<?php
if (!defined("jjtcode")) {
die("Hacking Attempt!");
}
// Validate!
$file_id = trim($_REQUEST['file_id']);
$file_id = preg_replace("[^0-9]", "", $file_id);
// Get the project_id so the last_modified can be updated
$query = "SELECT project_id FROM files WHERE file_id = '{$file_id}'";
$result = mysql_query($query);
$project_id = mysql_result($result, 0, "project_id");
// See whether they are allowed to delete a file!
$level = get_project_level($project_id, $_SESSION['user_id'], false);
if ($level < 3) {
echo '<h2>Error</h2><h3>You are not allowed to delete files from this project!</h3>';
} else {
// Delete the file
$query = "DELETE FROM files WHERE file_id = '{$file_id}'";
mysql_query($query);
// Update the 'last_modified'
$query = "UPDATE projects SET last_modified = NULL WHERE id = '{$project_id}'";
mysql_query($query);
// End insert data
?>
<script language="javascript" type="text/javascript">
window.location = "/?action=project_list";
</script>
<noscript>Please click <a href="/?action=project_list">here</a> to continue</noscript>
<?php
}
<?php
require "sources/sql.php";
require "sources/functions.php";
require "sources/jjtsql.php";
session_start();
// Make sure they are authorised!
// To do this, we need to load the file information out of the MySQL database
$file_id = (int) $_GET['file_id'];
$query = "SELECT * FROM files WHERE file_id = '{$file_id}'";
$result = mysql_query($query);
$file = mysql_fetch_assoc($result);
$level = get_project_level($_SESSION['user_id'], $file['project_id']);
if ($level < 1) {
// If they aren't allowed to view the project, tell them!
?>
<h3>Sorry you are not allowed to view this project!</h3>
<?php
} else {
// Open up a file dialogue, and send the file title
header("application/force-download");
header("Content-Disposition: attachment; filename=" . $file['filename'] . "." . $file['extension'] . "");
// Create an array of known file types
$mime_types = array("pdf" => "application/pdf", "txt" => "text/plain", "html" => "text/html", "htm" => "text/html", "exe" => "application/octet-stream", "zip" => "application/zip", "doc" => "application/msword", "xls" => "application/vnd.ms-excel", "ppt" => "application/vnd.ms-powerpoint", "gif" => "image/gif", "png" => "image/png", "jpeg" => "image/jpg", "jpg" => "image/jpg", "php" => "text/plain");
// Send the filetype
header("Content-type: " . $mime_types[$file['extension']]);
// Send the file!
echo $file['content'];
}
// Get the variables and validate them!
$user_id_edited = preg_replace("[^0-9]", "", $_REQUEST['user_id']);
$user_id_editing = $_SESSION['user_id'];
$project_id = preg_replace("[^0-9]", "", $_REQUEST['project_id']);
// Make sure they are an admin!
$level = get_project_level($user_id_editing, $project_id, false);
if ($level != 4) {
echo '<h3>You are not permitted to edit the permissions for this project!</h3>';
} else {
// If they are an admin, lets go!
// Validate the requested level
$level = preg_replace("[^0-5]", "", $_REQUEST['level']);
/* Now we need to do some checking about changing the level.
*
* Firstly check whether they are actually changing the level! */
$old_level = get_project_level($user_id_edited, $project_id, false);
if ($old_level != $level) {
$query = "SELECT * FROM projects WHERE id = '{$project_id}'";
$result = mysql_query($query);
$project = mysql_fetch_assoc($result);
// If the default level is the same as the level they want to change it to, we delete their custom level!
if ($project['default_level'] == $level) {
$query = "DELETE FROM project_users WHERE user_id = '{$user_id_edited}' AND project_id = '{$project_id}'";
mysql_query($query);
} elseif ($old_level == $project['default_level']) {
$query = "INSERT INTO project_users VALUES ('{$user_id_edited}', '{$project_id}', '{$level}')";
mysql_query($query);
} else {
$query = "UPDATE project_users SET level = '{$level}' WHERE user_id = '{$user_id_edited}' AND project_id = '{$project_id}'";
mysql_query($query);
}
<?php
if (!defined("jjtcode")) {
die("Hacking Attempt!");
}
$level = get_project_level($_SESSION['user_id'], $_REQUEST['project_id']);
if ($level <= 0) {
// If they aren't allowed to view the project, tell them!
?>
<h3>Sorry you are not allowed to edit this project!</h3>
<?php
} else {
// Validate!
$file_id = trim($_REQUEST['file_id']);
$file_id = preg_replace("[^0-9]", "", $file_id);
// Load all the file information from the MySQL database
$query = "SELECT * FROM files WHERE file_id = '" . $_REQUEST['file_id'] . "'";
$result = mysql_query($query);
$file = mysql_fetch_assoc($result);
?>
<h3>File Information</h3>
<p><b>Filename:</b> <?php
echo $file['filename'] . '.' . $file['extension'];
?>
</p>
<p><b>Last Modified:</b> <?php
echo date("r", strtotime($file['last_modified']));
?>
</p>
<p><b>Project ID:</b> <?php
echo $file['project_id'];
