File: /home/httpd/html/baretube.com/admin/upload_thumb.php
<?php
require "db.php";
$mbAuthToken = md5(uniqid());
$_SESSION['mbAuthToken']= $mbAuthToken;
if (stristr($_REQUEST['file'], "..")) {
exit('Invalid File');
}
if ($_POST) {
if ($_FILES['fileField']['tmp_name']) {
if (move_uploaded_file($_FILES['fileField']['tmp_name'], $thumb_path . '/' . rawurldecode($_POST['file']))) {
$file = $thumb_path . '/' . rawurldecode($_POST['file']);
if($jpegoptim_path) { shell_exec("$jpegoptim_path $jpegoptim_command \"$file\""); }
$thisThumb = $file;
if($ceph_enabled) {
if(cephUploadObject($thisThumb,str_replace("$basepath/media/","",$thisThumb))) {
if($ceph_delete_local) {
@unlink($thisThumb);
}
}
}
$success = true;
}
} else {
$error = true;
}
}
?><!DOCTYPE html>
<html class="auto-height">
<head>
<meta charset="utf-8">
<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&subset=latin,latin-ext">
<link rel="stylesheet" href="<?php echo $basehttp; ?>/admin/public/css/app.css" media="all">
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.js"></script>
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.uniform.min.js"></script>
<script src="<?php echo $basehttp; ?>/admin/public/js/app/app.js"></script>
<script src="<?php echo $basehttp; ?>/admin/public/js/app/main.js"></script>
<?php if ($success || $error) { ?>
<script>
$().ready(function () {
setTimeout(function() {
window.location = '<?php echo $_POST['referer']; ?>';
parent.$.fn.colorbox.resize({
width: '98%',
height: '95%'
});
}, 1000);
});
</script>
<?php } ?>
<script>
var basehttp = '<?php echo $basehttp; ?>';
var current_url = '<?php echo $basehttp . $_SERVER['SCRIPT_NAME']; ?>';
var current_query = '<?php echo str_replace($_SERVER['SCRIPT_NAME'], '', $_SERVER['REQUEST_URI']); ?>';
$().ready(function () {
$(document).on('click', '.window-head .close', function (e) {
e.preventDefault();
parent.$.fn.colorbox.close();
return false;
}).on('click', '.goBackTrigger', function () {
parent.$.fn.colorbox.resize({
width: '98%',
height: '95%'
});
});
});
</script>
</head>
<body>
<script>
$().ready(function () {
$('<input>').attr({
type: 'hidden',
id: 'mbAuthToken',
name: 'mbAuthToken',
value: '<? echo $mbAuthToken; ?>'
}).appendTo('form');
});
</script>
<div>
<?php if ($success) { ?><div class="notification success">Saved</div><?php } ?>
<?php if ($error) { ?><div class="notification error">File not uploaded</div><?php } ?>
<form method="POST" enctype="multipart/form-data" action="" class="form form-embed">
<input type="hidden" name="id" value="<?php echo $_REQUEST['id']; ?>" />
<input type="hidden" name="file" value="<?php echo $_REQUEST['file']; ?>" />
<input type="hidden" name="referer" value="<?php echo $_REQUEST['referer']; ?>" />
<header class="window-head">
<a href="#" onclick="javascript:history.back();return false;" class="btn btn-xs btn-seablue btn-back pull-left goBackTrigger"><i class="ion ion-arrow-left-a"></i> Go back</a>
<h1>Replace thumb</h1>
<a href="#" class="close"><i class="ion ion-close"></i></a>
</header>
<table class="pagetable">
<thead>
<tr>
<th colspan="2">Upload new thumb</td>
</tr>
</thead>
<tbody>
<tr>
<td>Filename</td>
<td><?php echo strip_tags($_GET['file']); ?></td>
</tr>
<tr>
<td>New thumbnail</td>
<td><input type="file" name="fileField" data-extensions="jpg,jpeg" /></td>
<tr>
<tr class="item submit">
<td colspan="2">
<button type="submit" class="btn action-save">Save</button>
</td>
</tr>
</tbody>
</table>
</form>
</div>
</body>
</html>