function MG_MassdeleteAlbum($album_id) { global $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01; // need to check perms here... if ($MG_albums[$album_id]->access != 3) { COM_errorLog("MediaGallery: Someone has tried to illegally delete an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1); return MG_genericError($LANG_MG00['access_denied_msg']); } MG_MassdeleteChildAlbums($album_id); if ($_MG_CONF['member_albums'] == 1 && $MG_albums[$album_id]->parent == $_MG_CONF['member_album_root']) { $result = DB_query("SELECT * FROM {$_TABLES['mg_albums']} WHERE owner_id=" . $MG_albums[$album_id]->owner_id . " AND album_parent=" . $MG_albums[$album_id]->parent); $numRows = DB_numRows($result); if ($numRows == 0) { DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=0 WHERE uid=" . $MG_albums[$album_id]->owner_id, 1); } } MG_initAlbums(); require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); }
function MG_getFile($filename, $file, $album_id, $opt = array()) { global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id; $caption = isset($opt['caption']) ? $opt['caption'] : ''; $description = isset($opt['description']) ? $opt['description'] : ''; $upload = isset($opt['upload']) ? $opt['upload'] : 1; $purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0; $filetype = isset($opt['filetype']) ? $opt['filetype'] : ''; $atttn = isset($opt['atttn']) ? $opt['atttn'] : 0; $thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : ''; $keywords = isset($opt['keywords']) ? $opt['keywords'] : ''; $category = isset($opt['category']) ? $opt['category'] : 0; $dnc = isset($opt['dnc']) ? $opt['dnc'] : 0; $replace = isset($opt['replace']) ? $opt['replace'] : 0; $artist = ''; $musicAlbum = ''; $genre = ''; $video_attached_thumbnail = 0; $successfulWatermark = 0; $dnc = 1; // What is this? $errors = 0; $errMsg = ''; require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php'; $album = new mgAlbum($album_id); $root_album = new mgAlbum(0); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: *********** Beginning media upload process..."); COM_errorLog("Filename to process: " . $filename); COM_errorLog("UID=" . $_USER['uid']); COM_errorLog("album access=" . $album->access); COM_errorLog("album owner_id=" . $album->owner_id); COM_errorLog("member_uploads=" . $album->member_uploads); } clearstatcache(); if (!file_exists($filename)) { $errMsg = $LANG_MG02['upload_not_found']; return array(false, $errMsg); } if (!is_readable($filename)) { $errMsg = $LANG_MG02['upload_not_readable']; return array(false, $errMsg); } // make sure we have the proper permissions to upload to this album.... if (!isset($album->id)) { $errMsg = $LANG_MG02['album_nonexist']; // "Album does not exist, unable to process uploads"; return array(false, $errMsg); } if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) { COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1); return array(false, $LANG_MG00['access_denied_msg']); } sleep(0.1); // We do this to make sure we don't get dupe sid's /* * The following section of code will generate a unique name for a temporary * file and copy the uploaded file to the Media Gallery temp directory. * We do this to prevent any SAFE MODE issues when we later open the * file to determine the mime type. */ if (empty($_USER['username'])) { $_USER['username'] = '******'; } $tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp'; if ($upload) { $rc = @move_uploaded_file($filename, $tmpPath); } else { $rc = @copy($filename, $tmpPath); $importSource = $filename; } if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in generic processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); @unlink($tmpPath); COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } $filename = $tmpPath; $new_media_id = $replace > 0 ? $replace : COM_makesid(); $media_time = time(); $media_upload_time = $media_time; if (!isset($_USER['uid']) || $_USER['uid'] < 1) { $media_user_id = 1; } else { $media_user_id = $_USER['uid']; } $mimeInfo = MG_getMediaMetaData($filename); $mimeExt = strtolower(substr(strrchr($file, '.'), 1)); $mimeInfo['type'] = $mimeExt; // override the determination for some filetypes $filetype = MG_getFileTypeFromExt($mimeExt, $filetype); if (empty($mimeInfo['mime_type'])) { COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection"); $mimeInfo['mime_type'] = $filetype; } $gotTN = 0; if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') { $mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data']; $gotTN = 1; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']); } if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') { // assume format based on file upload info... switch ($filetype) { case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'image/tga': $mimeInfo['type'] = 'tga'; $mimeInfo['mime_type'] = 'image/tga'; $mimeExt = 'tga'; break; case 'image/psd': $mimeInfo['type'] = 'psd'; $mimeInfo['mime_type'] = 'image/psd'; $mimeExt = 'psd'; break; case 'image/gif': $mimeInfo['type'] = 'gif'; $mimeInfo['mime_type'] = 'image/gif'; $mimeExt = 'gif'; break; case 'image/jpeg': case 'image/jpg': $mimeInfo['type'] = 'jpg'; $mimeInfo['mime_type'] = 'image/jpeg'; $mimeExt = 'jpg'; break; case 'image/png': $mimeInfo['type'] = 'png'; $mimeInfo['mime_type'] = 'image/png'; $mimeExt = 'png'; break; case 'image/bmp': $mimeInfo['type'] = 'bmp'; $mimeInfo['mime_type'] = 'image/bmp'; $mimeExt = 'bmp'; break; case 'application/x-shockwave-flash': $mimeInfo['type'] = 'swf'; $mimeInfo['mime_type'] = 'application/x-shockwave-flash'; $mimeExt = 'swf'; break; case 'application/zip': $mimeInfo['type'] = 'zip'; $mimeInfo['mime_type'] = 'application/zip'; $mimeExt = 'zip'; break; case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'video/quicktime': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/quicktime'; $mimeExt = 'mov'; break; case 'video/x-m4v': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/x-m4v'; $mimeExt = 'mov'; break; case 'video/x-flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; $mimeExt = 'flv'; break; case 'audio/x-ms-wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; $mimeExt = 'wma'; break; default: switch ($mimeExt) { case 'flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; break; case 'wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; break; default: $mimeInfo['type'] = 'file'; $mimeInfo['mime_type'] = 'application/octet-stream'; if ($filetype != '') { $mimeInfo['mime_type'] = $filetype; } break; } break; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype); } } switch ($mimeInfo['mime_type']) { case 'audio/mpeg': $format_type = MG_MP3; break; case 'image/gif': $format_type = MG_GIF; break; case 'image/jpeg': case 'image/jpg': $format_type = MG_JPG; break; case 'image/png': $format_type = MG_PNG; break; case 'image/bmp': $format_type = MG_BMP; break; case 'application/x-shockwave-flash': $format_type = MG_SWF; break; case 'application/zip': $format_type = MG_ZIP; break; case 'video/mpeg': case 'video/x-motion-jpeg': case 'video/quicktime': case 'video/mpeg': case 'video/x-mpeg': case 'video/x-mpeq2a': case 'video/x-qtc': case 'video/x-m4v': $format_type = MG_MOV; break; case 'video/x-flv': $format_type = MG_FLV; break; case 'image/tiff': $format_type = MG_TIF; break; case 'image/x-targa': case 'image/tga': $format_type = MG_TGA; break; case 'image/psd': $format_type = MG_PSD; break; case 'application/ogg': $format_type = MG_OGG; break; case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-ms-wmz': case 'application/x-ms-wmd': $format_type = MG_ASF; break; case 'application/pdf': $format_type = MG_OTHER; break; default: $format_type = MG_OTHER; break; } if (!($album->valid_formats & $format_type)) { return array(false, $LANG_MG02['format_not_allowed']); } $mimeType = $mimeInfo['mime_type']; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype); } if ($filetype == 'video/x-m4v') { $mimeType = 'video/x-m4v'; $mimeInfo['mime_type'] = 'video/x-m4v'; } if ($replace > 0) { $sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); $media_filename = $row['media_filename']; } else { if ($_MG_CONF['preserve_filename'] == 1) { $loopCounter = 0; $digitCounter = 1; $file_name = stripslashes($file); $file_name = MG_replace_accents($file_name); $file_name = preg_replace("#[ ]#", "_", $file_name); // change spaces to underscore $file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name); //only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore $file_name = preg_replace('#(_)+#', '_', $file_name); //eliminate duplicate underscore $pos = strrpos($file_name, '.'); if ($pos === false) { $basefilename = $file_name; } else { $basefilename = strtolower(substr($file_name, 0, $pos)); } do { clearstatcache(); $media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename; $loopCounter++; if ($loopCounter > 16) { $digitCounter++; $loopCounter = 0; } } while (MG_file_exists($media_filename)); } else { do { clearstatcache(); $media_filename = md5(uniqid(rand())); } while (MG_file_exists($media_filename)); } } // replace a few mime extentions here... // if ($mimeExt == 'php') { $mimeExt = 'phps'; } if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) { $mimeExt = 'txt'; } $disp_media_filename = $media_filename . '.' . $mimeExt; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename); COM_errorLog("MG Upload: Mime Type: " . $mimeType); } switch ($mimeType) { case 'image/psd': case 'image/x-targa': case 'image/tga': case 'image/photoshop': case 'image/x-photoshop': case 'image/psd': case 'application/photoshop': case 'application/psd': case 'image/tiff': case 'image/gif': case 'image/jpeg': case 'image/jpg': case 'image/png': case 'image/bmp': $dispExt = $mimeExt; if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) { $dispExt = 'jpg'; } $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $media_disp = MG_getFilePath('disp', $media_filename, $dispExt); $media_tn = MG_getFilePath('tn', $media_filename, $dispExt); $mimeType = $mimeInfo['mime_type']; // process image file $media_time = getOriginationTimestamp($filename); if ($media_time == null || $media_time < 0) { $media_time = time(); } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: About to move/copy file"); } $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc); if ($rc == false) { $errors++; $errMsg .= $msg; // sprintf($LANG_MG02['convert_error'],$filename); } else { $mediaType = 0; if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) { if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) { $rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp); } @unlink($media_orig); } if ($album->wm_auto) { if ($_MG_CONF['discard_original'] == 1) { $rc = MG_watermark($media_disp, $album_id, 1); if ($rc == true) { $successfulWatermark = 1; } } else { $rc1 = MG_watermark($media_orig, $album_id, 1); $rc2 = MG_watermark($media_disp, $album_id, 0); if ($rc1 == ture && $rc2 == true) { $successfulWatermark = 1; } } } if ($dnc != 1) { if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) { $mimeExt = 'jpg'; $mimeType = 'image/jpeg'; } } } } break; case 'video/quicktime': case 'video/mpeg': case 'video/x-flv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-shockwave-flash': case 'video/mp4': case 'video/x-m4v': $mimeType = $mimeInfo['mime_type']; if ($filetype == 'video/mp4') { $mimeExt = 'mp4'; } // process video format $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("MG Upload: Error moving uploaded file in video processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); $mediaType = 1; } $video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename); break; case 'application/ogg': case 'audio/mpeg': case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': $mimeType = $mimeInfo['mime_type']; // process audio format $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $rc = @copy($filename, $media_orig); COM_errorLog("MG Upload: Extracting audio meta data"); if (isset($mimeInfo['tags']['id3v1']['title'][0])) { if ($caption == '') { $caption = $mimeInfo['tags']['id3v1']['title'][0]; } } if (isset($mimeInfo['tags']['id3v1']['artist'][0])) { $artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]); } if (isset($mimeInfo['tags']['id3v2']['genre'][0])) { $genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]); } if (isset($mimeInfo['tags']['id3v1']['album'][0])) { $musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]); } if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in audio processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 2; } break; case 'zip': case 'application/zip': if ($_MG_CONF['zip_enabled']) { $errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename); break; } // NO BREAK HERE, fall through if enable zip isn't allowed // NO BREAK HERE, fall through if enable zip isn't allowed default: $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $mimeType = $mimeInfo['mime_type']; $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in generic processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 4; } $mediaType = 4; break; } // update quota $quota = $album->album_disk_usage; $quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt)); if ($_MG_CONF['discard_original'] == 1) { $quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg')); } DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id)); if ($errors) { @unlink($tmpPath); COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) { // Now we need to process an uploaded thumbnail if ($gotTN == 1) { $mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg'; $fn = fopen($mp3TNFilename, "w"); fwrite($fn, $mp3AttachdedThumbnail); fclose($fn); $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName); @unlink($mp3TNFilename); $atttn = 1; } else { if ($atttn == 1) { $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName); } } if ($video_attached_thumbnail) { $atttn = 1; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Building SQL and preparing to enter database"); } if ($_MG_CONF['htmlallowed'] != 1) { $media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description))))); $media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption))))); $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords))))); } else { $media_desc = addslashes(COM_checkHTML(COM_killJS($description))); $media_caption = addslashes(COM_checkHTML(COM_killJS($caption))); $media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords))); } // Check and see if moderation is on. If yes, place in mediasubmission if ($album->moderate == 1 && !$root_album->owner_id) { $tableMedia = $_TABLES['mg_mediaqueue']; $tableMediaAlbum = $_TABLES['mg_media_album_queue']; $queue = 1; } else { $tableMedia = $_TABLES['mg_media']; $tableMediaAlbum = $_TABLES['mg_media_albums']; $queue = 0; } $original_filename = addslashes($file); if ($album->filename_title) { if ($media_caption == '') { $pos = strrpos($original_filename, '.'); if ($pos === false) { $media_caption = $original_filename; } else { $media_caption = substr($original_filename, 0, $pos); } } } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Inserting media record into mg_media"); } $resolution_x = 0; $resolution_y = 0; // try to find a resolution if video... if ($mediaType == 1) { switch ($mimeType) { case 'application/x-shockwave-flash': case 'video/quicktime': case 'video/mpeg': case 'video/x-m4v': $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } break; case 'video/x-flv': if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) { $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) { $resolution_x = $mimeInfo['meta']['onMetaData']['width']; $resolution_y = $mimeInfo['meta']['onMetaData']['height']; } } else { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } break; case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) { $resolution_x = $mimeInfo['video']['streams']['2']['resolution_x']; $resolution_y = $mimeInfo['video']['streams']['2']['resolution_y']; } break; } } if ($replace > 0) { $sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'"; DB_query($sql); } else { $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');"; DB_query($sql); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Updating Album information"); } $x = 0; $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id); $result = DB_query($sql); $row = DB_fetchArray($result); $media_seq = $row['media_seq']; if ($media_seq < 10) { $media_seq = 10; } $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")"; DB_query($sql); if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'"); } PLG_itemSaved($new_media_id, 'mediagallery'); // update the media count for the album, only if no moderation... if ($queue == 0) { $album->media_count++; DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id); MG_updateAlbumLastUpdate($album->id); if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) { if ($atttn == 1) { $covername = 'tn_' . $media_filename; } else { $covername = $media_filename; } DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id); } // MG_resetAlbumCover($album->id); } $x++; } } if ($queue) { $errMsg .= $LANG_MG01['successful_upload_queue']; // ' successfully placed in Moderation queue'; } else { $errMsg .= $LANG_MG01['successful_upload']; // ' successfully uploaded to album'; } if ($queue == 0) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_buildAlbumRSS($album_id); } COM_errorLog("MG Upload: Successfully uploaded a media object"); @unlink($tmpPath); return array(true, $errMsg); }
$display .= $LANG_MG00['access_denied_msg']; $display .= COM_endBlock(); $display = COM_createHTMLDocument($display); COM_output($display); exit; } require_once $_CONF['path'] . 'plugins/mediagallery/include/common.php'; require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php'; require_once $_MG_CONF['path_admin'] . 'navigation.php'; function MG_rebuildAllAlbumsRSS($aid) { if (!$aid == 0) { MG_buildAlbumRSS($aid); } $children = MG_getAlbumChildren($aid); foreach ($children as $child) { MG_rebuildAllAlbumsRSS($child); } } $mode = COM_applyFilter($_REQUEST['mode']); switch ($mode) { case 'full': MG_buildFullRSS(); break; case 'album': MG_rebuildAllAlbumsRSS(0); break; } echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=7'); exit;
function MG_saveRSS() { global $_CONF, $_MG_CONF, $_TABLES, $_USER, $_POST; $rss_full_enabled = isset($_POST['rss_full_enabled']) ? COM_applyFilter($_POST['rss_full_enabled'], true) : 0; $rss_feed_type = COM_applyFilter($_POST['rss_feed_type']); $rss_ignore_empty = isset($_POST['rss_ignore_empty']) ? COM_applyFilter($_POST['rss_ignore_empty'], true) : 0; $rss_anonymous_only = isset($_POST['rss_anonymous_only']) ? COM_applyFilter($_POST['rss_anonymous_only'], true) : 0; $rss_feed_name = COM_applyFilter($_POST['rss_feed_name']); $hide_email = isset($_POST['hide_email']) ? COM_applyFilter($_POST['hide_email'], true) : 0; DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_full_enabled','{$rss_full_enabled}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_feed_type','{$rss_feed_type}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_ignore_empty','{$rss_ignore_empty}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_anonymous_only','{$rss_anonymous_only}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_feed_name','{$rss_feed_name}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'hide_author_email','{$hide_email}'"); $_MG_CONF['rss_full_enabled'] = $rss_full_enabled; MG_buildFullRSS(); echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=6'); exit; }
function MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y) { global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Entering MG_getRemote()"); COM_errorLog("MG Upload: URL to process: " . htmlentities($URL)); } $resolution_x = 0; $resolution_y = 0; $urlArray = array(); $urlArray = parse_url($URL); // make sure we have the proper permissions to upload to this album.... $sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($albumId); $aResult = DB_query($sql); $aRows = DB_numRows($aResult); if ($aRows != 1) { $errMsg = $LANG_MG02['album_nonexist']; // "Album does not exist, unable to process uploads"; return array(false, $errMsg); } $albumInfo = DB_fetchArray($aResult); $access = SEC_hasAccess($albumInfo['owner_id'], $albumInfo['group_id'], $albumInfo['perm_owner'], $albumInfo['perm_group'], $albumInfo['perm_members'], $albumInfo['perm_anon']); if ($access != 3 && !$MG_albums[0]->owner_id && $albumInfo['member_uploads'] == 0) { COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1); return array(false, $LANG_MG00['access_denied_msg']); } $errors = 0; $errMsg = ''; sleep(1); // We do this to make sure we don't get dupe sid's $new_media_id = COM_makesid(); $media_time = time(); $media_upload_time = time(); $media_user_id = $_USER['uid']; // we expect the mime type (player type) to be passed to this function // - Image // - Video - Windows Media // - Video - QuickTime // - Video - Flash Video // - Audio - Windows Media // - Audio - QuickTime // - Audio - MP3 // - Embed - YouTube/Google/etc... switch ($mimeType) { case 'embed': $format_type = MG_EMB; $mimeExt = 'flv'; $mediaType = 5; break; case 'image/gif': $format_type = MG_GIF; $mimeExt = 'gif'; $mediaType = 0; break; case 'image/jpg': $format_type = MG_JPG; $mimeExt = 'jpg'; $mediaType = 0; break; case 'image/png': $format_type = MG_PNG; $mimeExt = 'png'; $mediaType = 0; break; case 'image/bmp': $format_type = MG_BMP; $mimeExt = 'bmp'; $mediaType = 0; break; case 'application/x-shockwave-flash': $format_type = MG_SWF; $mimeExt = 'swf'; $mediaType = 1; break; case 'video/quicktime': $format_type = MG_MOV; $mimeExt = 'mov'; $mediaType = 1; break; case 'video/x-flv': $format_type = MG_RFLV; $mimeExt = 'flv'; $mediaType = 1; break; case 'video/x-ms-asf': $format_type = MG_ASF; $mimeExt = 'asf'; $mediaType = 1; break; case 'audio/mpeg': $format_type = MG_MP3; $mimeExt = 'mp3'; $mediaType = 2; break; case 'audio/x-ms-wma': $format_type = MG_ASF; $mimeExt = 'wma'; $mediaType = 2; break; } if (!($MG_albums[$albumId]->valid_formats & $format_type)) { return array(false, $LANG_MG02['format_not_allowed']); } // create the unique filename to store this under do { clearstatcache(); $media_filename = md5(uniqid(rand())); } while (MG_file_exists($media_filename)); $disp_media_filename = $media_filename . '.' . $mimeExt; // for remote files this will be a 0 byte file if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename); } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Mime Type: " . $mimeType); } // now we pretent to process the file $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_time = time(); // create a 0 byte file in the orig directory... touch($media_orig); if ($errors) { COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } // Now we need to process an uploaded thumbnail if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail); COM_errorLog("MG Upload: thumbnail: " . $thumbnail); } if ($attachedThumbnail == 1 && $thumbnail != '') { // see if it is remote, if yes go get it... if (preg_match("/http/i", $thumbnail)) { $tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg'; $rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail); $tmp_image_size = @getimagesize($tmp_thumbnail); if ($tmp_image_size != false) { $resolution_x = $tmp_image_size[0]; $resolution_y = $tmp_image_size[1]; } $thumbnail = $tmp_thumbnail; } else { $rc = true; } if ($rc == true) { $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName); } } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Building SQL and preparing to enter database"); } if ($_MG_CONF['htmlallowed'] != 1) { $media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description))))); $media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption))))); $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords))))); } else { $media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description))); $media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption))); $media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords))); } // Check and see if moderation is on. If yes, place in mediasubmission if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) { // && !SEC_hasRights('mediagallery.create')) { $tableMedia = $_TABLES['mg_mediaqueue']; $tableMediaAlbum = $_TABLES['mg_media_album_queue']; $queue = 1; } else { $tableMedia = $_TABLES['mg_media']; $tableMediaAlbum = $_TABLES['mg_media_albums']; $queue = 0; } $pathParts = array(); $pathParts = explode('/', $urlArray['path']); $ppCount = count($pathParts); $pPath = ''; for ($i = 1; $i < $ppCount - 1; $i++) { $pPath .= '/' . $pathParts[$i]; } $videoFile = $pathParts[$ppCount - 1]; if ($mediaType != 5) { $original_filename = $videoFile; } else { $original_filename = ''; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Inserting media record into mg_media"); } if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) { $resolution_x = 320; $resolution_y = 240; } $remoteURL = DB_escapeString($URL); $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url)\n VALUES ('" . DB_escapeString($new_media_id) . "','" . DB_escapeString($media_filename) . "','" . DB_escapeString($original_filename) . "','" . DB_escapeString($mimeExt) . "','1','" . DB_escapeString($mimeType) . "','{$media_caption}','{$media_desc}','{$media_keywords}','" . DB_escapeString($media_time) . "','0','0','0','0.00','" . DB_escapeString($attachedThumbnail) . "','','1','" . intval($media_user_id) . "','','0','" . DB_escapeString($mediaType) . "','" . DB_escapeString($media_upload_time) . "','" . DB_escapeString($category) . "','0','0','0',{$resolution_x},{$resolution_y},1,'{$remoteURL}');"; DB_query($sql); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Updating Album information"); } $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . intval($albumId); $result = DB_query($sql); $row = DB_fetchArray($result); $media_seq = $row['media_seq']; if ($media_seq < 10) { $media_seq = 10; } $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('" . DB_escapeString($new_media_id) . "', " . intval($albumId) . ", {$media_seq} )"; DB_query($sql); if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0) { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'"); } // update the media count for the album, only if no moderation... if ($queue == 0) { $media_count = $albumInfo['media_count'] + 1; DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $albumInfo['album_id'] . "'"); if ($albumInfo['album_cover'] == -1 && ($mediaType == 0 || $attachedThumbnail == 1)) { if ($attachedThumbnail == 1) { $covername = 'tn_' . $media_filename; } else { $covername = $media_filename; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Setting album cover filename to " . $covername); } DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $albumInfo['album_id'] . "'"); } } if ($queue) { $errMsg .= $LANG_MG01['successful_upload_queue']; // ' successfully placed in Moderation queue'; } else { $errMsg .= $LANG_MG01['successful_upload']; // ' successfully uploaded to album'; } if ($queue == 0) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_buildAlbumRSS($albumId); } COM_errorLog("MG Upload: Successfully uploaded a media object"); return array(true, $errMsg); }
function MG_MassdeleteAlbum($album_id) { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00; // need to check perms here... $album_data = MG_getAlbumData($album_id, array('album_parent'), true); if ($album_data['access'] != 3) { COM_errorLog("MediaGallery: Someone has tried to illegally delete an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1); return COM_showMessageText($LANG_MG00['access_denied_msg']); } MG_MassdeleteChildAlbums($album_id); if ($_MG_CONF['member_albums'] == 1 && $album_data['parent'] == $_MG_CONF['member_album_root']) { $result = DB_query("SELECT * FROM {$_TABLES['mg_albums']} WHERE owner_id=" . $album_data['owner_id'] . " AND album_parent=" . $album_data['parent']); $numRows = DB_numRows($result); if ($numRows == 0) { DB_change($_TABLES['mg_userprefs'], 'member_gallery', 0, 'uid', $album_data['owner_id']); } } require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=15'); }
/** * deletes specified album and moves contents if target_id not 0 * * @param int album_id album_id to delete * @param int target_id album id of where to move the delted albums contents * @return string HTML * */ function MG_deleteAlbum($album_id, $target_id, $actionURL = '') { global $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01; if ($actionURL == '') { $actionURL = $_CONF['site_admin_url'] . '/plugins/mediagallery/index.php'; } // need to check perms here... if ($MG_albums[$album_id]->access != 3) { COM_errorLog("MediaGallery: Someone has tried to illegally delete an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } if ($target_id == 0) { // Delete all images -- need to recurse through all sub-albums... MG_deleteChildAlbums($album_id); } else { // move the stuff to another album... // add a check to make sure we have edit rights to the target album... $sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . $target_id; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows > 0) { $row = DB_fetchArray($result); $access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']); if ($access == 3 || SEC_hasRights('mediagallery.admin')) { $sql = "UPDATE " . $_TABLES['mg_media_albums'] . " SET album_id = " . $target_id . " WHERE album_id = " . $album_id; DB_query($sql); $sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_parent = " . $target_id . " WHERE album_parent=" . $album_id; DB_query($sql); $sql = "DELETE FROM " . $_TABLES['mg_albums'] . " WHERE album_id = " . $album_id; DB_query($sql); // now we need to update the last_update, media_count and thumbnail image for this album.... $dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', $target_id); DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $dbCount . " WHERE album_id=" . $target_id); // now pull last_update and new thumbnail if ($MG_albums[$target_id]->album_cover == -1) { $result = DB_query("SELECT media_filename FROM {$_TABLES['mg_media']} AS m LEFT JOIN {$_TABLES['mg_media_albums']} AS ma ON m.media_id=ma.media_id WHERE ma.album_id=" . $target_id . " AND m.media_type=0 ORDER BY m.media_upload_time DESC LIMIT 1"); $nRows = DB_numRows($result); if ($nRows > 0) { $row = DB_fetchArray($result); $filename = $row['media_filename']; $sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_cover = '-1', album_cover_filename='" . $filename . "' WHERE album_id = " . $target_id; DB_query($sql); } else { $sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_cover = '-1', album_cover_filename='' WHERE album_id = " . $target_id; DB_query($sql); } } } else { COM_errorLog("MediaGallery: User attempting to move to a album that user does not have privelges too!"); return MG_genericError($LANG_MG00['access_denied_msg']); } } else { COM_errorLog("MediaGallery: Deleting Album - ERROR - Target albums does not exist"); return MG_genericError($LANG_MG00['access_denied_msg']); } } // check and see if we need to reset the member_gallery flag... if ($_MG_CONF['member_albums'] == 1 && $MG_albums[$album_id]->parent == $_MG_CONF['member_album_root']) { $result = DB_query("SELECT * FROM {$_TABLES['mg_albums']} WHERE owner_id=" . $MG_albums[$album_id]->owner_id . " AND album_parent=" . $MG_albums[$album_id]->parent); $numRows = DB_numRows($result); if ($numRows == 0) { DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=0 WHERE uid=" . $MG_albums[$album_id]->owner_id, 1); } } require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); if ($target_id != 0) { MG_buildAlbumRSS($target_id); } CACHE_remove_instance('whatsnew'); echo COM_refresh($actionURL); exit; }
/** * Saves the global configuration to all albums * * @return string HTML * */ function MG_saveGlobalAlbumAttr() { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01; if (!SEC_hasRights('mediagallery.admin')) { COM_errorLog("Media Gallery user attempted to edit global album attributes without proper accss."); return COM_showMessageText($LANG_MG00['access_denied_msg']); } $startaid = COM_applyFilter($_POST['startaid'], true); $A['enable_comments'] = isset($_POST['enable_comments']) ? COM_applyFilter($_POST['enable_comments'], true) : 0; $A['exif_display'] = isset($_POST['enable_exif']) ? COM_applyFilter($_POST['enable_exif'], true) : 0; $A['enable_rating'] = isset($_POST['enable_rating']) ? COM_applyFilter($_POST['enable_rating'], true) : 0; $A['rsschildren'] = isset($_POST['rsschildren']) ? COM_applyFilter($_POST['rsschildren'], true) : 0; $A['podcast'] = isset($_POST['podcast']) ? COM_applyFilter($_POST['podcast'], true) : 0; $A['mp3ribbon'] = isset($_POST['mp3ribbon']) ? COM_applyFilter($_POST['mp3ribbon'], true) : 0; $A['playback_type'] = isset($_POST['playback_type']) ? COM_applyFilter($_POST['playback_type'], true) : 0; $A['enable_slideshow'] = isset($_POST['enable_slideshow']) ? COM_applyFilter($_POST['enable_slideshow'], true) : 0; $A['enable_random'] = isset($_POST['enable_random']) ? COM_applyFilter($_POST['enable_random'], true) : 0; $A['enable_views'] = isset($_POST['enable_views']) ? COM_applyFilter($_POST['enable_views'], true) : 0; $A['enable_keywords'] = isset($_POST['enable_keywords']) ? COM_applyFilter($_POST['enable_keywords'], true) : 0; $A['enable_sort'] = isset($_POST['enable_sort']) ? COM_applyFilter($_POST['enable_sort'], true) : 0; $A['albums_first'] = isset($_POST['albums_first']) ? COM_applyFilter($_POST['albums_first'], true) : 0; $A['tn_size'] = isset($_POST['tn_size']) ? COM_applyFilter($_POST['tn_size'], true) : 0; $A['tn_height'] = isset($_POST['tnheight']) ? COM_applyFilter($_POST['tnheight'], true) : 200; $A['tn_width'] = isset($_POST['tnwidth']) ? COM_applyFilter($_POST['tnwidth'], true) : 200; if ($A['tn_height'] == 0) { $A['tn_height'] = 200; } if ($A['tn_width'] == 0) { $A['tn_width'] = 200; } $A['display_rows'] = isset($_POST['display_rows']) ? COM_applyFilter($_POST['display_rows'], true) : 0; $A['display_columns'] = isset($_POST['display_columns']) ? COM_applyFilter($_POST['display_columns'], true) : 0; $A['full_display'] = isset($_POST['full_display']) ? COM_applyFilter($_POST['full_display'], true) : 0; $A['max_image_height'] = isset($_POST['max_image_height']) ? COM_applyFilter($_POST['max_image_height'], true) : 0; $A['max_image_width'] = isset($_POST['max_image_width']) ? COM_applyFilter($_POST['max_image_width'], true) : 0; $A['max_filesize'] = isset($_POST['max_filesize']) ? COM_applyFilter($_POST['max_filesize'], true) : 0; $A['display_image_size'] = isset($_POST['display_image_size']) ? COM_applyFilter($_POST['display_image_size'], true) : 0; $A['enable_album_views'] = isset($_POST['enable_album_views']) ? COM_applyFilter($_POST['enable_album_views'], true) : 0; $A['enable_rss'] = isset($_POST['enable_rss']) ? COM_applyFilter($_POST['enable_rss'], true) : 0; $A['allow_download'] = isset($_POST['allow_download']) ? COM_applyFilter($_POST['allow_download'], true) : 0; $A['display_album_desc'] = isset($_POST['display_album_desc']) ? COM_applyFilter($_POST['display_album_desc'], true) : 0; $A['filename_title'] = isset($_POST['filename_title']) ? COM_applyFilter($_POST['filename_title'], true) : 0; $A['image_skin'] = COM_applyFilter($_POST['skin']); $A['album_skin'] = COM_applyFilter($_POST['askin']); $A['display_skin'] = COM_applyFilter($_POST['dskin']); $A['skin'] = COM_applyFilter($_POST['album_theme']); // valid media formats.... $format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0; $format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0; $format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0; $format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0; $format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0; $format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0; $format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0; $format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0; $format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0; $format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0; $format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0; $format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0; $format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0; $format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0; $format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0; $format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0; $format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0; $format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0; $format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0; $comment_active = isset($_POST['comment_active']) ? COM_applyFilter($_POST['comment_active'], true) : 0; $exif_active = isset($_POST['exif_active']) ? COM_applyFilter($_POST['exif_active'], true) : 0; $rating_active = isset($_POST['rating_active']) ? COM_applyFilter($_POST['rating_active'], true) : 0; $rsschildren_active = isset($_POST['rsschildren_active']) ? COM_applyFilter($_POST['rsschildren_active'], true) : 0; $podcast_active = isset($_POST['podcast_active']) ? COM_applyFilter($_POST['podcast_active'], true) : 0; $mp3ribbon_active = isset($_POST['mp3ribbon_active']) ? COM_applyFilter($_POST['mp3ribbon_active'], true) : 0; $playback_active = isset($_POST['playback_active']) ? COM_applyFilter($_POST['playback_active'], true) : 0; $slideshow_active = isset($_POST['slideshow_active']) ? COM_applyFilter($_POST['slideshow_active'], true) : 0; $random_active = isset($_POST['random_active']) ? COM_applyFilter($_POST['random_active'], true) : 0; $shutterfly_active = isset($_POST['shutterfly_active']) ? COM_applyFilter($_POST['shutterfly_active'], true) : 0; $views_active = isset($_POST['views_active']) ? COM_applyFilter($_POST['views_active'], true) : 0; $keywords_active = isset($_POST['keywords_active']) ? COM_applyFilter($_POST['keywords_active'], true) : 0; $sort_active = isset($_POST['sort_active']) ? COM_applyFilter($_POST['sort_active'], true) : 0; $afirst_active = isset($_POST['afirst_active']) ? COM_applyFilter($_POST['afirst_active'], true) : 0; $thumbnail_active = isset($_POST['thumbnail_active']) ? COM_applyFilter($_POST['thumbnail_active'], true) : 0; $tnheight_active = isset($_POST['tnheight_active']) ? COM_applyFilter($_POST['tnheight_active'], true) : 0; $tnwidth_active = isset($_POST['tnwidth_active']) ? COM_applyFilter($_POST['tnwidth_active'], true) : 0; $rows_active = isset($_POST['rows_active']) ? COM_applyFilter($_POST['rows_active'], true) : 0; $columns_active = isset($_POST['columns_active']) ? COM_applyFilter($_POST['columns_active'], true) : 0; $full_display_active = isset($_POST['full_display_active']) ? COM_applyFilter($_POST['full_display_active'], true) : 0; $max_image_height_active = isset($_POST['max_image_height_active']) ? COM_applyFilter($_POST['max_image_height_active'], true) : 0; $max_image_width_active = isset($_POST['max_image_width_active']) ? COM_applyFilter($_POST['max_image_width_active'], true) : 0; $max_filesize_active = isset($_POST['max_filesize_active']) ? COM_applyFilter($_POST['max_filesize_active'], true) : 0; $display_image_size_active = isset($_POST['display_image_size_active']) ? COM_applyFilter($_POST['display_image_size_active'], true) : 0; $album_views_active = isset($_POST['album_views_active']) ? COM_applyFilter($_POST['album_views_active'], true) : 0; $enable_rss_active = isset($_POST['enable_rss_active']) ? COM_applyFilter($_POST['enable_rss_active'], true) : 0; $allow_download_active = isset($_POST['allow_download_active']) ? COM_applyFilter($_POST['allow_download_active'], true) : 0; $display_album_desc_active = isset($_POST['display_album_desc_active']) ? COM_applyFilter($_POST['display_album_desc_active'], true) : 0; $formats_active = isset($_POST['formats_active']) ? COM_applyFilter($_POST['formats_active'], true) : 0; $filename_title_active = isset($_POST['filename_title_active']) ? COM_applyFIlter($_POST['filename_title_active'], true) : 0; $image_skin_active = isset($_POST['image_skin_active']) ? COM_applyFilter($_POST['image_skin_active'], true) : 0; $album_skin_active = isset($_POST['album_skin_active']) ? COM_applyFilter($_POST['album_skin_active'], true) : 0; $display_skin_active = isset($_POST['display_dkin_active']) ? COM_applyFilter($_POST['display_skin_active'], true) : 0; $admin_menu = isset($_POST['admin_menu']) ? COM_applyFilter($_POST['admin_menu'], true) : 0; $album_theme_active = isset($_POST['album_theme_active']) ? COM_applyFilter($_POST['album_theme_active'], true) : 0; $valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb; if ($A['display_rows'] < 1 || $A['display_rows'] > 99) { $A['display_rows'] = 4; } if ($A['display_columns'] < 1 || $A['display_columns'] > 9) { $A['display_columns'] = 3; } $updateSQL = ''; $updateSQL .= $comment_active ? "enable_comments={$A['enable_comments']}" : ''; $updateSQL .= $exif_active ? ($updateSQL != '' ? ',' : '') . "exif_display={$A['exif_display']}" : ''; $updateSQL .= $rating_active ? ($updateSQL != '' ? ',' : '') . "enable_rating={$A['enable_rating']}" : ''; $updateSQL .= $rsschildren_active ? ($updateSQL != '' ? ',' : '') . "rsschildren={$A['rsschildren']}" : ''; $updateSQL .= $podcast_active ? ($updateSQL != '' ? ',' : '') . "podcast={$A['podcast']}" : ''; $updateSQL .= $mp3ribbon_active ? ($updateSQL != '' ? ',' : '') . "mp3ribbon={$A['mp3ribbon']}" : ''; $updateSQL .= $playback_active ? ($updateSQL != '' ? ',' : '') . "playback_type={$A['playback_type']}" : ''; $updateSQL .= $slideshow_active ? ($updateSQL != '' ? ',' : '') . "enable_slideshow={$A['enable_slideshow']}" : ''; $updateSQL .= $random_active ? ($updateSQL != '' ? ',' : '') . "enable_random={$A['enable_random']}" : ''; $updateSQL .= $views_active ? ($updateSQL != '' ? ',' : '') . "enable_views={$A['enable_views']}" : ''; $updateSQL .= $keywords_active ? ($updateSQL != '' ? ',' : '') . "enable_keywords={$A['enable_keywords']}" : ''; $updateSQL .= $sort_active ? ($updateSQL != '' ? ',' : '') . "enable_sort={$A['enable_sort']}" : ''; $updateSQL .= $afirst_active ? ($updateSQL != '' ? ',' : '') . "albums_first={$A['albums_first']}" : ''; $updateSQL .= $thumbnail_active ? ($updateSQL != '' ? ',' : '') . "tn_size={$A['tn_size']}" : ''; $updateSQL .= $tnheight_active ? ($updateSQL != '' ? ',' : '') . "tnheight={$A['tn_height']}" : ''; $updateSQL .= $tnwidth_active ? ($updateSQL != '' ? ',' : '') . "tnwidth={$A['tn_width']}" : ''; $updateSQL .= $rows_active ? ($updateSQL != '' ? ',' : '') . "display_rows={$A['display_rows']}" : ''; $updateSQL .= $columns_active ? ($updateSQL != '' ? ',' : '') . "display_columns={$A['display_columns']}" : ''; $updateSQL .= $full_display_active ? ($updateSQL != '' ? ',' : '') . "full_display={$A['full_display']}" : ''; $updateSQL .= $allow_download_active ? ($updateSQL != '' ? ',' : '') . "allow_download={$A['allow_download']}" : ''; $updateSQL .= $display_album_desc_active ? ($updateSQL != '' ? ',' : '') . "display_album_desc={$A['display_album_desc']}" : ''; $updateSQL .= $formats_active ? ($updateSQL != '' ? ',' : '') . "valid_formats={$valid_formats}" : ''; $updateSQL .= $filename_title_active ? ($updateSQL != '' ? ',' : '') . "filename_title={$A['filename_title']}" : ''; $updateSQL .= $album_theme_active ? ($updateSQL != '' ? ',' : '') . "skin=\"{$A['skin']}\"" : ''; $updateSQL .= $max_image_height_active ? ($updateSQL != '' ? ',' : '') . "max_image_height={$A['max_image_height']}" : ''; $updateSQL .= $max_image_width_active ? ($updateSQL != '' ? ',' : '') . "max_image_width={$A['max_image_width']}" : ''; $updateSQL .= $max_filesize_active ? ($updateSQL != '' ? ',' : '') . "max_filesize={$A['max_filesize']}" : ''; $updateSQL .= $display_image_size_active ? ($updateSQL != '' ? ',' : '') . "display_image_size={$A['display_image_size']}" : ''; $updateSQL .= $album_views_active ? ($updateSQL != '' ? ',' : '') . "enable_album_views={$A['enable_album_views']}" : ''; $updateSQL .= $enable_rss_active ? ($updateSQL != '' ? ',' : '') . "enable_rss={$A['enable_rss']}" : ''; $updateSQL .= $image_skin_active ? ($updateSQL != '' ? ',' : '') . "image_skin=\"{$A['image_skin']}\"" : ''; $updateSQL .= $album_skin_active ? ($updateSQL != '' ? ',' : '') . "album_skin=\"{$A['album_skin']}\"" : ''; $updateSQL .= $display_skin_active ? ($updateSQL != '' ? ',' : '') . "display_skin=\"{$A['display_skin']}\"" : ''; if ($updateSQL != '') { if ($startaid == 0) { $sql = "UPDATE {$_TABLES['mg_albums']} SET " . $updateSQL; DB_query($sql); if ($enable_rss_active) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_GlobalrebuildAllAlbumsRSS(0); } } else { MG_saveGlobalAlbumAttrChildren($startaid, $updateSQL); if ($enable_rss_active) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_GlobalrebuildAllAlbumsRSS($startaid); } } } if ($admin_menu == 1) { echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=11'); } else { echo COM_refresh($_MG_CONF['site_url'] . '/index.php'); } exit; }
/** * saves the specified album information * * @param int album_id album_id to edit * @return string HTML * */ function MG_saveAlbum($album_id, $actionURL = '') { global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST; $update = 0; if (isset($_POST['album_id'])) { $aid = COM_applyFilter($_POST['album_id'], true); } else { $aid = 0; } if (isset($_POST['force_child_update'])) { $forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true); } else { $forceChildPermUpdate = 0; } $thumb = $_FILES['thumbnail']; $thumbnail = $thumb['tmp_name']; if (isset($_POST['attach_tn'])) { $att = COM_applyFilter($_POST['attach_tn']); } else { $att = 0; } if ($aid > 0) { // should be 0 or negative 1 for create $album = $MG_albums[$aid]; $oldparent = $album->parent; $old_tn_attached = $album->tn_attached; $old_featured = $album->featured; $update = 1; } else { $album = new mgAlbum(); $album->id = $aid; $update = 0; $old_tn_attached = 0; } if ($_MG_CONF['htmlallowed'] == 1) { $album->title = COM_checkHTML(COM_killJS($_POST['album_name'])); $album->description = COM_checkHTML(COM_killJS($_POST['album_desc'])); } else { $album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name'])))); $album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc'])))); } if ($album->title == "") { return MG_errorHandler("You must enter an Album Name"); } $album->parent = COM_applyFilter($_POST['parentaid'], true); // we should not need this if (isset($_POST['hidden'])) { $album->hidden = COM_applyFilter($_POST['hidden'], true); } else { $album->hidden = 0; } $album->cover = COM_applyFilter($_POST['cover']); $album->cover_filename = COM_applyFilter($_POST['album_cover_filename']); if (isset($_POST['enable_album_views'])) { $album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true); } else { $album->enable_album_views = 0; } $album->image_skin = COM_applyFilter($_POST['skin']); $album->album_skin = COM_applyFilter($_POST['askin']); $album->display_skin = COM_applyFilter($_POST['dskin']); if (isset($_POST['display_album_desc'])) { $album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true); } else { $album->display_album_desc = 0; } if (isset($_POST['enable_comments'])) { $album->enable_comments = COM_applyFilter($_POST['enable_comments'], true); } else { $album->enable_comments = 0; } $album->exif_display = COM_applyFilter($_POST['enable_exif'], true); if (isset($_POST['enable_rating'])) { $album->enable_rating = COM_applyFilter($_POST['enable_rating'], true); } else { $album->enable_rating = 0; } $album->playback_type = COM_applyFilter($_POST['playback_type'], true); $album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0; $album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true); if (isset($_POST['enable_random'])) { $album->enable_random = COM_applyFilter($_POST['enable_random'], true); } else { $album->enable_random = 0; } if (isset($_POST['enable_shutterfly'])) { $album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true); } else { $album->enable_shutterfly = 0; } if (isset($_POST['enable_views'])) { $album->enable_views = COM_applyFilter($_POST['enable_views'], true); } else { $album->enable_views = 0; } if (isset($_POST['enable_keywords'])) { $album->enable_keywords = COM_applyFilter($_POST['enable_keywords'], true); } else { $album->enable_keywords = 0; } if (isset($_POST['enable_sort'])) { $album->enable_sort = COM_applyFilter($_POST['enable_sort'], true); } else { $album->enable_sort = 0; } if (isset($_POST['enable_rss'])) { $album->enable_rss = COM_applyFilter($_POST['enable_rss'], true); } else { $album->enable_rss = 0; } $album->enable_postcard = COM_applyFilter($_POST['enable_postcard'], true); if (isset($_POST['albums_first'])) { $album->albums_first = COM_applyFilter($_POST['albums_first'], true); } else { $album->albums_first = 0; } if (isset($_POST['allow_download'])) { $album->allow_download = COM_applyFilter($_POST['allow_download'], true); } else { $album->allow_download = 0; } if (isset($_POST['usealternate'])) { $album->useAlternate = COM_applyFilter($_POST['usealternate'], true); } else { $album->useAlternate = 0; } $album->full = COM_applyFilter($_POST['full_display'], true); $album->tn_size = COM_applyFilter($_POST['tn_size'], true); $album->max_image_height = COM_applyFilter($_POST['max_image_height'], true); $album->max_image_width = COM_applyFilter($_POST['max_image_width'], true); $album->max_filesize = COM_applyFilter($_POST['max_filesize'], true); if ($album->max_filesize != 0) { $album->max_filesize = $album->max_filesize * 1024; } $album->display_image_size = COM_applyFilter($_POST['display_image_size'], true); $album->display_rows = COM_applyFilter($_POST['display_rows'], true); $album->display_columns = COM_applyFilter($_POST['display_columns'], true); $album->skin = COM_applyFilter($_POST['album_theme']); if (isset($_POST['filename_title'])) { $album->filename_title = COM_applyFilter($_POST['filename_title'], true); } else { $album->filename_title = 0; } $album->shopping_cart = 0; if (isset($_POST['wm_auto'])) { $album->wm_auto = COM_applyFilter($_POST['wm_auto'], true); } else { $album->wm_auto = 0; } $album->wm_id = COM_applyFilter($_POST['wm_id']); $album->wm_opacity = COM_applyFilter($_POST['wm_opacity'], true); $album->wm_location = COM_applyFilter($_POST['wm_location'], true); $album->album_sort_order = COM_applyFilter($_POST['album_sort_order'], true); if (isset($_POST['uploads'])) { $album->member_uploads = COM_applyFilter($_POST['uploads'], true); } else { $album->member_uploads = 0; } if (isset($_POST['moderate'])) { $album->moderate = COM_applyFilter($_POST['moderate'], true); } else { $album->moderate = 0; } if (isset($_POST['email_mod'])) { $album->email_mod = COM_applyFilter($_POST['email_mod'], true); } else { $album->email_mod = 0; } if (isset($_POST['podcast'])) { $album->podcast = COM_applyFilter($_POST['podcast'], true); } else { $album->podcast = 0; } if (isset($_POST['mp3ribbon'])) { $album->mp3ribbon = COM_applyFilter($_POST['mp3ribbon'], true); } else { $album->mp3ribbon = 0; } if (isset($_POST['rsschildren'])) { $album->rssChildren = COM_applyFilter($_POST['rsschildren'], true); } else { $album->rssChildren = 0; } if (isset($_POST['tnheight'])) { $album->tnHeight = COM_applyFilter($_POST['tnheight'], true); if ($album->tnHeight == 0) { $album->tnHeight = 200; } } else { $album->tnHeight = 200; } if (isset($_POST['tnwidth'])) { $album->tnWidth = COM_applyFilter($_POST['tnwidth'], true); if ($album->tnWidth == 0) { $album->tnWidth = 200; } } else { $album->tnWidth = 200; } if (SEC_hasRights('mediagallery.admin')) { $format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0; $format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0; $format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0; $format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0; $format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0; $format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0; $format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0; $format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0; $format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0; $format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0; $format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0; $format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0; $format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0; $format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0; $format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0; $format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0; $format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0; $format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0; $format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0; $album->valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb; if (isset($_POST['featured'])) { $album->featured = COM_applyFilter($_POST['featured'], true); // admin only } else { $album->featured = 0; } $album->cbposition = COM_applyFilter($_POST['featureposition'], true); // admin only $album->cbpage = COM_applyFilter($_POST['featurepage']); // admin only $album->group_id = isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id']) : 0; // admin only $album->mod_group_id = isset($_POST['mod_id']) ? COM_applyFilter($_POST['mod_id'], true) : 0; // admin only $perm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0; // admin only $perm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0; // admin only $perm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0; $perm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0; list($album->perm_owner, $album->perm_group, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } else { $perm_owner = $album->perm_owner; // already set by existing album? $perm_group = $album->perm_group; // already set by existing album? if ($update == 0) { if (isset($MG_albums[$album->parent]->group_id)) { $grp_id = $MG_albums[$album->parent]->group_id; $album->group_id = $grp_id; } else { $gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'"); $grow = DB_fetchArray($gresult); $grp_id = $grow['grp_id']; $album->group_id = $grp_id; // only do these two if create.... } $album->mod_group_id = $_MG_CONF['member_mod_group_id']; if ($album->mod_group_id == '' || $album->mod_group_id < 1) { $album->mod_group_id = $grp_id; } } $perm_members = $_POST['perm_members']; $perm_anon = $_POST['perm_anon']; list($junk1, $junk2, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } if (isset($_POST['owner_id'])) { $album->owner_id = COM_applyFilter($_POST['owner_id']); } else { $album->owner_id = 2; } // simple check to see if we can create off the album root... if (!SEC_hasRights('mediagallery.admin')) { if ($album->parent == $_MG_CONF['member_album_root'] && $update == 0) { if ($_MG_CONF['member_create_new'] == 0) { return MG_errorHandler("Cannot create a new album off the member root, please select a new parent album"); } } } // final permission check to make sure we have the proper rights to create here.... if ($album->parent == 0 && $update == 0 && !$_MG_CONF['member_albums'] == 1 && !$_MG_CONF['member_album_root'] == 0) { // see if we are mediagallery.admin if (!SEC_hasRights('mediagallery.admin')) { COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album in Root. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } } elseif ($album->parent != 0) { if (!isset($MG_albums[$album->parent]->id)) { // does not exist... COM_errorLog("MediaGallery: Someone has tried to save a album to non-existent parent album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } else { if ($MG_albums[$album->parent]->access != 3 && !SEC_hasRights('mediagallery.admin') && !$_MG_CONF['member_albums'] && !($_MG_CONF['member_album_root'] == $MG_album[$album->parent]->id)) { COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } } } if ($old_tn_attached == 0 && $album->tn_attached == 1 && $thumb['tmp_name'] == '') { $album->tn_attached = 0; } if ($old_tn_attached == 1 && $album->tn_attached == 0) { $remove_old_tn = 1; } else { $remove_old_tn = 0; } if ($thumb['tmp_name'] != '' && $album->tn_attached == 1) { $thumbnail = $thumb['tmp_name']; $attachtn = 1; } else { $attachtn = 0; } // pull the watermark id associated with the filename... if ($album->wm_id == 'blank.png') { $wm_id = 0; } else { $wm_id = DB_getItem($_TABLES['mg_watermarks'], 'wm_id', 'filename="' . DB_escapeString($album->wm_id) . '"'); } if ($wm_id == '') { $wm_id = 0; } if ($wm_id == 0) { $album->wm_auto = 0; } $album->wm_id = $wm_id; // handle new featured albums if (SEC_hasRights('mediagallery.admin')) { if ($album->featured) { // check for other featured albums, we can only have one $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE featured=1 AND cbpage='" . DB_escapeString($album->cbpage) . "'"; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows > 0) { $row = DB_fetchArray($result); $sql = "UPDATE {$_TABLES['mg_albums']} SET featured=0 WHERE album_id=" . $row['album_id']; DB_query($sql); } } } else { // if a new album, set the member album defaults since we are a non-admin if ($album->isMemberAlbum() && update == 0) { $album->perm_owner = $_MG_CONF['member_perm_owner']; $album->perm_group = $_MG_CONF['member_perm_group']; $album->enable_random = $_MG_CONF['member_enable_random']; $album->max_image_height = $_MG_CONF['member_max_height']; $album->max_image_width = $_MG_CONF['member_max_width']; $album->max_filesize = $_MG_CONF['member_max_filesize']; $album->member_uploads = $_MG_CONF['member_uploads']; $album->moderate = $_MG_CONF['member_moderate']; $album->email_mod = $_MG_CONF['member_email_mod']; $album->valid_formats = $_MG_CONF['member_valid_formats']; } } $album->title = substr($album->title, 0, 254); if ($_DB_dbms == "mssql") { $album->description = substr($album->description, 0, 1500); } if ($album->last_update == '') { $album->last_update = 0; } $album->last_update = intval($album->last_update); if ($album->id < 1) { $album->id = $album->createAlbumID(); $aid = $album->id; $album->order = $album->getNextSortOrder(); } if ($album->id == 0) { COM_errorLog("MediaGallery: Internal Error - album_id = 0 - Contact mark@glfusion.org "); return MG_genericError($LANG_MG00['access_denied_msg']); } $album->saveAlbum(); $album->updateChildPermissions($forceChildPermUpdate); // now handle the attached cover... if ($attachtn == 1) { if (!function_exists('MG_getFile')) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; } $media_filename = $_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id; MG_attachThumbnail($album->id, $thumbnail, $media_filename); } if ($remove_old_tn == 1) { foreach ($_MG_CONF['validExtensions'] as $ext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext)) { @unlink($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext); break; } } } MG_initAlbums(1); // do any album sorting here... if (isset($MG_albums[$aid]) && $MG_albums[$aid]->parent == 0) { switch ($MG_albums[$aid]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($aid, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($aid, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($aid, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($aid, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($aid, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($aid, 3, 1, 0); break; default: // skip it... break; } } else { // not a root album... switch ($MG_albums[$MG_albums[$aid]->parent]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 1, 0); break; default: // skip it... break; } // now call it for myself to sort my subs switch ($MG_albums[$aid]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($aid, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($aid, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($aid, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($aid, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($aid, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($aid, 3, 1, 0); break; default: // skip it... break; } } if (!function_exists('MG_buildFullRSS')) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; } MG_buildFullRSS(); MG_buildAlbumRSS($album->id); $actionURL = $_MG_CONF['site_url'] . '/album.php?aid=' . $album->id; echo COM_refresh($actionURL); exit; }
function _MG_getFile($filename, $file, $albums, $caption = '', $description = '', $upload = 1, $purgefiles = 0, $filetype, $atttn, $thumbnail, $keywords = '', $category = 0, $dnc = 0, $replace = 0, $userid) { global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id; $artist = ''; $musicAlbum = ''; $genre = ''; $video_attached_thumbnail = 0; $successfulWatermark = 0; $dnc = 1; $errors = 0; $errMsg = ''; clearstatcache(); if (!file_exists($filename)) { $errMsg = $LANG_MG02['upload_not_found']; return array(false, $errMsg); } clearstatcache(); if (!is_readable($filename)) { $errMsg = $LANG_MG02['upload_not_readable']; return array(false, $errMsg); } // make sure we have the proper permissions to upload to this album.... if (!isset($MG_albums[$albums]->id)) { $errMsg = $LANG_MG02['album_nonexist']; // "Album does not exist, unable to process uploads"; return array(false, $errMsg); } sleep(1); // We do this to make sure we don't get dupe sid's /* * The following section of code will generate a unique name for a temporary * file and copy the uploaded file to the Media Gallery temp directory. * We do this to prevent any SAFE MODE issues when we later open the * file to determine the mime type. */ if (empty($_USER['username']) || $_USER['username'] == '') { $_USER['username'] = '******'; } $tmpPath = $_MG_CONF['tmp_path'] . '/' . $_USER['username'] . COM_makesid() . '.tmp'; if ($upload) { $rc = @move_uploaded_file($filename, $tmpPath); } else { $rc = @copy($filename, $tmpPath); $importSource = $filename; } if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); @unlink($tmpPath); return array(false, $errMsg); } $filename = $tmpPath; if ($replace > 0) { $new_media_id = $replace; } else { $new_media_id = COM_makesid(); } $media_time = time(); $media_upload_time = time(); $media_user_id = $userid; $mimeInfo = IMG_getMediaMetaData($filename); $mimeExt = strtolower(substr(strrchr($file, "."), 1)); $mimeInfo['type'] = $mimeExt; if (!isset($mimeInfo['mime_type']) || $mimeInfo['mime_type'] == '') { $mimeInfo['mime_type'] = $filetype; } $gotTN = 0; if (isset($mimeInfo['id3v2']['APIC'][0]['mime']) && $mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') { $mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data']; $gotTN = 1; } if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') { // assume format based on file upload info... switch ($filetype) { case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'image/tga': $mimeInfo['type'] = 'tga'; $mimeInfo['mime_type'] = 'image/tga'; $mimeExt = 'tga'; break; case 'image/psd': $mimeInfo['type'] = 'psd'; $mimeInfo['mime_type'] = 'image/psd'; $mimeExt = 'psd'; break; case 'image/gif': $mimeInfo['type'] = 'gif'; $mimeInfo['mime_type'] = 'image/gif'; $mimeExt = 'gif'; break; case 'image/jpeg': case 'image/jpg': $mimeInfo['type'] = 'jpg'; $mimeInfo['mime_type'] = 'image/jpeg'; $mimeExt = 'jpg'; break; case 'image/png': $mimeInfo['type'] = 'png'; $mimeInfo['mime_type'] = 'image/png'; $mimeExt = 'png'; break; case 'image/bmp': $mimeInfo['type'] = 'bmp'; $mimeInfo['mime_type'] = 'image/bmp'; $mimeExt = 'bmp'; break; case 'application/x-shockwave-flash': $mimeInfo['type'] = 'swf'; $mimeInfo['mime_type'] = 'application/x-shockwave-flash'; $mimeExt = 'swf'; break; case 'application/zip': $mimeInfo['type'] = 'zip'; $mimeInfo['mime_type'] = 'application/zip'; $mimeExt = 'zip'; break; case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'video/quicktime': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/quicktime'; $mimeExt = 'mov'; break; case 'video/x-m4v': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/x-m4v'; $mimeExt = 'mov'; break; case 'video/x-flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; $mimeExt = 'flv'; break; case 'audio/x-ms-wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; $mimeExt = 'wma'; break; default: $file_extension = strtolower(substr(strrchr($file, "."), 1)); switch ($file_extension) { case 'flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; $mimeExt = 'flv'; break; case 'wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; $mimeExt = 'wma'; break; default: $mimeInfo['type'] = 'file'; if ($filetype != '') { $mimeInfo['mime_type'] = $filetype; } else { $mimeInfo['mime_type'] = 'application/octet-stream'; } $mimeExt = $file_extension; break; } } } switch ($mimeInfo['mime_type']) { case 'audio/mpeg': $format_type = MG_MP3; break; case 'image/gif': $format_type = MG_GIF; break; case 'image/jpeg': case 'image/jpg': $format_type = MG_JPG; break; case 'image/png': $format_type = MG_PNG; break; case 'image/bmp': $format_type = MG_BMP; break; case 'application/x-shockwave-flash': $format_type = MG_SWF; break; case 'application/zip': $format_type = MG_ZIP; break; case 'video/mpeg': case 'video/x-motion-jpeg': case 'video/quicktime': case 'video/mpeg': case 'video/x-mpeg': case 'video/x-mpeq2a': case 'video/x-qtc': case 'video/x-m4v': $format_type = MG_MOV; break; case 'video/x-flv': $format_type = MG_FLV; break; case 'image/tiff': $format_type = MG_TIF; break; case 'image/x-targa': case 'image/tga': $format_type = MG_TGA; break; case 'image/psd': $format_type = MG_PSD; break; case 'application/ogg': $format_type = MG_OGG; break; case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-ms-wmz': case 'application/x-ms-wmd': $format_type = MG_ASF; break; case 'application/pdf': $format_type = MG_OTHER; break; default: $format_type = MG_OTHER; break; } $mimeType = $mimeInfo['mime_type']; if ($filetype == 'video/x-m4v') { $mimeType = 'video/x-m4v'; $mimeInfo['mime_type'] = 'video/x-m4v'; } if (!($MG_albums[$albums]->valid_formats & $format_type)) { return array(false, $LANG_MG02['format_not_allowed']); } if ($replace > 0) { $sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . DB_escapeString($replace) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); $media_filename = $row['media_filename']; } else { if ($_MG_CONF['preserve_filename'] == 1) { $loopCounter = 0; $digitCounter = 1; $file_name = stripslashes($file); $file_name = MG_replace_accents($file_name); $file_name = preg_replace("#[ ]#", "_", $file_name); // change spaces to underscore $file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name); //only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore $file_name = preg_replace('#(_)+#', '_', $file_name); //eliminate duplicate underscore $pos = strrpos($file_name, '.'); if ($pos === false) { $basefilename = $file_name; } else { $basefilename = strtolower(substr($file_name, 0, $pos)); } do { clearstatcache(); $media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename; $loopCounter++; if ($loopCounter > 16) { $digitCounter++; $loopCounter = 0; } } while (MG_file_exists($media_filename)); } else { do { clearstatcache(); $media_filename = md5(uniqid(rand())); } while (MG_file_exists($media_filename)); } } // replace a few mime extentions here... // $mimeExtLower = strtolower($mimeExt); if ($mimeExtLower == 'php') { $mimeExt = 'phps'; } else { if ($mimeExtLower == 'pl') { $mimeExt = 'txt'; } else { if ($mimeExtLower == 'cgi') { $mimeExt = 'txt'; } else { if ($mimeExtLower == 'py') { $mimeExt = 'txt'; } else { if ($mimeExtLower == 'sh') { $mimeExt = 'txt'; } else { if ($mimeExtLower == 'rb') { $mimeExt = 'txt'; } } } } } } $disp_media_filename = $media_filename . '.' . $mimeExt; switch ($mimeType) { case 'image/psd': case 'image/x-targa': case 'image/tga': case 'image/photoshop': case 'image/x-photoshop': case 'image/psd': case 'application/photoshop': case 'application/psd': case 'image/tiff': case 'image/gif': case 'image/jpeg': case 'image/jpg': case 'image/png': case 'image/bmp': if ($mimeType == 'image/psd' || $mimeType == 'image/x-targa' || $mimeType == 'image/tga' || $mimeType == 'image/photoshop' || $mimeType == 'image/x-photoshop' || $mimeType == 'image/psd' || $mimeType == 'application/photoshop' || $mimeType == 'application/psd' || $mimeType == 'image/tiff') { $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . ".jpg"; $media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . ".jpg"; } else { $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; } $mimeType = $mimeInfo['mime_type']; // process image file $media_time = getOriginationTimestamp($filename); if ($media_time == null || $media_time < 0) { $media_time = time(); } $rc = @copy($filename, $media_orig); if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $albums, $media_filename, $dnc); if ($rc == false) { $errors++; $errMsg .= $msg; // sprintf($LANG_MG02['convert_error'],$filename); } else { $mediaType = 0; if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) { if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) { $rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp); } @unlink($media_orig); } if ($MG_albums[$albums]->wm_auto) { if ($_MG_CONF['discard_original'] == 1) { $rc = MG_watermark($media_disp, $albums, 1); if ($rc == TRUE) { $successfulWatermark = 1; } } else { $rc1 = MG_watermark($media_orig, $albums, 1); $rc2 = MG_watermark($media_disp, $albums, 0); if ($rc1 == TRUE && $rc2 == TRUE) { $successfulWatermark = 1; } } } if ($dnc != 1) { if ($mimeType != 'image/tga' && $mimeType != 'image/x-targa' && $mimeType != 'image/tiff') { if ($mimeType != 'image/photoshop' && $mimeType != 'image/x-photoshop' && $mimeType != 'image/psd' && $mimeType != 'application/photoshop' && $mimeType != 'application/psd') { $mimeExt = 'jpg'; $mimeType = 'image/jpeg'; } } } } } break; case 'video/quicktime': case 'video/mpeg': case 'video/x-flv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-shockwave-flash': case 'video/mp4': case 'video/x-m4v': $mimeType = $mimeInfo['mime_type']; if ($filetype == 'video/mp4') { $mimeExt = 'mp4'; } // process video format $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt; $rc = @copy($filename, $media_orig); if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); $mediaType = 1; } $video_attached_thumbnail = MG_videoThumbnail($albums, $media_orig, $media_filename); break; case 'application/ogg': case 'audio/mpeg': case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': $mimeType = $mimeInfo['mime_type']; // process audio format $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt; $rc = @copy($filename, $media_orig); if (isset($mimeInfo['tags']['id3v1']['title'][0])) { if ($caption == '') { $caption = $mimeInfo['tags']['id3v1']['title'][0]; } } if (isset($mimeInfo['tags']['id3v1']['artist'][0])) { $artist = DB_escapeString($mimeInfo['tags']['id3v1']['artist'][0]); } if (isset($mimeInfo['tags']['id3v2']['genre'][0])) { $genre = DB_escapeString($mimeInfo['tags']['id3v2']['genre'][0]); } if (isset($mimeInfo['tags']['id3v1']['album'][0])) { $musicAlbum = DB_escapeString($mimeInfo['tags']['id3v1']['album'][0]); } if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 2; } break; case 'zip': case 'application/zip': if ($_MG_CONF['zip_enabled']) { $errMsg .= MG_processZip($filename, $albums, $purgefiles, $media_filename); break; } // NO BREAK HERE, fall through if enable zip isn't allowed // NO BREAK HERE, fall through if enable zip isn't allowed default: $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $mimeType = $mimeInfo['mime_type']; $rc = @copy($filename, $media_orig); if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 4; } $mediaType = 4; break; } // update quota $quota = $MG_albums[$albums]->album_disk_usage; if ($_MG_CONF['discard_original'] == 1) { $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt); $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . '.jpg'); } else { $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt); } DB_query("UPDATE {$_TABLES['mg_albums']} SET album_disk_usage=" . $quota . " WHERE album_id=" . $albums); if ($errors) { @unlink($tmpPath); return array(false, $errMsg); } if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) { // Now we need to process an uploaded thumbnail if ($gotTN == 1) { $mp3TNFilename = $_MG_CONF['tmp_path'] . '/mp3tn' . time() . '.jpg'; $fn = fopen($mp3TNFilename, "w"); fwrite($fn, $mp3AttachdedThumbnail); fclose($fn); $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($albums, $mp3TNFilename, $saveThumbnailName); @unlink($mp3TNFilename); $atttn = 1; } else { if ($atttn == 1) { $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($albums, $thumbnail, $saveThumbnailName); } } if ($video_attached_thumbnail) { $atttn = 1; } if ($MG_albums[$albums]->enable_html != 1) { // if ($_MG_CONF['htmlallowed'] != 1 ) { $media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description))))); $media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption))))); $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords))))); } else { $media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description))); $media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption))); $media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords))); } // Check and see if moderation is on. If yes, place in mediasubmission if ($MG_albums[$albums]->moderate == 1 && !$MG_albums[0]->owner_id) { $tableMedia = $_TABLES['mg_mediaqueue']; $tableMediaAlbum = $_TABLES['mg_media_album_queue']; $queue = 1; } else { $tableMedia = $_TABLES['mg_media']; $tableMediaAlbum = $_TABLES['mg_media_albums']; $queue = 0; } $original_filename = DB_escapeString($file); if ($MG_albums[$albums]->filename_title) { if ($media_caption == '') { $pos = strrpos($original_filename, '.'); if ($pos === false) { $media_caption = $original_filename; } else { $media_caption = substr($original_filename, 0, $pos); } } } $resolution_x = 0; $resolution_y = 0; // try to find a resolution if video... if ($mediaType == 1) { switch ($mimeType) { case 'application/x-shockwave-flash': case 'video/quicktime': case 'video/mpeg': case 'video/x-m4v': if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } else { $resolution_x = -1; $resolution_y = -1; } break; case 'video/x-flv': if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) { if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) { $resolution_x = $mimeInfo['meta']['onMetaData']['width']; $resolution_y = $mimeInfo['meta']['onMetaData']['height']; } else { $resolution_x = -1; $resolution_y = -1; } } else { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } break; case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) { $resolution_x = $mimeInfo['video']['streams']['2']['resolution_x']; $resolution_y = $mimeInfo['video']['streams']['2']['resolution_y']; } else { $resolution_x = -1; $resolution_y = -1; } break; } } if ($replace > 0) { $sql = "UPDATE " . $tableMedia . " SET\n\t \t\t\t\t\tmedia_filename='" . DB_escapeString($media_filename) . "',\n\t \t\t\t\t\tmedia_original_filename='{$original_filename}',\n\t \t\t\t\t\tmedia_mime_ext='" . DB_escapeString($mimeExt) . "',\n\t \t\t\t\t\tmime_type='" . DB_escapeString($mimeType) . "',\n\t \t\t\t\t\tmedia_time='" . DB_escapeString($media_time) . "',\n\t \t\t\t\t\tmedia_user_id='" . DB_escapeString($media_user_id) . "',\n\t \t\t\t\t\tmedia_type='" . DB_escapeString($mediaType) . "',\n\t \t\t\t\t\tmedia_upload_time='" . DB_escapeString($media_upload_time) . "',\n\t \t\t\t\t\tmedia_watermarked='" . DB_escapeString($successfulWatermark) . "',\n\t \t\t\t\t\tmedia_resolution_x='" . DB_escapeString($resolution_x) . "',\n\t \t\t\t\t\tmedia_resolution_y='" . DB_escapeString($resolution_y) . "'\n\t \t\t\t\t\tWHERE media_id='" . DB_escapeString($replace) . "'"; DB_query($sql); } else { $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url,artist,album,genre)\n\t VALUES ('{$new_media_id}','{$media_filename}','{$original_filename}','{$mimeExt}','1','{$mimeType}','{$media_caption}','{$media_desc}','{$media_keywords}','{$media_time}','0','0','0','0.00','{$atttn}','','1','{$media_user_id}','','0','{$mediaType}','{$media_upload_time}','{$category}','{$successfulWatermark}','0','0',{$resolution_x},{$resolution_y},0,'','{$artist}','{$musicAlbum}','{$genre}');"; DB_query($sql); $x = 0; $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . $albums; $result = DB_query($sql); $row = DB_fetchArray($result); $media_seq = $row['media_seq']; if ($media_seq < 10) { $media_seq = 10; } $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('{$new_media_id}', {$albums}, {$media_seq} )"; DB_query($sql); if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'"); } // update the media count for the album, only if no moderation... if ($queue == 0) { $MG_albums[$albums]->media_count++; DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $MG_albums[$albums]->media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$albums]->id . "'"); if ($_MG_CONF['update_parent_lastupdated'] == 1) { $currentAID = $MG_albums[$albums]->parent; while ($MG_albums[$currentAID]->id != 0) { DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$currentAID]->id . "'"); $currentAID = $MG_albums[$currentAID]->parent; } } if ($MG_albums[$albums]->cover == -1 && ($mediaType == 0 || $atttn == 1)) { if ($atttn == 1) { $covername = 'tn_' . $media_filename; } else { $covername = $media_filename; } DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $MG_albums[$albums]->id . "'"); } } $x++; } } if ($queue) { $errMsg .= $LANG_MG01['successful_upload_queue']; // ' successfully placed in Moderation queue'; } else { $errMsg .= $LANG_MG01['successful_upload']; // ' successfully uploaded to album'; } if ($queue == 0) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_buildAlbumRSS($albums); CACHE_remove_instance('whatsnew'); } @unlink($tmpPath); return array(true, $errMsg); }
/** * deletes specified album and moves contents if target_id not 0 * * @param int album_id album_id to delete * @param int target_id album id of where to move the delted albums contents * @return string HTML * */ function MG_deleteAlbum($album_id, $target_id, $actionURL = '') { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01; $album = new mgAlbum($album_id); if ($actionURL == '') { $actionURL = $_CONF['site_admin_url'] . '/plugins/mediagallery/index.php'; } // need to check perms here... if ($album->access != 3) { COM_errorLog("MediaGallery: Someone has tried to illegally delete an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return COM_showMessageText($LANG_MG00['access_denied_msg']); } if ($target_id == 0) { // Delete all images -- need to recurse through all sub-albums... MG_deleteChildAlbums($album_id); } else { // move the stuff to another album... // add a check to make sure we have edit rights to the target album... $sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($target_id); $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows <= 0) { COM_errorLog("MediaGallery: Deleting Album - ERROR - Target albums does not exist"); return COM_showMessageText($LANG_MG00['access_denied_msg']); } $row = DB_fetchArray($result); $access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']); if ($access != 3 && !SEC_hasRights('mediagallery.admin')) { COM_errorLog("MediaGallery: User attempting to move to an album that user does not have privelges too!"); return COM_showMessageText($LANG_MG00['access_denied_msg']); } DB_change($_TABLES['mg_media_albums'], 'album_id', intval($target_id), 'album_id', intval($album_id)); DB_change($_TABLES['mg_albums'], 'album_parent', intval($target_id), 'album_parent', intval($album_id)); DB_delete($_TABLES['mg_albums'], 'album_id', intval($album_id)); // update the media_count and thumbnail image for this album.... $dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', intval($target_id)); DB_change($_TABLES['mg_albums'], 'media_count', $dbCount, 'album_id', intval($target_id)); MG_resetAlbumCover($target_id); } // check and see if we need to reset the member_gallery flag... if ($_MG_CONF['member_albums'] == 1 && $album->parent == $_MG_CONF['member_album_root']) { $c = DB_count($_TABLES['mg_albums'], array('owner_id', 'album_parent'), array($album->owner_id, $album->parent)); if ($c == 0) { DB_change($_TABLES['mg_userprefs'], 'member_gallery', 0, 'uid', $album->owner_id); } } require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); if ($target_id != 0) { MG_buildAlbumRSS($target_id); } echo COM_refresh($actionURL); exit; }
function MG_upgrade_165() { global $_TABLES, $_CONF, $_MG_CONF; MG_buildFullRSS(); MGUPG_rebuildAllAlbumsRSS(0); return 0; }
function MG_purgeMemberAlbums() { global $_CONF, $_MG_CONF, $_TABLES, $LANG_MG01; $numItems = !empty($_POST['album']) ? count($_POST['album']) : 0; if ($numItems > 0) { for ($i = 0; $i < $numItems; $i++) { $album_id = COM_applyFilter($_POST['album'][$i], true); // grab owner ID $sql = "SELECT owner_id FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($album_id); $result = DB_query($sql); while (list($owner_id) = DB_fetchArray($result)) { DB_change($_TABLES['mg_userprefs'], 'member_gallery', 0, 'uid', $owner_id); } MG_deleteChildAlbums($album_id); } require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); } echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=8'); exit; }
function MG_purgeMemberAlbums() { global $MG_albums, $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01, $_POST; $numItems = count($_POST['album']); for ($i = 0; $i < $numItems; $i++) { // grab owner ID $result = DB_query("SELECT owner_id FROM {$_TABLES['mg_albums']} WHERE album_id=" . (int) COM_applyFilter($_POST['album'][$i], true)); $numRows = DB_numRows($result); if ($numRows > 0) { list($owner_id) = DB_fetchArray($result); DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=0 WHERE uid=" . $owner_id, 1); } MG_deleteChildAlbums((int) COM_applyFilter($_POST['album'][$i], true)); } MG_initAlbums(); require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=8'); exit; }