if ($action == "quickupload") {
check_token("WHMCS.admin.default");
if (!checkPermission("Edit Products/Services", true)) {
exit("Access Denied");
}
$categorieslist = "";
buildCategoriesList(0, 0);
echo "<form method=\"post\" action=\"configproducts.php?action=uploadfile&id=" . $id . "\" id=\"quickuploadfrm\" enctype=\"multipart/form-data\">\n" . generate_token("form") . "\n<table width=\"100%\">\n<tr><td width=\"80\">Category:</td><td><select name=\"catid\" style=\"width:95%;\">" . $categorieslist . "</select></td></tr>\n<tr><td>Title:</td><td><input type=\"text\" name=\"title\" style=\"width:95%;\" /></td></tr>\n<tr><td>Description:</td><td><input type=\"text\" name=\"description\" style=\"width:95%;\" /></td></tr>\n<tr><td>Choose File:</td><td><input type=\"file\" name=\"uploadfile\" style=\"width:95%;\" /></td></tr>\n</table>\n</form>";
exit;
}
if ($action == "uploadfile") {
check_token("WHMCS.admin.default");
if (!checkPermission("Edit Products/Services", true)) {
exit("Access Denied");
}
if (!isFileNameSafe($_FILES['uploadfile']['name'])) {
$aInt->gracefulExit("Invalid upload filename. Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters.");
exit;
}
$filename = $_FILES['uploadfile']['name'];
if (!$filename) {
redir("action=edit&id=" . $id . "&tab=7");
}
move_uploaded_file($_FILES['uploadfile']['tmp_name'], $downloads_dir . $filename);
$adddl = insert_query("tbldownloads", array("category" => $catid, "type" => "zip", "title" => $title, "description" => html_entity_decode($description), "location" => $filename, "clientsonly" => "on", "productdownload" => "on"));
logActivity("Added New Product Download - " . $title);
$result = select_query("tblproducts", "downloads", array("id" => $id));
$data = mysql_fetch_array($result);
$downloads = $data['downloads'];
$downloads = unserialize($downloads);
if (!is_array($downloads)) {
function uploadTicketAttachments($admin = false)
{
global $attachments_dir;
$attachments = "";
if ($_FILES['attachments']) {
foreach ($_FILES['attachments']['name'] as $num => $filename) {
if (empty($_FILES['attachments']['name']) || empty($_FILES['attachments']['name'][$num])) {
continue;
}
if (!isFileNameSafe($_FILES['attachments']['name'][$num])) {
exit("Invalid upload filename. Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters.");
}
$filename = trim($filename);
if ($filename) {
$filename = preg_replace("/[^a-zA-Z0-9-_. ]/", "", $filename);
$validextension = checkTicketAttachmentExtension($filename);
if ($validextension || $admin) {
mt_srand(time());
$rand = mt_rand(100000, 999999);
$newfilename = $rand . "_" . $filename;
while (file_exists($attachments_dir . $newfilename)) {
mt_srand(time());
$rand = mt_rand(100000, 999999);
$newfilename = $rand . "_" . $filename;
}
move_uploaded_file($_FILES['attachments']['tmp_name'][$num], $attachments_dir . $newfilename);
$attachments .= $newfilename . "|";
continue;
}
continue;
}
}
$attachments = substr($attachments, 0, 0 - 1);
}
return $attachments;
}
if ($save == "on") {
insert_query("tblemailtemplates", array("type" => $type, "name" => $savename, "subject" => html_entity_decode($subject), "message" => html_entity_decode($message), "fromname" => html_entity_decode($fromname), "fromemail" => $fromemail, "copyto" => $cc, "custom" => "1"));
echo "<p>" . $aInt->lang("sendmessage", "msgsavedsuccess") . "</p>";
}
if (!$step) {
delete_query("tblemailtemplates", array("name" => "Mass Mail Template"));
insert_query("tblemailtemplates", array("type" => $type, "name" => "Mass Mail Template", "subject" => html_entity_decode($subject), "message" => html_entity_decode($message), "fromname" => html_entity_decode($fromname), "fromemail" => $fromemail, "copyto" => $cc));
$_SESSION['massmail']['massmailamount'] = $massmailamount;
$_SESSION['massmail']['massmailinterval'] = $massmailinterval;
$_SESSION['massmail']['attachments'] = array();
if (is_array($_FILES['attachments'])) {
foreach ($_FILES['attachments']['name'] as $num => $displayname) {
if (empty($_FILES['attachments']['name']) || empty($_FILES['attachments']['name'][$num])) {
continue;
}
if (!isFileNameSafe($_FILES['attachments']['name'][$num])) {
$aInt->gracefulExit("Invalid upload filename. Valid filenames contain only alpha-numeric, dot, hyphen and underscore characters.");
exit;
}
$filename = preg_replace("/[^a-zA-Z0-9-_. ]/", "", $displayname);
if ($filename) {
mt_srand(time());
$rand = mt_rand(100000, 999999);
$filename = "attach" . $rand . "_" . $filename;
move_uploaded_file($_FILES['attachments']['tmp_name'][$num], $attachments_dir . $filename);
$_SESSION['massmail']['attachments'][] = $filename;
continue;
}
}
}
$step = 0;
