$sform->addElement(new XoopsFormHidden('workpath', $_GET['workpath'])); $sform->addElement(new XoopsFormHidden('file', $_GET['file'])); $button_tray = new XoopsFormElementTray('', ''); $button_tray->addElement(new XoopsFormButton('', 'save', "Delete", 'submit')); $sform->addElement($button_tray); $sform->display(); xoops_cp_footer(); } exit; } if ($action == 'rename') { if ($confirm == '1') { $new_filename = "{$HTTP_POST_VARS['workpath']}/{$HTTP_POST_VARS['new_filename']}"; $old_filename = "{$HTTP_POST_VARS['workpath']}/{$HTTP_POST_VARS['old_filename']}"; //safemodeon($HTTP_POST_VARS['workpath'], '', $HTTP_POST_VARS['new_filename'], 'renamed'); filecheck($HTTP_POST_VARS['workpath'], '', $HTTP_POST_VARS['new_filename'], ''); fileexists($HTTP_POST_VARS['workpath'], $new_filename, '', 'File'); folderwrite($HTTP_POST_VARS['workpath'], '', '', 'rename'); filewrite($HTTP_POST_VARS['workpath'], '$new_filename', '', 'rename'); renameit($HTTP_POST_VARS['workpath'], $old_filename, $new_filename, 'File'); redirect_header("javascript:history.go(-1)", 1, "Unknown Error: File not renamed!"); exit; } else { include XOOPS_ROOT_PATH . "/class/xoopsformloader.php"; xoops_cp_header(); $sform = new XoopsThemeForm("Rename File", "op", "filemanager.php?action=rename&confirm=1"); $sform->addElement(new XoopsFormLabel(_AM_CURRENTFILENAME, basename($file))); $sform->addElement(new XoopsFormText("Rename File: ", 'new_filename', 30, 80, basename($file)), false); $sform->addElement(new XoopsFormHidden('old_filename', basename(htmlentities($file)))); $sform->addElement(new XoopsFormHidden('workpath', $_GET['workpath'])); $button_tray = new XoopsFormElementTray('', '');
$button_tray->addElement(new XoopsFormButton('', 'save', "Delete", 'submit')); $sform->addElement($button_tray); $sform->display(); xoops_cp_footer(); } exit(); } if ($action == 'rename') { if ( $confirm == '1') { $new_filename = "{$_POST['workpath']}/{$_POST['new_filename']}"; $old_filename = "{$_POST['workpath']}/{$_POST['old_filename']}"; //safemodeon($_POST['workpath'], '', $_POST['new_filename'], 'renamed'); filecheck($_POST['workpath'], '', $_POST['new_filename'], ''); fileexists($_POST['workpath'], $new_filename,'', 'File'); folderwrite($_POST['workpath'], '','', 'rename'); filewrite($_POST['workpath'], '$new_filename','', 'rename'); renameit($_POST['workpath'], $old_filename, $new_filename, 'File'); redirect_header("javascript:history.go(-1)",1,"Unknown Error: File not renamed!"); exit(); } else { include XOOPS_ROOT_PATH."/class/xoopsformloader.php"; xoops_cp_header(); $sform = new XoopsThemeForm("Rename File", "op", "filemanager.php?action=rename&confirm=1"); $sform->addElement(new XoopsFormLabel(_AM_CURRENTFILENAME, basename($file))); $sform->addElement(new XoopsFormText("Rename File: ", 'new_filename', 30, 80, basename($file)), false); $sform->addElement(new XoopsFormHidden('old_filename', basename(htmlentities($file)))); $sform->addElement(new XoopsFormHidden('workpath', $_GET['workpath']));
if (isset($_FILES['uploaded_file'])) { //check for errors if ($_FILES['uploaded_file']['error'] == 0) { //make sure DB is found, else add to the error message if ($db_found) { //gather and make data safe $uid = ""; $username = $_SESSION['username']; $filename = mysqli_real_escape_string($db_handle, $_FILES['uploaded_file']['name']); $filetype = mysqli_real_escape_string($db_handle, $_FILES['uploaded_file']['type']); $filesize = $_FILES['uploaded_file']['size']; $filedata = mysqli_real_escape_string($db_handle, file_get_contents($_FILES['uploaded_file']['tmp_name'])); //first get UID from username (which is unique but dont want to pass UID through session) $SQL_stmt = "SELECT uid FROM users WHERE uname = '{$username}'"; $query_result = mysqli_query($db_handle, $SQL_stmt); $checkresult = filecheck($filetype, $filesize); //check if result is true and check file size/type if ($query_result && $checkresult == 1) { //this might be overcomplicated but its how i know how to do it for now $num_rows = mysqli_num_rows($query_result); //there should actually only be 1 row since username is unique if ($num_rows > 0) { $actual_result = mysqli_fetch_assoc($query_result); $uid = $actual_result['uid']; } else { $message = "User not found"; } } else { $message = $checkresult; } if ($message == "") {