Context Navigation

source: branches/2.0/admin/element_set_global.php @ 4605

Last change on this file since 4605 was 4495, checked in by plg, 15 years ago
bug 1329 fixed: add a check_input_parameter function to prevent hacking attempts.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 14.1 KB

Rev	Line
[755]	1	<?php
	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[3046]	5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[755]	23
	24	/**
	25	* Management of elements set. Elements can belong to a category or to the
	26	* user caddie.
[1092]	27	*
[755]	28	*/
[1092]	29
[755]	30	if (!defined('PHPWG_ROOT_PATH'))
	31	{
	32	die('Hacking attempt!');
	33	}
	34
[1072]	35	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	36
[755]	37	// +-----------------------------------------------------------------------+
[1072]	38	// \| Check Access and exit when user status is not ok \|
	39	// +-----------------------------------------------------------------------+
	40	check_status(ACCESS_ADMINISTRATOR);
	41
	42	// +-----------------------------------------------------------------------+
[2678]	43	// \| deletion form submission \|
	44	// +-----------------------------------------------------------------------+
	45
[4495]	46	// the $_POST['selection'] was already checked in element_set.php
	47	check_input_parameter('add_tags', @$_POST['add_tags'], true, PATTERN_ID);
	48	check_input_parameter('del_tags', @$_POST['del_tags'], true, PATTERN_ID);
	49	check_input_parameter('associate', @$_POST['associate'], false, PATTERN_ID);
	50	check_input_parameter('dissociate', @$_POST['dissociate'], false, PATTERN_ID);
	51
[2678]	52	if (isset($_POST['delete']))
	53	{
	54	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
	55	{
	56	$collection = array();
	57
	58	switch ($_POST['target_deletion'])
	59	{
	60	case 'all' :
	61	{
	62	$collection = $page['cat_elements_id'];
	63	break;
	64	}
	65	case 'selection' :
	66	{
	67	if (!isset($_POST['selection']) or count($_POST['selection']) == 0)
	68	{
	69	array_push($page['errors'], l10n('Select at least one picture'));
	70	}
	71	else
	72	{
	73	$collection = $_POST['selection'];
	74	}
	75	break;
	76	}
	77	}
	78
	79	// filter selection on photos that have no storage_category_id (ie that
	80	// were added via pLoader)
	81	if (count($collection) > 0)
	82	{
	83	$query = '
	84	SELECT
	85	id
	86	FROM '.IMAGES_TABLE.'
	87	WHERE id IN ('.implode(',', $collection).')
	88	AND storage_category_id IS NULL
	89	;';
	90	$deletables = array_from_query($query, 'id');
	91
	92	if (count($deletables) > 0)
	93	{
	94	// what will be the categories to update? (to avoid orphan on
	95	// representative_picture_id)
	96	$query = '
	97	SELECT
	98	category_id
	99	FROM '.IMAGE_CATEGORY_TABLE.'
	100	WHERE image_id IN ('.implode(',', $deletables).')
	101	;';
	102	$categories_to_update = array_from_query($query, 'category_id');
	103
	104	$physical_deletion = true;
	105	delete_elements($deletables, $physical_deletion);
	106
	107	update_category($categories_to_update);
	108
	109	array_push(
	110	$page['infos'],
	111	sprintf(
	112	l10n_dec(
	113	'%d photo was deleted',
	114	'%d photos were deleted',
	115	count($deletables)
	116	),
	117	count($deletables)
	118	)
	119	);
	120	}
	121	else
	122	{
	123	array_push($page['errors'], l10n('No photo can be deleted'));
	124	}
	125	}
	126	}
	127	else
	128	{
	129	array_push($page['errors'], l10n('You need to confirm deletion'));
	130	}
	131	}
	132
	133	// +-----------------------------------------------------------------------+
[755]	134	// \| global mode form submission \|
	135	// +-----------------------------------------------------------------------+
	136
	137	if (isset($_POST['submit']))
	138	{
	139	$collection = array();
[1092]	140
[755]	141	// echo '<pre>';
[762]	142	// print_r($_POST);
[755]	143	// echo '</pre>';
	144	// exit();
	145
	146	switch ($_POST['target'])
	147	{
	148	case 'all' :
	149	{
[764]	150	$collection = $page['cat_elements_id'];
[755]	151	break;
	152	}
	153	case 'selection' :
	154	{
[875]	155	if (!isset($_POST['selection']) or count($_POST['selection']) == 0)
	156	{
	157	array_push($page['errors'], l10n('Select at least one picture'));
	158	}
	159	else
	160	{
	161	$collection = $_POST['selection'];
	162	}
[755]	163	break;
	164	}
	165	}
	166
[1119]	167	if (isset($_POST['add_tags']) and count($collection) > 0)
	168	{
	169	add_tags($_POST['add_tags'], $collection);
	170	}
	171
	172	if (isset($_POST['del_tags']) and count($collection) > 0)
	173	{
	174	$query = '
	175	DELETE
	176	FROM '.IMAGE_TAG_TABLE.'
	177	WHERE image_id IN ('.implode(',', $collection).')
	178	AND tag_id IN ('.implode(',', $_POST['del_tags']).')
	179	;';
	180	pwg_query($query);
	181	}
[1120]	182
[875]	183	if ($_POST['associate'] != 0 and count($collection) > 0)
[755]	184	{
[1121]	185	associate_images_to_categories(
	186	$collection,
	187	array($_POST['associate'])
	188	);
[755]	189	}
	190
[875]	191	if ($_POST['dissociate'] != 0 and count($collection) > 0)
[755]	192	{
[1121]	193	// physical links must not be broken, so we must first retrieve image_id
	194	// which create virtual links with the category to "dissociate from".
[755]	195	$query = '
[1121]	196	SELECT id
[1065]	197	FROM '.IMAGE_CATEGORY_TABLE.'
[1121]	198	INNER JOIN '.IMAGES_TABLE.' ON image_id = id
[755]	199	WHERE category_id = '.$_POST['dissociate'].'
[1121]	200	AND id IN ('.implode(',', $collection).')
[2575]	201	AND (
	202	category_id != storage_category_id
	203	OR storage_category_id IS NULL
	204	)
[755]	205	;';
[1121]	206	$dissociables = array_from_query($query, 'id');
[755]	207
[2003]	208	if (!empty($dissociables))
	209	{
	210	$query = '
[1065]	211	DELETE
	212	FROM '.IMAGE_CATEGORY_TABLE.'
[1121]	213	WHERE category_id = '.$_POST['dissociate'].'
	214	AND image_id IN ('.implode(',', $dissociables).')
[755]	215	';
[2003]	216	pwg_query($query);
[1609]	217
[2576]	218	// we remove the dissociated images if we are currently displaying the
	219	// category to dissociate from.
	220	if (is_numeric($_GET['cat']) and $_POST['dissociate'] == $_GET['cat'])
	221	{
	222	$page['cat_elements_id'] = array_diff(
	223	$page['cat_elements_id'],
	224	$dissociables
	225	);
	226	}
[2003]	227	}
	228
[1121]	229	update_category($_POST['dissociate']);
[755]	230	}
[762]	231
	232	$datas = array();
	233	$dbfields = array('primary' => array('id'), 'update' => array());
	234
[2084]	235	$formfields = array('author', 'name', 'date_creation', 'level');
[762]	236	foreach ($formfields as $formfield)
	237	{
	238	if ($_POST[$formfield.'_action'] != 'leave')
	239	{
	240	array_push($dbfields['update'], $formfield);
	241	}
	242	}
[1092]	243
[762]	244	// updating elements is useful only if needed...
[875]	245	if (count($dbfields['update']) > 0 and count($collection) > 0)
[762]	246	{
	247	$query = '
[1119]	248	SELECT id
[762]	249	FROM '.IMAGES_TABLE.'
	250	WHERE id IN ('.implode(',', $collection).')
	251	;';
	252	$result = pwg_query($query);
	253
	254	while ($row = mysql_fetch_array($result))
	255	{
	256	$data = array();
	257	$data['id'] = $row['id'];
[1092]	258
[762]	259	if ('set' == $_POST['author_action'])
	260	{
	261	$data['author'] = $_POST['author'];
	262	if ('' == $data['author'])
	263	{
	264	unset($data['author']);
	265	}
	266	}
	267
	268	if ('set' == $_POST['name_action'])
	269	{
	270	$data['name'] = $_POST['name'];
	271	if ('' == $data['name'])
	272	{
	273	unset($data['name']);
	274	}
	275	}
	276
	277	if ('set' == $_POST['date_creation_action'])
	278	{
	279	$data['date_creation'] =
	280	$_POST['date_creation_year']
	281	.'-'.$_POST['date_creation_month']
	282	.'-'.$_POST['date_creation_day']
	283	;
	284	}
[1092]	285
[2084]	286	if ('set' == $_POST['level_action'])
	287	{
	288	$data['level'] = $_POST['level'];
	289	}
	290
[762]	291	array_push($datas, $data);
	292	}
[763]	293	// echo '<pre>'; print_r($datas); echo '</pre>';
[762]	294	mass_updates(IMAGES_TABLE, $dbfields, $datas);
	295	}
[755]	296	}
	297
	298	// +-----------------------------------------------------------------------+
	299	// \| template init \|
	300	// +-----------------------------------------------------------------------+
	301	$template->set_filenames(
[2530]	302	array('element_set_global' => 'element_set_global.tpl'));
[755]	303
[2249]	304	$base_url = get_root_url().'admin.php';
[755]	305
[762]	306	// $form_action = $base_url.'?page=element_set_global';
	307
[2249]	308	$template->assign(
[755]	309	array(
[834]	310	'CATEGORIES_NAV'=>$page['title'],
[1092]	311
[764]	312	'U_DISPLAY'=>$base_url.get_query_string_diff(array('display')),
[1092]	313
[764]	314	'U_UNIT_MODE'
	315	=>
	316	$base_url
	317	.get_query_string_diff(array('mode','display'))
	318	.'&mode=unit',
[1092]	319
[762]	320	'F_ACTION'=>$base_url.get_query_string_diff(array()),
[755]	321	)
	322	);
[764]	323
[755]	324	// +-----------------------------------------------------------------------+
[764]	325	// \| caddie options \|
	326	// +-----------------------------------------------------------------------+
	327
[2249]	328	$template->assign('IN_CADDIE', 'caddie' == $_GET['cat'] ? true : false );
[764]	329
	330	// +-----------------------------------------------------------------------+
[2678]	331	// \| deletion form \|
	332	// +-----------------------------------------------------------------------+
	333
	334	// we can only remove photos that have no storage_category_id, in other
	335	// word, it currently (Butterfly) means that the photo was added with
	336	// pLoader
	337	if (count($page['cat_elements_id']) > 0)
	338	{
	339	$query = '
	340	SELECT
	341	COUNT(*)
	342	FROM '.IMAGES_TABLE.'
	343	WHERE id IN ('.implode(',', $page['cat_elements_id']).')
	344	AND storage_category_id IS NULL
	345	;';
	346	list($counter) = mysql_fetch_row(pwg_query($query));
	347
	348	if ($counter > 0)
	349	{
	350	$template->assign('show_delete_form', true);
	351	}
	352	}
	353
	354	// +-----------------------------------------------------------------------+
[755]	355	// \| global mode form \|
	356	// +-----------------------------------------------------------------------+
	357
	358	// Virtualy associate a picture to a category
	359	$query = '
	360	SELECT id,name,uppercats,global_rank
	361	FROM '.CATEGORIES_TABLE.'
	362	;';
[2249]	363	display_select_cat_wrapper($query, array(), 'associate_options', true);
[755]	364
	365	// Dissociate from a category : categories listed for dissociation can
	366	// only represent virtual links. Links to physical categories can't be
	367	// broken
[764]	368	if (count($page['cat_elements_id']) > 0)
	369	{
	370	$query = '
[2575]	371	SELECT
	372	DISTINCT(category_id) AS id,
	373	c.name,
	374	c.uppercats,
	375	c.global_rank
	376	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
	377	JOIN '.CATEGORIES_TABLE.' AS c ON c.id = ic.category_id
	378	JOIN '.IMAGES_TABLE.' AS i ON i.id = ic.image_id
[764]	379	WHERE ic.image_id IN ('.implode(',', $page['cat_elements_id']).')
[2575]	380	AND (
	381	ic.category_id != i.storage_category_id
	382	OR i.storage_category_id IS NULL
	383	)
[755]	384	;';
[2249]	385	display_select_cat_wrapper($query, array(), 'dissociate_options', true);
[764]	386	}
[755]	387
[1314]	388	$all_tags = get_all_tags();
	389
[2249]	390	if (count($all_tags) > 0)
	391	{// add tags
	392	$template->assign(
	393	array(
	394	'ADD_TAG_SELECTION' => get_html_tag_selection(
	395	$all_tags,
	396	'add_tags'
	397	),
	398	)
[1314]	399	);
	400	}
	401
[1120]	402	if (count($page['cat_elements_id']) > 0)
[762]	403	{
[1120]	404	// remove tags
[1815]	405	$tags = get_common_tags($page['cat_elements_id'], -1);
[1310]	406
[2249]	407	$template->assign(
[1120]	408	array(
	409	'DEL_TAG_SELECTION' => get_html_tag_selection($tags, 'del_tags'),
	410	)
	411	);
	412	}
[2249]	413
[762]	414	// creation date
	415	$day =
	416	empty($_POST['date_creation_day']) ? date('j') : $_POST['date_creation_day'];
	417
[2249]	418	$month =
	419	empty($_POST['date_creation_month']) ? date('n') : $_POST['date_creation_month'];
[762]	420
[2249]	421	$year =
	422	empty($_POST['date_creation_year']) ? date('Y') : $_POST['date_creation_year'];
[762]	423
[2249]	424	$month_list = $lang['month'];
	425	$month_list[0]='------------';
	426	ksort($month_list);
	427	$template->assign( array(
	428	'month_list' => $month_list,
	429	'DATE_CREATION_DAY' => (int)$day,
	430	'DATE_CREATION_MONTH'=> (int)$month,
	431	'DATE_CREATION_YEAR' => (int)$year,
	432	)
	433	);
	434
[2084]	435	// image level options
[2249]	436	$tpl_options = array();
[2084]	437	foreach ($conf['available_permission_levels'] as $level)
	438	{
[2249]	439	$tpl_options[$level] = l10n( sprintf('Level %d', $level) );
	440	}
	441	$template->assign(
[2084]	442	array(
[2249]	443	'level_options'=> $tpl_options,
	444	)
	445	);
[2084]	446
[755]	447	// +-----------------------------------------------------------------------+
	448	// \| global mode thumbnails \|
	449	// +-----------------------------------------------------------------------+
	450
[875]	451	// how many items to display on this page
	452	if (!empty($_GET['display']))
	453	{
	454	if ('all' == $_GET['display'])
	455	{
	456	$page['nb_images'] = count($page['cat_elements_id']);
	457	}
	458	else
	459	{
	460	$page['nb_images'] = intval($_GET['display']);
	461	}
	462	}
	463	else
	464	{
	465	$page['nb_images'] = 20;
	466	}
	467
[764]	468	if (count($page['cat_elements_id']) > 0)
	469	{
	470	$nav_bar = create_navigation_bar(
	471	$base_url.get_query_string_diff(array('start')),
	472	count($page['cat_elements_id']),
	473	$page['start'],
[1084]	474	$page['nb_images']
	475	);
[2249]	476	$template->assign('NAV_BAR', $nav_bar);
[764]	477
	478	$query = '
[2084]	479	SELECT id,path,tn_ext,file,filesize,level
[764]	480	FROM '.IMAGES_TABLE.'
	481	WHERE id IN ('.implode(',', $page['cat_elements_id']).')
[755]	482	'.$conf['order_by'].'
[764]	483	LIMIT '.$page['start'].', '.$page['nb_images'].'
[755]	484	;';
[764]	485	//echo '<pre>'.$query.'</pre>';
	486	$result = pwg_query($query);
[755]	487
[764]	488	// template thumbnail initialization
[755]	489
[1609]	490	while ($row = mysql_fetch_assoc($result))
[755]	491	{
[1609]	492	$src = get_thumbnail_url($row);
[1092]	493
[2249]	494	$template->append(
	495	'thumbnails',
[764]	496	array(
	497	'ID' => $row['id'],
[2249]	498	'TN_SRC' => $src,
	499	'FILE' => $row['file'],
	500	'TITLE' => get_thumbnail_title($row),
	501	'LEVEL' => $row['level']
[764]	502	)
	503	);
[755]	504	}
	505	}
	506
	507	//----------------------------------------------------------- sending html code
	508	$template->assign_var_from_handle('ADMIN_CONTENT', 'element_set_global');
	509	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: