PHP Code:
<?php
require_once("../../includes/site_common.php");
if(!($permissions->validateRole(array(NEWS_ADMIN,NEWS_JOURNALIST))))
{
showError("You do not have permission to add news");
exit;
}
$user = $context['user']['id'];
$articleId = $sql->getPostVar("articleid");
$types = array("image/gif","image/jpg","image/png","image/pjpeg","image/jpeg");
if($sql->countRows("SELECT * FROM `news` WHERE `sid`=$articleId") == 0)
{
showError("The article ID provided for this file does not exist!");
exit;
}
elseif($sql->countRows("SELECT * FROM `news` WHERE `sid`=$articleId") > 1)
{
showError("The article ID is used for more than one article!");
exit;
}
if (count($_FILES['files']) > 0)
{
foreach ($_FILES["files"]["error"] as $key => $error)
{
if ($error == UPLOAD_ERR_OK)
{
$tmp_name = $_FILES["files"]["tmp_name"][$key];
$name=strtolower($_FILES["files"]["name"][$key]);
$ext=substr(strrchr($name, "."), 1);
if(in_array($_FILES["files"]["type"][$key], $types))
{
if($_FILES["files"]["size"][$key] < 1500000)
{
$fileId = doUpload($sql, $tmp_name, $name, $ext, $user, $articleId);
?>
<script language="javascript" type="text/javascript">
parent.hideStatusDiv();
parent.showFile("<?php echo $name?>","<?php echo $fileId?>");
</script>
<?php
}
else
showError("Your file is too large, it must be less than 1.5 MB");
}
else
{
showError("That file type is not allowed!");
}
}
else
{
showError("There was a problem uploading your file, try again.");
}
} // End ForEach
}
else
{
showError("No file has been submitted");
}
function doUpload(&$sql, $tempLocation, $name, $ext, $user, $articleId)
{
$date= gmdate("j F Y, h:i:s A")." GMT";
$upload = $sql->simpleQuery("INSERT INTO `newsuploads` (`date`, `articleid`,`memberid`) VALUES ('$date', '$articleId', '$user')");
$fileId = $sql->insertId;
if($upload)
{
if (!(file_exists("../../uploads/news")))
{
mkdir("../../uploads/news/");
}
$location = "uploads/news/article_".$articleId."_".$fileId.".".$ext;
$actualFileLocation = "../../".$location;
move_uploaded_file($tempLocation, "../../".$location);
$medium = 'uploads/news/article_'.$articleId.'_'.$fileId.'_med.'.$ext;
$thumb = 'uploads/news/article_'.$articleId.'_'.$fileId.'_thumb.'.$ext;
$sql->simpleQuery("UPDATE `newsuploads` SET `filelocation` = '$location', `mediumlocation`='$medium',`thumblocation`='$thumb' WHERE `sid`='$fileId'");
$theClass = new ImageCropper();
$theClass->makeThumb($actualFileLocation, "../../".$thumb);
$theClass->makeOtherSize($actualFileLocation, "../../".$medium );
return $fileId;
}
}
function showError($error)
{
?>
<script language="javascript" type="text/javascript">
parent.hideStatusDiv();
parent.showError("<?php echo $error?>");
</script>
<?php
}
?>