<?php
require '../mysqlvars.php';
require '../init.php';
require '../lib/db.php';
require '../lib/form_functions.php';
session_start('ADMIN');
$dbConn = connectDB($dbHost, $dbUser, $dbPass, $dbDB);
if (!$dbConn) {
die('Database is currently down...please try again later');
}
require 'includes/secure_page.php';
// file upload directory exists
if (!is_dir($APP->upload_dir)) {
die ("$APP->upload_dir does not exist - please create it and ensure it is writeable");
}
if (!isset($_GET['address_id']) && !isset($_POST['address_id'])) {
die ('Illegal navigation');
}
else {
$address_id = isset($_GET['address_id']) ? $_GET['address_id'] : $_POST['address_id'];
}
unset($error);
unset($confirm);
$have_file = false;
// get username for given address_id
if($resUN = mysql_query("select username from wsd_contacts where address_id='$address_id'")){
if($rowUN = mysql_fetch_row($resUN)){
$username=$rowUN[0];
}
}else {
$error = mysql_error();
}
if (isset($APP->max_uploads_per_user)) {
$querystr = "SELECT COUNT(*) FROM wsd_files LEFT JOIN wsd_contacts USING ( address_id ) WHERE username = '" . addslashes($username) . "' ";
$result = mysql_query($querystr);
if ($result) {
if ($frow = mysql_fetch_row($result)) {
if ($frow[0] >= $APP->max_uploads_per_user) {
$error = 'You have reached your maximum stored file allowance';
}
}
}
else {
$error = mysql_error();
}
}
if (isset($_POST['submit']) && !isset($error)) {
if (empty($_POST['title'])) {
$error = 'You must enter a title';
}
// process file upload
if (!isset($error)) {
if (is_uploaded_file($_FILES["u_file"]["tmp_name"])) {
$file_type = $_FILES["u_file"]["type"];
$file_size = $_FILES["u_file"]["size"];
$file_name = $_FILES["u_file"]["name"];
// check file type and size
if ($file_size > $APP->file_max_size) {
$error = "File is too large - maximum size $APP->file_max_size bytes";
}
elseif (!in_array(strtolower($file_type), $APP->accepted_file_types)) {
$error = 'File type not allowed - accepted types are: ' . implode(', ', $APP->accepted_file_types);
}
else {
$have_file = true;
}
}
else {
if (isset($_FILES["u_file"]["error"])) {
if ($_FILES["u_file"]["error"] != 4) {
$error = 'Error occurred processing file upload';
}
else {
$error = 'Please select the file';
}
}
else {
$error = 'Please select the file';
}
}
}
if ($have_file && !isset($error)) {
$path_info = pathinfo($_FILES["u_file"]["name"]);
$file_ext = $path_info["extension"];
$query = "INSERT INTO wsd_files (file_id,title,ftype,address_id) VALUES (";
$query .= 'NULL' . ',';
$query .= "'" . prepareData($_POST['title']) . "'" . ',';
$query .= "'" . prepareData($file_ext) . "'" . ',';
$query .= "'" . $address_id . "')";
if (mysql_query($query,$dbConn)) {
$fid = mysql_insert_id();
$fname = $fid . '.' . $file_ext;
if (@move_uploaded_file($_FILES["u_file"]["tmp_name"], $APP->upload_dir . $fname)) {
$confirm = 'File successfully uploaded';
unset($_POST);
}
else {
mysql_query("DELETE FROM wsd_files WHERE file_id = $fid");
$error = "Cannot move uploaded file - please check that $APP->dir is writeable and re-attempt upload via the files link after selecting the record";
}
}
else {
$error = mysql_error();
}
}
if (is_uploaded_file($_FILES["u_file"]["tmp_name"]) && isset($error)) {
unlink($_FILES["u_file"]["tmp_name"]);
}
}
include '../members/includes/header.php';
?>
<tr>
<td>
<table class="fg">
<tr>
<td class="title">Upload File</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="nb">
<tr>
<td>
<a href="files.php?address_id=<?php echo $address_id ?>">Back to Files</a>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table class="nb">
<?php if (isset($confirm)) { echo "<tr><td class=\"bold\">$confirm</td><tr>"; } ?>
<?php if (isset($error)) { echo "<tr><td class=\"error\">$error</td></tr>"; } ?>
</table>
</td>
</tr>
<tr>
<td>
<table class="fg">
<form method="POST" action="<?php echo $_SERVER['PHP_SELF'] ?>" enctype="multipart/form-data">
<tr><td class="label"> </td><td class="field"><input type="hidden" name="address_id" value="<?php echo $address_id ?>"></td></tr>
<tr>
<td class="label">Title:</td>
<td class="field">
<input type="text" name="title" size="20" maxlength="40" value="<?php if (isset($_POST['title'])) { echo htmlChars($_POST['title']); } ?>">
</td>
</tr>
<tr>
<td class="label">File:</td>
<td class="field">
<input name="u_file" type="file"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $APP->file_max_size ?>">
</td>
</tr>
<tr><td class="label"> </td><td class="field"><input type="Submit" name="submit" value="Upload"></td></tr>
</form>
</table>
</td>
</tr>
<?php include '../members/includes/footer.php' ?>