Commit 11e3ecda8a4f22ed18ae278b20335fce30a1e8ca
1 parent
60cb29e7
Added php doc comments to file
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@26 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
2 changed files
with
156 additions
and
56 deletions
lib/security.lib.php
| ... | ... | @@ -15,47 +15,61 @@ |
| 15 | 15 | |
| 16 | 16 | */ |
| 17 | 17 | |
| 18 | +/** | |
| 19 | +* Get the security policy for a specified folder | |
| 20 | +* | |
| 21 | +* @param id folder id | |
| 22 | +* | |
| 23 | +* @return int 1 = permission granted, 0 = permission denied | |
| 24 | +*/ | |
| 18 | 25 | function getfolderpolicy($id) { |
| 19 | 26 | global $default; |
| 20 | 27 | $sql = new Owl_DB; $sql->query("select security from $default->owl_folders_table where id = '$id'"); |
| 21 | 28 | while ($sql->next_record()) return $sql->f("security"); |
| 22 | 29 | } |
| 23 | 30 | |
| 31 | +/** | |
| 32 | +* Get the security policy for a specified file | |
| 33 | +* | |
| 34 | +* @param id file id | |
| 35 | +* | |
| 36 | +* @return int security policy | |
| 37 | +*/ | |
| 24 | 38 | function getfilepolicy($id) { |
| 25 | 39 | global $default; |
| 26 | 40 | $sql = new Owl_DB; $sql->query("select security from $default->owl_files_table where id = '$id'"); |
| 27 | 41 | while ($sql->next_record()) return $sql->f("security"); |
| 28 | 42 | } |
| 29 | 43 | |
| 30 | -// | |
| 31 | -// This function is simple...it returns either a 1 or 0 | |
| 32 | -// If the authentication is good, it returns 1 | |
| 33 | -// If the authentication is bad, it returns 0 | |
| 34 | -// | |
| 35 | -// Policy key for FILES: | |
| 36 | -// | |
| 37 | -// 0 = World read | |
| 38 | -// 1 = World edit | |
| 39 | -// 6 = World edit no delete | |
| 40 | -// 2 = Group read | |
| 41 | -// 3 = Group edit | |
| 42 | -// 5 = Group edit no delete | |
| 43 | -// 4 = Creator edit | |
| 44 | -// 7 = Group edit, World read | |
| 45 | -// 8 = Group edit, World read - no delete | |
| 46 | -// | |
| 47 | -// Policy key for FOLDERS: | |
| 48 | -// | |
| 49 | -// 50 = Anyone can read | |
| 50 | -// 51 = Anyone can upload/create folders | |
| 51 | -// 56 = Anyone can upload/create folders but not delete | |
| 52 | -// 52 = Only the group can read | |
| 53 | -// 53 = Only the group can upload/create folders | |
| 54 | -// 55 = Only the group can upload/create folders but not delete; except the creator | |
| 55 | -// 54 = Only the creator can upload/create folders | |
| 56 | -// 57 = Only the group can upload/create folders but anyone can read | |
| 57 | -// 58 = Only the group can upload/create folders (no delete) but anyone can read | |
| 58 | -// | |
| 44 | +/** | |
| 45 | +* This function is simple...it returns either a 1 or 0 | |
| 46 | +* If the authentication is good, it returns 1 | |
| 47 | +* If the authentication is bad, it returns 0 | |
| 48 | +* | |
| 49 | +* Policy key for FILES: | |
| 50 | +* | |
| 51 | +* 0 = World read | |
| 52 | +* 1 = World edit | |
| 53 | +* 2 = Group read | |
| 54 | +* 3 = Group edit | |
| 55 | +* 4 = Creator edit | |
| 56 | +* 5 = Group edit no delete | |
| 57 | +* 6 = World edit no delete | |
| 58 | +* 7 = Group edit, World read | |
| 59 | +* 8 = Group edit, World read - no delete | |
| 60 | +* | |
| 61 | +* Policy key for FOLDERS: | |
| 62 | +* | |
| 63 | +* 50 = Anyone can read | |
| 64 | +* 51 = Anyone can upload/create folders | |
| 65 | +* 56 = Anyone can upload/create folders but not delete | |
| 66 | +* 52 = Only the group can read | |
| 67 | +* 53 = Only the group can upload/create folders | |
| 68 | +* 55 = Only the group can upload/create folders but not delete; except the creator | |
| 69 | +* 54 = Only the creator can upload/create folders | |
| 70 | +* 57 = Only the group can upload/create folders but anyone can read | |
| 71 | +* 58 = Only the group can upload/create folders (no delete) but anyone can read | |
| 72 | +*/ | |
| 59 | 73 | |
| 60 | 74 | function check_auth($id, $action, $userid) { |
| 61 | 75 | global $default; |
| ... | ... | @@ -64,13 +78,6 @@ function check_auth($id, $action, $userid) { |
| 64 | 78 | $foldercreator = owlfoldercreator($id); |
| 65 | 79 | $filegroup = owlfilegroup($id); |
| 66 | 80 | $foldergroup = owlfoldergroup($id); |
| 67 | -// print "Action is $action<br>"; | |
| 68 | -// print "filecreation username is $filecreator<br>"; | |
| 69 | -// print "filecreation groupname is $filegroup<br>"; | |
| 70 | -// print "folder group is $foldergroup<br>"; | |
| 71 | -// print "userid is $userid<br>"; | |
| 72 | -// print "dbusername is $dbuser<br>"; | |
| 73 | -// print "usergroup is $usergroup<br>"; | |
| 74 | 81 | |
| 75 | 82 | if (($action == "folder_modify") || |
| 76 | 83 | ($action == "folder_view") || |
| ... | ... | @@ -80,9 +87,12 @@ function check_auth($id, $action, $userid) { |
| 80 | 87 | } else { |
| 81 | 88 | $policy = getfilepolicy($id); |
| 82 | 89 | } |
| 83 | -// print "Policy is $policy<br>"; | |
| 90 | + | |
| 91 | + //if policy is: world read | |
| 84 | 92 | if ($policy == "0") { |
| 93 | + //if the user want to delete/modify | |
| 85 | 94 | if (($action == "file_delete") || ($action == "file_modify")) { |
| 95 | + //if the user is not the file create | |
| 86 | 96 | if ($userid != $filecreator) { |
| 87 | 97 | $authorization = "0"; |
| 88 | 98 | } else { |
| ... | ... | @@ -92,10 +102,13 @@ function check_auth($id, $action, $userid) { |
| 92 | 102 | $authorization = "1"; |
| 93 | 103 | } |
| 94 | 104 | } |
| 105 | + //if the policy is: world edit | |
| 95 | 106 | if ($policy == "1") { |
| 96 | 107 | $authorization = "1"; |
| 97 | 108 | } |
| 109 | + //if the policy is: group read | |
| 98 | 110 | if ($policy == "2") { |
| 111 | + //if the user wants to delete/modify the file | |
| 99 | 112 | if (($action == "file_delete") || ($action == "file_modify")) { |
| 100 | 113 | if ($userid != $filecreator) { |
| 101 | 114 | $authorization = "0"; |
| ... | ... | @@ -106,6 +119,7 @@ function check_auth($id, $action, $userid) { |
| 106 | 119 | // Bozz Change Begin |
| 107 | 120 | $sql = new Owl_DB; |
| 108 | 121 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); |
| 122 | + //if the user is in the group | |
| 109 | 123 | if ($filegroup == $usergroup || $sql->num_rows($sql) > 0) { |
| 110 | 124 | // Bozz Change End |
| 111 | 125 | $authorization = "1"; |
| ... | ... | @@ -115,33 +129,38 @@ function check_auth($id, $action, $userid) { |
| 115 | 129 | } |
| 116 | 130 | |
| 117 | 131 | } |
| 132 | + //if the policy is: group edit | |
| 118 | 133 | if ($policy == "3") { |
| 119 | 134 | if (($action == "file_delete") || ($action == "file_modify") || ($action == "file_download")) { |
| 120 | 135 | // Bozz Change Begin |
| 121 | 136 | $sql = new Owl_DB; |
| 122 | 137 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); |
| 123 | 138 | // Bozz Change End |
| 139 | + //if the user is not in the group | |
| 124 | 140 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { |
| 125 | 141 | $authorization = "0"; |
| 126 | 142 | } else { |
| 127 | 143 | $authorization = "1"; |
| 128 | 144 | } |
| 129 | - | |
| 130 | 145 | } |
| 131 | 146 | } |
| 147 | + //if the policy is: creator edit | |
| 132 | 148 | if ($policy == "4") { |
| 149 | + //if the user is the creator | |
| 133 | 150 | if ($filecreator == $userid) { |
| 134 | 151 | $authorization = "1"; |
| 135 | 152 | } else { |
| 136 | 153 | $authorization = "0"; |
| 137 | 154 | } |
| 138 | 155 | } |
| 156 | + //if the policy is: group edit no delete | |
| 139 | 157 | if ($policy == "5") { |
| 140 | 158 | if (($action == "file_modify") || ($action == "file_download")) { |
| 141 | 159 | // Bozz Change Begin |
| 142 | 160 | $sql = new Owl_DB; |
| 143 | 161 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); |
| 144 | 162 | // Bozz Change End |
| 163 | + //if the user is in the group | |
| 145 | 164 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { |
| 146 | 165 | $authorization = "0"; |
| 147 | 166 | } else { |
| ... | ... | @@ -149,6 +168,7 @@ function check_auth($id, $action, $userid) { |
| 149 | 168 | } |
| 150 | 169 | } |
| 151 | 170 | if ($action == "file_delete") { |
| 171 | + //if the user is the file creator | |
| 152 | 172 | if ($filecreator == $userid) { |
| 153 | 173 | $authorization = "1"; |
| 154 | 174 | } else { |
| ... | ... | @@ -156,9 +176,11 @@ function check_auth($id, $action, $userid) { |
| 156 | 176 | } |
| 157 | 177 | } |
| 158 | 178 | } |
| 179 | + //if the policy is: world edit no delete | |
| 159 | 180 | if ($policy == "6") { |
| 160 | 181 | $authorization = "1"; |
| 161 | 182 | if ($action == "file_delete") { |
| 183 | + //if the user is the creator | |
| 162 | 184 | if ($filecreator == $userid) { |
| 163 | 185 | $authorization = "1"; |
| 164 | 186 | } else { |
| ... | ... | @@ -166,26 +188,28 @@ function check_auth($id, $action, $userid) { |
| 166 | 188 | } |
| 167 | 189 | } |
| 168 | 190 | } |
| 191 | + //if the policy is: group edit world read | |
| 169 | 192 | if ($policy == "7") { |
| 170 | 193 | if (($action == "file_delete") || ($action == "file_modify")) { |
| 171 | 194 | $sql = new Owl_DB; |
| 172 | - $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | |
| 195 | + $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | |
| 196 | + //if the user is not in the group | |
| 173 | 197 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { |
| 174 | 198 | $authorization = "0"; |
| 175 | 199 | } else { |
| 176 | 200 | $authorization = "1"; |
| 177 | 201 | } |
| 178 | - | |
| 179 | 202 | } |
| 180 | 203 | if ($action == "file_download") { |
| 181 | 204 | $authorization = "1"; |
| 182 | 205 | } |
| 183 | 206 | } |
| 184 | - | |
| 207 | + //if the policy is: group edit, world read, no delete | |
| 185 | 208 | if ($policy == "8") { |
| 186 | 209 | if ($action == "file_modify") { |
| 187 | 210 | $sql = new Owl_DB; |
| 188 | - $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | |
| 211 | + $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | |
| 212 | + //if the user is not in the group | |
| 189 | 213 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { |
| 190 | 214 | $authorization = "0"; |
| 191 | 215 | } else { |
| ... | ... | @@ -196,6 +220,7 @@ function check_auth($id, $action, $userid) { |
| 196 | 220 | $authorization = "1"; |
| 197 | 221 | } |
| 198 | 222 | if ($action == "file_delete") { |
| 223 | + //if the user is the creator | |
| 199 | 224 | if ($filecreator == $userid) { |
| 200 | 225 | $authorization = "1"; |
| 201 | 226 | } else { |
| ... | ... | @@ -203,11 +228,12 @@ function check_auth($id, $action, $userid) { |
| 203 | 228 | } |
| 204 | 229 | } |
| 205 | 230 | } |
| 206 | - | |
| 231 | + //if the policy is: anyone can read | |
| 207 | 232 | if ($policy == "50") { |
| 208 | 233 | if (($action == "folder_delete") || |
| 209 | 234 | ($action == "folder_property") || |
| 210 | 235 | ($action == "folder_modify")) { |
| 236 | + //if the user is not the creator | |
| 211 | 237 | if ($userid != $foldercreator) { |
| 212 | 238 | $authorization = "0"; |
| 213 | 239 | } else { |
| ... | ... | @@ -217,9 +243,13 @@ function check_auth($id, $action, $userid) { |
| 217 | 243 | $authorization = "1"; |
| 218 | 244 | } |
| 219 | 245 | } |
| 246 | + | |
| 247 | + //if the policy is: anyone can upload/create folders | |
| 220 | 248 | if ($policy == "51") { |
| 221 | 249 | $authorization = "1"; |
| 222 | 250 | } |
| 251 | + | |
| 252 | + //if the policy is: only the group can read folders | |
| 223 | 253 | if ($policy == "52") { |
| 224 | 254 | if (($action == "folder_delete") || |
| 225 | 255 | ($action == "folder_property") || |
| ... | ... | @@ -242,6 +272,8 @@ function check_auth($id, $action, $userid) { |
| 242 | 272 | } |
| 243 | 273 | |
| 244 | 274 | } |
| 275 | + | |
| 276 | + //if the policy is: only the group can upload/create folders | |
| 245 | 277 | if ($policy == "53") { |
| 246 | 278 | if (($action == "folder_delete") || |
| 247 | 279 | ($action == "folder_modify") || |
| ... | ... | @@ -250,6 +282,7 @@ function check_auth($id, $action, $userid) { |
| 250 | 282 | // Bozz Change Begin |
| 251 | 283 | $sql = new Owl_DB; |
| 252 | 284 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); |
| 285 | + //if the user is not in the group | |
| 253 | 286 | if ($usergroup != $foldergroup && $sql->num_rows($sql) == 0) { |
| 254 | 287 | // Bozz Change End |
| 255 | 288 | $authorization = "0"; |
| ... | ... | @@ -258,13 +291,18 @@ function check_auth($id, $action, $userid) { |
| 258 | 291 | } |
| 259 | 292 | } |
| 260 | 293 | } |
| 294 | + | |
| 295 | + //if the policy is: only the creator can upload/change files | |
| 261 | 296 | if ($policy == "54") { |
| 297 | + //if the user is the creator | |
| 262 | 298 | if ($foldercreator == $userid) { |
| 263 | 299 | $authorization = "1"; |
| 264 | 300 | } else { |
| 265 | 301 | $authorization = "0"; |
| 266 | 302 | } |
| 267 | 303 | } |
| 304 | + | |
| 305 | + //if the policy is: only the group can upload/create folders but not delete; except the creator | |
| 268 | 306 | if ($policy == "55") { |
| 269 | 307 | if (($action == "folder_modify") || ($action == "folder_view")) { |
| 270 | 308 | // Bozz Change Begin |
| ... | ... | @@ -286,10 +324,12 @@ function check_auth($id, $action, $userid) { |
| 286 | 324 | } |
| 287 | 325 | } |
| 288 | 326 | } |
| 327 | + //if the policy is: anyone can upload/create folders but not delete | |
| 289 | 328 | if ($policy == "56") { |
| 290 | 329 | $authorization = "1"; |
| 291 | 330 | if (($action == "folder_delete") || |
| 292 | 331 | ($action == "folder_property")) { |
| 332 | + //if the user is the creator | |
| 293 | 333 | if ($foldercreator == $userid) { |
| 294 | 334 | $authorization = "1"; |
| 295 | 335 | } else { |
| ... | ... | @@ -298,10 +338,12 @@ function check_auth($id, $action, $userid) { |
| 298 | 338 | } |
| 299 | 339 | } |
| 300 | 340 | |
| 341 | + //if the policy is: only the group can upload/create folders but anyone can read | |
| 301 | 342 | if ($policy == "57") { |
| 302 | 343 | if (($action == "folder_modify") || ($action == "folder_delete")) { |
| 303 | 344 | $sql = new Owl_DB; |
| 304 | - $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); | |
| 345 | + $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); | |
| 346 | + //if the user is not in the group | |
| 305 | 347 | if (($usergroup != $foldergroup) && ($sql->num_rows($sql) == 0)) { |
| 306 | 348 | $authorization = "0"; |
| 307 | 349 | } else { |
| ... | ... | @@ -309,6 +351,7 @@ function check_auth($id, $action, $userid) { |
| 309 | 351 | } |
| 310 | 352 | } |
| 311 | 353 | if ($action == "folder_property") { |
| 354 | + //if the user is the creator | |
| 312 | 355 | if ($foldercreator == $userid) { |
| 313 | 356 | $authorization = "1"; |
| 314 | 357 | } else { |
| ... | ... | @@ -319,11 +362,12 @@ function check_auth($id, $action, $userid) { |
| 319 | 362 | $authorization = "1"; |
| 320 | 363 | } |
| 321 | 364 | } |
| 322 | - | |
| 365 | + //if the policy is: only the group can upload/create folders (no delete) but anyone can read | |
| 323 | 366 | if ($policy == "58") { |
| 324 | 367 | if ($action == "folder_modify") { |
| 325 | 368 | $sql = new Owl_DB; |
| 326 | - $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); | |
| 369 | + $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); | |
| 370 | + //if the user is not in the group | |
| 327 | 371 | if ($usergroup != $foldergroup && $sql->num_rows($sql) == 0) { |
| 328 | 372 | $authorization = "0"; |
| 329 | 373 | } else { |
| ... | ... | @@ -331,6 +375,7 @@ function check_auth($id, $action, $userid) { |
| 331 | 375 | } |
| 332 | 376 | } |
| 333 | 377 | if ($action == "folder_property") { |
| 378 | + //if the user is the creator | |
| 334 | 379 | if ($foldercreator == $userid) { |
| 335 | 380 | $authorization = "1"; |
| 336 | 381 | } else { |
| ... | ... | @@ -338,6 +383,7 @@ function check_auth($id, $action, $userid) { |
| 338 | 383 | } |
| 339 | 384 | } |
| 340 | 385 | if ($action == "folder_delete") { |
| 386 | + //if the user is the creator | |
| 341 | 387 | if ($foldercreator == $userid) { |
| 342 | 388 | $authorization = "1"; |
| 343 | 389 | } else { | ... | ... |
move.php
| ... | ... | @@ -3,6 +3,8 @@ |
| 3 | 3 | /* |
| 4 | 4 | * move.php |
| 5 | 5 | * |
| 6 | + * Move a folder or a file to a new destination | |
| 7 | + * | |
| 6 | 8 | * Copyright (c) 1999-2002 The Owl Project Team |
| 7 | 9 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
| 8 | 10 | * |
| ... | ... | @@ -46,14 +48,18 @@ switch ($order) { |
| 46 | 48 | |
| 47 | 49 | |
| 48 | 50 | if($action == "file") { |
| 51 | + //if the user does not have permission to modify the file | |
| 49 | 52 | if(check_auth($id, "file_modify", $userid) == 0) { |
| 50 | 53 | include("./lib/header.inc"); |
| 51 | 54 | print("<TABLE WIDTH=$default->table_expand_width BGCOLOR=$default->main_header_bgcolor CELLSPACING=0 CELLPADDING=0 BORDER=$default->table_border HEIGHT=30>"); |
| 52 | 55 | ?> |
| 53 | 56 | <TR><TD ALIGN=LEFT> |
| 54 | 57 | <?php print("$lang_user: "); |
| 58 | + | |
| 59 | + //if the user has access to his/her preferences | |
| 60 | + //print a link to the user's preferences | |
| 55 | 61 | if(prefaccess($userid)) { |
| 56 | - print("<A HREF='prefs.php?owluser=$userid&sess=$sess&expand=$expand&order=$order&sortname=$sortname'>"); | |
| 62 | + print("<A HREF='prefs.php?owluser=$userid&sess=$sess&expand=$expand&order=$order&sortname=$sortname'>"); | |
| 57 | 63 | } |
| 58 | 64 | print uid_to_name($userid); |
| 59 | 65 | print ("</A>"); |
| ... | ... | @@ -69,14 +75,18 @@ if($action == "file") { |
| 69 | 75 | exit($lang_nofilemod); |
| 70 | 76 | } |
| 71 | 77 | } else { |
| 78 | + //if the user does not have permission to modify the folder | |
| 72 | 79 | if(check_auth($id, "folder_modify", $userid) == 0) { |
| 73 | 80 | include("./lib/header.inc"); |
| 74 | 81 | print("<TABLE WIDTH=$default->table_expand_width BGCOLOR=$default->main_header_bgcolor CELLSPACING=0 CELLPADDING=0 BORDER=$default->table_border HEIGHT=30>"); |
| 75 | 82 | ?> |
| 76 | 83 | <TR><TD ALIGN=LEFT> |
| 77 | 84 | <?php print("$lang_user: "); |
| 85 | + | |
| 86 | + //if the user has access to his/her preferences | |
| 87 | + //print a link to the user's preferences | |
| 78 | 88 | if(prefaccess($userid)) { |
| 79 | - print("<A HREF='prefs.php?owluser=$userid&sess=$sess&expand=$expand&order=$order&sortname=$sortname'>"); | |
| 89 | + print("<A HREF='prefs.php?owluser=$userid&sess=$sess&expand=$expand&order=$order&sortname=$sortname'>"); | |
| 80 | 90 | } |
| 81 | 91 | print uid_to_name($userid); |
| 82 | 92 | print ("</A>"); |
| ... | ... | @@ -92,9 +102,17 @@ if($action == "file") { |
| 92 | 102 | } |
| 93 | 103 | } |
| 94 | 104 | |
| 105 | + | |
| 106 | +/** | |
| 107 | +* Check for new folders. Sets $newFolder to the new folder id | |
| 108 | +*/ | |
| 95 | 109 | function checkForNewFolder() { |
| 96 | 110 | global $HTTP_POST_VARS, $newFolder; |
| 97 | - if (!is_array($HTTP_POST_VARS)) return; | |
| 111 | + if (!is_array($HTTP_POST_VARS)) | |
| 112 | + { | |
| 113 | + return; | |
| 114 | + } | |
| 115 | + | |
| 98 | 116 | while (list($key, $value) = each ($HTTP_POST_VARS)) { |
| 99 | 117 | if (substr($key,0,2)=="ID") { |
| 100 | 118 | $newFolder = intval(substr($key,2)); |
| ... | ... | @@ -103,27 +121,58 @@ function checkForNewFolder() { |
| 103 | 121 | } |
| 104 | 122 | } |
| 105 | 123 | |
| 124 | +/** | |
| 125 | +* Display all the sub-folders in a folder | |
| 126 | +* | |
| 127 | +* @param $fid folder id | |
| 128 | +* @param $folder folder name | |
| 129 | +* | |
| 130 | +*/ | |
| 106 | 131 | function showFoldersIn($fid, $folder) { |
| 107 | 132 | global $folderList, $fCount, $fDepth, $excludeID, $action, $id, $default, $userid ; |
| 108 | 133 | for ($c=0 ;$c < ($fDepth-1) ; $c++) print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/blank.gif' height=16 width=18 align=top>"; |
| 109 | 134 | if ($fDepth) print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/link.gif' height=16 width=16 align=top>"; |
| 110 | 135 | |
| 111 | 136 | $gray=0; // Work out when to gray out folders ... |
| 112 | - if ($fid==$excludeID) $gray=1; // current parent for all moves | |
| 113 | - if (($action=="folder") && ($fid==$id)) $gray=1; // subtree for folder moves | |
| 114 | - if (check_auth($fid, "folder_modify", $userid) == 0) $gray = 1; // check for permissions | |
| 115 | - | |
| 137 | + | |
| 138 | + //current parent for all moves | |
| 139 | + if ($fid==$excludeID) | |
| 140 | + { | |
| 141 | + $gray=1; | |
| 142 | + } | |
| 143 | + //subtree for folder moves | |
| 144 | + //can't move a folder to itself | |
| 145 | + if (($action=="folder") && ($fid==$id)) | |
| 146 | + { | |
| 147 | + $gray=1; | |
| 148 | + } | |
| 149 | + //check for permissions | |
| 150 | + //if you don't have folder modify permissions | |
| 151 | + if (check_auth($fid, "folder_modify", $userid) == 0) | |
| 152 | + { | |
| 153 | + $gray = 1; | |
| 154 | + } | |
| 116 | 155 | |
| 156 | + | |
| 117 | 157 | if ($gray) { |
| 118 | 158 | print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/folder_gray.gif' height=16 width=16 align=top>"; |
| 119 | 159 | print " <font color=\"silver\">$folder</font><br>\n"; |
| 120 | - } else { | |
| 160 | + } | |
| 161 | + else | |
| 162 | + { | |
| 121 | 163 | print "<input type='image' border=0 src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/folder_closed.gif' height=16 width=16 align=top name=\"ID"; |
| 122 | 164 | print "$fid\"> $folder<br>\n"; |
| 123 | 165 | } |
| 124 | 166 | |
| 125 | - if (($action=="folder") && ($fid==$id)) return; // Don't show subtree of selected folder as target for folder move | |
| 126 | - for ($c=0; $c<$fCount; $c++) { | |
| 167 | + //Don't show subtree of selected folder as target for folder move | |
| 168 | + if (($action=="folder") && ($fid==$id)) | |
| 169 | + { | |
| 170 | + return; | |
| 171 | + } | |
| 172 | + | |
| 173 | + //recurse through all the folders in the current folder and | |
| 174 | + //display their sub-folders | |
| 175 | + for ($c=0; $c < $fCount; $c++) { | |
| 127 | 176 | if ($folderList[$c][2]==$fid) { |
| 128 | 177 | $fDepth++; |
| 129 | 178 | showFoldersIn( $folderList[$c][0] , $folderList[$c][1] ); |
| ... | ... | @@ -138,12 +187,14 @@ if ($action=="$lang_cancel_button") { |
| 138 | 187 | } |
| 139 | 188 | |
| 140 | 189 | checkForNewFolder(); |
| 190 | +//if there is a new folder | |
| 141 | 191 | if (isset($newFolder)) { |
| 142 | 192 | $sql = new Owl_DB; |
| 143 | 193 | |
| 144 | 194 | $source=""; |
| 145 | 195 | $fID=$parent; |
| 146 | 196 | do { |
| 197 | + //build the directory path from the root folder to the current parent folder | |
| 147 | 198 | $sql->query("select name,parent from $default->owl_folders_table where id='$fID'"); |
| 148 | 199 | while($sql->next_record()) { |
| 149 | 200 | $tName = $sql->f("name"); |
| ... | ... | @@ -155,6 +206,7 @@ if (isset($newFolder)) { |
| 155 | 206 | $dest=""; |
| 156 | 207 | $fID=$newFolder; |
| 157 | 208 | do { |
| 209 | + //build the directory path from the root folder to the new folder | |
| 158 | 210 | $sql->query("select name,parent from $default->owl_folders_table where id='$fID'"); |
| 159 | 211 | while($sql->next_record()) { |
| 160 | 212 | $tName = $sql->f("name"); |
| ... | ... | @@ -180,6 +232,8 @@ if (isset($newFolder)) { |
| 180 | 232 | } |
| 181 | 233 | |
| 182 | 234 | |
| 235 | + //if we're using the file system | |
| 236 | + //then move the file | |
| 183 | 237 | if($default->owl_use_fs) { |
| 184 | 238 | if ($type != "url") { |
| 185 | 239 | if (!file_exists("$default->owl_FileDir/$dest$fname")) { | ... | ... |