diff --git a/post/admin/admin_settings_company.php b/post/admin/admin_settings_company.php index 7b4cf647..07aa13d0 100644 --- a/post/admin/admin_settings_company.php +++ b/post/admin/admin_settings_company.php @@ -18,28 +18,26 @@ if (isset($_POST['edit_company'])) { $row = mysqli_fetch_array($sql); $existing_file_name = sanitizeInput($row['company_logo']); - // Check to see if a file is attached - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'png'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + // Company logo + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'png'))) { + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/settings/"; - $dest_path = $upload_file_dir . $new_file_name; + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/settings/"; + $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); + move_uploaded_file($file_tmp_path, $dest_path); - // Delete old file - unlink("uploads/settings/$existing_file_name"); + // Delete old file + unlink("uploads/settings/$existing_file_name"); - // Set Logo - mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1"); + // Set Logo + mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1"); - $_SESSION['alert_message'] = 'File successfully uploaded.'; - }else{ + $_SESSION['alert_message'] = 'File successfully uploaded.'; + }else{ - $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.'; - } + $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.'; } mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website' WHERE company_id = 1"); diff --git a/post/admin/admin_user.php b/post/admin/admin_user.php index 974936ee..ae23a002 100644 --- a/post/admin/admin_user.php +++ b/post/admin/admin_user.php @@ -31,23 +31,21 @@ if (isset($_POST['add_user'])) { // Check for and process image/photo $extended_alert_description = ''; - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/users/$user_id/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/users/$user_id/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); - // Set Avatar - mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id"); - $extended_alert_description = '. File successfully uploaded.'; - } else { - $_SESSION['alert_type'] = "error"; - $extended_alert_description = '. Error uploading photo. Check upload directory is writable/correct file type/size'; - } + // Set Avatar + mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id"); + $extended_alert_description = '. File successfully uploaded.'; + } else { + $_SESSION['alert_type'] = "error"; + $extended_alert_description = '. Error uploading photo. Check upload directory is writable/correct file type/size'; } // Create Settings @@ -134,26 +132,24 @@ if (isset($_POST['edit_user'])) { // Check for and process image/photo $extended_alert_description = ''; - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/users/$user_id/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/users/$user_id/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); - // Delete old file - unlink("uploads/users/$user_id/$existing_file_name"); + // Delete old file + unlink("uploads/users/$user_id/$existing_file_name"); - // Set Avatar - mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id"); - $extended_alert_description = '. File successfully uploaded.'; - } else { - $_SESSION['alert_type'] = "error"; - $extended_alert_description = '. Error uploading photo. Check upload directory is writable/correct file type/size'; - } + // Set Avatar + mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id"); + $extended_alert_description = '. File successfully uploaded.'; + } else { + $_SESSION['alert_type'] = "error"; + $extended_alert_description = '. Error uploading photo. Check upload directory is writable/correct file type/size'; } mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id"); diff --git a/post/user/asset.php b/post/user/asset.php index f1aaebe1..9516d1f0 100644 --- a/post/user/asset.php +++ b/post/user/asset.php @@ -19,21 +19,19 @@ if (isset($_POST['add_asset'])) { $asset_id = mysqli_insert_id($mysqli); // Add Photo - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'png'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); - } - $upload_file_dir = "uploads/clients/$client_id/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); - - mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id"); + // directory in which the uploaded file will be moved + if (!file_exists("uploads/clients/$client_id")) { + mkdir("uploads/clients/$client_id"); } + $upload_file_dir = "uploads/clients/$client_id/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); + + mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id"); } // Add Primary Interface @@ -94,21 +92,19 @@ if (isset($_POST['edit_asset'])) { } // Update Photo - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { - // Set directory in which the uploaded file will be moved - $file_tmp_path = $_FILES['file']['tmp_name']; - $upload_file_dir = "uploads/clients/$client_id/"; - $dest_path = $upload_file_dir . $new_file_name; + // Set directory in which the uploaded file will be moved + $file_tmp_path = $_FILES['file']['tmp_name']; + $upload_file_dir = "uploads/clients/$client_id/"; + $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); + move_uploaded_file($file_tmp_path, $dest_path); - //Delete old file - unlink("uploads/clients/$client_id/$existing_file_name"); + //Delete old file + unlink("uploads/clients/$client_id/$existing_file_name"); - mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id"); - } + mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id"); } //Logging diff --git a/post/user/contact.php b/post/user/contact.php index 4d0db1c8..f7b9eb46 100644 --- a/post/user/contact.php +++ b/post/user/contact.php @@ -46,21 +46,20 @@ if (isset($_POST['add_contact'])) { } // Check for and process image/photo - if ($_FILES['file']['tmp_name']) { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); - } - $upload_file_dir = "uploads/clients/$client_id/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); - - mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id"); + // directory in which the uploaded file will be moved + if (!file_exists("uploads/clients/$client_id")) { + mkdir("uploads/clients/$client_id"); } + $upload_file_dir = "uploads/clients/$client_id/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); + + mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id"); + } // Logging diff --git a/post/user/expense.php b/post/user/expense.php index 4f70f689..bb5cb12f 100644 --- a/post/user/expense.php +++ b/post/user/expense.php @@ -14,22 +14,21 @@ if (isset($_POST['add_expense'])) { // Check for and process attachment $extended_alert_description = ''; - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'pdf'))) { + + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'pdf'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/expenses/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/expenses/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); - mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id"); - $extended_alert_description = '. File successfully uploaded.'; - } else { - $_SESSION['alert_type'] = "error"; - $extended_alert_description = '. Error uploading file. Check upload directory is writable/correct file type/size'; - } + mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id"); + $extended_alert_description = '. File successfully uploaded.'; + } else { + $_SESSION['alert_type'] = "error"; + $extended_alert_description = '. Error uploading file. Check upload directory is writable/correct file type/size'; } //Logging @@ -55,25 +54,23 @@ if (isset($_POST['edit_expense'])) { // Check for and process attachment $extended_alert_description = ''; - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'pdf'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'pdf'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/expenses/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/expenses/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); - //Delete old file - unlink("uploads/expenses/$existing_file_name"); + //Delete old file + unlink("uploads/expenses/$existing_file_name"); - mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id"); - $extended_alert_description = '. File successfully uploaded.'; - } else { - $_SESSION['alert_type'] = "error"; - $extended_alert_description = '. Error uploading file. Check upload directory is writable/correct file type/size'; - } + mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id"); + $extended_alert_description = '. File successfully uploaded.'; + } else { + $_SESSION['alert_type'] = "error"; + $extended_alert_description = '. Error uploading file. Check upload directory is writable/correct file type/size'; } mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = $amount, expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference' WHERE expense_id = $expense_id"); diff --git a/post/user/location.php b/post/user/location.php index 7d022a1e..9ecfb756 100644 --- a/post/user/location.php +++ b/post/user/location.php @@ -33,21 +33,18 @@ if(isset($_POST['add_location'])){ mysqli_query($mysqli,"UPDATE locations SET location_primary = 1 WHERE location_id = $location_id"); } - // Check to see if a file is attached - if($_FILES['file']['tmp_name'] != ''){ - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/clients/$client_id/"; - $dest_path = $upload_file_dir . $new_file_name; + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/clients/$client_id/"; + $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); + move_uploaded_file($file_tmp_path, $dest_path); - mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id"); + mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id"); - } } // Logging @@ -98,25 +95,21 @@ if(isset($_POST['edit_location'])){ } } - //Check to see if a file is attached - if($_FILES['file']['tmp_name'] != ''){ + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + $file_tmp_path = $_FILES['file']['tmp_name']; - $file_tmp_path = $_FILES['file']['tmp_name']; + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/clients/$client_id/"; + $dest_path = $upload_file_dir . $new_file_name; - // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/clients/$client_id/"; - $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); - move_uploaded_file($file_tmp_path, $dest_path); + //Delete old file + unlink("uploads/clients/$client_id/$existing_file_name"); - //Delete old file - unlink("uploads/clients/$client_id/$existing_file_name"); + mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id"); - mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id"); - - } } // Logging diff --git a/post/user/profile.php b/post/user/profile.php index 8c7fca64..a7c2b427 100644 --- a/post/user/profile.php +++ b/post/user/profile.php @@ -48,30 +48,25 @@ if (isset($_POST['edit_your_user_details'])) { $mail = addToMailQueue($mysqli, $data); } - // Check to see if a file is attached - if ($_FILES['avatar']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['avatar'], array('jpg', 'jpeg', 'gif', 'png'))) { + // Photo + if ($new_file_name = checkFileUpload($_FILES['avatar'], array('jpg', 'jpeg', 'gif', 'png'))) { - $file_tmp_path = $_FILES['avatar']['tmp_name']; + $file_tmp_path = $_FILES['avatar']['tmp_name']; - // directory in which the uploaded file will be moved - $upload_file_dir = "uploads/users/$session_user_id/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); + // directory in which the uploaded file will be moved + $upload_file_dir = "uploads/users/$session_user_id/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); - // Delete old file - unlink("uploads/users/$session_user_id/$existing_file_name"); + // Delete old file + unlink("uploads/users/$session_user_id/$existing_file_name"); - // Set Avatar - mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $session_user_id"); + // Set Avatar + mysqli_query($mysqli,"UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $session_user_id"); - // Extended Logging - $extended_log_description .= ", avatar updated"; + // Extended Logging + $extended_log_description .= ", avatar updated"; - } else { - $_SESSION['alert_type'] = "error"; - $_SESSION['alert_message'] = 'There was an error moving the file to upload directory. Please make sure the upload directory is writable by web server.'; - } } mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $session_user_id"); diff --git a/post/user/rack.php b/post/user/rack.php index e7bc7e66..4a5fa025 100644 --- a/post/user/rack.php +++ b/post/user/rack.php @@ -24,21 +24,19 @@ if (isset($_POST['add_rack'])) { $rack_id = mysqli_insert_id($mysqli); // Add Photo - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); - } - $upload_file_dir = "uploads/clients/$client_id/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); - - mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id"); + // directory in which the uploaded file will be moved + if (!file_exists("uploads/clients/$client_id")) { + mkdir("uploads/clients/$client_id"); } + $upload_file_dir = "uploads/clients/$client_id/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); + + mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id"); } // Logging @@ -69,21 +67,19 @@ if (isset($_POST['edit_rack'])) { mysqli_query($mysqli,"UPDATE racks SET rack_name = '$name', rack_description = '$description', rack_type = '$type', rack_model = '$model', rack_depth = '$depth', rack_units = $units, rack_location_id = $location, rack_physical_location = '$physical_location', rack_notes = '$notes' WHERE rack_id = $rack_id"); // Add Photo - if ($_FILES['file']['tmp_name'] != '') { - if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { + if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png'))) { - $file_tmp_path = $_FILES['file']['tmp_name']; + $file_tmp_path = $_FILES['file']['tmp_name']; - // directory in which the uploaded file will be moved - if (!file_exists("uploads/clients/$client_id")) { - mkdir("uploads/clients/$client_id"); - } - $upload_file_dir = "uploads/clients/$client_id/"; - $dest_path = $upload_file_dir . $new_file_name; - move_uploaded_file($file_tmp_path, $dest_path); - - mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id"); + // directory in which the uploaded file will be moved + if (!file_exists("uploads/clients/$client_id")) { + mkdir("uploads/clients/$client_id"); } + $upload_file_dir = "uploads/clients/$client_id/"; + $dest_path = $upload_file_dir . $new_file_name; + move_uploaded_file($file_tmp_path, $dest_path); + + mysqli_query($mysqli,"UPDATE racks SET rack_photo = '$new_file_name' WHERE rack_id = $rack_id"); } // Logging