files.php
上传用户:gzy2002
上传日期:2010-02-11
资源大小:1785k
文件大小:7k
- <?php
- // +-------------------------------------------------------------+
- // | DeskPRO v [2.0.1 Production]
- // | Copyright (C) 2001 - 2004 Headstart Solutions Limited
- // | Supplied by WTN-WDYL
- // | Nullified by WTN-WDYL
- // | Distribution via WebForum, ForumRU and associated file dumps
- // +-------------------------------------------------------------+
- // | DESKPRO IS NOT FREE SOFTWARE
- // +-------------------------------------------------------------+
- // | License ID : Full Enterprise License =) ...
- // | License Owner : WTN-WDYL Team
- // +-------------------------------------------------------------+
- // | $RCSfile: files.php,v $
- // | $Date: 2004/02/10 01:34:30 $
- // | $Revision: 1.16 $
- // +-------------------------------------------------------------+
- // | File Details:
- // | - Attachments manager.
- // +-------------------------------------------------------------+
- error_reporting(E_ALL ^ E_NOTICE);
- include "./../global.php";
- // default do
- $_REQUEST['do'] = trim($_REQUEST['do']);
- if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
- $_REQUEST['do'] = "view";
- }
- // globalise variables
- $global = array (
- array('id')
- );
- rg($global);
- ############################### GET CATEGORIES ###############################
- $result = $db->query_return("SELECT categories FROM tech_folders WHERE type = 'attachments' AND techid = '$user[id]'");
- $categories = unserialize($result[categories]);
- $cat_jump[0] = 'Top Category';
- if (is_array($categories)) {
- foreach ($categories AS $key => $var) {
- $cat_jump[$key] = $var;
- }
- }
- ############################### DOWNLOAD ATTACHMENT ###############################
- if ($_REQUEST['do'] == "download") {
- $db->query("SELECT blobid FROM tech_attachments WHERE techid = '$user[id]' AND id = '$id'");
- if ($db->num_rows() > 0) {
- get_attachment($id, 'tech_attachments', 1);
- } else {
- alert('No permission to download this attachment');
- $_REQUEST['do'] = "view";
- }
- }
- ############################### ADD ATTACHMENTS ###############################
- if ($_REQUEST['do'] == "add") {
- tech_nav('resources');
- while ($i < 10) {
- $table[] = array(
- form_file($i),
- form_select($i, $cat_jump, 'category'),
- form_input($i, '', '50', 'comments')
- );
- $i++;
-
- }
- $cols = array('File (required)', 'Category (required)', 'Comments (optional)');
- table_header('Add New Files', 'files.php', array('do' => 'add2'), '', '', 1);
- table_content($cols, $table);
- table_footer('Add Attachments');
- }
- ############################### ADD ATTACHMENTS (2) ###############################
- if ($_REQUEST['do'] == "add2") {
- if (is_array($_FILES)) {
- foreach ($_FILES AS $key => $var) {
- if ($_FILES[$key][name] != '') {
- $commentskey = intval(substr($key, 10));
- // validate
- if (validate_attachment($error, $key)) {
-
- // add attachment
- $attach = add_attachment($key);
- // add information to ticket table
- $checks = xss_check($_REQUEST['comments'][$commentskey], 'tech');
- $db->query("INSERT INTO tech_attachments SET
- blobid = '$attach[blobid]',
- comments = '" . mysql_escape_string($checks[0]) . "',
- category = '" . mysql_escape_string($_REQUEST['category'][$commentskey]) . "',
- filename = '" . mysql_escape_string($attach[name]) . "',
- filesize = '" . mysql_escape_string($attach[size]) . "',
- extension = '" . mysql_escape_string($attach[extension]) . "',
- timestamp = '" . mktime() . "',
- techid = '$user[id]'
- ");
- $i++;
-
- } else {
- $error .= $error;
- }
- }
- }
- }
- if ($i) {
- if ($i > 1) {
- $message = "$i attachments uploaded\n";
- } else {
- $message = "$i attachment uploaded\n";
- }
- }
- if ($error) {
- $message .= $error;
- }
- if (!$i AND !$error) {
- $message .= 'No attachments specified';
- }
- alert($message);
- $_REQUEST['do'] = 'view';
- }
- ############################### ATTACHMENTS ACTIONS ###############################
- if ($_REQUEST['do'] == "doactions") {
- // ids of what we are changing (check they don't press submit with no ids)
- if (is_array($_REQUEST['ids'])) {
- foreach ($_REQUEST['ids'] AS $key => $var) {
- if ($var = 1) {
- $id_array[] = $key;
- }
- }
- }
- if (is_array($id_array)) {
-
- if ($_REQUEST['actiontype'] == 'delete') {
- $db->query("SELECT blobid FROM tech_attachments WHERE techid = '$user[id]' AND id IN " . array2sql($id_array) . "");
- while ($result = $db->row_array()) {
- $blobids[] = $result[blobid];
- }
- if (is_array($blobids)) {
- $db->query("DELETE FROM blobs WHERE id IN " . array2sql($blobids) . "");
- }
- $db->query("DELETE FROM tech_attachments WHERE techid = '$user[id]' AND id IN " . array2sql($id_array) . "");
-
- } elseif ($_REQUEST['actiontype'] == 'move') {
- $db->query("UPDATE tech_attachments
- SET category = '$_REQUEST[B]'
- WHERE techid = '$user[id]'
- AND id IN " . array2sql($id_array) . "
- ");
- }
- }
- $_REQUEST['do'] = 'view';
-
- }
- ############################### VIEW ATTACHMENTS ###############################
- if ($_REQUEST['do'] == "view") {
- tech_nav('resources');
- // for category javascript
- foreach($cat_jump AS $key => $var) {
- $js .= ""$var","$key",";
- }
- $js = substr($js, 0, -1);
- echo get_javascript('DynamicOptionList.js');
- echo "
- <SCRIPT LANGUAGE="JavaScript">
- var listB = new DynamicOptionList("B","actiontype");
- listB.addOptions("move",$js);
- listB.setDefaultOption("move","0");
- function init() {
- var theform = document.forms[0];
- listB.init(theform);
- }
- </SCRIPT>
- ";
- $form =
- "<select name="actiontype" onChange="listB.populate();">
- <option value="delete">Delete</option>
- <option value="move">Move</option>
- </select>
-
- <select name="B" id="B">
- <script language="JavaScript">listB.printOptions()</script>
- </select>
-
- <input type="submit" name="Process" value="Process">
- <script language="JavaScript">
- init()
- </script>
- ";
- $db->query("SELECT * FROM tech_attachments
- WHERE techid = '$user[id]'
- AND category = '$_REQUEST[category]'
- ");
- while ($files = $db->row_array()) {
- $table[] = array(
- form_checkbox_single($files[id], 1, '', 'ids'),
- "<a href="files.php?do=download&id=$files[id]">$files[filename]</a>",
- $files[comments],
- filesize_display($files[filesize]),
- "<a href="files.php?do=download&id=$files[id]">download</a>"
- );
- }
- $toprow = "<p align="right"><b>Category Jump:</b> " . form_select('category', $cat_jump, '', $_REQUEST[category]) . " <input type="submit" name="go" value="Go"> " . thelp('Resources', 'Files');
- $width = array('5', '25%', '35%', '20%', '20%');
- $cols = array("<input type="checkbox" name="allbox" onclick="checkall(this.form);" />", 'Name', 'Comments', 'Size', 'Download');
- table_header('Your Attachments', 'files.php', array('do' => 'doactions'), '', 'dpform');
- table_content($cols, $table, '', '', $toprow, '', $width);
- table_footer('', 'Left', $form);
- echo "<br /><br /><center><a href="files.php?do=add"><b>Add Attachments</b></a> <a href="folders.php?type=attachments"><b>Edit Folders</b></a></center>";
- }
- tech_footer();
- ?>
English
