00001 <?php
00002
00003 require_once 'Smarty.class.php';
00004 require_once 'sql.php';
00005 require_once 'error.php';
00006 require_once 'util.php';
00007 require_once 'const.php';
00008 require_once 'config.php';
00009 require_once 'redirect.php';
00010 require_once 'upload.php';
00011
00014
00015
00031
00032 function view_item($smarty,$INPUT, $db) {
00033 global $_SESSION, $opac_url, $debug_level, $actions_info;
00034
00035 $default = array(
00036 "mode" => "view",
00037 );
00038
00039 ## check user input
00040
00041 $INPUT = array_merge($default, $INPUT);
00042
00043 #if (isset($_SESSION['mode'])) {
00044 # $INPUT['mode'] = $_SESSION['mode'];
00045 #}
00046
00047 if ($debug_level > 10) {
00048 print "<hr><pre>Input: ";
00049 print_r($INPUT);
00050 print "</pre><hr>";
00051 }
00052
00053 if (!empty($errors)) {
00054 user_error("Missing or malformed input parameter(s): " .
00055 join($errors, ", "), E_USER_ERROR);
00056 }
00057
00058
00059 # init mysql connection
00060
00061 $param = array ( "tables" => "document, collection",
00062 "columns" => "document.*,collection.password",
00063 "cond" => "collection.id = document.collection_id AND document.id = " . $INPUT['document_id'],
00064 );
00065
00066 $document = sql_query('select', $param, $db);
00067
00068
00069 if (empty($document)) {
00070 user_error("No such record: document id = " . $INPUT['document_id'],
00071 E_USER_ERROR);
00072 }
00073
00074 $m = $document[0];
00075
00076 $ok = FALSE;
00077 $url = '';
00078 $file = '';
00079 $dir = FALSE;
00080
00081 switch($INPUT['mode']) {
00082
00083 case 'opac':
00084 $ok = TRUE;
00085 $url = $opac_url . $m['ppn'];
00086 break;
00087
00088 default:
00089 $ok = ($m['protected'] == FALSE);
00090
00091 if ($INPUT['file'] != '') {
00092 $file = $INPUT['file'];
00093 } else if ($m['url'] != '') {
00094 $url = $m['url'];
00095 } else {
00096 $dir = TRUE; $ok = TRUE;
00097 };
00098
00099 break;
00100 }
00101
00102 if ((!$ok) and (isset($INPUT['password'])) and (isset($INPUT['b_ok']))) {
00103
00104 # check password
00105
00106 sleep(2);
00107
00108 $pw = "{SHA1}" . sha1($INPUT['password']);
00109 $ok = ($m['password'] == $pw);
00110
00111 $INPUT['wrongpass'] = TRUE;
00112 }
00113
00114 if ($ok) {
00115
00116 if ($dir) {
00117 $ls = list_files($INPUT['item'], $INPUT['document_id']);
00118
00119
00120 if (count($ls) > 1) {
00121
00122 $tpl_var = $INPUT;
00123 $tpl_var['files_info'] = $ls;
00124 $tpl_var['actions_info'] = $actions_info;
00125 do_template( $smarty, 'view_dir.tpl', $tpl_var );
00126 exit(0);
00127 }
00128
00129 if (count($ls) == 1) {
00130
00131 $files = array_keys($ls);
00132
00133 $url = 'action.php?action=view&mode=file&item=' .
00134 $INPUT['item'];
00135 $url .= '&document_id=' . $INPUT['document_id'];
00136 $url .= '&file=' . $files[0];
00137 }
00138 }
00139
00140 if ($file != '') {
00141
00142 # file
00143
00144 $mime = guess_mime_type($file);
00145
00146
00147 header('Content-Type: ' . $mime);
00148
00149 if (($mime == 'application/octet-stream') ) {
00150 header('Content-Disposition: $mime ; filename="' . $file . '";');
00151 }
00152
00153 $c = get_file($INPUT['item'], $INPUT['document_id'], $file);
00154 echo $c;
00155 exit(0);
00156 }
00157
00158
00159 if ($url != '') {
00160
00161 # url
00162
00163 redirect($url);
00164 exit(0);
00165 }
00166
00167
00168 } else {
00169 $tpl_var = $INPUT;
00170 do_template( $smarty, 'view.tpl', $tpl_var );
00171 exit(0);
00172 }
00173
00174 }
00175 ?>
