<?php if (!defined("jjtcode")) { die("Hacking Attempt!"); } // Validate! $file_id = trim($_REQUEST['file_id']); $file_id = preg_replace("[^0-9]", "", $file_id); // Get the project_id so the last_modified can be updated $query = "SELECT project_id FROM files WHERE file_id = '{$file_id}'"; $result = mysql_query($query); $project_id = mysql_result($result, 0, "project_id"); // See whether they are allowed to delete a file! $level = get_project_level($project_id, $_SESSION['user_id'], false); if ($level < 3) { echo '<h2>Error</h2><h3>You are not allowed to delete files from this project!</h3>'; } else { // Delete the file $query = "DELETE FROM files WHERE file_id = '{$file_id}'"; mysql_query($query); // Update the 'last_modified' $query = "UPDATE projects SET last_modified = NULL WHERE id = '{$project_id}'"; mysql_query($query); // End insert data ?> <script language="javascript" type="text/javascript"> window.location = "/?action=project_list"; </script> <noscript>Please click <a href="/?action=project_list">here</a> to continue</noscript> <?php }
<?php require "sources/sql.php"; require "sources/functions.php"; require "sources/jjtsql.php"; session_start(); // Make sure they are authorised! // To do this, we need to load the file information out of the MySQL database $file_id = (int) $_GET['file_id']; $query = "SELECT * FROM files WHERE file_id = '{$file_id}'"; $result = mysql_query($query); $file = mysql_fetch_assoc($result); $level = get_project_level($_SESSION['user_id'], $file['project_id']); if ($level < 1) { // If they aren't allowed to view the project, tell them! ?> <h3>Sorry you are not allowed to view this project!</h3> <?php } else { // Open up a file dialogue, and send the file title header("application/force-download"); header("Content-Disposition: attachment; filename=" . $file['filename'] . "." . $file['extension'] . ""); // Create an array of known file types $mime_types = array("pdf" => "application/pdf", "txt" => "text/plain", "html" => "text/html", "htm" => "text/html", "exe" => "application/octet-stream", "zip" => "application/zip", "doc" => "application/msword", "xls" => "application/vnd.ms-excel", "ppt" => "application/vnd.ms-powerpoint", "gif" => "image/gif", "png" => "image/png", "jpeg" => "image/jpg", "jpg" => "image/jpg", "php" => "text/plain"); // Send the filetype header("Content-type: " . $mime_types[$file['extension']]); // Send the file! echo $file['content']; }
// Get the variables and validate them! $user_id_edited = preg_replace("[^0-9]", "", $_REQUEST['user_id']); $user_id_editing = $_SESSION['user_id']; $project_id = preg_replace("[^0-9]", "", $_REQUEST['project_id']); // Make sure they are an admin! $level = get_project_level($user_id_editing, $project_id, false); if ($level != 4) { echo '<h3>You are not permitted to edit the permissions for this project!</h3>'; } else { // If they are an admin, lets go! // Validate the requested level $level = preg_replace("[^0-5]", "", $_REQUEST['level']); /* Now we need to do some checking about changing the level. * * Firstly check whether they are actually changing the level! */ $old_level = get_project_level($user_id_edited, $project_id, false); if ($old_level != $level) { $query = "SELECT * FROM projects WHERE id = '{$project_id}'"; $result = mysql_query($query); $project = mysql_fetch_assoc($result); // If the default level is the same as the level they want to change it to, we delete their custom level! if ($project['default_level'] == $level) { $query = "DELETE FROM project_users WHERE user_id = '{$user_id_edited}' AND project_id = '{$project_id}'"; mysql_query($query); } elseif ($old_level == $project['default_level']) { $query = "INSERT INTO project_users VALUES ('{$user_id_edited}', '{$project_id}', '{$level}')"; mysql_query($query); } else { $query = "UPDATE project_users SET level = '{$level}' WHERE user_id = '{$user_id_edited}' AND project_id = '{$project_id}'"; mysql_query($query); }
<?php if (!defined("jjtcode")) { die("Hacking Attempt!"); } $level = get_project_level($_SESSION['user_id'], $_REQUEST['project_id']); if ($level <= 0) { // If they aren't allowed to view the project, tell them! ?> <h3>Sorry you are not allowed to edit this project!</h3> <?php } else { // Validate! $file_id = trim($_REQUEST['file_id']); $file_id = preg_replace("[^0-9]", "", $file_id); // Load all the file information from the MySQL database $query = "SELECT * FROM files WHERE file_id = '" . $_REQUEST['file_id'] . "'"; $result = mysql_query($query); $file = mysql_fetch_assoc($result); ?> <h3>File Information</h3> <p><b>Filename:</b> <?php echo $file['filename'] . '.' . $file['extension']; ?> </p> <p><b>Last Modified:</b> <?php echo date("r", strtotime($file['last_modified'])); ?> </p> <p><b>Project ID:</b> <?php echo $file['project_id'];