<?php
error_reporting(0);
require_once"./includes/functions/gzip.php";
include('start.php');
include("config.php");
include("./includes/" . $ver . "/banned");
list($msec, $sec) = explode(chr(32), microtime());
$headtime = $sec + $msec;
$nocache = rand(1000, 9999);
switch ($ver) {
// //////////////////////////////////////////////////////
// WML VERSION
// //////////////////////////////////////////////////////
case 'wml':
header ("Content-type: text/vnd.wap.wml; charset=utf-8");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
// AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '" . $id . "' AND `password` = '" . md5($password) . "';");
if (mysql_num_rows($q) == 0) {
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"ERROR\" ontimer=\"index.php?ver=wml\"><timer value=\"15\"/><p align=\"left\">\n";
echo "<small>Authorization Failed!<br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/>[" . round(($sec + $msec) - $headtime, 5) . "] sec<br/>\n";
echo "</small>";
require_once "includes/functions/gzip_foot.php";
echo "</p></card></wml>";
ob_end_flush();
exit();
}
// END AUTH
$level = mysql_result($q, 0);
// ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '" . $online . "', `place` = 0, `ip` = '" . getenv('REMOTE_ADDR') . "', `ua` = '" . htmlspecialchars(getenv('HTTP_USER_AGENT')) . "' WHERE `id` = '" . $id . "';");
// END ONLINE
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.3//EN\" \"http://www.wapforum.org/DTD/wml13.dtd\"><wml>\n";
echo "<card title=\"Upload photos\"><p align=\"left\">\n";
if (isset($_GET['mod'])) {
$mod = $_GET['mod'];
} else {
$mod = "";
}
switch ($mod) {
case 'add':
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '" . $id . "';");
$photo_type = mysql_result($sql, 0);
if (file_exists("photos/" . $id . ".$photo_type")) {
echo "Remove the first current photo.<br/>\n";
break;
}
if (!isset($_POST['action']) && !isset($_GET['uid'])) {
echo "Address:<br/>\n";
echo "<input type=\"text\" name=\"url$nocache\" value=\"http://\" maxlength=\"200\"/><br/>\n";
echo "<anchor>[Add]<go href=\"photo.php?" . SID . "&ver=wml&nocache=$nocache&mod=add\" method=\"post\">\n";
echo "<postfield name=\"url\" value=\"$(url$nocache)\"/>\n";
echo "<postfield name=\"action\" value=\"load\"/>\n";
echo "</go></anchor><br/>\n";
} else {
$url = $_POST['url'];
$photo_info = getimagesize($url);
if (!$photo_info) {
echo "Error loading photos.<br/>\n";
break;
}
switch ($photo_info[2]) {
default:
echo "only allowed JPEG, GIF, PNG.<br/>\n";
echo "<a href=\"photo.php?" . SID . "&ver=wml\">photos</a><br/>\n";
echo "<br/><a href=\"menu.php?" . SID . "&ver=wml\">HALL</a><br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[" . round(($sec + $msec) - $headtime, 5) . "] sec</small><br/>\n";
require_once "includes/functions/gzip_foot.php";
echo "</p></card></wml>";
ob_end_flush();
exit();
break;
// GIF
case 1:
$sql = mysql_query("UPDATE `chat_users` SET `photo` = 'gif' WHERE `id` = '" . $id . "';");
$pd = imagecreatefromgif($url);
imagegif($pd, "photos/" . $id . ".gif");
imagedestroy($pd);
echo "photo successfully loaded!<br/>\n";
echo "<img src=\"photos/" . $id . ".gif?" . rand(10000, 99999) . "\" alt=\"photo\" /><br/>\n";
break;
// JPEG
case 2:
$sql = mysql_query("UPDATE `chat_users` SET `photo` = 'jpg' WHERE `id` = '" . $id . "';");
$pd = imagecreatefromjpeg($url);
imagejpeg($pd, "photos/" . $id . ".jpg");
imagedestroy($pd);
echo "photo successfully loaded!<br/>\n";
echo "<img src=\"photos/" . $id . ".jpg?" . rand(10000, 99999) . "\" alt=\"photo\" /><br/>\n";
break;
// PNG
case 3:
$sql = mysql_query("UPDATE `chat_users` SET `photo` = 'png' WHERE `id` = '" . $id . "';");
$pd = imagecreatefrompng($url);
imagepng($pd, "photos/" . $id . ".png");
imagedestroy($pd);
echo "photo successfully loaded!<br/>\n";
echo "<img src=\"photos/" . $id . ".png?" . rand(10000, 99999) . "\" alt=\"photo\" /><br/>\n";
break;
}
}
break;
case 'del':
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '" . $id . "';");
$photo_type = mysql_result($sql, 0);
if (!file_exists("photos/" . $id . ".$photo_type")) {
echo "photo does not exist.<br/>\n";
break;
}
if (!isset($_GET['accept'])) {
echo "Are you sure you want to delete?<br/>\n";
echo "<a href=\"photo.php?" . SID . "&ver=wml&mod=del&accept\">[Да]</a> <a href=\"menu.php?" . SID . "&ver=wml\">[no]</a><br/>\n";
} else {
if (unlink("photos/" . $id . ".$photo_type")) {
echo "photo successfully removed!<br/>\n";
} else {
echo "remove Error ...<br/>\n";
}
}
break;
default:
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '" . $id . "';");
$photo_type = mysql_result($sql, 0);
echo "Upload photo URL:<br/>\n";
if (file_exists("photos/" . $id . ".$photo_type")) {
echo "To upload a new photo, remove the current.<br/>\n";
echo " photo:<br/>\n";
echo "<img src=\"photos/" . $id . ".$photo_type?" . rand(10000, 99999) . "\" alt=\"photo\" /><br/>\n";
echo "<a href=\"photo.php?" . SID . "&ver=wml&mod=del\">[Remove]</a><br/>\n";
} else {
echo "photo no.<br/>\n";
echo "<a href=\"photo.php?" . SID . "&ver=wml&mod=add\">[Add]</a><br/>\n";
}
}
if (!empty($mod)) echo "<a href=\"photo.php?" . SID . "&ver=wml\">photos</a><br/>\n";
echo "<br/><a href=\"menu.php?" . SID . "&ver=wml\">HALL</a><br/>\n";
list($msec, $sec) = explode(chr(32), microtime());
echo "<br/><small>[" . round(($sec + $msec) - $headtime, 5) . "] sec</small><br/>\n";
require_once "includes/functions/gzip_foot.php";
echo "</p></card></wml>";
ob_end_flush();
break;
// //////////////////////////////////////////////////////
// HTML VERSION
// //////////////////////////////////////////////////////
case 'html':
$my_title = "photos";
if (!isset($_COOKIE['theme'])) $_COOKIE['theme'] = 1;
include_once "themes/" . intval($_COOKIE['theme']) . "/index.php";
// AUTH
$id = intval($_SESSION['id']);
$password = mysql_escape_string($_SESSION['password']);
$q = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '" . $id . "' AND `password` = '" . md5($password) . "';");
if (mysql_num_rows($q) == 0) {
echo "Authorization Failed!<br/>\n";
include_once "themes/" . intval($_COOKIE['theme']) . "/foot.php";
exit();
}
// END AUTH
$level = mysql_result($q, 0);
// ONLINE
$online = time() + 60;
$update = mysql_query("UPDATE `chat_users` SET `time` = '" . $online . "', `place` = 0, `ip` = '" . getenv('REMOTE_ADDR') . "', `ua` = '" . htmlspecialchars(getenv('HTTP_USER_AGENT')) . "' WHERE `id` = '" . $id . "';");
// END ONLINE
if (isset($_GET['mod'])) {
$mod = $_GET['mod'];
} else {
$mod = "";
}
if (isset($_GET['mod'])) {
$mod = $_GET['mod'];
} else {
$mod = "";
}
switch ($mod) {
case 'add':
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '" . $id . "';");
$photo_type = mysql_result($sql, 0);
if (file_exists("photos/" . $id . ".$photo_type")) {
echo "Remove the first current photo.<br/>\n";
break;
}
if (!isset($_POST['action']) && !isset($_GET['uid'])) {
echo "<form action=\"photo.php?" . SID . "&ver=html&nocache=$nocache&mod=add\" method=\"post\">\n";
echo "Address:<br/>\n";
echo "<input type=\"text\" name=\"url\" value=\"http://\" maxlength=\"200\" /><br/>\n";
echo "<input type=\"hidden\" name=\"action\" value=\"auth\" />\n";
echo "<input type=\"submit\" value=\"Upload\" /></form>\n";
} else {
$url = $_POST['url'];
$photo_info = getimagesize($url);
if (!$photo_info) {
echo "Error loading photos.<br/>\n";
break;
}
switch ($photo_info[2]) {
default:
echo "only allowed JPEG, GIF, PNGG.<br/>\n";
echo "<a href=\"photo.php?" . SID . "&ver=html\">photos</a><br/>\n";
echo "<br/><a href=\"menu.php?" . SID . "&ver=html\">HALL</a><br/>";
include_once "themes/" . intval($_COOKIE['theme']) . "/foot.php";
exit();
break;
// GIF
case 1:
$sql = mysql_query("UPDATE `chat_users` SET `photo` = 'gif' WHERE `id` = '" . $id . "';");
$pd = imagecreatefromgif($url);
imagegif($pd, "photos/" . $id . ".gif");
imagedestroy($pd);
echo "photo successfully loaded!<br/>\n";
echo "<img src=\"photos/" . $id . ".gif?" . rand(10000, 99999) . "\" alt=\"photo\" /><br/>\n";
break;
// JPEG
case 2:
$sql = mysql_query("UPDATE `chat_users` SET `photo` = 'jpg' WHERE `id` = '" . $id . "';");
$pd = imagecreatefromjpeg($url);
imagejpeg($pd, "photos/" . $id . ".jpg");
imagedestroy($pd);
echo "photo successfully loaded!<br/>\n";
echo "<img src=\"photos/" . $id . ".jpg?" . rand(10000, 99999) . "\" alt=\"photo\" /><br/>\n";
break;
// PNG
case 3:
$sql = mysql_query("UPDATE `chat_users` SET `photo` = 'png' WHERE `id` = '" . $id . "';");
$pd = imagecreatefrompng($url);
imagepng($pd, "photos/" . $id . ".png");
imagedestroy($pd);
echo "photo successfully loaded!<br/>\n";
echo "<img src=\"photos/" . $id . ".png?" . rand(10000, 99999) . "\" alt=\"photo\" /><br/>\n";
break;
}
}
break;
case 'del':
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '" . $id . "';");
$photo_type = mysql_result($sql, 0);
if (!file_exists("photos/" . $id . ".$photo_type")) {
echo "photo does not exist.<br/>\n";
break;
}
if (!isset($_GET['accept'])) {
echo "Are you sure you want to delete?<br/>\n";
echo "<a href=\"photo.php?" . SID . "&ver=html&mod=del&accept\">[Да]</a> <a href=\"menu.php?" . SID . "&ver=html\">[Нет]</a><br/>\n";
} else {
if (unlink("photos/" . $id . ".$photo_type")) {
echo "photo successfully removed!<br/>\n";
} else {
echo "remove Error ...<br/>\n";
}
}
break;
default:
$sql = mysql_query("SELECT `photo` FROM `chat_users` WHERE `id` = '" . $id . "';");
$photo_type = mysql_result($sql, 0);
echo "Upload photo через URL (Addressу):<br/>\n";
if (file_exists("photos/" . $id . ".$photo_type")) {
echo "To upload a new photo, remove the current.<br/>\n";
echo "photo:<br/>\n";
echo "<img src=\"photos/" . $id . ".$photo_type?" . rand(10000, 99999) . "\" alt=\"photo\" /><br/>\n";
echo "<a href=\"photo.php?" . SID . "&ver=html&mod=del\">[Remove]</a><br/>\n";
} else {
echo "photo no.<br/>\n";
echo "<a href=\"photo.php?" . SID . "&ver=html&mod=add\">[Add]</a><br/>\n";
}
echo "<a href=\"upload.php?" . SID . "&ver=html\">[upload via HTML-form]</a><br/>\n";
}
if (!empty($mod)) echo "<a href=\"photo.php?" . SID . "&ver=html\">photo</a><br/>\n";
echo "<a href=\"menu.php?" . SID . "&ver=html\">HALL</a><br/>";
include_once "themes/" . intval($_COOKIE['theme']) . "/foot.php";
break;
}
?>