echo '<td><font size="-1">' . e::h($revision) . e::h($extra_message);
}
?>
</font></td>
<td><font size="-1"><?php
echo fix_date($modified_on);
?>
</font></td>
<td><font size="-1"><?php
echo e::h($last_name) . ', ' . e::h($first_name);
?>
</font></td>
<td><font size="-1"><?php
echo e::h($note);
?>
</font></td>
</tr>
<?php
}
// clean up
?>
</table>
</td>
</tr>
</table>
<?php
// Call the plugin API
callPluginMethod('onAfterHistory', $datafile->getId());
draw_footer();
}
header('Location: error.php?ec=4');
exit;
}
$name = isset($_POST['name']) ? $_POST['name'] : '';
if ($name == '') {
$last_message = msg('departmentpage_department_name_required');
header('Location: admin.php?last_message=' . $last_message);
exit;
}
//Check to see if this department is already in DB
$query = "SELECT name FROM {$GLOBALS['CONFIG']['db_prefix']}department WHERE name = :name AND id != :id ";
$stmt = $pdo->prepare($query);
$stmt->execute(array(':id' => $_POST['id'], ':name' => $_POST['name']));
$result = $stmt->fetchAll();
if ($stmt->rowCount() != 0) {
header('Location: error.php?ec=3&last_message=' . $_POST['name'] . ' already exist in the database');
exit;
}
$query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}department SET name = :name WHERE id = :id";
$stmt = $pdo->prepare($query);
$stmt->execute(array(':id' => $_POST['id'], ':name' => $_POST['name']));
// back to main page
$last_message = urlencode(msg('message_department_successfully_updated') . ' - ' . htmlentities($name) . '- id=' . (int) $_POST['id']);
// Call the plugin API
callPluginMethod('onDepartmentModifySave', $_REQUEST);
header('Location: admin.php?last_message=' . $last_message);
} elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'Cancel') {
header('Location: admin.php?last_message=' . urlencode(msg('message_action_cancelled')));
} else {
header('Location: admin.php?last_message="' . urlencode(msg('message_nothing_to_do')));
}
if ($status == 0 || $status == -1 && $file_data_obj->isOwner($_SESSION['uid'])) {
// check if user has modify rights
$user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['pdo']);
if ($user_perms->getAuthority($request_id, $file_data_obj) >= $user_perms->WRITE_RIGHT && !isset($revision_id) && !$file_data_obj->isArchived()) {
// if so, display link for checkout
$check_out_link = "check-out.php?id={$request_id}" . '&state=' . ($state + 1) . '&access_right=modify';
$GLOBALS['smarty']->assign('check_out_link', $check_out_link);
}
if ($user_permission_obj->getAuthority($request_id, $file_data_obj) >= $user_permission_obj->ADMIN_RIGHT && !@isset($revision_id) && !$file_data_obj->isArchived()) {
// if user is also the owner of the file AND file is not checked out
// additional actions are available
$edit_link = "edit.php?id={$request_id}&state=" . ($state + 1);
$GLOBALS['smarty']->assign('edit_link', $edit_link);
}
}
////end if ($status == 0)
// ability to view revision history is always available
// put it outside the block
$history_link = "history.php?id={$request_id}&state=" . ($state + 1);
$comments_link = 'toBePublished.php?submit=comments&id=' . $request_id;
$my_delete_link = 'delete.php?mode=tmpdel&id0=' . $request_id;
$GLOBALS['smarty']->assign('history_link', $history_link);
$GLOBALS['smarty']->assign('comments_link', $comments_link);
$GLOBALS['smarty']->assign('my_delete_link', $my_delete_link);
// Call the plugin API
callPluginMethod('onDuringDetails', $file_data_obj->id);
$GLOBALS['smarty']->assign('file_detail', $file_detail_array);
display_smarty_template('details.tpl');
// Call the plugin API
callPluginMethod('onAfterDetails', $file_data_obj->id);
draw_footer();
/**
* list_files - Display a list of files
* @return NULL
* @param array $fileid_array
* @param object $userperms_obj
* @param string $dataDir
* @param boolean $showCheckBox
* @param boolean $rejectpage
*/
function list_files($fileid_array, $userperms_obj, $dataDir, $showCheckBox = false, $rejectpage = false)
{
global $pdo;
if (sizeof($fileid_array) == 0 || !isset($fileid_array[0])) {
echo '<img src="images/exclamation.gif">' . msg('message_no_files_found') . PHP_EOL;
return -1;
}
foreach ($fileid_array as $fileid) {
$file_obj = new FileData($fileid, $pdo);
$userAccessLevel = $userperms_obj->getAuthority($fileid, $file_obj);
$description = $file_obj->getDescription();
if ($file_obj->getStatus() == 0 and $userAccessLevel >= $userperms_obj->VIEW_RIGHT) {
$lock = false;
} else {
$lock = true;
}
if ($description == '') {
$description = msg('message_no_description_available');
}
$created_date = fix_date($file_obj->getCreatedDate());
if ($file_obj->getModifiedDate()) {
$modified_date = fix_date($file_obj->getModifiedDate());
} else {
$modified_date = $created_date;
}
$full_name_array = $file_obj->getOwnerFullName();
$owner_name = $full_name_array[1] . ', ' . $full_name_array[0];
$dept_name = $file_obj->getDeptName();
$realname = $file_obj->getRealname();
//Get the file size in bytes.
$filesize = display_filesize($dataDir . $fileid . '.dat');
if ($userAccessLevel >= $userperms_obj->READ_RIGHT) {
$suffix = strtolower(substr($realname, strrpos($realname, ".") + 1));
$mimetype = File::mime_by_ext($suffix);
$view_link = 'view_file.php?submit=view&id=' . urlencode(e::h($fileid)) . '&mimetype=' . urlencode("{$mimetype}");
} else {
$view_link = 'none';
}
$details_link = 'details.php?id=' . e::h($fileid) . '&state=' . e::h($_REQUEST['state'] + 1);
$read = array($userperms_obj->READ_RIGHT, 'r');
$write = array($userperms_obj->WRITE_RIGHT, 'w');
$admin = array($userperms_obj->ADMIN_RIGHT, 'a');
$rights = array($read, $write, $admin);
$index_found = -1;
//$rights[max][0] = admin, $rights[max-1][0]=write, ..., $right[min][0]=view
//if $userright matches with $rights[max][0], then this user has all the rights of $rights[max][0]
//and everything below it.
for ($i = sizeof($rights) - 1; $i >= 0; $i--) {
if ($userAccessLevel == $rights[$i][0]) {
$index_found = $i;
$i = 0;
}
}
//Found the user right, now bold every below it. For those that matches, make them different.
//For everything above it, blank out
for ($i = $index_found + 1; $i < sizeof($rights); $i++) {
$rights[$i][1] = '-';
}
$file_list_arr[] = array('id' => $fileid, 'view_link' => $view_link, 'details_link' => $details_link, 'filename' => $realname, 'description' => $description, 'rights' => $rights, 'created_date' => $created_date, 'modified_date' => $modified_date, 'owner_name' => $owner_name, 'dept_name' => $dept_name, 'filesize' => $filesize, 'lock' => $lock, 'showCheckbox' => $showCheckBox, 'rejectpage' => $rejectpage);
//print_r($file_list_arr);exit;
}
$limit_reached = false;
if (count($file_list_arr) >= $GLOBALS['CONFIG']['max_query']) {
$limit_reached = true;
}
$GLOBALS['smarty']->assign('limit_reached', $limit_reached);
$GLOBALS['smarty']->assign('showCheckBox', $showCheckBox);
//print_r($file_list_arr);exit;
$GLOBALS['smarty']->assign('file_list_arr', $file_list_arr);
//print_r($GLOBALS['smarty']);
// Call the plugin API
callPluginMethod('onBeforeListFiles', $file_list_arr);
display_smarty_template('out.tpl');
callPluginMethod('onAfterListFiles');
}
exit;
} else {
// all checks completed
/* to avoid problems with some browsers,
download script should not include parameters on the URL
so let's use a form and pass the parameters via POST
*/
// form not yet submitted
// display information on how to initiate download
if (!isset($submit)) {
draw_header('View File', $last_message);
$GLOBALS['smarty']->assign('file_id', $filedata->getId());
display_smarty_template('view.tpl');
draw_footer();
} else {
$id = $filedata->getId();
$realname = $filedata->getName();
// get the filename
$filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat';
if (file_exists($filename)) {
// send headers to browser to initiate file download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . rawurlencode($realname));
readfile($filename);
// Call the plugin API
callPluginMethod('onViewFile');
} else {
echo 'File not readable...';
}
}
}
$mail_subject = msg('message_account_created_add_user');
$mail_greeting = $new_user_full_name . ":\n\r\t" . msg('email_i_would_like_to_inform');
$mail_body = msg('email_your_account_created') . ' ' . $date . '. ' . msg('email_you_can_now_login') . ':' . "\n\r";
$mail_body .= $GLOBALS['CONFIG']['base_url'] . "\n\n";
$mail_body .= msg('username') . ': ' . $new_user_obj->getName() . "\n\n";
if ($GLOBALS['CONFIG']['authen'] == 'mysql') {
$mail_body .= msg('password') . ': ' . $_POST['password'] . "\n\n";
}
$mail_salute = "\n\r" . msg('email_salute') . ",\n\r{$full_name}";
$mail_to = $new_user_obj->getEmailAddress();
if ($GLOBALS['CONFIG']['demo'] == 'False') {
mail($mail_to, $mail_subject, $mail_greeting . ' ' . $mail_body . $mail_salute, $mail_headers);
}
$last_message = urlencode(msg('message_user_successfully_added'));
// Call the plugin API call for this section
callPluginMethod('onAfterAddUser');
header('Location: ' . $secureurl->encode('admin.php?last_message=' . $last_message));
}
} elseif (isset($_POST['submit']) && 'Delete User' == $_POST['submit']) {
// Make sure they are an admin
if (!$user_obj->isAdmin()) {
header('Location:' . $secureurl->encode('error.php?ec=4'));
exit;
}
// form has been submitted -> process data
// DELETE admin info
$query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}admin WHERE id = '{$_POST['id']}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
// DELETE user info
$query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id = '{$_POST['id']}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
</TD>
</TR>
<TR>
<TD align="left">
<IMG src="/images/white_dot.gif" height="8"><BR>
<FONT face="ARIAL" color="#000000" size="-1">OpenDocMan, and other campus web systems, use a cookie to store your credentials for access. This cookie is kept only in your computers memory and not saved to disk for security purposes. In order to remove this cookie from memory you must completely exit your browser. The LOGOUT button below will close the current browser window, but this may not exit your browser software completely.
<P>
<B>Macintosh Users:</B> Choose 'Quit' from the 'File' menu to be sure the browser is completely exited. <P>
<B>PC/Windows Users:</B> Close off all browser windows by clicking the 'X' icon in the upper right of the window. Be sure all browser windows are closed.
<P>
</font>
<P>
<FORM NAME="CM">
<FONT face="ARIAL" color="#000000" size="-2"> <INPUT TYPE="BUTTON" VALUE="LOGOUT" Onclick="top.close();"></font>
<FONT face="ARIAL" color="#000000" size="-2"> </font>
</TD>
</TR>
<TR><TD>
</TD>
</TR>
</TABLE>
</FORM>
<?php
draw_footer();
} else {
session_start();
unset($_SESSION['uid']);
// Call the plugin API
callPluginMethod('onAfterLogout');
header('Location:index.php');
}
</table>
</td>
</tr>
<?php
}
?>
</table>
<?php
if (is_array($GLOBALS['plugin']->getPluginsList()) && $user_obj->isRoot()) {
?>
<table border="1" cellspacing="5" cellpadding="5" >
<th bgcolor ="#83a9f7"><font color="#FFFFFF"><?php
echo msg('label_plugins');
?>
</font></th>
<tr>
<td>
<?php
//Perform the admin loop section to add plugin menu items
callPluginMethod('onAdminMenu');
?>
</td>
</tr>
</table>
<?php
}
?>
<?php
draw_footer();
if (count($result) == 1) {
// register the user's ID
$id = $result[0]['id'];
$username = $result['username'];
$password = $result['password'];
// initiate a session
$_SESSION['uid'] = $id;
// Run the plugin API
callPluginMethod('onAfterLogin');
// redirect to main page
if (isset($_REQUEST['redirection'])) {
redirect_visitor($_REQUEST['redirection']);
} else {
redirect_visitor('out.php');
}
// close connection
} else {
// Login Failed
// redirect to error page
// Call the plugin API
callPluginMethod('onFailedLogin');
header('Location: error.php?ec=0');
}
} elseif (!isset($_POST['login']) && $GLOBALS['CONFIG']['authen'] == 'mysql') {
$redirection = isset($_REQUEST['redirection']) ? $_REQUEST['redirection'] : '';
$GLOBALS['smarty']->assign('redirection', $redirection);
display_smarty_template('login.tpl');
} else {
echo 'Check your config';
}
draw_footer();
if (strchr($id, '_')) {
header('Location:error.php?ec=20');
}
if ($userperm_obj->canAdmin($id)) {
$file_obj = new FileData($id, $pdo);
$file_obj->temp_delete();
fmove($GLOBALS['CONFIG']['dataDir'] . $id . '.dat', $GLOBALS['CONFIG']['archiveDir'] . $id . '.dat');
}
AccessLog::addLogEntry($_REQUEST['id' . $i], 'X', $pdo);
}
}
// delete from directory
// clean up and back to main page
$last_message = msg('message_document_has_been_archived');
// Call the plugin API call for this section
callPluginMethod('onAfterArchiveFile');
header('Location: out.php?last_message=' . urlencode($last_message));
} elseif (isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'view_del_archive') {
//publishable=2 for archive deletion
$query = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE publishable=2";
$stmt = $pdo->prepare($query);
$stmt->execute();
$result = $stmt->fetchAll();
$array_id = array();
$i = 0;
foreach ($result as $row) {
$array_id[$i] = $row['id'];
$i++;
}
$luserperm_obj = new UserPermission($_SESSION['uid'], $pdo);
draw_header(msg('area_deleted_files'), $last_message);
$full_name = $get_full_name[0] . ' ' . $get_full_name[1];
$from = $user_obj->getEmailAddress();
$department = $file_obj->getDepartment();
$reviewer_obj = new Reviewer($fileId, $pdo);
$reviewer_list = $reviewer_obj->getReviewersForDepartment($department);
$date = date('Y-m-d H:i:s T');
// Build email for general notices
$mail_subject = msg('addpage_new_file_added');
$mail_body2 = msg('email_a_new_file_has_been_added') . PHP_EOL . PHP_EOL;
$mail_body2 .= msg('label_filename') . ': ' . $file_obj->getName() . PHP_EOL . PHP_EOL;
$mail_body2 .= msg('label_status') . ': ' . msg('addpage_new') . PHP_EOL . PHP_EOL;
$mail_body2 .= msg('date') . ': ' . $date . PHP_EOL . PHP_EOL;
$mail_body2 .= msg('addpage_uploader') . ': ' . $full_name . PHP_EOL . PHP_EOL;
$mail_body2 .= msg('email_thank_you') . ',' . PHP_EOL . PHP_EOL;
$mail_body2 .= msg('email_automated_document_messenger') . PHP_EOL . PHP_EOL;
$mail_body2 .= $GLOBALS['CONFIG']['base_url'] . PHP_EOL . PHP_EOL;
$email_obj = new Email();
$email_obj->setFullName($full_name);
$email_obj->setSubject($mail_subject);
$email_obj->setFrom($from);
$email_obj->setRecipients($reviewer_list);
$email_obj->setBody($mail_body2);
$email_obj->sendEmail();
//email_users_id($mail_from, $reviewer_list, $mail_subject, $mail_body2, $mail_headers);
// Call the plugin API
callPluginMethod('onAfterAdd', $fileId);
}
header('Location: details.php?id=' . $fileId . '&last_message=' . $message);
exit;
}
draw_footer();
$del_dept_perms_query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}dept_perms WHERE fid = :file_id";
$del_dept_perms_stmt = $pdo->prepare($del_dept_perms_query);
$del_dept_perms_stmt->bindParam(':file_id', $fileId);
$del_dept_perms_stmt->execute();
$result_array = array();
// init;
foreach ($_REQUEST['user_permission'] as $user_id => $permission) {
$insert_user_perms_query = "\n INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user_perms \n (\n fid, \n uid, \n rights\n ) VALUES(\n :file_id, \n :user_id, \n :permission\n )";
//echo $query."<br>";
$insert_user_perms_stmt = $pdo->prepare($insert_user_perms_query);
$insert_user_perms_stmt->bindParam(':file_id', $fileId);
$insert_user_perms_stmt->bindParam(':user_id', $user_id);
$insert_user_perms_stmt->bindParam(':permission', $permission);
$insert_user_perms_stmt->execute();
}
//UPDATE Department Rights into dept_perms
foreach ($_POST['department_permission'] as $dept_id => $dept_perm) {
$update_dept_perms_query = "\n INSERT INTO\n {$GLOBALS['CONFIG']['db_prefix']}dept_perms\n (\n fid,\n dept_id,\n rights\n )\n VALUES\n (\n :file_id,\n :dept_id,\n :dept_perm\n )\n ";
$update_dept_perms_stmt = $pdo->prepare($update_dept_perms_query);
$update_dept_perms_stmt->bindParam(':dept_perm', $dept_perm);
$update_dept_perms_stmt->bindParam(':dept_id', $dept_id);
$update_dept_perms_stmt->bindParam(':file_id', $filedata->getId());
$update_dept_perms_stmt->execute();
}
$message = 'Document successfully updated';
AccessLog::addLogEntry($fileId, 'M', $pdo);
// Call the plugin API
callPluginMethod('onAfterEditFile', $fileId);
header('Location: details.php?id=' . $fileId . '&last_message=' . urlencode($message));
}
draw_footer();
$result2 = mysql_query($query2, $GLOBALS['connection']) or die("Error in query: {$query2}. " . mysql_error());
$user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
if ($user_perms->getAuthority($_REQUEST['id'], $filedata) >= $user_perms->WRITE_RIGHT && !isset($lrevision_id) && !$filedata->isArchived()) {
// if so, display link for checkout
$check_out_link = $secureurl->encode("check-out.php?id={$lrequest_id}" . '&state=' . ($_REQUEST['state'] + 1) . '&access_right=modify');
$GLOBALS['smarty']->assign('check_out_link', $check_out_link);
}
mysql_free_result($result2);
if ($userPermObj->getAuthority($_REQUEST['id'], $filedata) >= $userPermObj->ADMIN_RIGHT && !@isset($lrevision_id) && !$filedata->isArchived()) {
// if user is also the owner of the file AND file is not checked out
// additional actions are available
$edit_link = $secureurl->encode("edit.php?id={$_REQUEST['id']}&state=" . ($_REQUEST['state'] + 1));
$GLOBALS['smarty']->assign('edit_link', $edit_link);
}
}
////end if ($status == 0)
// ability to view revision history is always available
// put it outside the block
$history_link = $secureurl->encode("history.php?id={$lrequest_id}&state=" . ($_REQUEST['state'] + 1));
$comments_link = $secureurl->encode('toBePublished.php?submit=comments&id=' . $_REQUEST['id']);
$my_delete_link = $secureurl->encode('delete.php?mode=tmpdel&id0=' . $_REQUEST['id']);
$GLOBALS['smarty']->assign('history_link', $history_link);
$GLOBALS['smarty']->assign('comments_link', $comments_link);
$GLOBALS['smarty']->assign('my_delete_link', $my_delete_link);
// Call the plugin API
callPluginMethod('onDuringDetails', $filedata->id);
$GLOBALS['smarty']->assign('file_detail', $file_detail);
display_smarty_template('details.tpl');
// Call the plugin API
callPluginMethod('onAfterDetails', $filedata->id);
draw_footer();
$id_array = array();
foreach ($result as $row) {
$id_array[$index++] = $row['id'];
$index++;
}
if (@$remain != '' && $exact_phrase != "on") {
return array_values(array_unique(array_merge($id_array, search($where, substr($remain, 1), $exact_phrase, $case_sensitivity, $search_array))));
}
return array_values(array_intersect($id_array, $search_array));
}
$current_user = new User($_SESSION['uid'], $pdo);
$user_perms = new User_Perms($_SESSION['uid'], $pdo);
$current_user_permission = new UserPermission($_SESSION['uid'], $pdo);
//$s_getFTime = getmicrotime();
if ($_GET['where'] == 'author_locked_files') {
$view_able_files_id = $current_user->getExpiredFileIds();
} else {
$view_able_files_id = $current_user_permission->getViewableFileIds(false);
}
//$e_getFTime = getmicrotime();
$id_array_len = sizeof($view_able_files_id);
$query_array = array();
$search_result = search(@$_GET['where'], @$_GET['keyword'], @$_GET['exact_phrase'], @$_GET['case_sensitivity'], $view_able_files_id);
// Call the plugin API
callPluginMethod('onSearch');
list_files($search_result, $current_user_permission, $GLOBALS['CONFIG']['dataDir'], false, false);
echo '<br />';
draw_footer();
//echo '<br> <b> Load Page Time: ' . (getmicrotime() - $start_time) . ' </b>';
//echo '<br> <b> Load Permission Time: ' . ($e_getFTime - $s_getFTime) . ' </b>';
}
