jokerhacker
Active Member
which variable contain that image id in your upload script?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
IMG iFrame code with redirect
- Thread starter roadrunner
- Start date
- Status
- Not open for further replies.
roadrunner
Active Member
This is my upload.php im unsure what variable im looking for
PHP:
<?php
require_once('./inc/config.php');
if($settings['SET_DIS_UPLOAD'] && !checklogin()){
header('Location: index.php');
exit();
}
// set time out timer to 10mins
ini_set("max_execution_time", "600");
ini_set("max_input_time", "600");
//unset session
unset($_SESSION['upload']);
unset($_SESSION['err']);
////////////////////////////////////////////////////////////////////////////////////
// UPLOAD CODE START
// see if user is banned
if (db_isBanned()){
sendError($LANGUAGE_PACK["site_upload_banned"]);
}
// see if a image url has been posted
if((isset($_POST['imgUrl']) && !empty($_POST['imgUrl'])) || isset($imgApiUrl)){
$image['URL'] = input(isset($_POST['imgUrl'])?$_POST['imgUrl']:$imgApiUrl);
require_once("lib/remoteImage.class.php");
$remoteImage = new remoteImages($DIR_TEMP,$settings,$LANGUAGE_PACK);
$remoteImage->validExtensions = $imgFormats;
$remoteImage->validType = $acceptedFormats;
$remoteImage->minDimensions = $IMG_MIN_SIZE;
$remoteImage->maxDimensions = $IMG_MAX_SIZE;
if($remoteImage->getImage($image['URL'])){
//check that a file has been found and copyed to the temp dir
if(!is_null($remoteImage->file)){
$_FILES = $remoteImage->file;
}
}else{
sendError($remoteImage->error);
}
}
if( ($_SERVER['REQUEST_METHOD'] == 'POST' ||
isset($api)) &&
$_FILES['file']['name'][0] !='' &&
!isset($_SESSION['err'])){
require_once("./lib/resize.class.php");
require_once("./lib/phpDupeImage.php");
$imgCount = 0;
for($i=0; $i < count($_FILES['file']['name']);++$i){
// setup image var
$pieces = explode("?", $_FILES['file']['name'][$i]);
$pathInfo = pathinfo($_FILES['file']['name'][$i]);
$imgSize = @getimagesize($_FILES['file']['tmp_name'][$i]);
$image['name'] = $pieces[0];
$image['alt'] = removeSymbols(input(!empty($_POST["alt"][$i])?$_POST["alt"][$i]:$pathInfo['filename']));
$image['temp'] = $_FILES['file']['tmp_name'][$i];
$image['type'] = $imgSize['mime'];
$image['size'] = ($_FILES['file']['size'][$i] < 1?@filesize($file_tmp_name):$_FILES['file']['size'][$i]);
$removeList[] = $image['temp'];
//check it's a image & set image extension
if(!$image['ext'] = get_extension( $image['type'], false )){
sendError(sprintf($LANGUAGE_PACK["site_upload_types_accepted"],implode(", ",$imgFormats)),'extension');
continue;
}
//min size(pixels)
if ($imgSize[0] < $IMG_MIN_SIZE || $imgSize[1] < $IMG_MIN_SIZE ){
sendError(sprintf($LANGUAGE_PACK["site_upload_to_small"],$IMG_MIN_SIZE.'x'.$IMG_MIN_SIZE),'tosmall');
continue;
}
// max size(pixels)
if ($imgSize[0] > $IMG_MAX_SIZE || $imgSize[1] > $IMG_MAX_SIZE ){
sendError(sprintf($LANGUAGE_PACK["site_upload_to_big"],$IMG_MAX_SIZE.'x'.$IMG_MAX_SIZE));
continue;
}
//Check file size (kb)
if($image['size'] > $settings['SET_MAXSIZE']){
sendError(sprintf($LANGUAGE_PACK["site_upload_size_accepted"],format_size($settings['SET_MAXSIZE'])),'tobig');
continue;
}
//Make Image fingerprint
$finger = new phpDupeImage();
$fingerprint = $finger->fingerprint($image['temp']);
//check for Duplicate Images
if($settings['SET_NODUPLICATE']){
// If similar files exist, check them
if($fp=findImage('fingerprint',$fingerprint)){
foreach($fp as $fpItem){
if ($finger->are_duplicates($image['temp'],imageAddress(1,$fpItem))){
$dupFound = true;
break;
}
}
if(isset($dupFound)){
sendError($LANGUAGE_PACK["upload_duplicate_found"],'duplicate');
continue;
}
}
}
//New random name
//Number of Possible Combinations
// 3 digit code 46656
// 4 digit code 1679616
// 5 digit code 60466176
$image['id'] = createHash(4,true);
//random delete ID
$image['did'] = $image['id'].createHash(6);
//Image address
$image['new'] = $image['id'].'.'.$image['ext'];
$image['address'] = $DIR_IMAGE.$image['new'];
// convert BMP to JPG and PSD to PNG
if(in_array($image['ext'],array('psd','bmp'))){
//Reset Image address
$image['ext'] = ($image['ext'] == 'psd'?$PNG_SAVE_EXT:$JPG_SAVE_EXT);
$image['new'] = $image['id'].'.'.$image['ext'];
$image['address'] = $DIR_IMAGE.$image['new'];
// convert psd/bmp to png
$convert = new resize($image['temp']);
$convert->imageConvert($image['address'],($image['ext'] == 'psd'?$PNG_QUALITY:$JPG_QUALITY));
$convert->destroyImage();
}
//move image from remote server
elseif(isset($image['URL']) && input($image['URL']) != ''){
@copy($image['temp'],$image['address']);
}
//move uploaded image
else{
move_uploaded_file($image['temp'],$image['address']);
}
// move file check
if(!file_exists($image['address'])){
sendError($LANGUAGE_PACK["site_upload_err"].' .','filemove');
continue;
}
//Resize image if needed
if ($settings['SET_RESIZE_IMG_ON']) {
if((isset($_POST['new_width'][$i]) && !empty($_POST['new_width'][$i])) ||
(isset($_POST['new_height'][$i]) && !empty($_POST['new_height'][$i]))){
$new_dim = new resize($image['address']);
$new_dim -> stretchSmallImages(TRUE);
if(!empty($_POST['new_width'][$i]) && !empty($_POST['new_height'][$i])){
$new_dim -> resizeImage($_POST['new_width'][$i], $_POST['new_height'][$i], 'exact');
}
elseif(!empty($_POST['new_width'][$i]) && empty($_POST['new_height'][$i])){
$new_dim -> resizeImage($_POST['new_width'][$i], $imgSize[0], 'landscape');
}
elseif(empty($_POST['new_width'][$i]) && !empty($_POST['new_height'][$i])){
$new_dim -> resizeImage($imgSize[1], $_POST['new_height'][$i], 'portrait');
}
$new_dim -> saveImage($image['address'],100);
$new_dim -> destroyImage();
$imgSize = @getimagesize($image['address']);// update image size for db
}
}
//Thumb address
$THUMB_ADDRESS = $DIR_THUMB.$image['new'];
$THUMB_MID_ADDRESS = $DIR_THUMB_MID.$image['new'];
// thumb
$resize = new resize($image['address']);
$resize ->setMemoryLimit ($IMG_MEMORY_LIMIT);
$resize ->setTweakFactor ($IMG_TWEAK_FACTOR);
// make thumb
$resize -> resizeImage($THUMB_MID_MAX_WIDTH, $THUMB_MID_MAX_HEIGHT, $THUMB_MID_OPTION);
$resize -> saveImage($THUMB_MID_ADDRESS, ($image['ext'] == 'png'?$PNG_QUALITY:$JPG_QUALITY));
// make small thumb
$resize -> resizeImage($THUMB_MAX_WIDTH, $THUMB_MAX_HEIGHT, $THUMB_OPTION);
$resize -> saveImage($THUMB_ADDRESS, ($image['ext'] == 'png'?$PNG_QUALITY:$JPG_QUALITY));
$resize -> destroyImage();
//see if thumb's got made
if(!file_exists($THUMB_ADDRESS) || !file_exists($THUMB_MID_ADDRESS)){
@unlink($image['address']);
@unlink($THUMB_ADDRESS);
@unlink($THUMB_MID_ADDRESS);
sendError($LANGUAGE_PACK["site_upload_err"].' ..','thumbmade');
continue;
}
// see if we need to get a short url for the image
if (isset($_POST['shorturl'][$i]) && $_POST['shorturl'][$i] == 1 && $settings['SET_SHORT_URL_ON']){
$shorturl = shorturl_url('http://'.$_SERVER['HTTP_HOST'].preg_replace('/\/([^\/]+?)$/', '/', $_SERVER['PHP_SELF']).'?di='.$image['id']);
}
// get thumb's file size
$image['size'] = @filesize($image['address']);
$thumbsize = @filesize($THUMB_MID_ADDRESS);
$sthumbsize = @filesize($THUMB_ADDRESS);
// Make image info array to save to db
$newImageArray = array( 'id' => $image['id'],
'name' => $image['name'],
'alt' => $image['alt'],
'added' => time(),
'ext' => $image['ext'],
'ip' => $_SERVER['REMOTE_ADDR'],
'size' => $image['size'],
'deleteid' => $image['did'],
'thumbsize' => $thumbsize,
'sthumbsize'=> $sthumbsize,
'private' => (isset($_POST['private'][$i])?1:0),
'report' => 0,
'shorturl' => (!isset($shorturl)?null:$shorturl),
'fingerprint' =>$fingerprint,
);
//save new image to database
if(addNewImage($newImageArray)){
// save image to upload array to be sent to thumb page
$_SESSION['upload'][] = array('id' => $image['id'],'did' => $image['did']);
// count images uploaded
$imgCount++;
if($imgCount >= $settings['SET_MAX_UPLOAD'] && !checklogin()){
break; // break upload loop as you have updated max number of images in one go...
}
}else{
sendError($LANGUAGE_PACK["site_index_delete_image_err_db"],'savedb');
continue;
}
}// end image upload loop
}
// error uploading image
elseif(!isset($_SESSION['err'])){
sendError($LANGUAGE_PACK["site_upload_err"].' ...','uk');
}
// remove temp images
if(isset($removeList)){
foreach ($removeList as $tempImg){
// remove old file
if(file_exists($tempImg)){
unlink($tempImg);
}
}
}
// UPLOAD CODE END
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
// MAKE PAGE
// error send back to home page and show the error
if(!isset($_SESSION['upload'])){
header('Location: '. $settings['SET_SITEURL'].'/index.php');
exit();
}
// open thumb page and show upload images
header('Location: '. $settings['SET_SITEURL'].'/thumbnail.php');
die();
// MAKE PAGE END
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
// functions
// send error back to index page
function sendError($msg,$id=''){
$_SESSION['err'][$id] = $msg;
}
// get file ext from mine
function get_extension($imagetype, $includeDot = false){
global $acceptedFormats;
if(empty($imagetype)) return false;
$dot = $includeDot ? '.' : '';
if(isset($acceptedFormats[$imagetype])){
return $dot.$acceptedFormats[$imagetype];
}
return false;
}
// very simple hash function to generate a random string
function createHash($length=5,$check=null){
$valid = 0;
$hash = '';
while(!$valid){
for($i=0;$i<$length;++$i){
// if you want to add letters you will have to change the id to varchar instead of int
$possibleValues = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
// pick a random character from the possible ones
$hash .= substr($possibleValues, mt_rand(0, strlen($possibleValues)-1), 1);
}
// checks if the hash allready exists in the db
if(is_null($check) || !getImage($hash)){
$valid = 1;
}
}
return $hash;
}roadrunner
Active Member
Having had another look at it, when you upload an image it displays the output code/s using thumbnail.php which is here:
PHP:
<?php
// THUMB PAGE
require_once('./inc/config.php');
// find image id
if(isset($_GET['pt'])||isset($_GET['pm'])){
unset($_SESSION['upload']);
$_SESSION['upload'][0]['id'] = isset($_GET['pt'])?$_GET['pt']:$_GET['pm'];
}
// if no image found and no upload array found send user back to index page
elseif(!isset($_SESSION['upload'])){
header('Location: index.php');
exit();
}
// check for errors coming from other pages
if(isset($_SESSION['err'])){
$Err = $_SESSION['err'];
unset($_SESSION['err']);
}
// check what thumb to show!
$showImage = isset($_GET['pt'])?1:0;
// count number of thumb's on page
$countThumb = 0;
// image loop
foreach($_SESSION['upload'] as $k=>$uploadimage){
if(isset($uploadimage['id'])){
$img_id =$uploadimage['id'];
}
if(isset($uploadimage['did'])){
$delete_id =$uploadimage['did'];
}
unset($_SESSION['upload'][$k]);
if(isset($img_id) && preg_replace("/[^0-9A-Za-z]/","",$img_id) == $img_id){
//see if image exists
if ($image = getImage($img_id)){
// hold thumbnail page html
if(!isset($thumbHtml))$thumbHtml = '';
//only count image if not on upload page
if(!isset($delete_id))countSave($image,4);
// Thumbnail page variables
$thumb_link = imageAddress(3,$image,'pt');
$thumb_url = imageAddress(3,$image,'dt');
$thumb_mid_link = imageAddress(2,$image,'pm');
$thumb_mid_url = imageAddress(2,$image,'dm');
$imgurl = imageAddress(1,$image,'di');
$alt = $image['alt'];
$shorturl = $image['shorturl'];
$bookmarking = bookmarking(($shorturl ==null?$thumb_mid_link:$shorturl),$alt);
$thumb_show = $showImage?$thumb_url:$thumb_mid_url;
// make image links
$links[$countThumb] = array(
'thumb_bbcode' => imageLinkCode('bbcode',$thumb_url,$thumb_link),
'thumb_html' => imageLinkCode('html',$thumb_url,$thumb_link,$alt),
'thumb_mid_bbcode' => imageLinkCode('bbcode',$thumb_mid_url,$thumb_mid_link),
'thumb_mid_html' => imageLinkCode('html',$thumb_mid_url,$thumb_mid_link,$alt),
'image_bbcode' => imageLinkCode('bbcode',$imgurl),
'image_direct' => $imgurl,
'delete_url' => (isset($delete_id)?$settings['SET_SITEURL'].'/?d='.$delete_id:'')
);
// comments layout
$layout = ' full';
$thumbHtml .= '<div class="img_ad_box">';
// AdSense
$ad_added = 0;
if($settings['SET_GOOGLE_ADS'] !=''){
if(!isset($countThumb) || $countThumb < 2){
$thumbHtml .= '<div class="thumb_Ad">'.$thumb_AdSense.'</div>';
$ad_added = 1;
}
}
//image box
$thumbHtml .= '<div class="img_box'.($ad_added?' left':'').'"><a href="'.$imgurl.'" title="'.$alt.'" id="fancybox" ><img src="'.$thumb_show.'" alt="'.$alt.'" /><br/><span>'.$alt.'</span></a></div>
<div style="clear: both;"></div>
</div>';
//image links
$thumbHtml .= '<div id="links" class="boxpanel'.$layout.'">
<h2 class="boxtitle">'.$LANGUAGE_PACK["site_index_hide_link"].'</h2>
<div class="code_box"><label id="toplabel">'.$LANGUAGE_PACK["site_index_social_networks"].':</label>'.$bookmarking.'</div>';
// Short URL
if ($shorturl != null && !empty($shorturl)) $thumbHtml .= '
<div class="code_box"><label for="shorturl">'.$LANGUAGE_PACK["site_index_short_url_link"].':</label> <input type="text" id="codehtml" value="'.$shorturl.'" onclick="javascript:this.focus();this.select();" readonly="true" class="text_input long" /></div>';
// Image Links
$thumbHtml .= '
<h3>'.$LANGUAGE_PACK["site_index_small_thumbnail_link"].'</h3>
<div class="code_box"><label for="codelbb">'.$LANGUAGE_PACK["site_index_bbcode"].':</label> <input type="text" id="codelbb" value="'.$links[$countThumb]['thumb_bbcode'].'" onclick="javascript:this.focus();this.select();" readonly="true" class="text_input long" /></div>
<div class="code_box"><label for="codehtml"><a href="'.$thumb_link.'" title="'.$alt.'" >'.$LANGUAGE_PACK["site_index_html_code"].'</a> :</label> <input type="text" id="codehtml" value="'.$links[$countThumb]['thumb_html'].'" onclick="javascript:this.focus();this.select();" readonly="true" class="text_input long" /></div>
<h3>'.$LANGUAGE_PACK["site_index_thumbnail_link"].'</h3>
<div class="code_box"><label for="codelbb">'.$LANGUAGE_PACK["site_index_bbcode"].':</label> <input type="text" id="codelbb" value="'.$links[$countThumb]['thumb_mid_bbcode'].'" onclick="javascript:this.focus();this.select();" readonly="true" class="text_input long" /></div>
<div class="code_box"><label for="codehtml"><a href="'.$thumb_mid_link.'" title="'.$alt.'" >'.$LANGUAGE_PACK["site_index_html_code"].'</a> :</label> <input type="text" id="codehtml" value="'.$links[$countThumb]['thumb_mid_html'].'" onclick="javascript:this.focus();this.select();" readonly="true" class="text_input long" /></div>
<h3>'.$LANGUAGE_PACK["site_index_image_link"].'</h3>
<div class="code_box"><label for="codebb">'.$LANGUAGE_PACK["site_index_bbcode"].':</label> <input type="text" id="codebb" value="'.$links[$countThumb]['image_bbcode'].'" onclick="javascript:this.focus();this.select();" readonly="true" class="text_input long" /></div>
<div class="code_box"><label for="codedirect">'.$LANGUAGE_PACK["site_index_direct_link"].'</label> <input type="text" id="codedirect" value="'.$links[$countThumb]['image_direct'].'" onclick="javascript:this.focus();this.select();" readonly="true" class="text_input long" /></div>';
if(isset($delete_id)){
$thumbHtml .= '
<h3>Delete Image</h3>
<div class="code_box"><label for="deletecode">'.$LANGUAGE_PACK["site_index_delete_url"].':</label> <input type="text" id="deletecode" value="'.$links[$countThumb]['delete_url'].'" onclick="javascript:this.focus();this.select();" readonly="true" class="text_input long" /></div>
<p class="teaser">'.$LANGUAGE_PACK["site_index_delete_url_des"].'</p>';
}
$thumbHtml .= '</div>';
$thumbHtml .= '<div style="clear: both;"></div>';
}else{
$Err['thumbs_page'] = $LANGUAGE_PACK["site_index_thumbs_page_err"];
}
}
}// end uploaded loop
// unset upload array
unset($_SESSION['upload']);
////////////////////////////////////////////////////////////////////////////////////
// MAKE PAGE
// error send back to home page and show the error
if(!isset($thumbHtml)){
unset($_GET);
$_GET['err'] = '404';
include('index.php');
exit();
}
// set any header hooks
$header_hook = '<link rel="stylesheet" type="text/css" href="'.$settings['SET_SITEURL'].'/lightbox/jquery.fancybox-1.3.4.css" media="screen" />'."\n\r";
$header_hook .= '
<script type= "text/javascript">
var homeUrl = "'.$settings['SET_SITEURL'].'";
</script>'."\n\r";
// set any footer hooks
$footer_hook =' <script type="text/javascript" src="'.$settings['SET_SITEURL'].'/lightbox/jquery.fancybox-1.3.4.pack.js"></script>
<script type="text/javascript">$(document).ready(function(){$("a#fancybox").fancybox({\'titlePosition\' : \'inside\', \'type\' : \'image\'});});</script>'."\n\r";
// set thumb page
$menu = 'thumb';
// set page title
$page_title = ' - '.(isset($alt)?$alt:' No Image Found');
// load header
include './header.php';
// check for any notes
success_note($Suc);
// check for any errors
error_note($Err);
echo '<div id="msg"></div>';
// print Thumbnail page
echo $thumbHtml;
if(isset($settings['SET_IMAGE_WIDGIT']) && $settings['SET_IMAGE_WIDGIT']){
ImageWidget($ROW_RANDIMG);
}
include './footer.php';
exit;jokerhacker
Active Member
i can help you on teamviewer if you want, it's being complicated here xD (more code to read)
roadrunner
Active Member
Ok PM sent
Thanks
Thanks
- Status
- Not open for further replies.