/inc/attachments.inc.php
PHP | 165 lines | 87 code | 32 blank | 46 comment | 14 complexity | acde20240cca054caf29e959123459ba MD5 | raw file
- <?php
- /*******************************************************************************
- * Title: Help Desk Software HESK
- * Version: 2.6.7 from 18th April 2016
- * Author: Klemen Stirn
- * Website: http://www.hesk.com
- ********************************************************************************
- * COPYRIGHT AND TRADEMARK NOTICE
- * Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
- * HESK is a registered trademark of Klemen Stirn.
- * The HESK may be used and modified free of charge by anyone
- * AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
- * By using this code you agree to indemnify Klemen Stirn from any
- * liability that might arise from it's use.
- * Selling the code for this program, in part or full, without prior
- * written consent is expressly forbidden.
- * Using this code, in part or full, to create derivate work,
- * new scripts or products is expressly forbidden. Obtain permission
- * before redistributing this software over the Internet or in
- * any other medium. In all cases copyright and header must remain intact.
- * This Copyright is in full effect in any country that has International
- * Trade Agreements with the United States of America or
- * with the European Union.
- * Removing any of the copyright notices without purchasing a license
- * is expressly forbidden. To remove HESK copyright notice you must purchase
- * a license for this script. For more information on how to obtain
- * a license please visit the page below:
- * https://www.hesk.com/buy.php
- *******************************************************************************/
- /* Check if this is a valid include */
- if (!defined('IN_SCRIPT')) {
- die('Invalid attempt');
- }
- /***************************
- * Function hesk_uploadFiles()
- ***************************/
- function hesk_uploadFile($i, $isTicket = true)
- {
- global $hesk_settings, $hesklang, $trackingID, $hesk_error_buffer, $modsForHesk_settings;
- /* Return if name is empty */
- $name = $i == -1
- ? $_FILES['attachment']['name']
- : $_FILES['attachment']['name'][$i];
- if (empty($name)) {
- return '';
- }
- /* Parse the name */
- $file_realname = hesk_cleanFileName($name);
- /* Check file extension */
- $ext = strtolower(strrchr($file_realname, "."));
- if (!in_array($ext, $hesk_settings['attachments']['allowed_types'])) {
- return hesk_fileError(sprintf($hesklang['type_not_allowed'], $ext, $file_realname));
- }
- /* Check file size */
- $size = $i == -1
- ? $_FILES['attachment']['size']
- : $_FILES['attachment']['size'][$i];
- if ($size > $hesk_settings['attachments']['max_size']) {
- return hesk_fileError(sprintf($hesklang['file_too_large'], $file_realname));
- } else {
- $file_size = $size;
- }
- /* Generate a random file name */
- $useChars = 'AEUYBDGHJLMNPQRSTVWXZ123456789';
- $tmp = uniqid();
- for ($j = 1; $j < 10; $j++) {
- $tmp .= $useChars{mt_rand(0, 29)};
- }
- $file_name = substr(md5($tmp . $file_realname), 0, 200) . $ext;
- // Does the temporary file exist? If not, probably server-side configuration limits have been reached
- // Uncomment this for debugging purposes
- /*
- if ( ! file_exists($_FILES['attachment']['tmp_name'][$i]) )
- {
- return hesk_fileError($hesklang['fnuscphp']);
- }
- */
- /* If upload was successful let's create the headers */
- $directory = $hesk_settings['attach_dir'];
- if (!$isTicket) {
- $directory = $modsForHesk_settings['kb_attach_dir'];
- }
- $file_to_move = $i == -1
- ? $_FILES['attachment']['tmp_name']
- : $_FILES['attachment']['tmp_name'][$i];
- if (!move_uploaded_file($file_to_move, dirname(dirname(__FILE__)) . '/' . $directory . '/' . $file_name)) {
- return hesk_fileError($hesklang['cannot_move_tmp']);
- }
- $info = array(
- 'saved_name' => $file_name,
- 'real_name' => $file_realname,
- 'size' => $file_size
- );
- return $info;
- } // End hesk_uploadFile()
- function hesk_fileError($error)
- {
- global $hesk_settings, $hesklang, $trackingID;
- global $hesk_error_buffer;
- $hesk_error_buffer['attachments'] = $error;
- return false;
- } // End hesk_fileError()
- function hesk_removeAttachments($attachments, $isTicket)
- {
- global $hesk_settings, $hesklang, $modsForHesk_settings;
- $directory = $hesk_settings['attach_dir'];
- if (!$isTicket) {
- $directory = $modsForHesk_settings['kb_attach_dir'];
- }
- $hesk_settings['server_path'] = dirname(dirname(__FILE__)) . '/' . $directory . '/';
- foreach ($attachments as $myatt) {
- hesk_unlink($hesk_settings['server_path'] . $myatt['saved_name']);
- }
- return true;
- } // End hesk_removeAttachments()
- function mfh_getTemporaryAttachment($id) {
- global $hesk_settings;
- $rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "temp_attachment` WHERE `id` = " . intval($id));
- if (hesk_dbNumRows($rs) == 0) {
- return NULL;
- }
- $row = hesk_dbFetchAssoc($rs);
- $info = array(
- 'saved_name' => $row['saved_name'],
- 'real_name' => $row['file_name'],
- 'size' => $row['size']
- );
- return $info;
- }
- function mfh_deleteTemporaryAttachment($id) {
- global $hesk_settings;
- hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "temp_attachment` WHERE `id` = ".intval($id));
- }