/**
* Show the settings edit form
*/
public function edit()
{
$query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}settings";
$stmt = $this->connection->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
$GLOBALS['smarty']->assign('themes', $this->getThemes());
$GLOBALS['smarty']->assign('languages', $this->getLanguages());
$GLOBALS['smarty']->assign('useridnums', $this->getUserIdNums());
$GLOBALS['smarty']->assign('settings_array', $result);
display_smarty_template('settings.tpl');
}
function edit()
{
$settings_arr = array();
$query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}settings";
$result = mysql_query($query) or die('Failed to edit settings: ' . mysql_error());
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$settings_arr[] = $row;
}
$GLOBALS['smarty']->assign('themes', $this->getThemes());
$GLOBALS['smarty']->assign('languages', $this->getLanguages());
$GLOBALS['smarty']->assign('useridnums', $this->getUserIdNums());
$GLOBALS['smarty']->assign('settings_array', $settings_arr);
display_smarty_template('settings.tpl');
}
/**
* list_files - Display a list of files
* @return NULL
* @param array $fileid_array
* @param object $userperms_obj
* @param string $dataDir
* @param boolean $showCheckBox
* @param boolean $rejectpage
*/
function list_files($fileid_array, $userperms_obj, $dataDir, $showCheckBox = false, $rejectpage = false)
{
global $pdo;
if (sizeof($fileid_array) == 0 || !isset($fileid_array[0])) {
echo '<img src="images/exclamation.gif">' . msg('message_no_files_found') . PHP_EOL;
return -1;
}
foreach ($fileid_array as $fileid) {
$file_obj = new FileData($fileid, $pdo);
$userAccessLevel = $userperms_obj->getAuthority($fileid, $file_obj);
$description = $file_obj->getDescription();
if ($file_obj->getStatus() == 0 and $userAccessLevel >= $userperms_obj->VIEW_RIGHT) {
$lock = false;
} else {
$lock = true;
}
if ($description == '') {
$description = msg('message_no_description_available');
}
$created_date = fix_date($file_obj->getCreatedDate());
if ($file_obj->getModifiedDate()) {
$modified_date = fix_date($file_obj->getModifiedDate());
} else {
$modified_date = $created_date;
}
$full_name_array = $file_obj->getOwnerFullName();
$owner_name = $full_name_array[1] . ', ' . $full_name_array[0];
$dept_name = $file_obj->getDeptName();
$realname = $file_obj->getRealname();
//Get the file size in bytes.
$filesize = display_filesize($dataDir . $fileid . '.dat');
if ($userAccessLevel >= $userperms_obj->READ_RIGHT) {
$suffix = strtolower(substr($realname, strrpos($realname, ".") + 1));
$mimetype = File::mime_by_ext($suffix);
$view_link = 'view_file.php?submit=view&id=' . urlencode(e::h($fileid)) . '&mimetype=' . urlencode("{$mimetype}");
} else {
$view_link = 'none';
}
$details_link = 'details.php?id=' . e::h($fileid) . '&state=' . e::h($_REQUEST['state'] + 1);
$read = array($userperms_obj->READ_RIGHT, 'r');
$write = array($userperms_obj->WRITE_RIGHT, 'w');
$admin = array($userperms_obj->ADMIN_RIGHT, 'a');
$rights = array($read, $write, $admin);
$index_found = -1;
//$rights[max][0] = admin, $rights[max-1][0]=write, ..., $right[min][0]=view
//if $userright matches with $rights[max][0], then this user has all the rights of $rights[max][0]
//and everything below it.
for ($i = sizeof($rights) - 1; $i >= 0; $i--) {
if ($userAccessLevel == $rights[$i][0]) {
$index_found = $i;
$i = 0;
}
}
//Found the user right, now bold every below it. For those that matches, make them different.
//For everything above it, blank out
for ($i = $index_found + 1; $i < sizeof($rights); $i++) {
$rights[$i][1] = '-';
}
$file_list_arr[] = array('id' => $fileid, 'view_link' => $view_link, 'details_link' => $details_link, 'filename' => $realname, 'description' => $description, 'rights' => $rights, 'created_date' => $created_date, 'modified_date' => $modified_date, 'owner_name' => $owner_name, 'dept_name' => $dept_name, 'filesize' => $filesize, 'lock' => $lock, 'showCheckbox' => $showCheckBox, 'rejectpage' => $rejectpage);
//print_r($file_list_arr);exit;
}
$limit_reached = false;
if (count($file_list_arr) >= $GLOBALS['CONFIG']['max_query']) {
$limit_reached = true;
}
$GLOBALS['smarty']->assign('limit_reached', $limit_reached);
$GLOBALS['smarty']->assign('showCheckBox', $showCheckBox);
//print_r($file_list_arr);exit;
$GLOBALS['smarty']->assign('file_list_arr', $file_list_arr);
//print_r($GLOBALS['smarty']);
// Call the plugin API
callPluginMethod('onBeforeListFiles', $file_list_arr);
display_smarty_template('out.tpl');
callPluginMethod('onAfterListFiles');
}
$stmt->execute(array(':newvalue' => $_REQUEST['newvalue'], ':primary_type' => $_REQUEST['primary_type']));
}
}
// Do Deletes
$query = "\n SELECT\n max(id)\n FROM\n {$udf_table_name}\n ";
$stmt = $pdo->prepare($query);
$stmt->execute();
$result = $stmt->fetchColumn();
$max = $result;
while ($max > 0) {
if (isset($_REQUEST['x' . $max]) && $_REQUEST['x' . $max] == "on") {
$query = "\n DELETE FROM\n {$GLOBALS['CONFIG']['db_prefix']}udftbl_{$field_name}{$tablename}\n WHERE\n id = {$max}\n ";
$stmt = $pdo->prepare($query);
$stmt->execute();
}
$max--;
}
$query = "\n SELECT\n *\n FROM\n {$_REQUEST['udf']}\n ";
$stmt = $pdo->prepare($query);
$stmt->execute();
$rows2 = $stmt->fetchAll();
$GLOBALS['smarty']->assign('udf', $_REQUEST['udf']);
$GLOBALS['smarty']->assign('display_name', $display_name);
$GLOBALS['smarty']->assign('rows', $rows2);
display_smarty_template('udf/edit_type_4.tpl');
}
draw_footer();
} else {
draw_header(msg('label_user_defined_field'), $last_message);
draw_footer();
}
if (count($result) == 1) {
// register the user's ID
$id = $result[0]['id'];
$username = $result['username'];
$password = $result['password'];
// initiate a session
$_SESSION['uid'] = $id;
// Run the plugin API
callPluginMethod('onAfterLogin');
// redirect to main page
if (isset($_REQUEST['redirection'])) {
redirect_visitor($_REQUEST['redirection']);
} else {
redirect_visitor('out.php');
}
// close connection
} else {
// Login Failed
// redirect to error page
// Call the plugin API
callPluginMethod('onFailedLogin');
header('Location: error.php?ec=0');
}
} elseif (!isset($_POST['login']) && $GLOBALS['CONFIG']['authen'] == 'mysql') {
$redirection = isset($_REQUEST['redirection']) ? $_REQUEST['redirection'] : '';
$GLOBALS['smarty']->assign('redirection', $redirection);
display_smarty_template('login.tpl');
} else {
echo 'Check your config';
}
draw_footer();
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// check for session and $_REQUEST['id']
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
include 'udf_functions.php';
// open a connection to the database
$user_obj = new User($_SESSION['uid'], $pdo);
// Check to see if user is admin
if (!$user_obj->isAdmin()) {
header('Location:error.php?ec=4');
exit;
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('accesslogpage_access_log'), $last_message);
$query = "SELECT \n a.*,\n d.realname,\n u.username\n FROM \n {$GLOBALS['CONFIG']['db_prefix']}access_log a\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}data AS d ON a.file_id = d.id\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}user AS u ON a.user_id = u.id\n ";
$stmt = $pdo->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
$actions_array = array("A" => msg('accesslogpage_file_added'), "B" => msg('accesslogpage_reserved'), "C" => msg('accesslogpage_reserved'), "V" => msg('accesslogpage_file_viewed'), "D" => msg('accesslogpage_file_downloaded'), "M" => msg('accesslogpage_file_modified'), "I" => msg('accesslogpage_file_checked_in'), "O" => msg('accesslogpage_file_checked_out'), "X" => msg('accesslogpage_file_deleted'), "Y" => msg('accesslogpage_file_authorized'), "R" => msg('accesslogpage_file_rejected'));
$accesslog_array = array();
foreach ($result as $row) {
$details_link = 'details.php?id=' . $row['file_id'] . '&state=' . ($_REQUEST['state'] + 1);
$accesslog_array[] = array('user_id' => $row['user_id'], 'file_id' => $row['file_id'], 'user_name' => $row['username'], 'realname' => $row['realname'], 'action' => $actions_array[$row['action']], 'details_link' => $details_link, 'timestamp' => $row['timestamp']);
}
$GLOBALS['smarty']->assign('accesslog_array', $accesslog_array);
display_smarty_template('access_log.tpl');
draw_footer();
$result = $stmt->fetchAll();
$array_id = array();
$i = 0;
foreach ($result as $row) {
$array_id[$i] = $row['id'];
$i++;
}
$luserperm_obj = new UserPermission($_SESSION['uid'], $pdo);
draw_header(msg('area_deleted_files'), $last_message);
$page_url = e::h($_SERVER['PHP_SELF']) . '?mode=' . $_REQUEST['mode'];
$user_obj = new User($_SESSION['uid'], $pdo);
$userperms = new UserPermission($_SESSION['uid'], $pdo);
$list_status = list_files($array_id, $userperms, $GLOBALS['CONFIG']['archiveDir'], true);
if ($list_status != -1) {
$GLOBALS['smarty']->assign('lmode', '');
display_smarty_template('deleteview.tpl');
}
} elseif (isset($_POST['submit']) && $_POST['submit'] == 'Delete file(s)') {
isset($_REQUEST['checkbox']) ? $_REQUEST['checkbox'] : '';
foreach ($_REQUEST['checkbox'] as $value) {
if (!pmt_delete($value)) {
header('Location: error.php?ec=21');
exit;
}
}
header('Location:' . urlencode($redirect) . '?last_message=' . urlencode(msg('undeletepage_file_permanently_deleted')));
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Undelete') {
if (isset($_REQUEST['checkbox'])) {
foreach ($_REQUEST['checkbox'] as $fileId) {
$file_obj = new FileData($fileId, $pdo);
$file_obj->undelete();
$allDepartments = Department::getAllDepartments($pdo);
$GLOBALS['smarty']->assign('allDepartments', $allDepartments);
$GLOBALS['smarty']->assign('current_user_dept', $current_user_dept);
$GLOBALS['smarty']->assign('t_name', $t_name);
$GLOBALS['smarty']->assign('is_admin', $user_obj->isAdmin());
$GLOBALS['smarty']->assign('avail_users', $users_array);
$GLOBALS['smarty']->assign('avail_depts', $departments_array);
$GLOBALS['smarty']->assign('cats_array', $cats_array);
$GLOBALS['smarty']->assign('dept_perms_array', $dept_perms_array);
$GLOBALS['smarty']->assign('user_id', $_SESSION['uid']);
$GLOBALS['smarty']->assign('db_prefix', $GLOBALS['CONFIG']['db_prefix']);
display_smarty_template('add.tpl');
udf_add_file_form();
// Call the plugin API
callPluginMethod('onBeforeAdd');
display_smarty_template('_add_footer.tpl');
} else {
//invalid file
if (empty($_FILES)) {
header('Location:error.php?ec=11');
exit;
}
$numberOfFiles = count($_FILES['file']['name']);
$tmp_name = array();
// First we need to make sure all files are allowed types
for ($count = 0; $count < $numberOfFiles; $count++) {
if (empty($_FILES['file']['name'][$count])) {
$last_message = $GLOBALS['lang']['addpage_file_missing'];
header('Location: error.php?last_message=' . urlencode($last_message));
exit;
}
$stmt->execute(array(':dept_id' => $_REQUEST['department_review'][$i], ':user_id' => $_POST['id']));
}
}
}
// back to main page
$last_message = urlencode(msg('message_user_successfully_updated'));
header('Location: out.php?last_message=' . $last_message);
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'updatepick') {
draw_header(msg('userpage_modify_user'), $last_message);
// Check to see if user is admin
$query = "SELECT admin FROM {$GLOBALS['CONFIG']['db_prefix']}admin WHERE id = :uid and admin = '1'";
$stmt = $pdo->prepare($query);
$stmt->execute(array(':uid' => $_SESSION['uid']));
if ($stmt->rowCount() <= 0) {
header('Location: error.php?ec=4');
exit;
}
$query = "SELECT id, username, first_name, last_name FROM {$GLOBALS['CONFIG']['db_prefix']}user ORDER BY last_name";
$stmt = $pdo->prepare($query);
$stmt->execute();
$users = $stmt->fetchAll();
$GLOBALS['smarty']->assign('state', (int) $_REQUEST['state'] + 1);
$GLOBALS['smarty']->assign('users', $users);
display_smarty_template('user/edit_pick.tpl');
draw_footer();
} elseif (isset($_REQUEST['cancel']) and $_REQUEST['cancel'] == 'Cancel') {
$last_message = "Action Cancelled";
header('Location: admin.php?last_message=' . $last_message);
} else {
header('Location: admin.php?last_message=' . urlencode('Unrecognizalbe action'));
}
public function deleteSelect()
{
$filetypes_arr = array();
$query = "\n SELECT\n *\n FROM\n {$GLOBALS['CONFIG']['db_prefix']}filetypes\n ";
$stmt = $this->connection->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
foreach ($result as $row) {
$filetypes_arr[] = $row;
}
$GLOBALS['smarty']->assign('filetypes_array', $filetypes_arr);
display_smarty_template('filetypes_deleteshow.tpl');
}
$GLOBALS['smarty']->assign('is_admin', $user_perms_obj->user_obj->isAdmin());
$GLOBALS['smarty']->assign('avail_users', $user_perms_array);
$GLOBALS['smarty']->assign('avail_depts', $dept_perms_array);
$GLOBALS['smarty']->assign('cats_array', $cats_array);
$GLOBALS['smarty']->assign('user_id', $_SESSION['uid']);
$GLOBALS['smarty']->assign('pre_selected_owner', $owner_id);
$GLOBALS['smarty']->assign('pre_selected_category', $category);
$GLOBALS['smarty']->assign('pre_selected_department', $department);
$GLOBALS['smarty']->assign('description', $description);
$GLOBALS['smarty']->assign('comment', $comment);
$GLOBALS['smarty']->assign('db_prefix', $GLOBALS['CONFIG']['db_prefix']);
display_smarty_template('edit.tpl');
udf_edit_file_form();
// Call Plugin API
callPluginMethod('onBeforeEditFile', $data_id);
display_smarty_template('_edit_footer.tpl');
}
//end else
} else {
// form submitted, process data
$fileId = $_REQUEST['id'];
$filedata = new FileData($fileId, $pdo);
// Call the plugin API
callPluginMethod('onBeforeEditFileSaved');
$filedata->setId($fileId);
$perms_error = false;
// check submitted data
// at least one user must have "view" and "modify" rights
foreach ($_REQUEST['user_permission'] as $permission) {
if ($permission > 2) {
$perms_error = true;
*/
if ($_REQUEST['submit'] == 'commentReject') {
$submit_value = 'Reject';
} elseif ($_REQUEST['submit'] == 'commentAuthorize') {
$submit_value = 'Authorize';
} else {
$submit_value = 'None';
}
$query = "\n SELECT\n id,\n first_name,\n last_name\n FROM\n {$GLOBALS['CONFIG']['db_prefix']}user\n ";
$stmt = $pdo->prepare($query);
$stmt->execute(array());
$result = $stmt->fetchAll();
$GLOBALS['smarty']->assign('user_info', $result);
$GLOBALS['smarty']->assign('submit_value', $submit_value);
$GLOBALS['smarty']->assign('checkbox', $checkbox);
display_smarty_template('commentform.tpl');
} elseif (isset($_POST['submit']) && $_POST['submit'] == 'Reject') {
$to = isset($_POST['to']) ? $_POST['to'] : '';
$subject = isset($_POST['subject']) ? $_POST['subject'] : '';
$checkbox = isset($_POST['checkbox']) ? $_POST['checkbox'] : '';
$mail_break = '--------------------------------------------------' . PHP_EOL;
$reviewer_comments = "To={$to};Subject={$subject};Comments={$comments};";
$user_obj = new user($_SESSION['uid'], $pdo);
$date = date('Y-m-d H:i:s T');
//locale insensitive
$get_full_name = $user_obj->getFullName();
$full_name = $get_full_name[0] . ' ' . $get_full_name[1];
$mail_from = $full_name . ' <' . $user_obj->getEmailAddress() . '>';
$mail_headers = "From: {$mail_from}" . PHP_EOL;
$mail_headers .= "Content-Type: text/plain; charset=UTF-8" . PHP_EOL;
$mail_subject = !empty($_REQUEST['subject']) ? stripslashes($_REQUEST['subject']) : msg('email_subject_review_status');
$file_name = $file_obj->getName();
$file_id = $file_obj->getId();
$realname = $file_obj->getName();
// Get the suffix of the file so we can look it up
// in the $mimetypes array
$suffix = '';
if (strchr($realname, '.')) {
// Fix by blackwes
$prefix = substr($realname, 0, strrpos($realname, "."));
$suffix = strtolower(substr($realname, strrpos($realname, ".") + 1));
}
$mimetype = File::mime_by_ext($suffix);
$GLOBALS['smarty']->assign('mimetype', $mimetype);
$GLOBALS['smarty']->assign('file_id', $file_id);
// drw form
display_smarty_template('view_file.tpl');
draw_footer();
} elseif ($_GET['submit'] == 'view') {
$file_obj = new FileData($_REQUEST['id'], $pdo);
// Added this check to keep unauthorized users from downloading - Thanks to Chad Bloomquist
checkUserPermission($_REQUEST['id'], $file_obj->READ_RIGHT, $file_obj);
$realname = $file_obj->getName();
if (isset($revision_id)) {
$filename = $revision_dir . $request_id . ".dat";
} elseif ($file_obj->isArchived()) {
$filename = $GLOBALS['CONFIG']['archiveDir'] . $_REQUEST['id'] . ".dat";
} else {
$filename = $GLOBALS['CONFIG']['dataDir'] . $_REQUEST['id'] . ".dat";
}
if (file_exists($filename)) {
// send headers to browser to initiate file download
// Flush buffer onto screens
ob_end_clean();
// Clean up buffer
exit;
} else {
// all checks completed
/* to avoid problems with some browsers,
download script should not include parameters on the URL
so let's use a form and pass the parameters via POST
*/
// form not yet submitted
// display information on how to initiate download
if (!isset($submit)) {
draw_header('View File', $last_message);
$GLOBALS['smarty']->assign('file_id', $filedata->getId());
display_smarty_template('view.tpl');
draw_footer();
} else {
$id = $filedata->getId();
$realname = $filedata->getName();
// get the filename
$filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat';
if (file_exists($filename)) {
// send headers to browser to initiate file download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . rawurlencode($realname));
readfile($filename);
// Call the plugin API
callPluginMethod('onViewFile');
} else {
echo 'File not readable...';
function deleteSelect()
{
$filetypes_arr = array();
$query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}filetypes";
$result = mysql_query($query) or die('Failed to select filetypes list: ' . mysql_error());
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$filetypes_arr[] = $row;
}
$GLOBALS['smarty']->assign('filetypes_array', $filetypes_arr);
display_smarty_template('filetypes_deleteshow.tpl');
}
if ($status == 0 || $status == -1 && $file_data_obj->isOwner($_SESSION['uid'])) {
// check if user has modify rights
$user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['pdo']);
if ($user_perms->getAuthority($request_id, $file_data_obj) >= $user_perms->WRITE_RIGHT && !isset($revision_id) && !$file_data_obj->isArchived()) {
// if so, display link for checkout
$check_out_link = "check-out.php?id={$request_id}" . '&state=' . ($state + 1) . '&access_right=modify';
$GLOBALS['smarty']->assign('check_out_link', $check_out_link);
}
if ($user_permission_obj->getAuthority($request_id, $file_data_obj) >= $user_permission_obj->ADMIN_RIGHT && !@isset($revision_id) && !$file_data_obj->isArchived()) {
// if user is also the owner of the file AND file is not checked out
// additional actions are available
$edit_link = "edit.php?id={$request_id}&state=" . ($state + 1);
$GLOBALS['smarty']->assign('edit_link', $edit_link);
}
}
////end if ($status == 0)
// ability to view revision history is always available
// put it outside the block
$history_link = "history.php?id={$request_id}&state=" . ($state + 1);
$comments_link = 'toBePublished.php?submit=comments&id=' . $request_id;
$my_delete_link = 'delete.php?mode=tmpdel&id0=' . $request_id;
$GLOBALS['smarty']->assign('history_link', $history_link);
$GLOBALS['smarty']->assign('comments_link', $comments_link);
$GLOBALS['smarty']->assign('my_delete_link', $my_delete_link);
// Call the plugin API
callPluginMethod('onDuringDetails', $file_data_obj->id);
$GLOBALS['smarty']->assign('file_detail', $file_detail_array);
display_smarty_template('details.tpl');
// Call the plugin API
callPluginMethod('onAfterDetails', $file_data_obj->id);
draw_footer();
draw_footer();
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Save') {
draw_header(msg('label_filetypes'), $last_message);
if ($filetypes->save($_POST)) {
$_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
} else {
$_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
}
$GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
$filetypes->edit();
draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'Cancel') {
header('Location: admin.php?last_message=' . urlencode(msg('message_action_cancelled')));
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNew') {
draw_header(msg('label_filetypes'), $last_message);
display_smarty_template('filetype_add.tpl');
draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNewSave') {
if ($filetypes->add($_POST)) {
$_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
} else {
$_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
}
$GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
draw_header(msg('label_filetypes'), $last_message);
$filetypes->edit();
draw_footer();
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'DeleteSelect') {
draw_header(msg('label_filetypes'), $last_message);
$filetypes->deleteSelect();
draw_footer();