files_actions.php

Revision 2, 14.1 kB (checked in by sven, 3 years ago)
importing elgg-0.1.1a

Line
1	<?php
2
3	// Action parser for file uploads
4
5	global $folder;
6
7	if (isset($_REQUEST['action']) && logged_on) {
8
9	switch($_REQUEST['action']) {
10
11	// Create a new folder
12	case "files:createfolder":
13	if (
14	logged_on
15	&& isset($_REQUEST['new_folder_name'])
16	&& $_REQUEST['new_folder_name'] != ""
17	&& isset($_REQUEST['new_folder_access'])
18	&& isset($folder)
19	) {
20	$name = addslashes($_REQUEST['new_folder_name']);
21	$access = addslashes($_REQUEST['new_folder_access']);
22	db_query(" insert into file_folders
23	set parent = $folder,
24	name = '$name',
25	access = '$access',
26	owner = ".$_SESSION['userid']);
27	$insert_id = db_id();
28	if ($_REQUEST['new_folder_keywords'] != "") {
29	$value = $_REQUEST['new_folder_keywords'];
30	$value = str_replace("\n","",$value);
31	$value = str_replace("\r","",$value);
32	$keyword_list = explode(",",$value);
33	sort($keyword_list);
34	if (sizeof($keyword_list) > 0) {
35	foreach($keyword_list as $key => $list_item) {
36	$list_item = addslashes(trim($list_item));
37	db_query("insert into tags set tagtype = 'folder', access = '$access', tag = '$list_item', ref = $insert_id, owner = " . $_SESSION['userid']);
38	}
39	}
40	}
41	$messages[] = "Your folder was created.";
42	} else {
43	$messages[] = "Could not create folder. Perhaps the folder name was blank?";
44	}
45	break;
46
47	// Upload a new file
48
49	case "files:uploadfile":
50	if (
51	logged_on
52	&& isset($_REQUEST['new_file_description'])
53	&& isset($_REQUEST['new_file_title'])
54	&& isset($_REQUEST['new_file_access'])
55	&& isset($_REQUEST['folder'])
56	&& isset($_FILES['new_file'])
57	&& isset($_REQUEST['copyright'])
58	) {
59
60	if (
61	$_FILES['new_file']['error'] != 0
62	) {
63	$messages[] = "There was an error uploading the file. Possibly the file was too large, or the upload was interrupted.";
64	} else {
65
66	$total_quota = db_query("select sum(size) as sum from files where owner = " . $_SESSION['userid']);
67	$total_quota = $total_quota[0]->sum;
68
69	$max_quota = db_query("select file_quota from users where ident = " . $_SESSION['userid']);
70	$max_quota = $max_quota[0]->file_quota;
71
72	if ($total_quota + $_FILES['new_file']['size'] > $max_quota) {
73	$messages[] = "You have exceeded your file quota. You must delete some files before you can upload this one.";
74	} else {
75
76	$access = addslashes($_REQUEST['new_file_access']);
77	$original_filename = addslashes($_FILES['new_file']['name']);
78	$size = $_FILES['new_file']['size'];
79	$folderid = (int) $_REQUEST['folder'];
80	$description = addslashes($_REQUEST['new_file_description']);
81	$title = addslashes($_REQUEST['new_file_title']);
82
83	$new_filename = time() . "_" . preg_replace("/[^\w.-]/i","_",$original_filename);
84
85	$upload_folder = substr($_SESSION['username'],0,1);
86
87	if (!file_exists(path . "_files/data/" . $upload_folder)) {
88	mkdir(path . "_files/data/" . $upload_folder);
89	}
90
91	if (!file_exists(path . "_files/data/" . $upload_folder . "/" . $_SESSION['username'])) {
92	mkdir(path . "_files/data/" . $upload_folder . "/" . $_SESSION['username']);
93	}
94
95	$new_filename = path . "_files/data/" . $upload_folder . "/" . $_SESSION['username'] . "/" . $new_filename;
96
97	if (move_uploaded_file($_FILES['new_file']['tmp_name'],$new_filename)) {
98
99	$new_filename = addslashes($new_filename);
100
101	db_query("insert into files set owner = ".$_SESSION['userid'].",
102	folder = $folderid,
103	originalname = '$original_filename',
104	title = '$title',
105	description = '$description',
106	location = '$new_filename',
107	access = '$access',
108	size = '$size',
109	time_uploaded = ".time());
110	$file_id = db_id();
111	if ($_REQUEST['new_file_keywords'] != "") {
112	$value = $_REQUEST['new_file_keywords'];
113	$value = str_replace("\n","",$value);
114	$value = str_replace("\r","",$value);
115	$keyword_list = explode(",",$value);
116	sort($keyword_list);
117	if (sizeof($keyword_list) > 0) {
118	foreach($keyword_list as $key => $list_item) {
119	$list_item = addslashes(trim($list_item));
120	db_query("insert into tags set tagtype = 'file', access = '$access', tag = '$list_item', ref = $file_id, owner = " . $_SESSION['userid']);
121	}
122	}
123	}
124	if (isset($_REQUEST['metadata'])) {
125	$metadata = $_REQUEST['metadata'];
126	if (sizeof($metadata) > 0) {
127
128	foreach($metadata as $name => $value) {
129	$name = addslashes($name);
130	$value = addslashes($value);
131	db_query("insert into file_metadata
132	set name = '$name',
133	value = '$value',
134	file_id = $file_id");
135	}
136
137	}
138	}
139
140	$messages[] = "The file was successfully uploaded.";
141	$redirect_url = url . $_SESSION['username'] . "/files/";
142	if ($folderid > -1) {
143	$redirect_url .= $folderid;
144	}
145	define('redirect_url', $redirect_url);
146	}
147
148	}
149
150	}
151
152	} else {
153	$redirect_url = url . $_SESSION['username'] . "/files/";
154	if ($folderid > -1) {
155	$redirect_url .= $folderid;
156	}
157	define('redirect_url', $redirect_url);
158	$file_data = "";
159	$file_data->new_file_description = $_REQUEST['new_file_description'];
160	$file_data->new_file_title = $_REQUEST['new_file_title'];
161	$file_data->new_file_access = $_REQUEST['new_file_access'];
162	$file_data->folder = $_REQUEST['folder'];
163	$file_data->new_file = $_REQUEST['new_file'];
164	$_SESSION['file_data'] = $file_data;
165	$messages[] = "Upload unsuccessful. You must check the copyright box for a file to be uploaded.";
166	}
167	break;
168	// Edit a file
169	case "files:editfile": if (
170	logged_on
171	&& isset($_REQUEST['file_id'])
172	&& isset($_REQUEST['edit_file_title'])
173	&& isset($_REQUEST['edit_file_folder'])
174	&& isset($_REQUEST['edit_file_description'])
175	&& isset($_REQUEST['edit_file_access'])
176	&& isset($_REQUEST['edit_file_keywords'])
177	) {
178	$file_id = (int) $_REQUEST['file_id'];
179	$file_title = addslashes($_REQUEST['edit_file_title']);
180	$file_folder = (int) ($_REQUEST['edit_file_folder']);
181	$file_access = addslashes($_REQUEST['edit_file_access']);
182	$file_keywords = addslashes($_REQUEST['edit_file_keywords']);
183	$file_description = addslashes($_REQUEST['edit_file_description']);
184	$file_info = db_query("select owner from files where ident = $file_id");
185	$file_info = $file_info[0];
186	if ($file_info->owner == $_SESSION['userid']) {
187	db_query("update files set
188	folder = $file_folder,
189	title = '$file_title',
190	access = '$file_access',
191	description = '$file_description'
192	where ident = $file_id");
193	db_query("delete from tags where tagtype = 'file' and ref = $file_id");
194	if ($file_keywords != "") {
195	$value = $file_keywords;
196	$value = str_replace("\n","",$value);
197	$value = str_replace("\r","",$value);
198	$keyword_list = explode(",",$value);
199	sort($keyword_list);
200	if (sizeof($keyword_list) > 0) {
201	foreach($keyword_list as $key => $list_item) {
202	$list_item = (trim($list_item));
203	db_query("insert into tags set tagtype = 'file', access = '$file_access', tag = '$list_item', ref = $file_id, owner = " . $_SESSION['userid']);
204	}
205	}
206	}
207	$redirect_url = url . $_SESSION['username'] . "/files/";
208	if ($file_folder != -1) {
209	$redirect_url .= $file_folder;
210	}
211	define('redirect_url',$redirect_url);
212	$messages[] = "The file was updated.";
213	}
214	}
215	break;
216	// Edit a folder
217	case "edit_folder": if (
218	logged_on
219	&& isset($_REQUEST['edit_folder_id'])
220	&& isset($_REQUEST['edit_folder_name'])
221	&& isset($_REQUEST['edit_folder_access'])
222	&& isset($_REQUEST['edit_folder_keywords'])
223	&& isset($_REQUEST['edit_folder_parent'])
224	) {
225	$edit_folder_id = (int) $_REQUEST['edit_folder_id'];
226	$edit_owner = db_query("select owner from file_folders where ident = $edit_folder_id");
227	if ($edit_owner[0]->owner == $_SESSION['userid']) {
228	$edit_parent_id = (int) $_REQUEST['edit_folder_parent'];
229	db_query("update file_folders
230	set name = '".addslashes($_REQUEST['edit_folder_name'])."',
231	access = '".addslashes($_REQUEST['edit_folder_access'])."',
232	parent = ".$edit_parent_id."
233	where ident = $edit_folder_id");
234	db_query("delete from tags where tagtype = 'folder' and ref = $edit_folder_id");
235	if ($_REQUEST['edit_folder_keywords'] != "") {
236	$edit_value = $_REQUEST['edit_folder_keywords'];
237	$edit_value = str_replace("\n","",$edit_value);
238	$edit_value = str_replace("\r","",$edit_value);
239	$edit_keyword_list = explode(",",$edit_value);
240	sort($edit_keyword_list);
241	if (sizeof($edit_keyword_list) > 0) {
242	foreach($edit_keyword_list as $key => $list_item) {
243	$list_item = addslashes(trim($list_item));
244	db_query("insert into tags set tagtype = 'folder', access = '".addslashes($_REQUEST['edit_folder_access'])."', tag = '$list_item', ref = $edit_folder_id, owner = " . $_SESSION['userid']);
245	}
246	}
247	}
248	$messages[] = "The folder was edited.";
249	}
250	}
251	break;
252	// Delete a folder
253	case "delete_folder": if (
254	logged_on
255	&& isset($_REQUEST['delete_folder_id'])
256	) {
257	$id = (int) $_REQUEST['delete_folder_id'];
258	if ($id > -1) {
259	$folder = db_query("select * from file_folders where ident = $id and owner = " . $_SESSION['userid']);
260	if (sizeof($folder) > 0) {
261	$folder = $folder[0];
262	db_query("update file_folders set parent = " . $folder->parent . " where parent = $id");
263	db_query("update files set folder = " . $folder->parent . " where folder = $id");
264	db_query("delete from file_folders where ident = $id");
265	db_query("delete from tags where tagtype = 'folder' and ref = $id");
2