Esempio n. 1
0
            echo '<td><font size="-1">' . e::h($revision) . e::h($extra_message);
        }
        ?>
                    </font></td>
                    <td><font size="-1"><?php 
        echo fix_date($modified_on);
        ?>
</font></td>
                    <td><font size="-1"><?php 
        echo e::h($last_name) . ', ' . e::h($first_name);
        ?>
</font></td>
                    <td><font size="-1"><?php 
        echo e::h($note);
        ?>
</font></td>
            </tr>
<?php 
    }
    // clean up
    ?>
	</table>
</td>
</tr>

</table>
<?php 
    // Call the plugin API
    callPluginMethod('onAfterHistory', $datafile->getId());
    draw_footer();
}
Esempio n. 2
0
    ob_end_flush();
    // Flush buffer onto screens
    ob_end_clean();
    // Clean up buffer
    exit;
} else {
    // all checks completed
    /* to avoid problems with some browsers,
          download script should not include parameters on the URL
          so let's use a form and pass the parameters via POST
       */
    // form not yet submitted
    // display information on how to initiate download
    if (!isset($submit)) {
        draw_header('View File', $last_message);
        $GLOBALS['smarty']->assign('file_id', $filedata->getId());
        display_smarty_template('view.tpl');
        draw_footer();
    } else {
        $id = $filedata->getId();
        $realname = $filedata->getName();
        // get the filename
        $filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat';
        if (file_exists($filename)) {
            // send headers to browser to initiate file download
            header('Content-Type: application/octet-stream');
            header('Content-Disposition: attachment; filename=' . rawurlencode($realname));
            readfile($filename);
            // Call the plugin API
            callPluginMethod('onViewFile');
        } else {
Esempio n. 3
0
    redirect_visitor();
}
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
$secureurl_obj = new phpsecureurl();
$lrequest_id = $_REQUEST['id'];
//save an original copy of id
if (strchr($_REQUEST['id'], '_')) {
    list($_REQUEST['id'], $lrevision_id) = explode('_', $_REQUEST['id']);
    $lrevision_dir = $GLOBALS['CONFIG']['revisionDir'] . '/' . $_REQUEST['id'] . '/';
}
if (!isset($_GET['submit'])) {
    draw_header(msg('view') . ' ' . msg('file'), $last_message);
    $file_obj = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME);
    $file_name = $file_obj->getName();
    $file_id = $file_obj->getId();
    $realname = $file_obj->getName();
    // Get the suffix of the file so we can look it up
    // in the $mimetypes array
    $suffix = '';
    if (strchr($realname, '.')) {
        // Fix by blackwes
        $prefix = substr($realname, 0, strrpos($realname, "."));
        $suffix = strtolower(substr($realname, strrpos($realname, ".") + 1));
    }
    $lmimetype = File::mime_by_ext($suffix);
    //echo "Realname is $realname<br>";
    //echo "prefix = $prefix<br>";
    //echo "suffix = $suffix<br>";
    //echo "mime:$lmimetype";
    echo '<form action="view_file.php" name="view_file_form" method="get">';
Esempio n. 4
0
    $del_dept_perms_query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}dept_perms WHERE fid = :file_id";
    $del_dept_perms_stmt = $pdo->prepare($del_dept_perms_query);
    $del_dept_perms_stmt->bindParam(':file_id', $fileId);
    $del_dept_perms_stmt->execute();
    $result_array = array();
    // init;
    foreach ($_REQUEST['user_permission'] as $user_id => $permission) {
        $insert_user_perms_query = "\n            INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user_perms \n            (\n                fid, \n                uid, \n                rights\n            ) VALUES(\n                :file_id, \n                :user_id, \n                :permission\n            )";
        //echo $query."<br>";
        $insert_user_perms_stmt = $pdo->prepare($insert_user_perms_query);
        $insert_user_perms_stmt->bindParam(':file_id', $fileId);
        $insert_user_perms_stmt->bindParam(':user_id', $user_id);
        $insert_user_perms_stmt->bindParam(':permission', $permission);
        $insert_user_perms_stmt->execute();
    }
    //UPDATE Department Rights into dept_perms
    foreach ($_POST['department_permission'] as $dept_id => $dept_perm) {
        $update_dept_perms_query = "\n            INSERT INTO\n                {$GLOBALS['CONFIG']['db_prefix']}dept_perms\n            (\n                fid,\n                dept_id,\n                rights\n            )\n            VALUES\n             (\n                :file_id,\n                :dept_id,\n                :dept_perm\n             )\n             ";
        $update_dept_perms_stmt = $pdo->prepare($update_dept_perms_query);
        $update_dept_perms_stmt->bindParam(':dept_perm', $dept_perm);
        $update_dept_perms_stmt->bindParam(':dept_id', $dept_id);
        $update_dept_perms_stmt->bindParam(':file_id', $filedata->getId());
        $update_dept_perms_stmt->execute();
    }
    $message = 'Document successfully updated';
    AccessLog::addLogEntry($fileId, 'M', $pdo);
    // Call the plugin API
    callPluginMethod('onAfterEditFile', $fileId);
    header('Location: details.php?id=' . $fileId . '&last_message=' . urlencode($message));
}
draw_footer();
Esempio n. 5
0
			<form action="<?php 
        echo $_SERVER['PHP_SELF'];
        ?>
" method="post">
			<input type="hidden" name="id" value="<?php 
        echo $_POST['id'];
        ?>
">
			<input type="submit" name="submit" value="Click here"> to begin downloading the selected document to your local workstation.
			</form>
			Once the document has completed downloading, you may <a href="out.php">continue browsing</a>.
			<?php 
        draw_footer();
    } else {
        //list($id, $realname) = mysql_fetch_row($result);
        $id = $filedata->getId();
        $realname = $filedata->getName();
        //mysql_free_result($result);
        // get the filename
        $filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat';
        if (file_exists($filename)) {
            // send headers to browser to initiate file download
            header('Content-Type: application/octet-stream');
            header('Content-Disposition: attachment; filename=' . rawurlencode($realname));
            readfile($filename);
            // Call the plugin API
            callPluginMethod('onViewFile');
        } else {
            echo 'File not readable...';
        }
        ob_end_flush();
Esempio n. 6
0
    if (isset($_REQUEST['file_owner'])) {
        $filedata->setOwner(mysql_real_escape_string($_REQUEST['file_owner']));
    }
    if (isset($_REQUEST['file_department'])) {
        $filedata->setDepartment(mysql_real_escape_string($_REQUEST['file_department']));
    }
    // Update the file with the new values
    $filedata->updateData();
    udf_edit_file_update();
    // clean out old permissions
    $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE fid = '{$fileId}'";
    $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
    $result_array = array();
    // init;
    foreach ($_REQUEST['user_permission'] as $user_id => $permission) {
        $query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user_perms (fid, uid, rights) VALUES({$fileId}, {$user_id}, {$permission})";
        //echo $query."<br>";
        $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}" . mysql_error());
    }
    //UPDATE Department Rights into dept_perms
    foreach ($_POST['department_permission'] as $dept_id => $dept_perm) {
        $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}dept_perms SET rights = {$dept_perm} where fid=" . $filedata->getId() . " and {$GLOBALS['CONFIG']['db_prefix']}dept_perms.dept_id = {$dept_id}";
        mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
    }
    $message = urlencode('Document successfully updated');
    AccessLog::addLogEntry($fileId, 'M');
    // Call the plugin API
    callPluginMethod('onAfterEditFile', $fileId);
    header('Location: details.php?id=' . $fileId . '&last_message=' . $message);
}
draw_footer();