Context Navigation

source: extensions/UserCollections/include/collections.inc.php @ 24421

Last change on this file since 24421 was 24421, checked in by mistic100, 11 years ago
new system for shares : password protection, link timeout, management popup + for mails handle lightbox conflicts menublock is visible by AMM
File size: 11.2 KB

Line
1	<?php
2	defined('USER_COLLEC_PATH') or die('Hacking attempt!');
3
4	global $page, $template, $conf, $user;
5
6	$template->assign(array(
7	'USER_COLLEC_PATH' => USER_COLLEC_PATH,
8	'USER_COLLEC_ABS_PATH' => realpath(USER_COLLEC_PATH).'/',
9	));
10
11
12	switch ($page['sub_section'])
13	{
14	// +-----------------------------------------------------------------------+
15	// \| Collections list \|
16	// +-----------------------------------------------------------------------+
17	case 'list':
18	{
19	if (is_a_guest())
20	{
21	access_denied();
22	}
23
24	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collections_list.tpl'));
25
26	// actions
27	if ( isset($_GET['action']) and preg_match('#^([0-9]+)$#', $_GET['col_id']) )
28	{
29	switch ($_GET['action'])
30	{
31	## new collection ##
32	case 'new':
33	{
34	if (empty($_GET['name']))
35	{
36	$page['errors'][] = l10n('Please give a name');
37	}
38	else
39	{
40	$collection = new UserCollection('new', $_GET['name']);
41
42	if (isset($_GET['redirect']))
43	{
44	$redirect = USER_COLLEC_PUBLIC . 'edit/' . $collection->getParam('id');
45	}
46	else
47	{
48	$redirect = USER_COLLEC_PUBLIC;
49	}
50	redirect($redirect);
51	}
52	break;
53	}
54
55	## delete collection ##
56	case 'delete':
57	{
58	try {
59	$collection = new UserCollection($_GET['col_id']);
60	$collection->delete();
61	redirect(USER_COLLEC_PUBLIC);
62	}
63	catch (Exception $e)
64	{
65	$page['errors'][] = $e->getMessage();
66	}
67	break;
68	}
69	}
70	}
71
72	$template->assign('U_CREATE',
73	add_url_params(USER_COLLEC_PUBLIC, array('action'=>'new','col_id'=>'0'))
74	);
75
76	$template->set_prefilter('index_category_thumbnails', 'user_collections_categories_list');
77
78	include(USER_COLLEC_PATH . '/include/display_collections.inc.php');
79
80	break;
81	}
82
83	// +-----------------------------------------------------------------------+
84	// \| Edit collection \|
85	// +-----------------------------------------------------------------------+
86	case 'edit':
87	{
88	// security
89	if (empty($page['col_id']))
90	{
91	$_SESSION['page_errors'][] = l10n('Invalid collection');
92	redirect(USER_COLLEC_PUBLIC);
93	}
94
95	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_edit.tpl'));
96
97	$self_url = USER_COLLEC_PUBLIC . 'edit/' . $page['col_id'];
98
99	$template->assign(array(
100	'F_ACTION' => $self_url,
101	'U_LIST' => USER_COLLEC_PUBLIC,
102	'UC_IN_EDIT' => true,
103	));
104
105	try {
106	$collection = new UserCollection($page['col_id']);
107	$collection->checkUser();
108
109	// save properties
110	if (isset($_POST['save_col']))
111	{
112	if (empty($_POST['name']))
113	{
114	$page['errors'][] = l10n('Please give a name');
115	}
116	else
117	{
118	$collection->updateParam('name', stripslashes($_POST['name']));
119	}
120	$collection->updateParam('comment', stripslashes($_POST['comment']));
121	}
122
123	// add key
124	if ($conf['user_collections']['allow_public'])
125	{
126	$share = array(
127	'share_key' => get_random_key(16),
128	'password' => null,
129	'deadline' => null,
130	);
131
132	if (isset($_POST['add_share']))
133	{
134	$share = array(
135	'share_key' => trim($_POST['share_key']),
136	'password' => isset($_POST['use_share_password']) ? trim($_POST['share_password']) : '',
137	'deadline' => isset($_POST['use_share_deadline']) ? trim($_POST['share_deadline']) : '',
138	);
139
140	if (!verify_ephemeral_key(@$_POST['key']))
141	{
142	$result = array(l10n('Invalid key'));
143	}
144	else
145	{
146	$result = $collection->addShare($share);
147	}
148	if (is_array($result))
149	{
150	$share['errors'] = $result;
151	}
152	else
153	{
154	$share = array();
155	$share['infos'][] = sprintf(l10n('New share added: <a href="%s">%s</a>'), $result, $result);
156	}
157	$share['open'] = true;
158	}
159	else if (isset($_GET['delete_share']))
160	{
161	if ($collection->deleteShare($_GET['delete_share']))
162	{
163	$share['infos'][] = l10n('Share deleted');
164	}
165	$share['open'] = true;
166	}
167
168	$template->assign('share', $share);
169	}
170
171	// send mail
172	if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] )
173	{
174	$contact = array(
175	'sender_name' => $user['username'],
176	'sender_email' => $user['email'],
177	'recipient_name' => null,
178	'recipient_email' => null,
179	'nb_images' => 4,
180	'message' => null,
181	);
182
183	if (isset($_POST['send_mail']))
184	{
185	$contact = array(
186	'sender_email' => trim($_POST['sender_email']),
187	'sender_name' => trim($_POST['sender_name']),
188	'recipient_email' => trim($_POST['recipient_email']),
189	'recipient_name' => trim($_POST['recipient_name']),
190	'nb_images' => $_POST['nb_images'],
191	'message' => $_POST['message'],
192	);
193
194	if (!verify_ephemeral_key(@$_POST['key']))
195	{
196	$result = array(l10n('Invalid key'));
197	}
198	else
199	{
200	$result = $collection->sendEmail($contact);
201	}
202	if (is_array($result))
203	{
204	$contact['errors'] = $result;
205	$contact['open'] = true;
206	}
207	else
208	{
209	$contact = array();
210	$page['infos'] = l10n('E-mail sent successfully');
211	}
212	}
213
214	$template->assign('contact', $contact);
215	}
216
217	// clear
218	if ( isset($_GET['action']) and $_GET['action'] == 'clear' )
219	{
220	$collection->clearImages();
221	}
222
223
224	// add remove item links
225	$template->set_prefilter('index_thumbnails', 'user_collections_thumbnails_list_button');
226	$template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox');
227
228	// thumbnails
229	include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php');
230
231
232	// collection properties
233	$infos = $collection->getCollectionInfo();
234	$infos['DATE_CREATION'] = format_date($infos['DATE_CREATION'], true);
235	$infos['SHARES'] = $collection->getShares();
236	$template->assign('collection', $infos);
237
238	// toolbar buttons
239	if (!empty($page['items']))
240	{
241	$template->assign('U_CLEAR',
242	add_url_params($self_url, array('action'=>'clear'))
243	);
244	}
245	$template->assign('U_DELETE',
246	add_url_params(USER_COLLEC_PUBLIC, array('action'=>'delete','col_id'=>$page['col_id']))
247	);
248
249	if ( $conf['user_collections']['allow_public'] && !empty($page['items']) )
250	{
251	$template->assign('U_SHARE', USER_COLLEC_PUBLIC . 'view/' . $page['col_id'] .'-');
252	}
253	if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] && !empty($page['items']) )
254	{
255	$template->assign('U_MAIL', true);
256	}
257	$template->assign('UC_TKEY', get_ephemeral_key(3));
258
259	// modify page title
260	$template->concat('TITLE',
261	$conf['level_separator'] . trigger_event('render_category_name', $infos['NAME'])
262	);
263
264	// render description
265	$template->assign('CONTENT_DESCRIPTION',
266	trigger_event('render_category_description', nl2br($infos['COMMENT']))
267	);
268	}
269	catch (Exception $e)
270	{
271	$page['errors'][] = $e->getMessage();
272	}
273
274	break;
275	}
276
277	// +-----------------------------------------------------------------------+
278	// \| View collection \|
279	// +-----------------------------------------------------------------------+
280	case 'view':
281	{
282	$page['col_key'] = $page['col_id'];
283
284	if (!$conf['user_collections']['allow_public'])
285	{
286	page_forbidden('');
287	}
288	if (empty($page['col_key']))
289	{
290	bad_request('');
291	}
292
293	$query = '
294	SELECT col_id, params
295	FROM '.COLLECTION_SHARES_TABLE.'
296	WHERE share_key = "'.$page['col_key'].'"
297	;';
298	$result = pwg_query($query);
299	if (!pwg_db_num_rows($result))
300	{
301	page_not_found(l10n('Collection not found'));
302	}
303
304	list($page['col_id'], $share_params) = pwg_db_fetch_row($result);
305	$share_params = unserialize($share_params);
306
307	// deadline check
308	if ( !empty($share_params['deadline']) && strtotime($share_params['deadline'])<time() )
309	{
310	page_not_found(l10n('This link expired'));
311	}
312
313	$self_url = USER_COLLEC_PUBLIC . 'view/' . $page['col_key'];
314
315	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_view.tpl'));
316
317	try {
318	$collection = new UserCollection($page['col_id']);
319	$col = $collection->getCollectionInfo();
320
321	$mode = 'view';
322
323	// password check
324	if (!empty($share_params['password']))
325	{
326	if (isset($_POST['uc_password']))
327	{
328	$hash = sha1($conf['secret_key'].$_POST['uc_password'].$page['col_key']);
329	if ($hash == $share_params['password'])
330	{
331	pwg_set_session_var('uc_key_'.$page['col_key'], get_ephemeral_key(0, $share_params['password']));
332	}
333	else
334	{
335	$page['errors'][] = l10n('Invalid password!');
336	$mode = 'password';
337	}
338	}
339	else if (($var = pwg_get_session_var('uc_key_'.$page['col_key'])) !== null)
340	{
341	if (!verify_ephemeral_key($var, $share_params['password']))
342	{
343	pwg_unset_session_var('uc_key_'.$page['col_key']);
344	$mode = 'password';
345	}
346	}
347	else
348	{
349	$mode = 'password';
350	}
351	}
352
353	if ($mode == 'view')
354	{
355	$template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox');
356
357	// thumbnails
358	include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php');
359
360	// render description
361	$template->assign('CONTENT_DESCRIPTION',
362	trigger_event('render_category_description', nl2br($col['COMMENT']))
363	);
364	}
365
366	// add username in title
367	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
368	$template->concat('TITLE',
369	$conf['level_separator'] . trigger_event('render_category_name', $col['NAME']) .
370	' (' . sprintf(l10n('by %s'), get_username($collection->getParam('user_id'))) . ')'
371	);
372
373	$template->assign('UC_MODE', $mode);
374	}
375	catch (Exception $e)
376	{
377	access_denied();
378	}
379
380	break;
381	}
382	}
383
384
385	// modification on mainpage_categories.tpl
386	function user_collections_categories_list($content, &$samrty)
387	{
388	$search = '<div class="thumbnailCategory">';
389	$replace = '<div class="thumbnailCategory">
390	<div class="collectionActions">
391	<a href="{$cat.URL}" rel="nofollow">{"Edit"\|@translate}</a>
392	\| <a href="{$cat.U_DELETE}" onClick="return confirm(\'{"Are you sure?"\|@translate}\');" rel="nofollow">{"Delete"\|@translate}</a>
393	</div>';
394
395	return str_replace($search, $replace, $content);
396	}
397
398	// colorbox
399	function user_collections_add_colorbox($content)
400	{
401	$search = '<a href="{$thumbnail.URL}"';
402	$replace = $search.' class="preview-box" data-src="{$thumbnail.FILE_SRC}" data-id="{$thumbnail.id}"';
403
404	return str_replace($search, $replace, $content);
405	}
406
407	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: