2.1.26

Introduced special token when file attachment to Items.

items.load.php

@@ -727,6 +727,7 @@ function(data) {
            );
         } else {
             $('#new_show_error').html("<?php echo addslashes($LANG['error_complex_not_enought']);?>").show();
+            $("#div_formulaire_saisi ~ .ui-dialog-buttonpane").find("button:contains('<?php echo $LANG['save_button'];?>')").prop("disabled", false);
             $("#div_formulaire_saisi_info").hide().html("");
         }
     }
@@ -1012,6 +1013,7 @@ function(data) {
 
         } else {
             $('#edit_show_error').html("<?php echo addslashes($LANG['error_complex_not_enought']);?>").show();
+            $("#div_formulaire_edition_item ~ .ui-dialog-buttonpane").find("button:contains('<?php echo $LANG['save_button'];?>')").prop("disabled", false);
             $("#div_formulaire_edition_item_info").hide().html("");
         }
     }
@@ -2925,7 +2927,8 @@ function(data) {
                     itemId : $("#random_id").val(),
                     type_upload : "item_attachments",
                     edit_item : false,
-                    user_token: $("#item_user_token").val()
+                    user_token: $("#item_user_token").val(),
+                    files_number: $("#files_number").val()
                 });
             },
             UploadComplete: function(up, files) {
@@ -2980,6 +2983,7 @@ function(data) {console.log(data[0].token);
                 '<div id="' + file.id + '">[<a href=\'#\' onclick=\'$(\"#' + file.id + '\").remove();\'>-</a>] ' +
                 file.name + ' (' + plupload.formatSize(file.size) + ') <b></b>' +
             '</div>');
+            $("#files_number").val(parseInt($("#files_number").val())+1);
         });
         up.refresh(); // Reposition Flash/Silverlight
     });
@@ -3025,7 +3029,8 @@ function(data) {console.log(data[0].token);
                     itemId : $('#selected_items').val(),
                     type_upload : "item_attachments",
                     edit_item : true,
-                    user_token: $("#item_user_token").val()
+                    user_token: $("#item_user_token").val(),
+                    files_number: $("#edit_files_number").val()
                 });
             },
             UploadComplete: function(up, files) {
@@ -3063,7 +3068,7 @@ function(data) {console.log(data[0].token);
                 numeric: true,
                 ambiguous: true,
                 reason: "item_attachments",
-                duration: 10
+                duration: 30
             },
             function(data) {
                 $("#item_user_token").val(data[0].token);
@@ -3081,6 +3086,7 @@ function(data) {
                 '<div id="' + file.id + '">[<a href=\'#\' onclick=\'$(\"#' + file.id + '\").remove();\'>-</a>] ' +
                 file.name + ' (' + plupload.formatSize(file.size) + ') <b></b>' +
             '</div>');
+            $("#edit_files_number").val(parseInt($("#edit_files_number").val())+1);
         });
         up.refresh(); // Reposition Flash/Silverlight
     });

items.php

@@ -518,6 +518,7 @@
                 <div id="item_upload_wait" class="ui-state-focus ui-corner-all" style="display:none;padding:2px;margin:5px 0 5px 0;">'.$LANG['please_wait'].'...</div>
                 <a id="item_attach_pickfiles" href="#" class="button">'.$LANG['select'].'</a>
                 <a id="item_attach_uploadfiles" href="#" class="button">'.$LANG['start_upload'].'</a>
+                <input type="hidden" id="files_number" value="0" />
             </div>
         </div>';
 // Tabs N°4
@@ -710,6 +711,7 @@
                 <div id="item_edit_upload_wait" class="ui-state-focus ui-corner-all" style="display:none;padding:2px;margin:5px 0 5px 0;">'.$LANG['please_wait'].'...</div>
                 <a id="item_edit_attach_pickfiles" href="#" class="button">'.$LANG['select'].'</a>
                 <a id="item_edit_attach_uploadfiles" href="#sd" class="button">'.$LANG['start_upload'].'</a>
+                <input type="hidden" id="edit_files_number" value="0" />
             </div>
         </div>';
 // Tabs EDIT N°4 -> Categories

sources/upload/upload.attachments.php

@@ -39,30 +39,71 @@
     handleError('No Session was found.', 110);
 }
 
-/*
 // token check
 if (!isset($_POST['user_token'])) {
     handleError('No user token found.', 110);
     exit();
 } else {
+    //Connect to mysql server
+    require_once $_SESSION['settings']['cpassman_dir'].'/includes/config/settings.php';
+    require_once $_SESSION['settings']['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php';
+    DB::$host = $server;
+    DB::$user = $user;
+    DB::$password = $pass;
+    DB::$dbName = $database;
+    DB::$port = $port;
+    DB::$encoding = $encoding;
+    DB::$error_handler = 'db_error_handler';
+    $link = mysqli_connect($server, $user, $pass, $database, $port);
+    $link->set_charset($encoding);
+
+    // delete expired tokens
+    DB::delete(prefix_table("tokens"), "end_timestamp < %i", time());
+
+    // create a session if several files to upload
+    if (!isset($_SESSION[$_POST['user_token']]) || empty($_SESSION[$_POST['user_token']]) || $_SESSION[$_POST['user_token']] === 0) {
+        $_SESSION[$_POST['user_token']] = $_POST['files_number'];
+    } else if ($_SESSION[$_POST['user_token']] > 0) {
+        // increase end_timestamp for token
+        DB::update(
+            prefix_table('tokens'),
+            array(
+                'end_timestamp' => time() + 30
+               ),
+            "user_id = %i AND token = %s",
+            $_SESSION['user_id'],
+            $_POST['user_token']
+        );
+        // decrease counter of files to upload
+        $_SESSION[$_POST['user_token']]--;
+    } else {
+        // no more files to upload, kill session
+        unset($_SESSION[$_POST['user_token']]);
+        handleError('No user token found.', 110);
+        exit();
+    }
+
     // check if token is expired
     $data = DB::queryFirstRow(
         "SELECT end_timestamp FROM ".prefix_table("tokens")." WHERE user_id = %i AND token = %s",
         $_SESSION['user_id'],
         $_POST['user_token']
     );
     // clear user token
-    DB::delete(prefix_table("tokens"), "user_id = %i AND token = %s", $_SESSION['user_id'], $_POST['user_token']);
+    if ($_SESSION[$_POST['user_token']] === 0) {
+        DB::delete(prefix_table("tokens"), "user_id = %i AND token = %s", $_SESSION['user_id'], $_POST['user_token']);
+        unset($_SESSION[$_POST['user_token']]);
+    }
 
     if (time() <= $data['end_timestamp']) {
         // it is ok
     } else {
         // too old
+        unset($_SESSION[$_POST['user_token']]);
         handleError('User token expired.', 110);
         exit();
     }
 }
-*/
 
 // HTTP headers for no cache etc
 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
@@ -278,19 +319,6 @@
 $fileRandomId = md5($fileName.time());
 rename($filePath, $targetDir . DIRECTORY_SEPARATOR . $fileRandomId);
 
-//Connect to mysql server
-require_once '../../includes/config/settings.php';
-require_once $_SESSION['settings']['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php';
-DB::$host = $server;
-DB::$user = $user;
-DB::$password = $pass;
-DB::$dbName = $database;
-DB::$port = $port;
-DB::$encoding = $encoding;
-DB::$error_handler = 'db_error_handler';
-$link = mysqli_connect($server, $user, $pass, $database, $port);
-$link->set_charset($encoding);
-
 //Get data from DB
 /*$data = DB::queryfirstrow(
     "SELECT valeur FROM ".$pre."misc