Viewing file:  addImage.inc.php3 (2.23 KB) -rwxr-xr-x
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?
require("$mysqlCall");
if(checkSuperSession($superSession, $REMOTE_ADDR))
{
include("include/rootGui.inc.php3");
$userId = getUserSUId($superSession);
$userInfo = getUserInfo($userId);
if(($userInfo[SuperUser]==1) && ($userInfo[manageImages]==1) && ($userInfo[active]==1))
{
if($addImage)
{
$data = addslashes(fread(fopen($form_data, "r"), filesize($form_data)));
$result=MYSQL_QUERY(
"INSERT INTO $images (description,bin_data,filename,filesize,filetype) ".
"VALUES ('$form_description','$data','$form_data_name','$form_data_size','$form_data_type')");
$id= mysql_insert_id();
print "<p>This file has the following Database ID: <b>$id</b>";
}
else
{
print("<form enctype=\"multipart/form-data\" action=\"index.php3?mode=addImage&superSession=$superSession&addImage=1\" method=POST>");
print("<table border=0 cellpadding=3 cellspacing=0 >");
print("<tr><td bgcolor=$border_colour align=center>");
print("<table width=100% border=0 cellpadding=5 cellspacing=0 >");
print("<tr>\n");
print("<td bgcolor=$table_colour>Description</td>");
print("<td bgcolor=$bgcolour><input type=text name='form_description' size=\"25\" ></td>");
print("</tr>\n");
print("<tr>\n");
print("<td bgcolor=$table_colour>File</td>");
print("<td bgcolor=$bgcolour><input type=\"file\" name=\"form_data\" size=\"25\"></td>");
print("</tr>\n");
print("<tr>\n");
print("<td colspan=2 align=right bgcolor=$table_colour2><input type=submit></td>");
print("</tr>\n");
print("</table>");
print("<tr><td>");
print("</table>");
print("<br><br>");
print("<INPUT TYPE=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"1000000\"></form>");
}
}
else
{
print("You do no thave access to this function");
}
include("include/guiBase.inc.php3");
}
else
{
/* session is bad */
print("Bad Session ID ($superSession)!<BR>\n");
$superSession = "";
}
?>
|