} complete_procedure($dbc); foreach ($filetypes as $filerow) { if (sizeof($filerow) > 0) { // an extra object appears to be initialized into the array $typeId = $filerow['FileTypeID']; $typeName = $filerow['FileType']; $inName = 'fileup-' . $typeId; if ($typeName != '' && isset($_FILES["{$inName}"]) && $_FILES["{$inName}"] != '' && isset($_FILES["{$inName}"]["type"]) && $_FILES["{$inName}"]["type"] != '') { // adapted from prototyped file_upload_view_download $DstFileName = $_FILES["{$inName}"]["name"]; $SrcFileType = $_FILES["{$inName}"]["type"]; $SrcFilePath = $_FILES["{$inName}"]["tmp_name"]; $FileErrorVal = $_FILES["{$inName}"]["error"]; $FileSize = $_FILES["{$inName}"]["size"]; if (is_mime_valid($SrcFileType) && $FileSize < 2097152) { $q_create_rfmd = "CALL spCreateReviewerFileMetaData({$subID}, {$userID}, {$typeId}, '{$SrcFileType}', '{$DstFileName}', {$FileSize});"; if ($r_create_rfmd = mysqli_query($dbc, $q_create_rfmd)) { $row_create_rfmd = mysqli_fetch_array($r_create_rfmd, MYSQLI_ASSOC); $fmdId = $row_create_rfmd['FileMetaDataID']; // TODO: verify this check works as intended if (isset($row_create_rfmd['Error']) || $fmdId == 0) { $error = true; $incomplete = true; $ret_err = $row_create_rfmd['Error']; array_push($errors, "File for {$typeName} could not be uploaded because {$ret_err}."); } ignore_remaining_output($r_create_rfmd); complete_procedure($dbc); // File Processing if (!$error && file_exists($SrcFilePath)) {
$SrcFilePath = $_FILES["{$inName}"]["tmp_name"]; $FileErrorVal = $_FILES["{$inName}"]["error"]; $FileSize = $_FILES["{$inName}"]["size"]; // TODO: get spSubmissionGetFilesList to return FileTypeID, workaround part 2 $typeId = -1; foreach ($filetypes as $type) { if ($type['FileType'] == $typeName) { $typeId = $type['FileTypeID']; } } if ($typeId == -1) { $error = true; $incomplete = true; array_push($errors, 'Could not match uploaded file ' . $DstFileName . ' for type ' . $typeName . '.'); } if (is_mime_valid($SrcFileType)) { // && $FileSize < 2097152) { - no limit on Editor uploads $q_update_fmd = "CALL spUpdateFileMetaData({$fileId}, {$typeId}, '{$SrcFileType}', '{$DstFileName}', {$FileSize});"; // check typeId BEFORE running the query, workaround part 3 if (!$error && ($r_update_fmd = mysqli_query($dbc, $q_update_fmd))) { if ($r_update_fmd && $r_update_fmd !== true) { $row_update_fmd = mysqli_fetch_array($r_update_fmd, MYSQLI_ASSOC); if (isset($row_update_fmd['Error']) || $fileId == 0) { $error = true; $incomplete = true; $ret_err = $row_update_fmd['Error']; array_push($errors, "File for {$typeName} could not be uploaded because {$ret_err}."); } ignore_remaining_output($r_update_fmd); } complete_procedure($dbc);