Location: PHPKode > projects > lcdata > lcdata-0.0.1/frontend-web/frmdocuments.php3
<?
$frm_color='a0c0b8';

$config_uploadpath="/usr/local/soft/apache_1.3.12/htdocs/lcdata/UPLOAD/";
$fileserver="http://prompt.lihas.de/";   
$fileserverurl="http://prompt.lihas.de/lcdata/UPLOAD/";

include 'includes/funktions.php';

//error_reporting(1);
$conn = connectdb();
getuserdaten();

require 'includes/labels.php';

dohistory("frmdocuments.php3?$whereami=$whereami");

$burl="frmdocuments.php3?$whereami=$whereami";

$maxfilesize=2000000; // max 2 MB



function printdrawers($base,$tiefe){
   global $conn,$Rfrmsee,$Rfrmopen,$whereami;
   $sql= "SELECT * FROM documentdrawers where dd_drawer=$base ORDER BY dd_gid";
   $result = SQL_exec ($conn,$sql);
   for($row=0;$row<pg_numrows( $result );$row++){
    
     $data = pg_fetch_object ($result, $row);
     if (gidhasright("$data->dd_gid","$Rfrmsee")){
       if (gidhasright("$data->dd_gid","$Rfrmopen")){
         print "<tr><td>";
         for ($i=0;$i<$tiefe;$i++){ print "&#160;&#160;";  }
         print "<a href=\"frmdocuments.php3?whereami=$data->dd_gid\"><img src=\"gfx/drawer";
         if ($data->dd_gid==$whereami) {
           print "open";
           $hereiam=$data->dd_name;
         }
         print ".gif\" border=0>$data->dd_name</a></td></tr>";
         $tiefe2=$tiefe+1;
         printdrawers($data->dd_gid,$tiefe2);

       }else{
         print "<tr><td>";
         for ($i=0;$i<$tiefe;$i++){ print "&#160;&#160;";  }
         print "<img src=\"gfx/drawerlock";
         print ".gif\" border=0>$data->dd_name</td></tr>";
       }
     }
   }
}




if ($delete){
	$sql = "DELETE FROM documents WHERE dc_gid=$dc_gid";
	$result = SQL_exec ($conn,$sql);
// Das Dokument an sich muss noch geloescht werden
}

if ($delete_dir){

//stimmt hier $whereami? d.h. ggf. eine andere var

//loeschen in documentdrawers
	$sql= "DELETE FROM documentdrawers WHERE dd_gid=$whereami";
     	$result = SQL_exec ($conn,$sql);

//loeschen in gidrights
	$sql = "DELETE FROM gidrights WHERE gr_gid=$whereami";
	$result = SQL_exec ($conn,$sql);

//loeschen in documents : ACHTUNG Die RECHTE werden noch nicht gelöscht!!
	$sql = "DELETE FROM documents WHERE dc_drawer=$whereami";
	$result = SQL_exec ($conn,$sql);

//loeschen der eigentlichen Datei
//Zu beachten: dem User muss mitgeteil werde das noch Datein vorhanden sind.
//Oder soll diese funktion nur rmdir "spielen", d.h. nur leere dir's loeschen
//(koennen)?
}

if (empty($whereami)) $whereami=900;

if (empty($userfile)){


   if ((!empty($adddrawer)) && (!empty($drawername)) ){

//erstellen des Ordners
	$sql= "INSERT INTO documentdrawers (dd_drawer,dd_name) VALUES ($whereami,'$drawername')";     
  	$result = SQL_exec ($conn,$sql);

	$oid    = pg_getlastoid($result);
	$sql    = "SELECT * FROM documentdrawers WHERE oid=$oid";
	$result = SQL_exec ($conn, $sql);
        $data   = pg_fetch_object ($result, 0);
        $dd_gid = $data->dd_gid;
//Dem Eigentuemer werden alle Rechte am Ordner gegeben	
//Soll der Eigentuemer das ueberhaupt haben?	
	$sql= "INSERT INTO gidrights (gr_gid,gr_userid,gr_userrights) VALUES ($dd_gid,$usrd->us_userid,-1)";
    	$result = SQL_exec ($conn,$sql);
// Ordner bekommen die selben rechte wie der √úbergeordnete Ordner!!!
        $sql    = "INSERT INTO gidrights (gr_gid,gr_userid,gr_userrights) SELECT $dd_gid, gr_userid, gr_userrights FROM gidrights WHERE gr_gid=$whereami";
        $result = SQL_exec ($conn, $sql);

//Der Gruppe ADMIN werden (im moment per gid) auch alle Rechte an dem Ordner gegeben
//	$sql = "INSERT INTO gidrights (gr_gid,gr_userid,gr_userrights) VALUES ($dd_gid,9,-1)";
//	$result = SQL_exec ($conn,$sql);

        $whereami=$dd_gid;  // aktiviere neuen Ordner
   }

   if (!(empty($move))){
     $maxRows=count($selectfiles);
     for ($row=0;$row < $maxRows; $row++){
       $sql= "update documents set dc_drawer=$movetoid WHERE dc_gid=$selectfiles[$row]";     
       $result = SQL_exec ($conn,$sql);
     }
   }


   print ("<html><head></head><body bgcolor=\"#$frm_color\"><center><h3>$lb_dok_upload</h3>");

print "<form>";

print "<table>";
print "<tr valign=top><td>";

   print "<table>";

   printdrawers(0,0);



   print "</table>";

print "</td><td>";

   $sql= "SELECT * FROM documents, documentdrawers WHERE (dc_drawer=dd_gid) AND (dc_drawer=$whereami) ";
   $result = SQL_exec ($conn,$sql);
   $treffer=0;


   print "<input type=hidden name=\"whereami\" value=\"$whereami\" >";
   print "<table>";
   print "<tr><th colspan=7 height=$row_height bgcolor=\"#$frm_color_head\" width=500>$lb_files $lb_in_dir $hereiam ";
   if (gidhasright($whereami,$Rgidrightedit)){
     print "<a href=\"frmrightedit.php3?$dummy&typ=dod&gid=$whereami&frm_color=$frm_color&burl=$burl\" ><img src=\"gfx/$lan/rights.gif\" border=0></a>";
   }
   if (gidhasright($whereami,$Rgiddelete)){
     print "<a href=\"frmdocuments.php3?whereami=$whereami&delete_dir=true\"><img src=\"gfx/$lan/delete.gif\" border=0></a>";
   }
   print "</th></tr>";

   print "<tr>\n";
   print "<td bgcolor=\"#$frm_color_head\"><center>&nbsp;</center></td>";
   print "<td bgcolor=\"#$frm_color_head\"><center>$lb_filename</center></td>";
   print "<td bgcolor=\"#$frm_color_head\"><center>$lb_size</center></td>";
   print "<td bgcolor=\"#$frm_color_head\"><center>$lb_type</center></td>";
   print "<td bgcolor=\"#$frm_color_head\"><center>&nbsp;</center></td>";	
   print "<td bgcolor=\"#$frm_color_head\"><center>&nbsp;</center></td>";
   print "<td bgcolor=\"#$frm_color_head\"><center>&nbsp;</center></td>";
   print "</tr>\n";

   for($row=0;$row<pg_numrows( $result );$row++){
     $data = pg_fetch_object ($result, $row);
       if($treffer%2){
         $frm_color_row=$frm_color_row1;
       }
       else{
         $frm_color_row=$frm_color_row2;
       }
       $treffer++;
       print "<tr>";
       print "<td bgcolor=\"#$frm_color_row\"><input type=\"checkbox\" name=\"selectfiles[]\" value=\"$data->dc_gid\"></td>\n";
       print "<td bgcolor=\"#$frm_color_row\"><a href=\"$fileserverurl"."$data->dc_url\" target=\"_blank\">$data->dc_name </a></td>\n";
       print "<td bgcolor=\"#$frm_color_row\" width=50 align=\"right\">$data->dc_size</td>\n";
       print "<td bgcolor=\"#$frm_color_row\" width=50>$data->dc_type</td>\n";
       print "<td bgcolor=\"#$frm_color_row\" width=50>$data->dc_description&#160;</td>\n";
       print "<td bgcolor=\"#$frm_color_row\" width=50>";
       if (gidhasright($data->dc_gid,$Rgidrightedit)){
         print "<a href=\"frmrightedit.php3?$dummy&typ=doc&gid=$data->dc_gid&frm_color=$frm_color&burl=$burl\" ><img src=\"gfx/$lan/rights.gif\" border=0></a>";
       }
       print "&#160;</td>";
       print "<td bgcolor=\"#$frm_color_row\" width=50>";
       if (gidhasright($data->dc_gid,$Rgiddelete)){
  	print "<input type=\"submit\" name=\"delete\" value=\"delete\">";       
	print "<input type=\"hidden\" name=\"dc_gid\" value=\"$data->dc_gid\">";
//	print "delete";
       }
       print "&#160;</td>";

       print "</tr>";
   }

   print "</table>";

   print "<input type=submit name=\"move\" value=\"move\"> to ";
   print "<select name=\"movetoid\">";
   $sql= "SELECT * FROM documentdrawers ORDER BY dd_gid";
   $result = SQL_exec ($conn,$sql);
   for($row=0;$row<pg_numrows( $result );$row++){
    
     $data = pg_fetch_object ($result, $row);
     print "<option value=$data->dd_gid>$data->dd_name</option>";
//  print "<option value=$data->dd_gid $data->dd_name</option>";   
   }
   print "</select>";

  print "</form>"; 

  print "</td></tr>";
  print "<tr><td>";

  print "<form>";
   print "<table>";
   print "<tr><td bgcolor=\"#$frm_color_head\">";
   print "<input type=hidden name=\"whereami\" value=\"$whereami\" >";
   print "<input type=text   name=\"drawername\" value=\"\"><br>";
   print "<input type=submit name=\"adddrawer\" value=\"$lb_adddrawer\"></td></tr>";
  print "</table>";
  print "</form>"; 


  print "</td><td>";


 print "<form action=\"frmdocuments.php3\" method=post enctype=\"multipart/form-data\">";
 print "<input type=hidden name=\"whereami\" value=\"$whereami\" >";
 print "<table><tr><td bgcolor=\"#$frm_color_head\">";

  print "<INPUT TYPE=\"hidden\" value=\"12\" >";
//  name=\"MAX_FILE_SIZE\" value=\"$maxfilesize\">";
  print "<input type=file size=50 maxlength=$maxfilesize name=\"userfile\" accept=\"*\"><br>";
  print "$lb_send_new_file <input type=submit value=\"$lb_submit\">";
 print "</td></tr></table>";
 print "</form>";

 print "</td></tr></table>";

 print ("</center></body></html>");

}

//###########################################################################

else{


 print ("<html><head></head><body bgcolor=\"#$frm_color\"><center>");

 $tmp_upload_path = "/tmp/";

 print $tmp_upload_path;

 $file = basename($userfile);
  
if (strlen($file)>0){
 
 $new_filename = $config_uploadpath.$userfile_name; 
 $old_filename = $tmp_upload_path.$file;

 if ( $userfile == "none" )  $error_msg = "$lb_error_nofile"; 
 if ( $userfile_size > $maxfilesize )  $error_msg = "$lb_error_large"; 
 
 $i=1;
 $new_filename1=$new_filename;
 while ((file_exists($new_filename1)) AND ($i<10)){
   $i++;
   $new_filename1=$new_filename.$i;
 }

 if (!(copy ($userfile, $new_filename1))){
   $error_msg = "$lb_error_noupload";
 }

 print "$i Tries";
      
    if ($userfile_size>0){
      $file = rawurlencode(basename($new_filename1));
      $result=SQL_exec ($conn, "INSERT INTO documents (dc_size,dc_type,dc_name,dc_url,dc_drawer) VALUES ($userfile_size,'$userfile_type','$userfile_name','$file',$whereami)");

      $oid    = pg_getlastoid($result);
      $sql    = "SELECT * FROM documents WHERE oid=$oid";
      $result = SQL_exec ($conn, $sql);
      $data   = pg_fetch_object ($result, 0);

      // neue Dokumente bekommen die selben rechte wie der Ordner in dem sie sind!!!
      $sql    = "INSERT INTO gidrights (gr_gid,gr_userid,gr_userrights) SELECT '$data->dc_gid' as gid, gr_userid, gr_userrights FROM gidrights WHERE gr_gid=$whereami";
      $result = SQL_exec ($conn, $sql);
//      $sql    = "INSERT INTO gidrights (gr_gid,gr_userid,gr_userrights) SELECT '$data->dc_gid' as gid, cr_userid, cr_userrights FROM create_gidrights WHERE cr_gid=$ordnergid AND cr_userid>0";
//      $result = SQL_exec ($conn, $sql);
 
      print "<table>";
      print "<TR><TD>USER FILE:</TD><TD> $userfile</TD></TR>"; 
      print "<TR><TD>USER FILE NAME:</TD><TD> $userfile_name</TD></TR>";
      print "<TR><TD>USER FILE SIZE:</TD><TD> $userfile_size</TD></TR>";
      print "<TR><TD>USER FILE TYPE:</TD><TD> $userfile_type</TD></TR>";
      print "</TABLE>";
   }
 
  if ( $error_msg ) {
    echo "<B> $error_msg </B>"; 
  } 
  else { 
    echo "<B> $lb_upload_ok </B>"; 
  } 

}
 print "</BODY></HTML> ";

}   

Return current item: lcdata