function file_replace() { global $txpcfg, $extensions, $txp_user, $file_base_path; extract($txpcfg); $id = gps('id'); $rs = safe_row('filename', 'txp_file', "id='{$id}'"); if (!$rs) { file_list(messenger(gTxt('invalid_id'), $id, '')); return; } extract($rs); $file = file_get_uploaded(); $name = file_get_uploaded_name(); if ($file === false) { // could not get uploaded file file_list(gTxt('file_upload_failed') . " {$name} " . upload_get_errormsg($_FILES['file']['error'])); return; } if (!$filename) { file_list(gTxt('invalid_filename')); } else { $newpath = build_file_path($file_base_path, $filename); if (is_file($newpath)) { rename($newpath, $newpath . '.tmp'); } if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id='{$id}'"); file_list($newpath . sp . gTxt('upload_dir_perms')); // rename tmp back rename($newpath . '.tmp', $newpath); // remove tmp upload unlink($file); } else { file_set_perm($newpath); file_edit(messenger('file', $name, 'uploaded'), $id); // clean up old if (is_file($newpath . '.tmp')) { unlink($newpath . '.tmp'); } } } }
function file_replace() { global $txpcfg, $extensions, $txp_user, $file_base_path; extract($txpcfg); $id = assert_int(gps('id')); $rs = safe_row('filename', 'txp_file', "id = {$id}"); if (!$rs) { file_list(messenger(gTxt('invalid_id'), $id, '')); return; } extract($rs); $file = file_get_uploaded(); $name = file_get_uploaded_name(); if ($file === false) { // could not get uploaded file file_list(gTxt('file_upload_failed') . " {$name} " . upload_get_errormsg($_FILES['thefile']['error'])); return; } if (!$filename) { file_list(gTxt('invalid_filename')); } else { $newpath = build_file_path($file_base_path, $filename); if (is_file($newpath)) { rename($newpath, $newpath . '.tmp'); } if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id = {$id}"); file_list($newpath . sp . gTxt('upload_dir_perms')); // rename tmp back rename($newpath . '.tmp', $newpath); // remove tmp upload unlink($file); } else { file_set_perm($newpath); if ($size = filesize($newpath)) { safe_update('txp_file', 'size = ' . $size . ', modified = now()', 'id = ' . $id); } $message = gTxt('file_uploaded', array('{name}' => htmlspecialchars($name))); file_edit($message, $id); // clean up old if (is_file($newpath . '.tmp')) { unlink($newpath . '.tmp'); } } } }
<?php include '../../include.php'; if ($posting) { if ($_GET['doc_id'] == 'new') { $_GET['doc_id'] = false; } if ($uploading) { $_POST['extension'] = file_type($_FILES['content']['name']); $_POST['content'] = file_get_uploaded('content'); } $id = db_save('dl_docs', @$_GET['doc_id']); db_checkboxes('categories', 'dl_docs_to_categories', 'doc_id', 'category_id', $id); url_drop('id'); } elseif (url_action('delete')) { db_delete('dl_docs'); url_drop('id,action'); } echo drawTop(); if (!empty($_GET['doc_id'])) { if ($_GET['doc_id'] == 'new') { $_GET['doc_id'] = false; } $f = new form('dl_docs', @$_GET['doc_id'], ($_GET['doc_id'] ? 'Edit' : 'Add') . ' Document'); $f->set_title_prefix($page['breadcrumbs']); $f->set_field(array('name' => 'title', 'label' => getString('title'), 'type' => 'text')); $f->unset_fields('extension'); $f->set_field(array('name' => 'content', 'label' => getString('file'), 'type' => 'file', 'additional' => getString('upload_max') . file_get_max())); $f->set_field(array('name' => 'categories', 'label' => getString('categories'), 'type' => 'checkboxes', 'options_table' => 'dl_categories', 'option_title' => 'title', 'linking_table' => 'dl_docs_to_categories', 'object_id' => 'doc_id', 'option_id' => 'category_id')); echo $f->draw(); } else {
function file_replace() { global $txp_user, $file_base_path; $id = assert_int(gps('id')); $rs = safe_row('filename, author', 'txp_file', "id = {$id}"); if (!$rs) { file_list(array(messenger(gTxt('invalid_id'), $id), E_ERROR)); return; } extract($rs); $filename = sanitizeForFile($filename); if (!has_privs('file.edit') && !($author === $txp_user && has_privs('file.edit.own'))) { require_privs(); } $file = file_get_uploaded(); $name = file_get_uploaded_name(); if ($file === false) { // Could not get uploaded file. file_list(array(gTxt('file_upload_failed') . " {$name} " . upload_get_errormsg($_FILES['thefile']['error']), E_ERROR)); return; } if (!$filename) { file_list(array(gTxt('invalid_filename'), E_ERROR)); } else { $newpath = build_file_path($file_base_path, $filename); if (is_file($newpath)) { rename($newpath, $newpath . '.tmp'); } if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id = {$id}"); file_list(array($newpath . sp . gTxt('upload_dir_perms'), E_ERROR)); // Rename tmp back. rename($newpath . '.tmp', $newpath); // Remove tmp upload. unlink($file); } else { file_set_perm($newpath); update_lastmod('file_replaced', compact('id', 'filename')); if ($size = filesize($newpath)) { safe_update('txp_file', 'size = ' . $size . ', modified = now()', 'id = ' . $id); } file_edit(gTxt('file_uploaded', array('{name}' => $name)), $id); // Clean up old. if (is_file($newpath . '.tmp')) { unlink($newpath . '.tmp'); } } } }
<?php include '../include.php'; if ($posting) { error_debug('user is posting', __FILE__, __LINE__); if ($uploading) { list($_POST['content'], $_POST['type_id']) = file_get_uploaded('content', 'docs_types'); } langTranslatePost('title,description'); $id = db_save('docs'); //debug(); db_checkboxes('categories', 'docs_to_categories', 'documentID', 'categoryID', $id); if (getOption('channels')) { db_checkboxes('channels', 'docs_to_channels', 'doc_id', 'channel_id', $id); } url_change('info.php?id=' . $id); } if (url_id()) { $d = db_grab('SELECT title, description FROM docs WHERE id = ' . $_GET['id']); $pageAction = getString('edit'); } else { $pageAction = getString('add_new'); } echo drawTop(); //load code for JS $extensions = array(); $doctypes = array(); $types = db_query('SELECT description, extension FROM docs_types ORDER BY description'); while ($t = db_fetch($types)) { $extensions[] = '(extension != "' . $t['extension'] . '")'; $doctypes[] = ' - ' . $t['description'] . ' (.' . $t['extension'] . ')';
<?php if (isset($_josh)) { //included $_josh["request"]["path_query"] = "/news/edit.php"; } else { //page loaded on its own include "../../include.php"; if ($posting) { if (isset($_FILES["content"]["name"]) && !empty($_FILES["content"]["name"])) { list($_POST["content"], $_POST["fileTypeID"]) = file_get_uploaded("content", "docs_types"); } if (isset($_FILES["image"]["name"]) && !empty($_FILES["image"]["name"])) { list($_POST["image"], $_POST["imageTypeID"]) = file_get_uploaded("image", "docs_types"); //die($_POST["image"]); } $id = db_save("news_stories"); db_checkboxes("corporationID", "news_stories_to_organizations", "newsID", "organizationID", $id); url_change("./?id=" . $id); } echo drawTop(); $r = db_grab("SELECT \n\t\tn.headline,\n\t\tn.outlet,\n\t\tn.pubdate,\n\t\tn.url,\n\t\tn.description\n\t\tFROM news_stories n\n\t\tWHERE id = " . $_GET["id"]); } $form = new intranet_form(); $form->addCheckboxes("corporationID", "Organization", "organizations", "news_stories_to_organizations", "newsID", "organizationID", @$_GET["id"]); $form->addRow("itext", "Headline", "headline", @$r["headline"], "", true, 255); $form->addRow("itext", "News Outlet", "outlet", @$r["outlet"], "", true, 255); $form->addRow("date", "Date", "pubdate", @$r["pubdate"], "", true); $form->addRow("file", "Image<br>(optional)", "image", "", "", false); $form->addRow("file", "File<br>(optional)", "content", "", "", true); $form->addRow("itext", "URL<br>(optional)", "url", @$r["url"], "", false, 255);
WHERE t.id = ' . $_GET['id']))) { url_change('./'); } if ($r["statusID"] != 9) { //open $typeRequired = false; } elseif (!$r["type_id"]) { //closed, no type $typeRequired = false; } else { $typeRequired = true; } //$page['is_admin'] = ($page['is_admin'] && ($r["departmentID"] == $_SESSION["departmentID"])) ? true : false; if ($uploading) { //upload an attachment $_POST['content'] = file_get_uploaded('userfile'); $_POST['extension'] = file_ext($_FILES['userfile']['name']); $_POST["ticketID"] = $_GET["id"]; $id = db_save('helpdesk_tickets_attachments', false); url_change(); } elseif ($posting) { //add a comment //auto-assign ticket if unassigned and followup poster is an IT admin $followupAdmin = !empty($_POST['is_admin']) ? 1 : 0; if ($page['is_admin'] && !$followupAdmin && empty($r["ownerID"])) { //set to it staff assigned if no status if ($r["statusID"] == 1) { $r["statusID"] = 2; } db_query('UPDATE helpdesk_tickets SET ownerID = ' . user() . ', statusID = ' . $r["statusID"] . ', updated_date = GETDATE() WHERE id = ' . $_GET['id']); }
<?php include '../include.php'; if ($posting) { //debug(); //check to make sure email not already assigned to an active user if (!$editing && ($id = db_grab('SELECT id FROM users WHERE is_active = 1 AND email = "' . $_POST['email'] . '"'))) { url_change('view.php?id=' . $id); } langTranslatePost('bio,title'); if (!getOption('languages')) { $_POST['language_id'] = 1; } if ($uploading) { $_POST['image_large'] = format_image_resize(file_get_uploaded('image_large'), 240); $_POST['image_medium'] = format_image_resize($_POST['image_large'], 135); $_POST['image_small'] = format_image_resize($_POST['image_large'], 50); } //check for long distance codes if (getOption('staff_ldcode')) { if ($_POST['officeID'] == 1) { if (!url_id() || !db_grab('SELECT longDistanceCode FROM users WHERE id = ' . url_id())) { //user doesn't have a long distance code but needs one if (!($code = db_grab('SELECT l.code FROM ldcodes l WHERE (SELECT COUNT(*) FROM users u WHERE u.longDistanceCode = l.code AND u.is_active = 1) = 0'))) { error_hande('out of codes', 'the intranet is out of long distance codes to assign to new users, such as for ' . $_POST['firstname'] . ' ' . $_POST['lastname']); } else { $_POST['longDistanceCode'] = $code; } } } }
<?php include "../../include.php"; if ($posting) { if ($uploading) { list($_POST["type_id"], $_POST["content"]) = file_get_uploaded("userfile", "docs_types"); } $id = db_save("policy_docs"); url_change("../?category=" . $_POST["categoryID"]); } echo drawTop(); $types = db_query("SELECT description, extension FROM docs_types ORDER BY description"); $extensions = $doctypes = $array = array(); while ($t = db_fetch($types)) { $extensions[] = '(extension != "' . $t["extension"] . '")'; $doctypes[] = " - " . $t["description"] . " (." . $t["extension"] . ")"; $array[] = "'" . $t["extension"] . "'"; } $array = implode(",", $array); echo draw_javascript("\n\tfunction suggestName(which) {\n\t\t//var types = new Array(" . $array . ");\n\t\tvar fileParts = which.value.split('.');\n\t\tvar extension\t= fileParts.pop();\n\t\tvar filename\t= fileParts.join(' ');\n\n\t\tif (!url_id()) which.form.name.value = format_title(filename);\n\t}\n\t\n\tfunction validate() {\n\t\treturn true;\n\t}\n"); $form = new intranet_form(); //function addRow($type, $title, $name="", $value="", $default="", $required=false, $maxlength=50, $onchange=false) { $form->addRow("file", "Document", "userfile", "", "", true, false, "suggestName(this);"); $form->addRow("itext", "Name", "name", @$r["name"], "", true, 50); $form->addRow("select", "Category", "categoryID", "SELECT id, description FROM policy_categories ORDER BY description", @$r["categoryID"], true); $form->addRow("submit", "Save Changes"); if (isset($_GET["id"])) { $form->draw("<a href='/policy/?category=1'>Policy</a> > Edit Policy Document"); } else { $form->draw("<a href='/policy/?category=1'>Policy</a> > Add New Policy Document"); }