search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Security fixes 21
[openemr.git] / interface / patient_file / upload_dialog.php
blob9675838ae06cbb6b7ddb73734772c71ab1a11e91
1 <?php
2 /**
3 * This script upload image to file.
4 *
5 * Copyright (C) 2009-2010 Rod Roark <rod@sunsetsystems.com>
6 *
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
17 *
18 * @package OpenEMR
19 * @author Rod Roark <rod@sunsetsystems.com>
20 * @author Roberto Vasquez <robertogagliotta@gmail.com>
21 * @link http://www.open-emr.org
22 */
23
24 require_once("../globals.php");
25
26 $patientid = $_REQUEST["patientid"];
27 $what = $_REQUEST["file"];
28
29 $patientdir = $GLOBALS['OE_SITE_DIR'] . "/documents/$patientid";
30 $imagedir = "$patientdir/demographics";
31 ?>
32 <html>
33 <head>
34 <title>Upload Image</title>
35 <link rel="stylesheet" href="<?php echo xl($css_header,'e');?>" type="text/css">
36 </head>
37 <body>
38
39 <?php
40 $errmsg = '';
41
42 if ($_POST["form_submit"] || $_POST["form_delete"]) {
43 if (!file_exists($patientdir)) mkdir($patientdir);
44 if (!file_exists($imagedir )) mkdir($imagedir );
45 $filename = "$imagedir/$what.jpg";
46
47 if ($_POST["form_delete"]) {
48 unlink($filename);
49 }
50 else {
51 // Check if the upload worked.
52 //
53 if (! $errmsg) {
54 if (! is_uploaded_file($_FILES['userfile']['tmp_name']))
55 $errmsg = "Upload failed! Make sure the path/filename is valid " .
56 "and the file is less than 4,000,000 bytes.";
57 }
58
59 // Copy the image to its destination.
60 //
61 if (! $errmsg) {
62
63 /***************************************************************
64 $tmp = exec("/usr/bin/convert -resize 150x150 " .
65 ($_POST["form_normalize"] ? "-equalize " : "") .
66 $_FILES['userfile']['tmp_name'] .
67 " $filename 2>&1");
68 if ($tmp)
69 $errmsg = "This is not a valid image, or its format is unsupported.";
70 ***************************************************************/
71
72 if (!move_uploaded_file($_FILES['userfile']['tmp_name'], $filename)) {
73 $errmsg = "Internal error accessing uploaded file!";
74 }
75 }
76 }
77
78 // Write JavaScript for final disposition by the browser.
79 //
80 echo "<script LANGUAGE=\"JavaScript\">\n";
81 if ($errmsg) {
82 $errmsg = strtr($errmsg, "\r\n'", " ");
83 echo "window.alert('$errmsg')\n";
84 echo "window.history.back()\n";
85 } else {
86 echo "opener.location.reload()\n";
87 echo "window.close()\n";
88 }
89 echo "</script>\n</body>\n</html>\n";
90
91 exit;
92 }
93 ?>
94
95 <center>
96
97 <p><b>Upload Image File</b></p>
98
99 </center>
100
101 <form method="post" name="main" action="upload_dialog.php?patientid=<?php echo attr($patientid) ?>&file=<?php echo attr($what) ?>" enctype="multipart/form-data">
102 <input type="hidden" name="MAX_FILE_SIZE" value="4000000">
103
104 <center>
105
106 <!-- Table required so input field does not start on a new line -->
107 <table border="0">
108 <tr>
109 <td style="font-size:11pt">
110 Send this file:
111 </td>
112 <td>
113 <input type="file" name="userfile" />
114 </td>
115 </tr>
116 </table>
117
118 <p>
119 <input type="submit" name="form_submit" value="Upload" />
120 <input type="button" value="Cancel" onclick="window.close()" />
121 <input type="submit" name="form_delete" value="Delete" />
122
123 </center>
124
125 </form>
126
127 </body>
128 </html>
Mirror of official OpenEMR Sourceforge repository