portal/import_template.php

   1 <?php
   2 /**
   3  *
   4  * Copyright (C) 2016-2017 Jerry Padgett <sjpadgett@gmail.com>
   5  *
   6  * LICENSE: This program is free software: you can redistribute it and/or modify
   7  *  it under the terms of the GNU Affero General Public License as
   8  *  published by the Free Software Foundation, either version 3 of the
   9  *  License, or (at your option) any later version.
  10  *
  11  *  This program is distributed in the hope that it will be useful,
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *  GNU Affero General Public License for more details.
  15  *
  16  *  You should have received a copy of the GNU Affero General Public License
  17  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18  *
  19  * @package OpenEMR
  20  * @author Jerry Padgett <sjpadgett@gmail.com>
  21  * @link http://www.open-emr.org
  22  */
  23
  24
  25 require_once("../interface/globals.php");
  26
  27 if($_POST['mode'] == 'get'){
  28     echo file_get_contents($_POST['docid']);
  29     exit;
  30 }
  31 else if($_POST['mode'] == 'save'){
  32     file_put_contents($_POST['docid'], $_POST['content']);
  33     exit(true);
  34 }
  35 else if($_POST['mode'] == 'delete'){
  36     unlink($_POST['docid']);
  37     exit(true);
  38 }
  39 // so it is an import
  40 if(!isset($_POST['up_dir'])){
  41     define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] .  '/documents/onsite_portal_documents/templates/');
  42 }
  43 else {
  44     if($_POST['up_dir'] > 0)
  45         define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] .  '/documents/onsite_portal_documents/templates/'. $_POST['up_dir'] . '/');
  46     else
  47         define("UPLOAD_DIR", $GLOBALS['OE_SITE_DIR'] .  '/documents/onsite_portal_documents/templates/');
  48 }
  49
  50 if (!empty($_FILES["tplFile"])) {
  51     $tplFile = $_FILES["tplFile"];
  52
  53     if ($tplFile["error"] !== UPLOAD_ERR_OK) {
  54         header( "refresh:2;url= import_template_ui.php" );
  55         echo "<p>". xlt("An error occurred: Missing file to upload: Use back button!") . "</p>";
  56         exit;
  57     }
  58     // ensure a safe filename
  59     $name = preg_replace("/[^A-Z0-9._-]/i", "_", $tplFile["name"]);
  60     $parts = pathinfo($name);
  61     $name = $parts["filename"].'.tpl';
  62     // don't overwrite an existing file
  63     while (file_exists(UPLOAD_DIR . $name)) {
  64         $i = rand(0, 128);
  65         $newname = $parts["filename"] . "-" . $i . "." . $parts["extension"].".replaced";
  66         rename(UPLOAD_DIR .$name,UPLOAD_DIR .$newname);
  67     }
  68
  69     // preserve file from temporary directory
  70     $success = move_uploaded_file($tplFile["tmp_name"], UPLOAD_DIR . $name);
  71     if (!$success) {
  72         echo "<p>". xlt("Unable to save file: Use back button!") . "</p>";
  73         exit;
  74     }
  75     // set proper permissions on the new file
  76     chmod(UPLOAD_DIR . $name, 0644);
  77     header("location: " . $_SERVER['HTTP_REFERER']);
  78 }
  79 ?>