File: document.send.php

package info (click to toggle)
glpi 0.68.2-1etch0.1
  • links: PTS
  • area: main
  • in suites: etch-m68k
  • size: 7,464 kB
  • ctags: 9,655
  • sloc: php: 69,502; sql: 3,514; sh: 175; makefile: 61
file content (136 lines) | stat: -rw-r--r-- 4,648 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
<?php
/*
 * @version $Id: document.send.php 3798 2006-08-22 15:12:55Z moyo $
 -------------------------------------------------------------------------
 GLPI - Gestionnaire Libre de Parc Informatique
 Copyright (C) 2003-2006 by the INDEPNET Development Team.

 http://indepnet.net/   http://glpi-project.org
 -------------------------------------------------------------------------

 LICENSE

 This file is part of GLPI.

 GLPI is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.

 GLPI is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with GLPI; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 --------------------------------------------------------------------------
 */

// ----------------------------------------------------------------------
// Original Author of file: Julien Dombre
// Purpose of file:
// ----------------------------------------------------------------------

include ("_relpos.php");
$NEEDED_ITEMS=array("document","tracking");
include ($phproot . "/inc/includes.php");

if ($cfg_glpi["public_faq"] == 0)
checkLoginUser();

if (isset($_GET["file"])){

	$splitter=split("/",$_GET["file"]);

	if (count($splitter)==2){
		$send=false;

		if ($splitter[0]=="_dumps"&&haveRight("backup","w")) $send=true;

		if (!$send){
			$doc=new Document;
			$founded=$doc->getFromDBbyFilename($_GET["file"]);

			if ($founded){


				if ($_SESSION["glpiprofile"]["interface"]=="central"){
					// My doc Check and Common doc right access
					if (haveRight("document","r")
							||$doc->fields["FK_users"]==$_SESSION["glpiID"])
						$send=true;

					// Knowbase Case
					if (!$send&&haveRight("knowbase","r")){
						$query = "SELECT * FROM glpi_doc_device WHERE glpi_doc_device.device_type = '".KNOWBASE_TYPE."' AND glpi_doc_device.FK_doc='".$doc->fields["ID"]."'";

						$result=$db->query($query);
						if ($db->numrows($result)>0)
							$send=true;
					}
					if (!$send&&haveRight("faq","r")){
						$query = "SELECT * FROM glpi_doc_device LEFT JOIN glpi_kbitems ON (glpi_kbitems.ID = glpi_doc_device.Fk_device) WHERE glpi_doc_device.device_type = '".KNOWBASE_TYPE."' AND glpi_doc_device.FK_doc='".$doc->fields["ID"]."' AND glpi_kbitems.faq='yes'";

						$result=$db->query($query);
						if ($db->numrows($result)>0)
							$send=true;
					}


					// Tracking Case
					if (!$send&&isset($_GET["tracking"])){
						$job=new Job;
						$job->getFromDB($_GET["tracking"]);

						if ($job->fields["author"]==$_SESSION["glpiID"]||$job->fields["assign"]==$_SESSION["glpiID"]){
							$query = "SELECT * FROM glpi_doc_device WHERE glpi_doc_device.FK_device = '".$_GET["tracking"]."' AND glpi_doc_device.device_type = '".TRACKING_TYPE."' AND FK_doc='".$doc->fields["ID"]."'";
							$result=$db->query($query);
							if ($db->numrows($result)>0)
								$send=true;
						}
					}
				} else {

					// Check if it is my doc
					if ($doc->fields["FK_users"]==$_SESSION["glpiID"])
						$send=true;
					else {
						if (haveRight("faq","r")||$cfg_glpi["public_faq"]){
							// Check if it is a FAQ document
							$query = "SELECT * FROM glpi_doc_device LEFT JOIN glpi_kbitems ON (glpi_kbitems.ID = glpi_doc_device.Fk_device) WHERE glpi_doc_device.device_type = '".KNOWBASE_TYPE."' AND glpi_doc_device.FK_doc='".$doc->fields["ID"]."' AND glpi_kbitems.faq='yes'";

							$result=$db->query($query);
							if ($db->numrows($result)>0)
								$send=true;
						}

						// Tracking Case
						if (!$send&&isset($_GET["tracking"])){
							$job=new Job;
							$job->getFromDB($_GET["tracking"]);

							if ($job->fields["author"]==$_SESSION["glpiID"]){
								$query = "SELECT * FROM glpi_doc_device WHERE glpi_doc_device.FK_device = '".$_GET["tracking"]."' AND glpi_doc_device.device_type = '".TRACKING_TYPE."' AND FK_doc='".$doc->fields["ID"]."'";
								$result=$db->query($query);
								if ($db->numrows($result)>0)
									$send=true;
							}
						}

					}
				}
			} else echo $lang["document"][43];
		}


		if ($send&&file_exists($cfg_glpi["doc_dir"]."/".$_GET["file"]))
			sendFile($cfg_glpi["doc_dir"]."/".$_GET["file"],$splitter[1]);
		else echo $lang["document"][45];
	} else echo $lang["document"][44];
}



?>