if ($action == "quickupload") { check_token("WHMCS.admin.default"); if (!checkPermission("Edit Products/Services", true)) { exit("Access Denied"); } $categorieslist = ""; buildCategoriesList(0, 0); echo "<form method=\"post\" action=\"configproducts.php?action=uploadfile&id=" . $id . "\" id=\"quickuploadfrm\" enctype=\"multipart/form-data\">\n" . generate_token("form") . "\n<table width=\"100%\">\n<tr><td width=\"80\">Category:</td><td><select name=\"catid\" style=\"width:95%;\">" . $categorieslist . "</select></td></tr>\n<tr><td>Title:</td><td><input type=\"text\" name=\"title\" style=\"width:95%;\" /></td></tr>\n<tr><td>Description:</td><td><input type=\"text\" name=\"description\" style=\"width:95%;\" /></td></tr>\n<tr><td>Choose File:</td><td><input type=\"file\" name=\"uploadfile\" style=\"width:95%;\" /></td></tr>\n</table>\n</form>"; exit; } if ($action == "uploadfile") { check_token("WHMCS.admin.default"); if (!checkPermission("Edit Products/Services", true)) { exit("Access Denied"); } if (!isFileNameSafe($_FILES['uploadfile']['name'])) { $aInt->gracefulExit("Invalid upload filename. Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters."); exit; } $filename = $_FILES['uploadfile']['name']; if (!$filename) { redir("action=edit&id=" . $id . "&tab=7"); } move_uploaded_file($_FILES['uploadfile']['tmp_name'], $downloads_dir . $filename); $adddl = insert_query("tbldownloads", array("category" => $catid, "type" => "zip", "title" => $title, "description" => html_entity_decode($description), "location" => $filename, "clientsonly" => "on", "productdownload" => "on")); logActivity("Added New Product Download - " . $title); $result = select_query("tblproducts", "downloads", array("id" => $id)); $data = mysql_fetch_array($result); $downloads = $data['downloads']; $downloads = unserialize($downloads); if (!is_array($downloads)) {
function uploadTicketAttachments($admin = false) { global $attachments_dir; $attachments = ""; if ($_FILES['attachments']) { foreach ($_FILES['attachments']['name'] as $num => $filename) { if (empty($_FILES['attachments']['name']) || empty($_FILES['attachments']['name'][$num])) { continue; } if (!isFileNameSafe($_FILES['attachments']['name'][$num])) { exit("Invalid upload filename. Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters."); } $filename = trim($filename); if ($filename) { $filename = preg_replace("/[^a-zA-Z0-9-_. ]/", "", $filename); $validextension = checkTicketAttachmentExtension($filename); if ($validextension || $admin) { mt_srand(time()); $rand = mt_rand(100000, 999999); $newfilename = $rand . "_" . $filename; while (file_exists($attachments_dir . $newfilename)) { mt_srand(time()); $rand = mt_rand(100000, 999999); $newfilename = $rand . "_" . $filename; } move_uploaded_file($_FILES['attachments']['tmp_name'][$num], $attachments_dir . $newfilename); $attachments .= $newfilename . "|"; continue; } continue; } } $attachments = substr($attachments, 0, 0 - 1); } return $attachments; }
if ($save == "on") { insert_query("tblemailtemplates", array("type" => $type, "name" => $savename, "subject" => html_entity_decode($subject), "message" => html_entity_decode($message), "fromname" => html_entity_decode($fromname), "fromemail" => $fromemail, "copyto" => $cc, "custom" => "1")); echo "<p>" . $aInt->lang("sendmessage", "msgsavedsuccess") . "</p>"; } if (!$step) { delete_query("tblemailtemplates", array("name" => "Mass Mail Template")); insert_query("tblemailtemplates", array("type" => $type, "name" => "Mass Mail Template", "subject" => html_entity_decode($subject), "message" => html_entity_decode($message), "fromname" => html_entity_decode($fromname), "fromemail" => $fromemail, "copyto" => $cc)); $_SESSION['massmail']['massmailamount'] = $massmailamount; $_SESSION['massmail']['massmailinterval'] = $massmailinterval; $_SESSION['massmail']['attachments'] = array(); if (is_array($_FILES['attachments'])) { foreach ($_FILES['attachments']['name'] as $num => $displayname) { if (empty($_FILES['attachments']['name']) || empty($_FILES['attachments']['name'][$num])) { continue; } if (!isFileNameSafe($_FILES['attachments']['name'][$num])) { $aInt->gracefulExit("Invalid upload filename. Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters."); exit; } $filename = preg_replace("/[^a-zA-Z0-9-_. ]/", "", $displayname); if ($filename) { mt_srand(time()); $rand = mt_rand(100000, 999999); $filename = "attach" . $rand . "_" . $filename; move_uploaded_file($_FILES['attachments']['tmp_name'][$num], $attachments_dir . $filename); $_SESSION['massmail']['attachments'][] = $filename; continue; } } } $step = 0;