source: extensions/community/add_photos.php @ 10077

Last change on this file since 10077 was 9583, checked in by plg, 14 years ago

bug fixed: invalidate_user_cache now also invalidates community user
permissions cache

bug fixed: community permissions cache was not refreshed when user connects,
I have added $_SESSIONcommunity_user_id to make sure the permissions are
related to the correct user

change: use a random key for cache update to avoid "in the same second
refresh".

filter the list of parent albums for "create a new album" based on permissions
even when create_whole_gallery is true

File size: 9.6 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25
26global $template, $conf, $user;
27
28include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
29include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
30include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
31
32define('PHOTOS_ADD_BASE_URL', make_index_url(array('section' => 'add_photos')));
33
34prepare_upload_configuration();
35
36$user_permissions = community_get_user_permissions($user['id']);
37
38if (count($user_permissions['upload_categories']) == 0 and !$user_permissions ['create_whole_gallery'])
39{
40  redirect(make_index_url());
41}
42
43// +-----------------------------------------------------------------------+
44// |                             process form                              |
45// +-----------------------------------------------------------------------+
46
47$page['errors'] = array();
48$page['infos'] = array();
49$_POST['level'] = 16;
50
51if (isset($_GET['processed']))
52{
53  $hacking_attempt = false;
54 
55  if ('existing' == $_POST['category_type'])
56  {
57    // is the user authorized to upload in this album?
58    if (!in_array($_POST['category'], $user_permissions['upload_categories']))
59    {
60      echo 'Hacking attempt, you have no permission to upload in this album';
61      $hacking_attempt = true;
62    }
63  }
64  elseif ('new' == $_POST['category_type'])
65  {
66    if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
67    {
68      echo 'Hacking attempt, you have no permission to create this album';
69      $hacking_attempt = true;
70    }
71  }
72
73  if ($hacking_attempt)
74  {
75    if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
76    {
77      delete_elements($_SESSION['uploads'][ $_POST['upload_id'] ], true);
78    }
79    exit();
80  }
81}
82
83include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_process.inc.php');
84
85if (isset($image_ids) and count($image_ids) > 0)
86{
87  // reinitialize the informations to display on the result page
88  $page['infos'] = array();
89 
90  // $category_id is set in the photos_add_direct_process.inc.php included script
91  $category_infos = get_cat_info($category_id);
92  $category_name = get_cat_display_name($category_infos['upper_names']);
93
94  array_push(
95    $page['infos'],
96    sprintf(
97      l10n('%d photos uploaded into album "%s"'),
98      count($page['thumbnails']),
99      '<em>'.$category_name.'</em>'
100      )
101    );
102
103  // should the photos be moderated?
104  //
105  // if one of the user community permissions is not moderated on the path
106  // to gallery root, then the upload is not moderated. For example, if the
107  // user is allowed to upload to events/parties with no admin moderation,
108  // then he's not moderated when uploading in
109  // events/parties/happyNewYear2011
110  $moderate = true;
111  if (is_admin())
112  {
113    $moderate = false;
114  }
115  else
116  { 
117    $query = '
118SELECT
119    cp.category_id,
120    c.uppercats
121  FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
122    LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
123  WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
124    AND cp.moderated = \'false\'
125;';
126    $result = pwg_query($query);
127    while ($row = pwg_db_fetch_assoc($result))
128    {
129      if (empty($row['category_id']))
130      {
131        $moderate = false;
132      }
133      elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats']))
134      {
135        $moderate = false;
136      }
137    }
138  }
139 
140  if ($moderate)
141  {
142    $inserts = array();
143
144    $query = '
145SELECT
146    id,
147    date_available
148  FROM '.IMAGES_TABLE.'
149  WHERE id IN ('.implode(',', $image_ids).')
150;';
151    $result = pwg_query($query);
152    while ($row = pwg_db_fetch_assoc($result))
153    {
154      array_push(
155        $inserts,
156        array(
157          'image_id' => $row['id'],
158          'added_on' => $row['date_available'],
159          'state' => 'moderation_pending',
160          )
161        );
162    }
163   
164    mass_inserts(
165      COMMUNITY_PENDINGS_TABLE,
166      array_keys($inserts[0]),
167      $inserts
168      );
169
170    // the link on thumbnail must go to the websize photo
171    foreach ($page['thumbnails'] as $idx => $thumbnail)
172    {
173      $page['thumbnails'][$idx]['link'] = str_replace(
174        'thumbnail/'.$conf['prefix_thumbnail'],
175        '',
176        $thumbnail['src']
177        );
178    }
179
180    array_push(
181      $page['infos'],
182      l10n('Your photos are waiting for validation, administrators have been notified')
183      );
184  }
185  else
186  {
187    // the level of a user upload photo with no moderation is 0
188    $query = '
189UPDATE '.IMAGES_TABLE.'
190  SET level = 0
191  WHERE id IN ('.implode(',', $image_ids).')
192;';
193    pwg_query($query);
194
195    // the link on thumbnail must go to picture.php
196    foreach ($page['thumbnails'] as $idx => $thumbnail)
197    {
198      if (preg_match('/image_id=(\d+)/', $thumbnail['link'], $matches))
199      {
200        $page['thumbnails'][$idx]['link'] = make_picture_url(
201          array(
202            'image_id' => $matches[1],
203            'image_file' => $thumbnail['file'],
204            'category' => $category_infos,
205            )
206          );
207      }
208    }
209  }
210
211  invalidate_user_cache();
212
213  // let's notify administrators
214  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
215
216  $keyargs_content = array(
217    get_l10n_args('Hi administrators,', ''),
218    get_l10n_args('', ''),
219    get_l10n_args('Album: %s', get_cat_display_name($category_infos['upper_names'], null, false)),
220    get_l10n_args('User: %s', $user['username']),
221    get_l10n_args('Email: %s', $user['email']),
222    );
223
224  if ($moderate)
225  {
226    $keyargs_content[] = get_l10n_args('', '');
227   
228    array_push(
229      $keyargs_content,
230      get_l10n_args(
231        'Validation page: %s',
232        get_absolute_root_url().'admin.php?page=plugin-community-pendings'
233        )
234      );
235  }
236
237  pwg_mail_notification_admins(
238    get_l10n_args('%d photos uploaded by %s', array(count($image_ids), $user['username'])),
239    $keyargs_content,
240    false
241    );
242}
243
244// +-----------------------------------------------------------------------+
245// |                             prepare form                              |
246// +-----------------------------------------------------------------------+
247
248$template->set_filenames(array('add_photos' => dirname(__FILE__).'/add_photos.tpl'));
249
250include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
251
252// we have to change the list of uploadable albums
253$upload_categories = $user_permissions['upload_categories'];
254if (count($upload_categories) == 0)
255{
256  $upload_categories = array(-1);
257}
258
259$query = '
260SELECT id,name,uppercats,global_rank
261  FROM '.CATEGORIES_TABLE.'
262  WHERE id IN ('.implode(',', $upload_categories).')
263;';
264
265display_select_cat_wrapper(
266  $query,
267  $selected_category,
268  'category_options'
269  );
270
271$create_subcategories = false;
272if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0)
273{
274  $create_subcategories = true;
275}
276
277$create_categories = $user_permissions['create_categories'];
278if (count($user_permissions['create_categories']) == 0)
279{
280  $create_categories = array(-1);
281}
282
283$query = '
284SELECT id,name,uppercats,global_rank
285  FROM '.CATEGORIES_TABLE.'
286  WHERE id IN ('.implode(',', $create_categories).')
287;';
288
289display_select_cat_wrapper(
290  $query,
291  $selected_category,
292  'category_parent_options'
293  );
294
295$template->assign(
296  array(
297    'create_subcategories' => $create_subcategories,
298    'create_whole_gallery' => $user_permissions['create_whole_gallery'],
299    )
300  );
301
302
303// +-----------------------------------------------------------------------+
304// |                             display page                              |
305// +-----------------------------------------------------------------------+
306
307if (count($page['errors']) != 0)
308{
309  $template->assign('errors', $page['errors']);
310}
311
312if (count($page['infos']) != 0)
313{
314  $template->assign('infos', $page['infos']);
315}
316
317$title = l10n('Upload Photos');
318$page['body_id'] = 'theUploadPage';
319
320$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
321
322$template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED'));
323
324$template->assign(
325  array(
326    'TITLE' => '<a href="'.get_gallery_home_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].$title,
327    )
328  );
329?>
Note: See TracBrowser for help on using the repository browser.