nucleus/media.php

   1 <?php
   2 /*
   3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
   4  * Copyright (C) 2002-2012 The Nucleus Group
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public License
   8  * as published by the Free Software Foundation; either version 2
   9  * of the License, or (at your option) any later version.
  10  * (see nucleus/documentation/index.html#license for more info)
  11  *
  12  * Media popup window for Nucleus
  13  *
  14  * Purpose:
  15  *   - can be openen from an add-item form or bookmarklet popup
  16  *   - shows a list of recent files, allowing browsing, search and
  17  *     upload of new files
  18  *   - close the popup by selecting a file in the list. The file gets
  19  *     passed through to the add-item form (linkto, popupimg or inline img)
  20  */
  21
  22 $CONF = array();
  23
  24 // defines how much media items will be shown per page. You can override this
  25 // in config.php if you like. (changing it in config.php instead of here will
  26 // allow your settings to be kept even after a Nucleus upgrade)
  27 $CONF['MediaPerPage'] = 10;
  28
  29 // include all classes and config data
  30 $DIR_LIBS = '';
  31 require_once('../config.php');
  32 //include($DIR_LIBS . 'MEDIA.php');     // media classes
  33 include_libs('MEDIA.php',false,false);
  34
  35 sendContentType('application/xhtml+xml', 'media');
  36
  37 // user needs to be logged in to use this
  38 if (!$member->isLoggedIn()) {
  39         media_loginAndPassThrough();
  40         exit;
  41 }
  42
  43 // check if member is on at least one teamlist
  44 $query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID();
  45 $teams = sql_query($query);
  46 if (sql_num_rows($teams) == 0 && !$member->isAdmin())
  47         media_doError(_ERROR_DISALLOWEDUPLOAD);
  48
  49 // get action
  50 $action = requestVar('action');
  51 if ($action == '')
  52         $action = 'selectmedia';
  53
  54 // check ticket
  55 $aActionsNotToCheck = array('selectmedia', _MEDIA_FILTER_APPLY, _MEDIA_COLLECTION_SELECT);
  56 if (!in_array($action, $aActionsNotToCheck))
  57 {
  58         if (!$manager->checkTicket())
  59                 media_doError(_ERROR_BADTICKET);
  60 }
  61
  62
  63 switch($action) {
  64         case 'chooseupload':
  65         case _MEDIA_UPLOAD_TO:
  66         case _MEDIA_UPLOAD_NEW:
  67                 if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {
  68                         media_doError(_ERROR_DISALLOWED);
  69                 } else {
  70                         media_choose();
  71                 }
  72                 break;
  73         case 'uploadfile':
  74                 if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {
  75                         media_doError(_ERROR_DISALLOWED);
  76                 } else {
  77                         media_upload();
  78                 }
  79                 break;
  80         case _MEDIA_FILTER_APPLY:
  81         case 'selectmedia':
  82         case _MEDIA_COLLECTION_SELECT:
  83         default:
  84                 media_select();
  85                 break;
  86 }
  87
  88 // select a file
  89 function media_select() {
  90         global $member, $CONF, $DIR_MEDIA, $manager;
  91
  92         // show 10 files + navigation buttons
  93         // show msg when no files
  94         // show upload form
  95         // files sorted according to last modification date
  96
  97         // currently selected collection
  98         $currentCollection = requestVar('collection');
  99         if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection))
 100                 $currentCollection = $member->getID();
 101
 102         // avoid directory travarsal and accessing invalid directory
 103         if (!MEDIA::isValidCollection($currentCollection)) media_doError(_ERROR_DISALLOWED);
 104
 105         media_head();
 106
 107         // get collection list
 108         $collections = MEDIA::getCollectionList();
 109
 110         if (sizeof($collections) > 1) {
 111         ?>
 112                 <form method="post" action="media.php"><div>
 113                         <label for="media_collection"><?php echo htmlspecialchars(_MEDIA_COLLECTION_LABEL)?></label>
 114                         <select name="collection" id="media_collection">
 115                                 <?php                                   foreach ($collections as $dirname => $description) {
 116                                                 echo '<option value="',htmlspecialchars($dirname),'"';
 117                                                 if ($dirname == $currentCollection) {
 118                                                         echo ' selected="selected"';
 119                                                 }
 120                                                 echo '>',htmlspecialchars($description),'</option>';
 121                                         }
 122                                 ?>
 123                         </select>
 124                         <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_COLLECTION_SELECT) ?>" title="<?php echo htmlspecialchars(_MEDIA_COLLECTION_TT)?>" />
 125                         <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_TO) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />
 126                         <?php $manager->addTicketHidden() ?>
 127                 </div></form>
 128         <?php   } else {
 129         ?>
 130                 <form method="post" action="media.php" style="float:right"><div>
 131                         <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />
 132                         <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_NEW) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />
 133                         <?php $manager->addTicketHidden() ?>
 134                 </div></form>
 135         <?php   } // if sizeof
 136
 137         $filter = requestVar('filter');
 138         $offset = intRequestVar('offset');
 139         $arr = MEDIA::getMediaListByCollection($currentCollection, $filter);
 140
 141         ?>
 142                 <form method="post" action="media.php"><div>
 143                         <label for="media_filter"><?php echo htmlspecialchars(_MEDIA_FILTER_LABEL)?></label>
 144                         <input id="media_filter" type="text" name="filter" value="<?php echo htmlspecialchars($filter)?>" />
 145                         <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_FILTER_APPLY) ?>" />
 146                         <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />
 147                         <input type="hidden" name="offset" value="<?php echo intval($offset)?>" />
 148                 </div></form>
 149
 150         <?php
 151
 152         ?>
 153                 <table width="100%">
 154                 <caption><?php echo _MEDIA_COLLECTION_LABEL . htmlspecialchars($collections[$currentCollection])?></caption>
 155                 <tr>
 156                  <th><?php echo _MEDIA_MODIFIED?></th><th><?php echo _MEDIA_FILENAME?></th><th><?php echo _MEDIA_DIMENSIONS?></th>
 157                 </tr>
 158
 159         <?php
 160
 161         $idxStart = 0;
 162         $idxEnd = 0;
 163
 164         if (sizeof($arr)>0) {
 165
 166                 if (($offset + $CONF['MediaPerPage']) >= sizeof($arr))
 167                         $offset = sizeof($arr) - $CONF['MediaPerPage'];
 168
 169                 if ($offset < 0) $offset = 0;
 170
 171                 $idxStart = $offset;
 172                 $idxEnd = $offset + $CONF['MediaPerPage'];
 173                 $idxNext = $idxEnd;
 174                 $idxPrev = $idxStart - $CONF['MediaPerPage'];
 175
 176                 if ($idxPrev < 0) $idxPrev = 0;
 177
 178                 if ($idxEnd > sizeof($arr))
 179                         $idxEnd = sizeof($arr);
 180
 181                 for($i=$idxStart;$i<$idxEnd;$i++) {
 182                         $obj = $arr[$i];
 183                         $filename = $DIR_MEDIA . $currentCollection . '/' . $obj->filename;
 184
 185                         $old_level = error_reporting(0);
 186                         $size = @GetImageSize($filename);
 187                         error_reporting($old_level);
 188                         $width = $size[0];
 189                         $height = $size[1];
 190                         $filetype = $size[2];
 191
 192                         echo "<tr>";
 193                         echo "<td>". date("Y-m-d",$obj->timestamp) ."</td>";
 194
 195                         // strings for javascript
 196                         $jsCurrentCollection = str_replace("'","\\'",$currentCollection);
 197                         $jsFileName = str_replace("'","\\'",$obj->filename);
 198
 199                         if ($filetype != 0) {
 200                                 // image (gif/jpg/png/swf)
 201                                 echo "<td><a href=\"media.php\" onclick=\"chooseImage('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "',"
 202                                                            . "'", htmlspecialchars($width), "','" , htmlspecialchars($height), "'"
 203                                                            . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"
 204                                                            . htmlspecialchars(shorten($obj->filename,25,'...'))
 205                                                            ."</a>";
 206                                 echo ' (<a href="', htmlspecialchars($CONF['MediaURL'] . $currentCollection . '/' . $obj->filename), '" onclick="window.open(this.href); return false;" title="',htmlspecialchars(_MEDIA_VIEW_TT),'">',_MEDIA_VIEW,'</a>)';
 207                                 echo "</td>";
 208                         } else {
 209                                 // no image (e.g. mpg)
 210                                 echo "<td><a href='media.php' onclick=\"chooseOther('" , htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'"
 211                                                            . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"
 212                                                            . htmlspecialchars(shorten($obj->filename,30,'...'))
 213                                                            ."</a></td>";
 214
 215                         }
 216                         echo '<td>' , htmlspecialchars($width) , 'x' , htmlspecialchars($height) , '</td>';
 217                         echo '</tr>';
 218                 }
 219         } // if (sizeof($arr)>0)
 220         ?>
 221
 222                 </table>
 223         <?php
 224         if ($idxStart > 0)
 225                 echo "<a href='media.php?offset=$idxPrev&amp;collection=".urlencode($currentCollection)."'>". _LISTS_PREV."</a> ";
 226         if ($idxEnd < sizeof($arr))
 227                 echo "<a href='media.php?offset=$idxNext&amp;collection=".urlencode($currentCollection)."'>". _LISTS_NEXT."</a> ";
 228
 229         ?>
 230                 <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" /><label for="typeradio0"><?php echo _MEDIA_INLINE?></label>
 231                 <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" /><label for="typeradio1"><?php echo _MEDIA_POPUP?></label>
 232         <?php
 233         media_foot();
 234
 235
 236 }
 237
 238 /**
 239   * Shows a screen where you can select the file to upload
 240   */
 241 function media_choose() {
 242         global $CONF, $member, $manager;
 243
 244         $currentCollection = requestVar('collection');
 245
 246         $collections = MEDIA::getCollectionList();
 247
 248         media_head();
 249         ?>
 250         <h1><?php echo _UPLOAD_TITLE?></h1>
 251
 252         <p><?php echo _UPLOAD_MSG?></p>
 253
 254         <form method="post" enctype="multipart/form-data" action="media.php">
 255         <div>
 256           <input type="hidden" name="action" value="uploadfile" />
 257           <?php $manager->addTicketHidden() ?>
 258           <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $CONF['MaxUploadSize']?>" />
 259           File:
 260           <br />
 261           <input name="uploadfile" type="file" size="40" />
 262         <?php           if (sizeof($collections) > 1) {
 263         ?>
 264                 <br /><br /><label for="upload_collection">Collection:</label>
 265                 <br /><select name="collection" id="upload_collection">
 266                         <?php                           foreach ($collections as $dirname => $description) {
 267                                         echo '<option value="',htmlspecialchars($dirname),'"';
 268                                         if ($dirname == $currentCollection) {
 269                                                 echo ' selected="selected"';
 270                                         }
 271                                         echo '>',htmlspecialchars($description),'</option>';
 272                                 }
 273                         ?>
 274                 </select>
 275         <?php           } else {
 276         ?>
 277                 <input name="collection" type="hidden" value="<?php echo htmlspecialchars(requestVar('collection'))?>" />
 278         <?php           } // if sizeof
 279         ?>
 280         <br /><br />
 281         <?php
 282         $param = array();
 283         $manager->notify('MediaUploadFormExtras', $param);
 284         ?>
 285         <br /><br />
 286         <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />
 287         </div>
 288         </form>
 289
 290         <?php
 291         media_foot();
 292 }
 293
 294
 295 /**
 296   * accepts a file for upload
 297   */
 298 function media_upload() {
 299         global $DIR_MEDIA, $member, $CONF;
 300
 301         $uploadInfo = postFileInfo('uploadfile');
 302
 303         $filename = $uploadInfo['name'];
 304         $filetype = $uploadInfo['type'];
 305         $filesize = $uploadInfo['size'];
 306         $filetempname = $uploadInfo['tmp_name'];
 307         $fileerror = intval($uploadInfo['error']);
 308
 309         // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
 310         $filename = cleanFileName($filename);
 311         if ($filename === false)
 312                 media_doError(_ERROR_BADFILETYPE);
 313
 314         switch ($fileerror)
 315         {
 316                 case 0: // = UPLOAD_ERR_OK
 317                         break;
 318                 case 1: // = UPLOAD_ERR_INI_SIZE
 319                 case 2: // = UPLOAD_ERR_FORM_SIZE
 320                         media_doError(_ERROR_FILE_TOO_BIG);
 321                 case 3: // = UPLOAD_ERR_PARTIAL
 322                 case 4: // = UPLOAD_ERR_NO_FILE
 323                 case 6: // = UPLOAD_ERR_NO_TMP_DIR
 324                 case 7: // = UPLOAD_ERR_CANT_WRITE
 325                 default:
 326                         // include error code for debugging
 327                         // (see http://www.php.net/manual/en/features.file-upload.errors.php)
 328                         media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
 329         }
 330
 331         if ($filesize > $CONF['MaxUploadSize'])
 332                 media_doError(_ERROR_FILE_TOO_BIG);
 333
 334         // check file type against allowed types
 335         $ok = 0;
 336         $allowedtypes = explode (',', $CONF['AllowedTypes']);
 337         foreach ( $allowedtypes as $type )
 338         {
 339                 //if (eregi("\." .$type. "$",$filename)) $ok = 1;
 340                 if (preg_match("#\." .$type. "$#i",$filename)) $ok = 1;
 341         }
 342         if (!$ok) media_doError(_ERROR_BADFILETYPE);
 343
 344         if (!is_uploaded_file($filetempname))
 345                 media_doError(_ERROR_BADREQUEST);
 346
 347         // prefix filename with current date (YYYY-MM-DD-)
 348         // this to avoid nameclashes
 349         if ($CONF['MediaPrefix'])
 350                 $filename = strftime("%Y%m%d-", time()) . $filename;
 351
 352         $collection = requestVar('collection');
 353         $res = MEDIA::addMediaObject($collection, $filetempname, $filename);
 354
 355         if ($res != '')
 356                 media_doError($res);
 357
 358         // shows updated list afterwards
 359         media_select();
 360 }
 361
 362 function media_loginAndPassThrough() {
 363         media_head();
 364         ?>
 365                 <h1><?php echo _LOGIN_PLEASE?></h1>
 366
 367                 <form method="post" action="media.php">
 368                 <div>
 369                         <input name="action" value="login" type="hidden" />
 370                         <input name="collection" value="<?php echo htmlspecialchars(requestVar('collection'))?>" type="hidden" />
 371                         <?php echo _LOGINFORM_NAME?>: <input name="login" />
 372                         <br /><?php echo _LOGINFORM_PWD?>: <input name="password" type="password" />
 373                         <br /><input type="submit" value="<?php echo _LOGIN?>" />
 374                 </div>
 375                 </form>
 376                 <p><a href="media.php" onclick="window.close();"><?php echo _POPUP_CLOSE?></a></p>
 377         <?php   media_foot();
 378         exit;
 379 }
 380
 381 function media_doError($msg) {
 382         media_head();
 383         ?>
 384         <h1><?php echo _ERROR?></h1>
 385         <p><?php echo $msg?></p>
 386         <p><a href="media.php" onclick="history.back(); return false;"><?php echo _BACK?></a></p>
 387         <?php   media_foot();
 388         exit;
 389 }
 390
 391
 392 function media_head() {
 393 ?>
 394         <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 395         <html <?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>>
 396         <head>
 397                 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" />
 398                 <title>Nucleus Media</title>
 399                 <link rel="stylesheet" type="text/css" href="styles/popups.css" />
 400                 <script type="text/javascript">
 401                         var type = 0;
 402                         function setType(val) { type = val; }
 403
 404                         function chooseImage(collection, filename, width, height) {
 405                                 window.opener.focus();
 406                                 window.opener.includeImage(collection,
 407                                                                                    filename,
 408                                                                                    type == 0 ? 'inline' : 'popup',
 409                                                                                    width,
 410                                                                                    height
 411                                                                                    );
 412                                 window.close();
 413                         }
 414
 415                         function chooseOther(collection, filename) {
 416                                 window.opener.focus();
 417                                 window.opener.includeOtherMedia(collection, filename);
 418                                 window.close();
 419
 420                         }
 421                 </script>
 422         </head>
 423         <body>
 424 <?php }
 425
 426 function media_foot() {
 427 ?>
 428         </body>
 429         </html>
 430 <?php }
 431
 432 ?>