Blame | Letzte Änderung | Log anzeigen | RSS feed
<?php// dokumente Modul: Ma// Implementation in jedes Modul möglich.error_reporting( E_ALL & ~ E_NOTICE );ini_set( "register_globals", "On" );define( "Range", 100 );define( "modul_name", "Warenwirtschaft" );define( "tool_name", "bestellung" );define( "propertie", "dokument" );// Diese Angaben sind momentan zwingendif ( !$_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign'] ){die( "Fehlende Parameter! Skript kann nicht ausgeführt werden" );}// Modulkonfigurationen// Modconf => Bestellung$moduleTyp['Bestellung'] = array( "table_foreign" => "Bestellung","row_foreign" => "ID", "data_foreign" => "ID" );// Modconf => Artikel$moduleTyp['Artikel'] = array( "table_foreign" => "artikel","row_foreign" => "ID", "data_foreign" => "ID" );require "../Online-Shop/connect2.php";require "includes/splitModProps.function.php";// Global select$sql = "SELECT * FROM dokumente";$result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );// Propertie Daten// $web_rechte_fieldData = explode(";", $web_rechte[modul_name][tool_name][propertie]);$web_rechte_fieldData = splitModProps( $web_rechte );// Upload Verzeichnis (momentan noch statisch)$uploadPath = $webs['verzeichnis'] . "/images/dokumente/";// Upload Felder (Einstellen im CMS: Daten;Daten;Felder:4;)$numFields = !isset( $web_rechte_fieldData['Felder'] ) ? 1 : $web_rechte_fieldData['Felder'];$fileFilter = !isset( $web_rechte_fieldData['Filter'] ) ?"(.jpg|.gif|.png|.pdf|.PDF|.doc|.docx|.rtf)" : "(" . $web_rechte_fieldData['Filter'] .")";// Unreferenzierte Daten löschenif ( array_key_exists( 'unRefDelete', $_REQUEST ) && $_SERVER['PHP_AUTH_USER'] =='admin' ){$del = false;$d = dir( $uploadPath );while ( false !== ( $elem = $d->read() ) ){$elemId = substr( $elem, 0, strpos( $elem, "_" ) );$data_foreign = $elemId;// Global select$sql = "SELECT * FROM dokumente WHERE document = '$elem'";$result = mysql_query( $sql ) or die( mysql_errno() . ": " .mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );if ( mysql_num_rows( $result ) > 0 ){}else{if ( $elem != '..' && $elem != '.' ){$sql = "DELETE FROM dokumente WHERE document = '$elem'";$result = mysql_query( $sql ) or die( mysql_errno() .": " . mysql_error() . "<hr>" . nl2br( $sql ) ."<hr>" );if ( file_exists( $uploadPath . $elem ) ){unlink( $uploadPath . $elem );$del = true;}}//$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");}}$d->close();if ( $del ){die( "Unreferenzierte Daten wurden gelöscht!" );}else{die( "Nichts zu löschen!" );}}// DatenbankFelder// table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von$interneModulRechte = array( 0 => propertie . "_read", 1 => propertie ."_delete", 2 => propertie . "_add" );if ( isset( $user_rechte[modul_name][tool_name][$interneModulRechte[0]] ) ){if ( $_POST['action'] ){$error = array();foreach ( array_keys( $_FILES['file'] ) as $fileId ){foreach ( array_keys( $_FILES['file'][$fileId] ) as $number ){/* Fehler abfangen */switch ( $fileId ){case 'name':if ( !ereg( $fileFilter, $_FILES['file'][$fileId][$number] ) ){$error['name'][$number] ="Fehler im Dateinamen!";}break;case 'type':/*if (!ereg("(image)",$_FILES['file'][$fileId][$number])){$error['type'][$number]="Fehler im Dateityp!";}*/break;case 'tmp_name'://break;case 'error':if ( $_FILES['file'][$fileId][$number] == 1 ){$error['error'][$number] ="Externer Fehler beim upload!";}break;case 'size':if ( $_FILES['file'][$fileId][$number] > 1028000 ){$error['size'][$number] ="Datei zu gross fuer den Upload: > " . $_FILES['file'][$fileId][$number];}break;$i++;}}}// Uploadif ( sizeof( $error[$fileId] ) == 0 ){foreach ( array_keys( $_FILES['file']['name'] ) as $number ){$fname = $_FILES['file']['name'][$number];$fname = str_replace( "ä", "ae", $fname );$fname = str_replace( "ö", "oe", $fname );$fname = str_replace( "ü", "ue", $fname );$fname = str_replace( "ß", "ss", $fname );$fname = str_replace( "Ä", "Ae", $fname );$fname = str_replace( "Ö", "Oe", $fname );$fname = str_replace( "Ü", "Ue", $fname );$file = $_REQUEST['data_foreign'] . "_" . $fname;if ( is_uploaded_file( $_FILES['file']['tmp_name'][$number] ) ){// $_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']// id table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von$sql = "REPLACE INTO dokumente(table_foreign,row_foreign,data_foreign,document,letzte_aenderung_am,letzte_aenderung_von)VALUES('" . $_REQUEST['table_foreign'] . "','" . $_REQUEST['row_foreign'] . "','" . $_REQUEST['data_foreign'] . "','" . $file . "',NOW(),'" . $PHP_AUTH_USER . "')";$result = mysql_query( $sql ) or die( mysql_errno() .": " . mysql_error() . "<hr>" . nl2br( $sql ) ."<hr>" );if ( !$result ){$error[] = $sql;}else{$msg[] = "Der SQL wurde ausgeführt";}if ( move_uploaded_file( $_FILES['file']['tmp_name'][$number],$uploadPath . $file ) ){$msg[$number] = "Datei wurde kopiert nach " . $uploadPath .$file . "<br>";//copy($_FILES['userfile'], $uploadPath);}else{//echo "Mögliche Dateiupload-Attacke: Dateiname '$_FILES[userfile]'.";$msg[$number] = "Dateiupload-Hack: Dateiname " .$uploadPath . $file . "<br>";}}}}}if ( $_REQUEST['action'] == 'unlink' ){$sql = "SELECT * FROM dokumente WHERE id = '" . $_REQUEST['id'] ."'";$result = mysql_query( $sql ) or die( mysql_errno() . ": " .mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );$db = mysql_fetch_assoc( $result );$file = $db['document'];if ( @unlink( $uploadPath . $file ) ){$msg[] = "Datei wurde gelöscht!";}else{$error[] = "Datei wurde nicht gelöscht!";}$sql = "DELETEFROM dokumenteWHEREid = '" . $_REQUEST['id'] . "'";$result = mysql_query( $sql ) or die( mysql_errno() . ": " .mysql_error() . "<hr>" . nl2br( $sql ) . "<hr>" );if ( $result ){$unlink = true;$msg[] = "Datei wurde aus der Datenbank entfernt.";}}?><html><head><title>Content-Management-System - Webagentur Niewerth</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="description" content="Redaktionssystem"><meta name="author" content="Webagentur Niewerth"><meta name="robots" content="noindex"><link rel=stylesheet type="text/css" href="/styles/styles.php"><style type="text/css"><!--/* Anpassung Markus Niewerth *//* Druckbarer Bereich */@media print {#noprint { display:none; }.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:underline}.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:underline}.status_off {color: #000000; text-decoration : none ; }.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:underline}.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:underline}.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:underline}.status_green {color: #000000; background-color: #00FF00; text-decoration:underline}.status_white {color: #000000; background-color: #FFFFFF; text-decoration:underline}}/* Sichtbarer Bereich */@media screen {.lightgray {color: #000000; background-color: #EEEEEE; text-decoration:none}.darkgray {color: #000000; background-color: #CCCCCC; text-decoration:none}.status_off {color: #000000; text-decoration : none ; }.status_red {color: #FFFFFF; background-color: #FF0000; text-decoration:none}.status_yellow {color: #000000; background-color: #FFFF00; text-decoration:none}.status_blue {color: #FFFFFF; background-color: #0000FF; text-decoration:none}.status_green {color: #000000; background-color: #00FF00; text-decoration:none}.status_white {color: #000000; background-color: #FFFFFF; text-decoration:none}}--></style><script type="text/jscript">function openerReturn(){/*opener.formname.action = "bestellungen_neu.php?update[current]";opener.formname.submit();*/opener.location.reload();self.close();}function addAttach(obj){source=document.getElementById(obj)clone=source.cloneNode(true);clone.removeAttribute("id");source.parentNode.appendChild(clone);/* Seite an Inhalt anpassen */var hoehe1 = eval(document.all.Inhalt.offsetHeight);resizeTo(500,((hoehe1)+(115)));//document.getElementById('Inhalt').style.height = (eval(document.all.Inhalt.offsetHeight)+(110)) + "px";}function removeAttach(obj){div = obj.parentNode;td = obj.parentNode.parentNode;if (!div.id) {td.removeChild(div);<?phpif ( $_SERVER['PHP_AUTH_USER'] == 'admin' ){?>/* Seite an Inhalt anpassen */var hoehe2 = eval(document.getElementById('Inhalt').style.height);alert(hoehe2);resizeTo(500,((hoehe1)-(115)));<?php}?>}}function removeDoc(obj){obj=document.getElementById(obj)div = obj.parentNode;td = obj.parentNode.parentNode;if (!div.id) { td.removeChild(div); }}<?phpif ( ( !sizeof( $error ) && $_POST['action'] ) || $unlink )echo "openerReturn();"?></script><body bgcolor="#FFFFFF" leftmargin="20" topmargin="10" marginwidth="20" marginheight="10" text="#000096" id="Inhalt"><form method="post" action="#" name="formname" enctype="multipart/form-data"><?phpif ( $_GET['action'] == "edit" || empty( $_GET['action'] ) ){?><table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolorlight="#FFFFFF" bordercolordark="#999999"><?phpfor ( $i = 0; $i < $numFields; $i++ ){?><tr><td width="13%" valign="top" class="links">Datei</td><td class="rechts"><div id="fileAttach"><input type="file" name="file[]" id="file[]"><input type="button" value=" + " onClick="addAttach('fileAttach')"><input type="button" value=" - " onClick="removeAttach(this)"></div></td></tr><?php}?><tr><td align="right" colspan="2" class="links"><table width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td width="13%"> </td><td width="87%" align="right"><!-- table_foreign row_foreign data_foreign document letzte_aenderung_am letzte_aenderung_von --><input name="id" type="hidden" id="id" value="<?php echo $zeile['id']?>"><input name="table_foreign" type="hidden" id="table_foreign" value="<?php echo$_GET['table_foreign']?>"><input name="row_foreign" type="hidden" id="row_foreign" value="<?php echo$_GET['row_foreign']?>"><input name="data_foreign" type="hidden" id="data_foreign" value="<?php echo$_GET['data_foreign']?>"><input type="hidden" name="action" value="update"><input type="submit" value="OK"><input type="reset" name="Button" value="Zurücksetzen"></td></tr></table></td></tr></table><?phpecho is_array( $error ) ? nl2br( returnMessage( $error ) ) :"";echo is_array( $msg ) ? nl2br( returnMessage( $msg ) ) : "";} //_POST['action']}else{echo "Zugriff verweigert!";}?></form></body>