source: trunk/admin/picture_modify.php @ 11220

Revision 11220, 13.4 KB checked in by patdenice, 9 years ago (diff)

bug:2326
Mysql error on picture_modify if tag input is empty.

  • Property svn:eol-style set to LF
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if(!defined("PHPWG_ROOT_PATH"))
25{
26  die('Hacking attempt!');
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36check_input_parameter('image_id', $_GET, false, PATTERN_ID);
37check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
38
39// +-----------------------------------------------------------------------+
40// |                             delete photo                              |
41// +-----------------------------------------------------------------------+
42
43if (isset($_GET['delete']))
44{
45  check_pwg_token();
46
47  delete_elements(array($_GET['image_id']), true);
48
49  // where to redirect the user now?
50  //
51  // 1. if a category is available in the URL, use it
52  // 2. else use the first reachable linked category
53  // 3. redirect to gallery root
54
55  if (isset($_GET['cat_id']) and !empty($_GET['cat_id']))
56  {
57    redirect(
58      make_index_url(
59        array(
60          'category' => get_cat_info($_GET['cat_id'])
61          )
62        )
63      );
64  }
65
66  $query = '
67SELECT category_id
68  FROM '.IMAGE_CATEGORY_TABLE.'
69  WHERE image_id = '.$_GET['image_id'].'
70;';
71
72  $authorizeds = array_diff(
73    array_from_query($query, 'category_id'),
74    explode(',', calculate_permissions($user['id'], $user['status']))
75    );
76 
77  foreach ($authorizeds as $category_id)
78  {
79    redirect(
80      make_index_url(
81        array(
82          'category' => get_cat_info($category_id)
83          )
84        )
85      );
86  }
87
88  redirect(make_index_url());
89}
90
91// +-----------------------------------------------------------------------+
92// |                          synchronize metadata                         |
93// +-----------------------------------------------------------------------+
94
95if (isset($_GET['sync_metadata']))
96{
97  $query = '
98SELECT path
99  FROM '.IMAGES_TABLE.'
100  WHERE id = '.$_GET['image_id'].'
101;';
102  list($path) = pwg_db_fetch_row(pwg_query($query));
103  update_metadata(array($_GET['image_id'] => $path));
104
105  array_push($page['infos'], l10n('Metadata synchronized from file'));
106}
107
108//--------------------------------------------------------- update informations
109
110// first, we verify whether there is a mistake on the given creation date
111if (isset($_POST['date_creation_action'])
112    and 'set' == $_POST['date_creation_action'])
113{
114  if (!is_numeric($_POST['date_creation_year'])
115    or !checkdate(
116          $_POST['date_creation_month'],
117          $_POST['date_creation_day'],
118          $_POST['date_creation_year'])
119    )
120  {
121    array_push($page['errors'], l10n('wrong date'));
122  }
123}
124
125if (isset($_POST['submit']) and count($page['errors']) == 0)
126{
127  $data = array();
128  $data{'id'} = $_GET['image_id'];
129  $data{'name'} = $_POST['name'];
130  $data{'author'} = $_POST['author'];
131  $data['level'] = $_POST['level'];
132
133  if ($conf['allow_html_descriptions'])
134  {
135    $data{'comment'} = @$_POST['description'];
136  }
137  else
138  {
139    $data{'comment'} = strip_tags(@$_POST['description']);
140  }
141
142  if (isset($_POST['date_creation_action']))
143  {
144    if ('set' == $_POST['date_creation_action'])
145    {
146      $data{'date_creation'} = $_POST['date_creation_year']
147                                 .'-'.$_POST['date_creation_month']
148                                 .'-'.$_POST['date_creation_day'];
149    }
150    else if ('unset' == $_POST['date_creation_action'])
151    {
152      $data{'date_creation'} = '';
153    }
154  }
155
156  mass_updates(
157    IMAGES_TABLE,
158    array(
159      'primary' => array('id'),
160      'update' => array_diff(array_keys($data), array('id'))
161      ),
162    array($data)
163    );
164
165  // time to deal with tags
166  $tag_ids = array();
167  if (!empty($_POST['tags']))
168  {
169    $tag_ids = get_tag_ids($_POST['tags']);
170  }
171  set_tags($tag_ids, $_GET['image_id']);
172
173  array_push($page['infos'], l10n('Photo informations updated'));
174}
175// associate the element to other categories than its storage category
176if (isset($_POST['associate'])
177    and isset($_POST['cat_dissociated'])
178    and count($_POST['cat_dissociated']) > 0
179  )
180{
181  associate_images_to_categories(
182    array($_GET['image_id']),
183    $_POST['cat_dissociated']
184    );
185}
186// dissociate the element from categories (but not from its storage category)
187if (isset($_POST['dissociate'])
188    and isset($_POST['cat_associated'])
189    and count($_POST['cat_associated']) > 0
190  )
191{
192  $query = '
193DELETE FROM '.IMAGE_CATEGORY_TABLE.'
194  WHERE image_id = '.$_GET['image_id'].'
195    AND category_id IN ('.implode(',', $_POST['cat_associated']).')
196';
197  pwg_query($query);
198
199  update_category($_POST['cat_associated']);
200}
201// elect the element to represent the given categories
202if (isset($_POST['elect'])
203    and isset($_POST['cat_dismissed'])
204    and count($_POST['cat_dismissed']) > 0
205  )
206{
207  $datas = array();
208  foreach ($_POST['cat_dismissed'] as $category_id)
209  {
210    array_push($datas,
211               array('id' => $category_id,
212                     'representative_picture_id' => $_GET['image_id']));
213  }
214  $fields = array('primary' => array('id'),
215                  'update' => array('representative_picture_id'));
216  mass_updates(CATEGORIES_TABLE, $fields, $datas);
217}
218// dismiss the element as representant of the given categories
219if (isset($_POST['dismiss'])
220    and isset($_POST['cat_elected'])
221    and count($_POST['cat_elected']) > 0
222  )
223{
224  set_random_representant($_POST['cat_elected']);
225}
226
227// tags
228$query = '
229SELECT
230    tag_id,
231    name AS tag_name
232  FROM '.IMAGE_TAG_TABLE.' AS it
233    JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id
234  WHERE image_id = '.$_GET['image_id'].'
235;';
236$tag_selection = get_taglist($query);
237
238$query = '
239SELECT
240    id AS tag_id,
241    name AS tag_name
242  FROM '.TAGS_TABLE.'
243;';
244$tags = get_taglist($query);
245
246// retrieving direct information about picture
247$query = '
248SELECT *
249  FROM '.IMAGES_TABLE.'
250  WHERE id = '.$_GET['image_id'].'
251;';
252$row = pwg_db_fetch_assoc(pwg_query($query));
253
254$storage_category_id = null;
255if (!empty($row['storage_category_id']))
256{
257  $storage_category_id = $row['storage_category_id'];
258}
259
260$image_file = $row['file'];
261
262// +-----------------------------------------------------------------------+
263// |                             template init                             |
264// +-----------------------------------------------------------------------+
265
266$template->set_filenames(
267  array(
268    'picture_modify' => 'picture_modify.tpl'
269    )
270  );
271
272$admin_url_start = get_root_url().'admin.php?page=picture_modify';
273$admin_url_start.= '&amp;image_id='.$_GET['image_id'];
274$admin_url_start.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
275
276$template->assign(
277  array(
278    'tag_selection' => $tag_selection,
279    'tags' => $tags,
280    'U_SYNC' => $admin_url_start.'&amp;sync_metadata=1',
281    'U_DELETE' => $admin_url_start.'&amp;delete=1&amp;pwg_token='.get_pwg_token(),
282
283    'PATH'=>$row['path'],
284
285    'TN_SRC' => get_thumbnail_url($row),
286
287    'NAME' =>
288      isset($_POST['name']) ?
289        stripslashes($_POST['name']) : @$row['name'],
290
291    'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
292
293    'FILESIZE' => @$row['filesize'].' KB',
294
295    'REGISTRATION_DATE' => format_date($row['date_available']),
296
297    'AUTHOR' => htmlspecialchars(
298      isset($_POST['author'])
299        ? stripslashes($_POST['author'])
300        : @$row['author']
301      ),
302
303    'DESCRIPTION' =>
304      htmlspecialchars( isset($_POST['description']) ?
305        stripslashes($_POST['description']) : @$row['comment'] ),
306
307    'F_ACTION' =>
308        get_root_url().'admin.php'
309        .get_query_string_diff(array('sync_metadata'))
310    )
311  );
312
313if ($row['has_high'] == 'true')
314{
315  $template->assign(
316    'HIGH_FILESIZE',
317    isset($row['high_filesize'])
318        ? $row['high_filesize'].' KB'
319        : l10n('unknown')
320    );
321}
322
323// image level options
324$selected_level = isset($_POST['level']) ? $_POST['level'] : $row['level'];
325$template->assign(
326    array(
327      'level_options'=> get_privacy_level_options(),
328      'level_options_selected' => array($selected_level)
329    )
330  );
331
332// creation date
333unset($day, $month, $year);
334
335if (isset($_POST['date_creation_action'])
336    and 'set' == $_POST['date_creation_action'])
337{
338  foreach (array('day', 'month', 'year') as $varname)
339  {
340    $$varname = $_POST['date_creation_'.$varname];
341  }
342}
343else if (isset($row['date_creation']) and !empty($row['date_creation']))
344{
345  list($year, $month, $day) = explode('-', $row['date_creation']);
346}
347else
348{
349  list($year, $month, $day) = array('', 0, 0);
350}
351
352
353$month_list = $lang['month'];
354$month_list[0]='------------';
355ksort($month_list);
356
357$template->assign(
358    array(
359      'DATE_CREATION_DAY_VALUE' => $day,
360      'DATE_CREATION_MONTH_VALUE' => $month,
361      'DATE_CREATION_YEAR_VALUE' => $year,
362      'month_list' => $month_list,
363      )
364    );
365
366$query = '
367SELECT category_id, uppercats
368  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
369    INNER JOIN '.CATEGORIES_TABLE.' AS c
370      ON c.id = ic.category_id
371  WHERE image_id = '.$_GET['image_id'].'
372;';
373$result = pwg_query($query);
374
375while ($row = pwg_db_fetch_assoc($result))
376{
377  $name =
378    get_cat_display_name_cache(
379      $row['uppercats'],
380      get_root_url().'admin.php?page=cat_modify&amp;cat_id=',
381      false
382      );
383
384  if ($row['category_id'] == $storage_category_id)
385  {
386    $template->assign('STORAGE_CATEGORY', $name);
387  }
388  else
389  {
390    $template->append('related_categories', $name);
391  }
392}
393
394// jump to link
395//
396// 1. find all linked categories that are reachable for the current user.
397// 2. if a category is available in the URL, use it if reachable
398// 3. if URL category not available or reachable, use the first reachable
399//    linked category
400// 4. if no category reachable, no jumpto link
401
402$query = '
403SELECT category_id
404  FROM '.IMAGE_CATEGORY_TABLE.'
405  WHERE image_id = '.$_GET['image_id'].'
406;';
407
408$authorizeds = array_diff(
409  array_from_query($query, 'category_id'),
410  explode(
411    ',',
412    calculate_permissions($user['id'], $user['status'])
413    )
414  );
415
416if (isset($_GET['cat_id'])
417    and in_array($_GET['cat_id'], $authorizeds))
418{
419  $url_img = make_picture_url(
420    array(
421      'image_id' => $_GET['image_id'],
422      'image_file' => $image_file,
423      'category' => $cache['cat_names'][ $_GET['cat_id'] ],
424      )
425    );
426}
427else
428{
429  foreach ($authorizeds as $category)
430  {
431    $url_img = make_picture_url(
432      array(
433        'image_id' => $_GET['image_id'],
434        'image_file' => $image_file,
435        'category' => $cache['cat_names'][ $category ],
436        )
437      );
438    break;
439  }
440}
441
442if (isset($url_img))
443{
444  $template->assign( 'U_JUMPTO', $url_img );
445}
446
447// associate to another category ?
448$query = '
449SELECT id,name,uppercats,global_rank
450  FROM '.CATEGORIES_TABLE.'
451    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
452  WHERE image_id = '.$_GET['image_id'];
453if (isset($storage_category_id))
454{
455  $query.= '
456    AND id != '.$storage_category_id;
457}
458$query.= '
459;';
460display_select_cat_wrapper($query, array(), 'associated_options');
461
462$result = pwg_query($query);
463$associateds = array(-1);
464if (isset($storage_category_id))
465{
466  array_push($associateds, $storage_category_id);
467}
468while ($row = pwg_db_fetch_assoc($result))
469{
470  array_push($associateds, $row['id']);
471}
472$query = '
473SELECT id,name,uppercats,global_rank
474  FROM '.CATEGORIES_TABLE.'
475  WHERE id NOT IN ('.implode(',', $associateds).')
476;';
477display_select_cat_wrapper($query, array(), 'dissociated_options');
478
479// representing
480$query = '
481SELECT id,name,uppercats,global_rank
482  FROM '.CATEGORIES_TABLE.'
483  WHERE representative_picture_id = '.$_GET['image_id'].'
484;';
485display_select_cat_wrapper($query, array(), 'elected_options');
486
487$query = '
488SELECT id,name,uppercats,global_rank
489  FROM '.CATEGORIES_TABLE.'
490  WHERE representative_picture_id != '.$_GET['image_id'].'
491    OR representative_picture_id IS NULL
492;';
493display_select_cat_wrapper($query, array(), 'dismissed_options');
494
495//----------------------------------------------------------- sending html code
496
497$template->assign_var_from_handle('ADMIN_CONTENT', 'picture_modify');
498?>
Note: See TracBrowser for help on using the repository browser.