function MG_usageReport()
{
global $_TABLES, $_CONF, $_MG_CONF, $LANG_MG02, $LANG_MG01, $LANG30, $_POST;
$retval = '';
$T = new Template($_MG_CONF['template_path'] . '/admin');
$T->set_file('admin', 'usage_rpt.thtml');
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
$T->set_var('plugin', 'mediagallery');
$rpt_month = COM_applyFilter($_POST['month'], true);
$rpt_day = COM_applyFilter($_POST['day'], true);
$rpt_year = COM_applyFilter($_POST['year'], true);
$user = COM_applyFilter($_POST['user']);
$alldates = COM_applyFilter($_POST['alldates']);
if ($alldates == "on" && $user == "") {
return MG_errorHandler($LANG_MG02['usage_report_error1']);
}
if ($alldates == "") {
$begin_time = mktime(0, 0, 0, $rpt_month, $rpt_day, $rpt_year);
$end_time = mktime(23, 59, 59, $rpt_month, $rpt_day, $rpt_year);
$where = " WHERE (time >= {$begin_time} AND time <= {$end_time}) ";
} else {
$where = "";
}
if ($alldates == "" && $user != "") {
$where .= "AND ";
}
if ($user != "") {
if ($alldates == "on") {
$where .= "WHERE ";
}
$where .= " user_id='" . $user . "' ";
}
$sql = "SELECT * FROM {$_TABLES['mg_usage_tracking']} " . $where . " ORDER BY time";
$result = DB_query($sql);
$nRows = DB_numRows($result);
$i = 0;
$T->set_block('admin', 'usagerow', 'urow');
for ($x = 0; $x < $nRows; $x++) {
$row = DB_fetchArray($result);
if ($alldates == "on") {
$view_date = date("d-M-y @ h:i a", $row['time']);
} else {
$view_date = date("h:i a", $row['time']);
}
$T->set_var(array('usage_time' => $view_date, 'user_id' => $row['user_name'], 'application' => $row['application'], 'album_title' => stripslashes($row['album_title']), 'media_title' => stripslashes($row['media_title']) == "" ? $row['media_id'] ? $row['media_id'] : "" : $row['media_title'], 'media_link' => $_MG_CONF['site_url'] . '/media_popup.php?mid=' . $row['media_id'] . '&aid=0', 'rowclass' => $i % 2 ? '2' : '1'));
$i++;
$T->parse('urow', 'usagerow', true);
}
if ($alldates == "on") {
$rpt_date = $LANG_MG01['all_dates'];
} else {
$rpt_date = $LANG30[12 + $rpt_month] . ' ' . $rpt_day . ', ' . $rpt_year;
}
$T->set_var(array('report_date' => $rpt_date, 's_form_action' => $_MG_CONF['admin_url'] . 'usage_rpt.php', 'lang_usage_report' => $LANG_MG01['usage_report_header'], 'lang_time' => $LANG_MG01['time'], 'lang_user_id' => $LANG_MG01['user_id'], 'lang_application' => $LANG_MG01['application'], 'lang_album_title' => $LANG_MG01['album_title'], 'lang_media_title' => $LANG_MG01['mod_mediatitle'], 'lang_new_report' => $LANG_MG01['new_report']));
$T->parse('output', 'admin');
$retval .= $T->finish($T->get_var('output'));
return $retval;
}
} else {
$referer = '';
}
$themeStyle = MG_getThemeCSS(0);
if ($mode == $LANG_MG01['search'] && !empty($LANG_MG01['search']) || $mode == 'search') {
$keywords = isset($_REQUEST['keywords']) ? COM_applyFilter($_REQUEST['keywords']) : '';
$stype = isset($_REQUEST['keyType']) ? COM_applyFilter($_REQUEST['keyType']) : '';
$category = isset($_REQUEST['cat_id']) ? COM_applyFilter($_REQUEST['cat_id'], 1) : 0;
$skeywords = isset($_REQUEST['swhere']) ? COM_applyFilter($_REQUEST['swhere'], 1) : 1;
$numresults = isset($_REQUEST['numresults']) ? COM_applyFilter($_REQUEST['numresults'], true) : 10;
$users = isset($_REQUEST['uid']) ? COM_applyFilter($_REQUEST['uid'], true) : 0;
$sortyby = 'title';
$sortdirection = 'DESC';
if ($keywords == '') {
$display = MG_siteHeader();
$display .= MG_errorHandler($LANG_MG03['search_error']);
$display .= MG_siteFooter();
echo $display;
exit;
}
if ($keywords == '*') {
$keywords = '';
}
$keywords = strip_tags($keywords);
// build the query and put into our database...
$sqltmp = " WHERE 1=1 ";
$keywords_db = DB_escapeString($keywords);
if ($stype == 'phrase') {
// search phrase
switch ($skeywords) {
case 0:
require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php';
$retval .= MG_batchDeleteMedia($album_id, $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id);
CACHE_remove_instance('whatsnew');
break;
case 'album':
require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php';
$retval .= MG_deleteAlbumConfirm($album_id, $_MG_CONF['site_url'] . '/admin.php');
break;
case 'confalbum':
if (isset($_POST['target'])) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php';
$target_id = COM_applyFilter($_POST['target'], true);
$retval .= MG_deleteAlbum($album_id, $target_id, $_MG_CONF['site_url'] . '/index.php');
CACHE_remove_instance('whatsnew');
} else {
$retval .= MG_errorHandler($LANG_MG02['no_target_album']);
}
break;
case 'watermark':
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-watermark.php';
$retval .= MG_watermarkDelete();
break;
}
} else {
$retval .= MG_invalidRequest();
}
$display = MG_siteHeader();
$display .= $retval;
$display .= MG_siteFooter();
echo $display;
} else {
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=7');
}
break;
default:
header("Location: " . $_MG_CONF['admin_url'] . 'index.php');
exit;
}
} else {
if ($mode == 'remove') {
$step = COM_applyFilter($_GET['step']);
switch ($step) {
case 'one':
if ($_MG_CONF['discard_original'] != 1) {
$display = MG_siteHeader();
$display .= MG_errorHandler($LANG_MG01['remove_error']);
$display .= MG_siteFooter();
echo $display;
exit;
}
$T = new Template($_MG_CONF['template_path'] . '/admin');
$T->set_file(array('admin' => 'administration.thtml'));
$B = new Template($_MG_CONF['template_path'] . '/admin');
$B->set_file(array('admin' => 'thumbs.thtml'));
$B->set_var('site_url', $_CONF['site_url']);
$B->set_var('site_admin_url', $_CONF['site_admin_url']);
$B->set_var(array('lang_title' => $LANG_MG01['remove_originals'], 's_form_action' => $_MG_CONF['admin_url'] . 'maint.php?mode=remove&step=two', 'lang_next' => $LANG_MG01['next'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_help' => $LANG_MG01['remove_help'], 'lang_details' => $LANG_MG01['remove_details']));
$B->parse('output', 'admin');
$T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'admin_body' => $B->finish($B->get_var('output')), 'mg_navigation' => MG_navigation(), 'title' => $LANG_MG01['discard_originals'], 'lang_admin' => $LANG_MG00['admin'], 'version' => $_MG_CONF['version'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?"/>', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#Discard_Original_Images'));
$T->parse('output', 'admin');
$display = COM_siteHeader();
function MG_sendPostCard()
{
global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST;
global $LANG_DIRECTION, $LANG_CHARSET;
$mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true));
$toname = COM_applyFilter($_POST['toname']);
$toemail = COM_applyFilter($_POST['toemail']);
$fromname = COM_applyFilter($_POST['fromname']);
$fromemail = COM_applyFilter($_POST['fromemail']);
$subject = strip_tags(COM_checkWords($_POST['subject']));
$message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message'])));
$ccself = isset($_POST['ccself']) ? 1 : 0;
$errCount = 0;
$msg = '';
if (!COM_isEmail($toemail)) {
$errCount++;
}
if (!COM_isEmail($fromemail)) {
$errCount++;
}
if (empty($subject)) {
$errCount++;
}
if (empty($message)) {
$errCount++;
}
$captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : '';
$msg = PLG_itemPreSave('mediagallery', $captchaString);
if ($msg != '') {
$errCount++;
}
if ($errCount > 0) {
return MG_editPostCard('edit', $mid, $msg);
}
$retval = '';
$aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"');
if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows < 1) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$M = DB_fetchArray($result);
// trim the database
$purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400;
DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate);
// save this one in the database
$newsubject = DB_escapeString($subject);
$newmessage = DB_escapeString($message);
$pcId = COM_makesid();
$pc_time = time();
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = (int) $_USER['uid'];
}
$sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog("Media Gallery: Error saving postcard");
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard');
$last = COM_checkSpeedlimit('mgpostcard');
if ($last > 0) {
$msg = sprintf($LANG_MG02['postcard_speedlimit'], $last);
return MG_errorHandler($msg);
}
$alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId;
// build the template...
$T = new Template(MG_getTemplatePath($aid));
$T->set_file('postcard', 'postcard.thtml');
$media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg');
if (empty($LANG_DIRECTION)) {
// default to left-to-right
$direction = 'ltr';
} else {
$direction = $LANG_DIRECTION;
}
if (empty($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
$T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit']));
$T->parse('output', 'postcard');
$retval .= $T->finish($T->get_var('output'));
$msgData['subject'] = htmlspecialchars($subject);
$msgData['htmlmessage'] = $retval;
$msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link);
$msgData['from']['email'] = $fromemail;
$msgData['from']['name'] = $fromname;
$msgData['to'][] = array('email' => $toemail, 'name' => $toname);
if ($ccself) {
$msgData['to'][] = array('email' => $fromemail, 'name' => $fromname);
}
foreach ($_MG_CONF['validExtensions'] as $tnext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) {
$msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']);
}
}
$msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif');
COM_emailNotification($msgData);
$msgNo = 8;
// update the sent post card database...Or maybe just log it in an error log?
$logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid;
MG_postcardLog($logentry);
COM_updateSpeedlimit('mgpostcard');
header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid);
exit;
}
/**
* Save user uploads
*
* @param int album_id album_id save uploaded media
* @return string HTML
*
*/
function MG_saveRemoteUpload($albumId)
{
global $MG_albums, $_FILES, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG01, $LANG_MG02, $LANG_MG03, $_POST;
$retval = '';
$retval .= COM_startBlock($LANG_MG03['upload_results'], '', COM_getBlockTemplate('_admin_block', 'header'));
$T = new Template(MG_getTemplatePath($albumId));
$T->set_file('mupload', 'useruploadstatus.thtml');
$T->set_var('site_url', $_CONF['site_url']);
$statusMsg = '';
$file = array();
$file = $_FILES['thumbnail'];
$successfull_upload = 0;
$remoteURL = array();
$remoteURL = $_POST['remoteurl'];
$totalUploads = count($remoteURL);
for ($i = 0; $i < $totalUploads; $i++) {
$errorFound = 0;
if ($remoteURL[$i] == '') {
continue;
}
$URL = $remoteURL[$i];
$uploadType = COM_applyFilter($_POST['type'][$i]);
$caption = $_POST['caption'][$i];
$description = $_POST['description'][$i];
$keywords = $_POST['keywords'][$i];
$category = COM_applyFilter($_POST['cat_id'][$i], true);
$thumbnail = $file['tmp_name'][$i];
$resolution_x = isset($_POST['width'][$i]) ? COM_applyFilter($_POST['width'][$i], true) : 0;
$resolution_y = isset($_POST['height'][$i]) ? COM_applyFilter($_POST['height'][$i], true) : 0;
if ($thumbnail != '') {
$attachedThumbnail = 1;
} else {
//Jon Deliz:THUMBNAIL: custom code to check and see if uploadType is 4 (JPG) or 6 (GIF).
// If you add other options for photos and want the thumbnail generation to work, you must
// add them to this list!!!
if (in_array($uploadType, array(4, 6, 7, 8)) && $_MG_CONF['enable_remote_images'] == 1) {
$attachedThumbnail = 1;
$thumbnail = $URL;
} else {
$attachedThumbnail = 0;
}
}
// set the mime type here
switch ($uploadType) {
case 0:
// streaming FLV
$mimeType = 'video/x-flv';
$urlParts = array();
$urlParts = parse_url($URL);
$pathParts = array();
$pathParts = explode('/', $urlParts['path']);
$ppCount = count($pathParts);
$pPath = '';
for ($x = 1; $x < $ppCount - 1; $x++) {
$pPath .= '/' . $pathParts[$x];
}
$videoFile = $pathParts[$ppCount - 1];
if ($urlParts['scheme'] != 'rtmp' && $urlParts['scheme'] != 'rtsp') {
$statusMsg .= sprintf($LANG_MG02['invalid_remote_url'] . '<br>', $i);
$errorFound++;
$retval = MG_errorHandler($statusMsg);
return $retval;
}
break;
case 1:
$mimeType = 'video/quicktime';
break;
case 2:
$mimeType = 'video/x-ms-asf';
break;
case 3:
$mimeType = 'audio/mpeg';
break;
case 4:
$mimeType = 'image/jpg';
break;
case 5:
$mimeType = 'embed';
$videoFile = 'Embedded Video';
if (!preg_match("/embed/i", $URL) && !preg_match("/movie/i", $URL)) {
$statusMsg .= sprintf($LANG_MG02['invalid_embed_url'] . '<br>', $i);
$errorFound++;
$retval = MG_errorHandler($statusMsg);
return $retval;
exit;
}
break;
case 6:
$mimeType = 'image/gif';
break;
case 7:
$mimeType = 'image/png';
break;
case 8:
//new case item added to handle GIF images. Approx. line 209
$mimeType = 'image/bmp';
break;
default:
$fileNumber = $i + 1;
$retval = MG_errorHandler($LANG_MG01['file_number'] . ' ' . $fileNumber . ' - ' . $LANG_MG02['no_format']);
return $retval;
exit;
}
if ($errorFound) {
continue;
}
list($rc, $msg) = MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y);
$statusMsg .= $msg . "<br />";
if ($rc == true) {
$successfull_upload++;
}
}
if ($successfull_upload) {
MG_notifyModerators($albumId);
}
// failsafe check - after all the uploading is done, double check that the database counts
// equal the actual count of items shown in the database, if not, fix the counts and log
// the error
$dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', intval($albumId));
$aCount = DB_getItem($_TABLES['mg_albums'], 'media_count', "album_id=" . intval($albumId));
if ($dbCount != $aCount) {
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $dbCount . " WHERE album_id=" . intval($albumId));
COM_errorLog("MediaGallery: Upload processing - Counts don't match - dbCount = " . $dbCount . " aCount = " . $aCount);
}
$T->set_var('status_message', $statusMsg);
$tmp = $_MG_CONF['site_url'] . '/album.php?aid=' . $albumId . '&page=1';
$redirect = sprintf($LANG_MG03['album_redirect'], $tmp);
$T->set_var('redirect', $redirect);
$T->parse('output', 'mupload');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* saves the specified album information
*
* @param int album_id album_id to edit
* @return string HTML
*
*/
function MG_saveAlbum($album_id, $actionURL = '')
{
global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
$update = 0;
if (isset($_POST['album_id'])) {
$aid = COM_applyFilter($_POST['album_id'], true);
} else {
$aid = 0;
}
if (isset($_POST['force_child_update'])) {
$forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true);
} else {
$forceChildPermUpdate = 0;
}
$thumb = $_FILES['thumbnail'];
$thumbnail = $thumb['tmp_name'];
if (isset($_POST['attach_tn'])) {
$att = COM_applyFilter($_POST['attach_tn']);
} else {
$att = 0;
}
if ($aid > 0) {
// should be 0 or negative 1 for create
$album = $MG_albums[$aid];
$oldparent = $album->parent;
$old_tn_attached = $album->tn_attached;
$old_featured = $album->featured;
$update = 1;
} else {
$album = new mgAlbum();
$album->id = $aid;
$update = 0;
$old_tn_attached = 0;
}
if ($_MG_CONF['htmlallowed'] == 1) {
$album->title = COM_checkHTML(COM_killJS($_POST['album_name']));
$album->description = COM_checkHTML(COM_killJS($_POST['album_desc']));
} else {
$album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name']))));
$album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc']))));
}
if ($album->title == "") {
return MG_errorHandler("You must enter an Album Name");
}
$album->parent = COM_applyFilter($_POST['parentaid'], true);
// we should not need this
if (isset($_POST['hidden'])) {
$album->hidden = COM_applyFilter($_POST['hidden'], true);
} else {
$album->hidden = 0;
}
$album->cover = COM_applyFilter($_POST['cover']);
$album->cover_filename = COM_applyFilter($_POST['album_cover_filename']);
if (isset($_POST['enable_album_views'])) {
$album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true);
} else {
$album->enable_album_views = 0;
}
$album->image_skin = COM_applyFilter($_POST['skin']);
$album->album_skin = COM_applyFilter($_POST['askin']);
$album->display_skin = COM_applyFilter($_POST['dskin']);
if (isset($_POST['display_album_desc'])) {
$album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true);
} else {
$album->display_album_desc = 0;
}
if (isset($_POST['enable_comments'])) {
$album->enable_comments = COM_applyFilter($_POST['enable_comments'], true);
} else {
$album->enable_comments = 0;
}
$album->exif_display = COM_applyFilter($_POST['enable_exif'], true);
if (isset($_POST['enable_rating'])) {
$album->enable_rating = COM_applyFilter($_POST['enable_rating'], true);
} else {
$album->enable_rating = 0;
}
$album->playback_type = COM_applyFilter($_POST['playback_type'], true);
$album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0;
$album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true);
if (isset($_POST['enable_random'])) {
$album->enable_random = COM_applyFilter($_POST['enable_random'], true);
} else {
$album->enable_random = 0;
}
if (isset($_POST['enable_shutterfly'])) {
$album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true);
} else {
$album->enable_shutterfly = 0;
}
if (isset($_POST['enable_views'])) {
$album->enable_views = COM_applyFilter($_POST['enable_views'], true);
} else {
$album->enable_views = 0;
}
if (isset($_POST['enable_keywords'])) {
$album->enable_keywords = COM_applyFilter($_POST['enable_keywords'], true);
} else {
$album->enable_keywords = 0;
}
if (isset($_POST['enable_sort'])) {
$album->enable_sort = COM_applyFilter($_POST['enable_sort'], true);
} else {
$album->enable_sort = 0;
}
if (isset($_POST['enable_rss'])) {
$album->enable_rss = COM_applyFilter($_POST['enable_rss'], true);
} else {
$album->enable_rss = 0;
}
$album->enable_postcard = COM_applyFilter($_POST['enable_postcard'], true);
if (isset($_POST['albums_first'])) {
$album->albums_first = COM_applyFilter($_POST['albums_first'], true);
} else {
$album->albums_first = 0;
}
if (isset($_POST['allow_download'])) {
$album->allow_download = COM_applyFilter($_POST['allow_download'], true);
} else {
$album->allow_download = 0;
}
if (isset($_POST['usealternate'])) {
$album->useAlternate = COM_applyFilter($_POST['usealternate'], true);
} else {
$album->useAlternate = 0;
}
$album->full = COM_applyFilter($_POST['full_display'], true);
$album->tn_size = COM_applyFilter($_POST['tn_size'], true);
$album->max_image_height = COM_applyFilter($_POST['max_image_height'], true);
$album->max_image_width = COM_applyFilter($_POST['max_image_width'], true);
$album->max_filesize = COM_applyFilter($_POST['max_filesize'], true);
if ($album->max_filesize != 0) {
$album->max_filesize = $album->max_filesize * 1024;
}
$album->display_image_size = COM_applyFilter($_POST['display_image_size'], true);
$album->display_rows = COM_applyFilter($_POST['display_rows'], true);
$album->display_columns = COM_applyFilter($_POST['display_columns'], true);
$album->skin = COM_applyFilter($_POST['album_theme']);
if (isset($_POST['filename_title'])) {
$album->filename_title = COM_applyFilter($_POST['filename_title'], true);
} else {
$album->filename_title = 0;
}
$album->shopping_cart = 0;
if (isset($_POST['wm_auto'])) {
$album->wm_auto = COM_applyFilter($_POST['wm_auto'], true);
} else {
$album->wm_auto = 0;
}
$album->wm_id = COM_applyFilter($_POST['wm_id']);
$album->wm_opacity = COM_applyFilter($_POST['wm_opacity'], true);
$album->wm_location = COM_applyFilter($_POST['wm_location'], true);
$album->album_sort_order = COM_applyFilter($_POST['album_sort_order'], true);
if (isset($_POST['uploads'])) {
$album->member_uploads = COM_applyFilter($_POST['uploads'], true);
} else {
$album->member_uploads = 0;
}
if (isset($_POST['moderate'])) {
$album->moderate = COM_applyFilter($_POST['moderate'], true);
} else {
$album->moderate = 0;
}
if (isset($_POST['email_mod'])) {
$album->email_mod = COM_applyFilter($_POST['email_mod'], true);
} else {
$album->email_mod = 0;
}
if (isset($_POST['podcast'])) {
$album->podcast = COM_applyFilter($_POST['podcast'], true);
} else {
$album->podcast = 0;
}
if (isset($_POST['mp3ribbon'])) {
$album->mp3ribbon = COM_applyFilter($_POST['mp3ribbon'], true);
} else {
$album->mp3ribbon = 0;
}
if (isset($_POST['rsschildren'])) {
$album->rssChildren = COM_applyFilter($_POST['rsschildren'], true);
} else {
$album->rssChildren = 0;
}
if (isset($_POST['tnheight'])) {
$album->tnHeight = COM_applyFilter($_POST['tnheight'], true);
if ($album->tnHeight == 0) {
$album->tnHeight = 200;
}
} else {
$album->tnHeight = 200;
}
if (isset($_POST['tnwidth'])) {
$album->tnWidth = COM_applyFilter($_POST['tnwidth'], true);
if ($album->tnWidth == 0) {
$album->tnWidth = 200;
}
} else {
$album->tnWidth = 200;
}
if (SEC_hasRights('mediagallery.admin')) {
$format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0;
$format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0;
$format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0;
$format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0;
$format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0;
$format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0;
$format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0;
$format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0;
$format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0;
$format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0;
$format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0;
$format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0;
$format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0;
$format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0;
$format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0;
$format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0;
$format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0;
$format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0;
$format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0;
$album->valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb;
if (isset($_POST['featured'])) {
$album->featured = COM_applyFilter($_POST['featured'], true);
// admin only
} else {
$album->featured = 0;
}
$album->cbposition = COM_applyFilter($_POST['featureposition'], true);
// admin only
$album->cbpage = COM_applyFilter($_POST['featurepage']);
// admin only
$album->group_id = isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id']) : 0;
// admin only
$album->mod_group_id = isset($_POST['mod_id']) ? COM_applyFilter($_POST['mod_id'], true) : 0;
// admin only
$perm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0;
// admin only
$perm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0;
// admin only
$perm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0;
$perm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0;
list($album->perm_owner, $album->perm_group, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
} else {
$perm_owner = $album->perm_owner;
// already set by existing album?
$perm_group = $album->perm_group;
// already set by existing album?
if ($update == 0) {
if (isset($MG_albums[$album->parent]->group_id)) {
$grp_id = $MG_albums[$album->parent]->group_id;
$album->group_id = $grp_id;
} else {
$gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'");
$grow = DB_fetchArray($gresult);
$grp_id = $grow['grp_id'];
$album->group_id = $grp_id;
// only do these two if create....
}
$album->mod_group_id = $_MG_CONF['member_mod_group_id'];
if ($album->mod_group_id == '' || $album->mod_group_id < 1) {
$album->mod_group_id = $grp_id;
}
}
$perm_members = $_POST['perm_members'];
$perm_anon = $_POST['perm_anon'];
list($junk1, $junk2, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
if (isset($_POST['owner_id'])) {
$album->owner_id = COM_applyFilter($_POST['owner_id']);
} else {
$album->owner_id = 2;
}
// simple check to see if we can create off the album root...
if (!SEC_hasRights('mediagallery.admin')) {
if ($album->parent == $_MG_CONF['member_album_root'] && $update == 0) {
if ($_MG_CONF['member_create_new'] == 0) {
return MG_errorHandler("Cannot create a new album off the member root, please select a new parent album");
}
}
}
// final permission check to make sure we have the proper rights to create here....
if ($album->parent == 0 && $update == 0 && !$_MG_CONF['member_albums'] == 1 && !$_MG_CONF['member_album_root'] == 0) {
// see if we are mediagallery.admin
if (!SEC_hasRights('mediagallery.admin')) {
COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album in Root. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
}
} elseif ($album->parent != 0) {
if (!isset($MG_albums[$album->parent]->id)) {
// does not exist...
COM_errorLog("MediaGallery: Someone has tried to save a album to non-existent parent album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
} else {
if ($MG_albums[$album->parent]->access != 3 && !SEC_hasRights('mediagallery.admin') && !$_MG_CONF['member_albums'] && !($_MG_CONF['member_album_root'] == $MG_album[$album->parent]->id)) {
COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
}
}
}
if ($old_tn_attached == 0 && $album->tn_attached == 1 && $thumb['tmp_name'] == '') {
$album->tn_attached = 0;
}
if ($old_tn_attached == 1 && $album->tn_attached == 0) {
$remove_old_tn = 1;
} else {
$remove_old_tn = 0;
}
if ($thumb['tmp_name'] != '' && $album->tn_attached == 1) {
$thumbnail = $thumb['tmp_name'];
$attachtn = 1;
} else {
$attachtn = 0;
}
// pull the watermark id associated with the filename...
if ($album->wm_id == 'blank.png') {
$wm_id = 0;
} else {
$wm_id = DB_getItem($_TABLES['mg_watermarks'], 'wm_id', 'filename="' . DB_escapeString($album->wm_id) . '"');
}
if ($wm_id == '') {
$wm_id = 0;
}
if ($wm_id == 0) {
$album->wm_auto = 0;
}
$album->wm_id = $wm_id;
// handle new featured albums
if (SEC_hasRights('mediagallery.admin')) {
if ($album->featured) {
// check for other featured albums, we can only have one
$sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE featured=1 AND cbpage='" . DB_escapeString($album->cbpage) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$row = DB_fetchArray($result);
$sql = "UPDATE {$_TABLES['mg_albums']} SET featured=0 WHERE album_id=" . $row['album_id'];
DB_query($sql);
}
}
} else {
// if a new album, set the member album defaults since we are a non-admin
if ($album->isMemberAlbum() && update == 0) {
$album->perm_owner = $_MG_CONF['member_perm_owner'];
$album->perm_group = $_MG_CONF['member_perm_group'];
$album->enable_random = $_MG_CONF['member_enable_random'];
$album->max_image_height = $_MG_CONF['member_max_height'];
$album->max_image_width = $_MG_CONF['member_max_width'];
$album->max_filesize = $_MG_CONF['member_max_filesize'];
$album->member_uploads = $_MG_CONF['member_uploads'];
$album->moderate = $_MG_CONF['member_moderate'];
$album->email_mod = $_MG_CONF['member_email_mod'];
$album->valid_formats = $_MG_CONF['member_valid_formats'];
}
}
$album->title = substr($album->title, 0, 254);
if ($_DB_dbms == "mssql") {
$album->description = substr($album->description, 0, 1500);
}
if ($album->last_update == '') {
$album->last_update = 0;
}
$album->last_update = intval($album->last_update);
if ($album->id < 1) {
$album->id = $album->createAlbumID();
$aid = $album->id;
$album->order = $album->getNextSortOrder();
}
if ($album->id == 0) {
COM_errorLog("MediaGallery: Internal Error - album_id = 0 - Contact mark@glfusion.org ");
return MG_genericError($LANG_MG00['access_denied_msg']);
}
$album->saveAlbum();
$album->updateChildPermissions($forceChildPermUpdate);
// now handle the attached cover...
if ($attachtn == 1) {
if (!function_exists('MG_getFile')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
}
$media_filename = $_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id;
MG_attachThumbnail($album->id, $thumbnail, $media_filename);
}
if ($remove_old_tn == 1) {
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext)) {
@unlink($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext);
break;
}
}
}
MG_initAlbums(1);
// do any album sorting here...
if (isset($MG_albums[$aid]) && $MG_albums[$aid]->parent == 0) {
switch ($MG_albums[$aid]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($aid, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($aid, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($aid, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($aid, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($aid, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($aid, 3, 1, 0);
break;
default:
// skip it...
break;
}
} else {
// not a root album...
switch ($MG_albums[$MG_albums[$aid]->parent]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 1, 0);
break;
default:
// skip it...
break;
}
// now call it for myself to sort my subs
switch ($MG_albums[$aid]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($aid, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($aid, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($aid, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($aid, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($aid, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($aid, 3, 1, 0);
break;
default:
// skip it...
break;
}
}
if (!function_exists('MG_buildFullRSS')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
}
MG_buildFullRSS();
MG_buildAlbumRSS($album->id);
$actionURL = $_MG_CONF['site_url'] . '/album.php?aid=' . $album->id;
echo COM_refresh($actionURL);
exit;
}
function MG_listDir($dir, $album_id, $purgefiles, $recurse)
{
global $album_selectbox, $MG_albums, $_FILES, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03, $_POST;
global $destDirCount;
global $pCount;
// What we may do is scan for directories first, build that array
// then scan for files and build that array, I always want the directories to be on the top!
// array_multisort()
$x = strlen($_MG_CONF['ftp_path']);
$x--;
if ($_MG_CONF['ftp_path'][$x] == '/' || $_MG_CONF['ftp_path'][$x] == '\\') {
$directory = $_MG_CONF['ftp_path'] . $dir;
} else {
$directory = $_MG_CONF['ftp_path'] . '/' . $dir;
}
if (!@is_dir($directory)) {
return MG_errorHandler($LANG_MG02['invalid_directory'] . '<br />' . $directory);
}
if (!($dh = @opendir($directory))) {
return MG_errorHandler($LANG_MG02['directory_error']);
}
$directory = trim($directory);
if ($directory[strlen($directory) - 1] != '/') {
$directory = $directory . '/';
}
/*
* Currently we have disabled the selection of Root album.
* This could cause a problem with the 'create the album structure' feature
* Need to come up with a better way to handle this.
*/
$level = 0;
$album_selectbox = '';
if (SEC_hasRights('mediagallery.admin') || $_MG_CONF['member_albums'] == 1 && $_MG_CONF['member_album_root'] == 0) {
$album_selectbox .= '<option value="0">' . $LANG_MG01['root_album'] . '</option>';
}
$MG_albums[0]->buildAlbumBox($album_id, 3, -1, 'upload');
$album_selectbox .= '</select>';
$rowcounter = 0;
$retval = '';
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file(array('admin' => 'filelist.thtml'));
$T->set_var(array('lang_put_files' => $LANG_MG01['put_files'], 'lang_into_album' => $LANG_MG01['into_album']));
$destDirCount++;
$dest = sprintf("d%04d", $destDirCount);
$T->set_block('admin', 'dirRow', 'dRow');
if ($dir == '') {
$pdir = './';
} else {
$pdir = $dir;
}
$T->set_var(array('directory' => $pdir, 'destination' => '<select name="' . $dest . '">' . $album_selectbox, 'dirdest' => $dest));
$T->set_block('admin', 'fileRow', 'fRow');
// calculate parent directory...
$dirParts = array();
$dirParts = explode('/', $dir);
$numDirs = count($dirParts);
$dirPath = '';
if ($numDirs > 1) {
for ($x = 0; $x < $numDirs - 1; $x++) {
$dirPath .= $dirParts[$x];
if ($x < $numDirs - 2) {
$dirPath .= '/';
}
}
$T->set_var(array('row_class' => $rowcounter % 2 ? '2' : '1', 'checkbox' => '', 'palbum' => '', 'pfile' => '', 'dirid' => '', 'filename' => '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=list&album_id=' . $album_id . '&dir=' . $dirPath . '">Parent directory</a>', 'fullname' => '', 'filesize' => '', 'parent_select' => '', 'color' => '', 'type' => ''));
$T->parse('fRow', 'fileRow', true);
$rowcounter++;
}
while (($file = readdir($dh)) != false) {
if ($file == '..' || $file == '.') {
continue;
}
$filename = $file;
$filetmp = $directory . $file;
$filename = basename($file);
$file_extension = strtolower(substr(strrchr($filename, "."), 1));
if (is_dir($filetmp)) {
$isadirectory = 1;
$type = 'Directory';
$fullDir = urlencode($dir . '/' . $filename);
$dirlink = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?album_id=' . $album_id . '&mode=list&dir=' . $fullDir . '">' . $filename . '</a>';
} else {
$isadirectory = 0;
}
if ($isadirectory == 0) {
switch ($file_extension) {
case 'jpg':
case 'bmp':
case 'tif':
case 'png':
$type = 'Image';
break;
case 'avi':
case 'wmv':
case 'asf':
case 'mov':
$type = 'Video';
break;
case 'mp3':
case 'ogg':
$type = 'Audio';
break;
default:
$type = 'Unknown';
break;
}
}
if ($MG_albums[$album_id]->max_filesize != 0 && filesize($filetmp) > $MG_albums[$album_id]->max_filesize) {
$toobig = 1;
} else {
$toobig = 0;
}
$pCount++;
$pvalue = sprintf("i%04d", $pCount);
$T->set_var(array('row_class' => $rowcounter % 2 ? '2' : '1', 'checkbox' => '<input type="checkbox" name="pic[]" value="' . $pvalue . '"/>', 'palbum' => '<input type="hidden" name="album_lb_id_' . $pvalue . '" value="' . $dest . '"/>', 'pfile' => '<input type="hidden" name="picfile_' . $pvalue . '" value="' . $filetmp . '"/>', 'dirid' => '<input type="hidden" name="dest" value="' . $dest . '"/>', 'filename' => $isadirectory ? $dirlink : $filename, 'fullname' => $filetmp, 'filesize' => COM_numberFormat(filesize($filetmp) / 1024) . ' kB', 'parent_select' => '<select name="parentaid">' . $album_selectbox, 'color' => $toobig ? '<span style="font-color:red;">' : '<span style="font-color:black;">', 'type' => $type));
$T->parse('fRow', 'fileRow', true);
$rowcounter++;
}
$T->parse('dRow', 'dirRow', true);
closedir($dh);
$T->parse('output', 'admin');
$retval .= $T->finish($T->get_var('output'));
return $retval;
}
function MG_processDir($dir, $album_id, $purgefiles, $recurse)
{
global $MG_albums, $_FILES, $_CONF, $_MG_CONF, $LANG_MG02, $_POST;
if (!@is_dir($dir)) {
$display = MG_siteHeader();
$display .= MG_errorHandler($LANG_MG02['invalid_directory']);
$display .= MG_siteFooter();
echo $display;
exit;
}
if (!($dh = @opendir($dir))) {
$display = MG_siteHeader();
$display .= MG_errorHandler($LANG_MG02['directory_error']);
$display .= MG_siteFooter();
echo $display;
exit;
}
while (($file = readdir($dh)) != false) {
if ($file == '..' || $file == '.') {
continue;
}
set_time_limit(60);
$filename = $file;
if (PHP_OS == "WINNT") {
$filetmp = $dir . "\\" . $file;
} else {
$filetmp = $dir . '/' . $file;
}
if (is_dir($filetmp)) {
if ($recurse) {
$statusMsg .= MG_processDir($filetmp, $album_id, $purgefiles, $recurse);
}
} else {
$filename = basename($file);
$file_extension = strtolower(substr(strrchr($filename, "."), 1));
if ($MG_albums[$album_id]->max_filesize != 0 && filesize($filetmp) > $MG_albums[$album_id]->max_filesize) {
COM_errorLog("MG Upload: File " . $file . " exceeds maximum filesize for this album.");
$statusMsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'] . '<br/>', $file);
continue;
}
//This will set the Content-Type to the appropriate setting for the file
switch ($file_extension) {
case "exe":
$filetype = "application/octet-stream";
break;
case "zip":
$filetype = "application/zip";
break;
case "mp3":
$filetype = "audio/mpeg";
break;
case "mpg":
$filetype = "video/mpeg";
break;
case "avi":
$filetype = "video/x-msvideo";
break;
default:
$filetype = "application/force-download";
}
list($rc, $msg) = MG_getFile($filetmp, $file, $album_id, '', '', 0, $purgefiles, $filetype, 0, '', '', 0, 0, 0);
$statusMsg .= $file . " " . $msg . "<br/>";
}
}
closedir($dh);
return $statusMsg;
}
function MG_saveCategory($cat_id)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
$update = 0;
$A['cat_id'] = COM_applyFilter($_POST['cat_id'], true);
// if ($_MG_CONF['htmlallowed'] == 1 ) {
// $A['cat_name'] = DB_escapeString(COM_checkHTML(COM_killJS($_POST['cat_name'])));
// $A['cat_description'] = DB_escapeString(COM_checkHTML(COM_killJS($_POST['cat_desc'])));
// } else {
$A['cat_name'] = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_name'])))));
$A['cat_description'] = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_desc'])))));
// }
if ($A['cat_name'] == "") {
return MG_errorHandler($LANG_MG01['category_error']);
}
$sql = "SELECT MAX(cat_order) + 1 AS nextcat_order FROM " . $_TABLES['mg_category'];
$result = DB_query($sql);
$row = DB_fetchArray($result);
if ($row == NULL || $result == NULL) {
$A['cat_order'] = 10;
} else {
$A['cat_order'] = $row['nextcat_order'];
if ($A['cat_order'] < 0) {
$A['cat_order'] = 10;
}
}
if ($A['cat_order'] == NULL) {
$A['cat_order'] = 10;
}
//
// -- Let's make sure we don't have any SQL overflows...
//
$A['cat_name'] = substr($A['cat_name'], 0, 254);
if ($A['cat_id'] == 0) {
COM_errorLog("Media Gallery Internal Error - cat_id = 0 - Contact support@glfusion.org ");
return MG_genericError($LANG_MG00['access_denied_msg']);
}
DB_save($_TABLES['mg_category'], "cat_id,cat_name,cat_description,cat_order", "'{$A['cat_id']}','{$A['cat_name']}','{$A['cat_description']}',{$A['cat_order']}");
echo COM_refresh($_MG_CONF['admin_url'] . 'category.php');
exit;
}
