source: extensions/Icy_Picture_Modify/icy_picture_modify.php @ 27153

Last change on this file since 27153 was 16495, checked in by icy, 12 years ago

Version 2.0.0, advance ACL . Code copied from git/master.

I could not use merging with git svn . Stupidly copy-&-paste ;)

File size: 19.0 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25if (!defined('ICY_PICTURE_MODIFY_PATH')) die('Hacking attempt!');
26
27require_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
28require_once(ICY_PICTURE_MODIFY_PATH.'include/functions_icy_picture_modify.inc.php');
29
30// <ADMIN_ONLY>
31if (is_admin())
32{
33  if (icy_image_exists($_GET['image_id']))
34  {
35    $url = get_root_url().'admin.php?page=picture_modify';
36    $url.= '&amp;image_id='.$_GET['image_id'];
37    $url.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
38    // FIXME: What happens if a POST data were sent within admin uid?
39    redirect_http($url);
40  }
41  else
42  {
43    // FIXME: language support ^^
44    bad_request('invalid picture identifier');
45  }
46}
47// </ADMIN_ONLY>
48
49global $template, $conf, $user, $page, $lang, $cache, $ICY_ACL;
50
51// <load_from_admin.php>
52$page['errors'] = array();
53$page['infos']  = array();
54$page['warnings']  = array();
55// </load_from_admin.php>
56
57#! icy_log("body from icy_picture_modify.php");
58icy_acl_load_configuration();
59
60// +-----------------------------------------------------------------------+
61// |                             check permission                          |
62// +-----------------------------------------------------------------------+
63
64// <CHECK_IF_IMAGE_ID_IS_VALID>
65// redirect users to the index page or category page if 'image_id' isn't provided
66if (!isset($_GET['image_id']))
67{
68  if (isset($_GET['cat_id']))
69  {
70    redirect_http(get_root_url().'?/category/'.$_GET['cat_id']);
71  }
72  else
73  {
74    // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
75    redirect_http(make_index_url());
76  }
77}
78// </CHECK_IF_IMAGE_ID_IS_VALID>
79
80// FIXME: check and then !?
81check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
82check_input_parameter('image_id', $_GET, false, PATTERN_ID);
83
84// Return if the image isn't editable
85if (!icy_acl("edit_image_of", $_GET['image_id'], icy_get_user_owner_of_image($_GET['image_id'])))
86{
87  $url = make_picture_url(
88      array(
89        'image_id' => $_GET['image_id'],
90        'cat_id' => isset($_GET['cat_id']) ? $_GET['cat_id'] : ""
91      )
92    );
93  // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
94  redirect_http($url);
95}
96
97// Update the page sessions
98// FIXME: why?
99if (isset($_SESSION['page_infos']))
100{
101  $page['infos'] = array_merge($page['infos'], $_SESSION['page_infos']);
102  unset($_SESSION['page_infos']);
103}
104
105// <find writable categories>
106$my_categories = array();
107// FIXME: delete this line ^^
108$my_categories = array_from_query('SELECT category_id FROM '
109                        .IMAGE_CATEGORY_TABLE.';', 'category_id');
110
111// +-----------------------------------------------------------------------+
112// |                             delete photo                              |
113// +-----------------------------------------------------------------------+
114
115// ACTION => :delete_image
116
117if (isset($_GET['delete'])
118      and icy_acl("delete_image_of",
119            $_GET['image_id'],
120            icy_get_user_owner_of_image($_GET['image_id'])))
121{
122  check_pwg_token();
123
124  delete_elements(array($_GET['image_id']), true);
125
126  invalidate_user_cache();
127
128  // where to redirect the user now?
129  //
130  // 1. if a category is available in the URL, use it
131  // 2. else use the first reachable linked category
132  // 3. redirect to gallery root
133
134  if (isset($_GET['cat_id']) and !empty($_GET['cat_id']))
135  {
136    redirect(
137      make_index_url(
138        array(
139          'category' => get_cat_info($_GET['cat_id'])
140          )
141        )
142      );
143  }
144
145  $query = '
146SELECT category_id
147  FROM '.IMAGE_CATEGORY_TABLE.'
148  WHERE image_id = '.$_GET['image_id'].'
149;';
150
151  $authorizeds = array_intersect($my_categories,
152    array_from_query($query, 'category_id'));
153
154  foreach ($authorizeds as $category_id)
155  {
156    redirect(
157      make_index_url(
158        array(
159          'category' => get_cat_info($category_id)
160          )
161        )
162      );
163  }
164
165  redirect(make_index_url());
166}
167
168// +-----------------------------------------------------------------------+
169// |                          synchronize metadata                         |
170// +-----------------------------------------------------------------------+
171
172// ACTION => synchronize_image_metadata
173// This includes other sub-actions and other permissions
174//  (tag update, timestamp updated, ...)
175
176if (version_compare(PHPWG_VERSION, '2.4.0', '<')
177    and isset($_GET['sync_metadata']))
178{
179  $query = '
180SELECT path
181  FROM '.IMAGES_TABLE.'
182  WHERE id = '.$_GET['image_id'].'
183;';
184  list($path) = pwg_db_fetch_row(pwg_query($query));
185  update_metadata(array($_GET['image_id'] => $path));
186
187  array_push($page['infos'], l10n('Metadata synchronized from file'));
188}
189
190// +-----------------------------------------------------------------------+
191// |                          update informations                          |
192// +-----------------------------------------------------------------------+
193
194// first, we verify whether there is a mistake on the given creation date
195if (isset($_POST['date_creation_action'])
196    and 'set' == $_POST['date_creation_action'])
197{
198  if (!is_numeric($_POST['date_creation_year'])
199    or !checkdate(
200          $_POST['date_creation_month'],
201          $_POST['date_creation_day'],
202          $_POST['date_creation_year'])
203    )
204  {
205    array_push($page['errors'], l10n('wrong date'));
206  }
207}
208
209if (isset($_POST['submit']) and count($page['errors']) == 0)
210{
211  $data = array();
212  $data{'id'} = $_GET['image_id'];
213  $data{'name'} = $_POST['name'];
214  $data{'author'} = $_POST['author'];
215  $data['level'] = $_POST['level'];
216
217  if ($conf['allow_html_descriptions'])
218  {
219    $data{'comment'} = @$_POST['description'];
220  }
221  else
222  {
223    $data{'comment'} = strip_tags(@$_POST['description']);
224  }
225
226  if (isset($_POST['date_creation_action']))
227  {
228    if ('set' == $_POST['date_creation_action'])
229    {
230      $data{'date_creation'} = $_POST['date_creation_year']
231                                 .'-'.$_POST['date_creation_month']
232                                 .'-'.$_POST['date_creation_day'];
233    }
234    else if ('unset' == $_POST['date_creation_action'])
235    {
236      $data{'date_creation'} = '';
237    }
238  }
239
240  // FIXME: why mass_updates here ? Used with a simple array?
241  mass_updates(
242    IMAGES_TABLE,
243    array(
244      'primary' => array('id'),
245      'update' => array_diff(array_keys($data), array('id'))
246      ),
247    array($data)
248    );
249
250  // time to deal with tags
251  $tag_ids = array();
252  if (!empty($_POST['tags']))
253  {
254    $tag_ids = get_tag_ids($_POST['tags']);
255  }
256  set_tags($tag_ids, $_GET['image_id']);
257
258  array_push($page['infos'], l10n('Photo informations updated'));
259}
260
261// +-----------------------------------------------------------------------+
262// |                              associate                                |
263// +-----------------------------------------------------------------------+
264// associate the element to other categories than its storage category
265//
266
267// SUB-ACTION => associate_image_to_gallery
268
269if (isset($_POST['associate'])
270    and isset($_POST['cat_dissociated'])
271    and (count($_POST['cat_dissociated']) > 0)
272  )
273{
274  $_categories = array_intersect($_POST['cat_dissociated'],
275                    icy_acl_get_categories("associate_image_to"));
276  //! $_categories = array_filter($_categories,
277  //!    create_function('$item', 'return icy_acl("associate_image_to", $item);'));
278
279  associate_images_to_categories(array($_GET['image_id']), $_categories);
280  invalidate_user_cache();
281}
282
283// SUB-ACTION => dissociate_image_from_gallery
284
285// dissociate the element from categories (but not from its storage category)
286if (isset($_POST['dissociate'])
287    and isset($_POST['cat_associated'])
288    and count($_POST['cat_associated']) > 0
289  )
290{
291
292  $_categories = array_intersect($_POST['cat_associated'],
293                    icy_acl_get_categories("associate_image_to"));
294  //! $_categories = array_filter($_categories,
295  //!    create_function('$item', 'return icy_acl("associate_image_to", $item);'));
296
297  $query = '
298DELETE FROM '.IMAGE_CATEGORY_TABLE.'
299  WHERE image_id = '.$_GET['image_id'].'
300    AND category_id IN (0'.join(',', $_categories).')
301';
302
303  pwg_query($query);
304  update_category($_categories);
305  invalidate_user_cache();
306}
307
308// +-----------------------------------------------------------------------+
309// |                              representation                           |
310// +-----------------------------------------------------------------------+
311
312// SUB-ACTION => select the element to represent the given categories
313// FIXME: select or elect?
314
315if (isset($_POST['elect'])
316    and isset($_POST['cat_dismissed'])
317    and count($_POST['cat_dismissed']) > 0
318  )
319{
320  $datas = array();
321  $arr_dimissed = array_intersect($_POST['cat_dismissed'],
322                        icy_acl_get_categories("present_image_to"));
323
324  if (count($arr_dimissed) > 0)
325  {
326    foreach ($arr_dimissed as $category_id)
327    {
328      array_push($datas,
329                 array('id' => $category_id,
330                       'representative_picture_id' => $_GET['image_id']));
331    }
332    $fields = array('primary' => array('id'),
333                    'update' => array('representative_picture_id'));
334    mass_updates(CATEGORIES_TABLE, $fields, $datas);
335    invalidate_user_cache();
336  }
337}
338
339// SUB-ACTION => dismiss the element as representant of the given categories
340
341if (isset($_POST['dismiss'])
342    and isset($_POST['cat_elected'])
343    and count($_POST['cat_elected']) > 0
344  )
345{
346  $arr_dismiss = array_intersect($_POST['cat_elected'],
347                        icy_acl_get_categories("present_image_to"));
348  if (count($arr_dismiss) > 0)
349  {
350    set_random_representant($arr_dismiss);
351    invalidate_user_cache();
352  }
353}
354
355// +-----------------------------------------------------------------------+
356// |                             tagging support                           |
357// +-----------------------------------------------------------------------+
358
359// FIXME: tag is always updatable?
360
361if (version_compare(PHPWG_VERSION, '2.2.5', '<')) {
362  $q_tag_selection = "tag_id, name AS tag_name";
363  $q_tags = 'id AS tag_id, name AS tag_name';
364}
365else {
366  $q_tag_selection = "tag_id AS id, name";
367  $q_tags = 'id, name';
368}
369
370$query = '
371SELECT
372    '.$q_tag_selection.'
373  FROM '.IMAGE_TAG_TABLE.' AS it
374    JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id
375  WHERE image_id = '.$_GET['image_id'].'
376;';
377$tag_selection = get_taglist($query);
378
379$query = '
380SELECT
381    '.$q_tags.'
382  FROM '.TAGS_TABLE.'
383;';
384$tags = get_taglist($query);
385
386// retrieving direct information about picture
387$query = '
388SELECT *
389  FROM '.IMAGES_TABLE.'
390  WHERE id = '.$_GET['image_id'].'
391;';
392$row = pwg_db_fetch_assoc(pwg_query($query));
393
394// the physical storage directory contains the image
395$storage_category_id = null;
396if (!empty($row['storage_category_id']))
397{
398  $storage_category_id = $row['storage_category_id'];
399}
400
401$image_file = $row['file'];
402
403// +-----------------------------------------------------------------------+
404// |                             template init                             |
405// +-----------------------------------------------------------------------+
406
407$template->set_template_dir(ICY_PICTURE_MODIFY_PATH.'template/');
408$template->set_filenames(array('icy_picture_modify' => 'icy_picture_modify.tpl'));
409
410$admin_url_start = get_root_url().'index.php?/icy_picture_modify';
411$admin_url_start.= '&amp;image_id='.$_GET['image_id'];
412$admin_url_start.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
413
414$template->assign(
415  array(
416    'ICY_PICTURE_MODIFY_PATH' => ICY_PICTURE_MODIFY_PATH,
417    'ICY_ROOT_PATH' => realpath(dirname(PHPWG_PLUGINS_PATH)),
418    'tag_selection' => $tag_selection,
419    'tags' => $tags,
420
421    'PATH'=>$row['path'],
422
423    'TN_SRC' => get_thumbnail_url($row),
424
425    'NAME' =>
426      isset($_POST['name']) ?
427        stripslashes($_POST['name']) : @$row['name'],
428
429    'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
430
431    'FILESIZE' => @$row['filesize'].' KB',
432
433    'REGISTRATION_DATE' => format_date($row['date_available']),
434
435    'AUTHOR' => htmlspecialchars(
436      isset($_POST['author'])
437        ? stripslashes($_POST['author'])
438        : @$row['author']
439      ),
440
441    'DESCRIPTION' =>
442      htmlspecialchars( isset($_POST['description']) ?
443        stripslashes($_POST['description']) : @$row['comment'] ),
444    )
445  );
446
447if (version_compare(PHPWG_VERSION, '2.4.0', '<')) {
448  $template->assign(
449    array(
450      'U_SYNC' => $admin_url_start.'&amp;sync_metadata=1',
451      'F_ACTION' => get_root_url() . get_query_string_diff(array('sync_metadata'))
452    )
453  );
454}
455
456if (icy_image_deletable($_GET['image_id'])) {
457  $template->assign(
458    'U_DELETE', $admin_url_start.'&amp;delete=1&amp;pwg_token='.get_pwg_token()
459  );
460}
461
462if (array_key_exists('has_high', $row) and $row['has_high'] == 'true')
463{
464  $template->assign(
465    'HIGH_FILESIZE',
466    isset($row['high_filesize'])
467        ? $row['high_filesize'].' KB'
468        : l10n('unknown')
469    );
470}
471
472// image level options
473$selected_level = isset($_POST['level']) ? $_POST['level'] : $row['level'];
474$template->assign(
475    array(
476      'level_options'=> get_privacy_level_options(),
477      'level_options_selected' => array($selected_level)
478    )
479  );
480
481// creation date
482unset($day, $month, $year);
483
484if (isset($_POST['date_creation_action'])
485    and 'set' == $_POST['date_creation_action'])
486{
487  foreach (array('day', 'month', 'year') as $varname)
488  {
489    $$varname = $_POST['date_creation_'.$varname];
490  }
491}
492else if (isset($row['date_creation']) and !empty($row['date_creation']))
493{
494  list($year, $month, $day) = explode('-', $row['date_creation']);
495}
496else
497{
498  list($year, $month, $day) = array('', 0, 0);
499}
500
501
502$month_list = $lang['month'];
503$month_list[0]='------------';
504ksort($month_list);
505
506$template->assign(
507    array(
508      'DATE_CREATION_DAY_VALUE' => $day,
509      'DATE_CREATION_MONTH_VALUE' => $month,
510      'DATE_CREATION_YEAR_VALUE' => $year,
511      'month_list' => $month_list,
512      )
513    );
514
515$query = '
516SELECT category_id, uppercats
517  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
518    INNER JOIN '.CATEGORIES_TABLE.' AS c
519      ON c.id = ic.category_id
520  WHERE image_id = '.$_GET['image_id'].'
521;';
522$result = pwg_query($query);
523
524while ($row = pwg_db_fetch_assoc($result))
525{
526  $name =
527    get_cat_display_name_cache(
528      $row['uppercats'],
529      get_root_url().'index.php?/icy_picture_modify&amp;cat_id=',
530      false
531      );
532
533  if ($row['category_id'] == $storage_category_id)
534  {
535    $template->assign('STORAGE_CATEGORY', $name);
536  }
537  else
538  {
539    $template->append('related_categories', $name);
540  }
541}
542
543// jump to link
544//
545// 1. find all linked categories that are reachable for the current user.
546// 2. if a category is available in the URL, use it if reachable
547// 3. if URL category not available or reachable, use the first reachable
548//    linked category
549// 4. if no category reachable, no jumpto link
550
551$query = '
552SELECT category_id
553  FROM '.IMAGE_CATEGORY_TABLE.'
554  WHERE image_id = '.$_GET['image_id'].'
555;';
556
557// list of categories (OF THIS IMAGE) to which the user can access
558$authorizeds = array_intersect($my_categories,
559  array_from_query($query, 'category_id'));
560
561// if current category belongs to list of authorized categories
562// we simply provide link to that category
563if (isset($_GET['cat_id'])
564    and in_array($_GET['cat_id'], $authorizeds))
565{
566  $url_img = make_picture_url(
567    array(
568      'image_id' => $_GET['image_id'],
569      'image_file' => $image_file,
570      'category' => $cache['cat_names'][ $_GET['cat_id'] ],
571      )
572    );
573}
574// otherwise we provide links to the *first* category in the list
575else
576{
577  foreach ($authorizeds as $category)
578  {
579    $url_img = make_picture_url(
580      array(
581        'image_id' => $_GET['image_id'],
582        'image_file' => $image_file,
583        'category' => $cache['cat_names'][ $category ],
584        )
585      );
586    // FIXME: why the first category is selected?
587    break;
588  }
589}
590
591if (isset($url_img))
592{
593  $template->assign( 'U_JUMPTO', $url_img );
594}
595
596$_categories = icy_acl_get_categories("associate_image_to");
597// Select list of categories this image is associcated to
598$query = '
599SELECT id,name,uppercats,global_rank
600  FROM '.CATEGORIES_TABLE.'
601    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
602  WHERE image_id = '.$_GET['image_id'] . '
603    AND id IN (0'.join(",",$_categories).')';
604// FIMXE: if the image belongs to a physical storage,
605// FIXME: we simply ignore that storage album
606if (isset($storage_category_id))
607{
608  $query.= '
609    AND id != '.$storage_category_id;
610}
611$query.= '
612;';
613display_select_cat_wrapper($query, array(), 'associated_options');
614
615$result = pwg_query($query);
616$associateds = array(-1);
617if (isset($storage_category_id))
618{
619  array_push($associateds, $storage_category_id);
620}
621while ($row = pwg_db_fetch_assoc($result))
622{
623  array_push($associateds, $row['id']);
624}
625  // FIXME: Also display some forbidden presentations
626$query = '
627SELECT id,name,uppercats,global_rank
628  FROM '.CATEGORIES_TABLE.'
629  WHERE id NOT IN ('.implode(',', $associateds).')
630  AND id IN (0'.join(",", $_categories).')
631;';
632display_select_cat_wrapper($query, array(), 'dissociated_options');
633
634// display list of categories for representing
635$_categories = icy_acl_get_categories("present_image_to");
636$query = '
637SELECT id,name,uppercats,global_rank
638  FROM '.CATEGORIES_TABLE.'
639  WHERE representative_picture_id = '.$_GET['image_id'].'
640    AND id IN (0'. join(",", $_categories).')
641;';
642display_select_cat_wrapper($query, array(), 'elected_options');
643$query = '
644SELECT id,name,uppercats,global_rank
645  FROM '.CATEGORIES_TABLE.'
646  WHERE id IN (0'. join(",", $_categories).')
647    AND (representative_picture_id != '.$_GET['image_id'].'
648    OR representative_picture_id IS NULL)
649;';
650display_select_cat_wrapper($query, array(), 'dismissed_options');
651
652//----------------------------------------------------------- sending html code
653
654$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'icy_picture_modify');
655
656?>
Note: See TracBrowser for help on using the repository browser.