Location: PHPKode > projects > SiteX > admin/file_manager.php
<?PHP
ob_start();
session_start();
include("../includes/globals.php.inc");
include("../includes/functions.php");
include("../lang/English.php");
if(strtolower($sxSetup['Language']) != 'english') include("../lang/".$sxSetup['Language'].".php");
include("../themes/$THEME_FOLDER/config.php.inc");

protectWriteMode();

if((!userEditor())AND(!userAdmin()))  loginError($sxLang['LoginRequired']);
if((userEditor())AND(!$sxSetup['EditorRightsFilesManage']))  loginError($sxLang['LoginRequired']);

if(strlen($sxFolderName) > 0)
{
	$query = "INSERT INTO $DB_Files_Folders (name) VALUES ('".$sxFolderName."')";
	$result = mysql_query($query, $Link) or queryError("12", mysql_error());
	
	$query = "SELECT id FROM $DB_Files_Folders WHERE name='".$sxFolderName."'";
	$result = mysql_query($query, $Link) or queryError("2904", mysql_error());
	$ROW = mysql_fetch_object($result);
	$vfolder = $ROW->id;
	
	$message = $sxLang['MessageFileFolderCreated'];
}
if($name)
{
	$sxFileName = basename($_FILES['File']['name']);
	$query = "SELECT * FROM $DB_Files WHERE filename='$sxFileName'";
	$result = mysql_query($query, $Link) or queryError("12", mysql_error());
	if(!mysql_num_rows($result))
	{
		if (@move_uploaded_file($_FILES['File']['tmp_name'], "../".$sxContentDir['Files'].$sxFileName))
		{
			$size = filesize("../".$sxContentDir['Files'].$sxFileName);
			$uid = $HTTP_SESSION_VARS['userid'];
			
			$query = "INSERT INTO $DB_Files (name, filename, size, timestamp, userid, folderid) VALUES ('$name', '$sxFileName', '$size', '$NOW', '$uid', '$vfolder')";
			$result = mysql_query($query, $Link) or queryError("12", mysql_error());
			$message = $sxLang['MessageFileUploaded'];
		}
		else
			$message = $sxLang['MessageFileCopyError'];
	}
	else
		$message = $sxLang['MessageFileNameError'];
}

if($FileEdit_x)
{
	$query = "UPDATE $DB_Files SET name='$nameNew', folderid='$vfolder' WHERE id='$editid'";
	$result = mysql_query($query, $Link) or queryError("29", mysql_error());
	unset($editid);
	$sxViewFolder = $vfolder;
	$message = $sxLang['MessageFileEdited'];
}

if($sxEditFolderName_x)
{
	$query = "UPDATE $DB_Files_Folders SET name='$sxFolderNameNew', hide='$sxFolderHideNew' WHERE id='$sxFolderEditid'";
	$result = mysql_query($query, $Link) or queryError("29", mysql_error());
	unset($sxFolderEditid);
	$message = $sxLang['MessageFileFolderEdited'];
}

function sxDeleteFile($fileid)
{
	global $Link;
	global $DB_Files;
	global $sxContentDir;
	
	$query = "SELECT * FROM $DB_Files WHERE id='$fileid'";
	$result = mysql_query($query, $Link) or queryError("2904", mysql_error());
	$ROW = mysql_fetch_object($result);
	@unlink("../".$sxContentDir['Files'].$ROW->filename);
	
	$query = "DELETE FROM $DB_Files WHERE id='$fileid'";
	$result = mysql_query($query, $Link) or queryError("2903", mysql_error());
}

if($delete)
{
	sxDeleteFile($delete);	
	$message = $sxLang['MessageFileDeleted'];
}

if($sxFolderDelete)
{
	$query = "DELETE FROM $DB_Files_Folders WHERE id='$sxFolderDelete'";
	$result = mysql_query($query, $Link) or queryError("2902", mysql_error());
	
	$query = "SELECT * FROM $DB_Files WHERE folderid='$sxFolderDelete'";
	$result = mysql_query($query, $Link) or queryError("2901", mysql_error());
	while($ROW = mysql_fetch_object($result))
		sxDeleteFile($ROW->id);
		
	$message = $sxLang['MessageFileFolderDeleted'];
}

if(!isset($folderid))
	$folderid = 0;

$sxTitleAddendum = $sxLang['AdminHeading'];
include("../themes/$THEME_FOLDER/header.php");
?>
<script language="JavaScript" type="text/JavaScript">
<!--
function confirmDelete(theID,theName){
	if(confirm("<?PHP echo $sxLang['FileJSConfirmDelete']; ?> '"+theName+"'?")){
		window.location='<?PHP print $PHP_SELF."?delete="; ?>'+theID;
	}
}
function confirmDeleteFolder(theID,theName){
	if(confirm("<?PHP echo $sxLang['FileFolderJSConfirmDelete1']; ?> '"+theName+"' <?PHP echo $sxLang['FileFolderJSConfirmDelete2']; ?>")){
		window.location='<?PHP print $PHP_SELF."?sxFolderDelete="; ?>'+theID;
	}
}
//-->
</script>     
<div class="bodyWrapper">
<h1 class="sxAdminHeading"><?PHP echo $sxLang['FileHeading']; ?></h1>
<div class="sxAdminBreadcrumbs"><?PHP if(userAdmin()) { ?><a href="index.php"><?PHP echo $sxLang['AdminBreadcrumb']; ?><?PHP }?><?PHP if(userEditor()) { ?><a href="editor_index.php"><?PHP echo $sxLang['EditorBreadcrumb']; ?><?PHP }?></a> > <?PHP echo $sxLang['FileHeading']; ?></div>
<?PHP echoMessage($message); ?>
<form action="<?PHP echo $PHP_SELF; ?>" method="post" enctype="multipart/form-data" name="sxFormFileUpload">
<table border="0" cellspacing="2" cellpadding="3" align="center">
 <tr>
   <td valign="top">
	<table border="0" cellspacing="2" cellpadding="3" align="center">
	 <tr>
	  <td class="sxTdItem"><?PHP echo $sxLang['FileItemUpload']; ?></td>
	  <td><input type="text" style="width:200px" name="name" /></td>
	 </tr>
	 <tr>
		<td></td>
		<td>(<?PHP echo $sxLang['FileMaxSize']; ?>:&nbsp;<?php echo ini_get("upload_max_filesize"); ?>B)</td>
	</tr>
	 <tr>
	  <td class="sxTdItem">&nbsp;</td>
	  <td><select name="vfolder">
	        <option value="0"><?PHP echo $sxLang['None']; ?></option>
		    <?PHP
			$query = "SELECT * FROM $DB_Files_Folders ORDER BY name";
			$result = mysql_query($query, $Link) or queryError("299", mysql_error());
			while($ROW = mysql_fetch_object($result))
			{
				echo '<option value="' . $ROW->id . '"';
				if($vfolder == $ROW->id)
					echo ' selected="selected"';
				echo '>' . $ROW->name . '</option>';
			}
			?>
		  </select> <span class="sxSmallText"><?PHP echo $sxLang['FileItemFolder']; ?></span></td>
	 </tr>
	 <tr>
	  <td>&nbsp;</td>
	  <td nowrap="nowrap"><input name="File" style="width:200px;" type="file" />
	  <input name="Submit" type="submit" value="<?PHP echo $sxLang['ButtonUpload']; ?>" class="sxButton" /></td>
	 </tr>
	</table>
    </td>
	<td valign="top">&nbsp;
	</td>
  </tr>
</table><br />
<div align="left">
<table border="0" cellspacing="2" cellpadding="5" align="center">
<?PHP if (componentActive(9)) { ?>
<tr><td colspan="6">
<?PHP echo $sxLang['FileItemFolderLockInfo']; ?>
</td></tr>
<?PHP } ?>
 <tr> 
  <td class="tableColumn"><?PHP echo $sxLang['GeneralItemName']; ?></td>
  <td class="tableColumn"><?PHP echo $sxLang['GeneralItemFilename']; ?></td>
  <td class="tableColumn"><?PHP echo $sxLang['GeneralItemSize']; ?></td>
  <td class="tableColumn"><?PHP echo $sxLang['GeneralItemHits']; ?></td>
  <td class="tableColumn"><?PHP echo $sxLang['FileItemFolderLock']; ?></td>
  <td class="tableColumn"><?PHP echo $sxLang['GeneralItemOptions']; ?></td>
 </tr>
 <?PHP
 	$query = "SELECT * FROM $DB_Files_Folders ORDER BY name ASC";
	$result = mysql_query($query, $Link) or queryError("24", mysql_error());
		
	// Log if folders exist
	if(mysql_num_rows($result) > 0)
		$sxNoFolders = false;
	else
		$sxNoFolders = true;

	while($ROW = mysql_fetch_object($result))
	{
	if($ROW->hide) {
  $sxFolderLock = "admin_lock.gif";
  }
  else {
  $sxFolderLock = "admin_unlock.gif";
  }
		echo '  <tr bgcolor="' . $sxTheme['ColorTableRow'] . '">';
		// Edit folder name
		if($sxFolderEditid == $ROW->id)
		{
			echo '     <td colspan="4"><input style="width:250px;" type="text" name="sxFolderNameNew" value="' .  $ROW->name . '" /></td>';
			echo '     <td><input type="checkbox" name="sxFolderHideNew" title="'. $sxLang['FileItemFolderLockToggle'] .'" value="1"';
        if($ROW->hide) { 
          echo 'checked="checked"';
          }
      echo '     /></td>';
			echo '     <td><input name="sxFolderEditid" type="hidden" value="' . $sxFolderEditid . '" />';
			echo '         <input name="sxEditFolderName" type="image" title="'. $sxLang['GeneralItemSave'] .'" src="../images/admin_save.gif" value="' . $sxLang['ButtonEditName'] . '" alt="' . $sxLang['ButtonEditName'] . '" /></td>';
		}
		// Normal display
		else
		{
			if($sxViewFolder == $ROW->id)
			{
				$sxFolderImage = "folder_open.gif";
				$sxFolderLinkVar = "sxCloseFolder";
				$sxFolderOpened = true;
			}
			else
			{
				$sxFolderImage = "folder_closed.gif";
				$sxFolderLinkVar = "sxViewFolder";
				$sxFolderOpened = false;
			}
			
			$query2 = "SELECT * FROM $DB_Files WHERE folderid='$ROW->id'";
			$result2 = mysql_query($query2, $Link) or queryError("2901", mysql_error());

			echo '     <td colspan="4">';
			echo '       <table border="0" cellpadding="0" cellspacing="0">';
			echo '         <tr>';
			echo '           <td><a name="folder' . $ROW->id . '" href="' . $_SERVER['PHP_SELF'] . '?' . $sxFolderLinkVar . '=' . $ROW->id . '#folder' . $ROW->id . '"><img src="../images/' . $sxFolderImage . '" style="border: 0;"></a></td>';
			echo '           <td>&nbsp;&nbsp;<a name="folder' . $ROW->id . '" href="' . $_SERVER['PHP_SELF'] . '?' . $sxFolderLinkVar . '=' . $ROW->id . '#folder' . $ROW->id . '">' . $ROW->name . ' (' . mysql_num_rows($result2) . ')</a></td>';
			echo '         </tr>';
			echo '       </table>';
			echo '     </td>';
      echo '     <td align="center"><img src="../images/' . $sxFolderLock . '"></td>';
			echo '     <td><a href="#" onclick="window.location=\'' . "$PHP_SELF?sxFolderEditid=$ROW->id#$ROW->id" . '\'" title="' . $sxLang['ButtonEdit'] . '"><img src="../images/admin_edit.gif" style="border: 0;" alt="' . $sxLang['ButtonEdit'] . '" /></a>';
			echo '         <a href="#" onclick="confirmDeleteFolder(' . $ROW->id . ',\'' . addslashes( htmlspecialchars($ROW->name)) . '\')" title="' . $sxLang['ButtonDelete'] . '"><img src="../images/admin_delete.gif" style="border: 0;" alt="' . $sxLang['ButtonDelete'] . '" /></a></td>';
		}
		echo '  </tr>';
		
		// Show contents of folder
		if($sxViewFolder == $ROW->id)
		{
			$query2 = "SELECT * FROM $DB_Files WHERE folderid='$ROW->id' ORDER BY filename ASC";
			$result2 = mysql_query($query2, $Link) or queryError("24", mysql_error());
			while($ROW2 = mysql_fetch_object($result2))
			{
				echo '  <tr bgcolor="' . incrementHexNumber($sxTheme['ColorTableRow']) . '">'."\n";
				// File edit mode
				if($editid == $ROW2->id)
				{
					echo '     <td colspan="4">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a name="file' . $ROW2->id . '"></a><input style="width:150px;" type="text" name="nameNew" value="' .  htmlspecialchars($ROW2->name) . '" />'."\n";
					echo '      <select name="vfolder">'."\n";
					echo '        <option value="0">' . $sxLang['None'] . '</option>'."\n";
					
					$query3 = "SELECT * FROM $DB_Files_Folders ORDER BY name";
					$result3 = mysql_query($query3, $Link) or queryError("299", mysql_error());
					while($ROW3 = mysql_fetch_object($result3))
					{
						echo '        <option value="' . $ROW3->id . '"';
						if($ROW2->folderid == $ROW3->id)
							echo ' selected="selected"';
						echo '>' . $ROW3->name . '</option>'."\n";
					}
					
					echo '       </select>'."\n";
					echo '     </td>'."\n";
					echo '     <td><input name="editid" type="hidden" value="' . $editid . '" />'."\n";
					echo '         <input name="FileEdit" type="image" src="../images/admin_edit.gif" value="' . $sxLang['ButtonEdit'] . '" alt="' . $sxLang['ButtonEdit'] . '" /></td>'."\n";
				}
				// File display mode
				else
				{
					echo '     <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ' . limitStringForce( htmlspecialchars($ROW2->name), 26) . '</td>';
					echo '     <td><a name="file' . $ROW2->id . '" href="' . "../".$sxContentDir['Files'] . $ROW2->filename . '">' . limitStringForce($ROW2->filename, 30) . '</a></td>';
					echo '     <td>' . number_format($ROW2->size/1000) . ' kb</td>';
					echo '     <td>' . number_format($ROW2->hits) . '</td>';
					echo '     <td align="center"><img src="../images/down.gif" /></td>';
					echo '     <td><a href="#" onclick="window.location=\'' . "$PHP_SELF?sxViewFolder=$sxViewFolder&editid=$ROW2->id#file$ROW2->id" . '\'" title="' . $sxLang['ButtonEdit'] . '"><img src="../images/admin_edit.gif" style="border: 0;" alt="' . $sxLang['ButtonEdit'] . '" /></a>';
					echo '         <a href="#" onclick="confirmDelete(' . $ROW2->id . ',\'' . addslashes( htmlspecialchars($ROW2->filename)) . '\')" title="' . $sxLang['ButtonDelete'] . '"><img src="../images/admin_delete.gif" style="border: 0;" alt="' . $sxLang['ButtonDelete'] . '" /></a></td>';
				}
				echo '  </tr>';
			}
			if(mysql_num_rows($result2) == 0)
				echo '<tr bgcolor="' . incrementHexNumber($sxTheme['ColorTableRow']) . '"><td colspan="5" width="500">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <em>' . $sxLang['NoFiles'] . '</em></td></tr>';
		} // End show contents of folder
	} // End folder loop

	$query = "SELECT * FROM $DB_Files WHERE folderid='$folderid' ORDER BY filename ASC";
	$result = mysql_query($query, $Link) or queryError("24", mysql_error());
	while($ROW = mysql_fetch_object($result)){
		echo '  <tr bgcolor="' . $sxTheme['ColorTableRow'] . '">'."\n";
		if($editid == $ROW->id)
		{
			echo '     <td colspan="4"><input style="width:150px;" type="text" name="nameNew" value="' .  htmlspecialchars($ROW->name) . '" />'."\n";
			echo '      <select name="vfolder">'."\n";
	        echo '        <option value="0">' . $sxLang['None'] . '</option>'."\n";
		    
			$query3 = "SELECT * FROM $DB_Files_Folders ORDER BY name";
			$result3 = mysql_query($query3, $Link) or queryError("299", mysql_error());
			while($ROW3 = mysql_fetch_object($result3))
			{
				echo '        <option value="' . $ROW3->id . '"';
				if($vfolder == $ROW3->id)
					echo ' selected="selected"';
				echo '>' . $ROW3->name . '</option>'."\n";
			}
			
		    echo '       </select>'."\n";
			echo '     </td>'."\n";
			echo '     <td><input name="editid" type="hidden" value="' . $editid . '" />'."\n";
			echo '         <input name="FileEdit" type="image" src="../images/admin_edit.gif" value="' . $sxLang['ButtonEdit'] . '" alt="' . $sxLang['ButtonEdit'] . '" /></td>'."\n";
		}
		else
		{
			echo '     <td>' . limitStringForce( htmlspecialchars($ROW->name), 26) . '</td>';
			echo '     <td><a name="' . $ROW->id . '" href="' . "../".$sxContentDir['Files'] . $ROW->filename . '">' . limitStringForce($ROW->filename, 30) . '</a></td>';
			echo '     <td>' . number_format($ROW->size/1000) . ' kb</td>';
			echo '     <td>' . number_format($ROW->hits) . '</td>';
			echo '     <td><a href="' . $PHP_SELF . "?page=$page&editid=$ROW->id#$ROW->id" . '" title="' . $sxLang['ButtonEdit'] . '"><img src="../images/admin_edit.gif" style="border: 0;" alt="' . $sxLang['ButtonEdit'] . '" /></a>';
			echo '         <a href="#" onclick="confirmDelete(' . $ROW->id . ',\'' . addslashes( htmlspecialchars($ROW->filename)) . '\')" title="' . $sxLang['ButtonDelete'] . '"><img src="../images/admin_delete.gif" style="border: 0;" alt="' . $sxLang['ButtonDelete'] . '" /></a></td>';
		}
		echo '  </tr>';
	}
	if((mysql_num_rows($result) == 0)AND($sxNoFolders == true))
		echo '<tr bgcolor="' . $sxTheme['ColorTableRow'] . '"><td colspan="5" align="center"><em>' . $sxLang['NoFiles'] . '</em></td></tr>';
  ?>
</table></div><br />
<br />
<div>
<table border="0" cellspacing="2" cellpadding="3" align="center">
 <tr>
  <td class="sxTdItem"><?PHP echo $sxLang['FileItemCreateFolder']; ?></td>
  <td><input type="text" style="width:125px" name="sxFolderName" /> <input name="sxCreateFolder" style=" " type="submit" value="<?PHP echo $sxLang['ButtonAdd']; ?>" class="sxButton" /></td>
 </tr>
</table>
</div>
</form></div>
<?PHP
include("../themes/$THEME_FOLDER/footer.php");
ob_end_flush();
?>
Return current item: SiteX