nucleus/media.php

   1 <?php
   2 /*
   3  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
   4  * Copyright (C) 2002-2009 The Nucleus Group
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public License
   8  * as published by the Free Software Foundation; either version 2
   9  * of the License, or (at your option) any later version.
  10  * (see nucleus/documentation/index.html#license for more info)
  11  */
  12 /**
  13  * Media popup window for Nucleus
  14  *
  15  * Purpose:
  16  *   - can be openen from an add-item form or bookmarklet popup
  17  *   - shows a list of recent files, allowing browsing, search and
  18  *     upload of new files
  19  *   - close the popup by selecting a file in the list. The file gets
  20  *     passed through to the add-item form (linkto, popupimg or inline img)
  21  *
  22  * @license http://nucleuscms.org/license.txt GNU General Public License
  23  * @copyright Copyright (C) 2002-2009 The Nucleus Group
  24  * @version $Id: media.php 1870 2012-05-22 14:57:15Z sakamocchi $
  25  *
  26  */
  27
  28 $CONF = array();
  29
  30 // defines how much media items will be shown per page. You can override this
  31 // in config.php if you like. (changing it in config.php instead of here will
  32 // allow your settings to be kept even after a Nucleus upgrade)
  33 $CONF['MediaPerPage'] = 10;
  34
  35 // include all classes and config data
  36 $DIR_LIBS = '';
  37 require_once('../config.php');
  38 //include($DIR_LIBS . 'MEDIA.php');     // media classes
  39 include_libs('MEDIA.php',false,false);
  40
  41 sendContentType('application/xhtml+xml', 'media');
  42
  43 // user needs to be logged in to use this
  44 if (!$member->isLoggedIn()) {
  45         media_loginAndPassThrough();
  46         exit;
  47 }
  48
  49 // check if member is on at least one teamlist
  50 $query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID();
  51 $teams = DB::getResult($query);
  52 if ($teams->rowCount() == 0 && !$member->isAdmin())
  53         media_doError(_ERROR_DISALLOWEDUPLOAD);
  54
  55 // get action
  56 $action = requestVar('action');
  57 if ($action == '')
  58         $action = 'selectmedia';
  59
  60 // check ticket
  61 $aActionsNotToCheck = array('selectmedia', _MEDIA_FILTER_APPLY, _MEDIA_COLLECTION_SELECT);
  62 if (!in_array($action, $aActionsNotToCheck))
  63 {
  64         if (!$manager->checkTicket())
  65                 media_doError(_ERROR_BADTICKET);
  66 }
  67
  68
  69 switch($action) {
  70         case 'chooseupload':
  71         case _MEDIA_UPLOAD_TO:
  72         case _MEDIA_UPLOAD_NEW:
  73                 if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {
  74                         media_doError(_ERROR_DISALLOWED);
  75                 } else {
  76                         media_choose();
  77                 }
  78                 break;
  79         case 'uploadfile':
  80                 if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {
  81                         media_doError(_ERROR_DISALLOWED);
  82                 } else {
  83                         media_upload();
  84                 }
  85                 break;
  86         case _MEDIA_FILTER_APPLY:
  87         case 'selectmedia':
  88         case _MEDIA_COLLECTION_SELECT:
  89         default:
  90                 media_select();
  91                 break;
  92 }
  93
  94 // select a file
  95 function media_select() {
  96         global $member, $CONF, $DIR_MEDIA, $manager;
  97
  98         // show 10 files + navigation buttons
  99         // show msg when no files
 100         // show upload form
 101         // files sorted according to last modification date
 102
 103         // currently selected collection
 104         $currentCollection = requestVar('collection');
 105         if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection))
 106                 $currentCollection = $member->getID();
 107
 108         // avoid directory travarsal and accessing invalid directory
 109         if (!Media::isValidCollection($currentCollection)) media_doError(_ERROR_DISALLOWED);
 110
 111         media_head();
 112
 113         // get collection list
 114         $collections = Media::getCollectionList();
 115
 116         if (sizeof($collections) > 1) {
 117         ?>
 118                 <form method="post" action="media.php"><div>
 119                         <label for="media_collection"><?php echo Entity::hsc(_MEDIA_COLLECTION_LABEL)?></label>
 120                         <select name="collection" id="media_collection">
 121                                 <?php                                   foreach ($collections as $dirname => $description) {
 122                                                 echo '<option value="',Entity::hsc($dirname),'"';
 123                                                 if ($dirname == $currentCollection) {
 124                                                         echo ' selected="selected"';
 125                                                 }
 126                                                 echo '>',Entity::hsc($description),'</option>';
 127                                         }
 128                                 ?>
 129                         </select>
 130                         <input type="submit" name="action" value="<?php echo Entity::hsc(_MEDIA_COLLECTION_SELECT) ?>" title="<?php echo Entity::hsc(_MEDIA_COLLECTION_TT)?>" />
 131                         <input type="submit" name="action" value="<?php echo Entity::hsc(_MEDIA_UPLOAD_TO) ?>" title="<?php echo Entity::hsc(_MEDIA_UPLOADLINK) ?>" />
 132                         <?php $manager->addTicketHidden() ?>
 133                 </div></form>
 134         <?php   } else {
 135         ?>
 136                 <form method="post" action="media.php" style="float:right"><div>
 137                         <input type="hidden" name="collection" value="<?php echo Entity::hsc($currentCollection)?>" />
 138                         <input type="submit" name="action" value="<?php echo Entity::hsc(_MEDIA_UPLOAD_NEW) ?>" title="<?php echo Entity::hsc(_MEDIA_UPLOADLINK) ?>" />
 139                         <?php $manager->addTicketHidden() ?>
 140                 </div></form>
 141         <?php   } // if sizeof
 142
 143         $filter = requestVar('filter');
 144         $offset = intRequestVar('offset');
 145         $arr = Media::getMediaListByCollection($currentCollection, $filter);
 146
 147         ?>
 148                 <form method="post" action="media.php"><div>
 149                         <label for="media_filter"><?php echo Entity::hsc(_MEDIA_FILTER_LABEL)?></label>
 150                         <input id="media_filter" type="text" name="filter" value="<?php echo Entity::hsc($filter)?>" />
 151                         <input type="submit" name="action" value="<?php echo Entity::hsc(_MEDIA_FILTER_APPLY) ?>" />
 152                         <input type="hidden" name="collection" value="<?php echo Entity::hsc($currentCollection)?>" />
 153                         <input type="hidden" name="offset" value="<?php echo intval($offset)?>" />
 154                 </div></form>
 155
 156         <?php
 157
 158         ?>
 159                 <table width="100%">
 160                 <caption><?php echo _MEDIA_COLLECTION_LABEL . Entity::hsc($collections[$currentCollection])?></caption>
 161                 <tr>
 162                  <th><?php echo _MEDIA_MODIFIED?></th><th><?php echo _MEDIA_FILENAME?></th><th><?php echo _MEDIA_DIMENSIONS?></th>
 163                 </tr>
 164
 165         <?php
 166         if ( sizeof($arr) > 0 )
 167         {
 168                 if ( ($offset + $CONF['MediaPerPage']) >= sizeof($arr) )
 169                 {
 170                         $offset = sizeof($arr) - $CONF['MediaPerPage'];
 171                 }
 172
 173                 if ( $offset < 0 )
 174                 {
 175                         $offset = 0;
 176                 }
 177
 178                 $idxStart = $offset;
 179                 $idxEnd = $offset + $CONF['MediaPerPage'];
 180                 $idxNext = $idxEnd;
 181                 $idxPrev = $idxStart - $CONF['MediaPerPage'];
 182
 183                 if ( $idxPrev < 0 )
 184                 {
 185                         $idxPrev = 0;
 186                 }
 187
 188                 if ( $idxEnd > sizeof($arr) )
 189                 {
 190                         $idxEnd = sizeof($arr);
 191                 }
 192
 193                 for ( $i = $idxStart; $i < $idxEnd; $i++ )
 194                 {
 195                         $medium = $arr[$i];
 196                         $medium->refine();
 197
 198                         echo "<tr>\n";
 199                         echo "<td>" . date("Y-m-d", $medium->timestamp) . "</td>\n";
 200
 201                         // strings for javascript
 202                         $jsCurrentCollection = str_replace("'", "\\'", $currentCollection);
 203                         $jsFileName = str_replace("'", "\\'", $medium->filename);
 204
 205                         if ( array_key_exists($medium->mime, Media::$image_mime) )
 206                         {
 207                                 echo "<td><a href=\"media.php\" onclick=\"chooseImage('" . Entity::hsc($jsCurrentCollection) . "','" . Entity::hsc($jsFileName) . "',"
 208                                                            . "'" . Entity::hsc($medium->width) . "','" . Entity::hsc($medium->height) . "'"
 209                                                            . ")\" title=\"" . Entity::hsc($medium->filename) . "\">"
 210                                                            . Entity::hsc(Entity::shorten($medium->filename, 25, '...'))
 211                                                            ."</a>";
 212                                 echo ' (<a href="', Entity::hsc("{$CONF['MediaURL']}/$currentCollection/$medium->filename"), '" onclick="window.open(this.href); return false;" title="'. Entity::hsc(_MEDIA_VIEW_TT) . '">' . _MEDIA_VIEW . '</a>)';
 213                                 echo "</td>\n";
 214                                 echo '<td>' . Entity::hsc($medium->width) . 'x' . Entity::hsc($medium->height) . "</td>\n";
 215                         }
 216                         else
 217                         {
 218                                 // no image (e.g. mpg)
 219                                 echo "<td><a href='media.php' onclick=\"chooseOther('" , Entity::hsc($jsCurrentCollection), "','", Entity::hsc($jsFileName), "'"
 220                                                . ")\" title=\"" . Entity::hsc($medium->filename). "\">"
 221                                                . Entity::hsc(Entity::shorten($medium->filename, 30, '...'))
 222                                                ."</a></td>\n";
 223                                 echo '<td>' . Entity::hsc($medium->size) . "KB</td>\n";
 224                         }
 225                         echo "</tr>\n";
 226                         continue;
 227                 }
 228         }
 229         ?>
 230
 231                 </table>
 232         <?php
 233         if ($idxStart > 0)
 234                 echo "<a href='media.php?offset=$idxPrev&amp;collection=".urlencode($currentCollection)."'>". _LISTS_PREV."</a> ";
 235         if ($idxEnd < sizeof($arr))
 236                 echo "<a href='media.php?offset=$idxNext&amp;collection=".urlencode($currentCollection)."'>". _LISTS_NEXT."</a> ";
 237
 238         ?>
 239                 <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" /><label for="typeradio0"><?php echo _MEDIA_INLINE?></label>
 240                 <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" /><label for="typeradio1"><?php echo _MEDIA_POPUP?></label>
 241         <?php
 242         media_foot();
 243
 244
 245 }
 246
 247 /**
 248   * Shows a screen where you can select the file to upload
 249   */
 250 function media_choose() {
 251         global $CONF, $member, $manager;
 252
 253         $currentCollection = requestVar('collection');
 254
 255         $collections = Media::getCollectionList();
 256
 257         media_head();
 258         ?>
 259         <h1><?php echo _UPLOAD_TITLE?></h1>
 260
 261         <p><?php echo _UPLOAD_MSG?></p>
 262
 263         <form method="post" enctype="multipart/form-data" action="media.php">
 264         <div>
 265           <input type="hidden" name="action" value="uploadfile" />
 266           <?php $manager->addTicketHidden() ?>
 267           <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $CONF['MaxUploadSize']?>" />
 268           File:
 269           <br />
 270           <input name="uploadfile" type="file" size="40" />
 271         <?php           if (sizeof($collections) > 1) {
 272         ?>
 273                 <br /><br /><label for="upload_collection">Collection:</label>
 274                 <br /><select name="collection" id="upload_collection">
 275                         <?php                           foreach ($collections as $dirname => $description) {
 276                                         echo '<option value="',Entity::hsc($dirname),'"';
 277                                         if ($dirname == $currentCollection) {
 278                                                 echo ' selected="selected"';
 279                                         }
 280                                         echo '>',Entity::hsc($description),'</option>';
 281                                 }
 282                         ?>
 283                 </select>
 284         <?php           } else {
 285         ?>
 286                 <input name="collection" type="hidden" value="<?php echo Entity::hsc(requestVar('collection'))?>" />
 287         <?php           } // if sizeof
 288         ?>
 289         <br /><br />
 290         <?php
 291         $manager->notify(
 292                 'MediaUploadFormExtras',
 293                 array()
 294             );
 295         ?>
 296           <br /><br />
 297           <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />
 298         </div>
 299         </form>
 300
 301         <?php
 302         media_foot();
 303 }
 304
 305
 306 /**
 307   * accepts a file for upload
 308   */
 309 function media_upload() {
 310         global $DIR_MEDIA, $member, $CONF;
 311
 312         $uploadInfo = postFileInfo('uploadfile');
 313
 314         $filename = $uploadInfo['name'];
 315         $filetype = $uploadInfo['type'];
 316         $filesize = $uploadInfo['size'];
 317         $filetempname = $uploadInfo['tmp_name'];
 318         $fileerror = intval($uploadInfo['error']);
 319
 320         // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
 321         $filename = cleanFileName($filename);
 322         if ($filename === false)
 323                 media_doError(_ERROR_BADFILETYPE);
 324
 325         switch ($fileerror)
 326         {
 327                 case 0: // = UPLOAD_ERR_OK
 328                         break;
 329                 case 1: // = UPLOAD_ERR_INI_SIZE
 330                 case 2: // = UPLOAD_ERR_FORM_SIZE
 331                         media_doError(_ERROR_FILE_TOO_BIG);
 332                 case 3: // = UPLOAD_ERR_PARTIAL
 333                 case 4: // = UPLOAD_ERR_NO_FILE
 334                 case 6: // = UPLOAD_ERR_NO_TMP_DIR
 335                 case 7: // = UPLOAD_ERR_CANT_WRITE
 336                 default:
 337                         // include error code for debugging
 338                         // (see http://www.php.net/manual/en/features.file-upload.errors.php)
 339                         media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
 340         }
 341
 342         if ($filesize > $CONF['MaxUploadSize'])
 343                 media_doError(_ERROR_FILE_TOO_BIG);
 344
 345         // check file type against allowed types
 346         $ok = 0;
 347         $allowedtypes = preg_split('#,#', $CONF['AllowedTypes']);
 348         foreach ( $allowedtypes as $type )
 349         {
 350                 //if (eregi("\." .$type. "$",$filename)) $ok = 1;
 351                 if (preg_match("#\." .$type. "$#i",$filename)) $ok = 1;
 352         }
 353         if (!$ok) media_doError(_ERROR_BADFILETYPE);
 354
 355         if (!is_uploaded_file($filetempname))
 356                 media_doError(_ERROR_BADREQUEST);
 357
 358         // prefix filename with current date (YYYY-MM-DD-)
 359         // this to avoid nameclashes
 360         if ( $CONF['MediaPrefix'] )
 361         {
 362                 $filename = i18n::formatted_datetime("%Y%m%d-", time()) . $filename;
 363         }
 364
 365         $collection = requestVar('collection');
 366         $res = Media::addMediaObject($collection, $filetempname, $filename);
 367
 368         if ($res != '')
 369                 media_doError($res);
 370
 371         // shows updated list afterwards
 372         media_select();
 373 }
 374
 375 function media_loginAndPassThrough() {
 376         media_head();
 377         ?>
 378                 <h1><?php echo _LOGIN_PLEASE?></h1>
 379
 380                 <form method="post" action="media.php">
 381                 <div>
 382                         <input name="action" value="login" type="hidden" />
 383                         <input name="collection" value="<?php echo Entity::hsc(requestVar('collection'))?>" type="hidden" />
 384                         <?php echo _LOGINFORM_NAME?>: <input name="login" />
 385                         <br /><?php echo _LOGINFORM_PWD?>: <input name="password" type="password" />
 386                         <br /><input type="submit" value="<?php echo _LOGIN?>" />
 387                 </div>
 388                 </form>
 389                 <p><a href="media.php" onclick="window.close();"><?php echo _POPUP_CLOSE?></a></p>
 390         <?php   media_foot();
 391         exit;
 392 }
 393
 394 function media_doError($msg) {
 395         media_head();
 396         ?>
 397         <h1><?php echo _ERROR?></h1>
 398         <p><?php echo $msg?></p>
 399         <p><a href="media.php" onclick="history.back()"><?php echo _BACK?></a></p>
 400         <?php   media_foot();
 401         exit;
 402 }
 403
 404
 405 function media_head() {
 406 ?>
 407         <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 408         <html xmlns="http://www.w3.org/1999/xhtml">
 409         <head>
 410                 <title>Nucleus Media</title>
 411                 <link rel="stylesheet" type="text/css" href="styles/popups.css" />
 412                 <script type="text/javascript">
 413                         var type = 0;
 414                         function setType(val) { type = val; }
 415
 416                         function chooseImage(collection, filename, width, height) {
 417                                 window.opener.focus();
 418                                 window.opener.includeImage(collection,
 419                                                                                    filename,
 420                                                                                    type == 0 ? 'inline' : 'popup',
 421                                                                                    width,
 422                                                                                    height
 423                                                                                    );
 424                                 window.close();
 425                         }
 426
 427                         function chooseOther(collection, filename) {
 428                                 window.opener.focus();
 429                                 window.opener.includeOtherMedia(collection, filename);
 430                                 window.close();
 431
 432                         }
 433                 </script>
 434         </head>
 435         <body>
 436 <?php }
 437
 438 function media_foot() {
 439 ?>
 440         </body>
 441         </html>
 442 <?php }
 443
 444 ?>