Context Navigation

icy_picture_modify.php @ 26631

Last change on this file since 26631 was 16495, checked in by icy, 12 years ago

Version 2.0.0, advance ACL . Code copied from git/master.

I could not use merging with git svn . Stupidly copy-&-paste ;)

File size: 19.0 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25	if (!defined('ICY_PICTURE_MODIFY_PATH')) die('Hacking attempt!');
26
27	require_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
28	require_once(ICY_PICTURE_MODIFY_PATH.'include/functions_icy_picture_modify.inc.php');
29
30	// <ADMIN_ONLY>
31	if (is_admin())
32	{
33	if (icy_image_exists($_GET['image_id']))
34	{
35	$url = get_root_url().'admin.php?page=picture_modify';
36	$url.= '&image_id='.$_GET['image_id'];
37	$url.= isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : '';
38	// FIXME: What happens if a POST data were sent within admin uid?
39	redirect_http($url);
40	}
41	else
42	{
43	// FIXME: language support ^^
44	bad_request('invalid picture identifier');
45	}
46	}
47	// </ADMIN_ONLY>
48
49	global $template, $conf, $user, $page, $lang, $cache, $ICY_ACL;
50
51	// <load_from_admin.php>
52	$page['errors'] = array();
53	$page['infos'] = array();
54	$page['warnings'] = array();
55	// </load_from_admin.php>
56
57	#! icy_log("body from icy_picture_modify.php");
58	icy_acl_load_configuration();
59
60	// +-----------------------------------------------------------------------+
61	// \| check permission \|
62	// +-----------------------------------------------------------------------+
63
64	// <CHECK_IF_IMAGE_ID_IS_VALID>
65	// redirect users to the index page or category page if 'image_id' isn't provided
66	if (!isset($_GET['image_id']))
67	{
68	if (isset($_GET['cat_id']))
69	{
70	redirect_http(get_root_url().'?/category/'.$_GET['cat_id']);
71	}
72	else
73	{
74	// FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
75	redirect_http(make_index_url());
76	}
77	}
78	// </CHECK_IF_IMAGE_ID_IS_VALID>
79
80	// FIXME: check and then !?
81	check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
82	check_input_parameter('image_id', $_GET, false, PATTERN_ID);
83
84	// Return if the image isn't editable
85	if (!icy_acl("edit_image_of", $_GET['image_id'], icy_get_user_owner_of_image($_GET['image_id'])))
86	{
87	$url = make_picture_url(
88	array(
89	'image_id' => $_GET['image_id'],
90	'cat_id' => isset($_GET['cat_id']) ? $_GET['cat_id'] : ""
91	)
92	);
93	// FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
94	redirect_http($url);
95	}
96
97	// Update the page sessions
98	// FIXME: why?
99	if (isset($_SESSION['page_infos']))
100	{
101	$page['infos'] = array_merge($page['infos'], $_SESSION['page_infos']);
102	unset($_SESSION['page_infos']);
103	}
104
105	// <find writable categories>
106	$my_categories = array();
107	// FIXME: delete this line ^^
108	$my_categories = array_from_query('SELECT category_id FROM '
109	.IMAGE_CATEGORY_TABLE.';', 'category_id');
110
111	// +-----------------------------------------------------------------------+
112	// \| delete photo \|
113	// +-----------------------------------------------------------------------+
114
115	// ACTION => :delete_image
116
117	if (isset($_GET['delete'])
118	and icy_acl("delete_image_of",
119	$_GET['image_id'],
120	icy_get_user_owner_of_image($_GET['image_id'])))
121	{
122	check_pwg_token();
123
124	delete_elements(array($_GET['image_id']), true);
125
126	invalidate_user_cache();
127
128	// where to redirect the user now?
129	//
130	// 1. if a category is available in the URL, use it
131	// 2. else use the first reachable linked category
132	// 3. redirect to gallery root
133
134	if (isset($_GET['cat_id']) and !empty($_GET['cat_id']))
135	{
136	redirect(
137	make_index_url(
138	array(
139	'category' => get_cat_info($_GET['cat_id'])
140	)
141	)
142	);
143	}
144
145	$query = '
146	SELECT category_id
147	FROM '.IMAGE_CATEGORY_TABLE.'
148	WHERE image_id = '.$_GET['image_id'].'
149	;';
150
151	$authorizeds = array_intersect($my_categories,
152	array_from_query($query, 'category_id'));
153
154	foreach ($authorizeds as $category_id)
155	{
156	redirect(
157	make_index_url(
158	array(
159	'category' => get_cat_info($category_id)
160	)
161	)
162	);
163	}
164
165	redirect(make_index_url());
166	}
167
168	// +-----------------------------------------------------------------------+
169	// \| synchronize metadata \|
170	// +-----------------------------------------------------------------------+
171
172	// ACTION => synchronize_image_metadata
173	// This includes other sub-actions and other permissions
174	// (tag update, timestamp updated, ...)
175
176	if (version_compare(PHPWG_VERSION, '2.4.0', '<')
177	and isset($_GET['sync_metadata']))
178	{
179	$query = '
180	SELECT path
181	FROM '.IMAGES_TABLE.'
182	WHERE id = '.$_GET['image_id'].'
183	;';
184	list($path) = pwg_db_fetch_row(pwg_query($query));
185	update_metadata(array($_GET['image_id'] => $path));
186
187	array_push($page['infos'], l10n('Metadata synchronized from file'));
188	}
189
190	// +-----------------------------------------------------------------------+
191	// \| update informations \|
192	// +-----------------------------------------------------------------------+
193
194	// first, we verify whether there is a mistake on the given creation date
195	if (isset($_POST['date_creation_action'])
196	and 'set' == $_POST['date_creation_action'])
197	{
198	if (!is_numeric($_POST['date_creation_year'])
199	or !checkdate(
200	$_POST['date_creation_month'],
201	$_POST['date_creation_day'],
202	$_POST['date_creation_year'])
203	)
204	{
205	array_push($page['errors'], l10n('wrong date'));
206	}
207	}
208
209	if (isset($_POST['submit']) and count($page['errors']) == 0)
210	{
211	$data = array();
212	$data{'id'} = $_GET['image_id'];
213	$data{'name'} = $_POST['name'];
214	$data{'author'} = $_POST['author'];
215	$data['level'] = $_POST['level'];
216
217	if ($conf['allow_html_descriptions'])
218	{
219	$data{'comment'} = @$_POST['description'];
220	}
221	else
222	{
223	$data{'comment'} = strip_tags(@$_POST['description']);
224	}
225
226	if (isset($_POST['date_creation_action']))
227	{
228	if ('set' == $_POST['date_creation_action'])
229	{
230	$data{'date_creation'} = $_POST['date_creation_year']
231	.'-'.$_POST['date_creation_month']
232	.'-'.$_POST['date_creation_day'];
233	}
234	else if ('unset' == $_POST['date_creation_action'])
235	{
236	$data{'date_creation'} = '';
237	}
238	}
239
240	// FIXME: why mass_updates here ? Used with a simple array?
241	mass_updates(
242	IMAGES_TABLE,
243	array(
244	'primary' => array('id'),
245	'update' => array_diff(array_keys($data), array('id'))
246	),
247	array($data)
248	);
249
250	// time to deal with tags
251	$tag_ids = array();
252	if (!empty($_POST['tags']))
253	{
254	$tag_ids = get_tag_ids($_POST['tags']);
255	}
256	set_tags($tag_ids, $_GET['image_id']);
257
258	array_push($page['infos'], l10n('Photo informations updated'));
259	}
260
261	// +-----------------------------------------------------------------------+
262	// \| associate \|
263	// +-----------------------------------------------------------------------+
264	// associate the element to other categories than its storage category
265	//
266
267	// SUB-ACTION => associate_image_to_gallery
268
269	if (isset($_POST['associate'])
270	and isset($_POST['cat_dissociated'])
271	and (count($_POST['cat_dissociated']) > 0)
272	)
273	{
274	$_categories = array_intersect($_POST['cat_dissociated'],
275	icy_acl_get_categories("associate_image_to"));
276	//! $_categories = array_filter($_categories,
277	//! create_function('$item', 'return icy_acl("associate_image_to", $item);'));
278
279	associate_images_to_categories(array($_GET['image_id']), $_categories);
280	invalidate_user_cache();
281	}
282
283	// SUB-ACTION => dissociate_image_from_gallery
284
285	// dissociate the element from categories (but not from its storage category)
286	if (isset($_POST['dissociate'])
287	and isset($_POST['cat_associated'])
288	and count($_POST['cat_associated']) > 0
289	)
290	{
291
292	$_categories = array_intersect($_POST['cat_associated'],
293	icy_acl_get_categories("associate_image_to"));
294	//! $_categories = array_filter($_categories,
295	//! create_function('$item', 'return icy_acl("associate_image_to", $item);'));
296
297	$query = '
298	DELETE FROM '.IMAGE_CATEGORY_TABLE.'
299	WHERE image_id = '.$_GET['image_id'].'
300	AND category_id IN (0'.join(',', $_categories).')
301	';
302
303	pwg_query($query);
304	update_category($_categories);
305	invalidate_user_cache();
306	}
307
308	// +-----------------------------------------------------------------------+
309	// \| representation \|
310	// +-----------------------------------------------------------------------+
311
312	// SUB-ACTION => select the element to represent the given categories
313	// FIXME: select or elect?
314
315	if (isset($_POST['elect'])
316	and isset($_POST['cat_dismissed'])
317	and count($_POST['cat_dismissed']) > 0
318	)
319	{
320	$datas = array();
321	$arr_dimissed = array_intersect($_POST['cat_dismissed'],
322	icy_acl_get_categories("present_image_to"));
323
324	if (count($arr_dimissed) > 0)
325	{
326	foreach ($arr_dimissed as $category_id)
327	{
328	array_push($datas,
329	array('id' => $category_id,
330	'representative_picture_id' => $_GET['image_id']));
331	}
332	$fields = array('primary' => array('id'),
333	'update' => array('representative_picture_id'));
334	mass_updates(CATEGORIES_TABLE, $fields, $datas);
335	invalidate_user_cache();
336	}
337	}
338
339	// SUB-ACTION => dismiss the element as representant of the given categories
340
341	if (isset($_POST['dismiss'])
342	and isset($_POST['cat_elected'])
343	and count($_POST['cat_elected']) > 0
344	)
345	{
346	$arr_dismiss = array_intersect($_POST['cat_elected'],
347	icy_acl_get_categories("present_image_to"));
348	if (count($arr_dismiss) > 0)
349	{
350	set_random_representant($arr_dismiss);
351	invalidate_user_cache();
352	}
353	}
354
355	// +-----------------------------------------------------------------------+
356	// \| tagging support \|
357	// +-----------------------------------------------------------------------+
358
359	// FIXME: tag is always updatable?
360
361	if (version_compare(PHPWG_VERSION, '2.2.5', '<')) {
362	$q_tag_selection = "tag_id, name AS tag_name";
363	$q_tags = 'id AS tag_id, name AS tag_name';
364	}
365	else {
366	$q_tag_selection = "tag_id AS id, name";
367	$q_tags = 'id, name';
368	}
369
370	$query = '
371	SELECT
372	'.$q_tag_selection.'
373	FROM '.IMAGE_TAG_TABLE.' AS it
374	JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id
375	WHERE image_id = '.$_GET['image_id'].'
376	;';
377	$tag_selection = get_taglist($query);
378
379	$query = '
380	SELECT
381	'.$q_tags.'
382	FROM '.TAGS_TABLE.'
383	;';
384	$tags = get_taglist($query);
385
386	// retrieving direct information about picture
387	$query = '
388	SELECT *
389	FROM '.IMAGES_TABLE.'
390	WHERE id = '.$_GET['image_id'].'
391	;';
392	$row = pwg_db_fetch_assoc(pwg_query($query));
393
394	// the physical storage directory contains the image
395	$storage_category_id = null;
396	if (!empty($row['storage_category_id']))
397	{
398	$storage_category_id = $row['storage_category_id'];
399	}
400
401	$image_file = $row['file'];
402
403	// +-----------------------------------------------------------------------+
404	// \| template init \|
405	// +-----------------------------------------------------------------------+
406
407	$template->set_template_dir(ICY_PICTURE_MODIFY_PATH.'template/');
408	$template->set_filenames(array('icy_picture_modify' => 'icy_picture_modify.tpl'));
409
410	$admin_url_start = get_root_url().'index.php?/icy_picture_modify';
411	$admin_url_start.= '&image_id='.$_GET['image_id'];
412	$admin_url_start.= isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : '';
413
414	$template->assign(
415	array(
416	'ICY_PICTURE_MODIFY_PATH' => ICY_PICTURE_MODIFY_PATH,
417	'ICY_ROOT_PATH' => realpath(dirname(PHPWG_PLUGINS_PATH)),
418	'tag_selection' => $tag_selection,
419	'tags' => $tags,
420
421	'PATH'=>$row['path'],
422
423	'TN_SRC' => get_thumbnail_url($row),
424
425	'NAME' =>
426	isset($_POST['name']) ?
427	stripslashes($_POST['name']) : @$row['name'],
428
429	'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
430
431	'FILESIZE' => @$row['filesize'].' KB',
432
433	'REGISTRATION_DATE' => format_date($row['date_available']),
434
435	'AUTHOR' => htmlspecialchars(
436	isset($_POST['author'])
437	? stripslashes($_POST['author'])
438	: @$row['author']
439	),
440
441	'DESCRIPTION' =>
442	htmlspecialchars( isset($_POST['description']) ?
443	stripslashes($_POST['description']) : @$row['comment'] ),
444	)
445	);
446
447	if (version_compare(PHPWG_VERSION, '2.4.0', '<')) {
448	$template->assign(
449	array(
450	'U_SYNC' => $admin_url_start.'&sync_metadata=1',
451	'F_ACTION' => get_root_url() . get_query_string_diff(array('sync_metadata'))
452	)
453	);
454	}
455
456	if (icy_image_deletable($_GET['image_id'])) {
457	$template->assign(
458	'U_DELETE', $admin_url_start.'&delete=1&pwg_token='.get_pwg_token()
459	);
460	}
461
462	if (array_key_exists('has_high', $row) and $row['has_high'] == 'true')
463	{
464	$template->assign(
465	'HIGH_FILESIZE',
466	isset($row['high_filesize'])
467	? $row['high_filesize'].' KB'
468	: l10n('unknown')
469	);
470	}
471
472	// image level options
473	$selected_level = isset($_POST['level']) ? $_POST['level'] : $row['level'];
474	$template->assign(
475	array(
476	'level_options'=> get_privacy_level_options(),
477	'level_options_selected' => array($selected_level)
478	)
479	);
480
481	// creation date
482	unset($day, $month, $year);
483
484	if (isset($_POST['date_creation_action'])
485	and 'set' == $_POST['date_creation_action'])
486	{
487	foreach (array('day', 'month', 'year') as $varname)
488	{
489	$$varname = $_POST['date_creation_'.$varname];
490	}
491	}
492	else if (isset($row['date_creation']) and !empty($row['date_creation']))
493	{
494	list($year, $month, $day) = explode('-', $row['date_creation']);
495	}
496	else
497	{
498	list($year, $month, $day) = array('', 0, 0);
499	}
500
501
502	$month_list = $lang['month'];
503	$month_list[0]='------------';
504	ksort($month_list);
505
506	$template->assign(
507	array(
508	'DATE_CREATION_DAY_VALUE' => $day,
509	'DATE_CREATION_MONTH_VALUE' => $month,
510	'DATE_CREATION_YEAR_VALUE' => $year,
511	'month_list' => $month_list,
512	)
513	);
514
515	$query = '
516	SELECT category_id, uppercats
517	FROM '.IMAGE_CATEGORY_TABLE.' AS ic
518	INNER JOIN '.CATEGORIES_TABLE.' AS c
519	ON c.id = ic.category_id
520	WHERE image_id = '.$_GET['image_id'].'
521	;';
522	$result = pwg_query($query);
523
524	while ($row = pwg_db_fetch_assoc($result))
525	{
526	$name =
527	get_cat_display_name_cache(
528	$row['uppercats'],
529	get_root_url().'index.php?/icy_picture_modify&cat_id=',
530	false
531	);
532
533	if ($row['category_id'] == $storage_category_id)
534	{
535	$template->assign('STORAGE_CATEGORY', $name);
536	}
537	else
538	{
539	$template->append('related_categories', $name);
540	}
541	}
542
543	// jump to link
544	//
545	// 1. find all linked categories that are reachable for the current user.
546	// 2. if a category is available in the URL, use it if reachable
547	// 3. if URL category not available or reachable, use the first reachable
548	// linked category
549	// 4. if no category reachable, no jumpto link
550
551	$query = '
552	SELECT category_id
553	FROM '.IMAGE_CATEGORY_TABLE.'
554	WHERE image_id = '.$_GET['image_id'].'
555	;';
556
557	// list of categories (OF THIS IMAGE) to which the user can access
558	$authorizeds = array_intersect($my_categories,
559	array_from_query($query, 'category_id'));
560
561	// if current category belongs to list of authorized categories
562	// we simply provide link to that category
563	if (isset($_GET['cat_id'])
564	and in_array($_GET['cat_id'], $authorizeds))
565	{
566	$url_img = make_picture_url(
567	array(
568	'image_id' => $_GET['image_id'],
569	'image_file' => $image_file,
570	'category' => $cache['cat_names'][ $_GET['cat_id'] ],
571	)
572	);
573	}
574	// otherwise we provide links to the first category in the list
575	else
576	{
577	foreach ($authorizeds as $category)
578	{
579	$url_img = make_picture_url(
580	array(
581	'image_id' => $_GET['image_id'],
582	'image_file' => $image_file,
583	'category' => $cache['cat_names'][ $category ],
584	)
585	);
586	// FIXME: why the first category is selected?
587	break;
588	}
589	}
590
591	if (isset($url_img))
592	{
593	$template->assign( 'U_JUMPTO', $url_img );
594	}
595
596	$_categories = icy_acl_get_categories("associate_image_to");
597	// Select list of categories this image is associcated to
598	$query = '
599	SELECT id,name,uppercats,global_rank
600	FROM '.CATEGORIES_TABLE.'
601	INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
602	WHERE image_id = '.$_GET['image_id'] . '
603	AND id IN (0'.join(",",$_categories).')';
604	// FIMXE: if the image belongs to a physical storage,
605	// FIXME: we simply ignore that storage album
606	if (isset($storage_category_id))
607	{
608	$query.= '
609	AND id != '.$storage_category_id;
610	}
611	$query.= '
612	;';
613	display_select_cat_wrapper($query, array(), 'associated_options');
614
615	$result = pwg_query($query);
616	$associateds = array(-1);
617	if (isset($storage_category_id))
618	{
619	array_push($associateds, $storage_category_id);
620	}
621	while ($row = pwg_db_fetch_assoc($result))
622	{
623	array_push($associateds, $row['id']);
624	}
625	// FIXME: Also display some forbidden presentations
626	$query = '
627	SELECT id,name,uppercats,global_rank
628	FROM '.CATEGORIES_TABLE.'
629	WHERE id NOT IN ('.implode(',', $associateds).')
630	AND id IN (0'.join(",", $_categories).')
631	;';
632	display_select_cat_wrapper($query, array(), 'dissociated_options');
633
634	// display list of categories for representing
635	$_categories = icy_acl_get_categories("present_image_to");
636	$query = '
637	SELECT id,name,uppercats,global_rank
638	FROM '.CATEGORIES_TABLE.'
639	WHERE representative_picture_id = '.$_GET['image_id'].'
640	AND id IN (0'. join(",", $_categories).')
641	;';
642	display_select_cat_wrapper($query, array(), 'elected_options');
643	$query = '
644	SELECT id,name,uppercats,global_rank
645	FROM '.CATEGORIES_TABLE.'
646	WHERE id IN (0'. join(",", $_categories).')
647	AND (representative_picture_id != '.$_GET['image_id'].'
648	OR representative_picture_id IS NULL)
649	;';
650	display_select_cat_wrapper($query, array(), 'dismissed_options');
651
652	//----------------------------------------------------------- sending html code
653
654	$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'icy_picture_modify');
655
656	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: extensions/Icy_Picture_Modify/icy_picture_modify.php @ 26631

Download in other formats: