add.php

极限网络智能办公系统 - Office Automation 2008 官方100％ 源码

<?php
 

include_once( "inc/auth.php" );
echo "\r\n<html>\r\n<head>\r\n<title>上传文件</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">\r\n</head>\r\n\r\n<body class=\"bodycolor\" topmargin=\"5\">\r\n";
$FB_STR1 = urldecode( $ATTACHMENT_NAME );
if ( strstr( $FB_STR1, "/" ) || strstr( $FB_STR1, "\\" ) )
{
	message( "错误", "禁止上传此文件类型。" );
	button_back( );
	exit( );
}
$UPLOAD_MAX_FILESIZE = get_cfg_var( "upload_max_filesize" );
if ( $_FILES['ATTACHMENT']['size'] == 0 && $_FILES['ATTACHMENT1']['size'] == 0 )
{
	message( "错误", "请勿上传空文件，请点击浏览按钮，选择一个正确的文件。" );
	button_back( );
	exit( );
}
$EXT_NAME = substr( $ATTACHMENT_NAME, -4 );
if ( stristr( $EXT_NAME, ".php" ) )
{
	message( "错误", "PHP文件被禁止上传。" );
	button_back( );
	exit( );
}
if ( strstr( $ATTACHMENT_NAME, "'" ) )
{
	message( "附件上传失败", "原因：附件文件名不能含有'号！" );
	button_back( );
	exit( );
}
if ( !file_exists( $ATTACHMENT ) )
{
	message( "附件上传失败", "原因：附件文件为空或文件名太长，或附件大于 ".$UPLOAD_MAX_FILESIZE." 字节，或文件路径不存在！" );
	button_back( );
	exit( );
}
$PATH = "../../../module/html_model/";
if ( !file_exists( $PATH ) )
{
	mkdir( $PATH, 448 );
}
$FILENAME = $PATH.$ATTACHMENT_NAME;
copy( $ATTACHMENT, $FILENAME );
unlink( $ATTACHMENT );
if ( !file_exists( $FILENAME ) )
{
	message( "附件上传失败", "原因：附件文件为空或文件名太长，或附件大于 ".$UPLOAD_MAX_FILESIZE." 字节，或文件路径不存在！" );
	button_back( );
	exit( );
}
$query = "insert into HTML_FILE(FILE_NAME,PRIV_ID,USER_ID,DEPT_ID,HTML_NO,HTML_DESC) values ('".$ATTACHMENT_NAME."','{$PRIV_ID}','{$COPY_TO_ID}','{$TO_ID}','{$HTML_NO}','{$HTML_DESC}')";
exequery( $connection, $query );
header( "location: index.php" );
echo "\r\n</body>\r\n</html>\r\n";
?>