· 6 years ago · Apr 09, 2019, 03:48 AM
1<?php
2
3// key to authenticate
4define('INDEX_AUTH', '1');
5// key to get full database access
6define('DB_ACCESS', 'fa');
7
8// main system configuration
9require '../../../sysconfig.inc.php';
10// IP based access limitation
11require LIB_DIR.'ip_based_access.inc.php';
12
13do_checkIP('smc');
14do_checkIP('smc-bibliography');
15// start the session
16require SENAYAN_BASE_DIR.'admin/default/session.inc.php';
17require SENAYAN_BASE_DIR.'admin/default/session_check.inc.php';
18require SIMBIO_BASE_DIR.'simbio_GUI/table/simbio_table.inc.php';
19require SIMBIO_BASE_DIR.'simbio_GUI/form_maker/simbio_form_table.inc.php';
20require SIMBIO_BASE_DIR.'simbio_DB/simbio_dbop.inc.php';
21require SIMBIO_BASE_DIR.'simbio_FILE/simbio_file_upload.inc.php';
22require SIMBIO_BASE_DIR.'simbio_FILE/simbio_directory.inc.php';
23
24// privileges checking
25$can_write = utility::havePrivilege('bibliography', 'w');
26if (!$can_write) {
27 die('<div class="errorBox">'.__('You are not authorized to view this section').'</div>');
28}
29
30// page title
31$page_title = 'File Attachment Upload';
32
33// check for biblio ID in url
34$biblioID = 0;
35if (isset($_GET['biblioID']) AND $_GET['biblioID']) {
36 $biblioID = (integer)$_GET['biblioID'];
37}
38// check for file ID in url
39$fileID = 0;
40if (isset($_GET['fileID']) AND $_GET['fileID']) {
41 $fileID = (integer)$_GET['fileID'];
42}
43
44// start the output buffer
45ob_start();
46/* main content */
47// biblio topic save proccess
48if (isset($_POST['upload']) AND trim(strip_tags($_POST['fileTitle'])) != '') {
49 $uploaded_file_id = 0;
50 $title = trim(strip_tags($_POST['fileTitle']));
51 $url = trim(strip_tags($_POST['fileURL']));
52 // create new sql op object
53 $sql_op = new simbio_dbop($dbs);
54 // FILE UPLOADING
55 if (isset($_FILES['file2attach']) AND $_FILES['file2attach']['size']) {
56 // create upload object
57 $file_dir = trim($_POST['fileDir']);
58 $file_upload = new simbio_file_upload();
59 $file_upload->setAllowableFormat($sysconf['allowed_file_att']);
60 $file_upload->setMaxSize($sysconf['max_upload']*1024);
61 $file_upload->setUploadDir(REPO_BASE_DIR.DIRECTORY_SEPARATOR.str_replace('/', DIRECTORY_SEPARATOR, $file_dir));
62 $file_upload_status = $file_upload->doUpload('file2attach');
63 if ($file_upload_status === UPLOAD_SUCCESS) {
64 $file_ext = substr($file_upload->new_filename, strrpos($file_upload->new_filename, '.')+1);
65 $fdata['uploader_id'] = $_SESSION['uid'];
66 $fdata['file_title'] = $dbs->escape_string($title);
67 $fdata['file_name'] = $dbs->escape_string($file_upload->new_filename);
68 $fdata['file_url'] = $dbs->escape_string($url);
69 $fdata['file_dir'] = $dbs->escape_string($file_dir);
70 $fdata['file_desc'] = $dbs->escape_string(trim(strip_tags($_POST['fileDesc'])));
71 $fdata['mime_type'] = $sysconf['mimetype'][$file_ext];
72 $fdata['input_date'] = date('Y-m-d H:i:s');
73 $fdata['last_update'] = $fdata['input_date'];
74 // insert file data to database
75 @$sql_op->insert('files', $fdata);
76 $uploaded_file_id = $sql_op->insert_id;
77 utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'bibliography', $_SESSION['realname'].' upload file ('.$file_upload->new_filename.')');
78 } else {
79 echo '<script type="text/javascript">';
80 echo 'alert(\''.__('Upload FAILED! Forbidden file type or file size too big!').'\');';
81 echo 'self.close();';
82 echo '</script>';
83 die();
84 }
85 } else {
86 if ($url && preg_match('@^(http|https|ftp|gopher):\/\/@i', $url)) {
87 $fdata['uploader_id'] = $_SESSION['uid'];
88 $fdata['file_title'] = $dbs->escape_string($title);
89 $fdata['file_name'] = $dbs->escape_string($url);
90 $fdata['file_url'] = $dbs->escape_string($fdata['file_name']);
91 $fdata['file_dir'] = 'literal{NULL}';
92 $fdata['file_desc'] = $dbs->escape_string(trim(strip_tags($_POST['fileDesc'])));
93 $fdata['mime_type'] = 'text/uri-list';
94 $fdata['input_date'] = date('Y-m-d H:i:s');
95 $fdata['last_update'] = $fdata['input_date'];
96 // insert file data to database
97 @$sql_op->insert('files', $fdata);
98 $uploaded_file_id = $sql_op->insert_id;
99 }
100 }
101
102 // BIBLIO FILE RELATION DATA UPDATE
103 // check if biblio_id POST var exists
104 if (isset($_POST['updateBiblioID']) AND !empty($_POST['updateBiblioID'])) {
105 $updateBiblioID = (integer)$_POST['updateBiblioID'];
106 $data['biblio_id'] = $updateBiblioID;
107 $data['file_id'] = $uploaded_file_id;
108 $data['access_type'] = trim($_POST['accessType']);
109 $data['access_limit'] = 'literal{NULL}';
110 // parsing member type data
111 if ($data['access_type'] == 'public') {
112 $groups = '';
113 if (isset($_POST['accLimit']) AND count($_POST['accLimit']) > 0) {
114 $groups = serialize($_POST['accLimit']);
115 } else {
116 $groups = 'literal{NULL}';
117 }
118 $data['access_limit'] = trim($groups);
119 }
120
121 if (isset($_POST['updateFileID'])) {
122 $fileID = (integer)$_POST['updateFileID'];
123 // file biblio access update
124 $update1 = $sql_op->update('biblio_attachment', array('access_type' => $data['access_type'], 'access_limit' => $data['access_limit']), 'biblio_id='.$updateBiblioID.' AND file_id='.$fileID);
125 // file description update
126 $update2 = $sql_op->update('files', array('file_title' => $title, 'file_url' => $url, 'file_desc' => $dbs->escape_string(trim($_POST['fileDesc']))), 'file_id='.$fileID);
127 if ($update1) {
128 echo '<script type="text/javascript">';
129 echo 'alert(\''.__('File Attachment data updated!').'\');';
130 echo 'parent.setIframeContent(\'attachIframe\', \''.MODULES_WEB_ROOT_DIR.'bibliography/iframe_attach.php?biblioID='.$updateBiblioID.'\');';
131 echo '</script>';
132 } else {
133 utility::jsAlert(''.__('File Attachment data FAILED to update!').''."\n".$sql_op->error);
134 }
135 } else {
136 if ($sql_op->insert('biblio_attachment', $data)) {
137 echo '<script type="text/javascript">';
138 echo 'alert(\''.__('File Attachment uploaded succesfully!').'\');';
139 echo 'parent.setIframeContent(\'attachIframe\', \''.MODULES_WEB_ROOT_DIR.'bibliography/iframe_attach.php?biblioID='.$data['biblio_id'].'\');';
140 echo '</script>';
141 } else {
142 utility::jsAlert(''.__('File Attachment data FAILED to save!').''."\n".$sql_op->error);
143 }
144 }
145 utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'bibliography', $_SESSION['realname'].' updating file attachment data');
146 } else {
147 if ($uploaded_file_id) {
148 // add to session array
149 $fdata['file_id'] = $uploaded_file_id;
150 $fdata['access_type'] = trim($_POST['accessType']);
151 $_SESSION['biblioAttach'][$uploaded_file_id] = $fdata;
152 echo '<script type="text/javascript">';
153 echo 'alert(\''.__('File Attachment uploaded succesfully!').'\');';
154 echo 'parent.setIframeContent(\'attachIframe\', \''.MODULES_WEB_ROOT_DIR.'bibliography/iframe_attach.php\');';
155 echo '</script>';
156 }
157 }
158}
159
160// create new instance
161$form = new simbio_form_table('mainForm', $_SERVER['PHP_SELF'].'?biblioID='.$biblioID, 'post');
162$form->submit_button_attr = 'name="upload" value="'.__('Upload Now').'" class="button"';
163// form table attributes
164$form->table_attr = 'align="center" id="dataList" cellpadding="5" cellspacing="0"';
165$form->table_header_attr = 'class="alterCell" style="font-weight: bold;"';
166$form->table_content_attr = 'class="alterCell2"';
167
168// query
169$file_attach_q = $dbs->query("SELECT fl.*, batt.* FROM files AS fl
170 LEFT JOIN biblio_attachment AS batt ON fl.file_id=batt.file_id
171 WHERE batt.biblio_id=$biblioID AND batt.file_id=$fileID");
172$file_attach_d = $file_attach_q->fetch_assoc();
173
174// edit mode
175if ($file_attach_d['biblio_id'] AND $file_attach_d['file_id']) {
176 $form->addHidden('updateBiblioID', $file_attach_d['biblio_id']);
177 $form->addHidden('updateFileID', $file_attach_d['file_id']);
178} else if ($biblioID) {
179 $form->addHidden('updateBiblioID', $biblioID);
180}
181
182// file title
183$form->addTextField('text', 'fileTitle', __('Title').'*', $file_attach_d['file_title'], 'style="width: 95%; overflow: auto;"');
184// file attachment
185if ($file_attach_d['file_name']) {
186 $form->addAnything('Attachment', $file_attach_d['file_dir'].'/'.$file_attach_d['file_name']);
187} else {
188 // file upload dir
189 // create simbio directory object
190 $repo = new simbio_directory(REPO_BASE_DIR);
191 $repo_dir_tree = $repo->getDirectoryTree(5);
192 $repodir_options[] = array('', __('Repository ROOT'));
193 if (is_array($repo_dir_tree)) {
194 // sort array by index
195 ksort($repo_dir_tree);
196 // loop array
197 foreach ($repo_dir_tree as $dir) {
198 $repodir_options[] = array($dir, $dir);
199 }
200 }
201 // add repo directory options to select list
202 $form->addSelectList('fileDir', __('Repo. Directory'), $repodir_options);
203 // file upload
204 $str_input = simbio_form_element::textField('file', 'file2attach');
205 $str_input .= ' Maximum '.$sysconf['max_upload'].' KB';
206 $form->addAnything(__('File To Attach'), $str_input);
207}
208// file url
209$form->addTextField('textarea', 'fileURL', __('URL'), $file_attach_d['file_url'], 'rows="1" style="width: 100%; overflow: auto;"');
210// file description
211$form->addTextField('textarea', 'fileDesc', __('Description'), $file_attach_d['file_desc'], 'rows="2" style="width: 100%; overflow: auto;"');
212// file access
213$acctype_options[] = array('public', __('Public'));
214$acctype_options[] = array('private', __('Private'));
215$form->addSelectList('accessType', __('Access'), $acctype_options, $file_attach_d['access_type']);
216// file access limit if set to public
217$group_query = $dbs->query('SELECT member_type_id, member_type_name FROM mst_member_type');
218$group_options = array();
219while ($group_data = $group_query->fetch_row()) {
220 $group_options[] = array($group_data[0], $group_data[1]);
221}
222$form->addCheckBox('accLimit', __('Access Limit by Member Type'), $group_options, !empty($file_attach_d['access_limit'])?unserialize($file_attach_d['access_limit']):null );
223
224// print out the object
225echo $form->printOut();
226
227/* main content end */
228$content = ob_get_clean();
229// include the page template
230require SENAYAN_BASE_DIR.'/admin/'.$sysconf['admin_template']['dir'].'/notemplate_page_tpl.php';