[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / media.php

<?php
/*
 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
 * Copyright (C) 2002-2009 The Nucleus Group
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * (see nucleus/documentation/index.html#license for more info)
 */
/**
 * Media popup window for Nucleus
 *
 * Purpose:
 *   - can be openen from an add-item form or bookmarklet popup
 *   - shows a list of recent files, allowing browsing, search and
 *     upload of new files
 *   - close the popup by selecting a file in the list. The file gets
 *     passed through to the add-item form (linkto, popupimg or inline img)
 *
 * @license http://nucleuscms.org/license.txt GNU General Public License
 * @copyright Copyright (C) 2002-2009 The Nucleus Group
 * @version $Id$
 * $NucleusJP: media.php,v 1.8.2.1 2007/09/07 07:36:44 kimitake Exp $
 *
 */

$CONF = array();\r
\r
// defines how much media items will be shown per page. You can override this\r
// in config.php if you like. (changing it in config.php instead of here will\r
// allow your settings to be kept even after a Nucleus upgrade)\r
$CONF['MediaPerPage'] = 10;\r
\r
// include all classes and config data\r
require('../config.php');\r
include($DIR_LIBS . 'MEDIA.php');       // media classes\r
\r
sendContentType('application/xhtml+xml', 'media');\r
\r
// user needs to be logged in to use this\r
if (!$member->isLoggedIn()) {\r
        media_loginAndPassThrough();\r
        exit;\r
}\r
\r
// check if member is on at least one teamlist\r
$query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID();\r
$teams = mysql_query($query);\r
if (mysql_num_rows($teams) == 0)\r
        media_doError(_ERROR_DISALLOWEDUPLOAD);\r
\r
// get action\r
$action = requestVar('action');\r
if ($action == '')\r
        $action = 'selectmedia';\r
\r
// check ticket\r
$aActionsNotToCheck = array('selectmedia', _MEDIA_FILTER_APPLY, _MEDIA_COLLECTION_SELECT);\r
if (!in_array($action, $aActionsNotToCheck))\r
{\r
        if (!$manager->checkTicket())\r
                media_doError(_ERROR_BADTICKET);\r
}\r
\r
\r
switch($action) {\r
        case 'chooseupload':\r
        case _MEDIA_UPLOAD_TO:\r
        case _MEDIA_UPLOAD_NEW:\r
                if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {\r
                        media_doError(_ERROR_DISALLOWED);\r
                } else {\r
                        media_choose();\r
                }\r
                break;\r
        case 'uploadfile':\r
                if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {\r
                        media_doError(_ERROR_DISALLOWED);\r
                } else {\r
                        media_upload();\r
                }\r
                break;\r
        case _MEDIA_FILTER_APPLY:\r
        case 'selectmedia':\r
        case _MEDIA_COLLECTION_SELECT:\r
        default:\r
                media_select();\r
                break;\r
}\r
\r
// select a file\r
function media_select() {\r
        global $member, $CONF, $DIR_MEDIA, $manager;\r
\r
        // show 10 files + navigation buttons\r
        // show msg when no files\r
        // show upload form\r
        // files sorted according to last modification date\r
\r
        // currently selected collection\r
        $currentCollection = requestVar('collection');\r
        if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection))\r
                $currentCollection = $member->getID();\r
\r
        // avoid directory travarsal and accessing invalid directory\r
        if (!MEDIA::isValidCollection($currentCollection)) media_doError(_ERROR_DISALLOWED);\r
\r
        media_head();\r
\r
        // get collection list\r
        $collections = MEDIA::getCollectionList();\r
\r
        if (sizeof($collections) > 1) {\r
        ?>\r
                <form method="post" action="media.php"><div>\r
                        <label for="media_collection"><?php echo htmlspecialchars(_MEDIA_COLLECTION_LABEL)?></label>\r
                        <select name="collection" id="media_collection">\r
                                <?php                                   foreach ($collections as $dirname => $description) {\r
                                                echo '<option value="',htmlspecialchars($dirname),'"';\r
                                                if ($dirname == $currentCollection) {\r
                                                        echo ' selected="selected"';\r
                                                }\r
                                                echo '>',htmlspecialchars($description),'</option>';\r
                                        }\r
                                ?>\r
                        </select>\r
                        <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_COLLECTION_SELECT) ?>" title="<?php echo htmlspecialchars(_MEDIA_COLLECTION_TT)?>" />\r
                        <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_TO) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />\r
                        <?php $manager->addTicketHidden() ?>\r
                </div></form>\r
        <?php   } else {\r
        ?>\r
                <form method="post" action="media.php" style="float:right"><div>\r
                        <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />\r
                        <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_NEW) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />\r
                        <?php $manager->addTicketHidden() ?>\r
                </div></form>\r
        <?php   } // if sizeof\r
\r
        $filter = requestVar('filter');\r
        $offset = intRequestVar('offset');\r
        $arr = MEDIA::getMediaListByCollection($currentCollection, $filter);\r
\r
        ?>\r
                <form method="post" action="media.php"><div>\r
                        <label for="media_filter"><?php echo htmlspecialchars(_MEDIA_FILTER_LABEL)?></label>\r
                        <input id="media_filter" type="text" name="filter" value="<?php echo htmlspecialchars($filter)?>" />\r
                        <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_FILTER_APPLY) ?>" />\r
                        <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />\r
                        <input type="hidden" name="offset" value="<?php echo intval($offset)?>" />\r
                </div></form>\r
\r
        <?php\r
\r
        ?>\r
                <table width="100%">\r
                <caption><?php echo _MEDIA_COLLECTION_LABEL . htmlspecialchars($collections[$currentCollection])?></caption>\r
                <tr>\r
                 <th><?php echo _MEDIA_MODIFIED?></th><th><?php echo _MEDIA_FILENAME?></th><th><?php echo _MEDIA_DIMENSIONS?></th>\r
                </tr>\r
\r
        <?php\r
\r
        if (sizeof($arr)>0) {\r
\r
                if (($offset + $CONF['MediaPerPage']) >= sizeof($arr))\r
                        $offset = sizeof($arr) - $CONF['MediaPerPage'];\r
\r
                if ($offset < 0) $offset = 0;\r
\r
                $idxStart = $offset;\r
                $idxEnd = $offset + $CONF['MediaPerPage'];\r
                $idxNext = $idxEnd;\r
                $idxPrev = $idxStart - $CONF['MediaPerPage'];\r
\r
                if ($idxPrev < 0) $idxPrev = 0;\r
\r
                if ($idxEnd > sizeof($arr))\r
                        $idxEnd = sizeof($arr);\r
\r
                for($i=$idxStart;$i<$idxEnd;$i++) {\r
                        $obj = $arr[$i];\r
                        $filename = $DIR_MEDIA . $currentCollection . '/' . $obj->filename;\r
\r
                        $old_level = error_reporting(0);\r
                        $size = @GetImageSize($filename);\r
                        error_reporting($old_level);\r
                        $width = $size[0];\r
                        $height = $size[1];\r
                        $filetype = $size[2];\r
\r
                        echo "<tr>";\r
                        echo "<td>". date("Y-m-d",$obj->timestamp) ."</td>";\r
\r
                        // strings for javascript\r
                        $jsCurrentCollection = str_replace("'","\\'",$currentCollection);\r
                        $jsFileName = str_replace("'","\\'",$obj->filename);\r
\r
                        if ($filetype != 0) {\r
                                // image (gif/jpg/png/swf)\r
                                echo "<td><a href=\"media.php\" onclick=\"chooseImage('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "',"\r
                                                           . "'", htmlspecialchars($width), "','" , htmlspecialchars($height), "'"\r
                                                           . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"\r
                                                           . htmlspecialchars(shorten($obj->filename,25,'...'))\r
                                                           ."</a>";\r
                                echo ' (<a href="', htmlspecialchars($CONF['MediaURL'] . $currentCollection . '/' . $obj->filename), '" onclick="window.open(this.href); return false;" title="',htmlspecialchars(_MEDIA_VIEW_TT),'">',_MEDIA_VIEW,'</a>)';\r
                                echo "</td>";\r
                        } else {\r
                                // no image (e.g. mpg)\r
                                echo "<td><a href='media.php' onclick=\"chooseOther('" , htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'"\r
                                                           . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"\r
                                                           . htmlspecialchars(shorten($obj->filename,30,'...'))\r
                                                           ."</a></td>";\r
\r
                        }\r
                        echo '<td>' , htmlspecialchars($width) , 'x' , htmlspecialchars($height) , '</td>';\r
                        echo '</tr>';\r
                }\r
        } // if (sizeof($arr)>0)\r
        ?>\r
\r
                </table>\r
        <?php\r
        if ($idxStart > 0)\r
                echo "<a href='media.php?offset=$idxPrev&amp;collection=".urlencode($currentCollection)."'>". _LISTS_PREV."</a> ";\r
        if ($idxEnd < sizeof($arr))\r
                echo "<a href='media.php?offset=$idxNext&amp;collection=".urlencode($currentCollection)."'>". _LISTS_NEXT."</a> ";\r
\r
        ?>\r
                <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" /><label for="typeradio0"><?php echo _MEDIA_INLINE?></label>\r
                <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" /><label for="typeradio1"><?php echo _MEDIA_POPUP?></label>\r
        <?php\r
        media_foot();\r
\r
\r
}\r
\r
/**\r
  * Shows a screen where you can select the file to upload\r
  */\r
function media_choose() {\r
        global $CONF, $member, $manager;\r
\r
        $currentCollection = requestVar('collection');\r
\r
        $collections = MEDIA::getCollectionList();\r
\r
        media_head();\r
        ?>\r
        <h1><?php echo _UPLOAD_TITLE?></h1>\r
\r
        <p><?php echo _UPLOAD_MSG?></p>\r
\r
        <form method="post" enctype="multipart/form-data" action="media.php">\r
        <div>\r
          <input type="hidden" name="action" value="uploadfile" />\r
          <?php $manager->addTicketHidden() ?>\r
          <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $CONF['MaxUploadSize']?>" />\r
          File:\r
          <br />\r
          <input name="uploadfile" type="file" size="40" />\r
        <?php           if (sizeof($collections) > 1) {\r
        ?>\r
                <br /><br /><label for="upload_collection">Collection:</label>\r
                <br /><select name="collection" id="upload_collection">\r
                        <?php                           foreach ($collections as $dirname => $description) {\r
                                        echo '<option value="',htmlspecialchars($dirname),'"';\r
                                        if ($dirname == $currentCollection) {\r
                                                echo ' selected="selected"';\r
                                        }\r
                                        echo '>',htmlspecialchars($description),'</option>';\r
                                }\r
                        ?>\r
                </select>\r
        <?php           } else {\r
        ?>\r
                <input name="collection" type="hidden" value="<?php echo htmlspecialchars(requestVar('collection'))?>" />\r
        <?php           } // if sizeof\r
        ?>\r
          <br /><br />\r
          <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />\r
        </div>\r
        </form>\r
\r
        <?php\r
        media_foot();\r
}\r
\r
\r
/**\r
  * accepts a file for upload\r
  */\r
function media_upload() {\r
        global $DIR_MEDIA, $member, $CONF;\r
\r
        $uploadInfo = postFileInfo('uploadfile');\r
\r
        $filename = $uploadInfo['name'];\r
        $filetype = $uploadInfo['type'];\r
        $filesize = $uploadInfo['size'];\r
        $filetempname = $uploadInfo['tmp_name'];\r
        $fileerror = intval($uploadInfo['error']);\r
        \r
        switch ($fileerror)\r
        {\r
                case 0: // = UPLOAD_ERR_OK\r
                        break;\r
                case 1: // = UPLOAD_ERR_INI_SIZE\r
                case 2: // = UPLOAD_ERR_FORM_SIZE\r
                        media_doError(_ERROR_FILE_TOO_BIG);\r
                case 3: // = UPLOAD_ERR_PARTIAL\r
                case 4: // = UPLOAD_ERR_NO_FILE\r
                case 6: // = UPLOAD_ERR_NO_TMP_DIR\r
                case 7: // = UPLOAD_ERR_CANT_WRITE\r
                default:\r
                        // include error code for debugging\r
                        // (see http://www.php.net/manual/en/features.file-upload.errors.php)\r
                        media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');\r
        }\r
\r
        if ($filesize > $CONF['MaxUploadSize'])\r
                media_doError(_ERROR_FILE_TOO_BIG);\r
\r
        // check file type against allowed types\r
        $ok = 0;\r
        $allowedtypes = explode (',', $CONF['AllowedTypes']);\r
        foreach ( $allowedtypes as $type )\r
                if (eregi("\." .$type. "$",$filename)) $ok = 1;\r
        if (!$ok) media_doError(_ERROR_BADFILETYPE);\r
\r
        if (!is_uploaded_file($filetempname))\r
                media_doError(_ERROR_BADREQUEST);\r
\r
        // prefix filename with current date (YYYY-MM-DD-)\r
        // this to avoid nameclashes\r
        if ($CONF['MediaPrefix'])\r
                $filename = strftime("%Y%m%d-", time()) . $filename;\r
\r
        $collection = requestVar('collection');\r
        $res = MEDIA::addMediaObject($collection, $filetempname, $filename);\r
\r
        if ($res != '')\r
                media_doError($res);\r
\r
        // shows updated list afterwards\r
        media_select();\r
}\r
\r
function media_loginAndPassThrough() {\r
        media_head();\r
        ?>\r
                <h1><?php echo _LOGIN_PLEASE?></h1>\r
\r
                <form method="post" action="media.php">\r
                <div>\r
                        <input name="action" value="login" type="hidden" />\r
                        <input name="collection" value="<?php echo htmlspecialchars(requestVar('collection'))?>" type="hidden" />\r
                        <?php echo _LOGINFORM_NAME?>: <input name="login" />\r
                        <br /><?php echo _LOGINFORM_PWD?>: <input name="password" type="password" />\r
                        <br /><input type="submit" value="<?php echo _LOGIN?>" />\r
                </div>\r
                </form>\r
                <p><a href="media.php" onclick="window.close();"><?php echo _POPUP_CLOSE?></a></p>\r
        <?php   media_foot();\r
        exit;\r
}\r
\r
function media_doError($msg) {\r
        media_head();\r
        ?>\r
        <h1><?php echo _ERROR?></h1>\r
        <p><?php echo $msg?></p>\r
        <p><a href="media.php" onclick="history.back()"><?php echo _BACK?></a></p>\r
        <?php   media_foot();\r
        exit;\r
}\r
\r
\r
function media_head() {\r
?>\r
        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r
        <html<?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>>\r
        <head>\r
                <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" />\r
                <title>Nucleus Media</title>\r
                <link rel="stylesheet" type="text/css" href="styles/popups.css" />\r
                <script type="text/javascript">\r
                        var type = 0;\r
                        function setType(val) { type = val; }\r
\r
                        function chooseImage(collection, filename, width, height) {\r
                                window.opener.focus();\r
                                window.opener.includeImage(collection,\r
                                                                                   filename,\r
                                                                                   type == 0 ? 'inline' : 'popup',\r
                                                                                   width,\r
                                                                                   height\r
                                                                                   );\r
                                window.close();\r
                        }\r
\r
                        function chooseOther(collection, filename) {\r
                                window.opener.focus();\r
                                window.opener.includeOtherMedia(collection, filename);\r
                                window.close();\r
\r
                        }\r
                </script>\r
        </head>\r
        <body>\r
<?php }\r
\r
function media_foot() {\r
?>\r
        </body>\r
        </html>\r
<?php }\r
\r
?>\r