";
// CONTENTS BAR //
INCLUDE "contents.inc";
PRINT "
|
|
 Add Tax Worksheet
|
|
";
// MAIN CONTENTS //
if (isset($_POST['submit'])) { // Handle the form.
$table = "taxwork";
$name = $_POST['name'];
$description = $_POST['description'];
$IsOk = TRUE;
// move uploaded file into taxsheets folder
if (!empty($_FILES['upload']['name'])) {
$extension = explode ('.', $_FILES['upload']['name']);
$filename = SVR_BASE_PATH . 'taxsheets/' . $_FILES['upload']['name'];
if (!isset($extension[1])) {
$IsOk = FALSE;
} else {
if (StrToUpper($extension[1]) == 'EXE') $IsOk = False;
if (StrToUpper($extension[1]) == 'PHP') $IsOk = False;
if (StrToUpper($extension[1]) == 'ASP') $IsOk = False;
if (StrToUpper($extension[1]) == 'CGI') $IsOk = False;
if (StrToUpper($extension[1]) == 'PL') $IsOk = False;
}
if ($IsOk) {
// Move the file over.
if (move_uploaded_file($_FILES['upload']['tmp_name'], "$filename")) {
chmod("$filename", 0755);
echo '
Upload of file complete.
';
} else {
echo '
Upload Failed.';
$IsOk = FALSE;
}
};
} else {
$IsOk = FALSE;
}
// insert record into downloads
if ($IsOk) {
$location = 'taxsheets/' . $_FILES['upload']['name'];
$file = $_FILES['upload']['name'];
$sqlquery = "INSERT INTO downloads VALUES('NULL','$location','$file')";
$result = mysql_query($sqlquery);
$download = mysql_insert_id();
}
// insert record into taxwork
if ($IsOk) {
$sqlquery = "INSERT INTO $table VALUES('NULL','$name','$description','$download',NOW())";
$result = mysql_query($sqlquery);
$link = mysql_result(mysql_query("SELECT * FROM downloads WHERE
(dwn_id='$download')"), 0 , "file");
}
} // end of form handling
PRINT "
";
// END OF MAIN CONTENTS //
PRINT "
|
|
|
|
|