diff --git a/archive.rewrite.conf b/archive.rewrite.conf
index 3f863ad..31cf55f 100644
--- a/archive.rewrite.conf
+++ b/archive.rewrite.conf
@@ -8,6 +8,9 @@ RewriteRule ^/activate/(.*)$ /activate.php?key=$1
 
 RewriteRule ^/search/(\d+)$ /search.php?pid=$1
 RewriteRule ^/search$ /search.php
+
+RewriteRule ^/([A-Z,a-z]\d+)/print$ /index.php?mode=print&id=$1
+
 RewriteRule ^/([A-Z,a-z]\d+)/edit/do/(\d+)$ /edit.php?mode=edit&id=$1&docoff=$2
 RewriteRule ^/([A-Z,a-z]\d+)/edit$ /edit.php?mode=edit&id=$1
 RewriteRule ^/([A-Z,a-z]\d+)/clone$ /edit.php?mode=clone&id=$1
@@ -49,5 +52,7 @@ RewriteRule ^/clrcopy /edit.php?mode=clrcopy
 RewriteRule ^/uploadcopy /uploadcopy.php
 RewriteRule ^/maintenance /maintenance.php
 
+RewriteRule ^/settings /settings.php
+
 RewriteRule ^/scan/([^/]*) /scan.php?catid=$1
 RewriteRule ^/v1/(.*) /rest.php?cmd=$1
diff --git a/src/access.php b/src/access.php
index dcf84b6..5c3357d 100644
--- a/src/access.php
+++ b/src/access.php
@@ -1,6 +1,6 @@
 <?
   function setaccess($name,$type) { //////////////////////////////////////////////////////// set access for user
-    global $DB,$USER,$USERTYPE,$ROLE,$ACCESSQL,$USERPROJECTS,$ROLENAMES;
+    global $DB,$USER,$USERTYPE,$ROLE,$ACCESSQL,$LACCESSQL,$USERPROJECTS,$ROLENAMES;
 
     $q = mysqli_query($DB,"SELECT * FROM role");
     while($row = mysqli_fetch_assoc($q)) {
@@ -40,6 +40,7 @@
                                 "FROM projects,projectmember;");
         while($row = mysqli_fetch_assoc($res)) $USERPROJECTS[$row['pid']]=$row['name'];
         $ACCESSQL="";
+        $LACCESSQL="";
         
       } elseif ($ROLE==1 || $ROLE==2) { // ---------------------------------------------------------- admin/user
 
@@ -55,6 +56,7 @@
         $pl="";foreach($USERPROJECTS as $pid => $pname) $pl.="$pid,";                          // build ACCESSQL
         $pl=PR("/(^.*),\s*$/","($1)",$pl);
         $ACCESSQL="(cat.user='$USER' OR access='public' OR (access='project' AND project IN $pl)) AND cat.rm=0";
+        $LACCESSQL="(luser='$USER' OR laccess='public' OR (laccess='project' AND lproject IN $pl))";
 
       } elseif ($ROLE==3) { // -------------------------------------------------------------------- limited user
         
@@ -66,6 +68,7 @@
         $pl=PR("/(^.*),\s*$/","($1)",$pl);
         $ACCESSQL="(cat.user='$USER' OR cat.access='public' OR (cat.access='project' AND cat.project IN $pl)) ".
                   "AND cat.rm=0";
+        $LACCESSQL="(luser='$USER' OR laccess='public' OR (laccess='project' AND lproject IN $pl))";
       }
     
       return 1;
diff --git a/src/admin.php b/src/admin.php
index f4dc5d6..8ff6c5b 100644
--- a/src/admin.php
+++ b/src/admin.php
@@ -93,7 +93,6 @@
     
     <TD ALIGN=left style="white-space:nowrap">
     <? if ($row['type']==='local') { ?>
-
     <A HREF="/admin/deluser/<?=$row['uid']?>"
       onclick="return confirm('Delete user \'<?=$row['name']?>\' ?')" CLASS='icon'>
       <IMG HEIGHT=16 TITLE='Delete' SRC="/img/trash.png"></A>
@@ -102,8 +101,13 @@
       onclick="return confirm('Invite user \'<?=$row['name']?>\' again?')" CLASS='icon'>
       <IMG HEIGHT=16 TITLE='Invite Again' SRC="/img/mail.png"></A>
     <? } ?>
-    </TD>
+    <? } else { ?>
+      <A HREF="/admin/deluser/<?=$row['uid']?>"
+      onclick="return confirm('Lock user \'<?=$row['name']?>\' ?')" CLASS='icon'>
+      <IMG HEIGHT=16 TITLE='Lock User' SRC="/img/lock.png"></A>
+
     <? } ?>
+    </TD>
     </TR>
   <? } ?>
   </TABLE></CENTER>
diff --git a/src/edit.php b/src/edit.php
index c8fcd52..e01423c 100644
--- a/src/edit.php
+++ b/src/edit.php
@@ -258,7 +258,7 @@
   }
 
   if (PM("/^\d+$/",$catid) && $mode==='copy')  {                                              // copy id to list
-    if (chkeditaccess($catid)) { 
+    if (chkreadaccess($catid)) { 
       $_SESSION['copylist'][$catid]=$catid;
       header("Location: /home");exit;
     }
@@ -343,7 +343,7 @@
       $eoa=$row['oa'];
       
       for ($i=0;$i<$FMAX;$i++) $ef[$i]=$efl[$i]=$row["f$i"];
-      
+
       $J=json_decode($row['jsonmeta'],true);
     
       $sctype=$J['type'];
@@ -362,7 +362,7 @@
 
     if (PM("/^\s*$/",$otype)) $ctype=$otype;
 
-    if (PM("/^\s*$/",$ctype)) $ctype='data'; // ToDo: change to feault type
+    if (PM("/^\s*$/",$ctype)) $ctype=$DEVTYPE;
 
     if (!preg_match("/^\s*$/",$ctype)) {
       for ($i=0;$i<$FMAX;$i++) {
@@ -431,7 +431,7 @@
       <? } ?>
       <? if ($f[2]==1) { ?>
         <textarea WRAP=virtual COLS=72 ROWS=3 name=<?="f$n"?> 
-          style='width:600px;'><?= HSC($ef[$n]) ?></textarea></TD></TR>
+          style='width:600px;white-space: pre-wrap;'><?= HSC($ef[$n]) ?></textarea></TD></TR>
       <? } ?>
       
       <? if ($f[2]==3) { ?>
diff --git a/src/index.php b/src/index.php
index 80fc00d..f5d66d5 100644
--- a/src/index.php
+++ b/src/index.php
@@ -1,5 +1,6 @@
 <?
   include_once('init.php');include_once('header.php'); 
+	include_once('Parsedown.php');
 
   $mode=getpar('mode');
   $docid=getpar('docid');
@@ -69,6 +70,24 @@
 <? ///////////////////////////////////////////////////////////////////////////////////// display single entry ?>
 
 <? if ($numrows==1) { ?>
+  
+  <? 
+
+	if ($mode==='print') {
+  	exec("/db/bin/qrlabel $id '".$row['user']."' '".$row['f0']."'");
+    $connection = ssh2_connect('ripley.rz-berlin.mpg.de', 22,array('hostkey' => 'ssh-rsa'));
+ 
+    ssh2_auth_pubkey_file($connection, 'root','/db/ssh/id_rsa.pub','/db/ssh/id_rsa');
+ 
+	 	ssh2_scp_send($connection, "/db/tmp/$id.png", "/tmp/$id.png", 0644);
+ 		ssh2_exec($connection, "/usr/bin/lp -o fit-to-page -d archivzebra /tmp/$id.png");
+ 		ssh2_exec($connection, "/bin/rm /tmp/$id.png");
+	
+    header("Location: /$id");exit;
+	}
+ 
+  ?>  
+
   <? subheader(); ?>
 
   <H3>Metadata</H3>                                                                      <? // metedata table ?>
@@ -79,6 +98,12 @@
       <A HREF="/<?=$xid?>/edit" CLASS='icon'>
         <IMG HEIGHT=16 TITLE='Edit' SRC="/img/pencil.png"></A>
 
+<?	if (isset($LABELPRINTER)) { ?>
+
+      <A HREF="/<?=$xid?>/print" CLASS='icon'>
+        <IMG HEIGHT=16 TITLE='Print Label' SRC="/img/print.png"></A>
+<? } ?>
+
       <A HREF="/<?=$xid?>/copy" CLASS='icon'>
         <IMG HEIGHT=16 TITLE='Copy' SRC="/img/copy.png"></A>
       
@@ -97,13 +122,22 @@
          <IMG HEIGHT=16 TITLE='Delete' SRC="/img/trash.png"></A>
     <? } ?>
     <? if ($row['fixed']==1) { ?>
+          <A HREF="/<?=$xid?>/copy" CLASS='icon'>
+        <IMG HEIGHT=16 TITLE='Copy' SRC="/img/copy.png"></A>
+
+      <A HREF="/<?=$xid?>/clone" CLASS='icon'>
+      <IMG HEIGHT=16 TITLE='Clone' SRC="/img/clone.png"></A>
+
+			&nbsp;&nbsp;&nbsp;
+    
       <IMG HEIGHT=11 TITLE='' SRC="/img/lock_grey.png">
       <SPAN STYLE='font-size:80%;color:#CCC;'>fixed entry</SPAN>
     <? } ?>
     </TD></TR> 
   <? } ?>
   
-  <TR><TH ALIGN=left>Id</TH><TD><?= $row['id'] ?><? if ($TAG==='DEV') {?> / <?= $row['catid']?><? } ?></TD></TR>
+  <TR><TH ALIGN=left>Id</TH><TD><?= $row['id'] ?>
+  <? if ($TAG==='DEV') {?> / <?= $row['catid']?><? } ?></TD></TR>
 
   <? if (count($gen)) { ?>
     <TR><TH ALIGN=left>Ancestry:</TH>
@@ -190,6 +224,19 @@
         $tmp=AL($row["f$n"]);
       }
     ?>
+    
+    <?
+    	if ($f[0]==='Comment' || $f[0]==='Abstract') {
+				
+				//$tmp=preg_replace('/\n/', "<BR>", $tmp);
+    				
+    		$Parsedown = new Parsedown();
+
+    		$tmp= $Parsedown->text($tmp); 
+    		
+    	}
+    ?>
+    
     <TR><TH ALIGN=left><?= $f[0] ?></TH><TD><?= $tmp ?></TD></TR>
     <? } ?>
   <? } ?>
@@ -252,8 +299,9 @@
 
   <? } ?>
   
-  <? // ----------------------------------------------------------------------------------------- document table
+<?= $_SESSION['s_ft'] ?>
 
+  <? // ----------------------------------------------------------------------------------------- document table
     $fres=mydo($DB,"SELECT count(*) AS c FROM docs WHERE catid=".$row['catid']." AND rm=0",1);
     $frow = mysqli_fetch_assoc($fres);
     $fnumrows=$frow['c'];
@@ -290,8 +338,16 @@
 
     <? while($row = mysqli_fetch_assoc($res)) { ?>
       <TR>
-      <TD><A HREF="/send/<?= idencode($catid,$row['docid'])?>"><?= $row['docid'] ?></A></TD>
-      <TD><A HREF="/send/<?= idencode($catid,$row['docid'])?>"><?= $row['filename'] ?></A></TD>
+      <TD>
+        <? if (isset($_SESSION['ftres'][$row['docid']])) {?><B><?}?>
+        <A HREF="/send/<?= idencode($catid,$row['docid'])?>"><?= $row['docid'] ?></A>
+        <? if (isset($_SESSION['ftres'][$row['docid']])) {?></B><?}?>
+      </TD>
+      <TD>
+        <? if (isset($_SESSION['ftres'][$row['docid']])) {?><B><?}?>
+        <A HREF="/send/<?= idencode($catid,$row['docid'])?>"><?= $row['filename'] ?></A>
+        <? if (isset($_SESSION['ftres'][$row['docid']])) {?></B><?}?>
+      </TD>
       <TD><?= $row['ts'] ?></TD>
       <TD><?= $row['comment'] ?></TD>
       <TD ALIGN=center><?= formsize($row['size']) ?></TD>
@@ -384,7 +440,8 @@
   <DIV id=head>
   <FORM action="/" method="post"> 
   <TABLE WIDTH=100%>
-  <TR><TD VALIGN=top><H2>Type:</H2></TD><TD><? if ($TYPE==='ALL') $tmp="button"; else $tmp="ubutton";   ?>
+  <TR><TD VALIGN=top WIDTH=10><H2>Type:</H2></TD><TD>
+  <? if ($TYPE==='ALL') $tmp="button"; else $tmp="ubutton";   ?>
   <input type="submit" name="type" value="ALL" class="<?=$tmp?>">
   <? foreach($TYPES as $t) { ?>
     <? if (SU($t)===SU($TYPE)) $tmp="button"; else $tmp="ubutton"; ?>
@@ -400,7 +457,8 @@
   </FORM></TD>
   </TR>
   
-  <TR><TD VALIGN=top><H2>Project:</H2></TD><TD><? if ($PROJECT==='ALL') $tmp="button"; else $tmp="ubutton";   ?>
+  <TR><TD VALIGN=top WIDTH=10><H2>Project:</H2></TD><TD>
+  <? if ($PROJECT==='ALL') $tmp="button"; else $tmp="ubutton";   ?>
   <input type="submit" name="project" value="ALL" class="<?=$tmp?>">
   <?  foreach($USERPROJECTS as $pid => $pname) { ?>
     <? if (SU($pname)===SU($PROJECT)) $tmp="button"; else $tmp="ubutton"; ?>
diff --git a/src/init.php b/src/init.php
index dba2bce..19cbcc8 100644
--- a/src/init.php
+++ b/src/init.php
@@ -6,10 +6,10 @@
   include_once('access.php');
   include_once('tools.php');
   
-  function callback($buffer) {                               // cleanup html output (disable with $NOCLEAN=true)
-    return PR("/^\s+/m","",$buffer);
-  }
-  if (!$NOCLEAN) ob_start("callback");
+//   function callback($buffer) {                               // cleanup html output (disable with $NOCLEAN=true)
+//     return PR("/^\s+/m","",$buffer);
+//   }
+//   if (!$NOCLEAN) ob_start("callback");
 
   global $DB;                                                                             // connect to database
   $DB=@mysqli_connect($MYHOST,$MYUSER,$MYPW,$MYDB);
@@ -49,8 +49,9 @@
   }
 
   global $USER,$ROLE,$ROLENAMES,$USERPROJECTS,$PROJECTS,$PROJECTNAMES,$ACCESSQL,$TCHR,$VERSION;
-  global $TITLE,$DEBUG,$STDEF,$STYPES,$LMSG,$PROJECTPRIV,$ALLFIELDS,$DEFSEARCHFIELD,$IDPAT;
-
+  global $TITLE,$DEBUG,$STDEF,$STYPES,$LMSG,$PROJECTPRIV,$ALLFIELDS,$DEFSEARCHFIELD,$IDPAT,$DEVTYPE;
+	global $LABELPRINTER;
+	
   $USER='';$USERTYPE='';$ROLE='';$ACCESSQL='';$ROLENAMES=array();$USERPROJECTS=array();
   
   $res = mysqli_query($DB,"SELECT * FROM projects");
@@ -64,5 +65,4 @@
   
   phplog('','info');  
   
-?>
-
+?>
\ No newline at end of file
diff --git a/src/login.php b/src/login.php
index c695dc3..6c460d5 100644
--- a/src/login.php
+++ b/src/login.php
@@ -16,7 +16,6 @@
   
   session_unset();session_destroy();
 ?>
-
 <?php if(!isset($_SESSION['USER'])) { ?>
   <BR><CENTER>
   <? if (!PM("/^\s*$/",$LMSG)) { ?>
@@ -32,5 +31,4 @@
   </form>
   </CENTER>
 <?php } ?>
-
 <? include_once('footer.php'); ?>
diff --git a/src/preview.php b/src/preview.php
index 663dfa6..3691333 100644
--- a/src/preview.php
+++ b/src/preview.php
@@ -63,7 +63,7 @@
   <?  readfile($prevfilepath); ?>
   </PRE>
 <? } else if (PM("/^image\//",$prevmime)) { ?>
-  <P><IMG SRC='/p/<?=$catid?>/<?=$docid?>/<?=$prevfilename?>' WIDTH=100%>
+  <P><IMG SRC='/p/<?=$catid?>/<?=$docid?>/<?=$prevfilename?>' style='height: width:100%;'>
 <? } else if (PM("/^application\/pdf$/",$prevmime)) { ?>
   <? header("Location: /send/".idencode($catid,$row['docid']));exit; ?>
 <? } else { ?>
diff --git a/src/rest.php b/src/rest.php
index 000c78f..9f89dad 100644
--- a/src/rest.php
+++ b/src/rest.php
@@ -2,7 +2,7 @@
 $NOLOGIN=1;
 
 require('./init.php');
-
+// sleep(1);
 function jfailed($err='') {
   header('Content-Type: application/json');
   if (strlen($err)>0) echo json_encode(array('success' => 0, 'error' => $err))."\n";
@@ -28,8 +28,6 @@ if ($cmd==='login') {
   jfailed('login failed');
 }
 
-mydo($DB,"DELETE FROM tokens WHERE unix_timestamp(now())-unix_timestamp(ts)>86400");
-
 $J = json_decode(file_get_contents('php://input'), true);                           // load user info from token
 
 if ($J==null) jfailed("invalid json");
@@ -41,7 +39,7 @@ if ($numrows==1) {
   $row = mysqli_fetch_assoc($res);    
   
   if ($_SERVER['REMOTE_ADDR']===$row['ip']) {
-    mydo($DB,"UPDATE tokens SET ts=now() WHERE token='".$J['token']."'");          
+    mydo($DB,"UPDATE tokens SET ts=now() WHERE token='".$J['token']."'",1);          
 
     $name=$row['name'];
     $type=$row['type'];
@@ -52,6 +50,14 @@ if (!setaccess($name,$type)) jfailed("login failed");
 
 ////////////////////////////////////////////////////////////////////////////////////////////////// rest commands
 
+if ($cmd==='renew') { ////////////////////////////////////////////////////////////////////////////// renew token
+  $I=array();
+  $J=json_decode(file_get_contents('php://input'), true);
+  $newtoken=id62(16);
+  mydo($DB,"UPDATE tokens SET ts=now(),token='".$newtoken."' WHERE token='".$J['token']."'",1);          
+  jsuccess(array('success' => 1, 'token' => $newtoken));
+}
+
 if ($cmds[0]==='download') { ///////////////////////////////////////////////////////////////////// download file
   
   $catid=catidfromid($cmds[1]); if ($catid==-1) jfailed("id not found");
@@ -114,6 +120,7 @@ if ($cmds[0]==='directupload' || $cmds[0]==='urlupload') { //////////////// uplo
     $J=json_decode(file_get_contents('php://input'), true);
 
     $fn=$J['filename'];
+    $comment=$J['comment'];
     $fid=id62(12);
 
     if ($cmds[0]==='directupload') {
@@ -131,7 +138,8 @@ if ($cmds[0]==='directupload' || $cmds[0]==='urlupload') { //////////////// uplo
     $mysqlts=date('Y-m-d H:i:s');
 
     $sql="INSERT INTO docs SET docid=0,catid=$catid,ts='$mysqlts',rm=0,md5='$md5',filename='".
-         mysqli_escape_string($DB,$fn) ."',mime='".mysqli_escape_string($DB,$mime)."',size=$size";
+         mysqli_escape_string($DB,$fn) ."',comment='".mysqli_escape_string($DB,$comment).
+         "',mime='".mysqli_escape_string($DB,$mime)."',size=$size";
     $res= mydo($DB,$sql);
     $docid=mysqli_insert_id($DB);
 
@@ -158,7 +166,7 @@ if ($cmd==='list') { ///////////////////////////////////////////////////////////
   if ($numrows>0) {
   
     while($row = mysqli_fetch_assoc($res)) { 
-      array_push($I,$row['catid']);
+      array_push($I,$row['id']);
     }
     
     jsuccess(array('success' => 1, 'ids' => $I));
@@ -196,6 +204,186 @@ if ($cmd==='projects') { ///////////////////////////////////////////////////////
   jsuccess(array('success' => 1, 'projects' => $I));
 }
 
+if ($cmds[0]==='metadump') { /////////////////////////////////////////////////////////// bulk get entry data
+
+  $CTI=array();
+  $sql="SELECT id,catid FROM cat";
+  $res=mydo($DB,$sql,1);
+  while($r = mysqli_fetch_assoc($res)) {
+    $CTI[$r['catid']]=$r['id'];
+  }
+
+  $JJ = array('success' => 1);
+
+  $sql="SELECT * FROM cat WHERE rm=0 AND $ACCESSQL"; 
+  $res=mydo($DB,$sql,1);
+
+  $numrows =mysqli_num_rows($res);
+
+  if ($numrows>0) { 
+    $I=array(); 
+    while($row = mysqli_fetch_assoc($res)) {
+       
+      $comment =$row['comment'];if (PM("/^\s*$/",$row['comment'])) $comment=""; 
+        
+      $J=array('catid'=> $row['catid'],
+               'id' => $row['id'],
+               'comment' => $comment,
+               'tent'=>$row['tent'],
+               'tcha'=>$row['tcha'],
+               'project'=>$project,
+               'user'=>$row['user'],
+               'type'=>$row['type']);
+
+      for ($i=0;$i<$FMAX;$i++) {
+        $key=$FMAP[$row['type']][$i][0];
+        if (!PM("/^\s*$/",$row["f$i"])) $J[$key]=$row["f$i"];            
+      }            
+
+      $J["jasondata"]=  json_decode($row['jsondata']);  
+
+      array_push($I,$J);                       
+
+    }
+    $JJ["cat"]=$I;
+  }
+
+  $sql="SELECT * FROM cat,links,".
+       "(select access as laccess,project as lproject,catid as lcatid,user as luser from cat) AS L ".
+       "WHERE cat.rm=0 AND cat.catid=links.catid AND links.link=lcatid AND $LACCESSQL AND $ACCESSQL"; 
+  $res=mydo($DB,$sql,1);
+  $numrows =mysqli_num_rows($res);
+
+  if ($numrows>0) { 
+    $I=array(); 
+    while($row = mysqli_fetch_assoc($res)) {
+      $J=array('lid'  => $row['lid'],
+               'ts' => $row['ts'],
+               'catid' => $CTI[$row['catid']],
+               'link' => $CTI[$row['link']]);
+      array_push($I,$J);
+    }
+    $JJ["links"]=$I; 
+  }
+
+  $sql="select * from gen where rm=0"; 
+  $res=mydo($DB,$sql,1);
+  $numrows =mysqli_num_rows($res);
+
+  if ($numrows>0) { 
+    $I=array(); 
+    while($row = mysqli_fetch_assoc($res)) {
+      $J=array('ts' => $row['ts'],
+               'catid' => $CTI[$row['catid']],
+               'parent' => $CTI[$row['parent']],
+               'gen' => $row['gen']);
+                          
+      array_push($I,$J);
+    }
+    $JJ["gen"]=$I;
+  }	
+
+  jsuccess($JJ);
+
+}
+
+if ($cmds[0]==='bulk') { /////////////////////////////////////////////////////////////////// bulk get entry data
+  
+  $xids=explode(',',$cmds[1]);
+  $JJ=array();
+
+  $CTI=array();
+  $sql="SELECT id,catid FROM cat";
+  $res=mydo($DB,$sql,1);
+  while($r = mysqli_fetch_assoc($res)) {
+    $CTI[$r['id']]=$r['catid'];
+  }
+
+  foreach ($xids as $xid) {
+    if (!array_key_exists($xid, $CTI)) jfailed("id not found");
+
+    $catid=$CTI[$xid];  
+  
+    $gen=array();
+    $sql="SELECT * FROM gen WHERE catid=$catid AND rm=0 ORDER BY gen";
+    $res=mydo($DB,$sql,1);
+    while($r = mysqli_fetch_assoc($res)) {
+      array_push($gen,$CTI[$r['parent']]);
+    }
+    
+    $par=array();
+    $sql="SELECT * FROM gen WHERE parent=$catid AND rm=0 ORDER BY gen";
+    $res=mydo($DB,$sql,1);
+    while($r = mysqli_fetch_assoc($res)) {
+      array_push($par,$CTI[$r['catid']]);
+    }
+
+    $sql="SELECT * FROM cat WHERE catid=$catid AND $ACCESSQL"; 
+    $res=mydo($DB,$sql,1);
+
+    $numrows =mysqli_num_rows($res);
+    if ($numrows==1) {
+      $row = mysqli_fetch_assoc($res);    
+
+      $project=$PROJECTS[$row['project']];
+  
+      $J = array('success' => 1,
+                 'id'=>$row['id'],
+                 'tent'=>$row['tent'],
+                 'tcha'=>$row['tcha'],
+                 'project'=>$project,
+                 'user'=>$row['user'],
+                 'type'=>$row['type']);
+  
+      if (count($gen)>0) $J['ancestry'] = $gen;
+      if (count($par)>0) $J['descendants'] = $par;
+  
+      for ($i=0;$i<$FMAX;$i++) {
+        $key=$FMAP[$row['type']][$i][0];
+        if (!PM("/^\s*$/",$row["f$i"])) $J[$key]=$row["f$i"];            
+      }            
+          
+      $J["jasondata"]=  json_decode($row['jsondata']);  
+           
+      $I=array(); 
+
+      $sql="SELECT * FROM docs WHERE catid=$catid AND rm=0";  
+      $res=mydo($DB,$sql,1);
+      $fnumrows =mysqli_num_rows($res);
+      if ($fnumrows>0) { 
+        while($row = mysqli_fetch_assoc($res)) {
+        
+         $comment =$row['comment'];if (PM("/^\s*$/",$row['comment'])) $comment=""; 
+        
+          array_push($I,array('id'       => $row['docid'],
+                              'filename' => $row['filename'],
+                              'comment'  => $comment,
+                              'size'     => $row['size'],
+                              'mimetype' => $row['mime']));
+        }
+        $J["files"]=$I;
+      }
+      
+      $I=array(); 
+      $sql="select * from cat,links where links.catid=$catid and cat.catid=links.link and $ACCESSQL"; 
+  
+      $res=mydo($DB,$sql,1);
+      $fnumrows =mysqli_num_rows($res);
+      if ($fnumrows>0) { 
+        while($lrow = mysqli_fetch_assoc($res)) {
+          array_push($I,array('lid'  => $lrow['lid'],
+                              'link' => $lrow['id']));
+        }
+        $J["links"]=$I;
+      }
+    	array_push($JJ,$J);
+    }
+  }
+  
+  jsuccess($JJ);
+   
+}
+
 if ($cmds[0]==='get' || $cmds[0]==='getraw') { ////////////////////////////////////////////////// get entry data
   
   $catid=catidfromid($cmds[1]); if ($catid==-1) jfailed("id not found");
@@ -244,7 +432,7 @@ if ($cmds[0]==='get' || $cmds[0]==='getraw') { /////////////////////////////////
     $J["jasondata"]=  json_decode($row['jsondata']);  
          
     $I=array(); 
-    $sql="SELECT * FROM docs WHERE catid=$catid AND rm=0";  
+    $sql="SELECT * FROM docs WHERE catid=$catid AND rm=0 ORDER BY ts DESC";  
     $res=mydo($DB,$sql,1);
     $fnumrows =mysqli_num_rows($res);
     if ($fnumrows>0) { 
@@ -254,6 +442,7 @@ if ($cmds[0]==='get' || $cmds[0]==='getraw') { /////////////////////////////////
       
         array_push($I,array('id'       => $row['docid'],
                             'filename' => $row['filename'],
+                            'timestamp' => $row['ts'],
                             'comment'  => $comment,
                             'size'     => $row['size'],
                             'mimetype' => $row['mime']));
@@ -416,6 +605,29 @@ if ($cmds[0]==='edit') { ///////////////////////////////////////////////////////
   jfailed();
 }
 
+if ($cmds[0]==='fix') { ////////////////////////////////////////////////////////////////////////////// fix entry
+  $J=json_decode(file_get_contents('php://input'), true);
+
+  $catid=catidfromid($cmds[1]);if ($catid==-1) jfailed("id not found");
+
+  if (chkeditaccess($catid)) { 
+
+    $sql="SELECT * FROM cat WHERE catid=$catid AND $ACCESSQL"; 
+    $res=mydo($DB,$sql,1);
+      
+    $numrows =mysqli_num_rows($res);
+    if ($numrows==1) {
+      mydo($DB,"UPDATE cat SET fixed=1 WHERE catid=$catid");
+      alog($cmds[1],0,'fixed');
+      jsuccess(array('success' => 1, 'id' => $cmds[1]));
+    }
+  } else {
+    jfailed('no access');
+  }
+  
+  jfailed();
+}
+
 if ($cmds[0]==='delete') { //////////////////////////////////////////////////////////////////////// delete entry
   $J=json_decode(file_get_contents('php://input'), true);
 
@@ -546,16 +758,22 @@ if ($cmds[0]==='search') { /////////////////////////////////////////////////////
   $sql="SELECT * FROM cat WHERE (";
 
   foreach ($S as $s) {
-    foreach ($s['fields'] as $f) {
+		
+		$fa=array();
+  	if (array_key_exists('fields',$s)) $fa=$s['fields'];
+		else $fa=range(0,31);
+
+    foreach ($fa as $f) {
       $sql.="(";  
       foreach ($s['keys'] as $k) {
-  
+    
         $sql.="f$f LIKE '%$k%' OR ";
       }
       $sql=PR("/\s*OR\s*$/",") OR ",$sql);
     }
     $sql=PR("/\s*OR\s*$/","",$sql);
     $sql.=" AND ";
+
   }
   $sql=PR("/\s*AND\s*$/","",$sql);
   $sql.=") AND $ACCESSQL";
@@ -597,7 +815,7 @@ if ($cmds[0]==='jsonadd') { ////////////////////////////////////////////////////
   jfailed();
 }
 
-if ($cmds[0]==='jsonget') { ////////////////////////////////////////////////////////////////////// add json data
+if ($cmds[0]==='jsonget') { ////////////////////////////////////////////////////////////////////// get json data
   $J=json_decode(file_get_contents('php://input'), true);
 
   $catid=catidfromid($cmds[1]);if ($catid==-1) jfailed("id not found");
@@ -651,4 +869,4 @@ if ($cmds[0]==='jsonsearch') { /////////////////////////////////////////////////
   jsuccess(array('success' => 1, 'result' => $I));
 }
 
-?>
+?>
\ No newline at end of file
diff --git a/src/search.php b/src/search.php
index 7611872..6ecbac6 100644
--- a/src/search.php
+++ b/src/search.php
@@ -13,6 +13,7 @@
     unset($_SESSION['s_json2']);
     $_SESSION['s_op']='AND';
     unset($_SESSION['s_usr']);
+    unset($_SESSION['s_ft']);
     unset($_SESSION['s_all']);
     unset($_SESSION['s_id']);
     unset($_SESSION['s_fn']);
@@ -34,7 +35,7 @@
       $_POST["s_field$fn"] =$S['s_field'][$fn];
       $_POST["s_fieldop$fn"]    =$S['s_fieldop'][$fn];
     }
-    foreach (array('type','project','s_op','s_json1','s_json2','s_usr','s_all','s_id','s_fn') as $val) {
+    foreach (array('type','project','s_op','s_json1','s_json2','s_usr','s_ft','s_all','s_id','s_fn') as $val) {
       $_POST[$val]=$S[$val];
     }
     $TYPE=$S['type'];
@@ -49,7 +50,7 @@
   if (!PM("/^\s*$/",getpar('project'))) $_SESSION['currentproject']=getpar('project');
   $PROJECT=$_SESSION['currentproject'];
 
-  foreach (array('s_op','s_json1','s_json2','s_usr','s_all','s_id','s_fn') as $val) {
+  foreach (array('s_op','s_json1','s_json2','s_usr','s_ft','s_all','s_id','s_fn') as $val) {
     if (isset($_POST[$val])) $_SESSION[$val]=getpar($val);
     $S[$val]=$_SESSION[$val];
   }
@@ -82,6 +83,15 @@
   }
   $MS=PR("/,\s*$/","",$MS);
 
+  unset($_SESSION["ftres"]);
+  if (!PM("/^\s*$/",$S['s_ft'])) {
+    $res=mydo($DB,"SELECT catid,docid FROM ft WHERE ft LIKE '%".$S['s_ft']."%'",1);
+    while($row = mysqli_fetch_assoc($res)) { 
+      phplog($row['docid']);
+      $_SESSION['ftres'][$row['docid']]=$row['catid'];
+    }
+  }
+
   foreach($TYPES as $type) {
     foreach($FMAP[$type] as $n => $f) {
       $ALLFIELDS[$f[0]]=1;
@@ -192,7 +202,11 @@
         $searchsql.=" AND (catid=".catidfromid($M[1].$M[2]).")";
       }
     }   
-    
+
+    if (!PM("/^\s*$/",$S['s_ft'])) {
+      $searchsql.=" AND (cat.catid in (select ft.catid from ft where ft like '%".$S['s_ft']."%'))";
+    }   
+
     $FX='';
     for ($n=1;$n<$FSM;$n++) {
       if ($S['s_fieldop'][$n]==='AND') $FX.="1";
@@ -268,7 +282,7 @@
   </FORM></TD>
   </TR>
   
-  <TR><TD VALIGN=top><H2>Project:</H2></TD><TD><? if ($PROJECT==='ALL') $tmp="button"; else $tmp="ubutton";   ?>
+  <TR><TD VALIGN=top><H2>Project:</H2></TD><TD><? if ($PROJECT==='ALL') $tmp="button"; else $tmp="ubutton"; ?>
   <input type="submit" name="project" value="ALL" class="<?=$tmp?>">
   <?  foreach($USERPROJECTS as $pid => $pname) { ?>
     <? if (SU($pname)===SU($PROJECT)) $tmp="button"; else $tmp="ubutton"; ?>
@@ -325,7 +339,13 @@
       <INPUT type="search" name="s_json2" value="<?=$S['s_json2']?>" onsearch="onsearchsearch(this)" 
         style='text-align:left;width:380px;'>
     </TD></TR>
+
+    <TR><TD HEIGHT=8></TD></TR>
     
+    <TR><TD><H2>Fulltext: </H2></TD>
+    <TD COLSPAN=3 ><input type="search" name="s_ft" value="<?=$S['s_ft']?>" onsearch="onsearchsearch(this)" 
+               style='text-align:left;width:300px;'></TD></TR>
+
     <TR><TD HEIGHT=8></TD></TR>
 
     <TR><TD><H2>Save As:</H2> </TD><TD colspan=2>
@@ -370,11 +390,11 @@
   </TABLE>
   <P>
 
-<? function fieldsearch($fn) { global $FSM,$ALLFIELDS,$S; // ------------------------------ search field macro ?>
+<? function fieldsearch($fn) { global $FSM,$ALLFIELDS,$S; // ----------------------------- search field macro ?>
   <DIV CLASS="select">
   <SELECT NAME="s_field<?=$fn?>" class=select>
   <? foreach($ALLFIELDS as $field => $n) { ?>
-    <OPTION VALUE='<?= $field ?>' <? if ($field===$S['s_field'][$fn]) {?>SELECTED<?}?> ><?= SU($field) ?></OPTION>
+  <OPTION VALUE='<?= $field ?>' <? if ($field===$S['s_field'][$fn]) {?>SELECTED<?}?> ><?= SU($field) ?></OPTION>
   <? } ?>
   </SELECT>  <DIV class="select_arrow"></DIV></DIV></TD>
   <TD><input type="search" name="<?="s_key$fn"?>" value="<?=$S['s_key'][$fn]?>" onsearch="onsearchsearch(this)" 
diff --git a/src/tools.php b/src/tools.php
index 8c7d5f1..507e409 100644
--- a/src/tools.php
+++ b/src/tools.php
@@ -168,6 +168,8 @@
 
   function mydo($db,$sql,$quiet=0) { // ------------------------------------------------------------ mysql query
     if (!$quiet) phplog($sql,'sql');
+    phplog($sql,'sql');
+    
     $res=mysqli_query($db,$sql);
     myerr($db,$sql);
     return $res;
@@ -218,6 +220,20 @@
   	}
   }
 
+  function xphplog($msg,$type='info',$debuglevel=1) { // ------------------------------------------ write php log
+    global $PHPLOG,$TAG,$USER,$DEBUG;
+    if ($DEBUG>=$debuglevel) {
+    	$ip=$_SERVER['REMOTE_ADDR'];
+    	$url=$_SERVER['REQUEST_URI'];
+    	
+    	if (PM("/^\s*$/",$msg)) {
+    		error_log(date("Y-m-d H:i:s")."|$type|$TAG|$ip|$USER\n", 3,$PHPLOG);
+    	} else {
+    		error_log(date("Y-m-d H:i:s")."|$type|$TAG|$ip|$USER|$msg\n", 3,$PHPLOG);
+  		}
+  	}
+  }
+
   function HSC($str) { // -------------------------------------------------------- shortcut for htmlspecialchars
     return htmlspecialchars($str);
   }
diff --git a/src/version.php b/src/version.php
index 41647da..28a10bf 100644
--- a/src/version.php
+++ b/src/version.php
@@ -1,3 +1,3 @@
 <?
-  $VERSION='1.0.121';
+  $VERSION='1.0.176';
 ?>

Type:	+
Type:	+ @@ -400,7 +457,8 @@
Project:	+
Project:	+ $pname) { ?> diff --git a/src/init.php b/src/init.php index dba2bce..19cbcc8 100644 --- a/src/init.php +++ b/src/init.php @@ -6,10 +6,10 @@ include_once('access.php'); include_once('tools.php'); - function callback($buffer) { // cleanup html output (disable with $NOCLEAN=true) - return PR("/^\s+/m","",$buffer); - } - if (!$NOCLEAN) ob_start("callback"); +// function callback($buffer) { // cleanup html output (disable with $NOCLEAN=true) +// return PR("/^\s+/m","",$buffer); +// } +// if (!$NOCLEAN) ob_start("callback"); global $DB; // connect to database $DB=@mysqli_connect($MYHOST,$MYUSER,$MYPW,$MYDB); @@ -49,8 +49,9 @@ } global $USER,$ROLE,$ROLENAMES,$USERPROJECTS,$PROJECTS,$PROJECTNAMES,$ACCESSQL,$TCHR,$VERSION; - global $TITLE,$DEBUG,$STDEF,$STYPES,$LMSG,$PROJECTPRIV,$ALLFIELDS,$DEFSEARCHFIELD,$IDPAT; - + global $TITLE,$DEBUG,$STDEF,$STYPES,$LMSG,$PROJECTPRIV,$ALLFIELDS,$DEFSEARCHFIELD,$IDPAT,$DEVTYPE; + global $LABELPRINTER; + $USER='';$USERTYPE='';$ROLE='';$ACCESSQL='';$ROLENAMES=array();$USERPROJECTS=array(); $res = mysqli_query($DB,"SELECT * FROM projects"); @@ -64,5 +65,4 @@ phplog('','info'); -?> - +?> \ No newline at end of file diff --git a/src/login.php b/src/login.php index c695dc3..6c460d5 100644 --- a/src/login.php +++ b/src/login.php @@ -16,7 +16,6 @@ session_unset();session_destroy(); ?> - @@ -32,5 +31,4 @@ - diff --git a/src/preview.php b/src/preview.php index 663dfa6..3691333 100644 --- a/src/preview.php +++ b/src/preview.php @@ -63,7 +63,7 @@ - + diff --git a/src/rest.php b/src/rest.php index 000c78f..9f89dad 100644 --- a/src/rest.php +++ b/src/rest.php @@ -2,7 +2,7 @@ $NOLOGIN=1; require('./init.php'); - +// sleep(1); function jfailed($err='') { header('Content-Type: application/json'); if (strlen($err)>0) echo json_encode(array('success' => 0, 'error' => $err))."\n"; @@ -28,8 +28,6 @@ if ($cmd==='login') { jfailed('login failed'); } -mydo($DB,"DELETE FROM tokens WHERE unix_timestamp(now())-unix_timestamp(ts)>86400"); - $J = json_decode(file_get_contents('php://input'), true); // load user info from token if ($J==null) jfailed("invalid json"); @@ -41,7 +39,7 @@ if ($numrows==1) { $row = mysqli_fetch_assoc($res); if ($_SERVER['REMOTE_ADDR']===$row['ip']) { - mydo($DB,"UPDATE tokens SET ts=now() WHERE token='".$J['token']."'"); + mydo($DB,"UPDATE tokens SET ts=now() WHERE token='".$J['token']."'",1); $name=$row['name']; $type=$row['type']; @@ -52,6 +50,14 @@ if (!setaccess($name,$type)) jfailed("login failed"); ////////////////////////////////////////////////////////////////////////////////////////////////// rest commands +if ($cmd==='renew') { ////////////////////////////////////////////////////////////////////////////// renew token + $I=array(); + $J=json_decode(file_get_contents('php://input'), true); + $newtoken=id62(16); + mydo($DB,"UPDATE tokens SET ts=now(),token='".$newtoken."' WHERE token='".$J['token']."'",1); + jsuccess(array('success' => 1, 'token' => $newtoken)); +} + if ($cmds[0]==='download') { ///////////////////////////////////////////////////////////////////// download file $catid=catidfromid($cmds[1]); if ($catid==-1) jfailed("id not found"); @@ -114,6 +120,7 @@ if ($cmds[0]==='directupload' \|\| $cmds[0]==='urlupload') { //////////////// uplo $J=json_decode(file_get_contents('php://input'), true); $fn=$J['filename']; + $comment=$J['comment']; $fid=id62(12); if ($cmds[0]==='directupload') { @@ -131,7 +138,8 @@ if ($cmds[0]==='directupload' \|\| $cmds[0]==='urlupload') { //////////////// uplo $mysqlts=date('Y-m-d H:i:s'); $sql="INSERT INTO docs SET docid=0,catid=$catid,ts='$mysqlts',rm=0,md5='$md5',filename='". - mysqli_escape_string($DB,$fn) ."',mime='".mysqli_escape_string($DB,$mime)."',size=$size"; + mysqli_escape_string($DB,$fn) ."',comment='".mysqli_escape_string($DB,$comment). + "',mime='".mysqli_escape_string($DB,$mime)."',size=$size"; $res= mydo($DB,$sql); $docid=mysqli_insert_id($DB); @@ -158,7 +166,7 @@ if ($cmd==='list') { /////////////////////////////////////////////////////////// if ($numrows>0) { while($row = mysqli_fetch_assoc($res)) { - array_push($I,$row['catid']); + array_push($I,$row['id']); } jsuccess(array('success' => 1, 'ids' => $I)); @@ -196,6 +204,186 @@ if ($cmd==='projects') { /////////////////////////////////////////////////////// jsuccess(array('success' => 1, 'projects' => $I)); } +if ($cmds[0]==='metadump') { /////////////////////////////////////////////////////////// bulk get entry data + + $CTI=array(); + $sql="SELECT id,catid FROM cat"; + $res=mydo($DB,$sql,1); + while($r = mysqli_fetch_assoc($res)) { + $CTI[$r['catid']]=$r['id']; + } + + $JJ = array('success' => 1); + + $sql="SELECT * FROM cat WHERE rm=0 AND $ACCESSQL"; + $res=mydo($DB,$sql,1); + + $numrows =mysqli_num_rows($res); + + if ($numrows>0) { + $I=array(); + while($row = mysqli_fetch_assoc($res)) { + + $comment =$row['comment'];if (PM("/^\s$/",$row['comment'])) $comment=""; + + $J=array('catid'=> $row['catid'], + 'id' => $row['id'], + 'comment' => $comment, + 'tent'=>$row['tent'], + 'tcha'=>$row['tcha'], + 'project'=>$project, + 'user'=>$row['user'], + 'type'=>$row['type']); + + for ($i=0;$i<$FMAX;$i++) { + $key=$FMAP[$row['type']][$i][0]; + if (!PM("/^\s$/",$row["f$i"])) $J[$key]=$row["f$i"]; + } + + $J["jasondata"]= json_decode($row['jsondata']); + + array_push($I,$J); + + } + $JJ["cat"]=$I; + } + + $sql="SELECT * FROM cat,links,". + "(select access as laccess,project as lproject,catid as lcatid,user as luser from cat) AS L ". + "WHERE cat.rm=0 AND cat.catid=links.catid AND links.link=lcatid AND $LACCESSQL AND $ACCESSQL"; + $res=mydo($DB,$sql,1); + $numrows =mysqli_num_rows($res); + + if ($numrows>0) { + $I=array(); + while($row = mysqli_fetch_assoc($res)) { + $J=array('lid' => $row['lid'], + 'ts' => $row['ts'], + 'catid' => $CTI[$row['catid']], + 'link' => $CTI[$row['link']]); + array_push($I,$J); + } + $JJ["links"]=$I; + } + + $sql="select * from gen where rm=0"; + $res=mydo($DB,$sql,1); + $numrows =mysqli_num_rows($res); + + if ($numrows>0) { + $I=array(); + while($row = mysqli_fetch_assoc($res)) { + $J=array('ts' => $row['ts'], + 'catid' => $CTI[$row['catid']], + 'parent' => $CTI[$row['parent']], + 'gen' => $row['gen']); + + array_push($I,$J); + } + $JJ["gen"]=$I; + } + + jsuccess($JJ); + +} + +if ($cmds[0]==='bulk') { /////////////////////////////////////////////////////////////////// bulk get entry data + + $xids=explode(',',$cmds[1]); + $JJ=array(); + + $CTI=array(); + $sql="SELECT id,catid FROM cat"; + $res=mydo($DB,$sql,1); + while($r = mysqli_fetch_assoc($res)) { + $CTI[$r['id']]=$r['catid']; + } + + foreach ($xids as $xid) { + if (!array_key_exists($xid, $CTI)) jfailed("id not found"); + + $catid=$CTI[$xid]; + + $gen=array(); + $sql="SELECT * FROM gen WHERE catid=$catid AND rm=0 ORDER BY gen"; + $res=mydo($DB,$sql,1); + while($r = mysqli_fetch_assoc($res)) { + array_push($gen,$CTI[$r['parent']]); + } + + $par=array(); + $sql="SELECT * FROM gen WHERE parent=$catid AND rm=0 ORDER BY gen"; + $res=mydo($DB,$sql,1); + while($r = mysqli_fetch_assoc($res)) { + array_push($par,$CTI[$r['catid']]); + } + + $sql="SELECT * FROM cat WHERE catid=$catid AND $ACCESSQL"; + $res=mydo($DB,$sql,1); + + $numrows =mysqli_num_rows($res); + if ($numrows==1) { + $row = mysqli_fetch_assoc($res); + + $project=$PROJECTS[$row['project']]; + + $J = array('success' => 1, + 'id'=>$row['id'], + 'tent'=>$row['tent'], + 'tcha'=>$row['tcha'], + 'project'=>$project, + 'user'=>$row['user'], + 'type'=>$row['type']); + + if (count($gen)>0) $J['ancestry'] = $gen; + if (count($par)>0) $J['descendants'] = $par; + + for ($i=0;$i<$FMAX;$i++) { + $key=$FMAP[$row['type']][$i][0]; + if (!PM("/^\s$/",$row["f$i"])) $J[$key]=$row["f$i"]; + } + + $J["jasondata"]= json_decode($row['jsondata']); + + $I=array(); + + $sql="SELECT FROM docs WHERE catid=$catid AND rm=0"; + $res=mydo($DB,$sql,1); + $fnumrows =mysqli_num_rows($res); + if ($fnumrows>0) { + while($row = mysqli_fetch_assoc($res)) { + + $comment =$row['comment'];if (PM("/^\s$/",$row['comment'])) $comment=""; + + array_push($I,array('id' => $row['docid'], + 'filename' => $row['filename'], + 'comment' => $comment, + 'size' => $row['size'], + 'mimetype' => $row['mime'])); + } + $J["files"]=$I; + } + + $I=array(); + $sql="select from cat,links where links.catid=$catid and cat.catid=links.link and $ACCESSQL"; + + $res=mydo($DB,$sql,1); + $fnumrows =mysqli_num_rows($res); + if ($fnumrows>0) { + while($lrow = mysqli_fetch_assoc($res)) { + array_push($I,array('lid' => $lrow['lid'], + 'link' => $lrow['id'])); + } + $J["links"]=$I; + } + array_push($JJ,$J); + } + } + + jsuccess($JJ); + +} + if ($cmds[0]==='get' \|\| $cmds[0]==='getraw') { ////////////////////////////////////////////////// get entry data $catid=catidfromid($cmds[1]); if ($catid==-1) jfailed("id not found"); @@ -244,7 +432,7 @@ if ($cmds[0]==='get' \|\| $cmds[0]==='getraw') { ///////////////////////////////// $J["jasondata"]= json_decode($row['jsondata']); $I=array(); - $sql="SELECT * FROM docs WHERE catid=$catid AND rm=0"; + $sql="SELECT * FROM docs WHERE catid=$catid AND rm=0 ORDER BY ts DESC"; $res=mydo($DB,$sql,1); $fnumrows =mysqli_num_rows($res); if ($fnumrows>0) { @@ -254,6 +442,7 @@ if ($cmds[0]==='get' \|\| $cmds[0]==='getraw') { ///////////////////////////////// array_push($I,array('id' => $row['docid'], 'filename' => $row['filename'], + 'timestamp' => $row['ts'], 'comment' => $comment, 'size' => $row['size'], 'mimetype' => $row['mime'])); @@ -416,6 +605,29 @@ if ($cmds[0]==='edit') { /////////////////////////////////////////////////////// jfailed(); } +if ($cmds[0]==='fix') { ////////////////////////////////////////////////////////////////////////////// fix entry + $J=json_decode(file_get_contents('php://input'), true); + + $catid=catidfromid($cmds[1]);if ($catid==-1) jfailed("id not found"); + + if (chkeditaccess($catid)) { + + $sql="SELECT * FROM cat WHERE catid=$catid AND $ACCESSQL"; + $res=mydo($DB,$sql,1); + + $numrows =mysqli_num_rows($res); + if ($numrows==1) { + mydo($DB,"UPDATE cat SET fixed=1 WHERE catid=$catid"); + alog($cmds[1],0,'fixed'); + jsuccess(array('success' => 1, 'id' => $cmds[1])); + } + } else { + jfailed('no access'); + } + + jfailed(); +} + if ($cmds[0]==='delete') { //////////////////////////////////////////////////////////////////////// delete entry $J=json_decode(file_get_contents('php://input'), true); @@ -546,16 +758,22 @@ if ($cmds[0]==='search') { ///////////////////////////////////////////////////// $sql="SELECT * FROM cat WHERE ("; foreach ($S as $s) { - foreach ($s['fields'] as $f) { + + $fa=array(); + if (array_key_exists('fields',$s)) $fa=$s['fields']; + else $fa=range(0,31); + + foreach ($fa as $f) { $sql.="("; foreach ($s['keys'] as $k) { - + $sql.="f$f LIKE '%$k%' OR "; } $sql=PR("/\sOR\s$/",") OR ",$sql); } $sql=PR("/\sOR\s$/","",$sql); $sql.=" AND "; + } $sql=PR("/\sAND\s$/","",$sql); $sql.=") AND $ACCESSQL"; @@ -597,7 +815,7 @@ if ($cmds[0]==='jsonadd') { //////////////////////////////////////////////////// jfailed(); } -if ($cmds[0]==='jsonget') { ////////////////////////////////////////////////////////////////////// add json data +if ($cmds[0]==='jsonget') { ////////////////////////////////////////////////////////////////////// get json data $J=json_decode(file_get_contents('php://input'), true); $catid=catidfromid($cmds[1]);if ($catid==-1) jfailed("id not found"); @@ -651,4 +869,4 @@ if ($cmds[0]==='jsonsearch') { ///////////////////////////////////////////////// jsuccess(array('success' => 1, 'result' => $I)); } -?> +?> \ No newline at end of file diff --git a/src/search.php b/src/search.php index 7611872..6ecbac6 100644 --- a/src/search.php +++ b/src/search.php @@ -13,6 +13,7 @@ unset($_SESSION['s_json2']); $_SESSION['s_op']='AND'; unset($_SESSION['s_usr']); + unset($_SESSION['s_ft']); unset($_SESSION['s_all']); unset($_SESSION['s_id']); unset($_SESSION['s_fn']); @@ -34,7 +35,7 @@ $_POST["s_field$fn"] =$S['s_field'][$fn]; $_POST["s_fieldop$fn"] =$S['s_fieldop'][$fn]; } - foreach (array('type','project','s_op','s_json1','s_json2','s_usr','s_all','s_id','s_fn') as $val) { + foreach (array('type','project','s_op','s_json1','s_json2','s_usr','s_ft','s_all','s_id','s_fn') as $val) { $_POST[$val]=$S[$val]; } $TYPE=$S['type']; @@ -49,7 +50,7 @@ if (!PM("/^\s$/",getpar('project'))) $_SESSION['currentproject']=getpar('project'); $PROJECT=$_SESSION['currentproject']; - foreach (array('s_op','s_json1','s_json2','s_usr','s_all','s_id','s_fn') as $val) { + foreach (array('s_op','s_json1','s_json2','s_usr','s_ft','s_all','s_id','s_fn') as $val) { if (isset($_POST[$val])) $_SESSION[$val]=getpar($val); $S[$val]=$_SESSION[$val]; } @@ -82,6 +83,15 @@ } $MS=PR("/,\s$/","",$MS); + unset($_SESSION["ftres"]); + if (!PM("/^\s$/",$S['s_ft'])) { + $res=mydo($DB,"SELECT catid,docid FROM ft WHERE ft LIKE '%".$S['s_ft']."%'",1); + while($row = mysqli_fetch_assoc($res)) { + phplog($row['docid']); + $_SESSION['ftres'][$row['docid']]=$row['catid']; + } + } + foreach($TYPES as $type) { foreach($FMAP[$type] as $n => $f) { $ALLFIELDS[$f[0]]=1; @@ -192,7 +202,11 @@ $searchsql.=" AND (catid=".catidfromid($M[1].$M[2]).")"; } } - + + if (!PM("/^\s$/",$S['s_ft'])) { + $searchsql.=" AND (cat.catid in (select ft.catid from ft where ft like '%".$S['s_ft']."%'))"; + } + $FX=''; for ($n=1;$n<$FSM;$n++) { if ($S['s_fieldop'][$n]==='AND') $FX.="1"; @@ -268,7 +282,7 @@
Project:	+
Project:	$pname) { ?> @@ -325,7 +339,13 @@

Fulltext:

Save As:	@@ -370,11 +390,11 @@