· 6 years ago · Apr 09, 2019, 03:46 AM
1<?php
2/**
3 * Copyright (C) 2007,2008 Arie Nugraha (dicarve@yahoo.com)
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18 *
19 */
20
21/* Biblio file Adding Pop Windows */
22
23// key to authenticate
24define('INDEX_AUTH', '1');
25// key to get full database access
26define('DB_ACCESS', 'fa');
27
28// main system configuration
29require '../../../sysconfig.inc.php';
30// IP based access limitation
31require LIB_DIR.'ip_based_access.inc.php';
32
33do_checkIP('smc');
34do_checkIP('smc-bibliography');
35// start the session
36require SENAYAN_BASE_DIR.'admin/default/session.inc.php';
37require SENAYAN_BASE_DIR.'admin/default/session_check.inc.php';
38require SIMBIO_BASE_DIR.'simbio_GUI/table/simbio_table.inc.php';
39require SIMBIO_BASE_DIR.'simbio_GUI/form_maker/simbio_form_table.inc.php';
40require SIMBIO_BASE_DIR.'simbio_DB/simbio_dbop.inc.php';
41require SIMBIO_BASE_DIR.'simbio_FILE/simbio_file_upload.inc.php';
42require SIMBIO_BASE_DIR.'simbio_FILE/simbio_directory.inc.php';
43
44// privileges checking
45$can_write = utility::havePrivilege('bibliography', 'w');
46if (!$can_write) {
47 die('<div class="errorBox">'.__('You are not authorized to view this section').'</div>');
48}
49
50// page title
51$page_title = 'File Attachment Upload';
52
53// check for biblio ID in url
54$biblioID = 0;
55if (isset($_GET['biblioID']) AND $_GET['biblioID']) {
56 $biblioID = (integer)$_GET['biblioID'];
57}
58// check for file ID in url
59$fileID = 0;
60if (isset($_GET['fileID']) AND $_GET['fileID']) {
61 $fileID = (integer)$_GET['fileID'];
62}
63
64// start the output buffer
65ob_start();
66/* main content */
67// biblio topic save proccess
68if (isset($_POST['upload']) AND trim(strip_tags($_POST['fileTitle'])) != '') {
69 $uploaded_file_id = 0;
70 $title = trim(strip_tags($_POST['fileTitle']));
71 $url = trim(strip_tags($_POST['fileURL']));
72 // create new sql op object
73 $sql_op = new simbio_dbop($dbs);
74 // FILE UPLOADING
75 if (isset($_FILES['file2attach']) AND $_FILES['file2attach']['size']) {
76 // create upload object
77 $file_dir = trim($_POST['fileDir']);
78 $file_upload = new simbio_file_upload();
79 $file_upload->setAllowableFormat($sysconf['allowed_file_att']);
80 $file_upload->setMaxSize($sysconf['max_upload']*1024);
81 $file_upload->setUploadDir(REPO_BASE_DIR.DIRECTORY_SEPARATOR.str_replace('/', DIRECTORY_SEPARATOR, $file_dir));
82 $file_upload_status = $file_upload->doUpload('file2attach');
83 if ($file_upload_status === UPLOAD_SUCCESS) {
84 $file_ext = substr($file_upload->new_filename, strrpos($file_upload->new_filename, '.')+1);
85 $fdata['uploader_id'] = $_SESSION['uid'];
86 $fdata['file_title'] = $dbs->escape_string($title);
87 $fdata['file_name'] = $dbs->escape_string($file_upload->new_filename);
88 $fdata['file_url'] = $dbs->escape_string($url);
89 $fdata['file_dir'] = $dbs->escape_string($file_dir);
90 $fdata['file_desc'] = $dbs->escape_string(trim(strip_tags($_POST['fileDesc'])));
91 $fdata['mime_type'] = $sysconf['mimetype'][$file_ext];
92 $fdata['input_date'] = date('Y-m-d H:i:s');
93 $fdata['last_update'] = $fdata['input_date'];
94 // insert file data to database
95 @$sql_op->insert('files', $fdata);
96 $uploaded_file_id = $sql_op->insert_id;
97 utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'bibliography', $_SESSION['realname'].' upload file ('.$file_upload->new_filename.')');
98 } else {
99 echo '<script type="text/javascript">';
100 echo 'alert(\''.__('Upload FAILED! Forbidden file type or file size too big!').'\');';
101 echo 'self.close();';
102 echo '</script>';
103 die();
104 }
105 } else {
106 if ($url && preg_match('@^(http|https|ftp|gopher):\/\/@i', $url)) {
107 $fdata['uploader_id'] = $_SESSION['uid'];
108 $fdata['file_title'] = $dbs->escape_string($title);
109 $fdata['file_name'] = $dbs->escape_string($url);
110 $fdata['file_url'] = $dbs->escape_string($fdata['file_name']);
111 $fdata['file_dir'] = 'literal{NULL}';
112 $fdata['file_desc'] = $dbs->escape_string(trim(strip_tags($_POST['fileDesc'])));
113 $fdata['mime_type'] = 'text/uri-list';
114 $fdata['input_date'] = date('Y-m-d H:i:s');
115 $fdata['last_update'] = $fdata['input_date'];
116 // insert file data to database
117 @$sql_op->insert('files', $fdata);
118 $uploaded_file_id = $sql_op->insert_id;
119 }
120 }
121
122 // BIBLIO FILE RELATION DATA UPDATE
123 // check if biblio_id POST var exists
124 if (isset($_POST['updateBiblioID']) AND !empty($_POST['updateBiblioID'])) {
125 $updateBiblioID = (integer)$_POST['updateBiblioID'];
126 $data['biblio_id'] = $updateBiblioID;
127 $data['file_id'] = $uploaded_file_id;
128 $data['access_type'] = trim($_POST['accessType']);
129 $data['access_limit'] = 'literal{NULL}';
130 // parsing member type data
131 if ($data['access_type'] == 'public') {
132 $groups = '';
133 if (isset($_POST['accLimit']) AND count($_POST['accLimit']) > 0) {
134 $groups = serialize($_POST['accLimit']);
135 } else {
136 $groups = 'literal{NULL}';
137 }
138 $data['access_limit'] = trim($groups);
139 }
140
141 if (isset($_POST['updateFileID'])) {
142 $fileID = (integer)$_POST['updateFileID'];
143 // file biblio access update
144 $update1 = $sql_op->update('biblio_attachment', array('access_type' => $data['access_type'], 'access_limit' => $data['access_limit']), 'biblio_id='.$updateBiblioID.' AND file_id='.$fileID);
145 // file description update
146 $update2 = $sql_op->update('files', array('file_title' => $title, 'file_url' => $url, 'file_desc' => $dbs->escape_string(trim($_POST['fileDesc']))), 'file_id='.$fileID);
147 if ($update1) {
148 echo '<script type="text/javascript">';
149 echo 'alert(\''.__('File Attachment data updated!').'\');';
150 echo 'parent.setIframeContent(\'attachIframe\', \''.MODULES_WEB_ROOT_DIR.'bibliography/iframe_attach.php?biblioID='.$updateBiblioID.'\');';
151 echo '</script>';
152 } else {
153 utility::jsAlert(''.__('File Attachment data FAILED to update!').''."\n".$sql_op->error);
154 }
155 } else {
156 if ($sql_op->insert('biblio_attachment', $data)) {
157 echo '<script type="text/javascript">';
158 echo 'alert(\''.__('File Attachment uploaded succesfully!').'\');';
159 echo 'parent.setIframeContent(\'attachIframe\', \''.MODULES_WEB_ROOT_DIR.'bibliography/iframe_attach.php?biblioID='.$data['biblio_id'].'\');';
160 echo '</script>';
161 } else {
162 utility::jsAlert(''.__('File Attachment data FAILED to save!').''."\n".$sql_op->error);
163 }
164 }
165 utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'bibliography', $_SESSION['realname'].' updating file attachment data');
166 } else {
167 if ($uploaded_file_id) {
168 // add to session array
169 $fdata['file_id'] = $uploaded_file_id;
170 $fdata['access_type'] = trim($_POST['accessType']);
171 $_SESSION['biblioAttach'][$uploaded_file_id] = $fdata;
172 echo '<script type="text/javascript">';
173 echo 'alert(\''.__('File Attachment uploaded succesfully!').'\');';
174 echo 'parent.setIframeContent(\'attachIframe\', \''.MODULES_WEB_ROOT_DIR.'bibliography/iframe_attach.php\');';
175 echo '</script>';
176 }
177 }
178}
179
180// create new instance
181$form = new simbio_form_table('mainForm', $_SERVER['PHP_SELF'].'?biblioID='.$biblioID, 'post');
182$form->submit_button_attr = 'name="upload" value="'.__('Upload Now').'" class="button"';
183// form table attributes
184$form->table_attr = 'align="center" id="dataList" cellpadding="5" cellspacing="0"';
185$form->table_header_attr = 'class="alterCell" style="font-weight: bold;"';
186$form->table_content_attr = 'class="alterCell2"';
187
188// query
189$file_attach_q = $dbs->query("SELECT fl.*, batt.* FROM files AS fl
190 LEFT JOIN biblio_attachment AS batt ON fl.file_id=batt.file_id
191 WHERE batt.biblio_id=$biblioID AND batt.file_id=$fileID");
192$file_attach_d = $file_attach_q->fetch_assoc();
193
194// edit mode
195if ($file_attach_d['biblio_id'] AND $file_attach_d['file_id']) {
196 $form->addHidden('updateBiblioID', $file_attach_d['biblio_id']);
197 $form->addHidden('updateFileID', $file_attach_d['file_id']);
198} else if ($biblioID) {
199 $form->addHidden('updateBiblioID', $biblioID);
200}
201
202// file title
203$form->addTextField('text', 'fileTitle', __('Title').'*', $file_attach_d['file_title'], 'style="width: 95%; overflow: auto;"');
204// file attachment
205if ($file_attach_d['file_name']) {
206 $form->addAnything('Attachment', $file_attach_d['file_dir'].'/'.$file_attach_d['file_name']);
207} else {
208 // file upload dir
209 // create simbio directory object
210 $repo = new simbio_directory(REPO_BASE_DIR);
211 $repo_dir_tree = $repo->getDirectoryTree(5);
212 $repodir_options[] = array('', __('Repository ROOT'));
213 if (is_array($repo_dir_tree)) {
214 // sort array by index
215 ksort($repo_dir_tree);
216 // loop array
217 foreach ($repo_dir_tree as $dir) {
218 $repodir_options[] = array($dir, $dir);
219 }
220 }
221 // add repo directory options to select list
222 $form->addSelectList('fileDir', __('Repo. Directory'), $repodir_options);
223 // file upload
224 $str_input = simbio_form_element::textField('file', 'file2attach');
225 $str_input .= ' Maximum '.$sysconf['max_upload'].' KB';
226 $form->addAnything(__('File To Attach'), $str_input);
227}
228// file url
229$form->addTextField('textarea', 'fileURL', __('URL'), $file_attach_d['file_url'], 'rows="1" style="width: 100%; overflow: auto;"');
230// file description
231$form->addTextField('textarea', 'fileDesc', __('Description'), $file_attach_d['file_desc'], 'rows="2" style="width: 100%; overflow: auto;"');
232// file access
233$acctype_options[] = array('public', __('Public'));
234$acctype_options[] = array('private', __('Private'));
235$form->addSelectList('accessType', __('Access'), $acctype_options, $file_attach_d['access_type']);
236// file access limit if set to public
237$group_query = $dbs->query('SELECT member_type_id, member_type_name FROM mst_member_type');
238$group_options = array();
239while ($group_data = $group_query->fetch_row()) {
240 $group_options[] = array($group_data[0], $group_data[1]);
241}
242$form->addCheckBox('accLimit', __('Access Limit by Member Type'), $group_options, !empty($file_attach_d['access_limit'])?unserialize($file_attach_d['access_limit']):null );
243
244// print out the object
245echo $form->printOut();
246
247/* main content end */
248$content = ob_get_clean();
249// include the page template
250require SENAYAN_BASE_DIR.'/admin/'.$sysconf['admin_template']['dir'].'/notemplate_page_tpl.php';