if ($user === false || !isset($_REQUEST['id'])) {
$response = ["redirect" => "/index.php"];
return $response;
} else {
$addonObject = AddonManager::getFromId($_REQUEST['id']);
}
if (!isset($_POST['submit'])) {
$response = ["message" => "Updating " . $addonObject->getName(), "version" => $addonObject->getVersion()];
return $response;
}
if (!isset($_POST['csrftoken']) || $_POST['csrftoken'] != $_SESSION['csrftoken']) {
$response = ["message" => "Cross site request forgery attempt blocked", "version" => $addonObject->getVersion()];
return $response;
}
if ($_FILES['uploadfile']['error'] !== UPLOAD_ERR_OK) {
$response = ["message" => "Upload error: " . codeToMessage($_FILES['uploadfile']['error']), "version" => $addonObject->getVersion()];
return $response;
}
if (!isset($_FILES['uploadfile']['name']) || !isset($_FILES['uploadfile']['size']) || !$_FILES['uploadfile']['size']) {
$response = ["message" => "No file was selected to be uploaded", "version" => $addonObject->getVersion()];
return $response;
}
$uploadExt = pathinfo($_FILES['uploadfile']['name'], PATHINFO_EXTENSION);
if ($uploadExt != "zip") {
$response = ["message" => "Only .zip files are allowed", "version" => $addonObject->getVersion()];
return $response;
}
require_once realpath(dirname(__DIR__) . "/class/AddonManager.php");
if ($_FILES['uploadfile']['size'] > AddonManager::$maxFileSize) {
$response = ["message" => "File too large - The maximum upload file size is 50 MB. Contact an administrator if you need to upload a larger file.", "version" => $addonObject->getVersion()];
return $response;
function upload_file($file_name, $file_size, $file_tmp, $file_error, $prefix, $uploads_dir)
{
/* --- FILE: NAME--- */
$files_name = substr($file_name, 0, -4);
$file_type = substr($file_name, -4);
/* --- FILE: SIZE --- */
if ($file_size > $size) {
$type = 'danger';
$msg = 'File exceed, max upload 3 MB';
return false;
}
/* --- FILE: TYPE --- */
$finfo = new finfo(FILEINFO_MIME_TYPE);
if (false === ($ext = array_search($finfo->file($file_tmp), array('jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif'), true))) {
$type = 'danger';
$msg = 'Invalid file format';
return false;
}
/* --- FILE: ERROR --- */
$file_error = codeToMessage($file_error);
if ($file_error !== UPLOAD_ERR_OK) {
$type = 'danger';
$msg = $file_error;
return false;
} else {
$uploads_dir = "files/uploads/{$uploads_dir}";
$userfile_name = cleanurl(str_replace(array('(', ')', ' '), '_', $files_name)) . $file_type;
$userfile_tmp = $file_tmp;
$prefix = $prefix;
$prod_img = $uploads_dir . $prefix . $userfile_name;
move_uploaded_file($userfile_tmp, $prod_img);
$slider_image = $prefix . $userfile_name;
$filename = 'files/uploads/$uploads_dir' . $prefix . $userfile_name;
$type = 'success';
$msg = 'Changes successfully saved';
return $filename;
}
}
$message = "File upload stopped by extension";
break;
default:
$message = "Unknown upload error";
break;
}
return $message;
}
if ($debug) {
/*Head of the page*/
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/building/head.php';
dump($_FILES, "Files");
}
if (isset($_FILES)) {
$error = $_FILES['file']['error'];
if (isset($_POST['upload']) && $_FILES['file']['size'] > 0) {
$fileName = $_FILES['file']['name'];
$type = pathinfo($_FILES['file']['tmp_name'], PATHINFO_EXTENSION);
$data = file_get_contents($_FILES['file']['tmp_name']);
/*The file will be save as base64 encode.*/
$content = base64_encode($data);
if (!get_magic_quotes_gpc()) {
$fileName = addslashes($fileName);
}
if (uploadFile($userid, $fileName, $_FILES['file']['size'], $_FILES['file']['type'], $content)) {
$_SESSION['success'] = ($debug ? "<b>upload.php:</b><br />" : "") . "File '{$fileName}' was uploaded successfully at the database.";
}
} else {
$_SESSION['error'] = ($debug ? "<b>upload.php:</b><br />" : "") . "The file was rejected because: " . codeToMessage($error);
}
}
