function saveNew()
{
// Check for request forgeries
JRequest::checkToken() or die('Invalid Token');
// Make sure we have a user
$user =& JFactory::getUser();
if ($user->get('username') == '') {
$errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT');
JError::raiseError(500, $errmsg);
}
// Make sure we have a valid article ID
require_once JPATH_BASE . DS . '..' . DS . 'components' . DS . 'com_attachments' . DS . 'helper.php';
$article_id = AttachmentsHelper::valid_article_id($_POST['article_id']);
if ($article_id == -1) {
// Save the warning message for the pop-up window
// ???
// echo "<script>SqueezeBox.fromElement('<a href=\"index.php\"></a>')</script>";
// echo "<script>document.getElementById('sbox-window').open()</script>";
// require_once(JPATH_BASE.DS.'..'.DS.'components'.DS.'com_attachments'.DS.'helper.php');
// $msg = JText::_('ERROR MUST SELECT ARTICLE');
// AttachmentsHelper::save_warning_message($msg);
// $button->set('options', "{handler: 'iframe', size: {x: 400, y: 300}}");
// $link = "index.php?option=com_attachments&task=warning&tmpl=component";
$errmsg = JText::_('ERROR MUST SELECT ARTICLE');
echo "<script> alert('{$errmsg}'); window.history.go(-1); </script>\n";
// exit();
}
// Make sure this user has permission to upload (should never fail with admin?)
require_once JPATH_COMPONENT_SITE . DS . 'permissions.php';
if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) {
$errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD');
JError::raiseError(500, $errmsg);
exit;
}
// Set up the new record
$row =& JTable::getInstance('Attachments', 'Table');
if (!$row->bind(JRequest::get('post'))) {
JError::raiseError(500, $row->getError());
}
$row->uploader_id = $user->get('id');
$row->article_id = $article_id;
// Handle 'from' clause
$from = JRequest::getVar('from', ' (no from)');
$msg = AttachmentsHelper::upload_file($row, $article_id);
// See where to go to next
global $option;
switch ($this->_task) {
case 'applyNew':
$link = 'index.php?option=' . $option . '&task=edit&cid[]=' . $row->id;
break;
case 'saveNew':
default:
$link = 'index.php?option=' . $option;
break;
}
// If called from the editor, go back to it
if ($from == 'editor') {
$link = 'index.php?option=com_content&task=edit&cid[]=' . $article_id;
}
// If we are supposed to close this iframe, do it now.
if ($from == 'closeme') {
echo "<script language=\"javascript\" type=\"text/javascript\">window.parent.document.getElementById('sbox-window').close()</script>";
exit;
}
$this->setRedirect($link, $msg);
}
function addAttachments(&$row, &$params, $page = 0)
{
// Only display attachments for content (articles)
global $option;
if ($option != 'com_content') {
return;
}
// Apparently this is called before articles are displayed (ignore those calls)
if (!isset($row->id)) {
return;
}
// Get the component parameters
jimport('joomla.application.component.helper');
$attachParams = JComponentHelper::getParams('com_attachments');
// Get some of the options
$user =& JFactory::getUser();
$logged_in = $user->get('username') != '';
$user_type = $user->get('usertype', false);
// Load the language files from the backend
$lang =& JFactory::getLanguage();
$lang->load('plg_frontend_attachments', JPATH_ADMINISTRATOR);
// See whether we can display the links to add attachments
require_once JPATH_SITE . DS . 'components' . DS . 'com_attachments' . DS . 'permissions.php';
if (AttachmentsPermissions::attachments_hidden_for_article($row->id, $attachParams)) {
return;
}
$user_can_add = AttachmentsPermissions::user_may_add_attachment($user, $row->id);
// Determine where we are
global $option;
$from = JRequest::getVar('view', false);
$Itemid = JRequest::getVar('Itemid', false);
if (is_numeric($Itemid)) {
$Itemid = intval($Itemid);
} else {
$Itemid = 1;
}
// Show the attachment list (if appropriate)
$who_can_see = $attachParams->get('who_can_see', 'logged_in');
if ($who_can_see == 'anyone' || $who_can_see == 'logged_in' && $logged_in) {
$row->text .= attachments_attachmentListHtml($row->id, $user_can_add, $Itemid, $from);
}
if ($user_can_add) {
$row->text .= attachments_attachmentButtonsHTML($row->id, $Itemid, $from);
}
}
function save()
{
// Check for request forgeries
JRequest::checkToken() or die('Invalid Token');
// Make sure that the caller is logged in
$user =& JFactory::getUser();
if ($user->get('username') == '') {
$errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT');
JError::raiseError(500, $errmsg);
}
// Make sure we have a valid article ID
$article_id = AttachmentsHelper::valid_article_id(JRequest::getVar('article_id', null, 'POST'));
// Verify that this user may add attachments to this article
require_once JPATH_COMPONENT . DS . 'permissions.php';
if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) {
$errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD');
JError::raiseError(500, $errmsg);
}
// Get the Itemid
$Itemid = JRequest::getVar('Itemid', null, 'POST');
if ($Itemid && is_numeric($Itemid)) {
$Itemid = intval($Itemid);
} else {
$Itemid = 1;
}
// How to redirect?
$from = JRequest::getVar('from', false, 'POST');
if ($from) {
if ($from == 'frontpage') {
$redirect_to = JURI::base();
} elseif ($from == 'article') {
$redirect_to = JRoute::_("index.php?option=com_content&view=article&id={$article_id}", False);
} else {
$redirect_to = JURI::base();
}
} else {
$redirect_to = JURI::base();
}
// See if we should cancel
if ($_POST['submit'] == JText::_('CANCEL')) {
$msg = JText::_('UPLOAD CANCELED');
$this->setRedirect($redirect_to, $msg);
return;
}
// If this is an update, get the attachment id
$update = JRequest::getVar('update', false, 'POST');
$attachment_id = false;
if ($update) {
$attachment_id = JRequest::getVar('id', false, 'POST');
}
// Bind the info from the form
$row =& JTable::getInstance('Attachments', 'Table');
if ($attachment_id && !$row->load($attachment_id)) {
$errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})";
JError::raiseError(500, $errmsg);
exit;
}
if (!$row->bind(JRequest::get('post'))) {
JError::raiseError(500, $row->getError());
}
if (!$update) {
$row->uploader_id = $user->get('id');
$row->article_id = $article_id;
}
// Upload the file
$tmp_name = $_FILES['upload']['tmp_name'];
if ($update) {
$update_file = JRequest::getVar('update_file', false, 'POST');
if ($update_file) {
$msg = AttachmentsHelper::upload_file($row, $article_id, $update, $attachment_id);
// NOTE: store() is not needed if upload_file() is called since it does it
} else {
// Save the updated attachment
if (!$row->store()) {
JError::raiseError(500, $row->getError());
}
$msg = "Attachment updated!";
}
} else {
$msg = AttachmentsHelper::upload_file($row, $article_id, $update);
}
// If we are supposed to close this iframe, do it now.
if ($from == 'closeme') {
// Queue the message
AttachmentsHelper::enqueueSystemMessage($msg);
// Now do the Javascript to close this pop-up window and reload the parent
echo "<script language=\"javascript\" type=\"text/javascript\">\r\n window.parent.document.getElementById('sbox-window').close();\r\n window.parent.location.reload();\r\n </script>";
exit;
}
$this->setRedirect($redirect_to, $msg);
}
