function unassign_file($file_id, $modify_type, $modify_id) { $this->check_level = array(9, 8, 7); if (isset($file_id)) { /** Do a permissions check */ if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $this->sql = $this->dbh->prepare("DELETE FROM " . TABLE_FILES_RELATIONS . " WHERE file_id = :file_id AND {$modify_type} = :modify_id"); $this->sql->bindParam(':file_id', $file_id, PDO::PARAM_INT); $this->sql->bindParam(':modify_id', $modify_id, PDO::PARAM_INT); $this->sql->execute(); } } }
* Count the files assigned to this client. If there is none, show * an error message. */ $sql = $database->query($files_query); $count = mysql_num_rows($sql); if (!$count) { $no_results_error = 'id_not_exists'; } /** * Continue if client exists and has files under his account. */ while ($row = mysql_fetch_array($sql)) { $edit_file_info['url'] = $row['url']; $edit_file_info['id'] = $row['id']; $edit_file_allowed = array(7, 0); if (in_session_or_cookies($edit_file_allowed)) { if ($row['uploader'] != $global_user) { $no_results_error = 'not_uploader'; } } } } /** Show the error if it is defined */ if (isset($no_results_error)) { switch ($no_results_error) { case 'no_id_passed': $no_results_message = __('Please go to the clients or groups administration page, select "Manage files" from any client and then click on "Edit" on any file to return here.', 'cftp_admin'); break; case 'id_not_exists': $no_results_message = __('There is not file with that ID number.', 'cftp_admin'); break;
/** * Check if the ProjectSend is installed. Done only on the log in form * page since all other are inaccessible if no valid session or cookie * is set. */ if (!is_projectsend_installed()) { header("Location:install/index.php"); exit; } /** * This is defined on the public download page. * So even logged in users can access it. */ if (!isset($dont_redirect_if_logged)) { /** If logged as a system user, go directly to the back-end homepage */ if (in_session_or_cookies($allowed_levels)) { header("Location:" . BASE_URI . "home.php"); } /** If client is logged in, redirect to the files list. */ check_for_client(); } /** * Silent updates that are needed even if no user is logged in. */ require_once ROOT_DIR . '/includes/core.update.silent.php'; ?> <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]--> <!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]--> <!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
<?php /** * This file is called on header.php and checks the database to see * if it up to date with the current software version. * * In case you are updating from an old one, the new values, columns * and rows will be created, and a message will appear under the menu * one time only. * * @package ProjectSend * @subpackage Updates */ $allowed_update = array(9, 8, 7); if (in_session_or_cookies($allowed_update)) { /** Remove "r" from version */ $current_version = substr(CURRENT_VERSION, 1); $updates_made = 0; $updates_errors = 0; $updates_error_messages = array(); /** * Check for updates only if the option exists. */ if (defined('VERSION_LAST_CHECK')) { /** * Compare the date for the last checked with * today's. Checks are done only once per day. */ $today = date('d-m-Y'); $today_timestamp = strtotime($today); if (VERSION_LAST_CHECK != $today) {
/** * Delete an existing group. */ function delete_group($group) { global $database; $this->check_level = array(9, 8); if (isset($group)) { /** Do a permissions check */ if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $this->sql = $database->query('DELETE FROM tbl_groups WHERE id="' . $group . '"'); } } }
/** * Mark the client as active or inactive. */ function change_client_active_status($client_id, $change_to) { global $database; $this->check_level = array(9, 8); if (isset($client_id)) { /** Do a permissions check */ if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $this->sql = $database->query('UPDATE tbl_users SET active=' . $change_to . ' WHERE id="' . $client_id . '"'); } } }
</a></li> </ul> </li> <?php } ?> <li class="divider-vertical"> <?php /** * Show the OPTIONS menu only to * System administrators */ $options_allowed = array(9); if (in_session_or_cookies($options_allowed)) { ?> <li class="dropdown <?php if (!empty($active_nav) && $active_nav == 'options') { ?> active<?php } ?> "> <a href="#" class="dropdown-toggle" data-toggle="dropdown"><?php _e('Options', 'cftp_admin'); ?> <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="<?php echo BASE_URI;
/** * Mark the user as active or inactive. */ function change_user_active_status($user_id, $change_to) { $this->check_level = array(9); if (isset($user_id)) { /** Do a permissions check */ if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $this->sql = $this->dbh->prepare('UPDATE ' . TABLE_USERS . ' SET active=:active_state WHERE id=:id'); $this->sql->bindParam(':active_state', $change_to, PDO::PARAM_INT); $this->sql->bindParam(':id', $user_id, PDO::PARAM_INT); $this->sql->execute(); } } }
/** * Delete an existing group. */ function delete_group($group) { $this->check_level = array(9, 8); if (isset($group)) { /** Do a permissions check */ if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $this->sql = $this->dbh->prepare('DELETE FROM ' . TABLE_GROUPS . ' WHERE id=:id'); $this->sql->bindParam(':id', $group, PDO::PARAM_INT); $this->sql->execute(); } } }
function get_downloaders() { $this->check_level = array(9, 8, 7); if (isset($_GET['sys_user']) && isset($_GET['file_id'])) { // do a permissions check for logged in user if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $file_id = (int) $_GET['file_id']; $current_level = get_current_user_level(); $this->sql = $this->database->query('SELECT id, uploader, filename FROM tbl_files WHERE id="' . $file_id . '"'); $this->row = mysql_fetch_array($this->sql); $this->uploader = $this->row['uploader']; /** Uploaders can only generate this for their own files */ if ($current_level == '7') { if ($this->uploader != $_GET['sys_user']) { ob_clean(); flush(); _e("You don't have the required permissions to view the requested information about this file.", 'cftp_admin'); exit; } } $this->filename = $this->row['filename']; $this->sql_who = $this->database->query('SELECT user_id, COUNT(*) AS downloads FROM tbl_downloads WHERE file_id="' . $file_id . '" GROUP BY user_id'); while ($this->wrow = mysql_fetch_array($this->sql_who)) { $this->downloaders_ids[] = $this->wrow['user_id']; $this->downloaders_count[$this->wrow['user_id']] = $this->wrow['downloads']; } $this->users_ids = implode(',', array_unique(array_filter($this->downloaders_ids))); $this->downloaders_list = array(); $this->sql_who = $this->database->query("SELECT id, name, email, level FROM tbl_users WHERE id IN ({$this->users_ids})"); $i = 0; while ($this->urow = mysql_fetch_array($this->sql_who)) { $this->downloaders_list[$i] = array('name' => $this->urow['name'], 'email' => $this->urow['email']); $this->downloaders_list[$i]['type'] = $this->urow['name'] == 0 ? 'client' : 'user'; $this->downloaders_list[$i]['count'] = isset($this->downloaders_count[$this->urow['id']]) ? $this->downloaders_count[$this->urow['id']] : null; $i++; } ob_clean(); flush(); echo json_encode($this->downloaders_list); } } }
data: [ [1, <?php echo $total_files; ?> ], [2, <?php echo $total_clients; ?> ], [3, <?php echo $total_groups; ?> ] <?php $log_allowed = array(9); if (in_session_or_cookies($log_allowed)) { ?> ,[4, <?php echo $total_users; ?> ] <?php $show_log = true; } ?> ] } ], { series:{ bars:{show: true} },
function get_downloaders() { $this->check_level = array(9, 8, 7); if (isset($_GET['sys_user']) && isset($_GET['file_id'])) { // do a permissions check for logged in user if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $file_id = (int) $_GET['file_id']; $current_level = get_current_user_level(); $this->statement = $this->dbh->prepare("SELECT id, uploader, filename FROM " . TABLE_FILES . " WHERE id=:file_id"); $this->statement->bindParam(':file_id', $file_id, PDO::PARAM_INT); $this->statement->execute(); $this->statement->setFetchMode(PDO::FETCH_ASSOC); $this->row = $this->statement->fetch(); $this->uploader = $this->row['uploader']; /** Uploaders can only generate this for their own files */ if ($current_level == '7') { if ($this->uploader != $_GET['sys_user']) { ob_clean(); flush(); _e("You don't have the required permissions to view the requested information about this file.", 'cftp_admin'); exit; } } $this->filename = $this->row['filename']; $this->sql_who = $this->dbh->prepare("SELECT user_id, COUNT(*) AS downloads FROM " . TABLE_DOWNLOADS . " WHERE file_id=:file_id GROUP BY user_id"); $this->sql_who->bindParam(':file_id', $file_id, PDO::PARAM_INT); $this->sql_who->execute(); $this->sql_who->setFetchMode(PDO::FETCH_ASSOC); while ($this->wrow = $this->sql_who->fetch()) { $this->downloaders_ids[] = $this->wrow['user_id']; $this->downloaders_count[$this->wrow['user_id']] = $this->wrow['downloads']; } $this->users_ids = implode(',', array_unique(array_filter($this->downloaders_ids))); $this->downloaders_list = array(); $this->sql_who = $this->dbh->prepare("SELECT id, name, email, level FROM " . TABLE_USERS . " WHERE FIND_IN_SET(id,:users)"); $this->sql_who->bindParam(':users', $this->users_ids); $this->sql_who->execute(); $this->sql_who->setFetchMode(PDO::FETCH_ASSOC); $i = 0; while ($this->urow = $this->sql_who->fetch()) { $this->downloaders_list[$i] = array('name' => $this->urow['name'], 'email' => $this->urow['email']); $this->downloaders_list[$i]['type'] = $this->urow['name'] == 0 ? 'client' : 'user'; $this->downloaders_list[$i]['count'] = isset($this->downloaders_count[$this->urow['id']]) ? $this->downloaders_count[$this->urow['id']] : null; $i++; } ob_clean(); flush(); echo json_encode($this->downloaders_list); } } }
function unassign_file($file_id) { global $database; $this->check_level = array(9, 8, 7); if (isset($file_id)) { /** Do a permissions check */ if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $this->sql = $database->query('DELETE FROM tbl_files_relations WHERE id="' . $file_id . '"'); } } }