Location: PHPKode > scripts > PHP-AGTC membership system > admin/upload_file.php
<?php

  require '../mysqlvars.php';
  require '../init.php';
  require '../lib/db.php';
  require '../lib/form_functions.php';

  session_start('ADMIN');

  $dbConn = connectDB($dbHost, $dbUser, $dbPass, $dbDB);
  if (!$dbConn) {
	die('Database is currently down...please try again later');
  }
  
  require 'includes/secure_page.php';

  // file upload directory exists
  if (!is_dir($APP->upload_dir)) {
	die ("$APP->upload_dir does not exist - please create it and ensure it is writeable");
  }

  if (!isset($_GET['address_id']) && !isset($_POST['address_id'])) {
	die ('Illegal navigation');
  }
  else {
	$address_id = isset($_GET['address_id']) ? $_GET['address_id'] : $_POST['address_id'];
  }

  unset($error);
  unset($confirm);
  $have_file = false;
  
  // get username for given address_id
  if($resUN = mysql_query("select username from wsd_contacts where address_id='$address_id'")){
   if($rowUN = mysql_fetch_row($resUN)){
       $username=$rowUN[0];
   }
  }else {
	$error = mysql_error();
  }

  if (isset($APP->max_uploads_per_user)) {
	$querystr = "SELECT COUNT(*) FROM wsd_files LEFT JOIN wsd_contacts USING ( address_id ) WHERE username = '" . addslashes($username) . "' ";
	$result = mysql_query($querystr);
	if ($result) {
	  if ($frow = mysql_fetch_row($result)) {
		if ($frow[0] >= $APP->max_uploads_per_user) {
		  $error = 'You have reached your maximum stored file allowance';
		}
	  }
	}
	else {
	  $error = mysql_error();
	}
  }
  
  if (isset($_POST['submit']) && !isset($error)) {
	if (empty($_POST['title'])) {
	  $error = 'You must enter a title';  
	}

	// process file upload
	if (!isset($error)) {
	  if (is_uploaded_file($_FILES["u_file"]["tmp_name"])) {
		$file_type = $_FILES["u_file"]["type"];
		$file_size = $_FILES["u_file"]["size"];
		$file_name = $_FILES["u_file"]["name"];

		// check file type and size
		if ($file_size > $APP->file_max_size) {
		  $error = "File  is too large - maximum size $APP->file_max_size bytes";
		}
		elseif (!in_array(strtolower($file_type), $APP->accepted_file_types)) {
		  $error = 'File type not allowed - accepted types are: ' . implode(', ', $APP->accepted_file_types);
		}
		else {
		  $have_file = true;
		}
	  }
	  else {
		if (isset($_FILES["u_file"]["error"])) {
		  if ($_FILES["u_file"]["error"] != 4) {
			$error = 'Error occurred processing file upload'; 
		  }
		  else {
			$error = 'Please select the file';  
		  }
		}
		else {
		  $error = 'Please select the file';  
		}
	  }
	}

	if ($have_file && !isset($error)) {
	  $path_info = pathinfo($_FILES["u_file"]["name"]);
	  $file_ext = $path_info["extension"];
	  $query = "INSERT INTO wsd_files (file_id,title,ftype,address_id) VALUES (";
	  $query .= 'NULL' . ',';
	  $query .= "'" . prepareData($_POST['title']) . "'" . ',';
	  $query .= "'" . prepareData($file_ext) . "'" . ',';
	  $query .= "'" . $address_id . "')";
	  
	  if (mysql_query($query,$dbConn)) {
		$fid = mysql_insert_id();
		$fname = $fid . '.' . $file_ext;
		if (@move_uploaded_file($_FILES["u_file"]["tmp_name"], $APP->upload_dir . $fname)) {
		  $confirm = 'File successfully uploaded';
		  unset($_POST);
		}
		else {
		  mysql_query("DELETE FROM wsd_files WHERE file_id = $fid");
		  $error = "Cannot move uploaded file - please check that $APP->dir is writeable and re-attempt upload via the files link after selecting the record";

		}
	  }
	  else {
		 $error = mysql_error();
	  }
				  
	}

	if (is_uploaded_file($_FILES["u_file"]["tmp_name"]) && isset($error)) {
	  unlink($_FILES["u_file"]["tmp_name"]); 
	}
		   
	
  }
  
  
  include '../members/includes/header.php';
	
	
?>

	<tr>
	  <td>
		<table class="fg">
		  <tr>
			<td class="title">Upload File</td>
		  </tr>
		</table>
	  </td>
	</tr>
	<tr>
	  <td>
		<table class="nb">
		  <tr>
			<td>
			  <a href="files.php?address_id=<?php echo $address_id ?>">Back to Files</a>
			</td>
		  </tr>
		</table>
	  </td>
	</tr>
	<tr>
	  <td>
	  <table class="nb">
		  <?php if (isset($confirm)) { echo "<tr><td class=\"bold\">$confirm</td><tr>"; } ?>

		  <?php if (isset($error)) { echo "<tr><td class=\"error\">$error</td></tr>"; } ?>

		</table>
	  </td>
	</tr>
	<tr>
	  <td>
		
		  <table class="fg">
			
			<form method="POST" action="<?php echo $_SERVER['PHP_SELF'] ?>" enctype="multipart/form-data">
			<tr><td class="label">&nbsp;</td><td class="field"><input type="hidden" name="address_id" value="<?php echo $address_id ?>"></td></tr>
			<tr>
			  <td class="label">Title:</td>
			  <td class="field">
				<input type="text" name="title" size="20" maxlength="40" value="<?php if (isset($_POST['title'])) { echo htmlChars($_POST['title']); } ?>">
			  </td>
			</tr>
			<tr>
			  <td class="label">File:</td>
			  <td class="field">
				<input name="u_file" type="file"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $APP->file_max_size ?>">
			  </td>
			</tr>
			
			<tr><td class="label">&nbsp;</td><td class="field"><input type="Submit" name="submit" value="Upload"></td></tr>
			</form>
			
		  </table>
		
	  </td>
	</tr>

<?php include '../members/includes/footer.php' ?>

Return current item: PHP-AGTC membership system