'zkl', 'device_documenten' => 'device', 'project_documenten' => array( '' => 'project', 'RO' => 'user upload', 'RO-WO' => 'work order' ), 'klant_documenten' => 'customer', 'algemene_documenten' => 'general' ); foreach ($row_docs as $document) { switch ($doc_table) { case "project_documenten": case "klant_documenten": case "gebruiker_profiel": $file = $upload_dir . "/" . $document['id']; break; default: $file = FALSE; break; } // check for file on filesystem (but only read it when the document data is requested) if ($read_doc && $file && file_exists($file)) { // Open the file $handle = fopen($file, "r"); // read document data from file $file_data = fread($handle, filesize($file)); // close handle fclose($handle); // save file data in the 'document' $document['document'] = $file_data; } // else: document['document'] contains the document data from the database (or not, if 'read_doc' is FALSE) // set document type if (!$document['doc_type']) { if (is_array($doc_types[$doc_table])) { // the 'omschrijving' in 'project_documenten' is abused to set the document type; // this should become a separate database field in the future $document['doc_type'] = $doc_types[$doc_table][$document['omschrijving']]; } else $document['doc_type'] = $doc_types[$doc_table]; } // else: part of the database data (future addition to the 'project_documenten' table) // save result $result[] = $document; } } return $result; } /** * Fetch file database id * * Inputs: * - file: File id * - doc_table: Document table * * Return: Array containing user information */ function db_fetch_file($file_id, $doc_table, $read_doc = FALSE) { // fetch document info switch ($doc_table) { case "algemene_documenten": $filter = ($read_doc) ? "*" : "filename,titel,omschrijving,categorie,id,mimetype"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE id='" . $file_id . "'"; break; case "zkl_documenten": $filter = ($read_doc) ? "*" : "zkl,filename,omschrijving,id,public,mimetype"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE id='" . $file_id . "'"; break; case "device_documenten": $filter = ($read_doc) ? "*" : "device,filename,omschrijving,id,mimetype"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE id='" . $file_id . "'"; break; case "project_documenten": $filter = ($read_doc) ? "*" : "doc_type,filename,omschrijving,id,mimetype,latitude,longitude,heading"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE id='" . $file_id . "'"; break; case "klant_documenten": $filter = ($read_doc) ? "*" : "klant,filename,titel,omschrijving,categorie,id,mimetype"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE id='" . $file_id . "'"; break; default: trigger_error("Bad function call: " . $doc_table . " is not valid", E_USER_ERROR); return FALSE; } // get document and info from the database and build the resulting array // NB: only one document expected, so only the first element in the resulting array // is returned $result = db_fetch_files_by_query($query, $doc_table, $read_doc); if ($result) return $result[0]; else return FALSE; } /** * Fetch file data which match lance id * * Inputs: * - lance_id: Lance/project/zkl db id * - doc_table: Document table * - read_doc: Read the document data (if FALSE, only the info about the document is returned) * - options / sort: Possibility to parse some extra options / old: Sort the documents by date, descending if "DESC" (the default), ascending ("ASC") * or not at all (empty string, FALSE, etc) * * Return: Multidimensional array containing all file information */ function db_fetch_files($id, $doc_table, $read_doc = FALSE, $options = NULL) { // Default value $order = "DESC"; $order_by = "datum"; // Stay backwards compatible if (!is_null($options)) { // Not an array with options but old sort parameter if (!is_array($options)) { $order = $options; } else { // Order if (isset($options['order'])) { $order = $options['order']; } // Order by if (isset($options['order_by'])) { $order_by = $options['order_by']; } } } // fetch document info switch ($doc_table) { case "algemene_documenten": $filter = ($read_doc) ? "*" : "gebruiker,filename,titel,omschrijving,categorie,id,mimetype"; $query = "SELECT " . $filter . " FROM " . $doc_table; break; case "zkl_documenten": $filter = ($read_doc) ? "*" : "filename,omschrijving,id,public,mimetype"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE zkl='" . $id . "'"; break; case "device_documenten": $filter = ($read_doc) ? "*" : "filename,omschrijving,id,mimetype"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE device='" . $id . "'"; break; case "project_documenten": $filter = ($read_doc) ? "*" : "level,doc_type,filename,omschrijving,id,mimetype,gebruiker,datum,latitude,longitude,heading,gebruiker_tabel"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE project='" . $id . "'"; if (!is_null($options)) { foreach ($options as $key => $option) { switch ($key) { // Select specific doctype case 'doctype': $query .= " AND doc_type = '" . $option . "'"; break; // Do nothing default: break; } } } break; case "klant_documenten": $filter = ($read_doc) ? "*" : "klant,gebruiker,filename,titel,omschrijving,categorie,id,mimetype"; $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE klant=" . $id; break; default: trigger_error("Bad function call: " . $doc_table . " is not valid", E_USER_ERROR); return FALSE; } // sort if ($order) $query .= " ORDER BY " . $order_by . " " . $order; // get documents and info from the database and build the resulting array return db_fetch_files_by_query($query, $doc_table, $read_doc); } /** * Search files which match some parameters (only used for general docs!) * * Inputs: * - doc_table "algemene_documenten" or "klant_documenten" * - cust_id database id for the customer (for "klant_doucmenten" only) * - category document category * - title document title * - description document description * - date_begin begin of period * - time_begin begin of period * - date_end end of period * - time_end end of period * * Return: Multidimensional array containing all document information */ function db_search_files($doc_table, $cust_id, $cat, $title, $descr, $date_begin, $time_begin, $date_end, $time_end, $read_doc = FALSE) { // fetch document info switch ($doc_table) { case "algemene_documenten": $filter = ($read_doc) ? "*" : "gebruiker,filename,titel,omschrijving,categorie,id,mimetype"; break; case "klant_documenten": $filter = ($read_doc) ? "*" : "klant,gebruiker,filename,titel,omschrijving,categorie,id,mimetype"; break; default: trigger_error("Bad function call: " . $doc_table . " is not valid or not supported", E_USER_ERROR); return FALSE; } // build query to search for the requested documents $query = "SELECT " . $filter . " FROM " . $doc_table . " WHERE "; if ($doc_table == "klant_documenten" && is_numeric($cust_id)) { $query .= "klant=" . $cust_id . " AND "; } $query .= "categorie like '%" . $cat . "%' AND "; $query .= "(titel like '%" . $title . "%' OR filename like '%" . $title . "%') AND "; $query .= "omschrijving like '%" . $descr . "%'"; if ((strlen($date_begin)) && (strlen($date_end))) { $query .= "AND datum BETWEEN '" . $date_begin . " " . $time_begin . "' AND '" . $date_end . " " . $time_end . "'"; } else if (strlen($date_begin)) { $query .= " AND datum >= '" . $date_begin . " " . $time_begin . "'"; } else if (strlen($date_end)) { $query .= " AND datum <= '" . $date_end . " " . $time_end . "'"; } // Order by titel $query .= " ORDER BY titel"; // get documents and info from the database and build the resulting array $documents = db_fetch_files_by_query($query, $doc_table, $read_doc); // No customers selected? if ($doc_table == "klant_documenten" && !is_numeric($cust_id)) { if (is_array($documents)) { // Initial array $found_documents = array(); // Get all customers down the pyramid $customers = db_search_customers(); for ($i = 0; $i < sizeof($documents); $i++) { // Initial value $found = FALSE; // Valid customer? for ($j = 0; (($j < sizeof($customers)) && (!$found)); $j++) { $found = ($customers[$j]['id'] === $documents[$i]['klant']); } // Customer found? if ($found) { array_push($found_documents, $documents[$i]); } } // Return value $documents = $found_documents; } } return $documents; } /** * Private function: check for duplicate filenames * * Input: * - file_array: Array containing all info about the new file * - file_obj: Item in the array to check * - doc_table Document table * - documents Exisiting documents to check * * Output: * - Possibly modified filename */ function db_check_duplicate_filenames($file_array, $file_obj = NULL, $doc_table, $documents) { $filename_addition = ""; $filename_counter = 0; // get extension and base name if (!is_null($file_obj)) { $filename = $file_array[$file_obj]; } else { $filename = $file_array['name']; } $extension = GetExtension($filename); $filename = substr($filename, 0, strlen($filename) - strlen($extension)); if (is_array($documents)) { $valid = FALSE; while (!$valid) { $valid = TRUE; foreach ($documents as $document) { // correct type? if ( ($doc_table == 'project_documenten' && $document['doc_type'] == $file_array['doc_type']) || $doc_table != 'project_documenten' ) { // Same filename? if ($document['filename'] == ($filename . $filename_addition . $extension)) { // add an incrementing number to the filename $filename_addition = " (" . ++$filename_counter . ")"; $valid = FALSE; break; } } } } } // adjust filename (and reattach the extension) return $filename . $filename_addition . $extension; } /** * Store new file * * Inputs: * - file_array: Array containing all customer info * - doc_table: Documenten table * * Return: FALSE on error of file identifier on success */ function db_store_file($file_array, $doc_table) { global $_RELEASE; global $_PAGE_INFO; // Initial return value $result = FALSE; // upload document to a directory; currently not implemented for all document tables $save_file_in_upload_dir = FALSE; $upload_dir = realpath($_RELEASE[((is_ReleaseCandidate()) ? 'rc' : 'release')]['upload'] . strtolower($doc_table)); // upload directory should exist, so the error is never triggered in a release environment if (!$upload_dir) { trigger_error("Cannot save document: path \"" . $upload_dir . "\" is invalid, expanded from \"" . $_RELEASE[((is_ReleaseCandidate()) ? 'rc' : 'release')]['upload'] . strtolower($doc_table) . "\"", E_USER_ERROR); return FALSE; } // Query storing new file switch ($doc_table) { case "algemene_documenten": $query = "INSERT INTO algemene_documenten (categorie, titel, omschrijving, datum, filename, mimetype, document) VALUES ("; $query .= "'" . specialchars($file_array['categorie']) . "',"; $query .= "'" . specialchars($file_array['titel']) . "',"; $query .= "'" . specialchars($file_array['omschrijving']) . "',"; $date = (!isset($file_array['datum'])) ? date('Y-m-d H:i:s') : $file_array['datum']; $query .= "'" . ($date) . "',"; $query .= "'" . addslashes($file_array['filename']) . "',"; $query .= "'" . ($file_array['mimetype']) . "',"; // document data for 'algemene_documenten' is still in a 'longblob' in the database $query .= "'" . addslashes($file_array['document']) . "')"; break; case "zkl_documenten": $query = "INSERT INTO zkl_documenten (zkl, omschrijving, datum, public, mimetype, filename, document) VALUES ("; $query .= "'" . ($file_array['zkl']) . "',"; $query .= "'" . specialchars($file_array['omschrijving']) . "',"; $date = (!isset($file_array['datum'])) ? date('Y-m-d H:i:s') : $file_array['datum']; $query .= "'" . ($date) . "',"; $query .= "'" . ($file_array['public']) . "',"; $query .= "'" . ($file_array['mimetype']) . "',"; $query .= "'" . addslashes($file_array['filename']) . "',"; // document data for 'zkl_documenten' is still in a 'longblob' in the database $query .= "'" . addslashes($file_array['document']) . "')"; break; case "device_documenten": $query = "INSERT INTO device_documenten (device,omschrijving, datum, filename, mimetype, document) VALUES ("; $query .= "'" . ($file_array['zkl']) . "',"; $query .= "'" . specialchars($file_array['omschrijving']) . "',"; $date = (!isset($file_array['datum'])) ? date('Y-m-d H:i:s') : $file_array['datum']; $query .= "'" . ($date) . "',"; $query .= "'" . addslashes($file_array['filename']) . "',"; $query .= "'" . ($file_array['mimetype']) . "',"; // document data for 'device_documenten' is still in a 'longblob' in the database $query .= "'" . addslashes($file_array['document']) . "')"; break; case "klant_documenten": // 'klant_documenten' are always saved in the upload directory $save_file_in_upload_dir = TRUE; // adjust filename to accomodate duplicates $docs = db_fetch_files($_SESSION[$_PAGE_INFO['id']]['login']['customer']['id'], $doc_table); $file_array['filename'] = db_check_duplicate_filenames($file_array, 'filename', $doc_table, $docs); unset($docs); // no longer needed $query = "INSERT INTO klant_documenten (gebruiker,klant,categorie, titel, omschrijving, datum, filename, mimetype) VALUES ("; $query .= $_SESSION[$_PAGE_INFO['id']]['login']['user']['id'] . ","; $query .= $_SESSION[$_PAGE_INFO['id']]['login']['customer']['id'] . ","; $query .= "'" . specialchars($file_array['categorie']) . "',"; $query .= "'" . specialchars($file_array['titel']) . "',"; $query .= "'" . specialchars($file_array['omschrijving']) . "',"; $date = (!isset($file_array['datum'])) ? date('Y-m-d H:i:s') : $file_array['datum']; $query .= "'" . ($date) . "',"; $query .= "'" . addslashes($file_array['filename']) . "',"; $query .= "'" . ($file_array['mimetype']) . "')"; break; case "project_documenten": // 'project_documenten' are always saved in the upload directory $save_file_in_upload_dir = TRUE; // adjust filename to accomodate duplicates $docs = db_fetch_files($file_array['project'], $doc_table); $file_array['filename'] = db_check_duplicate_filenames($file_array, 'filename', $doc_table, $docs); unset($docs); // Check whether to use the id of the user or the id of the profile if (isset($_SESSION[$_PAGE_INFO['id']]['signin_check_in_out_info'])) { $checkInOutInfo = $_SESSION[$_PAGE_INFO['id']]['signin_check_in_out_info']; $userTable = 'gebruiker_profiel'; $insertUserId = $checkInOutInfo['gebruiker']; } else { $userTable = 'gebruiker'; $insertUserId = $_SESSION[$_PAGE_INFO['id']]['login']['user']['id']; } $query = "INSERT INTO project_documenten (level,doc_type,project,omschrijving,gebruiker,datum,latitude,longitude,heading,filename,mimetype,gebruiker_tabel) VALUES ("; $query .= "'" . ($file_array['level']) . "',"; $query .= "'" . ($file_array['doc_type']) . "',"; $query .= "'" . ($file_array['project']) . "',"; $query .= "'" . specialchars($file_array['omschrijving']) . "',"; $query .= $insertUserId . ","; $date = (!isset($file_array['datum'])) ? date('Y-m-d H:i:s') : $file_array['datum']; $query .= "'" . ($date) . "',"; $query .= (!isset($file_array['latitude'])) ? "NULL," : "'" . specialchars($file_array['latitude']) . "',"; $query .= (!isset($file_array['longitude'])) ? "NULL," : "'" . specialchars($file_array['longitude']) . "',"; $query .= (!isset($file_array['heading'])) ? "NULL," : "'" . specialchars($file_array['heading']) . "',"; $query .= "'" . addslashes($file_array['filename']) . "',"; $query .= "'" . ($file_array['mimetype']) . "',"; $query .= "'$userTable'"; $query .= ")"; break; default: trigger_error("Bad function call: " . $doc_table . " is not valid", E_USER_ERROR); return FALSE; } if (db_store_data($query)) { // successfully stored in the database; write the file in the upload directory // NB: currently not fully implemented for all document tables // save off the identifier for the new document $file_array['id'] = db_fetch_last_id(); if ($save_file_in_upload_dir) { // Open/create handle $handle = fopen($upload_dir . "/" . $file_array['id'], "w"); // Write document data to file fwrite($handle, $file_array['document']); // Close handle fclose($handle); } // don't store the file data in the user log (zap it before calling 'serialize') unset($file_array['document']); switch ($doc_table) { case "zkl_documenten": // Log user-lance action db_log_user_lance($file_array['zkl'], "menu:lansen:onderhoudsrapporten:nieuw", serialize($file_array)); break; case "device_documenten": // Log user-lance action db_log_user_lance($file_array['zkl'], "menu:lansen:materieel_documentatie:nieuw", serialize($file_array)); break; case "algemene_documenten": // Log user action db_log_user("menu:documentatie:nieuw", serialize($file_array)); break; case "klant_documenten": // Log user action db_log_user("menu:documentatie:nieuw", serialize($file_array)); break; case "project_documenten": // Log user-project action db_log_user_project($file_array['project'], "menu:projecten:project_documentatie:nieuw", serialize($file_array)); break; default: break; } // Result OK $result = $file_array['id']; } return $result; } /** * Update exisiting file * * Inputs: * - file_array: Array containing all customer info * - doc_table: Documenten table * * Return: FALSE on error of file identifier on success */ function db_update_file($file_array, $doc_table) { // Initial return value $result = FALSE; // Query updating document switch ($doc_table) { case "algemene_documenten": $query = "UPDATE algemene_documenten SET "; $query .= "categorie='" . specialchars($file_array['categorie']) . "',"; $query .= "omschrijving='" . specialchars($file_array['omschrijving']) . "',"; $query .= "titel='" . specialchars($file_array['titel']) . "' "; $query .= "WHERE id='" . $file_array['id'] . "'"; break; case "zkl_documenten": $query = "UPDATE zkl_documenten SET "; $query .= "omschrijving='" . specialchars($file_array['omschrijving']) . "',"; $query .= "public='" . $file_array['public'] . "' "; $query .= "WHERE id='" . $file_array['id'] . "'"; break; case "device_documenten": $query = "UPDATE device_documenten SET "; $query .= "omschrijving='" . specialchars($file_array['omschrijving']) . "' "; $query .= "WHERE id='" . $file_array['id'] . "'"; break; case "klant_documenten": $query = "UPDATE klant_documenten SET "; $query .= "categorie='" . specialchars($file_array['categorie']) . "',"; $query .= "omschrijving='" . specialchars($file_array['omschrijving']) . "',"; $query .= "titel='" . specialchars($file_array['titel']) . "' "; $query .= "WHERE id='" . $file_array['id'] . "'"; break; case "project_documenten": $query = "UPDATE project_documenten SET "; $query .= "level='" . specialchars($file_array['level']) . "' "; $query .= "WHERE id='" . $file_array['id'] . "'"; break; default: trigger_error("Bad function call: " . $doc_table . " is not valid", E_USER_ERROR); return FALSE; } if (db_store_data($query)) { // Result OK $result = $file_array['id']; } if ($result) { // Get doc and zkl data $doc_data = db_fetch_file($file_array['id'], $doc_table); unset($file_array['document']); switch ($doc_table) { case "algemene_documenten": db_log_user("menu:documentatie:wijzigen", serialize($file_array)); break; case "zkl_documenten": // Log user-lance action db_log_user_lance($doc_data['zkl'], "menu:lansen:onderhoudsrapporten:wijzigen", serialize($doc_data)); break; case "device_documenten": // Log user-lance action db_log_user_lance($doc_data['device'], "menu:lansen:materieel_documentatie:wijzigen", serialize($doc_data)); break; case "klant_documenten": // Log user-lance action db_log_user("menu:documentatie:wijzigen", serialize($file_array)); break; case "project_documenten": // Log user-project action db_log_user_project($file_array['project'], "menu:projecten:project_documentatie:wijzigen", serialize($file_array)); break; default: break; } } return $result; } /** * Delete file * * Inputs: * - file_id: File database id * - doc_table: Documenten table * - lance_id: Equipment id for logging * - project_id: Project id for logging * * Return: Boolean (success or failure) */ function db_delete_file($file_id, $doc_table, $lance_id = "", $project_id = "") { global $_RELEASE; // Initial return value $result = FALSE; // upload document to a directory; currently not implemented for all document tables $upload_dir = realpath($_RELEASE[((is_ReleaseCandidate()) ? 'rc' : 'release')]['upload'] . strtolower($doc_table)); // upload directory should exist, so the error is never triggered in a release environment if (!$upload_dir) { trigger_error("Cannot delete document: path \"" . $upload_dir . "\" is invalid, expanded from \"" . $_RELEASE[((is_ReleaseCandidate()) ? 'rc' : 'release')]['upload'] . strtolower($doc_table) . "\"", E_USER_ERROR); return FALSE; } // Get original data $orig_data = db_fetch_file($file_id, $doc_table, FALSE); // Start transaction db_start_transaction(); // Delete documents $query = "DELETE FROM " . $doc_table . " WHERE id='" . $file_id . "'"; db_store_data($query); // Commit transaction if (db_commit_transaction()) { // by default assume that the document table does not use the upload directory $file = FALSE; switch ($doc_table) { case "zkl_documenten": // Log user-lance action db_log_user_lance($lance_id, "menu:lansen:onderhoudsrapporten:verwijderen", serialize($orig_data)); break; case "device_documenten": // Log user-lance action db_log_user_lance($lance_id, "menu:lansen:materieel_documentatie:verwijderen", serialize($orig_data)); break; case "algemene_documenten": // Log user action db_log_user("menu:documentatie:verwijderen", $file_id); break; case "klant_documenten": // delete file from filessystem $file = $upload_dir . "/" . $file_id; // Log user action db_log_user("menu:documentatie:verwijderen", $file_id); break; case "project_documenten": // delete file from filessystem $file = $upload_dir . "/" . $file_id; // Log user-project action db_log_user_project($project_id, "menu:projecten:project_documentatie:verwijderen", serialize($orig_data)); break; default: trigger_error("Bad function call: " . $doc_table . " is not valid", E_USER_ERROR); return FALSE; } // delete the file itself from the upload directory if ($file && file_exists($file)) unlink($file); $result = TRUE; } return $result; } /** * Fetch user document comment * * Inputs: * - comment_array: Array containing all comment info * - order: 1 = recent comment first * * Return: TRUE (OK)/ FALSE (Error) */ function db_fetch_data_user_comment($comment_array, $order = null) { // Initial return value $result = ""; $order = ($order == 1) ? 'order by id desc' : ''; // Query storing new user comment $query = "SELECT * FROM project_documenten_comment WHERE document='" . $comment_array['document'] . "' " . $order . ";"; // excute query $row_docs = db_fetch_data($query); // Parse into result if (!empty($row_docs)) { for ($i = 0; $i < sizeof($row_docs); $i++) { // Parse result $result[$i] = $row_docs[$i]; } } return $result; } /** * Store user document comment * * Inputs: * - comment_array: Array containing all comment info * * Return: TRUE (OK)/ FALSE (Error) */ function db_store_data_user_comment($comment_array) { // Initial return value $result = 0; $userTable = $comment_array['gebruiker_tabel']; $userId = $comment_array['gebruiker']; // Query storing new user comment $query = "INSERT INTO project_documenten_comment (document,gebruiker,datum,latitude,longitude,tekst,gebruiker_tabel) VALUES ("; $query .= "'" . addslashes($comment_array['document']) . "',"; $query .= $userId . ","; $query .= "'" . date('Y-m-d H:i:s') . "',"; $query .= (isset($comment_array['latitude']) ? ("'" . specialchars($comment_array['latitude']) . "'") : "NULL") . ","; $query .= (isset($comment_array['longitude']) ? ("'" . specialchars($comment_array['longitude']) . "'") : "NULL") . ","; $query .= "'" . specialchars($comment_array['tekst']) . "',"; $query .= "'$userTable'"; $query .= ")"; if (db_store_data($query)) { // Result OK $result = 1; } return $result; }