00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00018 class share implements module, fileuploadable {
00019 private $userId;
00020 private $moduleComponentId;
00021 private $action;
00022
00023 public function getHtml($gotuid, $gotmoduleComponentId, $gotaction) {
00024 $this->userId = $gotuid;
00025 $this->moduleComponentId = $gotmoduleComponentId;
00026 $this->action = $gotaction;
00027 if ($this->action == "edit")
00028 return $this->actionEdit();
00029 if ($this->action == "moderate")
00030 return $this->actionModerate();
00031 return $this->actionView();
00032 }
00033 public static function getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName) {
00034 return getPermissions($userId, $pageId, "view");
00035 }
00036 public static function getUploadableFileProperties(&$fileTypesArray,&$maxFileSizeInBytes) {
00037 $fileTypesArray = array('jpg','jpeg','png','doc','pdf','gif','bmp','css','js','html','xml','ods','odt','oft','pps','ppt','tex','tiff','txt','chm','mp3','mp2','wave','wav','mpg','ogg','mpeg','wmv','wma','wmf','rm','avi','gzip','gz','rar','bmp','psd','bz2','tar','zip','swf','fla','flv','eps','xcf','xls','exe','7z');
00038 $maxFileSizeInBytes = 30*1024*1024;
00039 }
00040 function renderComment($id,$user,$timestamp,$comment,$file,$action="view") {
00041 $delete = '';
00042 if($action=="moderate")
00043 {
00044 global $ICONS;
00045 $delete = "<a class='commentdelete' href='./+moderate&file=$file&delComment=$id'>{$ICONS['Delete']['large']}</a>";
00046 }
00047 $name = getUserFullName($user);
00048 $comment = censor_words($comment);
00049 $ret = <<<RET
00050 <div class="share_comment">
00051 <fieldset>
00052 <span class="share_comment_info">
00053 Posted By: $name on $timestamp
00054 </span>
00055 <br/><span class="share_comment_content">
00056 $comment
00057 </span>
00058 $delete</fieldset>
00059 </div>
00060 RET;
00061 return $ret;
00062 }
00063 function commentBox($file_id) {
00064 global $sourceFolder;
00065 require_once("$sourceFolder/common.lib.php");
00066 $user = getUserName($this->userId);
00067 $ret = <<<RET
00068 <script type='text/javascript'>
00069 $(document).ready(function() {
00070 $('#comment').autoResize({
00071
00072 onResize : function() {
00073 $(this).css({opacity:0.8});
00074 },
00075
00076 animateCallback : function() {
00077 $(this).css({opacity:1});
00078 },
00079
00080 animateDuration : 300,
00081
00082 extraSpace : 25,
00083 limit : 200
00084 });
00085 });
00086 </script>
00087 <fieldset><legend>New Comment</legend>
00088 <form method=POST action='./+view&file=$file_id&subaction=postcomment'>
00089 <table width=100%>
00090 <tr><td>Posted By:</td><td><input type=text disabled="disabled" value="$user" style="color:#000;background:#ddd;"></td></tr>
00091 <tr><td>Comment:</td><td><textarea name='comment' id='comment' style="width: 360px; padding-top: 10px; padding-right: 10px; padding-bottom: 10px; padding-left: 10px; font-family: sans-serif; font-size: 1.2em; resize: none; height: 50px; display: block; ">Enter your comment here...</textarea></td>
00092 <input type="hidden" name="file_id" value="$file_id">
00093 </table>
00094 <input type=submit name=btnSubmit value=Post style="padding:3px 10px 3px 10px;font-family: sans-serif; font-size: 1.2em;">
00095 </form>
00096 </fieldset>
00097 RET;
00098 return $ret;
00099 }
00100 function renderField($row,$action="view")
00101 {
00102 $username = getUserFullName($row['upload_userid']);
00103 $content = "<fieldset><div id='file'><b>{$row['file_name']}</b><br />Uploaded by: {$username} <br /> {$row['file_desc']}<br /><a href=\"./+$action&file={$row['file_id']}\"><input type='submit' value='Discussion'></a><a href=\"./{$row['upload_filename']}\" target='_blank'><input type='submit' value='Download'></a>";
00104 if($action=="moderate")
00105 $content .="<a href=\"./+moderate&delfile={$row['file_id']}\"><input type='submit' value='Delete'></a>";
00106 $content .="</div></fieldset>";
00107 return $content;
00108 }
00109 public function actionView() {
00110 global $sourceFolder,$urlRequestRoot, $moduleFolder, $cmsFolder;
00111 $temp = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder ."/share";
00112 require_once($sourceFolder."/upload.lib.php");
00113 $module_ComponentId = $this->moduleComponentId;
00114 $userId = $this->userId;
00115 if(isset($_GET['subaction'])&&($_GET['subaction']=="add_file"))
00116 {
00117 if(!isset($_FILES['upload_file']))
00118 displayerror("No File Uploaded");
00119 else{
00120 $query = "SELECT * FROM `share` WHERE `page_modulecomponentid` = $module_ComponentId";
00121 $result = mysql_query($query) or displayerror("Error in view");
00122 $result = mysql_fetch_array($result) or displayerror("Error in view");
00123 $maxFileSizeInBytes = $result[3];
00124 if(trim($result[2])=="") $uploadableFileTypes = false;
00125 else {
00126 $uploadableFileTypes = explode( "|" , $result[2] );
00127 if(count($uploadableFileTypes)==0) $uploadableFileTypes = false;
00128 }
00129 $uploadFileName = upload($module_ComponentId, "share", $userId, 'upload_file', $maxFileSizeInBytes , $uploadableFileTypes);
00130 if (is_array($uploadFileName) && isset ($uploadFileName[0])) {
00131 if($_POST['file_name']=="")
00132 $file_name = $uploadFileName[0];
00133 else
00134 $file_name = safe_html($_POST['file_name']);
00135 $file_desc = safe_html($_POST['file_desc']);
00136
00137 $uploadQuery = "INSERT INTO `share_files` (`page_modulecomponentid`, `upload_filename`, `file_name`, `file_desc`, `upload_userid`) VALUES('$module_ComponentId', '$uploadFileName[0]','$file_name','$file_desc','{$this->userId}')";
00138 $uploadResult = mysql_query($uploadQuery);
00139 if(mysql_affected_rows()>0)
00140 displayinfo("Successfully Uploaded ".$file_name);
00141 else
00142 displayerror("File Not Uploaded");
00143
00144 }
00145 else displayerror("Sorry!! Some error has occured when uploading the file.");
00146 }
00147 }
00148 if(isset($_POST['btnSubmit'])) {
00149 $id = mysql_fetch_array(mysql_query("SELECT MAX(`comment_id`) AS MAX FROM `share_comments`"));
00150 $id = $id['MAX'] + 1;
00151 $user = $this->userId;
00152 $comment = escape(safe_html($_POST['comment']));
00153 $file_id = escape($_POST['file_id']);
00154 mysql_query("INSERT INTO `share_comments`(`comment_id`,`file_id`,`page_modulecomponentid`,`comment`,`userid`) VALUES('$id','$file_id','{$module_ComponentId}','$comment','$user')") or die(mysql_error());
00155 if(mysql_affected_rows())
00156 displayinfo("Post successful");
00157 else
00158 displayerror("Error in posting comment");
00159 }
00160 if(isset($_GET['file']))
00161 {
00162 $file_id = escape($_GET['file']);
00163 $query = "SELECT * FROM `share_files` WHERE `file_id` = '$file_id'";
00164 $result = mysql_query($query);
00165 if(mysql_num_rows($result)<0)
00166 {
00167 displayerror("Sorry!!! No such file found");
00168 }
00169 else
00170 {
00171 $result = mysql_fetch_array($result);
00172 $username = getUserFullName($this->userId);
00173 $content = "<script type=\"text/javascript\" languauge=\"javascript\" src=\"$temp/textarea_resize.js\"></script>";
00174 $content .= "<div id='file'><b>{$result[3]}</b><br/>{$result[4]}<br /><br />Uploaded by: $username<br /><br /><a href=\"./{$result[2]}\" target='_blank'><input type='submit' value='Download'></a></div> ";
00175 $comment_query = "SELECT * FROM `share_comments` WHERE `page_modulecomponentid` = '$module_ComponentId' AND `file_id` = '{$result[0]}'";
00176 $comment_result = mysql_query($comment_query);
00177 if(mysql_num_rows($comment_result)>0)
00178 $content .= "<fieldset><legend>Comments</legend>";
00179 while($row = mysql_fetch_array($comment_result))
00180 $content .= $this->renderComment($row['comment_id'],$row['userid'],$row['comment_datetime'],$row['comment'],$file_id);
00181 if(mysql_num_rows($comment_result)>0)
00182 $content .= "</fieldset>";
00183 $content .= $this->commentBox($file_id);
00184 return $content;
00185 }
00186 }
00187 $query = "SELECT * FROM `share` WHERE `page_modulecomponentid` = $module_ComponentId";
00188 $result = mysql_query($query) or displayerror(mysql_error()." Error in share.lib.php L:187");
00189 $result = mysql_fetch_array($result);
00190 $file_types = preg_replace('/\|/',', ',$result['file_type']);
00191 $upload_form =<<<FORM
00192 <script type="text/javascript" language="javascript">
00193 function checkForm()
00194 {
00195 var desc = document.add_file.file_desc.value;
00196 var length = desc.length;
00197 if(length<50)
00198 {
00199 document.getElementById('file_desc').focus();
00200 alert("Please enter File Description (min. 50 characters)");
00201 return false;
00202 }
00203 return true;
00204 }
00205 </script>
00206 <fieldset id='upload_form'>
00207 <legend>Upload File</legend>
00208 <form name='add_file' method="POST" action="./+view&subaction=add_file" enctype="multipart/form-data">
00209 <table width='100%'>
00210 <tr><td>Add new File</td><td><input type='file' name='upload_file' id='upload_file' /></td></tr>
00211 <tr><td>File Name </td><td><input type='text' name='file_name' id='file_name' /></td></tr>
00212 <tr><td>Description </td><td><textarea name='file_desc' id='file_desc' rows=4 cols=50 >Enter the file description here...</textarea></td></tr>
00213 <tr><td colspan='2' align='center'><input type='submit' name='add_file' value='Upload' onclick="return checkForm();"/></td></tr>
00214 </table>
00215 </form>
00216 </fieldset>
00217 FORM;
00218 $content = "<table width=100%><tr><td colspan='2'><b>{$result['page_desc']}</b><br /></td></tr><tr><td width=150px>Uploadable File Typles </td><td>{$file_types}</td></tr><tr><td>Max. file size </td><td> {$result['maxfile_size']} bytes</td></tr></table>";
00219 $content .= $upload_form;
00220 $content_query = "SELECT * FROM `share_files` WHERE `page_modulecomponentid` = $module_ComponentId";
00221 $content_result = mysql_query($content_query) or displayerror("Error is retriving info from database. Please try later..");
00222 if(mysql_num_rows($content_result)<=0)
00223 $content .= "No Files found..";
00224 else{
00225
00226 $content .= "<div id='file_container'>";
00227 while($row = mysql_fetch_array($content_result))
00228 $content .= $this->renderField($row);
00229 $content .= "</div>";
00230 }
00231
00232 return $content;
00233 }
00234 public function actionModerate() {
00235 $module_ComponentId = $this->moduleComponentId;
00236 global $sourceFolder;
00237 require_once($sourceFolder."/upload.lib.php");
00238 if(isset($_GET['delfile']))
00239 {
00240 $file_id = escape($_GET['delfile']);
00241 $query = "SELECT * FROM `share_files` WHERE `file_id` = '$file_id'";
00242 $result = mysql_query($query);
00243 $result = mysql_fetch_array($result);
00244 if(deleteFile($module_ComponentId,"share",$result['upload_filename']))
00245 {
00246 $del_query = "DELETE FROM `share_files` WHERE `file_id` = '$file_id'";
00247 $del_result = mysql_query($del_query) or displayerror(mysql_error()."Error in share.lib.php L:240");
00248 $del_comment = "DELETE FROM `share_comments` WHERE `file_id` = '$file_id'";
00249 $del_comment_result = mysql_query($del_comment) or displayerror(mysql_error()."error in L:242");
00250 if(!$del_result||!$del_comment_result)
00251 displayerror("Some data has not been deleted properly!!!");
00252 else
00253 displayinfo("File deleted Successfully!!!");
00254 }
00255 else
00256 displayerror("File not deleted. Try again later..." );
00257 }
00258 if(isset($_GET['delComment']))
00259 {
00260 $commentid = escape($_GET['delComment']);
00261 $query = "DELETE FROM `share_comments` WHERE `comment_id` = $commentid";
00262 $result = mysql_query($query);
00263 if(mysql_affected_rows()<0)
00264 displayerror("Error in deleting the comment");
00265 else
00266 displayinfo("Succesfully deleted comment");
00267 }
00268 if(isset($_GET['file']))
00269 {
00270 $file_id = escape($_GET['file']);
00271 $query = "SELECT * FROM `share_files` WHERE `file_id` = '$file_id'";
00272 $result = mysql_query($query);
00273 if(mysql_num_rows($result)<0)
00274 {
00275 displayerror("Sorry!!! No such file found");
00276 }
00277 else
00278 {
00279 $result = mysql_fetch_array($result);
00280 $username = getUserFullName($this->userId);
00281 $content = "<div id='file'><b>{$result[3]}</b><br/>{$result[4]}<br /><br />Uploaded by: $username<br /><br /><a href=\"./{$result[2]}\" target='_blank'><input type='submit' value='Download'></a></div> ";
00282 $comment_query = "SELECT * FROM `share_comments` WHERE `page_modulecomponentid` = '$module_ComponentId' AND `file_id` = '{$result[0]}'";
00283 $comment_result = mysql_query($comment_query) or die(mysql_error());
00284 if(mysql_num_rows($comment_result)>0)
00285 $content .= "<fieldset><legend>Comments</legend>";
00286 while($row = mysql_fetch_array($comment_result))
00287 $content .= $this->renderComment($row['comment_id'],$row['userid'],$row['comment_datetime'],$row['comment'],$file_id,'moderate');
00288 if(mysql_num_rows($comment_result)>0)
00289 $content .= "</fieldset>";
00290 return $content;
00291 }
00292 }
00293 $query = "SELECT * FROM `share` WHERE `page_modulecomponentid` = $module_ComponentId";
00294 $result = mysql_query($query) or displayerror(mysql_error()." Error in share.lib.php L:187");
00295 $result = mysql_fetch_array($result);
00296 $file_types = preg_replace('/\|/',', ',$result['file_type']);
00297 $content = "<table width=100%><tr><td colspan='2'><b>{$result['page_desc']}</b><br /></td></tr><tr><td width=150px>Uploadable File Typles </td><td>{$file_types}</td></tr><tr><td>Max. file size </td><td> {$result['maxfile_size']} bytes</td></tr></table>";
00298 $content_query = "SELECT * FROM `share_files` WHERE `page_modulecomponentid` = $module_ComponentId";
00299 $content_result = mysql_query($content_query) or displayerror("Error is retriving info from database. Please try later..");
00300 if(mysql_num_rows($content_result)<=0)
00301 $content .= "No Files found..";
00302 else{
00303
00304 $content .= "<div id='file_container'>";
00305 while($row = mysql_fetch_array($content_result))
00306 $content .= $this->renderField($row,"moderate");
00307 $content .= "</div>";
00308 }
00309
00310 return $content;
00311 }
00312 public function actionEdit()
00313 {
00314 $module_ComponentId = $this->moduleComponentId;
00315 if(isset($_POST['edit_share']))
00316 {
00317 $desc = safe_html($_POST['share_desc']);
00318 $ftype = escape($_POST['file_type']);
00319 if((strlen($desc)<50)||(strlen($ftype)==0))
00320 displayerror("Could not update the page. Either the share description or file type doesnot meet the requirements!!");
00321 else {
00322 $max_size = escape($_POST['file_size']);
00323 $query = "UPDATE `share` SET `page_desc` = '$desc', `file_type` = '$ftype', `maxfile_size` = '$max_size' WHERE `page_modulecomponentid` = $module_ComponentId";
00324 $result = mysql_query($query);
00325 if(mysql_affected_rows()<0)
00326 displayerror("Error in updating the database. Please Try again later");
00327 else
00328 displayinfo("All settings updated successfully");
00329 }
00330 }
00331 $query = "SELECT * FROM `share` WHERE `page_modulecomponentid` = $module_ComponentId";
00332 $result = mysql_query($query) or displayerror(mysql_error()." Error in share.lib.php L:322");
00333 $result = mysql_fetch_array($result) or displayerror(mysql_error()."Error in share.lib.php L:323");
00334 $edit_form =<<<EDIT
00335 <script type="text/javascript" language="javascript">
00336 function checkForm()
00337 {
00338 var desc = document.edit_share.share_desc.value;
00339 var length = desc.length;
00340 if(length<50)
00341 {
00342 document.getElementById('share_desc').focus();
00343 alert("Please enter the Share Description (min. 50 characters)");
00344 return false;
00345 }
00346 var type = document.edit_share.file_type.value;
00347 var tlength = type.length;
00348 if(tlength==0)
00349 {
00350 document.getElementById('file_type').focus();
00351 alert("Please enter the File types that can be uploaded");
00352 return false;
00353 }
00354 return true;
00355 }
00356 </script>
00357 <fieldset><legend>EDIT SHARE</legend>
00358 <form method="POST" name="edit_share" action="./+edit">
00359 <table>
00360 <tr><td>Share Description </td><td><textarea name="share_desc" id="share_desc" cols="50" rows="5" class="textbox" >{$result['page_desc']}</textarea></td></tr>
00361 <tr><td>Uploadable FIle types</td><td><input type='text' name="file_type" id="file_type" value={$result['file_type']}></td></tr>
00362 <tr><td>Max File Size(in bytes)</td><td><input type='text' name="file_size" id="file_size" value={$result['maxfile_size']}></td></tr>
00363 <tr><td colspan=2 style="text-align:center"><input type="submit" value="submit" name="edit_share" onclick="return checkForm();"><input type="reset" value="Reset"></td></tr>
00364 </table>
00365 </form>
00366 </fieldset>
00367 EDIT;
00368 return $edit_form;
00369 }
00370 public function createModule($compId) {
00371 $query = "INSERT INTO `share` (`page_modulecomponentid`,`page_desc`,`file_type`,`maxfile_size` )VALUES ('$compId','Coming Soon!!!','doc|docx','2000000')";
00372 $result = mysql_query($query) or die(mysql_error() . " share.lib.php L:372");
00373 }
00374
00375 public function deleteModule($moduleComponentId) {
00376 return true;
00377 }
00378
00379 public function copyModule($moduleComponentId,$newId) {
00380 return true;
00381 }
00382 }
00383
00384
00385 ?>