source: trunk/admin/picture_modify.php @ 9943

Revision 9943, 13.2 KB checked in by plg, 9 years ago (diff)

bug fixed: makes really sure there is a defined category id before redirection on photo deletion

  • Property svn:eol-style set to LF
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if(!defined("PHPWG_ROOT_PATH"))
25{
26  die('Hacking attempt!');
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36check_input_parameter('image_id', $_GET, false, PATTERN_ID);
37check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
38
39// +-----------------------------------------------------------------------+
40// |                             delete photo                              |
41// +-----------------------------------------------------------------------+
42
43if (isset($_GET['delete']))
44{
45  check_pwg_token();
46
47  delete_elements(array($_GET['image_id']), true);
48
49  // where to redirect the user now?
50  //
51  // 1. if a category is available in the URL, use it
52  // 2. else use the first reachable linked category
53  // 3. redirect to gallery root
54
55  if (isset($_GET['cat_id']) and !empty($_GET['cat_id']))
56  {
57    redirect(
58      make_index_url(
59        array(
60          'category' => get_cat_info($_GET['cat_id'])
61          )
62        )
63      );
64  }
65
66  $query = '
67SELECT category_id
68  FROM '.IMAGE_CATEGORY_TABLE.'
69  WHERE image_id = '.$_GET['image_id'].'
70;';
71
72  $authorizeds = array_diff(
73    array_from_query($query, 'category_id'),
74    explode(',', calculate_permissions($user['id'], $user['status']))
75    );
76 
77  foreach ($authorizeds as $category_id)
78  {
79    redirect(
80      make_index_url(
81        array(
82          'category' => get_cat_info($category_id)
83          )
84        )
85      );
86  }
87
88  redirect(make_index_url());
89}
90
91// +-----------------------------------------------------------------------+
92// |                          synchronize metadata                         |
93// +-----------------------------------------------------------------------+
94
95if (isset($_GET['sync_metadata']))
96{
97  $query = '
98SELECT path
99  FROM '.IMAGES_TABLE.'
100  WHERE id = '.$_GET['image_id'].'
101;';
102  list($path) = pwg_db_fetch_row(pwg_query($query));
103  update_metadata(array($_GET['image_id'] => $path));
104
105  array_push($page['infos'], l10n('Metadata synchronized from file'));
106}
107
108//--------------------------------------------------------- update informations
109
110// first, we verify whether there is a mistake on the given creation date
111if (isset($_POST['date_creation_action'])
112    and 'set' == $_POST['date_creation_action'])
113{
114  if (!is_numeric($_POST['date_creation_year'])
115    or !checkdate(
116          $_POST['date_creation_month'],
117          $_POST['date_creation_day'],
118          $_POST['date_creation_year'])
119    )
120  {
121    array_push($page['errors'], l10n('wrong date'));
122  }
123}
124
125if (isset($_POST['submit']) and count($page['errors']) == 0)
126{
127  $data = array();
128  $data{'id'} = $_GET['image_id'];
129  $data{'name'} = $_POST['name'];
130  $data{'author'} = $_POST['author'];
131  $data['level'] = $_POST['level'];
132
133  if ($conf['allow_html_descriptions'])
134  {
135    $data{'comment'} = @$_POST['description'];
136  }
137  else
138  {
139    $data{'comment'} = strip_tags(@$_POST['description']);
140  }
141
142  if (isset($_POST['date_creation_action']))
143  {
144    if ('set' == $_POST['date_creation_action'])
145    {
146      $data{'date_creation'} = $_POST['date_creation_year']
147                                 .'-'.$_POST['date_creation_month']
148                                 .'-'.$_POST['date_creation_day'];
149    }
150    else if ('unset' == $_POST['date_creation_action'])
151    {
152      $data{'date_creation'} = '';
153    }
154  }
155
156  mass_updates(
157    IMAGES_TABLE,
158    array(
159      'primary' => array('id'),
160      'update' => array_diff(array_keys($data), array('id'))
161      ),
162    array($data)
163    );
164
165  // time to deal with tags
166  $tag_ids = array();
167  if (isset($_POST['tags']))
168  {
169    $tag_ids = get_fckb_tag_ids($_POST['tags']);
170  }
171  set_tags($tag_ids, $_GET['image_id']);
172
173  array_push($page['infos'], l10n('Photo informations updated'));
174}
175// associate the element to other categories than its storage category
176if (isset($_POST['associate'])
177    and isset($_POST['cat_dissociated'])
178    and count($_POST['cat_dissociated']) > 0
179  )
180{
181  associate_images_to_categories(
182    array($_GET['image_id']),
183    $_POST['cat_dissociated']
184    );
185}
186// dissociate the element from categories (but not from its storage category)
187if (isset($_POST['dissociate'])
188    and isset($_POST['cat_associated'])
189    and count($_POST['cat_associated']) > 0
190  )
191{
192  $query = '
193DELETE FROM '.IMAGE_CATEGORY_TABLE.'
194  WHERE image_id = '.$_GET['image_id'].'
195    AND category_id IN ('.implode(',', $_POST['cat_associated']).')
196';
197  pwg_query($query);
198
199  update_category($_POST['cat_associated']);
200}
201// elect the element to represent the given categories
202if (isset($_POST['elect'])
203    and isset($_POST['cat_dismissed'])
204    and count($_POST['cat_dismissed']) > 0
205  )
206{
207  $datas = array();
208  foreach ($_POST['cat_dismissed'] as $category_id)
209  {
210    array_push($datas,
211               array('id' => $category_id,
212                     'representative_picture_id' => $_GET['image_id']));
213  }
214  $fields = array('primary' => array('id'),
215                  'update' => array('representative_picture_id'));
216  mass_updates(CATEGORIES_TABLE, $fields, $datas);
217}
218// dismiss the element as representant of the given categories
219if (isset($_POST['dismiss'])
220    and isset($_POST['cat_elected'])
221    and count($_POST['cat_elected']) > 0
222  )
223{
224  set_random_representant($_POST['cat_elected']);
225}
226
227// tags
228$query = '
229SELECT
230    tag_id,
231    name AS tag_name
232  FROM '.IMAGE_TAG_TABLE.' AS it
233    JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id
234  WHERE image_id = '.$_GET['image_id'].'
235;';
236$tags = get_fckb_taglist($query);
237
238// retrieving direct information about picture
239$query = '
240SELECT *
241  FROM '.IMAGES_TABLE.'
242  WHERE id = '.$_GET['image_id'].'
243;';
244$row = pwg_db_fetch_assoc(pwg_query($query));
245
246$storage_category_id = null;
247if (!empty($row['storage_category_id']))
248{
249  $storage_category_id = $row['storage_category_id'];
250}
251
252$image_file = $row['file'];
253
254// +-----------------------------------------------------------------------+
255// |                             template init                             |
256// +-----------------------------------------------------------------------+
257
258$template->set_filenames(
259  array(
260    'picture_modify' => 'picture_modify.tpl'
261    )
262  );
263
264$admin_url_start = get_root_url().'admin.php?page=picture_modify';
265$admin_url_start.= '&amp;image_id='.$_GET['image_id'];
266$admin_url_start.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
267
268$template->assign(
269  array(
270    'tags' => $tags,
271    'U_SYNC' => $admin_url_start.'&amp;sync_metadata=1',
272    'U_DELETE' => $admin_url_start.'&amp;delete=1&amp;pwg_token='.get_pwg_token(),
273
274    'PATH'=>$row['path'],
275
276    'TN_SRC' => get_thumbnail_url($row),
277
278    'NAME' =>
279      isset($_POST['name']) ?
280        stripslashes($_POST['name']) : @$row['name'],
281
282    'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
283
284    'FILESIZE' => @$row['filesize'].' KB',
285
286    'REGISTRATION_DATE' => format_date($row['date_available']),
287
288    'AUTHOR' => htmlspecialchars(
289      isset($_POST['author'])
290        ? stripslashes($_POST['author'])
291        : @$row['author']
292      ),
293
294    'DESCRIPTION' =>
295      htmlspecialchars( isset($_POST['description']) ?
296        stripslashes($_POST['description']) : @$row['comment'] ),
297
298    'F_ACTION' =>
299        get_root_url().'admin.php'
300        .get_query_string_diff(array('sync_metadata'))
301    )
302  );
303
304if ($row['has_high'] == 'true')
305{
306  $template->assign(
307    'HIGH_FILESIZE',
308    isset($row['high_filesize'])
309        ? $row['high_filesize'].' KB'
310        : l10n('unknown')
311    );
312}
313
314// image level options
315$selected_level = isset($_POST['level']) ? $_POST['level'] : $row['level'];
316$template->assign(
317    array(
318      'level_options'=> get_privacy_level_options(),
319      'level_options_selected' => array($selected_level)
320    )
321  );
322
323// creation date
324unset($day, $month, $year);
325
326if (isset($_POST['date_creation_action'])
327    and 'set' == $_POST['date_creation_action'])
328{
329  foreach (array('day', 'month', 'year') as $varname)
330  {
331    $$varname = $_POST['date_creation_'.$varname];
332  }
333}
334else if (isset($row['date_creation']) and !empty($row['date_creation']))
335{
336  list($year, $month, $day) = explode('-', $row['date_creation']);
337}
338else
339{
340  list($year, $month, $day) = array('', 0, 0);
341}
342
343
344$month_list = $lang['month'];
345$month_list[0]='------------';
346ksort($month_list);
347
348$template->assign(
349    array(
350      'DATE_CREATION_DAY_VALUE' => $day,
351      'DATE_CREATION_MONTH_VALUE' => $month,
352      'DATE_CREATION_YEAR_VALUE' => $year,
353      'month_list' => $month_list,
354      )
355    );
356
357$query = '
358SELECT category_id, uppercats
359  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
360    INNER JOIN '.CATEGORIES_TABLE.' AS c
361      ON c.id = ic.category_id
362  WHERE image_id = '.$_GET['image_id'].'
363;';
364$result = pwg_query($query);
365
366while ($row = pwg_db_fetch_assoc($result))
367{
368  $name =
369    get_cat_display_name_cache(
370      $row['uppercats'],
371      get_root_url().'admin.php?page=cat_modify&amp;cat_id=',
372      false
373      );
374
375  if ($row['category_id'] == $storage_category_id)
376  {
377    $template->assign('STORAGE_CATEGORY', $name);
378  }
379  else
380  {
381    $template->append('related_categories', $name);
382  }
383}
384
385// jump to link
386//
387// 1. find all linked categories that are reachable for the current user.
388// 2. if a category is available in the URL, use it if reachable
389// 3. if URL category not available or reachable, use the first reachable
390//    linked category
391// 4. if no category reachable, no jumpto link
392
393$query = '
394SELECT category_id
395  FROM '.IMAGE_CATEGORY_TABLE.'
396  WHERE image_id = '.$_GET['image_id'].'
397;';
398
399$authorizeds = array_diff(
400  array_from_query($query, 'category_id'),
401  explode(
402    ',',
403    calculate_permissions($user['id'], $user['status'])
404    )
405  );
406
407if (isset($_GET['cat_id'])
408    and in_array($_GET['cat_id'], $authorizeds))
409{
410  $url_img = make_picture_url(
411    array(
412      'image_id' => $_GET['image_id'],
413      'image_file' => $image_file,
414      'category' => $cache['cat_names'][ $_GET['cat_id'] ],
415      )
416    );
417}
418else
419{
420  foreach ($authorizeds as $category)
421  {
422    $url_img = make_picture_url(
423      array(
424        'image_id' => $_GET['image_id'],
425        'image_file' => $image_file,
426        'category' => $cache['cat_names'][ $category ],
427        )
428      );
429    break;
430  }
431}
432
433if (isset($url_img))
434{
435  $template->assign( 'U_JUMPTO', $url_img );
436}
437
438// associate to another category ?
439$query = '
440SELECT id,name,uppercats,global_rank
441  FROM '.CATEGORIES_TABLE.'
442    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
443  WHERE image_id = '.$_GET['image_id'];
444if (isset($storage_category_id))
445{
446  $query.= '
447    AND id != '.$storage_category_id;
448}
449$query.= '
450;';
451display_select_cat_wrapper($query, array(), 'associated_options');
452
453$result = pwg_query($query);
454$associateds = array(-1);
455if (isset($storage_category_id))
456{
457  array_push($associateds, $storage_category_id);
458}
459while ($row = pwg_db_fetch_assoc($result))
460{
461  array_push($associateds, $row['id']);
462}
463$query = '
464SELECT id,name,uppercats,global_rank
465  FROM '.CATEGORIES_TABLE.'
466  WHERE id NOT IN ('.implode(',', $associateds).')
467;';
468display_select_cat_wrapper($query, array(), 'dissociated_options');
469
470// representing
471$query = '
472SELECT id,name,uppercats,global_rank
473  FROM '.CATEGORIES_TABLE.'
474  WHERE representative_picture_id = '.$_GET['image_id'].'
475;';
476display_select_cat_wrapper($query, array(), 'elected_options');
477
478$query = '
479SELECT id,name,uppercats,global_rank
480  FROM '.CATEGORIES_TABLE.'
481  WHERE representative_picture_id != '.$_GET['image_id'].'
482    OR representative_picture_id IS NULL
483;';
484display_select_cat_wrapper($query, array(), 'dismissed_options');
485
486//----------------------------------------------------------- sending html code
487
488$template->assign_var_from_handle('ADMIN_CONTENT', 'picture_modify');
489?>
Note: See TracBrowser for help on using the repository browser.