Specifications
LISTING 28.15 Continued
if($i==0)
$destination = “archive/$list/$mailid/text.txt”;
else if($i == 1)
$destination = “archive/$list/$mailid/index.html”;
else
{
$destination = “archive/$list/$mailid/”.$userfile_name[$i];
$query = “insert into images values ($mailid,
‘“.$userfile_name[$i].”’,
‘“.$userfile_type[$i].”’)”;
$result = mysql_query($query);
}
//if we are using PHP version >= 4.03
/*
if (!is_uploaded_file($userfile[$i]))
{
// possible file upload attack detected
echo “Something funny happening with ‘$userfile’, not uploading.”;
do_html_footer();
exit;
}
move_uploaded_file($userfile[$i], $destination);
*/
// if version <= 4.02
copy ($userfile[$i], $destination);
unlink($userfile[$i]);
$i++;
}
display_preview_button($list, $mailid, ‘preview-html’);
display_preview_button($list, $mailid, ‘preview-text’);
display_button(‘send’, “&id=$mailid”);
echo “<br><br><br><br><br>”;
do_html_footer();
?>
Let’s walk through the steps in Listing 28.15.
First, we start a session and check that the user is logged in as an administrator—we don’t
want to let anybody else upload files.
Building a Mailing List Manager
C
HAPTER 28
28
BUILDING A
MAILING LIST
MANAGER
701
34 7842 CH28 3/6/01 3:46 PM Page 701