MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // check for valid session session_start(); include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } //Fb::log($_REQUEST);exit; $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; $secureurl = new phpsecureurl(); $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); if (!$user_obj->isAdmin()) { header('Location:' . $secureurl->encode('error.php?ec=4')); exit; } if (isset($_REQUEST['cancel']) and $_REQUEST['cancel'] != 'Cancel') { draw_menu($_SESSION['uid']); } if (isset($_GET['submit']) && $_GET['submit'] == 'add') { draw_header(msg('area_add_new_udf'), $last_message); // Check to see if user is admin ?> <form id="udfAddForm" action="udf.php?last_message=<?php echo $last_message; ?>
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // user.php - Administer Users // check for valid session // if changes are to be made on other account, then $item will contain // the other account's id number. session_start(); include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; // includes $secureurl = new phpsecureurl(); /////////////////////////////////////////////////////////////////////////// // Any person who is accessing this page, if they access their own account, then it's ok. // If they are not accessing their own account, then they have to be an admin. $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); // Make sure the item and uid are set, then check to make sure they are the same and they have admin privs, otherwise, user is not able to modify another users' info if (isset($_SESSION['uid']) & isset($_GET['item'])) { if ($_SESSION['uid'] != $_GET['item'] && $user_obj->isAdmin() != true) { header('Location:' . $secureurl->encode('error.php?ec=4')); exit; } } $redirect = 'admin.php'; //If the user is not an admin and he/she is trying to access other account that // is not his, error out. if ($user_obj->isAdmin() == true) {
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ session_start(); // admin.php - administration functions for admin users // check for valid session // includes include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } include 'udf_functions.php'; // open a connection to the database $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); $secureurl = new phpsecureurl(); // Check to see if user is admin if (!$user_obj->isAdmin()) { header('Location:error.php?ec=4'); exit; } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; draw_header(msg('label_admin'), $last_message); ?> <table border="1" cellspacing="5" cellpadding="5" > <th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php echo msg('users'); ?> </font></th><th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php echo msg('label_department'); ?>
if (strchr($_REQUEST['id'], '_')) { list($_REQUEST['id'], $lrevision_id) = explode('_', $_REQUEST['id']); $pageTitle = msg('area_file_details') . ' ' . msg('revision') . ' #' . $lrevision_id; $filesize = display_filesize($GLOBALS['CONFIG']['revisionDir'] . $_REQUEST['id'] . '/' . $_REQUEST['id'] . '_' . $lrevision_id . '.dat'); } else { $pageTitle = msg('area_file_details'); } draw_header(msg('area_file_details'), $last_message); $lrequest_id = $_REQUEST['id']; //save an original copy of id $filedata = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME); checkUserPermission($_REQUEST['id'], $filedata->VIEW_RIGHT, $filedata); $user = new User_Perms($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); $userPermObj = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); $user_obj = new user($filedata->getOwner(), $GLOBALS['connection'], DB_NAME); $secureurl = new phpsecureurl(); // display details $owner_id = $filedata->getOwner(); $category = $filedata->getCategoryName(); $owner_fullname = $filedata->getOwnerFullName(); $owner = $owner_fullname[1] . ', ' . $owner_fullname[0]; $realname = $filedata->getName(); $created = $filedata->getCreatedDate(); $description = $filedata->getDescription(); $comment = $filedata->getComment(); $status = $filedata->getStatus(); $reviewer = $filedata->getReviewerName(); // corrections if ($description == '') { $description = msg('message_no_description_available'); }
function udf_functions_add_udf() { if (empty($_REQUEST['table_name'])) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=' . msg('message_udf_cannot_be_blank'))); exit; } if (empty($_REQUEST['display_name'])) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=' . msg('message_udf_cannot_be_blank'))); exit; } $table_name = str_replace(' ', '', $GLOBALS['CONFIG']['db_prefix'] . 'udftbl_' . $_REQUEST['table_name']); if (!preg_match('/^\\w+$/', $table_name)) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Invalid+Name+(A-Z 0-9 Only)')); exit; } // Check for duplicate table name $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}udf WHERE table_name='{$table_name}'"; $result = mysql_query($query); //echo mysql_num_rows($result); if (mysql_numrows($result) == "0") { if ($_REQUEST['field_type'] == 1 || $_REQUEST['field_type'] == 2) { // They have chosen Select list of Radio list // // First we add a new column in the data table $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' int AFTER category'; $result = mysql_query($query); if (!$result) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter')); exit; } // Now we need to create a new table to store the UDF Info $query = 'CREATE TABLE ' . $table_name . ' ( id int auto_increment unique, value varchar(64) )'; $result = mysql_query($query); if (!$result) { // If the CREATE fails, rollback the ALTER $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create')); exit; } // And finally, add an entry into the udf table $query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')'; $result = mysql_query($query); if (!$result) { // If the INSERT fails, rollback the CREATE and ALTER $query = 'DROP TABLE ' . $table_name; $result = mysql_query($query); $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT')); exit; } } elseif ($_REQUEST['field_type'] == 4) { // They have chosen Select list of Radio list // // First we add a new column in the data table $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . '_primary int AFTER category, ADD COLUMN ' . $table_name . '_secondary int AFTER ' . $table_name . '_primary'; //$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' int AFTER category'; $result = mysql_query($query); if (!$result) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter')); exit; } // Now we need to create a new table to store the UDF Info $query = 'CREATE TABLE ' . $table_name . '_primary ( id int auto_increment unique, value varchar(64) )'; $result = mysql_query($query); if (!$result) { // If the CREATE fails, rollback the ALTER $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary'; //$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary, DROP COLUMN ' . $table_name . '_secondary'; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create')); exit; } $query = 'CREATE TABLE ' . $table_name . '_secondary ( id int auto_increment unique, value varchar(64), pr_id int )'; $result = mysql_query($query); if (!$result) { // If the CREATE fails, rollback the ALTER $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_secondary'; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create')); exit; } // And finally, add an entry into the udf table $query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '_primary","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')'; $result = mysql_query($query); if (!$result) { // If the INSERT fails, rollback the CREATE and ALTER $query = 'DROP TABLE ' . $table_name . '_primary'; $result = mysql_query($query); $query = 'DROP TABLE ' . $table_name . '_secondary'; $result = mysql_query($query); //$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name; $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary, DROP COLUMN ' . $table_name . '_secondary'; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT')); exit; } } elseif ($_REQUEST['field_type'] == 3) { // The have chosen a text field $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' varchar(255) AFTER category'; $result = mysql_query($query); if (!$result) { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter')); exit; } $query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')'; $result = mysql_query($query); if (!$result) { // If the INSERT fails, rollback the ALTER $query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name; $result = mysql_query($query); $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT')); exit; } } } else { $secureurl = new phpsecureurl(); header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Duplicate+Table+Name')); exit; } }
GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // check for valid session session_start(); // includes include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); $secureurl = new phpsecureurl(); $settings = new Settings(); //If the user is not an admin and he/she is trying to access other account that // is not his, error out. if (!$user_obj->isRoot() == true) { header('Location:' . $secureurl->encode('error.php?ec=24')); exit; } if (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'update') { draw_header(msg('label_settings'), $last_message); $settings->edit(); draw_footer(); } elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Save') { draw_header(msg('label_settings'), $last_message); // Clean up the datadir a bit to make sure it ends with slash if (!empty($_POST['dataDir'])) {
/** * list_files - Display a list of files * @return NULL * @param array $fileid_array * @param object $userperms_obj * @param string $dataDir * @param boolean $showCheckBox * @param boolean $rejectpage */ function list_files($fileid_array, $userperms_obj, $dataDir, $showCheckBox = 'false', $rejectpage = 'false') { // print_r($fileid_array);exit; $secureurl = new phpsecureurl(); if (sizeof($fileid_array) == 0 || !isset($fileid_array[0])) { echo '<img src="images/exclamation.gif">' . msg('message_no_files_found') . "\n"; return -1; } foreach ($fileid_array as $fileid) { $file_obj = new FileData($fileid, $GLOBALS['connection'], DB_NAME); $userAccessLevel = $userperms_obj->getAuthority($fileid, $file_obj); $description = $file_obj->getDescription(); if ($file_obj->getStatus() == 0 and $userAccessLevel >= $userperms_obj->VIEW_RIGHT) { $lock = false; } else { $lock = true; } if ($description == '') { $description = msg('message_no_description_available'); } // set filename for filesize() call below //$filename = $dataDir . $file_obj->getId() . '.dat'; // begin displaying file list with basic information //$comment = $file_obj->getComment(); $created_date = fix_date($file_obj->getCreatedDate()); if ($file_obj->getModifiedDate()) { $modified_date = fix_date($file_obj->getModifiedDate()); } else { $modified_date = $created_date; } $full_name_array = $file_obj->getOwnerFullName(); $owner_name = $full_name_array[1] . ', ' . $full_name_array[0]; //$user_obj = new User($file_obj->getOwner(), $file_obj->connection, $file_obj->database); $dept_name = $file_obj->getDeptName(); $realname = $file_obj->getRealname(); //$filesize = $file_obj->getFileSize(); //Get the file size in bytes. $filesize = display_filesize($GLOBALS['CONFIG']['dataDir'] . $fileid . '.dat'); if ($userAccessLevel >= $userperms_obj->READ_RIGHT) { $suffix = strtolower(substr($realname, strrpos($realname, ".") + 1)); $lmimetype = File::mime_by_ext($suffix); $view_link = 'view_file.php?submit=view&id=' . urlencode($fileid) . '&mimetype=' . urlencode("{$lmimetype}"); } else { $view_link = 'none'; } $details_link = $secureurl->encode('details.php?id=' . $fileid . '&state=' . ($_REQUEST['state'] + 1)); $read = array($userperms_obj->READ_RIGHT, 'r'); $write = array($userperms_obj->WRITE_RIGHT, 'w'); $admin = array($userperms_obj->ADMIN_RIGHT, 'a'); $rights = array($read, $write, $admin); $index_found = -1; //$rights[max][0] = admin, $rights[max-1][0]=write, ..., $right[min][0]=view //if $userright matches with $rights[max][0], then this user has all the rights of $rights[max][0] //and everything below it. for ($i = sizeof($rights) - 1; $i >= 0; $i--) { if ($userAccessLevel == $rights[$i][0]) { $index_found = $i; $i = 0; } } //Found the user right, now bold every below it. For those that matches, make them different. for ($i = $index_found; $i >= 0; $i--) { $rights[$i][1] = '<b>' . $rights[$i][1] . '</b>'; } //For everything above it, blank out for ($i = $index_found + 1; $i < sizeof($rights); $i++) { $rights[$i][1] = '-'; } $file_list_arr[] = array('id' => $fileid, 'view_link' => $view_link, 'details_link' => $details_link, 'filename' => $realname, 'description' => $description, 'rights' => $rights, 'created_date' => $created_date, 'modified_date' => $modified_date, 'owner_name' => $owner_name, 'dept_name' => $dept_name, 'filesize' => $filesize, 'lock' => $lock, 'showCheckbox' => $showCheckBox, 'rejectpage' => $rejectpage); //print_r($file_list_arr);exit; } $limit_reached = false; if (count($file_list_arr) >= $GLOBALS['CONFIG']['max_query']) { $limit_reached = true; } $GLOBALS['smarty']->assign('limit_reached', $limit_reached); $GLOBALS['smarty']->assign('showCheckBox', $showCheckBox); //print_r($file_list_arr);exit; $GLOBALS['smarty']->assign('file_list_arr', $file_list_arr); //print_r($GLOBALS['smarty']); // Call the plugin API callPluginMethod('onBeforeListFiles', $file_list_arr); display_smarty_template('out.tpl'); callPluginMethod('onAfterListFiles'); }
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // check to ensure valid session, else redirect session_start(); //$_SESSION['uid']=102; $sort_by = 'author'; //$start_time = time(); // includes $GLOBALS['state'] = 1; require_once 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; draw_header(msg('label_file_listing'), $last_message); sort_browser(); $secureurl_obj = new phpsecureurl(); $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); if ($user_obj->isAdmin()) { $reviewIdCount = sizeof($user_obj->getAllRevieweeIds()); } elseif ($user_obj->isReviewer()) { $reviewIdCount = sizeof($user_obj->getRevieweeIds()); } else { $reviewIdCount = 0; } if ($reviewIdCount > 0) { echo '<img src="images/exclamation.gif" /> <a href="' . $secureurl_obj->encode('toBePublished.php?state=1') . '">' . msg('message_documents_waiting') . '</a>: ' . $reviewIdCount . '</a><br />'; } $rejected_files_obj = $user_obj->getRejectedFileIds(); if (isset($rejected_files_obj[0]) && $rejected_files_obj[0] != null) { echo '<img src="images/exclamation_red.gif" /> <a href="' . $secureurl_obj->encode('rejects.php?state=1') . '">' . msg('message_documents_rejected') . '</a>: ' . sizeof($rejected_files_obj) . '<br />'; }
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // check for session and $_REQUEST['id'] session_start(); include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } include 'udf_functions.php'; $secureurl = new phpsecureurl(); // open a connection to the database $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); // Check to see if user is admin if (!$user_obj->isAdmin()) { header('Location:error.php?ec=4'); exit; } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; draw_header(msg('accesslogpage_access_log'), $last_message); $query = "SELECT \n {$GLOBALS['CONFIG']['db_prefix']}access_log.*, \n {$GLOBALS['CONFIG']['db_prefix']}data.realname, \n {$GLOBALS['CONFIG']['db_prefix']}user.username\n FROM \n {$GLOBALS['CONFIG']['db_prefix']}access_log \n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}data ON {$GLOBALS['CONFIG']['db_prefix']}access_log.file_id={$GLOBALS['CONFIG']['db_prefix']}data.id\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}user ON {$GLOBALS['CONFIG']['db_prefix']}access_log.user_id = {$GLOBALS['CONFIG']['db_prefix']}user.id\n "; $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error()); $actions_array = array("A" => msg('accesslogpage_file_added'), "B" => msg('accesslogpage_reserved'), "C" => msg('accesslogpage_reserved'), "V" => msg('accesslogpage_file_viewed'), "D" => msg('accesslogpage_file_downloaded'), "M" => msg('accesslogpage_file_modified'), "I" => msg('accesslogpage_file_checked_in'), "O" => msg('accesslogpage_file_checked_out'), "X" => msg('accesslogpage_file_deleted'), "Y" => msg('accesslogpage_file_authorized'), "R" => msg('accesslogpage_file_rejected')); $accesslog_array = array(); while ($row = mysql_fetch_array($result)) { $details_link = $secureurl->encode('details.php?id=' . $row['file_id'] . '&state=' . ($_REQUEST['state'] + 1));
<?php /* secureurl.php - provides integration to secure url class Copyright (C) 2002, 2003, 2004 Stephen Lawrence Jr., Khoa Nguyen Copyright (C) 2005-2011 Stephen Lawrence Jr. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ if ($GLOBALS['CONFIG']['secureurl'] == 'True' && (isset($_GET['id']) || isset($_GET['state']) || isset($_GET['id0']) || isset($_GET['where']) || isset($_GET['sort_order']) || isset($_GET['submit']))) { $secureurl = new phpsecureurl(); header('Location:' . $secureurl->encode("{$_SERVER['SCRIPT_NAME']}?{$_SERVER['QUERY_STRING']}")); exit; } elseif (isset($_GET['aku'])) { $secureurl = new phpsecureurl(); $secureurl->decode(); //echo 'dkakdkdk'.$_REQUEST['id']; //echo("Location:$_SERVER[SCRIPT_NAME]?" . $_SERVER['QUERY_STRING']); exit; }
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // check for valid session session_start(); // includes include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; // Make sure user is admin $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME); $secureurl = new phpsecureurl(); //If the user is not an admin and he/she is trying to access other account that // is not his, error out. if (!$user_obj->isAdmin() == true) { header('Location:' . $secureurl->encode('error.php?ec=4')); exit; } /* Add A New Department */ if (isset($_GET['submit']) && $_GET['submit'] == 'add') { draw_header(msg('area_add_new_department'), $last_message); ?> <form id="addDepartmentForm" action="department.php" method="POST" enctype="multipart/form-data"> <table border="0" cellspacing="5" cellpadding="5">