Subversion-Projekte lars-tiefland.content-management

Revision

Details | Letzte Änderung | Log anzeigen | RSS feed

Revision Autor Zeilennr. Zeile
1 lars 1
<?php
2
 
3
//Dateianhang:;Bestellung;ID;ID;Felder:1
4
if (!$_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']) {
5
	die("Fehlende Parameter! Skript kann nicht ausgeführt werden");
6
}
7
 
8
// dokumente Modul: Ma
9
error_reporting(E_ALL & ~E_NOTICE);
10
ini_set("register_globals", "On");
11
 
12
 
13
define ("Range",100);
14
define ("modul_name", 	"Warenwirtschaft");
15
define ("tool_name", 	"bestellung");
16
define ("propertie", 	"dokument");
17
 
18
// Iconverzeichnis
19
define ("gfxdir", 		"gfx/");
20
 
21
require "../Online-Shop/connect2.php";
22
require "includes/splitModProps.function.php";
23
 
24
 
25
// Global select
26
$sql 	= "SELECT * FROM dokumente";
27
$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
28
 
29
// Propertie Daten
30
// $web_rechte_fieldData = explode(";", $web_rechte[modul_name][tool_name][propertie]);
31
$web_rechte_fieldData = splitModProps($web_rechte);
32
 
33
// Upload Verzeichnis
34
$uploadPath = $webs['verzeichnis']."/images/dokumente/";
35
 
36
// Upload Felder (Einstellen im CMS: Daten;Daten;Felder:4;)
37
$numFields  	= !isset($web_rechte_fieldData['Felder']) ? 1 : $web_rechte_fieldData['Felder'];
38
$fileFilter  	= !isset($web_rechte_fieldData['Filter']) ? "(.jpg|.gif|.png)" : $web_rechte_fieldData['Filter'];
39
 
40
pre($web_rechte_fieldData);
41
 
42
$permissions = array
43
(
44
	"dokumente_read",
45
	"dokumente_delete",
46
	"dokumente_add"
47
);
48
 
49
// Modulkonfigurationen
50
// Modconf => Bestellung
51
$moduleTyp['Bestellung'] = array
52
(
53
	"table_foreign" => 	"Bestellung",
54
	"row_foreign" 	=> 	"ID",
55
	"data_foreign" 	=> 	"ID"
56
);
57
// Modconf => Artikel
58
$moduleTyp['Bestellung'] = array
59
(
60
	"table_foreign" => 	"artikel",
61
	"row_foreign" 	=> 	"ID",
62
	"data_foreign" 	=> 	"ID"
63
);
64
 
65
 
66
// DatenbankFelder
67
// table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von
68
 
69
if (isset($user_rechte[modul_name][tool_name][propertie]))
70
{
71
	if ($_POST['action']) {
72
		$error=array();
73
		foreach (array_keys($_FILES['file']) as $fileId)
74
		{
75
			foreach (array_keys($_FILES['file'][$fileId]) AS $number)
76
			{
77
				/* Fehler abfangen */
78
				switch($fileId)
79
				{
80
					case 'name':
81
						if (!ereg($fileFilter,$_FILES['file'][$fileId][$number])){
82
							$error['name'][$number]="Fehler im Dateinamen!";
83
						}
84
						$fTmpName = $fName[$fileId][$number];
85
						$fName[$fileId][$number] = $_FILES['file'][$fileId][$number];
86
						$fType[$fileId][$number] = substr($fTmpName,strrpos($fTmpName,".")-1,strlen($fTmpName));
87
 
88
						$fTmpIcon = gfxdir.$fType[$fileId][$number].".gif";
89
						$fIcon[$fileId][$number] = file_exists($fTmpIcon) ? $fTmpIcon : gfxdir."default.gif";
90
 
91
					break;
92
					case 'type':
93
					/*
94
						if (!ereg("(image)",$_FILES['file'][$fileId][$number])){
95
							$error['type'][$number]="Fehler im Dateityp!";
96
						}
97
					*/
98
					break;
99
					case 'tmp_name':
100
						//
101
					break;
102
					case 'error':
103
						if ($_FILES['file'][$fileId][$number]==1){
104
							$error['error'][$number]="Externer Fehler beim upload!";
105
						}
106
					break;
107
					case 'size':
108
						if ($_FILES['file'][$fileId][$number]>1028000){
109
							$error['size'][$number]="Datei zu gross fuer den Upload: > ".$_FILES['file'][$fileId][$number];
110
						}
111
					break;
112
					$i++;
113
				}
114
			}
115
		}
116
		// Upload
117
		if(sizeof($error[$fileId])==0)
118
		{
119
			foreach (array_keys($_FILES['file']['name']) AS $number)
120
			{
121
				$file = $_FILES['file']['name'][$number];
122
				if (is_uploaded_file($_FILES['file']['tmp_name'][$number]))
123
				{
124
					// $_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']
125
					// id  table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von
126
					$sql =
127
					"
128
							REPLACE INTO dokumente
129
							(
130
								table_foreign,
131
								row_foreign,
132
								data_foreign,
133
								document,
134
								letzte_aenderung_am,
135
								letzte_aenderung_von
136
							)
137
								VALUES
138
							(
139
								'".$_REQUEST['table_foreign']."',
140
								'".$_REQUEST['row_foreign']."',
141
								'".$_REQUEST['data_foreign']."',
142
								'".$file."',
143
								NOW(),
144
								'".$PHP_AUTH_USER."'
145
							)
146
					";
147
					$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
148
 
149
					if (!$result) {
150
						$error[] = $sql;
151
					} else {
152
						$msg[] = "Der SQL wurde ausgef&uuml;hrt";
153
					}
154
 
155
					if (move_uploaded_file($_FILES['file']['tmp_name'][$number], $uploadPath . $file))
156
					{
157
						$msg[$number] = "Datei wurde kopiert nach ".$uploadPath . $file."<br>";
158
 
159
						//copy($_FILES['userfile'], $uploadPath);
160
					} else {
161
						//echo "Mögliche Dateiupload-Attacke: Dateiname '$_FILES[userfile]'.";
162
						$msg[$number] = "Dateiupload-Hack: Dateiname ".$uploadPath . $file."<br>";
163
					}
164
				}
165
			}
166
		}
167
	}
168
 
169
	if ($_REQUEST['action']=='unlink') {
170
		// Global select
171
		$sql =
172
		"
173
 
174
		DELETE FROM dokumente WHERE
175
			table_foreign = '".$_REQUEST['table_foreign']."'
176
		AND
177
			row_foreign = '".$_REQUEST['row_foreign']."'
178
		AND
179
			data_foreign = '".$_REQUEST['data_foreign']."'
180
 
181
		";
182
 
183
		$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
184
 
185
		if ($result) {
186
			$unlink=true;
187
			$msg[] = "Datei wurde gel&ouml;scht";
188
		}
189
	}
190
?>
191
 
192
<html>
193
<head>
194
<title>Content-Management-System - Webagentur Niewerth</title>
195
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
196
<meta name="description" content="Redaktionssystem">
197
<meta name="author" content="Webagentur Niewerth">
198
<meta name="robots" content="noindex">
199
 
200
<link rel=stylesheet type="text/css" href="/styles/styles.php">
201
<style type="text/css">
202
<!--
203
/* Anpassung Markus Niewerth */
204
/* Druckbarer Bereich */
205
@media print {
206
    #noprint 			{ display:none; }
207
	.lightgray        	{color: #000000; background-color: #EEEEEE; text-decoration:underline}
208
	.darkgray        	{color: #000000; background-color: #CCCCCC; text-decoration:underline}
209
	.status_off        	{color: #000000; text-decoration : none   ;						     }
210
	.status_red        	{color: #FFFFFF; background-color: #FF0000; text-decoration:underline}
211
	.status_yellow    	{color: #000000; background-color: #FFFF00; text-decoration:underline}
212
	.status_blue    	{color: #FFFFFF; background-color: #0000FF; text-decoration:underline}
213
	.status_green    	{color: #000000; background-color: #00FF00; text-decoration:underline}
214
	.status_white    	{color: #000000; background-color: #FFFFFF; text-decoration:underline}
215
}
216
 
217
/* Sichtbarer Bereich */
218
@media screen {
219
	.lightgray        	{color: #000000; background-color: #EEEEEE; text-decoration:none}
220
	.darkgray        	{color: #000000; background-color: #CCCCCC; text-decoration:none}
221
	.status_off        	{color: #000000; text-decoration : none	;						}
222
	.status_red        	{color: #FFFFFF; background-color: #FF0000; text-decoration:none}
223
	.status_yellow    	{color: #000000; background-color: #FFFF00; text-decoration:none}
224
	.status_blue    	{color: #FFFFFF; background-color: #0000FF; text-decoration:none}
225
	.status_green    	{color: #000000; background-color: #00FF00; text-decoration:none}
226
	.status_white    	{color: #000000; background-color: #FFFFFF; text-decoration:none}
227
}
228
-->
229
</style>
230
 
231
<script>
232
function openerReturn()
233
{
234
	opener.formname.action = "bestellungen.php?update[current]";
235
	opener.formname.submit();
236
	self.close();
237
}
238
<?php
239
if((!sizeof($error) && $_POST['action']) || $unlink)
240
	echo "openerReturn();"
241
?>
242
</script>
243
<body bgcolor="#FFFFFF" leftmargin="20" topmargin="10" marginwidth="20" marginheight="10" text="#000096">
244
<form method="post" action="#" name="formname" enctype="multipart/form-data">
245
  <?php
246
		if ($_GET['action']=="edit" || empty($_GET['action']))
247
		{
248
   ?>
249
  <table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolorlight="#FFFFFF" bordercolordark="#999999">
250
   <?php
251
   	for($i=0;$i<$numFields;$i++) {
252
   ?>
253
    <tr>
254
      <td width="13%" valign="top" class="links">Datei</td>
255
      <td class="rechts">
256
        <input type="file" name="file[]" id="file[]">
257
      </td>
258
    </tr>
259
    <?php
260
		}
261
	?>
262
    <tr>
263
      <td align="right" colspan="2" class="links">
264
        <table width="100%" border="0" cellspacing="0" cellpadding="0">
265
          <tr  class="links">
266
            <td width="13%">&nbsp;</td>
267
            <td width="87%" align="right">
268
              <!-- table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von  -->
269
              <input name="id" type="hidden" id="id" value="<?php echo $zeile['id'] ?>">
270
              <input name="table_foreign" type="hidden" id="table_foreign" value="<?php echo $_GET['table_foreign'] ?>">
271
              <input name="row_foreign" type="hidden" id="row_foreign" value="<?php echo $_GET['row_foreign'] ?>">
272
              <input name="data_foreign" type="hidden" id="data_foreign" value="<?php echo $_GET['data_foreign'] ?>">
273
              <input type="hidden" name="action" value="update">
274
              <input type="submit" value="OK">
275
              <input type="reset" name="Button" value="Zur&uuml;cksetzen">
276
            </td>
277
          </tr>
278
        </table>
279
      </td>
280
    </tr>
281
  </table>
282
  <?php
283
       echo is_array($error) 	? nl2br(returnMessage($error)) 	: 	"";
284
       echo is_array($msg) 		? nl2br(returnMessage($msg)) 	: 	"";
285
	}//_POST['action']
286
}else{
287
	echo "Zugriff verweigert!";
288
}
289
?>
290
</form>
291
</body>