2
/* $Id: docadd.php,v 1.20.2.3 2007/11/12 15:40:30 umcesrjones Exp $
5
* This page will handle adding blobs into the database. It will
6
* present the form page on a GET and handle updating the database
9
* Add comment to an event
10
* Add attachment to an event
14
* id - event id (optional for some types)
15
* type - C=comment, A=attachment
17
* id - event id (optional for some types)
18
* type - C=comment, A=attachment
19
* description - (for type=C and A)
20
* comment - (for type=C)
21
* FileName - (for type=A)
24
* TODO: add email notification when attachment or comment is added
26
include_once 'includes/init.php';
28
$id = getValue ( 'id', '-?[0-9]+' );
29
$type = getValue ( 'type' );
30
$user = getValue ( 'user' );
36
$error = 'No id specified';
37
$title = translate ( 'Add Comment' );
41
$error = 'No id specified';
42
$title = translate ( 'Add Attachment' );
43
$upload = ini_get ( 'file_uploads' );
44
$upload_enabled = ! empty ( $upload ) &&
45
preg_match ( "/(On|1|true|yes)/i", $upload );
46
if ( ! $upload_enabled ) {
47
$error = 'You must enable file_uploads in php.ini';
51
$error = 'Invalid type';
59
// Get event details if this is associated with an event
60
if ( empty ( $error ) && ! empty ( $id ) ) {
61
// is this user a participant or the creator of the event?
62
$res = dbi_execute ( 'SELECT we.cal_id
63
FROM webcal_entry we, webcal_entry_user weu
64
WHERE we.cal_id = weu.cal_id AND we.cal_id = ?
65
AND ( we.cal_create_by = ? OR weu.cal_login = ? )',
66
array ( $id, $login, $login ) );
68
$row = dbi_fetch_row ( $res );
69
if ( $row && $row[0] > 0 )
70
$is_my_event = true; // user is participant
72
dbi_free_result ( $res );
77
if ( empty ( $ALLOW_ATTACH ) || $ALLOW_ATTACH != 'Y' )
78
$error = print_not_auth (9);
79
else if ( empty ( $error ) && $ALLOW_ATTACH_PART == 'Y' && $is_my_event )
81
else if ( $ALLOW_ATTACH_ANY == 'Y' )
83
} else if ( $type == 'C' ) {
84
if ( empty ( $ALLOW_COMMENTS ) || $ALLOW_COMMENTS != 'Y' )
85
$error = print_not_auth (10);
86
else if ( empty ( $error ) && $ALLOW_COMMENTS_PART == 'Y' && $is_my_event )
88
else if ( $ALLOW_COMMENTS_ANY == 'Y' )
92
if ( access_is_enabled () ) {
93
$can_add = $can_add || access_user_calendar ( 'edit', $user );
97
$error = print_not_auth (6);
99
if ( ! empty ( $error ) ) {
101
echo print_error ( $error );
102
echo print_trailer ();
106
// Handle possible POST first
107
if ( empty ( $REQUEST_METHOD ) )
108
$REQUEST_METHOD = $_SERVER['REQUEST_METHOD'];
109
if ( $REQUEST_METHOD == 'POST' ) {
112
$res = dbi_execute ( 'SELECT MAX( cal_blob_id ) FROM webcal_blob' );
114
die_miserable_death ( str_replace ( 'XXX', dbi_error (),
115
translate ( 'Database error XXX.' ) ) );
116
$row = dbi_fetch_row ( $res );
117
$nextid = ( ! empty ( $row ) ? $row[0] + 1 : 1 );
118
dbi_free_result ( $res );
120
if ( $type == 'C' ) {
122
$description = getValue ( 'description' );
123
$comment = getValue ( 'comment' );
124
if ( ! dbi_execute ( 'INSERT INTO webcal_blob ( cal_blob_id, cal_id,
125
cal_login, cal_name, cal_description, cal_size, cal_mime_type, cal_type,
126
cal_mod_date, cal_mod_time, cal_blob )
127
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )', array ( $nextid, $id, $login,
128
NULL, $description, 0, 'text/plain', 'C', date ( 'Ymd' ), date ( 'His' ),
130
$error = db_error ();
132
if ( ! dbi_update_blob ( 'webcal_blob', 'cal_blob',
133
"cal_blob_id = $nextid", $comment ) )
134
$error = db_error ();
136
// success! redirect to view event page
137
activity_log ( $id, $login, $login, LOG_COMMENT, '' );
138
do_redirect ( "view_entry.php?id=$id" );
141
} else if ( $type == 'A' ) {
143
$description = getValue ( 'description' );
144
if ( ! empty ( $_FILES['FileName'] ) )
145
$file = $_FILES['FileName'];
146
if ( empty ( $file['file'] ) )
147
$error = 'File Upload error!<br />';
149
//print_r ( $file ); exit;
150
$mimetype = $file['type'];
151
$filesize = $file['size'];
152
$filename = $file['name'];
153
$tmpfile = $file['tmp_name'];
154
if ( empty ( $description ) )
155
$description = $filename;
158
$fd = @fopen ( $tmpfile, 'r' );
160
die_miserable_death ( "Error reading temp file: $tmpfile" );
161
if ( ! empty ( $error ) ) {
162
while ( ! feof ( $fd ) ) {
163
$data .= fgets ( $fd, 4096 );
168
$comment = getValue ( 'description' );
169
if ( ! dbi_execute ( 'INSERT INTO webcal_blob ( cal_blob_id, cal_id,
170
cal_login, cal_name, cal_description, cal_size, cal_mime_type, cal_type,
171
cal_mod_date, cal_mod_time, cal_blob )
172
VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )', array ( $nextid, $id, $login,
173
$filename, $description, $filesize, $mimetype, 'A', date ( 'Ymd' ),
174
date ( 'His' ), NULL ) ) )
175
$error = db_error ();
177
if ( ! dbi_update_blob ( 'webcal_blob', 'cal_blob',
178
"cal_blob_id = $nextid", $data ) ) {
179
$error = db_error ();
181
// success! redirect to view event page
182
activity_log ( $id, $login, $login, LOG_ATTACHMENT, $filename );
183
do_redirect ( "view_entry.php?id=$id" );
187
die_miserable_death ( 'Unsupported type' ); // programmer error
190
if ( ! empty ( $error ) ) {
192
echo print_error ( $error );
193
echo print_trailer ();
200
<h2><?php echo $title;?></h2>
202
<?php if ( $type == 'C' ) {
205
<form action="docadd.php" method="post" name="docform">
206
<input type="hidden" name="id" value="<?php echo $id?>" />
207
<input type="hidden" name="type" value="C" />
211
<tr><td class="aligntop"><label for="description">
212
<?php etranslate ( 'Subject' )?>:</label></td>
213
<td><input type="text" name="description" size="50" maxlength="127" /></td></tr>
214
<!-- TODO: htmlarea or fckeditor support -->
215
<tr><td class="aligntop"><label for="comment">
216
<?php etranslate ( 'Comment' )?>:</label></td>
217
<td><textarea name="comment" rows="15" cols="60" wrap="auto"></textarea></td></tr>
219
<input type="submit" value="<?php etranslate ( 'Add Comment' )?>" /></td></tr>
223
<?php } else if ( $type == 'A' ) {
226
<form action="docadd.php" method="post" name="docform" enctype="multipart/form-data">
227
<input type="hidden" name="id" value="<?php echo $id?>" />
228
<input type="hidden" name="type" value="A" />
230
<tr class="browse"><td>
231
<label for="fileupload"><?php etranslate ( 'Upload file' );?>:</label></td><td>
232
<input type="file" name="FileName" id="fileupload" size="45" maxlength="50" />
233
<tr><td class="aligntop"><label for="description">
234
<?php etranslate ( 'Description' )?>:</label></td>
235
<td><input type="text" name="description" size="50" maxlength="127" /></td></tr>
238
<input type="submit" value="<?php etranslate ( 'Add Attachment' )?>" /></td></tr>
244
echo print_trailer (); ?>