Add isset check on file upload

2024-11-19 11:59:52 -05:00
parent c181954960
commit b7163dad6d
7 changed files with 121 additions and 100 deletions
@@ -19,6 +19,7 @@ if (isset($_POST['edit_company'])) {
    $existing_file_name = sanitizeInput($row['company_logo']);
    // Company logo
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'png'))) {
            $file_tmp_path = $_FILES['file']['tmp_name'];
@@ -35,6 +36,7 @@ if (isset($_POST['edit_company'])) {
            mysqli_query($mysqli,"UPDATE companies SET company_logo = '$new_file_name' WHERE company_id = 1");
        }
    }
    mysqli_query($mysqli,"UPDATE companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website' WHERE company_id = 1");
@@ -31,6 +31,7 @@ if (isset($_POST['add_user'])) {
    // Check for and process image/photo
    $extended_alert_description = '';
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
            $file_tmp_path = $_FILES['file']['tmp_name'];
@@ -44,6 +45,7 @@ if (isset($_POST['add_user'])) {
            mysqli_query($mysqli, "UPDATE users SET user_avatar = '$new_file_name' WHERE user_id = $user_id");
            $extended_alert_description = '. File successfully uploaded.';
        }
    }
    // Create Settings
    mysqli_query($mysqli, "INSERT INTO user_settings SET user_id = $user_id, user_role = $role, user_config_force_mfa = $force_mfa");
@@ -129,6 +131,7 @@ if (isset($_POST['edit_user'])) {
    // Check for and process image/photo
    $extended_alert_description = '';
    if (isset($_FILES['file']['tmp_name'])) {\
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
            $file_tmp_path = $_FILES['file']['tmp_name'];
@@ -146,6 +149,7 @@ if (isset($_POST['edit_user'])) {
            $extended_alert_description = '. File successfully uploaded.';
        }
    }
    mysqli_query($mysqli, "UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $user_id");
@@ -19,6 +19,7 @@ if (isset($_POST['add_asset'])) {
    $asset_id = mysqli_insert_id($mysqli);
    // Add Photo
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
            $file_tmp_path = $_FILES['file']['tmp_name'];
@@ -33,6 +34,7 @@ if (isset($_POST['add_asset'])) {
            mysqli_query($mysqli,"UPDATE assets SET asset_photo = '$new_file_name' WHERE asset_id = $asset_id");
        }
    }
    // Add Primary Interface
    mysqli_query($mysqli,"INSERT INTO asset_interfaces SET interface_name = 'Primary', interface_mac = '$mac', interface_ip = '$ip', interface_nat_ip = '$nat_ip', interface_ipv6 = '$ipv6', interface_port = 'eth0', interface_primary = 1, interface_network_id = $network, interface_asset_id = $asset_id");
@@ -46,6 +46,7 @@ if (isset($_POST['add_contact'])) {
    }
    // Check for and process image/photo
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
            $file_tmp_path = $_FILES['file']['tmp_name'];
@@ -61,13 +62,14 @@ if (isset($_POST['add_contact'])) {
            mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
        }
    }
    // Logging
    logAction("Contact", "Create", "$session_name created contact $name", $client_id, $contact_id);
    customAction('contact_create', $contact_id);
-    $_SESSION['alert_message'] = "Contact <strong>$name</strong> created";
+    //$_SESSION['alert_message'] = "Contact <strong>$name</strong> created";
    header("Location: " . $_SERVER["HTTP_REFERER"]);
@@ -121,6 +123,7 @@ if (isset($_POST['edit_contact'])) {
    mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_pin = '$pin', contact_notes = '$notes', contact_important = $contact_important, contact_billing = $contact_billing, contact_technical = $contact_technical, contact_department = '$department', contact_location_id = $location_id, contact_user_id = $contact_user_id WHERE contact_id = $contact_id");
    // Upload Photo
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
            // Set directory in which the uploaded file will be moved
@@ -136,6 +139,7 @@ if (isset($_POST['edit_contact'])) {
            mysqli_query($mysqli,"UPDATE contacts SET contact_photo = '$new_file_name' WHERE contact_id = $contact_id");
        }
    }
    // Tags
    // Delete existing tags
@@ -15,6 +15,8 @@ if (isset($_POST['add_expense'])) {
    // Check for and process attachment
    $extended_alert_description = '';
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
            $file_tmp_path = $_FILES['file']['tmp_name'];
@@ -27,6 +29,7 @@ if (isset($_POST['add_expense'])) {
            mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
            $extended_alert_description = '. File successfully uploaded.';
        }
    }
    //Logging
    logAction("Expense", "Create", "$session_name created expense $description", $client, $expense_id);
@@ -51,6 +54,7 @@ if (isset($_POST['edit_expense'])) {
    // Check for and process attachment
    $extended_alert_description = '';
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp', 'pdf'))) {
            $file_tmp_path = $_FILES['file']['tmp_name'];
@@ -66,6 +70,7 @@ if (isset($_POST['edit_expense'])) {
            mysqli_query($mysqli,"UPDATE expenses SET expense_receipt = '$new_file_name' WHERE expense_id = $expense_id");
            $extended_alert_description = '. File successfully uploaded.';
        }
    }
    mysqli_query($mysqli,"UPDATE expenses SET expense_date = '$date', expense_amount = $amount, expense_account_id = $account, expense_vendor_id = $vendor, expense_client_id = $client, expense_category_id = $category, expense_description = '$description', expense_reference = '$reference' WHERE expense_id = $expense_id");
@@ -33,6 +33,7 @@ if(isset($_POST['add_location'])){
        mysqli_query($mysqli,"UPDATE locations SET location_primary = 1 WHERE location_id = $location_id");
    }
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['file'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
            $file_tmp_path = $_FILES['file']['tmp_name'];
@@ -46,6 +47,7 @@ if(isset($_POST['add_location'])){
            mysqli_query($mysqli,"UPDATE locations SET location_photo = '$new_file_name' WHERE location_id = $location_id");
        }
    }
    // Logging
    logAction("Location", "Create", "$session_name created location $name", $client_id, $location_id);
@@ -49,6 +49,7 @@ if (isset($_POST['edit_your_user_details'])) {
    }
    // Photo
    if (isset($_FILES['file']['tmp_name'])) {
        if ($new_file_name = checkFileUpload($_FILES['avatar'], array('jpg', 'jpeg', 'gif', 'png', 'webp'))) {
            $file_tmp_path = $_FILES['avatar']['tmp_name'];
@@ -68,6 +69,7 @@ if (isset($_POST['edit_your_user_details'])) {
            $extended_log_description .= ", avatar updated";
        }
    }
    mysqli_query($mysqli,"UPDATE users SET user_name = '$name', user_email = '$email' WHERE user_id = $session_user_id");