/** * Add a file to the submission queue * * Most of the code in this function has been lifted from the File Management * plugin's submit.php * */ function submit_file($submitter, $filename, $title, $desc, $version, $homepage, $cid = 0) { global $_CONF, $_USER, $_FM_TABLES, $_FMDOWNLOAD, $filemgmt_FileStore; $myts = new MyTextSanitizer(); // MyTextSanitizer object $name = basename($filename); $url = rawurlencode($name); $name = $myts->makeTboxData4Save($name); $url = $myts->makeTboxData4Save($url); if (DB_count($_FM_TABLES['filemgmt_filedetail'], 'url', $name) > 0) { COM_errorLog("FM submit_file: file '" . $name . "' already exists in DB"); return false; } $title = $myts->makeTboxData4Save($title); $homepage = $myts->makeTboxData4Save($homepage); $version = $myts->makeTboxData4Save($version); $size = sprintf('%u', filesize($filename)); $description = $myts->makeTareaData4Save($desc); //$comments = ($_CONF['comment_code'] == 0) ? 1 : 0; $comments = 0; // prefer no comments on Geeklog tarballs $date = time(); $tmpfilename = randomfilename(); $uploadfilename = basename($filename); $pos = strrpos($uploadfilename, '.') + 1; $fileExtension = strtolower(substr($uploadfilename, $pos)); if (array_key_exists($fileExtension, $_FMDOWNLOAD)) { if ($_FMDOWNLOAD[$fileExtension] == 'reject') { COM_errorLog("FM submit_file: file extension '" . $fileExtension . "' not allowed."); return false; } $fileExtension = $_FMDOWNLOAD[$fileExtension]; $tmpfilename = $tmpfilename . '.' . $fileExtension; $pos = strrpos($url, '.') + 1; $url = strtolower(substr($url, 0, $pos)) . $fileExtension; } else { $tmpfilename = $tmpfilename . '.' . $fileExtension; } // would have preferred rename (i.e. move), but ran into file permission // problems on www.geeklog.net ... copy($filename, $filemgmt_FileStore . 'tmp/' . $tmpfilename); $logourl = ''; DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, homepage, version, size, platform, logourl, submitter, status, date, hits, rating, votes, comments) VALUES ('{$cid}', '{$title}', '{$url}', '{$homepage}', '{$version}', '{$size}', '{$tmpfilename}', '{$logourl}', '{$submitter}', 0, '{$date}', 0, 0, 0, '{$comments}')"); $newid = DB_insertId(); DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')"); return true; }
$eh->show("1108"); } if (!empty($_POST['cid'])) { $cid = (int) COM_applyFilter($_POST['cid'], true); } else { $cid = 0; $eh->show("1109"); } $AddNewFile = false; // Set true if fileupload was sucessfull $name = $myts->makeTboxData4Save($name); $title = $myts->makeTboxData4Save($_POST['title']); $homepage = $myts->makeTboxData4Save($_POST['homepage']); $version = $myts->makeTboxData4Save($_POST['version']); $size = intval($_FILES['newfile']['size']); $description = $myts->makeTareaData4Save($_POST['description']); $comments = (int) COM_applyFilter($_POST['commentoption'], true); $date = time(); $tmpfilename = randomfilename(); // Determine write group access to this category $grp_writeaccess = DB_getItem($_TABLES['filemgmt_cat'], 'grp_writeaccess', "cid=" . (int) $cid); if (SEC_inGroup($grp_writeaccess)) { $directUploadAccess = true; } else { $directUploadAccess = false; } // Upload New file if ($uploadfilename != '') { $pos = strrpos($uploadfilename, '.') + 1; $fileExtension = strtolower(substr($uploadfilename, $pos)); if (array_key_exists($fileExtension, $_FMDOWNLOAD)) {