function handleUpload($FILE, $params)
{
global $auth, $locale, $dataDir, $db, $defaults, $passHasher;
// fix file size overflow (when possible) in php 5.4-5.5
if ($FILE['size'] < 0) {
$FILE['size'] = filesize($FILE["tmp_name"]);
if ($FILE['size'] < 0) {
logError($FILE["tmp_name"] . ": uncorrectable PHP file size overflow");
return false;
}
}
// generate new unique id/file name
list($id, $tmpFile) = genTicketId();
$tmpFile = preg_replace('/(\\/.*\\/)/', "\\1{$FILE['name']}_", $tmpFile);
if (!move_uploaded_file($FILE["tmp_name"], $tmpFile)) {
logError("cannot move file " . $FILE["tmp_name"] . " into {$tmpFile}");
return handleUploadFailure($tmpFile);
}
// check DB connection after upload
reconnectDB();
// prepare data
$sql = "INSERT INTO ticket (id, user_id, name, path, size, cmt, pass_ph" . ", time, expire, last_time, expire_dln, notify_email, sent_email, locale) VALUES (";
$sql .= $db->quote($id);
$sql .= ", " . $auth['id'];
$sql .= ", " . $db->quote(mb_sane_base($FILE["name"]));
$sql .= ", " . $db->quote($tmpFile);
$sql .= ", " . $FILE["size"];
$sql .= ", " . (empty($params["comment"]) ? 'NULL' : $db->quote($params["comment"]));
$sql .= ", " . (empty($params["pass"]) ? 'NULL' : $db->quote($passHasher->HashPassword($params["pass"])));
$sql .= ", " . time();
if (@$params["permanent"]) {
$sql .= ", NULL";
$sql .= ", NULL";
$sql .= ", NULL";
} else {
if (!isset($params["ticket_total"]) && !isset($params["ticket_lastdl"]) && !isset($params["ticket_maxdl"])) {
$params["ticket_total"] = $defaults['ticket']['total'];
$params["ticket_lastdl"] = $defaults['ticket']['lastdl'];
$params["ticket_maxdl"] = $defaults['ticket']['maxdl'];
}
$sql .= ", " . (empty($params["ticket_total"]) ? 'NULL' : time() + $params["ticket_total"]);
$sql .= ", " . (empty($params["ticket_lastdl"]) ? 'NULL' : $params["ticket_lastdl"]);
$sql .= ", " . (empty($params["ticket_maxdl"]) ? 'NULL' : (int) $params["ticket_maxdl"]);
}
$sql .= ", " . (empty($params["notify"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["notify"])));
$sql .= ", " . (empty($params["send_to"]) ? 'NULL' : $db->quote(fixEMailAddrs($params["send_to"])));
$sql .= ", " . $db->quote($locale);
$sql .= ")";
if ($db->exec($sql) != 1) {
logDBError($db, "cannot commit new ticket to database");
return handleUploadFailure($tmpFile);
}
// fetch defaults
$sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
$DATA = $db->query($sql)->fetch();
$DATA['pass'] = empty($params["pass"]) ? NULL : $params["pass"];
// trigger creation hooks
onTicketCreate($DATA);
return $DATA;
}
function handleUpload($GRANT, $FILE)
{
global $dataDir, $db;
// fix file size overflow (when possible) in php 5.4-5.5
if ($FILE['size'] < 0) {
$FILE['size'] = filesize($FILE["tmp_name"]);
if ($FILE['size'] < 0) {
logError($FILE["tmp_name"] . ": uncorrectable PHP file size overflow");
return false;
}
}
// generate new unique id/file name
list($id, $tmpFile) = genTicketId($FILE["name"]);
if (!move_uploaded_file($FILE["tmp_name"], $tmpFile)) {
logError("cannot move file " . $FILE["tmp_name"] . " into {$tmpFile}");
return failUpload($tmpFile);
}
// convert the upload to a ticket
$db->beginTransaction();
$sql = "INSERT INTO ticket (id, user_id, name, path, size, cmt, pass_ph" . ", time, last_time, expire, expire_dln, locale) VALUES (";
$sql .= $db->quote($id);
$sql .= ", " . $GRANT['user_id'];
$sql .= ", " . $db->quote(mb_sane_base($FILE["name"]));
$sql .= ", " . $db->quote($tmpFile);
$sql .= ", " . $FILE["size"];
$sql .= ", " . (empty($GRANT["cmt"]) ? 'NULL' : $db->quote($GRANT["cmt"]));
$sql .= ", " . (empty($GRANT["pass_ph"]) ? 'NULL' : $db->quote($GRANT["pass_ph"]));
$sql .= ", " . time();
$sql .= ", " . (empty($GRANT["last_time"]) ? 'NULL' : $GRANT['last_time']);
$sql .= ", " . (empty($GRANT["expire"]) ? 'NULL' : $GRANT['expire']);
$sql .= ", " . (empty($GRANT["expire_dln"]) ? 'NULL' : $GRANT['expire_dln']);
$sql .= ", " . (empty($GRANT["locale"]) ? 'NULL' : $db->quote($GRANT['locale']));
$sql .= ")";
$db->exec($sql);
$sql = "DELETE FROM \"grant\" WHERE id = " . $db->quote($GRANT['id']);
$db->exec($sql);
if (!$db->commit()) {
logDBError($db, "cannot commit new ticket to database");
return failUpload($tmpFile);
}
// fetch defaults
$sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id);
$DATA = $db->query($sql)->fetch();
if (!empty($GRANT['pass'])) {
$DATA['pass'] = $GRANT['pass'];
}
// trigger use hooks
onGrantUse($GRANT, $DATA);
return $DATA;
}