/** * Show the settings edit form */ public function edit() { $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}settings"; $stmt = $this->connection->prepare($query); $stmt->execute(); $result = $stmt->fetchAll(); $GLOBALS['smarty']->assign('themes', $this->getThemes()); $GLOBALS['smarty']->assign('languages', $this->getLanguages()); $GLOBALS['smarty']->assign('useridnums', $this->getUserIdNums()); $GLOBALS['smarty']->assign('settings_array', $result); display_smarty_template('settings.tpl'); }
function edit() { $settings_arr = array(); $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}settings"; $result = mysql_query($query) or die('Failed to edit settings: ' . mysql_error()); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $settings_arr[] = $row; } $GLOBALS['smarty']->assign('themes', $this->getThemes()); $GLOBALS['smarty']->assign('languages', $this->getLanguages()); $GLOBALS['smarty']->assign('useridnums', $this->getUserIdNums()); $GLOBALS['smarty']->assign('settings_array', $settings_arr); display_smarty_template('settings.tpl'); }
/** * list_files - Display a list of files * @return NULL * @param array $fileid_array * @param object $userperms_obj * @param string $dataDir * @param boolean $showCheckBox * @param boolean $rejectpage */ function list_files($fileid_array, $userperms_obj, $dataDir, $showCheckBox = false, $rejectpage = false) { global $pdo; if (sizeof($fileid_array) == 0 || !isset($fileid_array[0])) { echo '<img src="images/exclamation.gif">' . msg('message_no_files_found') . PHP_EOL; return -1; } foreach ($fileid_array as $fileid) { $file_obj = new FileData($fileid, $pdo); $userAccessLevel = $userperms_obj->getAuthority($fileid, $file_obj); $description = $file_obj->getDescription(); if ($file_obj->getStatus() == 0 and $userAccessLevel >= $userperms_obj->VIEW_RIGHT) { $lock = false; } else { $lock = true; } if ($description == '') { $description = msg('message_no_description_available'); } $created_date = fix_date($file_obj->getCreatedDate()); if ($file_obj->getModifiedDate()) { $modified_date = fix_date($file_obj->getModifiedDate()); } else { $modified_date = $created_date; } $full_name_array = $file_obj->getOwnerFullName(); $owner_name = $full_name_array[1] . ', ' . $full_name_array[0]; $dept_name = $file_obj->getDeptName(); $realname = $file_obj->getRealname(); //Get the file size in bytes. $filesize = display_filesize($dataDir . $fileid . '.dat'); if ($userAccessLevel >= $userperms_obj->READ_RIGHT) { $suffix = strtolower(substr($realname, strrpos($realname, ".") + 1)); $mimetype = File::mime_by_ext($suffix); $view_link = 'view_file.php?submit=view&id=' . urlencode(e::h($fileid)) . '&mimetype=' . urlencode("{$mimetype}"); } else { $view_link = 'none'; } $details_link = 'details.php?id=' . e::h($fileid) . '&state=' . e::h($_REQUEST['state'] + 1); $read = array($userperms_obj->READ_RIGHT, 'r'); $write = array($userperms_obj->WRITE_RIGHT, 'w'); $admin = array($userperms_obj->ADMIN_RIGHT, 'a'); $rights = array($read, $write, $admin); $index_found = -1; //$rights[max][0] = admin, $rights[max-1][0]=write, ..., $right[min][0]=view //if $userright matches with $rights[max][0], then this user has all the rights of $rights[max][0] //and everything below it. for ($i = sizeof($rights) - 1; $i >= 0; $i--) { if ($userAccessLevel == $rights[$i][0]) { $index_found = $i; $i = 0; } } //Found the user right, now bold every below it. For those that matches, make them different. //For everything above it, blank out for ($i = $index_found + 1; $i < sizeof($rights); $i++) { $rights[$i][1] = '-'; } $file_list_arr[] = array('id' => $fileid, 'view_link' => $view_link, 'details_link' => $details_link, 'filename' => $realname, 'description' => $description, 'rights' => $rights, 'created_date' => $created_date, 'modified_date' => $modified_date, 'owner_name' => $owner_name, 'dept_name' => $dept_name, 'filesize' => $filesize, 'lock' => $lock, 'showCheckbox' => $showCheckBox, 'rejectpage' => $rejectpage); //print_r($file_list_arr);exit; } $limit_reached = false; if (count($file_list_arr) >= $GLOBALS['CONFIG']['max_query']) { $limit_reached = true; } $GLOBALS['smarty']->assign('limit_reached', $limit_reached); $GLOBALS['smarty']->assign('showCheckBox', $showCheckBox); //print_r($file_list_arr);exit; $GLOBALS['smarty']->assign('file_list_arr', $file_list_arr); //print_r($GLOBALS['smarty']); // Call the plugin API callPluginMethod('onBeforeListFiles', $file_list_arr); display_smarty_template('out.tpl'); callPluginMethod('onAfterListFiles'); }
$stmt->execute(array(':newvalue' => $_REQUEST['newvalue'], ':primary_type' => $_REQUEST['primary_type'])); } } // Do Deletes $query = "\n SELECT\n max(id)\n FROM\n {$udf_table_name}\n "; $stmt = $pdo->prepare($query); $stmt->execute(); $result = $stmt->fetchColumn(); $max = $result; while ($max > 0) { if (isset($_REQUEST['x' . $max]) && $_REQUEST['x' . $max] == "on") { $query = "\n DELETE FROM\n {$GLOBALS['CONFIG']['db_prefix']}udftbl_{$field_name}{$tablename}\n WHERE\n id = {$max}\n "; $stmt = $pdo->prepare($query); $stmt->execute(); } $max--; } $query = "\n SELECT\n *\n FROM\n {$_REQUEST['udf']}\n "; $stmt = $pdo->prepare($query); $stmt->execute(); $rows2 = $stmt->fetchAll(); $GLOBALS['smarty']->assign('udf', $_REQUEST['udf']); $GLOBALS['smarty']->assign('display_name', $display_name); $GLOBALS['smarty']->assign('rows', $rows2); display_smarty_template('udf/edit_type_4.tpl'); } draw_footer(); } else { draw_header(msg('label_user_defined_field'), $last_message); draw_footer(); }
if (count($result) == 1) { // register the user's ID $id = $result[0]['id']; $username = $result['username']; $password = $result['password']; // initiate a session $_SESSION['uid'] = $id; // Run the plugin API callPluginMethod('onAfterLogin'); // redirect to main page if (isset($_REQUEST['redirection'])) { redirect_visitor($_REQUEST['redirection']); } else { redirect_visitor('out.php'); } // close connection } else { // Login Failed // redirect to error page // Call the plugin API callPluginMethod('onFailedLogin'); header('Location: error.php?ec=0'); } } elseif (!isset($_POST['login']) && $GLOBALS['CONFIG']['authen'] == 'mysql') { $redirection = isset($_REQUEST['redirection']) ? $_REQUEST['redirection'] : ''; $GLOBALS['smarty']->assign('redirection', $redirection); display_smarty_template('login.tpl'); } else { echo 'Check your config'; } draw_footer();
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ // check for session and $_REQUEST['id'] session_start(); include 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } include 'udf_functions.php'; // open a connection to the database $user_obj = new User($_SESSION['uid'], $pdo); // Check to see if user is admin if (!$user_obj->isAdmin()) { header('Location:error.php?ec=4'); exit; } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; draw_header(msg('accesslogpage_access_log'), $last_message); $query = "SELECT \n a.*,\n d.realname,\n u.username\n FROM \n {$GLOBALS['CONFIG']['db_prefix']}access_log a\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}data AS d ON a.file_id = d.id\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}user AS u ON a.user_id = u.id\n "; $stmt = $pdo->prepare($query); $stmt->execute(); $result = $stmt->fetchAll(); $actions_array = array("A" => msg('accesslogpage_file_added'), "B" => msg('accesslogpage_reserved'), "C" => msg('accesslogpage_reserved'), "V" => msg('accesslogpage_file_viewed'), "D" => msg('accesslogpage_file_downloaded'), "M" => msg('accesslogpage_file_modified'), "I" => msg('accesslogpage_file_checked_in'), "O" => msg('accesslogpage_file_checked_out'), "X" => msg('accesslogpage_file_deleted'), "Y" => msg('accesslogpage_file_authorized'), "R" => msg('accesslogpage_file_rejected')); $accesslog_array = array(); foreach ($result as $row) { $details_link = 'details.php?id=' . $row['file_id'] . '&state=' . ($_REQUEST['state'] + 1); $accesslog_array[] = array('user_id' => $row['user_id'], 'file_id' => $row['file_id'], 'user_name' => $row['username'], 'realname' => $row['realname'], 'action' => $actions_array[$row['action']], 'details_link' => $details_link, 'timestamp' => $row['timestamp']); } $GLOBALS['smarty']->assign('accesslog_array', $accesslog_array); display_smarty_template('access_log.tpl'); draw_footer();
$result = $stmt->fetchAll(); $array_id = array(); $i = 0; foreach ($result as $row) { $array_id[$i] = $row['id']; $i++; } $luserperm_obj = new UserPermission($_SESSION['uid'], $pdo); draw_header(msg('area_deleted_files'), $last_message); $page_url = e::h($_SERVER['PHP_SELF']) . '?mode=' . $_REQUEST['mode']; $user_obj = new User($_SESSION['uid'], $pdo); $userperms = new UserPermission($_SESSION['uid'], $pdo); $list_status = list_files($array_id, $userperms, $GLOBALS['CONFIG']['archiveDir'], true); if ($list_status != -1) { $GLOBALS['smarty']->assign('lmode', ''); display_smarty_template('deleteview.tpl'); } } elseif (isset($_POST['submit']) && $_POST['submit'] == 'Delete file(s)') { isset($_REQUEST['checkbox']) ? $_REQUEST['checkbox'] : ''; foreach ($_REQUEST['checkbox'] as $value) { if (!pmt_delete($value)) { header('Location: error.php?ec=21'); exit; } } header('Location:' . urlencode($redirect) . '?last_message=' . urlencode(msg('undeletepage_file_permanently_deleted'))); } elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Undelete') { if (isset($_REQUEST['checkbox'])) { foreach ($_REQUEST['checkbox'] as $fileId) { $file_obj = new FileData($fileId, $pdo); $file_obj->undelete();
$allDepartments = Department::getAllDepartments($pdo); $GLOBALS['smarty']->assign('allDepartments', $allDepartments); $GLOBALS['smarty']->assign('current_user_dept', $current_user_dept); $GLOBALS['smarty']->assign('t_name', $t_name); $GLOBALS['smarty']->assign('is_admin', $user_obj->isAdmin()); $GLOBALS['smarty']->assign('avail_users', $users_array); $GLOBALS['smarty']->assign('avail_depts', $departments_array); $GLOBALS['smarty']->assign('cats_array', $cats_array); $GLOBALS['smarty']->assign('dept_perms_array', $dept_perms_array); $GLOBALS['smarty']->assign('user_id', $_SESSION['uid']); $GLOBALS['smarty']->assign('db_prefix', $GLOBALS['CONFIG']['db_prefix']); display_smarty_template('add.tpl'); udf_add_file_form(); // Call the plugin API callPluginMethod('onBeforeAdd'); display_smarty_template('_add_footer.tpl'); } else { //invalid file if (empty($_FILES)) { header('Location:error.php?ec=11'); exit; } $numberOfFiles = count($_FILES['file']['name']); $tmp_name = array(); // First we need to make sure all files are allowed types for ($count = 0; $count < $numberOfFiles; $count++) { if (empty($_FILES['file']['name'][$count])) { $last_message = $GLOBALS['lang']['addpage_file_missing']; header('Location: error.php?last_message=' . urlencode($last_message)); exit; }
$stmt->execute(array(':dept_id' => $_REQUEST['department_review'][$i], ':user_id' => $_POST['id'])); } } } // back to main page $last_message = urlencode(msg('message_user_successfully_updated')); header('Location: out.php?last_message=' . $last_message); } elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'updatepick') { draw_header(msg('userpage_modify_user'), $last_message); // Check to see if user is admin $query = "SELECT admin FROM {$GLOBALS['CONFIG']['db_prefix']}admin WHERE id = :uid and admin = '1'"; $stmt = $pdo->prepare($query); $stmt->execute(array(':uid' => $_SESSION['uid'])); if ($stmt->rowCount() <= 0) { header('Location: error.php?ec=4'); exit; } $query = "SELECT id, username, first_name, last_name FROM {$GLOBALS['CONFIG']['db_prefix']}user ORDER BY last_name"; $stmt = $pdo->prepare($query); $stmt->execute(); $users = $stmt->fetchAll(); $GLOBALS['smarty']->assign('state', (int) $_REQUEST['state'] + 1); $GLOBALS['smarty']->assign('users', $users); display_smarty_template('user/edit_pick.tpl'); draw_footer(); } elseif (isset($_REQUEST['cancel']) and $_REQUEST['cancel'] == 'Cancel') { $last_message = "Action Cancelled"; header('Location: admin.php?last_message=' . $last_message); } else { header('Location: admin.php?last_message=' . urlencode('Unrecognizalbe action')); }
public function deleteSelect() { $filetypes_arr = array(); $query = "\n SELECT\n *\n FROM\n {$GLOBALS['CONFIG']['db_prefix']}filetypes\n "; $stmt = $this->connection->prepare($query); $stmt->execute(); $result = $stmt->fetchAll(); foreach ($result as $row) { $filetypes_arr[] = $row; } $GLOBALS['smarty']->assign('filetypes_array', $filetypes_arr); display_smarty_template('filetypes_deleteshow.tpl'); }
$GLOBALS['smarty']->assign('is_admin', $user_perms_obj->user_obj->isAdmin()); $GLOBALS['smarty']->assign('avail_users', $user_perms_array); $GLOBALS['smarty']->assign('avail_depts', $dept_perms_array); $GLOBALS['smarty']->assign('cats_array', $cats_array); $GLOBALS['smarty']->assign('user_id', $_SESSION['uid']); $GLOBALS['smarty']->assign('pre_selected_owner', $owner_id); $GLOBALS['smarty']->assign('pre_selected_category', $category); $GLOBALS['smarty']->assign('pre_selected_department', $department); $GLOBALS['smarty']->assign('description', $description); $GLOBALS['smarty']->assign('comment', $comment); $GLOBALS['smarty']->assign('db_prefix', $GLOBALS['CONFIG']['db_prefix']); display_smarty_template('edit.tpl'); udf_edit_file_form(); // Call Plugin API callPluginMethod('onBeforeEditFile', $data_id); display_smarty_template('_edit_footer.tpl'); } //end else } else { // form submitted, process data $fileId = $_REQUEST['id']; $filedata = new FileData($fileId, $pdo); // Call the plugin API callPluginMethod('onBeforeEditFileSaved'); $filedata->setId($fileId); $perms_error = false; // check submitted data // at least one user must have "view" and "modify" rights foreach ($_REQUEST['user_permission'] as $permission) { if ($permission > 2) { $perms_error = true;
*/ if ($_REQUEST['submit'] == 'commentReject') { $submit_value = 'Reject'; } elseif ($_REQUEST['submit'] == 'commentAuthorize') { $submit_value = 'Authorize'; } else { $submit_value = 'None'; } $query = "\n SELECT\n id,\n first_name,\n last_name\n FROM\n {$GLOBALS['CONFIG']['db_prefix']}user\n "; $stmt = $pdo->prepare($query); $stmt->execute(array()); $result = $stmt->fetchAll(); $GLOBALS['smarty']->assign('user_info', $result); $GLOBALS['smarty']->assign('submit_value', $submit_value); $GLOBALS['smarty']->assign('checkbox', $checkbox); display_smarty_template('commentform.tpl'); } elseif (isset($_POST['submit']) && $_POST['submit'] == 'Reject') { $to = isset($_POST['to']) ? $_POST['to'] : ''; $subject = isset($_POST['subject']) ? $_POST['subject'] : ''; $checkbox = isset($_POST['checkbox']) ? $_POST['checkbox'] : ''; $mail_break = '--------------------------------------------------' . PHP_EOL; $reviewer_comments = "To={$to};Subject={$subject};Comments={$comments};"; $user_obj = new user($_SESSION['uid'], $pdo); $date = date('Y-m-d H:i:s T'); //locale insensitive $get_full_name = $user_obj->getFullName(); $full_name = $get_full_name[0] . ' ' . $get_full_name[1]; $mail_from = $full_name . ' <' . $user_obj->getEmailAddress() . '>'; $mail_headers = "From: {$mail_from}" . PHP_EOL; $mail_headers .= "Content-Type: text/plain; charset=UTF-8" . PHP_EOL; $mail_subject = !empty($_REQUEST['subject']) ? stripslashes($_REQUEST['subject']) : msg('email_subject_review_status');
$file_name = $file_obj->getName(); $file_id = $file_obj->getId(); $realname = $file_obj->getName(); // Get the suffix of the file so we can look it up // in the $mimetypes array $suffix = ''; if (strchr($realname, '.')) { // Fix by blackwes $prefix = substr($realname, 0, strrpos($realname, ".")); $suffix = strtolower(substr($realname, strrpos($realname, ".") + 1)); } $mimetype = File::mime_by_ext($suffix); $GLOBALS['smarty']->assign('mimetype', $mimetype); $GLOBALS['smarty']->assign('file_id', $file_id); // drw form display_smarty_template('view_file.tpl'); draw_footer(); } elseif ($_GET['submit'] == 'view') { $file_obj = new FileData($_REQUEST['id'], $pdo); // Added this check to keep unauthorized users from downloading - Thanks to Chad Bloomquist checkUserPermission($_REQUEST['id'], $file_obj->READ_RIGHT, $file_obj); $realname = $file_obj->getName(); if (isset($revision_id)) { $filename = $revision_dir . $request_id . ".dat"; } elseif ($file_obj->isArchived()) { $filename = $GLOBALS['CONFIG']['archiveDir'] . $_REQUEST['id'] . ".dat"; } else { $filename = $GLOBALS['CONFIG']['dataDir'] . $_REQUEST['id'] . ".dat"; } if (file_exists($filename)) { // send headers to browser to initiate file download
// Flush buffer onto screens ob_end_clean(); // Clean up buffer exit; } else { // all checks completed /* to avoid problems with some browsers, download script should not include parameters on the URL so let's use a form and pass the parameters via POST */ // form not yet submitted // display information on how to initiate download if (!isset($submit)) { draw_header('View File', $last_message); $GLOBALS['smarty']->assign('file_id', $filedata->getId()); display_smarty_template('view.tpl'); draw_footer(); } else { $id = $filedata->getId(); $realname = $filedata->getName(); // get the filename $filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat'; if (file_exists($filename)) { // send headers to browser to initiate file download header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . rawurlencode($realname)); readfile($filename); // Call the plugin API callPluginMethod('onViewFile'); } else { echo 'File not readable...';
function deleteSelect() { $filetypes_arr = array(); $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}filetypes"; $result = mysql_query($query) or die('Failed to select filetypes list: ' . mysql_error()); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $filetypes_arr[] = $row; } $GLOBALS['smarty']->assign('filetypes_array', $filetypes_arr); display_smarty_template('filetypes_deleteshow.tpl'); }
if ($status == 0 || $status == -1 && $file_data_obj->isOwner($_SESSION['uid'])) { // check if user has modify rights $user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['pdo']); if ($user_perms->getAuthority($request_id, $file_data_obj) >= $user_perms->WRITE_RIGHT && !isset($revision_id) && !$file_data_obj->isArchived()) { // if so, display link for checkout $check_out_link = "check-out.php?id={$request_id}" . '&state=' . ($state + 1) . '&access_right=modify'; $GLOBALS['smarty']->assign('check_out_link', $check_out_link); } if ($user_permission_obj->getAuthority($request_id, $file_data_obj) >= $user_permission_obj->ADMIN_RIGHT && !@isset($revision_id) && !$file_data_obj->isArchived()) { // if user is also the owner of the file AND file is not checked out // additional actions are available $edit_link = "edit.php?id={$request_id}&state=" . ($state + 1); $GLOBALS['smarty']->assign('edit_link', $edit_link); } } ////end if ($status == 0) // ability to view revision history is always available // put it outside the block $history_link = "history.php?id={$request_id}&state=" . ($state + 1); $comments_link = 'toBePublished.php?submit=comments&id=' . $request_id; $my_delete_link = 'delete.php?mode=tmpdel&id0=' . $request_id; $GLOBALS['smarty']->assign('history_link', $history_link); $GLOBALS['smarty']->assign('comments_link', $comments_link); $GLOBALS['smarty']->assign('my_delete_link', $my_delete_link); // Call the plugin API callPluginMethod('onDuringDetails', $file_data_obj->id); $GLOBALS['smarty']->assign('file_detail', $file_detail_array); display_smarty_template('details.tpl'); // Call the plugin API callPluginMethod('onAfterDetails', $file_data_obj->id); draw_footer();
draw_footer(); } elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Save') { draw_header(msg('label_filetypes'), $last_message); if ($filetypes->save($_POST)) { $_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull']; } else { $_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action']; } $GLOBALS['smarty']->assign('last_message', $_POST['last_message']); $filetypes->edit(); draw_footer(); } elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'Cancel') { header('Location: admin.php?last_message=' . urlencode(msg('message_action_cancelled'))); } elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNew') { draw_header(msg('label_filetypes'), $last_message); display_smarty_template('filetype_add.tpl'); draw_footer(); } elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNewSave') { if ($filetypes->add($_POST)) { $_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull']; } else { $_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action']; } $GLOBALS['smarty']->assign('last_message', $_POST['last_message']); draw_header(msg('label_filetypes'), $last_message); $filetypes->edit(); draw_footer(); } elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'DeleteSelect') { draw_header(msg('label_filetypes'), $last_message); $filetypes->deleteSelect(); draw_footer();