function MOH_Files_Download() { global $mysqli; $session =& $_SESSION['MOH_Files_Download']; $PK_File = intval($_REQUEST['PK_File']); $query = "SELECT * FROM Moh_Files WHERE PK_File = '{$PK_File}' LIMIT 1"; $result = $mysqli->query($query) or die($mysqli->error . $query); $File = $result->fetch_assoc(); $Filename = moh_filename($PK_File); if (file_exists($Filename)) { //header("Content-type: " . mime_content_type($Filename)); header("Content-Disposition: attachment; filename=\"" . basename($File['Filename'] . "." . $File['Extension']) . "\""); $handle = fopen($Filename, 'r'); while (!feof($handle)) { echo fread($handle, 8192); } fclose($handle); } else { echo "File not found."; } die; }
function copy_file($PK_File, $dest_PK_Group) { global $mysqli; $errors = array(); $query = "\n\t\tSELECT\n\t\t\tPK_File,\n\t\t\t`Order`, \n\t\t\t`Fileext`, \n\t\t\t`Filename`, \n\t\t\t`FK_Group`\n\t\tFROM \n\t\t\tMoh_Files \n\t\tWHERE \n\t\t\tPK_File = '" . $mysqli->real_escape_string($PK_File) . "'\n\t"; $result = $mysqli->query($query) or die($mysqli->error . $query); $File_Src = $result->fetch_assoc(); if ($File_Src['FK_Group'] == $dest_PK_Group) { $errors['Copy']['SameDirectory'] = true; return $errors; } $query = "\n\t\tSELECT \n\t\t\tCOUNT(*) \n\t\tFROM \n\t\t\tMoh_Files\n\t\tWHERE \n\t\t\t`Filename` = '" . $mysqli->real_escape_string($File_Src['Filename']) . "'\n\t\t\tAND \n\t\t\t`Fileext` = '" . $mysqli->real_escape_string($File_Src['Fileext']) . "'\n\t\t\tAND \n\t\t\t`FK_Group` = '" . $mysqli->real_escape_string($dest_PK_Group) . "'\n\t"; $result = $mysqli->query($query) or die($mysqli->error); $rec = $result->fetch_row(); if ($rec['0']) { $errors['Copy']['DuplicateFile'] = true; return $errors; } $query = " SELECT MAX(`Order`) FROM Moh_Files WHERE FK_Group = '" . $mysqli->real_escape_string($dest_PK_Group) . "'"; $result = $mysqli->query($query) or die($mysqli->error); $row = $result->fetch_row(); $copy_order = $row['0'] + 1; $query = "\n\t\tINSERT INTO\t\n\t\t\tMoh_Files\n\t\tSET\n\t\t\t`Filename` = '" . $mysqli->real_escape_string($File_Src['Filename']) . "',\n\t\t\t`Fileext` = '" . $mysqli->real_escape_string($File_Src['Fileext']) . "',\n\t\t\t`FK_Group` = '" . intval($dest_PK_Group) . "',\n\t\t\t`Order` = " . intval($copy_order) . "\n\t"; $result = $mysqli->query($query) or die($mysqli->error . $query); $copy_PK_File = $mysqli->insert_id; $src_filename = moh_filename($File_Src['PK_File'], $File_Src['FK_Group'], $File_Src['Order'], $File_Src['Fileext']); $dst_filename = moh_filename($copy_PK_File, $dest_PK_Group, $copy_order, $File_Src['Fileext']); $result = copy($src_filename, $dst_filename); if (!$result) { $errors['Copy']['FileToDisk'] = true; return $errors; } return $errors; }