root/afridex/plugins/Flutter/RCCWP_upload.php

<?php
require( dirname(__FILE__) . '/../../../wp-config.php' );
if (!(is_user_logged_in() && current_user_can('edit_posts')))
        die("Athentication failed!");
?>

<html>
<head>

<?php

if (isset($_POST['fileframe'])) 
{
        $operationSuccess = "false";
        // A file is uploaded
        if (isset($_FILES['file']) && (!empty($_FILES['file']['tmp_name'])))  // file was send from browser
        {
                
                if ($_FILES['file']['error'] == UPLOAD_ERR_OK)  // no error
                {
                        $special_chars = array (' ','`','"','\'','\\','/'," ","#","$","%","^","&","*","!","~","‘","\"","’","'","=","?","/","[","]","(",")","|","<",">",";","\\",",");
                        $filename = str_replace($special_chars,'',$_FILES['file']['name']);
                        $filename = time() . $filename;
                        @move_uploaded_file( $_FILES['file']['tmp_name'], dirname(__FILE__) . '/files_flutter/' . $filename );
                        @chmod(dirname(__FILE__) . '/files_flutter/' . $filename, 0644);

//                      $result_msg = 'The file '.$_FILES['file']['name'].' was uploaded successfuly. Please remember to click the save button.';
                        $result_msg = "<font color=\"green\"><b>Successful upload!</b></font>" ;
                        $operationSuccess = "true";
                }
                elseif ($_FILES['file']['error'] == UPLOAD_ERR_INI_SIZE)
                        $result_msg = 'The uploaded file exceeds the maximum upload limit';
                else 
//                      $result_msg = 'The upload failed';
                        $result_msg = "<font color=\"red\"><b>Upload Unsuccessful!</b></font>";
        
        }

        // If operation is success, make sure the file was created properly
        if ($operationSuccess == "true"){
                if ($fp_check_file = @fopen(dirname(__FILE__) . '/files_flutter/' . $filename, 'rb')) {
                        fclose($fp_check_file);
                }
                else{
                        $operationSuccess = "false";
                        $result_msg = "Failed to upload the file!";
                }
                
        }


        

?>

        <script language="javascript">

                // The code that runs after the file is uploaded
        var par = window.parent.document;
                var iframe = par.getElementById('upload_internal_iframe_<?php echo $_POST["input_name"]?>');
                par.getElementById('upload_progress_<?php echo $_POST["input_name"]?>').innerHTML = '<?php echo $result_msg?>';
                iframe.style.display="";

                if (<?php echo $operationSuccess?>){
                        par.getElementById("<?php echo $_POST["input_name"]?>").value = "<?php echo $filename?>";
                        
                        //Set image
                        <?php
                                $newImagePath = FLUTTER_URI.'phpThumb.php?&w=150&h=120&src='.urlencode(FLUTTER_URI.'files_flutter/'.$filename);
                                include_once("RCCWP_WritePostPage.php") ;
                                $edit_anchor = RCCWP_WritePostPage::snipshot_anchor($newImagePath) ;
                                if (isset($_POST['imageThumbID'])){ 
                        ?>
                                if( par.getElementById('<?php echo $_POST['imageThumbID']; ?>') )
                                {
                                        par.getElementById('<?php echo $_POST['imageThumbID']; ?>').src = "<?php echo $newImagePath;?>";
                                        var s = "<a class='thickbox' href='#impossible_location' onclick=\"call_thickbox('<?php echo $edit_anchor ?>')\" >";
                                        var e = "<strong onclick=prepareUpdatePhoto('<?php echo $_POST['input_name'] ?>')>Edit</strong> </a>" ;
                                        par.getElementById("photo_edit_link_<?php echo $_POST['input_name'] ?>").innerHTML = s+e ;
                                }
                        <?php } ?>
                }
                
                
                
        </script>


<?php
        //exit()

}
?>

<script language="javascript">
function upload(){
        // hide old iframe
        var par = window.parent.document;

        var iframe = par.getElementById('upload_internal_iframe_<?php echo $_GET["input_name"]?>');
        iframe.style.display="none";//height = '0px';
                
        // update progress
        par.getElementById('upload_progress_<?php echo $_GET["input_name"]?>').style.visibility = "visible";
        par.getElementById('upload_progress_<?php echo $_GET["input_name"]?>').style.height = "auto";
        par.getElementById('upload_progress_<?php echo $_GET["input_name"]?>').innerHTML = "Transferring ";


        setTimeout("transferring(0)",1000);
        
        // send 
        document.iform.submit();
        
        //iframe.style.visibility = 'hidden';
        //par.getElementById('upload_progress').style.visibility = "hidden";
}

function transferring(dots){
        
        newString = "Transferring ";
        for (var x=1; x<=dots; x++) {
                newString = newString + ".";
        } 
        
        var par = window.parent.document;

        // update progress
        if (par.getElementById('upload_progress_<?php echo $_GET["input_name"]?>').innerHTML.substring(0,5) != "Trans") return;
        par.getElementById('upload_progress_<?php echo $_GET["input_name"]?>').innerHTML = newString;
        if (dots == 4) dots = 0; else dots = dots + 1;
        setTimeout("transferring("+dots+")",1000) ;
        
}

</script>
<style>
body {
        padding: 0px;
        margin: 0px;
        vertical-align:top;
}
</style>
<link rel='stylesheet' href='<?php echo get_bloginfo('wpurl');?>/wp-admin/css/global.css' type='text/css' />
<link rel='stylesheet' href='<?php echo get_bloginfo('wpurl');?>/wp-admin/wp-admin.css' type='text/css' />
<link rel='stylesheet' href='<?php echo get_bloginfo('wpurl');?>/wp-admin/css/colors-fresh.css' type='text/css' />
<style>
body {
        background: transparent;
}
</style>


</head>
<body>


<form name="iform" action="" method="post" enctype="multipart/form-data">

        <input type="hidden" name="fileframe" value="true" />
        
        <?php   
                if (isset($_GET['imageThumbID'])) {
                        echo '<input type="hidden" name="imageThumbID" value="'.$_GET['imageThumbID'].'" />';
                }

                if (isset($_GET['inputSize'])){
                        $inputSize = $_GET['inputSize'];
                }
        ?>
        

        <table border="0" style="width:100%">

                <tr>
                        <?php if($_GET['canvas']!=0){ ?>
                                <td width=17%><label for="file">File:</label><br />
                                <input id="file" type="file" name="file" onchange="upload()" size="<?php echo $inputSize; ?>"/></td>
                        <?php }else{ ?>
                                <td width=17%><label for="file">File:</label></td>
                                <td><input id="file" type="file" name="file" onchange="upload()" size="<?php echo $inputSize; ?>"/></td>
                        <?php } ?>
                </tr>

        </table>

        
        <input type="hidden" name="fileframe" value="true" />
        <input type="hidden" name="imgnum" />
        <input type="hidden" name="input_name" value="<?php echo $_GET["input_name"]?>" />
        <input type="hidden" name="type" value="<?php echo $_GET["type"]?>" />
</form>
</body>
</html>