<?php 
/* /////////////////////////////////////////////////////////////////////////
 *                             		 	image.php
 *                              -------------------
 *  author      : Chris Bolt
 *  copyright   : (C) Chris Bolt 2003-2004. All Rights Reserved
 *  version     : 2.2.4
 *	purpose			:	Directory manager for image file types
///////////////////////////////////////////////////////////////////////////*/

// You may alter any of the code in this file to suit your requirements.

// If you need to locate this file outside of the editor_files folder you will need to alter the include paths below:

// if you intend to locate this file on a different physical server make sure that a copy of 'config.php' and 'editor_functions.php' is available to this script.

include_once ('./config.php');
include_once('./editor_functions.php');
include_once ('./includes/common.php');
include_once ('./lang/'.$lang_include);

$instance_img_dir = '';
// SET DIRECTORY LOCATIONS:
// This routine sets the location of the image directory, you can change this routine if you wish.
// If you want to change the image directory based on a user add your user authentication scripts to the top of this script.
// Then change the routine below so that it sets the directories based on the user rather than setting them the same as config.php.
if (isset ($_GET['instance_img_dir']) ? $_GET['instance_img_dir'] : '') {
	$instance_img_dir = $_GET['instance_img_dir'];
} else if (isset ($_POST['instance_img_dir']) ? $_POST['instance_img_dir'] : '') {
	$instance_img_dir = $_POST['instance_img_dir'];
}
if (isset ($trusted_directories[$instance_img_dir]) ? $trusted_directories[$instance_img_dir] : '') {
	$file_directory = $trusted_directories[$instance_img_dir][0];
	$web_directory = $trusted_directories[$instance_img_dir][1];
} else {
	$file_directory = IMAGE_FILE_DIRECTORY;
	$web_directory = IMAGE_WEB_DIRECTORY;
}

if (isset ($_REQUEST['in_wp'])) {
	if ($_REQUEST['in_wp'] == 1) {
		$in_wp = true;
	} else {
		$in_wp = false;
	}
} else {
	$in_wp = true;
}

// sorting
if (isset ($_REQUEST['sort_by'])) {
	$sort_by = $_REQUEST['sort_by'];
} else {
	$sort_by = 'name';
}
if (isset ($_REQUEST['sort_dir'])) {
	$sort_dir = $_REQUEST['sort_dir'];
} else {
	$sort_dir = 'asc';
}
if ($sort_dir == 'asc') {
	$direction = 'up';
} else {
	$direction = 'down';
}
if ($sort_by == 'name') {
	if ($sort_dir == 'asc') {
		$name_sort_dir = 'desc';
	} else {
		$name_sort_dir = 'asc';
	}
	$type_sort_dir = 'asc';
	$name_arrow = '<img src="'.WP_WEB_DIRECTORY.'images/arrow_'.$direction.'.gif" width="8" height="7" alt="">';
	$type_arrow = '';
} else {
	if ($sort_dir == 'asc') {
		$type_sort_dir = 'desc';
	} else {
		$type_sort_dir = 'asc';
	}
	$name_sort_dir = 'asc';
	$name_arrow = '';
	$type_arrow = '<img src="'.WP_WEB_DIRECTORY.'images/arrow_'.$direction.'.gif" width="8" height="7" alt="">';
}

// make sure its not possible to put anything malicious in the return function
if (isset ($_REQUEST['return_function'])) {
	if (wp_return_function_ok($_REQUEST['return_function'])) {
		$return_function = $_REQUEST['return_function'];
	} else {
		$return_function = '';
	}
} else {
	$return_function = '';
}

// init variables

$message = '';
$name2 = '';
$width = '';
$height = '';
$fsize = '';

//get the folder for us to look inside, we'll also check that there are no ./ or ../ so that we are only ever looking at folders below the $web_directory, I'm sure there is a more secure way to do this?
if (isset ($_GET['folder']) ? $_GET['folder'] : '') {
	if (wp_dir_name_ok($_GET['folder'])) {
		$directory = $file_directory.$_GET['folder'];
		$folderpath = $_GET['folder'];
	} else {
		$directory = $file_directory;
		$folderpath = '';
	}
} elseif (isset ($_POST['folder']) ? $_POST['folder'] : '') {
	if (wp_dir_name_ok($_POST['folder'])) {
		$directory = $file_directory.$_POST['folder'];
		$folderpath = $_POST['folder'];
	} else {
		$directory = $file_directory;
		$folderpath = '';
	}
} else {
	$directory = $file_directory;
	$folderpath = '';
}
	
// check that it exists
if (!file_exists ($directory)) {
	image_exit('<b>Warning: this directory does not exist: '.$directory.'. Check that you have set IMAGE_FILE_DIRECTORY correctly in config.php. If you are using the set_img_dir function check that the you have set the $trusted_directories array correctly.</b>');
}
if ($folderpath != '') {
	if (substr ($folderpath, strlen ($folderpath) - 1) != '/') {
		$folderpath.='/';
	}
}
if (substr ($directory, strlen ($directory) - 1) != '/') {
	$directory.='/';
}

// query strings
$query_string = '?in_wp='.$in_wp.'&amp;return_function='.$return_function.'&amp;lang='.$lang_include.'&amp;folder='.$folderpath.'&amp;instance_img_dir='.$instance_img_dir.'&amp;sort_by='.$sort_by.'&amp;sort_dir='.$sort_dir;
$query_inputs = '<input type="hidden" name="lang" value="'.$lang_include.'">
	<input type="hidden" name="return_function" value="'.$return_function.'">
	<input type="hidden" name="folder" value="'.$folderpath.'">
	<input type="hidden" name="instance_img_dir" value="'.$instance_img_dir.'">
	<input type="hidden" name="in_wp" value="'.$in_wp.'">
	<input type="hidden" name="sort_by" value="'.$sort_by.'">
	<input type="hidden" name="sort_dir" value="'.$sort_dir.'">';

///////////////////
// Functions ... //
///////////////////

function image_exit($message) {
	global $lang;
	echo '<html>
		<head>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
		<title>'.$lang['titles']['image'].'</title>
		<link rel="stylesheet" href="'.WP_WEB_DIRECTORY.'dialoge_theme.css" type="text/css">
		<script language="JavaScript" type="text/javascript" src="'.WP_WEB_DIRECTORY.'js/dialogShared.js"></script>
		</head>
		<body scroll="no" onload="hideLoadMessage();">'; ?><?php include('./includes/load_message.php'); ?>
		<?php
		echo ' <div align="center">'.$message.'</div>
		</body>
		</html>';
		exit;
}

function display_folders () {
	global $directory, $folderpath, $lang, $count, $query_string, $rename_directories, $delete_directories, $web_directory, $rename_files, $delete_files, $sort_by, $sort_dir;
	// build array of data, sort the array, loop through building the list
	$folderlist = wp_get_folders_in_directory($directory, $sort_by, $sort_dir);
	$str = '';
	$num = count($folderlist);
	for ($i=0; $i<$num; $i++) {
		$foldername = $folderlist[$i]['name'];	
		$count += 1;
		$str .= "
		<tr onmouseover=\"this.style.backgroundColor='#eeeeee'\" onmouseout=\"this.style.backgroundColor=''\">
			<td width=\"190\">
				<p><a class=\"filename\" href=\"".WP_WEB_DIRECTORY."image.php".str_replace('folder='.$folderpath, 'folder='.$folderpath.$foldername, $query_string)."\"><img src=\"".WP_WEB_DIRECTORY."images/folder.gif\" width=\"23\" height=\"22\" alt=\"\" border=\"0\" align=\"absmiddle\">$foldername </a></p>
			</td>
			<td width=\"100\">
			<p>".$lang['files']['folder']."</p>
			</td>
			<td>
				<p>";  if ($rename_directories) { $str .= "<a href=\"".WP_WEB_DIRECTORY."image.php$query_string&amp;action=rename&amp;file=$foldername\"><img src=\"".WP_WEB_DIRECTORY."images/rename.gif\" width=\"23\" height=\"22\" alt=\"\" border=\"0\" align=\"absmiddle\" title=\"".$lang['rename']."\" alt=\"".$lang['rename']."\"></a> ";} else { $str .= "&nbsp;"; } $str .= "</p>
			</td>
			<td>
				<p>";  if ($delete_directories) { $str .= "<a class=\"delete\" href=\"javascript:doConfirm('".WP_WEB_DIRECTORY."image.php$query_string&amp;action=delete&amp;file=$foldername','".$lang['folder_delete_warning']." ');\"><img src=\"".WP_WEB_DIRECTORY."images/delete.gif\" width=\"23\" height=\"22\" alt=\"\" border=\"0\" align=\"absmiddle\" title=\"".$lang['delete']."\" alt=\"".$lang['delete']."\"></a>";} else { $str .= "&nbsp;"; } $str .= "</p>
			</td>
		</tr>
		";
	}
	echo $str;
}

function display_files () {
	global $directory, $folderpath, $lang, $count, $query_string, $rename_directories, $delete_directories, $web_directory, $rename_files, $delete_files, $sort_by, $sort_dir;
	global $image_types;
	// build array of data, sort the array, loop through building the list
	
	$filelist = wp_get_files_in_directory($directory, $sort_by, $sort_dir, $image_types);
	
	$str = '';
	$num = count($filelist);
	for ($i=0; $i<$num; $i++) { 
		$filename = $filelist[$i]['name'];
		$fsize = wp_filesize($directory.$filename);
		$extension = strrchr(strtolower($filename),'.');
		$icon = $filelist[$i]['icon'];
		$filetype = $filelist[$i]['type'];
		$preview = $filelist[$i]['preview'];
		list ($width, $height) = @getimagesize($directory.$filename);
		
		$count += 1;
		$str .= "
		<tr onmouseover=\"this.style.backgroundColor='#eeeeee'\" onmouseout=\"this.style.backgroundColor=''\">
			<td width=\"190\">
				<p class=\"filename\"><a id=\"".$web_directory.$folderpath.$filename."\" class=\"filelink\" href=\"javascript:localImage('".$web_directory.$folderpath."$filename',$preview,'$width','$height', '$fsize')\" onclick=\"highlight(this)\" title=\"".$lang['dimensions']." $width x $height px  ".$lang['size']." $fsize\"><img src=\"".WP_WEB_DIRECTORY."images/$icon.gif\" width=\"23\" height=\"22\" alt=\"\" border=\"0\" align=\"absmiddle\">$filename </a></p>
			</td>
			<td width=\"100\">
				<p class=\"styled\">$filetype</p>
			</td>
			<td>
				<p class=\"styled\">"; if ($rename_files) { $str .= ("<a href=\"".WP_WEB_DIRECTORY."image.php$query_string&amp;action=rename&amp;file=$filename\"><img src=\"".WP_WEB_DIRECTORY."images/rename.gif\" width=\"23\" height=\"22\" alt=\"\" border=\"0\" align=\"absmiddle\" title=\"".$lang['rename']."\" alt=\"".$lang['rename']."\"></a> ");} else { $str .= "&nbsp;"; } $str .= "</p>
			</td>
			<td>
				<p class=\"styled\">"; if ($delete_files) { $str .= "<a class=\"delete\" href=\"javascript:doConfirm('".WP_WEB_DIRECTORY."image.php$query_string&amp;action=delete&amp;file=$filename','".$lang['file_delete_warning']." ');\"><img src=\"".WP_WEB_DIRECTORY."images/delete.gif\" width=\"23\" height=\"22\" alt=\"\" border=\"0\" align=\"absmiddle\" title=\"".$lang['delete']."\" alt=\"".$lang['delete']."\"></a>";} else { $str .= "&nbsp;"; } $str .= "</p>
			</td>
		</tr>
		";
	} 
	if ($count ==0) {
	 $str .= '<tr><td>'.$lang['no_files'].'</td></tr>';
	}
	echo $str;
}

////////////////
// actions... //
////////////////
if ((isset ($_GET['file']) ? $_GET['file'] : '') && (wp_file_name_ok($_GET['file']))) {
	if (isset ($_GET['action']) ? $_GET['action'] : '') {
		// delete file or directory
		if (($_GET['action']=='delete') && ($delete_files)) {
			if (@wp_delete_file($directory.$_GET['file'])) {
				$message='<div class="helpMessage"><p> '.wp_var_replace($lang['file_deleted'], array('file'=>$_GET['file'], 'folder' => $web_directory.$folderpath)).' </p></div>';
			} else {
				image_exit ('<p>&nbsp;</p>
				<div class="helpMessage">
				<form>
				<p> '.wp_var_replace($lang['cannot_delete'], array('file'=>$_GET['file'])).' '.$lang['check_directory_permission'].'</p>
				<input class="button" type="button" name="Continue" value="'.$lang['ok'].'" onClick="document.location.replace(\''.WP_WEB_DIRECTORY.'image.php'.$query_string.'\')">
				</form>
				</div>');
			}
		}
		// rename
		if (($_GET['action']=='rename') && ($rename_files || $rename_directories) && (!isset($_GET['name']))) {
			
			$filename = str_replace(strrchr($_GET['file'],'.'), '', $_GET['file']);
			
			image_exit ('<p>&nbsp;</p>