source: branches/2.1/admin/rating.php @ 6403

Revision 6403, 7.6 KB checked in by rvelices, 9 years ago (diff)

merge r6402 from trunk
removed unnecessary language key (Controversy) and potential sql fatal error in admin photo rating page

  • Property svn:eol-style set to LF
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH'))
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36// +-----------------------------------------------------------------------+
37// |                            initialization                             |
38// +-----------------------------------------------------------------------+
39if (isset($_GET['start']) and is_numeric($_GET['start']))
40{
41  $start = $_GET['start'];
42}
43else
44{
45  $start = 0;
46}
47
48$elements_per_page=10;
49if (isset($_GET['display']) and is_numeric($_GET['display']))
50{
51  $elements_per_page = $_GET['display'];
52}
53
54$order_by_index=0;
55if (isset($_GET['order_by']) and is_numeric($_GET['order_by']))
56{
57  $order_by_index = $_GET['order_by'];
58}
59
60$page['user_filter'] = '';
61if (isset($_GET['users']))
62{
63  if ($_GET['users'] == 'user')
64  {
65    $page['user_filter'] = ' AND r.user_id <> '.$conf['guest_id'];
66  }
67  elseif ($_GET['users'] == 'guest')
68  {
69    $page['user_filter'] = ' AND r.user_id = '.$conf['guest_id'];
70  }
71}
72
73if (isset($_GET['del']) and !is_adviser())
74{
75  $del_params = urldecode( $_GET['del'] );
76  parse_str($del_params, $vars);
77  if ( !is_numeric($vars['e']) or !is_numeric($vars['u']) )
78  {
79    die('Hacking attempt');
80  }
81  $query = '
82DELETE FROM '. RATE_TABLE .'
83WHERE element_id=' . $vars['e'] . '
84AND user_id=' . $vars['u'] . '
85AND anonymous_id=\'' . $vars['a'] . '\'
86;';
87  pwg_query($query);
88  update_average_rate( $vars['e'] );
89}
90
91$users = array();
92$query = '
93SELECT '.$conf['user_fields']['username'].' as username, '.$conf['user_fields']['id'].' as id
94  FROM '.USERS_TABLE.'
95;';
96$result = pwg_query($query);
97while ($row = pwg_db_fetch_assoc($result))
98{
99  $users[$row['id']]=stripslashes($row['username']);
100}
101
102
103$query = 'SELECT COUNT(DISTINCT(i.id))
104FROM '.RATE_TABLE.' AS r, '.IMAGES_TABLE.' AS i
105WHERE r.element_id=i.id'. $page['user_filter'] .
106';';
107list($nb_images) = pwg_db_fetch_row(pwg_query($query));
108
109
110// +-----------------------------------------------------------------------+
111// |                             template init                             |
112// +-----------------------------------------------------------------------+
113
114$template->set_filename('rating', 'rating.tpl');
115
116$template->assign(
117  array(
118    'navbar' => create_navigation_bar(
119      PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start','del')),
120      $nb_images,
121      $start,
122      $elements_per_page
123      ),
124    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php',
125    'DISPLAY' => $elements_per_page,
126    'NB_ELEMENTS' => $nb_images,
127    )
128  );
129
130
131
132$available_order_by= array(
133    array(l10n('Rate date'), 'recently_rated DESC'),
134    array(l10n('Average rate'), 'average_rate DESC'),
135    array(l10n('Number of rates'), 'nb_rates DESC'),
136    array(l10n('Sum of rates'), 'sum_rates DESC'),
137    array(l10n('File name'), 'file DESC'),
138    array(l10n('Creation date'), 'date_creation DESC'),
139    array(l10n('Post date'), 'date_available DESC'),
140  );
141
142for ($i=0; $i<count($available_order_by); $i++)
143{
144  $template->append(
145    'order_by_options',
146    $available_order_by[$i][0]
147    );
148}
149$template->assign('order_by_options_selected', array($order_by_index) );
150
151
152$user_options = array(
153  'all'   => l10n('all'),
154  'user'  => l10n('Users'),
155  'guest' => l10n('Guests'),
156  );
157
158$template->assign('user_options', $user_options );
159$template->assign('user_options_selected', array(@$_GET['users']) );
160
161
162$query = '
163SELECT i.id,
164       i.path,
165       i.file,
166       i.tn_ext,
167       i.average_rate,
168       MAX(r.date)          AS recently_rated,
169       COUNT(r.rate)        AS nb_rates,
170       SUM(r.rate)          AS sum_rates
171  FROM '.RATE_TABLE.' AS r
172    LEFT JOIN '.IMAGES_TABLE.' AS i ON r.element_id = i.id
173  WHERE 1 = 1 ' . $page['user_filter'] . '
174  GROUP BY r.element_id
175  ORDER BY ' . $available_order_by[$order_by_index][1] .'
176  LIMIT '.$elements_per_page.' OFFSET '.$start.'
177;';
178
179$images = array();
180$result = pwg_query($query);
181while ($row = pwg_db_fetch_assoc($result))
182{
183  array_push($images, $row);
184}
185
186$template->assign( 'images', array() );
187foreach ($images as $image)
188{
189  $thumbnail_src = get_thumbnail_url($image);
190
191  $image_url = PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
192            '&amp;image_id='.$image['id'];
193
194  $query = 'SELECT *
195FROM '.RATE_TABLE.' AS r
196WHERE r.element_id='.$image['id'] . '
197ORDER BY date DESC;';
198  $result = pwg_query($query);
199  $nb_rates = pwg_db_num_rows($result);
200
201  $tpl_image = 
202     array(
203       'U_THUMB' => $thumbnail_src,
204       'U_URL' => $image_url,
205       'AVG_RATE' => $image['average_rate'],
206       'SUM_RATE' => $image['sum_rates'],
207       'NB_RATES' => (int)$image['nb_rates'],
208       'NB_RATES_TOTAL' => (int)$nb_rates,
209       'FILE' => $image['file'],
210       'rates'  => array()
211   );
212
213  while ($row = pwg_db_fetch_assoc($result))
214  {
215
216    $url_del = PHPWG_ROOT_PATH.'admin.php'.
217                get_query_string_diff(array('del'));
218
219    $del_param = 'e='.$image['id'].
220                 '&u='.$row['user_id'].
221                 '&a='.$row['anonymous_id'];
222
223    $url_del .= '&amp;del='.urlencode(urlencode($del_param));
224
225    if ( isset($users[$row['user_id']]) )
226    {
227      $user_rate = $users[$row['user_id']];
228    }
229    else
230    {
231      $user_rate = '? '. $row['user_id'];
232    }
233    if ( strlen($row['anonymous_id'])>0 )
234    {
235      $user_rate .= '('.$row['anonymous_id'].')';
236    }
237
238    $tpl_image['rates'][] =
239       array(
240         'DATE' => format_date($row['date']),
241         'RATE' => $row['rate'],
242         'USER' => $user_rate,
243         'U_DELETE' => $url_del
244     );
245  }
246  $template->append( 'images', $tpl_image );
247}
248
249// +-----------------------------------------------------------------------+
250// |                           sending html code                           |
251// +-----------------------------------------------------------------------+
252$template->assign_var_from_handle('ADMIN_CONTENT', 'rating');
253?>
Note: See TracBrowser for help on using the repository browser.