submitnews.php | searchcode

/submitnews.php

https://github.com/CasperGemini/e107
PHP | 235 lines | 191 code | 33 blank | 11 comment | 40 complexity | 150eb32755d47508fa08074ee0fbbd91 MD5 | raw file
Possible License(s): GPL-2.0

<?php
/*
 * e107 website system
 *
 * Copyright (C) 2008-2013 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 */

 
if(!empty($_POST) && !isset($_POST['e-token']))
{
	// set e-token so it can be processed by class2
	$_POST['e-token'] = '';
} 
require_once("class2.php");
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_'.e_PAGE);

require_once(HEADERF);

if (!isset($pref['subnews_class']))
{
	$pref['subnews_class'] = e_UC_MEMBER;
}

if (!check_class($pref['subnews_class']))
{
	$ns->tablerender(NWSLAN_12, NWSLAN_11);
	require_once(FOOTERF);
	exit;
}

if (isset($_POST['submitnews_submit']) && $_POST['submitnews_title'] && $_POST['submitnews_item'])
{
	$ip = e107::getIPHandler()->getIP(FALSE);
	$fp = new floodprotect;
	if ($fp->flood("submitnews", "submitnews_datestamp") == FALSE)
	{
		header("location:".e_BASE."index.php");
		exit;
	}

	$submitnews_user  = (USER ? USERNAME  : trim($tp->toDB($_POST['submitnews_name'])));
	$submitnews_email = (USER ? USEREMAIL : trim(check_email($tp->toDB($_POST['submitnews_email']))));
	$submitnews_title = $tp->toDB($_POST['submitnews_title']);
	$submitnews_item  = $tp->toDB($_POST['submitnews_item']);
	$submitnews_item  = str_replace("src=&quot;e107_images", "src=&quot;".SITEURL."e107_images", $submitnews_item);
	$submitnews_file  = "";
	$submitnews_error = FALSE;
	if (!$submitnews_user || !$submitnews_email)
	{
		$message = SUBNEWSLAN_7;
		$submitnews_error = TRUE;
	}

	// ==== Process File Upload ====
	if (FILE_UPLOADS && $_FILES['file_userfile'] && varsettrue($pref['subnews_attach']) && varsettrue($pref['upload_enabled']) && check_class($pref['upload_class']))
	{
		require_once(e_HANDLER.'upload_handler.php');
		$uploaded = process_uploaded_files(e_UPLOAD, FALSE, array('file_mask' => 'jpg,gif,png', 'max_file_count' => 1));
	
		if (($uploaded === FALSE) || !is_array($uploaded))
		{	// Non-specific error
			$submitnews_error = TRUE;
			$message = SUBNEWSLAN_8;
		}
		else
		{
			$submitnews_filearray = array();
			
			foreach($uploaded as $c=>$v)
			{
				if (varset($uploaded[$c]['error'],0) != 0)
				{
					$submitnews_error = TRUE;
					$message = handle_upload_messages($uploaded);
				}
				else
				{
					if (isset($uploaded[$c]['name']) && isset($uploaded[$c]['type']) && isset($uploaded[$c]['size']))
					{
						$filename = $uploaded[$c]['name'];
						$filetype = $uploaded[$c]['type'];
						$filesize = $uploaded[$c]['size'];
						$fileext  = substr(strrchr($filename, "."), 1);
						$today = getdate();
						$submitnews_file = USERID."_".$today[0]."_".$c."_".str_replace(" ", "_", substr($submitnews_title, 0, 6)).".".$fileext;
								
						if (is_numeric($pref['subnews_resize']) && ($pref['subnews_resize'] > 30)  && ($pref['subnews_resize'] < 5000))
						{
							require_once(e_HANDLER.'resize_handler.php');
					
							if (!resize_image(e_UPLOAD.$filename, e_UPLOAD.$submitnews_file, $pref['subnews_resize']))
							{
							  rename(e_UPLOAD.$filename, e_UPLOAD.$submitnews_file);
							}
						}
						elseif ($filename)
						{
							rename(e_UPLOAD.$filename, e_UPLOAD.$submitnews_file);
						}
					}
				}
	
				if ($filename && file_exists(e_UPLOAD.$submitnews_file))
				{
					$submitnews_filearray[] = $submitnews_file;	
				}
				
			}
		}
		
	}

	if ($submitnews_error === FALSE)
	{
		$sql->insert("submitnews", "0, '$submitnews_user', '$submitnews_email', '$submitnews_title', '".intval($_POST['cat_id'])."', '$submitnews_item', '".time()."', '$ip', '0', '".implode(',',$submitnews_filearray)."' ");
		
		$edata_sn = array("user" => $submitnews_user, "email" => $submitnews_email, "itemtitle" => $submitnews_title, "catid" => intval($_POST['cat_id']), "item" => $submitnews_item, "image" => $submitnews_file, "ip" => $ip);
		$e_event->trigger("subnews", $edata_sn);
		
		$mes = e107::getMessage();
		$mes->addSuccess(LAN_134);
		echo $mes->render();
		
		// $ns->tablerender(LAN_133, "<div style='text-align:center'>".LAN_134."</div>");
		require_once(FOOTERF);
		exit;
	}
	else
	{
		message_handler("P_ALERT", $message);
	}
}

if (!defined("USER_WIDTH")) { define("USER_WIDTH","width:95%"); }

$text = "
<div style='text-align:center'>
  <form id='dataform' method='post' action='".e_SELF."' enctype='multipart/form-data' onsubmit='return frmVerify()'>
    <table class='table fborder'>";

if (!empty($pref['news_subheader']))
{
	  $text .= "
	  <tr>
	    <td colspan='2' class='forumheader3'>".$tp->toHTML($pref['news_subheader'], TRUE, "TITLE")."<br /></td>
	  </tr>";
}

if (!USER)
{
	  $text .= "
	  <tr>
	    <td style='width:20%' class='forumheader3'>".LAN_7."</td>
	    <td style='width:80%' class='forumheader3'>
	      <input class='tbox' type='text' name='submitnews_name' size='60' value='".$tp->toHTML($submitnews_user,FALSE,'USER_TITLE')."' maxlength='100' required />
	    </td>
	  </tr>
	  <tr>
	    <td style='width:20%' class='forumheader3'>".LAN_112."</td>
	    <td style='width:80%' class='forumheader3'>
	      <input class='tbox' type='text' name='submitnews_email' size='60' value='".$tp->toHTML($submitnews_email, FALSE, 'LINKTEXT')."' maxlength='100' required />
	    </td>
	  </tr>";
}

$text .= "
<tr>
  <td style='width:20%' class='forumheader3'>".NWSLAN_6.": </td>
	<td style='width:80%' class='forumheader3'>";

if (!$sql->db_Select("news_category"))
{
	$text .= NWSLAN_10;
}
else
{
	$text .= "
		<select name='cat_id' class='tbox'>";
	while (list($cat_id, $cat_name, $cat_icon) = $sql->db_Fetch(MYSQL_NUM))
	{
		$sel = (varset($_POST['cat_id'],'') == $cat_id) ? "selected='selected'" : "";
		$text .= "<option value='{$cat_id}' {$sel}>".$tp->toHTML($cat_name, FALSE, "defs")."</option>";
	}
	$text .= "</select>";
}

$text .= "
  </td>
</tr>
<tr>
  <td style='width:20%' class='forumheader3'>".LAN_62."</td>
	<td style='width:80%' class='forumheader3'>
    <input class='tbox' type='text' id='submitnews_title' name='submitnews_title' size='60' value='".$tp->toHTML(vartrue($_POST['submitnews_title']),TRUE,'USER_TITLE')."' maxlength='200' style='width:90%' required />
	</td>
</tr>
<tr>
  	<td style='width:20%' class='forumheader3'>".LAN_135."</td>
	<td style='width:80%' class='forumheader3'>
		".e107::getForm()->bbarea('submitnews_item', $tp->toForm(vartrue($_POST['submitnews_item'])),null, null, 'large', 'required=1')."
	</td>
</tr>
";

if ($pref['subnews_attach'] && $pref['upload_enabled'] && check_class($pref['upload_class']) && FILE_UPLOADS)
{
  $text .= "
  <tr>
    <td style='width:20%' class='forumheader3'>".SUBNEWSLAN_5."<br /><span class='smalltext'>".SUBNEWSLAN_6."</span></td>
    <td style='width:80%' class='forumheader3'>
      <input class='tbox' type='file' name='file_userfile[]' style='width:90%' multiple='multiple' />
    </td>
  </tr>";
}

$text .= "
      <tr>
        <td colspan='2' style='text-align:center' class='forumheader'>
          <input class='btn btn-success button' type='submit' name='submitnews_submit' value='".LAN_136."' />
           <input type='hidden' name='e-token' value='".e_TOKEN."' />
        </td>
      </tr>
    </table>
  </form>
</div>";

$ns->tablerender(LAN_136, $text);

require_once(FOOTERF);



?>