if ($dss_userId == 0 || $dss_accessLevel == 0) { header("Location: /index.php"); exit; } $workgroupId = $_REQUEST["workgroupId"]; if (trim($_REQUEST["cancel_button"]) != "") { if (trim($workgroupId) == "") { header("Location: /workgroup_list.php"); } else { header("Location: /project_list.php"); } exit; } if (trim($workgroupId) == "") { /* See if this is a duplicate workgroup name. */ $query = db_query("SELECT id FROM workgroup WHERE name=" . escapeQuote($_REQUEST["name"])); if (db_numrows($query) == 0) { $workgroupId = db_insert("workgroup"); db_query("UPDATE workgroup SET createdByUserId={$dss_userId}" . ",createdDate=" . date("U") . " WHERE id=" . escapeValue($workgroupId)); } else { header("Location: workgroup_list.php?errorMessage=" . rawurlencode("The workgroup name already exists and was not added.")); exit; } } /* If the workgroup name changed, update it. */ $result = db_fetch(db_query("SELECT name FROM workgroup WHERE id=" . escapeValue($workgroupId))); if ($result["name"] != $_REQUEST["name"]) { db_query("UPDATE workgroup SET name=" . escapeQuote($_REQUEST["name"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id=" . escapeValue($workgroupId)); $infoMessage = "Workgroup name updated."; } header("Location: workgroup_list.php?infoMessage=" . rawurlencode($infoMessage));
$comment = $_POST["comment"]; $adminPassword = $_POST["adminPassword"]; $itemId = $_POST["itemId"]; if (trim($_REQUEST["cancel_button"]) != "") { header("Location: item_detail.php?search=" . $_POST["search"] . "&itemId={$itemId}"); exit; } $itemQuery = db_query("SELECT * FROM item WHERE id=" . escapeValue($itemId)); if (db_numrows($itemQuery) == 1) { $itemResult = db_fetch($itemQuery); } else { header("Location: /index.php"); exit; } /* Verify the password entered. */ $userResult = db_fetch(db_query("SELECT username FROM user WHERE id={$dss_userId}")); if (!verify_password($userResult["username"], $adminPassword)) { header("Location: /item_detail.php?itemId=" . escapeValue($itemId) . "&errorMessage=" . rawurlencode("The password entered was incorrect.")); exit; } /* Get the project and workgroup for this item. */ $projectResult = db_fetch(db_query("SELECT workgroupId,name FROM project WHERE id=" . $itemResult["projectId"])); $workgroupResult = db_fetch(db_query("SELECT name FROM workgroup WHERE id=" . $projectResult["workgroupId"])); /* Log this action in the auditlog. */ $logId = db_insert("auditlog"); db_query("UPDATE auditlog SET action='DELETE'" . ",actionByUserId={$dss_userId}" . ",actionDate=" . date("U") . ",actionComment=" . escapeQuote($comment) . ",workgroupName=" . escapeQuote($workgroupResult["name"]) . ",projectName=" . escapeQuote($projectResult["name"]) . ",retentionGroup=" . escapeQuote($itemResult["retentionGroup"]) . ",filetype=" . escapeQuote($itemResult["filetype"]) . ",filesize=" . escapeValue($itemResult["filesize"]) . ",filename=" . escapeQuote($itemResult["filename"]) . ",expirationDate=" . escapeValue($itemResult["expirationDate"]) . ",addedByUserId=" . escapeValue($itemResult["addedByUserId"]) . ",addedDate=" . escapeValue($itemResult["addedDate"]) . ",lastUpdatedByUserId=" . escapeValue($itemResult["lastUpdatedByUserId"]) . ",lastUpdatedDate=" . escapeValue($itemResult["lastUpdatedDate"]) . ",significant=" . escapeValue($itemResult["significant"]) . ",title=" . escapeQuote($itemResult["title"]) . ",description=" . escapeQuote($itemResult["description"]) . ",creator=" . escapeQuote($itemResult["creator"]) . ",creationDate=" . escapeQuote($itemResult["creationDate"]) . ",location=" . escapeQuote($itemResult["location"]) . " WHERE id={$logId}"); /* Remove the item and its thumbnail and delete the item record from the database. */ unlink("{$dss_fileshare}/" . $itemResult["projectId"] . "/" . $itemResult["filename"]); unlink("{$dss_docRoot}/thumbnail/" . md5($itemResult["id"]) . ".jpg"); db_query("DELETE FROM item WHERE id=" . escapeValue($itemId)); header("Location: item_list.php?search=" . $_POST["search"] . "&projectId=" . $itemResult["projectId"] . "&infoMessage=" . rawurlencode("The item has been deleted."));
<?php /* Copyright 2013 Kent State University Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ $firstName = $_POST["firstName"]; $lastName = $_POST["lastName"]; $displayListSize = $_POST["displayListSize"]; if (trim($firstName) == "" || trim($lastName) == "") { header("Location: /account.php?errorMessage=" . rawurlencode("Required fields were not filled in.")); exit; } if (escapeValue($displayListSize) < 10) { $displayListSize = 10; } db_query("UPDATE user SET firstName=" . escapeQuote($firstName) . ",lastName=" . escapeQuote($lastName) . ",displayListSize=" . escapeValue($displayListSize) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id={$dss_userId}"); db_query("UPDATE session SET displayListSize=" . escapeValue($displayListSize) . " WHERE id='{$dss_sessionCookie}'"); header("Location: /account.php?infoMessage=" . rawurlencode("Update complete."));
} if (trim($_REQUEST["workgroupId"]) != "") { $dss_currentWorkgroup = $_REQUEST["workgroupId"]; db_query("UPDATE session SET currentWorkgroup=" . escapeValue($dss_currentWorkgroup) . " WHERE id=" . escapeQuote($dss_sessionCookie)); } $workgroupResult = db_fetch(db_query("SELECT name FROM workgroup WHERE id={$dss_currentWorkgroup}")); /* Keep track of the char & page number the user is viewing. */ if (trim($_REQUEST["char"]) != "") { superstore_save("{$dss_currentWorkgroup}", $dss_sessionCookie, "char", $_REQUEST["char"]); superstore_save("{$dss_currentWorkgroup}", $dss_sessionCookie, "currentPage", 0); } if (trim($_REQUEST["currentPage"]) != "") { superstore_save("{$dss_currentWorkgroup}", $dss_sessionCookie, "currentPage", $_REQUEST["currentPage"]); } $char = superstore_fetch("{$dss_currentWorkgroup}", $dss_sessionCookie, "char"); $currentPage = escapeValue(superstore_fetch("{$dss_currentWorkgroup}", $dss_sessionCookie, "currentPage")); require "resources/header.php"; ?> <h2>Projects for <?php echo $workgroupResult["name"]; ?> </h2> <?php displayMessages($_REQUEST["infoMessage"], $_REQUEST["errorMessage"], $required); if ($dss_numWorkgroups > 1 || $dss_accessLevel > 0) { ?> <a href="workgroup_list.php"><img src="/resources/cancel.png" border="0" alt="Return to workgroup list" title="Return to workgroup list"></a> <?php } ?> <a href="project_add.php"><img src="/resources/add.png" border="0" alt="Add new project" title="Add new project"></a>
include "headers/adminheader.php"; } // if was submitted from the contact seller, review, or email submit button // get the seller information to display if (isset($_POST["contactseller"]) || isset($_POST["reviewsubmit"]) || isset($_POST["mailsubmit"])) { $sellerName = $_POST["name"]; $seller = $_POST["seller"]; $itemID = $_POST["item"]; $result = DataSource::getUser("username = '******'"); $row = $result->fetch_assoc(); $email = $row["emailAddress"]; $phone = $row["phoneNumber"]; // if was submitted from the review submit button, create the new // review for the seller if (isset($_POST["reviewsubmit"])) { $newReview = escapeValue(trim($_POST["review"])); $seller = $_POST["seller"]; if (!empty($newReview)) { DataSource::createUserReview($seller, $newReview); } // else if was submitted from the email message button, create // the message and send it to the seller } else { if (isset($_POST["mailsubmit"])) { $result = DataSource::getItem($itemID); $row = $result->fetch_assoc(); $itemName = $row["itemName"]; $itemDescription = $row["itemDescription"]; $to = $email; $subject = "UWT Listing New Message"; $fromName = $_POST["fromname"];
if ($userResult["accessLevel"] == 2) { echo " selected"; } ?> >Super Admin</option> </select> </td> </tr> <tr> <td valign="top">Workgroup(s):</td> <td> <table> <?php $workgroupQuery = db_query("SELECT id,name FROM workgroup ORDER BY name"); while ($workgroupResult = db_fetch($workgroupQuery)) { $checkQuery = db_query("SELECT workgroupId FROM workgroupUser WHERE workgroupId=" . $workgroupResult["id"] . " AND userId=" . escapeValue($userId)); if (db_numrows($checkQuery) == 1) { $member = 1; } else { $member = 0; } ?> <tr> <td><?php echo $workgroupResult["name"]; ?> </td> <td><input type="checkbox" name="workgroupId[<?php echo $workgroupResult["id"]; ?> ]" value="1"<?php
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0) { header("Location: /index.php"); exit; } if (trim($_REQUEST["projectId"]) != "") { $dss_currentProject = $_REQUEST["projectId"]; /* See if this user can view this project. */ if ($dss_accessLevel == 0) { $projectQuery = db_query("SELECT id FROM project WHERE workgroupId={$dss_currentWorkgroup} AND id=" . escapeValue($dss_currentProject)); if (db_numrows($projectQuery) == 0) { header("Location: /project_list.php?errorMessage=" . rawurlencode("Invalid project identifier.")); exit; } } db_query("UPDATE session SET currentProject=" . escapeValue($dss_currentProject) . " WHERE id=" . escapeQuote($dss_sessionCookie)); } $numberSynced = metasync($dss_currentProject); if (trim($numberSynced["success"]) != "") { $infoMessage = rawurlencode("There " . displayNumberWords($numberSynced["success"], "was", "were", "item", "items") . " synced."); } elseif (trim($numberSynced["error"]) != "") { $errorMessage = rawurlencode($numberSynced["error"]); } else { $infoMessage = rawurlencode("No items where synced."); } header("Location: item_list.php?projectId={$dss_currentProject}&infoMessage={$infoMessage}&errorMessage={$errorMessage}");
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0) { header("Location: /index.php"); exit; } if (trim($_REQUEST["cancel_button"]) != "") { header("Location: /project_list.php"); exit; } /* See if this is a duplicate project name. */ $query = db_query("SELECT id FROM project WHERE workgroupId={$dss_currentWorkgroup} AND name=" . escapeQuote($_REQUEST["name"])); if (db_numrows($query) == 0) { $projectId = db_insert("project"); /* Create the sub-directory for this project. */ if (!mkdir("/data/files/{$projectId}")) { db_query("DELETE FROM project WHERE id=" . escapeValue($projectId)); header("Location: project_list.php?errorMessage=" . rawurlencode("The project sub-directory could not be created and the project was not added.")); exit; } else { db_query("UPDATE project SET workgroupId={$dss_currentWorkgroup}" . ",name=" . escapeQuote($_REQUEST["name"]) . ",createdByUserId={$dss_userId}" . ",createdDate=" . date("U") . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id=" . escapeValue($projectId)); header("Location: item_list.php?projectId=" . escapeValue($projectId)); } } else { header("Location: project_list.php?errorMessage=" . rawurlencode("The project name already exists and was not added.")); exit; }
require_once "requires/functions.php"; require_once "requires/datasource.php"; if (!isLoggedIn()) { include "headers/publicheader.php"; } else { redirectTo("myitems.php"); } // check to see if the register information input was previously submitted // if so, display the submitted information, otherwise display blank inputs $username = isset($_POST["registersubmit"]) ? escapeValue(trim($_POST["username"])) : ""; $firstName = isset($_POST["registersubmit"]) ? escapeValue(trim($_POST["firstname"])) : ""; $lastName = isset($_POST["registersubmit"]) ? escapeValue(trim($_POST["lastname"])) : ""; $email = isset($_POST["registersubmit"]) ? escapeValue(trim($_POST["email"])) : ""; $phone = isset($_POST["registersubmit"]) ? escapeValue(trim($_POST["phone"])) : ""; $password = isset($_POST["registersubmit"]) ? escapeValue(trim($_POST["password"])) : ""; $confirmPassword = isset($_POST["registersubmit"]) ? escapeValue(trim($_POST["confirmpassword"])) : ""; ?> <main> <div id="registerform"> <div class="container"> <div> <form class="col s12 col m8 push-m2" action="register.php" method="post"> <div class="card white hoverable"> <div class="card-content text-darken-4 grey-text"> <span class="card-title text-darken-4 grey-text">Register</span> <br/><br/> <div class="row"> <div class="input-field col s12"> <input id="username" type="text" name="username" class="validate" required="" aria-required="true"
http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0 || $dss_accessLevel < 2) { header("Location: /index.php"); exit; } $filetypeId = $_REQUEST["filetypeId"]; $allowDelete = 0; if (trim($filetypeId) != "") { $filetypeQuery = db_query("SELECT * FROM filetype WHERE id=" . escapeValue($filetypeId)); if (db_numrows($filetypeQuery) != 1) { header("Location: /filetype_list.php?errorMessage=" . rawurlencode("Unable to access that filetype.")); exit; } $filetypeResult = db_fetch($filetypeQuery); /* See it there are items using this filetype. */ $itemQuery = db_query("SELECT id FROM item WHERE filetype=" . escapeQuote($filetypeResult["extension"])); if (db_numrows($itemQuery) == 0) { $allowDelete = 1; } } if (trim($filetypeId) == "") { $submitButton = "Add"; } else { $submitButton = "Update";
if (trim($_REQUEST["creationDate"]) != "") { db_query("UPDATE item SET creationDate=" . escapeQuote($_REQUEST["creationDate"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE projectId=" . escapeValue($projectId)); $infoMessage[] = "The item creation dates were changed."; } if (trim($_REQUEST["location"]) != "") { db_query("UPDATE item SET location=" . escapeQuote($_REQUEST["location"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE projectId=" . escapeValue($projectId)); $infoMessage[] = "The item geographic locations were changed."; } if (trim($_REQUEST["retentionGroup"]) != "") { $retentionPeriodResult = db_fetch(db_query("SELECT retentionPeriod FROM retention WHERE retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]))); $retentionPeriod = $retentionPeriodResult["retentionPeriod"]; $itemQuery = db_query("SELECT id,addedDate FROM item WHERE projectId=" . escapeValue($projectId)); while ($itemResult = db_fetch($itemQuery)) { $addedDateDay = date("d", $itemResult["addedDate"]); $addedDateMonth = date("m", $itemResult["addedDate"]); $addedDateYear = date("Y", $itemResult["addedDate"]); if ($retentionPeriod > 0) { $expirationDate = mktime(6, 0, 0, $addedDateMonth, $addedDateDay, $addedDateYear + $retentionPeriod); } else { $expirationDate = mktime(6, 0, 0, 12, 31, 2037); } db_query("UPDATE item SET retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]) . ",expirationDate={$expirationDate}" . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id=" . $itemResult["id"]); } $infoMessage[] = "The item retention groups and expiration dates were changed."; } if (trim($_REQUEST["significant"]) != "") { db_query("UPDATE item SET significant=" . escapeValue($_REQUEST["significant"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE projectId=" . escapeValue($projectId)); $infoMessage[] = "The items were marked as significant."; } db_query("UPDATE item SET metadataCompleted=1 WHERE retentionGroup<>'' AND creationDate<>'' AND projectId={$projectId}"); header("Location: item_list.php?infoMessage=" . rawurlencode(implode("<br />", $infoMessage)));
http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0 || $dss_accessLevel == 0) { header("Location: /index.php"); exit; } $groupId = $_REQUEST["groupId"]; $allowDelete = 0; if (trim($groupId) != "") { $groupQuery = db_query("SELECT * FROM retention WHERE id=" . escapeValue($groupId)); if (db_numrows($groupQuery) != 1) { header("Location: /group_list.php?errorMessage=" . rawurlencode("Unable to access that group.")); exit; } $groupResult = db_fetch($groupQuery); /* See it there are items using this retention group. */ $itemQuery = db_query("SELECT id FROM item WHERE retentionGroup=" . escapeQuote($groupResult["retentionGroup"])); if (db_numrows($itemQuery) == 0) { $allowDelete = 1; } } if (trim($groupId) == "") { $submitButton = "Add"; } else { $submitButton = "Update";
require_once "requires/functions.php"; require_once "requires/datasource.php"; if (!isLoggedIn()) { redirectTo("login.php"); } else { include "headers/adminheader.php"; if (isset($_SESSION["currentUser"])) { $username = $_SESSION["currentUser"]; // if the current session has a logged in user // and the update info button was submitted, update // their information if (isset($_POST["updateinfosubmit"])) { $firstName = escapeValue(trim($_POST["firstname"])); $lastName = escapeValue(trim($_POST["lastname"])); $phoneNumber = escapeValue(trim($_POST["phone"])); $emailAddress = escapeValue(trim($_POST["email"])); DataSource::updateUser($username, $firstName, $lastName, $emailAddress, $phoneNumber); // else get current information about the username in the // database to display } else { $result = DataSource::getUser("username = '******'"); $row = $result->fetch_assoc(); $firstName = $row["firstName"]; $lastName = $row["lastName"]; $emailAddress = $row["emailAddress"]; $phoneNumber = $row["phoneNumber"]; } // get the reviews for the username from the database to // display $reviewResult = DataSource::getUserReviews($username); $reviews = array();
} $userId = $_REQUEST["userId"]; $infoMessage = "User was updated."; if (trim($userId) == "") { /* See if this is a duplicate user. */ $query = db_query("SELECT id FROM user WHERE username="******"username"])); if (db_numrows($query) == 0) { $infoMessage = "User was added."; $userId = db_insert("user"); db_query("UPDATE user SET createdByUserId={$dss_userId}" . ",createdDate=" . date("U") . " WHERE id=" . escapeValue($userId)); } else { header("Location: user_list.php?errorMessage=" . rawurlencode("The username already exists and was not added.")); exit; } } /* See if this is a duplicate username. */ $query = db_query("SELECT id FROM user WHERE id<>" . escapeValue($userId) . " AND username="******"username"])); if (db_numrows($query) == 0) { db_query("UPDATE user SET active=" . escapeValue($_REQUEST["active"]) . ",accessLevel=" . escapeValue($_REQUEST["accessLevel"]) . ",firstName=" . escapeQuote($_REQUEST["firstName"]) . ",lastName=" . escapeQuote($_REQUEST["lastName"]) . ",username="******"username"]) . ",emailAddress=" . escapeQuote($_REQUEST["emailAddress"]) . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . " WHERE id=" . escapeValue($userId)); /* Update workgroups. */ db_query("DELETE FROM workgroupUser WHERE userId=" . escapeValue($userId)); foreach ($_REQUEST["workgroupId"] as $workgroupId => $value) { if ($value) { db_query("INSERT INTO workgroupUser VALUES ({$workgroupId},{$userId})"); } } } else { header("Location: user_list.php?errorMessage=" . rawurlencode("The username belongs to another user and no changes were made.")); exit; } header("Location: user_list.php?infoMessage=" . rawurlencode($infoMessage));
if (trim($_REQUEST["cancel_button"]) != "") { header("Location: /filetype_list.php"); exit; } $filetypeId = $_REQUEST["filetypeId"]; if (trim($_REQUEST["delete_button"]) != "") { db_query("DELETE FROM filetype WHERE id=" . escapeValue($filetypeId)); header("Location: /filetype_list.php?infoMessage=" . rawurlencode('The filetype was deleted.')); exit; } $infoMessage = "Filetype was updated."; if (trim($filetypeId) == "") { /* See if this is a duplicate filetype. */ $query = db_query("SELECT id FROM filetype WHERE extension=" . escapeQuote($_REQUEST["extension"])); if (db_numrows($query) == 0) { $infoMessage = "Filetype was added."; $filetypeId = db_insert("filetype"); } else { header("Location: filetype_list.php?errorMessage=" . rawurlencode("The filetype already exists and was not added.")); exit; } } /* See if this is a duplicate username. */ $query = db_query("SELECT id FROM filetype WHERE id<>" . escapeValue($filetypeId) . " AND extension=" . escapeQuote($_REQUEST["extension"])); if (db_numrows($query) == 0) { db_query("UPDATE filetype SET extension=" . escapeQuote($_REQUEST["extension"]) . ",mimeType=" . escapeQuote($_REQUEST["mimeType"]) . " WHERE id=" . escapeValue($filetypeId)); } else { header("Location: filetype_list.php?errorMessage=" . rawurlencode("The filetype already exists and no changes were made.")); exit; } header("Location: filetype_list.php?infoMessage=" . rawurlencode($infoMessage));
$addedDateYear = date("Y", $itemResult["addedDate"]); /* If the new project ID does not match the current one, we will need to move the file to the new project directory. */ $projectId = escapeValue($_REQUEST["projectId"]); if ($itemResult["projectId"] != $projectId) { /* See if this filename already exists in the new project. */ if (file_exists($dss_fileshare . $projectId . "/" . $itemResult["filename"])) { header("Location: item_detail.php?search=" . $_POST["search"] . "&itemId={$itemId}&errorMessage=" . rawurlencode("An item with the same filename is already present in the new project. No updates were made.")); exit; } else { rename($dss_fileshare . $itemResult["projectId"] . "/" . $itemResult["filename"], $dss_fileshare . $projectId . "/" . $itemResult["filename"]); db_query("UPDATE item SET projectId={$projectId} WHERE id={$itemId}"); } } /* Calculate the new expiration date. */ if (trim($_REQUEST["retentionGroup"]) != "") { $retentionPeriodResult = db_fetch(db_query("SELECT retentionPeriod FROM retention WHERE retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]))); $retentionPeriod = $retentionPeriodResult["retentionPeriod"]; if ($retentionPeriod > 0) { $expirationDate = mktime(6, 0, 0, $addedDateMonth, $addedDateDay, $addedDateYear + $retentionPeriod); } else { $expirationDate = mktime(6, 0, 0, 12, 31, 2037); } } /* If required metadata has been supplied, set the metadata complete indicator. */ $metadataCompleted = 0; if (trim($_REQUEST["retentionGroup"]) != "" && trim($_REQUEST["creationDate"]) != "") { $metadataCompleted = 1; } /* Update item information. */ db_query("UPDATE item SET metadataCompleted={$metadataCompleted}" . ",lastUpdatedByUserId={$dss_userId}" . ",lastUpdatedDate=" . date("U") . ",significant=" . escapeValue($_REQUEST["significant"]) . ",retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]) . ",expirationDate={$expirationDate}" . ",title=" . escapeQuote($_REQUEST["title"]) . ",description=" . escapeQuote($_REQUEST["description"]) . ",creator=" . escapeQuote($_REQUEST["creator"]) . ",creationDate=" . escapeQuote($_REQUEST["creationDate"]) . ",location=" . escapeQuote($_REQUEST["location"]) . " WHERE id={$itemId}"); header("Location: item_detail.php?search=" . $_POST["search"] . "&itemId={$itemId}&infoMessage=" . rawurlencode("Item information updated."));
function metasync($projectId, $commandLineUserId = 0) { global $dss_fileshare, $dss_userId; $query = db_query("SELECT id FROM project WHERE id=" . escapeValue($projectId)); if (db_numrows($query) == 1) { /* Get the acceptable file types. */ $query = db_query("SELECT extension,mimeType FROM filetype"); while ($result = db_fetch($query)) { $allowedExtensions[$result["extension"]] = $result["mimeType"]; } /* If this is being called from the command line, use the passed in user ID. */ if ($commandLineUserId != 0) { $userId = $commandLineUserId; } else { $userId = $dss_userId; } /* Scan the project directory for files that are not already in this project. */ if ($handle = opendir($dss_fileshare . $projectId)) { $filesSynced = array(); while (false !== ($filename = readdir($handle))) { /* Only files are permitted. Remove anything else. */ if (filetype($dss_fileshare . $projectId . "/" . $filename) == "file") { /* See if this file has an acceptable file type. */ $fileparts = explode(".", $filename); $filetype = strtoupper($fileparts[sizeof($fileparts) - 1]); if (array_key_exists($filetype, $allowedExtensions)) { if (!in_array($filename, array("metadata.txt"))) { /* See if this filename is already in this project. */ $query = db_query("SELECT id FROM item WHERE projectId={$projectId} AND filename=" . escapeQuote($filename)); if (db_numrows($query) == 0) { $title = ""; $creationDate = ""; $creator = ""; $location = ""; $description = ""; /* If this is an image type file, see if there is IPTC metadata we can harvest. */ if (strstr($allowedExtensions[$filetype], "image")) { $size = @getimagesize($dss_fileshare . $projectId . "/{$filename}", $info); if (isset($info['APP13'])) { $iptc = iptcparse($info['APP13']); $title = $iptc['2#005'][0]; $creationDate = $iptc['2#055'][0]; $creator = $iptc['2#080'][0]; $location = $iptc['2#092'][0]; $description = $iptc['2#120'][0]; } } if (trim($title) == "") { $title = $filename; } $expirationDate = mktime(6, 0, 0, date("m"), date("d"), date("Y") + 1); $itemId = db_insert("item"); db_query("UPDATE item SET projectId=" . escapeValue($projectId) . ",filetype=" . escapeQuote($filetype) . ",filesize=" . filesize($dss_fileshare . $projectId . "/{$filename}") . ",filename=" . escapeQuote($filename) . ",expirationDate={$expirationDate}" . ",checksum=" . escapeQuote(md5_file($dss_fileshare . $projectId . "/{$filename}")) . ",addedByUserId={$userId}" . ",addedDate=" . date("U") . ",lastUpdatedByUserId={$userId}" . ",lastUpdatedDate=" . date("U") . ",title=" . escapeQuote($title) . ",description=" . escapeQuote($description) . ",creator=" . escapeQuote($creator) . ",creationDate=" . escapeQuote($creationDate) . ",location=" . escapeQuote($location) . " WHERE id={$itemId}"); $filesSynced[$filename] = 1; } } } else { unlink($dss_fileshare . $projectId . "/" . $filename); } } else { system("rm -R " . $dss_fileshare . $projectId . "/" . $filename); } } closedir($handle); /* If there is a metadata.txt file, load the metadata into the database. */ if ($handle = @fopen($dss_fileshare . $projectId . "/metadata.txt", "r")) { /* The first record describes the field layout (tab-delimited). */ if ($record = fgets($handle, 4096)) { $fieldArray = explode("\t", strtolower(trim($record, "\r\n"))); if (false !== ($filenameIndex = array_search("filename", $fieldArray))) { /* For each filename in the file that is in the database, update the metadata. */ while ($record = fgets($handle, 4096)) { $recordArray = explode("\t", trim($record, "\r\n")); $filename = $recordArray[$filenameIndex]; $query = db_query("SELECT id,addedDate FROM item WHERE projectId=" . escapeValue($projectId) . " AND filename=" . escapeQuote($filename)); if (db_numrows($query) == 1) { $result = db_fetch($query); if (false !== ($index = array_search("title", $fieldArray))) { if (trim($recordArray[$index]) != "") { db_query("UPDATE item SET title=" . escapeQuote($recordArray[$index]) . ",lastUpdatedByUserId={$userId},lastUpdatedDate=" . date("U") . " WHERE id=" . $result["id"]); $filesSynced[$filename] = 1; } } if (false !== ($index = array_search("description", $fieldArray))) { if (trim($recordArray[$index]) != "") { db_query("UPDATE item SET description=" . escapeQuote($recordArray[$index]) . ",lastUpdatedByUserId={$userId},lastUpdatedDate=" . date("U") . " WHERE id=" . $result["id"]); $filesSynced[$filename] = 1; } } if (false !== ($index = array_search("creator", $fieldArray))) { if (trim($recordArray[$index]) != "") { db_query("UPDATE item SET creator=" . escapeQuote($recordArray[$index]) . ",lastUpdatedByUserId={$userId},lastUpdatedDate=" . date("U") . " WHERE id=" . $result["id"]); $filesSynced[$filename] = 1; } } if (false !== ($index = array_search("date", $fieldArray))) { if (trim($recordArray[$index]) != "") { db_query("UPDATE item SET creationDate=" . escapeQuote($recordArray[$index]) . ",lastUpdatedByUserId={$userId},lastUpdatedDate=" . date("U") . " WHERE id=" . $result["id"]); $filesSynced[$filename] = 1; } } if (false !== ($index = array_search("location", $fieldArray))) { if (trim($recordArray[$index]) != "") { db_query("UPDATE item SET location=" . escapeQuote($recordArray[$index]) . ",lastUpdatedByUserId={$userId},lastUpdatedDate=" . date("U") . " WHERE id=" . $result["id"]); $filesSynced[$filename] = 1; } } if (false !== ($index = array_search("group", $fieldArray))) { if (trim($recordArray[$index]) != "") { $retentionPeriodQuery = db_query("SELECT retentionPeriod FROM retention WHERE retentionGroup=" . escapeQuote($recordArray[$index])); if (db_numrows($retentionPeriodQuery) == 1) { $retentionPeriod = $retentionPeriodResult["retentionPeriod"]; if ($retentionPeriod > 0) { $expirationDate = mktime(6, 0, 0, date("m", $result["addedDate"]), date("d", $result["addedDate"]), date("Y", $result["addedDate"]) + $retentionPeriod); } else { $expirationDate = mktime(6, 0, 0, 12, 31, 2037); } db_query("UPDATE item SET retentionGroup=" . escapeQuote($recordArray[$index]) . ",expirationDate={$expirationDate},lastUpdatedByUserId={$userId},lastUpdatedDate=" . date("U") . " WHERE id=" . $result["id"]); $filesSynced[$filename] = 1; } } } } } fclose($handle); /* Delete the metadata.txt file so it doesn't get loaded again. */ unlink($dss_fileshare . $projectId . "/metadata.txt"); /* Mark the items that have all of their required metadata present. */ db_query("UPDATE item SET metadataCompleted=1 WHERE retentionGroup<>'' AND projectId={$projectId}"); } else { fclose($handle); /* Delete the metadata.txt file so it doesn't get loaded again. */ unlink($dss_fileshare . $projectId . "/metadata.txt"); return array("error" => "No filename field present in metadata.txt file."); } } else { fclose($handle); /* Delete the metadata.txt file so it doesn't get loaded again. */ unlink($dss_fileshare . $projectId . "/metadata.txt"); return array("error" => "No records present in metadata.txt file."); } } return array("success" => sizeof($filesSynced)); } return array("error" => "Unable to open project directory"); } return array("error" => "Invalid project ID"); }
/* Can this user edit this item. */ if ($dss_accessLevel == 0) { $workgroupQuery = db_query("SELECT b.workgroupId FROM item a, project b WHERE a.id=" . escapeValue($itemId) . " AND a.projectId=b.id"); if (db_numrows($workgroupQuery) == 1) { $workgroupResult = db_fetch($workgroupQuery); } else { header("Location: /index.php"); exit; } $accessQuery = db_query("SELECT workgroupId FROM workgroupUser WHERE workgroupId=" . $workgroupResult["workgroupId"] . " AND userId={$dss_userId}"); if (db_numrows($accessQuery) == 0) { header("Location: /index.php"); exit; } } $itemQuery = db_query("SELECT * FROM item WHERE id=" . escapeValue($itemId)); if (db_numrows($itemQuery) == 1) { $itemResult = db_fetch($itemQuery); } else { header("Location: /index.php"); exit; } $required["title"] = "Item title"; $required["retentionGroup"] = "Retention group"; $required["creationDate"] = "Creation date"; $dss_onLoad = "document.main.title.focus()"; require "resources/header.php"; ?> <h2>Edit Item</h2> <?php displayMessages($_REQUEST["infoMessage"], $_REQUEST["errorMessage"], $required);
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0) { header("Location: /index.php"); exit; } $projectId = $_REQUEST["projectId"]; $projectQuery = db_query("SELECT name,workgroupId FROM project WHERE id=" . escapeValue($projectId)); if (db_numrows($projectQuery) == 1) { $projectResult = db_fetch($projectQuery); } $itemResult = db_fetch(db_query("SELECT count(id) AS numItems FROM item WHERE projectId=" . escapeValue($projectId))); $numItems = $itemResult["numItems"]; $required["name"] = "Project name"; $dss_onLoad = "document.main.name.focus()"; require "resources/header.php"; ?> <h2>Edit Project</h2> <?php displayMessages($_REQUEST["infoMessage"], $_REQUEST["errorMessage"], $required); ?> <form action="project_update.php" method="post" name="main"> <input type="hidden" name="projectId" value="<?php echo $projectId; ?> "> <table>
You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0 || $dss_currentWorkgroup == 0 || $dss_currentProject == 0) { header("Location: /index.php"); exit; } $projectId = $_REQUEST["projectId"]; $projectQuery = db_query("SELECT name FROM project WHERE id=" . escapeValue($projectId)); if (db_numrows($projectQuery) == 1) { $projectResult = db_fetch($projectQuery); } $dss_javascriptLibraries = array("/resources/fileloader.js"); require "resources/header.php"; ?> <h2>Add Items to <?php echo $projectResult["name"]; ?> </h2> <?php displayMessages($_REQUEST["infoMessage"], $_REQUEST["errorMessage"], $required); ?> <a href="item_list.php"><img src="/resources/cancel.png" border="0" alt="Return to item list" title="Return to item list"></a> <form name="main" action="item_list.php" method="post">
if (!array_key_exists('cnt_session_id', $request->getCookieParams())) { logger($this)->addWarning('No contractor session id', getPath($request)); return forbidden($response); } $contractorSessionId = $request->getCookieParams()['cnt_session_id']; $contractorId = getContractorId($contractorSessionId); if (!isset($contractorId)) { logger($this)->addWarning('No contractor found by session id', array('cnt_session_id' => $contractorSessionId, 'uri' => $request->getUri()->getPath())); return forbidden($response); } $bid = getBidById($id); if (!isset($bid)) { logger($this)->addWarning('No bid found by id', array('id' => $id, 'uri' => $request->getUri()->getPath())); return notFound($response); } escapeValue($bid['product']); $response->getBody()->write(json_encode($bid)); return $response->withHeader('Content-Type', 'application/json'); } catch (PDOException $e) { return handleError($e, $response); } }); $app->post('/api/bids/{id}/take', function (Request $request, Response $response) { $id = $request->getAttribute("id"); if (!is_numeric($id)) { logger($this)->addWarning('Wrong bid id', getPath($request)); return badRequest($response); } try { if (!array_key_exists('cnt_session_id', $request->getCookieParams())) { logger($this)->addWarning('No contractor session id', getPath($request));
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0 || $dss_accessLevel == 0) { header("Location: /index.php"); exit; } $workgroupId = $_REQUEST["workgroupId"]; if (trim($workgroupId) == "") { $submitButton = "Add"; } else { $workgroupQuery = db_query("SELECT name FROM workgroup WHERE id=" . escapeValue($workgroupId)); if (db_numrows($workgroupQuery) == 1) { $workgroupResult = db_fetch($workgroupQuery); } $submitButton = "Update"; } $required["name"] = "Workgroup name"; $dss_onLoad = "document.main.name.focus()"; require "resources/header.php"; ?> <h2>Workgroup Edit</h2> <?php displayMessages($_REQUEST["infoMessage"], $_REQUEST["errorMessage"], $required); ?> <form action="workgroup_update.php" method="post" name="main"> <input type="hidden" name="workgroupId" value="<?php
</div> <br/> <div class="row"> <div class="input-field col s12"> <button id="addsubmit" type="submit" name="addsubmit" class="waves-effect waves-light btn indigo accent-1"> Add Item</button> </div> </div> <?php // if was submitted from the add button, validate the user's // inputs and add the new item for the user to the database if (isset($_POST["addsubmit"])) { $name = escapeValue(trim($_POST["name"])); $price = trim($_POST["price"]); $description = escapeValue(trim($_POST["description"])); if (empty($name) || empty($price) || empty($description)) { echo "<h3>Error: Please fill in all inputs</h3>"; } else { $image = NULL; $username = $_SESSION["currentUser"]; // check if any image is uploaded if (isset($_FILES["image"]["tmp_name"]) && !empty($_FILES["image"]["tmp_name"])) { // get the image content and encode it before // adding into the database $image = addslashes($_FILES["image"]["tmp_name"]); $image = base64_encode(file_get_contents($image)); } DataSource::createItem($name, $price, $description, $image, $username); redirectTo("myitems.php"); }
</div> <div class="row"> <div class="input-field col s12"> <button id="loginsubmit" type="submit" name="loginsubmit" class="waves-effect waves-light btn indigo accent-1"> Log In</button> </div> </div> </div> </div> <?php // if was submitted from the log in button, hash the password as md5 // 128 bit format, then compare the username and password in the database // if match, log the user in, else display the error if (isset($_POST["loginsubmit"])) { $username = escapeValue(trim($_POST["username"])); $password = md5(trim($_POST["password"])); $selection = "username = '******' "; $selection .= "AND password = '******';"; $result = DataSource::getUser($selection); $row = $result->fetch_assoc(); if ($row != NULL) { // user found, log in successfully $_SESSION["currentUser"] = $row["username"]; $_SESSION["currentName"] = $row["firstName"] + $row["lastName"]; redirectTo("myitems.php"); } else { echo "<h3>Error: incorrect username/password</h3>"; } } closeConnection();
exit; } /* If this user is not an admin, get the workgroups the user belongs to. */ $workgroupLimit = ""; if ($dss_accessLevel == 0) { $workgroupIdArray = array(); $workgroupQuery = db_query("SELECT workgroupId FROM workgroupUser WHERE userId={$dss_userId}"); while ($workgroupResult = db_fetch($workgroupQuery)) { $workgroupIdArray[] = $workgroupResult["workgroupId"]; } $workgroupLimit = " AND c.id IN (" . implode(",", $workgroupIdArray) . ")"; } if (trim($_REQUEST["currentPage"]) != "") { superstore_save("SEARCH", $dss_sessionCookie, "currentPage", $_REQUEST["currentPage"]); } $currentPage = escapeValue(superstore_fetch("SEARCH", $dss_sessionCookie, "currentPage")); for ($i = 0; $i < 5; $i++) { $thisField = "field" . $i; $thisCondition = "condition" . $i; $thisValue = "value" . $i; if ($_POST["resetButton"] != "") { superstore_save("SEARCH", $dss_sessionCookie, $thisField, ''); superstore_save("SEARCH", $dss_sessionCookie, $thisCondition, ''); superstore_save("SEARCH", $dss_sessionCookie, $thisValue, ''); superstore_save("SEARCH", $dss_sessionCookie, "currentPage", 0); $currentPage = 0; } elseif ($_POST["searchButton"] != "") { superstore_save("SEARCH", $dss_sessionCookie, $thisField, $_POST[$thisField]); superstore_save("SEARCH", $dss_sessionCookie, $thisCondition, $_POST[$thisCondition]); superstore_save("SEARCH", $dss_sessionCookie, $thisValue, $_POST[$thisValue]); superstore_save("SEARCH", $dss_sessionCookie, "currentPage", 0);
if (trim($_REQUEST["cancel_button"]) != "") { header("Location: /group_list.php"); exit; } $groupId = $_REQUEST["groupId"]; if (trim($_REQUEST["delete_button"]) != "") { db_query("DELETE FROM retention WHERE id=" . escapeValue($groupId)); header("Location: /group_list.php?infoMessage=" . rawurlencode('The retention group was deleted.')); exit; } $infoMessage = "Retention group was updated."; if (trim($groupId) == "") { /* See if this is a duplicate group. */ $query = db_query("SELECT id FROM retention WHERE retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"])); if (db_numrows($query) == 0) { $infoMessage = "Retention group was added."; $groupId = db_insert("retention"); } else { header("Location: group_list.php?errorMessage=" . rawurlencode("The retention group already exists and was not added.")); exit; } } /* See if this is a duplicate username. */ $query = db_query("SELECT id FROM retention WHERE id<>" . escapeValue($groupId) . " AND retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"])); if (db_numrows($query) == 0) { db_query("UPDATE retention SET retentionGroup=" . escapeQuote($_REQUEST["retentionGroup"]) . ",retentionPeriod=" . escapeValue($_REQUEST["retentionPeriod"]) . " WHERE id=" . escapeValue($groupId)); } else { header("Location: group_list.php?errorMessage=" . rawurlencode("The retention group already exists and no changes were made.")); exit; } header("Location: group_list.php?infoMessage=" . rawurlencode($infoMessage));
You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0 || $dss_accessLevel == 0) { header("Location: /index.php"); exit; } $logId = $_REQUEST["logId"]; $logQuery = db_query("SELECT * FROM auditlog WHERE id=" . escapeValue($logId)); if (db_numrows($logQuery) == 1) { $logResult = db_fetch($logQuery); } else { header("Location: /index.php"); exit; } require "resources/header.php"; ?> <h2>Log Detail</h2> <?php displayMessages($_REQUEST["infoMessage"], $_REQUEST["errorMessage"]); ?> <a href="report_audit_list.php"><img src="/resources/cancel.png" border="0" alt="Return to log list" title="Return to log list"></a> <table cellpadding="0" cellspacing="0" border="0"> <tr class="<?php
You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ if ($dss_userId == 0 || $dss_accessLevel == 0) { header("Location: /index.php"); exit; } $itemId = $_REQUEST["itemId"]; $itemQuery = db_query("SELECT filename,checksum FROM item WHERE id=" . escapeValue($itemId)); if (db_numrows($itemQuery) == 1) { $itemResult = db_fetch($itemQuery); } else { header("Location: /index.php"); exit; } $pod0checksum = md5_file($dss_fileshare . $dss_currentProject . "/" . $itemResult["filename"]); $pod1checksum = file_get_contents("http://" . $dss_pod1name . "/file_checksum.php?file=" . urlencode($dss_fileshare . $dss_currentProject . "/" . $itemResult["filename"])); $pod2checksum = file_get_contents("http://" . $dss_pod2name . "/file_checksum.php?file=" . urlencode($dss_fileshare . $dss_currentProject . "/" . $itemResult["filename"])); require "resources/header.php"; ?> <h2>Item Restore</h2> <?php displayMessages($_REQUEST["infoMessage"], $_REQUEST["errorMessage"]); ?>
} ?> </select><br><br> <input type="submit" name="submit_button" value="Display"> <input type="submit" name="reset_button" value="Reset"> You must select one limit to display results. </form> <table class="listing"> <tr><th>Action</th><th>Action Date</th><th>Action By</th><th>Workgroup</th><th>Project</th><th>Filename</th></tr> <?php $where = array(); if (trim($action) != "") { $where[] = "action=" . escapeQuote($action); } if (trim($actionByUserId) != "") { $where[] = "actionByUserId=" . escapeValue($actionByUserId); } if (trim($workgroupName) != "") { $where[] = "workgroupName=" . escapeQuote($workgroupName); } if (trim($projectName) != "") { $where[] = "projectName=" . escapeQuote($projectName); } if (sizeof($where) > 0) { $sql = "SELECT id,action,actionDate,actionByUserId,workgroupName,projectName,filename FROM auditlog WHERE " . implode(" AND ", $where) . " ORDER BY actionDate DESC"; //echo $sql; $auditQuery = db_query($sql); while ($auditResult = db_fetch($auditQuery)) { $userResult = db_fetch(db_query("SELECT firstName,lastName FROM user WHERE id=" . $auditResult["actionByUserId"])); ?> <tr>