$value) { $$varible= $value; } include 'header.html'; print "

\n"; switch ($submit) { case "Upload": if ($_POST["user"] == "") { $msg= "Please Include Author Name!"; form_body($msg); mysql_close($dbid); break; } $clean_user= RemoveXSS($_POST["user"]); $clean_directory= RemoveXSS($_POST["directory"]); $qvalues= "'','$today','$clean_user','$clean_directory'"; $files= ""; $cnt= 0; foreach($_FILES as $file) { if ($file['name']!=""){ if ($file['error'] > 0) { $msg= "There was an error with the file upload: $file[error]"; } else { $msg= "File(s) uploaded!"; $cnt= $cnt+1; $clean_file= RemoveXSS($file["name"]); $files.= "$clean_file, "; $location= "$ftp_dir/$_POST[directory]/".str_replace(" ", "", $file['name']); $success= move_uploaded_file($file['tmp_name'],$location); chmod ($location, 0774); } } } $files= substr($files,0,-2); $qvalues.= ",'$cnt','$files'"; $qresult= mysql_query("INSERT INTO $tb_name values ($qvalues)",$dbid); $email= "Your $mail_title was updated! \r\n \r\n"; $email.= " From: $_POST[user] \r\n"; $email.= " Directory: $_POST[directory] \r\n"; $email.= " File(s): $files \r\n\r\n"; $email.= " $web_url \r\n\r\n"; $email.= " $db_url \r\n\r\n"; $email.= "Do not respond to this message."; mail($sendto,$mail_title, $email,"From: cgull@nrel.colostate.edu"); form_body($msg); mysql_close($dbid); break; case "Reset Form": $user=""; $_POST["email"]=""; default: $msg= "No spaces in file names!"; form_body($msg); mysql_close($dbid); break; } print "\n"; } else { print "The connection to the server failed."; } include 'tail.html'; ?>