ok, i dont understand this error, i will give you the code for my member.php file...
I'm not sure if it will work, if not, reinstall, (using instructions on 1st page)
ofcourse this may be a problem if you use more than 1 mod.
if you do so reinstall (which would mean reinstalling 4images) and would like to keep you settings and files...
keep a copy of your database and any files which have been modded, and the config file and all the files which have been uploaded
and THEN reinstall the program, then re-insert database
values (or at least th ones you can) and replace files and then you can install my mod... btw, the program has only been tested on 4images 1.7
[code]
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: member.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web:
http://www.4homepages.de *
* Scriptversion: 1.7.1 *
* *
* Never released without support from: Nicky (
http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) für weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
$main_template = "member";
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/page_header.php');
if ($action == "") {
$action = "lostpassword";
}
$content = "";
$txt_clickstream = "";
$sendprocess = 0;
if (isset($HTTP_GET_VARS[URL_COMMENT_ID]) || isset($HTTP_POST_VARS[URL_COMMENT_ID])) {
$comment_id = (isset($HTTP_GET_VARS[URL_COMMENT_ID])) ? intval($HTTP_GET_VARS[URL_COMMENT_ID]) : intval($HTTP_POST_VARS[URL_COMMENT_ID]);
}
else {
$comment_id = 0;
}
if ($action == "deletecomment") {
if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT c.comment_id, c.user_id AS comment_user_id, i.image_id, i.cat_id, i.user_id, i.image_name
FROM ".COMMENTS_TABLE." c, ".IMAGES_TABLE." i
WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".$comment_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['comment_delete'];
$sql = "UPDATE ".IMAGES_TABLE."
SET image_comments = image_comments - 1
WHERE image_id = ".$comment_row['image_id'];
$site_db->query($sql);
if ($comment_row['comment_user_id'] != GUEST) {
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
WHERE ".get_user_table_field("", "user_id")." = ".$comment_row['comment_user_id'];
$site_db->query($sql);
}
$sql = "DELETE FROM ".COMMENTS_TABLE."
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_delete_success'] : $lang['comment_delete_error'];
}
if ($action == "removecomment") {
if (!$comment_id || ($config['user_delete_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
FROM ".COMMENTS_TABLE." c, ".IMAGES_TABLE." i
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".$comment_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['comment_delete'];
if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
$user_name = $comment_row[$user_table_fields['user_name']];
}
else {
$user_name = $comment_row['comment_user_name'];
}
$site_template->register_vars(array(
"comment_id" => $comment_id,
"image_name" => htmlspecialchars($comment_row['image_name']),
"user_name" => htmlspecialchars($user_name),
"comment_headline" => format_text($comment_row['comment_headline'], 0, $config['wordwrap_comments'], 0, 0),
"comment_text" => format_text($comment_row['comment_text'], $config['html_comments'], $config['wordwrap_comments'], $config['bb_comments'], $config['bb_img_comments']),
"lang_delete_comment" => $lang['comment_delete'],
"lang_delete_comment_confirm" => $lang['comment_delete_confirm'],
"lang_image_name" => $lang['image_name'],
"lang_name" => $lang['name'],
"lang_headline" => $lang['headline'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$content = $site_template->parse_template("member_deletecomment");
}
if ($action == "updatecomment") {
if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT c.comment_id, c.image_id, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
FROM ".COMMENTS_TABLE." c, ".IMAGES_TABLE." i
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".$comment_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['comment_edit'];
$error = 0;
$comment_headline = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_headline']));
$comment_text = un_htmlspecialchars(trim($HTTP_POST_VARS['comment_text']));
if ($comment_headline == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['headline']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
if ($comment_text == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['comment']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
if (!$error) {
$sql = "UPDATE ".COMMENTS_TABLE."
SET comment_headline = '$comment_headline', comment_text = '$comment_text'
WHERE comment_id = $comment_id";
$result = $site_db->query($sql);
$msg = ($result) ? $lang['comment_edit_success'] : $lang['comment_edit_error'];
}
else {
$action = "editcomment";
$sendprocess = 1;
}
}
if ($action == "editcomment") {
if (!$comment_id || ($config['user_edit_comments'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT c.comment_id, c.image_id, c.user_id AS comment_user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, i.image_name, i.cat_id, i.user_id".get_user_table_field(", u.", "user_name")."
FROM ".COMMENTS_TABLE." c, ".IMAGES_TABLE." i
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = c.user_id)
WHERE c.comment_id = $comment_id AND i.image_id = c.image_id";
$comment_row = $site_db->query_firstrow($sql);
if (!$comment_row || $comment_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $comment_row['user_id'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = get_category_path($comment_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$comment_row['image_id'])."\" class=\"clickstream\">".$comment_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['comment_edit'];
$comment_headline = (isset($HTTP_POST_VARS['comment_headline'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_headline']))) : $comment_row['comment_headline'];
$comment_text = (isset($HTTP_POST_VARS['comment_text'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['comment_text']))) : $comment_row['comment_text'];
if (isset($comment_row[$user_table_fields['user_name']]) && $comment_row['comment_user_id'] != GUEST) {
$user_name = $comment_row[$user_table_fields['user_name']];
}
else {
$user_name = $comment_row['comment_user_name'];
}
$bbcode = "";
if ($config['bb_comments'] == 1) {
$site_template->register_vars(array(
"lang_bbcode" => $lang['bbcode'],
"lang_tag_prompt" => $lang['tag_prompt'],
"lang_link_text_prompt" => $lang['link_text_prompt'],
"lang_link_url_prompt" => $lang['link_url_prompt'],
"lang_link_email_prompt" => $lang['link_email_prompt'],
"lang_list_type_prompt" => $lang['list_type_prompt'],
"lang_list_item_prompt" => $lang['list_item_prompt']
));
$bbcode = $site_template->parse_template("bbcode");
}
$site_template->register_vars(array(
"bbcode" => $bbcode,
"comment_id" => $comment_id,
"image_name" => htmlspecialchars($comment_row['image_name']),
"user_name" => htmlspecialchars($user_name),
"comment_headline" => htmlspecialchars($comment_headline),
"comment_text" => htmlspecialchars($comment_text),
"lang_edit_comment" => $lang['comment_edit'],
"lang_image_name" => $lang['image_name'],
"lang_name" => $lang['name'],
"lang_headline" => $lang['headline'],
"lang_comment" => $lang['comment'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$content = $site_template->parse_template("member_editcomment");
}
if ($action == "deleteimage") {
if (!$image_id || ($config['user_delete_image'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$sql = "SELECT image_id, cat_id, user_id, image_name, image_media_file, image_thumb_file
FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = $lang['image_delete'];
$sql = "DELETE FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$del_img = $site_db->query($sql);
if (!is_remote($image_row['image_media_file']) && !is_local_file($image_row['image_media_file'])) {
@unlink(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);
}
if (!empty($image_row['image_thumb_file']) && !is_remote($image_row['image_thumb_file']) && !is_local_file($image_row['image_thumb_file'])) {
@unlink(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']);
}
include(ROOT_PATH.'includes/search_utils.php');
remove_searchwords($image_id);
if (!empty($user_table_fields['user_comments'])) {
$sql = "SELECT user_id
FROM ".COMMENTS_TABLE."
WHERE image_id = $image_id";
$result = $site_db->query($sql);
$user_id_sql = "";
while ($row = $site_db->fetch_array($result)) {
if ($row['user_id'] != GUEST) {
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_comments")." = ".get_user_table_field("", "user_comments")." - 1
WHERE ".get_user_table_field("", "user_id")." = ".$row['user_id'];
$site_db->query($sql);
}
}
}
$sql = "DELETE FROM ".COMMENTS_TABLE."
WHERE image_id = $image_id";
$del_com = $site_db->query($sql);
if ($del_img) {
$msg = $lang['image_delete_success'].". <p class=\"smalltext\" align=\"right\">".$lang['return_to'].get_category_path($image_row['cat_id'], 1)."</p>";
}
else {
$msg = $lang['image_delete_error'];
}
}
if ($action == "removeimage") {
if (!$image_id || ($config['user_delete_image'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$sql = "SELECT image_id, cat_id, user_id, image_name
FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['image_delete'];
$site_template->register_vars(array(
"image_id" => $image_id,
"image_name" => htmlspecialchars($image_row['image_name']),
"lang_delete_image" => $lang['image_delete'],
"lang_delete_image_confirm" => $lang['image_delete_confirm'],
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
$content = $site_template->parse_template("member_deleteimage");
}
if ($action == "updateimage") {
if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
}
$sql = "SELECT image_id, cat_id, user_id, image_name
FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['image_edit'];
$error = 0;
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
$image_exif = "";
$image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
$image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
$image_keywords = str_replace(","," ",$image_keywords);
$image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);
if ($image_name == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
}
}
if (!$error) {
$additional_sql = "";
if (isset($HTTP_POST_VARS['image_allow_comments'])) {
$additional_sql .= ", image_allow_comments = ".intval($HTTP_POST_VARS['image_allow_comments']);
}
if (!empty($additional_image_fields)) {
$table_fields = $site_db->get_table_fields(IMAGES_TABLE);
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
$additional_sql .= ", $key = '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
}
}
}
$sql = "UPDATE ".IMAGES_TABLE."
SET image_name = '$image_name', image_description = '$image_description', image_keywords = '$image_keywords'".$additional_sql."
WHERE image_id = $image_id";
$result = $site_db->query($sql);
if ($result) {
include(ROOT_PATH.'includes/search_utils.php');
$search_words = array();
foreach ($search_match_fields as $image_column => $match_column) {
if (isset($HTTP_POST_VARS[$image_column])) {
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
}
}
remove_searchwords($image_id);
add_searchwords($image_id, $search_words);
$msg = $lang['image_edit_success'];
}
else {
$msg = $lang['image_edit_error'];
}
}
else {
$action = "editimage";
$sendprocess = 1;
}
}
if ($action == "editimage") {
if (!$image_id || ($config['user_edit_image'] != 1 && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$additional_sql = "";
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
$additional_sql .= ", ".$key;
}
}
$sql = "SELECT image_id, cat_id, user_id, image_name, image_description, image_keywords, image_allow_comments".$additional_sql."
FROM ".IMAGES_TABLE."
WHERE image_id = $image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row || $image_row['user_id'] <= USER_AWAITING || ($user_info['user_id'] != $image_row['user_id'] && $user_info['user_level'] != ADMIN)) {
header("Location: ".$site_sess->url($url, "&"));
exit;
}
$txt_clickstream = get_category_path($image_row['cat_id'], 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
$txt_clickstream .= $lang['image_edit'];
$image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_name']))) : $image_row['image_name'];
$image_description = (isset($HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_description']))) : $image_row['image_description'];
$image_keywords = (isset($HTTP_POST_VARS['image_keywords'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_keywords']))) : $image_row['image_keywords'];
$image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments'])) ? intval($HTTP_POST_VARS['image_allow_comments']) : $image_row['image_allow_comments'];
$site_template->register_vars(array(
"image_id" => $image_id,
"image_name" => htmlspecialchars($image_name),
"image_description" => htmlspecialchars($image_description),
"image_keywords" => htmlspecialchars($image_keywords),
"image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "",
"image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "",
"lang_edit_image" => $lang['image_edit'],
"lang_image_name" => $lang['image_name'],
"lang_description" => $lang['description'],
"lang_keywords" => $lang['keywords_ext'],
"lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "",
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
if (!empty($additional_image_fields)) {
$additional_field_array = array();
foreach ($additional_image_fields as $key => $val) {
if ($val[1] == "radio") {
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : $image_row[$key];
if ($value == 1) {
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
$additional_field_array[$key.'_no'] = "";
}
else {
$additional_field_array[$key.'_yes'] = "";
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
}
}
else {
$value = (isset($HTTP_POST_VARS[$key])) ? htmlspecialchars(stripslashes(trim($HTTP_POST_VARS[$key]))) : $image_row[$key];
}
$additional_field_array[$key] = $value;
$additional_field_array['lang_'.$key] = $val[0];
}
if (!empty($additional_field_array)) {
$site_template->register_vars($additional_field_array);
}
}
$content = $site_template->parse_template("member_editimage");
}
if ($action == "uploadimage" || $action=="multiuploadimage") {
if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = "";
if ($cat_id && isset($cat_cache[$cat_id])) {
$txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
}
$txt_clickstream .= $lang['user_upload'];
// $remote_media_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_media_file'])));
// $remote_thumb_file = format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['remote_thumb_file'])));
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
$image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));
$image_keywords = preg_replace("/[\n\r]/is", " ", $image_keywords);
$image_keywords = str_replace(","," ",$image_keywords);
$image_keywords = ereg_replace("( ){2,}", " ", $image_keywords);
$image_active = (isset($HTTP_POST_VARS['image_active']) && $HTTP_POST_VARS['image_active'] == 0) ? 0 : 1;
$image_allow_comments = (isset($HTTP_POST_VARS['image_allow_comments']) && $HTTP_POST_VARS['image_allow_comments'] == 0) ? 0 : 1;
$image_download_url = (isset($HTTP_POST_VARS['image_download_url'])) ? format_url(un_htmlspecialchars(trim($HTTP_POST_VARS['image_download_url']))) : "";
$direct_upload = (check_permission("auth_directupload", $cat_id)) ? 1 : 0;
$upload_cat = ($direct_upload) ? $cat_id : 0;
$error = 0;
$uploaderror = 0;
if ($cat_id == 0) {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['category']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
//NO IMAGE FILE SPECIFIED
if ((empty($HTTP_POST_FILES['media_file']['tmp_name']) || $HTTP_POST_FILES['media_file']['tmp_name'] == "none") /*&& ($remote_media_file == "" || !check_remote_media($remote_media_file))*/) {
$error = 1;
$msg .= (($msg != "") ? "<br />" : "").$lang['image_file_required'];
}
if ($image_name == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['image_name']), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
$error = 1;
$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
$msg .= (($msg != "") ? "<br />" : "").$field_error;
}
}
}
// Required fields set: Start Upload
if (!$error) {
//MULTI FILE UPLOAD
$fileext="";
while(isset($HTTP_POST_FILES['media_file'.$fileext]))
{
if(!(empty($HTTP_POST_FILES['media_file'.$fileext]['tmp_name']) || $HTTP_POST_FILES['media_file'.$fileext]['tmp_name'] == "none"))
{
include_once(ROOT_PATH.'includes/upload.php');
$site_upload = new Upload();
// Upload Media file
// if (!empty($HTTP_POST_FILES['media_file.$fileext']['tmp_name']) && $HTTP_POST_FILES['media_file.$fileext']['tmp_name'] != "none")
// {
$new_name = $site_upload->upload_file("media_file".$fileext, "media", $upload_cat);
if (!$new_name)
{
$msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['file_upload_error'].": ".$new_name."</b><br />".$site_upload->get_upload_errors();
$uploaderror = 1;
}
// }
/* else {
$new_name = $remote_media_file;
}
*/
// Upload thumb file
$new_thumb_name = "";
if (!empty($HTTP_POST_FILES['thumb_file']['tmp_name']) && $HTTP_POST_FILES['thumb_file']['tmp_name'] != "none" && !$uploaderror) {
$new_thumb_name = $site_upload->upload_file("thumb_file", "thumb", $upload_cat, basename($new_name));
if (!$new_thumb_name) {
$msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['thumb_upload_error'].": ".$new_thumb_name."</b><br />".$site_upload->get_upload_errors();
@unlink(MEDIA_TEMP_PATH."/".$new_name);
$uploaderror = 1;
}
}
/* elseif (check_remote_thumb($remote_thumb_file)) {
$new_thumb_name = $remote_thumb_file;
}
*/
elseif ($config['auto_thumbnail'] == 1 && !empty($HTTP_POST_FILES['media_file'.$fileext]['tmp_name']) && $HTTP_POST_FILES['media_file'.$fileext]['tmp_name'] != "none" && !$uploaderror) {
if ($direct_upload) {
$src = MEDIA_PATH."/".$cat_id."/".$new_name;
$dest = THUMB_PATH."/".$cat_id."/".$new_name;
}
else {
$src = MEDIA_TEMP_PATH."/".$new_name;
$dest = THUMB_TEMP_PATH."/".$new_name;
}
$do_create = 0;
if ($image_info = @getimagesize($src)) {
if ($image_info[2] == 1 || $image_info[2] == 2 || $image_info[2] == 3) {
$do_create = 1;
}
}
if ($do_create) {
require_once(ROOT_PATH.'includes/image_utils.php');
$convert_options = init_convert_options();
if (!$convert_options['convert_error']) {
$dimension = (intval($config['auto_thumbnail_dimension'])) ? intval($config['auto_thumbnail_dimension']) : 100;
$resize_type = (intval($config['auto_thumbnail_resize_type'])) ? intval($config['auto_thumbnail_resize_type']) : 1;
$quality = (intval($config['auto_thumbnail_quality']) && intval($config['auto_thumbnail_quality']) <= 100) ? intval($config['auto_thumbnail_quality']) : 100;
$rotate=0;
if(preg_match("/Orientation:.{0,2}(Lower Right)|(Upper Right)|(Lower Left)/i",$site_upload->exif_txt,$matches))
$rotate = ($matches[3])?270:(($matches[2])?90:180);
if (create_thumbnail($src, $dest, $quality, $dimension, $resize_type, $rotate)) {
$new_thumb_name = $new_name;
}
}
}
}
//--------------------------------------------
//--------- Auto Image Resizing --------------
//--------------------------------------------
if ($config['auto_image'] && !$uploaderror)
{
if ($direct_upload) {
$src = MEDIA_PATH."/".$cat_id."/".$new_name;
}
else {
$src = MEDIA_TEMP_PATH."/".$new_name;
}
$do_resize = 0;
if ($image_info = @getimagesize($src)) {
if ($image_info[2] == 1 || $image_info[2] == 2 || $image_info[2] == 3) {
$do_resize = 1;
}
}
if ($do_resize) {
if (!function_exists(init_convert_options)) {
require_once(ROOT_PATH.'includes/image_utils.php');
}
//check if rotation is needed
$rotate_image=0;
if(preg_match("/Orientation:.{0,2}(Lower Right)|(Upper Right)|(Lower Left)/i",$site_upload->exif_txt,$matches))
$rotate_image = ($matches[3])?270:(($matches[2])?90:180);
//Check if image size is good or not
$smaller = ($image_info[0]<$image_info[1])?$image_info[0]:$image_info[1];
$bigger = ($image_info[0]<$image_info[1])?$image_info[1]:$image_info[0];
//0-none, 1-resize, 2-rotate, 3-both
$transform = 0;
//echo "TR: $transform <br>";
$transform |= ($bigger > $config['max_image_width'] || $smaller > $config['max_image_height'])?1:0;
//echo "TR: $transform <br>";
$transform |= ($rotate_image>0)?2:0;
//echo "TR: $transform <br>";
if ($transform>0)
//if ($image_info[0] > $config['max_image_width'] || $image_info[1] > $config['max_image_height'] || ($rotate_image>0))
{
$convert_options = init_convert_options();
if (!$convert_options['convert_error']) {
$quality = (intval($config['auto_image_quality']) && intval($config['auto_image_quality']) <= 100) ? intval($config['auto_image_quality']) : 100;
if (!resize_image($src, $quality, $config['max_image_width'], $config['max_image_height'], 1, /*$config['max_image_height'],*/ $rotate_image, $transform)) {
$msg .= (($msg != "") ? "<br />" : "")."<b>".$lang['file_upload_error'].": ".$new_name;
$uploaderror = 1;
}
}
}
}
}
//-------------------------------------------
//-------------------------------------------
//-------------------------------------------
if (!$uploaderror) {
$additional_field_sql = "";
$additional_value_sql = "";
if (!empty($additional_image_fields)) {
$table = ($direct_upload) ? IMAGES_TABLE : IMAGES_TEMP_TABLE;
$table_fields = $site_db->get_table_fields($table);
foreach ($additional_image_fields as $key => $val) {
if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
$additional_field_sql .= ", $key";
$additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
}
}
}
$image_exif = $site_upload->exif_txt;
$current_time = time();
$imgname = ($fileext!="")?"$image_name $fileext":$image_name;
if ($direct_upload) {
$sql = "INSERT INTO ".IMAGES_TABLE."
(cat_id, user_id, image_name, image_description, image_keywords, image_date, image_active, image_media_file, image_thumb_file, image_download_url, image_allow_comments".$additional_field_sql.")
VALUES
($cat_id, ".$user_info['user_id'].", '$imgname', '$image_description', '$image_keywords', $current_time, $image_active, '$new_name', '$new_thumb_name', '$image_download_url', $image_allow_comments".$additional_value_sql.")";
$result = $site_db->query($sql);
$image_id = $site_db->get_insert_id();
if ($result) {
include_once(ROOT_PATH.'includes/search_utils.php');
$search_words = array();
foreach ($search_match_fields as $image_column => $match_column) {
if (isset($HTTP_POST_VARS[$image_column])) {
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
}
}
add_searchwords($image_id, $search_words);
}
}
else {
$sql = "INSERT INTO ".IMAGES_TEMP_TABLE."
(cat_id, user_id, image_name, image_description, image_keywords, image_date, image_media_file, image_thumb_file, image_download_url".$additional_field_sql.")
VALUES
($cat_id, ".$user_info['user_id'].", '$image_name', '$image_description', '$image_keywords', $current_time, '$new_name', '$new_thumb_name', '$image_download_url'".$additional_value_sql.")";
$result = $site_db->query($sql);
}
if ($config['upload_notify'] == 1 && !$direct_upload) {
include_once(ROOT_PATH.'includes/email.php');
$site_email = new Email();
$config['upload_emails'] = str_replace(" ", "", $config['upload_emails']);
$emails = explode(",", $config['upload_emails']);
$validation_url = $script_url."/admin/index.php?goto=".urlencode("validateimages.php?action=validateimages");
$site_email->set_to($config['site_email']);
$site_email->set_subject($lang['new_upload_emailsubject']);
$site_email->register_vars(array(
"image_name" => stripslashes($image_name),
"file_name" => $new_name,
"cat_name" => $cat_cache[$cat_id]['cat_name'],
"validation_url" => $validation_url,
"site_name" => $config['site_name']
));
$site_email->set_body("upload_notify", $config['language_dir_default']);
$site_email->set_bcc($emails);
$site_email->send_email();
}
$msg .= ucfirst($lang['image']).": <b>".stripslashes($image_name)."</b> (".$new_name.")";
$msg .= " ".$lang['image_added_to'].get_category_path($cat_id, 1)."<br>";
$msg .= (!$direct_upload) ? "<br />".$lang['new_upload_validate_desc'] : "";
$file_extension = get_file_extension($new_name);
$file = (is_remote($new_name)) ? $new_name : (($direct_upload) ? MEDIA_PATH."/".$cat_id."/".$new_name : MEDIA_TEMP_PATH."/".$new_name);
$width_height = "";
if (!is_remote($file) && $imageinfo = @getimagesize($file)) {
$width_height = " ".$imageinfo[3];
}
$media_icon = "<img src=\"".ICON_PATH."/".$file_extension.".gif\" border=\"0\" alt=\"\" />";
$site_template->register_vars(array(
"media_src" => $file,
"media_icon" => $media_icon,
"image_name" => stripslashes($image_name),
"width_height" => $width_height
));
$media = $site_template->parse_template("media/".$file_extension);
$content .= "<table border=\"0\" align=\"center\">\n<tr>\n<td>\n".$media."\n</td>\n</tr>\n</table>\n";
$good=1;
}
else {
//Atleast 1 multifile succeeded.
if(count($HTTP_POST_FILES) && $good==1)
{
$action = "multiuploadform";
break;
}
else
{
$action=($action=="multiuploadimage")?"multiuploadform":"uploadform";
$sendprocess = 1;
break; //break the while if any image upload fails
}
}
}//endif
$fileext=($fileext=="")?2:$fileext+1;
}//end while
}//end if
else
{
$action = "uploadform";
$sendprocess = 1;
}
}//end upload action
//Show the form
if ($action == "uploadform" || $action == "multiuploadform") {
if ($cat_id != 0 && (!isset($cat_cache[$cat_id]) || !check_permission("auth_upload", $cat_id))) {
show_error_page($lang['no_permission']);
exit;
}
$txt_clickstream = "";
if ($cat_id && isset($cat_cache[$cat_id])) {
$txt_clickstream .= get_category_path($cat_id, 1).$config['category_separator'];
}
$txt_clickstream .= $lang['user_upload'];
if (!$sendprocess) {
// $remote_media_file = "";
// $remote_thumb_file = "";
$image_name = "";
$image_description = "";
$image_keywords = "";
$image_download_url = "";
$image_allow_comments = 1;
}
$site_template->register_vars(array(
"cat_id" => $cat_id,
"cat_name" => ($cat_id != 0) ? htmlspecialchars($cat_cache[$cat_id]['cat_name']) : get_category_dropdown($cat_id),
// "remote_media_file" => htmlspecialchars(stripslashes($remote_media_file)),
// "remote_thumb_file" => htmlspecialchars(stripslashes($remote_thumb_file)),
"image_name" => htmlspecialchars(stripslashes($image_name)),
"image_description" => htmlspecialchars(stripslashes($image_description)),
"image_keywords" => htmlspecialchars(stripslashes($image_keywords)),
"image_allow_comments_yes" => ($image_allow_comments) ? " checked=\"checked\"" : "",
"image_allow_comments_no" => (!$image_allow_comments) ? " checked=\"checked\"" : "",
"image_download_url" => htmlspecialchars(stripslashes($image_download_url)),
"lang_category" => $lang['category'],
"lang_user_upload" => $lang['user_upload'],
"lang_media_file" => $lang['media_file'],
"lang_thumb_file" => $lang['thumb_file'],
"lang_allowed_file_types" => $lang['allowed_mediatypes_desc'],
"allowed_media_types" => str_replace(",",", ",$config['allowed_mediatypes']),
"allowed_thumb_types" => "jpg, gif, png",
"lang_max_filesize" => $lang['max_filesize'],
"lang_max_imagewidth" => $lang['max_imagewidth'],
"lang_max_imageheight" => $lang['max_imageheight'],
"max_thumb_filsize" => $config['max_thumb_size']." ".$lang['kb'],
"max_thumb_imagewidth" => $config['max_thumb_width']." ".$lang['px'],
"max_thumb_imageheight" => $config['max_thumb_height']." ".$lang['px'],
"max_media_filsize" => $config['max_media_size']." ".$lang['kb'],
"max_media_imagewidth" => $config['max_image_width']." ".$lang['px'],
"max_media_imageheight" => $config['max_image_height']." ".$lang['px'],
"lang_image_name" => $lang['image_name'],
"lang_description" => $lang['description'],
"lang_keywords" => $lang['keywords_ext'],
"lang_allow_comments" => isset($lang['allow_comments']) ? $lang['allow_comments'] : "",
"lang_submit" => $lang['submit'],
"lang_reset" => $lang['reset'],
"lang_yes" => $lang['yes'],
"lang_no" => $lang['no']
));
if (!empty($additional_image_fields)) {
$additional_field_array = array();
foreach ($additional_image_fields as $key => $val) {
if ($val[1] == "radio") {
$value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
if ($value == 1) {
$additional_field_array[$key.'_yes'] = " checked=\"checked\"";
$additional_field_array[$key.'_no'] = "";
}
else {
$additional_field_array[$key.'_yes'] = "";
$additional_field_array[$key.'_no'] = " checked=\"checked\"";
}
}
else {
$value = (isset($HTTP_POST_VARS[$key])) ? htmlspecialchars(stripslashes(trim($HTTP_POST_VARS[$key]))) : "";
}
$additional_field_array[$key] = $value;
$additional_field_array['lang_'.$key] = $val[0];
}
if (!empty($additional_field_array)) {
$site_template->register_vars($additional_field_array);
}
}
if($action == "multiuploadform" || $action=="multiuploadimage")
{
$content = '<script language="Javascript"> var sid="'.$sid.'" </script> '.$site_template->parse_template("member_multiuploadform");
}
else
{
$content = $site_template->parse_template("member_uploadform");
}
}
if ($action == "emailuser") {
$txt_clickstream = $lang['profile'];
$user_id = (isset($HTTP_POST_VARS[URL_USER_ID])) ? intval($HTTP_POST_VARS[URL_USER_ID]) : GUEST;
$error = 0;
if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) {
show_error_page($lang['no_permission']);
exit;
}
$subject = stripslashes(trim($HTTP_POST_VARS['subject']));
$message = stripslashes(trim($HTTP_POST_VARS['message']));
if ($subject == "" || $message == "") {
$msg = $lang['lostfield_error'];
$sendprocess = 1;
$error = 1;
}
if (!$error) {
if ($user_row = get_user_info($user_id)) {
if (isset($user_row['user_showemail']) && $user_row['user_showemail'] == 0) {
$content = $lang['invalid_user_id'];
}
else {
$sender_user_name = ($user_info['user_level'] != GUEST) ? (isset($user_info['user_name']) ? $user_info['user_name'] : $lang['userlevel_user']) : $lang['userlevel_guest'];
$sender_user_email = ($user_info['user_level'] != GUEST && isset($user_info['user_email'])) ? $user_info['user_email'] : $config['site_email'];
// Start Emailer
include(ROOT_PATH.'includes/email.php');
$site_email = new Email();
$site_email->set_from($sender_user_email, $sender_user_name);
$site_email->set_to($user_row['user_email']);
$site_email->set_subject($subject);
$site_email->register_vars(array(
"sender_user_name" => $sender_user_name,
"sender_user_email" => $sender_user_email,
"message" => $message,
"site_name" => $config['site_name']
));
$site_email->set_body("mailform_message", $config['language_dir']);
