Exemple #1
0
 function get($s)
 {
     // for testing only.
     //if (!empty($_GET['_post'])) {
     //   return $this->post();
     //}
     $this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as'];
     $bits = explode('/', $s);
     $id = 0;
     //        var_dump($bits);die('in');
     // without id as first part...
     if (!empty($bits[0]) && $bits[0] == 'Thumb') {
         $this->thumb = true;
         $this->as_mimetype = 'image/jpeg';
         $this->size = empty($bits[1]) ? '0x0' : $bits[1];
         $id = empty($bits[2]) ? 0 : $bits[2];
     } else {
         if (!empty($bits[0]) && $bits[0] == 'Download') {
             $this->method = 'attachment';
             $id = empty($bits[1]) ? 0 : $bits[1];
         } else {
             if (!empty($bits[1]) && $bits[1] == 'Thumb') {
                 // with id as first part.
                 $this->thumb = true;
                 $this->as_mimetype = 'image/jpeg';
                 $this->size = empty($bits[2]) ? '0x0' : $bits[2];
                 $id = empty($bits[3]) ? 0 : $bits[3];
             } else {
                 if (!empty($bits[0]) && $bits[0] == 'events') {
                     $this->downloadEvent($bits);
                     die("unknown file?");
                 } else {
                     $id = empty($bits[0]) ? 0 : $bits[0];
                 }
             }
         }
     }
     if (strpos($id, ':') > 0) {
         // id format  tablename:id:-imgtype
         $onbits = explode(':', $id);
         if (count($onbits) < 2 || empty($onbits[1]) || !is_numeric($onbits[1]) || !strlen($onbits[0])) {
             die("Bad url");
         }
         //DB_DataObject::debugLevel(1);
         $img = DB_DataObject::factory('Images');
         $img->ontable = $onbits[0];
         $img->onid = $onbits[1];
         if (empty($_REQUEST['anytype'])) {
             $img->whereAdd("mimetype like 'image/%'");
         }
         $img->orderBy('title ASC');
         /// spurious ordering... (curretnly used by shipping project)
         if (isset($onbits[2])) {
             $img->imgtype = $onbits[2];
         }
         $img->limit(1);
         if (!$img->find(true)) {
             header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode("no images for that item: " . htmlspecialchars($id)));
         }
         $id = $img->id;
     }
     $id = (int) $id;
     // depreciated - should use ontable:onid:type here...
     if (!empty($_REQUEST['ontable'])) {
         //DB_DataObjecT::debugLevel(1);
         $img = DB_DataObjecT::factory('Images');
         $img->setFrom($_REQUEST);
         // use imgtype now...
         // if (!empty($_REQUEST['query']['filename'])){
         //     $img->whereAdd("filename LIKE '". $img->escape($_REQUEST['query']['filename']).".%'");
         // }
         $img->limit(1);
         if (!$img->find(true)) {
             header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode("No file exists"));
         }
         $id = $img->id;
     }
     $img = DB_DataObjecT::factory('Images');
     if (!$id || !$img->get($id)) {
         header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode("image has been removed or deleted."));
     }
     if (!$this->hasPermission($img)) {
         header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode("access to this image/file has been denied."));
     }
     $this->serve($img);
     exit;
 }
Exemple #2
0
 function updateLock($x, $req)
 {
     $this->permitError = true;
     // allow it to fail without dieing
     $lock = DB_DataObjecT::factory('core_locking');
     $this->permitError = false;
     if (is_a($lock, 'DB_DataObject') && $this->authUser) {
         $lock->on_id = $x->{$this->key};
         $lock->on_table = strtolower($x->tableName());
         if (!empty($_REQUEST['_lock_id'])) {
             $lock->whereAdd('id != ' . (int) $_REQUEST['_lock_id']);
         } else {
             $lock->whereAdd('person_id !=' . $this->authUser->id);
         }
         $llc = clone $lock;
         $exp = date('Y-m-d', strtotime('NOW - 1 WEEK'));
         $llc->whereAdd("created < '{$exp}'");
         if ($llc->count()) {
             $llc->find();
             while ($llc->fetch()) {
                 $llcd = clone $llc;
                 $llcd->delete();
             }
         }
         $lock->limit(1);
         if ($lock->find(true)) {
             // it's locked by someone else..
             $p = $lock->person();
             $this->jerr("Record was locked by " . $p->name . " at " . $lock->created . " - Please confirm you wish to save", array('needs_confirm' => true));
         }
         // check the users lock.. - no point.. ??? - if there are no other locks and it's not the users, then they can
         // edit it anyways...
         // can we find the user's lock.
         $lock = DB_DataObjecT::factory('core_locking');
         $lock->on_id = $x->{$this->key};
         $lock->on_table = strtolower($x->tableName());
         $lock->person_id = $this->authUser->id;
         $lock->orderBy('created DESC');
         $lock->limit(1);
         if ($lock->find(true) && isset($x->modified_dt) && strtotime($x->modified_dt) > strtotime($lock->created) && empty($req['_submit_confirmed']) && $x->modified_by != $this->authUser->id) {
             $p = DB_DataObject::factory('core_person');
             $p->get($x->modified_by);
             $this->jerr($p->name . " saved the record since you started editing,\nDo you really want to update it?", array('needs_confirm' => true));
         }
     }
     return $lock;
 }