$_FILES["submission"]["tmp_name"] = $tempfilename;
$_FILES["submission"]["name"] = "textfile.txt";
$_FILES["submission"]["type"] = "text/plain";
$_FILES["submission"]["simple_move"] = true;
if (checkUploadedFile("thumb") == _UPL_NO_FILE) {
$thumbfilename = applyIdToPath("files/thumbs/", $objData["objid"]) . "-" . preg_replace('/[^0-9]/', "", $objData["objLastEdit"]) . ".jpg";
$_FILES["thumb"]["error"] = UPLOAD_ERR_OK;
$_FILES["thumb"]["tmp_name"] = $thumbfilename;
$_FILES["thumb"]["name"] = "thumbnail.jpg";
$_FILES["thumb"]["type"] = "image/jpeg";
$_FILES["thumb"]["simple_move"] = true;
}
}
if (isset($_POST["submit"])) {
$uploadError = checkUploadedFile("submission");
$uploadErrorThumb = checkUploadedFile("thumb");
if (($uploadError == "" || $uploadError == _UPL_NO_FILE) && ($uploadErrorThumb == "" || $uploadErrorThumb == _UPL_NO_FILE)) {
if (submitImage($objid, $uploadError == _UPL_NO_FILE ? "" : "submission", $uploadErrorThumb == _UPL_NO_FILE ? "" : "thumb", $uploadErrorThumb, $imageChanged)) {
if ($imageChanged) {
if (isset($_POST["sendNotification"]) && $_POST["sendNotification"]) {
function notifyClubWatchers($objCreator, $objid, $clubField)
{
global $_objects;
// If this submission is going into some club, notify the club's watchers.
$result = sql_query("SELECT `objForClub` FROM {$_objects} WHERE `objid` = '{$objid}' LIMIT 1");
$forClub = mysql_result($result, 0);
// Notify the watchers.
addArtUpdateToWatchers($objCreator, $objid, $forClub);
}
notifyClubWatchers($objData["objCreator"], $objid, "objForClub");
notifyClubWatchers($objData["objCreator"], $objid, "objForClub2");
/**
* Upload config image
*/
function procLayoutAdminConfigImageUpload()
{
$layoutSrl = Context::get('layout_srl');
$name = Context::get('name');
$img = Context::get('img');
$this->setTemplatePath($this->module_path . 'tpl');
$this->setTemplateFile("after_upload_config_image.html");
if (!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']) || !checkUploadedFile($img['tmp_name'])) {
Context::set('msg', Context::getLang('upload failed'));
return;
}
if (!preg_match('/\\.(jpg|jpeg|gif|png|swf)$/i', $img['name'])) {
Context::set('msg', Context::getLang('msg_layout_image_target'));
return;
}
$path = sprintf('./files/attach/images/%s/', $layoutSrl);
$tmpPath = $path . 'tmp/';
if (!FileHandler::makeDir($tmpPath)) {
Context::set('msg', Context::getLang('make directory failed'));
return;
}
$ext = substr(strrchr($img['name'], '.'), 1);
$_fileName = md5(crypt(rand(1000000, 900000), rand(0, 100))) . '.' . $ext;
$fileName = $path . $_fileName;
$tmpFileName = $tmpPath . $_fileName;
if (!move_uploaded_file($img['tmp_name'], $tmpFileName)) {
Context::set('msg', Context::getLang('move file failed'));
return;
}
Context::set('name', $name);
Context::set('fileName', $fileName);
Context::set('tmpFileName', $tmpFileName);
}
/**
* Insert a image mark
*
* @param int $member_srl
* @param object $target_file
*
* @return void
*/
function insertImageMark($member_srl, $target_file)
{
// Check uploaded file
if (!checkUploadedFile($target_file)) {
return;
}
$oModuleModel = getModel('module');
$config = $oModuleModel->getModuleConfig('member');
// Get an image size
$max_width = $config->image_mark_max_width;
if (!$max_width) {
$max_width = "20";
}
$max_height = $config->image_mark_max_height;
if (!$max_height) {
$max_height = "20";
}
$target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($member_srl));
FileHandler::makeDir($target_path);
$target_filename = sprintf('%s%d.gif', $target_path, $member_srl);
// Get file information
list($width, $height, $type, $attrs) = @getimagesize($target_file);
if ($width > $max_width || $height > $max_height || $type != 1) {
FileHandler::createImageFile($target_file, $target_filename, $max_width, $max_height, 'gif');
} else {
@copy($target_file, $target_filename);
}
}
/**
* All RSS feeds configurations
*
* @return void
*/
function procRssAdminInsertConfig()
{
$oModuleModel = getModel('module');
$total_config = $oModuleModel->getModuleConfig('rss');
$config_vars = Context::getRequestVars();
$config_vars->feed_document_count = (int) $config_vars->feed_document_count;
if (!$config_vars->use_total_feed) {
$alt_message = 'msg_invalid_request';
}
if (!in_array($config_vars->use_total_feed, array('Y', 'N'))) {
$config_vars->open_rss = 'Y';
}
if ($config_vars->image || $config_vars->del_image) {
$image_obj = $config_vars->image;
$config_vars->image = $total_config->image;
// Get a variable for the delete request
if ($config_vars->del_image == 'Y' || $image_obj) {
FileHandler::removeFile($config_vars->image);
$config_vars->image = '';
$total_config->image = '';
}
// Ignore if the file is not the one which has been successfully uploaded
if ($image_obj['tmp_name'] && is_uploaded_file($image_obj['tmp_name']) && checkUploadedFile($image_obj['tmp_name'])) {
// Ignore if the file is not an image (swf is accepted ~)
$image_obj['name'] = Context::convertEncodingStr($image_obj['name']);
if (!preg_match("/\\.(jpg|jpeg|gif|png)\$/i", $image_obj['name'])) {
$alt_message = 'msg_rss_invalid_image_format';
} else {
// Upload the file to a path
$path = './files/attach/images/rss/';
// Create a directory
if (!FileHandler::makeDir($path)) {
$alt_message = 'msg_error_occured';
} else {
$filename = $path . $image_obj['name'];
// Move the file
if (!move_uploaded_file($image_obj['tmp_name'], $filename)) {
$alt_message = 'msg_error_occured';
} else {
$config_vars->image = $filename;
}
}
}
}
}
if (!$config_vars->image && $config_vars->del_image != 'Y') {
$config_vars->image = $total_config->image;
}
$output = $this->setFeedConfig($config_vars);
if (!$alt_message) {
$alt_message = 'success_updated';
}
$alt_message = Context::getLang($alt_message);
$this->setMessage($alt_message, 'info');
//$this->setLayoutPath('./common/tpl');
//$this->setLayoutFile('default_layout.html');
//$this->setTemplatePath($this->module_path.'tpl');
//$this->setTemplateFile("top_refresh.html");
$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'module', 'admin', 'act', 'dispRssAdminIndex');
$this->setRedirectUrl($returnUrl);
}
/**
* Save the skin information
*
* @return mixed
*/
function procIntegration_searchAdminInsertSkin()
{
// Get configurations (using module model object)
$oModuleModel = getModel('module');
$config = $oModuleModel->getModuleConfig('integration_search');
$args->skin = $config->skin;
$args->target_module_srl = $config->target_module_srl;
// Get skin information (to check extra_vars)
$skin_info = $oModuleModel->loadSkinInfo($this->module_path, $config->skin);
// Check received variables (delete the basic variables such as mo, act, module_srl, page)
$obj = Context::getRequestVars();
unset($obj->act);
unset($obj->module_srl);
unset($obj->page);
// Separately handle if the extra_vars is an image type in the original skin_info
if ($skin_info->extra_vars) {
foreach ($skin_info->extra_vars as $vars) {
if ($vars->type != 'image') {
continue;
}
$image_obj = $obj->{$vars->name};
// Get a variable on a request to delete
$del_var = $obj->{"del_" . $vars->name};
unset($obj->{"del_" . $vars->name});
if ($del_var == 'Y') {
FileHandler::removeFile($module_info->{$vars->name});
continue;
}
// Use the previous data if not uploaded
if (!$image_obj['tmp_name']) {
$obj->{$vars->name} = $module_info->{$vars->name};
continue;
}
// Ignore if the file is not successfully uploaded, and check uploaded file
if (!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name'])) {
unset($obj->{$vars->name});
continue;
}
// Ignore if the file is not an image
if (!preg_match("/\\.(jpg|jpeg|gif|png)\$/i", $image_obj['name'])) {
unset($obj->{$vars->name});
continue;
}
// Upload the file to a path
$path = sprintf("./files/attach/images/%s/", $module_srl);
// Create a directory
if (!FileHandler::makeDir($path)) {
return false;
}
$filename = $path . $image_obj['name'];
// Move the file
if (!move_uploaded_file($image_obj['tmp_name'], $filename)) {
unset($obj->{$vars->name});
continue;
}
// Change a variable
unset($obj->{$vars->name});
$obj->{$vars->name} = $filename;
}
}
// Serialize and save
$args->skin_vars = serialize($obj);
$oModuleController = getController('module');
$output = $oModuleController->insertModuleConfig('integration_search', $args);
$this->setMessage('success_updated', 'info');
$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'module', 'admin', 'act', 'dispIntegration_searchAdminSkinInfo');
return $this->setRedirectUrl($returnUrl, $output);
}
/**
* Register a menu image button
* @param object $args
* @return array
*/
function _uploadButton($args)
{
// path setting
$path = sprintf('./files/attach/menu_button/%d/', $args->menu_srl);
if ($args->menu_normal_btn || $args->menu_hover_btn || $args->menu_active_btn && !is_dir($path)) {
FileHandler::makeDir($path);
}
if ($args->isNormalDelete == 'Y' || $args->isHoverDelete == 'Y' || $args->isActiveDelete == 'Y') {
$oMenuModel = getAdminModel('menu');
$itemInfo = $oMenuModel->getMenuItemInfo($args->menu_item_srl);
if ($args->isNormalDelete == 'Y' && $itemInfo->normal_btn) {
FileHandler::removeFile($itemInfo->normal_btn);
}
if ($args->isHoverDelete == 'Y' && $itemInfo->hover_btn) {
FileHandler::removeFile($itemInfo->hover_btn);
}
if ($args->isActiveDelete == 'Y' && $itemInfo->active_btn) {
FileHandler::removeFile($itemInfo->active_btn);
}
}
$returnArray = array();
$date = date('YmdHis');
// normal button
if ($args->menu_normal_btn) {
$tmp_arr = explode('.', $args->menu_normal_btn['name']);
$ext = $tmp_arr[count($tmp_arr) - 1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_normal_btn', $ext);
if (checkUploadedFile($args->menu_normal_btn['tmp_name'])) {
move_uploaded_file($args->menu_normal_btn['tmp_name'], $filename);
$returnArray['normal_btn'] = $filename;
}
}
// hover button
if ($args->menu_hover_btn) {
$tmp_arr = explode('.', $args->menu_hover_btn['name']);
$ext = $tmp_arr[count($tmp_arr) - 1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_hover_btn', $ext);
if (checkUploadedFile($args->menu_hover_btn['tmp_name'])) {
move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename);
$returnArray['hover_btn'] = $filename;
}
}
// active button
if ($args->menu_active_btn) {
$tmp_arr = explode('.', $args->menu_active_btn['name']);
$ext = $tmp_arr[count($tmp_arr) - 1];
$filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_active_btn', $ext);
if (checkUploadedFile($args->menu_active_btn['tmp_name'])) {
move_uploaded_file($args->menu_active_btn['tmp_name'], $filename);
$returnArray['active_btn'] = $filename;
}
}
return $returnArray;
}
/**
* @brief Updating Skins
*/
function procModuleAdminUpdateSkinInfo()
{
// Get information of the module_srl
$module_srl = Context::get('module_srl');
$mode = Context::get('_mode');
$mode = $mode === 'P' ? 'P' : 'M';
$oModuleModel = getModel('module');
$columnList = array('module_srl', 'module', 'skin', 'mskin', 'is_skin_fix', 'is_mskin_fix');
$module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl, $columnList);
if ($module_info->module_srl) {
if ($mode === 'M') {
if ($module_info->is_mskin_fix == 'Y') {
$skin = $module_info->mskin;
} else {
$skin = $oModuleModel->getModuleDefaultSkin($module_info->module, 'M');
}
} else {
if ($module_info->is_skin_fix == 'Y') {
$skin = $module_info->skin;
} else {
$skin = $oModuleModel->getModuleDefaultSkin($module_info->module, 'P');
}
}
// Get skin information (to check extra_vars)
$module_path = _XE_PATH_ . 'modules/' . $module_info->module;
if ($mode === 'M') {
$skin_info = $oModuleModel->loadSkinInfo($module_path, $skin, 'm.skins');
$skin_vars = $oModuleModel->getModuleMobileSkinVars($module_srl);
} else {
$skin_info = $oModuleModel->loadSkinInfo($module_path, $skin);
$skin_vars = $oModuleModel->getModuleSkinVars($module_srl);
}
// Check received variables (unset such variables as act, module_srl, page, mid, module)
$obj = Context::getRequestVars();
unset($obj->act);
unset($obj->error_return_url);
unset($obj->module_srl);
unset($obj->page);
unset($obj->mid);
unset($obj->module);
unset($obj->_mode);
// Separately handle if a type of extra_vars is an image in the original skin_info
if ($skin_info->extra_vars) {
foreach ($skin_info->extra_vars as $vars) {
if ($vars->type != 'image') {
continue;
}
$image_obj = $obj->{$vars->name};
// Get a variable to delete
$del_var = $obj->{"del_" . $vars->name};
unset($obj->{"del_" . $vars->name});
if ($del_var == 'Y') {
FileHandler::removeFile($skin_vars[$vars->name]->value);
continue;
}
// Use the previous data if not uploaded
if (!$image_obj['tmp_name']) {
$obj->{$vars->name} = $skin_vars[$vars->name]->value;
continue;
}
// Ignore if the file is not successfully uploaded
if (!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name'])) {
unset($obj->{$vars->name});
continue;
}
// Ignore if the file is not an image
if (!preg_match("/\\.(jpg|jpeg|gif|png)\$/i", $image_obj['name'])) {
unset($obj->{$vars->name});
continue;
}
// Upload the file to a path
$path = sprintf("./files/attach/images/%s/", $module_srl);
// Create a directory
if (!FileHandler::makeDir($path)) {
return false;
}
$filename = $path . $image_obj['name'];
// Move the file
if (!move_uploaded_file($image_obj['tmp_name'], $filename)) {
unset($obj->{$vars->name});
continue;
}
// Upload the file
FileHandler::removeFile($skin_vars[$vars->name]->value);
// Change a variable
unset($obj->{$vars->name});
$obj->{$vars->name} = $filename;
}
}
// Load the entire skin of the module and then remove the image
/*
if($skin_info->extra_vars) {
foreach($skin_info->extra_vars as $vars) {
if($vars->type!='image') continue;
$value = $skin_vars[$vars->name];
if(file_exists($value)) @unlink($value);
}
}
*/
$oModuleController = getController('module');
if ($mode === 'M') {
$output = $oModuleController->insertModuleMobileSkinVars($module_srl, $obj);
} else {
$output = $oModuleController->insertModuleSkinVars($module_srl, $obj);
}
if (!$output->toBool()) {
return $output;
}
}
$this->setMessage('success_saved');
$this->setRedirectUrl(Context::get('error_return_url'));
}
/**
* @brief Add a file into the file box
*/
function insertModuleFileBox($vars)
{
// set module_filebox_srl
$vars->module_filebox_srl = getNextSequence();
// get file path
$oModuleModel = getModel('module');
$path = $oModuleModel->getModuleFileBoxPath($vars->module_filebox_srl);
FileHandler::makeDir($path);
$save_filename = sprintf('%s%s.%s', $path, $vars->module_filebox_srl, $vars->ext);
$tmp = $vars->addfile['tmp_name'];
// Check uploaded file
if (!checkUploadedFile($tmp)) {
return false;
}
// upload
if (!@move_uploaded_file($tmp, $save_filename)) {
return false;
}
// insert
$args = new stdClass();
$args->module_filebox_srl = $vars->module_filebox_srl;
$args->member_srl = $vars->member_srl;
$args->comment = $vars->comment;
$args->filename = $save_filename;
$args->fileextension = strtolower(substr(strrchr($vars->addfile['name'], '.'), 1));
$args->filesize = $vars->addfile['size'];
$output = executeQuery('module.insertModuleFileBox', $args);
$output->add('save_filename', $save_filename);
return $output;
}
if (is_array($oldFiles) && count($oldFiles) > 0) {
foreach ($oldFiles as $oldFile) {
unlink($oldFile);
// Delete old files
}
}
uploadFile("avatar", $avatarFilename . '-' . time(), $extension);
updateAvatar($_auth["useid"]);
}
}
}
if ($avatarError != "" && $avatarError != _UPL_NO_FILE) {
notice($avatarError);
}
// ID
$idError = checkUploadedFile("id");
if (!$idError) {
$idImageName = $_FILES["id"]["tmp_name"];
} else {
$idImageName = "";
}
if ($idError != "" && $idError != _UPL_NO_FILE) {
notice($idError);
}
// Featured work
$objid = $_POST["useFeaturedObj"];
$objResult = sql_query("SELECT `objid`, `objTitle`, `objExtension`, `objLastEdit` " . "FROM `objects`, `objExtData`" . dbWhere(array("objid" => $objid, "objCreator" => $_auth["useid"], "objEid*" => "objid", "objDeleted" => 0, "objPending" => 0)) . "LIMIT 1");
$featChanged = false;
if ($objData = mysql_fetch_assoc($objResult)) {
$featImageName = applyIdToPath("files/data/", $objid) . "-" . preg_replace('/[^0-9]/', "", $objData["objLastEdit"]) . "." . $objData["objExtension"];
$featImageName2 = applyIdToPath("files/thumbs/", $objid) . "-" . preg_replace('/[^0-9]/', "", $objData["objLastEdit"]) . ".jpg";
function uploadSingleImage($fileVar, $width = 0, $height = 0, $maxFilesize = 0, &$filename, &$errors, $themePath)
{
$error = checkUploadedFile($fileVar);
$lastfile = findNewestFile($themePath . $fileVar . "-*.jpg");
$filenameWithoutExt = $themePath . $fileVar . "-" . time();
$filename = $filenameWithoutExt . ".jpg";
$allowNoFile = false;
if ($lastfile != "") {
$allowNoFile = true;
}
if ($error != "" && $error != _UPL_NO_FILE) {
$errors[$fileVar] = $error;
$filename = $lastfile;
return false;
}
if ($error == _UPL_NO_FILE) {
$filename = $lastfile;
if ($allowNoFile) {
return true;
} else {
$errors[$fileVar] = $error;
return false;
}
}
uploadFile($fileVar, $filenameWithoutExt, $ext);
if ($ext != "jpg") {
$errors[$fileVar] = "Image type must be JPEG";
} else {
if ($maxFilesize != 0 && filesize($filename) > $maxFilesize) {
$errors[$fileVar] = "The image file size must not exceed {$maxFilesize} bytes.";
} else {
$fileinfo = getimagesize($filename);
if ($width != 0 && $fileinfo[0] > $width) {
$errors[$fileVar] = "The image width must be exactly {$width} pixels.";
} else {
if ($height != 0 && $fileinfo[1] > $height) {
$errors[$fileVar] = "The image height must be exactly {$height} pixels.";
}
}
}
}
if (count($errors) > 0) {
if (file_exists($filename)) {
unlink($filename);
}
$filename = $lastfile;
return false;
}
if ($lastfile != "") {
unlink($lastfile);
}
return true;
}
/**
* Add an attachement
*
* <pre>
* This method call trigger 'file.insertFile'.
*
* Before trigger object contains:
* - module_srl
* - upload_target_srl
*
* After trigger object contains:
* - file_srl
* - upload_target_srl
* - module_srl
* - direct_download
* - source_filename
* - uploaded_filename
* - donwload_count
* - file_size
* - comment
* - member_srl
* - sid
* </pre>
*
* @param object $file_info PHP file information array
* @param int $module_srl Sequence of module to upload file
* @param int $upload_target_srl Sequence of target to upload file
* @param int $download_count Initial download count
* @param bool $manual_insert If set true, pass validation check
* @return Object
*/
function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false)
{
// Call a trigger (before)
$trigger_obj = new stdClass();
$trigger_obj->module_srl = $module_srl;
$trigger_obj->upload_target_srl = $upload_target_srl;
$output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
if (!$output->toBool()) {
return $output;
}
// A workaround for Firefox upload bug
if (preg_match('/^=\\?UTF-8\\?B\\?(.+)\\?=$/i', $file_info['name'], $match)) {
$file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
}
if (!$manual_insert) {
// Get the file configurations
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin != 'Y') {
$oFileModel = getModel('file');
$config = $oFileModel->getFileConfig($module_srl);
// check file type
if (isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*') {
$filetypes = explode(';', $config->allowed_filetypes);
$ext = array();
foreach ($filetypes as $item) {
$item = explode('.', $item);
$ext[] = strtolower($item[1]);
}
$uploaded_ext = explode('.', $file_info['name']);
$uploaded_ext = strtolower(array_pop($uploaded_ext));
if (!in_array($uploaded_ext, $ext)) {
return $this->stop('msg_not_allowed_filetype');
}
}
$allowed_filesize = $config->allowed_filesize * 1024 * 1024;
$allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
// An error appears if file size exceeds a limit
if ($allowed_filesize < filesize($file_info['tmp_name'])) {
return new Object(-1, 'msg_exceeds_limit_size');
}
// Get total file size of all attachements (from DB)
$size_args = new stdClass();
$size_args->upload_target_srl = $upload_target_srl;
$output = executeQuery('file.getAttachedFileSize', $size_args);
$attached_size = (int) $output->data->attached_size + filesize($file_info['tmp_name']);
if ($attached_size > $allowed_attach_size) {
return new Object(-1, 'msg_exceeds_limit_size');
}
}
}
// Get random number generator
$random = new Password();
// Set upload path by checking if the attachement is an image or other kinds of file
if (preg_match("/\\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)\$/i", $file_info['name'])) {
// Immediately remove the direct file if it has any kind of extensions for hacking
$file_info['name'] = preg_replace('/\\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x', $file_info['name']);
$file_info['name'] = str_replace(array('<', '>'), array('%3C', '%3E'), $file_info['name']);
$path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
// special character to '_'
// change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
$ext = substr(strrchr($file_info['name'], '.'), 1);
//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
$_filename = $random->createSecureSalt(32, 'hex') . '.' . $ext;
$filename = $path . $_filename;
$idx = 1;
while (file_exists($filename)) {
$filename = $path . preg_replace('/\\.([a-z0-9]+)$/i', '_' . $idx . '.$1', $_filename);
$idx++;
}
$direct_download = 'Y';
} else {
$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
$filename = $path . $random->createSecureSalt(32, 'hex');
$direct_download = 'N';
}
// Create a directory
if (!FileHandler::makeDir($path)) {
return new Object(-1, 'msg_not_permitted_create');
}
// Check uploaded file
if (!checkUploadedFile($file_info['tmp_name'])) {
return new Object(-1, 'msg_file_upload_error');
}
// Get random number generator
$random = new Password();
// Move the file
if ($manual_insert) {
@copy($file_info['tmp_name'], $filename);
if (!file_exists($filename)) {
$filename = $path . $random->createSecureSalt(32, 'hex') . '.' . $ext;
@copy($file_info['tmp_name'], $filename);
}
} else {
if (!@move_uploaded_file($file_info['tmp_name'], $filename)) {
$filename = $path . $random->createSecureSalt(32, 'hex') . '.' . $ext;
if (!@move_uploaded_file($file_info['tmp_name'], $filename)) {
return new Object(-1, 'msg_file_upload_error');
}
}
}
// Get member information
$oMemberModel = getModel('member');
$member_srl = $oMemberModel->getLoggedMemberSrl();
// List file information
$args = new stdClass();
$args->file_srl = getNextSequence();
$args->upload_target_srl = $upload_target_srl;
$args->module_srl = $module_srl;
$args->direct_download = $direct_download;
$args->source_filename = $file_info['name'];
$args->uploaded_filename = $filename;
$args->download_count = $download_count;
$args->file_size = @filesize($filename);
$args->comment = NULL;
$args->member_srl = $member_srl;
$args->sid = $random->createSecureSalt(32, 'hex');
$output = executeQuery('file.insertFile', $args);
if (!$output->toBool()) {
return $output;
}
// Call a trigger (after)
$trigger_output = ModuleHandler::triggerCall('file.insertFile', 'after', $args);
if (!$trigger_output->toBool()) {
return $trigger_output;
}
$_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true;
$output->add('file_srl', $args->file_srl);
$output->add('file_size', $args->file_size);
$output->add('sid', $args->sid);
$output->add('direct_download', $args->direct_download);
$output->add('source_filename', $args->source_filename);
$output->add('upload_target_srl', $upload_target_srl);
$output->add('uploaded_filename', $args->uploaded_filename);
return $output;
}
function updatePluginVars($plugin_name, $extra_vars)
{
if (!(is_string($plugin_name) && is_object($extra_vars))) {
return new Object(-1, 'msg_invalid_request');
}
getDestroyXeVars($extra_vars);
$oAjaxboardModel = getModel('ajaxboard');
$plugin_info = $oAjaxboardModel->getPluginInfo($plugin_name);
$plugin_vars = $plugin_info->xml_info->extra_vars;
$hash_id = md5('plugin_name:' . trim((string) $plugin_name));
foreach ($plugin_vars as $key => $val) {
if ($val->type == 'image') {
$img = $extra_vars->{$val->name};
$del = $extra_vars->{'del_' . $val->name};
unset($extra_vars->{'del_' . $val->name});
if ($del == 'Y') {
FileHandler::removeFile($val->value);
unset($extra_vars->{$val->name});
continue;
}
if (!$img['tmp_name'] && $val->value) {
$extra_vars->{$val->name} = $val->value;
continue;
}
$img_path = './files/attach/images/ajaxboard/' . $hash_id;
$img_file = $img_path . '/' . $img['name'];
if (!(is_uploaded_file($img['tmp_name']) && checkUploadedFile($img['tmp_name']) && preg_match('/\\.(jpg|jpeg|gif|png)$/i', $img['name']) && FileHandler::makeDir($img_path) && move_uploaded_file($img['tmp_name'], $img_file))) {
unset($extra_vars->{$val->name});
continue;
}
FileHandler::removeFile($val->value);
$extra_vars->{$val->name} = $img_file;
}
if ($val->type == 'module_srl') {
$module_srls = array();
if ($extra_vars->{$val->name}) {
$module_srls = explode(',', $extra_vars->{$val->name});
}
foreach ($module_srls as $key => $module_srl) {
$module_srls[$key] = (int) $module_srl;
}
$extra_vars->{$val->name} = $module_srls;
}
}
$args = new stdClass();
$args->plugin_name = $plugin_name;
$args->extra_vars = array();
foreach ($extra_vars as $key => $val) {
$params = new stdClass();
$params->name = trim($key);
$params->value = $val;
$args->extra_vars[$key] = $params;
}
return $this->updatePluginInfo($plugin_name, $args);
}
if ($conflicting) {
$defaultTitle = $folName;
// Put it back in the form for edition
notice(_SET_FOLDER_EXISTS);
break;
}
$values = array("folCreator" => $_auth["useid"], "folName" => $folName, "folIdent" => $folIdent);
if ($folid == 0) {
sql_query("INSERT INTO `folders`" . dbValues($values));
$folid = mysql_insert_id();
} else {
sql_query("UPDATE `folders`" . dbSet($values) . dbWhere(array("folid" => $folid)));
}
// Upload icon.
include_once INCLUDES . "files.php";
$iconError = checkUploadedFile("folIcon");
if (!$iconError) {
if (filesize($_FILES["folIcon"]["tmp_name"]) > $_config["maxIconSize"]) {
$iconError = sprintf(_SET_ICON_SIZE_EXCEEDED, $_config["maxIconSize"]);
} else {
// Check avatar image size/type.
$iconInfo = getimagesize($_FILES["folIcon"]["tmp_name"]);
list($iconWidth, $iconHeight) = preg_split('/x/', $_config["iconResolution"]);
if ($iconInfo[0] != $iconWidth || $iconInfo[1] != $iconHeight || $iconInfo[2] != 1 && $iconInfo[2] != 2 && $iconInfo[2] != 3) {
$iconError = sprintf(_SET_ICON_TOO_LARGE, $_config["iconResolution"]);
} else {
// Upload folder icon to /files/foldericons/#/#####/
$iconFilename = applyIdToPath("files/foldericons/", $folid);
$oldFiles = glob($iconFilename . "-*", GLOB_NOESCAPE);
if (is_array($oldFiles) && count($oldFiles) > 0) {
foreach ($oldFiles as $oldFile) {
function addRequestDetail($helpdeskItem, $detailPostVar, $detailFileVar, $detailPrivacy)
{
global $_auth;
$detailText = isset($_POST[$detailPostVar]) ? trim($_POST[$detailPostVar]) : "";
$fileName = "";
$fileNameOrig = "";
include_once INCLUDES . "files.php";
$uploadError = checkUploadedFile($detailFileVar);
if ($uploadError != _UPL_NO_FILE && $uploadError != "") {
return $uploadError;
}
if ($uploadError == "") {
$fileNameOrig = $_FILES[$detailFileVar]["name"];
$fileName = applyIdToPath("files/helpdesk/", $helpdeskItem);
$fileName .= "-" . substr(sha1(mt_rand() * (microtime() * 0.001)), 1, 16);
uploadFile($detailFileVar, $fileName, $extension);
$fileName .= "." . $extension;
if ($detailText == "") {
$detailText = "There is no text message in this detail.";
}
}
if ($detailText != "") {
sql_values(array("hddItem" => $helpdeskItem, "hddSubmitDate!" => "NOW()", "hddPrivacy" => $detailPrivacy, "hddCreator" => $_auth["useid"], "hddMessage" => $detailText, "hddAttachment" => $fileName, "hddAttachOrigName" => $fileNameOrig));
sql_insert("helpdeskDetails");
}
return "";
}
