openstamanager/actions.php

440 lines
17 KiB
PHP

<?php
include_once __DIR__.'/core.php';
// Lettura parametri iniziali
if (!empty($id_plugin)) {
$info = Plugins::get($id_plugin);
$directory = '/plugins/'.$info['directory'];
$permesso = $info['idmodule_to'];
} else {
$info = Modules::get($id_module);
$directory = '/modules/'.$info['directory'];
$permesso = $id_module;
}
$upload_dir = DOCROOT.'/files/'.basename($directory);
$dbo->query('START TRANSACTION');
// GESTIONE UPLOAD
if (filter('op') == 'link_file' || filter('op') == 'unlink_file') {
// Controllo sui permessi di scrittura per il modulo
if (Modules::getPermission($id_module) != 'rw') {
$_SESSION['errors'][] = tr('Non hai permessi di scrittura per il modulo _MODULE_', [
'_MODULE_' => '"'.Modules::get($id_module)['name'].'"',
]);
}
// Controllo sui permessi di scrittura per il file system
elseif (!directory($upload_dir)) {
$_SESSION['errors'][] = tr('Non hai i permessi di scrittura nella cartella _DIR_!', [
'_DIR_' => '"files"',
]);
}
// Gestione delle operazioni
else {
// UPLOAD
if (filter('op') == 'link_file' && !empty($_FILES) && !empty($_FILES['blob']['name'])) {
$nome = filter('nome_allegato');
$nome = !empty($nome) ? $nome : $_FILES['blob']['name'];
$src = $_FILES['blob']['tmp_name'];
$f = pathinfo($_FILES['blob']['name']);
/*
$allowed = [
// Image formats
'jpg' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'jpe' => 'image/jpeg',
'gif' => 'image/gif',
'png' => 'image/png',
'bmp' => 'image/bmp',
'tif' => 'image/tiff',
'tiff' => 'image/tiff',
'ico' => 'image/x-icon',
// Video formats
'asx' => 'video/asf',
'asf' => 'video/asf',
'wax' => 'video/asf',
'wmv' => 'video/asf',
'wmx' => 'video/asf',
'avi' => 'video/avi',
'divx' => 'video/divx',
'flv' => 'video/x-flv',
'mov' => 'video/quicktime',
'qt' => 'video/quicktime',
'mpg' => 'video/mpeg',
'mpeg' => 'video/mpeg',
'mpe' => 'video/mpeg',
'mp4' => 'video/mp4',
'm4v' => 'video/mp4',
'ogv' => 'video/ogg',
'mkv' => 'video/x-matroska',
// Text formats
'txt' => 'text/plain',
'csv' => 'text/csv',
'tsv' => 'text/tab-separated-values',
'ics' => 'text/calendar',
'rtx' => 'text/richtext',
'css' => 'text/css',
'htm' => 'text/html',
'html' => 'text/html',
// Audio formats
'mp3' => 'audio/mpeg',
'm4a' => 'audio/mpeg',
'm4b' => 'audio/mpeg',
'mp' => 'audio/mpeg',
'm4b' => 'audio/mpeg',
'ra' => 'audio/x-realaudio',
'ram' => 'audio/x-realaudio',
'wav' => 'audio/wav',
'ogg' => 'audio/ogg',
'oga' => 'audio/ogg',
'mid' => 'audio/midi',
'midi' => 'audio/midi',
'wma' => 'audio/wma',
'mka' => 'audio/x-matroska',
// Misc application formats
'rtf' => 'application/rtf',
'js' => 'application/javascript',
'pdf' => 'application/pdf',
'swf' => 'application/x-shockwave-flash',
'class' => 'application/java',
'tar' => 'application/x-tar',
'zip' => 'application/zip',
'gz' => 'application/x-gzip',
'gzip' => 'application/x-gzip',
'rar' => 'application/rar',
'7z' => 'application/x-7z-compressed',
// MS Office formats
'doc' => 'application/msword',
'pot' => 'application/vnd.ms-powerpoint',
'pps' => 'application/vnd.ms-powerpoint',
'ppt' => 'application/vnd.ms-powerpoint',
'wri' => 'application/vnd.ms-write',
'xla' => 'application/vnd.ms-excel',
'xls' => 'application/vnd.ms-excel',
'xlt' => 'application/vnd.ms-excel',
'xlw' => 'application/vnd.ms-excel',
'mdb' => 'application/vnd.ms-access',
'mpp' => 'application/vnd.ms-project',
'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'docm' => 'application/vnd.ms-word.document.macroEnabled.12',
'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template',
'dotm' => 'application/vnd.ms-word.template.macroEnabled.12',
'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12',
'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12',
'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12',
'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12',
'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12',
'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12',
'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12',
'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide',
'sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12',
'onetoc' => 'application/onenote',
'onetoc2' => 'application/onenote',
'onetmp' => 'application/onenote',
'onepkg' => 'application/onenote',
// OpenOffice formats
'odt' => 'application/vnd.oasis.opendocument.text',
'odp' => 'application/vnd.oasis.opendocument.presentation',
'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
'odg' => 'application/vnd.oasis.opendocument.graphics',
'odc' => 'application/vnd.oasis.opendocument.chart',
'odb' => 'application/vnd.oasis.opendocument.database',
'odf' => 'application/vnd.oasis.opendocument.formula',
// WordPerfect formats
'wp' => 'application/wordperfect',
'wpd' => 'application/wordperfect',
];
if (in_array($f['extension'], array_keys($allowed))) {
*/
do {
$filename = random_string().'.'.$f['extension'];
} while (file_exists($upload_dir.'/'.$filename));
// Creazione file fisico
if (move_uploaded_file($src, $upload_dir.'/'.$filename)) {
$dbo->insert('zz_files', [
'nome' => $nome,
'filename' => $filename,
'original' => $_FILES['blob']['name'],
'id_module' => $id_module,
'id_record' => $id_record,
]);
$_SESSION['infos'][] = tr('File caricato correttamente!');
} else {
$_SESSION['errors'][] = tr('Errore durante il caricamento del file!');
}
/*
} else {
$_SESSION['errors'][] = tr('Tipologia di file non permessa!');
}
*/
}
// DELETE
elseif (filter('op') == 'unlink_file' && filter('filename') !== null) {
$filename = filter('filename');
$rs = $dbo->fetchArray('SELECT * FROM zz_files WHERE id_module='.prepare($id_module).' AND id='.prepare(filter('id')).' AND filename='.prepare($filename));
if (delete($upload_dir.'/'.$filename)) {
$query = 'DELETE FROM zz_files WHERE id_module='.prepare($id_module).' AND id='.prepare(filter('id')).' AND filename='.prepare($filename);
if ($dbo->query($query)) {
$_SESSION['infos'][] = tr('File _FILE_ eliminato!', [
'_FILE_' => '"'.$rs[0]['nome'].'"',
]);
}
} else {
$_SESSION['errors'][] = tr("Errore durante l'eliminazione del file _FILE_ in _DIR_!", [
'_FILE_' => '"'.$rs[0]['nome'].'"',
'_DIR_' => '"files/'.$module_dir.'/"',
]);
}
}
redirect(ROOTDIR.'/editor.php?id_module='.$id_module.'&id_record='.$id_record);
}
} elseif (filter('op') == 'download_file') {
$rs = $dbo->fetchArray('SELECT * FROM zz_files WHERE id_module='.prepare($id_module).' AND id='.prepare(filter('id')).' AND filename='.prepare(filter('filename')));
download($upload_dir.'/'.$rs[0]['filename'], $rs[0]['original']);
} elseif (filter('op') == 'send-email') {
$template = Mail::getTemplate($post['template']);
// Elenco degli allegati
$attachments = [];
// Stampe
foreach ($post['prints'] as $print) {
$print = Prints::get($print);
// Utilizzo di una cartella particolare per il salvataggio temporaneo degli allegati
$filename = DOCROOT.'/files/attachments/'.$print['title'].' - '.$id_record.'.pdf';
Prints::render($print['id'], $id_record, $filename);
$attachments[] = [
'path' => $filename,
'name' => $print['title'],
];
}
// Allegati del record
$selected = [];
if (!empty($post['attachments'])) {
$selected = $dbo->fetchArray('SELECT * FROM zz_files WHERE id IN ('.implode($post['attachments']).') AND id_module = '.prepare($id_module).' AND id_record = '.prepare($id_record));
}
foreach ($selected as $attachment) {
$attachments[] = [
'path' => $upload_dir.'/'.$attachment['filename'],
'name' => $attachment['nome'],
];
}
// Allegati dell'Azienda predefinita
$anagrafiche = Modules::get('Anagrafiche');
$selected = [];
if (!empty($post['attachments'])) {
$selected = $dbo->fetchArray('SELECT * FROM zz_files WHERE id IN ('.implode(',', $post['attachments']).') AND id_module != '.prepare($id_module));
}
foreach ($selected as $attachment) {
$attachments[] = [
'path' => DOCROOT.'/files/'.$anagrafiche['directory'].'/'.$attachment['filename'],
'name' => $attachment['nome'],
];
}
// Preparazione email
$mail = new Mail();
// Conferma di lettura
if (!empty($post['read_notify'])) {
$mail->ConfirmReadingTo = $mail->From;
}
// Reply To
if (!empty($template['reply_to'])) {
$mail->AddReplyTo($template['reply_to']);
}
// CC
if (!empty($template['cc'])) {
$mail->AddCC($template['cc']);
}
// BCC
if (!empty($template['bcc'])) {
$mail->AddBCC($template['bcc']);
}
// Destinatari
foreach ($post['destinatari'] as $key => $destinatario) {
$type = $post['tipo_destinatari'][$key];
$pieces = explode('<', $destinatario);
$count = count($pieces);
$name = null;
if ($count > 1) {
$email = substr(end($pieces), 0, -1);
$name = substr($destinatario, 0, strpos($destinatario, '<'.$email));
} else {
$email = $destinatario;
}
if (!empty($email)) {
if ($type == 'a') {
$mail->AddAddress($email, $name);
} elseif ($type == 'cc') {
$mail->AddCC($email, $name);
} elseif ($type == 'bcc') {
$mail->AddBCC($email, $name);
}
}
}
// Oggetto
$mail->Subject = $post['subject'];
// Allegati
foreach ($attachments as $attachment) {
$mail->AddAttachment($attachment['path'], $attachment['name']);
}
// Contenuto
$mail->Body = $post['body'];
// Invio mail
if (!$mail->send()) {
$_SESSION['errors'][] = tr("Errore durante l'invio dell'email").': '.$mail->ErrorInfo;
} else {
$_SESSION['infos'][] = tr('Email inviata correttamente!');
}
redirect(ROOTDIR.'/editor.php?id_module='.$id_module.'&id_record='.$id_record);
exit();
}
if (Modules::getPermission($permesso) == 'r' || Modules::getPermission($permesso) == 'rw') {
if (!empty($info['script'])) {
// Inclusione di eventuale plugin personalizzato
if (file_exists(DOCROOT.'/modules/'.$info['module_dir'].'/plugins/custom/'.$info['script'])) {
include DOCROOT.'/modules/'.$info['module_dir'].'/plugins/custom/'.$info['script'];
} elseif (file_exists(DOCROOT.'/modules/'.$info['module_dir'].'/plugins/'.$info['script'])) {
include DOCROOT.'/modules/'.$info['module_dir'].'/plugins/'.$info['script'];
}
return;
}
// Caricamento helper modulo (verifico se ci sono helper personalizzati)
if (file_exists(DOCROOT.$directory.'/custom/modutil.php')) {
include_once DOCROOT.$directory.'/custom/modutil.php';
} elseif (file_exists(DOCROOT.$directory.'/modutil.php')) {
include_once DOCROOT.$directory.'/modutil.php';
}
// Lettura risultato query del modulo
if (file_exists(DOCROOT.$directory.'/custom/init.php')) {
include DOCROOT.$directory.'/custom/init.php';
} elseif (file_exists(DOCROOT.$directory.'/init.php')) {
include DOCROOT.$directory.'/init.php';
}
if (Modules::getPermission($permesso) == 'rw') {
// Esecuzione delle operazioni di gruppo
$id_records = post('id_records');
$id_records = is_array($id_records) ? $id_records : explode(';', $id_records);
$id_records = array_filter($id_records, function ($var) {return !empty($var); });
$id_records = array_unique($id_records);
$bulk = null;
if (file_exists(DOCROOT.$directory.'/custom/bulk.php')) {
$bulk = include DOCROOT.$directory.'/custom/bulk.php';
} elseif (file_exists(DOCROOT.$directory.'/bulk.php')) {
$bulk = include DOCROOT.$directory.'/bulk.php';
}
$bulk = (array) $bulk;
if (in_array(post('op'), array_keys($bulk))) {
redirect(ROOTDIR.'/controller.php?id_module='.$id_module, 'js');
} else {
// Esecuzione delle operazioni del modulo
if (file_exists(DOCROOT.$directory.'/custom/actions.php')) {
include DOCROOT.$directory.'/custom/actions.php';
} elseif (file_exists(DOCROOT.$directory.'/actions.php')) {
include DOCROOT.$directory.'/actions.php';
}
// Operazioni generiche per i campi personalizzati
if (post('op') != null) {
$query = 'SELECT `id`, `name` FROM `zz_fields` WHERE ';
if (!empty($id_plugin)) {
$query .= '`id_plugin` = '.prepare($id_plugin);
} else {
$query .= '`id_module` = '.prepare($id_module);
}
$customs = $dbo->fetchArray($query);
if (!starts_with(post('op'), 'delete')) {
$values = [];
foreach ($customs as $custom) {
if (isset($post[$custom['name']])) {
$values[$custom['id']] = $post[$custom['name']];
}
}
// Inserimento iniziale
if (starts_with(post('op'), 'add')) {
foreach ($values as $key => $value) {
$dbo->insert('zz_field_record', [
'id_record' => $id_record,
'id_field' => $key,
'value' => $value,
]);
}
}
// Aggiornamento
elseif (starts_with(post('op'), 'update')) {
foreach ($values as $key => $value) {
$dbo->update('zz_field_record', [
'value' => $value,
], [
'id_record' => $id_record,
'id_field' => $key,
]);
}
}
}
// Eliminazione
elseif (!empty($customs)) {
$dbo->query('DELETE FROM `zz_field_record` WHERE `id_record` = '.prepare($id_record).' AND `id_field` IN ('.implode(array_column($customs, 'id')).')');
}
}
}
}
}
$dbo->query('COMMIT');