if ($_FILES['txtFile']['error'] && $_FILES['txtFile']['name']) { $blnSubmitForm = false; $strFileSubmitError = $CMS->FL->SubmissionError($_FILES['txtFile']['error']); $strFileError = $CMS->AC->InvalidFormData($strFileSubmitError); } $FU = new FileUpload(); if ($_FILES['txtFile']['name']) { $FU->Setup($_FILES['txtFile']['name'], "Avatar", ""); } else { $blnSubmitForm = false; $strFileError = $CMS->AC->InvalidFormData(""); } // Check file size if ($_FILES['txtFile']['size'] > $intMaxFileSize) { $blnSubmitForm = false; $strFileError = $CMS->Err_MWarn(M_ERR_UPLOAD_FILESIZE, $FU->GetDBFilePath()); } // Prevent two uploads referencing the same file if ($_FILES['txtFile']['name']) { if ($CMS->FL->IsDuplicateFile($FU->GetDBFilePath(), "")) { $blnSubmitForm = false; $strFileError = $CMS->Err_MWarn(M_ERR_UPLOAD_DUPLICATE, $FU->GetDBFilePath()); } // Is this a valid image? $strExtension = $CMS->GetExtensionFromPath($FU->GetDBFilePath()); if (strtoupper($strExtension) != "JPG" && strtoupper($strExtension) != "PNG") { $blnSubmitForm = false; $strFileError = $CMS->Err_MWarn(M_ERR_UPLOAD_NOT_IMAGE, $FU->GetDBFilePath()); } } if ($blnSubmitForm) {
if ($_FILES['txtFile']['error'] && $_FILES['txtFile']['name']) { $blnSubmitForm = false; $strFileSubmitError = $CMS->FL->SubmissionError($_FILES['txtFile']['error']); $strFileError = $CMS->AC->InvalidFormData($strFileSubmitError); } // OK to upload? $FU = new FileUpload(); if ($_FILES['txtFile']['name']) { $FU->Setup($_FILES['txtFile']['name'], "File", "Upload"); } elseif ($_POST['txtFileLocation']) { $FU->Setup($_POST['txtFileLocation'], "File", "Link"); } // Prevent two uploads referencing the same file if ($_FILES['txtFile']['name']) { $strCurrentFileID = $blnExistingAttachment ? $intFileID : ""; if ($CMS->FL->IsDuplicateFile($FU->GetDBFilePath(), $strCurrentFileID)) { $blnSubmitForm = false; $strFileError = $CMS->Err_MWarn(M_ERR_UPLOAD_DUPLICATE, $FU->GetDBFilePath()); } else { // Is this a valid file? $fileExtension = $CMS->GetExtensionFromPath($FU->GetDBFilePath()); $fileExtension = strtoupper($fileExtension); $allowedTypesArray = explode(",", C_ALLOWED_FILE_TYPES); if (!in_array($fileExtension, $allowedTypesArray)) { $blnSubmitForm = false; $strFileError = $CMS->Err_MWarn("For security reasons, this file type is not permitted. [{$fileExtension}]", $FU->GetDBFilePath()); } } } } // ** Check if OK to submit ** //