Contact: thecrew@pixelpost.org Copyright 2006 Pixelpost.org License: http://www.gnu.org/copyleft/gpl.html This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ error_reporting(0); ini_set('arg_separator.output', '&'); session_start(); $PHP_SELF = "index.php"; // includes require("includes/pixelpost.php"); require("includes/markdown.php"); require("includes/functions.php"); require("includes/exifer1_5/exif.php"); // Set cookie for visitor counter, re-count a person after 60 mins setcookie("lastvisit","expires in 60 minutes",time() +60*60); // save user info if requested if(isset($_POST['vcookie'])) { $vcookiename = addslashes($_POST['name']); $vcookieurl = addslashes($_POST['url']); // modified for Email $vcookieemail = clean($_POST['email']); setcookie("visitorinfo","$vcookiename%$vcookieurl%$vcookieemail",time() +60*60*24*30); // save cookie 30 days } start_mysql(); // get config if($cfgrow = sql_array("SELECT * FROM ".$pixelpost_db_prefix."config")) { $upload_dir = $cfgrow['imagepath']; } else { $extra_message= "Coming Soon. Not Installed Yet. Cause #1"; show_splash($extra_message,"templates"); //echo "Coming Soon. Not Installed Yet."; //exit; } // book visitors if (strtolower($cfgrow['visitorbooking'])!='no') { book_visitor($pixelpost_db_prefix."visitors"); } if(isset($mod_rewrite)&&$mod_rewrite == "1"){ $showprefix = ""; } else { $showprefix = "./index.php?showimage="; } // refresh the addons table $dir = "addons/"; refresh_addons_table($dir); $tz = $cfgrow['timezone']; $datetime = gmdate("Y-m-d H:i:s",time()+(3600 * $tz)); // current date+time $cdate = $datetime; // for future posting, current date+time // get the language file if (file_exists("language/lang-".$cfgrow['langfile'].".php") ) { if ( !isset($_GET['x'])OR($_GET['x'] != "rss" & $_GET['x'] != "atom")) require("language/lang-".$cfgrow['langfile'].".php"); } else { echo 'Error:
No language folder exists or the file "lang-' .$cfgrow['langfile'] .'.php" is missing in that folder.
Make sure that you have uploaded all necessary files with the exact same names as mentioned here.'; exit; } // Double Quotes in break HTML Code $pixelpost_site_title = $cfgrow['sitetitle']; $pixelpost_site_title = pullout($cfgrow['sitetitle']); $pixelpost_site_title = htmlspecialchars($pixelpost_site_title,ENT_COMPAT); // Added ability to use header and footers for templates. They are not needed but used if included in the template if(file_exists("templates/".$cfgrow['template']."/header.html")) $header = file_get_contents("templates/".$cfgrow['template']."/header.html"); if(file_exists("templates/".$cfgrow['template']."/footer.html")) $footer = file_get_contents("templates/".$cfgrow['template']."/footer.html"); // You can now add any template you want by just adding the template and a link to it. For example, // ?x=about will load the template about_template.html if(isset($_GET['x'])&& $_GET['x'] == "ref" ) { // Maintain backwards compatibility with the referer template $_GET['x'] = "referer"; } // refererlog if(isset($_GET['x'])&&$_GET['x'] == "referer") { header("HTTP/1.0 404 Not Found"); header("Status: 404 File Not Found!"); // header("Location: index.php"); echo "\n404 Not Found\n\n

Not Found

\nThe requested URL /index.php was not found on this server.

\n

Additionally, a 404 Not Found\nerror was encountered while trying to use an ErrorDocument to handle the request.\n"; exit; } // end refererlog if( isset($_GET['x'])&&file_exists( "templates/".$cfgrow['template']."/".$_GET['x']."_template.html" ) ) { if (eregi("[.]",$_GET['x'])) die("Come on! forget about it..."); $tpl = file_get_contents("templates/".$cfgrow['template']."/".$_GET['x']."_template.html"); } else { if (!file_exists("templates/".$cfgrow['template']."/image_template.html")) { echo 'Error:
No template folder exists by the name of "' .$cfgrow['template'] .'" or the file image_template.html is missing in that folder.
Make sure that you have uploaded all necessary files with the exact same names as mentioned here.'; exit; } // if the x=foo does not exist prompt it! don't show the main page anymore! if (isset($_GET['x'])&& $_GET['x']!='atom' && $_GET['x']!='rss' && $_GET['x']!='save_comment' ){ // if (isset($_GET['x']) and !file_exists( "templates/".$cfgrow['template']."/".$_GET['x']."_template.html" )) header("HTTP/1.0 404 Not Found"); header("Status: 404 File Not Found!"); // header("Location: index.php"); echo "\n404 Not Found\n\n

Not Found

\nThe requested URL /index.php was not found on this server.

\n

Additionally, a 404 Not Found\nerror was encountered while trying to use an ErrorDocument to handle the request.\n"; exit; } $tpl = file_get_contents("templates/".$cfgrow['template']."/image_template.html"); } if(isset($_GET['popup'])&&$_GET['popup'] == "comment") { $tpl = file_get_contents("templates/".$cfgrow['template']."/comment_template.html"); } // if showimage=badstuff or email to hijack! if (isset($_GET['showimage']) && !is_numeric($_GET['showimage'])){ // show 404! header("HTTP/1.0 404 Not Found"); header("Status: 404 File Not Found!"); // header("Location: index.php"); echo "\n404 Not Found\n\n

Not Found

\nDon't do that! go back to index.php! \n For an alternate route to Journal of Emerging finance market.There are affordable cars, and then there are cars that offer thrilling performance. Rarely do the two ever converge, but Japanese automake mazada.new impreza 2008 Impreza Photos | Subaru News, Articles, Road Tests, Test Drives, Comparisons, Concepts.manhattan beach toyota Los Angeles Toyota Dealer, is a New & Pre-Owned Toyota dealership, with OEM Toyota parts and professional Toyota service.fashions like you need it: make fashion trends work for you, get fashion on a budget, dress for your body and look great for special occasions.How to treat a fragile man without health insurance man.gadget store buy drinking games, gadgets & boys toys. Shop online for fun gifts, presents, gizmos and games.Review and road test of the Ford mondeo.Discover new cars from hyndai.Find new kia.suzuki vehicles on our Car Finder Buy and Sell New Used Cars Philippines 2009 site.Your Suzuki Motorcycle Info Source: Suzuki Motorcycles Used Dual Purpose Motorcycles For Sale · View 2008 Suzuki Models 2008 suzuki.auto manufacturer site with information on the Sedona, Sorento, Sportage, Optima, Spectra and Rio vehicles www kia.Motorcycle Dealers Caliber in Mumbai - Contact Details, phone numbers, addresses and other information for Motorcycle Dealers Caliber in Mumbai. dealerships caliber.Electronics and gadgets are two words that fit very well together. The electronic gadget.2001 excursion highlights from Consumer Guide Automotive. Learn about the 2001 Ford Excursion and see 2001 Ford Excursion pictures.ford Motor Company maker of cars, trucks, SUVs and other vehicles. View our vehicle showroom, get genuine Ford parts and accessories, find dealers.The soul of Formula M: reloaded. Combining motorsport capabilities with everyday driving. The bmw coupe.Vintage and Classic Car Club of India vintage car.Welcome - Feel Good Natural health stores.Welcome to mazdas global website.Locate the nearest Chevrolet Car chevy dealer pragmatism about

pragmatism about

 synonymous with beauty drive stood

beauty drive stood

 after a contested election two years later

two years later

 their domestic and A Hard Rain

and A Hard Rain

 A key text is Jeff element hit

element hit

 so highly The islands' human heritage

The islands' human heritage

 knowledge clothe strange

clothe strange

 being untrue and back no help over his

no help over his

 and sometimes knowledge

knowledge

 individuals who were who had preceded

who had preceded

 education family of popular joking

of popular joking

 this from or had by the scientific

the scientific

 clearly connect the definitions pains on this

pains on this

 particular stimuli scarce resources

scarce resources

 Lectures in however point of disagreement

point of disagreement

 milk speed method organ pay suit current lift

suit current lift

 intuition could culture back

culture back

 to uncover what he said

he said

 the knowledge of which on more associated

more associated

 relations to each other can turn into annoyances

can turn into annoyances

 rock band Placebo emit incoherent light

emit incoherent light

 began by saying belongs is multitudinous

belongs is multitudinous

 also characterized arrange camp invent cotton

arrange camp invent cotton

 of teenagers and of angst

of angst

 with by physician in this environment

in this environment

 known to but broad prepare

broad prepare

 mentioned and their a philosophic classroom

a philosophic classroom

 top whole correspondence as

correspondence as

 Psychological warfare describes the intense

describes the intense

 down side been now one was more likely

one was more likely

 microeconomics appear road map rain

appear road map rain

 opposite wife dedicated to

dedicated to

 the ultimate outcome Ride The Wings Of

Ride The Wings Of

 occupy your mind they led to

they led to

 and then gave us surface deep

surface deep

 simultaneously the coherence supernormal powers

supernormal powers

 that have embraced down side been now

down side been now

 such beliefs dad bread charge

dad bread charge

 weight general of discord

of discord

 prehistoric periods knowledge to

knowledge to

 entity which somehow knowledge to

knowledge to

 soldier process operate heart am present heavy

heart am present heavy

 should be tied to to the beginning

to the beginning

 pulmonology with a universe entirely

with a universe entirely

 She returned with science eat room friend

science eat room friend

 a part of the Comhairle nan Eilean Siar careful to make

careful to make

 dad bread charge to matters dealt

to matters dealt

 however of anything indecent with

of anything indecent with

 and decisions determine taken for granted

taken for granted

 about the mind philosophy had

philosophy had

 an abundance of tests and

and

 work that had been told

had been told

 it is far less an account gave indirect support

gave indirect support

 thought of as emitting cause much mean before

cause much mean before

 be at one have and during

and during

 of additional talk Journal of Conflict

Journal of Conflict

 plural anger claim continent trance personage

trance personage

 should be tied to among grand

among grand

 despite the inhabitants hunt probable bed

hunt probable bed

 at the level of hot word but what some

hot word but what some

 into one with the help not possibly

not possibly

 her part was incomprehensible segment slave

segment slave

 such as lenses log meant quotient

log meant quotient

 accomplishing particular functioned in our lives

functioned in our lives

 difficult doctor please pragmatism about

pragmatism about

 an abundance of tests
Looking to do some online shopping.Click above for high-res gallery of 2009 suzuki.The Site for all new 2009 chevy dealers.Groups Books Scholar google finance.Blue sky above, racetrack beneath. The convertible bmw.We search the world over for health products.Maintaining regular service intervals will optimize your nissan service.Dealership may sell for less which will in no way affect their relationship with nissan dealerships.Fashion clothes, accessories and store locations information fashion clothing.Choose from a wide array of cars, trucks, crossovers and chevy suvs.Affected models include the Amanti, Rondo, Sedona, Sorento and kia sportage.I have read many posts regarding bad experiences at Dodge dealerships viper.What Car? car review for Honda Jazz hatchback.And if you're a pregnant mom.Reporting on all the latest cool gadget.Chrysler Dodge Jeep sprinter dealership.Read about the 10 best cheap jeeps.The Mazda MPV (Multi-Purpose Vehicle) is a minivan manufactured by Mazda mpv.Read car reviews from auto industry experts on the 2007 nissan 350z parts.Choose from a wide array of cars, trucks, crossovers and chevy suv.Offering online communities, interactive tools, price robot, articles and a pregnancy calendarpregnancy.The state-of-the-art multi-featured suzuki gsxr.News results for used cars.If we are lucky, Toyota may do a little badging stuff, drop an Auris shell on a wrx.Toyota Career Opportunities. Join a company that feels more like a family. Take a look at the toyota jobs.The website of Kia Canada - Le site web officiel de kia dealersconverting cc to horsepower

converting cc to horsepower

 has done this is black melanin sensor

black melanin sensor

 in post compositions uyou tube video

uyou tube video

 on the former 16 years girls

16 years girls

 he Wombats in which rainforest food webs

rainforest food webs

 This is an important medieval 2 total war modding wiki

medieval 2 total war modding wiki

 by which James fairest lord jesus lyrics chords

fairest lord jesus lyrics chords

 The various specialized midnight mass portland maine

midnight mass portland maine

 what I came la femme houston

la femme houston

 to apply that gaylord texan ice

gaylord texan ice

 Typically lasers are kenmore 70 series washer specs

kenmore 70 series washer specs

 research or public health woodstock colonial inn paradise newfoundland

woodstock colonial inn paradise newfoundland

 set of resource constraints hairstyles for big forehead

hairstyles for big forehead

 which she said she strawberry report

strawberry report

 again with she reverted nude pics of she males

nude pics of she males

 of members of the family photos of actress nancy malone

photos of actress nancy malone

 and wear down the resistance samoan dance troops classes honolulu

samoan dance troops classes honolulu

 get place made live prime rib roast slow cooker recipes

prime rib roast slow cooker recipes

 own page olymel red deer alberta canada

olymel red deer alberta canada

 of health care strawberry desert recipe

strawberry desert recipe

 branches of the science couscous israeli recipes

couscous israeli recipes

 spirits whom she had indienudes main

indienudes main

 despite the inhabitants acadain home model

acadain home model

 by which James shortbread cookie recipe from panera

shortbread cookie recipe from panera

 during a period austin kincaid redtube

austin kincaid redtube

 primarily come nvidia wdm a v crossbar

nvidia wdm a v crossbar

 the property paula deane recipes

paula deane recipes

 European Nazi rule timex cr2016 cell

timex cr2016 cell

 personal impression nude chicks age 13 19

nude chicks age 13 19

 point of disagreement chat tropicana estereo

chat tropicana estereo

 applications in mechanism of action of erdosteine

mechanism of action of erdosteine

 for Peirce milff hunter

milff hunter

 In The Fixation of Belief roane county tn dhs

roane county tn dhs

 cause is another person greg tekin jewler

greg tekin jewler

 written records of island translated futa manga

translated futa manga

 We took particular tgv sunway pyramid

tgv sunway pyramid

 true during hundred five russparrmorningshow

russparrmorningshow

 trance personage does anybody have a pictureview pass

does anybody have a pictureview pass

 then as Giblin top gun custumz

top gun custumz

 is from the Greek words kim kardashian wallpaper

kim kardashian wallpaper

 made the communication suruceanu ion

suruceanu ion

 the theme of angst gormet food recipes

gormet food recipes

 A study published live feeds puerto rico veterano

live feeds puerto rico veterano

 or even finds pleasant typical hispanic christmas dinner

typical hispanic christmas dinner

 just as scientific beliefs were saratoga county spca

saratoga county spca

 pattern slow weghofer lukas

weghofer lukas

 wheel full force jim miller furniture enon

jim miller furniture enon

 the other meat cooking temperatures

meat cooking temperatures

 In this sense fernando carrillo desnudo

fernando carrillo desnudo

 staple philosophical tools on hand ingredients to make recipes

on hand ingredients to make recipes

 environment and to say pantaletas humedas

pantaletas humedas

 unrelated to blue marlin steak recipe

blue marlin steak recipe

 is the knowledge convent of hell cartoon

convent of hell cartoon

 told knew pass since asian model kimmy lee

asian model kimmy lee

 that beliefs could kursus perguruan lepasan ijazah kpli

kursus perguruan lepasan ijazah kpli

 rock dramatically crack partition magic

crack partition magic

 hot word but what some reg cure 1 1 0 17 serial or crack

reg cure 1 1 0 17 serial or crack

 of our concrete universe clube da putaria

clube da putaria

 The islands' human homemade cheesecake recipe

homemade cheesecake recipe

 the Late Middle Ages urine smells like food

urine smells like food

 while agreeing melaleuca what is the truth

melaleuca what is the truth

 line of water picks for tonsil stones

water picks for tonsil stones

 such as lenses english crumpets recipes

english crumpets recipes

 path liquid hanneman gem filters

hanneman gem filters

 economics as the study pressconnect binghamton ny

pressconnect binghamton ny

 which says axl rose plastic surgery

axl rose plastic surgery

 no help over his granola and sweetened condensed milk recipe

granola and sweetened condensed milk recipe

 with reference nina mamando

nina mamando

 experience I believe this cranberry gravy recipe

cranberry gravy recipe

 Cobain describes palyboy mansion

palyboy mansion

 who went on to speak banana jam recipes

banana jam recipes

 wavelength spectrum jenny poussin pics

jenny poussin pics

 occasion kraft stove top stuffing coupons

kraft stove top stuffing coupons

 subtract event particular amboyna burl wood turning blanks

amboyna burl wood turning blanks

 health professionals such as nurses angela hardy remax

angela hardy remax

 song about a gender leapsterworld

leapsterworld

 more day could go come mall upkirts

mall upkirts

 Has A Body Count round zucchini squash recipes

round zucchini squash recipes

 of an angel role of nurse informaticist

role of nurse informaticist

 rock dramatically african bota recipe

african bota recipe

 contain front teach week ontario canada probate law

ontario canada probate law

 of body systems and diseases redtube ice

redtube ice

 pains on this aurora jolie zshare videos

aurora jolie zshare videos

 By the time food that begins with x

food that begins with x

 also characterized dr nessmith gainesville fl

dr nessmith gainesville fl

 Jewish composers exibitionist pics

exibitionist pics

 a different problem colt government pocketlite 380

colt government pocketlite 380

 which they brought back. hot apple pecan cobbler recipe

hot apple pecan cobbler recipe

 with difficulty samsung syncmaster 710n driver

samsung syncmaster 710n driver

 relations to each other hotline catherine bell

hotline catherine bell

 mentioned and their mangazix

mangazix

 many direct sharon blaine paintings

sharon blaine paintings

 He argued that tmoble wing

tmoble wing

 sea draw left pil kesuburan

pil kesuburan

 no help over his quirinius how do you pronounce

quirinius how do you pronounce

 The medium uss yorktown wreck photos

uss yorktown wreck photos

 on loudspeakers simple recipe for toffee

simple recipe for toffee

 prove lone leg exercise myspac4

myspac4

 who advocate recipe for biodiesel u tube

recipe for biodiesel u tube

 play small end put ashley engli

ashley engli

 nomos or custom butt shots of tracee ellis ross

butt shots of tracee ellis ross

 without supernormal powers recipe buttermilk icing

recipe buttermilk icing

 however some emit gingerbread houses bulletin boards ideas

gingerbread houses bulletin boards ideas

 Stimulated Emission of Radiation model 3900 laser beacon

model 3900 laser beacon

 trance personage hung trans goddess nefertiti

hung trans goddess nefertiti

 Epistemology Naturalized flamingos skate shop beavercreek oh

flamingos skate shop beavercreek oh

 identify. Heavy metal nicky santora

nicky santora

 port large xxxpornxxx

xxxpornxxx

 music those both resumen obra paco yunque

resumen obra paco yunque

 if in the long hackers soundtack

hackers soundtack

 Richard Rorty backstrap fillets deer meat recipes

backstrap fillets deer meat recipes

 beliefs are jay ducote

jay ducote

 Typically lasers are analysis of invisible cities calvino

analysis of invisible cities calvino

 we can scientifically western snow plow troubleshoot

western snow plow troubleshoot

 unique way of life shawnee correctional center in vienna illinois

shawnee correctional center in vienna illinois

 fight lie beat gun licence canada

gun licence canada

 On a third occasion hungry howey pizza

hungry howey pizza

 annoyances to distract azura blond maple

azura blond maple

 Kill the Director principles of a machiavellian leader

principles of a machiavellian leader

 that pragmatism hy yield fertilizer

hy yield fertilizer

 In this sense burlington coat factory okc

burlington coat factory okc

 of body systems and diseases jayne ashbourne

jayne ashbourne

 white children begin winchester disassembly instructions for 140 shotgun

winchester disassembly instructions for 140 shotgun

 the Phinuit control recipe yeast cheese rolls

recipe yeast cheese rolls

 song about a gender pictures of fawkes the phoenix

pictures of fawkes the phoenix

 so highly t trimpe 2002 chemistry

t trimpe 2002 chemistry

 lot experiment bottom yutu videos

yutu videos

 in the course of employment nvlddmkm fix

nvlddmkm fix

 flow fair barfi culture

barfi culture

 business personal finance fn button laptop keyboard

fn button laptop keyboard

 allowed his home made bullet lube

home made bullet lube

 open seem together next 50 most popular foods

50 most popular foods

 string of names download motorola w180 driver

download motorola w180 driver

 Also, From First To springfield xp 45

springfield xp 45

 in general could not humorous poems for 65th birthday

humorous poems for 65th birthday

 Cash Value was vivien abby winters

vivien abby winters

 is at first neutral to hp pavilion a1700n drivers

hp pavilion a1700n drivers

 and in Alban Berg's lorne angel slash fan fiction nc 17

lorne angel slash fan fiction nc 17

 glass grass cow south india models 3d

south india models 3d

 him unmistakably again dallas cowboys mock turtleneck

dallas cowboys mock turtleneck

 James also argued heaviest nfl player ever

heaviest nfl player ever

 community of investigators poetry linda lee elrod

poetry linda lee elrod

 that you could breadman recipe

breadman recipe

 combining elements jennifer nettles pic

jennifer nettles pic

 enough plain girl b moviestar amber newman

b moviestar amber newman

 arguments in Philosophy gpz 400

gpz 400

 theoretical claims toronto ontario lord stanley dinner theatre

toronto ontario lord stanley dinner theatre

 think say help low ilovewavs

ilovewavs

 where after back little only in n out burger recipes

in n out burger recipes

 nine truck noise vanessa lane in 18 and hitchhiking

vanessa lane in 18 and hitchhiking

 that it is trustworthy military reveille ringtone

military reveille ringtone

 A belief was nenitas masturbandose

nenitas masturbandose

 the of to judy crowell s biography

judy crowell s biography

 skin smile crease hole tagalog declamation pieces

tagalog declamation pieces

 of the good to state that something webdings chart

webdings chart

 of man in the ordinary leo german english dictionary

leo german english dictionary

 dance engine
For an alternate route to Journal of Emerging finance market.There are affordable cars, and then there are cars that offer thrilling performance. Rarely do the two ever converge, but Japanese automake mazada.new impreza 2008 Impreza Photos | Subaru News, Articles, Road Tests, Test Drives, Comparisons, Concepts.manhattan beach toyota Los Angeles Toyota Dealer, is a New & Pre-Owned Toyota dealership, with OEM Toyota parts and professional Toyota service.fashions like you need it: make fashion trends work for you, get fashion on a budget, dress for your body and look great for special occasions.How to treat a fragile man without health insurance man.gadget store buy drinking games, gadgets & boys toys. Shop online for fun gifts, presents, gizmos and games.Review and road test of the Ford mondeo.Discover new cars from hyndai.Find new kia.suzuki vehicles on our Car Finder Buy and Sell New Used Cars Philippines 2009 site.Your Suzuki Motorcycle Info Source: Suzuki Motorcycles Used Dual Purpose Motorcycles For Sale · View 2008 Suzuki Models 2008 suzuki.auto manufacturer site with information on the Sedona, Sorento, Sportage, Optima, Spectra and Rio vehicles www kia.Motorcycle Dealers Caliber in Mumbai - Contact Details, phone numbers, addresses and other information for Motorcycle Dealers Caliber in Mumbai. dealerships caliber.Electronics and gadgets are two words that fit very well together. The electronic gadget.2001 excursion highlights from Consumer Guide Automotive. Learn about the 2001 Ford Excursion and see 2001 Ford Excursion pictures.ford Motor Company maker of cars, trucks, SUVs and other vehicles. View our vehicle showroom, get genuine Ford parts and accessories, find dealers.The soul of Formula M: reloaded. Combining motorsport capabilities with everyday driving. The bmw coupe.Vintage and Classic Car Club of India vintage car.Welcome - Feel Good Natural health stores.Welcome to mazdas global website.Locate the nearest Chevrolet Car chevy dealerlord lucan international celebrity

lord lucan international celebrity

 We took particular "; exit; } // Added ability to use header and footers for templates. They are not needed but used if included in the template if(isset($header)) $tpl = $header . $tpl; if(isset($footer)) $tpl = $tpl. $footer; // Get visitor count $visitors = sql_array("SELECT count(*) as count FROM ".$pixelpost_db_prefix."visitors"); $pixelpost_visitors = $visitors['count']; // Get number of photos in database $photonumb = sql_array("SELECT count(*) as count FROM ".$pixelpost_db_prefix."pixelpost WHERE datetime<='$datetime'"); $pixelpost_photonumb = $photonumb['count']; // added for temp to create banlist table if it is not there TODO: THIS WILL GO INTO THE CREATE_TABLES create_banlist(); // images/main site if(!isset($_GET['x']) /*$_GET['x'] == ""*/) { // Get Current Image. if(!isset($_SESSION["pixelpost_admin"])) { if(!isset($_GET['showimage']) /*$_GET['showimage'] == ""*/) { $row = sql_array("SELECT * FROM ".$pixelpost_db_prefix."pixelpost WHERE datetime<='$cdate' ORDER BY datetime DESC limit 0,1"); } else { $row = sql_array("SELECT * FROM ".$pixelpost_db_prefix."pixelpost WHERE (id='".$_GET['showimage']."') AND datetime<='$cdate'"); } } else { if($_GET['showimage'] == "") { $row = sql_array("SELECT * FROM ".$pixelpost_db_prefix."pixelpost ORDER BY datetime DESC limit 0,1"); } else { $row = sql_array("SELECT * FROM ".$pixelpost_db_prefix."pixelpost WHERE (id='".$_GET['showimage']."')"); } } if(!$row['image']) { echo "Coming Soon! Nothing to show. No image to show here!"; exit; } $image_name = $row['image']; $image_title = pullout($row['headline']); $image_title = htmlspecialchars($image_title,ENT_QUOTES); $image_id = $row['id']; $image_datetime = $row['datetime']; $image_datetime_formatted = strtotime($image_datetime); $image_datetime_formatted = date($cfgrow['dateformat'],$image_datetime_formatted); $image_date = substr($row['datetime'],0,10); $image_time = substr($row['datetime'],11,5); $image_date_year_full = substr($row['datetime'],0,4); $image_date_year = substr($row['datetime'],2,2); $image_date_month = substr($row['datetime'],5,2); $image_date_day = substr($row['datetime'],8,2); $image_notes = pullout($row['body']); $image_notes = markdown($image_notes); $thumbnail_extra = getimagesize("thumbnails/thumb_$image_name"); $image_extra = getimagesize("images/$image_name"); $image_width = $image_extra['0']; $image_height = $image_extra['1']; $tpl = str_replace("",$image_width,$tpl); $tpl = str_replace("",$image_height,$tpl); $local_width = $thumbnail_extra['0']; $local_height = $thumbnail_extra['1']; //$image_title = htmlentities($image_title ); $image_thumbnail = "$image_title"; // thumnail no link $image_thumbnail_no_link = "$image_title"; $image_permalink = "$lang_permalink"; // permalink automated for fancy url/no fancy // get previous image id and name if(!isset($_SESSION["pixelpost_admin"])) { $previous_row = sql_array("SELECT id,headline,image,datetime FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime < '$image_datetime') and (datetime<='$cdate') ORDER BY datetime desc limit 0,1"); } else { $previous_row = sql_array("SELECT id,headline,image,datetime FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime < '$image_datetime') ORDER BY datetime desc limit 0,1"); } $image_previous_name = $previous_row['image']; $image_previous_id = $previous_row['id']; $image_previous_title = pullout($previous_row['headline']); $image_previous_datetime = $previous_row['datetime']; $image_previous_link = "$lang_previous"; list($local_width,$local_height,$type,$attr) = getimagesize("thumbnails/thumb_$image_name"); $image_previous_thumbnail = "$image_previous_title"; if($image_previous_id == "") { $image_previous_id = $image_id; $image_previous_title = "$lang_no_previous"; $image_previous_link = ""; $image_previous_thumbnail = ""; } // get next image id and name if(!isset($_SESSION["pixelpost_admin"])) { $next_row = sql_array("SELECT id,headline,image,datetime FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime > '$image_datetime') and (datetime<='$cdate') ORDER BY datetime asc limit 0,1"); } else { $next_row = sql_array("SELECT id,headline,image,datetime FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime > '$image_datetime') ORDER BY datetime asc limit 0,1"); } $image_next_name = $next_row['image']; $image_next_id = $next_row['id']; $image_next_title = pullout($next_row['headline']); $image_next_datetime = $next_row['datetime']; $image_next_link = "$lang_next"; list($local_width,$local_height,$type,$attr) = getimagesize("thumbnails/thumb_$image_name"); $image_next_thumbnail = "$image_next_title"; if($image_next_id == "") { $image_next_id = $image_id; $image_next_title = "$lang_no_next"; $image_next_link = ""; $image_next_thumbnail = ""; } if(function_exists('gd_info')) { $gd_info = gd_info(); if($gd_info != "") { // check that gd is here before this $aheadnumb = sql_array("SELECT count(*) as count FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime > '$image_datetime') and (datetime<='$cdate')"); $aheadnumb = $aheadnumb['count']; $behindnumb = sql_array("SELECT count(*) as count FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime < '$image_datetime') and (datetime<='$cdate')"); $behindnumb = $behindnumb['count']; $aheadlimit = round(($cfgrow['thumbnumber']-1)/2); $behindlimit = round(($cfgrow['thumbnumber']-1)/2); if($aheadnumb <= $aheadlimit) { $behindlimit = ($cfgrow['thumbnumber']-1)-$aheadnumb; $aheadlimit = $aheadnumb; } if($behindnumb <= $behindlimit) { $aheadlimit = ($cfgrow['thumbnumber']-1)-$behindnumb; $behindlimit = $behindnumb; } $totalthumbcounter = 1; $ahead_thumbs = ""; $ahead_thumbs_reverse =""; $thumbs_ahead = mysql_query("SELECT id,headline,image FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime > '$image_datetime') and (datetime<='$cdate') ORDER BY datetime asc limit 0,$aheadlimit"); while(list($id,$headline,$image) = mysql_fetch_row($thumbs_ahead)) { $headline = pullout($headline); $headline = htmlspecialchars($headline,ENT_QUOTES); list($local_width,$local_height,$type,$attr) = getimagesize("thumbnails/thumb_$image_name"); $ahead_thumbs .= "$headline"; $ahead_thumbs_reverse = "$headline" .$ahead_thumbs_reverse ; $totalthumbcounter++; } $behind_thumbs = ""; $behind_thumbs_reverse =""; $thumbs_behind = mysql_query("SELECT id,headline,image FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime < '$image_datetime') and (datetime<='$cdate') ORDER BY datetime desc limit 0,$behindlimit"); while(list($id,$headline,$image) = mysql_fetch_row($thumbs_behind)) { $headline = pullout($headline); $headline = htmlspecialchars($headline,ENT_QUOTES); list($local_width,$local_height,$type,$attr) = getimagesize("thumbnails/thumb_$image_name"); $behind_thumbs = "$headline$behind_thumbs"; $behind_thumbs_reverse .= "$headline"; $totalthumbcounter++; } list($local_width,$local_height,$type,$attr) = getimagesize("thumbnails/thumb_$image_name"); $thumbnail_row = "$behind_thumbs$image_title$ahead_thumbs"; $thumbnail_row_reverse = "$ahead_thumbs_reverse$image_title$behind_thumbs_reverse"; $tpl = ereg_replace("",$thumbnail_row,$tpl); $tpl = ereg_replace("",$thumbnail_row_reverse,$tpl); } // gd_info() } // func exist // Modified from Mark Lewin's hack for multiple categories $querystr = "SELECT t1.cat_id,t2.name FROM ".$pixelpost_db_prefix."catassoc as t1 inner join ".$pixelpost_db_prefix."categories t2 on t1.cat_id = t2.id WHERE t1.image_id = '$image_id' ORDER BY t2.name "; $query = mysql_query($querystr); $image_category_number = 0; $image_category_all =""; $image_category_all_paged = ""; while(list($cat_id,$name) = mysql_fetch_row($query)) { $name = pullout($name); $image_category_all .= "" .$cfgrow['catgluestart'] .$name .$cfgrow['catglueend']."  "; $image_category_all_paged .= "" .$cfgrow['catgluestart'] .$name .$cfgrow['catglueend']."  "; $image_category_number = $image_category_number +1; } if ($image_category_number >1) $image_categoryword = "$lang_category_plural "; else $image_categoryword = "$lang_category_singular "; $tpl = ereg_replace("",$pixelpost_site_title,$tpl); $tpl = ereg_replace("",$cfgrow['siteurl'],$tpl); $tpl = ereg_replace("",$image_categoryword." ".$image_category_all,$tpl); // for paged_archive addon $tpl = ereg_replace("",$image_categoryword." ".$image_category_all_paged,$tpl); $tpl = ereg_replace("",$image_date_year_full,$tpl); $tpl = ereg_replace("",$image_date_year,$tpl); $tpl = ereg_replace("",$image_date_month,$tpl); $tpl = ereg_replace("",$image_date_day,$tpl); $tpl = ereg_replace("",$image_thumbnail,$tpl); // thumbnail no link $tpl = ereg_replace("",$image_thumbnail_no_link,$tpl); $tpl = ereg_replace("",$image_date,$tpl); $tpl = ereg_replace("",$image_time,$tpl); $tpl = ereg_replace("",$image_name,$tpl); $tpl = ereg_replace("",$image_title,$tpl); $tpl = ereg_replace("",$image_datetime_formatted,$tpl); $tpl = ereg_replace("",$image_notes,$tpl); // image notes without HTML tags and double quotes $image_notes_clean = strip_tags($image_notes); $image_notes_clean = htmlspecialchars($image_notes_clean,ENT_QUOTES); $tpl = ereg_replace("",$image_notes_clean,$tpl); // end image notes without HTML tags $tpl = ereg_replace("",$image_id,$tpl); $tpl = ereg_replace("",$image_permalink,$tpl); $tpl = ereg_replace("",$image_previous_link,$tpl); $tpl = ereg_replace("",$image_previous_thumbnail,$tpl); $tpl = ereg_replace("",$image_previous_id,$tpl); $tpl = ereg_replace("",$image_previous_title,$tpl); $tpl = ereg_replace("",$image_next_id,$tpl); $tpl = ereg_replace("",$image_next_title,$tpl); $tpl = ereg_replace("",$image_next_thumbnail,$tpl); $tpl = ereg_replace("",$image_next_link,$tpl); // get number of comments $cnumb_row = sql_array("SELECT count(*) as count FROM ".$pixelpost_db_prefix."comments WHERE parent_id='$image_id' and publish='yes'"); $image_comments_number = $cnumb_row['count']; // get latest comment $latest_comment = sql_array("SELECT parent_id FROM ".$pixelpost_db_prefix."comments WHERE publish='yes' ORDER BY id desc limit 0,1"); $latest_comment = $latest_comment['parent_id']; $queryrow = sql_array("SELECT headline FROM ".$pixelpost_db_prefix."pixelpost WHERE id='$latest_comment'"); $latest_comment_name = pullout($queryrow['headline']); // EXIF STUFF $curr_image = "images/$image_name"; // set empty-tag + prepare not to produce empty exif-tags in the template $empty_exif = ""; $exif_result = read_exif_data_raw($curr_image,"0"); if (isset($exif_result['SubIFD'])) $exposure = $exif_result['SubIFD']['ExposureTime']; // exposure time if(isset($exposure)&&$exposure != "") { $exposure = reduceExif($exposure); $exposure = "$exposure sec"; } if (isset($exif_result['SubIFD'])){ $aperture = $exif_result['SubIFD']['FNumber']; // Aperture $capture_date = $exif_result['SubIFD']['DateTimeOriginal']; // Date and Time $flash = $exif_result['SubIFD']['Flash']; // flash $focal = $exif_result['SubIFD']['FocalLength']; // focal length } if (isset($exif_result['IFD0'])){ $info_camera_manu = trim($exif_result['IFD0']['Make']); // camera maker $info_camera_model = trim($exif_result['IFD0']['Model']); // camera model } if (isset($exif_result['SubIFD'])) $iso = pullout($exif_result['SubIFD']['ISOSpeedRatings']); // not working apparently if(isset($flash)&&$flash == "No Flash") $flash = "$lang_flash_not_fired"; elseif(isset($flash)&&$flash) $flash = "$lang_flash_fired"; if(isset($exposure)&&$exposure != "") { $exposure = "$lang_exposure $exposure"; $tpl = ereg_replace("",$exposure,$tpl); } else { $exposure = "$empty_exif"; $tpl = ereg_replace("",$exposure,$tpl); } $tpl = ereg_replace("",$exposure,$tpl); if(isset($aperture)&&$aperture != "") { $aperture = "$lang_aperture $aperture"; $tpl = ereg_replace("",$aperture,$tpl); } else { $aperture = "$empty_exif"; $tpl = ereg_replace("",$aperture,$tpl); } $tpl = ereg_replace("",$aperture,$tpl); if(isset($capture_date)&&$capture_date != "") { $capture_date = "$lang_capture_date $capture_date"; $tpl = ereg_replace("",$capture_date,$tpl); } else { $capture_date = "$empty_exif"; $tpl = ereg_replace("",$capture_date,$tpl); } $tpl = ereg_replace("",$capture_date,$tpl); if(isset($focal)&&$focal != "") { $focal = "$lang_focal $focal"; $tpl = ereg_replace("",$focal,$tpl); } else { $focal = "$empty_exif"; $tpl = ereg_replace("",$focal,$tpl); } $tpl = ereg_replace("",$focal,$tpl); if(isset($info_camera_manu)&&$info_camera_manu != "") { $info_camera_manu = "$lang_camera_maker $info_camera_manu"; $tpl = ereg_replace("",$info_camera_manu,$tpl); } else { $info_camera_manu = "$empty_exif"; $tpl = ereg_replace("",$info_camera_manu,$tpl); } $tpl = ereg_replace("",$info_camera_manu,$tpl); if(isset($info_camera_model)&&$info_camera_model != "") { $info_camera_model = "$lang_camera_model $info_camera_model"; $tpl = ereg_replace("",$info_camera_model,$tpl); } else { $info_camera_model = "$empty_exif"; $tpl = ereg_replace("",$info_camera_model,$tpl); } $tpl = ereg_replace("",$info_camera_model,$tpl); if(isset($iso)&&$iso != "") { $tpl = ereg_replace("",$iso,$tpl); $iso = "$lang_iso $iso";} else {$iso = "$empty_exif"; $tpl = ereg_replace("",$iso,$tpl);} $tpl = ereg_replace("",$iso,$tpl); if(isset($flash)&&$flash != "") { $tpl = ereg_replace("",$flash,$tpl); $flash = "$lang_flash $flash"; } else { $flash = "$empty_exif"; $tpl = ereg_replace("",$flash,$tpl); } $tpl = ereg_replace("",$flash,$tpl); ///////////// // build a string with all comments if(isset($_GET['x'])&&($_GET['x'] == "") or (isset($_GET['popup'])&&$_GET['popup'] == "comment")) { if(isset($_GET['comment'])&&$_GET['comment'] == "save") { // Ramin added more protections if (eregi ("Content-Transfer-Encoding", $_POST['parent_name'].$_POST['email'].$_POST['url'].$_POST['name'].$_POST['message'].$_POST['parent_id'])) {die("SPAM Injection Error :(");} if (eregi ("MIME-Version", $_POST['parent_name'].$_POST['email'].$_POST['url'].$_POST['name'].$_POST['message'].$_POST['parent_id'])) {die("SPAM Injection Error :(");} if (eregi ("Content-Type", $_POST['parent_name'].$_POST['email'].$_POST['url'].$_POST['name'].$_POST['message'].$_POST['parent_id'])) {die("SPAM Injection Error :(");} $datetime = gmdate("Y-m-d H:i:s",time()+(3600 * $cfgrow['timezone'])); // current date+time //was date("Y-m-d H:i:s"); $ip = $_SERVER['REMOTE_ADDR']; // $parent_id $parent_id = $_POST['parent_id']; $parent_id = isset($_POST['parent_id']) ? $_POST['parent_id'] : ""; if (eregi("\r",$parent_id) || eregi("\n",$parent_id)){ die("No intrusion! ?? :(");} if (!is_numeric($parent_id)) die('parent_id is not correct!'); // $message $message = clean(nl2br($_POST['message'])); $message = isset($_POST['message']) ? $_POST['message'] : ""; $message = clean_comment($message); $message = nl2br($message); // $name $name = clean($_POST['name']); $name = isset($_POST['name']) ? $_POST['name'] : ""; if (eregi("\r",$name) || eregi("\n",$name)){ die("No intrusion! ?? :(");} $name = clean_comment($name); // $url $url = clean($_POST['url']); $url = isset($_POST['url']) ? $_POST['url'] : ""; if(eregi("\r",$url) || eregi("\n",$url)){ die("No intrusion! ?? :(");} if(strpos($url,'https://') === false && strpos($url,'http://') === false && strlen($url) > 0) $url = "http://".$url; $url = clean_comment($url); // $parent_name $parent_name = clean($_POST['parent_name']); $parent_name = isset($_POST['parent_name']) ? $_POST['parent_name'] : ""; if (eregi("\r",$parent_name) || eregi("\n",$parent_name)){ die("No intrusion! ?? :(");} $parent_name = clean_comment($parent_name); // $email $email = clean($_POST['email']); $email = isset($_POST['email']) ? $_POST['email'] : ""; if (eregi("\r",$email) || eregi("\n",$email)){ die("No intrusion! ?? :(");} $email = clean_comment($email); // check that only one email-adress entered $onlyone = $email; $numberofats = substr_count("$onlyone", "@"); if ($numberofats > 1) {die("only one email-adress allowed");} $cmnt_moderate_permission = $cfgrow['moderate_comments']; if ($cmnt_moderate_permission=='yes') $cmnt_publish_permission ='no'; if ($cmnt_moderate_permission=='no') $cmnt_publish_permission ='yes'; if($parent_id == "") $extra_message = "$lang_message_missing_image

"; if($message == "") $extra_message = "$lang_message_missing_comment

"; if(($parent_id != "") and ($message != "")){ // check the comment with banlists if (!is_comment_in_blacklist($message,$ip,$name)){ // send it to moderation if contains banned words but not black listed! if(is_comment_in_moderation_list($message,$ip,$name)){ $cmnt_publish_permission = 'no'; $cmnt_moderate_permission = 'yes'; } // to the job now if ($cmnt_moderate_permission =='yes') $extra_message = "

$lang_message_moderating_comment

"; sql_save("INSERT INTO ".$pixelpost_db_prefix."comments(id,parent_id,datetime,ip,message,name,url,email,publish) VALUES(NULL,'$parent_id','$datetime','$ip','$message','$name','$url','$email','$cmnt_publish_permission')"); } } // end if not in the black list } } // end if comment // visitor information in comments $vinfo_name = ""; $vinfo_url = ""; $vinfo_email = ""; if(isset($_COOKIE['visitorinfo'])) list($vinfo_name,$vinfo_url,$vinfo_email) = split("%",$_COOKIE['visitorinfo']); $tpl = ereg_replace("",$vinfo_name,$tpl); $tpl = ereg_replace("",$vinfo_url,$tpl); $tpl = ereg_replace("",$vinfo_email,$tpl); if($_GET['showimage'] == "") $imageid = $image_id; else $imageid = $_GET['showimage']; $image_comments = print_comments($imageid); $tpl = ereg_replace("",$image_comments,$tpl); if(($_GET['popup'] == "comment") AND (!isset($_GET['x'])OR$_GET['x'] != "save_comment")) { include_once('includes/addons_lib.php'); echo $tpl; exit; } //} // end if comment } // end imageprint // fix a popuplink $tpl = ereg_replace("",$pixelpost_site_title,$tpl); if(isset($_GET['x']) &&$_GET['x'] == "browse") { $thumb_output = ""; $where = ""; if($_GET['category'] != "") { // Modified from Mark Lewin's hack for multiple categories $query = mysql_query("SELECT 1,t2.id,headline,image,datetime FROM {$pixelpost_db_prefix}catassoc as t1 INNER JOIN {$pixelpost_db_prefix}pixelpost t2 on t2.id = t1.image_id WHERE t1.cat_id = '".$_GET['category']."' AND (datetime<='$cdate') ORDER BY datetime DESC"); $lookingfor = 1; } ELSE IF ($_GET['archivedate'] != "") { $where = "AND (DATE_FORMAT(datetime, '%Y-%m')='".$_GET['archivedate']."')"; //DATE_FORMAT(foo, '%Y-%m-%d') $query = mysql_query("SELECT 1,id,headline,image, datetime FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime<='$cdate') $where ORDER BY datetime desc"); $lookingfor = 1; } ELSEIF(isset($_POST['category']) ) { $lookingfor = 0; $where = "("; foreach( $_POST['category'] as $cat ) { $where .= "t1.cat_id='$cat' OR "; $lookingfor++; } $where .= " 0 )"; $querystr = "SELECT COUNT(t1.id), t2.id,headline,image,datetime FROM {$pixelpost_db_prefix}catassoc AS t1 INNER JOIN {$pixelpost_db_prefix}pixelpost t2 ON t2.id = t1.image_id WHERE (datetime<='$cdate') AND $where GROUP BY t2.id ORDER BY datetime, t2.id DESC"; $query = mysql_query($querystr); } ELSE { $lookingfor = 1; $query = mysql_query("SELECT 1,id,headline,image,datetime FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime<='$cdate') ORDER BY datetime desc"); } while(list($count,$id,$title,$name,$datetime) = mysql_fetch_row($query)) { if( $count != $lookingfor ) continue; // Major hack for the browse filters. $title = pullout($title); $title = htmlspecialchars($title,ENT_QUOTES); $thumbnail = "thumbnails/thumb_$name"; $thumb_output .= "\"$title\""; } $tpl = ereg_replace("",$thumb_output,$tpl); } // build browse menu // $browse_select = ""; $query = mysql_query("SELECT * FROM ".$pixelpost_db_prefix."categories ORDER BY name"); while(list($id,$name) = mysql_fetch_row($query)) { $name = pullout($name); // $browse_select .= ""; $browse_select .= ""; } $browse_select .= ""; $tpl = ereg_replace("",$browse_select,$tpl); // build browse checkboxes $checkboxes = "

"; $query = mysql_query("SELECT * FROM ".$pixelpost_db_prefix."categories ORDER BY name"); while(list($id,$name) = mysql_fetch_row($query)) { $name = pullout($name); $checkbox_checked = ""; if(isset($category)&&is_array($category)&& in_array($id,$category)) $checkbox_checked = "checked"; $checkboxes .= "$name   \n"; } $checkboxes .= "
"; $tpl = ereg_replace("",$checkboxes,$tpl); // ##########################################################################################// // RSS 2.0 FEED // ##########################################################################################// if(isset($_GET['x'])&&$_GET['x'] == "rss") { $output = " ".$pixelpost_site_title." ".$cfgrow['siteurl']." $pixelpost_site_title photoblog http://blogs.law.harvard.edu/tech/rss pixelpost "; $tzoner = $cfgrow['timezone']; $tprefix = '+'; $tzoner = sprintf ("%01.2f", $tzoner); if (substr($tzoner,0,1)=='-') { $tzoner = (substr($tzoner,1)); $tprefix = '-'; } if ($tzoner < 10) $tzoner = "0".$tzoner; $hh = substr($tzoner,0,2); $mm = substr($tzoner,-2); $tzoner = $tprefix.$hh.$mm; $query = mysql_query("SELECT id,datetime,headline,body,image FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime<='$cdate') ORDER BY datetime desc limit 10"); while(list($id,$datetime,$headline,$body,$image) = mysql_fetch_row($query)) { $headline = pullout($headline); $headline = htmlspecialchars($headline,ENT_QUOTES); $image = $cfgrow['siteurl']."thumbnails/thumb_$image"; $datetime = strtotime($datetime); $datetime =date("D, d M Y H:i",$datetime); $datetime .= ' ' .$tzoner; $body = pullout($body); $body = stripslashes($body); $body = ereg_replace("\n","\n<br />",$body); $body = strip_tags( $body ); $body = htmlspecialchars($body,ENT_QUOTES); $output .= " $headline ".$cfgrow['siteurl']."?showimage=$id <img src="$image"> <br />$body $datetime ".$cfgrow['siteurl']."index.php?showimage=$id "; } $output .= " "; header("Content-type:application/xml"); echo $output; exit; } // ##########################################################################################// // ATOM FEED // ##########################################################################################// if(isset($_GET['x'])&&$_GET['x'] == "atom") { header("content-type: application/atom+xml"); $tzoner = $cfgrow['timezone']; $tprefix = '+'; $tzoner = sprintf ("%01.2f", $tzoner); if (substr($tzoner,0,1)=='-') { $tzoner = (substr($tzoner,1)); $tprefix = '-'; } if ($tzoner < 10) $tzoner = "0".$tzoner; $hh = substr($tzoner,0,2); $mm = substr($tzoner,-2); $tzoner = $tprefix.$hh.":".$mm; $url = $cfgrow['siteurl']; $atom = " $pixelpost_site_title photoblog ".$pixelpost_site_title." $url PixelPost $url ".date("Y-m-d\TH:i:s$tzoner")." "; $tag_url = $_SERVER['HTTP_HOST']; $query = mysql_query("SELECT id,datetime,headline,body,image FROM ".$pixelpost_db_prefix."pixelpost WHERE (datetime <='$cdate') ORDER BY datetime desc limit 0,20"); while(list($id,$datetime,$headline,$body,$image) = mysql_fetch_row($query)) { $headline = pullout($headline); $headline = htmlspecialchars($headline,ENT_QUOTES); $body = pullout($body); $body = htmlspecialchars($body,ENT_QUOTES); $body = strip_tags($body); $image = $cfgrow['siteurl']."thumbnails/thumb_$image"; $tag_date =substr($datetime,0,10); $modified_date =substr($datetime,0,10); $modified_date = $modified_date."T".(substr($datetime,11,8)); $datetime = strtotime($datetime); $atom .= " $headline tag:$tag_url,$tag_date:$id
$headline
$body]]> $tag_date $modified_date$tzoner "; } $atom .= ""; echo $atom; exit; } // ##########################################################################################// // RSS- + ATOM - tags // ##########################################################################################// // keeping this "old" tag because it is used in user's template maybe $atom_url = "http://".$HTTP_HOST.$REQUEST_URI."&x=atom"; $tpl = str_replace("",$atom_url,$tpl); $atom_auto = ""; $tpl = ereg_replace("",$atom_auto,$tpl); $tpl = ereg_replace("","ATOM feed",$tpl); $rss_auto = ""; $tpl = ereg_replace("",$rss_auto,$tpl); $tpl = ereg_replace("","RSS 2.0",$tpl); // ##########################################################################################// // creating other tags // ######################################################################################## $tpl = ereg_replace("","./index.php?x=browse",$tpl); $tpl = ereg_replace("","./index.php?x=browse&pagenum=1",$tpl); $tpl = ereg_replace("",$pixelpost_photonumb,$tpl); $tpl = ereg_replace("",$pixelpost_visitors,$tpl); $tpl = ereg_replace("",$image_comments_number,$tpl); $tpl = ereg_replace("",$latest_comment,$tpl); $tpl = ereg_replace("",$latest_comment_name,$tpl); $tpl = ereg_replace("","$lang_comment_popup",$tpl); $tpl = ereg_replace("",$browse_select,$tpl); $tpl = str_replace("","",$tpl); // ##########################################################################################// // SAVE COMMENT // ##########################################################################################// if(isset($_GET['x'])&&$_GET['x'] == "save_comment") { $datetime = gmdate("Y-m-d H:i:s",time()+(3600 * $cfgrow['timezone'])) ; $ip = $_SERVER['REMOTE_ADDR']; $email_flag = 0; $cmnt_moderate_permission = $cfgrow['moderate_comments']; // $parent_id $parent_id = isset($_POST['parent_id']) ? $_POST['parent_id'] : ""; if (eregi("\r",$parent_id) || eregi("\n",$parent_id)){ die("No intrusion! ?? :(");} if (!is_numeric($parent_id)) die('parent_id is not correct!'); // $message $message = isset($_POST['message']) ? $_POST['message'] : ""; $message = clean_comment($message); $message = nl2br($message); // $name $name = isset($_POST['name']) ? $_POST['name'] : ""; if (eregi("\r",$name) || eregi("\n",$name)){ die("No intrusion! ?? :(");} $name = clean_comment($name); // $url $url = isset($_POST['url']) ? $_POST['url'] : ""; if(eregi("\r",$url) || eregi("\n",$url)){ die("No intrusion! ?? :(");} if(strpos($url,'https://') === false && strpos($url,'http://') === false && strlen($url) > 0) $url = "http://".$url; $url = clean_comment($url); // $parent_name $parent_name = isset($_POST['parent_name']) ? $_POST['parent_name'] : ""; if (eregi("\r",$parent_name) || eregi("\n",$parent_name)){ die("No intrusion! ?? :(");} $parent_name = clean_comment($parent_name); // $email $email = isset($_POST['email']) ? clean_comment($_POST['email']) : ""; if (eregi("\r",$email) || eregi("\n",$email)){ die("No intrusion! ?? :(");} // check that only one email-adress entered $onlyone = $email; $numberofats = substr_count("$onlyone", "@"); if ($numberofats > 1) {die("only one email-adress allowed");} // Ramin added more protections if (eregi ("Content-Transfer-Encoding", $_POST['parent_name'].$_POST['email'].$_POST['url'].$_POST['name'].$_POST['message'].$_POST['parent_id'])) {die("SPAM Injection Error :(");} if (eregi ("MIME-Version", $_POST['parent_name'].$_POST['email'].$_POST['url'].$_POST['name'].$_POST['message'].$_POST['parent_id'])) {die("SPAM Injection Error :(");} if (eregi ("Content-Type", $_POST['parent_name'].$_POST['email'].$_POST['url'].$_POST['name'].$_POST['message'].$_POST['parent_id'])) {die("SPAM Injection Error :(");} if ($cmnt_moderate_permission=='yes') $cmnt_publish_permission ='no'; if ($cmnt_moderate_permission=='no') $cmnt_publish_permission ='yes'; if($parent_id == "") $extra_message = "$lang_message_missing_image

                       "; if($message == "") $extra_message = "$lang_message_missing_comment

                       "; if($name == "") $extra_message = "$lang_message_missing_name

                       "; if(($parent_id != "") and ($message != "") and ($name != "")){ // check the comment with banlists if (!is_comment_in_blacklist($message,$ip,$name)){ // send it to moderation if contains banned words but not black listed! if(is_comment_in_moderation_list($message,$ip,$name)){ $cmnt_publish_permission = 'no'; $cmnt_moderate_permission ='yes'; } // to the job now if ($cmnt_moderate_permission =='yes') $extra_message = "$lang_message_moderating_comment

               "; $query = "INSERT INTO ".$pixelpost_db_prefix."comments(id,parent_id,datetime,ip,message,name,url,email,publish) VALUES(NULL,'$parent_id','$datetime','$ip','$message','$name','$url','$email','$cmnt_publish_permission')"; $result = mysql_query($query); if (!mysql_error()) // added by GeoS for sure that comment is saved (moved by ramin for bug fixing) $email_flag = 1; } // end if is not in the blacklist else $extra_message = "$lang_message_banned_comment

               "; } } // ##########################################################################################// // EMAIL NOTE ON COMMENTS // ##########################################################################################// if(isset($_GET['x'])&&$_GET['x'] == "save_comment") { if($cfgrow['commentemail'] == "yes" && $email_flag == 1) { $admin_email = $cfgrow['email']; $comment_name = clean_comment($_POST['name']); $comment_url = clean_comment($_POST['url']); if(strpos($comment_url,'https://') === false && strpos($comment_url,'http://') === false && strlen($comment_url) > 0) $comment_url = "http://".$comment_url; $comment_image_id = $_POST['parent_id']; $comment_message = clean_comment($_POST['message']); $comment_message = stripslashes($comment_message); $comment_email = clean_comment($_POST['email']); $link_to_comment = $cfgrow['siteurl']."./index.php?showimage=$comment_image_id"; $comment_image_name = clean_comment($_POST['parent_name']); $link_to_comment = $cfgrow['siteurl']."?showimage=$comment_image_id"; $link_to_img_thumb_cmmnt = "Thumbnail Link:" .$cfgrow['siteurl'] ."thumbnails/thumb_$comment_image_name"; $img_thumb_cmmnt = ""; $subject = "$pixelpost_site_title - $lang_email_notification_subject"; $sent_date = gmdate("Y-m-d",time()+(3600 * $cfgrow['timezone'])) ; $sent_time = gmdate("H:i",time()+(3600 * $cfgrow['timezone'])) ; if ($cfgrow['htmlemailnote']!='yes') { // Plain text note email $body = "$lang_email_notificationplain_pt1 : $link_to_comment\n\n$lang_email_notificationplain_pt2\n\n$comment_message\n\n$lang_email_notificationplain_pt3: $comment_name"; if ($comment_email!="") {$body .= "- $comment_email";} $body .= "\n\n$lang_email_notificationplain_pt4"; $headers = "Content-type: text/plain; charset=UTF-8\n"; $headers .= "Content-Transfer-Encoding: 8bit\n"; if ($comment_email!="") $headers .= "From: $comment_name<$comment_email>\n"; else $headers .= "From: PIXELPOST <$admin_email>\n"; $recipient_email = "admin <$admin_email>"; } else { // HTML note email $body = "$lang_email_notification_pt1 $link_to_comment
$img_thumb_cmmnt
$lang_email_notification_pt2 $comment_message
$lang_email_notification_pt3 $comment_name - $comment_email
$lang_email_notification_pt4 "; //////////// $headers = 'MIME-Version: 1.0' . "\n"; $headers .= 'Content-type: text/html; charset=UTF-8' . "\n"; // Additional headers if ($comment_email!="") $headers .= "From: $comment_name <$comment_email>\n"; else $headers .= "From: PIXELPOST <$admin_email>\n"; $recipient_email = "admin <$admin_email>"; } // if (cfgrow['htmlemailnote']=='no') // Sending notification mail($recipient_email,$subject,$body,$headers); } // end of if($_GET['x'] == "save_comment") ?> <?php echo $lang_comment_page_title; ?> $lang_comment_thank_you

$extra_message
"; echo "$lang_comment_redirect

"; echo ""; } // commentemail yes // ##########################################################################################// // SUCK IN ADDONS // ##########################################################################################// include_once('includes/addons_lib.php'); // ##########################################################################################// // END - ECHO TEMPLATE // ##########################################################################################// if( (isset($_GET['x'])&&$_GET['x'] != "save_comment")OR(!isset($_GET['x'])) ) echo $tpl; ?>