diff --git a/Dept_Perms_class.php b/Dept_Perms_class.php
index 7400a4d4..c440931a 100644
--- a/Dept_Perms_class.php
+++ b/Dept_Perms_class.php
@@ -2,7 +2,7 @@
/*
Dept_Perms_class.php - Dept_Perms is designed to handle permission settings of each department.
Copyright (C) 2002-2004 Stephen Lawrence, Khoa Nguyen
-Copyright (C) 2005-2010 Stephen Lawrence Jr.
+Copyright (C) 2005-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
@@ -79,9 +79,18 @@ function loadData_UserPerm($right)
{
//$s1 = getmicrotime();
$fileid_array = array();
- $query = "SELECT {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DEPT_PERMS.fid FROM {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DATA, {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DEPT_PERMS
- WHERE {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DEPT_PERMS.rights >= $right AND {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DEPT_PERMS.dept_id=$this->id
- AND {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DATA.id={$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DEPT_PERMS.fid AND {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DATA.publishable=1";
+ $query = "SELECT deptperms.fid
+ FROM
+ {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DATA as data,
+ {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DEPT_PERMS as deptperms
+ WHERE
+ deptperms.rights >= $right
+ AND
+ deptperms.dept_id=$this->id
+ AND
+ data.id=deptperms.fid
+ AND
+ data.publishable=1";
$result = mysql_query($query, $this->connection) or die("Error in querying: $query" .mysql_error());
//$fileid_array[$index][0] ==> fid
//$fileid_array[$index][1] ==> owner
diff --git a/FileData_class.php b/FileData_class.php
index 2849429c..ab99ae50 100644
--- a/FileData_class.php
+++ b/FileData_class.php
@@ -55,7 +55,7 @@ class FileData extends databaseData
var $write_users;
var $admin_users;
var $filesize;
- var $isLocked;
+ var $isLocked;
function FileData($id, $connection, $database)
{
diff --git a/FileTypes_class.php b/FileTypes_class.php
new file mode 100644
index 00000000..529e2b55
--- /dev/null
+++ b/FileTypes_class.php
@@ -0,0 +1,129 @@
+$value)
+ {
+ //print_r($data['types']);exit;
+ $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}filetypes SET active='1' WHERE id='$value'";
+ //echo $query;exit;
+ $result = mysql_query($query) or die ('Failed to save filetypes: ' . mysql_error());
+ }
+ return TRUE;
+ }
+
+ /*
+ * Load active file types to an array
+ * return array
+ */
+ function load()
+ {
+ $GLOBALS['CONFIG']['allowedFileTypes'] = array();
+ $sql = "SELECT type FROM {$GLOBALS['CONFIG']['db_prefix']}filetypes WHERE active='1'";
+ $result = mysql_query($sql) or die ('Getting filetypes failed: ' . mysql_error());
+ while(list($value) = mysql_fetch_row($result))
+ {
+ array_push($GLOBALS['CONFIG']['allowedFileTypes'], $value);
+ }
+
+ }
+
+ /*
+ * Show the file types edit form
+ */
+ function edit()
+ {
+ $filetypes_arr = array();
+ $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}filetypes";
+ $result = mysql_query($query) or die('Failed to edit filetypes: ' . mysql_error());
+ while($row = mysql_fetch_array($result, MYSQL_ASSOC))
+ {
+ $filetypes_arr[] = $row;
+ }
+
+ $GLOBALS['smarty']->assign('filetypes_array',$filetypes_arr);
+ display_smarty_template('filetypes.tpl');
+ }
+
+ /*
+ * Show the form in order to Delete a filetype
+ */
+ function deleteSelect()
+ {
+ $filetypes_arr = array();
+ $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}filetypes";
+ $result = mysql_query($query) or die('Failed to select filetypes list: ' . mysql_error());
+ while($row = mysql_fetch_array($result, MYSQL_ASSOC))
+ {
+ $filetypes_arr[] = $row;
+ }
+
+ $GLOBALS['smarty']->assign('filetypes_array',$filetypes_arr);
+ display_smarty_template('filetypes_deleteshow.tpl');
+ }
+
+ function delete($data)
+ {
+ foreach($data['types'] as $id)
+ {
+ $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}filetypes WHERE id={$id}";
+ $result = mysql_query($query) or die('Failed to delete filetype: ' . mysql_error());
+ }
+ return TRUE;
+ }
+ }
+}
diff --git a/Settings_class.php b/Settings_class.php
new file mode 100644
index 00000000..4d4b8f3d
--- /dev/null
+++ b/Settings_class.php
@@ -0,0 +1,150 @@
+$value)
+ {
+ $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}settings SET value='$value' WHERE name='$key'";
+ //echo $query . " ";
+ $result = mysql_query($query) or die ('Failed to save settings: ' . mysql_error());
+ }
+ return TRUE;
+ }
+ /*
+ * Load settings to an array
+ * return array
+ */
+ function load()
+ {
+ $sql = "SELECT name,value FROM {$GLOBALS['CONFIG']['db_prefix']}settings";
+ $result = mysql_query($sql) or die ('Getting settings failed: ' . mysql_error());
+ while(list($key, $value) = mysql_fetch_row($result))
+ {
+ $GLOBALS['CONFIG'][$key] = $value;
+ }
+
+ }
+
+ /*
+ * Show the settings edit form
+ */
+ function edit()
+ {
+ $settings_arr = array();
+ $query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}settings";
+ $result = mysql_query($query) or die('Failed to edit settings: ' . mysql_error());
+ while($row = mysql_fetch_array($result, MYSQL_ASSOC))
+ {
+ $settings_arr[] = $row;
+ }
+
+ $GLOBALS['smarty']->assign('themes', $this->getThemes());
+ $GLOBALS['smarty']->assign('languages', $this->getLanguages());
+ $GLOBALS['smarty']->assign('usernames', $this->getUserNames());
+ $GLOBALS['smarty']->assign('settings_array',$settings_arr);
+ display_smarty_template('settings.tpl');
+ }
+ /*
+ * Validate a specific setting based on its validation type
+ * @param string $key The name of the setting to be tested
+ * @param string $value The value of the setting to be tested
+ */
+ function validate($data,$value)
+ {
+ // NOT IMPLEMENTED
+ }
+ /*
+ * This function will return an array of the possible theme names found in the /templates folder
+ * for use in the settings form
+ */
+ function getThemes()
+ {
+ $themes = $this->getFolders( ABSPATH . 'templates');
+ return $themes;
+ }
+
+ function getLanguages()
+ {
+ $languages = $this->getFolders( ABSPATH . 'includes/language');
+ return str_replace('.php','',$languages);
+ }
+
+ function getFolders($path = '.')
+ {
+ $file_list=array();
+ if ($handle = opendir($path))
+ {
+ while (false !== ($file = readdir($handle)))
+ {
+ if ($file != "." && $file != ".." && $file != ".svn" && $file != 'README' && $file != 'sync.sh')
+ {
+ array_push($file_list, $file);
+ }
+ }
+ closedir($handle);
+ }
+ return $file_list;
+ }
+
+ /*
+ * Return an array of user names
+ */
+ function getUserNames()
+ {
+ $query = "SELECT username from {$GLOBALS['CONFIG']['db_prefix']}user";
+ $result = mysql_query($query) or die('Failed to read user names for settings: ' . mysql_error());
+ $usernames_arr = array();
+ while($row = mysql_fetch_array($result))
+ {
+ array_push($usernames_arr,$row);
+ }
+ return $usernames_arr;
+ }
+
+ }
+}
diff --git a/UserPermission_class.php b/UserPermission_class.php
index 85c8a835..7461e45b 100644
--- a/UserPermission_class.php
+++ b/UserPermission_class.php
@@ -2,7 +2,7 @@
/*
UserPermission_class.php - relates users to files
Copyright (C) 2002-2004 Stephen Lawrence Jr., Khoa Nguyen
-Copyright (C) 2005-2010 Stephen Lawrence Jr.
+Copyright (C) 2005-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
@@ -55,21 +55,11 @@ function UserPermission($uid, $connection, $database)
// return an array of all the Allowed files ( right >= view_right) ID
function getAllowedFileIds()
{
- $start_time = time();
$viewable_array = $this->getViewableFileIds();
- echo ' Load Viewable Time: ' . (time() - $start_time) . ' ';
- $start_time = time();
$readable_array = $this->getReadableFileIds();
- echo ' Load Readable Time: ' . (time() - $start_time) . ' ';
- $start_time = time();
$writeable_array = $this->getWriteableFileIds();
- echo ' Load Writable Time: ' . (time() - $start_time) . ' ';
- $start_time = time();
$adminable_array = $this->getAdminableFileIds();
- echo ' Load Admin Time: ' . (time() - $start_time) . ' ';
- $start_time = time();
$result_array = array_values( array_unique( array_merge($viewable_array, $readable_array, $writeable_array, $adminable_array) ) );
- echo ' 3 combines Time: ' . (time() - $start_time) . ' ';
return $result_array;
}
// return an array of all the Allowed files ( right >= view_right) object
@@ -217,7 +207,7 @@ function combineArrays($high_priority_array, $low_priority_array)
// by combining and prioritizing user and deparment right
function getAuthority($data_id)
{
- $file_obj = new FileData($data_id, $GLOBALS['connection'], $GLOBALS['database']);
+ $file_obj = new FileData($data_id, $GLOBALS['connection'], DB_NAME);
if($this->user_obj->isAdmin() || $this->user_obj->isReviewerForFile($this->field_id))
{
return $this->ADMIN_RIGHT;
diff --git a/User_Perms_class.php b/User_Perms_class.php
index 98611451..447ba444 100644
--- a/User_Perms_class.php
+++ b/User_Perms_class.php
@@ -2,7 +2,7 @@
/*
User_Perms_class.php - relates users to specific files
Copyright (C) 2002-2004 Stephen Lawrence Jr., Khoa Nguyen
-Copyright (C) 2005-2010 Stephen Lawrence Jr.
+Copyright (C) 2005-2011 Stephen J. Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -80,15 +80,18 @@ function getId()
{
return $this->id;
}
- // All of the function above provides an abstraction for loadData_UserPerm($right)
- // If you user doesn't want to or doens't know the numeric value for permission,
- // use the function above. LoadData_UserPerm($right) can be invoke directly.
+
+ /*
+ * All of the functions above provide an abstraction for loadData_UserPerm($right).
+ * If your user doesn't want to or does not know the numeric value for permission,
+ * use the function above. LoadData_UserPerm($right) can be invoke directly.
+ * @param integer $right The "Right" that is bein checked.
+ */
function loadData_UserPerm($right)
{
if($this->user_obj->isAdmin())
{
- $query = "SELECT
- d.id
+ $query = "SELECT d.id
FROM
{$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DATA as d
WHERE
@@ -108,22 +111,22 @@ function loadData_UserPerm($right)
AND
dr.user_id = $this->id";
}
- else
+ else
{
- ////Select fid, owner_id, owner_name of the file that user-->$id has rights >= $right
- $query = "SELECT userperms.fid
+ //Select fid, owner_id, owner_name of the file that user-->$id has rights >= $right
+ $query = "SELECT up.fid
FROM
- {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DATA as data,
- {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_USER_PERMS as userperms
+ {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DATA as d,
+ {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_USER_PERMS as up
WHERE (
- userperms.uid = $this->id
- AND
- data.id = userperms.fid
- AND
- userperms.rights>=$right
- AND
- data.publishable = 1
- )";
+ up.uid = $this->id
+ AND
+ d.id = up.fid
+ AND
+ up.rights>=$right
+ AND
+ d.publishable = 1
+ )";
}
//$start = getmicrotime();
$result = mysql_query($query, $this->connection) or die("Error in querying: $query" .mysql_error());
@@ -223,11 +226,18 @@ function isForbidden($data_id)
}
}
}
- // this all the canRead, canView, ... function provide an abstraction for this fucntion.
- // users may invoke this function if they are familiar of the numeric permision values
+
+ /*
+ * This function is used by all the canRead, canView, etc... abstract functions.
+ * Users may invoke this function directly if they are familiar of the numeric permision values.
+ * If they are an "Admin" or "Reviewer" for this file return true right away
+ * @param integer $data_id The ID number of the file in question
+ * @param integer $right The number of the "right" ID that is being checked
+ * @return true They CAN perform the right
+ */
function canUser($data_id, $right)
{
- if($this->user_obj->isAdmin())
+ if($this->user_obj->isAdmin() || $this->user_obj->isReviewerForFile($data_id))
{
return true;
}
diff --git a/User_class.php b/User_class.php
index fd03e56f..39783e3a 100644
--- a/User_class.php
+++ b/User_class.php
@@ -2,7 +2,7 @@
/*
User_class.php - Container for user related info
Copyright (C) 2002-2004 Stephen Lawrence Jr., Khoa Nguyen
-Copyright (C) 2005-2010 Stephen Lawrence Jr.
+Copyright (C) 2005-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -180,7 +180,12 @@ function changeName($new_name)
$result = mysql_query($query, $this->connection) or die("Error in querying: $query" . mysql_error() );
return true;
}
-
+
+ /*
+ * Determine if the current user is a reviewer or not
+ * @return boolean
+ *
+ */
function isReviewer()
{
$query = "SELECT * FROM {$GLOBALS['CONFIG']['db_prefix']}dept_reviewer where user_id = " . $this->id;
@@ -232,6 +237,7 @@ function isReviewerForFile($file_id)
return true;
}
}
+
function getAllRevieweeIds() // this functions assume that you are a root thus allowing you to by pass everything
{
@@ -269,6 +275,7 @@ function getRevieweeIds()
}
}
$query = $query . " and {$GLOBALS['CONFIG']['db_prefix']}data.publishable = 0";
+
mysql_free_result($result);
$result = mysql_query($query, $this->connection) or die("Error in query: $query" . mysql_error());
$file_data = array();
@@ -281,6 +288,7 @@ function getRevieweeIds()
return $file_data;
}
}
+
function getAllRejectedFileIds()
{
$query = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}$this->TABLE_DATA WHERE publishable = '-1'";
@@ -294,6 +302,7 @@ function getAllRejectedFileIds()
}
return $file_data;
}
+
function getRejectedFileIds()
{
$query = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE publishable = '-1' and owner = ".$this->id;
@@ -307,6 +316,7 @@ function getRejectedFileIds()
}
return $file_data;
}
+
function getExpiredFileIds()
{
$lquery = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE status=-1 AND owner = '$this->id'";
@@ -320,12 +330,14 @@ function getExpiredFileIds()
}
return $file_data;
}
+
function getNumExpiredFiles()
{
$lquery = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE status=-1 AND owner = '$this->id'";
$lresult = mysql_query($lquery) or die(mysql_error());
return mysql_num_rows($lresult);
}
+
function getEmailAddress()
{
$query = "SELECT Email FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id=".$this->id;
@@ -368,5 +380,24 @@ function getFullName()
mysql_free_result($result);
return $full_name;
}
+
+ //Return list of checked out files to root
+ function getCheckedOutFiles()
+ {
+ if ($this->isRoot())
+ {
+ $query = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE status>0";
+ $result = mysql_query($query) or die("Error trying to create checked out files list: $lquery" . mysql_error());
+ $llen = mysql_num_rows($result);
+ $file_data = array();
+ for ($index = 0; $index < $llen; $index++)
+ {
+ list($fid) = mysql_fetch_row($result);
+ $file_data[$index] = $fid;
+ }
+ return $file_data;
+ }
+ }
+
}
}
\ No newline at end of file
diff --git a/add.php b/add.php
index 49599a05..d9f9a52c 100644
--- a/add.php
+++ b/add.php
@@ -2,7 +2,7 @@
/*
add.php - adds files to the repository
Copyright (C) 2007 Stephen Lawrence Jr., Jon Miner
-Copyright (C) 2002-2010 Stephen Lawrence Jr.
+Copyright (C) 2002-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -32,7 +32,7 @@
header('Location:index.php?redirection=' . urlencode($_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']));
exit;
}
-include('config.php');
+include('odm-load.php');
include('udf_functions.php');
//un_submitted form
if(!isset($_POST['submit']))
@@ -369,7 +369,7 @@ function issetFlag()
// change this to 100 if you want to add 100 of the same files automatically. For debuging purpose only
for($khoa = 0; $khoa<1; $khoa++)
{
- if ($GLOBALS['CONFIG']['authorization'] == 'On')
+ if ($GLOBALS['CONFIG']['authorization'] == 'True')
{
$lpublishable = '0';
}
@@ -388,6 +388,12 @@ function issetFlag()
}
list($current_user_dept) = mysql_fetch_row($result);
+ // File is bigger than what php.ini post/upload/memory limits allow.
+ if($_FILES['file'] ['error'] == '1')
+ {
+ header('Location:error.php?ec=26');
+ exit;
+ }
//can't upload empty file
if ($_FILES['file']['size'] <= 0 )
{
@@ -403,7 +409,7 @@ function issetFlag()
}
// check file type
- foreach($GLOBALS['allowedFileTypes'] as $thistype)
+ foreach($GLOBALS['CONFIG']['allowedFileTypes'] as $thistype)
{
if ($_FILES['file']['type'] == $thistype)
{
@@ -476,7 +482,7 @@ function issetFlag()
// Search for simular names in the two array (merge the array. repetitions are deleted)
// In case of repetitions, higher priority ones stay.
// Priority is in this order (admin, modify, read, view)
- $filedata = new FileData($fileId, $GLOBALS['connection'], $GLOBALS['database']);
+ $filedata = new FileData($fileId, $GLOBALS['connection'], DB_NAME);
if (isset ($_REQUEST['admin']))
{
diff --git a/admin.php b/admin.php
index 40c927ab..c22b2e8b 100644
--- a/admin.php
+++ b/admin.php
@@ -2,7 +2,7 @@
/*
admin.php - provides admin interface
Copyright (C) 2007 Stephen Lawrence Jr., Jon Miner
-Copyright (C) 2002-2010 Stephen Lawrence Jr.
+Copyright (C) 2002-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -23,7 +23,7 @@
// admin.php - administration functions for admin users
// check for valid session
// includes
-include('config.php');
+include('odm-load.php');
include('udf_functions.php');
if (!isset($_SESSION['uid']))
{
@@ -32,7 +32,7 @@
}
// open a connection to the database
-$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
+$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
$secureurl = new phpsecureurl;
// Check to see if user is admin
if(!$user_obj->isAdmin())
@@ -43,15 +43,18 @@
draw_header(msg('label_admin'));
draw_menu($_SESSION['uid']);
@draw_status_bar(msg('label_admin'),$_REQUEST['last_message']);
+if(isset($_REQUEST['last_message']))
+{
+ echo '
diff --git a/check-in.php b/check-in.php
index 0c5d0344..8ebc49a1 100644
--- a/check-in.php
+++ b/check-in.php
@@ -1,7 +1,7 @@
getError() == '' and $fileobj->getStatus() == $_SESSION['uid'])
{
//look to see how many revision are there
@@ -239,7 +239,7 @@ function check(select, send_dept, send_all)
//Send email
$date = date('D F d Y');
$time = date('h:i A');
- $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
+ $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
$get_full_name = $user_obj->getFullName();
$full_name = $get_full_name[0].' '.$get_full_name[1];
$mail_from= $full_name.' <'.$user_obj->getEmailAddress().'>';
diff --git a/check-out.php b/check-out.php
index b691e059..7de8dfab 100644
--- a/check-out.php
+++ b/check-out.php
@@ -2,7 +2,7 @@
/*
check-out.php - performs checkout and updates database
Copyright (C) 2002-2004 Stephen Lawrence, Khoa Nguyen
-Copyright (C) 2005-2010 Stephen Lawrence
+Copyright (C) 2005-2011 Stephen Lawrence
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -26,7 +26,7 @@
header('Location:index.php?redirection=' . urlencode( $_SERVER['REQUEST_URI']) );
exit;
}
-include('config.php');
+include('odm-load.php');
if(strchr($_REQUEST['id'], '_') )
{
header('Location:error.php?ec=20');
@@ -40,7 +40,7 @@
will be the same as the person with admin or modify right except that the DB will not have any recored of him checking out this file. Therefore, he will not be able to check-in the file on
the server
*/
-$fileobj = new FileData($_GET['id'], $GLOBALS['connection'], $GLOBALS['database']);
+$fileobj = new FileData($_GET['id'], $GLOBALS['connection'], DB_NAME);
$fileobj->setId($_GET['id']);
if ($fileobj->getError() != NULL || $fileobj->getStatus() > 0 || $fileobj->isArchived())
{
diff --git a/check_exp.php b/check_exp.php
index d871af62..6f0cb73b 100644
--- a/check_exp.php
+++ b/check_exp.php
@@ -19,7 +19,7 @@
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-include('config.php');
+include('odm-load.php');
$start_time = time();
session_start();
@@ -89,7 +89,7 @@
//get root's id
$lresult = mysql_query($lquery) or die('Error querying: ' . $lquery . mysql_error());
$reviewer_comments = 'To=' . msg('author') . ';Subject=' . msg('message_file_expired') . ';Comments=' . msg('email_file_was_rejected_because'). ' ' . $GLOBALS['CONFIG']['revision_expiration'] . ' ' .msg('days') . ';';
- $user_obj = new user($lroot_id, $GLOBALS['connection'], $GLOBALS['database']);
+ $user_obj = new user($lroot_id, $GLOBALS['connection'], DB_NAME);
$date = date("D F d Y");
$time = date("h:i A");
$get_full_name = $user_obj->getFullName();
@@ -103,8 +103,8 @@
for($i = 0; $igetOwner(), $GLOBALS['connection'], $GLOBALS['database']);
+ $file_obj = new FileData($lid, $GLOBALS['connection'], DB_NAME);
+ $user_obj = new User($file_obj->getOwner(), $GLOBALS['connection'], DB_NAME);
$mail_to = $user_obj->getEmailAddress();
mail($mail_to, $mail_subject. $file_obj->getName(), ($mail_greeting.$file_obj->getName().' '.$mail_body.$mail_salute), $mail_headers);
}
@@ -117,7 +117,7 @@
for($i = 0; $iPublishable(-1);
$file_obj->setReviewerComments($reviewer_comments);
}
@@ -129,7 +129,7 @@
for($i = 0; $isetStatus(-1);
}
}
diff --git a/commitchange.php b/commitchange.php
index d52e0f07..fc046647 100644
--- a/commitchange.php
+++ b/commitchange.php
@@ -3,7 +3,7 @@
commitchange.php - provides database commits for various admin tasks
Copyright (C) 2002-2006 Stephen Lawrence
Copyright (C) 2007 Stephen Lawrence Jr., Jon Miner
-Copyright (C) 2008-2010 Stephen Lawrence Jr.
+Copyright (C) 2008-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -27,11 +27,11 @@
header('Location:index.php?redirection=' . urlencode( $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'] ) );
exit;
}
-include('config.php');
+include('odm-load.php');
include('udf_functions.php');
$secureurl = new phpsecureurl;
-$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
+$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
// Code added by Chad Blomquist
// Check to make sure they should be here.
@@ -93,8 +93,8 @@
}
// mail user telling him/her that his/her account has been created.
- $user_obj = new user($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
- $new_user_obj = new User($userid, $GLOBALS['connection'], $GLOBALS['database']);
+ $user_obj = new user($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
+ $new_user_obj = new User($userid, $GLOBALS['connection'], DB_NAME);
$date = date('D F d Y');
$time = date('h:i A');
$get_full_name = $user_obj->getFullName();
@@ -142,15 +142,16 @@
{
$_POST['caller'] = 'admin.php';
}
- if (!$user_obj->isAdmin())
+
+ // UPDATE admin info
+ if($user_obj->isAdmin())
{
- // UPDATE admin info
$query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}admin set admin='". $_POST['admin'] . "' where id = '".$_POST['id']."'";
$result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
- // UPDATE into user
}
- $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user SET username='". addslashes($_POST['username']) ."',";
-
+ // UPDATE into user
+ $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}user SET username='". addslashes($_POST['username']) ."',";
+
if (!empty($_POST['password']))
{
$query .= "password = md5('". addslashes($_POST['password']) ."'), ";
diff --git a/config-sample.php b/config-sample.php
index f33b34d6..29f64b09 100644
--- a/config-sample.php
+++ b/config-sample.php
@@ -1,8 +1,7 @@
-//
-// Encourage end-users to put local configuration in config_local.php, so
-// we can overwrite (config.php) in the future
-// without danger of overwriting site specific information.
-if (is_file('config_local.php'))
-{
- include('config_local.php');
-}
-elseif (is_file('../config_local.php'))
-{
- include('../config_local.php');
-}
-elseif (is_file('../../config_local.php'))
-{
- include('../../config_local.php');
+/** Absolute path to the OpenDocMan directory. */
+if ( !defined('ABSPATH') )
+ define('ABSPATH', dirname(__FILE__) . '/');
}
-
-
-// Set the revision directory. (relative to $dataDir)
-$CONFIG['revisionDir'] = $GLOBALS['CONFIG']['dataDir'] . 'revisionDir/';
-
-// Set the revision directory. (relative to $dataDir)
-$CONFIG['archiveDir'] = $GLOBALS['CONFIG']['dataDir'] . 'archiveDir/';
-
-$GLOBALS['connection'] = mysql_connect($GLOBALS['hostname'], $GLOBALS['user'], $GLOBALS['pass']) or die ("Unable to connect: " . mysql_error());
-$db = mysql_select_db($GLOBALS['database'], $GLOBALS['connection']);
-
-// All functions and includes are in functions.php
-include_once('functions.php');
-
-$_GET = sanitizeme($_GET);
-$_REQUEST = sanitizeme($_REQUEST);
-$_POST = sanitizeme($_POST);
-$_SERVER = sanitizeme($_SERVER);
-}
\ No newline at end of file
diff --git a/config.php b/config.php
deleted file mode 100644
index 52ea2df9..00000000
--- a/config.php
+++ /dev/null
@@ -1,184 +0,0 @@
-
-//
-// Encourage end-users to put local configuration in config_local.php, so
-// we can overwrite (config.php) in the future
-// without danger of overwriting site specific information.
-if (is_file('config_local.php'))
-{
- include('config_local.php');
-}
-elseif (is_file('../config_local.php'))
-{
- include('../config_local.php');
-}
-elseif (is_file('../../config_local.php'))
-{
- include('../../config_local.php');
-}
-
-// Set the revision directory. (relative to $dataDir)
-$CONFIG['revisionDir'] = $GLOBALS['CONFIG']['dataDir'] . 'revisionDir/';
-
-// Set the revision directory. (relative to $dataDir)
-$CONFIG['archiveDir'] = $GLOBALS['CONFIG']['dataDir'] . 'archiveDir/';
-
-$GLOBALS['connection'] = mysql_connect($GLOBALS['hostname'], $GLOBALS['user'], $GLOBALS['pass']) or die ("Unable to connect: " . mysql_error());
-$db = mysql_select_db($GLOBALS['database'], $GLOBALS['connection']);
-
-// All functions and includes are in functions.php
-include_once('functions.php');
-
-$_GET = sanitizeme($_GET);
-$_REQUEST = sanitizeme($_REQUEST);
-$_POST = sanitizeme($_POST);
-$_SERVER = sanitizeme($_SERVER);
-}
\ No newline at end of file
diff --git a/config_local.php.sample b/config_local.php.sample
deleted file mode 100644
index 02a2e7ce..00000000
--- a/config_local.php.sample
+++ /dev/null
@@ -1,39 +0,0 @@
-canAdmin($id))
{
- $file_obj = new FileData($id, $GLOBALS['connection'], $GLOBALS['database']);
+ $file_obj = new FileData($id, $GLOBALS['connection'], DB_NAME);
$file_obj->temp_delete();
fmove($GLOBALS['CONFIG']['dataDir'] . $id . '.dat', $GLOBALS['CONFIG']['archiveDir'] . $id . '.dat');
}
@@ -78,74 +81,10 @@
header('Location: out.php?last_message=' . $last_message);
}
-elseif( isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'pmntdel' )
-{
- if( !$userperm_obj->user_obj->isAdmin() )
- {
- header('Location: error.php?ec=4');
- exit;
- }
- if(!@isset($_REQUEST['num_checkboxes'] ))
- {
- $_REQUEST['num_checkboxes'] =1;
- }
- // all ok, proceed!
- //mysql_free_result($result);
- for($i = 0; $i<$_REQUEST['num_checkboxes']; $i++)
- {
- if(@$_REQUEST['id' . $i])
- {
- $id = $_REQUEST['id' . $i];
- if(strchr($id, '_') )
- {
- header('Location:error.php?ec=20');
- }
- if($userperm_obj->canAdmin($id))
- {
- // delete from db
- $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE id = '$id'";
- $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
-
- // delete from db
- $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}dept_perms WHERE fid = '$id'";
- $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
-
- $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE fid = '$id'";
- $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
-
- $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}log WHERE id = '$id'";
- $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
- $filename = $id . ".dat";
- unlink($GLOBALS['CONFIG']['archiveDir'] . $filename);
- if( is_dir($GLOBALS['CONFIG']['revisionDir'] . $id . '/') )
- {
- $dir = opendir($GLOBALS['CONFIG']['revisionDir'] . $id . '/');
- if( is_dir($GLOBALS['CONFIG']['revisionDir'] . $id . '/') )
- {
- $dir = opendir($GLOBALS['CONFIG']['revisionDir'] . $id . '/');
- while($lreadfile = readdir($dir))
- {
- if(is_file($GLOBALS['CONFIG']['revisionDir'] . "$id/$lreadfile"))
- {
- unlink($GLOBALS['CONFIG']['revisionDir'] . "$id/$lreadfile");
- }
- }
- rmdir($GLOBALS['CONFIG']['revisionDir'] . $id);
- }
- }
- }
- // Call the plugin API call for this section
- callPluginMethod('onAfterDeleteFile');
-
- }
- }
- // delete from directory
- // clean up and back to main page
- $last_message = urlencode(msg('message_document_successfully_deleted'));
- header('Location: delete.php?mode=view_del_archive&last_message=' . $last_message);
-}
elseif( isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'view_del_archive' )
{
+ isset($_REQUEST['mode']) ? $_REQUEST['mode'] : '';
+
//publishable=2 for archive deletion
$lquery = "SELECT id FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE publishable=2";
$lresult = mysql_query($lquery, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
@@ -154,81 +93,114 @@
{
list($array_id[$i]) = mysql_fetch_row($lresult);
}
- $luserperm_obj = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
+ $luserperm_obj = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
//$lfileobj_array = $luserperm_obj->convertToFileDataOBJ($array_id);
- if(!isset($_REQUEST['starting_index']))
- {
- $_REQUEST['starting_index'] = 0;
- }
-
- if(!isset($_REQUEST['stoping_index']))
- {
- $_REQUEST['stoping_index'] = $_REQUEST['starting_index']+$GLOBALS['CONFIG']['page_limit']-1;
- }
-
- if(!isset($_REQUEST['sort_by']))
- {
- $_REQUEST['sort_by'] = 'id';
- }
-
- if(!isset($_REQUEST['sort_order']))
- {
- $_REQUEST['sort_order'] = 'asc';
- }
- if(!isset($_REQUEST['page']))
+ if(!isset($_REQUEST['last_message']))
{
- $_REQUEST['page'] = 0;
+ $_REQUEST['last_message'] = '';
}
+
draw_menu($_SESSION['uid']);
draw_header(msg('area_deleted_files'));
- @draw_status_bar(msg('label_delete_undelete'), $_REQUEST['last_message']);
+ draw_status_bar(msg('label_delete_undelete'), $_REQUEST['last_message']);
$page_url = $_SERVER['PHP_SELF'] . '?mode=' . $_REQUEST['mode'];
- $user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
- $userperms = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
- //$sorted_obj_array = obj_array_sort_interface($lfileobj_array, $_POST['sort_order'], $_POST['sort_by']);
- $sorted_array_id = my_sort($array_id, $_REQUEST['sort_order'], $_REQUEST['sort_by']);
- echo '';
- draw_footer();
}
-elseif(isset($_POST['mode']) && $_POST['mode']=='Delete file(s)')
+elseif(isset($_POST['submit']) && $_POST['submit']=='Delete file(s)')
{
- $url = 'delete.php?mode=pmntdel&';
- $id = 0;
- for($i = 0; $i<$_POST['num_checkboxes']; $i++)
+ isset($_REQUEST['checkbox']) ? $_REQUEST['checkbox'] : '';
+
+ foreach($_REQUEST['checkbox'] as $key=>$value)
{
- if(isset($_POST["checkbox$i"]))
+ if(!pmt_delete($value))
{
- $fileid = $_POST["checkbox$i"];
- $url .= 'id'.$id.'='.$fileid.'&';
- $id ++;
+ header('Location: error.php');
+ exit;
}
}
- $url = substr($url, 0, strlen($url)-1);
- header('Location:'.$url.'&num_checkboxes='.$_POST['num_checkboxes']);
+ header('Location:delete.php?mode=view_del_archive');
}
-elseif(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'Undelete')
+elseif(isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Undelete')
{
for($i= 0; $i<$_REQUEST['num_checkboxes']; $i++)
{
if(isset($_REQUEST["checkbox$i"]))
{
- $file_obj = new FileData($_REQUEST["checkbox$i"], $GLOBALS['connection'], $GLOBALS['database']);
+ $file_obj = new FileData($_REQUEST["checkbox$i"], $GLOBALS['connection'], DB_NAME);
$file_obj->undelete();
fmove($GLOBALS['CONFIG']['archiveDir'] . $_REQUEST["checkbox$i"] . '.dat', $GLOBALS['CONFIG']['dataDir'] . $_REQUEST["checkbox$i"] . '.dat');
}
}
header('Location:' . $_REQUEST['caller'] . '&last_message=' . urlencode('message_document_has_been_archived'));
+}
+
+draw_footer();
+
+/*
+ * Permanently Delete A File
+ * @param integer $id The file ID to be deleted permanently
+ */
+function pmt_delete($id)
+{
+ $userperm_obj = new User_Perms($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
+
+ if( !$userperm_obj->user_obj->isRoot() )
+ {
+ header('Location: error.php?ec=4');
+ exit;
+ }
+ // all ok, proceed!
+ //mysql_free_result($result);
+ if(isset($id))
+ {
+ if(strchr($id, '_') )
+ {
+ header('Location:error.php?ec=20');
+ }
+ if($userperm_obj->canAdmin($id))
+ {
+ // delete from db
+ $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}data WHERE id = '$id'";
+ $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
+
+ // delete from db
+ $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}dept_perms WHERE fid = '$id'";
+ $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
+
+ $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE fid = '$id'";
+ $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
+
+ $query = "DELETE FROM {$GLOBALS['CONFIG']['db_prefix']}log WHERE id = '$id'";
+ $result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
+ $filename = $id . ".dat";
+ unlink($GLOBALS['CONFIG']['archiveDir'] . $filename);
+ if( is_dir($GLOBALS['CONFIG']['revisionDir'] . $id . '/') )
+ {
+ $dir = opendir($GLOBALS['CONFIG']['revisionDir'] . $id . '/');
+ if( is_dir($GLOBALS['CONFIG']['revisionDir'] . $id . '/') )
+ {
+ $dir = opendir($GLOBALS['CONFIG']['revisionDir'] . $id . '/');
+ while($lreadfile = readdir($dir))
+ {
+ if(is_file($GLOBALS['CONFIG']['revisionDir'] . "$id/$lreadfile"))
+ {
+ unlink($GLOBALS['CONFIG']['revisionDir'] . "$id/$lreadfile");
+ }
+ }
+ rmdir($GLOBALS['CONFIG']['revisionDir'] . $id);
+ }
+ }
+ }
+ }
}
\ No newline at end of file
diff --git a/department.php b/department.php
index 389343b7..b317e91a 100644
--- a/department.php
+++ b/department.php
@@ -1,7 +1,7 @@
getName(),$_POST['last_message']);
diff --git a/details.php b/details.php
index 91c1a392..e3bd47ad 100644
--- a/details.php
+++ b/details.php
@@ -2,7 +2,7 @@
/*
details.php - display file information check for session
Copyright (C) 2002-2007 Stephen Lawrence Jr., Khoa Nguyen, Jon Miner
-Copyright (C) 2008-2010 Stephen Lawrence Jr.
+Copyright (C) 2008-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -26,7 +26,7 @@
header('Location:index.php?redirection=' . urlencode( $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']) );
exit;
}
-include('config.php');
+include('odm-load.php');
include('udf_functions.php');
// in case this file is accessed directly - check for $_REQUEST['id']
@@ -49,12 +49,12 @@
{
@draw_status_bar(msg('area_file_details'),$_REQUEST['last_message']);
}
-$filedata = new FileData($_REQUEST['id'], $GLOBALS['connection'], $GLOBALS['database']);
+$filedata = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME);
checkUserPermission($_REQUEST['id'], $filedata->VIEW_RIGHT);
-$user = new User_Perms($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
+$user = new User_Perms($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
-$userPermObj = new UserPermission($_SESSION['uid'] , $GLOBALS['connection'], $GLOBALS['database']);
-$user_obj = new user($filedata->getOwner(), $GLOBALS['connection'], $GLOBALS['database']);
+$userPermObj = new UserPermission($_SESSION['uid'] , $GLOBALS['connection'], DB_NAME);
+$user_obj = new user($filedata->getOwner(), $GLOBALS['connection'], DB_NAME);
$secureurl = new phpsecureurl;
?>
@@ -255,7 +255,7 @@
// check if user has modify rights
$query2 = "SELECT status FROM {$GLOBALS['CONFIG']['db_prefix']}data, {$GLOBALS['CONFIG']['db_prefix']}user_perms WHERE {$GLOBALS['CONFIG']['db_prefix']}user_perms.fid = '$_REQUEST[id]' AND {$GLOBALS['CONFIG']['db_prefix']}user_perms.uid = '$_SESSION[uid]' AND {$GLOBALS['CONFIG']['db_prefix']}user_perms.rights = '2' AND {$GLOBALS['CONFIG']['db_prefix']}data.status = '0' AND {$GLOBALS['CONFIG']['db_prefix']}data.id = {$GLOBALS['CONFIG']['db_prefix']}user_perms.fid";
$result2 = mysql_query($query2, $GLOBALS['connection']) or die ("Error in query: $query2. " . mysql_error());
- $user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
+ $user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
if($user_perms->getAuthority($_REQUEST['id'])>=$user_perms->WRITE_RIGHT && !isset($lrevision_id) && !$filedata->isArchived())
{
// if so, display link for checkout
diff --git a/docs/opendocman.txt b/docs/opendocman.txt
index 71812852..1dbb4f66 100644
--- a/docs/opendocman.txt
+++ b/docs/opendocman.txt
@@ -1,16 +1,4 @@
-June 4, 2010
-
-Abstract
-
-OpenDocMan is a full featured Web-based document management
-system designed to conform to ISO 17025/IEC. It features
-automatic installation, file expiration, multiple version
-handling, file check-in/out, departmental access control,
-file moderation, fine grained user access control, email
-notificaiton and a great search function. Written in PHP,
-and utilizing MySQL for the backend, this project is useful
-for any company looking to keep their documentation in a
-centralized repository.
+January 12, 2011
Table of Contents
@@ -81,8 +69,7 @@ centralized repository.
a file
9. Admin and Root users - Each installation can have any number
- of "admin" users, who can create users,
- categories, etc.. One "root"
+ of "admin" users, who can create users, categories, etc.. One "root"
user can do all.
10. Multiple Document Versions - Instead of overwriting a document
@@ -106,13 +93,15 @@ centralized repository.
in file list but non-checkoutable, Send email to reviewer
only, or Do Nothing.
+15.
+
1.2 Requirements
* Apache Webserver 2.x (or any other webserver, that supports PHP) (http://www.apache.org/)
-* MySQL Server 4.0+ (http://www.mysql.com/)
+* MySQL Server 5.0+ (http://www.mysql.com/)
-* PHP 4+ compiled with MySQL-Support (http://www.php.net/)
+* PHP 5+ compiled with MySQL-Support (http://www.php.net/)
1.2.1 Partially Tested
@@ -130,36 +119,34 @@ To update your current version to the latest release:
2. Unarchive opendocman into a new folder
-3. Copy the local_config.php.sample in your new folder (Look at your old
- config.php file for some settings that can be transferred
- over from the old config to the new).
+3.
-4. Load the installation page in your web browser at /install/
- ( ex. http://www.example.com/opendocman/install/ )
- and click on the appropriate upgrade link. Refer to your
- old config.php to see what version you were using before.
+4. Load the opendocman page in your web browser
+( ex. http://www.example.com/opendocman/ )
+ You should follow the prompts for installation.
2.2 New Installation
1. Untar/Unzip files into any dir in your webserver documents dir
-2. Edit config.php
+2. Create a MySQL database/username/password.
+
+3. Edit config.php
(a) All parameters are commented and should be self explanatory.
Change any that apply, especially the database parameters.
-3. Make a directory for the files to be stored that is accessible
+4. Make a directory for the files to be stored that is accessible
to the web server but not available by browsing. Ensure the
permissions are correct on this folder to allow for the web
server to write to it
ex. $>mkdir /usr/local/opendocman/data
-4. Load the installation page in your web browser at /install/
- (ex. http://www.example.com/opendocman/install ) and click on the
- new install link.
+5. Load the opendocman page in your web browser
+(ex. http://www.example.com/opendocman/ ) and follow the prompts.
-5. Point your favorite webbrowser to the opendocman folder:
+6. Point your favorite webbrowser to the opendocman folder:
ex. "http://www.mydomain.com/opendocman"
7. Login as "admin" (without password). After that, go to
@@ -171,20 +158,11 @@ To update your current version to the latest release:
3 Configuration
-3.1 config.php
-
-Most of the configuration for OpenDocMan is controlled by
-a file name config.php. Below are some of the configurable
-options in that file:
-
-* $database - The name of the database used (ex. opendocman)
-
-* $user - The user that has update/insert/delete permissions
- on above database
+3.1 Configuration Settings
-* $pass - Password for above user
+Most of the configuration for OpenDocMan is controlled by the Admin->Edit Settings page.
-* $hostname - The hostname:port of the database server (ex. db1.mydomain.com or db1.mydomain.com:8889)
+Below are some of the configurable options:
* dataDir - Location of file repository. This should ideally
be outside the Web server root. Make sure the server has
@@ -198,12 +176,6 @@ options in that file:
methods. Currently only MySQL and web-based kerberos authentication
is supported.
-* page_limit - Set the number of files that show up on each
- page
-
-* displayable_len - Set the maximum displayable length of
- text field in file list
-
* base_url - Set this to the url of the site (no ending slash)
* title - This is the browser window title and be anything
@@ -232,19 +204,12 @@ options in that file:
* secureurl [On,Off] - Hide the URL contents from prying
-* treeview [On,Off] - Use treeview mode instead of file list mode
-
* theme [default="default"] - which theme to use? Smarty-based
themes are located in templates/ folder. Look at default for example.
To add a new one just create a new theme folder in templates/
- with the header.tpl and footer.tpl files. Global variables are
+ with header.tpl and footer.tpl files. Global variables are
added to smarty as $g_VARIABLENAME.
-* $allowedFileTypes - This is a list of file types that will
- be allowed to be added to the repository. This may need
- some tweeking depending on what types of files your users
- have.
-
* allow_signup - This option determines whether or not to display
the "Signup" link on the login page to allow users to self-register.
@@ -314,9 +279,9 @@ use by the installation scrip. This is an automated
web-based update/installation script. Here is how it works
for users:
-1. The user loads /install/index.php into their browser. They can either
- select the new installation link, or one of the upgrade
- links.
+1. The user loads any page into their browser. The program will detect
+ if they have a config.php file or not. If they do not it will have them
+ create one.
2. For a new installation:
@@ -365,9 +330,9 @@ new files need to be created and a current files modified.
This can be a mysqldump straight from the latest database
schema.
-These files MUST be kept syncronized for each release!
+These files MUST be kept in sync for each release!
-7 Changes
+7 Old Changes
7.1 1.2rc1 - July 9th, 2003
diff --git a/edit.php b/edit.php
index 4108570c..b7f7ae16 100644
--- a/edit.php
+++ b/edit.php
@@ -2,7 +2,7 @@
/*
edit.php - edit file properties
Copyright (C) 2002-2007 Stephen Lawrence Jr., Khoa Nguyen, Jon Miner
-Copyright (C) 2008-2010 Stephen Lawrence Jr.
+Copyright (C) 2008-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -26,7 +26,7 @@
//$submit=true;
session_start();
-include('config.php');
+include('odm-load.php');
include('udf_functions.php');
if(strchr($_REQUEST['id'], '_') )
{
@@ -44,7 +44,7 @@
exit;
}
-$filedata = new FileData($_REQUEST['id'], $GLOBALS['connection'], $GLOBALS['database']);
+$filedata = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME);
if( $filedata->isArchived() )
{
@@ -62,12 +62,11 @@
draw_header(msg('area_update_file'));
draw_menu($_SESSION['uid']);
draw_status_bar(msg('area_update_file'), $_REQUEST['last_message']);
- $user_perm_obj = new User_Perms($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
+ $user_perm_obj = new User_Perms($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
checkUserPermission($_REQUEST['id'], $user_perm_obj->ADMIN_RIGHT);
$data_id = $_REQUEST['id'];
// includes
$query ="SELECT department FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id=$_SESSION[uid]";
- //echo($GLOBALS['database']); echo($query); echo($connection);
$result = mysql_query($query, $GLOBALS['connection']) or die ("Error in query: $query. " . mysql_error());
if(mysql_num_rows($result) != 1)
{
@@ -151,14 +150,7 @@ function issetFlag()
?>
exists() )
{
@@ -167,9 +159,6 @@ function issetFlag()
}
else
{
- // obtain data from resultset
- //list($category, $realname, $description, $comment) = mysql_fetch_row($result);
- //mysql_free_result($result);
$category = $filedata->getCategory();
$realname = $filedata->getName();
$description = $filedata->getDescription();
@@ -305,7 +294,7 @@ function issetFlag()
for($i = 0; $i' .msg('login') . '';
- break;
+ switch ($_REQUEST['ec'])
+ {
+ // login failure
+ case 0:
+ $message = msg('message_there_was_an_error_loggin_you_in') . ' ' .msg('login') . '';
+ break;
- // session problem
- case 1:
- $message = msg('message_session_error') . '' . msg('login') . '';
- break;
+ // session problem
+ case 1:
+ $message = msg('message_session_error') . '' . msg('login') . '';
+ break;
- // malformed variable/failed query
- case 2:
- $message = msg('message_error_performing_action');
- break;
+ // malformed variable/failed query
+ case 2:
+ $message = msg('message_error_performing_action');
+ break;
- // User already exists
- case 3:
- $message = msg('message_record_exists');
- break;
+ // User already exists
+ case 3:
+ $message = msg('message_record_exists');
+ break;
- // User not admin
- case 4:
- $message = msg('message_you_are_not_administrator');
- break;
+ // User not admin
+ case 4:
+ $message = msg('message_you_are_not_administrator');
+ break;
- // Category exists
- case 5:
- $message = msg('message_record_exists').':'.$_REQUEST['category'].' Back';
- break;
+ // Category exists
+ case 5:
+ $message = msg('message_record_exists').':'.$_REQUEST['category'].' Back';
+ break;
- // Input Field Blank
- case 6:
- $message = msg('message_you_did_not_enter_value') .' Back';
- break;
+ // Input Field Blank
+ case 6:
+ $message = msg('message_you_did_not_enter_value') .' Back';
+ break;
- // file not uploaded
- case 11:
- $message = msg('message_please_upload_valid_doc');
- break;
+ // file not uploaded
+ case 11:
+ $message = msg('message_please_upload_valid_doc');
+ break;
- // rights not assigned
- case 12:
- $message = msg('message_you_must_assign_rights');
- break;
+ // rights not assigned
+ case 12:
+ $message = msg('message_you_must_assign_rights');
+ break;
- // illegal file type
- case 13:
- $message = msg('message_that_filetype_not_supported') . ' config.php->allowedFileTypes:
';
- //echo "_File array is " . array_values($_FILES['file']);
- foreach($GLOBALS['allowedFileTypes'] as $thistype)
- {
- $message .= '
'.$thistype;
- }
- $message .= '
';
- break;
- //non-unique account
- case 14:
- $message = msg('message_non_unique_account');
- break;
- //check-in wrong filename
- case 15:
- $message = msg('message_wrong_file_checkin');
- break;
- //non unique id in filename
- case 16:
- $message = msg('message_non_unique_key');
- break;
- // file cannot be checked-in
- case 17:
- $message = msg('message_this_file_cannot_be_checked_in');
- break;
- //non-complete upload
- case 18:
- $message = msg('message_this_file_cannot_be_uploaded');
- break;
- //no account in ODM
- case 19:
- $message = msg('message_you_do_not_have_an_account') . ' ' . $GLOBALS['CONFIG']['site_mail'] . '';
- break;
- // cannot do this on revision
- case 20:
- $message = msg('message_this_operation_cannot_be_done_rev');
- break;
- // operation cannot be done on file
- case 21:
- $message = msg('message_this_operation_cannot_be_done_file');
- break;
- // bad root_username setting
- case 22:
- $message = msg('message_unable_to_determine_root');
- break;
- // Folder not writable
- case 23:
- $message = msg('message_folder_error_check');
- break;
- // Non root user trying to access root operations
- case 24:
- $message =msg('message_this_page_requires_root');
- break;
- // File too big
- case 25:
- $message =msg('message_the_file_is_too_large') .' ' . $GLOBALS['CONFIG']['max_filesize'];
- break;
- //default
- default:
- $message = msg('message_there_was_an_error_performing_the_action') .' ' . msg('please') . ' ' . msg('login') . '';
- break;
+ // illegal file type
+ case 13:
+ $message = msg('message_that_filetype_not_supported') . ' Admin->Settings->allowedFileTypes:
';
+ //echo "_File array is " . array_values($_FILES['file']);
+ foreach($GLOBALS['CONFIG']['allowedFileTypes'] as $thistype)
+ {
+ $message .= '
'.$thistype;
+ }
+ $message .= '
';
+ break;
+ //non-unique account
+ case 14:
+ $message = msg('message_non_unique_account');
+ break;
+ //check-in wrong filename
+ case 15:
+ $message = msg('message_wrong_file_checkin');
+ break;
+ //non unique id in filename
+ case 16:
+ $message = msg('message_non_unique_key');
+ break;
+ // file cannot be checked-in
+ case 17:
+ $message = msg('message_this_file_cannot_be_checked_in');
+ break;
+ //non-complete upload
+ case 18:
+ $message = msg('message_this_file_cannot_be_uploaded');
+ break;
+ //no account in ODM
+ case 19:
+ $message = msg('message_you_do_not_have_an_account') . ' ' . $GLOBALS['CONFIG']['site_mail'] . '';
+ break;
+ // cannot do this on revision
+ case 20:
+ $message = msg('message_this_operation_cannot_be_done_rev');
+ break;
+ // operation cannot be done on file
+ case 21:
+ $message = msg('message_this_operation_cannot_be_done_file');
+ break;
+ // bad root_username setting
+ case 22:
+ $message = msg('message_unable_to_determine_root');
+ break;
+ // Folder not writable
+ case 23:
+ $message = msg('message_folder_error_check');
+ break;
+ // Non root user trying to access root operations
+ case 24:
+ $message =msg('message_this_page_requires_root');
+ break;
+ // File too big
+ case 25:
+ $message =msg('message_the_file_is_too_large') .' ' . $GLOBALS['CONFIG']['max_filesize'];
+ break;
+ case 26:
+ $message =msg('message_the_file_is_too_large_php_ini') .' ' . min(ini_get('post_max_size'), ini_get('upload_max_filesize'));
+ break;
+ //default
+ default:
+ $message = msg('message_there_was_an_error_performing_the_action') .' ' . msg('please') . ' ' . msg('login') . '';
+ break;
+ }
+ echo(' ' . $message . '');
}
-echo(' ' . $message . '');
draw_footer();
diff --git a/file_ops.php b/file_ops.php
index c3357181..c998f240 100644
--- a/file_ops.php
+++ b/file_ops.php
@@ -2,7 +2,7 @@
/*
file_ops.php - admin file operations
Copyright (C) 2002-2004 Stephen Lawrence Jr, Khoa Nguyen
-Copyright (C) 2005-2010 Stephen Lawrence Jr.
+Copyright (C) 2005-2011 Stephen Lawrence Jr.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
@@ -19,7 +19,7 @@
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-include('config.php');
+include('odm-load.php');
session_start();
//$_SESSION['uid'] = 102;
//$_GET['submit'] = 'view_checkedout';
@@ -32,35 +32,12 @@
// get a list of documents the user has "view" permission for
// get current user's information-->department
-$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], $GLOBALS['database']);
+$user_obj = new User($_SESSION['uid'], $GLOBALS['connection'], DB_NAME);
if(!$user_obj->isRoot())
{
header('Location:error.php?ec=24');
}
$flag = 0;
-if(!isset($_GET['starting_index']))
-{
- $_GET['starting_index'] = 0;
-}
-
-if(!isset($_GET['stoping_index']))
-{
- $_GET['stoping_index'] = $_GET['starting_index']+$GLOBALS['CONFIG']['page_limit'];
-}
-
-if(!isset($_GET['sort_by']))
-{
- $_GET['sort_by'] = 'id';
-}
-
-if(!isset($_GET['sort_order']))
-{
- $_GET['sort_order'] = 'asc';
-}
-if(!isset($_GET['page']))
-{
- $_GET['page'] = 0;
-}
if(@$_GET['submit'] == 'view_checkedout')
{
echo "\n" . '';
}
- list_nav_generator(sizeof($sorted_id_array), $GLOBALS['CONFIG']['page_limit'], $GLOBALS['CONFIG']['num_page_limit'], $lpage_url, $_GET['page'], $_GET['sort_by'], $_GET['sort_order']);
draw_footer();
}
-elseif (@$_POST['submit'] == 'Clear Status')
+elseif (isset($_POST['submit']) && $_POST['submit'] == 'Clear Status')
{
- $lquery = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}data set status=0 where id=";
- for($i=0; $i<$_POST['num_checkboxes']; $i++)
- {
- if(@$_POST['checkbox'.$i])
- {
- mysql_query($lquery . $_POST['checkbox'.$i]) or die('Error in querying' . mysql_error());
- }
- }
- header('Location:' . $_SERVER['PHP_SELF'] . '?state=2&submit=view_checkedout');
+ if(isset($_POST["checkbox"]))
+ {
+ foreach($_POST['checkbox'] as $cbox)
+ {
+ $fileid = $cbox;
+ $file_obj = new FileData($fileid, $GLOBALS['connection'], DB_NAME);
+ //$user_obj = new User($file_obj->getOwner(), $connection, DB_NAME);
+ //$mail_to = $user_obj->getEmailAddress();
+ //mail($mail_to, $mail_subject. $file_obj->getName(), ($mail_greeting.$file_obj->getName().' '.$mail_body.$mail_salute), $mail_headers);
+ $file_obj->setStatus(0);
+ }
+
+ }
+ header('Location:' . $_SERVER['PHP_SELF'] . '?state=2&submit=view_checkedout');
}
diff --git a/filetypes.php b/filetypes.php
new file mode 100644
index 00000000..6267352a
--- /dev/null
+++ b/filetypes.php
@@ -0,0 +1,145 @@
+isRoot() == true)
+{
+ header('Location:' . $secureurl->encode('error.php?ec=24'));
+ exit;
+}
+
+if(isset($_REQUEST['submit']) && $_REQUEST['submit']=='update')
+{
+ if(!isset($_POST['last_message']))
+ {
+
+ $_POST['last_message']='';
+ }
+ draw_header(msg('label_filetypes'));
+ draw_menu($_SESSION['uid']);
+ draw_status_bar(msg('label_filetypes'), $_POST['last_message']);
+ $filetypes->edit();
+ draw_footer();
+}
+elseif(isset($_REQUEST['submit']) && $_REQUEST['submit'] == 'Save')
+{
+ draw_header(msg('label_filetypes'));
+ draw_menu($_SESSION['uid']);
+ if($filetypes->save($_POST))
+ {
+ $_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
+ }
+ else
+ {
+ $_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
+ }
+ $GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
+ draw_status_bar(msg('label_filetypes'), $_POST['last_message']);
+ $filetypes->edit();
+ draw_footer();
+}
+elseif (isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'Cancel')
+{
+ if(!isset($_POST['last_message']))
+ {
+
+ $_POST['last_message']='';
+ }
+ header('Location: ' . $secureurl->encode("admin.php?last_message=" . urlencode(msg('message_action_cancelled'))));
+}
+elseif(isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNew')
+{
+ if(!isset($_POST['last_message']))
+ {
+
+ $_POST['last_message']='';
+ }
+ draw_header(msg('label_filetypes'));
+ draw_menu($_SESSION['uid']);
+ draw_status_bar(msg('label_filetypes'), $_POST['last_message']);
+ display_smarty_template('filetype_add.tpl');
+ draw_footer();
+}
+elseif(isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'AddNewSave')
+{
+ if($filetypes->add($_POST))
+ {
+ $_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
+ }
+ else
+ {
+ $_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
+ }
+ $GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
+ draw_header(msg('label_filetypes'));
+ draw_menu($_SESSION['uid']);
+ draw_status_bar(msg('label_filetypes'), $_POST['last_message']);
+ $filetypes->edit();
+ draw_footer();
+}
+elseif(isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'DeleteSelect')
+{
+ if(!isset($_POST['last_message']))
+ {
+
+ $_POST['last_message']='';
+ }
+ draw_header(msg('label_filetypes'));
+ draw_menu($_SESSION['uid']);
+ draw_status_bar(msg('label_filetypes'), $_POST['last_message']);
+ $filetypes->deleteSelect();
+ draw_footer();
+}
+elseif(isset($_REQUEST['submit']) and $_REQUEST['submit'] == 'Delete')
+{
+ if($filetypes->delete($_POST))
+ {
+ $_POST['last_message'] = $GLOBALS['lang']['message_all_actions_successfull'];
+ }
+ else
+ {
+ $_POST['last_message'] = $GLOBALS['lang']['message_error_performing_action'];
+ }
+ $GLOBALS['smarty']->assign('last_message', $_POST['last_message']);
+ draw_header(msg('label_filetypes'));
+ draw_menu($_SESSION['uid']);
+ draw_status_bar(msg('label_filetypes'), $_POST['last_message']);
+ $filetypes->edit();
+ draw_footer();
+}
+else
+{
+ header('Location: ' . $secureurl->encode("admin.php?last_message=" . urlencode(msg('message_nothing_to_do'))));
+}
+
diff --git a/forgot_password.php b/forgot_password.php
index bef2c97a..b8ddb956 100644
--- a/forgot_password.php
+++ b/forgot_password.php
@@ -2,7 +2,7 @@
/*
forgot_password.php - utility to reset a user password
Copyright (C) 2005-2006 Glowball Solutions & Stephen Lawrence Jr.
- Copyright (C) 2005-2010 Stephen Lawrence Jr.
+ Copyright (C) 2005-2011 Stephen Lawrence Jr.
This page was added to the core files for this utility.
This program is free software; you can redistribute it and/or
@@ -20,7 +20,7 @@
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-include_once('config.php');
+include_once('odm-load.php');
if(isset($GLOBALS['CONFIG']['allow_password_reset']) && $GLOBALS['CONFIG']['allow_password_reset'] != 'On')
{
@@ -181,19 +181,6 @@
// default form
else
{
- // build the header and navigation
- /*
-
-
-
-
-
- ADD FORMATTING HERE
-
-
-
-
- */
if (strlen($_REQUEST['last_message']))
echo "
" . $_REQUEST['last_message'] . ".
\n";
?>
@@ -215,16 +202,4 @@
template_dir = dirname(__FILE__) . '/templates/' . $GLOBALS['CONFIG']['theme'] .'/';
$GLOBALS['smarty']->compile_dir = dirname(__FILE__) . '/templates_c/';
+
/**** SET g_ vars from Global Config arr ***/
foreach($GLOBALS['CONFIG'] as $key => $value)
{
@@ -49,161 +49,174 @@ functions.php - various utility functions
{
$GLOBALS['smarty']->assign('g_lang_' . $key, msg($key));
}
- // BEGIN FUNCTIONS
- // function to format mySQL DATETIME values
- function fix_date($val)
- {
- //split it up into components
- if( $val != 0 )
- {
- $arr = explode(' ', $val);
- $timearr = explode(':', $arr[1]);
- $datearr = explode('-', $arr[0]);
- // create a timestamp with mktime(), format it with date()
- return date('d M Y (H:i)', mktime($timearr[0], $timearr[1], $timearr[2], $datearr[1], $datearr[2], $datearr[0]));
- }
- else
- {
- return 0;
- }
- }
-
- // Return a copy of $string where all the spaces are converted into underscores
- function space_to_underscore($string)
- {
- $string_len = strlen($string);
- $index = 0;
- while( $index< $string_len )
- {
- if($string[$index] == ' ')
- {
- $string[$index]= '_';
- }
- $index++;
- }
- return $string;
- }
- // Draw the status bar for each page
- function draw_status_bar($message, $lastmessage='')
- {
- if(!isset($_REQUEST['state']))
- $_REQUEST['state']=1;
- echo "\n".''."\n";
- if (!isset ($message))
- {
- $message='Select';
- }
- echo ''."\n";
- echo '