source: branches/branch-1_5/admin/waiting.php @ 1003

Last change on this file since 1003 was 1003, checked in by nikrou, 18 years ago

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 6.8 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-01-15 12:52:55 +0000 (Sun, 15 Jan 2006) $
10// | last modifier : $Author: nikrou $
11// | revision      : $Revision: 1003 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27if( !defined("PHPWG_ROOT_PATH") )
28{
29  die ("Hacking attempt!");
30}
31include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
32//--------------------------------------------------------------------- updates
33
34if (isset($_POST))
35{
36  $to_validate = array();
37  $to_reject = array();
38 
39  if (isset($_POST['submit']))
40  {   
41    foreach (explode(',', $_POST['list']) as $waiting_id)
42    {
43      if (isset($_POST['action-'.$waiting_id]))
44      {
45        switch ($_POST['action-'.$waiting_id])
46        {
47          case 'reject' :
48          {
49            array_push($to_reject, $waiting_id);
50            break;
51          }
52          case 'validate' :
53          {
54            array_push($to_validate, $waiting_id);
55            break;
56          }
57        }
58      }
59    }
60  }
61  else if (isset($_POST['validate-all']))
62  {
63    $to_validate = explode(',', $_POST['list']);
64  }
65  else if (isset($_POST['reject-all']))
66  {
67    $to_reject = explode(',', $_POST['list']);
68  }
69
70  if (count($to_validate) > 0)
71  {
72    $query = '
73UPDATE '.WAITING_TABLE.'
74  SET validated = \'true\'
75  WHERE id IN ('.implode(',', $to_validate).')
76;';
77    pwg_query($query);
78
79    array_push(
80      $page['infos'],
81      sprintf(
82        l10n('%d waiting pictures validated'),
83        count($to_validate)
84        )
85      );
86  }
87
88  if (count($to_reject) > 0)
89  {
90    // The uploaded element was refused, we have to delete its reference in
91    // the database and to delete the element as well.
92    $query = '
93SELECT id, storage_category_id, file, tn_ext
94  FROM '.WAITING_TABLE.'
95  WHERE id IN ('.implode(',', $to_reject).')
96;';
97    $result = pwg_query($query);
98    while($row = mysql_fetch_array($result))
99    {
100      $dir = get_complete_dir($row['storage_category_id']);
101      unlink($dir.$row['file']);
102      if (isset($row['tn_ext']) and $row['tn_ext'] != '')
103      {
104        unlink(
105          get_thumbnail_src(
106            $dir.$row['file'],
107            $row['tn_ext']
108            )
109          );
110      }
111      else if (@is_file(get_thumbnail_src($dir.$row['file'], 'jpg')))
112      {
113        unlink(
114          get_thumbnail_src(
115            $dir.$row['file'],
116            'jpg'
117            )
118          );
119      }
120    }
121   
122    $query = '
123DELETE
124  FROM '.WAITING_TABLE.'
125  WHERE id IN ('.implode(',', $to_reject).')
126;';
127    pwg_query($query);
128
129    array_push(
130      $page['infos'],
131      sprintf(
132        l10n('%d waiting pictures rejected'),
133        count($to_reject)
134        )
135      );
136  }
137}
138
139//----------------------------------------------------- template initialization
140$template->set_filenames(array('waiting'=>'admin/waiting.tpl'));
141$template->assign_vars(array(
142  'L_AUTHOR'=>$lang['author'],
143  'L_THUMBNAIL'=>$lang['thumbnail'],
144  'L_DATE'=>$lang['date'],
145  'L_FILE'=>$lang['file'],
146  'L_CATEGORY'=>$lang['category'],
147  'L_SUBMIT'=>$lang['submit'],
148  'L_RESET'=>$lang['reset'],
149  'L_DELETE'=>$lang['delete'],
150 
151  'F_ACTION'=>str_replace( '&', '&amp;', $_SERVER['REQUEST_URI'])
152  ));
153 
154//---------------------------------------------------------------- form display
155$cat_names = array();
156$list = array();
157
158$query = 'SELECT * FROM '.WAITING_TABLE;
159$query.= " WHERE validated = 'false'";
160$query.= ' ORDER BY storage_category_id';
161$query.= ';';
162$result = pwg_query( $query );
163$i = 0;
164while ( $row = mysql_fetch_array( $result ) )
165{
166  if ( !isset( $cat_names[$row['storage_category_id']] ) )
167  {
168    $cat = get_cat_info( $row['storage_category_id'] );
169    $cat_names[$row['storage_category_id']] = array();
170    $cat_names[$row['storage_category_id']]['dir'] =
171      PHPWG_ROOT_PATH.get_complete_dir( $row['storage_category_id'] );
172    $cat_names[$row['storage_category_id']]['display_name'] =
173      get_cat_display_name($cat['name']);
174  }
175  $preview_url = PHPWG_ROOT_PATH.$cat_names[$row['storage_category_id']]['dir'].$row['file'];
176  $class='row1';
177  if ( $i++ % 2== 0 ) $class='row2';
178 
179  $template->assign_block_vars(
180    'picture',
181    array(
182      'WAITING_CLASS'=>$class,
183      'CATEGORY_IMG'=>$cat_names[$row['storage_category_id']]['display_name'],
184      'ID_IMG'=>$row['id'],
185      'DATE_IMG' => date('Y-m-d H:i:s', $row['date']),
186      'FILE_TITLE'=>$row['file'],
187      'FILE_IMG' =>
188        (strlen($row['file']) > 10) ?
189          (substr($row['file'], 0, 10)).'...' : $row['file'],
190      'PREVIEW_URL_IMG'=>$preview_url, 
191      'UPLOAD_EMAIL'=>$row['mail_address'],
192      'UPLOAD_USERNAME'=>$row['username']
193      )
194    );
195
196  // is there an existing associated thumnail ?
197  if ( !empty( $row['tn_ext'] ))
198  {
199    $thumbnail = $conf['prefix_thumbnail'];
200    $thumbnail.= get_filename_wo_extension( $row['file'] );
201    $thumbnail.= '.'.$row['tn_ext'];
202        $url = $cat_names[$row['storage_category_id']]['dir'];
203    $url.= 'thumbnail/'.$thumbnail;
204       
205    $template->assign_block_vars(
206      'picture.thumbnail',
207      array(
208        'PREVIEW_URL_TN_IMG' => $url,
209        'FILE_TN_IMG' =>
210          (strlen($thumbnail) > 10) ?
211            (substr($thumbnail, 0, 10)).'...' : $thumbnail,
212        'FILE_TN_TITLE' => $thumbnail
213        )
214      );
215  }
216
217  array_push($list, $row['id']);
218}
219
220$template->assign_vars(
221  array(
222    'LIST' => implode(',', $list)
223    )
224  );
225 
226//----------------------------------------------------------- sending html code
227$template->assign_var_from_handle('ADMIN_CONTENT', 'waiting');
228?>
Note: See TracBrowser for help on using the repository browser.