function upload($fname, $upath, $ufilename, $atype, $alsize)
{
global $conn;
if (is_uploaded_file($_FILES[$fname]['tmp_name'])) {
//echo '<pre>'; print_r($_FILES); echo '</pre>';
///////// to prevent executable file uploading
$filename1 = time() . $_FILES[$fname]['name'];
$blacklist = array("phtml", "php3", "php4", "js", "shtml", "pl", "py", "exe");
foreach ($blacklist as $file) {
if (preg_match("/\\.{$file}\$/i", "{$filename1}")) {
return "IT";
}
}
////////
if (!isValidFileName($_FILES[$fname]['name'])) {
return "IF";
}
$size = $_FILES[$fname]['size'];
$atype = "";
$alsize = 0;
$sql = "Select * from sptbl_lookup where vLookUpName IN('Attachments','MaxfileSize')";
$result = executeSelect($sql, $conn);
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_array($result)) {
switch ($row["vLookUpName"]) {
case "Attachments":
$var_attach_typearr = explode("|", $row["vLookUpValue"]);
//
$atype = $atype . $var_attach_typearr[1] . ",";
$atype_extension = $atype_extension . $var_attach_typearr[0] . ",";
break;
case "MaxfileSize":
$alsize = $row["vLookUpValue"];
break;
}
}
}
mysql_free_result($result);
$atype = substr($atype, 0, -1);
if ($size > $alsize or $size <= 0) {
return "IS";
}
if ($atype != "all") {
$allowetypearray = explode(",", $atype);
$allowetype_extn_array = explode(",", $atype_extension);
$file_type = $_FILES[$fname]['type'];
$file_type_extension = substr($_FILES[$fname]['name'], strrpos($_FILES[$fname]['name'], ".") + 1);
$allowed_flag = 0;
$allowedextn_flag = 0;
/* foreach ($allowetypearray as $key => $value) {
if (strcasecmp($file_type, $value) == 0) {
$allowed_flag = 1;
break;
}
}*/
foreach ($allowetype_extn_array as $key => $value) {
if (strcasecmp($file_type_extension, $value) == 0) {
$allowedextn_flag = 1;
$allowed_flag = 1;
break;
}
}
if ($allowed_flag == "0" or $allowedextn_flag == "0") {
return "IT";
}
}
if ($ufilename == "") {
$ufilename = time() . $_FILES[$fname]['name'];
}
$file_name = $upath . $ufilename;
if (is_file($file_name)) {
return "FE";
} elseif (substr(trim($ufilename), 0, 1) == ".") {
return "IF";
}
$mvstatus = @move_uploaded_file($_FILES[$fname]['tmp_name'], $file_name);
if (!$mvstatus) {
return "NW";
}
chmod($file_name, 0777);
return $ufilename;
} else {
return "FNA";
}
}
function lineNumberOfErrorForOldHeader($filePath, $projectName, $contents)
{
// Getting header
if (!preg_match('/\\/\\*\\*.+\\*\\//s', $contents, $matches)) {
return 1;
}
$header = $matches[0];
// Checking header size
$lines = preg_split("/[\n\r]+/", $header);
if (count($lines) != 7) {
return 1;
}
if (isValidFileName($lines[1], $filePath) == false) {
return 2;
}
if (isValidProjectName($lines[2], $projectName) == false) {
return 3;
}
if (isValidAuthor($lines[4]) == false) {
return 5;
}
if (isValidCopyright($lines[5]) == false) {
return 6;
}
return -1;
}