} // start the output buffer ob_start(); /* main content */ // biblio topic save proccess if (isset($_POST['upload']) and trim(strip_tags($_POST['fileTitle'])) != '') { $uploaded_file_id = 0; $title = trim(strip_tags($_POST['fileTitle'])); $url = trim(strip_tags($_POST['fileURL'])); // create new sql op object $sql_op = new simbio_dbop($dbs); // FILE UPLOADING if (isset($_FILES['file2attach']) and $_FILES['file2attach']['size']) { // create upload object $file_dir = trim($_POST['fileDir']); $file_upload = new simbio_file_upload(); $file_upload->setAllowableFormat($sysconf['allowed_file_att']); $file_upload->setMaxSize($sysconf['max_upload'] * 1024); $file_upload->setUploadDir(REPO_BASE_DIR . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $file_dir)); $file_upload_status = $file_upload->doUpload('file2attach'); if ($file_upload_status === UPLOAD_SUCCESS) { $file_ext = substr($file_upload->new_filename, strrpos($file_upload->new_filename, '.') + 1); $fdata['uploader_id'] = $_SESSION['uid']; $fdata['file_title'] = $dbs->escape_string($title); $fdata['file_name'] = $dbs->escape_string($file_upload->new_filename); $fdata['file_url'] = $dbs->escape_string($url); $fdata['file_dir'] = $dbs->escape_string($file_dir); $fdata['file_desc'] = $dbs->escape_string(trim(strip_tags($_POST['fileDesc']))); $fdata['mime_type'] = $sysconf['mimetype'][$file_ext]; $fdata['input_date'] = date('Y-m-d H:i:s'); $fdata['last_update'] = $fdata['input_date'];
$data['register_date'] = date('Y-m-d'); $data['expire_date'] = simbio_date::getNextDate($mtype_data[0], $data['register_date']); } $data['pin'] = trim($dbs->escape_string(strip_tags($_POST['memberPIN']))); $data['member_address'] = trim($dbs->escape_string(strip_tags($_POST['memberAddress']))); $data['member_phone'] = trim($dbs->escape_string(strip_tags($_POST['memberPhone']))); $data['member_fax'] = trim($dbs->escape_string(strip_tags($_POST['memberFax']))); $data['postal_code'] = trim($dbs->escape_string(strip_tags($_POST['memberPostal']))); $data['member_notes'] = trim($dbs->escape_string(strip_tags($_POST['memberNotes']))); $data['member_email'] = trim($dbs->escape_string(strip_tags($_POST['memberEmail']))); $data['is_pending'] = intval($_POST['isPending']); $data['input_date'] = date('Y-m-d'); $data['last_update'] = date('Y-m-d'); if (!empty($_FILES['image']) and $_FILES['image']['size']) { // create upload object $upload = new simbio_file_upload(); $upload->setAllowableFormat($sysconf['allowed_images']); $upload->setMaxSize($sysconf['max_image_upload'] * 1024); // approx. 100 kb $upload->setUploadDir(IMAGES_BASE_DIR . 'persons'); // give new name for upload file $new_filename = 'member_' . $data['member_id']; $upload_status = $upload->doUpload('image', $new_filename); if ($upload_status == UPLOAD_SUCCESS) { $data['member_image'] = $dbs->escape_string($upload->new_filename); } } // password confirmation if ($mpasswd1 and $mpasswd2 and $mpasswd1 === $mpasswd2) { $data['mpasswd'] = 'literal{MD5(\'' . $mpasswd2 . '\')}'; }
// labels $arr_label = array(); foreach ($_POST['labels'] as $label) { if (trim($label) != '') { $arr_label[] = array($label, isset($_POST['label_urls'][$label]) ? $_POST['label_urls'][$label] : null); } } $data['labels'] = $arr_label ? serialize($arr_label) : 'literal{NULL}'; $data['frequency_id'] = $_POST['frequencyID'] == '0' ? 'literal{0}' : (int) $_POST['frequencyID']; $data['spec_detail_info'] = trim($dbs->escape_string(strip_tags($_POST['specDetailInfo']))); $data['input_date'] = date('Y-m-d H:i:s'); $data['last_update'] = date('Y-m-d H:i:s'); // image uploading if (!empty($_FILES['image']) and $_FILES['image']['size']) { // create upload object $image_upload = new simbio_file_upload(); $image_upload->setAllowableFormat($sysconf['allowed_images']); $image_upload->setMaxSize($sysconf['max_image_upload'] * 1024); $image_upload->setUploadDir(IMAGES_BASE_DIR . 'docs'); // upload the file and change all space characters to underscore $img_upload_status = $image_upload->doUpload('image', preg_replace('@\\s+@i', '_', $_FILES['image']['name'])); if ($img_upload_status == UPLOAD_SUCCESS) { $data['image'] = $dbs->escape_string($image_upload->new_filename); // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'bibliography', $_SESSION['realname'] . ' upload image file ' . $image_upload->new_filename); utility::jsAlert(__('Image Uploaded Successfully')); } else { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'bibliography', 'ERROR : ' . $_SESSION['realname'] . ' FAILED TO upload image file ' . $image_upload->new_filename . ', with error (' . $image_upload->error . ')'); utility::jsAlert(__('Image Uploaded Successfully')); }
if (isset($_POST['doImport'])) { // check for form validity if (!$_FILES['importFile']['name']) { utility::jsAlert(__('Please select the file to import!')); exit; } else { if (empty($_POST['fieldSep']) or empty($_POST['fieldEnc'])) { utility::jsAlert(__('Required fields (*) must be filled correctly!')); exit; } else { // set PHP time limit set_time_limit(7200); // set ob implicit flush ob_implicit_flush(); // create upload object $upload = new simbio_file_upload(); // get system temporary directory location $temp_dir = sys_get_temp_dir(); // set max size $max_size = $sysconf['max_upload'] * 1024; $upload->setAllowableFormat(array('.csv')); $upload->setMaxSize($max_size); $upload->setUploadDir($temp_dir); $upload_status = $upload->doUpload('importFile'); if ($upload_status != UPLOAD_SUCCESS) { utility::jsAlert(__('Upload failed! File type not allowed or the size is more than') . ' ' . $sysconf['max_upload'] / 1024 . ' MB'); //mfc exit; } // uploaded file path $uploaded_file = $temp_dir . DIRECTORY_SEPARATOR . $_FILES['importFile']['name'];
$can_read = utility::havePrivilege('stock_take', 'r'); $can_write = utility::havePrivilege('stock_take', 'w'); if (!($can_read and $can_write)) { die('<div class="errorBox">' . __('You don\'t have enough privileges to access this area!') . '</div>'); } // check if there is any active stock take proccess $stk_query = $dbs->query('SELECT * FROM stock_take WHERE is_active=1'); if ($stk_query->num_rows < 1) { echo '<div class="errorBox">' . __('NO stock taking proccess initialized yet!') . '</div>'; die; } // file upload if (isset($_POST['stUpload']) && isset($_FILES['stFile'])) { require SIMBIO_BASE_DIR . 'simbio_FILE/simbio_file_upload.inc.php'; // create upload object $upload = new simbio_file_upload(); $upload->setAllowableFormat(array('.txt')); $upload->setMaxSize($sysconf['max_upload'] * 1024); $upload->setUploadDir(FILES_UPLOAD_DIR); // upload the file and change all space characters to underscore $upload_status = $upload->doUpload('stFile'); if ($upload_status == UPLOAD_SUCCESS) { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'stock_take', $_SESSION['realname'] . ' upload stock take file ' . $upload->new_filename); // open file $stfile = @fopen(FILES_UPLOAD_DIR . $upload->new_filename, 'r'); if (!$stfile) { echo '<script type="text/javascript">' . "\n"; echo 'parent.$(\'#stUploadMsg\').html(\'Failed to open stock take file ' . $upload->new_filename . '. Please check permission for directory ' . FILES_UPLOAD_DIR . '\')'; echo '.toggleClass(\'errorBox\').css( {\'display\': \'block\'} );' . "\n"; echo '</script>';
} // start the output buffer ob_start(); /* main content */ // biblio topic save proccess if (isset($_POST['upload']) and trim(strip_tags($_POST['fileTitle'])) != '') { $uploaded_file_id = 0; $title = trim(strip_tags($_POST['fileTitle'])); $url = trim(strip_tags($_POST['fileURL'])); // create new sql op object $sql_op = new simbio_dbop($dbs); // FILE UPLOADING if (isset($_FILES['file2attach']) and $_FILES['file2attach']['size']) { // create upload object $file_dir = trim($_POST['fileDir']); $file_upload = new simbio_file_upload(); $file_upload->setAllowableFormat($sysconf['allowed_file_att']); $file_upload->setMaxSize($sysconf['max_upload'] * 1024); $file_upload->setUploadDir(REPOBS . DS . str_replace('/', DS, $file_dir)); $file_upload_status = $file_upload->doUpload('file2attach'); if ($file_upload_status === UPLOAD_SUCCESS) { $file_ext = substr($file_upload->new_filename, strrpos($file_upload->new_filename, '.') + 1); $fdata['uploader_id'] = $_SESSION['uid']; $fdata['file_title'] = $dbs->escape_string($title); $fdata['file_name'] = $dbs->escape_string($file_upload->new_filename); $fdata['file_url'] = $dbs->escape_string($url); $fdata['file_dir'] = $dbs->escape_string($file_dir); $fdata['file_desc'] = $dbs->escape_string(trim(strip_tags($_POST['fileDesc']))); $fdata['mime_type'] = $sysconf['mimetype'][$file_ext]; $fdata['input_date'] = date('Y-m-d H:i:s'); $fdata['last_update'] = $fdata['input_date'];
} /* RECORD OPERATION */ if (isset($_POST['saveData']) and $can_read and $can_write) { $labelName = trim(strip_tags($_POST['labelName'])); $labelDesc = trim(strip_tags($_POST['labelDesc'])); // check form validity if (empty($labelDesc) or empty($labelName)) { utility::jsAlert('Label Name OR Label Description must be filled!'); exit; } else { $data['label_desc'] = $dbs->escape_string($labelDesc); $data['label_name'] = 'label-' . strtolower(str_ireplace(array(' ', 'label-', '_'), array('-', '', '-'), $dbs->escape_string($labelName))); // image uploading if (!empty($_FILES['labelImage']) and $_FILES['labelImage']['size']) { // create upload object $image_upload = new simbio_file_upload(); $image_upload->setAllowableFormat($sysconf['allowed_images']); $image_upload->setMaxSize($sysconf['max_image_upload'] * 1024); $image_upload->setUploadDir(IMAGES_BASE_DIR . 'labels'); // upload $img_upload_status = $image_upload->doUpload('labelImage', $data['label_name']); if ($img_upload_status == UPLOAD_SUCCESS) { $data['label_image'] = $dbs->escape_string($image_upload->new_filename . '.png'); // resize the image if (function_exists('imagecopyresampled')) { // we use phpthumb class to resize image include LIB . 'phpthumb/ThumbLib.inc.php'; // create phpthumb object $src = IMAGES_BASE_DIR . 'labels/' . $image_upload->new_filename; $phpthumb = PhpThumbFactory::create($src); $w = $h = 24;