File: /home/nyiet8349bzl/Backup/sbc_back/homedir/public_html/old-myadmin/mypdf/processPdf.php
<?php
require_once '../../library/config.php';
require_once '../library/functions.php';
checkUser();
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'addPdf' :
addPdf();
break;
case 'modifyPdf' :
modifyPdf();
break;
case 'deletePdf' :
deletePdf();
break;
case 'deleteMyPDF' :
deleteMyPDF();
break;
default :
header('Location: index.php');
}
function addPdf()
{
$ptitle = $_POST['txtTitle'];
$mypdf = $_FILES['filePDF'];
$myError = '';
if (trim($mypdf['tmp_name']) != '')
{
$ext = substr(strrchr($mypdf['name'], "."), 1);
if ($ext != "pdf" && $ext != "doc") {
$myError = "Please uploaded in .PDF OR .DOC format";
header("Location: index.php?view=upload&msg=$myError");
exit;
}
$name = md5(rand() * time()) . ".$ext";
move_uploaded_file($mypdf['tmp_name'], SRV_ROOT ."pdf/$name");
$purl = "$name";
$sql = "INSERT INTO mypdf (pdf_title, pdf_url, add_date )
VALUES ('$ptitle', '$purl', now())";
$result = dbQuery($sql);
header("Location: index.php");
}
//pdf_id, pdf_title, pdf_url, add_date, modify_date
}
/*
Modify a product
*/
function modifyPdf()
{
//pdf_id, pdf_title, pdf_url, add_date, modify_date
$pdfId = (int)$_GET['pdfId'];
$ptitle = $_POST['txtTitle'];
$mypdf = $_FILES['filePDF'];
$myError = '';
if (trim($mypdf['tmp_name']) != '')
{
$ext = substr(strrchr($mypdf['name'], "."), 1);
if ($ext != "pdf" && $ext != "doc") {
$myError = "Please uploaded in .PDF OR .DOC format";
header("Location: index.php?view=modify&msg=$myError");
exit;
}
$name = md5(rand() * time()) . ".$ext";
//delete old pdf
$sql = "SELECT pdf_url
FROM mypdf WHERE pdf_id = $pdfId";
$result = dbQuery($sql);
$row = dbFetchAssoc($result);
if ($row['pdf_url'] != "") {
unlink(SRV_ROOT . 'pdf/'.$row['pdf_url']);
}
// uplod new pdf
move_uploaded_file($mypdf['tmp_name'], SRV_ROOT ."pdf/$name");
$purl = "$name";
$sql = "UPDATE mypdf SET pdf_title = '$ptitle', pdf_url = '$purl', modify_date = now() WHERE pdf_id = $pdfId";
$result = dbQuery($sql);
header("Location: index.php");
} else {
$sql = "UPDATE mypdf SET pdf_title = '$ptitle', modify_date = now() WHERE pdf_id = $pdfId";
$result = dbQuery($sql);
header('Location: index.php');
}
}
/*
Remove a product
*/
function deletePdf()
{
if (isset($_GET['pdfId']) && (int)$_GET['pdfId'] > 0) {
$pdfId = (int)$_GET['pdfId'];
} else {
header('Location: index.php');
}
// get the image name and thumbnail
////pdf_id, pdf_title, pdf_url, add_date, modify_date
$sql = "SELECT pdf_url
FROM mypdf WHERE pdf_id = $pdfId";
$result = dbQuery($sql);
$row = dbFetchAssoc($result);
if ($row['pdf_url'] != "") {
unlink(SRV_ROOT . 'pdf/'.$row['pdf_url']);
}
// remove the product from database;
$sql = "DELETE FROM mypdf
WHERE pdf_id = $pdfId";
dbQuery($sql);
header("Location: index.php?msg=".$row['pdf_url']);
}
/*
Remove a product image
*/
function deleteImage()
{
if (isset($_GET['productId']) && (int)$_GET['productId'] > 0) {
$productId = (int)$_GET['productId'];
} else {
header('Location: index.php');
}
$deleted = _deleteImage($productId);
// update the image and thumbnail name in the database
$sql = "UPDATE chproduct
SET PImage = '' WHERE PID = $productId";
dbQuery($sql);
header("Location: index.php?view=modify&productId=$productId");
}
function _deleteImage($productId)
{
// we will return the status
// whether the image deleted successfully
$deleted = false;
$sql = "SELECT PImage FROM chproduct
WHERE PID = $productId";
$result = dbQuery($sql) or die('Cannot delete product image. ' . mysql_error());
if (dbNumRows($result)) {
$row = dbFetchAssoc($result);
extract($row);
if ($PImage) {
// remove the image file
$deleted = @unlink(SRV_ROOT . "images/product/$PImage");
//$deleted = @unlink(SRV_ROOT . "images/product/$pd_thumbnail");
}
}
return $deleted;
}
?>