header("Location: ". $_GET['redirect'] . "?" . $uQueryString);
exit;
}
else
{
header("Location: ". $_GET['redirect']);
exit;
}
}
else
{
unset($_SESSION['admin']);
header("Location: index.php");
exit;
}
$mrr_cookie=createuuid();
}
}
if($error == '' && isset($_GET['error']))
{
if($_GET['error'] == 1) $error = $lang['login_error1'];
if($_GET['error'] == 2) $error = $lang['login_error2'];
if($_GET['error'] == 3) $error = $lang['login_error3'];
}
if(!isset($_POST['email'])) $_POST['email'] = "";
if(!isset($_POST['id_email_forgot'])) $_POST['id_email_forgot'] = "";
?>
<? include('header.php')?>
function get_user_cert()
{
global $defaultsarray;
$sql = "
select *
from attached_files
where xref_id = '".sql_friendly($_POST['user_id'])."'
and section_id = '".sql_friendly(SECTION_CERTIFICATES)."'
and deleted = 0
order by id desc
";
$data = simple_query($sql);
$msg = "";
if(!mysqli_num_rows($data))
{
$file = '';
$file2 = '';
$rslt = 0;
$msg = "Could not locate certificate for user ".$_POST['user_id'].".";
}
else
{
$row = mysqli_fetch_array($data);
if($row['filename']!="")
{
$file = "documents/".$row['filename'];
if($row['public_flag']==0)
{
$uuid = createuuid();
// copy the file to a temp location to view
$tmp_filename = "temp/".$uuid.$row['filename'];
copy($defaultsarray['base_path'].'/uploads/'.$row['filename'], $defaultsarray['base_path'].'public_html/'.$tmp_filename);
$tmp_filename=str_replace("#",'%23',$tmp_filename); //File name is truncated if the '#' letter is found. 'test_file#1234.jpg' becomes 'test_file'. File won't be found.
$file=$tmp_filename;
}
}
$rslt = 1;
}
display_xml_response("<rslt>$rslt</rslt><msg><![CDATA[".$msg."]]></msg><File><![CDATA[".$file."]]></File>");
}
";
simple_query($sql);
if($row['linedate_viewed'] == "0000-00-00 00:00:00")
{
$sql = "
update log_email
set linedate_viewed = now()
where id = '$row[id]'
";
simple_query($sql);
}
if($row['tmp_filename'] == '')
{
$file_uuid = createuuid();
$file_ext = get_file_ext($row['attachment']);
$tmp_filename = "$file_uuid.$file_ext";
$sql = "
update log_email
set tmp_filename = '".sql_friendly($tmp_filename)."'
where id = '".sql_friendly($row['id'])."'
";
simple_query($sql);
}
else
{
$tmp_filename = $row['tmp_filename'];
if (!file_exists($new_folder)) {
mkdir($new_folder);
}
$file_ext = get_file_ext($_FILES['Filedata']['name']);
$new_filename = get_unique_filename($new_folder, $_FILES['Filedata']['name']);
$curdate = 0;
if (move_uploaded_file($_FILES['Filedata']['tmp_name'], $new_folder . $new_filename)) {
$curdate = mrr_pull_image_created_date($new_folder . $new_filename);
$rslt = 1;
} else {
$rslt = 0;
}
$user_id = 0;
$store_id = 0;
$merchant_id = 0;
if (isset($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
}
if (isset($_SESSION['store_id'])) {
$store_id = $_SESSION['store_id'];
}
if (isset($_SESSION['merchant_id'])) {
$merchant_id = $_SESSION['merchant_id'];
}
//log that file was uploaded...
$sql = "\r\n\t\tinsert into attached_files\r\n\t\t\t(linedate_added,\r\n\t\t\tlinedate_created,\r\n\t\t\tfilename,\r\n\t\t\tfilesize,\r\n\t\t\tsection_id,\r\n\t\t\txref_id,\r\n\t\t\tdeleted,\r\n\t\t\taccess_level,\r\n\t\t\tuuid,\r\n\t\t\tmerchant_id,\r\n\t\t\tstore_id,\r\n\t\t\tuser_id)\r\n\t\t\t\r\n\t\tvalues (now(),\r\n\t\t\t'" . sql_friendly($curdate) . "',\r\n\t\t\t'" . sql_friendly($new_filename) . "',\r\n\t\t\t'" . sql_friendly($_FILES['Filedata']['size']) . "',\r\n\t\t\t'" . sql_friendly($_POST['section_id']) . "',\r\n\t\t\t'" . sql_friendly($_POST['xref_id']) . "',\r\n\t\t\t0,\r\n\t\t\t'" . sql_friendly($def_access) . "',\r\n\t\t\t'" . createuuid() . "',\r\n\t\t\t'" . sql_friendly($merchant_id) . "',\r\n\t\t\t'" . sql_friendly($store_id) . "',\r\n\t\t\t'" . sql_friendly($user_id) . "')\r\n\t";
simple_query($sql);
//$iid=mysql_insert_id();
}
?>
1
