File: /var/www/html/tmpr/../tmpr/../tmpr/../v/uploadParameters2.php
<?php
include("../includes/limittext.php");
include('../Connections/videoondemand.php');
require("../DbSql.inc.php");
require("../NewsSql.inc.php");
require("../const.inc.php");
$db = new NewsSQL($DBName);
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
$_GET = filter($_GET);
$_POST = filter($_POST);
if(!empty($_GET['duplicateTheme'])) {
$themeid = $_GET["themeid"];
$catalogid = $_GET["catalogid"];
$who = $_GET["who"];
$pic = $_GET["pic"];
$added = $db->checkAddedTheme($who,$themeid);
if($added == 0){exit(0);}
$uploaddir = 'v/uploads/raw/';
$image ="uploads/gthumbs/$pic";
$date = rand(11111111,99999999);
$copyimage ="uploads/gthumbs/$date".$pic;
$final ="$date".$pic;
copy($image,$copyimage);
$pic = $final;
$title = "Copy".rand(1111,9999);
$time=time();
$ip=$_SERVER['REMOTE_ADDR'];
$newsid=rand(1111111111111,9999999999999999);
if ($ext == "png") {$upload = basename($desti);}
if ($ext == "gif") {$upload = basename($desti);}
if(!empty($_GET['getRealID']))
{
$user_name ="user_name";
$title = $db->userDetails($user_name,$who).rand(111,999);
}
/* $title = "Copy".$db->themeDetails("title",$_GET["themeid"],$_GET["catalogid"]);*/
$sql_insert = "INSERT INTO `profilepicture` (title,catalogid, ip,adddate,picture,poster,isdisplay,type,affiliate) VALUES ('$title', '$who','$ip','$time','$pic','$pic','13','2','$themeid')";
mysqli_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
$newthemeid = mysql_insert_id($link);
$myLayers = $db->getmylayersduplicate($themeid,$catalogid);
while ( list($key,$val)=each($myLayers) ) {
$layer = $val["name"];
$layertype = $val["layertype"];
$position = $val["position"];
$layerw=$val["layerw"];
$layerh=$val["layerh"];
$layerx=$val["layerx"];
$layery=$val["layery"];
$layerr=$val["layerr"];
$layerfliph=$val["flipH"];
$layeropacity=$val["layeropacity"];
$layerflipv=$val["flipV"];
$db->addDuplicateLayer($who ,$newthemeid,$layer,$layerw,$layerh,$layerx,$layery,$layerr,$layerfliph,$layerflipv,$layeropacity,$layertype,$position);
$myTheme = $db->getMyLayerDetails($newthemeid);
$title = $myTheme[0]["title"];
$alias = $myTheme[0]["title"];
include('json/jsonTheme.php');
$db->updateThemeForMigration($themeParams,$alias,$newthemeid);
}
if(!empty($_GET['getRealID']))
{
$copyimage= basename($copyimage);
$parameters ="&theme_id=$newthemeid&pic=$copyimage&mag=yes&x=0&y=0&gratitude=posted&context=How%20Are%20You%20Feeling%20Today&filter=mood&cl=machine&overlay=0&saveThemePoster=1&nani=$who&default=yes&msg_id=$newthemeid";
exit($parameters);
}
echo $db->base64url_encode($newthemeid);
}
if(!empty($_GET['migrateTheme'])) {
/* include('../Connections/json.php');*/
$themeid = $_GET["themeid"];
$catalogid = $_GET["catalogid"];
$who = $_GET["who"];
$pic = $_GET["pic"];
$myTheme = $db->getMyLayerDetails($themeid);
$title = $myTheme[0]["title"];
$alias = $myTheme[0]["title"];
include('json/jsonTheme.php');
/*$themeParams =str_replace("replaceme","$title","$themeParams");
*/
//$themeParams =str_replace("REPLACETITLE","$title","$themeSettings");
/*$myLayers = $db->getmylayersduplicate($themeid,$catalogid);
echo $layer1 = $myLayers[1]["name"];;*/
$db->updateThemeForMigration($themeParams,$alias,$themeid);
}
function LayerOrderType($brand,$uniqueId,$layer_x,$layer_y,$layer_w,$layer_h,$layeropacity,$layer_r)
{
if (strpos($brand, 'route=profilePic') !== false){
include('json/jsonProfile.php');
$zindex= $uniqueId ;
$layer_x=$layer_x;
$layer_y= $layer_y;
$layer_r =$layer_r;
$layeropacity=$layeropacity;
$layer_w=$layer_w;
$layer_h=$layer_h;
$type =str_replace("REPLACEIMAGE",$brand,"$layerImage");
$type =str_replace("REPLACENO","$uniqueId","$type");
$type =str_replace("REPLACEZINDEX","$zindex","$type");
$type =str_replace("REPLACEX","$layer_x","$type");
$type =str_replace("REPLACEY","$layer_y","$type");
$type =str_replace("REPLACELAYERW","$layer_w","$type");
$type =str_replace("REPLACELAYERH","$layer_h","$type");
}
if ((strpos($brand, 'route=theUpdate') !== false) || (strpos($brand, 'route=thePlain') !== false) || (strpos($brand, 'route=theUrl') !== false)|| (strpos($brand, 'route=theName') !== false)|| (strpos($brand, 'route=theUser') !== false)){
include('json/jsonText.php');
$str =$brand;
$str = str_replace('?', '&', $str);
parse_str($str, $output);
$route=$output['route'];
$fontid=$output['fontid'];
$myfont=$output['myfont'];
$fontcatalogid=$output['fontcatalogid'];
$themeid=$output['themeid'];
$font_Username=$output['font_Username'];
$font_Name=$output['font_Name'];
$font_Url=$output['font_Url'];
$font_Text=$output['font_Text'];
$text_w=$output['text_w'];
$text_h=$output['text_h'];
$text_x=$layer_x;
$text_y=$layer_y;
$text_align=$output['text_align'];
$text_size=$output['text_size']-7;
$text_color=$output['text_color'];
$url_color=$output['url_color'];
$name_color=$output['name_color'];
$username_color=$output['username_color'];
$url_size=$output['url_size'];
$name_size=$output['name_size'];
$username_size=$output['username_size'];
$text_pad=$output['text_pad'];
$text_line_height=$output['text_line_height'];
$text=$output['text'];
$uniqueText=$output['text'];
$layer_x=$layer_x;
$layer_y= $layer_y;
$layer_r =$layer_r;
$layeropacity=$layeropacity;
$layer_w=$layer_w;
$layer_h=$layer_h;
$zindex= $uniqueId ;
$type =str_replace("REPLACETEXT","$text","$layerText");
$type =str_replace("REPLACENO","$uniqueId","$type");
if(strpos($brand, 'route=theUser') !== false)
{
$rand =$db -> username($catalogid);
$type =str_replace("REPLACETYPE","dynamictext","$type");
$type =str_replace("REPLACEALT","dynamicrandom","$type");
$type =str_replace("randomFunc","$rand","$type");
$type =str_replace("REPLACEALIAS: ","Dynamic: ","$type");
}
if(strpos($brand, 'route=theName') !== false)
{
$rand =$db -> user($catalogid);
$type =str_replace("REPLACETYPE","dynamictext","$type");
$type =str_replace("REPLACEALT","dynamicname","$type");
$type =str_replace("randomFunc","$rand","$type");
$type =str_replace("REPLACEALIAS: ","Dynamic: ","$type");
}
if(strpos($brand, 'route=theUrl') !== false)
{
$rand =$db -> username($catalogid);
$type =str_replace("REPLACETYPE","dynamictext","$type");
$type =str_replace("REPLACEALT","dynamicuser","$type");
$type =str_replace("randomFunc","$rand","$type");
$type =str_replace("REPLACEALIAS: ","Dynamic: ","$type");
}
if ((strpos($brand, 'route=theUpdate') !== false)){
$type =str_replace("REPLACETYPE","text","$type");
$type =str_replace("REPLACEALT","dynamictext","$type");
$type =str_replace("REPLACEALIAS: ","Dynamic: ","$type");}
if($text == "timeFunc")
{
$time =date('H:i');
$type =str_replace("REPLACETYPE","dynamictext","$type");
$type =str_replace("REPLACEALT","dynamictime","$type");
$type =str_replace("timeFunc","$time","$type");
$type =str_replace("REPLACEALIAS: ","Dynamic: ","$type");
}
if($text == "dayFunc")
{
$date =date('d/m/Y ');
$type =str_replace("REPLACETYPE","dynamictext","$type");
$type =str_replace("REPLACEALT","dynamicdate","$type");
$type =str_replace("dayFunc","$date","$type");
$type =str_replace("REPLACEALIAS: ","Dynamic: ","$type");
}
if($text == "randomFunc")
{
$rand =rand(11111111,99999999);
$type =str_replace("REPLACETYPE","dynamictext","$type");
$type =str_replace("REPLACEALT","dynamicrandom","$type");
$type =str_replace("randomFunc","$rand","$type");
$type =str_replace("REPLACEALIAS: ","Dynamic: ","$type");
}
$type =str_replace("REPLACEZINDEX","$zindex","$type");
$type =str_replace("REPLACEHEIGHT","$layer_h","$type");
$type =str_replace("REPLACEWIDTH","$layer_w","$type");
$type =str_replace("REPLACEX","$layer_x","$type");
$type =str_replace("REPLACEY","$layer_y","$type");
$type =str_replace("REPLACER","$layer_r","$type");
$type =str_replace("REPLACEOPACITY","$layeropacity","$type");
$type =str_replace("REPLACELAYERW","$layer_w","$type");
$type =str_replace("REPLACELAYERH","$layer_h","$type");
$type =str_replace("REPLACEFONTSIZE","$text_size","$type");
$type =str_replace("REPLACEFONTHEIGHT","$text_line_height","$type");
$type =str_replace("REPLACEFONTCOLOR","$text_color","$type");
$type =str_replace("REPLACEFONTFAMILY","$font_Text","$type");
}
if (strpos($brand, 'v/uploads/gthumbs') !== false){
include('json/jsonPic.php');
$zindex= $uniqueId ;
$layer_x=$layer_x;
$layer_y= $layer_y;
$layer_r =$layer_r;
$layeropacity=$layeropacity;
$layer_w=$layer_w;
$layer_h=$layer_h;
$type =str_replace("REPLACEIMAGE",$brand,"$layerImage");
$type =str_replace("REPLACENO","$uniqueId","$type");
$type =str_replace("REPLACEZINDEX","$zindex","$type");
$type =str_replace("REPLACEX","$layer_x","$type");
$type =str_replace("REPLACEY","$layer_y","$type");
$type =str_replace("REPLACELAYERW","$layer_w","$type");
$type =str_replace("REPLACELAYERH","$layer_h","$type");
}
if (strpos($brand, 'image=/filters/mood/') !== false){
include('json/jsonMood.php');
$zindex= $uniqueId ;
$str =$brand;
$str = str_replace('?', '&', $str);
parse_str($str, $output);
$brand= $siteMe.$output['image'];
$layer_x=$layer_x;
$layer_y= $layer_y;
$layer_r =$layer_r;
$layeropacity=$layeropacity;
$layer_w=$layer_w;
$layer_h=$layer_h;
$type =str_replace("REPLACEIMAGE",$brand,"$layerImage");
$type =str_replace("REPLACENO","$uniqueId","$type");
$type =str_replace("REPLACEZINDEX","$zindex","$type");
$type =str_replace("REPLACEX","$layer_x","$type");
$type =str_replace("REPLACEY","$layer_y","$type");
$type =str_replace("REPLACELAYERW","$layer_w","$type");
$type =str_replace("REPLACELAYERH","$layer_h","$type");
}
/* include('../Connections/json.php');
if (strpos($brand, 'route=theUpdate') !== false){$type = $layerText;$type =str_replace("replacetext","$brand","$type"); }
if (strpos($brand, 'route=thePlain') !== false){$type = $layerText ;$type =str_replace("replacetext","$brand","$type");}
if (strpos($brand, 'route=theUrl') !== false){$type = $layerText ;$type =str_replace("replacetext","$brand","$type");}
if (strpos($brand, 'route=theName') !== false){$type = $layerText ; $type =str_replace("replacetext","$brand","$type");}
if (strpos($brand, 'route=profile') !== false){$type = $layerText ; $type =str_replace("replacetext","$brand","$type");}
if (strpos($brand, 'route=profilePic') !== false){$type = $layerImage;$type =str_replace("replaceimage","$brand","$type");}
if (strpos($brand, 'v/uploads/gthumbs') !== false){$type = $layerImage ;$type =str_replace("replaceimage","$brand","$type");}
*/ return $type;
}
if(!empty($_GET['fbConnect'])) {
extract($_POST);
if(isset($_POST['id']) && !empty($_POST['id']))
{
$user_email = mysqli_real_escape_string($link,$email);
$user_name = mysqli_real_escape_string($link,$name);
$user_name = preg_match('/[^A-Za-z0-9-]+/', $user_name);
$first_name = mysqli_real_escape_string($link,$first_name);
$first_name = preg_match('/[^A-Za-z0-9-]+/', $first_name);
$last_name = mysqli_real_escape_string($link,$last_name);
$last_name = preg_match('/[^A-Za-z0-9-]+/', $last_name);
$oauth_id = mysqli_real_escape_string($link,$_POST['id']);
$sql = "SELECT `catalogid`,`catalogname`,`approved`,`admin`,`slug` FROM users WHERE user_email='$user_email' ";
$result = mysqli_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
if ( $num > 0 ) {
list($catalogid,$catalogname,$approved,$admini,$sluga) = mysql_fetch_row($result);
$sql = "SELECT `catalogid`,`catalogname`,`approved`,`admin`,`slug` FROM users WHERE user_email='$user_email' AND oauth_id='$oauth_id' AND `banned` = '0'";
$result = mysqli_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
list($catalogid,$catalogname,$approved,$admini,$sluga) = mysql_fetch_row($result);
session_start();
$_SESSION['euserid']= $catalogid;
$_SESSION['admini']= $admini;
$_SESSION['euserid'] = $catalogid;
$_SESSION['isLogin'] = true;
setcookie("user_id", $_SESSION['euserid'], time()+60*60*24*60, "/");
setcookie("euserid", $_SESSION['euserid'], time()+60*60*24*60, "/");
setcookie("admini", $_SESSION['admini'], time()+60*60*24*60, "/");
setcookie("sluga", $_SESSION['sluga'], time()+60*60*24*60, "/");
setcookie("user_name", $_SESSION['user_name'], time()+60*60*24*60, "/");
}
else {
$user_email = mysqli_real_escape_string($link,$email);
$user_name = mysqli_real_escape_string($link,$name);
$user_name = preg_match('/[^A-Za-z0-9-]+/', $user_name);
$first_name = mysqli_real_escape_string($link,$first_name);
$first_name = preg_match('/[^A-Za-z0-9-]+/', $first_name);
$last_name = mysqli_real_escape_string($link,$last_name);
$last_name = preg_match('/[^A-Za-z0-9-]+/', $last_name);
$oauth_id = mysqli_real_escape_string($link,$_POST['id']);
$slug = preg_replace( '/[«»""!?,.!@£$%^&*{};:()]+/', '', $first_name.$last_name);
$slug = strtolower($slug);
$slug=preg_replace('/[^A-Za-z0-9-]+/', '-', $slug);
$catalogname = "$first_name $last_name";
$user_ip = $_SERVER['REMOTE_ADDR'];
$md5pass = md5($oauth_id);
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$activ_code = rand(1000000,9000000);
$sql = "INSERT into `users` (`catalogname`,`catalogid`,`date`,`users_ip`,`activation_code`,`user_name`,`user_email`,`admin`,`approved`,`slug`)
VALUES ('$catalogname','$activ_code',now(),'$user_ip','$activ_code','$user_name','$user_email','1','1','$slug')";
mysqli_query($sql,$link) ;
}
echo json_encode($_POST);
}
else {
$arr = array('error' => 1);
echo json_encode($arr);
}
}
if(!empty($_GET['getThemeID'])) {
$themeid = $_GET["themeid"];
$themeid = $db->base64url_decode($themeid);
exit($themeid);
}
if(!empty($_POST['params'])) {
// Convert JSON string to Array
$person =stripslashes($_POST['params']);
$person = html_entity_decode($person);
$theLayers = json_decode($person, true);
/* print_r($theLayers); */ // Dump all data of the Array
$theLayers["layers"][0]["src"];
$themeid = $_GET["themeid"];
$flagText = $_GET["flagText"];
$flagName = $_GET["flagName"];
$flagUser =$_GET["flagUser"];
$flagUrl = $_GET["flagUrl"];
$catalogid = $_GET["catalogid"];
$layerbg =$theLayers["background"];
$startag = $_GET["startag"];
$setPadding = $_GET["text_pad"];
$themeid = $db->base64url_decode($themeid);
$position0=$theLayers["layers"][0]["index"];
$position1=$theLayers["layers"][1]["index"];
$position2=$theLayers["layers"][2]["index"];
$position3=$theLayers["layers"][3]["index"];
$position4=$theLayers["layers"][4]["index"];
$position5=$theLayers["layers"][5]["index"];
$position6=$theLayers["layers"][6]["index"];
$position7=$theLayers["layers"][7]["index"];
$position8=$theLayers["layers"][8]["index"];
$position9=$theLayers["layers"][9]["index"];
$position10=$theLayers["layers"][10]["index"];
$myName = urlencode($db->user($catalogid));
$myUserName = urlencode($db->username($catalogid));
$myUrl = urlencode("theband.co.ke/".$db->username($catalogid));
$data = array(array(),array());
include("layers/0.php");
if(!empty($position10))
{
include("layers/10.php");
}
if(!empty($position9))
{
include("layers/9.php");
}
if(!empty($position8))
{
include("layers/8.php");
}
if(!empty($position7))
{
include("layers/7.php");
}
if(!empty($position6))
{
include("layers/6.php");
}
if(!empty($position5))
{
include("layers/5.php");
}
if(!empty($position4))
{
include("layers/4.php");
}
if(!empty($position3))
{
include("layers/3.php");
}
if(!empty($position2))
{
include("layers/2.php");
}
if(!empty($position1))
{
include("layers/1.php");
}
/* if(empty($position5))
{
$db->clearLayer5($catalogid,$themeid);
}
if(empty($position4))
{
$db->clearLayer4($catalogid,$themeid);
}
if(empty($position3))
{
$db->clearLayer3($catalogid,$themeid);
}
if(empty($position2))
{
$db->clearLayer2($catalogid,$themeid);
}
if(empty($position1))
{
$db->clearLayer1($catalogid,$themeid);
} */
$db->updateTheme($catalogid,$themeid,$startag);
/* $fontid="themeid";
$myfont="layerid";
$layerid= $_GET["layerid"];
$fontcatalogid= $_GET["catalogid"];
$themeid= $_GET["themeid"];
$font_Username= $_GET["font_Username"];
$font_Name= $_GET["font_Name"];
$font_Url= $_GET["font_Url"];
$font_Text= $_GET["font_Text"];
$text_w= $_GET["text_w"];
$text_h= $_GET["text_h"];
$text_x= $_GET["text_x"];
$text_y= $_GET["text_y"];
$text_align= $_GET["text_align"];
$text_size= $_GET["text_size"];
$text_color= "#".$_GET["text_color"];
$url_color= $_GET["url_color"];
$name_color= $_GET["name_color"];
$username_color= $_GET["username_color"];
$url_size= $_GET["url_size"];
$name_size= $_GET["name_size"];
$username_size= $_GET["username_size"];
$text_pad= $_GET["text_pad"];
$theText= $_GET["text"];
$theText = htmlentities($theText);
$db->addFont($catalogid5 ,$themeid);*/
echo "Successfully saved theme ".$startag;
}
if ($_GET['default']=="yes") {
$msg_id = $_GET['msg_id'];
$db->def($msg_id);
exit("Theme made default");
}
if(!empty($_GET['messaging']))
{
$realtheme = $_GET['realthemeX'];
$view = $_GET['view'];
$catalogid = $_GET['catalogidX'];
$mytheme = $_GET['mythemeX'];
$description = $_GET['description'];
$salutation = $_GET['salutation'];
$contextual = $_GET['contextual'];
$type = $_GET['typeX'];
$campaign = $db->addMessaging($catalogid,$view,$mytheme,$description,$salutation,$type,$contextual);
exit();
}
if(!empty($_GET['deleteMessaging']))
{
$catalogid = $_GET['catalogid'];
$newsid = $_GET['ID'];
$db->deleteMessaging($catalogid,$newsid);
echo "Success: Deleted Message";
}
if(!empty($_GET['campaign']))
{
$realtheme = $_GET['realthemeX'];
$themeid = $_GET['themeidX'];
$catalogid = $_GET['catalogidX'];
$mytheme = $_GET['mythemeX'];
$title = $_GET['titleX'];
$hashtag = $_GET['hashtagX'];
$type = $_GET['typeX'];
$hashtag = str_replace('#','',$hashtag);
$campaign = $db->addCampaign($catalogid,$themeid,$mytheme,$title,$hashtag,$type);
exit();
}
if(!empty($_GET['editcampaign']))
{
$realtheme = $_GET['realthemeX'];
$themeid = $_GET['themeidX'];
$catalogid = $_GET['catalogidX'];
$mytheme = $_GET['mythemeX'];
$view = $_GET['viewX'];
$title = $_GET['titleX'];
$hashtagX = $_GET['hash'];
$type = $_GET['typeX'];
$hashtag = str_replace('#','',$hashtagX);
$campaign = $db->editCampaign($catalogid,$themeid,$mytheme,$title,$hashtag,$type,$view);
exit();
}
if(!empty($_GET['editMessaging']))
{
$salutation = $_GET['salutation'];
$description = $_GET['description'];
$newsid = $_GET['newsid'];
$themeidX = $_GET['themeid'];
$viewX = $_GET['view'];
$typeX = $_GET['type'];
$contextual = $_GET['contextual'];
$campaign = $db->editMessaging($salutation,$description,$newsid,$themeidX,$viewX,$typeX,$contextual);
exit();
}
/* if(!empty($_POST['uploadedLayer'])) {
$filename =stripslashes($_POST['uploadedLayer']);
$filename=basename($filename);
$themeid = $_GET["themeid"];
$catalogid = $_GET["catalogid"];
$level = $_POST["level"];
$themeid = $db->base64url_decode($themeid);
$db->updateAdapt($catalogid,$filename,$themeid,$level);
echo "Successfully added layer ".$level;
}
*/
if(!empty($_GET['deleteLayer']))
{
$catalogid = $_GET['catalogid'];
$themeid = $_GET['themeid'];
$layerid=mysql_real_escape_string($_POST['layer_id']);
$themeid = $db->base64url_decode($themeid);
$db->deleteLayer($catalogid,$layerid,$themeid);
echo "Success: Deleted Layer $layerid. <b>Click Save to Continue</b>";
}
if(!empty($_GET['deleteFont']))
{
$catalogid = $_GET['catalogid'];
$themeid = $_GET['themeid'];
$layerid=mysql_real_escape_string($_POST['layer_id']);
$themeid = $db->base64url_decode($themeid);
$db->deleteFont($catalogid,$layerid,$themeid);
echo "Success: Detached Font $layerid from theme <b>Click Save to Continue</b>";
}
if(!empty($_GET['textDesign']))
{
$catalogid = $_GET['catalogid'];
echo $themeid = $_GET['themeid'];
/*$layerid=mysql_real_escape_string($_POST['layer_id']);
$themeid = $db->base64url_decode($themeid);
$db->deleteLayer($catalogid,$layerid,$themeid);*/
}