Location: PHPKode > projects > ACollab > drafting/add_file.php
<?php
/****************************************************************************************/
/* ACollab                                                                              */
/****************************************************************************************/
/* Copyright (c) 2002-2005  Adaptive Technology Resource Centre / University of Toronto */
/*                                                                                      */
/* http://atutor.ca/acollab                                                             */
/*                                                                                      */
/* This program is free software. You may redistribute it and/or                        */
/* modify it under the terms of the GNU General Public License                          */
/* as published by the Free Software Foundation; either version 2 of the License,       */
/* or (at your option) any later version.                                               */
/*                                                                                      */
/* This program is distributed in the hope that it will be useful, but                  */
/* WITHOUT ANY WARRANTY; without even the implied warranty of                           */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                                 */
/* See the GNU General Public License for more details.                                 */
/*                                                                                      */
/* You may access the GNU General Public License at:                                    */
/* http://www.opensource.org/licenses/gpl-license.php                                   */
/*                                                                                      */
/* You may contact the Adaptive Technology Resource Centre at                           */
/* Robarts Library, University of Toronto                                               */
/* 130 St. George Street, Toronto, Ontario, Canada M5S 1A5                              */
/* Further contact information is available at http://www.utoronto.ca/atrc/             */
/****************************************************************************************/
/* Programmer:                                                                          */
/* Joel Kronenberg - ATRC                                                               */
/****************************************************************************************/
// $Id: add_file.php 483 2005-03-31 20:47:43Z shozubq $

define('AC_INCLUDE_PATH', '../include/');

require(AC_INCLUDE_PATH.'vitals.inc.php');
require(AC_INCLUDE_PATH.'lib/folders.inc.php');
authenticate(USER_CLIENT, USER_GROUP_ADMIN);

$_SECTION[0][0] = _AC('home');
$_SECTION[0][1] = 'home.php';
$_SECTION[1][0] = _AC('drafting_room');
$_SECTION[1][1] = 'drafting/';
$_SECTION[2][0] = _AC('add_file');
$_SECTION[2][1] = 'drafting/add_file.php';

if (isset($_POST['cancel'])) {
	Header('Location: index.php');
	exit;
}
if (isset($_POST['submit'])) {
	$_POST['title']	     = trim($_POST['title']);
	$_POST['description']= trim($_POST['description']);
	$_POST['file_description']= trim($_POST['file_description']);

	if ($_POST['title'] == '') {
		$error[] = E_DRAFT_EMPTY_TITLE;
	}

	if ($_POST['description'] == '') {
		$error[] = E_DRAFT_EMPTY_DESC;
	}
	if ($_POST['folder'] == '') {
		$error[] = E_FOLDER_NOT_SELECTED;
	}
	$_POST['folder'] = intval($_POST['folder']);

	if ($_POST['library'] == 1) {
		// you must upload a file
		if (!is_uploaded_file($_FILES['file']['tmp_name'])) {
			$error[] = E_LIBRARY_EMPTY_FILE;
		}
		if ($_POST['file_description'] == '') {
			$error[] = E_LIBRARY_EMPTY_FILE_DESC;
		}
		$_GET['library'] = TRUE;
	}

	if (!isset($error)) {
		$_POST['title']       = $addslashes($_POST['title']);
		$_POST['description'] = $addslashes($_POST['description']);

		if (isset($_POST['library'])) {
			$library = 1;
		} else {
			$library = 0;
		}

		$sql	= "INSERT INTO ".TABLE_PREFIX."files VALUES (0, $_SESSION[group_id], $_SESSION[member_id], $_POST[folder], NOW(), '$_POST[title]', '$_POST[description]', 0, 0, 0)";
		
		if (mysql_query($sql, $db)) {
			$file_id = mysql_insert_id($db);
	
			if (is_uploaded_file($_FILES['file']['tmp_name'])) {

				$_POST['file_description'] = $addslashes($_POST['file_description']);

				if ($library == TRUE) {
					$sql_lib = "UPDATE ".TABLE_PREFIX."files SET library_revision_id = $file_id WHERE file_id = $file_id";
					mysql_query($sql_lib, $db);
				}

				$sql = "INSERT INTO ".TABLE_PREFIX."files_revisions VALUES (0, $file_id, $_SESSION[member_id], NOW(), '{$_FILES[file][name]}', '{$_FILES[file][size]}', '$_POST[file_description]',0)";

				if (mysql_query($sql, $db)) {
					$revision_id = mysql_insert_id($db);
					$char = substr($revision_id, 0, 1).'/';
					//debug(UPLOAD_DIR);
					if (move_uploaded_file($_FILES['file']['tmp_name'], UPLOAD_DIR.$char.$revision_id)) {
						/* for added security we add the sticky bit "1" so that only the owner of this file can delete it */
						@chmod(UPLOAD_DIR.$char.$file_id, 01600);

						$sql = "UPDATE ".TABLE_PREFIX."files SET num_revisions=1 WHERE file_id=$file_id";
						$result = mysql_query($sql, $db);
					} else {
						/* undo the file we just added, b/c it didn't save correctly. */
						$sql = "DELETE FROM ".TABLE_PREFIX."files_revisions WHERE revision_id=$revision_id";
						$result = mysql_query($sql, $db);
					}
				}
			}

			/*notify subscribers about addition of new file in drafting room*/
			/*only if the file was added to a folder other than the personal folder for a user */
			if ($_POST['folder'] > 0) {
				$my_group = get_group($_SESSION['group_id']); 

				require_once(AC_INCLUDE_PATH . 'classes/acollabmailer.class.php');
				$mail = new ACollabMailer;

				$mail->From     = ADMIN_EMAIL;
				$mail->FromName = _AC('group_admin');
				$mail->Subject  = _AC('draft_notification');
				$mail->Body     = _AC('draft_new_file', $my_group['title'], $_POST['title'], $_base_href.'sign_in.php');

				$user_list = notify_subscribers('N_DRAFT');
				
				if (!empty($user_list)) {
					while ($user = mysql_fetch_assoc($user_list)) {
						$bcc = true;
						$mail->AddBCC($user['email']);
					}
				}

				if ($bcc) {
					if(!$mail->Send()) {
					   echo "Message could not be sent. <p>";
					   echo "Mailer Error: " . $mail->ErrorInfo;
					   exit;
					}
				}
			}

			if ($_POST['notify']) {
				/* send a notification to the group admin */

				require_once(AC_INCLUDE_PATH.'classes/class.phpmailer.php');
				$my_group = get_group($_SESSION['group_id']); 

				$sql = "SELECT M.email FROM ".MEMBERS_TABLE_PREFIX."members M WHERE M.member_id=$_SESSION[member_id]";
				$result = mysql_query($sql, $db);
				$row = mysql_fetch_assoc($result);

				$mail = new PHPMailer();
				if (MAIL_USE_SMTP) {
					$mail->IsSMTP(); // set mailer to use SMTP
					$mail->Host = ini_get('SMTP');  // specify main and backup server
				} else {
					$mail->IsSendmail(); // use sendmail
					$mail->Sendmail = ini_get('sendmail_path');
				}

				$mail->SMTPAuth = false;     // turn on SMTP authentication
				$mail->From = $row['email'];
				$mail->FromName = $_SESSION['login'];
				$mail->IsHTML(false);
				$mail->Subject = _AC('notification');
				$mail->Body    = _AC('notification_body', $_SESSION['login'], $my_group['title'], $_base_href.'sign_in.php', $_POST['title']);
				$mail->WordWrap = 50;

				/* get all the group admins */
				$sql = "SELECT M.email FROM ".TABLE_PREFIX."groups_members G INNER JOIN ".MEMBERS_TABLE_PREFIX."members M USING (member_id) WHERE G.group_id=$_SESSION[group_id] AND G.privileges=".USER_GROUP_ADMIN." AND M.email<>''";
				$result = mysql_query($sql, $db);
				if ($row = mysql_fetch_assoc($result)) {
					do {
						$mail->AddAddress($row['email']);
					} while ($row = mysql_fetch_assoc($result));

					if(!$mail->Send()) {
					   echo "Message could not be sent. <p>";
					   echo "Mailer Error: " . $mail->ErrorInfo;
					   exit;
					}
				}
				if ($_POST['library']) {
					header('Location: ../library/index.php?f='.F_DRAFT_UPLOADED_GA_NOTIFY.SEP.'id='.$_POST['folder']);
					exit;
				}
				header('Location: revisions.php?f='.F_DRAFT_UPLOADED_GA_NOTIFY.SEP.'id='.$file_id);
				exit;
			}

			if ($_POST['library']) {
				header('Location: ../library/index.php?f='.F_DRAFT_UPLOADED_GA_NOTIFY.SEP.'id='.$_POST['folder']);
				exit;
			}
			header('Location: revisions.php?f='.F_DRAFT_UPLOADED.SEP.'id='.$file_id);
			exit;
		}

	}
}

if (isset($_GET['fid'])) {
	$fid = intval($_GET['fid']);
} else if (isset($_POST['fid'])) {
	$fid = intval($_POST['fid']);
}

	if (isset($_GET['library'])) {
		$sql    = "SELECT folder_id FROM ".TABLE_PREFIX."folders WHERE group_id=$_SESSION[group_id]";
		$result = mysql_query($sql, $db);

		if (mysql_num_rows($result) == 0) {
			$_SESSION['show_feedback'] = $_SERVER['PHP_SELF'];
			header('Location: ../library/index.php?f='.F_CANT_UPLOAD_NO_PUBLIC);
			exit;
		}
	}


require(AC_INCLUDE_PATH.'header.inc.php');
	
	if (isset($error)) {
		print_errors($error);
	}

	$library_url = $library_input = '';
	if (isset($_GET['library'])) {
		$library_url   = '?library=1';
		$library_input = '<input type="hidden" name="library" value="1" />';
		echo '<h3>'._AC('adding_to_library').'</h3>';
	}

$folders = get_folders();
if ($folders || has_private_folder($_SESSION['member_id'])) {
?>
<br />
<form method="post" action="<?php echo $_SERVER['PHP_SELF'] . $library_url; ?>" enctype="multipart/form-data" name="form" id="form">
	<?php echo $library_input; ?>
	<table border="0" cellspacing="0" cellpadding="2" align="center" class="box2">
	<tr>
		<th colspan="5" class="box"><h3><?php echo _AC('add_file'); ?></h3></th>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td colspan="3" class="row1"><img src="images/clr.gif" height="1" width="1" alt="" /><br /><?php
			echo _AC('denotes_required', '<img src="images/required.gif" height="14" width="14" alt="'._AC('required_field').'" />');
		?><br /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right"><label for="title"><b><?php echo _AC('title'); ?>:</b></label></td>
		<td class="row1"><img src="images/required.gif" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" /></td>
		<td class="row1"><input type="text" name="title" class="input" size="40" maxlength="100" id="title" value="<?php echo $_POST['title']; ?>" onfocus="this.className='input highlight'" onblur="this.className='input'" /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right" valign="top"><label for="description"><b><?php echo _AC('description'); ?>:</b></label></td>
		<td class="row1" valign="top"><img src="images/required.gif" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" class="img" /></td>
		<td class="row1"><textarea name="description" id="description" class="input" onfocus="this.className='input highlight'" onblur="this.className='input'" cols="40" rows="3"><?php echo $_POST['description']; ?></textarea></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right" valign="top"><label for="folder"><b><?php echo _AC('folder'); ?>:</b></label></td>
		<td class="row1" valign="top"><img src="images/required.gif" class="img" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" /></td>
		<td class="row1" valign="top">
<?php
				echo '<select name="folder" size="5" id="folder" class="input" onfocus="this.className=\'input highlight\'" onblur="this.className=\'input\'">';

				//cant upload to personal folder if personal folder disabled
				if (has_private_folder($_SESSION['member_id'])) {
					// can't upload a library file to a private folder
					if (!isset($_GET['library'])) {						
						echo '<optgroup label="'._AC('private_folders').'"><option value="0"';
						if ($fid == 0) {
							echo ' selected="selected"';
						}
						echo '>'._AC('your_personal_folder').'</option></optgroup>';
					}
				}

				echo '<optgroup label="'._AC('group_folders').'">';
				foreach ($folders as $id => $folder) {
					if ($id != 0) {
						echo '<option value="'.$id.'"';
						if ($id == $fid) {
							echo ' selected="selected"';
						}
						echo '>'.$folder['title'].'</option>';
					}						
				}
				echo '</optgroup></select>';
?>
		</td>
		<td class="row1">&nbsp;</td>
	</tr>
	<?php if (ALLOW_NOTIFY_GROUP_ADMIN && !authenticate(USER_GROUP_ADMIN, USER_RETURN_CHECK)): ?>
		<tr>
			<td class="row1">&nbsp;</td>
			<td class="row1" align="right"><label for="file"><b><?php echo _AC('notification'); ?>:</b></label></td>
			<td class="row1">&nbsp;</td>
			<td class="row1"><input type="checkbox" name="notify" value="1" id="notify" /><label for="notify"><?php echo _AC('notify_group_admin'); ?></label></td>
			<td class="row1">&nbsp;</td>
		</tr>
	<?php endif; ?>
	<tr>
		<td class="row1 nobar">&nbsp;</td>
		<td class="row1 nobar" colspan="3"><?php echo _AC('optional_initial_file'); ?></td>
		<td class="row1 nobar">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1 nobar">&nbsp;</td>
		<td class="row1 nobar" align="right"><label for="file"><b><?php echo _AC('file'); ?>:</b></label></td>
		<td class="row1 nobar"><?php if (!isset($_GET['library'])): ?>
								&nbsp;
								<?php else: ?>
								<img src="images/required.gif" class="img" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" />
								<?php endif; ?></td>
		<td class="row1 nobar"><input type="file" name="file" id="file" class="input" size="30" onfocus="this.className='input highlight'" onblur="this.className='input'" /></td>
		<td class="row1 nobar">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" align="right" valign="top"><label for="file_description"><b><?php echo _AC('description'); ?>:</b></label></td>
		<td class="row1" valign="top"><?php if (!isset($_GET['library'])): ?>
								&nbsp;
								<?php else: ?>
								<img src="images/required.gif" class="img" height="14" width="14" alt="<?php echo _AC('required_field'); ?>" />
								<?php endif; ?></td>
		<td class="row1"><textarea name="file_description" id="file_description" class="input" onfocus="this.className='input highlight'" onblur="this.className='input'" cols="40" rows="3"><?php echo $_POST['file_description']; ?></textarea></td>
		<td class="row1">&nbsp;</td>
	</tr>
	<tr>
		<td class="row1">&nbsp;</td>
		<td class="row1" colspan="3" align="right"><br /><input type="submit" name="submit" value="<?php echo _AC('add_file'); ?>" class="submitY" onfocus="this.className='submitY highlight'" onblur="this.className='submitY'" /> &nbsp; <input type="submit" name="cancel" value="<?php echo _AC('cancel'); ?>" class="submitN" onfocus="this.className='submitN highlight'" onblur="this.className='submitN'" /><br /><br /></td>
		<td class="row1">&nbsp;</td>
	</tr>
	</table>
</form>

<?php
} else { // if no folders exist
	$errors[] = E_NO_FOLDERS_FOUND;
	print_errors($errors);
}
	require(AC_INCLUDE_PATH.'footer.inc.php');
?>
Return current item: ACollab