コード例 #1
0
ファイル: api_file.php プロジェクト: jaksmid/website
 private function file_upload()
 {
     if ($this->ion_auth->is_admin($this->user_id) == false) {
         $this->returnError(490, $this->version);
         return;
     }
     $file = isset($_FILES['file']) ? $_FILES['file'] : false;
     if (!check_uploaded_file($file)) {
         $this->returnError(491, $this->version);
         return;
     }
     $file_id = $this->File->register_uploaded_file($file, $this->data_folders['misc'], $this->user_id, 'run_uploaded_file');
     if ($file_id == false) {
         $this->returnError(492, $this->version);
         return;
     }
     $this->xmlContents('file-upload', $this->version, array('file_id' => $file_id, 'filename' => $file['name']));
 }
コード例 #2
0
function check_form_data($data)
{
    $status = array('success' => 1, 'desc' => "");
    foreach ($data as $field => $value) {
        if ($value == '' && $field != 'uploadedfile') {
            $status = array('success' => 0, 'desc' => "Enter something in the " . $field . " field");
        }
    }
    if (!$status['success']) {
        return $status;
    } else {
        if ($data['uploadedfile'] != '') {
            $status = check_uploaded_file($_FILES['uploadedfile']);
        } else {
            $status = array('success' => 1, 'desc' => '');
        }
        //No need to check file if we're using the pre-stored "missing image" placeholder jpeg
        return $status;
    }
}
コード例 #3
0
ファイル: api_data.php プロジェクト: jaksmid/website
 private function data_qualities_upload()
 {
     // get correct description
     if (isset($_FILES['description']) == false || check_uploaded_file($_FILES['description']) == false) {
         $this->returnError(382, $this->version);
         return;
     }
     // get description from string upload
     $description = $_FILES['description'];
     if (validateXml($description['tmp_name'], xsd('openml.data.qualities', $this->controller, $this->version), $xmlErrors) == false) {
         $this->returnError(383, $this->version, $this->openmlGeneralErrorCode, $xmlErrors);
         return;
     }
     if (!$this->ion_auth->in_group($this->groups_upload_rights, $this->user_id)) {
         $this->returnError(104, $this->version);
         return;
     }
     $xml = simplexml_load_file($description['tmp_name']);
     $did = '' . $xml->children('oml', true)->{'did'};
     $dataset = $this->Dataset->getById($did);
     if ($dataset == false) {
         $this->returnError(384, $this->version);
         return;
     }
     // prepare array for updating data object
     $data = array('processed' => now());
     if ($xml->children('oml', true)->{'error'}) {
         $data['error'] = "true";
     }
     $this->Dataset->update($did, $data);
     $all_qualities = $this->Quality->getColumnWhere('name', '`type` = "DataQuality"');
     $qualities = $this->Data_quality->getAssociativeArray('quality', 'value', '`data` = "' . $dataset->did . '"');
     // check and collect the qualities
     $newQualities = array();
     foreach ($xml->children('oml', true)->{'quality'} as $q) {
         $quality = xml2object($q, true);
         /*if( array_key_exists( $quality->name, $newQualities ) ) { // quality calculated twice
             $this->returnError( 385, $this->openmlGeneralErrorCode, $quality->name );
             return;
           } elseif( $qualities != false && array_key_exists( $quality->name, $qualities ) ) { // prior to this run, we already got this quality
             if( abs( $qualities[$quality->name] - $quality->value ) > $this->config->item('double_epsilon') ) {
               $this->returnError( 386, $this->openmlGeneralErrorCode, $quality->name );
               return;
             }
           } else*/
         if (is_array($all_qualities) == false || in_array($quality->name, $all_qualities) == false) {
             $this->returnError(387, $this->version, $this->openmlGeneralErrorCode, $quality->name);
             return;
         } else {
             $newQualities[] = $quality;
         }
         if (property_exists($quality, 'interval_start')) {
         } else {
         }
     }
     if (count($newQualities) == 0) {
         $this->returnError(388, $this->version);
         return;
     }
     $success = true;
     $this->db->trans_start();
     foreach ($newQualities as $index => $quality) {
         if (property_exists($quality, 'interval_start')) {
             $data = array('data' => $dataset->did, 'quality' => $quality->name, 'interval_start' => $quality->interval_start, 'interval_end' => $quality->interval_end, 'value' => $quality->value);
             $this->Data_quality_interval->insert_ignore($data);
         } else {
             $data = array('data' => $dataset->did, 'quality' => $quality->name, 'value' => $quality->value);
             $this->Data_quality->insert_ignore($data);
         }
     }
     $this->db->trans_complete();
     // add to elastic search index.
     $this->elasticsearch->index('data', $dataset->did);
     if ($success) {
         $this->xmlContents('data-qualities-upload', $this->version, array('did' => $dataset->did));
     } else {
         $this->returnError(389, $this->version);
         return;
     }
 }
コード例 #4
0
    $base_path = "photos/";
    //Folder to store all uploaded photos
    $filename = strtolower(str_replace(' ', '_', $filename));
    //Remove whitespace from filenames & make lowercase
    $filename = str_replace('\\"', '', $filename);
    //Remove double-quotes from filenames
    $filename = str_replace("\\'", '', $filename);
    //Remove single-quotes from filenames
    $target_path = array('base' => $base_path, 'filename' => $filename);
    return $target_path;
}
//****************************************************************************************
if (isset($_POST['MAX_FILE_SIZE'])) {
    $targets = format_filename(basename($_FILES['uploadedfile']['name']));
    $target_path = $targets['base'] . $targets['filename'];
    $status = check_uploaded_file($_FILES['uploadedfile']['tmp_name']);
    // $status['success'] (0,1) - $status['desc'] (text)
    $size = array('width' => 0, 'height' => 0);
    //Holds final dimensions of resized image
    if ($status['success']) {
        if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
            //if(!is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) {
            //if(!resize($_FILES['uploadedfile']['tmp_name'], $target_path)) {
            $status['success'] = 0;
            $status['desc'] = "Unable to accept file, try again later.<br>\n";
        } elseif (!resize($target_path, $target_path, $size)) {
            //file was successfully moved onto the server
            $status['success'] = 0;
            $status['desc'] = "Unable to resize file.<br>\n";
        } elseif (!create_thumbnail($target_path, "photos/thumbs/" . $targets['filename'])) {
            $status['success'] = 0;
コード例 #5
0
 function process_headshot_file($target_path)
 {
     try {
         if (file_exists($target_path)) {
             rename($target_path, $_SESSION['temp_image_filename']);
         }
         // If an image file already exists with the desired filename, create a temp backup
         check_uploaded_file($_FILES['uploadedfile']['tmp_name']);
         // $status['success'] (0,1) - $status['desc'] (text)
         if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
             throw new Exception('Unable to accept file, try again later.');
         }
         if (!resize($target_path, $target_path, "hrap_headshot")) {
             throw new Exception('Unable to resize file');
         }
         $query = "UPDATE hraps SET headshot_filename = '" . $target_path . "' WHERE id = " . $this->id;
         $result = mydb::cxn()->query($query);
         if (file_exists($_SESSION['temp_image_filename'])) {
             unlink($_SESSION['temp_image_filename']);
         }
         // Delete the temp image if everything was successful
     } catch (Exception $e) {
         if (file_exists($_SESSION['temp_image_filename'])) {
             rename($_SESSION['temp_image_filename'], $target_path);
         }
         //Restore the backup image if something went wrong
         //Re-throw the exception
         throw new Exception($e->getMessage());
     }
     // End: catch()
 }
コード例 #6
0
function edit_line($idx, $php_self)
{
    $error = '';
    $description = mydb::cxn()->real_escape_string($_POST['description']);
    $fuel_model_list = "";
    if (isset($_POST['fuel_model_1']) && $_POST['fuel_model_1'] == "on") {
        $fuel_model_list .= "1,";
    }
    if (isset($_POST['fuel_model_2']) && $_POST['fuel_model_2'] == "on") {
        $fuel_model_list .= "2,";
    }
    if (isset($_POST['fuel_model_3']) && $_POST['fuel_model_3'] == "on") {
        $fuel_model_list .= "3,";
    }
    if (isset($_POST['fuel_model_4']) && $_POST['fuel_model_4'] == "on") {
        $fuel_model_list .= "4,";
    }
    if (isset($_POST['fuel_model_5']) && $_POST['fuel_model_5'] == "on") {
        $fuel_model_list .= "5,";
    }
    if (strlen($fuel_model_list) > 0) {
        $fuel_model_list = substr($fuel_model_list, 0, strlen($fuel_model_list) - 1);
    } else {
        $error .= "You must select at least one fuel model<br>\n";
    }
    $unix_date = strtotime($_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day']);
    //Convert date into unix timestamp
    $latitude_decimal = "";
    $longitude_decimal = "";
    if ($_POST['latitude_degrees'] != "") {
        $_POST['longitude_degrees'] < 0 ? true : ($_POST['longitude_degrees'] = $_POST['longitude_degrees'] * -1);
        // Longitude is negative in the western hemisphere
        $latitude_decimal = $_POST['latitude_degrees'] + $_POST['latitude_minutes'] / 60;
        $longitude_decimal = $_POST['longitude_degrees'] + $_POST['longitude_minutes'] / 60;
    }
    //Deal with uploaded files
    if ($_FILES['uploadedfile']['name'] != "") {
        $targets = format_filename(basename($_FILES['uploadedfile']['name']));
        $target_path = $targets['base'] . $targets['filename'];
        if (trim($_POST['file_description']) == '') {
            $file_description = basename($_FILES['uploadedfile']['name']);
        } else {
            $file_description = mydb::cxn()->real_escape_string($_POST['file_description']);
        }
        $status = check_uploaded_file($_FILES['uploadedfile']['tmp_name']);
        // $status['success'] (0,1) - $status['desc'] (text)
        if ($status['success']) {
            if (!move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
                $status['success'] = 0;
                $status['desc'] = "Unable to accept file, try again later.<br>\n";
            } else {
                // File successfully uploaded, now add an entry in the database
                $result = mydb::cxn()->query("insert into incident_files(file_path,file_description, incident_id) " . "values(\"assets/" . $targets['filename'] . "\",\"" . $file_description . "\"," . $idx . ")") or die("Saving file failed: " . mydb::cxn()->error);
            }
        }
        // end 'if($status['success'])'
    }
    //Check for at least one crewmember on the roster
    $need_crewmembers = 1;
    $result = mydb::cxn()->query("\tSELECT concat(crewmembers.firstname, ' ', crewmembers.lastname) as name, crewmembers.id as id\n\t\t\t\t\t\t\t\t\tFROM crewmembers inner join roster\n\t\t\t\t\t\t\t\t\tON crewmembers.id = roster.id\n\t\t\t\t\t\t\t\t\tWHERE roster.year like '" . $_POST['year'] . "'\n\t\t\t\t\t\t\t\t\tORDER BY name");
    while ($row = $result->fetch_assoc()) {
        if (isset($_POST[$row['id']]) && $_POST[$row['id']] == "on") {
            $need_crewmembers = 0;
        }
    }
    if ($need_crewmembers) {
        $error .= "You must select at least one crewmember<br>\n";
    }
    //Check the rest of the fields
    if (!preg_match("/\\b[a-zA-Z]{2}-\\b[a-zA-Z0-9]{3,5}-\\b[0-9]{6}/i", trim($_POST['number']))) {
        $error .= "Incident number must be in the form: OR-OCF-123456 (You entered: " . $_POST['number'] . ")<br>\n";
    }
    /*	if(!preg_match("/\b[0-9a-zA-Z]{6}\b/i",$_POST['code'])) $error .= "P-Code must be 6 characters! (You entered: ".$_SESSION['form_field5'].")<br>\n";
    	if(!preg_match("/\b[0-9]{4}\b/",$_POST['override'])) $error .= "Override Code must be a 4-digit number! (You entered: ".$_SESSION['form_field6'].")<br>\n";
    	if(!preg_match('/\b[0-9]*\.?[0-9]+\b/',$_POST['size'])) $error .= "Acreage must be a numeric value! (You entered: ".$_SESSION['form_field7'].")<br>\n";
    	if(!preg_match('/\b[1-5]{1}\b/',$_POST['type'])) $error .= "ICT (Management Type) must be a numeric value, 1 - 5 (You entered: ".$_SESSION['form_field8'].")<br>\n";
    */
    if ($error == '') {
        $insert_query = "\tUPDATE incidents\n\t\t\t\t\t\t\tSET date\t= from_unixtime(" . $unix_date . "),\n\t\t\t\t\t\t\tevent_type\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['event_type']))) . "',\n\t\t\t\t\t\t\tnumber\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['number']))) . "',\n\t\t\t\t\t\t\tname\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['name']))) . "',\n\t\t\t\t\t\t\tcode\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['code']))) . "',\n\t\t\t\t\t\t\toverride\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['override']))) . "',\n\t\t\t\t\t\t\tsize\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['size']))) . "',\n\t\t\t\t\t\t\ttype\t\t= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['type']))) . "',\n\t\t\t\t\t\t\tfuel_models = '" . $fuel_model_list . "',\n\t\t\t\t\t\t\tdescription = '" . $description . "',\n\t\t\t\t\t\t\tlatitude_degrees = '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['latitude_degrees']))) . "',\n\t\t\t\t\t\t\tlatitude_minutes = '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['latitude_minutes']))) . "',\n\t\t\t\t\t\t\tlongitude_degrees= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['longitude_degrees']))) . "',\n\t\t\t\t\t\t\tlongitude_minutes= '" . mydb::cxn()->real_escape_string(strtolower(trim($_POST['longitude_minutes']))) . "'\n\t\t\t\t\t\t\tWHERE idx LIKE '" . $idx . "'";
        mydb::cxn()->query($insert_query) or die("Error updating item in the incidents database: " . mydb::cxn()->error);
        //Clear the current incident roster before setting the new roster
        $result = mydb::cxn()->query("\tDELETE from incident_roster\n\t\t\t\t\t\t\t\t\t\tWHERE idx like '" . $idx . "'");
        //Get current crew roster & create new incident roster
        $result = mydb::cxn()->query("\tSELECT firstname, lastname, concat(crewmembers.firstname, ' ', crewmembers.lastname) as name, crewmembers.id as id\n\t\t\t\t\t\t\t\t\t\tFROM crewmembers inner join roster\n\t\t\t\t\t\t\t\t\t\tON crewmembers.id = roster.id\n\t\t\t\t\t\t\t\t\t\tWHERE roster.year like '" . $_POST['year'] . "'");
        $max_shifts = 0;
        $roster_string = "";
        while ($row = $result->fetch_assoc()) {
            if (isset($_POST[$row['id']]) && $_POST[$row['id']] == "on") {
                if ($_POST['shifts-' . $row['id']] == '') {
                    $shifts = 'null';
                } else {
                    $shifts = $_POST['shifts-' . $row['id']];
                    if ($shifts > $max_shifts) {
                        $max_shifts = $shifts;
                    }
                }
                $query = "insert into incident_roster (idx, crewmember_id, role, qt, shifts)\n\t\t\t\t\t\t\t values (" . $idx . "," . $row['id'] . ",'" . $_POST['role-' . $row['id']] . "','" . $_POST['qt-' . $row['id']] . "'," . $shifts . ")";
                mydb::cxn()->query($query) or die("Error adding incident roster: " . $query . " -- : -- " . mydb::cxn()->error);
                $roster_string .= $row['name'] . " (" . strtoupper($_POST['role-' . $row['id']]) . " (" . strtoupper($_POST['qt-' . $row['id']]) . "), " . $shifts . " shifts)\n";
            }
        }
        //Delete the Google Calendar entry for this event, then create a new Calendar event with the updated details
        /*		if(trim($_POST['name']) != '') $g_title = ucwords(trim($_POST['name']));
        		else $g_title = strtoupper(trim($_POST['number']));
        
        		$g_start_date =date('Y-m-d',$unix_date);
        		$g_end_date = date('Y-m-d',mktime(0, 0, 0, date("m",$unix_date)  , date("d",$unix_date)+$max_shifts, date("Y",$unix_date)));
        
        		if(strtolower(trim($_POST['name'])) != "") $g_fire_name = " (".ucwords(trim($_POST['name'])).")";
        		else $g_fire_name = "";
        
        		$g_description =	 "Incident: ".strtoupper(trim($_POST['number']))
        							.$g_fire_name.",\n"
        							.strtoupper(trim($_POST['code']))." / "
        							.strtolower(trim($_POST['override'])).",\n"
        							.strtolower(trim($_POST['size']))." Acres,\n"
        							."Complexity: ".strtolower(trim($_POST['type']))."\n\n"
        							.$description."\n\n"
        							.$roster_string;
        
        		$result = mydb::cxn()->query("SELECT g_cal_eventUrl FROM incidents WHERE idx = ".$idx);
        		$row = $result->fetch_assoc();
        		$eventUrl = $row['g_cal_eventUrl'];
        		
        		//g_cal_deleteEventByUrl(g_cal_authenticate(), $eventUrl);
        	
        		if($latitude_decimal != "") $g_where = $latitude_decimal . " " . $longitude_decimal;
        		else $g_where = "";
        		
        		$new_cal_id = g_cal_createEvent (g_cal_authenticate(), $g_title, $g_description, $g_where, $g_start_date,'0', $g_end_date,'0','-08');
        		$result = mydb::cxn()->query("UPDATE incidents SET g_cal_eventUrl = \"".$new_cal_id."\" WHERE idx = ".$idx);
        */
        $_SESSION['form_field1'] = '';
        $_SESSION['form_field2'] = '';
        $_SESSION['form_field3'] = '';
        $_SESSION['form_field4'] = '';
        $_SESSION['form_field5'] = '';
        $_SESSION['form_field6'] = '';
        $_SESSION['form_field7'] = '';
        $_SESSION['form_field8'] = '';
        $_SESSION['form_field9'] = '';
        $_SESSION['form_field10'] = '';
        $_SESSION['form_field11'] = '';
        $_SESSION['form_field12'] = '';
        $_SESSION['form_field13'] = '';
        $_SESSION['form_field14'] = '';
        $_SESSION['form_field15'] = '';
        $_SESSION['form_field16'] = '';
        echo "<span class=\"highlight1\" style=\"display:block\">Incident successfully updated!</span><br />";
    } else {
        echo "<span class=\"highlight1\" style=\"display:block\">" . $error . "</span><br />";
        //Repopulate form fields with current values to make it easy to correct
        $_SESSION['form_field1'] = $_POST['month'];
        $_SESSION['form_field2'] = $_POST['day'];
        $_SESSION['form_field3'] = htmlentities($_POST['number']);
        $_SESSION['form_field4'] = htmlentities($_POST['name']);
        $_SESSION['form_field5'] = htmlentities($_POST['code']);
        $_SESSION['form_field6'] = htmlentities($_POST['override']);
        $_SESSION['form_field7'] = htmlentities($_POST['size']);
        $_SESSION['form_field8'] = htmlentities($_POST['type']);
        $_SESSION['form_field9'] = htmlentities($_POST['description']);
        //$_SESSION['form_field10'] = htmlentities($_POST['event_type']); //Handled
        $_SESSION['form_field11'] = htmlentities($_POST['latitude_degrees']);
        $_SESSION['form_field12'] = htmlentities($_POST['latitude_minutes']);
        $_SESSION['form_field13'] = htmlentities($_POST['latitude_seconds']);
        $_SESSION['form_field14'] = htmlentities($_POST['longitude_degrees']);
        $_SESSION['form_field15'] = htmlentities($_POST['longitude_minutes']);
        $_SESSION['form_field16'] = htmlentities($_POST['longitude_seconds']);
    }
    return;
}
コード例 #7
0
ファイル: post.php プロジェクト: jaksmid/website
<?php

$this->form_validation->set_rules('first_name', 'First Name', 'xss_clean');
$this->form_validation->set_rules('last_name', 'Last Name', 'required|xss_clean');
$this->form_validation->set_rules('email', 'Email Address', 'required|valid_email');
$this->form_validation->set_rules('Country', 'Country', 'xss_clean');
$this->form_validation->set_rules('affiliation', 'Affiliation', 'xss_clean');
$this->form_validation->set_rules('password', 'Password', 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
$this->form_validation->set_rules('password_confirm', 'Password Confirmation', 'required');
if ($this->form_validation->run() == true) {
    $username = $this->input->post('email');
    $email = $this->input->post('email');
    $password = $this->input->post('password');
    $additional_data = array('first_name' => $this->input->post('first_name'), 'last_name' => $this->input->post('last_name'), 'affiliation' => $this->input->post('affiliation'), 'country' => $this->input->post('country'), 'bio' => $this->input->post('bio'), 'external_source' => null, 'external_id' => null);
    if (check_uploaded_file($_FILES['image'])) {
        resize_image_squared($_FILES['image']['tmp_name'], $this->config->item('max_avatar_size'));
        $file_id = $this->File->register_uploaded_file($_FILES['image'], 'userdata/', -1, 'userimage');
        if ($file_id) {
            $additional_data['image'] = $this->data_controller . 'view/' . $file_id . '/' . $_FILES['image']['name'];
        }
    }
    $user_id = $this->ion_auth->register($username, $password, $email, $additional_data);
    if ($user_id) {
        //check to see if we are creating the user
        //redirect them back to the admin page
        $this->session->set_flashdata('message', $this->ion_auth->messages());
        redirect('frontend/page/register');
    } else {
        $this->session->set_flashdata('message', $this->ion_auth->errors());
        redirect('frontend/page/register');
    }
コード例 #8
0
function commit_requisition()
{
    mydb::cxn()->autocommit(FALSE);
    // Make this section TRANSACTIONAL
    try {
        // Check date format
        $date = trim($_POST['date']);
        if ($date == "") {
            $date = date("m/d/Y");
        }
        //Use today's date if the date was left blank
        $dates = explode("/", $date);
        // The Date should be in the form: mm/dd/yyyy
        if (!checkdate((int) $dates[0], (int) $dates[1], (int) $dates[2])) {
            throw new Exception('The Date entered is not a valid date (dates must be in the form: mm/dd/yyyy)');
        }
        $amount = 0.0;
        if (trim($_POST['order_total']) != "" && is_numeric($_POST['order_total'])) {
            $amount = number_format(mydb::cxn()->real_escape_string(trim($_POST['order_total'])), 2, '.', '');
        }
        if (!isset($_POST['id']) || $_POST['id'] == '' || $_POST['id'] == 'new') {
            // This is a NEW requisition entry
            // If this is a wishlist item, determine the next priority number available (give this the lowest priority)
            if ($_POST['card_used'] == 'wishlist') {
                $result = mydb::cxn()->query("SELECT max(priority)+1 as nextpri FROM requisitions");
                $row = $result->fetch_assoc();
                $pri_field = ",priority";
                $pri_value = "," . $row['nextpri'];
            }
            if (!get_magic_quotes_gpc()) {
                $query = "INSERT INTO requisitions (vendor_info,description,amount,date,card_used" . $pri_field . ",added_by) " . "VALUES (\"" . mydb::cxn()->real_escape_string($_POST['vendor_info']) . "\",\"" . mydb::cxn()->real_escape_string($_POST['description']) . "\"," . $amount . ",str_to_date('" . $date . "','%m/%d/%Y')" . ",\"" . mydb::cxn()->real_escape_string($_POST['card_used']) . "\"" . $pri_value . ",\"" . $_POST['added_by'] . "\")";
            } else {
                $query = "INSERT INTO requisitions (vendor_info,description,amount,date,card_used" . $pri_field . ",added_by) " . "VALUES (\"" . $_POST['vendor_info'] . "\",\"" . $_POST['description'] . "\"," . $amount . ",str_to_date('" . $date . "','%m/%d/%Y')" . ",\"" . $_POST['card_used'] . "\"" . $pri_value . ",\"" . $_POST['added_by'] . "\")";
            }
            $result = mydb::cxn()->query($query);
            if (mydb::cxn()->error != "") {
                throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
            }
            $requisition_id = mydb::cxn()->insert_id;
        } else {
            // UPDATE an EXISTING requisition entry
            // If this item is not on the wishlist, remove any existing priority
            if ($_POST['card_used'] != 'wishlist') {
                $priority = ",priority = NULL";
            } else {
                $priority = "";
            }
            //Don't change the priority with this UPDATE
            if (!get_magic_quotes_gpc()) {
                $query = "UPDATE requisitions " . "SET vendor_info = \"" . mydb::cxn()->real_escape_string($_POST['vendor_info']) . "\"" . ",description = \"" . mydb::cxn()->real_escape_string($_POST['description']) . "\"" . ",amount = " . $amount . ",date = str_to_date('" . $date . "','%m/%d/%Y')" . ",card_used = \"" . mydb::cxn()->real_escape_string($_POST['card_used']) . "\"" . ",added_by = \"" . $_POST['added_by'] . "\"" . $priority . " WHERE requisitions.id = " . mydb::cxn()->real_escape_string($_POST['id']);
            } else {
                $query = "UPDATE requisitions " . "SET vendor_info = \"" . $_POST['vendor_info'] . "\"" . ",description = \"" . $_POST['description'] . "\"" . ",amount = " . $amount . ",date = str_to_date('" . $date . "','%m/%d/%Y')" . ",card_used = \"" . $_POST['card_used'] . "\"" . ",added_by = \"" . $_POST['added_by'] . "\"" . $priority . " WHERE requisitions.id = " . $_POST['id'];
            }
            $result = mydb::cxn()->query($query);
            if (mydb::cxn()->error != "") {
                throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
            }
            $requisition_id = mydb::cxn()->real_escape_string($_POST['id']);
            // Delete existing itemized entries to make room for the new POST'ed entries
            // Make this section transactional....
            $result = mydb::cxn()->query("DELETE FROM requisitions_split WHERE requisition_id = " . $requisition_id);
        }
        //Ensure that at least 1 split line gets stored, even if the dollar-amount is blank
        if (trim($_POST['amount_1']) == "" || !is_numeric($_POST['amount_1']) || is_null($_POST['amount_1'])) {
            $_POST['amount_1'] = "0.0";
        }
        for ($i = 1; $i <= $_SESSION['split_qty']; $i++) {
            if ($_POST['amount_' . $i] != '') {
                $query = "INSERT INTO requisitions_split (requisition_id, s_number, charge_code, override, amount, received, reconciled, comments) " . "VALUES (" . $requisition_id . ",\"" . mydb::cxn()->real_escape_string(strtoupper($_POST['s_number_' . $i])) . "\",\"" . mydb::cxn()->real_escape_string(strtoupper($_POST['charge_code_' . $i])) . "\",\"" . mydb::cxn()->real_escape_string($_POST['override_' . $i]) . "\"," . number_format(mydb::cxn()->real_escape_string($_POST['amount_' . $i]), 2, '.', '') . ",\"" . mydb::cxn()->real_escape_string($_POST['split_received_' . $i]) . "\",\"" . mydb::cxn()->real_escape_string($_POST['split_reconciled_' . $i]) . "\",\"" . mydb::cxn()->real_escape_string($_POST['split_comments_' . $i]) . "\")";
                //echo $query;
                $result = mydb::cxn()->query($query);
                if (mydb::cxn()->error != "") {
                    // If an error occurs, rollback this entire transaction
                    /*				mydb::cxn()->query("DELETE FROM requisitions WHERE id = ".$requisition_id);
                    					mydb::cxn()->query("DELETE FROM requisitions_split WHERE requisition_id = ".$requisition_id);
                    	*/
                    throw new Exception("The requisition was not saved!<br />\n" . mydb::cxn()->error);
                }
            }
        }
        for ($i = 1; $i <= 3; $i++) {
            if ($_FILES['uploadedfile' . $i]['name'] != "") {
                $status = check_uploaded_file($_FILES['uploadedfile' . $i]);
                //$status = array('success','desc');
                if (!$status['success']) {
                    /*Bad form data - don't add to database... $status['desc'] holds the explanation already */
                } else {
                    $targets = format_filename($requisition_id, $i, $_FILES['uploadedfile' . $i]);
                    $target_path = $targets['base'] . $targets['filename'];
                    if (!@move_uploaded_file($_FILES['uploadedfile' . $i]['tmp_name'], $target_path)) {
                        throw new Exception('The file attachment couldn\'t be saved! Please check the file format and filesize.');
                    } else {
                        // File successfully uploaded, now update entry in the database
                        $query = "UPDATE requisitions SET attachment" . $i . " = \"" . $target_path . "\" WHERE id = " . $requisition_id;
                        $result = mydb::cxn()->query($query);
                        if (mydb::cxn()->error != "") {
                            throw new Exception("File attachment #" . $i . " could not be saved, but the requisition information was saved successfully.<br />\n" . mydb::cxn()->error);
                        }
                    }
                }
            }
            //END if($_FILES['uploadedfile']['name'] != "")
        }
        //END for($i=1;$i<=3;$i++)
        $_SESSION['form_memory']['requisition'] = array();
        mydb::cxn()->commit();
        mydb::cxn()->autocommit(TRUE);
    } catch (Exception $e) {
        mydb::cxn()->rollback();
        mydb::cxn()->autocommit(TRUE);
        throw new Exception($e->getMessage());
    }
    return;
}
コード例 #9
0
    }
}
if (!array_key_exists('confirmed', $_REQUEST)) {
    die(upload_form());
}
/*
foreach ($_REQUEST as $key => $val) {
echo "$key => $val <br>\n";
}
if (is_array($_FILES) && count($_FILES)>0) {
echo "<h2>FILES is an array</h2>";
print_r($_FILES);
}
*/
// no need to do anything till we check that the file's ok
if (check_uploaded_file($_FILES['file'])) {
    $xml_file = $_FILES['file']['tmp_name'];
    //move_uploaded_file($tmp_file, $xml_file);
    //is_uploaded_file
    //echo filesize($xml_file);
    //echo $xml_file . "\n<br>";
    $xml_str = file_get_contents($xml_file);
}
try {
    $db = new PDO(DEFAULT_DSN, DEFAULT_DSN_LOGIN, DEFAULT_DSN_PASSWORD);
} catch (Exception $e) {
    die($e->getMessage());
}
if ($_POST['clear_dialplan']) {
    truncate_dialplan();
}
コード例 #10
0
ファイル: api_flow.php プロジェクト: jaksmid/website
 private function flow_upload()
 {
     if (isset($_FILES['source']) && $_FILES['source']['error'] == 0) {
         $source = true;
     } else {
         $source = false;
         unset($_FILES['source']);
     }
     if (isset($_FILES['binary']) && $_FILES['binary']['error'] == 0) {
         $binary = true;
     } else {
         $binary = false;
         unset($_FILES['binary']);
     }
     if ($source == false && $binary == false) {
         $this->returnError(162, $this->version);
         return;
     }
     foreach ($_FILES as $key => $file) {
         if (check_uploaded_file($file) == false) {
             $this->returnError(160, $this->version);
             return;
         }
     }
     $xsd = xsd('openml.implementation.upload', $this->controller, $this->version);
     if (!$xsd) {
         $this->returnError(172, $this->version, $this->openmlGeneralErrorCode);
         return;
     }
     // get correct description
     if ($this->input->post('description')) {
         // get description from string upload
         $description = $this->input->post('description');
         $xmlErrors = "";
         if (validateXml($description, $xsd, $xmlErrors, false) == false) {
             $this->returnError(163, $this->version, $this->openmlGeneralErrorCode, $xmlErrors);
             return;
         }
         $xml = simplexml_load_string($description);
     } elseif (isset($_FILES['description'])) {
         // get description from file upload
         $description = $_FILES['description'];
         if (validateXml($description['tmp_name'], $xsd, $xmlErrors) == false) {
             $this->returnError(163, $this->version, $this->openmlGeneralErrorCode, $xmlErrors);
             return;
         }
         $xml = simplexml_load_file($description['tmp_name']);
         $similar = $this->Implementation->compareToXML($xml);
         if ($similar) {
             $this->returnError(171, $this->version, $this->openmlGeneralErrorCode, 'implementation_id:' . $similar);
             return;
         }
     } else {
         $this->returnError(161, $this->version);
         return;
     }
     if (!$this->ion_auth->in_group($this->groups_upload_rights, $this->user_id)) {
         $this->returnError(104, $this->version);
         return;
     }
     $name = '' . $xml->children('oml', true)->{'name'};
     $implementation = array('uploadDate' => now(), 'uploader' => $this->user_id);
     foreach ($_FILES as $key => $file) {
         if ($key == 'description') {
             continue;
         }
         if (!in_array($key, array('description', 'source', 'binary'))) {
             $this->returnError(167, $this->version);
             return;
         }
         $file_id = $this->File->register_uploaded_file($_FILES[$key], $this->data_folders['implementation'] . $key . '/', $this->user_id, 'implementation');
         if ($file_id === false) {
             $this->returnError(165, $this->version);
             return;
         }
         $file_record = $this->File->getById($file_id);
         //$implementation[$key.'Url'] = $this->data_controller . 'download/' . $file_id . '/' . $file_record->filename_original;
         $implementation[$key . '_md5'] = $file_record->md5_hash;
         $implementation[$key . '_file_id'] = $file_id;
         //$implementation[$key.'Format'] = $file_record->md5_hash;
         if (property_exists($xml->children('oml', true), $key . '_md5')) {
             if ($xml->children('oml', true)->{$key . '_md5'} != $file_record->md5_hash) {
                 $this->returnError(168, $this->version);
                 return;
             }
         }
     }
     $impl = insertImplementationFromXML($xml->children('oml', true), $this->xml_fields_implementation, $implementation);
     if ($impl == false) {
         $this->returnError(165, $this->version);
         return;
     }
     $implementation = $this->Implementation->getById($impl);
     $this->xmlContents('implementation-upload', $this->version, $implementation);
 }
コード例 #11
0
ファイル: api_run.php プロジェクト: jaksmid/website
 private function run_evaluate()
 {
     // check uploaded file
     $description = isset($_FILES['description']) ? $_FILES['description'] : false;
     if (!check_uploaded_file($description)) {
         $this->returnError(422, $this->version);
         return;
     }
     $xsd = xsd('openml.run.evaluate', $this->controller, $this->version);
     // validate xml
     if (validateXml($description['tmp_name'], $xsd, $xmlErrors) == false) {
         $this->returnError(423, $this->version, $this->openmlGeneralErrorCode, $xmlErrors);
         return;
     }
     // fetch xml
     $xml = simplexml_load_file($description['tmp_name']);
     if ($xml === false) {
         $this->returnError(424, $this->version);
         return;
     }
     $run_id = (string) $xml->children('oml', true)->{'run_id'};
     $runRecord = $this->Run->getById($run_id);
     if ($runRecord == false) {
         $this->returnError(425, $this->version);
         return;
     }
     if ($runRecord->processed != null) {
         $this->returnError(426, $this->version);
         return;
     }
     $data = array('processed' => now());
     if (isset($xml->children('oml', true)->{'error'})) {
         $data['error'] = '' . $xml->children('oml', true)->{'error'};
     }
     $this->Run->update($run_id, $data);
     $implementation_ids = $this->Implementation->getAssociativeArray('fullName', 'id', '`name` = `name`');
     $this->db->trans_start();
     foreach ($xml->children('oml', true)->{'evaluation'} as $e) {
         $evaluation = xml2assoc($e, true);
         // naming convention
         $evaluation['function'] = $evaluation['name'];
         unset($evaluation['name']);
         // more naming convention
         if (array_key_exists($evaluation['flow'], $implementation_ids)) {
             $evaluation['implementation_id'] = $implementation_ids[$evaluation['flow']];
             unset($evaluation['flow']);
         } else {
             $this->Log->mapping(__FILE__, __LINE__, 'Flow ' . $evaluation['flow'] . ' not found in database. ');
             continue;
         }
         // adding rid
         $evaluation['source'] = $run_id;
         if (array_key_exists('fold', $evaluation) && array_key_exists('repeat', $evaluation) && array_key_exists('sample', $evaluation)) {
             // evaluation_sample
             $this->Evaluation_sample->insert($evaluation);
         } elseif (array_key_exists('fold', $evaluation) && array_key_exists('repeat', $evaluation)) {
             // evaluation_fold
             $this->Evaluation_fold->insert($evaluation);
             //    } elseif( array_key_exists( 'interval_start', $evaluation ) && array_key_exists( 'interval_end', $evaluation ) ) {
             //      // evaluation_interval
             //      $this->Evaluation_interval->insert( $evaluation );
         } else {
             // global
             $this->Evaluation->insert($evaluation);
         }
     }
     $this->db->trans_complete();
     // update elastic search index.
     $this->elasticsearch->index('run', $run_id);
     $this->xmlContents('run-evaluate', $this->version, array('run_id' => $run_id));
 }