function myCancel()
{
// See if we have a special 'from' to handle
$from = JRequest::getVar('from', false);
if ($from == 'editor') {
// Make sure we have a valid article ID
require_once JPATH_BASE . DS . '..' . DS . 'components' . DS . 'com_attachments' . DS . 'helper.php';
$article_id = AttachmentsHelper::valid_article_id($_POST['article_id']);
if ($article_id == -1) {
$this->execute('cancel');
// Give up
}
$link = 'index.php?option=com_content&task=edit&cid[]=' . $article_id;
$this->setRedirect($link, JText::_('UPLOAD CANCELED'));
}
$this->execute('cancel');
}
function save()
{
// Check for request forgeries
JRequest::checkToken() or die('Invalid Token');
// Make sure that the caller is logged in
$user =& JFactory::getUser();
if ($user->get('username') == '') {
$errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT');
JError::raiseError(500, $errmsg);
}
// Make sure we have a valid article ID
$article_id = AttachmentsHelper::valid_article_id(JRequest::getVar('article_id', null, 'POST'));
// Verify that this user may add attachments to this article
require_once JPATH_COMPONENT . DS . 'permissions.php';
if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) {
$errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD');
JError::raiseError(500, $errmsg);
}
// Get the Itemid
$Itemid = JRequest::getVar('Itemid', null, 'POST');
if ($Itemid && is_numeric($Itemid)) {
$Itemid = intval($Itemid);
} else {
$Itemid = 1;
}
// How to redirect?
$from = JRequest::getVar('from', false, 'POST');
if ($from) {
if ($from == 'frontpage') {
$redirect_to = JURI::base();
} elseif ($from == 'article') {
$redirect_to = JRoute::_("index.php?option=com_content&view=article&id={$article_id}", False);
} else {
$redirect_to = JURI::base();
}
} else {
$redirect_to = JURI::base();
}
// See if we should cancel
if ($_POST['submit'] == JText::_('CANCEL')) {
$msg = JText::_('UPLOAD CANCELED');
$this->setRedirect($redirect_to, $msg);
return;
}
// If this is an update, get the attachment id
$update = JRequest::getVar('update', false, 'POST');
$attachment_id = false;
if ($update) {
$attachment_id = JRequest::getVar('id', false, 'POST');
}
// Bind the info from the form
$row =& JTable::getInstance('Attachments', 'Table');
if ($attachment_id && !$row->load($attachment_id)) {
$errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})";
JError::raiseError(500, $errmsg);
exit;
}
if (!$row->bind(JRequest::get('post'))) {
JError::raiseError(500, $row->getError());
}
if (!$update) {
$row->uploader_id = $user->get('id');
$row->article_id = $article_id;
}
// Upload the file
$tmp_name = $_FILES['upload']['tmp_name'];
if ($update) {
$update_file = JRequest::getVar('update_file', false, 'POST');
if ($update_file) {
$msg = AttachmentsHelper::upload_file($row, $article_id, $update, $attachment_id);
// NOTE: store() is not needed if upload_file() is called since it does it
} else {
// Save the updated attachment
if (!$row->store()) {
JError::raiseError(500, $row->getError());
}
$msg = "Attachment updated!";
}
} else {
$msg = AttachmentsHelper::upload_file($row, $article_id, $update);
}
// If we are supposed to close this iframe, do it now.
if ($from == 'closeme') {
// Queue the message
AttachmentsHelper::enqueueSystemMessage($msg);
// Now do the Javascript to close this pop-up window and reload the parent
echo "<script language=\"javascript\" type=\"text/javascript\">\r\n window.parent.document.getElementById('sbox-window').close();\r\n window.parent.location.reload();\r\n </script>";
exit;
}
$this->setRedirect($redirect_to, $msg);
}
