modules/dbfm/dbfm.module

<?php
/* $Id: dbfm.module, Exp $ */

// why on earth does this file always come up aas a particular font?


//IMPORTANTS NOTES: None of this has been tested for databases other than mysql
// an out of the box LAMP installation will NOT work with large file sizes
// PHP.ini needs the post size, the memory and the upload size increased
// the mysql my.cnf file needs to be modified to increase just about all of the settings (but especially those for packet size)

// note that if another module adds an icon underneath text areas you may have to alter their code to ensure they use a span 
// rather than a div (to get the icons in line)
// still to do - a switch MUST be added to prevent compressed files being further compressed and to avoid uncomressing them on 
// the way out. I've provided a list of files not to be compressed but I'm not sure about things like MP3 etc which are already 
// sorta compressed?

// ** we'll need to include the license for the greybox (or whatever) in our documentation

require_once 'dbfm_file.inc';

define('FLUSH', -1);

define('REPLACE_RENAME', 0);
define('REPLACE_DELETE', 1);
define('RENAME_NEW', 2);
define('CANCEL', 3);

/* 
a few quick notes on the filter that allows dbfm to attach and embed code. 
You need to go to the Input Format section of admin in order to setup the dbfm filter
just go to settings filters and switch on (check) the dbFM filter

*/

/**
 * Implementation of hook_help().
 */
function dbfm_help($section) {
  switch ($section) {
    case 'admin/help#dbfm':
      $output = '<p>'.t('dbFM is a hierarchical file manager.
        dbFM actually stores your files in the database as compressed blobs - 
        Files are compressed as they are imported and uncompressed when you 
        need to access them. The files are presented to the user as though stored 
        in a hierachical file system (in the same way as they would appear on 
        your local storage drives). This ability to hierarchically arrange files 
        greatly enhances the manageability of large collections of data.').'</p>'.
        '<p>'.t('dbFM is based on webFM (written by Rob Milne) and not all of the
        legacy filesystem code has been stripped out yet - dbfm still uses 
        <b>includes/file.inc</b> which manages the file system path.  The <b>Root 
        Directory</b> path is relative to the file system path set at %file-sys 
        and must be prefaced with a "/".', array('%file-sys' => url('admin/settings/file-system')))
        .'</p>'.'<p>'.t('dbFM uses ajax and javascript extensively to provide
        application intensive functionality such as file/dir move via drag and drop. 
        The right mouse button click provides context sensitive menus for user
        selection.  Javascript MUST be enabled for dbfm to function.').'</p>'.
        '<p>'.t('dbFM presents a left hand block to represent the directory
        tree and a right hand block to list the contents of the current
        directory.').'</p>'.'<p>'.t('dbFM allows content stored in its filesystem
        to be linked to nodes or, in the case of images, embedded into nodes.
        dbFM has also been written to interface with the tinyMCE editor for
        rich text editing of nodes. Linking an embedding are both acheived using 
        filters - see installation instructions for more details').'</p>';
      return $output;

    case 'admin/modules#description':
      return t('Enable the Web File Manager.');
  }
}

/**
 * used to generate random numbers (with srand) to make temporary filenames while 'blobbing'
 */
function make_seed()
{
  list($usec, $sec) = explode(' ', microtime());
  return (float) $sec + ((float) $usec * 100000);
}


/**
 * Implementation of hook_settings().
 */
function dbfm_admin_settings() {

  $form['dbfm_root_dir'] =
    array('#type' => 'textfield',
          '#title' => t('Root directory'),
          '#default_value' => variable_get('dbfm_root_dir', '/dbfm'),
          '#maxlength' => '100',
          '#size' => '70',
          '#description' => t('Root directory used to present the filebrowser interface.  Users will not be able
                               <br />to go up from this folder.
                         <br /><br />This path is relative to "File system path" set in admin/settings/file-system and
                               <br />must be preceeded with a slash.')
          );

  $modulepath = drupal_get_path('module', 'dbfm');
  $form['dbfm_icon_dir'] =
    array('#type' => 'textfield',
          '#title' => t('Icon directory'),
          '#default_value' => variable_get('dbfm_icon_dir', $modulepath. '/image/icon'),
          '#maxlength' => '100',
          '#size' => '70',
          '#description' => t('Name of directory where file type icons are stored (relative to base url).')
         );

  $form['attach']['dbfm_attach_desc'] =
    array('#type' => 'checkbox',
          '#title' => t('Add description metadata'),
          '#default_value' => variable_get('dbfm_attach_desc', ''),
          '#description' => t('Check this box to interleave file description metadata rows to file rows.')
          );


  $form['dbfm_debug'] =
    array('#type' => 'checkbox',
          '#title' => t('dbFM javascript debug'),
          '#default_value' => variable_get('dbfm_debug', ''),
          '#description' => t('Check this box for javascript debug messaging.')
          );

/*  $form['dbfm_cron'] =
    array('#type' => 'checkbox',
          '#title' => t('dbFM cron'),
          '#default_value' => variable_get('dbfm_cron', ''),
          '#description' => t('Check this box to enable cleanup of orphaned file records in the database.
                               <br />NOTE: Use with caution - behaviour is to delete all file records without a
                               <br />valid file path.  Manually renaming a dbFM directory (ie: via OS shell)
                               <br />and then running cron will delete all dbfm_file table entries for that
                               <br />directory and it\'s sub-directories.')
          );
*/
  $form['dbfm_nozip'] =
    array('#type' => 'textarea',
          '#title' => t('Don\'t compress'),
          '#default_value' => variable_get('dbfm_nozip', 'arc arj as b64 bin btoa bz cab cpt gz hqx iso lha lzh mim mme pak pf rar sea sit sitx tar tbz tbz2 tgz uu uue z zip zoo'),
          '#description' => t('Files that are already compressed and should be stored as-is in the database (use space delimited with no leading dot)') );
          
   //fill in which pages need to use dbfm
   $form['dbfm_pages'] = 
     array('#type' => 'textarea',
           '#title' => t('Activate dbfm on specific page types'),
           '#default_value' => variable_get('dbfm_pages', "node edit,\nnode add"),
           '#description' => t('Enter one page type per line with a comma at the end of the line (for neatness). Example types might be "node" for all node pages or "node add" which limits the user to having greybox only when adding nodes. You shouldn\'t include the slashes. The reason you would want to disallow dbfm is because it saves loading the java code into the page header - pages should load faster! and it reduces possible interactions with other javascript'));

  //add settings for attaching (linking to nodes), keep them in their own fieldset
  $form['dbfm_attach'] =
    array('#type' => 'fieldset',
          '#title' => t('Link / Embed Settings'),
          '#collapsible' => TRUE,
          '#collapsed' => TRUE);

  //set whether to allow attach / embed on different node types, build a load of check boxes
  $types = node_get_types();
  foreach ($types as $type) {
    if ($type->type) {
      $form['dbfm_attach']['dbfm_attach_'.$type->type] =
        array('#type' => 'checkbox',
          '#title' => t('Link / Embed to - ' . $type->type),
          '#default_value' => variable_get('dbfm_attach_'.$type->type, 1),
          '#description' => t('Should node type ' . $type->type . ' allow users to link and embed files via dbFM?'),
       );
    }
  }


  // this is new to me, returns an array of valid roles (avoids anonymous users)
  $roles = user_roles(1,0);

  // Flush extensions regex cache for upload and db enum 
  // ZZZZZZZZZZ dunno what this is about??
  dbfm_get_extensions_regex(FLUSH);

  foreach ($roles as $rid => $role) {
    $form["settings_role_".$rid] =
      array('#type' => 'fieldset',
            '#title' => t('Settings for @role', array('@role' => $role)),
            '#collapsible' => TRUE,
            '#collapsed' => TRUE
            );

    $form["settings_role_".$rid]["dbfm_extensions_".$rid] =
      array('#type' => 'textfield',
            '#title' => t('Permitted file extensions'),
            '#default_value' => variable_get("dbfm_extensions_".$rid, "ai doc dot eps exe gif gxd gz html htm ind jpg jpeg pdf png ppt pps psd qxd swf tif tiff txt xls zip"),
            '#maxlength' => 255,
            '#description' => t('Extensions that users in this role can upload. (use space delimited with no leading dot).')
            );

    $form["settings_role_".$rid]["dbfm_uploadsize_".$rid] =
      array('#type' => 'textfield',
            '#title' => t('Maximum file size per upload'),
            '#default_value' => variable_get("dbfm_uploadsize_".$rid, 1),
            '#size' => 5,
            '#maxlength' => 5,
            '#description' => t('The maximum size of a file a user can upload (in megabytes).')
            );

    $form["settings_role_".$rid]["dbfm_usersize_".$rid] =
      array('#type' => 'textfield',
            '#title' => t('Total file size per user'),
            '#default_value' => variable_get("dbfm_usersize_".$rid, 10),
            '#size' => 5,
            '#maxlength' => 5,
            '#description' => t('The maximum size of all files a user can have on the site (in megabytes).')
            );
  }
  return system_settings_form($form);
}

/**
 * Implementation of hook_perm().
 */
function dbfm_perm() {
  return array('access dbfm', 'attach dbFM files', 'see dbfm_attachments');
}

/**
 * Implementation of hook_menu(). ZZZZ I need to change this to say "Document Tool"
 */
function dbfm_menu($maycache) {
  $items = array();
  if ($maycache) {
    $items[] = array(
      'title' => t('Database File Manager'),
      'path' => 'dbfm',
      'access' => user_access('access dbfm'),
      'callback' => 'dbfm_main');

    //build the attachment browser 
    $items[] = array(
      'title' => t('Attach popup launcher'),
      'path' => 'dbfm_attachit',
      'access' => user_access('access dbfm'),
      'callback' => 'dbfm_attachit',
      'type' => MENU_CALLBACK);

    //build the search screen
    $items[] = array(
      'title' => t('Search screen'),
      'path' => 'dbfm_searchit',
      'access' => user_access('access dbfm'),
      'callback' => 'dbfm_searchit',
      'type' => MENU_CALLBACK);

    //build the properties screen
    $items[] = array(
      'title' => t('Properties screen'),
      'path' => 'dbfm_propertit',
      'access' => user_access('access dbfm'),
      'callback' => 'dbfm_propertit',
      'type' => MENU_CALLBACK);

    //build the upload screen
    $items[] = array(
      'title' => t('Upload screen'),
      'path' => 'dbfm_uploadit',
      'access' => user_access('access dbfm'),
      'callback' => 'dbfm_uploadit',
      'type' => MENU_CALLBACK);

    //build the help screen
    $items[] = array(
      'title' => t('Help screen'),
      'path' => 'dbfm_helpit',
      'access' => user_access('access dbfm'),
      'callback' => 'dbfm_helpit',
      'type' => MENU_CALLBACK);

    $items[] = array(
      'title' => t('DB File Manager'),
      'path' => 'dbfm_js',
      'access' => user_access('access dbfm'),
      'callback' => 'dbfm_ajax',
      'type' => MENU_CALLBACK);

    //call the submit for the upload
    $items[] = array(
      'title' => t('DB File Manager'),
      'path' => 'dbfm/upload',
      'access' => user_access('access dbfm'),
      'callback' => 'dbfm_upload',
      'type' => MENU_CALLBACK);

    $items[] = array(
      'title' => t('File Not Found'),
      'path' => 'dbfm_send',
      'access' => user_access('see dbfm_attachments'),
      'callback' => 'dbfm_send_file',
      'type' => MENU_CALLBACK);

    $items[] = array('path' => 'admin/settings/dbfm',
      'title' => t('DBFM Settings'),
      'description' => t('Configure DBFM.'),
      'callback' => 'drupal_get_form',
      'callback arguments' => array('dbfm_admin_settings'),
      'access' => user_access('administer site configuration'),
      'type' => MENU_NORMAL_ITEM);
  }
  else {
    //used to add information to the header of all other modules that need dbfm

    //rather than adding dbfm to every header we just add it to those pages that need it
    //that saves the huge overhead of adding it eveywhere.
    $path = drupal_get_path_alias($_GET['q']);
    $page_list = variable_get('dbfm_pages', '');

    //split the page list into an array of strings
    $page_array = explode(',', $page_list);

    foreach ($page_array as $pagetest) {

      //now, wherever there's a space, split the page line into an array
      //there might be no spaces but we just don't care
      $page_elements = explode(' ',$pagetest);
      //now we have to check that each element can be matched to the path
      //and occurs in order
      foreach ($page_elements as $matchthis) {
        $mypos = stripos($path,trim($matchthis));
        if ($mypos === FALSE) {
          //nope it's not a match (bombs out on 1st fail)
          $i = -1;
          break;
        }
        $i = $mypos;
      }
      if ($i > 0) {
        $path = drupal_get_path('module', 'dbfm');
        drupal_add_css($path .'/css/dbfm.css');
        drupal_add_js($path .'/js/dbfm.js');
      }
    }
  }
  return $items;
}


/**
 * Implementation of hook_form_alter().
 * I wasn't happy with Rob's form - I've moved some bits into the admin screen
 */

function dbfm_form_alter($form_id, &$form) {

  //test here to see that we are allowed to link and embed on this type of form
  check_node($form_id);

}


/**
 * add  all the necessary dbfm CSS/JS to the header. Make sure we only do it once
 */
function dbfm_include() {
//  static $include;

  //by declaring $include static it remembers its last setting every time this is called
//  if (!$include) {
    $modulepath = drupal_get_path('module', 'dbfm');
    drupal_add_js($modulepath .'/js/dbfm.js');
    drupal_add_css($modulepath .'/css/dbfm.css');
    drupal_add_js('misc/collapse.js');  //why do we need this? isn't it there by default??
//    $include = true;
//  }
}

// this checks whether we're on a node form and whether it's the correct type of node form
// it's initially called by the form alter (which passes the form_id) subsiquent calls 
// when testing the form element just call this with a null parameter - the result of the previous test
// having been stored in the static variable
function check_node($form_id) {

  static $retval = FALSE;

  if ($form_id == NULL) {
    return $retval;
  }
  
  //see whether it's a node form of some sort
  $posn = strpos($form_id,"_node");
  if ($posn == FALSE) {
    // not a node form
    $retval = FALSE;
    return FALSE;
  }

  $nodetype = substr($form_id,0,$posn);

  //if we're allowed to attach to this type of node
  if (variable_get('dbfm_attach_' . $nodetype, 1) && user_access('attach dbFM files')) {
    $retval = TRUE;
    return TRUE;
  }
  $retval = FALSE;
  return FALSE;
}


//ZZZZZZZZZZis this still needed??
/**
 * Theme the attachment form.
 * Note: required to output prefix/suffix.
 */
function theme_dbfm_attach_attached_form($form) {
  $output = drupal_render($form);
  return $output;
}


/**
 * Helper function to return the defined sizes (or proper defaults).
 */
function _dbfm_get_sizes() {
  // the entry in the variables table is an array  of all the possible sizes with a 100x100 thumbnail as default
  // ZZZZ this will have to be stripped out to use the static data table - the only other option would be 
  $sizes = variable_get('dbfm_sizes', array(array('width' => 100, 'height' => 100, 'label' => 'thumbnail'),
                                              ));
  // use an anonymous function to filter the $sizes array
  return array_filter($sizes, create_function('$size', 'return !empty($size["label"]);'));
}


// awkward one here, the module won't let you resize larger than the original - but since we don't know how bg the original is
// we can't vet for this
function dbfm_settings_sizes_form() {

  $sizes = _dbfm_get_sizes();

  $form['#type'] = 'item';
  $form['#description'] = t('Select various pixel dimensions, "thumbnail" is required.
                             For each Label and dimension you enter a new "right-click" menu option will become available in dbFM for image files.
                             Clicking the menu item with resize the image based on these settings.');
  $form['#tree'] = TRUE;
  $form['#theme'] = 'dbfm_settings_sizes_form';
  for ($i = 0; $i < 5; $i++) {
    $form[$i]['label'] = array('#type' => 'textfield', '#default_value' => $sizes[$i]['label'], '#size' => 25);
    if (in_array($sizes[$i]['label'], array('thumbnail'))) {
      $form[$i]['label']['#attributes'] = array('disabled' => 'disabled');
      $form[$i]['label']['#value'] = $sizes[$i]['label'];
    }
    $form[$i]['width'] = array('#type' => 'textfield', '#default_value' => $sizes[$i]['width'], '#size' => 5, '#maxlength' => 5);
    $form[$i]['height'] = array('#type' => 'textfield', '#default_value' => $sizes[$i]['height'], '#size' => 5, '#maxlength' => 5);
  }

  return $form;
}

function theme_dbfm_settings_sizes_form(&$form) {
  $header = array(t('Label'), t('Width'), t('Height'));
  foreach (element_children($form) as $key) {
    $row = array();
    $row[] = drupal_render($form[$key]['label']);
    $row[] = drupal_render($form[$key]['width']);
    $row[] = drupal_render($form[$key]['height']);
    $rows[] = $row;

  }
  $output = theme('table', $header, $rows);
  $output .= drupal_render($form);

  return $output;
}


/**
 * Helper func to associate the listing icon with the mime type
 */
function _dbfm_get_icon($ext) {
  // Try and find appropriate type
  switch(strtolower($ext)) {
    case 'image/gif':
    case 'image/png':
    case 'image/jpg':
    case 'image/jpeg':
    case 'image/bmp':
    case 'image/tiff':
    case 'jpg':
      $icon = 'i.gif';
      break;
    case 'video/mpeg':
    case 'video/quicktime':
    case 'video/x-msvideo':
      $icon = 'avi.gif';
      break;
    case 'audio/mpeg':
      $icon = 'mp3.gif';
      break;
    case 'application/pdf':
      $icon = 'pdf.gif';
      break;
    case 'application/zip':
    case 'application/x-zip':
    case 'application/x-gzip':
      $icon = 'zip.gif';
      break;
    case 'application/msword':
      $icon = 'doc.gif';
      break;
    case 'application/vnd.ms-excel':
      $icon = 'xls.gif';
      break;
    default:
      $icon = 'f.gif';
      break;
  }
  return $icon;
}

/**
 * Called by the upload form on submit
 */
//UGHHH! I hate this bit of code. There are better ways of handling errors than all these nested if's
//for now I've just put a loop around the lot with a break for errors (a GOTO in disguise!)

function dbfm_upload () {
  global $active_db;

drupal_set_message("Does it ever get back here?");

  // files which are too large arrive with no path set - WHAT??

  // a while loop was bunged in to make it easy to exit to the bottom
  while (TRUE) {
    $root_path = file_directory_path().variable_get('dbfm_root_dir', '');

    $json_data = array();

    //should be passed back the directory in the browser we want to put it in - surely we have a fid for that in the javascript?
    //if not that would simplify matters ZZZZZZZZZZZZZZZZZZZ
    if($_SESSION['upload_dir']) {
      $dest = $_SESSION['upload_dir'];

      if($dest) {
        // Save new file uploads to tmp dir.
        if(($file = file_check_upload('dbfm_upload')) != FALSE) {
          if(dbfm_upload_validate($file, $err) === TRUE) {
           // file has been put in temp and we have a valid file object

            //need an extra check here to see whether the file already exists
            //just do a simple search in the database
            $qexist = db_query("SELECT * FROM {dbfm_file} WHERE fpath = '%s'",$dest . "/" . $file->filename);
            $numret = db_num_rows($qexist);
            if ($numret) {
              drupal_set_message("File already exists in the database");
              break;
            }
 
            //now if it's going to saved as a blob we need to do some work
            $metadata = array();
            $currentdate = date("Y-m-d H:i:s");
            $metadata['fpath'] = $dest;  //we're being sneaky here - we don't actually send the full path, we leave off the filename
            $metadata['fname'] = $file->filename;
            $metadata['flastmod'] = $currentdate;
            $metadata['ftitle'] = $file->filename;
            $metadata['fcreatedate'] = $currentdate;
            $metadata['fdown'] = 0;

            //before we compress the file lets fill in imagesize details into the database
            // getimagesize returns an array of data about an image file
            // the array has 5 elements, width, height, image type, a text string with width and height, and the mime type
            // the @ symbol before the function call suppresses error messages (you need this because the file's not an
            // image in most cases
            if ($i = @getimagesize($file->filepath)) {
              $metadata['fimagesize'] = $i[0] . 'x' . $i[1]; // the text string (couldn't use i[3], it was too verbose
              $metadata['fimagew'] = (int) $i[0];
              $metadata['fimageh'] = (int) $i[1];
            }

            $ext = explode('.', $file->filename);
            $extension = $ext[count($ext)-1];

            $frp = fopen($file->filepath, 'r');
            $filecontent = fread($frp, $file->filesize);

            //mysql doesn't need to encode and decode blobs - only dbs like postgress do that
            if ($GLOBALS['db_type'] == 'mysql') {
              //we'll escape nasty characters here and decide whether or not we need to compress the file
              if (dbfm_compress($extension)) {
                $metadata['fblob'] = mysql_real_escape_string(gzcompress($filecontent),$active_db);
              }
              else {
                $metadata['fblob'] = mysql_real_escape_string($filecontent,$active_db);
              }
            }
            else {
              // non-mysql database
              if (dbfm_compress($extension)) {
              $metadata['fblob'] = gzcompress(db_encode_blob($filecontent));
              }
              else {
                $metadata['fblob'] = db_encode_blob($filecontent);
              }
            }
            fclose($frp);

            //Insert file into database
            if ($file_in_db = dbfm_dbinsert_file($file, $err, $metadata)) {
              // file was inserted into the database

              //we need to clear all the fields on the file upload form - HOW??
              //do we re-draw the form?
              //surely the reload upload function (below) should do this??

              // we have to get rid of the temporary file
              file_delete($file->filepath);
              drupal_set_message(t('Upload success'));
            } 
            else {
              file_delete($file->filepath);
            }
          } 
          else {
            drupal_set_message(t('file %s is not valid for upload', array('%s' => $file->filename)), error);
          }
        } else {
          drupal_set_message(t('file_check_upload() failed: Check your php configuration to ensure that "max_file_upload" is greater than the file size you are attempting to upload.'), error);
        }
      } 
      else{
        drupal_set_message(t('Invalid destination path: %dest', array('%dest' => $dest)), error);
      }
    } else {
      // not a helpful message - I've added the path ... though it's unlikely to be filled if we've errored
      drupal_set_message(t('Invalid upload path: %upload', array('%upload' => $_SESSION['upload_dir'])), error);
    }
    break; 
  }  //end of big while-true loop

//we need to get rid of the  greybox here - I think the problem is that there's no submit with our code

//aha reload only clears the upload box itself ZZZZZZZZZZZ
  if(!isset($json_data['html'])) {
    $json_data['html'] = dbfm_reload_upload('dbfm/upload');
  }
  print drupal_to_js(array('status' => TRUE, 'data' => $json_data));
  exit();
}

/**
 * Actually shows the upload form
 */
function dbfm_reload_upload ($url, $confirm_form = '') {

  $form = array();
  if ($confirm_form) {
    array_push($form, $confirm_form);
  }
  array_push($form, dbfm_upload_form($url));
  //pass the name of the form and the form array
  $form = form_builder('upload_js', $form);
  $output = theme('status_messages') . drupal_render($form);
  return $output;
}

/**
 * Called by all ajax post requests
 */
function dbfm_ajax () {

  // declare the error array - may as well just do it once here
  $err_arr[] = array();

  if(isset($_POST["action"])) {
    $root_path = file_directory_path().variable_get('dbfm_root_dir', '');
    switch(trim(strtolower($_POST["action"]))) {
     case "delete":
        if(isset($_POST["param0"])) {

          $source = trim(rawurldecode($_POST["param0"]));
          $root = $root_path;

          // prevent any ../ shenanigans
          if($source && !ereg('\.\.', $source)) {
            $ret = dbfm_delete($source, $err_arr);
            dbfm_json(array('status' => $ret, 'data' => $err_arr));
            $dir = is_dir($source) ? TRUE : FALSE;
            //redraw the tree if we've deleted directories
            if($ret && $dir)
              unset($_SESSION['tree_'.$root]);
          } 
          else {
            dbfm_json(array('status' => FALSE, 'data' => 'illegal dir - ' . $source));
          }
        } 
        else 
          dbfm_json(array('status' => FALSE, 'data' => 'insufficient params'));
        exit();
        break;

      //Create new directory
      case "mkdir":
        if(isset($_POST["param0"])) {
          if(isset($_POST["param1"]))
            $dest = $_POST["param1"];
          else {
            $dest = t("New_Folder");
          }

          $source = trim(rawurldecode($_POST["param0"]));

          // second param is the right to rename if a dir of same name already
          // exists in current folder
          $ret = dbfm_mkdir($source, $dest, TRUE, $err_arr);
          dbfm_json(array('status' => $ret, 'data' => $err_arr));
          if($ret) {
            unset($_SESSION['tree_'.$root]);
          }
        } 
        else {
          dbfm_json(array('status' => FALSE, 'data' => 'insufficient params'));
        }
        exit();
        break;

      //Move a file or directory (drag and drop)
      case "move":
        if(isset($_POST["param0"]) && isset($_POST["param1"])) {
          $source = trim(rawurldecode($_POST["param0"]));
          $dest = trim(rawurldecode($_POST["param1"]));

          // Destination path must different
          if ($source != $dest) {
            $ret = dbfm_move($source, $dest, $err_arr);
            dbfm_json(array('status' => $ret, 'data' => $err_arr));
            if($ret && $dir) {
              unset($_SESSION['tree_'.$root]);
            }
          } 
          else {
            dbfm_json(array('status' => FALSE, 'data' => 'move operation not permitted'));
          }
        } else {
          dbfm_json(array('status' => FALSE, 'data' => 'insufficient params'));
        }
        exit();
        break;

      //Rename an existing file or directory
      case "rename":
        if(isset($_POST["param0"]) && isset($_POST["param1"])) {
          $dest = trim(rawurldecode($_POST["param1"]));
          $source = trim(rawurldecode($_POST["param0"]));
          $ret = dbfm_rename($source, $dest, $err_arr);
          dbfm_json(array('status' => $ret, 'data' => $err_arr));
          if($ret && $dir) {
            unset($_SESSION['tree_'.$root]);
          }
        }  
        else {
          dbfm_json(array('status' => FALSE, 'data' => 'insufficient params'));
        }
        exit();
        break;

      //Read directory tree
      case "readtree":
        //Build dbfm directory tree
        $tree = dbfm_tree($root_path);
        dbfm_json(array('status' => TRUE, 'tree' => $tree, 'current' => $root_path));
        exit();
        break;

      //Read directory set in $_POST["param0"]
      case "read":
         $rootpath_var = '';
        // so what are we doing here? If we've got a session directory set, read it into variable read_dir then unset the session
        // looks like the session setting takes precidence over any passed parameter ANYWAY, we end up setting read_dir
        // why do we unset the session variable? - I suppose its going to be set again in just a mo
        if(isset($_SESSION['directory'])) {
          $read_dir = $_SESSION['directory'];
          unset($_SESSION['directory']);
        }
        else if(isset($_POST["param0"])) {
          $read_dir = rawurldecode($_POST["param0"]);
        }
        //to save posting back the upload directory and messing with hidden fields on the form
        //I'm going to use a session variable (which is continually updated every time the user changes directory
        $_SESSION['upload_dir'] = $read_dir;
        $source = trim($read_dir);
        $rootpath_var = 'dbfm_root_dir';
 
        //code common to both, no error handling - ZZZZZZZZZZZZZZZdouble check on db_check
        $dirlist = new dbfm_build_dir_list($source, $rootpath_var);
        if($dirlist->get_breadcrumb()) {
          dbfm_json(array('status' => TRUE, 'current' => $source, 'bcrumb' => $dirlist->get_breadcrumb(), 'dirs' => $dirlist->get_dir_listing(), 'files' => $dirlist->get_file_listing()));
        }
        else {
          //invalid directory
          dbfm_json(array('status' => FALSE, 'data' => 'invalid dir'));
        }
        exit();   // why do we need an exit?????
        break;

      //Search current directory for filename - ZZZZ haven't tackled search yet
      //at the moment the search ignores the database and just searches through the directories
      //what I need is something that can actualy search through the file CONTENT or keywords associated with the files
      case "search":
        if(isset($_POST["param0"]) && isset($_POST["param1"])) {
          $source = trim(rawurldecode($_POST["param0"]));
          $searchpattern = trim(rawurldecode($_POST["param1"]));
          if ($searchpattern != "") {
            $regexpsearch = '';
            $maxlevel = 0;
            @clearstatcache();
            $search = new dbfm_searchFiles($source, $searchpattern, $maxlevel, $regexpsearch);
            dbfm_json(array('files' => $search->get_files()));
          }
        } else {
          dbfm_json(array('status' => FALSE, 'data' => 'insufficient params'));
        }
        exit();
        break;

      //Get file metadata - ZZZZ haven't tackled this yet
      case "getmeta":
        // the JS passes us the file ID of the entry
        if(isset($_POST["param0"])) {
          $fid = rawurldecode($_POST["param0"]);
          if(($meta = dbfm_selected_file_record($fid)) !== FALSE) {
            // we've loaded the contents of a file record into an array - perhaps the JS end doesn't like the fact we've 
            // included fields it doesn't know about
            dbfm_json(array('status' => TRUE, 'meta' => $meta));
          } else {
            dbfm_json(array('status' => FALSE, 'data' => 'file record not found'));
          }
        } else {
          dbfm_json(array('status' => FALSE, 'data' => 'insufficient params'));
        }
        exit();
        break;

      //Change file metadata - ZZZZ haven't tackled this yet - needs to pass the error array down to putmeta
      case "putmeta":
        if(isset($_POST["param0"]) && isset($_POST["param1"])) {
          dbfm_json(array('status' => dbfm_putmeta(rawurldecode($_POST["param0"]), rawurldecode($_POST["param1"]))));
        } else {
          dbfm_json(array('status' => FALSE, 'data' => 'unknown action'));
        }
        exit();
        break;

      //I've added in all the dbfm_image stuff - s'neater that way rather than bothering with a seperate module
      case 'get resize menu items':
        $sizes = _dbfm_get_sizes();
        $arraylen = count($sizes);
        for ($i = 0; $i < $arraylen; $i++) {
          $menus[] = $sizes[$i]['label'];
        }
        print dbfm_json($menus);  //$menus;
      break;

      case 'preview image':
        // this should all still work - dbfm send will decode the blob to a file and delete it once used
        //this is STUPID code - dbfm should just be sending back the fid NOT the filepath
        if($fid = dbfm_get_fid(trim(rawurldecode($_POST["filepath"])))){
          $url = url('dbfm_send/' . $fid);
          print $url;
        }
        else {
          $modulepath = drupal_get_path('module', 'dbfm');
          print($modulepath .'/image/no-preview.png');
        }
        break;

      case strstr($var, 'resize to '):
        //first check if we should operate on this file (i.e. one that is in the database)
        if($fid = dbfm_get_fid(trim(rawurldecode($_POST["filepath"])))){
          $file = dbfm_get_file_record($fid); //get a file record
          $dir = dirname($file->fpath);  //get the directory
          $variable = str_replace('resize to ', '', $var); //which resize operation are we doing
          $prefix = str_replace(' ', '_', $variable); //pepare the variable to be used as a file prefix
          $filename = strrev(substr(strrev($file->fpath), 0, strpos(strrev($file->fpath), '/')));
          $path = $dir .'/'. $prefix. '_'. $filename; //prepare a path+filename for the file we are going to create
          $sizes = _dbfm_get_sizes();

          foreach ($sizes as $key => $value){
            if($value['label'] == $variable){
              $height = $value['height'];
              $width = $value['width'];
            }
          }
          //this invokes the image toolkit to make a new resized FILE to use this for blobs we need to
          //give it a temporary filename then ship that into the database making an appropriate database
          //entry for it (using the $path already constructed)
          //MUST test the image size and not allow an upsize. The image module complains LOUDLY if this
          //happens
          if (@image_scale($file->fpath, $path, $width, $height)){  //create our new file
            $err = array();
            dbfm_insert_file($path, $err); //add it to the database
            print t($var .' complete');
          }
          else {
            print t('Operation Failed: Target dimensions are larger than source dimensions');
          }
        }
        break;
      default:
        dbfm_json(array('status' => FALSE, 'data' => 'illegal operation'));
        exit();
        break;
    }
    //should never get here.
    exit();
  }
  exit();
}

/**
 * Return data in JSON format.
 *
 * This function should be used for JavaScript callback functions returning
 * data in JSON format. It sets the header for JavaScript output.
 *
 * @param $var
 *   (optional) If set, the variable will be converted to JSON and output.
 */
function dbfm_json($var = NULL) {
  // We are returning JavaScript, so tell the browser.
  drupal_set_header('Content-Type: text/javascript; charset=utf-8');

  if (isset($var)) {
    echo drupal_to_js($var);
  }
}

/**
 * Main file manager function
 */
function dbfm_main () {
  global $base_url;

  //users can optionally supply either a path or an fid as a parameter
  //fid's are a single argument so lets start by counting what we've been given
  $numargs = func_num_args();
  if ($numargs > 0){
    if ($numargs == 1) {
      //it's probably an fid, let's check it's numeric, if not we'll give up and ignore it
      //a single argument would always be too short for a directory path
      $firstarg = func_get_arg(0);
      if (is_numeric($firstarg)) {
        // lets check that the number is a valid file ID
        $fidquery = db_query("SELECT * FROM {dbfm_file} WHERE fid = '%d'",$firstarg);
        $numret = db_num_rows($fidquery);
        if ($numret != 1) {
          drupal_set_message("Passed an Invalid Directory ID - " . $firstarg);
        }
        else {
          //assuming it did bring back a record it could have been a file rather than a directory - lets take a look
          //if it is a file we can go to the directory containing the file (the parent fid)
          $fid_rec = db_fetch_object($fidquery);
          if ($fid_rec-> fmime != 'directory') {
            //we'll have to look one level up
            $fidquery = db_query("SELECT * FROM {dbfm_file} WHERE fid = '%d'",$fid_rec->fparent);
            //we're bound to have a record - and it MUST be a directory so ...
            $fid_rec = db_fetch_object($fidquery);
          }
          $_SESSION['directory'] = $fid_rec-> fpath;
        }
      }
    }
    else {
      $pathin = 'files';
      //collect together the arguments and put them back together as a directory path
      $arg_list = func_get_args();
      for ($i = 0; $i < $numargs; $i++) {
        if ($i == 0) {
          //users won't know anything about the files directory
          if ($arg_list[$i] != 'files') {
            $pathin .= '/' . $arg_list[$i];
          }
        }
        else {
          $pathin .= '/' . $arg_list[$i];
        }
      }
      //now we've collected things into a path we'll see if there's a database record that matches
      $pathquery = db_query("SELECT * FROM {dbfm_file} WHERE fpath = '%s'",$pathin);
      $numret = db_num_rows($pathquery);
      if ($numret != 1) {
        //I suppose I could help them out with a LIKE "%path" but it's not straightforward because I'd have to strip off 'files' 
        drupal_set_message("Invalid Directory path - " . $pathin);
      }
      //check it's a directory and not a file
      $path_rec = db_fetch_object($pathquery);
      if ($path_rec->fmime != 'directory') {
        //go up a directory
        $pathquery = db_query("SELECT * FROM {dbfm_file} WHERE fid = '%d'",$path_rec->fparent);
        $path_rec = db_fetch_object($pathquery);
      }
      $_SESSION['directory'] = $path_rec->fpath;
    }
  }


  //force the tree to be re-read
  $root = file_directory_path().variable_get('dbfm_root_dir', '');
  unset($_SESSION['tree_'.$root]);

  dbfm_include();

  //this calls ALL modules that have the hook dbfm_extend_js and collects the results to gether to act on them
  module_invoke_all('dbfm_extend_js');

  if (is_null($inline_js)) {
    $clean_url = variable_get('clean_url', 0);
    $clean = (($clean_url == 0) || ($clean_url == '0')) ? FALSE : TRUE;
    //inline_js ends up filled with JS to insert into the form. drupal_set_html_head actually adds it
    $inline_js = dbfm_inline_js($base_url, $clean);
  }

  $output  = '<noscript><p class="err">JavaScript must be enabled in order to use dbfm!</p></noscript>'."\n";
  //this is where we add the upload form stuff to which everything else is attached
  $output .= '<div id="dbfm">'."\n";
  //no longer need to put the upload form on the main page
//  $output .= drupal_get_form('dbfm_upload_fieldset');
  $output .= '</div>'."\n";
  return $output;
}

/**
 * popup form constructor
 */
function dbfm_attachit() {
  global $base_url;

  // add some javascript
  if (is_null($inline_js)) {
    $clean_url = variable_get('clean_url', 0);
    $clean = (($clean_url == 0) || ($clean_url == '0')) ? FALSE : TRUE;
    $inline_js = dbfm_inline_js($base_url, $clean);
  }

  //bung all the javascript and css details in the header
  $modulepath = drupal_get_path('module', 'dbfm');
  $jspath = $modulepath .'/js/dbfm.js'; 
  $stylepath = $modulepath .'/css/dbfm.css';
  $modulepath = drupal_get_path('module', 'greybox');
  $greypath = $modulepath .'/greybox.js';           //try a completely different js file - we may not need it
  $greystyle = $modulepath .'/greybox.css';
  $jsjq = 'misc/jquery.js';
  $jsdrup = 'misc/drupal.js';

  $output  = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN">'."\n";
  $output .= "<html>\n";
  $output .= "<head>\n";
  $output .= "<title>dbFM File Browser</title>\n";
  $output .= "<link href=\"$stylepath\" rel=\"stylesheet\" type=\"text/css\">"; 
  $output .= "<link href=\"$greystyle\" rel=\"stylesheet\" type=\"text/css\">"; 
  $output .= "<script type=\"text/javascript\" src=\"$jsjq\"></script>\n";
  $output .= "<script type=\"text/javascript\" src=\"$jsdrup\"></script>\n";
  $output .= "<script type=\"text/javascript\" src=\"$jspath\"></script>\n";
  $output .= "<script type=\"text/javascript\" src=\"$greypath\"></script>\n";
  $output .= $inline_js;
  $output .= "</head>\n\n";
  $output .= "<body><p>Select the file you want to link or embed using the File Browser, then use the context menu (right click)</p>\n";
  $output .= '<div id="dbfm-popup">'."\n";  //put in the placeholder for the dbfm browser
  $output .= '</div>'."\n";
  $output .= "</body>";
  $output .= "</html>\n";
  print $output;

}

/**
 * popup form constructor
 */
function dbfm_searchit() {
  global $base_url;

  $output  = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN">'."\n";
  $output .= "<html>\n";
  $output .= "<head>\n";
  $output .= "<title>dbFM Search Window</title>\n";
  $output .= "</head>\n\n";
  $output .= "<body><p>Find what you're looking for here</p>\n";
  $output .= "</body>";
  $output .= "</html>\n";
  print $output;

}

/**
 * popup form constructor for the help screen
 */
function dbfm_helpit() {
  global $base_url;
  
  $output  = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN">'."\n";
  $output .= "<html>\n";
  $output .= "<head>\n";
  $output .= "<title>dbFM Help Window</title>\n";
  $output .= "</head>\n\n";
  $output .= "<body><p>Initially this will just display the version information, in the longer term a tabbed window with help</p>\n";
  $output .= "</body>";
  $output .= "</html>\n";
  print $output;

}

/**
 * popup form constructor for the file upload screen
 */
function dbfm_uploadit() {
  global $base_url;

  $output1 .= '<div id="dbfm_upload">'."\n";
  $output1 .= drupal_get_form('dbfm_upload_fieldset');
  $output1 .= '</div>'."\n";

    // add some javascript - I need to split the javascript file - it's pointless adding all this to a document when only a tiny bit of code is needed
    // jsut what is needed??
  if (is_null($inline_js)) {
    $clean_url = variable_get('clean_url', 0);
    $clean = (($clean_url == 0) || ($clean_url == '0')) ? FALSE : TRUE;
    $inline_js = dbfm_inline_js($base_url, $clean);
  }

  //bung all the javascript and css details in the header
  //zzzzz again - we don't need the whole dbfm.js, what do we need? 
  //We need to find out the current path on screen - that could be passed in the url?
  //having passed it in the url we could pass it to / put it into the upload fieldset?
  //what else do we need?? where's the upload js invoked?
  $modulepath = drupal_get_path('module', 'dbfm');
  $jspath = $modulepath .'/js/upjava.js';   //I've made a cut-down js file with the minimum included
  $stylepath = $modulepath .'/css/upjava.css'; 
  $jsjq = 'misc/jquery.js';
  $jsdrup = 'misc/drupal.js';

  $output  = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN">'."\n";
  $output .= "<html>\n";
  $output .= "<head>\n";
  $output .= "<title>dbFM File Upload</title>\n";
  $output .= "<link href=\"$stylepath\" rel=\"stylesheet\" type=\"text/css\">"; 
  $output .= "<script type=\"text/javascript\" src=\"$jsjq\"></script>\n";
  $output .= "<script type=\"text/javascript\" src=\"$jsdrup\"></script>\n";
  $output .= "<script type=\"text/javascript\" src=\"$jspath\"></script>\n";
  $output .= $inline_js;
  $output .= "</head>\n\n";
  $output .= "<body>\n";
  $output .= '<div id="progress"><img src="' . variable_get('dbfm_icon_dir','') . '/progress.gif" alt= "Working"></div>';
  $output .= $output1;
  $output .= "</body>";
  $output .= "</html>\n";
  print $output;
}


/**
 * popup form constructor for file properties this is called when the user presses the properties icon
 * in the file browser
 */
function dbfm_propertit() {
  global $base_url;

  $output  = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN">'."\n";
  $output .= "<html>\n";
  $output .= "<head>\n";
  $output .= "<title>dbFM File Properties</title>\n";
  $output .= "</head>\n\n";
  $output .= "<body><p>This will allow you to display and edit the file and directory properties</p>\n";
  //insert the drupal form here - I don't believe I have anything to respond to a submit - I'll look at