Can Any One Fix It Please
hey m8s...
I am using this script in ma Wapdesire gallery I know its too old but I am beginner!
But problem isn't here..
here is the big problem or maybe my mystake...
After selecting any file if user clicks on upload tab...
It shows an error like....
Warning: include(class.upload.php) [function.include]: failed to open stream: No such file or directory in /home/htdocs/pics/upload.php on line 11
Warning: include() [function.include]: Failed opening 'class.upload.php' for inclusion (include_path='.') in /home/htdocs/pics/upload.php on line 11
Warning: include(core.php) [function.include]: failed to open stream: No such file or directory in /home/htdocs/pics/upload.php on line 12
Warning: include() [function.include]: Failed opening 'core.php' for inclusion (include_path='.') in /home/htdocs/pics/upload.php on line 12
Warning: include(config.php) [function.include]: failed to open stream: No such file or directory in /home/htdocs/pics/upload.php on line 13
Warning: include() [function.include]: Failed opening 'config.php' for inclusion (include_path='.') in /home/htdocs/pics/upload.php on line 13
Fatal error: Call to undefined function connectdb() in /home/htdocs/pics/upload.php on line 26
Added after 9 minutes:
Please m8s fix it or attach any secure gallery script, I want to save ma site from session hackers....
I am using this script in ma Wapdesire gallery I know its too old but I am beginner!
PHP Code:
<?php
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
//header('Content-type: application/vnd.wap.xhtml+xml');
echo "<?xml version=\"1.0\"?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<?php
include("../web/config.php");
include("../web/core.php");
connectdb();
$action = ($_GET["action"]);
$sid = ($_GET["sid"]);
$page = ($_GET["page"]);
$who = ($_GET["who"]);
$pmid = ($_GET["pmid"]);
$uid = getuid_sid($sid);
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
$lastloc=$_GET["lstloc"];
if($lastloc=="cht"){
$rid= mysql_real_escape_string($_GET["rid"]);
$rooms = mysql_fetch_array(mysql_query("SELECT id, name FROM ibwf_rooms WHERE id='".$rid."'"));
$rname = $rooms[1];
}
if(islogged($sid)==false)
{
echo "<head>";
echo "<title>Error!!!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/white_medium.css\">";
echo "</head>";
echo "<body>";
echo "<p align=\"center\">";
echo "You are not logged in<br/>";
echo "Or Your session has been expired<br/><br/>";
echo "<a href=\"index.php\">Login</a>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}
$uid = getuid_sid($sid);
if(isbanned($uid))
{
echo "<head>";
echo "<title>Error!!!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<p align=\"center\">";
echo "<img src=\"../images/notok.gif\" alt=\"x\"/><br/>";
echo "<b>You are Banned</b><br/><br/>";
$banto = mysql_fetch_array(mysql_query("SELECT timeto, pnreas, exid FROM ibwf_penalties WHERE uid='".$uid."' AND penalty='1' OR uid='".$uid."' AND penalty='2'"));
$banres = mysql_fetch_array(mysql_query("SELECT lastpnreas FROM ibwf_users WHERE id='".$uid."'"));
$remain = $banto[0]- time();
$rmsg = gettimemsg($remain);
echo "<b>Time Left: </b>$rmsg<br/>";
$nick = getnick_uid($banto[2]);
echo "<b>By: </b>$nick<br/>";
echo "<b>Reason: </b>$banto[1]";
//echo "<a href=\"index.php\">Login</a>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}
///////////////////////////////////Extra menu
if ($action == "main") {
addonline(getuid_sid($sid), "User Gallery", "");
echo "<head>";
echo "<title>User Gallery</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<div align=\"center\">";
echo "Photo Gallery<br/>";
$random = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery ORDER BY RAND() LIMIT 1"));
$rando = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery ORDER BY RAND() LIMIT 1"));
$rand = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery ORDER BY RAND() LIMIT 1"));
$ran = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery ORDER BY RAND() LIMIT 1"));
$ra = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery ORDER BY RAND() LIMIT 1"));
echo "<img src=\"thumb.php?image=../pics/$random[1]&w=37&h=37&type=jpg\" alt=\"$random[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$rando[1]&w=37&h=37&type=jpg\" alt=\"$rando[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$rand[1]&w=37&h=37&type=jpg\" alt=\"$rand[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$ran[1]&w=37&h=37&type=jpg\" alt=\"$ran[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$ra[1]&w=37&h=37&type=jpg\" alt=\"$ra[0]\"/>";
echo "</div>";
echo "<div>";
$males = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex='M'"));
echo "<img src=\"../images/male.gif\" alt=\"\"/> <a href=\"index.php?action=male&sid=$sid\">Male Gallery</a> ($males[0])<br/>";
$females = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex='F'"));
echo "<img src=\"../images/female.gif\" alt=\"\"/> <a href=\"index.php?action=female&sid=$sid\">Female Gallery</a> ($females[0])<br/>";
$un = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex=''"));
echo "<img src=\"../images/female.gif\" alt=\"\"/> <a href=\"index.php?action=unknow&sid=$sid\">Unknow Gender</a> ($un[0])<br/>";
echo "</div>";
echo "<div align=center>";
$me = getuid_sid($sid);
echo "<img src=\"../images/images1.gif\" alt=\"*\"/> <a href=\"gallery2.php?action=main&who=$me&sid=$sid\">My Album</a><br/>";
echo "<img src=\"../images/addfoto.gif\" alt=\"*\"/> <a href=\"index.php?action=upload&sid=$sid\">Upload Photo</a>";
echo "</div><div align=\"center\">";
echo "<a href=\"index.php?action=main&sid=$sid\">©$sitename</a>";
echo "</div>";
echo "</body>";
}
else if($action == "male") {
addonline(getuid_sid($sid), "Viewing Male Gallery", "");
$uid = getuid_sid($sid);
echo "<head>";
echo "<title>Male Gallery</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<div align=\"center\">";
echo "<b><i>Male Gallery</i></b><br/>";
$random = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='M' ORDER BY RAND() LIMIT 1"));
$rando = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='M' ORDER BY RAND() LIMIT 1"));
$rand = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='M' ORDER BY RAND() LIMIT 1"));
$ran = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='M' ORDER BY RAND() LIMIT 1"));
$ra = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='M' ORDER BY RAND() LIMIT 1"));
echo "<img src=\"thumb.php?image=../pics/$random[1]&w=37&h=37&type=jpg\" alt=\"$random[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$rando[1]&w=37&h=37&type=jpg\" alt=\"$rando[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$rand[1]&w=37&h=37&type=jpg\" alt=\"$rand[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$ran[1]&w=37&h=37&type=jpg\" alt=\"$ran[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$ra[1]&w=37&h=37&type=jpg\" alt=\"$ra[0]\"/>";
echo "</div>";
//////ALL gallery SCRIPT <<
if ($page == "" || $page <= 0)$page = 1;
if ($who != "") {
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex='M'"));
} else {
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex='M'"));
}
$num_items = $noi[0]; //changable
$items_per_page = 5;
$num_pages = ceil($num_items/$items_per_page);
if (($page > $num_pages) && $page != 1)$page = $num_pages;
$limit_start = ($page-1) * $items_per_page;
$sql = "SELECT DISTINCT uid FROM ibwf_gallery WHERE sex='M' ORDER BY uid ASC LIMIT $limit_start, $items_per_page";
echo "<div>";
$items = mysql_query($sql);
echo mysql_error();
if (mysql_num_rows($items) > 0) {
while ($item = mysql_fetch_array($items)) {
$who = $item[0];
$user = getnick_uid($who);
$countpics = mysql_fetch_array(mysql_query("SELECT COUNT(id) FROM ibwf_gallery WHERE uid='".$who."'"));
$lnk = "» <a href=\"gallery2.php?action=main&who=$who&sid=$sid\">$user</a>($countpics[0])<br/>";
echo "$lnk";
}
echo "<p align=center>";
}
if ($page > 1) {
$ppage = $page-1;
echo "<a href=\"index.php?action=$action&page=$ppage&sid=$sid\">«PREV</a> ";
}
if ($page < $num_pages) {
$npage = $page+1;
echo "<a href=\"index.php?action=$action&page=$npage&sid=$sid\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if ($num_pages > 2) {
$rets = "<form action=\"index.php\" method=\"get\">";
$rets .= "Jump to page<input name=\"page\" format=\"*N\" size=\"3\"/>";
$rets .= "<input type=\"submit\" value=\"GO\"/>";
$rets .= "<input type=\"hidden\" name=\"action\" value=\"$action\"/>";
$rets .= "<input type=\"hidden\" name=\"sid\" value=\"$sid\"/>";
$rets .= "</form>";
echo $rets;
}
echo "</p>";
echo "</div>";
echo "<div align=center>";
echo "<a href=\"index.php?action=main&sid=$sid\">User Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">© $sitename</a>";
echo "</div>";
echo "</body>";
}
else if($action == "female") {
addonline(getuid_sid($sid), "Viewing Female Gallery", "");
$uid = getuid_sid($sid);
echo "<head>";
echo "<title>Female GalleRy</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<div align=\"center\">";
echo "<b><i>FeMale Gallery</i></b><br/>";
$random = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='F' ORDER BY RAND() LIMIT 1"));
$rando = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='F' ORDER BY RAND() LIMIT 1"));
$rand = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='F' ORDER BY RAND() LIMIT 1"));
$ran = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='F' ORDER BY RAND() LIMIT 1"));
$ra = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='F' ORDER BY RAND() LIMIT 1"));
echo "<img src=\"thumb.php?image=../pics/$random[1]&w=37&h=37&type=jpg\" alt=\"$random[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$rando[1]&w=37&h=37&type=jpg\" alt=\"$rando[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$rand[1]&w=37&h=37&type=jpg\" alt=\"$rand[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$ran[1]&w=37&h=37&type=jpg\" alt=\"$ran[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$ra[1]&w=37&h=37&type=jpg\" alt=\"$ra[0]\"/>";
echo "</div>";
echo "<div>";
//////ALL gallery SCRIPT <<
if ($page == "" || $page <= 0)$page = 1;
if ($who != "") {
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex='F'"));
} else {
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex='F'"));
}
$num_items = $noi[0]; //changable
$items_per_page = 5;
$num_pages = ceil($num_items/$items_per_page);
if (($page > $num_pages) && $page != 1)$page = $num_pages;
$limit_start = ($page-1) * $items_per_page;
$sql = "SELECT DISTINCT uid FROM ibwf_gallery WHERE sex='F' ORDER BY uid ASC LIMIT $limit_start, $items_per_page";
$items = mysql_query($sql);
echo mysql_error();
if (mysql_num_rows($items) > 0) {
while ($item = mysql_fetch_array($items)) {
$who = $item[0];
$user = getnick_uid($who);
$countpics = mysql_fetch_array(mysql_query("SELECT COUNT(id) FROM ibwf_gallery WHERE uid='".$who."'"));
$lnk = "» <a href=\"gallery2.php?action=main&who=$who&sid=$sid\">$user($countpics[0])</a><br/>";
echo "$lnk";
}
} else {
echo "female gallery is empty";
}
echo "<p align=center>";
if ($page > 1) {
$ppage = $page-1;
echo "<a href=\"index.php?action=$action&page=$ppage&sid=$sid\">«PREV</a> ";
}
if ($page < $num_pages) {
$npage = $page+1;
echo "<a href=\"index.php?action=$action&page=$npage&sid=$sid\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if ($num_pages > 2) {
$rets = "<form action=\"index.php\" method=\"get\">";
$rets .= "Jump to page<input name=\"page\" format=\"*N\" size=\"3\"/>";
$rets .= "<input type=\"submit\" value=\"GO\"/>";
$rets .= "<input type=\"hidden\" name=\"action\" value=\"$action\"/>";
$rets .= "<input type=\"hidden\" name=\"sid\" value=\"$sid\"/>";
$rets .= "</form>";
echo $rets;
}
echo "</p>";
echo "</div>";
echo "<div align=center>";
echo "<a href=\"index.php?action=main&sid=$sid\">User Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">© $sitename</a>";
echo "</div>";
echo "</body>";
}
else if($action == "unknow") {
addonline(getuid_sid($sid), "Viewing Uknow Gallery", "");
$uid = getuid_sid($sid);
echo "<head>";
echo "<title>User Gallery</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<div align=\"center\">";
echo "<b><i>Unknow Gender Gallery</i></b></div>";
$random = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='' ORDER BY RAND() LIMIT 1"));
$rando = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='' ORDER BY RAND() LIMIT 1"));
$rand = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='' ORDER BY RAND() LIMIT 1"));
$ran = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='' ORDER BY RAND() LIMIT 1"));
$ra = mysql_fetch_array(mysql_query("SELECT id, filename FROM ibwf_gallery WHERE sex='' ORDER BY RAND() LIMIT 1"));
echo "<p align=\"center\">";
echo "<img src=\"thumb.php?image=../pics/$random[1]&w=37&h=37&type=jpg\" alt=\"$random[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$rando[1]&w=37&h=37&type=jpg\" alt=\"$rando[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$rand[1]&w=37&h=37&type=jpg\" alt=\"$rand[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$ran[1]&w=37&h=37&type=jpg\" alt=\"$ran[0]\"/>";
echo " <img src=\"thumb.php?image=../pics/$ra[1]&w=37&h=37&type=jpg\" alt=\"$ra[0]\"/>";
echo "</p>";
//////ALL gallery SCRIPT <<
if ($page == "" || $page <= 0)$page = 1;
if ($who != "") {
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex=''"));
} else {
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(DISTINCT uid) FROM ibwf_gallery WHERE sex=''"));
}
$num_items = $noi[0]; //changable
$items_per_page = 5;
$num_pages = ceil($num_items/$items_per_page);
if (($page > $num_pages) && $page != 1)$page = $num_pages;
$limit_start = ($page-1) * $items_per_page;
$sql = "SELECT DISTINCT uid FROM ibwf_gallery WHERE sex='' ORDER BY uid ASC LIMIT $limit_start, $items_per_page";
$items = mysql_query($sql);
echo mysql_error();
if (mysql_num_rows($items) > 0) {
while ($item = mysql_fetch_array($items)) {
$who = $item[0];
$user = getnick_uid($who);
$countpics = mysql_fetch_array(mysql_query("SELECT COUNT(id) FROM ibwf_gallery WHERE uid='".$who."'"));
$lnk = "» <a href=\"gallery2.php?action=main&who=$who&sid=$sid\">$user($countpics[0])</a><br/>";
echo "$lnk";
}
} else {
echo "Female Gallery is empty";
}
echo "</p>";
echo "<p align=\"center\">";
if ($page > 1) {
$ppage = $page-1;
echo "<a href=\"index.php?action=$action&page=$ppage&sid=$sid\">«PREV</a> ";
}
if ($page < $num_pages) {
$npage = $page+1;
echo "<a href=\"index.php?action=$action&page=$npage&sid=$sid\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if ($num_pages > 2) {
$rets = "<form action=\"index.php\" method=\"get\">";
$rets .= "Jump to page<input name=\"page\" format=\"*N\" size=\"3\"/>";
$rets .= "<input type=\"submit\" value=\"GO\"/>";
$rets .= "<input type=\"hidden\" name=\"action\" value=\"$action\"/>";
$rets .= "<input type=\"hidden\" name=\"sid\" value=\"$sid\"/>";
$rets .= "</form>";
echo $rets;
}
echo "<a href=\"index.php?action=main&sid=$sid\">User Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">© $sitename</a>";
echo "</p>";
echo "</body>";
}
else if($action == "comments") {
$who = cleanQuery($_GET["who"]);
$gid = cleanQuery($_GET["gid"]);
addonline(getuid_sid($sid), "Viewing Photo Comments", "");
$uid = getuid_sid($sid);
//////ALL LISTS SCRIPT <<
if ($page == "" || $page <= 0)$page = 1;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_galcomments WHERE pid='".$gid."'"));
$num_items = $noi[0]; //changable
$items_per_page = 5;
$num_pages = ceil($num_items/$items_per_page);
if (($page > $num_pages) && $page != 1)$page = $num_pages;
$limit_start = ($page-1) * $items_per_page;
$sql = "SELECT id, pid, text, byuser, time FROM ibwf_galcomments WHERE pid='".$gid."' ORDER BY id DESC LIMIT $limit_start, $items_per_page";
echo "<head>";
echo "<title>User Gallery</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<p>";
$items = mysql_query($sql);
echo mysql_error();
if (mysql_num_rows($items) > 0) {
while ($item = mysql_fetch_array($items)) {
if (isonline($item[3])) {
$iml = "<img src=\"../images/onl.gif\" alt=\"+\"/>";
} else {
$iml = "<img src=\"../images/ofl.gif\" alt=\"-\"/>";
}
$snick = getnick_uid($item[3]);
$lnk = "<a href=\"index.php?action=viewuser&who=$item[3]&sid=$sid\">$iml$snick</a>:";
$bs = date("d m y-H:i:s", $item[4]);
echo "$lnk<br/><small>";
$me = getuid_sid($sid);
if ($who == "$me") {
$can = "a";
} else {
$can = "b";
}
if (ismod($uid) || $can == "a") {
$delnk = "<a href=\"modproc.php?action=delcmt&sid=$sid&id=$item[0]\">[x]</a>";
} else {
$delnk = "";
}
$text = parsepm($item[2], $sid);
echo "$text $delnk<br/>";
echo "$bs";
echo "<br/>";
echo "</small>";
}
}
echo "</p>";
echo "<p align=\"center\">";
if ($page > 1) {
$ppage = $page-1;
echo "<a href=\"index.php?action=$action&page=$ppage&sid=$sid&who=$who&gid=$gid\">«PREV</a> ";
}
if ($page < $num_pages) {
$npage = $page+1;
echo "<a href=\"index.php?action=$action&page=$npage&sid=$sid&who=$who&gid=$gid\">Next»</a>";
}
echo "<br/>$page/$num_pages<br/>";
if ($num_pages > 2) {
$rets = "<form action=\"index.php\" method=\"get\">";
$rets .= "Jump to page<input name=\"page\" format=\"*N\" size=\"3\"/>";
$rets .= "<input type=\"submit\" value=\"GO\"/>";
$rets .= "<input type=\"hidden\" name=\"action\" value=\"$action\"/>";
$rets .= "<input type=\"hidden\" name=\"who\" value=\"$who\"/>";
$rets .= "<input type=\"hidden\" name=\"sid\" value=\"$sid\"/>";
$rets .= "<input type=\"hidden\" name=\"gid\" value=\"$gid\"/>";
$rets .= "</form>";
echo $rets;
}
echo "</p>";
////// UNTILL HERE >>
echo "<p align=\"center\">";
$me = getuid_sid($sid);
if ($me != "$who") {
echo "<a href=\"index.php?action=addcomment&sid=$sid&who=$who&gid=$gid\">Add Comment</a><br/>";
}
echo "<a href=\"index.php?action=main&sid=$sid\">User Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">© $sitename</a>";
echo "</p>";
echo "</body>";
}
//////////////////////////////////////////Update photo
else if($action=="uphoto")
{
addonline(getuid_sid($sid),"Updating Photo","");
$dir = cleanQuery($_POST["dir"]);
$usig = cleanQuery($_POST["usig"]);
$gid = cleanQuery($_GET["gid"]);
echo "<head>";
echo "<title>$sitename</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<p align=\"center\">";
//$uid = getuid_sid($sid);
$res = mysql_query("UPDATE ibwf_gallery SET dir='".$dir."', inpo='".$usig."' WHERE id='".$gid."'");
if($res)
{
echo "<img src=\"../images/ok.gif\" alt=\"o\"/>Your Photo was updated successfully<br/>";
}else{
echo "<img src=\"../images/notok.gif\" alt=\"x\"/>Error updating your Photo<br/>";
}
echo "<a href=\"index.php?action=main&sid=$sid\">User Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">© $sitename</a>";
echo "</p></body>";
}
else if($action=="upload")
{
addonline(getuid_sid($sid),"Upload Foto","");
echo "<head>";
echo "<title>Uploading</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<p align=\"center\">";
echo "<b>Upload Photo</b><br/><br/>";
echo "<form align=\"left\" action=\"upload.php?action=upload&sid=$sid\" method=\"post\" ENCTYPE=\"multipart/form-data\">";
echo "<input type=\"file\" size=\"15\" name=\"my_field\" value=\"\" />";
echo "<input type=\"hidden\" name=\"action\" value=\"image\" /><br/>";
echo "<input type=\"submit\" name=\"Submit\" value=\"upload\" />";
echo "</form>";
echo "</p>";
////// UNTILL HERE >>
echo "<p align=\"center\">";
echo "<a href=\"index.php?action=main&sid=$sid\">User Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">© $sitename</a>";
echo "</p>";
echo "</body>";
}
else if($action == "addcomment") {
$who = cleanQuery($_GET["who"]);
$gid = cleanQuery($_GET["gid"]);
addonline(getuid_sid($sid), "Adding Photo Comments", "");
$uid = getuid_sid($sid);
$sql = "SELECT filename FROM ibwf_gallery WHERE id='".$gid."'";
echo "<head>";
echo "<title>User Gallery</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
echo "<p align=\"center\">";
$items = mysql_query($sql);
echo mysql_error();
if (mysql_num_rows($items) > 0) {
while ($item = mysql_fetch_array($items)) {
$img = $item[0];
$lnk = "<img src=\"thumb.php?image=../pics/$img&w=80&h=95&type=jpg\" alt=\"$id\"/><br/>";
echo "$lnk";
echo "<form action=\"genproc.php?action=commentadd&sid=$sid&gid=$gid\" method=\"post\">";
$vb = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_prate WHERE uid='".$uid."' AND pid='".$gid."'"));
if ($vb[0] == 0) {
echo "Rate Photo: <select name=\"prate\">";
echo "<option value=\"1\">1</option>";
echo "<option value=\"2\">2</option>";
echo "<option value=\"3\">3</option>";
echo "<option value=\"4\">4</option>";
echo "<option value=\"5\">5</option>";
echo "<option value=\"6\">6</option>";
echo "<option value=\"7\">7</option>";
echo "<option value=\"8\">8</option>";
echo "<option value=\"9\">9</option>";
echo "<option value=\"10\">10</option>";
echo "</select><br/>";
} else {
$rinfo = mysql_fetch_array(mysql_query("SELECT COUNT(*) as nofr, SUM(prate) as nofp FROM ibwf_prate WHERE pid='".$gid."'"));
$counts = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_prate WHERE pid='".$gid."'"));
if ($counts[0] > 0) {
$ther = $rinfo[1]/$rinfo[0];
$rating = "Rating: $ther/$rinfo[1] (votes($counts[0]))<br/>";
} else {
$rating = "";
}
echo "$rating";
}
echo "Comment:<br/>";
echo "<input type=\"text\" maxlength=\"150\" name=\"text\"/><br/>";
echo "<input type=\"submit\" value=\"Add\"/>";
echo "</form>";
}
}
echo "<a href=\"index.php?action=main&sid=$sid\">User Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">© $sitename</a>";
echo "</p>";
echo "</body>";
} else {
addonline(getuid_sid($sid), "Lost in user Gallery lol", "");
echo "<p align=\"center\">";
echo "I don't know how did you get into here, but there's nothing to show<br/><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">User Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\"><img src=\"../images/home.gif\" alt=\"*\"/>";
echo "Home</a>";
echo "</p>";
}
echo "</body>";
echo "</html>";
?>
here is the big problem or maybe my mystake...
PHP Code:
<?php
header("Content-type: text/html; charset=ISO-8859-1");
echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">";
?>
<?php
include("class.upload.php");
include("core.php");
include("config.php");
echo "<head>";
echo "<title>$stitle</title>";
echo "<link rel=\"StyleSheet\" type=\"text/css\" href=\"style/style.css\" />";
echo "
<meta http-equiv=\"Cache-Control\" content=\"must-revalidate\" />
<meta http-equiv=\"Cache-Control\" content=\"no-cache\"/>
<meta name=\"description\" content=\"ibwf mobile :)\">
<meta name=\"keywords\" content=\"free, community, forums, chat, wap, communicate\">
";
echo "</head>";
echo "<body>";
connectdb();
$action = ($_GET["action"]);
$sid = ($_GET["sid"]);
$page = ($_GET["page"]);
$who = ($_GET["who"]);
$uid = getuid_sid($sid);
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE id='".$uid."'"));
if (islogged($sid) == false) {
echo "<p align=\"center\">";
echo "You are not logged in<br/>";
echo "Or Your session has been expired<br/><br/>";
echo "<a href=\"index.php\">Login</a>";
echo "</p>";
exit();
}
$uid = getuid_sid($sid);
if (isbanned($uid)) {
echo "<p align=\"center\">";
echo "<img src=\"../images/notok.gif\" alt=\"x\"/><br/>";
echo "You are <b>Banned</b><br/>";
$banto = mysql_fetch_array(mysql_query("SELECT timeto FROM ibwf_penalties WHERE uid='".$uid."' AND penalty='1'"));
$remain = $banto[0]- time();
$rmsg = gettimemsg($remain);
echo "Time to finish your penalty: $rmsg<br/><br/>";
//echo "<a href=\"index.php\">Login</a>";
echo "</p>";
exit();
}
//////////////////////////////////Members List
error_reporting(E_ALL);
$userinfo = mysql_fetch_array(mysql_query("SELECT name, sex FROM ibwf_users WHERE id='".$uid."'"));
$membername = $userinfo[0];
if ($_POST['action'] == 'image') {
echo "<p align=\"center\">";
$handle = new Upload($_FILES['my_field']);
if ($handle->uploaded) {
$handle->image_resize = true;
$handle->image_ratio_y = true;
$handle->image_x = 240;
$handle->Process('../pics/');
if ($handle->processed) {
echo ' file uploaded with success<br/>';
echo ' <img src="../pics/' . $handle->file_dst_name . '" /><br/>';
$info = getimagesize($handle->file_dst_pathname);
echo ' link to the file just uploaded: <a href="../pics/' . $handle->file_dst_name . '">' . $handle->file_dst_name . '</a><br/>';
$imageurl = "../pics/$handle->file_dst_name";
$avatarurl = "/pics/$handle->file_dst_name";
$date=(date("D, j F Y"));
$reg = mysql_query("INSERT INTO ibwf_gallery SET uid='".$uid."', itemurl='".$imageurl."', avatarurl='".$avatarurl."', date='".$date."', filename='" . $handle->file_dst_name . "', sex='".$userinfo[1]."'");
} else {
echo ' file not uploaded to the wanted location<br/>';
echo ' Error: ' . $handle->error . '<br/>';
}
$handle-> Clean();
} else {
echo ' file not uploaded on the server<br/>';
echo ' Error: ' . $handle->error . '';
}
echo "</p>";
////// UNTILL HERE >>
echo "<p align=\"center\">";
echo "<br/><br/><a href=\"gallery.php?action=main&sid=$sid\">«Back to Gallery</a><br/>";
echo "<a href=\"index.php?action=main&sid=$sid\">";
echo "© $sitename</a>";
echo "</p></body>";
}
?>
</HTML>
It shows an error like....
Warning: include(class.upload.php) [function.include]: failed to open stream: No such file or directory in /home/htdocs/pics/upload.php on line 11
Warning: include() [function.include]: Failed opening 'class.upload.php' for inclusion (include_path='.') in /home/htdocs/pics/upload.php on line 11
Warning: include(core.php) [function.include]: failed to open stream: No such file or directory in /home/htdocs/pics/upload.php on line 12
Warning: include() [function.include]: Failed opening 'core.php' for inclusion (include_path='.') in /home/htdocs/pics/upload.php on line 12
Warning: include(config.php) [function.include]: failed to open stream: No such file or directory in /home/htdocs/pics/upload.php on line 13
Warning: include() [function.include]: Failed opening 'config.php' for inclusion (include_path='.') in /home/htdocs/pics/upload.php on line 13
Fatal error: Call to undefined function connectdb() in /home/htdocs/pics/upload.php on line 26
Added after 9 minutes:
Please m8s fix it or attach any secure gallery script, I want to save ma site from session hackers....
Comment