Context Navigation

source: branches/branch-1_5/admin/picture_modify.php @ 1003

Last change on this file since 1003 was 1003, checked in by nikrou, 18 years ago

Improve security of sessions:

use only cookies to store session id on client side
use default php session system with database handler to store sessions on server side

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 11.0 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2006-01-15 12:52:55 +0000 (Sun, 15 Jan 2006) $
10	// \| last modifier : $Author: nikrou $
11	// \| revision : $Revision: 1003 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	if(!defined("PHPWG_ROOT_PATH"))
29	{
30	die('Hacking attempt!');
31	}
32	include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
33
34	// +-----------------------------------------------------------------------+
35	// \| synchronize metadata \|
36	// +-----------------------------------------------------------------------+
37
38	if (isset($_GET['sync_metadata']))
39	{
40	$query = '
41	SELECT path
42	FROM '.IMAGES_TABLE.'
43	WHERE id = '.$_GET['image_id'].'
44	;';
45	list($path) = mysql_fetch_row(pwg_query($query));
46	update_metadata(array($_GET['image_id'] => $path));
47
48	array_push($page['infos'], l10n('Metadata synchronized from file'));
49	}
50
51	//--------------------------------------------------------- update informations
52
53	// first, we verify whether there is a mistake on the given creation date
54	if (isset($_POST['date_creation_action'])
55	and 'set' == $_POST['date_creation_action'])
56	{
57	if (!checkdate(
58	$_POST['date_creation_month'],
59	$_POST['date_creation_day'],
60	$_POST['date_creation_year'])
61	)
62	{
63	array_push($page['errors'], $lang['err_date']);
64	}
65	}
66
67	if (isset($_POST['submit']) and count($page['errors']) == 0)
68	{
69	$data = array();
70	$data{'id'} = $_GET['image_id'];
71	$data{'name'} = $_POST['name'];
72	$data{'author'} = $_POST['author'];
73
74	if ($conf['allow_html_descriptions'])
75	{
76	$data{'comment'} = @$_POST['description'];
77	}
78	else
79	{
80	$data{'comment'} = strip_tags(@$_POST['description']);
81	}
82
83	if (isset($_POST['date_creation_action']))
84	{
85	if ('set' == $_POST['date_creation_action'])
86	{
87	$data{'date_creation'} = $_POST['date_creation_year']
88	.'-'.$_POST['date_creation_month']
89	.'-'.$_POST['date_creation_day'];
90	}
91	else if ('unset' == $_POST['date_creation_action'])
92	{
93	$data{'date_creation'} = '';
94	}
95	}
96
97	$keywords = get_keywords($_POST['keywords']);
98	if (count($keywords) > 0)
99	{
100	$data{'keywords'} = implode(',', $keywords);
101	}
102	else
103	{
104	$data{'keywords'} = '';
105	}
106
107	mass_updates(
108	IMAGES_TABLE,
109	array(
110	'primary' => array('id'),
111	'update' => array_diff(array_keys($data), array('id'))
112	),
113	array($data)
114	);
115
116	array_push($page['infos'], l10n('Picture informations updated'));
117	}
118	// associate the element to other categories than its storage category
119	if (isset($_POST['associate'])
120	and isset($_POST['cat_dissociated'])
121	and count($_POST['cat_dissociated']) > 0)
122	{
123	$datas = array();
124	foreach ($_POST['cat_dissociated'] as $category_id)
125	{
126	array_push($datas, array('image_id' => $_GET['image_id'],
127	'category_id' => $category_id));
128	}
129	mass_inserts(IMAGE_CATEGORY_TABLE, array('image_id', 'category_id'), $datas);
130
131	update_category($_POST['cat_dissociated']);
132	}
133	// dissociate the element from categories (but not from its storage category)
134	if (isset($_POST['dissociate'])
135	and isset($_POST['cat_associated'])
136	and count($_POST['cat_associated']) > 0)
137	{
138	$query = '
139	DELETE FROM '.IMAGE_CATEGORY_TABLE.'
140	WHERE image_id = '.$_GET['image_id'].'
141	AND category_id IN ('.implode(',',$_POST['cat_associated'] ).')
142	';
143	pwg_query($query);
144	update_category($_POST['cat_associated']);
145	}
146	// elect the element to represent the given categories
147	if (isset($_POST['elect'])
148	and isset($_POST['cat_dismissed'])
149	and count($_POST['cat_dismissed']) > 0)
150	{
151	$datas = array();
152	foreach ($_POST['cat_dismissed'] as $category_id)
153	{
154	array_push($datas,
155	array('id' => $category_id,
156	'representative_picture_id' => $_GET['image_id']));
157	}
158	$fields = array('primary' => array('id'),
159	'update' => array('representative_picture_id'));
160	mass_updates(CATEGORIES_TABLE, $fields, $datas);
161	}
162	// dismiss the element as representant of the given categories
163	if (isset($_POST['dismiss'])
164	and isset($_POST['cat_elected'])
165	and count($_POST['cat_elected']) > 0)
166	{
167	set_random_representant($_POST['cat_elected']);
168	}
169
170	// retrieving direct information about picture
171	$query = '
172	SELECT *
173	FROM '.IMAGES_TABLE.'
174	WHERE id = '.$_GET['image_id'].'
175	;';
176	$row = mysql_fetch_array(pwg_query($query));
177
178	$storage_category_id = $row['storage_category_id'];
179
180	// Navigation path
181
182	$date = isset($_POST['date_creation']) && empty($page['errors'])
183	?$_POST['date_creation']:date_convert_back(@$row['date_creation']);
184
185	// +-----------------------------------------------------------------------+
186	// \| template init \|
187	// +-----------------------------------------------------------------------+
188
189	$template->set_filenames(
190	array(
191	'picture_modify' => 'admin/picture_modify.tpl'
192	)
193	);
194
195	$template->assign_vars(
196	array(
197	'U_SYNC' =>
198	PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
199	'&image_id='.$_GET['image_id'].
200	(isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : '').
201	'&sync_metadata=1',
202
203	'PATH'=>$row['path'],
204
205	'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),
206
207	'NAME' =>
208	isset($_POST['name']) ?
209	stripslashes($_POST['name']) : @$row['name'],
210
211	'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
212
213	'FILESIZE' => @$row['filesize'].' KB',
214
215	'REGISTRATION_DATE' =>
216	format_date($row['date_available'], 'mysql_datetime', false),
217
218	'AUTHOR' => isset($_POST['author']) ? $_POST['author'] : @$row['author'],
219
220	'CREATION_DATE' => $date,
221
222	'KEYWORDS' =>
223	isset($_POST['keywords']) ?
224	stripslashes($_POST['keywords']) : @$row['keywords'],
225
226	'DESCRIPTION' =>
227	isset($_POST['description']) ?
228	stripslashes($_POST['description']) : @$row['comment'],
229
230	'F_ACTION' =>
231	PHPWG_ROOT_PATH.'admin.php'
232	.get_query_string_diff(array('sync_metadata'))
233	)
234	);
235
236	// creation date
237	unset($day, $month, $year);
238
239	if (isset($_POST['date_creation_action'])
240	and 'set' == $_POST['date_creation_action'])
241	{
242	foreach (array('day', 'month', 'year') as $varname)
243	{
244	$$varname = $_POST['date_creation_'.$varname];
245	}
246	}
247	else if (isset($row['date_creation']) and !empty($row['date_creation']))
248	{
249	list($year, $month, $day) = explode('-', $row['date_creation']);
250	}
251	else
252	{
253	list($year, $month, $day) = array('', 0, 0);
254	}
255	get_day_list('date_creation_day', $day);
256	get_month_list('date_creation_month', $month);
257	$template->assign_vars(array('DATE_CREATION_YEAR_VALUE' => $year));
258
259	$query = '
260	SELECT category_id, uppercats
261	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
262	INNER JOIN '.CATEGORIES_TABLE.' AS c
263	ON c.id = ic.category_id
264	WHERE image_id = '.$_GET['image_id'].'
265	;';
266	$result = pwg_query($query);
267
268	if (mysql_num_rows($result) > 1)
269	{
270	$template->assign_block_vars('links', array());
271	}
272
273	while ($row = mysql_fetch_array($result))
274	{
275	$name =
276	get_cat_display_name_cache(
277	$row['uppercats'],
278	PHPWG_ROOT_PATH.'admin.php?page=cat_modify&cat_id=',
279	false
280	);
281
282	if ($row['category_id'] == $storage_category_id)
283	{
284	$template->assign_vars(array('STORAGE_CATEGORY' => $name));
285	}
286	else
287	{
288	$template->assign_block_vars('links.category', array('NAME' => $name));
289	}
290	}
291
292	// jump to link
293	//
294	// 1. find all linked categories that are reachable for the current user.
295	// 2. if a category is available in the URL, use it if reachable
296	// 3. if URL category not available or reachable, use the first reachable
297	// linked category
298	// 4. if no category reachable, no jumpto link
299	$base_url_img = PHPWG_ROOT_PATH.'picture.php';
300	$base_url_img.= '?image_id='.$_GET['image_id'];
301	$base_url_img.= '&cat=';
302	unset($url_img);
303
304	$query = '
305	SELECT category_id
306	FROM '.IMAGE_CATEGORY_TABLE.'
307	WHERE image_id = '.$_GET['image_id'].'
308	;';
309	$authorizeds = array_diff(
310	array_from_query($query, 'category_id'),
311	explode(',', calculate_permissions($user['id'], $user['status']))
312	);
313
314	if (isset($_GET['cat_id'])
315	and in_array($_GET['cat_id'], $authorizeds))
316	{
317	$url_img = $base_url_img.$_GET['cat_id'];
318	}
319	else
320	{
321	foreach ($authorizeds as $category)
322	{
323	$url_img = $base_url_img.$category;
324	break;
325	}
326	}
327
328	if (isset($url_img))
329	{
330	$template->assign_block_vars(
331	'jumpto',
332	array(
333	'URL' => $url_img
334	)
335	);
336	}
337
338	// associate to another category ?
339	$query = '
340	SELECT id,name,uppercats,global_rank
341	FROM '.CATEGORIES_TABLE.'
342	INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
343	WHERE image_id = '.$_GET['image_id'].'
344	AND id != '.$storage_category_id.'
345	;';
346	display_select_cat_wrapper($query, array(), 'associated_option');
347
348	$result = pwg_query($query);
349	$associateds = array($storage_category_id);
350	while ($row = mysql_fetch_array($result))
351	{
352	array_push($associateds, $row['id']);
353	}
354	$query = '
355	SELECT id,name,uppercats,global_rank
356	FROM '.CATEGORIES_TABLE.'
357	WHERE id NOT IN ('.implode(',', $associateds).')
358	;';
359	display_select_cat_wrapper($query, array(), 'dissociated_option');
360
361	// representing
362	$query = '
363	SELECT id,name,uppercats,global_rank
364	FROM '.CATEGORIES_TABLE.'
365	WHERE representative_picture_id = '.$_GET['image_id'].'
366	;';
367	display_select_cat_wrapper($query, array(), 'elected_option');
368
369	$query = '
370	SELECT id,name,uppercats,global_rank
371	FROM '.CATEGORIES_TABLE.'
372	WHERE representative_picture_id != '.$_GET['image_id'].'
373	OR representative_picture_id IS NULL
374	;';
375	display_select_cat_wrapper($query, array(), 'dismissed_option');
376
377	//----------------------------------------------------------- sending html code
378
379	$template->assign_var_from_handle('ADMIN_CONTENT', 'picture_modify');
380	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: