• XSS.stack #1 – первый литературный журнал от юзеров форума

Переделать скрипт

Отслеживать

-IRON-

RAM
Пользователь
Регистрация
31.01.2008
Сообщения
104
Реакции
3
Суть проблемы такова:
Есть определенная цмс (мкпортал), в ней есть приделанный сторонним автором скрипт для загрузки фоток в свой личный фотоальбом. Точнее там и аплоад, и редактирование, и удаление, и т.п. Но это не суть важно.
При загрузке есть несколько полей. Это название фотки, путь к ней на компе юзера, и поле описание, чтоб его (есть еще поле url, но его вообще собираюсь убрать).
Дело в том, что удобно грузить фотки без описания, а поле является обязательным для заполнения.
Вопрос таков: как сделать это поле необязательным?
Привожу код:
Код: 
<?

if (!defined("IN_MKP")) {
    die ("Sorry !! You cannot access this file directly.");
}


 
$MK_PATH = "./";
$mklib->load_lang("lang_album.php");

if(!$mkportals->member['id']) {
      $message = "{$mklib->lang['album_errcreate']}";
      $mklib->error_page($message);
      exit;
    }


  if ($mklib->config['mod_gallery']) {
  $message = "<div style=color:#880000;><b><font size=\"4\">{$mklib->lang['album_disabled']}</font></b></div>";
  	$mklib->error_page($message);
  	exit;
  }

switch($mkportals->input['tab']) {
      	case '':
        page_cat();
        break;
      	case 'cat':
        page_cat();
        break;
      	case 'foto':
        page_foto();
        break;
      	case 'upload':
        page_upload();
        break;
}
     if(!$mkportals->member['id']) {
  	$message = "{$mklib->lang['mco_meseror']}";
  	$mklib->error_page($message);
  	exit;
  	
     }
     
  
     
$menu.= "<a href=index.php?ind=album&amp;tab=cat>cat</a><a href=index.php?ind=album&amp;tab=foto>foto</a><a href=index.php?ind=album&amp;tab=upload>upload</a>";
	$output .= $menu."index";

$output .="
<tr><td>
<div align=\"center\"><a href=\"http://www.mokro.us\" target=\"_blank\">Personal Album for MKPGallery</a> &copy;2007-2008 <a href=\"http://www.rusmkportal.ru\" target=\"_blank\">RUSmkportal.ru</a></div></td></tr>";

$blocks .= $Skin->view_block("{$mklib->lang['album_album']}", $output);
$mklib->printpage("1", "1", "{$mklib->lang['album_album']}", $blocks);  


//******************************** CAT ***********************
  
function page_cat() {
global $mkportals, $DB, $Skin, $print, $mklib, $mklib_board; 
	
	if ($mkportals->member['id']) {
  	$uname = $mkportals->member['name'];
	}
	$output.= "<tr><td><table WIDTH=100% CELLSPACING=4 CELLPADDING=0><tr ALIGN=center>
  	<td>
  	
  	<IMG SRC=/mkportal/modules/album/images/mini_edit.gif ALT=\"{$mklib->lang['album_options']}\">
  	
  	<a STYLE=\"color: #E77A20\" href=index.php?ind=album&amp;tab=cat><b>{$mklib->lang['album_options']}</b></a></td>
  	<td>
  	
  	<IMG SRC=/mkportal/modules/album/images/mini_view.gif ALT=\"{$mklib->lang['album_loadingsphotos']}\">
  	
  	<a href=index.php?ind=album&amp;tab=foto><b>{$mklib->lang['album_loadingsphotos']}</b></a></td>
  	
    
  	<td>
  	<IMG SRC=/mkportal/modules/album/images/mini_load.gif ALT=\"{$mklib->lang['album_loadphotos']}\">
  	
  	<a href=index.php?ind=album&amp;tab=upload><b>{$mklib->lang['album_loadphotos']}</b></a></td>
  	</tr>
  	<tr><td height=2 colspan=3 BGCOLOR=#4F6FaD></td></tr>
  	<tr><td height=3 colspan=3></td></tr>
  	</table>";

	// ************************* CREATE CAT **********************
	if ($mkportals->input['op']=='create'){
  $DB->query( "SELECT * FROM mkp_gallery_events WHERE uname=\"".$uname."\"");
  $row = $DB->fetch_row();
  if ($row['id']){
  	$output .="<div style=color:#dd0000;><b>{$mklib->lang['album_create_err']}</b></div>";
  } else {
  	$aname = $mkportals->input['aname'];
  	$father = 0;
  	if (!$aname) {
    $message = "{$mklib->lang['ad_req_ncat']}";
    $mklib->error_page($message);
    exit;
  	}
  	$DB->query("INSERT INTO mkp_gallery_events (evento, father, uname) VALUES ('$aname', '$father', '$uname')");
  	$DB->close_db();
  	$output .="<div style=color:#006600;><b><font size=\"2\">{$mklib->lang['album_create_ok']}</font></b></div>";
  }
	}

	// ************************* END CREATE CAT **********************
	// ************************* EDIT CAT **********************
	if ($mkportals->input['op']=='edit'){
  $DB->query( "SELECT * FROM mkp_gallery_events WHERE uname=\"".$uname."\"");
  $row = $DB->fetch_row();
  $output .= $menu."<tr><td><form action=\"index.php?ind=album&amp;tab=cat&amp;op=editsave\" name=\"a_ev\" method=\"post\">
      <table width=\"100%\" border=\"0\">
        <tr>
  	<td>{$mklib->lang['album_title']}</td>
        </tr>
        <tr>
  	<td>
     <input value=\"".$row['evento']."\" type=\"text\" name=\"aname\" size=\"50\" class=\"bgselect\" />
     <input type=\"submit\" name=\"Inserisci\" value=\"{$mklib->lang['album_edit']}\"  class=\"mkbutton\" />
  	</td>
        </tr>
      </table>
      </form>";
	}

	if ($mkportals->input['op']=='editsave'){
  $DB->query( "SELECT * FROM mkp_gallery_events WHERE uname=\"".$uname."\"");
  $row = $DB->fetch_row();
  $aname = $mkportals->input['aname'];
  $father = 0;
  if (!$aname) {
  	$message = "{$mklib->lang['ad_req_ncat']}";
  	$mklib->error_page($message);
  	exit;
  }
                $DB->query("UPDATE mkp_gallery_events SET evento=\"". $aname."\" WHERE id=".$row['id']);
  $DB->close_db();
  $output .="<div style=color:#006600;><b>{$mklib->lang['album_edit_ok']}</b></div>";
	}

	// ************************* END EDIT CAT **********************
	// ************************* DELETE CAT **********************

	if ($mkportals->input['op']=='del'){
  $res=$DB->query( "SELECT id as idf, file FROM mkp_gallery where mkp_gallery.autore=\"".$uname."\"");

  while ($row=mysql_fetch_array($res)) {
  	$filename = $row['file'];
  	$thumb = "t_".$filename;
  	@unlink("mkportal/modules/gallery/album/".$filename);
  	@unlink("mkportal/modules/gallery/album/".$thumb);
  	$DB->query("DELETE FROM mkp_gallery_comments WHERE identry = " .$row['idf']);
  	$DB->query("DELETE FROM mkp_ecards WHERE file=\"" .$filename."\"");
  }
  $DB->query("DELETE FROM mkp_gallery WHERE autore=\"" .$uname."\"");
  $DB->query("DELETE FROM mkp_gallery_events WHERE uname=\"" .$uname."\"");
  $output .="<div style=color:#880000;><b>{$mklib->lang['album_albumdel']}</b></div>";


  $query = $DB->query( "SELECT id FROM mkp_gallery WHERE validate = '1'");
  $count = $DB->get_num_rows($query);
  $DB->query("UPDATE mkp_stat SET valore ='$count' WHERE chiave = 'tot_gallery'");
  $DB->close_db();

	}

	// ************************* END DELETE CAT **********************



  	
	$DB->query( "SELECT * FROM mkp_gallery_events WHERE uname=\"".$uname."\"");
	$row = $DB->fetch_row();
	$DB->query("SELECT count(*) as fc FROM mkp_gallery WHERE evento =\"".$row['id']."\""); 
	$fotocount=$DB->fetch_row();

	if ($row['id']){
  $output .= "<script type=\"text/javascript\">
  	function makesure2() {
  	if (confirm('{$mklib->lang[album_surecatdel]}')) {
  	return true;
  	} else {
  	return false;
  	}
  	}
  	</script>
    <table width=100% border=0 CELLSPACING=4 CELLPADDING=0>
    <tr align=center><td>{$mklib->lang[album_title]}</td><td>{$mklib->lang[album_photos]}</td><td></td><td></td></tr>
    <tr><td height=1 bgcolor=#aaaaaa colspan=4></td></tr>
    <tr><td>
    
    <a href=index.php?ind=gallery&op=section_view&idev=".$row['id']." title=\"{$mklib->lang[album_preview]}\"><IMG SRC=/mkportal/modules/album/images/preview.png ALT=\"{$mklib->lang['album_preview']}\"></a>
    
    <b><a href=index.php?ind=gallery&op=section_view&idev=".$row['id']." title=\"{$mklib->lang[album_preview]}\">".$row['evento']."</a></b></td>
<td align=center>". $fotocount['fc'] ."</td>
    <td width=100 align=center>
    
    <a href=index.php?ind=album&amp;tab=cat&amp;op=edit><IMG SRC=/mkportal/modules/album/images/edit.gif WIDTH=15 HEIGHT=15 ALT=\"{$mklib->lang['album_edit2']}\"></a>
    
  	</td>
    <td width=100 align=center>
    
    <a href=index.php?ind=album&amp;tab=cat&amp;op=del onclick=\"return makesure2()\"><IMG SRC=/mkportal/modules/album/images/del.gif ALT=\"{$mklib->lang['album_delete']}\"WIDTH=15 HEIGHT=15></a>
    
    </td>
    <tr></table>";

	} else {
  $output .= "
             <form action=\"index.php?ind=album&amp;tab=cat&amp;op=create\" name=\"a_ev\" method=\"post\">
      <table width=\"100%\" border=\"0\">
        <tr>
  	<td><IMG SRC=/mkportal/modules/album/images/no_image.gif align=\"left\"/><font size=\"2\">{$mklib->lang['album_fm_create']}</font></br></td></tr>
  	<td><b>{$mklib->lang['album_title']}</b></td>
        </tr>
        <tr>
  	<td>
     <input type=\"text\" name=\"aname\" size=\"50\" class=\"bgselect\" />
     <input type=\"submit\" name=\"Inserisci\" value=\"{$mklib->lang['album_create']}\"  class=\"mkbutton\" />
  	</td>
        </tr>
      </table>
      </form></td></tr>";
	}

require $MK_PATH."mkportal/conf_mk.php";

        $output.="</td></tr>";
  
$output .="
<tr><td><div align=\"center\"><a href=\"http://www.mokro.us\" target=\"_blank\">Personal Album for MKPGallery</a> &copy;2007-2008 <a href=\"http://www.rusmkportal.ru\" target=\"_blank\">RUSmkportal.ru</a></div></td></tr>";  
  
  
	$blocks .= $Skin->view_block("{$mklib->lang['album_album']}", $output);
	$mklib->printpage("1", "1", "{$mklib->lang['album_album']}", $blocks);

}  	
//****************************** END CAT *********************
//******************************** FOTO ***********************
function page_foto() {
global $mkportals, $DB, $Skin, $print, $mklib, $mklib_board; 
	if ($mkportals->member['id']) {
  	$uname = $mkportals->member['name'];
	}
	$output.= "<tr><td><table WIDTH=100% CELLSPACING=4 CELLPADDING=0><tr ALIGN=center>
  	<td>
  	
  	<IMG SRC=/mkportal/modules/album/images/mini_edit.gif ALT=\"{$mklib->lang['album_options']}\">
  	<a href=index.php?ind=album&amp;tab=cat><b>{$mklib->lang['album_options']}</b></a></td>
  	
  	<td>
    	<IMG SRC=/mkportal/modules/album/images/mini_view.gif ALT=\"{$mklib->lang['album_loadingsphotos']}\">	
  	<a STYLE=\"color: #E77A20\" href=index.php?ind=album&amp;tab=foto><b>{$mklib->lang['album_loadingsphotos']}</b></a></td>
  	
  	<td>
  	<IMG SRC=/mkportal/modules/album/images/mini_load.gif ALT=\"{$mklib->lang['album_loadphotos']}\">
  	<a href=index.php?ind=album&amp;tab=upload><b>{$mklib->lang['album_loadphotos']}</b></a></td>
  	</tr>
  	<tr><td height=2 colspan=3 BGCOLOR=#4F6FaD></td></tr>
  	<tr><td height=3 colspan=3></td></tr>
  	</table>";
	//************************* DELETE FOTO **********************
if ($mkportals->input['op']=='del'){
$idf=$mkportals->input['idf'];
	$DB->query( "SELECT * FROM mkp_gallery WHERE id=\"".$idf."\"");
	$row = $DB->fetch_row();

  	$filename = $row['file'];
  	$thumb = "t_".$filename;
  	@unlink("mkportal/modules/gallery/album/".$filename);
  	@unlink("mkportal/modules/gallery/album/".$thumb);
  	$DB->query("DELETE FROM mkp_gallery_comments WHERE identry = " .$row['id']);
  	$DB->query("DELETE FROM mkp_ecards WHERE file=\"" .$filename."\"");
  	$DB->query("DELETE FROM mkp_gallery WHERE id=\"" .$idf."\"");
  	$output .="<div style=color:#880000;><b><font size=\"4\">{$mklib->lang['album_photo_del_ok1']} &laquo;".$row['titolo']."&raquo; {$mklib->lang['album_photo_del_ok2']}.</font></b>

</div>";

  $query = $DB->query( "SELECT id FROM mkp_gallery WHERE validate = '1'");
  $count = $DB->get_num_rows($query);
  $DB->query("UPDATE mkp_stat SET valore ='$count' WHERE chiave = 'tot_gallery'");
  $DB->close_db();

}
	//*********************** END DELETE FOTO ********************
	//************************* EDIT FOTO **********************
	if ($mkportals->input['op']=='editsave'){
  $idf=$mkportals->input['idf'];
  $DB->query( "SELECT * FROM mkp_gallery WHERE id=\"".$idf."\"");
  $row = $DB->fetch_row();
  $cat = $mkportals->input['cat'];
  $ftitle = $mkportals->input['ftitle'];
  $fdesc = $mkportals->input['fdesc'];
                $DB->query("UPDATE mkp_gallery SET evento=\"". $cat."\", titolo=\"". $ftitle."\", descrizione=\"". $fdesc."\" WHERE id=".$idf);
  $DB->close_db();
  $output .="<div style=color:#006600;><b>{$mklib->lang['album_edit_ok']}</b></div>";
	}

if ($mkportals->input['op']=='edit'){
$idf=$mkportals->input['idf'];
	$DB->query( "SELECT * FROM mkp_gallery WHERE id=\"".$idf."\"");
	$row = $DB->fetch_row();
	$res=$DB->query( "SELECT * FROM mkp_gallery_events WHERE uname=\"".$uname."\"");

	$output.="<form action=\"index.php?ind=album&amp;tab=foto&amp;op=editsave&amp;idf=".$idf."\" name=\"UPDATE\" method=\"post\">
        <table align=center border=\"0\">
  	<tr>
     <td>{$mklib->lang['album_section']}</td>
     <td>
     <select class=\"bgselect\" name=\"cat\" size=\"1\">";
  while ($galrow=mysql_fetch_array($res)) {
  	$output.="<option value=".$galrow['id'].">".$galrow['evento']."</option>";
  	}
  $imgdimension = @getimagesize("mkportal/modules/gallery/album/".$row['file']);
  $imgfilesize = stat("mkportal/modules/gallery/album/".$row['file']);
  	$output.="</select>
     </td><td width=30 rowspan=3> </td><td align=center rowspan=3>
     
	
<img style=\"cursor: url($mklib->template/images/mkajax/zoomin.cur), pointer;\" src=/mkportal/modules/gallery/album/t_".$row['file']." border=\"0\" alt=\"{$mklib->lang['album_zoom']}\" onclick=\"ajax_showPop('{$mklib->sitepath}index.php?ind=ajax&act=showgal&idp=".$idf."', 1);return false\" />
     
     
<nobr>{$mklib->lang['album_img_size']} ".round($imgfilesize[7]/1024,1)."kb</nobr>
<nobr>{$mklib->lang['album_img_def']} ".$imgdimension[0]."x".$imgdimension[1]."</nobr>
{$mklib->lang['album_img_prev']} ".$row['click']."
{$mklib->lang['album_img_rating']} ".$row['rate']."</td>
  	</tr>
  	<tr>
     <td>{$mklib->lang['album_fototitle']}</td>
     <td><input type=\"text\" name=\"ftitle\" value=\"".$row['titolo']."\" size=\"52\" class=\"bgselect\" /></td>
  	</tr>
  	<tr>
     <td valign=\"top\">{$mklib->lang['album_desc']}</td>
     <td><textarea cols=\"50\" rows=\"10\" name=\"fdesc\" class=\"bgselect\">".$row['descrizione']."</textarea></td>
  	</tr>
  	<tr>
     <td colspan=4 align=center><input type=\"submit\" value=\"{$mklib->lang['album_save']}\" class=\"mkbutton\" /></td>
  	</tr>
        </table>
        </form></td></tr>";

	} else {
	//*********************** END EDIT FOTO ********************
	$DB->query( "SELECT * FROM mkp_gallery_events WHERE uname=\"".$uname."\"");
	$row = $DB->fetch_row();
	$output .= "{$mklib->lang['album_alb']} &laquo;<b>".$row['evento'] . "&raquo;:</b>";
	$output .= "<script type=\"text/javascript\">
  	function makesure2() {
  	if (confirm('{$mklib->lang[album_sureimgdel]}')) {
  	return true;
  	} else {
  	return false;
  	}
  	}
  	</script>
    <table width=100% border=0 CELLSPACING=4 CELLPADDING=0>
    <tr align=center><td>{$mklib->lang['album_image']}</td><td>{$mklib->lang['album_fototitle']}</td><td>{$mklib->lang['album_desc']}</td><td></td><td></td><td></td></tr>
    <tr><td height=1 bgcolor=#aaaaaa colspan=6></td></tr>";


  $res=$DB->query( "SELECT * FROM mkp_gallery where evento=\"".$row['id']."\"");

  while ($frow=mysql_fetch_array($res)) {
  $imgdimension = @getimagesize("mkportal/modules/gallery/album/".$frow['file']);
  $imgfilesize = stat("mkportal/modules/gallery/album/".$frow['file']);
  $output .= "<tr>
    <td width=100 align=center>
    
    <img style=\"cursor: url($mklib->template/images/mkajax/zoomin.cur), pointer;\" src=/mkportal/modules/gallery/album/t_".$frow['file']." border=\"0\" alt=\"{$mklib->lang['album_zoom']}\" onclick=\"ajax_showPop('{$mklib->sitepath}index.php?ind=ajax&act=showgal&idp=".$frow['id']."', 1);return false\" />
    </td>
    <td align=center>".$frow['titolo']."</td>
    <td>".$frow['descrizione']."</td>
    
    <td><a href=\"index.php?ind=gallery&op=foto_show&ida=".$frow['id']."\"><b>{$mklib->lang['album_go_gallery']}</b></a>

    
    <a href=\"index.php?ind=gallery&op=submit_postcard&ide=".$frow['id']."\"><b>{$mklib->lang['album_ecard']}</b></a>

    
    
    {$mklib->lang['album_img_size']} ".round($imgfilesize[7]/1024,1)."kb
{$mklib->lang['album_img_def']} ".$imgdimension[0]."x".$imgdimension[1]."
{$mklib->lang['album_img_prev']} ".$frow['click']."
{$mklib->lang['album_img_rating']} ".$frow['rate']."
</td>
    
    <td width=35 align=center><a href=index.php?ind=album&amp;tab=foto&amp;op=edit&amp;idf=".$frow['id']."><IMG SRC=/mkportal/modules/album/images/edit.gif WIDTH=15 HEIGHT=15 ALT=\"{$mklib->lang['album_edit']}\"></a></td>
    <td width=35 align=center><a href=index.php?ind=album&amp;tab=foto&amp;op=del&amp;idf=".$frow['id']." onclick=\"return makesure2()\"><IMG SRC=/mkportal/modules/album/images/del.gif ALT=\"{$mklib->lang['album_delete']}\"WIDTH=15 HEIGHT=15></a></td>
    </tr>";

    
    
}

$output .= "</table>";
}

$output .="
<tr><td><div align=\"center\"><a href=\"http://www.mokro.us\" target=\"_blank\">Personal Album for MKPGallery</a> &copy;2007-2008 <a href=\"http://www.rusmkportal.ru\" target=\"_blank\">RUSmkportal.ru</a></div></td></tr>";	


require $MK_PATH."mkportal/conf_mk.php";
	$blocks .= $Skin->view_block("{$mklib->lang['album_album']}", $output);
	$mklib->printpage("1", "1", "{$mklib->lang['album_album']}", $blocks);

}  	
//****************************** END FOTO *********************
//******************************** UPLOAD ***********************
function page_upload() {
global $mkportals, $DB, $Skin, $print, $mklib, $mklib_board; 

	if ($mkportals->member['id']) {
  	$uname = $mkportals->member['name'];
	}

	$output.= "<tr><td><table WIDTH=100% CELLSPACING=4 CELLPADDING=0><tr ALIGN=center>
  	<td>
  	<IMG SRC=/mkportal/modules/album/images/mini_edit.gif ALT=\"{$mklib->lang['album_options']}\">
  	<a href=index.php?ind=album&amp;tab=cat><b>{$mklib->lang['album_options']}</b></a></td>
  	<td>
  	<IMG SRC=/mkportal/modules/album/images/mini_view.gif ALT=\"{$mklib->lang['album_loadingsphotos']}\">
  	<a href=index.php?ind=album&amp;tab=foto><b>{$mklib->lang['album_loadingsphotos']}</b></a></td>
  	<td>
    <IMG SRC=/mkportal/modules/album/images/mini_load.gif ALT=\"{$mklib->lang['album_loadphotos']}\">
  	<a STYLE=\"color: #E77A20\" href=index.php?ind=album&amp;tab=upload><b>{$mklib->lang['album_loadphotos']}</b></a></td>
  	</tr>
  	<tr><td height=2 colspan=3 BGCOLOR=#4F6FaD></td></tr>
  	<tr><td height=3 colspan=3></td></tr>
  	</table>";

if ($mkportals->input['op']=='fsend')
 {

//  if(!$mkportals->member['g_access_cp'] && !$mklib->member['g_send_gallery']) {
//  	$message = "{$mklib->lang['ga_nouplimg']}";
//  	$mklib->error_page($message);
//  	exit;
//  }
  $FILE_UPLOAD = $mkportals->input['FILE_UPLOAD'];
  $FILE_URL = $mkportals->input['FILE_URL'];
  
  if (!$FILE_UPLOAD && $FILE_URL){
            $file = $FILE_URL;
            $file_name = preg_replace("`.*\/(([^\/]+)\.([^\/]+))`", "\\1", $FILE_URL);
            $file_name = preg_replace("/[^a-zA-Z0-9\_\-\.]/", '' , $file_name);
            $file_name = preg_replace('#\.{1,}#s', '.', $file_name);
            $file_name = preg_replace('#\_{2,}#s', '_', $file_name);

            if (!preg_match('#^http://#', $FILE_URL) || !$file_name) {
                $message = "{$mklib->lang['ga_noURL']}
{$mklib->lang['ga_URL']}";
                $mklib->error_page($message);
                exit;
            } 

        $fp = fopen($FILE_URL,"rb");
  
  if (!$fp) {
  	$message = "{$mklib->lang['ga_fopen']}";
  	$mklib->error_page($message);
  	exit;
  }

        $header = stream_get_meta_data($fp);
        	for ($i=1; isset($header['wrapper_data'][$i]); $i++) {
            	if (strstr(strtolower($header['wrapper_data'][$i]), 'content-type')) {
                	if((eregi('^content-type: ([[:graph:]]+)', $header['wrapper_data'][$i], $MIME_extraction_array))) {
    	$file_type = $MIME_extraction_array[1];
    	}
    }
    if (strstr(strtolower($header['wrapper_data'][$i]), 'content-length')) {
                	if(eregi('^content-length: ([[:digit:]]+)', $header['wrapper_data'][$i], $length_extraction_array)) {
                	$peso = $length_extraction_array[1];
                	}
            	}
  	}
  } else {
  $file =  $_FILES['FILE_UPLOAD']['tmp_name'];
  $file_name =  $_FILES['FILE_UPLOAD']['name'];
  //$file_type =  $_FILES['FILE_UPLOAD']['type'];
  $peso =  $_FILES['FILE_UPLOAD']['size'];  
  }
  
  $evento = intval($mkportals->input['evento']);
  $titolo = $mkportals->input['titolo'];
  $descrizione = $mkportals->input['descrizione'];
  $autore = $mkportals->member['name'];
  $idauth = $mkportals->member['id'];

  if (!$evento || !$titolo || !$descrizione || !$file) {
  	$message = "{$mklib->lang['ga_mustcompile']}";
  	$mklib->error_page($message);
  	exit;
  }

  if ($file_name) {
  	//Validate file extension
  	$file_ext = preg_replace("`.*\.(.*)`", "\\1", $file_name);
  	$file_ext = substr ($file_name, (strlen($file_name)-3), 3);
  	$file_ext = strtolower($file_ext);
  	switch($file_ext)
  	{
    case 'gif':
    	$ext = 'gif';
    	break;
    case 'jpg':
    	$ext = 'jpg';
    	break;
    case 'png':
    	$ext = 'png';
    	break;
    case 'tif':
    	$ext = 'tif';
    	break;
    case 'bmp':
    	$ext = 'bmp';
    	break;
    default:
    	$ext = 'not_supported';
    	break;
  	}

  	if ($ext == "not_supported")  {
    $message = "{$mklib->lang['ga_notsup']}";
    $mklib->error_page($message);
    exit;
  	}

  	//Validate file size
  	if ($mklib->config['upload_image_max'] > 0 && $peso > ($mklib->config['upload_image_max']*1024)) {
    $message = "{$mklib->lang['ga_maxupl']}";
    $mklib->error_page($message);
    exit;
  	}
      
  	if (!$FILE_UPLOAD && $FILE_URL) {
    //Copy file from remote server to gallery "tmp" directory
    if (!copy("$file", "mkportal/modules/gallery/album/tmp/$file_name")) {
    	$message = "{$mklib->lang['ga_errorupl']}";
    	$mklib->error_page($message);
    	exit;
    }
  	} else {
    //Move file from local server tmp directory to gallery "tmp" directory
    if (!move_uploaded_file("$file", "mkportal/modules/gallery/album/tmp/$file_name")) {
    	$message = "{$mklib->lang['ga_errorupl']}";
    	$mklib->error_page($message);
    	exit;
    }
  	}
  	@chmod("mkportal/modules/gallery/album/tmp/$file_name", 0644);

  	//Validate by mime type
  	$tmpfilename = "mkportal/modules/gallery/album/tmp/$file_name";
  	$size = @getimagesize($tmpfilename);
  	//If getimagesize does not recognize file as an image delete file
  	if (!$size)  {
    @unlink($tmpfilename);
    $message .= "{$mklib->lang['ga_notsup']}";
    $mklib->error_page($message);
    exit;
  	}
  	$file_type = $size['mime'];
  
  	if (!$mklib->check_attach($file_type, $file_ext))  {
    //Delete invalid file and display error
    @unlink($tmpfilename);
    $message .= "{$mklib->lang['ga_notsup']}";
    $mklib->error_page($message);
    exit;
  	}	

  	//Validate by file contents
  	$fcontents = file_get_contents ($tmpfilename);
  	$carray = array("html", "javascript", "vbscript", "alert", "onmouseover", "onclick", "onload", "onsubmit");  
  	foreach ($carray as $fch) {
              	if (strstr($fcontents, $fch)) {
                  	@unlink($tmpfilename);
    	$message .= "{$mklib->lang['ga_notsup']}";
    	$mklib->error_page($message);
                  	exit;
              	}
          }
          if (preg_match("#script(.+?)/script#ies", $fcontents)) {
              @unlink($tmpfilename);
    $message .= "{$mklib->lang['ga_notsup']}";
    $mklib->error_page($message);
              	exit;
          }

  	$query = $DB->query("SELECT id FROM mkp_gallery ORDER BY id DESC LIMIT 1");
  	$row = $DB->fetch_row($query);
  	$totr = $row['id'];
  	++$totr;

  	$image = "a_"."$totr".".$ext";

  	//move file from "tmp" directory to "album" directory
  	@rename($tmpfilename, "mkportal/modules/gallery/album/$image");
  }

  if (!is_file ("mkportal/modules/gallery/album/$image")) {
  	$message = "{$mklib->lang['ga_errorupl']}";
  	$mklib->error_page($message);
  	exit;
  }
  
  $cdata = time();
  $thumb = "t_$image";

  $validat = "1";
  $approval = $mklib->config['approval_gallery'];
  if ($approval == "2" || $approval == "3") {
  	$validat = 0;
  }
  if($mkportals->member['g_access_cp']) {
  	$validat = "1";
  }
// Meo Changed in C 0.1.b to extend thumb types 
  //if ($ext == "jpg") {
  	$mklib->CreateImage($mklib->config['thumb_max_dimen'],"mkportal/modules/gallery/album/$image", "mkportal/modules/gallery/album/$thumb");
  //}
// End
  //try to watermark image.
  if ($mklib->config['watermark_enable']) {
  	$mklib->watermark("mkportal/modules/gallery/album/$image");
  }
  $query="INSERT INTO mkp_gallery(evento, titolo, descrizione, file, autore, idauth, peso, data, validate)VALUES('$evento', '$titolo', '$descrizione', '$image', '$autore', '$idauth', '$peso', '$cdata', '$validat')";
  $DB->query($query);
  
  if ($approval == "1") {
  	$mailsubj = $mklib->lang['01mail'].$mklib->lang['gallery'];
  	$mailmess = $mklib->lang['02mail'].$mklib->lang['module'].$mklib->lang['gallery']."\n".$mklib->lang['sender'].$autore."\n\n\n".$mklib->lang['from']." ".$mklib->sitename;
  	$mklib_board->admin_mail($mailsubj, $mailmess);
  }
  if ($approval == "2" && !$mkportals->member['g_access_cp']) {
  	$mailsubj = $mklib->lang['01mail'].$mklib->lang['gallery'];
  	$mailmess = $mklib->lang['03mail'].$mklib->lang['module'].$mklib->lang['gallery']."\n".$mklib->lang['sender'].$autore."\n\n\n".$mklib->lang['from']." ".$mklib->sitename;
  	$mklib_board->admin_mail($mailsubj, $mailmess);
  	$mklib->message_page ($mklib->lang['notify_adv']);
  	exit;
  }
  if ($approval == "3" && !$mkportals->member['g_access_cp']) {
  	$mklib->message_page ($mklib->lang['notify_adv']);
  	exit;
  }
  $query = $DB->query( "SELECT id FROM mkp_gallery WHERE validate = '1'");
  $count = $DB->get_num_rows($query);
  $DB->query("UPDATE mkp_stat SET valore ='$count' WHERE chiave = 'tot_gallery'");
  $DB->close_db();

  $output .="<div style=color:#006600;><b>{$mklib->lang['album_up_ok']}</b></div>";
  
  	}
	$res=$DB->query( "SELECT * FROM mkp_gallery_events WHERE uname=\"".$uname."\"");

	$output.="<form action=\"index.php?ind=album&amp;tab=upload&op=fsend\" name=\"UPLOAD\" method=\"post\" enctype=\"multipart/form-data\">
      <table align=center border=\"0\">
        <tr>
  	<td>{$mklib->lang['album_section']}</td>
     <td>
       <select class=\"bgselect\" name=\"evento\" size=\"1\">";
  while ($galrow=mysql_fetch_array($res)) {
  	$output.="<option value=".$galrow['id'].">".$galrow['evento']."</option>";
  	}
  $imgdimension = @getimagesize("mkportal/modules/gallery/album/".$row['file']);
  $imgfilesize = stat("mkportal/modules/gallery/album/".$row['file']);

  	$output.="</select>
       
     </td>
  	</tr>
  	<tr>
     <td>{$mklib->lang['album_fototitle']}</td>
     <td><input type=\"text\" name=\"titolo\" size=\"52\" class=\"bgselect\" /></td>
  	</tr>
  	<tr>
     <td valign=\"top\">{$mklib->lang['album_desc']}</td>
     <td><textarea cols=\"50\" rows=\"10\" name=\"descrizione\" class=\"bgselect\"></textarea></td>
  	</tr>
  	<tr>
     <td>{$mklib->lang['album_file']}</td>
     <td><input type=\"file\" name=\"FILE_UPLOAD\" size=\"50\" class=\"bgselect\" /></td>
  	</tr>
<!-- Submit FILE URL -->
  	<tr>
     <td>{$mklib->lang['album_file_URL']}</td>
     <td><input type=\"text\" name=\"FILE_URL\" size=\"50\" class=\"bgselect\" />
 {$mklib->lang['album_URL']} </td>
  	</tr>	
<!-- Submit FILE URL -->
  	<tr>
     <td align=center colspan=\"2\"><input type=\"submit\" value=\"{$mklib->lang['album_up']}\" class=\"mkbutton\" /></td>
  	</tr>
        </table>
        </form>";
$output .="
<tr><td>
<div align=\"center\"><a href=\"http://www.mokro.us\" target=\"_blank\">Personal Album for MKPGallery</a> &copy;2007-2008 <a href=\"http://www.rusmkportal.ru\" target=\"_blank\">RUSmkportal.ru</a></div></td></tr>";	

require $MK_PATH."mkportal/conf_mk.php";


	$blocks .= $Skin->view_block("{$mklib->lang['album_album']}", $output);
	$mklib->printpage("1", "1", "{$mklib->lang['album_album']}", $blocks);

}  	
//****************************** END UPLOAD *********************
?>
Цмску разрабатывали итальянцы, поэтому имя переменной на итальянском. Она называется descrizione.
Сам пытался решить проблему. Для начала сделал в БД поле описания необязательным (NULL). Не помогло. Покопался в коде, нашел следующую конструкцию:
Код: 
  if (!$evento || !$titolo || !$descrizione || !$file) {
  	$message = "{$mklib->lang['ga_mustcompile']}";
  	$mklib->error_page($message);
  	exit;
  }
Поидее это и есть проверка на существование, но убиранием из нее переменной дело не обошлось. Выводит свою внутреннюю ошибку (не ошибку php или мускула), которая генерится этой функцией:
error_page($message);

Вопрос выше (как сделать поле описания необязательным?)

Считаю, что проблема именно в этом скрипте, т.к есть аналогичный скрипт, который использует те же переменные. В нем все работает как надо после правки вышеупомянутого кода (хотя не исключаю, что работало и до правки).
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Поидее это и есть проверка на существование, но убиранием из нее переменной дело не обошлось. Выводит свою внутреннюю ошибку (не ошибку php или мускула), которая генерится этой функцией:
error_page($message);

Вопрос выше (как сделать поле описания необязательным?)
da ti prav tut nuzgno ubirat' vot tak:
Код: 
 if (!$evento || !$titolo || !$file) {
  $message = "{$mklib->lang['ga_mustcompile']}";
  $mklib->error_page($message);
  exit;
 }

Esli est' oshibka kakaya napishi ee tekst
 
Я же говорю, ошибка внутренняя, могу даже скрин выложить. Там написано просто ошибка и все, и над этим красивая шапочка портала. Давал бы он мне хорошее описание ошибки-я бы наверно сам разобрался.

Код пробовал редактить. Не помогло.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
poprobui eshe tak, eto zamenit':
$descrizione = $mkportals->input['descrizione'];
na eto:
$descrizione = '';
 
Блин перед всеми извиняюсь за ложную тревогу :)
Во всем виноват сцуко тотал коммандер, который после правки файла по какой-то причине видать не залил его на сервак.
Только что зашел на сервер, открыл этот ********** скрипт и нашел там как раз тот код, о котором писал выше... Снес-все пошло нормально. Реинкарнация нах =/
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх