protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, $index = null, $content_range = null)
{
global $hn, $dbConnection;
$file = new \stdClass();
$file->name2 = $this->get_unique_filename($uploaded_file, $name, $size, $type, $error, $index, $content_range);
$fn = $this->get_file_name($uploaded_file, $name, $size, $type, $error, $index, $content_range);
$exter = pathinfo($fn, PATHINFO_EXTENSION);
$fhash = randomhash();
$file->name = $fhash . "." . $exter;
$file->size = $this->fix_integer_overflow(intval($size));
$file->type = $type;
if ($this->validate($uploaded_file, $file, $error, $index)) {
$this->handle_form_data($file, $index);
$upload_dir = $this->get_upload_path();
if (!is_dir($upload_dir)) {
mkdir($upload_dir, $this->options['mkdir_mode'], true);
}
$file_path = $this->get_upload_path($file->name);
$append_file = $content_range && is_file($file_path) && $file->size > $this->get_file_size($file_path);
if ($uploaded_file && is_uploaded_file($uploaded_file)) {
// multipart/formdata uploads (POST method uploads)
if ($append_file) {
file_put_contents($file_path, fopen($uploaded_file, 'r'), FILE_APPEND);
} else {
move_uploaded_file($uploaded_file, $file_path);
}
} else {
// Non-multipart uploads (PUT method support)
file_put_contents($file_path, fopen('php://input', 'r'), $append_file ? FILE_APPEND : 0);
}
$file_size = $this->get_file_size($file_path, $append_file);
if ($file_size === $file->size) {
$file->url = $this->get_download_url($file->name);
if ($this->is_valid_image_file($file_path)) {
$this->handle_image_file($file_path, $file);
}
} else {
$file->size = $file_size;
if (!$content_range && $this->options['discard_aborted_uploads']) {
unlink($file_path);
$file->error = $this->get_error_message('abort');
}
}
$this->set_additional_file_properties($file);
$stmt = $dbConnection->prepare('insert into files
(ticket_hash, original_name, file_hash, file_type, file_size, file_ext) values
(:ticket_hash, :original_name, :file_hash, :file_type, :file_size, :file_ext)');
$stmt->execute(array(':ticket_hash' => $hn, ':original_name' => $file->name2, ':file_hash' => $fhash, ':file_type' => $type, ':file_size' => $size, ':file_ext' => $exter));
}
return $file;
//$exter = pathinfo($file, PATHINFO_EXTENSION);
//$fhash=randomhash();
/*
$stmt = $dbConnection->prepare('insert into files
(ticket_hash, original_name, file_hash, file_type, file_size, file_ext) values
(:ticket_hash, :original_name, :file_hash, :file_type, :file_size, :file_ext)');
$stmt->execute(array(
':ticket_hash' =>$hn,
':original_name'=>$name,
':file_hash' =>$fhash,
':file_type' =>$type,
':file_size' =>$size,
':file_ext' =>$exter
));
*/
// $fileName_norm = $fhash.".".$exter;
}
<?php
require_once '../phpfunctions.php';
//include_once '../casconnect.php';
include_once '../dbconnect.php';
if (isset($_REQUEST['room']) && $_REQUEST['room'] != 0) {
$room = mysqli_real_escape_string($mysqli, $_REQUEST['room']);
$id = $_REQUEST['id'];
$query = "SELECT * FROM clock WHERE userid = {$id} AND timeout = '0000-00-00 00:00:00'";
$result = $mysqli->query($query);
if ($result->num_rows == 0) {
$query = "INSERT INTO clock(userid, roomid, hash) VALUES('{$id}', '{$room}', '" . randomhash() . "')";
$mysqli->query($query);
}
}
if (isset($_REQUEST['id']) && !isset($_REQUEST['room']) && $_REQUEST['id'] != 0) {
$id = $_REQUEST['id'];
$query = "DELETE FROM clock WHERE userid='{$id}'";
$mysqli->query($query);
}
if (isset($_REQUEST['giveachievement']) && $_REQUEST['giveachievement'] != 0) {
$giveachievement = mysqli_real_escape_string($mysqli, $_REQUEST['giveachievement']);
$query = "SELECT * FROM levels WHERE achievementid = {$giveachievement} ORDER BY level ASC";
//echo $query . '<BR>';
$result = $mysqli->query($query);
$i = 1;
while ($row = $result->fetch_assoc()) {
echo '<option value="' . $i . '">Level ' . $i . '</option>';
$i++;
}
}
$maxsize = 30097152;
if (isset($_FILES["myfile"])) {
$ret = array();
$error = $_FILES["myfile"]["error"];
$flag = false;
//You need to handle both cases
//If Any browser does not support serializing of multiple files using FormData()
if (!is_array($_FILES["myfile"]["name"])) {
$fileName = $_FILES["myfile"]["name"];
$filetype = $_FILES["myfile"]["type"];
$filesize = $_FILES["myfile"]["size"];
if ($_FILES["myfile"]["size"] > $maxsize) {
$flag = true;
}
if (!in_array($_FILES["myfile"]["type"], $acceptable) && !empty($_FILES["myfile"]["type"])) {
$flag = true;
}
if ($flag == false) {
$fhash = randomhash();
$ext = pathinfo($fileName, PATHINFO_EXTENSION);
$fileName_norm = $fhash . "." . $ext;
move_uploaded_file($_FILES["myfile"]["tmp_name"], $output_dir . $fileName_norm);
$stmt = $dbConnection->prepare('insert into files
(ticket_hash, original_name, file_hash, file_type, file_size, file_ext) values
(:ticket_hash, :original_name, :file_hash, :file_type, :file_size, :file_ext)');
$stmt->execute(array(':ticket_hash' => $hn, ':original_name' => $fileName, ':file_hash' => $fhash, ':file_type' => $filetype, ':file_size' => $filesize, ':file_ext' => $ext));
}
$ret[] = $fileName_norm;
}
echo json_encode($ret);
}
}
if ($done == false) {
$reqAch = $levelRow['id'];
$query = "SELECT * FROM achievementList WHERE id = {$achievement}";
$result = $mysqli->query($query);
$row = $result->fetch_assoc();
$userrow['name'] = $row['name'];
$userrow['level'] = $level;
$query = "SELECT requests.*, levels.level FROM requests INNER JOIN levels ON levels.id = requests.achievementid WHERE requests.requesterid = '{$userid}' AND requests.achievementid = '{$reqAch}' AND requests.status = 0";
$result = $mysqli->query($query);
if ($result->num_rows > 0) {
//Already Under Review
$row = $result->fetch_assoc();
echo "<script>alert('You already have an open request to be reviewed for level " . $row['level'] . " of the " . $userrow['name'] . " achievement. Please wait for the that review to complete.');</script>";
} else {
$userrow['hash'] = randomhash();
$mysqli->query("INSERT INTO requests(requesterid, achievementid, hash, evidence) VALUES('{$userid}', '{$reqAch}', '" . $userrow['hash'] . "', '{$evidence}')");
$requestid = $mysqli->insert_id;
//Email the requester with information
$query = "SELECT * FROM achievementList WHERE id = {$achievement}";
$result = $mysqli->query($query);
$row = $result->fetch_assoc();
$userrow['name'] = $row['name'];
$userrow['level'] = $level;
email_message('Achievement Request', $userrow['onid'] . '@oregonstate.edu', create_message('./emails/request.eml', $userrow));
//Identify reviewers
$query = "SELECT DISTINCT users.* FROM users INNER JOIN achievements ON achievements.userid = users.id INNER JOIN levels ON levels.id = achievements.levelid WHERE achievements.achievementid = {$achievement} AND levels.level >= {$level} GROUP BY users.id LIMIT 5";
//echo $query . '<BR>';
$result = $mysqli->query($query);
while ($row = $result->fetch_assoc()) {
//echo 'Emailing: ' . $row['username'] . '<BR>';
