Changeset 16658 for extensions/UserCollections/include/UserCollection.class.php

Timestamp:

Jul 12, 2012, 8:28:27 PM (12 years ago)

Author:

plg

Message:

(by mistic100, but svn commit crashes for him)

-use random public_id, preventing to access other public collections
-use colorbox to browse inside a collection
-small css fixes

File:

• extensions/UserCollections/include/UserCollection.class.php (modified) (7 diffs)

extensions/UserCollections/include/UserCollection.class.php

@@ -24 +24 @@
       'active' => false,
       'public' => false,
+      'public_id' => null,
       );
     $this->images = array();
+    
+    // access from public id
+    if ( strlen($col_id) == 10 and strpos($col_id, 'uc') === 0 )
+    {
+      $query = '
+SELECT id
+  FROM '.COLLECTIONS_TABLE.'
+  WHERE public_id = "'.$col_id.'"
+;';
+      $result = pwg_query($query);
+      
+      if (!pwg_db_num_rows($result))
+      {
+        $col_id = 0;
+      }
+      else
+      {
+        list($col_id) = pwg_db_fetch_row($result);
+      }
+    }
     
     // load specific collection
@@ -37 +58 @@
     nb_images,
     active,
-    public
+    public,
+    public_id
   FROM '.COLLECTIONS_TABLE.'
   WHERE
@@ -48 +70 @@
       {
         $this->data['col_id'] = $col_id;
-        list(
-          $this->data['user_id'],
-          $this->data['name'],
-          $this->data['date_creation'],
-          $this->data['nb_images'],
-          $this->data['active'],
-          $this->data['public']
-          ) = pwg_db_fetch_row($result);
+        $this->data = array_merge(
+          $this->data,
+          pwg_db_fetch_assoc($result)
+          );
         
         // make sur all pictures of the collection exist
@@ -89 +107 @@
       $this->data['active'] = $active;
       $this->data['public'] = $public;
+      $this->data['public_id'] = 'uc'.hash('crc32', uniqid(serialize($this->data, true)));
       
       $query = '
@@ -96 +115 @@
     date_creation,
     active,
-    public
+    public,
+    public_id
   ) 
   VALUES(
@@ -103 +123 @@
     NOW(),
     '.(int)$this->data['active'].',
-    '.(int)$this->data['public'].'
+    '.(int)$this->data['public'].',
+    "'.$this->data['public_id'].'"
   )
 ;';
@@ -271 +292 @@
       'PUBLIC' => (bool)$this->data['public'],
       'DATE_CREATION' => format_date($this->data['date_creation'], true),
-      'U_PUBLIC' => get_absolute_root_url().USER_COLLEC_PUBLIC . 'view/'.$this->data['col_id'],
+      'U_PUBLIC' => get_absolute_root_url().USER_COLLEC_PUBLIC . 'view/'.$this->data['public_id'],
       'IS_TEMP' =>  $this->data['name'] == 'temp',
       );