/**
* Upload a file
* Does filename sanitizing as well as MIME-type determination
* Also adds the file to the database using add_file()
*
* @param string $fname Name of the HTML form field POSTed from
* @param string $ziel Destination directory
* @param int $project Project ID of the associated project
* @return bool
*/
function upload($fname, $ziel, $project, $folder = 0)
{
$name = $_FILES[$fname]['name'];
$typ = $_FILES[$fname]['type'];
$size = $_FILES[$fname]['size'];
$tmp_name = $_FILES[$fname]['tmp_name'];
$tstr = $fname . "-title";
$tastr = $fname . "-tags";
$visible = $_POST["visible"];
if (!empty($visible[0])) {
$visstr = serialize($visible);
} else {
$visstr = "";
}
$title = $_POST[$tstr];
$tags = $_POST[$tastr];
$error = $_FILES[$fname]['error'];
$root = CL_ROOT;
if (empty($name)) {
return false;
}
$desc = $_POST['desc'];
$tagobj = new tags();
$tags = $tagobj->formatInputTags($tags);
// find the extension
$teilnamen = explode(".", $name);
$teile = count($teilnamen);
$workteile = $teile - 1;
$erweiterung = $teilnamen[$workteile];
$subname = "";
// if its a php file, treat it as plaintext so its not executed when opened in the browser.
if (stristr($erweiterung, "php")) {
$erweiterung = "txt";
$typ = "text/plain";
}
for ($i = 0; $i < $workteile; $i++) {
$subname .= $teilnamen[$i];
}
$randval = mt_rand(1, 99999);
// only allow a-z , 0-9 in filenames, substitute other chars with _
$subname = str_replace("ä", "ae", $subname);
$subname = str_replace("ö", "oe", $subname);
$subname = str_replace("ü", "ue", $subname);
$subname = str_replace("ß", "ss", $subname);
$subname = preg_replace("/[^-_0-9a-zA-Z]/", "_", $subname);
// remove whitespace
$subname = preg_replace("/\\W/", "", $subname);
// if filename is longer than 200 chars, cut it.
if (strlen($subname) > 200) {
$subname = substr($subname, 0, 200);
}
$name = $subname . "_" . $randval . "." . $erweiterung;
$datei_final = $root . "/" . $ziel . "/" . $name;
$datei_final2 = $ziel . "/" . $name;
if (!file_exists($datei_final)) {
if (move_uploaded_file($tmp_name, $datei_final)) {
// $filesize = filesize($datei_final);
if ($project > 0) {
/**
* file did not already exist, was uploaded, and a project is set
* add the file to the database, add the upload event to the log and return the file ID.
*/
chmod($datei_final, 0755);
$fid = $this->add_file($name, $desc, $project, 0, "{$tags}", $datei_final2, "{$typ}", $title, $folder, $visstr);
if (!empty($title)) {
$this->mylog->add($title, 'file', 1, $project);
} else {
$this->mylog->add($name, 'file', 1, $project);
}
return $fid;
} else {
// no project means the file is not added to the database wilfully. return file name.
return $name;
}
} else {
// file was not uploaded / error occured. return false
return false;
}
} else {
// file already exists. return false
return false;
}
}
$template->assign("title", $title);
$template->assign("file", $file);
$template->assign("projectname", $projectname);
$template->display("editfileform.tpl");
} elseif ($action == "edit") {
if (!$userpermissions["files"]["edit"]) {
$errtxt = $langfile["nopermission"];
$noperm = $langfile["accessdenied"];
$template->assign("errortext", "<h2>$errtxt</h2><br>$noperm");
$template->display("error.tpl");
die();
}
$tagobj = new tags();
$tags = $tagobj->formatInputTags($tags);
if ($myfile->edit($thisfile, $title, $desc, $tags)) {
$loc = $url .= "managefile.php?action=showproject&id=$id&mode=edited";
header("Location: $loc");
}
} elseif ($action == "delete") {
if (!$userpermissions["files"]["del"]) {
$errtxt = $langfile["nopermission"];
$noperm = $langfile["accessdenied"];
$template->assign("errortext", "<h2>$errtxt</h2><br>$noperm");
$template->display("error.tpl");
die();
}
if ($myfile->loeschen($thisfile)) {
echo "ok";
}
$fin = array("val" => $lang, "str" => $lang2);
}
array_push($languages_fin, $fin);
}
$template->assign("languages_fin", $languages_fin);
$user = $user->getProfile($id);
$roleobj = (object) new roles();
$roles = $roleobj->getAllRoles();
$title = $langfile['useradministration'];
$template->assign("title", $title);
$template->assign("user", $user);
$template->assign("roles", $roles);
$template->display("edituseradminform.tpl");
} elseif ($action == "edituser") {
$thetag = new tags();
$tags = $thetag->formatInputTags($tags);
$roleobj = new roles();
$roleobj->assign($role, $id);
if ($id == $userid) {
$_SESSION['userlocale'] = $locale;
$_SESSION['username'] = $name;
}
if (!isset($isadmin)) {
$isadmin = 1;
}
// Upload of avatar
if (!empty($_FILES['userfile']['name'])) {
$fname = $_FILES['userfile']['name'];
$typ = $_FILES['userfile']['type'];
$size = $_FILES['userfile']['size'];
$tmp_name = $_FILES['userfile']['tmp_name'];
