function upload($pdo) { $error = true; if (validRequest()) { if (isset($_GET['token'], $_SESSION['token']) && $_GET['token'] == $_SESSION['token']) { if (isset($_FILES["file"]) && isset($_POST['title']) && !empty($_POST['title'])) { $upload_dir = "files/"; $target_file = $upload_dir . basename($_FILES["file"]["name"]); $fileType = pathinfo($target_file, PATHINFO_EXTENSION); $file_name = rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9); $target_file = $upload_dir . $file_name . '.' . $fileType; if ($_FILES["file"]["size"] <= 4000000) { if (in_array($fileType, array('pdf', 'jpg', 'gif', 'png', 'bmp', 'doc', 'docx', 'ppt', 'mp3', 'mp4', 'xls', 'xlsx', 'zip', 'rar', 'gz', 'txt'))) { if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) { $file = array('name' => $target_file, 'size' => formatbytes($target_file, "KB"), 'type' => strtoupper($fileType)); $sql = "insert into cmsfiles(`uId`,`file`,`title`,`size`,`type`) value(:uId,:file,:title,:size,:type)"; $stmt = $pdo->prepare($sql); $stmt->bindValue(':uId', $_SESSION['userId'], PDO::PARAM_INT); $stmt->bindValue(':file', $file['name'], PDO::PARAM_STR); $stmt->bindValue(':size', $file['size'], PDO::PARAM_STR); $stmt->bindValue(':type', $file['type'], PDO::PARAM_STR); $stmt->bindValue(':title', filter_var($_POST['title'], FILTER_SANITIZE_STRING), PDO::PARAM_STR); $stmt->execute(); $stmt = $pdo->query("SELECT LAST_INSERT_ID()"); $last_id = $stmt->fetchColumn(0); $error = false; } } } } } } if ($error) { _log('error_upload', 'Avoid incorrect information', 'user id=' . isset($_SESSION['userId']) ? $_SESSION['userId'] : 'null'); echo 'Error'; exit; } else { _log('info_upload', '1 file(s) successfully added to the cms file manager'); if (ajax()) { echo json_encode(array("error" => "0", "title" => $_POST['title'], "size" => $file['size'], "type" => $file['type'], "name" => $file['name'], "id" => $last_id)); exit; } else { redirect(BASE_PATH . '/filemanage/', 1); } } }
function upload($pdo) { $error = true; if (validRequest()) { if (isset($_GET['token'], $_SESSION['token']) && $_GET['token'] == $_SESSION['token']) { if (isset($_FILES["file"]) && isset($_POST['title']) && !empty($_POST['title'])) { $upload_dir = "assets/d/" . $_SESSION['username'] . "/"; $target_file = $upload_dir . basename($_FILES["file"]["name"]); $fileType = pathinfo($target_file, PATHINFO_EXTENSION); $file_name = rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9) . rand(1, 9); $target_file = $upload_dir . $file_name . ".pdf"; if ($_FILES["file"]["size"] <= 4000000) { if ($fileType == "pdf") { if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) { $file = array('name' => $_SESSION['username'] . '_' . $file_name, 'size' => formatbytes($target_file, "KB")); $sql = "insert into `files`(`uId`,`file`,`title`,`size`,`quantity`) values(:uId,:file,:title,'" . $file['size'] . "',0)"; $stmt = $pdo->prepare($sql); $stmt->bindValue(':uId', $_SESSION['userId'], PDO::PARAM_INT); $stmt->bindValue(':file', $file['name'], PDO::PARAM_STR); $stmt->bindValue(':title', filter_var($_POST['title'], FILTER_SANITIZE_STRING), PDO::PARAM_STR); $stmt->execute(); $stmt = $pdo->query("SELECT LAST_INSERT_ID()"); $last_id = $stmt->fetchColumn(0); $error = false; } } } } } } if ($error) { _log('error_upload', 'Avoid incorrect information', 'user id=' . isset($_SESSION['userId']) ? $_SESSION['userId'] : 'null'); echo 'Error'; } else { _log('info_upload', '1 file(s) successfully added to the file manager'); if (ajax()) { echo json_encode(array('error' => 0, 'title' => $_POST['title'], 'size' => $file['size'], "id" => $last_id)); exit; } else { redirect(BASE_PATH . '/filemanage/', 1); } } }
#====================== $sql = "select count(*) from article"; $stmt = $pdo->query($sql); $count = $stmt->fetchColumn(0); ##SET OUTPUT## $paginate->init($count, $item_pre_page, $btn_pre_page, $page, array('template' => '<a href="{url}"><li class="tooltip" title="{info}">{number}</li></a>', 'info' => 'page {currentPage} of {totalPages}', 'currentItemTemplate' => '<a href="{url}"><li class="active tooltip" title="{info}">{number}</li></a>', 'url' => '/event/', 'urlParameters' => 'do=article&token=' . $_SESSION['token'], 'separator' => "\n")); $pageLink = $paginate->displayLink(); #====================== #OUTPUT echo implode("\n", $html); echo "\n<br/>\n"; echo $pageLink; } } $error = true; if (validRequest()) { if (isset($_SESSION['login']) && $_SESSION['permission'] == 'admin') { if (isset($_GET['token']) && $_GET['token'] == $_SESSION['token']) { $error = false; $do = 'info'; if (isset($_GET['do']) && !empty($_GET['do'])) { $do = trim(strtolower($_GET['do'])); } switch ($do) { case 'info': echo info($pdo); break; case 'article': article($pdo); break; case 'thesis':
$mail->AltBody = 'This is the body in plain text for non-HTML mail clients'; $mail->send(); #================================== } } } redirect(BACK_ADDRESS, 1); }); $app->getDO('wait', ['auth_login' => true, 'get_token' => 'auth_token', validRequest() => true], function () use($pdo) { if ($_SESSION['permission'] == 'admin' && isset($_GET['article']) && !empty($_GET['article']) && intval($_GET['article'])) { $sql = "update article set status=0 where id=:art"; $stmt = $pdo->prepare($sql); $stmt->bindvalue(':art', filter_var($_GET['article'], FILTER_SANITIZE_STRING), PDO::PARAM_INT); $stmt->execute(); } redirect(BACK_ADDRESS, 1); }); $app->getDO('closed', ['auth_login' => true, 'get_token' => 'auth_token', validRequest() => true], function () use($pdo) { if ($_SESSION['permission'] == 'admin' && isset($_GET['article']) && !empty($_GET['article']) && intval($_GET['article'])) { $sql = "update article set status=2 where id=:art"; $stmt = $pdo->prepare($sql); $stmt->bindvalue(':art', filter_var($_GET['article'], FILTER_SANITIZE_STRING), PDO::PARAM_INT); $stmt->execute(); } redirect(BACK_ADDRESS, 1); }); $app->defaultRoute(['do' => 'view']); app::$errorHandler = function () { redirect(BASE_PATH . '/index.php', 1); }; $app->run();
$Id: install-plugin.php 37157 2009-05-28 12:31:10Z andrew.hill $ */ global $installing; $installing = true; require_once '../../init.php'; define('OA_UPGRADE_UPGRADE', 35); define('OA_UPGRADE_INSTALL', 36); // Load session data (required for login check) require_once MAX_PATH . '/www/admin/lib-sessions.inc.php'; phpAds_SessionDataFetch(); // Hack! - Plugins pre 2.7.31 may require [pluginpaths][extensions] to be set $GLOBALS['_MAX']['CONF']['pluginPaths']['extensions'] = $GLOBALS['_MAX']['CONF']['pluginPaths']['plugins']; $GLOBALS['_MAX']['CONF']['pluginPaths']['packages'] = $GLOBALS['_MAX']['CONF']['pluginPaths']['extensions'] . 'etc/'; $aErrors = array(); $result = array('name' => '', 'status' => 'Invalid Request', 'errors' => &$aErrors); if (validRequest($result)) { if ($_REQUEST['status'] === '0') { $result = installPlugin($_REQUEST['plugin']); } else { if ($_REQUEST['status'] === '1') { $result = checkPlugin($_REQUEST['plugin']); } } } // Undo hack unset($GLOBALS['_MAX']['CONF']['pluginPaths']['extensions']); $oSettings = new OA_Admin_Settings(); $oSettings->writeConfigChange(); require_once MAX_PATH . '/lib/JSON/JSON.php'; $json = new Services_JSON(); $output = $json->encode($result);
if (isset($_SESSION['login']) && isset($_SESSION['permission']) && $_SESSION['permission'] == 'admin' && validRequest()) { if (isset($_GET['token']) && $_GET['token'] == $_SESSION['token']) { echo edit_source($pdo); } } break; case 'make_default': if (isset($_SESSION['login']) && isset($_SESSION['permission']) && $_SESSION['permission'] == 'admin' && validRequest()) { if (isset($_GET['token']) && $_GET['token'] == $_SESSION['token']) { make_default($pdo); } } break; case 'delete': if (isset($_SESSION['login']) && isset($_SESSION['permission']) && $_SESSION['permission'] == 'admin' && validRequest()) { if (isset($_GET['token']) && $_GET['token'] == $_SESSION['token']) { delete($pdo); } } break; case 'delete_source': if (isset($_SESSION['login']) && isset($_SESSION['permission']) && $_SESSION['permission'] == 'admin' && validRequest()) { if (isset($_GET['token']) && $_GET['token'] == $_SESSION['token']) { delete_source($pdo); } } break; } ?> </div> </center>