attachment.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: attachment.php,v $
// | $Date: 2004/02/10 01:34:30 $
// | $Revision: 1.18 $
// +-------------------------------------------------------------+
// | File Details:
// | - Attachment download and maintenance
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

include "./../global.php";

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "download";
}

// globalise variables
$global = array	(
			array('id')
);
rg($global);

$ticket = $db->query_return("SELECT ticketid FROM ticket_attachments WHERE id = '$id'");
$ticket = $db->query_return("SELECT * FROM ticket WHERE id = '$ticket[ticketid]'");

############################### DOWNLOAD ATTACHMENT ############################### 

if ($_REQUEST['do'] == 'download') {
	if (!$ticket['id']) {
		mistake('The specified attachment does not exist.');
	}
	if (p_ticket('view', $ticket)) {
		get_attachment($id, 'ticket_attachments', 1);
	} else {
		mistake('You don\'t have permission to view this ticket\'s attachments.');
	}
}

############################### DELETE ATTACHMENT ############################### 
if ($_REQUEST['do'] == 'delete') {
	if (!p_ticket('edit', $ticket)) {
		jump("ticketview.php?id=$ticketid", 'You don\'t have permission to delete attachments.');
		exit;
	}
	$result = $db->query_return("SELECT blobid, filename, ticketid FROM ticket_attachments WHERE id = '$id'");
	$db->query("DELETE FROM ticket_attachments WHERE id = '$id'");
	$db->query("DELETE FROM blobs WHERE id = '$result[id]'");

	// ticket log
	ticketlog($result['ticketid'], 'del_attach', $id, NULL, $result['filename']);
	if ($_REQUEST['js']) {
		?>
<SCRIPT LANGUAGE="JavaScript">
	function hideDIV(id) {
		window.opener.document.getElementById(id).style.display = "none";
	}

<?php
	echo "hideDIV('att$id');\n";
	echo "self.close();\n</SCRIPT>";
	} else {
		// return to view ticket
		jump("ticketview.php?id=$result[ticketid]", 'Attachment deleted.');
	}
}