| 1 |
lars |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
//Dateianhang:;Bestellung;ID;ID;Felder:1
|
|
|
4 |
if (!$_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']) {
|
|
|
5 |
die("Fehlende Parameter! Skript kann nicht ausgeführt werden");
|
|
|
6 |
}
|
|
|
7 |
|
|
|
8 |
// dokumente Modul: Ma
|
|
|
9 |
error_reporting(E_ALL & ~E_NOTICE);
|
|
|
10 |
ini_set("register_globals", "On");
|
|
|
11 |
|
|
|
12 |
|
|
|
13 |
define ("Range",100);
|
|
|
14 |
define ("modul_name", "Warenwirtschaft");
|
|
|
15 |
define ("tool_name", "bestellung");
|
|
|
16 |
define ("propertie", "dokument");
|
|
|
17 |
|
|
|
18 |
// Iconverzeichnis
|
|
|
19 |
define ("gfxdir", "gfx/");
|
|
|
20 |
|
|
|
21 |
require "../Online-Shop/connect2.php";
|
|
|
22 |
require "includes/splitModProps.function.php";
|
|
|
23 |
|
|
|
24 |
|
|
|
25 |
// Global select
|
|
|
26 |
$sql = "SELECT * FROM dokumente";
|
|
|
27 |
$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
|
|
|
28 |
|
|
|
29 |
// Propertie Daten
|
|
|
30 |
// $web_rechte_fieldData = explode(";", $web_rechte[modul_name][tool_name][propertie]);
|
|
|
31 |
$web_rechte_fieldData = splitModProps($web_rechte);
|
|
|
32 |
|
|
|
33 |
// Upload Verzeichnis
|
|
|
34 |
$uploadPath = $webs['verzeichnis']."/images/dokumente/";
|
|
|
35 |
|
|
|
36 |
// Upload Felder (Einstellen im CMS: Daten;Daten;Felder:4;)
|
|
|
37 |
$numFields = !isset($web_rechte_fieldData['Felder']) ? 1 : $web_rechte_fieldData['Felder'];
|
|
|
38 |
$fileFilter = !isset($web_rechte_fieldData['Filter']) ? "(.jpg|.gif|.png)" : $web_rechte_fieldData['Filter'];
|
|
|
39 |
|
|
|
40 |
pre($web_rechte_fieldData);
|
|
|
41 |
|
|
|
42 |
$permissions = array
|
|
|
43 |
(
|
|
|
44 |
"dokumente_read",
|
|
|
45 |
"dokumente_delete",
|
|
|
46 |
"dokumente_add"
|
|
|
47 |
);
|
|
|
48 |
|
|
|
49 |
// Modulkonfigurationen
|
|
|
50 |
// Modconf => Bestellung
|
|
|
51 |
$moduleTyp['Bestellung'] = array
|
|
|
52 |
(
|
|
|
53 |
"table_foreign" => "Bestellung",
|
|
|
54 |
"row_foreign" => "ID",
|
|
|
55 |
"data_foreign" => "ID"
|
|
|
56 |
);
|
|
|
57 |
// Modconf => Artikel
|
|
|
58 |
$moduleTyp['Bestellung'] = array
|
|
|
59 |
(
|
|
|
60 |
"table_foreign" => "artikel",
|
|
|
61 |
"row_foreign" => "ID",
|
|
|
62 |
"data_foreign" => "ID"
|
|
|
63 |
);
|
|
|
64 |
|
|
|
65 |
|
|
|
66 |
// DatenbankFelder
|
|
|
67 |
// table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von
|
|
|
68 |
|
|
|
69 |
if (isset($user_rechte[modul_name][tool_name][propertie]))
|
|
|
70 |
{
|
|
|
71 |
if ($_POST['action']) {
|
|
|
72 |
$error=array();
|
|
|
73 |
foreach (array_keys($_FILES['file']) as $fileId)
|
|
|
74 |
{
|
|
|
75 |
foreach (array_keys($_FILES['file'][$fileId]) AS $number)
|
|
|
76 |
{
|
|
|
77 |
/* Fehler abfangen */
|
|
|
78 |
switch($fileId)
|
|
|
79 |
{
|
|
|
80 |
case 'name':
|
|
|
81 |
if (!ereg($fileFilter,$_FILES['file'][$fileId][$number])){
|
|
|
82 |
$error['name'][$number]="Fehler im Dateinamen!";
|
|
|
83 |
}
|
|
|
84 |
$fTmpName = $fName[$fileId][$number];
|
|
|
85 |
$fName[$fileId][$number] = $_FILES['file'][$fileId][$number];
|
|
|
86 |
$fType[$fileId][$number] = substr($fTmpName,strrpos($fTmpName,".")-1,strlen($fTmpName));
|
|
|
87 |
|
|
|
88 |
$fTmpIcon = gfxdir.$fType[$fileId][$number].".gif";
|
|
|
89 |
$fIcon[$fileId][$number] = file_exists($fTmpIcon) ? $fTmpIcon : gfxdir."default.gif";
|
|
|
90 |
|
|
|
91 |
break;
|
|
|
92 |
case 'type':
|
|
|
93 |
/*
|
|
|
94 |
if (!ereg("(image)",$_FILES['file'][$fileId][$number])){
|
|
|
95 |
$error['type'][$number]="Fehler im Dateityp!";
|
|
|
96 |
}
|
|
|
97 |
*/
|
|
|
98 |
break;
|
|
|
99 |
case 'tmp_name':
|
|
|
100 |
//
|
|
|
101 |
break;
|
|
|
102 |
case 'error':
|
|
|
103 |
if ($_FILES['file'][$fileId][$number]==1){
|
|
|
104 |
$error['error'][$number]="Externer Fehler beim upload!";
|
|
|
105 |
}
|
|
|
106 |
break;
|
|
|
107 |
case 'size':
|
|
|
108 |
if ($_FILES['file'][$fileId][$number]>1028000){
|
|
|
109 |
$error['size'][$number]="Datei zu gross fuer den Upload: > ".$_FILES['file'][$fileId][$number];
|
|
|
110 |
}
|
|
|
111 |
break;
|
|
|
112 |
$i++;
|
|
|
113 |
}
|
|
|
114 |
}
|
|
|
115 |
}
|
|
|
116 |
// Upload
|
|
|
117 |
if(sizeof($error[$fileId])==0)
|
|
|
118 |
{
|
|
|
119 |
foreach (array_keys($_FILES['file']['name']) AS $number)
|
|
|
120 |
{
|
|
|
121 |
$file = $_FILES['file']['name'][$number];
|
|
|
122 |
if (is_uploaded_file($_FILES['file']['tmp_name'][$number]))
|
|
|
123 |
{
|
|
|
124 |
// $_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']
|
|
|
125 |
// id table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von
|
|
|
126 |
$sql =
|
|
|
127 |
"
|
|
|
128 |
REPLACE INTO dokumente
|
|
|
129 |
(
|
|
|
130 |
table_foreign,
|
|
|
131 |
row_foreign,
|
|
|
132 |
data_foreign,
|
|
|
133 |
document,
|
|
|
134 |
letzte_aenderung_am,
|
|
|
135 |
letzte_aenderung_von
|
|
|
136 |
)
|
|
|
137 |
VALUES
|
|
|
138 |
(
|
|
|
139 |
'".$_REQUEST['table_foreign']."',
|
|
|
140 |
'".$_REQUEST['row_foreign']."',
|
|
|
141 |
'".$_REQUEST['data_foreign']."',
|
|
|
142 |
'".$file."',
|
|
|
143 |
NOW(),
|
|
|
144 |
'".$PHP_AUTH_USER."'
|
|
|
145 |
)
|
|
|
146 |
";
|
|
|
147 |
$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
|
|
|
148 |
|
|
|
149 |
if (!$result) {
|
|
|
150 |
$error[] = $sql;
|
|
|
151 |
} else {
|
|
|
152 |
$msg[] = "Der SQL wurde ausgeführt";
|
|
|
153 |
}
|
|
|
154 |
|
|
|
155 |
if (move_uploaded_file($_FILES['file']['tmp_name'][$number], $uploadPath . $file))
|
|
|
156 |
{
|
|
|
157 |
$msg[$number] = "Datei wurde kopiert nach ".$uploadPath . $file."<br>";
|
|
|
158 |
|
|
|
159 |
//copy($_FILES['userfile'], $uploadPath);
|
|
|
160 |
} else {
|
|
|
161 |
//echo "Mögliche Dateiupload-Attacke: Dateiname '$_FILES[userfile]'.";
|
|
|
162 |
$msg[$number] = "Dateiupload-Hack: Dateiname ".$uploadPath . $file."<br>";
|
|
|
163 |
}
|
|
|
164 |
}
|
|
|
165 |
}
|
|
|
166 |
}
|
|
|
167 |
}
|
|
|
168 |
|
|
|
169 |
if ($_REQUEST['action']=='unlink') {
|
|
|
170 |
// Global select
|
|
|
171 |
$sql =
|
|
|
172 |
"
|
|
|
173 |
|
|
|
174 |
DELETE FROM dokumente WHERE
|
|
|
175 |
table_foreign = '".$_REQUEST['table_foreign']."'
|
|
|
176 |
AND
|
|
|
177 |
row_foreign = '".$_REQUEST['row_foreign']."'
|
|
|
178 |
AND
|
|
|
179 |
data_foreign = '".$_REQUEST['data_foreign']."'
|
|
|
180 |
|
|
|
181 |
";
|
|
|
182 |
|
|
|
183 |
$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
|
|
|
184 |
|
|
|
185 |
if ($result) {
|
|
|
186 |
$unlink=true;
|
|
|
187 |
$msg[] = "Datei wurde gelöscht";
|
|
|
188 |
}
|
|
|
189 |
}
|
|
|
190 |
?>
|
|
|
191 |
|
|
|
192 |
<html>
|
|
|
193 |
<head>
|
|
|
194 |
<title>Content-Management-System - Webagentur Niewerth</title>
|
|
|
195 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|
|
|
196 |
<meta name="description" content="Redaktionssystem">
|
|
|
197 |
<meta name="author" content="Webagentur Niewerth">
|
|
|
198 |
<meta name="robots" content="noindex">
|
|
|
199 |
|
|
|
200 |
<link rel=stylesheet type="text/css" href="/styles/styles.php">
|
|
|
201 |
<style type="text/css">
|
|
|
202 |
<!--
|
|
|
203 |
/* Anpassung Markus Niewerth */
|
|
|
204 |
/* Druckbarer Bereich */
|
|
|
205 |
@media print {
|
|
|
206 |
#noprint { display:none; }
|
|
|
207 |
.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:underline}
|
|
|
208 |
.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:underline}
|
|
|
209 |
.status_off {color: #000000; text-decoration : none ; }
|
|
|
210 |
.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:underline}
|
|
|
211 |
.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:underline}
|
|
|
212 |
.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:underline}
|
|
|
213 |
.status_green {color: #000000; background-color: #00FF00; text-decoration:underline}
|
|
|
214 |
.status_white {color: #000000; background-color: #FFFFFF; text-decoration:underline}
|
|
|
215 |
}
|
|
|
216 |
|
|
|
217 |
/* Sichtbarer Bereich */
|
|
|
218 |
@media screen {
|
|
|
219 |
.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:none}
|
|
|
220 |
.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:none}
|
|
|
221 |
.status_off {color: #000000; text-decoration : none ; }
|
|
|
222 |
.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:none}
|
|
|
223 |
.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:none}
|
|
|
224 |
.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:none}
|
|
|
225 |
.status_green {color: #000000; background-color: #00FF00; text-decoration:none}
|
|
|
226 |
.status_white {color: #000000; background-color: #FFFFFF; text-decoration:none}
|
|
|
227 |
}
|
|
|
228 |
-->
|
|
|
229 |
</style>
|
|
|
230 |
|
|
|
231 |
<script>
|
|
|
232 |
function openerReturn()
|
|
|
233 |
{
|
|
|
234 |
opener.formname.action = "bestellungen.php?update[current]";
|
|
|
235 |
opener.formname.submit();
|
|
|
236 |
self.close();
|
|
|
237 |
}
|
|
|
238 |
<?php
|
|
|
239 |
if((!sizeof($error) && $_POST['action']) || $unlink)
|
|
|
240 |
echo "openerReturn();"
|
|
|
241 |
?>
|
|
|
242 |
</script>
|
|
|
243 |
<body bgcolor="#FFFFFF" leftmargin="20" topmargin="10" marginwidth="20" marginheight="10" text="#000096">
|
|
|
244 |
<form method="post" action="#" name="formname" enctype="multipart/form-data">
|
|
|
245 |
<?php
|
|
|
246 |
if ($_GET['action']=="edit" || empty($_GET['action']))
|
|
|
247 |
{
|
|
|
248 |
?>
|
|
|
249 |
<table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolorlight="#FFFFFF" bordercolordark="#999999">
|
|
|
250 |
<?php
|
|
|
251 |
for($i=0;$i<$numFields;$i++) {
|
|
|
252 |
?>
|
|
|
253 |
<tr>
|
|
|
254 |
<td width="13%" valign="top" class="links">Datei</td>
|
|
|
255 |
<td class="rechts">
|
|
|
256 |
<input type="file" name="file[]" id="file[]">
|
|
|
257 |
</td>
|
|
|
258 |
</tr>
|
|
|
259 |
<?php
|
|
|
260 |
}
|
|
|
261 |
?>
|
|
|
262 |
<tr>
|
|
|
263 |
<td align="right" colspan="2" class="links">
|
|
|
264 |
<table width="100%" border="0" cellspacing="0" cellpadding="0">
|
|
|
265 |
<tr class="links">
|
|
|
266 |
<td width="13%"> </td>
|
|
|
267 |
<td width="87%" align="right">
|
|
|
268 |
<!-- table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von -->
|
|
|
269 |
<input name="id" type="hidden" id="id" value="<?php echo $zeile['id'] ?>">
|
|
|
270 |
<input name="table_foreign" type="hidden" id="table_foreign" value="<?php echo $_GET['table_foreign'] ?>">
|
|
|
271 |
<input name="row_foreign" type="hidden" id="row_foreign" value="<?php echo $_GET['row_foreign'] ?>">
|
|
|
272 |
<input name="data_foreign" type="hidden" id="data_foreign" value="<?php echo $_GET['data_foreign'] ?>">
|
|
|
273 |
<input type="hidden" name="action" value="update">
|
|
|
274 |
<input type="submit" value="OK">
|
|
|
275 |
<input type="reset" name="Button" value="Zurücksetzen">
|
|
|
276 |
</td>
|
|
|
277 |
</tr>
|
|
|
278 |
</table>
|
|
|
279 |
</td>
|
|
|
280 |
</tr>
|
|
|
281 |
</table>
|
|
|
282 |
<?php
|
|
|
283 |
echo is_array($error) ? nl2br(returnMessage($error)) : "";
|
|
|
284 |
echo is_array($msg) ? nl2br(returnMessage($msg)) : "";
|
|
|
285 |
}//_POST['action']
|
|
|
286 |
}else{
|
|
|
287 |
echo "Zugriff verweigert!";
|
|
|
288 |
}
|
|
|
289 |
?>
|
|
|
290 |
</form>
|
|
|
291 |
</body>
|