/**
* getQueryText
*
* creates a parameter-value based sql query
*
* @param string $query
* sql text
* @param array $params
* parameter key => values pairs
*
* @return string
* sql text
*/
function getQueryText($query, $params)
{
if (isset($params)) {
foreach ($params as $key => $value) {
$query = str_replace('%' . $key, EasyContactFormsUtils::addMSlashes($value), $query);
}
}
return $query;
}
/**
* escapeRequest
*
* Escapes a request
*
* @param array $_imap
* request data
* @param array $strflds
* string items
* @param array $numflds
* int items
*
* @return array
* escaped request data
*/
function escapeRequest($_imap, $strflds = NULL, $numflds = NULL)
{
if ($strflds) {
foreach ($strflds as $fld) {
if (isset($_imap[$fld])) {
$_imap[$fld] = EasyContactFormsUtils::addMSlashes($_imap[$fld]);
}
}
}
if ($numflds) {
foreach ($numflds as $fld) {
if (isset($_imap[$fld])) {
$_imap[$fld] = intval($_imap[$fld]);
}
}
}
return $_imap;
}
$filedirectory = EASYCONTACTFORMS__fileUploadDir;
if (!is_dir($filedirectory)) {
EasyContactFormsUtils::createFolder($filedirectory);
}
$ds = DIRECTORY_SEPARATOR;
$sid = $map['sid'];
$filespec = $_FILES[$filerequestid];
$newpath = $filedirectory . $ds . $sid . $fld->get('id');
$tmpname = $filespec['tmp_name'];
if (!move_uploaded_file($tmpname, $newpath)) {
return;
}
$newpath = str_replace("\\", "/", $newpath);
$filespec['tmp_name'] = $newpath;
$filespec = serialize($filespec);
$filespec = EasyContactFormsUtils::addMSlashes($filespec);
EasyContactFormsSecurityManager::setSessionValue($filerequestid, $filespec, $map);
break;
case 3:
if (!isset($this->sessionid)) {
$this->sessionid = EasyContactFormsSecurityManager::getSid();
}
$varmap['id-' . $fldid] = $this->sessionid;
break;
case 8:
if (isset($ufovalidators) && $ufovalidators === FALSE) {
$ufovalidators = TRUE;
$vjs[] = "if(typeof(ufoValidators)=='undefined'){ufoValidators={};};";
}
if (!isset($form->fileuploadsriptloaded)) {
$form->fileuploadsriptloaded = true;
/**
* webdirUpload
*
* takes a file from a temporary folder, registers it in the file
* manager
* places the file to a web directory for direct download and makes a
* thumbnail
* copy if it is necessary
*
* @param array $_uldmap
* request data
*/
function webdirUpload($_uldmap)
{
$filerequestid = $_uldmap['t'] . '_' . $_uldmap['fld'] . '_' . $_uldmap['oid'];
if ($_FILES[$filerequestid]['error'] != UPLOAD_ERR_OK) {
return FALSE;
}
$oowner = $_uldmap['easycontactusr']->id;
$filename = $_FILES[$filerequestid]['name'];
$tmpname = $_FILES[$filerequestid]['tmp_name'];
$filesize = $_FILES[$filerequestid]['size'];
$filetype = EasyContactFormsUtils::addMSlashes($_FILES[$filerequestid]['type']);
$id = intval($_uldmap['oid']);
$Type = EasyContactFormsUtils::addMSlashes($_uldmap['t']);
$fieldname = EasyContactFormsUtils::addMSlashes($_uldmap['fld']);
$filename = EasyContactFormsUtils::addMSlashes($filename);
$ds = DIRECTORY_SEPARATOR;
$targdir = EASYCONTACTFORMS__fileUploadDir . $ds . $Type . $ds . $id . $ds . $fieldname;
$query = "SELECT Name FROM #wp__easycontactforms_files WHERE Doctype='{$Type}' AND Docid='{$id}' AND Docfield='{$fieldname}'";
$name = EasyContactFormsDB::getValue($query);
if (is_file($targdir . $ds . $name)) {
unlink($targdir . $ds . $name);
}
$query = "DELETE FROM #wp__easycontactforms_files WHERE Doctype='{$Type}' AND Docid='{$id}' AND Docfield='{$fieldname}'";
EasyContactFormsDB::query($query);
$valuemap = array();
$valuemap['Count'] = '0';
$valuemap['Docfield'] = $fieldname;
$valuemap['Doctype'] = $Type;
$valuemap['Docid'] = $id;
$valuemap['Name'] = $filename;
$valuemap['Size'] = $filesize;
$valuemap['Type'] = $filetype;
$valuemap['Protected'] = 0;
$valuemap['Webdir'] = 1;
$valuemap['Storagename'] = $filename;
$valuemap['ObjectOwner'] = $oowner;
$isid = EasyContactFormsDB::insert($valuemap, 'Files');
if ($Type == 'Files') {
$valuemap = array();
$valuemap['Docid'] = $isid;
EasyContactFormsDB::update($valuemap, 'Files', $isid);
}
if (!is_dir($targdir)) {
EasyContactFormsUtils::createFolder($targdir);
}
$newpath = $targdir . $ds . $filename;
move_uploaded_file($tmpname, $newpath);
if (isset($_uldmap['thumbnailx'])) {
$newfieldname = 'thumb' . $fieldname;
$newfilename = 'thumb' . $filename;
$newtargdir = EASYCONTACTFORMS__fileUploadDir . $ds . $Type . $ds . $id . $ds . $newfieldname;
$query = "SELECT Name FROM #wp__easycontactforms_files WHERE Doctype='{$Type}' AND Docid='{$id}' AND Docfield='thumb{$fieldname}'";
$name = EasyContactFormsDB::getValue($query);
if (is_file($newtargdir . $ds . $name)) {
unlink($newtargdir . $ds . $name);
}
EasyContactFormsUtils::createFolder($newtargdir);
EasyContactFormsFiles::imgResize($newpath, $newtargdir . $ds . $newfilename, $_uldmap['thumbnailx'], $_uldmap['thumbnaily'], 0xffffff, 80);
$query = "DELETE FROM #wp__easycontactforms_files WHERE Doctype='{$Type}' AND Docid='{$id}' AND Docfield='{$newfieldname}'";
EasyContactFormsDB::query($query);
$valuemap = array();
$valuemap['Count'] = '0';
$valuemap['Docfield'] = $newfieldname;
$valuemap['Doctype'] = $Type;
$valuemap['Docid'] = $id;
$valuemap['Name'] = $newfilename;
$valuemap['Size'] = filesize($newtargdir . $ds . $newfilename);
$valuemap['Type'] = $filetype;
$valuemap['Protected'] = 0;
$valuemap['Webdir'] = 1;
$valuemap['Storagename'] = $newfilename;
$valuemap['ObjectOwner'] = $oowner;
EasyContactFormsDB::insert($valuemap, 'Files');
}
echo json_encode(array('success' => 'TRUE'));
return TRUE;
}
