| [ Index ] |
|
Code source de dotProject 2.1 RC1 |
1 <?php /* $Id: fileviewer.php,v 1.40.4.4 2007/01/31 09:36:51 ajdonnison Exp $ */ 2 3 /* 4 All files in this work, except the modules/ticketsmith directory, are now 5 covered by the following copyright notice. The ticketsmith module is 6 under the Voxel Public License. See modules/ticketsmith/LICENSE 7 for details. Please note that included libraries in the lib directory 8 may have their own license. 9 10 Copyright (c) 2003-2005 The dotProject Development Team <core-developers@dotproject.net> 11 12 This file is part of dotProject. 13 14 dotProject is free software; you can redistribute it and/or modify 15 it under the terms of the GNU General Public License as published by 16 the Free Software Foundation; either version 2 of the License, or 17 (at your option) any later version. 18 19 dotProject is distributed in the hope that it will be useful, 20 but WITHOUT ANY WARRANTY; without even the implied warranty of 21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 GNU General Public License for more details. 23 24 You should have received a copy of the GNU General Public License 25 along with dotProject; if not, write to the Free Software 26 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 27 28 The full text of the GPL is in the COPYING file. 29 */ 30 31 //file viewer 32 require_once 'base.php'; 33 require_once DP_BASE_DIR."/includes/config.php"; 34 require_once DP_BASE_DIR."/includes/main_functions.php"; 35 require_once DP_BASE_DIR."/classes/ui.class.php"; 36 require_once DP_BASE_DIR."/includes/db_adodb.php"; 37 require_once DP_BASE_DIR."/includes/db_connect.php"; 38 require_once DP_BASE_DIR."/includes/session.php"; 39 40 $loginFromPage = 'fileviewer.php'; 41 42 dPsessionStart(); 43 44 // check if session has previously been initialised 45 // if no ask for logging and do redirect 46 if (!isset( $_SESSION['AppUI'] ) || isset($_GET['logout'])) { 47 $_SESSION['AppUI'] = new CAppUI(); 48 $AppUI =& $_SESSION['AppUI']; 49 $AppUI->setConfig( $dPconfig ); 50 $AppUI->checkStyle(); 51 52 require_once( $AppUI->getSystemClass( 'dp' ) ); 53 require_once ( DP_BASE_DIR."/misc/debug.php" ); 54 55 if ($AppUI->doLogin()) $AppUI->loadPrefs( 0 ); 56 // check if the user is trying to log in 57 if (isset($_REQUEST['login'])) { 58 $username = dPgetParam( $_POST, 'username', '' ); 59 $password = dPgetParam( $_POST, 'password', '' ); 60 $redirect = dPgetParam( $_REQUEST, 'redirect', '' ); 61 $ok = $AppUI->login( $username, $password ); 62 if (!$ok) { 63 //display login failed message 64 $uistyle = $AppUI->getPref( 'UISTYLE' ) ? $AppUI->getPref( 'UISTYLE' ) : $dPconfig['host_style']; 65 $AppUI->setMsg( 'Login Failed' ); 66 require DP_BASE_DIR."/style/$uistyle/login.php"; 67 session_unset(); 68 exit; 69 } 70 header ( "Location: fileviewer.php?$redirect" ); 71 exit; 72 } 73 74 $uistyle = $AppUI->getPref( 'UISTYLE' ) ? $AppUI->getPref( 'UISTYLE' ) : $dPconfig['host_style']; 75 // check if we are logged in 76 if ($AppUI->doLogin()) { 77 $AppUI->setUserLocale(); 78 @include_once( DP_BASE_DIR."/locales/$AppUI->user_locale/locales.php" ); 79 @include_once ( DP_BASE_DIR."/locales/core.php" ); 80 setlocale( LC_TIME, $AppUI->user_locale ); 81 82 $redirect = @$_SERVER['QUERY_STRING']; 83 if (strpos( $redirect, 'logout' ) !== false) $redirect = ''; 84 if (isset( $locale_char_set )) header("Content-type: text/html;charset=$locale_char_set"); 85 require DP_BASE_DIR."/style/$uistyle/login.php"; 86 session_unset(); 87 session_destroy(); 88 exit; 89 } 90 } 91 $AppUI =& $_SESSION['AppUI']; 92 93 require_once DP_BASE_DIR."/includes/permissions.php"; 94 95 $perms =& $AppUI->acl(); 96 97 $canRead = $perms->checkModule( 'files' , 'view' ); 98 if (!$canRead) { 99 $AppUI->redirect( "m=public&a=access_denied" ); 100 } 101 102 $file_id = isset($_GET['file_id']) ? $_GET['file_id'] : 0; 103 104 if ($file_id) { 105 // projects tat are denied access 106 require_once($AppUI->getModuleClass("projects")); 107 require_once($AppUI->getModuleClass("files")); 108 $project =& new CProject; 109 $allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id, project_name'); 110 $fileclass =& new CFile; 111 $allowedFiles = $fileclass->getAllowedRecords($AppUI->user_id, 'file_id, file_name'); 112 113 if (count($allowedFiles) && ! array_key_exists($file_id, $allowedFiles)) { 114 $AppUI->redirect( 'm=public&a=access_denied' ); 115 } 116 117 if (count($allowedProjects)) { 118 $allowedProjects[0] = 'All Projects'; 119 } 120 121 $q = new DBQuery; 122 $q->addTable('files'); 123 $project->setAllowedSQL($AppUI->user_id, $q, 'file_project'); 124 $q->addWhere("file_id = '$file_id'"); 125 /* 126 $sql = "SELECT * 127 FROM files 128 WHERE file_id=$file_id" 129 . (count( $allowedProjects ) > 0 ? "\nAND file_project IN (" . implode(',', array_keys($allowedProjects) ) . ')' : ''); 130 */ 131 $sql = $q->prepare(); 132 133 if (!db_loadHash( $sql, $file )) { 134 $AppUI->redirect( "m=public&a=access_denied" ); 135 }; 136 137 /* 138 * DISABLED LINES TO FIX A NEWER BUG 914075 WITH IE 6 (GREGORERHARDT 20040612) 139 140 // BEGIN extra headers to resolve IE caching bug (JRP 9 Feb 2003) 141 // [http://bugs.php.net/bug.php?id=16173] 142 header("Pragma: "); 143 header("Cache-Control: "); 144 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 145 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 146 header("Cache-Control: no-store, no-cache, must-revalidate"); //HTTP/1.1 147 header("Cache-Control: post-check=0, pre-check=0", false); 148 // END extra headers to resolve IE caching bug 149 */ 150 151 $fname = DP_BASE_DIR."/files/{$file['file_project']}/{$file['file_real_filename']}"; 152 if (! file_exists($fname)) { 153 $AppUI->setMsg("fileIdError", UI_MSG_ERROR); 154 $AppUI->redirect(); 155 } 156 157 /* 158 * MerlinYoda> 159 * some added lines from: 160 * http://www.dotproject.net/vbulletin/showpost.php?p=11975&postcount=13 161 * along with "Pragma" header as suggested in: 162 * http://www.dotproject.net/vbulletin/showpost.php?p=14928&postcount=1. 163 * to fix the IE download issue for all for http and https 164 * 165 */ 166 header("MIME-Version: 1.0"); 167 header( "Pragma: "); 168 header( "Cache-Control: public"); 169 header( "Content-length: {$file['file_size']}" ); 170 header( "Content-type: {$file['file_type']}" ); 171 header( "Content-transfer-encoding: 8bit"); 172 header( "Content-disposition: attachment; filename=\"{$file['file_name']}\"" ); 173 174 // read and output the file in chunks to bypass limiting settings in php.ini 175 $handle = fopen("{$dPconfig['root_dir']}/files/{$file['file_project']}/{$file['file_real_filename']}", 'rb'); 176 if ($handle) 177 { 178 while ( !feof($handle) ) { 179 print fread($handle, 8192); 180 } 181 fclose($handle); 182 } 183 } else { 184 $AppUI->setMsg( "fileIdError", UI_MSG_ERROR ); 185 $AppUI->redirect(); 186 } 187 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 18 19:46:52 2007 | par Balluche grâce à PHPXref 0.7 |