File: /var/www/html/tmpr/..//tmpr/../tmpr/..//tmpr/../tmpr/../v/ajaxuploadteam.php
<?php
include("../includes/limittext.php");
include('../Connections/videoondemand.php');
require("../DbSql.inc.php");
require("../NewsSql.inc.php");
require("../const.inc.php");
$db = new NewsSQL($DBName);
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
$_GET = filter($_GET);
$_POST = filter($_POST);
$valid_extensions = array('jpg' , 'png' ); // valid extensions
$path = '../v/uploads/teams/'; // upload directory
if(!empty($_POST['name']) || !empty($_POST['email']) || $_FILES['image'])
{
$img = $_FILES['image']['name'];
$tmp = $_FILES['image']['tmp_name'];
// get uploaded file's extension
$ext = strtolower(pathinfo($img, PATHINFO_EXTENSION));
// can upload same image using rand function
$final_image = md5(date('D, d M Y H:i:s')).$img;
// check's valid format
if(in_array($ext, $valid_extensions))
{
$path = $path.strtolower($final_image);
if(move_uploaded_file($tmp,$path))
{
echo "<img src='pages/splash/stock/list.png' />";
$realtheme = $_POST['realtheme'];
$themeid = $_POST['themeid'];
$catalogid = $_POST['catalogid'];
$mytheme = $_POST['mytheme'];
$teamdescription = $_POST['description'];
$title = $_POST['title'];
$hashtag = $_POST['hashtag'];
$teamtype = $_POST['teamtype'];
$hashtag = str_replace('#','',$hashtag);
$teamname= str_replace('#','',$title);
$picture =$final_image;
$addfile = $db->addMyTeam($catalogid,$teamtype,$teamdescription,$picture,$teamname);
exit();
//include database configuration file
//insert form data in the database
/*$insert = $videoondemand2->query("INSERT mydata (name,email,file_name) VALUES ('".$name."','".$email."','".$path."')");*/
//echo $insert?'ok':'err';
}
}
else
{
echo 'invalid';
}
}
?>