<?php include_once "include_db.php"; include_once "include_functions.php"; checkUserSessionandCookie(); $username = $_SESSION["uname"]; $workid = @$_POST["fileupload_workid"]; $uploadname = basename($_FILES['uploadedfile']['name']); $ruri = @$_POST["fileupload_requestURI"]; $tmp_uploadedOn = get_currentPHPTimestamp(); $tmp = getDirectorySize($target_path); $currentsize = $tmp['size']; $maxallowed = $_SESSION["pkgSpaceMb"] * 1024 * 1024; // convert Mb into bytes if ($currentsize > $maxallowed) { echo "<h1>You do not have enough free space for uploading any new files ! </h1>"; exit; } Task_LogSystemComment($workid, "<B>{$username}</B> has uploaded file '{$uploadname}' {$thisfilesize}"); logUserEvent('Uploaded attachment to ' . $workid); $fp = fopen($_FILES['uploadedfile']['tmp_name'], 'r'); $fp_size = filesize($_FILES['uploadedfile']['tmp_name']); $somefile = bin2hex(fread($fp, $fp_size)); $success = execute_sqlInsert('attachments', array('workid' => $workid, 'uploadname' => $uploadname, 'uploadedby' => $username, 'filecontent' => $somefile, 'filesize' => $fp_size, 'uploadedOn' => $tmp_uploadedOn)); header("Location: " . $ruri);
function loginUser($uname, $uepwd) { global $DE_GLOBALS_USERLOGINERR; if ($uname == "sadmin") { $password = getVariableFromSadminTbl('sadminpass'); } else { $password = executesql_returnArray("select password from users where username='******' and user_status='A' ;"); } if (!$password || $password != $uepwd) { send_Action_Response('Fail', $DE_GLOBALS_USERLOGINERR); } $_SESSION["uname"] = "{$uname}"; if (get_POST_var('setcuky') == 'true') { $cookieid = getaRandomString(32); setcookie(USERCOOKIENAME, $cookieid, time() + 7 * 24 * 3600); $success = execute_sqlInsert('cookies', array(username => $uname, cookieid => $cookieid, cookietime => 'CURRENT_TIMESTAMP')); } logUserEvent($uname . ' (User) Logged In'); alertAppAdmin($uname . ' (User) Logged In'); send_Action_Response('Success', 'To Welcome Page'); exit; }
exit; } } $ACTION = @$_POST["action"]; $USERNAME = $_SESSION["uname"]; if ($ACTION == 'doLogin' || $ACTION == 'sendLoginDetails') { // Do not check "if logged in" for these actions } else { checkLogin_B4_Action(); } switch ($ACTION) { case 'Logout': setcookie(USERCOOKIENAME, "", time() - 3600); session_unset(); session_destroy(); logUserEvent('User Logged Out'); send_Action_Response('Success', 'Logged Out!'); exit; break; case 'doLogin': $uname = get_POST_var("uname"); $uepwd = get_POST_var("uepwd"); loginUser($uname, $uepwd); exit; break; case 'updateUserPassword': $upwd_cpass = get_POST_var("upwd_cpass"); $upwd_nupass = get_POST_var("upwd_nupass"); $current_password = executesql_returnArray("select password from users where username='******'"); if ($current_password != $upwd_cpass) { send_Action_Response('Fail', 'Invalid Current Password!');