WebSVN – lars-tiefland.content-management – Blame – /trunk/projekte/dokumente.php

Revision	Autor	Zeilennr.	Zeile
1	lars	1	`<?php`
		2	`/**`
		3	`* @author Markus Niewerth <markus@weban.de> (ausgeschieden)`
		4	`* @author Lars Tiefland <tiefland@weban.de> (Anpassungen fuer dieses Subpackage)`
		5	`* @copyright 2008 Webagentur Niewerth`
		6	`* @package Content-management`
		7	`* @subpackage Projekttool`
		8	`* @version $Rev: 437 $`
		9	`* @license propietary`
		10	`* @filesource`
		11	`*`
		12	`*/`
		13
		14	`/**`
		15	`*`
		16	`* @author Markus Niewerth <markus@weban.de> (ausgeschieden)`
		17	`* @author Lars Tiefland <tiefland@weban.de> (Anpassungen fuer dieses Subpackage)`
		18	`* @copyright 2008 Webagentur Niewerth`
		19	`*/`
		20
		21	`// dokumente Modul: Ma`
		22	`// Implementation in jedes Modul möglich.`
		23	`error_reporting( E_ALL & ~ E_NOTICE );`
		24	`ini_set( "register_globals", "On" );`
		25
		26	`// Diese Angaben sind momentan zwingend`
		27	`if ( !$_REQUEST['table_foreign'] \|\| !$_REQUEST['row_foreign'] \|\| !$_REQUEST['data_foreign'] )`
		28	`{`
		29	`die( "Fehlende Parameter! Skript kann nicht ausgeführt werden" );`
		30	`}`
		31
		32	`// Modulkonfigurationen`
		33	`// Modconf => Bestellung`
		34	`$moduleTyp['Bestellung'] = array( "table_foreign" => "Bestellung",`
		35	`"row_foreign" => "ID", "data_foreign" => "ID" );`
		36	`// Modconf => Artikel`
		37	`$moduleTyp['Artikel'] = array( "table_foreign" => "artikel", "row_foreign" =>`
		38	`"ID", "data_foreign" => "ID" );`
		39
		40	`$moduleTyp["Projekt"] = array( "table_foreign" => "projekt", "row_foreign" =>`
		41	`"p_id", "data_foreign" => "p_id", );`
		42	`require_once "includes/common.php";`
		43	`require_once "../dokumente/includes/splitModProps.function.php";`
		44
		45
		46	`// Global select`
		47	`$sql = "SELECT * FROM dokumente";`
		48	`$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .`
		49	`"<hr>" . nl2br($sql) . "<hr>" );`
		50
		51	`// Propertie Daten`
		52	`// $web_rechte_fieldData = explode(";", $web_rechte[modul_name][tool_name][propertie]);`
		53	`$web_rechte_fieldData = splitModProps( $web_rechte );`
		54
		55	`// Upload Verzeichnis (momentan noch statisch)`
		56	`$uploadPath = $webs['verzeichnis'] . "/images/dokumente/";`
		57	`// Upload Felder (Einstellen im CMS: Daten;Daten;Felder:4;)`
		58	`$numFields = !isset( $web_rechte_fieldData['Felder'] ) ? 1 : $web_rechte_fieldData['Felder'];`
		59	`$fileFilter = !isset( $web_rechte_fieldData['Filter'] ) ?`
		60	`"(.jpg\|.gif\|.png\|.pdf\|.doc\|.docx\|.rtf\|.txt\|.sql)" : "(" . $web_rechte_fieldData['Filter'] .`
		61	`")";`
		62
		63	`// Unreferenzierte Daten löschen`
		64	`if ( array_key_exists('unRefDelete', $_REQUEST) && $_SERVER['PHP_AUTH_USER'] ==`
		65	`'admin' )`
		66	`{`
		67	`$del = false;`
		68	`$d = dir( $uploadPath );`
		69	`while ( false !== ($elem = $d->read()) )`
		70	`{`
		71	`$elemId = substr( $elem, 0, strpos($elem, "_") );`
		72	`$data_foreign = $elemId;`
		73	`// Global select`
		74	`$sql = "SELECT * FROM dokumente WHERE document = '$elem'";`
		75	`$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .`
		76	`"<hr>" . nl2br($sql) . "<hr>" );`
		77	`if ( mysql_num_rows($result) > 0 )`
		78	`{`
		79	`}`
		80	`else`
		81	`{`
		82	`if ( $elem != '..' && $elem != '.' )`
		83	`{`
		84	`$sql = "DELETE FROM dokumente WHERE document = '$elem'";`
		85	`$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .`
		86	`"<hr>" . nl2br($sql) . "<hr>" );`
		87	`if ( file_exists($uploadPath . $elem) )`
		88	`{`
		89	`unlink( $uploadPath . $elem );`
		90	`$del = true;`
		91	`}`
		92	`}`
		93	`//$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");`
		94	`}`
		95	`}`
		96
		97	`$d->close();`
		98	`if ( $del )`
		99	`die( "Unreferenzierte Daten wurden gelöscht!" );`
		100	`else`
		101	`die( "Nichts zu löschen!" );`
		102	`}`
		103	`// DatenbankFelder`
		104	`// table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von`
		105
		106	`$interneModulRechte = array( 0 => propertie . "_read", 1 => propertie .`
		107	`"_delete", 2 => propertie . "_add" );`
		108
		109	`if ( isset($user_rechte[modul_name][tool_name][$interneModulRechte[0]]) )`
		110	`{`
		111	`if ( $_POST['action'] )`
		112	`{`
		113	`$error = array();`
		114	`if ( !$_POST["mode"] )`
		115	`{`
		116
		117	`foreach ( array_keys($_FILES['file']) as $fileId )`
		118	`{`
		119	`foreach ( array_keys($_FILES['file'][$fileId]) as $number )`
		120	`{`
		121	`/* Fehler abfangen */`
		122	`switch ( $fileId )`
		123	`{`
		124	`case 'name':`
		125	`if ( !ereg($fileFilter, $_FILES['file'][$fileId][$number]) )`
		126	`{`
		127	`$error['name'][$number] = "Fehler im Dateinamen!";`
		128	`}`
		129	`break;`
		130	`case 'type':`
		131	`/*`
		132	`if (!ereg("(image)",$_FILES['file'][$fileId][$number])){`
		133	`$error['type'][$number]="Fehler im Dateityp!";`
		134	`}`
		135	`*/`
		136	`break;`
		137	`case 'tmp_name':`
		138	`//`
		139	`break;`
		140	`case 'error':`
		141	`if ( $_FILES['file'][$fileId][$number] == 1 )`
		142	`{`
		143	`$error['error'][$number] = "Externer Fehler beim upload!";`
		144	`}`
		145	`break;`
		146	`case 'size':`
		147	`if ( $_FILES['file'][$fileId][$number] > 1028000 )`
		148	`{`
		149	`$error['size'][$number] = "Datei zu gross fuer den Upload: > " . $_FILES['file'][$fileId][$number];`
		150	`}`
		151	`break;`
		152	`$i++;`
		153	`}`
		154	`}`
		155	`}`
		156	`// Upload`
		157	`if ( sizeof($error[$fileId]) == 0 )`
		158	`{`
		159	`foreach ( array_keys($_FILES['file']['name']) as $number )`
		160	`{`
		161	`$file = $_POST['data_foreign'] . "_" . $_FILES['file']['name'][$number];`
		162	`$status = $_REQUEST["status"][$number];`
		163	`$archiv = ( isset($_POST["archiv"][$number]) ) ? ( bool )$_POST["archiv"][$number] : false;`
		164	`if ( is_uploaded_file($_FILES['file']['tmp_name'][$number]) )`
		165	`{`
		166	`// $_REQUEST['table_foreign'] \|\| !$_REQUEST['row_foreign'] \|\| !$_REQUEST['data_foreign']`
		167	`// id table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von`
		168	`$sql = "`
		169	`REPLACE INTO dokumente`
		170	`(`
		171	`table_foreign,`
		172	`row_foreign,`
		173	`data_foreign,`
		174	`document,`
		175	`status,`
		176	`archiv,`
		177	`letzte_aenderung_am,`
		178	`letzte_aenderung_von`
		179	`)`
		180	`VALUES`
		181	`(`
		182	`'" . $_POST['table_foreign'] . "',`
		183	`'" . $_POST['row_foreign'] . "',`
		184	`'" . $_POST['data_foreign'] . "',`
		185	`'" . $file . "',`
		186	`'" . $status . "',`
		187	`'" . $archiv . "',`
		188	`NOW(),`
		189	`'" . $PHP_AUTH_USER . "'`
		190	`)`
		191	`";`
		192	`$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .`
		193	`"<hr>" . nl2br($sql) . "<hr>" );`
		194
		195	`if ( !$result )`
		196	`{`
		197	`$error[] = $sql;`
		198	`}`
		199	`else`
		200	`{`
		201	`//$msg[] = "Der SQL wurde ausgeführt";`
		202	`}`
		203
		204	`if ( move_uploaded_file($_FILES['file']['tmp_name'][$number], $uploadPath .`
		205	`$file) )`
		206	`{`
		207	`$msg[$number] = "Datei wurde kopiert nach " . $uploadPath . $file . "<br>";`
		208
		209	`//copy($_FILES['userfile'], $uploadPath);`
		210	`}`
		211	`else`
		212	`{`
		213	`//echo "Mögliche Dateiupload-Attacke: Dateiname '$_FILES[userfile]'.";`
		214	`$msg[$number] = "Dateiupload-Hack: Dateiname " . $uploadPath . $file .`
		215	`"<br>";`
		216	`}`
		217	`}`
		218	`}`
		219	`}`
		220	`}`
		221	`else`
		222	`{`
		223	`foreach ( $_POST["file"] as $number => $file )`
		224	`{`
		225	`$status = $_POST["status"][$number];`
		226	`$archiv = ( isset($_POST["archiv"][$number]) ) ? ( bool )$_POST["archiv"][$number] : false;`
		227	`$sql = "`
		228	`REPLACE INTO dokumente`
		229	`(`
		230	`table_foreign,`
		231	`row_foreign,`
		232	`data_foreign,`
		233	`document,`
		234	`status,`
		235	`archiv,`
		236	`letzte_aenderung_am,`
		237	`letzte_aenderung_von`
		238	`)`
		239	`VALUES`
		240	`(`
		241	`'" . $_POST['table_foreign'] . "',`
		242	`'" . $_POST['row_foreign'] . "',`
		243	`'" . $_POST['data_foreign'] . "',`
		244	`'" . $file . "',`
		245	`'" . $status . "',`
		246	`'" . $archiv . "',`
		247	`NOW(),`
		248	`'" . $PHP_AUTH_USER . "'`
		249	`)`
		250	`";`
		251	`$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .`
		252	`"<hr>" . nl2br($sql) . "<hr>" );`
		253
		254	`if ( !$result )`
		255	`{`
		256	`$error[] = $sql;`
		257	`}`
		258	`else`
		259	`{`
		260	`//$msg[] = "Der SQL wurde ausgeführt";`
		261	`}`
		262	`}`
		263	`}`
		264	`}`
		265
		266	`if ( $_REQUEST['action'] == 'unlink' )`
		267	`{`
		268
		269	`$sql = "SELECT * FROM dokumente WHERE id = '" . $_REQUEST['id'] . "'";`
		270	`$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .`
		271	`"<hr>" . nl2br($sql) . "<hr>" );`
		272	`$db = mysql_fetch_assoc( $result );`
		273	`$file = $db['document'];`
		274
		275	`if ( @unlink($uploadPath . $file) )`
		276	`{`
		277	`$msg[] = "Datei wurde gelöscht!";`
		278	`}`
		279	`else`
		280	`{`
		281	`$error[] = "Datei wurde nicht gelöscht!";`
		282	`}`
		283
		284	`$sql = "`
		285
		286	`DELETE`
		287	`FROM dokumente`
		288	`WHERE`
		289	`id = '" . $_REQUEST['id'] . "'`
		290	`";`
		291
		292	`$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .`
		293	`"<hr>" . nl2br($sql) . "<hr>" );`
		294
		295	`if ( $result )`
		296	`{`
		297	`$unlink = true;`
		298	`$msg[] = "Datei wurde aus der Datenbank entfernt.";`
		299	`}`
		300	`}`
		301	`?>`
		302
		303	`<html>`
		304	`<head>`
		305	`<title>Content-Management-System - Webagentur Niewerth</title>`
		306	`<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">`
		307	`<meta name="description" content="Redaktionssystem">`
		308	`<meta name="author" content="Webagentur Niewerth">`
		309	`<meta name="robots" content="noindex">`
		310
		311	`<link rel=stylesheet type="text/css" href="/styles/styles.php">`
		312	`<style type="text/css">`
		313	`<!--`
		314	`/* Anpassung Markus Niewerth */`
		315	`/* Druckbarer Bereich */`
		316	`@media print {`
		317	`#noprint { display:none; }`
		318	`.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:underline}`
		319	`.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:underline}`
		320	`.status_off {color: #000000; text-decoration : none ; }`
		321	`.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:underline}`
		322	`.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:underline}`
		323	`.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:underline}`
		324	`.status_green {color: #000000; background-color: #00FF00; text-decoration:underline}`
		325	`.status_white {color: #000000; background-color: #FFFFFF; text-decoration:underline}`
		326	`}`
		327
		328	`/* Sichtbarer Bereich */`
		329	`@media screen {`
		330	`.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:none}`
		331	`.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:none}`
		332	`.status_off {color: #000000; text-decoration : none ; }`
		333	`.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:none}`
		334	`.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:none}`
		335	`.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:none}`
		336	`.status_green {color: #000000; background-color: #00FF00; text-decoration:none}`
		337	`.status_white {color: #000000; background-color: #FFFFFF; text-decoration:none}`
		338	`}`
		339	`-->`
		340	`</style>`
		341
		342	`<script type="text/jscript">`
		343	`function openerReturn(p_id)`
		344	`{`
		345	`opener.projekt.p_id.value=p_id;`
		346	`opener.projekt.id.value=p_id;`
		347	`opener.projekt.action.value="edit";`
		348	`opener.projekt.submit();`
		349	`self.close();`
		350	`}`
		351
		352	`function addAttach(obj)`
		353	`{`
		354	`/* Seite an Inhalt anpassen */`
		355	`var hoehe1 = eval(document.all.Inhalt.offsetHeight);`
		356	`hoehe1=hoehe1+120;`
		357	`resizeTo(650, hoehe1);`
		358	`//document.getElementById('Inhalt').style.height = (eval(document.all.Inhalt.offsetHeight)+(110)) + "px";`
		359	`source=document.getElementById(obj)`
		360	`clone=source.cloneNode(true);`
		361	`clone.removeAttribute("id");`
		362
		363	`source.parentNode.appendChild(clone);`
		364
		365	`}`
		366
		367	`function removeAttach(obj)`
		368	`{`
		369	`div = obj.parentNode;`
		370	`td = obj.parentNode.parentNode;`
		371	`if (!div.id) {`
		372	`<?php`
		373	`if ( $_SERVER['PHP_AUTH_USER'] == 'admin' )`
		374	`{`
		375	`?>`
		376	`/* Seite an Inhalt anpassen */`
		377	`var hoehe2 = eval(document.all.Inhalt.offsetHeight);`
		378	`resizeTo(650,hoehe2);`
		379	`<?php`
		380	`}`
		381	`?>`
		382	`td.removeChild(div);`
		383	`}`
		384
		385	`}`
		386
		387	`function removeDoc(obj)`
		388	`{`
		389	`obj=document.getElementById(obj)`
		390	`div = obj.parentNode;`
		391	`td = obj.parentNode.parentNode;`
		392	`if (!div.id) { td.removeChild(div); }`
		393	`}`
		394	`<?php`
		395	`if ( (!sizeof($error) && $_POST['action']) \|\| $unlink )`
		396	`echo "openerReturn(" . $_REQUEST['data_foreign'] . ");"`
		397	`?>`
		398	`</script>`
		399	`<body bgcolor="#FFFFFF" leftmargin="20" topmargin="10" marginwidth="20" marginheight="10" text="#000096" id="Inhalt">`
		400	`<form method="post" action="#" name="formname" enctype="multipart/form-data" >`
		401	`<?php`
		402	`if ( $_GET['action'] == "edit" \|\| empty($_GET['action']) )`
		403	`{`
		404	`?>`
		405	`<table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolorlight="#FFFFFF" bordercolordark="#999999">`
		406	`<?php`
		407	`for ( $i = 0; $i < $numFields; $i++ )`
		408	`{`
		409	`?>`
		410	`<tr>`
		411	`<td width="13%" valign="top" class="links">Datei</td>`
		412	`<td class="rechts">`
		413	`<div id="fileAttach">`
		414	`<?`
		415	`if ( !$_GET["mode"] )`
		416	`{`
		417	`?>`
		418	`<input type="file" name="file[]" id="file[]">`
		419	`<select name="status[]">`
		420	`<option value="intern">intern</option>`
		421	`<option value="extern">extern</option>`
		422	`<option value="beides">beides</option>`
		423	`</select>`
		424	`Archiv? <input type="checkbox" name="archiv[]" value="true">`
		425	`<?php`
		426	`}`
		427	`else`
		428	`{`
		429	`?>`
		430	`<select name="file[]" id="file[]">`
		431	`<?php`
		432	`$sql = "`
		433	`SELECT`
		434	`distinct(document) AS document`
		435	`FROM`
		436	`dokumente`
		437	`WHERE`
		438	`archiv=1`
		439	`";`
		440	`$res = mysql_query( $sql );`
		441	`while ( $row = mysql_fetch_assoc($res) )`
		442	`{`
		443	`?>`
		444	`<option><?= $row["document"]; ?></option>`
		445	`<?`
		446	`}`
		447	`?>`
		448	`</select>`
		449	`<select name="status[]">`
		450	`<option value="intern">intern</option>`
		451	`<option value="extern">extern</option>`
		452	`<option value="beides">beides</option>`
		453	`</select>`
		454	`<input type="hidden" name="archiv[]" value="true">`
		455	`<?php`
		456	`}`
		457	`?>`
		458	`<input type="button" value=" + " onClick="addAttach('fileAttach')">`
		459	`<input type="button" value=" - " onClick="removeAttach(this)">`
		460	`</div>`
		461	`</td>`
		462	`</tr>`
		463	`<?php`
		464	`}`
		465	`?>`
		466	`<tr>`
		467	`<td align="right" colspan="2" class="links">`
		468	`<table width="100%" border="0" cellspacing="0" cellpadding="0">`
		469	`<tr>`
		470	`<td width="13%"> </td>`
		471	`<td width="87%" align="right">`
		472	`<input type="hidden" name="mode" value="<?= $_GET["mode"]; ?>">`
		473	`<!-- table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von -->`
		474	`<input name="id" type="hidden" id="id" value="<?php echo $zeile['id'] ?>">`
		475	`<input name="table_foreign" type="hidden" id="table_foreign" value="<?php echo`
		476	`$_GET['table_foreign'] ?>">`
		477	`<input name="row_foreign" type="hidden" id="row_foreign" value="<?php echo`
		478	`$_GET['row_foreign'] ?>">`
		479	`<input name="data_foreign" type="hidden" id="data_foreign" value="<?php echo`
		480	`$_GET['data_foreign'] ?>">`
		481	`<input type="hidden" name="action" value="update">`
		482	`<input type="submit" value="OK">`
		483	`<input type="reset" name="Button" value="Zurücksetzen">`
		484	`</td>`
		485	`</tr>`
		486	`</table>`
		487	`</td>`
		488	`</tr>`
		489	`</table>`
		490	`<?php`
		491	`echo is_array( $error ) ? nl2br( returnMessage($error) ) : "";`
		492	`echo is_array( $msg ) ? nl2br( returnMessage($msg) ) : "";`
		493	`} //_POST['action']`
		494	`}`
		495	`else`
		496	`{`
		497	`echo "Zugriff verweigert!";`
		498	`}`
		499	`?>`
		500	`</form>`
		501	`</body>`

Subversion-Projekte lars-tiefland.content-management

(root)/trunk/projekte/dokumente.php – Revision 1