function handleUpdate($id) { global $db, $passHasher; // handle parameters $values = array(); if (!empty($_POST['name'])) { $values['name'] = $db->quote(mb_sanitize($_POST['name'])); } if (isset($_POST['comment'])) { $values['cmt'] = empty($_POST['comment']) ? 'NULL' : $db->quote($_POST['comment']); } if (isset($_POST['clear']) && $_POST['clear']) { $values['pass_md5'] = 'NULL'; $values['pass_ph'] = 'NULL'; } elseif (!empty($_POST['pass'])) { $values['pass_md5'] = 'NULL'; $values['pass_ph'] = $db->quote($passHasher->HashPassword($_POST['pass'])); } if (isset($_POST['ticket_permanent']) && $_POST['ticket_permanent']) { $values['last_time'] = 'NULL'; $values['expire'] = 'NULL'; $values['expire_dln'] = 'NULL'; } else { if (isset($_POST['ticket_totaldays'])) { $values['expire'] = empty($_POST['ticket_totaldays']) ? 'NULL' : time() + $_POST["ticket_totaldays"] * 3600 * 24; } if (isset($_POST['ticket_lastdldays'])) { $values['last_time'] = empty($_POST['ticket_lastdldays']) ? 'NULL' : $_POST["ticket_lastdldays"] * 3600 * 24; } if (isset($_POST['ticket_maxdl'])) { $values['expire_dln'] = empty($_POST['ticket_maxdl']) ? 'NULL' : (int) $_POST['ticket_maxdl']; } } if (isset($_POST['notify'])) { $values['notify_email'] = empty($_POST['notify']) ? 'NULL' : $db->quote(fixEMailAddrs($_POST["notify"])); } // prepare the query $tmp = array(); foreach ($values as $k => $v) { $tmp[] = "{$k} = {$v}"; } $sql = "UPDATE ticket SET " . join(", ", $tmp) . " WHERE id = " . $db->quote($id); if ($db->exec($sql) != 1) { return false; } // fetch defaults $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); $DATA['pass'] = empty($_POST["pass"]) ? NULL : $_POST["pass"]; // trigger update hooks onTicketUpdate($DATA); return $DATA; }
function handleGrant($params) { global $auth, $locale, $db, $defaults, $passHasher; // generate new unique id $id = genGrantId(); // defaults if (!isset($params["grant_total"])) { $params["grant_total"] = $defaults['grant']['total']; } // prepare data $sql = "INSERT INTO \"grant\" (id, user_id, grant_expire, cmt, pass_ph" . ", time, expire, last_time, expire_dln, notify_email, sent_email, locale) VALUES ("; $sql .= $db->quote($id); $sql .= ", " . $auth['id']; $sql .= ", " . ($params["grant_total"] == 0 ? 'NULL' : time() + $params["grant_total"]); $sql .= ", " . (empty($params["comment"]) ? 'NULL' : $db->quote($params["comment"])); $sql .= ", " . (empty($params["pass"]) ? 'NULL' : $db->quote($passHasher->HashPassword($params["pass"]))); $sql .= ", " . time(); if (!empty($params["ticket_permanent"])) { $sql .= ", NULL"; $sql .= ", NULL"; $sql .= ", NULL"; } else { if (!isset($params["ticket_total"]) && !isset($params["ticket_lastdl"]) && !isset($params["ticket_maxdl"])) { $params["ticket_total"] = $defaults['ticket']['total']; $params["ticket_lastdl"] = $defaults['ticket']['lastdl']; $params["ticket_maxdl"] = $defaults['ticket']['maxdl']; } $sql .= ", " . (empty($params["ticket_total"]) ? 'NULL' : time() + $params["ticket_total"]); $sql .= ", " . (empty($params["ticket_lastdl"]) ? 'NULL' : $params["ticket_lastdl"]); $sql .= ", " . (empty($params["ticket_maxdl"]) ? 'NULL' : (int) $params["ticket_maxdl"]); } $sql .= ", " . (empty($params["notify"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["notify"]))); $sql .= ", " . (empty($params["send_to"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["send_to"]))); $sql .= ", " . $db->quote($locale); $sql .= ")"; if ($db->exec($sql) != 1) { return false; } // fetch defaults $sql = "SELECT * FROM \"grant\" WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); $DATA['pass'] = empty($params["pass"]) ? NULL : $params["pass"]; // trigger creation hooks onGrantCreate($DATA); return $DATA; }
function handleUpload($FILE, $params) { global $auth, $locale, $dataDir, $db, $defaults, $passHasher; // fix file size overflow (when possible) in php 5.4-5.5 if ($FILE['size'] < 0) { $FILE['size'] = filesize($FILE["tmp_name"]); if ($FILE['size'] < 0) { logError($FILE["tmp_name"] . ": uncorrectable PHP file size overflow"); return false; } } // generate new unique id/file name list($id, $tmpFile) = genTicketId(); if (!move_uploaded_file($FILE["tmp_name"], $tmpFile)) { logError("cannot move file " . $FILE["tmp_name"] . " into {$tmpFile}"); return handleUploadFailure($tmpFile); } // check DB connection after upload reconnectDB(); // prepare data $sql = "INSERT INTO ticket (id, user_id, name, path, size, cmt, pass_ph" . ", time, expire, last_time, expire_dln, notify_email, sent_email, locale) VALUES ("; $sql .= $db->quote($id); $sql .= ", " . $auth['id']; $sql .= ", " . $db->quote(mb_sane_base($FILE["name"])); $sql .= ", " . $db->quote($tmpFile); $sql .= ", " . $FILE["size"]; $sql .= ", " . (empty($params["comment"]) ? 'NULL' : $db->quote($params["comment"])); $sql .= ", " . (empty($params["pass"]) ? 'NULL' : $db->quote($passHasher->HashPassword($params["pass"]))); $sql .= ", " . time(); if (@$params["permanent"]) { $sql .= ", NULL"; $sql .= ", NULL"; $sql .= ", NULL"; } else { if (!isset($params["ticket_total"]) && !isset($params["ticket_lastdl"]) && !isset($params["ticket_maxdl"])) { $params["ticket_total"] = $defaults['ticket']['total']; $params["ticket_lastdl"] = $defaults['ticket']['lastdl']; $params["ticket_maxdl"] = $defaults['ticket']['maxdl']; } $sql .= ", " . (empty($params["ticket_total"]) ? 'NULL' : time() + $params["ticket_total"]); $sql .= ", " . (empty($params["ticket_lastdl"]) ? 'NULL' : $params["ticket_lastdl"]); $sql .= ", " . (empty($params["ticket_maxdl"]) ? 'NULL' : (int) $params["ticket_maxdl"]); } $sql .= ", " . (empty($params["notify"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["notify"]))); $sql .= ", " . (empty($params["send_to"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["send_to"]))); $sql .= ", " . $db->quote($locale); $sql .= ")"; if ($db->exec($sql) != 1) { logDBError($db, "cannot commit new ticket to database"); return handleUploadFailure($tmpFile); } // fetch defaults $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); $DATA['pass'] = empty($params["pass"]) ? NULL : $params["pass"]; // trigger creation hooks onTicketCreate($DATA); return $DATA; }