if ($success) { // processing happened, display message echo " <h3>Review Successfully Processed.</h3>\r\n"; echo " <p><a href=\"reviewer_incident_management.php\">Return to List of Reviewable Critical Incidents</a></p>\r\n"; } if (!$error) { $errorloc = 'displaying information for this critical incident'; $q_submission = "CALL spSubmissionGetInfo({$subID});"; if ($r_submission = mysqli_query($dbc, $q_submission)) { $row_submission = mysqli_fetch_array($r_submission, MYSQLI_ASSOC); $sub_title = $row_submission['IncidentTitle']; $sub_abstract = $row_submission['Abstract']; $sub_keywords = $row_submission['Keywords']; $sub_status = $row_submission['SubmissionStatus']; // expecting one row ignore_remaining_output($r_submission); complete_procedure($dbc); echo " <h3 class=\"PLACEHOLDER\">Critical Incident: {$sub_title}</h3><br />\r\n"; echo " <h3 class=\"PLACEHOLDER\">Abstract: </h3><p class=\"PLACEHOLDER\">{$sub_abstract}</p><br />\r\n"; $q_subfiles = "CALL spSubmissionGetFilesList({$subID});"; if ($r_subfiles = mysqli_query($dbc, $q_subfiles)) { while ($row_subfiles = mysqli_fetch_array($r_subfiles)) { $fid = $row_subfiles['FileMetaDataID']; $fname = $row_subfiles['FileName']; $fsize = $row_subfiles['FileSize']; $ftype = $row_subfiles['FileType']; create_download_link($fid, $ftype . ': ' . $fname, $fsize); } complete_procedure($dbc); } else { $error = true;
$q_FileInfo = "CALL spGetFileInfo('{$fid}')"; if (!$error && !($r_FileInfo = mysqli_query($dbc, $q_FileInfo))) { $error = true; array_push($errors, "Unable to get file information."); } if (!$error && mysqli_num_rows($r_FileInfo) != 1) { $error = true; array_push($errors, "Expecting one record, none or multiple found."); } if (!$error) { $row_FileInfo = mysqli_fetch_array($r_FileInfo, MYSQLI_ASSOC); $fileName = $row_FileInfo["FileName"]; $fileMime = $row_FileInfo["FileMime"]; $fileSize = $row_FileInfo["FileSize"]; // end the query and free the connection - expected one line ignore_remaining_output($r_FileInfo); complete_procedure($dbc); // check query before sending header information $q_FileSegments = "CALL spGetFileContents('{$fid}')"; if (!($r_FileSegments = mysqli_query($dbc, $q_FileSegments))) { $error = true; array_push($errors, "Unable to get file content."); } if (!$error && mysqli_num_rows($r_FileSegments) < 1) { $error = true; array_push($errors, "No content found for file."); } if (!$error) { // no errors so far - errors now are in the download itself $display = false; // send the header to the client
$SrcFilePath = $_FILES["{$inName}"]["tmp_name"]; $FileErrorVal = $_FILES["{$inName}"]["error"]; $FileSize = $_FILES["{$inName}"]["size"]; if (is_mime_valid($SrcFileType) && $FileSize < 2097152) { $q_create_rfmd = "CALL spCreateSubmissionFileMetaData('{$SubmissionID}', '{$FileTypeID}', '{$SrcFileType}', '{$DstFileName}', '{$FileSize}');"; if ($r_create_rfmd = mysqli_query($dbc, $q_create_rfmd)) { $row_create_rfmd = mysqli_fetch_array($r_create_rfmd, MYSQLI_ASSOC); $fmdId = $row_create_rfmd['FileMetaDataID']; // TODO: verify this check works as intended if (isset($row_create_rfmd['Error']) || $fmdId == 0) { $Error = true; $ret_err = $row_create_rfmd['Error']; array_push($Errors, "File for {$typeName} could not be uploaded because {$ret_err}."); echo "<p>File for {$typeName} could not be uploaded because {$ret_err}.</p><br>"; } ignore_remaining_output($r_create_rfmd); complete_procedure($dbc); // File Processing if (!$Error && file_exists($SrcFilePath)) { $fp = fopen($SrcFilePath, "rb"); $segment = 1; while (!feof($fp)) { // Make the data mysql insert safe $binarydata = addslashes(fread($fp, 65535)); $SQL = "CALL spCreateFileContent ('{$fmdId}', '{$binarydata}', {$segment});"; if (!($result = mysqli_query($dbc, $SQL))) { $Error = true; $ret_err = $dbc->error; array_push($Errors, "Segment {$segment} of file for {$typeName} could not be uploaded because {$ret_err}."); echo "<p>Segment {$segment} of file for {$typeName} could not be uploaded because {$ret_err}.</p><br>"; }
$q_settings = "Call spGetEmailSettings;"; // Run the query. if ($r_settings = mysqli_query($dbc, $q_settings)) { // If it ran OK. // Fetch the results and set variables from the array. $row_display = mysqli_fetch_array($r_settings, MYSQLI_ASSOC); $SettingID = $row_display["SettingID"]; $SettingName = $row_display["SettingName"]; $AuthorNagEmailDays = $row_display["AuthorNagEmailDays"]; $AuthorSubjectTemplate = $row_display["AuthorSubjectTemplate"]; $AuthorBodyTemplate = $row_display["AuthorBodyTemplate"]; $ReviewerNagEmailDays = $row_display["ReviewerNagEmailDays"]; $ReviewerSubjectTemplate = $row_display["ReviewerSubjectTemplate"]; $ReviewerBodyTemplate = $row_display["ReviewerBodyTemplate"]; // end the query and free the connection - expected one line ignore_remaining_output($r_settings); complete_procedure($dbc); } ?> <div class="content"> <img class="responsive" src="images/wood_image.jpg" alt="wood"> </div> <div class="contentwidth"> <div class="row flush"> <div class="col s7"> <div class="row"> <div class="col s10 frames"> <?php if (!empty($errors)) { echo '<div>'; echo '<h1>Error!</h1><p class="error">The following error(s) occurred:<br />';