Odyssey
audit.prg
1 <?php
2 /**
3  * File: audit.prg
4  * Used for showing audit and financials of HomeCU.
5  */
6 
7 $string = array("filter" => HCUFILTER_INPUT_STRING);
8 $parameters = array("a" => array("operation" => ""));
9 HCU_ImportVars($parameters, "a", array("operation" => $string, "fileIndex" => $string));
10 extract($parameters["a"]);
11 
12 $operation = isset($operation) ? trim($operation) : "";
13 $fileIndex = isset($fileIndex) ? trim($fileIndex) : "";
14 
15 /**
16  * function GetTocFile()
17  * @return the filename of the table of contents file (string).
18  */
19 function GetTocFile() {
20  return "duediligence.toc";
21 }
22 
23 /**
24  * function GetAuditDir()
25  * @return the directory of the audit files (string).
26  */
27 function GetAuditDir() {
28  return "/home/homecu/audit";
29 }
30 
31 /**
32  * function GetSelf()
33  * @return the URL of this script (string).
34  */
35 function GetSelf() {
36  return "main.prg?ft=14";
37 }
38 
39 /**
40  * @var operation
41  * Based on the value of operation (string), either show the file or show the table of contents.
42  */
43 switch ($operation) {
44  case "showFile":
45  ShowFile($fileIndex);
46  break;
47  case "":
48  PrintPage(GetFileList());
49  break;
50 }
51 
52 /**
53  * function GetFileList()
54  * This function gets the list of files from the table of contents file. Blank lines are escaped and file is assumed to be in a CSV format.
55  * This file will contain a comma separated name value pair of files that can be shown to admin user.
56  *
57  * @return array with "list", "error", and "code".
58  * "List" will contain information about what is in the table of contents file: The text to display for the link, the filename to retrieve from the server, and the type of the file.
59  * "Error" will contain a string if there is an error. Otherwise, it will be a blank string.
60  * "Code" will be zero if there isn't an error. Otherwise, it will be zero.
61  */
62 function GetFileList() {
63  try {
64  $auditDir = GetAuditDir();
65  $tocFile = GetTocFile();
66  $fullFile = "$auditDir/$tocFile";
67 
68  if (!is_readable($fullFile)) {
69  throw new exception("File is not readable.", 2); // If the directory doesn't exist (i.e. branch is changed without rebuilding, error in the console. Let's control the error.)
70  }
71 
72  $tocFP = fopen($fullFile, "r");
73  $fileList = array();
74 
75  if (!$tocFP) {
76  throw new exception("File handle is not found.", 1);
77  }
78 
79  while (($row = fgetcsv($tocFP)) !== false) {
80  // Blank line. According to the documentation: "A blank line in a CSV file will be returned as an array comprising a single null field, and will not be treated as an error."
81  if (count($row) == 1 && !isset($row[0])) {
82  continue;
83  }
84 
85  // Also skip over lines that are not formatted correctly. In this case, the file will not be able to retrieved so it doesn't appear in the list.
86  if (count($row) < 3) {
87  continue;
88  }
89 
90  $fileList[] = array("text" => $row[0], "filename" => $row[1], "filetype" => $row[2]);
91  }
92 
93  return array("list" => $fileList, "error" => "", "code" => 0);
94  } catch (exception $e) {
95  return array("list" => array(), "error" => $e->getMessage(), "code" => $e->getCode());
96  }
97 }
98 
99 /**
100  * function ShowFile($fileIndex)
101  * This function will show the file if a file exists and is accessible. Otherwise, it will show a message that the file is not found.
102  *
103  * @param $fileIndex -- this is an integer corresponding to the index of the file in the table of contents.
104  * @return nothing but prints out the file or displays a file not found error.
105  */
106 function ShowFile($fileIndex) {
107  try {
108  $auditDir = GetAuditDir();
109  $fileList = GetFileList();
110 
111  if ($fileList["code"] != 0) {
112  throw new exception("File list handle was not found.", 1);
113  }
114 
115  $fileList = $fileList["list"];
116 
117  if (!HCU_array_key_exists($fileIndex, $fileList)) {
118  throw new exception("File index was not found.", 2);
119  }
120 
121  $fileRow = $fileList[$fileIndex];
122 
123  if ($fileRow["filename"] == "") {
124  throw new exception("Filename is not set.", 4); // If the filename is empty, then it is not allowed. "$auditDir/" IS readable (as the directory.)
125  }
126 
127  if (basename($fileRow["filename"]) != $fileRow["filename"]) {
128  throw new exception("Do not allow filename to traverse the filesystem.", 5); // Prevent using /../ to get to the parent directory.
129  }
130 
131  $file = realpath("$auditDir/" . $fileRow["filename"]); // Ensure that the space is part of the filename. A filename like "With Spaces" or like " " works.
132 
133  if (!is_readable($file)) {
134  throw new exception("File is not readable.", 3);
135  }
136 
137  switch($fileRow["filetype"]) { // At this current time, PDFs are the only acceptable filetype. This is also the case in the mammoth version.
138  case "pdf":
139  $fileContents = file_get_contents($file);
140  $exgmt = gmdate("D M d Y H:i:s", time() + 60);
141  header("Expires: $exgmt GMT");
142  header("Content-type: application/pdf"); // add here more headers for diff. extensions
143  header("Content-Disposition: inline; filename=\"" . $fileRow["text"] . ".pdf\""); // use 'attachment' to force a download
144  header('Content-Transfer-Encoding: binary');
145 
146  print $fileContents;
147  exit;
148  default:
149  throw new exception("File is not in a format this script handles.", 4);
150  break;
151  }
152 
153 
154  } catch (exception $e) {
155  PrintNotFoundFilePage();
156  }
157 }
158 
159 /**
160  * function PrintNotFoundFilePage()
161  * @return nothing but prints out the file not found error.
162  * NOTE: at this point, it is "just script" so cannot use bootstrap formatting.
163  */
164 function PrintNotFoundFilePage() { ?>
165  <html>
166  <head>
167  <title>404 Not Found</title>
168  </head>
169  <body>
170  <h1>Not Found</h1>
171  <p>The requested file was not found on the server.</p>
172  <hr>
173  </body>
174  </html>
175 <?php }
176 
177 /**
178  * function PrintPage($fileList)
179  * @param $fileList -- an array of files read from the table of contents file.
180  * @return nothing but prints out the page: confidence notice and then links for the files in the table of contents file.
181  */
182 function PrintPage($fileList) {
183  $self = GetSelf(); ?>
184  <div class="container-fluid userAlertsDiv vsgPrimary" id="auditDiv">
185  <div class="row">
186  <div id="formValidateAlertsDiv" class="k-block k-error-colored formValidateDiv" style="display:none;"></div>
187  </div>
188  <div class="well well-sm">
189  <div class="row">
190  <h3 class="col-xs-12">Confidentially Notice</h3>
191  </div>
192  <div class="row">
193  <div class="col-xs-12">
194  This Confidential Information is intended solely for Home CU, LLC., customers and their employees, agents, consultants, subcontractors, or regulatory agencies. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited.
195  </div>
196  </div>
197  <div class="row">
198  <div class="col-xs-12">
199  By clicking the link below you agree to these confidentiality terms.
200  </div>
201  </div>
202  </div>
203  <div class="well well-sm">
204  <?php if ($fileList["code"] != 0 || count($fileList["list"]) == 0) { ?>
205  <div class="row hcu-secondary">
206  <div class="col-xs-12 vsgSecondary hcu-note">
207  No files were found.
208  </div>
209  </div>
210  <?php } else { ?>
211  <div class="row">
212  <?php foreach ($fileList["list"] as $index => $fileRow) { ?>
213  <a class="col-xs-12" href="<?php echo $self; ?>&operation=showFile&fileIndex=<?php echo $index; ?>" target="HCUaudit"><?php echo $fileRow["text"]; ?></a>
214  <?php } ?>
215  </div>
216  <?php } ?>
217  </div>
218  </div>
219 <?php }
Generated by   doxygen 1.8.15