| Textpattern | PHP Cross Reference | Content Management Systems |
1 <?php 2 /* 3 _______________________________________ 4 ________| Textpattern |________ 5 \ | Mod File Upload | / 6 \ | Michael Manfre (http://manfre.net) | / 7 / |_______________________________________| \ 8 /___________) (___________\ 9 10 Textpattern Copyright 2004 by Dean Allen. All rights reserved. 11 Use of this software denotes acceptance of the Textpattern license agreement 12 13 "Mod File Upload" Copyright 2004 by Michael Manfre. All rights reserved. 14 Use of this mod denotes acceptance of the Textpattern license agreement 15 16 $HeadURL: https://textpattern.googlecode.com/svn/releases/4.5.4/source/textpattern/include/txp_file.php $ 17 $LastChangedRevision: 4089 $ 18 19 */ 20 21 if (!defined('txpinterface')) die('txpinterface is undefined.'); 22 23 $levels = array( 24 1 => gTxt('private'), 25 0 => gTxt('public') 26 ); 27 28 global $file_statuses; 29 $file_statuses = array( 30 STATUS_HIDDEN => gTxt('hidden'), 31 STATUS_PENDING => gTxt('pending'), 32 STATUS_LIVE => gTxt('live'), 33 ); 34 35 if ($event == 'file') { 36 require_privs('file'); 37 38 global $all_file_cats, $all_file_authors; 39 $all_file_cats = getTree('root', 'file'); 40 $all_file_authors = the_privileged('file.edit.own'); 41 42 $available_steps = array( 43 'file_change_pageby' => true, 44 'file_multi_edit' => true, 45 'file_edit' => false, 46 'file_insert' => true, 47 'file_list' => false, 48 'file_replace' => true, 49 'file_save' => true, 50 'file_create' => true, 51 ); 52 53 if ($step && bouncer($step, $available_steps)) { 54 $step(); 55 } else { 56 file_list(); 57 } 58 } 59 60 // ------------------------------------------------------------- 61 62 function file_list($message = '') 63 { 64 global $file_base_path, $file_statuses, $file_list_pageby, $txp_user, $event; 65 66 pagetop(gTxt('tab_file'), $message); 67 68 extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); 69 if ($sort === '') $sort = get_pref('file_sort_column', 'filename'); 70 if ($dir === '') $dir = get_pref('file_sort_dir', 'asc'); 71 $dir = ($dir == 'desc') ? 'desc' : 'asc'; 72 73 echo '<h1 class="txp-heading">'.gTxt('tab_file').'</h1>'; 74 echo '<div id="'.$event.'_control" class="txp-control-panel">'; 75 76 if (!is_dir($file_base_path) or !is_writeable($file_base_path)) 77 { 78 echo graf( 79 gTxt('file_dir_not_writeable', array('{filedir}' => $file_base_path)) 80 , ' class="alert-block warning"'); 81 } 82 83 elseif (has_privs('file.edit.own')) 84 { 85 $existing_files = get_filenames(); 86 87 if (count($existing_files) > 0) 88 { 89 echo form( 90 eInput('file'). 91 sInput('file_create'). 92 93 graf('<label for="file-existing">'.gTxt('existing_file').'</label>'.sp.selectInput('filename', $existing_files, '', 1, '', 'file-existing').sp. 94 fInput('submit', '', gTxt('Create')), ' class="existing-file"') 95 96 , '', '', 'post', '', '', 'assign_file'); 97 } 98 99 echo file_upload_form(gTxt('upload_file'), 'upload', 'file_insert'); 100 } 101 102 switch ($sort) 103 { 104 case 'id': 105 $sort_sql = 'id '.$dir; 106 break; 107 108 case 'description': 109 $sort_sql = 'description '.$dir.', filename desc'; 110 break; 111 112 case 'category': 113 $sort_sql = 'category '.$dir.', filename desc'; 114 break; 115 116 case 'title': 117 $sort_sql = 'title '.$dir.', filename desc'; 118 break; 119 120 case 'downloads': 121 $sort_sql = 'downloads '.$dir.', filename desc'; 122 break; 123 124 case 'author': 125 $sort_sql = 'author '.$dir.', id asc'; 126 break; 127 128 default: 129 $sort = 'filename'; 130 $sort_sql = 'filename '.$dir; 131 break; 132 } 133 134 set_pref('file_sort_column', $sort, 'file', PREF_HIDDEN, '', 0, PREF_PRIVATE); 135 set_pref('file_sort_dir', $dir, 'file', PREF_HIDDEN, '', 0, PREF_PRIVATE); 136 137 $switch_dir = ($dir == 'desc') ? 'asc' : 'desc'; 138 139 $criteria = 1; 140 141 if ($search_method and $crit != '') 142 { 143 $verbatim = preg_match('/^"(.*)"$/', $crit, $m); 144 $crit_escaped = doSlash($verbatim ? $m[1] : str_replace(array('\\','%','_','\''), array('\\\\','\\%','\\_', '\\\''), $crit)); 145 $critsql = $verbatim ? 146 array( 147 'id' => "ID in ('" .join("','", do_list($crit_escaped)). "')", 148 'filename' => "filename = '$crit_escaped'", 149 'title' => "title = '$crit_escaped'", 150 'description' => "description = '$crit_escaped'", 151 'category' => "category = '$crit_escaped'", 152 'author' => "author = '$crit_escaped'" 153 ) : array( 154 'id' => "ID in ('" .join("','", do_list($crit_escaped)). "')", 155 'filename' => "filename like '%$crit_escaped%'", 156 'title' => "title like '%$crit_escaped%'", 157 'description' => "description like '%$crit_escaped%'", 158 'category' => "category like '%$crit_escaped%'", 159 'author' => "author like '%$crit_escaped%'" 160 ); 161 162 if (array_key_exists($search_method, $critsql)) 163 { 164 $criteria = $critsql[$search_method]; 165 $limit = 500; 166 } 167 168 else 169 { 170 $search_method = ''; 171 $crit = ''; 172 } 173 } 174 175 else 176 { 177 $search_method = ''; 178 $crit = ''; 179 } 180 181 $criteria .= callback_event('admin_criteria', 'file_list', 0, $criteria); 182 183 $total = safe_count('txp_file', "$criteria"); 184 185 if ($total < 1) 186 { 187 if ($criteria != 1) 188 { 189 echo n.file_search_form($crit, $search_method). 190 n.graf(gTxt('no_results_found'), ' class="indicator"').'</div>'; 191 } 192 193 else 194 { 195 echo n.graf(gTxt('no_files_recorded'), ' class="indicator"').'</div>'; 196 } 197 198 return; 199 } 200 201 $limit = max($file_list_pageby, 15); 202 203 list($page, $offset, $numPages) = pager($total, $limit, $page); 204 205 echo file_search_form($crit, $search_method).'</div>'; 206 207 $rs = safe_rows_start('*', 'txp_file', "$criteria order by $sort_sql limit $offset, $limit"); 208 209 if ($rs) 210 { 211 $show_authors = !has_single_author('txp_file'); 212 213 echo n.'<div id="'.$event.'_container" class="txp-container">'; 214 echo '<form name="longform" id="files_form" class="multi_edit_form" method="post" action="index.php">'. 215 216 n.'<div class="txp-listtables">'. 217 n.startTable('', '', 'txp-list'). 218 n.'<thead>'. 219 tr( 220 n.hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' title="'.gTxt('toggle_all_selected').'" class="multi-edit"'). 221 n.column_head('ID', 'id', 'file', true, $switch_dir, $crit, $search_method, (('id' == $sort) ? "$dir " : '').'id'). 222 n.column_head('file_name', 'filename', 'file', true, $switch_dir, $crit, $search_method, (('filename' == $sort) ? "$dir " : '').'name'). 223 n.column_head('title', 'title', 'file', true, $switch_dir, $crit, $search_method, (('title' == $sort) ? "$dir " : '').'title'). 224 n.column_head('description', 'description', 'file', true, $switch_dir, $crit, $search_method, (('description' == $sort) ? "$dir " : '').'files_detail description'). 225 n.column_head('file_category', 'category', 'file', true, $switch_dir, $crit, $search_method, (('category' == $sort) ? "$dir " : '').'category'). 226 // column_head('permissions', 'permissions', 'file', true, $switch_dir, $crit, $search_method). 227 n.hCell(gTxt('tags'), '', ' class="files_detail tag-build"'). 228 n.hCell(gTxt('status'), '', ' class="status"'). 229 n.hCell(gTxt('condition'), '', ' class="condition"'). 230 n.column_head('downloads', 'downloads', 'file', true, $switch_dir, $crit, $search_method, (('downloads' == $sort) ? "$dir " : '').'downloads'). 231 ($show_authors ? n.column_head('author', 'author', 'file', true, $switch_dir, $crit, $search_method, (('author' == $sort) ? "$dir " : '').'author') : '') 232 ). 233 n.'</thead>'; 234 235 echo '<tbody>'; 236 237 $validator = new Validator(); 238 239 while ($a = nextRow($rs)) 240 { 241 extract($a); 242 $filename = sanitizeForFile($filename); 243 244 $edit_url = '?event=file'.a.'step=file_edit'.a.'id='.$id.a.'sort='.$sort. 245 a.'dir='.$dir.a.'page='.$page.a.'search_method='.$search_method.a.'crit='.$crit; 246 247 $file_exists = file_exists(build_file_path($file_base_path, $filename)); 248 249 $download_link = ($file_exists) ? make_download_link($id, $downloads, $filename) : $downloads; 250 251 $validator->setConstraints(array(new CategoryConstraint($category, array('type' => 'file')))); 252 $vc = $validator->validate() ? '' : ' error'; 253 $category = ($category) ? '<span title="'.txpspecialchars(fetch_category_title($category, 'file')).'">'.$category.'</span>' : ''; 254 255 $tag_url = '?event=tag'.a.'tag_name=file_download_link'.a.'id='.$id.a.'description='.urlencode($description). 256 a.'filename='.urlencode($filename); 257 258 $condition = '<span class="'; 259 $condition .= ($file_exists) ? 'success' : 'error'; 260 $condition .= '">'; 261 $condition .= ($file_exists) ? gTxt('file_status_ok') : gTxt('file_status_missing'); 262 $condition .= '</span>'; 263 264 $can_edit = has_privs('file.edit') || ($author == $txp_user && has_privs('file.edit.own')); 265 266 echo tr( 267 n.td($can_edit ? fInput('checkbox', 'selected[]', $id) : ' ' 268 , '', 'multi-edit'). 269 270 n.td( 271 ($can_edit ? href($id, $edit_url, ' title="'.gTxt('edit').'"') : $id). 272 (($file_exists) ? sp.'<span class="files_detail">['.make_download_link($id, gTxt('download'), $filename).']</span>' : '') 273 , '', 'id'). 274 275 td( 276 ($can_edit ? href(txpspecialchars($filename), $edit_url, ' title="'.gTxt('edit').'"') : txpspecialchars($filename)) 277 , '', 'name'). 278 279 td(txpspecialchars($title), '', 'title'). 280 td(txpspecialchars($description), '', 'files_detail description'). 281 td($category, '', 'category'.$vc). 282 283 /* 284 td( 285 ($permissions == '1') ? gTxt('private') : gTxt('public') 286 ). 287 */ 288 289 td( 290 n.'<a target="_blank" href="'.$tag_url.a.'type=textile" onclick="popWin(this.href, 400, 250); return false;">Textile</a>'.sp. 291 '|'.sp.'<a target="_blank" href="'.$tag_url.a.'type=textpattern" onclick="popWin(this.href, 400, 250); return false;">Textpattern</a>'.sp. 292 '|'.sp.'<a target="_blank" href="'.$tag_url.a.'type=html" onclick="popWin(this.href, 400, 250); return false;">HTML</a>' 293 , '', 'files_detail tag-build'). 294 295 td(in_array($status, array_keys($file_statuses)) ? $file_statuses[$status] : '<span class="error">'.gTxt('none').'</span>', '', 'status'). 296 297 td($condition, '', 'condition'). 298 299 td($download_link, '', 'downloads'). 300 301 ($show_authors ? td( 302 '<span title="'.txpspecialchars(get_author_name($author)).'">'.txpspecialchars($author).'</span>' 303 , '', 'author') : '') 304 ); 305 } 306 307 echo '</tbody>', 308 n, endTable(), 309 n, '</div>', 310 n, file_multiedit_form($page, $sort, $dir, $crit, $search_method), 311 n, tInput(), 312 n, '</form>', 313 n, graf( 314 toggle_box('files_detail'), 315 ' class="detail-toggle"' 316 ), 317 n, '<div id="'.$event.'_navigation" class="txp-navigation">', 318 n, nav_form('file', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit), 319 n, pageby_form('file', $file_list_pageby), 320 n, '</div>', 321 n, '</div>'; 322 } 323 } 324 325 // ------------------------------------------------------------- 326 327 function file_search_form($crit, $method) 328 { 329 $methods = array( 330 'id' => gTxt('ID'), 331 'filename' => gTxt('file_name'), 332 'title' => gTxt('title'), 333 'description' => gTxt('description'), 334 'category' => gTxt('file_category'), 335 'author' => gTxt('author') 336 ); 337 338 return search_form('file', 'file_list', $crit, $methods, $method, 'filename'); 339 } 340 341 // ------------------------------------------------------------- 342 343 function file_multiedit_form($page, $sort, $dir, $crit, $search_method) 344 { 345 global $file_statuses, $all_file_cats, $all_file_authors; 346 347 $categories = $all_file_cats ? treeSelectInput('category', $all_file_cats, '') : ''; 348 $authors = $all_file_authors ? selectInput('author', $all_file_authors, '', true) : ''; 349 $status = selectInput('status', $file_statuses, '', true); 350 351 $methods = array( 352 'changecategory' => array('label' => gTxt('changecategory'), 'html' => $categories), 353 'changeauthor' => array('label' => gTxt('changeauthor'), 'html' => $authors), 354 'changestatus' => array('label' => gTxt('changestatus'), 'html' => $status), 355 'changecount' => array('label' => gTxt('reset_download_count')), 356 'delete' => gTxt('delete'), 357 ); 358 359 if (!$categories) 360 { 361 unset($methods['changecategory']); 362 } 363 364 if (has_single_author('txp_file')) 365 { 366 unset($methods['changeauthor']); 367 } 368 369 if (!has_privs('file.delete.own') && !has_privs('file.delete')) 370 { 371 unset($methods['delete']); 372 } 373 374 return multi_edit($methods, 'file', 'file_multi_edit', $page, $sort, $dir, $crit, $search_method); 375 } 376 377 // ------------------------------------------------------------- 378 379 function file_multi_edit() 380 { 381 global $txp_user, $all_file_cats, $all_file_authors; 382 383 // Empty entry to permit clearing the category 384 $categories = array(''); 385 386 foreach ($all_file_cats as $row) { 387 $categories[] = $row['name']; 388 } 389 390 $selected = ps('selected'); 391 392 if (!$selected or !is_array($selected)) 393 { 394 return file_list(); 395 } 396 397 $selected = array_map('assert_int', $selected); 398 $method = ps('edit_method'); 399 $changed = array(); 400 $key = ''; 401 402 switch ($method) 403 { 404 case 'delete': 405 return file_delete($selected); 406 break; 407 408 case 'changecategory': 409 $val = ps('category'); 410 if (in_array($val, $categories)) 411 { 412 $key = 'category'; 413 } 414 break; 415 416 case 'changeauthor': 417 $val = ps('author'); 418 if (in_array($val, $all_file_authors)) 419 { 420 $key = 'author'; 421 } 422 break; 423 424 case 'changecount': 425 $key = 'downloads'; 426 $val = 0; 427 break; 428 429 case 'changestatus': 430 $key = 'status'; 431 $val = ps('status'); 432 433 // do not allow to be set to an empty value 434 if (!$val) 435 { 436 $selected = array(); 437 } 438 break; 439 440 default: 441 $key = ''; 442 $val = ''; 443 break; 444 } 445 446 if (!has_privs('file.edit')) 447 { 448 if (has_privs('file.edit.own')) 449 { 450 $selected = safe_column('id', 'txp_file', 'id IN ('.join(',', $selected).') AND author=\''.doSlash($txp_user).'\''); 451 } 452 else 453 { 454 $selected = array(); 455 } 456 } 457 458 if ($selected and $key) 459 { 460 foreach ($selected as $id) 461 { 462 if (safe_update('txp_file', "$key = '".doSlash($val)."'", "id = $id")) 463 { 464 $changed[] = $id; 465 } 466 } 467 } 468 469 if ($changed) 470 { 471 update_lastmod(); 472 473 return file_list(gTxt('file_updated', array('{name}' => join(', ', $changed)))); 474 } 475 476 return file_list(); 477 } 478 479 // ------------------------------------------------------------- 480 481 function file_edit($message = '', $id = '') 482 { 483 global $file_base_path, $levels, $file_statuses, $txp_user, $event, $all_file_cats; 484 485 extract(gpsa(array('name', 'title', 'category', 'permissions', 'description', 'sort', 'dir', 'page', 'crit', 'search_method', 'publish_now'))); 486 487 if (!$id) 488 { 489 $id = gps('id'); 490 } 491 $id = assert_int($id); 492 493 $rs = safe_row('*, unix_timestamp(created) as created, unix_timestamp(modified) as modified', 'txp_file', "id = $id"); 494 495 if ($rs) 496 { 497 extract($rs); 498 $filename = sanitizeForFile($filename); 499 500 if (!has_privs('file.edit') && !($author == $txp_user && has_privs('file.edit.own'))) 501 { 502 file_list(gTxt('restricted_area')); 503 return; 504 } 505 506 pagetop(gTxt('edit_file'), $message); 507 508 if ($permissions=='') $permissions='-1'; 509 if (!has_privs('file.publish') && $status >= STATUS_LIVE) $status = STATUS_PENDING; 510 511 $file_exists = file_exists(build_file_path($file_base_path,$filename)); 512 $existing_files = get_filenames(); 513 514 $replace = ($file_exists) 515 ? '<div class="summary-details replace-file">'.n. 516 '<h3>'.gTxt('replace_file').sp.popHelp('file_replace').'</h3>'.n. 517 '<div>'.n. 518 file_upload_form('', '', 'file_replace', $id, 'file_replace').n. 519 '</div>'.n. 520 '</div>'.n 521 : '<div class="summary-details upload-file">'.n. 522 '<h3>'.gTxt('file_relink').sp.popHelp('file_reassign').'</h3>'.n. 523 '<div>'.n. 524 file_upload_form('', '', 'file_replace', $id, 'file_reassign').n. 525 '</div>'.n. 526 '</div>'.n; 527 528 $condition = '<span class="'.(($file_exists) ? 'success' : 'error').'">'. 529 (($file_exists) ? gTxt('file_status_ok') : gTxt('file_status_missing')). 530 '</span>'; 531 532 $downloadlink = ($file_exists) ? make_download_link($id, txpspecialchars($filename),$filename) : txpspecialchars($filename); 533 534 $created = 535 graf(checkbox('publish_now', '1', $publish_now, '', 'publish_now') . '<label for="publish_now">'.gTxt('set_to_now').'</label>', ' class="edit-file-publish-now"').n. 536 graf(gTxt('or_publish_at').sp.popHelp('timestamp'), ' class="edit-file-publish-at"').n. 537 graf('<span class="label">'.gtxt('date').'</span>'.n. 538 tsi('year', '%Y', $rs['created']).' / '.n. 539 tsi('month', '%m', $rs['created']).' / '.n. 540 tsi('day', '%d', $rs['created']) 541 , ' class="edit-file-published"' 542 ).n. 543 graf('<span class="label">'.gTxt('time').'</span>'.n. 544 tsi('hour', '%H', $rs['created']).' : '.n. 545 tsi('minute', '%M', $rs['created']).' : '.n. 546 tsi('second', '%S', $rs['created']) 547 , ' class="edit-file-created"' 548 ); 549 550 echo n.'<div id="'.$event.'_container" class="txp-container">'; 551 echo '<div class="txp-edit">', 552 hed(gTxt('edit_file'), 2), 553 inputLabel('condition', $condition).n, 554 inputLabel('name', $downloadlink).n, 555 inputLabel('download_count', $downloads).n, 556 $replace.n, 557 '<div class="file-detail '.($file_exists ? '' : 'not-').'exists">'.n, 558 form( 559 (($file_exists) 560 ? inputLabel('file_status', radioSet($file_statuses, 'status', $status)).n. 561 inputLabel('file_title', fInput('text', 'title', $title, '', '', '', INPUT_REGULAR, '', 'file_title'), 'title').n. 562 inputLabel('file_category', treeSelectInput('category', $all_file_cats, $category, 'file_category'), 'file_category').n. 563 // inputLabel('perms', selectInput('perms', $levels, $permissions), 'permissions').n. 564 inputLabel('file_description', '<textarea id="file_description" name="description" rows="'.INPUT_XSMALL.'" cols="'.INPUT_LARGE.'">'.$description.'</textarea>', 'description', '', '', '').n. 565 '<fieldset class="file-created">'.n. 566 '<legend>'.n. 567 gTxt('timestamp').n. 568 '</legend>'.n. 569 $created.n. 570 '</fieldset>'.n. 571 pluggable_ui('file_ui', 'extend_detail_form', '', $rs). 572 graf(fInput('submit', '', gTxt('Save'), 'publish')).n. 573 hInput('filename', $filename) 574 : (empty($existing_files) 575 ? '' 576 : gTxt('existing_file').n.selectInput('filename', $existing_files, '', 1) 577 ).n. 578 pluggable_ui('file_ui', 'extend_detail_form', '', $rs).n. 579 graf(fInput('submit', '', gTxt('Save'), 'publish')).n. 580 hInput('category', $category).n. 581 hInput('perms', ($permissions=='-1') ? '' : $permissions).n. 582 hInput('title', $title).n. 583 hInput('description', $description).n. 584 hInput('status', $status) 585 ). 586 eInput('file').n. 587 sInput('file_save').n. 588 hInput('id',$id).n. 589 hInput('sort', $sort).n. 590 hInput('dir', $dir).n. 591 hInput('page', $page).n. 592 hInput('crit', $crit).n. 593 hInput('search_method', $search_method) 594 , '', '', 'post', 'edit-form', '', (($file_exists) ? 'file_details' : 'assign_file')), 595 '</div>'.n, 596 '</div>'.n.'</div>'; 597 } 598 } 599 600 // ------------------------------------------------------------- 601 function file_db_add($filename, $category, $permissions, $description, $size, $title='') 602 { 603 global $txp_user; 604 $rs = safe_insert("txp_file", 605 "filename = '$filename', 606 title = '$title', 607 category = '$category', 608 permissions = '$permissions', 609 description = '$description', 610 size = '$size', 611 created = now(), 612 modified = now(), 613 author = '".doSlash($txp_user)."' 614 "); 615 616 if ($rs) { 617 $GLOBALS['ID'] = $rs; 618 return $GLOBALS['ID']; 619 } 620 621 return false; 622 } 623 624 // ------------------------------------------------------------- 625 function file_create() 626 { 627 global $txp_user, $file_base_path; 628 629 if (!has_privs('file.edit.own')) 630 { 631 file_list(gTxt('restricted_area')); 632 return; 633 } 634 635 extract(doSlash(array_map('assert_string', gpsa(array('filename','title','category','permissions','description'))))); 636 $safe_filename = sanitizeForFile($filename); 637 if ($safe_filename != $filename) { 638 file_list(array(gTxt('invalid_filename'), E_ERROR)); 639 return; 640 } 641 642 $size = filesize(build_file_path($file_base_path,$safe_filename)); 643 $id = file_db_add($safe_filename,$category,$permissions,$description,$size,$title); 644 645 if($id === false){ 646 file_list(array(gTxt('file_upload_failed').' (db_add)', E_ERROR)); 647 } else { 648 $newpath = build_file_path($file_base_path, $safe_filename); 649 650 if (is_file($newpath)) { 651 file_set_perm($newpath); 652 update_lastmod(); 653 file_list(gTxt('linked_to_file').' '.$safe_filename); 654 } else { 655 file_list(gTxt('file_not_found').' '.$safe_filename); 656 } 657 } 658 } 659 660 // ------------------------------------------------------------- 661 function file_insert() 662 { 663 global $txp_user,$file_base_path,$file_max_upload_size; 664 665 if (!has_privs('file.edit.own')) 666 { 667 file_list(gTxt('restricted_area')); 668 return; 669 } 670 671 extract(doSlash(array_map('assert_string', gpsa(array('category','title','permissions','description'))))); 672 673 $name = file_get_uploaded_name(); 674 $file = file_get_uploaded(); 675 676 if ($file === false) { 677 // could not get uploaded file 678 file_list(array(gTxt('file_upload_failed') ." $name - ".upload_get_errormsg($_FILES['thefile']['error']), E_ERROR)); 679 return; 680 } 681 682 $size = filesize($file); 683 if ($file_max_upload_size < $size) { 684 unlink($file); 685 file_list(array(gTxt('file_upload_failed') ." $name - ".upload_get_errormsg(UPLOAD_ERR_FORM_SIZE), E_ERROR)); 686 return; 687 } 688 689 $newname = sanitizeForFile($name); 690 $newpath = build_file_path($file_base_path, $newname); 691 692 if (!is_file($newpath)) { 693 694 $id = file_db_add(doSlash($newname),$category,$permissions,$description,$size,$title); 695 696 if(!$id){ 697 file_list(array(gTxt('file_upload_failed').' (db_add)', E_ERROR)); 698 } else { 699 700 $id = assert_int($id); 701 702 if(!shift_uploaded_file($file, $newpath)) { 703 safe_delete("txp_file","id = $id"); 704 safe_alter("txp_file", "auto_increment=$id"); 705 if ( isset( $GLOBALS['ID'])) unset( $GLOBALS['ID']); 706 file_list(array($newpath.' '.gTxt('upload_dir_perms'), E_ERROR)); 707 // clean up file 708 } else { 709 file_set_perm($newpath); 710 update_lastmod(); 711 712 $message = gTxt('file_uploaded', array('{name}' => $newname)); 713 714 file_edit($message, $id); 715 } 716 } 717 } 718 719 else 720 { 721 $message = gTxt('file_already_exists', array('{name}' => $newname)); 722 723 file_list($message); 724 } 725 } 726 727 // ------------------------------------------------------------- 728 function file_replace() 729 { 730 global $txp_user,$file_base_path; 731 732 $id = assert_int(gps('id')); 733 734 $rs = safe_row('filename, author','txp_file',"id = $id"); 735 736 if (!$rs) { 737 file_list(messenger(array(gTxt('invalid_id'), E_ERROR),$id,'')); 738 return; 739 } 740 741 extract($rs); 742 $filename = sanitizeForFile($filename); 743 744 if (!has_privs('file.edit') && !($author == $txp_user && has_privs('file.edit.own'))) 745 { 746 file_edit(gTxt('restricted_area')); 747 return; 748 } 749 750 $file = file_get_uploaded(); 751 $name = file_get_uploaded_name(); 752 753 if ($file === false) { 754 // could not get uploaded file 755 file_list(gTxt('file_upload_failed') ." $name ".upload_get_errormsg($_FILES['thefile']['error'])); 756 return; 757 } 758 759 if (!$filename) { 760 file_list(gTxt('invalid_filename')); 761 } else { 762 $newpath = build_file_path($file_base_path,$filename); 763 764 if (is_file($newpath)) { 765 rename($newpath,$newpath.'.tmp'); 766 } 767 768 if(!shift_uploaded_file($file, $newpath)) { 769 safe_delete("txp_file","id = $id"); 770 771 file_list($newpath.sp.gTxt('upload_dir_perms')); 772 // rename tmp back 773 rename($newpath.'.tmp',$newpath); 774 775 // remove tmp upload 776 unlink($file); 777 } else { 778 file_set_perm($newpath); 779 update_lastmod(); 780 if ($size = filesize($newpath)) 781 safe_update('txp_file', 'size = '.$size.', modified = now()', 'id = '.$id); 782 783 $message = gTxt('file_uploaded', array('{name}' => txpspecialchars($name))); 784 785 file_edit($message, $id); 786 // clean up old 787 if (is_file($newpath.'.tmp')) 788 unlink($newpath.'.tmp'); 789 } 790 } 791 } 792 793 // ------------------------------------------------------------- 794 795 function file_save() 796 { 797 global $file_base_path, $txp_user; 798 799 $varray = array_map('assert_string', 800 gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))); 801 extract(doSlash($varray)); 802 $filename = $varray['filename'] = sanitizeForFile(gps('filename')); 803 804 if ($filename == '') { 805 $message = gTxt('file_not_updated', array('{name}' => $filename)); 806 return file_list($message); 807 } 808 809 $id = $varray['id'] = assert_int($id); 810 811 $permissions = gps('perms'); 812 if (is_array($permissions)) { 813 asort($permissions); 814 $permissions = implode(",",$permissions); 815 } 816 $varray['permissions'] = $permissions; 817 $perms = doSlash($permissions); 818 819 $rs = safe_row('filename, author', 'txp_file', "id=$id"); 820 if (!has_privs('file.edit') && !($rs['author'] == $txp_user && has_privs('file.edit.own'))) 821 { 822 file_edit(gTxt('restricted_area')); 823 return; 824 } 825 826 $old_filename = $varray['old_filename'] = sanitizeForFile($rs['filename']); 827 if ($old_filename != false && strcmp($old_filename, $filename) != 0) 828 { 829 $old_path = build_file_path($file_base_path,$old_filename); 830 $new_path = build_file_path($file_base_path,$filename); 831 832 if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) 833 { 834 $message = gTxt('file_cannot_rename', array('{name}' => $filename)); 835 836 return file_list($message); 837 } 838 839 else 840 { 841 file_set_perm($new_path); 842 } 843 } 844 845 $created_ts = @safe_strtotime($year.'-'.$month.'-'.$day.' '.$hour.':'.$minute.':'.$second); 846 if ($publish_now) 847 $created = 'now()'; 848 elseif ($created_ts > 0) 849 $created = "from_unixtime('".$created_ts."')"; 850 else 851 $created = ''; 852 853 $size = filesize(build_file_path($file_base_path,$filename)); 854 855 $constraints = array( 856 'category' => new CategoryConstraint(gps('category'), array('type' => 'file')), 857 'status' => new ChoiceConstraint(gps('status'), array('choices' => array(STATUS_HIDDEN, STATUS_PENDING, STATUS_LIVE), 'message' => 'invalid_status')) 858 ); 859 callback_event_ref('file_ui', 'validate_save', 0, $varray, $constraints); 860 $validator = new Validator($constraints); 861 862 $rs = $validator->validate() && safe_update('txp_file', " 863 filename = '".doSlash($filename)."', 864 title = '$title', 865 category = '$category', 866 permissions = '$perms', 867 description = '$description', 868 status = '$status', 869 size = '$size', 870 modified = now(), 871 author = '".doSlash($txp_user)."'" 872 .($created ? ", created = $created" : '') 873 , "id = $id"); 874 875 if (!$rs) 876 { 877 // update failed, rollback name 878 if (isset($old_path) && shift_uploaded_file($new_path, $old_path) === false) 879 { 880 $message = gTxt('file_unsynchronized', array('{name}' => $filename)); 881 return file_list($message); 882 } 883 884 else 885 { 886 $message = gTxt('file_not_updated', array('{name}' => $filename)); 887 return file_list($message); 888 } 889 } 890 891 update_lastmod(); 892 $message = gTxt('file_updated', array('{name}' => $filename)); 893 894 file_list($message); 895 } 896 897 // ------------------------------------------------------------- 898 899 function file_delete($ids = array()) 900 { 901 global $file_base_path, $txp_user; 902 903 $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id'))); 904 $message = ''; 905 906 if (!has_privs('file.delete')) 907 { 908 if (has_privs('file.delete.own')) 909 { 910 $ids = safe_column('id', 'txp_file', 'id IN ('.join(',', $ids).') AND author=\''.doSlash($txp_user).'\'' ); 911 } 912 else 913 { 914 $ids = array(); 915 } 916 } 917 918 if (!empty($ids)) 919 { 920 $fail = array(); 921 922 $rs = safe_rows_start('id, filename', 'txp_file', 'id IN ('.join(',', $ids).')'); 923 924 if ($rs) 925 { 926 while ($a = nextRow($rs)) 927 { 928 extract($a); 929 930 $filepath = build_file_path($file_base_path, $filename); 931 932 // Notify plugins of pending deletion, pass file's id and path 933 callback_event('file_deleted', '', false, $id, $filepath); 934 935 $rsd = safe_delete('txp_file', "id = $id"); 936 $ul = false; 937 938 if ($rsd && is_file($filepath)) 939 { 940 $ul = unlink($filepath); 941 } 942 943 if (!$rsd or !$ul) 944 { 945 $fail[] = $id; 946 } 947 } 948 if ($fail) 949 { 950 $message = messenger(gTxt('file_delete_failed'), join(', ', $fail), ''); 951 } 952 else 953 { 954 update_lastmod(); 955 $message = gTxt('file_deleted', array('{name}' => join(', ', $ids))); 956 } 957 } 958 else 959 { 960 $message = messenger(gTxt('file_not_found'), join(', ', $ids), ''); 961 } 962 } 963 file_list($message); 964 } 965 966 // ------------------------------------------------------------- 967 function file_get_uploaded_name() 968 { 969 return $_FILES['thefile']['name']; 970 } 971 972 // ------------------------------------------------------------- 973 function file_get_uploaded() 974 { 975 return get_uploaded_file($_FILES['thefile']['tmp_name']); 976 } 977 978 // ------------------------------------------------------------- 979 function file_set_perm($file) 980 { 981 return @chmod($file,0644); 982 } 983 984 // ------------------------------------------------------------- 985 function file_upload_form($label,$pophelp,$step,$id='',$label_id='') 986 { 987 global $file_max_upload_size; 988 989 if (!$file_max_upload_size || intval($file_max_upload_size)==0) $file_max_upload_size = 2*(1024*1024); 990 991 $max_file_size = (intval($file_max_upload_size) == 0) ? '': intval($file_max_upload_size); 992 993 return upload_form($label, $pophelp, $step, 'file', $id, $max_file_size, $label_id); 994 } 995 996 // ------------------------------------------------------------- 997 function file_change_pageby() 998 { 999 event_change_pageby('file'); 1000 file_list(); 1001 } 1002 1003 // ------------------------------------------------------------- 1004 1005 function make_download_link($id, $label = '', $filename = '') 1006 { 1007 $label = ($label != '') ? $label : gTxt('download'); 1008 $url = filedownloadurl($id, $filename); 1009 return '<a title="'.gTxt('download').'" href="'.$url.'">'.$label.'</a>'; 1010 } 1011 1012 // ------------------------------------------------------------- 1013 function get_filenames() 1014 { 1015 global $file_base_path; 1016 1017 $dirlist = array(); 1018 1019 if (!is_dir($file_base_path)) 1020 return $dirlist; 1021 1022 if (chdir($file_base_path)) { 1023 $g_array = glob("*.*"); 1024 if ($g_array) { 1025 foreach ($g_array as $filename) { 1026 if (is_file($filename)) { 1027 $dirlist[$filename] = $filename; 1028 } 1029 } 1030 } 1031 } 1032 1033 $files = array(); 1034 $rs = safe_rows("filename", "txp_file", "1=1"); 1035 1036 if ($rs) { 1037 foreach ($rs as $a) { 1038 $files[$a['filename']] = $a['filename']; 1039 } 1040 } 1041 1042 return array_diff($dirlist,$files); 1043 } 1044 1045 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
title