výsledný script by mal vyzerat takto - Title, description, category, url, upload image,
Pôvodný script
Kód: Vybrať všetko
<?php
session_start();
define('PAGE', 'site');
require ('includes/config.php');
require ('templates/'. $session->info['template'] .'/submit.template.php');
require ('languages/'. $session->info['language'] .'/submit.lang.php');
// So should we allow uploading files
if ($settings['submit'] == 0)
no_page();
// maybe we only want logged in users to submit files
if ($session->info['status'] != '1' && $settings['submit'] == 2)
please_log_in();
// no need for image verification if user logged in
if ($settings['image_verification'] == 1 && $session->info['status'] == 1)
$settings['image_verification'] = 0;
// Upload file (when everything is OK)
if (isset($_POST['submit_file'])) {
$txt['error'] = '';
// check title
if (empty($_POST['title']) || strlen($_POST['title']) > 50)
$txt['error'] = $lang['invalid_title'] .' ';
else {
// Check if file is already in our database
if (count_rows($tbl_prefix .'files', "title = '". nohtml($_POST['title']) ."'") > 0)
$txt['error'] = $lang['file_in_database'] .' ';
}
// we should also have description
if (empty($_POST['description']) || strlen($_POST['description']) > 255)
$txt['error'] .= $lang['invalid_description'] .' ';
// category is integer
$_POST['category'] = (int) $_POST['category'];
if (empty($_POST['category']))
$txt['error'] .= $lang['invalid_category'] .' ';
// file type is file type on our server
if (!file_exists('includes/file_type/'. $_POST['file_type'] .'.php'))
$txt['error'] .= $lang['invalid_file_type'] .' ';
// file
if (empty($_FILES['upload_file']['name']))
$txt['error'] .= $lang['file_not_blank'] .' ';
else {
$valid_files = explode('|', $settings['submit_valid_file']);
$file_extension = strtolower(substr($_FILES['upload_file']['name'], -3));
if (!in_array($file_extension, $valid_files))
$txt['error'] .= $lang['invalid_file_extension'] .' ';
else {
if ($_FILES['upload_file']['size'] > $settings['submit_file_size'] * 1024)
$txt['error'] .= $lang['file_too_big'] .' ';
}
}
// image
if (empty($_FILES['upload_image']['name']))
$txt['error'] .= $lang['image_not_blank'] .' ';
else {
$valid_images = explode('|', $settings['submit_valid_image']);
$image_extension = strtolower(substr($_FILES['upload_image']['name'], -3));
if (!in_array($image_extension, $valid_images))
$txt['error'] .= $lang['invalid_image_extension'] .' ';
else {
if ($_FILES['upload_image']['size'] > $settings['submit_image_size'] * 1024)
$txt['error'] .= $lang['image_too_big'] .' ';
}
}
if ($settings['image_verification'] == 1) {
// get image verification code
$code = strtoupper(trim($_POST['verification_code']));
$session->db_sessions(array('verification_code'));
if (strlen($code) != 4 || $code != $session->info['verification_code'])
$txt['error'] .= $lang['invalid_verification_code'];
else
$session->clear_verification();
}
// To upload or not to upload? This is the question.
if (strlen($txt['error']) == 0) {
// So lets upload the file
do {
$uniq_name = substr(md5(uniqid(rand())), 0, 9 );
$file_name = 'on2_'. $uniq_name .'.'. $file_extension;
$image_name = 'on2_'. $uniq_name .'.'. $image_extension;
} while (file_exists('files/'. $settings['filesdir'] .'/'. $file_name) || file_exists('files/image/'. $image_name));
move_uploaded_file($_FILES['upload_file']['tmp_name'], 'files/'. $settings['filesdir'] .'/'. $file_name);
move_uploaded_file($_FILES['upload_image']['tmp_name'], 'files/image/'. $image_name);
$file_size = @getimagesize('files/'. $settings['filesdir'] .'/'. $file_name); // get file size
// Insert into database
mysql_query("INSERT INTO ". $tbl_prefix ."files
(file, icon, filelocation, iconlocation, title, description, keywords, width, height, category, status, filetype, dateadded, added_by)
VALUES
('". $file_name ."', '". $image_name ."', '1', '1', '". nohtml($_POST['title']) ."', '". nohtml($_POST['description']) ."', '". nohtml($_POST['title']) ."', ". (int) $file_size[0] .", ". (int) $file_size[1] .", ". $_POST['category'] .", 0, '". nohtml($_POST['file_type']) ."', ". $u_time.", ". $session->info['id'] .")");
blank_page($lang['submit_content'], $lang['file_been_submitted']);
} else {
// variables for from
$txt['file']['title'] = nohtml(stripslashes($_POST['title']));
$txt['file']['description'] = nohtml(stripslashes($_POST['description']));
}
}
// Get categories selection
$categories_query = mysql_query("SELECT catid, name FROM ". $tbl_prefix ."categories WHERE status = '1'". ($session->info['status'] == '1' ?'':' && permissions = \'1\'') ." ORDER BY catorder, name");
$txt['categories'] = '<select name="category">';
while ($categories_row = mysql_fetch_assoc($categories_query))
$txt['categories'] .= '<option value="'. $categories_row['catid'] .'">'. $categories_row['name'] .'</option>';
$txt['categories'] .= '</select>';
// file type selection
$txt['file_types'] = '<select name="file_type">';
if ($file_type_directory = opendir('includes/file_type/')) {
while ($file_type = readdir($file_type_directory)) {
if ($file_type != '.' && $file_type != '..' && $file_type != 'index.html') {
$file_type = str_replace('.php', '', $file_type);
$txt['file_types'] .= '<option value="'. $file_type .'">'. $file_type .'</option>';
}
}
closedir($file_type_directory);
}
$txt['file_types'] .= '</select>';
// Valid file types
$txt['valid_files'] = str_replace('|', ', ', $settings['submit_valid_file']);
$txt['valid_images'] = str_replace('|', ', ', $settings['submit_valid_image']);
$page_title = $lang['submit_content'];
load_template('submit', 1); // Load template
?>