = uninject($_GET['thumburl']) ; $thumbname = uninject($_GET['thumbname']) ; if (isset($_GET['remotethumb'])) { echo '/usr/bin/wget '.$thumburl.' -O "../uploads/thumbs/'.$title.'.small.jpg"' ; exec('/usr/bin/wget '.$thumburl.' -O "../uploads/thumbs/'.$title.'.small.jpg"') ; copy('../uploads/thumbs/'.$title.'.small.jpg', '../uploads/thumbs/'.$title.'.large.jpg') ; } else { copy('../uploads/thumbs/'.$thumbname, '../uploads/thumbs/'.$title.'.small.jpg') ; copy('../uploads/thumbs/'.$title.'.small.jpg', '../uploads/thumbs/'.$title.'.large.jpg') ; } $thumburl = $title ; } else { $thumburl = "" ; } if (isset($_GET['type'])) { $type = uninject($_GET['type']) ; switch ($type) { case "video": $ext = "flv" ; break ; case "audio": $ext = "mp3" ; break ; case "image": $ext = "jpg" ; break ; case "flash": $ext = "swf" ; break ; } } else { $type = "video" ; $ext = "flv" ; } if (isset($_GET['poster'])) { if (isset($_GET['ip'])) { $tmp = mysql_fetch_array(mysql_query("SELECT username FROM member WHERE ip = '".$_GET['ip']."' AND username = '".$_GET['poster']."';"), MYSQL_ASSOC) ; } else { $tmp = mysql_fetch_array(mysql_query("SELECT username FROM member WHERE username = '".$_GET['poster']."';"), MYSQL_ASSOC) ; } $username = $tmp['username'] ; } else { if (isset($_GET['ip'])) { $tmp = mysql_fetch_array(mysql_query("SELECT username FROM member WHERE ip = '".$_GET['ip']."';"), MYSQL_ASSOC) ; } else { $tmp = mysql_fetch_array(mysql_query("SELECT username FROM member ORDER BY id ASC LIMIT 1;"), MYSQL_ASSOC) ; } $username = $tmp['username'] ; } if (isset($_GET['size'])) { $size = uninject($_GET['size']) ; } else { $size = 0 ; } if (isset($_GET['md5'])) { $md5 = uninject($_GET['md5']) ; } else { $md5 = "" ; } $sql = ' INSERT INTO `media` ( `title`, `category`, `description`, `tags`, `mediaurl`, `extern`, `thumb`, `visits`, `poster`, `added`, `status`, `useraw`, `embed`, `url`, `featured`, `groupid`, `requires_agreement`, `dayviews`, `weekviews`, `monthviews`, `allviews`, `checkday`, `checkweek`, `checkmonth`, `mediatype`, `defaultthumb`, `flagged`, `size`, `md5` ) VALUES ( \''.$title.'\', \''.$category.'\', \''.$desc.'\', \''.$keywords.'\', \''.$name.'.'.$ext.'\', \'false\', \''.$thumburl.'\', 0, \''.$username.'\', \''.time().'\', \'true\', \'false\', \'\', \''.$title.'\', 0, \''.$group.'\', 0, 0, 0, 0, 0, 0, 0, 0, \''.$type.'\', 0, 0, \''.$size.'\', \''.$md5.'\' ); ' ; if (isset($_GET['embed'])) { $sql = ' INSERT INTO `media` ( `title`, `category`, `description`, `tags`, `mediaurl`, `extern`, `thumb`, `visits`, `poster`, `added`, `status`, `useraw`, `embed`, `url`, `featured`, `groupid`, `requires_agreement`, `dayviews`, `weekviews`, `monthviews`, `allviews`, `checkday`, `checkweek`, `checkmonth`, `mediatype`, `defaultthumb`, `flagged`, `size`, `md5` ) VALUES ( \''.$title.'\', \''.$category.'\', \''.$desc.'\', \''.$keywords.'\', \'\', \'false\', \''.$thumburl.'\', 0, \''.$username.'\', \''.time().'\', \'true\', \'false\', \''.urldecode($_GET['embed']).'\', \''.$title.'\', 0, \''.$group.'\', 0, 0, 0, 0, 0, 0, 0, 0, \'embed\', 0, 0, 0, 0 ); ' ; } mysql_query($sql) or die(mysql_error()) ; mysql_query("INSERT INTO locations (mid, sid) VALUES ('".mysql_insert_id()."', '".$serverid."')") ; mysql_close($link) ; function uninject($data) { // replaces harmful data with safe data return str_replace("'", "\'", htmlspecialchars(stripslashes($data))) ; } ?>