/**
* This function is used to upload the attachment in the server and save that attachment information in db.
* @param int $id - entity id to which the file to be uploaded
* @param string $module - the current module name
* @param array $file_details - array which contains the file information(name, type, size, tmp_name and error)
* return void
*/
function uploadAndSaveFile($id, $module, $file_details)
{
global $log;
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
global $current_user;
global $upload_badext;
$date_var = date('Y-m-d H:i:s');
//to get the owner id
$ownerid = isset($this->column_fields['assigned_user_id']) ? $this->column_fields['assigned_user_id'] : '';
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
// Arbitrary File Upload Vulnerability fix - Philip
$binFile = $file_details['name'];
$ext_pos = strrpos($binFile, ".");
$ext = substr($binFile, $ext_pos + 1);
if (in_array($ext, $upload_badext)) {
$binFile .= ".txt";
}
// Vulnerability fix ends
$current_id = $this->db->getUniqueID("ec_crmentity");
$filename = explode_basename($binFile);
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath();
//upload the file in server
if (is_uploaded_file($filetmp_name)) {
$encode_file = base64_encode_filename($binFile);
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $encode_file);
}
$save_file = 'true';
//only images are allowed for these modules
if ($module == 'Contacts' || $module == 'Products') {
echo "222";
$save_file = validateImageFile($file_details);
}
if ($save_file == 'true' && $upload_status == 'true') {
//This is only to update the attached filename in the ec_notes ec_table for the Notes module
if ($module == 'Notes') {
$sql = "update ec_notes set filename='" . $filename . "' where notesid = " . $id;
$this->db->query($sql);
} else {
if ($module == 'Documents') {
$sql = "update ec_documents set filename='" . $filename . "' where documentsid = " . $id;
$this->db->query($sql);
}
}
$description = "";
if (isset($this->column_fields['description'])) {
$description = $this->column_fields['description'];
}
$sql1 = "insert into ec_crmentity (crmid,setype) values(" . $current_id . ",'" . $module . " Attachment')";
$this->db->query($sql1);
$sql = "insert into ec_attachments(attachmentsid,name,description,type,setype,path,smcreatorid,createdtime) values(";
$sql .= $current_id . ",'" . $filename . "','" . $description . "','" . $filetype . "','" . $module . "','" . $upload_file_path . "','" . $ownerid . "','" . $date_var . "')";
$result = $this->db->query($sql);
if (isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'edit') {
if ($id != '' && isset($_REQUEST['fileid']) && $_REQUEST['fileid'] != '') {
$delquery = 'delete from ec_seattachmentsrel where crmid = ' . $id . ' and attachmentsid = ' . $_REQUEST['fileid'];
$this->db->query($delquery);
}
}
if ($module == 'Notes' || $module == 'Documents') {
$query = "delete from ec_seattachmentsrel where crmid = " . $id;
$this->db->query($query);
}
$sql3 = 'insert into ec_seattachmentsrel values(' . $id . ',' . $current_id . ')';
$this->db->query($sql3);
return true;
} else {
$log->debug("Skip the save attachment process.");
return false;
}
}
foreach ($_FILES as $fileindex => $file_details) {
if ($file_details['name'] != '' && $file_details['size'] > 0) {
global $current_user;
global $upload_badext;
$date_var = $adb->formatDate(date('YmdHis'));
$ownerid = $current_user->id;
// Arbitrary File Upload Vulnerability fix - Philip
$binFile = $file_details['name'];
$ext_pos = strrpos($binFile, ".");
$ext = substr($binFile, $ext_pos + 1);
if (in_array($ext, $upload_badext)) {
$binFile .= ".txt";
}
// Vulnerability fix ends
$current_id = $adb->getUniqueID("ec_crmentity");
$filename = explode_basename($binFile);
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath();
//upload the file in server
$upload_status = false;
if (is_uploaded_file($filetmp_name)) {
$encode_file = base64_encode_filename($binFile);
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $encode_file);
}
if ($upload_status) {
$description = "";
$adb->query("insert into ec_crmentity (crmid,setype) values('" . $current_id . "','Maillists Attachment')");
$sql = "insert into ec_attachments(attachmentsid,name,description,type,setype,path,smcreatorid,createdtime) values(";
/**
* This function is used to save the Images .
* It acceps the File lists,modulename,id and the mode as arguments
* It returns the array details of the upload
*/
function SaveImage($_FILES, $module, $id, $mode)
{
global $log;
$log->debug("Entering SaveImage() method ...");
global $adb;
$uploaddir = $root_directory . "test/" . $module . "/";
//set this to which location you need to give the contact image
$file_path_name = $_FILES['imagename']['name'];
$image_error = "false";
$saveimage = "true";
$file_name = explode_basename($file_path_name);
if ($file_name != "") {
$image_name_val = file_exist_fn($file_name, 0);
$encode_field_values = "";
$errormessage = "";
$move_upload_status = move_uploaded_file($_FILES["imagename"]["tmp_name"], $uploaddir . $image_name_val);
$image_error = "false";
//if there is an error in the uploading of image
$filetype = $_FILES['imagename']['type'];
$filesize = $_FILES['imagename']['size'];
$filetype_array = explode("/", $filetype);
$file_type_val_image = strtolower($filetype_array[0]);
$file_type_val = strtolower($filetype_array[1]);
$log->info("The File type of the Contact Image is :: " . $file_type_val);
//checking the uploaded image is if an image type or not
if (!$move_upload_status) {
$log->debug("Error is present in uploading Contact Image.");
$errorCode = $_FILES['imagename']['error'];
if ($errorCode == 4) {
$errorcode = "no-image";
$saveimage = "false";
$image_error = "true";
} else {
if ($errorCode == 2) {
$errormessage = 2;
$saveimage = "false";
$image_error = "true";
} else {
if ($errorCode == 3) {
$errormessage = 3;
$saveimage = "false";
$image_error = "true";
}
}
}
} else {
$log->debug("Successfully uploaded the Contact Image.");
if ($filesize != 0) {
if ($file_type_val == "jpeg" || $file_type_val == "png" || $file_type_val == "jpg" || $file_type_val == "pjpeg" || $file_type_val == "x-png" || $file_type_val == "gif") {
$saveimage = "true";
$image_error = "false";
} else {
$savelogo = "false";
$image_error = "true";
$errormessage = "image";
}
} else {
$savelogo = "false";
$image_error = "true";
$errormessage = "invalid";
}
}
} else {
$log->debug("Contact Image is not given for uploading.");
if ($mode == "edit" && $image_error == "false") {
if ($module = 'contact') {
$image_name_val = getContactImageName($id);
} elseif ($module = 'user') {
$image_name_val = getUserImageName($id);
}
$saveimage = "true";
} else {
$image_name_val = "";
}
}
$return_value = array('imagename' => $image_name_val, 'imageerror' => $image_error, 'errormessage' => $errormessage, 'saveimage' => $saveimage, 'mode' => $mode);
$log->debug("Exiting SaveImage method ...");
return $return_value;
}
