if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') { header('Location:error.php?ec=2'); exit; } draw_header(msg('area_view_history'), $last_message); //revision parsing if (strchr($_REQUEST['id'], '_')) { list($_REQUEST['id'], $revision_id) = explode('_', $_REQUEST['id']); } $datafile = new FileData($_REQUEST['id'], $pdo); // verify if ($datafile->getError() != null) { header('Location:error.php?ec=2'); exit; } else { // obtain data from resultset $owner_full_name = $datafile->getOwnerFullName(); $owner = $owner_full_name[1] . ', ' . $owner_full_name[0]; $real_name = $datafile->getRealName(); $category = $datafile->getCategoryName(); $created = $datafile->getCreatedDate(); $description = $datafile->getDescription(); $comments = $datafile->getComment(); $status = $datafile->getStatus(); $id = $_REQUEST['id']; // corrections if ($description == '') {
if ($file_mime == $thistype) { $allowedFile = 1; break; } else { $allowedFile = 0; } } // illegal file type! if ($allowedFile != 1) { $last_message = 'MIMETYPE: ' . $file_mime . ' Failed'; header('Location:error.php?ec=13&last_message=' . urlencode($last_message)); exit; } // query to ensure that user has modify rights $fileobj = new FileData($id, $GLOBALS['connection'], DB_NAME); if ($fileobj->getError() == '' && $fileobj->getStatus() == $_SESSION['uid']) { //look to see how many revision are there $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}log WHERE id = '{$id}'"; $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error()); $lrevision_num = mysql_num_rows($result); // if dir not available, create it if (!is_dir($GLOBALS['CONFIG']['revisionDir'])) { if (!mkdir($GLOBALS['CONFIG']['revisionDir'], 0775)) { $last_message = msg('message_directory_creation_failed') . ': ' . $GLOBALS['CONFIG']['revisionDir']; header('Location:error.php?ec=23&last_message=' . urlencode($last_message)); exit; } } if (!is_dir($GLOBALS['CONFIG']['revisionDir'] . $id)) { if (!mkdir($GLOBALS['CONFIG']['revisionDir'] . $id, 0775)) { $last_message = msg('message_directory_creation_failed') . ': ' . $GLOBALS['CONFIG']['revisionDir'] . $id;
session_start(); include_once 'odm-load.php'; if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; if (!isset($id) || $id == '') { header('Location:error.php?ec=2'); exit; } // includes // in case file is accessed directly // verify again that user has view rights $filedata = new FileData($id, $pdo); $filedata->setId($id); if ($filedata->getError() != '') { header('Location:error.php?ec=2'); ob_end_flush(); // Flush buffer onto screens ob_end_clean(); // Clean up buffer exit; } else { // all checks completed /* to avoid problems with some browsers, download script should not include parameters on the URL so let's use a form and pass the parameters via POST */ // form not yet submitted // display information on how to initiate download if (!isset($submit)) {
if (!isset($_SESSION['uid'])) { redirect_visitor(); } $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') { header('Location:error.php?ec=2'); exit; } draw_header(msg('area_view_history'), $last_message); //revision parsing if (strchr($_REQUEST['id'], '_')) { list($_REQUEST['id'], $lrevision_id) = explode('_', $_REQUEST['id']); } $datafile = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME); // verify if ($datafile->getError() != NULL) { header('Location:error.php?ec=2'); exit; } else { // obtain data from resultset $owner_fullname = $datafile->getOwnerFullName(); $owner = $owner_fullname[1] . ', ' . $owner_fullname[0]; $realname = $datafile->getRealName(); $category = $datafile->getCategoryName(); $created = $datafile->getCreatedDate(); $description = $datafile->getDescription(); $comments = $datafile->getComment(); $status = $datafile->getStatus(); // corrections if ($description == '') { $description = msg('message_no_description_available');
require_once "AccessLog_class.php"; $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; if (strchr($_REQUEST['id'], '_')) { header('Location:error.php?ec=20'); } if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') { header('Location:error.php?ec=2'); exit; } /* if the user has read-only authority on the file, his check out will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on the server */ $fileobj = new FileData($_GET['id'], $GLOBALS['connection'], DB_NAME); $fileobj->setId($_GET['id']); if ($fileobj->getError() != NULL || $fileobj->getStatus() > 0 || $fileobj->isArchived()) { header('Location:error.php?ec=2'); exit; } if (!isset($_GET['submit'])) { draw_header(msg('area_check_out_file'), $last_message); // form not yet submitted // display information on how to initiate download checkUserPermission($_REQUEST['id'], $fileobj->WRITE_RIGHT, $fileobj); ?> <p> <form action="<?php echo $_SERVER['PHP_SELF'];
require_once "AccessLog_class.php"; $last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : ''; if (strchr($_REQUEST['id'], '_')) { header('Location:error.php?ec=20'); } if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') { header('Location:error.php?ec=2'); exit; } /* if the user has read-only authority on the file, his check out will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on the server */ $file_data_obj = new FileData($_GET['id'], $pdo); $file_data_obj->setId($_GET['id']); if ($file_data_obj->getError() != null || $file_data_obj->getStatus() > 0 || $file_data_obj->isArchived()) { header('Location:error.php?ec=2'); exit; } if (!isset($_GET['submit'])) { draw_header(msg('area_check_out_file'), $last_message); // form not yet submitted // display information on how to initiate download checkUserPermission($_REQUEST['id'], $file_data_obj->WRITE_RIGHT, $file_data_obj); ?> <p> <form action="<?php echo $_SERVER['PHP_SELF'];