function print_directory_images($dir) { $filelist = array_filter(scandir($dir), "is_image"); if (empty($filelist)) { return; } $init = array_slice($filelist, 0, count($filelist) - 1); $last = end($filelist); foreach ($init as $fname) { echo format_filename($dir, $fname) . ",\n"; } echo format_filename($dir, $last) . "\n"; }
function format_filename($filename) { $base_path = "photos/"; //Folder to store all uploaded photos $filename = strtolower(str_replace(' ', '_', $filename)); //Remove whitespace from filenames & make lowercase $filename = str_replace('\\"', '', $filename); //Remove double-quotes from filenames $filename = str_replace("\\'", '', $filename); //Remove single-quotes from filenames $target_path = array('base' => $base_path, 'filename' => $filename); return $target_path; } //**************************************************************************************** if (isset($_POST['MAX_FILE_SIZE'])) { $targets = format_filename(basename($_FILES['uploadedfile']['name'])); $target_path = $targets['base'] . $targets['filename']; $status = check_uploaded_file($_FILES['uploadedfile']['tmp_name']); // $status['success'] (0,1) - $status['desc'] (text) $size = array('width' => 0, 'height' => 0); //Holds final dimensions of resized image if ($status['success']) { if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { //if(!is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) { //if(!resize($_FILES['uploadedfile']['tmp_name'], $target_path)) { $status['success'] = 0; $status['desc'] = "Unable to accept file, try again later.<br>\n"; } elseif (!resize($target_path, $target_path, $size)) { //file was successfully moved onto the server $status['success'] = 0; $status['desc'] = "Unable to resize file.<br>\n";
$new_name = $_POST['new_name']; $directory = $PUBLIC_HTML_DIR . $dir; $path = $directory . $file; if ($file == "") { die(xml_response('alert', $DLG['select_file'])); } if (!file_exists($path)) { die(xml_response('error', $DLG['file_not_found'] . " [b]({$file})[/b]")); } if (!validate_path($path)) { die(xml_response('error', $DLG['invalid_dir'] . " [b]({$dir}{$file})[/b]")); } if (!is_writable($path)) { die(xml_response('error', $DLG['no_permission'] . " [b]({$file})[/b]")); } $new_filename = format_filename($new_name); if (ereg("[^a-zA-Z0-9._-]", $new_filename)) { die(xml_response('alert', $DLG['invalid_filename'])); } $info = swampy_pathinfo($path); $ext = $info['extension'] != "" ? "." . $info['extension'] : ""; $nfile = $new_filename . $ext; if (file_exists($directory . $nfile)) { die(xml_response('alert', $DLG['file_exists'])); } foreach ($IMAGE_FORMATS as $format) { $ext = $format['ext'] ? "." . $format['ext'] : "." . $info['extension']; $format_path = $directory . $format['dir'] . $info['filename'] . $ext; if (file_exists($format_path)) { if (!rename($format_path, $directory . $format['dir'] . $new_filename . $ext)) { die(xml_response('error', $DLG['rename_failure']));
function format_h_w_image($str) { $fields = explode(' ', $str); if (count($fields) != 3) { return ''; } list($width, $height, $filename) = $fields; $width = format_int_0($width); $height = format_int_0($height); $filename = format_filename($filename); return "{$width} {$height} {$filename}"; }
function edit_line($idx, $php_self) { $error = ''; $description = mydb::cxn()->real_escape_string($_POST['description']); $fuel_model_list = ""; if (isset($_POST['fuel_model_1']) && $_POST['fuel_model_1'] == "on") { $fuel_model_list .= "1,"; } if (isset($_POST['fuel_model_2']) && $_POST['fuel_model_2'] == "on") { $fuel_model_list .= "2,"; } if (isset($_POST['fuel_model_3']) && $_POST['fuel_model_3'] == "on") { $fuel_model_list .= "3,"; } if (isset($_POST['fuel_model_4']) && $_POST['fuel_model_4'] == "on") { $fuel_model_list .= "4,"; } if (isset($_POST['fuel_model_5']) && $_POST['fuel_model_5'] == "on") { $fuel_model_list .= "5,"; } if (strlen($fuel_model_list) > 0) { $fuel_model_list = substr($fuel_model_list, 0, strlen($fuel_model_list) - 1); } else { $error .= "You must select at least one fuel model<br>\n"; } $unix_date = strtotime($_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day']); //Convert date into unix timestamp $latitude_decimal = ""; $longitude_decimal = ""; if ($_POST['latitude_degrees'] != "") { $_POST['longitude_degrees'] < 0 ? true : ($_POST['longitude_degrees'] = $_POST['longitude_degrees'] * -1); // Longitude is negative in the western hemisphere $latitude_decimal = $_POST['latitude_degrees'] + $_POST['latitude_minutes'] / 60; $longitude_decimal = $_POST['longitude_degrees'] + $_POST['longitude_minutes'] / 60; } //Deal with uploaded files if ($_FILES['uploadedfile']['name'] != "") { $targets = format_filename(basename($_FILES['uploadedfile']['name'])); $target_path = $targets['base'] . $targets['filename']; if (trim($_POST['file_description']) == '') { $file_description = basename($_FILES['uploadedfile']['name']); } else { $file_description = mydb::cxn()->real_escape_string($_POST['file_description']); } $status = check_uploaded_file($_FILES['uploadedfile']['tmp_name']); // $status['success'] (0,1) - $status['desc'] (text) if ($status['success']) { if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { $status['success'] = 0; $status['desc'] = "Unable to accept file, try again later.<br>\n"; } else { // File successfully uploaded, now add an entry in the database $result = mydb::cxn()->query("insert into incident_files(file_path,file_description, incident_id) " . "values(\"assets/" . $targets['filename'] . "\",\"" . $file_description . "\"," . $idx . ")") or die("Saving file failed: " . mydb::cxn()->error); } } // end 'if($status['success'])' } //Check for at least one crewmember on the roster $need_crewmembers = 1; $result = mydb::cxn()->query("\tSELECT concat(crewmembers.firstname, ' ', crewmembers.lastname) as name, crewmembers.id as id\n\t\t\t\t\t\t\t\t\tFROM crewmembers inner join roster\n\t\t\t\t\t\t\t\t\tON crewmembers.id = roster.id\n\t\t\t\t\t\t\t\t\tWHERE roster.year like '" . $_POST['year'] . "'\n\t\t\t\t\t\t\t\t\tORDER BY name"); while ($row = $result->fetch_assoc()) { if (isset($_POST[$row['id']]) && $_POST[$row['id']] == "on") { $need_crewmembers = 0; } } if ($need_crewmembers) { $error .= "You must select at least one crewmember<br>\n"; } //Check the rest of the fields if (!preg_match("/\\b[a-zA-Z]{2}-\\b[a-zA-Z0-9]{3,5}-\\b[0-9]{6}/i", trim($_POST['number']))) { $error .= "Incident number must be in the form: OR-OCF-123456 (You entered: " . $_POST['number'] . ")<br>\n"; } /* if(!preg_match("/\b[0-9a-zA-Z]{6}\b/i",$_POST['code'])) $error .= "P-Code must be 6 characters! (You entered: ".$_SESSION['form_field5'].")<br>\n"; if(!preg_match("/\b[0-9]{4}\b/",$_POST['override'])) $error .= "Override Code must be a 4-digit number! (You entered: ".$_SESSION['form_field6'].")<br>\n"; if(!preg_match('/\b[0-9]*\.?[0-9]+\b/',$_POST['size'])) $error .= "Acreage must be a numeric value! (You entered: ".$_SESSION['form_field7'].")<br>\n"; if(!preg_match('/\b[1-5]{1}\b/',$_POST['type'])) $error .= "ICT (Management Type) must be a numeric value, 1 - 5 (You entered: ".$_SESSION['form_field8'].")<br>\n"; */ if ($error == '') { $insert_query = "\tUPDATE incidents\n\t\t\t\t\t\t\tSET date\t= from_unixtime(" . $unix_date . "),\n\t\t\t\t\t\t\tevent_type\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['event_type']))) . "',\n\t\t\t\t\t\t\tnumber\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['number']))) . "',\n\t\t\t\t\t\t\tname\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['name']))) . "',\n\t\t\t\t\t\t\tcode\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['code']))) . "',\n\t\t\t\t\t\t\toverride\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['override']))) . "',\n\t\t\t\t\t\t\tsize\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['size']))) . "',\n\t\t\t\t\t\t\ttype\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['type']))) . "',\n\t\t\t\t\t\t\tfuel_models = '" . $fuel_model_list . "',\n\t\t\t\t\t\t\tdescription = '" . $description . "',\n\t\t\t\t\t\t\tlatitude_degrees = '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['latitude_degrees']))) . "',\n\t\t\t\t\t\t\tlatitude_minutes = '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['latitude_minutes']))) . "',\n\t\t\t\t\t\t\tlongitude_degrees= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['longitude_degrees']))) . "',\n\t\t\t\t\t\t\tlongitude_minutes= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['longitude_minutes']))) . "'\n\t\t\t\t\t\t\tWHERE idx LIKE '" . $idx . "'"; mydb::cxn()->query($insert_query) or die("Error updating item in the incidents database: " . mydb::cxn()->error); //Clear the current incident roster before setting the new roster $result = mydb::cxn()->query("\tDELETE from incident_roster\n\t\t\t\t\t\t\t\t\t\tWHERE idx like '" . $idx . "'"); //Get current crew roster & create new incident roster $result = mydb::cxn()->query("\tSELECT firstname, lastname, concat(crewmembers.firstname, ' ', crewmembers.lastname) as name, crewmembers.id as id\n\t\t\t\t\t\t\t\t\t\tFROM crewmembers inner join roster\n\t\t\t\t\t\t\t\t\t\tON crewmembers.id = roster.id\n\t\t\t\t\t\t\t\t\t\tWHERE roster.year like '" . $_POST['year'] . "'"); $max_shifts = 0; $roster_string = ""; while ($row = $result->fetch_assoc()) { if (isset($_POST[$row['id']]) && $_POST[$row['id']] == "on") { if ($_POST['shifts-' . $row['id']] == '') { $shifts = 'null'; } else { $shifts = $_POST['shifts-' . $row['id']]; if ($shifts > $max_shifts) { $max_shifts = $shifts; } } $query = "insert into incident_roster (idx, crewmember_id, role, qt, shifts)\n\t\t\t\t\t\t\t values (" . $idx . "," . $row['id'] . ",'" . $_POST['role-' . $row['id']] . "','" . $_POST['qt-' . $row['id']] . "'," . $shifts . ")"; mydb::cxn()->query($query) or die("Error adding incident roster: " . $query . " -- : -- " . mydb::cxn()->error); $roster_string .= $row['name'] . " (" . strtoupper($_POST['role-' . $row['id']]) . " (" . strtoupper($_POST['qt-' . $row['id']]) . "), " . $shifts . " shifts)\n"; } } //Delete the Google Calendar entry for this event, then create a new Calendar event with the updated details /* if(trim($_POST['name']) != '') $g_title = ucwords(trim($_POST['name'])); else $g_title = strtoupper(trim($_POST['number'])); $g_start_date =date('Y-m-d',$unix_date); $g_end_date = date('Y-m-d',mktime(0, 0, 0, date("m",$unix_date) , date("d",$unix_date)+$max_shifts, date("Y",$unix_date))); if(strtolower(trim($_POST['name'])) != "") $g_fire_name = " (".ucwords(trim($_POST['name'])).")"; else $g_fire_name = ""; $g_description = "Incident: ".strtoupper(trim($_POST['number'])) .$g_fire_name.",\n" .strtoupper(trim($_POST['code']))." / " .strtolower(trim($_POST['override'])).",\n" .strtolower(trim($_POST['size']))." Acres,\n" ."Complexity: ".strtolower(trim($_POST['type']))."\n\n" .$description."\n\n" .$roster_string; $result = mydb::cxn()->query("SELECT g_cal_eventUrl FROM incidents WHERE idx = ".$idx); $row = $result->fetch_assoc(); $eventUrl = $row['g_cal_eventUrl']; //g_cal_deleteEventByUrl(g_cal_authenticate(), $eventUrl); if($latitude_decimal != "") $g_where = $latitude_decimal . " " . $longitude_decimal; else $g_where = ""; $new_cal_id = g_cal_createEvent (g_cal_authenticate(), $g_title, $g_description, $g_where, $g_start_date,'0', $g_end_date,'0','-08'); $result = mydb::cxn()->query("UPDATE incidents SET g_cal_eventUrl = \"".$new_cal_id."\" WHERE idx = ".$idx); */ $_SESSION['form_field1'] = ''; $_SESSION['form_field2'] = ''; $_SESSION['form_field3'] = ''; $_SESSION['form_field4'] = ''; $_SESSION['form_field5'] = ''; $_SESSION['form_field6'] = ''; $_SESSION['form_field7'] = ''; $_SESSION['form_field8'] = ''; $_SESSION['form_field9'] = ''; $_SESSION['form_field10'] = ''; $_SESSION['form_field11'] = ''; $_SESSION['form_field12'] = ''; $_SESSION['form_field13'] = ''; $_SESSION['form_field14'] = ''; $_SESSION['form_field15'] = ''; $_SESSION['form_field16'] = ''; echo "<span class=\"highlight1\" style=\"display:block\">Incident successfully updated!</span><br />"; } else { echo "<span class=\"highlight1\" style=\"display:block\">" . $error . "</span><br />"; //Repopulate form fields with current values to make it easy to correct $_SESSION['form_field1'] = $_POST['month']; $_SESSION['form_field2'] = $_POST['day']; $_SESSION['form_field3'] = htmlentities($_POST['number']); $_SESSION['form_field4'] = htmlentities($_POST['name']); $_SESSION['form_field5'] = htmlentities($_POST['code']); $_SESSION['form_field6'] = htmlentities($_POST['override']); $_SESSION['form_field7'] = htmlentities($_POST['size']); $_SESSION['form_field8'] = htmlentities($_POST['type']); $_SESSION['form_field9'] = htmlentities($_POST['description']); //$_SESSION['form_field10'] = htmlentities($_POST['event_type']); //Handled $_SESSION['form_field11'] = htmlentities($_POST['latitude_degrees']); $_SESSION['form_field12'] = htmlentities($_POST['latitude_minutes']); $_SESSION['form_field13'] = htmlentities($_POST['latitude_seconds']); $_SESSION['form_field14'] = htmlentities($_POST['longitude_degrees']); $_SESSION['form_field15'] = htmlentities($_POST['longitude_minutes']); $_SESSION['form_field16'] = htmlentities($_POST['longitude_seconds']); } return; }
} if (!is_writable($directory)) { die(msg('error', $DLG['no_permission'])); } if (!validate_path($dir)) { die(msg('error', $DLG['invalid_dir'] . " <b>({$directory})</b>")); } if ($_POST['upload']) { //cheking is file selected if ($_FILES['file']['name'] == "") { die(stopUpload('alert', $DLG['select_file'])); } $info = swampy_pathinfo($_FILES['file']['name']); $ext = $info['extension'] != "" ? "." . $info['extension'] : ""; $file = $_POST['filename'] != "" ? $_POST['filename'] . $ext : $info['filename'] . $ext; $file = format_filename($file); //cheking file name if (ereg("[^a-zA-Z0-9._-]", $file)) { die(stopUpload('alert', $DLG['invalid_filename'])); } //check is file name exists if (file_exists($directory . $file)) { die(stopUpload('alert', $DLG['file_exists'])); } umask(02); //uploadig file if (!copy($_FILES['file']['tmp_name'], $directory . $file)) { die(stopUpload('error', $DLG['upload_failure'])); } $msg = rawurlencode("<b>'{$file}'</b> {$DLG['upload_success']}<br><a href=\"javascript:browser.insertFile('{$file}');\">{$DLG['insert_uploaded']}</a>"); die(stopUpload('done', $msg));
$result = mydb::cxn()->query($query); if (!mydb::cxn()->error) { $status = array('success' => 1, 'desc' => "Crewmember has been added to the " . $_POST['year'] . " roster"); } else { $status = array('success' => 0, 'desc' => "Crewmember was NOT added to the roster. Try again later."); } unset($_POST['function']); } elseif ($_POST['function'] == "modify_crewmember") { $status = array('success' => 1, 'desc' => ""); if ($_FILES['uploadedfile']['name'] != "") { $status = check_uploaded_file($_FILES['uploadedfile']); //$status = array('success','desc'); if (!$status['success']) { /*Bad form data - don't add to database... $status['desc'] holds the explanation already */ } else { $targets = format_filename($_POST['firstname'], $_POST['lastname'], false); $target_path = $targets['base'] . $targets['filename']; if (!@move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { $status['success'] = 0; $status['desc'] = "Unable to accept photo file, try again later.<br>\n"; } elseif (!resize($target_path, $target_path)) { //file was successfully moved onto the server $status['success'] = 0; $status['desc'] = "Unable to resize photo.<br>\n"; } else { // Photo successfully uploaded, now update entry in the database $query = "update crewmembers set firstname = \"" . $_POST['firstname'] . "\", lastname = \"" . $_POST['lastname'] . "\", bio = \"" . nl2br(htmlentities($_POST['bio'], ENT_QUOTES)) . "\", headshot_filename = \"images/roster_headshots/" . $targets['filename'] . "\" where id like \"" . $_POST['id'] . "\""; $result = mydb::cxn()->query($query); if (mydb::cxn()->error != '') { die("Modify crewmember info failed: " . mydb::cxn()->error . "<br>\n" . $query); }
} } } else { if ($content_type == 'pdf') { $pg_content = $_POST['page_heading'] = $_POST['head_msg'] = $_POST['pg_content'] = ''; $_POST['meta_keywords'] = $_POST['meta_descr'] = ''; ##/ Setup PDF file if (is_uploaded_file(@$_FILES['pdf_content']['tmp_name'])) { $up_type = $_FILES['pdf_content']['type']; if ($up_type == 'application/pdf') { $m_type = 'pdf'; } //var_dump($up_type); die(); #/ Upload file if ($m_type == 'pdf') { $new_pdf_content = format_filename(@$_FILES['pdf_content']['name']); if ($sp_id > 0) { $cur_pdf_content = @$_POST["cur_pdf_content"]; if ($new_pdf_content != '' && $new_pdf_content != $cur_pdf_content) { @unlink($up_path . $cur_pdf_content); } } $ret = move_uploaded_file($_FILES['pdf_content']['tmp_name'], $up_path . $new_pdf_content); if ($ret === false) { $_SESSION["CUSA_ADMIN_MSG_GLOBAL"] = array(false, 'Unable to upload the PDF file! Please try again...'); if ($sp_id > 0) { redirect_me("{$consts['DOC_ROOT_ADMIN']}{$cur_page}{$param2}&sp_id={$sp_id}", true); } else { redirect_me("{$consts['DOC_ROOT_ADMIN']}{$cur_page}{$param2}", true); } } else {
function write_doc(Reflector $obj, $type) { /* {{{ */ global $OPTION, $INFO, $TEMPLATE, $DOC_EXT; switch ($type) { case DOC_EXTENSION: foreach ($DOC_EXT as $xml_file => $tpl_file) { $filename = $OPTION['output'] . '/' . format_filename($xml_file); $INFO['actual_file'] = $filename; $content = file_get_contents(dirname(__FILE__) . '/' . $tpl_file); if ($content = gen_extension_markup($obj, $content, $xml_file)) { save_file($filename, global_check($content)); } } break; /* Methods */ /* Methods */ case DOC_METHOD: case DOC_CONSTRUCTOR: $path = $OPTION['output'] . '/' . strtolower($obj->class); $filename = $path . '/' . format_filename($obj->name) . '.xml'; create_dir($path); $INFO['actual_file'] = $filename; $INFO['mappeds'][] = $filename; /* Mappeds */ if ($function = find_function($INFO['actual_extension'], $obj, NULL)) { $content = file_get_contents(dirname(__FILE__) . '/mapping.tpl'); $content = gen_mapping_markup($obj, $function, $content); $content = str_replace('{DEFAULT_EXAMPLE}', get_default_role('example_mapping', "{$obj->class}::{$obj->name}", $OPTION['example']), $content); } else { $content = file_get_contents(dirname(__FILE__) . '/' . $TEMPLATE[$type]); $content = gen_method_markup($obj, $content); $content = str_replace('{DEFAULT_EXAMPLE}', get_default_role('example', "{$obj->class}::{$obj->name}", $OPTION['example']), $content); } $content = str_replace('{DEFAULT_SEEALSO}', get_default_role('seealso', "{$obj->class}::{$obj->name}", $OPTION['seealso']), $content); save_file($filename, global_check($content)); break; /* Properties */ /* Properties */ case DOC_PROPERTY: /* Doesn't exists separated file documenting property, actually * they are documented in DOC_METHOD */ break; /* Classes */ /* Classes */ case DOC_CLASS: $path = $OPTION['output']; $filename = $path . '/' . format_filename($obj->getName()) . '.xml'; $INFO['actual_file'] = $filename; $content = file_get_contents(dirname(__FILE__) . '/' . $TEMPLATE[$type]); $content = gen_class_markup($obj, $content); /* classname.xml */ save_file($filename, global_check($content)); break; case DOC_FUNCTION: if ($method = find_function($INFO['actual_extension'], NULL, $obj)) { $path = $OPTION['output'] . '/' . strtolower($method->class); $filename = $path . '/' . format_filename($method->name) . '.xml'; if (in_array($filename, $INFO['mappeds'])) { return; } create_dir($path); $INFO['actual_file'] = $filename; $content = file_get_contents(dirname(__FILE__) . '/mapping.tpl'); $content = gen_mapping_markup($method, $obj, $content); $content = str_replace('{DEFAULT_EXAMPLE}', get_default_role('example_mapping', $obj->getName(), $OPTION['example']), $content); } else { $path = $OPTION['output'] . '/functions'; $filename = $path . '/' . format_filename($obj->getName()) . '.xml'; create_dir($path); $INFO['actual_file'] = $filename; $content = file_get_contents(dirname(__FILE__) . '/' . $TEMPLATE[$type]); $content = gen_function_markup($obj, $content); $content = str_replace('{DEFAULT_EXAMPLE}', get_default_role('example', $obj->getName(), $OPTION['example']), $content); } $content = str_replace('{DEFAULT_SEEALSO}', get_default_role('seealso', $obj->getName(), $OPTION['seealso']), $content); save_file($filename, global_check($content)); break; } }
function make_logviewer($logskip, $page_link, $username = "******") { ?> <table class="box"> <tr> <td class="box-headline">>> <?php echo $GLOBALS['language']['transfers']['transfer_log']; ?> </td> </tr> <tr> <td> <table class="box" style="border-style: none;"> <tr> <?php if ($username == "total") { echo '<td width="*" class="box-pl" align="center">' . $GLOBALS['language']['util']['user'] . '</td>'; } ?> <td width="100" class="box-pl" align="center"><?php echo $GLOBALS['language']['util']['timestamp']; ?> </td> <td width="*" class="box-pl" align="center"><?php echo $GLOBALS['language']['util']['filename']; ?> </td> <td width="*" class="box-pl" align="center"><?php echo $GLOBALS['language']['util']['size']; ?> </td> <td width="80" class="box-pl" align="center"><?php echo $GLOBALS['language']['util']['command']; ?> </td> <td width="50" class="box-pl" align="center"><?php echo $GLOBALS['language']['util']['duration']; ?> </td> </tr> <?php $logitems = $GLOBALS['db']->get_stats_logs($logskip, $username); makeNavBar(count($logitems), $username, $page_link); foreach ($logitems as $log) { if ($GLOBALS['config_userview_striplogpath']) { if (substr($log["file"], 0, strlen($GLOBALS['config_ftp_root'])) == $GLOBALS['config_ftp_root']) { $log["file"] = substr($log["file"], strlen($GLOBALS['config_ftp_root']) + 1); } } echo '<tr onmouseover="if (typeof(this.style) != \'undefined\') this.className = \'overRow\';" onmouseout="if (typeof(this.style) != \'undefined\') this.className = \'\'">'; if ($username == "total") { $uid = $GLOBALS['db']->get_UIDbyUSERNAME($log["userid"]); if ($uid == -1) { echo ' <td width="*" class="box-sel" align="left" valign="top">' . $log["userid"] . '</td>'; } else { echo ' <td width="*" class="box-sel" align="left" valign="top">'; echo '<a href="user_view.php?viewID=' . $uid . '">'; echo $log["userid"]; echo '</a></td>'; } } echo ' <td width="90" class="box-sel" align="center" valign="top">' . $log["time"] . '</td>'; echo ' <td width="*" class="box-sel" align="left" valign="top">' . format_filename($log["file"]) . '</td>'; echo ' <td width="*" class="box-sel" align="right" valign="top">' . formatSize($log["size"]) . '</td>'; echo ' <td width="80" class="box-sel" align="center" valign="top">' . $log["command"] . '</td>'; echo ' <td width="50" class="box-sel" align="right" valign="top">' . $log["timespent"] . ' s</td>'; echo '</tr>'; } makeNavBar(count($logitems), $username, $page_link); ?> </table> </td> </tr> </table> <?php }
function commit_requisition() { mydb::cxn()->autocommit(FALSE); // Make this section TRANSACTIONAL try { // Check date format $date = trim($_POST['date']); if ($date == "") { $date = date("m/d/Y"); } //Use today's date if the date was left blank $dates = explode("/", $date); // The Date should be in the form: mm/dd/yyyy if (!checkdate((int) $dates[0], (int) $dates[1], (int) $dates[2])) { throw new Exception('The Date entered is not a valid date (dates must be in the form: mm/dd/yyyy)'); } $amount = 0.0; if (trim($_POST['order_total']) != "" && is_numeric($_POST['order_total'])) { $amount = number_format(mydb::cxn()->real_escape_string(trim($_POST['order_total'])), 2, '.', ''); } if (!isset($_POST['id']) || $_POST['id'] == '' || $_POST['id'] == 'new') { // This is a NEW requisition entry // If this is a wishlist item, determine the next priority number available (give this the lowest priority) if ($_POST['card_used'] == 'wishlist') { $result = mydb::cxn()->query("SELECT max(priority)+1 as nextpri FROM requisitions"); $row = $result->fetch_assoc(); $pri_field = ",priority"; $pri_value = "," . $row['nextpri']; } if (!get_magic_quotes_gpc()) { $query = "INSERT INTO requisitions (vendor_info,description,amount,date,card_used" . $pri_field . ",added_by) " . "VALUES (\"" . mydb::cxn()->real_escape_string($_POST['vendor_info']) . "\",\"" . mydb::cxn()->real_escape_string($_POST['description']) . "\"," . $amount . ",str_to_date('" . $date . "','%m/%d/%Y')" . ",\"" . mydb::cxn()->real_escape_string($_POST['card_used']) . "\"" . $pri_value . ",\"" . $_POST['added_by'] . "\")"; } else { $query = "INSERT INTO requisitions (vendor_info,description,amount,date,card_used" . $pri_field . ",added_by) " . "VALUES (\"" . $_POST['vendor_info'] . "\",\"" . $_POST['description'] . "\"," . $amount . ",str_to_date('" . $date . "','%m/%d/%Y')" . ",\"" . $_POST['card_used'] . "\"" . $pri_value . ",\"" . $_POST['added_by'] . "\")"; } $result = mydb::cxn()->query($query); if (mydb::cxn()->error != "") { throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error); } $requisition_id = mydb::cxn()->insert_id; } else { // UPDATE an EXISTING requisition entry // If this item is not on the wishlist, remove any existing priority if ($_POST['card_used'] != 'wishlist') { $priority = ",priority = NULL"; } else { $priority = ""; } //Don't change the priority with this UPDATE if (!get_magic_quotes_gpc()) { $query = "UPDATE requisitions " . "SET vendor_info = \"" . mydb::cxn()->real_escape_string($_POST['vendor_info']) . "\"" . ",description = \"" . mydb::cxn()->real_escape_string($_POST['description']) . "\"" . ",amount = " . $amount . ",date = str_to_date('" . $date . "','%m/%d/%Y')" . ",card_used = \"" . mydb::cxn()->real_escape_string($_POST['card_used']) . "\"" . ",added_by = \"" . $_POST['added_by'] . "\"" . $priority . " WHERE requisitions.id = " . mydb::cxn()->real_escape_string($_POST['id']); } else { $query = "UPDATE requisitions " . "SET vendor_info = \"" . $_POST['vendor_info'] . "\"" . ",description = \"" . $_POST['description'] . "\"" . ",amount = " . $amount . ",date = str_to_date('" . $date . "','%m/%d/%Y')" . ",card_used = \"" . $_POST['card_used'] . "\"" . ",added_by = \"" . $_POST['added_by'] . "\"" . $priority . " WHERE requisitions.id = " . $_POST['id']; } $result = mydb::cxn()->query($query); if (mydb::cxn()->error != "") { throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error); } $requisition_id = mydb::cxn()->real_escape_string($_POST['id']); // Delete existing itemized entries to make room for the new POST'ed entries // Make this section transactional.... $result = mydb::cxn()->query("DELETE FROM requisitions_split WHERE requisition_id = " . $requisition_id); } //Ensure that at least 1 split line gets stored, even if the dollar-amount is blank if (trim($_POST['amount_1']) == "" || !is_numeric($_POST['amount_1']) || is_null($_POST['amount_1'])) { $_POST['amount_1'] = "0.0"; } for ($i = 1; $i <= $_SESSION['split_qty']; $i++) { if ($_POST['amount_' . $i] != '') { $query = "INSERT INTO requisitions_split (requisition_id, s_number, charge_code, override, amount, received, reconciled, comments) " . "VALUES (" . $requisition_id . ",\"" . mydb::cxn()->real_escape_string(strtoupper($_POST['s_number_' . $i])) . "\",\"" . mydb::cxn()->real_escape_string(strtoupper($_POST['charge_code_' . $i])) . "\",\"" . mydb::cxn()->real_escape_string($_POST['override_' . $i]) . "\"," . number_format(mydb::cxn()->real_escape_string($_POST['amount_' . $i]), 2, '.', '') . ",\"" . mydb::cxn()->real_escape_string($_POST['split_received_' . $i]) . "\",\"" . mydb::cxn()->real_escape_string($_POST['split_reconciled_' . $i]) . "\",\"" . mydb::cxn()->real_escape_string($_POST['split_comments_' . $i]) . "\")"; //echo $query; $result = mydb::cxn()->query($query); if (mydb::cxn()->error != "") { // If an error occurs, rollback this entire transaction /* mydb::cxn()->query("DELETE FROM requisitions WHERE id = ".$requisition_id); mydb::cxn()->query("DELETE FROM requisitions_split WHERE requisition_id = ".$requisition_id); */ throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error); } } } for ($i = 1; $i <= 3; $i++) { if ($_FILES['uploadedfile' . $i]['name'] != "") { $status = check_uploaded_file($_FILES['uploadedfile' . $i]); //$status = array('success','desc'); if (!$status['success']) { /*Bad form data - don't add to database... $status['desc'] holds the explanation already */ } else { $targets = format_filename($requisition_id, $i, $_FILES['uploadedfile' . $i]); $target_path = $targets['base'] . $targets['filename']; if (!@move_uploaded_file($_FILES['uploadedfile' . $i]['tmp_name'], $target_path)) { throw new Exception('The file attachment couldn\'t be saved! Please check the file format and filesize.'); } else { // File successfully uploaded, now update entry in the database $query = "UPDATE requisitions SET attachment" . $i . " = \"" . $target_path . "\" WHERE id = " . $requisition_id; $result = mydb::cxn()->query($query); if (mydb::cxn()->error != "") { throw new Exception("File attachment #" . $i . " could not be saved, but the requisition information was saved successfully.<br />\n" . mydb::cxn()->error); } } } } //END if($_FILES['uploadedfile']['name'] != "") } //END for($i=1;$i<=3;$i++) $_SESSION['form_memory']['requisition'] = array(); mydb::cxn()->commit(); mydb::cxn()->autocommit(TRUE); } catch (Exception $e) { mydb::cxn()->rollback(); mydb::cxn()->autocommit(TRUE); throw new Exception($e->getMessage()); } return; }
/** * Function upload_vdo * PURPOSE: upload & rename Videos * * $field_name = file name * $up_loc = upload location for the file. Like '../img/clients' * $img_title = File Title (mainly used for errors) * $insert_name_part = Insert Part in File Name at the end (forexample '_t1') */ function upload_vdo($field_name, $up_loc, $img_title, $insert_name_part = '', $error_sess_name = 'CUSA_MSG_GLOBAL', $array_index = 0) { global $_FILES, $_SESSION; $new_c_image = ''; if (isset($_FILES[$field_name]) && @is_array($_FILES[$field_name]) && @is_array($_FILES[$field_name]['tmp_name'])) { $tmp_name = @$_FILES[$field_name]['tmp_name'][$array_index]; $name = @$_FILES[$field_name]['name'][$array_index]; } else { $tmp_name = @$_FILES[$field_name]['tmp_name']; $name = @$_FILES[$field_name]['name']; } if (is_uploaded_file($tmp_name)) { $t1 = explode('.', format_str(format_filename($name))); $t1[0] = substr($t1[0], 0, 10); if ($array_index == 0) { $tmx = time(); $tmx = substr($tmx, 0, strlen($tmx) - 2); } else { $tmx = str_replace('.', '_', microtime(true)); } $new_c_image = strtolower($t1[0]) . '_' . $tmx . $insert_name_part . '.' . strtolower($t1[count($t1) - 1]); $ret = false; $ret = move_uploaded_file($tmp_name, $up_loc . $new_c_image); if ($ret === false) { $new_c_image = ''; $dname = format_str($name); $_SESSION[$error_sess_name] = array(false, "ERROR saving {$img_title} ({$dname})!"); } else { //$new_c_image.= '.'.strtolower($t1[count($t1)-1]); } } return $new_c_image; }
</tr> <tr> <td></td> <td><input type="checkbox" class="checkbox" id="new_greyscale" name="new_greyscale" /><label for="new_greyscale"><?php echo $lng['form_greyscale']; ?></label></td> </tr> </table> </fieldset> <input type="submit" id="insert" value="<?php echo $lng['form_submit']; ?>" /> </form> <?php //create directory and show results if(isset($_GET['newdir'])) { $new_title = format_filename($_GET['newdir']); if(!is_dir($_GET['viewdir'] . '/' . $new_title)) { if(mkdir($_GET['viewdir'] . '/' . $new_title, 0777)) { echo '<p class="successful">"' . $new_title . '"' . $lng['message_created_folder'] . '</p>'; } else { echo '<p class="failed">' . $lng['message_cannot_create'] . '"' . $new_title . '"!<br />' . $lng['message_cannot_write'] . '</p>'; } } else { echo '<p class="failed">' . $lng['message_cannot_create'] . '"' . $new_title . '"!<br />' . $lng['message_exists'] . '</p>'; } } //remove unnecessary files if(isset($_GET['deletefile'])) { if(!file_exists($_GET['viewdir'] . '/' . $_GET['deletefile'])) { echo '<p class="failed">' . $lng['message_cannot_delete_nonexist'] . '</p>';