Context Navigation

source: branches/2.0/admin/element_set_global.php @ 4495

Last change on this file since 4495 was 4495, checked in by plg, 14 years ago
bug 1329 fixed: add a check_input_parameter function to prevent hacking attempts.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 14.1 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Management of elements set. Elements can belong to a category or to the
26	* user caddie.
27	*
28	*/
29
30	if (!defined('PHPWG_ROOT_PATH'))
31	{
32	die('Hacking attempt!');
33	}
34
35	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
36
37	// +-----------------------------------------------------------------------+
38	// \| Check Access and exit when user status is not ok \|
39	// +-----------------------------------------------------------------------+
40	check_status(ACCESS_ADMINISTRATOR);
41
42	// +-----------------------------------------------------------------------+
43	// \| deletion form submission \|
44	// +-----------------------------------------------------------------------+
45
46	// the $_POST['selection'] was already checked in element_set.php
47	check_input_parameter('add_tags', @$_POST['add_tags'], true, PATTERN_ID);
48	check_input_parameter('del_tags', @$_POST['del_tags'], true, PATTERN_ID);
49	check_input_parameter('associate', @$_POST['associate'], false, PATTERN_ID);
50	check_input_parameter('dissociate', @$_POST['dissociate'], false, PATTERN_ID);
51
52	if (isset($_POST['delete']))
53	{
54	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
55	{
56	$collection = array();
57
58	switch ($_POST['target_deletion'])
59	{
60	case 'all' :
61	{
62	$collection = $page['cat_elements_id'];
63	break;
64	}
65	case 'selection' :
66	{
67	if (!isset($_POST['selection']) or count($_POST['selection']) == 0)
68	{
69	array_push($page['errors'], l10n('Select at least one picture'));
70	}
71	else
72	{
73	$collection = $_POST['selection'];
74	}
75	break;
76	}
77	}
78
79	// filter selection on photos that have no storage_category_id (ie that
80	// were added via pLoader)
81	if (count($collection) > 0)
82	{
83	$query = '
84	SELECT
85	id
86	FROM '.IMAGES_TABLE.'
87	WHERE id IN ('.implode(',', $collection).')
88	AND storage_category_id IS NULL
89	;';
90	$deletables = array_from_query($query, 'id');
91
92	if (count($deletables) > 0)
93	{
94	// what will be the categories to update? (to avoid orphan on
95	// representative_picture_id)
96	$query = '
97	SELECT
98	category_id
99	FROM '.IMAGE_CATEGORY_TABLE.'
100	WHERE image_id IN ('.implode(',', $deletables).')
101	;';
102	$categories_to_update = array_from_query($query, 'category_id');
103
104	$physical_deletion = true;
105	delete_elements($deletables, $physical_deletion);
106
107	update_category($categories_to_update);
108
109	array_push(
110	$page['infos'],
111	sprintf(
112	l10n_dec(
113	'%d photo was deleted',
114	'%d photos were deleted',
115	count($deletables)
116	),
117	count($deletables)
118	)
119	);
120	}
121	else
122	{
123	array_push($page['errors'], l10n('No photo can be deleted'));
124	}
125	}
126	}
127	else
128	{
129	array_push($page['errors'], l10n('You need to confirm deletion'));
130	}
131	}
132
133	// +-----------------------------------------------------------------------+
134	// \| global mode form submission \|
135	// +-----------------------------------------------------------------------+
136
137	if (isset($_POST['submit']))
138	{
139	$collection = array();
140
141	// echo '<pre>';
142	// print_r($_POST);
143	// echo '</pre>';
144	// exit();
145
146	switch ($_POST['target'])
147	{
148	case 'all' :
149	{
150	$collection = $page['cat_elements_id'];
151	break;
152	}
153	case 'selection' :
154	{
155	if (!isset($_POST['selection']) or count($_POST['selection']) == 0)
156	{
157	array_push($page['errors'], l10n('Select at least one picture'));
158	}
159	else
160	{
161	$collection = $_POST['selection'];
162	}
163	break;
164	}
165	}
166
167	if (isset($_POST['add_tags']) and count($collection) > 0)
168	{
169	add_tags($_POST['add_tags'], $collection);
170	}
171
172	if (isset($_POST['del_tags']) and count($collection) > 0)
173	{
174	$query = '
175	DELETE
176	FROM '.IMAGE_TAG_TABLE.'
177	WHERE image_id IN ('.implode(',', $collection).')
178	AND tag_id IN ('.implode(',', $_POST['del_tags']).')
179	;';
180	pwg_query($query);
181	}
182
183	if ($_POST['associate'] != 0 and count($collection) > 0)
184	{
185	associate_images_to_categories(
186	$collection,
187	array($_POST['associate'])
188	);
189	}
190
191	if ($_POST['dissociate'] != 0 and count($collection) > 0)
192	{
193	// physical links must not be broken, so we must first retrieve image_id
194	// which create virtual links with the category to "dissociate from".
195	$query = '
196	SELECT id
197	FROM '.IMAGE_CATEGORY_TABLE.'
198	INNER JOIN '.IMAGES_TABLE.' ON image_id = id
199	WHERE category_id = '.$_POST['dissociate'].'
200	AND id IN ('.implode(',', $collection).')
201	AND (
202	category_id != storage_category_id
203	OR storage_category_id IS NULL
204	)
205	;';
206	$dissociables = array_from_query($query, 'id');
207
208	if (!empty($dissociables))
209	{
210	$query = '
211	DELETE
212	FROM '.IMAGE_CATEGORY_TABLE.'
213	WHERE category_id = '.$_POST['dissociate'].'
214	AND image_id IN ('.implode(',', $dissociables).')
215	';
216	pwg_query($query);
217
218	// we remove the dissociated images if we are currently displaying the
219	// category to dissociate from.
220	if (is_numeric($_GET['cat']) and $_POST['dissociate'] == $_GET['cat'])
221	{
222	$page['cat_elements_id'] = array_diff(
223	$page['cat_elements_id'],
224	$dissociables
225	);
226	}
227	}
228
229	update_category($_POST['dissociate']);
230	}
231
232	$datas = array();
233	$dbfields = array('primary' => array('id'), 'update' => array());
234
235	$formfields = array('author', 'name', 'date_creation', 'level');
236	foreach ($formfields as $formfield)
237	{
238	if ($_POST[$formfield.'_action'] != 'leave')
239	{
240	array_push($dbfields['update'], $formfield);
241	}
242	}
243
244	// updating elements is useful only if needed...
245	if (count($dbfields['update']) > 0 and count($collection) > 0)
246	{
247	$query = '
248	SELECT id
249	FROM '.IMAGES_TABLE.'
250	WHERE id IN ('.implode(',', $collection).')
251	;';
252	$result = pwg_query($query);
253
254	while ($row = mysql_fetch_array($result))
255	{
256	$data = array();
257	$data['id'] = $row['id'];
258
259	if ('set' == $_POST['author_action'])
260	{
261	$data['author'] = $_POST['author'];
262	if ('' == $data['author'])
263	{
264	unset($data['author']);
265	}
266	}
267
268	if ('set' == $_POST['name_action'])
269	{
270	$data['name'] = $_POST['name'];
271	if ('' == $data['name'])
272	{
273	unset($data['name']);
274	}
275	}
276
277	if ('set' == $_POST['date_creation_action'])
278	{
279	$data['date_creation'] =
280	$_POST['date_creation_year']
281	.'-'.$_POST['date_creation_month']
282	.'-'.$_POST['date_creation_day']
283	;
284	}
285
286	if ('set' == $_POST['level_action'])
287	{
288	$data['level'] = $_POST['level'];
289	}
290
291	array_push($datas, $data);
292	}
293	// echo '<pre>'; print_r($datas); echo '</pre>';
294	mass_updates(IMAGES_TABLE, $dbfields, $datas);
295	}
296	}
297
298	// +-----------------------------------------------------------------------+
299	// \| template init \|
300	// +-----------------------------------------------------------------------+
301	$template->set_filenames(
302	array('element_set_global' => 'element_set_global.tpl'));
303
304	$base_url = get_root_url().'admin.php';
305
306	// $form_action = $base_url.'?page=element_set_global';
307
308	$template->assign(
309	array(
310	'CATEGORIES_NAV'=>$page['title'],
311
312	'U_DISPLAY'=>$base_url.get_query_string_diff(array('display')),
313
314	'U_UNIT_MODE'
315	=>
316	$base_url
317	.get_query_string_diff(array('mode','display'))
318	.'&mode=unit',
319
320	'F_ACTION'=>$base_url.get_query_string_diff(array()),
321	)
322	);
323
324	// +-----------------------------------------------------------------------+
325	// \| caddie options \|
326	// +-----------------------------------------------------------------------+
327
328	$template->assign('IN_CADDIE', 'caddie' == $_GET['cat'] ? true : false );
329
330	// +-----------------------------------------------------------------------+
331	// \| deletion form \|
332	// +-----------------------------------------------------------------------+
333
334	// we can only remove photos that have no storage_category_id, in other
335	// word, it currently (Butterfly) means that the photo was added with
336	// pLoader
337	if (count($page['cat_elements_id']) > 0)
338	{
339	$query = '
340	SELECT
341	COUNT(*)
342	FROM '.IMAGES_TABLE.'
343	WHERE id IN ('.implode(',', $page['cat_elements_id']).')
344	AND storage_category_id IS NULL
345	;';
346	list($counter) = mysql_fetch_row(pwg_query($query));
347
348	if ($counter > 0)
349	{
350	$template->assign('show_delete_form', true);
351	}
352	}
353
354	// +-----------------------------------------------------------------------+
355	// \| global mode form \|
356	// +-----------------------------------------------------------------------+
357
358	// Virtualy associate a picture to a category
359	$query = '
360	SELECT id,name,uppercats,global_rank
361	FROM '.CATEGORIES_TABLE.'
362	;';
363	display_select_cat_wrapper($query, array(), 'associate_options', true);
364
365	// Dissociate from a category : categories listed for dissociation can
366	// only represent virtual links. Links to physical categories can't be
367	// broken
368	if (count($page['cat_elements_id']) > 0)
369	{
370	$query = '
371	SELECT
372	DISTINCT(category_id) AS id,
373	c.name,
374	c.uppercats,
375	c.global_rank
376	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
377	JOIN '.CATEGORIES_TABLE.' AS c ON c.id = ic.category_id
378	JOIN '.IMAGES_TABLE.' AS i ON i.id = ic.image_id
379	WHERE ic.image_id IN ('.implode(',', $page['cat_elements_id']).')
380	AND (
381	ic.category_id != i.storage_category_id
382	OR i.storage_category_id IS NULL
383	)
384	;';
385	display_select_cat_wrapper($query, array(), 'dissociate_options', true);
386	}
387
388	$all_tags = get_all_tags();
389
390	if (count($all_tags) > 0)
391	{// add tags
392	$template->assign(
393	array(
394	'ADD_TAG_SELECTION' => get_html_tag_selection(
395	$all_tags,
396	'add_tags'
397	),
398	)
399	);
400	}
401
402	if (count($page['cat_elements_id']) > 0)
403	{
404	// remove tags
405	$tags = get_common_tags($page['cat_elements_id'], -1);
406
407	$template->assign(
408	array(
409	'DEL_TAG_SELECTION' => get_html_tag_selection($tags, 'del_tags'),
410	)
411	);
412	}
413
414	// creation date
415	$day =
416	empty($_POST['date_creation_day']) ? date('j') : $_POST['date_creation_day'];
417
418	$month =
419	empty($_POST['date_creation_month']) ? date('n') : $_POST['date_creation_month'];
420
421	$year =
422	empty($_POST['date_creation_year']) ? date('Y') : $_POST['date_creation_year'];
423
424	$month_list = $lang['month'];
425	$month_list[0]='------------';
426	ksort($month_list);
427	$template->assign( array(
428	'month_list' => $month_list,
429	'DATE_CREATION_DAY' => (int)$day,
430	'DATE_CREATION_MONTH'=> (int)$month,
431	'DATE_CREATION_YEAR' => (int)$year,
432	)
433	);
434
435	// image level options
436	$tpl_options = array();
437	foreach ($conf['available_permission_levels'] as $level)
438	{
439	$tpl_options[$level] = l10n( sprintf('Level %d', $level) );
440	}
441	$template->assign(
442	array(
443	'level_options'=> $tpl_options,
444	)
445	);
446
447	// +-----------------------------------------------------------------------+
448	// \| global mode thumbnails \|
449	// +-----------------------------------------------------------------------+
450
451	// how many items to display on this page
452	if (!empty($_GET['display']))
453	{
454	if ('all' == $_GET['display'])
455	{
456	$page['nb_images'] = count($page['cat_elements_id']);
457	}
458	else
459	{
460	$page['nb_images'] = intval($_GET['display']);
461	}
462	}
463	else
464	{
465	$page['nb_images'] = 20;
466	}
467
468	if (count($page['cat_elements_id']) > 0)
469	{
470	$nav_bar = create_navigation_bar(
471	$base_url.get_query_string_diff(array('start')),
472	count($page['cat_elements_id']),
473	$page['start'],
474	$page['nb_images']
475	);
476	$template->assign('NAV_BAR', $nav_bar);
477
478	$query = '
479	SELECT id,path,tn_ext,file,filesize,level
480	FROM '.IMAGES_TABLE.'
481	WHERE id IN ('.implode(',', $page['cat_elements_id']).')
482	'.$conf['order_by'].'
483	LIMIT '.$page['start'].', '.$page['nb_images'].'
484	;';
485	//echo '<pre>'.$query.'</pre>';
486	$result = pwg_query($query);
487
488	// template thumbnail initialization
489
490	while ($row = mysql_fetch_assoc($result))
491	{
492	$src = get_thumbnail_url($row);
493
494	$template->append(
495	'thumbnails',
496	array(
497	'ID' => $row['id'],
498	'TN_SRC' => $src,
499	'FILE' => $row['file'],
500	'TITLE' => get_thumbnail_title($row),
501	'LEVEL' => $row['level']
502	)
503	);
504	}
505	}
506
507	//----------------------------------------------------------- sending html code
508	$template->assign_var_from_handle('ADMIN_CONTENT', 'element_set_global');
509	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: