source: extensions/community/add_photos.php @ 9450

Last change on this file since 9450 was 9450, checked in by plg, 13 years ago

bug fixed: on a fresh installation, if you have never opened the admin upload form, upload configuration (resize options) are not defined
File size: 10.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25
26global $template, $conf, $user;
27
28include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
29include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
30include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
31
32define('PHOTOS_ADD_BASE_URL', make_index_url(array('section' => 'add_photos')));
33
34prepare_upload_configuration();
35
36$user_permissions = community_get_user_permissions($user['id']);
37
38// +-----------------------------------------------------------------------+
39// |                             process form                              |
40// +-----------------------------------------------------------------------+
41
42$page['errors'] = array();
43$page['infos'] = array();
44$_POST['level'] = 16;
45
46if (isset($_GET['processed']))
47{
48  $hacking_attempt = false;
49 
50  if ('existing' == $_POST['category_type'])
51  {
52    // is the user authorized to upload in this album?
53    if (!$user_permissions['upload_whole_gallery'])
54    {
55      if (!in_array($_POST['category'], $user_permissions['upload_categories']))
56      {
57        echo 'Hacking attempt, you have no permission to upload in this album';
58        $hacking_attempt = true;
59      }
60    }
61  }
62  elseif ('new' == $_POST['category_type'])
63  {
64    if (!$user_permissions['create_whole_gallery'])
65    {
66      if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
67      {
68        echo 'Hacking attempt, you have no permission to create this album';
69        $hacking_attempt = true;
70      }
71    }
72  }
73
74  if ($hacking_attempt)
75  {
76    if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
77    {
78      delete_elements($_SESSION['uploads'][ $_POST['upload_id'] ], true);
79    }
80    exit();
81  }
82}
83
84include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_process.inc.php');
85
86if (isset($image_ids) and count($image_ids) > 0)
87{
88  // reinitialize the informations to display on the result page
89  $page['infos'] = array();
90 
91  // $category_id is set in the photos_add_direct_process.inc.php included script
92  $category_infos = get_cat_info($category_id);
93  $category_name = get_cat_display_name($category_infos['upper_names']);
94
95  array_push(
96    $page['infos'],
97    sprintf(
98      l10n('%d photos uploaded into album "%s"'),
99      count($page['thumbnails']),
100      '<em>'.$category_name.'</em>'
101      )
102    );
103
104  // should the photos be moderated?
105  //
106  // if one of the user community permissions is not moderated on the path
107  // to gallery root, then the upload is not moderated. For example, if the
108  // user is allowed to upload to events/parties with no admin moderation,
109  // then he's not moderated when uploading in
110  // events/parties/happyNewYear2011
111  $moderate = true;
112  if (is_admin())
113  {
114    $moderate = false;
115  }
116  else
117  { 
118    $query = '
119SELECT
120    cp.category_id,
121    c.uppercats
122  FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
123    LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
124  WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
125    AND cp.moderated = \'false\'
126;';
127    $result = pwg_query($query);
128    while ($row = pwg_db_fetch_assoc($result))
129    {
130      if (empty($row['category_id']))
131      {
132        $moderate = false;
133      }
134      elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats']))
135      {
136        $moderate = false;
137      }
138    }
139  }
140 
141  if ($moderate)
142  {
143    $inserts = array();
144
145    $query = '
146SELECT
147    id,
148    date_available
149  FROM '.IMAGES_TABLE.'
150  WHERE id IN ('.implode(',', $image_ids).')
151;';
152    $result = pwg_query($query);
153    while ($row = pwg_db_fetch_assoc($result))
154    {
155      array_push(
156        $inserts,
157        array(
158          'image_id' => $row['id'],
159          'added_on' => $row['date_available'],
160          'state' => 'moderation_pending',
161          )
162        );
163    }
164   
165    mass_inserts(
166      COMMUNITY_PENDINGS_TABLE,
167      array_keys($inserts[0]),
168      $inserts
169      );
170
171    // the link on thumbnail must go to the websize photo
172    foreach ($page['thumbnails'] as $idx => $thumbnail)
173    {
174      $page['thumbnails'][$idx]['link'] = str_replace(
175        'thumbnail/'.$conf['prefix_thumbnail'],
176        '',
177        $thumbnail['src']
178        );
179    }
180
181    array_push(
182      $page['infos'],
183      l10n('Your photos are waiting for validation, administrators have been notified')
184      );
185  }
186  else
187  {
188    // we have to change the level.
189    //
190    // the level must equal the minimum level between :
191    // * the privacy level of the uploader
192    // * the minimum level for photos in the same album
193    $category_min_level = null;
194   
195    $query = '
196SELECT
197    image_id,
198    level
199  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
200    JOIN '.IMAGES_TABLE.' AS i ON ic.image_id = i.id
201  WHERE category_id = '.$category_id.'
202;';
203    $result = pwg_query($query);
204    while ($row = pwg_db_fetch_assoc($result))
205    {
206      if (in_array($row['image_id'], $image_ids))
207      {
208        continue;
209      }
210
211      if (!isset($category_min_level))
212      {
213        $category_min_level = $row['level'];
214      }
215
216      if ($row['level'] < $category_min_level)
217      {
218        $category_min_level = $row['level'];
219      }
220    }
221
222    if (!isset($category_min_level))
223    {
224      $category_min_level = 0;
225    }
226
227    $level = min($category_min_level, $user['level']);
228
229    $query = '
230UPDATE '.IMAGES_TABLE.'
231  SET level = '.$level.'
232  WHERE id IN ('.implode(',', $image_ids).')
233;';
234    pwg_query($query);
235
236    // the link on thumbnail must go to picture.php
237    foreach ($page['thumbnails'] as $idx => $thumbnail)
238    {
239      if (preg_match('/image_id=(\d+)/', $thumbnail['link'], $matches))
240      {
241        $page['thumbnails'][$idx]['link'] = make_picture_url(
242          array(
243            'image_id' => $matches[1],
244            'image_file' => $thumbnail['file'],
245            'category' => $category_infos,
246            )
247          );
248      }
249    }
250  }
251
252  invalidate_user_cache();
253
254  // let's notify administrators
255  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
256
257  $keyargs_content = array(
258    get_l10n_args('Hi administrators,', ''),
259    get_l10n_args('', ''),
260    get_l10n_args('Album: %s', get_cat_display_name($category_infos['upper_names'], null, false)),
261    get_l10n_args('User: %s', $user['username']),
262    get_l10n_args('Email: %s', $user['email']),
263    );
264
265  if ($moderate)
266  {
267    $keyargs_content[] = get_l10n_args('', '');
268   
269    array_push(
270      $keyargs_content,
271      get_l10n_args(
272        'Validation page: %s',
273        get_absolute_root_url().'admin.php?page=plugin-community-pendings'
274        )
275      );
276  }
277
278  pwg_mail_notification_admins(
279    get_l10n_args('%d photos uploaded by %s', array(count($image_ids), $user['username'])),
280    $keyargs_content,
281    false
282    );
283}
284
285// +-----------------------------------------------------------------------+
286// |                             prepare form                              |
287// +-----------------------------------------------------------------------+
288
289$template->set_filenames(array('add_photos' => dirname(__FILE__).'/add_photos.tpl'));
290
291include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
292
293if (!$user_permissions['upload_whole_gallery'])
294{
295  // we have to change the list of uploadable albums
296  $query = '
297SELECT id,name,uppercats,global_rank
298  FROM '.CATEGORIES_TABLE.'
299  WHERE id IN ('.implode(',', $user_permissions['upload_categories']).')
300;';
301
302  display_select_cat_wrapper(
303    $query,
304    $selected_category,
305    'category_options'
306    );
307}
308
309$create_subcategories = false;
310
311if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0)
312{
313  $create_subcategories = true;
314  $category_ids = null;
315 
316  $query = '
317SELECT id,name,uppercats,global_rank
318  FROM '.CATEGORIES_TABLE;
319 
320  if (!$user_permissions['create_whole_gallery'])
321  {
322    $query.= '
323  WHERE id IN ('.implode(',', $user_permissions['create_categories']).')';
324  }
325
326  $query.= '
327;';
328
329  display_select_cat_wrapper(
330    $query,
331    $selected_category,
332    'category_parent_options'
333    );
334}
335
336$template->assign(
337  array(
338    'create_subcategories' => $create_subcategories,
339    'create_whole_gallery' => $user_permissions['create_whole_gallery'],
340    )
341  );
342
343
344// +-----------------------------------------------------------------------+
345// |                             display page                              |
346// +-----------------------------------------------------------------------+
347
348if (count($page['errors']) != 0)
349{
350  $template->assign('errors', $page['errors']);
351}
352
353if (count($page['infos']) != 0)
354{
355  $template->assign('infos', $page['infos']);
356}
357
358$title = l10n('Upload Photos');
359$page['body_id'] = 'theUploadPage';
360// include(PHPWG_ROOT_PATH.'include/page_header.php');
361// $template->pparse('add_photos');
362// include(PHPWG_ROOT_PATH.'include/page_tail.php');
363
364$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
365
366$template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED'));
367
368$template->assign(
369  array(
370    'TITLE' => '<a href="'.get_gallery_home_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].$title,
371    )
372  );
373?>
Note: See TracBrowser for help on using the repository browser.