Context Navigation

source: extensions/UserCollections/include/collections.inc.php @ 25674

Last change on this file since 25674 was 25674, checked in by mistic100, 10 years ago
fixc empty share key field after addition fix javascript errors
File size: 11.2 KB

Line
1	<?php
2	defined('USER_COLLEC_PATH') or die('Hacking attempt!');
3
4	global $page, $template, $conf, $user;
5
6	$template->assign(array(
7	'USER_COLLEC_PATH' => USER_COLLEC_PATH,
8	'USER_COLLEC_ABS_PATH' => realpath(USER_COLLEC_PATH).'/',
9	));
10
11
12	switch ($page['sub_section'])
13	{
14	// +-----------------------------------------------------------------------+
15	// \| Collections list \|
16	// +-----------------------------------------------------------------------+
17	case 'list':
18	{
19	if (is_a_guest())
20	{
21	access_denied();
22	}
23
24	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collections_list.tpl'));
25
26	// actions
27	if ( isset($_GET['action']) and preg_match('#^([0-9]+)$#', $_GET['col_id']) )
28	{
29	switch ($_GET['action'])
30	{
31	## new collection ##
32	case 'new':
33	{
34	if (empty($_GET['name']))
35	{
36	$page['errors'][] = l10n('Please give a name');
37	}
38	else
39	{
40	$collection = new UserCollection('new', $_GET['name']);
41
42	if (isset($_GET['redirect']))
43	{
44	$redirect = USER_COLLEC_PUBLIC . 'edit/' . $collection->getParam('id');
45	}
46	else
47	{
48	$redirect = USER_COLLEC_PUBLIC;
49	}
50	redirect($redirect);
51	}
52	break;
53	}
54
55	## delete collection ##
56	case 'delete':
57	{
58	try {
59	$collection = new UserCollection($_GET['col_id']);
60	$collection->delete();
61	redirect(USER_COLLEC_PUBLIC);
62	}
63	catch (Exception $e)
64	{
65	$page['errors'][] = $e->getMessage();
66	}
67	break;
68	}
69	}
70	}
71
72	$template->assign('U_CREATE',
73	add_url_params(USER_COLLEC_PUBLIC, array('action'=>'new','col_id'=>'0'))
74	);
75
76	$template->set_prefilter('index_category_thumbnails', 'user_collections_categories_list');
77
78	include(USER_COLLEC_PATH . '/include/display_collections.inc.php');
79
80	break;
81	}
82
83	// +-----------------------------------------------------------------------+
84	// \| Edit collection \|
85	// +-----------------------------------------------------------------------+
86	case 'edit':
87	{
88	// security
89	if (empty($page['col_id']))
90	{
91	$_SESSION['page_errors'][] = l10n('Invalid collection');
92	redirect(USER_COLLEC_PUBLIC);
93	}
94
95	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_edit.tpl'));
96
97	$self_url = USER_COLLEC_PUBLIC . 'edit/' . $page['col_id'];
98
99	$template->assign(array(
100	'F_ACTION' => $self_url,
101	'U_LIST' => USER_COLLEC_PUBLIC,
102	'UC_IN_EDIT' => true,
103	));
104
105	try {
106	$collection = new UserCollection($page['col_id']);
107	$collection->checkUser();
108
109	// save properties
110	if (isset($_POST['save_col']))
111	{
112	if (empty($_POST['name']))
113	{
114	$page['errors'][] = l10n('Please give a name');
115	}
116	else
117	{
118	$collection->updateParam('name', stripslashes($_POST['name']));
119	}
120	$collection->updateParam('comment', stripslashes($_POST['comment']));
121	}
122
123	// add key
124	if ($conf['user_collections']['allow_public'])
125	{
126	if (isset($_POST['add_share']))
127	{
128	$share = array(
129	'share_key' => trim($_POST['share_key']),
130	'password' => isset($_POST['use_share_password']) ? trim($_POST['share_password']) : '',
131	'deadline' => isset($_POST['use_share_deadline']) ? trim($_POST['share_deadline']) : '',
132	);
133
134	if (!verify_ephemeral_key(@$_POST['key']))
135	{
136	$result = array(l10n('Invalid key'));
137	}
138	else
139	{
140	$result = $collection->addShare($share);
141	}
142	if (is_array($result))
143	{
144	$share['errors'] = $result;
145	}
146	else
147	{
148	$share = array();
149	$share['infos'][] = sprintf(l10n('New share added: <a href="%s">%s</a>'), $result, $result);
150	}
151	$share['open'] = true;
152	}
153	else if (isset($_GET['delete_share']))
154	{
155	if ($collection->deleteShare($_GET['delete_share']))
156	{
157	$share['infos'][] = l10n('Share deleted');
158	}
159	$share['open'] = true;
160	}
161
162	if (!isset($share['share_key']))
163	{
164	$share['share_key'] = get_random_key(16);
165	$share['password'] = null;
166	$share['deadline'] = null;
167	}
168
169	$template->assign('share', $share);
170	}
171
172	// send mail
173	if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] )
174	{
175	$contact = array(
176	'sender_name' => $user['username'],
177	'sender_email' => $user['email'],
178	'recipient_name' => null,
179	'recipient_email' => null,
180	'nb_images' => 4,
181	'message' => null,
182	);
183
184	if (isset($_POST['send_mail']))
185	{
186	$contact = array(
187	'sender_email' => trim($_POST['sender_email']),
188	'sender_name' => trim($_POST['sender_name']),
189	'recipient_email' => trim($_POST['recipient_email']),
190	'recipient_name' => trim($_POST['recipient_name']),
191	'nb_images' => $_POST['nb_images'],
192	'message' => $_POST['message'],
193	);
194
195	if (!verify_ephemeral_key(@$_POST['key']))
196	{
197	$result = array(l10n('Invalid key'));
198	}
199	else
200	{
201	$result = $collection->sendEmail($contact);
202	}
203	if (is_array($result))
204	{
205	$contact['errors'] = $result;
206	$contact['open'] = true;
207	}
208	else
209	{
210	$contact = array();
211	$page['infos'] = l10n('E-mail sent successfully');
212	}
213	}
214
215	$template->assign('contact', $contact);
216	}
217
218	// clear
219	if ( isset($_GET['action']) and $_GET['action'] == 'clear' )
220	{
221	$collection->clearImages();
222	}
223
224
225	// add remove item links
226	$template->set_prefilter('index_thumbnails', 'user_collections_thumbnails_list_button');
227	$template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox');
228
229	// thumbnails
230	include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php');
231
232
233	// collection properties
234	$infos = $collection->getCollectionInfo();
235	$infos['DATE_CREATION'] = format_date($infos['DATE_CREATION'], true);
236	$infos['SHARES'] = $collection->getShares();
237	$template->assign('collection', $infos);
238
239	// toolbar buttons
240	if (!empty($page['items']))
241	{
242	$template->assign('U_CLEAR',
243	add_url_params($self_url, array('action'=>'clear'))
244	);
245	}
246	$template->assign('U_DELETE',
247	add_url_params(USER_COLLEC_PUBLIC, array('action'=>'delete','col_id'=>$page['col_id']))
248	);
249
250	if ( $conf['user_collections']['allow_public'] && !empty($page['items']) )
251	{
252	$template->assign('U_SHARE', USER_COLLEC_PUBLIC . 'view/' . $page['col_id'] .'-');
253	}
254	if ( $conf['user_collections']['allow_mails'] && $conf['user_collections']['allow_public'] && !empty($page['items']) )
255	{
256	$template->assign('U_MAIL', true);
257	}
258	$template->assign('UC_TKEY', get_ephemeral_key(3));
259
260	// modify page title
261	$template->concat('TITLE',
262	$conf['level_separator'] . trigger_event('render_category_name', $infos['NAME'])
263	);
264
265	// render description
266	$template->assign('CONTENT_DESCRIPTION',
267	trigger_event('render_category_description', nl2br($infos['COMMENT']))
268	);
269	}
270	catch (Exception $e)
271	{
272	$page['errors'][] = $e->getMessage();
273	}
274
275	break;
276	}
277
278	// +-----------------------------------------------------------------------+
279	// \| View collection \|
280	// +-----------------------------------------------------------------------+
281	case 'view':
282	{
283	$page['col_key'] = $page['col_id'];
284
285	if (!$conf['user_collections']['allow_public'])
286	{
287	page_forbidden('');
288	}
289	if (empty($page['col_key']))
290	{
291	bad_request('');
292	}
293
294	$query = '
295	SELECT col_id, params
296	FROM '.COLLECTION_SHARES_TABLE.'
297	WHERE share_key = "'.$page['col_key'].'"
298	;';
299	$result = pwg_query($query);
300	if (!pwg_db_num_rows($result))
301	{
302	page_not_found(l10n('Collection not found'));
303	}
304
305	list($page['col_id'], $share_params) = pwg_db_fetch_row($result);
306	$share_params = unserialize($share_params);
307
308	// deadline check
309	if ( !empty($share_params['deadline']) && strtotime($share_params['deadline'])<time() )
310	{
311	page_not_found(l10n('This link expired'));
312	}
313
314	$self_url = USER_COLLEC_PUBLIC . 'view/' . $page['col_key'];
315
316	$template->set_filename('index', realpath(USER_COLLEC_PATH.'template/collection_view.tpl'));
317
318	try {
319	$collection = new UserCollection($page['col_id']);
320	$col = $collection->getCollectionInfo();
321
322	$mode = 'view';
323
324	// password check
325	if (!empty($share_params['password']))
326	{
327	if (isset($_POST['uc_password']))
328	{
329	$hash = sha1($conf['secret_key'].$_POST['uc_password'].$page['col_key']);
330	if ($hash == $share_params['password'])
331	{
332	pwg_set_session_var('uc_key_'.$page['col_key'], get_ephemeral_key(0, $share_params['password']));
333	}
334	else
335	{
336	$page['errors'][] = l10n('Invalid password!');
337	$mode = 'password';
338	}
339	}
340	else if (($var = pwg_get_session_var('uc_key_'.$page['col_key'])) !== null)
341	{
342	if (!verify_ephemeral_key($var, $share_params['password']))
343	{
344	pwg_unset_session_var('uc_key_'.$page['col_key']);
345	$mode = 'password';
346	}
347	}
348	else
349	{
350	$mode = 'password';
351	}
352	}
353
354	if ($mode == 'view')
355	{
356	$template->set_prefilter('index_thumbnails', 'user_collections_add_colorbox');
357
358	// thumbnails
359	include(USER_COLLEC_PATH . '/include/display_thumbnails.inc.php');
360
361	// render description
362	$template->assign('CONTENT_DESCRIPTION',
363	trigger_event('render_category_description', nl2br($col['COMMENT']))
364	);
365	}
366
367	// add username in title
368	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
369	$template->concat('TITLE',
370	$conf['level_separator'] . trigger_event('render_category_name', $col['NAME']) .
371	' (' . sprintf(l10n('by %s'), get_username($collection->getParam('user_id'))) . ')'
372	);
373
374	$template->assign('UC_MODE', $mode);
375	}
376	catch (Exception $e)
377	{
378	access_denied();
379	}
380
381	break;
382	}
383	}
384
385
386	// modification on mainpage_categories.tpl
387	function user_collections_categories_list($content, &$samrty)
388	{
389	$search = '<div class="thumbnailCategory">';
390	$replace = '<div class="thumbnailCategory">
391	<div class="collectionActions">
392	<a href="{$cat.URL}" rel="nofollow">{"Edit"\|@translate}</a>
393	\| <a href="{$cat.U_DELETE}" onClick="return confirm(\'{"Are you sure?"\|@translate}\');" rel="nofollow">{"Delete"\|@translate}</a>
394	</div>';
395
396	return str_replace($search, $replace, $content);
397	}
398
399	// colorbox
400	function user_collections_add_colorbox($content)
401	{
402	$search = '<a href="{$thumbnail.URL}"';
403	$replace = $search.' class="preview-box" data-src="{$thumbnail.FILE_SRC}" data-id="{$thumbnail.id}"';
404
405	return str_replace($search, $replace, $content);
406	}
407
408	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: