Blame | Letzte Änderung | Log anzeigen | RSS feed
<?phpif (!$_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']) {die("Fehlende Parameter! Skript kann nicht ausgeführt werden");}// dokumente Modul: Maerror_reporting(E_ALL & ~E_NOTICE);ini_set("register_globals", "On");define ("Range",100);define ("modul_name", "Warenwirtschaft");define ("tool_name", "bestellung");define ("propertie", "dokument");require "../Online-Shop/connect2.php";require "includes/splitModProps.function.php";// Global select$sql = "SELECT * FROM dokumente";$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");// Propertie Daten// $web_rechte_fieldData = explode(";", $web_rechte[modul_name][tool_name][propertie]);$web_rechte_fieldData = splitModProps($web_rechte);// Upload Verzeichnis$uploadPath = $webs['verzeichnis']."/images/dokumente/";// Upload Felder (Einstellen im CMS: Daten;Daten;Felder:4;)$numFields = !isset($web_rechte_fieldData['Felder']) ? 1 : $web_rechte_fieldData['Felder'];$fileFilter = !isset($web_rechte_fieldData['Filter']) ? "(.jpg|.gif|.png)" : $web_rechte_fieldData['Filter'];// DatenbankFelder// table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_vonif (isset($user_rechte[modul_name][tool_name][propertie])){if ($_POST['action']) {$error=array();foreach (array_keys($_FILES['file']) as $fileId){foreach (array_keys($_FILES['file'][$fileId]) AS $number){/* Fehler abfangen */switch($fileId){case 'name':if (!ereg($fileFilter,$_FILES['file'][$fileId][$number])){$error['name'][$number]="Fehler im Dateinamen!";}break;case 'type':/*if (!ereg("(image)",$_FILES['file'][$fileId][$number])){$error['type'][$number]="Fehler im Dateityp!";}*/break;case 'tmp_name'://break;case 'error':if ($_FILES['file'][$fileId][$number]==1){$error['error'][$number]="Externer Fehler beim upload!";}break;case 'size':if ($_FILES['file'][$fileId][$number]>1028000){$error['size'][$number]="Datei zu gross fuer den Upload: > ".$_FILES['file'][$fileId][$number];}break;$i++;}}}// Uploadif(sizeof($error[$fileId])==0){foreach (array_keys($_FILES['file']['name']) AS $number){$file = $_FILES['file']['name'][$number];if (is_uploaded_file($_FILES['file']['tmp_name'][$number])){// $_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']// id table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von$sql ="REPLACE INTO dokumente(table_foreign,row_foreign,data_foreign,document,letzte_aenderung_am,letzte_aenderung_von)VALUES('".$_REQUEST['table_foreign']."','".$_REQUEST['row_foreign']."','".$_REQUEST['data_foreign']."','".$file."',NOW(),'".$PHP_AUTH_USER."')";$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");if (!$result) {$error[] = $sql;} else {$msg[] = "Der SQL wurde ausgeführt";}if (move_uploaded_file($_FILES['file']['tmp_name'][$number], $uploadPath . $file)){$msg[$number] = "Datei wurde kopiert nach ".$uploadPath . $file."<br>";//copy($_FILES['userfile'], $uploadPath);} else {//echo "Mögliche Dateiupload-Attacke: Dateiname '$_FILES[userfile]'.";$msg[$number] = "Dateiupload-Hack: Dateiname ".$uploadPath . $file."<br>";}}}}}if ($_REQUEST['action']=='unlink') {// Global select$sql ="DELETE FROM dokumente WHEREtable_foreign = '".$_REQUEST['table_foreign']."'ANDrow_foreign = '".$_REQUEST['row_foreign']."'ANDdata_foreign = '".$_REQUEST['data_foreign']."'";$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");if ($result) {$unlink=true;$msg[] = "Datei wurde gelöscht";}}?><html><head><title>Content-Management-System - Webagentur Niewerth</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="description" content="Redaktionssystem"><meta name="author" content="Webagentur Niewerth"><meta name="robots" content="noindex"><link rel=stylesheet type="text/css" href="/styles/styles.php"><style type="text/css"><!--/* Anpassung Markus Niewerth *//* Druckbarer Bereich */@media print {#noprint { display:none; }.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:underline}.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:underline}.status_off {color: #000000; text-decoration : none ; }.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:underline}.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:underline}.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:underline}.status_green {color: #000000; background-color: #00FF00; text-decoration:underline}.status_white {color: #000000; background-color: #FFFFFF; text-decoration:underline}}/* Sichtbarer Bereich */@media screen {.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:none}.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:none}.status_off {color: #000000; text-decoration : none ; }.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:none}.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:none}.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:none}.status_green {color: #000000; background-color: #00FF00; text-decoration:none}.status_white {color: #000000; background-color: #FFFFFF; text-decoration:none}}--></style><script>function openerReturn(){opener.formname.action = "bestellungen.php?update[current]";opener.formname.submit();self.close();}<?phpif((!sizeof($error) && $_POST['action']) || $unlink)echo "openerReturn();"?></script><body bgcolor="#FFFFFF" leftmargin="20" topmargin="10" marginwidth="20" marginheight="10" text="#000096"><form method="post" action="#" name="formname" enctype="multipart/form-data"><?phpif ($_GET['action']=="edit" || empty($_GET['action'])){?><table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolorlight="#FFFFFF" bordercolordark="#999999"><?phpfor($i=0;$i<$numFields;$i++) {?><tr><td width="13%" valign="top" class="links">Datei</td><td class="rechts"><input type="file" name="file[]" id="file[]"></td></tr><?php}?><tr><td align="right" colspan="2" class="links"><table width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td width="13%" class="links"> </td><td width="87%" align="right" class="rechts"><!-- table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von --><input name="id" type="hidden" id="id" value="<?php echo $zeile['id'] ?>"><input name="table_foreign" type="hidden" id="table_foreign" value="<?php echo $_GET['table_foreign'] ?>"><input name="row_foreign" type="hidden" id="row_foreign" value="<?php echo $_GET['row_foreign'] ?>"><input name="data_foreign" type="hidden" id="data_foreign" value="<?php echo $_GET['data_foreign'] ?>"><input type="hidden" name="action" value="update"><input type="submit" value="OK"><input type="reset" name="Button" value="Zurücksetzen"></td></tr></table></td></tr></table><?phpecho is_array($error) ? nl2br(returnMessage($error)) : "";echo is_array($msg) ? nl2br(returnMessage($msg)) : "";}//_POST['action']}else{echo "Zugriff verweigert!";}?></form></body>