Subversion-Projekte lars-tiefland.content-management

Revision

Details | Letzte Änderung | Log anzeigen | RSS feed

Revision Autor Zeilennr. Zeile
1 lars 1
<?php
2
    // dokumente Modul: Ma
3
    // Implementation in jedes Modul möglich.
4
    error_reporting( E_ALL & ~ E_NOTICE );
5
    ini_set( "register_globals", "On" );
6
 
7
    define( "Range", 100 );
8
    define( "modul_name", "Warenwirtschaft" );
9
    define( "tool_name", "bestellung" );
10
    define( "propertie", "dokument" );
11
 
12
    // Diese Angaben sind momentan zwingend
13
    if ( !$_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign'] )
14
    {
15
        die( "Fehlende Parameter! Skript kann nicht ausgeführt werden" );
16
    }
17
 
18
    // Modulkonfigurationen
19
    // Modconf => Bestellung
20
    $moduleTyp['Bestellung'] = array( "table_foreign" => "Bestellung",
21
        "row_foreign" => "ID", "data_foreign" => "ID" );
22
    // Modconf => Artikel
23
    $moduleTyp['Artikel'] = array( "table_foreign" => "artikel",
24
        "row_foreign" => "ID", "data_foreign" => "ID" );
25
 
26
 
27
    require "../Online-Shop/connect2.php";
28
    require "includes/splitModProps.function.php";
29
 
30
 
31
    // Global select
32
    $sql = "SELECT * FROM dokumente";
33
    $result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error
34
        () . "<hr>" . nl2br( $sql ) . "<hr>" );
35
 
36
    // Propertie Daten
37
    // $web_rechte_fieldData = explode(";", $web_rechte[modul_name][tool_name][propertie]);
38
    $web_rechte_fieldData = splitModProps( $web_rechte );
39
 
40
    // Upload Verzeichnis (momentan noch statisch)
41
    $uploadPath = $webs['verzeichnis'] . "/images/dokumente/";
42
    // Upload Felder (Einstellen im CMS: Daten;Daten;Felder:4;)
43
    $numFields = !isset( $web_rechte_fieldData['Felder'] ) ? 1 : $web_rechte_fieldData['Felder'];
44
    $fileFilter = !isset( $web_rechte_fieldData['Filter'] ) ?
45
        "(.jpg|.gif|.png|.pdf|.PDF|.doc|.docx|.rtf)" : "(" . $web_rechte_fieldData['Filter'] .
46
        ")";
47
 
48
    // Unreferenzierte Daten löschen
49
    if ( array_key_exists( 'unRefDelete', $_REQUEST ) && $_SERVER['PHP_AUTH_USER'] ==
50
        'admin' )
51
    {
52
        $del = false;
53
        $d = dir( $uploadPath );
54
        while ( false !== ( $elem = $d->read() ) )
55
        {
56
            $elemId = substr( $elem, 0, strpos( $elem, "_" ) );
57
            $data_foreign = $elemId;
58
            // Global select
59
            $sql = "SELECT * FROM dokumente WHERE document = '$elem'";
60
            $result = mysql_query( $sql ) or die( mysql_errno() . ": " .
61
                mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );
62
            if ( mysql_num_rows( $result ) > 0 )
63
            {
64
            }
65
            else
66
            {
67
                if ( $elem != '..' && $elem != '.' )
68
                {
69
                    $sql = "DELETE FROM dokumente WHERE document = '$elem'";
70
                    $result = mysql_query( $sql ) or die( mysql_errno() .
71
                        ": " . mysql_error() . "<hr>" . nl2br( $sql ) .
72
                        "<hr>" );
73
                    if ( file_exists( $uploadPath . $elem ) )
74
                    {
75
                        unlink( $uploadPath . $elem );
76
                        $del = true;
77
                    }
78
                }
79
                //$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
80
            }
81
        }
82
 
83
        $d->close();
84
        if ( $del )
85
        {
86
            die( "Unreferenzierte Daten wurden gel&ouml;scht!" );
87
        }
88
        else
89
        {
90
            die( "Nichts zu l&ouml;schen!" );
91
        }
92
    }
93
    // DatenbankFelder
94
    // table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von
95
 
96
    $interneModulRechte = array( 0 => propertie . "_read", 1 => propertie .
97
        "_delete", 2 => propertie . "_add" );
98
 
99
    if ( isset( $user_rechte[modul_name][tool_name][$interneModulRechte[0]] ) )
100
    {
101
        if ( $_POST['action'] )
102
        {
103
            $error = array();
104
            foreach ( array_keys( $_FILES['file'] ) as $fileId )
105
            {
106
                foreach ( array_keys( $_FILES['file'][$fileId] ) as $number )
107
                {
108
                    /* Fehler abfangen */
109
                    switch ( $fileId )
110
                    {
111
                        case 'name':
112
                            if ( !ereg( $fileFilter, $_FILES['file'][$fileId][$number] ) )
113
                            {
114
                                $error['name'][$number] =
115
                                    "Fehler im Dateinamen!";
116
                            }
117
                            break;
118
                        case 'type':
119
                            /*
120
                            if (!ereg("(image)",$_FILES['file'][$fileId][$number])){
121
                            $error['type'][$number]="Fehler im Dateityp!";
122
                            }
123
                            */
124
                            break;
125
                        case 'tmp_name':
126
                            //
127
                            break;
128
                        case 'error':
129
                            if ( $_FILES['file'][$fileId][$number] == 1 )
130
                            {
131
                                $error['error'][$number] =
132
                                    "Externer Fehler beim upload!";
133
                            }
134
                            break;
135
                        case 'size':
136
                            if ( $_FILES['file'][$fileId][$number] > 1028000 )
137
                            {
138
                                $error['size'][$number] =
139
                                    "Datei zu gross fuer den Upload: > " . $_FILES['file'][$fileId][$number];
140
                            }
141
                            break;
142
                            $i++;
143
                    }
144
                }
145
            }
146
            // Upload
147
            if ( sizeof( $error[$fileId] ) == 0 )
148
            {
149
                foreach ( array_keys( $_FILES['file']['name'] ) as $number )
150
                {
151
                    $fname = $_FILES['file']['name'][$number];
152
                    $fname = str_replace( "ä", "ae", $fname );
153
                    $fname = str_replace( "ö", "oe", $fname );
154
                    $fname = str_replace( "ü", "ue", $fname );
155
                    $fname = str_replace( "ß", "ss", $fname );
156
                    $fname = str_replace( "Ä", "Ae", $fname );
157
                    $fname = str_replace( "Ö", "Oe", $fname );
158
                    $fname = str_replace( "Ü", "Ue", $fname );
159
                    $file = $_REQUEST['data_foreign'] . "_" . $fname;
160
                    if ( is_uploaded_file( $_FILES['file']['tmp_name'][$number] ) )
161
                    {
162
                        // $_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']
163
                        // id  table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von
164
                        $sql = "
165
							REPLACE INTO dokumente
166
							(
167
								table_foreign,
168
								row_foreign,
169
								data_foreign,
170
								document,
171
								letzte_aenderung_am,
172
								letzte_aenderung_von
173
							)
174
								VALUES
175
							(
176
								'" . $_REQUEST['table_foreign'] . "',
177
								'" . $_REQUEST['row_foreign'] . "',
178
								'" . $_REQUEST['data_foreign'] . "',
179
								'" . $file . "',
180
								NOW(),
181
								'" . $PHP_AUTH_USER . "'
182
							)
183
					";
184
                        $result = mysql_query( $sql ) or die( mysql_errno() .
185
                            ": " . mysql_error() . "<hr>" . nl2br( $sql ) .
186
                            "<hr>" );
187
 
188
                        if ( !$result )
189
                        {
190
                            $error[] = $sql;
191
                        }
192
                        else
193
                        {
194
                            $msg[] = "Der SQL wurde ausgef&uuml;hrt";
195
                        }
196
 
197
                        if ( move_uploaded_file( $_FILES['file']['tmp_name'][$number],
198
                            $uploadPath . $file ) )
199
                        {
200
                            $msg[$number] = "Datei wurde kopiert nach " . $uploadPath .
201
                                $file . "<br>";
202
 
203
                            //copy($_FILES['userfile'], $uploadPath);
204
                        }
205
                        else
206
                        {
207
                            //echo "Mögliche Dateiupload-Attacke: Dateiname '$_FILES[userfile]'.";
208
                            $msg[$number] = "Dateiupload-Hack: Dateiname " .
209
                                $uploadPath . $file . "<br>";
210
                        }
211
                    }
212
                }
213
            }
214
        }
215
 
216
        if ( $_REQUEST['action'] == 'unlink' )
217
        {
218
 
219
            $sql = "SELECT * FROM dokumente WHERE id = '" . $_REQUEST['id'] .
220
                "'";
221
            $result = mysql_query( $sql ) or die( mysql_errno() . ": " .
222
                mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );
223
            $db = mysql_fetch_assoc( $result );
224
            $file = $db['document'];
225
 
226
            if ( @unlink( $uploadPath . $file ) )
227
            {
228
                $msg[] = "Datei wurde gel&ouml;scht!";
229
            }
230
            else
231
            {
232
                $error[] = "Datei wurde nicht gel&ouml;scht!";
233
            }
234
 
235
            $sql = "
236
 
237
		DELETE
238
			FROM dokumente
239
		WHERE
240
			id = '" . $_REQUEST['id'] . "'
241
		";
242
 
243
            $result = mysql_query( $sql ) or die( mysql_errno() . ": " .
244
                mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );
245
 
246
            if ( $result )
247
            {
248
                $unlink = true;
249
                $msg[] = "Datei wurde aus der Datenbank entfernt.";
250
            }
251
        }
252
?>
253
 
254
<html>
255
<head>
256
<title>Content-Management-System - Webagentur Niewerth</title>
257
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
258
<meta name="description" content="Redaktionssystem">
259
<meta name="author" content="Webagentur Niewerth">
260
<meta name="robots" content="noindex">
261
 
262
<link rel=stylesheet type="text/css" href="/styles/styles.php">
263
<style type="text/css">
264
<!--
265
/* Anpassung Markus Niewerth */
266
/* Druckbarer Bereich */
267
@media print {
268
    #noprint 			{ display:none; }
269
	.lightgray        	{color: #000000; background-color: #EEEEEE; text-decoration:underline}
270
	.darkgray        	{color: #000000; background-color: #CCCCCC; text-decoration:underline}
271
	.status_off        	{color: #000000; text-decoration : none   ;						     }
272
	.status_red        	{color: #FFFFFF; background-color: #FF0000; text-decoration:underline}
273
	.status_yellow    	{color: #000000; background-color: #FFFF00; text-decoration:underline}
274
	.status_blue    	{color: #FFFFFF; background-color: #0000FF; text-decoration:underline}
275
	.status_green    	{color: #000000; background-color: #00FF00; text-decoration:underline}
276
	.status_white    	{color: #000000; background-color: #FFFFFF; text-decoration:underline}
277
}
278
 
279
/* Sichtbarer Bereich */
280
@media screen {
281
	.lightgray        	{color: #000000; background-color: #EEEEEE; text-decoration:none}
282
	.darkgray        	{color: #000000; background-color: #CCCCCC; text-decoration:none}
283
	.status_off        	{color: #000000; text-decoration : none	;						}
284
	.status_red        	{color: #FFFFFF; background-color: #FF0000; text-decoration:none}
285
	.status_yellow    	{color: #000000; background-color: #FFFF00; text-decoration:none}
286
	.status_blue    	{color: #FFFFFF; background-color: #0000FF; text-decoration:none}
287
	.status_green    	{color: #000000; background-color: #00FF00; text-decoration:none}
288
	.status_white    	{color: #000000; background-color: #FFFFFF; text-decoration:none}
289
}
290
-->
291
</style>
292
 
293
<script type="text/jscript">
294
function openerReturn()
295
{
296
	/*opener.formname.action = "bestellungen_neu.php?update[current]";
297
	opener.formname.submit();*/
298
    opener.location.reload();
299
	self.close();
300
}
301
 
302
function addAttach(obj)
303
{
304
	source=document.getElementById(obj)
305
	clone=source.cloneNode(true);
306
	clone.removeAttribute("id");
307
 
308
	source.parentNode.appendChild(clone);
309
 
310
	/* Seite an Inhalt anpassen */
311
	var hoehe1 	= eval(document.all.Inhalt.offsetHeight);
312
	resizeTo(500,((hoehe1)+(115)));
313
	//document.getElementById('Inhalt').style.height = (eval(document.all.Inhalt.offsetHeight)+(110)) + "px";
314
}
315
 
316
function removeAttach(obj)
317
{
318
	div = obj.parentNode;
319
	td = obj.parentNode.parentNode;
320
	if (!div.id)  {
321
		td.removeChild(div);
322
		<?php
323
        if ( $_SERVER['PHP_AUTH_USER'] == 'admin' )
324
        {
325
?>
326
			/* Seite an Inhalt anpassen */
327
			var hoehe2 	= eval(document.getElementById('Inhalt').style.height);
328
			alert(hoehe2);
329
			resizeTo(500,((hoehe1)-(115)));
330
		<?php
331
        }
332
?>
333
	}
334
 
335
}
336
 
337
function removeDoc(obj)
338
{
339
	obj=document.getElementById(obj)
340
	div = obj.parentNode;
341
	td = obj.parentNode.parentNode;
342
	if (!div.id)  { td.removeChild(div); }
343
}
344
<?php
345
        if ( ( !sizeof( $error ) && $_POST['action'] ) || $unlink )
346
            echo "openerReturn();"
347
?>
348
</script>
349
<body bgcolor="#FFFFFF" leftmargin="20" topmargin="10" marginwidth="20" marginheight="10" text="#000096" id="Inhalt">
350
<form method="post" action="#" name="formname" enctype="multipart/form-data">
351
  <?php
352
            if ( $_GET['action'] == "edit" || empty( $_GET['action'] ) )
353
            {
354
?>
355
  <table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolorlight="#FFFFFF" bordercolordark="#999999">
356
   <?php
357
                for ( $i = 0; $i < $numFields; $i++ )
358
                {
359
?>
360
    <tr>
361
      <td width="13%" valign="top" class="links">Datei</td>
362
      <td class="rechts">
363
      	<div id="fileAttach">
364
          <input type="file" name="file[]" id="file[]">
365
          <input type="button" value=" + " onClick="addAttach('fileAttach')">
366
          <input type="button" value=" - " onClick="removeAttach(this)">
367
        </div>
368
      </td>
369
    </tr>
370
    <?php
371
                }
372
?>
373
    <tr>
374
      <td align="right" colspan="2" class="links">
375
        <table width="100%" border="0" cellspacing="0" cellpadding="0">
376
          <tr>
377
            <td width="13%">&nbsp;</td>
378
            <td width="87%" align="right">
379
              <!-- table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von  -->
380
              <input name="id" type="hidden" id="id" value="<?php echo $zeile['id']
381
?>">
382
              <input name="table_foreign" type="hidden" id="table_foreign" value="<?php echo
383
                $_GET['table_foreign']
384
?>">
385
              <input name="row_foreign" type="hidden" id="row_foreign" value="<?php echo
386
                $_GET['row_foreign']
387
?>">
388
              <input name="data_foreign" type="hidden" id="data_foreign" value="<?php echo
389
                $_GET['data_foreign']
390
?>">
391
              <input type="hidden" name="action" value="update">
392
              <input type="submit" value="OK">
393
              <input type="reset" name="Button" value="Zur&uuml;cksetzen">
394
            </td>
395
          </tr>
396
        </table>
397
      </td>
398
    </tr>
399
  </table>
400
  <?php
401
                echo is_array( $error ) ? nl2br( returnMessage( $error ) ) :
402
                    "";
403
                echo is_array( $msg ) ? nl2br( returnMessage( $msg ) ) : "";
404
            } //_POST['action']
405
    }
406
    else
407
    {
408
        echo "Zugriff verweigert!";
409
    }
410
?>
411
</form>
412
</body>