Context Navigation

source: extensions/UserCollections/include/collections.inc.php @ 24421

Last change on this file since 24421 was 24421, checked in by mistic100, 11 years ago
new system for shares : password protection, link timeout, management popup + for mails handle lightbox conflicts menublock is visible by AMM
File size: 11.2 KB

Rev	Line
[16591]	1	<?php
	2	defined('USER_COLLEC_PATH') or die('Hacking attempt!');
	3
[24421]	4	global $page, $template, $conf, $user;
[16591]	5
[20093]	6	$template->assign(array(
	7	'USER_COLLEC_PATH' => USER_COLLEC_PATH,
	8	'USER_COLLEC_ABS_PATH' => realpath(USER_COLLEC_PATH).'/',
	9	));
	10
[24421]	11
[16591]	12	switch ($page['sub_section'])
	13	{
[24421]	14	// +-----------------------------------------------------------------------+
	15	// \| Collections list \|
	16	// +-----------------------------------------------------------------------+
	17	case 'list':
	18	{
	19	if (is_a_guest())
[16591]	20	{
[24421]	21	access_denied();
	22	}
	23
	24	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collections_list.tpl'));
	25
	26	// actions
	27	if ( isset($_GET['action']) and preg_match('#^([0-9]+)$#', $_GET['col_id']) )
	28	{
	29	switch ($_GET['action'])
[16591]	30	{
[24421]	31	## new collection ##
	32	case 'new':
[16591]	33	{
[24421]	34	if (empty($_GET['name']))
[16591]	35	{
[24421]	36	$page['errors'][] = l10n('Please give a name');
	37	}
	38	else
	39	{
	40	$collection = new UserCollection('new', $_GET['name']);
	41
	42	if (isset($_GET['redirect']))
[16591]	43	{
[24421]	44	$redirect = USER_COLLEC_PUBLIC . 'edit/' . $collection->getParam('id');
[16591]	45	}
[16688]	46	else
	47	{
[24421]	48	$redirect = USER_COLLEC_PUBLIC;
[16688]	49	}
[24421]	50	redirect($redirect);
[16591]	51	}
[24421]	52	break;
	53	}
	54
	55	## delete collection ##
	56	case 'delete':
	57	{
	58	try {
	59	$collection = new UserCollection($_GET['col_id']);
	60	$collection->delete();
	61	redirect(USER_COLLEC_PUBLIC);
	62	}
	63	catch (Exception $e)
[16591]	64	{
[24421]	65	$page['errors'][] = $e->getMessage();
[16591]	66	}
[24421]	67	break;
[16591]	68	}
	69	}
	70	}
[16597]	71
[24421]	72	$template->assign('U_CREATE',
	73	add_url_params(USER_COLLEC_PUBLIC, array('action'=>'new','col_id'=>'0'))
	74	);
	75
	76	$template->set_prefilter('index_category_thumbnails', 'user_collections_categories_list');
	77
	78	include(USER_COLLEC_PATH . '/include/display_collections.inc.php');
	79
	80	break;
	81	}
	82
	83	// +-----------------------------------------------------------------------+
	84	// \| Edit collection \|
	85	// +-----------------------------------------------------------------------+
	86	case 'edit':
	87	{
	88	// security
	89	if (empty($page['col_id']))
[16591]	90	{
[24421]	91	$_SESSION['page_errors'][] = l10n('Invalid collection');
	92	redirect(USER_COLLEC_PUBLIC);
	93	}
	94
	95	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_edit.tpl'));
	96
	97	$self_url = USER_COLLEC_PUBLIC . 'edit/' . $page['col_id'];
	98
	99	$template->assign(array(
	100	'F_ACTION' => $self_url,
	101	'U_LIST' => USER_COLLEC_PUBLIC,
	102	'UC_IN_EDIT' => true,
	103	));
	104
	105	try {
	106	$collection = new UserCollection($page['col_id']);
	107	$collection->checkUser();
	108
	109	// save properties
	110	if (isset($_POST['save_col']))
[16591]	111	{
[24421]	112	if (empty($_POST['name']))
	113	{
	114	$page['errors'][] = l10n('Please give a name');
	115	}
	116	else
	117	{
	118	$collection->updateParam('name', stripslashes($_POST['name']));
	119	}
	120	$collection->updateParam('comment', stripslashes($_POST['comment']));
[16591]	121	}
	122
[24421]	123	// add key
	124	if ($conf['user_collections']['allow_public'])
	125	{
	126	$share = array(
	127	'share_key' => get_random_key(16),
	128	'password' => null,
	129	'deadline' => null,
	130	);
[16591]	131
[24421]	132	if (isset($_POST['add_share']))
[16591]	133	{
[24421]	134	$share = array(
	135	'share_key' => trim($_POST['share_key']),
	136	'password' => isset($_POST['use_share_password']) ? trim($_POST['share_password']) : '',
	137	'deadline' => isset($_POST['use_share_deadline']) ? trim($_POST['share_deadline']) : '',
	138	);
	139
	140	if (!verify_ephemeral_key(@$_POST['key']))
[19843]	141	{
[24421]	142	$result = array(l10n('Invalid key'));
[19843]	143	}
	144	else
	145	{
[24421]	146	$result = $collection->addShare($share);
[19843]	147	}
[24421]	148	if (is_array($result))
[20090]	149	{
[24421]	150	$share['errors'] = $result;
[20090]	151	}
[24421]	152	else
	153	{
	154	$share = array();
	155	$share['infos'][] = sprintf(l10n('New share added: <a href="%s">%s</a>'), $result, $result);
	156	}
	157	$share['open'] = true;
[16591]	158	}
[24421]	159	else if (isset($_GET['delete_share']))
[20090]	160	{
[24421]	161	if ($collection->deleteShare($_GET['delete_share']))
[20090]	162	{
[24421]	163	$share['infos'][] = l10n('Share deleted');
[20090]	164	}
[24421]	165	$share['open'] = true;
[20090]	166	}
	167
[24421]	168	$template->assign('share', $share);
	169	}
	170
	171	// send mail
	172	if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] )
	173	{
	174	$contact = array(
	175	'sender_name' => $user['username'],
	176	'sender_email' => $user['email'],
	177	'recipient_name' => null,
	178	'recipient_email' => null,
	179	'nb_images' => 4,
	180	'message' => null,
	181	);
	182
	183	if (isset($_POST['send_mail']))
[16688]	184	{
[24421]	185	$contact = array(
	186	'sender_email' => trim($_POST['sender_email']),
	187	'sender_name' => trim($_POST['sender_name']),
	188	'recipient_email' => trim($_POST['recipient_email']),
	189	'recipient_name' => trim($_POST['recipient_name']),
	190	'nb_images' => $_POST['nb_images'],
	191	'message' => $_POST['message'],
[20093]	192	);
[24421]	193
	194	if (!verify_ephemeral_key(@$_POST['key']))
	195	{
	196	$result = array(l10n('Invalid key'));
	197	}
	198	else
	199	{
	200	$result = $collection->sendEmail($contact);
	201	}
	202	if (is_array($result))
	203	{
	204	$contact['errors'] = $result;
	205	$contact['open'] = true;
	206	}
	207	else
	208	{
	209	$contact = array();
	210	$page['infos'] = l10n('E-mail sent successfully');
	211	}
[20093]	212	}
[16591]	213
[24421]	214	$template->assign('contact', $contact);
	215	}
	216
	217	// clear
	218	if ( isset($_GET['action']) and $_GET['action'] == 'clear' )
	219	{
	220	$collection->clearImages();
	221	}
	222
	223
	224	// add remove item links
	225	$template->set_prefilter('index_thumbnails', 'user_collections_thumbnails_list_button');
	226	$template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox');
	227
	228	// thumbnails
	229	include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php');
	230
	231
	232	// collection properties
	233	$infos = $collection->getCollectionInfo();
	234	$infos['DATE_CREATION'] = format_date($infos['DATE_CREATION'], true);
	235	$infos['SHARES'] = $collection->getShares();
	236	$template->assign('collection', $infos);
	237
	238	// toolbar buttons
	239	if (!empty($page['items']))
	240	{
	241	$template->assign('U_CLEAR',
	242	add_url_params($self_url, array('action'=>'clear'))
[20093]	243	);
[16591]	244	}
[24421]	245	$template->assign('U_DELETE',
	246	add_url_params(USER_COLLEC_PUBLIC, array('action'=>'delete','col_id'=>$page['col_id']))
	247	);
	248
	249	if ( $conf['user_collections']['allow_public'] && !empty($page['items']) )
[16591]	250	{
[24421]	251	$template->assign('U_SHARE', USER_COLLEC_PUBLIC . 'view/' . $page['col_id'] .'-');
[16591]	252	}
[24421]	253	if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] && !empty($page['items']) )
	254	{
	255	$template->assign('U_MAIL', true);
	256	}
	257	$template->assign('UC_TKEY', get_ephemeral_key(3));
[16591]	258
[24421]	259	// modify page title
	260	$template->concat('TITLE',
	261	$conf['level_separator'] . trigger_event('render_category_name', $infos['NAME'])
	262	);
	263
	264	// render description
	265	$template->assign('CONTENT_DESCRIPTION',
	266	trigger_event('render_category_description', nl2br($infos['COMMENT']))
	267	);
[16591]	268	}
[24421]	269	catch (Exception $e)
	270	{
	271	$page['errors'][] = $e->getMessage();
	272	}
[16591]	273
[24421]	274	break;
	275	}
	276
	277	// +-----------------------------------------------------------------------+
	278	// \| View collection \|
	279	// +-----------------------------------------------------------------------+
	280	case 'view':
	281	{
	282	$page['col_key'] = $page['col_id'];
	283
	284	if (!$conf['user_collections']['allow_public'])
[16591]	285	{
[24421]	286	page_forbidden('');
	287	}
	288	if (empty($page['col_key']))
	289	{
	290	bad_request('');
	291	}
	292
	293	$query = '
	294	SELECT col_id, params
	295	FROM '.COLLECTION_SHARES_TABLE.'
	296	WHERE share_key = "'.$page['col_key'].'"
	297	;';
	298	$result = pwg_query($query);
	299	if (!pwg_db_num_rows($result))
	300	{
	301	page_not_found(l10n('Collection not found'));
	302	}
	303
	304	list($page['col_id'], $share_params) = pwg_db_fetch_row($result);
	305	$share_params = unserialize($share_params);
	306
	307	// deadline check
	308	if ( !empty($share_params['deadline']) && strtotime($share_params['deadline'])<time() )
	309	{
	310	page_not_found(l10n('This link expired'));
	311	}
	312
	313	$self_url = USER_COLLEC_PUBLIC . 'view/' . $page['col_key'];
	314
	315	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_view.tpl'));
	316
	317	try {
	318	$collection = new UserCollection($page['col_id']);
	319	$col = $collection->getCollectionInfo();
	320
	321	$mode = 'view';
	322
	323	// password check
	324	if (!empty($share_params['password']))
[16591]	325	{
[24421]	326	if (isset($_POST['uc_password']))
	327	{
	328	$hash = sha1($conf['secret_key'].$_POST['uc_password'].$page['col_key']);
	329	if ($hash == $share_params['password'])
	330	{
	331	pwg_set_session_var('uc_key_'.$page['col_key'], get_ephemeral_key(0, $share_params['password']));
	332	}
	333	else
	334	{
	335	$page['errors'][] = l10n('Invalid password!');
	336	$mode = 'password';
	337	}
	338	}
	339	else if (($var = pwg_get_session_var('uc_key_'.$page['col_key'])) !== null)
	340	{
	341	if (!verify_ephemeral_key($var, $share_params['password']))
	342	{
	343	pwg_unset_session_var('uc_key_'.$page['col_key']);
	344	$mode = 'password';
	345	}
	346	}
	347	else
	348	{
	349	$mode = 'password';
	350	}
[16591]	351	}
	352
[24421]	353	if ($mode == 'view')
	354	{
[23361]	355	$template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox');
	356
[20090]	357	// thumbnails
	358	include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php');
[16591]	359
[24421]	360	// render description
	361	$template->assign('CONTENT_DESCRIPTION',
	362	trigger_event('render_category_description', nl2br($col['COMMENT']))
[16597]	363	);
[16591]	364	}
	365
[24421]	366	// add username in title
	367	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	368	$template->concat('TITLE',
	369	$conf['level_separator'] . trigger_event('render_category_name', $col['NAME']) .
	370	' (' . sprintf(l10n('by %s'), get_username($collection->getParam('user_id'))) . ')'
	371	);
	372
	373	$template->assign('UC_MODE', $mode);
[16591]	374	}
[24421]	375	catch (Exception $e)
	376	{
	377	access_denied();
	378	}
	379
	380	break;
[16591]	381	}
[24421]	382	}
[16591]	383
[24421]	384
[23361]	385	// modification on mainpage_categories.tpl
	386	function user_collections_categories_list($content, &$samrty)
[16658]	387	{
[23551]	388	$search = '<div class="thumbnailCategory">';
	389	$replace = '<div class="thumbnailCategory">
[23361]	390	<div class="collectionActions">
	391	<a href="{$cat.URL}" rel="nofollow">{"Edit"\|@translate}</a>
	392	\| <a href="{$cat.U_DELETE}" onClick="return confirm(\'{"Are you sure?"\|@translate}\');" rel="nofollow">{"Delete"\|@translate}</a>
	393	</div>';
[16591]	394
[23361]	395	return str_replace($search, $replace, $content);
[16658]	396	}
[16591]	397
[23361]	398	// colorbox
[20097]	399	function user_collections_add_colorbox($content)
	400	{
	401	$search = '<a href="{$thumbnail.URL}"';
	402	$replace = $search.' class="preview-box" data-src="{$thumbnail.FILE_SRC}" data-id="{$thumbnail.id}"';
	403
	404	return str_replace($search, $replace, $content);
	405	}
	406
[16591]	407	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: