function get($s) { // for testing only. //if (!empty($_GET['_post'])) { // return $this->post(); //} $this->as_mimetype = empty($_REQUEST['as']) ? '' : $_REQUEST['as']; $bits = explode('/', $s); $id = 0; // var_dump($bits);die('in'); // without id as first part... if (!empty($bits[0]) && $bits[0] == 'Thumb') { $this->thumb = true; $this->as_mimetype = 'image/jpeg'; $this->size = empty($bits[1]) ? '0x0' : $bits[1]; $id = empty($bits[2]) ? 0 : $bits[2]; } else { if (!empty($bits[0]) && $bits[0] == 'Download') { $this->method = 'attachment'; $id = empty($bits[1]) ? 0 : $bits[1]; } else { if (!empty($bits[1]) && $bits[1] == 'Thumb') { // with id as first part. $this->thumb = true; $this->as_mimetype = 'image/jpeg'; $this->size = empty($bits[2]) ? '0x0' : $bits[2]; $id = empty($bits[3]) ? 0 : $bits[3]; } else { if (!empty($bits[0]) && $bits[0] == 'events') { $this->downloadEvent($bits); die("unknown file?"); } else { $id = empty($bits[0]) ? 0 : $bits[0]; } } } } if (strpos($id, ':') > 0) { // id format tablename:id:-imgtype $onbits = explode(':', $id); if (count($onbits) < 2 || empty($onbits[1]) || !is_numeric($onbits[1]) || !strlen($onbits[0])) { die("Bad url"); } //DB_DataObject::debugLevel(1); $img = DB_DataObject::factory('Images'); $img->ontable = $onbits[0]; $img->onid = $onbits[1]; if (empty($_REQUEST['anytype'])) { $img->whereAdd("mimetype like 'image/%'"); } $img->orderBy('title ASC'); /// spurious ordering... (curretnly used by shipping project) if (isset($onbits[2])) { $img->imgtype = $onbits[2]; } $img->limit(1); if (!$img->find(true)) { header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode("no images for that item: " . htmlspecialchars($id))); } $id = $img->id; } $id = (int) $id; // depreciated - should use ontable:onid:type here... if (!empty($_REQUEST['ontable'])) { //DB_DataObjecT::debugLevel(1); $img = DB_DataObjecT::factory('Images'); $img->setFrom($_REQUEST); // use imgtype now... // if (!empty($_REQUEST['query']['filename'])){ // $img->whereAdd("filename LIKE '". $img->escape($_REQUEST['query']['filename']).".%'"); // } $img->limit(1); if (!$img->find(true)) { header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode("No file exists")); } $id = $img->id; } $img = DB_DataObjecT::factory('Images'); if (!$id || !$img->get($id)) { header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode("image has been removed or deleted.")); } if (!$this->hasPermission($img)) { header('Location: ' . $this->rootURL . '/Pman/templates/images/file-broken.png?reason=' . urlencode("access to this image/file has been denied.")); } $this->serve($img); exit; }
function updateLock($x, $req) { $this->permitError = true; // allow it to fail without dieing $lock = DB_DataObjecT::factory('core_locking'); $this->permitError = false; if (is_a($lock, 'DB_DataObject') && $this->authUser) { $lock->on_id = $x->{$this->key}; $lock->on_table = strtolower($x->tableName()); if (!empty($_REQUEST['_lock_id'])) { $lock->whereAdd('id != ' . (int) $_REQUEST['_lock_id']); } else { $lock->whereAdd('person_id !=' . $this->authUser->id); } $llc = clone $lock; $exp = date('Y-m-d', strtotime('NOW - 1 WEEK')); $llc->whereAdd("created < '{$exp}'"); if ($llc->count()) { $llc->find(); while ($llc->fetch()) { $llcd = clone $llc; $llcd->delete(); } } $lock->limit(1); if ($lock->find(true)) { // it's locked by someone else.. $p = $lock->person(); $this->jerr("Record was locked by " . $p->name . " at " . $lock->created . " - Please confirm you wish to save", array('needs_confirm' => true)); } // check the users lock.. - no point.. ??? - if there are no other locks and it's not the users, then they can // edit it anyways... // can we find the user's lock. $lock = DB_DataObjecT::factory('core_locking'); $lock->on_id = $x->{$this->key}; $lock->on_table = strtolower($x->tableName()); $lock->person_id = $this->authUser->id; $lock->orderBy('created DESC'); $lock->limit(1); if ($lock->find(true) && isset($x->modified_dt) && strtotime($x->modified_dt) > strtotime($lock->created) && empty($req['_submit_confirmed']) && $x->modified_by != $this->authUser->id) { $p = DB_DataObject::factory('core_person'); $p->get($x->modified_by); $this->jerr($p->name . " saved the record since you started editing,\nDo you really want to update it?", array('needs_confirm' => true)); } } return $lock; }