'add_photos'))); $user_permissions = community_get_user_permissions($user['id']); // +-----------------------------------------------------------------------+ // | process form | // +-----------------------------------------------------------------------+ $page['errors'] = array(); $page['infos'] = array(); $_POST['level'] = 16; if (isset($_GET['processed'])) { $hacking_attempt = false; if ('existing' == $_POST['category_type']) { // is the user authorized to upload in this album? if (!$user_permissions['upload_whole_gallery']) { if (!in_array($_POST['category'], $user_permissions['upload_categories'])) { echo 'Hacking attempt, you have no permission to upload in this album'; $hacking_attempt = true; } } } elseif ('new' == $_POST['category_type']) { if (!$user_permissions['create_whole_gallery']) { if (!in_array($_POST['category_parent'], $user_permissions['create_categories'])) { echo 'Hacking attempt, you have no permission to create this album'; $hacking_attempt = true; } } } if ($hacking_attempt) { if (isset($_SESSION['uploads'][ $_POST['upload_id'] ])) { delete_elements($_SESSION['uploads'][ $_POST['upload_id'] ], true); } exit(); } } include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_process.inc.php'); if (isset($image_ids) and count($image_ids) > 0) { // reinitialize the informations to display on the result page $page['infos'] = array(); // $category_id is set in the photos_add_direct_process.inc.php included script $category_infos = get_cat_info($category_id); $category_name = get_cat_display_name($category_infos['upper_names']); array_push( $page['infos'], sprintf( l10n('%d photos uploaded into album "%s"'), count($page['thumbnails']), ''.$category_name.'' ) ); // should the photos be moderated? // // if one of the user community permissions is not moderated on the path // to gallery root, then the upload is not moderated. For example, if the // user is allowed to upload to events/parties with no admin moderation, // then he's not moderated when uploading in // events/parties/happyNewYear2011 $moderate = true; $query = ' SELECT cp.category_id, c.uppercats FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).') AND cp.moderated = \'false\' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { if (empty($row['category_id'])) { $moderate = false; } elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats'])) { $moderate = false; } } if ($moderate) { $inserts = array(); $query = ' SELECT id, date_available FROM '.IMAGES_TABLE.' WHERE id IN ('.implode(',', $image_ids).') ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { array_push( $inserts, array( 'image_id' => $row['id'], 'added_on' => $row['date_available'], 'state' => 'moderation_pending', ) ); } mass_inserts( COMMUNITY_PENDINGS_TABLE, array_keys($inserts[0]), $inserts ); // the link on thumbnail must go to the websize photo foreach ($page['thumbnails'] as $idx => $thumbnail) { $page['thumbnails'][$idx]['link'] = str_replace( 'thumbnail/'.$conf['prefix_thumbnail'], '', $thumbnail['src'] ); } array_push( $page['infos'], l10n('Your photos are waiting for validation, administrators have been notified') ); } else { // we have to change the level. // // the level must equal the minimum level between : // * the privacy level of the uploader // * the minimum level for photos in the same album $category_min_level = null; $query = ' SELECT image_id, level FROM '.IMAGE_CATEGORY_TABLE.' AS ic JOIN '.IMAGES_TABLE.' AS i ON ic.image_id = i.id WHERE category_id = '.$category_id.' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { if (in_array($row['image_id'], $image_ids)) { continue; } if (!isset($category_min_level)) { $category_min_level = $row['level']; } if ($row['level'] < $category_min_level) { $category_min_level = $row['level']; } } if (!isset($category_min_level)) { $category_min_level = 0; } $level = min($category_min_level, $user['level']); $query = ' UPDATE '.IMAGES_TABLE.' SET level = '.$level.' WHERE id IN ('.implode(',', $image_ids).') ;'; pwg_query($query); // the link on thumbnail must go to picture.php foreach ($page['thumbnails'] as $idx => $thumbnail) { if (preg_match('/image_id=(\d+)/', $thumbnail['link'], $matches)) { $page['thumbnails'][$idx]['link'] = make_picture_url( array( 'image_id' => $matches[1], 'image_file' => $thumbnail['file'], 'category' => $category_infos, ) ); } } } invalidate_user_cache(); // let's notify administrators include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); $keyargs_content = array( get_l10n_args('Hi administrators,', ''), get_l10n_args('', ''), get_l10n_args('Album: %s', get_cat_display_name($category_infos['upper_names'], null, false)), get_l10n_args('User: %s', $user['username']), get_l10n_args('Email: %s', $user['email']), ); if ($moderate) { $keyargs_content[] = get_l10n_args('', ''); array_push( $keyargs_content, get_l10n_args( 'Validation page: %s', get_absolute_root_url().'admin.php?page=plugin-community-pendings' ) ); } pwg_mail_notification_admins( get_l10n_args('%d photos uploaded by %s', array(count($image_ids), $user['username'])), $keyargs_content, false ); } // +-----------------------------------------------------------------------+ // | prepare form | // +-----------------------------------------------------------------------+ $template->set_filenames(array('add_photos' => dirname(__FILE__).'/add_photos.tpl')); include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php'); if (!$user_permissions['upload_whole_gallery']) { // we have to change the list of uploadable albums $query = ' SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE.' WHERE id IN ('.implode(',', $user_permissions['upload_categories']).') ;'; display_select_cat_wrapper( $query, $selected_category, 'category_options' ); } $create_subcategories = false; if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0) { $create_subcategories = true; $category_ids = null; $query = ' SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE; if (!$user_permissions['create_whole_gallery']) { $query.= ' WHERE id IN ('.implode(',', $user_permissions['create_categories']).')'; } $query.= ' ;'; display_select_cat_wrapper( $query, $selected_category, 'category_parent_options' ); } $template->assign( array( 'create_subcategories' => $create_subcategories, 'create_whole_gallery' => $user_permissions['create_whole_gallery'], ) ); // +-----------------------------------------------------------------------+ // | display page | // +-----------------------------------------------------------------------+ if (count($page['errors']) != 0) { $template->assign('errors', $page['errors']); } if (count($page['infos']) != 0) { $template->assign('infos', $page['infos']); } $title = l10n('Upload Photos'); $page['body_id'] = 'theUploadPage'; // include(PHPWG_ROOT_PATH.'include/page_header.php'); // $template->pparse('add_photos'); // include(PHPWG_ROOT_PATH.'include/page_tail.php'); $template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos'); $template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED')); $template->assign( array( 'TITLE' => ''.l10n('Home').''.$conf['level_separator'].$title, ) ); ?>