„;
} else {
$err = „Fehler bei Datenbank-Verbindung: “ . mysql_error();
die($err);
}
if($_SESSION[‚team‘]==““){
header(‚Location:../../teammanager/‘);
}
if(isset($_GET[‚acti‘]) == true) {
$acti = $_GET[‚acti‘];
}else{
$acti = ‚check‘;}
if(isset($_POST[’submit‘]) == true) {
$subm = $_POST[’submit‘];
}else{
$subm = ‚check‘;}
if(isset($_GET[‚pid‘]) == true) {
$pid = $_GET[‚pid‘];
}else if (isset($_POST[‚pid‘])){
$pid = $_POST[‚pid‘];
}else{
$pid = 0;
}
$sql1 = „select * from player where PID = „. $pid ;
if($ergebnis = mysql_query($sql1, $db)) {
while($treffer = mysql_fetch_assoc($ergebnis)) {
$pid = $treffer[„PID“];
$vname =$treffer[„VName“];
$nname =$treffer[„NName“];
$bday =$treffer[„BDay“];
$bmonth =$treffer[„BMonth“];
$byear =$treffer[„BYear“];
$mail = $treffer[„Mail“];
}
}
?>
false );
$movefile = wp_handle_upload( $uploadedfile, $upload_overrides );
if (strtolower(substr($movefile[„file“],-3))== „jpg“ or strtolower(substr($movefile[„file“],-3))== „gif“ or strtolower(substr($movefile[„file“],-3))== „png“) {
if ( $movefile ) {
// echo „File is valid, and was successfully uploaded.\n“;
rename ($movefile[„file“],“/home/catiooca/paintballbundesliga.at/wp-content/uploads/tmmgr/playerpics/pid“ . $pid . „.jpg“);
//var_dump( $movefile);
$sql9 = „update player set Pic = 1 where PID =“ . $pid ;
if($ergebnis = mysql_query($sql9, $db)) {
while($treffer = mysql_fetch_assoc($ergebnis)) {
}
}
unlink ($movefile[„file“]);
} else {
echo „Possible file upload attack!\n“;
}
}else{
echo „Falsches Dateiformat“;
unlink ($movefile[„file“]);
}
header(‚Location:../../teammanager/logged-in‘);
}
}
?>
