read.php

极限网络智能办公系统 - Office Automation 2008 官方100％ 源码

<?php
 

function share_priv( $SORT_ID )
{
	if ( $SORT_ID == 0 )
	{
		return "";
	}
	global $LOGIN_USER_ID;
	global $connection;
	$query = "SELECT SORT_PARENT,SHARE_USER,MANAGE_USER from FILE_SORT where SORT_ID=".$SORT_ID;
	$cursor = exequery( $connection, $query );
	if ( $ROW = mysql_fetch_array( $cursor ) )
	{
		$SORT_PARENT = $ROW['SORT_PARENT'];
		$SHARE_USER = $ROW['SHARE_USER'];
		$MANAGE_USER = $ROW['MANAGE_USER'];
	}
	if ( find_id( $SHARE_USER, $LOGIN_USER_ID ) )
	{
		return $SHARE_USER."|".$MANAGE_USER;
	}
	return share_priv( $SORT_PARENT );
}

include_once( "inc/auth.php" );
include_once( "inc/conn.php" );
include_once( "inc/utility_all.php" );
echo "\r\n<html>\r\n<head>\r\n<title>查看文件</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">\r\n</head>\r\n<script Language=\"JavaScript\">\r\nfunction SaveFile(ATTACHMENT_ID,ATTACHMENT_NAME)\r\n{\r\n  URL=\"/module/save_file?ATTACHMENT_ID=\"+ATTACHMENT_ID+\"&ATTACHMENT_NAME=\"+ATTACHMENT_NAME+\"&A=1\";\r\n  loc_x=document.body.scrollLeft+event.clientX-event.offsetX-100;\r\n  loc_y=document.body.scrollTop+event.clientY-event.offsetY+170;\r\n  window.open(URL,null,\"height=180,width=400,status=1,toolbar=no,menubar=no,location=no,scrollbars=yes,top=\"+loc_y+\",left=\"+loc_x+\",resizable=yes\");\r\n}\r\n</script>\r\n<body class=\"bodycolor\" topmargin=\"0\">\r\n\r\n";
$query = "SELECT USER_ID,DOWN_USER from FILE_SORT where SORT_ID=".$SORT_ID;
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
	$USER_ID = $ROW['USER_ID'];
	$DOWN_USER = $ROW['DOWN_USER'];
	$USER_ARRAY = explode( "|", $USER_ID );
	$SHARE_PRIV = share_priv( $SORT_ID );
	$SHARE_USER = substr( $SHARE_PRIV, 0, strpos( $SHARE_PRIV, "|" ) );
	if ( $USER_ID != $LOGIN_USER_ID && $USER_ARRAY[0] != "ALL_DEPT" && !find_id( $USER_ARRAY[0], $LOGIN_DEPT_ID ) || !find_id( $USER_ARRAY[1], $LOGIN_USER_PRIV ) || !find_id( $USER_ARRAY[2], $LOGIN_USER_ID ) || !find_id( $SHARE_USER, $LOGIN_USER_ID ) )
	{
		exit( );
	}
	$DOWN_ARRAY = explode( "|", $DOWN_USER );
	if ( $USER_ID == $LOGIN_USER_ID || $DOWN_ARRAY[0] == "ALL_DEPT" || find_id( $DOWN_ARRAY[0], $LOGIN_DEPT_ID ) || find_id( $DOWN_ARRAY[1], $LOGIN_USER_PRIV ) || find_id( $DOWN_ARRAY[2], $LOGIN_USER_ID ) )
	{
		$DOWN_PRIV = 1;
	}
}
else if ( $SORT_ID != "0" )
{
	exit( );
}
$query = "SELECT * from FILE_CONTENT where CONTENT_ID=".$CONTENT_ID;
$cursor = exequery( $connection, $query );
if ( $ROW = mysql_fetch_array( $cursor ) )
{
	$SORT_ID = $ROW['SORT_ID'];
	$SUBJECT = $ROW['SUBJECT'];
	$SUBJECT = htmlspecialchars( $SUBJECT );
	$CONTENT = $ROW['CONTENT'];
	$ATTACHMENT_ID = $ROW['ATTACHMENT_ID'];
	$ATTACHMENT_NAME = $ROW['ATTACHMENT_NAME'];
	$ATTACHMENT_DESC = $ROW['ATTACHMENT_DESC'];
	$USER_ID = $ROW['USER_ID'];
	$READERS = $ROW['READERS'];
}
if ( $SORT_ID == 0 && $USER_ID != $LOGIN_USER_ID )
{
	exit( );
}
if ( $SORT_ID == 0 && $USER_ID == $LOGIN_USER_ID )
{
	$DOWN_PRIV = 1;
}
echo "\r\n<table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"3\" class=\"small\">\r\n  <tr>\r\n    <td class=\"Big\"><img src=\"/images/folder_file.gif\" width=22 align=\"absmiddle\"><b><span class=\"Big1\">查看文件</span></b>\r\n    </td>\r\n  </tr>\r\n</table>\r\n\r\n <table border=\"0\" width=\"100%\" cellpadding=\"3\" cellspacing=\"1\" align=\"center\" bgcolor=\"#000000\" class=\"big\">\r\n  <form action=\"update.php\"  method=\"post\" name=\"form1\">\r\n    <tr>\r\n      <td class=\"TableHeader\" align=\"center\" colspan=\"2\"><b><span class=\"big\">";
echo $SUBJECT;
echo "</span>";
if ( $SORT_ID != 0 && $SHARE_USER == "" && find_id( $READERS, $LOGIN_USER_ID ) )
{
	echo "<font color=\"#FF0000\">(已签阅)</font>";
}
echo "</b></td>\r\n    </tr>\r\n    <tr>\r\n      <td class=\"TableData\" height=\"250\" valign=\"top\" colspan=\"2\">";
echo $CONTENT;
echo "</td>\r\n    </tr>\r\n";
if ( $ATTACHMENT_NAME != "" )
{
	echo "    <tr class=small>\r\n      <td class=\"TableData\" width=\"80\">附件：</td>\r\n      <td class=\"TableData\" width=\"420\">\r\n";
	if ( $ATTACHMENT_ID == "" )
	{
		echo "无";
	}
	else
	{
		echo attach_link( $ATTACHMENT_ID, $ATTACHMENT_NAME, 1, $DOWN_PRIV, 1, 0, 0, 1, 1, 0, "" );
	}
	echo "      </td>\r\n    </tr>\r\n";
	if ( $ATTACHMENT_DESC != "" )
	{
		echo "    <tr class=small>\r\n      <td class=\"TableData\" width=\"80\">附件说明：</td>\r\n      <td class=\"TableData\" width=\"420\">\r\n          ";
		echo $ATTACHMENT_DESC;
		echo "      </td>\r\n    </tr>\r\n";
	}
}
echo "    <tr align=\"center\" class=\"TableControl\">\r\n      <td colspan=\"2\">\r\n";
if ( $SORT_ID != 0 && $SHARE_USER == "" && !find_id( $READERS, $LOGIN_USER_ID ) )
{
	echo "        <input type=\"button\" value=\"签阅\" class=\"BigButton\" onclick=\"window.location='sign.php?CONTENT_ID_STR=";
	echo $CONTENT_ID;
	echo ",&SORT_ID=";
	echo $SORT_ID;
	echo "&FILE_SORT=1&PAGE_START=";
	echo $PAGE_START;
	echo "';\" title=\"签阅文件\">&nbsp;&nbsp;\r\n";
}
echo "        <input type=\"button\" value=\"打印\" class=\"BigButton\" onclick=\"document.execCommand('Print');\" title=\"打印文件内容\">&nbsp;&nbsp;\r\n        <input type=\"button\" value=\"返回\" class=\"BigButton\" onClick=\"history.back();\">\r\n      </td>\r\n    </tr>\r\n  </table>\r\n</form>\r\n\r\n</body>\r\n</html>";
?>