File size: 6.53Kb
<?php
error_reporting(0);
require_once"./includes/functions/gzip.php";
include('start.php');
include("config.php");
include("./includes/".$ver."/banned");
$nocache = rand(10000, 99999);
list($msec, $sec) = explode(chr(32), microtime());
$headtime = $sec + $msec;
switch($ver)
{
////////////////////////////////////////////////////////
//WML VERSION
////////////////////////////////////////////////////////
case 'wml':
header("Content-type:text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-cache, must-revalidate");
//AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `id` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".md5($password)."';");
if(mysql_num_rows($q) == 0)
{
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"ERROR\" ontimer=\"index.php?ver=wml\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Not logged in!<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[".round(($sec+$msec)-$headtime,5)."] sec<br/>\n";
echo "</small>";
require_once "includes/functions/gzip_foot.php";
echo "</p></card></wml>";
ob_end_flush();
exit();
}
//END AUTH
//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<head><meta http-equiv=\"Cache-Control\" content=\"no-cache\" forua=\"true\"/></head>\n";
echo "<card id=\"error\" title=\"Ошибка\" ontimer=\"menu.php?".SID."\">\n";
echo "<timer value=\"15\" />\n";
echo "<p align=\"left\">\n";
echo "<small>This menu is for HTML-version</small><br/>";
echo "<a href=\"menu.php?".SID."&ver=wml&nocache=$nocache\">Hall</a><br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[".round(($sec+$msec) - $headtime, 5)."] sec</small><br/>\n";
require_once "includes/functions/gzip_foot.php";
echo "</p></card></wml>";
ob_end_flush();
break;
////////////////////////////////////////////////////////
//HTML VERSION
////////////////////////////////////////////////////////
case 'html':
$my_title = "Upload";
if(!isset($_COOKIE['theme'])) $_COOKIE['theme'] = 1;
include_once "themes/".intval($_COOKIE['theme'])."/index.php";
//AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `id` FROM `chat_users` WHERE `id` = '".$id."' AND `password` = '".md5($password)."';");
if(mysql_num_rows($q) == 0)
{
echo "Not logged in!<br/>\n";
include_once "themes/".intval($_COOKIE['theme'])."/foot.php";
exit();
}
//END AUTH
//ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '".$online."', `place` = 0, `ip` = '".getenv('REMOTE_ADDR')."', `ua` = '".htmlspecialchars(getenv('HTTP_USER_AGENT'))."' WHERE `id` = '".$id."';");
//END ONLINE
if(isset($_GET['case'])) $case = $_GET['case'];
else $case = "";
switch($case)
{
case 'add':
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '".$id."';");
$photo_type = mysql_result($sql, 0);
if(file_exists("photos/".$id.".$photo_type"))
{
echo "Remove the first current photo.<br/>\n";
break;
}
$sql = mysql_query("SELECT `posts` FROM `chat_users` WHERE `id` = '".$id."';");
$gen = mysql_result($sql,0);
if ($gen < 150)
{
echo "Only Genuine Users Can Upload Photo";
break;
}
if(!isset($_POST['action']))
{
echo "<form action=\"upload.php?".SID."&case=add&ver=html&nocache=$nocache\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo "<input type=\"file\" name=\"photo\" /><br />\n";
echo "<input type=\"hidden\" name=\"action\" value=\"upload\" />\n";
echo "<input type=\"submit\" value=\"Upload\" /><br /></form>\n";
}
else
{
if(!is_uploaded_file($_FILES['photo']['tmp_name']))
{
echo "Error loading.<br />\n";
break;
}
$propr = getimagesize($_FILES['photo']['tmp_name']);
if(($propr[2] !== 1) && ($propr[2] !== 2) && ($propr[2] !== 3))
{
echo "Allowed GIF, JPEG or PNG photos.<br />\n";
break;
}
if(filesize($_FILES['photo']['tmp_name']) > 1024 * 50)
{
echo "Maximum size 50Kb.<br />\n";
break;
}
if($propr[0] > 800 || $propr[1] > 800)
{
echo "Resolution 800x800.<br />\n";
break;
}
$photo_type = substr($_FILES['photo']['type'], 6);
$sql = mysql_query("UPDATE `chat_users` SET `photo` = '".$photo_type."' WHERE `id` = '".$id."';");
if(copy($_FILES['photo']['tmp_name'], "photos/".$id.".".$photo_type.""))
{
echo "successfully!<br/>\n";
echo "<img src='photos/".$id.".".$photo_type."?".rand(1000000, 9999999)."' alt='photo' /><br />\n";
}
else
{
echo "When saving photos error occurred.<br />\n";
}
}
break;
case 'del':
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '".$id."';");
$photo_type = mysql_result($sql, 0);
if(!file_exists("photos/".$id.".$photo_type"))
{
echo "Photos do not exist.<br/>\n";
break;
}
if(!isset($_GET['accept']))
{
echo "Are you sure you want to Remove the current photo?<br/>\n";
echo "<a href=\"upload.php?".SID."&ver=html&case=del&accept\">[Да]</a> <a href=\"upload.php?".SID."&ver=html\">[Нет]</a><br/>\n";
}
else
{
if(unlink("photos/".$id.".$photo_type"))
{
echo "successfully removed!<br/>\n";
}
else
{
echo "error occurred...<br/>\n";
}
}
break;
default:
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '".$id."';");
$photo_type = mysql_result($sql, 0);
echo "Upload photos through HTML-form:<br/>\n";
if(file_exists("photos/".$id.".$photo_type"))
{
echo "To upload a new photo, remove the current.<br/>\n";
echo "Current photo:<br/>\n";
echo "<img src=\"photos/".$id.".$photo_type?".rand(10000, 99999)."\" alt=\"photo\" /><br/>\n";
echo "<a href=\"upload.php?".SID."&ver=html&case=del\">[Remove]</a><br/>\n";
}
else
{
echo "Photos do not.<br/>\n";
echo "<a href=\"upload.php?".SID."&ver=html&case=add\">[Add]</a><br/>\n";
}
//echo "<a href=\"photo.php?".SID."&ver=html\">[URL]</a><br/>\n";
break;
}
if(!empty($_GET['case'])) echo "<a href=\"upload.php?".SID."&ver=html&nocache=$nocache\">Photo</a><br/>\n";
echo "<a href=\"menu.php?".SID."&ver=html&nocache=$nocache\">Hall</a><br/>\n";
include_once "themes/".intval($_COOKIE['theme'])."/foot.php";
break;
}
?>