Location: PHPKode > projects > JaxBlog > JaxBlog/app/admin/admin_files/admin_files.php
<?php

require_once('../../../config.php');
require_once(FOLDER_RELATIVE_COMMON . 'authorization.php');
require_once(FOLDER_RELATIVE_COMMON . 'database.php');
require_once(FOLDER_RELATIVE_COMMON . 'html.php');

$exitearly = true;
$errors = '';
$stage = isset($_GET['stage']) ? $_GET['stage'] : '';
$request = isset($_GET['request']) ? $_GET['request'] : '';

if ($request == 'xml') {
	
	header('Content-Type: text/xml');
	$xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n";
	$xml .= '<root>' . "\n";
	
	if ($stage == 'add') {
		// Display parent information.
		$parent_id = $_SESSION['id'];
		$sql = 'SELECT title FROM Files WHERE id = ?';
		$row = databaseGetRow($sql, array($parent_id));
		$parent_title = $row['title'];
		
		$xml .= '	<controls_input>' . "\n";
		$xml .= '		<record><key>request</key><value>add</value></record>' . "\n";
		$xml .= '		<record><key>stage</key><value>' . $stage . '</value></record>' . "\n";
//		$xml .= '		<record><key>file_id</key><value>0</value></record>' . "\n";
//		$xml .= '		<record><key>folder_title</key><value></value></record>' . "\n";
		$xml .= '		<record><key>parent_id</key><value>' . $parent_id . '</value></record>' . "\n";
		$xml .= '		<record><key>file_or_folder</key><value>file</value></record>' . "\n";
		$xml .= '	</controls_input>' . "\n";
		
	} else if ($stage == 'edit') {
		$file_id = $_SESSION['id'];
		
    	$sql = 'SELECT title, path, parent_id, is_file FROM Files WHERE id = ?';
    	$row = databaseGetRow($sql, array($file_id));
		$file_title = $row['title'];
		$file_path = $row['path'];
//		$folder_title = $row['title'];
		$parent_id = $row['parent_id'];
		
		$condition = $row['is_file'];
		if ($condition == 'N') {
			$file_or_folder = 'folder';
		} else {
			$file_or_folder = 'file';
		}
		
		$xml .= '	<controls_input>' . "\n";
		$xml .= '		<record><key>request</key><value>edit</value></record>' . "\n";
		$xml .= '		<record><key>stage</key><value>' . $stage . '</value></record>' . "\n";
		$xml .= '		<record><key>file_id</key><value>' . $file_id . '</value></record>' . "\n";
		$xml .= '		<record><key>file_title</key><value>' . $file_title . '</value></record>' . "\n";
//		$xml .= '		<record><key>folder_title</key><value>' . $folder_title . '</value></record>' . "\n";
		$xml .= '		<record><key>parent_id</key><value>' . $parent_id . '</value></record>' . "\n";
		$xml .= '		<record><key>file_or_folder</key><value>' . $file_or_folder . '</value></record>' . "\n";
		$xml .= '	</controls_input>' . "\n";
	};
	
	$xml .= '</root>' . "\n";
	echo $xml;
	exit;
}

if ($request == 'add') {
	if ($stage == 'add') {
		$file_or_folder = $_POST['file_or_folder'];
		if ($file_or_folder == null) $file_or_folder = '';
		
		// Grab the parent path (needed for files and folders).
		$parent_id = $_POST['parent_id'];
		$parent_path = databaseGetValue('SELECT path FROM Files WHERE id = ?', array($parent_id));
		
		if ($file_or_folder == 'folder') {
			$title = stripslashes($_POST['folder_title']);
			$path  = $parent_path . cleanFolderName($title);
			
			// Create the new folder path in the filesystem.
			$pass = mkdir($path, 0774);
			if ($pass) {
				// Insert the new folder path into the database.
				$sql = 'INSERT INTO Files (id, parent_id, is_file, title, path) VALUES ( ?, ?, ?, ?, ? )';
				databaseExecuteReturnId($sql, array(0, $parent_id, 'N', $title, $path), 'files_id_seq');
			} else {
				$errors .= 'Failed creating new directory.' . "\n";
			}
		}
		
		if ($file_or_folder == 'file') {
			$counter = 0;
			
			// Loop thru each file and move it from the temp dir to the upload dir.
			foreach ($_FILES['userfile']['error'] as $key => $error) {
				$counter++;
				$title = $_FILES['userfile']['name'][$key];
				
				switch ($error) {
					case UPLOAD_ERR_OK:
						$tempname = $_FILES['userfile']['tmp_name'][$key];
						$extension = strtolower(ereg_replace('^.+\\.([^.]+)$', '\\1', $title));
						$filename = date('Y-m-d-His') . "-$counter.$extension";
						
		 				$invalid = strpos($extension, 'php');
		 				if ($invalid === false) {
							// Insert the new file path into the database.
							$path = $parent_path . $filename;
							$sql = 'INSERT INTO Files (parent_id, is_file, title, path) VALUES ( ?, ?, ?, ? )';
							databaseExecute($sql, array($parent_id, 'Y', $title, $path));
		 					
							$success = move_uploaded_file($tempname, $path);
							if ($success) {
								$success = chmod($path, 01774);
								if (!$success) $errors .= "Unable to change permissions on uploaded file.<br />\n";
							} else {
								$errors .= "Unable to upload file $temp_title; reason unknown.<br />\n";
							}
							
		 				} else {
							$errors .= "File '$title' has a php extension and is unsafe to upload.\n";
		 				}
						break;
						
					case UPLOAD_ERR_INI_SIZE:
						$errors .= "File '$title' size exceeds upload max (set on the server).\n";
						break;
						
					case UPLOAD_ERR_FORM_SIZE:
						$errors .= "File '$title' size exceeds upload max (set on form).\n";
						break;
						
					case UPLOAD_ERR_PARTIAL:
						$errors .= "File '$title' was only partially uploaded.  Please retry.\n";
						break;
						
					case UPLOAD_ERR_NO_TMP_DIR:
						$errors .= "No temporary directory, unable to upload '$title'.\n";
						break;
						
					case UPLOAD_ERR_NO_FILE:
						// No file attempted to upload -> not an error!
						break;
				}
			}
		}
	} else {
		// Send user to the 'add' form.
		$_SESSION['id'] = $_GET['id'];
		$stage = 'add';
		$exitearly = false;
	}
	
} else if ($request == 'edit') {
	if ($stage == 'edit') {
		$file_or_folder = $_POST['file_or_folder'];
		if ($file_or_folder == null) $file_or_folder = '';
		
		if ($file_or_folder == 'folder') {
			
			// Grab the original path.
			$file_id     = $_POST['file_id'];
			$row         = databaseGetRow('SELECT title, path FROM Files WHERE id = ?', array($file_id));
			$orig_title  = $row['title'];
			$orig_folder = cleanFolderName($orig_title);
			$orig_path   = $row['path'];
			
			// Figure out the new path.
			$new_title  = stripslashes($_POST['folder_title']);
			$new_folder = cleanFolderName($new_title);
			$new_path   = substr($orig_path, 0, strlen($orig_path) - strlen($orig_folder)) . $new_folder;
			
			// Don't move if folder already exists and we're not just altering case on the title.
			if (is_dir($new_path) && !($orig_path == $new_path)) {
				$errors .= "The destination folder path ($new_path) already exists.<br />\n";
				$exitearly = true;
				
			} else {
				rename($orig_path, $new_path);
				
				// Store the new path to the database.
				$sql = 'UPDATE Files SET title = ?, path = ? WHERE id = ?';
				databaseExecute($sql, array($new_title, $new_path, $file_id));
				
				// Recursively update the paths on all children.
				$sql = "SELECT * FROM Files WHERE id <> ? AND path LIKE ?";
				$rows = databaseGetRows($sql, array($file_id, $orig_path . '%'));
				foreach ($rows as $row) {
					$updated_path = $new_path . substr($row['path'], strlen($orig_path));
					databaseExecute('UPDATE Files SET path = ? WHERE id = ?', array($updated_path, $row['id']));
				}
			}
		}
		
		if ($file_or_folder == 'file') {
			
			// Grab the original file's info.
			$file_id = $_POST['file_id'];
			$sql = 'SELECT title, path from Files where id = ?';
			$row = databaseGetRow($sql, array($file_id));
			$orig_title = $row['title'];
			$orig_path = $row['path'];
			
			// Grab info about the incoming file.
			$temp_title = $_FILES['userfile']['name'][0];
			$temp_name = $_FILES['userfile']['tmp_name'][0];
			
			// Validate that the extensions at least match prior to uploading.
			$extension_orig = strtolower(ereg_replace('^.+\\.([^.]+)$', '\\1', $orig_title));
			$extension_temp = strtolower(ereg_replace('^.+\\.([^.]+)$', '\\1', $temp_title));
			$valid = ($extension_orig == $extension_temp);
			
			if ($valid) {
				$success = move_uploaded_file($temp_name, $orig_path);
				if ($success) {
					$success = chmod($orig_path, 01774);
					if (!$success) $errors .= "Unable to change permissions on uploaded file.<br />\n";
				} else {
					$errors .= "Unable to upload file $temp_title; reason unknown.<br />\n";
				}
				
			} else {
				$errors .= "The filename or type of file you attempted to upload does not match the original.<br />\n";
				$errors .= "id of " . $file_id . ", files: " . $orig_title . "  vs.  " . $temp_title;
			}
		}
	} else {
		// Send user to the 'edit' form.
		$_SESSION['id'] = $_GET['id'];
		$stage = 'edit';
		$exitearly = false;
	}
	
} else if ($request == 'delete') {
	
	$file_id = $_GET['id'];
	if ($file_id != null) {
		// Grab the path.
		$sql = 'SELECT path, is_file FROM Files WHERE id = ?';
		$row = databaseGetRow($sql, array($file_id));
		$path = $row['path'];
		$is_file = $row['is_file'];
		
		// Delete the file from the filesystem.
		if($is_file == 'Y') {
			$result = @unlink($path);
		} else {
			$result = rmdir($path);
		}
		
		// Remove the file's record in the database.
		if ($result) {
			$sql = 'DELETE FROM Files WHERE id = ?';
			databaseExecute($sql, array($file_id));
		} else {
			$errors = "Unable to delelete file or folder; reason unknown.";
		}
	}
}

if ($exitearly) {
	// TODO: find a neat way to out the error messages to the user.
	if ($errors != '') { 
		echo $errors;
		exit;
	}
	header('location:admin_files_list.php');
	exit;
}


// Show the files list form.
require_once(FOLDER_RELATIVE_COMMON . 'builder-admin.php');

$header   = '<script type="text/javascript" src="admin_files.js"></script>' . "\n";
$onload   = "jaxFormSetCallBack(initializePage); jaxFormRegister('admin_files.php?request=xml&stage=$stage');";
$title    = 'Files';
$content  = 'admin_files.html';
$page     = buildAdminPage($header, $onload, $title, $content);

echo $page;
?>
Return current item: JaxBlog