File: /var/www/html/tmpr/../tmpr/../tmpr/../tmpr/..//pages/viewproducts.php
<?php
require("./NewsSql.inc.php");
$db = new NewsSQL($dbname);
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
page_protect();
?>
<?
?>
<?php
//$max_file_size=5048576;
//if($_FILES["userfile"]["size"]['tmp_name']<$max_file_size){
// exit("tooo big");
// }
// size input prevents buffer overrun exploits.
function sizeinput($input, $len){
(int)$len;
(string)$input;
$n = substr($input, 0,$len);
$ret = trim($n);
$out = htmlentities($ret, ENT_QUOTES);
return $out;
}
function checkfile($input){
$ext = array('mpg', 'wma', 'mov', 'flv', 'mp4', 'm4v', 'avi', 'qt', 'wmv', 'rm', '3gp', 'mpeg', 'divx', 'moov', 'asf', 'swf', 'vob');
$extfile = substr($input['name'],-4);
$extfile = explode('.',$extfile);
$good = array();
$extfile = $extfile[1];
if(in_array($extfile, $ext)){
$good['safe'] = true;
$good['ext'] = $extfile;
}else{
$good['safe'] = false;
}
return $good;
}
$VideoPath = "uploads/live/";
$live_img = 'uploads/images/';
$videouser = $_SESSION['user_id'];
//no error reporting
//@error_reporting(0);
if (empty($page)){
$page = 0;
}
$record = 20;
if ($Delnews==$admin_yes) {
$newsid = $db->base64url_decode($newsid);
$db->delnews($newsid,$VideoPath);
}
if (!empty($addnews)) {
$_POST = filter($_POST);
$mytitle = mysqli_real_escape_string($link,$mytitle);
$content = mysqli_real_escape_string($link,$content);
$description = mysqli_real_escape_string($link,$description);
$keywords = mysqli_real_escape_string($link,$keywords);
// if the form was submitted process request if there is a file for uploading
if($_POST && array_key_exists("userfile", $_FILES)){
//$uploaddir is for videos before conversion
$uploaddir = 'uploads/videos/';
//$VideoPath is for videos after converted to flv
$VideoPath = 'uploads/live/';
//$live_img is for the first frame thumbs.
$live_img = 'uploads/images/';
$upload = basename($_FILES['userfile']['name']);
$upload = preg_replace('/[\ ]/', '-', $upload);
$uploadfile = $uploaddir .$upload;
$vid_title = sizeinput($_POST['vid_title'], 50);
$vid_desc = sizeinput($_POST['vid_description'], 200);
$vid_cat = (int)$_POST['vid_cat'];
$vid_usr_ip = $_SERVER['REMOTE_ADDR'];
$safe_file = checkfile($_FILES['userfile']);
if($safe_file['safe'] == 1)
{
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
//header('Location: addvideo.php?msg=Your Video was Successfully Uploaded!<br>');
$extension = $safe_file['ext'];
$base = basename($uploadfile, $safe_file['ext']);
$db_file = $videouser.$base;
$new_file = $videouser.$base.'flv';
$new_image = $videouser.$base.'jpg';
$new_image_path = $live_img.$new_image;
$new_flv = $VideoPath.$new_file;
//ececute ffmpeg generate flv exec('ffmpeg -i '.$uploadfile.' -r 30 -ab 64 -ar 44100 -b 300k -f flv -s 500x300 -sameq '.$new_flv.'');
/////////////////////////////////////////////////////////////
// //
// encode video to flv //
/////////////////////////////////////////////////////////////
set_time_limit(300);
switch ($extension) {
case 'wmv':
//UNCOMMENT THIS LINE OUTPUTS VERY HIGH QUALITY FLV -- FLV FILE MUCH LARGER
//$ffmpeg_cmd2 = "ffmpeg -i $uploadfile -ab 64 -ar 44100 -b 300k -r 30 -s 720x480 -sameq $new_flv";
@exec('ffmpeg -i '.$uploadfile.' -copyts -ar 44100 -s 500x300 '.$new_flv.'');
@exec('ffmpeg -i '.$uploadfile.' -f mjpeg -vframes 100 -t 00:00:03 -s 130x80 -an '.$new_image_path.'');
break;
///////////////////////// LAST RELEASE MENCODER BREAKS AUDIO SYNC //////////////////////
//////////////////////// SO LETS USE FFMPEG ON AVI'S ALSO //////////////////////////////
case 'avi':
@exec('ffmpeg -i '.$uploadfile.' -copyts -r 30 -ab 64 -ar 44100 -b 300k -f flv -s 500x300 '.$new_flv.'');
@exec('ffmpeg -i '.$uploadfile.' -f mjpeg -vframes 100 -t 00:00:03 -s 130x80 -an '.$new_image_path.'');
break;
////////////////////// IF UPLOAD IS ALREADY FLV TYPE JUST COPY IT ///////////////////
/////////////////////////////////////////////////////////////////////////////////////
case 'flv':
//just move the flv file
//@exec('ffmpeg -i '.$uploadfile.' -f mjpeg -vframes 100 -t 00:00:03 -s 130x80 -an '.$new_image_path.'');
@copy($uploadfile, $new_flv);
break;
////////////////////////// IF OTHER VIDEO TYPE USE MENCODER ///////////////////////////
/////////////////////// MPEG, MPG, RM IS ENABLED IN CONFIG_PM /////////////////////////
default:
@exec('ffmpeg -i '.$uploadfile.' -r 30 -ab 64 -ar 44100 -b 300k -f flv -s 500x300 '.$new_flv.'');
//execute ffmpeg and create thumb
@exec('ffmpeg -i '.$uploadfile.' -f mjpeg -vframes 100 -t 00:00:03 -s 130x80 -an '.$new_image_path.'');
/*
$path_to_mencoder = $config["path_to_mencoder"];
$mencoder_cmd = "$path_to_mencoder $uploadfile -o $new_flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=800:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -vf scale=320:233 -srate 22050";
@exec("$mencoder_cmd 2>&1", $output);
//If no flv was created. Attempt to convert with -vop swicth and not -vf
if (!file_exists($new_flv)) {
$mencoder_cmd = "$path_to_mencoder $uploadfile -o $new_flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=800:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -vop scale=450:400 -srate 22050";
@exec("$mencoder_cmd 2>&1", $output);
}
//If no flv was created. Attempt to convert with no -lavcopts i_certify_etc_etc
if (!file_exists($new_flv)) {
$mencoder_cmd = "$path_to_mencoder $uploadfile -o $new_flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=800:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -vf scale=450:400 -srate 22050";
@exec("$mencoder_cmd 2>&1", $output);
} */
break;
}
//############################### END VIDEO TYPE SWITCH ############################
//####################################################################################
/////////////////////////////////////////////////////////////
// STEP 2 //
// FLVTOOL2 INJECTION //
/////////////////////////////////////////////////////////////
/* $path_to_flv = $config["path_to_flvtool2"];
$flv_cmd = "$path_to_flv -U $new_flv";
@exec("$flv_cmd 2>&1", $output); */
//echo "$extension";
header('Location: addvideo.php?msg= Your Video was Successfully Uploaded!<br>'.$theextension);
$newsid = $db->addnews($catalogid,$title,$content,$viewnum,$rating,$ratenum,$keywords,$isdisplay,$description,$vcat,$summary,$video,$thumb);
$db->Insertslug($newsid,$slug,$title);
$db->add_Video($newsid,$db_file,$new_image,$VideoPath);
} else {
header('Location: addvideo.php?msg=There was a problem uploading you video.Check video file size then try again<br>');
// print_r($_FILES);
}
}else{
header('Location: addvideo.php?msg=Invalid File Type Please Try Again. You file must be of type .mpg, .wma, .mov, .flv, .mp4, .avi, .qt, .wmv, .rm');
}
}
}
if (!empty($editnews)) {
$_POST = filter($_POST);
$mytitle = mysqli_real_escape_string($link,$mytitle);
$content = mysqli_real_escape_string($link,$content);
$description = mysqli_real_escape_string($link,$description);
$keywords = mysqli_real_escape_string($link,$keywords);
$db->editnews($catalogid,$mytitle,$content,$viewnum,$rating,$ratenum,$keywords,$isdisplay,$description,$vcat,$summary,$thumb,$newsid,$slug);
$db->editslug($newsid,$slug,$mytitle,$str);
// if the form was submitted process request if there is a file for uploading
if($_POST && array_key_exists("userfile", $_FILES)){
//$uploaddir is for videos before conversion
$uploaddir = 'uploads/videos/';
//$VideoPath is for videos after converted to flv
$VideoPath = 'uploads/live/';
//$live_img is for the first frame thumbs.
$live_img = 'uploads/images/';
$upload = basename($_FILES['userfile']['name']);
$upload = preg_replace('/[\ ]/', '-', $upload);
$uploadfile = $uploaddir .$upload;
$vid_title = sizeinput($_POST['vid_title'], 50);
$vid_desc = sizeinput($_POST['vid_description'], 200);
$vid_cat = (int)$_POST['vid_cat'];
$vid_usr_ip = $_SERVER['REMOTE_ADDR'];
$safe_file = checkfile($_FILES['userfile']);
if($safe_file['safe'] == 1)
{
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
// header('Location: addvideo.php?msg=Your Video was Successfully Uploaded!<br>');
$extension = $safe_file['ext'];
$base = basename($uploadfile, $safe_file['ext']);
$db_file = $videouser.$base;
$new_file = $videouser.$base.'flv';
$new_image = $base.'jpg';
$new_image_path = $live_img.$new_image;
$new_flv = $VideoPath.$new_file;
//ececute ffmpeg generate was flv exec('ffmpeg -i '.$uploadfile.' -f flv -s 500x300 '.$new_flv.'');
/////////////////////////////////////////////////////////////
// //
// encode video to flv //
/////////////////////////////////////////////////////////////
set_time_limit(300);
switch ($extension) {
case 'wmv':
//UNCOMMENT THIS LINE OUTPUTS VERY HIGH QUALITY FLV -- FLV FILE MUCH LARGER
//$ffmpeg_cmd2 = "ffmpeg -i $uploadfile -ab 64 -ar 44100 -b 300k -r 30 -s 720x480 -sameq $new_flv";
@exec('ffmpeg -i '.$uploadfile.' -copyts -ar 44100 -s 500x300 '.$new_flv.'');
@exec('ffmpeg -i '.$uploadfile.' -f mjpeg -vframes 100 -t 00:00:10 -s 130x80 -an '.$new_image_path.'');
break;
///////////////////////// LAST RELEASE MENCODER BREAKS AUDIO SYNC //////////////////////
//////////////////////// SO LETS USE FFMPEG ON AVI'S ALSO //////////////////////////////
case 'avi':
@exec('ffmpeg -i '.$uploadfile.' -copyts -r 30 -ab 64 -ar 44100 -b 300k -f flv -s 500x300 '.$new_flv.'');
@exec('ffmpeg -i '.$uploadfile.' -f mjpeg -vframes 100 -t 00:00:10 -s 130x80 -an '.$new_image_path.'');
break;
////////////////////// IF UPLOAD IS ALREADY FLV TYPE JUST COPY IT ///////////////////
/////////////////////////////////////////////////////////////////////////////////////
case 'flv':
//just move the flv file
@exec('ffmpeg -i '.$uploadfile.' -f mjpeg -vframes 100 -t 00:00:10 -s 130x80 -an '.$new_image_path.'');
@copy($uploadfile, $new_flv);
break;
////////////////////////// IF OTHER VIDEO TYPE USE MENCODER ///////////////////////////
/////////////////////// MPEG, MPG, RM IS ENABLED IN CONFIG_PM /////////////////////////
default:
@exec('ffmpeg -i '.$uploadfile.' -r 30 -ab 64 -ar 44100 -b 300k -f flv -s 500x300 '.$new_flv.'');
//execute ffmpeg and create thumb
@exec('ffmpeg -i '.$uploadfile.' -f mjpeg -vframes 100 -t 00:00:10 -s 130x80 -an '.$new_image_path.'');
/*
$path_to_mencoder = $config["path_to_mencoder"];
$mencoder_cmd = "$path_to_mencoder $uploadfile -o $new_flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=800:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -vf scale=320:233 -srate 22050";
@exec("$mencoder_cmd 2>&1", $output);
//If no flv was created. Attempt to convert with -vop swicth and not -vf
if (!file_exists($new_flv)) {
$mencoder_cmd = "$path_to_mencoder $uploadfile -o $new_flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=800:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -lavfopts i_certify_that_my_video_stream_does_not_use_b_frames -vop scale=450:400 -srate 22050";
@exec("$mencoder_cmd 2>&1", $output);
}
//If no flv was created. Attempt to convert with no -lavcopts i_certify_etc_etc
if (!file_exists($new_flv)) {
$mencoder_cmd = "$path_to_mencoder $uploadfile -o $new_flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=800:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -vf scale=450:400 -srate 22050";
@exec("$mencoder_cmd 2>&1", $output);
} */
break;
}
//############################### END VIDEO TYPE SWITCH ############################
//####################################################################################
/////////////////////////////////////////////////////////////
// STEP 2 //
// FLVTOOL2 INJECTION //
/////////////////////////////////////////////////////////////
/* $path_to_flv = $config["path_to_flvtool2"];
$flv_cmd = "$path_to_flv -U $new_flv";
@exec("$flv_cmd 2>&1", $output); */
//create query to store video
$db->update_Video($newsid,$db_file,$new_image,$VideoPath);
} else {
header('Location: addvideo.php?msg=There was a problem uploading you video. Check video file size then try again<br>');
// print_r($_FILES);
}
}else{
echo '';
}
}
header("Location: addvideo.php?msg=Video+edited+Successfully!");
}
if (!empty($DP1)) {
$db->del_Video($newsid,$VideoPath);
}
if (!empty($editthumb)) {
$tempuserfile = $_FILES['userfile']['tmp_name'];
$tempuserfile_name = $_FILES['userfile']['name'];
if ((!empty($tempuserfile)) && (!empty($tempuserfile_name))) {
$userfile = $tempuserfile;
$userfile_name = $tempuserfile_name;
}
if ((!empty($userfile)) && (!empty($userfile_name))) {
$videouser = $_SESSION['user_id'];
$userfile_name = preg_replace('/[\ ]/', '-', $userfile_name);
$userfile_name = $videouser.rand(455,78787).$userfile_name;
$dest1 = $live_img.$userfile_name;
copy($userfile, $dest1);
/* $starting_image = imagecreatefromjpeg("$live_img$userfile_name");
$width = imagesx($starting_image);
$height = imagesy($starting_image);
$thumb_width = 130;
$thumb_height = 80;
$thumb_image = imagecreatetruecolor($thumb_width, $thumb_height);
imagecopyresampled($thumb_image, $starting_image, 0, 0, 0, 0, $thumb_width, $thumb_height, $width, $height);
imagejpeg($thumb_image, "$live_img$userfile_name");*/
$db->addThumb($newsid,$userfile_name,$live_img);
}}
$result = $db->viewvideo($page,$record,$catid);
?>
<html>
<head>
<title><?php print "$admin_newsadmin"; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php print "$admin_charset"; ?>">
<link href="styles.css" rel="stylesheet" type="text/css">
<style type="text/css">
<!--
.style6 {font-size: 12px}
-->
</style>
<script language="JavaScript" type="text/javascript" src="<?php echo $siteaddress;?>js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="<?php echo $siteaddress;?>js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#myform").validate();
});
</script>
</head>
<body>
<?php
?>
<table width="900" border="0" cellspacing="0" cellpadding="5" class="main">
<tr>
<td colspan="3"><?php
include 'header.php';
?></td>
</tr>
<tr>
<td width="228" valign="top"><?php
include 'navigation.php';
?>
<p> </p>
<p> </p>
<p> </p>
<p> </p></td>
<td width="528" valign="top">
<span class="title"> <?php
$nameinfo = $db->getallepi();
if (!empty($nameinfo)){
while (list($key,$val)=each($nameinfo)) {
$catalogid = stripslashes($val["catalogid"]);
$theparentid = stripslashes($val["parentid"]);
$catalogname = stripslashes($val["catalogname"]);
if ($catid==$catalogid){
print "$catalogname";
}
}}
?></span><br>
<div style="padding:10px;">
<div class="wa">
<div class="wb">
<div class="wc">
<div class="wd">
<?php
if (empty($result)) {?>
You have no videos in this category/episode yet.
</a>
<?php }
?>
<table width="600" border="0" cellpadding="2" cellspacing="1" >
<?php
if (!empty($result)) {?>
<div class="titlehdr">My Videos</div>
<tr>
<td width="102"><div align="center" class="style12"><strong><span class="style6">Thumbnail</span></strong></div></td>
<td width="191"><div align="center" class="style12"><strong><span class="style6 style6">My videos</span></strong></div></td>
<td width="71"><div align="center" class="style12"><strong><span class="style6">views</span></strong></div></td>
<td width="76"><div align="center" class="style12"><strong><span class="style6">Rating</span></strong></div></td>
<td><div align="center" class="style12"><strong><span class="style6">Published</span></strong></div></td>
<td colspan="2"><div align="center" class="style12"><strong><span class="style6 style6">Modify</span></strong></div></td>
</tr>
<?php foreach ($result as $key => $val) {
$newsid = stripslashes($val["newsid"]);
$catalogid = stripslashes($val["catalogid"]);
$title = stripslashes($val["title"]);
$picture = stripslashes($val["picture"]);
$viewnum = stripslashes($val["viewnum"]);
$rating = stripslashes($val["rating"]);
$adddate = stripslashes($val["adddate"]);
$cataname = $db->getcatalognamebyid($catalogid);
?>
<tr>
<td><div align="center" class="style9"><span class="style6 style6"><a href="editthumb.php?newsid=<?php print "$newsid"; ?>" class="en_b style6 style6"><img src="<?php print "$live_img$picture"; ?>" width="80" height="30" vspace="2" alt="edit thumb"/></a></span></div></td>
<td><div align="left" class="style9"><span class="style6 style6"><?php print "$title"; ?></span></div></td>
<td><div align="center" class="style9"><span class="style6 style6"><?php print "$viewnum"; ?></span></div></td>
<td><div align="center" class="style9"><span class="style6 style6"><?php print "$rating"; ?></span></div></td>
<td><div align="center" class="style9"><span class="style6 style6"><?php print "$adddate"; ?></span></div></td>
<td width="26"><div align="center" class="style9">
<?php $newsid = $db->base64url_encode($newsid); ?>
<a href="editvideo.php?newsid=<?php print "$newsid"; ?>" class="en_b style6 style6"><?php print "$admin_edit"; ?></a></div></td>
<td width="26"><div align="center" class="style9"><a href="delcatanews.php?newsid=<?php print "$newsid"; ?>&catid=<?php print "$catid"; ?>" class="en_b style6 style6"><?php print "$admin_del"; ?></a></div></td>
</tr>
<tr>
<td colspan="7" bgcolor="#ffffff" height="1"></td>
</tr>
<?php
}
}
?>
</table>
</div>
</div></div></div></div>
<p align="right"> </p></td>
<td width="114" align="left" valign="top"></td>
</tr>
<tr>
<td colspan="3"><strong>Important: </strong>Do not upload any TV shows, music videos, music concerts, or commercials without permission unless they consist entirely of content you created yourself.
By clicking "Add Video", you are representing that this video does not violate Eziki's Terms of Use and that you own all copyrights in this video or have authorization to upload it.</td>
</tr>
<tr></tr>
</table>
</body>
</html>