<?php
$page_title = "CES Files | CES Admin";
include_once("../course_registration/common_functions.php"); //common functions in the course registartion system
include_once("../course_registration/config.php"); //holds global config variables
check_if_authenticated('admin');//check if user is logged in
include_once("../course_registration/admin_html_top.php"); //get the HTML heading common to all pages in the CES admin module
?>
<article class="ces-admin">
<h2>CES Admin - List Files</h2>
<?php
//setup some variables used in the script
$max_filesize = 2097152; //2 MB max filesize
$types_array = array("application/pdf"); //filetypes that the form will accept, add more if you wish to accept other filetypes
$bad_characters = array("#", "!", "@", "$", "%", "^", "&", "*", "(", ")", "+", "=", "[", "]", "}", "{", "}", "|", "<", ">", "?", "'", "\\"); //characters that we don't want to be part of the filename (special characters that cause problems when deleting the file). At the time I did this only '#' was causing a delete problem, but figured I'd strip a bunch of special chars to prevent future problems
include_once("../course_registration/ces_admin_nav.php");
//opens connection to database
$db = mysqli_connect($mysql_server, $user, $pass, $database);
?>
<div class="alert alert-warning">
<p>Deleting a file from here permanently removes the file from both the database and server. This will also unlink files from their sessions and they will no longer be available to users.</p>
<p> There is also no conformation screen, hitting the delete button will delete the file <strong>immediately</strong>. Use with caution.</p>
</div>
<?php
$session_id = 0;
if (isset($_POST['session_id'])){
$session_id = $_POST['session_id'];
}
elseif (isset($_GET['session_id'])){
$session_id = $_GET['session_id'];
}
if(isset($_POST['delete'])){ //delete one file from the session and from the filesystem
$file_sql = "DELETE FROM ces_files_to_sessions WHERE session_id = '$_POST[session_id]' AND filename = '$_POST[filename]'";
$pure_file_name = str_replace("session_files/", "", $_POST['filename']);
if(mysqli_query($db, $file_sql)){ //delete the file reference from the database, but if the update did not happen output an error
echo "<p class='alert alert-success'>The file ".$pure_file_name." was deleted successfully.</p>";
} else{
print_sql_error('<br>Error - file removal failed when trying to do:', $file_sql);
}
$file_name = "../course_registration/".$_POST['filename'];
//needed on windows as : is replaced by _ in filenames
//if($_SERVER['SERVER_SOFTWARE'] == 'Apache/2.4.9 (Win64) PHP/5.5.12');
// $file_name = str_replace(":", "_", $file_name);
//now delete the file from the filesystem
unlink(realpath($file_name));
}
?>
<?php
//list the files that are attached to this session
$file_sql = mysqli_query($db, "SELECT filename, file_description, session_id FROM ces_files_to_sessions ORDER BY file_description");
if(mysqli_num_rows($file_sql) > 0 ){
echo "<table class='table table-striped' id='ces-files-table'>\n";
echo " <thead>\n";
echo " <th class='width-25'>Name</th>\n";
echo " <th class='width-25'>Description</th>\n";
echo " <th>Size</th>\n";
echo " <th>Uploaded</th>\n";
echo " <th>Delete</th>\n";
echo " </thead>";
echo " <body>";
while ($file_query = mysqli_fetch_array($file_sql)) {
$file_name ="../course_registration/". $file_query['filename'];
$pure_file_name = str_replace("session_files/", "", $file_query['filename']);
$date = array();
preg_match('/^\d+-\d+-\d+/', $pure_file_name, $date);
$original_date = str_replace('-', '/', $date[0]);
//needed on windows as : is replaced by _ in filenames
//if($_SERVER['SERVER_SOFTWARE'] == 'Apache/2.4.9 (Win64) PHP/5.5.12');
// $file_name = str_replace(":", "_", $file_name);
if(file_exists($file_name)){
echo " <tr>\n";
echo " <td><a href=\"" . addslashes($file_name) . "\" target=_new title='".addslashes($pure_file_name)."'>" . preg_replace('/^\d+-\d+-\d+(-|_)\d+(-|_|:)\d+(-|_|:)\d+(-|_|:)/', "", $pure_file_name) . "</a></td>\n";
echo " <td title='".htmlspecialchars(get_course_name($file_query['session_id']), ENT_QUOTES)."\n".get_session_time($file_query['session_id'], "start")."'>" . $file_query['file_description'] . "</td>\n";
echo " <td>".human_filesize(filesize($file_name), 0) ."</td>\n";
echo " <td title='Modified: ".date ("F d Y H:i:s",filemtime($file_name))."'>".date ("F d, Y",strtotime($original_date))."</td>\n";
echo " <td><form style='display:inline-block' method='post' action='" . $_SERVER['PHP_SELF'] . "'>\n";
echo ' <button class="ces-delete-btn" type="submit" name="delete" value="Delete" title="Delete File"><span class="fa fa-trash"></span></button>';
echo ' <input type="hidden" name="session_id" value="'. $session_id.'">';
echo ' <input type="hidden" name="filename" value="'. $file_query['filename'].'">';
echo ' </form>';
echo " </td>";
echo " </tr>";
}//if
}//while
echo " </body>";
echo "</table>\n";
}else{
echo "<p>No Files attached</p>";
}
?>
<script type="text/javascript">
$(document).ready(function(){
$('#ces-files-table').DataTable({
paging:false,
searching:false,
info:false
});
});
</script>
<?php
include_once("../course_registration/admin_html_bottom.php"); //get the bottom HTML common to all pages in the CES admin module
?>