Example #1
0
function formProcess_bl($option)
{
    $errorText = '';
    if (!check_csrf_token()) {
        zamgerlog("csrf token nije dobar", 3);
        zamgerlog2("csrf token nije dobar");
        return "Poslani podaci nisu ispravni. Vratite se nazad, ponovo popunite formu i kliknite na dugme Pošalji";
    }
    if (!in_array($option, array('add', 'edit'))) {
        $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
        return $errorText;
    }
    $id = intval($_REQUEST['id']);
    if ($option == 'edit' && $id <= 0) {
        $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
        zamgerlog("pokusao urediti nepostojeci clanak {$id}, projekat {$projekat} (pp{$predmet})", 3);
        zamgerlog2("pokusao urediti nepostojeci clanak", $id, $projekat);
        return $errorText;
    }
    //get variables
    $naslov = $_REQUEST['naslov'];
    $tekst = $_REQUEST['tekst'];
    $slika = $_FILES['image'];
    $projekat = intval($_REQUEST['projekat']);
    $predmet = intval($_REQUEST['predmet']);
    global $userid;
    if (empty($naslov)) {
        $errorText = 'Unesite sva obavezna polja.';
        return $errorText;
    }
    $naslov = trim($naslov);
    $tekst = trim($tekst);
    //process image
    if ($option == 'edit') {
        $entry = getArticle($id);
    }
    global $conf_files_path;
    $lokacijaclanaka = "{$conf_files_path}/projekti/clanci/{$projekat}/{$userid}/";
    if (!file_exists("{$conf_files_path}/projekti/clanci/{$projekat}")) {
        mkdir("{$conf_files_path}/projekti/clanci/{$projekat}", 0777, true);
    }
    if (!file_exists($lokacijaclanaka)) {
        mkdir($lokacijaclanaka, 0777, true);
    }
    if ($slika['error'] != 4) {
        //cannot delete original image and preplace it with the new image so check this also
        if (isset($_REQUEST['delete'])) {
            $errorText .= 'Selektujte ili brisanje slike, ili zamjena slike, ne oboje!';
            return $errorText;
        }
        //adding or replacing image - depends on the $option parameter(add, edit)
        if ($slika['error'] > 0) {
            if ($slika['error'] == 1 || $slika['error'] == 2) {
                $errorText .= 'Pokušavate poslati fajl koji je veci od dozvoljene velicine. Probajte sa manjim fajlom.<br />';
            } else {
                $errorText .= 'Vaš fajl nije poslan korektno. Molimo pokušajte ponovo.<br />';
            }
            return $errorText;
        } else {
            //No error occured so far
            $uploadDir = $lokacijaclanaka;
            # Go to all lower case for consistency
            $imageName = strtolower($slika["name"]);
            $extension = preg_replace('/.+(\\..*)$/', '$1', $imageName);
            $safeExtensions = array('.jpg', '.jpeg', '.gif', '.png');
            if (!in_array($extension, $safeExtensions)) {
                $errorText .= 'Format slike nije dozvoljen. <br />';
                return $errorText;
            }
            if (getimagesize($slika['tmp_name']) == false) {
                $errorText .= 'Format slike nije dozvoljen. <br />';
                return $errorText;
            }
            //final file name
            if ($option == 'add') {
                $uniqueID = date('YmdHis', time());
                $uploadFile = $uniqueID . "{$userid}" . $extension;
            } else {
                if ($entry['slika'] == '') {
                    $uniqueID = date('YmdHis', time());
                    $uploadFile = $uniqueID . "{$userid}" . $extension;
                } else {
                    $uploadFile = $entry['slika'];
                }
            }
            if (move_uploaded_file($slika['tmp_name'], $uploadDir . $uploadFile)) {
                //transfered a file to upload directory from temp dir
                //if edit option REPLACING the old image (overwrite)
                chmod($uploadDir . $uploadFile, 0777);
            } else {
                $errorText .= 'Desila se greška prilikom uploada slike. Molimo kontaktirajte administratora.<br />';
                return $errorText;
            }
            //else
        }
        //else
    }
    //if ($_FILES['slika']['error'] != 4)
    if ($option == 'add') {
        if ($slika['error'] != 4) {
            $imageURL = $uploadFile;
        } else {
            $imageURL = '';
        }
    } else {
        if ($entry['slika'] == '') {
            $imageURL = $uploadFile;
        } else {
            if (isset($_REQUEST['delete'])) {
                //delete image from server
                unlink($lokacijaclanaka . $entry['slika']);
                //reset image in the database
                $imageURL = '';
            } else {
                $imageURL = $entry['slika'];
            }
        }
    }
    $data = array('naslov' => $naslov, 'tekst' => $tekst, 'slika' => $imageURL, 'osoba' => $userid, 'projekat' => $projekat);
    if ($option == 'add') {
        if (!insertArticle($data)) {
            $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
            return $errorText;
        }
    } else {
        if (!updateArticle($data, $id)) {
            $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
            return $errorText;
        }
    }
    //option == edit
    return $errorText;
}
Example #2
0
     videoDistributors();
     break;
 case 'video_new':
     videoPremiere();
     break;
 case 'dvddistr':
     dvdDistributors();
     break;
 case 'dvd_new':
     dvdPremiere();
     break;
 case 'usa_new':
     usaPremiere();
     break;
 case 'add_article':
     insertArticle();
     break;
 case 'articles':
     manageArticles();
     break;
 case 'logout':
     adminLogout();
     break;
 case 'backup':
     setBackup();
     break;
 case 'password':
     adminPassword();
     break;
 case 'opt':
     break;
Example #3
0
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
include_once 'commons.php';
include_once 'db.php';
include_once 'log.php';
if ($_SERVER["REQUEST_METHOD"] == "GET") {
    return getArticles();
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
    $json = file_get_contents('php://input');
    $data = json_decode($json, true);
    var_dump($data);
    $tinyurl = "";
    if (!empty($data["link"])) {
        get_tiny_url($data["link"]);
    }
    return insertArticle($data["title"], $data["body"], $tinyurl);
} elseif ($_SERVER["REQUEST_METHOD"] == "DELETE") {
    $json = file_get_contents('php://input');
    $data = json_decode($json, true);
    $articleID = $data["articleId"];
    if (empty($articleID)) {
        return;
    }
    deleteArticle($articleID);
    log_info("Delete Article: " . $articleID);
} else {
    error("unknown verb");
}
//Functions
//gets the data from a URL
function get_tiny_url($url)