bilder upload

t-3000 · 1. März 2004, 00:57

sitename: sebid.funpic.de im browser eingeben

ich hab da folgendes problem, undzwar hab ich ein auktionshausscript, beim klick auf verkaufen möchte ich nun bilder hochladen, diese werden aber nicht angezeigt und es kommt dann folgende fehlermeldung:

PHP-Quellcode

SecureSSI: Das File(/usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php) hat versucht ausserhalb von ihrem Userdir auf /home/www/web1/html/uploaded/30133.gif zuzugreifen.
Dies ist nicht erlaubt! Bei weiteren Fragen, lesen Sie bitte die FAQ auf funpic.de.
Warning: copy(): Sicherheitsverletzung: in /usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php on line 284
Warning: copy(/home/www/web1/html/uploaded/30133.gif): failed to open stream: Operation not permitted in /usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php on line 284
SecureSSI: Das File(/usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php) hat versucht ausserhalb von ihrem Userdir auf /home/www/web1/html/uploaded/30133_2.gif zuzugreifen.
Dies ist nicht erlaubt! Bei weiteren Fragen, lesen Sie bitte die FAQ auf funpic.de.
Warning: copy(): Sicherheitsverletzung: in /usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php on line 296
Warning: copy(/home/www/web1/html/uploaded/30133_2.gif): failed to open stream: Operation not permitted in /usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php on line 296
SecureSSI: Das File(/usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php) hat versucht ausserhalb von ihrem Userdir auf /home/www/web1/html/uploaded/30133_3.gif zuzugreifen.
Dies ist nicht erlaubt! Bei weiteren Fragen, lesen Sie bitte die FAQ auf funpic.de.
Warning: copy(): Sicherheitsverletzung: in /usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php on line 309
Warning: copy(/home/www/web1/html/uploaded/30133_3.gif): failed to open stream: Operation not permitted in /usr/export/www/vhosts/funnetwork/hosting/sebid/sell.php on line 309

Alles anzeigen

die zeilen angaben sind die befehle für diesen upload und die gehen so:

PHP-Quellcode

copy ($userfile, $fname);
copy ($userfile2, $fname);
copy ($userfile3, $fname);

proton · 1. März 2004, 02:26

Wp liegt dein Problem? Wie du erkennen kannst hast du keine Berechtigung die bilder zu saugen!
Hast du schoneinmal die Firma angemailt???

n3o · 1. März 2004, 13:23

Poste am besten mal das ganze Uploadscript,damit man das mal testen kann

t-3000 · 1. März 2004, 19:32

Quellcode

<?
require('./includes/messages.inc.php');
require('./includes/config.inc.php');
require('./includes/auction_types.inc.php');
require('./includes/countries.inc.php');
require('./includes/datacheck.inc.php');
function generate_id()
{
global $title, $description;
$continue = true;
// Datenbankgestützte Artikel-Nummern-Verwaltung
$num_query = "select * from numbers where id='1'"; // 1 = Nummernkreis für Auktions-Nummern
$num_result = mysql_query($num_query);
$auction_id = mysql_result($num_result,0,"value");
$next_num = intval($auction_id) + 1;
mysql_query("update numbers set value='$next_num'");
return $auction_id;
}
if(empty($action))
{
$action = "login";
}
if (($REQUEST_METHOD=="GET" && $action=="login") && !$HTTP_COOKIE_VARS['$LOGGED_IN_COOKIE'])
{
include "header.php";
include "templates/template_sell_login_php.html";
include "footer.php";
exit;
}
// Keine Aktion gewählt / Erstaufruf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if ($action=="login")
$action = "";
if (empty($action))
{
// Preise für Features holen
$my_result = mysql_query("select * from features order by id");
$fett_preis = print_money(mysql_result($my_result,0,"value"));
$marker_preis = print_money(mysql_result($my_result,1,"value"));
$topkat_preis = print_money(mysql_result($my_result,2,"value"));
$bild2_preis = print_money(mysql_result($my_result,3,"value"));
$bild3_preis = print_money(mysql_result($my_result,4,"value"));
$TPL_fett_preis = $fett_preis;
$TPL_marker_preis = $marker_preis;
$TPL_topkat_preis = $topkat_preis;
$TPL_bild2_preis = $bild2_preis;
$TPL_bild3_preis = $bild3_preis;
if ($mode=="recall")
{
if (isset($sessionVars['SELL_file_uploaded']))
{
if ($sessionVars['SELL_pict_url'] <> "")
{
$userfile = "none";
if (file_exists($image_upload_path.$sessionVars['SELL_pict_url']))
{
unlink($image_upload_path.$sessionVars['SELL_pict_url']);
}
}
if ($sessionVars['SELL_pict_url2'] <> "")
{
$userfile2 = "none";
if (file_exists($image_upload_path.$sessionVars['SELL_pict_url2']))
{
unlink($image_upload_path.$sessionVars['SELL_pict_url2']);
}
}
if ($sessionVars['SELL_pict_url3'] <> "")
{
$userfile3 = "none";
if (file_exists($image_upload_path.$sessionVars['SELL_pict_url3']))
{
unlink($image_upload_path.$sessionVars['SELL_pict_url3']);
}
}
unset($sessionVars['SELL_file_uploaded']);
$sessionVars['SELL_pict_url'] = $sessionVars['SELL_pict_url_original'];
putSessionVars();
}
$title = $sessionVars['SELL_title'];
$description = $sessionVars['SELL_description'];
$pict_url = $sessionVars['SELL_pict_url_original'];
$atype = $sessionVars['SELL_atype'];
$iquantity = $sessionVars['SELL_iquantity'];
$minimum_bid = $sessionVars['SELL_minimum_bid'];
$with_reserve = ($sessionVars['SELL_with_reserve'])?"ja":"nein";
$payment = $sessionVars['SELL_payment'];
$duration = $sessionVars['SELL_duration'];
$country = $sessionVars['SELL_country'];
$location_zip = $sessionVars['SELL_location_zip'];
$shipping = $sessionVars['SELL_shipping'];
$international = ($sessionVars['SELL_international'])?"ja":"nein";
$category1 = $sessionVars['SELL_category'];
$imgtype = $sessionVars['SELL_imgtype'];
$zustand = $sessionVars['SELL_zustand'];
$fett = $sessionVars['SELL_fett'];
$marker = $sessionVars['SELL_marker'];
$topkat = $sessionVars['SELL_topkat'];
$bild2 = $sessionVars['SELL_bild2'];
$bild3 = $sessionVars['SELL_bild3'];
$artnr = $sessionVars['SELL_artnr'];
$fett_preis = $sessionVars['SELL_fettpreis'];
$marker_preis = $sessionVars['SELL_markerpreis'];
$topkat_preis = $sessionVars['SELL_topkatpreis'];
$bild2_preis = $sessionVars['SELL_bild2preis'];
$bild3_preis = $sessionVars['SELL_bild3preis'];
$buy_now = $sessionVars['SELL_buy_now'];
}
else
{
// auction type
reset($auction_types);
list($atype,) = each($auction_types);
// quantity of items
$iquantity = 1;
// country
// BM 28.2.
//reset($countries);
//list($country,) = each($countries);
// shipping
$shipping = 1;
// image type
$imgtype = 1;
$with_reserve = "nein";
}
}
// Oder Aktion = 'first' / Erstaufruf++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
elseif ($action=='first')
{
unset($auction_id);
$ERR = "ERR_".CheckSellData();
// if no other errors - handle upload here
if (!$$ERR)
{
unset($file_uploaded);
// Auktions-ID generieren
$auction_id = generate_id();
if ( $userfile <> "none" )
{
$inf = GetImageSize ( $userfile );
if ($userfile2 <> "none")
$inf2 = GetImageSize ( $userfile2 );
if ($userfile3 <> "none")
$inf3 = GetImageSize ( $userfile3 );
$er = false;
// make a check
if ($inf)
{
$inf[2] = intval($inf[2]); // check for uploaded file type
if ($userfile2 <> "none")
$inf2[2] = intval($inf2[2]);
if ($userfile3 <> "none")
$inf3[2] = intval($inf3[2]);
if ( ($inf[2]!=1) && ($inf[2]!=2) )
{
$er = true;
$ERR = "ERR_602";
}
else
{
// check for file size
if ( intval($userfile_size)>$MAX_UPLOAD_SIZE )
{
$er = true;
$ERR = "ERR_603";
}
}
if ($userfile2 <> "none")
{
if ( ($inf2[2]!=1) && ($inf2[2]!=2) )
{
$er = true;
$ERR = "ERR_602_2";
}
else
{
// check for file size
if ( intval($userfile2_size)>$MAX_UPLOAD_SIZE )
{
$er = true;
$ERR = "ERR_603_2";
}
}
}
if ($userfile3 <> "none")
{
if ( ($inf2[2]!=1) && ($inf2[2]!=2) )
{
$er = true;
$ERR = "ERR_602_3";
}
else
{
// check for file size
if ( intval($userfile3_size)>$MAX_UPLOAD_SIZE )
{
$er = true;
$ERR = "ERR_603_3";
}
}
}
}
else
{
$ERR = "ERR_602";
$er = true;
}
if (!$er)
{
// Bild 1 wirklich speichern
$ext = ($inf[2]==1)?".gif":".jpg";
$fname = $image_upload_path.$auction_id.$ext;
if (file_exists($fname))
unlink ($fname);
copy ($userfile, $fname);
$uploaded_filename = $auction_id.$ext;
$file_uploaded = true;
// Bild 2 wirklich speichern
if ($userfile2 <> "none")
{
$ext = ($inf[2]==1)?".gif":".jpg";
$fname = $image_upload_path.$auction_id."_2".$ext;
if ( file_exists($fname) )
unlink ($fname);
copy ( $userfile2, $fname );
$uploaded_filename2 = $auction_id."_2".$ext;
$file_uploaded = true;
}
// Bild 3 wirklich speichern
if ($userfile3 <> "none")
{
$ext = ($inf[2]==1)?".gif":".jpg";
$fname = $image_upload_path.$auction_id."_3".$ext;
if ( file_exists($fname) )
unlink ($fname);
copy ( $userfile3, $fname );
$uploaded_filename3 = $auction_id."_3".$ext;
$file_uploaded = true;
}
}
else
{
// Fehler!!
unset($file_uploaded);
$userfile2 = "none";
$userfile3 = "none";
}
}
else
{
unset($file_uploaded);
$userfile2 = "none";
$userfile3 = "none";
}
}
}
/*
Erstaufruf oder Fehler in den Daten -> Eingabemaske nochmal anzeigen
*/
if ( empty($action) || (($action=='first')&&($$ERR)) )
{
include "header.php";
$titleH = htmlspecialchars($title);
$descriptionH = htmlspecialchars($description);
$pict_urlH = htmlspecialchars($pict_url);
// ------------------------------------- auction type
$T= "<SELECT NAME=\"atype\">\n";
reset($auction_types); while(list($key,$val)=each($auction_types)){
$T.=
" <OPTION VALUE=\"".
$key.
"\" ".
(($key==$atype)?"SELECTED":"")
.">".$val."</OPTION>\n";
}
$T.="</SELECT>\n";
$TPL_auction_type = $T;
// ------------------------------------- duration
//--
$query = "select * from durations order by days";
$res_durations = mysql_query($query);
if(!$res_durations)
{
print $ERR_001." - ".mysql_error();
}
$num_durations = mysql_num_rows($res_durations);
$i = 0;
$T= "<SELECT NAME=\"duration\">\n";
while($i < $num_durations){
$days = mysql_result($res_durations,$i,"days");
$duration_descr = mysql_result($res_durations,$i,"description");
$T.= " <OPTION VALUE=\"$days\"";
if($days == $duration)
{
$T .= " SELECTED";
}
$T .= ">$duration_descr</OPTION>";
$i++;
}
$T.="</SELECT>\n";
$TPL_durations_list = $T;
// eigentlich der Ort
// -------------------------------------- country
$T = "<Input Type=\"Text\" Name=\"country\" value=\"$country\"";
$TPL_countries_list = $T;
// -------------------------------------- payment
$qurey = "select * from payments";
$res_payment = mysql_query($qurey);
if(!$res_payment)
{
print $ERR_001." - ".mysql_error();
exit;
}
$num_payments = mysql_num_rows($res_payment);
$T= "";
$i = 0;
while($i < $num_payments)
{
$payment_descr = mysql_result($res_payment,$i,"description");
$T.="<INPUT TYPE=CHECKBOX NAME=\"payment[]\" VALUE=\"$payment_descr\"";
//print "Desc.: ".$payment_descr." / Array: ".$payment[$i]."<br>";
if($payment_descr == $payment[$i])
{
$T .= " CHECKED";
}
$T .= "> $std_font $payment_descr</FONT><BR>";
$i++;
}
$TPL_payments_list = $T;
// -------------------------------------- category
$T= "<SELECT NAME=\"category\">\n";
$result = mysql_query("SELECT * FROM categories_plain");
if($result):
while($row=mysql_fetch_array($result)){
$T.=
" <OPTION VALUE=\"".
$row[cat_id].
"\" ".
(($row[cat_id]==$category)?"SELECTED":"")
.">".$row[cat_name]."</OPTION>\n";
}
endif;
$T.="</SELECT>\n";
$TPL_categories_list = $T;
// -------------------------------------- shipping
if ( intval($shipping)==1 )
$TPL_shipping1_value = "CHECKED";
if ( intval($shipping)==2 )
$TPL_shipping2_value = "CHECKED";
if ( !empty($international) )
$TPL_international_value = "CHECKED";
// -------------------------------------- reserved price
if ( $with_reserve=="ja" )
$TPL_with_reserve_selected = "CHECKED";
else
$TPL_without_reserve_selected = "CHECKED";
// -------------------------------------- photo source
if ( intval($imgtype)==1 )
$TPL_imgtype2_SELECTED = "CHECKED";
else
$TPL_imgtype1_SELECTED = "CHECKED";
// bm 05.12.2001 --------------------
// -------------------------------------- features
if ( !empty($fett) )
$TPL_fett_value = "CHECKED";
if ( !empty($marker) )
$TPL_marker_value = "CHECKED";
if ( !empty($topkat) )
$TPL_topkat_value = "CHECKED";
// ------------------------------------
$my_result = mysql_query("select * from features order by id");
$fett_preis = print_money(mysql_result($my_result,0,"value"));
$marker_preis = print_money(mysql_result($my_result,1,"value"));
$topkat_preis = print_money(mysql_result($my_result,2,"value"));
$bild2_preis = print_money(mysql_result($my_result,3,"value"));
$bild3_preis = print_money(mysql_result($my_result,4,"value"));
$TPL_fett_preis = $fett_preis;
$TPL_marker_preis = $marker_preis;
$TPL_topkat_preis = $topkat_preis;
$TPL_bild2_preis = $bild2_preis;
$TPL_bild3_preis = $bild3_preis;
$TPL_error_value = $$ERR;
// update current session
if ( isset($sessionVars['SELL_DATA_CORRECT']) )
unset($sessionVars['SELL_DATA_CORRECT']);
putSessionVars();
$user_nick = $HTTP_COOKIE_VARS['$LOGGED_IN_NICK'];
$user_query = "SELECT * FROM users WHERE nick='$user_nick'";
$user_result = mysql_query($user_query);
if ($user_result)
{
$location_zip = mysql_result($user_result,0,"zip");
$country = mysql_result($user_result,0,"city");
$frei = mysql_result($user_result,0,"suspended");
}
if ($frei == 1)
$TPL_suspended = "Achtung!<BR>Sie haben Ihren Account noch nicht <a href=\"./help.php?topic=Verkaufen\">freigeschaltet</a> oder er wurde gesperrt.";
else
$TPL_suspended = "";
// include corresponding templates/template and exit
include "templates/template_sell_php.html";
include "footer.php";
exit;
}
// Erstaufruf und KEIN Fehler! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
if ($action=="first" && !$$ERR)
{
$sessionVars['SELL_title'] = stripslashes($title);
$sessionVars['SELL_description'] = stripslashes($description);
// image URL
if (!isset($file_uploaded))
{
$sessionVars['SELL_pict_url'] = $pict_url;
unset($sessionVars['SELL_original_filename']);
}
else
{
// the URL is uploaded image
$sessionVars['SELL_pict_url'] = $uploaded_filename;
$sessionVars['SELL_pict_url2'] = $uploaded_filename2;
$sessionVars['SELL_pict_url3'] = $uploaded_filename3;
$sessionVars['SELL_original_filename'] = $userfile_name;
}
// data from "picture URL" input field
$sessionVars['SELL_pict_url_original'] = $pict_url;
// flag if file is uploaded
if (!isset($file_uploaded))
unset($sessionVars['SELL_file_uploaded']);
else
$sessionVars['SELL_file_uploaded'] = true;
// auction type
$sessionVars['SELL_atype'] = $atype;
// quantity of items for sale
$sessionVars['SELL_iquantity'] = $iquantity;
// minimum bid
$sessionVars['SELL_minimum_bid'] = $minimum_bid;
// reserved price flag
$sessionVars['SELL_with_reserve'] = ($with_reserve=="ja")?true:false;
// reserved price value
$sessionVars['SELL_reserve_price'] = $reserve_price;
// auction duration
$sessionVars['SELL_duration'] = $duration;
// country
$sessionVars['SELL_country'] = $country;
// zip code
$sessionVars['SELL_location_zip'] = $location_zip;
// shipping method
$sessionVars['SELL_shipping'] = $shipping;
// international shipping
$sessionVars['SELL_international'] = (strlen($international)==0)?false:true;
// payment methods: text and index
reset($payment);
while(list($key,$val) = each($payment))
{
$sessionVars['SELL_payment'.$key] = $payment[$key];
//print "Session_var: ".$sessionVars['SELL_payment'.$key]."<br>";
}
// category ID
$sessionVars['SELL_category'] = $category1;
// auction id
if (isset($auction_id))
$sessionVars['SELL_auction_id'] = $auction_id;
else
$sessionVars['SELL_auction_id'] = generate_id();
// image type
$sessionVars['SELL_imgtype'] = $imgtype;
// set that first step is passed
$sessionVars['SELL_DATA_CORRECT'] = true;
// bm 05.12.2001 ----------
// fett
$sessionVars['SELL_fett'] = (strlen($fett)==0)?false:true;
// marker
$sessionVars['SELL_marker'] = (strlen($marker)==0)?false:true;
// topkat
$sessionVars['SELL_topkat'] = (strlen($topkat)==0)?false:true;
// bild2
$sessionVars['SELL_bild2'] = ($userfile2 <> "none")?true:false;
// bild3
$sessionVars['SELL_bild3'] = ($userfile3 <> "none")?true:false;
// zustand
$sessionVars['SELL_zustand'] = $zustand;
// Art.-Nr.
$sessionVars['SELL_artnr'] = $artnr;
$sessionVars['SELL_fettpreis'] = $fett_preis;
$sessionVars['SELL_markerpreis'] = $marker_preis;
$sessionVars['SELL_topkatpreis'] = $topkat_preis;
$sessionVars['SELL_bild2preis'] = $bild2_preis;
$sessionVars['SELL_bild3preis'] = $bild3_preis;
// Einstellgebühren ermitteln
$my_query = "SELECT * FROM insertfees WHERE".
"((min_val<=$minimum_bid AND max_val>=$minimum_bid) OR".
"(min_val<$minimum_bid AND max_val<$minimum_bid)) ORDER BY id DESC";
$my_result = mysql_query($my_query);
$fee_value = mysql_result($my_result,0,"fee");
$sessionVars['SELL_fee_value'] = $fee_value;
// ------------------------
$sessionVars['SELL_buy_now'] = $buy_now;
putSessionVars();
# print "Sessions vars are put";
}
// Preview wurde angezeigt -> Auktion jetzt einstellen +++++++++++++++++++++++++++++++++++++++++++++++++++++
// Login und Passwort prüfen
if ( $action=="second")
{
$nickH = htmlspecialchars($nick);
$result = mysql_query("SELECT * FROM users WHERE nick='".AddSlashes($nick)."'");
if ($result)
$num = mysql_num_rows($result);
else
$num = 0;
if ($num==0)
$ERR = "ERR_025";
if ($num>0)
{
$pass = mysql_result ($result,0,"password");
$user_id = mysql_result ($result,0,"id");
if (md5($MD5_PREFIX.$password) != $pass)
{
$ERR = "ERR_026";
}
else
{
if(mysql_result($result,0,"suspended") > 0)
{
$ERR = "ERR_618";
}
}
}
}
// Erstaufruf und KEIN Fehler oder Fehler nach dem Preview absenden ++++++++++++++++++++++++++++++++++++++++++++++++++++
if ( ($action=="first" && !$$ERR) || ($action=="second" && $$ERR) )
{
// Fehlertext
$TPL_error = $$ERR;
// Titel
$TPL_title_value = htmlspecialchars($sessionVars['SELL_title']);
// description text
$TPL_description_shown_value = stripslashes(nl2br($sessionVars['SELL_description']));
// picture URL
if( intval($sessionVars['SELL_imgtype'])==0 )
{
// print "URL";
// URL specified
if ( strlen($sessionVars['SELL_pict_url_original'])==0 )
$TPL_pict_URL_value = $MSG_114;
else
$TPL_pict_URL_value = "<IMG SRC=\"".$sessionVars['SELL_pict_url_original']."\">";
}
else
{
// a file uploaded
if ( empty($sessionVars['SELL_file_uploaded']) )
$TPL_pict_URL_value = $MSG_114;
else
$TPL_pict_URL_value = $sml_font."Bild 1:</Font><br><IMG SRC=\"".$uploaded_path.$sessionVars['SELL_pict_url']."\"><br><br>";
if ($sessionVars['SELL_pict_url2'] <> "")
$TPL_pict_URL_value .= $sml_font."Bild 2:</Font><br><IMG SRC=\"".$uploaded_path.$sessionVars['SELL_pict_url2']."\"><br><br>";
if ($sessionVars['SELL_pict_url3'] <> "")
$TPL_pict_URL_value .= $sml_font."Bild 3:</Font><br><IMG SRC=\"".$uploaded_path.$sessionVars['SELL_pict_url3']."\">";
}
// minimum bid
$TPL_minimum_bid_value = print_money($sessionVars['SELL_minimum_bid']);
$TPL_buy_now = print_money($sessionVars['SELL_buy_now']);
// reserved price
if ($sessionVars['SELL_with_reserve'])
$TPL_reserve_price_displayed = "$std_font ".print_money($sessionVars['SELL_reserve_price'])."</FONT>";
else
$TPL_reserve_price_displayed = "$std_font nein </FONT>";
// auction duration
//--
$query = "select description from durations where days=".$sessionVars['SELL_duration'];
$res_duration_descr = mysql_query($query);
$duration_descr = mysql_result($res_duration_descr,0,"description");
$TPL_durations_list = $duration_descr;
// auction type
$TPL_auction_type = $auction_types[$sessionVars['SELL_atype']];
if ( intval($sessionVars['SELL_atype'])==2 )
$TPL_auction_type .= "</TD></TR><TR><TD ALIGN=RIGHT> $std_font <B>Quantity:</B> </FONT></TD><TD>$std_font".$sessionVars['SELL_iquantity']."</TD></TR>";
// country
//$TPL_countries_list = $countries[$sessionVars['SELL_country']];
$TPL_countries_list = $sessionVars['SELL_country'];
// zip code
$TPL_location_zip = $sessionVars['SELL_location_zip'];
// shipping
if ( intval($sessionVars['SELL_shipping']) == 1 )
{
$TPL_shipping_value = $MSG_038;
}
else
{
$TPL_shipping_value = $MSG_032;
}
if ( $sessionVars['SELL_international'] )
{
$TPL_international_value = "<BR>";
$TPL_international_value .= $MSG_033;
}
else
{
$TPL_international_value = "<BR>";
$TPL_international_value .= $MSG_043;
}
// payment methods
//--
$query = "select * from payments";
$res_payments = mysql_query($query);
if(!$res_payments)
{
print $ERR_001." - ".mysql_error();
exit;
}
$num_payments = mysql_num_rows($res_payments);
$i = 0;
while($i < $num_payments){
if(isset($sessionVars['SELL_payment'.$i]))
{
$TPL_payment_methods .= "$std_font".$sessionVars['SELL_payment'.$i]."</FONT><BR>";
}
$i++;
}
// category name
$cat_id = intval($sessionVars['SELL_category']);
$result = mysql_query("SELECT * FROM categories WHERE cat_id=$cat_id");
$parent_id = mysql_result($result,0,"parent_id");
$category_name = mysql_result($result,0,"cat_name");
$T = "";
while($parent_id!=0)
{
// get info about this parent
$result = mysql_query("SELECT * FROM categories WHERE cat_id=$parent_id");
$pparent_id = intval(mysql_result($result,0,"parent_id"));
$pcat_id = mysql_result($result,0,"cat_id");
$pcat_name = mysql_result($result,0,"cat_name");
$T = "$pcat_name > ".$T;
// get parent of this parent
if ($pparent_id!=0)
$parent_id = mysql_result( mysql_query("SELECT * FROM categories WHERE cat_id=$pparent_id"),0,"parent_id" );
else
$parent_id = 0;
}
$T .= $category_name;
$TPL_categories_list = $T;
if ( $sessionVars['SELL_fett'] )
{
$TPL_fett_value .= "Fettschrift";
}
if ( $sessionVars['SELL_marker'] )
{
$TPL_marker_value = "<BR>";
$TPL_marker_value .= "Textmarker";
}
if ( $sessionVars['SELL_topkat'] )
{
$TPL_topkat_value = "<BR>";
$TPL_topkat_value .= "Top-Kategorie";
}
if ( $sessionVars['SELL_bild2'] )
{
$TPL_bild_2_value = "<BR>";
$TPL_bild_2_value .= "Upload 2. Bild";
}
if ( $sessionVars['SELL_bild3'] )
{
$TPL_bild_3_value = "<BR>";
$TPL_bild_3_value .= "Upload 3. Bild";
}
if ( $sessionVars['SELL_zustand'] == 0 )
{
$TPL_zustand_value = "Siehe Beschreibung";
}
if ( $sessionVars['SELL_zustand'] == 1 )
{
$TPL_zustand_value = "Neuwertig";
}
if ( $sessionVars['SELL_zustand'] == 2 )
{
$TPL_zustand_value = "Bestzustand";
}
if ( $sessionVars['SELL_zustand'] == 3 )
{
$TPL_zustand_value = "Leichte Gebrauchsspuren";
}
if ( $sessionVars['SELL_zustand'] == 4 )
{
$TPL_zustand_value = "Gebrauchsspuren";
}
if ( $sessionVars['SELL_zustand'] == 5 )
{
$TPL_zustand_value = "Starke Gebrauchsspuren";
}
if ( $sessionVars['SELL_zustand'] == 6 )
{
$TPL_zustand_value = "Defekt";
}
$TPL_artnr_value = htmlspecialchars($sessionVars['SELL_artnr']);
// Benutzergruppe feststellen
$benutzername = $TPL_nick = $HTTP_COOKIE_VARS['$LOGGED_IN_NICK'];
$status_query = "SELECT * FROM users WHERE nick='$benutzername'";
$status_result = mysql_query($status_query);
if (!$status_result)
{
print "<H1>Fehler beim Bestimmen der Benutzergruppe!</H1>";
exit;
}
else
{
$benutzergruppe = mysql_result($status_result,0,"status");
}
// Wer wird berechnet? Private und/oder Gewerbliche?
$bill_query = "SELECT * FROM settings";
$bill_result = mysql_query($bill_query);
if (!$bill_result)
{
print "<H1>Fehler beim Lesen von Tabelle Settings!</H1>";
exit;
}
else
{
$bill_privat = mysql_result($bill_result,0,"privat");
$bill_gewerbe = mysql_result($bill_result,0,"gewerbe");
}
// Wird der User berechnet?
if (intval($benutzergruppe) == 0)
{
if ($bill_privat == 1)
$berechnen = 1;
else
$berechnen = 0;
}
if (intval($benutzergruppe) == 1)
{
if ($bill_gewerbe == 1)
$berechnen = 1;
else
$berechnen = 0;
}
// Preise für Features holen
$my_result = mysql_query("select * from features order by id");
$fett_preis = mysql_result($my_result,0,"value");
$marker_preis = mysql_result($my_result,1,"value");
$topkat_preis = mysql_result($my_result,2,"value");
$bild2_preis = mysql_result($my_result,3,"value");
$bild3_preis = mysql_result($my_result,4,"value");
$TPL_fett_preis = $fett_preis;
$TPL_marker_preis = $marker_preis;
$TPL_topkat_preis = $topkat_preis;
$TPL_bild2_preis = $bild2_preis;
$TPL_bild3_preis = $bild3_preis;
// ******************************************************************************************************************
// Einstellgebühr anzeigen
$fee_summe = 0;
if ($berechnen == 1)
{
$TPL_Account .= $std_font."Einstellgebühr: ".print_money($sessionVars['SELL_fee_value'])."</Font><BR>"; // nur 'n Test
$fee_summe = $sessionVars['SELL_fee_value'];
}
// Zusatz-Features anzeigen
if ( $sessionVars['SELL_fett'] )
{
$TPL_Account .= $std_font."Hervorhebung durch Fettschrift: ".print_money($TPL_fett_preis)."</Font><BR>";
$fee_summe = $fee_summe + $fett_preis;
}
if ( $sessionVars['SELL_marker'] )
{
$TPL_Account .= $std_font."Hervorhebung durch Textmarker: ".print_money($TPL_marker_preis)."</Font><BR>";
$fee_summe = $fee_summe + $marker_preis;
}
if ( $sessionVars['SELL_topkat'] )
{
$TPL_Account .= $std_font."Darstellung in Top-Kategorie: ".print_money($TPL_topkat_preis)."</Font><BR>";
$fee_summe = $fee_summe + $topkat_preis;
}
if ( $sessionVars['SELL_bild2'] )
{
$TPL_Account .= $std_font."Upload 2. Bild: ".print_money($TPL_bild2_preis)."</Font><BR>";
$fee_summe = $fee_summe + $bild2_preis;
}
if ( $sessionVars['SELL_bild3'] )
{
$TPL_Account .= $std_font."Upload 3. Bild: ".print_money($TPL_bild3_preis)."</Font><BR>";
$fee_summe = $fee_summe + $bild3_preis;
}
// Summe anzeigen
$TPL_Account .= "<BR><B>".$err_font."Gesamtgebühr: ".print_money($fee_summe)."</Font>";
// ******************************************************************************************************************
include "header.php";
include "templates/template_sell_preview_php.html";
include "footer.php";
exit;
}
if ($action=='second' && !$$ERR)
{
//-- If a suggested category is present send an e-mail
//-- to the site administrator
if($suggested_category)
{
$to = $adminEmail;
$subject = $MSG_254;
$message = $suggested_category."\n".
$MSG_255.
$sessionVars['SELL_auction_id'];
mail($to,$subject,$message,"From:Kategorievorschlag auf".$SITE_NAME."<$adminEmail>\nReplyTo:$adminEmail");
}
$payment_text = "";
//--
$query = "select * from payments";
$res_payments = mysql_query($query);
if(!$res_payments)
{
print $ERR_001." - ".mysql_error();
exit;
}
$num_payments = mysql_num_rows($res_payments);
$i = 0;
while($i < $num_payments)
{
$val = mysql_result($res_payments,$i,"description");
if ( isset($sessionVars['SELL_payment'.$i]) )
$payment_text .= $sessionVars['SELL_payment'.$i]." \n";
$i++;
}
// auction starts
$time = time();
$a_starts = date("Y-m-d H:i:s",$time);
//$a_starts = date("d.m.Y H:i:s",$time);
// auction ends
$a_ends = $time+$sessionVars['SELL_duration']*24*60*60;
$a_ends = date("Y-m-d H:i:s", $a_ends);
//$a_ends = date("d.m.Y H:i:s", $a_ends);
// picture URL
$pcURL = "";
if ( ($sessionVars['SELL_file_uploaded']) && (strlen($sessionVars['SELL_original_filename'])>0) )
{
$pcURL = $sessionVars['SELL_pict_url'];
$pcURL2 = $sessionVars['SELL_pict_url2'];
$pcURL3 = $sessionVars['SELL_pict_url3'];
}
else
$pcURL = $sessionVars['SELL_pict_url_original'];
$result = mysql_query("SELECT * FROM auctions WHERE id=".$sessionVars['SELL_auction_id']);
if ($result)
$nr = mysql_num_rows($result);
else
$nr = 0;
if ($nr>0)
{
header ( "Location: item.php?mode=1&id=".$sessionVars['SELL_auction_id']."&SESSION_ID=$sessionIDU" );
exit;
}
include "header.php";
$query =
"INSERT INTO auctions VALUES ('".$sessionVars['SELL_auction_id']."', '". // auction id
$user_id."', '".
addslashes($sessionVars['SELL_title'])."', '". // auction title
$a_starts."', '". // auction starts
addslashes($sessionVars['SELL_description'])."', '". // auction description
addslashes($pcURL)."', ". // picture URL
$sessionVars['SELL_category'].", '". // category
$sessionVars['SELL_minimum_bid']."', '".// minimum bid
(($sessionVars['SELL_with_reserve'])?$sessionVars['SELL_reserve_price']:"0")."', '".// reserve price
$sessionVars['SELL_atype']."', '".// auction type
$sessionVars['SELL_duration']."', '".// duration
$sessionVars['SELL_country']."', '".// country
$sessionVars['SELL_location_zip']."', '".// zip code
$sessionVars['SELL_shipping']."', '".// shipping method
$payment_text."', '".// payment method
(($sessionVars['SELL_international'])?"1":"0")."', '".// international shipping
$a_ends."', '".// ends
"0', '".// current bid
"0', ".// closed
(($sessionVars['SELL_file_uploaded'])?"1":"0").", ".
$sessionVars['SELL_iquantity'].", ".// quantity
"'0' ".", ".//suspended
(($sessionVars['SELL_fett'])?"1":"0").", ".
(($sessionVars['SELL_marker'])?"1":"0").", ".
(($sessionVars['SELL_topkat'])?"1":"0").", ".
$sessionVars['SELL_zustand'].", '".
$sessionVars['SELL_artnr']."', '".
$sessionVars['SELL_buy_now']."', ".
"'0', ". // seller_rate
"'0', '". // buyer_rate
addslashes($pcURL2)."', '". // Bild 2
addslashes($pcURL3)."'". // Bild 3
")";
if (!mysql_query($query))
print $ERR_001.mysql_error()."<BR>$query";
else
{
//-- Update COUNTERS table
$query = "select auctions from counters";
$result_counters = mysql_query($query);
if($result_counters){
$auction_counter = mysql_result($result_counters,0,"auctions") + 1;
$query = "update counters set auctions = $auction_counter";
$result = mysql_query($query);
}
$TPL_auction_id = $sessionVars['SELL_auction_id'];
include "templates/template_sell_result_php.html";
}
// Rechnungsposten schreiben ******************************************************
// Benutzergruppe feststellen
$benutzername = $TPL_nick = $HTTP_COOKIE_VARS['$LOGGED_IN_NICK'];
$status_query = "SELECT * FROM users WHERE nick='$benutzername'";
$status_result = mysql_query($status_query);
if (!$status_result)
{
print "<H1>Fehler beim Bestimmen der Benutzergruppe!</H1>";
exit;
}
else
{
$benutzergruppe = mysql_result($status_result,0,"status");
}
// Wer wird berechnet? Private und/oder Gewerbliche?
$bill_query = "SELECT * FROM settings";
$bill_result = mysql_query($bill_query);
if (!$bill_result)
{
print "<H1>Fehler beim Lesen von Tabelle Settings!</H1>";
exit;
}
else
{
$bill_privat = mysql_result($bill_result,0,"privat");
$bill_gewerbe = mysql_result($bill_result,0,"gewerbe");
}
// Wird der User berechnet?
if (intval($benutzergruppe) == 0)
{
if ($bill_privat == 1)
$berechnen = 1;
else
$berechnen = 0;
}
if (intval($benutzergruppe) == 1)
{
if ($bill_gewerbe == 1)
$berechnen = 1;
else
$berechnen = 0;
}
// Preise für Features holen
$my_result = mysql_query("select * from features order by id");
$fett_preis = mysql_result($my_result,0,"value");
$marker_preis = mysql_result($my_result,1,"value");
$topkat_preis = mysql_result($my_result,2,"value");
$bild2_preis = mysql_result($my_result,3,"value");
$bild3_preis = mysql_result($my_result,4,"value");
$time = time();
$pos_time = date("Y-m-d H:i:s",$time);
if ($berechnen == 1)
{
if ($sessionVars['SELL_fee_value'] > 0)
{
// Einstellgebühr schreiben
$query = "INSERT INTO accountpos VALUES ('','','".$pos_time."','".
$user_id."','".$sessionVars['SELL_auction_id']."','".
$sessionVars['SELL_title'].
"','Einstellgebühr','".
$sessionVars['SELL_fee_value'].
"','0')";
$result = mysql_query($query);
}
}
// wenn Fettschrift, dann RE-Posten
if ( $sessionVars['SELL_fett'] )
{
if ($fett_preis > 0)
{
$query = "INSERT INTO accountpos VALUES ('','','".$pos_time."','".
$user_id."','".$sessionVars['SELL_auction_id']."','".
$sessionVars['SELL_title'].
"','Hervorhebung: Fettschrift','".
$fett_preis.
"','0')";
$result = mysql_query($query);
}
}
// wenn Textmarker, dann RE-Posten
if ( $sessionVars['SELL_marker'] )
{
if ($marker_preis > 0)
{
$query = "INSERT INTO accountpos VALUES ('','','".$pos_time."','".
$user_id."','".$sessionVars['SELL_auction_id']."','".
$sessionVars['SELL_title'].
"','Hervorhebung: Textmarker','".
$marker_preis.
"','0')";
$result = mysql_query($query);
}
}
// wenn Top-Kategorie, dann RE-Posten
if ( $sessionVars['SELL_topkat'] )
{
if ($topkat_preis > 0)
{
$query = "INSERT INTO accountpos VALUES ('','','".$pos_time."','".
$user_id."','".$sessionVars['SELL_auction_id']."','".
$sessionVars['SELL_title'].
"','Hervorhebung: Top-Kategorie','".
$topkat_preis.
"','0')";
$result = mysql_query($query);
}
}
// wenn Bild 2, dann RE-Posten
if ( $sessionVars['SELL_bild2'])
{
if ($bild2_preis > 0)
{
$query = "INSERT INTO accountpos VALUES ('','','".$pos_time."','".
$user_id."','".$sessionVars['SELL_auction_id']."','".
$sessionVars['SELL_title'].
"','Upload 2. Bild','".
$bild2_preis.
"','0')";
$result = mysql_query($query);
}
}
// wenn Bild 3, dann RE-Posten
if ($sessionVars['SELL_bild3'])
{
if ($bild3_preis > 0)
{
$query = "INSERT INTO accountpos VALUES ('','','".$pos_time."','".
$user_id."','".$sessionVars['SELL_auction_id']."','".
$sessionVars['SELL_title'].
"','Upload 3. Bild','".
$bild3_preis.
"','0')";
$result = mysql_query($query);
}
}
// Ende Rechnungsposten *****************************************************************
include "footer.php";
// and increase category counters
$ct = intval($sessionVars['SELL_category']);
$row = mysql_fetch_array(mysql_query("SELECT * FROM categories WHERE cat_id=$ct"));
$counter = $row[counter]+1;
$subcoun = $row[sub_counter]+1;
$parent_id = $row[parent_id];
mysql_query("UPDATE categories SET counter=$counter, sub_counter=$subcoun WHERE cat_id=$ct");
// update recursive categories
while ( $parent_id!=0 )
{
// update this parent's subcounter
$rw = mysql_fetch_array(mysql_query("SELECT * FROM categories WHERE cat_id=$parent_id"));
$subcoun = $rw[sub_counter]+1;
mysql_query("UPDATE categories SET sub_counter=$subcoun WHERE cat_id=$parent_id");
// get next parent
$parent_id = intval($rw[parent_id]);
}
// Send confirmation email
$result = mysql_query("SELECT * FROM users WHERE nick='".AddSlashes($nick)."'");
$user_name = mysql_result ($result,0,"name");
$user_email = mysql_result ($result,0,"email");
$user_address = mysql_result ($result,0,"address");
$user_city = mysql_result ($result,0,"city");
$user_country = mysql_result ($result,0,"country");
$user_zip = mysql_result ($result,0,"zip");
$title = $sessionVars['SELL_title'];
$auction_id = $sessionVars['SELL_auction_id'];
$description = $sessionVars['SELL_description'];
$pict_url = $pcURL;
$minimum_bid = $sessionVars['SELL_minimum_bid'];
$reserve_price = $sessionVars['SELL_reserve_price'];
$duration = $sessionVars['SELL_duration'];
$cat_name = $sessionVars['SELL_category'];
$ends = substr($a_ends,8,2).".";
$ends .= substr($a_ends,5,2).".";
$ends .= substr($a_ends,0,4).".";
$auction_url = $SITE_URL . "item.php?mode=1&id=".$sessionVars['SELL_auction_id'];
$buy_now = $sessionVars['SELL_buy_now'];
include('./includes/auction_confirmation.inc.php');
}
reset($sessionVars); while(list($key,$val)=each($sessionVars)){
if ( strpos($key,"SELL_")==0 )
unset($sessionVars[$key]);
}
putSessionVars();
exit;
?>

Alles anzeigen

n3o · 1. März 2004, 19:42

da ich mal davon ausgehe das du dieses Script auf nem Free Webspace ausführen wolltest würde ich einfach mal sagen das du die Upload Funktion von PHP nicht benutzen darfst.

t-3000 · 1. März 2004, 19:46

ist keine freeware, kann sogar gebühren funktion einstellen, und alles klappt auch, außer mit dem bilderupload. denk nicht das das daran liegt

n3o · 2. März 2004, 18:35

Ich meine den Webspace und nich das Script. Bezahlst du was für den ??

t-3000 · 2. März 2004, 19:19

kann geclosed werden, hab jemanden gefunden, der das gemacht hat, danke

n3o · 2. März 2004, 20:06

Dann klär uns doch wenigstens mal auf,was denn nun falsch war?? Würde mich nun doch mal interessieren....

PHP-Quellcode

PHP-Quellcode

Quellcode

Teilen