Exemplo n.º 1
0
 static function delete_items($folder, $view, $items, $mode = "delete")
 {
     if (empty($folder) or empty($view) or !is_array($items) or $mode == "") {
         return;
     }
     $sgsml = new sgsml($folder, $view, $items);
     $tname = $sgsml->tname;
     $handler = $sgsml->handler;
     if (!isset($sgsml->buttons[$mode]) or $mode == "delete" and count($items) == 0) {
         return;
     }
     if ($mode == "empty") {
         $sgsml->where = array("folder in (@folders@)");
     }
     if ($mode == "purgeall") {
         $sgsml->where = array();
     }
     if (in_array($mode, array("purge", "purgeall"))) {
         $delete = true;
     } else {
         $delete = false;
     }
     if (folder_in_trash($folder)) {
         $delete = true;
     }
     if ($handler == "") {
         $file_fields = $sgsml->get_fields_by_type("files");
     } else {
         $file_fields = array();
     }
     if (!empty($sgsml->att["TRIGGER_DELETE"])) {
         $fields = array("*");
     } else {
         if (isset($sgsml->fields["notification"])) {
             $fields = array("id", "folder", "notification");
             foreach ($sgsml->fields as $key => $field) {
                 if (isset($field["REQUIRED"]) and $field["SIMPLE_TYPE"] != "files" and !in_array($key, $fields)) {
                     $fields[] = $key;
                 }
             }
         } else {
             $fields = array("id");
         }
         $fields = array_unique(array_merge($fields, $file_fields));
     }
     $rows = $sgsml->get_rows($fields);
     if (!is_array($rows) or count($rows) == 0 or count($rows) < count($items)) {
         exit("{t}Item(s) not found or access denied.{/t}");
     }
     if ($delete) {
         foreach ($rows as $row) {
             foreach ($file_fields as $field) {
                 $files = explode("|", $row[$field]);
                 sys_unlink($files);
             }
             $data = array("id" => $row["id"], "folder" => $folder);
             db_delete($tname, array("id=@id@"), $data, array("handler" => $handler));
         }
     } else {
         $trash = db_select_value("simple_sys_tree", "id", "anchor=@anchor@", array("anchor" => "trash"));
         if (empty($trash)) {
             exit("{t}Error{/t}: {t}Trash folder not found.{/t}");
         }
         foreach ($rows as $row) {
             $id = folders::create(sys_date("{t}m/d/Y{/t}"), "blank", "", $trash, true);
             $tid = folders::create($sgsml->att["MODULENAME"], str_replace("simple_", "", $tname), "", $id, true);
             $data = array("folder" => $tid, "history" => sprintf("{t}Item deleted by %s at %s{/t}\n", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}")));
             db_update($tname, $data, array("id=@id@"), array("id" => $row["id"]), array("handler" => $handler));
             db_update_treesize($tname, $tid);
             if (!isset($row["notification"])) {
                 $row["notification"] = "";
             }
             $tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $folder));
             if ($tree_notification) {
                 $row["notification"] .= "," . $tree_notification;
             }
             if (!empty($row["notification"])) {
                 $smtp_data = self::build_notification($tname, $sgsml->fields, $row, $data, $id);
                 asset_process_trigger("sendmail", $row["id"], $smtp_data);
             }
             if (!empty($sgsml->att["TRIGGER_DELETE"])) {
                 asset_process_trigger($sgsml->att["TRIGGER_DELETE"], $row["id"], $row, $tname);
             }
             db_update("simple_sys_tree", array("history" => "[" . $row["id"] . "/details] " . $data["history"]), array("id=@id@"), array("id" => $folder));
             db_search_delete($tname, $row["id"], $folder);
             db_notification_delete($tname, $row["id"]);
         }
     }
     db_update_treesize($tname, $folder);
     sys_log_stat("deleted_records", count($rows));
 }
Exemplo n.º 2
0
 private static function _import_delete($folder, $id, $tname, $module)
 {
     $where = array("folder=@folder@");
     if ($id[0] == "_") {
         $where[] = "id=@id@";
     } else {
         $where[] = "syncid=@id@";
     }
     $row_id = db_select_value($tname, "id", $where, array("id" => trim($id, "_"), "folder" => $folder));
     if (!empty($row_id)) {
         $trash = db_select_value("simple_sys_tree", "id", "anchor=@anchor@", array("anchor" => "trash"));
         if (empty($trash)) {
             sys_warning("{t}Error{/t}: {t}Trash folder not found.{/t}");
             return;
         }
         $id = folders::create(sys_date("{t}m/d/Y{/t}"), "blank", "", $trash, true);
         $id2 = folders::create($module, str_replace("simple_", "", $tname), "", $id, true);
         $data = array("folder" => $id2, "history" => sprintf("{t}Item deleted by %s at %s{/t}\n", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}")));
         db_update($tname, $data, array("id=@id@"), array("id" => $row_id));
         db_update_treesize($tname, $folder);
         db_search_delete($tname, $row_id, $folder);
         sys_log_stat("deleted_records", 1);
     }
 }
Exemplo n.º 3
0
 static function process_login($username, $password = "")
 {
     $id = session_id();
     if (!APC_SESSION and $id and (empty($_SESSION["username"]) or $_SESSION["username"] != $username)) {
         $row = db_select_first("simple_sys_session", array("id", "data", "expiry"), "username=@username@", "lastmodified desc", array("username" => $username));
         if (!empty($row["id"])) {
             $_SESSION = array();
             session_decode(rawurldecode($row["data"]));
             if ($row["expiry"] < NOW) {
                 db_delete("simple_sys_session", array("id=@id@"), array("id" => $row["id"]));
             }
         }
         if (!db_count("simple_sys_session", array("id=@id@"), array("id" => $id))) {
             db_insert("simple_sys_session", array("expiry" => NOW + LOGIN_TIMEOUT, "id" => $id));
         }
     }
     $_SESSION["username"] = $username;
     if ($password != "") {
         $_SESSION["password"] = sys_encrypt($password, $id);
     }
     if (!isset($_SESSION["history"])) {
         $_SESSION["history"] = array();
     }
     $_SESSION["groups"] = array();
     $_SESSION["folder_states"] = array();
     $base = dirname($_SERVER["SCRIPT_FILENAME"]) . "/";
     if (sys_is_super_admin($_SESSION["username"])) {
         $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_STORE . "/home/", $base . SIMPLE_CACHE . "/debug/", $base . SIMPLE_STORE . "/trash/", $base . SIMPLE_CACHE . "/preview/", $base . SIMPLE_STORE . "/backup/");
     } else {
         $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_STORE . "/home/" . $_SESSION["username"] . "/", $base . SIMPLE_CACHE . "/preview/");
     }
     foreach (explode(",", SIMPLE_IMPORT) as $folder) {
         if ($folder == "" or !is_dir($folder)) {
             continue;
         }
         if ($folder[0] != "/" and !strpos($folder, ":")) {
             $folder = $base . $folder;
         }
         $_SESSION["ALLOWED_PATH"][] = rtrim(str_replace("\\", "/", $folder), "/") . "/";
     }
     // TODO2 put in extra function and configure it with setup to fetch groups from somewhere else
     if (sys_is_super_admin($_SESSION["username"])) {
         $_SESSION["permission_sql"] = "1=1";
         $_SESSION["permission_sql_exception"] = "1=0";
         $_SESSION["disabled_modules"] = array();
     } else {
         $_SESSION["permission_sql"] = sql_regexp("r@right@_users", array($username, "anonymous"));
         $_SESSION["permission_sql_exception"] = "(rexception_users!='' and " . sql_regexp("rexception_users", array($username, "anonymous"), "|@view@:@right@:%s|") . ")";
         $_SESSION["disabled_modules"] = array_flip(explode("|", DISABLED_MODULES));
         $rows = db_select("simple_sys_groups", "groupname", array("activated=1", "members like @username_sql@"), "", "", array("username_sql" => "%|" . $username . "|%"));
         if (is_array($rows) and count($rows) > 0) {
             foreach ($rows as $val) {
                 $_SESSION["groups"][] = $val["groupname"];
             }
             $_SESSION["permission_sql"] = "(" . $_SESSION["permission_sql"] . " or " . sql_regexp("r@right@_groups", $_SESSION["groups"]) . ")";
             $_SESSION["permission_sql_exception"] = "(" . $_SESSION["permission_sql_exception"] . " or (rexception_groups!='' and " . sql_regexp("rexception_groups", $_SESSION["groups"], "|@view@:@right@:%s|") . "))";
         }
     }
     $_SESSION["permission_sql_read"] = str_replace("@right@", "read", $_SESSION["permission_sql"]);
     $_SESSION["permission_sql_write"] = str_replace("@right@", "write", $_SESSION["permission_sql"]);
     $_SESSION["ip"] = _login_get_remoteaddr();
     $_SESSION["tickets"] = array("templates" => array("dbselect", "simple_templates", array("tplcontent", "tplname"), array("tplname like @search@"), "tplname asc"));
     $_SESSION["treevisible"] = true;
     $row = db_select_first("simple_sys_users", "*", "username=@username@", "", array("username" => $username));
     if (!empty($row["cal_day_begin"])) {
         $_SESSION["day_begin"] = sys_date("G", $row["cal_day_begin"] - 1) * 3600;
         $_SESSION["day_end"] = sys_date("G", $row["cal_day_end"]) * 3600;
     } else {
         $_SESSION["day_begin"] = 25200;
         // 7:00 = 7*3600
         $_SESSION["day_end"] = 64800;
         // 18:00 = 18*3600
     }
     if (!empty($row["enabled_modules"])) {
         $row["enabled_modules"] = array_flip(explode("|", trim($row["enabled_modules"], "|")));
         $_SESSION["disabled_modules"] = array_diff_key($_SESSION["disabled_modules"], $row["enabled_modules"]);
     }
     if (!empty($row["timezone"])) {
         $_SESSION["timezone"] = $row["timezone"];
     } else {
         $_SESSION["timezone"] = "";
     }
     if (!empty($row["theme"])) {
         $_SESSION["theme"] = $row["theme"];
     } else {
         $_SESSION["theme"] = "core";
     }
     if (!empty($row["home_folder"])) {
         $_SESSION["home_folder"] = "index.php?folder=" . rawurlencode($row["home_folder"]);
     } else {
         if (sys_is_super_admin($username)) {
             $anchor = "system";
         } else {
             $anchor = "home_" . $username;
         }
         $_SESSION["home_folder"] = "index.php?folder=^" . $anchor;
     }
     if ($id or isset($_REQUEST["login"])) {
         sys_log_stat("logins", 1);
         sys_log_message_log("login", sprintf("{t}login %s from %s with %s{/t}", $_SESSION["username"], $_SESSION["ip"], sys::$browser));
     }
     trigger::login();
     if (!empty($row["pwdexpires"]) and $row["pwdexpires"] < NOW) {
         sys_warning(sprintf("{t}Password expired. (password of %s has expired){/t}", $username));
         self::_redirect("index.php?view=changepwd&find=asset|simple_sys_users|1|username="******"username"]);
     } else {
         if (!empty($_REQUEST["page"])) {
             if (CMS_REAL_URL) {
                 self::_redirect(CMS_REAL_URL . $_REQUEST["page"]);
             }
             self::_redirect("cms.php/" . $_REQUEST["page"]);
         } else {
             if (!empty($_REQUEST["redirect"])) {
                 self::_redirect($_SESSION["home_folder"]);
             }
         }
     }
 }
Exemplo n.º 4
0
 static function shutdown()
 {
     // check execution time
     self::$time_end = number_format(sys_get_microtime() - self::$time_start, 2);
     if (self::$time_end > SYSTEM_SLOW) {
         sys_log_message_log("system-slow", sprintf("{t}%s secs{/t}", self::$time_end) . " " . basename(_sys_request_uri()), _sys_request_uri());
     }
     // process error.txt
     $size = @filesize(SIMPLE_CACHE . "/debug/error.txt");
     if ($size > 0 and $size <= 2097152 and $msgs = @file_get_contents(SIMPLE_CACHE . "/debug/error.txt")) {
         // 2M
         @unlink(SIMPLE_CACHE . "/debug/error.txt");
         $msgs = array_reverse(explode("\n", $msgs));
         foreach ($msgs as $msg) {
             if ($msg == "") {
                 continue;
             }
             $vars = unserialize($msg);
             sys_log_message($vars[0], $vars[1], $vars[2], $vars[3], true, $vars[4]);
         }
     } else {
         if ($size > 0) {
             sys_die("{t}The error logfile cannot be processed, too large:{/t} " . SIMPLE_CACHE . "/debug/error.txt");
         }
     }
     // logging
     sys_log_stat("pages", 1);
 }
Exemplo n.º 5
0
 static function delete($folder)
 {
     $row = db_select_first("simple_sys_tree", array("id", "rgt", "lft", "ftitle", "parent"), "id=@id@", "", array("id" => $folder));
     $rows = array();
     if (!empty($row["id"])) {
         $rows = db_select("simple_sys_tree", array("id", "ftype"), "lft between @left@ and @right@", "lft asc", "", array("left" => $row["lft"], "right" => $row["rgt"]));
     }
     if (!is_array($rows) or count($rows) == 0) {
         return "";
     }
     if (!folder_in_trash($folder)) {
         $trash = db_select_value("simple_sys_tree", "id", "anchor=@anchor@", array("anchor" => "trash"));
         if (empty($trash)) {
             exit("{t}Error{/t}: {t}Trash folder not found.{/t}");
         }
         $id = self::create(sys_date("{t}m/d/Y{/t}"), "blank", "", $trash, true);
         $old_path = modify::getpath($folder);
         if (!self::move($row["id"], $id, true)) {
             exit("{t}The folder cannot be deleted.{/t}");
         }
         $data = array("rread_users" => "", "rread_groups" => "", "rwrite_users" => "", "rwrite_groups" => "", "radmin_users" => "", "radmin_groups" => "", "rexception_users" => "", "rexception_groups" => "", "anchor" => "");
         $data["history"] = sprintf("{t}Item deleted by %s at %s{/t}\n", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}"));
         foreach ($rows as $folder) {
             db_update("simple_sys_tree", $data, array("id=@id@"), array("id" => $folder["id"]));
         }
         db_update("simple_sys_tree", array("history" => "{t}Origin{/t}: " . $old_path . "\n"), array("id=@id@"), array("id" => $rows[0]["id"]));
         sys_log_stat("deleted_folders", count($rows));
     } else {
         foreach ($rows as $folder) {
             if ($folder["ftype"] != "sys_tree") {
                 $schema_data = db_get_schema(sys_find_module($folder["ftype"]));
                 $tname = $schema_data["att"]["NAME"];
                 if (!strpos($tname, "_nodb_")) {
                     $delete_fields = array();
                     foreach ($schema_data["fields"] as $key => $field) {
                         if ($field["SIMPLE_TYPE"] == "files") {
                             $delete_fields[] = $key;
                         }
                     }
                     if (count($delete_fields) > 0) {
                         $data = db_select($tname, $delete_fields, "folder=@folder@", "created asc", "", array("folder" => $folder["id"]));
                         if (is_array($data) and count($data) > 0) {
                             foreach ($data as $ditem) {
                                 foreach ($delete_fields as $field) {
                                     $files = explode("|", $ditem[$field]);
                                     sys_unlink($files);
                                 }
                             }
                         }
                     }
                     db_delete($tname, array("folder=@folder@"), array("folder" => $folder["id"]));
                 }
             }
             db_search_delete("simple_sys_tree", $folder["id"], $folder["id"]);
             db_search_delete_folder($folder["id"]);
             db_delete("simple_sys_tree", array("id=@id@"), array("id" => $folder["id"]));
         }
         db_update_subfolder_count($row["parent"]);
     }
     $folder = $row["id"];
     if (isset($_SESSION["folder_states"][$folder])) {
         foreach ($_SESSION["folder_states"][$folder] as $child) {
             unset($_SESSION["folder_states"][$child]);
         }
         unset($_SESSION["folder_states"][$folder]);
     }
     return $row["parent"];
 }
Exemplo n.º 6
0
 static function folder_create($folder, $title, $type, $description, $icon, $first = false)
 {
     if ($title == "") {
         return "";
     }
     if (!is_numeric($folder) and strpos($folder, "*")) {
         $folders = folders_from_path($folder);
         if (!is_array($folders) or count($folders) == 0) {
             return "";
         }
         foreach ($folders as $folder_item) {
             self::_require_access($folder_item, "write");
         }
         foreach ($folders as $folder_item) {
             self::folder_create($folder_item, $title, $type, $description, $icon, $first);
         }
         return $folder . $title . "/";
     }
     self::_require_access($folder, "write");
     if (!is_numeric($folder)) {
         $url = sys_parse_folder($folder);
         $handler = "lib_" . $url["handler"];
         self::require_method("create_folder", $handler);
         $title = str_replace(array(".", "\\", "/"), "", $title);
         $return = call_user_func(array($handler, "create_folder"), $title, $url["mountpoint"], $url["mfolder"]);
         if ($return == "ok") {
             return $folder . $title . "/";
         } else {
             if ($return != "") {
                 exit($return);
             }
         }
     } else {
         $new_folder = folders::create($title, $type, $description, $folder, $first, array("noduplicate" => true, "icon" => $icon));
         if ($new_folder == "") {
             exit("{t}Folder already exists.{/t}");
         }
         if ($folder != $new_folder) {
             sys_log_stat("new_folders", 1);
         }
         return $new_folder;
     }
     return "";
 }
Exemplo n.º 7
0
function _download_file($row_filename, $filename, $dispo)
{
    if ($fp = fopen($row_filename, "rb")) {
        if (strpos($_SERVER["HTTP_USER_AGENT"], "MSIE")) {
            $filename = rawurlencode($filename);
        }
        sys_log_stat("downloads", 1);
        header("Expires: " . gmdate("D, d M Y H:i:s", NOW) . " GMT");
        header("Content-Type: " . ($dispo == "inline" ? "image/jpg" : "application/octet-stream") . "; charset=utf-8");
        header("Content-Disposition: " . $dispo . "; filename=\"" . $filename . "\"");
        header("Content-Length: " . (int) filesize($row_filename));
        header("Content-Transfer-Encoding: binary");
        while (!feof($fp)) {
            echo fread($fp, 8192);
        }
        fclose($fp);
        exit;
    }
}
Exemplo n.º 8
0
 private static function _copy($ccp, $folder, $sgsml, $delete)
 {
     $tname = $sgsml->tname;
     $vars = array("handler" => $ccp["handler"], "sqlvarsnoquote" => $ccp["vars_noquote"], "custom_name" => $ccp["custom_name"], "default_sql" => $ccp["default_sql"]);
     $rows = db_select($ccp["tname"], $ccp["data_fields"], $ccp["where"], "", "", array("item" => $ccp["items"], "folder" => $ccp["folder"], "folders" => $ccp["folders"]), $vars);
     if (is_array($rows) and count($rows) < count($ccp["items"])) {
         exit("{t}Item(s) not found or access denied.{/t}");
     }
     foreach (self::_get_mappings("->") as $mapping) {
         if (!strpos($mapping[1], "=")) {
             continue;
         }
         $mapping[1] = explode(".", $mapping[1]);
         if ("simple_" . $mapping[0] == $ccp["tname"] and "simple_" . $mapping[1][0] == $tname) {
             $sgsml->patch_fields(array_slice($mapping[1], 1));
         }
     }
     $mappings = array();
     foreach (self::_get_mappings("|") as $mapping) {
         if (strpos($mapping[0], "->")) {
             continue;
         }
         $mapping1 = explode(".", $mapping[0]);
         $mapping2 = explode(".", $mapping[1]);
         $key = "simple_" . $mapping1[0] . ".simple_" . $mapping2[0];
         $mappings[$key][$mapping2[1]] = $mapping1[1];
         $key = "simple_" . $mapping2[0] . ".simple_" . $mapping1[0];
         $mappings[$key][$mapping1[1]] = $mapping2[1];
     }
     $default_values = folder_get_default_values($folder);
     $messages = array();
     foreach ($rows as $row) {
         if (empty($row["folder"]) or !db_get_right($row["folder"], "read")) {
             continue;
         }
         if (isset($mappings[$ccp["tname"] . "." . $tname])) {
             foreach ($mappings[$ccp["tname"] . "." . $tname] as $to => $from) {
                 $row[$to] = $row[$from];
             }
         }
         $row = array_merge($row, $default_values);
         foreach (array_keys($row) as $key) {
             if (!isset($sgsml->fields[$key])) {
                 unset($row[$key]);
                 continue;
             }
             $field = $sgsml->fields[$key];
             if ((isset($field["KEY"]) or isset($field["IS_UNIQUE"])) and !empty($row[$key]) and !isset($field["READONLYIN"])) {
                 $val = $row[$key];
                 $step = 1;
                 while ($step < 100 and validate::itemexists($tname, array($key => $val), -1) != "") {
                     $step++;
                     $val = $row[$key] . "_" . $step;
                 }
                 $row[$key] = $val;
             }
             if (isset($field["RESTORE"])) {
                 $row[$key] = self::_restore_value($row, $key, $field["RESTORE"]);
             }
         }
         $id = $row["id"];
         $row["id"] = -1;
         $row["folder"] = $folder;
         if (isset($row["syncid"])) {
             $row["syncid"] = "";
         }
         $newfiles = array();
         if (is_array($ccp["file_fields"]) and count($ccp["file_fields"]) > 0) {
             foreach ($ccp["file_fields"] as $file_field) {
                 if (!empty($row[$file_field])) {
                     $data_files = explode("|", trim($row[$file_field], "|"));
                     $row[$file_field] = array();
                     foreach ($data_files as $file) {
                         if (!file_exists($file)) {
                             continue;
                         }
                         $target = self::_paste_item_copyfile($file, $row["id"], $tname);
                         $row[$file_field][] = $target;
                         $newfiles[] = $target;
                     }
                     $row[$file_field] = implode("|", $row[$file_field]);
                 }
             }
         }
         if (!empty($sgsml->att["DISABLE_TRIGGER_CCP"])) {
             unset($sgsml->att["TRIGGER_NEW"]);
         }
         $result = $sgsml->insert($row);
         if (!is_numeric($result)) {
             if (is_array($result) and count($result) > 0) {
                 $message = "{t}Error pasting asset{/t}:";
                 foreach ($result as $field => $errors) {
                     foreach ($errors as $error) {
                         $message .= "\n" . $error[0] . ": " . $error[1];
                     }
                 }
             } else {
                 $message = $result;
             }
             $messages[] = $message;
         } else {
             if ($delete) {
                 asset::delete_items($ccp["folder"], "display", array($id), $ccp["delete_mode"]);
             }
             sys_log_stat("copied_records", 1);
         }
         foreach ($newfiles as $file) {
             if (sys_strbegins($file, SIMPLE_CACHE . "/upload/")) {
                 @unlink($file);
             }
         }
     }
     return $messages;
 }
Exemplo n.º 9
0
 private static function _createlocation($name)
 {
     $row_id = db_select_value("simple_locations", "id", "locationname=@name@", array("name" => $name));
     $folder = folder_from_path("^locations");
     if (empty($row_id) and !empty($folder)) {
         $id = sql_genID("simple_locations") * 100;
         $data = array("id" => $id, "locationname" => $name, "folder" => $folder);
         $error_sql = db_insert("simple_locations", $data);
         if ($error_sql == "") {
             db_update_treesize("simple_locations", $folder);
             db_search_update("simple_locations", $id, array(), array("locationname" => "text"));
             sys_log_stat("new_records", 1);
         } else {
             return $error_sql;
         }
     }
     return "";
 }
Exemplo n.º 10
0
 private function _save(array &$data, $id = -1)
 {
     $insert = ($id > 0 or !is_numeric($id)) ? false : true;
     if (count($data) == 0) {
         return array();
     }
     if (!empty($this->att["DEFAULT_SQL"]) and $this->att["DEFAULT_SQL"] == "no_select") {
         return self::_error("{t}Module{/t}", "{t}Access denied.{/t}");
     }
     if (!empty($data["folder"])) {
         // check permissions
         if (!db_get_right($data["folder"], "write", $this->view)) {
             return self::_error("{t}Folder{/t}", "{t}Access denied.{/t}", "folder");
         }
         $this->folder = $data["folder"];
     } else {
         $data["folder"] = $this->folder;
     }
     // fill data array
     list($rdata, $data_row, $error) = $this->_complete_data($data, $id);
     if ($error) {
         return $error;
     }
     // validate
     if ($result = $this->_validate($rdata, $id)) {
         return $result;
     }
     if ($insert) {
         $id = sql_genID($this->tname) * 100;
         $sql_data = array("id" => $id, "dsize" => 0, "history" => sprintf("{t}Item created by %s at %s{/t}\n", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}")));
     } else {
         $sql_data = array("dsize" => 0, "history" => sprintf("{t}Item edited (%s) by %s at %s{/t}\n", "@fields@", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}")));
     }
     // count sizes, move files to store, delete old files
     foreach ($this->current_fields as $field_name => $field) {
         if ($field["SIMPLE_TYPE"] == "id") {
             continue;
         }
         if ($field["SIMPLE_TYPE"] == "files" and !empty($rdata[$field_name])) {
             foreach ($rdata[$field_name] as $val) {
                 if (file_exists($val)) {
                     $sql_data["dsize"] += filesize($val);
                 }
             }
             // TODO 2 store handler?
             if (!empty($data_row[$field_name])) {
                 $data_old = explode("|", trim($data_row[$field_name], "|"));
                 foreach ($data_old as $filekey => $file) {
                     if (in_array($file, $rdata[$field_name])) {
                         continue;
                     }
                     if (ARCHIVE_DELETED_FILES and file_exists($file)) {
                         $i = 1;
                         $m = "";
                         $trash_name = SIMPLE_STORE . "/trash/" . $this->folder . "_" . $id . "_";
                         $trash_file = modify::basename($file);
                         while (file_exists($trash_name . $m . $trash_file)) {
                             $m = $i++ . "_";
                         }
                         rename($file, $trash_name . $m . $trash_file);
                         touch($trash_name . $m . $trash_file);
                     } else {
                         @unlink($file);
                     }
                 }
             }
             foreach ($rdata[$field_name] as $filekey => $file) {
                 if ($file == "") {
                     unset($rdata[$field_name][$filekey]);
                     $data[$field_name] = implode("|", $rdata[$field_name]);
                     continue;
                 }
                 if (file_exists(SIMPLE_CACHE . "/upload/" . basename($file))) {
                     $filebase = modify::basename(basename($file));
                     list($target, $filename) = sys_build_filename($filebase, $this->tname);
                     dirs_checkdir($target);
                     $target .= sys_get_pathnum($id) . "/";
                     dirs_checkdir($target);
                     $target .= md5($id) . $filename;
                     rename(SIMPLE_CACHE . "/upload/" . basename($file), $target);
                     $rdata[$field_name][$filekey] = $target;
                     $data[$field_name] = implode("|", $rdata[$field_name]);
                 }
             }
             $basenames = array();
             foreach (array_reverse($rdata[$field_name]) as $filekey => $file) {
                 $basename = modify::basename($file);
                 if (isset($basenames[$basename])) {
                     $old_filekey = $basenames[$basename];
                     $basename = preg_replace("|_rev\\d+|", "", $basename);
                     $base = $basename;
                     $i = 1;
                     while (isset($basenames[$basename])) {
                         if ($pos = strrpos($base, ".")) {
                             $basename = substr($base, 0, $pos) . "_rev" . $i++ . substr($base, $pos);
                         } else {
                             $basename = $base . "_rev" . $i++;
                         }
                     }
                     $target = str_replace(modify::basename($file), $basename, $file);
                     if (rename($file, $target)) {
                         // swap
                         $rdata[$field_name][$filekey] = $rdata[$field_name][$old_filekey];
                         $rdata[$field_name][$old_filekey] = $target;
                         $data[$field_name] = implode("|", $rdata[$field_name]);
                     }
                 }
                 $basenames[$basename] = $filekey;
             }
         }
         if (!empty($field["STORE"]) and is_array($field["STORE"])) {
             foreach ($field["STORE"] as $store) {
                 list($class, $function, $params) = sys_find_callback("modify", $store["FUNCTION"]);
                 $rdata[$field_name] = call_user_func(array($class, $function), $rdata[$field_name], $rdata, $params);
             }
         }
         if (!isset($sql_data[$field_name]) and !is_null($rdata[$field_name])) {
             $sql_data[$field_name] = $rdata[$field_name];
         }
     }
     // transform
     foreach ($sql_data as $key => $value) {
         $sql_data[$key] = self::scalarize($value, $this->fields[$key]);
     }
     // reduce to new values
     $sys_fields = array("history" => "", "dsize" => "", "seen" => "");
     foreach ($sql_data as $data_key => $data_value) {
         if (isset($sys_fields[$data_key])) {
             continue;
         }
         $addfield = true;
         $field = $this->fields[$data_key];
         if (!isset($this->current_fields[$data_key])) {
             $addfield = false;
         }
         if (isset($field["NOTINALL"])) {
             $addfield = false;
         }
         if (isset($field["NOTIN"]) and in_array($this->view, $field["NOTIN"])) {
             $addfield = false;
         }
         if (isset($field["READONLYIN"]) and (in_array($this->view, $field["READONLYIN"]) or in_array("all", $field["READONLYIN"]))) {
             $addfield = false;
         }
         if (isset($field["ONLYIN"])) {
             if (in_array($this->view, $field["ONLYIN"])) {
                 $addfield = true;
             } else {
                 $addfield = false;
             }
         }
         if (!$addfield) {
             unset($sql_data[$data_key]);
         }
     }
     // build history
     $sql_data = $this->build_history($sql_data, $data_row);
     if (!array_diff(array_keys($sql_data), array("history", "seen"))) {
         $sql_data = array();
     }
     // save in db
     if ($insert) {
         $error_sql = db_insert($this->tname, $sql_data, array("handler" => $this->handler));
         if ($error_sql != "") {
             return self::_error("{t}SQL failed.{/t}", $error_sql);
         }
         if ($this->notification) {
             sys_notification("{t}Item successfully created.{/t} (" . $id . ")");
         }
     } else {
         if (count($sql_data) == 0) {
             return $id;
         }
         $error_sql = db_update($this->tname, $sql_data, array("id=@id@"), array("id" => $id, "folder" => $this->folder), array("handler" => $this->handler));
         if ($error_sql != "") {
             return self::_error("{t}SQL failed.{/t}", $error_sql);
         }
         if ($this->notification) {
             sys_notification("{t}Item successfully updated.{/t} (" . (is_numeric($id) ? $id : 1) . ")");
         }
     }
     if (empty($this->handler)) {
         db_update("simple_sys_tree", array("history" => "[" . $id . "/details] " . $sql_data["history"]), array("id=@id@"), array("id" => $this->folder));
         db_update_treesize($this->tname, $this->folder);
         if (!$insert and $this->folder != $data_row["folder"]) {
             db_update("simple_sys_tree", array("history" => "[" . $id . "/details] " . $sql_data["history"]), array("id=@id@"), array("id" => $data_row["folder"]));
             db_update_treesize($this->tname, $data_row["folder"]);
             db_search_delete($this->tname, $id, $data_row["folder"]);
         }
         if (empty($this->att["NO_SEARCH_INDEX"])) {
             db_search_update($this->tname, $id, $this->fields);
         }
         sys_log_stat($insert ? "new_records" : "changed_records", 1);
     }
     // call triggers
     $trigger = "";
     if ($insert and !empty($this->att["TRIGGER_NEW"])) {
         $trigger = $this->att["TRIGGER_NEW"];
     }
     if (!$insert and !empty($this->att["TRIGGER_EDIT"])) {
         $trigger = $this->att["TRIGGER_EDIT"];
     }
     if ($trigger and $result = asset_process_trigger($trigger, $id, $rdata, $this->tname)) {
         return self::_error("{t}Trigger failed{/t}", $result);
     }
     // send notification
     $tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $this->folder));
     if ($tree_notification != "") {
         $rdata["notification"] .= "," . $tree_notification;
     }
     if (!$insert and $this->folder != $data_row["folder"]) {
         $tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $data_row["folder"]));
         if ($tree_notification != "") {
             $rdata["notification"] .= "," . $tree_notification;
         }
     }
     if (!empty($rdata["notification"])) {
         $rdata["notification"] = trim($rdata["notification"], ",");
         $smtp_data = asset::build_notification($this->att["NAME"], $this->current_fields, $rdata, $sql_data, $id, $data_row);
         if ($result = asset_process_trigger("sendmail", $id, $smtp_data)) {
             return self::_error("{t}Trigger failed{/t}", $result);
         }
     }
     // update stats
     if (!empty($this->handler)) {
         foreach ($sql_data as $data_key => $data_value) {
             $field = $this->fields[$data_key];
             if ($field["SIMPLE_TYPE"] != "files") {
                 continue;
             }
             foreach (explode("|", $data_value) as $file) {
                 if (sys_strbegins($file, SIMPLE_CACHE . "/upload/")) {
                     @unlink($file);
                 }
             }
         }
     }
     return $id;
 }
Exemplo n.º 11
0
function _upload_create_file($db_path, $target_lnk, $path, $filename)
{
    list($id, $left, $unused) = _upload_process_folder_string($db_path . "/");
    if ($left != 0 or $id == 0) {
        sys_error("path not found", "409 Conflict");
    }
    $ftype = db_select_value("simple_sys_tree", "ftype", "id=@id@", array("id" => $id));
    if (db_get_right($id, "write") and !empty($ftype) and $ftype == "files") {
        list($target, $a_filename) = sys_build_filename($filename, "simple_files");
        dirs_checkdir($target);
        $target .= sys_get_pathnum($id) . "/";
        dirs_checkdir($target);
        $target .= md5($id) . $a_filename;
        if ($fp = fopen("php://input", "r") and $ft = fopen($target, "wb")) {
            while (!feof($fp)) {
                fwrite($ft, fread($fp, 8192));
            }
            fclose($fp);
            fclose($ft);
            $a_id = sql_genID("simple_files") * 100;
            $data = array("id" => $a_id, "folder" => $id, "dsize" => filesize($target), "filedata" => "|" . $target . "|", "filename" => $filename, "rread_users" => "|anonymous|", "rwrite_users" => "|anonymous|", "history" => t("{t}Item created by %s at %s{/t}", $_SESSION["username"], sys_date(t("{t}m/d/y g:i:s a{/t}"))) . "\n");
            $error_sql = db_insert("simple_files", $data);
            if ($error_sql == "") {
                db_update_treesize("simple_files", $id);
                $fields = array("filename" => "text", "filedata" => "files", "folder" => "id", "id" => "id");
                db_search_update("simple_files", $a_id, array(), $fields);
                sys_log_stat("new_records", 1);
                file_put_contents($target_lnk, $path . "/" . $a_id . "_0__" . $filename . "\n" . $target, LOCK_EX);
                _upload_success();
            }
        }
    }
    sys_error("cant write new", "403 Forbidden");
}