File: /var/www/html/tmpr/../tmpr/..//tmpr/../tmpr/../v/uploadParameters.php
<?php
include("../includes/limittext.php");
include('../Connections/videoondemand.php');
require("../DbSql.inc.php");
require("../NewsSql.inc.php");
require("../const.inc.php");
$db = new NewsSQL($DBName);
/*error_reporting(0);*/
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
$_GET = filter($_GET);
$_POST = filter($_POST);
function validateData($data)
{
$resultData = htmlspecialchars(stripslashes(trim($data)));
return $resultData;
}
if (!empty($_POST['actionModal'])){
global $link;
$action =$_POST['actionModal'];
if($action == "signin")
{
$pwd = $_POST['login-password'];
$email = validateData($_POST['login-email']);
$email = mysqli_real_escape_string($link,$email);
$md5pass = md5($pwd);
$stmt2 = "SELECT `catalogid`,`catalogname`,`approved`,`admin`,`slug` FROM users WHERE `pwd` = '$md5pass' AND user_email='$email' AND `banned` = '0'";
$query = mysqli_query($link,$stmt2) or die(mysqli_error());
$result = mysqli_fetch_array($query);
if (!empty($result['catalogid']))
{
session_start();
// this sets variables in the session
$theid = $result['catalogid'];
$_SESSION['euserid']= $theid;
$_SESSION['admini']= $theid;
$_SESSION['uid']= $theid;
$_SESSION['admini']= $theid;
setcookie("mid", $_SESSION['euserid'], time()+60*60*24*60, "/");
exit("1");
}
else
{
exit("0");
}
}
if($action == "registration")
{
$name = validateData($_POST['name']);
$registerpasswd = validateData($_POST['registerpasswd']);
$email = validateData($_POST['email']);
$registerpasswd = validateData($_POST['registerpasswd']);
$confirmpasswd = validateData($_POST['confirmpasswd']);
$user_ip = $_SERVER['REMOTE_ADDR'];
$md5pass = md5($registerpasswd);
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$activ_code = rand(1000,9999);
//check email
$sql ="select count(*) as total from users where user_email='$email'";
$rs_duplicate2 = mysqli_query($link,$sql);
list($total) = mysqli_fetch_row($rs_duplicate2);
if ($total > 0)
{
echo "The email already exists. Please try again or log in with the account $email ";
exit();
}
//check username
$part = explode('@',$email);
$part = $part[0];
$username= preg_replace('/[^a-zA-Z0-9]/', '', $part);
$sql ="select count(*) as total from users where user_name='$username'";
$rs_duplicate2 = mysqli_query($link,$sql);
list($total) = mysqli_fetch_row($rs_duplicate2);
if ($total > 0)
{
$username= $username.$activ_code;
}
$usernameX = $username;
$NOW = date("Y-m-d H:i:s");
$NOW2 = time();
$datetime = strftime("%Y-%m-%d %H:%M:%S", time());
$user_ip = $_SERVER['REMOTE_ADDR'];
$new_date = strtotime('+4 weeks', strtotime($expiry_datetime));
$thePermission =9;
$thePermission ='{"0":"facebook_enable","1":"facebook\/post","2":"instagram_enable","3":"instagram\/post","4":"twitter_enable","5":"twitter\/post","6":"google_drive","7":"dropbox","8":"photo_type","9":"video_type","max_storage_size":1000,"max_file_size":10,"watermark":"watermark","image_editor":"image_editor"}';
$ids = mt_rand().mt_rand();
$fullname = $name;
$date = $datetime;
$level_expiry = "1";
$users_ip = $user_ip;
$email = $email;
$timezone = $timezone;
$package = 9;
$permission = $thePermission;
$activation_code = $activ_code;
$activation_key =$ids;
$reset_key = $ids;
$expiration_date = date("Y-m-d", strtotime("+1 month"));
$expiry_datetime = date("Y-m-d H:i:s", strtotime("+1 month"));
$date = date("Y-m-d");
$status = 1;
$last_login = $NOW;
$changed = $NOW;
$randValue = $ids;
$login_type= "quickbrand";
$password = md5($password);
$created = $NOW;
/*$catalogid= "$randValue" ;*/
$user_email=$email;
$catalogname= $fullname;
$pwd= $md5pass;
$status= "1";
$admin= "member";
$approved= "1";
$banned= "0";
$timezone = "Africa/Nairobi";
$thePermission = mysqli_real_escape_string($link,$thePermission);
$ids = mysqli_real_escape_string($link,$ids);
$$fullname = mysqli_real_escape_string($link,$fullname);
$date = mysqli_real_escape_string($link,$date);
$level_expiry = mysqli_real_escape_string($link,$level_expiry);
$users_ip = mysqli_real_escape_string($link,$users_ip);
$email = mysqli_real_escape_string($link,$email);
$timezone = mysqli_real_escape_string($link,$timezone);
$package = mysqli_real_escape_string($link,$package);
$permission = mysqli_real_escape_string($link,$permission);
$activation_code = mysqli_real_escape_string($link,$activation_code);
$activation_key = mysqli_real_escape_string($link,$activation_key);
$reset_key = mysqli_real_escape_string($link,$reset_key);
$expiration_date = mysqli_real_escape_string($link,$expiration_date);
$expiry_datetime = mysqli_real_escape_string($link,$expiry_datetime);
$status = mysqli_real_escape_string($link,$status);
$last_login = mysqli_real_escape_string($link,$last_login);
$changed = mysqli_real_escape_string($link,$changed);
$login_type = mysqli_real_escape_string($link,$login_type);
$created = mysqli_real_escape_string($link,$created);
$user_email = mysqli_real_escape_string($link,$user_email);
$catalogname = mysqli_real_escape_string($link,$catalogname);
$timezone = mysqli_real_escape_string($link,$timezone);
$theid = $db->addUser($fullname,$ids,0,0,$fullname,$level_expiry,$users_ip,$email,$email,$timezone,$package,$permission,$activation_code,$activation_key,$reset_key,$expiration_date,$expiry_datetime,$status,$last_login,$changed,$login_type,$md5pass,$md5pass,$admin,$approved,$banned,$usernameX,$date);
if(!empty($theid))
{
session_start();
// this sets variables in the session
$_SESSION['euserid']= $theid;
$_SESSION['admini']= $theid;
$_SESSION['uid']= $theid;
$_SESSION['admini']= $theid;
setcookie("mid", $_SESSION['euserid'], time()+60*60*24*60, "/");
exit("1");
}
else{ exit("0");}
}
}
/*if ($_GET['actionModal'] == 'registration') {
echo $first_name = validateData($_POST['firstName']);
$email_id = validateData($_POST['emailId']);
$passwd = validateData($_POST['passwd']);
$confirm_passwd = validateData($_POST['confirmpasswd']);
$user_ip = $_SERVER['REMOTE_ADDR'];
$md5pass = md5($_POST['pwd']);
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
exit();
}
*/
if(!empty($_GET['exportBatchMyData'])) {
$count = $_GET["countRecords"];
$count = 100;
$batchNumber = $_GET["batchNumber"];
$who = $_GET["who"];
$view = $db->base64url_decode($_GET["view"]);
$msg_id = $db->base64url_decode($_GET["msg_id"]);
$who=$_GET["who"];
$campaign = $db->base64url_decode($_GET["campaign"]);
for($i = 1 ; $i < $count; $i++){
$checkMyDataOutput = $db->checkMyDataOutput($i,$campaign,$who);
/*$resultMe[0]["user_name"];*/
if(empty($checkMyDataOutput))
{
$url = "http://localhost/thebrand/brandX.php?mydata=yes&mydataID=$campaign&mydataRecord=$i&count=$count&AppNo=254722407698&theme_id=$msg_id&catalogid5=$who&me=$who&context=*machine&execute=yes&AppNo=254722407698&mag=yes&gratitude=posted&filter=mood&output=1&nani=$who";
$ch = curl_init();
// Return Page contents.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//grab URL and pass it to the variable.
curl_setopt($ch, CURLOPT_URL, $url);
$url = curl_exec($ch);
/* $url = addslashes("[$url]");*/
/*print_r( $characters = json_decode($url,true)); */
$json = curl_exec($ch);
curl_close($c);
/* $c = curl_init($url); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $page = curl_exec($c); curl_close($c); */
sleep(1);
}
}
exit("Completed Designing $count records");
}
if(!empty($_GET['addFontPair'])) {
$who = $_GET["who"];
$title = $_GET["title"];
$id = $_GET["id"];
$added = $db->addFontPair($who,$id,$title);
}
if(!empty($_GET['addBrandColor'])) {
$who = $_GET["who"];
$title = "";
$id = $_GET["id"];
$added = $db->addBrandColor($who,$id,$title);
}
if(!empty($_GET['addMyBrandColor'])) {
$catalogid = $_GET["catalogid"];
$body = $_GET["body"];
$tagline = $_GET["tagline"];
$background = $_GET["background"];
$title = $_GET["title"];
$added = $db->addMyBrandColor($catalogid,$body,$tagline,$background,$title);
}
if(!empty($_GET['addMyInterest'])) {
$who = $_GET["who"];
$title = $_GET["title"];
$interest = $_GET["id"];
$added = $db->checkAddedInterest($who,$interest,$title);
}
if(!empty($_GET['addThemeTags'])) {
$who = $_GET["who"];
$title = $_GET["title"];
$interest = $_GET["id"];
$added = $db->checkAddedTag($who,$interest,$title);
}
if(!empty($_GET['addEmotion'])) {
$who = $_GET["who"];
$title = $_GET["title"];
$interest = $_GET["id"];
$added = $db->checkAddedEmotion($who,$interest,$title);
}
if(!empty($_GET['clearEmotion'])) {
$who = $_GET["who"];
$added = $db->clearEmotion($who);
}
if(!empty($_GET['clearInterest'])) {
$who = $_GET["who"];
$added = $db->clearInterest($who);
}
if(!empty($_GET['clearTags'])) {
$who = $_GET["who"];
$added = $db->clearTags($who);
}
if(!empty($_GET['saveBrand'])) {
$catalogid = $_GET["catalogidBrand"];
$detailsBrand=$_POST["details"];
$catalogidBrand=$_POST["catalogidBrand"];
$nameBrand=$_POST["name"];
$websiteBrand=$_POST["website"];
$phoneBrand=$_POST["phone"];
$emailBrand=$_POST["email"];
$typeBrand=$_POST["type"];
$creatorBrand=$_POST["creator"];
$countryBrand=$_POST["country"];
$teamBrand=$_POST["team"];
$sloganBrand=$_POST["slogan"];
$interestsBrand=$_POST["interests"];
$fbBrand=$_POST["fb"];
$twBrand=$_POST["tw"];
$ytBrand=$_POST["yt"];
$liBrand=$_POST["li"];
$fontBrand=$_POST["font"];
$colorBrand=$_POST["colors"];
$logoBrand=$_POST["logo"];
$bioBrand=$_POST["bio2"];
$graphicBrand=$_POST["graphic"];
$db->addBrandDetails($catalogidBrand,$nameBrand,$websiteBrand,$phoneBrand,$emailBrand,$typeBrand,$creatorBrand,$countryBrand,$teamBrand,$sloganBrand,$interestsBrand,$fbBrand,$twBrand,$ytBrand,$liBrand ,$fontBrand,$colorBrand,$logoBrand,$bioBrand,$graphicBrand,$detailsBrand);
echo "Success";
}
if(!empty($_GET['bindData'])) {
$mytheme = $_GET['mytheme'];
$column = $_GET['c']+1;
$newsid = $_GET['newsid'];
$catalogid = $_GET['catalogid'];
for($i=0;$i<$column;$i++)
{
if($_GET["column".$i] != "None") {
$db->campaigndata($newsid,"column".$i,$catalogid,$_GET["column".$i],$cat);
}
}
}
if(!empty($_GET['shareTheme'])) {
$db->addDuplicateLayer($name,$layertype,$who,$newthemeid,$graphic_order,$params,$layers,$settings,$position,$layerw,$layerh,$layerx,$layery,$layerr,$layeropacity,$layerflipv,$layerfliph,$layerbg,$text,$font,$type,$adddate);
}
if(!empty($_GET['duplicateTheme'])) {
$themeid = $_GET["themeid"];
$catalogid = $_GET["catalogid"];
$who = $_GET["who"];
if(!empty($_GET['getRealID']))
{
$user_name ="user_name";
$title = $db->userDetails($user_name,$who).rand(11,99);
}
$resultX = $db->getTemplateDetails($catalogid,$themeid);
$title = $resultX[0]["title"];
$originalthemeid = $resultX[0]["id"];
$originalTitle = $resultX[0]["title"];
$catalogid= $resultX[0]["catalogid"] ;
$title= $resultX[0]["title"]."copy".rand(11,999) ;
$picture= $resultX[0]["picture"] ;
$poster= $resultX[0]["poster"] ;
$alias= $resultX[0]["alias"] ;
$alias= strtolower($title);
$settings= addslashes($resultX[0]["settings"]);
$params= addslashes($resultX[0]["params"]) ;
$params =str_replace("$originalTitle","$title",$params);
$newalias = strtolower($title);
$oldalias = strtolower($resultX[0]["title"]);
$params =str_replace("$oldalias","$newalias",$params);
$viewnum= $resultX[0]["viewnum"] ;
$adddate= $resultX[0]["adddate"] ;
$ratenum= $resultX[0]["ratenum"] ;
$isdisplay= $resultX[0]["isdisplay"] ;
$description= $resultX[0]["description"] ;
$fx= $resultX[0]["fx"] ;
$appno= $resultX[0]["appno"] ;
$ip= $resultX[0]["ip"] ;
$keywords= $resultX[0]["keywords"] ;
$slug= $resultX[0]["slug"] ;
$overlay= $resultX[0]["overlay"];
$def= $resultX[0]["def"] ;
$x= $resultX[0]["x"] ;
$y= $resultX[0]["y"] ;
$type= $resultX[0]["type"] ;
$public= $resultX[0]["public"] ;
$affiliate= $resultX[0]["affiliate"] ;
$yanani= $resultX[0]["yanani"] ;
$category= $resultX[0]["category"] ;
$w= $resultX[0]["w"] ;
$h= $resultX[0]["h"] ;
$date = time().".jpg";
$newpic ="uploads/gthumbs/$date";
$pic ="uploads/gthumbs/$picture";
if ( file_exists($pic) ) {
copy($pic,$newpic);
} else {
echo "no secondary images";
}
copy($pic,$newpic);
$finalnewpic = basename($newpic);
$date2 = time().".jpg";
$newposter ="uploads/gallery/$date2";
$pos ="uploads/gallery/$poster";
if ( file_exists($pos) ) {
copy($pos,$newposter);
} else {
echo "no secondary images";
}
$finalnewposter = basename($newposter);
$sql_insert = "INSERT INTO `profilepicture` (`catalogid`, `title`, `picture`, `poster`, `alias`, `settings`, `params`, `viewnum`, `adddate`, `ratenum`, `isdisplay`, `description`, `fx`, `appno`, `ip`, `keywords`, `slug`, `overlay`, `def`, `x`, `y`, `type`, `public`, `affiliate`, `yanani`, `category`, `w`, `h`) VALUES
('$who', '$title', '$finalnewpic', '$finalnewposter', '$alias', '$settings', '$params', '$viewnum', '$adddate', '$ratenum', '$isdisplay', '$description', '$fx', '$appno', '$ip', '$keywords', '$slug', '$overlay', '0', '$x', '$y', '$type', '0', '$originalthemeid', '$yanani', '$category', '$w', '$h')";
mysqli_query($link,$sql_insert) or die("Insertion Failed:" . mysqli_error());
$newthemeid = mysqli_insert_id($link);
$db->def($newthemeid);
$myLayers = $db->getmylayersduplicate($themeid,$catalogid);
while ( list($key,$val)=each($myLayers) ) {
$id = $val["id"];
$name = $val["name"];
$layertype = $val["layertype"];
$catalogid = $val["catalogid"];
$themeid = $val["themeid"];
$graphic_order = $val["graphic_order"];
$params = $val["params"];
$params= addslashes($params) ;
$layers = $val["layers"];
$layers= addslashes($layers) ;
$settings = $val["settings"];
$settings= addslashes($settings) ;
$position = $val["position"];
$layerw = $val["layerw"];
$layerh = $val["layerh"];
$layerx = $val["layerx"];
$layery = $val["layery"];
$layerr = $val["layerr"];
$layeropacity = $val["layeropacity"];
$layerflipv = $val["layerflipv"];
$layerfliph = $val["layerfliph"];
$layerbg = $val["layerbg"];
$text = $val["text"];
$font = $val["font"];
$type = $val["type"];
$adddate = $val["adddate"];
$db->addDuplicateLayer($name,$layertype,$who,$newthemeid,$graphic_order,$params,$layers,$settings,$position,$layerw,$layerh,$layerx,$layery,$layerr,$layeropacity,$layerflipv,$layerfliph,$layerbg,$text,$font,$type,$adddate);
}
if(!empty($_GET['getRealID']))
{
$copyimage= basename($copyimage);
$parameters ="&theme_id=$newthemeid&pic=$copyimage&mag=yes&x=0&y=0&gratitude=posted&context=How%20Are%20You%20Feeling%20Today&filter=mood&cl=machine&overlay=0&saveThemePoster=1&nani=$who&default=yes&msg_id=$newthemeid";
exit($parameters);
}
if(!empty($_GET['getParams']))
{
$copyimage= basename($copyimage);
$parameters ="brandX.php?mag=yes&theme_id=$newthemeid&x=0&y=0&pic=$copyimage&gratitude=posted&context=How%20Are%20You%20Feeling%20Today&filter=mood&cl=machine&overlay=0&saveThemePoster=1&display=1&nani=$who&default=yes&msg_id=$newthemeid";
exit($parameters);
}
if(!empty($_GET['getPoster']))
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$server/brandX.php?theme_id=$newthemeid&pic=$copyimage&mag=yes&x=0&y=0&gratitude=posted&context=How%20Are%20You%20Feeling%20Today&filter=mood&cl=machine&overlay=0&saveThemePoster=1&nani=$who&default=yes&msg_id=$newthemeid");
curl_exec($ch);exit("Successfully Added Default Theme");
}
echo $db->base64url_encode($newthemeid);
}
if(!empty($_GET['mytitleX'])) {
/* include('../Connections/json.php');*/
$fileID = $_GET["fileID"];
$mytitle = $_GET["mytitleX"];
$fileMe = $_GET["fileMe"];
$areas = $_GET["areas"];
$areas = rtrim("$areas", ',');
$categories = '';
$cats = explode(",",$areas);
$cats2 = explode(",",$areas);
foreach($cats2 as $cat2)
{
$cat2 = trim($cat2);
/*$categories .= "<category>" . $cat . "</category>\n";*/
$part2 = explode(':',$cat2);
$ID = $part2[0];
$x = $part2[1];
$y = $part2[2];
$width = $part2[3];
$height = $part2[4];
$letter = $part2[5];
$categories2 .= "{
x: $x,
y: $y,
width: $width,
height: $height
},";
}
$categories2 = "[".$categories2."]";
$categories2 =str_replace("},]","}]",$categories2);
$categories2 = trim(preg_replace('/\s+/', ' ', $categories2));
$categories2=mysqli_real_escape_string($link,$categories2);
foreach($cats as $cat)
{
$cat = trim($cat);
/*$categories .= "<category>" . $cat . "</category>\n";*/
$part = explode(':',$cat);
$ID = $part[0];
$x = $part[1];
$y = $part[2];
$width = $part[3];
$height = $part[4];
$letter = $part[5];
$categories .= "{
`ID`: `$ID`,
`x`: `$x`,
`y`: `$y`,
`width`: `$width`,
`height`: `$height`,
`letter`: `$letter`
},";
}
$categories = "[".$categories."]";
$categories =str_replace("},]","}]",$categories);
$categories = trim(preg_replace('/\s+/', ' ', $categories));
$categories=mysqli_real_escape_string($link,$categories);
if(1 === preg_match('~[0-9]~', $categories2)){
#has numbers
}else
{
$categories="";$categories2="";
}
$sql = "update 3dfonts set isdisplay='2',title='$mytitle',params='$categories',params2='$categories2',picture='$fileMe' WHERE id='$fileID'";
$query = mysqli_query($link,"$sql") or die(mysqli_error());
}
if(!empty($_GET['migrateTheme'])) {
/* include('../Connections/json.php');*/
$themeid = $_GET["themeid"];
$catalogid = $_GET["catalogid"];
$who = $_GET["who"];
$pic = $_GET["pic"];
$myTheme = $db->getMyLayerDetails($themeid);
$title = $myTheme[0]["title"];
$alias = $myTheme[0]["title"];
include('json/jsonTheme.php');
/*$themeParams =str_replace("replaceme","$title","$themeParams");
*/
//$themeParams =str_replace("REPLACETITLE","$title","$themeSettings");
/*$myLayers = $db->getmylayersduplicate($themeid,$catalogid);
echo $layer1 = $myLayers[1]["name"];;*/
$db->updateThemeForMigration($themeParams,$alias,$themeid);
}
function checkFontFirst($name)
{
global $link;
$extfile = explode('.',$name);
$name = $extfile[0];
$type = $extfile[1];
$filename = $name;
$titleFont = str_replace("-"," ",$name);
$titleFont = str_replace("_"," ",$titleFont);
$stmt2 ="SELECT fontid FROM `brandfonts` WHERE filename='$filename' and name='$titleFont' and isdisplay='3' and type='$type' order by fontid desc limit 0,10";
$query = mysqli_query($link,$stmt2) or die(mysqli_error());
$result = mysqli_fetch_array($query);
if (empty($result['fontid'])) {
if (empty($type)) { $type= "ttf";}
$stmt = "INSERT INTO `brandfonts` (category,weight,style,name,filename,isdisplay,type) VALUES ('sans-serif','300','normal','$titleFont','$filename','3','$type')";
$query = mysqli_query($link,"$stmt") or die(mysqli_error());
$filename = $name;
}
return $titleFont;
}
function LayerOrderType($brand,$uniqueId,$layer_x,$layer_y,$layer_w,$layer_h,$layeropacity,$layer_r)
{
global $link;
if (strpos($brand, 'route=profilePic') !== false){
include('json/jsonProfile.php');
include('json/code/Profile.php');
}
if (strpos($brand, 'route=theUpdate') !== false) {
include('json/jsonUpdate.php');
include('json/code/Update.php');
}
if (strpos($brand, 'route=thePlain') !== false) {
include('json/jsonPlain.php');
include('json/code/Plain.php');
}
if (strpos($brand, 'route=theUrl') !== false) {
include('json/jsonUrl.php');
include('json/code/Url.php');
}
if (strpos($brand, 'route=theName') !== false) {
include('json/jsonName.php');
include('json/code/Name.php');
}
if (strpos($brand, 'route=theUser') !== false) {
include('json/jsonUser.php');
include('json/code/User.php');
}
if (strpos($brand, 'v/uploads/gthumbs') !== false){
include('json/jsonPic.php');
include('json/code/Gthumbs.php');
}
if (strpos($brand, 'image=/filters/mood/') !== false){
include('json/jsonMood.php');
include('json/code/Mood.php');
}
return $type;
}
if(!empty($_GET['fbConnect'])) {
extract($_POST);
if(isset($_POST['id']) && !empty($_POST['id']))
{
$user_email = mysqli_real_escape_string($link,$email);
$user_name = mysqli_real_escape_string($link,$name);
$user_name = preg_match('/[^A-Za-z0-9-]+/', $user_name);
$first_name = mysqli_real_escape_string($link,$first_name);
$first_name = preg_match('/[^A-Za-z0-9-]+/', $first_name);
$last_name = mysqli_real_escape_string($link,$last_name);
$last_name = preg_match('/[^A-Za-z0-9-]+/', $last_name);
$oauth_id = mysqli_real_escape_string($link,$_POST['id']);
$sql = "SELECT `catalogid`,`catalogname`,`approved`,`admin`,`slug` FROM users WHERE user_email='$user_email' ";
$result = mysqli_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
if ( $num > 0 ) {
list($catalogid,$catalogname,$approved,$admini,$sluga) = mysql_fetch_row($result);
$sql = "SELECT `catalogid`,`catalogname`,`approved`,`admin`,`slug` FROM users WHERE user_email='$user_email' AND oauth_id='$oauth_id' AND `banned` = '0'";
$result = mysqli_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
list($catalogid,$catalogname,$approved,$admini,$sluga) = mysql_fetch_row($result);
session_start();
$_SESSION['euserid']= $catalogid;
$_SESSION['admini']= $admini;
$_SESSION['euserid'] = $catalogid;
$_SESSION['isLogin'] = true;
setcookie("user_id", $_SESSION['euserid'], time()+60*60*24*60, "/");
setcookie("euserid", $_SESSION['euserid'], time()+60*60*24*60, "/");
setcookie("admini", $_SESSION['admini'], time()+60*60*24*60, "/");
setcookie("sluga", $_SESSION['sluga'], time()+60*60*24*60, "/");
setcookie("user_name", $_SESSION['user_name'], time()+60*60*24*60, "/");
}
else {
$user_email = mysqli_real_escape_string($link,$email);
$user_name = mysqli_real_escape_string($link,$name);
$user_name = preg_match('/[^A-Za-z0-9-]+/', $user_name);
$first_name = mysqli_real_escape_string($link,$first_name);
$first_name = preg_match('/[^A-Za-z0-9-]+/', $first_name);
$last_name = mysqli_real_escape_string($link,$last_name);
$last_name = preg_match('/[^A-Za-z0-9-]+/', $last_name);
$oauth_id = mysqli_real_escape_string($link,$_POST['id']);
$slug = preg_replace( '/[«»""!?,.!@£$%^&*{};:()]+/', '', $first_name.$last_name);
$slug = strtolower($slug);
$slug=preg_replace('/[^A-Za-z0-9-]+/', '-', $slug);
$catalogname = "$first_name $last_name";
$user_ip = $_SERVER['REMOTE_ADDR'];
$md5pass = md5($oauth_id);
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$activ_code = rand(1000000,9000000);
$sql = "INSERT into `users` (`catalogname`,`catalogid`,`date`,`users_ip`,`activation_code`,`user_name`,`user_email`,`admin`,`approved`,`slug`)
VALUES ('$catalogname','$activ_code',now(),'$user_ip','$activ_code','$user_name','$user_email','1','1','$slug')";
mysqli_query($sql,$link) ;
}
echo json_encode($_POST);
}
else {
$arr = array('error' => 1);
echo json_encode($arr);
}
}
if(!empty($_GET['getThemeID'])) {
$themeid = $_GET["themeid"];
$themeid = $db->base64url_decode($themeid);
exit($themeid);
}
if(!empty($_POST['params'])) {
// Convert JSON string to Array
$person =stripslashes($_POST['params']);
$person = html_entity_decode($person);
$theLayers = json_decode($person, true);
/* print_r($theLayers); */ // Dump all data of the Array
$theLayers["layers"][0]["src"];
$themeid = $_GET["themeid"];
$flagText = $_GET["flagText"];
$flagName = $_GET["flagName"];
$flagUser =$_GET["flagUser"];
$flagUrl = $_GET["flagUrl"];
$catalogid = $_GET["catalogid"];
$layerbg =$theLayers["background"];
$startag = $_GET["startag"];
$setPadding = $_GET["text_pad"];
$themeid = $db->base64url_decode($themeid);
$position0=$theLayers["layers"][0]["index"];
$position1=$theLayers["layers"][1]["index"];
$position2=$theLayers["layers"][2]["index"];
$position3=$theLayers["layers"][3]["index"];
$position4=$theLayers["layers"][4]["index"];
$position5=$theLayers["layers"][5]["index"];
$position6=$theLayers["layers"][6]["index"];
$position7=$theLayers["layers"][7]["index"];
$position8=$theLayers["layers"][8]["index"];
$position9=$theLayers["layers"][9]["index"];
$position10=$theLayers["layers"][10]["index"];
$myName = urlencode($db->user($catalogid));
$myUserName = urlencode($db->username($catalogid));
$myUrl = urlencode("theband.co.ke/".$db->username($catalogid));
$data = array(array(),array());
include("layers/0.php");
if(!empty($position10))
{
include("layers/10.php");
}
if(!empty($position9))
{
include("layers/9.php");
}
if(!empty($position8))
{
include("layers/8.php");
}
if(!empty($position7))
{
include("layers/7.php");
}
if(!empty($position6))
{
include("layers/6.php");
}
if(!empty($position5))
{
include("layers/5.php");
}
if(!empty($position4))
{
include("layers/4.php");
}
if(!empty($position3))
{
include("layers/3.php");
}
if(!empty($position2))
{
include("layers/2.php");
}
if(!empty($position1))
{
include("layers/1.php");
}
/* if(empty($position5))
{
$db->clearLayer5($catalogid,$themeid);
}
if(empty($position4))
{
$db->clearLayer4($catalogid,$themeid);
}
if(empty($position3))
{
$db->clearLayer3($catalogid,$themeid);
}
if(empty($position2))
{
$db->clearLayer2($catalogid,$themeid);
}
if(empty($position1))
{
$db->clearLayer1($catalogid,$themeid);
} */
$db->updateTheme($catalogid,$themeid,$startag);
/* $fontid="themeid";
$myfont="layerid";
$layerid= $_GET["layerid"];
$fontcatalogid= $_GET["catalogid"];
$themeid= $_GET["themeid"];
$font_Username= $_GET["font_Username"];
$font_Name= $_GET["font_Name"];
$font_Url= $_GET["font_Url"];
$font_Text= $_GET["font_Text"];
$text_w= $_GET["text_w"];
$text_h= $_GET["text_h"];
$text_x= $_GET["text_x"];
$text_y= $_GET["text_y"];
$text_align= $_GET["text_align"];
$text_size= $_GET["text_size"];
$text_color= "#".$_GET["text_color"];
$url_color= $_GET["url_color"];
$name_color= $_GET["name_color"];
$username_color= $_GET["username_color"];
$url_size= $_GET["url_size"];
$name_size= $_GET["name_size"];
$username_size= $_GET["username_size"];
$text_pad= $_GET["text_pad"];
$theText= $_GET["text"];
$theText = htmlentities($theText);
$db->addFont($catalogid5 ,$themeid);*/
echo "Successfully saved theme ".$startag;
}
if ($_GET['default']=="yes") {
$msg_id = $_GET['msg_id'];
$db->def($msg_id);
exit("Theme made default");
}
if(!empty($_GET['messaging']))
{
$realtheme = $_GET['realthemeX'];
$view = $_GET['view'];
$catalogid = $_GET['catalogidX'];
$mytheme = $_GET['mythemeX'];
$newnani = $_GET['newnani'];
$description = $_GET['description'];
$salutation = $_GET['salutation'];
$contextual = $_GET['contextual'];
$type = $_GET['typeX'];
$campaign = $db->addMessaging($catalogid,$view,$description,$newnani);
exit();
}
if(!empty($_GET['deleteMessaging']))
{
$catalogid = $_GET['catalogid'];
$newsid = $_GET['ID'];
$db->deleteMessaging($catalogid,$newsid);
echo "Success: Deleted Message";
}
if(!empty($_GET['campaign']))
{
$realtheme = $_GET['realthemeX'];
$themeid = $_GET['themeidX'];
$catalogid = $_GET['catalogidX'];
$mytheme = $_GET['mythemeX'];
$sort = $_GET['sortX'];
$search = $_GET['searchX'];
$title = $_GET['titleX'];
$hashtag = $_GET['hashtagX'];
$type = $_GET['typeX'];
$hashtag = str_replace('#','',$hashtag);
$title = str_replace('#','',$title);
$campaign = $db->addCampaign($catalogid,$themeid,$mytheme,$title,$hashtag,$type,$sort,$search);
exit();
}
if(!empty($_GET['editcampaign']))
{
$realtheme = $_GET['realthemeX'];
$themeid = $_GET['themeidX'];
$catalogid = $_GET['catalogidX'];
$mytheme = $_GET['mythemeX'];
$view = $_GET['viewX'];
$title = $_GET['titleX'];
$hashtagX = $_GET['hash'];
$type = $_GET['typeX'];
$hashtag = str_replace('#','',$hashtagX);
$campaign = $db->editCampaign($catalogid,$themeid,$mytheme,$title,$hashtag,$type,$view);
exit();
}
if(!empty($_GET['rss']))
{
$realtheme = $_GET['realthemeX'];
$themeid = $_GET['themeidX'];
$catalogid = $_GET['catalogidX'];
$mytheme = $_GET['mythemeX'];
$title = $_GET['titleX'];
$hashtag = $_GET['hashtagX'];
$type = $_GET['typeX'];
$hashtag = str_replace('#','',$hashtag);
$title = str_replace('#','',$title);
//$campaign = $db->addRss($catalogid,$themeid,$mytheme,$title,$hashtag,$type);
$campaign = $db->addRss($catalogid,$themeid,$mytheme,$title,$hashtag,$type);
exit();
}
if(!empty($_GET['editcampaign']))
{
$realtheme = $_GET['realthemeX'];
$themeid = $_GET['themeidX'];
$catalogid = $_GET['catalogidX'];
$mytheme = $_GET['mythemeX'];
$view = $_GET['viewX'];
$title = $_GET['titleX'];
$hashtagX = $_GET['hash'];
$type = $_GET['typeX'];
$hashtag = str_replace('#','',$hashtagX);
$campaign = $db->editCampaign($catalogid,$themeid,$mytheme,$title,$hashtag,$type,$view);
exit();
}
if(!empty($_GET['editMessaging']))
{
$salutation = $_GET['salutation'];
$description = $_GET['description'];
$newsid = $_GET['newsid'];
$themeidX = $_GET['themeid'];
$viewX = $_GET['view'];
$typeX = $_GET['type'];
$contextual = $_GET['contextual'];
$campaign = $db->editMessaging($salutation,$description,$newsid,$themeidX,$viewX,$typeX,$contextual);
exit();
}
/* if(!empty($_POST['uploadedLayer'])) {
$filename =stripslashes($_POST['uploadedLayer']);
$filename=basename($filename);
$themeid = $_GET["themeid"];
$catalogid = $_GET["catalogid"];
$level = $_POST["level"];
$themeid = $db->base64url_decode($themeid);
$db->updateAdapt($catalogid,$filename,$themeid,$level);
echo "Successfully added layer ".$level;
}
*/
if(!empty($_GET['deleteLayer']))
{
$catalogid = $_GET['catalogid'];
$themeid = $_GET['themeid'];
$layerid=mysqli_real_escape_string($link,$_POST['layer_id']);
$themeid = $db->base64url_decode($themeid);
$db->deleteLayer($catalogid,$layerid,$themeid);
echo "Success: Deleted Layer $layerid. <b>Click Save to Continue</b>";
}
if(!empty($_GET['deleteFont']))
{
$catalogid = $_GET['catalogid'];
$themeid = $_GET['themeid'];
$layerid=mysqli_real_escape_string($link,$_POST['layer_id']);
$themeid = $db->base64url_decode($themeid);
$db->deleteFont($catalogid,$layerid,$themeid);
echo "Success: Detached Font $layerid from theme <b>Click Save to Continue</b>";
}
if(!empty($_GET['textDesign']))
{
$catalogid = $_GET['catalogid'];
echo $themeid = $_GET['themeid'];
/*$layerid=mysql_real_escape_string($_POST['layer_id']);
$themeid = $db->base64url_decode($themeid);
$db->deleteLayer($catalogid,$layerid,$themeid);*/
}