-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htDocs.php
92 lines (86 loc) · 4.41 KB
/
.htDocs.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<?php
/**
* @package CRI Web Radio
* @author WizLab.it
* @version 20180406.014
*/
$DOC_SECTIONS = array(
"Radio" => array(
"table" => "radio",
"fieldName" => "modelloRadio",
"evalFieldName" => "\$rcDocSource->fieldNameEvaluated = \$_SESSION[CACHE_MODELLI_RADIO][\$rcDocSource->fieldName];",
"list" => "delle radio",
),
"Ripetitori" => array(
"table" => "ripetitori",
"fieldName" => "localitaCollegata",
"evalFieldName" => "\$rcDocSource->fieldNameEvaluated = str_replace(\"%%fn%%\", \"\$rcDocSource->fieldName\", \"Sito di %%fn%%\");",
"list" => "dei ripetitori",
),
);
list($filtroUnitaCri, $unitaCriValues, $WHERE, $extraQuerySet) = setObjectFilter();
if($_REQUEST["id"] && is_numeric($_GET["id"]) && array_key_exists($_GET["type"], $DOC_SECTIONS)) {
$rsDocSource = $DBL->query("SELECT id, " . $DOC_SECTIONS[$_GET["type"]]["fieldName"] . " AS fieldName FROM " . $DOC_SECTIONS[$_GET["type"]]["table"] . " WHERE id=" . $_GET["id"] . " AND " . $WHERE);
if($rsDocSource->num_rows == 1) {
$rcDocSource = $rsDocSource->fetch_object();
}
}
if(!$rcDocSource) die(header("Location: " . $_SERVER["SCRIPT_NAME"]));
$PAGE_TITLE = "Documenti " . $_GET["type"];
eval($DOC_SECTIONS[$_GET["type"]]["evalFieldName"]);
$PAGE_CONTENT = "<h1>Documenti " . $_GET["type"] . " - " . $rcDocSource->fieldNameEvaluated . "</h1>
<h2>Documenti " . $_GET["type"] . "</h2>
<table border='0' cellspacing='2' cellpadding='2'>
<tr>
<th>Nome documento</th>
<th> </th>
</tr>\n";
$docDir = $_SERVER["DOCUMENT_ROOT"] . $PATHS[$DOC_SECTIONS[$_GET["type"]]["table"] . "Docs"] . $_GET["id"] . "/";
if(!is_dir($docDir)) {
mkdir($docDir, 0755, true);
}
if(file_exists($_FILES["doc"]["tmp_name"]) && !$LOGIN->isGuest()) {
copy($_FILES["doc"]["tmp_name"], $docDir . base64_encode($_FILES["doc"]["name"]) . ".bin");
logMessage("Aggiunto file " . $PATHS[$DOC_SECTIONS[$_GET["type"]]["table"] . "Docs"] . $_GET["id"] . "/" . $_FILES["doc"]["name"]);
}
if($_GET["del"] && ($_GET["crc"] == sha1($_GET["del"] . ".bin" . $SECRET)) && file_exists($docDir . $_GET["del"] . ".bin") && !$LOGIN->isGuest()) {
unlink($docDir . $_GET["del"] . ".bin");
logMessage("Cancellato file " . $PATHS[$DOC_SECTIONS[$_GET["type"]]["table"] . "Docs"] . $_GET["id"] . "/" . base64_decode($_GET["del"]));
}
if($_GET["download"] && ($_GET["crc"] == sha1($_GET["download"] . ".bin" . $SECRET)) && file_exists($docDir . $_GET["download"] . ".bin")) {
header("Pragma: ");
header("Cache-control: ");
header("Content-type: application/octet-stream");
header("Content-Disposition: inline; filename=\"" . base64_decode($_GET["download"]) . "\"");
readfile($docDir . $_GET["download"] . ".bin");
die();
}
if($dh = opendir($docDir)) {
while(($file = readdir($dh)) !== false) {
if(is_file($docDir . $file) && strpos($file, ".bin")) {
$realFilename = base64_decode(substr($file, 0, -4));
$rowClass = ($rowClass == "B") ? "A" : "B";
$PAGE_CONTENT .= "<tr class='row" . $rowClass . "'>
<td>" . $realFilename . "</td>
<td>
<a href='" . $_SERVER["SCRIPT_NAME"] . "?cmd=Docs&type=" . $_GET["type"] . "&id=" . $_GET["id"] . "&download=" . substr($file, 0, -4) . "&crc=" . sha1($file . $SECRET) . "' target='_blank' title='Scarica documento'><img src='img/icons/download.png' alt='Scarica documento' class='icon' /></a>
" . ($LOGIN->isGuest() ? "" : "<a href=\"javascript:if(confirm('Eliminare il documento?')) location.href='" . $_SERVER["SCRIPT_NAME"] . "?cmd=Docs&type=" . $_GET["type"] . "&id=" . $_GET["id"] . "&del=" . substr($file, 0, -4) . "&crc=" . sha1($file . $SECRET) . "';\" title='Elimina documento'><img src='img/icons/delete.png' alt='Elimina documento' class='icon' /></a>") . "
</td>
</tr>\n";
}
}
closedir($dh);
}
if(!$LOGIN->isGuest()) {
$PAGE_CONTENT .= "<tr>
<td colspan='2'>
<form method='post' action='" . $_SERVER["SCRIPT_NAME"] . "?cmd=Docs&type=" . $_GET["type"] . "&id=" . $_GET["id"] . "' enctype='multipart/form-data'>
Nuovo documento: <input type='file' name='doc' />
<input type='submit' value='Salva documento' />
</form>
</td>
</tr>\n";
}
$PAGE_CONTENT .= "</table>
<div><a href='" . $_SERVER["SCRIPT_NAME"] . "?cmd=" . $_GET["type"] . "'>Torna all'elenco " . $DOC_SECTIONS[$_GET["type"]]["list"] . "</a></div>\n";
?>