WebSVN – lars-tiefland.content-management – /trunk/projekte/dokumente.php

<?php
    /**
     * @author Markus Niewerth <markus@weban.de> (ausgeschieden)
     * @author Lars Tiefland <tiefland@weban.de> (Anpassungen fuer dieses Subpackage)
     * @copyright 2008 Webagentur Niewerth
     * @package Content-management
     * @subpackage Projekttool
     * @version $Rev: 437 $
     * @license propietary
     * @filesource
     * 
     */

    /**
     * 
     * @author Markus Niewerth <markus@weban.de> (ausgeschieden)
     * @author Lars Tiefland <tiefland@weban.de> (Anpassungen fuer dieses Subpackage)
     * @copyright 2008 Webagentur Niewerth
     */

    // dokumente Modul: Ma
    // Implementation in jedes Modul möglich.
    error_reporting( E_ALL & ~ E_NOTICE );
    ini_set( "register_globals", "On" );

    // Diese Angaben sind momentan zwingend
    if ( !$_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign'] )
    {
        die( "Fehlende Parameter! Skript kann nicht ausgeführt werden" );
    }

    // Modulkonfigurationen
    // Modconf => Bestellung
    $moduleTyp['Bestellung'] = array( "table_foreign" => "Bestellung",
        "row_foreign" => "ID", "data_foreign" => "ID" );
    // Modconf => Artikel
    $moduleTyp['Artikel'] = array( "table_foreign" => "artikel", "row_foreign" =>
        "ID", "data_foreign" => "ID" );

    $moduleTyp["Projekt"] = array( "table_foreign" => "projekt", "row_foreign" =>
        "p_id", "data_foreign" => "p_id", );
    require_once "includes/common.php";
    require_once "../dokumente/includes/splitModProps.function.php";


    // Global select
    $sql = "SELECT * FROM dokumente";
    $result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .
        "<hr>" . nl2br($sql) . "<hr>" );

    // Propertie Daten
    // $web_rechte_fieldData = explode(";", $web_rechte[modul_name][tool_name][propertie]);
    $web_rechte_fieldData = splitModProps( $web_rechte );

    // Upload Verzeichnis (momentan noch statisch)
    $uploadPath = $webs['verzeichnis'] . "/images/dokumente/";
    // Upload Felder (Einstellen im CMS: Daten;Daten;Felder:4;)
    $numFields = !isset( $web_rechte_fieldData['Felder'] ) ? 1 : $web_rechte_fieldData['Felder'];
    $fileFilter = !isset( $web_rechte_fieldData['Filter'] ) ?
        "(.jpg|.gif|.png|.pdf|.doc|.docx|.rtf|.txt|.sql)" : "(" . $web_rechte_fieldData['Filter'] .
        ")";

    // Unreferenzierte Daten löschen
    if ( array_key_exists('unRefDelete', $_REQUEST) && $_SERVER['PHP_AUTH_USER'] ==
        'admin' )
    {
        $del = false;
        $d = dir( $uploadPath );
        while ( false !== ($elem = $d->read()) )
        {
            $elemId = substr( $elem, 0, strpos($elem, "_") );
            $data_foreign = $elemId;
            // Global select
            $sql = "SELECT * FROM dokumente WHERE document = '$elem'";
            $result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .
                "<hr>" . nl2br($sql) . "<hr>" );
            if ( mysql_num_rows($result) > 0 )
            {
            }
            else
            {
                if ( $elem != '..' && $elem != '.' )
                {
                    $sql = "DELETE FROM dokumente WHERE document = '$elem'";
                    $result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .
                        "<hr>" . nl2br($sql) . "<hr>" );
                    if ( file_exists($uploadPath . $elem) )
                    {
                        unlink( $uploadPath . $elem );
                        $del = true;
                    }
                }
                //$result = mysql_query ($sql) or die (mysql_errno().": ".mysql_error()."<hr>".nl2br($sql)."<hr>");
            }
        }

        $d->close();
        if ( $del )
            die( "Unreferenzierte Daten wurden gel&ouml;scht!" );
        else
            die( "Nichts zu l&ouml;schen!" );
    }
    // DatenbankFelder
    // table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von

    $interneModulRechte = array( 0 => propertie . "_read", 1 => propertie .
        "_delete", 2 => propertie . "_add" );

    if ( isset($user_rechte[modul_name][tool_name][$interneModulRechte[0]]) )
    {
        if ( $_POST['action'] )
        {
            $error = array();
            if ( !$_POST["mode"] )
            {

                foreach ( array_keys($_FILES['file']) as $fileId )
                {
                    foreach ( array_keys($_FILES['file'][$fileId]) as $number )
                    {
                        /* Fehler abfangen */
                        switch ( $fileId )
                        {
                            case 'name':
                                if ( !ereg($fileFilter, $_FILES['file'][$fileId][$number]) )
                                {
                                    $error['name'][$number] = "Fehler im Dateinamen!";
                                }
                                break;
                            case 'type':
                                /*
                                if (!ereg("(image)",$_FILES['file'][$fileId][$number])){
                                $error['type'][$number]="Fehler im Dateityp!";
                                }
                                */
                                break;
                            case 'tmp_name':
                                //
                                break;
                            case 'error':
                                if ( $_FILES['file'][$fileId][$number] == 1 )
                                {
                                    $error['error'][$number] = "Externer Fehler beim upload!";
                                }
                                break;
                            case 'size':
                                if ( $_FILES['file'][$fileId][$number] > 1028000 )
                                {
                                    $error['size'][$number] = "Datei zu gross fuer den Upload: > " . $_FILES['file'][$fileId][$number];
                                }
                                break;
                                $i++;
                        }
                    }
                }
                // Upload
                if ( sizeof($error[$fileId]) == 0 )
                {
                    foreach ( array_keys($_FILES['file']['name']) as $number )
                    {
                        $file = $_POST['data_foreign'] . "_" . $_FILES['file']['name'][$number];
                        $status = $_REQUEST["status"][$number];
                        $archiv = ( isset($_POST["archiv"][$number]) ) ? ( bool )$_POST["archiv"][$number] : false;
                        if ( is_uploaded_file($_FILES['file']['tmp_name'][$number]) )
                        {
                            // $_REQUEST['table_foreign'] || !$_REQUEST['row_foreign'] || !$_REQUEST['data_foreign']
                            // id  table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von
                            $sql = "
                                                        REPLACE INTO dokumente 
                                                        (
                                                                table_foreign, 
                                                                row_foreign,  
                                                                data_foreign, 
                                                                document,
                                                                status,
                                                                archiv,
                                                                letzte_aenderung_am,  
                                                                letzte_aenderung_von  
                                                        ) 
                                                                VALUES 
                                                        (
                                                                '" . $_POST['table_foreign'] . "',
                                                                '" . $_POST['row_foreign'] . "',
                                                                '" . $_POST['data_foreign'] . "',
                                                                '" . $file . "',
                                                                '" . $status . "',
                                                                '" . $archiv . "',
                                                                NOW(),
                                                                '" . $PHP_AUTH_USER . "'
                                                        )
                                        ";
                            $result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .
                                "<hr>" . nl2br($sql) . "<hr>" );

                            if ( !$result )
                            {
                                $error[] = $sql;
                            }
                            else
                            {
                                //$msg[] = "Der SQL wurde ausgef&uuml;hrt";
                            }

                            if ( move_uploaded_file($_FILES['file']['tmp_name'][$number], $uploadPath .
                                $file) )
                            {
                                $msg[$number] = "Datei wurde kopiert nach " . $uploadPath . $file . "<br>";

                                //copy($_FILES['userfile'], $uploadPath);
                            }
                            else
                            {
                                //echo "Mögliche Dateiupload-Attacke: Dateiname '$_FILES[userfile]'.";
                                $msg[$number] = "Dateiupload-Hack: Dateiname " . $uploadPath . $file .
                                    "<br>";
                            }
                        }
                    }
                }
            }
            else
            {
                foreach ( $_POST["file"] as $number => $file )
                {
                    $status = $_POST["status"][$number];
                    $archiv = ( isset($_POST["archiv"][$number]) ) ? ( bool )$_POST["archiv"][$number] : false;
                    $sql = "
                                                        REPLACE INTO dokumente 
                                                        (
                                                                table_foreign, 
                                                                row_foreign,  
                                                                data_foreign, 
                                                                document,
                                                                status,
                                                                archiv,
                                                                letzte_aenderung_am,  
                                                                letzte_aenderung_von  
                                                        ) 
                                                                VALUES 
                                                        (
                                                                '" . $_POST['table_foreign'] . "',
                                                                '" . $_POST['row_foreign'] . "',
                                                                '" . $_POST['data_foreign'] . "',
                                                                '" . $file . "',
                                                                '" . $status . "',
                                                                '" . $archiv . "',
                                                                NOW(),
                                                                '" . $PHP_AUTH_USER . "'
                                                        )
                                        ";
                    $result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .
                        "<hr>" . nl2br($sql) . "<hr>" );

                    if ( !$result )
                    {
                        $error[] = $sql;
                    }
                    else
                    {
                        //$msg[] = "Der SQL wurde ausgef&uuml;hrt";
                    }
                }
            }
        }

        if ( $_REQUEST['action'] == 'unlink' )
        {

            $sql = "SELECT * FROM dokumente WHERE id = '" . $_REQUEST['id'] . "'";
            $result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .
                "<hr>" . nl2br($sql) . "<hr>" );
            $db = mysql_fetch_assoc( $result );
            $file = $db['document'];

            if ( @unlink($uploadPath . $file) )
            {
                $msg[] = "Datei wurde gel&ouml;scht!";
            }
            else
            {
                $error[] = "Datei wurde nicht gel&ouml;scht!";
            }

            $sql = "
                
                DELETE 
                        FROM dokumente 
                WHERE   
                        id = '" . $_REQUEST['id'] . "'
                ";

            $result = mysql_query( $sql ) or die( mysql_errno() . ": " . mysql_error() .
                "<hr>" . nl2br($sql) . "<hr>" );

            if ( $result )
            {
                $unlink = true;
                $msg[] = "Datei wurde aus der Datenbank entfernt.";
            }
        }
?>

<html>
<head>
<title>Content-Management-System - Webagentur Niewerth</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="description" content="Redaktionssystem">
<meta name="author" content="Webagentur Niewerth">
<meta name="robots" content="noindex">

<link rel=stylesheet type="text/css" href="/styles/styles.php">
<style type="text/css">
<!--
/* Anpassung Markus Niewerth */
/* Druckbarer Bereich */
@media print {
    #noprint                    { display:none; }
        .lightgray              {color: #000000; background-color: #EEEEEE; text-decoration:underline}
        .darkgray               {color: #000000; background-color: #CCCCCC; text-decoration:underline}
        .status_off             {color: #000000; text-decoration : none   ;                                                  }
        .status_red             {color: #FFFFFF; background-color: #FF0000; text-decoration:underline}
        .status_yellow          {color: #000000; background-color: #FFFF00; text-decoration:underline}
        .status_blue            {color: #FFFFFF; background-color: #0000FF; text-decoration:underline}
        .status_green           {color: #000000; background-color: #00FF00; text-decoration:underline}
        .status_white           {color: #000000; background-color: #FFFFFF; text-decoration:underline}
}

/* Sichtbarer Bereich */
@media screen {
        .lightgray              {color: #000000; background-color: #EEEEEE; text-decoration:none}
        .darkgray               {color: #000000; background-color: #CCCCCC; text-decoration:none}
        .status_off             {color: #000000; text-decoration : none ;                                               }
        .status_red             {color: #FFFFFF; background-color: #FF0000; text-decoration:none}
        .status_yellow          {color: #000000; background-color: #FFFF00; text-decoration:none}
        .status_blue            {color: #FFFFFF; background-color: #0000FF; text-decoration:none}
        .status_green           {color: #000000; background-color: #00FF00; text-decoration:none}
        .status_white           {color: #000000; background-color: #FFFFFF; text-decoration:none}
}
-->
</style>

<script type="text/jscript">
function openerReturn(p_id)
{
    opener.projekt.p_id.value=p_id;
    opener.projekt.id.value=p_id;
    opener.projekt.action.value="edit";
    opener.projekt.submit();
        self.close();
}

function addAttach(obj)
{
        /* Seite an Inhalt anpassen */
        var hoehe1      = eval(document.all.Inhalt.offsetHeight);
        hoehe1=hoehe1+120;
        resizeTo(650, hoehe1); 
        //document.getElementById('Inhalt').style.height = (eval(document.all.Inhalt.offsetHeight)+(110)) + "px";
        source=document.getElementById(obj)
        clone=source.cloneNode(true);
        clone.removeAttribute("id");
        
        source.parentNode.appendChild(clone);
        
}

function removeAttach(obj)
{
        div = obj.parentNode;
        td = obj.parentNode.parentNode;
        if (!div.id)  { 
                <?php
        if ( $_SERVER['PHP_AUTH_USER'] == 'admin' )
        {
?>
                        /* Seite an Inhalt anpassen */
                        var hoehe2      = eval(document.all.Inhalt.offsetHeight);
                        resizeTo(650,hoehe2);
                <?php
        }
?> 
                td.removeChild(div); 
        }
        
}

function removeDoc(obj)
{
        obj=document.getElementById(obj)
        div = obj.parentNode;
        td = obj.parentNode.parentNode;
        if (!div.id)  { td.removeChild(div); }
}
<?php
        if ( (!sizeof($error) && $_POST['action']) || $unlink )
            echo "openerReturn(" . $_REQUEST['data_foreign'] . ");"
?>
</script>
<body bgcolor="#FFFFFF" leftmargin="20" topmargin="10" marginwidth="20" marginheight="10" text="#000096" id="Inhalt">
<form method="post" action="#" name="formname" enctype="multipart/form-data" >
  <?php
            if ( $_GET['action'] == "edit" || empty($_GET['action']) )
            {
?>
  <table width="100%" border="1" cellspacing="0" cellpadding="3" bordercolorlight="#FFFFFF" bordercolordark="#999999">
   <?php
                for ( $i = 0; $i < $numFields; $i++ )
                {
?>
    <tr>
      <td width="13%" valign="top" class="links">Datei</td>
      <td class="rechts">
        <div id="fileAttach">
        <?
                    if ( !$_GET["mode"] )
                    {
?>
          <input type="file" name="file[]" id="file[]">
          <select name="status[]">
             <option value="intern">intern</option>
             <option value="extern">extern</option>
             <option value="beides">beides</option>
          </select>
          Archiv? <input type="checkbox" name="archiv[]" value="true">
<?php
                    }
                    else
                    {
?>
          <select name="file[]" id="file[]">
<?php
                        $sql = "
                            SELECT
                                distinct(document) AS document
                            FROM
                                dokumente
                            WHERE
                                archiv=1        
                        ";
                        $res = mysql_query( $sql );
                        while ( $row = mysql_fetch_assoc($res) )
                        {
?>
                            <option><?= $row["document"]; ?></option>
                        <?
                        }
?>
          </select>
          <select name="status[]">
             <option value="intern">intern</option>
             <option value="extern">extern</option>
             <option value="beides">beides</option>
          </select>
          <input type="hidden" name="archiv[]" value="true">
<?php
                    }
?>
          <input type="button" value=" + " onClick="addAttach('fileAttach')">
          <input type="button" value=" - " onClick="removeAttach(this)">
        </div>
      </td>
    </tr>
    <?php
                }
?>
    <tr>
      <td align="right" colspan="2" class="links">
        <table width="100%" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td width="13%">&nbsp;</td>
            <td width="87%" align="right">
              <input type="hidden" name="mode" value="<?= $_GET["mode"]; ?>">
              <!-- table_foreign  row_foreign  data_foreign  document  letzte_aenderung_am  letzte_aenderung_von  -->
              <input name="id" type="hidden" id="id" value="<?php echo $zeile['id'] ?>">
              <input name="table_foreign" type="hidden" id="table_foreign" value="<?php echo
                $_GET['table_foreign'] ?>">
              <input name="row_foreign" type="hidden" id="row_foreign" value="<?php echo
                    $_GET['row_foreign'] ?>">
              <input name="data_foreign" type="hidden" id="data_foreign" value="<?php echo
                    $_GET['data_foreign'] ?>">
              <input type="hidden" name="action" value="update">
              <input type="submit" value="OK">
              <input type="reset" name="Button" value="Zur&uuml;cksetzen">
            </td>
          </tr>
        </table>
      </td>
    </tr>
  </table>
  <?php
                echo is_array( $error ) ? nl2br( returnMessage($error) ) : "";
                echo is_array( $msg ) ? nl2br( returnMessage($msg) ) : "";
            } //_POST['action']
    }
    else
    {
        echo "Zugriff verweigert!";
    }
?>
</form>
</body>
Subversion-Projekte lars-tiefland.content-management

(root)/trunk/projekte/dokumente.php – Revision 1
