OSDN Git Service

Include plugins which the original release includes and Mocchi modified these codes...
[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / media.php
index 3daeba5..ff2cc2a 100755 (executable)
-<?php\r
-/*\r
- * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
- * Copyright (C) 2002-2005 The Nucleus Group\r
- *\r
- * This program is free software; you can redistribute it and/or\r
- * modify it under the terms of the GNU General Public License\r
- * as published by the Free Software Foundation; either version 2\r
- * of the License, or (at your option) any later version.\r
- * (see nucleus/documentation/index.html#license for more info)\r
- */\r
-/**\r
- * Media popup window for Nucleus\r
- *\r
- * Purpose:\r
- *   - can be openen from an add-item form or bookmarklet popup\r
- *   - shows a list of recent files, allowing browsing, search and\r
- *     upload of new files\r
- *   - close the popup by selecting a file in the list. The file gets\r
- *     passed through to the add-item form (linkto, popupimg or inline img)\r
- *\r
- * @license http://nucleuscms.org/license.txt GNU General Public License\r
- * @copyright Copyright (C) 2002-2005 The Nucleus Group\r
- * @version $Id: media.php,v 1.5 2005-08-13 07:33:45 kimitake Exp $\r
- * $NucleusJP: media.php,v 1.4 2005/03/16 07:55:04 kimitake Exp $\r
- *\r
- */\r
-  \r
-$CONF = array();\r
-\r
-// defines how much media items will be shown per page. You can override this\r
-// in config.php if you like. (changing it in config.php instead of here will\r
-// allow your settings to be kept even after a Nucleus upgrade)\r
-$CONF['MediaPerPage'] = 10;\r
-\r
-// include all classes and config data\r
-include('../config.php');\r
-include($DIR_LIBS . 'MEDIA.php');      // media classes\r
-\r
-sendContentType('application/xhtml+xml', 'media');\r
-\r
-// user needs to be logged in to use this\r
-if (!$member->isLoggedIn()) {\r
-       media_loginAndPassThrough();\r
-       exit;\r
-}\r
-\r
-// check if member is on at least one teamlist\r
-$query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID();\r
-$teams = mysql_query($query);\r
-if (mysql_num_rows($teams) == 0)\r
-       media_doError(_ERROR_DISALLOWEDUPLOAD);\r
-       \r
-// get action\r
-$action = requestVar('action');\r
-if ($action == '')\r
-       $action = 'selectmedia';\r
-       \r
-// check ticket\r
-$aActionsNotToCheck = array('selectmedia', _MEDIA_FILTER_APPLY, _MEDIA_COLLECTION_SELECT);\r
-if (!in_array($action, $aActionsNotToCheck))\r
-{\r
-       if (!$manager->checkTicket())\r
-               media_doError(_ERROR_BADTICKET);\r
-} \r
-\r
-\r
-switch($action) {\r
-       case 'chooseupload':\r
-       case _MEDIA_UPLOAD_TO:\r
-       case _MEDIA_UPLOAD_NEW:\r
-               media_choose();\r
-               break;\r
-       case 'uploadfile':\r
-               media_upload();\r
-               break;\r
-       case _MEDIA_FILTER_APPLY:\r
-       case 'selectmedia':\r
-       case _MEDIA_COLLECTION_SELECT:\r
-       default:\r
-               media_select();\r
-               break;\r
-}\r
-\r
-// select a file\r
-function media_select() {\r
-       global $member, $CONF, $DIR_MEDIA, $manager;\r
-       \r
-       media_head();\r
-       \r
-       // show 10 files + navigation buttons \r
-       // show msg when no files\r
-       // show upload form\r
-       // files sorted according to last modification date\r
-\r
-       // currently selected collection\r
-       $currentCollection = requestVar('collection');\r
-       if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection))\r
-               $currentCollection = $member->getID();\r
-               \r
-       \r
-       // get collection list\r
-       $collections = MEDIA::getCollectionList();\r
-\r
-       if (sizeof($collections) > 1) {\r
-       ?>\r
-               <form method="post" action="media.php"><div>\r
-                       <label for="media_collection"><?php echo htmlspecialchars(_MEDIA_COLLECTION_LABEL)?></label>\r
-                       <select name="collection" id="media_collection">\r
-                               <?php                                   foreach ($collections as $dirname => $description) {\r
-                                               echo '<option value="',htmlspecialchars($dirname),'"';\r
-                                               if ($dirname == $currentCollection) {\r
-                                                       echo ' selected="selected"';\r
-                                               }\r
-                                               echo '>',htmlspecialchars($description),'</option>';\r
-                                       }\r
-                               ?>\r
-                       </select>\r
-                       <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_COLLECTION_SELECT) ?>" title="<?php echo htmlspecialchars(_MEDIA_COLLECTION_TT)?>" />\r
-                       <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_TO) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />\r
-                       <?php $manager->addTicketHidden() ?>\r
-               </div></form>\r
-       <?php   } else {\r
-       ?>\r
-               <form method="post" action="media.php" style="float:right"><div>\r
-                       <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />\r
-                       <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_NEW) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />\r
-                       <?php $manager->addTicketHidden() ?>\r
-               </div></form>   \r
-       <?php   } // if sizeof\r
-       \r
-       $filter = requestVar('filter'); \r
-       $offset = intRequestVar('offset');      \r
-       $arr = MEDIA::getMediaListByCollection($currentCollection, $filter);\r
-\r
-       ?>\r
-               <form method="post" action="media.php"><div>\r
-                       <label for="media_filter"><?php echo htmlspecialchars(_MEDIA_FILTER_LABEL)?></label>\r
-                       <input id="media_filter" type="text" name="filter" value="<?php echo htmlspecialchars($filter)?>" />\r
-                       <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_FILTER_APPLY) ?>" />\r
-                       <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />                     \r
-                       <input type="hidden" name="offset" value="<?php echo intval($offset)?>" />                                              \r
-               </div></form>   \r
-       \r
-       <?php\r
-       \r
-       ?>      \r
-               <table width="100%">\r
-               <caption><?php echo _MEDIA_COLLECTION_LABEL . htmlspecialchars($collections[$currentCollection])?></caption>\r
-               <tr>\r
-                <th><?php echo _MEDIA_MODIFIED?></th><th><?php echo _MEDIA_FILENAME?></th><th><?php echo _MEDIA_DIMENSIONS?></th>\r
-               </tr>\r
-       \r
-       <?php   \r
-       \r
-       if (sizeof($arr)>0) {\r
-       \r
-               if (($offset + $CONF['MediaPerPage']) >= sizeof($arr))\r
-                       $offset = sizeof($arr) - $CONF['MediaPerPage'];\r
-\r
-               if ($offset < 0) $offset = 0;\r
-               \r
-               $idxStart = $offset;\r
-               $idxEnd = $offset + $CONF['MediaPerPage'];\r
-               $idxNext = $idxEnd;\r
-               $idxPrev = $idxStart - $CONF['MediaPerPage'];\r
-\r
-               if ($idxPrev < 0) $idxPrev = 0;\r
-\r
-               if ($idxEnd > sizeof($arr))\r
-                       $idxEnd = sizeof($arr);\r
-\r
-               for($i=$idxStart;$i<$idxEnd;$i++) {\r
-                       $obj = $arr[$i];\r
-                       $filename = $DIR_MEDIA . $currentCollection . '/' . $obj->filename;\r
-\r
-                       $old_level = error_reporting(0);\r
-                       $size = @GetImageSize($filename); \r
-                       error_reporting($old_level);\r
-                       $width = $size[0];\r
-                       $height = $size[1];\r
-                       $filetype = $size[2];\r
-                       \r
-                       echo "<tr>";\r
-                       echo "<td>". date("Y-m-d",$obj->timestamp) ."</td>";\r
-                       \r
-                       // strings for javascript\r
-                       $jsCurrentCollection = str_replace("'","\\'",$currentCollection);\r
-                       $jsFileName = str_replace("'","\\'",$obj->filename);\r
-\r
-                       if ($filetype != 0) {\r
-                               // image (gif/jpg/png/swf)\r
-                               echo "<td><a href=\"media.php\" onclick=\"chooseImage('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "',"\r
-                                                          . "'", htmlspecialchars($width), "','" , htmlspecialchars($height), "'"\r
-                                                          . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"\r
-                                                          . htmlspecialchars(shorten($obj->filename,25,'...'))\r
-                                                          ."</a>";\r
-                               echo ' (<a href="', htmlspecialchars($CONF['MediaURL'] . $currentCollection . '/' . $obj->filename), '" onclick="window.open(this.href); return false;" title="',htmlspecialchars(_MEDIA_VIEW_TT),'">',_MEDIA_VIEW,'</a>)';\r
-                               echo "</td>";\r
-                       } else {\r
-                               // no image (e.g. mpg)\r
-                               echo "<td><a href='media.php' onclick=\"chooseOther('" , htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'"\r
-                                                          . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"\r
-                                                          . htmlspecialchars(shorten($obj->filename,30,'...'))\r
-                                                          ."</a></td>";\r
-\r
-                       }\r
-                       echo '<td>' , htmlspecialchars($width) , 'x' , htmlspecialchars($height) , '</td>';\r
-                       echo '</tr>';\r
-               }\r
-       } // if (sizeof($arr)>0)\r
-       ?>\r
-       \r
-               </table>\r
-       <?php   \r
-       if ($idxStart > 0)\r
-               echo "<a href='media.php?offset=$idxPrev&amp;collection=".urlencode($currentCollection)."'>". _LISTS_PREV."</a> ";\r
-       if ($idxEnd < sizeof($arr))\r
-               echo "<a href='media.php?offset=$idxNext&amp;collection=".urlencode($currentCollection)."'>". _LISTS_NEXT."</a> ";\r
-       \r
-       ?>\r
-               <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" /><label for="typeradio0"><?php echo _MEDIA_INLINE?></label>\r
-               <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" /><label for="typeradio1"><?php echo _MEDIA_POPUP?></label>\r
-       <?php   \r
-       media_foot();\r
-     \r
-               \r
-}\r
-\r
-/**\r
-  * Shows a screen where you can select the file to upload\r
-  */\r
-function media_choose() {\r
-       global $CONF, $member, $manager;\r
-\r
-       $currentCollection = requestVar('collection');\r
-       \r
-       $collections = MEDIA::getCollectionList();\r
-\r
-       media_head();\r
-       ?>\r
-       <h1><?php echo _UPLOAD_TITLE?></h1>\r
-       \r
-       <p><?php echo _UPLOAD_MSG?></p>\r
-       \r
-       <form method="post" enctype="multipart/form-data" action="media.php">\r
-       <div>\r
-         <input type="hidden" name="action" value="uploadfile" />\r
-         <?php $manager->addTicketHidden() ?>\r
-         <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $CONF['MaxUploadSize']?>" />\r
-         File:\r
-         <br />\r
-         <input name="uploadfile" type="file" size="40" />\r
-       <?php           if (sizeof($collections) > 1) {\r
-       ?>\r
-               <br /><br /><label for="upload_collection">Collection:</label>\r
-               <br /><select name="collection" id="upload_collection">\r
-                       <?php                           foreach ($collections as $dirname => $description) {\r
-                                       echo '<option value="',htmlspecialchars($dirname),'"';\r
-                                       if ($dirname == $currentCollection) {\r
-                                               echo ' selected="selected"';\r
-                                       }\r
-                                       echo '>',htmlspecialchars($description),'</option>';\r
-                               }\r
-                       ?>\r
-               </select>\r
-       <?php           } else {\r
-       ?>\r
-               <input name="collection" type="hidden" value="<?php echo htmlspecialchars(requestVar('collection'))?>" />                       \r
-       <?php           } // if sizeof\r
-       ?>  \r
-         <br /><br />\r
-         <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />\r
-       </div>\r
-       </form>\r
-       \r
-       <?php   \r
-       media_foot();\r
-}\r
-\r
-\r
-/**\r
-  * accepts a file for upload\r
-  */\r
-function media_upload() {\r
-       global $DIR_MEDIA, $member, $CONF;\r
-\r
-       $uploadInfo = postFileInfo('uploadfile');\r
-       \r
-       $filename = $uploadInfo['name'];\r
-       $filetype = $uploadInfo['type'];\r
-       $filesize = $uploadInfo['size'];\r
-       $filetempname = $uploadInfo['tmp_name'];\r
-       \r
-       if ($filesize > $CONF['MaxUploadSize'])\r
-               media_doError(_ERROR_FILE_TOO_BIG);\r
-       \r
-       // check file type against allowed types\r
-       $ok = 0;\r
-       $allowedtypes = explode (',', $CONF['AllowedTypes']);\r
-       foreach ( $allowedtypes as $type ) \r
-               if (eregi("\." .$type. "$",$filename)) $ok = 1;    \r
-       if (!$ok) media_doError(_ERROR_BADFILETYPE);\r
-               \r
-       if (!is_uploaded_file($filetempname)) \r
-               media_doError(_ERROR_BADREQUEST);\r
-\r
-       // prefix filename with current date (YYYY-MM-DD-)\r
-       // this to avoid nameclashes\r
-       if ($CONF['MediaPrefix'])\r
-               $filename = strftime("%Y%m%d-", time()) . $filename;\r
-\r
-       $collection = requestVar('collection');\r
-       $res = MEDIA::addMediaObject($collection, $filetempname, $filename);\r
-\r
-       if ($res != '') \r
-               media_doError($res);\r
-       \r
-       // shows updated list afterwards\r
-       media_select();\r
-}\r
-\r
-function media_loginAndPassThrough() {\r
-       media_head();\r
-       ?>\r
-               <h1><?php echo _LOGIN_PLEASE?></h1>\r
-       \r
-               <form method="post" action="media.php">\r
-               <div>\r
-                       <input name="action" value="login" type="hidden" />\r
-                       <input name="collection" value="<?php echo htmlspecialchars(requestVar('collection'))?>" type="hidden" />                       \r
-                       <?php echo _LOGINFORM_NAME?>: <input name="login" />\r
-                       <br /><?php echo _LOGINFORM_PWD?>: <input name="password" type="password" />\r
-                       <br /><input type="submit" value="<?php echo _LOGIN?>" />\r
-               </div>\r
-               </form>\r
-               <p><a href="media.php" onclick="window.close();"><?php echo _POPUP_CLOSE?></a></p>\r
-       <?php   media_foot();\r
-       exit;\r
-}\r
-\r
-function media_doError($msg) {\r
-       media_head();\r
-       ?>\r
-       <h1><?php echo _ERROR?></h1>\r
-       <p><?php echo $msg?></p>\r
-       <p><a href="media.php" onclick="history.back()"><?php echo _BACK?></a></p>\r
-       <?php   media_foot();\r
-       exit;\r
-}\r
-\r
-\r
-function media_head() {\r
-?>\r
-       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r
-       <html xmlns="http://www.w3.org/1999/xhtml">\r
-       <head>\r
-               <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" />\r
-               <title>Nucleus Media</title>\r
-               <link rel="stylesheet" type="text/css" href="styles/popups.css" />\r
-               <script type="text/javascript">\r
-                       var type = 0;\r
-                       function setType(val) { type = val; }\r
-                       \r
-                       function chooseImage(collection, filename, width, height) {\r
-                               window.opener.focus(); \r
-                               window.opener.includeImage(collection,\r
-                                                                                  filename, \r
-                                                          type == 0 ? 'inline' : 'popup',\r
-                                                          width,\r
-                                                          height\r
-                                                          );\r
-                               window.close();\r
-                       }\r
-                       \r
-                       function chooseOther(collection, filename) {\r
-                               window.opener.focus(); \r
-                               window.opener.includeOtherMedia(collection, filename);\r
-                               window.close();\r
-                       \r
-                       }\r
-               </script>\r
-       </head>\r
-       <body>          \r
-<?php }\r
-\r
-function media_foot() {\r
-?>\r
-       </body>\r
-       </html> \r
-<?php }        \r
-\r
-?>\r
+<?php
+/*
+ * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
+ * Copyright (C) 2002-2010 The Nucleus Group
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * (see nucleus/documentation/index.html#license for more info)
+ */
+/**
+ * Media popup window for Nucleus
+ *
+ * Purpose:
+ *   - can be openen from an add-item form or bookmarklet popup
+ *   - shows a list of recent files, allowing browsing, search and
+ *     upload of new files
+ *   - close the popup by selecting a file in the list. The file gets
+ *     passed through to the add-item form (linkto, popupimg or inline img)
+ *
+ * @license http://nucleuscms.org/license.txt GNU General Public License
+ * @copyright Copyright (C) 2002-2010 The Nucleus Group
+ * @version $Id$
+ * $NucleusJP: media.php,v 1.8.2.1 2007/09/07 07:36:44 kimitake Exp $
+ *
+ */
+
+$CONF = array();
+
+// defines how much media items will be shown per page. You can override this
+// in config.php if you like. (changing it in config.php instead of here will
+// allow your settings to be kept even after a Nucleus upgrade)
+$CONF['MediaPerPage'] = 10;
+
+// include all classes and config data
+$DIR_LIBS = '';
+require_once('../config.php');
+//include($DIR_LIBS . 'MEDIA.php');    // media classes
+include_libs('MEDIA.php',false,false);
+
+sendContentType('application/xhtml+xml', 'media');
+
+// user needs to be logged in to use this
+if (!$member->isLoggedIn()) {
+       media_loginAndPassThrough();
+       exit;
+}
+
+// check if member is on at least one teamlist
+$query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID();
+$teams = sql_query($query);
+if (sql_num_rows($teams) == 0 && !$member->isAdmin())
+       media_doError(_ERROR_DISALLOWEDUPLOAD);
+
+// get action
+$action = requestVar('action');
+if ($action == '')
+       $action = 'selectmedia';
+
+// check ticket
+$aActionsNotToCheck = array('selectmedia', _MEDIA_FILTER_APPLY, _MEDIA_COLLECTION_SELECT);
+if (!in_array($action, $aActionsNotToCheck))
+{
+       if (!$manager->checkTicket())
+               media_doError(_ERROR_BADTICKET);
+}
+
+
+switch($action) {
+       case 'chooseupload':
+       case _MEDIA_UPLOAD_TO:
+       case _MEDIA_UPLOAD_NEW:
+               if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {
+                       media_doError(_ERROR_DISALLOWED);
+               } else {
+                       media_choose();
+               }
+               break;
+       case 'uploadfile':
+               if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {
+                       media_doError(_ERROR_DISALLOWED);
+               } else {
+                       media_upload();
+               }
+               break;
+       case _MEDIA_FILTER_APPLY:
+       case 'selectmedia':
+       case _MEDIA_COLLECTION_SELECT:
+       default:
+               media_select();
+               break;
+}
+
+// select a file
+function media_select() {
+       global $member, $CONF, $DIR_MEDIA, $manager;
+
+       // show 10 files + navigation buttons
+       // show msg when no files
+       // show upload form
+       // files sorted according to last modification date
+
+       // currently selected collection
+       $currentCollection = requestVar('collection');
+       if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection))
+               $currentCollection = $member->getID();
+
+       // avoid directory travarsal and accessing invalid directory
+       if (!MEDIA::isValidCollection($currentCollection)) media_doError(_ERROR_DISALLOWED);
+
+       media_head();
+
+       // get collection list
+       $collections = MEDIA::getCollectionList();
+
+       if (sizeof($collections) > 1) {
+       ?>
+               <form method="post" action="media.php"><div>
+                       <label for="media_collection"><?php echo htmlspecialchars(_MEDIA_COLLECTION_LABEL)?></label>
+                       <select name="collection" id="media_collection">
+                               <?php                                   foreach ($collections as $dirname => $description) {
+                                               echo '<option value="',htmlspecialchars($dirname),'"';
+                                               if ($dirname == $currentCollection) {
+                                                       echo ' selected="selected"';
+                                               }
+                                               echo '>',htmlspecialchars($description),'</option>';
+                                       }
+                               ?>
+                       </select>
+                       <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_COLLECTION_SELECT) ?>" title="<?php echo htmlspecialchars(_MEDIA_COLLECTION_TT)?>" />
+                       <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_TO) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />
+                       <?php $manager->addTicketHidden() ?>
+               </div></form>
+       <?php   } else {
+       ?>
+               <form method="post" action="media.php" style="float:right"><div>
+                       <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />
+                       <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_NEW) ?>" title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK) ?>" />
+                       <?php $manager->addTicketHidden() ?>
+               </div></form>
+       <?php   } // if sizeof
+
+       $filter = requestVar('filter');
+       $offset = intRequestVar('offset');
+       $arr = MEDIA::getMediaListByCollection($currentCollection, $filter);
+
+       ?>
+               <form method="post" action="media.php"><div>
+                       <label for="media_filter"><?php echo htmlspecialchars(_MEDIA_FILTER_LABEL)?></label>
+                       <input id="media_filter" type="text" name="filter" value="<?php echo htmlspecialchars($filter)?>" />
+                       <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_FILTER_APPLY) ?>" />
+                       <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection)?>" />
+                       <input type="hidden" name="offset" value="<?php echo intval($offset)?>" />
+               </div></form>
+
+       <?php
+
+       ?>
+               <table width="100%">
+               <caption><?php echo _MEDIA_COLLECTION_LABEL . htmlspecialchars($collections[$currentCollection])?></caption>
+               <tr>
+                <th><?php echo _MEDIA_MODIFIED?></th><th><?php echo _MEDIA_FILENAME?></th><th><?php echo _MEDIA_DIMENSIONS?></th>
+               </tr>
+
+       <?php
+
+       if (sizeof($arr)>0) {
+
+               if (($offset + $CONF['MediaPerPage']) >= sizeof($arr))
+                       $offset = sizeof($arr) - $CONF['MediaPerPage'];
+
+               if ($offset < 0) $offset = 0;
+
+               $idxStart = $offset;
+               $idxEnd = $offset + $CONF['MediaPerPage'];
+               $idxNext = $idxEnd;
+               $idxPrev = $idxStart - $CONF['MediaPerPage'];
+
+               if ($idxPrev < 0) $idxPrev = 0;
+
+               if ($idxEnd > sizeof($arr))
+                       $idxEnd = sizeof($arr);
+
+               for($i=$idxStart;$i<$idxEnd;$i++) {
+                       $obj = $arr[$i];
+                       $filename = $DIR_MEDIA . $currentCollection . '/' . $obj->filename;
+
+                       $old_level = error_reporting(0);
+                       $size = @GetImageSize($filename);
+                       error_reporting($old_level);
+                       $width = $size[0];
+                       $height = $size[1];
+                       $filetype = $size[2];
+
+                       echo "<tr>";
+                       echo "<td>". date("Y-m-d",$obj->timestamp) ."</td>";
+
+                       // strings for javascript
+                       $jsCurrentCollection = str_replace("'","\\'",$currentCollection);
+                       $jsFileName = str_replace("'","\\'",$obj->filename);
+
+                       if ($filetype != 0) {
+                               // image (gif/jpg/png/swf)
+                               echo "<td><a href=\"media.php\" onclick=\"chooseImage('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "',"
+                                                          . "'", htmlspecialchars($width), "','" , htmlspecialchars($height), "'"
+                                                          . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"
+                                                          . htmlspecialchars(shorten($obj->filename,25,'...'))
+                                                          ."</a>";
+                               echo ' (<a href="', htmlspecialchars($CONF['MediaURL'] . $currentCollection . '/' . $obj->filename), '" onclick="window.open(this.href); return false;" title="',htmlspecialchars(_MEDIA_VIEW_TT),'">',_MEDIA_VIEW,'</a>)';
+                               echo "</td>";
+                       } else {
+                               // no image (e.g. mpg)
+                               echo "<td><a href='media.php' onclick=\"chooseOther('" , htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'"
+                                                          . ")\" title=\"" . htmlspecialchars($obj->filename). "\">"
+                                                          . htmlspecialchars(shorten($obj->filename,30,'...'))
+                                                          ."</a></td>";
+
+                       }
+                       echo '<td>' , htmlspecialchars($width) , 'x' , htmlspecialchars($height) , '</td>';
+                       echo '</tr>';
+               }
+       } // if (sizeof($arr)>0)
+       ?>
+
+               </table>
+       <?php
+       if ($idxStart > 0)
+               echo "<a href='media.php?offset=$idxPrev&amp;collection=".urlencode($currentCollection)."'>". _LISTS_PREV."</a> ";
+       if ($idxEnd < sizeof($arr))
+               echo "<a href='media.php?offset=$idxNext&amp;collection=".urlencode($currentCollection)."'>". _LISTS_NEXT."</a> ";
+
+       ?>
+               <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" /><label for="typeradio0"><?php echo _MEDIA_INLINE?></label>
+               <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" /><label for="typeradio1"><?php echo _MEDIA_POPUP?></label>
+       <?php
+       media_foot();
+
+
+}
+
+/**
+  * Shows a screen where you can select the file to upload
+  */
+function media_choose() {
+       global $CONF, $member, $manager;
+
+       $currentCollection = requestVar('collection');
+
+       $collections = MEDIA::getCollectionList();
+
+       media_head();
+       ?>
+       <h1><?php echo _UPLOAD_TITLE?></h1>
+
+       <p><?php echo _UPLOAD_MSG?></p>
+
+       <form method="post" enctype="multipart/form-data" action="media.php">
+       <div>
+         <input type="hidden" name="action" value="uploadfile" />
+         <?php $manager->addTicketHidden() ?>
+         <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $CONF['MaxUploadSize']?>" />
+         File:
+         <br />
+         <input name="uploadfile" type="file" size="40" />
+       <?php           if (sizeof($collections) > 1) {
+       ?>
+               <br /><br /><label for="upload_collection">Collection:</label>
+               <br /><select name="collection" id="upload_collection">
+                       <?php                           foreach ($collections as $dirname => $description) {
+                                       echo '<option value="',htmlspecialchars($dirname),'"';
+                                       if ($dirname == $currentCollection) {
+                                               echo ' selected="selected"';
+                                       }
+                                       echo '>',htmlspecialchars($description),'</option>';
+                               }
+                       ?>
+               </select>
+       <?php           } else {
+       ?>
+               <input name="collection" type="hidden" value="<?php echo htmlspecialchars(requestVar('collection'))?>" />
+       <?php           } // if sizeof
+       ?>
+       <br /><br />
+       <?php
+       $manager->notify(
+               'MediaUploadFormExtras',
+               array()
+       );
+       ?>
+       <br /><br />
+       <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />
+       </div>
+       </form>
+
+       <?php
+       media_foot();
+}
+
+
+/**
+  * accepts a file for upload
+  */
+function media_upload() {
+       global $DIR_MEDIA, $member, $CONF;
+       
+       $uploadInfo = postFileInfo('uploadfile');
+       
+       $filename = $uploadInfo['name'];
+       $filetype = $uploadInfo['type'];
+       $filesize = $uploadInfo['size'];
+       $filetempname = $uploadInfo['tmp_name'];
+       $fileerror = intval($uploadInfo['error']);
+       
+       // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
+       $filename = cleanFileName($filename);
+       if ($filename === false) 
+               media_doError(_ERROR_BADFILETYPE);
+       
+       switch ($fileerror)
+       {
+               case 0: // = UPLOAD_ERR_OK
+                       break;
+               case 1: // = UPLOAD_ERR_INI_SIZE
+               case 2: // = UPLOAD_ERR_FORM_SIZE
+                       media_doError(_ERROR_FILE_TOO_BIG);
+               case 3: // = UPLOAD_ERR_PARTIAL
+               case 4: // = UPLOAD_ERR_NO_FILE
+               case 6: // = UPLOAD_ERR_NO_TMP_DIR
+               case 7: // = UPLOAD_ERR_CANT_WRITE
+               default:
+                       // include error code for debugging
+                       // (see http://www.php.net/manual/en/features.file-upload.errors.php)
+                       media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
+       }
+       
+       if ($filesize > $CONF['MaxUploadSize'])
+               media_doError(_ERROR_FILE_TOO_BIG);
+       
+       // check file type against allowed types
+       $ok = 0;
+       $allowedtypes = explode (',', $CONF['AllowedTypes']);
+       foreach ( $allowedtypes as $type )
+       {
+               //if (eregi("\." .$type. "$",$filename)) $ok = 1;
+               if (preg_match("#\." .$type. "$#i",$filename)) $ok = 1;
+       }
+       if (!$ok) media_doError(_ERROR_BADFILETYPE);
+       
+       if (!is_uploaded_file($filetempname))
+               media_doError(_ERROR_BADREQUEST);
+       
+       // prefix filename with current date (YYYY-MM-DD-)
+       // this to avoid nameclashes
+       if ($CONF['MediaPrefix'])
+               $filename = strftime("%Y%m%d-", time()) . $filename;
+
+       $collection = requestVar('collection');
+       $res = MEDIA::addMediaObject($collection, $filetempname, $filename);
+
+       if ($res != '')
+               media_doError($res);
+
+       // shows updated list afterwards
+       media_select();
+}
+
+function media_loginAndPassThrough() {
+       media_head();
+       ?>
+               <h1><?php echo _LOGIN_PLEASE?></h1>
+
+               <form method="post" action="media.php">
+               <div>
+                       <input name="action" value="login" type="hidden" />
+                       <input name="collection" value="<?php echo htmlspecialchars(requestVar('collection'))?>" type="hidden" />
+                       <?php echo _LOGINFORM_NAME?>: <input name="login" />
+                       <br /><?php echo _LOGINFORM_PWD?>: <input name="password" type="password" />
+                       <br /><input type="submit" value="<?php echo _LOGIN?>" />
+               </div>
+               </form>
+               <p><a href="media.php" onclick="window.close();"><?php echo _POPUP_CLOSE?></a></p>
+       <?php   media_foot();
+       exit;
+}
+
+function media_doError($msg) {
+       media_head();
+       ?>
+       <h1><?php echo _ERROR?></h1>
+       <p><?php echo $msg?></p>
+       <p><a href="media.php" onclick="history.back()"><?php echo _BACK?></a></p>
+       <?php   media_foot();
+       exit;
+}
+
+
+function media_head() {
+?>
+       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+       <html <?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>>
+       <head>
+               <meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET ?>" />
+               <title>Nucleus Media</title>
+               <link rel="stylesheet" type="text/css" href="styles/popups.css" />
+               <script type="text/javascript">
+                       var type = 0;
+                       function setType(val) { type = val; }
+
+                       function chooseImage(collection, filename, width, height) {
+                               window.opener.focus();
+                               window.opener.includeImage(collection,
+                                                                                  filename,
+                                                                                  type == 0 ? 'inline' : 'popup',
+                                                                                  width,
+                                                                                  height
+                                                                                  );
+                               window.close();
+                       }
+
+                       function chooseOther(collection, filename) {
+                               window.opener.focus();
+                               window.opener.includeOtherMedia(collection, filename);
+                               window.close();
+
+                       }
+               </script>
+       </head>
+       <body>
+<?php }
+
+function media_foot() {
+?>
+       </body>
+       </html>
+<?php }
+
+?>