private function file_upload()
{
if ($this->ion_auth->is_admin($this->user_id) == false) {
$this->returnError(490, $this->version);
return;
}
$file = isset($_FILES['file']) ? $_FILES['file'] : false;
if (!check_uploaded_file($file)) {
$this->returnError(491, $this->version);
return;
}
$file_id = $this->File->register_uploaded_file($file, $this->data_folders['misc'], $this->user_id, 'run_uploaded_file');
if ($file_id == false) {
$this->returnError(492, $this->version);
return;
}
$this->xmlContents('file-upload', $this->version, array('file_id' => $file_id, 'filename' => $file['name']));
}
function check_form_data($data)
{
$status = array('success' => 1, 'desc' => "");
foreach ($data as $field => $value) {
if ($value == '' && $field != 'uploadedfile') {
$status = array('success' => 0, 'desc' => "Enter something in the " . $field . " field");
}
}
if (!$status['success']) {
return $status;
} else {
if ($data['uploadedfile'] != '') {
$status = check_uploaded_file($_FILES['uploadedfile']);
} else {
$status = array('success' => 1, 'desc' => '');
}
//No need to check file if we're using the pre-stored "missing image" placeholder jpeg
return $status;
}
}
private function data_qualities_upload()
{
// get correct description
if (isset($_FILES['description']) == false || check_uploaded_file($_FILES['description']) == false) {
$this->returnError(382, $this->version);
return;
}
// get description from string upload
$description = $_FILES['description'];
if (validateXml($description['tmp_name'], xsd('openml.data.qualities', $this->controller, $this->version), $xmlErrors) == false) {
$this->returnError(383, $this->version, $this->openmlGeneralErrorCode, $xmlErrors);
return;
}
if (!$this->ion_auth->in_group($this->groups_upload_rights, $this->user_id)) {
$this->returnError(104, $this->version);
return;
}
$xml = simplexml_load_file($description['tmp_name']);
$did = '' . $xml->children('oml', true)->{'did'};
$dataset = $this->Dataset->getById($did);
if ($dataset == false) {
$this->returnError(384, $this->version);
return;
}
// prepare array for updating data object
$data = array('processed' => now());
if ($xml->children('oml', true)->{'error'}) {
$data['error'] = "true";
}
$this->Dataset->update($did, $data);
$all_qualities = $this->Quality->getColumnWhere('name', '`type` = "DataQuality"');
$qualities = $this->Data_quality->getAssociativeArray('quality', 'value', '`data` = "' . $dataset->did . '"');
// check and collect the qualities
$newQualities = array();
foreach ($xml->children('oml', true)->{'quality'} as $q) {
$quality = xml2object($q, true);
/*if( array_key_exists( $quality->name, $newQualities ) ) { // quality calculated twice
$this->returnError( 385, $this->openmlGeneralErrorCode, $quality->name );
return;
} elseif( $qualities != false && array_key_exists( $quality->name, $qualities ) ) { // prior to this run, we already got this quality
if( abs( $qualities[$quality->name] - $quality->value ) > $this->config->item('double_epsilon') ) {
$this->returnError( 386, $this->openmlGeneralErrorCode, $quality->name );
return;
}
} else*/
if (is_array($all_qualities) == false || in_array($quality->name, $all_qualities) == false) {
$this->returnError(387, $this->version, $this->openmlGeneralErrorCode, $quality->name);
return;
} else {
$newQualities[] = $quality;
}
if (property_exists($quality, 'interval_start')) {
} else {
}
}
if (count($newQualities) == 0) {
$this->returnError(388, $this->version);
return;
}
$success = true;
$this->db->trans_start();
foreach ($newQualities as $index => $quality) {
if (property_exists($quality, 'interval_start')) {
$data = array('data' => $dataset->did, 'quality' => $quality->name, 'interval_start' => $quality->interval_start, 'interval_end' => $quality->interval_end, 'value' => $quality->value);
$this->Data_quality_interval->insert_ignore($data);
} else {
$data = array('data' => $dataset->did, 'quality' => $quality->name, 'value' => $quality->value);
$this->Data_quality->insert_ignore($data);
}
}
$this->db->trans_complete();
// add to elastic search index.
$this->elasticsearch->index('data', $dataset->did);
if ($success) {
$this->xmlContents('data-qualities-upload', $this->version, array('did' => $dataset->did));
} else {
$this->returnError(389, $this->version);
return;
}
}
$base_path = "photos/";
//Folder to store all uploaded photos
$filename = strtolower(str_replace(' ', '_', $filename));
//Remove whitespace from filenames & make lowercase
$filename = str_replace('\\"', '', $filename);
//Remove double-quotes from filenames
$filename = str_replace("\\'", '', $filename);
//Remove single-quotes from filenames
$target_path = array('base' => $base_path, 'filename' => $filename);
return $target_path;
}
//****************************************************************************************
if (isset($_POST['MAX_FILE_SIZE'])) {
$targets = format_filename(basename($_FILES['uploadedfile']['name']));
$target_path = $targets['base'] . $targets['filename'];
$status = check_uploaded_file($_FILES['uploadedfile']['tmp_name']);
// $status['success'] (0,1) - $status['desc'] (text)
$size = array('width' => 0, 'height' => 0);
//Holds final dimensions of resized image
if ($status['success']) {
if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
//if(!is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) {
//if(!resize($_FILES['uploadedfile']['tmp_name'], $target_path)) {
$status['success'] = 0;
$status['desc'] = "Unable to accept file, try again later.<br>\n";
} elseif (!resize($target_path, $target_path, $size)) {
//file was successfully moved onto the server
$status['success'] = 0;
$status['desc'] = "Unable to resize file.<br>\n";
} elseif (!create_thumbnail($target_path, "photos/thumbs/" . $targets['filename'])) {
$status['success'] = 0;
function process_headshot_file($target_path)
{
try {
if (file_exists($target_path)) {
rename($target_path, $_SESSION['temp_image_filename']);
}
// If an image file already exists with the desired filename, create a temp backup
check_uploaded_file($_FILES['uploadedfile']['tmp_name']);
// $status['success'] (0,1) - $status['desc'] (text)
if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
throw new Exception('Unable to accept file, try again later.');
}
if (!resize($target_path, $target_path, "hrap_headshot")) {
throw new Exception('Unable to resize file');
}
$query = "UPDATE hraps SET headshot_filename = '" . $target_path . "' WHERE id = " . $this->id;
$result = mydb::cxn()->query($query);
if (file_exists($_SESSION['temp_image_filename'])) {
unlink($_SESSION['temp_image_filename']);
}
// Delete the temp image if everything was successful
} catch (Exception $e) {
if (file_exists($_SESSION['temp_image_filename'])) {
rename($_SESSION['temp_image_filename'], $target_path);
}
//Restore the backup image if something went wrong
//Re-throw the exception
throw new Exception($e->getMessage());
}
// End: catch()
}
function edit_line($idx, $php_self)
{
$error = '';
$description = mydb::cxn()->real_escape_string($_POST['description']);
$fuel_model_list = "";
if (isset($_POST['fuel_model_1']) && $_POST['fuel_model_1'] == "on") {
$fuel_model_list .= "1,";
}
if (isset($_POST['fuel_model_2']) && $_POST['fuel_model_2'] == "on") {
$fuel_model_list .= "2,";
}
if (isset($_POST['fuel_model_3']) && $_POST['fuel_model_3'] == "on") {
$fuel_model_list .= "3,";
}
if (isset($_POST['fuel_model_4']) && $_POST['fuel_model_4'] == "on") {
$fuel_model_list .= "4,";
}
if (isset($_POST['fuel_model_5']) && $_POST['fuel_model_5'] == "on") {
$fuel_model_list .= "5,";
}
if (strlen($fuel_model_list) > 0) {
$fuel_model_list = substr($fuel_model_list, 0, strlen($fuel_model_list) - 1);
} else {
$error .= "You must select at least one fuel model<br>\n";
}
$unix_date = strtotime($_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day']);
//Convert date into unix timestamp
$latitude_decimal = "";
$longitude_decimal = "";
if ($_POST['latitude_degrees'] != "") {
$_POST['longitude_degrees'] < 0 ? true : ($_POST['longitude_degrees'] = $_POST['longitude_degrees'] * -1);
// Longitude is negative in the western hemisphere
$latitude_decimal = $_POST['latitude_degrees'] + $_POST['latitude_minutes'] / 60;
$longitude_decimal = $_POST['longitude_degrees'] + $_POST['longitude_minutes'] / 60;
}
//Deal with uploaded files
if ($_FILES['uploadedfile']['name'] != "") {
$targets = format_filename(basename($_FILES['uploadedfile']['name']));
$target_path = $targets['base'] . $targets['filename'];
if (trim($_POST['file_description']) == '') {
$file_description = basename($_FILES['uploadedfile']['name']);
} else {
$file_description = mydb::cxn()->real_escape_string($_POST['file_description']);
}
$status = check_uploaded_file($_FILES['uploadedfile']['tmp_name']);
// $status['success'] (0,1) - $status['desc'] (text)
if ($status['success']) {
if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
$status['success'] = 0;
$status['desc'] = "Unable to accept file, try again later.<br>\n";
} else {
// File successfully uploaded, now add an entry in the database
$result = mydb::cxn()->query("insert into incident_files(file_path,file_description, incident_id) " . "values(\"assets/" . $targets['filename'] . "\",\"" . $file_description . "\"," . $idx . ")") or die("Saving file failed: " . mydb::cxn()->error);
}
}
// end 'if($status['success'])'
}
//Check for at least one crewmember on the roster
$need_crewmembers = 1;
$result = mydb::cxn()->query("\tSELECT concat(crewmembers.firstname, ' ', crewmembers.lastname) as name, crewmembers.id as id\n\t\t\t\t\t\t\t\t\tFROM crewmembers inner join roster\n\t\t\t\t\t\t\t\t\tON crewmembers.id = roster.id\n\t\t\t\t\t\t\t\t\tWHERE roster.year like '" . $_POST['year'] . "'\n\t\t\t\t\t\t\t\t\tORDER BY name");
while ($row = $result->fetch_assoc()) {
if (isset($_POST[$row['id']]) && $_POST[$row['id']] == "on") {
$need_crewmembers = 0;
}
}
if ($need_crewmembers) {
$error .= "You must select at least one crewmember<br>\n";
}
//Check the rest of the fields
if (!preg_match("/\\b[a-zA-Z]{2}-\\b[a-zA-Z0-9]{3,5}-\\b[0-9]{6}/i", trim($_POST['number']))) {
$error .= "Incident number must be in the form: OR-OCF-123456 (You entered: " . $_POST['number'] . ")<br>\n";
}
/* if(!preg_match("/\b[0-9a-zA-Z]{6}\b/i",$_POST['code'])) $error .= "P-Code must be 6 characters! (You entered: ".$_SESSION['form_field5'].")<br>\n";
if(!preg_match("/\b[0-9]{4}\b/",$_POST['override'])) $error .= "Override Code must be a 4-digit number! (You entered: ".$_SESSION['form_field6'].")<br>\n";
if(!preg_match('/\b[0-9]*\.?[0-9]+\b/',$_POST['size'])) $error .= "Acreage must be a numeric value! (You entered: ".$_SESSION['form_field7'].")<br>\n";
if(!preg_match('/\b[1-5]{1}\b/',$_POST['type'])) $error .= "ICT (Management Type) must be a numeric value, 1 - 5 (You entered: ".$_SESSION['form_field8'].")<br>\n";
*/
if ($error == '') {
$insert_query = "\tUPDATE incidents\n\t\t\t\t\t\t\tSET date\t= from_unixtime(" . $unix_date . "),\n\t\t\t\t\t\t\tevent_type\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['event_type']))) . "',\n\t\t\t\t\t\t\tnumber\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['number']))) . "',\n\t\t\t\t\t\t\tname\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['name']))) . "',\n\t\t\t\t\t\t\tcode\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['code']))) . "',\n\t\t\t\t\t\t\toverride\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['override']))) . "',\n\t\t\t\t\t\t\tsize\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['size']))) . "',\n\t\t\t\t\t\t\ttype\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['type']))) . "',\n\t\t\t\t\t\t\tfuel_models = '" . $fuel_model_list . "',\n\t\t\t\t\t\t\tdescription = '" . $description . "',\n\t\t\t\t\t\t\tlatitude_degrees = '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['latitude_degrees']))) . "',\n\t\t\t\t\t\t\tlatitude_minutes = '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['latitude_minutes']))) . "',\n\t\t\t\t\t\t\tlongitude_degrees= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['longitude_degrees']))) . "',\n\t\t\t\t\t\t\tlongitude_minutes= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['longitude_minutes']))) . "'\n\t\t\t\t\t\t\tWHERE idx LIKE '" . $idx . "'";
mydb::cxn()->query($insert_query) or die("Error updating item in the incidents database: " . mydb::cxn()->error);
//Clear the current incident roster before setting the new roster
$result = mydb::cxn()->query("\tDELETE from incident_roster\n\t\t\t\t\t\t\t\t\t\tWHERE idx like '" . $idx . "'");
//Get current crew roster & create new incident roster
$result = mydb::cxn()->query("\tSELECT firstname, lastname, concat(crewmembers.firstname, ' ', crewmembers.lastname) as name, crewmembers.id as id\n\t\t\t\t\t\t\t\t\t\tFROM crewmembers inner join roster\n\t\t\t\t\t\t\t\t\t\tON crewmembers.id = roster.id\n\t\t\t\t\t\t\t\t\t\tWHERE roster.year like '" . $_POST['year'] . "'");
$max_shifts = 0;
$roster_string = "";
while ($row = $result->fetch_assoc()) {
if (isset($_POST[$row['id']]) && $_POST[$row['id']] == "on") {
if ($_POST['shifts-' . $row['id']] == '') {
$shifts = 'null';
} else {
$shifts = $_POST['shifts-' . $row['id']];
if ($shifts > $max_shifts) {
$max_shifts = $shifts;
}
}
$query = "insert into incident_roster (idx, crewmember_id, role, qt, shifts)\n\t\t\t\t\t\t\t values (" . $idx . "," . $row['id'] . ",'" . $_POST['role-' . $row['id']] . "','" . $_POST['qt-' . $row['id']] . "'," . $shifts . ")";
mydb::cxn()->query($query) or die("Error adding incident roster: " . $query . " -- : -- " . mydb::cxn()->error);
$roster_string .= $row['name'] . " (" . strtoupper($_POST['role-' . $row['id']]) . " (" . strtoupper($_POST['qt-' . $row['id']]) . "), " . $shifts . " shifts)\n";
}
}
//Delete the Google Calendar entry for this event, then create a new Calendar event with the updated details
/* if(trim($_POST['name']) != '') $g_title = ucwords(trim($_POST['name']));
else $g_title = strtoupper(trim($_POST['number']));
$g_start_date =date('Y-m-d',$unix_date);
$g_end_date = date('Y-m-d',mktime(0, 0, 0, date("m",$unix_date) , date("d",$unix_date)+$max_shifts, date("Y",$unix_date)));
if(strtolower(trim($_POST['name'])) != "") $g_fire_name = " (".ucwords(trim($_POST['name'])).")";
else $g_fire_name = "";
$g_description = "Incident: ".strtoupper(trim($_POST['number']))
.$g_fire_name.",\n"
.strtoupper(trim($_POST['code']))." / "
.strtolower(trim($_POST['override'])).",\n"
.strtolower(trim($_POST['size']))." Acres,\n"
."Complexity: ".strtolower(trim($_POST['type']))."\n\n"
.$description."\n\n"
.$roster_string;
$result = mydb::cxn()->query("SELECT g_cal_eventUrl FROM incidents WHERE idx = ".$idx);
$row = $result->fetch_assoc();
$eventUrl = $row['g_cal_eventUrl'];
//g_cal_deleteEventByUrl(g_cal_authenticate(), $eventUrl);
if($latitude_decimal != "") $g_where = $latitude_decimal . " " . $longitude_decimal;
else $g_where = "";
$new_cal_id = g_cal_createEvent (g_cal_authenticate(), $g_title, $g_description, $g_where, $g_start_date,'0', $g_end_date,'0','-08');
$result = mydb::cxn()->query("UPDATE incidents SET g_cal_eventUrl = \"".$new_cal_id."\" WHERE idx = ".$idx);
*/
$_SESSION['form_field1'] = '';
$_SESSION['form_field2'] = '';
$_SESSION['form_field3'] = '';
$_SESSION['form_field4'] = '';
$_SESSION['form_field5'] = '';
$_SESSION['form_field6'] = '';
$_SESSION['form_field7'] = '';
$_SESSION['form_field8'] = '';
$_SESSION['form_field9'] = '';
$_SESSION['form_field10'] = '';
$_SESSION['form_field11'] = '';
$_SESSION['form_field12'] = '';
$_SESSION['form_field13'] = '';
$_SESSION['form_field14'] = '';
$_SESSION['form_field15'] = '';
$_SESSION['form_field16'] = '';
echo "<span class=\"highlight1\" style=\"display:block\">Incident successfully updated!</span><br />";
} else {
echo "<span class=\"highlight1\" style=\"display:block\">" . $error . "</span><br />";
//Repopulate form fields with current values to make it easy to correct
$_SESSION['form_field1'] = $_POST['month'];
$_SESSION['form_field2'] = $_POST['day'];
$_SESSION['form_field3'] = htmlentities($_POST['number']);
$_SESSION['form_field4'] = htmlentities($_POST['name']);
$_SESSION['form_field5'] = htmlentities($_POST['code']);
$_SESSION['form_field6'] = htmlentities($_POST['override']);
$_SESSION['form_field7'] = htmlentities($_POST['size']);
$_SESSION['form_field8'] = htmlentities($_POST['type']);
$_SESSION['form_field9'] = htmlentities($_POST['description']);
//$_SESSION['form_field10'] = htmlentities($_POST['event_type']); //Handled
$_SESSION['form_field11'] = htmlentities($_POST['latitude_degrees']);
$_SESSION['form_field12'] = htmlentities($_POST['latitude_minutes']);
$_SESSION['form_field13'] = htmlentities($_POST['latitude_seconds']);
$_SESSION['form_field14'] = htmlentities($_POST['longitude_degrees']);
$_SESSION['form_field15'] = htmlentities($_POST['longitude_minutes']);
$_SESSION['form_field16'] = htmlentities($_POST['longitude_seconds']);
}
return;
}
<?php
$this->form_validation->set_rules('first_name', 'First Name', 'xss_clean');
$this->form_validation->set_rules('last_name', 'Last Name', 'required|xss_clean');
$this->form_validation->set_rules('email', 'Email Address', 'required|valid_email');
$this->form_validation->set_rules('Country', 'Country', 'xss_clean');
$this->form_validation->set_rules('affiliation', 'Affiliation', 'xss_clean');
$this->form_validation->set_rules('password', 'Password', 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
$this->form_validation->set_rules('password_confirm', 'Password Confirmation', 'required');
if ($this->form_validation->run() == true) {
$username = $this->input->post('email');
$email = $this->input->post('email');
$password = $this->input->post('password');
$additional_data = array('first_name' => $this->input->post('first_name'), 'last_name' => $this->input->post('last_name'), 'affiliation' => $this->input->post('affiliation'), 'country' => $this->input->post('country'), 'bio' => $this->input->post('bio'), 'external_source' => null, 'external_id' => null);
if (check_uploaded_file($_FILES['image'])) {
resize_image_squared($_FILES['image']['tmp_name'], $this->config->item('max_avatar_size'));
$file_id = $this->File->register_uploaded_file($_FILES['image'], 'userdata/', -1, 'userimage');
if ($file_id) {
$additional_data['image'] = $this->data_controller . 'view/' . $file_id . '/' . $_FILES['image']['name'];
}
}
$user_id = $this->ion_auth->register($username, $password, $email, $additional_data);
if ($user_id) {
//check to see if we are creating the user
//redirect them back to the admin page
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect('frontend/page/register');
} else {
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect('frontend/page/register');
}
function commit_requisition()
{
mydb::cxn()->autocommit(FALSE);
// Make this section TRANSACTIONAL
try {
// Check date format
$date = trim($_POST['date']);
if ($date == "") {
$date = date("m/d/Y");
}
//Use today's date if the date was left blank
$dates = explode("/", $date);
// The Date should be in the form: mm/dd/yyyy
if (!checkdate((int) $dates[0], (int) $dates[1], (int) $dates[2])) {
throw new Exception('The Date entered is not a valid date (dates must be in the form: mm/dd/yyyy)');
}
$amount = 0.0;
if (trim($_POST['order_total']) != "" && is_numeric($_POST['order_total'])) {
$amount = number_format(mydb::cxn()->real_escape_string(trim($_POST['order_total'])), 2, '.', '');
}
if (!isset($_POST['id']) || $_POST['id'] == '' || $_POST['id'] == 'new') {
// This is a NEW requisition entry
// If this is a wishlist item, determine the next priority number available (give this the lowest priority)
if ($_POST['card_used'] == 'wishlist') {
$result = mydb::cxn()->query("SELECT max(priority)+1 as nextpri FROM requisitions");
$row = $result->fetch_assoc();
$pri_field = ",priority";
$pri_value = "," . $row['nextpri'];
}
if (!get_magic_quotes_gpc()) {
$query = "INSERT INTO requisitions (vendor_info,description,amount,date,card_used" . $pri_field . ",added_by) " . "VALUES (\"" . mydb::cxn()->real_escape_string($_POST['vendor_info']) . "\",\"" . mydb::cxn()->real_escape_string($_POST['description']) . "\"," . $amount . ",str_to_date('" . $date . "','%m/%d/%Y')" . ",\"" . mydb::cxn()->real_escape_string($_POST['card_used']) . "\"" . $pri_value . ",\"" . $_POST['added_by'] . "\")";
} else {
$query = "INSERT INTO requisitions (vendor_info,description,amount,date,card_used" . $pri_field . ",added_by) " . "VALUES (\"" . $_POST['vendor_info'] . "\",\"" . $_POST['description'] . "\"," . $amount . ",str_to_date('" . $date . "','%m/%d/%Y')" . ",\"" . $_POST['card_used'] . "\"" . $pri_value . ",\"" . $_POST['added_by'] . "\")";
}
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != "") {
throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
}
$requisition_id = mydb::cxn()->insert_id;
} else {
// UPDATE an EXISTING requisition entry
// If this item is not on the wishlist, remove any existing priority
if ($_POST['card_used'] != 'wishlist') {
$priority = ",priority = NULL";
} else {
$priority = "";
}
//Don't change the priority with this UPDATE
if (!get_magic_quotes_gpc()) {
$query = "UPDATE requisitions " . "SET vendor_info = \"" . mydb::cxn()->real_escape_string($_POST['vendor_info']) . "\"" . ",description = \"" . mydb::cxn()->real_escape_string($_POST['description']) . "\"" . ",amount = " . $amount . ",date = str_to_date('" . $date . "','%m/%d/%Y')" . ",card_used = \"" . mydb::cxn()->real_escape_string($_POST['card_used']) . "\"" . ",added_by = \"" . $_POST['added_by'] . "\"" . $priority . " WHERE requisitions.id = " . mydb::cxn()->real_escape_string($_POST['id']);
} else {
$query = "UPDATE requisitions " . "SET vendor_info = \"" . $_POST['vendor_info'] . "\"" . ",description = \"" . $_POST['description'] . "\"" . ",amount = " . $amount . ",date = str_to_date('" . $date . "','%m/%d/%Y')" . ",card_used = \"" . $_POST['card_used'] . "\"" . ",added_by = \"" . $_POST['added_by'] . "\"" . $priority . " WHERE requisitions.id = " . $_POST['id'];
}
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != "") {
throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
}
$requisition_id = mydb::cxn()->real_escape_string($_POST['id']);
// Delete existing itemized entries to make room for the new POST'ed entries
// Make this section transactional....
$result = mydb::cxn()->query("DELETE FROM requisitions_split WHERE requisition_id = " . $requisition_id);
}
//Ensure that at least 1 split line gets stored, even if the dollar-amount is blank
if (trim($_POST['amount_1']) == "" || !is_numeric($_POST['amount_1']) || is_null($_POST['amount_1'])) {
$_POST['amount_1'] = "0.0";
}
for ($i = 1; $i <= $_SESSION['split_qty']; $i++) {
if ($_POST['amount_' . $i] != '') {
$query = "INSERT INTO requisitions_split (requisition_id, s_number, charge_code, override, amount, received, reconciled, comments) " . "VALUES (" . $requisition_id . ",\"" . mydb::cxn()->real_escape_string(strtoupper($_POST['s_number_' . $i])) . "\",\"" . mydb::cxn()->real_escape_string(strtoupper($_POST['charge_code_' . $i])) . "\",\"" . mydb::cxn()->real_escape_string($_POST['override_' . $i]) . "\"," . number_format(mydb::cxn()->real_escape_string($_POST['amount_' . $i]), 2, '.', '') . ",\"" . mydb::cxn()->real_escape_string($_POST['split_received_' . $i]) . "\",\"" . mydb::cxn()->real_escape_string($_POST['split_reconciled_' . $i]) . "\",\"" . mydb::cxn()->real_escape_string($_POST['split_comments_' . $i]) . "\")";
//echo $query;
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != "") {
// If an error occurs, rollback this entire transaction
/* mydb::cxn()->query("DELETE FROM requisitions WHERE id = ".$requisition_id);
mydb::cxn()->query("DELETE FROM requisitions_split WHERE requisition_id = ".$requisition_id);
*/
throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
}
}
}
for ($i = 1; $i <= 3; $i++) {
if ($_FILES['uploadedfile' . $i]['name'] != "") {
$status = check_uploaded_file($_FILES['uploadedfile' . $i]);
//$status = array('success','desc');
if (!$status['success']) {
/*Bad form data - don't add to database... $status['desc'] holds the explanation already */
} else {
$targets = format_filename($requisition_id, $i, $_FILES['uploadedfile' . $i]);
$target_path = $targets['base'] . $targets['filename'];
if (!@move_uploaded_file($_FILES['uploadedfile' . $i]['tmp_name'], $target_path)) {
throw new Exception('The file attachment couldn\'t be saved! Please check the file format and filesize.');
} else {
// File successfully uploaded, now update entry in the database
$query = "UPDATE requisitions SET attachment" . $i . " = \"" . $target_path . "\" WHERE id = " . $requisition_id;
$result = mydb::cxn()->query($query);
if (mydb::cxn()->error != "") {
throw new Exception("File attachment #" . $i . " could not be saved, but the requisition information was saved successfully.<br />\n" . mydb::cxn()->error);
}
}
}
}
//END if($_FILES['uploadedfile']['name'] != "")
}
//END for($i=1;$i<=3;$i++)
$_SESSION['form_memory']['requisition'] = array();
mydb::cxn()->commit();
mydb::cxn()->autocommit(TRUE);
} catch (Exception $e) {
mydb::cxn()->rollback();
mydb::cxn()->autocommit(TRUE);
throw new Exception($e->getMessage());
}
return;
}
}
}
if (!array_key_exists('confirmed', $_REQUEST)) {
die(upload_form());
}
/*
foreach ($_REQUEST as $key => $val) {
echo "$key => $val <br>\n";
}
if (is_array($_FILES) && count($_FILES)>0) {
echo "<h2>FILES is an array</h2>";
print_r($_FILES);
}
*/
// no need to do anything till we check that the file's ok
if (check_uploaded_file($_FILES['file'])) {
$xml_file = $_FILES['file']['tmp_name'];
//move_uploaded_file($tmp_file, $xml_file);
//is_uploaded_file
//echo filesize($xml_file);
//echo $xml_file . "\n<br>";
$xml_str = file_get_contents($xml_file);
}
try {
$db = new PDO(DEFAULT_DSN, DEFAULT_DSN_LOGIN, DEFAULT_DSN_PASSWORD);
} catch (Exception $e) {
die($e->getMessage());
}
if ($_POST['clear_dialplan']) {
truncate_dialplan();
}
private function flow_upload()
{
if (isset($_FILES['source']) && $_FILES['source']['error'] == 0) {
$source = true;
} else {
$source = false;
unset($_FILES['source']);
}
if (isset($_FILES['binary']) && $_FILES['binary']['error'] == 0) {
$binary = true;
} else {
$binary = false;
unset($_FILES['binary']);
}
if ($source == false && $binary == false) {
$this->returnError(162, $this->version);
return;
}
foreach ($_FILES as $key => $file) {
if (check_uploaded_file($file) == false) {
$this->returnError(160, $this->version);
return;
}
}
$xsd = xsd('openml.implementation.upload', $this->controller, $this->version);
if (!$xsd) {
$this->returnError(172, $this->version, $this->openmlGeneralErrorCode);
return;
}
// get correct description
if ($this->input->post('description')) {
// get description from string upload
$description = $this->input->post('description');
$xmlErrors = "";
if (validateXml($description, $xsd, $xmlErrors, false) == false) {
$this->returnError(163, $this->version, $this->openmlGeneralErrorCode, $xmlErrors);
return;
}
$xml = simplexml_load_string($description);
} elseif (isset($_FILES['description'])) {
// get description from file upload
$description = $_FILES['description'];
if (validateXml($description['tmp_name'], $xsd, $xmlErrors) == false) {
$this->returnError(163, $this->version, $this->openmlGeneralErrorCode, $xmlErrors);
return;
}
$xml = simplexml_load_file($description['tmp_name']);
$similar = $this->Implementation->compareToXML($xml);
if ($similar) {
$this->returnError(171, $this->version, $this->openmlGeneralErrorCode, 'implementation_id:' . $similar);
return;
}
} else {
$this->returnError(161, $this->version);
return;
}
if (!$this->ion_auth->in_group($this->groups_upload_rights, $this->user_id)) {
$this->returnError(104, $this->version);
return;
}
$name = '' . $xml->children('oml', true)->{'name'};
$implementation = array('uploadDate' => now(), 'uploader' => $this->user_id);
foreach ($_FILES as $key => $file) {
if ($key == 'description') {
continue;
}
if (!in_array($key, array('description', 'source', 'binary'))) {
$this->returnError(167, $this->version);
return;
}
$file_id = $this->File->register_uploaded_file($_FILES[$key], $this->data_folders['implementation'] . $key . '/', $this->user_id, 'implementation');
if ($file_id === false) {
$this->returnError(165, $this->version);
return;
}
$file_record = $this->File->getById($file_id);
//$implementation[$key.'Url'] = $this->data_controller . 'download/' . $file_id . '/' . $file_record->filename_original;
$implementation[$key . '_md5'] = $file_record->md5_hash;
$implementation[$key . '_file_id'] = $file_id;
//$implementation[$key.'Format'] = $file_record->md5_hash;
if (property_exists($xml->children('oml', true), $key . '_md5')) {
if ($xml->children('oml', true)->{$key . '_md5'} != $file_record->md5_hash) {
$this->returnError(168, $this->version);
return;
}
}
}
$impl = insertImplementationFromXML($xml->children('oml', true), $this->xml_fields_implementation, $implementation);
if ($impl == false) {
$this->returnError(165, $this->version);
return;
}
$implementation = $this->Implementation->getById($impl);
$this->xmlContents('implementation-upload', $this->version, $implementation);
}
private function run_evaluate()
{
// check uploaded file
$description = isset($_FILES['description']) ? $_FILES['description'] : false;
if (!check_uploaded_file($description)) {
$this->returnError(422, $this->version);
return;
}
$xsd = xsd('openml.run.evaluate', $this->controller, $this->version);
// validate xml
if (validateXml($description['tmp_name'], $xsd, $xmlErrors) == false) {
$this->returnError(423, $this->version, $this->openmlGeneralErrorCode, $xmlErrors);
return;
}
// fetch xml
$xml = simplexml_load_file($description['tmp_name']);
if ($xml === false) {
$this->returnError(424, $this->version);
return;
}
$run_id = (string) $xml->children('oml', true)->{'run_id'};
$runRecord = $this->Run->getById($run_id);
if ($runRecord == false) {
$this->returnError(425, $this->version);
return;
}
if ($runRecord->processed != null) {
$this->returnError(426, $this->version);
return;
}
$data = array('processed' => now());
if (isset($xml->children('oml', true)->{'error'})) {
$data['error'] = '' . $xml->children('oml', true)->{'error'};
}
$this->Run->update($run_id, $data);
$implementation_ids = $this->Implementation->getAssociativeArray('fullName', 'id', '`name` = `name`');
$this->db->trans_start();
foreach ($xml->children('oml', true)->{'evaluation'} as $e) {
$evaluation = xml2assoc($e, true);
// naming convention
$evaluation['function'] = $evaluation['name'];
unset($evaluation['name']);
// more naming convention
if (array_key_exists($evaluation['flow'], $implementation_ids)) {
$evaluation['implementation_id'] = $implementation_ids[$evaluation['flow']];
unset($evaluation['flow']);
} else {
$this->Log->mapping(__FILE__, __LINE__, 'Flow ' . $evaluation['flow'] . ' not found in database. ');
continue;
}
// adding rid
$evaluation['source'] = $run_id;
if (array_key_exists('fold', $evaluation) && array_key_exists('repeat', $evaluation) && array_key_exists('sample', $evaluation)) {
// evaluation_sample
$this->Evaluation_sample->insert($evaluation);
} elseif (array_key_exists('fold', $evaluation) && array_key_exists('repeat', $evaluation)) {
// evaluation_fold
$this->Evaluation_fold->insert($evaluation);
// } elseif( array_key_exists( 'interval_start', $evaluation ) && array_key_exists( 'interval_end', $evaluation ) ) {
// // evaluation_interval
// $this->Evaluation_interval->insert( $evaluation );
} else {
// global
$this->Evaluation->insert($evaluation);
}
}
$this->db->trans_complete();
// update elastic search index.
$this->elasticsearch->index('run', $run_id);
$this->xmlContents('run-evaluate', $this->version, array('run_id' => $run_id));
}