source: branches/branch-1_5/admin/element_set_unit.php @ 1003

Last change on this file since 1003 was 1003, checked in by nikrou, 18 years ago

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 7.3 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-01-15 12:52:55 +0000 (Sun, 15 Jan 2006) $
10// | last modifier : $Author: nikrou $
11// | revision      : $Revision: 1003 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28/**
29 * Management of elements set. Elements can belong to a category or to the
30 * user caddie.
31 *
32 */
33 
34if (!defined('PHPWG_ROOT_PATH'))
35{
36  die('Hacking attempt!');
37}
38include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
39
40// +-----------------------------------------------------------------------+
41// |                        unit mode form submission                      |
42// +-----------------------------------------------------------------------+
43
44if (isset($_POST['submit']))
45{
46  $collection = explode(',', $_POST['list']);
47 
48  $datas = array();
49 
50  $query = '
51SELECT id, date_creation
52  FROM '.IMAGES_TABLE.'
53  WHERE id IN ('.implode(',', $collection).')
54;';
55  $result = pwg_query($query);
56
57  while ($row = mysql_fetch_array($result))
58  {
59    $data = array();
60
61    $data{'id'} = $row['id'];
62    $data{'name'} = $_POST['name-'.$row['id']];
63    $data{'author'} = $_POST['author-'.$row['id']];
64
65    foreach (array('name', 'author') as $field)
66    {
67      if (!empty($_POST[$field.'-'.$row['id']]))
68      {
69        $data{$field} = strip_tags($_POST[$field.'-'.$row['id']]);
70      }
71    }
72   
73    if ($conf['allow_html_descriptions'])
74    {
75      $data{'comment'} = @$_POST['description-'.$row['id']];
76    }
77    else
78    {
79      $data{'comment'} = strip_tags(@$_POST['description-'.$row['id']]);
80    }
81
82    if (isset($_POST['date_creation_action-'.$row['id']]))
83    {
84      if ('set' == $_POST['date_creation_action-'.$row['id']])
85      {
86        $data{'date_creation'} =
87          $_POST['date_creation_year-'.$row['id']]
88            .'-'.$_POST['date_creation_month-'.$row['id']]
89            .'-'.$_POST['date_creation_day-'.$row['id']];
90      }
91      else if ('unset' == $_POST['date_creation_action-'.$row['id']])
92      {
93        $data{'date_creation'} = '';
94      }
95    }
96    else
97    {
98      $data{'date_creation'} = $row['date_creation'];
99    }
100
101    $keywords = get_keywords($_POST['keywords-'.$row['id']]);
102    if (count($keywords) > 0)
103    {
104      $data{'keywords'} = implode(',', $keywords);
105    }
106    else
107    {
108      $data{'keywords'} = '';
109    }
110
111    array_push($datas, $data);
112  }
113 
114  mass_updates(
115    IMAGES_TABLE,
116    array(
117      'primary' => array('id'),
118      'update' => array('name','author','comment','date_creation','keywords')
119      ),
120    $datas
121    );
122 
123  array_push($page['infos'], l10n('Picture informations updated'));
124}
125
126// +-----------------------------------------------------------------------+
127// |                             template init                             |
128// +-----------------------------------------------------------------------+
129
130$template->set_filenames(
131  array('element_set_unit' => 'admin/element_set_unit.tpl'));
132
133$base_url = PHPWG_ROOT_PATH.'admin.php';
134
135// $form_action = $base_url.'?page=element_set_global';
136
137$template->assign_vars(
138  array(
139    'CATEGORIES_NAV'=>$page['title'],
140
141    'L_SUBMIT'=>$lang['submit'],
142   
143    'U_ELEMENTS_PAGE'
144    =>$base_url.get_query_string_diff(array('display','start')),
145   
146    'U_GLOBAL_MODE'
147    =>
148    $base_url
149    .get_query_string_diff(array('mode','display'))
150    .'&amp;mode=global',
151   
152    'F_ACTION'=>$base_url.get_query_string_diff(array()),
153    )
154  );
155
156// +-----------------------------------------------------------------------+
157// |                        global mode thumbnails                         |
158// +-----------------------------------------------------------------------+
159
160// how many items to display on this page
161if (!empty($_GET['display']))
162{
163  if ('all' == $_GET['display'])
164  {
165    $page['nb_images'] = count($page['cat_elements_id']);
166  }
167  else
168  {
169    $page['nb_images'] = intval($_GET['display']);
170  }
171}
172else
173{
174  $page['nb_images'] = 5;
175}
176
177
178
179if (count($page['cat_elements_id']) > 0)
180{
181  $nav_bar = create_navigation_bar(
182    $base_url.get_query_string_diff(array('start')),
183    count($page['cat_elements_id']),
184    $page['start'],
185    $page['nb_images'],
186    '');
187  $template->assign_vars(array('NAV_BAR' => $nav_bar));
188
189 
190  $element_ids = array();
191
192  $query = '
193SELECT id,path,tn_ext,name,date_creation,comment,keywords,author,file
194  FROM '.IMAGES_TABLE.'
195  WHERE id IN ('.implode(',', $page['cat_elements_id']).')
196  '.$conf['order_by'].'
197  LIMIT '.$page['start'].', '.$page['nb_images'].'
198;';
199  $result = pwg_query($query);
200
201  while ($row = mysql_fetch_array($result))
202  {
203    // echo '<pre>'; print_r($row); echo '</pre>';
204    array_push($element_ids, $row['id']);
205   
206    $src = get_thumbnail_src($row['path'], @$row['tn_ext']);
207   
208    // creation date
209    if (!empty($row['date_creation']))
210    {
211      list($year,$month,$day) = explode('-', $row['date_creation']);
212    }
213    else
214    {
215      list($year,$month,$day) = array('','','');
216    }
217   
218    $template->assign_block_vars(
219      'element',
220      array(
221        'LEGEND' =>
222          !empty($row['name']) ?
223            $row['name'] : get_name_from_file($row['file']),
224        'U_EDIT' =>
225            PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
226            '&amp;image_id='.$row['id'],
227        'ID' => $row['id'],
228        'FILENAME' => $row['path'],
229        'TN_SRC' => $src,
230        'NAME' => @$row['name'],
231        'AUTHOR' => @$row['author'],
232        'DESCRIPTION' => @$row['comment'],
233        'DATE_CREATION_YEAR' => $year,
234        'KEYWORDS' => @$row['keywords']
235        )
236      );
237   
238    get_day_list('element.date_creation_day', $day);
239    get_month_list('element.date_creation_month', $month);
240  }
241
242  $template->assign_vars(array('IDS_LIST' => implode(',', $element_ids)));
243}
244
245// +-----------------------------------------------------------------------+
246// |                           sending html code                           |
247// +-----------------------------------------------------------------------+
248
249$template->assign_var_from_handle('ADMIN_CONTENT', 'element_set_unit');
250?>
Note: See TracBrowser for help on using the repository browser.