diff --git a/img/helper.get.php b/img/helper.get.php new file mode 100644 index 0000000..64f794d --- /dev/null +++ b/img/helper.get.php @@ -0,0 +1,225 @@ +

Pictures uploaded from Username: ".$_GET['uname'].":


"; + require('dbsettings.php'); + $uname = sanitize($_GET['uname']); + $sql = 'SELECT * FROM `share` WHERE `username` = "'.$uname.'"'; + + if(!$result = $db->query($sql)){ + die('There was an error running the query [' . $db->error . ']'); + } + + while($row = $result->fetch_assoc()){ + $_SESSION['noimg'] = 'uname'; + $id = $row['id']; + $img = $row['name']; + $location = $row['location']; + $type = $row['type']; + $size = $row['size']; + $time = $row['time']; + $comment = $row['comment']; + $username = $row['username']; + $tags = $row['tags']; + echo "
\"Thumbnail
$img - $time - $size
Tags: "; + $tags = explode(" ", $tags); + foreach($tags as $tag){ + echo "$tag "; // For future use - catagorize by tag + } + echo "

"; + } + $result->free(); + //echo "

"; + } + } + + function tag(){ + if(!empty($_GET['tag'])){ // Show list of pictures according to one tag - maybe multiple tags in the future + echo "

Pictures uploaded with the tag: ".$_GET['tag'].":


"; + require('dbsettings.php'); + $tag = sanitize($_GET['tag']); + $sql = 'SELECT * FROM `share` WHERE `tags` LIKE "%'.$tag.'%"'; + + if(!$result = $db->query($sql)){ + die('There was an error running the query [' . $db->error . ']'); + } + + while($row = $result->fetch_assoc()){ + $_SESSION['noimg'] = 'tag'; + $id = $row['id']; + $img = $row['name']; + $location = $row['location']; + $type = $row['type']; + $size = $row['size']; + $time = $row['time']; + $comment = $row['comment']; + $username = $row['username']; + $tags = $row['tags']; + echo "
\"Thumbnail
$img - $time - $size - Uploader: $username

"; + } + $result->free(); + //echo "

"; + } + } + + function search(){ + if(!empty($_GET['search'])){ // Show list of pictures according to search term + $search = sanitize($_GET['search']); + $search = explode(" ", $search); + echo "

Pictures found using search terms: "; + foreach ($search as $searches){ + echo $searches." "; + } + echo ":


"; + require('dbsettings.php'); + $sql = "SELECT * FROM `share` WHERE `tags` LIKE '%".$search[0]."%'"; + for($i=1; $iquery($sql)){ + die('There was an error running the query [' . $db->error . ']'); + } + + while($row = $result->fetch_assoc()){ + $_SESSION['noimg'] = 'search'; + $id = $row['id']; + $img = $row['name']; + $location = $row['location']; + $type = $row['type']; + $size = $row['size']; + $time = $row['time']; + $comment = $row['comment']; + $username = $row['username']; + $tags = $row['tags']; + echo "
\"Thumbnail
$img - $time - $size - Uploader: $username
"; + } + $result->free(); + //echo "

"; + } + } + + function upload(){ + if(isset($_GET['upload'])){ + $max_file_size="4096"; + $file_uploads="1"; + $websitename="UnPS-GAMA Image Host Uploader"; + $allow_types=array("jpg","gif","png","bmp","JPEG","JPG","GIF","PNG"); + echo " +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+

Upload Pictures Here

+ 
All fields required
+
+ Allowed Types: jpg, gif, png, bmp
+ Max size per file: 4 MB. +
Select File:
Your Name:
Comment:
Tags (spaces only):
+ +   + +
+
+
+

+ "; + } + if(isset($_POST['submit'])){ + if(!isset($_POST['username']) || !isset($_POST['comment']) || !isset($_POST['tags'])) die("Please fill in the form completly"); + require('dbsettings.php'); + + $location = 'Pictures'; + $extensions = array('png', 'gif', 'jpg', 'jpeg', 'bmp'); + $short = substr(number_format(time() * mt_rand(),0,'',''),0,10); + $short = base_convert($short, 10, 36); + + $upusername = $_POST['username']; + $upcomment = $_POST['comment']; + $tags = $_POST['tags']; + $name = $_FILES["file"]["name"]; + $type = $_FILES["file"]["type"]; + $size = ($_FILES["file"]["size"] / 1024); // get size of file in Kb + + $name = cln_file_name($name); + $type = sanitize($type); + $size = sanitize($size); + $upcomment = comment($upcomment); + $tags = sanitize($tags); + $upusername = sanitize($upusername); + + //$notspace = array("\,", ".", "/", "\\", ":", "-", "_", "+", "=", "~", "#", "&", ""); + //$tags = preg_replace($notspace, " ", $tags); + + $size = round($size, 2)." Kb"; + $time = date("d/j/y - g:i:s a"); + + $file_ext = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION); + if(!in_array($file_ext, $extensions))die("Wrong or no file extension"); // stop the upload if it's wrong + $name = $short.".".$file_ext; + + if (($_FILES["file"]["size"] < 4000000000)){ + if ($_FILES["file"]["error"] > 0){ + echo "Return Code: " . $_FILES["file"]["error"] . "
"; + }else{ + if (file_exists("Pictures/" . $name)){ + echo $name." already exists. "; + }else{ + if(preg_match('/php/i', $name) || preg_match('/phtml/i', $name) || preg_match('/htaccess/i', $name)){ + echo $name." is not allowed, sorry about that..."; + }else{ + // Somehow bump one of the images from the recently upload table and add new image in its place + $sql="INSERT INTO `share` (name, location, type, size, time, comment, username, tags) VALUES ('$name', '$location', '$type', '$size', '$time', '$upcomment', '$upusername', '$tags')"; + if($result = $db->query($sql)){ + move_uploaded_file($_FILES["file"]["tmp_name"], "Pictures/" . $name); + $donefile = 'Pictures/'.$name; + genthumb($donefile); + echo "Stored at: ". $name.""; + }elseif(!$result = $db->query($sql)){ + die('There was a problem trying to upload your file - [' . $db->error . ']'); + }else{ + echo "There was a problem trying to upload your file - Could be a database error"; + } + } + } + } + }else{ + die("File too big!"); + } + } + } + +?> \ No newline at end of file