2 /****************************************************************/
\r
4 /****************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or*/
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************/
\r
15 define('AT_INCLUDE_PATH', '../../../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 require(AT_INCLUDE_PATH.'../mods/_standard/file_storage/file_storage.inc.php');
\r
19 $owner_type = abs($_REQUEST['ot']);
\r
20 $owner_id = abs($_REQUEST['oid']);
\r
21 $owner_arg_prefix = '?ot='.$owner_type.SEP.'oid='.$owner_id. SEP;
\r
22 if (!($owner_status = fs_authenticate($owner_type, $owner_id)) || !query_bit($owner_status, WORKSPACE_AUTH_WRITE)) {
\r
23 $msg->addError('ACCESS_DENIED');
\r
24 header('Location: '.url_rewrite('mods/_standard/file_storage/index.php', AT_PRETTY_URL_IS_HEADER));
\r
28 if (isset($_POST['cancel'])) {
\r
29 $msg->addFeedback('CANCELLED');
\r
30 header('Location: '.url_rewrite('mods/_standard/file_storage/index.php'.$owner_arg_prefix.'folder='.abs($_POST['folder']), AT_PRETTY_URL_IS_HEADER));
\r
32 } else if (isset($_POST['submit'])) {
\r
33 $_POST['id'] = abs($_POST['id']);
\r
36 if (!$_POST['name']) {
\r
37 $msg->addError('MISSING_FILENAME');
\r
40 if (!$msg->containsErrors()) {
\r
41 $_POST['name'] = $addslashes($_POST['name']);
\r
42 $_POST['comment'] = $addslashes(trim($_POST['comment']));
\r
43 $_POST['description'] = $addslashes(trim($_POST['description']));
\r
44 $_POST['body'] = $stripslashes($_POST['body']); // saved to disk not db so no need to escape.
\r
45 $original_file = fs_get_file_path($_POST['id']);
\r
46 $folder = abs($_POST['folder']);
\r
48 if (!$_POST['edit'] || (file_get_contents($original_file . $_POST['id']) == $_POST['body'])) {
\r
49 // file is not editable ,or it is editable but no changes made.
\r
50 // only add the comment (if any) and the file name
\r
54 if ($_POST['comment']){
\r
55 $sql = "INSERT INTO ".TABLE_PREFIX."files_comments VALUES (NULL, $_POST[id], $_SESSION[member_id], NOW(), '{$_POST['comment']}')";
\r
56 mysql_query($sql, $db);
\r
61 $sql = "UPDATE ".TABLE_PREFIX."files SET file_name='$_POST[name]', description='$_POST[description]', num_comments=num_comments+$num_comments, date=date WHERE file_id=$_POST[id] AND owner_type=$owner_type AND owner_id=$owner_id";
\r
62 mysql_query($sql, $db);
\r
64 // this file is editable, and has changed
\r
66 $size = strlen($_POST['body']);
\r
68 if ($_POST['comment']) {
\r
73 $sql = "SELECT * FROM ".TABLE_PREFIX."files WHERE file_id=$_POST[id] AND owner_type=$owner_type AND owner_id=$owner_id";
\r
74 $result = mysql_query($sql, $db);
\r
75 $row = mysql_fetch_assoc($result);
\r
77 if ($_config['fs_versioning']) {
\r
78 $sql = "INSERT INTO ".TABLE_PREFIX."files VALUES (NULL, {$row['owner_type']}, {$row['owner_id']}, $_SESSION[member_id], {$row['folder_id']}, 0, NOW(), $num_comments, {$row['num_revisions']}+1, '{$_POST['name']}', $size, '$_POST[description]')";
\r
79 $result = mysql_query($sql, $db);
\r
81 $file_id = mysql_insert_id($db);
\r
83 $file_path = fs_get_file_path($file_id);
\r
84 if ($fp = fopen($file_path . $file_id, 'wb')) {
\r
86 fwrite($fp, $_POST['body'], $size);
\r
89 $sql = "UPDATE ".TABLE_PREFIX."files SET parent_file_id=$file_id, date=date WHERE file_id=$_POST[id] AND owner_type=$owner_type AND owner_id=$owner_id";
\r
90 $result = mysql_query($sql, $db);
\r
92 if ($_POST['comment']){
\r
93 $sql = "INSERT INTO ".TABLE_PREFIX."files_comments VALUES (NULL, $file_id, $_SESSION[member_id], NOW(), '{$_POST['comment']}')";
\r
94 mysql_query($sql, $db);
\r
98 $file_path = fs_get_file_path($_POST['id']);
\r
99 if ($fp = fopen($file_path . $_POST['id'], 'wb')) {
\r
101 fwrite($fp, $_POST['body'], $size);
\r
106 $msg->addFeedback('FILE_EDITED_SUCCESSFULLY');
\r
107 header('Location: '.url_rewrite('mods/_standard/file_storage/index.php'.$owner_arg_prefix.'folder='.$folder, AT_PRETTY_URL_IS_HEADER));
\r
111 $_GET['id'] = $_POST['id'];
\r
114 $onload = 'document.form.name.focus();';
\r
116 require(AT_INCLUDE_PATH.'header.inc.php');
\r
118 if (($_POST['setvisual'] && !$_POST['settext']) || $_GET['setvisual']) {
\r
119 require(AT_INCLUDE_PATH.'lib/tinymce.inc.php');
\r
121 load_editor(false, 'body');
\r
124 $id = abs($_REQUEST['id']);
\r
126 $sql = "SELECT file_name, folder_id, description FROM ".TABLE_PREFIX."files WHERE file_id=$id AND owner_type=$owner_type AND owner_id=$owner_id";
\r
127 $result = mysql_query($sql, $db);
\r
128 if (!$row = mysql_fetch_assoc($result)) {
\r
129 $msg->printErrors('FILE_NOT_EXIST');
\r
130 require(AT_INCLUDE_PATH.'footer.inc.php');
\r
133 if (isset($_POST['description'])) {
\r
134 $row['description'] = $stripslashes($_POST['description']);
\r
135 $row['file_name'] = $stripslashes($_POST['name']);
\r
136 $row['comment'] = $stripslashes($_POST['comment']);
\r
137 $_POST['body'] = $stripslashes($_POST['body']);
\r
139 $ext = fs_get_file_extension($row['file_name']);
\r
140 $file_path = fs_get_file_path($id);
\r
143 <form method="post" action="<?php echo $_SERVER['PHP_SELF'] . $owner_arg_prefix; ?>" name="form">
\r
144 <input type="hidden" name="id" value="<?php echo $id; ?>" />
\r
145 <input type="hidden" name="folder" value="<?php echo $row['folder_id']; ?>" />
\r
146 <input type="submit" name="submit" style="display:none;"/>
\r
147 <div class="input-form">
\r
149 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="name"><?php echo _AT('file_name'); ?></label><br />
\r
150 <input type="text" name="name" id="name" value="<?php echo htmlspecialchars($row['file_name']); ?>" size="40" maxlength="70" />
\r
154 <label for="description"><?php echo _AT('description'); ?></label><br />
\r
155 <textarea name="description" id="description" cols="30" rows="2"><?php echo htmlspecialchars($row['description']); ?></textarea>
\r
158 <?php if (in_array($ext, $editable_file_types)): ?>
\r
159 <input type="hidden" name="edit" value="1" />
\r
161 <label for="comment"><?php echo _AT('revision_comment'); ?></label><br />
\r
162 <textarea name="comment" id="comment" cols="30" rows="2"><?php echo htmlspecialchars($row['comment']); ?></textarea>
\r
167 if (($_POST['setvisual'] && !$_POST['settext']) || $_GET['setvisual']){
\r
168 echo '<input type="hidden" name="setvisual" value="'.$_POST['setvisual'].'" />';
\r
169 echo '<input type="submit" name="settext" value="'._AT('switch_text').'" />';
\r
171 echo '<input type="submit" name="setvisual" value="'._AT('switch_visual').'" />';
\r
177 <label for="body"><?php echo _AT('contents'); ?></label><br />
\r
178 <textarea name="body" id="body" cols="30" rows="20"><?php
\r
179 if (isset($_POST['body'])) {
\r
180 echo $_POST['body'];
\r
182 echo htmlspecialchars(file_get_contents($file_path . $id));
\r
188 <label for="comment"><?php echo _AT('revision_comment'); ?></label><br />
\r
189 <textarea name="comment" id="comment" cols="30" rows="2"></textarea>
\r
192 <?php echo _AT('contents'); ?><br />
\r
193 <?php echo _AT('not_editable'); ?>
\r
195 <?php if (in_array($ext, array('gif', 'jpg','jpeg', 'png', 'bmp'))): ?>
\r
196 <img src="mods/_standard/file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>" alt="" title="" />
\r
198 <?php elseif ($ext == 'swf'): ?>
\r
199 <object type="application/x-shockwave-flash" data="mods/_standard/file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>" width="550" height="400"><param name="movie" value="mods/_standard/file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>" /></object>
\r
201 <?php elseif ($ext == 'mov'): ?>
\r
202 <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" width="550" height="400" codebase="http://www.apple.com/qtactivex/qtplugin.cab"><param name="src" value="file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>" /><param name="autoplay" value="true" /><param name="controller" value="true" /><embed src="file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>" width="550" height="400" controller="true" pluginspage="http://www.apple.com/quicktime/download/"></embed></object>
\r
204 <?php elseif ($ext == 'mp3'): ?>
\r
205 <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" width="200" height="15" codebase="http://www.apple.com/qtactivex/qtplugin.cab"><param name="src" value="mods/_standard/file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>" /><param name="autoplay" value="false" /><embed src="mods/_standard/file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>" width="200" height="15" autoplay="false" pluginspage="http://www.apple.com/quicktime/download/"></embed></object>
\r
207 <?php elseif (in_array($ext, array('wav', 'au'))): ?>
\r
208 <embed src="mods/_standard/file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>" autostart="false" width="145" height="60"><noembed><bgsound src="mods/_standard/file_storage/index.php<?php echo $owner_arg_prefix; ?>download=1<?php echo SEP; ?>files<?php echo urlencode('[]').'='.$id; ?>"></noembed></embed>
\r
213 <input type="hidden" name="edit" value="0" />
\r
215 <div class="row buttons">
\r
216 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" />
\r
217 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
\r
222 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>