// check for session and $id
session_start();
include_once 'odm-load.php';
if (!isset($_SESSION['uid'])) {
redirect_visitor();
}
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($id) || $id == '') {
header('Location:error.php?ec=2');
exit;
}
// includes
// in case file is accessed directly
// verify again that user has view rights
$filedata = new FileData($id, $pdo);
$filedata->setId($id);
if ($filedata->getError() != '') {
header('Location:error.php?ec=2');
ob_end_flush();
// Flush buffer onto screens
ob_end_clean();
// Clean up buffer
exit;
} else {
// all checks completed
/* to avoid problems with some browsers,
download script should not include parameters on the URL
so let's use a form and pass the parameters via POST
*/
// form not yet submitted
// display information on how to initiate download
$GLOBALS['smarty']->assign('comment', $comment);
$GLOBALS['smarty']->assign('db_prefix', $GLOBALS['CONFIG']['db_prefix']);
display_smarty_template('edit.tpl');
udf_edit_file_form();
// Call Plugin API
callPluginMethod('onBeforeEditFile', $data_id);
display_smarty_template('_edit_footer.tpl');
}
//end else
} else {
// form submitted, process data
$fileId = $_REQUEST['id'];
$filedata = new FileData($fileId, $pdo);
// Call the plugin API
callPluginMethod('onBeforeEditFileSaved');
$filedata->setId($fileId);
$perms_error = false;
// check submitted data
// at least one user must have "view" and "modify" rights
foreach ($_REQUEST['user_permission'] as $permission) {
if ($permission > 2) {
$perms_error = true;
}
}
if (!$perms_error) {
header("Location:error.php?ec=12");
exit;
}
// Check to make sure the file is available
$status = $filedata->getStatus($fileId);
if ($status != 0) {
}
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
/* if the user has read-only authority on the file, his check out
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on
the server
*/
$fileobj = new FileData($_GET['id'], $GLOBALS['connection'], DB_NAME);
$fileobj->setId($_GET['id']);
if ($fileobj->getError() != NULL || $fileobj->getStatus() > 0 || $fileobj->isArchived()) {
header('Location:error.php?ec=2');
exit;
}
if (!isset($_GET['submit'])) {
draw_header(msg('area_check_out_file'), $last_message);
// form not yet submitted
// display information on how to initiate download
checkUserPermission($_REQUEST['id'], $fileobj->WRITE_RIGHT, $fileobj);
?>
<p>
<form action="<?php
}
require_once "AccessLog_class.php";
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
/* if the user has read-only authority on the file, his check out
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on
the server
*/
$file_data_obj = new FileData($_GET['id'], $pdo);
$file_data_obj->setId($_GET['id']);
if ($file_data_obj->getError() != NULL || $file_data_obj->getStatus() > 0 || $file_data_obj->isArchived()) {
header('Location:error.php?ec=2');
exit;
}
if (!isset($_GET['submit'])) {
draw_header(msg('area_check_out_file'), $last_message);
// form not yet submitted
// display information on how to initiate download
checkUserPermission($_REQUEST['id'], $file_data_obj->WRITE_RIGHT, $file_data_obj);
?>
<p>
<form action="<?php
