}
$datafile = new FileData($_REQUEST['id'], $pdo);
// verify
if ($datafile->getError() != null) {
header('Location:error.php?ec=2');
exit;
} else {
// obtain data from resultset
$owner_full_name = $datafile->getOwnerFullName();
$owner = $owner_full_name[1] . ', ' . $owner_full_name[0];
$real_name = $datafile->getRealName();
$category = $datafile->getCategoryName();
$created = $datafile->getCreatedDate();
$description = $datafile->getDescription();
$comments = $datafile->getComment();
$status = $datafile->getStatus();
$id = $_REQUEST['id'];
// corrections
if ($description == '') {
$description = msg('message_no_description_available');
}
if ($comments == '') {
$comments = msg('message_no_author_comments_available');
}
if ($datafile->isArchived()) {
$filename = $GLOBALS['CONFIG']['archiveDir'] . e::h($id) . '.dat';
} else {
$filename = $GLOBALS['CONFIG']['dataDir'] . e::h($id) . '.dat';
}
?>
<table border="0" width=80% cellspacing="4" cellpadding="1">
if ($file_mime == $thistype) {
$allowedFile = 1;
break;
} else {
$allowedFile = 0;
}
}
// illegal file type!
if ($allowedFile != 1) {
$last_message = 'MIMETYPE: ' . $file_mime . ' Failed';
header('Location:error.php?ec=13&last_message=' . urlencode($last_message));
exit;
}
// query to ensure that user has modify rights
$fileobj = new FileData($id, $GLOBALS['connection'], DB_NAME);
if ($fileobj->getError() == '' && $fileobj->getStatus() == $_SESSION['uid']) {
//look to see how many revision are there
$query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}log WHERE id = '{$id}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
$lrevision_num = mysql_num_rows($result);
// if dir not available, create it
if (!is_dir($GLOBALS['CONFIG']['revisionDir'])) {
if (!mkdir($GLOBALS['CONFIG']['revisionDir'], 0775)) {
$last_message = msg('message_directory_creation_failed') . ': ' . $GLOBALS['CONFIG']['revisionDir'];
header('Location:error.php?ec=23&last_message=' . urlencode($last_message));
exit;
}
}
if (!is_dir($GLOBALS['CONFIG']['revisionDir'] . $id)) {
if (!mkdir($GLOBALS['CONFIG']['revisionDir'] . $id, 0775)) {
$last_message = msg('message_directory_creation_failed') . ': ' . $GLOBALS['CONFIG']['revisionDir'] . $id;
callPluginMethod('onBeforeEditFileSaved');
$filedata->setId($fileId);
$perms_error = false;
// check submitted data
// at least one user must have "view" and "modify" rights
foreach ($_REQUEST['user_permission'] as $permission) {
if ($permission > 2) {
$perms_error = true;
}
}
if (!$perms_error) {
header("Location:error.php?ec=12");
exit;
}
// Check to make sure the file is available
$status = $filedata->getStatus($fileId);
if ($status != 0) {
header('Location:error.php?ec=2');
exit;
}
// update category
$filedata->setCategory($_REQUEST['category']);
$filedata->setDescription($_REQUEST['description']);
$filedata->setComment($_REQUEST['comment']);
if (isset($_REQUEST['file_owner'])) {
$filedata->setOwner($_REQUEST['file_owner']);
}
if (isset($_REQUEST['file_department'])) {
$filedata->setDepartment($_REQUEST['file_department']);
}
// Update the file with the new values
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
/* if the user has read-only authority on the file, his check out
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on
the server
*/
$fileobj = new FileData($_GET['id'], $GLOBALS['connection'], DB_NAME);
$fileobj->setId($_GET['id']);
if ($fileobj->getError() != NULL || $fileobj->getStatus() > 0 || $fileobj->isArchived()) {
header('Location:error.php?ec=2');
exit;
}
if (!isset($_GET['submit'])) {
draw_header(msg('area_check_out_file'), $last_message);
// form not yet submitted
// display information on how to initiate download
checkUserPermission($_REQUEST['id'], $fileobj->WRITE_RIGHT, $fileobj);
?>
<p>
<form action="<?php
echo $_SERVER['PHP_SELF'];
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
/* if the user has read-only authority on the file, his check out
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on
the server
*/
$file_data_obj = new FileData($_GET['id'], $pdo);
$file_data_obj->setId($_GET['id']);
if ($file_data_obj->getError() != null || $file_data_obj->getStatus() > 0 || $file_data_obj->isArchived()) {
header('Location:error.php?ec=2');
exit;
}
if (!isset($_GET['submit'])) {
draw_header(msg('area_check_out_file'), $last_message);
// form not yet submitted
// display information on how to initiate download
checkUserPermission($_REQUEST['id'], $file_data_obj->WRITE_RIGHT, $file_data_obj);
?>
<p>
<form action="<?php
echo $_SERVER['PHP_SELF'];
