File: /var/www/html/tmpr/../tmpr/../tmpr/../replacePoster.php
<?php
include("includes/limittext.php");
include('Connections/videoondemand.php');
require("DbSql.inc.php");
require("NewsSql.inc.php");
$db = new NewsSQL($DBName);
/*set_time_limit(0) ;*/
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
$_GET = filter($_GET);
$_POST = filter($_POST);
$mode=$_GET["mode"];
$themeid=$_GET["themeid"];
$font=$_GET["font"];
include("protect.php");
include("includes/processFunctionsX.php");
set_time_limit(0) ;
session_start();
$message = '';
if (isset($_POST['uploadBtn']) && $_POST['uploadBtn'] == 'Upload')
{
if (isset($_FILES['uploadedFile']) && $_FILES['uploadedFile']['error'] === UPLOAD_ERR_OK)
{
// get details of the uploaded file
$fileTmpPath = $_FILES['uploadedFile']['tmp_name'];
$fileName = $_FILES['uploadedFile']['name'];
$fileSize = $_FILES['uploadedFile']['size'];
$fileType = $_FILES['uploadedFile']['type'];
$fileNameCmps = explode(".", $fileName);
$fileExtension = strtolower(end($fileNameCmps));
// sanitize file-name
$newFileName = md5(time() . $fileName) . '.' . $fileExtension;
$newFileName = md5(time()).$fileName;
// check if file has one of the following extensions
$allowedfileExtensions = array('jpg', 'gif', 'png', 'zip', 'txt', 'xls', 'doc');
if (in_array($fileExtension, $allowedfileExtensions))
{
// directory in which the uploaded file will be moved
$oldfile=$_GET["oldfile"];
$uploadFileDir = 'v/uploads/gallery/';
$dest_path = $uploadFileDir . $newFileName;
unlink('v/uploads/gallery/'.$oldfile);
if(move_uploaded_file($fileTmpPath, $dest_path))
{
$message ='File is successfully uploaded.';
global $link;
// exit("update profilepicture set poster='$newFileName',picture='$newFileName' where id='$themeid'");
mysqli_query($link,"update profilepicture set poster='$newFileName',picture='$newFileName',public='1' where id='$themeid'");
}
else
{
$message = 'There was some error moving the file to upload directory. Please make sure the upload directory is writable by web server.';
}
}
else
{
$message = 'Upload failed. Allowed file types: ' . implode(',', $allowedfileExtensions);
}
}
else
{
$message = 'There is some error in the file upload. Please check the following error.<br>';
$message .= 'Error:' . $_FILES['uploadedFile']['error'];
}
}
$_SESSION['message'] = $message;
global $link;
$sql ="SELECT * FROM `profilepicture` where id='$themeid' limit 0,1";
$query = mysqli_query($link,$sql) or die(mysql_error());
while($row=mysqli_fetch_array($query)){
$catalogid= $row["catalogid"];
$title= $row["title"];
$poster= $row["poster"];
$theme_id= $row["id"];
$poster= $row["poster"];
$layerPosition=1;
}
?>
<table width="70%" border="0">
<tbody>
<tr>
<td><?php if (isset($_SESSION['message']) && $_SESSION['message'])
{
printf('<b>%s</b>', $_SESSION['message']);
unset($_SESSION['message']);
}?> <form method="POST" action="replacePoster.php?themeid=<?php echo $themeid;?>&oldfile=<?php echo $poster;?>" enctype="multipart/form-data">
<div>
<span>Upload a File:</span>
<input type="file" name="uploadedFile" />
</div>
<input type="submit" name="uploadBtn" value="Upload" />
</form></td>
</tr>
<tr>
<td>
<img src="http://localhost/thebrand/v/uploads/gallery/<?php echo $poster;?>" data-src="" alt="" class="lazyload img-responsive post-image">
</td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td> </td>
</tr>
</tbody>
</table>