function upload_language($dir_dest, $mod, $lang)
{
global $db, $backup, $messageStack;
$upload_filename = DIR_FS_MY_FILES . 'translator/translate.zip';
if (!validate_upload('zipfile', 'zip', 'zip')) {
$messageStack->add(TEXT_IMP_ERMSG7, 'error');
return false;
}
if (file_exists($upload_filename)) {
unlink($upload_filename);
}
if (!copy($_FILES['zipfile']['tmp_name'], $upload_filename)) {
$messageStack->add('Error copying to ' . $upload_filename, 'error');
return false;
}
if (!is_dir($dir_dest)) {
mkdir($dir_dest);
}
if ($backup->unzip_file($upload_filename, $dir_dest)) {
$messageStack->add('Error unzipping file', 'error');
return false;
}
$this->import_language($dir_dest, $mod, $lang);
if (file_exists($upload_filename)) {
unlink($upload_filename);
}
$backup->delete_dir($dir_dest);
// remove unzipped files
return true;
}
function upload($the_file)
{
global $the_path, $the_file_name;
$error = validate_upload($the_file);
if ($error) {
form($error);
} else {
# cool, we can continue
if (!@copy($the_file, $the_path . $the_file_name)) {
form("\n<b>Error, check the path to and the permissions for the upload directory</b>");
} else {
chmod($the_path . $the_file_name, 0755);
list_files();
form();
}
}
}
function upload($the_file, $the_path, $name)
{
//global $the_file1_name;
$error = validate_upload($the_file);
if ($error) {
form($error);
} else {
# cool, we can continue
$path = $the_path . $name;
if (!@copy($the_file, $path)) {
form("\n<b>Something barfed, check the path to and the permissions for the upload directory</b>");
} else {
chmod($path, 0755);
list_files($path);
//form();
}
}
}
function save()
{
global $db, $currencies, $fields, $messageStack;
$sql_data_array = $fields->what_to_save();
// handle the checkboxes
$sql_data_array['inactive'] = isset($_POST['inactive']) ? $_POST['inactive'] : '0';
// else unchecked
foreach (array('quantity_on_hand', 'quantity_on_order', 'quantity_on_sales_order', 'quantity_on_allocation', 'creation_date', 'last_update', 'last_journal_date') as $key) {
unset($sql_data_array[$key]);
}
$sql_data_array['last_update'] = date('Y-m-d H-i-s');
if ($_SESSION['admin_security'][SECURITY_ID_PURCHASE_INVENTORY] > 1) {
$sql_data_array['item_cost'] = $this->store_purchase_array();
$sql_data_array['vendor_id'] = $this->min_vendor_id;
} else {
if (isset($sql_data_array['item_cost'])) {
unset($sql_data_array['item_cost']);
}
}
$file_path = DIR_FS_MY_FILES . $_SESSION['company'] . '/inventory/images';
if ($this->remove_image == '1') {
// update the image with relative path
if ($this->image_with_path && file_exists($file_path . '/' . $this->image_with_path)) {
unlink($file_path . '/' . $this->image_with_path);
}
$this->image_with_path = '';
$sql_data_array['image_with_path'] = '';
unset($this->remove_image);
// this is not a db field, just an action
}
if (is_uploaded_file($_FILES['inventory_image']['tmp_name'])) {
if ($this->image_with_path && file_exists($file_path . '/' . $this->image_with_path)) {
unlink($file_path . '/' . $this->image_with_path);
}
$this->inventory_path = str_replace('\\', '/', $this->inventory_path);
// strip beginning and trailing slashes if present
if (substr($this->inventory_path, 0, 1) == '/') {
$this->inventory_path = substr($this->inventory_path, 1);
}
// remove leading '/' if there
if (substr($this->inventory_path, -1, 1) == '/') {
$this->inventory_path = substr($this->inventory_path, 0, -1);
}
// remove trailing '/' if there
if ($this->inventory_path) {
$file_path .= '/' . $this->inventory_path;
}
$temp_file_name = $_FILES['inventory_image']['tmp_name'];
$file_name = $_FILES['inventory_image']['name'];
if (!validate_path($file_path)) {
$messageStack->add(INV_IMAGE_PATH_ERROR, 'error');
return false;
} elseif (!validate_upload('inventory_image', 'image', 'jpg')) {
$messageStack->add(INV_IMAGE_FILE_TYPE_ERROR, 'error');
return false;
} else {
// passed all test, write file
$result = $db->Execute("select * from " . TABLE_INVENTORY . " where image_with_path = '" . ($this->inventory_path ? $this->inventory_path . '/' : '') . $file_name . "'");
if ($result->RecordCount() != 0) {
$messageStack->add(INV_IMAGE_DUPLICATE_NAME, 'error');
return false;
}
if (!copy($temp_file_name, $file_path . '/' . $file_name)) {
$messageStack->add(INV_IMAGE_FILE_WRITE_ERROR, 'error');
return false;
} else {
$this->image_with_path = ($this->inventory_path ? $this->inventory_path . '/' : '') . $file_name;
$sql_data_array['image_with_path'] = $this->image_with_path;
// update the image with relative path
}
}
}
if ($this->id != '') {
$result = $db->Execute("select attachments from " . TABLE_INVENTORY . " where id = {$this->id}");
$this->attachments = $result->fields['attachments'] ? unserialize($result->fields['attachments']) : array();
$image_id = 0;
while ($image_id < 100) {
// up to 100 images
if (isset($_POST['rm_attach_' . $image_id])) {
@unlink(INVENTORY_DIR_ATTACHMENTS . "inventory_{$this->id}_{$image_id}.zip");
unset($this->attachments[$image_id]);
}
$image_id++;
}
if (is_uploaded_file($_FILES['file_name']['tmp_name'])) {
// find an image slot to use
$image_id = 0;
while (true) {
if (!file_exists(INVENTORY_DIR_ATTACHMENTS . 'inventory_' . $this->id . '_' . $image_id . '.zip')) {
break;
}
$image_id++;
}
saveUploadZip('file_name', INVENTORY_DIR_ATTACHMENTS, 'inventory_' . $this->id . '_' . $image_id . '.zip');
$this->attachments[$image_id] = $_FILES['file_name']['name'];
}
$sql_data_array['attachments'] = sizeof($this->attachments) > 0 ? serialize($this->attachments) : '';
}
unset($sql_data_array['last_journal_date]']);
if ($this->id != '') {
if ($this->price_sheet == '') {
$db->Execute("DELETE FROM " . TABLE_INVENTORY_SPECIAL_PRICES . " WHERE inventory_id = {$this->id} and price_sheet_id IN ( SELECT id FROM " . TABLE_PRICE_SHEETS . " WHERE type = 'c' )");
}
unset($sql_data_array['creation_date]']);
db_perform(TABLE_INVENTORY, $sql_data_array, 'update', "id = " . $this->id);
gen_add_audit_log(INV_LOG_INVENTORY . TEXT_UPDATE, $this->sku . ' - ' . $sql_data_array['description_short']);
} else {
db_perform(TABLE_INVENTORY, $sql_data_array, 'insert');
$this->id = db_insert_id();
$result = $db->Execute("select price_sheet_id, price_levels from " . TABLE_INVENTORY_SPECIAL_PRICES . " where inventory_id = " . $this->id);
while (!$result->EOF) {
$output_array = array('inventory_id' => $this->id, 'price_sheet_id' => $result->fields['price_sheet_id'], 'price_levels' => $result->fields['price_levels']);
db_perform(TABLE_INVENTORY_SPECIAL_PRICES, $output_array, 'insert');
$result->MoveNext();
}
gen_add_audit_log(INV_LOG_INVENTORY . TEXT_COPY, " id " . $this->id . ' new sku = ' . $this->sku);
}
return $sql_data_array;
}
require_once DIR_FS_MODULES . 'phreedom/functions/phreedom.php';
require_once DIR_FS_WORKING . 'functions/import_bank.php';
/************** page specific initialization *************************/
$error = false;
$bank_acct = isset($_GET['bank_acct']) ? $_GET['bank_acct'] : $_POST['bank_acct'];
$page_list = array();
$page_list[$file] = array('title' => constant('MODULE_IMPORT_BANK_TITLE'), 'structure' => load_module_xml('import_bank/file'));
/*************** hook for custom actions ***************************/
$custom_path = DIR_FS_MODULES . 'import_bank/custom/pages/main/extra_actions.php';
if (file_exists($custom_path)) {
include $custom_path;
}
/*************** Act on the action request *************************/
switch ($_REQUEST['action']) {
case 'import_csv':
if (!validate_upload('file_name', 'text', 'csv')) {
break;
}
$result = bank_import_csv($page_list[$subject]['structure'], 'file_name', $bank_acct);
break;
case 'sample_csv':
$output = build_sample_csv($page_list[$subject]['structure'], 'bank_import');
header("Content-type: application/csv");
header("Content-disposition: attachment; filename=sample_bank_import; size=" . strlen($output));
header('Pragma: cache');
header('Cache-Control: public, must-revalidate, max-age=0');
header('Connection: close');
header('Expires: ' . date('r', time() + 3600));
header('Last-Modified: ' . date('r'));
print $output;
exit;
public function post_files_action()
{
$context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
$context_type = Request::option("context_type");
if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
throw new AccessDeniedException("Kein Zugriff");
}
//check folders
$db = DBManager::get();
$folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
$parent_folder_id = md5("Blubber_" . $context);
if ($context_type !== "course") {
$folder_id = $parent_folder_id;
}
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
if ($context_type === "course") {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
}
$output = array();
foreach ($_FILES as $file) {
$GLOBALS['msg'] = '';
if ($context_type === "course") {
validate_upload($file);
if ($GLOBALS['msg']) {
$output['errors'][] = $file['name'] . ': ' . studip_utf8encode(html_entity_decode(trim(substr($GLOBALS['msg'], 6), '§')));
continue;
}
}
if ($file['size']) {
$document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['seminar_id'] = $context;
$document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
$document['filesize'] = $file['size'];
if ($newfile = StudipDocument::createWithFile($file['tmp_name'], $document)) {
$type = null;
strpos($file['type'], 'image') === false || ($type = "img");
strpos($file['type'], 'video') === false || ($type = "video");
if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
$type = "audio";
}
$url = GetDownloadLink($newfile->getId(), $newfile['filename']);
if ($type) {
$output['inserts'][] = "[" . $type . "]" . $url;
} else {
$output['inserts'][] = "[" . $newfile['filename'] . "]" . $url;
}
}
}
}
$this->render_json($output);
}
function reconcileInvoice()
{
global $db, $messageStack, $currencies;
$reconciled = array();
$count = 0;
// first verify the file was uploaded ok
$upload_name = 'file_name';
if (!validate_upload($upload_name, 'text', 'csv')) {
return false;
}
$lines_array = file($_FILES[$upload_name]['tmp_name']);
if (!($shipments = $this->fedExParse($lines_array))) {
return false;
}
$inv_num = $shipments[0]['Invoice Number'];
$inv_date = $shipments[0]['Invoice Date'];
$output = SHIPPING_FEDEX_RECON_TITLE . date('Y-m-d') . "\n";
$output .= sprintf(SHIPPING_FEDEX_RECON_INTRO, $inv_num, $inv_date) . "\n\n";
foreach ($shipments as $record) {
// pull the reference number from the invoice (Original Customer Reference)
$ref_num = $record['Original Customer Reference'];
$payor_id = $record['Payor'];
$track_num = trim($record['Ground Tracking ID Prefix'] . ' ' . $record['Express or Ground Tracking ID']);
$rcv_name = $record['Recipient Company'];
$ship_name = $record['Shipper Company'];
$ship_date = $record['Shipment Date'];
$cost = $record['Net Charge Amount'];
if (!$payor_id) {
continue;
}
// weekly service charge and other non-shipment related.
if ($ref_num) {
$result = $db->Execute("select cost from " . TABLE_SHIPPING_LOG . " where ref_id = '" . $ref_num . "'");
if ($result->RecordCount() == 0) {
$output .= sprintf(SHIPPING_FEDEX_RECON_NO_RECORDS, $ship_date, $ref_num, $track_num, $ship_name, $rcv_name, $cost) . "\n";
continue;
} elseif ($result->recordCount() > 1) {
$output .= sprintf(SHIPPING_FEDEX_RECON_TOO_MANY, $ship_date, $ref_num, $track_num, $ship_name, $rcv_name, $cost) . "\n";
continue;
}
} else {
$output .= sprintf(SHIPPING_FEDEX_RECON_NO_RECORDS, $ship_date, $ref_num, $track_num, $ship_name, $rcv_name, $cost) . "\n";
continue;
}
$estimate = ($result->fields['cost'] + FEDEX_V7_COST_OFFSET) * (1 + FEDEX_V7_COST_FACTOR);
if ($cost > $estimate) {
$output .= sprintf(SHIPPING_FEDEX_RECON_COST_OVER, $ship_date, $ref_num, $track_num, $cost, $result->fields['cost']) . "\n";
}
$inv_num = strpos($ref_num, '-') ? substr($ref_num, 0, strpos($ref_num, '-')) : $ref_num;
$result = $db->Execute("select freight from " . TABLE_JOURNAL_MAIN . " where purchase_invoice_id = '{$inv_num}'");
$invoiced = $result->RecordCount() == 0 ? 0 : $result->fields['freight'];
$estimate = ($invoiced + FEDEX_V7_COST_OFFSET) * (1 + FEDEX_V7_COST_FACTOR);
if ($cost > $estimate) {
$output .= sprintf(SHIPPING_FEDEX_RECON_COST_OVER_INV, $ship_date, $ref_num, $track_num, $cost, $invoiced) . "\n";
}
$reconciled[] = $ref_num;
$count++;
}
$output .= "\n" . sprintf(SHIPPING_FEDEX_RECON_SUMMARY, $count) . "\n";
// set the reconciled flag
if (sizeof($reconciled) > 0) {
$db->Execute("update " . TABLE_SHIPPING_LOG . " set reconciled = '1' where ref_id in ('" . implode("','", $reconciled) . "')");
}
// output results
gen_add_audit_log('FedEx Reconciliation Report', 'Records: ' . $count);
header("Content-type: plain/txt");
header("Content-disposition: attachment; filename=FedEx-" . $inv_num . ".txt; size=" . strlen($output));
header('Pragma: cache');
header('Cache-Control: public, must-revalidate, max-age=0');
header('Connection: close');
header('Expires: ' . date('r', time() + 60 * 60));
header('Last-Modified: ' . date('r'));
print $output;
die;
}
function upload_file($nzb_file)
{
global $NzbDir;
//return $nzb_file['tmp_name'];
$error = validate_upload($nzb_file);
if (!$error) {
$uploadfile = $NzbDir . "/" . basename($nzb_file['name']);
//echo $uploadfile."<br>";
//echo "nzbfile: ".$nzb_file['tmp_name'];
//exit(-1);
if (move_uploaded_file($nzb_file['tmp_name'], $uploadfile)) {
chmod($uploadfile, 0777);
$error = "<b><font color=green>File upload OK </font></b><br>\n\t\t\tFilename: " . $nzb_file['name'] . "<br>\n\t\t\tFilesize: " . $nzb_file['size'] . " <br>";
} else {
$error = "<b><font color=red>Error:</font></b>\nCheck the path and the permissions for the upload directory (option <b>NzbDir</b>)";
}
}
return $error;
}
}
$max_list = $_GET['pull_down_max'] ? $_GET['pull_down_max'] : MAX_DISPLAY_SEARCH_RESULTS;
$ship_date = $_POST['ship_date'] ? gen_db_date($_POST['ship_date']) : date('Y-m-d');
$action = $_POST['action'];
// load the sort fields
$_GET['sf'] = $_POST['sort_field'] ? $_POST['sort_field'] : $_GET['sf'];
$_GET['so'] = $_POST['sort_order'] ? $_POST['sort_order'] : $_GET['so'];
if (!isset($_REQUEST['list'])) {
$_REQUEST['list'] = 1;
}
/*************** Act on the action request *************************/
switch ($action) {
case 'import':
validate_security($security_level, 3);
// first verify the file was uploaded ok
if (!validate_upload($upload_name, 'text', 'txt')) {
$messageStack->add('There was an error uploading the file.', 'error');
break;
} else {
$salesOrder = new amazon();
if ($salesOrder->processOrders($upload_name)) {
gen_redirect(html_href_link(FILENAME_DEFAULT, gen_get_all_get_params(array('action')), 'SSL'));
}
}
break;
case 'ship_confirm':
$str = "order-id\torder-item-id\tquantity\tship-date\tcarrier-code\tcarrier-name\ttracking-number\tship-method\n";
// fetch every shipment for the given post_date
$result = $db->Execute("SELECT ref_id, carrier, method, ship_date, tracking_id \n\t FROM " . TABLE_SHIPPING_LOG . " WHERE ship_date LIKE '{$ship_date}%'");
if ($result->RecordCount() == 0) {
$messageStack->add('No valid Amazon orders have been shipped on the date selected!', 'caution');
/**
* Saves given files (dragged into the textarea) and returns the link to the
* file to the user as json.
* @throws AccessDeniedException
*/
public function post_files_action()
{
$context = Request::option("context") ? Request::get("context") : $GLOBALS['user']->id;
$context_type = Request::option("context_type");
if (!Request::isPost() || $context_type === "course" && !$GLOBALS['perm']->have_studip_perm("autor", $context)) {
throw new AccessDeniedException();
}
//check folders
$db = DBManager::get();
$folder_id = md5("Blubber_" . $context . "_" . $GLOBALS['user']->id);
$parent_folder_id = md5("Blubber_" . $context);
if ($context_type !== "course") {
$folder_id = $parent_folder_id;
}
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$folder = $db->query("SELECT * " . "FROM folder " . "WHERE folder_id = " . $db->quote($parent_folder_id) . " " . "")->fetch(PDO::FETCH_COLUMN, 0);
if (!$folder) {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($parent_folder_id) . ", " . "range_id = " . $db->quote($context) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote("BlubberDateien") . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
if ($context_type === "course") {
$db->exec("INSERT IGNORE INTO folder " . "SET folder_id = " . $db->quote($folder_id) . ", " . "range_id = " . $db->quote($parent_folder_id) . ", " . "seminar_id = " . $db->quote($context) . ", " . "user_id = " . $db->quote($GLOBALS['user']->id) . ", " . "name = " . $db->quote(get_fullname()) . ", " . "permission = '7', " . "mkdate = " . $db->quote(time()) . ", " . "chdate = " . $db->quote(time()) . " " . "");
}
}
$output = array();
foreach ($_FILES as $file) {
$GLOBALS['msg'] = '';
validate_upload($file);
if ($GLOBALS['msg']) {
$output['errors'][] = $file['name'] . ': ' . decodeHTML(trim(substr($GLOBALS['msg'], 6), '§'));
continue;
}
if ($file['size']) {
$document['name'] = $document['filename'] = studip_utf8decode(strtolower($file['name']));
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['seminar_id'] = $context;
$document['range_id'] = $context_type === "course" ? $folder_id : $parent_folder_id;
$document['filesize'] = $file['size'];
if ($context === $GLOBALS['user']->id && Config::get()->PERSONALDOCUMENT_ENABLE) {
try {
$root_dir = RootDirectory::find($GLOBALS['user']->id);
$blubber_directory = $root_dir->listDirectories()->findOneBy('name', 'Blubber');
if (!$blubber_directory) {
$blubber_directory = $root_dir->mkdir('Blubber', _('Ihre Dateien aus Blubberstreams'));
}
$newfile = $blubber_directory->file->createFile($document['name']);
$newfile->name = $document['name'];
$newfile->store();
$handle = $newfile->file;
$handle->restricted = 0;
$handle->mime_type = $file['type'];
$handle->setContentFromFile($file['tmp_name']);
$handle->update();
$url = $newfile->getDownloadLink(true, true);
$success = true;
} catch (Exception $e) {
$output['error'][] = $e->getMessage();
$success = false;
}
} else {
$newfile = StudipDocument::createWithFile($file['tmp_name'], $document);
$success = (bool) $newfile;
if ($success) {
$url = GetDownloadLink($newfile->getId(), $newfile['filename']);
}
}
if ($success) {
$type = null;
strpos($file['type'], 'image') === false || ($type = "img");
strpos($file['type'], 'video') === false || ($type = "video");
if (strpos($file['type'], 'audio') !== false || strpos($document['filename'], '.ogg') !== false) {
$type = "audio";
}
if ($type) {
$output['inserts'][] = "[" . $type . "]" . $url;
} else {
$output['inserts'][] = "[" . $document['filename'] . "]" . $url;
}
}
}
}
$this->render_json($output);
}
// strip beginning and trailing slashes if present
if (substr($inventory_path, -1, 1) == '/') {
$inventory_path = substr($inventory_path, 0, -1);
}
if (substr($inventory_path, 0, 1) == '/') {
$inventory_path = substr($inventory_path, 1);
}
if ($inventory_path) {
$file_path .= '/' . $inventory_path;
}
$temp_file_name = $_FILES['inventory_image']['tmp_name'];
$file_name = $_FILES['inventory_image']['name'];
if (!validate_path($file_path)) {
$messageStack->add(INV_IMAGE_PATH_ERROR, 'error');
$error = true;
} elseif (!validate_upload('inventory_image', 'image', 'jpg')) {
$messageStack->add(INV_IMAGE_FILE_TYPE_ERROR, 'error');
$error = true;
} else {
// passed all test, write file
if (!copy($temp_file_name, $file_path . '/' . $file_name)) {
$messageStack->add(INV_IMAGE_FILE_WRITE_ERROR, 'error');
$error = true;
} else {
$image_with_path = ($inventory_path ? $inventory_path . '/' : '') . $file_name;
$_POST['image_with_path'] = $image_with_path;
$sql_data_array['image_with_path'] = $image_with_path;
// update the image with relative path
}
}
}
function ImportReport($RptName = '', $RptFileName = '', $import_path = PF_DIR_DEF_REPORTS, $save_path = PF_DIR_MY_REPORTS)
{
global $db, $messageStack;
$rID = '';
if ($RptFileName != '') {
// then a locally stored report was chosen
$path = $import_path . $RptFileName;
} else {
if (validate_upload('reportfile')) {
$path = $_FILES['reportfile']['tmp_name'];
} else {
$messageStack->add(PHREEFORM_IMPORT_ERROR, 'error');
return false;
}
}
$handle = fopen($path, "r");
$contents = fread($handle, filesize($path));
fclose($handle);
if (strpos($contents, 'Report Builder Export Tool')) {
// it's an old style report
require_once DIR_FS_MODULES . 'phreeform/functions/reportwriter.php';
if (!($report = import_text_params(file($path)))) {
return false;
}
} else {
// assume it's a new xml type
if (!($report = xml_to_object($contents))) {
return false;
}
if (is_object($report->PhreeformReport)) {
$report = $report->PhreeformReport;
}
// remove container tag
}
if ($RptName != '') {
$report->title = $RptName;
}
// replace the title if provided
// error check
$result = $db->Execute("select id from " . TABLE_PHREEFORM . "\n\t where doc_title = '" . addslashes($report->title) . "' and doc_type <> '0'");
if ($result->RecordCount() > 0) {
// the report name already exists, if file exists error, else write
$rID = $result->fields['id'];
if (file_exists($save_path . 'pf_' . $rID)) {
// file exists - error and return
$messageStack->add(sprintf(PHREEFORM_REPDUP, $report->title), 'error');
return false;
}
}
if (!($result = save_report($report, $rID, $save_path))) {
return false;
}
return true;
}
public function upload_attachment_action()
{
if ($GLOBALS['user']->id === "nobody") {
throw new AccessDeniedException();
}
if (!$GLOBALS['ENABLE_EMAIL_ATTACHMENTS']) {
throw new AccessDeniedException(_('Mailanhänge sind nicht erlaubt.'));
}
$file = studip_utf8decode($_FILES['file']);
$output = array('name' => $file['name'], 'size' => $file['size']);
$output['message_id'] = Request::option("message_id");
if (!validate_upload($file)) {
list($type, $error) = explode("§", $GLOBALS['msg']);
throw new Exception($error);
}
$document = new StudipDocument();
$document->setValue('range_id', 'provisional');
$document->setValue('seminar_id', $GLOBALS['user']->id);
$document->setValue('name', $output['name']);
$document->setValue('filename', $document->getValue('name'));
$document->setValue('filesize', (int) $output['size']);
$document->setValue('autor_host', $_SERVER['REMOTE_ADDR']);
$document->setValue('user_id', $GLOBALS['user']->id);
$document->setValue('description', Request::option('message_id'));
$success = $document->store();
if (!$success) {
throw new Exception("Unable to handle uploaded file.");
}
$file_moved = move_uploaded_file($file['tmp_name'], get_upload_file_path($document->getId()));
if (!$file_moved) {
throw new Exception("No permission to move file to destination.");
}
$output['document_id'] = $document->getId();
$output['icon'] = GetFileIcon(getFileExtension($output['name']))->asImg(['class' => "text-bottom"]);
$this->render_json($output);
}
/**
* Update einer Datei bzw. eines Ordners
*
* @put /file/:file_id
*/
public function putFile($id)
{
$folder = $this->loadFolder($id);
if (!$folder) {
$document = $this->loadFile($id);
$folder = $this->loadFolder($document['range_id']);
}
if (!$folder) {
$this->error(404, 'folder does not exist');
}
if ($document) {
foreach (words('name description protected') as $c) {
if (isset($this->data[$c])) {
$document[$c] = $this->data[$c];
}
}
if (is_array($this->data['_FILES']) && count($this->data['_FILES'])) {
//fileupload
$file = current($this->data['_FILES']);
$GLOBALS['msg'] = '';
validate_upload($file);
if ($GLOBALS['msg']) {
$this->error(400, decodeHTML(trim(substr($GLOBALS['msg'], 6), '§')));
}
if ($file['size']) {
$document['filename'] = strtolower($file['name']);
$document['user_id'] = $GLOBALS['user']->id;
$document['author_name'] = get_fullname();
$document['filesize'] = $file['size'];
$document['autor_host'] = $_SERVER['REMOTE_ADDR'];
$ok = \StudipDocument::createWithFile($file['tmp_name'], $document);
@unlink($file['tmp_name']);
}
if (!$ok) {
$this->error(400, 'could not create file');
}
} else {
$document->store();
}
} else {
//update folder
foreach (words('name description') as $c) {
if (isset($this->data[$c])) {
$folder[$c] = $this->data[$c];
}
}
$folder->store();
}
$this->status(204);
$this->body(null);
//no content means no content
}
echo "::::>> " . $the_file;
}
//INUTILE
$my_max_file_size = (int) MY_MAX_FILE_SIZE_IMPORT;
if ($FG_DEBUG == 1) {
echo "<br> Task :: {$task}";
}
if ($task == 'upload') {
//---------------------------------------------------------
// Effacer tout les fichiers du repertoire cache.
//---------------------------------------------------------
$the_file_name = $_FILES['the_file']['name'];
$the_file_type = $_FILES['the_file']['type'];
$the_file = $_FILES['the_file']['tmp_name'];
if (count($_FILES) > 0) {
$errortext = validate_upload($the_file, $the_file_type);
if ($errortext != "" || $errortext != false) {
echo $errortext;
exit;
}
$new_filename = "/tmp/" . MDP(6) . ".csv";
if (file_exists($new_filename)) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
if (!move_uploaded_file($_FILES["the_file"]["tmp_name"], $new_filename)) {
echo gettext("File Save Failed, FILE=" . $new_filename);
}
}
$the_file = $new_filename;
} else {
$the_file_type = $uploadedfile_type;
/**
* Laedt eine bestehende Verzeichnisstruktur in das System.
* Die ganze Struktur wird samt Dateien und Unterverzeichnissen rekursiv
* eingefuegt: 1. Den aktuellen Ordner erstellen. -- 2. Die Dateien in
* alphabetischer Reihenfolge einfuegen. -- 3. Die Verzeichnisstruktur jedes
* Unterordners einfuegen (Rekursion).
* Nach Einfuegen einer Datei / eines Verzeichnisses wird die Datei oder das
* Verzeichnis geloescht.
*
* @param range_id Die ID des Ordners unter dem die Verzeichnisstruktur
* @param dir
* @return (no return value)
*/
function upload_recursively($range_id, $dir) {
static $count = array(
'files' => 0,
'files_max' => false,
'subdirs' => 0,
'subdirs_max' => false,
);
$max_files = get_config('ZIP_UPLOAD_MAX_FILES');
$max_dirs = get_config('ZIP_UPLOAD_MAX_DIRS');
$files = array ();
$subdirs = array ();
if ($count['files'] >= $max_files) {
$count['files_max'] = true;
return;
}
if ($count['subdirs'] >= $max_dirs) {
$count['subdirs_max'] = true;
return;
}
// Versuchen, das Verzeichnis zu oeffnen
if ($handle = @opendir($dir)) {
// Alle Eintraege des Verzeichnisses durchlaufen
while (false !== ($file = readdir($handle))) {
// Verzeichnisverweise . und .. ignorieren
if ($file != "." && $file != "..") {
// Namen vervollstaendigen
$file = $dir."/".$file;
if (is_link($file)) {
continue;
}
if (is_file($file)) {
// Datei in Dateiliste einfuegen
$files[] = $file;
}
elseif (is_dir($file)) {
// Verzeichnis in Verzeichnisliste einfuegen
$subdirs[] = $file;
}
}
}
closedir($handle);
}
// Listen der Dateien und Unterverzeichnisse sortieren.
sort($files);
sort($subdirs);
// Alle Dateien hinzufuegen.
while (list ($nr, $file) = each($files)) {
if ($count['files'] >= $max_files) {
$count['files_max'] = true;
break;
}
if (validate_upload(array('name' => $file, 'size' => filesize($file)))) {
$count['files'] += upload_zip_file($range_id, $file);
}
}
// Alle Unterverzeichnisse hinzufuegen.
while (list ($nr, $subdir) = each($subdirs)) {
if ($count['subdirs'] >= $max_dirs) {
$count['subdirs_max'] = true;
break;
}
// Verzeichnis erstellen
$pos = strrpos($subdir, "/");
$name = substr($subdir, $pos + 1, strlen($subdir) - $pos);
$dir_id = create_folder($name, "", $range_id);
$count['subdirs']++;
// Verzeichnis hochladen.
upload_recursively($dir_id, $subdir);
}
return $count;
}
// strip beginning and trailing slashes if present
if (substr($asset_path, -1, 1) == '/') {
$asset_path = substr($asset_path, 0, -1);
}
if (substr($asset_path, 0, 1) == '/') {
$asset_path = substr($asset_path, 1);
}
if ($asset_path) {
$file_path .= '/' . $asset_path;
}
$temp_file_name = $_FILES['asset_image']['tmp_name'];
$file_name = $_FILES['asset_image']['name'];
if (!validate_path($file_path)) {
$messageStack->add(ASSETS_IMAGE_PATH_ERROR, 'error');
$error = true;
} elseif (!validate_upload('asset_image', 'image', 'jpg')) {
$messageStack->add(ASSETS_IMAGE_FILE_TYPE_ERROR, 'error');
$error = true;
} else {
// passed all test, write file
if (!copy($temp_file_name, $file_path . '/' . $file_name)) {
$messageStack->add(ASSETS_IMAGE_FILE_WRITE_ERROR, 'error');
$error = true;
} else {
$image_with_path = ($asset_path ? $asset_path . '/' : '') . $file_name;
$_POST['image_with_path'] = $image_with_path;
$sql_data_array['image_with_path'] = $image_with_path;
// update the image with relative path
}
}
}
break;
}
$key = $_POST['row_id'][$cnt];
$properties = new objectInfo();
$properties->description = db_prepare_input($_POST['fld_desc'][$cnt]);
$properties->abscissa = db_prepare_input($_POST['fld_abs'][$cnt]);
$properties->ordinate = db_prepare_input($_POST['fld_ord'][$cnt]);
$properties->width = db_prepare_input($_POST['fld_wid'][$cnt]);
$properties->height = db_prepare_input($_POST['fld_hgt'][$cnt]);
$properties->rowbreak = db_prepare_input($_POST['fld_brk'][$cnt]);
$properties->type = db_prepare_input($_POST['fld_type_' . $key]);
// check for image
if (isset($_POST['img_sel_' . $key])) {
if ($_POST['img_sel_' . $key] == 'U') {
// upload
if (validate_upload('img_upload_' . $key, 'image', array('jpg', 'jpeg', 'png', 'gif'))) {
$properties->filename = $_FILES['img_upload_' . $key]['name'];
if (!@move_uploaded_file($_FILES['img_upload_' . $key]['tmp_name'], PF_DIR_MY_REPORTS . 'images/' . $properties->filename)) {
$messageStack->add(sprintf(PHREEFORM_IMAGE_MOVE_ERROR, PF_DIR_MY_REPORTS . 'images/' . $properties->filename), 'error');
}
} else {
$messageStack->add(PHREEFORM_IMAGE_UPLOAD_ERROR, 'error');
}
} else {
// selected from the list
$properties->filename = $_POST['img_file_' . $key];
}
}
// line
if (isset($_POST['box_ltype_' . $key])) {
$properties->linetype = $_POST['box_ltype_' . $key];
/**
* Throw exception if upload of given file is forbidden.
*
* @param Array $file PHP file info array of uploaded file.
* @throws AccessDeniedException if file is forbidden by Stud.IP settings.
*/
private static function verifyUpload($file)
{
$GLOBALS['msg'] = '';
// validate_upload will store messages here
if (!\validate_upload($file)) {
// upload is forbidden
// remove error pattern from message
$message = \preg_replace('/error§(.+)§/', '$1', $GLOBALS['msg']);
// clear global messages and throw exception
$GLOBALS['msg'] = '';
throw new \AccessDeniedException(\decodeHTML($message));
}
}
} else {
//verifies if the file name must be escaped
if ($the_file['name'] != urldecode($the_file['name'])) {
$uploadnm = stripslashes(urldecode($the_file['name']));
} else {
$uploadnm = stripslashes($the_file['name']);
}
}
//TODO: aicie se face practic mutarea fisierului din temporar in loc care vrea userul
if (!move_uploaded_file($the_file['tmp_name'], $the_path . DIRECTORY_SEPARATOR . $uploadnm)) {
$copy_error = "Check the path to and the permissions for the upload directory.<br><a href=\"fileupload.php?currentPath=" . urlencode($HTTP_GET_VARS['currentPath']) . "&counter=" . $HTTP_GET_VARS['counter'] . "&submode=" . $HTTP_GET_VARS['submode'] . "\">Press here</a> to go back";
}
return $copy_error;
}
if (isset($HTTP_POST_VARS['action'])) {
$validate_error = validate_upload($HTTP_POST_FILES['the_file'], $allowed_types, $allowed_ext);
if ($validate_error == "") {
$upload_error = upload($HTTP_POST_FILES['the_file']);
if ($upload_error == "") {
echo "<script>\n";
echo "if (window.opener._dlg_) { \n";
//echo " window.opener._dlg_.frames['centru'].location.reload(true);\n";
echo "\twindow.opener._dlg_.frames['centru'].location = window.opener._dlg_.frames['centru'].location + '&rand=' + Math.random();\n";
echo "} else { \n";
echo "\twindow.opener.parent.frames['centru'].location.reload(true);\n";
echo "}\n";
echo "window.close();</script>";
} else {
die($upload_error);
}
exit;
function ie_import_data($prefs, $params, $criteria, $options)
{
global $db;
global $messageStack;
global $qualifiers, $delimiters, $address_tables;
if ($prefs['table_name'] == TABLE_CONTACTS) {
$use_address_book = true;
switch ($prefs['group_id']) {
case 'ar':
$account_type = 'c';
break;
// customers
// customers
case 'ap':
$account_type = 'v';
break;
// vendors
// vendors
case 'hr':
$account_type = 'e';
// employees
}
} else {
$use_address_book = false;
}
// first verify the file was uploaded ok
if (!validate_upload('import_file_name', 'text', 'csv')) {
return false;
}
// build the mapping arrays to point field names to proper position in import order
$data[0] = array();
if ($use_address_book) {
$mail[0] = array();
for ($i = 0; $i < MAX_NUM_ADDRESSES; $i++) {
$ship[$i] = array();
$bill[$i] = array();
}
}
$index = 0;
$found_primary_key = false;
$element_processing = array();
foreach ($params as $field) {
if ($field['show'] && ($field['mode'] == 'i' || $field['mode'] == 'b')) {
if ($use_address_book && substr($field['field'], 0, 5) == 'mail ') {
$temp = explode(' ', $field['field']);
$mail[0][$temp[1]] = $index;
} elseif ($use_address_book && substr($field['field'], 0, 5) == 'ship ') {
$temp = explode(' ', $field['field']);
$ship[$temp[2] - 1][$temp[1]] = $index;
} elseif ($use_address_book && substr($field['field'], 0, 5) == 'bill ') {
$temp = explode(' ', $field['field']);
$bill[$temp[2] - 1][$temp[1]] = $index;
} else {
if ($field['field'] == $prefs['primary_key_field']) {
$found_primary_key = true;
}
$data[0][$field['field']] = $index;
}
$element_processing[$index] = $field['proc'];
// needed for processing of each input value
$index++;
}
}
// A primary key is necessary for every import to check for updates versus new entries.
if (!$found_primary_key) {
$messageStack->add(TEXT_IMP_ERMSG15 . $prefs['primary_key_field'], 'error');
return false;
}
// fetch the delimiters and text qualifiers
$delimiter = ie_fetch_delimiter($options['delimiter']);
$qualifier = ie_fetch_qualifier($options['qualifier']);
// find the length of the longest row for the parser
$length = ie_longest_line_length($_FILES['import_file_name']['tmp_name']);
// ready to process the import file
$skip_first_row = $options['imp_headings'] == '1' ? true : false;
$handle = fopen($_FILES['import_file_name']['tmp_name'], "r");
while (($row_data = fgetcsv($handle, $length, $delimiter)) !== FALSE) {
if ($skip_first_row) {
$skip_first_row = false;
continue;
}
if ($qualifier != '') {
$row_data = ie_explode($row_data, $delimiter, $qualifier);
}
// process the main table data
$sql_data_array = array();
if ($prefs['table_name'] == TABLE_CONTACTS) {
$sql_data_array['type'] = $account_type;
}
foreach ($data[0] as $key => $value) {
if ($key == $prefs['primary_key_field']) {
$key_value = db_input($row_data[$value]);
}
$sql_data_array[$key] = ie_process_the_data($row_data[$value], $element_processing[$value], false);
}
$sql = "select id from " . $prefs['table_name'] . " \r\n\t\t\twhere " . $prefs['primary_key_field'] . " = '" . $key_value . "'";
$found_row = $db->Execute($sql);
if ($found_row->RecordCount()) {
db_perform($prefs['table_name'], $sql_data_array, 'update', $prefs['primary_key_field'] . " = '" . $key_value . "'");
$id = $found_row->fields['id'];
} else {
db_perform($prefs['table_name'], $sql_data_array, 'insert');
$id = db_insert_id();
}
// update the address book, if necessary
if ($use_address_book) {
// fetch the id to use to link addresses to the correct main record
$address_type = array($account_type . 'm' => $mail, $account_type . 's' => $ship, $account_type . 'b' => $bill);
foreach ($address_type as $type => $array_name) {
for ($i = 0; $i < count($array_name); $i++) {
$sql_data_array = array();
foreach ($array_name[$i] as $key => $value) {
if ($key == 'primary_name') {
$key_value = db_input($row_data[$value]);
}
$sql_data_array[$key] = ie_process_the_data($row_data[$value], $element_processing[$value], false);
}
if (count($sql_data_array) > 0) {
// we have data to add to the address book
$sql_data_array['type'] = $type;
$sql_data_array['ref_id'] = $id;
$sql = "select address_id from " . TABLE_ADDRESS_BOOK . " \r\n\t\t\t\t\t\t\twhere type = '" . $sql_data_array['type'] . "' \r\n\t\t\t\t\t\t\tand ref_id = '" . $sql_data_array['ref_id'] . "'";
// uniqueness test for all but mailing addresses (only one mail address allowed per entry)
if ($type != 'm') {
$sql .= " and primary_name = '" . $key_value . "'";
}
$found_row = $db->Execute($sql);
if ($found_row->RecordCount()) {
db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "address_id = '" . $found_row->fields['address_id'] . "'");
} else {
db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'insert');
}
}
}
}
}
}
fclose($handle);
$messageStack->add(TEXT_IMP_ERMSG11, 'success');
return true;
}