function saveUploadedFile($file, $target, $exttype = '', $imgtype = '', $rename = 0, $maxsize = 0)
{
// imgtype can be all exif_imagetype supported by your PHP install
// see http://www.php.net/exif_imagetype
$file_status = array('status' => false, 'error' => '', 'name' => '', 'tmp_name' => '', 'size' => 0, 'path' => '', 'ext' => '', 'rename' => '', 'maxsize' => intval($maxsize), 'error_num' => 0, 'type' => '');
if (!isset($_FILES[$file]) || !is_uploaded_file($_FILES[$file]['tmp_name'])) {
$file_status['error'] = 'Upload not defined';
return $file_status;
}
$file_status['name'] = sanitize_filename($_FILES[$file]['name']);
$file_status['ext'] = which_ext($file_status['name']);
$file_status['tmp_name'] = $_FILES[$file]['tmp_name'];
$file_status['size'] = $_FILES[$file]['size'];
$file_status['type'] = empty($_FILES[$file]['type']) || !is_mimetype_format($_FILES[$file]['type']) ? get_mimetype_by_extension($file_status['ext']) : $_FILES[$file]['type'];
$file_status['path'] = $target;
$file_status['rename'] = $file_status['name'];
$file_status['maxsize'] = empty($file_status['maxsize']) ? $GLOBALS['phpwcms']['file_maxsize'] : $file_status['maxsize'];
if (intval($file_status['size']) > $file_status['maxsize']) {
$file_status['error'] = 'File is too large';
$file_status['error_num'] = 400;
return $file_status;
}
if (empty($target)) {
$file_status['error'] = 'Target directory not defined';
$file_status['error_num'] = 412;
return $file_status;
}
if (!@_mkdir($target)) {
$file_status['error'] = 'The target directory "' . $target . '" can not be found or generated';
$file_status['error_num'] = 412;
return $file_status;
}
if ($_FILES[$file]['error']) {
$file_status['error'] = $_FILES[$file]['error'];
$file_status['error_num'] = 409;
return $file_status;
}
if ($imgtype) {
$imgtype = convertStringToArray(strtolower($imgtype));
if (count($imgtype)) {
$data = @getimagesize($_FILES[$file]['tmp_name']);
$exif_imagetype = array(1 => 'gif', 2 => 'jpeg', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tiff', 9 => 'jpc', 10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm');
if (!$data && !$exttype) {
$file_status['error'] = 'Format' . ($file_status['ext'] ? ' *.' . $file_status['ext'] : '') . ' not supported (';
$allowed = array();
foreach ($imgtype as $value) {
$allowed[] = '*.' . $exif_imagetype[$value];
}
$file_status['error'] .= implode(', ', $allowed) . ')';
$file_status['error_num'] = 415;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
} elseif ($data) {
if (empty($exif_imagetype[$data[2]]) || !in_array($data[2], $imgtype)) {
$file_status['error'] = 'File type ';
$file_status['error'] .= empty($exif_imagetype[$data[2]]) ? $data[2] : $exif_imagetype[$data[2]];
$file_status['error'] .= ' is not supported for this upload (';
foreach ($imgtype as $imgt) {
$file_status['error'] .= empty($exif_imagetype[$imgt]) ? $imgt : $exif_imagetype[$imgt];
$file_status['error'] .= ', ';
}
$file_status['error'] = trim(trim($file_status['error']), ',');
$file_status['error'] .= ' only)';
$file_status['error_num'] = 415;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
}
$file_status['image'] = $data;
$exttype = '';
}
}
}
if ($exttype) {
$exttype = convertStringToArray(strtolower($exttype));
if (!in_array($file_status['ext'], $exttype)) {
$file_status['error'] = 'File type *.' . $file_status['ext'] . ' is not supported for this upload (*.' . implode(', *.', $exttype) . ' only)';
$file_status['error_num'] = 415;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
}
}
if (!is_writable($target)) {
$file_status['error'] = 'Target directory <b>' . str_replace(PHPWCMS_ROOT, '', $target) . '</b> is not writable';
$file_status['error_num'] = 412;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
}
$rename = convertStringToArray($rename);
if (count($rename)) {
$_temp_name = cut_ext($file_status['rename']);
foreach ($rename as $value) {
switch ($value) {
case 1:
$_temp_name = str_replace(array(':', '/', "\\", ' '), array('-', '-', '-', '_'), phpwcms_remove_accents($_temp_name));
$_temp_name = preg_replace('/[^0-9a-z_\\-\\.]/i', '', $_temp_name);
break;
case 2:
$_temp_name = time() . '_' . $_temp_name;
break;
case 3:
$_temp_name = date('Ymd-His') . '_' . $_temp_name;
break;
case 4:
$_temp_name = date('Ymd') . '_' . $_temp_name;
break;
case 5:
$_temp_name = generic_string(6) . '_' . $_temp_name;
break;
case 6:
$_temp_name = md5($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : ''));
break;
case 7:
$_temp_name = shortHash($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : ''));
break;
}
}
$file_status['rename'] = $_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : '');
}
@umask(0);
if (!@move_uploaded_file($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) {
if (!copy($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) {
$file_status['error'] = 'Saving uploaded file <b>' . html($file_status['name']) . '</b> to <b>' . html(str_replace(PHPWCMS_ROOT, '', $target . $file_status['rename'])) . '</b> failed';
$file_status['error_num'] = 412;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
}
}
@chmod($target . $file_status['rename'], 0644);
$file_status['status'] = true;
return $file_status;
}
case 'application/octet-stream':
$_userInfo['csv'] = csvFileToArray($_FILES['cvsfile']['tmp_name'], $_userInfo['delimeter']);
if (is_array($_userInfo['csv'])) {
$_userInfo['nonImported'] = array();
$c = 1;
$_userInfo['csvTime'] = time();
foreach ($_userInfo['csv'] as $row) {
if (!isset($row[1])) {
$row[1] = '';
}
if (!empty($row[0]) && is_valid_email($row[0])) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_address (";
$sql .= "address_email, address_name, address_key, address_subscription, address_verified, address_tstamp) VALUES (";
$sql .= "'" . aporeplace($row[0]) . "', ";
$sql .= "'" . aporeplace($row[1]) . "', ";
$sql .= "'" . aporeplace(shortHash($row[0] . time())) . "', ";
$sql .= "'" . ($_userInfo['subscribe_all'] ? '' : aporeplace(serialize($_userInfo['subscribe_select']))) . "', ";
$sql .= $_userInfo['subscribe_active'] . ", FROM_UNIXTIME(" . $_userInfo['csvTime'] . ") )";
$sql = _dbQuery($sql, 'INSERT');
if (empty($sql['INSERT_ID'])) {
$_userInfo['nonImported'][$c] = $row[0] . '; ' . $row[1] . ' (' . mysql_error() . ')';
}
} else {
$_userInfo['nonImported'][$c] = $row[0] . '; ' . $row[1];
}
$c++;
}
}
break;
default:
$_userInfo['csvError'] = 'False MIME TYPE. Be sure to upload CSV file only.';
continue;
}
// now check if field name exists and build corresponding name value
if (empty($POST_val[trim($form_value_nl)])) {
$form_newletter_setting['name_field'] .= $form_value_nl;
} else {
$form_value_nl = trim($form_value_nl);
$form_newletter_setting['name_field'] .= $POST_val[$form_value_nl];
}
}
$form_newletter_setting['name_field'] = trim($form_newletter_setting['name_field']);
}
if (empty($form_newletter_setting['name_field'])) {
$form_newletter_setting['name_field'] = $form_newletter_setting['email_field'];
}
$form_newletter_setting['hash'] = preg_replace('/[^a-z0-9]/i', '', shortHash($form_newletter_setting['email_field'] . time()));
// create SQL query to populate recipient into recipients db
$form_newletter_setting['sql'] = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_address ';
$form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, ';
$form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES (';
$form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['hash']) . ", ";
$form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['email_field']) . ", ";
$form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['name_field']) . ", ";
$form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) . ", ";
$form_newletter_setting['sql'] .= _dbEscape(serialize($form_newletter_setting['selection'])) . ", ";
$form_newletter_setting['sql'] .= _dbEscape(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe']) . ", ";
$form_newletter_setting['sql'] .= _dbEscape(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe']);
$form_newletter_setting['sql'] .= ')';
// save recipient in db and send verify message in case of double opt-in
$form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT');
// now send opt-in email
$content["newsletter"]["success"] = 1;
$content["newsletter"]["reffering_key"] = "";
$check_sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_address WHERE address_email=" . _dbEscape($content["newsletter"]["email_address"]) . " LIMIT 1";
if ($check_result = mysql_query($check_sql, $db)) {
if ($check_row = mysql_fetch_array($check_result, MYSQL_ASSOC)) {
$content["newsletter"]["reffering_key"] = $check_row["address_key"];
$content["newsletter"]["reffering_id"] = $check_row["address_id"];
}
mysql_free_result($check_result);
}
if ($content["newsletter"]["reffering_key"]) {
//if email exists in newsletter address list update entry
$e_sql = "UPDATE " . DB_PREPEND . "phpwcms_address SET " . "address_name=" . _dbEscape($content["newsletter"]["email_name"]) . ", " . "address_verified=0, " . "address_subscription=" . _dbEscape(serialize($content["newsletter"]["email_subscription"])) . ", " . "address_url1=" . _dbEscape($content["newsletter"]["url1"]) . ", " . "address_url2=" . _dbEscape($content["newsletter"]["url2"]) . " " . "WHERE address_id=" . _dbEscape($content["newsletter"]["reffering_id"]);
$content["newsletter"]["updated"] = 1;
} else {
$content["newsletter"]["reffering_key"] = preg_replace('/[^a-z0-9]/i', '', shortHash($content["newsletter"]["email_address"] . time()));
//if email not exists in newsletter address list insert entry
$e_sql = "INSERT INTO " . DB_PREPEND . "phpwcms_address (" . "address_email, address_name, address_key, address_subscription, address_url1, address_url2) VALUES (" . _dbEscape($content["newsletter"]["email_address"]) . ", " . _dbEscape($content["newsletter"]["email_name"]) . ", " . _dbEscape($content["newsletter"]["reffering_key"]) . ", " . _dbEscape(serialize($content["newsletter"]["email_subscription"])) . ", " . _dbEscape($content["newsletter"]["url1"]) . ", " . _dbEscape($content["newsletter"]["url2"]) . ")";
$content["newsletter"]["updated"] = 0;
}
mysql_query($e_sql, $db);
$content["newsletter"]["verify_link"] = PHPWCMS_URL . "verify.php?s=" . rawurlencode($content["newsletter"]["reffering_key"]);
$content["newsletter"]["delete_link"] = PHPWCMS_URL . "verify.php?u=" . rawurlencode($content["newsletter"]["reffering_key"]);
$content["newsletter"]["mailtext"] = $content["newsletter"]["updated"] ? $content["newsletter"]["change_text"] : $content["newsletter"]["reg_text"];
$content["newsletter"]["mailtext"] = str_replace("{NEWSLETTER_NAME}", $content["newsletter"]["email_name"], $content["newsletter"]["mailtext"]);
$content["newsletter"]["mailtext"] = str_replace("{NEWSLETTER_EMAIL}", $content["newsletter"]["email_address"], $content["newsletter"]["mailtext"]);
$content["newsletter"]["mailtext"] = str_replace("{NEWSLETTER_VERIFY}", $content["newsletter"]["verify_link"], $content["newsletter"]["mailtext"]);
$content["newsletter"]["mailtext"] = str_replace("{NEWSLETTER_DELETE}", $content["newsletter"]["delete_link"], $content["newsletter"]["mailtext"]);
$content["newsletter"]["mailtext"] = replaceGlobalRT($content["newsletter"]["mailtext"]);
$content['newsletter']['subject'] = returnTagContent($content["newsletter"]["mailtext"], 'SUBJECT');
if (empty($content['newsletter']['subject']['tag'])) {
$sql .= "address_subscription\t= '" . aporeplace($_userInfo['subscriber_data']['address_subscription']) . "' ";
$sql .= 'WHERE ';
if ($_userInfo['count']) {
// update based on email address
$sql .= "address_email='" . aporeplace($_userInfo['subscriber_data']['address_email']) . "'";
} else {
// update based on email address
$sql .= 'address_id=' . $_userInfo['subscriber_data']['address_id'];
$sql .= ' LIMIT 1';
}
_dbQuery($sql, 'UPDATE');
} else {
// insert
$sql = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_address ';
$sql .= '(address_key, address_email, address_name, address_verified, address_subscription) VALUES (';
$sql .= "'" . aporeplace(shortHash($_userInfo['subscriber_data']['address_email'] . time())) . "', ";
$sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_email']) . "', ";
$sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_name']) . "', ";
$sql .= $_userInfo['subscriber_data']['address_verified'] . ", ";
$sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_subscription']) . "')";
$_userInfo['result'] = _dbQuery($sql, 'INSERT');
if (!empty($_userInfo['result']['INSERT_ID'])) {
$_userInfo['subscriber_id'] = $_userInfo['result']['INSERT_ID'];
$_userInfo['subscriber_data']['address_id'] = $_userInfo['result']['INSERT_ID'];
}
}
}
// in case data should be saved and closed then
if ($_userInfo['error']['email'] == 0 && (!empty($_POST['save']) || !empty($_userInfo['count']))) {
$_userInfo['subscriber_data'] = false;
}
function showServerIds()
{
global $serverIdWhiteList;
foreach ($serverIdWhiteList as $serverId) {
echo "{$serverId} => " . shortHash($serverId) . " <br>\n";
}
}
$plugin['data']['shop_pref_zone_base'] = clean_slweg($_POST['pref_zone_base']);
// check if multiple emails
foreach ($plugin['data']['shop_pref_email_to'] as $key => $value) {
if (!is_valid_email($value)) {
unset($plugin['data']['shop_pref_email_to'][$key]);
}
}
$plugin['data']['shop_pref_email_to'] = strtolower(implode(';', $plugin['data']['shop_pref_email_to']));
if (!is_valid_email($plugin['data']['shop_pref_email_from'])) {
$plugin['data']['shop_pref_email_from'] = '';
}
if (!is_valid_email($plugin['data']['shop_pref_email_paypal'])) {
$plugin['data']['shop_pref_email_paypal'] = '';
}
if ($plugin['data']['shop_pref_api_access'] && $plugin['data']['shop_pref_api_key'] === '') {
$plugin['data']['shop_pref_api_key'] = preg_replace('/[^a-zA-Z0-9]/', '', shortHash(PHPWCMS_URL . $phpwcms['db_pass']));
}
for ($x = 0; $x <= 4; $x++) {
// Weight based
$plugin['data']['shop_pref_shipping'][$x]['weight'] = clean_slweg($_POST['pref_shipping_weight'][$x]);
$plugin['data']['shop_pref_shipping'][$x]['net'] = clean_slweg($_POST['pref_shipping_net'][$x]);
$plugin['data']['shop_pref_shipping'][$x]['vat'] = clean_slweg($_POST['pref_shipping_vat'][$x]);
$plugin['data']['shop_pref_shipping'][$x]['weight'] = str_replace($BLM['thousands_sep'], '', $plugin['data']['shop_pref_shipping'][$x]['weight']);
$plugin['data']['shop_pref_shipping'][$x]['weight'] = round(str_replace($BLM['dec_point'], '.', $plugin['data']['shop_pref_shipping'][$x]['weight']), 3);
$plugin['data']['shop_pref_shipping'][$x]['net'] = str_replace($BLM['thousands_sep'], '', $plugin['data']['shop_pref_shipping'][$x]['net']);
$plugin['data']['shop_pref_shipping'][$x]['net'] = round(str_replace($BLM['dec_point'], '.', $plugin['data']['shop_pref_shipping'][$x]['net']), 3);
$plugin['data']['shop_pref_shipping'][$x]['vat'] = str_replace($BLM['thousands_sep'], '', $plugin['data']['shop_pref_shipping'][$x]['vat']);
$plugin['data']['shop_pref_shipping'][$x]['vat'] = round(str_replace($BLM['dec_point'], '.', $plugin['data']['shop_pref_shipping'][$x]['vat']), 2);
// Price based
$plugin['data']['shop_pref_shipping'][$x]['price'] = clean_slweg($_POST['pref_shipping_price'][$x]);
$plugin['data']['shop_pref_shipping'][$x]['price_net'] = clean_slweg($_POST['pref_shipping_price_net'][$x]);
