<?php
/**
* @version $Id: upload.php,v 1.5 2003/12/14 01:42:32 freedev Exp $
* @author Vincenzo D'Amore <hide@address.com>
* @package wa_tools
*/
/**
*
*/
require_once("./wacommon.inc.php");
CheckSession();
function HandleUpload($sKeyField, $userfile, &$sDestPath)
{
$bRC = False;
if (isset($userfile))
{
if (is_uploaded_file($userfile['tmp_name']))
{
$sUserDir = $GLOBALS['WA_UPLOAD_DIR'].$_SESSION["giIdUser"];
$path_parts = pathinfo($userfile['name']);
$unique_dir = time();
$sUserFile = $path_parts["basename"];
if (!is_dir($sUserDir))
{
// echo $sUserDir;
mkdir ($sUserDir, 0700);
}
if (!is_dir($sUserDir."/".$unique_dir))
{
// echo $unique_dir;
mkdir ($sUserDir."/".$unique_dir, 0700);
}
if (is_dir($sUserDir."/".$unique_dir))
if (move_uploaded_file($userfile['tmp_name'], $sUserDir."/".$unique_dir."/".$sUserFile))
{
$sDestPath = $_SESSION["giIdUser"]."/".$unique_dir."/".$sUserFile;
$bRC = True;
}
}
else
{
echo "Possible file upload attack: filename '".$userfile['tmp_name']."'.";
}
}
return $bRC;
}
PrintHTMLHeader("Upload", "");
// echo '<script type="text/javascript" Language="JavaScript1.2" src="'.$GLOBALS['WA_ABSOLUTE_URI'].'javascripts/handleform.js"></script>';
echo '<script type="text/javascript" Language="JavaScript1.2" src="javascripts/handleform.js"></script>';
?>
<Script type="text/javascript" Language="JavaScript">
<!--
function CloseWindow()
{
window.opener.focus();
window.close();
}
function StartUpload(sMessage)
{
// if (window.document.all["userfile"].value != "")
if (getFormElementByName(document.forms["uploadForm"], "userfile").value != "")
document.uploadForm.submit();
else
// alert("Nessun file selezionato.");
alert(sMessage);
}
function CopyUploadInfo(IdForm, Field, filepath, filename)
{
var formName = "formBuild_" + IdForm;
var textObj = "text" + Field;
var dispObj = "disp" + Field;
getFormElementByName(window.opener.document.forms[formName], textObj).value = filepath;
getFormElementByName(window.opener.document.forms[formName], dispObj).value = filename;
getFormElementByName(window.opener.document.forms[formName], dispObj).focus();
// window.opener.document.all[textObj].value = filepath;
// window.opener.document.all[dispObj].value = filename;
return null;
}
-->
</Script>
<?php
if (isset($_GET["KeyField"]) || isset($_POST["KeyField"]))
{
if (isset($_GET["KeyField"]))
$KeyField = $_GET["KeyField"];
else
$KeyField = $_POST["KeyField"];
if (isset($_GET["IdForm"]))
$IdForm = $_GET["IdForm"];
else
$IdForm = $_POST["IdForm"];
if (isset($_FILES["userfile"]))
{
$sDestPath = "";
if (HandleUpload($_GET["KeyField"], $_FILES["userfile"], $sDestPath))
{
echo "<body class='BodyStandard' onload=\"javascript:CopyUploadInfo('".$IdForm."','".$KeyField."','".$sDestPath."','".basename($sDestPath)."');\">";
echo WA_MSG_UPLOAD_SUCCESS . " (".$_FILES["userfile"]['name']." byte (".$_FILES["userfile"]['size'].")";
}
else
{
echo "<body class='BodyStandard'>";
echo WA_MSG_UPLOAD_ERROR;
}
echo "<p><input class='Buttons' type='Button' value='".WA_CMD_CLOSE."' onclick='javascript:CloseWindow();'>";
}
else
{
?>
<body class="BodyStandard">
<form method="post" enctype="multipart/form-data" name="uploadForm" onsubmit="return setSubmitFired();" action="">
<?PHP
if ($GLOBALS['WA_PRIVATE_SESSIONS'])
echo '<INPUT type="hidden" name="'. WA_SESSION_NAME.'" value="'.session_id().'" >';
?>
<p>
<?php echo WA_MSG_UPLOAD_MESSAGE; ?><input class='Inputs' name="userfile" type="file">
<p>
<input type="hidden" name="KeyField" value="<?php echo $_GET["KeyField"] ?>">
<input type="hidden" name="IdForm" value="<?php echo $_GET["IdForm"] ?>">
<input class='Buttons' type="button" value="<?php echo WA_CMD_UPLOAD; ?>"
onclick="javascript:StartUpload('<?php echo WA_MSG_UPLOAD_NOFILESELECTED; ?>');">
<input class='Buttons' type="button" value="<?php echo WA_CMD_CLOSE; ?>" onclick="javascript:CloseWindow();">
</form>
<?php
}
}
else
echo "Errore!";
?>
</body>
</html>