function file_replace()
{
global $txpcfg, $extensions, $txp_user, $file_base_path;
extract($txpcfg);
$id = gps('id');
$rs = safe_row('filename', 'txp_file', "id='{$id}'");
if (!$rs) {
file_list(messenger(gTxt('invalid_id'), $id, ''));
return;
}
extract($rs);
$file = file_get_uploaded();
$name = file_get_uploaded_name();
if ($file === false) {
// could not get uploaded file
file_list(gTxt('file_upload_failed') . " {$name} " . upload_get_errormsg($_FILES['file']['error']));
return;
}
if (!$filename) {
file_list(gTxt('invalid_filename'));
} else {
$newpath = build_file_path($file_base_path, $filename);
if (is_file($newpath)) {
rename($newpath, $newpath . '.tmp');
}
if (!shift_uploaded_file($file, $newpath)) {
safe_delete("txp_file", "id='{$id}'");
file_list($newpath . sp . gTxt('upload_dir_perms'));
// rename tmp back
rename($newpath . '.tmp', $newpath);
// remove tmp upload
unlink($file);
} else {
file_set_perm($newpath);
file_edit(messenger('file', $name, 'uploaded'), $id);
// clean up old
if (is_file($newpath . '.tmp')) {
unlink($newpath . '.tmp');
}
}
}
}
function file_replace()
{
global $txpcfg, $extensions, $txp_user, $file_base_path;
extract($txpcfg);
$id = assert_int(gps('id'));
$rs = safe_row('filename', 'txp_file', "id = {$id}");
if (!$rs) {
file_list(messenger(gTxt('invalid_id'), $id, ''));
return;
}
extract($rs);
$file = file_get_uploaded();
$name = file_get_uploaded_name();
if ($file === false) {
// could not get uploaded file
file_list(gTxt('file_upload_failed') . " {$name} " . upload_get_errormsg($_FILES['thefile']['error']));
return;
}
if (!$filename) {
file_list(gTxt('invalid_filename'));
} else {
$newpath = build_file_path($file_base_path, $filename);
if (is_file($newpath)) {
rename($newpath, $newpath . '.tmp');
}
if (!shift_uploaded_file($file, $newpath)) {
safe_delete("txp_file", "id = {$id}");
file_list($newpath . sp . gTxt('upload_dir_perms'));
// rename tmp back
rename($newpath . '.tmp', $newpath);
// remove tmp upload
unlink($file);
} else {
file_set_perm($newpath);
if ($size = filesize($newpath)) {
safe_update('txp_file', 'size = ' . $size . ', modified = now()', 'id = ' . $id);
}
$message = gTxt('file_uploaded', array('{name}' => htmlspecialchars($name)));
file_edit($message, $id);
// clean up old
if (is_file($newpath . '.tmp')) {
unlink($newpath . '.tmp');
}
}
}
}
<?php
include '../../include.php';
if ($posting) {
if ($_GET['doc_id'] == 'new') {
$_GET['doc_id'] = false;
}
if ($uploading) {
$_POST['extension'] = file_type($_FILES['content']['name']);
$_POST['content'] = file_get_uploaded('content');
}
$id = db_save('dl_docs', @$_GET['doc_id']);
db_checkboxes('categories', 'dl_docs_to_categories', 'doc_id', 'category_id', $id);
url_drop('id');
} elseif (url_action('delete')) {
db_delete('dl_docs');
url_drop('id,action');
}
echo drawTop();
if (!empty($_GET['doc_id'])) {
if ($_GET['doc_id'] == 'new') {
$_GET['doc_id'] = false;
}
$f = new form('dl_docs', @$_GET['doc_id'], ($_GET['doc_id'] ? 'Edit' : 'Add') . ' Document');
$f->set_title_prefix($page['breadcrumbs']);
$f->set_field(array('name' => 'title', 'label' => getString('title'), 'type' => 'text'));
$f->unset_fields('extension');
$f->set_field(array('name' => 'content', 'label' => getString('file'), 'type' => 'file', 'additional' => getString('upload_max') . file_get_max()));
$f->set_field(array('name' => 'categories', 'label' => getString('categories'), 'type' => 'checkboxes', 'options_table' => 'dl_categories', 'option_title' => 'title', 'linking_table' => 'dl_docs_to_categories', 'object_id' => 'doc_id', 'option_id' => 'category_id'));
echo $f->draw();
} else {
function file_replace()
{
global $txp_user, $file_base_path;
$id = assert_int(gps('id'));
$rs = safe_row('filename, author', 'txp_file', "id = {$id}");
if (!$rs) {
file_list(array(messenger(gTxt('invalid_id'), $id), E_ERROR));
return;
}
extract($rs);
$filename = sanitizeForFile($filename);
if (!has_privs('file.edit') && !($author === $txp_user && has_privs('file.edit.own'))) {
require_privs();
}
$file = file_get_uploaded();
$name = file_get_uploaded_name();
if ($file === false) {
// Could not get uploaded file.
file_list(array(gTxt('file_upload_failed') . " {$name} " . upload_get_errormsg($_FILES['thefile']['error']), E_ERROR));
return;
}
if (!$filename) {
file_list(array(gTxt('invalid_filename'), E_ERROR));
} else {
$newpath = build_file_path($file_base_path, $filename);
if (is_file($newpath)) {
rename($newpath, $newpath . '.tmp');
}
if (!shift_uploaded_file($file, $newpath)) {
safe_delete("txp_file", "id = {$id}");
file_list(array($newpath . sp . gTxt('upload_dir_perms'), E_ERROR));
// Rename tmp back.
rename($newpath . '.tmp', $newpath);
// Remove tmp upload.
unlink($file);
} else {
file_set_perm($newpath);
update_lastmod('file_replaced', compact('id', 'filename'));
if ($size = filesize($newpath)) {
safe_update('txp_file', 'size = ' . $size . ', modified = now()', 'id = ' . $id);
}
file_edit(gTxt('file_uploaded', array('{name}' => $name)), $id);
// Clean up old.
if (is_file($newpath . '.tmp')) {
unlink($newpath . '.tmp');
}
}
}
}
<?php
include '../include.php';
if ($posting) {
error_debug('user is posting', __FILE__, __LINE__);
if ($uploading) {
list($_POST['content'], $_POST['type_id']) = file_get_uploaded('content', 'docs_types');
}
langTranslatePost('title,description');
$id = db_save('docs');
//debug();
db_checkboxes('categories', 'docs_to_categories', 'documentID', 'categoryID', $id);
if (getOption('channels')) {
db_checkboxes('channels', 'docs_to_channels', 'doc_id', 'channel_id', $id);
}
url_change('info.php?id=' . $id);
}
if (url_id()) {
$d = db_grab('SELECT title, description FROM docs WHERE id = ' . $_GET['id']);
$pageAction = getString('edit');
} else {
$pageAction = getString('add_new');
}
echo drawTop();
//load code for JS
$extensions = array();
$doctypes = array();
$types = db_query('SELECT description, extension FROM docs_types ORDER BY description');
while ($t = db_fetch($types)) {
$extensions[] = '(extension != "' . $t['extension'] . '")';
$doctypes[] = ' - ' . $t['description'] . ' (.' . $t['extension'] . ')';
<?php
if (isset($_josh)) {
//included
$_josh["request"]["path_query"] = "/news/edit.php";
} else {
//page loaded on its own
include "../../include.php";
if ($posting) {
if (isset($_FILES["content"]["name"]) && !empty($_FILES["content"]["name"])) {
list($_POST["content"], $_POST["fileTypeID"]) = file_get_uploaded("content", "docs_types");
}
if (isset($_FILES["image"]["name"]) && !empty($_FILES["image"]["name"])) {
list($_POST["image"], $_POST["imageTypeID"]) = file_get_uploaded("image", "docs_types");
//die($_POST["image"]);
}
$id = db_save("news_stories");
db_checkboxes("corporationID", "news_stories_to_organizations", "newsID", "organizationID", $id);
url_change("./?id=" . $id);
}
echo drawTop();
$r = db_grab("SELECT \n\t\tn.headline,\n\t\tn.outlet,\n\t\tn.pubdate,\n\t\tn.url,\n\t\tn.description\n\t\tFROM news_stories n\n\t\tWHERE id = " . $_GET["id"]);
}
$form = new intranet_form();
$form->addCheckboxes("corporationID", "Organization", "organizations", "news_stories_to_organizations", "newsID", "organizationID", @$_GET["id"]);
$form->addRow("itext", "Headline", "headline", @$r["headline"], "", true, 255);
$form->addRow("itext", "News Outlet", "outlet", @$r["outlet"], "", true, 255);
$form->addRow("date", "Date", "pubdate", @$r["pubdate"], "", true);
$form->addRow("file", "Image<br>(optional)", "image", "", "", false);
$form->addRow("file", "File<br>(optional)", "content", "", "", true);
$form->addRow("itext", "URL<br>(optional)", "url", @$r["url"], "", false, 255);
WHERE t.id = ' . $_GET['id']))) {
url_change('./');
}
if ($r["statusID"] != 9) {
//open
$typeRequired = false;
} elseif (!$r["type_id"]) {
//closed, no type
$typeRequired = false;
} else {
$typeRequired = true;
}
//$page['is_admin'] = ($page['is_admin'] && ($r["departmentID"] == $_SESSION["departmentID"])) ? true : false;
if ($uploading) {
//upload an attachment
$_POST['content'] = file_get_uploaded('userfile');
$_POST['extension'] = file_ext($_FILES['userfile']['name']);
$_POST["ticketID"] = $_GET["id"];
$id = db_save('helpdesk_tickets_attachments', false);
url_change();
} elseif ($posting) {
//add a comment
//auto-assign ticket if unassigned and followup poster is an IT admin
$followupAdmin = !empty($_POST['is_admin']) ? 1 : 0;
if ($page['is_admin'] && !$followupAdmin && empty($r["ownerID"])) {
//set to it staff assigned if no status
if ($r["statusID"] == 1) {
$r["statusID"] = 2;
}
db_query('UPDATE helpdesk_tickets SET ownerID = ' . user() . ', statusID = ' . $r["statusID"] . ', updated_date = GETDATE() WHERE id = ' . $_GET['id']);
}
<?php
include '../include.php';
if ($posting) {
//debug();
//check to make sure email not already assigned to an active user
if (!$editing && ($id = db_grab('SELECT id FROM users WHERE is_active = 1 AND email = "' . $_POST['email'] . '"'))) {
url_change('view.php?id=' . $id);
}
langTranslatePost('bio,title');
if (!getOption('languages')) {
$_POST['language_id'] = 1;
}
if ($uploading) {
$_POST['image_large'] = format_image_resize(file_get_uploaded('image_large'), 240);
$_POST['image_medium'] = format_image_resize($_POST['image_large'], 135);
$_POST['image_small'] = format_image_resize($_POST['image_large'], 50);
}
//check for long distance codes
if (getOption('staff_ldcode')) {
if ($_POST['officeID'] == 1) {
if (!url_id() || !db_grab('SELECT longDistanceCode FROM users WHERE id = ' . url_id())) {
//user doesn't have a long distance code but needs one
if (!($code = db_grab('SELECT l.code FROM ldcodes l WHERE (SELECT COUNT(*) FROM users u WHERE u.longDistanceCode = l.code AND u.is_active = 1) = 0'))) {
error_hande('out of codes', 'the intranet is out of long distance codes to assign to new users, such as for ' . $_POST['firstname'] . ' ' . $_POST['lastname']);
} else {
$_POST['longDistanceCode'] = $code;
}
}
}
}
<?php
include "../../include.php";
if ($posting) {
if ($uploading) {
list($_POST["type_id"], $_POST["content"]) = file_get_uploaded("userfile", "docs_types");
}
$id = db_save("policy_docs");
url_change("../?category=" . $_POST["categoryID"]);
}
echo drawTop();
$types = db_query("SELECT description, extension FROM docs_types ORDER BY description");
$extensions = $doctypes = $array = array();
while ($t = db_fetch($types)) {
$extensions[] = '(extension != "' . $t["extension"] . '")';
$doctypes[] = " - " . $t["description"] . " (." . $t["extension"] . ")";
$array[] = "'" . $t["extension"] . "'";
}
$array = implode(",", $array);
echo draw_javascript("\n\tfunction suggestName(which) {\n\t\t//var types = new Array(" . $array . ");\n\t\tvar fileParts = which.value.split('.');\n\t\tvar extension\t= fileParts.pop();\n\t\tvar filename\t= fileParts.join(' ');\n\n\t\tif (!url_id()) which.form.name.value = format_title(filename);\n\t}\n\t\n\tfunction validate() {\n\t\treturn true;\n\t}\n");
$form = new intranet_form();
//function addRow($type, $title, $name="", $value="", $default="", $required=false, $maxlength=50, $onchange=false) {
$form->addRow("file", "Document", "userfile", "", "", true, false, "suggestName(this);");
$form->addRow("itext", "Name", "name", @$r["name"], "", true, 50);
$form->addRow("select", "Category", "categoryID", "SELECT id, description FROM policy_categories ORDER BY description", @$r["categoryID"], true);
$form->addRow("submit", "Save Changes");
if (isset($_GET["id"])) {
$form->draw("<a href='/policy/?category=1'>Policy</a> > Edit Policy Document");
} else {
$form->draw("<a href='/policy/?category=1'>Policy</a> > Add New Policy Document");
}
