source: branches/2.0/admin/cat_list.php @ 4495

Last change on this file since 4495 was 4495, checked in by plg, 14 years ago

bug 1329 fixed: add a check_input_parameter function to prevent hacking
attempts.
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 8.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH'))
25{
26  die('Hacking attempt!');
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36// +-----------------------------------------------------------------------+
37// |                               functions                               |
38// +-----------------------------------------------------------------------+
39
40/**
41 * save the rank depending on given categories order
42 *
43 * The list of ordered categories id is supposed to be in the same parent
44 * category
45 *
46 * @param array categories
47 * @return void
48 */
49function save_categories_order($categories)
50{
51  $current_rank = 0;
52  $datas = array();
53  foreach ($categories as $id)
54  {
55    array_push($datas, array('id' => $id, 'rank' => ++$current_rank));
56  }
57  $fields = array('primary' => array('id'), 'update' => array('rank'));
58  mass_updates(CATEGORIES_TABLE, $fields, $datas);
59
60  update_global_rank();
61}
62
63// +-----------------------------------------------------------------------+
64// |                            initialization                             |
65// +-----------------------------------------------------------------------+
66
67check_input_parameter('parent_id', @$_GET['parent_id'], false, PATTERN_ID);
68
69$categories = array();
70
71$base_url = get_root_url().'admin.php?page=cat_list';
72$navigation = '<a href="'.$base_url.'">';
73$navigation.= l10n('home');
74$navigation.= '</a>';
75
76// +-----------------------------------------------------------------------+
77// |                    virtual categories management                      |
78// +-----------------------------------------------------------------------+
79// request to delete a virtual category / not for an adviser
80if (isset($_GET['delete']) and is_numeric($_GET['delete']) and !is_adviser())
81{
82  delete_categories(array($_GET['delete']));
83  array_push($page['infos'], l10n('cat_virtual_deleted'));
84  update_global_rank();
85}
86// request to add a virtual category
87else if (isset($_POST['submitAdd']))
88{
89  $output_create = create_virtual_category(
90    $_POST['virtual_name'],
91    @$_GET['parent_id']
92    );
93
94  if (isset($output_create['error']))
95  {
96    array_push($page['errors'], $output_create['error']);
97  }
98  else
99  {
100    array_push($page['infos'], $output_create['info']);
101  }
102}
103// save manual category ordering
104else if (isset($_POST['submitOrder']))
105{
106  asort($_POST['catOrd'], SORT_NUMERIC);
107  save_categories_order(array_keys($_POST['catOrd']));
108
109  array_push(
110    $page['infos'],
111    l10n('Categories manual order was saved')
112    );
113}
114// sort categories alpha-numerically
115else if (isset($_POST['submitOrderAlphaNum']))
116{
117  $query = '
118SELECT id, name
119  FROM '.CATEGORIES_TABLE.'
120  WHERE id_uppercat '.
121    (!isset($_GET['parent_id']) ? 'IS NULL' : '= '.$_GET['parent_id']).'
122;';
123  $result = pwg_query($query);
124  while ($row = mysql_fetch_assoc($result))
125  {
126    $categories[ $row['id'] ] = strtolower($row['name']);
127  }
128
129  asort($categories, SORT_REGULAR);
130  save_categories_order(array_keys($categories));
131
132  array_push(
133    $page['infos'],
134    l10n('Categories ordered alphanumerically')
135    );
136}
137
138// +-----------------------------------------------------------------------+
139// |                            Navigation path                            |
140// +-----------------------------------------------------------------------+
141
142if (isset($_GET['parent_id']))
143{
144  $navigation.= $conf['level_separator'];
145
146  $navigation.= get_cat_display_name_from_id(
147    $_GET['parent_id'],
148    $base_url.'&amp;parent_id=',
149    false
150    );
151}
152// +-----------------------------------------------------------------------+
153// |                       template initialization                         |
154// +-----------------------------------------------------------------------+
155$template->set_filename('categories', 'cat_list.tpl');
156
157$form_action = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
158if (isset($_GET['parent_id']))
159{
160  $form_action.= '&amp;parent_id='.$_GET['parent_id'];
161}
162
163$template->assign(array(
164  'CATEGORIES_NAV'=>$navigation,
165  'F_ACTION'=>$form_action,
166 ));
167
168// +-----------------------------------------------------------------------+
169// |                          Categories display                           |
170// +-----------------------------------------------------------------------+
171
172$categories = array();
173
174$query = '
175SELECT id, name, permalink, dir, rank, status
176  FROM '.CATEGORIES_TABLE;
177if (!isset($_GET['parent_id']))
178{
179  $query.= '
180  WHERE id_uppercat IS NULL';
181}
182else
183{
184  $query.= '
185  WHERE id_uppercat = '.$_GET['parent_id'];
186}
187$query.= '
188  ORDER BY rank ASC
189;';
190$categories = hash_from_query($query, 'id');
191
192// get the categories containing images directly
193$categories_with_images = array();
194if ( count($categories) )
195{
196  $query = '
197SELECT DISTINCT category_id
198  FROM '.IMAGE_CATEGORY_TABLE.'
199  WHERE category_id IN ('.implode(',', array_keys($categories)).')';
200  $categories_with_images = array_flip( array_from_query($query, 'category_id') );
201}
202
203$template->assign('categories', array());
204$base_url = get_root_url().'admin.php?page=';
205foreach ($categories as $category)
206{
207  $cat_list_url = $base_url.'cat_list';
208
209  $self_url = $cat_list_url;
210  if (isset($_GET['parent_id']))
211  {
212    $self_url.= '&amp;parent_id='.$_GET['parent_id'];
213  }
214
215  $tpl_cat =
216    array(
217      'NAME'       => 
218        trigger_event(
219          'render_category_name',
220          $category['name'],
221          'admin_cat_list'
222          ),
223      'ID'         => $category['id'],
224      'RANK'       => $category['rank']*10,
225
226      'U_JUMPTO'   => make_index_url(
227        array(
228          'category' => $category
229          )
230        ),
231
232      'U_CHILDREN' => $cat_list_url.'&amp;parent_id='.$category['id'],
233      'U_EDIT'     => $base_url.'cat_modify&amp;cat_id='.$category['id'],
234
235      'IS_VIRTUAL' => empty($category['dir'])
236    );
237
238  if (empty($category['dir']))
239  {
240    $tpl_cat['U_DELETE'] = $self_url.'&amp;delete='.$category['id'];
241  }
242
243  if ( array_key_exists($category['id'], $categories_with_images) )
244  {
245    $tpl_cat['U_MANAGE_ELEMENTS']=
246      $base_url.'element_set&amp;cat='.$category['id'];
247  }
248
249  if ('private' == $category['status'])
250  {
251    $tpl_cat['U_MANAGE_PERMISSIONS']=
252      $base_url.'cat_perm&amp;cat='.$category['id'];
253  }
254  $template->append('categories', $tpl_cat);
255}
256// +-----------------------------------------------------------------------+
257// |                          sending html code                            |
258// +-----------------------------------------------------------------------+
259$template->assign_var_from_handle('ADMIN_CONTENT', 'categories');
260?>
Note: See TracBrowser for help on using the repository browser.