Location: PHPKode > projects > LySite > lysite/attachments.php
<?php
/*----------------------------------------------------------

       LySite
       Brad Landis (hide@address.com)

   Copyright (C) 2005 Brad Landis

   This program is free software; you can redistribute it
   and/or modify it under the terms of the GNU General
   Public License as published by the Free Software
   Foundation; either version 2 of the License, or (at your
   option) any later version.

   This program is distributed in the hope that it will be
   useful, but WITHOUT ANY WARRANTY; without even the
   implied warranty of MERCHANTABILITY or FITNESS FOR A
   PARTICULAR PURPOSE.  See the GNU General Public License
   for more details.
   
   You should have received a copy of the GNU General Public
   License along with this program; if not, write to the
   Free Software Foundation, Inc., 51 Franklin Street, Fifth
   Floor, Boston, MA  02110-1301, USA.

----------------------------------------------------------*/
require("includes.php");

function valid_ext($ext) {
	$valid = array("mid","mus","pdf","mp3");
	return in_array($ext,$valid) || is_admin_user();
}
function validate_url($url) {
	if(substr($url,0,7) == "http://")
		return $url;
	else
		return "http://".$url;
}

if(isset($_GET['approve']) && is_admin_user()) {
	$query = "UPDATE attachments SET approved='y' WHERE attachment_id='$_GET[attachment_id]' LIMIT 1";
	if(mysql_query($query)) {
		log_event("Attachment Approved",NULL,"attachments.php?song=$_GET[song]");
		header("Location: attachments.php?song=$_GET[song]&notice=Attachment+Approved.");
	} else {
		trigger_error(mysql_error());
	}
} else if(isset($_POST['delete']) && is_admin_user()) {
	$query = "DELETE FROM attachments WHERE attachment_id='$_POST[attachment_id]' LIMIT 1";
	if(mysql_query($query)) {
		log_event("Attachment Deleted",null,null);
		header("Location: attachments.php?song=$_POST[song]&notice=".mysql_affected_rows()."+rows+affected.");
	} else {
		trigger_error(mysql_error());
	}
} else if(isset($_POST['upload_file']) && can_post()) {
	if(!empty($_FILES['ufile'])) {
		$ext = get_ext($_FILES['ufile']['name']);
		if(valid_ext($ext)) {
			$filename = time().'.'.$ext;
			clearstatcache();
			$upload_success = @move_uploaded_file($_FILES['ufile']['tmp_name'], "uploaded/$filename");
			if(!$upload_success)
				$upload_success = @copy($_FILES['ufile']['tmp_name'], "uploaded/$filename");
			if($upload_success) {
				$query = "INSERT INTO attachments SET lid='$_POST[song]',filename='$filename',user_id='".get_user_id()."'".(can_post_without_approval()?",approved='y'":"");
				if(mysql_query($query)) {
					log_event("Attachment Submitted",NULL,"songs.php?song=$_POST[song]");
					header("Location: songs.php?song=$_POST[song]&notice=File+attached+successfully.");
				} else {
					trigger_error(mysql_error());
				}
			} else {
				trigger_error("'uploaded/$filename' is not writeable.");
			}
		}
		
	}
} else if(isset($_POST['add_url']) && can_post()) {
	$_POST['url'] = validate_url($_POST['url']);
	$query = "INSERT INTO attachments SET lid='$_POST[song]',url='$_POST[url]',user_id='".get_user_id()."'".(can_post_without_approval()?",approved='y'":"");
	if(mysql_query($query)) {
		log_event("URL Attachment Submitted",NULL,"songs.php?song=$_POST[song]");
		header("Location: songs.php?song=$_POST[song]&notice=URL+attached+successfully.");
	} else {
		trigger_error(mysql_error());
	}
} else if(isset($_POST['rename']) && is_admin_user()) {
	$_POST['filename'] .= ".".get_ext($_POST['old_filename']);
	if(file_exists("uploaded/$_POST[filename]")) {
		$_GET['attachment_id'] = $_POST['attachment_id'];
		$_GET['rename'] = "";
		$_GET['notice'] = "File already exists, please choose a new name.";
	} else if(rename("uploaded/$_POST[old_filename]", "uploaded/$_POST[filename]")) {
		$query = "UPDATE attachments SET filename='$_POST[filename]' WHERE attachment_id='$_POST[attachment_id]' LIMIT 1";
		if($results = mysql_query($query)) {
			if(mysql_affected_rows() == 1) {
				log_event("File Renamed: '$_POST[old_filename]' -> $_POST[filename]",NULL,"attachments.php?attachment_id=$_POST[attachment_id]");
				header("Location: attachments.php?attachment_id=$_POST[attachment_id]&notice=Successfully+renamed+file.");
			}
		} else trigger_error(mysql_error());
	}
}

ob_start();

if(isset($_GET['upload']) && can_post()) {
	echo "<h3>Guidlines:</h3>
	<ul><li>You may upload mp3, midi, pdf, and <a href='http://www.finalemusic.com/notepad/'>finale notepad compatible</a> files only.
	<li>The file must be music of the song.
	<li>The arrangement used cannot be copyrighted unless you are the owner of the copyright.
	<li>Do not upload MP3's unless you are in the group singing, or you have permission from the group singing.
	</ul>\n";
	echo "<form action='attachments.php' method='post' enctype='multipart/form-data'>\n<fieldset><legend>Uploading Attachment</legend>\n";
	echo "<input type='hidden' name='song' value='$_GET[song]'>\n";
	echo "<p><label for='ufile'>File:</label><br>\n<input type='hidden' name='MAX_FILE_SIZE' value='2097152'><input type='file' name='ufile'>\n";
	echo "<p><input type='submit' name='upload_file' value='Upload'>\n";
	echo "</fieldset></form>\n";
	
	echo "<form action='attachments.php' method='post'>\n<fieldset><legend>From URL</legend>\n";
	echo "<input type='hidden' name='song' value='$_GET[song]'>\n";
	echo "<p><label for='url'>URL:</label><br>\n<input type='text' name='url' maxsize='80' size='40'>\n";
	echo "<p><input type='submit' name='add_url' value='Submit URL'>\n";
	echo "</fieldset></form>\n";
} else if(isset($_GET['delete']) && is_admin_user()) {
	$query = "SELECT * FROM attachments WHERE attachment_id='$_GET[attachment_id]' LIMIT 1";
	if($results = mysql_query($query)) {
		$line = mysql_fetch_assoc($results);
		echo "<p><form action='attachments.php' method='post'>\n<input type='hidden' name='attachment_id' value='$_GET[attachment_id]'><input type='hidden' name='song' value='$_GET[song]'>\n";
		echo "Are you sure you want to delete ".($line['filename']?$line['filename']:$line['url'])."?<br>\n";
		echo "<input type='submit' name='delete' value='Yes'><input type='button' value='No' onclick='history.back()'>\n";
		echo "</form>\n";
	}
} else if(isset($_GET['rename']) && is_admin_user()) {
	$query = "SELECT * FROM attachments WHERE attachment_id='$_GET[attachment_id]' LIMIT 1";
	if($results = mysql_query($query)) {
		$line = mysql_fetch_assoc($results);
		echo "<p><form action='attachments.php' method='post'><input type='hidden' name='attachment_id' value='$_GET[attachment_id]'>\n";
		echo "<input type='text' name='filename' value='".substr($line['filename'],0,strrpos($line['filename'],'.'))."' maxlength='38'>.".get_ext($line['filename'])."\n<input type='hidden' name='old_filename' value='$line[filename]'>\n<br>";
		echo "<input type='submit' name='rename' value='Rename'>\n";
		echo "</form>\n";
	}
} else if(isset($_GET['attachment_id'])) {
	echo "<h2>Download Attachment</h2>\n";
	$query = "SELECT * FROM attachments WHERE attachment_id='$_GET[attachment_id]'";
	if($results = mysql_query($query)) {
		$line = mysql_fetch_assoc($results);
		
		echo "<table".($line['approved'] != 'y'?" class='unapproved'":"").">";
		if($line['filename']) {
			echo "<tr><td align='right'>File:<td><a href='uploaded/$line[filename]'>$line[filename] <img src='icon/small_download.jpg' style='vertical-align: middle; padding: 0px;'></a>\n";
			echo "<tr><td align='right'>Type:<td>".get_file_type($line['filename'])."\n";
		} else {
			echo "<tr><td align='right'>Url:<td><a href='$line[url]' target='_blank'>".urldecode($line['url'])." <img src='icon/small_download.jpg'></a>\n";
			echo "<tr><td align='right'>Type:<td>".get_file_type($line['url'])."\n";
		}
		echo "<tr><td align='right'>Submitted By:<td>".get_user_fullname($line['user_id'])."\n";
		echo "<tr><td align='right'>Attached To:<td>".get_song_title($line['lid']);
		echo "</table>\n";
		
		if(is_admin_user())
			$iconlist[] = "||<form action='attachments.php'><input type='hidden' name='song' value='$line[lid]'><input type='hidden' name='attachment_id' value='$_GET[attachment_id]'>".($line['filename']?"<button name='rename' title='Rename Attachment'><img src='icon/attachment_edit.jpg'><span>Rename</span></button>":"")."<button name='delete' title='Delete Attachment'><img src='icon/attachment_delete.jpg'><span>Delete Attachment</span></button>".($line['approved'] != 'y' ? "<button name='approve' title='Approve Attachment'><img src='icon/attachment_approve.jpg'><span>Approve Attachment</span></button>":"")."</form>";
	}
} else if(isset($_GET['song'])) {
	echo "<h2>Attachments for ".get_song_title($_GET['song'])."</h2>";
	$query = "SELECT * FROM attachments WHERE lid='$_GET[song]'".(is_admin_user()?"":" AND (approved='y' OR user_id='".get_user_id()."')");
	if($results = mysql_query($query)) {
		if(mysql_num_rows($results) > 0) {
			echo "<table style='width: auto; margin: auto;'>\n\n";
			while($line = mysql_fetch_assoc($results)) {
				echo "<tr".($line['approved'] != 'y'?" class='unapproved'":"")."><td><a href='attachments.php?attachment_id=$line[attachment_id]'>".($line['filename']?"$line[filename]"."<td>".get_file_type($line['filename']):url_shorten($line['url'])."<td>".get_file_type($line['url']))."</a>\n";
			}
			echo "</table>\n";
		} else {
			echo "No attachments for this song.";
		}
		if(can_post())
			$iconlist[] = "<form action='attachments.php'><input type='hidden' name='song' value='$_GET[song]'><button type='submit' name='upload' title='Add Attachment'><img src='icon/attachment_add.jpg'><span>Add Attachment</span></button></form>";
	} else {
		trigger_error(mysql_error());
	}
} else {
	$query = "SELECT attachments.*,lyrics.title,lyrics.lid FROM attachments LEFT JOIN lyrics USING(lid) WHERE lyrics.lid IS NOT NULL".(is_admin_user()?"":" AND (attachments.approved='y' OR attachments.user_id='".get_user_id()."')")." ORDER BY lyrics.title,attachment_id";
	if($results = mysql_query($query)) {
		echo "<h2>Attachments</h2>\n<table style='width: auto; margin: auto;'>\n";
		if(mysql_num_rows($results) > 0) {
			while($line = mysql_fetch_assoc($results)) {
				if($lid != $line['lid']) {
					$lid = $line['lid'];
					echo "<tr><td colspan='2'><h3 style='font-weight: bold;'><a href='songs.php?song=$line[lid]' style='text-decoration: none;'>$line[title]</a></h3>\n";
				}
				echo "<tr".($line['approved'] == 'n'?" class='unapproved'":"")."><td><a href='attachments.php?attachment_id=$line[attachment_id]'>".($line['filename']?"$line[filename]</a><td style='text-align: right;'>".get_file_type($line['filename']):url_shorten($line['url'])."<td style='text-align:right'>".get_file_type($line['url']))."<br>\n";
			}
		} else {
			echo "None";
		}
	} else {
		trigger_error(mysql_error());
	}
}

$content = ob_get_contents();
ob_end_clean();
include('header.php');
echo $content;
include("footer.php");
?>
Return current item: LySite