<?php

/*

 * Snapr

 * Version 0.1 beta 1

 * Copyright (C) 2007 Dan Fuhry

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

##

## UPLOAD INTERFACE

##

$plugins->attachHook('base_classes_initted', '

  global $paths;

    $paths->add_page(Array(

      \'name\'=>\'Image gallery upload\',

      \'urlname\'=>\'GalleryUpload\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

  ');

function page_Special_GalleryUpload()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  if ( $session->user_level < USER_LEVEL_ADMIN )

  {

    die_friendly('Access denied', '<p>You need to have administrative rights to use the gallery\'s upload features.</p>');

  }

  $zip_support = ( class_exists('ZipArchive') || ( file_exists('/usr/bin/unzip') && is_executable('/usr/bin/unzip') ) );

  $errors = array();

  $template->add_header('<link rel="stylesheet" type="text/css" href="' . scriptPath . '/plugins/gallery/dropdown.css" />');

  $template->add_header('<script type="text/javascript" src="' . scriptPath . '/plugins/gallery/gallery-bits.js"></script>');

  $max_size = @ini_get('upload_max_filesize');

  $max_size_field = '';

  if ( $max_size )

  {

    if ( preg_match('/M$/i', $max_size) )

    {

      $max_size = intval($max_size) * 1048576;

    }

    else if ( preg_match('/K$/i', $max_size) )

    {

      $max_size = intval($max_size) * 1024;

    }

    else if ( preg_match('/G$/i', $max_size) )

    {

      $max_size = intval($max_size) * 1048576 * 1024;

    }

    $max_size = intval($max_size);

    $max_size_field = "\n" . '<input type="hidden" name="MAX_FILE_SIZE" value="' . $max_size . '" />' . "\n";

  }

  if ( isset($_GET['edit_img']) )

  {

    $edit_parms = $_GET['edit_img'];

    $regex = '/^((([0-9]+),)*)?([0-9]+?)$/';

    if ( !preg_match($regex, $edit_parms) )

    {

      die_friendly('Bad request', '<p>$_GET[\'edit_img\'] must be a comma-separated list of image IDs.</p>');

    }

    $idlist = explode(',', $edit_parms);

    $num_edit = count($idlist);

    $idlist = "SELECT img_id,img_title,img_desc,img_filename,is_folder FROM ".table_prefix."gallery WHERE img_id=" . implode(' OR img_id=', $idlist) . ';';

    if ( !$e = $db->sql_query($idlist) )

      $db->_die();

    $template->header();

    if ( isset($_POST['edit_do_save']) )

    {

      @set_time_limit(0);

      $arr_img_data = array();

      while ( $row = $db->fetchrow($e) )

        $arr_img_data[$row['img_id']] = $row;

      // Allow breaking out

      switch(true):case true:

        if ( !is_array($_POST['img']) )

        {

          $errors[] = 'No images passed to processor.';

          break;

        }

        // Main updater loop

        foreach ( $_POST['img'] as $img_id => $img_data )

        {

          if ( !preg_match('/^[0-9]+$/', $img_id) )

          {

            $errors[] = 'SQL injection attempted!';

            break 2;

          }

          // Array of columns to update

          $to_update = array();

          $key = 'reupload_' . $img_data['id'];

          if ( isset($_FILES[$key]) )

          {

            $file =& $_FILES[ $key ];

            if ( $file['tmp_name'] != '' )

            {

              // Reupload

              $filename = ENANO_ROOT . '/files/' . $arr_img_data[ $img_data['id'] ]['img_filename'];

              if ( !unlink($filename) )

              {

                $errors[] = "Could not delete $filename";

                break 2;

              }

              if ( !@move_uploaded_file($file['tmp_name'], $filename) )

              {

                $errors[] = "Could not move uploaded file to $filename";

                break 2;

              }

              //

              // Create scaled images

              //

              // Create thumbnail image

              $thumb_filename = ENANO_ROOT . '/cache/' . $arr_img_data[ $img_data['id'] ]['img_filename'] . '-thumb.jpg';

              if ( !unlink($thumb_filename) )

              {

                $errors[] = "Could not delete $thumb_filename";

                break 2;

              }

              $magick = getConfig('imagemagick_path');

              $command = "$magick '{$filename}' -resize ".'"'."80x80>".'"'." -quality 85 $thumb_filename";

              @system($command, $stat);

              if ( !file_exists($thumb_filename) )

              {

                $errors[] = 'Couldn\'t scale image '.$i.': ImageMagick failed us';

                break 2;

              }

              // Create preview image

              $preview_filename = ENANO_ROOT . '/cache/' . $arr_img_data[ $img_data['id'] ]['img_filename'] . '-preview.jpg';

              if ( !unlink($preview_filename) )

              {

                $errors[] = "Could not delete $preview_filename";

                break 2;

              }

              $magick = getConfig('imagemagick_path');

              $command = "$magick '{$filename}' -resize ".'"'."640x640>".'"'." -quality 85 $preview_filename";

              @system($command, $stat);

              if ( !file_exists($preview_filename) )

              {

                $errors[] = 'Couldn\'t scale image '.$i.': ImageMagick failed us';

                break 2;

              }

              $to_update['img_time_mod'] = strval(time());

            }

          }

          $vars = array(

            'year' => date('Y'),

            'month' => date('F'),

            'day' => date('d'),

            'time12' => date('g:i A'),

            'time24' => date('G:i')

          );

          // Image name/title

          $title = $template->makeParserText($img_data['title']);

          $title->assign_vars($vars);

          $executed = $title->run();

          if ( $executed == '_id' )

          {

            $errors[] = 'You cannot name an image or folder "_id", this name is reserved for internal functions.';

            break 2;

          }

          if ( $executed == '' )

          {

            $errors[] = 'Please enter a name for the item with unique ID ' . $img_data['id'] . '. <pre>' . print_r($_POST,true) . '</pre>';

            break 2;

          }

          $to_update['img_title'] = $executed;

          // Image description

          if ( isset($img_data['desc']) )

          {

            $desc = $template->makeParserText($img_data['desc']);

            $desc->assign_vars($vars);

            $executed = $desc->run();

            $executed = RenderMan::preprocess_text($executed, false, false);

            $to_update['img_desc'] = $executed;

          }

          // Folder

          $target_folder = false;

          if ( !empty($_POST['override_folder']) )

          {

            if ( $_POST['override_folder'] == 'NULL' || preg_match('/^[0-9]+$/', $_POST['override_folder']) )

            {

              $target_folder = $_POST['override_folder'];

            }

          }

          if ( !empty($img_data['folder']) )

          {

            if ( $img_data['folder'] == 'NULL' || preg_match('/^[0-9]+$/', $img_data['folder']) )

            {

              $target_folder = $img_data['folder'];

            }

          }

          if ( $target_folder )

          {

            // Make sure we're not trying to move a folder to itself or a subdirectory of itself

            $children = gal_fetch_all_children(intval($img_data['id']));

            if ( $img_data['id'] == $target_folder || in_array($target_folder, $children) )

            {

              $errors[] = 'You are trying to move a folder to itself, or to a subdirectory of itself, which is not allowed. If done manually (i.e. via an SQL client) this will result in infinite loops in the folder sorting code.';

              break 2;

            }

            $to_update['folder_parent'] = $target_folder;

          }

          if ( count($to_update) > 0 )

          {

            $up_keys = array_keys($to_update);

            $up_vals = array_values($to_update);

            $bin_cols = array('folder_parent');

            $sql = 'UPDATE ' . table_prefix.'gallery SET ';

            foreach ( $up_keys as $i => $key )

            {

              if ( in_array($key, $bin_cols) )

              {

                $sql .= $key . '=' . $up_vals[$i] . ',';

              }

              else

              {

                $sql .= $key . '=\'' . $db->escape($up_vals[$i]) . '\',';

              }

            }

            $sql = preg_replace('/,$/i', '', $sql) . ' WHERE img_id=' . $img_data['id'] . ';';

            if ( !$db->sql_query($sql) )

            {

              $db->_die();

            }

          }

        }

        echo '<div class="info-box" style="margin-left: 0;">Your changes have been saved.</div>';

      endswitch;

      // Rerun select query to make sure information in PHP memory is up-to-date

      if ( !$e = $db->sql_query($idlist) )

        $db->_die();

    }

    if ( count($errors) > 0 )

    {

      echo '<div class="error-box" style="margin-left: 0;">

              <b>The following errors were encountered while updating the image data:</b><br />

              <ul>

                <li>' . implode("</li>\n        <li>", $errors) . '</li>

              </ul>

            </div>';

    }

    ?>

    <script type="text/javascript">

      function gal_unset_radios(name)

      {

        var radios = document.getElementsByTagName('input');

        for ( var i = 0; i < radios.length; i++ )

        {

          var radio = radios[i];

          if ( radio.name == name )

          {

            radio.checked = false;

          }

        }

      }

    </script>

    <?php

    echo '<form action="' . makeUrlNS('Special', 'GalleryUpload', 'edit_img=' . $edit_parms, true) . '" method="post" enctype="multipart/form-data">';

    echo $max_size_field;

    if ( $row = $db->fetchrow($e) )

    {

      echo '<div class="tblholder">

              <table border="0" cellspacing="1" cellpadding="4">';

      echo '    <tr><th class="subhead">Information</th></tr>';

      echo '    <tr><td class="row3">

                  As with the upload form, the following variables can be used. <b>Note that when editing images, the {id} and {autotitle} variables will be ignored.</b>';

      ?>

          <ul>

            <li>{year}: The current year (<?php echo date('Y'); ?>)</li>

            <li>{month}: The current month (<?php echo date('F'); ?>)</li>

            <li>{day}: The day of the month (<?php echo date('d'); ?>)</li>

            <li>{time12}: 12-hour time (<?php echo date('g:i A'); ?>)</li>

            <li>{time24}: 24-hour time (<?php echo date('G:i'); ?>)</li>

          </ul>

      <?php

      echo '        </td></tr>';

      echo '  </table>

            </div>';

      $i = 0;

      do

      {

        $thumb_url = makeUrlNS('Special', 'GalleryFetcher/thumb/' . $row['img_id'], false, true);

        # Type: folder

        if ( $row['is_folder'] == 1 ):

        // Image ID tracker

        echo '<input type="hidden" name="img[' . $i . '][id]" value="' . $row['img_id'] . '" />';

        //

        // Editor table

        //

        $folders = gallery_imgid_to_folder(intval($row['img_id']));

        foreach ( $folders as $j => $xxx )

        {

          $folder =& $folders[$j];

          $folder = sanitize_page_id($folder);

        }

        $folders = array_reverse($folders);

        $gal_href = implode('/', $folders) . ( count($folders) > 0 ? '/' : '' ) . sanitize_page_id($row['img_title']);

        echo '<div class="tblholder">

                <table border="0" cellspacing="1" cellpadding="4">';

        echo '<tr><th colspan="2">Folder: ' . htmlspecialchars($row['img_title']) . '</th></tr>';

        // Primary key

        echo '<tr>

                <td class="row2">Unique ID:</td>

                <td class="row1">' . $row['img_id'] . ' (<a href="' . makeUrlNS('Special', 'Gallery/' . $gal_href) . '">view folder contents</a>)</td>

              </tr>';

        // Path info

        echo '<tr>

                <td class="row2">Parent folders:</td>

                <td class="row1">' . /* Yeah it's dirty, but hey, it gets the job done ;-) */ ( ( $x = str_replace('&amp;raquo;', '&raquo;', htmlspecialchars(str_replace('_', ' ', implode(' &raquo; ', $folders)))) ) ? $x : '&lt;in root&gt;' ) . '</td>

              </tr>';

        // Image name

        echo '<tr>

                <td class="row2">Folder name:</td>

                <td class="row1"><input type="text" style="width: 98%;" name="img[' . $i . '][title]" value="' . htmlspecialchars($row['img_title']) . '" size="43" /></td>

              </tr>';

        // Mover widget

        ?>

        <tr>

          <td class="row2">Move to folder:</td>

          <td class="row1">

            <div class="toggle">

                <img alt="&gt;&gt;" src="<?php echo scriptPath; ?>/plugins/gallery/toggle-closed.png" class="toggler" />

                Select folder

              </div>

              <div class="body">

                <?php

                  echo gallery_hier_formfield('img[' . $i . '][folder]', false);

                ?>

                <br />

                <a href="#" onclick="gal_unset_radios('img[<?php echo $i; ?>][folder]'); return false;">Unselect field</a>

              </div>

            </div>

          </td>

        </tr>

        <?php

        // Finish table

        echo '</table>';

        echo '</div>';

        # Type: image

        else:

        // Image ID tracker

        echo '<input type="hidden" name="img[' . $i . '][id]" value="' . $row['img_id'] . '" />';

        //

        // Editor table

        //

        echo '<div class="tblholder">

                <table border="0" cellspacing="1" cellpadding="4">';

        echo '<tr><th colspan="2">Image: ' . htmlspecialchars($row['img_title']) . '</th></tr>';

        // Primary key

        echo '<tr>

                <td class="row2">Unique ID:</td>

                <td class="row1">' . $row['img_id'] . ' (<a href="' . makeUrlNS('Gallery', $row['img_id']) . '">view image\'s page</a>)</td>

              </tr>';

        // Thumbnail

        echo '<tr>

                <td class="row2">Thumbnail:</td>

                <td class="row1"><img alt="Thumbnail image" src="' . $thumb_url . '" /></td>

              </tr>';

        // Image name

        echo '<tr>

                <td class="row2">Image title:</td>

                <td class="row1"><input type="text" style="width: 98%;" name="img[' . $i . '][title]" value="' . htmlspecialchars($row['img_title']) . '" size="43" /></td>

              </tr>';

        // Image description

        echo '<tr>

                <td class="row2">Image description:</td>

                <td class="row1"><textarea rows="10" cols="40" style="width: 98%;" name="img[' . $i . '][desc]">' . htmlspecialchars($row['img_desc']) . '</textarea></td>

              </tr>';

        // ACL editor trigger

        echo '<tr>

                <td class="row2">Permissions:</td>

                <td class="row1"><input type="button" onclick="ajaxOpenACLManager(\'' . $row['img_id'] . '\', \'Gallery\');" value="Edit permissions" /><br /><small>Only works in Firefox 1.5 or later, Safari 3.x or later, or Opera 9.0 or later.</small></td>

              </tr>';

        // Mover widget

        ?>

        <tr>

          <td class="row2">Move to folder:</td>

          <td class="row1">

            <div class="toggle">

                <img alt="&gt;&gt;" src="<?php echo scriptPath; ?>/plugins/gallery/toggle-closed.png" class="toggler" />

                Select folder

              </div>

              <div class="body">

                <?php

                  echo gallery_hier_formfield('img[' . $i . '][folder]', false);

                ?>

                <br />

                <a href="#" onclick="gal_unset_radios('img[<?php echo $i; ?>][folder]'); return false;">Unselect field</a>

              </div>

            </div>

          </td>

        </tr>

        <?php

        // File replacer

        echo '<tr>

                <td class="row2">Upload new version:</td>

                <td class="row1"><input type="file" name="reupload_' . $row['img_id'] . '" size="30" style="width: 98%;" /></td>

              </tr>';

        // Finish table

        echo '</table>';

        echo '</div>';

        endif;

        $i++;

      }

      while ( $row = $db->fetchrow($e) );

      $db->free_result();

      echo '<div class="tblholder">

              <table border="0" cellspacing="1" cellpadding="4">';

      // Mover widget

      if ( $num_edit > 1 ):

      ?>

      <tr>

        <td class="row2">Move all to folder:<br /><small>Other folder fields on this page can override this for individual images.</small></td>

        <td class="row1" style="width: 70%;">

          <div class="toggle">

              <img alt="&gt;&gt;" src="<?php echo scriptPath; ?>/plugins/gallery/toggle-closed.png" class="toggler" />

              Select folder

            </div>

            <div class="body">

              <?php

                echo gallery_hier_formfield('override_folder', false);

              ?>

              <br />

              <a href="#" onclick="gal_unset_radios('override_folder'); return false;">Unselect field</a>

            </div>

          </div>

        </td>

      </tr>

      <?php