mike/archive
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

-

Browse Source
This commit is contained in:
Michael Wesemann 2024-05-16 11:27:57 +02:00
parent bccef860dd
commit b7c82845da
12 changed files with 364 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
archive.rewrite.conf
View File

@ -8,6 +8,9 @@ RewriteRule ^/activate/(.*)$ /activate.php?key=$1
RewriteRule ^/search/(\d+)$ /search.php?pid=$1 RewriteRule ^/search/(\d+)$ /search.php?pid=$1
RewriteRule ^/search$ /search.php RewriteRule ^/search$ /search.php
RewriteRule ^/([A-Z,a-z]\d+)/print$ /index.php?mode=print&id=$1
RewriteRule ^/([A-Z,a-z]\d+)/edit/do/(\d+)$ /edit.php?mode=edit&id=$1&docoff=$2 RewriteRule ^/([A-Z,a-z]\d+)/edit/do/(\d+)$ /edit.php?mode=edit&id=$1&docoff=$2
RewriteRule ^/([A-Z,a-z]\d+)/edit$ /edit.php?mode=edit&id=$1 RewriteRule ^/([A-Z,a-z]\d+)/edit$ /edit.php?mode=edit&id=$1
RewriteRule ^/([A-Z,a-z]\d+)/clone$ /edit.php?mode=clone&id=$1 RewriteRule ^/([A-Z,a-z]\d+)/clone$ /edit.php?mode=clone&id=$1
@ -49,5 +52,7 @@ RewriteRule ^/clrcopy /edit.php?mode=clrcopy
RewriteRule ^/uploadcopy /uploadcopy.php RewriteRule ^/uploadcopy /uploadcopy.php
RewriteRule ^/maintenance /maintenance.php RewriteRule ^/maintenance /maintenance.php
RewriteRule ^/settings /settings.php
RewriteRule ^/scan/([^/]*) /scan.php?catid=$1 RewriteRule ^/scan/([^/]*) /scan.php?catid=$1
RewriteRule ^/v1/(.*) /rest.php?cmd=$1 RewriteRule ^/v1/(.*) /rest.php?cmd=$1

5
src/access.php
View File

@ -1,6 +1,6 @@
<? <?
function setaccess($name,$type) { //////////////////////////////////////////////////////// set access for user function setaccess($name,$type) { //////////////////////////////////////////////////////// set access for user
global $DB,$USER,$USERTYPE,$ROLE,$ACCESSQL,$USERPROJECTS,$ROLENAMES; global $DB,$USER,$USERTYPE,$ROLE,$ACCESSQL,$LACCESSQL,$USERPROJECTS,$ROLENAMES;
$q = mysqli_query($DB,"SELECT * FROM role"); $q = mysqli_query($DB,"SELECT * FROM role");
while($row = mysqli_fetch_assoc($q)) { while($row = mysqli_fetch_assoc($q)) {
@ -40,6 +40,7 @@
"FROM projects,projectmember;"); "FROM projects,projectmember;");
while($row = mysqli_fetch_assoc($res)) $USERPROJECTS[$row['pid']]=$row['name']; while($row = mysqli_fetch_assoc($res)) $USERPROJECTS[$row['pid']]=$row['name'];
$ACCESSQL=""; $ACCESSQL="";
$LACCESSQL="";
} elseif ($ROLE==1 || $ROLE==2) { // ---------------------------------------------------------- admin/user } elseif ($ROLE==1 || $ROLE==2) { // ---------------------------------------------------------- admin/user
@ -55,6 +56,7 @@
$pl="";foreach($USERPROJECTS as $pid => $pname) $pl.="$pid,"; // build ACCESSQL $pl="";foreach($USERPROJECTS as $pid => $pname) $pl.="$pid,"; // build ACCESSQL
$pl=PR("/(^.*),\s*$/","($1)",$pl); $pl=PR("/(^.*),\s*$/","($1)",$pl);
$ACCESSQL="(cat.user='$USER' OR access='public' OR (access='project' AND project IN $pl)) AND cat.rm=0"; $ACCESSQL="(cat.user='$USER' OR access='public' OR (access='project' AND project IN $pl)) AND cat.rm=0";
$LACCESSQL="(luser='$USER' OR laccess='public' OR (laccess='project' AND lproject IN $pl))";
} elseif ($ROLE==3) { // -------------------------------------------------------------------- limited user } elseif ($ROLE==3) { // -------------------------------------------------------------------- limited user
@ -66,6 +68,7 @@
$pl=PR("/(^.*),\s*$/","($1)",$pl); $pl=PR("/(^.*),\s*$/","($1)",$pl);
$ACCESSQL="(cat.user='$USER' OR cat.access='public' OR (cat.access='project' AND cat.project IN $pl)) ". $ACCESSQL="(cat.user='$USER' OR cat.access='public' OR (cat.access='project' AND cat.project IN $pl)) ".
"AND cat.rm=0"; "AND cat.rm=0";
$LACCESSQL="(luser='$USER' OR laccess='public' OR (laccess='project' AND lproject IN $pl))";
} }
return 1; return 1;

8
src/admin.php
View File

@ -93,7 +93,6 @@
<TD ALIGN=left style="white-space:nowrap"> <TD ALIGN=left style="white-space:nowrap">
<? if ($row['type']==='local') { ?> <? if ($row['type']==='local') { ?>
<A HREF="/admin/deluser/<?=$row['uid']?>" <A HREF="/admin/deluser/<?=$row['uid']?>"
onclick="return confirm('Delete user \'<?=$row['name']?>\' ?')" CLASS='icon'> onclick="return confirm('Delete user \'<?=$row['name']?>\' ?')" CLASS='icon'>
<IMG HEIGHT=16 TITLE='Delete' SRC="/img/trash.png"></A> <IMG HEIGHT=16 TITLE='Delete' SRC="/img/trash.png"></A>
@ -102,8 +101,13 @@
onclick="return confirm('Invite user \'<?=$row['name']?>\' again?')" CLASS='icon'> onclick="return confirm('Invite user \'<?=$row['name']?>\' again?')" CLASS='icon'>
<IMG HEIGHT=16 TITLE='Invite Again' SRC="/img/mail.png"></A> <IMG HEIGHT=16 TITLE='Invite Again' SRC="/img/mail.png"></A>
<? } ?> <? } ?>
</TD> <? } else { ?>
<A HREF="/admin/deluser/<?=$row['uid']?>"
onclick="return confirm('Lock user \'<?=$row['name']?>\' ?')" CLASS='icon'>
<IMG HEIGHT=16 TITLE='Lock User' SRC="/img/lock.png"></A>
<? } ?> <? } ?>
</TD>
</TR> </TR>
<? } ?> <? } ?>
</TABLE></CENTER> </TABLE></CENTER>

8
src/edit.php
View File

@ -258,7 +258,7 @@
} }
if (PM("/^\d+$/",$catid) && $mode==='copy') { // copy id to list if (PM("/^\d+$/",$catid) && $mode==='copy') { // copy id to list
if (chkeditaccess($catid)) { if (chkreadaccess($catid)) {
$_SESSION['copylist'][$catid]=$catid; $_SESSION['copylist'][$catid]=$catid;
header("Location: /home");exit; header("Location: /home");exit;
} }
@ -343,7 +343,7 @@
$eoa=$row['oa']; $eoa=$row['oa'];
for ($i=0;$i<$FMAX;$i++) $ef[$i]=$efl[$i]=$row["f$i"]; for ($i=0;$i<$FMAX;$i++) $ef[$i]=$efl[$i]=$row["f$i"];
$J=json_decode($row['jsonmeta'],true); $J=json_decode($row['jsonmeta'],true);
$sctype=$J['type']; $sctype=$J['type'];
@ -362,7 +362,7 @@
if (PM("/^\s*$/",$otype)) $ctype=$otype; if (PM("/^\s*$/",$otype)) $ctype=$otype;
if (PM("/^\s*$/",$ctype)) $ctype='data'; // ToDo: change to feault type if (PM("/^\s*$/",$ctype)) $ctype=$DEVTYPE;
if (!preg_match("/^\s*$/",$ctype)) { if (!preg_match("/^\s*$/",$ctype)) {
for ($i=0;$i<$FMAX;$i++) { for ($i=0;$i<$FMAX;$i++) {
@ -431,7 +431,7 @@
<? } ?> <? } ?>
<? if ($f[2]==1) { ?> <? if ($f[2]==1) { ?>
<textarea WRAP=virtual COLS=72 ROWS=3 name=<?="f$n"?> <textarea WRAP=virtual COLS=72 ROWS=3 name=<?="f$n"?>
style='width:600px;'><?= HSC($ef[$n]) ?></textarea></TD></TR> style='width:600px;white-space: pre-wrap;'><?= HSC($ef[$n]) ?></textarea></TD></TR>
<? } ?> <? } ?>
<? if ($f[2]==3) { ?> <? if ($f[2]==3) { ?>

70
src/index.php
View File

@ -1,5 +1,6 @@
<? <?
include_once('init.php');include_once('header.php'); include_once('init.php');include_once('header.php');
include_once('Parsedown.php');
$mode=getpar('mode'); $mode=getpar('mode');
$docid=getpar('docid'); $docid=getpar('docid');
@ -69,6 +70,24 @@
<? ///////////////////////////////////////////////////////////////////////////////////// display single entry ?> <? ///////////////////////////////////////////////////////////////////////////////////// display single entry ?>
<? if ($numrows==1) { ?> <? if ($numrows==1) { ?>
<?
if ($mode==='print') {
exec("/db/bin/qrlabel $id '".$row['user']."' '".$row['f0']."'");
$connection = ssh2_connect('ripley.rz-berlin.mpg.de', 22,array('hostkey' => 'ssh-rsa'));
ssh2_auth_pubkey_file($connection, 'root','/db/ssh/id_rsa.pub','/db/ssh/id_rsa');
ssh2_scp_send($connection, "/db/tmp/$id.png", "/tmp/$id.png", 0644);
ssh2_exec($connection, "/usr/bin/lp -o fit-to-page -d archivzebra /tmp/$id.png");
ssh2_exec($connection, "/bin/rm /tmp/$id.png");
header("Location: /$id");exit;
}
?>
<? subheader(); ?> <? subheader(); ?>
<H3>Metadata</H3> <? // metedata table ?> <H3>Metadata</H3> <? // metedata table ?>
@ -79,6 +98,12 @@
<A HREF="/<?=$xid?>/edit" CLASS='icon'> <A HREF="/<?=$xid?>/edit" CLASS='icon'>
<IMG HEIGHT=16 TITLE='Edit' SRC="/img/pencil.png"></A> <IMG HEIGHT=16 TITLE='Edit' SRC="/img/pencil.png"></A>
<? if (isset($LABELPRINTER)) { ?>
<A HREF="/<?=$xid?>/print" CLASS='icon'>
<IMG HEIGHT=16 TITLE='Print Label' SRC="/img/print.png"></A>
<? } ?>
<A HREF="/<?=$xid?>/copy" CLASS='icon'> <A HREF="/<?=$xid?>/copy" CLASS='icon'>
<IMG HEIGHT=16 TITLE='Copy' SRC="/img/copy.png"></A> <IMG HEIGHT=16 TITLE='Copy' SRC="/img/copy.png"></A>
@ -97,13 +122,22 @@
<IMG HEIGHT=16 TITLE='Delete' SRC="/img/trash.png"></A> <IMG HEIGHT=16 TITLE='Delete' SRC="/img/trash.png"></A>
<? } ?> <? } ?>
<? if ($row['fixed']==1) { ?> <? if ($row['fixed']==1) { ?>
<A HREF="/<?=$xid?>/copy" CLASS='icon'>
<IMG HEIGHT=16 TITLE='Copy' SRC="/img/copy.png"></A>
<A HREF="/<?=$xid?>/clone" CLASS='icon'>
<IMG HEIGHT=16 TITLE='Clone' SRC="/img/clone.png"></A>
&nbsp;&nbsp;&nbsp;
<IMG HEIGHT=11 TITLE='' SRC="/img/lock_grey.png"> <IMG HEIGHT=11 TITLE='' SRC="/img/lock_grey.png">
<SPAN STYLE='font-size:80%;color:#CCC;'>fixed entry</SPAN> <SPAN STYLE='font-size:80%;color:#CCC;'>fixed entry</SPAN>
<? } ?> <? } ?>
</TD></TR> </TD></TR>
<? } ?> <? } ?>
<TR><TH ALIGN=left>Id</TH><TD><?= $row['id'] ?><? if ($TAG==='DEV') {?> / <?= $row['catid']?><? } ?></TD></TR> <TR><TH ALIGN=left>Id</TH><TD><?= $row['id'] ?>
<? if ($TAG==='DEV') {?> / <?= $row['catid']?><? } ?></TD></TR>
<? if (count($gen)) { ?> <? if (count($gen)) { ?>
<TR><TH ALIGN=left>Ancestry:</TH> <TR><TH ALIGN=left>Ancestry:</TH>
@ -190,6 +224,19 @@
$tmp=AL($row["f$n"]); $tmp=AL($row["f$n"]);
} }
?> ?>
<?
if ($f[0]==='Comment' || $f[0]==='Abstract') {
//$tmp=preg_replace('/\n/', "<BR>", $tmp);
$Parsedown = new Parsedown();
$tmp= $Parsedown->text($tmp);
}
?>
<TR><TH ALIGN=left><?= $f[0] ?></TH><TD><?= $tmp ?></TD></TR> <TR><TH ALIGN=left><?= $f[0] ?></TH><TD><?= $tmp ?></TD></TR>
<? } ?> <? } ?>
<? } ?> <? } ?>
@ -252,8 +299,9 @@
<? } ?> <? } ?>
<? // ----------------------------------------------------------------------------------------- document table <?= $_SESSION['s_ft'] ?>
<? // ----------------------------------------------------------------------------------------- document table
$fres=mydo($DB,"SELECT count(*) AS c FROM docs WHERE catid=".$row['catid']." AND rm=0",1); $fres=mydo($DB,"SELECT count(*) AS c FROM docs WHERE catid=".$row['catid']." AND rm=0",1);
$frow = mysqli_fetch_assoc($fres); $frow = mysqli_fetch_assoc($fres);
$fnumrows=$frow['c']; $fnumrows=$frow['c'];
@ -290,8 +338,16 @@
<? while($row = mysqli_fetch_assoc($res)) { ?> <? while($row = mysqli_fetch_assoc($res)) { ?>
<TR> <TR>
<TD><A HREF="/send/<?= idencode($catid,$row['docid'])?>"><?= $row['docid'] ?></A></TD> <TD>
<TD><A HREF="/send/<?= idencode($catid,$row['docid'])?>"><?= $row['filename'] ?></A></TD> <? if (isset($_SESSION['ftres'][$row['docid']])) {?><B><?}?>
<A HREF="/send/<?= idencode($catid,$row['docid'])?>"><?= $row['docid'] ?></A>
<? if (isset($_SESSION['ftres'][$row['docid']])) {?></B><?}?>
</TD>
<TD>
<? if (isset($_SESSION['ftres'][$row['docid']])) {?><B><?}?>
<A HREF="/send/<?= idencode($catid,$row['docid'])?>"><?= $row['filename'] ?></A>
<? if (isset($_SESSION['ftres'][$row['docid']])) {?></B><?}?>
</TD>
<TD><?= $row['ts'] ?></TD> <TD><?= $row['ts'] ?></TD>
<TD><?= $row['comment'] ?></TD> <TD><?= $row['comment'] ?></TD>
<TD ALIGN=center><?= formsize($row['size']) ?></TD> <TD ALIGN=center><?= formsize($row['size']) ?></TD>
@ -384,7 +440,8 @@
<DIV id=head> <DIV id=head>
<FORM action="/" method="post"> <FORM action="/" method="post">
<TABLE WIDTH=100%> <TABLE WIDTH=100%>
<TR><TD VALIGN=top><H2>Type:</H2></TD><TD><? if ($TYPE==='ALL') $tmp="button"; else $tmp="ubutton"; ?> <TR><TD VALIGN=top WIDTH=10><H2>Type:</H2></TD><TD>
<? if ($TYPE==='ALL') $tmp="button"; else $tmp="ubutton"; ?>
<input type="submit" name="type" value="ALL" class="<?=$tmp?>"> <input type="submit" name="type" value="ALL" class="<?=$tmp?>">
<? foreach($TYPES as $t) { ?> <? foreach($TYPES as $t) { ?>
<? if (SU($t)===SU($TYPE)) $tmp="button"; else $tmp="ubutton"; ?> <? if (SU($t)===SU($TYPE)) $tmp="button"; else $tmp="ubutton"; ?>
@ -400,7 +457,8 @@
</FORM></TD> </FORM></TD>
</TR> </TR>
<TR><TD VALIGN=top><H2>Project:</H2></TD><TD><? if ($PROJECT==='ALL') $tmp="button"; else $tmp="ubutton"; ?> <TR><TD VALIGN=top WIDTH=10><H2>Project:</H2></TD><TD>
<? if ($PROJECT==='ALL') $tmp="button"; else $tmp="ubutton"; ?>
<input type="submit" name="project" value="ALL" class="<?=$tmp?>"> <input type="submit" name="project" value="ALL" class="<?=$tmp?>">
<? foreach($USERPROJECTS as $pid => $pname) { ?> <? foreach($USERPROJECTS as $pid => $pname) { ?>
<? if (SU($pname)===SU($PROJECT)) $tmp="button"; else $tmp="ubutton"; ?> <? if (SU($pname)===SU($PROJECT)) $tmp="button"; else $tmp="ubutton"; ?>

16
src/init.php
View File

@ -6,10 +6,10 @@
include_once('access.php'); include_once('access.php');
include_once('tools.php'); include_once('tools.php');
function callback($buffer) { // cleanup html output (disable with $NOCLEAN=true) // function callback($buffer) { // cleanup html output (disable with $NOCLEAN=true)
return PR("/^\s+/m","",$buffer); // return PR("/^\s+/m","",$buffer);
} // }
if (!$NOCLEAN) ob_start("callback"); // if (!$NOCLEAN) ob_start("callback");
global $DB; // connect to database global $DB; // connect to database
$DB=@mysqli_connect($MYHOST,$MYUSER,$MYPW,$MYDB); $DB=@mysqli_connect($MYHOST,$MYUSER,$MYPW,$MYDB);
@ -49,8 +49,9 @@
} }
global $USER,$ROLE,$ROLENAMES,$USERPROJECTS,$PROJECTS,$PROJECTNAMES,$ACCESSQL,$TCHR,$VERSION; global $USER,$ROLE,$ROLENAMES,$USERPROJECTS,$PROJECTS,$PROJECTNAMES,$ACCESSQL,$TCHR,$VERSION;
global $TITLE,$DEBUG,$STDEF,$STYPES,$LMSG,$PROJECTPRIV,$ALLFIELDS,$DEFSEARCHFIELD,$IDPAT; global $TITLE,$DEBUG,$STDEF,$STYPES,$LMSG,$PROJECTPRIV,$ALLFIELDS,$DEFSEARCHFIELD,$IDPAT,$DEVTYPE;
global $LABELPRINTER;
$USER='';$USERTYPE='';$ROLE='';$ACCESSQL='';$ROLENAMES=array();$USERPROJECTS=array(); $USER='';$USERTYPE='';$ROLE='';$ACCESSQL='';$ROLENAMES=array();$USERPROJECTS=array();
$res = mysqli_query($DB,"SELECT * FROM projects"); $res = mysqli_query($DB,"SELECT * FROM projects");
@ -64,5 +65,4 @@
phplog('','info'); phplog('','info');
?> ?>

2
src/login.php
View File

@ -16,7 +16,6 @@
session_unset();session_destroy(); session_unset();session_destroy();
?> ?>
<?php if(!isset($_SESSION['USER'])) { ?> <?php if(!isset($_SESSION['USER'])) { ?>
<BR><CENTER> <BR><CENTER>
<? if (!PM("/^\s*$/",$LMSG)) { ?> <? if (!PM("/^\s*$/",$LMSG)) { ?>
@ -32,5 +31,4 @@
</form> </form>
</CENTER> </CENTER>
<?php } ?> <?php } ?>
<? include_once('footer.php'); ?> <? include_once('footer.php'); ?>

2
src/preview.php
View File

@ -63,7 +63,7 @@
<? readfile($prevfilepath); ?> <? readfile($prevfilepath); ?>
</PRE> </PRE>
<? } else if (PM("/^image\//",$prevmime)) { ?> <? } else if (PM("/^image\//",$prevmime)) { ?>
<P><IMG SRC='/p/<?=$catid?>/<?=$docid?>/<?=$prevfilename?>' WIDTH=100%> <P><IMG SRC='/p/<?=$catid?>/<?=$docid?>/<?=$prevfilename?>' style='height: width:100%;'>
<? } else if (PM("/^application\/pdf$/",$prevmime)) { ?> <? } else if (PM("/^application\/pdf$/",$prevmime)) { ?>
<? header("Location: /send/".idencode($catid,$row['docid']));exit; ?> <? header("Location: /send/".idencode($catid,$row['docid']));exit; ?>
<? } else { ?> <? } else { ?>

240
src/rest.php
View File

@ -2,7 +2,7 @@
$NOLOGIN=1; $NOLOGIN=1;
require('./init.php'); require('./init.php');
// sleep(1);
function jfailed($err='') { function jfailed($err='') {
header('Content-Type: application/json'); header('Content-Type: application/json');
if (strlen($err)>0) echo json_encode(array('success' => 0, 'error' => $err))."\n"; if (strlen($err)>0) echo json_encode(array('success' => 0, 'error' => $err))."\n";
@ -28,8 +28,6 @@ if ($cmd==='login') {
jfailed('login failed'); jfailed('login failed');
} }
mydo($DB,"DELETE FROM tokens WHERE unix_timestamp(now())-unix_timestamp(ts)>86400");
$J = json_decode(file_get_contents('php://input'), true); // load user info from token $J = json_decode(file_get_contents('php://input'), true); // load user info from token
if ($J==null) jfailed("invalid json"); if ($J==null) jfailed("invalid json");
@ -41,7 +39,7 @@ if ($numrows==1) {
$row = mysqli_fetch_assoc($res); $row = mysqli_fetch_assoc($res);
if ($_SERVER['REMOTE_ADDR']===$row['ip']) { if ($_SERVER['REMOTE_ADDR']===$row['ip']) {
mydo($DB,"UPDATE tokens SET ts=now() WHERE token='".$J['token']."'"); mydo($DB,"UPDATE tokens SET ts=now() WHERE token='".$J['token']."'",1);
$name=$row['name']; $name=$row['name'];
$type=$row['type']; $type=$row['type'];
@ -52,6 +50,14 @@ if (!setaccess($name,$type)) jfailed("login failed");
////////////////////////////////////////////////////////////////////////////////////////////////// rest commands ////////////////////////////////////////////////////////////////////////////////////////////////// rest commands
if ($cmd==='renew') { ////////////////////////////////////////////////////////////////////////////// renew token
$I=array();
$J=json_decode(file_get_contents('php://input'), true);
$newtoken=id62(16);
mydo($DB,"UPDATE tokens SET ts=now(),token='".$newtoken."' WHERE token='".$J['token']."'",1);
jsuccess(array('success' => 1, 'token' => $newtoken));
}
if ($cmds[0]==='download') { ///////////////////////////////////////////////////////////////////// download file if ($cmds[0]==='download') { ///////////////////////////////////////////////////////////////////// download file
$catid=catidfromid($cmds[1]); if ($catid==-1) jfailed("id not found"); $catid=catidfromid($cmds[1]); if ($catid==-1) jfailed("id not found");
@ -114,6 +120,7 @@ if ($cmds[0]==='directupload' || $cmds[0]==='urlupload') { //////////////// uplo
$J=json_decode(file_get_contents('php://input'), true); $J=json_decode(file_get_contents('php://input'), true);
$fn=$J['filename']; $fn=$J['filename'];
$comment=$J['comment'];
$fid=id62(12); $fid=id62(12);
if ($cmds[0]==='directupload') { if ($cmds[0]==='directupload') {
@ -131,7 +138,8 @@ if ($cmds[0]==='directupload' || $cmds[0]==='urlupload') { //////////////// uplo
$mysqlts=date('Y-m-d H:i:s'); $mysqlts=date('Y-m-d H:i:s');
$sql="INSERT INTO docs SET docid=0,catid=$catid,ts='$mysqlts',rm=0,md5='$md5',filename='". $sql="INSERT INTO docs SET docid=0,catid=$catid,ts='$mysqlts',rm=0,md5='$md5',filename='".
mysqli_escape_string($DB,$fn) ."',mime='".mysqli_escape_string($DB,$mime)."',size=$size"; mysqli_escape_string($DB,$fn) ."',comment='".mysqli_escape_string($DB,$comment).
"',mime='".mysqli_escape_string($DB,$mime)."',size=$size";
$res= mydo($DB,$sql); $res= mydo($DB,$sql);
$docid=mysqli_insert_id($DB); $docid=mysqli_insert_id($DB);
@ -158,7 +166,7 @@ if ($cmd==='list') { ///////////////////////////////////////////////////////////
if ($numrows>0) { if ($numrows>0) {
while($row = mysqli_fetch_assoc($res)) { while($row = mysqli_fetch_assoc($res)) {
array_push($I,$row['catid']); array_push($I,$row['id']);
} }
jsuccess(array('success' => 1, 'ids' => $I)); jsuccess(array('success' => 1, 'ids' => $I));
@ -196,6 +204,186 @@ if ($cmd==='projects') { ///////////////////////////////////////////////////////
jsuccess(array('success' => 1, 'projects' => $I)); jsuccess(array('success' => 1, 'projects' => $I));
} }
if ($cmds[0]==='metadump') { /////////////////////////////////////////////////////////// bulk get entry data
$CTI=array();
$sql="SELECT id,catid FROM cat";
$res=mydo($DB,$sql,1);
while($r = mysqli_fetch_assoc($res)) {
$CTI[$r['catid']]=$r['id'];
}
$JJ = array('success' => 1);
$sql="SELECT * FROM cat WHERE rm=0 AND $ACCESSQL";
$res=mydo($DB,$sql,1);
$numrows =mysqli_num_rows($res);
if ($numrows>0) {
$I=array();
while($row = mysqli_fetch_assoc($res)) {
$comment =$row['comment'];if (PM("/^\s*$/",$row['comment'])) $comment="";
$J=array('catid'=> $row['catid'],
'id' => $row['id'],
'comment' => $comment,
'tent'=>$row['tent'],
'tcha'=>$row['tcha'],
'project'=>$project,
'user'=>$row['user'],
'type'=>$row['type']);
for ($i=0;$i<$FMAX;$i++) {
$key=$FMAP[$row['type']][$i][0];
if (!PM("/^\s*$/",$row["f$i"])) $J[$key]=$row["f$i"];
}
$J["jasondata"]= json_decode($row['jsondata']);
array_push($I,$J);
}
$JJ["cat"]=$I;
}
$sql="SELECT * FROM cat,links,".
"(select access as laccess,project as lproject,catid as lcatid,user as luser from cat) AS L ".
"WHERE cat.rm=0 AND cat.catid=links.catid AND links.link=lcatid AND $LACCESSQL AND $ACCESSQL";
$res=mydo($DB,$sql,1);
$numrows =mysqli_num_rows($res);
if ($numrows>0) {
$I=array();
while($row = mysqli_fetch_assoc($res)) {
$J=array('lid' => $row['lid'],
'ts' => $row['ts'],
'catid' => $CTI[$row['catid']],
'link' => $CTI[$row['link']]);
array_push($I,$J);
}
$JJ["links"]=$I;
}
$sql="select * from gen where rm=0";
$res=mydo($DB,$sql,1);
$numrows =mysqli_num_rows($res);
if ($numrows>0) {
$I=array();
while($row = mysqli_fetch_assoc($res)) {
$J=array('ts' => $row['ts'],
'catid' => $CTI[$row['catid']],
'parent' => $CTI[$row['parent']],
'gen' => $row['gen']);
array_push($I,$J);
}
$JJ["gen"]=$I;
}
jsuccess($JJ);
}
if ($cmds[0]==='bulk') { /////////////////////////////////////////////////////////////////// bulk get entry data
$xids=explode(',',$cmds[1]);
$JJ=array();
$CTI=array();
$sql="SELECT id,catid FROM cat";
$res=mydo($DB,$sql,1);
while($r = mysqli_fetch_assoc($res)) {
$CTI[$r['id']]=$r['catid'];
}
foreach ($xids as $xid) {
if (!array_key_exists($xid, $CTI)) jfailed("id not found");
$catid=$CTI[$xid];
$gen=array();
$sql="SELECT * FROM gen WHERE catid=$catid AND rm=0 ORDER BY gen";
$res=mydo($DB,$sql,1);
while($r = mysqli_fetch_assoc($res)) {
array_push($gen,$CTI[$r['parent']]);
}
$par=array();
$sql="SELECT * FROM gen WHERE parent=$catid AND rm=0 ORDER BY gen";
$res=mydo($DB,$sql,1);
while($r = mysqli_fetch_assoc($res)) {
array_push($par,$CTI[$r['catid']]);
}
$sql="SELECT * FROM cat WHERE catid=$catid AND $ACCESSQL";
$res=mydo($DB,$sql,1);
$numrows =mysqli_num_rows($res);
if ($numrows==1) {
$row = mysqli_fetch_assoc($res);
$project=$PROJECTS[$row['project']];
$J = array('success' => 1,
'id'=>$row['id'],
'tent'=>$row['tent'],
'tcha'=>$row['tcha'],
'project'=>$project,
'user'=>$row['user'],
'type'=>$row['type']);
if (count($gen)>0) $J['ancestry'] = $gen;
if (count($par)>0) $J['descendants'] = $par;
for ($i=0;$i<$FMAX;$i++) {
$key=$FMAP[$row['type']][$i][0];
if (!PM("/^\s*$/",$row["f$i"])) $J[$key]=$row["f$i"];
}
$J["jasondata"]= json_decode($row['jsondata']);
$I=array();
$sql="SELECT * FROM docs WHERE catid=$catid AND rm=0";
$res=mydo($DB,$sql,1);
$fnumrows =mysqli_num_rows($res);
if ($fnumrows>0) {
while($row = mysqli_fetch_assoc($res)) {
$comment =$row['comment'];if (PM("/^\s*$/",$row['comment'])) $comment="";
array_push($I,array('id' => $row['docid'],
'filename' => $row['filename'],
'comment' => $comment,
'size' => $row['size'],
'mimetype' => $row['mime']));
}
$J["files"]=$I;
}
$I=array();
$sql="select * from cat,links where links.catid=$catid and cat.catid=links.link and $ACCESSQL";
$res=mydo($DB,$sql,1);
$fnumrows =mysqli_num_rows($res);
if ($fnumrows>0) {
while($lrow = mysqli_fetch_assoc($res)) {
array_push($I,array('lid' => $lrow['lid'],
'link' => $lrow['id']));
}
$J["links"]=$I;
}
array_push($JJ,$J);
}
}
jsuccess($JJ);
}
if ($cmds[0]==='get' || $cmds[0]==='getraw') { ////////////////////////////////////////////////// get entry data if ($cmds[0]==='get' || $cmds[0]==='getraw') { ////////////////////////////////////////////////// get entry data
$catid=catidfromid($cmds[1]); if ($catid==-1) jfailed("id not found"); $catid=catidfromid($cmds[1]); if ($catid==-1) jfailed("id not found");
@ -244,7 +432,7 @@ if ($cmds[0]==='get' || $cmds[0]==='getraw') { /////////////////////////////////
$J["jasondata"]= json_decode($row['jsondata']); $J["jasondata"]= json_decode($row['jsondata']);
$I=array(); $I=array();
$sql="SELECT * FROM docs WHERE catid=$catid AND rm=0"; $sql="SELECT * FROM docs WHERE catid=$catid AND rm=0 ORDER BY ts DESC";
$res=mydo($DB,$sql,1); $res=mydo($DB,$sql,1);
$fnumrows =mysqli_num_rows($res); $fnumrows =mysqli_num_rows($res);
if ($fnumrows>0) { if ($fnumrows>0) {
@ -254,6 +442,7 @@ if ($cmds[0]==='get' || $cmds[0]==='getraw') { /////////////////////////////////
array_push($I,array('id' => $row['docid'], array_push($I,array('id' => $row['docid'],
'filename' => $row['filename'], 'filename' => $row['filename'],
'timestamp' => $row['ts'],
'comment' => $comment, 'comment' => $comment,
'size' => $row['size'], 'size' => $row['size'],
'mimetype' => $row['mime'])); 'mimetype' => $row['mime']));
@ -416,6 +605,29 @@ if ($cmds[0]==='edit') { ///////////////////////////////////////////////////////
jfailed(); jfailed();
} }
if ($cmds[0]==='fix') { ////////////////////////////////////////////////////////////////////////////// fix entry
$J=json_decode(file_get_contents('php://input'), true);
$catid=catidfromid($cmds[1]);if ($catid==-1) jfailed("id not found");
if (chkeditaccess($catid)) {
$sql="SELECT * FROM cat WHERE catid=$catid AND $ACCESSQL";
$res=mydo($DB,$sql,1);
$numrows =mysqli_num_rows($res);
if ($numrows==1) {
mydo($DB,"UPDATE cat SET fixed=1 WHERE catid=$catid");
alog($cmds[1],0,'fixed');
jsuccess(array('success' => 1, 'id' => $cmds[1]));
}
} else {
jfailed('no access');
}
jfailed();
}
if ($cmds[0]==='delete') { //////////////////////////////////////////////////////////////////////// delete entry if ($cmds[0]==='delete') { //////////////////////////////////////////////////////////////////////// delete entry
$J=json_decode(file_get_contents('php://input'), true); $J=json_decode(file_get_contents('php://input'), true);
@ -546,16 +758,22 @@ if ($cmds[0]==='search') { /////////////////////////////////////////////////////
$sql="SELECT * FROM cat WHERE ("; $sql="SELECT * FROM cat WHERE (";
foreach ($S as $s) { foreach ($S as $s) {
foreach ($s['fields'] as $f) {
$fa=array();
if (array_key_exists('fields',$s)) $fa=$s['fields'];
else $fa=range(0,31);
foreach ($fa as $f) {
$sql.="("; $sql.="(";
foreach ($s['keys'] as $k) { foreach ($s['keys'] as $k) {
$sql.="f$f LIKE '%$k%' OR "; $sql.="f$f LIKE '%$k%' OR ";
} }
$sql=PR("/\s*OR\s*$/",") OR ",$sql); $sql=PR("/\s*OR\s*$/",") OR ",$sql);
} }
$sql=PR("/\s*OR\s*$/","",$sql); $sql=PR("/\s*OR\s*$/","",$sql);
$sql.=" AND "; $sql.=" AND ";
} }
$sql=PR("/\s*AND\s*$/","",$sql); $sql=PR("/\s*AND\s*$/","",$sql);
$sql.=") AND $ACCESSQL"; $sql.=") AND $ACCESSQL";
@ -597,7 +815,7 @@ if ($cmds[0]==='jsonadd') { ////////////////////////////////////////////////////
jfailed(); jfailed();
} }
if ($cmds[0]==='jsonget') { ////////////////////////////////////////////////////////////////////// add json data if ($cmds[0]==='jsonget') { ////////////////////////////////////////////////////////////////////// get json data
$J=json_decode(file_get_contents('php://input'), true); $J=json_decode(file_get_contents('php://input'), true);
$catid=catidfromid($cmds[1]);if ($catid==-1) jfailed("id not found"); $catid=catidfromid($cmds[1]);if ($catid==-1) jfailed("id not found");
@ -651,4 +869,4 @@ if ($cmds[0]==='jsonsearch') { /////////////////////////////////////////////////
jsuccess(array('success' => 1, 'result' => $I)); jsuccess(array('success' => 1, 'result' => $I));
} }
?> ?>

32
src/search.php
View File

@ -13,6 +13,7 @@
unset($_SESSION['s_json2']); unset($_SESSION['s_json2']);
$_SESSION['s_op']='AND'; $_SESSION['s_op']='AND';
unset($_SESSION['s_usr']); unset($_SESSION['s_usr']);
unset($_SESSION['s_ft']);
unset($_SESSION['s_all']); unset($_SESSION['s_all']);
unset($_SESSION['s_id']); unset($_SESSION['s_id']);
unset($_SESSION['s_fn']); unset($_SESSION['s_fn']);
@ -34,7 +35,7 @@
$_POST["s_field$fn"] =$S['s_field'][$fn]; $_POST["s_field$fn"] =$S['s_field'][$fn];
$_POST["s_fieldop$fn"] =$S['s_fieldop'][$fn]; $_POST["s_fieldop$fn"] =$S['s_fieldop'][$fn];
} }
foreach (array('type','project','s_op','s_json1','s_json2','s_usr','s_all','s_id','s_fn') as $val) { foreach (array('type','project','s_op','s_json1','s_json2','s_usr','s_ft','s_all','s_id','s_fn') as $val) {
$_POST[$val]=$S[$val]; $_POST[$val]=$S[$val];
} }
$TYPE=$S['type']; $TYPE=$S['type'];
@ -49,7 +50,7 @@
if (!PM("/^\s*$/",getpar('project'))) $_SESSION['currentproject']=getpar('project'); if (!PM("/^\s*$/",getpar('project'))) $_SESSION['currentproject']=getpar('project');
$PROJECT=$_SESSION['currentproject']; $PROJECT=$_SESSION['currentproject'];
foreach (array('s_op','s_json1','s_json2','s_usr','s_all','s_id','s_fn') as $val) { foreach (array('s_op','s_json1','s_json2','s_usr','s_ft','s_all','s_id','s_fn') as $val) {
if (isset($_POST[$val])) $_SESSION[$val]=getpar($val); if (isset($_POST[$val])) $_SESSION[$val]=getpar($val);
$S[$val]=$_SESSION[$val]; $S[$val]=$_SESSION[$val];
} }
@ -82,6 +83,15 @@
} }
$MS=PR("/,\s*$/","",$MS); $MS=PR("/,\s*$/","",$MS);
unset($_SESSION["ftres"]);
if (!PM("/^\s*$/",$S['s_ft'])) {
$res=mydo($DB,"SELECT catid,docid FROM ft WHERE ft LIKE '%".$S['s_ft']."%'",1);
while($row = mysqli_fetch_assoc($res)) {
phplog($row['docid']);
$_SESSION['ftres'][$row['docid']]=$row['catid'];
}
}
foreach($TYPES as $type) { foreach($TYPES as $type) {
foreach($FMAP[$type] as $n => $f) { foreach($FMAP[$type] as $n => $f) {
$ALLFIELDS[$f[0]]=1; $ALLFIELDS[$f[0]]=1;
@ -192,7 +202,11 @@
$searchsql.=" AND (catid=".catidfromid($M[1].$M[2]).")"; $searchsql.=" AND (catid=".catidfromid($M[1].$M[2]).")";
} }
} }
if (!PM("/^\s*$/",$S['s_ft'])) {
$searchsql.=" AND (cat.catid in (select ft.catid from ft where ft like '%".$S['s_ft']."%'))";
}
$FX=''; $FX='';
for ($n=1;$n<$FSM;$n++) { for ($n=1;$n<$FSM;$n++) {
if ($S['s_fieldop'][$n]==='AND') $FX.="1"; if ($S['s_fieldop'][$n]==='AND') $FX.="1";
@ -268,7 +282,7 @@
</FORM></TD> </FORM></TD>
</TR> </TR>
<TR><TD VALIGN=top><H2>Project:</H2></TD><TD><? if ($PROJECT==='ALL') $tmp="button"; else $tmp="ubutton"; ?> <TR><TD VALIGN=top><H2>Project:</H2></TD><TD><? if ($PROJECT==='ALL') $tmp="button"; else $tmp="ubutton"; ?>
<input type="submit" name="project" value="ALL" class="<?=$tmp?>"> <input type="submit" name="project" value="ALL" class="<?=$tmp?>">
<? foreach($USERPROJECTS as $pid => $pname) { ?> <? foreach($USERPROJECTS as $pid => $pname) { ?>
<? if (SU($pname)===SU($PROJECT)) $tmp="button"; else $tmp="ubutton"; ?> <? if (SU($pname)===SU($PROJECT)) $tmp="button"; else $tmp="ubutton"; ?>
@ -325,7 +339,13 @@
<INPUT type="search" name="s_json2" value="<?=$S['s_json2']?>" onsearch="onsearchsearch(this)" <INPUT type="search" name="s_json2" value="<?=$S['s_json2']?>" onsearch="onsearchsearch(this)"
style='text-align:left;width:380px;'> style='text-align:left;width:380px;'>
</TD></TR> </TD></TR>
<TR><TD HEIGHT=8></TD></TR>
<TR><TD><H2>Fulltext: </H2></TD>
<TD COLSPAN=3 ><input type="search" name="s_ft" value="<?=$S['s_ft']?>" onsearch="onsearchsearch(this)"
style='text-align:left;width:300px;'></TD></TR>
<TR><TD HEIGHT=8></TD></TR> <TR><TD HEIGHT=8></TD></TR>
<TR><TD><H2>Save As:</H2> </TD><TD colspan=2> <TR><TD><H2>Save As:</H2> </TD><TD colspan=2>
@ -370,11 +390,11 @@
</TABLE> </TABLE>
<P> <P>
<? function fieldsearch($fn) { global $FSM,$ALLFIELDS,$S; // ------------------------------ search field macro ?> <? function fieldsearch($fn) { global $FSM,$ALLFIELDS,$S; // ----------------------------- search field macro ?>
<DIV CLASS="select"> <DIV CLASS="select">
<SELECT NAME="s_field<?=$fn?>" class=select> <SELECT NAME="s_field<?=$fn?>" class=select>
<? foreach($ALLFIELDS as $field => $n) { ?> <? foreach($ALLFIELDS as $field => $n) { ?>
<OPTION VALUE='<?= $field ?>' <? if ($field===$S['s_field'][$fn]) {?>SELECTED<?}?> ><?= SU($field) ?></OPTION> <OPTION VALUE='<?= $field ?>' <? if ($field===$S['s_field'][$fn]) {?>SELECTED<?}?> ><?= SU($field) ?></OPTION>
<? } ?> <? } ?>
</SELECT> <DIV class="select_arrow"></DIV></DIV></TD> </SELECT> <DIV class="select_arrow"></DIV></DIV></TD>
<TD><input type="search" name="<?="s_key$fn"?>" value="<?=$S['s_key'][$fn]?>" onsearch="onsearchsearch(this)" <TD><input type="search" name="<?="s_key$fn"?>" value="<?=$S['s_key'][$fn]?>" onsearch="onsearchsearch(this)"

16
src/tools.php
View File

@ -168,6 +168,8 @@
function mydo($db,$sql,$quiet=0) { // ------------------------------------------------------------ mysql query function mydo($db,$sql,$quiet=0) { // ------------------------------------------------------------ mysql query
if (!$quiet) phplog($sql,'sql'); if (!$quiet) phplog($sql,'sql');
phplog($sql,'sql');
$res=mysqli_query($db,$sql); $res=mysqli_query($db,$sql);
myerr($db,$sql); myerr($db,$sql);
return $res; return $res;
@ -218,6 +220,20 @@
} }
} }
function xphplog($msg,$type='info',$debuglevel=1) { // ------------------------------------------ write php log
global $PHPLOG,$TAG,$USER,$DEBUG;
if ($DEBUG>=$debuglevel) {
$ip=$_SERVER['REMOTE_ADDR'];
$url=$_SERVER['REQUEST_URI'];
if (PM("/^\s*$/",$msg)) {
error_log(date("Y-m-d H:i:s")."|$type|$TAG|$ip|$USER\n", 3,$PHPLOG);
} else {
error_log(date("Y-m-d H:i:s")."|$type|$TAG|$ip|$USER|$msg\n", 3,$PHPLOG);
}
}
}
function HSC($str) { // -------------------------------------------------------- shortcut for htmlspecialchars function HSC($str) { // -------------------------------------------------------- shortcut for htmlspecialchars
return htmlspecialchars($str); return htmlspecialchars($str);
} }

2
src/version.php
View File

@ -1,3 +1,3 @@
<? <?
$VERSION='1.0.121'; $VERSION='1.0.176';
?> ?>