guestbook."; $LowPrivLogin = 1; include_once( 'login.php' ); define( USECOMMON, 69 ); include_once( 'common.php' ); define( USETEMPLATE, 69 ); include_once( 'template.php' ); $Template = new Template( ); $Template->set_filenames(array( 'genheader' => 'generic_header.tpl', 'genfooter' => 'generic_footer.tpl', 'header' => 'addannouncement_header.tpl', 'body' => 'addannouncement_body.tpl', 'footer' => 'addannouncement_footer.tpl' )); define( PREG_EMAIL, '/^(?:[\w-]*\w\.)*[\w-]*\w@(?:[a-zA-Z](?:[\w-]*\w)?\.)+[a-zA-Z](?:[\w-]*\w)?$/' ); define( PREG_NUMBER, '/^\d+$/' ); define( MAXLEN_EMAIL, 64 ); define( MAXLEN_POSTER, 64 ); define( MAXLEN_COMMENT, 800 ); define( BANNER_MAXSIZE, 65536 ); define( BANNER_MAXWIDTH, 200 ); define( BANNER_MAXHEIGHT, 200 ); define( TITEMS, "ebfc_tour_announcements" ); define( TLOCS, "ebfc_tour_locations" ); define( TEMAILIDS, "ebfc_tour_emailids" ); define( DATEFORMAT, "'%W %M %e, %Y'" ); $ItemRawEmail = ""; $ItemRawComment = ""; $ItemRawPoster = ""; $ItemRawTourId = -1; $ItemUniqueId = ""; $ValidItemData = 0; if( isset( $HTTP_POST_VARS['itemposter'] ) || isset( $HTTP_POST_VARS['itememail'] ) || isset( $HTTP_POST_VARS['itemcomment'] ) || isset( $HTTP_POST_FILES['imgfile'] ) || isset( $HTTP_POST_VARS['venueid'] ) ) { if( isset( $HTTP_POST_VARS['itememail'] ) ) { $ItemRawEmail = stripslashes( $HTTP_POST_VARS['itememail'] ); $ItemEmail = PrepareStringForDB( $HTTP_POST_VARS['itememail'] ); } if( isset( $HTTP_POST_VARS['itemcomment'] ) ) { $ItemRawComment = stripslashes( $HTTP_POST_VARS['itemcomment'] ); $ItemComment = PrepareStringForDB( $HTTP_POST_VARS['itemcomment'] ); } if( isset( $HTTP_POST_VARS['itemposter'] ) ) { $ItemRawPoster = stripslashes( $HTTP_POST_VARS['itemposter'] ); $ItemPoster = PrepareStringForDB( $HTTP_POST_VARS['itemposter'] ); } if( isset( $HTTP_POST_VARS['venueid'] ) && preg_match( PREG_NUMBER, $HTTP_POST_VARS['venueid'] ) ) { $ItemVenue = ( int )( $HTTP_POST_VARS['venueid'] / 100 ); $Sql = "SELECT id FROM " . TLOCS . " WHERE id='$ItemVenue'"; ++$NumSqlQueries; mysql_query( $Sql, $DBLink ); if( mysql_affected_rows( $DBLink ) > 0 ) { $ItemRawTourId = $HTTP_POST_VARS['venueid']; } else { $ItemVenue = -1; } } if( isset( $HTTP_POST_VARS['uniqueid'] ) && preg_match( PREG_SECRET, $HTTP_POST_VARS['uniqueid'] ) ) { $ItemUniqueId = $HTTP_POST_VARS['uniqueid']; $Sql = "SELECT id FROM " . TITEMS . " WHERE uniqueid='$ItemUniqueId'"; ++$NumSqlQueries; mysql_query( $Sql, $DBLink ); if( mysql_affected_rows( $DBLink ) > 0 ) { $ItemUniqueId = ""; } } if( $ItemRawTourId < 0 ) { $Error = 15; $ErrorInfo = "Please select a valid venue"; } else if( !isset( $HTTP_POST_VARS['itemposter'] ) || strlen( $ItemPoster ) > MAXLEN_POSTER || strlen( $ItemPoster ) < 1 ) { $Error = 10; $ErrorInfo = "Please enter a valid name up to " . MAXLEN_POSTER . " characters"; } else if( !isset( $HTTP_POST_VARS['itememail'] ) || !preg_match( PREG_EMAIL, $HTTP_POST_VARS['itememail'] ) || strlen( $ItemEmail ) > MAXLEN_EMAIL || strlen( $ItemEmail ) < 1 ) { $Error = 8; $ErrorInfo = "Please enter a valid email address up to " . MAXLEN_EMAIL . " characters"; } else if( !isset( $HTTP_POST_VARS['itemcomment'] ) || strlen( $ItemRawComment ) > MAXLEN_COMMENT || strlen( $ItemRawComment ) < 1 ) { $Error = 9; $ErrorInfo = "Please enter a valid comment up to " . MAXLEN_COMMENT . " characters"; } else if( isset( $HTTP_POST_FILES['imgfile'] ) # optional && $HTTP_POST_FILES['imgfile']['size'] > 0 && ( $HTTP_POST_FILES['imgfile']['size'] > BANNER_MAXSIZE || 0 == DetermineImageFileType( $HTTP_POST_FILES['imgfile']['tmp_name'] ) || ImageFileSizeLarger( $HTTP_POST_FILES['imgfile']['tmp_name'], BANNER_MAXWIDTH, BANNER_MAXHEIGHT ) ) ) { $Error = 11; $ErrorInfo = "For a banner image, please provide a valid" . " JPG, PNG, or GIF that is no larger than " . BANNER_MAXWIDTH . "x" . BANNER_MAXHEIGHT . " and " . (int)(BANNER_MAXSIZE/1024) . "kB in size"; } else if( !strcmp( "", $ItemUniqueId ) ) { $Error = 16; $ErrorInfo = "Please retry your submission"; } if( !$Error ) { $Error = AddEmailId( $DBLink, $ItemRawEmail, $ItemEmailId ); } if( !$Error ) { $ValidItemData = 1; if( isset( $HTTP_POST_FILES['imgfile'] ) && $HTTP_POST_FILES['imgfile']['size'] > 0 ) { $Sql = "SELECT imageid FROM ". TITEMS ." ORDER BY imageid DESC LIMIT 1"; ++$NumSqlQueries; $Result = mysql_query( $Sql, $DBLink ); if( !$Result ) { $Error = 12; $ErrorInfo = "SQL query failed: " . mysql_error( $DBLink ) .": $Sql"; } else if( 0 < mysql_affected_rows( $DBLink ) && ( $RowSet = mysql_fetch_assoc( $Result ) ) ) { $ItemImageId = $RowSet['imageid'] + 1; } else { $ItemImageId = 1; } $ItemImageFile = GenerateFileName( FTYPE_BANNER, $ItemImageId ) . DetermineImageFileExtension( $HTTP_POST_FILES['imgfile']['tmp_name'] ); if( !copy( $HTTP_POST_FILES['imgfile']['tmp_name'], $ItemImageFile ) ) { $Error = 14; $ErrorInfo = "Error copying image file"; } } else { $ItemImageId = 0; $ItemImageFile = ""; } } } if( $Error > 0 ) { // If we've already encountered an error, don't process more } else if( isset( $HTTP_POST_VARS['additem' ] ) && $ValidItemData ) { $Sql = "INSERT INTO ". TITEMS ." (tourid,poster,email,emailid,comment,postdate," ."uniqueid,imageid,imagefile) VALUES " ."('$ItemVenue','$ItemPoster','$ItemEmail'" .",'$ItemEmailId','$ItemComment',NOW(),'$ItemUniqueId'"; if( $ItemImageId ) { $Sql = $Sql . ",'$ItemImageId','$ItemImageFile')"; } else { $Sql = $Sql . ",NULL,NULL)"; } ++$NumSqlQueries; mysql_query( $Sql, $DBLink ); if( 0 >= mysql_affected_rows( $DBLink ) ) { $Error = 6; $ErrorInfo = "SQL query failed: " . mysql_error( $DBLink ) .": $Sql"; } else { $ErrorInfo = "Announcement added successfully. Please allow up to 48 hours for the next page update"; } } $Template->assign_vars(array( 'UID' => $UidField, 'UNIQUEID' => GenerateSecret( ) )); if( $Error ) { $Template->assign_vars(array( 'POSTER' => $ItemRawPoster, 'EMAIL' => $ItemRawEmail, 'COMMENT' => $ItemRawComment )); } else { # Data successfully inserted into table, don't display prior values $ItemRawTourId = -1; $Template->assign_vars(array( 'POSTER' => "", 'EMAIL' => "", 'COMMENT' => "" )); } $Sql = "SELECT id,city FROM " . TLOCS ." ORDER BY city ASC"; ++$NumSqlQueries; $Result = mysql_query( $Sql, $DBLink ); if( !$Result ) { $Error = 1; $ErrorInfo = "SQL query failed: " . mysql_error( $DBLink ) .": $Sql"; } else if( !mysql_affected_rows( $DBLink ) ) { $Error = 2; $ErrorInfo = "No rows were returned"; } else { $Template->assign_block_vars('venue', array( 'FIELDID' => "0", 'CITY' => "Please select a venue", 'SELECTVENUE' => "" )); while( ( $RowSet = mysql_fetch_assoc( $Result ) ) ) { $CurTourId = $RowSet['id']; $CurTourCity = $RowSet['city']; $CurFieldId = $CurTourId * 100; $SelectVenue = ""; if( ( $CurTourId * 100 ) == $ItemRawTourId ) { $SelectVenue = "SELECTED"; } $Template->assign_block_vars('venue', array( 'FIELDID' => $CurFieldId, 'CITY' => "$CurTourCity", 'SELECTVENUE' => $SelectVenue )); } } $Template->assign_vars(array( 'ERRORMSG' => $ErrorInfo )); $Template->assign_var_from_handle( 'GENERICHEADER', 'genheader' ); $Template->pparse( 'header' ); $Template->pparse( 'body' ); // Determine page render time $EndTime = microtime( ); list( $StartUSec, $StartSec ) = explode( " ", $StartTime ); list( $EndUSec, $EndSec ) = explode( " ", $EndTime ); $TotalTime = ( int )( ( $EndSec - $StartSec ) * 1000 + ( $EndUSec - $StartUSec ) * 1000 ); $Template->assign_vars(array( 'GENTIME' => "$TotalTime", 'NUMQUERIES' => "$NumSqlQueries" )); $Template->assign_var_from_handle( 'GENERICFOOTER', 'genfooter' ); $Template->pparse( 'footer' ); ?>