[go: up one dir, main page]
Menu

[r3]: / doc / app / fileupload.php  Maximize  Restore  History

Download this file

110 lines (78 with data), 3.4 kB 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
<?



define("ALT_FILE_PATH","../");



//call this file to get our path to the thumbnails

include("../config/config.php");

include("../config/app-config.php");



//the rest of our includes with our base functions

include("../header/callheader.php");



include("../app/common.inc.php");

include("../app/custom_form.inc.php");

include("../app/object.inc.php");

include("../app/index_function.inc.php");

include("../app/thumb_function.inc.php");

include("../auth/function.inc.php");



if (defined("USE_LDAP")) {

  include("../config/ldap-config.php");

  include("../lib/ldap.php");

}

else include("../lib/db.php");



session_id($_REQUEST["sessionId"]);

session_start();



//set our path to our tmp, data, and thumbnail directories.  This

//must be done before our main function includes are called.  (no trailing slashes)

$d = FILE_DIR;

if ($d[0]=="/") $dirPath = $d;

else $dirPath = "../".$d."/";



define("TMP_DIR",$dirPath."tmp");

define("DATA_DIR",$dirPath."data");

define("THUMB_DIR",$dirPath."thumbnails");



//don't go any farther if there is no session.  Someone is getting here by cheating

if (!$_SESSION["user_id"]) return false;



$conn = db_connect(DBHOST,DBUSER,DBPASSWORD,DBPORT,DBNAME);



//set our permission defines

setPermDefines();

setCustomPermDefines();



//set the execution time for uploading and file processing

if (defined("EXECUTION_TIME")) ini_set("max_execution_time",EXECUTION_TIME);



//setup which apps are available to docmgr

setExternalApps();



//set our defines and permissions for this user as obtained from the sessionid

if (userPermSet($conn,$_SESSION["user_id"])) {



	//set our user information from that which is returned from the function

	define("USER_ID",$_SESSION["user_id"]);

	define("USER_LOGIN",$_SESSION["user_login"]);

	define("USER_EMAIL",$_SESSION["user_email"]);

	define("USER_FN",$_SESSION["user_fn"]);

	define("USER_LN",$_SESSION["user_ln"]);



}

else die("Error!");



if ($_FILES["fileUpload"]) {



        loadObjects(1);



	//make sure we have edit permissions on the parent

	$cb = returnUserObjectPerms($conn,$_REQUEST["parentId"]);



	if (!bitset_compare(BITSET,ADMIN,null) && 

	    !bitset_compare($cb,OBJ_EDIT,OBJ_ADMIN) &&

	    !bitset_compare($cb,OBJ_MANAGE,null)) die("Permissions Error");



        $pathArr = $_FILES['fileUpload']['tmp_name'];

        $nameArr = $_FILES['fileUpload']['name'];

        $num = count($pathArr);

        

        for ($i=0;$i<$num;$i++) {

       

          $fileName = $nameArr[$i];

          $filePath = $pathArr[$i];

       

          //set all our options into the array with corresponding keys.  These will

          //be passed to the file_insert function, which handles inserting the file into the system

          $option = null;

          $option["conn"] = $conn;

          $option["name"] = smartslashes($fileName);

          $option["filepath"] = $filePath;

          $option["delete_files"] = "yes";

          $option["parentId"] = $_REQUEST["parentId"];

          $option["objectType"] = "file";

          $option["objectOwner"] = $_SESSION["user_id"];

          $option["thumbForeground"] = 1;

          if ($objectId = createObject($option)) $successMessage = _FILE_UPLOAD_SUCCESS;

          else $errorMessage = _FILE_UPLOAD_ERROR;

       

          if ($errorMessage) break;

       

        }

       

	echo "<html><body>done</body></html>";



}