Context Navigation

source: branches/release-1_3/picture.php @ 2173

Last change on this file since 2173 was 408, checked in by z0rglub, 21 years ago
bug 17 : comment delete picture not displayed in picture.php analysis : user_template template var is not valued in picture.php
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 27.2 KB

Line
1	<?php
2	/***************************************************************************
3	* picture.php *
4	* ------------------- *
5	* application : PhpWebGallery 1.3 <http://phpwebgallery.net> *
6	* author : Pierrick LE GALL <pierrick@z0rglub.com> *
7	* *
8	* $Id: picture.php 408 2004-03-31 21:19:36Z z0rglub $
9	* *
10	***************************************************************************/
11
12	/***************************************************************************
13	* *
14	* This program is free software; you can redistribute it and/or modify *
15	* it under the terms of the GNU General Public License as published by *
16	* the Free Software Foundation; *
17	* *
18	***************************************************************************/
19	// this page shows the image full size
20	//----------------------------------------------------------- personnal include
21	include_once( './include/init.inc.php' );
22	//-------------------------------------------------- access authorization check
23	check_cat_id( $_GET['cat'] );
24	check_login_authorization();
25	if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
26	{
27	check_restrictions( $page['cat'] );
28	}
29	//---------------------------------------- incrementation of the number of hits
30	$query = 'UPDATE '.PREFIX_TABLE.'images';
31	$query.= ' SET hit=hit+1';
32	$query.= ' WHERE id='.$_GET['image_id'];
33	$query.= ';';
34	@mysql_query( $query );
35	//-------------------------------------------------------------- initialization
36	initialize_category( 'picture' );
37	//------------------------------------- main picture information initialization
38	$infos = array( 'id','date_available','comment','hit','keywords','author'
39	,'name','file','date_creation','filesize','width','height'
40	,'storage_category_id' );
41
42	$query = 'SELECT '.implode( ',', $infos );
43	if ( is_numeric( $page['cat'] ) ) $query.= ',category_id';
44	$query.= ' FROM '.PREFIX_TABLE.'images';
45	$query.= ' INNER JOIN '.PREFIX_TABLE.'image_category AS ic';
46	$query.= ' ON id = ic.image_id';
47	$query.= $page['where'];
48	$query.= ' AND id = '.$_GET['image_id'];
49	$query.= $conf['order_by'];
50	$query.= ';';
51	$result = mysql_query( $query );
52	// if this image_id doesn't correspond to this category, an error message is
53	// displayed, and execution is stopped
54	if ( mysql_num_rows( $result ) == 0 )
55	{
56	echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
57	echo '<a href="'.add_session_id( './category.php' ).'">';
58	echo $lang['thumbnails'].'</a></div>';
59	exit();
60	}
61	$row = mysql_fetch_array( $result );
62
63	foreach ( $infos as $info ) {
64	if ( isset( $row[$info] ) ) $page[$info] = $row[$info];
65	else $page[$info] = '';
66	}
67	if ( is_numeric( $page['cat'] ) ) $page['category_id'] = $row['category_id'];
68	// retrieving the number of the picture in its category (in order)
69	$query = 'SELECT DISTINCT(id)';
70	$query.= ' FROM '.PREFIX_TABLE.'images';
71	$query.= ' INNER JOIN '.PREFIX_TABLE.'image_category AS ic';
72	$query.= ' ON id = ic.image_id';
73	$query.= $page['where'];
74	$query.= $conf['order_by'];
75	$query.= ';';
76	$result = mysql_query( $query );
77	$page['num'] = 0;
78	$row = mysql_fetch_array( $result );
79	while ( $row['id'] != $page['id'] )
80	{
81	$page['num']++;
82	$row = mysql_fetch_array( $result );
83	}
84	//--------------------------------------------------------- favorite management
85	if ( isset( $_GET['add_fav'] ) )
86	{
87	if ( $_GET['add_fav'] == 1 )
88	{
89	// verify if the picture is already in the favorite of the user
90	$query = 'SELECT COUNT(*) AS nb_fav';
91	$query.= ' FROM '.PREFIX_TABLE.'favorites';
92	$query.= ' WHERE image_id = '.$page['id'];
93	$query.= ' AND user_id = '.$user['id'];
94	$query.= ';';
95	$result = mysql_query( $query );
96	$row = mysql_fetch_array( $result );
97	if ( $row['nb_fav'] == 0 )
98	{
99	$query = 'INSERT INTO '.PREFIX_TABLE.'favorites';
100	$query.= ' (image_id,user_id) VALUES';
101	$query.= ' ('.$page['id'].','.$user['id'].')';
102	$query.= ';';
103	$result = mysql_query( $query );
104	}
105	}
106	if ( $_GET['add_fav'] == 0 )
107	{
108	$query = 'DELETE FROM '.PREFIX_TABLE.'favorites';
109	$query.= ' WHERE user_id = '.$user['id'];
110	$query.= ' AND image_id = '.$page['id'];
111	$query.= ';';
112	$result = mysql_query( $query );
113
114	$page['cat_nb_images'] = $page['cat_nb_images'] - 1;
115	if ( $page['cat_nb_images'] <= 0 )
116	{
117	// there is no favorite picture anymore
118	// we redirect the user to the category page
119	$url = add_session_id( 'category.php' );
120	header( 'Request-URI: '.$url );
121	header( 'Content-Location: '.$url );
122	header( 'Location: '.$url );
123	exit();
124	}
125	// redirection of the user to the picture.php page
126	// with the right picture
127	$page['num'] = $page['num'] - 1;
128	if ( $page['num'] == -1 )
129	{
130	$page['num'] = 0;
131	}
132	$query = 'SELECT id';
133	$query.= ' FROM '.PREFIX_TABLE.'images';
134	$query.= ' INNER JOIN '.PREFIX_TABLE.'image_category AS ic';
135	$query.= ' ON id = ic.image_id';
136	$query.= $page['where'];
137	$query.= $conf['order_by'];
138	$query.= ' LIMIT '.$page['num'].',1';
139	$query.= ';';
140	$result = mysql_query( $query );
141	$row = mysql_fetch_array( $result );
142	$redirect = './picture.php?image_id='.$row['id'].'&cat='.$page['cat'];
143	$redirect.= '&expand='.$_GET['expand'];
144	if ( $page['cat'] == 'search' )
145	{
146	$redirect.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
147	}
148	$url = add_session_id( $redirect, true );
149	header( 'Request-URI: '.$url );
150	header( 'Content-Location: '.$url );
151	header( 'Location: '.$url );
152	exit();
153	}
154	}
155
156	//---------------------------------------------- next picture thumbnail display
157	$next = 0;
158	if ( $page['num'] < $page['cat_nb_images']-1 )
159	{
160	$next = $page['num'] + 1;
161	$query = 'SELECT DISTINCT(id),name,file,tn_ext,storage_category_id';
162	$query.= ' FROM '.PREFIX_TABLE.'images';
163	$query.= ' INNER JOIN '.PREFIX_TABLE.'image_category AS ic';
164	$query.= ' ON id=ic.image_id';
165	$query.= $page['where'];
166	$query.= $conf['order_by'];
167	$query.= ' LIMIT '.$next.',1';
168	$query.= ';';
169	$result = mysql_query( $query );
170	$row = mysql_fetch_array( $result );
171
172	if ( !isset($array_cat_directories[$row['storage_category_id']]))
173	{
174	$array_cat_directories[$row['storage_category_id']] =
175	get_complete_dir( $row['storage_category_id'] );
176	}
177	$cat_directory = $array_cat_directories[$row['storage_category_id']];
178
179	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
180	$next_lien_thumbnail = $cat_directory.'thumbnail/';
181	$next_lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext'];
182
183	if ( isset( $row['name'] ) and $row['name'] != '' )
184	{
185	$next_alt_thumbnail = $row['name'];
186	}
187	else
188	{
189	$next_alt_thumbnail = $file;
190	}
191	$next_title = $lang['next_image']." : ".$next_alt_thumbnail;
192
193	$next_url_link = './picture.php?image_id='.$row['id'];
194	$next_url_link.= '&cat='.$page['cat'];
195	if ( isset( $_GET['expand'] ) )
196	$next_url_link.= '&expand='.$_GET['expand'];
197	if ( $page['cat'] == 'search' )
198	{
199	$next_url_link.= "&search=".$_GET['search'].'&mode='.$_GET['mode'];
200	}
201	}
202	//----------------------------------------------------- template initialization
203	//
204	// Start output of page
205	//
206	//------------------------------------------------------------------ page title
207	$title = $page['name'];
208	if ( $title == '')
209	{
210	$title = str_replace("_"," ",get_filename_wo_extension($page['file']));
211	}
212	$refresh = 0;
213	if ( isset( $_GET['slideshow'] ) && isset($next_url_link))
214	{
215	$refresh= $_GET['slideshow'];
216	$url_link = $next_url_link;
217	}
218	include('include/page_header.php');
219
220	$handle = $vtp->Open( './template/'.$user['template'].'/picture.vtp' );
221	initialize_template();
222	$vtp->setGlobalVar( $handle, 'user_template', $user['template'] );
223
224	$tpl = array( 'back','submit','comments_title','comments_del','delete',
225	'comments_add','author','slideshow','slideshow_stop',
226	'period_seconds' );
227	templatize_array( $tpl, 'lang', $handle );
228	//-------------------------------------------------------- slideshow management
229	if ( isset( $_GET['slideshow'] ) )
230	{
231	if ( !is_numeric( $_GET['slideshow'] ) )
232	$_GET['slideshow'] = $conf['slideshow_period'][0];
233	$vtp->addSession( $handle, 'stop_slideshow' );
234	$url = './picture.php';
235	$url.= '?image_id='.$page['id'];
236	$url.= '&cat='.$page['cat'];
237	$url.= '&expand='.$_GET['expand'];
238	if ( $page['cat'] == 'search' )
239	{
240	$url.= '&search='.$_GET['search'];
241	$url.= '&mode='.$_GET['mode'];
242	}
243	$vtp->setVar( $handle, 'stop_slideshow.url', add_session_id( $url ) );
244	$vtp->closeSession( $handle, 'stop_slideshow' );
245	}
246	else
247	{
248	$vtp->addSession( $handle, 'start_slideshow' );
249	foreach ( $conf['slideshow_period'] as $option ) {
250	$vtp->addSession( $handle, 'second' );
251	$vtp->setVar( $handle, 'second.option', $option );
252	$url = './picture.php';
253	$url.= '?image_id='.$page['id'];
254	$url.= '&cat='.$page['cat'];
255	if (isset($_GET['expand']))
256	$url.= '&expand='.$_GET['expand'];
257	if ( $page['cat'] == 'search' )
258	{
259	$url.= '&search='.$_GET['search'];
260	$url.= '&mode='.$_GET['mode'];
261	}
262	$url.= '&slideshow='.$option;
263	$vtp->setVar( $handle, 'second.url', add_session_id( $url ) );
264	$vtp->closeSession( $handle, 'second' );
265	}
266	$vtp->closeSession( $handle, 'start_slideshow' );
267	}
268
269	//-------------------------------------------------- previous picture thumbnail
270	if ( $page['num'] >= 1 )
271	{
272	$prev = $page['num'] - 1;
273	$query = 'SELECT DISTINCT(id),name,file,tn_ext,storage_category_id';
274	$query.= ' FROM '.PREFIX_TABLE.'images';
275	$query.= ' INNER JOIN '.PREFIX_TABLE.'image_category AS ic';
276	$query.= ' ON id=ic.image_id';
277	$query.= $page['where'];
278	$query.= $conf['order_by'];
279	$query.= ' LIMIT '.$prev.',1';
280	$query.= ';';
281	$result = mysql_query( $query );
282	$row = mysql_fetch_array( $result );
283
284	if ( !isset($array_cat_directories[$row['storage_category_id']]) )
285	{
286	$array_cat_directories[$row['storage_category_id']] =
287	get_complete_dir( $row['storage_category_id'] );
288	}
289	$cat_directory = $array_cat_directories[$row['storage_category_id']];
290
291	$file = substr( $row['file'], 0, strrpos ( $row['file'], '.' ) );
292	$lien_thumbnail = $cat_directory.'thumbnail/';
293	$lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext'];
294
295	$prev_title = $lang['previous_image'].' : ';
296
297	if ( isset( $row['name'] ) and $row['name'] != '' )
298	$alt_thumbnail = $row['name'];
299	else
300	$alt_thumbnail = $file;
301
302	$prev_title.= $alt_thumbnail;
303
304	$url_link = './picture.php?image_id='.$row['id'].'&cat='.$page['cat'];
305	if ( isset( $_GET['expand'] ) ) $url_link.= '&expand='.$_GET['expand'];
306	if ( $page['cat'] == 'search' )
307	{
308	$url_link.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
309	}
310	// sending vars for display
311	$vtp->addSession( $handle, 'previous' );
312	$vtp->setGlobalVar( $handle, 'previous.url', add_session_id( $url_link ) );
313	$vtp->setGlobalVar( $handle, 'previous.title', $prev_title );
314	$vtp->setGlobalVar( $handle, 'previous.src', $lien_thumbnail );
315	$vtp->setGlobalVar( $handle, 'previous.alt', $alt_thumbnail );
316	$vtp->closeSession( $handle, 'previous' );
317	}
318	else
319	{
320	$vtp->addSession( $handle, 'previous_empty' );
321	$vtp->closeSession( $handle, 'previous_empty' );
322	}
323	//-------------------------------------------------------- main picture display
324	if ( is_numeric( $page['cat'] ) )
325	{
326	$intitule_cat = get_cat_display_name( $page['cat_name'], " - ",
327	"font-style:italic;" );
328	}
329	else
330	{
331	$intitule_cat = $page['title'];
332	}
333
334	if ( !isset($array_cat_directories[$page['storage_category_id']]) )
335	{
336	$array_cat_directories[$page['storage_category_id']] =
337	get_complete_dir( $page['storage_category_id'] );
338	}
339	$cat_directory = $array_cat_directories[$page['storage_category_id']];
340
341	$n = $page['num'] + 1;
342	$intitule_titre = replace_space( $intitule_cat." - " ).$n.'/';
343	$intitule_titre.= $page['cat_nb_images']."<br />";
344	if ( $page['name'] != "" )
345	{
346	$intitule_file = $page['name'];
347	}
348	else
349	{
350	$intitule_file = str_replace( "_", " ",
351	substr( $page['file'], 0,
352	strrpos ( $page['file'], ".") ) );
353	}
354	if ( $page['cat'] == 'search' )
355	{
356	$intitule_file = replace_search( $intitule_file, $_GET['search'] );
357	}
358	$vtp->setGlobalVar( $handle, 'title', $intitule_titre.$intitule_file );
359
360	$lien_image = $cat_directory.$page['file'];
361
362	// calculation of width and height
363	if ( $page['width'] == "" )
364	{
365	$taille_image = @getimagesize( $lien_image );
366	$original_width = $taille_image[0];
367	$original_height = $taille_image[1];
368	}
369	else
370	{
371	$original_width = $page['width'];
372	$original_height = $page['height'];
373	}
374
375	$picture_size = get_picture_size( $original_width, $original_height,
376	$user['maxwidth'], $user['maxheight'] );
377	$final_width = $picture_size[0];
378	$final_height = $picture_size[1];
379
380	$url_link = './category.php?cat='.$page['cat'].'&';
381	$url_link.= 'num='.$page['num'];
382	if (isset($_GET['expand']))
383	$url_link.='&expand='.$_GET['expand'];
384	if ( $page['cat'] == 'search' )
385	{
386	$url_link.= "&search=".$_GET['search'].'&mode='.$_GET['mode'];
387	}
388	$vtp->setGlobalVar( $handle, 'picture_link', add_session_id( $url_link ) );
389	$vtp->setGlobalVar( $handle, 'picture_width', $final_width );
390	$vtp->setGlobalVar( $handle, 'picture_height', $final_height );
391	$vtp->setGlobalVar( $handle, 'picture_src', $lien_image );
392	$vtp->setGlobalVar( $handle, 'picture_alt', $page['file'] );
393
394	if ( $page['comment'] != '' )
395	{
396	if ( $page['cat'] == 'search' )
397	{
398	$picture_comment = replace_search( $page['comment'], $_GET['search'] );
399	$vtp->setGlobalVar( $handle, 'picture_comment', $picture_comment );
400	}
401	else
402	{
403	$vtp->setGlobalVar( $handle, 'picture_comment', $page['comment'] );
404	}
405	}
406	//--------------------------------------------------------- picture information
407	// author
408	if ( $page['author'] != "" )
409	{
410	$vtp->addSession( $handle, 'info_line' );
411	$vtp->setVar( $handle, 'info_line.name', $lang['author'].' : ' );
412	$vtp->setVar( $handle, 'info_line.content', $page['author'] );
413	$vtp->closeSession( $handle, 'info_line' );
414	}
415	// creation date
416	if ( $page['date_creation'] != "" )
417	{
418	$vtp->addSession( $handle, 'info_line' );
419	$vtp->setVar( $handle, 'info_line.name', $lang['creation_date'].' : ' );
420	$vtp->setVar( $handle, 'info_line.content',
421	format_date( $page['date_creation'] ) );
422	$vtp->closeSession( $handle, 'info_line' );
423	}
424	// date of availability
425	$vtp->addSession( $handle, 'info_line' );
426	$vtp->setVar( $handle, 'info_line.name', $lang['registration_date'].' : ' );
427	list( $year,$month,$day ) = explode( '-', $page['date_available'] );
428	$vtp->setVar( $handle, 'info_line.content',
429	format_date( $page['date_available'] ) );
430	$vtp->closeSession( $handle, 'info_line' );
431	// size in pixels
432	$vtp->addSession( $handle, 'info_line' );
433	$vtp->setVar( $handle, 'info_line.name', $lang['size'].' : ' );
434	if ( $original_width != $final_width or $original_height != $final_height )
435	{
436	$content = '[ <a href="'.$lien_image.'" title="'.$lang['true_size'].'">';
437	$content.= $original_width.'*'.$original_height.'</a> ]';
438	$vtp->setVar( $handle, 'info_line.content', $content );
439	}
440	else
441	{
442	$content = $original_width.'*'.$original_height;
443	$vtp->setVar( $handle, 'info_line.content', $content );
444	}
445	$vtp->closeSession( $handle, 'info_line' );
446	// file
447	$vtp->addSession( $handle, 'info_line' );
448	$vtp->setVar( $handle, 'info_line.name', $lang['file'].' : ' );
449	if ( $page['cat'] == 'search' )
450	{
451	$content = replace_search( $page['file'], $_GET['search'] );
452	$vtp->setVar( $handle, 'info_line.content', $content );
453	}
454	else
455	{
456	$vtp->setVar( $handle, 'info_line.content', $page['file'] );
457	}
458	$vtp->closeSession( $handle, 'info_line' );
459	// filesize
460	if ( $page['filesize'] == "" )
461	{
462	$poids = floor ( filesize( $lien_image ) / 1024 );
463	}
464	else
465	{
466	$poids = $page['filesize'];
467	}
468	$vtp->addSession( $handle, 'info_line' );
469	$vtp->setVar( $handle, 'info_line.name', $lang['filesize'].' : ' );
470	$vtp->setVar( $handle, 'info_line.content', $poids.' KB' );
471	$vtp->closeSession( $handle, 'info_line' );
472	// keywords
473	if ( $page['keywords'] != '' )
474	{
475	$vtp->addSession( $handle, 'info_line' );
476	$vtp->setVar( $handle, 'info_line.name', $lang['keywords'].' : ' );
477	$keywords = explode( ',', $page['keywords'] );
478	$content = '';
479	$url = './category.php?cat=search';
480	if ( isset( $_GET['expand'] ) ) $url.= '&expand='.$_GET['expand'];
481	$url.= '&mode=OR&search=';
482	foreach ( $keywords as $i => $keyword ) {
483	$local_url = add_session_id( $url.$keyword );
484	if ( $i > 0 ) $content.= ',';
485	$content.= '<a href="'.$local_url.'">'.$keyword.'</a>';
486	}
487	$vtp->setVar( $handle, 'info_line.content', $content );
488	$vtp->closeSession( $handle, 'info_line' );
489	}
490	// number of visits
491	$vtp->addSession( $handle, 'info_line' );
492	$vtp->setVar( $handle, 'info_line.name', $lang['visited'].' : ' );
493	$vtp->setVar( $handle, 'info_line.content', $page['hit'].' '.$lang['times'] );
494	$vtp->closeSession( $handle, 'info_line' );
495	//------------------------------------------------------- favorite manipulation
496	if ( !$user['is_the_guest'] )
497	{
498	// verify if the picture is already in the favorite of the user
499	$query = 'SELECT COUNT(*) AS nb_fav';
500	$query.= ' FROM '.PREFIX_TABLE.'favorites';
501	$query.= ' WHERE image_id = '.$page['id'];
502	$query.= ' AND user_id = '.$user['id'].';';
503	$result = mysql_query( $query );
504	$row = mysql_fetch_array( $result );
505	if (!$row['nb_fav'])
506	{
507	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
508	if (isset($_GET['expand']))
509	$url.= '&expand='.$_GET['expand'];
510	$url.='&add_fav=1';
511	if ( $page['cat'] == 'search' )
512	{
513	$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
514	}
515	$vtp->addSession( $handle, 'favorite' );
516	$vtp->setVar( $handle, 'favorite.link', add_session_id( $url ) );
517	$vtp->setVar( $handle, 'favorite.title', $lang['add_favorites_hint'] );
518	$vtp->setVar( $handle, 'favorite.src',
519	'./template/'.$user['template'].'/theme/favorite.gif' );
520	$vtp->setVar($handle,'favorite.alt','[ '.$lang['add_favorites_alt'].' ]');
521	$vtp->closeSession( $handle, 'favorite' );
522	}
523	else
524	{
525	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
526	$url.= '&expand='.$_GET['expand'].'&add_fav=0';
527	$vtp->addSession( $handle, 'favorite' );
528	$vtp->setVar( $handle, 'favorite.link', add_session_id( $url ) );
529	$vtp->setVar( $handle, 'favorite.title', $lang['del_favorites_hint'] );
530	$vtp->setVar( $handle, 'favorite.src',
531	'./template/'.$user['template'].'/theme/del_favorite.gif' );
532	$vtp->setVar($handle,'favorite.alt','[ '.$lang['del_favorites_alt'].' ]');
533	$vtp->closeSession( $handle, 'favorite' );
534	}
535	}
536	//------------------------------------ admin link for information modifications
537	if ( $user['status'] == 'admin' )
538	{
539	$vtp->addSession( $handle, 'modification' );
540	$url = './admin/admin.php?page=picture_modify&cat_id='.$page['cat'];
541	$url.= '&image_id='.$page['id'];
542	$vtp->setVar( $handle, 'modification.link', add_session_id( $url ) );
543	$vtp->setVar( $handle, 'modification.name', $lang['link_info_image'] );
544	}
545
546	if ( $next )
547	{
548	// sending vars for display
549	$vtp->addSession( $handle, 'next' );
550	$vtp->setGlobalVar( $handle, 'next.url', add_session_id( $next_url_link ) );
551	$vtp->setGlobalVar( $handle, 'next.title', $next_title );
552	$vtp->setGlobalVar( $handle, 'next.src', $next_lien_thumbnail );
553	$vtp->setGlobalVar( $handle, 'next.alt', $next_alt_thumbnail );
554	$vtp->closeSession( $handle, 'next' );
555	}
556	else
557	{
558	$vtp->addSession( $handle, 'next_empty' );
559	$vtp->closeSession( $handle, 'next_empty' );
560	}
561	//---------------------------------------------------- users's comments display
562	if ( $conf['show_comments'] )
563	{
564	$vtp->addSession( $handle, 'comments' );
565	// comment registeration
566	if ( isset( $_POST['content'] ) and $_POST['content'] != '' )
567	{
568	$register_comment = true;
569
570	if ( !$user['is_the_guest'] ) $author = $user['username'];
571	if ( $_POST['author'] != '' ) $author = $_POST['author'];
572	// if a guest try to use the name of an already existing user, he must
573	// be rejected
574	if ( isset( $author ) and $author != $user['username'] )
575	{
576	$query = 'SELECT COUNT(*) AS user_exists';
577	$query.= ' FROM '.PREFIX_TABLE.'users';
578	$query.= " WHERE username = '".$author."'";
579	$query.= ';';
580	$row = mysql_fetch_array( mysql_query( $query ) );
581	if ( $row['user_exists'] == 1 )
582	{
583	$vtp->addSession( $handle, 'information' );
584	$message = $lang['comment_user_exists'];
585	$vtp->setVar( $handle, 'information.content', $message );
586	$vtp->closeSession( $handle, 'information' );
587	$register_comment = false;
588	}
589	}
590
591	if ( $register_comment )
592	{
593	// anti-flood system
594	$reference_date = time() - $conf['anti-flood_time'];
595	$query = 'SELECT id';
596	$query.= ' FROM '.PREFIX_TABLE.'comments';
597	$query.= ' WHERE date > '.$reference_date;
598	$query.= " AND author = '".$author."'";
599	$query.= ';';
600	if ( mysql_num_rows( mysql_query( $query ) ) == 0
601	or $conf['anti-flood_time'] == 0 )
602	{
603	$query = 'INSERT INTO '.PREFIX_TABLE.'comments';
604	$query.= ' (author,date,image_id,content,validated) VALUES';
605	$query.= ' (';
606	if ( !isset( $author ) ) $query.= 'NULL';
607	else $query.= "'".$author."'";
608	$query.= ','.time().','.$page['id'];
609	$query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
610	if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
611	$query.= ",'true'";
612	else
613	$query.= ",'false'";
614	$query.= ');';
615	mysql_query( $query );
616	// information message
617	$vtp->addSession( $handle, 'information' );
618	$message = $lang['comment_added'];
619	if ( $conf['comments_validation'] and $user['status'] != 'admin' )
620	{
621	$message.= '<br />'.$lang['comment_to_validate'];
622	}
623	$vtp->setVar( $handle, 'information.content', $message );
624	$vtp->closeSession( $handle, 'information' );
625	// notification to the administrators
626	if ( $conf['mail_notification'] )
627	{
628	$cat_name = get_cat_display_name( $page['cat_name'], ' > ', '' );
629	$cat_name = strip_tags( $cat_name );
630	if ( $page['name'] == '' ) $picture = $page['file'];
631	else $picture = $page['name'];
632	notify( 'comment', $cat_name.' > '.$picture );
633	}
634	}
635	else
636	{
637	// information message
638	$vtp->addSession( $handle, 'information' );
639	$message = $lang['comment_anti-flood'];
640	$vtp->setVar( $handle, 'information.content', $message );
641	$vtp->closeSession( $handle, 'information' );
642	}
643	}
644	}
645	// comment deletion
646	if ( isset( $_GET['del'] )
647	and is_numeric( $_GET['del'] )
648	and $user['status'] == 'admin' )
649	{
650	$query = 'DELETE FROM '.PREFIX_TABLE.'comments';
651	$query.= ' WHERE id = '.$_GET['del'].';';
652	mysql_query( $query );
653	}
654	// number of comment for this picture
655	$query = 'SELECT COUNT(*) AS nb_comments';
656	$query.= ' FROM '.PREFIX_TABLE.'comments';
657	$query.= ' WHERE image_id = '.$page['id'];
658	$query.= " AND validated = 'true'";
659	$query.= ';';
660	$row = mysql_fetch_array( mysql_query( $query ) );
661	$page['nb_comments'] = $row['nb_comments'];
662	// navigation bar creation
663	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
664	if (isset($_GET['expand']))
665	$url.= '&expand='.$_GET['expand'];
666	if ( $page['cat'] == 'search' )
667	{
668	$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
669	}
670	if( !isset( $_GET['start'] )
671	or !is_numeric( $_GET['start'] )
672	or ( is_numeric( $_GET['start'] ) and $_GET['start'] < 0 ) )
673	{
674	$page['start'] = 0;
675	}
676	else
677	{
678	$page['start'] = $_GET['start'];
679	}
680	$page['navigation_bar'] = create_navigation_bar( $url, $page['nb_comments'],
681	$page['start'],
682	$conf['nb_comment_page'],
683	'' );
684	// sending vars for display
685	$vtp->setGlobalVar( $handle, 'navigation_bar', $page['navigation_bar'] );
686	$vtp->setGlobalVar( $handle, 'nb_comments', $page['nb_comments'] );
687
688	$query = 'SELECT id,author,date,image_id,content';
689	$query.= ' FROM '.PREFIX_TABLE.'comments';
690	$query.= ' WHERE image_id = '.$page['id'];
691	$query.= " AND validated = 'true'";
692	$query.= ' ORDER BY date ASC';
693	$query.= ' LIMIT '.$page['start'].', '.$conf['nb_comment_page'].';';
694	$result = mysql_query( $query );
695
696	while ( $row = mysql_fetch_array( $result ) )
697	{
698	$vtp->addSession( $handle, 'comment' );
699	$author = $row['author'];
700	if ( $row['author'] == '' ) $author = $lang['guest'];
701	$vtp->setVar( $handle, 'comment.author', $author );
702	$vtp->setVar( $handle, 'comment.date',
703	format_date( $row['date'], 'unix', true ) );
704	$content = nl2br( $row['content'] );
705
706	// replace _word_ by an underlined word
707	$pattern = '/_([^\s]*)_/';
708	$replacement = '<span style="text-decoration:underline;">\1</span>';
709	$content = preg_replace( $pattern, $replacement, $content );
710
711	// replace word by a bolded word
712	$pattern = '/\([^\s])\*/';
713	$replacement = '<span style="font-weight:bold;">\1</span>';
714	$content = preg_replace( $pattern, $replacement, $content );
715
716	// replace /word/ by an italic word
717	$pattern = '/\/([^\s]*)\//';
718	$replacement = '<span style="font-style:italic;">\1</span>';
719	$content = preg_replace( $pattern, $replacement, $content );
720
721	$vtp->setVar( $handle, 'comment.content', $content );
722	if ( $user['status'] == 'admin' )
723	{
724	$vtp->addSession( $handle, 'delete' );
725	$vtp->setVar( $handle, 'delete.link',
726	add_session_id( $url.'&del='.$row['id'] ) );
727	$vtp->closeSession( $handle, 'delete' );
728	}
729	$vtp->closeSession( $handle, 'comment' );
730	}
731
732	if ( !$user['is_the_guest']
733	or ( $user['is_the_guest'] and $conf['comments_forall'] ) )
734	{
735	$vtp->addSession( $handle, 'add_comment' );
736	// form action
737	$action = str_replace( '&', '&', $_SERVER['REQUEST_URI'] );
738	$vtp->setGlobalVar( $handle, 'form_action', $action );
739	// display author field if the user is not logged in
740	if ( !$user['is_the_guest'] )
741	{
742	$vtp->addSession( $handle, 'author_known' );
743	if (isset($user['pseudo']))
744	$vtp->setVar( $handle, 'author_known.value', $user['pseudo'] );
745	$vtp->closeSession( $handle, 'author_known' );
746	}
747	else
748	{
749	$vtp->addSession( $handle, 'author_field' );
750	$vtp->closeSession( $handle, 'author_field' );
751	}
752	$vtp->closeSession( $handle, 'add_comment' );
753	}
754	$vtp->closeSession( $handle, 'comments' );
755	}
756	//------------------------------------------------------------ log informations
757	pwg_log( 'picture', $intitule_cat, $page['file'] );
758	mysql_close();
759	//----------------------------------------------------------- html code display
760	$output.= $vtp->Display( $handle, 0 );
761
762	include('include/page_tail.php');
763	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: