[16591] | 1 | <?php |
---|
| 2 | defined('USER_COLLEC_PATH') or die('Hacking attempt!'); |
---|
| 3 | |
---|
[24421] | 4 | global $page, $template, $conf, $user; |
---|
[16591] | 5 | |
---|
[20093] | 6 | $template->assign(array( |
---|
| 7 | 'USER_COLLEC_PATH' => USER_COLLEC_PATH, |
---|
| 8 | 'USER_COLLEC_ABS_PATH' => realpath(USER_COLLEC_PATH).'/', |
---|
| 9 | )); |
---|
| 10 | |
---|
[24421] | 11 | |
---|
[16591] | 12 | switch ($page['sub_section']) |
---|
| 13 | { |
---|
[24421] | 14 | // +-----------------------------------------------------------------------+ |
---|
| 15 | // | Collections list | |
---|
| 16 | // +-----------------------------------------------------------------------+ |
---|
| 17 | case 'list': |
---|
| 18 | { |
---|
| 19 | if (is_a_guest()) |
---|
[16591] | 20 | { |
---|
[24421] | 21 | access_denied(); |
---|
| 22 | } |
---|
| 23 | |
---|
| 24 | $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collections_list.tpl')); |
---|
| 25 | |
---|
| 26 | // actions |
---|
| 27 | if ( isset($_GET['action']) and preg_match('#^([0-9]+)$#', $_GET['col_id']) ) |
---|
| 28 | { |
---|
| 29 | switch ($_GET['action']) |
---|
[16591] | 30 | { |
---|
[24421] | 31 | ## new collection ## |
---|
| 32 | case 'new': |
---|
[16591] | 33 | { |
---|
[24421] | 34 | if (empty($_GET['name'])) |
---|
[16591] | 35 | { |
---|
[24421] | 36 | $page['errors'][] = l10n('Please give a name'); |
---|
| 37 | } |
---|
| 38 | else |
---|
| 39 | { |
---|
| 40 | $collection = new UserCollection('new', $_GET['name']); |
---|
| 41 | |
---|
| 42 | if (isset($_GET['redirect'])) |
---|
[16591] | 43 | { |
---|
[24421] | 44 | $redirect = USER_COLLEC_PUBLIC . 'edit/' . $collection->getParam('id'); |
---|
[16591] | 45 | } |
---|
[16688] | 46 | else |
---|
| 47 | { |
---|
[24421] | 48 | $redirect = USER_COLLEC_PUBLIC; |
---|
[16688] | 49 | } |
---|
[24421] | 50 | redirect($redirect); |
---|
[16591] | 51 | } |
---|
[24421] | 52 | break; |
---|
| 53 | } |
---|
| 54 | |
---|
| 55 | ## delete collection ## |
---|
| 56 | case 'delete': |
---|
| 57 | { |
---|
| 58 | try { |
---|
| 59 | $collection = new UserCollection($_GET['col_id']); |
---|
| 60 | $collection->delete(); |
---|
| 61 | redirect(USER_COLLEC_PUBLIC); |
---|
| 62 | } |
---|
| 63 | catch (Exception $e) |
---|
[16591] | 64 | { |
---|
[24421] | 65 | $page['errors'][] = $e->getMessage(); |
---|
[16591] | 66 | } |
---|
[24421] | 67 | break; |
---|
[16591] | 68 | } |
---|
| 69 | } |
---|
| 70 | } |
---|
[16597] | 71 | |
---|
[24421] | 72 | $template->assign('U_CREATE', |
---|
| 73 | add_url_params(USER_COLLEC_PUBLIC, array('action'=>'new','col_id'=>'0')) |
---|
| 74 | ); |
---|
| 75 | |
---|
| 76 | $template->set_prefilter('index_category_thumbnails', 'user_collections_categories_list'); |
---|
| 77 | |
---|
| 78 | include(USER_COLLEC_PATH . '/include/display_collections.inc.php'); |
---|
| 79 | |
---|
| 80 | break; |
---|
| 81 | } |
---|
| 82 | |
---|
| 83 | // +-----------------------------------------------------------------------+ |
---|
| 84 | // | Edit collection | |
---|
| 85 | // +-----------------------------------------------------------------------+ |
---|
| 86 | case 'edit': |
---|
| 87 | { |
---|
| 88 | // security |
---|
| 89 | if (empty($page['col_id'])) |
---|
[16591] | 90 | { |
---|
[24421] | 91 | $_SESSION['page_errors'][] = l10n('Invalid collection'); |
---|
| 92 | redirect(USER_COLLEC_PUBLIC); |
---|
| 93 | } |
---|
| 94 | |
---|
| 95 | $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_edit.tpl')); |
---|
| 96 | |
---|
| 97 | $self_url = USER_COLLEC_PUBLIC . 'edit/' . $page['col_id']; |
---|
| 98 | |
---|
| 99 | $template->assign(array( |
---|
| 100 | 'F_ACTION' => $self_url, |
---|
| 101 | 'U_LIST' => USER_COLLEC_PUBLIC, |
---|
| 102 | 'UC_IN_EDIT' => true, |
---|
| 103 | )); |
---|
| 104 | |
---|
| 105 | try { |
---|
| 106 | $collection = new UserCollection($page['col_id']); |
---|
| 107 | $collection->checkUser(); |
---|
| 108 | |
---|
| 109 | // save properties |
---|
| 110 | if (isset($_POST['save_col'])) |
---|
[16591] | 111 | { |
---|
[24421] | 112 | if (empty($_POST['name'])) |
---|
| 113 | { |
---|
| 114 | $page['errors'][] = l10n('Please give a name'); |
---|
| 115 | } |
---|
| 116 | else |
---|
| 117 | { |
---|
| 118 | $collection->updateParam('name', stripslashes($_POST['name'])); |
---|
| 119 | } |
---|
| 120 | $collection->updateParam('comment', stripslashes($_POST['comment'])); |
---|
[16591] | 121 | } |
---|
| 122 | |
---|
[24421] | 123 | // add key |
---|
| 124 | if ($conf['user_collections']['allow_public']) |
---|
| 125 | { |
---|
| 126 | $share = array( |
---|
| 127 | 'share_key' => get_random_key(16), |
---|
| 128 | 'password' => null, |
---|
| 129 | 'deadline' => null, |
---|
| 130 | ); |
---|
[16591] | 131 | |
---|
[24421] | 132 | if (isset($_POST['add_share'])) |
---|
[16591] | 133 | { |
---|
[24421] | 134 | $share = array( |
---|
| 135 | 'share_key' => trim($_POST['share_key']), |
---|
| 136 | 'password' => isset($_POST['use_share_password']) ? trim($_POST['share_password']) : '', |
---|
| 137 | 'deadline' => isset($_POST['use_share_deadline']) ? trim($_POST['share_deadline']) : '', |
---|
| 138 | ); |
---|
| 139 | |
---|
| 140 | if (!verify_ephemeral_key(@$_POST['key'])) |
---|
[19843] | 141 | { |
---|
[24421] | 142 | $result = array(l10n('Invalid key')); |
---|
[19843] | 143 | } |
---|
| 144 | else |
---|
| 145 | { |
---|
[24421] | 146 | $result = $collection->addShare($share); |
---|
[19843] | 147 | } |
---|
[24421] | 148 | if (is_array($result)) |
---|
[20090] | 149 | { |
---|
[24421] | 150 | $share['errors'] = $result; |
---|
[20090] | 151 | } |
---|
[24421] | 152 | else |
---|
| 153 | { |
---|
| 154 | $share = array(); |
---|
| 155 | $share['infos'][] = sprintf(l10n('New share added: <a href="%s">%s</a>'), $result, $result); |
---|
| 156 | } |
---|
| 157 | $share['open'] = true; |
---|
[16591] | 158 | } |
---|
[24421] | 159 | else if (isset($_GET['delete_share'])) |
---|
[20090] | 160 | { |
---|
[24421] | 161 | if ($collection->deleteShare($_GET['delete_share'])) |
---|
[20090] | 162 | { |
---|
[24421] | 163 | $share['infos'][] = l10n('Share deleted'); |
---|
[20090] | 164 | } |
---|
[24421] | 165 | $share['open'] = true; |
---|
[20090] | 166 | } |
---|
| 167 | |
---|
[24421] | 168 | $template->assign('share', $share); |
---|
| 169 | } |
---|
| 170 | |
---|
| 171 | // send mail |
---|
| 172 | if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] ) |
---|
| 173 | { |
---|
| 174 | $contact = array( |
---|
| 175 | 'sender_name' => $user['username'], |
---|
| 176 | 'sender_email' => $user['email'], |
---|
| 177 | 'recipient_name' => null, |
---|
| 178 | 'recipient_email' => null, |
---|
| 179 | 'nb_images' => 4, |
---|
| 180 | 'message' => null, |
---|
| 181 | ); |
---|
| 182 | |
---|
| 183 | if (isset($_POST['send_mail'])) |
---|
[16688] | 184 | { |
---|
[24421] | 185 | $contact = array( |
---|
| 186 | 'sender_email' => trim($_POST['sender_email']), |
---|
| 187 | 'sender_name' => trim($_POST['sender_name']), |
---|
| 188 | 'recipient_email' => trim($_POST['recipient_email']), |
---|
| 189 | 'recipient_name' => trim($_POST['recipient_name']), |
---|
| 190 | 'nb_images' => $_POST['nb_images'], |
---|
| 191 | 'message' => $_POST['message'], |
---|
[20093] | 192 | ); |
---|
[24421] | 193 | |
---|
| 194 | if (!verify_ephemeral_key(@$_POST['key'])) |
---|
| 195 | { |
---|
| 196 | $result = array(l10n('Invalid key')); |
---|
| 197 | } |
---|
| 198 | else |
---|
| 199 | { |
---|
| 200 | $result = $collection->sendEmail($contact); |
---|
| 201 | } |
---|
| 202 | if (is_array($result)) |
---|
| 203 | { |
---|
| 204 | $contact['errors'] = $result; |
---|
| 205 | $contact['open'] = true; |
---|
| 206 | } |
---|
| 207 | else |
---|
| 208 | { |
---|
| 209 | $contact = array(); |
---|
| 210 | $page['infos'] = l10n('E-mail sent successfully'); |
---|
| 211 | } |
---|
[20093] | 212 | } |
---|
[16591] | 213 | |
---|
[24421] | 214 | $template->assign('contact', $contact); |
---|
| 215 | } |
---|
| 216 | |
---|
| 217 | // clear |
---|
| 218 | if ( isset($_GET['action']) and $_GET['action'] == 'clear' ) |
---|
| 219 | { |
---|
| 220 | $collection->clearImages(); |
---|
| 221 | } |
---|
| 222 | |
---|
| 223 | |
---|
| 224 | // add remove item links |
---|
| 225 | $template->set_prefilter('index_thumbnails', 'user_collections_thumbnails_list_button'); |
---|
| 226 | $template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox'); |
---|
| 227 | |
---|
| 228 | // thumbnails |
---|
| 229 | include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php'); |
---|
| 230 | |
---|
| 231 | |
---|
| 232 | // collection properties |
---|
| 233 | $infos = $collection->getCollectionInfo(); |
---|
| 234 | $infos['DATE_CREATION'] = format_date($infos['DATE_CREATION'], true); |
---|
| 235 | $infos['SHARES'] = $collection->getShares(); |
---|
| 236 | $template->assign('collection', $infos); |
---|
| 237 | |
---|
| 238 | // toolbar buttons |
---|
| 239 | if (!empty($page['items'])) |
---|
| 240 | { |
---|
| 241 | $template->assign('U_CLEAR', |
---|
| 242 | add_url_params($self_url, array('action'=>'clear')) |
---|
[20093] | 243 | ); |
---|
[16591] | 244 | } |
---|
[24421] | 245 | $template->assign('U_DELETE', |
---|
| 246 | add_url_params(USER_COLLEC_PUBLIC, array('action'=>'delete','col_id'=>$page['col_id'])) |
---|
| 247 | ); |
---|
| 248 | |
---|
| 249 | if ( $conf['user_collections']['allow_public'] && !empty($page['items']) ) |
---|
[16591] | 250 | { |
---|
[24421] | 251 | $template->assign('U_SHARE', USER_COLLEC_PUBLIC . 'view/' . $page['col_id'] .'-'); |
---|
[16591] | 252 | } |
---|
[24421] | 253 | if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] && !empty($page['items']) ) |
---|
| 254 | { |
---|
| 255 | $template->assign('U_MAIL', true); |
---|
| 256 | } |
---|
| 257 | $template->assign('UC_TKEY', get_ephemeral_key(3)); |
---|
[16591] | 258 | |
---|
[24421] | 259 | // modify page title |
---|
| 260 | $template->concat('TITLE', |
---|
| 261 | $conf['level_separator'] . trigger_event('render_category_name', $infos['NAME']) |
---|
| 262 | ); |
---|
| 263 | |
---|
| 264 | // render description |
---|
| 265 | $template->assign('CONTENT_DESCRIPTION', |
---|
| 266 | trigger_event('render_category_description', nl2br($infos['COMMENT'])) |
---|
| 267 | ); |
---|
[16591] | 268 | } |
---|
[24421] | 269 | catch (Exception $e) |
---|
| 270 | { |
---|
| 271 | $page['errors'][] = $e->getMessage(); |
---|
| 272 | } |
---|
[16591] | 273 | |
---|
[24421] | 274 | break; |
---|
| 275 | } |
---|
| 276 | |
---|
| 277 | // +-----------------------------------------------------------------------+ |
---|
| 278 | // | View collection | |
---|
| 279 | // +-----------------------------------------------------------------------+ |
---|
| 280 | case 'view': |
---|
| 281 | { |
---|
| 282 | $page['col_key'] = $page['col_id']; |
---|
| 283 | |
---|
| 284 | if (!$conf['user_collections']['allow_public']) |
---|
[16591] | 285 | { |
---|
[24421] | 286 | page_forbidden(''); |
---|
| 287 | } |
---|
| 288 | if (empty($page['col_key'])) |
---|
| 289 | { |
---|
| 290 | bad_request(''); |
---|
| 291 | } |
---|
| 292 | |
---|
| 293 | $query = ' |
---|
| 294 | SELECT col_id, params |
---|
| 295 | FROM '.COLLECTION_SHARES_TABLE.' |
---|
| 296 | WHERE share_key = "'.$page['col_key'].'" |
---|
| 297 | ;'; |
---|
| 298 | $result = pwg_query($query); |
---|
| 299 | if (!pwg_db_num_rows($result)) |
---|
| 300 | { |
---|
| 301 | page_not_found(l10n('Collection not found')); |
---|
| 302 | } |
---|
| 303 | |
---|
| 304 | list($page['col_id'], $share_params) = pwg_db_fetch_row($result); |
---|
| 305 | $share_params = unserialize($share_params); |
---|
| 306 | |
---|
| 307 | // deadline check |
---|
| 308 | if ( !empty($share_params['deadline']) && strtotime($share_params['deadline'])<time() ) |
---|
| 309 | { |
---|
| 310 | page_not_found(l10n('This link expired')); |
---|
| 311 | } |
---|
| 312 | |
---|
| 313 | $self_url = USER_COLLEC_PUBLIC . 'view/' . $page['col_key']; |
---|
| 314 | |
---|
| 315 | $template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_view.tpl')); |
---|
| 316 | |
---|
| 317 | try { |
---|
| 318 | $collection = new UserCollection($page['col_id']); |
---|
| 319 | $col = $collection->getCollectionInfo(); |
---|
| 320 | |
---|
| 321 | $mode = 'view'; |
---|
| 322 | |
---|
| 323 | // password check |
---|
| 324 | if (!empty($share_params['password'])) |
---|
[16591] | 325 | { |
---|
[24421] | 326 | if (isset($_POST['uc_password'])) |
---|
| 327 | { |
---|
| 328 | $hash = sha1($conf['secret_key'].$_POST['uc_password'].$page['col_key']); |
---|
| 329 | if ($hash == $share_params['password']) |
---|
| 330 | { |
---|
| 331 | pwg_set_session_var('uc_key_'.$page['col_key'], get_ephemeral_key(0, $share_params['password'])); |
---|
| 332 | } |
---|
| 333 | else |
---|
| 334 | { |
---|
| 335 | $page['errors'][] = l10n('Invalid password!'); |
---|
| 336 | $mode = 'password'; |
---|
| 337 | } |
---|
| 338 | } |
---|
| 339 | else if (($var = pwg_get_session_var('uc_key_'.$page['col_key'])) !== null) |
---|
| 340 | { |
---|
| 341 | if (!verify_ephemeral_key($var, $share_params['password'])) |
---|
| 342 | { |
---|
| 343 | pwg_unset_session_var('uc_key_'.$page['col_key']); |
---|
| 344 | $mode = 'password'; |
---|
| 345 | } |
---|
| 346 | } |
---|
| 347 | else |
---|
| 348 | { |
---|
| 349 | $mode = 'password'; |
---|
| 350 | } |
---|
[16591] | 351 | } |
---|
| 352 | |
---|
[24421] | 353 | if ($mode == 'view') |
---|
| 354 | { |
---|
[23361] | 355 | $template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox'); |
---|
| 356 | |
---|
[20090] | 357 | // thumbnails |
---|
| 358 | include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php'); |
---|
[16591] | 359 | |
---|
[24421] | 360 | // render description |
---|
| 361 | $template->assign('CONTENT_DESCRIPTION', |
---|
| 362 | trigger_event('render_category_description', nl2br($col['COMMENT'])) |
---|
[16597] | 363 | ); |
---|
[16591] | 364 | } |
---|
| 365 | |
---|
[24421] | 366 | // add username in title |
---|
| 367 | include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |
---|
| 368 | $template->concat('TITLE', |
---|
| 369 | $conf['level_separator'] . trigger_event('render_category_name', $col['NAME']) . |
---|
| 370 | ' (' . sprintf(l10n('by %s'), get_username($collection->getParam('user_id'))) . ')' |
---|
| 371 | ); |
---|
| 372 | |
---|
| 373 | $template->assign('UC_MODE', $mode); |
---|
[16591] | 374 | } |
---|
[24421] | 375 | catch (Exception $e) |
---|
| 376 | { |
---|
| 377 | access_denied(); |
---|
| 378 | } |
---|
| 379 | |
---|
| 380 | break; |
---|
[16591] | 381 | } |
---|
[24421] | 382 | } |
---|
[16591] | 383 | |
---|
[24421] | 384 | |
---|
[23361] | 385 | // modification on mainpage_categories.tpl |
---|
| 386 | function user_collections_categories_list($content, &$samrty) |
---|
[16658] | 387 | { |
---|
[23551] | 388 | $search = '<div class="thumbnailCategory">'; |
---|
| 389 | $replace = '<div class="thumbnailCategory"> |
---|
[23361] | 390 | <div class="collectionActions"> |
---|
| 391 | <a href="{$cat.URL}" rel="nofollow">{"Edit"|@translate}</a> |
---|
| 392 | | <a href="{$cat.U_DELETE}" onClick="return confirm(\'{"Are you sure?"|@translate}\');" rel="nofollow">{"Delete"|@translate}</a> |
---|
| 393 | </div>'; |
---|
[16591] | 394 | |
---|
[23361] | 395 | return str_replace($search, $replace, $content); |
---|
[16658] | 396 | } |
---|
[16591] | 397 | |
---|
[23361] | 398 | // colorbox |
---|
[20097] | 399 | function user_collections_add_colorbox($content) |
---|
| 400 | { |
---|
| 401 | $search = '<a href="{$thumbnail.URL}"'; |
---|
| 402 | $replace = $search.' class="preview-box" data-src="{$thumbnail.FILE_SRC}" data-id="{$thumbnail.id}"'; |
---|
| 403 | |
---|
| 404 | return str_replace($search, $replace, $content); |
---|
| 405 | } |
---|
| 406 | |
---|
[16591] | 407 | ?> |
---|