<br><input type="file" name="files[]" style="width:170px;">
<br><input type="file" name="files[]" style="width:170px;">
<br><input type="file" name="files[]" style="width:170px;">
<br><input type="file" name="files[]" style="width:170px;">
<br><input type="file" name="files[]" style="width:170px;">
<br><input type="file" name="files[]" style="width:170px;">
<br><input type="file" name="files[]" style="width:170px;">
<br><input type="file" name="files[]" style="width:170px;">
<br><br>Notice: The maximum filesize for upload - <b>'.show_size(false,true,return_bytes(ini_get('upload_max_filesize'))).'</b>.<br>
<br><input type="submit" value="upload">
</form>');
}else
{
$nomain=false;
$success = upload_files();
if($success) light_message('Files were successfully uploaded to server');
else light_message('There were some errors while uploading.');
}
break;
case 'upload-new':
case 'download-new':
if( ($mess=update_dolphin('light_message')) !== NEED_UPLOAD && $mess === true)
{
light_message('Update completed successfully.');
}else if( $mess === NEED_UPLOAD )
{
light_message('<form action="index.php?act=upload-new" method="POST" enctype="multipart/form-data">
To upload new version of '.SNAME.', you need to <a href="'.MASTER_SITE.'/files/dolphin-current.zip">download the latest version of '.SNAME.'</a> and upload it here. All required operations will be done automatically.
$action = "unknown";
} else {
$action = $_GET["action"];
}
switch ($action) {
case "showposition":
downfile($info["gdir"] . "/position.txt");
break;
case "showreadme":
downfile($info["gdir"] . "/readme.txt");
break;
case "showsynonim":
downfile($info["gdir"] . "/synonim.txt");
break;
case "update":
upload_files($info);
header("Location: genome.php?action=menu&id=" . $info["gid"]);
break;
case "delete":
delete_genome($info);
clus_head();
show_menu();
echo "Genome number " . $info["gid"] . " with code " . $info["gcode"];
echo " deleted<br />";
echo "<a href=\"..\">";
echo "Go to main page</a>";
clus_end();
break;
case "menu":
clus_head();
show_menu();
}
$i++;
}
echo "<success/>\n </upload_files>\n ";
}
if (0) {
$r = simplexml_load_string("<query_files>\n<batch_id>0</batch_id>\n <md5>80bf244b43fb5d39541ea7011883b7e0</md5>\n <md5>a6037b05afb05f36e6a85a7c5138cbc1</md5>\n</query_files>\n ");
submit_batch($r);
exit;
}
if (0) {
$r = simplexml_load_string("<upload_files>\n<authenticator>157f96a018b0b2f2b466e2ce3c7f54db</authenticator>\n<batch_id>1</batch_id>\n<md5>80bf244b43fb5d39541ea7011883b7e0</md5>\n<md5>a6037b05afb05f36e6a85a7c5138cbc1</md5>\n</upload_files>");
upload_files($r);
exit;
}
xml_header();
$req = $_POST['request'];
$r = simplexml_load_string($req);
if (!$r) {
xml_error(-1, "can't parse request message: {$req}", __FILE__, __LINE__);
}
switch ($r->getName()) {
case 'query_files':
query_files($r);
break;
case 'upload_files':
upload_files($r);
break;
default:
xml_error(-1, "no such action");
}
function ftp_sync_callback($data)
{
global $ftpHost, $ftpPort, $ftpUser, $ftpPass, $activeMode, $local_media_dir, $remote_media_dir, $local_theme_dir, $remote_theme_dir, $local_plugin_dir, $remote_plugin_dir;
// start session
session_start();
$type = sanitize_text_field($_POST['type']);
switch ($type) {
case "theme":
$name = "Theme";
$local_dir = $local_theme_dir;
$remote_dir = $remote_theme_dir;
break;
case "media":
$name = "Media";
$local_dir = $local_media_dir;
$remote_dir = $remote_media_dir;
break;
case "plugin":
$name = "Plugin";
$local_dir = $local_plugin_dir;
$remote_dir = $remote_plugin_dir;
break;
default:
break;
}
$step = sanitize_text_field($_POST['step']);
switch ($step) {
case 1:
$html = "<p><strong>{$name} Files</strong></p>Testing FTP Connection... ";
$step++;
break;
case 2:
$result = get_ftp_connection($ftpHost, $ftpPort, $ftpUser, $ftpPass, $activeMode, true);
$html = $result[1];
if ($result[0]) {
$step++;
} else {
$step = false;
}
break;
case 3:
$html = "Verifying remote {$type} directory... ";
$step++;
break;
case 4:
$verified = verify_remote_dir($remote_dir);
if ($verified) {
$html = "OK<br/>";
$step++;
$step = 7;
} else {
$html = "<br/>ERROR: <strong>{$remote_dir}</strong> does not exist on the server<br/>";
$step = false;
}
break;
case 5:
// this is being skipped for now
$html = "Syncing Timezones... ";
$step++;
break;
case 6:
// this is being skipped for now
$ftp = get_ftp_connection($ftpHost, $ftpPort, $ftpUser, $ftpPass, $activeMode, false);
$html = sync_timezones($ftp, $local_dir, $remote_dir);
ftp_close($ftp);
$step++;
break;
case 7:
$html = "Scanning local {$type} files... ";
$step++;
break;
case 8:
$html = scan_local_files($local_dir . "/");
$step++;
break;
case 9:
$html = "Scanning remote {$type} files... ";
$step++;
break;
case 10:
$ftp = get_ftp_connection($ftpHost, $ftpPort, $ftpUser, $ftpPass, $activeMode, false);
$html = scan_remote_files($ftp, $remote_dir);
ftp_close($ftp);
$step++;
break;
case 11:
$html = "Comparing {$type} files... ";
$step++;
break;
case 12:
$html = compare_files($local_dir, $remote_dir);
$step++;
break;
case 13:
$local_files = $_SESSION['local_files_to_upload'];
if ($local_files) {
$total = 0;
foreach ($local_files as $file) {
$total += filesize($file);
}
$html = "Uploading " . ceil(count($local_files)) . " newer {$type} files (" . round($total / 1024 / 1024, 2) . " MB)... \r\n\t\t\t\t\t<span id='upload'>(est. <span>\r\n\t\t\t\t\t\t<script type='text/javascript'>\r\n\t\t\t\t\t\t\tvar sec = " . ceil($total / 1024 / 15) . "\r\n\t\t\t\t\t\t\tvar timer = setInterval(function() { \r\n\t\t\t\t\t\t\t jQuery('#upload span').text(sec--);\r\n\t\t\t\t\t\t\t if (sec === -1) {\r\n\t\t\t\t\t\t\t clearInterval(timer);\r\n\t\t\t\t\t\t\t } \r\n\t\t\t\t\t\t\t}, 1000);\r\n\t\t\t\t\t\t</script>\r\n\t\t\t\t\t</span> seconds)... </span> ";
$step++;
} else {
$html = "No local {$type} files to upload.<br/>";
$step = 15;
}
break;
case 14:
$local_files = $_SESSION['local_files_to_upload'];
$ftp = get_ftp_connection($ftpHost, $ftpPort, $ftpUser, $ftpPass, $activeMode, false);
$html = upload_files($ftp, $remote_dir, $local_dir, $local_files, $activeMode);
ftp_close($ftp);
$html = "OK<br/>";
$step++;
break;
case 15:
$html = "<script type='text/javascript'>jQuery('#upload').fadeOut('fast');</script>";
$remote_files = $_SESSION['remote_files_to_download'];
if ($remote_files) {
$total = 0;
$ftp = get_ftp_connection($ftpHost, $ftpPort, $ftpUser, $ftpPass, $activeMode, false);
foreach ($remote_files as $file) {
$total += ftp_size($ftp, $file);
}
ftp_close($ftp);
$html .= "Downloading " . ceil(count($remote_files)) . " newer {$type} files (" . round($total / 1024 / 1024, 2) . " MB)... \r\n\t\t\t\t\t<span id='download'>(est. <span>\r\n\t\t\t\t\t\t<script type='text/javascript'>\r\n\t\t\t\t\t\t\tvar sec2 = " . ceil($total / 1024 / 64) . "\r\n\t\t\t\t\t\t\tvar timer2 = setInterval(function() { \r\n\t\t\t\t\t\t\t jQuery('#download span').text(sec2--);\r\n\t\t\t\t\t\t\t if (sec2 === -1) {\r\n\t\t\t\t\t\t\t clearInterval(timer2);\r\n\t\t\t\t\t\t\t } \r\n\t\t\t\t\t\t\t}, 1000);\r\n\t\t\t\t\t\t</script>\r\n\t\t\t\t\t</span> seconds)... </span> ";
$step++;
} else {
$html .= "No remote {$type} files to download.<br/>";
$step = 17;
// all done
}
break;
case 16:
$remote_files = $_SESSION['remote_files_to_download'];
$local_dir_fixed = str_replace('/', '\\', $local_dir);
// correct slashes in localRoot
$ftp = get_ftp_connection($ftpHost, $ftpPort, $ftpUser, $ftpPass, $activeMode, false);
$html = download($ftp, $remote_dir, $local_dir, $remote_files, $activeMode);
ftp_close($ftp);
$html = "OK<br/>";
$step++;
break;
case 17:
$html = "<script type='text/javascript'>jQuery('#download').fadeOut('fast');</script>";
$step++;
break;
default:
$_SESSION = array();
// get rid of all session data for next sync
$step = false;
break;
}
echo json_encode(array('step' => $step, 'html' => $html, 'type' => $type));
die;
// this is required to return a proper result
}
/**
* update_dolphin is a system function for Dolphin.php . You need to specify the function to print errors, if they happen. update_dolphin requires $_REQUEST['act'] to be set to 'upload-new' or 'download-new', and returns NEED_UPLOAD if it needs to show the upload form (it happens if it cannot download the archive from site). The upload form must contain an input field with name "files[]". If all is ok, returns TRUE, otherwise returns string, containing error description or special NEED_UPLOAD. You need to check for TRUE using === operator.
*
* @param string $print_err_func
* @return mixed
*/
function update_dolphin($print_err_func)
{
if(IS_DEVELOPER) return 'This operation is not permitted for you';
ini_set('display_errors', 'On');
/* disable attempts to download the archive with Dolphin.php by itself */
if(!CAN_SELFUPDATE) $_REQUEST['act'] = 'upload-new';
$tmp =get_tmp_dir();
if(!$tmp) return 'No suitable temp directory found';
$tmp = abs_path($tmp);
$root = abs_path(ROOT);
if(!$tmp || $tmp == $root || substr($tmp, 0, strlen($root)) == $root)
{
/* TODO: write normal answer if $tmp is ROOT or subdirectory of ROOT */
return 'Update is impossible. '.reason();
}
chdir($tmp);
if(empty($_FILES['files']) && $_REQUEST['act']!='download-new')
{
return NEED_UPLOAD;
}
if($_REQUEST['act']!='download-new') upload_files($tmp);
else
{
$build = file_get_contents(MASTER_SITE.'files/dolphin-build.txt');
$errtext = 'It seems that your server does not allow outgoing connections for PHP scripts, or '.MASTER_SITE.' is down. Try to upload archive with '.SNAME.' manually.';
if(!$build) return NEED_UPLOAD;
if(BUILD >= $build) return 'Your build is up-to-date';
$dolphin = file_get_contents(MASTER_SITE.'files/dolphin-current.zip');
if(!$dolphin) return NEED_UPLOAD;
if(!d_file_put_contents($tmp.'/dolphin-current.zip', $dolphin)) return 'Cannot write '.show_file($tmp.'/dolphin-current.zip','file').' ('.$tmp.'/dolphin-current.zip).'.reason();
}
$f = $tmp.'/dolphin-current.zip';
if(!file_exists($f)) return '<b>dolphin-current.zip</b> was not found';
d_copy(ROOT.'/config.php',$cfg_old=$tmp.'/dolphin_config.php');
require_once(ROOT.'/system/libs/pclzip.php');
umask(0);
/* note, that we check if extracting is possible _before_ deleting ROOT */
$e=new PclZip($f);
//echo '<!--';
//echo 'file: '.$f.'<br>';
// some hosters require PHP files and folders with PHP scripts to have special rights, so we need to
// save rights for some essensial files
$tochmod = array('','system','index.php','system/download.php','system/preview.php');
$rights = array();
foreach($tochmod as $v) $rights[ROOT.'/'.$v] = get_rights(ROOT.'/'.$v);
d_remove(ROOT);
//echo 'Removed ROOT.<br>';
d_mkdir(ROOT,777);
setwritable(ROOT);
//echo 'Created ROOT.<br>';
//echo 'ROOT is writable: '.(is_writable(ROOT) ? 'true' : 'false').'<br>';
chdir(ROOT);
//echo 'Changed directory to ROOT.<br>';
//echo '-->';
if(!$e->extract('.')) return '<b>dolphin-current.zip</b> could not be extracted. Upload the new version <b>via FTP</b>. Here are the contents of your <b>config.php</b>:<pre>'.htmlspecialchars(d_file_get_contents($cfg_old)).'</pre>';
foreach($rights as $k=>$v) d_chmod($k,$v);
if(!empty($_POST['save-login']) || $_REQUEST['act']=='download-new')
{
/* delete BUILD, VERSION and NAME from config.php, they are now in core.php for compatibilty */
$conf = d_file_get_contents($cfg_old);
$conf = preg_replace('/define\\(\'(BUILD|VERSION|NAME)\'.*\\)\\;/sU','',$conf);
d_file_put_contents(ROOT.'/config.php', $conf);
$core = d_file_get_contents(ROOT.'/system/core.php');
if(!$core)
{
$build = "undefined";
}else
{
preg_match("/define\\('BUILD'\\,([0-9]+)\\)/is", $core, $m);
$build = $m[1];
}
//echo '<!--Writing new information about build: '.$build.' and '.$version.'<br>-->';
}
d_unlink($f);
//echo '<!-- Deleting archive<br> -->';
if($build!='undefined' && $build > BUILD)
{
d_unlink($cfg_old);
return true;
}
return 'Update did not complete successfully. Please upload the new version <b>via FTP</b>. Here are the contents of your previous <b>config.php</b>:<pre>'.htmlspecialchars(d_file_get_contents($cfg_old)).'</pre>';
}
'total' => show_size(false,true,$_SESSION['TOTAL_BYTES']),
'speed' => show_size(false,true, floor($_SESSION['TOTAL_BYTES'] - $prev_bytes) / (array_sum(explode(' ', microtime())) - START_TIME)) . '/sec',
'end' => $end,
'success' => $success,
);
}
break;
case 'cancel_copy':
$_SESSION['copy']=$_SESSION['cut']=array();
$_SESSION['CPCACHE'] = false;
unset($_SESSION['CPCACHE']);
$_RESULT = true;
break;
case 'upload':
$_RESULT = upload_files(clean($_REQUEST['DIR']));
if(!$_RESULT) echo 'Could not upload files.'.reason();
break;
case 'show-properties':
//array_display($_SESSION);
if(empty($_SESSION['SPCACHE']) || $_SESSION['SPFILEZ']!=$fz) /* Show Properties Cache */
{
$_SESSION['TOTAL_BYTES'] = $_SESSION['DIRS'] = $_SESSION['FILES'] = 0;
$_SESSION['RIGHTS'] = $_SESSION['UIDS'] = $_SESSION['GIDS'] = array();
$_SESSION['SPCACHE'] = multipart_begin(array(
'basedir' => dirname($fz[0]),
'files' => array_map('basename', $_SESSION['SPFILEZ'] = $fz),
'processors' => array('size'),
));
failure_actions_taken();
break;
case 'failure_details':
failure_details();
break;
case 'failure_details_others':
failure_details_others();
break;
case 'failure_pictures':
failure_pictures();
break;
case 'failure_audios':
failure_audios();
break;
case 'upload_files':
upload_files();
break;
}
//******************************************* Complaint Section Start **************************************************************
function complaint()
{
$updated_by = $_POST['emp_code'];
$complaint_nos = $_POST["complaint_no"];
$date_time = $_POST["date_time"];
$dealer_code = $_POST["dealer_code"];
$location_id = $_POST["location_id"];
$emp_code = $_POST["emp_code"];
$cust_name = $_POST["cust_name"];
$cust_address = $_POST["cust_address"];
$cust_email = $_POST["cust_email"];
$cust_mobile = $_POST["cust_mobile"];
if (!in_array($upload_file, $file)) {
echo "<script type='text/javascript'>alert('Hello, can only import EXCEL file!');window.history.back();</script>";
exit;
}
if (move_uploaded_file($tmp_name, $uploadfile)) {
return $uploadfile;
} else {
if (copy($tmp_name, $uploadfile)) {
return $uploadfile;
} else {
return false;
}
}
}
$excFile = $_FILES['file'];
$aa = upload_files($excFile);
$upload_file = strtolower(end(explode(".", $_FILES['file']['name'])));
if ($upload_file == 'xls') {
$reader = PHPExcel_IOFactory::createReader('Excel5');
// 2007以下用:Excel5 , 2007用:Excel2007
} else {
echo "<script type='text/javascript'>alert('Sorry,please upload xls file!');window.history.back();</script>";
exit;
}
/*
elseif ($upload_file == 'csv') {
$reader = PHPExcel_IOFactory::createReader ( 'csv' );
} else {
$reader = PHPExcel_IOFactory::createReader ( 'Excel2007' ); // 2007以下用:Excel5 , 2007用:Excel2007
}*/
$PHPExcel = $reader->load($aa);
} else {
$pinned_mode = '0';
$closed_mode = '0';
}
}
}
}
} else {
$query = "SELECT pinned_mode,closed_mode FROM {$CONFIG_sql_cpdbname}.board_topic WHERE topic_id=\"" . mysql_res($POST_t) . "\"";
$sql->result = $sql->execute_query($query, 'insert_topic.php');
while ($row_topicdata = $sql->fetch_row()) {
$pinned_mode = $row_topicdata[pinned_mode];
$closed_mode = $row_topicdata[closed_mode];
}
}
$files_upload = upload_files($_FILES['attach']);
$flood_timer = $CP['time'] + $CONFIG_delay_post;
$POST_t_mes = checkstring($POST_t_mes, 1);
$POST_t_emo = (int) $POST_t_emo;
$sql->execute_query("UPDATE {$CONFIG_sql_cpdbname}.user_profile SET user_ranking=user_ranking+1,user_flood_protection=\"" . mysql_res($flood_timer) . "\" WHERE user_id = \"" . $CP['login_id'] . "\"", 'insert_topic.php');
$sql->execute_query("UPDATE {$CONFIG_sql_cpdbname}.board_topic SET pinned_mode=\"" . mysql_res($pinned_mode) . "\",closed_mode=\"" . mysql_res($closed_mode) . "\",topic_lastreply_name=\"" . $CP['login_id'] . "\",topic_replying=topic_replying+1,topic_last_action_date=\"" . $CP['time'] . "\" WHERE topic_id=\"" . mysql_res($POST_t) . "\"", 'insert_topic.php');
$sql->execute_query("INSERT INTO {$CONFIG_sql_cpdbname}.board_reply (topic_id,forum_id,reply_user_id,reply_emo,reply_message,reply_ip,reply_date,reply_upload) VALUES (\"" . mysql_res($POST_t) . "\",\"" . mysql_res($POST_f) . "\",\"" . $CP['login_id'] . "\",\"" . mysql_res($POST_t_emo) . "\",\"" . $POST_t_mes . "\",\"" . $CP['ip_address'] . "\",\"" . $CP['time'] . "\",\"" . mysql_res($files_upload['name']) . "\")", 'insert_topic.php');
}
}
redir("index.php?showtopic={$POST_t}&view=getnewpost", "{$files_upload['error']}{$lang['Topic_insert']}", 3);
} else {
redir("index.php?act=forum", "{$lang['No_privilege']}", 3);
}
}
if ($GET_code == 02 && check_category($POST_f) && length($POST_t_mes, 3)) {
if (check_forum_perm($POST_f, $CP['g_id'], 'reply_perm')) {
function send_message($from, $to, $message)
{
$resp = new response();
$resp->has_error = false;
if ($to == "") {
$to = $_POST['hc_to'];
}
if (strpos($to, ",") !== FALSE) {
$to_ids = explode(",", $to);
} else {
$to_ids = array($to);
}
$done = false;
$query = "SELECT id,name,username FROM " . codopm::$db_prefix . "users WHERE username=:toA OR " . codopm::$table['mail_column'] . "=:toB OR id=:toC";
$sth = codopm::$db->prepare($query);
$ins_query = "INSERT INTO codopm_messages (thread_hash,msg_from,msg_from_name,msg_to,msg_to_name,message,attachments,owner,sent,recd,time)\n VALUES(:thread_hash,:msg_from,:msg_from_name,:msg_to,:msg_to_name,:msg,:attachments,:owner,NOW(),:recd,:time)";
$ins = codopm::$db->prepare($ins_query);
foreach ($to_ids as $to) {
$to = trim($to);
if ($to == "") {
continue;
}
$sth->execute(array(':toA' => $to, ':toB' => $to, ':toC' => $to));
$red = $sth->fetch();
if (count($red) <= 0) {
$resp->has_error = true;
$resp->msg = "user not found.";
echo json_encode($resp);
return;
}
$to = $red["id"];
$to_name = htmlentities($red['name'], ENT_QUOTES, "UTF-8");
if ($to_name == null || $to_name == "") {
$to_name = $red['username'];
}
$time = microtime(true);
$thread_hash = generate_thread_hash($from, $to);
$from_name = $_SESSION[codopm::$secret . "from_name"];
if (!$done) {
//upload files only once
$file_names = upload_files($resp);
$done = true;
}
$attachments = json_encode($file_names);
$vars = array(':thread_hash' => $thread_hash, ':msg_from' => $from, ':msg_from_name' => $from_name, ':msg_to' => $to, ':msg_to_name' => $to_name, ':msg' => $message, ':attachments' => $attachments, ':owner' => $from, ':recd' => "1", ':time' => $time);
$ins->execute($vars);
if ($from != $to) {
//duplicate msg for reciever
$vars["owner"] = $to;
$vars["recd"] = "0";
$ins->execute($vars);
}
}
$resp->has_error = false;
$resp->msg_id = codopm::$db->lastInsertId();
$resp->attachments = $attachments;
$resp->msg = "Message successfully sent.";
echo json_encode($resp);
}
<?php
if (isset($_POST['S'])) {
session_id($_POST['S']);
}
include '../../system/core.php';
//file_put_contents(microtime(), print_r($_FILES,true));
/* convert $_FILES to usual format (special for SWFUpload) */
if (!empty($_FILES['Filedata'])) {
$data = $_FILES['Filedata'];
$_FILES = array('files' => array('name' => array($data['name']), 'tmp_name' => array($data['tmp_name'])));
}
if (!upload_files()) {
header('HTTP/1.1 500 File Upload Error');
if (isset($_POST['classic'])) {
echo 'An error occured while uploading files';
}
die;
} else {
if (!isset($data)) {
header('location: index.php' . (isset($_POST['classic']) ? '?classic=true&success=true' : ''));
}
}
echo 'good';
/*
*/
exit;
} else {
// mpulldown
$rd = $db->Execute('SELECT columnname,key_table FROM ' . $tableinfo->desname . " WHERE datatype='mpulldown'");
while ($rd && !$rd->EOF) {
update_mpulldown($db, $rd->fields['key_table'], $_POST['id'], $_POST[$rd->fields['columnname']]);
$rd->MoveNext();
}
// upload files and images
$rc = $db->Execute("SELECT id,columnname,datatype,thumb_x_size FROM {$tableinfo->desname} WHERE datatype='file' OR datatype='image'");
while (!$rc->EOF) {
if ($_FILES[$rc->fields['columnname']]['name'][0]) {
// delete all existing files
//delete_column_file ($db,$tableinfo->id,$rc->fields['id'],$_POST['id'],$USER);
// store the file uploaded by the user
$fileid = upload_files($db, $tableinfo->id, $_POST['id'], $rc->fields['id'], $rc->fields['columnname'], $USER, $system_settings);
if ($rc->fields['datatype'] == 'file') {
// try to convert it to an html file
if ($fileid) {
$htmlfileid = process_file($db, $fileid, $system_settings);
}
} elseif ($rc->fields['datatype'] == 'image') {
// make thumbnails and do image specific stuff
if ($fileid) {
process_image($db, $fileid, $rc->fields['thumb_x_size']);
}
}
}
$rc->MoveNext();
}
// to not interfere with search form
