<?PHP
ob_start();
session_start();
include("../includes/globals.php.inc");
include("../includes/functions.php");
include("../lang/English.php");
if(strtolower($sxSetup['Language']) != 'english') include("../lang/".$sxSetup['Language'].".php");
include("../themes/$THEME_FOLDER/config.php.inc");
protectWriteMode();
if((!userEditor())AND(!userAdmin())) loginError($sxLang['LoginRequired']);
if((userEditor())AND(!$sxSetup['EditorRightsFilesManage'])) loginError($sxLang['LoginRequired']);
if(strlen($sxFolderName) > 0)
{
$query = "INSERT INTO $DB_Files_Folders (name) VALUES ('".$sxFolderName."')";
$result = mysql_query($query, $Link) or queryError("12", mysql_error());
$query = "SELECT id FROM $DB_Files_Folders WHERE name='".$sxFolderName."'";
$result = mysql_query($query, $Link) or queryError("2904", mysql_error());
$ROW = mysql_fetch_object($result);
$vfolder = $ROW->id;
$message = $sxLang['MessageFileFolderCreated'];
}
if($name)
{
$sxFileName = basename($_FILES['File']['name']);
$query = "SELECT * FROM $DB_Files WHERE filename='$sxFileName'";
$result = mysql_query($query, $Link) or queryError("12", mysql_error());
if(!mysql_num_rows($result))
{
if (@move_uploaded_file($_FILES['File']['tmp_name'], "../".$sxContentDir['Files'].$sxFileName))
{
$size = filesize("../".$sxContentDir['Files'].$sxFileName);
$uid = $HTTP_SESSION_VARS['userid'];
$query = "INSERT INTO $DB_Files (name, filename, size, timestamp, userid, folderid) VALUES ('$name', '$sxFileName', '$size', '$NOW', '$uid', '$vfolder')";
$result = mysql_query($query, $Link) or queryError("12", mysql_error());
$message = $sxLang['MessageFileUploaded'];
}
else
$message = $sxLang['MessageFileCopyError'];
}
else
$message = $sxLang['MessageFileNameError'];
}
if($FileEdit_x)
{
$query = "UPDATE $DB_Files SET name='$nameNew', folderid='$vfolder' WHERE id='$editid'";
$result = mysql_query($query, $Link) or queryError("29", mysql_error());
unset($editid);
$sxViewFolder = $vfolder;
$message = $sxLang['MessageFileEdited'];
}
if($sxEditFolderName_x)
{
$query = "UPDATE $DB_Files_Folders SET name='$sxFolderNameNew', hide='$sxFolderHideNew' WHERE id='$sxFolderEditid'";
$result = mysql_query($query, $Link) or queryError("29", mysql_error());
unset($sxFolderEditid);
$message = $sxLang['MessageFileFolderEdited'];
}
function sxDeleteFile($fileid)
{
global $Link;
global $DB_Files;
global $sxContentDir;
$query = "SELECT * FROM $DB_Files WHERE id='$fileid'";
$result = mysql_query($query, $Link) or queryError("2904", mysql_error());
$ROW = mysql_fetch_object($result);
@unlink("../".$sxContentDir['Files'].$ROW->filename);
$query = "DELETE FROM $DB_Files WHERE id='$fileid'";
$result = mysql_query($query, $Link) or queryError("2903", mysql_error());
}
if($delete)
{
sxDeleteFile($delete);
$message = $sxLang['MessageFileDeleted'];
}
if($sxFolderDelete)
{
$query = "DELETE FROM $DB_Files_Folders WHERE id='$sxFolderDelete'";
$result = mysql_query($query, $Link) or queryError("2902", mysql_error());
$query = "SELECT * FROM $DB_Files WHERE folderid='$sxFolderDelete'";
$result = mysql_query($query, $Link) or queryError("2901", mysql_error());
while($ROW = mysql_fetch_object($result))
sxDeleteFile($ROW->id);
$message = $sxLang['MessageFileFolderDeleted'];
}
if(!isset($folderid))
$folderid = 0;
$sxTitleAddendum = $sxLang['AdminHeading'];
include("../themes/$THEME_FOLDER/header.php");
?>
<script language="JavaScript" type="text/JavaScript">
<!--
function confirmDelete(theID,theName){
if(confirm("<?PHP echo $sxLang['FileJSConfirmDelete']; ?> '"+theName+"'?")){
window.location='<?PHP print $PHP_SELF."?delete="; ?>'+theID;
}
}
function confirmDeleteFolder(theID,theName){
if(confirm("<?PHP echo $sxLang['FileFolderJSConfirmDelete1']; ?> '"+theName+"' <?PHP echo $sxLang['FileFolderJSConfirmDelete2']; ?>")){
window.location='<?PHP print $PHP_SELF."?sxFolderDelete="; ?>'+theID;
}
}
//-->
</script>
<div class="bodyWrapper">
<h1 class="sxAdminHeading"><?PHP echo $sxLang['FileHeading']; ?></h1>
<div class="sxAdminBreadcrumbs"><?PHP if(userAdmin()) { ?><a href="index.php"><?PHP echo $sxLang['AdminBreadcrumb']; ?><?PHP }?><?PHP if(userEditor()) { ?><a href="editor_index.php"><?PHP echo $sxLang['EditorBreadcrumb']; ?><?PHP }?></a> > <?PHP echo $sxLang['FileHeading']; ?></div>
<?PHP echoMessage($message); ?>
<form action="<?PHP echo $PHP_SELF; ?>" method="post" enctype="multipart/form-data" name="sxFormFileUpload">
<table border="0" cellspacing="2" cellpadding="3" align="center">
<tr>
<td valign="top">
<table border="0" cellspacing="2" cellpadding="3" align="center">
<tr>
<td class="sxTdItem"><?PHP echo $sxLang['FileItemUpload']; ?></td>
<td><input type="text" style="width:200px" name="name" /></td>
</tr>
<tr>
<td></td>
<td>(<?PHP echo $sxLang['FileMaxSize']; ?>: <?php echo ini_get("upload_max_filesize"); ?>B)</td>
</tr>
<tr>
<td class="sxTdItem"> </td>
<td><select name="vfolder">
<option value="0"><?PHP echo $sxLang['None']; ?></option>
<?PHP
$query = "SELECT * FROM $DB_Files_Folders ORDER BY name";
$result = mysql_query($query, $Link) or queryError("299", mysql_error());
while($ROW = mysql_fetch_object($result))
{
echo '<option value="' . $ROW->id . '"';
if($vfolder == $ROW->id)
echo ' selected="selected"';
echo '>' . $ROW->name . '</option>';
}
?>
</select> <span class="sxSmallText"><?PHP echo $sxLang['FileItemFolder']; ?></span></td>
</tr>
<tr>
<td> </td>
<td nowrap="nowrap"><input name="File" style="width:200px;" type="file" />
<input name="Submit" type="submit" value="<?PHP echo $sxLang['ButtonUpload']; ?>" class="sxButton" /></td>
</tr>
</table>
</td>
<td valign="top">
</td>
</tr>
</table><br />
<div align="left">
<table border="0" cellspacing="2" cellpadding="5" align="center">
<?PHP if (componentActive(9)) { ?>
<tr><td colspan="6">
<?PHP echo $sxLang['FileItemFolderLockInfo']; ?>
</td></tr>
<?PHP } ?>
<tr>
<td class="tableColumn"><?PHP echo $sxLang['GeneralItemName']; ?></td>
<td class="tableColumn"><?PHP echo $sxLang['GeneralItemFilename']; ?></td>
<td class="tableColumn"><?PHP echo $sxLang['GeneralItemSize']; ?></td>
<td class="tableColumn"><?PHP echo $sxLang['GeneralItemHits']; ?></td>
<td class="tableColumn"><?PHP echo $sxLang['FileItemFolderLock']; ?></td>
<td class="tableColumn"><?PHP echo $sxLang['GeneralItemOptions']; ?></td>
</tr>
<?PHP
$query = "SELECT * FROM $DB_Files_Folders ORDER BY name ASC";
$result = mysql_query($query, $Link) or queryError("24", mysql_error());
// Log if folders exist
if(mysql_num_rows($result) > 0)
$sxNoFolders = false;
else
$sxNoFolders = true;
while($ROW = mysql_fetch_object($result))
{
if($ROW->hide) {
$sxFolderLock = "admin_lock.gif";
}
else {
$sxFolderLock = "admin_unlock.gif";
}
echo ' <tr bgcolor="' . $sxTheme['ColorTableRow'] . '">';
// Edit folder name
if($sxFolderEditid == $ROW->id)
{
echo ' <td colspan="4"><input style="width:250px;" type="text" name="sxFolderNameNew" value="' . $ROW->name . '" /></td>';
echo ' <td><input type="checkbox" name="sxFolderHideNew" title="'. $sxLang['FileItemFolderLockToggle'] .'" value="1"';
if($ROW->hide) {
echo 'checked="checked"';
}
echo ' /></td>';
echo ' <td><input name="sxFolderEditid" type="hidden" value="' . $sxFolderEditid . '" />';
echo ' <input name="sxEditFolderName" type="image" title="'. $sxLang['GeneralItemSave'] .'" src="../images/admin_save.gif" value="' . $sxLang['ButtonEditName'] . '" alt="' . $sxLang['ButtonEditName'] . '" /></td>';
}
// Normal display
else
{
if($sxViewFolder == $ROW->id)
{
$sxFolderImage = "folder_open.gif";
$sxFolderLinkVar = "sxCloseFolder";
$sxFolderOpened = true;
}
else
{
$sxFolderImage = "folder_closed.gif";
$sxFolderLinkVar = "sxViewFolder";
$sxFolderOpened = false;
}
$query2 = "SELECT * FROM $DB_Files WHERE folderid='$ROW->id'";
$result2 = mysql_query($query2, $Link) or queryError("2901", mysql_error());
echo ' <td colspan="4">';
echo ' <table border="0" cellpadding="0" cellspacing="0">';
echo ' <tr>';
echo ' <td><a name="folder' . $ROW->id . '" href="' . $_SERVER['PHP_SELF'] . '?' . $sxFolderLinkVar . '=' . $ROW->id . '#folder' . $ROW->id . '"><img src="../images/' . $sxFolderImage . '" style="border: 0;"></a></td>';
echo ' <td> <a name="folder' . $ROW->id . '" href="' . $_SERVER['PHP_SELF'] . '?' . $sxFolderLinkVar . '=' . $ROW->id . '#folder' . $ROW->id . '">' . $ROW->name . ' (' . mysql_num_rows($result2) . ')</a></td>';
echo ' </tr>';
echo ' </table>';
echo ' </td>';
echo ' <td align="center"><img src="../images/' . $sxFolderLock . '"></td>';
echo ' <td><a href="#" onclick="window.location=\'' . "$PHP_SELF?sxFolderEditid=$ROW->id#$ROW->id" . '\'" title="' . $sxLang['ButtonEdit'] . '"><img src="../images/admin_edit.gif" style="border: 0;" alt="' . $sxLang['ButtonEdit'] . '" /></a>';
echo ' <a href="#" onclick="confirmDeleteFolder(' . $ROW->id . ',\'' . addslashes( htmlspecialchars($ROW->name)) . '\')" title="' . $sxLang['ButtonDelete'] . '"><img src="../images/admin_delete.gif" style="border: 0;" alt="' . $sxLang['ButtonDelete'] . '" /></a></td>';
}
echo ' </tr>';
// Show contents of folder
if($sxViewFolder == $ROW->id)
{
$query2 = "SELECT * FROM $DB_Files WHERE folderid='$ROW->id' ORDER BY filename ASC";
$result2 = mysql_query($query2, $Link) or queryError("24", mysql_error());
while($ROW2 = mysql_fetch_object($result2))
{
echo ' <tr bgcolor="' . incrementHexNumber($sxTheme['ColorTableRow']) . '">'."\n";
// File edit mode
if($editid == $ROW2->id)
{
echo ' <td colspan="4"> <a name="file' . $ROW2->id . '"></a><input style="width:150px;" type="text" name="nameNew" value="' . htmlspecialchars($ROW2->name) . '" />'."\n";
echo ' <select name="vfolder">'."\n";
echo ' <option value="0">' . $sxLang['None'] . '</option>'."\n";
$query3 = "SELECT * FROM $DB_Files_Folders ORDER BY name";
$result3 = mysql_query($query3, $Link) or queryError("299", mysql_error());
while($ROW3 = mysql_fetch_object($result3))
{
echo ' <option value="' . $ROW3->id . '"';
if($ROW2->folderid == $ROW3->id)
echo ' selected="selected"';
echo '>' . $ROW3->name . '</option>'."\n";
}
echo ' </select>'."\n";
echo ' </td>'."\n";
echo ' <td><input name="editid" type="hidden" value="' . $editid . '" />'."\n";
echo ' <input name="FileEdit" type="image" src="../images/admin_edit.gif" value="' . $sxLang['ButtonEdit'] . '" alt="' . $sxLang['ButtonEdit'] . '" /></td>'."\n";
}
// File display mode
else
{
echo ' <td> ' . limitStringForce( htmlspecialchars($ROW2->name), 26) . '</td>';
echo ' <td><a name="file' . $ROW2->id . '" href="' . "../".$sxContentDir['Files'] . $ROW2->filename . '">' . limitStringForce($ROW2->filename, 30) . '</a></td>';
echo ' <td>' . number_format($ROW2->size/1000) . ' kb</td>';
echo ' <td>' . number_format($ROW2->hits) . '</td>';
echo ' <td align="center"><img src="../images/down.gif" /></td>';
echo ' <td><a href="#" onclick="window.location=\'' . "$PHP_SELF?sxViewFolder=$sxViewFolder&editid=$ROW2->id#file$ROW2->id" . '\'" title="' . $sxLang['ButtonEdit'] . '"><img src="../images/admin_edit.gif" style="border: 0;" alt="' . $sxLang['ButtonEdit'] . '" /></a>';
echo ' <a href="#" onclick="confirmDelete(' . $ROW2->id . ',\'' . addslashes( htmlspecialchars($ROW2->filename)) . '\')" title="' . $sxLang['ButtonDelete'] . '"><img src="../images/admin_delete.gif" style="border: 0;" alt="' . $sxLang['ButtonDelete'] . '" /></a></td>';
}
echo ' </tr>';
}
if(mysql_num_rows($result2) == 0)
echo '<tr bgcolor="' . incrementHexNumber($sxTheme['ColorTableRow']) . '"><td colspan="5" width="500"> <em>' . $sxLang['NoFiles'] . '</em></td></tr>';
} // End show contents of folder
} // End folder loop
$query = "SELECT * FROM $DB_Files WHERE folderid='$folderid' ORDER BY filename ASC";
$result = mysql_query($query, $Link) or queryError("24", mysql_error());
while($ROW = mysql_fetch_object($result)){
echo ' <tr bgcolor="' . $sxTheme['ColorTableRow'] . '">'."\n";
if($editid == $ROW->id)
{
echo ' <td colspan="4"><input style="width:150px;" type="text" name="nameNew" value="' . htmlspecialchars($ROW->name) . '" />'."\n";
echo ' <select name="vfolder">'."\n";
echo ' <option value="0">' . $sxLang['None'] . '</option>'."\n";
$query3 = "SELECT * FROM $DB_Files_Folders ORDER BY name";
$result3 = mysql_query($query3, $Link) or queryError("299", mysql_error());
while($ROW3 = mysql_fetch_object($result3))
{
echo ' <option value="' . $ROW3->id . '"';
if($vfolder == $ROW3->id)
echo ' selected="selected"';
echo '>' . $ROW3->name . '</option>'."\n";
}
echo ' </select>'."\n";
echo ' </td>'."\n";
echo ' <td><input name="editid" type="hidden" value="' . $editid . '" />'."\n";
echo ' <input name="FileEdit" type="image" src="../images/admin_edit.gif" value="' . $sxLang['ButtonEdit'] . '" alt="' . $sxLang['ButtonEdit'] . '" /></td>'."\n";
}
else
{
echo ' <td>' . limitStringForce( htmlspecialchars($ROW->name), 26) . '</td>';
echo ' <td><a name="' . $ROW->id . '" href="' . "../".$sxContentDir['Files'] . $ROW->filename . '">' . limitStringForce($ROW->filename, 30) . '</a></td>';
echo ' <td>' . number_format($ROW->size/1000) . ' kb</td>';
echo ' <td>' . number_format($ROW->hits) . '</td>';
echo ' <td><a href="' . $PHP_SELF . "?page=$page&editid=$ROW->id#$ROW->id" . '" title="' . $sxLang['ButtonEdit'] . '"><img src="../images/admin_edit.gif" style="border: 0;" alt="' . $sxLang['ButtonEdit'] . '" /></a>';
echo ' <a href="#" onclick="confirmDelete(' . $ROW->id . ',\'' . addslashes( htmlspecialchars($ROW->filename)) . '\')" title="' . $sxLang['ButtonDelete'] . '"><img src="../images/admin_delete.gif" style="border: 0;" alt="' . $sxLang['ButtonDelete'] . '" /></a></td>';
}
echo ' </tr>';
}
if((mysql_num_rows($result) == 0)AND($sxNoFolders == true))
echo '<tr bgcolor="' . $sxTheme['ColorTableRow'] . '"><td colspan="5" align="center"><em>' . $sxLang['NoFiles'] . '</em></td></tr>';
?>
</table></div><br />
<br />
<div>
<table border="0" cellspacing="2" cellpadding="3" align="center">
<tr>
<td class="sxTdItem"><?PHP echo $sxLang['FileItemCreateFolder']; ?></td>
<td><input type="text" style="width:125px" name="sxFolderName" /> <input name="sxCreateFolder" style=" " type="submit" value="<?PHP echo $sxLang['ButtonAdd']; ?>" class="sxButton" /></td>
</tr>
</table>
</div>
</form></div>
<?PHP
include("../themes/$THEME_FOLDER/footer.php");
ob_end_flush();
?>