1<?php
2/**
3 * provides the Upload tab of admin
4 * @package admin
5 */
6// force UTF-8 Ø
7
8define('OFFSET_PATH', 1);
9
10require_once(dirname(__FILE__) . '/admin-globals.php');
11
12admin_securityChecks(UPLOAD_RIGHTS | FILES_RIGHTS, $return = currentRelativeURL());
13
14if (isset($_GET['type'])) {
15	$uploadtype = sanitize($_GET['tab']);
16	zp_setCookie('zpcms_admin_uploadtype', $uploadtype);
17} else {
18	$uploadtype = zp_getcookie('zpcms_admin_uploadtype');
19	$_GET['tab'] = $uploadtype;
20}
21$handlers = array_keys($uploadHandlers = zp_apply_filter('upload_handlers', array()));
22if (!zp_loggedin(UPLOAD_RIGHTS) || empty($handlers)) {
23	//	redirect to the files page if present
24	if (isset($zenphoto_tabs['upload']['subtabs'][0])) {
25		redirectURL($zenphoto_tabs['upload']['subtabs'][0]);
26	}
27	$handlers = array();
28}
29
30if (count($handlers) > 0) {
31	if (!isset($uploadHandlers[$uploadtype]) || !file_exists($uploadHandlers[$uploadtype] . '/upload_form.php')) {
32		$uploadtype = array_shift($handlers);
33	}
34	require_once($uploadHandlers[$uploadtype] . '/upload_form.php');
35} else {
36
37	require_once(SERVERPATH . '/' . ZENFOLDER . '/no_uploader.php');
38	exitZP();
39}
40
41$page = "upload";
42$_GET['page'] = 'upload';
43
44printAdminHeader('upload', 'albums');
45?>
46<script type="text/javascript" src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/js/upload.js"></script>
47<?php
48//	load the uploader specific header stuff
49$formAction = upload_head();
50
51echo "\n</head>";
52echo "\n<body>";
53printLogoAndLinks();
54?>
55<div id="main">
56	<?php
57	printTabs();
58	?>
59	<div id="content">
60		<?php
61		if (!empty($zenphoto_tabs['upload']['subtabs'])) {
62			printSubtabs();
63		}
64		$albumlist = $_zp_gallery->getAllAlbumsFromDB();
65		//	remove dynamic albums--can't upload to them
66		foreach ($albumlist as $key => $albumname) {
67			if (hasDynamicAlbumSuffix($key) && !is_dir(ALBUM_FOLDER_SERVERPATH . $key)) {
68				unset($albumlist[$key]);
69			}
70		}
71		?>
72		<script type="text/javascript">
73			// <!-- <![CDATA[
74			// Array of album names for javascript functions.
75			var albumArray = new Array(
76<?php
77$separator = '';
78foreach ($albumlist as $key => $value) {
79	echo $separator . "'" . addslashes($key) . "'";
80	$separator = ", ";
81}
82?>);
83			// ]]> -->
84		</script>
85
86		<div class="tabbox">
87			<?php zp_apply_filter('admin_note', 'upload', 'images'); ?>
88			<h1><?php echo gettext("Upload Images"); ?></h1>
89			<p>
90				<?php
91				sortArray($_zp_supported_images);
92				$types = array_keys($_zp_extra_filetypes);
93				$types = array_merge($_zp_supported_images, $types);
94				if (function_exists('zip_open')) {
95					$types[] = 'ZIP';
96				}
97				$types = zp_apply_filter('upload_filetypes', $types);
98				sortArray($types);
99				$upload_extensions = $types;
100				$last = strtoupper(array_pop($types));
101				$s1 = strtoupper(implode(', ', $types));
102				$used = 0;
103
104				if (count($types) > 1) {
105					printf(gettext('This web-based upload accepts the file formats: %s, and %s.'), $s1, $last);
106				} else {
107					printf(gettext('This web-based upload accepts the file formats: %s and %s.'), $s1, $last);
108				}
109				?>
110			</p>
111			<p class="notebox">
112				<?php
113				echo gettext('<strong>Note: </strong>');
114				?>
115				<br />
116				<?php
117				if ($last == 'ZIP') {
118					echo gettext('ZIP files must contain only Zenphoto supported <em>image</em> types.');
119					?>
120					<br />
121					<?php
122				}
123				$maxupload = ini_get('upload_max_filesize');
124				$maxpost = ini_get('post_max_size');
125				$maxuploadint = parse_size($maxupload);
126				$maxpostint = parse_size($maxpost);
127				if ($maxuploadint < $maxpostint) {
128					echo sprintf(gettext("The maximum size for any one file is <strong>%sB</strong> and the maximum size for one total upload is <strong>%sB</strong> which are set by your PHP configuration <code>upload_max_filesize</code> and <code>post_max_size</code>."), $maxupload, $maxpost);
129				} else {
130					echo ' ' . sprintf(gettext("The maximum size for your total upload is <strong>%sB</strong> which is set by your PHP configuration <code>post_max_size</code>."), $maxpost);
131				}
132				$uploadlimit = zp_apply_filter('get_upload_limit', $maxuploadint);
133				$maxuploadint = min($maxuploadint, $uploadlimit);
134				?>
135				<br />
136				<?php
137				echo zp_apply_filter('get_upload_header_text', gettext('Don’t forget, you can also use <acronym title="File Transfer Protocol">FTP</acronym> to upload folders of images into the albums directory!'));
138				?>
139			</p>
140			<?php
141			if (isset($_GET['error'])) {
142				$errormsg = sanitize($_GET['error']);
143				?>
144				<div class="errorbox fade-message">
145					<h2><?php echo gettext("Upload Error"); ?></h2>
146					<?php echo (empty($errormsg) ? gettext("There was an error submitting the form. Please try again.") : html_encode($errormsg)); ?>
147				</div>
148				<?php
149			}
150			if (isset($_GET['uploaded'])) {
151				?>
152				<div class="messagebox fade-message">
153					<h2><?php echo gettext("Upload complete"); ?></h2>
154					<?php echo gettext('Your files have been uploaded.'); ?>
155				</div>
156				<?php
157			}
158			$rootrights = zp_apply_filter('upload_root_ui', accessAllAlbums(UPLOAD_RIGHTS));
159			if ($rootrights || !empty($albumlist)) {
160				echo gettext("Upload to:");
161				if (isset($_GET['new'])) {
162					$checked = ' checked="checked"';
163				} else {
164					$checked = '';
165				}
166				?>
167				<script type="text/javascript">
168					// <!-- <![CDATA[
169	<?php seoFriendlyJS(); ?>
170					function buttonstate(good) {
171						$('#albumtitleslot').val($('#albumtitle').val());
172
173						var publishalbumchecked;
174						if ($('#publishalbum').prop('checked')) {
175							publishalbumchecked = 1 ;
176						} else {
177							publishalbumchecked = 0;
178						}
179						$('#publishalbumslot').val(publishalbumchecked);
180
181						if (good) {
182							$('#fileUploadbuttons').show();
183						} else {
184							$('#fileUploadbuttons').hide();
185						}
186
187						if(good) {
188							$('#upload_action').show();
189						} else {
190							$('#upload_action').hide();
191						}
192					}
193
194					function publishCheck() {
195						var publishalbumchecked;
196						if ($('#publishalbum').prop('checked')) {
197							publishalbumchecked = 1 ;
198						} else {
199							publishalbumchecked = 0;
200						}
201						$('#publishalbumslot').val(publishalbumchecked);
202					}
203
204					function albumSelect() {
205						var sel = document.getElementById('albumselectmenu');
206						var selected = sel.options[sel.selectedIndex].value;
207						$('#folderslot').val(selected);
208						var state = albumSwitch(sel, true, '<?php echo addslashes(gettext('That name is already used.')); ?>', '<?php echo addslashes(gettext('This upload has to have a folder. Type a title or folder name to continue...')); ?>');
209						buttonstate(state);
210					}
211					// ]]> -->
212				</script>
213				<div id="albumselect">
214
215					<form name="file_upload_datum" id="file_upload_datum" method="post" action="<?php echo $formAction; ?>" enctype="multipart/form-data" >
216
217						<select id="albumselectmenu" name="albumselect" onchange="albumSelect()">
218							<?php
219							if ($rootrights) {
220								?>
221								<option value="" selected="selected" style="font-weight: bold;">/</option>
222								<?php
223							}
224							if (isset($_GET['album'])) {
225								$passedalbum = sanitize($_GET['album']);
226							} else {
227								if ($rootrights) {
228									$passedalbum = NULL;
229								} else {
230									$alist = array_keys($albumlist);
231									$passedalbum = array_shift($alist);
232								}
233							}
234							foreach ($albumlist as $fullfolder => $albumtitle) {
235								$singlefolder = $fullfolder;
236								$saprefix = "";
237								if (!is_null($passedalbum) && ($passedalbum == $fullfolder)) {
238									$selected = " selected=\"selected\" ";
239								} else {
240									$selected = "";
241								}
242								// Get rid of the slashes in the subalbum, while also making a subalbum prefix for the menu.
243								while (strstr($singlefolder, '/') !== false) {
244									$singlefolder = substr(strstr($singlefolder, '/'), 1);
245									$saprefix = "–&nbsp;" . $saprefix;
246								}
247								echo '<option value="' . $fullfolder . '"' . "$selected>" . $saprefix . $singlefolder . " (" . $albumtitle . ')' . "</option>\n";
248							}
249							if (isset($_GET['publishalbum'])) {
250								$publishchecked = ' checked="checked"';
251							} else {
252								if ($albpublish = $_zp_gallery->getAlbumPublish()) {
253									$publishchecked = ' checked="checked"';
254								} else {
255									$publishchecked = '';
256								}
257							}
258							?>
259						</select>
260
261						<?php
262						if (empty($passedalbum)) {
263							$modified_rights = MANAGED_OBJECT_RIGHTS_EDIT;
264						} else {
265							$rightsalbum = newAlbum($passedalbum);
266							$modified_rights = $rightsalbum->albumSubRights();
267						}
268						if ($modified_rights & MANAGED_OBJECT_RIGHTS_EDIT) { //	he has edit rights, allow new album creation
269							$display = '';
270						} else {
271							$display = ' display:none;';
272						}
273						?>
274						<div id="newalbumbox" style="margin-top: 5px;<?php echo $display; ?>">
275							<p>
276								<label><input type="checkbox" name="newalbum" id="newalbumcheckbox"<?php echo $checked; ?> onclick="albumSwitch(this.form.albumselect, false, '<?php echo addslashes(gettext('That name is already used.')); ?>', '<?php echo addslashes(gettext('This upload has to have a folder. Type a title or folder name to continue...')); ?>')" /> <?php echo gettext("Create a new album"); ?></label>
277							</p>
278							<p id="publishtext">
279								<label><input type="checkbox" name="publishalbum" id="publishalbum" value="1" <?php echo $publishchecked; ?> onchange="publishCheck();" /> <?php echo gettext("Publish the album."); ?></label>
280							</p>
281						</div>
282						<div id="albumtext" style="margin-top: 5px;<?php echo $display; ?>">
283							<p><label><input type="text" name="albumtitle" id="albumtitle"
284										 onkeyup="buttonstate(updateFolder(this, 'folderdisplay', 'autogen', '<?php echo addslashes(gettext('That name is already used.')); ?>', '<?php echo addslashes(gettext('This upload has to have a folder. Type a title or folder name to continue...')); ?>'));" /> <?php echo gettext('Title'); ?>
285								</label></p>
286
287								<p id="foldererror" class="errorbox" style="display: none;"></p>
288								<p><label><input type="text" name="folderdisplay" disabled="disabled" id="folderdisplay" size="18"
289											 onkeyup="buttonstate(validateFolder(this, '<?php echo addslashes(gettext('That name is already used.')); ?>', '<?php echo addslashes(gettext('This upload has to have a folder. Type a title or folder name to continue...')); ?>'));" />
290									<?php echo gettext('Folder name'); ?></label></p>
291								<p><label for="autogen"><input type="checkbox" name="autogenfolder" id="autogen" checked="checked"
292											 onclick="buttonstate(toggleAutogen('folderdisplay', 'albumtitle', this));" />
293									<?php echo gettext('Auto-generate'); ?></label></p>
294
295						</div>
296						<hr />
297						<?php upload_form($uploadlimit, $passedalbum); ?>
298					</form>
299					<div id="upload_action">
300						<?php
301						//	load the uploader specific form stuff
302						upload_extra($uploadlimit, $passedalbum);
303						?>
304					</div><!-- upload action -->
305
306					<script type="text/javascript">
307						//<!-- <![CDATA[
308	<?php
309	echo zp_apply_filter('upload_helper_js', '') . "\n";
310	if ($passedalbum) {
311		?>
312							buttonstate(true);
313							$('#folderdisplay').val('<?php echo html_encode($passedalbum); ?>');
314		<?php
315	}
316	?>
317						albumSwitch(document.getElementById('albumselectmenu'), false, '<?php echo addslashes(gettext('That name is already used.')); ?>', '<?php echo addslashes(gettext('This upload has to have a folder. Type a title or folder name to continue...')); ?>');
318	<?php
319	if (isset($_GET['folderdisplay'])) {
320		?>
321							$('#folderdisplay').val('<?php echo html_encode(sanitize($_GET['folderdisplay'])); ?>');
322		<?php
323	}
324	if (isset($_GET['albumtitle'])) {
325		?>
326							$('#albumtitle').val('<?php echo html_encode(sanitize($_GET['albumtitle'])); ?>');
327		<?php
328	}
329	if (isset($_GET['autogen']) && !$_GET['autogen']) {
330		?>
331							$('#autogen').prop('checked', false);
332							$('#folderdisplay').removeAttr('disabled');
333							if ($('#folderdisplay').val() != '') {
334								$('#foldererror').hide();
335							}
336		<?php
337	} else {
338		?>
339							$('#autogen').checked;
340							$('#folderdisplay').attr('disabled', 'disabled');
341							if ($('#albumtitle').val() != '') {
342								$('#foldererror').hide();
343							}
344		<?php
345	}
346	?>
347						buttonstate($('#folderdisplay').val() != '');
348						// ]]> -->
349					</script>
350					<?php
351				} else {
352					echo gettext("There are no albums to which you can upload.");
353				}
354				?>
355			</div><!-- albumselect -->
356
357		</div><!-- tabbox -->
358	</div><!-- content -->
359</div><!-- main -->
360<?php
361printAdminFooter();
362?>
363</body>
364</html>
365
366
367
368
369