Context Navigation

source: extensions/AdminTools/include/events.inc.php @ 25791

Last change on this file since 25791 was 25791, checked in by mistic100, 10 years ago
fix security problem, fix sql fatal error, try to fix display on smartpocket
File size: 7.4 KB

Line
1	<?php
2	defined('ADMINTOOLS_PATH') or die('Hacking attempt!');
3
4	/**
5	* Add main toolbar to current page
6	* @trigger loc_after_page_header
7	*/
8	function admintools_add_public_controller()
9	{
10	global $MultiView, $conf, $template, $page, $user;
11
12	if (!$MultiView->is_admin())
13	{
14	return;
15	}
16
17	$url_root = get_root_url();
18
19	$tpl_vars = array(
20	'U_SITE_ADMIN' => $url_root . 'admin.php?page=',
21	'MULTIVIEW' => $MultiView->get_data(),
22	'U_SELF' => $MultiView->get_clean_url(true),
23	'USER' => $MultiView->get_user(),
24	'CURRENT_USERNAME' => $user['id']==$conf['guest_id'] ? l10n('guest') : $user['username'],
25	'PWG_TOKEN' => get_pwg_token(),
26	);
27
28	// switch_lang is in mail functions file
29	include_once(PHPWG_ROOT_PATH . 'include/functions_mail.inc.php');
30
31	switch_lang_to(get_default_language());
32
33	// TODO : param to allow owner modification
34	if (script_basename() == 'picture')
35	{
36	global $picture;
37
38	include_once(PHPWG_ROOT_PATH . 'admin/include/functions.php');
39
40	$url_self = duplicate_picture_url();
41
42	$tpl_vars['IS_PICTURE'] = true;
43
44	$template->clear_assign(array(
45	'U_SET_AS_REPRESENTATIVE',
46	'U_PHOTO_ADMIN',
47	'U_CADDIE',
48	));
49
50	$template->set_prefilter('picture', 'admintools_remove_privacy');
51
52	$query = '
53	SELECT element_id FROM ' . CADDIE_TABLE . '
54	WHERE element_id = ' . $page['image_id'] .'
55	;';
56	$tpl_vars['IS_IN_CADDIE'] = pwg_db_num_rows(pwg_query($query)) > 0;
57
58	if (isset($page['category']))
59	{
60	$tpl_vars['CATEGORY_ID'] = $page['category']['id'];
61
62	$tpl_vars['U_SET_REPRESENTATIVE'] = add_url_params(
63	$url_self,
64	array('action'=>'set_as_representative')
65	);
66
67	$query = '
68	SELECT id FROM ' . CATEGORIES_TABLE.'
69	WHERE id = ' . $page['category']['id'] .'
70	AND representative_picture_id = ' . $page['image_id'] .'
71	;';
72	$tpl_vars['IS_REPRESENTATIVE'] = pwg_db_num_rows(pwg_query($query)) > 0;
73	}
74
75	$tpl_vars['U_EDIT'] = $url_root . 'admin.php?page=photo-' . $page['image_id']
76	.(isset($page['category']) ? '&cat_id=' . $page['category']['id'] : '');
77
78	$tpl_vars['U_CADDIE'] = add_url_params(
79	$url_self,
80	array('action'=>'add_to_caddie')
81	);
82
83	// gets tags
84	$query = '
85	SELECT id, name
86	FROM '.IMAGE_TAG_TABLE.' AS it
87	JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id
88	WHERE image_id = '.$page['image_id'].'
89	;';
90	$tag_selection = get_taglist($query);
91
92	$query = '
93	SELECT id, name
94	FROM '.TAGS_TABLE.'
95	;';
96	$tags = get_taglist($query, false);
97
98	$tpl_vars['QUICK_EDIT'] = array(
99	'img' => $picture['current']['derivatives']['square']->get_url(),
100	'name' => $picture['current']['name'],
101	'comment' => $picture['current']['comment'],
102	'author' => $picture['current']['author'],
103	'level' => $picture['current']['level'],
104	'date_creation' => substr($picture['current']['date_creation'], 0, 10),
105	'date_creation_time' => substr($picture['current']['date_creation'], 11, 5),
106	'tag_selection' => $tag_selection,
107	'tags' => $tags,
108	);
109	}
110	else if (@$page['section'] == 'categories' and isset($page['category']))
111	{
112	$url_self = duplicate_index_url();
113
114	$tpl_vars['IS_CATEGORY'] = true;
115	$tpl_vars['CATEGORY_ID'] = $page['category']['id'];
116
117	$template->clear_assign(array(
118	'U_EDIT',
119	'U_CADDIE',
120	));
121
122	$tpl_vars['U_EDIT'] = $url_root . 'admin.php?page=album-' . $page['category']['id'];
123
124	if (!empty($page['items']))
125	{
126	$tpl_vars['U_CADDIE'] = add_url_params(
127	$url_self,
128	array('caddie'=>1)
129	);
130	}
131
132	$tpl_vars['QUICK_EDIT'] = array(
133	'img' => null,
134	'name' => $page['category']['name'],
135	'comment' => $page['category']['comment'],
136	);
137
138	if (!empty($page['category']['representative_picture_id']))
139	{
140	$query = '
141	SELECT * FROM '.IMAGES_TABLE.'
142	WHERE id = '. $page['category']['representative_picture_id'] .'
143	;';
144	$image_infos = pwg_db_fetch_assoc(pwg_query($query));
145
146	$tpl_vars['QUICK_EDIT']['img'] = DerivativeImage::get_one(IMG_SQUARE, $image_infos)->get_url();
147	}
148	}
149
150
151	// get users
152	$query = '
153	SELECT
154	'.$conf['user_fields']['id'].' AS id,
155	'.$conf['user_fields']['username'].' AS username
156	FROM '.USERS_TABLE.'
157	ORDER BY CONVERT('.$conf['user_fields']['username'].', CHAR)
158	;';
159	$tpl_vars['USERS'] = simple_hash_from_query($query, 'id', 'username');
160
161	// get themes
162	include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
163	$themes = new themes();
164	foreach (array_keys($themes->db_themes_by_id) as $theme)
165	{
166	if (!empty($theme))
167	{
168	$tpl_vars['THEMES'][$theme] = $theme;
169	}
170	}
171
172	// get languages
173	foreach (get_languages() as $code => $name)
174	{
175	$tpl_vars['LANGS'][$code] = $name;
176	}
177
178
179	$template->assign(array(
180	'ADMINTOOLS_PATH' => ADMINTOOLS_PATH,
181	'ato' => $tpl_vars,
182	));
183
184	$template->set_filename('ato_public_controller', realpath(ADMINTOOLS_PATH . 'template/public_controller.tpl'));
185	$template->parse('ato_public_controller');
186
187	switch_lang_back();
188	}
189
190	/**
191	* Disable privacy level switchbox
192	*/
193	function admintools_remove_privacy($content)
194	{
195	$search = '{if $display_info.privacy_level and isset($available_permission_levels)}';
196	$replace = '{if false}';
197	return str_replace($search, $replace, $content);
198	}
199
200	/**
201	* Save picture form
202	* @trigger loc_begin_picture
203	*/
204	function admintools_save_picture()
205	{
206	global $page, $conf, $MultiView;
207
208	if (!$MultiView->is_admin())
209	{
210	return;
211	}
212
213	if (isset($_GET['delete']) and get_pwg_token()==@$_GET['pwg_token'])
214	{
215	include_once(PHPWG_ROOT_PATH . 'admin/include/functions.php');
216
217	delete_elements(array($page['image_id']), true);
218	invalidate_user_cache();
219
220	if (isset($page['category']))
221	{
222	redirect(
223	make_index_url(
224	array(
225	'category' => $page['category']
226	)
227	)
228	);
229	}
230
231	redirect(make_index_url());
232	}
233
234	if (@$_POST['action'] == 'quick_edit')
235	{
236	include_once(PHPWG_ROOT_PATH . 'admin/include/functions.php');
237
238	$data = array(
239	'name' => $_POST['name'],
240	'author' => $_POST['author'],
241	'level' => $_POST['level'],
242	);
243
244	if ($conf['allow_html_descriptions'])
245	{
246	$data['comment'] = @$_POST['comment'];
247	}
248	else
249	{
250	$data['comment'] = strip_tags(@$_POST['comment']);
251	}
252
253	if (!empty($_POST['date_creation']) and strtotime($_POST['date_creation']) !== false)
254	{
255	$data['date_creation'] = $_POST['date_creation'] .' '. $_POST['date_creation_time'];
256	}
257
258	single_update(
259	IMAGES_TABLE,
260	$data,
261	array('id' => $page['image_id'])
262	);
263
264	$tag_ids = array();
265	if (!empty($_POST['tags']))
266	{
267	$tag_ids = get_tag_ids($_POST['tags']);
268	}
269	set_tags($tag_ids, $page['image_id']);
270	}
271	}
272
273	/**
274	* Save category form
275	* @trigger loc_begin_index
276	*/
277	function admintools_save_category()
278	{
279	global $page, $conf, $MultiView;
280
281	if (!$MultiView->is_admin())
282	{
283	return;
284	}
285
286	if (@$_POST['action'] == 'quick_edit')
287	{
288	$data = array(
289	'name' => $_POST['name'],
290	);
291
292	if ($conf['allow_html_descriptions'])
293	{
294	$data['comment'] = @$_POST['comment'];
295	}
296	else
297	{
298	$data['comment'] = strip_tags(@$_POST['comment']);
299	}
300
301	single_update(
302	CATEGORIES_TABLE,
303	$data,
304	array('id' => $page['category']['id'])
305	);
306
307	redirect(duplicate_index_url());
308	}
309	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: