X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=admin%2Fattachments.php;h=1ad50d699fe81d4d51bd91b163f0eba960514dab;hb=c696fcc9ed013beb349faca8a5ea95d0632d66b7;hp=a36801d4ebc39dfe8df50e969331ac2ff80ac196;hpb=0517097815894f0221e3755a2d14612f69f72b86;p=fa-stable.git diff --git a/admin/attachments.php b/admin/attachments.php index a36801d4..1ad50d69 100644 --- a/admin/attachments.php +++ b/admin/attachments.php @@ -1,51 +1,75 @@ . +***********************************************************************/ $path_to_root=".."; -$page_security = 8; +$page_security = 'SA_ATTACHDOCUMENT'; include_once($path_to_root . "/includes/session.inc"); include_once($path_to_root . "/includes/date_functions.inc"); include_once($path_to_root . "/includes/ui.inc"); include_once($path_to_root . "/includes/data_checks.inc"); +include_once($path_to_root . "/admin/db/attachments_db.inc"); -$view_id = find_submit('view'); +if (isset($_GET['vw'])) + $view_id = $_GET['vw']; +else + $view_id = find_submit('view'); if ($view_id != -1) { $row = get_attachment($view_id); if ($row['filename'] != "") { - $type = ($row['filetype']) ? $row['filetype'] : 'application/octet-stream'; - header("Content-type: ".$type); - header('Content-Length: '.$row['filesize']); - if ($type == 'application/octet-stream') - header('Content-Disposition: attachment; filename='.$row['filename']); - else - header("Content-Disposition: inline"); - echo $row["bin_data"]; - exit(); + if(in_ajax()) { + $Ajax->popup($_SERVER['PHP_SELF'].'?vw='.$view_id); + } else { + $type = ($row['filetype']) ? $row['filetype'] : 'application/octet-stream'; + header("Content-type: ".$type); + header('Content-Length: '.$row['filesize']); + //if ($type == 'application/octet-stream') + // header('Content-Disposition: attachment; filename='.$row['filename']); + //else + header("Content-Disposition: inline"); + echo file_get_contents(company_path(). "/attachments/".$row['unique_name']); + exit(); + } } } +if (isset($_GET['dl'])) + $download_id = $_GET['dl']; +else + $download_id = find_submit('download'); -$download_id = find_submit('download'); if ($download_id != -1) { $row = get_attachment($download_id); if ($row['filename'] != "") { - $type = ($row['filetype']) ? $row['filetype'] : 'application/octet-stream'; - header("Content-type: ".$type); - header('Content-Length: '.$row['filesize']); - header('Content-Disposition: attachment; filename='.$row['filename']); - echo $row["bin_data"]; - exit(); + if(in_ajax()) { + $Ajax->redirect($_SERVER['PHP_SELF'].'?dl='.$download_id); + } else { + $type = ($row['filetype']) ? $row['filetype'] : 'application/octet-stream'; + header("Content-type: ".$type); + header('Content-Length: '.$row['filesize']); + header('Content-Disposition: attachment; filename='.$row['filename']); + echo file_get_contents(company_path()."/attachments/".$row['unique_name']); + exit(); + } } } $js = ""; if ($use_popup_windows) $js .= get_js_open_window(800, 500); -page(_("Attach Documents"), false, false, "", $js); +page(_($help_context = "Attach Documents"), false, false, "", $js); simple_page_mode(true); //---------------------------------------------------------------------------------------- @@ -60,45 +84,44 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM') { //$content = base64_encode(file_get_contents($_FILES['filename']['tmp_name'])); $tmpname = $_FILES['filename']['tmp_name']; - $fp = fopen($tmpname, 'r'); - $content = fread($fp, filesize($tmpname)); - $content = addslashes($content); - fclose($fp); - //$content = addslashes(file_get_contents($_FILES['filename']['tmp_name'])); - $filename = $_FILES['filename']['name']; + $dir = company_path()."/attachments"; + if (!file_exists($dir)) + { + mkdir ($dir,0777); + $index_file = ""; + $fp = fopen($dir."/index.php", "w"); + fwrite($fp, $index_file); + fclose($fp); + } + // file name compatible with POSIX + // protect against directory traversal + $unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']); + if ($Mode == 'UPDATE_ITEM' && file_exists($dir."/".$unique_name)) + unlink($dir."/".$unique_name); + + $unique_name = uniqid(''); + move_uploaded_file($tmpname, $dir."/".$unique_name); + //save the file + $filename = basename($_FILES['filename']['name']); $filesize = $_FILES['filename']['size']; $filetype = $_FILES['filename']['type']; } else { - $content = $filename = $filetype = ""; + $unique_name = $filename = $filetype = ""; $filesize = 0; } - $date = date2sql(Today()); if ($Mode == 'ADD_ITEM') { - $sql = "INSERT INTO ".TB_PREF."attachments (type_no, trans_no, description, bin_data, filename, - filesize, filetype, tran_date) VALUES (".$_POST['filterType'].",".$_POST['trans_no'].",". - db_escape($_POST['description']).",'$content', '$filename', '$filesize', '$filetype', '$date')"; - db_query($sql, "Attachment could not be inserted"); + add_attachment($_POST['filterType'], $_POST['trans_no'], $_POST['description'], + $filename, $unique_name, $filesize, $filetype); display_notification(_("Attachment has been inserted.")); } else { - $sql = "UPDATE ".TB_PREF."attachments SET - type_no=".$_POST['filterType'].", - trans_no=".$_POST['trans_no'].", - description=".db_escape($_POST['description']).", "; - if ($filename != "") - { - $sql .= "bin_data='$content', - filename='$filename', - filesize='$filesize', - filetype='$filetype', "; - } - $sql .= "tran_date='$date' WHERE id=$selected_id"; - db_query($sql, "Attachment could not be updated"); + update_attachment($selected_id, $_POST['filterType'], $_POST['trans_no'], $_POST['description'], + $filename, $unique_name, $filesize, $filetype); display_notification(_("Attachment has been updated.")); } $Mode = 'RESET'; @@ -106,8 +129,11 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM') if ($Mode == 'Delete') { - $sql = "DELETE FROM ".TB_PREF."attachments WHERE id = $selected_id"; - db_query($sql, "Could not delete attachment"); + $row = get_attachment($selected_id); + $dir = company_path()."/attachments"; + if (file_exists($dir."/".$row['unique_name'])) + unlink($dir."/".$row['unique_name']); + delete_attachment($selected_id); display_notification(_("Attachment has been deleted.")); $Mode = 'RESET'; } @@ -121,42 +147,26 @@ if ($Mode == 'RESET') function viewing_controls() { - start_form(false, true); - - start_table("class='tablestyle_noborder'"); + global $selected_id; + + start_table(TABLESTYLE_NOBORDER); - systypes_list_row(_("Type:"), 'filterType', null, true); + start_row(); + systypes_list_cells(_("Type:"), 'filterType', null, true); + if (list_updated('filterType')) + $selected_id = -1;; + end_row(); end_table(1); - end_form(); -} - -//---------------------------------------------------------------------------------------- - -function get_attached_documents($type) -{ - $sql = "SELECT * FROM ".TB_PREF."attachments WHERE type_no=$type ORDER BY trans_no"; - return db_query($sql, "Could not retrieve attachments"); -} - -function get_attachment($id) -{ - $sql = "SELECT * FROM ".TB_PREF."attachments WHERE id=$id"; - $result = db_query($sql, "Could not retrieve attachments"); - return db_fetch($result); } function display_rows($type) { - global $table_style; - $rows = get_attached_documents($type); $th = array(_("#"), _("Description"), _("Filename"), _("Size"), _("Filetype"), _("Date Uploaded"), "", "", "", ""); - div_start('transactions'); - start_form(); - start_table($table_style); + start_table(TABLESTYLE); table_header($th); $k = 0; while ($row = db_fetch($rows)) @@ -170,27 +180,24 @@ function display_rows($type) label_cell($row['filetype']); label_cell(sql2date($row['tran_date'])); edit_button_cell("Edit".$row['id'], _("Edit")); - edit_button_cell("view".$row['id'], _("View")); - edit_button_cell("download".$row['id'], _("Download")); - edit_button_cell("Delete".$row['id'], _("Delete")); + button_cell("view".$row['id'], _("View"), false, ICON_VIEW); + button_cell("download".$row['id'], _("Download"), false, ICON_DOWN); + delete_button_cell("Delete".$row['id'], _("Delete")); end_row(); } end_table(1); - hidden('filterType', $type); - end_form(); - div_end(); } //---------------------------------------------------------------------------------------- +start_form(true); + viewing_controls(); -if (isset($_POST['filterType'])) - display_rows($_POST['filterType']); +display_rows($_POST['filterType']); -start_form(true); -start_table("$table_style2 width=30%"); +start_table(TABLESTYLE2); if ($selected_id != -1) { @@ -200,6 +207,7 @@ if ($selected_id != -1) $_POST['trans_no'] = $row["trans_no"]; $_POST['description'] = $row["description"]; hidden('trans_no', $row['trans_no']); + hidden('unique_name', $row['unique_name']); label_row(_("Transaction #"), $row['trans_no']); } hidden('selected_id', $selected_id); @@ -207,15 +215,11 @@ if ($selected_id != -1) else text_row_ex(_("Transaction #").':', 'trans_no', 10); text_row_ex(_("Description").':', 'description', 40); -start_row(); -label_cells(_("Attached File") . ":", ""); -end_row(); +file_row(_("Attached File") . ":", 'filename', 'filename'); end_table(1); -if (isset($_POST['filterType'])) - hidden('filterType', $_POST['filterType']); -submit_add_or_update_center($selected_id == -1, '', true); +submit_add_or_update_center($selected_id == -1, '', 'both'); end_form();