Rev 4 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2 | daniel-mar | 1 | <?php |
2 | |||
3 | daniel-mar | 3 | if (!defined('IBLEGAL')) die('Kann nicht ohne Personal WebBase ausgeführt werden.'); |
2 | daniel-mar | 4 | |
5 | if ($aktion == 'new') |
||
6 | { |
||
7 | $res = db_query("SELECT `user` FROM `".$mysql_zugangsdaten['praefix']."ordner` WHERE `id` = '".db_escape($folder)."'"); |
||
8 | $row = db_fetch($res); |
||
9 | if ($row['user'] != $benutzer['id']) |
||
10 | $folder = 0; |
||
11 | |||
12 | if ($_FILES['datei']['tmp_name'] != '') |
||
13 | { |
||
14 | $pfad_zur_datei = $_FILES['datei']['tmp_name']; |
||
15 | $dateiname = $_FILES['datei']['name']; |
||
16 | $data = fread(fopen($pfad_zur_datei, 'r'), filesize($pfad_zur_datei)); |
||
17 | $dtype = $_FILES['datei']['type']; |
||
18 | db_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."dateien` (`name`, `folder`, `dateiname`, `user`, `type`, `daten`) VALUES ('".db_escape($name)."', '".db_escape($folder)."', '".db_escape($dateiname)."', '".$benutzer['id']."', '".db_escape($dtype)."', '".db_escape($data)."')"); |
||
19 | } |
||
20 | else |
||
21 | db_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."dateien` (`name`, `folder`, `user`) VALUES ('".db_escape($name)."', '".db_escape($folder)."', '".$benutzer['id']."')"); |
||
22 | |||
8 | daniel-mar | 23 | if ($danach == 'A') if (!headers_sent()) header('location: '.$_SERVER['PHP_SELF'].'?seite=inhalt&modul='.urlencode($modul)); |
24 | if ($danach == 'B') if (!headers_sent()) header('location: '.$_SERVER['PHP_SELF'].'?seite=edit&modul='.urlencode($modul).'&aktion=new&danach='.urlencode($danach)); |
||
25 | if ($danach == 'C') if (!headers_sent()) header('location: '.$_SERVER['PHP_SELF'].'?seite=edit&modul='.urlencode($modul).'&aktion=new&folder='.urlencode($folder).'&danach='.urlencode($danach)); |
||
2 | daniel-mar | 26 | } |
27 | |||
28 | if ($aktion == 'edit') |
||
29 | { |
||
30 | $res = db_query("SELECT user FROM ".$mysql_zugangsdaten['praefix']."ordner WHERE id = '".db_escape($folder)."'"); |
||
31 | $row = db_fetch($res); |
||
32 | if ($row['user'] != $benutzer['id']) |
||
33 | $folder = 0; |
||
34 | |||
35 | if ($_FILES['datei']['tmp_name'] != '') |
||
36 | { |
||
37 | $pfad_zur_datei = $_FILES['datei']['tmp_name']; |
||
38 | $dateiname = $_FILES['datei']['name']; |
||
39 | $data = fread(fopen($pfad_zur_datei, 'r'), filesize($pfad_zur_datei)); |
||
40 | $dtype = $_FILES['datei']['type']; |
||
41 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."dateien` SET `name` = '".db_escape($name)."', `folder` = '".db_escape($folder)."', `dateiname` = '".db_escape($dateiname)."', `daten` = '".db_escape($data)."', `type` = '".db_escape($dtype)."' WHERE `user` = '".$benutzer['id']."' AND `id` = '".db_escape($id)."'"); |
||
42 | } |
||
43 | else |
||
44 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."dateien` SET `name` = '".db_escape($name)."', `folder` = '".db_escape($folder)."' WHERE `user` = '".$benutzer['id']."' AND `id` = '".db_escape($id)."'"); |
||
45 | |||
8 | daniel-mar | 46 | if ($danach == 'A') if (!headers_sent()) header('location: '.$_SERVER['PHP_SELF'].'?seite=inhalt&modul='.urlencode($modul)); |
47 | if ($danach == 'B') if (!headers_sent()) header('location: '.$_SERVER['PHP_SELF'].'?seite=edit&modul='.urlencode($modul).'&aktion=new&danach='.urlencode($danach)); |
||
48 | if ($danach == 'C') if (!headers_sent()) header('location: '.$_SERVER['PHP_SELF'].'?seite=edit&modul='.urlencode($modul).'&aktion=new&folder='.urlencode($folder).'&danach='.urlencode($danach)); |
||
2 | daniel-mar | 49 | } |
50 | |||
51 | if ($aktion == 'delete') |
||
52 | { |
||
53 | db_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."dateien` WHERE `id` = '".db_escape($id)."' AND `user` = '".$benutzer['id']."'"); |
||
54 | if (db_affected_rows() > 0) |
||
55 | db_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."dateien`"); |
||
56 | |||
8 | daniel-mar | 57 | if (!headers_sent()) header('location: '.$_SERVER['PHP_SELF'].'?seite=inhalt&modul='.urlencode($modul)); |
2 | daniel-mar | 58 | } |
59 | |||
3 | daniel-mar | 60 | ?> |