Upload photo problem


#1

Hi guys i have a problem with a website, i try to change some things on it, and for news page, i try to do in admin panel the option to upload image for news, like every time when you add a post in news page, to add 1 photo with.

and the guy who script this website have a strange script.

for admin panel the script its like that

[php] case ‘news’:
echo "


Te rog să foloseşti \n pentru linie nouă!



Data expirării:

An Luna Zi



";
break;[/php]

in functions i have this one

[php] function add_news($title,$content,$y,$m,$d)
{
$title= addentities($title);
$content= addentities($content);
$y= intval(addentities($y));
$m= intval(addentities($m));
$d= intval(addentities($d));
$content=str_replace("\n","
",$content);
$st=0;
if($title==""){
$msg=“Noua postare trebuie să aibă un titlu.”;
}else if($content==""){
$msg=“Noua postare trebuie să aibă un conţinut!”;
}else if($y==-1 || $m==-1 || $d==-1){
$msg=“Noua postare trebuie să aibă o data de expirare!”;
}else if($y<intval(date(“Y”)) || ($y==intval(date(“Y”)) && $m<intval(date(“m”))) || ($y==intval(date(“Y”)) && $m==intval(date(“m”)) && $d<intval(date(“d”)))){
$msg=“Data expirarii nu poate fi în trecut.”;
}else{
$expire=mktime(date(“H”),date(“i”),date(“s”),$m,$d,$y);
$now=time();
$sql=“insert into account.kwix_news_ro (title,content,time,expire) values (’$title’,’$content’,’$now’,’$expire’)”;
$rez=mysql_query($sql);
if($rez){
$msg=“Success!”;
$st=1;
}else{
$msg=“Am întampinat o problemă.Te rugăm să încerci din nou.”;
}
}
return json_encode(array(“st”=>$st,“msg”=>$msg));
}[/php]

[php] function get_news($ref,$_id=0)
{
$image="";
$title="";
$content="";
$date="";
$id=’’;
$next=0;
$time=time();
if(intval($ref)==1){
$sql=“select * from account.kwix_news_ro where expire>’$time’ order by time desc”;
}elseif(intval($ref)==2){
$_id= intval(addentities($_id));
$sql=“select * from account.kwix_news_ro where expire>’$time’ and id<”.$_id." order by time desc";
}else{
$_id= intval(addentities($_id));
$sql=“select * from account.kwix_news_ro where expire>’$time’ and id>”.$_id." order by time asc";
}
$rez=mysql_query($sql);
$row=mysql_num_rows($rez);
if($row){
$rand=mysql_fetch_array($rez);
$title=$rand[‘title’];
$time=$rand[‘time’];
$content=$rand[‘content’];
$date=date(“d/m/Y H:i”,$time);
$id=$rand[‘id’];
}
if($row>=2){
$next=1;
}
$prev=0;
if(intval($ref)==2){
$sql=“select * from account.kwix_news_ro where expire>’$time’ and id>=”.$_id;
$rez=mysql_query($sql);
$row= mysql_num_rows($rez);
if($row) $prev=1;
}elseif(intval($ref)==3){
$time=time();
$sql=“select * from account.kwix_news_ro where expire>’$time’ and id>”.($id);
$rez=mysql_query($sql);
$row= mysql_num_rows($rez);
if($row) $prev=1;
$next=1;
}
exit(json_encode(array(“image”=>$image,“title”=>$title,“content”=>$content,“date”=>$date,‘id’=>$id,“next”=>$next,“prev”=>$prev)));
}[/php]

and 1 file with name add_news.php

[php]<?php
require ‘…/inc/functions.php’;
require ‘…/inc/config.php’;
if(isset($_GET[‘image’]) && isset($_GET[‘title’]) && isset($_GET[‘content’]) && isset($_GET[‘y’]) && isset($_GET[‘m’]) && isset($_GET[‘d’]) && is_admin()){
$image=$_GET[‘image’];
$title=$_GET[‘title’];
$content=$_GET[‘content’];
$y=$_GET[‘y’];
$m=$_GET[‘m’];
$d=$_GET[‘d’];
echo add_news($image, $title, $content, $y, $m, $d);
}
?>[/php]

and get_news.php

[php]<?php
require ‘…/inc/functions.php’;
require ‘…/inc/config.php’;
if(isset($_GET[‘first’]))
{
get_news(1);
}else if(isset($_GET[‘id’]) && isset($_GET[‘next’])){
get_news(2,$_GET[‘id’]);
}else if(isset($_GET[‘id’]) && isset($_GET[‘prev’])){
get_news(3,$_GET[‘id’]);
}
?>
[/php]

and I really do not understand its encryption mode and how can I make a correct script without changing the old script. i’m a beginner, thanks guys :d