<table align="middle" width="100%" border="0" cellpadding="0" cellspacing="0" style="margin-top: 45px; margin-bottom: 15px;">
<tr>
<td><h4><?php print $lng['ground']; ?> «Vk - message»</h4></td>
</tr>
</table>
<div>
<img src="/images/vcprimer.gif" alt="Пример"/>
</div>
<?php
if($_GET['act'] == 'save') {
$url = mysql_real_escape_string(htmlspecialchars($_POST['url'], ENT_QUOTES));
$name = mysql_real_escape_string(htmlspecialchars($_POST['name'], ENT_QUOTES));
$msg = mysql_real_escape_string(htmlspecialchars($_POST['msg'], ENT_QUOTES));
$text = mysql_real_escape_string(htmlspecialchars($_POST['text'], ENT_QUOTES));
$geo = substr(mysql_real_escape_string(htmlspecialchars($_POST['geo'], ENT_QUOTES)), 0, 2);
$clx = intval($_POST['clx']);
$file = mysql_real_escape_string(htmlspecialchars($_FILES['file']['name'], ENT_QUOTES));
$stopor = intval($_POST['stopor']);
$adult = intval($_POST['adult']);
$start_time = intval($_POST['start_time']);
$end_time = intval($_POST['end_time']);
$FILE_EXTENSIONS = substr(strrchr($file,"."),1);
$size = $_FILES['file']['size'];
$size2 = GetImageSize($_FILES['file']['tmp_name']);
$result = mysql_query("SELECT price FROM parametrs WHERE path = 'vk' AND geo = '".$geo."' LIMIT 1");
$row = mysql_fetch_array($result);
if($row) {
$money = $clx * $row[price];
$urls = substr($url, 0, 4);
if($urls != "http") {
$url = "http://".$url;
}
$url = str_replace("www.","", $url);
$durl = parse_url($url);
$www = $durl[host];
if(!$url || $url == "http://" || !$text || !$file) {
print "<p class=\"er\">".$lng['er_all_input']."! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
} elseif (mysql_num_rows(mysql_query("SELECT * FROM blacklist WHERE lower(url) like lower('%$www%')"))) {
print "<p class=\"er\">".$lng['er_url_bl']."! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
} elseif (mysql_num_rows(mysql_query("SELECT * FROM advert_vk WHERE lower(url) like lower('%$url%') AND status = 3"))) {
print "<p class=\"er\">".$lng['er_url_bl']."! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
} elseif ($money > $balance) {
print "<p class=\"er\">".$lng['er_no_money']."! <a href=\"?action=add&add=popup\">« ".$lng['back']."</a></p>";
} elseif (($FILE_EXTENSIONS != "jpg" && $FILE_EXTENSIONS != "JPG" && $FILE_EXTENSIONS != "gif" && $FILE_EXTENSIONS != "GIF") && $file) {
print "<p class=\"er\">".$lng['er_banner_format']."! [*.jpg; *.gif]! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
} elseif ($size > 130000 && $file) {
print "<p class=\"er\">".$lng['er_banner_size']." 100 Кb! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
} elseif (($size2[0] > 100 || $size2[1] > 100) && $file) {
print "<p class=\"er\">".$lng['er_banner_size_wh']." 100х100рх <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
} elseif($clx < 0) {
print "<p class=\"er\">Количество добавляемых кликов должно быть больше нуля! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
} else {
$bname = rand(0,9)."_".time().".".$FILE_EXTENSIONS;
$upl = copy($_FILES['file']['tmp_name'], "../images/icq/".$bname);
// Защита от вредоносного кода в картинке
$upload_dir = "../images/icq/";
$upload_file = $upload_dir . $bname;
// Открываем файл для чтения
$handle = fopen($upload_file, "r");
// Читаем весь полностью
$file_text = fread($handle,filesize($upload_file));
$file_text= strtolower($file_text);
fclose($handle);
// Если обнаружился <script,<embed>,<applet>,JAvAscRIpT
if (strpos($file_text,'<script')>-1
or strpos($file_text,'<?php')>-1
or strpos($file_text,'<embed')>-1
or strpos($file_text,'<applet')>-1
or strpos($file_text,'javascript')>-1)
{
// то удаляем этот файл и сообщаем пользователю
unlink($upload_file);
print "<p class=\"er\">Ваша картинка заражена! XSS image аттака, если это повторится, будет оповещен администратор! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
'XSS image!';
} elseif(!$upl) {
print "<p class=\"er\">".$lng['er_banner_upload']."! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
$er = 1;
} else {
if(!$file) { $bname = "noicq.gif"; }
if($status == 1) { $st = 0; } else { $st = 1; }
$sql = 'INSERT INTO advert_vk (clx, user_id, url, geo, name, msg, text, img, status, adult, start_time, end_time) VALUES ('.$clx.', '.$user_id.', "'.$url.'", "'.$geo.'", "'.$name.'", "'.$msg.'", "'.$text.'", "'.$bname.'", '.$st.', '.$adult.', '.$start_time.', '.$end_time.')';
if(mysql_query($sql)) {
print "<p class=\"erok\">".$lng['er_add_url']."! <a href=\"?adv=4\">".$lng['my_sites']."</a></p>";
mysql_query('UPDATE users SET balance = balance - '.$money.', adconcurs = adconcurs + '.$money.' WHERE id = '.$user_id.' LIMIT 1');
} else {
print "<p class=\"er\">".$lng['er_bd']."! <a href=\"?adv=4\">« ".$lng['back']."</a></p>";
}
}
}
}
} else {
?>
<form action='?action=add&add=vk&act=save' method='post' enctype="multipart/form-data" class="front-signup">
<table align="middle" width="480" border="0" cellpadding="2" cellspacing="0" style="border-collapse: separate;">
<tr >
<td> URL <font color="red"><b>*</b></font>: </td>
<td align="left"><input type='text' name='url' value='http://' size='40' maxlength="100" style="width: 200px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> <?php print $lng['titlename']; ?>: </td>
<td align="left"><input type='text' name='name' value='Новое сообщение' size='40' maxlength="25" style="width: 200px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> Kороткое название: </td>
<td align="left"><input type='text' name='msg' value='' size='40' maxlength="25" style="width: 200px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> <?php print $lng['description']; ?> <font color="red"><b>*</b></font>: </td>
<td align="left"><input type='text' name='text' value='' size='40' maxlength="100" style="width: 200px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> <?php print $lng['buy_clx']; ?>: </td>
<td align="left"><input type='text' name='clx' value='0' size='40' style="width: 200px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td><?php print $lng['banner']; ?> [*.gif; *.jpg, 50х50] <font color="red"><b>*</b></font></td>
<td align="left" ><input name="file" type="file" size="33" style="width: 200px"></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> <?php print $lng['clx_day']; ?> *: </td>
<td align="left"><input type='text' name='stopor' value='0' size='40' style="width: 200px;" /></td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> <?php print $lng['tarif']; ?>: </td>
<td align="left">
<select name="geo" style="width: 250px;">
<?php
$result = mysql_query("SELECT * FROM parametrs WHERE path = 'vk' AND view = 1 ORDER BY id ASC");
while($row = mysql_fetch_array($result)) {
if(!$row[geo]) {
print "<option value=\"\">".$lng['all_traf'].": ".sprintf("%01.2f", $row['price'] * 1000)." ".$cfgCurrency." / 1000</option>";
} else {
print "<option value=\"".$row['geo']."\">".$row['geo']." - ".$lng['in_price'].": ".sprintf("%01.2f", $row['price'] * 1000)." ".$cfgCurrency." / 1000</option>";
}
}
?> </select>
</td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td> <?php print $lng['time_view']; ?>: </td>
<td align="left">
<select name="start_time" style="width: 120px;">
<option value="0">00:00</option>
<option value="1">01:00</option>
<option value="2">02:00</option>
<option value="3">03:00</option>
<option value="4">04:00</option>
<option value="5">05:00</option>
<option value="6">06:00</option>
<option value="7">07:00</option>
<option value="8">08:00</option>
<option value="9">09:00</option>
<option value="10">10:00</option>
<option value="11">11:00</option>
<option value="12">12:00</option>
<option value="13">13:00</option>
<option value="14">14:00</option>
<option value="15">15:00</option>
<option value="16">16:00</option>
<option value="17">17:00</option>
<option value="18">18:00</option>
<option value="19">19:00</option>
<option value="20">20:00</option>
<option value="21">21:00</option>
<option value="22">22:00</option>
<option value="23">23:00</option>
</select> - <select name="end_time" style="width: 120px;">
<option value="24">00:00</option>
<option value="1">01:00</option>
<option value="2">02:00</option>
<option value="3">03:00</option>
<option value="4">04:00</option>
<option value="5">05:00</option>
<option value="6">06:00</option>
<option value="7">07:00</option>
<option value="8">08:00</option>
<option value="9">09:00</option>
<option value="10">10:00</option>
<option value="11">11:00</option>
<option value="12">12:00</option>
<option value="13">13:00</option>
<option value="14">14:00</option>
<option value="15">15:00</option>
<option value="16">16:00</option>
<option value="17">17:00</option>
<option value="18">18:00</option>
<option value="19">19:00</option>
<option value="20">20:00</option>
<option value="21">21:00</option>
<option value="22">22:00</option>
<option value="23">23:00</option>
</select>
</td>
</tr>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr >
<td align="right"><input type="checkbox" name="adult" value="1" /></td>
<td> <?php print $lng['adultadv']; ?></td></br>
<tr>
<td colspan="2" height="30"><hr/>
</td>
</tr>
<tr>
<td colspan="2"><center><font color="red"><b>*</b></font> - Поля обязательные для заполнения</center></td>
</tr>
<tr><td colspan="2" style="padding: 15px 185px;"><input id="prb-distanse" class="prb-mbut" type='submit' name='submit' value='Добавить' /></td></tr>
</table>
</form>
<?php } ?>