Exemple #1
0
 }
 complete_procedure($dbc);
 foreach ($filetypes as $filerow) {
     if (sizeof($filerow) > 0) {
         // an extra object appears to be initialized into the array
         $typeId = $filerow['FileTypeID'];
         $typeName = $filerow['FileType'];
         $inName = 'fileup-' . $typeId;
         if ($typeName != '' && isset($_FILES["{$inName}"]) && $_FILES["{$inName}"] != '' && isset($_FILES["{$inName}"]["type"]) && $_FILES["{$inName}"]["type"] != '') {
             // adapted from prototyped file_upload_view_download
             $DstFileName = $_FILES["{$inName}"]["name"];
             $SrcFileType = $_FILES["{$inName}"]["type"];
             $SrcFilePath = $_FILES["{$inName}"]["tmp_name"];
             $FileErrorVal = $_FILES["{$inName}"]["error"];
             $FileSize = $_FILES["{$inName}"]["size"];
             if (is_mime_valid($SrcFileType) && $FileSize < 2097152) {
                 $q_create_rfmd = "CALL spCreateReviewerFileMetaData({$subID}, {$userID}, {$typeId}, '{$SrcFileType}', '{$DstFileName}', {$FileSize});";
                 if ($r_create_rfmd = mysqli_query($dbc, $q_create_rfmd)) {
                     $row_create_rfmd = mysqli_fetch_array($r_create_rfmd, MYSQLI_ASSOC);
                     $fmdId = $row_create_rfmd['FileMetaDataID'];
                     // TODO: verify this check works as intended
                     if (isset($row_create_rfmd['Error']) || $fmdId == 0) {
                         $error = true;
                         $incomplete = true;
                         $ret_err = $row_create_rfmd['Error'];
                         array_push($errors, "File for {$typeName} could not be uploaded because {$ret_err}.");
                     }
                     ignore_remaining_output($r_create_rfmd);
                     complete_procedure($dbc);
                     // File Processing
                     if (!$error && file_exists($SrcFilePath)) {
 $SrcFilePath = $_FILES["{$inName}"]["tmp_name"];
 $FileErrorVal = $_FILES["{$inName}"]["error"];
 $FileSize = $_FILES["{$inName}"]["size"];
 // TODO: get spSubmissionGetFilesList to return FileTypeID, workaround part 2
 $typeId = -1;
 foreach ($filetypes as $type) {
     if ($type['FileType'] == $typeName) {
         $typeId = $type['FileTypeID'];
     }
 }
 if ($typeId == -1) {
     $error = true;
     $incomplete = true;
     array_push($errors, 'Could not match uploaded file ' . $DstFileName . ' for type ' . $typeName . '.');
 }
 if (is_mime_valid($SrcFileType)) {
     // && $FileSize < 2097152) { - no limit on Editor uploads
     $q_update_fmd = "CALL spUpdateFileMetaData({$fileId}, {$typeId}, '{$SrcFileType}', '{$DstFileName}', {$FileSize});";
     // check typeId BEFORE running the query, workaround part 3
     if (!$error && ($r_update_fmd = mysqli_query($dbc, $q_update_fmd))) {
         if ($r_update_fmd && $r_update_fmd !== true) {
             $row_update_fmd = mysqli_fetch_array($r_update_fmd, MYSQLI_ASSOC);
             if (isset($row_update_fmd['Error']) || $fileId == 0) {
                 $error = true;
                 $incomplete = true;
                 $ret_err = $row_update_fmd['Error'];
                 array_push($errors, "File for {$typeName} could not be uploaded because {$ret_err}.");
             }
             ignore_remaining_output($r_update_fmd);
         }
         complete_procedure($dbc);