source: extensions/Icy_Picture_Modify/icy_picture_modify.php @ 12034

Last change on this file since 12034 was 12034, checked in by icy, 9 years ago

Merge branch 'master' into svn

File size: 17.7 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25if (!defined('ICY_PICTURE_MODIFY_PATH')) die('Hacking attempt!');
26
27include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
28include_once(ICY_PICTURE_MODIFY_PATH.'include/functions_icy_picture_modify.inc.php');
29
30global $template, $conf, $user, $page, $lang, $cache;
31
32// <admin.php>
33$page['errors'] = array();
34$page['infos']  = array();
35$page['warnings']  = array();
36// </admin.php>
37
38// +-----------------------------------------------------------------------+
39// |                             check permission                          |
40// +-----------------------------------------------------------------------+
41
42// redirect users to the index page or category page if 'image_id' isn't provided
43if (!isset($_GET['image_id']))
44{
45  if (isset($_GET['cat_id']))
46  {
47    redirect_http(get_root_url().'?/category/'.$_GET['cat_id']);
48  }
49  else
50  {
51    // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
52    redirect_http(make_index_url());
53  }
54}
55
56check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
57check_input_parameter('image_id', $_GET, false, PATTERN_ID);
58
59// Simplify redirect to administrator page if current user == admin
60if (is_admin())
61{
62  if (icy_does_image_exist($_GET['image_id']))
63  {
64    $url = get_root_url().'admin.php?page=picture_modify';
65    $url.= '&amp;image_id='.$_GET['image_id'];
66    $url.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
67    // FIXME: What happens if a POST data were sent within admin uid?
68    redirect_http($url);
69  }
70  else
71  {
72    bad_request('invalid picture identifier');
73  }
74}
75elseif (!icy_check_image_owner($_GET['image_id'], $user['id']))
76{
77  $url = make_picture_url(
78      array(
79        'image_id' => $_GET['image_id'],
80        'cat_id' => isset($_GET['cat_id']) ? $_GET['cat_id'] : ""
81      )
82    );
83  // FIXME: $_SESSION['page_infos'] = array(l10n('Permission denied'));
84  redirect_http($url);
85}
86
87// Update the page sessions
88if (isset($_SESSION['page_infos']))
89{
90  $page['infos'] = array_merge($page['infos'], $_SESSION['page_infos']);
91  unset($_SESSION['page_infos']);
92}
93
94// <find writable categories>
95
96// * Purpose: Find all categories that are reachable for the current user.
97// * FIXME:   This query will include all readable categories, those ones
98//            use can't write to them.
99
100$my_categories = array();
101$my_permissions = null;
102
103// <community support>
104if (is_file(PHPWG_PLUGINS_PATH.'community/include/functions_community.inc.php'))
105{
106  include_once(PHPWG_PLUGINS_PATH.'community/include/functions_community.inc.php');
107  $user_permissions = community_get_user_permissions($user['id']);
108  $my_categories = $user_permissions['upload_categories'];
109}
110// </community support>
111
112// FIXME: what happens if both of the following conditions are true
113// FIXME:    * true == $user_permissions['create_whole_gallery']
114// FIXME:    * 0    <  count($my_categories)
115if (empty($user_permissions) or $user_permissions['create_whole_gallery'])
116{
117  $query = '
118  SELECT category_id
119    FROM '.IMAGE_CATEGORY_TABLE.'
120  ;';
121
122  // list of categories to which the user can access
123  $my_categories = array_diff(
124    array_from_query($query, 'category_id'),
125    explode(',',calculate_permissions($user['id'], $user['status'])));
126}
127// </find writable categories>
128
129// +-----------------------------------------------------------------------+
130// |                             delete photo                              |
131// +-----------------------------------------------------------------------+
132
133if (isset($_GET['delete']))
134{
135  check_pwg_token();
136
137  delete_elements(array($_GET['image_id']), true);
138
139  // where to redirect the user now?
140  //
141  // 1. if a category is available in the URL, use it
142  // 2. else use the first reachable linked category
143  // 3. redirect to gallery root
144
145  if (isset($_GET['cat_id']) and !empty($_GET['cat_id']))
146  {
147    redirect(
148      make_index_url(
149        array(
150          'category' => get_cat_info($_GET['cat_id'])
151          )
152        )
153      );
154  }
155
156  $query = '
157SELECT category_id
158  FROM '.IMAGE_CATEGORY_TABLE.'
159  WHERE image_id = '.$_GET['image_id'].'
160;';
161
162  $authorizeds = array_intersect($my_categories,
163    array_from_query($query, 'category_id'));
164
165  foreach ($authorizeds as $category_id)
166  {
167    redirect(
168      make_index_url(
169        array(
170          'category' => get_cat_info($category_id)
171          )
172        )
173      );
174  }
175
176  redirect(make_index_url());
177}
178
179// +-----------------------------------------------------------------------+
180// |                          synchronize metadata                         |
181// +-----------------------------------------------------------------------+
182
183if (isset($_GET['sync_metadata']))
184{
185  $query = '
186SELECT path
187  FROM '.IMAGES_TABLE.'
188  WHERE id = '.$_GET['image_id'].'
189;';
190  list($path) = pwg_db_fetch_row(pwg_query($query));
191  update_metadata(array($_GET['image_id'] => $path));
192
193  array_push($page['infos'], l10n('Metadata synchronized from file'));
194}
195
196// +-----------------------------------------------------------------------+
197// |                          update informations                          |
198// +-----------------------------------------------------------------------+
199
200// first, we verify whether there is a mistake on the given creation date
201if (isset($_POST['date_creation_action'])
202    and 'set' == $_POST['date_creation_action'])
203{
204  if (!is_numeric($_POST['date_creation_year'])
205    or !checkdate(
206          $_POST['date_creation_month'],
207          $_POST['date_creation_day'],
208          $_POST['date_creation_year'])
209    )
210  {
211    array_push($page['errors'], l10n('wrong date'));
212  }
213}
214
215if (isset($_POST['submit']) and count($page['errors']) == 0)
216{
217  $data = array();
218  $data{'id'} = $_GET['image_id'];
219  $data{'name'} = $_POST['name'];
220  $data{'author'} = $_POST['author'];
221  $data['level'] = $_POST['level'];
222
223  if ($conf['allow_html_descriptions'])
224  {
225    $data{'comment'} = @$_POST['description'];
226  }
227  else
228  {
229    $data{'comment'} = strip_tags(@$_POST['description']);
230  }
231
232  if (isset($_POST['date_creation_action']))
233  {
234    if ('set' == $_POST['date_creation_action'])
235    {
236      $data{'date_creation'} = $_POST['date_creation_year']
237                                 .'-'.$_POST['date_creation_month']
238                                 .'-'.$_POST['date_creation_day'];
239    }
240    else if ('unset' == $_POST['date_creation_action'])
241    {
242      $data{'date_creation'} = '';
243    }
244  }
245
246  mass_updates(
247    IMAGES_TABLE,
248    array(
249      'primary' => array('id'),
250      'update' => array_diff(array_keys($data), array('id'))
251      ),
252    array($data)
253    );
254
255  // time to deal with tags
256  $tag_ids = array();
257  if (!empty($_POST['tags']))
258  {
259    $tag_ids = get_tag_ids($_POST['tags']);
260  }
261  set_tags($tag_ids, $_GET['image_id']);
262
263  array_push($page['infos'], l10n('Photo informations updated'));
264}
265
266// +-----------------------------------------------------------------------+
267// |                              associate                                |
268// +-----------------------------------------------------------------------+
269// associate the element to other categories than its storage category
270//
271if (isset($_POST['associate'])
272    and isset($_POST['cat_dissociated'])
273    and count($_POST['cat_dissociated']) > 0
274  )
275{
276  associate_images_to_categories(
277    array($_GET['image_id']),
278    array_intersect($_POST['cat_dissociated'], $my_categories)
279    );
280}
281
282
283// dissociate the element from categories (but not from its storage category)
284if (isset($_POST['dissociate'])
285    and isset($_POST['cat_associated'])
286    and count($_POST['cat_associated']) > 0
287  )
288{
289  $arr_dissociate = array_intersect($_POST['cat_associated'], $my_categories);
290  $query = '
291DELETE FROM '.IMAGE_CATEGORY_TABLE.'
292  WHERE image_id = '.$_GET['image_id'].'
293    AND category_id IN ('.implode(',', $arr_dissociate).')
294';
295  pwg_query($query);
296
297  update_category($arr_dissociate);
298}
299// select the element to represent the given categories
300if (isset($_POST['elect'])
301    and isset($_POST['cat_dismissed'])
302    and count($_POST['cat_dismissed']) > 0
303  )
304{
305  $datas = array();
306  $arr_dimissed = array_intersect($_POST['cat_dismissed'], $my_categories);
307  if (count($arr_dimissed) > 0)
308  {
309    foreach ($arr_dimissed as $category_id)
310    {
311      array_push($datas,
312                 array('id' => $category_id,
313                       'representative_picture_id' => $_GET['image_id']));
314    }
315    $fields = array('primary' => array('id'),
316                    'update' => array('representative_picture_id'));
317    mass_updates(CATEGORIES_TABLE, $fields, $datas);
318  }
319}
320// dismiss the element as representant of the given categories
321if (isset($_POST['dismiss'])
322    and isset($_POST['cat_elected'])
323    and count($_POST['cat_elected']) > 0
324  )
325{
326  $arr_dismiss = array_intersect($_POST['cat_elected'], $my_categories);
327  if (count($arr_dismiss) > 0)
328  {
329    set_random_representant($arr_dismiss);
330  }
331}
332
333// tags
334if (version_compare(PHPWG_VERSION, '2.2.5', '<')) {
335  $q_tag_selection = "tag_id, name AS tag_name";
336  $q_tags = 'id AS tag_id, name AS tag_name';
337}
338else {
339  $q_tag_selection = "tag_id AS id, name";
340  $q_tags = 'id, name';
341}
342
343$query = '
344SELECT
345    '.$q_tag_selection.'
346  FROM '.IMAGE_TAG_TABLE.' AS it
347    JOIN '.TAGS_TABLE.' AS t ON t.id = it.tag_id
348  WHERE image_id = '.$_GET['image_id'].'
349;';
350$tag_selection = get_taglist($query);
351
352$query = '
353SELECT
354    '.$q_tags.'
355  FROM '.TAGS_TABLE.'
356;';
357$tags = get_taglist($query);
358
359// retrieving direct information about picture
360$query = '
361SELECT *
362  FROM '.IMAGES_TABLE.'
363  WHERE id = '.$_GET['image_id'].'
364;';
365$row = pwg_db_fetch_assoc(pwg_query($query));
366
367// the physical storage directory contains the image
368$storage_category_id = null;
369if (!empty($row['storage_category_id']))
370{
371  $storage_category_id = $row['storage_category_id'];
372}
373
374$image_file = $row['file'];
375
376// +-----------------------------------------------------------------------+
377// |                             template init                             |
378// +-----------------------------------------------------------------------+
379
380$template->set_template_dir(ICY_PICTURE_MODIFY_PATH.'template/');
381$template->set_filenames(array('icy_picture_modify' => 'icy_picture_modify.tpl'));
382
383$admin_url_start = get_root_url().'index.php?/icy_picture_modify';
384$admin_url_start.= '&amp;image_id='.$_GET['image_id'];
385$admin_url_start.= isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '';
386
387$template->assign(
388  array(
389    'ICY_PICTURE_MODIFY_PATH' => ICY_PICTURE_MODIFY_PATH,
390    'ICY_ROOT_PATH' => realpath(dirname(PHPWG_PLUGINS_PATH)),
391    'tag_selection' => $tag_selection,
392    'tags' => $tags,
393    'U_SYNC' => $admin_url_start.'&amp;sync_metadata=1',
394    'U_DELETE' => $admin_url_start.'&amp;delete=1&amp;pwg_token='.get_pwg_token(),
395
396    'PATH'=>$row['path'],
397
398    'TN_SRC' => get_thumbnail_url($row),
399
400    'NAME' =>
401      isset($_POST['name']) ?
402        stripslashes($_POST['name']) : @$row['name'],
403
404    'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
405
406    'FILESIZE' => @$row['filesize'].' KB',
407
408    'REGISTRATION_DATE' => format_date($row['date_available']),
409
410    'AUTHOR' => htmlspecialchars(
411      isset($_POST['author'])
412        ? stripslashes($_POST['author'])
413        : @$row['author']
414      ),
415
416    'DESCRIPTION' =>
417      htmlspecialchars( isset($_POST['description']) ?
418        stripslashes($_POST['description']) : @$row['comment'] ),
419
420    'F_ACTION' =>
421        get_root_url() # .'index.php?/icy_picture_modify'
422        .get_query_string_diff(array('sync_metadata'))
423    )
424  );
425
426if ($row['has_high'] == 'true')
427{
428  $template->assign(
429    'HIGH_FILESIZE',
430    isset($row['high_filesize'])
431        ? $row['high_filesize'].' KB'
432        : l10n('unknown')
433    );
434}
435
436// image level options
437$selected_level = isset($_POST['level']) ? $_POST['level'] : $row['level'];
438$template->assign(
439    array(
440      'level_options'=> get_privacy_level_options(),
441      'level_options_selected' => array($selected_level)
442    )
443  );
444
445// creation date
446unset($day, $month, $year);
447
448if (isset($_POST['date_creation_action'])
449    and 'set' == $_POST['date_creation_action'])
450{
451  foreach (array('day', 'month', 'year') as $varname)
452  {
453    $$varname = $_POST['date_creation_'.$varname];
454  }
455}
456else if (isset($row['date_creation']) and !empty($row['date_creation']))
457{
458  list($year, $month, $day) = explode('-', $row['date_creation']);
459}
460else
461{
462  list($year, $month, $day) = array('', 0, 0);
463}
464
465
466$month_list = $lang['month'];
467$month_list[0]='------------';
468ksort($month_list);
469
470$template->assign(
471    array(
472      'DATE_CREATION_DAY_VALUE' => $day,
473      'DATE_CREATION_MONTH_VALUE' => $month,
474      'DATE_CREATION_YEAR_VALUE' => $year,
475      'month_list' => $month_list,
476      )
477    );
478
479$query = '
480SELECT category_id, uppercats
481  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
482    INNER JOIN '.CATEGORIES_TABLE.' AS c
483      ON c.id = ic.category_id
484  WHERE image_id = '.$_GET['image_id'].'
485;';
486$result = pwg_query($query);
487
488while ($row = pwg_db_fetch_assoc($result))
489{
490  $name =
491    get_cat_display_name_cache(
492      $row['uppercats'],
493      get_root_url().'index.php?/icy_picture_modify&amp;cat_id=',
494      false
495      );
496
497  if ($row['category_id'] == $storage_category_id)
498  {
499    $template->assign('STORAGE_CATEGORY', $name);
500  }
501  else
502  {
503    $template->append('related_categories', $name);
504  }
505}
506
507// jump to link
508//
509// 1. find all linked categories that are reachable for the current user.
510// 2. if a category is available in the URL, use it if reachable
511// 3. if URL category not available or reachable, use the first reachable
512//    linked category
513// 4. if no category reachable, no jumpto link
514
515$query = '
516SELECT category_id
517  FROM '.IMAGE_CATEGORY_TABLE.'
518  WHERE image_id = '.$_GET['image_id'].'
519;';
520
521// list of categories (OF THIS IMAGE) to which the user can access
522$authorizeds = array_intersect($my_categories,
523  array_from_query($query, 'category_id'));
524
525// if current category belongs to list of authorized categories
526// we simply provide link to that category
527if (isset($_GET['cat_id'])
528    and in_array($_GET['cat_id'], $authorizeds))
529{
530  $url_img = make_picture_url(
531    array(
532      'image_id' => $_GET['image_id'],
533      'image_file' => $image_file,
534      'category' => $cache['cat_names'][ $_GET['cat_id'] ],
535      )
536    );
537}
538// otherwise we provide links to the *first* category in the list
539else
540{
541  foreach ($authorizeds as $category)
542  {
543    $url_img = make_picture_url(
544      array(
545        'image_id' => $_GET['image_id'],
546        'image_file' => $image_file,
547        'category' => $cache['cat_names'][ $category ],
548        )
549      );
550    // FIXME: why the first category is selected?
551    break;
552  }
553}
554
555if (isset($url_img))
556{
557  $template->assign( 'U_JUMPTO', $url_img );
558}
559
560// associate to another category ?
561$query = '
562SELECT id,name,uppercats,global_rank
563  FROM '.CATEGORIES_TABLE.'
564    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
565  WHERE image_id = '.$_GET['image_id'] . '
566    AND id IN ('. join(",", $my_categories).')';
567// if the image belongs to a physical storage,
568// we simply ignore that storage album
569if (isset($storage_category_id))
570{
571  $query.= '
572    AND id != '.$storage_category_id;
573}
574$query.= '
575;';
576display_select_cat_wrapper($query, array(), 'associated_options');
577
578$result = pwg_query($query);
579$associateds = array(-1);
580if (isset($storage_category_id))
581{
582  array_push($associateds, $storage_category_id);
583}
584while ($row = pwg_db_fetch_assoc($result))
585{
586  array_push($associateds, $row['id']);
587}
588$query = '
589SELECT id,name,uppercats,global_rank
590  FROM '.CATEGORIES_TABLE.'
591  WHERE id NOT IN ('.implode(',', $associateds).')
592  AND id IN ('. join(",", $my_categories).')
593;';
594display_select_cat_wrapper($query, array(), 'dissociated_options');
595
596// representing
597$query = '
598SELECT id,name,uppercats,global_rank
599  FROM '.CATEGORIES_TABLE.'
600  WHERE representative_picture_id = '.$_GET['image_id'].'
601    AND id IN ('. join(",", $my_categories).')
602;';
603display_select_cat_wrapper($query, array(), 'elected_options');
604
605$query = '
606SELECT id,name,uppercats,global_rank
607  FROM '.CATEGORIES_TABLE.'
608  WHERE id IN ('. join(",", $my_categories).')
609    AND (representative_picture_id != '.$_GET['image_id'].'
610    OR representative_picture_id IS NULL)
611;';
612display_select_cat_wrapper($query, array(), 'dismissed_options');
613
614//----------------------------------------------------------- sending html code
615
616$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'icy_picture_modify');
617
618?>
Note: See TracBrowser for help on using the repository browser.