source: extensions/community/add_photos.php @ 29720

Last change on this file since 29720 was 29266, checked in by plg, 10 years ago

bug fixed: new pattern for admin photo url

File size: 16.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25
26global $template, $conf, $user;
27
28include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
29include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
30include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
31
32define('PHOTOS_ADD_BASE_URL', make_index_url(array('section' => 'add_photos')));
33
34$user_permissions = $user['community_permissions'];
35
36if (!$user_permissions['community_enabled'])
37{
38  redirect(make_index_url());
39}
40
41// +-----------------------------------------------------------------------+
42// |                             process form                              |
43// +-----------------------------------------------------------------------+
44
45$page['errors'] = array();
46$page['infos'] = array();
47
48// this is for "browser uploader", for Flash Uploader the problem is solved
49// with function community_uploadify_privacy_level (see main.inc.php)
50$_POST['level'] = 16;
51
52if (isset($_GET['processed']))
53{
54  $hacking_attempt = false;
55 
56  // is the user authorized to upload in this album?
57  if (!in_array($_POST['category'], $user_permissions['upload_categories']))
58  {
59    echo 'Hacking attempt, you have no permission to upload in this album';
60    $hacking_attempt = true;
61  }
62
63  if ($hacking_attempt)
64  {
65    if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
66    {
67      delete_elements($_SESSION['uploads'][ $_POST['upload_id'] ], true);
68    }
69    exit();
70  }
71}
72
73include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_process.inc.php');
74
75// +-----------------------------------------------------------------------+
76// | limits                                                                |
77// +-----------------------------------------------------------------------+
78
79// has the user reached its limits?
80$user['community_usage'] = community_get_user_limits($user['id']);
81// echo '<pre>'; print_r($user['community_usage']); echo '</pre>';
82
83// +-----------------------------------------------------------------------+
84// | set properties, moderate, notify                                      |
85// +-----------------------------------------------------------------------+
86
87if (isset($image_ids) and count($image_ids) > 0)
88{
89  $query = '
90SELECT
91    id,
92    file,
93    filesize
94  FROM '.IMAGES_TABLE.'
95  WHERE id IN ('.implode(',', $image_ids).')
96  ORDER BY id DESC
97;';
98  $images = array_from_query($query);
99
100  $nb_images_deleted = 0;
101 
102  // upload has just happened, maybe the user is over quota
103  if ($user_permissions['storage'] > 0 and $user['community_usage']['storage'] > $user_permissions['storage'])
104  {
105    foreach ($images as $image)
106    {
107      array_push(
108        $page['errors'],
109        sprintf(l10n('Photo %s rejected.'), $image['file'])
110        .' '.sprintf(l10n('Disk usage quota reached (%uMB)'), $user_permissions['storage'])
111        );
112     
113      delete_elements(array($image['id']), true);
114      foreach ($page['thumbnails'] as $tn_idx => $thumbnail)
115      {
116        if ($thumbnail['file'] == $image['file'])
117        {
118          unset($page['thumbnails'][$idx]);
119        }
120      }
121
122      $user['community_usage'] = community_get_user_limits($user['id']);
123     
124      if ($user['community_usage']['storage'] <= $user_permissions['storage'])
125      {
126        // we stop the deletions
127        break;
128      }
129    }
130  }
131
132  if ($user_permissions['nb_photos'] > 0 and $user['community_usage']['nb_photos'] > $user_permissions['nb_photos'])
133  {
134    foreach ($images as $image)
135    {
136      array_push(
137        $page['errors'],
138        sprintf(l10n('Photo %s rejected.'), $image['file'])
139        .' '.sprintf(l10n('Maximum number of photos reached (%u)'), $user_permissions['nb_photos'])
140        );
141     
142      delete_elements(array($image['id']), true);
143      foreach ($page['thumbnails'] as $tn_idx => $thumbnail)
144      {
145        if ($thumbnail['file'] == $image['file'])
146        {
147          unset($page['thumbnails'][$idx]);
148        }
149      }
150
151      $user['community_usage'] = community_get_user_limits($user['id']);
152     
153      if ($user['community_usage']['nb_photos'] <= $user_permissions['nb_photos'])
154      {
155        // we stop the deletions
156        break;
157      }
158    }
159  }
160     
161 
162  // reinitialize the informations to display on the result page
163  $page['infos'] = array();
164
165  if (isset($_POST['set_photo_properties']))
166  {
167    $data = array();
168   
169    $data['name'] = $_POST['name'];
170    $data['author'] = $_POST['author'];
171   
172    if ($conf['allow_html_descriptions'])
173    {
174      $data['comment'] = @$_POST['description'];
175    }
176    else
177    {
178      $data['comment'] = strip_tags(@$_POST['description']);
179    }
180
181    $updates = array();
182    foreach ($image_ids as $image_id)
183    {
184      $update = $data;
185      $update['id'] = $image_id;
186
187      array_push($updates, $update);
188    }
189
190    mass_updates(
191      IMAGES_TABLE,
192      array(
193        'primary' => array('id'),
194        'update' => array_diff(array_keys($updates[0]), array('id'))
195        ),
196      $updates
197      );
198  }
199
200  if (count($page['thumbnails']) > 0)
201  {
202    // $category_id is set in the photos_add_direct_process.inc.php included script
203    $category_infos = get_cat_info($category_id);
204    $category_name = get_cat_display_name($category_infos['upper_names']);
205
206    array_push(
207      $page['infos'],
208      sprintf(
209        l10n('%d photos uploaded into album "%s"'),
210        count($page['thumbnails']),
211        '<em>'.$category_name.'</em>'
212        )
213      );
214  }
215
216  // should the photos be moderated?
217  //
218  // if one of the user community permissions is not moderated on the path
219  // to gallery root, then the upload is not moderated. For example, if the
220  // user is allowed to upload to events/parties with no admin moderation,
221  // then he's not moderated when uploading in
222  // events/parties/happyNewYear2011
223  $moderate = true;
224  if (is_admin())
225  {
226    $moderate = false;
227  }
228  else
229  { 
230    $query = '
231SELECT
232    cp.category_id,
233    c.uppercats
234  FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
235    LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
236  WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
237    AND cp.moderated = \'false\'
238;';
239    $result = pwg_query($query);
240    while ($row = pwg_db_fetch_assoc($result))
241    {
242      if (empty($row['category_id']))
243      {
244        $moderate = false;
245      }
246      elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats']))
247      {
248        $moderate = false;
249      }
250    }
251  }
252 
253  if ($moderate)
254  {
255    $inserts = array();
256
257    $query = '
258SELECT
259    id,
260    date_available
261  FROM '.IMAGES_TABLE.'
262  WHERE id IN ('.implode(',', $image_ids).')
263;';
264    $result = pwg_query($query);
265    while ($row = pwg_db_fetch_assoc($result))
266    {
267      array_push(
268        $inserts,
269        array(
270          'image_id' => $row['id'],
271          'added_on' => $row['date_available'],
272          'state' => 'moderation_pending',
273          )
274        );
275    }
276
277    if (count($inserts) > 0)
278    {
279      mass_inserts(
280        COMMUNITY_PENDINGS_TABLE,
281        array_keys($inserts[0]),
282        $inserts
283        );
284     
285      // find the url to the medium size
286      $page['thumbnails'] = array();
287
288      $query = '
289SELECT *
290  FROM '.IMAGES_TABLE.'
291  WHERE id IN ('.implode(',', $image_ids).')
292;';
293      $result = pwg_query($query);
294      while ($row = pwg_db_fetch_assoc($result))
295      {
296        $src_image = new SrcImage($row);
297       
298        $page['thumbnails'][] = array(
299          'file' => $row['file'],
300          'src' => DerivativeImage::url(IMG_THUMB, $src_image),
301          'title' => $row['name'],
302          'link' => $image_url = DerivativeImage::url(IMG_MEDIUM, $src_image),
303          'lightbox' => true,
304          );
305      }
306     
307      array_push(
308        $page['infos'],
309        l10n('Your photos are waiting for validation, administrators have been notified')
310        );
311    }
312  }
313  else
314  {
315    // the level of a user upload photo with no moderation is 0
316    $query = '
317UPDATE '.IMAGES_TABLE.'
318  SET level = 0
319  WHERE id IN ('.implode(',', $image_ids).')
320;';
321    pwg_query($query);
322
323    // the link on thumbnail must go to picture.php
324    foreach ($page['thumbnails'] as $idx => $thumbnail)
325    {
326      if (preg_match('/page=photo-(\d+)/', $thumbnail['link'], $matches))
327      {
328        $page['thumbnails'][$idx]['link'] = make_picture_url(
329          array(
330            'image_id' => $matches[1],
331            'image_file' => $thumbnail['file'],
332            'category' => $category_infos,
333            )
334          );
335      }
336    }
337  }
338
339  invalidate_user_cache();
340 
341  if (count($page['thumbnails']))
342  {
343    // let's notify administrators
344    include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
345
346    $keyargs_content = array(
347      get_l10n_args('Hi administrators,', ''),
348      get_l10n_args('', ''),
349      get_l10n_args('Album: %s', get_cat_display_name($category_infos['upper_names'], null, false)),
350      get_l10n_args('User: %s', $user['username']),
351      get_l10n_args('Email: %s', $user['email']),
352      );
353
354    if ($moderate)
355    {
356      $keyargs_content[] = get_l10n_args('', '');
357     
358      array_push(
359        $keyargs_content,
360        get_l10n_args(
361          'Validation page: %s',
362          get_absolute_root_url().'admin.php?page=plugin-community-pendings'
363          )
364        );
365    }
366
367    pwg_mail_notification_admins(
368      get_l10n_args('%d photos uploaded by %s', array(count($image_ids), $user['username'])),
369      $keyargs_content,
370      false
371      );
372  }
373}
374
375// +-----------------------------------------------------------------------+
376// |                             prepare form                              |
377// +-----------------------------------------------------------------------+
378
379$template->set_filenames(array('add_photos' => dirname(__FILE__).'/add_photos.tpl'));
380
381include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
382
383if (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types'])
384{
385  $upload_file_types = $conf['file_ext'];
386}
387else
388{
389  $upload_file_types = $conf['picture_ext'];
390}
391
392$unique_exts = array_unique(array_map('strtolower', $upload_file_types));
393
394$is_windows = true;
395if (stripos($_SERVER['HTTP_USER_AGENT'], 'Win') === false)
396{
397  $is_windows = false;
398}
399
400$uploadify_exts = array();
401foreach ($unique_exts as $ext)
402{
403  $uploadify_exts[] = $ext;
404
405  // Windows is not case sensitive and there is a bug with Firefox on
406  // Windows: the list of extensions is truncated and last extensions are
407  // not taken into account, so we have to make it as short as possible.
408  if (!$is_windows)
409  {
410    $uploadify_exts[] = strtoupper($ext);
411  }
412}
413
414$template->assign(
415  array(
416    'upload_file_types' => implode(', ', $unique_exts),
417    'uploadify_fileTypeExts' => implode(';', prepend_append_array_items($uploadify_exts, '*.', '')),
418    )
419  );
420
421$quota_available = array(
422  'summary' => array(),
423  'details' => array(),
424  );
425
426// there is a limit on storage for this user
427if ($user_permissions['storage'] > 0)
428{
429  $remaining_storage = $user_permissions['storage'] - $user['community_usage']['storage'];
430 
431  if ($remaining_storage <= 0)
432  {
433    // limit reached
434    $setup_errors[] = sprintf(
435      l10n('Disk usage quota reached (%uMB)'),
436      $user_permissions['storage']
437      );
438  }
439  else
440  {
441    $quota_available['summary'][] = $remaining_storage.'MB';
442   
443    $quota_available['details'][] = sprintf(
444      l10n('%s out of %s'),
445      $remaining_storage.'MB',
446      $user_permissions['storage']
447      );
448   
449    $template->assign(
450      array(
451        'limit_storage' => $remaining_storage*1024*1024,
452        'limit_storage_total_mb' => $user_permissions['storage'],
453        )
454      );
455  }
456}
457
458// there is a limit on number of photos for this user
459if ($user_permissions['nb_photos'] > 0)
460{
461  $remaining_nb_photos = $user_permissions['nb_photos'] - $user['community_usage']['nb_photos'];
462 
463  if ($remaining_nb_photos <= 0)
464  {
465    // limit reached
466    $setup_errors[] = sprintf(
467      l10n('Maximum number of photos reached (%u)'),
468      $user_permissions['nb_photos']
469      );
470  }
471  else
472  {
473    $quota_available['summary'][] = l10n_dec('%d photo', '%d photos', $remaining_nb_photos);
474   
475    $quota_available['details'][] = sprintf(
476      l10n('%s out of %s'),
477      l10n_dec('%d photo', '%d photos', $remaining_nb_photos),
478      $user_permissions['nb_photos']
479      );
480   
481    $template->assign('limit_nb_photos', $remaining_nb_photos);
482  }
483}
484
485if (count($quota_available['details']) > 0)
486{
487  $template->assign(
488    array(
489      'quota_summary' => sprintf(
490        l10n('Available %s.'),
491        implode(', ', $quota_available['summary'])
492        ),
493      'quota_details' => sprintf(
494        l10n('Available quota %s.'),
495        implode(', ', $quota_available['details'])
496        ),
497      )
498    );
499}
500
501$template->assign(
502  array(
503    'setup_errors'=> $setup_errors,
504    )
505  );
506
507// we have to change the list of uploadable albums
508$upload_categories = $user_permissions['upload_categories'];
509if (count($upload_categories) == 0)
510{
511  $upload_categories = array(-1);
512}
513
514$query = '
515SELECT id,name,uppercats,global_rank
516  FROM '.CATEGORIES_TABLE.'
517  WHERE id IN ('.implode(',', $upload_categories).')
518;';
519
520display_select_cat_wrapper(
521  $query,
522  $selected_category,
523  'category_options'
524  );
525
526$create_subcategories = false;
527if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0)
528{
529  $create_subcategories = true;
530}
531
532$create_categories = $user_permissions['create_categories'];
533if (count($user_permissions['create_categories']) == 0)
534{
535  $create_categories = array(-1);
536}
537
538$query = '
539SELECT id,name,uppercats,global_rank
540  FROM '.CATEGORIES_TABLE.'
541  WHERE id IN ('.implode(',', $create_categories).')
542;';
543
544display_select_cat_wrapper(
545  $query,
546  $selected_category,
547  'category_parent_options'
548  );
549
550$template->assign(
551  array(
552    'create_subcategories' => $create_subcategories,
553    'create_whole_gallery' => $user_permissions['create_whole_gallery'],
554    )
555  );
556
557if (isset($conf['community_ask_for_properties']) and $conf['community_ask_for_properties'])
558{
559  $template->assign(
560    array(
561      'community_ask_for_properties' => true,
562      )
563    );
564}
565
566// +-----------------------------------------------------------------------+
567// |                             display page                              |
568// +-----------------------------------------------------------------------+
569
570if (count($page['errors']) != 0)
571{
572  $template->assign('errors', $page['errors']);
573}
574
575if (count($page['infos']) != 0)
576{
577  $template->assign('infos', $page['infos']);
578}
579
580$title = l10n('Upload Photos');
581$page['body_id'] = 'theUploadPage';
582
583$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
584
585$template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED'));
586
587$template->assign(
588  array(
589    'TITLE' => '<a href="'.get_gallery_home_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].$title,
590    )
591  );
592?>
Note: See TracBrowser for help on using the repository browser.