function nf_check4files($projectid, $taskid, $fieldname)
{
global $_FILES, $_CONF, $_TABLES, $_USER, $CONF_NF, $LANG_GF00;
$errmsg = '';
$uploadfile = $_FILES[$fieldname];
// Check if there is a request to delete any attachments
if (isset($_POST['chk_removeattachment'])) {
foreach ($_POST['chk_removeattachment'] as $id) {
$filename = DB_getItem($_TABLES['nf_projectattachments'], 'filename', "id={$id}");
$parts = explode(':', $filename);
COM_errorLog("{$CONF_NF['uploadpath']}/{$parts[0]}");
DB_query("DELETE FROM {$_TABLES['nf_projectattachments']} WHERE id={$id}");
@unlink("{$CONF_NF['uploadpath']}/{$parts[0]}");
}
}
if ($uploadfile['name'] != '') {
$uploadfilename = ppRandomFilename();
$pos = strrpos($uploadfile['name'], '.') + 1;
$ext = strtolower(substr($uploadfile['name'], $pos));
$filename = "{$uploadfilename}.{$ext}";
COM_errorlog("Workflow file upload: Original file: {$uploadfile['name']} and new filename: {$filename}");
$filestore_path = $CONF_NF['uploadpath'];
if (nf_uploadfile($filename, $uploadfile, $CONF_NF['allowablefiletypes'], $filestore_path)) {
// Store both the created filename and the real file source filename
$filename = "{$filename}:{$uploadfile['name']}";
DB_query("INSERT INTO {$_TABLES['nf_projectattachments']} (project_id,task_id,fieldname,filename)\r\n VALUES ({$projectid},{$taskid},'{$fieldname}','{$filename}')");
} else {
COM_errorlog("upload error:" . $GLOBALS['nf_errmsg']);
$errmsg = $GLOBALS['nf_errmsg'];
}
}
return $errmsg;
}
function upload_file()
{
global $CONF_FE, $_TABLES, $GLOBALS, $_CONF;
//upload the file
$field_name = COM_applyFilter($_POST['current_upload_file']);
$result_id = COM_applyFilter($_POST['res_id'], true);
$form_id = COM_applyFilter($_POST['form_id'], true);
$uploadfile = $_FILES[$field_name];
$fieldID = COM_applyFilter($_REQUEST['field_id'], true);
if ($result_id == 0) {
//form has not been saved yet
$result_id = nexform_dbsave($form_id, 0, false);
}
if (($rec = nexform_check4files($result_id, $field_name)) != 0) {
$retval = '';
$retval .= " <a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">";
$retval .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$uploadfile['name'][0]}</a> ";
$edit_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$form_id}'");
if (SEC_inGroup($edit_group)) {
$retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$field_name}\"); return false;'>";
$retval .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a> ";
}
$iserror = 'false';
} else {
//COM_fileLog("upload error:" . $GLOBALS['fe_errmsg']);
$errmsg = $GLOBALS['fe_errmsg'];
$err_fieldname = 'error_' . ppRandomFilename();
$retval = '';
if ($errmsg == '') {
$errmsg = 'Your file could not be uploaded.';
}
$retval .= "<table id=\"tbl_{$err_fieldname}\"><tr id=\"{$err_fieldname}\"><td><img src=\"{$_CONF['layout_url']}/nexform/images/error.gif\"></td><td>{$errmsg}<br><center><font size=\"1\"><a href=\"#\" onClick=\"ajaxClearErrorMessage('{$err_fieldname}'); return false;\">[ Clear Message ]</a></font></center></td></tr></table>";
$iserror = 'true';
}
return array($retval, $fieldID, $field_name, $form_id, $result_id, $iserror);
}
function nexform_check4files($result_id = 0, $single_file = '')
{
global $_CONF, $_TABLES, $CONF_FE, $LANG_FE_ERR;
if ($CONF_FE['debug']) {
COM_errorLog("Check4files - result_id:{$result_id}");
}
/* Check if custom hidden field is used on the form to specify allowable file types */
if ($uploadFileTypesAllowed != '' and !is_array($allowablefiletypes)) {
$formtypes = explode(',', $uploadFileTypesAllowed);
$allowablefiletypes = array();
foreach ($CONF_FE['allowablefiletypes'] as $key => $haystack) {
foreach ($formtypes as $needle) {
if (strpos($haystack, $needle) !== false) {
$allowablefiletypes[$key] = $haystack;
} else {
}
}
}
}
if (!is_array($allowablefiletypes)) {
$allowablefiletypes = $CONF_FE['allowablefiletypes'];
}
foreach ($_FILES as $var => $uploadfile) {
if ($single_file != '' and $single_file != $var) {
continue;
}
if ($uploadfile['size'][0] <= 0 and $single_file != '') {
return false;
}
/* The variable names contain the fieldtype and fieldid */
/* XXX_frm{formid}_{fieldid} - where XXX is the fieldtype */
$parts = explode('_', $var);
$fieldtype = $parts[0];
$field_id = (int) $parts[2];
$is_dynamicfield_result = false;
if (isset($parts[4])) {
$dynamicFieldInstance = $parts['4'];
$sfield_id = (int) $parts['2'];
$field_id = (int) $parts['3'];
$instance = (int) $parts['4'];
$is_dynamicfield_result = true;
$dynamicForm = DB_getItem($_TABLES['nxform_fields'], 'formid', "id='{$field_id}'");
// Get the results currently recorded for the source form field
$dynamicResults = explode('|', DB_getItem($_TABLES['nxform_resdata'], 'field_data', "result_id='{$result_id}' AND field_id='{$sfield_id}'"));
// Check if this instance of the dynamic form is already created as a result.
if (isset($dynamicResults[$instance]) and $dynamicResults[0] != '' and count($dynamicResults) > 0) {
$dynamicResult = $dynamicResults[$instance];
} else {
// User must be submitting the form with a new instance of this dynamic subform (field)
// Need to create a new result record and update relating fields with the new resultid
DB_query("INSERT INTO {$_TABLES['nxform_results']} (form_id,uid,date)\r\n VALUES ('{$dynamicForm}','{$userid}','{$date}') ");
$dynamicResult = DB_insertID();
$dynamicResults[$instance] = $dynamicResult;
$relatedFieldResults = implode('|', $dynamicResults);
DB_query("UPDATE {$_TABLES['nxform_resdata']} set field_data = '{$relatedFieldResults}' WHERE result_id='{$result_id}' AND field_id='{$sfield_id}'");
// Now need to update the related Results field in the main results records
}
} else {
$field_id = (int) $parts['2'];
$is_dynamicfield_result = false;
}
if (is_array($uploadfile['name'])) {
/* Skip if no files uploaded in the multi-file field */
if ($uploadfile[name][0] != '') {
for ($i = 0; $i < count($uploadfile[name]); $i++) {
/* Upload class is not expecting an array of upload files - so pass a single associative array */
$upload_newfile = array('name' => $uploadfile['name'][$i], 'type' => $uploadfile['type'][$i], 'tmp_name' => $uploadfile['tmp_name'][$i], 'error' => $uploadfile['error'][$i], 'size' => $uploadfile['size'][$i]);
$uploadfilename = ppRandomFilename();
$pos = strrpos($uploadfile['name'][$i], '.') + 1;
$ext = strtolower(substr($uploadfile['name'][$i], $pos));
$filename = "{$uploadfilename}.{$ext}";
if ($CONF_FE['debug']) {
COM_errorLog("Mfile upload: Original file: {$uploadfile['name'][$i]} and new filename: {$filename}");
}
if (nexform_uploadfile($filename, $upload_newfile, $allowablefiletypes)) {
// Store both the created filename and the real file source filename
$realfilename = $filename;
$filename = "{$filename}:{$upload_newfile['name']}";
if ($is_dynamicfield_result) {
DB_query("INSERT INTO {$_TABLES['nxform_resdata']} (result_id,field_id,field_data,is_dynamicfield_result)\r\n VALUES ('{$dynamicResult}','{$field_id}','{$filename}',1) ");
if ($single_file != '') {
$retval = DB_insertID();
}
} else {
DB_query("INSERT INTO {$_TABLES['nxform_resdata']} (result_id,field_id,field_data)\r\n VALUES ('{$result_id}','{$field_id}','{$filename}') ");
if ($single_file != '') {
$retval = DB_insertID();
}
}
} else {
COM_errorLog("upload error:" . $GLOBALS['fe_errmsg']);
$errmsg = $GLOBALS['fe_errmsg'];
return false;
}
}
}
} else {
if ($uploadfile['size'] > 0 and $uploadfile['name'] != '') {
$uploadfilename = ppRandomFilename();
$pos = strrpos($uploadfile['name'], '.') + 1;
$ext = strtolower(substr($uploadfile['name'], $pos));
$filename = "{$uploadfilename}.{$ext}";
if ($CONF_FE['debug']) {
COM_errorLog("Upload file - random name: {$filename}");
}
if (nexform_uploadfile($filename, $uploadfile, $allowablefiletypes)) {
// Store both the created filename and the real file source filename
$realfilename = $filename;
$filename = "{$filename}:{$uploadfile['name']}";
if (DB_count($_TABLES['nxform_resdata'], array('result_id', 'field_id'), array($dynamicResult, $field_id)) > 0) {
DB_query("UPDATE {$_TABLES['nxform_resdata']} set field_data = '{$filename}' WHERE result_id='{$dynamicResult}' AND field_id='{$field_id}'");
} else {
if ($is_dynamicfield_result) {
if (DB_count($_TABLES['nxform_resdata'], array('result_id', 'field_id'), array($dynamicResult, $field_id)) > 0) {
DB_query("UPDATE {$_TABLES['nxform_resdata']} set field_data = '{$filename}' WHERE result_id='{$dynamicResult}' AND field_id='{$field_id}'");
} else {
DB_query("INSERT INTO {$_TABLES['nxform_resdata']} (result_id,field_id,field_data,is_dynamicfield_result)\r\n VALUES ('{$dynamicResult}','{$field_id}','{$filename}',1) ");
}
} else {
DB_query("INSERT INTO {$_TABLES['nxform_resdata']} (result_id,field_id,field_data)\r\n VALUES ('{$result_id}','{$field_id}','{$filename}') ");
}
}
} else {
COM_errorLog("upload error:" . $GLOBALS['fe_errmsg']);
$errmsg = $GLOBALS['fe_errmsg'];
return false;
break;
}
}
}
}
if ($retval != 0) {
return $retval;
} else {
return true;
}
}
function gf_check4files($id, $tempfile = false)
{
global $_FILES, $_CONF, $_TABLES, $_USER, $CONF_FORUM, $LANG_GF00;
global $_FM_TABLES, $CONF_FORUM, $filemgmt_FileStore;
$filelinks = '';
$uploadfile = $_FILES['file_forum'];
$cid = COM_applyFilter($_POST['filemgmtcat'], true);
$use_filestore = false;
if ($uploadfile['name'] != '') {
if ($_POST['chk_usefilemgmt'] == 1 and $cid > 0) {
$filename = $uploadfile['name'];
$pos = strrpos($uploadfile['name'], '.') + 1;
$ext = strtolower(substr($uploadfile['name'], $pos));
$use_filestore = true;
} else {
$uploadfilename = ppRandomFilename();
$pos = strrpos($uploadfile['name'], '.') + 1;
$ext = strtolower(substr($uploadfile['name'], $pos));
$filename = "{$uploadfilename}.{$ext}";
//COM_errorlog("Forum file upload: Original file: {$uploadfile['name']} and new filename: $filename");
}
if ($use_filestore) {
if ($CONF_FORUM['FM_PLUGIN'] == 'filemgmt') {
$filestore_path = $filemgmt_FileStore;
} elseif ($CONF_FORUM['FM_PLUGIN'] == 'nexfile') {
$filestore_path = $_CONF['path_html'] . 'nexfile/data/' . $cid . '/';
} else {
$filestore_path = $CONF_FORUM['uploadpath'];
}
} else {
$filestore_path = $CONF_FORUM['uploadpath'];
}
if (gf_uploadfile($filename, $uploadfile, $CONF_FORUM['allowablefiletypes'], $filestore_path)) {
if (array_key_exists($uploadfile['type'], $CONF_FORUM['inlineimageypes']) and function_exists(MG_resizeImage)) {
if ($_POST['chk_usefilemgmt'] == 1) {
$srcImage = "{$filemgmt_FileStore}{$filename}";
$destImage = "{$CONF_FORUM['uploadpath']}/tn/{$filename}";
} else {
$srcImage = "{$CONF_FORUM['uploadpath']}/{$filename}";
$destImage = "{$CONF_FORUM['uploadpath']}/tn/{$uploadfilename}.{$ext}";
}
$ret = MG_resizeImage($srcImage, $destImage, $CONF_FORUM['inlineimage_height'], $CONF_FORUM['inlineimage_width']);
}
// Store both the created filename and the real file source filename
$realfilename = $filename;
$filename = "{$filename}:{$uploadfile['name']}";
if ($tempfile) {
$temp = 1;
} else {
$temp = 0;
}
if ($use_filestore) {
// Check and see if nexfile or the filemgmt plugin is being used
if ($CONF_FORUM['FM_PLUGIN'] == 'nexfile') {
DB_query("INSERT INTO {$_TABLES['fm_files']} (cid,fname,title,version,ftype,size,submitter,status,date)\r\n VALUES ('{$cid}','{$realfilename}','{$realfilename}','1','file','{$uploadfile['size']}','{$_USER['uid']}','1',UNIX_TIMESTAMP())");
$fid = DB_insertId();
DB_query("INSERT INTO {$_TABLES['fm_detail']} (fid,description,platform,hits,rating,votes,comments)\r\n VALUES ('{$fid}','','','0','0','0','0')");
DB_query("INSERT INTO {$_TABLES['fm_versions']} (fid,fname,ftype,version,size,notes,date,uid,status)\r\n VALUES ('{$fid}','{$realfilename}','file','1','{$uploadfile['size']}','',UNIX_TIMESTAMP(),'{$_USER['uid']}','1')");
DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n VALUES ('{$id}',{$fid},'{$filename}',{$temp})");
} elseif ($CONF_FORUM['FM_PLUGIN'] == 'filemgmt') {
$sql = "INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, size, submitter, status,date ) ";
$sql .= "VALUES ('{$cid}', '{$realfilename}', '{$realfilename}', '{$uploadfile['size']}', '{$_USER['uid']}', 1, UNIX_TIMESTAMP())";
DB_query($sql);
$newid = DB_insertID();
DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n VALUES ('{$id}',{$newid},'{$filename}',{$temp})");
$description = ppPrepareForDB($_POST['filemgmt_desc']);
DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')");
}
} else {
DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,filename,tempfile)\r\n VALUES ('{$id}','{$filename}',{$temp})");
}
} else {
COM_errorlog("upload error:" . $GLOBALS['gf_errmsg']);
$errmsg = $GLOBALS['gf_errmsg'];
}
}
if (!$tempfile and $_POST['uniqueid'] > 0 and DB_COUNT($_TABLES['gf_topic'], 'id', $id)) {
DB_query("UPDATE {$_TABLES['gf_attachments']} SET topic_id={$id}, tempfile=0 WHERE topic_id={$_POST['uniqueid']}");
}
return $filelinks;
}
function nexdoc_createArchiveFromFolder($rootfolder)
{
global $_CONF, $_TABLES, $_FMCONF, $_USER;
$archiveDirectory = "{$_FMCONF['storage_path']}tmp/";
$zipfilename = ppRandomFilename(6) . '.zip';
if (file_exists("{$archiveDirectory}{$zipfilename}")) {
@unlink("{$archiveDirectory}{$zipfilename}");
//COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename} - removing existing file");
} else {
//COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename}");
}
if (!fm_getPermission($rootfolder, 'view')) {
COM_errorLog("User: {$_USER['uid']} does not have view access to the root folder: {$rootfolder}");
return '';
}
$zip = new ZipArchive();
$zipOpenResult = $zip->open("{$archiveDirectory}{$zipfilename}", ZIPARCHIVE::CREATE);
if ($zipOpenResult === TRUE) {
/* If user is inside a workspace or directory then we need to process
* list of files from parent folder down and add any needed folders to archive
* $fileitems will contain just file id's - checking a folder will just add files to hidden form field
*/
$filesAdded = array();
$sql = "SELECT a.cid,a.fid,a.fname,b.pid,b.name as folder FROM {$_TABLES['nxfile_files']} a ";
$sql .= "LEFT JOIN {$_TABLES['nxfile_categories']} b on b.cid=a.cid ";
$sql .= "WHERE a.cid={$rootfolder}";
$query = DB_query($sql);
$pfolders = array();
// Array of parent folders that I will need to create folders for in archive
$files = array();
while ($A = DB_fetchArray($query)) {
// Add any files now to the archive that are in the Root Folder
$sourcefile = $_FMCONF['storage_path'] . "{$rootfolder}/{$A['fname']}";
if (file_exists($sourcefile)) {
//COM_errorLog("$i: Adding file ({$A['fid']}): $sourcefile ");
$zip->addFile($sourcefile, $A['fname']);
}
}
if (DB_count($_TABLES['nxfile_categories'], 'pid', $cid)) {
nexdoc_archiveAddParentFromFolder($zip, $rootfolder);
}
$zip->close();
//COM_errorLog("Completed {$archiveDirectory}{$zipfilename}, filesize: " . filesize("{$archiveDirectory}{$zipfilename}"));
include_once $_CONF['path_system'] . 'classes/downloader.class.php';
$download = new downloader();
$download->setLogging(false);
$download->_setAvailableExtensions(array('zip' => 'application/x-zip-compresseed'));
$download->setAllowedExtensions(array('zip' => 'application/x-zip-compresseed'));
$download->setPath($archiveDirectory);
$download->downloadFile($zipfilename);
if ($download->areErrors()) {
$err = $download->printWarnings();
$err .= "\n" . $download->printErrors();
COM_errorLog("nexFile: Download error for user: {$_USER['uid']} - file: {$archiveDirectory}{$zipfilename}, Err => {$err}");
}
} else {
COM_errorLog("Failed to create {$archiveDirectory}{$zipfilename}, Err => {$zipOpenResult}");
}
}