181 lines
5.7 KiB
PHP
181 lines
5.7 KiB
PHP
|
<?php
|
||
|
|
||
|
|
||
|
/*
|
||
|
|
||
|
Copyright 2018 Murray Hayes
|
||
|
|
||
|
Redistribution and use in source and binary forms, with or without
|
||
|
modification, are permitted provided that the following conditions
|
||
|
are met:
|
||
|
|
||
|
1. Redistributions of source code must retain the above copyright
|
||
|
notice, this list of conditions and the following disclaimer.
|
||
|
|
||
|
2. Redistributions in binary form must reproduce the above copyright
|
||
|
notice, this list of conditions and the following disclaimer in the
|
||
|
documentation and/or other materials provided with the distribution.
|
||
|
|
||
|
3. Neither the name of the copyright holder nor the names of its
|
||
|
contributors may be used to endorse or promote products derived from
|
||
|
this software without specific prior written permission.
|
||
|
|
||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||
|
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||
|
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||
|
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||
|
COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||
|
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||
|
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||
|
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||
|
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||
|
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
POSSIBILITY OF SUCH DAMAGE.
|
||
|
|
||
|
*/
|
||
|
|
||
|
|
||
|
|
||
|
session_start();
|
||
|
|
||
|
include_once "utils.php";
|
||
|
include_once "DOMUtils.php";
|
||
|
include_once "consts.php";
|
||
|
include_once "database.php";
|
||
|
include_once "adminUtils.php";
|
||
|
|
||
|
$doc = returnDoc();
|
||
|
$root = returnRoot($doc);
|
||
|
|
||
|
//if (!isset($_SESSION['login']) || !isset($_SESSION['MemberID']))
|
||
|
if (!validateSession())
|
||
|
if (!isset($_SESSION['cookieMonster']))
|
||
|
generateCookieMonster();
|
||
|
else
|
||
|
generateLoginRedirect();
|
||
|
else
|
||
|
if ($_SESSION['login'] === TRUE)
|
||
|
{
|
||
|
$targetID = NULL;
|
||
|
if ($_SERVER['REQUEST_METHOD'] == 'POST')
|
||
|
{
|
||
|
/*
|
||
|
* Process form here
|
||
|
*/
|
||
|
|
||
|
if (returnAdminStatus($_SESSION['MemberID']))
|
||
|
if (isset($_POST['target']))
|
||
|
$targetID = $_POST['target'];
|
||
|
|
||
|
if (isset($_POST['submit']))
|
||
|
{
|
||
|
if ($_FILES['filename']['error'] === UPLOAD_ERR_OK)
|
||
|
{
|
||
|
$finfo = finfo_open(FILEINFO_MIME);
|
||
|
$destination = tempnam("pictures", "pic");
|
||
|
if (move_uploaded_file($_FILES['filename']['tmp_name'], $destination));
|
||
|
{
|
||
|
$fileInfo = finfo_file($finfo, $destination);
|
||
|
//print($destination);
|
||
|
|
||
|
if (is_null($targetID))
|
||
|
if (registerNewPicture($_SESSION['MemberID'], basename($destination), $_FILES['filename']['name'], $fileInfo) === FALSE)
|
||
|
{
|
||
|
print("Picture not added to database.");
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
|
||
|
}
|
||
|
else
|
||
|
if (registerNewPicture($targetID, basename($destination), $_FILES['filename']['name'], $fileInfo) === FALSE)
|
||
|
print ("Picture not added to database for member ID: " .$targetID);
|
||
|
}
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
print($_FILES['filename']['error']);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
$root = $doc->appendChild($root);
|
||
|
$root->appendChild(generateHead($doc));
|
||
|
|
||
|
$body = $doc->createElement('body');
|
||
|
$root->appendChild($body);
|
||
|
|
||
|
$body->appendChild(generateMastHead($doc, $baseDir));
|
||
|
|
||
|
//$body->appendChild($doc->createElement('hr'));
|
||
|
|
||
|
$_SESSION['subNav'] = NULL;
|
||
|
$body->appendChild(generateSelectedMenuBar($doc));
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Insert content here.
|
||
|
*/
|
||
|
|
||
|
$editorDiv = $doc->createElement('div');
|
||
|
//$editorDiv->setAttribute('id', 'CourseEditorDiv');
|
||
|
$form = createForm($doc, 'addPicture.php');
|
||
|
$img = NULL;
|
||
|
if (is_null($targetID))
|
||
|
$img = returnPictureForMember($_SESSION['MemberID']);
|
||
|
else
|
||
|
if (returnAdminStatus($_SESSION['MemberID']) || returnDirectorStatus($_SESSION['MemberID']))
|
||
|
{
|
||
|
$img = returnPictureForMember($targetID);
|
||
|
$form->appendChild(createHiddenInput($doc, 'target', $targetID));
|
||
|
}
|
||
|
if (!is_null($img))
|
||
|
{
|
||
|
$label = $doc->createElement('H3');
|
||
|
$label->appendChild($doc->createTextNode("Current picture"));
|
||
|
$form->appendChild($label);
|
||
|
$form->appendChild(createBr($doc));
|
||
|
$form->appendChild(createImg($doc, $pictureDir . $img));
|
||
|
}
|
||
|
$label = $doc->createElement('H3');
|
||
|
$label->appendChild($doc->createTextNode("Add a picture"));
|
||
|
$form->appendChild($label);
|
||
|
$fieldSet = $doc->createElement('fieldset');
|
||
|
//$fieldSet->setAttribute('style', 'width:200px; max-width:300px;'); //margin-top:0.5em;');
|
||
|
$fieldSetDiv = $doc->createElement('div');
|
||
|
|
||
|
$label = $doc->createElement('label', 'File:');
|
||
|
$label->setAttribute('for', 'filename');
|
||
|
$label->setAttribute('class', 'CourseEditorInputLabel');
|
||
|
$fieldSetDiv->appendChild($label);
|
||
|
$input = $doc->createElement('input');
|
||
|
$input->setAttribute('type', 'file');
|
||
|
$input->setAttribute('name', 'filename');
|
||
|
$input->setAttribute('autocomplete', 'off');
|
||
|
$input->setAttribute('required', 'required');
|
||
|
$fieldSetDiv->appendChild($input);
|
||
|
$label = $doc->createElement('br');
|
||
|
|
||
|
$input = $doc->createElement('input');
|
||
|
$input->setAttribute('type', 'submit');
|
||
|
$input->setAttribute('value', 'upload');
|
||
|
$input->setAttribute('name', 'submit');
|
||
|
|
||
|
$fieldSetDiv->appendChild($input);
|
||
|
|
||
|
$form->appendChild($fieldSetDiv);
|
||
|
$editorDiv->appendChild($form);
|
||
|
$body->appendChild($editorDiv);
|
||
|
|
||
|
|
||
|
$body->appendChild(generateFooter($doc));
|
||
|
if ($prettyPretty)
|
||
|
$doc->formatOutput = true;
|
||
|
outputDoc($doc);
|
||
|
}
|
||
|
else
|
||
|
generateIndexRedirect();
|
||
|
|
||
|
?>
|