$owner = $owner_full_name[1] . ', ' . $owner_full_name[0];
$real_name = $datafile->getRealName();
$category = $datafile->getCategoryName();
$created = $datafile->getCreatedDate();
$description = $datafile->getDescription();
$comments = $datafile->getComment();
$status = $datafile->getStatus();
$id = $_REQUEST['id'];
// corrections
if ($description == '') {
$description = msg('message_no_description_available');
}
if ($comments == '') {
$comments = msg('message_no_author_comments_available');
}
if ($datafile->isArchived()) {
$filename = $GLOBALS['CONFIG']['archiveDir'] . e::h($id) . '.dat';
} else {
$filename = $GLOBALS['CONFIG']['dataDir'] . e::h($id) . '.dat';
}
?>
<table border="0" width=80% cellspacing="4" cellpadding="1">
<tr>
<td align="right">
<?php
// check file status, display appropriate icon
if ($status == 0) {
echo '<img src="images/file_unlocked.png" alt="" border=0 align="absmiddle">';
} else {
echo '<img src="images/file_locked.png" alt="" border=0 align="absmiddle">';
redirect_visitor();
}
include 'udf_functions.php';
require_once "AccessLog_class.php";
require_once "User_Perms_class.php";
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
$filedata = new FileData($_REQUEST['id'], $pdo);
if ($filedata->isArchived()) {
header('Location:error.php?ec=21');
}
// form not yet submitted, display initial form
if (!isset($_REQUEST['submit'])) {
draw_header(msg('area_update_file'), $last_message);
checkUserPermission($_REQUEST['id'], $filedata->ADMIN_RIGHT, $filedata);
$current_user_dept = $user_perms_obj->user_obj->getDeptId();
$data_id = $_REQUEST['id'];
// includes
$department_query = "SELECT department FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id=:user_id";
$department_stmt = $pdo->prepare($department_query);
$department_stmt->bindParam(':user_id', $_SESSION['uid']);
$department_stmt->execute();
$result = $department_stmt->fetchAll();
if ($department_stmt->rowCount() != 1) {
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
/* if the user has read-only authority on the file, his check out
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on
the server
*/
$fileobj = new FileData($_GET['id'], $GLOBALS['connection'], DB_NAME);
$fileobj->setId($_GET['id']);
if ($fileobj->getError() != NULL || $fileobj->getStatus() > 0 || $fileobj->isArchived()) {
header('Location:error.php?ec=2');
exit;
}
if (!isset($_GET['submit'])) {
draw_header(msg('area_check_out_file'), $last_message);
// form not yet submitted
// display information on how to initiate download
checkUserPermission($_REQUEST['id'], $fileobj->WRITE_RIGHT, $fileobj);
?>
<p>
<form action="<?php
echo $_SERVER['PHP_SELF'];
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
/* if the user has read-only authority on the file, his check out
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on
the server
*/
$file_data_obj = new FileData($_GET['id'], $pdo);
$file_data_obj->setId($_GET['id']);
if ($file_data_obj->getError() != null || $file_data_obj->getStatus() > 0 || $file_data_obj->isArchived()) {
header('Location:error.php?ec=2');
exit;
}
if (!isset($_GET['submit'])) {
draw_header(msg('area_check_out_file'), $last_message);
// form not yet submitted
// display information on how to initiate download
checkUserPermission($_REQUEST['id'], $file_data_obj->WRITE_RIGHT, $file_data_obj);
?>
<p>
<form action="<?php
echo $_SERVER['PHP_SELF'];
