Location: PHPKode > projects > Gnew > Gnew-2013.1/admin/medias.php
<?php
// -----------------------------------------------------------------------------
// $Id: medias.php 577 2013-03-12 09:34:37Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['ADMIN_MEDIAS']);

// Moderator?
if ($users['user_level'] > 1)
{
    // http://www.php.net/post-max-size
    // If the size of POST data is greater than post_max_size, the $_POST and $_FILES superglobals will be empty
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0)
    {
        $valid_size = return_bytes(ini_get('post_max_size'));
        error_template(sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size));
    }
    // Add?
    elseif (isset($_POST['add_media']))
    {
        $error = '';
        $valid_size = return_bytes(ini_get('upload_max_filesize'));

        // Supported medias
        $audios_ext = array('.aac', '.AAC', '.m3a', '.M3A', '.mp3', '.MP3', '.mpega', '.MPEGA', '.mpga', '.MPGA', '.oga', '.OGA', '.ogg', '.OGG', '.spx', '.SPX', '.wav', '.WAV', '.weba', '.WEBA');
        $images_ext = array('.gif', '.GIF', '.jpg', '.JPG', '.jpeg', '.JPEG', '.png', '.PNG');
        $videos_ext = array('.mp4', '.MP4', '.mp4v', '.MP4V', '.mpg4', '.MPG4', '.ogv', '.OGV', '.webm', '.WEBM');

        // Format media name
        // http://bugs.php.net/bug.php?id=47096
        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
        {
            $media_name = preg_replace(array('`[^a-z0-9-_.\s]`i', '`\s+`'), array(' ', '_'), $_FILES['media_file']['name']);
        }
        else
        {
            $media_name = preg_replace('`["!#$%&\'*+/=?^\`{|}~()<>\[\]:;@\\\\,\s\t]+`', '_', $_FILES['media_file']['name']);
        }
        $media_ext = substr($media_name, strrpos($media_name, '.'));

        // Check media
        if (!trim($media_name))
        {
            $error .= $lang['ERROR_NO_FILE'];
        }
        else
        {
            // Sort media
            $media_dir = './../medias/';
            if (in_array($media_ext, $audios_ext))
            {
                $media_dir .= 'audios/';
            }
            elseif (in_array($media_ext, $images_ext))
            {
                $media_dir .= 'images/';
            }
            elseif (in_array($media_ext, $videos_ext))
            {
                $media_dir .= 'videos/';
            }
            else
            {
                $error .= $lang['ERROR_INVALID_MEDIA_TYPE'];
            }
            $media_file = $media_dir . $media_name;
            // Check directory permissions
            if (!is_writable($media_dir))
            {
                $error .= sprintf($lang['ERROR_DIR_NOT_WRITABLE'], $media_dir);
            }
            // Check duplicate medias
            if (file_exists($media_file))
            {
                $error .= $lang['ERROR_FILE_EXISTS'];
            }
            // New name?
            if (!empty($_POST['media_name']))
            {
                // http://bugs.php.net/bug.php?id=47096
                if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
                {
                    $media_name = preg_replace(array('`[^a-z0-9-_.\s]`i', '`\s+`'), array(' ', '_'), $_POST['media_name']);
                }
                else
                {
                    $media_name = preg_replace('`["!#$%&\'*+/=?^\`{|}~()<>\[\]:;@\\\\,\s\t]+`', '_', $_POST['media_name']);
                }
                $media_file = $media_dir . $media_name . $media_ext;
                $media_ext = substr($media_name, strrpos($media_name, '.'));
                if ((in_array($media_ext, $audios_ext)) ||
                    (in_array($media_ext, $images_ext)) ||
                    (in_array($media_ext, $videos_ext)))
                {
                    $error .= $lang['ERROR_NAME_EXTENSION'];
                }
            }
            // Check file size
            if ($_FILES['media_file']['size'] > $valid_size)
            {
                $error .= sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size);
            }
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            if (move_uploaded_file($_FILES['media_file']['tmp_name'], $media_file))
            {
                success_template($lang['MEDIA_ADDED'], './../admin/medias.php');
            }
            else
            {
                error_template($lang['ERROR_INVALID_UPLOADED_FILE']);
            }
        }
    }
    // Delete?
    elseif (isset($_GET['action']) && $_GET['action'] == 'delete_media')
    {
        // Check query
        if (!empty($_GET['file']))
        {
            // Check file and directory
            if (!file_exists($_GET['file']) || !preg_match('`^\./\.\./medias/(audios|images|videos)/[^\.]+\.(aac|AAC|gif|GIF|jpeg|JPEG|jpg|JPG|m3a|M3A|mp3|MP3|mp4|MP4|mp4v|MP4V|mpega|MPEGA|mpg4|MPG4|mpga|MPGA|oga|OGA|ogg|OGG|ogv|OGV|png|PNG|spx|SPX|wav|WAV|weba|WEBA|webm|WEBM)$`', $_GET['file']))
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                unlink($_GET['file']);
                success_template($lang['MEDIA_DELETED'], './../admin/medias.php');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Add form
    else
    {
        $template->set_file('admin', 'admin/medias/add.htpl');
        $template->set_var(array('AUDIOS_LIST' => get_audios_list(),
                                 'IMAGES_LIST' => get_images_list(),
                                 'VIDEOS_LIST' => get_videos_list()));
        $template->parse('admin');
    }
}
// Other
else
{
    error_template($lang['ERROR_LEVEL_ACCESS']);
}

page_footer();

?>
Return current item: Gnew