Subversion Repositories naranai

Compare Revisions

Ignore whitespace Rev 49 → Rev 50

/naranai/upload.php
131,13 → 131,13
if(isset($_COOKIE["user_id"]) || $uploaded < ANON_UPLOADS )
{
?>
<form enctype="multipart/form-data" class="registration" id="upload_form" action="<?php echo BASE_URL; ?>/uploader/<?php echo $_COOKIE["user_id"] ?>" method="post">
<form enctype="multipart/form-data" class="registration" id="upload_form" action="<?php echo BASE_URL; ?>/uploader/<?php echo $_COOKIE["user_id"] ?>/<?php echo $_COOKIE["password"] ?>" method="post">
<h4>Posting Guidelines</h4>
<ul>
<li>
Try not to upload shitting pictures.
Try not to upload shitty pictures.
</li>
<li>
Nothing illegal. That means no CP.
/naranai/.htaccess
81,8 → 81,8
RewriteRule ^comment/list/([0-9]*)(/)?$ comment_list.php?pagenum=$1 [L]
RewriteRule ^post/upload/tag/?$ upload_tagger.php [L]
RewriteRule ^post/upload/?$ upload.php [L]
RewriteRule ^uploader/([0-9]*)/(.*)/?$ file_upload_script_thingy.php?user_id=$1&group=$2 [L]
RewriteRule ^uploader/([0-9]*)/?$ file_upload_script_thingy.php?user_id=$1 [L]
RewriteRule ^uploader/([0-9]*)/([A-Fa-f0-9]{32})/(.*)/?$ file_upload_script_thingy.php?user_id=$1&pass=$2&group=$3 [L]
RewriteRule ^uploader/([0-9]*)/([A-Fa-f0-9]{32})/?$ file_upload_script_thingy.php?user_id=$1&pass=$2 [L]
RewriteRule ^uploader/?$ file_upload_script_thingy.php [L]
RewriteRule ^tags/add/?$ edit_tag.php [L]
RewriteRule ^tags/edit/([0-9]*)/?$ edit_tag.php?tag=$1 [L]
/naranai/file_upload_script_thingy.php
4,12 → 4,7
global $color_names;
include_once('lib/color_to_name.php');
$result = array();
if( USER_LEVEL < UPLOAD ) {
$result['status'] = 0;
$result['error'] = "You do not have permission.";
echo json_encode($result);
exit();
}
 
if( isset($_FILES['photoupload']) )
{
$name = $_FILES['photoupload']['name'];
58,7 → 53,13
$user = 1;
if($_GET["user_id"])
{
$user = mysql_real_escape_string($_GET["user_id"]);;
$user = abs($_GET["user_id"]);
$pass = mysql_real_escape_string($_GET['pass']);
$sql_user = "SELECT user_level FROM `users` WHERE `id` = " . $user . " AND pass = '" . $pass . "';";
if(mysql_result(mysql_query($sql_user), 0) < '1')
{
exit();
}
}
$ip = $_SERVER['REMOTE_ADDR'];