echo '<td><font size="-1">' . e::h($revision) . e::h($extra_message);
}
?>
</font></td>
<td><font size="-1"><?php
echo fix_date($modified_on);
?>
</font></td>
<td><font size="-1"><?php
echo e::h($last_name) . ', ' . e::h($first_name);
?>
</font></td>
<td><font size="-1"><?php
echo e::h($note);
?>
</font></td>
</tr>
<?php
}
// clean up
?>
</table>
</td>
</tr>
</table>
<?php
// Call the plugin API
callPluginMethod('onAfterHistory', $datafile->getId());
draw_footer();
}
ob_end_flush();
// Flush buffer onto screens
ob_end_clean();
// Clean up buffer
exit;
} else {
// all checks completed
/* to avoid problems with some browsers,
download script should not include parameters on the URL
so let's use a form and pass the parameters via POST
*/
// form not yet submitted
// display information on how to initiate download
if (!isset($submit)) {
draw_header('View File', $last_message);
$GLOBALS['smarty']->assign('file_id', $filedata->getId());
display_smarty_template('view.tpl');
draw_footer();
} else {
$id = $filedata->getId();
$realname = $filedata->getName();
// get the filename
$filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat';
if (file_exists($filename)) {
// send headers to browser to initiate file download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . rawurlencode($realname));
readfile($filename);
// Call the plugin API
callPluginMethod('onViewFile');
} else {
redirect_visitor();
}
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
$secureurl_obj = new phpsecureurl();
$lrequest_id = $_REQUEST['id'];
//save an original copy of id
if (strchr($_REQUEST['id'], '_')) {
list($_REQUEST['id'], $lrevision_id) = explode('_', $_REQUEST['id']);
$lrevision_dir = $GLOBALS['CONFIG']['revisionDir'] . '/' . $_REQUEST['id'] . '/';
}
if (!isset($_GET['submit'])) {
draw_header(msg('view') . ' ' . msg('file'), $last_message);
$file_obj = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME);
$file_name = $file_obj->getName();
$file_id = $file_obj->getId();
$realname = $file_obj->getName();
// Get the suffix of the file so we can look it up
// in the $mimetypes array
$suffix = '';
if (strchr($realname, '.')) {
// Fix by blackwes
$prefix = substr($realname, 0, strrpos($realname, "."));
$suffix = strtolower(substr($realname, strrpos($realname, ".") + 1));
}
$lmimetype = File::mime_by_ext($suffix);
//echo "Realname is $realname<br>";
//echo "prefix = $prefix<br>";
//echo "suffix = $suffix<br>";
//echo "mime:$lmimetype";
echo '<form action="view_file.php" name="view_file_form" method="get">';
$del_dept_perms_query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}dept_perms WHERE fid = :file_id";
$del_dept_perms_stmt = $pdo->prepare($del_dept_perms_query);
$del_dept_perms_stmt->bindParam(':file_id', $fileId);
$del_dept_perms_stmt->execute();
$result_array = array();
// init;
foreach ($_REQUEST['user_permission'] as $user_id => $permission) {
$insert_user_perms_query = "\n INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user_perms \n (\n fid, \n uid, \n rights\n ) VALUES(\n :file_id, \n :user_id, \n :permission\n )";
//echo $query."<br>";
$insert_user_perms_stmt = $pdo->prepare($insert_user_perms_query);
$insert_user_perms_stmt->bindParam(':file_id', $fileId);
$insert_user_perms_stmt->bindParam(':user_id', $user_id);
$insert_user_perms_stmt->bindParam(':permission', $permission);
$insert_user_perms_stmt->execute();
}
//UPDATE Department Rights into dept_perms
foreach ($_POST['department_permission'] as $dept_id => $dept_perm) {
$update_dept_perms_query = "\n INSERT INTO\n {$GLOBALS['CONFIG']['db_prefix']}dept_perms\n (\n fid,\n dept_id,\n rights\n )\n VALUES\n (\n :file_id,\n :dept_id,\n :dept_perm\n )\n ";
$update_dept_perms_stmt = $pdo->prepare($update_dept_perms_query);
$update_dept_perms_stmt->bindParam(':dept_perm', $dept_perm);
$update_dept_perms_stmt->bindParam(':dept_id', $dept_id);
$update_dept_perms_stmt->bindParam(':file_id', $filedata->getId());
$update_dept_perms_stmt->execute();
}
$message = 'Document successfully updated';
AccessLog::addLogEntry($fileId, 'M', $pdo);
// Call the plugin API
callPluginMethod('onAfterEditFile', $fileId);
header('Location: details.php?id=' . $fileId . '&last_message=' . urlencode($message));
}
draw_footer();
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<input type="hidden" name="id" value="<?php
echo $_POST['id'];
?>
">
<input type="submit" name="submit" value="Click here"> to begin downloading the selected document to your local workstation.
</form>
Once the document has completed downloading, you may <a href="out.php">continue browsing</a>.
<?php
draw_footer();
} else {
//list($id, $realname) = mysql_fetch_row($result);
$id = $filedata->getId();
$realname = $filedata->getName();
//mysql_free_result($result);
// get the filename
$filename = $GLOBALS['CONFIG']['dataDir'] . $_POST['id'] . '.dat';
if (file_exists($filename)) {
// send headers to browser to initiate file download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . rawurlencode($realname));
readfile($filename);
// Call the plugin API
callPluginMethod('onViewFile');
} else {
echo 'File not readable...';
}
ob_end_flush();
if (isset($_REQUEST['file_owner'])) {
$filedata->setOwner(mysql_real_escape_string($_REQUEST['file_owner']));
}
if (isset($_REQUEST['file_department'])) {
$filedata->setDepartment(mysql_real_escape_string($_REQUEST['file_department']));
}
// Update the file with the new values
$filedata->updateData();
udf_edit_file_update();
// clean out old permissions
$query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE fid = '{$fileId}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
$result_array = array();
// init;
foreach ($_REQUEST['user_permission'] as $user_id => $permission) {
$query = "INSERT INTO {$GLOBALS['CONFIG']['db_prefix']}user_perms (fid, uid, rights) VALUES({$fileId}, {$user_id}, {$permission})";
//echo $query."<br>";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}" . mysql_error());
}
//UPDATE Department Rights into dept_perms
foreach ($_POST['department_permission'] as $dept_id => $dept_perm) {
$query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}dept_perms SET rights = {$dept_perm} where fid=" . $filedata->getId() . " and {$GLOBALS['CONFIG']['db_prefix']}dept_perms.dept_id = {$dept_id}";
mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
}
$message = urlencode('Document successfully updated');
AccessLog::addLogEntry($fileId, 'M');
// Call the plugin API
callPluginMethod('onAfterEditFile', $fileId);
header('Location: details.php?id=' . $fileId . '&last_message=' . $message);
}
draw_footer();