Context Navigation

source: extensions/community/add_photos.php @ 9504

Last change on this file since 9504 was 9504, checked in by plg, 13 years ago
let's make it simpler : a user uploaded photo with no admin moderation can be seen by anyone (level = 0)
File size: 9.2 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25
26	global $template, $conf, $user;
27
28	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
30	include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
31
32	define('PHOTOS_ADD_BASE_URL', make_index_url(array('section' => 'add_photos')));
33
34	prepare_upload_configuration();
35
36	$user_permissions = community_get_user_permissions($user['id']);
37
38	// +-----------------------------------------------------------------------+
39	// \| process form \|
40	// +-----------------------------------------------------------------------+
41
42	$page['errors'] = array();
43	$page['infos'] = array();
44	$_POST['level'] = 16;
45
46	if (isset($_GET['processed']))
47	{
48	$hacking_attempt = false;
49
50	if ('existing' == $_POST['category_type'])
51	{
52	// is the user authorized to upload in this album?
53	if (!in_array($_POST['category'], $user_permissions['upload_categories']))
54	{
55	echo 'Hacking attempt, you have no permission to upload in this album';
56	$hacking_attempt = true;
57	}
58	}
59	elseif ('new' == $_POST['category_type'])
60	{
61	if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
62	{
63	echo 'Hacking attempt, you have no permission to create this album';
64	$hacking_attempt = true;
65	}
66	}
67
68	if ($hacking_attempt)
69	{
70	if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
71	{
72	delete_elements($_SESSION['uploads'][ $_POST['upload_id'] ], true);
73	}
74	exit();
75	}
76	}
77
78	include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_process.inc.php');
79
80	if (isset($image_ids) and count($image_ids) > 0)
81	{
82	// reinitialize the informations to display on the result page
83	$page['infos'] = array();
84
85	// $category_id is set in the photos_add_direct_process.inc.php included script
86	$category_infos = get_cat_info($category_id);
87	$category_name = get_cat_display_name($category_infos['upper_names']);
88
89	array_push(
90	$page['infos'],
91	sprintf(
92	l10n('%d photos uploaded into album "%s"'),
93	count($page['thumbnails']),
94	'<em>'.$category_name.'</em>'
95	)
96	);
97
98	// should the photos be moderated?
99	//
100	// if one of the user community permissions is not moderated on the path
101	// to gallery root, then the upload is not moderated. For example, if the
102	// user is allowed to upload to events/parties with no admin moderation,
103	// then he's not moderated when uploading in
104	// events/parties/happyNewYear2011
105	$moderate = true;
106	if (is_admin())
107	{
108	$moderate = false;
109	}
110	else
111	{
112	$query = '
113	SELECT
114	cp.category_id,
115	c.uppercats
116	FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
117	LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
118	WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
119	AND cp.moderated = \'false\'
120	;';
121	$result = pwg_query($query);
122	while ($row = pwg_db_fetch_assoc($result))
123	{
124	if (empty($row['category_id']))
125	{
126	$moderate = false;
127	}
128	elseif (preg_match('/^'.$row['uppercats'].'(,\|$)/', $category_infos['uppercats']))
129	{
130	$moderate = false;
131	}
132	}
133	}
134
135	if ($moderate)
136	{
137	$inserts = array();
138
139	$query = '
140	SELECT
141	id,
142	date_available
143	FROM '.IMAGES_TABLE.'
144	WHERE id IN ('.implode(',', $image_ids).')
145	;';
146	$result = pwg_query($query);
147	while ($row = pwg_db_fetch_assoc($result))
148	{
149	array_push(
150	$inserts,
151	array(
152	'image_id' => $row['id'],
153	'added_on' => $row['date_available'],
154	'state' => 'moderation_pending',
155	)
156	);
157	}
158
159	mass_inserts(
160	COMMUNITY_PENDINGS_TABLE,
161	array_keys($inserts[0]),
162	$inserts
163	);
164
165	// the link on thumbnail must go to the websize photo
166	foreach ($page['thumbnails'] as $idx => $thumbnail)
167	{
168	$page['thumbnails'][$idx]['link'] = str_replace(
169	'thumbnail/'.$conf['prefix_thumbnail'],
170	'',
171	$thumbnail['src']
172	);
173	}
174
175	array_push(
176	$page['infos'],
177	l10n('Your photos are waiting for validation, administrators have been notified')
178	);
179	}
180	else
181	{
182	// the level of a user upload photo with no moderation is 0
183	$query = '
184	UPDATE '.IMAGES_TABLE.'
185	SET level = 0
186	WHERE id IN ('.implode(',', $image_ids).')
187	;';
188	pwg_query($query);
189
190	// the link on thumbnail must go to picture.php
191	foreach ($page['thumbnails'] as $idx => $thumbnail)
192	{
193	if (preg_match('/image_id=(\d+)/', $thumbnail['link'], $matches))
194	{
195	$page['thumbnails'][$idx]['link'] = make_picture_url(
196	array(
197	'image_id' => $matches[1],
198	'image_file' => $thumbnail['file'],
199	'category' => $category_infos,
200	)
201	);
202	}
203	}
204	}
205
206	invalidate_user_cache();
207
208	// let's notify administrators
209	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
210
211	$keyargs_content = array(
212	get_l10n_args('Hi administrators,', ''),
213	get_l10n_args('', ''),
214	get_l10n_args('Album: %s', get_cat_display_name($category_infos['upper_names'], null, false)),
215	get_l10n_args('User: %s', $user['username']),
216	get_l10n_args('Email: %s', $user['email']),
217	);
218
219	if ($moderate)
220	{
221	$keyargs_content[] = get_l10n_args('', '');
222
223	array_push(
224	$keyargs_content,
225	get_l10n_args(
226	'Validation page: %s',
227	get_absolute_root_url().'admin.php?page=plugin-community-pendings'
228	)
229	);
230	}
231
232	pwg_mail_notification_admins(
233	get_l10n_args('%d photos uploaded by %s', array(count($image_ids), $user['username'])),
234	$keyargs_content,
235	false
236	);
237	}
238
239	// +-----------------------------------------------------------------------+
240	// \| prepare form \|
241	// +-----------------------------------------------------------------------+
242
243	$template->set_filenames(array('add_photos' => dirname(__FILE__).'/add_photos.tpl'));
244
245	include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
246
247	// we have to change the list of uploadable albums
248	$query = '
249	SELECT id,name,uppercats,global_rank
250	FROM '.CATEGORIES_TABLE.'
251	WHERE id IN ('.implode(',', $user_permissions['upload_categories']).')
252	;';
253
254	display_select_cat_wrapper(
255	$query,
256	$selected_category,
257	'category_options'
258	);
259
260	$create_subcategories = false;
261
262	if (count($user_permissions['create_categories']) > 0)
263	{
264	$create_subcategories = true;
265	$category_ids = null;
266
267	$query = '
268	SELECT id,name,uppercats,global_rank
269	FROM '.CATEGORIES_TABLE.'
270	WHERE id IN ('.implode(',', $user_permissions['create_categories']).')
271	;';
272
273	display_select_cat_wrapper(
274	$query,
275	$selected_category,
276	'category_parent_options'
277	);
278	}
279
280	$template->assign(
281	array(
282	'create_subcategories' => $create_subcategories,
283	'create_whole_gallery' => $user_permissions['create_whole_gallery'],
284	)
285	);
286
287
288	// +-----------------------------------------------------------------------+
289	// \| display page \|
290	// +-----------------------------------------------------------------------+
291
292	if (count($page['errors']) != 0)
293	{
294	$template->assign('errors', $page['errors']);
295	}
296
297	if (count($page['infos']) != 0)
298	{
299	$template->assign('infos', $page['infos']);
300	}
301
302	$title = l10n('Upload Photos');
303	$page['body_id'] = 'theUploadPage';
304
305	$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
306
307	$template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED'));
308
309	$template->assign(
310	array(
311	'TITLE' => '<a href="'.get_gallery_home_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].$title,
312	)
313	);
314	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: