$k = $newkey; } # Check access permissions for this new resource, if an external user. if ($k != "" && !check_access_key($ref, $k)) { $ref = $origref; } # Cancel the move. } hook("chgffmpegpreviewext", "", array($ref)); # Load resource data $resource = get_resource_data($ref); if ($resource === false) { exit($lang['resourcenotfound']); } # Allow alternative configuration settings for this resource type. resource_type_config_override($resource["resource_type"]); // get mp3 paths if necessary and set $use_mp3_player switch if (!(isset($resource['is_transcoding']) && $resource['is_transcoding'] == 1) && (in_array($resource["file_extension"], $ffmpeg_audio_extensions) || $resource["file_extension"] == "mp3") && $mp3_player) { $use_mp3_player = true; } else { $use_mp3_player = false; } if ($use_mp3_player) { $mp3realpath = get_resource_path($ref, true, "", false, "mp3"); if (file_exists($mp3realpath)) { $mp3path = get_resource_path($ref, false, "", false, "mp3"); } } # Dev feature - regenerate exif data. if (getval("regenexif", "") != "") { extract_exif_comment($ref, $resource["file_extension"]);
function save_resource_data($ref, $multi, $autosave_field = "") { # Save all submitted data for resource $ref. # Also re-index all keywords from indexable fields. global $auto_order_checkbox, $userresourcedefaults, $multilingual_text_fields, $languages, $language, $user_resources_approved_email; hook("befsaveresourcedata", "", array($ref)); # save resource defaults # (do this here so that user can override them if the fields are visible.) if ($autosave_field == "") { set_resource_defaults($ref); } # Loop through the field data and save (if necessary) $errors = array(); $fields = get_resource_field_data($ref, $multi, !hook("customgetresourceperms")); $expiry_field_edited = false; $resource_data = get_resource_data($ref); # Load the configuration for the selected resource type. Allows for alternative notification addresses, etc. resource_type_config_override($resource_data["resource_type"]); for ($n = 0; $n < count($fields); $n++) { if (!(checkperm("F" . $fields[$n]["ref"]) || checkperm("F*") && !checkperm("F-" . $fields[$n]["ref"])) && ($autosave_field == "" || $autosave_field == $fields[$n]["ref"] || is_array($autosave_field) && in_array($fields[$n]["ref"], $autosave_field))) { if ($fields[$n]["type"] == 2) { # construct the value from the ticked boxes $val = ","; # Note: it seems wrong to start with a comma, but this ensures it is treated as a comma separated list by split_keywords(), so if just one item is selected it still does individual word adding, so 'South Asia' is split to 'South Asia','South','Asia'. $options = trim_array(explode(",", $fields[$n]["options"])); for ($m = 0; $m < count($options); $m++) { $name = $fields[$n]["ref"] . "_" . md5($options[$m]); if (getval($name, "") == "yes") { if ($val != ",") { $val .= ","; } $val .= $options[$m]; } } } elseif ($fields[$n]["type"] == 4 || $fields[$n]["type"] == 6 || $fields[$n]["type"] == 10) { # date type, construct the value from the date/time dropdowns $val = sprintf("%04d", getvalescaped("field_" . $fields[$n]["ref"] . "-y", "")); if ((int) $val <= 0) { $val = ""; } elseif (($field = getvalescaped("field_" . $fields[$n]["ref"] . "-m", "")) != "") { $val .= "-" . $field; if (($field = getvalescaped("field_" . $fields[$n]["ref"] . "-d", "")) != "") { $val .= "-" . $field; if (($field = getval("field_" . $fields[$n]["ref"] . "-h", "")) != "") { $val .= " " . $field . ":"; if (($field = getvalescaped("field_" . $fields[$n]["ref"] . "-i", "")) != "") { $val .= $field; } else { $val .= "00"; } } } } } elseif ($multilingual_text_fields && ($fields[$n]["type"] == 0 || $fields[$n]["type"] == 1 || $fields[$n]["type"] == 5)) { # Construct a multilingual string from the submitted translations $val = getvalescaped("field_" . $fields[$n]["ref"], ""); $val = "~" . $language . ":" . $val; reset($languages); foreach ($languages as $langkey => $langname) { if ($language != $langkey) { $val .= "~" . $langkey . ":" . getvalescaped("multilingual_" . $n . "_" . $langkey, ""); } } } elseif ($fields[$n]["type"] == 3 || $fields[$n]["type"] == 12) { $val = getvalescaped("field_" . $fields[$n]["ref"], ""); // if it doesn't already start with a comma, add one if (substr($val, 0, 1) != ',') { $val = ',' . $val; } } else { # Set the value exactly as sent. $val = getvalescaped("field_" . $fields[$n]["ref"], ""); } # Check for regular expression match if (trim(strlen($fields[$n]["regexp_filter"])) >= 1 && strlen($val) > 0) { if (preg_match("#^" . $fields[$n]["regexp_filter"] . "\$#", $val, $matches) <= 0) { global $lang; debug($lang["information-regexp_fail"] . ": -" . "reg exp: " . $fields[$n]["regexp_filter"] . ". Value passed: " . $val); if (getval("autosave", "") != "") { exit; } $errors[$fields[$n]["ref"]] = $lang["information-regexp_fail"] . " : " . $val; continue; } } $modified_val = hook("modifiedsavedfieldvalue", '', array($fields, $n, $val)); if (!empty($modified_val)) { $val = $modified_val; } $error = hook("additionalvalcheck", "all", array($fields, $fields[$n])); if ($error) { global $lang; if (getval("autosave", "") != "") { exit($error); } $errors[$fields[$n]["ref"]] = $error; continue; } if (str_replace("\r\n", "\n", $fields[$n]["value"]) !== str_replace("\r\n", "\n", unescape($val))) { //$testvalue=$fields[$n]["value"];var_dump($testvalue);$val=unescape($val);var_dump($val); //echo "FIELD:".$fields[$n]["value"]."!==ORIG:".unescape($val); $oldval = $fields[$n]["value"]; # This value is different from the value we have on record. # Write this edit to the log (including the diff) (unescaped is safe because the diff is processed later) resource_log($ref, 'e', $fields[$n]["ref"], "", $fields[$n]["value"], unescape($val)); # Expiry field? Set that expiry date(s) have changed so the expiry notification flag will be reset later in this function. if ($fields[$n]["type"] == 6) { $expiry_field_edited = true; } # If 'resource_column' is set, then we need to add this to a query to back-update # the related columns on the resource table $resource_column = $fields[$n]["resource_column"]; # Purge existing data and keyword mappings, decrease keyword hitcounts. sql_query("delete from resource_data where resource='{$ref}' and resource_type_field='" . $fields[$n]["ref"] . "'"); # Insert new data and keyword mappings, increase keyword hitcounts. sql_query("insert into resource_data(resource,resource_type_field,value) values('{$ref}','" . $fields[$n]["ref"] . "','" . escape_check($val) . "')"); if ($fields[$n]["type"] == 3 && substr($oldval, 0, 1) != ',') { # Prepend a comma when indexing dropdowns $oldval = "," . $oldval; } if ($fields[$n]["keywords_index"] == 1) { # Date field? These need indexing differently. $is_date = $fields[$n]["type"] == 4 || $fields[$n]["type"] == 6; $is_html = $fields[$n]["type"] == 8; remove_keyword_mappings($ref, i18n_get_indexable($oldval), $fields[$n]["ref"], $fields[$n]["partial_index"], $is_date, '', '', $is_html); add_keyword_mappings($ref, i18n_get_indexable($val), $fields[$n]["ref"], $fields[$n]["partial_index"], $is_date, '', '', $is_html); } else { // Remove all entries from resource_keyword for this field, useful if setting is changed and changed back leaving stale data remove_all_keyword_mappings_for_field($ref, $fields[$n]["ref"]); } # If this is a 'joined' field we need to add it to the resource column $joins = get_resource_table_joins(); if (in_array($fields[$n]["ref"], $joins)) { if (substr($val, 0, 1) == ",") { $val = substr($val, 1); } sql_query("update resource set field" . $fields[$n]["ref"] . "='" . escape_check($val) . "' where ref='{$ref}'"); } # Add any onchange code if ($fields[$n]["onchange_macro"] != "") { eval($fields[$n]["onchange_macro"]); } } # Check required fields have been entered. $exemptfields = getvalescaped("exemptfields", ""); $exemptfields = explode(",", $exemptfields); if ($fields[$n]["required"] == 1 && ($val == "" || $val == ",") && !in_array($fields[$n]["ref"], $exemptfields)) { global $lang; $errors[$fields[$n]["ref"]] = i18n_get_translated($fields[$n]["title"]) . ": " . $lang["requiredfield"]; } } } //die(); if ($autosave_field == "") { # Additional tasks when editing all fields (i.e. not autosaving) # Always index the resource ID as a keyword remove_keyword_mappings($ref, $ref, -1); add_keyword_mappings($ref, $ref, -1); # Also index the resource type name, unless disabled global $index_resource_type; if ($index_resource_type) { $restypename = sql_value("select name value from resource_type where ref in (select resource_type from resource where ref='" . escape_check($ref) . "')", ""); remove_all_keyword_mappings_for_field($ref, -2); add_keyword_mappings($ref, $restypename, -2); } # Also save related resources field sql_query("delete from resource_related where resource='{$ref}' or related='{$ref}'"); # remove existing related items $related = explode(",", getvalescaped("related", "")); # Make sure all submitted values are numeric $ok = array(); for ($n = 0; $n < count($related); $n++) { if (is_numeric(trim($related[$n]))) { $ok[] = trim($related[$n]); } } if (count($ok) > 0) { sql_query("insert into resource_related(resource,related) values ({$ref}," . join("),(" . $ref . ",", $ok) . ")"); } } # Autocomplete any blank fields. autocomplete_blank_fields($ref); # Expiry field(s) edited? Reset the notification flag so that warnings are sent again when the date is reached. $expirysql = ""; if ($expiry_field_edited) { $expirysql = ",expiry_notification_sent=0"; } if (!hook('forbidsavearchive', '', array($errors))) { # Also update archive status and access level $oldaccess = $resource_data['access']; $access = getvalescaped("access", $oldaccess, true); #$oldarchive=sql_value("select archive value from resource where ref='$ref'",""); $oldarchive = $resource_data['archive']; $setarchivestate = getvalescaped("status", $oldarchive, true); if ($setarchivestate != $oldarchive && !checkperm("e" . $setarchivestate)) { $setarchivestate = $oldarchive; } if ($access != $oldaccess || $setarchivestate != $oldarchive) { sql_query("update resource set archive='" . $setarchivestate . "',access='" . $access . "' {$expirysql} where ref='{$ref}'"); if ($setarchivestate != $oldarchive && $ref > 0) { resource_log($ref, "s", 0, "", $oldarchive, $setarchivestate); } if ($access != $oldaccess && $ref > 0) { resource_log($ref, "a", 0, "", $oldaccess, $access); if ($oldaccess == 3 && $access != 3) { # Moving out of the custom state. Delete any usergroup specific access. # This can delete any 'manual' usergroup grants also as the user will have seen this as part of the custom access. delete_resource_custom_access_usergroups($ref); } } // Notify the resources team ($email_notify) if moving from pending submission -> review. if ($oldarchive == -2 && $setarchivestate == -1 && $ref > 0) { notify_user_contributed_submitted(array($ref)); } if ($oldarchive == -1 && $setarchivestate == -2 && $ref > 0) { notify_user_contributed_unsubmitted(array($ref)); } if ($user_resources_approved_email) { if (($oldarchive == -2 || $oldarchive == -1) && $ref > 0 && $setarchivestate == 0) { notify_user_resources_approved(array($ref)); } } } } # For access level 3 (custom) - also save custom permissions if (getvalescaped("access", 0) == 3) { save_resource_custom_access($ref); } # Update XML metadata dump file update_xml_metadump($ref); hook("aftersaveresourcedata"); if (count($errors) == 0) { return true; } else { return $errors; } }
function managed_collection_request($ref, $details, $ref_is_resource = false) { # Request mode 1 # Managed via the administrative interface # An e-mail is still sent. global $applicationname, $email_from, $baseurl, $email_notify, $username, $useremail, $userref, $lang, $request_senduserupdates, $watermark, $filename_field, $view_title_field, $access, $resource_type_request_emails, $manage_request_admin; # Has a resource reference (instead of a collection reference) been passed? # Manage requests only work with collections. Create a collection containing only this resource. if ($ref_is_resource) { $admin_mail_template = "emailresourcerequest"; $user_mail_template = "emailuserresourcerequest"; $resourcedata = get_resource_data($ref); $templatevars['thumbnail'] = get_resource_path($ref, true, "thm", false, "jpg", $scramble = -1, $page = 1, $watermark ? $access == 1 ? true : false : false); # Allow alternative configuration settings for this resource type resource_type_config_override($resourcedata['resource_type']); if (!file_exists($templatevars['thumbnail'])) { $templatevars['thumbnail'] = "../gfx/" . get_nopreview_icon($resourcedata["resource_type"], $resourcedata["file_extension"], false); } $templatevars['url'] = $baseurl . "/?r=" . $ref; if (isset($filename_field)) { $templatevars["filename"] = $lang["fieldtitle-original_filename"] . ": " . get_data_by_field($ref, $filename_field); } if (isset($resourcedata["field" . $view_title_field])) { $templatevars["title"] = $resourcedata["field" . $view_title_field]; } $c = create_collection($userref, $lang["request"] . " " . date("ymdHis")); add_resource_to_collection($ref, $c); $ref = $c; # Proceed as normal } else { $admin_mail_template = "emailcollectionrequest"; $user_mail_template = "emailusercollectionrequest"; $collectiondata = get_collection($ref); $templatevars['url'] = $baseurl . "/?c=" . $ref; if (isset($collectiondata["name"])) { $templatevars["title"] = $collectiondata["name"]; } } # Fomulate e-mail text $templatevars['username'] = $username; $templatevars["useremail"] = $useremail; $userdata = get_user($userref); $templatevars["fullname"] = $userdata["fullname"]; $message = ""; reset($_POST); foreach ($_POST as $key => $value) { if (strpos($key, "_label") !== false) { # Add custom field $setting = trim($_POST[str_replace("_label", "", $key)]); if ($setting != "") { $message .= $value . ": " . $setting . "\n\n"; } } } if (trim($details) != "") { $message .= $lang["requestreason"] . ": " . newlines($details) . "\n\n"; } else { return false; } # Add custom fields $c = ""; global $custom_request_fields, $custom_request_required; if (isset($custom_request_fields)) { $custom = explode(",", $custom_request_fields); # Required fields? if (isset($custom_request_required)) { $required = explode(",", $custom_request_required); } for ($n = 0; $n < count($custom); $n++) { if (isset($required) && in_array($custom[$n], $required) && getval("custom" . $n, "") == "") { return false; # Required field was not set. } $message .= i18n_get_translated($custom[$n]) . ": " . getval("custom" . $n, "") . "\n\n"; } } # Create the request global $request_query; $request_query = "insert into request(user,collection,created,request_mode,status,comments) values ('{$userref}','{$ref}',now(),1,0,'" . escape_check($message) . "')"; global $notify_manage_request_admin, $assigned_to_user; $notify_manage_request_admin = false; // Manage individual requests of resources: hook('autoassign_individual_requests', '', array($userref, $ref, $message, isset($collectiondata))); if (isset($manage_request_admin) && !isset($collectiondata)) { $query = sprintf("\n SELECT DISTINCT r.resource_type AS value\n FROM collection_resource AS cr\n INNER JOIN resource r ON cr.resource = r.ref\n WHERE cr.collection = '%s';\n ", $ref); $request_resource_type = sql_value($query, 0); if ($request_resource_type != 0 && array_key_exists($request_resource_type, $manage_request_admin)) { $request_query = sprintf("\n INSERT INTO request(\n user,\n collection,\n created,\n request_mode,\n `status`,\n comments,\n assigned_to\n )\n VALUES (\n '%s',\n '%s',\n NOW(),\n 1,\n 0,\n '%s',\n '%s'\n );\n ", $userref, $ref, escape_check($message), $manage_request_admin[$request_resource_type]); $assigned_to_user = get_user($manage_request_admin[$request_resource_type]); $notify_manage_request_admin = true; } } // Manage collection requests: hook('autoassign_collection_requests', '', array($userref, isset($collectiondata) ? $collectiondata : array(), $message, isset($collectiondata))); if (isset($manage_request_admin) && isset($collectiondata)) { $all_r_types = get_resource_types(); foreach ($all_r_types as $r_type) { $all_resource_types[] = $r_type['ref']; } $resources = get_collection_resources($collectiondata['ref']); // Get distinct resource types found in this collection: $resource_types = array(); $collection_resources_by_type = array(); foreach ($resources as $resource_id) { $resource_data = get_resource_data($resource_id); $resource_types[$resource_id] = $resource_data['resource_type']; // Create a list of resource IDs based on type to separate them into different collections: $collection_resources_by_type[$resource_data['resource_type']][] = $resource_id; } // Split into collections based on resource type: foreach ($collection_resources_by_type as $collection_type => $collection_resources) { // Store all resources of unmanaged type in one collection which will be sent to the system administrator: if (!isset($manage_request_admin[$collection_type])) { $collections['not_managed'] = create_collection($userref, $collectiondata['name'] . ' for unmanaged types'); foreach ($collection_resources as $collection_resource_id) { add_resource_to_collection($collection_resource_id, $collections['not_managed']); } continue; } $collections[$collection_type] = create_collection($userref, $collectiondata['name'] . ' for type ' . $collection_type); foreach ($collection_resources as $collection_resource_id) { add_resource_to_collection($collection_resource_id, $collections[$collection_type]); } } if (isset($collections) && count($collections) > 1) { foreach ($collections as $request_resource_type => $collection_id) { $assigned_to = ''; $assigned_to_user['email'] = $email_notify; if (array_key_exists($request_resource_type, $manage_request_admin)) { $assigned_to = $manage_request_admin[$request_resource_type]; $assigned_to_user = get_user($manage_request_admin[$request_resource_type]); } $request_query = sprintf("\n INSERT INTO request(\n user,\n collection,\n created,\n request_mode,\n `status`,\n comments,\n assigned_to\n )\n VALUES (\n '%s',\n '%s',\n NOW(),\n 1,\n 0,\n '%s',\n '%s'\n );\n ", $userref, $collection_id, escape_check($message), $assigned_to); if (trim($assigned_to) == '') { $request_query = sprintf("\n INSERT INTO request(\n user,\n collection,\n created,\n request_mode,\n `status`,\n comments\n )\n VALUES (\n '%s',\n '%s',\n NOW(),\n 1,\n 0,\n '%s'\n );\n ", $userref, $collection_id, escape_check($message)); } sql_query($request_query); $request = sql_insert_id(); // Send the mail: $email_message = $lang['requestassignedtoyoumail'] . "\n\n" . $baseurl . "/?q=" . $request . "\n"; send_mail($assigned_to_user['email'], $applicationname . ': ' . $lang['requestassignedtoyou'], $email_message); unset($email_message); } $notify_manage_request_admin = false; } else { $ref = implode('', $collections); } } if (hook('bypass_end_managed_collection_request', '', array(!isset($collectiondata), $ref, $request_query, $message, $templatevars, $assigned_to_user, $admin_mail_template, $user_mail_template))) { return true; } sql_query($request_query); $request = sql_insert_id(); $templatevars["request_id"] = $request; $templatevars["requesturl"] = $baseurl . "/?q=" . $request; $templatevars["requestreason"] = $message; hook("afterrequestcreate", "", array($request)); # Automatically notify the admin who was assigned the request: if (isset($manage_request_admin) && $notify_manage_request_admin) { $message = $lang['requestassignedtoyoumail'] . "\n\n" . $baseurl . "/?q=" . $request . "\n"; send_mail($assigned_to_user['email'], $applicationname . ': ' . $lang['requestassignedtoyou'], $message); } # Check if alternative request email notification address is set, only valid if collection contains resources of the same type $admin_notify_email = $email_notify; if (isset($resource_type_request_emails)) { $requestrestypes = array_unique(sql_array("select r.resource_type as value from collection_resource cr left join resource r on cr.resource=r.ref where cr.collection='{$ref}'")); if (count($requestrestypes) == 1 && isset($resource_type_request_emails[$requestrestypes[0]])) { $admin_notify_email = $resource_type_request_emails[$requestrestypes[0]]; } } # Send the e-mail $userconfirmmessage = $lang["requestsenttext"] . "<br /><br />{$message}<br /><br />" . $lang["clicktoviewresource"] . "<br />{$baseurl}/?c={$ref}"; $message = $lang["user_made_request"] . "<br /><br />" . $lang["username"] . ": " . $username . "<br />{$message}<br /><br />"; $message .= $lang["clicktoviewresource"] . "<br />{$baseurl}/?q={$request}"; send_mail($admin_notify_email, $applicationname . ": " . $lang["requestcollection"] . " - {$ref}", $message, $useremail, $useremail, $admin_mail_template, $templatevars); if ($request_senduserupdates) { send_mail($useremail, $applicationname . ": " . $lang["requestsent"] . " - {$ref}", $userconfirmmessage, $email_from, $email_notify, $user_mail_template, $templatevars); } # Increment the request counter sql_query("update resource set request_count=request_count+1 where ref='{$ref}'"); return true; }
} for ($n = 0; $n < count($types); $n++) { $rtypes[$types[$n]["ref"]] = $types[$n]["name"]; } if (is_array($result) && count($result) > 0) { $showkeypreview = false; $showkeycollect = false; $showkeycollectout = false; $showkeyemail = false; $showkeyedit = false; $showkeystar = false; $showkeycomment = false; # loop and display the results for ($n = $offset; $n < count($result) && $n < $offset + $per_page; $n++) { # Allow alternative configuration settings for this resource type. resource_type_config_override($result[$n]["resource_type"]); if ($order_by == "resourcetype" && $display != "list") { if ($n == 0 || isset($result[$n - 1]) && $result[$n]["resource_type"] != $result[$n - 1]["resource_type"]) { echo "<h1 class=\"SearchResultsDivider\" style=\"clear:left;\">" . htmlspecialchars($rtypes[$result[$n]["resource_type"]]) . "</h1>"; } } $ref = $result[$n]["ref"]; $GLOBALS['get_resource_data_cache'][$ref] = $result[$n]; $url = $baseurl_short . "pages/view.php?ref=" . $ref . "&search=" . urlencode($search) . "&order_by=" . urlencode($order_by) . "&sort=" . urlencode($sort) . "&offset=" . urlencode($offset) . "&archive=" . urlencode($archive) . "&k=" . urlencode($k) . "&curpos=" . urlencode($n) . '&restypes=' . urlencode($restypes); if ($result[$n]["access"] == 0 && !checkperm("g")) { # Resource access is open but user does not have the 'g' permission. Set access to restricted. If they have been granted specific access this will be added next $result[$n]["access"] = 1; } // Check if user or group has been granted specific access level as set in array returned from do_search function. if ($result[$n]["user_access"] != "") { $result[$n]["access"] = $result[$n]["user_access"];
} include "../include/general.php"; include "../include/image_processing.php"; include "../include/resource_functions.php"; include "../include/collections_functions.php"; $overquota = overquota(); $status = ""; $resource_type = getvalescaped("resource_type", ""); $collection_add = getvalescaped("collection_add", ""); $collectionname = getvalescaped("entercolname", ""); $search = getvalescaped("search", ""); $offset = getvalescaped("offset", "", true); $order_by = getvalescaped("order_by", ""); $archive = getvalescaped("archive", "", true); # Load the configuration for the selected resource type. Allows for alternative notification addresses, etc. resource_type_config_override($resource_type); $uploadparams = ""; $uploadparams .= "&relateto=" . urlencode(getval("relateto", "")); $uploadparams .= "&filename_field=" . urlencode(getval("filename_field", "")); if ($embedded_data_user_select || isset($embedded_data_user_select_fields)) { foreach ($_GET as $getname => $getval) { if (strpos($getname, "exif_option_") !== false) { $uploadparams .= "&" . urlencode($getname) . "=" . urlencode($getval); } } if (getval("exif_override", "") != "") { $uploadparams .= "&exif_override=true"; } } $redirecturl = getval("redirecturl", ""); if (strpos($redirecturl, $baseurl) !== 0 && !hook("modifyredirecturl")) {