| 1 |
lars |
1 |
<?php
|
|
|
2 |
// dokumente Modul: Ma
|
|
|
3 |
// Implementation in jedes Modul möglich.
|
|
|
4 |
error_reporting( E_ALL & ~ E_NOTICE );
|
|
|
5 |
ini_set( "register_globals", "On" );
|
|
|
6 |
|
|
|
7 |
define( "Range", 100 );
|
|
|
8 |
define( "modul_name", "Warenwirtschaft" );
|
|
|
9 |
define( "tool_name", "bestellung" );
|
|
|
10 |
define( "propertie", "dokument" );
|
|
|
11 |
|
|
|
12 |
// Diese Angaben sind momentan zwingend
|
|
|
13 |
if ( !$_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign'] )
|
|
|
14 |
{
|
|
|
15 |
die( "Fehlende Parameter! Skript kann nicht ausgeführt werden" );
|
|
|
16 |
}
|
|
|
17 |
|
|
|
18 |
// Modulkonfigurationen
|
|
|
19 |
// Modconf => Bestellung
|
|
|
20 |
$moduleTyp['Bestellung'] = array( "table_foreign" => "Bestellung",
|
|
|
21 |
"row_foreign" => "ID", "data_foreign" => "ID" );
|
|
|
22 |
// Modconf => Artikel
|
|
|
23 |
$moduleTyp['Artikel'] = array( "table_foreign" => "artikel",
|
|
|
24 |
"row_foreign" => "ID", "data_foreign" => "ID" );
|
|
|
25 |
|
|
|
26 |
|
|
|
27 |
require "../Online-Shop/connect2.php";
|
|
|
28 |
require "includes/splitModProps.function.php";
|
|
|
29 |
|
|
|
30 |
|
|
|
31 |
// Global select
|
|
|
32 |
$sql = "SELECT * FROM dokumente";
|
|
|
33 |
$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error
|
|
|
34 |
() . "<hr>" . nl2br( $sql ) . "<hr>" );
|
|
|
35 |
|
|
|
36 |
// Propertie Daten
|
|
|
37 |
// $web_rechte_fieldData = explode(";", $web_rechte[modul_name][tool_name][propertie]);
|
|
|
38 |
$web_rechte_fieldData = splitModProps( $web_rechte );
|
|
|
39 |
|
|
|
40 |
// Upload Verzeichnis (momentan noch statisch)
|
|
|
41 |
$uploadPath = $webs['verzeichnis'] . "/images/dokumente/";
|
|
|
42 |
// Upload Felder (Einstellen im CMS: Daten;Daten;Felder:4;)
|
|
|
43 |
$numFields = !isset( $web_rechte_fieldData['Felder'] ) ? 1 : $web_rechte_fieldData['Felder'];
|
|
|
44 |
$fileFilter = !isset( $web_rechte_fieldData['Filter'] ) ?
|
|
|
45 |
"(.jpg|.gif|.png|.pdf|.PDF|.doc|.docx|.rtf)" : "(" . $web_rechte_fieldData['Filter'] .
|
|
|
46 |
")";
|
|
|
47 |
|
|
|
48 |
// Unreferenzierte Daten löschen
|
|
|
49 |
if ( array_key_exists( 'unRefDelete', $_REQUEST ) && $_SERVER['PHP_AUTH_USER'] ==
|
|
|
50 |
'admin' )
|
|
|
51 |
{
|
|
|
52 |
$del = false;
|
|
|
53 |
$d = dir( $uploadPath );
|
|
|
54 |
while ( false !== ( $elem = $d->read() ) )
|
|
|
55 |
{
|
|
|
56 |
$elemId = substr( $elem, 0, strpos( $elem, "_" ) );
|
|
|
57 |
$data_foreign = $elemId;
|
|
|
58 |
// Global select
|
|
|
59 |
$sql = "SELECT * FROM dokumente WHERE document = '$elem'";
|
|
|
60 |
$result = mysql_query( $sql ) or die( mysql_errno() . ": " .
|
|
|
61 |
mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );
|
|
|
62 |
if ( mysql_num_rows( $result ) > 0 )
|
|
|
63 |
{
|
|
|
64 |
}
|
|
|
65 |
else
|
|
|
66 |
{
|
|
|
67 |
if ( $elem != '..' && $elem != '.' )
|
|
|
68 |
{
|
|
|
69 |
$sql = "DELETE FROM dokumente WHERE document = '$elem'";
|
|
|
70 |
$result = mysql_query( $sql ) or die( mysql_errno() .
|
|
|
71 |
": " . mysql_error() . "<hr>" . nl2br( $sql ) .
|
|
|
72 |
"<hr>" );
|
|
|
73 |
if ( file_exists( $uploadPath . $elem ) )
|
|
|
74 |
{
|
|
|
75 |
unlink( $uploadPath . $elem );
|
|
|
76 |
$del = true;
|
|
|
77 |
}
|
|
|
78 |
}
|
|
|
79 |
//$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
|
|
|
80 |
}
|
|
|
81 |
}
|
|
|
82 |
|
|
|
83 |
$d->close();
|
|
|
84 |
if ( $del )
|
|
|
85 |
{
|
|
|
86 |
die( "Unreferenzierte Daten wurden gelöscht!" );
|
|
|
87 |
}
|
|
|
88 |
else
|
|
|
89 |
{
|
|
|
90 |
die( "Nichts zu löschen!" );
|
|
|
91 |
}
|
|
|
92 |
}
|
|
|
93 |
// DatenbankFelder
|
|
|
94 |
// table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von
|
|
|
95 |
|
|
|
96 |
$interneModulRechte = array( 0 => propertie . "_read", 1 => propertie .
|
|
|
97 |
"_delete", 2 => propertie . "_add" );
|
|
|
98 |
|
|
|
99 |
if ( isset( $user_rechte[modul_name][tool_name][$interneModulRechte[0]] ) )
|
|
|
100 |
{
|
|
|
101 |
if ( $_POST['action'] )
|
|
|
102 |
{
|
|
|
103 |
$error = array();
|
|
|
104 |
foreach ( array_keys( $_FILES['file'] ) as $fileId )
|
|
|
105 |
{
|
|
|
106 |
foreach ( array_keys( $_FILES['file'][$fileId] ) as $number )
|
|
|
107 |
{
|
|
|
108 |
/* Fehler abfangen */
|
|
|
109 |
switch ( $fileId )
|
|
|
110 |
{
|
|
|
111 |
case 'name':
|
|
|
112 |
if ( !ereg( $fileFilter, $_FILES['file'][$fileId][$number] ) )
|
|
|
113 |
{
|
|
|
114 |
$error['name'][$number] =
|
|
|
115 |
"Fehler im Dateinamen!";
|
|
|
116 |
}
|
|
|
117 |
break;
|
|
|
118 |
case 'type':
|
|
|
119 |
/*
|
|
|
120 |
if (!ereg("(image)",$_FILES['file'][$fileId][$number])){
|
|
|
121 |
$error['type'][$number]="Fehler im Dateityp!";
|
|
|
122 |
}
|
|
|
123 |
*/
|
|
|
124 |
break;
|
|
|
125 |
case 'tmp_name':
|
|
|
126 |
//
|
|
|
127 |
break;
|
|
|
128 |
case 'error':
|
|
|
129 |
if ( $_FILES['file'][$fileId][$number] == 1 )
|
|
|
130 |
{
|
|
|
131 |
$error['error'][$number] =
|
|
|
132 |
"Externer Fehler beim upload!";
|
|
|
133 |
}
|
|
|
134 |
break;
|
|
|
135 |
case 'size':
|
|
|
136 |
if ( $_FILES['file'][$fileId][$number] > 1028000 )
|
|
|
137 |
{
|
|
|
138 |
$error['size'][$number] =
|
|
|
139 |
"Datei zu gross fuer den Upload: > " . $_FILES['file'][$fileId][$number];
|
|
|
140 |
}
|
|
|
141 |
break;
|
|
|
142 |
$i++;
|
|
|
143 |
}
|
|
|
144 |
}
|
|
|
145 |
}
|
|
|
146 |
// Upload
|
|
|
147 |
if ( sizeof( $error[$fileId] ) == 0 )
|
|
|
148 |
{
|
|
|
149 |
foreach ( array_keys( $_FILES['file']['name'] ) as $number )
|
|
|
150 |
{
|
|
|
151 |
$fname = $_FILES['file']['name'][$number];
|
|
|
152 |
$fname = str_replace( "ä", "ae", $fname );
|
|
|
153 |
$fname = str_replace( "ö", "oe", $fname );
|
|
|
154 |
$fname = str_replace( "ü", "ue", $fname );
|
|
|
155 |
$fname = str_replace( "ß", "ss", $fname );
|
|
|
156 |
$fname = str_replace( "Ä", "Ae", $fname );
|
|
|
157 |
$fname = str_replace( "Ö", "Oe", $fname );
|
|
|
158 |
$fname = str_replace( "Ü", "Ue", $fname );
|
|
|
159 |
$file = $_REQUEST['data_foreign'] . "_" . $fname;
|
|
|
160 |
if ( is_uploaded_file( $_FILES['file']['tmp_name'][$number] ) )
|
|
|
161 |
{
|
|
|
162 |
// $_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']
|
|
|
163 |
// id table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von
|
|
|
164 |
$sql = "
|
|
|
165 |
REPLACE INTO dokumente
|
|
|
166 |
(
|
|
|
167 |
table_foreign,
|
|
|
168 |
row_foreign,
|
|
|
169 |
data_foreign,
|
|
|
170 |
document,
|
|
|
171 |
letzte_aenderung_am,
|
|
|
172 |
letzte_aenderung_von
|
|
|
173 |
)
|
|
|
174 |
VALUES
|
|
|
175 |
(
|
|
|
176 |
'" . $_REQUEST['table_foreign'] . "',
|
|
|
177 |
'" . $_REQUEST['row_foreign'] . "',
|
|
|
178 |
'" . $_REQUEST['data_foreign'] . "',
|
|
|
179 |
'" . $file . "',
|
|
|
180 |
NOW(),
|
|
|
181 |
'" . $PHP_AUTH_USER . "'
|
|
|
182 |
)
|
|
|
183 |
";
|
|
|
184 |
$result = mysql_query( $sql ) or die( mysql_errno() .
|
|
|
185 |
": " . mysql_error() . "<hr>" . nl2br( $sql ) .
|
|
|
186 |
"<hr>" );
|
|
|
187 |
|
|
|
188 |
if ( !$result )
|
|
|
189 |
{
|
|
|
190 |
$error[] = $sql;
|
|
|
191 |
}
|
|
|
192 |
else
|
|
|
193 |
{
|
|
|
194 |
$msg[] = "Der SQL wurde ausgeführt";
|
|
|
195 |
}
|
|
|
196 |
|
|
|
197 |
if ( move_uploaded_file( $_FILES['file']['tmp_name'][$number],
|
|
|
198 |
$uploadPath . $file ) )
|
|
|
199 |
{
|
|
|
200 |
$msg[$number] = "Datei wurde kopiert nach " . $uploadPath .
|
|
|
201 |
$file . "<br>";
|
|
|
202 |
|
|
|
203 |
//copy($_FILES['userfile'], $uploadPath);
|
|
|
204 |
}
|
|
|
205 |
else
|
|
|
206 |
{
|
|
|
207 |
//echo "Mögliche Dateiupload-Attacke: Dateiname '$_FILES[userfile]'.";
|
|
|
208 |
$msg[$number] = "Dateiupload-Hack: Dateiname " .
|
|
|
209 |
$uploadPath . $file . "<br>";
|
|
|
210 |
}
|
|
|
211 |
}
|
|
|
212 |
}
|
|
|
213 |
}
|
|
|
214 |
}
|
|
|
215 |
|
|
|
216 |
if ( $_REQUEST['action'] == 'unlink' )
|
|
|
217 |
{
|
|
|
218 |
|
|
|
219 |
$sql = "SELECT * FROM dokumente WHERE id = '" . $_REQUEST['id'] .
|
|
|
220 |
"'";
|
|
|
221 |
$result = mysql_query( $sql ) or die( mysql_errno() . ": " .
|
|
|
222 |
mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );
|
|
|
223 |
$db = mysql_fetch_assoc( $result );
|
|
|
224 |
$file = $db['document'];
|
|
|
225 |
|
|
|
226 |
if ( @unlink( $uploadPath . $file ) )
|
|
|
227 |
{
|
|
|
228 |
$msg[] = "Datei wurde gelöscht!";
|
|
|
229 |
}
|
|
|
230 |
else
|
|
|
231 |
{
|
|
|
232 |
$error[] = "Datei wurde nicht gelöscht!";
|
|
|
233 |
}
|
|
|
234 |
|
|
|
235 |
$sql = "
|
|
|
236 |
|
|
|
237 |
DELETE
|
|
|
238 |
FROM dokumente
|
|
|
239 |
WHERE
|
|
|
240 |
id = '" . $_REQUEST['id'] . "'
|
|
|
241 |
";
|
|
|
242 |
|
|
|
243 |
$result = mysql_query( $sql ) or die( mysql_errno() . ": " .
|
|
|
244 |
mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );
|
|
|
245 |
|
|
|
246 |
if ( $result )
|
|
|
247 |
{
|
|
|
248 |
$unlink = true;
|
|
|
249 |
$msg[] = "Datei wurde aus der Datenbank entfernt.";
|
|
|
250 |
}
|
|
|
251 |
}
|
|
|
252 |
?>
|
|
|
253 |
|
|
|
254 |
<html>
|
|
|
255 |
<head>
|
|
|
256 |
<title>Content-Management-System - Webagentur Niewerth</title>
|
|
|
257 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|
|
|
258 |
<meta name="description" content="Redaktionssystem">
|
|
|
259 |
<meta name="author" content="Webagentur Niewerth">
|
|
|
260 |
<meta name="robots" content="noindex">
|
|
|
261 |
|
|
|
262 |
<link rel=stylesheet type="text/css" href="/styles/styles.php">
|
|
|
263 |
<style type="text/css">
|
|
|
264 |
<!--
|
|
|
265 |
/* Anpassung Markus Niewerth */
|
|
|
266 |
/* Druckbarer Bereich */
|
|
|
267 |
@media print {
|
|
|
268 |
#noprint { display:none; }
|
|
|
269 |
.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:underline}
|
|
|
270 |
.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:underline}
|
|
|
271 |
.status_off {color: #000000; text-decoration : none ; }
|
|
|
272 |
.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:underline}
|
|
|
273 |
.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:underline}
|
|
|
274 |
.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:underline}
|
|
|
275 |
.status_green {color: #000000; background-color: #00FF00; text-decoration:underline}
|
|
|
276 |
.status_white {color: #000000; background-color: #FFFFFF; text-decoration:underline}
|
|
|
277 |
}
|
|
|
278 |
|
|
|
279 |
/* Sichtbarer Bereich */
|
|
|
280 |
@media screen {
|
|
|
281 |
.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:none}
|
|
|
282 |
.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:none}
|
|
|
283 |
.status_off {color: #000000; text-decoration : none ; }
|
|
|
284 |
.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:none}
|
|
|
285 |
.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:none}
|
|
|
286 |
.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:none}
|
|
|
287 |
.status_green {color: #000000; background-color: #00FF00; text-decoration:none}
|
|
|
288 |
.status_white {color: #000000; background-color: #FFFFFF; text-decoration:none}
|
|
|
289 |
}
|
|
|
290 |
-->
|
|
|
291 |
</style>
|
|
|
292 |
|
|
|
293 |
<script type="text/jscript">
|
|
|
294 |
function openerReturn()
|
|
|
295 |
{
|
|
|
296 |
/*opener.formname.action = "bestellungen_neu.php?update[current]";
|
|
|
297 |
opener.formname.submit();*/
|
|
|
298 |
opener.location.reload();
|
|
|
299 |
self.close();
|
|
|
300 |
}
|
|
|
301 |
|
|
|
302 |
function addAttach(obj)
|
|
|
303 |
{
|
|
|
304 |
source=document.getElementById(obj)
|
|
|
305 |
clone=source.cloneNode(true);
|
|
|
306 |
clone.removeAttribute("id");
|
|
|
307 |
|
|
|
308 |
source.parentNode.appendChild(clone);
|
|
|
309 |
|
|
|
310 |
/* Seite an Inhalt anpassen */
|
|
|
311 |
var hoehe1 = eval(document.all.Inhalt.offsetHeight);
|
|
|
312 |
resizeTo(500,((hoehe1)+(115)));
|
|
|
313 |
//document.getElementById('Inhalt').style.height = (eval(document.all.Inhalt.offsetHeight)+(110)) + "px";
|
|
|
314 |
}
|
|
|
315 |
|
|
|
316 |
function removeAttach(obj)
|
|
|
317 |
{
|
|
|
318 |
div = obj.parentNode;
|
|
|
319 |
td = obj.parentNode.parentNode;
|
|
|
320 |
if (!div.id) {
|
|
|
321 |
td.removeChild(div);
|
|
|
322 |
<?php
|
|
|
323 |
if ( $_SERVER['PHP_AUTH_USER'] == 'admin' )
|
|
|
324 |
{
|
|
|
325 |
?>
|
|
|
326 |
/* Seite an Inhalt anpassen */
|
|
|
327 |
var hoehe2 = eval(document.getElementById('Inhalt').style.height);
|
|
|
328 |
alert(hoehe2);
|
|
|
329 |
resizeTo(500,((hoehe1)-(115)));
|
|
|
330 |
<?php
|
|
|
331 |
}
|
|
|
332 |
?>
|
|
|
333 |
}
|
|
|
334 |
|
|
|
335 |
}
|
|
|
336 |
|
|
|
337 |
function removeDoc(obj)
|
|
|
338 |
{
|
|
|
339 |
obj=document.getElementById(obj)
|
|
|
340 |
div = obj.parentNode;
|
|
|
341 |
td = obj.parentNode.parentNode;
|
|
|
342 |
if (!div.id) { td.removeChild(div); }
|
|
|
343 |
}
|
|
|
344 |
<?php
|
|
|
345 |
if ( ( !sizeof( $error ) && $_POST['action'] ) || $unlink )
|
|
|
346 |
echo "openerReturn();"
|
|
|
347 |
?>
|
|
|
348 |
</script>
|
|
|
349 |
<body bgcolor="#FFFFFF" leftmargin="20" topmargin="10" marginwidth="20" marginheight="10" text="#000096" id="Inhalt">
|
|
|
350 |
<form method="post" action="#" name="formname" enctype="multipart/form-data">
|
|
|
351 |
<?php
|
|
|
352 |
if ( $_GET['action'] == "edit" || empty( $_GET['action'] ) )
|
|
|
353 |
{
|
|
|
354 |
?>
|
|
|
355 |
<table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolorlight="#FFFFFF" bordercolordark="#999999">
|
|
|
356 |
<?php
|
|
|
357 |
for ( $i = 0; $i < $numFields; $i++ )
|
|
|
358 |
{
|
|
|
359 |
?>
|
|
|
360 |
<tr>
|
|
|
361 |
<td width="13%" valign="top" class="links">Datei</td>
|
|
|
362 |
<td class="rechts">
|
|
|
363 |
<div id="fileAttach">
|
|
|
364 |
<input type="file" name="file[]" id="file[]">
|
|
|
365 |
<input type="button" value=" + " onClick="addAttach('fileAttach')">
|
|
|
366 |
<input type="button" value=" - " onClick="removeAttach(this)">
|
|
|
367 |
</div>
|
|
|
368 |
</td>
|
|
|
369 |
</tr>
|
|
|
370 |
<?php
|
|
|
371 |
}
|
|
|
372 |
?>
|
|
|
373 |
<tr>
|
|
|
374 |
<td align="right" colspan="2" class="links">
|
|
|
375 |
<table width="100%" border="0" cellspacing="0" cellpadding="0">
|
|
|
376 |
<tr>
|
|
|
377 |
<td width="13%"> </td>
|
|
|
378 |
<td width="87%" align="right">
|
|
|
379 |
<!-- table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von -->
|
|
|
380 |
<input name="id" type="hidden" id="id" value="<?php echo $zeile['id']
|
|
|
381 |
?>">
|
|
|
382 |
<input name="table_foreign" type="hidden" id="table_foreign" value="<?php echo
|
|
|
383 |
$_GET['table_foreign']
|
|
|
384 |
?>">
|
|
|
385 |
<input name="row_foreign" type="hidden" id="row_foreign" value="<?php echo
|
|
|
386 |
$_GET['row_foreign']
|
|
|
387 |
?>">
|
|
|
388 |
<input name="data_foreign" type="hidden" id="data_foreign" value="<?php echo
|
|
|
389 |
$_GET['data_foreign']
|
|
|
390 |
?>">
|
|
|
391 |
<input type="hidden" name="action" value="update">
|
|
|
392 |
<input type="submit" value="OK">
|
|
|
393 |
<input type="reset" name="Button" value="Zurücksetzen">
|
|
|
394 |
</td>
|
|
|
395 |
</tr>
|
|
|
396 |
</table>
|
|
|
397 |
</td>
|
|
|
398 |
</tr>
|
|
|
399 |
</table>
|
|
|
400 |
<?php
|
|
|
401 |
echo is_array( $error ) ? nl2br( returnMessage( $error ) ) :
|
|
|
402 |
"";
|
|
|
403 |
echo is_array( $msg ) ? nl2br( returnMessage( $msg ) ) : "";
|
|
|
404 |
} //_POST['action']
|
|
|
405 |
}
|
|
|
406 |
else
|
|
|
407 |
{
|
|
|
408 |
echo "Zugriff verweigert!";
|
|
|
409 |
}
|
|
|
410 |
?>
|
|
|
411 |
</form>
|
|
|
412 |
</body>
|