- Timestamp:
- Sep 11, 2013, 6:44:54 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/UserCollections/include/UserCollection.class.php
r23552 r24421 12 12 * @param: array images 13 13 */ 14 function __construct($col_id, $name=null, $comment=null, $ public=false, $user_id=null)14 function __construct($col_id, $name=null, $comment=null, $user_id=null) 15 15 { 16 16 global $user; 17 17 18 if (empty($user_id)) { 18 if (empty($user_id)) 19 { 19 20 $user_id = $user['id']; 20 21 } … … 27 28 'comment' => null, 28 29 'nb_images' => 0, 29 'public' => 0,30 'public_id' => null,31 30 ); 32 31 $this->images = array(); 33 34 // access from public id (access permission is checked line 66)35 if ( strlen($col_id) == 10 and strpos($col_id, 'uc') === 0 )36 {37 $query = '38 SELECT id39 FROM '.COLLECTIONS_TABLE.'40 WHERE public_id = "'.$col_id.'"41 ;';42 $result = pwg_query($query);43 44 if (!pwg_db_num_rows($result))45 {46 $col_id = 0;47 }48 else49 {50 list($col_id) = pwg_db_fetch_row($result);51 }52 }53 32 54 33 // load specific collection … … 58 37 SELECT * 59 38 FROM '.COLLECTIONS_TABLE.' 60 WHERE 61 id = '.$col_id.' 62 '.(!is_admin() ? 'AND (user_id = '.$this->data['user_id'].' OR public = 1)' : null).' 39 WHERE id = '.$col_id.' 63 40 ;'; 64 41 $result = pwg_query($query); … … 92 69 else 93 70 { 94 throw new Exception(l10n('Invalid collection') );71 throw new Exception(l10n('Invalid collection'), WS_ERR_INVALID_PARAM); 95 72 } 96 73 } … … 100 77 $this->data['name'] = $name; 101 78 $this->data['comment'] = $comment; 102 $this->data['public'] = (int)$public;103 $this->data['public_id'] = 'uc'.hash('crc32', uniqid(serialize($this->data), true));104 79 105 80 $query = ' … … 108 83 name, 109 84 date_creation, 110 comment, 111 public, 112 public_id 85 comment 113 86 ) 114 87 VALUES( … … 116 89 "'.$this->data['name'].'", 117 90 NOW(), 118 "'.$this->data['comment'].'", 119 '.(int)$this->data['public'].', 120 "'.$this->data['public_id'].'" 91 "'.$this->data['comment'].'" 121 92 ) 122 93 ;'; … … 130 101 { 131 102 trigger_error('UserCollection::__construct, invalid input parameter', E_USER_ERROR); 103 } 104 } 105 106 /** 107 * check if current user is owner of the collection or admin 108 */ 109 function checkUser() 110 { 111 global $user; 112 113 if (!is_admin() && $user['id'] != $this->data['user_id']) 114 { 115 throw new Exception('Forbidden', 403); 132 116 } 133 117 } … … 280 264 'COMMENT' => $this->data['comment'], 281 265 'NB_IMAGES' => $this->data['nb_images'], 282 'PUBLIC' => (bool)$this->data['public'],283 266 'DATE_CREATION' => $this->data['date_creation'], 284 'U_PUBLIC' => USER_COLLEC_PUBLIC . 'view/'.$this->data['public_id'],285 267 ); 286 268 287 269 return $set; 270 } 271 272 /** 273 * get share links 274 */ 275 function getShares() 276 { 277 $query = ' 278 SELECT * FROM '.COLLECTION_SHARES_TABLE.' 279 WHERE col_id = '.$this->data['id'].' 280 ORDER BY add_date DESC 281 ;'; 282 $result = pwg_query($query); 283 284 $shares = array(); 285 while ($row = pwg_db_fetch_assoc($result)) 286 { 287 $row['expired'] = false; 288 289 $row['params'] = unserialize($row['params']); 290 if (!empty($row['params']['deadline'])) 291 { 292 $row['expired'] = strtotime($row['params']['deadline']) < time(); 293 $row['params']['deadline_readable'] = format_date($row['params']['deadline'], true, false); 294 } 295 296 $row['url'] = USER_COLLEC_PUBLIC . 'view/' . $row['share_key']; 297 $row['u_delete'] = USER_COLLEC_PUBLIC . 'edit/' . $this->data['id'] . '&delete_share=' . $row['id']; 298 $row['add_date_readable'] = format_date($row['add_date'], true, false); 299 300 $shares[] = $row; 301 } 302 303 return $shares; 304 } 305 306 /** 307 * delete a share 308 */ 309 function deleteShare($id) 310 { 311 $query = ' 312 DELETE FROM '.COLLECTION_SHARES_TABLE.' 313 WHERE id = "'.pwg_db_real_escape_string($id).'" 314 AND col_id = '.$this->data['id'].' 315 ;'; 316 pwg_query($query); 317 318 return pwg_db_changes() != 0; 319 } 320 321 /** 322 * Add a share URL 323 * @param: array 324 * - share_key 325 * - password 326 * - deadline 327 * @return: array errors 328 */ 329 function addShare($share, $abord_on_duplicate=true) 330 { 331 global $conf, $page; 332 333 $errors = array(); 334 335 $share = array_map('stripslashes', $share); 336 337 // check key 338 if (empty($share['share_key']) || strlen($share['share_key']) < 8) 339 { 340 $errors[] = l10n('The key must be at least 8 characters long'); 341 } 342 else 343 { 344 $share['share_key'] = $this->data['id'].'-'.str2url($share['share_key']); 345 346 $query = ' 347 SELECT id FROM '.COLLECTION_SHARES_TABLE.' 348 WHERE col_id = '.$this->data['id'].' 349 AND share_key = "'.$share['share_key'].'" 350 ;'; 351 $result = pwg_query($query); 352 if (pwg_db_num_rows($result)) 353 { 354 if ($abord_on_duplicate) 355 { 356 $errors[] = l10n('This key is already used'); 357 } 358 else 359 { 360 return USER_COLLEC_PUBLIC . 'view/' . $share['share_key']; 361 } 362 } 363 } 364 365 // filter date 366 if (!empty($share['deadline'])) 367 { 368 $date = DateTime::createFromFormat('Y-m-d H:i', $share['deadline']); 369 $share['deadline'] = $date->format('Y-m-d H:i'); 370 } 371 372 // hash password 373 if (!empty($share['password'])) 374 { 375 $share['password'] = sha1($conf['secret_key'].$share['password'].$share['share_key']); 376 } 377 378 if (empty($errors)) 379 { 380 $params = serialize(array( 381 'password' => @$share['password'], 382 'deadline' => @$share['deadline'], 383 )); 384 385 $query = ' 386 INSERT INTO '.COLLECTION_SHARES_TABLE.'( 387 col_id, 388 share_key, 389 params, 390 add_date 391 ) 392 VALUES( 393 '.$this->data['id'].', 394 "'.$share['share_key'].'", 395 "'.pwg_db_real_escape_string($params).'", 396 "'.date('Y-m-d H:i:s').'" 397 ) 398 ;'; 399 pwg_query($query); 400 401 return USER_COLLEC_PUBLIC . 'view/' . $share['share_key']; 402 } 403 404 return $errors; 288 405 } 289 406 … … 299 416 * @return: array errors 300 417 */ 301 function sendEmail($comm , $key)302 { 303 global $conf , $page, $template;418 function sendEmail($comm) 419 { 420 global $conf; 304 421 305 422 $errors = array(); … … 308 425 309 426 $comment_action='validate'; 310 311 // check key312 if (!verify_ephemeral_key(@$key))313 {314 array_push($errors, l10n('Invalid key'));315 $comment_action='reject';316 }317 427 318 428 // check author … … 393 503 { 394 504 array_push($errors, l10n('Error while sending e-mail')); 505 } 506 else 507 { 508 return true; 395 509 } 396 510 } … … 454 568 $mail_css = file_get_contents(dirname(__FILE__).'/../template/mail.css'); 455 569 570 $share_key = 'mail-' . substr(sha1($this->data['id'].$conf['secret_key']), 0, 11); 571 456 572 $template->assign(array( 457 573 'GALLERY_URL' => get_gallery_home_url(), … … 459 575 'UC_MAIL_CSS' => str_replace("\n", null, $mail_css), 460 576 'MAIL_TITLE' => $this->getParam('name').' ('.sprintf(l10n('by %s'), $params['sender_name']).')', 461 'COL_URL' => USER_COLLEC_PUBLIC . 'view/'.$this->data['public_id'],577 'COL_URL' => $this->addShare(array('share_key'=>$share_key), false), 462 578 'PARAMS' => $params, 463 579 'derivative_params' => ImageStdParams::get_by_type(IMG_SQUARE), … … 518 634 { 519 635 case 'name': 520 $element[] = render_element_name($row); break; 636 $element[] = render_element_name($row); 637 break; 521 638 case 'url': 522 $element[] = make_picture_url(array('image_id'=>$row['id'], 'image_file'=>$row['file'])); break; 639 $element[] = make_picture_url(array('image_id'=>$row['id'], 'image_file'=>$row['file'])); 640 break; 523 641 case 'path': 524 $element[] = $root_url.ltrim($row['path'], './'); break; 642 $element[] = $root_url.ltrim($row['path'], './'); 643 break; 525 644 default: 526 $element[] = $row[$field]; break; 645 $element[] = $row[$field]; 646 break; 527 647 } 528 648 }
Note: See TracChangeset
for help on using the changeset viewer.