<?
if(isset($_GET["id"]) && $_GET["id"]!="") {
$id=$_GET['id'];
} else {
exit("Bad request");
}
if(isset($_GET["folder"]) && $_GET["folder"]!="") {
$folder_id=$_GET['folder'];
} else {
exit("Bad request");
}
$MustLogin=1|2|4;
require_once("libs/header.php");
require_once(LIBPATH."multipage.php");
require_once("libs/databasetree.php");
$userlevel=$CurUser->getlevel();
$userid=$CurUser->getid();
$folisttree=new databasetree($mysql, DB_PREFIX."folders");
$folisttreeresult=$folisttree->get_array("Root Folder", "... ");
$flist = $folisttreeresult;
$flisttest = $flist;
if($userlevel==-1 || $userlevel==0) {
$flisttest=$folisttreeresult;
} else
if($userlevel!=-1 || $userlevel!=0) {
$group1=array();
$sql1 = "SELECT * FROM `".DB_PREFIX."access_list` WHERE group_id='".$userlevel."'";
if(!$mysql->query($sql1)) {
exit($mysql->error);
}
while(!$mysql->EOF) {
$group1[$mysql->field("folder_id")]=$mysql->field("group_id");
$mysql->movenext();
}
$group2=array();
$sql2 = "SELECT * FROM `".DB_PREFIX."access_list` WHERE group_id!='".$userlevel."'";
if(!$mysql->query($sql2)) {
exit($mysql->error);
}
while(!$mysql->EOF) {
$group2[$mysql->field("folder_id")]=$mysql->field("group_id");
$mysql->movenext();
}
foreach ($group2 as $kgroup2 => $vgroup2) {
if (!array_key_exists($kgroup2, $group1) and strval($kgroup2) != '0') {
unset($flisttest[$kgroup2]);
}
}
foreach ($flist as $kflisttest => $vflisttest) {
if (!array_key_exists($kflisttest, $group1) and !array_key_exists($kflisttest, $group2) and strval($kflisttest) != '0') {
unset($flisttest[$kflisttest]);
}
}
}
$form=array(
"method"=>"POST",
"action"=>"",
"message"=>"",
"errorcount"=>0,
"fields"=>array(
"choose"=>array("type"=>"select",
"description"=>$lang['copy_to'],
"error"=>$lang['select_destination_folder'],
"extra"=>$flisttest
)
),
"submit"=>$lang['copy']
);
$userform=new UserForms($form["fields"]);
$smarty->assign("action", $lang['copy_file']);
$form["submit"]=$lang['copy'];
if($_SERVER["REQUEST_METHOD"]==$form["method"]) {
$userform->load($form["fields"], $_POST);
$form["errorcount"]=$userform->check($form["fields"]);
if($form["errorcount"]==0) {
$cleanup = $userform->sql($form["fields"]);
$do = preg_match("/\d+/", $cleanup, $matches);
if ($do = true) {
$clean=$matches['0'];
$found = $clean;
if ($found!='0') {
$goodtogo = '1';
}
if ($found=='0') {
$goodtogo = '0';
$form["errorcount"]=1;
$form["message"]=$lang['no_move_this_file'];
}
} else { exit("Bad request"); }
if($goodtogo == '1') {
$sql3 = "SELECT * FROM `".DB_PREFIX."file_list` WHERE id='".$_GET['id']."'";
if(!$mysql->query($sql3)) {
exit($mysql->error);
}
$rfid = $mysql->field("id");
$rfilename = $mysql->field("filename");
$rdownload = $mysql->field("download");
$rfolder_id =$mysql->field("folder_id");
$rdescript = $mysql->field("descript");
$rfile_type = $mysql->field("file_type");
$ruser_id = $mysql->field("user_id");
$rfilesize = $mysql->field("filesize");
$rdateadd = $mysql->field("dateadd");
$rconfirm = $mysql->field("confirm");
$rlastchange = $mysql->field("lastchange");
$name=strval(time()).'u'.$userid.'.dat';
$SQL="INSERT INTO fstore_file_list SET filename='".strval($rfilename)."', download='".strval($name)."', folder_id='".strval($found)."', descript='".strval($rdescript)."', file_type='".strval($rfile_type)."', user_id='".strval($userid)."', filesize='".strval($rfilesize)."', dateadd=NOW(), confirm='".strval($rconfirm)."'";
if(!$mysql->query($SQL)) {
exit($mysql->error);
}
copy('data/'.$rdownload, 'data/'.$name);
Header("Location:folder.php?id=".$_GET['folder']);
exit();
}
}
}
$smarty->assign("form", $form);
$smarty->display("control/form2.tpl");
?>