File: /var/www/html/tmpr/..//tmpr/..//tmpr/../tmpr/../v/home.php
<?php
require("./NewsSql.inc.php");
$db = new NewsSQL($dbname);
function filter($arr) {
global $link;
return array_map(array($link, 'real_escape_string'), $arr);
}
page_protect();
echo $videouser = $_SESSION['euserid'];
//no error reporting
//@error_reporting(0);
$VideoPath = "uploads/live/";
$live_img = 'uploads/images/';
$videouser = $_SESSION['euserid'];
if($_GET["recsno"]) {
$recsno=$_GET["recsno"];
$data=trim($recsno);
$videouser = $_SESSION['euserid'];
$ex=explode(" ",$data);
$size=sizeof($ex);
for($i=0;$i<$size;$i++) {
$id=trim($ex[$i]);
$db->delnews($id,$VideoPath);
}
header("Location: ./home.php?msg=Successfully+deleted");
}
if($_GET["recsnorep"]) {
$recsnorep=$_GET["recsnorep"];
$data=trim($recsnorep);
$videouser = $_SESSION['euserid'];
$ex=explode(" ",$data);
$size=sizeof($ex);
for($i=0;$i<$size;$i++) {
$id=trim($ex[$i]);
$db->delnewsrep($id,$VideoPath);
}
header("Location: ./home.php?msg=Successfully+deleted");
}
if($_GET["recsnorep2"]) {
$recsnorep2=$_GET["recsnorep2"];
$data=trim($recsnorep2);
$videouser = $_SESSION['euserid'];
$ex=explode(" ",$data);
$size=sizeof($ex);
for($i=0;$i<$size;$i++) {
$id=trim($ex[$i]);
$db->delnewsrep($id,$VideoPath);
}
header("Location: ./myreports.php?msg=Successfully+deleted");
}
if($_GET["feature"]) {
$feature=$_GET["feature"];
$data=trim($feature);
$videouser = $_SESSION['euserid'];
$ex=explode(" ",$data);
$size=sizeof($ex);
for($i=0;$i<$size;$i++) {
$id=trim($ex[$i]);
$db->addfeature($id,$VideoPath);
}
header("Location: ./home.php?msg=Successfully+featured");
}
function sizeinput($input, $len){
(int)$len;
(string)$input;
$n = substr($input, 0,$len);
$ret = trim($n);
$out = htmlentities($ret, ENT_QUOTES);
return $out;
}
function checkfile($input){
$ext = array('mpg', 'wma', 'mov', 'flv', 'mp4', 'm4v', 'avi', 'qt', 'wmv', 'rm', '3gp', 'mpeg', 'divx', 'moov', 'asf', 'swf', 'vob');
$extfile = substr($input['name'],-4);
$extfile = explode('.',$extfile);
$good = array();
$extfile = $extfile[1];
if(in_array($extfile, $ext)){
$good['safe'] = true;
$good['ext'] = $extfile;
}else{
$good['safe'] = false;
}
return $good;
}
//no error reporting
//@error_reporting(0);
if (empty($page)){
$page = 0;
}
$record = 10;
// generate paging here
if ($Delnews2==$admin_yes) {
$newsid = $db->base64url_decode($newsid);
$db->delnews2($newsid,$VideoPath);
}
if ($Delnews==$admin_yes) {
$newsid = $db->base64url_decode($newsid);
$db->delnews($newsid,$VideoPath);
}
if (!empty($editthumb)) {
$tempuserfile = $_FILES['userfile']['tmp_name'];
$tempuserfile_name = $_FILES['userfile']['name'];
if ((!empty($tempuserfile)) && (!empty($tempuserfile_name))) {
$userfile = $tempuserfile;
$userfile_name = $tempuserfile_name;
}
if ((!empty($userfile)) && (!empty($userfile_name))) {
$videouser = $_SESSION['euserid'];
$userfile_name = preg_replace('/[\ ]/', '-', $userfile_name);
$userfile_name = $videouser.rand(455,78787).$userfile_name;
$dest1 = $live_img.$userfile_name;
copy($userfile, $dest1);
/* $starting_image = imagecreatefromjpeg("$live_img$userfile_name");
$width = imagesx($starting_image);
$height = imagesy($starting_image);
$thumb_width = 130;
$thumb_height = 80;
$thumb_image = imagecreatetruecolor($thumb_width, $thumb_height);
imagecopyresampled($thumb_image, $starting_image, 0, 0, 0, 0, $thumb_width, $thumb_height, $width, $height);
imagejpeg($thumb_image, "$live_img$userfile_name");*/
$db->addThumb($newsid,$userfile_name,$live_img);
}}
if (!empty($addnews)) {
$_POST = filter($_POST);
$title = mysqli_real_escape_string($link,$title);
$content = mysqli_real_escape_string($link,$content);
$description = mysqli_real_escape_string($link,$description);
$keywords = mysqli_real_escape_string($link,$keywords);
$newsid = $db->updateContent($title,$content,$keywords,$isdisplay,$description,$vcat,$slug,$episodeid);
}
if(!empty($myeditnews)) {
$_POST = filter($_POST);
$mytitle = mysqli_real_escape_string($link,$mytitle);
$content = mysqli_real_escape_string($link,$content);
$description = mysqli_real_escape_string($link,$description);
$keywords = mysqli_real_escape_string($link,$keywords);
$vcat = mysqli_real_escape_string($link,$vcat);
$episodeid = mysqli_real_escape_string($link,$episodeid);
$isdisplay = mysqli_real_escape_string($link,$isdisplay);
$catalogid = mysqli_real_escape_string($link,$catalogid);
$db->editnews($catalogid,$mytitle,$content,$keywords,$isdisplay,$newsid,$episodeid,$vcat);
$db->editslugr($newsid,$slug,$mytitle,$str);
}
if(!empty($editreporta)) {
$_POST = filter($_POST);
$mytitle = mysqli_real_escape_string($link,$mytitle);
$content = mysqli_real_escape_string($link,$content);
$description = mysqli_real_escape_string($link,$description);
$keywords = mysqli_real_escape_string($link,$keywords);
$db->editreporta($catalogid,$mytitle,$content,$keywords,$isdisplay,$description,$vcat,$summary,$thumb,$newsid,$slug,$episodeid);
$db->editslugr($newsid,$slug,$mytitle,$str);
}
$result2 = $db->submittedreports($page,$record,$catid);
?>
<html>
<head>
<title><?php print "$admin_newsadmin"; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
<style type="text/css">
<!--
.style9 {font-size: 12px; }
.style12 {font-size: 12px; font-weight: bold; }
body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
-->
</style>
<script type="text/javascript" src="../js/ezikiLoadRemote.js"></script>
<script type="text/javascript" src="../js/ajax.js"></script>
<script type="text/javascript" src="../js/jquery.min.js"></script>
<script type="text/javascript" src="../js/jquery-ui.min.js"></script>
<script language="JavaScript" type="text/javascript" src="eziki_framework.js"></script>
</head>
<body>
<br>
<?php
include 'header.php';?>
<table width="1000" border="0" align="center">
<tr>
<td align="left" width="200" valign="top" >
<?php
include 'navigation.php';?>
</td><td align="left" valign="top"><div class="graycellv3" style="width:800px;">
<?php
require("./reports.php");?>
</div> </td>
</tr>
</table>
<center>
<br>
</center>
<br>
<br>
</body>
</html>