Removed mass delete wip
[squasher.git] / squasher.php
index 9800b59a7ff3ca4ebdf5d37d2ab1a8ac00a9397e..6550bd45f54d57ad96f08c573a756acd48c56df6 100644 (file)
@@ -1,5 +1,6 @@
 <?php
-if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))exit();
+if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
+       exit();
 
 require_once("squasher.class.php");
 
@@ -9,173 +10,183 @@ $squashweb->update_history();
 
 //set root directory
 $basedir = "../uploads";
-if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1){
+if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1) {
        $subf = $_GET['path'];
        $path = $basedir . $subf;
-}
-else{
+} else {
+       $subf = '/';
        $path = $basedir;
 }
+
 $squashweb->set_root($basedir);
 
-if ((isset($_GET['f']) && $_GET['f']!=NULL) || (isset($_GET['d']) && $_GET['d']!=NULL) || $_GET['show_all']==true || $_GET['tools']=='hide' || $_GET['tools']=='unhide' || $_GET['tools']=='delete'){
+if (@$_GET['f'] || @$_GET['d']  || @$_GET['show_all']==true || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
        $getdeepfiles=true;
        $populate=false;
-}else{
+} else {
        $getdeepfiles=false;
        $populate=true;
 }
 
-//update folder rights if form is submitted
-if($submitted['edited_user'] > 0 && $submitted['formtype'] == 'folderrights') $squashweb->update_rights($submitted,$_SESSION['creds']['user_level']);
+//update folder rights if form is posted
+if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
+       $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
 
 //set folder rights
-if (isset($_GET['f']) && $_GET['f']!=NULL){
+if (@$_GET['f']) {
        $squashweb->give_rights(2);
-}else{
+} else {
        $squashweb->give_rights($_SESSION['creds']['user_id']);
 }
 
-if (isset($_GET['f']) && $_GET['f']!=NULL){
-       $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$_GET['f']."'";
+if (@$_GET['f']) {
+       $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
        $f_r = mysql_query($f_q);
        $f_o = mysql_fetch_object($f_r);
 
        //log downloads
-       @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".$_GET['f']."','{$f_o->file}','download','".$_SESSION['creds']['user_id']."','".$_SESSION['creds']['user_name']."','".$_SERVER['REMOTE_ADDR']."',NOW())");
+       @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
 
-       $_hpath_arr=explode("/",$f_o->file);
+       $_hpath_arr=explode("/", $f_o->file);
        $file=array_pop($_hpath_arr); //Remove filename
-       $path=implode("/",$_hpath_arr);
-       $squashweb->read_single_file($path,$file);
-       #$squashweb->read_directory($path,false,true,false,false);
-}else{
+       $path=implode("/", $_hpath_arr);
+       $squashweb->read_single_file($path, $file);
+       #$squashweb->read_directory($path, false, true, false, false);
+} else {
        //parse folders for readable files
-       $squashweb->read_directory($path,true,true,$getdeepfiles,$populate);
+       $squashweb->read_directory($path, true, true, $getdeepfiles, $populate);
 }
 
 //check if a file is requested
-if (isset($_GET['f']) && $_GET['f']!=NULL){
+if (@$_GET['f']) {
        //get the config of requested file
        $request = $squashweb->get_config($_GET['f']);
-       
+
        //------------------------------------
        //-check-file-and-request-type--start-
        //------------------------------------
-       if (strpos($request['mime'],'ideo') && isset($_GET['d'])){ //embed video
-               $squashweb->embed_video($_GET['f']);    
+       if (strpos($request['mime'],'ideo') && isset($_GET['d'])) { //embed video
+               $squashweb->embed_video($_GET['f']);
        }
-       elseif (strpos($request['mime'],'ideo') && isset($_GET['x'])) //show stream playlist
+       elseif (strpos($request['mime'],'ideo') && isset($_GET['x'])) { //show stream playlist
                $squashweb->create_playlist($_GET['f'],$_GET['x'],$request[2]);
        }
-       else  //show requested file
+       else {  //show requested file
        #       header('Cache-control: private');
                header('Content-Disposition: attachment; filename="'.$request[2].'"');
                header("Content-Type: ".$request['mime']);
-               if($request[3])header('Content-Length: '.$request[3]);
+               if ($request[3])header('Content-Length: '.$request[3]);
                #@ob_flush();
                @flush();
-               $squashweb->print_files($request['path'],$request[2]);
+               $squashweb->print_files($request['path'], $request[2]);
        }
        //---------------------------------
        //-check-file-and-request-type-end-
        //---------------------------------
 
-}elseif ($tools=="hide" && isset($_GET['h'])){
-       if ($_SESSION['creds']['user_level'] > 99){
+} elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
+       if ($_SESSION['creds']['user_level'] > 99) {
                $request = $squashweb->get_config($_GET['h']);
                $handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x');
                fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
                fclose($handle);
-               $path=substr($request['path'],strlen($basedir));
+               $path=substr($request['path'], strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
        }
-}elseif ($tools=="unhide" && isset($_GET['h'])){
-       if ($_SESSION['creds']['user_level'] > 99){
+} elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
+       if ($_SESSION['creds']['user_level'] > 99) {
                $request = $squashweb->get_config($_GET['h']);
                @unlink($request['path'].'/'.$request[2].'.hidden');
-               $path=substr($request['path'],strlen($basedir));
+               $path=substr($request['path'], strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
        }
-}elseif ($tools=="delete" && isset($_GET['h'])){
-       if ($_SESSION['creds']['user_level'] > 99){
-               if ($_GET['h'] == "multiple"){
+} elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
+       if ($_SESSION['creds']['user_level'] > 99) {
+               if ($_GET['h'] == "multiple") {
                        $h_post = $_POST['h'];
-                       foreach ($h_post as $h_key => $h){
+                       foreach ($h_post as $h_key => $h) {
                                $request = $squashweb->get_config($h);
-                               $squashweb->delete_file($h,$_SESSION['creds']);
+                               $squashweb->delete_file($h, $_SESSION['creds']);
                        }
-               }else{
+               } else {
                        $h = $_GET['h'];
                        $request = $squashweb->get_config($h);
-                       $squashweb->delete_file($h,$_SESSION['creds']);
+                       $squashweb->delete_file($h, $_SESSION['creds']);
                }
-               $path=substr($request['path'],strlen($basedir));
+               $path=substr($request['path'], strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
        }
-}elseif ($_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100){
-
-require_once("smarty/Smarty.class.php");
-
-$smarty = new Smarty;
-
-       $smarty->assign('user_level',$_SESSION['creds']['user_level']);
-       $smarty->assign('user_name',$_SESSION['creds']['user_name']);
-       $smarty->assign('users',$squashweb->get_users($_SESSION['creds']['user_level']));
-
-       $smarty->assign('edited_user',$_GET['user']);
-       
-       $tree = $squashweb->show_rights_tree($path,0,$_GET['user']);
-       
-       $smarty->assign('style',$tree['style']);
-       $smarty->assign('layout',$tree['layout']);
-       
-       $smarty->assign('debug',$vars['debug']);
-       $smarty->assign('folderrights',$squashweb->folderrights());
-       $smarty->assign('userrights',$squashweb->userrights());
+} elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
+
+       require_once(SQUASHER_SMARTY);
+
+       $smarty = new Smarty;
+
+       $smarty->assign('user_level', $_SESSION['creds']['user_level']);
+       $smarty->assign('user_name', $_SESSION['creds']['user_name']);
+       $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
+
+       $smarty->assign('edited_user', @$_GET['user']);
+
+       $tree = $squashweb->show_rights_tree($path, 0, @$_GET['user']);
+
+       $smarty->assign('style', $tree['style']);
+       $smarty->assign('layout', $tree['layout']);
+
+       $smarty->assign('debug', @$_GET['debug']);
+       $smarty->assign('folderrights', $squashweb->folderrights());
+       $smarty->assign('userrights', $squashweb->userrights());
        $smarty->display('admin.tpl');
-       
-}elseif ($_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100){
 
-if ($submitted['type']=="update"){$squashweb->update_users($submitted);}
-if ($submitted['type']=="disable"){$squashweb->disable_users($submitted);}
-if ($submitted['type']=="delete"){$squashweb->remove_users($submitted);}
-if ($submitted['type']=="new"){$squashweb->insert_users($submitted,$_SESSION['creds']['user_level']);}
-require_once("smarty/Smarty.class.php");
+} elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
+       $type = @$_POST['type'];
+       if ($type=="update")
+               $squashweb->update_users($_POST['u']);
+       if ($type=="disable")
+               $squashweb->disable_users($_POST['u']);
+       if ($type=="delete")
+               $squashweb->remove_users($_POST['u']);
+       if ($type=="new")
+               $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
+       require_once(SQUASHER_SMARTY);
 
-$smarty = new Smarty;
+       $smarty = new Smarty;
 
-       $smarty->assign('user_level',$_SESSION['creds']['user_level']);
-       $smarty->assign('user_name',$_SESSION['creds']['user_name']);
-       $smarty->assign('users',$squashweb->get_users($_SESSION['creds']['user_level']));
+       $smarty->assign('user_level', $_SESSION['creds']['user_level']);
+       $smarty->assign('user_name', $_SESSION['creds']['user_name']);
+       $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
 
-       if ($_SESSION['creds']['user_level'] > 199){
-       $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
-       }else{
-       $smarty->assign('user_levels', array(55 => 'user' ) );
+       if ($_SESSION['creds']['user_level'] > 199) {
+               $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
+       } else {
+               $smarty->assign('user_levels', array(55 => 'user' ) );
        }
-       $smarty->assign('debug',$vars['debug']);
+       $smarty->assign('debug', @$_GET['debug']);
 
        $smarty->display('udmin.tpl');
 
-}elseif ($_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100){
-       $logtype=($_GET['logtype']) ? $_GET['logtype'] : 'all';
-       require_once("smarty/Smarty.class.php");
+} elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
+       $logtype=@$_GET['logtype'];
+       if (!$logtype)
+               $logtype = 'all';
+       require_once(SQUASHER_SMARTY);
 
        $smarty = new Smarty;
 
-       $smarty->assign('user_level',$_SESSION['creds']['user_level']);
-       $smarty->assign('user_name',$_SESSION['creds']['user_name']);
-       $smarty->assign('logtype',$logtype);
-       $smarty->assign('logs',$squashweb->get_logs($logtype));
+       $smarty->assign('user_level', $_SESSION['creds']['user_level']);
+       $smarty->assign('user_name', $_SESSION['creds']['user_name']);
+       $smarty->assign('logtype', $logtype);
+       $smarty->assign('logs', $squashweb->get_logs($logtype));
 
+       $smarty->assign('debug', @$_GET['debug']);
        $smarty->display('logs.tpl');
 
-}else{ //show overview
+} else {
+       //show overview
 
-require_once("smarty/Smarty.class.php");
+       require_once(SQUASHER_SMARTY);
 
-$smarty = new Smarty;
+       $smarty = new Smarty;
 
        /***
        *       $config:: array
@@ -187,70 +198,75 @@ $smarty = new Smarty;
        *       [5]     ->      chunkcount
        *       [6]     ->      CRC32 checksum
        ***/
-       
-$configs_num = $squashweb->get_configs();
-
-$configs_sorted = named_records_sort($configs_num,'lastchange',true);
-
-foreach ($configs_sorted AS $key => $value){
-       $configs[$key]['squashed'] = $value['squashed'];
-       $configs[$key]['version'] = $value[0];
-       //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
-       $configs[$key]['name'] = $value[2];
-       $configs[$key]['size'] = $value[3];
-       $configs[$key]['chunk_size'] = $value[4];
-       $configs[$key]['chunks'] = $value[5];
-       $configs[$key]['crc'] = $value[6];
-       $paths[substr($value['path'], strlen($basedir))]=array_pop(explode('/',$value['path']));
-       (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;   
-       (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
-
-       $configs[$key]['embedable'] = $embedable;
-       $configs[$key]['finished'] = $finished;
-       $configs[$key]['mime'] = $value['mime'];
-       $configs[$key]['status'] = $value['status'];
-       $configs[$key]['hidden'] = $value['hidden'];
-       $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
-       if($finished){
-               $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
-       }else{
-               $continue=true;
-               foreach($value['stats'] AS $sk => $sv){
-                       if($continue){
-                               $configs[$key]['chunks_partial']=$configs[$key]['chunks_partial']+$sv;
-                               if($sv != '1.00')$continue=false;
+
+       $configs_num = $squashweb->get_configs();
+
+       $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
+
+       $configs = array();
+       $paths = array();
+
+       foreach ($configs_sorted as $key => $value) {
+               $configs[$key]['squashed'] = $value['squashed'];
+               $configs[$key]['version'] = $value[0];
+               //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
+               $configs[$key]['name'] = $value[2];
+               $configs[$key]['size'] = $value[3];
+               $configs[$key]['chunk_size'] = $value[4];
+               $configs[$key]['chunks'] = $value[5];
+               $configs[$key]['crc'] = $value[6];
+               $paths[substr($value['path'], strlen($basedir))]=array_pop(explode('/',$value['path']));
+               (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
+               (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
+
+               $configs[$key]['embedable'] = $embedable;
+               $configs[$key]['finished'] = $finished;
+               $configs[$key]['mime'] = $value['mime'];
+               $configs[$key]['status'] = $value['status'];
+               $configs[$key]['hidden'] = $value['hidden'];
+               $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
+               if ($finished) {
+                       $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
+               } else {
+                       $continue = true;
+                       foreach($value['stats'] as $sk => $sv) {
+                               if ($continue) {
+                                       $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
+                                       if ($sv != '1.00') $continue=false;
+                               }
                        }
                }
+               $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
+               $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
        }
-       $configs[$key]['date'] = date('d.m.y - H:i:s - T',$value['added']);
-       $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T',$value['lastchange']);
-}
 
 
-//set base folders
-       $basepath['/']='&nbsp;top&nbsp;';
-foreach (explode('/',$subf) AS $key => $value){
-       if ($value != ''){
-               $bpath.='/'.$value;
-               $basepath[$bpath]=$value;
+       //set base folders
+       $basepath['/'] = '&nbsp;top&nbsp;';
+       $bpath = '';
+       foreach (explode('/', $subf) as $key => $value) {
+               if ($value != '') {
+                       $bpath .= '/'.$value;
+                       $basepath[$bpath] = $value;
+               }
        }
-}
-$smarty->assign('debug',$vars['debug']);
-$smarty->assign('user_level',$_SESSION['creds']['user_level']);
-$smarty->assign('user_name',$_SESSION['creds']['user_name']);
-$smarty->assign('folderrights',$squashweb->folderrights());
-
-$smarty->assign('squashed',$configs);
-$smarty->assign('paths',$paths);
-$smarty->assign('base',$basepath);
-$smarty->assign('currentfolder',$subf);
-$subs = $squashweb->subfolders();
-asort($subs);
-$smarty->assign('subfolders',$subs);
-
-//if($vars[debug])print_r($configs);
-if(!$vars['newtpl'])$smarty->display('index.tpl'); //Display normal template
-if($vars['newtpl'])$smarty->display('wip_massdelete.tpl'); //Display Work In Progress template
+       $smarty->assign('debug', @$_GET['debug']);
+       $smarty->assign('user_level', $_SESSION['creds']['user_level']);
+       $smarty->assign('user_name', $_SESSION['creds']['user_name']);
+       $smarty->assign('folderrights', $squashweb->folderrights());
+
+       $smarty->assign('squashed', $configs);
+       $smarty->assign('paths', $paths);
+       $smarty->assign('base', $basepath);
+       $smarty->assign('currentfolder', $subf);
+       $subs = $squashweb->subfolders();
+       if ($subs)
+               asort($subs);
+       $smarty->assign('subfolders', $subs);
+
+       //if(@$_GET[debug]) print_r($configs);
+       $smarty->display('index.tpl'); //Display normal template
 
 }
+// vim: syntax=php ts=4 sw=4 sts=4 sr noet
 ?>