Esempio n. 1
0
function nf_check4files($projectid, $taskid, $fieldname)
{
    global $_FILES, $_CONF, $_TABLES, $_USER, $CONF_NF, $LANG_GF00;
    $errmsg = '';
    $uploadfile = $_FILES[$fieldname];
    // Check if there is a request to delete any attachments
    if (isset($_POST['chk_removeattachment'])) {
        foreach ($_POST['chk_removeattachment'] as $id) {
            $filename = DB_getItem($_TABLES['nf_projectattachments'], 'filename', "id={$id}");
            $parts = explode(':', $filename);
            COM_errorLog("{$CONF_NF['uploadpath']}/{$parts[0]}");
            DB_query("DELETE FROM {$_TABLES['nf_projectattachments']} WHERE id={$id}");
            @unlink("{$CONF_NF['uploadpath']}/{$parts[0]}");
        }
    }
    if ($uploadfile['name'] != '') {
        $uploadfilename = ppRandomFilename();
        $pos = strrpos($uploadfile['name'], '.') + 1;
        $ext = strtolower(substr($uploadfile['name'], $pos));
        $filename = "{$uploadfilename}.{$ext}";
        COM_errorlog("Workflow file upload: Original file: {$uploadfile['name']} and new filename: {$filename}");
        $filestore_path = $CONF_NF['uploadpath'];
        if (nf_uploadfile($filename, $uploadfile, $CONF_NF['allowablefiletypes'], $filestore_path)) {
            // Store both the created filename and the real file source filename
            $filename = "{$filename}:{$uploadfile['name']}";
            DB_query("INSERT INTO {$_TABLES['nf_projectattachments']} (project_id,task_id,fieldname,filename)\r\n                    VALUES ({$projectid},{$taskid},'{$fieldname}','{$filename}')");
        } else {
            COM_errorlog("upload error:" . $GLOBALS['nf_errmsg']);
            $errmsg = $GLOBALS['nf_errmsg'];
        }
    }
    return $errmsg;
}
Esempio n. 2
0
function upload_file()
{
    global $CONF_FE, $_TABLES, $GLOBALS, $_CONF;
    //upload the file
    $field_name = COM_applyFilter($_POST['current_upload_file']);
    $result_id = COM_applyFilter($_POST['res_id'], true);
    $form_id = COM_applyFilter($_POST['form_id'], true);
    $uploadfile = $_FILES[$field_name];
    $fieldID = COM_applyFilter($_REQUEST['field_id'], true);
    if ($result_id == 0) {
        //form has not been saved yet
        $result_id = nexform_dbsave($form_id, 0, false);
    }
    if (($rec = nexform_check4files($result_id, $field_name)) != 0) {
        $retval = '';
        $retval .= "&nbsp;<a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">";
        $retval .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$uploadfile['name'][0]}</a>&nbsp;";
        $edit_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$form_id}'");
        if (SEC_inGroup($edit_group)) {
            $retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$field_name}\"); return false;'>";
            $retval .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a>&nbsp;";
        }
        $iserror = 'false';
    } else {
        //COM_fileLog("upload error:" . $GLOBALS['fe_errmsg']);
        $errmsg = $GLOBALS['fe_errmsg'];
        $err_fieldname = 'error_' . ppRandomFilename();
        $retval = '';
        if ($errmsg == '') {
            $errmsg = 'Your file could not be uploaded.';
        }
        $retval .= "<table id=\"tbl_{$err_fieldname}\"><tr id=\"{$err_fieldname}\"><td><img src=\"{$_CONF['layout_url']}/nexform/images/error.gif\"></td><td>{$errmsg}<br><center><font size=\"1\"><a href=\"#\" onClick=\"ajaxClearErrorMessage('{$err_fieldname}'); return false;\">[ Clear Message ]</a></font></center></td></tr></table>";
        $iserror = 'true';
    }
    return array($retval, $fieldID, $field_name, $form_id, $result_id, $iserror);
}
Esempio n. 3
0
function nexform_check4files($result_id = 0, $single_file = '')
{
    global $_CONF, $_TABLES, $CONF_FE, $LANG_FE_ERR;
    if ($CONF_FE['debug']) {
        COM_errorLog("Check4files - result_id:{$result_id}");
    }
    /* Check if custom hidden field is used on the form to specify allowable file types */
    if ($uploadFileTypesAllowed != '' and !is_array($allowablefiletypes)) {
        $formtypes = explode(',', $uploadFileTypesAllowed);
        $allowablefiletypes = array();
        foreach ($CONF_FE['allowablefiletypes'] as $key => $haystack) {
            foreach ($formtypes as $needle) {
                if (strpos($haystack, $needle) !== false) {
                    $allowablefiletypes[$key] = $haystack;
                } else {
                }
            }
        }
    }
    if (!is_array($allowablefiletypes)) {
        $allowablefiletypes = $CONF_FE['allowablefiletypes'];
    }
    foreach ($_FILES as $var => $uploadfile) {
        if ($single_file != '' and $single_file != $var) {
            continue;
        }
        if ($uploadfile['size'][0] <= 0 and $single_file != '') {
            return false;
        }
        /* The variable names contain the fieldtype and fieldid */
        /* XXX_frm{formid}_{fieldid}    - where XXX is the fieldtype */
        $parts = explode('_', $var);
        $fieldtype = $parts[0];
        $field_id = (int) $parts[2];
        $is_dynamicfield_result = false;
        if (isset($parts[4])) {
            $dynamicFieldInstance = $parts['4'];
            $sfield_id = (int) $parts['2'];
            $field_id = (int) $parts['3'];
            $instance = (int) $parts['4'];
            $is_dynamicfield_result = true;
            $dynamicForm = DB_getItem($_TABLES['nxform_fields'], 'formid', "id='{$field_id}'");
            // Get the results currently recorded for the source form field
            $dynamicResults = explode('|', DB_getItem($_TABLES['nxform_resdata'], 'field_data', "result_id='{$result_id}' AND field_id='{$sfield_id}'"));
            // Check if this instance of the dynamic form is already created as a result.
            if (isset($dynamicResults[$instance]) and $dynamicResults[0] != '' and count($dynamicResults) > 0) {
                $dynamicResult = $dynamicResults[$instance];
            } else {
                // User must be submitting the form with a new instance of this dynamic subform (field)
                // Need to create a new result record and update relating fields with the new resultid
                DB_query("INSERT INTO {$_TABLES['nxform_results']} (form_id,uid,date)\r\n                                VALUES ('{$dynamicForm}','{$userid}','{$date}') ");
                $dynamicResult = DB_insertID();
                $dynamicResults[$instance] = $dynamicResult;
                $relatedFieldResults = implode('|', $dynamicResults);
                DB_query("UPDATE {$_TABLES['nxform_resdata']} set field_data = '{$relatedFieldResults}' WHERE result_id='{$result_id}' AND field_id='{$sfield_id}'");
                // Now need to update the related Results field in the main results records
            }
        } else {
            $field_id = (int) $parts['2'];
            $is_dynamicfield_result = false;
        }
        if (is_array($uploadfile['name'])) {
            /* Skip if no files uploaded in the multi-file field */
            if ($uploadfile[name][0] != '') {
                for ($i = 0; $i < count($uploadfile[name]); $i++) {
                    /* Upload class is not expecting an array of upload files - so pass a single associative array */
                    $upload_newfile = array('name' => $uploadfile['name'][$i], 'type' => $uploadfile['type'][$i], 'tmp_name' => $uploadfile['tmp_name'][$i], 'error' => $uploadfile['error'][$i], 'size' => $uploadfile['size'][$i]);
                    $uploadfilename = ppRandomFilename();
                    $pos = strrpos($uploadfile['name'][$i], '.') + 1;
                    $ext = strtolower(substr($uploadfile['name'][$i], $pos));
                    $filename = "{$uploadfilename}.{$ext}";
                    if ($CONF_FE['debug']) {
                        COM_errorLog("Mfile upload: Original file: {$uploadfile['name'][$i]} and new filename: {$filename}");
                    }
                    if (nexform_uploadfile($filename, $upload_newfile, $allowablefiletypes)) {
                        // Store both the created filename and the real file source filename
                        $realfilename = $filename;
                        $filename = "{$filename}:{$upload_newfile['name']}";
                        if ($is_dynamicfield_result) {
                            DB_query("INSERT INTO {$_TABLES['nxform_resdata']} (result_id,field_id,field_data,is_dynamicfield_result)\r\n                                VALUES ('{$dynamicResult}','{$field_id}','{$filename}',1) ");
                            if ($single_file != '') {
                                $retval = DB_insertID();
                            }
                        } else {
                            DB_query("INSERT INTO {$_TABLES['nxform_resdata']} (result_id,field_id,field_data)\r\n                                VALUES ('{$result_id}','{$field_id}','{$filename}') ");
                            if ($single_file != '') {
                                $retval = DB_insertID();
                            }
                        }
                    } else {
                        COM_errorLog("upload error:" . $GLOBALS['fe_errmsg']);
                        $errmsg = $GLOBALS['fe_errmsg'];
                        return false;
                    }
                }
            }
        } else {
            if ($uploadfile['size'] > 0 and $uploadfile['name'] != '') {
                $uploadfilename = ppRandomFilename();
                $pos = strrpos($uploadfile['name'], '.') + 1;
                $ext = strtolower(substr($uploadfile['name'], $pos));
                $filename = "{$uploadfilename}.{$ext}";
                if ($CONF_FE['debug']) {
                    COM_errorLog("Upload file - random name: {$filename}");
                }
                if (nexform_uploadfile($filename, $uploadfile, $allowablefiletypes)) {
                    // Store both the created filename and the real file source filename
                    $realfilename = $filename;
                    $filename = "{$filename}:{$uploadfile['name']}";
                    if (DB_count($_TABLES['nxform_resdata'], array('result_id', 'field_id'), array($dynamicResult, $field_id)) > 0) {
                        DB_query("UPDATE {$_TABLES['nxform_resdata']} set field_data = '{$filename}' WHERE result_id='{$dynamicResult}' AND field_id='{$field_id}'");
                    } else {
                        if ($is_dynamicfield_result) {
                            if (DB_count($_TABLES['nxform_resdata'], array('result_id', 'field_id'), array($dynamicResult, $field_id)) > 0) {
                                DB_query("UPDATE {$_TABLES['nxform_resdata']} set field_data = '{$filename}' WHERE result_id='{$dynamicResult}' AND field_id='{$field_id}'");
                            } else {
                                DB_query("INSERT INTO {$_TABLES['nxform_resdata']} (result_id,field_id,field_data,is_dynamicfield_result)\r\n                                    VALUES ('{$dynamicResult}','{$field_id}','{$filename}',1) ");
                            }
                        } else {
                            DB_query("INSERT INTO {$_TABLES['nxform_resdata']} (result_id,field_id,field_data)\r\n                                VALUES ('{$result_id}','{$field_id}','{$filename}') ");
                        }
                    }
                } else {
                    COM_errorLog("upload error:" . $GLOBALS['fe_errmsg']);
                    $errmsg = $GLOBALS['fe_errmsg'];
                    return false;
                    break;
                }
            }
        }
    }
    if ($retval != 0) {
        return $retval;
    } else {
        return true;
    }
}
Esempio n. 4
0
function gf_check4files($id, $tempfile = false)
{
    global $_FILES, $_CONF, $_TABLES, $_USER, $CONF_FORUM, $LANG_GF00;
    global $_FM_TABLES, $CONF_FORUM, $filemgmt_FileStore;
    $filelinks = '';
    $uploadfile = $_FILES['file_forum'];
    $cid = COM_applyFilter($_POST['filemgmtcat'], true);
    $use_filestore = false;
    if ($uploadfile['name'] != '') {
        if ($_POST['chk_usefilemgmt'] == 1 and $cid > 0) {
            $filename = $uploadfile['name'];
            $pos = strrpos($uploadfile['name'], '.') + 1;
            $ext = strtolower(substr($uploadfile['name'], $pos));
            $use_filestore = true;
        } else {
            $uploadfilename = ppRandomFilename();
            $pos = strrpos($uploadfile['name'], '.') + 1;
            $ext = strtolower(substr($uploadfile['name'], $pos));
            $filename = "{$uploadfilename}.{$ext}";
            //COM_errorlog("Forum file upload: Original file: {$uploadfile['name']} and new filename: $filename");
        }
        if ($use_filestore) {
            if ($CONF_FORUM['FM_PLUGIN'] == 'filemgmt') {
                $filestore_path = $filemgmt_FileStore;
            } elseif ($CONF_FORUM['FM_PLUGIN'] == 'nexfile') {
                $filestore_path = $_CONF['path_html'] . 'nexfile/data/' . $cid . '/';
            } else {
                $filestore_path = $CONF_FORUM['uploadpath'];
            }
        } else {
            $filestore_path = $CONF_FORUM['uploadpath'];
        }
        if (gf_uploadfile($filename, $uploadfile, $CONF_FORUM['allowablefiletypes'], $filestore_path)) {
            if (array_key_exists($uploadfile['type'], $CONF_FORUM['inlineimageypes']) and function_exists(MG_resizeImage)) {
                if ($_POST['chk_usefilemgmt'] == 1) {
                    $srcImage = "{$filemgmt_FileStore}{$filename}";
                    $destImage = "{$CONF_FORUM['uploadpath']}/tn/{$filename}";
                } else {
                    $srcImage = "{$CONF_FORUM['uploadpath']}/{$filename}";
                    $destImage = "{$CONF_FORUM['uploadpath']}/tn/{$uploadfilename}.{$ext}";
                }
                $ret = MG_resizeImage($srcImage, $destImage, $CONF_FORUM['inlineimage_height'], $CONF_FORUM['inlineimage_width']);
            }
            // Store both the created filename and the real file source filename
            $realfilename = $filename;
            $filename = "{$filename}:{$uploadfile['name']}";
            if ($tempfile) {
                $temp = 1;
            } else {
                $temp = 0;
            }
            if ($use_filestore) {
                // Check and see if nexfile or the filemgmt plugin is being used
                if ($CONF_FORUM['FM_PLUGIN'] == 'nexfile') {
                    DB_query("INSERT INTO {$_TABLES['fm_files']} (cid,fname,title,version,ftype,size,submitter,status,date)\r\n                        VALUES ('{$cid}','{$realfilename}','{$realfilename}','1','file','{$uploadfile['size']}','{$_USER['uid']}','1',UNIX_TIMESTAMP())");
                    $fid = DB_insertId();
                    DB_query("INSERT INTO {$_TABLES['fm_detail']} (fid,description,platform,hits,rating,votes,comments)\r\n                        VALUES ('{$fid}','','','0','0','0','0')");
                    DB_query("INSERT INTO {$_TABLES['fm_versions']} (fid,fname,ftype,version,size,notes,date,uid,status)\r\n                        VALUES ('{$fid}','{$realfilename}','file','1','{$uploadfile['size']}','',UNIX_TIMESTAMP(),'{$_USER['uid']}','1')");
                    DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n                        VALUES ('{$id}',{$fid},'{$filename}',{$temp})");
                } elseif ($CONF_FORUM['FM_PLUGIN'] == 'filemgmt') {
                    $sql = "INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, size, submitter, status,date ) ";
                    $sql .= "VALUES ('{$cid}', '{$realfilename}', '{$realfilename}', '{$uploadfile['size']}', '{$_USER['uid']}', 1, UNIX_TIMESTAMP())";
                    DB_query($sql);
                    $newid = DB_insertID();
                    DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n                        VALUES ('{$id}',{$newid},'{$filename}',{$temp})");
                    $description = ppPrepareForDB($_POST['filemgmt_desc']);
                    DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')");
                }
            } else {
                DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,filename,tempfile)\r\n                    VALUES ('{$id}','{$filename}',{$temp})");
            }
        } else {
            COM_errorlog("upload error:" . $GLOBALS['gf_errmsg']);
            $errmsg = $GLOBALS['gf_errmsg'];
        }
    }
    if (!$tempfile and $_POST['uniqueid'] > 0 and DB_COUNT($_TABLES['gf_topic'], 'id', $id)) {
        DB_query("UPDATE {$_TABLES['gf_attachments']} SET topic_id={$id}, tempfile=0 WHERE topic_id={$_POST['uniqueid']}");
    }
    return $filelinks;
}
Esempio n. 5
0
function nexdoc_createArchiveFromFolder($rootfolder)
{
    global $_CONF, $_TABLES, $_FMCONF, $_USER;
    $archiveDirectory = "{$_FMCONF['storage_path']}tmp/";
    $zipfilename = ppRandomFilename(6) . '.zip';
    if (file_exists("{$archiveDirectory}{$zipfilename}")) {
        @unlink("{$archiveDirectory}{$zipfilename}");
        //COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename} - removing existing file");
    } else {
        //COM_errorLog("Creating archive {$archiveDirectory}{$zipfilename}");
    }
    if (!fm_getPermission($rootfolder, 'view')) {
        COM_errorLog("User: {$_USER['uid']} does not have view access to the root folder: {$rootfolder}");
        return '';
    }
    $zip = new ZipArchive();
    $zipOpenResult = $zip->open("{$archiveDirectory}{$zipfilename}", ZIPARCHIVE::CREATE);
    if ($zipOpenResult === TRUE) {
        /* If user is inside a workspace or directory then we need to process
         * list of files from parent folder down and add any needed folders to archive
         * $fileitems will contain just file id's - checking a folder will just add files to hidden form field
         */
        $filesAdded = array();
        $sql = "SELECT a.cid,a.fid,a.fname,b.pid,b.name as folder FROM {$_TABLES['nxfile_files']} a ";
        $sql .= "LEFT JOIN {$_TABLES['nxfile_categories']} b on b.cid=a.cid ";
        $sql .= "WHERE a.cid={$rootfolder}";
        $query = DB_query($sql);
        $pfolders = array();
        // Array of parent folders that I will need to create folders for in archive
        $files = array();
        while ($A = DB_fetchArray($query)) {
            // Add any files now to the archive that are in the Root Folder
            $sourcefile = $_FMCONF['storage_path'] . "{$rootfolder}/{$A['fname']}";
            if (file_exists($sourcefile)) {
                //COM_errorLog("$i: Adding file ({$A['fid']}): $sourcefile ");
                $zip->addFile($sourcefile, $A['fname']);
            }
        }
        if (DB_count($_TABLES['nxfile_categories'], 'pid', $cid)) {
            nexdoc_archiveAddParentFromFolder($zip, $rootfolder);
        }
        $zip->close();
        //COM_errorLog("Completed {$archiveDirectory}{$zipfilename}, filesize: " . filesize("{$archiveDirectory}{$zipfilename}"));
        include_once $_CONF['path_system'] . 'classes/downloader.class.php';
        $download = new downloader();
        $download->setLogging(false);
        $download->_setAvailableExtensions(array('zip' => 'application/x-zip-compresseed'));
        $download->setAllowedExtensions(array('zip' => 'application/x-zip-compresseed'));
        $download->setPath($archiveDirectory);
        $download->downloadFile($zipfilename);
        if ($download->areErrors()) {
            $err = $download->printWarnings();
            $err .= "\n" . $download->printErrors();
            COM_errorLog("nexFile: Download error for user: {$_USER['uid']} - file: {$archiveDirectory}{$zipfilename}, Err => {$err}");
        }
    } else {
        COM_errorLog("Failed to create {$archiveDirectory}{$zipfilename}, Err => {$zipOpenResult}");
    }
}