This repository has been archived by the owner on Feb 8, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathadd_post.php
116 lines (104 loc) · 4.45 KB
/
add_post.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
session_start();
include('exec/dbconnect.php');
include('exec/check_user.php');
include 'reseample.php';
$usercheckq = 'SELECT id, ban, closedwall FROM `users` WHERE id = :id'; // выбираем нашего
$usercheck = $dbh1->prepare($usercheckq); // отправляем запрос серверу
$usercheck->bindValue(':id', $_SESSION['userwall']);
$usercheck -> execute();
$userc = $usercheck->fetch();
if ($userc['ban'] == '1' || $userc['closedwall'] == '1') {
if ($userc['id'] != $_SESSION['id']) {
exit("user is banned or wall is closed");
}
}elseif (empty($userc['id'])){
exit("user is not exists");
}else{
if($_SESSION['loginin'] == '1'){
if($_POST['text'] == NULL){
echo '<meta charset="utf-8">Проверьте, вы вообще что-то писали на поле?<meta http-equiv="refresh" content="3;id'.$_SESSION['userwall'].'">';
exit();
}
$_POST['text'] = htmlentities($_POST['text'],ENT_QUOTES);
$_POST['text'] = str_replace(array("\r\n", "\r", "\n"), '<br>', $_POST['text']);
$_POST['text'] = preg_replace("~(http|https|ftp|ftps)://(.*?)(\s|\n|[,.?!](\s|\n)|$)~", '<a href="$1://$2">$1://$2</a>$3', $_POST['text']);
include('exec/dbconnect.php');
$path = 'content/img-post/';
if (!@copy($_FILES['upimg']['tmp_name'], $path . $_FILES['upimg']['name'])){
$timep = time();
$dbh1->query("INSERT INTO `wall` (`id`, `iduser`, `idwall`, `text`, `date`) VALUES (NULL, '{$_SESSION['id']}', '{$_SESSION['userwall']}', '{$_POST['text']}', '$timep')"); // выбираем нашего
/*$q1 = $dbh1->prepare($q); // отправляем запрос серверу
$q1 -> execute();
$q1->bindValue(':id', $_SESSION['id']);
$q1->bindValue(':wall', $_SESSION['userwall']);
$q1->bindValue(':text', $_POST['text']);
$q1->bindValue(':timep', $timep);
$q1->fetch();*/
header('Location: id'.$_SESSION['userwall']);
exit();
}else{
if(strpos($_FILES['upimg']['name'],'.jpg') || strpos($_FILES['upimg']['name'],'.png') || strpos($_FILES['upimg']['name'],'.jpeg') || strpos($_FILES['upimg']['name'],'.gif')){
$timep = time();
$rand = rand("1000000000","9999999999");
$path = 'content/img-post/';
if(file_exists($path.$rand.".jpg")){
$rand = rand("1000000000","9999999999");
}
imagejpeg(
imagecreatefromstring(
file_get_contents($path . $_FILES['upimg']['name'])
),
$filename = $path.$rand.".jpg"
);
$filename_333 = $path.$rand."_333.jpg";
$filename_150 = $path.$rand."_150.jpg";
reseample($filename, $filename_333, 333, 500);
reseample($filename, $filename_150, 150, 800);
$timephoto = time();
unlink($path . $_FILES['upimg']['name']);
$qoq = "INSERT INTO `photo` (`id`, `image`, `image_333`, `image_150`, `aid`, `date`, `album`) VALUES (NULL, :image, :image_333, :image_150, :aid,:dateup,:album)";// выбираем нашего
$qoqa = $dbh1->prepare($qoq); // отправляем запрос серверу
$qoqa->bindValue(':image', $filename);
$qoqa->bindValue(':image_333', $filename_333);
$qoqa->bindValue(':image_150', $filename_150);
$qoqa->bindValue(':aid', $_SESSION['id']);
$qoqa->bindValue(':dateup', $timephoto);
$qoqa->bindValue(':album', '-1');
$qoqa -> execute();
$qoqa->fetch();
$qoqcheck = 'SELECT id FROM `photo` WHERE image = :image AND aid = :aid'; // выбираем нашего
$qoqac = $dbh1->prepare($qoqcheck); // отправляем запрос серверу
$qoqac->bindValue(':image', $filename);
$qoqac->bindValue(':aid', $_SESSION['id']);
$qoqac -> execute();
$qoqacc = $qoqac->fetch();
$tt = time();
$photo__ = $qoqacc['id'];
$q = "INSERT INTO `wall` (`id`, `iduser`, `idwall`, `text`, `date`, `image`) VALUES (NULL, :id, :wall, :text, :time, :image)"; // выбираем нашего
$q1 = $dbh1->prepare($q); // отправляем запрос серверу
$q1->bindValue(':id', $_SESSION['id']);
$q1->bindValue(':wall', $_SESSION['userwall']);
$q1->bindValue(':text', $_POST['text']);
$q1->bindValue(':time', time());
$q1->bindValue(':image', $photo__);
if ($q1->execute()) {
echo 'Hi!';
$q1->fetch();
} else {
echo 'error! check logs.';
}
unlink($path . $_FILES['upimg']['name']);
header('Location: id'.$_SESSION['userwall']);
}else{
echo '<meta charset="utf-8">выберите картинку, а не что-то другое.';
unlink($path . $_FILES['upimg']['name']);
exit();
}
}
}else if($_SESSION['loginin'] != '1'){
echo '<meta charset="utf-8">Хакеры? Интересно.<meta http-equiv="refresh" content="3;blank/..">';
exit();
}
}
?>