From 889e8eaf7c40817663dd602a21ac771062ccac3b Mon Sep 17 00:00:00 2001
From: Alex AUVOLAT <alexis211@gmail.com>
Date: Thu, 21 Jun 2012 16:34:27 +0200
Subject: Big change, sir. Can now upload any kind of files.

---
 lib/file/delete.php   | 21 ++++++++++++++++++++
 lib/file/delfld.php   | 16 +++++++++++++++
 lib/file/editfld.php  | 44 +++++++++++++++++++++++++++++++++++++++++
 lib/file/editinfo.php | 51 ++++++++++++++++++++++++++++++++++++++++++++++++
 lib/file/folder.php   | 43 ++++++++++++++++++++++++++++++++++++++++
 lib/file/index.php    | 44 +++++++++++++++++++++++++++++++++++++++++
 lib/file/newfld.php   | 32 ++++++++++++++++++++++++++++++
 lib/file/upload.php   | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++
 8 files changed, 305 insertions(+)
 create mode 100644 lib/file/delete.php
 create mode 100644 lib/file/delfld.php
 create mode 100644 lib/file/editfld.php
 create mode 100644 lib/file/editinfo.php
 create mode 100644 lib/file/folder.php
 create mode 100644 lib/file/index.php
 create mode 100644 lib/file/newfld.php
 create mode 100644 lib/file/upload.php

(limited to 'lib/file')

diff --git a/lib/file/delete.php b/lib/file/delete.php
new file mode 100644
index 0000000..1a65058
--- /dev/null
+++ b/lib/file/delete.php
@@ -0,0 +1,21 @@
+<?php
+
+require("lib/conf/file.php");
+
+$title = "Delete a file";
+
+if (count($args) < 3) header("location: index.php");
+$id = intval($args[2]);
+
+$info = mysql_fetch_assoc(sql("SELECT * FROM files WHERE id = $id"));
+
+if ($info["owner"] == $user["id"]) {
+	token_validate("Do you really want to delete this file ?", "file");
+	if (has_mini($info["extension"])) unlink($savedir . $id . "-min." . $info["extension"]);
+	unlink($savedir . $id . "." . $info["extension"]);
+	sql("DELETE FROM files WHERE id = $id");
+	header("location: file");
+} else {
+	$error = "You cannot delete this file.";
+}
+require("tpl/general/empty.php");
diff --git a/lib/file/delfld.php b/lib/file/delfld.php
new file mode 100644
index 0000000..c1cacf0
--- /dev/null
+++ b/lib/file/delfld.php
@@ -0,0 +1,16 @@
+<?php
+
+assert_redir(count($args) >= 3, 'file');
+$fldid = intval($args[2]);
+
+$fld = mysql_fetch_assoc(sql(
+	"SELECT id, name, comment, public, owner ".
+	"FROM folders WHERE id = $fldid"
+	));
+assert_error($fld && $fld['owner'] == $user['id'],
+	"This folder does not exist, or you are not allowed to edit it.");
+
+token_validate("Do you really want to delete this folder ?", "folder-file-$fldid");
+sql("DELETE FROM folders WHERE id = $fldid");
+sql("UPDATE files SET folder = 0 WHERE folder = $fldid");
+header("location: file");
diff --git a/lib/file/editfld.php b/lib/file/editfld.php
new file mode 100644
index 0000000..db5a304
--- /dev/null
+++ b/lib/file/editfld.php
@@ -0,0 +1,44 @@
+<?php
+
+require("lib/markdown.php");
+
+assert_redir(count($args) == 3, 'file');
+$fldid = intval($args[2]);
+
+$fld = mysql_fetch_assoc(sql(
+	"SELECT id, name, comment, public, owner ".
+	"FROM folders WHERE id = $fldid"
+	));
+assert_error($fld && $fld['owner'] == $user['id'],
+	"This folder does not exist, or you are not allowed to edit it.");
+
+$fld_name = $fld['name'];
+$fld_comment = $fld['comment'];
+$fld_public = $fld['public'];
+if (isset($_POST['name']) && isset($_POST['comment'])) {
+	$fld_public = isset($_POST['public']);
+	$fld_name = esca($_POST['name']);
+	$fld_comment = esca($_POST['comment']);
+	$fld_comment_html = Markdown($fld_comment);
+	if ($fld_name == "") {
+		$error = "You must enter a name for your folder.";
+	} else {
+		sql("UPDATE folders SET name = '" . escs($fld_name) . "', comment = '" . escs($fld_comment) .
+			"', comment_html = '" . escs($fld_comment_html) . "', public = " . ($fld_public?'1':'0') .
+			" WHERE id = $fldid");
+		header("Location: folder-file-" . $fldid);
+		die();
+	}
+	
+}
+
+$title = "Edit folder";
+$fields = array(
+	array("label" => "Folder name : ", "name" => "name", "value" => $fld_name),
+	array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $fld_public),
+	array("label" => "Comment : ", "name" => "comment", "type" => "textarea", "value" => $fld_comment),
+	);
+$validate = "Save";
+
+require("tpl/general/form.php");
+
diff --git a/lib/file/editinfo.php b/lib/file/editinfo.php
new file mode 100644
index 0000000..eea9f35
--- /dev/null
+++ b/lib/file/editinfo.php
@@ -0,0 +1,51 @@
+<?php
+
+require("lib/markdown.php");
+
+require("lib/conf/file.php");
+
+$title = "Rename a file";
+
+if (count($args) < 3) header("location: index.php");
+$id = intval($args[2]);
+
+$info = mysql_fetch_assoc(sql(
+	"SELECT files.owner AS owner, files.id AS id, files.name AS name, files.comment AS comment,
+		folders.id AS folder_id, folders.name AS folder_name
+		FROM files LEFT JOIN folders ON files.folder = folders.id WHERE files.id = $id"
+));
+
+assert_error($info["owner"] == $user["id"], "You cannot rename this file.");
+
+$name = $info['name'];
+$comment = $info['comment'];
+$folder = $info['folder_id'];
+if (isset($_POST['name']) && isset($_POST['comment']) && isset($_POST['folder'])) {
+	$name = esca($_POST['name']);
+	$comment = esca($_POST['comment']);
+	$comment_html = Markdown($comment);
+	$folder = intval($_POST['folder']);
+	if ($name == "") {
+		$error = "You must give a non-empty name to this file. Please.";
+	} else {
+		sql("UPDATE files SET name = '" . escs($name) . "', comment='" . escs($comment). "',
+				comment_html = '" . escs($comment_html) . "', folder = $folder WHERE id = $id");
+		header("Location: file");
+		die();
+	}
+}
+
+$folders = array(0 => "[no folder]");
+$r = sql("SELECT id, name FROM folders WHERE owner = " . $user['id'] . " ORDER BY name ASC");
+while ($n = mysql_fetch_array($r))
+	$folders[$n['id']] = $n['name'];
+
+$title = "Edit file info : " . $info['name'];
+$fields = array(
+	array("label" => "File name : ", "name" => "name", "value" => $name),
+	array("label" => "Folder : ", "type" => "select", "name" => "folder", "choices" => $folders, "value" => $folder),
+	array("label" => "Comment : ", "name" => "comment", "value" => $comment, "type" => "textarea"),
+);
+$validate = "Save";
+
+require("tpl/general/form.php");
diff --git a/lib/file/folder.php b/lib/file/folder.php
new file mode 100644
index 0000000..15e8625
--- /dev/null
+++ b/lib/file/folder.php
@@ -0,0 +1,43 @@
+<?php
+
+require("lib/conf/file.php");
+
+assert_redir(count($args) == 3, 'file');
+$fldid = intval($args[2]);
+
+$fld = mysql_fetch_assoc(sql(
+	"SELECT folders.id AS id, folders.name AS name, folders.comment_html AS comment_html, ".
+	"folders.public AS public, account.id AS owner, account.login AS ownername FROM folders ".
+	"LEFT JOIN account ON account.id = folders.owner ".
+	"WHERE folders.id = $fldid"
+));
+assert_error($fld && ($fld['public'] != 0 || $fld['owner'] == $user['id']),
+	"This folder does not exist, or you are not allowed to see it.");
+
+$can_edit = ($user['priv'] >= $apps['file']['editfld'] && $user['id'] == $fld['owner']);
+$is_owner = ($user['id'] == $fld['owner']);
+
+$filters = array (
+	"order" => array (
+			"name" => "title",
+			"upl_date" => "date uploaded",
+		),
+	"way" => $ord_ways,
+);
+$fdefaults = array (
+	"order" => "name",
+	"way" => "ASC",
+);
+
+$title = $fld["name"];
+
+$files = array();
+$fileq = sql("SELECT files.id AS id, files.name AS name, files.extension AS extension, files.upl_date AS upl_date, ".
+	"files.comment_html AS comment_html FROM files WHERE files.folder = $fldid");
+while ($img = mysql_fetch_assoc($fileq)) $files[] = $img;
+
+$s = sql("SELECT id, name FROM folders WHERE owner = " . $fld['owner'] . ($fld['owner'] == $user['id'] ? '' : " AND public != 0"). " ORDER BY name ASC");
+$folers = array();
+while ($f = mysql_fetch_assoc($s)) $folders[] = $f;
+
+require("tpl/file/folder.php");
diff --git a/lib/file/index.php b/lib/file/index.php
new file mode 100644
index 0000000..34686c5
--- /dev/null
+++ b/lib/file/index.php
@@ -0,0 +1,44 @@
+<?php
+
+require("lib/conf/file.php");
+
+$filters = array (
+	"order" => array (
+			"name" => "title",
+			"upl_date" => "date uploaded",
+			"folder_name" => "folder",
+		),
+	"way" => $ord_ways,
+);
+$fdefaults = array (
+	"order" => "upl_date",
+	"way" => "DESC",
+);
+
+$title = "Image upload";
+
+$files = array();
+$fileq = sql("SELECT files.id AS id, files.name AS name, files.extension AS extension, files.upl_date AS upl_date, ".
+				"files.comment_html AS comment_html, folders.id AS folder_id, folders.name AS folder_name ".
+				" FROM files LEFT JOIN folders ON folders.id = files.folder ".
+				"WHERE files.owner = " . $user['id'] .
+	" ORDER BY " . get_filter('order') . " " . get_filter('way'));
+while ($img = mysql_fetch_assoc($fileq)) $files[] = $img;
+
+if ($user['priv'] < $apps['file']['upload']) {
+	$error = "You don't have the rights to upload files.";
+	$can_upload = false;
+} else {
+	$can_upload = true;
+}
+
+$folders = array();
+$r = sql("SELECT id, name FROM folders WHERE owner = " . $user['id'] . " ORDER BY name ASC");
+while ($f = mysql_fetch_assoc($r)) {
+	$folders[] = $f;
+}
+
+$can_delete = ($user['priv'] >= $apps['file']['delete'] && $user['id'] != 0);
+$can_rename = ($user['priv'] >= $apps['file']['editinfo'] && $user['id'] != 0);
+
+require("tpl/file/index.php");
diff --git a/lib/file/newfld.php b/lib/file/newfld.php
new file mode 100644
index 0000000..6b5ba1f
--- /dev/null
+++ b/lib/file/newfld.php
@@ -0,0 +1,32 @@
+<?php
+
+require("lib/markdown.php");
+
+$fld_name = "";
+$fld_comment = "";
+$fld_public = true;
+if (isset($_POST['name']) && isset($_POST['comment'])) {
+	$fld_public = isset($_POST['public']);
+	$fld_name = esca($_POST['name']);
+	$fld_comment = esca($_POST['comment']);
+	$fld_comment_html = Markdown($fld_comment);
+	if ($fld_name == "") {
+		$error = "You must enter a name for your folder.";
+	} else {
+		sql("INSERT INTO folders(owner, name, comment, comment_html, public) ".
+			"VALUES(" . $user['id'] . ", '" . escs($fld_name) . "', '" . escs($fld_comment) .
+			"', '" . escs($fld_comment_html) . "', " . ($fld_public ? '1' : '0') . ")");
+		header("Location: folder-file-" . mysql_insert_id());
+		die();
+	}
+}
+
+$title = "New folder";
+$fields = array(
+	array("label" => "Name : ", "name" => "name", "value" => $fld_name),
+	array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $fld_public),
+	array("label" => "Comment : ", "name" => "comment", "type" => "textarea", "value" => $fld_comment),
+	);
+$validate = "Create folder";
+
+require("tpl/general/form.php");
diff --git a/lib/file/upload.php b/lib/file/upload.php
new file mode 100644
index 0000000..4b5299d
--- /dev/null
+++ b/lib/file/upload.php
@@ -0,0 +1,54 @@
+<?php
+
+$title = "Upload a file";
+
+require("lib/conf/file.php");
+
+
+if (isset($_FILES['file']) && isset($_POST['name'])) {
+	$name = esca($_POST['name']);
+	if ($name == "") $name = $_FILES['file']['name'];
+	if ($_FILES['file']['error'] != 0) {
+		$error = "Sorry, an error occurred while uploading your file. Try with a smaller one.";
+		require("tpl/file/upload.php");
+	}
+	$origname = strtolower(basename($_FILES['file']['name']));
+	$type = preg_replace("#^.+\.([a-z0-9]+)$#", "$1", $origname);
+
+	sql("INSERT INTO files(owner, extension, name, upl_date) VALUES(" . $user['id'] . ", '$type', '" . escs($name) . "', NOW())");
+	$id = mysql_insert_id();
+	$filen = $savedir . $id . "." . $type;
+	if (!copy($_FILES['file']['tmp_name'], $filen)) {
+		$error = "An internal error occurred. You might want to try again later.";
+		sql("DELETE FROM files WHERE id = $id");
+		require("tpl/file/upload.php");
+	}
+
+	if (has_mini($type)) {
+		$minin = $savedir . $id . "-min." . $type;
+		if ($type == "png")
+			$source = imagecreatefrompng($filen); 
+		elseif ($type == "jpg" || $type == "jpeg")
+			$source = imagecreatefromjpeg($filen);
+		elseif ($type == "gif")
+			$source = imagecreatefromgif($filen);
+		$l = imagesx($source);
+		$h = imagesy($source);
+		$l2 = $img_mini_width;
+		$h2 = $l2 * $h / $l;
+		$mini = imagecreatetruecolor($l2, $h2);
+		imagecopyresampled($mini, $source, 0, 0, 0, 0, $l2, $h2, $l, $h);
+		if ($type == "png")
+			imagepng($mini, $minin);
+		elseif ($type == "jpg")
+			imagejpeg($mini, $minin);
+		elseif ($type == "gif")
+			imagegif($mini, $minin);
+		$message = "Your image has been uploaded successfully and a miniature has been created.";
+	} else {
+		$message = "Your file has been uploaded successfully.";
+	}
+	require("tpl/file/upload-ok.php");
+} else {
+	require("tpl/file/upload.php");
+}
-- 
cgit v1.2.3