source: mangos/inc/files.post.php@ 5

<?php 
if (INCLUDED!==true) exit('Dieee !!!');

$page['title'] = "$lang[pagetitle_files]";
$_GET['edit'] = $realm_db->escape($_GET['edit']);
$cat_words = array($lang['files_type_other'],$lang['files_type_client'],$lang['files_type_patch'],$lang['files_type_wallpaper'],$lang['files_type_video'],$lang['files_type_screenshot']);

if($user['gmlevel'] >= $site['files_publication_gmlevel'])
{
        if($_POST['doadd'] && !$_GET['edit'])
        {
                $tmp_cur_time = time();
                $tmp_mess = my_preview($_POST['message'],$user['gmlevel']);
                $tmp_mess = quote_smart($tmp_mess);
                $tmp_title = htmlspecialchars(trim("$_POST[title]"));
                $tmp_format = htmlspecialchars(trim("$_POST[format]"));
                $tmp_size = (INT)$realm_db->escape($_POST['size']);
                $query = "INSERT INTO `files` (`type`,`poster`,`posted`,`title`,`text`,`format`,`size`) VALUES 
                ('$_POST[type]','$user[name]','$tmp_cur_time','$tmp_title','$tmp_mess','$tmp_format','$tmp_size')";
                if($realm_db->query($query)){
                //print" <meta http-equiv=refresh content='0;url=$_GET[backurl]'> "; exit;
                header("location:$_GET[backurl]");
                }else{
                print" <h2> Error ! </h2>";
                }
        }
        elseif($_POST['doadd'] && $_GET['edit'])
        {
                $tmp_mess = my_preview($_POST['message'],$user['gmlevel']);
                $tmp_mess = quote_smart($tmp_mess);
                $tmp_title = htmlspecialchars(trim("$_POST[title]"));
                $tmp_format = htmlspecialchars(trim("$_POST[format]"));
                $tmp_size = $realm_db->escape($_POST['size']);
                $query = "UPDATE `files` SET `type`='$_POST[type]',`title`='$tmp_title',`text`='$tmp_mess',`format`='$tmp_format',`size`='$tmp_size' WHERE `id`='$_GET[edit]'";
                if($realm_db->query($query)){
                //print" <meta http-equiv=refresh content='0;url=$_GET[backurl]'> "; exit;
                header("location:$_GET[backurl]");
                }else{
                print" <h2> Error ! </h2>";
                }
        }
        if($_GET['edit']){
                $pageq = $realm_db->query("SELECT * FROM `files` WHERE `id`='$_GET[edit]'");
                $pagecontent = $realm_db->fetch_assoc($pageq);
                $pagecontent['text'] = my_previewreverse($pagecontent['text']);
                $button_value = $lang['edit'];
        }else{
                $button_value = $lang['add'];
        }
        
        foreach($cat_words as $cid => $cat_word){
                $cat_s .= "<option value='$cid'".($cid==$pagecontent[type] ? ' selected' : '')."> $cat_word </option>\n";
        }
        
include('inc/page.header.php');
?>
<div class='blogbody'>
<center>
<table border='0' cellpadding='0' cellspacing='0' width='90%'>
<tbody>
<tr>
        <td colspan='2'>
        <br>
<form method='post' action='<?php echo$_SERVER['PHP_SELF'];?>?n=files/post&edit=<?php echo$_GET['edit'];?>&backurl=<?php echo urlencode($_GET['backurl']);?>'>
        <?php echo$lang['author'];?>: <b><?php echo$user['name'];?></b><br>
        <?php echo$lang['title'];?>: <input type='text' size='50' maxlength='255' name='title' value='<?php echo$pagecontent['title'];?>'> <br>
        <?php echo$lang['type'];?>: <select name='type'>
                <optgroup label='<?php echo$lang['type'];?>'> 
                <?php echo$cat_s;?>
                </optgroup>
        </select> <br>
        <?php echo$lang['format'];?>: <input type='text' size='50' maxlength='255' name='format' value='<?php echo$pagecontent['format'];?>'> <br>
        <?php echo$lang['size'];?>: <input type='text' size='50' maxlength='255' name='size' value='<?php echo$pagecontent['size'];?>'> <br>
        <?php include('inc/page.editor.php');?>
        <?php echo$lang['text'];?>: <br>
        <div class="form-item" id="textarea_block">
        <textarea name='message' cols='60' rows='12' id='textarea' style="width:95%; height:250px;"><?php echo$pagecontent['text'];?></textarea><br>
        <input class="addbutton" value="<?php echo$lang['editor_preview'];?>" type="button" style="float:left;" onClick="mypreview('preview','textarea');mytoggleview('preview_block');mytoggleview('textarea_block');">
        <input class="addbutton" value="<?php echo$lang['editor_clear'];?>" type="reset" style="float:right;margin-right:30px;">
        </div>
        <div class="form-item" id="preview_block" style="visibility: hidden; display: none; ">
        <div id="preview" style="background:#fff;border: 1px solid #BFBFBF;padding: 2px 5px 1px 5px; width:95%; height:250px; overflow:auto; margin-top:2px;"></div>
        <input class="addbutton" value="<?php echo$lang['editor_backtoedit'];?>" type="button" style="float:left;" onClick="clear_innerHTML('preview');mytoggleview('preview_block');mytoggleview('textarea_block');">
        </div>
        <br>
        <input type='submit' name='doadd' value='<?php echo$button_value;?>' class='addbutton'> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        <input type='button' value='<?php echo$lang['back'];?>' onClick="javascript:history.go(-1)" class='addbutton'>
</form>

        </td>
</tr>
</tbody></table>
</center>
</div>
<?php 
}
include('inc/page.footer.php');
?>