function print_directory_images($dir)
{
$filelist = array_filter(scandir($dir), "is_image");
if (empty($filelist)) {
return;
}
$init = array_slice($filelist, 0, count($filelist) - 1);
$last = end($filelist);
foreach ($init as $fname) {
echo format_filename($dir, $fname) . ",\n";
}
echo format_filename($dir, $last) . "\n";
}
function format_filename($filename)
{
$base_path = "photos/";
//Folder to store all uploaded photos
$filename = strtolower(str_replace(' ', '_', $filename));
//Remove whitespace from filenames & make lowercase
$filename = str_replace('\\"', '', $filename);
//Remove double-quotes from filenames
$filename = str_replace("\\'", '', $filename);
//Remove single-quotes from filenames
$target_path = array('base' => $base_path, 'filename' => $filename);
return $target_path;
}
//****************************************************************************************
if (isset($_POST['MAX_FILE_SIZE'])) {
$targets = format_filename(basename($_FILES['uploadedfile']['name']));
$target_path = $targets['base'] . $targets['filename'];
$status = check_uploaded_file($_FILES['uploadedfile']['tmp_name']);
// $status['success'] (0,1) - $status['desc'] (text)
$size = array('width' => 0, 'height' => 0);
//Holds final dimensions of resized image
if ($status['success']) {
if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
//if(!is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) {
//if(!resize($_FILES['uploadedfile']['tmp_name'], $target_path)) {
$status['success'] = 0;
$status['desc'] = "Unable to accept file, try again later.<br>\n";
} elseif (!resize($target_path, $target_path, $size)) {
//file was successfully moved onto the server
$status['success'] = 0;
$status['desc'] = "Unable to resize file.<br>\n";
$new_name = $_POST['new_name'];
$directory = $PUBLIC_HTML_DIR . $dir;
$path = $directory . $file;
if ($file == "") {
die(xml_response('alert', $DLG['select_file']));
}
if (!file_exists($path)) {
die(xml_response('error', $DLG['file_not_found'] . " [b]({$file})[/b]"));
}
if (!validate_path($path)) {
die(xml_response('error', $DLG['invalid_dir'] . " [b]({$dir}{$file})[/b]"));
}
if (!is_writable($path)) {
die(xml_response('error', $DLG['no_permission'] . " [b]({$file})[/b]"));
}
$new_filename = format_filename($new_name);
if (ereg("[^a-zA-Z0-9._-]", $new_filename)) {
die(xml_response('alert', $DLG['invalid_filename']));
}
$info = swampy_pathinfo($path);
$ext = $info['extension'] != "" ? "." . $info['extension'] : "";
$nfile = $new_filename . $ext;
if (file_exists($directory . $nfile)) {
die(xml_response('alert', $DLG['file_exists']));
}
foreach ($IMAGE_FORMATS as $format) {
$ext = $format['ext'] ? "." . $format['ext'] : "." . $info['extension'];
$format_path = $directory . $format['dir'] . $info['filename'] . $ext;
if (file_exists($format_path)) {
if (!rename($format_path, $directory . $format['dir'] . $new_filename . $ext)) {
die(xml_response('error', $DLG['rename_failure']));
function format_h_w_image($str)
{
$fields = explode(' ', $str);
if (count($fields) != 3) {
return '';
}
list($width, $height, $filename) = $fields;
$width = format_int_0($width);
$height = format_int_0($height);
$filename = format_filename($filename);
return "{$width} {$height} {$filename}";
}
function edit_line($idx, $php_self)
{
$error = '';
$description = mydb::cxn()->real_escape_string($_POST['description']);
$fuel_model_list = "";
if (isset($_POST['fuel_model_1']) && $_POST['fuel_model_1'] == "on") {
$fuel_model_list .= "1,";
}
if (isset($_POST['fuel_model_2']) && $_POST['fuel_model_2'] == "on") {
$fuel_model_list .= "2,";
}
if (isset($_POST['fuel_model_3']) && $_POST['fuel_model_3'] == "on") {
$fuel_model_list .= "3,";
}
if (isset($_POST['fuel_model_4']) && $_POST['fuel_model_4'] == "on") {
$fuel_model_list .= "4,";
}
if (isset($_POST['fuel_model_5']) && $_POST['fuel_model_5'] == "on") {
$fuel_model_list .= "5,";
}
if (strlen($fuel_model_list) > 0) {
$fuel_model_list = substr($fuel_model_list, 0, strlen($fuel_model_list) - 1);
} else {
$error .= "You must select at least one fuel model<br>\n";
}
$unix_date = strtotime($_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day']);
//Convert date into unix timestamp
$latitude_decimal = "";
$longitude_decimal = "";
if ($_POST['latitude_degrees'] != "") {
$_POST['longitude_degrees'] < 0 ? true : ($_POST['longitude_degrees'] = $_POST['longitude_degrees'] * -1);
// Longitude is negative in the western hemisphere
$latitude_decimal = $_POST['latitude_degrees'] + $_POST['latitude_minutes'] / 60;
$longitude_decimal = $_POST['longitude_degrees'] + $_POST['longitude_minutes'] / 60;
}
//Deal with uploaded files
if ($_FILES['uploadedfile']['name'] != "") {
$targets = format_filename(basename($_FILES['uploadedfile']['name']));
$target_path = $targets['base'] . $targets['filename'];
if (trim($_POST['file_description']) == '') {
$file_description = basename($_FILES['uploadedfile']['name']);
} else {
$file_description = mydb::cxn()->real_escape_string($_POST['file_description']);
}
$status = check_uploaded_file($_FILES['uploadedfile']['tmp_name']);
// $status['success'] (0,1) - $status['desc'] (text)
if ($status['success']) {
if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
$status['success'] = 0;
$status['desc'] = "Unable to accept file, try again later.<br>\n";
} else {
// File successfully uploaded, now add an entry in the database
$result = mydb::cxn()->query("insert into incident_files(file_path,file_description, incident_id) " . "values(\"assets/" . $targets['filename'] . "\",\"" . $file_description . "\"," . $idx . ")") or die("Saving file failed: " . mydb::cxn()->error);
}
}
// end 'if($status['success'])'
}
//Check for at least one crewmember on the roster
$need_crewmembers = 1;
$result = mydb::cxn()->query("\tSELECT concat(crewmembers.firstname, ' ', crewmembers.lastname) as name, crewmembers.id as id\n\t\t\t\t\t\t\t\t\tFROM crewmembers inner join roster\n\t\t\t\t\t\t\t\t\tON crewmembers.id = roster.id\n\t\t\t\t\t\t\t\t\tWHERE roster.year like '" . $_POST['year'] . "'\n\t\t\t\t\t\t\t\t\tORDER BY name");
while ($row = $result->fetch_assoc()) {
if (isset($_POST[$row['id']]) && $_POST[$row['id']] == "on") {
$need_crewmembers = 0;
}
}
if ($need_crewmembers) {
$error .= "You must select at least one crewmember<br>\n";
}
//Check the rest of the fields
if (!preg_match("/\\b[a-zA-Z]{2}-\\b[a-zA-Z0-9]{3,5}-\\b[0-9]{6}/i", trim($_POST['number']))) {
$error .= "Incident number must be in the form: OR-OCF-123456 (You entered: " . $_POST['number'] . ")<br>\n";
}
/* if(!preg_match("/\b[0-9a-zA-Z]{6}\b/i",$_POST['code'])) $error .= "P-Code must be 6 characters! (You entered: ".$_SESSION['form_field5'].")<br>\n";
if(!preg_match("/\b[0-9]{4}\b/",$_POST['override'])) $error .= "Override Code must be a 4-digit number! (You entered: ".$_SESSION['form_field6'].")<br>\n";
if(!preg_match('/\b[0-9]*\.?[0-9]+\b/',$_POST['size'])) $error .= "Acreage must be a numeric value! (You entered: ".$_SESSION['form_field7'].")<br>\n";
if(!preg_match('/\b[1-5]{1}\b/',$_POST['type'])) $error .= "ICT (Management Type) must be a numeric value, 1 - 5 (You entered: ".$_SESSION['form_field8'].")<br>\n";
*/
if ($error == '') {
$insert_query = "\tUPDATE incidents\n\t\t\t\t\t\t\tSET date\t= from_unixtime(" . $unix_date . "),\n\t\t\t\t\t\t\tevent_type\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['event_type']))) . "',\n\t\t\t\t\t\t\tnumber\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['number']))) . "',\n\t\t\t\t\t\t\tname\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['name']))) . "',\n\t\t\t\t\t\t\tcode\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['code']))) . "',\n\t\t\t\t\t\t\toverride\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['override']))) . "',\n\t\t\t\t\t\t\tsize\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['size']))) . "',\n\t\t\t\t\t\t\ttype\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['type']))) . "',\n\t\t\t\t\t\t\tfuel_models = '" . $fuel_model_list . "',\n\t\t\t\t\t\t\tdescription = '" . $description . "',\n\t\t\t\t\t\t\tlatitude_degrees = '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['latitude_degrees']))) . "',\n\t\t\t\t\t\t\tlatitude_minutes = '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['latitude_minutes']))) . "',\n\t\t\t\t\t\t\tlongitude_degrees= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['longitude_degrees']))) . "',\n\t\t\t\t\t\t\tlongitude_minutes= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['longitude_minutes']))) . "'\n\t\t\t\t\t\t\tWHERE idx LIKE '" . $idx . "'";
mydb::cxn()->query($insert_query) or die("Error updating item in the incidents database: " . mydb::cxn()->error);
//Clear the current incident roster before setting the new roster
$result = mydb::cxn()->query("\tDELETE from incident_roster\n\t\t\t\t\t\t\t\t\t\tWHERE idx like '" . $idx . "'");
//Get current crew roster & create new incident roster
$result = mydb::cxn()->query("\tSELECT firstname, lastname, concat(crewmembers.firstname, ' ', crewmembers.lastname) as name, crewmembers.id as id\n\t\t\t\t\t\t\t\t\t\tFROM crewmembers inner join roster\n\t\t\t\t\t\t\t\t\t\tON crewmembers.id = roster.id\n\t\t\t\t\t\t\t\t\t\tWHERE roster.year like '" . $_POST['year'] . "'");
$max_shifts = 0;
$roster_string = "";
while ($row = $result->fetch_assoc()) {
if (isset($_POST[$row['id']]) && $_POST[$row['id']] == "on") {
if ($_POST['shifts-' . $row['id']] == '') {
$shifts = 'null';
} else {
$shifts = $_POST['shifts-' . $row['id']];
if ($shifts > $max_shifts) {
$max_shifts = $shifts;
}
}
$query = "insert into incident_roster (idx, crewmember_id, role, qt, shifts)\n\t\t\t\t\t\t\t values (" . $idx . "," . $row['id'] . ",'" . $_POST['role-' . $row['id']] . "','" . $_POST['qt-' . $row['id']] . "'," . $shifts . ")";
mydb::cxn()->query($query) or die("Error adding incident roster: " . $query . " -- : -- " . mydb::cxn()->error);
$roster_string .= $row['name'] . " (" . strtoupper($_POST['role-' . $row['id']]) . " (" . strtoupper($_POST['qt-' . $row['id']]) . "), " . $shifts . " shifts)\n";
}
}
//Delete the Google Calendar entry for this event, then create a new Calendar event with the updated details
/* if(trim($_POST['name']) != '') $g_title = ucwords(trim($_POST['name']));
else $g_title = strtoupper(trim($_POST['number']));
$g_start_date =date('Y-m-d',$unix_date);
$g_end_date = date('Y-m-d',mktime(0, 0, 0, date("m",$unix_date) , date("d",$unix_date)+$max_shifts, date("Y",$unix_date)));
if(strtolower(trim($_POST['name'])) != "") $g_fire_name = " (".ucwords(trim($_POST['name'])).")";
else $g_fire_name = "";
$g_description = "Incident: ".strtoupper(trim($_POST['number']))
.$g_fire_name.",\n"
.strtoupper(trim($_POST['code']))." / "
.strtolower(trim($_POST['override'])).",\n"
.strtolower(trim($_POST['size']))." Acres,\n"
."Complexity: ".strtolower(trim($_POST['type']))."\n\n"
.$description."\n\n"
.$roster_string;
$result = mydb::cxn()->query("SELECT g_cal_eventUrl FROM incidents WHERE idx = ".$idx);
$row = $result->fetch_assoc();
$eventUrl = $row['g_cal_eventUrl'];
//g_cal_deleteEventByUrl(g_cal_authenticate(), $eventUrl);
if($latitude_decimal != "") $g_where = $latitude_decimal . " " . $longitude_decimal;
else $g_where = "";
$new_cal_id = g_cal_createEvent (g_cal_authenticate(), $g_title, $g_description, $g_where, $g_start_date,'0', $g_end_date,'0','-08');
$result = mydb::cxn()->query("UPDATE incidents SET g_cal_eventUrl = \"".$new_cal_id."\" WHERE idx = ".$idx);
*/
$_SESSION['form_field1'] = '';
$_SESSION['form_field2'] = '';
$_SESSION['form_field3'] = '';
$_SESSION['form_field4'] = '';
$_SESSION['form_field5'] = '';
$_SESSION['form_field6'] = '';
$_SESSION['form_field7'] = '';
$_SESSION['form_field8'] = '';
$_SESSION['form_field9'] = '';
$_SESSION['form_field10'] = '';
$_SESSION['form_field11'] = '';
$_SESSION['form_field12'] = '';
$_SESSION['form_field13'] = '';
$_SESSION['form_field14'] = '';
$_SESSION['form_field15'] = '';
$_SESSION['form_field16'] = '';
echo "<span class=\"highlight1\" style=\"display:block\">Incident successfully updated!</span><br />";
} else {
echo "<span class=\"highlight1\" style=\"display:block\">" . $error . "</span><br />";
//Repopulate form fields with current values to make it easy to correct
$_SESSION['form_field1'] = $_POST['month'];
$_SESSION['form_field2'] = $_POST['day'];
$_SESSION['form_field3'] = htmlentities($_POST['number']);
$_SESSION['form_field4'] = htmlentities($_POST['name']);
$_SESSION['form_field5'] = htmlentities($_POST['code']);
$_SESSION['form_field6'] = htmlentities($_POST['override']);
$_SESSION['form_field7'] = htmlentities($_POST['size']);
$_SESSION['form_field8'] = htmlentities($_POST['type']);
$_SESSION['form_field9'] = htmlentities($_POST['description']);
//$_SESSION['form_field10'] = htmlentities($_POST['event_type']); //Handled
$_SESSION['form_field11'] = htmlentities($_POST['latitude_degrees']);
$_SESSION['form_field12'] = htmlentities($_POST['latitude_minutes']);
$_SESSION['form_field13'] = htmlentities($_POST['latitude_seconds']);
$_SESSION['form_field14'] = htmlentities($_POST['longitude_degrees']);
$_SESSION['form_field15'] = htmlentities($_POST['longitude_minutes']);
$_SESSION['form_field16'] = htmlentities($_POST['longitude_seconds']);
}
return;
}
}
if (!is_writable($directory)) {
die(msg('error', $DLG['no_permission']));
}
if (!validate_path($dir)) {
die(msg('error', $DLG['invalid_dir'] . " <b>({$directory})</b>"));
}
if ($_POST['upload']) {
//cheking is file selected
if ($_FILES['file']['name'] == "") {
die(stopUpload('alert', $DLG['select_file']));
}
$info = swampy_pathinfo($_FILES['file']['name']);
$ext = $info['extension'] != "" ? "." . $info['extension'] : "";
$file = $_POST['filename'] != "" ? $_POST['filename'] . $ext : $info['filename'] . $ext;
$file = format_filename($file);
//cheking file name
if (ereg("[^a-zA-Z0-9._-]", $file)) {
die(stopUpload('alert', $DLG['invalid_filename']));
}
//check is file name exists
if (file_exists($directory . $file)) {
die(stopUpload('alert', $DLG['file_exists']));
}
umask(02);
//uploadig file
if (!copy($_FILES['file']['tmp_name'], $directory . $file)) {
die(stopUpload('error', $DLG['upload_failure']));
}
$msg = rawurlencode("<b>'{$file}'</b> {$DLG['upload_success']}<br><a href=\"javascript:browser.insertFile('{$file}');\">{$DLG['insert_uploaded']}</a>");
die(stopUpload('done', $msg));
$result = mydb::cxn()->query($query);
if (!mydb::cxn()->error) {
$status = array('success' => 1, 'desc' => "Crewmember has been added to the " . $_POST['year'] . " roster");
} else {
$status = array('success' => 0, 'desc' => "Crewmember was NOT added to the roster. Try again later.");
}
unset($_POST['function']);
} elseif ($_POST['function'] == "modify_crewmember") {
$status = array('success' => 1, 'desc' => "");
if ($_FILES['uploadedfile']['name'] != "") {
$status = check_uploaded_file($_FILES['uploadedfile']);
//$status = array('success','desc');
if (!$status['success']) {
/*Bad form data - don't add to database... $status['desc'] holds the explanation already */
} else {
$targets = format_filename($_POST['firstname'], $_POST['lastname'], false);
$target_path = $targets['base'] . $targets['filename'];
if (!@move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
$status['success'] = 0;
$status['desc'] = "Unable to accept photo file, try again later.<br>\n";
} elseif (!resize($target_path, $target_path)) {
//file was successfully moved onto the server
$status['success'] = 0;
$status['desc'] = "Unable to resize photo.<br>\n";
} else {
// Photo successfully uploaded, now update entry in the database
$query = "update crewmembers set firstname = \"" . $_POST['firstname'] . "\", lastname = \"" . $_POST['lastname'] . "\", bio = \"" . nl2br(htmlentities($_POST['bio'], ENT_QUOTES)) . "\", headshot_filename = \"images/roster_headshots/" . $targets['filename'] . "\" where id like \"" . $_POST['id'] . "\"";
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != '') {
die("Modify crewmember info failed: " . mydb::cxn()->error . "<br>\n" . $query);
}
}
}
} else {
if ($content_type == 'pdf') {
$pg_content = $_POST['page_heading'] = $_POST['head_msg'] = $_POST['pg_content'] = '';
$_POST['meta_keywords'] = $_POST['meta_descr'] = '';
##/ Setup PDF file
if (is_uploaded_file(@$_FILES['pdf_content']['tmp_name'])) {
$up_type = $_FILES['pdf_content']['type'];
if ($up_type == 'application/pdf') {
$m_type = 'pdf';
}
//var_dump($up_type); die();
#/ Upload file
if ($m_type == 'pdf') {
$new_pdf_content = format_filename(@$_FILES['pdf_content']['name']);
if ($sp_id > 0) {
$cur_pdf_content = @$_POST["cur_pdf_content"];
if ($new_pdf_content != '' && $new_pdf_content != $cur_pdf_content) {
@unlink($up_path . $cur_pdf_content);
}
}
$ret = move_uploaded_file($_FILES['pdf_content']['tmp_name'], $up_path . $new_pdf_content);
if ($ret === false) {
$_SESSION["CUSA_ADMIN_MSG_GLOBAL"] = array(false, 'Unable to upload the PDF file! Please try again...');
if ($sp_id > 0) {
redirect_me("{$consts['DOC_ROOT_ADMIN']}{$cur_page}{$param2}&sp_id={$sp_id}", true);
} else {
redirect_me("{$consts['DOC_ROOT_ADMIN']}{$cur_page}{$param2}", true);
}
} else {
function write_doc(Reflector $obj, $type)
{
/* {{{ */
global $OPTION, $INFO, $TEMPLATE, $DOC_EXT;
switch ($type) {
case DOC_EXTENSION:
foreach ($DOC_EXT as $xml_file => $tpl_file) {
$filename = $OPTION['output'] . '/' . format_filename($xml_file);
$INFO['actual_file'] = $filename;
$content = file_get_contents(dirname(__FILE__) . '/' . $tpl_file);
if ($content = gen_extension_markup($obj, $content, $xml_file)) {
save_file($filename, global_check($content));
}
}
break;
/* Methods */
/* Methods */
case DOC_METHOD:
case DOC_CONSTRUCTOR:
$path = $OPTION['output'] . '/' . strtolower($obj->class);
$filename = $path . '/' . format_filename($obj->name) . '.xml';
create_dir($path);
$INFO['actual_file'] = $filename;
$INFO['mappeds'][] = $filename;
/* Mappeds */
if ($function = find_function($INFO['actual_extension'], $obj, NULL)) {
$content = file_get_contents(dirname(__FILE__) . '/mapping.tpl');
$content = gen_mapping_markup($obj, $function, $content);
$content = str_replace('{DEFAULT_EXAMPLE}', get_default_role('example_mapping', "{$obj->class}::{$obj->name}", $OPTION['example']), $content);
} else {
$content = file_get_contents(dirname(__FILE__) . '/' . $TEMPLATE[$type]);
$content = gen_method_markup($obj, $content);
$content = str_replace('{DEFAULT_EXAMPLE}', get_default_role('example', "{$obj->class}::{$obj->name}", $OPTION['example']), $content);
}
$content = str_replace('{DEFAULT_SEEALSO}', get_default_role('seealso', "{$obj->class}::{$obj->name}", $OPTION['seealso']), $content);
save_file($filename, global_check($content));
break;
/* Properties */
/* Properties */
case DOC_PROPERTY:
/* Doesn't exists separated file documenting property, actually
* they are documented in DOC_METHOD */
break;
/* Classes */
/* Classes */
case DOC_CLASS:
$path = $OPTION['output'];
$filename = $path . '/' . format_filename($obj->getName()) . '.xml';
$INFO['actual_file'] = $filename;
$content = file_get_contents(dirname(__FILE__) . '/' . $TEMPLATE[$type]);
$content = gen_class_markup($obj, $content);
/* classname.xml */
save_file($filename, global_check($content));
break;
case DOC_FUNCTION:
if ($method = find_function($INFO['actual_extension'], NULL, $obj)) {
$path = $OPTION['output'] . '/' . strtolower($method->class);
$filename = $path . '/' . format_filename($method->name) . '.xml';
if (in_array($filename, $INFO['mappeds'])) {
return;
}
create_dir($path);
$INFO['actual_file'] = $filename;
$content = file_get_contents(dirname(__FILE__) . '/mapping.tpl');
$content = gen_mapping_markup($method, $obj, $content);
$content = str_replace('{DEFAULT_EXAMPLE}', get_default_role('example_mapping', $obj->getName(), $OPTION['example']), $content);
} else {
$path = $OPTION['output'] . '/functions';
$filename = $path . '/' . format_filename($obj->getName()) . '.xml';
create_dir($path);
$INFO['actual_file'] = $filename;
$content = file_get_contents(dirname(__FILE__) . '/' . $TEMPLATE[$type]);
$content = gen_function_markup($obj, $content);
$content = str_replace('{DEFAULT_EXAMPLE}', get_default_role('example', $obj->getName(), $OPTION['example']), $content);
}
$content = str_replace('{DEFAULT_SEEALSO}', get_default_role('seealso', $obj->getName(), $OPTION['seealso']), $content);
save_file($filename, global_check($content));
break;
}
}
function make_logviewer($logskip, $page_link, $username = "******")
{
?>
<table class="box">
<tr>
<td class="box-headline">>> <?php
echo $GLOBALS['language']['transfers']['transfer_log'];
?>
</td>
</tr>
<tr>
<td>
<table class="box" style="border-style: none;">
<tr>
<?php
if ($username == "total") {
echo '<td width="*" class="box-pl" align="center">' . $GLOBALS['language']['util']['user'] . '</td>';
}
?>
<td width="100" class="box-pl" align="center"><?php
echo $GLOBALS['language']['util']['timestamp'];
?>
</td>
<td width="*" class="box-pl" align="center"><?php
echo $GLOBALS['language']['util']['filename'];
?>
</td>
<td width="*" class="box-pl" align="center"><?php
echo $GLOBALS['language']['util']['size'];
?>
</td>
<td width="80" class="box-pl" align="center"><?php
echo $GLOBALS['language']['util']['command'];
?>
</td>
<td width="50" class="box-pl" align="center"><?php
echo $GLOBALS['language']['util']['duration'];
?>
</td>
</tr>
<?php
$logitems = $GLOBALS['db']->get_stats_logs($logskip, $username);
makeNavBar(count($logitems), $username, $page_link);
foreach ($logitems as $log) {
if ($GLOBALS['config_userview_striplogpath']) {
if (substr($log["file"], 0, strlen($GLOBALS['config_ftp_root'])) == $GLOBALS['config_ftp_root']) {
$log["file"] = substr($log["file"], strlen($GLOBALS['config_ftp_root']) + 1);
}
}
echo '<tr onmouseover="if (typeof(this.style) != \'undefined\') this.className = \'overRow\';" onmouseout="if (typeof(this.style) != \'undefined\') this.className = \'\'">';
if ($username == "total") {
$uid = $GLOBALS['db']->get_UIDbyUSERNAME($log["userid"]);
if ($uid == -1) {
echo ' <td width="*" class="box-sel" align="left" valign="top">' . $log["userid"] . '</td>';
} else {
echo ' <td width="*" class="box-sel" align="left" valign="top">';
echo '<a href="user_view.php?viewID=' . $uid . '">';
echo $log["userid"];
echo '</a></td>';
}
}
echo ' <td width="90" class="box-sel" align="center" valign="top">' . $log["time"] . '</td>';
echo ' <td width="*" class="box-sel" align="left" valign="top">' . format_filename($log["file"]) . '</td>';
echo ' <td width="*" class="box-sel" align="right" valign="top">' . formatSize($log["size"]) . '</td>';
echo ' <td width="80" class="box-sel" align="center" valign="top">' . $log["command"] . '</td>';
echo ' <td width="50" class="box-sel" align="right" valign="top">' . $log["timespent"] . ' s</td>';
echo '</tr>';
}
makeNavBar(count($logitems), $username, $page_link);
?>
</table>
</td>
</tr>
</table>
<?php
}
function commit_requisition()
{
mydb::cxn()->autocommit(FALSE);
// Make this section TRANSACTIONAL
try {
// Check date format
$date = trim($_POST['date']);
if ($date == "") {
$date = date("m/d/Y");
}
//Use today's date if the date was left blank
$dates = explode("/", $date);
// The Date should be in the form: mm/dd/yyyy
if (!checkdate((int) $dates[0], (int) $dates[1], (int) $dates[2])) {
throw new Exception('The Date entered is not a valid date (dates must be in the form: mm/dd/yyyy)');
}
$amount = 0.0;
if (trim($_POST['order_total']) != "" && is_numeric($_POST['order_total'])) {
$amount = number_format(mydb::cxn()->real_escape_string(trim($_POST['order_total'])), 2, '.', '');
}
if (!isset($_POST['id']) || $_POST['id'] == '' || $_POST['id'] == 'new') {
// This is a NEW requisition entry
// If this is a wishlist item, determine the next priority number available (give this the lowest priority)
if ($_POST['card_used'] == 'wishlist') {
$result = mydb::cxn()->query("SELECT max(priority)+1 as nextpri FROM requisitions");
$row = $result->fetch_assoc();
$pri_field = ",priority";
$pri_value = "," . $row['nextpri'];
}
if (!get_magic_quotes_gpc()) {
$query = "INSERT INTO requisitions (vendor_info,description,amount,date,card_used" . $pri_field . ",added_by) " . "VALUES (\"" . mydb::cxn()->real_escape_string($_POST['vendor_info']) . "\",\"" . mydb::cxn()->real_escape_string($_POST['description']) . "\"," . $amount . ",str_to_date('" . $date . "','%m/%d/%Y')" . ",\"" . mydb::cxn()->real_escape_string($_POST['card_used']) . "\"" . $pri_value . ",\"" . $_POST['added_by'] . "\")";
} else {
$query = "INSERT INTO requisitions (vendor_info,description,amount,date,card_used" . $pri_field . ",added_by) " . "VALUES (\"" . $_POST['vendor_info'] . "\",\"" . $_POST['description'] . "\"," . $amount . ",str_to_date('" . $date . "','%m/%d/%Y')" . ",\"" . $_POST['card_used'] . "\"" . $pri_value . ",\"" . $_POST['added_by'] . "\")";
}
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != "") {
throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
}
$requisition_id = mydb::cxn()->insert_id;
} else {
// UPDATE an EXISTING requisition entry
// If this item is not on the wishlist, remove any existing priority
if ($_POST['card_used'] != 'wishlist') {
$priority = ",priority = NULL";
} else {
$priority = "";
}
//Don't change the priority with this UPDATE
if (!get_magic_quotes_gpc()) {
$query = "UPDATE requisitions " . "SET vendor_info = \"" . mydb::cxn()->real_escape_string($_POST['vendor_info']) . "\"" . ",description = \"" . mydb::cxn()->real_escape_string($_POST['description']) . "\"" . ",amount = " . $amount . ",date = str_to_date('" . $date . "','%m/%d/%Y')" . ",card_used = \"" . mydb::cxn()->real_escape_string($_POST['card_used']) . "\"" . ",added_by = \"" . $_POST['added_by'] . "\"" . $priority . " WHERE requisitions.id = " . mydb::cxn()->real_escape_string($_POST['id']);
} else {
$query = "UPDATE requisitions " . "SET vendor_info = \"" . $_POST['vendor_info'] . "\"" . ",description = \"" . $_POST['description'] . "\"" . ",amount = " . $amount . ",date = str_to_date('" . $date . "','%m/%d/%Y')" . ",card_used = \"" . $_POST['card_used'] . "\"" . ",added_by = \"" . $_POST['added_by'] . "\"" . $priority . " WHERE requisitions.id = " . $_POST['id'];
}
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != "") {
throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
}
$requisition_id = mydb::cxn()->real_escape_string($_POST['id']);
// Delete existing itemized entries to make room for the new POST'ed entries
// Make this section transactional....
$result = mydb::cxn()->query("DELETE FROM requisitions_split WHERE requisition_id = " . $requisition_id);
}
//Ensure that at least 1 split line gets stored, even if the dollar-amount is blank
if (trim($_POST['amount_1']) == "" || !is_numeric($_POST['amount_1']) || is_null($_POST['amount_1'])) {
$_POST['amount_1'] = "0.0";
}
for ($i = 1; $i <= $_SESSION['split_qty']; $i++) {
if ($_POST['amount_' . $i] != '') {
$query = "INSERT INTO requisitions_split (requisition_id, s_number, charge_code, override, amount, received, reconciled, comments) " . "VALUES (" . $requisition_id . ",\"" . mydb::cxn()->real_escape_string(strtoupper($_POST['s_number_' . $i])) . "\",\"" . mydb::cxn()->real_escape_string(strtoupper($_POST['charge_code_' . $i])) . "\",\"" . mydb::cxn()->real_escape_string($_POST['override_' . $i]) . "\"," . number_format(mydb::cxn()->real_escape_string($_POST['amount_' . $i]), 2, '.', '') . ",\"" . mydb::cxn()->real_escape_string($_POST['split_received_' . $i]) . "\",\"" . mydb::cxn()->real_escape_string($_POST['split_reconciled_' . $i]) . "\",\"" . mydb::cxn()->real_escape_string($_POST['split_comments_' . $i]) . "\")";
//echo $query;
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != "") {
// If an error occurs, rollback this entire transaction
/* mydb::cxn()->query("DELETE FROM requisitions WHERE id = ".$requisition_id);
mydb::cxn()->query("DELETE FROM requisitions_split WHERE requisition_id = ".$requisition_id);
*/
throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
}
}
}
for ($i = 1; $i <= 3; $i++) {
if ($_FILES['uploadedfile' . $i]['name'] != "") {
$status = check_uploaded_file($_FILES['uploadedfile' . $i]);
//$status = array('success','desc');
if (!$status['success']) {
/*Bad form data - don't add to database... $status['desc'] holds the explanation already */
} else {
$targets = format_filename($requisition_id, $i, $_FILES['uploadedfile' . $i]);
$target_path = $targets['base'] . $targets['filename'];
if (!@move_uploaded_file($_FILES['uploadedfile' . $i]['tmp_name'], $target_path)) {
throw new Exception('The file attachment couldn\'t be saved! Please check the file format and filesize.');
} else {
// File successfully uploaded, now update entry in the database
$query = "UPDATE requisitions SET attachment" . $i . " = \"" . $target_path . "\" WHERE id = " . $requisition_id;
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != "") {
throw new Exception("File attachment #" . $i . " could not be saved, but the requisition information was saved successfully.<br />\n" . mydb::cxn()->error);
}
}
}
}
//END if($_FILES['uploadedfile']['name'] != "")
}
//END for($i=1;$i<=3;$i++)
$_SESSION['form_memory']['requisition'] = array();
mydb::cxn()->commit();
mydb::cxn()->autocommit(TRUE);
} catch (Exception $e) {
mydb::cxn()->rollback();
mydb::cxn()->autocommit(TRUE);
throw new Exception($e->getMessage());
}
return;
}
/**
* Function upload_vdo
* PURPOSE: upload & rename Videos
*
* $field_name = file name
* $up_loc = upload location for the file. Like '../img/clients'
* $img_title = File Title (mainly used for errors)
* $insert_name_part = Insert Part in File Name at the end (forexample '_t1')
*/
function upload_vdo($field_name, $up_loc, $img_title, $insert_name_part = '', $error_sess_name = 'CUSA_MSG_GLOBAL', $array_index = 0)
{
global $_FILES, $_SESSION;
$new_c_image = '';
if (isset($_FILES[$field_name]) && @is_array($_FILES[$field_name]) && @is_array($_FILES[$field_name]['tmp_name'])) {
$tmp_name = @$_FILES[$field_name]['tmp_name'][$array_index];
$name = @$_FILES[$field_name]['name'][$array_index];
} else {
$tmp_name = @$_FILES[$field_name]['tmp_name'];
$name = @$_FILES[$field_name]['name'];
}
if (is_uploaded_file($tmp_name)) {
$t1 = explode('.', format_str(format_filename($name)));
$t1[0] = substr($t1[0], 0, 10);
if ($array_index == 0) {
$tmx = time();
$tmx = substr($tmx, 0, strlen($tmx) - 2);
} else {
$tmx = str_replace('.', '_', microtime(true));
}
$new_c_image = strtolower($t1[0]) . '_' . $tmx . $insert_name_part . '.' . strtolower($t1[count($t1) - 1]);
$ret = false;
$ret = move_uploaded_file($tmp_name, $up_loc . $new_c_image);
if ($ret === false) {
$new_c_image = '';
$dname = format_str($name);
$_SESSION[$error_sess_name] = array(false, "ERROR saving {$img_title} ({$dname})!");
} else {
//$new_c_image.= '.'.strtolower($t1[count($t1)-1]);
}
}
return $new_c_image;
}
</tr>
<tr>
<td></td>
<td><input type="checkbox" class="checkbox" id="new_greyscale" name="new_greyscale" /><label for="new_greyscale"><?php echo $lng['form_greyscale']; ?></label></td>
</tr>
</table>
</fieldset>
<input type="submit" id="insert" value="<?php echo $lng['form_submit']; ?>" />
</form>
<?php
//create directory and show results
if(isset($_GET['newdir'])) {
$new_title = format_filename($_GET['newdir']);
if(!is_dir($_GET['viewdir'] . '/' . $new_title)) {
if(mkdir($_GET['viewdir'] . '/' . $new_title, 0777)) {
echo '<p class="successful">"' . $new_title . '"' . $lng['message_created_folder'] . '</p>';
} else {
echo '<p class="failed">' . $lng['message_cannot_create'] . '"' . $new_title . '"!<br />' . $lng['message_cannot_write'] . '</p>';
}
} else {
echo '<p class="failed">' . $lng['message_cannot_create'] . '"' . $new_title . '"!<br />' . $lng['message_exists'] . '</p>';
}
}
//remove unnecessary files
if(isset($_GET['deletefile'])) {
if(!file_exists($_GET['viewdir'] . '/' . $_GET['deletefile'])) {
echo '<p class="failed">' . $lng['message_cannot_delete_nonexist'] . '</p>';
