files.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: files.php,v $
// | $Date: 2004/02/10 01:34:30 $
// | $Revision: 1.16 $
// +-------------------------------------------------------------+
// | File Details:
// | - Attachments manager.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

include "./../global.php";

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "view";
}

// globalise variables
$global = array	(
			array('id')
);
rg($global);

############################### GET CATEGORIES ###############################

$result = $db->query_return("SELECT categories FROM tech_folders WHERE type = 'attachments' AND techid = '$user[id]'");
$categories = unserialize($result[categories]);

$cat_jump[0] = 'Top Category';
if (is_array($categories)) {
	foreach ($categories AS $key => $var) {
		$cat_jump[$key] = $var;
	}
}

############################### DOWNLOAD ATTACHMENT ###############################

if ($_REQUEST['do'] == "download") {

	$db->query("SELECT blobid FROM tech_attachments WHERE techid = '$user[id]' AND id = '$id'");
	if ($db->num_rows() > 0) {
		get_attachment($id, 'tech_attachments', 1);
	} else {
		alert('No permission to download this attachment');
		$_REQUEST['do'] = "view";
	}
}

############################### ADD ATTACHMENTS ###############################

if ($_REQUEST['do'] == "add") {

	tech_nav('resources');

	while ($i < 10) {

		$table[] = array(
			form_file($i), 
			form_select($i, $cat_jump, 'category'),
			form_input($i, '', '50', 'comments')
		);
		$i++;
	
	}

	$cols = array('File (required)', 'Category (required)', 'Comments (optional)');
	table_header('Add New Files', 'files.php', array('do' => 'add2'), '', '', 1);
	table_content($cols, $table);
	table_footer('Add Attachments');

}

############################### ADD ATTACHMENTS (2) ###############################

if ($_REQUEST['do'] == "add2") {

	if (is_array($_FILES)) {	
		foreach ($_FILES AS $key => $var) {

			if ($_FILES[$key][name] != '') {

				$commentskey = intval(substr($key, 10));

				// validate
				if (validate_attachment($error, $key)) {
					
					// add attachment
					$attach = add_attachment($key);

					// add information to ticket table
					$checks = xss_check($_REQUEST['comments'][$commentskey], 'tech');
					$db->query("INSERT INTO tech_attachments SET
						blobid = '$attach[blobid]',
						comments = '" . mysql_escape_string($checks[0]) . "',
						category = '" . mysql_escape_string($_REQUEST['category'][$commentskey]) . "',
						filename = '" . mysql_escape_string($attach[name]) . "',
						filesize = '" . mysql_escape_string($attach[size]) . "',
						extension = '" . mysql_escape_string($attach[extension]) . "',
						timestamp = '" . mktime() . "',
						techid = '$user[id]'
					");

					$i++;
					 
				 } else {
					 $error .= $error;
				}
			}
		}
	}

	if ($i) {
		if ($i > 1) {
			$message = "$i attachments uploaded\\n";
		} else {
			$message = "$i attachment uploaded\\n";
		}
	}
	if ($error) {
		$message .= $error;
	}
	if (!$i AND !$error) {
		$message .= 'No attachments specified';
	}

	alert($message);

	$_REQUEST['do'] = 'view';

}

############################### ATTACHMENTS ACTIONS ###############################

if ($_REQUEST['do'] == "doactions") {

	// ids of what we are changing (check they don't press submit with no ids)
	if (is_array($_REQUEST['ids'])) {
		foreach ($_REQUEST['ids'] AS $key => $var) {
			if ($var = 1) {
				$id_array[] = $key;
			}
		}
	}

	if (is_array($id_array)) {
	
		if ($_REQUEST['actiontype'] == 'delete') {

			$db->query("SELECT blobid FROM tech_attachments WHERE techid = '$user[id]' AND id IN " . array2sql($id_array) . "");
			while ($result = $db->row_array()) {
				$blobids[] = $result[blobid];
			}

			if (is_array($blobids)) {
				$db->query("DELETE FROM blobs WHERE id IN " . array2sql($blobids) . "");
			}

			$db->query("DELETE FROM tech_attachments WHERE techid = '$user[id]' AND id IN " . array2sql($id_array) . "");
			
		} elseif ($_REQUEST['actiontype'] == 'move') {

			$db->query("UPDATE tech_attachments 
						SET category = '$_REQUEST[B]' 
						WHERE techid = '$user[id]' 
						AND id IN " . array2sql($id_array) . "
			");

		}
	}

	$_REQUEST['do'] = 'view';
	
}

############################### VIEW ATTACHMENTS ###############################

if ($_REQUEST['do'] == "view") {

	tech_nav('resources');

	// for category javascript
	foreach($cat_jump AS $key => $var) {
		$js .= "\"$var\",\"$key\",";
	}
	$js = substr($js, 0, -1);

	echo get_javascript('DynamicOptionList.js');

	echo "
	<SCRIPT LANGUAGE=\"JavaScript\">

	var listB = new DynamicOptionList(\"B\",\"actiontype\");

	listB.addOptions(\"move\",$js);
	listB.setDefaultOption(\"move\",\"0\");

	function init() {
		var theform = document.forms[0];
		listB.init(theform);
	}
	</SCRIPT>
	";

	$form = 
		"<select name=\"actiontype\" onChange=\"listB.populate();\">
		<option value=\"delete\">Delete</option>
		<option value=\"move\">Move</option>
		</select>
		&nbsp;&nbsp;&nbsp;&nbsp;
		<select name=\"B\" id=\"B\">
		<script language=\"JavaScript\">listB.printOptions()</script>
		</select>
		&nbsp;&nbsp;&nbsp;&nbsp;
		<input type=\"submit\" name=\"Process\" value=\"Process\">
		<script language=\"JavaScript\">
		init()
		</script>
	";

	$db->query("SELECT * FROM tech_attachments 
				WHERE techid = '$user[id]'
				AND category = '$_REQUEST[category]'
			");

	while ($files = $db->row_array()) {

		$table[] = array(
			form_checkbox_single($files[id], 1, '', 'ids'),
			"<a href=\"files.php?do=download&id=$files[id]\">$files[filename]</a>", 
			$files[comments], 
			filesize_display($files[filesize]),
			"<a href=\"files.php?do=download&id=$files[id]\">download</a>"
		);

	}

	$toprow = "<p align=\"right\"><b>Category Jump:</b>&nbsp;&nbsp;" . form_select('category', $cat_jump, '', $_REQUEST[category]) . "&nbsp;&nbsp;<input type=\"submit\" name=\"go\" value=\"Go\"> " . thelp('Resources', 'Files');
	$width = array('5', '25%', '35%', '20%', '20%');
	$cols = array("<input type=\"checkbox\" name=\"allbox\" onclick=\"checkall(this.form);\" />", 'Name', 'Comments', 'Size', 'Download');

	table_header('Your Attachments', 'files.php', array('do' => 'doactions'), '', 'dpform');
	table_content($cols, $table, '', '', $toprow, '', $width);
	table_footer('', 'Left', $form);

	echo "<br /><br /><center><a href=\"files.php?do=add\"><b>Add Attachments</b></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"folders.php?type=attachments\"><b>Edit Folders</b></a></center>";

}

tech_footer();
?>