OSDN Git Service

* modified MEDIA::isValidCollection() to support read only folder
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / media.php
1 <?php
2 /*
3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4  * Copyright (C) 2002-2007 The Nucleus Group
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2
9  * of the License, or (at your option) any later version.
10  * (see nucleus/documentation/index.html#license for more info)
11  */
12 /**
13  * Media popup window for Nucleus
14  *
15  * Purpose:
16  *   - can be openen from an add-item form or bookmarklet popup
17  *   - shows a list of recent files, allowing browsing, search and
18  *     upload of new files
19  *   - close the popup by selecting a file in the list. The file gets
20  *     passed through to the add-item form (linkto, popupimg or inline img)
21  *
22  * @license http://nucleuscms.org/license.txt GNU General Public License
23  * @copyright Copyright (C) 2002-2007 The Nucleus Group
24  * @version $Id: media.php,v 1.9 2008-02-08 09:31:22 kimitake Exp $
25  * $NucleusJP: media.php,v 1.8.2.1 2007/09/07 07:36:44 kimitake Exp $
26  *
27  */
28
29 $CONF = array();
30
31 // defines how much media items will be shown per page. You can override this
32 // in config.php if you like. (changing it in config.php instead of here will
33 // allow your settings to be kept even after a Nucleus upgrade)
34 $CONF['MediaPerPage'] = 10;
35
36 // include all classes and config data
37 require('../config.php');
38 include($DIR_LIBS . 'MEDIA.php');       // media classes
39
40 sendContentType('application/xhtml+xml', 'media');
41
42 // user needs to be logged in to use this
43 if (!$member->isLoggedIn()) {
44         media_loginAndPassThrough();
45         exit;
46 }
47
48 // check if member is on at least one teamlist
49 $query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID();
50 $teams = mysql_query($query);
51 if (mysql_num_rows($teams) == 0)
52         media_doError(_ERROR_DISALLOWEDUPLOAD);
53
54 // get action
55 $action = requestVar('action');
56 if ($action == '')
57         $action = 'selectmedia';
58
59 // check ticket
60 $aActionsNotToCheck = array('selectmedia', _MEDIA_FILTER_APPLY, _MEDIA_COLLECTION_SELECT);
61 if (!in_array($action, $aActionsNotToCheck))
62 {
63         if (!$manager->checkTicket())
64                 media_doError(_ERROR_BADTICKET);
65 }
66
67
68 switch($action) {
69         case 'chooseupload':
70         case _MEDIA_UPLOAD_TO:
71         case _MEDIA_UPLOAD_NEW:
72                 media_choose();
73                 break;
74         case 'uploadfile':
75                 media_upload();
76                 break;
77         case _MEDIA_FILTER_APPLY:
78         case 'selectmedia':
79         case _MEDIA_COLLECTION_SELECT:
80         default:
81                 media_select();
82                 break;
83 }
84
85 // select a file
86 function media_select() {
87         global $member, $CONF, $DIR_MEDIA, $manager;
88
89         media_head();
90
91         // show 10 files + navigation buttons
92         // show msg when no files
93         // show upload form
94         // files sorted according to last modification date
95
96         // currently selected collection
97         $currentCollection = requestVar('collection');
98         if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection))
99                 $currentCollection = $member->getID();
100
101
102         // get collection list
103         $collections = MEDIA::getCollectionList();
104
105         if (sizeof($collections) > 1) {
106         ?>
107                 <form method="post" action="media.php"><div>
108                         <label for="media_collection"><?php echo htmlspecialchars(_MEDIA_COLLECTION_LABEL)?></label>
109                         <select name="collection" id="media_collection">
110                                 <?php                                   foreach ($collections as $dirname => $description) {
111                                                 echo '<option value="',htmlspecialchars($dirname),'"';
112                                                 if ($dirname == $currentCollection) {
113                                                         echo ' selected="selected"';
114                                                 }
115                                                 echo '>',htmlspecialchars($description),'</option>';
116                                         }
117                                 ?>
118                         </select>
119                         <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_COLLECTION_SELECT) ?>" title="<?php echo htmlspecialchars(_MEDIA_COLLECTION_TT)?>" />
120                         <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_TO) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />
121                         <?php $manager->addTicketHidden() ?>
122                 </div></form>
123         <?php   } else {
124         ?>
125                 <form method="post" action="media.php" style="float:right"><div>
126                         <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />
127                         <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_NEW) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />
128                         <?php $manager->addTicketHidden() ?>
129                 </div></form>
130         <?php   } // if sizeof
131
132         $filter = requestVar('filter');
133         $offset = intRequestVar('offset');
134         $arr = MEDIA::getMediaListByCollection($currentCollection, $filter);
135
136         ?>
137                 <form method="post" action="media.php"><div>
138                         <label for="media_filter"><?php echo htmlspecialchars(_MEDIA_FILTER_LABEL)?></label>
139                         <input id="media_filter" type="text" name="filter" value="<?php echo htmlspecialchars($filter)?>" />
140                         <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_FILTER_APPLY) ?>" />
141                         <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />
142                         <input type="hidden" name="offset" value="<?php echo intval($offset)?>" />
143                 </div></form>
144
145         <?php
146
147         ?>
148                 <table width="100%">
149                 <caption><?php echo _MEDIA_COLLECTION_LABEL . htmlspecialchars($collections[$currentCollection])?></caption>
150                 <tr>
151                  <th><?php echo _MEDIA_MODIFIED?></th><th><?php echo _MEDIA_FILENAME?></th><th><?php echo _MEDIA_DIMENSIONS?></th>
152                 </tr>
153
154         <?php
155
156         if (sizeof($arr)>0) {
157
158                 if (($offset + $CONF['MediaPerPage']) >= sizeof($arr))
159                         $offset = sizeof($arr) - $CONF['MediaPerPage'];
160
161                 if ($offset < 0) $offset = 0;
162
163                 $idxStart = $offset;
164                 $idxEnd = $offset + $CONF['MediaPerPage'];
165                 $idxNext = $idxEnd;
166                 $idxPrev = $idxStart - $CONF['MediaPerPage'];
167
168                 if ($idxPrev < 0) $idxPrev = 0;
169
170                 if ($idxEnd > sizeof($arr))
171                         $idxEnd = sizeof($arr);
172
173                 for($i=$idxStart;$i<$idxEnd;$i++) {
174                         $obj = $arr[$i];
175                         $filename = $DIR_MEDIA . $currentCollection . '/' . $obj->filename;
176
177                         $old_level = error_reporting(0);
178                         $size = @GetImageSize($filename);
179                         error_reporting($old_level);
180                         $width = $size[0];
181                         $height = $size[1];
182                         $filetype = $size[2];
183
184                         echo "<tr>";
185                         echo "<td>". date("Y-m-d",$obj->timestamp) ."</td>";
186
187                         // strings for javascript
188                         $jsCurrentCollection = str_replace("'","\\'",$currentCollection);
189                         $jsFileName = str_replace("'","\\'",$obj->filename);
190
191                         if ($filetype != 0) {
192                                 // image (gif/jpg/png/swf)
193                                 echo "<td><a href=\"media.php\" onclick=\"chooseImage('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "',"
194                                                            . "'", htmlspecialchars($width), "','" , htmlspecialchars($height), "'"
195                                                            . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"
196                                                            . htmlspecialchars(shorten($obj->filename,25,'...'))
197                                                            ."</a>";
198                                 echo ' (<a href="', htmlspecialchars($CONF['MediaURL'] . $currentCollection . '/' . $obj->filename), '" onclick="window.open(this.href); return false;" title="',htmlspecialchars(_MEDIA_VIEW_TT),'">',_MEDIA_VIEW,'</a>)';
199                                 echo "</td>";
200                         } else {
201                                 // no image (e.g. mpg)
202                                 echo "<td><a href='media.php' onclick=\"chooseOther('" , htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'"
203                                                            . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"
204                                                            . htmlspecialchars(shorten($obj->filename,30,'...'))
205                                                            ."</a></td>";
206
207                         }
208                         echo '<td>' , htmlspecialchars($width) , 'x' , htmlspecialchars($height) , '</td>';
209                         echo '</tr>';
210                 }
211         } // if (sizeof($arr)>0)
212         ?>
213
214                 </table>
215         <?php
216         if ($idxStart > 0)
217                 echo "<a href='media.php?offset=$idxPrev&amp;collection=".urlencode($currentCollection)."'>". _LISTS_PREV."</a> ";
218         if ($idxEnd < sizeof($arr))
219                 echo "<a href='media.php?offset=$idxNext&amp;collection=".urlencode($currentCollection)."'>". _LISTS_NEXT."</a> ";
220
221         ?>
222                 <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" /><label for="typeradio0"><?php echo _MEDIA_INLINE?></label>
223                 <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" /><label for="typeradio1"><?php echo _MEDIA_POPUP?></label>
224         <?php
225         media_foot();
226
227
228 }
229
230 /**
231   * Shows a screen where you can select the file to upload
232   */
233 function media_choose() {
234         global $CONF, $member, $manager;
235
236         $currentCollection = requestVar('collection');
237
238         $collections = MEDIA::getCollectionList();
239
240         media_head();
241         ?>
242         <h1><?php echo _UPLOAD_TITLE?></h1>
243
244         <p><?php echo _UPLOAD_MSG?></p>
245
246         <form method="post" enctype="multipart/form-data" action="media.php">
247         <div>
248           <input type="hidden" name="action" value="uploadfile" />
249           <?php $manager->addTicketHidden() ?>
250           <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $CONF['MaxUploadSize']?>" />
251           File:
252           <br />
253           <input name="uploadfile" type="file" size="40" />
254         <?php           if (sizeof($collections) > 1) {
255         ?>
256                 <br /><br /><label for="upload_collection">Collection:</label>
257                 <br /><select name="collection" id="upload_collection">
258                         <?php                           foreach ($collections as $dirname => $description) {
259                                         echo '<option value="',htmlspecialchars($dirname),'"';
260                                         if ($dirname == $currentCollection) {
261                                                 echo ' selected="selected"';
262                                         }
263                                         echo '>',htmlspecialchars($description),'</option>';
264                                 }
265                         ?>
266                 </select>
267         <?php           } else {
268         ?>
269                 <input name="collection" type="hidden" value="<?php echo htmlspecialchars(requestVar('collection'))?>" />
270         <?php           } // if sizeof
271         ?>
272           <br /><br />
273           <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />
274         </div>
275         </form>
276
277         <?php
278         media_foot();
279 }
280
281
282 /**
283   * accepts a file for upload
284   */
285 function media_upload() {
286         global $DIR_MEDIA, $member, $CONF;
287
288         $uploadInfo = postFileInfo('uploadfile');
289
290         $filename = $uploadInfo['name'];
291         $filetype = $uploadInfo['type'];
292         $filesize = $uploadInfo['size'];
293         $filetempname = $uploadInfo['tmp_name'];
294         $fileerror = intval($uploadInfo['error']);
295         
296         switch ($fileerror)
297         {
298                 case 0: // = UPLOAD_ERR_OK
299                         break;
300                 case 1: // = UPLOAD_ERR_INI_SIZE
301                 case 2: // = UPLOAD_ERR_FORM_SIZE
302                         media_doError(_ERROR_FILE_TOO_BIG);
303                 case 3: // = UPLOAD_ERR_PARTIAL
304                 case 4: // = UPLOAD_ERR_NO_FILE
305                 case 6: // = UPLOAD_ERR_NO_TMP_DIR
306                 case 7: // = UPLOAD_ERR_CANT_WRITE
307                 default:
308                         // include error code for debugging
309                         // (see http://www.php.net/manual/en/features.file-upload.errors.php)
310                         media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
311         }
312
313         if ($filesize > $CONF['MaxUploadSize'])
314                 media_doError(_ERROR_FILE_TOO_BIG);
315
316         // check file type against allowed types
317         $ok = 0;
318         $allowedtypes = explode (',', $CONF['AllowedTypes']);
319         foreach ( $allowedtypes as $type )
320                 if (eregi("\." .$type. "$",$filename)) $ok = 1;
321         if (!$ok) media_doError(_ERROR_BADFILETYPE);
322
323         if (!is_uploaded_file($filetempname))
324                 media_doError(_ERROR_BADREQUEST);
325
326         // prefix filename with current date (YYYY-MM-DD-)
327         // this to avoid nameclashes
328         if ($CONF['MediaPrefix'])
329                 $filename = strftime("%Y%m%d-", time()) . $filename;
330
331         $collection = requestVar('collection');
332         $res = MEDIA::addMediaObject($collection, $filetempname, $filename);
333
334         if ($res != '')
335                 media_doError($res);
336
337         // shows updated list afterwards
338         media_select();
339 }
340
341 function media_loginAndPassThrough() {
342         media_head();
343         ?>
344                 <h1><?php echo _LOGIN_PLEASE?></h1>
345
346                 <form method="post" action="media.php">
347                 <div>
348                         <input name="action" value="login" type="hidden" />
349                         <input name="collection" value="<?php echo htmlspecialchars(requestVar('collection'))?>" type="hidden" />
350                         <?php echo _LOGINFORM_NAME?>: <input name="login" />
351                         <br /><?php echo _LOGINFORM_PWD?>: <input name="password" type="password" />
352                         <br /><input type="submit" value="<?php echo _LOGIN?>" />
353                 </div>
354                 </form>
355                 <p><a href="media.php" onclick="window.close();"><?php echo _POPUP_CLOSE?></a></p>
356         <?php   media_foot();
357         exit;
358 }
359
360 function media_doError($msg) {
361         media_head();
362         ?>
363         <h1><?php echo _ERROR?></h1>
364         <p><?php echo $msg?></p>
365         <p><a href="media.php" onclick="history.back()"><?php echo _BACK?></a></p>
366         <?php   media_foot();
367         exit;
368 }
369
370
371 function media_head() {
372 ?>
373         <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
374         <html xmlns="http://www.w3.org/1999/xhtml">
375         <head>
376                 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" />
377                 <title>Nucleus Media</title>
378                 <link rel="stylesheet" type="text/css" href="styles/popups.css" />
379                 <script type="text/javascript">
380                         var type = 0;
381                         function setType(val) { type = val; }
382
383                         function chooseImage(collection, filename, width, height) {
384                                 window.opener.focus();
385                                 window.opener.includeImage(collection,
386                                                                                    filename,
387                                                                                    type == 0 ? 'inline' : 'popup',
388                                                                                    width,
389                                                                                    height
390                                                                                    );
391                                 window.close();
392                         }
393
394                         function chooseOther(collection, filename) {
395                                 window.opener.focus();
396                                 window.opener.includeOtherMedia(collection, filename);
397                                 window.close();
398
399                         }
400                 </script>
401         </head>
402         <body>
403 <?php }
404
405 function media_foot() {
406 ?>
407         </body>
408         </html>
409 <?php }
410
411 ?>