static function file_download($folder, $view, $id, $field, $subitem, $write)
{
self::_require_access($folder, "read", $view);
$sgsml = new sgsml($folder, $view, (array) $id, $write);
$data = $sgsml->get_rows(array("id", "folder", sql_fieldname($field)));
if (empty($data[0][$field])) {
exit("{t}Item(s) not found or access denied.{/t}");
}
$files = explode("|", trim($data[0][$field], "|"));
if (!is_numeric($subitem) and $subitem != "") {
foreach ($files as $key => $file) {
if (modify::basename($file) == $subitem) {
$subitem = $key;
break;
}
}
}
if (!is_numeric($subitem)) {
$subitem = 0;
}
if (empty($files[$subitem])) {
exit("{t}file not found in database.{/t}");
}
$file = sys_remove_handler($files[$subitem]);
if (!file_exists($file)) {
exit("{t}file not found.{/t}");
}
return $file;
}
function folder_process_session_find($finds)
{
/*
find short syntax: find[]=table|field=value[,field2=value] => field and field2
find first asset: find[]=asset|table|limit|field=value[|field2=value2] => field and field2
find first folder: find[]=folder|simple_tree|limit|field=value
find folders: find[]=folders|simple_tree|limit|field=value
or: find[]=asset|table|limit|field=value&find[]=asset|table|limit|field=value
union: find[]=assets|table|limit|field=value&find[]=assets|table|limit|field=value
limit can be left blank
*/
if (!is_array($finds) or count($finds) == 0) {
return array();
}
if (!empty($_REQUEST["folder"])) {
$finds[] = "assets|||folder=" . $_REQUEST["folder"];
}
$table = "";
$result = array();
foreach ($finds as $find) {
if (!strpos($find, "|")) {
$delim = "¦";
} else {
$delim = "|";
}
$find = explode($delim, $find);
if (count($find) == 1 and isset($_SESSION["ftype"])) {
$find = array($_SESSION["ftype"], $find[0]);
}
if (count($find) == 2) {
$find = explode("|", "asset|" . $find[0] . "||" . str_replace(",", "|", $find[1]));
}
if (count($find) < 4) {
return array();
}
$mode = $find[0];
$limit = $find[2];
if (empty($limit) or $limit > ASSET_PAGE_LIMIT) {
$limit = ASSET_PAGE_LIMIT;
}
if ($find[1] != "") {
$table = sql_fieldname($find[1]);
}
if ($table == "") {
continue;
}
if (!sys_strbegins($table, "simple_")) {
$table = "simple_" . $table;
}
$values = array();
$where = array();
$find = array_slice($find, 3);
foreach ($find as $val) {
$val = str_replace(array(utf8_encode("¦"), "¦"), "|", $val);
if ($pos = strpos($val, "=")) {
$field = sql_fieldname(substr($val, 0, $pos));
$values[$field] = explode(",", substr($val, $pos + 1));
if (count($values[$field]) == 1) {
$where[] = $field . "=@" . $field . "@";
if ($field == "folder") {
$values[$field] = folders_from_path($values[$field][0]);
}
} else {
$where[] = $field . " in (@" . $field . "@)";
}
} else {
if ($pos = strpos($val, "~")) {
$field = sql_fieldname(substr($val, 0, $pos));
$values[$field] = "%" . substr($val, $pos + 1) . "%";
$where[] = $field . " like @" . $field . "@";
} else {
$values["id"] = explode(",", $val);
$where[] = "id in (@id@)";
}
}
}
$rows = db_select($table, array("folder", "id"), $where, "", is_numeric($limit) ? $limit : "", $values);
if (!empty($rows) and is_array($rows) and count($rows) > 0) {
if (($mode == "asset" or $mode == "folder") and count($rows) == 1) {
$result["folder"] = $rows[0]["folder"];
if ($mode == "asset") {
$result["item"] = $rows[0]["id"];
}
} else {
foreach ($rows as $row) {
$result["folders"][] = $row["folder"];
if (!in_array($mode, array("folder", "folders"))) {
$result["item"][] = $row["id"];
}
}
if (empty($result["folder"])) {
foreach ($rows as $row) {
if (!db_get_right($row["folder"], "read")) {
continue;
}
$result["folder"] = $row["folder"];
break;
}
}
}
if ($mode != "assets") {
break;
}
// OR asset|folder
}
}
return $result;
}
_upload_create_file($db_path, $target_lnk, $path, $filename);
}
}
}
// TODO use sgsml class
folder_process_session_request();
folder_build_folders();
$GLOBALS["table"] = db_get_schema($GLOBALS["schemafile"], $GLOBALS["tfolder"], $GLOBALS["tview"]);
$GLOBALS["tname"] = $GLOBALS["table"]["att"]["NAME"];
sys_process_session_request();
if (empty($_REQUEST["field"])) {
$field = "filedata";
} else {
$field = ltrim($_REQUEST["field"], "_");
}
$field = sql_fieldname($field);
if ($content_length > _upload_get_limit($field)) {
sys_error(trans("{t}Upload failed{/t}: {t}file is too big. Please upload a smaller one.{/t} ({t}insufficient folder rights{/t})"), "409 Conflict");
}
$t =& $GLOBALS["t"];
$t["sqlvars"]["item"] = $_REQUEST["item"];
$t["sqlvarsnoquote"]["permission_sql_read_nq"] = $_SESSION["permission_sql_write"];
$t["sqlvarsnoquote"]["permission_sql_write_nq"] = $_SESSION["permission_sql_write"];
$row = db_select_first($GLOBALS["tname"], array_unique(array($field, "folder", "id", "dsize")), $t["sqlwhere"], "", $t["sqlvars"], array("sqlvarsnoquote" => $t["sqlvarsnoquote"]));
if (empty($row["folder"])) {
sys_error(t("{t}file not found in database.{/t}"));
}
if (!db_get_right($row["folder"], "write")) {
sys_error(trans("{t}Access to this file has been denied.{/t} ({t}insufficient folder rights{/t})"), "403 Forbidden");
}
if (empty($row[$field])) {
