<?php
/*

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

*/
/*

 Copyright (c) 2003 Lamar
 All rights reserved.

 **Revised by Vollmerk**
 **Chopped to bits and made into PHP nuggets by RosenSama** 2005

*/

/* FIXME:  Things left to do
	--need to add debug logging
	--Add purge link in catalog admin
	--Why do I need to echo something before the message table to show it?
	--Handle when uploaded file is a compressed arvchive
	--play quar song by admin
	--TEST!
*/

require_once( "modules/init.php" );

// Set page header
show_template('header');

// Access Control
if(!$GLOBALS['user']->prefs['upload'] || conf('demo_mode'))  {
	access_denied();
}

$action = scrub_in( $_REQUEST['action'] );

switch( $action ) {
	case 'upload':
		/* Break if they don't have rights */
		if (!$GLOBALS['user']->prefs['upload'] OR !$GLOBALS['user']->has_access(25)) { 
			break;
		}
	
		/* IF we need to quarantine this */
		if ($GLOBALS['user']->prefs['quarantine']) { 
			/* Make sure the quarantine dir is writeable */
			if (!check_upload_directory(conf('quarantine_dir'))) { 
				$GLOBALS['error']->add_error('general',"Error: Quarantine Directory isn't writeable");
				debug_event('upload',"Error: Quarantine Directory isn't writeable",'2');
			} // if unwriteable

			$catalog_id = find_upload_catalog(conf('quarantine_dir'));

			/* Make sure that it's not in a catalog dir */
			if ($catalog_id) { 
				$GLOBALS['error']->add_error('general',"Error: Quarantine Directory inside a catalog");
				debug_event('upload',"Error: Quarantine Directory inside a catalog",'2');
			} // if in catalog dir

			foreach ($_FILES as $key => $file) { 
				
				if (strlen($_FILES[$key]['name'])) { 
					/* Check size and extension */
					if (!check_upload_extension($key)) { 
						$GLOBALS['error']->add_error($key,"Error: Invalid Extension");
					}
					if (!check_upload_size($key)) { 
						$GLOBALS['error']->add_error($key,"Error: File to large");
					}

					if (!$GLOBALS['error']->error_state) { 
						$new_filename = upload_file($key,conf('quarantine_dir')); 
						/* Record this upload then we're done */
						if ($new_filename) { insert_quarantine_record($user->username,'quarantine',$new_filename); }
					} // if we havn't had an error

				} // end if there is a file to check 

			} // end foreach files
			
			if ($GLOBALS['error']->error_state) { 
				show_upload(); 
			}
			else { 
				show_confirmation(_('Upload Quarantined'), _('Your Upload(s) have been quarantined and will be reviewed for addition'),'upload.php');
			}

		} // if quarantine
		
		/* Else direct upload time baby! */
		else { 
                        /* Make sure the quarantine dir is writeable */
                        if (!check_upload_directory($GLOBALS['user']->prefs['upload_dir'])) {
                                $GLOBALS['error']->add_error('general',"Error: Upload Directory isn't writeable");
                                debug_event('upload',"Error: Upload Directory isn't writeable",'2');
                        } // if unwriteable

			$catalog_id = find_upload_catalog($user->prefs['upload_dir']);
			$catalog = new Catalog($catalog_id);
			
                        /* Make sure that it's not in a catalog dir */
                        if (!$catalog_id) {
                                $GLOBALS['error']->add_error('general',"Error: Upload Directory not inside a catalog");
                                debug_event('upload',"Error: Upload Directory not inside a catalog",'2');
                        } // if in catalog dir

			/* Foreach through the post files */
                        foreach ($_FILES as $key => $file) {

                                if (strlen($_FILES[$key]['name']) && strlen($_FILES[$key]['tmp_name'])) {
                                        /* Check size and extension */
                                        if (!check_upload_extension($key)) {
                                                $GLOBALS['error']->add_error($key,"Error: Invalid Extension");
                                        }
                                        if (!check_upload_size($key)) {
                                                $GLOBALS['error']->add_error($key,"Error: File to large");
                                        }

                                        if (!$GLOBALS['error']->error_state) {
 						$new_filename = upload_file($key,$user->prefs['upload_dir']);
						
						/* We aren't doing the quarantine thing, so just insert it */
						if ($new_filename) { $catalog->insert_local_song($new_filename,filesize($new_filename)); }
                                        } // if we havn't had an error

				} // if there is a file to check

				elseif (strlen($_FILES[$key]['name'])) { 
					$GLOBALS['error']->add_error($key,'Error: Total Filesize to large, file not uploaded');
				}

                        } // end foreach files

                        if ($GLOBALS['error']->error_state) {
                                show_upload();
                        }
                        else {
                                show_confirmation(_('Files Uploaded'), _('Your Upload(s) have been inserted into Ampache and are now live'),"upload.php");
                        }

		} // man this is a bad idea, the catch all should be the conservative option... oooh well
	break;
	case 'add':
		/* Make sure they have access */
		if($GLOBALS['user']->has_access(100)) {
			$id = scrub_in($_REQUEST['id']);
			update_quarantine_record($id,'add');
			show_confirmation(_('Upload Added'),_('The Upload has been scheduled for a catalog add, please run command line script to add file'),"upload.php");
		} 
		else { 
			access_denied();
		} 
		break;
	case 'delete':
		/* Make sure they got them rights */
		if($GLOBALS['user']->has_access(100)) {
			$id = scrub_in($_REQUEST['id']);
			update_quarantine_record($id,'delete');
                        show_confirmation(_('Upload Deleted'),_('The Upload has been scheduled for deletion, please run command line script to permently delete this file'),"upload.php");
		} 
		else { 
			access_denied();
		}
		break;
	case 'ack':
		// everything is ready to bulk ack once we pass multiple ids and put them in $id[]
		if($GLOBALS['user']->has_access(100)) {
			$id[] = scrub_in($_REQUEST['id']);
			$status = upload_ack( $id );
		} else {
			access_denied();
		}
		break;

	case 'purge':
		if($GLOBALS['user']->has_access(100)) {
			$status = upload_purge();
		} else {
			access_denied();
		}
		break;
	 	
	default:
		show_upload();
	break;
}	// end switch on $action

// display any messages
if( $status ) {
	print( "<table align='center'>\n" );
	print( "<th>Filename</th><th>Result</th>\n" );
	foreach( $status as $status_row ) {
		$filename = $status_row[0];
		$result = $status_row[1];
		$color = "color='green'";
		if( $status_row[2] ) {
			$color = "color='red'";
		}
		print( "<tr>\n");
		print(	"<td><font $color>$filename</font></td><td><font $color>$result</font></td>\n");
		print( "</tr>\n");
	} // end for each status element
	print( "</table>\n" );
} // end if any messages
 
/* Show the Page Footer */
show_footer();
?>