<?php
/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* For questions, help, comments, discussion, etc., please join the
* Agileco community forums at http://forum.agileco.com/
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <tony@agileco.com>
* @package AgileBill
* @version 1.4.93
*/
class file
{
# Open the constructor for this mod
function file()
{
# name of this module:
$this->module = "file";
# location of the construct XML file:
$this->xml_construct = PATH_MODULES . "" . $this->module . "/" . $this->module . "_construct.xml";
# open the construct file for parsing
$C_xml = new CORE_xml;
$construct = $C_xml->xml_to_array($this->xml_construct);
$this->method = $construct["construct"]["method"];
$this->trigger = $construct["construct"]["trigger"];
$this->field = $construct["construct"]["field"];
$this->table = $construct["construct"]["table"];
$this->module = $construct["construct"]["module"];
$this->cache = $construct["construct"]["cache"];
$this->order_by = $construct["construct"]["order_by"];
$this->limit = $construct["construct"]["limit"];
}
##############################
## LIST AUTH FILES ##
##############################
function file_list($VAR)
{
global $smarty;
if(!isset($VAR['id']))
{
global $C_debug;
$smarty->assign('file_display', false);
return false;
}
### Check if user is auth for the selected category:
$db = &DB();
$sql = 'SELECT *
FROM ' . AGILE_DB_PREFIX . 'file WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
file_category_id = ' . $db->qstr($VAR['id']) . ' AND
status = ' . $db->qstr('1') .'
ORDER BY sort_order,date_orig,name';
$result = $db->Execute($sql);
if($result->RecordCount() == 0)
{
$smarty->assign('file_display', false);
return false;
}
global $C_auth;
$ii = 0;
while(!$result->EOF)
{
@$arr = unserialize($result->fields['group_avail']);
$this_show = false;
for($i=0; $i<count($arr); $i++)
{
if($C_auth->auth_group_by_id($arr[$i]))
{
$this_show = true;
$i=count($arr);
}
}
if($this_show)
{
$start = $result->fields['date_start'];
$expire= $result->fields['date_expire'];
### Check that it is not expired
if (( $start == "0" || $start <= time()+2 ) &&
( $expire == "0" || $expire >= time() ) )
{
$arr_smarty[] = Array (
'id' => $result->fields['id'],
'name' => $result->fields['name'],
'description' => $result->fields['description'],
'size' => $result->fields['type'],
'size' => $result->fields['size']
);
$ii++;
}
}
$result->MoveNext();
}
if($ii == "0")
{
$smarty->assign('file_display', false);
return false;
}
else
{
$smarty->assign('file_display', true);
$smarty->assign('file_results', $arr_smarty);
return true;
}
}
##############################
## GET AUTH CATEGORIES ##
##############################
function category_list($VAR)
{
/* check if current session is authorized for any ticket departments..
and return true/false...
*/
global $smarty;
$db = &DB();
$sql = 'SELECT id,name,group_avail FROM ' . AGILE_DB_PREFIX . 'file_category WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
status = ' . $db->qstr('1') .'
ORDER BY sort_order,name';
$result = $db->Execute($sql);
if($result->RecordCount() == 0)
{
$smarty->assign('file_category_display', false);
return false;
}
global $C_auth;
$ii = 0;
while(!$result->EOF)
{
@$arr = unserialize($result->fields['group_avail']);
for($i=0; $i<count($arr); $i++)
{
if($C_auth->auth_group_by_id($arr[$i]))
{
### Add to the array
$ii++;
$arr_smarty[] = Array( 'name' => $result->fields['name'],
'id' => $result->fields['id']);
$i=count($arr);
}
}
$result->MoveNext();
}
if($ii == "0")
{
$smarty->assign('file_category_display', false);
return false;
}
else
{
$smarty->assign('file_category_display', true);
$smarty->assign('file_category_results', $arr_smarty);
return true;
}
}
##############################
## DOWNLOAD ##
##############################
function download($VAR)
{
$db = &DB();
$sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'file WHERE
site_id = ' . DEFAULT_SITE . ' AND
id = ' . $db->qstr(@$VAR['id']) . ' AND
status = 1';
$result = $db->Execute($sql);
if($result->RecordCount() == 1)
{
$show = true;
### Validate start date
$s = $result->fields['date_start'];
if($s != '' && $s != 0)
if($s > time())
$show = false;
### Validate expire date
$e = $result->fields['date_expire'];
if($e != '' && $e != 0)
if($e < time())
$show = false;
### Validate user group:
if($show) {
global $C_auth;
@$arr = unserialize($result->fields['group_avail']);
$show = false;
for($i=0; $i<count($arr); $i++) {
if($C_auth->auth_group_by_id($arr[$i])) {
$show = true;
break;
}
}
}
### Get the filetype
if($show)
{
$ft = $result->fields['location_type'];
if($ft == 0)
$file = PATH_FILES . 'file_'.$VAR['id'].'.dat';
elseif ($ft == 1)
$file = $result->fields['location'];
elseif ($ft == 2)
$file = $result->fields['location'];
### Open the file
if (@$file=fopen($file, 'r'))
{
### Display the correct headers:
header ("Content-Type: " . $result->fields['type']);
header ("Content-Size: " . $result->fields['size']);
header ("Content-Disposition: inline; filename=" . $result->fields['name']);
fpassthru($file);
exit;
}
}
}
echo 'Sorry, the file does not exist or you are not authorized or your access has expired!';
}
##############################
## ADD ##
##############################
function add($VAR)
{
global $_FILES, $smarty, $C_debug, $C_translate;
if($VAR['file_location_type'] == '') return false;
$lt = $VAR['file_location_type'];
// UPLOADED FILE FROM LOCAL PC
if($lt == 0) {
### Validate the file upoad:
if(!isset($_FILES['upload_file']) || $_FILES['upload_file']['size'] <= 0)
{
global $C_debug;
$C_debug->alert('You must go back and enter a file for upload!');
return;
}
$VAR['file_size'] = $_FILES['upload_file']['size'];
$VAR['file_type'] = $_FILES['upload_file']['type'];
$VAR['file_name'] = $_FILES['upload_file']['name'];
}
// ENTERED URL TO FILE
elseif ($lt == 1) {
### Validate the remote file can be opened and is greater than 0K
$file = $VAR['url_file'];
if(empty($file) || !$fp = fopen ($file, "r")) {
# error
$C_debug->alert( $C_translate->translate('remote_file_err','file','') );
return;
} else {
$VAR['file_location'] = $file;
$fn = explode("/", $file);
$count = count($fn)-1;
$VAR['file_name'] = $fn[$count];
$headers = stream_get_meta_data($fp);
$headers = $headers['wrapper_data'];
for($i=0;$i<count($headers); $i++) {
if(eregi('^Content-Type:', $headers[$i]))
$VAR['file_type'] = eregi_replace('Content-Type: ', '', $headers[$i]);
elseif(eregi('^Content-Length:', $headers[$i]))
$VAR['file_size'] = eregi_replace('Content-Length: ', '', $headers[$i]);
}
}
}
// ENTERED LOCAL FILE
elseif ($lt == 2)
{
@$file = $VAR['local_file'];
if(is_file($file) && is_readable($file))
{
if(ereg("/", $file))
$fn = explode("/", $file);
else if(ereg("\\", $file))
$fn = explode("\\", $file);
else
$fn[0] = $file;
$count = count($fn)-1;
$VAR['file_name'] = $fn[$count];
$VAR['file_size'] = filesize($file);
$VAR['file_location'] = $file;
include_once(PATH_CORE . 'file_extensions.inc.php');
$ext = new file_extensions;
$VAR['file_type'] = $ext->content_type($file);
}
else
{
$C_debug->alert( $C_translate->translate('local_file_err','file','') );
return;
}
}
else { return false; }
### Create the record
$type = "add";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$id = $db->add($VAR, $this, $type);
### Copy the uploaded file, or exit if fail:
if($lt == 0) {
if(isset($id) && $id > 0) {
if(!copy($_FILES['upload_file']['tmp_name'], PATH_FILES . 'file_'.$id.'.dat')) {
$C_debug->alert( $C_translate->translate('copy_file_err','file','') );
}
}
unlink($_FILES['upload_file']['tmp_name']);
}
}
##############################
## VIEW ##
##############################
function view($VAR)
{
$type = "view";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->view($VAR, $this, $type);
}
##############################
## UPDATE ##
##############################
function update($VAR)
{
$type = "update";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->update($VAR, $this, $type);
}
##############################
## DELETE ##
##############################
function delete($VAR)
{
$db = &DB();
$id = $this->table . '_id';
# generate the list of ID's
$id_list = '';
$ii=0;
if(isset($VAR["delete_id"]))
{
$id = split(',',$VAR["delete_id"]);
}
elseif (isset($VAR["id"]))
{
$id = split(',',$VAR["id"]);
}
for($i=0; $i<count($id); $i++)
{
if($id[$i] != '')
{
if($i == 0)
{
$id_list .= " id = " . $db->qstr($id[$i]) . " ";
$ii++;
}
else
{
$id_list .= " OR id = " . $db->qstr($id[$i]) . " ";
$ii++;
}
}
}
if($ii>0)
{
# generate the full query
$q = "DELETE FROM
".AGILE_DB_PREFIX."$this->table
WHERE
$id_list
AND
site_id = " . DEFAULT_SITE;
$result = $db->Execute($q);
# error reporting
if ($result === false) {
global $C_debug;
$C_debug->error('file.inc.php','delete', $db->ErrorMsg());
} else {
for($i=0; $i<count($id); $i++) {
if($id[$i] != '') {
error_reporting(0);
unlink(PATH_FILES . 'file_'.$id[$i].'.dat');
$error_reporting_eval = 'error_reporting('.ERROR_REPORTING.');';
eval($error_reporting_eval);
}
}
# Alert delete message
global $C_debug, $C_translate;
$C_translate->value["CORE"]["module_name"] = $C_translate->translate('name',$this->module,"");
$message = $C_translate->translate('alert_delete_ids',"CORE","");
$C_debug->alert($message);
}
}
}
##############################
## SEARCH FORM ##
##############################
function search_form($VAR)
{
$type = "search";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->search_form($VAR, $this, $type);
}
##############################
## SEARCH ##
##############################
function search($VAR)
{
$type = "search";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->search($VAR, $this, $type);
}
##############################
## SEARCH SHOW ##
##############################
function search_show($VAR)
{
$type = "search";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->search_show($VAR, $this, $type);
}
}
?>