header("Location: ". $_GET['redirect'] . "?" . $uQueryString); exit; } else { header("Location: ". $_GET['redirect']); exit; } } else { unset($_SESSION['admin']); header("Location: index.php"); exit; } $mrr_cookie=createuuid(); } } if($error == '' && isset($_GET['error'])) { if($_GET['error'] == 1) $error = $lang['login_error1']; if($_GET['error'] == 2) $error = $lang['login_error2']; if($_GET['error'] == 3) $error = $lang['login_error3']; } if(!isset($_POST['email'])) $_POST['email'] = ""; if(!isset($_POST['id_email_forgot'])) $_POST['id_email_forgot'] = ""; ?> <? include('header.php')?>
function get_user_cert() { global $defaultsarray; $sql = " select * from attached_files where xref_id = '".sql_friendly($_POST['user_id'])."' and section_id = '".sql_friendly(SECTION_CERTIFICATES)."' and deleted = 0 order by id desc "; $data = simple_query($sql); $msg = ""; if(!mysqli_num_rows($data)) { $file = ''; $file2 = ''; $rslt = 0; $msg = "Could not locate certificate for user ".$_POST['user_id']."."; } else { $row = mysqli_fetch_array($data); if($row['filename']!="") { $file = "documents/".$row['filename']; if($row['public_flag']==0) { $uuid = createuuid(); // copy the file to a temp location to view $tmp_filename = "temp/".$uuid.$row['filename']; copy($defaultsarray['base_path'].'/uploads/'.$row['filename'], $defaultsarray['base_path'].'public_html/'.$tmp_filename); $tmp_filename=str_replace("#",'%23',$tmp_filename); //File name is truncated if the '#' letter is found. 'test_file#1234.jpg' becomes 'test_file'. File won't be found. $file=$tmp_filename; } } $rslt = 1; } display_xml_response("<rslt>$rslt</rslt><msg><![CDATA[".$msg."]]></msg><File><![CDATA[".$file."]]></File>"); }
"; simple_query($sql); if($row['linedate_viewed'] == "0000-00-00 00:00:00") { $sql = " update log_email set linedate_viewed = now() where id = '$row[id]' "; simple_query($sql); } if($row['tmp_filename'] == '') { $file_uuid = createuuid(); $file_ext = get_file_ext($row['attachment']); $tmp_filename = "$file_uuid.$file_ext"; $sql = " update log_email set tmp_filename = '".sql_friendly($tmp_filename)."' where id = '".sql_friendly($row['id'])."' "; simple_query($sql); } else { $tmp_filename = $row['tmp_filename'];
if (!file_exists($new_folder)) { mkdir($new_folder); } $file_ext = get_file_ext($_FILES['Filedata']['name']); $new_filename = get_unique_filename($new_folder, $_FILES['Filedata']['name']); $curdate = 0; if (move_uploaded_file($_FILES['Filedata']['tmp_name'], $new_folder . $new_filename)) { $curdate = mrr_pull_image_created_date($new_folder . $new_filename); $rslt = 1; } else { $rslt = 0; } $user_id = 0; $store_id = 0; $merchant_id = 0; if (isset($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; } if (isset($_SESSION['store_id'])) { $store_id = $_SESSION['store_id']; } if (isset($_SESSION['merchant_id'])) { $merchant_id = $_SESSION['merchant_id']; } //log that file was uploaded... $sql = "\r\n\t\tinsert into attached_files\r\n\t\t\t(linedate_added,\r\n\t\t\tlinedate_created,\r\n\t\t\tfilename,\r\n\t\t\tfilesize,\r\n\t\t\tsection_id,\r\n\t\t\txref_id,\r\n\t\t\tdeleted,\r\n\t\t\taccess_level,\r\n\t\t\tuuid,\r\n\t\t\tmerchant_id,\r\n\t\t\tstore_id,\r\n\t\t\tuser_id)\r\n\t\t\t\r\n\t\tvalues (now(),\r\n\t\t\t'" . sql_friendly($curdate) . "',\r\n\t\t\t'" . sql_friendly($new_filename) . "',\r\n\t\t\t'" . sql_friendly($_FILES['Filedata']['size']) . "',\r\n\t\t\t'" . sql_friendly($_POST['section_id']) . "',\r\n\t\t\t'" . sql_friendly($_POST['xref_id']) . "',\r\n\t\t\t0,\r\n\t\t\t'" . sql_friendly($def_access) . "',\r\n\t\t\t'" . createuuid() . "',\r\n\t\t\t'" . sql_friendly($merchant_id) . "',\r\n\t\t\t'" . sql_friendly($store_id) . "',\r\n\t\t\t'" . sql_friendly($user_id) . "')\r\n\t"; simple_query($sql); //$iid=mysql_insert_id(); } ?> 1