<body> <?php require '../include/user_search_options.inc'; ?> <div id="content"> <br /> <br /> <br /> <?php $file_problem = false; if (isset($_POST['submit'])) { if ($_FILES['csvfile']['name'] != 'none' and $_FILES['csvfile']['name'] != '') { if (!move_uploaded_file($_FILES['csvfile']['tmp_name'], $configObject->get('cfg_tmpdir') . $userObject->get_user_ID() . "_cohort_update.csv")) { echo uploadError($_FILES['csvfile']['error']); exit; } else { ?> <br /><br /><br /> <table class="dialog_border" style="width:600px"> <tr> <td class="dialog_header"><img src="../artwork/modules_icon.png" width="48" height="48" alt="Icon" /> <?php echo $string['importmodules']; ?> </td> </tr> <tr> <td class="dialog_body"> <?php
function processUpload() { global $mysqli; $compo = intval($_POST["compo"]); if (isset($_POST["token"]) && $_POST["token"] > 0) { // Remove upload token $stmt = $mysqli->prepare('DELETE FROM `uploading` WHERE `idupload` = ? AND `author` = ? AND `idcompo` = ? ') or die('query failed'); $stmt->bind_param('isi', intval($_POST["token"]), $_POST["author"], $compo); $stmt->execute() or die('query failed'); } $result = $mysqli->query("SELECT * FROM `compos` WHERE (`idcompo` = {$compo}) AND (`active` != 0)") or die('query failed'); $isClosed = $result->num_rows == 0; $result->free(); if ($isClosed) { uploadError("Sorry, but uploading for this compo is closed."); return; } if ($_POST["author"] == "") { uploadError("You forgot to enter your name!"); return; } else { if ($_FILES['userfile']['size'] > MAX_UPLOAD_SIZE || $_FILES['userfile']['error'] === UPLOAD_ERR_INI_SIZE) { uploadError("Your <s>penis</s> file is too big!"); return; } else { if ($_FILES['userfile']['size'] < 100) { uploadError("Your <s>penis</s> file is too small!"); return; } } } setcookie("author", $_POST["author"], time() + 60 * 60 * 24 * 365, "/"); $arc = new ArchiveFile(UPLOAD_DIR . $compo); if ($arc->Open() === FALSE) { echo "<p>Can't update the pack, please contact the technical support!</p>"; return; } $safeName = safeFilename($_FILES['userfile']['name']); $lastDot = strrpos($safeName, '.'); if (strlen($safeName) <= MAX_FILENAME_LENGTH || $lastDot === FALSE) { $db_filename = substr($safeName, 0, MAX_FILENAME_LENGTH); } else { // Need to trim filename $extension = substr($safeName, $lastDot); $db_filename = substr($safeName, 0, MAX_FILENAME_LENGTH - strlen($extension)) . $extension; } // Get mod title $modTitle = getModTitle($_FILES['userfile']['tmp_name'], $db_filename); $insert = TRUE; // duplicate filename? $stmt = $mysqli->prepare('SELECT * FROM `entries` WHERE (`idcompo` = ?) AND (`filename` = ?)') or die('query failed'); $stmt->bind_param('is', $compo, $db_filename); $stmt->execute() or die('query failed'); $result = $stmt->get_result(); if ($result->num_rows > 0) { $row = $result->fetch_assoc(); //if(isset($_SESSION["upload-" . $row["identry"]]) && $_SESSION["upload-" . $row["identry"]] == $_POST["author"]) if ($row["author"] == $_POST["author"]) { // replace file $entryID = $row["identry"]; $stmtRep = $mysqli->prepare('UPDATE `entries` SET `title` = ?, `altered` = 1, `date` = CURRENT_TIMESTAMP WHERE `identry` = ?') or die('query failed'); $stmtRep->bind_param('si', $modTitle, $entryID); $stmtRep->execute() or die('query failed'); $stmtRep->close(); @unlink(UPLOAD_DIR . $entryID); $arc->PrepareReplace($db_filename); $insert = FALSE; } else { // this is not ours, invent new filename $db_filename = substr(dechex(mt_rand(0, 255)) . '-' . $db_filename, 0, MAX_FILENAME_LENGTH); } } $result->free(); $stmt->close(); if ($insert) { $stmt = $mysqli->prepare('INSERT INTO `entries` (`author`, `filename`, `title`, `idcompo`, `altered`) VALUES (?, ?, ?, ?, 0)') or die('query failed'); $stmt->bind_param('sssi', $_POST["author"], $db_filename, $modTitle, $compo); $stmt->execute() or die('query failed'); $entryID = $stmt->insert_id; $stmt->close(); } $_SESSION["upload-{$entryID}"] = $_POST["author"]; $_SESSION["compo-{$compo}"] = TRUE; if (move_uploaded_file($_FILES['userfile']['tmp_name'], UPLOAD_DIR . $db_filename)) { $arc->Add(UPLOAD_DIR . $db_filename); $arc->Close(); @unlink(UPLOAD_DIR . $db_filename); echo '<h2>...go!</h2>'; if ($insert) { echo '<p>OK, ', htmlspecialchars($_POST["author"]), ', all done. Good luck!</p>'; } else { echo '<p>OK, ', htmlspecialchars($_POST["author"]), ', your file has been <strong>updated</strong>. Good luck!</p>'; } echo '<p>If you need to replace your file, upload it using exactly the same file name (', htmlspecialchars($db_filename), ') and handle (', htmlspecialchars($_POST["author"]), ') as this one.</p>'; } else { $arc->Close(); uploadError("Captain, the machinery failed! Please contact the technical support!"); return; } }
* * @author Simon Wilkinson * @version 1.0 * @copyright Copyright (c) 2014 The University of Nottingham * @package */ require '../include/staff_auth.inc'; require '../include/errors.inc'; ini_set("auto_detect_line_endings", true); $modID = check_var('module', 'REQUEST', true, false, true); if (isset($_POST['submit'])) { $session = $_POST['session']; $session_flag = false; if ($_FILES['txtfile']['name'] != 'none' and $_FILES['txtfile']['name'] != '') { if (!move_uploaded_file($_FILES['txtfile']['tmp_name'], $configObject->get('cfg_tmpdir') . $userObject->get_user_ID() . '_load_objectives.txt')) { echo uploadError($_FILES['txtfile']['error']); exit; } else { $result = $mysqli->prepare("SELECT MAX(obj_id) AS largest FROM objectives"); $result->execute(); $result->bind_result($largest); $i = 0; while ($result->fetch()) { $obj_id = $largest + 1; } if ($obj_id < 10) { $obj_id = 123; } $result->close(); $identifier = 0; $result = $mysqli->prepare("SELECT MAX(identifier) AS largest FROM sessions");
/** * IMPORT: Loads a ZIP file, parses and adds contents to the database. */ public function import($paperID = 0) { if ($paperID != 0) { $this->properties = PaperProperties::get_paper_properties_by_id($paperID, $this->db, $this->string); } $this->logger = new Logger($this->db); $this->status_array = QuestionStatus::get_all_statuses_by_name($this->db, $this->string); $this->get_keyword_ids(); $this->zip_filename = $this->userID . '_raf.zip'; $tmp_path = $this->configObj->get('cfg_tmpdir'); if (!move_uploaded_file($_FILES['raffile']['tmp_name'], $tmp_path . $this->zip_filename)) { echo uploadError($_FILES['raffile']['error']); exit; } $dest_dir = $tmp_path . $this->userID; if (!file_exists($dest_dir)) { mkdir($dest_dir, 0700); } $zip = new ZipArchive(); if ($zip->open($tmp_path . $this->zip_filename) === TRUE) { $zip->extractTo($dest_dir); if (file_exists($dest_dir . '/raf.json')) { $this->data = file_get_contents($dest_dir . '/raf.json'); } else { $zip->close(); $msg = sprintf($this->string['furtherassistance'], $this->configObj->get('support_email'), $this->configObj->get('support_email')); $this->notice->display_notice_and_exit($this->db, $this->string['invalidraf'], $msg, $this->string['invalidraf'], '../artwork/exclamation_48.png', '#C00000', true, true); } $this->copy_images($dest_dir, $tmp_path); $this->load_raf_data(); unlink($dest_dir . '/raf.json'); $zip->close(); } else { $msg = sprintf($this->string['furtherassistance'], $this->configObj->get('support_email'), $this->configObj->get('support_email')); $this->notice->display_notice_and_exit($this->db, $this->string['invalidzip'], $msg, $this->string['invalidzip'], '../artwork/exclamation_48.png', '#C00000', true, true); } }