X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fbackups.php;h=9239e82d83450e16b0c33173def3a86a2055d5e6;hb=da7df35c61205d0b1af47d286be591b8a3194b0c;hp=450f1df57113694391926257f0d22d1a678c56dd;hpb=902f1015d874c33bd7946b17de2ad80b4f2144b6;p=fa-stable.git

diff --git a/admin/backups.php b/admin/backups.php
index 450f1df5..9239e82d 100644
--- a/admin/backups.php
+++ b/admin/backups.php
@@ -17,33 +17,48 @@ include_once($path_to_root . "/includes/ui.inc");
 include_once($path_to_root . "/admin/db/maintenance_db.inc");
 
 if (get_post('view')) {
-	$filename = BACKUP_PATH . get_post('cmb_backups');
-	if (in_ajax()) 
-		$Ajax->popup( $filename );
-	else {
-	    header('Content-type: application/octet-stream');
-    	header('Content-Length: '.filesize($filename));
-		header("Content-Disposition: inline; filename=$filename");
-    	readfile($filename);
-		exit();
+	if (!get_post('backups')) {
+		display_error(_('Select backup file first.'));
+	} else {
+		$filename = $SysPrefs->backup_dir() . clean_file_name(get_post('backups'));
+		if (in_ajax()) 
+			$Ajax->popup( $filename );
+		else {
+			header('Content-type: text/plain');
+			header('Content-Length: '.filesize($filename));
+			header("Content-Disposition: inline; filename=".basename($filename));
+			if (substr($filename, -3, 3) == '.gz')
+				header("Content-Encoding: gzip");
+
+			if (substr($filename, -4, 4) == '.zip')
+				echo db_unzip('', $filename);
+			else
+				readfile($filename);
+			exit();
+		}
 	}
 };
 
 if (get_post('download')) {
-	download_file(BACKUP_PATH . get_post('cmb_backups'));
-	exit;
+	if (get_post('backups')) {
+		download_file($SysPrefs->backup_dir().clean_file_name(get_post('backups')));
+		exit;
+	} else
+		display_error(_("Select backup file first."));
 }
 
-page(_("Backup and Restore Database"), false, false, '', '');
+page(_($help_context = "Backup and Restore Database"), false, false, '', '');
 
 check_paths();
 
 function check_paths()
 {
-	if (!file_exists(BACKUP_PATH)) {
+  global $SysPrefs;
+
+	if (!file_exists($SysPrefs->backup_dir())) {
 		display_error (_("Backup paths have not been set correctly.") 
 			._("Please contact System Administrator.")."<br>" 
-			. _("cannot find backup directory") . " - " . BACKUP_PATH . "<br>");
+			. _("cannot find backup directory") . " - " . $SysPrefs->backup_dir() . "<br>");
 		end_page();
 		exit;
 	}
@@ -51,24 +66,26 @@ function check_paths()
 
 function generate_backup($conn, $ext='no', $comm='')
 {
-	$filename = db_backup($conn, $ext, $comm);
+	global $SysPrefs;
+
+	$filename = db_backup($conn, $ext, $comm, $SysPrefs->backup_dir());
 	if ($filename)
 		display_notification(_("Backup successfully generated."). ' '
 			. _("Filename") . ": " . $filename);
 	else
 		display_error(_("Database backup failed."));
-	
+
 	return $filename;
 }
 
 
 function get_backup_file_combo()
 {
-	global $path_to_root, $Ajax;
+	global $path_to_root, $Ajax, $SysPrefs;
 	
 	$ar_files = array();
-    default_focus('cmb_backups');
-    $dh = opendir(BACKUP_PATH);
+    default_focus('backups');
+    $dh = opendir($SysPrefs->backup_dir());
 	while (($file = readdir($dh)) !== false)
 		$ar_files[] = $file;
 	closedir($dh);
@@ -79,10 +96,10 @@ function get_backup_file_combo()
 		if (preg_match("/.sql(.zip|.gz)?$/", $file))
     		$opt_files .= "<option value='$file'>$file</option>";
 
-	$selector = "<select name='cmb_backups' size=2 style='height:160px;min-width:230px'>$opt_files</select>";
+	$selector = "<select name='backups' size=2 style='height:160px;min-width:230px'>$opt_files</select>";
 
-	$Ajax->addUpdate('cmd_backups', "_cmd_backups_sel", $selector);
-	$selector = "<span id='_cmd_backups_sel'>".$selector."</span>\n";
+	$Ajax->addUpdate('backups', "_backups_sel", $selector);
+	$selector = "<span id='_backups_sel'>".$selector."</span>\n";
 
 	return $selector;
 }
@@ -96,8 +113,8 @@ function compress_list_row($label, $name, $value=null)
     if (function_exists("gzopen"))
     	$ar_comps['gzip'] = "gzip";
 
-	echo "<tr><td>$label</td><td>";
-	array_selector('comp', $value, $ar_comps);
+	echo "<tr><td class='label'>$label</td><td>";
+	echo array_selector('comp', $value, $ar_comps);
 	echo "</td></tr>";
 }
 
@@ -105,6 +122,7 @@ function download_file($filename)
 {
     if (empty($filename) || !file_exists($filename))
     {
+		display_error(_('Select backup file first.'));
         return false;
     }
     $saveasname = basename($filename);
@@ -116,46 +134,61 @@ function download_file($filename)
     return true;
 }
 
-$db_name = $_SESSION["wa_current_user"]->company;
-$conn = $db_connections[$db_name];
+$conn = $db_connections[user_company()];
+$backup_name = clean_file_name(get_post('backups'));
+$backup_path = $SysPrefs->backup_dir() . $backup_name;
 
 if (get_post('creat')) {
 	generate_backup($conn, get_post('comp'), get_post('comments'));
-	$Ajax->activate('cmd_backups');
+	$Ajax->activate('backups');
+	$SysPrefs->refresh(); // re-read system setup
 };
 
 if (get_post('restore')) {
-	if (db_import(BACKUP_PATH . get_post('cmb_backups'), $conn))
-		display_notification(_("Restore backup completed."));
+	if ($backup_name) {
+		if (db_import($backup_path, $conn, true, false, check_value('protected')))
+			display_notification(_("Restore backup completed."));
+		$SysPrefs->refresh(); // re-read system setup
+	} else
+		display_error(_("Select backup file first."));
 }
 
-if (get_post('delete')) {
-	if (unlink(BACKUP_PATH . get_post('cmb_backups'))) {
-		display_notification(_("File successfully deleted.")." "
-				. _("Filename") . ": " . get_post('cmb_backups'));
-		$Ajax->activate('cmd_backups');
-	}
-	else
-		display_error(_("Can't delete backup file."));
-};
+if (get_post('deldump')) {
+	if ($backup_name) {
+		if (unlink($backup_path)) {
+			display_notification(_("File successfully deleted.")." "
+					. _("Filename") . ": " . $backup_name);
+			$Ajax->activate('backups');
+		}
+		else
+			display_error(_("Can't delete backup file."));
+	} else
+		display_error(_("Select backup file first."));
+}
 
 if (get_post('upload'))
 {
 	$tmpname = $_FILES['uploadfile']['tmp_name'];
-	$fname = $_FILES['uploadfile']['name'];
-
-	if (!preg_match("/.sql(.zip|.gz)?$/", $fname))
-		display_error(_("You can only upload *.sql backup files"));
-	elseif (is_uploaded_file($tmpname)) {
-		rename($tmpname, BACKUP_PATH . $fname);
-		display_notification( "File uploaded to backup directory");
-		$Ajax->activate('cmd_backups');
+	$fname = trim(basename($_FILES['uploadfile']['name']));
+
+	if ($fname) {
+		if (!preg_match("/\.sql(\.zip|\.gz)?$/", $fname))
+			display_error(_("You can only upload *.sql backup files"));
+		elseif ($fname != clean_file_name($fname))
+			display_error(_("Filename contains forbidden chars. Please rename file and try again."));
+		elseif (is_uploaded_file($tmpname)) {
+			rename($tmpname, $SysPrefs->backup_dir() . $fname);
+			display_notification(_("File uploaded to backup directory"));
+			$Ajax->activate('backups');
+		} else
+			display_error(_("File was not uploaded into the system."));
 	} else
-		display_error(_("File was not uploaded into the system."));
+		display_error(_("Select backup file first."));
+
 }
 //-------------------------------------------------------------------------------
 start_form(true, true);
-start_outer_table($table_style2);
+start_outer_table(TABLESTYLE2);
 table_section(1);
 table_section_title(_("Create backup"));
 	textarea_row(_("Comments:"), 'comments', null, 30, 8);
@@ -166,29 +199,31 @@ table_section(2);
 table_section_title(_("Backup scripts maintenance"));
 
 	start_row();
-	echo "<td style='padding-left:20px'align='left'>".get_backup_file_combo()."</td>";
-	echo "<td valign='top'>";
+	echo "<td style='padding-left:20px' align='left'>".get_backup_file_combo()."</td>";
+	echo "<td style='padding-left:20px' valign='top'>";
 	start_table();
-	submit_row('view',_("View Backup"), false, '', '', true);
-	submit_row('download',_("Download Backup"), false, '', '', false);
+	submit_row('view',_("View Backup"), false, '', '', false);
+	submit_row('download',_("Download Backup"), false, '', '', 'download');
 	submit_row('restore',_("Restore Backup"), false, '','', 'process');
+	submit_js_confirm('restore',_("You are about to restore database from backup file.\nDo you want to continue?"));
 
-	$js = "if(confirm(\""
-		.sprintf(_('You are about to remove %s backup file.<br> Do you want to continue ?'),
-			get_post('cmb_backups'))
-		."\")) { JsHttpRequest.request(\"delete\"); }";
-
-	submit_row('delete', _("Delete Backup"), false, '','', 'dialog');
+	submit_row('deldump', _("Delete Backup"), false, '','', true);
+	// don't use 'delete' name or IE js errors appear
+	submit_js_confirm('deldump', sprintf(_("You are about to remove selected backup file.\nDo you want to continue ?")));
 	end_table();
 	echo "</td>";
 	end_row();
 start_row();
-echo "<td style='padding-left:20px' align='left'><input name='uploadfile' type='file'></td>";
-	submit_cells('upload',_("Upload file"),'', '', true);
+	echo "<td style='padding-left:20px'  cspan=2>"
+	. radio(_('Update security settings'), 'protect', 0) . '<br>'
+	. radio(_('Protect security settings'), 'protect', 1, true) . "</td>";
+end_row();
+start_row();
+	echo "<td style='padding-left:20px' align='left'><input name='uploadfile' type='file'></td>";
+	submit_cells('upload',_("Upload file"),"style='padding-left:20px'", '', true);
 end_row();
 end_outer_table();
 
 end_form();
 
 end_page();
-?>