Changeset 24421 for extensions/UserCollections/include/collections.inc.php
- Timestamp:
- Sep 11, 2013, 6:44:54 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/UserCollections/include/collections.inc.php
r23551 r24421 2 2 defined('USER_COLLEC_PATH') or die('Hacking attempt!'); 3 3 4 # this file is called on basket public page # 5 6 global $page, $template, $conf, $user, $tokens, $pwg_loaded_plugins; 4 global $page, $template, $conf, $user; 7 5 8 6 $template->assign(array( … … 11 9 )); 12 10 11 13 12 switch ($page['sub_section']) 14 13 { 15 /* list */ 16 case 'list': 17 { 18 // security 19 if (is_a_guest()) access_denied(); 20 21 $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collections_list.tpl')); 22 23 // actions 24 if ( isset($_GET['action']) and preg_match('#^([0-9]+)$#', $_GET['col_id']) ) 25 { 26 switch ($_GET['action']) 27 { 28 // new 29 case 'new': 30 { 31 if (empty($_GET['name'])) 14 // +-----------------------------------------------------------------------+ 15 // | Collections list | 16 // +-----------------------------------------------------------------------+ 17 case 'list': 18 { 19 if (is_a_guest()) 20 { 21 access_denied(); 22 } 23 24 $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collections_list.tpl')); 25 26 // actions 27 if ( isset($_GET['action']) and preg_match('#^([0-9]+)$#', $_GET['col_id']) ) 28 { 29 switch ($_GET['action']) 30 { 31 ## new collection ## 32 case 'new': 33 { 34 if (empty($_GET['name'])) 35 { 36 $page['errors'][] = l10n('Please give a name'); 37 } 38 else 39 { 40 $collection = new UserCollection('new', $_GET['name']); 41 42 if (isset($_GET['redirect'])) 32 43 { 33 array_push($page['errors'], l10n('Please give a name'));44 $redirect = USER_COLLEC_PUBLIC . 'edit/' . $collection->getParam('id'); 34 45 } 35 46 else 36 47 { 37 $UserCollection = new UserCollection('new', $_GET['name']); 38 39 if (isset($_GET['redirect'])) 40 { 41 $redirect = USER_COLLEC_PUBLIC.'edit/'.$UserCollection->getParam('id'); 42 } 43 else 44 { 45 $redirect = USER_COLLEC_PUBLIC; 46 } 47 redirect($redirect); 48 $redirect = USER_COLLEC_PUBLIC; 48 49 } 49 break; 50 } 50 redirect($redirect); 51 } 52 break; 53 } 54 55 ## delete collection ## 56 case 'delete': 57 { 58 try { 59 $collection = new UserCollection($_GET['col_id']); 60 $collection->delete(); 61 redirect(USER_COLLEC_PUBLIC); 62 } 63 catch (Exception $e) 64 { 65 $page['errors'][] = $e->getMessage(); 66 } 67 break; 68 } 69 } 70 } 71 72 $template->assign('U_CREATE', 73 add_url_params(USER_COLLEC_PUBLIC, array('action'=>'new','col_id'=>'0')) 74 ); 75 76 $template->set_prefilter('index_category_thumbnails', 'user_collections_categories_list'); 77 78 include(USER_COLLEC_PATH . '/include/display_collections.inc.php'); 79 80 break; 81 } 82 83 // +-----------------------------------------------------------------------+ 84 // | Edit collection | 85 // +-----------------------------------------------------------------------+ 86 case 'edit': 87 { 88 // security 89 if (empty($page['col_id'])) 90 { 91 $_SESSION['page_errors'][] = l10n('Invalid collection'); 92 redirect(USER_COLLEC_PUBLIC); 93 } 94 95 $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_edit.tpl')); 96 97 $self_url = USER_COLLEC_PUBLIC . 'edit/' . $page['col_id']; 98 99 $template->assign(array( 100 'F_ACTION' => $self_url, 101 'U_LIST' => USER_COLLEC_PUBLIC, 102 'UC_IN_EDIT' => true, 103 )); 104 105 try { 106 $collection = new UserCollection($page['col_id']); 107 $collection->checkUser(); 108 109 // save properties 110 if (isset($_POST['save_col'])) 111 { 112 if (empty($_POST['name'])) 113 { 114 $page['errors'][] = l10n('Please give a name'); 115 } 116 else 117 { 118 $collection->updateParam('name', stripslashes($_POST['name'])); 119 } 120 $collection->updateParam('comment', stripslashes($_POST['comment'])); 121 } 122 123 // add key 124 if ($conf['user_collections']['allow_public']) 125 { 126 $share = array( 127 'share_key' => get_random_key(16), 128 'password' => null, 129 'deadline' => null, 130 ); 131 132 if (isset($_POST['add_share'])) 133 { 134 $share = array( 135 'share_key' => trim($_POST['share_key']), 136 'password' => isset($_POST['use_share_password']) ? trim($_POST['share_password']) : '', 137 'deadline' => isset($_POST['use_share_deadline']) ? trim($_POST['share_deadline']) : '', 138 ); 51 139 52 // delete 53 case 'delete': 54 { 55 try { 56 $UserCollection = new UserCollection($_GET['col_id']); 57 $UserCollection->delete(); 58 redirect(USER_COLLEC_PUBLIC); 59 } 60 catch (Exception $e) 61 { 62 $page['errors'][] = $e->getMessage(); 63 } 64 break; 65 } 66 } 67 } 68 69 $template->assign('U_CREATE', add_url_params(USER_COLLEC_PUBLIC, array('action'=>'new','col_id'=>'0'))); 70 71 $template->set_prefilter('index_category_thumbnails', 'user_collections_categories_list'); 72 73 include(USER_COLLEC_PATH . '/include/display_collections.inc.php'); 74 75 break; 76 } 77 78 /* edit */ 79 case 'edit': 80 { 81 // security 82 if (empty($page['col_id'])) 83 { 84 $_SESSION['page_errors'][] = l10n('Invalid collection'); 85 redirect(USER_COLLEC_PUBLIC); 86 } 87 88 $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_edit.tpl')); 89 90 $self_url = USER_COLLEC_PUBLIC . 'edit/'.$page['col_id']; 91 92 $template->assign(array( 93 'user_collections' => $conf['user_collections'], 94 'F_ACTION' => $self_url, 95 'U_LIST' => USER_COLLEC_PUBLIC, 96 'UC_IN_EDIT' => true, 97 )); 98 99 try { 100 $UserCollection = new UserCollection($page['col_id']); 101 102 // save properties 103 if (isset($_POST['save_col'])) 104 { 105 if (empty($_POST['name'])) 106 { 107 array_push($page['errors'], l10n('Please give a name')); 108 } 109 else 110 { 111 $UserCollection->updateParam('name', stripslashes($_POST['name'])); 112 } 113 if (!$conf['user_collections']['allow_public']) 114 { 115 $_POST['public'] = '0'; 116 } 117 $UserCollection->updateParam('public', $_POST['public']); 118 $UserCollection->updateParam('comment', stripslashes($_POST['comment'])); 119 } 120 121 // send mail 122 if ( $conf['user_collections']['allow_public'] and $conf['user_collections']['allow_mails'] ) 140 if (!verify_ephemeral_key(@$_POST['key'])) 141 { 142 $result = array(l10n('Invalid key')); 143 } 144 else 145 { 146 $result = $collection->addShare($share); 147 } 148 if (is_array($result)) 149 { 150 $share['errors'] = $result; 151 } 152 else 153 { 154 $share = array(); 155 $share['infos'][] = sprintf(l10n('New share added: <a href="%s">%s</a>'), $result, $result); 156 } 157 $share['open'] = true; 158 } 159 else if (isset($_GET['delete_share'])) 160 { 161 if ($collection->deleteShare($_GET['delete_share'])) 162 { 163 $share['infos'][] = l10n('Share deleted'); 164 } 165 $share['open'] = true; 166 } 167 168 $template->assign('share', $share); 169 } 170 171 // send mail 172 if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] ) 173 { 174 $contact = array( 175 'sender_name' => $user['username'], 176 'sender_email' => $user['email'], 177 'recipient_name' => null, 178 'recipient_email' => null, 179 'nb_images' => 4, 180 'message' => null, 181 ); 182 183 if (isset($_POST['send_mail'])) 123 184 { 124 185 $contact = array( 125 'sender_name' => $user['username'], 126 'sender_email' => $user['email'], 127 'recipient_name' => null, 128 'recipient_email' => null, 129 'nb_images' => 4, 130 'message' => null, 131 ); 132 133 if ( isset($_POST['send_mail']) and (bool)$UserCollection->getParam('public') ) 134 { 135 $contact = array( 136 'sender_email' => trim($_POST['sender_email']), 137 'sender_name' => trim($_POST['sender_name']), 138 'recipient_email' => trim($_POST['recipient_email']), 139 'recipient_name' => trim($_POST['recipient_name']), 140 'nb_images' => $_POST['nb_images'], 141 'message' => $_POST['message'], 142 ); 143 144 $errors = $UserCollection->sendEmail($contact, @$_POST['key']); 145 if (count($errors)) 146 { 147 $template->assign('uc_mail_errors', $errors); 148 } 149 else 150 { 151 array_push($page['infos'], l10n('E-mail sent successfully')); 152 } 153 } 186 'sender_email' => trim($_POST['sender_email']), 187 'sender_name' => trim($_POST['sender_name']), 188 'recipient_email' => trim($_POST['recipient_email']), 189 'recipient_name' => trim($_POST['recipient_name']), 190 'nb_images' => $_POST['nb_images'], 191 'message' => $_POST['message'], 192 ); 154 193 155 $contact['KEY'] = get_ephemeral_key(3); 156 $template->assign('contact', $contact); 157 } 158 159 // clear 160 if ( isset($_GET['action']) and $_GET['action'] == 'clear' ) 161 { 162 $UserCollection->clearImages(); 163 } 164 165 166 // add remove item links 167 $template->set_prefilter('index_thumbnails', 'user_collections_thumbnails_list_button'); 194 if (!verify_ephemeral_key(@$_POST['key'])) 195 { 196 $result = array(l10n('Invalid key')); 197 } 198 else 199 { 200 $result = $collection->sendEmail($contact); 201 } 202 if (is_array($result)) 203 { 204 $contact['errors'] = $result; 205 $contact['open'] = true; 206 } 207 else 208 { 209 $contact = array(); 210 $page['infos'] = l10n('E-mail sent successfully'); 211 } 212 } 213 214 $template->assign('contact', $contact); 215 } 216 217 // clear 218 if ( isset($_GET['action']) and $_GET['action'] == 'clear' ) 219 { 220 $collection->clearImages(); 221 } 222 223 224 // add remove item links 225 $template->set_prefilter('index_thumbnails', 'user_collections_thumbnails_list_button'); 226 $template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox'); 227 228 // thumbnails 229 include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php'); 230 231 232 // collection properties 233 $infos = $collection->getCollectionInfo(); 234 $infos['DATE_CREATION'] = format_date($infos['DATE_CREATION'], true); 235 $infos['SHARES'] = $collection->getShares(); 236 $template->assign('collection', $infos); 237 238 // toolbar buttons 239 if (!empty($page['items'])) 240 { 241 $template->assign('U_CLEAR', 242 add_url_params($self_url, array('action'=>'clear')) 243 ); 244 } 245 $template->assign('U_DELETE', 246 add_url_params(USER_COLLEC_PUBLIC, array('action'=>'delete','col_id'=>$page['col_id'])) 247 ); 248 249 if ( $conf['user_collections']['allow_public'] && !empty($page['items']) ) 250 { 251 $template->assign('U_SHARE', USER_COLLEC_PUBLIC . 'view/' . $page['col_id'] .'-'); 252 } 253 if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] && !empty($page['items']) ) 254 { 255 $template->assign('U_MAIL', true); 256 } 257 $template->assign('UC_TKEY', get_ephemeral_key(3)); 258 259 // modify page title 260 $template->concat('TITLE', 261 $conf['level_separator'] . trigger_event('render_category_name', $infos['NAME']) 262 ); 263 264 // render description 265 $template->assign('CONTENT_DESCRIPTION', 266 trigger_event('render_category_description', nl2br($infos['COMMENT'])) 267 ); 268 } 269 catch (Exception $e) 270 { 271 $page['errors'][] = $e->getMessage(); 272 } 273 274 break; 275 } 276 277 // +-----------------------------------------------------------------------+ 278 // | View collection | 279 // +-----------------------------------------------------------------------+ 280 case 'view': 281 { 282 $page['col_key'] = $page['col_id']; 283 284 if (!$conf['user_collections']['allow_public']) 285 { 286 page_forbidden(''); 287 } 288 if (empty($page['col_key'])) 289 { 290 bad_request(''); 291 } 292 293 $query = ' 294 SELECT col_id, params 295 FROM '.COLLECTION_SHARES_TABLE.' 296 WHERE share_key = "'.$page['col_key'].'" 297 ;'; 298 $result = pwg_query($query); 299 if (!pwg_db_num_rows($result)) 300 { 301 page_not_found(l10n('Collection not found')); 302 } 303 304 list($page['col_id'], $share_params) = pwg_db_fetch_row($result); 305 $share_params = unserialize($share_params); 306 307 // deadline check 308 if ( !empty($share_params['deadline']) && strtotime($share_params['deadline'])<time() ) 309 { 310 page_not_found(l10n('This link expired')); 311 } 312 313 $self_url = USER_COLLEC_PUBLIC . 'view/' . $page['col_key']; 314 315 $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_view.tpl')); 316 317 try { 318 $collection = new UserCollection($page['col_id']); 319 $col = $collection->getCollectionInfo(); 320 321 $mode = 'view'; 322 323 // password check 324 if (!empty($share_params['password'])) 325 { 326 if (isset($_POST['uc_password'])) 327 { 328 $hash = sha1($conf['secret_key'].$_POST['uc_password'].$page['col_key']); 329 if ($hash == $share_params['password']) 330 { 331 pwg_set_session_var('uc_key_'.$page['col_key'], get_ephemeral_key(0, $share_params['password'])); 332 } 333 else 334 { 335 $page['errors'][] = l10n('Invalid password!'); 336 $mode = 'password'; 337 } 338 } 339 else if (($var = pwg_get_session_var('uc_key_'.$page['col_key'])) !== null) 340 { 341 if (!verify_ephemeral_key($var, $share_params['password'])) 342 { 343 pwg_unset_session_var('uc_key_'.$page['col_key']); 344 $mode = 'password'; 345 } 346 } 347 else 348 { 349 $mode = 'password'; 350 } 351 } 352 353 if ($mode == 'view') 354 { 168 355 $template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox'); 169 356 … … 171 358 include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php'); 172 359 173 174 // collection properties 175 $col = $UserCollection->getCollectionInfo(); 176 $col['DATE_CREATION'] = format_date($col['DATE_CREATION'], true); 177 $template->assign('collection', $col); 178 179 // toolbar buttons 180 if (!empty($page['items'])) 181 { 182 $template->assign('U_CLEAR', 183 add_url_params($self_url, array('action'=>'clear') ) 184 ); 185 } 186 $template->assign('U_DELETE', 187 add_url_params(USER_COLLEC_PUBLIC, array('action'=>'delete','col_id'=>$page['col_id'])) 360 // render description 361 $template->assign('CONTENT_DESCRIPTION', 362 trigger_event('render_category_description', nl2br($col['COMMENT'])) 188 363 ); 189 if ($conf['user_collections']['allow_public'] and $conf['user_collections']['allow_mails'] and !empty($page['items'])) 190 { 191 $template->assign('U_MAIL', true); 192 } 193 194 195 $template->concat('TITLE', 196 $conf['level_separator'].trigger_event('render_category_name', $col['NAME']) 197 ); 198 199 $template->assign('CONTENT_DESCRIPTION', trigger_event('render_category_description', nl2br($col['COMMENT']))); 200 } 201 catch (Exception $e) 202 { 203 array_push($page['errors'], $e->getMessage()); 204 } 205 206 break; 207 } 208 209 /* view */ 210 case 'view': 211 { 212 // security 213 if ( empty($page['col_id']) or strlen($page['col_id']) != 10 or strpos($page['col_id'], 'uc') === false or !$conf['user_collections']['allow_public'] ) 214 { 215 $_SESSION['page_errors'][] = l10n('Invalid collection'); 216 redirect('index.php'); 217 } 218 219 $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_view.tpl')); 220 221 $self_url = USER_COLLEC_PUBLIC . 'view/'.$page['col_id']; 222 223 try { 224 $UserCollection = new UserCollection($page['col_id']); // public id 225 $page['col_id'] = $UserCollection->getParam('id'); // private id 226 $col = $UserCollection->getCollectionInfo(); 227 228 $template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox'); 229 230 // thumbnails 231 include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php'); 232 233 // add username in title 234 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 235 $template->concat('TITLE', 236 $conf['level_separator'] . trigger_event('render_category_name', $col['NAME']) . 237 ' (' . sprintf(l10n('by %s'), get_username($UserCollection->getParam('user_id'))) . ')' 238 ); 239 240 $template->assign('CONTENT_DESCRIPTION', trigger_event('render_category_description', nl2br($col['COMMENT']))); 241 } 242 catch (Exception $e) 243 { 244 access_denied(); 245 } 246 247 break; 248 } 249 } 364 } 365 366 // add username in title 367 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 368 $template->concat('TITLE', 369 $conf['level_separator'] . trigger_event('render_category_name', $col['NAME']) . 370 ' (' . sprintf(l10n('by %s'), get_username($collection->getParam('user_id'))) . ')' 371 ); 372 373 $template->assign('UC_MODE', $mode); 374 } 375 catch (Exception $e) 376 { 377 access_denied(); 378 } 379 380 break; 381 } 382 } 383 250 384 251 385 // modification on mainpage_categories.tpl
Note: See TracChangeset
for help on using the changeset viewer.