+++ /dev/null
-<?php
-/* Copyright (c) 2009 Arnaud Renevier, Inc, published under the modified BSD
- license. */
-
-require ("./inc/settings.php");
-require ("./inc/errors.php");
-require ("./inc/db/mysql.php");
-require ("./inc/utils.php");
-
-function unique_file ($dirname, $relpath, $con) {
- $relpath = str_replace ('/', '', $relpath); // strip slashes from path
- $relpath = str_replace ('\\', '', $relpath); // strip antislashes from path
- $filename = $dirname . '/' . $relpath;
- $counter = 1;
-
- $dotpos = strrpos ($relpath, '.');
- if ($dotpos) {
- $base = substr ($relpath, 0, $dotpos);
- $ext = substr ($relpath, $dotpos + 1);
- } else {
- $base = $relpath;
- $ext = "";
- }
-
- while ($counter < 1000) {
- if (!file_exists ($filename) && !$con->imgurl_exists ($filename)) {
- return $filename;
- } else {
- $counter++;
- $filename = $dirname . '/' . $base . '_' . $counter . '.' . $ext;
- }
- }
- // we tried to find an unused filename 1000 times. Give up now.
- return null;
-}
-
-function checkimgupload ($file) {
- if (!is_uploaded_file ($file ["tmp_name"])) {
- if ($file ["error"] == UPLOAD_ERR_INI_SIZE) {
- file_too_big_error ();
- } else {
- request_error ();
- }
- }
- if (!getimagesize ($file ["tmp_name"])) {
- notanimage_error ();
- }
-}
-
-function main ($con) {
- if (isset ($_FILES ["newimage_input"])) {
- $file = $_FILES ["newimage_input"];
- checkimgupload ($file);
-
- $dest = unique_file (UPLOADDIR, $file ["name"], $con);
- if (!isset ($dest) ||
- (!move_uploaded_file ($file ["tmp_name"], $dest))) {
- server_error ();
- }
-
- exit (sprintf ("<p class=\"res\">request accepted</p>
- <p class=\"infos\"><span class=\"imgurl\">%s</p></span></p>",
- rawurlencode ($dest)));
- } else if (isset ($_POST ["feature_imgurl"])) {
- $imgurl = rawurldecode (unquote ($_POST ["feature_imgurl"]));
- $title = unquote ($_POST ["feature_title"]);
- $description = unquote ($_POST ["feature_description"]);
- $lon = $_POST ["feature_lon"];
- $lat = $_POST ["feature_lat"];
-
- try {
- $feature = new feature ($imgurl, $title, $description, $lon, $lat);
- } catch (Exception $e) {
- switch ($e->getMessage ()) {
- case $feature->err_lonlat_invalid:
- request_error ();
- default:
- server_error ();
- }
- }
-
- try {
- if (!$con->save_feature ($feature)) {
- feature_unavailable ();
- }
- } catch (Exception $e) {
- server_error ();
- }
-
- request_success ();
- } else if (isset ($_POST ["feature_delete"])) {
- $imgurl = rawurldecode (unquote ($_POST ["feature_delete"]));
- $feature = $con->getfeature ($imgurl);
- if (!isset ($feature)) {
- feature_unavailable ();
- }
-
- try {
- $con->delete_feature ($feature);
- } catch (Exception $e) {
- server_error ();
- }
-
- request_success ();
- } else if (isset ($_POST ["imgurl_delete_0"])) {
- $idx = 0;
- while (isset ($_POST ["imgurl_delete_" . $idx])) {
- $imgurl = rawurldecode (unquote ($_POST ["imgurl_delete_" . $idx]));
- if (!$con->imgurl_exists ($imgurl)) {
- if (file_exists ($imgurl)) {
- unlink ($imgurl);
- } else {
- $fname = relative_path ($imgurl);
- if (file_exists ($fname)) {
- unlink ($fname);
- }
- }
- }
- $idx++;
- }
- } else {
- request_error ();
- }
-}
-
-try {
- $connection->connect (DBHOST, DBUSER, DBPWD, DBNAME, DBPREFIX);
-} catch (Exception $e) {
- server_error ();
-}
-$cookie_name = sprintf ("%sauth", DBPREFIX);
-if (!isset ($_COOKIE [$cookie_name]) ||
- !$connection->checkpwdmd5 ("admin", $_COOKIE [$cookie_name])) {
- access_denied ();
-}
-
-main ($connection)
-?>