forked from itflow-org/itflow
-
Notifications
You must be signed in to change notification settings - Fork 0
/
folder.php
71 lines (44 loc) · 2.67 KB
/
folder.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
/*
* ITFlow - GET/POST request handler for folders
*/
if (isset($_POST['create_folder'])) {
validateTechRole();
$client_id = intval($_POST['client_id']);
$folder_location = intval($_POST['folder_location']);
$folder_name = sanitizeInput($_POST['folder_name']);
// Document folder add query
$add_folder = mysqli_query($mysqli,"INSERT INTO folders SET folder_name = '$folder_name', folder_location = $folder_location, folder_client_id = $client_id");
$folder_id = mysqli_insert_id($mysqli);
// Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Folder', log_action = 'Create', log_description = '$session_name created folder $folder_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $folder_id");
$_SESSION['alert_message'] = "Folder <strong>$folder_name</strong> created";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_POST['rename_folder'])) {
validateTechRole();
$folder_id = intval($_POST['folder_id']);
$client_id = intval($_POST['client_id']);
$folder_name = sanitizeInput($_POST['folder_name']);
// Folder edit query
mysqli_query($mysqli,"UPDATE folders SET folder_name = '$folder_name' WHERE folder_id = $folder_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Folder', log_action = 'Modify', log_description = '$session_name renamed folder to $folder_name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_client_id = $client_id, log_user_id = $session_user_id, log_entity_id = $folder_id");
$_SESSION['alert_message'] = "Folder <strong>$folder_name</strong> renamed";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if (isset($_GET['delete_folder'])) {
validateAdminRole();
$folder_id = intval($_GET['delete_folder']);
mysqli_query($mysqli,"DELETE FROM folders WHERE folder_id = $folder_id");
// Move files in deleted folder back to the root folder /
$sql_documents = mysqli_query($mysqli,"SELECT * FROM documents WHERE document_folder_id = $folder_id");
while($row = mysqli_fetch_array($sql_documents)) {
$document_id = intval($row['document_id']);
mysqli_query($mysqli,"UPDATE documents SET document_folder_id = 0 WHERE document_id = $document_id");
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Folder', log_action = 'Delete', log_description = '$folder_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");
$_SESSION['alert_message'] = "Folder deleted";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}