'The file was successfully created!', 2=>'The file was successfully updated!'); if(isset($_GET['m']) && is_numeric($_GET['m'])) { $success = $messages[$_GET['m']]; } if(isset($_GET['id']) && is_numeric($_GET['id'])) { $action = 'update'; if($file_data = get_file_by_id($_GET['id'])) { $f_companyid = $file_data['FileCompanyID']; $f_filecat = $file_data['FileCat']; $f_filename = $file_data['FileName']; $f_filedesc = $file_data['FileDesc']; $f_filefund = $file_data['FileFund']; $f_filedate = $file_data['FileDate']; $f_fileloc = $file_data['FileLoc']; $f_displayyear = $file_data['display_year']; } $file_id = $_GET['id']; } else { $action = 'add'; } if (isset($_POST['submit'])) { $FileCompanyID = mysql_real_escape_string($_POST['CompanyID']); $FileCat = mysql_real_escape_string($_POST['FileCat']); $FileName = mysql_real_escape_string($_POST['FileName']); $FileDesc = mysql_real_escape_string($_POST['FileDesc']); $FileFund = mysql_real_escape_string($_POST['FileFund']); $FileDate = mysql_real_escape_string($_POST['FileDate']); if($FileCat == mysql_real_escape_string('Quarterly/Annual Reports') && $_POST['display_date'] !='') { $display_year = mysql_real_escape_string($_POST['display_date']); $date_sql = ", display_year=$display_year"; } $action = mysql_real_escape_string($_POST['action']); if($action == 'update') { $file_id = $_POST['file_id']; if($db->query("UPDATE `files` SET `FileCompanyID`='$FileCompanyID', `FileCat`='$FileCat', `FileName`='$FileName', `FileFund`='$FileFund', `FileDesc`='$FileDesc', `FileDate`='$FileDate' {$date_sql} WHERE `FileID` = '$file_id'")) { $success = "The file was successfully updated!"; echo "UPDATE `files` SET `FileCompanyID`='$FileCompanyID', `FileCat`='$FileCat', `FileName`='$FileName', `FileFund`='$FileFund', `FileDesc`='$FileDesc', `FileDate`='$FileDate' {$date_sql} WHERE `FileID` = '$file_id'"; } if($_FILES['file']['name'] == '') { // if there's no new file uploaded redirect_to('files.php?id='.$file_id.'&m=2'); } } if (is_uploaded_file($_FILES['file']['tmp_name'])) { if(getFileExtension($_FILES['file']['name'])=='pdf' || getFileExtension($_FILES['file']['name'])=='doc' || getFileExtension($_FILES['file']['name'])=='csv' || getFileExtension($_FILES['file']['name'])=='txt' || getFileExtension($_FILES['file']['name'])=='xls' || getFileExtension($_FILES['file']['name'])=='xlsx'){ $FileLoc=time()."_".ereg_replace("[^A-Za-z0-9._]", "",$_FILES['file']['name']); $source = $_FILES['file']['tmp_name']; $target = $_SERVER['DOCUMENT_ROOT']."/Intranet_Files/".$FileLoc; if(file_exists($target)){ $db->query("DELETE FROM `files` WHERE FileLoc='$FileLoc'"); unlink($target); } if(move_uploaded_file($source, $target)){ if($action == 'update') { $db->query("UPDATE `files` SET `FileLoc`='$FileLoc' WHERE `FileID` = '$file_id'"); redirect_to('files.php?id='.$file_id.'&m=2'); } else if($action == 'add') { $sql = "INSERT INTO `files` SET `FileCompanyID`='$FileCompanyID', `FileCat`='$FileCat',`FileName`='$FileName',`FileFund`='$FileFund',`FileDesc`='$FileDesc',`FileLoc`='$FileLoc', `FileDate`='$FileDate'".$date_sql; $db->query($sql); redirect_to('files.php?id='.$db->insert_id().'&m=1'); } } else { $msg= 'File Upload Error'; } } else { $msg='File not uploaded, must be a pdf, doc, csv, txt, xls, xlsx. Current file extension (.'.getFileExtension($_FILES['file']['name']).')'; } } } get_header(); ?>

Files Add File Users Add User Edit Profile Logout

Add File

Limited Partner

Category
File Name
File	Using file

Fund Name
Description	<? if(isset($f_filedesc)) {echo $f_filedesc; } ?>

Display Year
Date (yyyy-mm-dd)

	Delete this file