Example #1
0
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
// get a list of documents the user has "view" permission for
// get current user's information-->department
$user_obj = new User($_SESSION['uid'], $pdo);
if (!$user_obj->isRoot()) {
    header('Location:error.php?ec=24');
}
$flag = 0;
if (isset($_GET['submit']) && $_GET['submit'] == 'view_checkedout') {
    echo PHP_EOL . '<form name="table" action="file_ops.php" method="POST">';
    echo PHP_EOL . '<input name="submit" type="hidden" value="Clear Status">';
    draw_header(msg('label_checked_out_files'), $last_message);
    $file_id_array = $user_obj->getCheckedOutFiles();
    $page_url = 'file_ops.php?';
    $user_perm_obj = new UserPermission($_SESSION['uid'], $pdo);
    $list_status = list_files($file_id_array, $user_perm_obj, $GLOBALS['CONFIG']['dataDir'], true, true);
    if ($list_status != -1) {
        echo PHP_EOL . '<BR><div class="buttons"><button class="positive" type="submit" name="submit" value="Clear Status">' . msg('button_clear_status') . '</button></div><br />';
        echo PHP_EOL . '</form>';
    }
    draw_footer();
} elseif (isset($_POST['submit']) && $_POST['submit'] == 'Clear Status') {
    if (isset($_POST["checkbox"])) {
        foreach ($_POST['checkbox'] as $cbox) {
            $file_id = $cbox;
            $file_obj = new FileData($file_id, $pdo);
            $file_obj->setStatus(0);
Example #2
0
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
$user_obj = new User($_SESSION['uid'], $pdo);
$settings = new Settings($pdo);
//If the user is not an admin and he/she is trying to access other account that
// is not his, error out.
if (!$user_obj->isRoot() == true) {
    header('Location: error.php?ec=24');
    exit;
}
if (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'update') {
    draw_header(msg('label_settings'), $last_message);
    $settings->edit();
    draw_footer();
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Save') {
    draw_header(msg('label_settings'), $last_message);
    // Clean up the datadir a bit to make sure it ends with slash
    if (!empty($_POST['dataDir'])) {
        if (substr($_POST['dataDir'], -1) != '/') {
            $_POST['dataDir'] .= '/';
        }
    }
    // Perform Input Validation
    if (!is_dir($_POST['dataDir'])) {
        $_POST['last_message'] = $GLOBALS['lang']['message_datadir_problem_exists'];
    } elseif (!is_writable($_POST['dataDir'])) {
        $_POST['last_message'] = $GLOBALS['lang']['message_datadir_problem_writable'];
    } elseif (!is_numeric($_POST['max_filesize']) || (!is_numeric($_POST['revision_expiration']) || !is_numeric($_POST['max_query']))) {
        $_POST['last_message'] = $GLOBALS['lang']['message_config_value_problem'];
    } elseif ($settings->save($_POST)) {
        $_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
Example #3
0
    ?>
</button>
                                            </div>
                                        </td>
                                    </tr>
                            </table>
                        </form>
   <script>
  $(document).ready(function(){
    $('#modifyDeptForm').validate();
  });
  </script>
                            <?php 
    draw_footer();
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'updatepick') {
    draw_header(msg('area_choose_department'), $last_message);
    ?>
                            <form action="<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
" method="GET" enctype="multipart/form-data">
                                <INPUT type="hidden" name="state" value="<?php 
    echo $_REQUEST['state'] + 1;
    ?>
">
                                <table border="0" cellspacing="5" cellpadding="5">
                                    <tr>
                                        <td><b><?php 
    echo msg('label_department_to_modify');
    ?>
:</b></td>
Example #4
0
// includes
// open connection
if (!isset($_POST['submit'])) {
    // form not yet submitted, display initial form
    // pre-fill the form with some information so that user knows which file is being updated
    $query = "SELECT description, realname FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE id = '{$_REQUEST['id']}' AND status = '{$_SESSION['uid']}'";
    $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
    // in case script is directly accessed, query above will return 0 rows
    if (mysql_num_rows($result) <= 0) {
        $last_message = 'Failed';
        header('Location:error.php?ec=2&last_message=' . urlencode($last_message));
        exit;
    } else {
        // get result data
        list($description, $realname) = mysql_fetch_row($result);
        draw_header(msg('button_check_in'), $last_message);
        // correction
        if ($description == '') {
            $description = msg('message_no_description_available');
        }
        // clean up
        mysql_free_result($result);
        // start displaying form
        ?>
<table border="0" cellspacing="5" cellpadding="5">
    <form action="<?php 
        echo $_SERVER['PHP_SELF'];
        ?>
" method="POST" enctype="multipart/form-data">
        <input type="hidden" name="id" value="<?php 
        echo $_GET['id'];
Example #5
0
                $stmt->execute(array(':newvalue' => $_REQUEST['newvalue'], ':primary_type' => $_REQUEST['primary_type']));
            }
        }
        // Do Deletes
        $query = "\n          SELECT\n            max(id)\n          FROM\n            {$udf_table_name}\n        ";
        $stmt = $pdo->prepare($query);
        $stmt->execute();
        $result = $stmt->fetchColumn();
        $max = $result;
        while ($max > 0) {
            if (isset($_REQUEST['x' . $max]) && $_REQUEST['x' . $max] == "on") {
                $query = "\n                  DELETE FROM\n                    {$GLOBALS['CONFIG']['db_prefix']}udftbl_{$field_name}{$tablename}\n                  WHERE\n                    id = {$max}\n                ";
                $stmt = $pdo->prepare($query);
                $stmt->execute();
            }
            $max--;
        }
        $query = "\n              SELECT\n                *\n              FROM\n                {$_REQUEST['udf']}\n            ";
        $stmt = $pdo->prepare($query);
        $stmt->execute();
        $rows2 = $stmt->fetchAll();
        $GLOBALS['smarty']->assign('udf', $_REQUEST['udf']);
        $GLOBALS['smarty']->assign('display_name', $display_name);
        $GLOBALS['smarty']->assign('rows', $rows2);
        display_smarty_template('udf/edit_type_4.tpl');
    }
    draw_footer();
} else {
    draw_header(msg('label_user_defined_field'), $last_message);
    draw_footer();
}
Example #6
0
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
// includes
include 'odm-load.php';
session_start();
$last_message = isset($_REQUEST['last_message']) ? htmlspecialchars($_REQUEST['last_message']) : '';
draw_header(msg('error'), $last_message);
if (isset($_REQUEST['ec']) && intval($_REQUEST['ec']) >= 0) {
    switch ($_REQUEST['ec']) {
        // login failure
        case 0:
            $message = msg('message_there_was_an_error_loggin_you_in');
            break;
            // session problem
        // session problem
        case 1:
            $message = msg('message_session_error');
            break;
            // malformed variable/failed query
        // malformed variable/failed query
        case 2:
            $message = msg('message_error_performing_action');
Example #7
0
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
    header('Location:error.php?ec=2');
    exit;
}
/* if the user has read-only authority on the file, his check out 
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file.  Therefore, he will not be able to check-in the file on
the server
*/
$fileobj = new FileData($_GET['id'], $GLOBALS['connection'], DB_NAME);
$fileobj->setId($_GET['id']);
if ($fileobj->getError() != NULL || $fileobj->getStatus() > 0 || $fileobj->isArchived()) {
    header('Location:error.php?ec=2');
    exit;
}
if (!isset($_GET['submit'])) {
    draw_header(msg('area_check_out_file'), $last_message);
    // form not yet submitted
    // display information on how to initiate download
    checkUserPermission($_REQUEST['id'], $fileobj->WRITE_RIGHT, $fileobj);
    ?>


<p>

<form action="<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
" method="get">
    <input type="hidden" name="id" value="<?php 
    echo $_GET['id'];
    ?>
Example #8
0
// check for session and $_REQUEST['id']
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
include 'udf_functions.php';
// open a connection to the database
$user_obj = new User($_SESSION['uid'], $pdo);
// Check to see if user is admin
if (!$user_obj->isAdmin()) {
    header('Location:error.php?ec=4');
    exit;
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('accesslogpage_access_log'), $last_message);
$query = "SELECT \n            a.*,\n            d.realname,\n            u.username\n          FROM \n            {$GLOBALS['CONFIG']['db_prefix']}access_log a\n          INNER JOIN \n            {$GLOBALS['CONFIG']['db_prefix']}data AS d ON a.file_id = d.id\n          INNER JOIN \n            {$GLOBALS['CONFIG']['db_prefix']}user AS u ON a.user_id = u.id\n        ";
$stmt = $pdo->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
$actions_array = array("A" => msg('accesslogpage_file_added'), "B" => msg('accesslogpage_reserved'), "C" => msg('accesslogpage_reserved'), "V" => msg('accesslogpage_file_viewed'), "D" => msg('accesslogpage_file_downloaded'), "M" => msg('accesslogpage_file_modified'), "I" => msg('accesslogpage_file_checked_in'), "O" => msg('accesslogpage_file_checked_out'), "X" => msg('accesslogpage_file_deleted'), "Y" => msg('accesslogpage_file_authorized'), "R" => msg('accesslogpage_file_rejected'));
$accesslog_array = array();
foreach ($result as $row) {
    $details_link = 'details.php?id=' . $row['file_id'] . '&state=' . ($_REQUEST['state'] + 1);
    $accesslog_array[] = array('user_id' => $row['user_id'], 'file_id' => $row['file_id'], 'user_name' => $row['username'], 'realname' => $row['realname'], 'action' => $actions_array[$row['action']], 'details_link' => $details_link, 'timestamp' => $row['timestamp']);
}
$view->setData(['accesslog_array' => $accesslog_array, 'showCheckBox' => false, 'form' => 0]);
$view->setView('access_log');
$view->setLayout('default');
echo $view->__invoke();
draw_footer();
Example #9
0
    draw_header(msg('message_documents_waiting'), $last_message);
    $userpermission = new UserPermission($_SESSION['uid'], $pdo);
    if ($user_obj->isAdmin()) {
        $id_array = $user_obj->getAllRevieweeIds();
    } else {
        $id_array = $user_obj->getRevieweeIds();
    }
    $list_status = list_files($id_array, $userpermission, $GLOBALS['CONFIG']['dataDir'], true);
    if ($list_status != -1) {
        display_smarty_template('toBePublished.tpl');
    }
} elseif (isset($_REQUEST['submit']) && ($_REQUEST['submit'] == 'commentAuthorize' || $_REQUEST['submit'] == 'commentReject')) {
    if (!isset($_REQUEST['checkbox'])) {
        header('Location: ' . $_SERVER['PHP_SELF'] . '?last_message=' . urlencode(msg('message_you_did_not_enter_value')));
    }
    draw_header(msg('label_comment'), $last_message);
    $checkbox = isset($_REQUEST['checkbox']) ? $_REQUEST['checkbox'] : '';
    /*    if($mode == 'reviewer')
        {
            $access_mode = 'enabled';
        }
        else
        {
            $access_mode = 'disabled';
        }
    
    */
    if ($_REQUEST['submit'] == 'commentReject') {
        $submit_value = 'Reject';
    } elseif ($_REQUEST['submit'] == 'commentAuthorize') {
        $submit_value = 'Authorize';
Example #10
0
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
    header('Location:error.php?ec=2');
    exit;
}
if (strchr($_REQUEST['id'], '_')) {
    header('Location:error.php?ec=20');
}
$filedata = new FileData($_REQUEST['id'], $pdo);
if ($filedata->isArchived()) {
    header('Location:error.php?ec=21');
}
// form not yet submitted, display initial form
if (!isset($_REQUEST['submit'])) {
    draw_header(msg('area_update_file'), $last_message);
    checkUserPermission($_REQUEST['id'], $filedata->ADMIN_RIGHT, $filedata);
    $current_user_dept = $user_perms_obj->user_obj->getDeptId();
    $data_id = $_REQUEST['id'];
    // includes
    $department_query = "SELECT department FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id=:user_id";
    $department_stmt = $pdo->prepare($department_query);
    $department_stmt->bindParam(':user_id', $_SESSION['uid']);
    $department_stmt->execute();
    $result = $department_stmt->fetchAll();
    if ($department_stmt->rowCount() != 1) {
        header('Location:error.php?ec=14');
        exit;
        //non-unique error
    }
    $filedata = new FileData($data_id, $pdo);
Example #11
0
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
include 'udf_functions.php';
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
/*$_GET['where']='department';
  $_GET['keyword']='Information Systems';
  $_SESSION['uid']=102;
  $_GET['submit']='submit';
  $_GET['exact_phrase']='on';
  $_GET['case_sensitivity']='';
*/
/// includes
$start_time = time();
draw_header(msg('search'), $last_message);
echo '<body bgcolor="white">';
if (!isset($_GET['submit'])) {
    ?>
    <p>

    <table border="0" cellspacing="5" cellpadding="5">
        <form action=<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
 method="get">

            <tr>
                <td valign="top"><b><?php 
    echo msg('label_search_term');
    ?>
Example #12
0
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
// check to ensure valid session, else redirect
session_start();
//$_SESSION['uid']=102; $sort_by = 'author';
//$start_time = time();
// includes
$GLOBALS['state'] = 1;
require_once 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('label_file_listing'), $last_message);
sort_browser();
$user_obj = new User($_SESSION['uid'], $pdo);
if ($user_obj->isAdmin()) {
    $reviewIdCount = sizeof($user_obj->getAllRevieweeIds());
} elseif ($user_obj->isReviewer()) {
    $reviewIdCount = sizeof($user_obj->getRevieweeIds());
} else {
    $reviewIdCount = 0;
}
if ($reviewIdCount > 0) {
    echo '<img src="images/exclamation.gif" /> <a href="toBePublished.php?state=1">' . msg('message_documents_waiting') . '</a>: ' . e::h($reviewIdCount) . '</a><br />';
}
$rejected_files_obj = $user_obj->getRejectedFileIds();
if (isset($rejected_files_obj[0]) && $rejected_files_obj[0] != null) {
    echo '<img src="images/exclamation_red.gif" /> <a href="rejects.php?state=1">' . msg('message_documents_rejected') . '</a>: ' . sizeof($rejected_files_obj) . '<br />';
Example #13
0
    header('Location:error.php?ec=2');
    ob_end_flush();
    // Flush buffer onto screens
    ob_end_clean();
    // Clean up buffer
    exit;
} else {
    // all checks completed
    /* to avoid problems with some browsers,
       download script should not include parameters on the URL
       so let's use a form and pass the parameters via POST
       */
    // form not yet submitted
    // display information on how to initiate download
    if (!isset($submit)) {
        draw_header('Add New User', $last_message);
        ?>
			<p>

			<form action="<?php 
        echo $_SERVER['PHP_SELF'];
        ?>
" method="post">
			<input type="hidden" name="id" value="<?php 
        echo $_POST['id'];
        ?>
">
			<input type="submit" name="submit" value="Click here"> to begin downloading the selected document to your local workstation.
			</form>
			Once the document has completed downloading, you may <a href="out.php">continue browsing</a>.
			<?php 
Example #14
0
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('area_personal_profile'), $last_message);
?>

<html>
    <br><br>
    <INPUT type="hidden" name="callee" value="profile.php">
    <table name="list" align="center" border="0">
           <tr><td><a href="user.php?submit=Modify+User&item=<?php 
echo $_SESSION['uid'];
?>
"><?php 
echo msg('profilepage_update_profile');
?>
</a></td></tr>
                        </table>
<?php 
Example #15
0
        $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}dept_reviewer WHERE user_id = :user_id";
        $stmt = $pdo->prepare($query);
        $stmt->execute(array(':user_id' => $_POST['id']));
        if (isset($_REQUEST['department_review'])) {
            for ($i = 0; $i < sizeof($_REQUEST['department_review']); $i++) {
                $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}dept_reviewer (dept_id,user_id) VALUES(:dept_id, :user_id)";
                $stmt = $pdo->prepare($query);
                $stmt->execute(array(':dept_id' => $_REQUEST['department_review'][$i], ':user_id' => $_POST['id']));
            }
        }
    }
    // back to main page
    $last_message = urlencode(msg('message_user_successfully_updated'));
    header('Location: out.php?last_message=' . $last_message);
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'updatepick') {
    draw_header(msg('userpage_modify_user'), $last_message);
    // Check to see if user is admin
    $query = "SELECT admin FROM {$GLOBALS['CONFIG']['db_prefix']}admin WHERE id = :uid and admin = '1'";
    $stmt = $pdo->prepare($query);
    $stmt->execute(array(':uid' => $_SESSION['uid']));
    if ($stmt->rowCount() <= 0) {
        header('Location: error.php?ec=4');
        exit;
    }
    $query = "SELECT id, username, first_name, last_name FROM {$GLOBALS['CONFIG']['db_prefix']}user ORDER BY last_name";
    $stmt = $pdo->prepare($query);
    $stmt->execute();
    $users = $stmt->fetchAll();
    $GLOBALS['smarty']->assign('state', (int) $_REQUEST['state'] + 1);
    $GLOBALS['smarty']->assign('users', $users);
    display_smarty_template('user/edit_pick.tpl');
Example #16
0
    ?>
</button>
                </div>
            </td>
        </tr>
    </table>
 </form>
 <script>
  $(document).ready(function(){
    $('#updateCategoryForm').validate();
  });
  </script>
    <?php 
    draw_footer();
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'updatepick') {
    draw_header(msg('area_update_category') . ': ' . msg('choose'), $last_message);
    ?>
    <form action="<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
" method="POST" enctype="multipart/form-data">
        <input type="hidden" name="state" value="<?php 
    echo $_REQUEST['state'] + 1;
    ?>
">
        <table border="0">
            <tr>
                <td><b><?php 
    echo msg('choose');
    ?>
 <?php 
Example #17
0
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
include 'udf_functions.php';
require_once "AccessLog_class.php";
require_once "File_class.php";
require_once 'Reviewer_class.php';
require_once 'Email_class.php';
$user_obj = new User($_SESSION['uid'], $pdo);
if (!$user_obj->canAdd()) {
    redirect_visitor('out.php');
}
if (!isset($_POST['submit'])) {
    $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
    draw_header(msg('area_add_new_file'), $last_message);
    $current_user_dept = $user_obj->getDeptId();
    $index = 0;
    //CHM - Pull in the sub-select values
    $query = "SELECT table_name FROM {$GLOBALS['CONFIG']['db_prefix']}udf WHERE field_type = '4'";
    $stmt = $pdo->prepare($query);
    $stmt->execute();
    $result = $stmt->fetchAll();
    $num_rows = $stmt->rowCount();
    $i = 0;
    $t_name = array();
    // Set the values for the hidden sub-select fields
    foreach ($result as $data) {
        $explode_v = explode('_', $data['table_name']);
        $t_name[] = $explode_v[2];
        $i++;
Example #18
0
    ?>
</td></tr>
                        		<tr><td align="left">Username</td><td align="left"><?php 
    echo $user_obj->getName();
    ?>
</td></tr>
                        		<tr><td align="left">Department</td><td align="left"><?php 
    echo $user_obj->getDeptName();
    ?>
</td></tr>
                        </table>
                        <br>
                        </form>
<?php 
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'change_personal_info_pick') {
    draw_header('Change password', $last_message);
    $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
    $cancel_message = 'Password alteration had been canceled';
    $submit_message = 'Changing password';
    // If demo mode, don't allow them to update the demo account
    if (@$GLOBALS['CONFIG']['demo'] == 'True') {
        echo 'Sorry, demo mode only, you can\'t do that';
        draw_footer();
        exit;
    }
    ?>
                <br>
                                <script type="text/javascript">
                                function redirect(url_location)
                                {	window.location=url_location	}
Example #19
0
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
$secureurl_obj = new phpsecureurl();
$lrequest_id = $_REQUEST['id'];
//save an original copy of id
if (strchr($_REQUEST['id'], '_')) {
    list($_REQUEST['id'], $lrevision_id) = explode('_', $_REQUEST['id']);
    $lrevision_dir = $GLOBALS['CONFIG']['revisionDir'] . '/' . $_REQUEST['id'] . '/';
}
if (!isset($_GET['submit'])) {
    draw_header(msg('view') . ' ' . msg('file'), $last_message);
    $file_obj = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME);
    $file_name = $file_obj->getName();
    $file_id = $file_obj->getId();
    $realname = $file_obj->getName();
    // Get the suffix of the file so we can look it up
    // in the $mimetypes array
    $suffix = '';
    if (strchr($realname, '.')) {
        // Fix by blackwes
        $prefix = substr($realname, 0, strrpos($realname, "."));
        $suffix = strtolower(substr($realname, strrpos($realname, ".") + 1));
    }
    $lmimetype = File::mime_by_ext($suffix);
    //echo "Realname is $realname<br>";
    //echo "prefix = $prefix<br>";
Example #20
0
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
//print_r($_REQUEST);
session_start();
include './odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
// includes
$with_caption = false;
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_POST['submit'])) {
    draw_header(msg('message_documents_rejected'), $last_message);
    $user_obj = new User($_SESSION['uid'], $pdo);
    $user_perms_obj = new UserPermission($_SESSION['uid'], $pdo);
    if ($user_obj->isAdmin() && @$_REQUEST['mode'] == 'root') {
        $fileid_array = $user_obj->getAllRejectedFileIds();
    } else {
        $fileid_array = $user_obj->getRejectedFileIds();
    }
    if (@$_REQUEST['mode'] == 'root') {
        echo '<form name="author_note_form" action="rejects.php?mode=root" method="post">';
    } else {
        echo '<form name="author_note_form" action="rejects.php" method="post">';
    }
    ?>
<table border="0">
    <tr>
Example #21
0
    callPluginMethod('onAfterArchiveFile');
    header('Location: out.php?last_message=' . urlencode($last_message));
} elseif (isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'view_del_archive') {
    //publishable=2 for archive deletion
    $query = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE publishable=2";
    $stmt = $pdo->prepare($query);
    $stmt->execute();
    $result = $stmt->fetchAll();
    $array_id = array();
    $i = 0;
    foreach ($result as $row) {
        $array_id[$i] = $row['id'];
        $i++;
    }
    $luserperm_obj = new UserPermission($_SESSION['uid'], $pdo);
    draw_header(msg('area_deleted_files'), $last_message);
    $page_url = e::h($_SERVER['PHP_SELF']) . '?mode=' . $_REQUEST['mode'];
    $user_obj = new User($_SESSION['uid'], $pdo);
    $userperms = new UserPermission($_SESSION['uid'], $pdo);
    $list_status = list_files($array_id, $userperms, $GLOBALS['CONFIG']['archiveDir'], true);
    if ($list_status != -1) {
        $GLOBALS['smarty']->assign('lmode', '');
        display_smarty_template('deleteview.tpl');
    }
} elseif (isset($_POST['submit']) && $_POST['submit'] == 'Delete file(s)') {
    isset($_REQUEST['checkbox']) ? $_REQUEST['checkbox'] : '';
    foreach ($_REQUEST['checkbox'] as $value) {
        if (!pmt_delete($value)) {
            header('Location: error.php?ec=21');
            exit;
        }
Example #22
0
    header('Location:error.php?ec=2');
    ob_end_flush();
    // Flush buffer onto screens
    ob_end_clean();
    // Clean up buffer
    exit;
} else {
    // all checks completed
    /* to avoid problems with some browsers,
          download script should not include parameters on the URL
          so let's use a form and pass the parameters via POST
       */
    // form not yet submitted
    // display information on how to initiate download
    if (!isset($submit)) {
        draw_header('View File', $last_message);
        $GLOBALS['smarty']->assign('file_id', $filedata->getId());
        display_smarty_template('view.tpl');
        draw_footer();
    } else {
        $id = $filedata->getId();
        $realname = $filedata->getName();
        // get the filename
        $filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat';
        if (file_exists($filename)) {
            // send headers to browser to initiate file download
            header('Content-Type: application/octet-stream');
            header('Content-Disposition: attachment; filename=' . rawurlencode($realname));
            readfile($filename);
            // Call the plugin API
            callPluginMethod('onViewFile');
Example #23
0
// check for valid session
// includes
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
include 'udf_functions.php';
// open a connection to the database
$user_obj = new User($_SESSION['uid'], $pdo);
// Check to see if user is admin
if (!$user_obj->isAdmin()) {
    header('Location:error.php?ec=4');
    exit;
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('label_admin'), $last_message);
?>
    <table border="1" cellspacing="5" cellpadding="5" >
        <th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php 
echo msg('users');
?>
</font></th><th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php 
echo msg('label_department');
?>
</font></th><th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php 
echo msg('category');
?>
</font></th><?php 
if ($user_obj->isRoot()) {
    echo '<th bgcolor ="#83a9f7"><font color="#FFFFFF">' . msg('file') . '</th></font>';
}
Example #24
0
include 'udf_functions.php';
$last_message = isset($_GET['last_message']) ? $_GET['last_message'] : '';
// in case this file is accessed directly - check for $_GET['id']
if (!isset($_GET['id']) || $_GET['id'] == "") {
    header('Location:error.php?ec=2');
    exit;
}
$full_requestId = $_GET['id'];
if (strchr($_GET['id'], '_')) {
    list($_GET['id'], $revision_id) = explode('_', $_GET['id']);
    $pageTitle = msg('area_file_details') . ' ' . msg('revision') . ' #' . $revision_id;
    $file_size = display_filesize($GLOBALS['CONFIG']['revisionDir'] . $_GET['id'] . '/' . $_GET['id'] . '_' . $revision_id . '.dat');
} else {
    $pageTitle = msg('area_file_details');
}
draw_header(msg('area_file_details'), $last_message);
$request_id = (int) $_GET['id'];
//save an original copy of id
$state = (int) $_GET['state'];
$file_data_obj = new FileData($request_id, $pdo);
checkUserPermission($request_id, $file_data_obj->VIEW_RIGHT, $file_data_obj);
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$user_permission_obj = new UserPermission($_SESSION['uid'], $pdo);
$user_obj = new User($file_data_obj->getOwner(), $pdo);
$owner_full_name = $file_data_obj->getOwnerFullName();
// display details
$owner_id = $file_data_obj->getOwner();
$category = $file_data_obj->getCategoryName();
$owner_last_first = $owner_full_name[1] . ', ' . $owner_full_name[0];
$owner_first_last = $owner_full_name[0] . ' ' . $owner_full_name[1];
$real_name = $file_data_obj->getName();
Example #25
0
                        $title = "IEM NEXRAD Daily N0R Max Composite Reflectivity";
                        $d = gmdate("d M Y", $ts) . " UTC";
                    } else {
                        $title = "IEM Plot";
                        if ($plotmeta["subtitle"] != "") {
                            $title = $plotmeta["subtitle"];
                            $plotmeta["subtitle"] = "";
                        }
                    }
                }
            }
        }
    }
}
$header_height = $plotmeta["subtitle"] == "" ? 36 : 53;
draw_header($map, $img, $width, $header_height);
$point->draw($map, $tlayer, $img, 0, $title);
$point = ms_newpointobj();
$point->setXY(80, 26);
$point->draw($map, $tlayer, $img, 1, "{$d}");
if ($plotmeta["subtitle"] != "") {
    $point = ms_newpointobj();
    $point->setXY(80, 43);
    $point->draw($map, $tlayer, $img, 1, $plotmeta["subtitle"]);
}
$map->drawLabelCache($img);
$layer = $map->getLayerByName("logo");
$point = ms_newpointobj();
$point->setXY(40, 26);
$point->draw($map, $layer, $img, 0);
if (in_array("nexrad", $layers) || in_array("nexrad_tc", $layers)) {
Example #26
0
            }
            if (isset($_SESSION['selected'])) {
                unset($_SESSION['selected']);
            }
            if (isset($_SESSION['action'])) {
                unset($_SESSION['action']);
            }
            break;
        default:
            die("Invalid action specified");
            break;
    }
}
switch ($event) {
    case 'view':
        draw_header();
        draw_location();
        draw_tree();
        draw_files();
        draw_footer();
        break;
    case 'upload':
        upload_file();
        break;
    case 'mkdir':
        make_directory();
        break;
    case 'download':
        download_file();
        break;
    case 'passwd':
Example #27
0
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
include 'odm-load.php';
$start_time = time();
session_start();
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
// includes
draw_header(msg('area_file_expiration'), $last_message);
// Look up user
$user_query = "\n  SELECT\n    id\n  FROM\n    {$GLOBALS['CONFIG']['db_prefix']}user\n  WHERE\n    id = :root_id\n";
$stmt = $pdo->prepare($user_query);
$stmt->execute(array(':root_id' => $GLOBALS['CONFIG']['root_id']));
$user_result = $stmt->fetch();
if ($stmt->rowCount() != 1) {
    header('location:error.php?ec=22');
} else {
    $root_id = $user_result['id'];
}
// calculate current date
$current_date = date('Y-m-d');
$current_year = intval(date('Y)'));
$current_month = intval(date('m'));
$current_day = intval(date('d'));
Example #28
0
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
// check session and $id
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
    redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
    header('Location:error.php?ec=2');
    exit;
}
draw_header(msg('area_view_history'), $last_message);
//revision parsing
if (strchr($_REQUEST['id'], '_')) {
    list($_REQUEST['id'], $revision_id) = explode('_', $_REQUEST['id']);
}
$datafile = new FileData($_REQUEST['id'], $pdo);
// verify
if ($datafile->getError() != null) {
    header('Location:error.php?ec=2');
    exit;
} else {
    // obtain data from resultset
    $owner_full_name = $datafile->getOwnerFullName();
    $owner = $owner_full_name[1] . ', ' . $owner_full_name[0];
    $real_name = $datafile->getRealName();
    $category = $datafile->getCategoryName();
Example #29
0
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNew') {
    draw_header(msg('label_filetypes'), $last_message);
    display_smarty_template('filetype_add.tpl');
    draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNewSave') {
    if ($filetypes->add($_POST)) {
        $_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
    } else {
        $_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
    }
    $GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
    draw_header(msg('label_filetypes'), $last_message);
    $filetypes->edit();
    draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'DeleteSelect') {
    draw_header(msg('label_filetypes'), $last_message);
    $filetypes->deleteSelect();
    draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'Delete') {
    if ($filetypes->delete($_POST)) {
        $_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
    } else {
        $_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
    }
    $GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
    draw_header(msg('label_filetypes'), $last_message);
    $filetypes->edit();
    draw_footer();
} else {
    header('Location: admin.php?last_message=' . urlencode(msg('message_nothing_to_do')));
}