source: branches/2.0/admin/cat_list.php @ 4505

Last change on this file since 4505 was 4505, checked in by plg, 14 years ago

bug 1328: check_pwg_token implemented on admin/cat_list forms (+delete action)
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 8.4 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH'))
25{
26  die('Hacking attempt!');
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36if (!empty($_POST) or isset($_GET['delete']))
37{
38  check_pwg_token();
39}
40
41// +-----------------------------------------------------------------------+
42// |                               functions                               |
43// +-----------------------------------------------------------------------+
44
45/**
46 * save the rank depending on given categories order
47 *
48 * The list of ordered categories id is supposed to be in the same parent
49 * category
50 *
51 * @param array categories
52 * @return void
53 */
54function save_categories_order($categories)
55{
56  $current_rank = 0;
57  $datas = array();
58  foreach ($categories as $id)
59  {
60    array_push($datas, array('id' => $id, 'rank' => ++$current_rank));
61  }
62  $fields = array('primary' => array('id'), 'update' => array('rank'));
63  mass_updates(CATEGORIES_TABLE, $fields, $datas);
64
65  update_global_rank();
66}
67
68// +-----------------------------------------------------------------------+
69// |                            initialization                             |
70// +-----------------------------------------------------------------------+
71
72check_input_parameter('parent_id', @$_GET['parent_id'], false, PATTERN_ID);
73
74$categories = array();
75
76$base_url = get_root_url().'admin.php?page=cat_list';
77$navigation = '<a href="'.$base_url.'">';
78$navigation.= l10n('home');
79$navigation.= '</a>';
80
81// +-----------------------------------------------------------------------+
82// |                    virtual categories management                      |
83// +-----------------------------------------------------------------------+
84// request to delete a virtual category / not for an adviser
85if (isset($_GET['delete']) and is_numeric($_GET['delete']) and !is_adviser())
86{
87  delete_categories(array($_GET['delete']));
88  array_push($page['infos'], l10n('cat_virtual_deleted'));
89  update_global_rank();
90}
91// request to add a virtual category
92else if (isset($_POST['submitAdd']))
93{
94  $output_create = create_virtual_category(
95    $_POST['virtual_name'],
96    @$_GET['parent_id']
97    );
98
99  if (isset($output_create['error']))
100  {
101    array_push($page['errors'], $output_create['error']);
102  }
103  else
104  {
105    array_push($page['infos'], $output_create['info']);
106  }
107}
108// save manual category ordering
109else if (isset($_POST['submitOrder']))
110{
111  asort($_POST['catOrd'], SORT_NUMERIC);
112  save_categories_order(array_keys($_POST['catOrd']));
113
114  array_push(
115    $page['infos'],
116    l10n('Categories manual order was saved')
117    );
118}
119// sort categories alpha-numerically
120else if (isset($_POST['submitOrderAlphaNum']))
121{
122  $query = '
123SELECT id, name
124  FROM '.CATEGORIES_TABLE.'
125  WHERE id_uppercat '.
126    (!isset($_GET['parent_id']) ? 'IS NULL' : '= '.$_GET['parent_id']).'
127;';
128  $result = pwg_query($query);
129  while ($row = mysql_fetch_assoc($result))
130  {
131    $categories[ $row['id'] ] = strtolower($row['name']);
132  }
133
134  asort($categories, SORT_REGULAR);
135  save_categories_order(array_keys($categories));
136
137  array_push(
138    $page['infos'],
139    l10n('Categories ordered alphanumerically')
140    );
141}
142
143// +-----------------------------------------------------------------------+
144// |                            Navigation path                            |
145// +-----------------------------------------------------------------------+
146
147if (isset($_GET['parent_id']))
148{
149  $navigation.= $conf['level_separator'];
150
151  $navigation.= get_cat_display_name_from_id(
152    $_GET['parent_id'],
153    $base_url.'&amp;parent_id=',
154    false
155    );
156}
157// +-----------------------------------------------------------------------+
158// |                       template initialization                         |
159// +-----------------------------------------------------------------------+
160$template->set_filename('categories', 'cat_list.tpl');
161
162$form_action = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
163if (isset($_GET['parent_id']))
164{
165  $form_action.= '&amp;parent_id='.$_GET['parent_id'];
166}
167
168$template->assign(array(
169  'CATEGORIES_NAV'=>$navigation,
170  'F_ACTION'=>$form_action,
171  'PWG_TOKEN' => get_pwg_token(),
172 ));
173
174// +-----------------------------------------------------------------------+
175// |                          Categories display                           |
176// +-----------------------------------------------------------------------+
177
178$categories = array();
179
180$query = '
181SELECT id, name, permalink, dir, rank, status
182  FROM '.CATEGORIES_TABLE;
183if (!isset($_GET['parent_id']))
184{
185  $query.= '
186  WHERE id_uppercat IS NULL';
187}
188else
189{
190  $query.= '
191  WHERE id_uppercat = '.$_GET['parent_id'];
192}
193$query.= '
194  ORDER BY rank ASC
195;';
196$categories = hash_from_query($query, 'id');
197
198// get the categories containing images directly
199$categories_with_images = array();
200if ( count($categories) )
201{
202  $query = '
203SELECT DISTINCT category_id
204  FROM '.IMAGE_CATEGORY_TABLE.'
205  WHERE category_id IN ('.implode(',', array_keys($categories)).')';
206  $categories_with_images = array_flip( array_from_query($query, 'category_id') );
207}
208
209$template->assign('categories', array());
210$base_url = get_root_url().'admin.php?page=';
211foreach ($categories as $category)
212{
213  $cat_list_url = $base_url.'cat_list';
214
215  $self_url = $cat_list_url;
216  if (isset($_GET['parent_id']))
217  {
218    $self_url.= '&amp;parent_id='.$_GET['parent_id'];
219  }
220
221  $tpl_cat =
222    array(
223      'NAME'       => 
224        trigger_event(
225          'render_category_name',
226          $category['name'],
227          'admin_cat_list'
228          ),
229      'ID'         => $category['id'],
230      'RANK'       => $category['rank']*10,
231
232      'U_JUMPTO'   => make_index_url(
233        array(
234          'category' => $category
235          )
236        ),
237
238      'U_CHILDREN' => $cat_list_url.'&amp;parent_id='.$category['id'],
239      'U_EDIT'     => $base_url.'cat_modify&amp;cat_id='.$category['id'],
240
241      'IS_VIRTUAL' => empty($category['dir'])
242    );
243
244  if (empty($category['dir']))
245  {
246    $tpl_cat['U_DELETE'] = $self_url.'&amp;delete='.$category['id'];
247    $tpl_cat['U_DELETE'].= '&amp;pwg_token='.get_pwg_token();
248  }
249
250  if ( array_key_exists($category['id'], $categories_with_images) )
251  {
252    $tpl_cat['U_MANAGE_ELEMENTS']=
253      $base_url.'element_set&amp;cat='.$category['id'];
254  }
255
256  if ('private' == $category['status'])
257  {
258    $tpl_cat['U_MANAGE_PERMISSIONS']=
259      $base_url.'cat_perm&amp;cat='.$category['id'];
260  }
261  $template->append('categories', $tpl_cat);
262}
263// +-----------------------------------------------------------------------+
264// |                          sending html code                            |
265// +-----------------------------------------------------------------------+
266$template->assign_var_from_handle('ADMIN_CONTENT', 'categories');
267?>
Note: See TracBrowser for help on using the repository browser.