<?php
include_once __DIR__.'/../../core.php';
switch (post('op')) {
case 'add':
$nome = save($_POST['nome']);
$idcategoria = save($_POST['idcategoria']);
$data = saveDate($_POST['data']);
$dir_ok = true;
$nome_modulo = 'Gestione documentale';
$nome_allegato = save($_POST['nome_allegato']);
$filename = $_FILES['blob']['name'];
$src = $_FILES['blob']['tmp_name'];
$f = pathinfo($filename);
//$q="SELECT idanagrafica FROM zz_utenti WHERE idutente=".$_SESSION['idutente'];
//$rs=$dbo->fetchArray($q);
//$idutente=$rs[0]['idanagrafica'];
$dst_file = sanitizeFilename($f['filename'].'.'.$f['extension']);
$dst_dir = $docroot.'/files/gestione_documentale/';
$dst_dir = strtolower($dst_dir);
//Rinomino il file se non esiste giĆ
$f = pathinfo($dst_file);
$i = 1;
while (file_exists($dst_dir.'/'.$dst_file)) {
$dst_file = sanitizeFilename($f['filename'].'_'.$i.'.'.$f['extension']);
++$i;
}
//Se la destinazione non esiste la creo
if (!is_dir($dst_dir)) {
if (!mkdir($dst_dir)) {
$dir_ok = false;
array_push($_SESSION['errors'], 'Non hai i permessi per creare directory!');
header('Location: '.$rootdir.'/controller.php?id_module='.Modules::get('Gestione documentale')['id']);
exit;
}
}
//Creazione file fisico
if ($dir_ok) {
if (move_uploaded_file($src, $dst_dir.'/'.$dst_file)) {
$rs = $dbo->query("INSERT INTO `zz_documenti`( nome, idcategoria, data ) VALUES( '".$nome."','".$idcategoria."','".$data."' )");
$id_record = $dbo->last_inserted_id();
$rs = $dbo->query('INSERT INTO `zz_files`( nome, filename, id_module, id_record ) VALUES( "'.$nome_allegato.'", "'.$dst_file.'", "'.Modules::get('Gestione documentale')['id'].'", "'.$id_record.'" )');
array_push($_SESSION['infos'], 'File caricato correttamente!');
} else {
array_push($_SESSION['errors'], 'Errore durante il caricamento del file!');
header('Location: '.$rootdir.'/controller.php?id_module='.Modules::get('Gestione documentale')['id']);
exit;
}
}
break;
case 'update':
if ($permessi[$module_name] == 'rw') {
//leggo tutti i valori passati dal POST e li salvo in un array
$html_post = [];
foreach ($_POST as $key => $value) {
$html_post[$key] = save($value);
}
if (isset($_POST['id_record'])) {
$query = 'UPDATE zz_documenti SET '.
'idcategoria="'.$html_post['idcategoria'].'",'.
'nome="'.$html_post['nome'].'",'.
'data="'.saveDate($html_post['data']).'"'.
"WHERE id = '$id_record' ".$additional_where['Gestione documenti'];
$rs = $dbo->query($query);
array_push($_SESSION['infos'], "Informazioni per la scheda ''".$html_post['id']."'' salvate correttamente!");
}
}
break;
case 'delete':
if ($permessi[$module_name] == 'rw') {
$rs = $dbo->fetchArray('SELECT id FROM zz_files WHERE externalid = "'.$id_record."\" AND module = '".$module_name."' ");
$n = sizeof($rs);
//Per tutte le sessioni di lavoro trovate
for ($i = 0; $i < $n; ++$i) {
//Elimino fisicamente il file...
$rs2 = $dbo->fetchArray('SELECT filename FROM zz_files WHERE id = "'.$rs[$i]['id'].'" ');
unlink($docroot.'/files/'.strtolower($module_name).'/'.$rs2[0]['filename']);
}
//...e da db
$dbo->query('DELETE FROM zz_files WHERE externalid = "'.$id_record."\" AND module = '".$module_name."' ");
$dbo->query('DELETE FROM zz_documenti WHERE id = "'.$id_record.'" ');
array_push($_SESSION['infos'], 'Scheda e relativi files eliminati!');
}
break;
}