sibtracker/system/images.php

<?PHP
@session_start ();
@error_reporting ( E_ALL ^ E_NOTICE );
@ini_set ( 'display_errors', true );
@ini_set ( 'html_errors', false );
@ini_set ( 'error_reporting', E_ALL ^ E_NOTICE );

define ( 'DATALIFEENGINE', true );
define( 'ROOT_DIR', substr( dirname(  __FILE__ ), 0, -7 ) );
define( 'SYSTEM_DIR', ROOT_DIR . '/system' );

extract ( $_REQUEST, EXTR_SKIP );
require SYSTEM_DIR . "/data/config.php";
require_once SYSTEM_DIR . '/classes/mysql.php';
require_once SYSTEM_DIR . "/data/dbconfig.php";
require_once SYSTEM_DIR . "/inc/include/functions.inc.php";

check_xss ();

if ($_COOKIE['dle_skin']) {
	if (@is_dir ( ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'] )) {
		$config['skin'] = $_COOKIE['dle_skin'];
	}
}

include_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng';

$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];

$user_group = $cache->get( "usergroup" );
if( ! $user_group ) {$user_group = array ();
	$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
	while ( $row = $db->get_row() ) {$user_group[$row['id']] = array ();
		foreach ( $row as $key => $value ) {$user_group[$row['id']][$key] = stripslashes($value);}
	}
    $cache->set( "usergroup", $user_group );
	$db->free();
}

include_once SYSTEM_DIR . '/modules/sitelogin.php';

if (! $is_logged) {die ( "<br><br><br><br><center>$lang[err_notlogged]</center>" );}
if (! $user_group[$member_id['user_group']]['allow_image_upload'] and $member_id['user_group'] != 1) {die ( "<br><br><br><br><center>$lang[err_noupload]</center>" );}

$_REQUEST['news_id'] = (intval ( $_REQUEST['add_id'] )) ? intval ( $_REQUEST['add_id'] ) : '0';
$_REQUEST['action'] = "quick";
$_REQUEST['author'] = $member_id['name'];

if ( $_REQUEST['news_id'] ) {
	$row = $db->super_query( "SELECT id, autor, approve FROM " . PREFIX . "_post WHERE id = '".intval($_REQUEST['news_id'])."'" );
	if ( !$row['id'] OR $row['approve'] OR $row['autor'] != $member_id['name'] ) die( "Hacking attempt!" );
}

$action = "quick";
$author = $member_id['name'];
define( 'LOGGED_IN', true );

require_once SYSTEM_DIR . '/inc/files.php';
?>