source: extensions/community/add_photos.php @ 9372

Last change on this file since 9372 was 9372, checked in by plg, 13 years ago

Rewritten version of Community plugin :

  • user upload (web form on gallery side)
  • precise permission manage (who, where, with moderation or not, ability to create sub-albums)
  • email notification to administrators when photos are uploaded

Requires Piwigo 2.2.0RC3
File size: 10.4 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25
26global $template, $conf, $user;
27
28include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
29include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
30include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
31
32define('PHOTOS_ADD_BASE_URL', make_index_url(array('section' => 'add_photos')));
33
34$user_permissions = community_get_user_permissions($user['id']);
35
36// +-----------------------------------------------------------------------+
37// |                             process form                              |
38// +-----------------------------------------------------------------------+
39
40$page['errors'] = array();
41$page['infos'] = array();
42$_POST['level'] = 16;
43
44if (isset($_GET['processed']))
45{
46  $hacking_attempt = false;
47 
48  if ('existing' == $_POST['category_type'])
49  {
50    // is the user authorized to upload in this album?
51    if (!$user_permissions['upload_whole_gallery'])
52    {
53      if (!in_array($_POST['category'], $user_permissions['upload_categories']))
54      {
55        echo 'Hacking attempt, you have no permission to upload in this album';
56        $hacking_attempt = true;
57      }
58    }
59  }
60  elseif ('new' == $_POST['category_type'])
61  {
62    if (!$user_permissions['create_whole_gallery'])
63    {
64      if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
65      {
66        echo 'Hacking attempt, you have no permission to create this album';
67        $hacking_attempt = true;
68      }
69    }
70  }
71
72  if ($hacking_attempt)
73  {
74    if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
75    {
76      delete_elements($_SESSION['uploads'][ $_POST['upload_id'] ], true);
77    }
78    exit();
79  }
80}
81
82include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_process.inc.php');
83
84if (isset($image_ids) and count($image_ids) > 0)
85{
86  // reinitialize the informations to display on the result page
87  $page['infos'] = array();
88 
89  // $category_id is set in the photos_add_direct_process.inc.php included script
90  $category_infos = get_cat_info($category_id);
91  $category_name = get_cat_display_name($category_infos['upper_names']);
92
93  array_push(
94    $page['infos'],
95    sprintf(
96      l10n('%d photos uploaded into album "%s"'),
97      count($page['thumbnails']),
98      '<em>'.$category_name.'</em>'
99      )
100    );
101
102  // should the photos be moderated?
103  //
104  // if one of the user community permissions is not moderated on the path
105  // to gallery root, then the upload is not moderated. For example, if the
106  // user is allowed to upload to events/parties with no admin moderation,
107  // then he's not moderated when uploading in
108  // events/parties/happyNewYear2011
109  $moderate = true;
110 
111  $query = '
112SELECT
113    cp.category_id,
114    c.uppercats
115  FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
116    LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
117  WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
118    AND cp.moderated = \'false\'
119;';
120  $result = pwg_query($query);
121  while ($row = pwg_db_fetch_assoc($result))
122  {
123    if (empty($row['category_id']))
124    {
125      $moderate = false;
126    }
127    elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats']))
128    {
129      $moderate = false;
130    }
131  }
132
133  if ($moderate)
134  {
135    $inserts = array();
136
137    $query = '
138SELECT
139    id,
140    date_available
141  FROM '.IMAGES_TABLE.'
142  WHERE id IN ('.implode(',', $image_ids).')
143;';
144    $result = pwg_query($query);
145    while ($row = pwg_db_fetch_assoc($result))
146    {
147      array_push(
148        $inserts,
149        array(
150          'image_id' => $row['id'],
151          'added_on' => $row['date_available'],
152          'state' => 'moderation_pending',
153          )
154        );
155    }
156   
157    mass_inserts(
158      COMMUNITY_PENDINGS_TABLE,
159      array_keys($inserts[0]),
160      $inserts
161      );
162
163    // the link on thumbnail must go to the websize photo
164    foreach ($page['thumbnails'] as $idx => $thumbnail)
165    {
166      $page['thumbnails'][$idx]['link'] = str_replace(
167        'thumbnail/'.$conf['prefix_thumbnail'],
168        '',
169        $thumbnail['src']
170        );
171    }
172
173    array_push(
174      $page['infos'],
175      l10n('Your photos are waiting for validation, administrators have been notified')
176      );
177  }
178  else
179  {
180    // we have to change the level.
181    //
182    // the level must equal the minimum level between :
183    // * the privacy level of the uploader
184    // * the minimum level for photos in the same album
185    $category_min_level = null;
186   
187    $query = '
188SELECT
189    image_id,
190    level
191  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
192    JOIN '.IMAGES_TABLE.' AS i ON ic.image_id = i.id
193  WHERE category_id = '.$category_id.'
194;';
195    $result = pwg_query($query);
196    while ($row = pwg_db_fetch_assoc($result))
197    {
198      if (in_array($row['image_id'], $image_ids))
199      {
200        continue;
201      }
202
203      if (!isset($category_min_level))
204      {
205        $category_min_level = $row['level'];
206      }
207
208      if ($row['level'] < $category_min_level)
209      {
210        $category_min_level = $row['level'];
211      }
212    }
213
214    if (!isset($category_min_level))
215    {
216      $category_min_level = 0;
217    }
218
219    $level = min($category_min_level, $user['level']);
220
221    $query = '
222UPDATE '.IMAGES_TABLE.'
223  SET level = '.$level.'
224  WHERE id IN ('.implode(',', $image_ids).')
225;';
226    pwg_query($query);
227
228    // the link on thumbnail must go to picture.php
229    foreach ($page['thumbnails'] as $idx => $thumbnail)
230    {
231      if (preg_match('/image_id=(\d+)/', $thumbnail['link'], $matches))
232      {
233        $page['thumbnails'][$idx]['link'] = make_picture_url(
234          array(
235            'image_id' => $matches[1],
236            'image_file' => $thumbnail['file'],
237            'category' => $category_infos,
238            )
239          );
240      }
241    }
242  }
243
244  invalidate_user_cache();
245
246  // let's notify administrators
247  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
248
249  $keyargs_content = array(
250    get_l10n_args('Hi administrators,', ''),
251    get_l10n_args('', ''),
252    get_l10n_args('Album: %s', get_cat_display_name($category_infos['upper_names'], null, false)),
253    get_l10n_args('User: %s', $user['username']),
254    get_l10n_args('Email: %s', $user['email']),
255    );
256
257  if ($moderate)
258  {
259    $keyargs_content[] = get_l10n_args('', '');
260   
261    array_push(
262      $keyargs_content,
263      get_l10n_args(
264        'Validation page: %s',
265        get_absolute_root_url().'admin.php?page=plugin-community-pendings'
266        )
267      );
268  }
269
270  pwg_mail_notification_admins(
271    get_l10n_args('%d photos uploaded by %s', array(count($image_ids), $user['username'])),
272    $keyargs_content,
273    false
274    );
275}
276
277// +-----------------------------------------------------------------------+
278// |                             prepare form                              |
279// +-----------------------------------------------------------------------+
280
281$template->set_filenames(array('add_photos' => dirname(__FILE__).'/add_photos.tpl'));
282
283include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
284
285if (!$user_permissions['upload_whole_gallery'])
286{
287  // we have to change the list of uploadable albums
288  $query = '
289SELECT id,name,uppercats,global_rank
290  FROM '.CATEGORIES_TABLE.'
291  WHERE id IN ('.implode(',', $user_permissions['upload_categories']).')
292;';
293
294  display_select_cat_wrapper(
295    $query,
296    $selected_category,
297    'category_options'
298    );
299}
300
301$create_subcategories = false;
302
303if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0)
304{
305  $create_subcategories = true;
306  $category_ids = null;
307 
308  $query = '
309SELECT id,name,uppercats,global_rank
310  FROM '.CATEGORIES_TABLE;
311 
312  if (!$user_permissions['create_whole_gallery'])
313  {
314    $query.= '
315  WHERE id IN ('.implode(',', $user_permissions['create_categories']).')';
316  }
317
318  $query.= '
319;';
320
321  display_select_cat_wrapper(
322    $query,
323    $selected_category,
324    'category_parent_options'
325    );
326}
327
328$template->assign(
329  array(
330    'create_subcategories' => $create_subcategories,
331    'create_whole_gallery' => $user_permissions['create_whole_gallery'],
332    )
333  );
334
335
336// +-----------------------------------------------------------------------+
337// |                             display page                              |
338// +-----------------------------------------------------------------------+
339
340if (count($page['errors']) != 0)
341{
342  $template->assign('errors', $page['errors']);
343}
344
345if (count($page['infos']) != 0)
346{
347  $template->assign('infos', $page['infos']);
348}
349
350$title = l10n('Upload Photos');
351$page['body_id'] = 'theUploadPage';
352// include(PHPWG_ROOT_PATH.'include/page_header.php');
353// $template->pparse('add_photos');
354// include(PHPWG_ROOT_PATH.'include/page_tail.php');
355
356$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
357
358$template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED'));
359
360$template->assign(
361  array(
362    'TITLE' => '<a href="'.get_gallery_home_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].$title,
363    )
364  );
365?>
Note: See TracBrowser for help on using the repository browser.