protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, $index = null, $content_range = null) { global $hn, $dbConnection; $file = new \stdClass(); $file->name2 = $this->get_unique_filename($uploaded_file, $name, $size, $type, $error, $index, $content_range); $fn = $this->get_file_name($uploaded_file, $name, $size, $type, $error, $index, $content_range); $exter = pathinfo($fn, PATHINFO_EXTENSION); $fhash = randomhash(); $file->name = $fhash . "." . $exter; $file->size = $this->fix_integer_overflow(intval($size)); $file->type = $type; if ($this->validate($uploaded_file, $file, $error, $index)) { $this->handle_form_data($file, $index); $upload_dir = $this->get_upload_path(); if (!is_dir($upload_dir)) { mkdir($upload_dir, $this->options['mkdir_mode'], true); } $file_path = $this->get_upload_path($file->name); $append_file = $content_range && is_file($file_path) && $file->size > $this->get_file_size($file_path); if ($uploaded_file && is_uploaded_file($uploaded_file)) { // multipart/formdata uploads (POST method uploads) if ($append_file) { file_put_contents($file_path, fopen($uploaded_file, 'r'), FILE_APPEND); } else { move_uploaded_file($uploaded_file, $file_path); } } else { // Non-multipart uploads (PUT method support) file_put_contents($file_path, fopen('php://input', 'r'), $append_file ? FILE_APPEND : 0); } $file_size = $this->get_file_size($file_path, $append_file); if ($file_size === $file->size) { $file->url = $this->get_download_url($file->name); if ($this->is_valid_image_file($file_path)) { $this->handle_image_file($file_path, $file); } } else { $file->size = $file_size; if (!$content_range && $this->options['discard_aborted_uploads']) { unlink($file_path); $file->error = $this->get_error_message('abort'); } } $this->set_additional_file_properties($file); $stmt = $dbConnection->prepare('insert into files (ticket_hash, original_name, file_hash, file_type, file_size, file_ext) values (:ticket_hash, :original_name, :file_hash, :file_type, :file_size, :file_ext)'); $stmt->execute(array(':ticket_hash' => $hn, ':original_name' => $file->name2, ':file_hash' => $fhash, ':file_type' => $type, ':file_size' => $size, ':file_ext' => $exter)); } return $file; //$exter = pathinfo($file, PATHINFO_EXTENSION); //$fhash=randomhash(); /* $stmt = $dbConnection->prepare('insert into files (ticket_hash, original_name, file_hash, file_type, file_size, file_ext) values (:ticket_hash, :original_name, :file_hash, :file_type, :file_size, :file_ext)'); $stmt->execute(array( ':ticket_hash' =>$hn, ':original_name'=>$name, ':file_hash' =>$fhash, ':file_type' =>$type, ':file_size' =>$size, ':file_ext' =>$exter )); */ // $fileName_norm = $fhash.".".$exter; }
<?php require_once '../phpfunctions.php'; //include_once '../casconnect.php'; include_once '../dbconnect.php'; if (isset($_REQUEST['room']) && $_REQUEST['room'] != 0) { $room = mysqli_real_escape_string($mysqli, $_REQUEST['room']); $id = $_REQUEST['id']; $query = "SELECT * FROM clock WHERE userid = {$id} AND timeout = '0000-00-00 00:00:00'"; $result = $mysqli->query($query); if ($result->num_rows == 0) { $query = "INSERT INTO clock(userid, roomid, hash) VALUES('{$id}', '{$room}', '" . randomhash() . "')"; $mysqli->query($query); } } if (isset($_REQUEST['id']) && !isset($_REQUEST['room']) && $_REQUEST['id'] != 0) { $id = $_REQUEST['id']; $query = "DELETE FROM clock WHERE userid='{$id}'"; $mysqli->query($query); } if (isset($_REQUEST['giveachievement']) && $_REQUEST['giveachievement'] != 0) { $giveachievement = mysqli_real_escape_string($mysqli, $_REQUEST['giveachievement']); $query = "SELECT * FROM levels WHERE achievementid = {$giveachievement} ORDER BY level ASC"; //echo $query . '<BR>'; $result = $mysqli->query($query); $i = 1; while ($row = $result->fetch_assoc()) { echo '<option value="' . $i . '">Level ' . $i . '</option>'; $i++; } }
$maxsize = 30097152; if (isset($_FILES["myfile"])) { $ret = array(); $error = $_FILES["myfile"]["error"]; $flag = false; //You need to handle both cases //If Any browser does not support serializing of multiple files using FormData() if (!is_array($_FILES["myfile"]["name"])) { $fileName = $_FILES["myfile"]["name"]; $filetype = $_FILES["myfile"]["type"]; $filesize = $_FILES["myfile"]["size"]; if ($_FILES["myfile"]["size"] > $maxsize) { $flag = true; } if (!in_array($_FILES["myfile"]["type"], $acceptable) && !empty($_FILES["myfile"]["type"])) { $flag = true; } if ($flag == false) { $fhash = randomhash(); $ext = pathinfo($fileName, PATHINFO_EXTENSION); $fileName_norm = $fhash . "." . $ext; move_uploaded_file($_FILES["myfile"]["tmp_name"], $output_dir . $fileName_norm); $stmt = $dbConnection->prepare('insert into files (ticket_hash, original_name, file_hash, file_type, file_size, file_ext) values (:ticket_hash, :original_name, :file_hash, :file_type, :file_size, :file_ext)'); $stmt->execute(array(':ticket_hash' => $hn, ':original_name' => $fileName, ':file_hash' => $fhash, ':file_type' => $filetype, ':file_size' => $filesize, ':file_ext' => $ext)); } $ret[] = $fileName_norm; } echo json_encode($ret); }
} if ($done == false) { $reqAch = $levelRow['id']; $query = "SELECT * FROM achievementList WHERE id = {$achievement}"; $result = $mysqli->query($query); $row = $result->fetch_assoc(); $userrow['name'] = $row['name']; $userrow['level'] = $level; $query = "SELECT requests.*, levels.level FROM requests INNER JOIN levels ON levels.id = requests.achievementid WHERE requests.requesterid = '{$userid}' AND requests.achievementid = '{$reqAch}' AND requests.status = 0"; $result = $mysqli->query($query); if ($result->num_rows > 0) { //Already Under Review $row = $result->fetch_assoc(); echo "<script>alert('You already have an open request to be reviewed for level " . $row['level'] . " of the " . $userrow['name'] . " achievement. Please wait for the that review to complete.');</script>"; } else { $userrow['hash'] = randomhash(); $mysqli->query("INSERT INTO requests(requesterid, achievementid, hash, evidence) VALUES('{$userid}', '{$reqAch}', '" . $userrow['hash'] . "', '{$evidence}')"); $requestid = $mysqli->insert_id; //Email the requester with information $query = "SELECT * FROM achievementList WHERE id = {$achievement}"; $result = $mysqli->query($query); $row = $result->fetch_assoc(); $userrow['name'] = $row['name']; $userrow['level'] = $level; email_message('Achievement Request', $userrow['onid'] . '@oregonstate.edu', create_message('./emails/request.eml', $userrow)); //Identify reviewers $query = "SELECT DISTINCT users.* FROM users INNER JOIN achievements ON achievements.userid = users.id INNER JOIN levels ON levels.id = achievements.levelid WHERE achievements.achievementid = {$achievement} AND levels.level >= {$level} GROUP BY users.id LIMIT 5"; //echo $query . '<BR>'; $result = $mysqli->query($query); while ($row = $result->fetch_assoc()) { //echo 'Emailing: ' . $row['username'] . '<BR>';