File: /var/www/html/tmpr/..//tmpr/..//tmpr/../tmpr/../tmpr/../v/ajaxuploadpicture.php
<?php
include("../includes/limittext.php");
include('../Connections/videoondemand.php');
require("../DbSql.inc.php");
require("../NewsSql.inc.php");
require("../const.inc.php");
$db = new NewsSQL($DBName);
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
$_GET = filter($_GET);
$_POST = filter($_POST);
$valid_extensions = array('jpg' ,'gif' , 'png' ); // valid extensions
$path = '../v/uploads/gthumbs/'; // upload directory
if(!empty($_POST['name']) || !empty($_POST['email']) || $_FILES['image'])
{
$img = $_FILES['image']['name'];
$tmp = $_FILES['image']['tmp_name'];
// get uploaded file's extension
$ext = strtolower(pathinfo($img, PATHINFO_EXTENSION));
// can upload same image using rand function
$final_image = md5(date('D, d M Y H:i:s')).$img;
// check's valid format
if(in_array($ext, $valid_extensions))
{
$path = $path.strtolower($final_image);
if(move_uploaded_file($tmp,$path))
{
echo "<img src='pages/splash/stock/list.png' />";
list($width, $height) = getimagesize($path);
$size = getimagesize($path);
$mime = $size['mime'];
$type = explode('/',$mime);
$type = $type[1];
$ids =$_POST['ids'];
$uid =$_POST['uid'];
$file_name =basename($path);
$image_type =$mime;
$file_ext =$type;
$file_size =1;
$is_image =1;
$image_width =$width;
$image_height =$height;
$isdisplay =0;
$created = date("Y-m-d H:i:s");
$addfile = $db->addMyPhoto($ids,$uid,$file_name,$image_type, $file_ext,$file_size,$is_image,$image_width, $image_height,$isdisplay, $created);
exit();
//include database configuration file
//insert form data in the database
/*$insert = $videoondemand2->query("INSERT mydata (name,email,file_name) VALUES ('".$name."','".$email."','".$path."')");*/
//echo $insert?'ok':'err';
}
}
else
{
echo 'invalid';
}
}
?>