3 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
4 * Copyright (C) 2002-2009 The Nucleus Group
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 * (see nucleus/documentation/index.html#license for more info)
13 * Media popup window for Nucleus
16 * - can be openen from an add-item form or bookmarklet popup
17 * - shows a list of recent files, allowing browsing, search and
19 * - close the popup by selecting a file in the list. The file gets
20 * passed through to the add-item form (linkto, popupimg or inline img)
22 * @license http://nucleuscms.org/license.txt GNU General Public License
23 * @copyright Copyright (C) 2002-2009 The Nucleus Group
24 * @version $Id: media.php 1870 2012-05-22 14:57:15Z sakamocchi $
30 // defines how much media items will be shown per page. You can override this
31 // in config.php if you like. (changing it in config.php instead of here will
32 // allow your settings to be kept even after a Nucleus upgrade)
33 $CONF['MediaPerPage'] = 10;
35 // include all classes and config data
37 require_once('../config.php');
38 //include($DIR_LIBS . 'MEDIA.php'); // media classes
39 include_libs('MEDIA.php',false,false);
41 sendContentType('application/xhtml+xml', 'media');
43 // user needs to be logged in to use this
44 if (!$member->isLoggedIn()) {
45 media_loginAndPassThrough();
49 // check if member is on at least one teamlist
50 $query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID();
51 $teams = DB::getResult($query);
52 if ($teams->rowCount() == 0 && !$member->isAdmin())
53 media_doError(_ERROR_DISALLOWEDUPLOAD);
56 $action = requestVar('action');
58 $action = 'selectmedia';
61 $aActionsNotToCheck = array('selectmedia', _MEDIA_FILTER_APPLY, _MEDIA_COLLECTION_SELECT);
62 if (!in_array($action, $aActionsNotToCheck))
64 if (!$manager->checkTicket())
65 media_doError(_ERROR_BADTICKET);
71 case _MEDIA_UPLOAD_TO:
72 case _MEDIA_UPLOAD_NEW:
73 if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {
74 media_doError(_ERROR_DISALLOWED);
80 if (!$member->isAdmin() and $CONF['AllowUpload'] != true) {
81 media_doError(_ERROR_DISALLOWED);
86 case _MEDIA_FILTER_APPLY:
88 case _MEDIA_COLLECTION_SELECT:
95 function media_select() {
96 global $member, $CONF, $DIR_MEDIA, $manager;
98 // show 10 files + navigation buttons
99 // show msg when no files
101 // files sorted according to last modification date
103 // currently selected collection
104 $currentCollection = requestVar('collection');
105 if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection))
106 $currentCollection = $member->getID();
108 // avoid directory travarsal and accessing invalid directory
109 if (!Media::isValidCollection($currentCollection)) media_doError(_ERROR_DISALLOWED);
113 // get collection list
114 $collections = Media::getCollectionList();
116 if (sizeof($collections) > 1) {
118 <form method="post" action="media.php"><div>
119 <label for="media_collection"><?php echo Entity::hsc(_MEDIA_COLLECTION_LABEL)?></label>
120 <select name="collection" id="media_collection">
121 <?php foreach ($collections as $dirname => $description) {
122 echo '<option value="',Entity::hsc($dirname),'"';
123 if ($dirname == $currentCollection) {
124 echo ' selected="selected"';
126 echo '>',Entity::hsc($description),'</option>';
130 <input type="submit" name="action" value="<?php echo Entity::hsc(_MEDIA_COLLECTION_SELECT) ?>" title="<?php echo Entity::hsc(_MEDIA_COLLECTION_TT)?>" />
131 <input type="submit" name="action" value="<?php echo Entity::hsc(_MEDIA_UPLOAD_TO) ?>" title="<?php echo Entity::hsc(_MEDIA_UPLOADLINK) ?>" />
132 <?php $manager->addTicketHidden() ?>
136 <form method="post" action="media.php" style="float:right"><div>
137 <input type="hidden" name="collection" value="<?php echo Entity::hsc($currentCollection)?>" />
138 <input type="submit" name="action" value="<?php echo Entity::hsc(_MEDIA_UPLOAD_NEW) ?>" title="<?php echo Entity::hsc(_MEDIA_UPLOADLINK) ?>" />
139 <?php $manager->addTicketHidden() ?>
143 $filter = requestVar('filter');
144 $offset = intRequestVar('offset');
145 $arr = Media::getMediaListByCollection($currentCollection, $filter);
148 <form method="post" action="media.php"><div>
149 <label for="media_filter"><?php echo Entity::hsc(_MEDIA_FILTER_LABEL)?></label>
150 <input id="media_filter" type="text" name="filter" value="<?php echo Entity::hsc($filter)?>" />
151 <input type="submit" name="action" value="<?php echo Entity::hsc(_MEDIA_FILTER_APPLY) ?>" />
152 <input type="hidden" name="collection" value="<?php echo Entity::hsc($currentCollection)?>" />
153 <input type="hidden" name="offset" value="<?php echo intval($offset)?>" />
160 <caption><?php echo _MEDIA_COLLECTION_LABEL . Entity::hsc($collections[$currentCollection])?></caption>
162 <th><?php echo _MEDIA_MODIFIED?></th><th><?php echo _MEDIA_FILENAME?></th><th><?php echo _MEDIA_DIMENSIONS?></th>
166 if ( sizeof($arr) > 0 )
168 if ( ($offset + $CONF['MediaPerPage']) >= sizeof($arr) )
170 $offset = sizeof($arr) - $CONF['MediaPerPage'];
179 $idxEnd = $offset + $CONF['MediaPerPage'];
181 $idxPrev = $idxStart - $CONF['MediaPerPage'];
188 if ( $idxEnd > sizeof($arr) )
190 $idxEnd = sizeof($arr);
193 for ( $i = $idxStart; $i < $idxEnd; $i++ )
199 echo "<td>" . date("Y-m-d", $medium->timestamp) . "</td>\n";
201 // strings for javascript
202 $jsCurrentCollection = str_replace("'", "\\'", $currentCollection);
203 $jsFileName = str_replace("'", "\\'", $medium->filename);
205 if ( array_key_exists($medium->mime, Media::$image_mime) )
207 echo "<td><a href=\"media.php\" onclick=\"chooseImage('" . Entity::hsc($jsCurrentCollection) . "','" . Entity::hsc($jsFileName) . "',"
208 . "'" . Entity::hsc($medium->width) . "','" . Entity::hsc($medium->height) . "'"
209 . ")\" title=\"" . Entity::hsc($medium->filename) . "\">"
210 . Entity::hsc(Entity::shorten($medium->filename, 25, '...'))
212 echo ' (<a href="', Entity::hsc("{$CONF['MediaURL']}/$currentCollection/$medium->filename"), '" onclick="window.open(this.href); return false;" title="'. Entity::hsc(_MEDIA_VIEW_TT) . '">' . _MEDIA_VIEW . '</a>)';
214 echo '<td>' . Entity::hsc($medium->width) . 'x' . Entity::hsc($medium->height) . "</td>\n";
218 // no image (e.g. mpg)
219 echo "<td><a href='media.php' onclick=\"chooseOther('" , Entity::hsc($jsCurrentCollection), "','", Entity::hsc($jsFileName), "'"
220 . ")\" title=\"" . Entity::hsc($medium->filename). "\">"
221 . Entity::hsc(Entity::shorten($medium->filename, 30, '...'))
223 echo '<td>' . Entity::hsc($medium->size) . "KB</td>\n";
234 echo "<a href='media.php?offset=$idxPrev&collection=".urlencode($currentCollection)."'>". _LISTS_PREV."</a> ";
235 if ($idxEnd < sizeof($arr))
236 echo "<a href='media.php?offset=$idxNext&collection=".urlencode($currentCollection)."'>". _LISTS_NEXT."</a> ";
239 <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" /><label for="typeradio0"><?php echo _MEDIA_INLINE?></label>
240 <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" /><label for="typeradio1"><?php echo _MEDIA_POPUP?></label>
248 * Shows a screen where you can select the file to upload
250 function media_choose() {
251 global $CONF, $member, $manager;
253 $currentCollection = requestVar('collection');
255 $collections = Media::getCollectionList();
259 <h1><?php echo _UPLOAD_TITLE?></h1>
261 <p><?php echo _UPLOAD_MSG?></p>
263 <form method="post" enctype="multipart/form-data" action="media.php">
265 <input type="hidden" name="action" value="uploadfile" />
266 <?php $manager->addTicketHidden() ?>
267 <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $CONF['MaxUploadSize']?>" />
270 <input name="uploadfile" type="file" size="40" />
271 <?php if (sizeof($collections) > 1) {
273 <br /><br /><label for="upload_collection">Collection:</label>
274 <br /><select name="collection" id="upload_collection">
275 <?php foreach ($collections as $dirname => $description) {
276 echo '<option value="',Entity::hsc($dirname),'"';
277 if ($dirname == $currentCollection) {
278 echo ' selected="selected"';
280 echo '>',Entity::hsc($description),'</option>';
286 <input name="collection" type="hidden" value="<?php echo Entity::hsc(requestVar('collection'))?>" />
292 'MediaUploadFormExtras',
297 <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />
307 * accepts a file for upload
309 function media_upload() {
310 global $DIR_MEDIA, $member, $CONF;
312 $uploadInfo = postFileInfo('uploadfile');
314 $filename = $uploadInfo['name'];
315 $filetype = $uploadInfo['type'];
316 $filesize = $uploadInfo['size'];
317 $filetempname = $uploadInfo['tmp_name'];
318 $fileerror = intval($uploadInfo['error']);
320 // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
321 $filename = cleanFileName($filename);
322 if ($filename === false)
323 media_doError(_ERROR_BADFILETYPE);
327 case 0: // = UPLOAD_ERR_OK
329 case 1: // = UPLOAD_ERR_INI_SIZE
330 case 2: // = UPLOAD_ERR_FORM_SIZE
331 media_doError(_ERROR_FILE_TOO_BIG);
332 case 3: // = UPLOAD_ERR_PARTIAL
333 case 4: // = UPLOAD_ERR_NO_FILE
334 case 6: // = UPLOAD_ERR_NO_TMP_DIR
335 case 7: // = UPLOAD_ERR_CANT_WRITE
337 // include error code for debugging
338 // (see http://www.php.net/manual/en/features.file-upload.errors.php)
339 media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
342 if ($filesize > $CONF['MaxUploadSize'])
343 media_doError(_ERROR_FILE_TOO_BIG);
345 // check file type against allowed types
347 $allowedtypes = preg_split('#,#', $CONF['AllowedTypes']);
348 foreach ( $allowedtypes as $type )
350 //if (eregi("\." .$type. "$",$filename)) $ok = 1;
351 if (preg_match("#\." .$type. "$#i",$filename)) $ok = 1;
353 if (!$ok) media_doError(_ERROR_BADFILETYPE);
355 if (!is_uploaded_file($filetempname))
356 media_doError(_ERROR_BADREQUEST);
358 // prefix filename with current date (YYYY-MM-DD-)
359 // this to avoid nameclashes
360 if ( $CONF['MediaPrefix'] )
362 $filename = i18n::formatted_datetime("%Y%m%d-", time()) . $filename;
365 $collection = requestVar('collection');
366 $res = Media::addMediaObject($collection, $filetempname, $filename);
371 // shows updated list afterwards
375 function media_loginAndPassThrough() {
378 <h1><?php echo _LOGIN_PLEASE?></h1>
380 <form method="post" action="media.php">
382 <input name="action" value="login" type="hidden" />
383 <input name="collection" value="<?php echo Entity::hsc(requestVar('collection'))?>" type="hidden" />
384 <?php echo _LOGINFORM_NAME?>: <input name="login" />
385 <br /><?php echo _LOGINFORM_PWD?>: <input name="password" type="password" />
386 <br /><input type="submit" value="<?php echo _LOGIN?>" />
389 <p><a href="media.php" onclick="window.close();"><?php echo _POPUP_CLOSE?></a></p>
394 function media_doError($msg) {
397 <h1><?php echo _ERROR?></h1>
398 <p><?php echo $msg?></p>
399 <p><a href="media.php" onclick="history.back()"><?php echo _BACK?></a></p>
405 function media_head() {
407 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
408 <html xmlns="http://www.w3.org/1999/xhtml">
410 <title>Nucleus Media</title>
411 <link rel="stylesheet" type="text/css" href="styles/popups.css" />
412 <script type="text/javascript">
414 function setType(val) { type = val; }
416 function chooseImage(collection, filename, width, height) {
417 window.opener.focus();
418 window.opener.includeImage(collection,
420 type == 0 ? 'inline' : 'popup',
427 function chooseOther(collection, filename) {
428 window.opener.focus();
429 window.opener.includeOtherMedia(collection, filename);
438 function media_foot() {