function attachments_attachmentListHTML($article_id, $user_can_add, $Itemid, $from)
{
require_once JPATH_SITE . DS . 'components' . DS . 'com_attachments' . DS . 'helper.php';
// Generate the HTML for the attachments for the specified article
$alist = "";
$db =& JFactory::getDBO();
$query = "SELECT count(*) FROM #__attachments WHERE article_id='" . $article_id . "' AND published='1'";
$db->setQuery($query);
$total = $db->loadResult();
if ($total > 0) {
// Get the component parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Check the security status
$attach_dir = JPATH_SITE . DS . $params->get('upload_dir', 'attachments');
$secure = $params->get('secure', false);
$hta_filename = $attach_dir . DS . '.htaccess';
if ($secure && !file_exists($hta_filename) || !$secure && file_exists($hta_filename)) {
AttachmentsHelper::setup_upload_directory($attach_dir, $secure);
}
$alist = AttachmentsHelper::attachmentsTableHTML($article_id, false, true, true, $from);
}
return $alist;
}
/**
* Display a form for updating/editing an attachment
*/
public function update()
{
// Call with: index.php?option=com_attachments&task=update&id=1&tmpl=component
// or: component/attachments/update/id/1/tmpl/component
// Make sure we have a valid attachment ID
$id = JRequest::getInt('id');
if (is_numeric($id)) {
$id = (int) $id;
} else {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 24)';
JError::raiseError(500, $errmsg);
}
// Get the attachment record
require_once JPATH_COMPONENT_SITE . '/models/attachment.php';
$model = new AttachmentsModelAttachment();
$model->setId($id);
$attachment = $model->getAttachment();
if (!$attachment) {
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_UPDATE_ATTACHMENT_INVALID_ID_N', $id) . ' (ERR 25)';
JError::raiseError(500, $errmsg);
}
// Get the component parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Get the article/parent handler
$parent_id = $attachment->parent_id;
$parent_type = $attachment->parent_type;
$parent_entity = $attachment->parent_entity;
JPluginHelper::importPlugin('attachments');
$apm = getAttachmentsPluginManager();
if (!$apm->attachmentsPluginInstalled($parent_type)) {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 26)';
JError::raiseError(500, $errmsg);
}
$parent = $apm->getAttachmentsPlugin($parent_type);
// Check to make sure we can edit it
if (!$parent->userMayEditAttachment($attachment)) {
return JError::raiseError(404, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 27)');
}
// Set up the entity name for display
$parent_entity_name = JText::_('ATTACH_' . $parent_entity);
// Verify that this user may add attachments to this parent
$user = JFactory::getUser();
$new_parent = false;
if ($parent_id === null) {
$parent_id = 0;
$new_parent = true;
}
// Make sure the attachments directory exists
$upload_dir = JPATH_BASE . '/' . AttachmentsDefines::$ATTACHMENTS_SUBDIR;
$secure = $params->get('secure', false);
if (!AttachmentsHelper::setup_upload_directory($upload_dir, $secure)) {
$errmsg = JText::sprintf('ATTACH_ERROR_UNABLE_TO_SETUP_UPLOAD_DIR_S', $upload_dir) . ' (ERR 28)';
JError::raiseError(500, $errmsg);
}
// Make sure the update parameter is legal
$update = JRequest::getWord('update');
if ($update && !in_array($update, AttachmentsDefines::$LEGAL_URI_TYPES)) {
$update = false;
}
// Suppress the display filename if we are switching from file to url
$display_name = $attachment->display_name;
if ($update && $update != $attachment->uri_type) {
$attachment->display_name = '';
}
// Set up the view
require_once JPATH_COMPONENT_SITE . '/views/update/view.html.php';
$view = new AttachmentsViewUpdate();
$from = JRequest::getWord('from', 'closeme');
AttachmentsHelper::add_view_urls($view, 'update', $parent_id, $attachment->parent_type, $id, $from);
$view->update = $update;
$view->new_parent = $new_parent;
$view->attachment = $attachment;
$view->parent = $parent;
$view->params = $params;
$view->from = $from;
$view->Itemid = JRequest::getInt('Itemid', 1);
$view->error = false;
$view->error_msg = false;
$view->display();
}
function upload_file(&$row, $article_id, $update = false, $attachment_id = false)
{
global $mainframe;
// Get the component parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Get the auto-publish setting
$auto_publish = $params->get('publish_default', false);
// Make sure the attachments directory exists
$upload_subdir = $params->get('attachments_subdir', 'attachments');
if ($upload_subdir == '') {
$upload_subdir = 'attachments';
}
$upload_dir = JPATH_SITE . DS . $upload_subdir;
$secure = $params->get('secure', false);
if (!AttachmentsHelper::setup_upload_directory($upload_dir, $secure)) {
$errmsg = JText::_('ERROR UNABLE TO SETUP UPLOAD DIR');
JError::raiseError(500, "<p>" . $errmsg . " ({$upload_dir})</p>");
}
// If we are updating, note the name of the old filename
$old_filename = null;
$old_filename_sys = null;
if ($update) {
$old_filename = $row->filename;
$old_filename_sys = $row->filename_sys;
}
// Get the new filename
$filename = $_FILES['upload']['name'];
$ftype = $_FILES['upload']['type'];
// Make sure a file was successfully uploaded
if ($update) {
$update_file = JRequest::getVar('change', true);
} else {
$update_file = true;
}
if ($update_file && $_FILES['upload']['size'] == 0 && $_FILES['upload']['tmp_name'] == '') {
// Guess the type of error
if ($filename == '') {
$error = 'no_file';
$error_msg = JText::_('ERROR UPLOADING FILE') . ' ' . $filename;
$error_msg .= ' (' . JText::_('YOU MUST SELECT A FILE TO UPLOAD') . ')';
if ($mainframe->isAdmin()) {
return $error_msg;
}
} else {
$error = 'file_too_big';
$error_msg = JText::_('ERROR UPLOADING FILE') . ' ' . $filename;
$error_msg .= ' <br>(' . JText::_('ERROR MAY BE LARGER THAN LIMIT') . ' ';
$error_msg .= get_cfg_var('upload_max_filesize') . ')';
if ($mainframe->isAdmin()) {
return $error_msg;
}
}
// Set up the view to redisplay the form with warnings
if ($update) {
require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'update' . DS . 'view.php';
$view = new AttachmentsViewUpdate();
$view->assign('update_file', $update_file);
$view->assign('attachment_id', $attachment_id);
} else {
require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'upload' . DS . 'view.php';
$view = new AttachmentsViewUpload();
}
$view->assign('save_url', JRoute::_("index.php?option=com_attachments&task=save&tmpl=component"));
$view->assign('filename', $filename);
$view->assign('article_id', $article_id);
$view->assign('article_title', AttachmentsHelper::get_article_title($article_id));
$view->assign('description', $row->description);
$view->assign('display_filename', $row->display_filename);
$view->assign('user_field_1', $row->user_field_1);
$view->assign('user_field_2', $row->user_field_2);
$view->assign('user_field_3', $row->user_field_3);
$view->assign('from', JRequest::getVar('from', ''));
$view->assign('Itemid', JRequest::getVar('Itemid', 1));
$view->assignRef('params', $params);
$view->display(null, $error, $error_msg, true);
exit;
}
// Make sure the file type is okay (respect restrictions imposed by media manager)
jimport('joomla.filesystem.file');
$cmparams =& JComponentHelper::getParams('com_media');
// First check to make sure the extension is allowed
$allowable = explode(',', $cmparams->get('upload_extensions'));
$ignored = explode(',', $cmparams->get('ignore_extensions'));
$format = strtolower(JFile::getExt($filename));
$error = false;
$error_msg = false;
if (!in_array($format, $allowable) && !in_array($format, $ignored)) {
$error = 'illegal_file_extension';
$error_msg = JText::_('ERROR UPLOADING FILE') . ': ' . $filename;
$error_msg .= "<br>" . JText::_('ERROR ILLEGAL FILE EXTENSION') . " {$format}";
$error_msg .= "<br>" . JText::_('ERROR CHANGE IN MEDIA MANAGER');
}
// Check to make sure the mime type is okay
if ($cmparams->get('restrict_uploads', true)) {
if ($cmparams->get('check_mime', true)) {
$allowed_mime = explode(',', $cmparams->get('upload_mime'));
$illegal_mime = explode(',', $cmparams->get('upload_mime_illegal'));
if (strlen($ftype) && !in_array($ftype, $allowed_mime) && in_array($ftype, $illegal_mime)) {
$error = 'illegal_mime_type';
$error_msg = JText::_('ERROR UPLOADING FILE') . ' ' . $filename;
$error_msg .= ', ' . JText::_('ERROR ILLEGAL FILE MIME TYPE') . " {$ftype}";
$error_msg .= " <br>" . JText::_('ERROR CHANGE IN MEDIA MANAGER');
}
}
}
// If there was an error, refresh the form with a warning
if ($error) {
if ($mainframe->isAdmin()) {
return $error_msg;
}
// Set up the view to redisplay the form with warnings
if ($update) {
require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'update' . DS . 'view.php';
$view = new AttachmentsViewUpdate();
$view->assign('update_file', JRequest::getVar('change', false));
$view->assign('attachment_id', $attachment_id);
} else {
require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'upload' . DS . 'view.php';
$view = new AttachmentsViewUpload();
}
$view->assign('save_url', JRoute::_("index.php?option=com_attachments&task=save&tmpl=component"));
$view->assign('filename', $filename);
$view->assign('article_id', $article_id);
$view->assign('article_title', AttachmentsHelper::get_article_title($article_id));
$view->assign('description', $row->description);
$view->assign('display_filename', $row->display_filename);
$view->assign('user_field_1', $row->user_field_1);
$view->assign('user_field_2', $row->user_field_2);
$view->assign('user_field_3', $row->user_field_3);
$view->assign('from', JRequest::getVar('from', ''));
$view->assign('Itemid', JRequest::getVar('Itemid', 1));
$view->assignRef('params', $params);
$view->display(null, $error, $error_msg, true);
exit;
}
// Define where the attachments go
$upload_url = $params->get('attachments_subdir', 'attachments');
$upload_dir = JPATH_SITE . DS . $upload_url;
// Figure out the system filename
$filename_sys = null;
$url = null;
$prepend = $params->get('prepend', 'article_id');
switch ($prepend) {
case 'article_id':
$prefix = sprintf("%03d_", $article_id);
$filename_sys = $upload_dir . DS . $prefix . $filename;
$url = $upload_url . "/" . $prefix . $filename;
break;
// NOTE: for attachment_id, save normally and make a second pass
// to rename the file after we know the attachment ID
// NOTE: for attachment_id, save normally and make a second pass
// to rename the file after we know the attachment ID
default:
$filename_sys = $upload_dir . DS . $filename;
$url = $upload_url . "/" . $filename;
}
// If not updating, make sure the system filename doesn't already exist
$error = false;
if (!$update && JFile::exists($filename_sys) && $prepend != 'attachment_id') {
$error = 'file_not_on_server';
$error_msg = JText::_('ERROR FILE ALREADY ON SERVER');
$error_msg .= " ({$filename})";
if ($mainframe->isAdmin()) {
return $error_msg;
}
// Set up the view to redisplay the form with warnings
require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'upload' . DS . 'view.php';
$view = new AttachmentsViewUpload();
$view->assign('filename', $filename);
$view->assign('save_url', JRoute::_("index.php?option=com_attachments&task=save&tmpl=component"));
$view->assign('article_id', $article_id);
$view->assign('article_title', AttachmentsHelper::get_article_title($article_id));
$view->assign('description', $row->description);
$view->assign('display_filename', $row->display_filename);
$view->assign('user_field_1', $row->user_field_1);
$view->assign('user_field_2', $row->user_field_2);
$view->assign('user_field_3', $row->user_field_3);
$view->assign('from', JRequest::getVar('from', ''));
$view->assign('Itemid', JRequest::getVar('Itemid', 1));
$view->assignRef('params', $params);
$view->display(null, $error, $error_msg, true);
exit;
}
// Get the maximum allowed filename length (for the filename display)
$max_filename_length = $params->get('max_filename_length', 0);
if (is_numeric($max_filename_length)) {
$max_filename_length = intval($max_filename_length);
} else {
$max_filename_length = 0;
}
// Create a display filename, if needed (for long filenames)
if ($max_filename_length > 0 and strlen($row->display_filename) == 0 and strlen($filename) > $max_filename_length) {
$row->display_filename = AttachmentsHelper::truncate_filename($filename, $max_filename_length);
}
// Copy the info about the uploaded file into the new record
$row->filename = $filename;
$row->filename_sys = $filename_sys;
$row->url = $url;
$row->file_type = $ftype;
$row->file_size = $_FILES['upload']['size'];
$row->published = $auto_publish;
// Set the create/modify dates
jimport('joomla.utilities.date');
$now = new JDate();
$row->create_date = $now->toMySQL();
$row->modification_date = $row->create_date;
// Add the icon file type
require_once JPATH_COMPONENT_SITE . DS . 'file_types.php';
$row->icon_filename = AttachmentsFileTypes::icon_filename($filename, $ftype);
// Save the updated attachment
if (!$row->store()) {
JError::raiseError(500, $row->getError());
}
// Get the upload id
$db =& JFactory::getDBO();
$attachment_id = $db->insertid();
// If we're prepending attachment IDs, fix the system filename and URL and
// update the attachment record (now that we know the attachment ID)
if ($prepend == 'attachment_id') {
$prefix = sprintf("%03d_", $attachment_id);
$filename_sys = $upload_dir . DS . $prefix . $filename;
$url = $upload_url . "/" . $prefix . $filename;
$row->id = $attachment_id;
$row->filename_sys = $filename_sys;
$row->url = $url;
$row->store();
}
// Move the file
$msg = "";
if (JFile::upload($_FILES['upload']['tmp_name'], $filename_sys)) {
$size = intval($row->file_size / 1024.0);
chmod($filename_sys, 0644);
if ($update) {
$msg = JText::_('UPDATED ATTACHMENT') . ' ' . $filename . " (" . $size . " Kb)!";
} else {
$msg = JText::_('UPLOADED ATTACHMENT') . ' ' . $filename . " (" . $size . " Kb)!";
}
} else {
$query = "DELETE FROM #__attachments WHERE id={$attachment_id}";
$db->setQuery($query);
$result = $db->query();
$msg = JText::_('ERROR MOVING FILE') . " {$_FILES['upload']['tmp_name']} -> {$filename_sys})";
}
// If we are updating, we may need to delete the old file
if ($update) {
if ($filename != $old_filename) {
JFile::delete($old_filename_sys);
}
}
return $msg;
}
/**
* Save the parameters
*/
public function save($key = null, $urlVar = null)
{
// Check for request forgeries.
JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));
$app = JFactory::getApplication();
// Get the old component parameters
jimport('joomla.application.component.helper');
$old_params = JComponentHelper::getParams('com_attachments');
$old_secure = JRequest::getInt('old_secure');
// Set FTP credentials, if given.
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
// Initialise variables.
$model = new ConfigModelComponent();
$form = $model->getForm();
$data = JRequest::getVar('jform', array(), 'post', 'array');
$id = JRequest::getInt('id');
$option = JRequest::getCmd('component');
// Get the new component parameters
$new_secure = $data['secure'];
// Check if the user is authorized to do this.
if (!JFactory::getUser()->authorise('core.admin', $option)) {
JFactory::getApplication()->redirect('index.php', JText::_('JERROR_ALERTNOAUTHOR'));
return;
}
// Validate the posted data.
$return = $model->validate($form, $data);
// Check for validation errors.
if ($return === false) {
// Get the validation messages.
$errors = $model->getErrors();
// Push up to three validation messages out to the user.
for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) {
if ($errors[$i] instanceof Exception) {
$app->enqueueMessage($errors[$i]->getMessage(), 'warning');
} else {
$app->enqueueMessage($errors[$i], 'warning');
}
}
// Save the data in the session.
$app->setUserState('com_config.config.global.data', $data);
// Redirect back to the edit screen.
$this->setRedirect(JRoute::_('index.php?option=com_attachments&task=params.edit', false));
return false;
}
// Attempt to save the configuration.
$data = array('params' => $return, 'id' => $id, 'option' => $option);
$return = $model->save($data);
// Check the return value.
if ($return === false) {
// Save the data in the session.
$app->setUserState('com_config.config.global.data', $data);
// Save failed, go back to the screen and display a notice.
$message = JText::sprintf('JERROR_SAVE_FAILED', $model->getError());
$this->setRedirect(JRoute::_('index.php?option=com_attachments&task=params.edit'), $message, 'error');
return false;
}
// Deal with any changes in the 'secure mode' (or upload directories)
if ($new_secure != $old_secure) {
// Check/update the security status
require_once JPATH_SITE . '/components/com_attachments/helper.php';
$attach_dir = JPATH_SITE . '/' . AttachmentsDefines::$ATTACHMENTS_SUBDIR;
AttachmentsHelper::setup_upload_directory($attach_dir, $new_secure == 1);
$msg = JText::_('ATTACH_UPDATED_ATTACHMENTS_PARAMETERS_AND_SECURITY_SETTINGS');
} else {
$msg = JText::_('ATTACH_UPDATED_ATTACHMENTS_PARAMETERS');
}
// Set the redirect based on the task.
switch ($this->getTask()) {
case 'apply':
$this->setRedirect('index.php?option=com_attachments&task=params.edit', $msg, 'message');
break;
case 'save':
default:
$this->setRedirect('index.php?option=com_attachments', $msg, 'message');
break;
}
return true;
}
/** Insert the attachments list into the content text (for front end)
*
* @param object &$content the text of the content item (eg, article text)
* @param int $parent_id the ID for the parent object
* @param string $parent_entity the type of entity for this parent type
*
* @return string the modified content text (false for failure)
*/
public function insertAttachmentsList(&$content, $parent_id, $parent_entity)
{
$aparams = $this->attachmentsParams();
// Get the desired placement
$attachments_placement = $aparams->get('attachments_placement', 'end');
if ($attachments_placement == 'disabled_nofilter') {
return false;
}
// Determine where we are
$from = JRequest::getCmd('view', 'closeme');
$Itemid = JRequest::getInt('Itemid', 1);
// See whether we can display the links to add attachments
$user_can_add = $this->userMayAddAttachment($parent_id, $parent_entity);
// Get the field name for the content item's text
$text_field_name = $this->getTextFieldName($content, $parent_entity);
if ($text_field_name === null) {
return false;
}
// Get the attachments tag, if present
$attachments_tag = '';
$attachments_tag_args = '';
$match = false;
if (JString::strpos($content->{$text_field_name}, '{attachments')) {
if (preg_match('@(<span class="hide_attachments_token">)?{attachments([ ]*:*[^}]+)?}(</span>)?@', $content->{$text_field_name}, $match)) {
$attachments_tag = true;
}
if (isset($match[1]) && $match[1]) {
$attachments_tag_args_raw = $match[1];
$attachments_tag_args = ltrim($attachments_tag_args_raw, ' :');
}
if ($attachments_tag) {
$attachments_tag = $match[0];
}
}
// Check the security status
$attach_dir = JPATH_SITE . '/' . AttachmentsDefines::$ATTACHMENTS_SUBDIR;
$secure = $aparams->get('secure', false);
$hta_filename = $attach_dir . '/ . htaccess';
if ($secure && !file_exists($hta_filename) || !$secure && file_exists($hta_filename)) {
AttachmentsHelper::setup_upload_directory($attach_dir, $secure);
}
// Construct the attachment list (if appropriate)
$html = '';
$attachments_list = false;
$add_attachement_btn = false;
// Get the html for the attachments list
require_once JPATH_SITE . '/components/com_attachments/controllers/attachments.php';
$controller = new AttachmentsControllerAttachments();
$attachments_list = $controller->displayString($parent_id, $this->parent_type, $parent_entity, null, true, true, false, $from);
// If the attachments list is empty, insert an empty div for it
if ($attachments_list == '') {
$class_name = $aparams->get('attachments_table_style', 'attachmentsList');
$div_id = 'attachmentsList' . '_' . $this->parent_type . '_' . $parent_entity . '_' . (string) $parent_id;
$attachments_list = "\n<div class=\"{$class_name}\" id=\"{$div_id}\"></div>\n";
}
$html .= $attachments_list;
if ($html || $user_can_add) {
// Add the style sheet
JHtml::stylesheet('com_attachments/attachments_list.css', array(), true);
// Handle RTL styling (if necessary)
$lang = JFactory::getLanguage();
if ($lang->isRTL()) {
JHtml::stylesheet('com_attachments/attachments_list_rtl.css', array(), true);
}
}
// Construct the add-attachments button, if appropriate
$hide_add_attachments_link = $aparams->get('hide_add_attachments_link', 0);
if ($user_can_add && !$hide_add_attachments_link) {
$add_attachments_btn = AttachmentsHelper::attachmentButtonsHTML($this->parent_type, $parent_id, $parent_entity, $Itemid, $from);
$html .= $add_attachments_btn;
}
// Wrap both list and the Add Attachments button in another div
if ($html) {
$html = "<div class=\"attachmentsContainer\">\n" . $html . "\n</div>";
}
// Finally, add the attachments
// NOTE: Hope str_replace() below is UTF8 safe (since the token being replaced is UTF8)...
switch ($attachments_placement) {
case 'beginning':
// Put the attachments list at the beginning
if ($attachments_list || $user_can_add) {
if ($attachments_tag) {
$content->{$text_field_name} = $html . $content->{$text_field_name};
} else {
$content->{$text_field_name} = $html . str_replace($attachments_tag, '', $content->{$text_field_name});
}
}
break;
case 'custom':
// Insert the attachments at the desired location
if ($attachments_list || $user_can_add) {
if ($attachments_tag) {
$content->{$text_field_name} = str_replace($attachments_tag, $html, $content->{$text_field_name});
} else {
// If there is no tag, insert the attachments at the end
$content->{$text_field_name} .= $html;
}
}
break;
case 'disabled_filter':
// Disable and strip out any attachments tags
if ($attachments_tag) {
$content->{$text_field_name} = str_replace($attachments_tag, '', $content->{$text_field_name});
}
break;
default:
// Add the attachments to the end
if ($attachments_list || $user_can_add) {
if ($attachments_tag) {
$content->{$text_field_name} = str_replace($attachments_tag, '', $content->{$text_field_name}) . $html;
} else {
$content->{$text_field_name} .= $html;
}
}
break;
}
return $content;
}
/**
* Construct and return the attachments list (as HTML)
*
* @param int $parent_id the id of the parent
* @param string $parent_type the type of the parent (usually $option)
* @param string $parent_entity the parent entity
* @param bool $user_can_add true if the user can add attachments to this parent
* @param int $Itemid the system item id (for menus)
* @param string $from a token indicating where to return to
* @param bool $show_file_links true if the files should be shown as links
* @param bool $allow_edit true if the user can edit/delete attachments for this parent
*
* @return the html as a string
*/
public static function attachmentsListHTML($parent_id, $parent_type, $parent_entity, $user_can_add, $Itemid, $from, $show_file_links = true, $allow_edit = true)
{
$app = JFactory::getApplication();
$user = JFactory::getUser();
$user_levels = implode(',', array_unique($user->getAuthorisedViewLevels()));
// Make sure there are some potentially accessible attachments for
// this parent before proceeding. Note that this check is not as
// careful as the check in the Attachments model which is used by
// the 'Attachments' view which is invoked below.
$alist = '';
$db = JFactory::getDBO();
$query = $db->getQuery(true);
$query->select('count(*)')->from('#__attachments');
$query->where('((parent_id=' . (int) $parent_id . ') OR (parent_id is NULL))' . ' AND parent_type=' . $db->quote($parent_type) . ' AND parent_entity=' . $db->quote($parent_entity));
if (!$user->authorise('core.admin')) {
$query->where('access in (' . $user_levels . ')');
}
$db->setQuery($query);
$total = $db->loadResult();
if ($db->getErrorNum()) {
$errmsg = $db->stderr() . ' (ERR 47)';
JError::raiseError(500, $errmsg);
}
// Generate the HTML for the attachments for the specified parent
if ($total > 0) {
// Get the component parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Check the security status
$attach_dir = JPATH_SITE . '/' . AttachmentsDefines::$ATTACHMENTS_SUBDIR;
$secure = $params->get('secure', false);
$hta_filename = $attach_dir . '/.htaccess';
if ($secure && !file_exists($hta_filename) || !$secure && file_exists($hta_filename)) {
require_once JPATH_SITE . '/components/com_attachments/helper.php';
AttachmentsHelper::setup_upload_directory($attach_dir, $secure);
}
if ($app->isAdmin()) {
// Get the html for the attachments list
require_once JPATH_ADMINISTRATOR . '/components/com_attachments/controllers/list.php';
$controller = new AttachmentsControllerList();
$alist = $controller->displayString($parent_id, $parent_type, $parent_entity, null, $show_file_links, $allow_edit, false, $from);
} else {
// Get the html for the attachments list
require_once JPATH_SITE . '/components/com_attachments/controllers/attachments.php';
$controller = new AttachmentsControllerAttachments();
$alist = $controller->displayString($parent_id, $parent_type, $parent_entity, null, $show_file_links, $allow_edit, false, $from);
}
}
return $alist;
}
function update()
{
require_once JPATH_COMPONENT_SITE . DS . 'helper.php';
// Call with: index.php?option=com_attachments&task=update&id=1&tmpl=component
// or: component/attachments/update/id/1/tmpl/component
// Make sure we have a valid attachment ID
$id = JRequest::getVar('id');
if (is_numeric($id)) {
$id = intval($id);
} else {
$errmsg = JText::_('ERROR INVALID ATTACHMENT ID') . " ({$id})";
JError::raiseError(500, $errmsg);
exit;
}
// Get the attachment record
$attachment =& JTable::getInstance('attachments', 'Table');
if (!$attachment->load($id)) {
$errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})";
JError::raiseError(500, $errmsg);
exit;
}
// Get the component parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Verify that this user may add attachments to this article
$user =& JFactory::getUser();
$article_id = $attachment->article_id;
$article_title = AttachmentsHelper::get_article_title($article_id);
require_once JPATH_COMPONENT_SITE . DS . 'permissions.php';
if (!AttachmentsPermissions::user_may_modify_attachment($user, $attachment, $article_id, $params)) {
$errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD');
JError::raiseError(500, $errmsg);
exit;
}
// Make sure the attachments directory exists
$upload_subdir = $params->get('attachments_subdir', 'attachments');
if ($upload_subdir == '') {
$upload_subdir = 'attachments';
}
$upload_dir = JPATH_BASE . DS . $upload_subdir;
$secure = $params->get('secure', false);
if (!AttachmentsHelper::setup_upload_directory($upload_dir, $secure)) {
$errmsg = JText::_('ERROR UNABLE TO SETUP UPLOAD DIR');
JError::raiseError(500, $errmsg);
}
// Set up the view
require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'update' . DS . 'view.php';
$view = new AttachmentsViewUpdate();
$view->assign('update_file', JRequest::getVar('change', false));
$view->assign('save_url', "index.php?option=com_attachments&task=save&tmpl=component");
$view->assign('attachment_id', $id);
$view->assign('article_id', $article_id);
$view->assign('article_title', $article_title);
$view->assign('filename', $attachment->filename);
$view->assign('description', $attachment->description);
$view->assign('display_filename', $attachment->display_filename);
$view->assign('user_field_1', $attachment->user_field_1);
$view->assign('user_field_2', $attachment->user_field_2);
$view->assign('user_field_3', $attachment->user_field_3);
$view->assign('from', JRequest::getVar('from', 'closeme'));
$view->assign('Itemid', JRequest::getVar('Itemid', 1));
$view->assignRef('params', $params);
$view->display(null, false, false, false);
}
