function fileupload( $resourcetype, $currentfolder, $scommand )
{
if (!isset($_files)) {
global $_files;
}
$serrornumber = '0' ;
$sfilename = '' ;
if ( isset( $_files['newfile'] ) && !is_null( $_files['newfile']['tmp_name'] ) )
{
global $config ;
$ofile = $_files['newfile'] ;
// map the virtual path to the local server path.
$sserverdir = servermapfolder( $resourcetype, $currentfolder, $scommand ) ;
// get the uploaded file name.
$sfilename = $ofile['name'] ;
$sfilename = sanitizefilename( $sfilename ) ;
$soriginalfilename = $sfilename ;
// get the extension.
$sextension = substr( $sfilename, ( strrpos($sfilename, '.') + 1 ) ) ;
$sextension = strtolower( $sextension ) ;
if ( isset( $config['secureimageuploads'] ) )
{
if ( ( $isimagevalid = isimagevalid( $ofile['tmp_name'], $sextension ) ) === false )
{
$serrornumber = '202' ;
}
}
if ( isset( $config['htmlextensions'] ) )
{
if ( !ishtmlextension( $sextension, $config['htmlextensions'] ) &&
( $detecthtml = detecthtml( $ofile['tmp_name'] ) ) === true )
{
$serrornumber = '202' ;
}
}
// check if it is an allowed extension.
if ( !$serrornumber && isallowedext( $sextension, $resourcetype ) )
{
$icounter = 0 ;
while ( true )
{
$sfilepath = $sserverdir . $sfilename ;
if ( is_file( $sfilepath ) )
{
$icounter++ ;
$sfilename = removeextension( $soriginalfilename ) . '(' . $icounter . ').' . $sextension ;
$serrornumber = '201' ;
}
else
{
move_uploaded_file( $ofile['tmp_name'], $sfilepath ) ;
if ( is_file( $sfilepath ) )
{
if ( isset( $config['chmodonupload'] ) && !$config['chmodonupload'] )
{
break ;
}
$permissions = 0777;
if ( isset( $config['chmodonupload'] ) && $config['chmodonupload'] )
{
$permissions = $config['chmodonupload'] ;
}
$oldumask = umask(0) ;
chmod( $sfilepath, $permissions ) ;
umask( $oldumask ) ;
}
break ;
}
}
if ( file_exists( $sfilepath ) )
{
//previous checks failed, try once again
if ( isset( $isimagevalid ) && $isimagevalid === -1 && isimagevalid( $sfilepath, $sextension ) === false )
{
@unlink( $sfilepath ) ;
$serrornumber = '202' ;
}
else if ( isset( $detecthtml ) && $detecthtml === -1 && detecthtml( $sfilepath ) === true )
{
@unlink( $sfilepath ) ;
$serrornumber = '202' ;
}
}
}
else
$serrornumber = '202' ;
}
else
$serrornumber = '202' ;
$sfileurl = combinepaths( getresourcetypepath( $resourcetype, $scommand ) , $currentfolder ) ;
$sfileurl = combinepaths( $sfileurl, $sfilename ) ;
senduploadresults( $serrornumber, $sfileurl, $sfilename ) ;
exit ;