92 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			PHP
		
	
	
	
			
		
		
	
	
			92 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			PHP
		
	
	
	
| <?php
 | |
| namespace LAM\UPLOAD;
 | |
| /*
 | |
| 
 | |
|   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 | |
|   Copyright (C) 2004 - 2018  Roland Gruber
 | |
| 
 | |
|   This program is free software; you can redistribute it and/or modify
 | |
|   it under the terms of the GNU General Public License as published by
 | |
|   the Free Software Foundation; either version 2 of the License, or
 | |
|   (at your option) any later version.
 | |
| 
 | |
|   This program is distributed in the hope that it will be useful,
 | |
|   but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|   GNU General Public License for more details.
 | |
| 
 | |
|   You should have received a copy of the GNU General Public License
 | |
|   along with this program; if not, write to the Free Software
 | |
|   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 | |
| 
 | |
| */
 | |
| 
 | |
| /**
 | |
| * Creates LDAP accounts for file upload.
 | |
| *
 | |
| * @author Roland Gruber
 | |
| * @package tools
 | |
| */
 | |
| 
 | |
| /** security functions */
 | |
| include_once(__DIR__ . "/../../lib/security.inc");
 | |
| /** access to configuration */
 | |
| include_once(__DIR__ . '/../../lib/config.inc');
 | |
| /** LDAP handle */
 | |
| include_once(__DIR__ . '/../../lib/ldap.inc');
 | |
| /** status messages */
 | |
| include_once(__DIR__ . '/../../lib/status.inc');
 | |
| /** account modules */
 | |
| include_once(__DIR__ . '/../../lib/modules.inc');
 | |
| /** PDF */
 | |
| include_once(__DIR__ . '/../../lib/pdf.inc');
 | |
| 
 | |
| 
 | |
| // Start session
 | |
| startSecureSession();
 | |
| enforceUserIsLoggedIn();
 | |
| 
 | |
| // check if this tool may be run
 | |
| checkIfToolIsActive('toolFileUpload');
 | |
| 
 | |
| // die if no write access
 | |
| if (!checkIfWriteAccessIsAllowed()) die();
 | |
| 
 | |
| // Redirect to startpage if user is not loged in
 | |
| if (!isLoggedIn()) {
 | |
| 	metaRefresh("../login.php");
 | |
| 	exit;
 | |
| }
 | |
| 
 | |
| // Set correct language, codepages, ....
 | |
| setlanguage();
 | |
| 
 | |
| include __DIR__ . '/../../lib/adminHeader.inc';
 | |
| $typeId = htmlspecialchars($_SESSION['mass_typeId']);
 | |
| $typeManager = new \LAM\TYPES\TypeManager();
 | |
| $type = $typeManager->getConfiguredType($typeId);
 | |
| 
 | |
| // check if account type is ok
 | |
| if ($type->isHidden()) {
 | |
| 	logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $type->getId());
 | |
| 	die();
 | |
| }
 | |
| if (!checkIfNewEntriesAreAllowed($type->getId()) || !checkIfWriteAccessIsAllowed($type->getId())) {
 | |
| 	logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $type->getId());
 | |
| 	die();
 | |
| }
 | |
| 
 | |
| echo '<div id="uploadContent" class="' . $type->getScope() . '-bright smallPaddingContent">';
 | |
| $tokenPrefix = '?' . getSecurityTokenName() . '=' . getSecurityTokenValue();
 | |
| ?>
 | |
| 	<script type="text/javascript">
 | |
| 		jQuery(document).ready(function(){
 | |
| 			window.lam.upload.continueUpload('../misc/ajax.php?function=upload&typeId=' + '<?php echo $type->getId() ?>', '<?php echo getSecurityTokenName(); ?>', '<?php echo getSecurityTokenValue(); ?>');
 | |
| 		});
 | |
| 	</script>
 | |
| 
 | |
| <?php
 | |
| echo '</div>';
 | |
| include __DIR__ . '/../../lib/adminFooter.inc';
 | |
| ?>
 |