var $getfile_uri = null; // URI to get file from file storage.
var $site_id = null; // Site id for file storage.
var $site_key = null; // Site key for file storage.
+ var $file_data = null; // Downloaded file data.
// Constructor.
function __construct(&$errors) {
'user_key' => urlencode($fields['user_key']), // May be null.
'file_name' => urlencode($fields['file_name']),
'description' => urlencode($fields['description']),
- 'content' => urlencode(file_get_contents($_FILES['newfile']['tmp_name']))
+ 'content' => urlencode(base64_encode(file_get_contents($_FILES['newfile']['tmp_name'])))
);
// url-ify the data for the POST.
$affected = $mdb2->exec($sql);
return !is_a($affected, 'PEAR_Error');
}
+
+
+ // getFile - downloads file from remote storage to memory.
+ function getFile($fields) {
+ global $i18n;
+ global $user;
+ $mdb2 = getConnection();
+
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
+ $curl_fields = array('site_id' => urlencode($this->site_id),
+ 'site_key' => urlencode($this->site_key),
+ 'org_id' => urlencode($org_id),
+ 'org_key' => urlencode($this->getOrgKey()),
+ 'group_id' => urlencode($group_id),
+ 'group_key' => urlencode($this->getGroupKey()),
+ 'user_id' => urlencode($fields['user_id']), // May be null.
+ 'user_key' => urlencode($fields['user_key']), // May be null.
+ 'file_id' => urlencode($fields['remote_id']),
+ 'file_key' => urlencode($fields['file_key']),
+ 'file_name' => urlencode($fields['file_name']));
+
+ // url-ify the data for the POST.
+ foreach($curl_fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
+ $fields_string = rtrim($fields_string, '&');
+
+ // Open connection.
+ $ch = curl_init();
+
+ // Set the url, number of POST vars, POST data.
+ curl_setopt($ch, CURLOPT_URL, $this->getfile_uri);
+ curl_setopt($ch, CURLOPT_POST, count($fields));
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+ // Execute a post request.
+ $result = curl_exec($ch);
+
+ $error = curl_error();
+ $result_array2 = json_decode($result, true);
+
+ // Close connection.
+ curl_close($ch);
+
+ if (!$result) {
+ $this->errors->add($i18n->get('error.file_storage'));
+ return false;
+ }
+
+ $result_array = json_decode($result, true);
+ $status = (int) $result_array['status'];
+ $error = $result_array['error'];
+
+ if ($error) {
+ // Add an error from file storage facility if we have it.
+ $this->errors->add($error);
+ return false;
+ }
+ if ($status != 1) {
+ // There is no explicit error message, but still something not right.
+ $this->errors->add($i18n->get('error.file_storage'));
+ return false;
+ }
+
+ $this->file_data = $result_array['content'];
+ return true;
+ }
+
+
+ // getFileData - returns file data from memory.
+ function getFileData() {
+ return base64_decode($this->file_data);
+ }
}
--- /dev/null
+<?php
+// +----------------------------------------------------------------------+
+// | Anuko Time Tracker
+// +----------------------------------------------------------------------+
+// | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
+// +----------------------------------------------------------------------+
+// | LIBERAL FREEWARE LICENSE: This source code document may be used
+// | by anyone for any purpose, and freely redistributed alone or in
+// | combination with other software, provided that the license is obeyed.
+// |
+// | There are only two ways to violate the license:
+// |
+// | 1. To redistribute this code in source form, with the copyright
+// | notice or license removed or altered. (Distributing in compiled
+// | forms without embedded copyright notices is permitted).
+// |
+// | 2. To redistribute modified versions of this code in *any* form
+// | that bears insufficient indications that the modifications are
+// | not the work of the original author(s).
+// |
+// | This license applies to this document only, not any other software
+// | that it may be combined with.
+// |
+// +----------------------------------------------------------------------+
+// | Contributors:
+// | https://www.anuko.com/time_tracker/credits.htm
+// +----------------------------------------------------------------------+
+
+require_once('initialize.php');
+import('form.Form');
+import('ttFileHelper');
+import('ttProjectHelper');
+
+// Access checks.
+$cl_file_id = (int)$request->getParameter('id');
+$file = ttFileHelper::get($cl_file_id);
+if (!$file) {
+ header('Location: access_denied.php');
+ exit();
+}
+// Entity-specific checks.
+if ($file['entity_type'] == 'project') {
+ if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) {
+ header('Location: access_denied.php');
+ exit();
+ }
+}
+if ($file['entity_type'] != 'project') {
+ // Currently, files are only associated with projects.
+ // Improve access checks when the feature evolves.
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
+$fileHelper = new ttFileHelper($err);
+
+$filename = $file['file_name'];
+$mime_type = 'image/jpeg'; // Hardcoded type for now. TODO: fix this.
+
+if ($fileHelper->getFile($file)) {
+ header('Pragma: public'); // This is needed for IE8 to download files over https.
+ header('Content-Type: '.$mime_type);
+ header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
+ header('Content-Disposition: attachment; filename="'.$filename.'"');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Cache-Control: private', false);
+
+ echo $fileHelper->getFileData();
+ exit;
+} else
+ $err->add($i18n->get('error.sys'));
+
+$form = new Form('fileForm');
+$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_file_id));
+$form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'file_name','style'=>'width: 250px;','value'=>$cl_name));
+$form->getElement('file_name')->setEnabled(false);
+$form->addInput(array('type'=>'textarea','name'=>'description','style'=>'width: 250px; height: 40px;','value'=>$cl_description));
+$form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->get('button.save')));
+
+if ($request->isPost()) {
+ // Validate user input.
+ if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
+
+ if ($err->no()) {
+ if ($request->getParameter('btn_save')) {
+ // Update file information.
+ $updated = ttFileHelper::update(array('id' => $cl_file_id,'description' => $cl_description));
+ if ($updated && $file['entity_type'] == 'project') {
+ header('Location: project_files.php?id='.$file['entity_id']);
+ exit();
+ } else
+ $err->add($i18n->get('error.db'));
+ }
+ }
+} // isPost
+
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
+$smarty->assign('onload', 'onLoad="document.fileForm.description.focus()"');
+$smarty->assign('title', $i18n->get('title.edit_file'));
+$smarty->assign('content_page_name', 'file_edit.tpl');
+$smarty->display('index.tpl');