if ($row["level"] == '0') { $clients[$row["id"]] = $row["name"]; } } /** Fill the groups array that will be used on the form */ $groups = array(); $cq = "SELECT id, name FROM tbl_groups ORDER BY name ASC"; $sql = $database->query($cq); while ($row = mysql_fetch_array($sql)) { $groups[$row["id"]] = $row["name"]; } /** * Get the user level to determine if the uploader is a * system user or a client. */ $current_level = get_current_user_level(); //echo '<pre>'; print_r($_POST); echo '</pre>'; // DEBUG ?> <div id="main"> <h2><?php echo $page_title; ?> </h2> <?php /** * Show an error message if no ID value is passed on the URI. */ if (empty($this_file_id)) { $no_results_error = 'no_id_passed';
function get_downloaders() { $this->check_level = array(9, 8, 7); if (isset($_GET['sys_user']) && isset($_GET['file_id'])) { // do a permissions check for logged in user if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $file_id = (int) $_GET['file_id']; $current_level = get_current_user_level(); $this->sql = $this->database->query('SELECT id, uploader, filename FROM tbl_files WHERE id="' . $file_id . '"'); $this->row = mysql_fetch_array($this->sql); $this->uploader = $this->row['uploader']; /** Uploaders can only generate this for their own files */ if ($current_level == '7') { if ($this->uploader != $_GET['sys_user']) { ob_clean(); flush(); _e("You don't have the required permissions to view the requested information about this file.", 'cftp_admin'); exit; } } $this->filename = $this->row['filename']; $this->sql_who = $this->database->query('SELECT user_id, COUNT(*) AS downloads FROM tbl_downloads WHERE file_id="' . $file_id . '" GROUP BY user_id'); while ($this->wrow = mysql_fetch_array($this->sql_who)) { $this->downloaders_ids[] = $this->wrow['user_id']; $this->downloaders_count[$this->wrow['user_id']] = $this->wrow['downloads']; } $this->users_ids = implode(',', array_unique(array_filter($this->downloaders_ids))); $this->downloaders_list = array(); $this->sql_who = $this->database->query("SELECT id, name, email, level FROM tbl_users WHERE id IN ({$this->users_ids})"); $i = 0; while ($this->urow = mysql_fetch_array($this->sql_who)) { $this->downloaders_list[$i] = array('name' => $this->urow['name'], 'email' => $this->urow['email']); $this->downloaders_list[$i]['type'] = $this->urow['name'] == 0 ? 'client' : 'user'; $this->downloaders_list[$i]['count'] = isset($this->downloaders_count[$this->urow['id']]) ? $this->downloaders_count[$this->urow['id']] : null; $i++; } ob_clean(); flush(); echo json_encode($this->downloaders_list); } } }
/** * Define the information about the current logged in user or client * used on the different validations across the system. * * @package ProjectSend * @subpackage Session */ session_start(); ob_start(); header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); /** * Global information on the current account to use accross the system. */ $global_user = get_current_user_username(); $global_level = get_current_user_level(); /** * Get the user information from the database */ if ($global_level != 0) { $global_account = get_user_by_username($global_user); } else { $global_account = get_client_by_username($global_user); } /** * Automatic log out if account is deactivated while session is on. */ if ($global_account['active'] == '0') { /** Prevent an infinite loop */ if (!isset($_SESSION['logout'])) { $_SESSION['logout'] = '1';
function get_downloaders() { $this->check_level = array(9, 8, 7); if (isset($_GET['sys_user']) && isset($_GET['file_id'])) { // do a permissions check for logged in user if (isset($this->check_level) && in_session_or_cookies($this->check_level)) { $file_id = (int) $_GET['file_id']; $current_level = get_current_user_level(); $this->statement = $this->dbh->prepare("SELECT id, uploader, filename FROM " . TABLE_FILES . " WHERE id=:file_id"); $this->statement->bindParam(':file_id', $file_id, PDO::PARAM_INT); $this->statement->execute(); $this->statement->setFetchMode(PDO::FETCH_ASSOC); $this->row = $this->statement->fetch(); $this->uploader = $this->row['uploader']; /** Uploaders can only generate this for their own files */ if ($current_level == '7') { if ($this->uploader != $_GET['sys_user']) { ob_clean(); flush(); _e("You don't have the required permissions to view the requested information about this file.", 'cftp_admin'); exit; } } $this->filename = $this->row['filename']; $this->sql_who = $this->dbh->prepare("SELECT user_id, COUNT(*) AS downloads FROM " . TABLE_DOWNLOADS . " WHERE file_id=:file_id GROUP BY user_id"); $this->sql_who->bindParam(':file_id', $file_id, PDO::PARAM_INT); $this->sql_who->execute(); $this->sql_who->setFetchMode(PDO::FETCH_ASSOC); while ($this->wrow = $this->sql_who->fetch()) { $this->downloaders_ids[] = $this->wrow['user_id']; $this->downloaders_count[$this->wrow['user_id']] = $this->wrow['downloads']; } $this->users_ids = implode(',', array_unique(array_filter($this->downloaders_ids))); $this->downloaders_list = array(); $this->sql_who = $this->dbh->prepare("SELECT id, name, email, level FROM " . TABLE_USERS . " WHERE FIND_IN_SET(id,:users)"); $this->sql_who->bindParam(':users', $this->users_ids); $this->sql_who->execute(); $this->sql_who->setFetchMode(PDO::FETCH_ASSOC); $i = 0; while ($this->urow = $this->sql_who->fetch()) { $this->downloaders_list[$i] = array('name' => $this->urow['name'], 'email' => $this->urow['email']); $this->downloaders_list[$i]['type'] = $this->urow['name'] == 0 ? 'client' : 'user'; $this->downloaders_list[$i]['count'] = isset($this->downloaders_count[$this->urow['id']]) ? $this->downloaders_count[$this->urow['id']] : null; $i++; } ob_clean(); flush(); echo json_encode($this->downloaders_list); } } }