source: extensions/Icy_Picture_Modify/icy_picture_modify.php @ 11934

Last change on this file since 11934 was 11934, checked in by icy, 9 years ago

Merge branch 'master' into svn

File size: 17.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25if (!defined('ICY_PICTURE_MODIFY_PATH')) die('Hacking attempt!');
26
27include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
28include_once(ICY_PICTURE_MODIFY_PATH.'include/functions_icy_picture_modify.inc.php');
29
30global $template, $conf, $user, $page, $lang, $cache;
31
32// <admin.php>
33$page['errors'] = array();
34$page['infos']  = array();
35$page['warnings']  = array();
36// </admin.php>
37
38// +-----------------------------------------------------------------------+
39// |                             check permission                          |
40// +-----------------------------------------------------------------------+
41
42// redirect users to the index page or category page if 'image_id' isn't provided
43if (!isset($_GET['image_id']))
44{
45  if (isset($_GET['cat_id']))
46  {
47    redirect_http(get_root_url().'?/category/'.$_GET['cat_id']);
48  }
49  else
50  {
51    // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
52    redirect_http(make_index_url());
53  }
54}
55
56check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
57check_input_parameter('image_id', $_GET, false, PATTERN_ID);
58
59// Simplify redirect to administrator page if current user == admin
60if (is_admin())
61{
62  if (icy_does_image_exist($_GET['image_id']))
63  {
64    $url = get_root_url().'admin.php?page=picture_modify';
65    $url.= '&amp;image_id='.$_GET['image_id'];
66    $url.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
67    // FIXME: What happens if a POST data were sent within admin uid?
68    redirect_http($url);
69  }
70  else
71  {
72    bad_request('invalid picture identifier');
73  }
74}
75elseif (!icy_check_image_owner($_GET['image_id'], $user['id']))
76{
77  $url = make_picture_url(
78      array(
79        'image_id' => $_GET['image_id'],
80        'cat_id' => isset($_GET['cat_id']) ? $_GET['cat_id'] : ""
81      )
82    );
83  // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
84  redirect_http($url);
85}
86
87// Update the page sessions
88if (isset($_SESSION['page_infos']))
89{
90  $page['infos'] = array_merge($page['infos'], $_SESSION['page_infos']);
91  unset($_SESSION['page_infos']);
92}
93
94// <find writable categories>
95
96// * Purpose: Find all categories that are reachable for the current user.
97// * FIXME:   This query will include all readable categories, those ones
98//            use can't write to them.
99
100$my_categories = array();
101$my_permissions = null;
102
103// <community support>
104if (is_file(PHPWG_PLUGINS_PATH.'community/include/functions_community.inc.php'))
105{
106  include_once(PHPWG_PLUGINS_PATH.'community/include/functions_community.inc.php');
107  $user_permissions = community_get_user_permissions($user['id']);
108  $my_categories = $user_permissions['upload_categories'];
109}
110// </community support>
111
112// FIXME: what happens if both of the following conditions are true
113// FIXME:    * true == $user_permissions['create_whole_gallery']
114// FIXME:    * 0    <  count($my_categories)
115if (empty($user_permissions) or $user_permissions['create_whole_gallery'])
116{
117  $query = '
118  SELECT category_id
119    FROM '.IMAGE_CATEGORY_TABLE.'
120  ;';
121
122  // list of categories to which the user can access
123  $my_categories = array_diff(
124    array_from_query($query, 'category_id'),
125    explode(',',calculate_permissions($user['id'], $user['status'])));
126}
127// </find writable categories>
128
129// +-----------------------------------------------------------------------+
130// |                             delete photo                              |
131// +-----------------------------------------------------------------------+
132
133if (isset($_GET['delete']))
134{
135  check_pwg_token();
136
137  delete_elements(array($_GET['image_id']), true);
138
139  // where to redirect the user now?
140  //
141  // 1. if a category is available in the URL, use it
142  // 2. else use the first reachable linked category
143  // 3. redirect to gallery root
144
145  if (isset($_GET['cat_id']) and !empty($_GET['cat_id']))
146  {
147    redirect(
148      make_index_url(
149        array(
150          'category' => get_cat_info($_GET['cat_id'])
151          )
152        )
153      );
154  }
155
156  $query = '
157SELECT category_id
158  FROM '.IMAGE_CATEGORY_TABLE.'
159  WHERE image_id = '.$_GET['image_id'].'
160;';
161
162  $authorizeds = array_intersect($my_categories,
163    array_from_query($query, 'category_id'));
164
165  foreach ($authorizeds as $category_id)
166  {
167    redirect(
168      make_index_url(
169        array(
170          'category' => get_cat_info($category_id)
171          )
172        )
173      );
174  }
175
176  redirect(make_index_url());
177}
178
179// +-----------------------------------------------------------------------+
180// |                          synchronize metadata                         |
181// +-----------------------------------------------------------------------+
182
183if (isset($_GET['sync_metadata']))
184{
185  $query = '
186SELECT path
187  FROM '.IMAGES_TABLE.'
188  WHERE id = '.$_GET['image_id'].'
189;';
190  list($path) = pwg_db_fetch_row(pwg_query($query));
191  update_metadata(array($_GET['image_id'] => $path));
192
193  array_push($page['infos'], l10n('Metadata synchronized from file'));
194}
195
196// +-----------------------------------------------------------------------+
197// |                          update informations                          |
198// +-----------------------------------------------------------------------+
199
200// first, we verify whether there is a mistake on the given creation date
201if (isset($_POST['date_creation_action'])
202    and 'set' == $_POST['date_creation_action'])
203{
204  if (!is_numeric($_POST['date_creation_year'])
205    or !checkdate(
206          $_POST['date_creation_month'],
207          $_POST['date_creation_day'],
208          $_POST['date_creation_year'])
209    )
210  {
211    array_push($page['errors'], l10n('wrong date'));
212  }
213}
214
215if (isset($_POST['submit']) and count($page['errors']) == 0)
216{
217  $data = array();
218  $data{'id'} = $_GET['image_id'];
219  $data{'name'} = $_POST['name'];
220  $data{'author'} = $_POST['author'];
221  $data['level'] = $_POST['level'];
222
223  if ($conf['allow_html_descriptions'])
224  {
225    $data{'comment'} = @$_POST['description'];
226  }
227  else
228  {
229    $data{'comment'} = strip_tags(@$_POST['description']);
230  }
231
232  if (isset($_POST['date_creation_action']))
233  {
234    if ('set' == $_POST['date_creation_action'])
235    {
236      $data{'date_creation'} = $_POST['date_creation_year']
237                                 .'-'.$_POST['date_creation_month']
238                                 .'-'.$_POST['date_creation_day'];
239    }
240    else if ('unset' == $_POST['date_creation_action'])
241    {
242      $data{'date_creation'} = '';
243    }
244  }
245
246  mass_updates(
247    IMAGES_TABLE,
248    array(
249      'primary' => array('id'),
250      'update' => array_diff(array_keys($data), array('id'))
251      ),
252    array($data)
253    );
254
255  // time to deal with tags
256  $tag_ids = array();
257  if (!empty($_POST['tags']))
258  {
259    $tag_ids = get_tag_ids($_POST['tags']);
260  }
261  set_tags($tag_ids, $_GET['image_id']);
262
263  array_push($page['infos'], l10n('Photo informations updated'));
264}
265
266// +-----------------------------------------------------------------------+
267// |                              associate                                |
268// +-----------------------------------------------------------------------+
269// associate the element to other categories than its storage category
270//
271if (isset($_POST['associate'])
272    and isset($_POST['cat_dissociated'])
273    and count($_POST['cat_dissociated']) > 0
274  )
275{
276  associate_images_to_categories(
277    array($_GET['image_id']),
278    array_intersect($_POST['cat_dissociated'], $my_categories)
279    );
280}
281
282
283// dissociate the element from categories (but not from its storage category)
284if (isset($_POST['dissociate'])
285    and isset($_POST['cat_associated'])
286    and count($_POST['cat_associated']) > 0
287  )
288{
289  $arr_dissociate = array_intersect($_POST['cat_associated'], $my_categories);
290  $query = '
291DELETE FROM '.IMAGE_CATEGORY_TABLE.'
292  WHERE image_id = '.$_GET['image_id'].'
293    AND category_id IN ('.implode(',', $arr_dissociate).')
294';
295  pwg_query($query);
296
297  update_category($arr_dissociate);
298}
299// select the element to represent the given categories
300if (isset($_POST['elect'])
301    and isset($_POST['cat_dismissed'])
302    and count($_POST['cat_dismissed']) > 0
303  )
304{
305  $datas = array();
306  $arr_dimissed = array_intersect($_POST['cat_dismissed'], $my_categories);
307  if (count($arr_dimissed) > 0)
308  {
309    foreach ($arr_dimissed as $category_id)
310    {
311      array_push($datas,
312                 array('id' => $category_id,
313                       'representative_picture_id' => $_GET['image_id']));
314    }
315    $fields = array('primary' => array('id'),
316                    'update' => array('representative_picture_id'));
317    mass_updates(CATEGORIES_TABLE, $fields, $datas);
318  }
319}
320// dismiss the element as representant of the given categories
321if (isset($_POST['dismiss'])
322    and isset($_POST['cat_elected'])
323    and count($_POST['cat_elected']) > 0
324  )
325{
326  $arr_dismiss = array_intersect($_POST['cat_elected'], $my_categories);
327  if (count($arr_dismiss) > 0)
328  {
329    set_random_representant($arr_dismiss);
330  }
331}
332
333// tags
334$query = '
335SELECT
336    tag_id,
337    name AS tag_name
338  FROM '.IMAGE_TAG_TABLE.' AS it
339    JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id
340  WHERE image_id = '.$_GET['image_id'].'
341;';
342$tag_selection = get_taglist($query);
343
344$query = '
345SELECT
346    id AS tag_id,
347    name AS tag_name
348  FROM '.TAGS_TABLE.'
349;';
350$tags = get_taglist($query);
351
352// retrieving direct information about picture
353$query = '
354SELECT *
355  FROM '.IMAGES_TABLE.'
356  WHERE id = '.$_GET['image_id'].'
357;';
358$row = pwg_db_fetch_assoc(pwg_query($query));
359
360// the physical storage directory contains the image
361$storage_category_id = null;
362if (!empty($row['storage_category_id']))
363{
364  $storage_category_id = $row['storage_category_id'];
365}
366
367$image_file = $row['file'];
368
369// +-----------------------------------------------------------------------+
370// |                             template init                             |
371// +-----------------------------------------------------------------------+
372
373$template->set_template_dir(ICY_PICTURE_MODIFY_PATH.'template/');
374$template->set_filenames(array('icy_picture_modify' => 'icy_picture_modify.tpl'));
375
376$admin_url_start = get_root_url().'index.php?/icy_picture_modify';
377$admin_url_start.= '&amp;image_id='.$_GET['image_id'];
378$admin_url_start.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
379
380$template->assign(
381  array(
382    'ICY_PICTURE_MODIFY_PATH' => ICY_PICTURE_MODIFY_PATH,
383    'ICY_ROOT_PATH' => realpath(dirname(PHPWG_PLUGINS_PATH)),
384    'tag_selection' => $tag_selection,
385    'tags' => $tags,
386    'U_SYNC' => $admin_url_start.'&amp;sync_metadata=1',
387    'U_DELETE' => $admin_url_start.'&amp;delete=1&amp;pwg_token='.get_pwg_token(),
388
389    'PATH'=>$row['path'],
390
391    'TN_SRC' => get_thumbnail_url($row),
392
393    'NAME' =>
394      isset($_POST['name']) ?
395        stripslashes($_POST['name']) : @$row['name'],
396
397    'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
398
399    'FILESIZE' => @$row['filesize'].' KB',
400
401    'REGISTRATION_DATE' => format_date($row['date_available']),
402
403    'AUTHOR' => htmlspecialchars(
404      isset($_POST['author'])
405        ? stripslashes($_POST['author'])
406        : @$row['author']
407      ),
408
409    'DESCRIPTION' =>
410      htmlspecialchars( isset($_POST['description']) ?
411        stripslashes($_POST['description']) : @$row['comment'] ),
412
413    'F_ACTION' =>
414        get_root_url() # .'index.php?/icy_picture_modify'
415        .get_query_string_diff(array('sync_metadata'))
416    )
417  );
418
419if ($row['has_high'] == 'true')
420{
421  $template->assign(
422    'HIGH_FILESIZE',
423    isset($row['high_filesize'])
424        ? $row['high_filesize'].' KB'
425        : l10n('unknown')
426    );
427}
428
429// image level options
430$selected_level = isset($_POST['level']) ? $_POST['level'] : $row['level'];
431$template->assign(
432    array(
433      'level_options'=> get_privacy_level_options(),
434      'level_options_selected' => array($selected_level)
435    )
436  );
437
438// creation date
439unset($day, $month, $year);
440
441if (isset($_POST['date_creation_action'])
442    and 'set' == $_POST['date_creation_action'])
443{
444  foreach (array('day', 'month', 'year') as $varname)
445  {
446    $$varname = $_POST['date_creation_'.$varname];
447  }
448}
449else if (isset($row['date_creation']) and !empty($row['date_creation']))
450{
451  list($year, $month, $day) = explode('-', $row['date_creation']);
452}
453else
454{
455  list($year, $month, $day) = array('', 0, 0);
456}
457
458
459$month_list = $lang['month'];
460$month_list[0]='------------';
461ksort($month_list);
462
463$template->assign(
464    array(
465      'DATE_CREATION_DAY_VALUE' => $day,
466      'DATE_CREATION_MONTH_VALUE' => $month,
467      'DATE_CREATION_YEAR_VALUE' => $year,
468      'month_list' => $month_list,
469      )
470    );
471
472$query = '
473SELECT category_id, uppercats
474  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
475    INNER JOIN '.CATEGORIES_TABLE.' AS c
476      ON c.id = ic.category_id
477  WHERE image_id = '.$_GET['image_id'].'
478;';
479$result = pwg_query($query);
480
481while ($row = pwg_db_fetch_assoc($result))
482{
483  $name =
484    get_cat_display_name_cache(
485      $row['uppercats'],
486      get_root_url().'index.php?/icy_picture_modify&amp;cat_id=',
487      false
488      );
489
490  if ($row['category_id'] == $storage_category_id)
491  {
492    $template->assign('STORAGE_CATEGORY', $name);
493  }
494  else
495  {
496    $template->append('related_categories', $name);
497  }
498}
499
500// jump to link
501//
502// 1. find all linked categories that are reachable for the current user.
503// 2. if a category is available in the URL, use it if reachable
504// 3. if URL category not available or reachable, use the first reachable
505//    linked category
506// 4. if no category reachable, no jumpto link
507
508$query = '
509SELECT category_id
510  FROM '.IMAGE_CATEGORY_TABLE.'
511  WHERE image_id = '.$_GET['image_id'].'
512;';
513
514// list of categories (OF THIS IMAGE) to which the user can access
515$authorizeds = array_intersect($my_categories,
516  array_from_query($query, 'category_id'));
517
518// if current category belongs to list of authorized categories
519// we simply provide link to that category
520if (isset($_GET['cat_id'])
521    and in_array($_GET['cat_id'], $authorizeds))
522{
523  $url_img = make_picture_url(
524    array(
525      'image_id' => $_GET['image_id'],
526      'image_file' => $image_file,
527      'category' => $cache['cat_names'][ $_GET['cat_id'] ],
528      )
529    );
530}
531// otherwise we provide links to the *first* category in the list
532else
533{
534  foreach ($authorizeds as $category)
535  {
536    $url_img = make_picture_url(
537      array(
538        'image_id' => $_GET['image_id'],
539        'image_file' => $image_file,
540        'category' => $cache['cat_names'][ $category ],
541        )
542      );
543    // FIXME: why the first category is selected?
544    break;
545  }
546}
547
548if (isset($url_img))
549{
550  $template->assign( 'U_JUMPTO', $url_img );
551}
552
553// associate to another category ?
554$query = '
555SELECT id,name,uppercats,global_rank
556  FROM '.CATEGORIES_TABLE.'
557    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
558  WHERE image_id = '.$_GET['image_id'] . '
559    AND id IN ('. join(",", $my_categories).')';
560// if the image belongs to a physical storage,
561// we simply ignore that storage album
562if (isset($storage_category_id))
563{
564  $query.= '
565    AND id != '.$storage_category_id;
566}
567$query.= '
568;';
569display_select_cat_wrapper($query, array(), 'associated_options');
570
571$result = pwg_query($query);
572$associateds = array(-1);
573if (isset($storage_category_id))
574{
575  array_push($associateds, $storage_category_id);
576}
577while ($row = pwg_db_fetch_assoc($result))
578{
579  array_push($associateds, $row['id']);
580}
581$query = '
582SELECT id,name,uppercats,global_rank
583  FROM '.CATEGORIES_TABLE.'
584  WHERE id NOT IN ('.implode(',', $associateds).')
585  AND id IN ('. join(",", $my_categories).')
586;';
587display_select_cat_wrapper($query, array(), 'dissociated_options');
588
589// representing
590$query = '
591SELECT id,name,uppercats,global_rank
592  FROM '.CATEGORIES_TABLE.'
593  WHERE representative_picture_id = '.$_GET['image_id'].'
594    AND id IN ('. join(",", $my_categories).')
595;';
596display_select_cat_wrapper($query, array(), 'elected_options');
597
598$query = '
599SELECT id,name,uppercats,global_rank
600  FROM '.CATEGORIES_TABLE.'
601  WHERE id IN ('. join(",", $my_categories).')
602    AND (representative_picture_id != '.$_GET['image_id'].'
603    OR representative_picture_id IS NULL)
604;';
605display_select_cat_wrapper($query, array(), 'dismissed_options');
606
607//----------------------------------------------------------- sending html code
608
609$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'icy_picture_modify');
610
611?>
Note: See TracBrowser for help on using the repository browser.