} } } /* Send out Notifications to all users on distribution * Use the Bcc feature of COM_mail (added June/2009) * To send to complete distribution as one email and not loop thru distribution sending individual emails */ $lastuser = 0; $type = 5; // Notification message type - Broadcast message $sql = "SELECT file.title,file.cid,file.submitter,category.name FROM " . "{$_TABLES['nxfile_files']} file, {$_TABLES['nxfile_categories']} category " . "WHERE file.cid=category.cid and file.fid={$fid}"; $query = DB_query($sql); list($filename, $cid, $submitter, $catname) = DB_fetchARRAY($query); foreach ($target_users as $target_uid) { // Check that user has view access to this folder if ($target_uid != $lastuser and fm_getPermission($cid, 'view')) { $query = DB_query("SELECT username,email FROM {$_TABLES['users']} WHERE uid={$target_uid}"); list($username, $email) = DB_fetchArray($query); if (!empty($email)) { $distribution[] = $email; $sql = "INSERT INTO {$_TABLES['nxfile_notificationlog']} (target_uid,submitter_uid,notification_type,fid,cid,datetime) " . "VALUES ({$target_uid},{$_USER['uid']},{$type},{$fid},{$cid},UNIX_TIMESTAMP() )"; DB_query($sql); } $lastuser = $target_uid; } } $subject = "{$_CONF['site_name']} - {$LANG_FM10[$type]['SUBJECT']}"; $message .= "\n\n"; $message .= sprintf($LANG_FM10[$type]['LINE1'], $filename, $catname, "{$_CONF['site_url']}/nexfile/index.php?cid={$cid}"); $message .= $LANG_FM10[$type]['LINE2']; if (fm_sendEmail($distribution, $subject, $message)) {
/** * Returns a formatted listbox of categories user has access * First checks for View access so that delegated admin can be just for sub-categories * * @param string|array $perms Single perm 'admin' or array of permissions as required by fm_getPermission() * @param int $selected Will make this item the selected item in the listbox * @param string $cid Parent category to start at and then recursively check * @param string $level Used by this function as it calls itself to control the ident formatting * @param string $selectlist Used by this function to be able to append to the formatted select list * @param string $restricted Used if you do not want to show this categories subfolders * @return string Return a formatted HTML Select listbox of categories */ function nexdoc_recursiveAccessOptions($perms, $selected = '', $cid = '0', $level = '1', $selectlist = '', $restricted = '') { global $_TABLES, $LANG_FM02; if (empty($selectlist) and $level == 1) { if (SEC_hasRights('nexfile.admin')) { $selectlist = '<option value="0">' . $LANG_FM02['TOP_CAT'] . '</option>' . LB; } } $query = DB_QUERY("SELECT cid,pid,name FROM {$_TABLES['nxfile_categories']} WHERE PID='{$cid}' ORDER BY CID"); while (list($cid, $pid, $name, $description) = DB_fetchARRAY($query)) { $indent = ' '; // Check if user has access to this category if ($cid != $restricted and fm_getPermission($cid, 'view')) { // Check and see if this category has any sub categories - where a category record has this cid as it's parent if (DB_COUNT($_TABLES['nxfile_categories'], 'pid', $cid) > 0) { if ($level > 1) { for ($i = 2; $i <= $level; $i++) { $indent .= "--"; } $indent .= ' '; } if (fm_getPermission($cid, $perms)) { if ($indent != '') { $name = " {$name}"; } $selectlist .= '<option value="' . $cid; if ($cid == $selected) { $selectlist .= '" selected="selected">' . $indent . $name . '</option>' . LB; } else { $selectlist .= '">' . $indent . $name . '</option>' . LB; } $selectlist = nexdoc_recursiveAccessOptions($perms, $selected, $cid, $level + 1, $selectlist, $restricted); } elseif ($perms == 'admin') { // Need to check for any folders with admin even subfolders of parents that user does not have access $selectlist = nexdoc_recursiveAccessOptions($perms, $selected, $cid, $level + 1, $selectlist, $restricted); } } else { if ($level > 1) { for ($i = 2; $i <= $level; $i++) { $indent .= "--"; } $indent .= ' '; } if (fm_getPermission($cid, $perms)) { if ($indent != '') { $name = " {$name}"; } $selectlist .= '<option value="' . $cid; if ($cid == $selected) { $selectlist .= '" selected="selected">' . $indent . $name . '</option>' . LB; } else { $selectlist .= '">' . $indent . $name . '</option>' . LB; } } } } } return $selectlist; }
while (!feof($fp)) { $data = fread($fp, $_FMCONF['download_chunk_rate']); echo $data; } exit; } else { COM_errorLog("MIME type for file {$filename} ({$fid}) could not be determined"); } } elseif ($_GET['op'] == "chksubmission") { if (!DB_count($_TABLES['nxfile_files'], 'fid', $fid)) { echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile'); exit; } $cid = DB_getItem($_TABLES['nxfile_files'], "cid", "fid={$fid}"); // make sure user has access if (!fm_getPermission($cid, 'admin')) { echo COM_siteHeader(); echo COM_startBlock('Access Denied'); echo 'You do not have access rights to this file. Your attempt has been logged.'; echo COM_endBlock(); echo COM_siteFooter(); } if (DB_count($_TABLES['nxfile_filesubmissions'], 'id', $fid) > 0) { include_once $_CONF['path_system'] . 'classes/downloader.class.php'; $query = DB_query("SELECT cid,ftype,fname,tempname FROM {$_TABLES['nxfile_filesubmissions']} WHERE id={$fid}"); list($cid, $ftype, $fname, $tname) = DB_fetchARRAY($query); $directory = $_FMCONF['storage_path'] . $cid . '/submissions/'; $logfile = $_CONF['path'] . 'logs/error.log'; if ($ftype == "file") { $pos = strrpos($tname, '.') + 1; $ext = strtolower(substr($tname, $pos));
$cid = 0; } } $op = strtolower($_CLEAN['char']['op']); $alertMsg = ''; if ($_USER['uid'] < 2) { $uid = 0; $alertMsg = 'You are not logged in'; } else { $uid = $_USER['uid']; } if (!($file = @fopen($_FMCONF['storage_path'] . 'test.txt', 'w'))) { $alertMsg = "Unable to write to the file storage area: {$_FMCONF['storage_path']}"; } if ($op == 'downloadfolder') { if ($cid > 0 and fm_getPermission($cid, 'view')) { include 'lib-archive.php'; nexdoc_createArchiveFromFolder($cid); } else { COM_errorLog('Archive failed - invalid category or user does not have view access'); } } echo COM_siteHeader('none'); $tpl = new Template($_CONF['path_layout'] . 'nexfile'); $tpl->set_file(array('page' => 'page.thtml', 'header' => 'filelisting_header.thtml', 'toolbar' => 'toolbar.thtml', 'newfolderlink' => 'newfolder_link.thtml', 'newfilelink' => 'newfile_link.thtml', 'newfilediv' => 'newfile_div.thtml', 'newfolderdiv' => 'newfolder_div.thtml', 'movefilesdiv' => 'movefiles_div.thtml', 'movequeuefile' => 'movefile_div.thtml', 'broadcast' => 'broadcast_div.thtml', 'filedetails' => 'filedetails.thtml', 'subfolder' => 'filelisting_subfolder_record.thtml', 'emptyfolder' => 'filelisting_emptyfolder.thtml', 'filelisting_rec' => 'filelisting_record.thtml', 'tag_link' => 'taglink_record.thtml', 'tag_rec' => 'tagdesc_record.thtml', 'tagsearch_rec' => 'tagsearchlink.thtml', 'tagcloud_rec' => 'tagcloud_record.thtml', 'folderlisting_rec' => 'leftnav_folder_record.thtml', 'movefolder' => 'folder_onhover_move.thtml')); $tpl->set_var('site_url', $_CONF['site_url']); $tpl->set_var('layout_url', $_CONF['layout_url']); $tpl->set_var('action_url', $actionurl); $tpl->set_var('ajax_server_url', "{$_CONF['site_url']}/nexfile/ajax/server.php"); $tpl->set_var('actionurl_dir', "{$_CONF['site_url']}/nexfile"); $tpl->set_var('imgset', "{$_CONF['layout_url']}/nexfile/images");
function gf_showattachments($topic, $mode = '') { global $_TABLES, $_CONF, $CONF_FORUM, $_FM_TABLES; $retval = ''; $sql = "SELECT id,repository_id,filename FROM {$_TABLES['gf_attachments']} WHERE topic_id={$topic} "; if ($mode != 'edit') { $sql .= "AND show_inline=0 "; } $sql .= "ORDER BY id"; $query = DB_query($sql); $i = 1; while (list($id, $lid, $field_value) = DB_fetchArray($query)) { $retval .= '<div class="forum_attachment">'; if ($mode == 'edit') { $retval .= ' ' . $i . ' '; } $filename = explode(':', $field_value); // Check and see if the file is in the File Mgmt plugin and if user has access if ($CONF_FORUM['filestorage_plugin'] == 'filemgmt' and $lid > 0) { $groupsql = filemgmt_buildAccessSql(); $sql = "SELECT COUNT(*) FROM {$_FM_TABLES['filemgmt_filedetail']} a "; $sql .= "LEFT JOIN {$_FM_TABLES['filemgmt_cat']} b ON a.cid=b.cid "; $sql .= "WHERE a.lid='{$lid}' {$groupsql}"; list($testaccess_cnt) = DB_fetchArray(DB_query($sql)); } elseif ($CONF_FORUM['filestorage_plugin'] == 'nexfile' and $lid > 0) { $cid = DB_getItem($_TABLES['nxfile_files'], 'cid', "fid={$lid}"); if (fm_getPermission($cid, 'view')) { $testaccess_cnt = 1; } else { $testaccess_cnt = 0; } } if ($lid > 0 and $testaccess_cnt == 0) { $retval .= "<img src=\"{$CONF_FORUM['imgset']}/document_sm.gif\" border=\"0\">Insufficent Access"; } elseif (!empty($field_value)) { $retval .= "<img src=\"{$CONF_FORUM['imgset']}/document_sm.gif\" border=\"0\">"; $retval .= "<a href=\"{$_CONF['site_url']}/forum/getattachment.php?id={$id}\" target=\"_new\">"; $retval .= "{$filename[1]}</a> "; if ($mode == 'edit') { $retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$topic},{$id});'>"; $retval .= "<img src=\"{$CONF_FORUM['imgset']}/delete.gif\" border=\"0\"></a>"; } } else { $retval .= 'N/A '; } $retval .= '</div>'; $i++; } return $retval; }
function nexdoc_archiveAddFolder($zip, $folder, $files = false, $zipfolder = '') { global $_CONF, $_TABLES, $_FMCONF, $_USER; if (!fm_getPermission($folder, 'view')) { COM_errorLog("User: {$_USER['uid']} does not have view access to the folder: {$folder}"); return ''; } $filesAdded = array(); if ($files) { $fileitems = implode(',', $files); } $foldername = DB_getItem($_TABLES['nxfile_categories'], 'name', "cid={$folder}"); if ($zipfolder != '') { $zipfoldername = $zipfolder . $foldername . '/'; } else { $zipfoldername = $foldername . '/'; } $sql = "SELECT cid,fid,fname FROM {$_TABLES['nxfile_files']} "; $sql .= "WHERE cid={$folder} "; if (!empty($fileitems)) { $sql .= "AND fid in ({$fileitems})"; } $query = DB_query($sql); if (DB_numRows($query) > 0) { // COM_errorLog("Adding zip folder ($folder): $foldername"); $zip->addEmptyDir($zipfoldername); while ($A = DB_fetchArray($query)) { $sourcefile = "{$_FMCONF['storage_path']}{$folder}/{$A['fname']}"; if (file_exists($sourcefile)) { // COM_errorLog("$i: Adding file $sourcefile > $zipfoldername . $fname"); // COM_errorLog("$i: Adding file ({$A['fid']}): {$zipfoldername}{$A['fname']}"); $zip->addFile($sourcefile, $zipfoldername . $A['fname']); $filesAdded[] = $A['fid']; } } } return $filesAdded; }