<?php set_time_limit(0); include_once "include_db.php"; include_once "include_functions.php"; if (!$_SESSION["uname"]) { header('Location: logout.php'); exit; } $CURRENT_USER = $_SESSION["uname"]; // check whether this user has access to this room $GMU = new ManageUsers(); $GMU->userId = $_SESSION['empl_id']; $rid = get_POST_var('rid'); if (!$GMU->has_AccessToRoom($rid)) { echo "You are not authorised to access this page."; exit; } // get file size and generate a random code $MF = new ManageFiles(); $UFID = $MF->createUnique_FID(16); $size = $_FILES['myfile']['size']; $file_name = str_replace(' ', '_', $_FILES['myfile']['name']); $file_type = $_FILES['myfile']['type']; $errors = $_FILES['myfile']['error']; //move the uploaded file to UPLOAD_PATH and insert into database $result = 0; if ($errors == UPLOAD_ERR_OK) { $tmp_name = $tmp_names; //$allowedExtensions = array("txt","csv","htm","html","xml","css","doc","xls","rtf","ppt","pdf","swf","flv","avi","wmv","mov","jpg","jpeg","gif","png"); $type = end(explode(".", strtolower($file_name)));
public function isFileRelatedToUser($fileId, $userId) { // get room id for this file $roomId = executesql_returnArray("select tbl_ChatRooms.chatRoom from tbl_chatFiles, tbl_ChatRooms where tbl_ChatRooms.fileId = tbl_chatFiles.fileId and tbl_chatFiles.fileId='{$fileId}'"); if ($roomId) { $MU = new ManageUsers(); $MU->userId = $userId; return $MU->has_AccessToRoom($roomId); } else { $directMessage_UserRelated = executesql_returnArray("select tbl_DirectMessages.dmsgid from tbl_DirectMessages, tbl_chatFiles where tbl_chatFiles.fileId = tbl_DirectMessages.fileId and tbl_chatFiles.fileId='{$fileId}' and (tbl_DirectMessages.from_uid='{$userId}' OR tbl_DirectMessages.to_uid='{$userId}') "); return $directMessage_UserRelated ? true : false; } }