[php][/php]
<?php session_start(); include ("../config.php"); include ("login_functions.php"); //process_login(); //echo "session id:".session_id(); //echo " ".strlen(session_id()); if ($_REQUEST['BID']!='') { $BID = $_REQUEST['BID']; $_SESSION['BID']=$BID; } else { if ($_SESSION['BID']!=''){ $BID=$_SESSION['BID']; } else { $BID = 1; # just in case } } ############################### if ($_REQUEST['order_id']!='') { $_SESSION['MDS_order_id']=$_REQUEST['order_id']; if ((!is_numeric($_REQUEST['order_id'])) && ($_REQUEST['order_id']!='temp')) die(); } ################################ /* Delete temporary order when the banner was chnaged. */ if ( ($_REQUEST['banner_change']!='') || ($_FILES['graphic']['tmp_name']!='') ) { delete_temp_order(session_id()); } ################################# $tmp_image_file = get_tmp_img_name(); # load order from php # only allowed 1 new order per banner $sql = "SELECT * from orders where user_id='".$_SESSION['MDS_ID']."' and status='new' and banner_id='$BID' "; //$sql = "SELECT * from orders where order_id=".$_SESSION[MDS_order_id]; $order_result = mysql_query($sql); $order_row = mysql_fetch_array($order_result); if (($order_row['user_id']!='') && $order_row['user_id']!=$_SESSION['MDS_ID']) { // do a test, just in case. die('you do not own this order!'); } if (($_SESSION[MDS_order_id]=='')||(USE_AJAX=='YES')) { // guess the order id $_SESSION[MDS_order_id]=$order_row[order_id]; } ############################### load_banner_constants($BID); // Update time stamp on temp order (if exists) update_temp_order_timestamp(); ############################### $sql = "select block_id, status, user_id FROM blocks where banner_id='$BID' "; $result = mysql_query ($sql) or die (mysql_error().$sql); while ($row=mysql_fetch_array($result)) { $blocks[$row[block_id]] = $row['status']; //if (($row[user_id] == $_SESSION['MDS_ID']) && ($row['status']!='ordered') && ($row['status']!='sold')) { // $blocks[$row[block_id]] = 'onorder'; // $order_exists = true; //} //echo $row[block_id]." "; } ############################### require ("header.php"); ?> <?php //print_r($_FILES); if ($_FILES['graphic']['tmp_name']!='') { $uploaddir = SERVER_PATH_TO_ADMIN."temp/"; $parts = preg_split ("/[.]/", $_FILES['graphic']['name']); $ext = strtolower(array_pop($parts)); // CHECK THE EXTENSION TO MAKE SURE IT IS ALLOWED $ALLOWED_EXT= 'jpg, jpeg, gif, png'; $ext_list = preg_split ("/[\s,]+/i", ($ALLOWED_EXT)); if (!in_array($ext, $ext_list)) { $error .= "".$label['advertiser_file_type_not_supp']." ($ext)"; $image_changed_flag = false; } if ($error) { //echo "Error, image upload failed"; echo $error; } else { // clean up is handled by the delete_temp_order($sid) function... delete_temp_order(session_id()); // delete temp_* files older than 24 hours $dh = opendir ($uploaddir) ; while (($file = readdir($dh)) !== false) { $elapsed_time = 60*60*24; // 24 hours // delete old files $stat =stat($uploaddir.$file); if ($stat[9] < (time()-$elapsed_time)) { if (strpos( $file, 'tmp_'.md5(session_id())) !== false) { unlink($uploaddir.$file); } } } $uploadfile = $uploaddir . "tmp_".md5(session_id()).".$ext"; if (move_uploaded_file($_FILES['graphic']['tmp_name'], $uploadfile)) { //echo "File is valid, and was successfully uploaded.\n"; $tmp_image_file = $uploadfile; // check the file size for min an max blocks. $size = getimagesize($tmp_image_file); $size = get_required_size($size[0], $size[1]); $pixel_count = $size[0]*$size[1]; $block_size = $pixel_count / (BLK_WIDTH * BLK_HEIGHT); if (($block_size > G_MAX_BLOCKS) && (G_MAX_BLOCKS>0)) { $limit = G_MAX_BLOCKS * BLK_WIDTH * BLK_HEIGHT; $label['max_pixels_required'] = str_replace('%MAX_PIXELS%', $limit, $label['max_pixels_required']); $label['max_pixels_required'] = str_replace('%COUNT%', $pixel_count, $label['max_pixels_required']); echo ""; echo $label['max_pixels_required']; echo ""; unlink ($tmp_image_file); unset($tmp_image_file); } elseif (($block_size < G_MIN_BLOCKS) && (G_MIN_BLOCKS>0)) { $label['min_pixels_required'] = str_replace('%COUNT%', $pixel_count, $label['min_pixels_required']); $label['min_pixels_required'] = str_replace('%MIN_PIXELS%', G_MIN_BLOCKS*BLK_WIDTH * BLK_HEIGHT , $label['min_pixels_required']); echo ""; echo $label['min_pixels_required']; echo ""; unlink ($tmp_image_file); unset($tmp_image_file); } } else { //echo "Possible file upload attack!\n"; echo $label['pixel_upload_failed']; } } } // pointer.png ?>
<?php show_nav_status (1); ?>
<?php echo $cannot_sel; ?>
<?php $sql = "SELECT * FROM banners order by `name` "; $res = mysql_query($sql); if (mysql_num_rows($res)>1) { ?><?php echo $label['advertiser_sel_pixel_inv_head']; ?>
<?php
$label[‘advertiser_sel_select_intro’] = str_replace("%IMAGE_COUNT%",mysql_num_rows($res), $label[‘advertiser_sel_select_intro’]);
//echo $label[‘advertiser_sel_select_intro’];
?>
<?php display_banner_selecton_form($BID, $_SESSION['MDS_order_id'], $res); ?>
<?php }if ($order_exists) {
echo “
”.$label[‘advertiser_order_not_confirmed’]."
";}
?>
<?php echo $label['pixel_uploaded_head']; ?>
<?php $label['upload_pix_description']; ?>
<?php
if (USE_AJAX==‘SIMPLE’) {
$order_page = ‘order_pixels.php’;
} else {
$order_page = ‘select.php’;
}
?>
<?php $label['upload_your_pix']; ?>' style=' font-size:18px;'> <?php ?> <?php if (!$tmp_image_file) { ?>
<?php
} else {
?>
<P>
</p>
<div class="fancy_heading" width="85%"><?php echo $label['your_uploaded_pix']; ?></div>
<p>
<?php
echo "<img border=1 src='get_pointer_graphic.php?BID=".$BID."'><br>";
$size = getimagesize($tmp_image_file);
?><?php
$label['upload_image_size'] = str_replace("%WIDTH%", $size[0], $label['upload_image_size']);
$label['upload_image_size'] = str_replace("%HEIGHT%", $size[1], $label['upload_image_size']);
echo $label['upload_image_size'];
?>
<br>
<?php
$size = get_required_size($size[0], $size[1]);
$pixel_count = $size[0]*$size[1];
$block_size = $pixel_count / (BLK_WIDTH * BLK_HEIGHT);
$label['advertiser_require_pur'] = str_replace('%PIXEL_COUNT%',$pixel_count , $label['advertiser_require_pur']);
$label['advertiser_require_pur'] = str_replace('%BLOCK_COUNT%',$block_size, $label['advertiser_require_pur']);
echo $label['advertiser_require_pur'];
?>
</p>
<?php //echo $label['advertiser_select_instructions']; ?>
<form method="post" action="order_pixels.php" name='pixel_form'>
<input type="hidden" name="jEditOrder" value="true">
<p>
<input class='big_button' <?php if ($_REQUEST['order_id']!='temp') { echo 'disabled'; } ?> type="button" name='submit_button1' id='submit_button1' value='<?php echo $label['advertiser_write_ad_button']; ?>' onclick='document.form1.submit()'>
</p>
<input type="hidden" value="1" name="select">
<input type="hidden" value="<?php echo $BID;?>" name="BID">
<img style="cursor: pointer;" id="pixelimg" <?php if ((USE_AJAX=='YES') || (USE_AJAX=='SIMPLE')) { ?> onmousemove="show_pointer(event)" <?php } ?> type="image" name="map" value='Select Pixels.' width="<?php echo G_WIDTH*BLK_WIDTH; ?>" height="<?php echo G_HEIGHT*BLK_HEIGHT; ?>" src="show_selection.php?BID=<?php echo $BID;?>&gud=<?php echo time();?>" >
</form>
<input type="hidden" name="action" value="select">
</form>
<div style='background-color: #ffffff; border-color:#C0C0C0; border-style:solid;padding:10px'>
<hr>
<form method="post" action="write_ad.php" name="form1">
<input type="hidden" name="package" value="">
<input type="hidden" name="selected_pixels" value=''>
<input type="hidden" name="order_id" value="<?php echo $_SESSION[MDS_order_id]; ?>">
<input type="hidden" value="<?php echo $BID;?>" name="BID">
<input type="submit" class='big_button' disabled name='submit_button2' id='submit_button2' value='<?php echo $label['advertiser_write_ad_button']; ?>'>
<hr>
</form>
<script language='javascript'>
document.form1.selected_pixels.value=block_str;
</script>
</div>