Skip to content

Instantly share code, notes, and snippets.

@kriwil

kriwil/submit.php

Last active August 29, 2015 14:07
Show Gist options
  • Save kriwil/3b2a378f945877419f94 to your computer and use it in GitHub Desktop.
Save kriwil/3b2a378f945877419f94 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
submit.php
<?php
include("inc/include.php");
$points_upload = intval($config['points_upload']);
$SID = intval($_SESSION['USERID']);
$SVERIFIED = intval($_SESSION['VERIFIED']);
if ($SID != "" && $SID >= 0 && is_numeric($SID) && ($SVERIFIED > 0))
{
$ctime = 24 * 60 * 60;
$utime = time() - $ctime;
$query = "select count(*) as total from posts WHERE USERID='".mysql_real_escape_string($SID)."' AND time_added>='$utime'";
$executequery = $dbconn->execute($query);
$myuploads = $executequery->fields['total'];
$quota = $config['quota'];
if($myuploads >= $quota)
{
$error = $errors['39'];
$template = "empty.tpl";
}
else
{
$template = "submit.tpl";
$queryc = "SELECT * FROM channels";
$executequeryc = $dbconn->execute($queryc);
$c = $executequeryc->getarray();
STemplate::assign('c',$c);
$request_txt_array = array('url','submit_sec','title','CID','tags','source','nsfw');
foreach($request_txt_array as $request_value)
{
if(isset($_REQUEST[$request_value])){$$request_value = cleanit($_REQUEST[$request_value]);}else{$$request_value = '';}
}
if($url != "")
{
if($submit_sec == "1")
{
if((strstr($url, 'youtube.com/watch?v=')) || (strstr($url, 'funnyordie.com/videos/')) || (strstr($url, 'facebook.com/photo.php')) || (strstr($url, 'videofy.me/')) || (strstr($url, 'vimeo.com/')) || (strstr($url, 'vine.co/')))
{
if($config['vupload'] == 1)
{
if($title == "")
{
$error = $errors['40'];
}
if(!isset($error))
{
if(strstr($url, 'youtube.com/watch?v='))
{
$youtube_url = $url;
$position = strpos($youtube_url, 'watch?v=')+8;
$remove_length = strlen($youtube_url)-$position;
$video_id = substr($youtube_url, -$remove_length, 11);
$addme = ", youtube_key='".mysql_real_escape_string($video_id)."'";
$media_url = "http://img.youtube.com/vi/".$video_id."/0.jpg";
}
elseif(strstr($url, 'funnyordie.com/videos/'))
{
$fod_url = $url;
$position = strpos($fod_url, 'funnyordie.com/videos/')+22;
$remove_length = strlen($fod_url)-$position;
$video_id = substr($fod_url, -$remove_length, 10);
$addme = ", fod_key='".mysql_real_escape_string($video_id)."'";
$media_url = "http://www.funnyordie.com/media/".$video_id."/thumbnail/large.jpg";
}
elseif(strstr($url, 'videofy.me/'))
{
$vfy_url = $url;
$position = strpos($vfy_url, 'videofy.me/')+11;
$remove_length = strlen($vfy_url)-$position;
$video_id = substr($vfy_url, -$remove_length);
$position2 = strpos($video_id, '/')+1;
$remove_length2 = strlen($video_id)-$position2;
$video_id2 = substr($video_id, -$remove_length2);
$addme = ", vfy_key='".mysql_real_escape_string($video_id2)."'";
$media_url = og_thumbnail($url);
}
elseif(strstr($url, 'vimeo.com/'))
{
$vmo_url = $url;
$position = strpos($vmo_url, 'vimeo.com/')+10;
$remove_length = strlen($vmo_url)-$position;
$video_id = substr($vmo_url, -$remove_length);
$addme = ", vmo_key='".mysql_real_escape_string($video_id)."'";
$media_url = og_thumbnail($url);
}
elseif(strstr($url, 'vine.co/'))
{
$vine_url = $url;
$position = strpos($vine_url, 'vine.co/v/')+10;
$remove_length = strlen($vine_url)-$position;
$video_id = substr($vine_url, -$remove_length, 11);
$addme = ", vine_key='".mysql_real_escape_string($video_id)."'";
$vine['vine_thumbnail'] = $video_id;
$media_url = insert_get_vine_thumbnail($vine);
}
elseif(strstr($url, 'facebook.com/'))
{
$fbv_url = $url;
$parts = parse_url($fbv_url);
parse_str($parts['query'], $query);
$video_id = $query['v'];
$addme = ", fbv_key='".mysql_real_escape_string($video_id)."'";
$media_url = "https://graph.facebook.com/".$video_id."/picture";
}
$approve_stories = $config['approve_stories'];
if($approve_stories == "1"){$active = "0";}
else{$active = "1";}
$query="INSERT INTO posts SET USERID='".mysql_real_escape_string($SID)."', story='".mysql_real_escape_string($title)."', tags='".mysql_real_escape_string($tags)."', source='".mysql_real_escape_string($source)."', CID='".mysql_real_escape_string($CID)."', nsfw='".mysql_real_escape_string($nsfw)."', url='".mysql_real_escape_string($url)."', favclicks='1', time_added='".time()."', date_added='".date("Y-m-d")."', active='$active', pip='".$_SERVER['REMOTE_ADDR']."' $addme";
$result=$dbconn->execute($query);
$pid = mysql_insert_id();
if(isset($media_url))
{
$randomname = generateCode(5).time();
$uploadedimage = $config['basedir'].'/temp/'.$randomname.'-temp.jpg';
if(download_photo($media_url, $uploadedimage))
{
$theimageinfo = getimagesize($uploadedimage);
if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
{
$error = $errors['43'];
unlink($uploadedimage);
}
else
{
$thepp = $pid;
if($theimageinfo[2] == 1){$thepp .= ".gif";}
elseif($theimageinfo[2] == 2){$thepp .= ".jpg";}
elseif($theimageinfo[2] == 3){$thepp .= ".png";}
$myvideoimgnew=$config['posts_dir']."/o/".$thepp;
if(file_exists($myvideoimgnew))
{
unlink($myvideoimgnew);
}
copy($uploadedimage , $myvideoimgnew);
do_resize_image($myvideoimgnew, "700", "0", true, $config['posts_dir']."/t/l-".$thepp);
do_resize_image($myvideoimgnew, "300", "0", true, $config['posts_dir']."/t/s-".$thepp);
unlink($uploadedimage);
}
}
$query = "UPDATE posts SET mediafile='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'";
$dbconn->execute($query);
}
$query="INSERT INTO posts_favorited SET PID='".mysql_real_escape_string($pid)."', USERID='".mysql_real_escape_string($SID)."'";
$dbconn->execute($query);
$query = "UPDATE users SET points=points+$points_upload, posts=posts+1, likes_sent=likes_sent+1, likes_received=likes_received+1 WHERE USERID='".mysql_real_escape_string($SID)."'";
$executequery=$dbconn->execute($query);
if(intval($CID) > 0)
{
$query = "UPDATE channels SET channel_posts=channel_posts+1 WHERE CID='".mysql_real_escape_string($CID)."'";
$executequery=$dbconn->execute($query);
}
if($config['SEO'] == 1){header("Location:".$config['baseurl'].$config['postfolder'].$pid."/".makeseo($title).".html?new=1");exit;}
else{header("Location:".$config['baseurl'].$config['postfolder'].$pid."/?new=1");exit;}
}
}
else
{
$error = $errors['41'];
}
}
else
{
if($title == "")
{
$error = $errors['40'];
}
if(!isset($error))
{
$pos = strrpos($url,".");
$ph = strtolower(substr($url,$pos+1,strlen($url)-$pos));
if($ph == "jpg" || $ph == "jpeg" || $ph == "png" || $ph == "gif")
{
$randomname = generateCode(5).time();
$uploadedimage = $config['basedir'].'/temp/'.$randomname.'-temp.'.$ph;
if(!download_photo($url, $uploadedimage))
{
$error = $errors['42'];
}
else
{
$theimageinfo = getimagesize($uploadedimage);
if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
{
$error = $errors['43'];
unlink($uploadedimage);
}
else
{
$approve_stories = $config['approve_stories'];
if($approve_stories == "1"){$active = "0";}
else{$active = "1";}
$query="INSERT INTO posts SET USERID='".mysql_real_escape_string($SID)."', story='".mysql_real_escape_string($title)."', tags='".mysql_real_escape_string($tags)."', source='".mysql_real_escape_string($source)."', CID='".mysql_real_escape_string($CID)."', nsfw='".mysql_real_escape_string($nsfw)."', url='".mysql_real_escape_string($url)."', time_added='".time()."', date_added='".date("Y-m-d")."', active='$active', pip='".$_SERVER['REMOTE_ADDR']."'";
$result=$dbconn->execute($query);
$pid = mysql_insert_id();
if($uploadedimage != "")
{
$thepp = $pid;
if($theimageinfo[2] == 1)
{
$thepp .= ".gif";
$thepp2 = ".gif";
}
elseif($theimageinfo[2] == 2)
{
$thepp .= ".jpg";
$thepp2 = ".jpg";
}
elseif($theimageinfo[2] == 3)
{
$thepp .= ".png";
$thepp2 = ".png";
}
if(!isset($error))
{
$myvideoimgnew=$config['posts_dir']."/o/".$thepp;
if(file_exists($myvideoimgnew))
{
unlink($myvideoimgnew);
}
copy($uploadedimage , $myvideoimgnew);
if($thepp2 != ".gif")
{
$mediafile = $thepp;
do_resize_image($myvideoimgnew, "700", "0", true, $config['posts_dir']."/t/l-".$thepp);
do_resize_image($myvideoimgnew, "500", "0", true, $config['posts_dir']."/t/".$thepp);
do_resize_image($myvideoimgnew, "300", "0", true, $config['posts_dir']."/t/s-".$thepp);
}
else
{
$mediafile = $thepp.".jpg";
imagick_gif_resize($myvideoimgnew, "700", "0", true, $config['posts_dir']."/t/l-".$thepp, $config['posts_dir']."/t/z-".$thepp);
do_resize_image($config['posts_dir']."/t/l-".$thepp, "700", "0", true, $config['posts_dir']."/t/l-".$thepp.".jpg");
imagick_gif_resize($myvideoimgnew, "500", "0", true, $config['posts_dir']."/t/".$thepp, $config['posts_dir']."/t/z-".$thepp);
do_resize_image($config['posts_dir']."/t/".$thepp, "500", "0", true, $config['posts_dir']."/t/".$thepp.".jpg");
imagick_gif_resize($myvideoimgnew, "300", "0", true, $config['posts_dir']."/t/s-".$thepp, $config['posts_dir']."/t/z-".$thepp);
do_resize_image($config['posts_dir']."/t/".$thepp, "300", "0", true, $config['posts_dir']."/t/s-".$thepp.".jpg");
}
if(file_exists($config['posts_dir']."/o/".$thepp))
{
if($thepp2 == ".png")
{
$img=imagecreatefrompng($config['posts_dir']."/t/l-".$thepp);
$img2=imagecreatefrompng($config['posts_dir']."/t/".$thepp);
}
elseif($thepp2 == ".jpg")
{
$img=imagecreatefromjpeg($config['posts_dir']."/t/l-".$thepp);
$img2=imagecreatefromjpeg($config['posts_dir']."/t/".$thepp);
}
elseif($thepp2 == ".gif")
{
$img=imagecreatefromgif($config['posts_dir']."/t/l-".$thepp);
$img2=imagecreatefromgif($config['posts_dir']."/t/".$thepp);
}
else{$wm_skip = "1";}
else{$wm_skip = "1";}
if(!isset($wm_skip))
{
if($config['twm'] == "1")
{
create_text_watermark($img,$pid,$thepp,$thepp2,1);
create_text_watermark($img2,$pid,$thepp,$thepp2,0);
}
elseif($config['lwm'] == "1")
{
create_logo_watermark($img,$thepp,1);
create_logo_watermark($img2,$thepp,0);
}
}
$query = "UPDATE posts SET pic='$thepp', mediafile='$mediafile', favclicks='1' WHERE PID='".mysql_real_escape_string($pid)."'";
$dbconn->execute($query);
$query="INSERT INTO posts_favorited SET PID='".mysql_real_escape_string($pid)."', USERID='".mysql_real_escape_string($SID)."'";
$dbconn->execute($query);
$query = "UPDATE users SET points=points+$points_upload, posts=posts+1, likes_sent=likes_sent+1, likes_received=likes_received+1 WHERE USERID='".mysql_real_escape_string($SID)."'";
$executequery=$dbconn->execute($query);
if(intval($CID) > 0)
{
$query = "UPDATE channels SET channel_posts=channel_posts+1 WHERE CID='".mysql_real_escape_string($CID)."'";
$executequery=$dbconn->execute($query);
}
unlink($uploadedimage);
if($config['SEO'] == 1){header("Location:".$config['baseurl'].$config['postfolder'].$pid."/".makeseo($title).".html?new=1");exit;}
else{header("Location:".$config['baseurl'].$config['postfolder'].$pid."/?new=1");exit;}
}
}
}
}
}
}
else
{
$error = $errors['44'];
}
}
}
}
STemplate::assign('url_selected',1);
}
else
{
if($submit_sec == "1")
{
if(isset($_FILES['image']['tmp_name'])){$uploadedimage = $_FILES['image']['tmp_name'];}else{$uploadedimage = "";}
if($uploadedimage == "")
{
$error = $errors['45'];
}
else
{
$theimageinfo = getimagesize($uploadedimage);
if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
{
$error = $errors['43'];
}
else
{
if($title == "")
{
$error = $errors['40'];
}
else
{
$approve_stories = $config['approve_stories'];
if($approve_stories == "1"){$active = "0";}
else{$active = "1";}
$query="INSERT INTO posts SET USERID='".mysql_real_escape_string($SID)."', story='".mysql_real_escape_string($title)."', tags='".mysql_real_escape_string($tags)."', source='".mysql_real_escape_string($source)."', CID='".mysql_real_escape_string($CID)."', nsfw='".mysql_real_escape_string($nsfw)."', time_added='".time()."', date_added='".date("Y-m-d")."', active='$active', pip='".$_SERVER['REMOTE_ADDR']."'";
$result=$dbconn->execute($query);
$pid = mysql_insert_id();
if($uploadedimage != "")
{
$thepp = $pid;
if($theimageinfo[2] == 1)
{
$thepp .= ".gif";
$thepp2 = ".gif";
}
elseif($theimageinfo[2] == 2)
{
$thepp .= ".jpg";
$thepp2 = ".jpg";
}
elseif($theimageinfo[2] == 3)
{
$thepp .= ".png";
$thepp2 = ".png";
}
if(!isset($error))
{
$myvideoimgnew=$config['posts_dir']."/o/".$thepp;
if(file_exists($myvideoimgnew))
{
unlink($myvideoimgnew);
}
$myconvertimg = $_FILES['image']['tmp_name'];
move_uploaded_file($myconvertimg, $myvideoimgnew);
if($thepp2 != ".gif")
{
$mediafile = $thepp;
do_resize_image($myvideoimgnew, "700", "0", true, $config['posts_dir']."/t/l-".$thepp);
do_resize_image($myvideoimgnew, "500", "0", true, $config['posts_dir']."/t/".$thepp);
do_resize_image($myvideoimgnew, "300", "0", true, $config['posts_dir']."/t/s-".$thepp);
}
else
{
$mediafile = $thepp.".jpg";
imagick_gif_resize($myvideoimgnew, "700", "0", true, $config['posts_dir']."/t/l-".$thepp, $config['posts_dir']."/t/z-".$thepp);
do_resize_image($myvideoimgnew, "700", "0", true, $config['posts_dir']."/t/l-".$thepp.".jpg");
imagick_gif_resize($myvideoimgnew, "500", "0", true, $config['posts_dir']."/t/".$thepp, $config['posts_dir']."/t/z-".$thepp);
do_resize_image($myvideoimgnew, "500", "0", true, $config['posts_dir']."/t/".$thepp.".jpg");
imagick_gif_resize($myvideoimgnew, "300", "0", true, $config['posts_dir']."/t/s-".$thepp, $config['posts_dir']."/t/z-".$thepp);
do_resize_image($myvideoimgnew, "300", "0", true, $config['posts_dir']."/t/s-".$thepp.".jpg");
}
if(file_exists($config['posts_dir']."/o/".$thepp))
{
if($thepp2 == ".png")
{
$img=imagecreatefrompng($config['posts_dir']."/t/l-".$thepp);
$img2=imagecreatefrompng($config['posts_dir']."/t/".$thepp);
}
elseif($thepp2 == ".jpg")
{
$img=imagecreatefromjpeg($config['posts_dir']."/t/l-".$thepp);
$img2=imagecreatefromjpeg($config['posts_dir']."/t/".$thepp);
}
else{$wm_skip = "1";}
if(!isset($wm_skip))
{
if($config['twm'] == "1")
{
create_text_watermark($img,$pid,$thepp,$thepp2,1);
create_text_watermark($img2,$pid,$thepp,$thepp2,0);
}
elseif($config['lwm'] == "1")
{
create_logo_watermark($img,$thepp,1);
create_logo_watermark($img2,$thepp,0);
}
}
$query = "UPDATE posts SET pic='$thepp', mediafile='$mediafile', favclicks='1' WHERE PID='".mysql_real_escape_string($pid)."'";
$dbconn->execute($query);
$query="INSERT INTO posts_favorited SET PID='".mysql_real_escape_string($pid)."', USERID='".mysql_real_escape_string($SID)."'";
$dbconn->execute($query);
$query = "UPDATE users SET points=points+$points_upload, posts=posts+1, likes_sent=likes_sent+1, likes_received=likes_received+1 WHERE USERID='".mysql_real_escape_string($SID)."'";
$executequery=$dbconn->execute($query);
if(intval($CID) > 0)
{
$query = "UPDATE channels SET channel_posts=channel_posts+1 WHERE CID='".mysql_real_escape_string($CID)."'";
$executequery=$dbconn->execute($query);
}
if($config['SEO'] == 1){header("Location:".$config['baseurl'].$config['postfolder'].$pid."/".makeseo($title).".html?new=1");exit;}
else{header("Location:".$config['baseurl'].$config['postfolder'].$pid."/?new=1");exit;}
}
}
}
}
}
}
}
}
}
}
elseif ($SID != "" && $SID >= 0 && is_numeric($SID))
{
$error = $errors['49'];
$template = 'empty.tpl';
}
else
{
header("Location:".$config['baseurl']."/login");exit;
}
if ($config['channels'] == 1)
{
$cats = loadallchannels();
STemplate::assign('allchannels',$cats);
}
$_SESSION['location'] = "/submit";
//TEMPLATES BEGIN
STemplate::assign('menu',6);
STemplate::assign('nosectionnav',1);
STemplate::assign('norightside',1);
STemplate::assign('footerlinks',1);
if(isset($error)){STemplate::assign('error',$error);}
STemplate::display('header.tpl');
STemplate::display($template);
STemplate::display('footer.tpl');
//TEMPLATES END
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment