2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
15 define('AT_INCLUDE_PATH', '../../../include/');
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
17 require(AT_INCLUDE_PATH.'../mods/_standard/file_storage/file_storage.inc.php');
19 $owner_type = abs($_REQUEST['ot']);
20 $owner_id = abs($_REQUEST['oid']);
21 $owner_arg_prefix = '?ot='.$owner_type.SEP.'oid='.$owner_id. SEP;
22 if (!($owner_status = fs_authenticate($owner_type, $owner_id)) || !query_bit($owner_status, WORKSPACE_AUTH_WRITE)) {
23 $msg->addError('ACCESS_DENIED');
24 header('Location: index.php');
28 if (isset($_POST['cancel'])) {
29 $msg->addFeedback('CANCELLED');
30 header('Location: index.php'.$owner_arg_prefix.'folder='.abs($_POST['folder']));
32 } else if (isset($_POST['submit'])) {
33 $_POST['comments'] = trim($_POST['comments']);
34 $_POST['name'] = trim($_POST['name']);
36 $parent_folder_id = abs($_POST['folder']);
38 // check that we own this folder
39 if ($parent_folder_id) {
40 $sql = "SELECT folder_id FROM ".TABLE_PREFIX."folders WHERE folder_id=$parent_folder_id AND owner_type=$owner_type AND owner_id=$owner_id";
41 $result = mysql_query($sql, $db);
42 if (!$row = mysql_fetch_assoc($result)) {
43 $msg->addError('ACCESS_DENIED');
44 header('Location: index.php');
49 if (!$_POST['name']) {
50 $msg->addError(array('EMPTY_FIELDS', _AT('file_name')));
53 if (!$msg->containsErrors()) {
54 $_POST['description'] = $addslashes(trim($_POST['description']));
55 $_POST['comment'] = $addslashes(trim($_POST['comment']));
56 $_POST['name'] = $addslashes($_POST['name']);
57 $_POST['body'] = $stripslashes($_POST['body']); // file gets saved to disk not db, so no need to escape.
59 if ($_POST['comment']) {
65 $size = strlen($_POST['body']);
66 $sql = "INSERT INTO ".TABLE_PREFIX."files VALUES (NULL, $owner_type, $owner_id, $_SESSION[member_id], $parent_folder_id, 0, NOW(), $num_comments, 0, '$_POST[name]',$size, '$_POST[description]')";
67 $result = mysql_query($sql, $db);
69 if ($result && ($file_id = mysql_insert_id($db))) {
70 $file_path = fs_get_file_path($file_id) . $file_id;
71 $fp = fopen($file_path, 'wb');
72 fwrite($fp, $_POST['body'], $size);
75 // check if this file name already exists
76 $sql = "SELECT file_id, num_revisions FROM ".TABLE_PREFIX."files WHERE owner_type=$owner_type AND owner_id=$owner_id AND folder_id=$parent_folder_id AND file_id<>$file_id AND file_name='$_POST[name]' AND parent_file_id=0 ORDER BY file_id DESC LIMIT 1";
77 $result = mysql_query($sql, $db);
78 if ($row = mysql_fetch_assoc($result)) {
79 if ($_config['fs_versioning']) {
80 $sql = "UPDATE ".TABLE_PREFIX."files SET parent_file_id=$file_id, date=date WHERE file_id=$row[file_id]";
81 $result = mysql_query($sql, $db);
83 $sql = "UPDATE ".TABLE_PREFIX."files SET num_revisions=$row[num_revisions]+1, date=date WHERE file_id=$file_id";
84 $result = mysql_query($sql, $db);
86 fs_delete_file($row['file_id'], $owner_type, $owner_id);
90 if ($_POST['comment']){
91 $sql = "INSERT INTO ".TABLE_PREFIX."files_comments VALUES (NULL, $file_id, $_SESSION[member_id], NOW(), '{$_POST['comment']}')";
92 mysql_query($sql, $db);
95 $msg->addFeedback(array('FILE_SAVED', $_POST['name']));
96 header('Location: index.php'.$owner_arg_prefix.'folder='.$parent_folder_id);
102 $onload = 'document.form.name.focus();';
104 require(AT_INCLUDE_PATH.'header.inc.php');
106 if (($_POST['setvisual'] && !$_POST['settext']) || $_GET['setvisual']) {
107 require(AT_INCLUDE_PATH.'lib/tinymce.inc.php');
109 load_editor(false, 'body');
111 if (isset($_POST['description'])) {
112 $_POST['description'] = $stripslashes($_POST['description']);
113 $_POST['name'] = $stripslashes($_POST['name']);
114 $_POST['comment'] = $stripslashes($_POST['comment']);
115 $_POST['body'] = $stripslashes($_POST['body']);
118 <form action="<?php echo $_SERVER['PHP_SELF'] . $owner_arg_prefix; ?>" method="post" name="form">
119 <input type="hidden" name="folder" value="<?php echo abs($_REQUEST['folder']); ?>" />
120 <input type="submit" name="submit" style="display:none;"/>
121 <div class="input-form">
123 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="name"><?php echo _AT('file_name'); ?></label><br />
124 <input type="text" name="name" id="name" value="<?php echo htmlspecialchars($_POST['name']); ?>" size="40" maxlength="70" />
128 <label for="description"><?php echo _AT('description'); ?></label><br />
129 <textarea name="description" id="description" cols="30" rows="2"><?php echo htmlspecialchars($_POST['description']); ?></textarea>
133 <label for="comment"><?php echo _AT('revision_comment'); ?></label><br />
134 <textarea name="comment" id="comment" cols="30" rows="2"><?php echo htmlspecialchars($_POST['comment']); ?></textarea>
139 if (($_POST['setvisual'] && !$_POST['settext']) || $_GET['setvisual']){
140 echo '<input type="hidden" name="setvisual" value="'.$_POST['setvisual'].'" />';
141 echo '<input type="submit" name="settext" value="'._AT('switch_text').'" />';
143 echo '<input type="submit" name="setvisual" value="'._AT('switch_visual').'" />';
149 <label for="body"><?php echo _AT('contents'); ?></label><br />
150 <textarea name="body" id="body" rows="25" cols="30"><?php echo htmlspecialchars($_POST['body']); ?></textarea>
153 <div class="row buttons">
154 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" />
155 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
160 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>