2017-08-04 16:28:16 +02:00
< ? php
include_once __DIR__ . '/core.php' ;
// Lettura parametri iniziali
if ( ! empty ( $id_plugin )) {
2017-09-22 15:19:59 +02:00
$info = Plugins :: get ( $id_plugin );
2017-08-04 16:28:16 +02:00
$directory = '/plugins/' . $info [ 'directory' ];
$permesso = $info [ 'idmodule_to' ];
} else {
2017-09-22 15:19:59 +02:00
$info = Modules :: get ( $id_module );
2017-08-04 16:28:16 +02:00
$directory = '/modules/' . $info [ 'directory' ];
$permesso = $id_module ;
}
2018-02-20 17:57:16 +01:00
$upload_dir = DOCROOT . '/files/' . basename ( $directory );
2017-08-28 09:49:38 +02:00
2017-08-04 16:28:16 +02:00
$dbo -> query ( 'START TRANSACTION' );
// GESTIONE UPLOAD
if ( filter ( 'op' ) == 'link_file' || filter ( 'op' ) == 'unlink_file' ) {
// Controllo sui permessi di scrittura per il modulo
if ( Modules :: getPermission ( $id_module ) != 'rw' ) {
2017-09-10 14:35:41 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Non hai permessi di scrittura per il modulo _MODULE_' , [
2017-09-22 15:19:59 +02:00
'_MODULE_' => '"' . Modules :: get ( $id_module )[ 'name' ] . '"' ,
2017-09-10 14:35:41 +02:00
]);
2017-08-04 16:28:16 +02:00
}
// Controllo sui permessi di scrittura per il file system
2017-09-11 17:49:03 +02:00
elseif ( ! directory ( $upload_dir )) {
2017-09-10 14:35:41 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Non hai i permessi di scrittura nella cartella _DIR_!' , [
'_DIR_' => '"files"' ,
]);
2017-08-04 16:28:16 +02:00
}
// Gestione delle operazioni
else {
// UPLOAD
if ( filter ( 'op' ) == 'link_file' && ! empty ( $_FILES ) && ! empty ( $_FILES [ 'blob' ][ 'name' ])) {
$nome = filter ( 'nome_allegato' );
2017-09-13 13:05:35 +02:00
$nome = ! empty ( $nome ) ? $nome : $_FILES [ 'blob' ][ 'name' ];
2017-08-04 16:28:16 +02:00
$src = $_FILES [ 'blob' ][ 'tmp_name' ];
$f = pathinfo ( $_FILES [ 'blob' ][ 'name' ]);
/*
$allowed = [
// Image formats
'jpg' => 'image/jpeg' ,
'jpeg' => 'image/jpeg' ,
'jpe' => 'image/jpeg' ,
'gif' => 'image/gif' ,
'png' => 'image/png' ,
'bmp' => 'image/bmp' ,
'tif' => 'image/tiff' ,
'tiff' => 'image/tiff' ,
'ico' => 'image/x-icon' ,
// Video formats
'asx' => 'video/asf' ,
'asf' => 'video/asf' ,
'wax' => 'video/asf' ,
'wmv' => 'video/asf' ,
'wmx' => 'video/asf' ,
'avi' => 'video/avi' ,
'divx' => 'video/divx' ,
'flv' => 'video/x-flv' ,
'mov' => 'video/quicktime' ,
'qt' => 'video/quicktime' ,
'mpg' => 'video/mpeg' ,
'mpeg' => 'video/mpeg' ,
'mpe' => 'video/mpeg' ,
'mp4' => 'video/mp4' ,
'm4v' => 'video/mp4' ,
'ogv' => 'video/ogg' ,
'mkv' => 'video/x-matroska' ,
// Text formats
'txt' => 'text/plain' ,
'csv' => 'text/csv' ,
'tsv' => 'text/tab-separated-values' ,
'ics' => 'text/calendar' ,
'rtx' => 'text/richtext' ,
'css' => 'text/css' ,
'htm' => 'text/html' ,
'html' => 'text/html' ,
// Audio formats
'mp3' => 'audio/mpeg' ,
'm4a' => 'audio/mpeg' ,
'm4b' => 'audio/mpeg' ,
'mp' => 'audio/mpeg' ,
'm4b' => 'audio/mpeg' ,
'ra' => 'audio/x-realaudio' ,
'ram' => 'audio/x-realaudio' ,
'wav' => 'audio/wav' ,
'ogg' => 'audio/ogg' ,
'oga' => 'audio/ogg' ,
'mid' => 'audio/midi' ,
'midi' => 'audio/midi' ,
'wma' => 'audio/wma' ,
'mka' => 'audio/x-matroska' ,
// Misc application formats
'rtf' => 'application/rtf' ,
'js' => 'application/javascript' ,
'pdf' => 'application/pdf' ,
'swf' => 'application/x-shockwave-flash' ,
'class' => 'application/java' ,
'tar' => 'application/x-tar' ,
'zip' => 'application/zip' ,
'gz' => 'application/x-gzip' ,
'gzip' => 'application/x-gzip' ,
'rar' => 'application/rar' ,
'7z' => 'application/x-7z-compressed' ,
// MS Office formats
'doc' => 'application/msword' ,
'pot' => 'application/vnd.ms-powerpoint' ,
'pps' => 'application/vnd.ms-powerpoint' ,
'ppt' => 'application/vnd.ms-powerpoint' ,
'wri' => 'application/vnd.ms-write' ,
'xla' => 'application/vnd.ms-excel' ,
'xls' => 'application/vnd.ms-excel' ,
'xlt' => 'application/vnd.ms-excel' ,
'xlw' => 'application/vnd.ms-excel' ,
'mdb' => 'application/vnd.ms-access' ,
'mpp' => 'application/vnd.ms-project' ,
'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' ,
'docm' => 'application/vnd.ms-word.document.macroEnabled.12' ,
'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template' ,
'dotm' => 'application/vnd.ms-word.template.macroEnabled.12' ,
'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' ,
'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12' ,
'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12' ,
'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template' ,
'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12' ,
'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12' ,
'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation' ,
'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12' ,
'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow' ,
'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12' ,
'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template' ,
'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12' ,
'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12' ,
'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide' ,
'sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12' ,
'onetoc' => 'application/onenote' ,
'onetoc2' => 'application/onenote' ,
'onetmp' => 'application/onenote' ,
'onepkg' => 'application/onenote' ,
// OpenOffice formats
'odt' => 'application/vnd.oasis.opendocument.text' ,
'odp' => 'application/vnd.oasis.opendocument.presentation' ,
'ods' => 'application/vnd.oasis.opendocument.spreadsheet' ,
'odg' => 'application/vnd.oasis.opendocument.graphics' ,
'odc' => 'application/vnd.oasis.opendocument.chart' ,
'odb' => 'application/vnd.oasis.opendocument.database' ,
'odf' => 'application/vnd.oasis.opendocument.formula' ,
// WordPerfect formats
'wp' => 'application/wordperfect' ,
'wpd' => 'application/wordperfect' ,
];
if ( in_array ( $f [ 'extension' ], array_keys ( $allowed ))) {
*/
2017-09-10 14:35:41 +02:00
do {
$filename = random_string () . '.' . $f [ 'extension' ];
} while ( file_exists ( $upload_dir . '/' . $filename ));
2017-08-04 16:28:16 +02:00
2017-09-10 14:35:41 +02:00
// Creazione file fisico
if ( move_uploaded_file ( $src , $upload_dir . '/' . $filename )) {
$dbo -> insert ( 'zz_files' , [
2017-08-28 09:49:38 +02:00
'nome' => $nome ,
'filename' => $filename ,
'original' => $_FILES [ 'blob' ][ 'name' ],
'id_module' => $id_module ,
'id_record' => $id_record ,
]);
2017-08-04 16:28:16 +02:00
2017-09-10 14:35:41 +02:00
$_SESSION [ 'infos' ][] = tr ( 'File caricato correttamente!' );
} else {
$_SESSION [ 'errors' ][] = tr ( 'Errore durante il caricamento del file!' );
}
2017-08-04 16:28:16 +02:00
/*
} else {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Tipologia di file non permessa!' );
2017-08-04 16:28:16 +02:00
}
*/
}
// DELETE
elseif ( filter ( 'op' ) == 'unlink_file' && filter ( 'filename' ) !== null ) {
$filename = filter ( 'filename' );
$rs = $dbo -> fetchArray ( 'SELECT * FROM zz_files WHERE id_module=' . prepare ( $id_module ) . ' AND id=' . prepare ( filter ( 'id' )) . ' AND filename=' . prepare ( $filename ));
2017-09-11 17:49:03 +02:00
if ( delete ( $upload_dir . '/' . $filename )) {
2017-08-04 16:28:16 +02:00
$query = 'DELETE FROM zz_files WHERE id_module=' . prepare ( $id_module ) . ' AND id=' . prepare ( filter ( 'id' )) . ' AND filename=' . prepare ( $filename );
if ( $dbo -> query ( $query )) {
2017-09-10 14:35:41 +02:00
$_SESSION [ 'infos' ][] = tr ( 'File _FILE_ eliminato!' , [
'_FILE_' => '"' . $rs [ 0 ][ 'nome' ] . '"' ,
]);
2017-08-04 16:28:16 +02:00
}
} else {
2017-09-10 14:35:41 +02:00
$_SESSION [ 'errors' ][] = tr ( " Errore durante l'eliminazione del file _FILE_ in _DIR_! " , [
'_FILE_' => '"' . $rs [ 0 ][ 'nome' ] . '"' ,
'_DIR_' => '"files/' . $module_dir . '/"' ,
]);
2017-08-04 16:28:16 +02:00
}
}
redirect ( ROOTDIR . '/editor.php?id_module=' . $id_module . '&id_record=' . $id_record );
}
2017-08-28 09:49:38 +02:00
} elseif ( filter ( 'op' ) == 'download_file' ) {
$rs = $dbo -> fetchArray ( 'SELECT * FROM zz_files WHERE id_module=' . prepare ( $id_module ) . ' AND id=' . prepare ( filter ( 'id' )) . ' AND filename=' . prepare ( filter ( 'filename' )));
2017-09-11 17:49:03 +02:00
download ( $upload_dir . '/' . $rs [ 0 ][ 'filename' ], $rs [ 0 ][ 'original' ]);
2018-02-20 17:57:16 +01:00
} elseif ( filter ( 'op' ) == 'send-email' ) {
$template = Mail :: getTemplate ( $post [ 'template' ]);
$final_attachments = [];
$prints = Prints :: getModulePrints ( $id_module );
foreach ( $prints as $print ) {
if ( ! empty ( $post [ 'print-' . $print [ 'id' ]])) {
$filename = $upload_dir . '/' . $print [ 'title' ] . ' - ' . $id_record . '.pdf' ;
Prints :: render ( $print [ 'id' ], $id_record , $filename );
$final_attachments [] = [
'path' => $filename ,
'name' => $print [ 'title' ],
];
}
}
$attachments = $dbo -> fetchArray ( 'SELECT * FROM zz_files WHERE id_module = ' . prepare ( $id_module ) . ' AND id_record = ' . prepare ( $id_record ));
foreach ( $attachments as $attachment ) {
if ( ! empty ( $post [ 'attachment-' . $attachment [ 'id' ]])) {
$final_attachments [] = [
'path' => $upload_dir . '/' . $attachment [ 'filename' ],
'name' => $attachment [ 'nome' ],
];
}
}
$anagrafiche = Modules :: get ( 'Anagrafiche' );
$attachments = $dbo -> fetchArray ( 'SELECT * FROM zz_files WHERE id_module = ' . prepare ( $anagrafiche [ 'id' ]) . " AND id_record = (SELECT valore FROM zz_settings WHERE nome = 'Azienda predefinita') " );
foreach ( $attachments as $attachment ) {
if ( ! empty ( $post [ 'default-' . $attachment [ 'id' ]])) {
$final_attachments [] = [
'path' => DOCROOT . '/files/' . $anagrafiche [ 'directory' ] . '/' . $attachment [ 'filename' ],
'name' => $attachment [ 'nome' ],
];
}
}
// Preparazione email
$mail = new Mail ();
$mail -> AddAddress ( $post [ 'email' ]);
// Reply To
if ( ! empty ( $template [ 'reply_to' ])) {
$mail -> AddReplyTo ( $template [ 'reply_to' ]);
}
// CC
if ( ! empty ( $template [ 'cc' ])) {
$mail -> AddCC ( $template [ 'cc' ]);
}
// BCC
if ( ! empty ( $template [ 'bcc' ])) {
$mail -> AddBCC ( $template [ 'bcc' ]);
}
// Oggetto
$mail -> Subject = $post [ 'subject' ];
// Allegati
foreach ( $final_attachments as $attachment ) {
$mail -> AddAttachment ( $attachment [ 'path' ], $attachment [ 'name' ]);
}
$mail -> Body = $post [ 'body' ];
// Invio mail
if ( ! $mail -> send ()) {
$_SESSION [ 'errors' ][] = tr ( " Errore durante l'invio della segnalazione " ) . ': ' . $mail -> ErrorInfo ;
} else {
$_SESSION [ 'infos' ][] = tr ( 'Email inviata correttamente!' );
}
2017-08-04 16:28:16 +02:00
}
2017-09-22 15:29:44 +02:00
if ( Modules :: getPermission ( $permesso ) == 'r' || Modules :: getPermission ( $permesso ) == 'rw' ) {
2017-08-04 16:28:16 +02:00
if ( ! empty ( $info [ 'script' ])) {
// Inclusione di eventuale plugin personalizzato
2018-02-20 17:57:16 +01:00
if ( file_exists ( DOCROOT . '/modules/' . $info [ 'module_dir' ] . '/plugins/custom/' . $info [ 'script' ])) {
include DOCROOT . '/modules/' . $info [ 'module_dir' ] . '/plugins/custom/' . $info [ 'script' ];
} elseif ( file_exists ( DOCROOT . '/modules/' . $info [ 'module_dir' ] . '/plugins/' . $info [ 'script' ])) {
include DOCROOT . '/modules/' . $info [ 'module_dir' ] . '/plugins/' . $info [ 'script' ];
2017-08-04 16:28:16 +02:00
}
return ;
}
// Caricamento helper modulo (verifico se ci sono helper personalizzati)
2018-02-20 17:57:16 +01:00
if ( file_exists ( DOCROOT . $directory . '/custom/modutil.php' )) {
include_once DOCROOT . $directory . '/custom/modutil.php' ;
} elseif ( file_exists ( DOCROOT . $directory . '/modutil.php' )) {
include_once DOCROOT . $directory . '/modutil.php' ;
2017-08-04 16:28:16 +02:00
}
// Lettura risultato query del modulo
2018-02-20 17:57:16 +01:00
if ( file_exists ( DOCROOT . $directory . '/custom/init.php' )) {
include DOCROOT . $directory . '/custom/init.php' ;
} elseif ( file_exists ( DOCROOT . $directory . '/init.php' )) {
include DOCROOT . $directory . '/init.php' ;
2017-08-04 16:28:16 +02:00
}
2018-02-10 17:24:16 +01:00
if ( Modules :: getPermission ( $permesso ) == 'rw' ) {
2017-09-22 15:29:44 +02:00
// Esecuzione delle operazioni di gruppo
$id_records = post ( 'id_records' );
$id_records = is_array ( $id_records ) ? $id_records : explode ( ';' , $id_records );
$id_records = array_filter ( $id_records , function ( $var ) { return ! empty ( $var ); });
$id_records = array_unique ( $id_records );
2017-08-04 16:28:16 +02:00
2017-09-22 15:29:44 +02:00
$bulk = null ;
2018-02-20 17:57:16 +01:00
if ( file_exists ( DOCROOT . $directory . '/custom/bulk.php' )) {
$bulk = include DOCROOT . $directory . '/custom/bulk.php' ;
} elseif ( file_exists ( DOCROOT . $directory . '/bulk.php' )) {
$bulk = include DOCROOT . $directory . '/bulk.php' ;
2017-09-22 15:29:44 +02:00
}
$bulk = ( array ) $bulk ;
2017-08-04 16:28:16 +02:00
2017-09-22 15:29:44 +02:00
if ( in_array ( post ( 'op' ), array_keys ( $bulk ))) {
redirect ( ROOTDIR . '/controller.php?id_module=' . $id_module , 'js' );
} else {
// Esecuzione delle operazioni del modulo
2018-02-20 17:57:16 +01:00
if ( file_exists ( DOCROOT . $directory . '/custom/actions.php' )) {
include DOCROOT . $directory . '/custom/actions.php' ;
} elseif ( file_exists ( DOCROOT . $directory . '/actions.php' )) {
include DOCROOT . $directory . '/actions.php' ;
2017-09-22 15:29:44 +02:00
}
2018-02-10 17:24:16 +01:00
// Operazioni generiche per i campi personalizzati
2018-02-15 17:30:42 +01:00
if ( post ( 'op' ) != null ) {
$query = 'SELECT `id`, `name` FROM `zz_fields` WHERE ' ;
if ( ! empty ( $id_plugin )) {
$query .= '`id_plugin` = ' . prepare ( $id_plugin );
} else {
$query .= '`id_module` = ' . prepare ( $id_module );
2018-02-10 17:24:16 +01:00
}
2018-02-15 17:30:42 +01:00
$customs = $dbo -> fetchArray ( $query );
if ( ! starts_with ( post ( 'op' ), 'delete' )) {
$values = [];
foreach ( $customs as $custom ) {
if ( isset ( $post [ $custom [ 'name' ]])) {
$values [ $custom [ 'id' ]] = $post [ $custom [ 'name' ]];
}
}
2018-02-10 17:24:16 +01:00
2018-02-15 17:30:42 +01:00
// Inserimento iniziale
if ( starts_with ( post ( 'op' ), 'add' )) {
foreach ( $values as $key => $value ) {
$dbo -> insert ( 'zz_field_record' , [
2018-02-10 17:24:16 +01:00
'id_record' => $id_record ,
'id_field' => $key ,
'value' => $value ,
]);
2018-02-15 17:30:42 +01:00
}
2018-02-10 17:24:16 +01:00
}
2018-02-15 17:30:42 +01:00
// Aggiornamento
elseif ( starts_with ( post ( 'op' ), 'update' )) {
foreach ( $values as $key => $value ) {
$dbo -> update ( 'zz_field_record' , [
2018-02-10 17:24:16 +01:00
'value' => $value ,
], [
'id_record' => $id_record ,
'id_field' => $key ,
]);
2018-02-15 17:30:42 +01:00
}
2018-02-10 17:24:16 +01:00
}
}
2018-02-15 17:30:42 +01:00
// Eliminazione
elseif ( ! empty ( $customs )) {
$dbo -> query ( 'DELETE FROM `zz_field_record` WHERE `id_record` = ' . prepare ( $id_record ) . ' AND `id_field` IN (' . implode ( array_column ( $customs , 'id' )) . ')' );
}
2018-02-10 17:24:16 +01:00
}
2017-08-04 16:28:16 +02:00
}
}
}
$dbo -> query ( 'COMMIT' );