Platform  3.1
PHP API documentation
 All Data Structures Namespaces Files Functions Variables Pages
modcard.php
Go to the documentation of this file.
1 <?php
2 /*
3  * @author Anakeen
4  * @license http://creativecommons.org/licenses/by-nc-sa/2.0/fr/ Anakeen - licence CC
5  * @package FDL
6 */
7 /**
8  * Modification of document
9  *
10  * @author Anakeen 2000
11  * @version $Id: modcard.php,v 1.111 2009/01/12 12:11:42 eric Exp $
12  * @license http://creativecommons.org/licenses/by-nc-sa/2.0/fr/ Anakeen - licence CC
13  * @package FDL
14  * @subpackage
15  */
16 /**
17  */
18 
19 include_once ("FDL/Class.Doc.php");
20 include_once ("FDL/Class.DocAttr.php");
21 include_once ("FDL/freedom_util.php");
22 include_once ("FDL/Lib.Vault.php");
23 include_once ("VAULT/Class.VaultFile.php");
24 include_once ("Lib.FileMime.php");
25 /**
26  * Modify a document
27  * @param Action $action
28  * @param int $ndocid
29  * @param array $info
30  */
31 function modcard(Action & $action, &$ndocid, &$info = array())
32 {
33  // modify a card values from editcard
34  // -----------------------------------
35  // Get all the params
36  $docid = GetHttpVars("id", 0);
37  $dirid = GetHttpVars("dirid", 10);
38  $classid = GetHttpVars("classid", 0);
39  $usefor = GetHttpVars("usefor"); // use for default values for a document
40  $vid = GetHttpVars("vid"); // special controlled view
41  $noredirect = (GetHttpVars("noredirect")); // true if return need edition
42  $quicksave = (GetHttpVars("quicksave") == "1"); // true if return need edition
43  $force = (GetHttpVars("fstate", "no") == "yes"); // force change
44  $dbaccess = $action->GetParam("FREEDOM_DB");
45  $ndocid = $docid;
46 
47  global $_POST;
48  if (count($_POST) == 0) return sprintf(_("Document cannot be created.\nThe upload size limit is %s bytes.") , ini_get('post_max_size'));
49 
50  if (($usefor == "D") || ($usefor == "Q")) {
51  // set values to family document
52  specialmodcard($action, $usefor);
53  $ndocid = $classid;
54  return "";
55  }
56  if ($docid == 0) {
57  // add new document
58  // search the good class of document
59  $doc = createDoc($dbaccess, $classid);
60  if (!$doc) $action->exitError(sprintf(_("no privilege to create this kind (%d) of document") , $classid));
61 
62  $fdoc = $doc->getFamDoc();
63  if ($fdoc->control('icreate') != "") $action->exitError(sprintf(_("no privilege to create interactivaly this kind (%s) of document") , $fdoc->title));
64  $doc->owner = $action->user->id;
65  $doc->locked = 0;
66  if ($doc->fromid <= 0) {
67  $doc->profid = "0"; // NO PROFILE ACCESS
68 
69  }
70  } else {
71  // initialise object
72  $doc = new_Doc($dbaccess, $docid);
73 
74  $err = $doc->lock(true); // autolock
75  if ($err != "") $action->ExitError($err);
76  // test object permission before modify values (no access control on values yet)
77  $err = $doc->canEdit();
78  if ($err != "") $action->ExitError($err);
79  }
80  // apply specified mask
81  if (($vid != "") && ($doc->cvid > 0)) {
82  // special controlled view
83  $cvdoc = new_Doc($dbaccess, $doc->cvid);
84  $cvdoc->Set($doc);
85  $err = $cvdoc->control($vid); // control special view
86  if ($err != "") $action->exitError($err);
87  $tview = $cvdoc->getView($vid);
88  $doc->setMask($tview["CV_MSKID"]); // apply mask to avoid modification of invisible attribute
89 
90  }
91  // ------------------------------
92  $err = setPostVars($doc, $info);
93 
94  if ((!$noredirect) && ($err != "")) $action->Addwarningmsg($err);
95  // verify attribute constraint
96  if (((GetHttpVars("noconstraint") != "Y") || ($action->user->id != 1)) && (($err.= $doc->verifyAllConstraints(false, $info)) != "")) {
97  // redirect to edit action
98  //get action where to redirect
99  $eapp = getHttpVars("eapp");
100  $eact = getHttpVars("eact");
101  $eparams = getHttpVars("eparams");
102  $appl = $action->parent;
103  if (!$noredirect) {
104  if ($eapp) {
105  $appl->Set($eapp, $action->parent->parent);
106  $action->set($eact, $appl);
107  if ($eparams) {
108  $eparams = explode('&', $eparams);
109  foreach ($eparams as $eparam) {
110  $eparam = explode('=', $eparam);
111  setHttpVar($eparam[0], $eparam[1]);
112  }
113  }
114  } else {
115  if ($appl->name != "GENERIC") {
116  global $core;
117  $appl->Set("GENERIC", $core);
118  }
119  $action->Set("GENERIC_EDIT", $appl);
120  }
121  setHttpVar("zone", getHttpVars("ezone"));
122  setHttpVar("viewconstraint", "Y");
123  $action->addWarningMsg(_("Some constraint attribute are not respected.\nYou must correct these values before save document."));
124  $action->addWarningMsg($err);
125  echo ($action->execute());
126  exit;
127  }
128  }
129  if ($err == "") {
130  if ($docid == 0) {
131  // now can create new doc
132  $err = $doc->Add();
133  if ($err != "") {
134  if ($noredirect) {
135  //$action->addWarningMsg($err);
136  return $err;
137  } else {
138  $action->ExitError($err);
139  }
140  }
141  $doc->disableEditControl(); // in case of dynamic profil from computed attributes
142  $doc->initid = $doc->id; // it is initial doc
143  $ndocid = $doc->id;
144  }
145 
146  $doc->lmodify = 'Y'; // locally modified
147  $ndocid = $doc->id;
148  if (!$quicksave) { // else quick save
149  $doc->refresh();
150  if ($doc->hasNewFiles) $doc->refreshRn(); // hasNewFiles set by insertFile below
151  $msg = $doc->PostModify();
152  if ($msg) $action->addWarningMsg($msg);
153  // add trace to know when and who modify the document
154  if ($docid == 0) {
155  //$doc->Addcomment(_("creation"));
156 
157  } else {
158  $olds = $doc->getOldValues();
159  if (is_array($olds)) {
160  $keys = array();
161  foreach ($olds as $ka => $va) {
162  $oa = $doc->getAttribute($ka);
163  $keys[] = $oa->getLabel();
164  }
165  $skeys = implode(", ", $keys);
166  $doc->Addcomment(sprintf(_("change %s") , $skeys) , HISTO_INFO, "MODIFY");
167  } else {
168  $doc->Addcomment(_("change") , HISTO_INFO, "MODIFY");
169  }
170  }
171  if ($err == "") {
172  $err.= $doc->Modify();
173  }
174  // if ( $docid == 0 ) $err=$doc-> PostCreated();
175  $doc->unlock(true); // disabled autolock
176  if (($err == "") && ($doc->doctype != 'T')) {
177  // change state if needed
178  $newstate = GetHttpVars("newstate", "");
179  $comment = GetHttpVars("comment", "");
180 
181  $err = "";
182 
183  if (($newstate != "") && ($newstate != "-")) {
184 
185  if ($doc->wid > 0) {
186  if ($newstate != "-") {
187  $wdoc = new_Doc($dbaccess, $doc->wid);
188 
189  $wdoc->Set($doc);
190  $wdoc->disableEditControl(); // only to pass ask parameters
191  setPostVars($wdoc, $info); // set for ask values
192  $wdoc->enableEditControl();
193  $err = $wdoc->ChangeState($newstate, $comment, $force);
194  }
195  }
196  } else {
197  // test if auto revision
198  $fdoc = $doc->getFamDoc();
199 
200  if ($fdoc->schar == "R") {
201  $doc->AddRevision(sprintf("%s : %s", _("auto revision") , $comment));
202  } else {
203  if ($comment != "") $doc->AddComment($comment);
204  }
205  }
206  $ndocid = $doc->id;
207  }
208  } else {
209  // just quick save
210  if ($err == "") {
211  $err.= $doc->Modify();
212  }
213  }
214  }
215 
216  if (!$err) {
217  if ($info) {
218  foreach ($info as $k => $v) {
219  if ($v["err"] != "") $err = $v["err"];
220  }
221  }
222  // add events for folders
223  $fdlids = $doc->getParentFolderIds();
224  foreach ($fdlids as $fldid) {
225  $action->AddActionDone("MODFOLDERCONTAINT", $fldid);
226  }
227  }
228  return $err;
229 }
230 
231 function setPostVars(&$doc, &$info = array())
232 {
233  // update POSGRES text values
234  global $_POST;
235  global $_FILES;
236  $err = "";
237 
238  foreach ($_POST as $k => $v) {
239 
240  if ($k[0] == "_") // freedom attributes begin with _
241  {
242 
243  $attrid = substr($k, 1);
244  if (is_array($v)) {
245  if (isset($v["-1"])) unset($v["-1"]);
246  if (isset($v["__1x_"])) unset($v["__1x_"]);
247 
248  if ((count($v) == 0)) $value = " "; // delete column
249  else $value = array_map("stripslashes", $v);
250  //$value = array_values($value);
251 
252  } else $value = stripslashes($v);
253 
254  if ($value == "") $doc->SetValue($attrid, DELVALUE);
255  else {
256  $seterr = $doc->SetValue($attrid, $value, -1, $kerr);
257  if ($seterr) {
258  $oa = $doc->getAttribute($attrid);
259  if ($oa) {
260  $info[$oa->id] = array(
261  "id" => $oa->id,
262  "err" => $seterr
263  );
264  if ($oa->inArray()) {
265  $info[$oa->id]["index"] = $kerr;
266  }
267  $ola = $oa->getLabel();
268  $err.= sprintf("%s : %s\n", $ola, $seterr);
269  }
270  }
271  }
272  }
273  }
274  // ------------------------------
275  // update POSGRES files values
276  foreach ($_FILES as $k => $v) {
277  if ($k[0] == "_") // freedom attributes begin with _
278  {
279  $k = substr($k, 1);
280 
281  $filename = insert_file($doc, $k);
282  if ($filename != "") {
283  if (substr($k, 0, 4) == "UPL_") $k = substr($k, 4);
284  $doc->SetValue($k, $filename);
285  }
286  }
287  }
288  // delete first empty row
289  $ta = $doc->getNormalAttributes();
290  foreach ($ta as $k => $v) {
291  if ($v->type == "array") {
292  $tv = $doc->getAvalues($v->id);
293  if (count($tv) == 1) {
294  $fv = current($tv);
295  $vempty = true;
296  foreach ($fv as $fk => $fvv) {
297  if ($fvv) {
298  $vempty = false;
299  break;
300  }
301  }
302  if ($vempty) {
303  $doc->removeArrayRow($v->id, 0);
304  }
305  }
306  }
307  }
308  return $err;
309 }
310 /**
311  * insert file in VAULT from HTTP upload
312  */
313 function insert_file(&$doc, $attrid, $strict = false)
314 {
315 
316  global $action;
317  global $_FILES;
318 
319  global $upload_max_filesize;
320 
321  if ($strict) $postfiles = $_FILES[$attrid];
322  else $postfiles = $_FILES["_" . $attrid];
323  $oa = $doc->getAttribute(substr($attrid, 4));
324  $toldfile = array();
325  $oriid = "IFORI_" . substr($attrid, 4);
326  $orinames = getHttpVars($oriid); // when use preventfilechange option
327  if (is_array($postfiles['tmp_name'])) { // array of file
328  $tuserfiles = array();
329  while (list($kp, $v) = each($postfiles)) {
330  while (list($k, $ufv) = each($v)) {
331  if ($k >= 0) {
332  $tuserfiles[$k][$kp] = $ufv;
333  if ($orinames[$k]) {
334  if (!$tuserfiles[$k]["realname"]) {
335  $tuserfiles[$k]["realname"] = $tuserfiles[$k]["name"];
336  $tuserfiles[$k]["name"] = $orinames[$k];
337  }
338  }
339  if ($oa) $tuserfiles[$k]["oldvalue"] = $doc->getTValue($oa->id, "", $k);
340  }
341  }
342  }
343  } else { // only one file
344  if ($orinames) {
345  $postfiles["realname"] = $postfiles["name"];
346  $postfiles["name"] = $orinames;
347  }
348  if ($oa) $postfiles["oldvalue"] = $doc->getValue($oa->id);
349  $tuserfiles[] = $postfiles;
350  }
351 
352  $rt = array(); // array of file to be returned
353  if ($doc) $rtold = $doc->_val2array($doc->getOldValue(substr($attrid, 4))); // special in case of file modification by DAV in revised document
354  $oa = $doc->getAttribute(substr($attrid, 4));
355  $rt = $doc->getTvalue($attrid); // in case of modified only a part of array files
356  unset($tuserfiles['__1x_']);
357 
358  foreach ($tuserfiles as $k => $userfile) {
359  $rt[$k] = "";
360  if ($userfile['name'] == " ") {
361  $rt[$k] = " "; // delete reference file
362  continue;
363  }
364  $userfile['name'] = stripslashes($userfile['name']); // cause gpc_magicquote
365  if (($userfile['tmp_name'] == "none") || ($userfile['tmp_name'] == "") || ($userfile['size'] == 0)) {
366  // if no file specified, keep current file
367  if ($userfile['name'] != "") {
368  switch ($userfile['error']) {
369  case UPLOAD_ERR_INI_SIZE:
370  $err = sprintf(_("Filename '%s' cannot be transmitted.\nThe Size Limit is %s bytes.") , $userfile['name'], ini_get('upload_max_filesize'));
371  break;
372 
373  case UPLOAD_ERR_FORM_SIZE:
374  $err = sprintf(_("Filename '%s' cannot be transmitted.\nThe Size Limit was specified in the HTML form.") , $userfile['name']);
375  break;
376 
377  case UPLOAD_ERR_PARTIAL:
378  $err = sprintf(_("Filename '%s' cannot be transmitted completly.\nMay be saturation of server disk.") , $userfile['name']);
379  break;
380 
381  default:
382  $err = sprintf(_("Filename '%s' cannot be transmitted.") , $userfile['name']);
383  }
384  $action->ExitError($err);
385  }
386  // reuse old value
387  if (substr($attrid, 0, 3) == "UPL") {
388  $oldfile = getHttpVars(substr($attrid, 3));
389  if (!is_array($oldfile)) {
390  $vid1 = 0;
391  $vid2 = 0;
392  if (preg_match(PREGEXPFILE, $rtold[0], $reg)) $vid1 = $reg[2];
393  if (preg_match(PREGEXPFILE, $oldfile, $reg)) $vid2 = $reg[2];
394 
395  if (($vid1 > 0) && ($vid2 > 0) && ($vid1 > $vid2)) $rt[$k] = $rtold[0]; // in case of DAV auto clone when revised doc
396  else $rt[$k] = $oldfile;
397  } else {
398 
399  if (isset($oldfile[$k])) {
400  $vid1 = 0;
401  $vid2 = 0;
402  if (preg_match(PREGEXPFILE, $rtold[$k], $reg)) $vid1 = $reg[2];
403  if (preg_match(PREGEXPFILE, $oldfile[$k], $reg)) $vid2 = $reg[2];
404  // print "RECENT $oldfile[$k] :<b>".searchmorerecent($rtold,$oldfile[$k])."</b><br>";
405  $recent = searchmorerecent($rtold, $oldfile[$k]);
406  if ($recent) $rt[$k] = $recent;
407  else $rt[$k] = $oldfile[$k];
408  }
409  }
410  }
411 
412  continue;
413  }
414 
415  preg_match("/(.*)\.(.*)$/", $userfile['name'], $reg);
416  // print_r($userfile);
417  $ext = $reg[2];
418 
419  if (file_exists($userfile['tmp_name'])) {
420  if (is_uploaded_file($userfile['tmp_name'])) {
421  // move to add extension
422  $fname = $userfile['name'];
423  $doc->hasNewFiles = true; // to use in modcard call to refreshRn
424  $err = vault_store($userfile['tmp_name'], $vid, $fname);
425  // read system mime
426  $userfile['type'] = getSysMimeFile($userfile['tmp_name'], $userfile['name']);
427 
428  if ($err != "") {
429  AddWarningMsg($err);
430  } else {
431  if ($oa && $oa->getOption('preventfilechange') == "yes") {
432  if (preg_match(PREGEXPFILE, $userfile["oldvalue"], $reg)) {
433  $expectname = vault_uniqname($reg[2]);
434  if ($expectname && ($expectname != $userfile["realname"])) {
435  $ext = substr($expectname, strrpos($expectname, '.'));
436  $prefix = substr($expectname, 0, strrpos($expectname, '}') + 1);
437 
438  $realext = substr($userfile["realname"], strrpos($userfile["realname"], '.'));
439  $realprefix = substr($userfile["realname"], 0, strrpos($userfile["realname"], '}', strrpos($expectname, '.') - 2) + 1);
440 
441  if (($ext != $realext) || ($prefix != $realprefix)) {
442  $doc->addComment(sprintf(_("%s : file %s has been replaced by new file %s") , $oa->getLabel() , $reg[3], $userfile["name"]) , HISTO_WARNING);
443  }
444  }
445  }
446  }
447  }
448  } else {
449  $err = sprintf(_("Possible file upload attack: filename '%s'.") , $userfile['name']);
450  $action->ExitError($err);
451  }
452  $rt[$k] = $userfile['type'] . "|" . $vid . '|' . $userfile['name']; // return file type and upload file name
453 
454  }
455  }
456 
457  if ((count($rt) == 0) || ((count($rt) == 1) && (current($rt) == ""))) return "";
458  // return file type and upload file name
459  return ($rt);
460 }
461 
462 function searchmorerecent($rt, $file)
463 {
464  foreach ($rt as $k => $v) {
465  if (preg_match(PREGEXPFILE, $v, $reg)) {
466  $vid1 = $reg[2];
467  $fn1 = $reg[3];
468  if (preg_match(PREGEXPFILE, $file, $reg)) {
469  $vid2 = $reg[2];
470  $fn2 = $reg[3];
471  if (($vid1 > 0) && ($vid2 > 0) && ($vid1 > $vid2) && ($fn1 == $fn2)) return $v;
472  }
473  }
474  }
475  return false;
476 }
477 // -----------------------------------
478 function specialmodcard(&$action, $usefor)
479 {
480 
481  global $_POST;
482  global $_FILES;
483 
484  $dbaccess = $action->GetParam("FREEDOM_DB");
485  $classid = GetHttpVars("classid", 0);
486 
487  $cdoc = new_Doc($dbaccess, $classid); // family doc
488  $tmod = array();
489 
490  foreach ($_POST as $k => $v) {
491  //print $k.":".$v."<BR>";
492  if ($k[0] == "_") // freedom attributes begin with _
493  {
494  $attrid = substr($k, 1);
495  if (is_array($v)) {
496  if (isset($v["-1"])) unset($v["-1"]);
497  if (isset($v["__1x_"])) unset($v["__1x_"]);
498  $value = stripslashes(implode("\n", str_replace("\n", "<BR>", $v)));
499  } else $value = stripslashes($v);
500  $value = trim($value);
501  if ($usefor == "D") $cdoc->setDefValue($attrid, $value);
502  else if ($usefor == "Q") $cdoc->setParam($attrid, $value);
503  $tmod[$attrid] = $value;
504  }
505  }
506  // ------------------------------
507  // update POSGRES files values
508  foreach ($_FILES as $k => $v) {
509  if ($k[0] == "_") // freedom attributes begin with _
510  {
511  $k = substr($k, 1);
512 
513  $filename = insert_file($cdoc, $k);
514 
515  if ($filename != "") {
516  if (substr($k, 0, 4) == "UPL_") $k = substr($k, 4);
517  if ($usefor == "D") $cdoc->setDefValue($k, $filename);
518  else if ($usefor == "Q") $cdoc->setParam($k, $filename);
519 
520  $tmod[$k] = $filename;
521  }
522  }
523  }
524 
525  $cdoc->modify();
526  if (count($tmod) > 0) {
527  if ($usefor == "D") $s = _("modify default values :");
528  else if ($usefor == "Q") $s = _("modify parameters :");
529  $s.= " ";
530  foreach ($tmod as $k => $v) {
531  $s.= "$k:$v, ";
532  }
533  $cdoc->AddComment($s);
534  }
535 }
536 ?>
← centre documentaire © anakeen - published under CC License - Dynacase