";
if(!empty($_GET["pid"])){
$pid=$_GET["pid"];
if(!empty($_FILES)){
if(in_array($_FILES["upload"]["type"], ["image/jpeg", "image/jpg", "image/png", "image/gif", "application/pdf"])){
if(!empty($_GET["name"])){
$name=$_GET["name"]."-";
}
else{
$name="";
}
$fname=str_replace("/", "", $pid)."-".$name.time()."-".rand(1000,9999).".".pathinfo($_FILES["upload"]["name"], PATHINFO_EXTENSION);
move_uploaded_file($_FILES["upload"]["tmp_name"], CONFIG_WWW."data/attachments/".$fname);
if(!empty($_GET["req"])){
$db->omitRequisition($_GET["req"]);
}
}
else{
$error=$error."Only jpg, png, gif, pdf files are supported.";
}
}
elseif(!empty($_POST["delete"])){
$file=str_replace("/","",$_POST["delete"]);
rename(CONFIG_WWW."data/attachments/".$file, CONFIG_WWW."data/attachments/.trash/".$file);
}
if(checkAccess("attachments")=="all" && $db->getStatus($pid)->fetchArray()["status"]=="admitted"){
$hideEdit="";
}
else{
$hideEdit="style='display:none'";
}
foreach(glob("data/attachments/".str_replace("/", "", $pid)."-*") as $attach){
if(pathinfo($attach, PATHINFO_EXTENSION)=="pdf"){
$pdfs=$pdfs."
".pathinfo($attach, PATHINFO_BASENAME)."
";
}
else{
preg_match("/-([0-9]+)-/", pathinfo($attach, PATHINFO_FILENAME), $orig);
$imgs=$imgs."
";
}
}
}
$imgs=$imgs."