function handleUpdate($id)
{
global $db, $passHasher;
// handle parameters
$values = array();
if (!empty($_POST['name'])) {
$values['name'] = $db->quote(mb_sanitize($_POST['name']));
}
if (isset($_POST['comment'])) {
$values['cmt'] = empty($_POST['comment']) ? 'NULL' : $db->quote($_POST['comment']);
}
if (isset($_POST['clear']) && $_POST['clear']) {
$values['pass_md5'] = 'NULL';
$values['pass_ph'] = 'NULL';
} elseif (!empty($_POST['pass'])) {
$values['pass_md5'] = 'NULL';
$values['pass_ph'] = $db->quote($passHasher->HashPassword($_POST['pass']));
}
if (isset($_POST['ticket_permanent']) && $_POST['ticket_permanent']) {
$values['last_time'] = 'NULL';
$values['expire'] = 'NULL';
$values['expire_dln'] = 'NULL';
} else {
if (isset($_POST['ticket_totaldays'])) {
$values['expire'] = empty($_POST['ticket_totaldays']) ? 'NULL' : time() + $_POST["ticket_totaldays"] * 3600 * 24;
}
if (isset($_POST['ticket_lastdldays'])) {
$values['last_time'] = empty($_POST['ticket_lastdldays']) ? 'NULL' : $_POST["ticket_lastdldays"] * 3600 * 24;
}
if (isset($_POST['ticket_maxdl'])) {
$values['expire_dln'] = empty($_POST['ticket_maxdl']) ? 'NULL' : (int) $_POST['ticket_maxdl'];
}
}
if (isset($_POST['notify'])) {
$values['notify_email'] = empty($_POST['notify']) ? 'NULL' : $db->quote(fixEMailAddrs($_POST["notify"]));
}
// prepare the query
$tmp = array();
foreach ($values as $k => $v) {
$tmp[] = "{$k} = {$v}";
}
$sql = "UPDATE ticket SET " . join(", ", $tmp) . " WHERE id = " . $db->quote($id);
if ($db->exec($sql) != 1) {
return false;
}
// fetch defaults
$sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
$DATA = $db->query($sql)->fetch();
$DATA['pass'] = empty($_POST["pass"]) ? NULL : $_POST["pass"];
// trigger update hooks
onTicketUpdate($DATA);
return $DATA;
}
function handleGrant($params)
{
global $auth, $locale, $db, $defaults, $passHasher;
// generate new unique id
$id = genGrantId();
// defaults
if (!isset($params["grant_total"])) {
$params["grant_total"] = $defaults['grant']['total'];
}
// prepare data
$sql = "INSERT INTO \"grant\" (id, user_id, grant_expire, cmt, pass_ph" . ", time, expire, last_time, expire_dln, notify_email, sent_email, locale) VALUES (";
$sql .= $db->quote($id);
$sql .= ", " . $auth['id'];
$sql .= ", " . ($params["grant_total"] == 0 ? 'NULL' : time() + $params["grant_total"]);
$sql .= ", " . (empty($params["comment"]) ? 'NULL' : $db->quote($params["comment"]));
$sql .= ", " . (empty($params["pass"]) ? 'NULL' : $db->quote($passHasher->HashPassword($params["pass"])));
$sql .= ", " . time();
if (!empty($params["ticket_permanent"])) {
$sql .= ", NULL";
$sql .= ", NULL";
$sql .= ", NULL";
} else {
if (!isset($params["ticket_total"]) && !isset($params["ticket_lastdl"]) && !isset($params["ticket_maxdl"])) {
$params["ticket_total"] = $defaults['ticket']['total'];
$params["ticket_lastdl"] = $defaults['ticket']['lastdl'];
$params["ticket_maxdl"] = $defaults['ticket']['maxdl'];
}
$sql .= ", " . (empty($params["ticket_total"]) ? 'NULL' : time() + $params["ticket_total"]);
$sql .= ", " . (empty($params["ticket_lastdl"]) ? 'NULL' : $params["ticket_lastdl"]);
$sql .= ", " . (empty($params["ticket_maxdl"]) ? 'NULL' : (int) $params["ticket_maxdl"]);
}
$sql .= ", " . (empty($params["notify"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["notify"])));
$sql .= ", " . (empty($params["send_to"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["send_to"])));
$sql .= ", " . $db->quote($locale);
$sql .= ")";
if ($db->exec($sql) != 1) {
return false;
}
// fetch defaults
$sql = "SELECT * FROM \"grant\" WHERE id = " . $db->quote($id);
$DATA = $db->query($sql)->fetch();
$DATA['pass'] = empty($params["pass"]) ? NULL : $params["pass"];
// trigger creation hooks
onGrantCreate($DATA);
return $DATA;
}
function handleUpload($FILE, $params)
{
global $auth, $locale, $dataDir, $db, $defaults, $passHasher;
// fix file size overflow (when possible) in php 5.4-5.5
if ($FILE['size'] < 0) {
$FILE['size'] = filesize($FILE["tmp_name"]);
if ($FILE['size'] < 0) {
logError($FILE["tmp_name"] . ": uncorrectable PHP file size overflow");
return false;
}
}
// generate new unique id/file name
list($id, $tmpFile) = genTicketId();
if (!move_uploaded_file($FILE["tmp_name"], $tmpFile)) {
logError("cannot move file " . $FILE["tmp_name"] . " into {$tmpFile}");
return handleUploadFailure($tmpFile);
}
// check DB connection after upload
reconnectDB();
// prepare data
$sql = "INSERT INTO ticket (id, user_id, name, path, size, cmt, pass_ph" . ", time, expire, last_time, expire_dln, notify_email, sent_email, locale) VALUES (";
$sql .= $db->quote($id);
$sql .= ", " . $auth['id'];
$sql .= ", " . $db->quote(mb_sane_base($FILE["name"]));
$sql .= ", " . $db->quote($tmpFile);
$sql .= ", " . $FILE["size"];
$sql .= ", " . (empty($params["comment"]) ? 'NULL' : $db->quote($params["comment"]));
$sql .= ", " . (empty($params["pass"]) ? 'NULL' : $db->quote($passHasher->HashPassword($params["pass"])));
$sql .= ", " . time();
if (@$params["permanent"]) {
$sql .= ", NULL";
$sql .= ", NULL";
$sql .= ", NULL";
} else {
if (!isset($params["ticket_total"]) && !isset($params["ticket_lastdl"]) && !isset($params["ticket_maxdl"])) {
$params["ticket_total"] = $defaults['ticket']['total'];
$params["ticket_lastdl"] = $defaults['ticket']['lastdl'];
$params["ticket_maxdl"] = $defaults['ticket']['maxdl'];
}
$sql .= ", " . (empty($params["ticket_total"]) ? 'NULL' : time() + $params["ticket_total"]);
$sql .= ", " . (empty($params["ticket_lastdl"]) ? 'NULL' : $params["ticket_lastdl"]);
$sql .= ", " . (empty($params["ticket_maxdl"]) ? 'NULL' : (int) $params["ticket_maxdl"]);
}
$sql .= ", " . (empty($params["notify"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["notify"])));
$sql .= ", " . (empty($params["send_to"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["send_to"])));
$sql .= ", " . $db->quote($locale);
$sql .= ")";
if ($db->exec($sql) != 1) {
logDBError($db, "cannot commit new ticket to database");
return handleUploadFailure($tmpFile);
}
// fetch defaults
$sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
$DATA = $db->query($sql)->fetch();
$DATA['pass'] = empty($params["pass"]) ? NULL : $params["pass"];
// trigger creation hooks
onTicketCreate($DATA);
return $DATA;
}
