You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// check for valid session
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
//Fb::log($_REQUEST);exit;
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
$secureurl = new phpsecureurl();
$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
if (!$user_obj->isAdmin()) {
header('Location:' . $secureurl->encode('error.php?ec=4'));
exit;
}
if (isset($_REQUEST['cancel']) and $_REQUEST['cancel'] != 'Cancel') {
draw_menu($_SESSION['uid']);
}
if (isset($_GET['submit']) && $_GET['submit'] == 'add') {
draw_header(msg('area_add_new_udf'), $last_message);
// Check to see if user is admin
?>
<form id="udfAddForm" action="udf.php?last_message=<?php
echo $last_message;
?>
" method="GET" enctype="multipart/form-data">
<table border="0" cellspacing="5" cellpadding="5">
<tr>
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
// includes
$secureurl = new phpsecureurl();
///////////////////////////////////////////////////////////////////////////
// Any person who is accessing this page, if they access their own account, then it's ok.
// If they are not accessing their own account, then they have to be an admin.
$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
// Make sure the item and uid are set, then check to make sure they are the same and they have admin privs, otherwise, user is not able to modify another users' info
if (isset($_SESSION['uid']) & isset($_GET['item'])) {
if ($_SESSION['uid'] != $_GET['item'] && $user_obj->isAdmin() != true) {
header('Location:' . $secureurl->encode('error.php?ec=4'));
exit;
}
}
$redirect = 'admin.php';
//If the user is not an admin and he/she is trying to access other account that
// is not his, error out.
if ($user_obj->isAdmin() == true) {
$mode = 'enabled';
} else {
$mode = 'disabled';
}
if ($mode == 'disabled' && isset($_GET['item']) && $_GET['item'] != $_SESSION['uid']) {
header('Location:' . $secureurl->encode('error.php?ec=4'));
exit;
}
if ($user_obj->isRoot()) {
echo '<th bgcolor ="#83a9f7"><font color="#FFFFFF">' . msg('file') . '</th></font>';
}
?>
<?php
if ($user_obj->isRoot()) {
udf_admin_header();
}
?>
<tr>
<td>
<!-- User Admin -->
<table border="0">
<tr>
<td><b><a href="<?php
echo $secureurl->encode('user.php?submit=adduser&state=' . ($_REQUEST['state'] + 1));
?>
"><?php
echo msg('label_add');
?>
</a></b></td>
</tr>
<tr>
<td><b><a href="<?php
echo $secureurl->encode('user.php?submit=deletepick&state=' . ($_REQUEST['state'] + 1));
?>
"><?php
echo msg('label_delete');
?>
</a></b></td>
</tr>
$file_under_review = $filedata->isPublishable() == -1 ? true : false;
$to_value = isset($reviewer_comments_fields[0]) ? substr($reviewer_comments_fields[0], 3) : '';
$subject_value = isset($reviewer_comments_fields[1]) ? substr($reviewer_comments_fields[1], 8) : '';
$comments_value = isset($reviewer_comments_fields[2]) ? substr($reviewer_comments_fields[2], 9) : '';
$file_detail = array('file_unlocked' => $file_unlocked, 'to_value' => $subject_value, 'subject_value' => $subject_value, 'comments_value' => $comments_value, 'realname' => $realname, 'category' => $category, 'filesize' => $filesize, 'created' => fix_date($created), 'owner_email' => $user_obj->getEmailAddress(), 'owner' => $owner, 'owner_fullname' => $owner_fullname, 'description' => wordwrap($description, 50, '<br />'), 'comment' => wordwrap($comment, 50, '<br />'), 'udf_details_display' => udf_details_display($lrequest_id), 'revision' => $revision, 'file_under_review' => $file_under_review, 'reviewer' => $reviewer, 'status' => $status);
if ($status > 0) {
// status != 0 -> file checked out to another user. status = uid of the check-out person
// query to find out who...
$checkout_person_obj = $filedata->getCheckerOBJ();
$fullname = $checkout_person_obj->getFullName();
$GLOBALS['smarty']->assign('checkout_person_full_name', $fullname);
$GLOBALS['smarty']->assign('checkout_person_email', $checkout_person_obj->getEmailAddress());
}
// Can they Read?
if ($userPermObj->getAuthority($_REQUEST['id'], $filedata) >= $userPermObj->READ_RIGHT) {
$view_link = $secureurl->encode("view_file.php?id={$full_requestId}" . '&state=' . ($_REQUEST['state'] + 1));
$GLOBALS['smarty']->assign('view_link', $view_link);
}
// Lets figure out which buttons to show
if ($status == 0 || $status == -1 && $filedata->isOwner($_SESSION['uid'])) {
// status = 0 -> file available for checkout
// check if user has modify rights
$query2 = "SELECT status FROM {$GLOBALS['CONFIG']['db_prefix']}data, {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE {$GLOBALS['CONFIG']['db_prefix']}user_perms.fid = '{$_REQUEST['id']}' AND {$GLOBALS['CONFIG']['db_prefix']}user_perms.uid = '{$_SESSION['uid']}' AND {$GLOBALS['CONFIG']['db_prefix']}user_perms.rights = '2' AND {$GLOBALS['CONFIG']['db_prefix']}data.status = '0' AND {$GLOBALS['CONFIG']['db_prefix']}data.id = {$GLOBALS['CONFIG']['db_prefix']}user_perms.fid";
$result2 = mysql_query($query2, $GLOBALS['connection']) or die("Error in query: {$query2}. " . mysql_error());
$user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
if ($user_perms->getAuthority($_REQUEST['id'], $filedata) >= $user_perms->WRITE_RIGHT && !isset($lrevision_id) && !$filedata->isArchived()) {
// if so, display link for checkout
$check_out_link = $secureurl->encode("check-out.php?id={$lrequest_id}" . '&state=' . ($_REQUEST['state'] + 1) . '&access_right=modify');
$GLOBALS['smarty']->assign('check_out_link', $check_out_link);
}
mysql_free_result($result2);
function udf_functions_add_udf()
{
if (empty($_REQUEST['table_name'])) {
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=' . msg('message_udf_cannot_be_blank')));
exit;
}
if (empty($_REQUEST['display_name'])) {
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=' . msg('message_udf_cannot_be_blank')));
exit;
}
$table_name = str_replace(' ', '', $GLOBALS['CONFIG']['db_prefix'] . 'udftbl_' . $_REQUEST['table_name']);
if (!preg_match('/^\\w+$/', $table_name)) {
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Invalid+Name+(A-Z 0-9 Only)'));
exit;
}
// Check for duplicate table name
$query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}udf WHERE table_name='{$table_name}'";
$result = mysql_query($query);
//echo mysql_num_rows($result);
if (mysql_numrows($result) == "0") {
if ($_REQUEST['field_type'] == 1 || $_REQUEST['field_type'] == 2) {
// They have chosen Select list of Radio list
//
// First we add a new column in the data table
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' int AFTER category';
$result = mysql_query($query);
if (!$result) {
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter'));
exit;
}
// Now we need to create a new table to store the UDF Info
$query = 'CREATE TABLE ' . $table_name . ' ( id int auto_increment unique, value varchar(64) )';
$result = mysql_query($query);
if (!$result) {
// If the CREATE fails, rollback the ALTER
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name;
$result = mysql_query($query);
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create'));
exit;
}
// And finally, add an entry into the udf table
$query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')';
$result = mysql_query($query);
if (!$result) {
// If the INSERT fails, rollback the CREATE and ALTER
$query = 'DROP TABLE ' . $table_name;
$result = mysql_query($query);
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name;
$result = mysql_query($query);
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT'));
exit;
}
} elseif ($_REQUEST['field_type'] == 4) {
// They have chosen Select list of Radio list
//
// First we add a new column in the data table
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . '_primary int AFTER category,
ADD COLUMN ' . $table_name . '_secondary int AFTER ' . $table_name . '_primary';
//$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' int AFTER category';
$result = mysql_query($query);
if (!$result) {
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter'));
exit;
}
// Now we need to create a new table to store the UDF Info
$query = 'CREATE TABLE ' . $table_name . '_primary ( id int auto_increment unique, value varchar(64) )';
$result = mysql_query($query);
if (!$result) {
// If the CREATE fails, rollback the ALTER
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary';
//$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary, DROP COLUMN ' . $table_name . '_secondary';
$result = mysql_query($query);
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create'));
exit;
}
$query = 'CREATE TABLE ' . $table_name . '_secondary ( id int auto_increment unique, value varchar(64), pr_id int )';
$result = mysql_query($query);
if (!$result) {
// If the CREATE fails, rollback the ALTER
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_secondary';
$result = mysql_query($query);
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Create'));
exit;
}
// And finally, add an entry into the udf table
$query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '_primary","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')';
$result = mysql_query($query);
if (!$result) {
// If the INSERT fails, rollback the CREATE and ALTER
$query = 'DROP TABLE ' . $table_name . '_primary';
$result = mysql_query($query);
$query = 'DROP TABLE ' . $table_name . '_secondary';
$result = mysql_query($query);
//$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name;
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name . '_primary, DROP COLUMN ' . $table_name . '_secondary';
$result = mysql_query($query);
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT'));
exit;
}
} elseif ($_REQUEST['field_type'] == 3) {
// The have chosen a text field
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data ADD COLUMN ' . $table_name . ' varchar(255) AFTER category';
$result = mysql_query($query);
if (!$result) {
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+Alter'));
exit;
}
$query = 'INSERT into ' . $GLOBALS['CONFIG']['db_prefix'] . 'udf (table_name,display_name,field_type) VALUES ("' . $table_name . '","' . $_REQUEST['display_name'] . '",' . $_REQUEST['field_type'] . ')';
$result = mysql_query($query);
if (!$result) {
// If the INSERT fails, rollback the ALTER
$query = 'ALTER TABLE ' . $GLOBALS['CONFIG']['db_prefix'] . 'data DROP COLUMN ' . $table_name;
$result = mysql_query($query);
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Problem+With+INSERT'));
exit;
}
}
} else {
$secureurl = new phpsecureurl();
header('Location: ' . $secureurl->encode('admin.php?last_message=Error+:+Duplicate+Table+Name'));
exit;
}
}
*/
// check for valid session
session_start();
// includes
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
$secureurl = new phpsecureurl();
$settings = new Settings();
//If the user is not an admin and he/she is trying to access other account that
// is not his, error out.
if (!$user_obj->isRoot() == true) {
header('Location:' . $secureurl->encode('error.php?ec=24'));
exit;
}
if (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'update') {
draw_header(msg('label_settings'), $last_message);
$settings->edit();
draw_footer();
} elseif (isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Save') {
draw_header(msg('label_settings'), $last_message);
// Clean up the datadir a bit to make sure it ends with slash
if (!empty($_POST['dataDir'])) {
if (substr($_POST['dataDir'], -1) != '/') {
$_POST['dataDir'] .= '/';
}
}
// Perform Input Validation
/**
* list_files - Display a list of files
* @return NULL
* @param array $fileid_array
* @param object $userperms_obj
* @param string $dataDir
* @param boolean $showCheckBox
* @param boolean $rejectpage
*/
function list_files($fileid_array, $userperms_obj, $dataDir, $showCheckBox = 'false', $rejectpage = 'false')
{
// print_r($fileid_array);exit;
$secureurl = new phpsecureurl();
if (sizeof($fileid_array) == 0 || !isset($fileid_array[0])) {
echo '<img src="images/exclamation.gif">' . msg('message_no_files_found') . "\n";
return -1;
}
foreach ($fileid_array as $fileid) {
$file_obj = new FileData($fileid, $GLOBALS['connection'], DB_NAME);
$userAccessLevel = $userperms_obj->getAuthority($fileid, $file_obj);
$description = $file_obj->getDescription();
if ($file_obj->getStatus() == 0 and $userAccessLevel >= $userperms_obj->VIEW_RIGHT) {
$lock = false;
} else {
$lock = true;
}
if ($description == '') {
$description = msg('message_no_description_available');
}
// set filename for filesize() call below
//$filename = $dataDir . $file_obj->getId() . '.dat';
// begin displaying file list with basic information
//$comment = $file_obj->getComment();
$created_date = fix_date($file_obj->getCreatedDate());
if ($file_obj->getModifiedDate()) {
$modified_date = fix_date($file_obj->getModifiedDate());
} else {
$modified_date = $created_date;
}
$full_name_array = $file_obj->getOwnerFullName();
$owner_name = $full_name_array[1] . ', ' . $full_name_array[0];
//$user_obj = new User($file_obj->getOwner(), $file_obj->connection, $file_obj->database);
$dept_name = $file_obj->getDeptName();
$realname = $file_obj->getRealname();
//$filesize = $file_obj->getFileSize();
//Get the file size in bytes.
$filesize = display_filesize($GLOBALS['CONFIG']['dataDir'] . $fileid . '.dat');
if ($userAccessLevel >= $userperms_obj->READ_RIGHT) {
$suffix = strtolower(substr($realname, strrpos($realname, ".") + 1));
$lmimetype = File::mime_by_ext($suffix);
$view_link = 'view_file.php?submit=view&id=' . urlencode($fileid) . '&mimetype=' . urlencode("{$lmimetype}");
} else {
$view_link = 'none';
}
$details_link = $secureurl->encode('details.php?id=' . $fileid . '&state=' . ($_REQUEST['state'] + 1));
$read = array($userperms_obj->READ_RIGHT, 'r');
$write = array($userperms_obj->WRITE_RIGHT, 'w');
$admin = array($userperms_obj->ADMIN_RIGHT, 'a');
$rights = array($read, $write, $admin);
$index_found = -1;
//$rights[max][0] = admin, $rights[max-1][0]=write, ..., $right[min][0]=view
//if $userright matches with $rights[max][0], then this user has all the rights of $rights[max][0]
//and everything below it.
for ($i = sizeof($rights) - 1; $i >= 0; $i--) {
if ($userAccessLevel == $rights[$i][0]) {
$index_found = $i;
$i = 0;
}
}
//Found the user right, now bold every below it. For those that matches, make them different.
for ($i = $index_found; $i >= 0; $i--) {
$rights[$i][1] = '<b>' . $rights[$i][1] . '</b>';
}
//For everything above it, blank out
for ($i = $index_found + 1; $i < sizeof($rights); $i++) {
$rights[$i][1] = '-';
}
$file_list_arr[] = array('id' => $fileid, 'view_link' => $view_link, 'details_link' => $details_link, 'filename' => $realname, 'description' => $description, 'rights' => $rights, 'created_date' => $created_date, 'modified_date' => $modified_date, 'owner_name' => $owner_name, 'dept_name' => $dept_name, 'filesize' => $filesize, 'lock' => $lock, 'showCheckbox' => $showCheckBox, 'rejectpage' => $rejectpage);
//print_r($file_list_arr);exit;
}
$limit_reached = false;
if (count($file_list_arr) >= $GLOBALS['CONFIG']['max_query']) {
$limit_reached = true;
}
$GLOBALS['smarty']->assign('limit_reached', $limit_reached);
$GLOBALS['smarty']->assign('showCheckBox', $showCheckBox);
//print_r($file_list_arr);exit;
$GLOBALS['smarty']->assign('file_list_arr', $file_list_arr);
//print_r($GLOBALS['smarty']);
// Call the plugin API
callPluginMethod('onBeforeListFiles', $file_list_arr);
display_smarty_template('out.tpl');
callPluginMethod('onAfterListFiles');
}
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('label_file_listing'), $last_message);
sort_browser();
$secureurl_obj = new phpsecureurl();
$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
if ($user_obj->isAdmin()) {
$reviewIdCount = sizeof($user_obj->getAllRevieweeIds());
} elseif ($user_obj->isReviewer()) {
$reviewIdCount = sizeof($user_obj->getRevieweeIds());
} else {
$reviewIdCount = 0;
}
if ($reviewIdCount > 0) {
echo '<img src="images/exclamation.gif" /> <a href="' . $secureurl_obj->encode('toBePublished.php?state=1') . '">' . msg('message_documents_waiting') . '</a>: ' . $reviewIdCount . '</a><br />';
}
$rejected_files_obj = $user_obj->getRejectedFileIds();
if (isset($rejected_files_obj[0]) && $rejected_files_obj[0] != null) {
echo '<img src="images/exclamation_red.gif" /> <a href="' . $secureurl_obj->encode('rejects.php?state=1') . '">' . msg('message_documents_rejected') . '</a>: ' . sizeof($rejected_files_obj) . '<br />';
}
$llen = $user_obj->getNumExpiredFiles();
if ($llen > 0) {
echo '<img src="images/exclamation_red.gif"><a href="javascript:window.location=\'search.php?submit=submit&sort_by=id&where=author_locked_files&sort_order=asc&keyword=-1&exact_phrase=on\'">' . msg('message_documents_expired') . ': ' . $llen . '</a><br />';
}
// get a list of documents the user has "view" permission for
// get current user's information-->department
//set values
$user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
//$start_P = getmicrotime();
$file_id_array = $user_perms->getViewableFileIds(true);
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// check for session and $_REQUEST['id']
session_start();
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
include 'udf_functions.php';
$secureurl = new phpsecureurl();
// open a connection to the database
$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
// Check to see if user is admin
if (!$user_obj->isAdmin()) {
header('Location:error.php?ec=4');
exit;
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
draw_header(msg('accesslogpage_access_log'), $last_message);
$query = "SELECT \n {$GLOBALS['CONFIG']['db_prefix']}access_log.*, \n {$GLOBALS['CONFIG']['db_prefix']}data.realname, \n {$GLOBALS['CONFIG']['db_prefix']}user.username\n FROM \n {$GLOBALS['CONFIG']['db_prefix']}access_log \n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}data ON {$GLOBALS['CONFIG']['db_prefix']}access_log.file_id={$GLOBALS['CONFIG']['db_prefix']}data.id\n INNER JOIN \n {$GLOBALS['CONFIG']['db_prefix']}user ON {$GLOBALS['CONFIG']['db_prefix']}access_log.user_id = {$GLOBALS['CONFIG']['db_prefix']}user.id\n ";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
$actions_array = array("A" => msg('accesslogpage_file_added'), "B" => msg('accesslogpage_reserved'), "C" => msg('accesslogpage_reserved'), "V" => msg('accesslogpage_file_viewed'), "D" => msg('accesslogpage_file_downloaded'), "M" => msg('accesslogpage_file_modified'), "I" => msg('accesslogpage_file_checked_in'), "O" => msg('accesslogpage_file_checked_out'), "X" => msg('accesslogpage_file_deleted'), "Y" => msg('accesslogpage_file_authorized'), "R" => msg('accesslogpage_file_rejected'));
$accesslog_array = array();
while ($row = mysql_fetch_array($result)) {
$details_link = $secureurl->encode('details.php?id=' . $row['file_id'] . '&state=' . ($_REQUEST['state'] + 1));
$accesslog_array[] = array('user_id' => $row['user_id'], 'file_id' => $row['file_id'], 'user_name' => $row['username'], 'realname' => $row['realname'], 'action' => $actions_array[$row['action']], 'details_link' => $details_link, 'timestamp' => $row['timestamp']);
}
$GLOBALS['smarty']->assign('accesslog_array', $accesslog_array);
display_smarty_template('access_log.tpl');
draw_footer();
<?php
/*
secureurl.php - provides integration to secure url class
Copyright (C) 2002, 2003, 2004 Stephen Lawrence Jr., Khoa Nguyen
Copyright (C) 2005-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
if ($GLOBALS['CONFIG']['secureurl'] == 'True' && (isset($_GET['id']) || isset($_GET['state']) || isset($_GET['id0']) || isset($_GET['where']) || isset($_GET['sort_order']) || isset($_GET['submit']))) {
$secureurl = new phpsecureurl();
header('Location:' . $secureurl->encode("{$_SERVER['SCRIPT_NAME']}?{$_SERVER['QUERY_STRING']}"));
exit;
} elseif (isset($_GET['aku'])) {
$secureurl = new phpsecureurl();
$secureurl->decode();
//echo 'dkakdkdk'.$_REQUEST['id'];
//echo("Location:$_SERVER[SCRIPT_NAME]?" . $_SERVER['QUERY_STRING']); exit;
}
*/
// check for valid session
session_start();
// includes
include 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
// Make sure user is admin
$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
$secureurl = new phpsecureurl();
//If the user is not an admin and he/she is trying to access other account that
// is not his, error out.
if (!$user_obj->isAdmin() == true) {
header('Location:' . $secureurl->encode('error.php?ec=4'));
exit;
}
/*
Add A New Department
*/
if (isset($_GET['submit']) && $_GET['submit'] == 'add') {
draw_header(msg('area_add_new_department'), $last_message);
?>
<form id="addDepartmentForm" action="department.php" method="POST" enctype="multipart/form-data">
<table border="0" cellspacing="5" cellpadding="5">
<tr>
<td>
<b><?php
echo msg('department');
