mirror of
https://github.com/Yetangitu/ampache
synced 2025-10-04 10:19:25 +02:00
221 lines
7.6 KiB
PHP
221 lines
7.6 KiB
PHP
<?php
|
|
/*
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public License
|
|
as published by the Free Software Foundation; either version 2
|
|
of the License, or (at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
/*
|
|
|
|
Copyright (c) 2003 Lamar
|
|
All rights reserved.
|
|
|
|
**Revised by Vollmerk**
|
|
**Chopped to bits and made into PHP nuggets by RosenSama** 2005
|
|
|
|
*/
|
|
|
|
/* FIXME: Things left to do
|
|
--need to add debug logging
|
|
--Add purge link in catalog admin
|
|
--Why do I need to echo something before the message table to show it?
|
|
--Handle when uploaded file is a compressed arvchive
|
|
--play quar song by admin
|
|
--TEST!
|
|
*/
|
|
|
|
require_once( "modules/init.php" );
|
|
|
|
// Set page header
|
|
show_template('header');
|
|
|
|
// Access Control
|
|
if(!$GLOBALS['user']->prefs['upload'] || conf('demo_mode')) {
|
|
access_denied();
|
|
}
|
|
|
|
$action = scrub_in( $_REQUEST['action'] );
|
|
|
|
switch( $action ) {
|
|
case 'upload':
|
|
/* Break if they don't have rights */
|
|
if (!$GLOBALS['user']->prefs['upload'] OR !$GLOBALS['user']->has_access(25)) {
|
|
break;
|
|
}
|
|
|
|
/* IF we need to quarantine this */
|
|
if ($GLOBALS['user']->prefs['quarantine']) {
|
|
/* Make sure the quarantine dir is writeable */
|
|
if (!check_upload_directory(conf('quarantine_dir'))) {
|
|
$GLOBALS['error']->add_error('general',"Error: Quarantine Directory isn't writeable");
|
|
debug_event('upload',"Error: Quarantine Directory isn't writeable",'2');
|
|
} // if unwriteable
|
|
|
|
$catalog_id = find_upload_catalog(conf('quarantine_dir'));
|
|
|
|
/* Make sure that it's not in a catalog dir */
|
|
if ($catalog_id) {
|
|
$GLOBALS['error']->add_error('general',"Error: Quarantine Directory inside a catalog");
|
|
debug_event('upload',"Error: Quarantine Directory inside a catalog",'2');
|
|
} // if in catalog dir
|
|
|
|
foreach ($_FILES as $key => $file) {
|
|
|
|
if (strlen($_FILES[$key]['name'])) {
|
|
/* Check size and extension */
|
|
if (!check_upload_extension($key)) {
|
|
$GLOBALS['error']->add_error($key,"Error: Invalid Extension");
|
|
}
|
|
if (!check_upload_size($key)) {
|
|
$GLOBALS['error']->add_error($key,"Error: File to large");
|
|
}
|
|
|
|
if (!$GLOBALS['error']->error_state) {
|
|
$new_filename = upload_file($key,conf('quarantine_dir'));
|
|
/* Record this upload then we're done */
|
|
if ($new_filename) { insert_quarantine_record($user->username,'quarantine',$new_filename); }
|
|
} // if we havn't had an error
|
|
|
|
} // end if there is a file to check
|
|
|
|
} // end foreach files
|
|
|
|
if ($GLOBALS['error']->error_state) {
|
|
show_upload();
|
|
}
|
|
else {
|
|
show_confirmation(_('Upload Quarantined'), _('Your Upload(s) have been quarantined and will be reviewed for addition'),'upload.php');
|
|
}
|
|
|
|
} // if quarantine
|
|
|
|
/* Else direct upload time baby! */
|
|
else {
|
|
/* Make sure the quarantine dir is writeable */
|
|
if (!check_upload_directory($GLOBALS['user']->prefs['upload_dir'])) {
|
|
$GLOBALS['error']->add_error('general',"Error: Upload Directory isn't writeable");
|
|
debug_event('upload',"Error: Upload Directory isn't writeable",'2');
|
|
} // if unwriteable
|
|
|
|
$catalog_id = find_upload_catalog($user->prefs['upload_dir']);
|
|
$catalog = new Catalog($catalog_id);
|
|
|
|
/* Make sure that it's not in a catalog dir */
|
|
if (!$catalog_id) {
|
|
$GLOBALS['error']->add_error('general',"Error: Upload Directory not inside a catalog");
|
|
debug_event('upload',"Error: Upload Directory not inside a catalog",'2');
|
|
} // if in catalog dir
|
|
|
|
/* Foreach through the post files */
|
|
foreach ($_FILES as $key => $file) {
|
|
|
|
if (strlen($_FILES[$key]['name']) && strlen($_FILES[$key]['tmp_name'])) {
|
|
/* Check size and extension */
|
|
if (!check_upload_extension($key)) {
|
|
$GLOBALS['error']->add_error($key,"Error: Invalid Extension");
|
|
}
|
|
if (!check_upload_size($key)) {
|
|
$GLOBALS['error']->add_error($key,"Error: File to large");
|
|
}
|
|
|
|
if (!$GLOBALS['error']->error_state) {
|
|
$new_filename = upload_file($key,$user->prefs['upload_dir']);
|
|
|
|
/* We aren't doing the quarantine thing, so just insert it */
|
|
if ($new_filename) { $catalog->insert_local_song($new_filename,filesize($new_filename)); }
|
|
} // if we havn't had an error
|
|
|
|
} // if there is a file to check
|
|
|
|
elseif (strlen($_FILES[$key]['name'])) {
|
|
$GLOBALS['error']->add_error($key,'Error: Total Filesize to large, file not uploaded');
|
|
}
|
|
|
|
} // end foreach files
|
|
|
|
if ($GLOBALS['error']->error_state) {
|
|
show_upload();
|
|
}
|
|
else {
|
|
show_confirmation(_('Files Uploaded'), _('Your Upload(s) have been inserted into Ampache and are now live'),"upload.php");
|
|
}
|
|
|
|
} // man this is a bad idea, the catch all should be the conservative option... oooh well
|
|
break;
|
|
case 'add':
|
|
/* Make sure they have access */
|
|
if($GLOBALS['user']->has_access(100)) {
|
|
$id = scrub_in($_REQUEST['id']);
|
|
update_quarantine_record($id,'add');
|
|
show_confirmation(_('Upload Added'),_('The Upload has been scheduled for a catalog add, please run command line script to add file'),"upload.php");
|
|
}
|
|
else {
|
|
access_denied();
|
|
}
|
|
break;
|
|
case 'delete':
|
|
/* Make sure they got them rights */
|
|
if($GLOBALS['user']->has_access(100)) {
|
|
$id = scrub_in($_REQUEST['id']);
|
|
update_quarantine_record($id,'delete');
|
|
show_confirmation(_('Upload Deleted'),_('The Upload has been scheduled for deletion, please run command line script to permently delete this file'),"upload.php");
|
|
}
|
|
else {
|
|
access_denied();
|
|
}
|
|
break;
|
|
case 'ack':
|
|
// everything is ready to bulk ack once we pass multiple ids and put them in $id[]
|
|
if($GLOBALS['user']->has_access(100)) {
|
|
$id[] = scrub_in($_REQUEST['id']);
|
|
$status = upload_ack( $id );
|
|
} else {
|
|
access_denied();
|
|
}
|
|
break;
|
|
|
|
case 'purge':
|
|
if($GLOBALS['user']->has_access(100)) {
|
|
$status = upload_purge();
|
|
} else {
|
|
access_denied();
|
|
}
|
|
break;
|
|
|
|
default:
|
|
show_upload();
|
|
break;
|
|
} // end switch on $action
|
|
|
|
// display any messages
|
|
if( $status ) {
|
|
print( "<table align='center'>\n" );
|
|
print( "<th>Filename</th><th>Result</th>\n" );
|
|
foreach( $status as $status_row ) {
|
|
$filename = $status_row[0];
|
|
$result = $status_row[1];
|
|
$color = "color='green'";
|
|
if( $status_row[2] ) {
|
|
$color = "color='red'";
|
|
}
|
|
print( "<tr>\n");
|
|
print( "<td><font $color>$filename</font></td><td><font $color>$result</font></td>\n");
|
|
print( "</tr>\n");
|
|
} // end for each status element
|
|
print( "</table>\n" );
|
|
} // end if any messages
|
|
|
|
/* Show the Page Footer */
|
|
show_footer();
|
|
?>
|