Xibo

Merge lp:~dangarner/xibo/server-160rc2 into lp:xibo/1.6

server-160rc2
Merge into ponswinnecke

Proposed by Dan Garner on 2014-03-29

Status:

Merged

Approved by:

Dan Garner on 2014-03-29

Approved revision:

346

Merged at revision:

317

Proposed branch:

lp:~dangarner/xibo/server-160rc2

Merge into:

lp:xibo/1.6

Diff against target:

7269 lines (+2762/-2878)

59 files modified

server/3rdparty/simplepie/library/SimplePie/File.php (+9/-0)
server/install.php (+0/-748)
server/install/database/46.php (+3/-3)
server/install/database/66.sql (+2/-2)
server/install/database/67.sql (+30/-0)
server/install/master/data.sql (+9/-4)
server/install/master/structure.sql (+14/-1)
server/lib/app/kit.class.php (+69/-64)
server/lib/app/modulemanager.class.php (+80/-80)
server/lib/app/pagemanager.class.php (+9/-7)
server/lib/app/thememanager.class.php (+5/-2)
server/lib/data/display.data.class.php (+64/-12)
server/lib/data/displaygroup.data.class.php (+303/-202)
server/lib/data/layout.data.class.php (+51/-0)
server/lib/data/lkmediadisplaygroup.data.class.php (+113/-0)
server/lib/data/media.data.class.php (+31/-2)
server/lib/data/schedule.data.class.php (+2/-2)
server/lib/include.php (+1/-1)
server/lib/modules/module.class.php (+9/-5)
server/lib/pages/content.class.php (+11/-2)
server/lib/pages/display.class.php (+16/-2)
server/lib/pages/displaygroup.class.php (+599/-328)
server/lib/pages/layout.class.php (+2/-2)
server/lib/pages/module.class.php (+5/-2)
server/lib/pages/schedule.class.php (+3/-3)
server/lib/pages/stats.class.php (+3/-3)
server/lib/pages/statusdashboard.class.php (+1/-1)
server/lib/service/xmdssoap.class.php (+113/-63)
server/locale/dbtranslate.php (+4/-0)
server/manual/content/admin/fileassociations.php (+33/-0)
server/manual/content/content/content_genericfile.php (+25/-0)
server/manual/content/routes.php (+2/-0)
server/manual/content/toc_library.php (+1/-0)
server/manual/content/toc_user_and_display.php (+1/-0)
server/modules/datasetview.module.php (+16/-7)
server/modules/genericfile.module.php (+128/-0)
server/modules/module_user_general.php (+615/-582)
server/modules/preview/HtmlTemplateForGetResource.html (+3/-1)
server/modules/preview/html-preview.js (+3/-3)
server/modules/preview/xibo-text-render.js (+49/-17)
server/modules/text.module.php (+3/-1)
server/modules/ticker.module.php (+3/-1)
server/theme/default/css/xibo.css (+46/-27)
server/theme/default/html/display_form_version_instructions.php (+56/-0)
server/theme/default/html/displaygroup_fileassociations_form_assign.php (+58/-0)
server/theme/default/html/displaygroup_fileassociations_form_assign_list.php (+39/-0)
server/theme/default/html/footer.php (+2/-1)
server/theme/default/html/library_form_media_add.php (+6/-6)
server/theme/default/html/library_form_media_edit.php (+2/-1)
server/theme/default/html/media_form_ticker_add.php (+2/-2)
server/theme/default/html/media_form_ticker_edit.php (+1/-1)
server/theme/default/html/media_form_webpage_add.php (+1/-1)
server/theme/default/html/media_form_webpage_edit.php (+1/-1)
server/theme/default/html/module_page_grid.php (+2/-0)
server/theme/default/js/xibo-forms.js (+68/-0)
server/theme/default/js/xibo-layout-designer.js (+18/-0)
server/theme/default/libraries/bootstrap/js/bootstrap-ckeditor-fix.js (+15/-0)
server/theme/default/libraries/ckeditor/config.js (+2/-2)
server/upgrade.php (+0/-683)

To merge this branch:

bzr merge lp:~dangarner/xibo/server-160rc2

Related bugs:

Bug #727248: n weekly repeats break over a DST change	Low	Fix Released
Bug #1281040: Library Tidy and Database Import disabled by default	Undecided	Fix Released
Bug #1281270: Cant set transition on second occurence of the same media item	Medium	Fix Released
Bug #1282149: RSS feed in version 1.6 doesn't work through proxy	Undecided	Fix Released
Bug #1283486: Stats incorrectly aggregating	Medium	Fix Released
Bug #1284021: layout name not escaping html correctly	Undecided	Fix Released
Bug #1288748: RequiredFiles fails when PHONE_HOME is on	Medium	Fix Released
Bug #1289213: 1.6.0-rc1 (plus patches) no Underline	Undecided	Fix Released
Bug #1290001: Missing translation "User Groups"	Low	Fix Released
Bug #1290866: Region options not updated when saving region position/size	Undecided	Fix Released
Bug #1290871: Insert Image doesn't work on 1.6.0-rc1 in Ticker edit	Low	Fix Released
Bug #1290880: Text Media in Layout Designer doesn't resize when region is resized	Undecided	Fix Released
Bug #1290882: Status Dashboard bandwidth graph ordering incorrect	Medium	Fix Released
Bug #1290906: Upgrade to 1.6.0-rc1 fails from upgrades prior to step 46	Critical	Fix Released
Bug #1291456: 1.6.0-rc1 should accept non-FQDN in URL fields	Undecided	Fix Released
Bug #1299424: Add Event Form, both grids get the same ID	High	Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Xibo Maintainters		2014-03-29	Pending
Review via email: mp+213360@code.launchpad.net

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Dan Garner

viccha

Xibo

Merge lp:~dangarner/xibo/server-160rc2 into lp:xibo/1.6

Commit message

Description of the change

Preview Diff

Subscribers

 === modified file 'server/3rdparty/simplepie/library/SimplePie/File.php'
 --- server/3rdparty/simplepie/library/SimplePie/File.php	2013-05-11 15:26:38 +0000
 +++ server/3rdparty/simplepie/library/SimplePie/File.php	2014-03-29 13:09:24 +0000
@@ -113,6 +113,15 @@
  					curl_setopt($fp, CURLOPT_MAXREDIRS, $redirects);
+ 				}
++				// Dan Garner PATCH
++				if (Config::GetSetting('PROXY_HOST') != '') {
++					curl_setopt($fp, CURLOPT_PROXY, Config::GetSetting('PROXY_HOST'));
++ 					curl_setopt($fp, CURLOPT_PROXYPORT, Config::GetSetting('PROXY_PORT'));
++
++ 					if (Config::GetSetting('PROXY_AUTH') != '')
++ 						curl_setopt($fp, CURLOPT_PROXYUSERPWD, Config::GetSetting('PROXY_AUTH'));
++				}
++
  				$this->headers = curl_exec($fp);
  				if (curl_errno($fp) === 23 || curl_errno($fp) === 61)
+ 				{
 === removed file 'server/install.php'
 --- server/install.php	2013-08-21 22:27:13 +0000
 +++ server/install.php	1970-01-01 00:00:00 +0000
@@ -1,748 +0,0 @@
--<?php
--/*
-- * Xibo - Digital Signage - http://www.xibo.org.uk
-- * Copyright (C) 2009-2013 Alex Harrington
-- *
-- * This file is part of Xibo.
-- *
-- * Xibo is free software: you can redistribute it and/or modify
-- * it under the terms of the GNU Affero General Public License as published by
-- * the Free Software Foundation, either version 3 of the License, or
-- * any later version.
-- *
-- * Xibo is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- * GNU Affero General Public License for more details.
-- *
-- * You should have received a copy of the GNU Affero General Public License
-- * along with Xibo.  If not, see <http://www.gnu.org/licenses/>.
-- */
--DEFINE('XIBO', true);
--
--if (! checkPHP())
--{
--	die('Xibo requires PHP 5.2.4 or later');
--}
--
--error_reporting(0);
--ini_set('display_errors', 0);
--
--include('lib/app/kit.class.php');
--include('install/header.inc');
--include('config/config.class.php');
--include('config/db_config.php');
--
--// Setup for the Translations using Gettext.
--// There is normally a class that will do this for us - but it requires a DB object (which we do not have at install time)
--// Would be nice to include a method on the TranslationEngine that did this for us - but without the debugging
--// The actual translation function __() is included later in this file.
--$langs 		= Kit::GetParam('HTTP_ACCEPT_LANGUAGE', $_SERVER, _STRING);
--$lang		= 'en-gb'; 		// Default language
--$encoding 	= '';			// We do not seem to need an encoding, but I read somewhere that we might - left as a reminder of this.
--
--if ($langs != '')
--{
--	$langs 	= explode(',', $langs);
--	$lang 	= $langs[0];
--}
--
--// For windows
--putenv('LANG='.$lang.'.'.$encoding);
--putenv('LANGUAGE='.$lang.'.'.$encoding);
--putenv('LC_ALL='.$lang.'.'.$encoding);
--
--// Set local
--setlocale(LC_ALL, $lang.'.'.$encoding);
--
--// Translations have been setup.
--
--$fault = false;
--
--$xibo_step = Kit::GetParam('xibo_step',_POST,_INT,'0');
--
--if (!isset($xibo_step) || $xibo_step == 0) {
--  # First step of the process.
--  # Show a welcome screen and next button
--  ?>
--  <?php echo __("Welcome to the Xibo Installer!"); ?><br /><br />
--  <?php echo __("The installer will take you through setting up Xibo one step at a time."); ?><br /><br />
--  <?php echo __("Lets get started!"); ?><br /><br />
--  <form action="install.php" method="POST">
--    <input type="hidden" name="xibo_step" value="1" />
--    <div class="loginbutton"><button type="submit"><?php echo __("Next"); ?> ></button></div>
--  </form>
--  <?php
--}
--elseif ($xibo_step == 1) {
--  # Check environment
--  $db = new Database();
--  $cObj = new Config();
--  ?>
--  <p><?php echo __("First we need to check if your server meets Xibo's requirements."); ?></p>
--  <div class="checks">
--  <?php
--    echo $cObj->CheckEnvironment();
--    if ($cObj->EnvironmentFault()) {
--    ?>
--      <form action="install.php" method="POST">
--        <input type="hidden" name="xibo_step" value="1" />
--        <div class="loginbutton"><button type="submit"><?php echo __("Retest"); ?></button></div>
--      </form>
--    <?php
--    }
--    else if ($cObj->EnvironmentWarning()) {
--    ?>
--      <form action="install.php" method="POST">
--        <input type="hidden" name="xibo_step" value="1" />
--        <div class="loginbutton"><button type="submit"><?php echo __("Retest"); ?></button></div>
--      </form>
--      <form action="install.php" method="POST">
--        <input type="hidden" name="xibo_step" value="2" />
--        <div class="loginbutton"><button type="submit"><?php echo __("Next"); ?> ></button></div>
--      </form>
--    <?php
--    }
--    else {
--    ?>
--      <form action="install.php" method="POST">
--        <input type="hidden" name="xibo_step" value="2" />
--        <div class="loginbutton"><button type="submit"><?php echo __("Next"); ?> ></button></div>
--      </form>
--    <?php
--    }
--}
--elseif ($xibo_step == 2) {
--# Create database
--## Does database exist already?
--
--  ?>
--  <div class="info">
--    <p><?php echo __("Xibo needs to setup a new database."); ?></p>
--    <p><?php echo __("If you have not yet created an empty database and database user for Xibo to use, and know the username/password of a MySQL administrator, click the \"Create New\" button, otherwise click \"Use Existing\"."); ?></p>
--    <p><i><?php echo __("Note that any existing database must be empty"); ?></i></p>
--  </div>
--  <form action="install.php" method="POST">
--    <input type="hidden" name="xibo_step" value="3" />
--    <button type="submit"><?php echo __("Create New"); ?></button>
--  </form>
--  <form action="install.php" method="POST">
--    <input type="hidden" name="xibo_step" value="4" />
--    <button type="submit"><?php echo __("Use Existing"); ?></button>
--  </form>
--  <?php
--}
--elseif ($xibo_step == 3) {
--## If not, gather admin password and use to create empty db and new user.
--?>
--<div class="info">
--<p><?php echo __("Since no empty database has been created for Xibo to use, we need the username and password of a MySQL administrator to create a new database, and database user for Xibo."); ?></p>
--<p><?php echo __("Additionally, please give us a new username and password to create in MySQL for Xibo to use. Xibo will create this automatically for you."); ?></p>
--<form action="install.php" method="POST">
--<input type="hidden" name="xibo_step" value="5" />
--<input type="hidden" name="db_create" value="On" />
--<div class="install_table">
--  <p><label for="host"><?php echo __("Host:"); ?>&nbsp;</label><input class="username" type="text" id="host" name="host" size="12" value="localhost" /></p>
--  <p><label for="admin_username"><?php echo __("Admin Username:"); ?>&nbsp;</label><input class="username" type="text" id="admin_username" name="admin_username" size="12" /></p>
--  <p><label for="admin_password"><?php echo __("Admin Password:"); ?>&nbsp;</label><input class="username" type="password" id="admin_password" name="admin_password" size="12" /></p>
--  <p><label for="db_name"><?php echo __("Xibo Database Name:"); ?>&nbsp;</label><input class="username" type="text" id="db_name" name="db_name" size="12" value="xibo" /></p>
--  <p><label for="db_username"><?php echo __("Xibo Database Username:"); ?>&nbsp;</label><input class="username" type="text" id="db_username" name="db_username" size="12" value="xibo" /></p>
--  <p><label for="db_password"><?php echo __("Xibo Database Password:"); ?>&nbsp;</label><input class="username" type="password" id="db_password" name="db_password" size="12" /></p>
--</div>
--</div>
--<button type="submit"><?php echo __("Create"); ?></button>
--</form>
--<?php
--}
--elseif ($xibo_step == 4) {
--## Get details of db that's been created already for us
--?>
--<div class="info">
--<p><?php echo __("Please enter the details of the database and user you have created for Xibo."); ?></p>
--<form action="install.php" method="POST">
--<input type="hidden" name="xibo_step" value="5" />
--<input type="hidden" name="db_create" value="Off" />
--<div class="install_table">
--  <p><label for="host"><?php echo __("Host:"); ?>&nbsp;</label><input class="username" type="text" id="host" name="host" size="12" value="localhost" /></p>
--  <p><label for="db_name"><?php echo __("Xibo Database Name:"); ?>&nbsp;</label><input class="username" type="text" id="db_name" name="db_name" size="12" value="xibo" /></p>
--  <p><label for="db_username"><?php echo __("Xibo Database Username:"); ?>&nbsp;</label><input class="username" type="text" id="db_username" name="db_username" size="12" value="xibo" /></p>
--  <p><label for="db_password"><?php echo __("Xibo Database Password:"); ?>&nbsp;</label><input class="username" type="password" id="db_password" name="db_password" size="12" /></p>
--</div>
--</div>
--<button type="submit"><?php echo __("Create"); ?></button>
--</form>
--<?php
--}
--elseif ($xibo_step == 5) {
--
--  $db_create = Kit::GetParam('db_create',_POST,_STRING);
--
--  if (!isset($db_create)) {
--    reportError("2",__("Something went wrong"));
--  }
--  else {
--    $db_host = Kit::GetParam('host',_POST,_STRING,'localhost');
--    $db_user = Kit::GetParam('db_username',_POST,_PASSWORD);
--    $db_pass = Kit::GetParam('db_password',_POST,_PASSWORD);
--    $db_name = Kit::GetParam('db_name',_POST,_PASSWORD);
--    ?>
--    <div class="info">
--    <?php
--    if ($db_create == 'On') {
--      $db_admin_user = Kit::GetParam('admin_username',_POST,_PASSWORD);
--      $db_admin_pass = Kit::GetParam('admin_password',_POST,_PASSWORD);
--
--      if (! ($db_host && $db_name && $db_user && $db_admin_user)) {
--        # Something was blank.
--        # Throw an error.
--        reportError("3", __("A field was blank. Please fill in all fields."));
--      }
--
--      $db = @mysql_connect($db_host,$db_admin_user,$db_admin_pass);
--
--      if (! $db) {
--        reportError("3", __("Could not connect to MySQL with the administrator details. Please check and try again.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--      }
--
--      ?>
--      <p><?php echo __("Creating new database."); ?></p>
--      <?php
--      flush();
--
--      $SQL = sprintf("CREATE DATABASE `%s`",
--                      mysql_real_escape_string($db_name));
--      if (! @mysql_query($SQL, $db)) {
--        # Create database and user
--        reportError("3", __("Could not create a new database with the administrator details. Please check and try again.") . "<br /><br />" . "MySQL Error:" . "<br />" . mysql_error());
--      }
--
--      # Choose the MySQL DB to create a user
--      @mysql_select_db("mysql", $db);
--
--      # Make $db_host lowercase so it matches "localhost" if required.
--      $db_host = strtolower($db_host);
--
--      ?>
--      <p><?php echo __("Creating new user"); ?></p>
--      <?php
--      flush();
--
--      if ($db_host == 'localhost') {
--        $SQL = sprintf("GRANT ALL PRIVILEGES ON `%s`.* to '%s'@'%s' IDENTIFIED BY '%s'",
--                        mysql_real_escape_string($db_name),
--                        mysql_real_escape_string($db_user),
--                        mysql_real_escape_string($db_host),
--                        mysql_real_escape_string($db_pass));
--      }
--      else {
--        $SQL = sprintf("GRANT ALL PRIVILEGES ON `%s`.* to '%s'@'%%' IDENTIFIED BY '%s'",
--                        mysql_real_escape_string($db_name),
--                        mysql_real_escape_string($db_user),
--                        mysql_real_escape_string($db_pass));
--      }
--      if (! @mysql_query($SQL, $db)) {
--          reportError("3", __("Could not create a new user with the administrator details. Please check and try again.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--      }
--
--
--      @mysql_query("FLUSH PRIVILEGES", $db);
--      @mysql_close($db);
--
--    }
--    else {
--      if (! ($db_host && $db_name && $db_user && $db_pass)) {
--        # Something was blank
--        # Throw an error.
--        reportError("4", __("A field was blank. Please fill in all fields.") . " " . $db_host . " " . $db_name . " " . $db_user . " " . $db_pass);
--      }
--    }
--    ## Populate database
--
--    $db = @mysql_connect($db_host,$db_user,$db_pass);
--
--    if (! $db) {
--      reportError("4", __("Could not connect to MySQL with the Xibo User account details. Please check and try again.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--
--    @mysql_select_db($db_name,$db);
--
--    ?>
--    <p>Populating the database</p>
--    <?php
--    flush();
--
--    # Load from sql files to db - HOW?
--    $sql_files = array('structure.sql', 'data.sql');
--
--    $sqlStatementCount = 0;
--
--    foreach ($sql_files as $filename) {
--      ?>
--      <p>Loading from <?php print $filename; ?>
--      <?php
--        flush();
--
--        $delimiter = ';';
--        $sql_file = @file_get_contents('install/master/' . $filename);
--        $sql_file = remove_remarks($sql_file);
--        $sql_file = split_sql_file($sql_file, $delimiter);
--
--        foreach ($sql_file as $sql) {
--          print ".";
--          $sqlStatementCount++;
--          flush();
--          if (! @mysql_query($sql,$db)) {
--            reportError("4", __("An error occured populating the database.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error() . "<br /><br />SQL executed:<br />" . $sql . "<br /><br />Statement number: " . $sqlStatementCount);
--          }
--        }
--        print "</p>";
--    }
--    @mysql_close($db);
--  }
--  # Write out a new settings.php
--  $fh = fopen("settings.php", 'wt');
--
--  if (! $fh) {
--    reportError("0", __("Unable to write to settings.php. We already checked this was possible earlier, so something changed."));
--  }
--
--  settings_strings();
--
--  $settings_content = '$dbhost = \'' . $db_host . '\';' . "\n";
--  $settings_content .= '$dbuser = \'' . $db_user . '\';' . "\n";
--  $settings_content .= '$dbpass = \'' . $db_pass . '\';' . "\n";
--  $settings_content .= '$dbname = \'' . $db_name . '\';' . "\n\n";
--  $settings_content .= 'define(\'SECRET_KEY\',\'' . gen_secret() . '\');' . "\n";
--
--  if (! fwrite($fh, $settings_header . $settings_content . $settings_footer)) {
--    reportError("0", __("Unable to write to settings.php. We already checked this was possible earlier, so something changed."));
--  }
--
--  fclose($fh);
--
--  ?>
--  </div>
--  <div class="install_table">
--    <form action="install.php" method="POST">
--      <input type="hidden" name="xibo_step" value="6" />
--  </div>
--    <button type="submit"><?php echo __("Next"); ?> ></button>
--  </form>
--  <?php
--}
--elseif ($xibo_step == 6) {
--  # Form to get new admin password
--  ?>
--  <div class="info">
--  <p><?php echo __("Xibo needs to set the \"xibo_admin\" user password. Please enter a password for this account below."); ?></p>
--  </div>
--  <div class="install_table">
--    <form action="install.php" method="POST">
--      <input type="hidden" name="xibo_step" value="7" />
--      <p><label for="password1"><?php echo __("Password:"); ?>&nbsp;</label><input type="password" name="password1" size="12" /></p>
--      <p><label for="password2"><?php echo __("Retype Password:"); ?>&nbsp;</label><input type="password" name="password2" size="12" /></p>
--  </div>
--    <button type="submit"><?php echo __("Next"); ?> ></button>
--  </form>
--  <?php
--}
--elseif ($xibo_step == 7) {
--  # Setup xibo_admin password
--  $password1 = Kit::GetParam('password1',_POST,_PASSWORD);
--  $password2 = Kit::GetParam('password2',_POST,_PASSWORD);
--
--  if (!(($password1 && $password2) && ($password1 == $password2))) {
--    reportError("6", __("Please input a new password. Ensure both password fields are identical."));
--  }
--
--  include('settings.php');
--
--  $password_hash = md5($password1);
--
--  $db = @mysql_connect($dbhost,$dbuser,$dbpass);
--
--    if (! $db) {
--      reportError("6", __("Could not connect to MySQL with the Xibo User account details saved in settings.php. Please check and try again.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--
--    @mysql_select_db($dbname,$db);
--
--    $SQL = sprintf("UPDATE `user` SET UserPassword = '%s' WHERE UserID = 1 LIMIT 1",
--                    mysql_real_escape_string($password_hash));
--    if (! @mysql_query($SQL, $db)) {
--      reportError("6", __("An error occured changing the xibo_admin password.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--
--    @mysql_close($db);
--
--    ?>
--    <div class="info">
--      <?php echo __("Successfully changed the xibo_admin password. We're nearly there now. Just a couple more steps!"); ?>
--    </div>
--    <form action="install.php" method="POST">
--      <input type="hidden" name="xibo_step" value="8" />
--      <button type="submit"><?php echo __("Next"); ?> ></button>
--    </form>
--    <?php
--}
--elseif ($xibo_step == 8) {
--  # Configure paths and keys
--  ## nuSoap
--  ## libraries
--  ## server_key
--  ?>
--  <div class="info">
--    <p><b><?php echo __("Library Location"); ?></b></p>
--    <p><?php echo __("Xibo needs somewhere to store the things you upload to be shown. Ideally, this should be somewhere outside the root of your webserver - that is such that is not accessible by a web browser. Please input the full path to this folder. If the folder does not already exist, Xibo will attempt to create it for you."); ?></p>
--    <form action="install.php" method="POST">
--    <div class="install_table">
--       <p><label for="library_location"><?php echo __("Library Location:"); ?>&nbsp;</label><input type="text" name="library_location" value="" /></p>
--    </div>
--    <p><b><?php echo __("Server Key"); ?></b></p>
--    <p><?php echo __("Xibo needs you to choose a \"key\". This will be required each time you setup a new client. It should be complicated, and hard to remember. It is visible in the admin interface, so it need not be written down separately."); ?></p>
--    <div class="install_table">
--      <p><label for="server_key"><?php echo __("Server Key:"); ?> </label><input type="text" name="server_key" value="" /></p>
--    </div>
--    <p><b><?php echo __("Statistics"); ?></b></p>
--    <p><?php echo __("We'd love to know you're running Xibo. If you're happy for us to collect anonymous statistics (version number, number of displays) then please leave the box ticked. Please untick the box if your server does not have direct access to the internet."); ?></p>
--    <div class="install_table">
--      <p><label for="stats"><?php echo __("Anonymous Statistics:"); ?>&nbsp;</label><input type="checkbox" name="stats" value="true" checked /></p>
--    </div>
--      <input type="hidden" name="xibo_step" value="9" />
--    </div>
--      <button type="submit"><?php echo __("Next"); ?> ></button>
--    </form>
--  <?php
--}
--elseif ($xibo_step == 9) {
--
--  $server_key = Kit::GetParam('server_key',_POST,_STRING);
--  $library_location = Kit::GetParam('library_location',_POST,_STRING);
--  $stats = Kit::GetParam('stats',_POST,_BOOL);
--
--  // Remove trailing whitespace from the path given.
--  $library_location = trim($library_location);
--
--  // Check both fields were completed
--  if (! ($server_key && $library_location)) {
--    reportError("8", __("A field was blank. Please make sure you complete all fields"));
--  }
--
--  if ($stats) {
--    $stats="On"; // Fixme: translate ?
--  }
--  else {
--    $stats="Off"; //Fixme : translate ?
--  }
--
--  // Does library_location exist already?
--  if (! is_dir($library_location)) {
--    if (is_file($library_location)) {
--      reportError("8", __("A file exists with the name you gave for the Library Location. Please choose another location"));
--    }
--
--    // Directory does not exist. Attempt to make it
--    // Using mkdir recursively, so it will attempt to make any
--    // intermediate folders required.
--    if (! mkdir($library_location,0755,true)) {
--      reportError("8", __("Could not create the Library Location directory for you. Please ensure the webserver has permission to create a folder in this location, or create the folder manually and grant permission for the webserver to write to the folder."));
--    }
--
--  }
--
--  // Is library_location writable?
--  if (! is_writable($library_location)) {
--    // Directory is not writable.
--    reportError("8", __("The Library Location you gave is not writable by the webserver. Please fix the permissions and try again."));
--  }
--
--  // Is library_location empty?
--  if (count(ls("*",$library_location,true)) > 0) {
--    reportError("8", __("The Library Location you gave is not empty. Please give the location of an empty folder"));
--  }
--
--  // Check if the user has added a trailing slash.
--  // If not, add one.
--  if (!((substr($library_location, -1) == '/') || (substr($library_location, -1) == '\\'))) {
--    $library_location = $library_location . '/';
--  }
--
--  include('settings.php');
--
--  $db = @mysql_connect($dbhost,$dbuser,$dbpass);
--
--    if (! $db) {
--      reportError("8", __("Could not connect to MySQL with the Xibo User account details saved in settings.php. Please check and try again.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--
--    @mysql_select_db($dbname,$db);
--
--    $SQL = sprintf("UPDATE `setting` SET `value` = '%s' WHERE `setting`.`setting` = 'LIBRARY_LOCATION' LIMIT 1",
--                    mysql_real_escape_string($library_location));
--    if (! @mysql_query($SQL, $db)) {
--      reportError("8", __("An error occured changing the library location.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--
--    $SQL = sprintf("UPDATE `setting` SET `value` = '%s' WHERE `setting`.`setting` = 'SERVER_KEY' LIMIT 1",
--                      mysql_real_escape_string($server_key));
--    if (! @mysql_query($SQL, $db)) {
--      reportError("8", __("An error occured changing the server key.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--
--    $SQL = sprintf("UPDATE `setting` SET `value` = '%s' WHERE `setting`.`setting` = 'defaultTimezone' LIMIT 1",
--                      mysql_real_escape_string(date_default_timezone_get()));
--    if (! @mysql_query($SQL, $db)) {
--      reportError("8", __("An error occured setting the default timezone.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--
--    $SQL = sprintf("UPDATE `setting` SET `value` = '%s' WHERE `setting`.`setting` = 'PHONE_HOME' LIMIT 1",
--                      mysql_real_escape_string($stats));
--    if (! @mysql_query($SQL, $db)) {
--      reportError("8", __("An error occured setting anonymous statistics.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--    $SQL = "UPDATE `setting` SET `value` = '" . md5(uniqid(rand(), true)) . "' WHERE `setting`.`setting` = 'PHONE_HOME_KEY' LIMIT 1";
--    if (! @mysql_query($SQL, $db)) {
--      reportError("8", __("An error occured setting anonymous statistics.") . "<br /><br />" . __("MySQL Error:") . "<br />" . mysql_error());
--    }
--
--    @mysql_close($db);
--
--  ?>
--  <div class="info">
--    <p><?php echo __("Successfully set library location and server key."); ?></p>
--  </div>
--    <form action="install.php" method="POST">
--      <input type="hidden" name="xibo_step" value="10" />
--      <button type="submit"><?php echo __("Next"); ?> ></button>
--    </form>
--  <?php
--}
--elseif ($xibo_step == 10) {
--# Delete install.php
--# Redirect to login page.
--  if (! unlink('install.php')) {
--    reportError("10", __("Unable to delete install.php. Please ensure the webserver has permission to unlink this file and retry"), __("Retry")); // Fixme : translate "Retry" ?
--  }
--  if (! unlink('upgrade.php')) {
--    reportError("10", __("Unable to delete upgrade.php. Please ensure the webserver has permission to unlink this file and retry"), __("Retry")); // Fixme : translate "Retry" ?
--  }
--  ?>
--  <div class="info">
--    <p><b><?php echo __("Xibo was successfully installed."); ?></b></p>
--    <p><?php echo __("Please click"); ?>&nbsp;<a href="index.php"><?php echo __("here"); ?></a>&nbsp;<?php echo __("to logon to Xibo as \"xibo_admin\" with the password you chose earlier."); ?></p>
--  </div>
--  <?php
--}
--else {
--  reportError("0", __("A required parameter was missing. Please go through the installer sequentially!"), __("Start Again")); // Fixme : translate "Start Again" ?
--}
--
--include('install/footer.inc');
--
--# Functions
--function checkFsPermissions() {
--  # Check for appropriate filesystem permissions
--  return ((is_writable("install.php") && (is_writable("settings.php")) && (is_writable("upgrade.php")) || is_writable(".")));
--}
--
--function checkMySQL() {
--  # Check PHP has MySQL module installed
--  return extension_loaded("mysql");
--}
--
--function checkJson() {
--  # Check PHP has JSON module installed
--  return extension_loaded("json");
--}
--
--function checkGd() {
--  # Check PHP has JSON module installed
--  return extension_loaded("gd");
--}
--
--function checkCal() {
--  # Check PHP has JSON module installed
--  return extension_loaded("calendar");
--}
--
--function reportError($step, $message, $button_text="&lt; Back") { // fixme : translate ?
--?>
--    <div class="info">
--      <?php print $message; ?>
--    </div>
--    <form action="install.php" method="POST">
--      <input type="hidden" name="xibo_step" value="<?php print $step; ?>"/>
--      <button type="submit"><?php print $button_text; ?></button>
--    </form>
--  <?php
--  include('install/footer.inc');
--  die();
--}
--
--// Taken from http://forums.devshed.com/php-development-5/php-wont-load-sql-from-file-515902.html
--// By Crackster
--/**
-- * remove_remarks will strip the sql comment lines out of an uploaded sql file
-- */
--function remove_remarks($sql){
--  $sql = preg_replace('/\n{2,}/', "\n", preg_replace('/^[-].*$/m', "\n", $sql));
--  $sql = preg_replace('/\n{2,}/', "\n", preg_replace('/^#.*$/m', "\n", $sql));
--  return $sql;
--}
--
--// Taken from http://forums.devshed.com/php-development-5/php-wont-load-sql-from-file-515902.html
--// By Crackster
--/**
-- * split_sql_file will split an uploaded sql file into single sql statements.
-- * Note: expects trim() to have already been run on $sql.
-- */
--function split_sql_file($sql, $delimiter){
--  $sql = str_replace("\r" , '', $sql);
--  $data = preg_split('/' . preg_quote($delimiter, '/') . '$/m', $sql);
--  $data = array_map('trim', $data);
--  // The empty case
--  $end_data = end($data);
--  if (empty($end_data))
--  {
--    unset($data[key($data)]);
--  }
--  return $data;
--}
--
--/**
-- * This funtion will take a pattern and a folder as the argument and go thru it(recursivly if needed)and return the list of
-- *               all files in that folder.
-- * Link             : http://www.bin-co.com/php/scripts/filesystem/ls/
-- * License	: BSD
-- * Arguments     :  $pattern - The pattern to look out for [OPTIONAL]
-- *                    $folder - The path of the directory of which's directory list you want [OPTIONAL]
-- *                    $recursivly - The funtion will traverse the folder tree recursivly if this is true. Defaults to false. [OPTIONAL]
-- *                    $options - An array of values 'return_files' or 'return_folders' or both
-- * Returns       : A flat list with the path of all the files(no folders) that matches the condition given.
-- */
--function ls($pattern="*", $folder="", $recursivly=false, $options=array('return_files','return_folders')) {
--    if($folder) {
--        $current_folder = realpath('.');
--        if(in_array('quiet', $options)) { // If quiet is on, we will suppress the 'no such folder' error
--            if(!file_exists($folder)) return array();
--        }
--
--        if(!chdir($folder)) return array();
--    }
--
--
--    $get_files    = in_array('return_files', $options);
--    $get_folders= in_array('return_folders', $options);
--    $both = array();
--    $folders = array();
--
--    // Get the all files and folders in the given directory.
--    if($get_files) $both = glob($pattern, GLOB_BRACE + GLOB_MARK);
--    if($recursivly or $get_folders) $folders = glob("*", GLOB_ONLYDIR + GLOB_MARK);
--
--    //If a pattern is specified, make sure even the folders match that pattern.
--    $matching_folders = array();
--    if($pattern !== '*') $matching_folders = glob($pattern, GLOB_ONLYDIR + GLOB_MARK);
--
--    //Get just the files by removing the folders from the list of all files.
--    $all = array_values(array_diff($both,$folders));
--
--    if($recursivly or $get_folders) {
--        foreach ($folders as $this_folder) {
--            if($get_folders) {
--                //If a pattern is specified, make sure even the folders match that pattern.
--                if($pattern !== '*') {
--                    if(in_array($this_folder, $matching_folders)) array_push($all, $this_folder);
--                }
--                else array_push($all, $this_folder);
--            }
--
--            if($recursivly) {
--                // Continue calling this function for all the folders
--                $deep_items = ls($pattern, $this_folder, $recursivly, $options); # :RECURSION:
--                foreach ($deep_items as $item) {
--                    array_push($all, $this_folder . $item);
--                }
--            }
--        }
--    }
--
--    if($folder) chdir($current_folder);
--    return $all;
--}
--
--function gen_secret() {
--  # Generates a random 12 character alphanumeric string to use as a salt
--  mt_srand((double)microtime()*1000000);
--  $key = "";
--  for ($i=0; $i < 12; $i++) {
--    $c = mt_rand(0,2);
--    if ($c == 0) {
--      $key .= chr(mt_rand(65,90));
--    }
--    elseif ($c == 1) {
--      $key .= chr(mt_rand(97,122));
--    }
--    else {
--      $key .= chr(mt_rand(48,57));
--    }
--  }
--
--  return $key;
--}
--
--function checkPHP()
--{
--	return (version_compare("5.2.4",phpversion(), "<="));
--}
--
--function CheckGettext()
--{
--	return extension_loaded("gettext");
--}
--
--// Setup the translations for gettext
--function __($string)
--{
--	if (CheckGettext())
--	{
--		return _($string);
--	}
--	else
--	{
--		return $string;
--	}
--}
--
--function settings_strings() {
--global $settings_header;
--global $settings_footer;
--
--  $settings_header = <<<END
--<?php
--
--/*
-- * Xibo - Digital Signage - http://www.xibo.org.uk
-- *
-- * This file is part of Xibo - and is automatically generated by the installer
-- *
-- * You should not need to edit this file, unless your SQL connection details have changed.
-- */
--
--defined('XIBO') or die(__("Sorry, you are not allowed to directly access this page.") . "<br />" . __("Please press the back button in your browser."));
--
--global \$dbhost;
--global \$dbuser;
--global \$dbpass;
--global \$dbname;
--
--
--END;
--
--$settings_footer = <<<END
--?>
--END;
--
--  return;
--}
--?>
 === modified file 'server/install/database/46.php'
 --- server/install/database/46.php	2013-08-21 09:07:09 +0000
 +++ server/install/database/46.php	2014-03-29 13:09:24 +0000
@@ -1,7 +1,7 @@
  <?php
--include('lib/data/data.class.php');
--include('lib/data/campaign.data.class.php');
--include('lib/data/campaignsecurity.data.class.php');
++include_once('lib/data/data.class.php');
++include_once('lib/data/campaign.data.class.php');
++include_once('lib/data/campaignsecurity.data.class.php');
  class Step46 extends UpgradeStep
+ {
 === modified file 'server/install/database/66.sql'
 --- server/install/database/66.sql	2014-02-16 13:43:52 +0000
 +++ server/install/database/66.sql	2014-03-29 13:09:24 +0000
@@ -90,9 +90,9 @@
  `userChange`
+ )
  VALUES (
--NULL ,  'SETTING_IMPORT_ENABLED',  'Off',  'dropdown', NULL ,  'On|Off',  'general',  '0'
++NULL ,  'SETTING_IMPORT_ENABLED',  'On',  'dropdown', NULL ,  'On|Off',  'general',  '1'
  ), (
--NULL ,  'SETTING_LIBRARY_TIDY_ENABLED',  'Off',  'dropdown', NULL ,  'On|Off',  'general',  '0'
++NULL ,  'SETTING_LIBRARY_TIDY_ENABLED',  'On',  'dropdown', NULL ,  'On|Off',  'general',  '1'
  ), (
  NULL, 'SENDFILE_MODE', 'Off', 'dropdown', 'When a user downloads a file from the library or previews a layout, should we attempt to use Apache X-Sendfile, Nginx X-Accel, or PHP (Off) to return the file from the library?', 'Off|Apache|Nginx', 'general', '1');
 === added file 'server/install/database/67.sql'
 --- server/install/database/67.sql	1970-01-01 00:00:00 +0000
 +++ server/install/database/67.sql	2014-03-29 13:09:24 +0000
@@ -0,0 +1,30 @@
++ALTER TABLE  `module` ADD  `assignable` TINYINT NOT NULL DEFAULT  '1';
++
++INSERT INTO `module` (`ModuleID`, `Module`, `Name`, `Enabled`, `RegionSpecific`, `Description`, `ImageUri`, `SchemaVersion`, `ValidExtensions`, `PreviewEnabled`, `assignable`) VALUES (NULL, 'genericfile', 'Generic File', '1', '0', 'A generic file to be stored in the library', 'forms/library.gif', '1', 'apk,js,html,htm', '0', '0');
++
++ALTER TABLE  `media` CHANGE  `type`  `type` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;
++
++CREATE TABLE IF NOT EXISTS `lkmediadisplaygroup` (
++  `id` int(11) NOT NULL AUTO_INCREMENT,
++  `mediaid` int(11) NOT NULL,
++  `displaygroupid` int(11) NOT NULL,
++  PRIMARY KEY (`id`)
++) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COMMENT='File associations directly to Display Groups' AUTO_INCREMENT=1 ;
++
++ALTER TABLE `display` ADD `version_instructions` VARCHAR( 255 ) NULL,
++	ADD  `client_type` VARCHAR( 20 ) NULL ,
++	ADD  `client_version` VARCHAR( 5 ) NULL ,
++	ADD  `client_code` SMALLINT NULL;
++
++INSERT INTO `help` (`HelpID`, `Topic`, `Category`, `Link`) VALUES
++(1, 'DisplayGroup', 'FileAssociations', 'manual/single.php?p=admin/fileassociations');
++
++INSERT INTO `setting` (`settingid`, `setting`, `value`, `type`, `helptext`, `options`, `cat`, `userChange`)
++	VALUES
++		(NULL, 'PROXY_HOST', '', 'text', 'The Proxy URL', NULL, 'general', '1'),
++		(NULL, 'PROXY_PORT', '', 'text', 'The Proxy Port', NULL, 'general', '1'),
++		(NULL, 'PROXY_AUTH', '', 'text', 'The Authentication information for this proxy. username:password', NULL, 'general', '1');
++
++UPDATE `version` SET `app_ver` = '1.6.0', `XmdsVersion` = 3;
++UPDATE `setting` SET `value` = 0 WHERE `setting` = 'PHONE_HOME_DATE';
++UPDATE `version` SET `DBVersion` = '67';
 === modified file 'server/install/master/data.sql'
 --- server/install/master/data.sql	2014-02-16 13:43:52 +0000
 +++ server/install/master/data.sql	2014-03-29 13:09:24 +0000
@@ -1,5 +1,5 @@
  INSERT INTO `version` (`app_ver`, `XmdsVersion`, `XlfVersion`, `DBVersion`) VALUES
--('1.6.0-rc1', 3, 1, 66);
++('1.6.0', 3, 1, 67);
  INSERT INTO `group` (`groupID`, `group`, `IsUserSpecific`, `IsEveryone`) VALUES
  (1, 'Users', 0, 0),
@@ -83,7 +83,8 @@
  (77, 'Transition', 'Edit', 'manual/single.php?p=layout/transitions'),
  (78, 'User', 'SetPassword', 'manual/single.php?p=users/users#Set_Password'),
  (79, 'DataSet', 'ImportCSV', 'manual/single.php?p=content/content_dataset#Import_CSV'),
--(80, 'Statusdashboard', 'General', 'manual/single.php?p=coreconcepts/dashboard#Status_Dashboard');
++(80, 'DisplayGroup', 'FileAssociations', 'manual/single.php?p=admin/fileassociations'),
++(81, 'Statusdashboard', 'General', 'manual/single.php?p=coreconcepts/dashboard#Status_Dashboard');
  INSERT INTO `menu` (`MenuID`, `Menu`) VALUES
  (8, 'Administration Menu'),
@@ -107,7 +108,8 @@
  (10, 'Counter', 'Counter', 0, 1, 'Customer Counter connected to a Remote Control', 'forms/counter.gif', 1, NULL, 1),
  (11, 'datasetview', 'Data Set', 1, 1, 'A view on a DataSet', 'forms/datasetview.gif', 1, NULL, 1),
  (12, 'shellcommand', 'Shell Command', 1, 1, 'Execute a shell command on the client', 'forms/shellcommand.gif', 1, NULL, 1),
--(13, 'localvideo', 'Local Video', 0, 1, 'Play a video locally stored on the client', 'forms/video.gif', 1, NULL, 1);
++(13, 'localvideo', 'Local Video', 0, 1, 'Play a video locally stored on the client', 'forms/video.gif', 1, NULL, 1),
++(14, 'genericfile', 'Generic File', 1, 0, 'A generic file to be stored in the library', 'forms/library.gif', 1, 'apk,js,html,htm', 0, 0);
  INSERT INTO `pagegroup` (`pagegroupID`, `pagegroup`) VALUES
  (1, 'Schedule'),
@@ -258,7 +260,10 @@
  (67, 'SETTING_IMPORT_ENABLED', 'Off', 'dropdown', NULL , 'On|Off', 'general', '0'),
  (68, 'SETTING_LIBRARY_TIDY_ENABLED', 'Off', 'dropdown', NULL , 'On|Off', 'general', '0'),
  (69, 'SENDFILE_MODE', 'Off', 'dropdown', 'When a user downloads a file from the library or previews a layout, should we attempt to use Apache X-Sendfile, Nginx X-Accel, or PHP (Off) to return the file from the library?', 'Off|Apache|Nginx', 'general', '1'),
--(70, 'EMBEDDED_STATUS_WIDGET', '', 'text', 'HTML to embed in an iframe on the Status Dashboard' , NULL, 'general', '0');
++(70, 'EMBEDDED_STATUS_WIDGET', '', 'text', 'HTML to embed in an iframe on the Status Dashboard' , NULL, 'general', '0'),
++(71, 'PROXY_HOST', '', 'text', 'The Proxy URL' , NULL, 'general', '1'),
++(72, 'PROXY_PORT', '', 'text', 'The Proxy Port' , NULL, 'general', '1'),
++(73, 'PROXY_AUTH', '', 'text', 'The Authentication information for this proxy. username:password' , NULL, 'general', '1');
  INSERT INTO `usertype` (`usertypeid`, `usertype`) VALUES
  (1, 'Super Admin'),
 === modified file 'server/install/master/structure.sql'
 --- server/install/master/structure.sql	2014-02-12 18:11:45 +0000
 +++ server/install/master/structure.sql	2014-03-29 13:09:24 +0000
@@ -85,6 +85,10 @@
    `SecureOn` varchar(17) DEFAULT NULL,
    `Cidr` smallint(6) DEFAULT NULL,
    `GeoLocation` POINT NULL,
++  `version_instructions` varchar(255) NULL,
++  `client_type` VARCHAR( 20 ) NULL ,
++  `client_version` VARCHAR( 5 ) NULL ,
++  `client_code` SMALLINT NULL,
    PRIMARY KEY (`displayid`),
    KEY `defaultplaylistid` (`defaultlayoutid`)
  ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
@@ -303,7 +307,7 @@
  CREATE TABLE IF NOT EXISTS `media` (
    `mediaID` int(11) NOT NULL AUTO_INCREMENT,
    `name` varchar(100) NOT NULL,
--  `type` varchar(10) NOT NULL,
++  `type` varchar(15) NOT NULL,
    `duration` int(11) NOT NULL,
    `originalFilename` varchar(254) DEFAULT NULL,
    `storedAs` varchar(254) DEFAULT NULL COMMENT 'What has this media been stored as',
@@ -349,6 +353,7 @@
    `SchemaVersion` int(11) NOT NULL DEFAULT '1',
    `ValidExtensions` varchar(254) DEFAULT NULL,
    `PreviewEnabled` tinyint(4) NOT NULL DEFAULT '1',
++  `assignable` tinyint(4) NOT NULL DEFAULT '1',
    PRIMARY KEY (`ModuleID`)
  ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COMMENT='Functional Modules' AUTO_INCREMENT=14 ;
@@ -589,6 +594,14 @@
    `DataSetColumnType` varchar(100) NOT NULL
  ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
++
++CREATE TABLE IF NOT EXISTS `lkmediadisplaygroup` (
++  `id` int(11) NOT NULL AUTO_INCREMENT,
++  `mediaid` int(11) NOT NULL,
++  `displaygroupid` int(11) NOT NULL,
++  PRIMARY KEY (`id`)
++) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COMMENT='File associations directly to Display Groups' AUTO_INCREMENT=1 ;
++
  --
  -- Constraints for dumped tables
  --
 === modified file 'server/lib/app/kit.class.php'
 --- server/lib/app/kit.class.php	2014-02-15 11:25:09 +0000
 +++ server/lib/app/kit.class.php	2014-03-29 13:09:24 +0000
@@ -34,6 +34,7 @@
  define('_BOOLEAN', "bool");
  define('_WORD', "word");
  define('_ARRAY', "array");
++define('_ARRAY_INT', "array_int");
  define('_USERNAME', "username");
  define('_CHECKBOX', "checkbox");
  define('_FILENAME', "filename");
@@ -77,7 +78,7 @@
  	 * @param $type Object[optional]
  	 * @param $default Object[optional]
  	 */
--	static public function GetParam($param, $source = _POST, $type = _STRING, $default = '')
++	static public function GetParam($param, $source = _POST, $type = _STRING, $default = '', $sanitize = true)
+ 	{
  		// lower case param (we dont care)
  		$param = strtolower($param);
@@ -204,7 +205,7 @@
+ 		}
  		// Validate this param
--		return Kit::ValidateParam($return, $type);
++		return Kit::ValidateParam($return, $type, $sanitize);
+ 	}
  	/**
@@ -214,9 +215,13 @@
  	 * @param $param Object
  	 * @param $type Object
  	 */
--	static function ValidateParam($param, $type)
++	static function ValidateParam($param, $type, $sanitize = true)
+ 	{
--		// If we are a NULL always return a null
++		// If we are a NULL always return a null??
++		//if ($param == NULL || $param == '')
++		//	return NULL;
++
++		// Store in return var
  		$return = $param;
  		// Validate
@@ -224,30 +229,35 @@
  		switch ($type)
+ 		{
  			case _INT :
--				// Only use the first integer value
--				if ($return == '')
--					return 0;
--
--				if (preg_match('/-?[0-9]+/', $return, $matches) == 0)
--                                    trigger_error(sprintf(__('No integer match found for %s, and return value is not an int'), $param), E_USER_ERROR);
--
--				$return = @ (int) $matches[0];
++
++				if ($sanitize) {
++					// Only use the first integer value
++					if (!$return = filter_var($return, FILTER_SANITIZE_NUMBER_INT))
++						$return = 0;
++				}
++				else {
++					if (!$return = filter_var($return, FILTER_VALIDATE_INT))
++						trigger_error(sprintf(__('No integer match found for [%s] and return value is not an integer'), $param), E_USER_ERROR);
++				}
++
  				break;
  			case _DOUBLE :
--				if ($return == '')
--				{
--					$return = 0;
--					break;
--				}
--				// Only use the first floating point value
--				@ preg_match('/-?[0-9]+(\.[0-9]+)?/', $return, $matches);
--				$return = @ (float) $matches[0];
++				if ($sanitize) {
++					// Only use the first integer value
++					if (!$return = filter_var($return, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION))
++						$return = 0;
++				}
++				else {
++					if (!$return = filter_var($return, FILTER_VALIDATE_FLOAT, FILTER_FLAG_ALLOW_FRACTION))
++						trigger_error(sprintf(__('No integer match found for %s, and return value is not an integer'), $param), E_USER_ERROR);
++				}
++
  				break;
  			case _BOOL :
--				$return = (bool) $return;
++				$return = filter_var($return, FILTER_VALIDATE_BOOLEAN);
  				break;
  			case _ARRAY :
@@ -259,67 +269,55 @@
  				if (!is_array($return))
+ 				{
--					$return = array ($return);
++					$return = array($return);
++				}
++				break;
++
++			case _ARRAY_INT:
++
++				if ($return == '') {
++					$return = array();
++				}
++				else {
++					if ($sanitize) {
++						// Only use the first integer value
++						if (!$return = filter_var_array($return, FILTER_SANITIZE_NUMBER_INT))
++							$return = array();
++					}
++					else {
++						if (!$return = filter_var_array($return, FILTER_VALIDATE_INT))
++							trigger_error(sprintf(__('No integer found for %s, and return value is not an integer'), $param), E_USER_ERROR);
++					}
+ 				}
  				break;
  			case _STRING :
--				if ($return == '')
--				{
--					$return = '';
--					break;
--				}
--
--				$return = preg_replace('/&#(\d+);/me', "chr(\\1)", $return); // decimal notation
--				// convert hex
--				$return = preg_replace('/&#x([a-f0-9]+);/mei', "chr(0x\\1)", $return); // hex notation
--				$return = htmlspecialchars($return);
--				$return = (string) $return;
--				break;
--
  			case _PASSWORD :
--				if ($return == '')
--				{
--					$return = '';
--					break;
--				}
--
--				$return = preg_replace('/&#(\d+);/me', "chr(\\1)", $return); // decimal notation
--				// convert hex
--				$return = preg_replace('/&#x([a-f0-9]+);/mei', "chr(0x\\1)", $return); // hex notation
--				$return = (string) $return;
++				$return = filter_var($return, FILTER_SANITIZE_STRING);
  				break;
  			case _HTMLSTRING :
--				if ($return == '')
--				{
--					$return = '';
--					break;
--				}
--				$return = preg_replace('/&#(\d+);/me', "chr(\\1)", $return); // decimal notation
++				// decimal notation
++				$return = preg_replace_callback('/&#(\d+);/m', function($m){
++				    return chr($m[1]);
++				}, $return);
++
  				// convert hex
--				$return = preg_replace('/&#x([a-f0-9]+);/mei', "chr(0x\\1)", $return); // hex notation
++				$return = preg_replace_callback('/&#x([a-f0-9]+);/mi', function($m){
++				    return chr("0x".$m[1]);
++				}, $return);
++
  				$return = (string) $return;
  				break;
  			case _WORD :
--				if ($return == '')
--				{
--					$return = '';
--					break;
--				}
--
++				$return = filter_var($return, FILTER_SANITIZE_STRING);
  				$return = (string) preg_replace( '/[^A-Z_\-]/i', '', $return );
  				break;
  			case _USERNAME :
--				if ($return == '')
--				{
--					$return = '';
--					break;
--				}
--
++				$return = filter_var($return, FILTER_SANITIZE_STRING);
  				$return = (string) preg_replace( '/[\x00-\x1F\x7F<>"\'%&]/', '', $return );
  				$return	= strtolower($return);
  				break;
@@ -353,6 +351,9 @@
  			default :
  				// No casting necessary
++				if (!$sanitize)
++					trigger_error(sprintf(__('Unknown Type %s'), $type), E_USER_ERROR);
++
  				break;
+ 		}
@@ -629,5 +630,9 @@
  		return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
+ 	}
++
++	public static function uniqueId() {
++		return uniqid(rand());
++	}
+ }
  ?>
 === modified file 'server/lib/app/modulemanager.class.php'
 --- server/lib/app/modulemanager.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/app/modulemanager.class.php	2014-03-29 13:09:24 +0000
@@ -1,7 +1,7 @@
  <?php
  /*
   * Xibo - Digital Signage - http://www.xibo.org.uk
-- * Copyright (C) 2006-2012 Daniel Garner
++ * Copyright (C) 2006-2014 Daniel Garner
+  *
   * This file is part of Xibo.
+  *
@@ -22,84 +22,84 @@
  class ModuleManager
+ {
--	private $db;
--	private $user;
--
--	public $message;
--
--	private $theMenu;
--	private $current;
--	private $numberItems;
--
--	/**
--	 * Constructs the Module Manager.
--	 * @return
--	 * @param $db Object
--	 * @param $user Object
--	 */
--	public function __construct(database $db, User $user, $regionSpecific = -1, $module = '')
--	{
--		$this->db 		=& $db;
--		$this->user 	=& $user;
--
--		if (!$this->theMenu = $user->ModuleAuth($regionSpecific, $module))
--		{
--			$this->message = 'No enabled modules.';
--			return false;
--		}
--
--		// Set some information about this menu
--		$this->current = 0;
--		$this->numberItems = count($this->theMenu);
--
--		// We dont want to do 0 items
--		if ($this->numberItems == 0) $this->numberItems = -1;
--
--		$this->message = $this->numberItems . ' modules loaded';
--
--		return true;
--	}
--
--	/**
--	 * Returns the internal message
--	 * @return
--	 */
--	public function GetMessage()
--	{
--		return $this->message;
--	}
--
--	/**
--	 * Gets the next menu item in the queue
--	 * @return
--	 */
--	public function GetNextModule()
--	{
--		if (!$item = $this->GetModule($this->current))
--		{
--			$message = 'No more modules.';
--			return false;
--		}
--
--		$this->current++;
--
--		return $item;
--	}
--
--	/**
--	 * Gets the menu item at position i
--	 * @return
--	 * @param $i Object
--	 */
--	public function GetModule($i)
--	{
--		if ($i >= $this->numberItems)
--		{
--			$this->message = 'There are only ' . $this->numberItems . ' modules.';
--			return false;
--		}
--
--		return $this->theMenu[$i];
--	}
++    private $db;
++    private $user;
++
++    public $message;
++
++    private $theMenu;
++    private $current;
++    private $numberItems;
++
++    /**
++     * Constructs the Module Manager.
++     * @return
++     * @param $db Object
++     * @param $user Object
++     */
++    public function __construct(database $db, User $user, $regionSpecific = -1, $module = '', $assignable = 1)
++    {
++        $this->db       =& $db;
++        $this->user     =& $user;
++
++        if (!$this->theMenu = $user->ModuleAuth($regionSpecific, $module, $assignable))
++        {
++            $this->message = 'No enabled modules.';
++            return false;
++        }
++
++        // Set some information about this menu
++        $this->current = 0;
++        $this->numberItems = count($this->theMenu);
++
++        // We dont want to do 0 items
++        if ($this->numberItems == 0) $this->numberItems = -1;
++
++        $this->message = $this->numberItems . ' modules loaded';
++
++        return true;
++    }
++
++    /**
++     * Returns the internal message
++     * @return
++     */
++    public function GetMessage()
++    {
++        return $this->message;
++    }
++
++    /**
++     * Gets the next menu item in the queue
++     * @return
++     */
++    public function GetNextModule()
++    {
++        if (!$item = $this->GetModule($this->current))
++        {
++            $message = 'No more modules.';
++            return false;
++        }
++
++        $this->current++;
++
++        return $item;
++    }
++
++    /**
++     * Gets the menu item at position i
++     * @return
++     * @param $i Object
++     */
++    public function GetModule($i)
++    {
++        if ($i >= $this->numberItems)
++        {
++            $this->message = 'There are only ' . $this->numberItems . ' modules.';
++            return false;
++        }
++
++        return $this->theMenu[$i];
++    }
+ }
  ?>
 === modified file 'server/lib/app/pagemanager.class.php'
 --- server/lib/app/pagemanager.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/app/pagemanager.class.php	2014-03-29 13:09:24 +0000
@@ -1,7 +1,7 @@
  <?php
  /*
   * Xibo - Digital Signage - http://www.xibo.org.uk
-- * Copyright (C) 2006-2013 Daniel Garner
++ * Copyright (C) 2006-2014 Daniel Garner
+  *
   * This file is part of Xibo.
+  *
@@ -52,7 +52,7 @@
          $this->q = Kit::GetParam('q', _REQUEST, _WORD);
          $this->userid = $this->user->userid;
--        // Default not authourised
++        // Default not authorised
          $this->authed = false;
          // Create a theme
@@ -94,11 +94,13 @@
          $user 	=& $this->user;
          if (!$this->authed)
--        {
--            // Output some message to say that we are not authed
--            trigger_error(__('You do not have permission to access this page.'), E_USER_ERROR);
--            exit;
--        }
++            throw new Exception(__('You do not have permission to access this page.'));
++
++        // Check the requested pages exits before trying to load it
++        //   this check should be redundant, because the page should have been validated against the pages in the DB first.
++        //   do it just in case...
++        if (!file_exists($this->path))
++            throw new Exception(__('The requested page does not exist'));
          // Load the file in question
          if (!class_exists($this->page))
 === modified file 'server/lib/app/thememanager.class.php'
 --- server/lib/app/thememanager.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/app/thememanager.class.php	2014-03-29 13:09:24 +0000
@@ -173,15 +173,18 @@
  			$return = null;
  		else
  			$return = $theme->vars[$key];
--
++
  		if ($key == 'form_meta') {
  			// Append a token to the end
  			$return = $return . Kit::Token();
+ 		}
--
  		return $return;
+ 	}
++	public static function Prepare($string) {
++		return htmlspecialchars($string);
++	}
++
  	public static function SetPagename($pageName) {
  		Theme::GetInstance()->pageName = $pageName;
+ 	}
 === modified file 'server/lib/data/display.data.class.php'
 --- server/lib/data/display.data.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/data/display.data.class.php	2014-03-29 13:09:24 +0000
@@ -321,12 +321,17 @@
+ 	}
  	/**
--	 * Sets the information required on the display to indicate
--	 * that it is still logged in
--	 * @return
--	 * @param $license Object
--	 */
--	public function Touch($license, $clientAddress = '', $mediaInventoryComplete = 0, $mediaInventoryXml = '', $macAddress = '')
++     * Sets the information required on the display to indicate that it is still logged in
++     * @param string  $license                The display licence key
++     * @param string  $clientAddress          The client IP address
++     * @param integer $mediaInventoryComplete The Media Inventory Status
++     * @param string  $mediaInventoryXml      The Media Inventory XML
++     * @param string  $macAddress             The Client Mac Address
++     * @param string  $clientType             The Client Type
++     * @param string  $clientVersion          The Client Version
++     * @param integer $clientCode             The Client Version Code
++     */
++	public function Touch($license, $clientAddress = '', $mediaInventoryComplete = 0, $mediaInventoryXml = '', $macAddress = '', $clientType = '', $clientVersion = '', $clientCode = 0)
+ 	{
  		Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Touch');
@@ -359,6 +364,22 @@
                  $params['mediainventoryxml'] = $mediaInventoryXml;
+             }
++            // Client information if present
++            if ($clientType != '') {
++                $SQL .= " , client_type = :client_type ";
++                $params['client_type'] = $clientType;
++            }
++
++            if ($clientVersion != '') {
++                $SQL .= " , client_version = :client_version ";
++                $params['client_version'] = $clientVersion;
++            }
++
++            if ($clientCode != '') {
++                $SQL .= " , client_code = :client_code ";
++                $params['client_code'] = $clientCode;
++            }
++
              // Mac address storage
              if ($macAddress != '')
+             {
@@ -402,7 +423,7 @@
       * Flags a display as being incomplete
       * @param <type> $displayId
       */
--    private function FlagIncomplete($displayId)
++    public function FlagIncomplete($displayId)
+     {
          Debug::LogEntry('audit', sprintf('Flag DisplayID %d incomplete.', $displayId), 'display', 'NotifyDisplays');
@@ -508,6 +529,37 @@
+         }
+     }
++    public function SetVersionInstructions($displayId, $mediaId, $storedAs) {
++        Debug::LogEntry('audit', 'IN', get_class(), __FUNCTION__);
++
++        try {
++            $dbh = PDOConnect::init();
++
++            // Set the instructions
++            $version_instructions = array();
++            $version_instructions['id'] = $mediaId;
++            $version_instructions['file'] = $storedAs;
++
++            $sth = $dbh->prepare('UPDATE `display` SET version_instructions = :version_instructions WHERE displayid = :displayid');
++            $sth->execute(array(
++                    'displayid' => $displayId,
++                    'version_instructions' => json_encode($version_instructions)
++                ));
++
++            return true;
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
++
++            if (!$this->IsError())
++                $this->SetError(1, __('Unknown Error'));
++
++            return false;
++        }
++
++    }
++
      /**
       * Wake this display using a WOL command
       * @param <int> $displayId
@@ -560,11 +612,11 @@
      /**
       * Wake On Lan Script
       *  // Version: 2
--        // Author of this application:
--        //	DS508_customer (http://www.synology.com/enu/forum/memberlist.php?mode=viewprofile&u=12636)
--        //	Please inform the author of any suggestions on (the functionality, graphical design, ... of) this application.
--        //	More info: http://wolviaphp.sourceforge.net
--        // License: GPLv2.0
++     *  // Author of this application:
++     *  //	DS508_customer (http://www.synology.com/enu/forum/memberlist.php?mode=viewprofile&u=12636)
++     *  //	Please inform the author of any suggestions on (the functionality, graphical design, ... of) this application.
++     *  //	More info: http://wolviaphp.sourceforge.net
++     *  // License: GPLv2.0
+      *
       * Modified for use with the Xibo project by Dan Garner.
       */
 === modified file 'server/lib/data/displaygroup.data.class.php'
 --- server/lib/data/displaygroup.data.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/data/displaygroup.data.class.php	2014-03-29 13:09:24 +0000
@@ -1,7 +1,7 @@
  <?php
  /*
   * Xibo - Digital Signage - http://www.xibo.org.uk
-- * Copyright (C) 2009-13 Daniel Garner
++ * Copyright (C) 2009-14 Daniel Garner
+  *
   * This file is part of Xibo.
+  *
@@ -22,36 +22,36 @@
  class DisplayGroup extends Data
+ {
--	public function __construct(database $db)
--	{
--		include_once('lib/data/schedule.data.class.php');
--		include_once('lib/data/displaygroupsecurity.data.class.php');
--
--		parent::__construct($db);
--	}
--
--	/**
--	 * Adds a Display Group to Xibo
--	 * @return
--	 * @param $displayGroup string
--	 * @param $isDisplaySpecific int
--	 * @param $description string[optional]
--	 */
--	public function Add($displayGroup, $isDisplaySpecific, $description = '')
--	{
--		Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Add');
++    public function __construct(database $db)
++    {
++        include_once('lib/data/schedule.data.class.php');
++        include_once('lib/data/displaygroupsecurity.data.class.php');
++
++        parent::__construct($db);
++    }
++
++    /**
++     * Adds a Display Group to Xibo
++     * @return
++     * @param $displayGroup string
++     * @param $isDisplaySpecific int
++     * @param $description string[optional]
++     */
++    public function Add($displayGroup, $isDisplaySpecific, $description = '')
++    {
++        Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Add');
--		try {
++        try {
              $dbh = PDOConnect::init();
--			// Validation
--			if ($displayGroup == '')
--				$this->ThrowError(__('Please enter a display group name'));
--
--			if (strlen($description) > 254)
--				$this->ThrowError(__("Description can not be longer than 254 characters"));
++            // Validation
++            if ($displayGroup == '')
++                $this->ThrowError(__('Please enter a display group name'));
++
++            if (strlen($description) > 254)
++                $this->ThrowError(__("Description can not be longer than 254 characters"));
--			$sth = $dbh->prepare('SELECT DisplayGroup FROM displaygroup WHERE DisplayGroup = :displaygroup AND IsDisplaySpecific = 0');
++            $sth = $dbh->prepare('SELECT DisplayGroup FROM displaygroup WHERE DisplayGroup = :displaygroup AND IsDisplaySpecific = 0');
              $sth->execute(array(
                      'displaygroup' => $displayGroup
                  ));
@@ -59,10 +59,10 @@
              if ($row = $sth->fetch())
                  $this->ThrowError(25004, sprintf(__('You already own a display group called "%s". Please choose another name.'), $displayGroup));
--			// End Validation
--
--			// Insert the display group
--			$sth = $dbh->prepare('INSERT INTO displaygroup (DisplayGroup, IsDisplaySpecific, Description) VALUES (:displaygroup, :isdisplayspecific, :description)');
++            // End Validation
++
++            // Insert the display group
++            $sth = $dbh->prepare('INSERT INTO displaygroup (DisplayGroup, IsDisplaySpecific, Description) VALUES (:displaygroup, :isdisplayspecific, :description)');
              $sth->execute(array(
                      'displaygroup' => $displayGroup,
                      'isdisplayspecific' => $isDisplaySpecific,
@@ -70,11 +70,11 @@
                  ));
              $displayGroupID = $dbh->lastInsertId();
--
--			Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Add');
++
++            Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Add');
--			return $displayGroupID;
--		}
++            return $displayGroupID;
++        }
          catch (Exception $e) {
              Debug::LogEntry('error', $e->getMessage());
@@ -84,33 +84,33 @@
              return false;
+         }
--	}
--
--	/**
--	 * Edits an existing Xibo Display Group
--	 * @return
--	 * @param $displayGroupID Object
--	 * @param $displayGroup Object
--	 * @param $description Object
--	 */
--	public function Edit($displayGroupID, $displayGroup, $description)
--	{
--		Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Edit');
++    }
++
++    /**
++     * Edits an existing Xibo Display Group
++     * @return
++     * @param $displayGroupID Object
++     * @param $displayGroup Object
++     * @param $description Object
++     */
++    public function Edit($displayGroupID, $displayGroup, $description)
++    {
++        Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Edit');
--		try {
++        try {
              $dbh = PDOConnect::init();
--			// Validation
--			if ($displayGroupID == 0)
--				$this->ThrowError(__('No Display Group Selected'));
--
--			if ($displayGroup == '')
--				$this->ThrowError(__('Please enter a display group name'));
--
--			if (strlen($description) > 254)
--				$this->ThrowError(__("Description can not be longer than 254 characters"));
++            // Validation
++            if ($displayGroupID == 0)
++                $this->ThrowError(__('No Display Group Selected'));
++
++            if ($displayGroup == '')
++                $this->ThrowError(__('Please enter a display group name'));
++
++            if (strlen($description) > 254)
++                $this->ThrowError(__("Description can not be longer than 254 characters"));
--			$sth = $dbh->prepare('SELECT DisplayGroup FROM displaygroup WHERE DisplayGroup = :displaygroup AND IsDisplaySpecific = 0 AND DisplayGroupID <> :displaygroupid');
++            $sth = $dbh->prepare('SELECT DisplayGroup FROM displaygroup WHERE DisplayGroup = :displaygroup AND IsDisplaySpecific = 0 AND DisplayGroupID <> :displaygroupid');
              $sth->execute(array(
                      'displaygroup' => $displayGroup,
                      'displaygroupid' => $displayGroupID
@@ -118,21 +118,21 @@
              if ($row = $sth->fetch())
                  $this->ThrowError(25004, sprintf(__('You already own a display group called "%s". Please choose another name.'), $displayGroup));
--
--			// End Validation
--
--			// Update the DisplayGroup
--			$sth = $dbh->prepare('UPDATE displaygroup SET DisplayGroup = :displaygroup, Description = :description WHERE DisplayGroupID = :displaygroupid');
++
++            // End Validation
++
++            // Update the DisplayGroup
++            $sth = $dbh->prepare('UPDATE displaygroup SET DisplayGroup = :displaygroup, Description = :description WHERE DisplayGroupID = :displaygroupid');
              $sth->execute(array(
                      'displaygroup' => $displayGroup,
                      'description' => $description,
                      'displaygroupid' => $displayGroupID
                  ));
--
--			Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Edit');
--
--			return true;
--		}
++
++            Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Edit');
++
++            return true;
++        }
          catch (Exception $e) {
              Debug::LogEntry('error', $e->getMessage());
@@ -142,36 +142,36 @@
              return false;
+         }
--	}
--
--	/**
--	 * Deletes an Xibo Display Group
--	 * @return
--	 * @param $displayGroupID Object
--	 */
--	public function Delete($displayGroupID)
--	{
--		Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Delete');
++    }
++
++    /**
++     * Deletes an Xibo Display Group
++     * @return
++     * @param $displayGroupID Object
++     */
++    public function Delete($displayGroupID)
++    {
++        Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Delete');
          try {
              $dbh = PDOConnect::init();
              // Tidy up the schedule detail records.
              $schedule = new Schedule($this->db);
--
++
              if (!$schedule->DeleteScheduleForDisplayGroup($displayGroupID))
                  throw new Exception('Unable to DeleteScheduleForDisplayGroup');
              // Delete the Display Group
--           	$sth = $dbh->prepare('DELETE FROM displaygroup WHERE DisplayGroupID = :displaygroupid');
++            $sth = $dbh->prepare('DELETE FROM displaygroup WHERE DisplayGroupID = :displaygroupid');
              $sth->execute(array(
                      'displaygroupid' => $displayGroupID
                  ));
--			Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Delete');
--
--			return true;
--		}
++            Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Delete');
++
++            return true;
++        }
          catch (Exception $e) {
              Debug::LogEntry('error', $e->getMessage());
@@ -181,47 +181,54 @@
              return false;
+         }
--	}
--
--	/**
--	 * Deletes all Display Group records associated with a display.
--	 * @return
--	 * @param $displayID Object
--	 */
--	public function DeleteDisplay($displayID)
--	{
--		try {
++    }
++
++    /**
++     * Deletes all Display Group records associated with a display.
++     * @return
++     * @param $displayID Object
++     */
++    public function DeleteDisplay($displayID)
++    {
++        Kit::ClassLoader('lkmediadisplaygroup');
++
++        try {
              $dbh = PDOConnect::init();
--
--			// Get the DisplaySpecific Group for this Display
--			$SQL  = "";
--			$SQL .= "SELECT displaygroup.DisplayGroupID ";
--			$SQL .= "FROM   displaygroup ";
--			$SQL .= "       INNER JOIN lkdisplaydg ";
--			$SQL .= "       ON     lkdisplaydg.DisplayGroupID = displaygroup.DisplayGroupID ";
--			$SQL .= "WHERE  displaygroup.IsDisplaySpecific = 1 ";
--			$SQL .= "	AND lkdisplaydg.DisplayID = :displayid";
++
++            // Get the DisplaySpecific Group for this Display
++            $SQL  = "";
++            $SQL .= "SELECT displaygroup.DisplayGroupID ";
++            $SQL .= "FROM   displaygroup ";
++            $SQL .= "       INNER JOIN lkdisplaydg ";
++            $SQL .= "       ON     lkdisplaydg.DisplayGroupID = displaygroup.DisplayGroupID ";
++            $SQL .= "WHERE  displaygroup.IsDisplaySpecific = 1 ";
++            $SQL .= "   AND lkdisplaydg.DisplayID = :displayid";
--			$sth = $dbh->prepare($SQL);
++            $sth = $dbh->prepare($SQL);
              $sth->execute(array(
                      'displayid' => $displayID
                  ));
              if (!$row = $sth->fetch())
                  $this->ThrowError(25005, __('Unable to get the DisplayGroup for this Display'));
--
--			// Get the Display Group ID
--			$displayGroupID	= Kit::ValidateParam($row['DisplayGroupID'], _INT);
--
--			// If there is no region specific display record... what do we do?
++
++            // Get the Display Group ID
++            $displayGroupID = Kit::ValidateParam($row['DisplayGroupID'], _INT);
++
++            // If there is no region specific display record... what do we do?
              if ($displayGroupID == 0)
--            	$this->ThrowError(25005, __('Unable to get the DisplayGroup for this Display'));
--
++                $this->ThrowError(25005, __('Unable to get the DisplayGroup for this Display'));
++
              // Delete the Schedule for this Display Group
              $scheduleObject = new Schedule($this->db);
              if (!$scheduleObject->DeleteScheduleForDisplayGroup($displayGroupID))
--            	$this->ThrowError(25006, __('Unable to delete Schedule records for this DisplayGroup.'));
++                $this->ThrowError(25006, __('Unable to delete Schedule records for this DisplayGroup.'));
++
++            // Drop all current assignments
++            $link = new LkMediaDisplayGroup($this->db);
++            if (!$link->UnlinkAllFromDisplayGroup($displayGroupId))
++                $this->ThrowError(__('Unable to drop file assignments during display delete.'));
              // Unlink all Display Groups from this Display
              $sth = $dbh->prepare('DELETE FROM lkdisplaydg WHERE DisplayID = :displayid');
@@ -240,8 +247,8 @@
                  // An error will already be set - so just drop out
                  throw new Exception('Unable to delete');
--			return true;
--		}
++            return true;
++        }
          catch (Exception $e) {
              Debug::LogEntry('error', $e->getMessage());
@@ -251,48 +258,48 @@
              return false;
+         }
--	}
--
--	/**
--	 * Links a Display to a Display Group
--	 * @return
--	 * @param $displayGroupID Object
--	 * @param $displayID Object
--	 */
--	public function Link($displayGroupID, $displayID)
--	{
--		Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Link');
--
--		try {
++    }
++
++    /**
++     * Links a Display to a Display Group
++     * @return
++     * @param $displayGroupID Object
++     * @param $displayID Object
++     */
++    public function Link($displayGroupID, $displayID)
++    {
++        Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Link');
++
++        try {
              $dbh = PDOConnect::init();
--
--			$sth = $dbh->prepare('INSERT INTO lkdisplaydg (DisplayGroupID, DisplayID) VALUES (:displaygroupid, :displayid)');
++
++            $sth = $dbh->prepare('INSERT INTO lkdisplaydg (DisplayGroupID, DisplayID) VALUES (:displaygroupid, :displayid)');
              $sth->execute(array(
                      'displaygroupid' => $displayGroupID,
                      'displayid' => $displayID
                  ));
--			Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Link');
--
--			return true;
--		}
++            Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Link');
++
++            return true;
++        }
          catch (Exception $e) {
              Debug::LogEntry('error', $e->getMessage());
              return $this->SetError(25005, __('Could not Link Display Group to Display'));
+         }
--	}
--
--	/**
--	 * Unlinks a Display from a Display Group
--	 * @return
--	 * @param $displayGroupID Object
--	 * @param $displayID Object
--	 */
--	public function Unlink($displayGroupID, $displayID)
--	{
--		Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Unlink');
--
--		try {
++    }
++
++    /**
++     * Unlinks a Display from a Display Group
++     * @return
++     * @param $displayGroupID Object
++     * @param $displayID Object
++     */
++    public function Unlink($displayGroupID, $displayID)
++    {
++        Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'Unlink');
++
++        try {
              $dbh = PDOConnect::init();
              $sth = $dbh->prepare('DELETE FROM lkdisplaydg WHERE DisplayGroupID = :displaygroupid AND DisplayID = :displayid');
@@ -301,75 +308,75 @@
                      'displayid' => $displayID
                  ));
--			Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Unlink');
--
--			return true;
--		}
++            Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'Unlink');
++
++            return true;
++        }
          catch (Exception $e) {
              Debug::LogEntry('error', $e->getMessage());
              return $this->SetError(25007, __('Could not Unlink Display Group from Display'));
+         }
--	}
--
--	/**
--	 * Edits the Display Group associated with a Display
--	 * @return
--	 * @param $displayID Object
--	 * @param $display Object
--	 */
--	public function EditDisplayGroup($displayID, $display)
--	{
--		Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'EditDisplayGroup');
--
--		try {
++    }
++
++    /**
++     * Edits the Display Group associated with a Display
++     * @return
++     * @param $displayID Object
++     * @param $display Object
++     */
++    public function EditDisplayGroup($displayID, $display)
++    {
++        Debug::LogEntry('audit', 'IN', 'DisplayGroup', 'EditDisplayGroup');
++
++        try {
              $dbh = PDOConnect::init();
--			// Get the DisplayGroupID for this DisplayID
--			$SQL  = "";
--			$SQL .= "SELECT displaygroup.DisplayGroupID ";
--			$SQL .= "FROM   displaygroup ";
--			$SQL .= "       INNER JOIN lkdisplaydg ";
--			$SQL .= "       ON     lkdisplaydg.DisplayGroupID = displaygroup.DisplayGroupID ";
--			$SQL .= "WHERE  displaygroup.IsDisplaySpecific = 1 ";
--			$SQL .= "   AND lkdisplaydg.DisplayID = :displayid";
--
--			$sth = $dbh->prepare($SQL);
++            // Get the DisplayGroupID for this DisplayID
++            $SQL  = "";
++            $SQL .= "SELECT displaygroup.DisplayGroupID ";
++            $SQL .= "FROM   displaygroup ";
++            $SQL .= "       INNER JOIN lkdisplaydg ";
++            $SQL .= "       ON     lkdisplaydg.DisplayGroupID = displaygroup.DisplayGroupID ";
++            $SQL .= "WHERE  displaygroup.IsDisplaySpecific = 1 ";
++            $SQL .= "   AND lkdisplaydg.DisplayID = :displayid";
++
++            $sth = $dbh->prepare($SQL);
              $sth->execute(array(
                      'displayid' => $displayID
                  ));
              if (!$row = $sth->fetch())
                  $this->ThrowError(25005, __('Unable to get the DisplayGroup for this Display'));
--
--			// Get the Display Group ID
--			$displayGroupID	= Kit::ValidateParam($row['DisplayGroupID'], _INT);
--
--			// If there is no region specific display record... what do we do?
++
++            // Get the Display Group ID
++            $displayGroupID = Kit::ValidateParam($row['DisplayGroupID'], _INT);
++
++            // If there is no region specific display record... what do we do?
              if ($displayGroupID == 0) {
--				// We should always have 1 display specific DisplayGroup for a display.
--				// Do we a) Error here and give up?
--				//		 b) Create one and link it up?
--				// $this->SetError(25006, __('Unable to get the DisplayGroup for this Display'));
--
--				if (!$displayGroupID = $this->Add($display, 1))
--					$this->ThrowError(25001, __('Could not add a display group for the new display.'));
--
--				// Link the Two together
--				if (!$this->Link($displayGroupID, $displayID))
--					$this->ThrowError(25001, __('Could not link the new display with its group.'));
--			}
--
--			// Update the Display group name
--			$sth = $dbh->prepare('UPDATE displaygroup SET DisplayGroup = :displaygroup WHERE  DisplayGroupID = :displaygroupid');
++                // We should always have 1 display specific DisplayGroup for a display.
++                // Do we a) Error here and give up?
++                //       b) Create one and link it up?
++                // $this->SetError(25006, __('Unable to get the DisplayGroup for this Display'));
++
++                if (!$displayGroupID = $this->Add($display, 1))
++                    $this->ThrowError(25001, __('Could not add a display group for the new display.'));
++
++                // Link the Two together
++                if (!$this->Link($displayGroupID, $displayID))
++                    $this->ThrowError(25001, __('Could not link the new display with its group.'));
++            }
++
++            // Update the Display group name
++            $sth = $dbh->prepare('UPDATE displaygroup SET DisplayGroup = :displaygroup WHERE  DisplayGroupID = :displaygroupid');
              $sth->execute(array(
                      'displaygroupid' => $displayGroupID,
                      'displaygroup' => $display
                  ));
--
--			Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'EditDisplayGroup');
--
--			return true;
--		}
++
++            Debug::LogEntry('audit', 'OUT', 'DisplayGroup', 'EditDisplayGroup');
++
++            return true;
++        }
          catch (Exception $e) {
              Debug::LogEntry('error', $e->getMessage());
@@ -379,8 +386,8 @@
              return false;
+         }
--	}
--
++    }
++
      /**
       * DEPRICATED: Removed in 1.2.0. Sets the Default Layout on display linked groups
       * @return
@@ -389,10 +396,104 @@
       */
      public function SetDefaultLayout($displayID, $layoutID)
+     {
--        $db	=& $this->db;
--
          Debug::LogEntry('audit', 'Depricated method called.', 'DisplayGroup', 'SetDefaultLayout');
          return true;
+     }
++
++    /**
++     * Associate the list of provided media with this display group
++     * @param user $user           The logged in user
++     * @param int $displayGroupId The Display Group to Assign to
++     * @param array $mediaList      The Media to Assign
++     */
++    public function AssociateFiles($user, $displayGroupId, $mediaList) {
++        Debug::LogEntry('audit', 'IN', get_class(), __FUNCTION__);
++
++        Kit::ClassLoader('lkmediadisplaygroup');
++        $link = new LkMediaDisplayGroup($this->db);
++
++        try {
++            $dbh = PDOConnect::init();
++
++            // Check that some media assignments have been made
++            if (count($mediaList) == 0)
++                $this->ThrowError(25006, __('No media to assign'));
++
++            // Drop all current assignments
++            if (!$link->UnlinkAllFromDisplayGroup($displayGroupId))
++                $this->ThrowError(__('Unable to make this assignment during preparation.'));
++
++            // Loop through all the media
++            foreach ($mediaList as $mediaId)
++            {
++                $mediaId = Kit::ValidateParam($mediaId, _INT);
++
++                // Check we have permissions to use this media (we will use this to copy the media later)
++                $mediaAuth = $user->MediaAuth($mediaId, true);
++
++                if (!$mediaAuth->view)
++                    $this->ThrowError(__('You have selected media that you no longer have permission to use. Please reload the form.'));
++
++                // Create the link
++                if (!$link->Link($displayGroupId, $mediaId))
++                    $this->ThrowError(__('Unable to make this assignment'));
++            }
++
++            // Flag this display group as incomplete
++            $this->FlagIncomplete($displayGroupId);
++
++            return true;
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
++
++            if (!$this->IsError())
++                $this->SetError(1, __('Unknown Error'));
++
++            return false;
++        }
++    }
++
++    /**
++     * Flag this display group as incomplete. Also flags all child displays.
++     * @param int $displayGroupId The Display Group ID
++     */
++    public function FlagIncomplete($displayGroupId) {
++        Debug::LogEntry('audit', 'IN', get_class(), __FUNCTION__);
++
++        Kit::ClassLoader('display');
++        $display = new Display($this->db);
++
++        try {
++            $dbh = PDOConnect::init();
++
++            // Which displays does a change to this layout effect?
++            $sth = $dbh->prepare('
++                    SELECT DISTINCT display.DisplayID
++                       FROM lkdisplaydg
++                       INNER JOIN display
++                       ON lkdisplaydg.DisplayID = display.displayID
++                     WHERE lkdisplaydg.displaygroupid = :displaygroupid
++                ');
++
++            $sth->execute(array('displaygroupid' => $displayGroupId));
++
++            while ($id = $sth->fetchColumn()) {
++                $display->FlagIncomplete($id);
++            }
++
++            return true;
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage());
++
++            if (!$this->IsError())
++                $this->SetError(1, __('Unknown Error'));
++
++            return false;
++        }
++    }
+ }
  ?>
 \ No newline at end of file
 === modified file 'server/lib/data/layout.data.class.php'
 --- server/lib/data/layout.data.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/data/layout.data.class.php	2014-03-29 13:09:24 +0000
@@ -1028,5 +1028,56 @@
              return false;
+         }
+     }
++
++    /**
++     * Returns an array containing all the layouts particulars
++     * @param int $layoutId The layout ID
++     */
++    public function LayoutInformation($layoutId) {
++        Debug::LogEntry('audit', '[IN]', 'layout', 'LayoutInformation');
++
++        // The array to ultimately return
++        $info = array();
++        $info['regions'] = array();
++
++        // Use the Region class to help
++        Kit::ClassLoader('region');
++
++        // Dummy User Object
++        $user = new User($this->db);
++        $user->userid = 0;
++        $user->usertypeid = 1;
++
++        // Take the layout, loop through its regions, check them and call LayoutInformation on all media in them.
++        $info['regions'] = $this->GetRegionList($layoutId);
++
++        if (count($info['regions']) <= 0)
++            return $info;
++
++        // Loop through each and build an array
++        foreach ($info['regions'] as &$region) {
++
++            $region['media'] = array();
++
++            Debug::LogEntry('audit', 'Assessing Region: ' . $region['regionid'], 'layout', 'LayoutInformation');
++
++            // Create a layout object
++            $regionObject = new Region($this->db);
++            $mediaNodes = $regionObject->GetMediaNodeList($layoutId, $region['regionid']);
++
++            foreach($mediaNodes as $mediaNode) {
++                // Put this node vertically in the region timeline
++                $region['media'][] = array(
++                        'mediaid' => $mediaNode->getAttribute('id'),
++                        'lkid' => $mediaNode->getAttribute('lkid'),
++                        'mediatype' => $mediaNode->getAttribute('type')
++                    );
++            }
++
++            Debug::LogEntry('audit', 'Finished with Region', 'layout', 'LayoutInformation');
++        }
++
++        return $info;
++    }
+ }
  ?>
 === added file 'server/lib/data/lkmediadisplaygroup.data.class.php'
 --- server/lib/data/lkmediadisplaygroup.data.class.php	1970-01-01 00:00:00 +0000
 +++ server/lib/data/lkmediadisplaygroup.data.class.php	2014-03-29 13:09:24 +0000
@@ -0,0 +1,113 @@
++<?php
++/*
++ * Xibo - Digital Signage - http://www.xibo.org.uk
++ * Copyright (C) 2006-2013 Daniel Garner
++ *
++ * This file is part of Xibo.
++ *
++ * Xibo is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU Affero General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * any later version.
++ *
++ * Xibo is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Affero General Public License for more details.
++ *
++ * You should have received a copy of the GNU Affero General Public License
++ * along with Xibo.  If not, see <http://www.gnu.org/licenses/>.
++ */
++defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
++
++class LkMediaDisplayGroup extends Data {
++
++    /**
++     * Link display group and media item
++     * @param int $displaygroupid The Display Group ID
++     * @param int $mediaid        The Media ID
++     */
++    public function Link($displaygroupid, $mediaid) {
++        Debug::LogEntry('audit', 'IN', get_class(), __FUNCTION__);
++
++        try {
++            $dbh = PDOConnect::init();
++
++            $displaygroupid = Kit::ValidateParam($displaygroupid, _INT, false);
++            $mediaid = Kit::ValidateParam($mediaid, _INT, false);
++
++            $sth = $dbh->prepare('INSERT INTO `lkmediadisplaygroup` (mediaid, displaygroupid) VALUES (:mediaid, :displaygroupid)');
++            $sth->execute(array(
++                    'mediaid' => $mediaid,
++                    'displaygroupid' => $displaygroupid
++                ));
++
++            return true;
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage());
++
++            if (!$this->IsError())
++                $this->SetError(1, __('Unknown Error'));
++
++            return false;
++        }
++    }
++
++    /**
++     * Unlink all media from the provided display group
++     * @param int $displaygroupid The display group to unlink from
++     */
++    public function UnlinkAllFromDisplayGroup($displaygroupid) {
++        Debug::LogEntry('audit', 'IN', get_class(), __FUNCTION__);
++
++        try {
++            $dbh = PDOConnect::init();
++
++            $displaygroupid = Kit::ValidateParam($displaygroupid, _INT, false);
++
++            $sth = $dbh->prepare('DELETE FROM `lkmediadisplaygroup` WHERE displaygroupid = :displaygroupid');
++            $sth->execute(array('displaygroupid' => $displaygroupid));
++
++            return true;
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
++
++            if (!$this->IsError())
++                $this->SetError(1, __('Unknown Error'));
++
++            return false;
++        }
++    }
++
++    /**
++     * Unlink all media from the provided media item
++     * @param int $mediaid The media item to unlink from
++     */
++    public function UnlinkAllFromMedia($mediaid) {
++        Debug::LogEntry('audit', 'IN', get_class(), __FUNCTION__);
++
++        try {
++            $dbh = PDOConnect::init();
++
++            $mediaid = Kit::ValidateParam($mediaid, _INT, false);
++
++            $sth = $dbh->prepare('DELETE FROM `lkmediadisplaygroup` WHERE mediaid = :mediaid');
++            $sth->execute(array('mediaid' => $mediaid));
++
++            return true;
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
++
++            if (!$this->IsError())
++                $this->SetError(1, __('Unknown Error'));
++
++            return false;
++        }
++    }
++}
 === modified file 'server/lib/data/media.data.class.php'
 --- server/lib/data/media.data.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/data/media.data.class.php	2014-03-29 13:09:24 +0000
@@ -77,7 +77,7 @@
                  $this->ThrowError(10, __('The name cannot be longer than 100 characters'));
              // Test the duration (except for video and localvideo which can have a 0)
--            if ($duration == 0 && $type != 'video' && $type != 'localvideo')
++            if ($duration == 0 && $type != 'video' && $type != 'localvideo' && $type != 'genericfile')
                  $this->ThrowError(11, __('You must enter a duration.'));
              // Check the naming of this item to ensure it doesnt conflict
@@ -186,7 +186,7 @@
              if (strlen($name) > 100)
                  $this->ThrowError(10, __('The name cannot be longer than 100 characters'));
--            if ($duration == 0 && $type != 'video' && $type != 'localvideo')
++            if ($duration == 0 && $type != 'video' && $type != 'localvideo' && $type != 'genericfile')
                  $this->ThrowError(11, __('You must enter a duration.'));
              // Any media (not this one) already has this name?
@@ -322,6 +322,8 @@
      public function Delete($mediaId)
+     {
          Debug::LogEntry('audit', 'IN', 'Media', 'Delete');
++
++        Kit::ClassLoader('lkmediadisplaygroup');
          try {
              $dbh = PDOConnect::init();
@@ -353,6 +355,11 @@
              if (!$security->UnlinkAll($mediaId))
                  throw new Exception("Error Processing Request", 1);
++
++            // Delete any assignments
++            $link = new LkMediaDisplayGroup($this->db);
++            if (!$link->UnlinkAllFromDisplayGroup($mediaId))
++                $this->ThrowError(__('Unable to drop file assignments during display delete.'));
              // Delete the media
              $sth = $dbh->prepare('DELETE FROM media WHERE MediaID = :mediaid');
@@ -393,6 +400,28 @@
+         }
+     }
++    public function GetStoredAs($mediaId) {
++        Debug::LogEntry('audit', 'IN', get_class(), __FUNCTION__);
++
++        try {
++            $dbh = PDOConnect::init();
++
++            $sth = $dbh->prepare('SELECT storedas FROM `media` WHERE mediaid = :id');
++            $sth->execute(array('id' => $mediaId));
++
++            return $sth->fetchColumn();
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage());
++
++            if (!$this->IsError())
++                $this->SetError(1, __('Unknown Error'));
++
++            return false;
++        }
++    }
++
      public function DeleteMediaFile($fileName)
+     {
          Debug::LogEntry('audit', 'IN', 'Media', 'DeleteMediaFile');
 === modified file 'server/lib/data/schedule.data.class.php'
 --- server/lib/data/schedule.data.class.php	2014-01-19 14:06:56 +0000
 +++ server/lib/data/schedule.data.class.php	2014-03-29 13:09:24 +0000
@@ -131,8 +131,8 @@
      							break;
      						case 'Week':
--    							$t_start_temp 	= $t_start_temp + (60 * 60 * 24 * 7 * $recDetail);
--    							$t_end_temp 	= $t_end_temp + (60 * 60 * 24 * 7 * $recDetail);
++    							$t_start_temp 	= mktime(date("H", $t_start_temp), date("i", $t_start_temp), date("s", $t_start_temp) ,date("m", $t_start_temp) ,date("d", $t_start_temp) + ($recDetail * 7), date("Y", $t_start_temp));
++    							$t_end_temp 	= mktime(date("H", $t_end_temp), date("i", $t_end_temp), date("s", $t_end_temp) ,date("m", $t_end_temp) ,date("d", $t_end_temp) + ($recDetail * 7), date("Y", $t_end_temp));
      							break;
      						case 'Month':
 === modified file 'server/lib/include.php'
 --- server/lib/include.php	2014-01-18 09:47:41 +0000
 +++ server/lib/include.php	2014-03-29 13:09:24 +0000
@@ -20,7 +20,7 @@
   */
  defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
--define('WEBSITE_VERSION', 66);
++define('WEBSITE_VERSION', 67);
  // No errors reported until we read the settings from the DB
  error_reporting(0);
 === modified file 'server/lib/modules/module.class.php'
 --- server/lib/modules/module.class.php	2014-02-15 11:25:09 +0000
 +++ server/lib/modules/module.class.php	2014-03-29 13:09:24 +0000
@@ -96,6 +96,7 @@
          $this->existingMedia 	= false;
          $this->assignedMedia = false;
          $this->deleteFromRegion = false;
++        $this->assignable = true;
          $this->duration = '';
          // Members used by forms (routed through the CMS)
@@ -142,6 +143,7 @@
  		$this->validExtensions 		= explode(',', $this->validExtensionsText);
  		$this->validExtensionsText	= str_replace(',', ', ', $this->validExtensionsText);
          $this->previewEnabled = Kit::ValidateParam($row['PreviewEnabled'], _INT);
++        $this->assignable = Kit::ValidateParam($row['assignable'], _INT);
  		return true;
+ 	}
@@ -806,12 +808,12 @@
          $session->setSecurityToken($securityToken);
--        //Get the default value for the shared list
--        $default = Config::GetSetting('defaultMedia');
--
++        // Set some defaults based on the type of media we are
++        // TODO: this should be passed in
          switch ($this->type) {
              case 'video':
              case 'localvideo':
++            case 'genericfile':
                  $defaultDuration = 0;
                  break;
@@ -860,7 +862,7 @@
          // Setup the theme
  		Theme::Set('form_upload_id', 'fileupload');
          Theme::Set('form_action', 'index.php?p=content&q=JqueryFileUpload&type=' . $this->type);
--		Theme::Set('form_meta', '<input type="hidden" name="type" value="' . $this->type . '"><input type="hidden" name="layoutid" value="' . $layoutid . '"><input type="hidden" name="regionid" value="' . $regionid . '">');
++		Theme::Set('form_meta', '<input type="hidden" id="PHPSESSID" value="' . $sessionId . '" /><input type="hidden" id="SecurityToken" value="' . $securityToken . '" /><input type="hidden" name="type" value="' . $this->type . '"><input type="hidden" name="layoutid" value="' . $layoutid . '"><input type="hidden" name="regionid" value="' . $regionid . '">');
  		Theme::Set('form_valid_ext', '/(\.|\/)' . implode('|', $this->validExtensions) . '$/i');
  		Theme::Set('form_max_size', Kit::ReturnBytes($this->maxFileSize));
  		Theme::Set('valid_extensions', 'This form accepts: ' . $this->validExtensionsText . ' files up to a maximum size of ' . $this->maxFileSize);
@@ -976,6 +978,7 @@
  		Theme::Set('is_duration_field_enabled', $durationFieldEnabled);
  		Theme::Set('valid_extensions', 'This form accepts: ' . $this->validExtensionsText . ' files up to a maximum size of ' . $this->maxFileSize);
  		Theme::Set('is_replace_field_checked', ((Config::GetSetting('LIBRARY_MEDIA_UPDATEINALL_CHECKB') == 'Checked') ? 'checked' : ''));
++        Theme::Set('is_assignable', $this->assignable);
  		$form = Theme::RenderReturn('library_form_media_edit');
@@ -1617,7 +1620,7 @@
          // Some messages for the form
          $msgTransition = __('What transition should be applied to this media item?');
          $msgDuration = __('The duration for this transition, in milliseconds.');
--        $msgDirection = __('The direction for this transtion.');
++        $msgDirection = __('The direction for this transition.');
          // Construct the form
          $form = <<<END
@@ -1625,6 +1628,7 @@
              <input type="hidden" name="type" value="$type">
              <input type="hidden" name="layoutid" value="$this->layoutid">
              <input type="hidden" name="mediaid" value="$this->mediaid">
++            <input type="hidden" name="lkid" value="$this->lkid">
              <input type="hidden" id="iRegionId" name="regionid" value="$this->regionid">
              <input type="hidden" name="showRegionOptions" value="$this->showRegionOptions" />
 === modified file 'server/lib/pages/content.class.php'
 --- server/lib/pages/content.class.php	2014-02-13 10:48:57 +0000
 +++ server/lib/pages/content.class.php	2014-03-29 13:09:24 +0000
@@ -180,7 +180,7 @@
  		$response = new ResponseManager();
  		// Get a list of the enabled modules and then create buttons for them
--		if (!$enabledModules = new ModuleManager($db, $user, 0))
++		if (!$enabledModules = new ModuleManager($db, $user, 0, '', -1))
              trigger_error($enabledModules->message, E_USER_ERROR);
  		$buttons = array();
@@ -226,7 +226,16 @@
          Theme::Set('pager', ResponseManager::Pager($id));
          // Module types filter
--        $types = $db->GetArray("SELECT Module AS moduleid, Name AS module FROM `module` WHERE RegionSpecific = 0 AND Enabled = 1 ORDER BY 2");
++        $modules = $this->user->ModuleAuth(0, '', 1);
++        $types = array();
++
++        foreach ($modules as $module) {
++            $type['moduleid'] = $module['Module'];
++            $type['module'] = $module['Name'];
++
++            $types[] = $type;
++        }
++
          array_unshift($types, array('moduleid' => '', 'module' => 'All'));
          Theme::Set('module_field_list', $types);
 === modified file 'server/lib/pages/display.class.php'
 --- server/lib/pages/display.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/pages/display.class.php	2014-03-29 13:09:24 +0000
@@ -302,7 +302,7 @@
                  if ($linkTarget == '')
                      $linkTarget = '_top';
--                $row['display'] = sprintf('<a href="' . $vncTemplate . '" title="VNC to ' . $row['display'] . '" target="' . $linkTarget . '">' . $row['display'] . '</a>', $row['clientaddress']);
++                $row['display'] = sprintf('<a href="' . $vncTemplate . '" title="VNC to ' . $row['display'] . '" target="' . $linkTarget . '">' . Theme::Prepare($row['display']) . '</a>', $row['clientaddress']);
+             }
              // Format last accessed
@@ -351,6 +351,13 @@
                          'url' => 'index.php?p=display&q=WakeOnLanForm&DisplayId=' . $row['displayid'],
                          'text' => __('Wake on LAN')
                      );
++
++                // File Associations
++                $row['buttons'][] = array(
++                        'id' => 'displaygroup_button_fileassociations',
++                        'url' => 'index.php?p=displaygroup&q=FileAssociations&DisplayGroupID=' . $row['displaygroupid'],
++                        'text' => __('Assign Files')
++                    );
+             }
              if ($row['del'] == 1) {
@@ -378,6 +385,13 @@
                          'url' => 'index.php?p=displaygroup&q=PermissionsForm&DisplayGroupID=' . $row['displaygroupid'],
                          'text' => __('Permissions')
                      );
++
++                // Version Information
++                $row['buttons'][] = array(
++                        'id' => 'display_button_version_instructions',
++                        'url' => 'index.php?p=displaygroup&q=VersionInstructionsForm&displaygroupid=' . $row['displaygroupid'] . '&displayid=' . $row['displayid'],
++                        'text' => __('Version Information')
++                    );
+             }
              // Assign this to the table row
@@ -833,6 +847,6 @@
          $response->SetFormSubmitResponse(__('Wake on Lan command sent.'));
          $response->Respond();
--    }
++    }
+ }
  ?>
 === modified file 'server/lib/pages/displaygroup.class.php'
 --- server/lib/pages/displaygroup.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/pages/displaygroup.class.php	2014-03-29 13:09:24 +0000
@@ -22,24 +22,24 @@
  class displaygroupDAO
+ {
--	private $db;
--	private $user;
--
--	function __construct(database $db, user $user)
--	{
--		$this->db 	=& $db;
--		$this->user =& $user;
--
--		include_once('lib/data/displaygroup.data.class.php');
--		include_once('lib/data/displaygroupsecurity.data.class.php');
--	}
--
--	/**
--	 * Display Group Page Render
--	 */
--	public function displayPage()
--	{
--		// Configure the theme
++    private $db;
++    private $user;
++
++    function __construct(database $db, user $user)
++    {
++        $this->db   =& $db;
++        $this->user =& $user;
++
++        include_once('lib/data/displaygroup.data.class.php');
++        include_once('lib/data/displaygroupsecurity.data.class.php');
++    }
++
++    /**
++     * Display Group Page Render
++     */
++    public function displayPage()
++    {
++        // Configure the theme
          $id = uniqid();
          Theme::Set('id', $id);
          Theme::Set('displaygroup_form_add_url', 'index.php?p=displaygroup&q=AddForm');
@@ -49,67 +49,81 @@
          // Render the Theme and output
          Theme::Render('displaygroup_page');
--	}
--
--	/**
--	 * Shows the Display groups
--	 * @return
--	 */
--	public function Grid()
--	{
++    }
++
++    /**
++     * Shows the Display groups
++     * @return
++     */
++    public function Grid()
++    {
          $db =& $this->db;
          $user =& $this->user;
--        $response	= new ResponseManager();
++        $response   = new ResponseManager();
          $displayGroups = $this->user->DisplayGroupList();
          if (!is_array($displayGroups))
              trigger_error(__('Cannot get list of display groups.'), E_USER_ERROR);
--		$rows = array();
++        $rows = array();
--		foreach ($displayGroups as $row)
++        foreach ($displayGroups as $row)
+         {
--        	if ($row['isdisplayspecific'] != 0)
++            if ($row['isdisplayspecific'] != 0)
                  continue;
--			if ($row['edit'] == 1)
++            if ($row['edit'] == 1)
+             {
                  // Show the edit button, members button
                  // Group Members
--	            $row['buttons'][] = array(
--	                    'id' => 'displaygroup_button_group_members',
--	                    'url' => 'index.php?p=displaygroup&q=MembersForm&DisplayGroupID=' . $row['displaygroupid'] . '&DisplayGroup=' . $row['displaygroup'],
--	                    'text' => __('Group Members')
--	                );
--
--	            // Edit
--	            $row['buttons'][] = array(
--	                    'id' => 'displaygroup_button_edit',
--	                    'url' => 'index.php?p=displaygroup&q=EditForm&DisplayGroupID=' . $row['displaygroupid'],
--	                    'text' => __('Edit')
--	                );
++                $row['buttons'][] = array(
++                        'id' => 'displaygroup_button_group_members',
++                        'url' => 'index.php?p=displaygroup&q=MembersForm&DisplayGroupID=' . $row['displaygroupid'] . '&DisplayGroup=' . $row['displaygroup'],
++                        'text' => __('Group Members')
++                    );
++
++                // Edit
++                $row['buttons'][] = array(
++                        'id' => 'displaygroup_button_edit',
++                        'url' => 'index.php?p=displaygroup&q=EditForm&DisplayGroupID=' . $row['displaygroupid'],
++                        'text' => __('Edit')
++                    );
++
++                // File Associations
++                $row['buttons'][] = array(
++                        'id' => 'displaygroup_button_fileassociations',
++                        'url' => 'index.php?p=displaygroup&q=FileAssociations&DisplayGroupID=' . $row['displaygroupid'],
++                        'text' => __('Assign Files')
++                    );
+             }
              if ($row['del'] == 1)
+             {
                  // Show the delete button
--	            $row['buttons'][] = array(
--	                    'id' => 'displaygroup_button_delete',
--	                    'url' => 'index.php?p=displaygroup&q=DeleteForm&DisplayGroupID=' . $row['displaygroupid'],
--	                    'text' => __('Delete')
--	                );
++                $row['buttons'][] = array(
++                        'id' => 'displaygroup_button_delete',
++                        'url' => 'index.php?p=displaygroup&q=DeleteForm&DisplayGroupID=' . $row['displaygroupid'],
++                        'text' => __('Delete')
++                    );
+             }
              if ($row['modifypermissions'] == 1)
+             {
                  // Show the modify permissions button
--	            $row['buttons'][] = array(
--	                    'id' => 'displaygroup_button_permissions',
--	                    'url' => 'index.php?p=displaygroup&q=PermissionsForm&DisplayGroupID=' . $row['displaygroupid'],
--	                    'text' => __('Permissions')
--	                );
++                $row['buttons'][] = array(
++                        'id' => 'displaygroup_button_permissions',
++                        'url' => 'index.php?p=displaygroup&q=PermissionsForm&DisplayGroupID=' . $row['displaygroupid'],
++                        'text' => __('Permissions')
++                    );
++
++                // Version Information
++                $row['buttons'][] = array(
++                        'id' => 'display_button_version_instructions',
++                        'url' => 'index.php?p=displaygroup&q=VersionInstructionsForm&displaygroupid=' . $row['displaygroupid'],
++                        'text' => __('Version Information')
++                    );
+             }
              // Assign this to the table row
@@ -122,135 +136,135 @@
          $response->SetGridResponse($output);
          $response->Respond();
--	}
--
--	/**
--	 * Shows an add form for a display group
--	 */
--	public function AddForm()
--	{
--		$db =& $this->db;
--		$user =& $this->user;
--		$response = new ResponseManager();
--
--		Theme::Set('form_id', 'DisplayGroupAddForm');
++    }
++
++    /**
++     * Shows an add form for a display group
++     */
++    public function AddForm()
++    {
++        $db =& $this->db;
++        $user =& $this->user;
++        $response = new ResponseManager();
++
++        Theme::Set('form_id', 'DisplayGroupAddForm');
          Theme::Set('form_action', 'index.php?p=displaygroup&q=Add');
          $form = Theme::RenderReturn('displaygroup_form_add');
--		$response->SetFormRequestResponse($form, __('Add Display Group'), '350px', '275px');
--		$response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Add') . '")');
--		$response->AddButton(__('Cancel'), 'XiboDialogClose()');
--		$response->AddButton(__('Save'), '$("#DisplayGroupAddForm").submit()');
--		$response->Respond();
--	}
--
--	/**
--	 * Shows an edit form for a display group
--	 */
--	public function EditForm()
--	{
--		$db				=& $this->db;
--		$user			=& $this->user;
--		$response		= new ResponseManager();
--		$helpManager	= new HelpManager($db, $user);
--
--		$displayGroupID	= Kit::GetParam('DisplayGroupID', _REQUEST, _INT);
++        $response->SetFormRequestResponse($form, __('Add Display Group'), '350px', '275px');
++        $response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Add') . '")');
++        $response->AddButton(__('Cancel'), 'XiboDialogClose()');
++        $response->AddButton(__('Save'), '$("#DisplayGroupAddForm").submit()');
++        $response->Respond();
++    }
++
++    /**
++     * Shows an edit form for a display group
++     */
++    public function EditForm()
++    {
++        $db             =& $this->db;
++        $user           =& $this->user;
++        $response       = new ResponseManager();
++        $helpManager    = new HelpManager($db, $user);
++
++        $displayGroupID = Kit::GetParam('DisplayGroupID', _REQUEST, _INT);
          // Auth
          $auth = $this->user->DisplayGroupAuth($displayGroupID, true);
          if (!$auth->edit)
              trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
--
--		// Pull the currently known info from the DB
--		$SQL = "SELECT DisplayGroupID, DisplayGroup, Description FROM displaygroup WHERE DisplayGroupID = %d AND IsDisplaySpecific = 0";
--		$SQL = sprintf($SQL, $displayGroupID);
--
--		if (!$row = $db->GetSingleRow($SQL))
--		{
--			trigger_error($db->error());
--			trigger_error(__('Error getting Display Group'), E_USER_ERROR);
--		}
--
--		// Pull out these columns
--		if (count($row) <= 0)
--			trigger_error(__('No display group found.'), E_USER_ERROR);
--
--		Theme::Set('displaygroup', Kit::ValidateParam($row['DisplayGroup'], _STRING));
--		Theme::Set('description', Kit::ValidateParam($row['Description'], _STRING));
--
--		// Set some information about the form
++
++        // Pull the currently known info from the DB
++        $SQL = "SELECT DisplayGroupID, DisplayGroup, Description FROM displaygroup WHERE DisplayGroupID = %d AND IsDisplaySpecific = 0";
++        $SQL = sprintf($SQL, $displayGroupID);
++
++        if (!$row = $db->GetSingleRow($SQL))
++        {
++            trigger_error($db->error());
++            trigger_error(__('Error getting Display Group'), E_USER_ERROR);
++        }
++
++        // Pull out these columns
++        if (count($row) <= 0)
++            trigger_error(__('No display group found.'), E_USER_ERROR);
++
++        Theme::Set('displaygroup', Kit::ValidateParam($row['DisplayGroup'], _STRING));
++        Theme::Set('description', Kit::ValidateParam($row['Description'], _STRING));
++
++        // Set some information about the form
          Theme::Set('form_id', 'DisplayGroupEditForm');
          Theme::Set('form_action', 'index.php?p=displaygroup&q=Edit');
          Theme::Set('form_meta', '<input type="hidden" name="DisplayGroupID" value="' . $displayGroupID . '" />');
          $form = Theme::RenderReturn('displaygroup_form_edit');
--		$response->SetFormRequestResponse($form, __('Edit Display Group'), '350px', '275px');
--		$response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Edit') . '")');
--		$response->AddButton(__('Cancel'), 'XiboDialogClose()');
--		$response->AddButton(__('Save'), '$("#DisplayGroupEditForm").submit()');
--		$response->Respond();
--	}
--
--	/**
--	 * Shows the Delete Group Form
--	 */
--	function DeleteForm()
--	{
--		$db 			=& $this->db;
--		$response		= new ResponseManager();
--		$displayGroupID	= Kit::GetParam('DisplayGroupID', _REQUEST, _INT);
++        $response->SetFormRequestResponse($form, __('Edit Display Group'), '350px', '275px');
++        $response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Edit') . '")');
++        $response->AddButton(__('Cancel'), 'XiboDialogClose()');
++        $response->AddButton(__('Save'), '$("#DisplayGroupEditForm").submit()');
++        $response->Respond();
++    }
++
++    /**
++     * Shows the Delete Group Form
++     */
++    function DeleteForm()
++    {
++        $db             =& $this->db;
++        $response       = new ResponseManager();
++        $displayGroupID = Kit::GetParam('DisplayGroupID', _REQUEST, _INT);
          // Auth
          $auth = $this->user->DisplayGroupAuth($displayGroupID, true);
          if (!$auth->del)
              trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
--
--		// Set some information about the form
++
++        // Set some information about the form
          Theme::Set('form_id', 'DisplayGroupDeleteForm');
          Theme::Set('form_action', 'index.php?p=displaygroup&q=Delete');
          Theme::Set('form_meta', '<input type="hidden" name="DisplayGroupID" value="' . $displayGroupID . '" />');
          $form = Theme::RenderReturn('displaygroup_form_delete');
--
--		$response->SetFormRequestResponse($form, __('Delete Display Group'), '350px', '175px');
--		$response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Delete') . '")');
--		$response->AddButton(__('No'), 'XiboDialogClose()');
--		$response->AddButton(__('Yes'), '$("#DisplayGroupDeleteForm").submit()');
--		$response->Respond();
--	}
--
--	/**
--	 * Display Group Members form
--	 */
--	public function MembersForm()
--	{
--		$db 			=& $this->db;
--		$response		= new ResponseManager();
--		$displayGroupID	= Kit::GetParam('DisplayGroupID', _REQUEST, _INT);
--
--		// There needs to be two lists here.
--		// One of which is the Displays currently assigned to this group
--		// The other is a list of displays that are available to be assigned (i.e. the opposite of the first list)
++
++        $response->SetFormRequestResponse($form, __('Delete Display Group'), '350px', '175px');
++        $response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Delete') . '")');
++        $response->AddButton(__('No'), 'XiboDialogClose()');
++        $response->AddButton(__('Yes'), '$("#DisplayGroupDeleteForm").submit()');
++        $response->Respond();
++    }
++
++    /**
++     * Display Group Members form
++     */
++    public function MembersForm()
++    {
++        $db             =& $this->db;
++        $response       = new ResponseManager();
++        $displayGroupID = Kit::GetParam('DisplayGroupID', _REQUEST, _INT);
++
++        // There needs to be two lists here.
++        // One of which is the Displays currently assigned to this group
++        // The other is a list of displays that are available to be assigned (i.e. the opposite of the first list)
--		// Set some information about the form
++        // Set some information about the form
          Theme::Set('displays_assigned_id', 'displaysIn');
          Theme::Set('displays_available_id', 'displaysOut');
          Theme::Set('displays_assigned_url', 'index.php?p=displaygroup&q=SetMembers&DisplayGroupID=' . $displayGroupID);
--		// Displays in group
--		$SQL  = "";
--		$SQL .= "SELECT display.DisplayID, ";
--		$SQL .= "       display.Display, ";
--		$SQL .= "       CONCAT('DisplayID_', display.DisplayID) AS list_id ";
--		$SQL .= "FROM   display ";
--		$SQL .= "       INNER JOIN lkdisplaydg ";
--		$SQL .= "       ON     lkdisplaydg.DisplayID = display.DisplayID ";
--		$SQL .= sprintf("WHERE  lkdisplaydg.DisplayGroupID   = %d", $displayGroupID);
--		$SQL .= " ORDER BY display.Display ";
--
--		$displaysAssigned = $db->GetArray($SQL);
++        // Displays in group
++        $SQL  = "";
++        $SQL .= "SELECT display.DisplayID, ";
++        $SQL .= "       display.Display, ";
++        $SQL .= "       CONCAT('DisplayID_', display.DisplayID) AS list_id ";
++        $SQL .= "FROM   display ";
++        $SQL .= "       INNER JOIN lkdisplaydg ";
++        $SQL .= "       ON     lkdisplaydg.DisplayID = display.DisplayID ";
++        $SQL .= sprintf("WHERE  lkdisplaydg.DisplayGroupID   = %d", $displayGroupID);
++        $SQL .= " ORDER BY display.Display ";
++
++        $displaysAssigned = $db->GetArray($SQL);
          if (!is_array($displaysAssigned))
+         {
@@ -259,198 +273,203 @@
+         }
          Theme::Set('displays_assigned', $displaysAssigned);
--
--		// Displays not in group
--		$SQL  = "";
--		$SQL .= "SELECT display.DisplayID, ";
--		$SQL .= "       display.Display, ";
--		$SQL .= "       CONCAT('DisplayID_', display.DisplayID) AS list_id ";
--		$SQL .= "FROM   display ";
--		$SQL .= " WHERE display.DisplayID NOT       IN ";
--		$SQL .= "       (SELECT display.DisplayID ";
--		$SQL .= "       FROM    display ";
--		$SQL .= "               INNER JOIN lkdisplaydg ";
--		$SQL .= "               ON      lkdisplaydg.DisplayID = display.DisplayID ";
--		$SQL .= sprintf("	WHERE  lkdisplaydg.DisplayGroupID   = %d", $displayGroupID);
--		$SQL .= "       )";
--		$SQL .= " ORDER BY display.Display ";
++
++        // Displays not in group
++        $SQL  = "";
++        $SQL .= "SELECT display.DisplayID, ";
++        $SQL .= "       display.Display, ";
++        $SQL .= "       CONCAT('DisplayID_', display.DisplayID) AS list_id ";
++        $SQL .= "FROM   display ";
++        $SQL .= " WHERE display.DisplayID NOT       IN ";
++        $SQL .= "       (SELECT display.DisplayID ";
++        $SQL .= "       FROM    display ";
++        $SQL .= "               INNER JOIN lkdisplaydg ";
++        $SQL .= "               ON      lkdisplaydg.DisplayID = display.DisplayID ";
++        $SQL .= sprintf("   WHERE  lkdisplaydg.DisplayGroupID   = %d", $displayGroupID);
++        $SQL .= "       )";
++        $SQL .= " ORDER BY display.Display ";
--		$displaysAvailable = $db->GetArray($SQL);
--
--		if (!is_array($displaysAvailable))
++        $displaysAvailable = $db->GetArray($SQL);
++
++        if (!is_array($displaysAvailable))
+         {
              trigger_error($db->error());
              trigger_error(__('Error getting Displays'), E_USER_ERROR);
+         }
          Theme::Set('displays_available', $displaysAvailable);
--
--
++
++
          $form = Theme::RenderReturn('displaygroup_form_display_assign');
--		$response->SetFormRequestResponse($form, __('Manage Membership'), '400', '375', 'DisplayGroupManageMembersCallBack');
--		$response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Members') . '")');
--		$response->AddButton(__('Cancel'), 'XiboDialogClose()');
--		$response->AddButton(__('Save'), 'DisplayGroupMembersSubmit()');
--		$response->Respond();
--	}
--
--	/**
--	 * Adds a Display Group
--	 * @return
--	 */
--	public function Add()
--	{
--        // Check the token
--        if (!Kit::CheckToken())
--            trigger_error('Token does not match', E_USER_ERROR);
--
--		$db =& $this->db;
--		$response = new ResponseManager();
--
--		$displayGroup = Kit::GetParam('group', _POST, _STRING);
--		$description = Kit::GetParam('desc', _POST, _STRING);
--
--		$displayGroupObject = new DisplayGroup($db);
--
--		if (!$displayGroupObject->Add($displayGroup, 0, $description))
--		{
--			trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
--		}
--
--		$response->SetFormSubmitResponse(__('Display Group Added'), false);
--		$response->Respond();
--	}
--
--	/**
--	 * Edits a Display Group
--	 * @return
--	 */
--	public function Edit()
--	{
--        // Check the token
--        if (!Kit::CheckToken())
--            trigger_error('Token does not match', E_USER_ERROR);
--
--		$db 			=& $this->db;
--		$response		= new ResponseManager();
--
--		$displayGroupID	= Kit::GetParam('DisplayGroupID', _POST, _INT);
--		$displayGroup	= Kit::GetParam('group', _POST, _STRING);
--		$description 	= Kit::GetParam('desc', _POST, _STRING);
++        $response->SetFormRequestResponse($form, __('Manage Membership'), '400', '375', 'DisplayGroupManageMembersCallBack');
++        $response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'Members') . '")');
++        $response->AddButton(__('Cancel'), 'XiboDialogClose()');
++        $response->AddButton(__('Save'), 'DisplayGroupMembersSubmit()');
++        $response->Respond();
++    }
++
++    /**
++     * Adds a Display Group
++     * @return
++     */
++    public function Add()
++    {
++        // Check the token
++        if (!Kit::CheckToken())
++            trigger_error('Token does not match', E_USER_ERROR);
++
++        $db =& $this->db;
++        $response = new ResponseManager();
++
++        $displayGroup = Kit::GetParam('group', _POST, _STRING);
++        $description = Kit::GetParam('desc', _POST, _STRING);
++
++        $displayGroupObject = new DisplayGroup($db);
++
++        if (!$displayGroupObject->Add($displayGroup, 0, $description))
++        {
++            trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
++        }
++
++        $response->SetFormSubmitResponse(__('Display Group Added'), false);
++        $response->Respond();
++    }
++
++    /**
++     * Edits a Display Group
++     * @return
++     */
++    public function Edit()
++    {
++        // Check the token
++        if (!Kit::CheckToken())
++            trigger_error('Token does not match', E_USER_ERROR);
++
++        $db             =& $this->db;
++        $response       = new ResponseManager();
++
++        $displayGroupID = Kit::GetParam('DisplayGroupID', _POST, _INT);
++        $displayGroup   = Kit::GetParam('group', _POST, _STRING);
++        $description    = Kit::GetParam('desc', _POST, _STRING);
          // Auth
          $auth = $this->user->DisplayGroupAuth($displayGroupID, true);
          if (!$auth->edit)
              trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
--
--		// Deal with the Edit
--		$displayGroupObject = new DisplayGroup($db);
--
--		if (!$displayGroupObject->Edit($displayGroupID, $displayGroup, $description))
--		{
--			trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
--		}
--
--		$response->SetFormSubmitResponse(__('Display Group Edited'), false);
--		$response->Respond();
--	}
--
--	/**
--	 * Deletes a Group
--	 * @return
--	 */
--	function Delete()
--	{
++
++        // Deal with the Edit
++        $displayGroupObject = new DisplayGroup($db);
++
++        if (!$displayGroupObject->Edit($displayGroupID, $displayGroup, $description))
++        {
++            trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
++        }
++
++        $response->SetFormSubmitResponse(__('Display Group Edited'), false);
++        $response->Respond();
++    }
++
++    /**
++     * Deletes a Group
++     * @return
++     */
++    function Delete()
++    {
          // Check the token
          if (!Kit::CheckToken())
              trigger_error('Token does not match', E_USER_ERROR);
--		$db 			=& $this->db;
--		$response		= new ResponseManager();
--
--		$displayGroupID	= Kit::GetParam('DisplayGroupID', _POST, _INT);
--
--        // Auth
--        $auth = $this->user->DisplayGroupAuth($displayGroupID, true);
--        if (!$auth->del)
--            trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
--
--		// Deal with the Delete
--		$displayGroupObject = new DisplayGroup($db);
--
--		if (!$displayGroupObject->Delete($displayGroupID))
--		{
--			trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
--		}
--
--		$response->SetFormSubmitResponse(__('Display Group Deleted'), false);
--		$response->Respond();
--	}
--
--	/**
--	 * Sets the Members of a group
--	 * @return
--	 */
--	public function SetMembers()
--	{
--		$db 			=& $this->db;
--		$response		= new ResponseManager();
--		$displayGroupObject = new DisplayGroup($db);
--
--		$displayGroupID	= Kit::GetParam('DisplayGroupID', _REQUEST, _INT);
--		$displays		= Kit::GetParam('DisplayID', _POST, _ARRAY, array());
--		$members		= array();
--
--		// Get a list of current members
--		$SQL  = "";
--		$SQL .= "SELECT display.DisplayID ";
--		$SQL .= "FROM   display ";
--		$SQL .= "       INNER JOIN lkdisplaydg ";
--		$SQL .= "       ON     lkdisplaydg.DisplayID = display.DisplayID ";
--		$SQL .= sprintf("WHERE  lkdisplaydg.DisplayGroupID   = %d", $displayGroupID);
--
--		if(!$resultIn = $db->query($SQL))
--		{
--			trigger_error($db->error());
--			trigger_error(__('Error getting Displays'), E_USER_ERROR);
--		}
--
--		while($row = $db->get_assoc_row($resultIn))
--		{
--			// Test whether this ID is in the array or not
--			$displayID	= Kit::ValidateParam($row['DisplayID'], _INT);
--
--			if(!in_array($displayID, $displays))
--			{
--				// Its currently assigned but not in the $displays array
--				//  so we unassign
--				if (!$displayGroupObject->Unlink($displayGroupID, $displayID))
--				{
--					trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
--				}
--			}
--			else
--			{
--				$members[] = $displayID;
--			}
--		}
--
--		foreach($displays as $displayID)
--		{
--			// Add any that are missing
--			if(!in_array($displayID, $members))
--			{
--				if (!$displayGroupObject->Link($displayGroupID, $displayID))
--				{
--					trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
--				}
--			}
--		}
--
--		$response->SetFormSubmitResponse(__('Group membership set'), false);
--		$response->Respond();
--	}
++        $db             =& $this->db;
++        $response       = new ResponseManager();
++
++        $displayGroupID = Kit::GetParam('DisplayGroupID', _POST, _INT);
++
++        // Auth
++        $auth = $this->user->DisplayGroupAuth($displayGroupID, true);
++        if (!$auth->del)
++            trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
++
++        // Deal with the Delete
++        $displayGroupObject = new DisplayGroup($db);
++
++        if (!$displayGroupObject->Delete($displayGroupID))
++        {
++            trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
++        }
++
++        $response->SetFormSubmitResponse(__('Display Group Deleted'), false);
++        $response->Respond();
++    }
++
++    /**
++     * Sets the Members of a group
++     * @return
++     */
++    public function SetMembers()
++    {
++        $db             =& $this->db;
++        $response       = new ResponseManager();
++        $displayGroupObject = new DisplayGroup($db);
++
++        $displayGroupID = Kit::GetParam('DisplayGroupID', _REQUEST, _INT);
++        $displays       = Kit::GetParam('DisplayID', _POST, _ARRAY, array());
++        $members        = array();
++
++        // Auth
++        $auth = $this->user->DisplayGroupAuth($displayGroupID, true);
++        if (!$auth->del)
++            trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
++
++        // Get a list of current members
++        $SQL  = "";
++        $SQL .= "SELECT display.DisplayID ";
++        $SQL .= "FROM   display ";
++        $SQL .= "       INNER JOIN lkdisplaydg ";
++        $SQL .= "       ON     lkdisplaydg.DisplayID = display.DisplayID ";
++        $SQL .= sprintf("WHERE  lkdisplaydg.DisplayGroupID   = %d", $displayGroupID);
++
++        if(!$resultIn = $db->query($SQL))
++        {
++            trigger_error($db->error());
++            trigger_error(__('Error getting Displays'), E_USER_ERROR);
++        }
++
++        while($row = $db->get_assoc_row($resultIn))
++        {
++            // Test whether this ID is in the array or not
++            $displayID  = Kit::ValidateParam($row['DisplayID'], _INT);
++
++            if(!in_array($displayID, $displays))
++            {
++                // Its currently assigned but not in the $displays array
++                //  so we unassign
++                if (!$displayGroupObject->Unlink($displayGroupID, $displayID))
++                {
++                    trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
++                }
++            }
++            else
++            {
++                $members[] = $displayID;
++            }
++        }
++
++        foreach($displays as $displayID)
++        {
++            // Add any that are missing
++            if(!in_array($displayID, $members))
++            {
++                if (!$displayGroupObject->Link($displayGroupID, $displayID))
++                {
++                    trigger_error($displayGroupObject->GetErrorMessage(), E_USER_ERROR);
++                }
++            }
++        }
++
++        $response->SetFormSubmitResponse(__('Group membership set'), false);
++        $response->Respond();
++    }
      /**
       * Show the Permissions for this Display Group
@@ -471,7 +490,7 @@
          // Set some information about the form
          Theme::Set('form_id', 'DisplayGroupPermissionsForm');
--    	Theme::Set('form_action', 'index.php?p=displaygroup&q=Permissions');
++        Theme::Set('form_action', 'index.php?p=displaygroup&q=Permissions');
          Theme::Set('form_meta', '<input type="hidden" name="displayGroupId" value="' . $displayGroupId . '" />');
          // List of all Groups with a view/edit/delete checkbox
@@ -543,7 +562,7 @@
          $auth = $this->user->DisplayGroupAuth($displayGroupId, true);
          if (!$auth->modifyPermissions)
--            trigger_error(__('You do not have permissions to edit this dataset'), E_USER_ERROR);
++            trigger_error(__('You do not have permissions to edit this display group'), E_USER_ERROR);
          // Unlink all
          $security = new DisplayGroupSecurity($db);
@@ -610,5 +629,257 @@
          $response->SetFormSubmitResponse(__('Permissions Changed'));
          $response->Respond();
+     }
++
++    public function FileAssociations() {
++
++        $displayGroupId = Kit::GetParam('DisplayGroupID', _GET, _INT);
++
++        // Auth
++        $auth = $this->user->DisplayGroupAuth($displayGroupId, true);
++        if (!$auth->edit)
++            trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
++
++        $id = uniqid();
++        Theme::Set('id', $id);
++        Theme::Set('form_meta', '<input type="hidden" name="p" value="displaygroup"><input type="hidden" name="q" value="FileAssociationsView"><input type="hidden" name="displaygroupid" value="' . $displayGroupId . '">');
++        Theme::Set('pager', ResponseManager::Pager($id));
++
++        // Module types filter
++        $modules = $this->user->ModuleAuth(0, '', -1);
++        $types = array();
++
++        foreach ($modules as $module) {
++            $type['moduleid'] = $module['Module'];
++            $type['module'] = $module['Name'];
++
++            $types[] = $type;
++        }
++
++        array_unshift($types, array('moduleid' => '', 'module' => 'All'));
++        Theme::Set('module_field_list', $types);
++
++        // Get the currently associated media items and put them in the top bar
++        $existing = array();
++
++        try {
++            $dbh = PDOConnect::init();
++
++            $sth = $dbh->prepare('
++                SELECT media.MediaID, media.Name
++                  FROM `media`
++                    INNER JOIN `lkmediadisplaygroup`
++                    ON lkmediadisplaygroup.mediaid = media.mediaid
++                 WHERE lkmediadisplaygroup.displaygroupid = :displaygroupid
++            ');
++
++            $sth->execute(array('displaygroupid' => $displayGroupId));
++
++            $existing = $sth->fetchAll();
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
++
++            trigger_error(__('Unable to get existing assignments.'), E_USER_ERROR);
++        }
++
++        Theme::Set('existing_associations', $existing);
++
++        // Call to render the template
++        $output = Theme::RenderReturn('displaygroup_fileassociations_form_assign');
++
++        // Construct the Response
++        $response = new ResponseManager();
++        $response->html = $output;
++        $response->success = true;
++        $response->dialogSize = true;
++        $response->dialogClass = 'modal-big';
++        $response->dialogWidth = '780px';
++        $response->dialogHeight = '580px';
++        $response->dialogTitle = __('Associate an item from the Library');
++
++        $response->AddButton(__('Help'), 'XiboHelpRender("' . HelpManager::Link('DisplayGroup', 'FileAssociations') . '")');
++        $response->AddButton(__('Cancel'), 'XiboDialogClose()');
++        $response->AddButton(__('Assign'), 'FileAssociationsSubmit(' . $displayGroupId  . ')');
++        $response->Respond();
++    }
++
++    public function FileAssociationsView() {
++        $user =& $this->user;
++
++        //Input vars
++        $mediatype = Kit::GetParam('filter_type', _POST, _STRING);
++        $name = Kit::GetParam('filter_name', _POST, _STRING);
++        $displaygroupid = Kit::GetParam('displaygroupid', _POST, _INT);
++
++        // Get the currently associated media items and put them in the top bar
++        $existing = array();
++
++        try {
++            $dbh = PDOConnect::init();
++
++            $sth = $dbh->prepare('
++                SELECT mediaid
++                  FROM `lkmediadisplaygroup`
++                 WHERE displaygroupid = :displaygroupid
++            ');
++
++            $sth->execute(array('displaygroupid' => $displaygroupid));
++
++            while ($existing[] = $sth->fetchColumn());
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage(), get_class(), __FUNCTION__);
++
++            trigger_error(__('Unable to get existing assignments.'), E_USER_ERROR);
++        }
++
++        // Get a list of media
++        $mediaList = $user->MediaList($mediatype, $name);
++
++        $rows = array();
++
++        // Add some extra information
++        foreach ($mediaList as $row) {
++
++            if (in_array($row['mediaid'], $existing))
++                continue;
++
++            $row['list_id'] = 'MediaID_' . $row['mediaid'];
++
++            $rows[] = $row;
++        }
++
++        Theme::Set('table_rows', $rows);
++
++        // Render the Theme
++        $response = new ResponseManager();
++        $response->SetGridResponse(Theme::RenderReturn('displaygroup_fileassociations_form_assign_list'));
++        $response->callBack = 'FileAssociationsCallback';
++        $response->pageSize = 5;
++        $response->Respond();
++    }
++
++    public function SetFileAssociations() {
++        $user       =& $this->user;
++        $response   = new ResponseManager();
++
++        $displayGroupId = Kit::GetParam('displaygroupid', _GET, _INT);
++        $mediaList = Kit::GetParam('MediaID', _POST, _ARRAY_INT, array(), false);
++
++        if ($displayGroupId == 0)
++            trigger_error(__('Display Group not selected'), E_USER_ERROR);
++
++        // Auth
++        $auth = $this->user->DisplayGroupAuth($displayGroupId, true);
++        if (!$auth->del)
++            trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
++
++        Kit::ClassLoader('displaygroup');
++        $displayGroup = new DisplayGroup($this->db);
++
++        if (!$displayGroup->AssociateFiles($this->user, $displayGroupId, $mediaList))
++            trigger_error($displayGroup->GetErrorMessage(), E_USER_ERROR);
++
++        // Success
++        $response->SetFormSubmitResponse(sprintf(__('%d Media Items Assigned'), count($mediaList)));
++        $response->Respond();
++    }
++
++    public function VersionInstructionsForm() {
++        $response = new ResponseManager();
++
++        $displayGroupId = Kit::GetParam('displaygroupid', _GET, _INT);
++        $displayId = Kit::GetParam('displayid', _GET, _INT);
++        Theme::Set('installer_file_id', 0);
++
++        // List of effected displays
++        $rows = array();
++
++        if ($displayId != 0) {
++            // Get some version information about this display.
++            if (!$displays = $this->user->DisplayList(array('display'), array('displayid' => $displayId)))
++                trigger_error(__('Unknown Display'), E_USER_ERROR);
++        }
++        else {
++            // Get a list of displays with their version information?
++            if (!$displays = $this->user->DisplayList(array('display'), array('displaygroupid' => $displayGroupId)))
++                trigger_error(__('Unknown Display'), E_USER_ERROR);
++        }
++
++        foreach ($displays as $display) {
++            $rows[] = array(
++                    'display' => Theme::Prepare($display['display']),
++                    'client_type' => Theme::Prepare($display['client_type']),
++                    'client_version' => Theme::Prepare($display['client_version']),
++                    'client_code' => Theme::Prepare($display['client_code'])
++                );
++        }
++
++        // Store this for use in the theme
++        Theme::Set('displays', $displays);
++
++        // Present a list of possible files to choose from (generic file module)
++        $mediaList = $this->user->MediaList('genericfile');
++        array_unshift($mediaList, array('mediaid' => 0, 'media' => ''));
++        Theme::Set('media_field_list', $mediaList);
++
++        // Set some information about the form
++        Theme::Set('form_id', 'VersionInstructions');
++        Theme::Set('form_action', 'index.php?p=displaygroup&q=VersionInstructions');
++        Theme::Set('form_meta', '<input type="hidden" name="displaygroupid" value="' . $displayGroupId . '">');
++
++        $form = Theme::RenderReturn('display_form_version_instructions');
++
++        $response->SetFormRequestResponse($form, __('Set Instructions for Upgrading this client'), '300px', '250px');
++        $response->AddButton(__('Cancel'), 'XiboDialogClose()');
++        $response->AddButton(__('Save'), '$("#VersionInstructions").submit()');
++        $response->Respond();
++    }
++
++    public function VersionInstructions() {
++        $response = new ResponseManager();
++
++        Kit::ClassLoader('media');
++        Kit::ClassLoader('display');
++        Kit::ClassLoader('lkmediadisplaygroup');
++
++        $displayGroupId = Kit::GetParam('displaygroupid', _POST, _INT);
++        $mediaId = Kit::GetParam('mediaid', _POST, _INT);
++
++        // Make sure we have permission to do this to this display
++        $auth = $this->user->DisplayGroupAuth($displayGroupId, true);
++        if (!$auth->edit)
++            trigger_error(__('You do not have permission to edit this display group'), E_USER_ERROR);
++
++        // Make sure we have permission to use this file
++        $mediaAuth = $this->user->MediaAuth($mediaId, true);
++
++        if (!$mediaAuth->view)
++            trigger_error(__('You have selected media that you no longer have permission to use. Please reload the form.'), E_USER_ERROR);
++
++        // Make sure this file is assigned to this display group
++        $link = new LkMediaDisplayGroup($this->db);
++        if (!$link->Link($displayGroupId, $mediaId))
++            trigger_error($display->GetErrorMessage(), E_USER_ERROR);
++
++        // Get the "StoredAs" for this media item
++        $media = new Media($this->db);
++        $storedAs = $media->GetStoredAs($mediaId);
++
++        // Get a list of displays for this group
++        $displays = $this->user->DisplayList(array('displayid'), array('displaygroupid' => $displayGroupId));
++
++        foreach ($displays as $display) {
++            // Update the Display with the new instructions
++            $displayObject = new Display($this->db);
++            if (!$displayObject->SetVersionInstructions($display['displayid'], $mediaId, $storedAs))
++                trigger_error($displayObject->GetErrorMessage(), E_USER_ERROR);
++        }
++
++        $response->SetFormSubmitResponse(__('Version Instructions Set'));
++        $response->Respond();
++    }
+ }
  ?>
 \ No newline at end of file
 === modified file 'server/lib/pages/layout.class.php'
 --- server/lib/pages/layout.class.php	2014-02-13 10:48:57 +0000
 +++ server/lib/pages/layout.class.php	2014-03-29 13:09:24 +0000
@@ -742,7 +742,7 @@
  				$regionHtml .= '	</button>';
  				$regionHtml .= '	<ul class="dropdown-menu">';
  				$regionHtml .= '    	<li><a class="XiboFormButton" href="index.php?p=timeline&q=Timeline&layoutid=' . $this->layoutid . '&regionid=' . $regionid . '" title="' . __('Timeline') . '">' . __('Edit Timeline') . '</a></li>';
--				$regionHtml .= '    	<li><a class="XiboFormButton" href="index.php?p=timeline&q=ManualRegionPositionForm&layoutid=' . $this->layoutid . '&regionid=' . $regionid . '&top=' . $regionTop . '&left=' . $regionLeft . '&width=' . $regionWidth . '&height=' . $regionHeight . '&scale=' . $scaleFactor . '&layoutWidth=' . $width . '&layoutHeight= ' . $height . '" title="' . __('Options') . '">' . __('Options') . '</a></li>';
++				$regionHtml .= '    	<li><a class="RegionOptionsMenuItem" href="#" title="' . __('Options') . '">' . __('Options') . '</a></li>';
  				$regionHtml .= '    	<li><a class="XiboFormButton" href="index.php?p=timeline&q=DeleteRegionForm&layoutid=' . $this->layoutid . '&regionid=' . $regionid . '" title="' . __('Delete') . '">' . __('Delete') . '</a></li>';
  				$regionHtml .= '    	<li><a class="XiboFormButton" href="index.php?p=timeline&q=RegionPermissionsForm&layoutid=' . $this->layoutid . '&regionid=' . $regionid . '" title="' . __('Permissions') . '">' . __('Permissions') . '</a></li>';
  				$regionHtml .= '	</ul>';
@@ -766,7 +766,7 @@
  		//render the view pane
  		$surface = <<<HTML
--		<div id="layout" layoutid="$this->layoutid" style="position:relative; width:$width; height:$height; border: 1px solid #000; background:$background_css;">
++		<div id="layout" class="layout" layoutid="$this->layoutid" style="position:relative; width:$width; height:$height; border: 1px solid #000; background:$background_css;">
  		$regionHtml
  		</div>
  HTML;
 === modified file 'server/lib/pages/module.class.php'
 --- server/lib/pages/module.class.php	2014-02-12 20:32:00 +0000
 +++ server/lib/pages/module.class.php	2014-03-29 13:09:24 +0000
@@ -1,7 +1,7 @@
  <?php
  /*
   * Xibo - Digital Signage - http://www.xibo.org.uk
-- * Copyright (C) 2006-2013 Daniel Garner
++ * Copyright (C) 2006-2014 Daniel Garner
+  *
   * This file is part of Xibo.
+  *
@@ -92,7 +92,8 @@
          $SQL .= '   RegionSpecific, ';
          $SQL .= '   ValidExtensions, ';
          $SQL .= '   ImageUri, ';
--        $SQL .= '   PreviewEnabled ';
++        $SQL .= '   PreviewEnabled, ';
++        $SQL .= '   assignable ';
          $SQL .= '  FROM `module` ';
          $SQL .= ' ORDER BY Name ';
@@ -115,9 +116,11 @@
              $row['imageuri'] = Kit::ValidateParam($module['ImageUri'], _STRING);
              $row['enabled'] = Kit::ValidateParam($module['Enabled'], _INT);
              $row['preview_enabled'] = Kit::ValidateParam($module['PreviewEnabled'], _INT);
++            $row['assignable'] = Kit::ValidateParam($module['assignable'], _INT);
              $row['isregionspecific_image'] = ($row['isregionspecific'] == 0) ? 'icon-ok' : 'icon-remove';
              $row['enabled_image'] = ($row['enabled'] == 1) ? 'icon-ok' : 'icon-remove';
              $row['preview_enabled_image'] = ($row['preview_enabled'] == 1) ? 'icon-ok' : 'icon-remove';
++            $row['assignable_image'] = ($row['assignable'] == 1) ? 'icon-ok' : 'icon-remove';
              // Initialise array of buttons, because we might not have any
              $row['buttons'] = array();
 === modified file 'server/lib/pages/schedule.class.php'
 --- server/lib/pages/schedule.class.php	2014-01-18 14:29:25 +0000
 +++ server/lib/pages/schedule.class.php	2014-03-29 13:09:24 +0000
@@ -1,7 +1,7 @@
  <?php
  /*
   * Xibo - Digital Signage - http://www.xibo.org.uk
-- * Copyright (C) 2006-2013 Daniel Garner
++ * Copyright (C) 2006-2014 Daniel Garner
+  *
   * This file is part of Xibo.
+  *
@@ -1157,7 +1157,7 @@
          </div>
  HTML;
--        $id = uniqid();
++        $id = Kit::uniqueId();
          $pager = ResponseManager::Pager($id);
          $xiboGrid = <<<HTML
@@ -1277,7 +1277,7 @@
          </div>
  HTML;
--        $id = uniqid();
++        $id = Kit::uniqueId();
          $pager = ResponseManager::Pager($id);
          $xiboGrid = <<<HTML
 === modified file 'server/lib/pages/stats.class.php'
 --- server/lib/pages/stats.class.php	2014-01-18 09:47:41 +0000
 +++ server/lib/pages/stats.class.php	2014-03-29 13:09:24 +0000
@@ -82,7 +82,7 @@
          $SQL .= '  FROM stat ';
          $SQL .= '  INNER JOIN layout ON layout.LayoutID = stat.LayoutID ';
          $SQL .= '  INNER JOIN display ON stat.DisplayID = display.DisplayID ';
--        $SQL .= ' WHERE 1 = 1 ';
++        $SQL .= " WHERE stat.type = 'layout' ";
          $SQL .= sprintf("  AND stat.end > '%s' ", $fromDt);
          $SQL .= sprintf("  AND stat.start <= '%s' ", $toDt);
@@ -120,7 +120,7 @@
          $SQL .= '  FROM stat ';
          $SQL .= '  INNER JOIN display ON stat.DisplayID = display.DisplayID ';
          $SQL .= '  INNER JOIN  media ON media.MediaID = stat.MediaID ';
--        $SQL .= ' WHERE 1 = 1 ';
++        $SQL .= " WHERE stat.type = 'media' ";
          $SQL .= sprintf("  AND stat.end > '%s' ", $fromDt);
          $SQL .= sprintf("  AND stat.start <= '%s' ", $toDt);
@@ -162,7 +162,7 @@
          $SQL .= '  INNER JOIN display ON stat.DisplayID = display.DisplayID ';
          $SQL .= '  INNER JOIN layout ON layout.LayoutID = stat.LayoutID ';
          $SQL .= '  LEFT OUTER JOIN media ON media.MediaID = stat.MediaID ';
--        $SQL .= ' WHERE 1 = 1 ';
++        $SQL .= " WHERE stat.type = 'media' ";
          $SQL .= sprintf("  AND stat.end > '%s' ", $fromDt);
          $SQL .= sprintf("  AND stat.start <= '%s' ", $toDt);
 === modified file 'server/lib/pages/statusdashboard.class.php'
 --- server/lib/pages/statusdashboard.class.php	2014-02-15 10:32:44 +0000
 +++ server/lib/pages/statusdashboard.class.php	2014-03-29 13:09:24 +0000
@@ -36,7 +36,7 @@
  		try {
  		    $dbh = PDOConnect::init();
--		    $sth = $dbh->prepare('SELECT MONTHNAME(FROM_UNIXTIME(month)) AS month, IFNULL(SUM(Size), 0) AS size FROM `bandwidth` WHERE month > :month GROUP BY MONTHNAME(FROM_UNIXTIME(month));');
++		    $sth = $dbh->prepare('SELECT MONTHNAME(FROM_UNIXTIME(month)) AS month, IFNULL(SUM(Size), 0) AS size FROM `bandwidth` WHERE month > :month GROUP BY MONTHNAME(FROM_UNIXTIME(month)) ORDER BY MIN(month);');
  		    $sth->execute(array('month' => time() - (86400 * 365)));
  		    $results = $sth->fetchAll();
 === modified file 'server/lib/service/xmdssoap.class.php'
 --- server/lib/service/xmdssoap.class.php	2014-02-09 15:03:19 +0000
 +++ server/lib/service/xmdssoap.class.php	2014-03-29 13:09:24 +0000
@@ -30,6 +30,7 @@
      private $isAuditing;
      private $displayId;
      private $defaultLayoutId;
++    private $version_instructions;
      public function __construct()
+     {
@@ -161,6 +162,7 @@
          $requiredFilesXml = new DOMDocument("1.0");
          $fileElements 	= $requiredFilesXml->createElement("files");
++        $fileElements->setAttribute('version_instructions', $this->version_instructions);
          $requiredFilesXml->appendChild($fileElements);
@@ -189,11 +191,15 @@
+         }
          // Our layout list will always include the default layout
--        $layoutIdList = $this->defaultLayoutId;
++        $layouts = array();
++        $layouts[] = $this->defaultLayoutId;
--        // Build up the other layouts into a comma seperated list.
++        // Build up the other layouts into an array
          while ($row = $db->get_assoc_row($results))
--            $layoutIdList .= ',' . Kit::ValidateParam($row['layoutID'], _INT);
++            $layouts[] = Kit::ValidateParam($row['layoutID'], _INT);
++
++        // Create a comma separated list to pass into the query which gets file nodes
++        $layoutIdList = implode(',', $layouts);
          // Add file nodes to the $fileElements
          $SQL  = " SELECT 'layout' AS RecordType, layout.layoutID AS path, layout.layoutID AS id, MD5(layout.xml) AS `MD5`, NULL AS FileSize, layout.background, layout.xml AS xml ";
@@ -207,6 +213,18 @@
          $SQL .= " 	INNER JOIN layout ";
          $SQL .= " 	ON layout.LayoutID = lklayoutmedia.LayoutID";
          $SQL .= sprintf(" WHERE layout.layoutid IN (%s)  ", $layoutIdList);
++        $SQL .= "
++                UNION
++                SELECT 'media' AS RecordType, storedAs AS path, media.mediaID AS id, media.`MD5`, media.FileSize, NULL AS background, NULL AS xml
++                   FROM `media`
++                    INNER JOIN `lkmediadisplaygroup`
++                    ON lkmediadisplaygroup.mediaid = media.MediaID
++                    INNER JOIN lkdisplaydg
++                    ON lkdisplaydg.DisplayGroupID = lkmediadisplaygroup.DisplayGroupID
++                    INNER JOIN display
++                    ON lkdisplaydg.DisplayID = display.displayID
++                ";
++        $SQL .= sprintf(" WHERE display.license = '%s'  ", $hardwareKey);
          $SQL .= " ORDER BY RecordType DESC";
          if ($this->isAuditing == 1) Debug::LogEntry("audit", $SQL, "xmds", "RequiredFiles");
@@ -282,6 +300,32 @@
+             }
+         }
++        Kit::ClassLoader('layout');
++
++        // Go through each layout and see if we need to supply any resource nodes.
++        foreach ($layouts as $layoutId) {
++            // Load the layout XML and work out if we have any ticker / text / dataset media items
++            $layout = new Layout($db);
++
++            $layoutInformation = $layout->LayoutInformation($layoutId);
++
++            foreach($layoutInformation['regions'] as $region) {
++                foreach($region['media'] as $media) {
++                    if ($media['mediatype'] == 'ticker' || $media['mediatype'] == 'text' || $media['mediatype'] == 'dataset') {
++                        // Append this item to required files
++                        $file = $requiredFilesXml->createElement("file");
++                        $file->setAttribute('type', 'resource');
++                        $file->setAttribute('id', rand());
++                        $file->setAttribute('layoutid', $layoutId);
++                        $file->setAttribute('regionid', $region['regionid']);
++                        $file->setAttribute('mediaid', $media['mediaid']);
++
++                        $fileElements->appendChild($file);
++                    }
++                }
++            }
++        }
++
          // Add a blacklist node
          $blackList = $requiredFilesXml->createElement("file");
          $blackList->setAttribute("type", "blacklist");
@@ -309,62 +353,8 @@
              $blackList->appendChild($file);
+         }
--        // PHONE_HOME if required.
--        if (Config::GetSetting('PHONE_HOME') == 'On')
--        {
--            // Find out when we last PHONED_HOME :D
--            // If it's been > 28 days since last PHONE_HOME then
--            if (Config::GetSetting('PHONE_HOME_DATE') < (time() - (60 * 60 * 24 * 28)))
--            {
--                if ($this->isAuditing == 1)
--                {
--                    Debug::LogEntry("audit", "PHONE_HOME [IN]", "xmds", "RequiredFiles");
--                }
--
--                // Retrieve number of displays
--                $SQL = "SELECT COUNT(*)
--                        FROM `display`
--                        WHERE `licensed` = '1'";
--
--                if (!$results = $db->query($SQL))
--                {
--                    trigger_error($db->error());
--                }
--                while ($row = $db->get_row($results))
--                {
--                    $PHONE_HOME_CLIENTS = Kit::ValidateParam($row[0],_INT);
--                }
--
--                // Retrieve version number
--                $PHONE_HOME_VERSION = Config::Version('app_ver');
--
--                $PHONE_HOME_URL = Config::GetSetting('PHONE_HOME_URL') . "?id=" . urlencode(Config::GetSetting('PHONE_HOME_KEY')) . "&version=" . urlencode($PHONE_HOME_VERSION) . "&numClients=" . urlencode($PHONE_HOME_CLIENTS);
--
--                if ($this->isAuditing == 1)
--                {
--                    Debug::LogEntry("audit", "PHONE_HOME_URL " . $PHONE_HOME_URL , "xmds", "RequiredFiles");
--                }
--
--                // Set PHONE_HOME_TIME to NOW.
--                $SQL = "UPDATE `setting`
--                        SET `value` = '" . time() . "'
--                        WHERE `setting`.`setting` = 'PHONE_HOME_DATE' LIMIT 1";
--
--                if (!$results = $db->query($SQL))
--                {
--                    trigger_error($db->error());
--                }
--
--                @file_get_contents($PHONE_HOME_URL);
--
--                if ($this->isAuditing == 1)
--                {
--                    Debug::LogEntry("audit", "PHONE_HOME [OUT]", "xmds", "RequiredFiles");
--                }
--            //endif
--            }
--        }
--        // END OF PHONE_HOME CODE
++        // Phone Home?
++        $this->PhoneHome();
          if ($this->isAuditing == 1)
+         {
@@ -944,13 +934,17 @@
          $document = new DOMDocument("1.0");
          $document->loadXML($inventory);
--        $macAddress = $document->documentElement->getAttribute('macAddress');
++        // Get some information from the media inventory XML and update the display record with it.
++        $macAddress = Kit::ValidateParam($document->documentElement->getAttribute('macAddress'), _STRING);
++        $clientType = Kit::ValidateParam($document->documentElement->getAttribute('clientType'), _STRING);
++        $clientVersion = Kit::ValidateParam($document->documentElement->getAttribute('clientVersion'), _STRING);
++        $clientCode = Kit::ValidateParam($document->documentElement->getAttribute('clientCode'), _INT);
          // Assume we are complete (but we are getting some)
          $mediaInventoryComplete = 1;
          $xpath = new DOMXPath($document);
--	$fileNodes = $xpath->query("//file");
++        $fileNodes = $xpath->query("//file");
          foreach ($fileNodes as $node)
+         {
@@ -968,7 +962,7 @@
          // Touch the display record
          $displayObject = new Display($db);
--        $displayObject->Touch($hardwareKey, '', $mediaInventoryComplete, $inventory, $macAddress);
++        $displayObject->Touch($hardwareKey, '', $mediaInventoryComplete, $inventory, $macAddress, $clientType, $clientVersion, $clientCode);
          return true;
+     }
@@ -1037,6 +1031,61 @@
+     }
      /**
++     * PHONE_HOME if required
++     */
++    private function PhoneHome() {
++
++        if (Config::GetSetting('PHONE_HOME') == 'On')
++        {
++            // Find out when we last PHONED_HOME :D
++            // If it's been > 28 days since last PHONE_HOME then
++            if (Config::GetSetting('PHONE_HOME_DATE') < (time() - (60 * 60 * 24 * 28)))
++            {
++                if ($this->isAuditing == 1)
++                {
++                    Debug::LogEntry("audit", "PHONE_HOME [IN]", "xmds", "RequiredFiles");
++                }
++
++                try {
++                    $dbh = PDOConnect::init();
++
++                    // Retrieve number of displays
++                    $sth = $dbh->prepare('SELECT COUNT(*) AS Cnt FROM `display` WHERE `licensed` = 1');
++                    $sth->execute();
++
++                    $PHONE_HOME_CLIENTS = $sth->fetchColumn();
++
++                    // Retrieve version number
++                    $PHONE_HOME_VERSION = Config::Version('app_ver');
++
++                    $PHONE_HOME_URL = Config::GetSetting('PHONE_HOME_URL') . "?id=" . urlencode(Config::GetSetting('PHONE_HOME_KEY')) . "&version=" . urlencode($PHONE_HOME_VERSION) . "&numClients=" . urlencode($PHONE_HOME_CLIENTS);
++
++                    if ($this->isAuditing == 1)
++                        Debug::LogEntry("audit", "PHONE_HOME_URL " . $PHONE_HOME_URL , "xmds", "RequiredFiles");
++
++                    // Set PHONE_HOME_TIME to NOW.
++                    $sth = $dbh->prepare('UPDATE `setting` SET `value` = :time WHERE `setting`.`setting` = :setting LIMIT 1');
++                    $sth->execute(array(
++                            'time' => time(),
++                            'setting' => 'PHONE_HOME_DATE'
++                        ));
++
++                    @file_get_contents($PHONE_HOME_URL);
++
++                    if ($this->isAuditing == 1)
++                        Debug::LogEntry("audit", "PHONE_HOME [OUT]", "xmds", "RequiredFiles");
++                }
++                catch (Exception $e) {
++
++                    Debug::LogEntry('error', $e->getMessage());
++
++                    return false;
++                }
++            }
++        }
++    }
++
++    /**
       * Authenticates the display
       * @param <type> $hardwareKey
       * @return <type>
@@ -1046,7 +1095,7 @@
  	$db =& $this->db;
  	// check in the database for this hardwareKey
--	$SQL = "SELECT licensed, inc_schedule, isAuditing, displayID, defaultlayoutid, loggedin, email_alert, display FROM display WHERE license = '$hardwareKey'";
++	$SQL = "SELECT licensed, inc_schedule, isAuditing, displayID, defaultlayoutid, loggedin, email_alert, display, version_instructions FROM display WHERE license = '$hardwareKey'";
          if (!$result = $db->query($SQL))
+ 	{
@@ -1090,6 +1139,7 @@
          $this->isAuditing = $row[2];
          $this->displayId = $row[3];
          $this->defaultLayoutId = $row[4];
++        $this->version_instructions = $row[8];
          return true;
+     }
 === modified file 'server/locale/dbtranslate.php'
 --- server/locale/dbtranslate.php	2014-02-12 18:11:45 +0000
 +++ server/locale/dbtranslate.php	2014-03-29 13:09:24 +0000
@@ -54,6 +54,7 @@
  echo __('Campaigns');
  echo __('Transitions');
  echo __('Resolutions');
++echo __('User Groups');
  // Settings translations
  echo __('jpg_length');
@@ -97,6 +98,9 @@
  echo __('SETTING_IMPORT_ENABLED');
  echo __('SETTING_LIBRARY_TIDY_ENABLED');
  echo __('EMBEDDED_STATUS_WIDGET');
++echo __('PROXY_HOST');
++echo __('PROXY_PORT');
++echo __('PROXY_AUTH');
  // Transitions
  echo __('Fade In');
 === added file 'server/manual/content/admin/file_associations_form.png'
 Binary files server/manual/content/admin/file_associations_form.png	1970-01-01 00:00:00 +0000 and server/manual/content/admin/file_associations_form.png	2014-03-29 13:09:24 +0000 differ
 === added file 'server/manual/content/admin/file_associations_menu.png'
 Binary files server/manual/content/admin/file_associations_menu.png	1970-01-01 00:00:00 +0000 and server/manual/content/admin/file_associations_menu.png	2014-03-29 13:09:24 +0000 differ
 === added file 'server/manual/content/admin/fileassociations.php'
 --- server/manual/content/admin/fileassociations.php	1970-01-01 00:00:00 +0000
 +++ server/manual/content/admin/fileassociations.php	2014-03-29 13:09:24 +0000
@@ -0,0 +1,33 @@
++<?php
++/*
++ * Xibo - Digital Signage - http://www.xibo.org.uk
++ * Copyright (C) 2006-2014 Daniel Garner
++ *
++ * This file is part of Xibo.
++ *
++ * Xibo is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU Affero General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * any later version.
++ *
++ * Xibo is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Affero General Public License for more details.
++ *
++ * You should have received a copy of the GNU Affero General Public License
++ * along with Xibo.  If not, see <http://www.gnu.org/licenses/>.
++ */
++defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
++?>
++<h1 id="File_Associations">File Associations</h1>
++<p>Occasionally it may be necessary to associate a file directly with a display group or display so that the file is transferred to the display for use locally. It may also be desirable to do this without having the media file assigned to a layout.</p>
++
++<p>The CMS fully caters for this requirement using the File Associations functionality. This functionality enables a simple "Assign Files" menu on the Display and Display Group Administration pages.</p>
++
++<p><img class="img-thumbnail" alt="Display Administration" src="content/admin/file_associations_menu.png"></p>
++
++<p>Selecting the Assign Files menu item will open a form showing all stored menu items (video, jpg, etc) which can be selected for assignment.</p>
++<p><img class="img-thumbnail" alt="Display Administration" src="content/admin/file_associations_form.png"></p>
++
++<p class="alert alert-info">Associating a file in this manner will automatically download that file to the client at the next collection interval.</p>
 \ No newline at end of file
 === added file 'server/manual/content/content/content_genericfile.php'
 --- server/manual/content/content/content_genericfile.php	1970-01-01 00:00:00 +0000
 +++ server/manual/content/content/content_genericfile.php	2014-03-29 13:09:24 +0000
@@ -0,0 +1,25 @@
++<?php
++/*
++ * Xibo - Digital Signage - http://www.xibo.org.uk
++ * Copyright (C) 2006-2014 Daniel Garner
++ *
++ * This file is part of Xibo.
++ *
++ * Xibo is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU Affero General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * any later version.
++ *
++ * Xibo is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Affero General Public License for more details.
++ *
++ * You should have received a copy of the GNU Affero General Public License
++ * along with Xibo.  If not, see <http://www.gnu.org/licenses/>.
++ */
++defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
++?>
++<h1>Generic Files</h1>
++
++<p>The Generic File module allows for files to be uploaded that are not directly supported by the modules available in the CMS. This could be required for a variety of reasons - such a HTML file to be referenced by the Embedded Media Type.</p>
 === modified file 'server/manual/content/routes.php'
 --- server/manual/content/routes.php	2014-02-09 22:47:01 +0000
 +++ server/manual/content/routes.php	2014-03-29 13:09:24 +0000
@@ -61,6 +61,7 @@
  		'content/content_powerpoint',
  		'content/content_flash',
  		'content/content_dataset',
++		'content/content_genericfile',
  		'admin/modules',
  		'layout/overview',
  		'layout/layoutdesigner',
@@ -110,6 +111,7 @@
  		'admin/blueprints',
  		'admin/advanced',
  		'admin/contributing',
++		'admin/fileassociations',
  		'admin/database_model',
  		'admin/release_notes',
  		'admin/release_notes_archive',
 === modified file 'server/manual/content/toc_library.php'
 --- server/manual/content/toc_library.php	2013-12-31 14:20:43 +0000
 +++ server/manual/content/toc_library.php	2014-03-29 13:09:24 +0000
@@ -8,5 +8,6 @@
  	<a class="list-group-item" href="index.php?toc=library&p=content/content_image">Image</a>
  	<a class="list-group-item" href="index.php?toc=library&p=content/content_powerpoint">PowerPoint</a>
  	<a class="list-group-item" href="index.php?toc=library&p=content/content_dataset">DataSets</a>
++	<a class="list-group-item" href="index.php?toc=library&p=content/content_genericfile">Generic File</a>
  	<a class="list-group-item" href="index.php?toc=library&p=admin/modules">Media Modules</a>
  </div>
 \ No newline at end of file
 === modified file 'server/manual/content/toc_user_and_display.php'
 --- server/manual/content/toc_user_and_display.php	2013-12-30 19:53:51 +0000
 +++ server/manual/content/toc_user_and_display.php	2014-03-29 13:09:24 +0000
@@ -9,4 +9,5 @@
  	<a class="list-group-item" href="index.php?toc=user_and_display&p=admin/displaygroups">Display Groups</a>
  	<a class="list-group-item" href="index.php?toc=user_and_display&p=admin/displaystats">Display Statistics</a>
  	<a class="list-group-item" href="index.php?toc=user_and_display&p=admin/display_wakeonlan">Display Wake on LAN</a>
++	<a class="list-group-item" href="index.php?toc=user_and_display&p=admin/fileassociations">File Associations</a>
  </div>
 \ No newline at end of file
 === modified file 'server/modules/datasetview.module.php'
 --- server/modules/datasetview.module.php	2014-01-18 09:47:41 +0000
 +++ server/modules/datasetview.module.php	2014-03-29 13:09:24 +0000
@@ -410,13 +410,22 @@
              $styleSheet = $rawNode->nodeValue;
+         }
--        $headContent = '<style type="text/css">' . $styleSheet . '</style>';
--
--        if ($this->GetOption('rowsPerPage') != 0) {
--
--            // Include some JavaScript to kick off the cycle plugin
--            $headContent .= '<script type="text/javascript">function init() { $("#DataSetTableContainer").dataSetRender({duration: ' . $this->GetOption('duration') . '}); }</script>';
--        }
++        $options = array(
++            'duration' => $this->duration,
++            'originalWidth' => $this->width,
++            'originalHeight' => $this->height,
++            'rowsPerPage' => $this->GetOption('rowsPerPage'),
++            'previewWidth' => Kit::GetParam('width', _GET, _INT, 0),
++            'previewHeight' => Kit::GetParam('height', _GET, _INT, 0)
++        );
++
++        $headContent  = '<style type="text/css">' . $styleSheet . '</style>';
++        $headContent .= '<script type="text/javascript">';
++        $headContent .= '   function init() { ';
++        $headContent .= '       $("#DataSetTableContainer").dataSetRender(options);';
++        $headContent .= '   } ';
++        $headContent .= '   var options = ' . json_encode($options) . ';';
++        $headContent .= '</script>';
          // Load the HtmlTemplate
          $template = file_get_contents('modules/preview/HtmlTemplateForGetResource.html');
 === added file 'server/modules/genericfile.module.php'
 --- server/modules/genericfile.module.php	1970-01-01 00:00:00 +0000
 +++ server/modules/genericfile.module.php	2014-03-29 13:09:24 +0000
@@ -0,0 +1,128 @@
++<?php
++/*
++ * Xibo - Digital Signage - http://www.xibo.org.uk
++ * Copyright (C) 2014 Daniel Garner
++ *
++ * This file is part of Xibo.
++ *
++ * Xibo is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU Affero General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * any later version.
++ *
++ * Xibo is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU Affero General Public License for more details.
++ *
++ * You should have received a copy of the GNU Affero General Public License
++ * along with Xibo.  If not, see <http://www.gnu.org/licenses/>.
++ */
++class genericfile extends Module
++{
++    // Custom Media information
++    protected $maxFileSize;
++    protected $maxFileSizeBytes;
++
++    public function __construct(database $db, user $user, $mediaid = '', $layoutid = '', $regionid = '', $lkid = '')
++    {
++        // Must set the type of the class
++        $this->type= 'genericfile';
++        $this->displayType = __('Generic File');
++
++        // Get the max upload size from PHP
++        $this->maxFileSize 	= ini_get('upload_max_filesize');
++        $this->maxFileSizeBytes = convertBytes($this->maxFileSize);
++
++        // Must call the parent class
++        parent::__construct($db, $user, $mediaid, $layoutid, $regionid, $lkid);
++    }
++
++    /**
++     * Sets the Layout and Region Information
++     *  it will then fill in any blanks it has about this media if it can
++     * @return
++     * @param $layoutid Object
++     * @param $regionid Object
++     * @param $mediaid Object
++     */
++    public function SetRegionInformation($layoutid, $regionid)
++    {
++        $db =& $this->db;
++        $this->layoutid = $layoutid;
++        $this->regionid = $regionid;
++        $mediaid = $this->mediaid;
++        $this->existingMedia = false;
++
++        if ($this->regionSpecific == 1)
++            return;
++
++        try {
++            $dbh = PDOConnect::init();
++
++            // Load what we know about this media into the object
++            $sth = $dbh->prepare('SELECT storedAs FROM media WHERE mediaID = :mediaid');
++            $sth->execute(array('mediaid' => $mediaid));
++
++            if (!$storedAs = $sth->fetchColumn())
++                return false;
++
++            $this->SetOption('uri', $storedAs);
++        }
++        catch (Exception $e) {
++
++            Debug::LogEntry('error', $e->getMessage());
++
++            return false;
++        }
++
++        return true;
++    }
++
++    /**
++     * Return the Add Form as HTML
++     * @return
++     */
++    public function AddForm()
++    {
++        return $this->AddFormForLibraryMedia();
++    }
++
++    /**
++     * Return the Edit Form as HTML
++     * @return
++     */
++    public function EditForm()
++    {
++        return $this->EditFormForLibraryMedia();
++    }
++
++    /**
++     * Add Media to the Database
++     * @return
++     */
++    public function AddMedia()
++    {
++        return $this->AddLibraryMedia();
++    }
++
++    /**
++     * Edit Media in the Database
++     * @return
++     */
++    public function EditMedia()
++    {
++        return $this->EditLibraryMedia();
++    }
++
++    /**
++     * Get Resource
++     */
++    public function GetResource($displayId = 0)
++    {
++    	$this->ReturnFile();
++
++        exit();
++    }
++}
++?>
 === modified file 'server/modules/module_user_general.php'
 --- server/modules/module_user_general.php	2014-02-15 11:25:09 +0000
 +++ server/modules/module_user_general.php	2014-03-29 13:09:24 +0000
@@ -1,7 +1,7 @@
  <?php
  /*
   * Xibo - Digital Signage - http://www.xibo.org.uk
-- * Copyright (C) 2006-2013 Daniel Garner and James Packer
++ * Copyright (C) 2006-2014 Daniel Garner
+  *
   * This file is part of Xibo.
+  *
@@ -22,147 +22,147 @@
   class User
+  {
-- 	private $db;
++    private $db;
--	public $userid;
--	public $usertypeid;
--        public $userName;
--        public $homePage;
--
-- 	public function __construct(database $db)
--	{
--            $this->db           =& $db;
--            $this->userid 	= Kit::GetParam('userid', _SESSION, _INT);
--            $this->usertypeid   = Kit::GetParam('usertype', _SESSION, _INT);
++    public $userid;
++    public $usertypeid;
++    public $userName;
++    public $homePage;
++
++    public function __construct(database $db)
++    {
++        $this->db           =& $db;
++        $this->userid   = Kit::GetParam('userid', _SESSION, _INT);
++        $this->usertypeid   = Kit::GetParam('usertype', _SESSION, _INT);
--            // We havent authed yet
--            $this->authedDisplayGroupIDs = false;
--	}
--
--	/**
--	 * Validate the User is Logged In
--	 * @param $ajax Object[optional] Indicates if this request came from an AJAX call or otherwise
--	 */
--	function attempt_login($ajax = false)
--	{
--		$db =& $this->db;
--		$userid = Kit::GetParam('userid', _SESSION, _INT);
++        // We havent authed yet
++        $this->authedDisplayGroupIDs = false;
++    }
++
++    /**
++     * Validate the User is Logged In
++     * @param $ajax Object[optional] Indicates if this request came from an AJAX call or otherwise
++     */
++    function attempt_login($ajax = false)
++    {
++        $db =& $this->db;
++        $userid = Kit::GetParam('userid', _SESSION, _INT);
          // Referring Page is anything after the ?
--		$requestUri = rawurlencode(Kit::GetCurrentPage());
--
--		if (!$this->checkforUserid())
--		{
--			// Log out the user
--			if ($userid != 0)
--				$db->query(sprintf("UPDATE user SET loggedin = 0 WHERE userid = %d ", $userid));
++        $requestUri = rawurlencode(Kit::GetCurrentPage());
++
++        if (!$this->checkforUserid())
++        {
++            // Log out the user
++            if ($userid != 0)
++                $db->query(sprintf("UPDATE user SET loggedin = 0 WHERE userid = %d ", $userid));
--			// AJAX calls that fail the login test cause a page redirect
--			if ($ajax)
--			{
++            // AJAX calls that fail the login test cause a page redirect
++            if ($ajax)
++            {
                  //create the AJAX request object
                  $response = new ResponseManager();
                  $response->Login();
                  $response->Respond();
--			}
--			else
--			{
--				Theme::Set('form_meta', '<input type="hidden" name="token" value="' . CreateFormToken() . '" />');
--				Theme::Set('form_action', 'index.php?q=login&referingPage=' . $requestUri);
--				Theme::Set('about_url', 'index.php?p=index&q=About');
--				Theme::Set('source_url', 'https://launchpad.net/xibo/1.6');
++            }
++            else
++            {
++                Theme::Set('form_meta', '<input type="hidden" name="token" value="' . CreateFormToken() . '" />');
++                Theme::Set('form_action', 'index.php?q=login&referingPage=' . $requestUri);
++                Theme::Set('about_url', 'index.php?p=index&q=About');
++                Theme::Set('source_url', 'https://launchpad.net/xibo/1.6');
--				// Message (either from the URL or the session)
--				$message = Kit::GetParam('message', _GET, _STRING, Kit::GetParam('message', _SESSION, _STRING, ''));
--				Theme::Set('login_message', $message);
++                // Message (either from the URL or the session)
++                $message = Kit::GetParam('message', _GET, _STRING, Kit::GetParam('message', _SESSION, _STRING, ''));
++                Theme::Set('login_message', $message);
                  Theme::Render('login_page');
--		        // Clear the session message
--		        $_SESSION['message'] = '';
++                // Clear the session message
++                $_SESSION['message'] = '';
                  exit;
--			}
--
--			return false;
--		}
--		else
--		{
--			//write out to the db that the logged in user has accessed the page still
--			$SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d ", $userid);
--
--			$results = $db->query($SQL) or trigger_error("Can not write last accessed info.", E_USER_ERROR);
++            }
++
++            return false;
++        }
++        else
++        {
++            //write out to the db that the logged in user has accessed the page still
++            $SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d ", $userid);
++
++            $results = $db->query($SQL) or trigger_error("Can not write last accessed info.", E_USER_ERROR);
              // Load the information about this user
--			$this->LoginServices($userid);
--
--			return true;
--		}
--	}
--
--	/**
--	 * Login a user
--	 * @return
--	 * @param $username Object
--	 * @param $password Object
--	 */
--	function login($username, $password)
--	{
--		$db =& $this->db;
--
--		Kit::ClassLoader('userdata');
--
--		// Get the SALT for this username
--		if (!$userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '%s'", $db->escape_string($username)))) {
--			setMessage(__('Username or Password incorrect'));
--			return false;
--		}
--
--		// User Data Object to check the password
--		$userData = new Userdata($db);
--
--		// Is SALT empty
--		if ($userInfo['CSPRNG'] == 0) {
--
--			// Check the password using a MD5
--			if ($userInfo['UserPassword'] != md5($password)) {
--				setMessage(__('Username or Password incorrect'));
--				return false;
--			}
--
--			// Now that we are validated, generate a new SALT and set the users password.
--			$userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true /* Force Change */);
--		}
--		else {
--
--			// Check the users password using the random SALTED password
++            $this->LoginServices($userid);
++
++            return true;
++        }
++    }
++
++    /**
++     * Login a user
++     * @return
++     * @param $username Object
++     * @param $password Object
++     */
++    function login($username, $password)
++    {
++        $db =& $this->db;
++
++        Kit::ClassLoader('userdata');
++
++        // Get the SALT for this username
++        if (!$userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '%s'", $db->escape_string($username)))) {
++            setMessage(__('Username or Password incorrect'));
++            return false;
++        }
++
++        // User Data Object to check the password
++        $userData = new Userdata($db);
++
++        // Is SALT empty
++        if ($userInfo['CSPRNG'] == 0) {
++
++            // Check the password using a MD5
++            if ($userInfo['UserPassword'] != md5($password)) {
++                setMessage(__('Username or Password incorrect'));
++                return false;
++            }
++
++            // Now that we are validated, generate a new SALT and set the users password.
++            $userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true /* Force Change */);
++        }
++        else {
++
++            // Check the users password using the random SALTED password
              if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
--            	setMessage(__('Username or Password incorrect'));
--				return false;
++                setMessage(__('Username or Password incorrect'));
++                return false;
+             }
--		}
--
--		// there is a result so we store the userID in the session variable
--		$_SESSION['userid']	= Kit::ValidateParam($userInfo['UserID'], _INT);
--		$_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
--		$_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
--
--		// Set the User Object
--		$this->usertypeid = $_SESSION['usertype'];
--		$this->userid = $_SESSION['userid'];
--
--		// update the db
--		// write out to the db that the logged in user has accessed the page
--		$SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
--
--		$db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
--
--		// Switch Session ID's
--		global $session;
--		$session->setIsExpired(0);
--		$session->RegenerateSessionID(session_id());
--
--		return true;
--	}
++        }
++
++        // there is a result so we store the userID in the session variable
++        $_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
++        $_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
++        $_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
++
++        // Set the User Object
++        $this->usertypeid = $_SESSION['usertype'];
++        $this->userid = $_SESSION['userid'];
++
++        // update the db
++        // write out to the db that the logged in user has accessed the page
++        $SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
++
++        $db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
++
++        // Switch Session ID's
++        global $session;
++        $session->setIsExpired(0);
++        $session->RegenerateSessionID(session_id());
++
++        return true;
++    }
          /**
           * Logs in a specific userID
@@ -178,99 +178,99 @@
                  return false;
              $this->userName     = Kit::ValidateParam($results['UserName'], _USERNAME);
--            $this->usertypeid	= Kit::ValidateParam($results['usertypeid'], _INT);
--            $this->userid	= $userID;
++            $this->usertypeid   = Kit::ValidateParam($results['usertypeid'], _INT);
++            $this->userid   = $userID;
              $this->homePage = Kit::ValidateParam($results['homepage'], _WORD);
              return true;
+         }
--	/**
--	 * Logout the user associated with this user object
--	 * @return
--	 */
--	function logout()
--	{
--		$db 		=& $this->db;
--		global $session;
--
--		$userid = Kit::GetParam('userid', _SESSION, _INT);
--
--		//write out to the db that the logged in user has accessed the page still
--		$SQL = sprintf("UPDATE user SET loggedin = 0 WHERE userid = %d", $userid);
--		if(!$results = $db->query($SQL)) trigger_error("Can not write last accessed info.", E_USER_ERROR);
--
--		//to log out a user we need only to clear out some session vars
--		unset($_SESSION['userid']);
--		unset($_SESSION['username']);
--		unset($_SESSION['password']);
--
--		$session->setIsExpired(1);
--
--		return true;
--	}
--
--	//Check to see if a user id is in the session information
--	function checkforUserid()
--	{
--		$db 		=& $this->db;
--		global $session;
--
--		$userid = Kit::GetParam('userid', _SESSION, _INT, 0);
--
--		// Checks for a user ID in the session variable
--		if($userid == 0)
--		{
--			return false;
--		}
--		else
--		{
--			if(!is_numeric($_SESSION['userid']))
--			{
--				unset($_SESSION['userid']);
--				return false;
--			}
--			elseif ($session->isExpired == 1)
--			{
--				unset($_SESSION['userid']);
--				return false;
--			}
--			else
--			{
--				// check to see that the ID is still valid
--				$SQL = sprintf("SELECT UserID FROM user WHERE loggedin = 1 AND userid = %d", $userid);
--
--				$result = $db->query($SQL) or trigger_error($db->error(), E_USER_ERROR);
--
--				if($db->num_rows($result)==0)
--				{
--					unset($_SESSION['userid']);
--					return false;
--				}
--				return true;
--			}
--		}
--	}
--
--	function getNameFromID($id)
--	{
--		$db 		=& $this->db;
--
--		$SQL = sprintf("SELECT username FROM user WHERE userid = %d", $id);
--
--		if(!$results = $db->query($SQL)) trigger_error("Unknown user id in the system", E_USER_NOTICE);
--
--		// if no user is returned
--		if ($db->num_rows($results) == 0)
--		{
--			// assume that is the xibo_admin
--			return "None";
--		}
--
--		$row = $db->get_row($results);
--
--		return $row[0];
--	}
++    /**
++     * Logout the user associated with this user object
++     * @return
++     */
++    function logout()
++    {
++        $db         =& $this->db;
++        global $session;
++
++        $userid = Kit::GetParam('userid', _SESSION, _INT);
++
++        //write out to the db that the logged in user has accessed the page still
++        $SQL = sprintf("UPDATE user SET loggedin = 0 WHERE userid = %d", $userid);
++        if(!$results = $db->query($SQL)) trigger_error("Can not write last accessed info.", E_USER_ERROR);
++
++        //to log out a user we need only to clear out some session vars
++        unset($_SESSION['userid']);
++        unset($_SESSION['username']);
++        unset($_SESSION['password']);
++
++        $session->setIsExpired(1);
++
++        return true;
++    }
++
++    //Check to see if a user id is in the session information
++    function checkforUserid()
++    {
++        $db         =& $this->db;
++        global $session;
++
++        $userid = Kit::GetParam('userid', _SESSION, _INT, 0);
++
++        // Checks for a user ID in the session variable
++        if($userid == 0)
++        {
++            return false;
++        }
++        else
++        {
++            if(!is_numeric($_SESSION['userid']))
++            {
++                unset($_SESSION['userid']);
++                return false;
++            }
++            elseif ($session->isExpired == 1)
++            {
++                unset($_SESSION['userid']);
++                return false;
++            }
++            else
++            {
++                // check to see that the ID is still valid
++                $SQL = sprintf("SELECT UserID FROM user WHERE loggedin = 1 AND userid = %d", $userid);
++
++                $result = $db->query($SQL) or trigger_error($db->error(), E_USER_ERROR);
++
++                if($db->num_rows($result)==0)
++                {
++                    unset($_SESSION['userid']);
++                    return false;
++                }
++                return true;
++            }
++        }
++    }
++
++    function getNameFromID($id)
++    {
++        $db         =& $this->db;
++
++        $SQL = sprintf("SELECT username FROM user WHERE userid = %d", $id);
++
++        if(!$results = $db->query($SQL)) trigger_error("Unknown user id in the system", E_USER_NOTICE);
++
++        // if no user is returned
++        if ($db->num_rows($results) == 0)
++        {
++            // assume that is the xibo_admin
++            return "None";
++        }
++
++        $row = $db->get_row($results);
++
++        return $row[0];
++    }
          /**
           * Get an array of user groups for the given user id
@@ -279,7 +279,7 @@
           * @return <array>
           */
          public function GetUserGroups($id, $returnID = false)
--	{
++    {
              $db =& $this->db;
              $groupIDs = array();
@@ -335,12 +335,12 @@
              return $groups;
--	}
++    }
--	function getGroupFromID($id, $returnID = false)
--	{
++    function getGroupFromID($id, $returnID = false)
++    {
              $db =& $this->db;
--
++
              $SQL  = "";
              $SQL .= "SELECT group.group, ";
              $SQL .= "       group.groupID ";
@@ -351,13 +351,13 @@
              $SQL .= "       ON     group.groupID       = lkusergroup.GroupID ";
              $SQL .= sprintf("WHERE  `user`.userid                     = %d ", $id);
              $SQL .= "AND    `group`.IsUserSpecific = 1";
--
++
              if(!$results = $db->query($SQL))
+             {
                  trigger_error($db->error());
                  trigger_error("Error looking up user information (group)", E_USER_ERROR);
+             }
--
++
              if ($db->num_rows($results) == 0)
+             {
                  // Every user should have a group?
@@ -387,68 +387,68 @@
                  return $row[1];
+             }
              return $row[0];
--	}
--
--	function getUserTypeFromID($id, $returnID = false)
--	{
--		$db 		=& $this->db;
--
--		$SQL = sprintf("SELECT usertype.usertype, usertype.usertypeid FROM user INNER JOIN usertype ON usertype.usertypeid = user.usertypeid WHERE userid = %d", $id);
--
--		if(!$results = $db->query($SQL))
--		{
--			trigger_error("Error looking up user information (usertype)");
--			trigger_error($db->error());
--		}
--
--		if ($db->num_rows($results)==0)
--		{
--			if ($returnID)
--			{
--				return "3";
--			}
--			return "User";
--		}
--
--		$row = $db->get_row($results);
--
--		if ($returnID)
--		{
--			return $row[1];
--		}
--		return $row[0];
--	}
--
--	function getEmailFromID($id)
--	{
--		$db 		=& $this->db;
--
--		$SQL = sprintf("SELECT email FROM user WHERE userid = %d", $id);
--
--		if(!$results = $db->query($SQL)) trigger_error("Unknown user id in the system", E_USER_NOTICE);
--
--		if ($db->num_rows($results)==0)
--		{
--			$SQL = "SELECT email FROM user WHERE userid = 1";
--
--			if(!$results = $db->query($SQL))
--			{
--				trigger_error("Unknown user id in the system [$id]");
--			}
--		}
--
--		$row = $db->get_row($results);
--		return $row[1];
--	}
--
--	/**
++    }
++
++    function getUserTypeFromID($id, $returnID = false)
++    {
++        $db         =& $this->db;
++
++        $SQL = sprintf("SELECT usertype.usertype, usertype.usertypeid FROM user INNER JOIN usertype ON usertype.usertypeid = user.usertypeid WHERE userid = %d", $id);
++
++        if(!$results = $db->query($SQL))
++        {
++            trigger_error("Error looking up user information (usertype)");
++            trigger_error($db->error());
++        }
++
++        if ($db->num_rows($results)==0)
++        {
++            if ($returnID)
++            {
++                return "3";
++            }
++            return "User";
++        }
++
++        $row = $db->get_row($results);
++
++        if ($returnID)
++        {
++            return $row[1];
++        }
++        return $row[0];
++    }
++
++    function getEmailFromID($id)
++    {
++        $db         =& $this->db;
++
++        $SQL = sprintf("SELECT email FROM user WHERE userid = %d", $id);
++
++        if(!$results = $db->query($SQL)) trigger_error("Unknown user id in the system", E_USER_NOTICE);
++
++        if ($db->num_rows($results)==0)
++        {
++            $SQL = "SELECT email FROM user WHERE userid = 1";
++
++            if(!$results = $db->query($SQL))
++            {
++                trigger_error("Unknown user id in the system [$id]");
++            }
++        }
++
++        $row = $db->get_row($results);
++        return $row[1];
++    }
++
++    /**
           * Gets the homepage for the given userid
           * @param <type> $userId
           * @return <type>
           */
--	function GetHomePage($userId)
--	{
--            $db	=& $this->db;
++    function GetHomePage($userId)
++    {
++            $db =& $this->db;
              $SQL = sprintf("SELECT homepage FROM `user` WHERE userid = %d", $userId);