include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
// get a list of documents the user has "view" permission for
// get current user's information-->department
$user_obj = new User($_SESSION['uid'], $pdo);
if (!$user_obj->isRoot()) {
header('Location:error.php?ec=24');
}
$flag = 0;
if (isset($_GET['submit']) && $_GET['submit'] == 'view_checkedout') {
echo PHP_EOL . '<form name="table" action="file_ops.php" method="POST">';
echo PHP_EOL . '<input name="submit" type="hidden" value="Clear Status">';
draw_header(msg('label_checked_out_files'), $last_message);
$file_id_array = $user_obj->getCheckedOutFiles();
$page_url = 'file_ops.php?';
$user_perm_obj = new UserPermission($_SESSION['uid'], $pdo);
$list_status = list_files($file_id_array, $user_perm_obj, $GLOBALS['CONFIG']['dataDir'], true, true);
if ($list_status != -1) {
echo PHP_EOL . '<BR><div class="buttons"><button class="positive" type="submit" name="submit" value="Clear Status">' . msg('button_clear_status') . '</button></div><br />';
echo PHP_EOL . '</form>';
}
draw_footer();
} elseif (isset($_POST['submit']) && $_POST['submit'] == 'Clear Status') {
if (isset($_POST["checkbox"])) {
foreach ($_POST['checkbox'] as $cbox) {
$file_id = $cbox;
$file_obj = new FileData($file_id, $pdo);
$file_obj->setStatus(0);
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
$user_obj = new User($_SESSION['uid'], $pdo);
$settings = new Settings($pdo);
//If the user is not an admin and he/she is trying to access other account that
// is not his, error out.
if (!$user_obj->isRoot() == true) {
header('Location: error.php?ec=24');
exit;
}
if (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'update') {
draw_header(msg('label_settings'), $last_message);
$settings->edit();
draw_footer();
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Save') {
draw_header(msg('label_settings'), $last_message);
// Clean up the datadir a bit to make sure it ends with slash
if (!empty($_POST['dataDir'])) {
if (substr($_POST['dataDir'], -1) != '/') {
$_POST['dataDir'] .= '/';
}
}
// Perform Input Validation
if (!is_dir($_POST['dataDir'])) {
$_POST['last_message'] = $GLOBALS['lang']['message_datadir_problem_exists'];
} elseif (!is_writable($_POST['dataDir'])) {
$_POST['last_message'] = $GLOBALS['lang']['message_datadir_problem_writable'];
} elseif (!is_numeric($_POST['max_filesize']) || (!is_numeric($_POST['revision_expiration']) || !is_numeric($_POST['max_query']))) {
$_POST['last_message'] = $GLOBALS['lang']['message_config_value_problem'];
} elseif ($settings->save($_POST)) {
$_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
?>
</button>
</div>
</td>
</tr>
</table>
</form>
<script>
$(document).ready(function(){
$('#modifyDeptForm').validate();
});
</script>
<?php
draw_footer();
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'updatepick') {
draw_header(msg('area_choose_department'), $last_message);
?>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="GET" enctype="multipart/form-data">
<INPUT type="hidden" name="state" value="<?php
echo $_REQUEST['state'] + 1;
?>
">
<table border="0" cellspacing="5" cellpadding="5">
<tr>
<td><b><?php
echo msg('label_department_to_modify');
?>
:</b></td>
// includes
// open connection
if (!isset($_POST['submit'])) {
// form not yet submitted, display initial form
// pre-fill the form with some information so that user knows which file is being updated
$query = "SELECT description, realname FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE id = '{$_REQUEST['id']}' AND status = '{$_SESSION['uid']}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
// in case script is directly accessed, query above will return 0 rows
if (mysql_num_rows($result) <= 0) {
$last_message = 'Failed';
header('Location:error.php?ec=2&last_message=' . urlencode($last_message));
exit;
} else {
// get result data
list($description, $realname) = mysql_fetch_row($result);
draw_header(msg('button_check_in'), $last_message);
// correction
if ($description == '') {
$description = msg('message_no_description_available');
}
// clean up
mysql_free_result($result);
// start displaying form
?>
<table border="0" cellspacing="5" cellpadding="5">
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?php
echo $_GET['id'];
$stmt->execute(array(':newvalue' => $_REQUEST['newvalue'], ':primary_type' => $_REQUEST['primary_type']));
}
}
// Do Deletes
$query = "\n SELECT\n max(id)\n FROM\n {$udf_table_name}\n ";
$stmt = $pdo->prepare($query);
$stmt->execute();
$result = $stmt->fetchColumn();
$max = $result;
while ($max > 0) {
if (isset($_REQUEST['x' . $max]) && $_REQUEST['x' . $max] == "on") {
$query = "\n DELETE FROM\n {$GLOBALS['CONFIG']['db_prefix']}udftbl_{$field_name}{$tablename}\n WHERE\n id = {$max}\n ";
$stmt = $pdo->prepare($query);
$stmt->execute();
}
$max--;
}
$query = "\n SELECT\n *\n FROM\n {$_REQUEST['udf']}\n ";
$stmt = $pdo->prepare($query);
$stmt->execute();
$rows2 = $stmt->fetchAll();
$GLOBALS['smarty']->assign('udf', $_REQUEST['udf']);
$GLOBALS['smarty']->assign('display_name', $display_name);
$GLOBALS['smarty']->assign('rows', $rows2);
display_smarty_template('udf/edit_type_4.tpl');
}
draw_footer();
} else {
draw_header(msg('label_user_defined_field'), $last_message);
draw_footer();
}
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// includes
include 'odm-load.php';
session_start();
$last_message = isset($_REQUEST['last_message']) ? htmlspecialchars($_REQUEST['last_message']) : '';
draw_header(msg('error'), $last_message);
if (isset($_REQUEST['ec']) && intval($_REQUEST['ec']) >= 0) {
switch ($_REQUEST['ec']) {
// login failure
case 0:
$message = msg('message_there_was_an_error_loggin_you_in');
break;
// session problem
// session problem
case 1:
$message = msg('message_session_error');
break;
// malformed variable/failed query
// malformed variable/failed query
case 2:
$message = msg('message_error_performing_action');
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
/* if the user has read-only authority on the file, his check out
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on
the server
*/
$fileobj = new FileData($_GET['id'], $GLOBALS['connection'], DB_NAME);
$fileobj->setId($_GET['id']);
if ($fileobj->getError() != NULL || $fileobj->getStatus() > 0 || $fileobj->isArchived()) {
header('Location:error.php?ec=2');
exit;
}
if (!isset($_GET['submit'])) {
draw_header(msg('area_check_out_file'), $last_message);
// form not yet submitted
// display information on how to initiate download
checkUserPermission($_REQUEST['id'], $fileobj->WRITE_RIGHT, $fileobj);
?>
<p>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="get">
<input type="hidden" name="id" value="<?php
echo $_GET['id'];
?>
// check for session and $_REQUEST['id']
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
include 'udf_functions.php';
// open a connection to the database
$user_obj = new User($_SESSION['uid'], $pdo);
// Check to see if user is admin
if (!$user_obj->isAdmin()) {
header('Location:error.php?ec=4');
exit;
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('accesslogpage_access_log'), $last_message);
$query = "SELECT \n a.*,\n d.realname,\n u.username\n FROM \n {$GLOBALS['CONFIG']['db_prefix']}access_log a\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}data AS d ON a.file_id = d.id\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}user AS u ON a.user_id = u.id\n ";
$stmt = $pdo->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
$actions_array = array("A" => msg('accesslogpage_file_added'), "B" => msg('accesslogpage_reserved'), "C" => msg('accesslogpage_reserved'), "V" => msg('accesslogpage_file_viewed'), "D" => msg('accesslogpage_file_downloaded'), "M" => msg('accesslogpage_file_modified'), "I" => msg('accesslogpage_file_checked_in'), "O" => msg('accesslogpage_file_checked_out'), "X" => msg('accesslogpage_file_deleted'), "Y" => msg('accesslogpage_file_authorized'), "R" => msg('accesslogpage_file_rejected'));
$accesslog_array = array();
foreach ($result as $row) {
$details_link = 'details.php?id=' . $row['file_id'] . '&state=' . ($_REQUEST['state'] + 1);
$accesslog_array[] = array('user_id' => $row['user_id'], 'file_id' => $row['file_id'], 'user_name' => $row['username'], 'realname' => $row['realname'], 'action' => $actions_array[$row['action']], 'details_link' => $details_link, 'timestamp' => $row['timestamp']);
}
$view->setData(['accesslog_array' => $accesslog_array, 'showCheckBox' => false, 'form' => 0]);
$view->setView('access_log');
$view->setLayout('default');
echo $view->__invoke();
draw_footer();
draw_header(msg('message_documents_waiting'), $last_message);
$userpermission = new UserPermission($_SESSION['uid'], $pdo);
if ($user_obj->isAdmin()) {
$id_array = $user_obj->getAllRevieweeIds();
} else {
$id_array = $user_obj->getRevieweeIds();
}
$list_status = list_files($id_array, $userpermission, $GLOBALS['CONFIG']['dataDir'], true);
if ($list_status != -1) {
display_smarty_template('toBePublished.tpl');
}
} elseif (isset($_REQUEST['submit']) && ($_REQUEST['submit'] == 'commentAuthorize' || $_REQUEST['submit'] == 'commentReject')) {
if (!isset($_REQUEST['checkbox'])) {
header('Location: ' . $_SERVER['PHP_SELF'] . '?last_message=' . urlencode(msg('message_you_did_not_enter_value')));
}
draw_header(msg('label_comment'), $last_message);
$checkbox = isset($_REQUEST['checkbox']) ? $_REQUEST['checkbox'] : '';
/* if($mode == 'reviewer')
{
$access_mode = 'enabled';
}
else
{
$access_mode = 'disabled';
}
*/
if ($_REQUEST['submit'] == 'commentReject') {
$submit_value = 'Reject';
} elseif ($_REQUEST['submit'] == 'commentAuthorize') {
$submit_value = 'Authorize';
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
$filedata = new FileData($_REQUEST['id'], $pdo);
if ($filedata->isArchived()) {
header('Location:error.php?ec=21');
}
// form not yet submitted, display initial form
if (!isset($_REQUEST['submit'])) {
draw_header(msg('area_update_file'), $last_message);
checkUserPermission($_REQUEST['id'], $filedata->ADMIN_RIGHT, $filedata);
$current_user_dept = $user_perms_obj->user_obj->getDeptId();
$data_id = $_REQUEST['id'];
// includes
$department_query = "SELECT department FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id=:user_id";
$department_stmt = $pdo->prepare($department_query);
$department_stmt->bindParam(':user_id', $_SESSION['uid']);
$department_stmt->execute();
$result = $department_stmt->fetchAll();
if ($department_stmt->rowCount() != 1) {
header('Location:error.php?ec=14');
exit;
//non-unique error
}
$filedata = new FileData($data_id, $pdo);
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
include 'udf_functions.php';
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
/*$_GET['where']='department';
$_GET['keyword']='Information Systems';
$_SESSION['uid']=102;
$_GET['submit']='submit';
$_GET['exact_phrase']='on';
$_GET['case_sensitivity']='';
*/
/// includes
$start_time = time();
draw_header(msg('search'), $last_message);
echo '<body bgcolor="white">';
if (!isset($_GET['submit'])) {
?>
<p>
<table border="0" cellspacing="5" cellpadding="5">
<form action=<?php
echo $_SERVER['PHP_SELF'];
?>
method="get">
<tr>
<td valign="top"><b><?php
echo msg('label_search_term');
?>
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// check to ensure valid session, else redirect
session_start();
//$_SESSION['uid']=102; $sort_by = 'author';
//$start_time = time();
// includes
$GLOBALS['state'] = 1;
require_once 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('label_file_listing'), $last_message);
sort_browser();
$user_obj = new User($_SESSION['uid'], $pdo);
if ($user_obj->isAdmin()) {
$reviewIdCount = sizeof($user_obj->getAllRevieweeIds());
} elseif ($user_obj->isReviewer()) {
$reviewIdCount = sizeof($user_obj->getRevieweeIds());
} else {
$reviewIdCount = 0;
}
if ($reviewIdCount > 0) {
echo '<img src="images/exclamation.gif" /> <a href="toBePublished.php?state=1">' . msg('message_documents_waiting') . '</a>: ' . e::h($reviewIdCount) . '</a><br />';
}
$rejected_files_obj = $user_obj->getRejectedFileIds();
if (isset($rejected_files_obj[0]) && $rejected_files_obj[0] != null) {
echo '<img src="images/exclamation_red.gif" /> <a href="rejects.php?state=1">' . msg('message_documents_rejected') . '</a>: ' . sizeof($rejected_files_obj) . '<br />';
header('Location:error.php?ec=2');
ob_end_flush();
// Flush buffer onto screens
ob_end_clean();
// Clean up buffer
exit;
} else {
// all checks completed
/* to avoid problems with some browsers,
download script should not include parameters on the URL
so let's use a form and pass the parameters via POST
*/
// form not yet submitted
// display information on how to initiate download
if (!isset($submit)) {
draw_header('Add New User', $last_message);
?>
<p>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<input type="hidden" name="id" value="<?php
echo $_POST['id'];
?>
">
<input type="submit" name="submit" value="Click here"> to begin downloading the selected document to your local workstation.
</form>
Once the document has completed downloading, you may <a href="out.php">continue browsing</a>.
<?php
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('area_personal_profile'), $last_message);
?>
<html>
<br><br>
<INPUT type="hidden" name="callee" value="profile.php">
<table name="list" align="center" border="0">
<tr><td><a href="user.php?submit=Modify+User&item=<?php
echo $_SESSION['uid'];
?>
"><?php
echo msg('profilepage_update_profile');
?>
</a></td></tr>
</table>
<?php
$query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}dept_reviewer WHERE user_id = :user_id";
$stmt = $pdo->prepare($query);
$stmt->execute(array(':user_id' => $_POST['id']));
if (isset($_REQUEST['department_review'])) {
for ($i = 0; $i < sizeof($_REQUEST['department_review']); $i++) {
$query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}dept_reviewer (dept_id,user_id) VALUES(:dept_id, :user_id)";
$stmt = $pdo->prepare($query);
$stmt->execute(array(':dept_id' => $_REQUEST['department_review'][$i], ':user_id' => $_POST['id']));
}
}
}
// back to main page
$last_message = urlencode(msg('message_user_successfully_updated'));
header('Location: out.php?last_message=' . $last_message);
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'updatepick') {
draw_header(msg('userpage_modify_user'), $last_message);
// Check to see if user is admin
$query = "SELECT admin FROM {$GLOBALS['CONFIG']['db_prefix']}admin WHERE id = :uid and admin = '1'";
$stmt = $pdo->prepare($query);
$stmt->execute(array(':uid' => $_SESSION['uid']));
if ($stmt->rowCount() <= 0) {
header('Location: error.php?ec=4');
exit;
}
$query = "SELECT id, username, first_name, last_name FROM {$GLOBALS['CONFIG']['db_prefix']}user ORDER BY last_name";
$stmt = $pdo->prepare($query);
$stmt->execute();
$users = $stmt->fetchAll();
$GLOBALS['smarty']->assign('state', (int) $_REQUEST['state'] + 1);
$GLOBALS['smarty']->assign('users', $users);
display_smarty_template('user/edit_pick.tpl');
?>
</button>
</div>
</td>
</tr>
</table>
</form>
<script>
$(document).ready(function(){
$('#updateCategoryForm').validate();
});
</script>
<?php
draw_footer();
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'updatepick') {
draw_header(msg('area_update_category') . ': ' . msg('choose'), $last_message);
?>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="POST" enctype="multipart/form-data">
<input type="hidden" name="state" value="<?php
echo $_REQUEST['state'] + 1;
?>
">
<table border="0">
<tr>
<td><b><?php
echo msg('choose');
?>
<?php
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
include 'udf_functions.php';
require_once "AccessLog_class.php";
require_once "File_class.php";
require_once 'Reviewer_class.php';
require_once 'Email_class.php';
$user_obj = new User($_SESSION['uid'], $pdo);
if (!$user_obj->canAdd()) {
redirect_visitor('out.php');
}
if (!isset($_POST['submit'])) {
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('area_add_new_file'), $last_message);
$current_user_dept = $user_obj->getDeptId();
$index = 0;
//CHM - Pull in the sub-select values
$query = "SELECT table_name FROM {$GLOBALS['CONFIG']['db_prefix']}udf WHERE field_type = '4'";
$stmt = $pdo->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
$num_rows = $stmt->rowCount();
$i = 0;
$t_name = array();
// Set the values for the hidden sub-select fields
foreach ($result as $data) {
$explode_v = explode('_', $data['table_name']);
$t_name[] = $explode_v[2];
$i++;
?>
</td></tr>
<tr><td align="left">Username</td><td align="left"><?php
echo $user_obj->getName();
?>
</td></tr>
<tr><td align="left">Department</td><td align="left"><?php
echo $user_obj->getDeptName();
?>
</td></tr>
</table>
<br>
</form>
<?php
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'change_personal_info_pick') {
draw_header('Change password', $last_message);
$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
$cancel_message = 'Password alteration had been canceled';
$submit_message = 'Changing password';
// If demo mode, don't allow them to update the demo account
if (@$GLOBALS['CONFIG']['demo'] == 'True') {
echo 'Sorry, demo mode only, you can\'t do that';
draw_footer();
exit;
}
?>
<br>
<script type="text/javascript">
function redirect(url_location)
{ window.location=url_location }
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
$secureurl_obj = new phpsecureurl();
$lrequest_id = $_REQUEST['id'];
//save an original copy of id
if (strchr($_REQUEST['id'], '_')) {
list($_REQUEST['id'], $lrevision_id) = explode('_', $_REQUEST['id']);
$lrevision_dir = $GLOBALS['CONFIG']['revisionDir'] . '/' . $_REQUEST['id'] . '/';
}
if (!isset($_GET['submit'])) {
draw_header(msg('view') . ' ' . msg('file'), $last_message);
$file_obj = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME);
$file_name = $file_obj->getName();
$file_id = $file_obj->getId();
$realname = $file_obj->getName();
// Get the suffix of the file so we can look it up
// in the $mimetypes array
$suffix = '';
if (strchr($realname, '.')) {
// Fix by blackwes
$prefix = substr($realname, 0, strrpos($realname, "."));
$suffix = strtolower(substr($realname, strrpos($realname, ".") + 1));
}
$lmimetype = File::mime_by_ext($suffix);
//echo "Realname is $realname<br>";
//echo "prefix = $prefix<br>";
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
//print_r($_REQUEST);
session_start();
include './odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
// includes
$with_caption = false;
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_POST['submit'])) {
draw_header(msg('message_documents_rejected'), $last_message);
$user_obj = new User($_SESSION['uid'], $pdo);
$user_perms_obj = new UserPermission($_SESSION['uid'], $pdo);
if ($user_obj->isAdmin() && @$_REQUEST['mode'] == 'root') {
$fileid_array = $user_obj->getAllRejectedFileIds();
} else {
$fileid_array = $user_obj->getRejectedFileIds();
}
if (@$_REQUEST['mode'] == 'root') {
echo '<form name="author_note_form" action="rejects.php?mode=root" method="post">';
} else {
echo '<form name="author_note_form" action="rejects.php" method="post">';
}
?>
<table border="0">
<tr>
callPluginMethod('onAfterArchiveFile');
header('Location: out.php?last_message=' . urlencode($last_message));
} elseif (isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'view_del_archive') {
//publishable=2 for archive deletion
$query = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE publishable=2";
$stmt = $pdo->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
$array_id = array();
$i = 0;
foreach ($result as $row) {
$array_id[$i] = $row['id'];
$i++;
}
$luserperm_obj = new UserPermission($_SESSION['uid'], $pdo);
draw_header(msg('area_deleted_files'), $last_message);
$page_url = e::h($_SERVER['PHP_SELF']) . '?mode=' . $_REQUEST['mode'];
$user_obj = new User($_SESSION['uid'], $pdo);
$userperms = new UserPermission($_SESSION['uid'], $pdo);
$list_status = list_files($array_id, $userperms, $GLOBALS['CONFIG']['archiveDir'], true);
if ($list_status != -1) {
$GLOBALS['smarty']->assign('lmode', '');
display_smarty_template('deleteview.tpl');
}
} elseif (isset($_POST['submit']) && $_POST['submit'] == 'Delete file(s)') {
isset($_REQUEST['checkbox']) ? $_REQUEST['checkbox'] : '';
foreach ($_REQUEST['checkbox'] as $value) {
if (!pmt_delete($value)) {
header('Location: error.php?ec=21');
exit;
}
header('Location:error.php?ec=2');
ob_end_flush();
// Flush buffer onto screens
ob_end_clean();
// Clean up buffer
exit;
} else {
// all checks completed
/* to avoid problems with some browsers,
download script should not include parameters on the URL
so let's use a form and pass the parameters via POST
*/
// form not yet submitted
// display information on how to initiate download
if (!isset($submit)) {
draw_header('View File', $last_message);
$GLOBALS['smarty']->assign('file_id', $filedata->getId());
display_smarty_template('view.tpl');
draw_footer();
} else {
$id = $filedata->getId();
$realname = $filedata->getName();
// get the filename
$filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat';
if (file_exists($filename)) {
// send headers to browser to initiate file download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . rawurlencode($realname));
readfile($filename);
// Call the plugin API
callPluginMethod('onViewFile');
// check for valid session
// includes
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
include 'udf_functions.php';
// open a connection to the database
$user_obj = new User($_SESSION['uid'], $pdo);
// Check to see if user is admin
if (!$user_obj->isAdmin()) {
header('Location:error.php?ec=4');
exit;
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('label_admin'), $last_message);
?>
<table border="1" cellspacing="5" cellpadding="5" >
<th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php
echo msg('users');
?>
</font></th><th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php
echo msg('label_department');
?>
</font></th><th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php
echo msg('category');
?>
</font></th><?php
if ($user_obj->isRoot()) {
echo '<th bgcolor ="#83a9f7"><font color="#FFFFFF">' . msg('file') . '</th></font>';
}
include 'udf_functions.php';
$last_message = isset($_GET['last_message']) ? $_GET['last_message'] : '';
// in case this file is accessed directly - check for $_GET['id']
if (!isset($_GET['id']) || $_GET['id'] == "") {
header('Location:error.php?ec=2');
exit;
}
$full_requestId = $_GET['id'];
if (strchr($_GET['id'], '_')) {
list($_GET['id'], $revision_id) = explode('_', $_GET['id']);
$pageTitle = msg('area_file_details') . ' ' . msg('revision') . ' #' . $revision_id;
$file_size = display_filesize($GLOBALS['CONFIG']['revisionDir'] . $_GET['id'] . '/' . $_GET['id'] . '_' . $revision_id . '.dat');
} else {
$pageTitle = msg('area_file_details');
}
draw_header(msg('area_file_details'), $last_message);
$request_id = (int) $_GET['id'];
//save an original copy of id
$state = (int) $_GET['state'];
$file_data_obj = new FileData($request_id, $pdo);
checkUserPermission($request_id, $file_data_obj->VIEW_RIGHT, $file_data_obj);
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$user_permission_obj = new UserPermission($_SESSION['uid'], $pdo);
$user_obj = new User($file_data_obj->getOwner(), $pdo);
$owner_full_name = $file_data_obj->getOwnerFullName();
// display details
$owner_id = $file_data_obj->getOwner();
$category = $file_data_obj->getCategoryName();
$owner_last_first = $owner_full_name[1] . ', ' . $owner_full_name[0];
$owner_first_last = $owner_full_name[0] . ' ' . $owner_full_name[1];
$real_name = $file_data_obj->getName();
$title = "IEM NEXRAD Daily N0R Max Composite Reflectivity";
$d = gmdate("d M Y", $ts) . " UTC";
} else {
$title = "IEM Plot";
if ($plotmeta["subtitle"] != "") {
$title = $plotmeta["subtitle"];
$plotmeta["subtitle"] = "";
}
}
}
}
}
}
}
$header_height = $plotmeta["subtitle"] == "" ? 36 : 53;
draw_header($map, $img, $width, $header_height);
$point->draw($map, $tlayer, $img, 0, $title);
$point = ms_newpointobj();
$point->setXY(80, 26);
$point->draw($map, $tlayer, $img, 1, "{$d}");
if ($plotmeta["subtitle"] != "") {
$point = ms_newpointobj();
$point->setXY(80, 43);
$point->draw($map, $tlayer, $img, 1, $plotmeta["subtitle"]);
}
$map->drawLabelCache($img);
$layer = $map->getLayerByName("logo");
$point = ms_newpointobj();
$point->setXY(40, 26);
$point->draw($map, $layer, $img, 0);
if (in_array("nexrad", $layers) || in_array("nexrad_tc", $layers)) {
}
if (isset($_SESSION['selected'])) {
unset($_SESSION['selected']);
}
if (isset($_SESSION['action'])) {
unset($_SESSION['action']);
}
break;
default:
die("Invalid action specified");
break;
}
}
switch ($event) {
case 'view':
draw_header();
draw_location();
draw_tree();
draw_files();
draw_footer();
break;
case 'upload':
upload_file();
break;
case 'mkdir':
make_directory();
break;
case 'download':
download_file();
break;
case 'passwd':
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
include 'odm-load.php';
$start_time = time();
session_start();
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
// includes
draw_header(msg('area_file_expiration'), $last_message);
// Look up user
$user_query = "\n SELECT\n id\n FROM\n {$GLOBALS['CONFIG']['db_prefix']}user\n WHERE\n id = :root_id\n";
$stmt = $pdo->prepare($user_query);
$stmt->execute(array(':root_id' => $GLOBALS['CONFIG']['root_id']));
$user_result = $stmt->fetch();
if ($stmt->rowCount() != 1) {
header('location:error.php?ec=22');
} else {
$root_id = $user_result['id'];
}
// calculate current date
$current_date = date('Y-m-d');
$current_year = intval(date('Y)'));
$current_month = intval(date('m'));
$current_day = intval(date('d'));
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// check session and $id
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
draw_header(msg('area_view_history'), $last_message);
//revision parsing
if (strchr($_REQUEST['id'], '_')) {
list($_REQUEST['id'], $revision_id) = explode('_', $_REQUEST['id']);
}
$datafile = new FileData($_REQUEST['id'], $pdo);
// verify
if ($datafile->getError() != null) {
header('Location:error.php?ec=2');
exit;
} else {
// obtain data from resultset
$owner_full_name = $datafile->getOwnerFullName();
$owner = $owner_full_name[1] . ', ' . $owner_full_name[0];
$real_name = $datafile->getRealName();
$category = $datafile->getCategoryName();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNew') {
draw_header(msg('label_filetypes'), $last_message);
display_smarty_template('filetype_add.tpl');
draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNewSave') {
if ($filetypes->add($_POST)) {
$_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
} else {
$_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
}
$GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
draw_header(msg('label_filetypes'), $last_message);
$filetypes->edit();
draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'DeleteSelect') {
draw_header(msg('label_filetypes'), $last_message);
$filetypes->deleteSelect();
draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'Delete') {
if ($filetypes->delete($_POST)) {
$_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
} else {
$_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
}
$GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
draw_header(msg('label_filetypes'), $last_message);
$filetypes->edit();
draw_footer();
} else {
header('Location: admin.php?last_message=' . urlencode(msg('message_nothing_to_do')));
}