dees heb ik voor iemand gemaakt
t'is ni bepaald 100% veilig ma t'is enkel langs de adminzijde sow... 
nu ik erop terugkijk heb ik precies vrij excentrieke methodes gebruikt om die spullen te adden 
gah, ik werk normaalgezien ni zo 
PHP Code:
<?php
if(!defined('ASH_IN'))
{
die('HACKING ATEMPT');
}
$a = new ash;
if($_COOKIE['admin'] != true) {
// echo "error...";
$a->login();
} else {
include("config.php");
include("mysql_connect.php");
if($_GET['listallimages'] != 1) {
$name = addslashes($_POST['name']);
$make = addslashes($_POST['make']);
$model = addslashes($_POST['model']);
$specs = addslashes($_POST['specs']);
$comment = addslashes($_POST['comment']);
if(isset($name)) {
if(is_file("./images/".$_FILES['file']['name'])) {
echo "File already exists... please take another filename...<br />";
}
else {
if($_GET['go'] == 1) {
$sql1 = "INSERT INTO `cars` (`name`,`make`,`model`,`specs`,`comment`) VALUES ('".$name."','".$make."','".$model."','".$specs."','".$comment."')";
if(@!mysql_query($sql1)){
die("<br /> Error... : ".mysql_error());
}
$sqlquery = "INSERT INTO `images` (`pid`,`name`,`file`) VALUES ('".mysql_insert_id()."','".$name."', '".$_FILES['file']['name']."')";
if(@!mysql_query($sqlquery)){
die("<br /> Error... : ".mysql_error());
}
else {
if(@move_uploaded_file($_FILES['file']['tmp_name'], "./images/".$_FILES['file']['name'])) {
echo "Successfull!<br /><br />";
}
// print "<pre>";print_r($_FILES);print "</pre>";
// echo "name : ".$name;
// echo "<br /><img src=\"images/".$_FILES['file']['name']."\" />\n";
// echo "<br /><br /> You can now access this file @ <a href=\"http://".$_SERVER["SERVER_NAME"].$path."images/"
// .$_FILES['file']['name']."\">".$_SERVER["SERVER_NAME"].$path."images/".$_FILES['file']['name']."</a><br />";
}
}
}
}
?>
<form action="index.php?page=admin&go=1" method="post" enctype="multipart/form-data">
name : <br /><input type="text" name="name" /><br />
make : <br /><input type="text" name="make" /><br />
model : <br /><input type="text" name="model" /><br />
specs : <br /><textarea cols="70" rows="10" wrap="virtual" name="specs"></textarea><br />
comment : <br /><textarea cols="70" rows="10" wrap="virtual" name="comment"></textarea><br />
file : <br /><input type="file" name="file" /><br />
Maximum 8 MB!<br />
<input type="submit" value="upload!" />
</form>
<br /><a href="index.php?page=admin&listallimages=1">List all images!</a><br />
<a href="checklogin.php?logout=1">Log out!</a><br /><br />
<?php echo $path;
} else { ?>
<a href="index.php?page=admin">Upload images</a><br /><br /><br />
<?php
$result = mysql_query("SELECT `id`,`name`,`file`"
." FROM `images` ORDER BY `id` DESC")
or die("Could not get contents, ".mysql_error());
while ($row = mysql_fetch_array($result)) {
echo "id : #".$row['id']." - name : ".$row['name']."<br />"
."Image : <img src=\"images/".$row['file']."\" /><br /><br /><hr /><br />\n";
} mysql_free_result($result);
}
} ?>
& config.php
waarom ik die str_replace's heb gebruikt wetek ni, ik kon gewoon evengoe dirname(__FILE__) doen 
PHP Code:
<?php
// Config.php
// last touched : 23.10.2004
// nothing to put here yet...
$sqlhost = "127.0.0.1"; # SQL host, just leave it :)
$sqluser = "..."; # SQL username
$sqlpass = "..."; # SQL password
$sqldb = "ash"; # SQL database, just keep it like this
// $path = "/a5h/" # the path of the script (used for uploading script (WITH TRAILING '/' !!)
// no longer used...
/* DON'T TOUCH! */
$path = str_replace("addcar.php", "", __FILE__);
$path = str_replace("config.php", "", __FILE__);
/* DON'T TOUCH */
?>