}
$userId = $_REQUEST["userId"];
$infoMessage = "User was updated.";
if (trim($userId) == "") {
/* See if this is a duplicate user. */
$query = db_query("SELECT id FROM user WHERE username="******"username"]));
if (db_numrows($query) == 0) {
$infoMessage = "User was added.";
$userId = db_insert("user");
db_query("UPDATE user SET createdByUserId={$dss_userId}" . ",createdDate=" . date("U") . " WHERE id=" . escapeValue($userId));
} else {
header("Location: user_list.php?errorMessage=" . rawurlencode("The username already exists and was not added."));
exit;
}
}
/* See if this is a duplicate username. */
$query = db_query("SELECT id FROM user WHERE id<>" . escapeValue($userId) . " AND username="******"username"]));
if (db_numrows($query) == 0) {
db_query("UPDATE user SET active=" . escapeValue($_REQUEST["active"]) . ",accessLevel=" . escapeValue($_REQUEST["accessLevel"]) . ",firstName=" . escapeQuote($_REQUEST["firstName"]) . ",lastName=" . escapeQuote($_REQUEST["lastName"]) . ",username="******"username"]) . ",emailAddress=" . escapeQuote($_REQUEST["emailAddress"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id=" . escapeValue($userId));
/* Update workgroups. */
db_query("DELETE FROM workgroupUser WHERE userId=" . escapeValue($userId));
foreach ($_REQUEST["workgroupId"] as $workgroupId => $value) {
if ($value) {
db_query("INSERT INTO workgroupUser VALUES ({$workgroupId},{$userId})");
}
}
} else {
header("Location: user_list.php?errorMessage=" . rawurlencode("The username belongs to another user and no changes were made."));
exit;
}
header("Location: user_list.php?infoMessage=" . rawurlencode($infoMessage));
function superstore_fetch($script, $sessionId, $name)
{
$query = db_query("SELECT value FROM superstore WHERE script=" . escapeQuote($script) . " AND sessionId=" . escapeQuote($sessionId) . " AND name=" . escapeQuote($name));
if (db_numrows($query) == 1) {
$result = db_fetch($query);
return $result["value"];
} else {
return "";
}
}
<input type="submit" name="searchButton" value="Search">
<input type="submit" name="resetButton" value="Reset">
</div>
</form>
<?php
$whereArray = array();
for ($i = 0; $i < 5; $i++) {
if ($valueArray[$i] != "") {
if ($conditionArray[$i] == "=") {
$whereArray[] = $fieldArray[$i] . "=" . escapeQuote($valueArray[$i]);
} elseif ($conditionArray[$i] == "b") {
$whereArray[] = $fieldArray[$i] . " LIKE " . escapeQuote($valueArray[$i] . "%");
} elseif ($conditionArray[$i] == "c") {
$whereArray[] = $fieldArray[$i] . " LIKE " . escapeQuote("%" . $valueArray[$i] . "%");
} elseif ($conditionArray[$i] == "e") {
$whereArray[] = $fieldArray[$i] . " LIKE " . escapeQuote("%" . $valueArray[$i]);
}
}
}
if (sizeof($whereArray) > 0) {
$searchQuery = db_query("SELECT count(a.id) AS numItems FROM item a, project b, workgroup c WHERE " . implode(" AND ", $whereArray) . " AND a.projectId=b.id AND b.workgroupId=c.id {$workgroupLimit}");
$searchResult = db_fetch($searchQuery);
$numItems = $searchResult["numItems"];
if ($numItems == 0) {
?>
<p>No items matched your search.</p>
<?php
} else {
displayPageBar($numItems, $dss_displayListSize, $currentPage);
$start = $currentPage * $dss_displayListSize;
$limit = "LIMIT {$start},{$dss_displayListSize}";
$comment = $_POST["comment"];
$adminPassword = $_POST["adminPassword"];
$itemId = $_POST["itemId"];
if (trim($_REQUEST["cancel_button"]) != "") {
header("Location: item_detail.php?search=" . $_POST["search"] . "&itemId={$itemId}");
exit;
}
$itemQuery = db_query("SELECT * FROM item WHERE id=" . escapeValue($itemId));
if (db_numrows($itemQuery) == 1) {
$itemResult = db_fetch($itemQuery);
} else {
header("Location: /index.php");
exit;
}
/* Verify the password entered. */
$userResult = db_fetch(db_query("SELECT username FROM user WHERE id={$dss_userId}"));
if (!verify_password($userResult["username"], $adminPassword)) {
header("Location: /item_detail.php?itemId=" . escapeValue($itemId) . "&errorMessage=" . rawurlencode("The password entered was incorrect."));
exit;
}
/* Get the project and workgroup for this item. */
$projectResult = db_fetch(db_query("SELECT workgroupId,name FROM project WHERE id=" . $itemResult["projectId"]));
$workgroupResult = db_fetch(db_query("SELECT name FROM workgroup WHERE id=" . $projectResult["workgroupId"]));
/* Log this action in the auditlog. */
$logId = db_insert("auditlog");
db_query("UPDATE auditlog SET action='DELETE'" . ",actionByUserId={$dss_userId}" . ",actionDate=" . date("U") . ",actionComment=" . escapeQuote($comment) . ",workgroupName=" . escapeQuote($workgroupResult["name"]) . ",projectName=" . escapeQuote($projectResult["name"]) . ",retentionGroup=" . escapeQuote($itemResult["retentionGroup"]) . ",filetype=" . escapeQuote($itemResult["filetype"]) . ",filesize=" . escapeValue($itemResult["filesize"]) . ",filename=" . escapeQuote($itemResult["filename"]) . ",expirationDate=" . escapeValue($itemResult["expirationDate"]) . ",addedByUserId=" . escapeValue($itemResult["addedByUserId"]) . ",addedDate=" . escapeValue($itemResult["addedDate"]) . ",lastUpdatedByUserId=" . escapeValue($itemResult["lastUpdatedByUserId"]) . ",lastUpdatedDate=" . escapeValue($itemResult["lastUpdatedDate"]) . ",significant=" . escapeValue($itemResult["significant"]) . ",title=" . escapeQuote($itemResult["title"]) . ",description=" . escapeQuote($itemResult["description"]) . ",creator=" . escapeQuote($itemResult["creator"]) . ",creationDate=" . escapeQuote($itemResult["creationDate"]) . ",location=" . escapeQuote($itemResult["location"]) . " WHERE id={$logId}");
/* Remove the item and its thumbnail and delete the item record from the database. */
unlink("{$dss_fileshare}/" . $itemResult["projectId"] . "/" . $itemResult["filename"]);
unlink("{$dss_docRoot}/thumbnail/" . md5($itemResult["id"]) . ".jpg");
db_query("DELETE FROM item WHERE id=" . escapeValue($itemId));
header("Location: item_list.php?search=" . $_POST["search"] . "&projectId=" . $itemResult["projectId"] . "&infoMessage=" . rawurlencode("The item has been deleted."));
<?php
/*
Copyright 2013 Kent State University
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
db_query("DELETE FROM session WHERE id=" . escapeQuote($dss_sessionCookie));
header("Location: /index.php");
<?php
/*
Copyright 2013 Kent State University
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
$firstName = $_POST["firstName"];
$lastName = $_POST["lastName"];
$displayListSize = $_POST["displayListSize"];
if (trim($firstName) == "" || trim($lastName) == "") {
header("Location: /account.php?errorMessage=" . rawurlencode("Required fields were not filled in."));
exit;
}
if (escapeValue($displayListSize) < 10) {
$displayListSize = 10;
}
db_query("UPDATE user SET firstName=" . escapeQuote($firstName) . ",lastName=" . escapeQuote($lastName) . ",displayListSize=" . escapeValue($displayListSize) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id={$dss_userId}");
db_query("UPDATE session SET displayListSize=" . escapeValue($displayListSize) . " WHERE id='{$dss_sessionCookie}'");
header("Location: /account.php?infoMessage=" . rawurlencode("Update complete."));
if (trim($_REQUEST["cancel_button"]) != "") {
header("Location: /group_list.php");
exit;
}
$groupId = $_REQUEST["groupId"];
if (trim($_REQUEST["delete_button"]) != "") {
db_query("DELETE FROM retention WHERE id=" . escapeValue($groupId));
header("Location: /group_list.php?infoMessage=" . rawurlencode('The retention group was deleted.'));
exit;
}
$infoMessage = "Retention group was updated.";
if (trim($groupId) == "") {
/* See if this is a duplicate group. */
$query = db_query("SELECT id FROM retention WHERE retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]));
if (db_numrows($query) == 0) {
$infoMessage = "Retention group was added.";
$groupId = db_insert("retention");
} else {
header("Location: group_list.php?errorMessage=" . rawurlencode("The retention group already exists and was not added."));
exit;
}
}
/* See if this is a duplicate username. */
$query = db_query("SELECT id FROM retention WHERE id<>" . escapeValue($groupId) . " AND retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]));
if (db_numrows($query) == 0) {
db_query("UPDATE retention SET retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]) . ",retentionPeriod=" . escapeValue($_REQUEST["retentionPeriod"]) . " WHERE id=" . escapeValue($groupId));
} else {
header("Location: group_list.php?errorMessage=" . rawurlencode("The retention group already exists and no changes were made."));
exit;
}
header("Location: group_list.php?infoMessage=" . rawurlencode($infoMessage));
if ($result['success']) {
if ($filename != "metadata.txt") {
/* If this is an image type file, see if there is IPTC metadata we can harvest. */
$filetypeResult = db_fetch($filetypeQuery);
if (strstr($filetypeResult["mimeType"], "image")) {
$size = @getimagesize($dss_fileshare . $_REQUEST["projectId"] . "/{$filename}", $info);
if (isset($info['APP13'])) {
$iptc = iptcparse($info['APP13']);
$title = $iptc['2#005'][0];
$creationDate = $iptc['2#055'][0];
$creator = $iptc['2#080'][0];
$location = $iptc['2#092'][0];
$description = $iptc['2#120'][0];
}
}
if (trim($title) == "") {
$title = $filename;
}
$expirationDate = mktime(6, 0, 0, date("m"), date("d"), date("Y") + 1);
$itemId = db_insert("item");
db_query("UPDATE item SET projectId=" . $_REQUEST["projectId"] . ",filetype=" . escapeQuote($filetype) . ",filesize=" . filesize($dss_fileshare . $_REQUEST["projectId"] . "/{$filename}") . ",filename=" . escapeQuote($filename) . ",expirationDate={$expirationDate}" . ",checksum=" . escapeQuote(md5_file($dss_fileshare . $_REQUEST["projectId"] . "/{$filename}")) . ",addedByUserId={$dss_userId}" . ",addedDate=" . date("U") . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . ",title=" . escapeQuote($title) . ",description=" . escapeQuote($description) . ",creator=" . escapeQuote($creator) . ",creationDate=" . escapeQuote($creationDate) . ",location=" . escapeQuote($location) . " WHERE id={$itemId}");
}
}
} else {
$result = array('error' => 'Unacceptable file type.');
}
} else {
$result = array('error' => 'File already exists.');
}
// to pass data through iframe you will need to encode all html tags
echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);
*/
if ($dss_userId == 0 || $dss_accessLevel < 2) {
header("Location: /index.php");
exit;
}
$filetypeId = $_REQUEST["filetypeId"];
$allowDelete = 0;
if (trim($filetypeId) != "") {
$filetypeQuery = db_query("SELECT * FROM filetype WHERE id=" . escapeValue($filetypeId));
if (db_numrows($filetypeQuery) != 1) {
header("Location: /filetype_list.php?errorMessage=" . rawurlencode("Unable to access that filetype."));
exit;
}
$filetypeResult = db_fetch($filetypeQuery);
/* See it there are items using this filetype. */
$itemQuery = db_query("SELECT id FROM item WHERE filetype=" . escapeQuote($filetypeResult["extension"]));
if (db_numrows($itemQuery) == 0) {
$allowDelete = 1;
}
}
if (trim($filetypeId) == "") {
$submitButton = "Add";
} else {
$submitButton = "Update";
}
$required["extension"] = "Extension";
$required["mimeType"] = "MIME Type";
$dss_onLoad = "document.main.extension.focus()";
require "resources/header.php";
?>
<h2>Filetype Edit</h2>
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
$errorMessage = rawurlencode("Your username and password could not be authenticated.");
$username = $_POST["username"];
$password = $_POST["password"];
if (trim($username) != "" && trim($password) != "") {
$usernameArray = explode("@", $username);
$userQuery = db_query("SELECT id,accessLevel,displayListSize FROM user WHERE active=1 AND username="******"Location: /index.php?errorMessage={$errorMessage}");
exit;
}
/* Count the number of workgroups this user is a member of. */
$workgroupQuery = db_query("SELECT workgroupId FROM workgroupUser WHERE userId=" . $userResult["id"]);
$numWorkgroups = db_numrows($workgroupQuery);
$workgroupResult = @db_fetch($workgroupQuery);
/* Update the session table. */
db_query("UPDATE session SET timeout=" . (date("U") + 14400) . ",userId=" . $userResult["id"] . ",accessLevel=" . $userResult["accessLevel"] . ",displayListSize=" . $userResult["displayListSize"] . ",numWorkgroups={$numWorkgroups}" . ",currentWorkgroup=" . $workgroupResult["workgroupId"] . " WHERE id=" . escapeQuote($dss_sessionCookie));
/* User the last login date. */
db_query("UPDATE user SET lastLoginDate=" . date("U") . " WHERE id=" . $userResult["id"]);
header("Location: /index.php");
} else {
header("Location: /index.php?errorMessage={$errorMessage}");
}
} else {
header("Location: /index.php?errorMessage={$errorMessage}");
}
while ($member = mysql_fetch_assoc($result)) {
$rowNumber++;
switch ($member['status']) {
case "P":
$status = "PENDING";
break;
case "C":
$status = "CONFIRMED";
if ($member['bv'] == $member['cv']) {
$status = "LIVE";
}
break;
}
// if (isUserInRole($member['createdby'])) {
echo "<tr class='publishRow " . ($rowNumber % 2 == 1 ? "red" : "green") . "' text='" . escapeQuote($member['image']) . "' rowColor='" . ($rowNumber % 2 == 1 ? "red" : "green") . "'><td>";
echo "<input type='checkbox' class='selectedBox' onclick='selectBox(this)' text='" . escapeQuote($member['image']) . "' />";
echo "</td><td>";
echo $member['filename'];
echo "</td><td>";
echo $member['versionid'];
echo "</td><td>";
echo $member['description'];
echo "</td><td>";
echo $status;
echo "</td><td>";
echo $member['firstname'] . " " . $member['lastname'];
echo "</td><td nowrap>";
echo $member['createddate'];
echo "</td><td><img title='Click to publish' onclick='publish(\"" . $member['cv'] . "\", \"" . $member['documentid'] . "\")' src='images/publish.png' />";
echo "</td></tr>";
// }
$dss_accessLevel = 0;
$dss_numWorkgroups = 0;
$dss_currentWorkgroup = 0;
$dss_currentProject = 0;
$dss_displayListSize = 10;
$dss_sessionTimedOut = 0;
/* Update the session table. */
db_query("DELETE FROM session WHERE timeout<" . date("U"));
$dss_sessionCookie = trim($_COOKIE["damsession"]);
if ($dss_sessionCookie == "") {
$dss_sessionId = md5(date("U") . uniqid());
setcookie("damsession", $dss_sessionId, 0, "/");
$dss_sessionId = db_insert("session");
db_query("INSERT INTO session (id,ipAddress,timeout,userId,accessLevel,numWorkgroups,currentWorkgroup,currentProject,displayListSize) VALUES ('{$dss_sessionId}','" . $_SERVER["REMOTE_ADDR"] . "'," . (date("U") + 14400) . ",0,0,{$dss_numWorkgroups},{$dss_currentWorkgroup},0,{$dss_displayListSize})");
} else {
$dss_sessionQuery = db_query("SELECT * FROM session WHERE id=" . escapeQuote($dss_sessionCookie));
if (db_numrows($dss_sessionQuery) == 0) {
/* The session timed out. */
$dss_sessionId = md5(date("U") . uniqid());
$dss_sessionTimedOut = 1;
setcookie("damsession", $dss_sessionId, 0, "/");
db_query("INSERT INTO session (id,ipAddress,timeout,userId,accessLevel,numWorkgroups,currentWorkgroup,currentProject,displayListSize) VALUES ('{$dss_sessionId}','" . $_SERVER["REMOTE_ADDR"] . "'," . (date("U") + 14400) . ",0,0,{$dss_numWorkgroups},{$dss_currentWorkgroup},0,{$dss_displayListSize})");
} else {
$dss_sessionResult = db_fetch($dss_sessionQuery);
$dss_sessionId = $dss_sessionCookie;
$dss_userId = $dss_sessionResult["userId"];
$dss_accessLevel = $dss_sessionResult["accessLevel"];
$dss_numWorkgroups = $dss_sessionResult["numWorkgroups"];
$dss_currentWorkgroup = $dss_sessionResult["currentWorkgroup"];
$dss_currentProject = $dss_sessionResult["currentProject"];
$dss_displayListSize = $dss_sessionResult["displayListSize"];
if (trim($_REQUEST["creationDate"]) != "") {
db_query("UPDATE item SET creationDate=" . escapeQuote($_REQUEST["creationDate"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE projectId=" . escapeValue($projectId));
$infoMessage[] = "The item creation dates were changed.";
}
if (trim($_REQUEST["location"]) != "") {
db_query("UPDATE item SET location=" . escapeQuote($_REQUEST["location"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE projectId=" . escapeValue($projectId));
$infoMessage[] = "The item geographic locations were changed.";
}
if (trim($_REQUEST["retentionGroup"]) != "") {
$retentionPeriodResult = db_fetch(db_query("SELECT retentionPeriod FROM retention WHERE retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"])));
$retentionPeriod = $retentionPeriodResult["retentionPeriod"];
$itemQuery = db_query("SELECT id,addedDate FROM item WHERE projectId=" . escapeValue($projectId));
while ($itemResult = db_fetch($itemQuery)) {
$addedDateDay = date("d", $itemResult["addedDate"]);
$addedDateMonth = date("m", $itemResult["addedDate"]);
$addedDateYear = date("Y", $itemResult["addedDate"]);
if ($retentionPeriod > 0) {
$expirationDate = mktime(6, 0, 0, $addedDateMonth, $addedDateDay, $addedDateYear + $retentionPeriod);
} else {
$expirationDate = mktime(6, 0, 0, 12, 31, 2037);
}
db_query("UPDATE item SET retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]) . ",expirationDate={$expirationDate}" . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id=" . $itemResult["id"]);
}
$infoMessage[] = "The item retention groups and expiration dates were changed.";
}
if (trim($_REQUEST["significant"]) != "") {
db_query("UPDATE item SET significant=" . escapeValue($_REQUEST["significant"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE projectId=" . escapeValue($projectId));
$infoMessage[] = "The items were marked as significant.";
}
db_query("UPDATE item SET metadataCompleted=1 WHERE retentionGroup<>'' AND creationDate<>'' AND projectId={$projectId}");
header("Location: item_list.php?infoMessage=" . rawurlencode(implode("<br />", $infoMessage)));
*/
if ($dss_userId == 0 || $dss_accessLevel == 0) {
header("Location: /index.php");
exit;
}
$groupId = $_REQUEST["groupId"];
$allowDelete = 0;
if (trim($groupId) != "") {
$groupQuery = db_query("SELECT * FROM retention WHERE id=" . escapeValue($groupId));
if (db_numrows($groupQuery) != 1) {
header("Location: /group_list.php?errorMessage=" . rawurlencode("Unable to access that group."));
exit;
}
$groupResult = db_fetch($groupQuery);
/* See it there are items using this retention group. */
$itemQuery = db_query("SELECT id FROM item WHERE retentionGroup=" . escapeQuote($groupResult["retentionGroup"]));
if (db_numrows($itemQuery) == 0) {
$allowDelete = 1;
}
}
if (trim($groupId) == "") {
$submitButton = "Add";
} else {
$submitButton = "Update";
}
$required["retentionGroup"] = "Retention group";
$required["retentionPeriod"] = "Retention period";
$dss_onLoad = "document.main.retentionGroup.focus()";
require "resources/header.php";
?>
<h2>Retention Group Edit</h2>
$addedDateYear = date("Y", $itemResult["addedDate"]);
/* If the new project ID does not match the current one, we will need to move the file to the new project directory. */
$projectId = escapeValue($_REQUEST["projectId"]);
if ($itemResult["projectId"] != $projectId) {
/* See if this filename already exists in the new project. */
if (file_exists($dss_fileshare . $projectId . "/" . $itemResult["filename"])) {
header("Location: item_detail.php?search=" . $_POST["search"] . "&itemId={$itemId}&errorMessage=" . rawurlencode("An item with the same filename is already present in the new project. No updates were made."));
exit;
} else {
rename($dss_fileshare . $itemResult["projectId"] . "/" . $itemResult["filename"], $dss_fileshare . $projectId . "/" . $itemResult["filename"]);
db_query("UPDATE item SET projectId={$projectId} WHERE id={$itemId}");
}
}
/* Calculate the new expiration date. */
if (trim($_REQUEST["retentionGroup"]) != "") {
$retentionPeriodResult = db_fetch(db_query("SELECT retentionPeriod FROM retention WHERE retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"])));
$retentionPeriod = $retentionPeriodResult["retentionPeriod"];
if ($retentionPeriod > 0) {
$expirationDate = mktime(6, 0, 0, $addedDateMonth, $addedDateDay, $addedDateYear + $retentionPeriod);
} else {
$expirationDate = mktime(6, 0, 0, 12, 31, 2037);
}
}
/* If required metadata has been supplied, set the metadata complete indicator. */
$metadataCompleted = 0;
if (trim($_REQUEST["retentionGroup"]) != "" && trim($_REQUEST["creationDate"]) != "") {
$metadataCompleted = 1;
}
/* Update item information. */
db_query("UPDATE item SET metadataCompleted={$metadataCompleted}" . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . ",significant=" . escapeValue($_REQUEST["significant"]) . ",retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]) . ",expirationDate={$expirationDate}" . ",title=" . escapeQuote($_REQUEST["title"]) . ",description=" . escapeQuote($_REQUEST["description"]) . ",creator=" . escapeQuote($_REQUEST["creator"]) . ",creationDate=" . escapeQuote($_REQUEST["creationDate"]) . ",location=" . escapeQuote($_REQUEST["location"]) . " WHERE id={$itemId}");
header("Location: item_detail.php?search=" . $_POST["search"] . "&itemId={$itemId}&infoMessage=" . rawurlencode("Item information updated."));
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
if ($dss_userId == 0) {
header("Location: /index.php");
exit;
}
if (trim($_REQUEST["projectId"]) != "") {
$dss_currentProject = $_REQUEST["projectId"];
/* See if this user can view this project. */
if ($dss_accessLevel == 0) {
$projectQuery = db_query("SELECT id FROM project WHERE workgroupId={$dss_currentWorkgroup} AND id=" . escapeValue($dss_currentProject));
if (db_numrows($projectQuery) == 0) {
header("Location: /project_list.php?errorMessage=" . rawurlencode("Invalid project identifier."));
exit;
}
}
db_query("UPDATE session SET currentProject=" . escapeValue($dss_currentProject) . " WHERE id=" . escapeQuote($dss_sessionCookie));
}
$numberSynced = metasync($dss_currentProject);
if (trim($numberSynced["success"]) != "") {
$infoMessage = rawurlencode("There " . displayNumberWords($numberSynced["success"], "was", "were", "item", "items") . " synced.");
} elseif (trim($numberSynced["error"]) != "") {
$errorMessage = rawurlencode($numberSynced["error"]);
} else {
$infoMessage = rawurlencode("No items where synced.");
}
header("Location: item_list.php?projectId={$dss_currentProject}&infoMessage={$infoMessage}&errorMessage={$errorMessage}");
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
if ($dss_userId == 0) {
header("Location: /index.php");
exit;
}
if (trim($_REQUEST["cancel_button"]) != "") {
header("Location: /project_list.php");
exit;
}
/* See if this is a duplicate project name. */
$query = db_query("SELECT id FROM project WHERE workgroupId={$dss_currentWorkgroup} AND name=" . escapeQuote($_REQUEST["name"]));
if (db_numrows($query) == 0) {
$projectId = db_insert("project");
/* Create the sub-directory for this project. */
if (!mkdir("/data/files/{$projectId}")) {
db_query("DELETE FROM project WHERE id=" . escapeValue($projectId));
header("Location: project_list.php?errorMessage=" . rawurlencode("The project sub-directory could not be created and the project was not added."));
exit;
} else {
db_query("UPDATE project SET workgroupId={$dss_currentWorkgroup}" . ",name=" . escapeQuote($_REQUEST["name"]) . ",createdByUserId={$dss_userId}" . ",createdDate=" . date("U") . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id=" . escapeValue($projectId));
header("Location: item_list.php?projectId=" . escapeValue($projectId));
}
} else {
header("Location: project_list.php?errorMessage=" . rawurlencode("The project name already exists and was not added."));
exit;
}
if (trim($_REQUEST["cancel_button"]) != "") {
header("Location: /filetype_list.php");
exit;
}
$filetypeId = $_REQUEST["filetypeId"];
if (trim($_REQUEST["delete_button"]) != "") {
db_query("DELETE FROM filetype WHERE id=" . escapeValue($filetypeId));
header("Location: /filetype_list.php?infoMessage=" . rawurlencode('The filetype was deleted.'));
exit;
}
$infoMessage = "Filetype was updated.";
if (trim($filetypeId) == "") {
/* See if this is a duplicate filetype. */
$query = db_query("SELECT id FROM filetype WHERE extension=" . escapeQuote($_REQUEST["extension"]));
if (db_numrows($query) == 0) {
$infoMessage = "Filetype was added.";
$filetypeId = db_insert("filetype");
} else {
header("Location: filetype_list.php?errorMessage=" . rawurlencode("The filetype already exists and was not added."));
exit;
}
}
/* See if this is a duplicate username. */
$query = db_query("SELECT id FROM filetype WHERE id<>" . escapeValue($filetypeId) . " AND extension=" . escapeQuote($_REQUEST["extension"]));
if (db_numrows($query) == 0) {
db_query("UPDATE filetype SET extension=" . escapeQuote($_REQUEST["extension"]) . ",mimeType=" . escapeQuote($_REQUEST["mimeType"]) . " WHERE id=" . escapeValue($filetypeId));
} else {
header("Location: filetype_list.php?errorMessage=" . rawurlencode("The filetype already exists and no changes were made."));
exit;
}
header("Location: filetype_list.php?infoMessage=" . rawurlencode($infoMessage));
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
if ($dss_userId == 0) {
header("Location: /index.php");
exit;
}
if (trim($_REQUEST["workgroupId"]) != "") {
$dss_currentWorkgroup = $_REQUEST["workgroupId"];
db_query("UPDATE session SET currentWorkgroup=" . escapeValue($dss_currentWorkgroup) . " WHERE id=" . escapeQuote($dss_sessionCookie));
}
$workgroupResult = db_fetch(db_query("SELECT name FROM workgroup WHERE id={$dss_currentWorkgroup}"));
/* Keep track of the char & page number the user is viewing. */
if (trim($_REQUEST["char"]) != "") {
superstore_save("{$dss_currentWorkgroup}", $dss_sessionCookie, "char", $_REQUEST["char"]);
superstore_save("{$dss_currentWorkgroup}", $dss_sessionCookie, "currentPage", 0);
}
if (trim($_REQUEST["currentPage"]) != "") {
superstore_save("{$dss_currentWorkgroup}", $dss_sessionCookie, "currentPage", $_REQUEST["currentPage"]);
}
$char = superstore_fetch("{$dss_currentWorkgroup}", $dss_sessionCookie, "char");
$currentPage = escapeValue(superstore_fetch("{$dss_currentWorkgroup}", $dss_sessionCookie, "currentPage"));
require "resources/header.php";
?>
<h2>Projects for <?php
require_once '../model/db.php';
$job_id = $_GET['jobID'];
if (isset($_POST['btn-upload'])) {
$file = $_FILES['myFile']['name'];
$file_loc = $_FILES['myFile']['tmp_name'];
$file_size = $_FILES['myFile']['size'];
$folder = "CVs/";
if (strrpos($file, ".pdf") === false) {
echo '<script language="javascript">';
echo 'alert("Only pdf files are allowed!")';
echo '</script>';
$file = '';
return;
}
move_uploaded_file($file_loc, $folder . $file);
$cv_description = escapeQuote(extractPDF(dirname(__FILE__) . "/CVs/" . $file));
dbInsert(CV_TABLE, "(cv_description, cv_job_id)\r\n VALUES ('{$cv_description}', '{$job_id}');");
$CV_id = getLastQueryID();
$_SESSION['cv_description'][$CV_id] = $cv_description;
move_uploaded_file($file_loc, $folder . $file);
unlink($folder . $file);
header('Location: CVParser.php?job=' . $_GET['jobID'] . '&cv=' . $CV_id);
} else {
header('Location: ../view/jobPage.php?job=' . $_GET['jobID'] . '&status=fail');
}
function escapeQuote($cv_description)
{
if (strrpos($cv_description, "'")) {
$cv_description = str_replace("'", "\\'", $cv_description);
}
if (strrpos($cv_description, "\"")) {
if ($dss_userId == 0 || $dss_accessLevel == 0) {
header("Location: /index.php");
exit;
}
$workgroupId = $_REQUEST["workgroupId"];
if (trim($_REQUEST["cancel_button"]) != "") {
if (trim($workgroupId) == "") {
header("Location: /workgroup_list.php");
} else {
header("Location: /project_list.php");
}
exit;
}
if (trim($workgroupId) == "") {
/* See if this is a duplicate workgroup name. */
$query = db_query("SELECT id FROM workgroup WHERE name=" . escapeQuote($_REQUEST["name"]));
if (db_numrows($query) == 0) {
$workgroupId = db_insert("workgroup");
db_query("UPDATE workgroup SET createdByUserId={$dss_userId}" . ",createdDate=" . date("U") . " WHERE id=" . escapeValue($workgroupId));
} else {
header("Location: workgroup_list.php?errorMessage=" . rawurlencode("The workgroup name already exists and was not added."));
exit;
}
}
/* If the workgroup name changed, update it. */
$result = db_fetch(db_query("SELECT name FROM workgroup WHERE id=" . escapeValue($workgroupId)));
if ($result["name"] != $_REQUEST["name"]) {
db_query("UPDATE workgroup SET name=" . escapeQuote($_REQUEST["name"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id=" . escapeValue($workgroupId));
$infoMessage = "Workgroup name updated.";
}
header("Location: workgroup_list.php?infoMessage=" . rawurlencode($infoMessage));
</form>
<table class="listing">
<tr><th>Action</th><th>Action Date</th><th>Action By</th><th>Workgroup</th><th>Project</th><th>Filename</th></tr>
<?php
$where = array();
if (trim($action) != "") {
$where[] = "action=" . escapeQuote($action);
}
if (trim($actionByUserId) != "") {
$where[] = "actionByUserId=" . escapeValue($actionByUserId);
}
if (trim($workgroupName) != "") {
$where[] = "workgroupName=" . escapeQuote($workgroupName);
}
if (trim($projectName) != "") {
$where[] = "projectName=" . escapeQuote($projectName);
}
if (sizeof($where) > 0) {
$sql = "SELECT id,action,actionDate,actionByUserId,workgroupName,projectName,filename FROM auditlog WHERE " . implode(" AND ", $where) . " ORDER BY actionDate DESC";
//echo $sql;
$auditQuery = db_query($sql);
while ($auditResult = db_fetch($auditQuery)) {
$userResult = db_fetch(db_query("SELECT firstName,lastName FROM user WHERE id=" . $auditResult["actionByUserId"]));
?>
<tr>
<td><?php
echo $auditResult["action"];
?>
</td>
<td><?php
echo date("Y-m-d", $auditResult["actionDate"]);
