source: extensions/community/add_photos.php @ 9447

Last change on this file since 9447 was 9447, checked in by plg, 13 years ago

admins have no community permissions but full rights, no need to check for moderation, ths SQL query was crashing Piwigo
File size: 10.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25
26global $template, $conf, $user;
27
28include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
29include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
30include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
31
32define('PHOTOS_ADD_BASE_URL', make_index_url(array('section' => 'add_photos')));
33
34$user_permissions = community_get_user_permissions($user['id']);
35
36// +-----------------------------------------------------------------------+
37// |                             process form                              |
38// +-----------------------------------------------------------------------+
39
40$page['errors'] = array();
41$page['infos'] = array();
42$_POST['level'] = 16;
43
44if (isset($_GET['processed']))
45{
46  $hacking_attempt = false;
47 
48  if ('existing' == $_POST['category_type'])
49  {
50    // is the user authorized to upload in this album?
51    if (!$user_permissions['upload_whole_gallery'])
52    {
53      if (!in_array($_POST['category'], $user_permissions['upload_categories']))
54      {
55        echo 'Hacking attempt, you have no permission to upload in this album';
56        $hacking_attempt = true;
57      }
58    }
59  }
60  elseif ('new' == $_POST['category_type'])
61  {
62    if (!$user_permissions['create_whole_gallery'])
63    {
64      if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
65      {
66        echo 'Hacking attempt, you have no permission to create this album';
67        $hacking_attempt = true;
68      }
69    }
70  }
71
72  if ($hacking_attempt)
73  {
74    if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
75    {
76      delete_elements($_SESSION['uploads'][ $_POST['upload_id'] ], true);
77    }
78    exit();
79  }
80}
81
82include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_process.inc.php');
83
84if (isset($image_ids) and count($image_ids) > 0)
85{
86  // reinitialize the informations to display on the result page
87  $page['infos'] = array();
88 
89  // $category_id is set in the photos_add_direct_process.inc.php included script
90  $category_infos = get_cat_info($category_id);
91  $category_name = get_cat_display_name($category_infos['upper_names']);
92
93  array_push(
94    $page['infos'],
95    sprintf(
96      l10n('%d photos uploaded into album "%s"'),
97      count($page['thumbnails']),
98      '<em>'.$category_name.'</em>'
99      )
100    );
101
102  // should the photos be moderated?
103  //
104  // if one of the user community permissions is not moderated on the path
105  // to gallery root, then the upload is not moderated. For example, if the
106  // user is allowed to upload to events/parties with no admin moderation,
107  // then he's not moderated when uploading in
108  // events/parties/happyNewYear2011
109  $moderate = true;
110  if (is_admin())
111  {
112    $moderate = false;
113  }
114  else
115  { 
116    $query = '
117SELECT
118    cp.category_id,
119    c.uppercats
120  FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
121    LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
122  WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
123    AND cp.moderated = \'false\'
124;';
125    $result = pwg_query($query);
126    while ($row = pwg_db_fetch_assoc($result))
127    {
128      if (empty($row['category_id']))
129      {
130        $moderate = false;
131      }
132      elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats']))
133      {
134        $moderate = false;
135      }
136    }
137  }
138 
139  if ($moderate)
140  {
141    $inserts = array();
142
143    $query = '
144SELECT
145    id,
146    date_available
147  FROM '.IMAGES_TABLE.'
148  WHERE id IN ('.implode(',', $image_ids).')
149;';
150    $result = pwg_query($query);
151    while ($row = pwg_db_fetch_assoc($result))
152    {
153      array_push(
154        $inserts,
155        array(
156          'image_id' => $row['id'],
157          'added_on' => $row['date_available'],
158          'state' => 'moderation_pending',
159          )
160        );
161    }
162   
163    mass_inserts(
164      COMMUNITY_PENDINGS_TABLE,
165      array_keys($inserts[0]),
166      $inserts
167      );
168
169    // the link on thumbnail must go to the websize photo
170    foreach ($page['thumbnails'] as $idx => $thumbnail)
171    {
172      $page['thumbnails'][$idx]['link'] = str_replace(
173        'thumbnail/'.$conf['prefix_thumbnail'],
174        '',
175        $thumbnail['src']
176        );
177    }
178
179    array_push(
180      $page['infos'],
181      l10n('Your photos are waiting for validation, administrators have been notified')
182      );
183  }
184  else
185  {
186    // we have to change the level.
187    //
188    // the level must equal the minimum level between :
189    // * the privacy level of the uploader
190    // * the minimum level for photos in the same album
191    $category_min_level = null;
192   
193    $query = '
194SELECT
195    image_id,
196    level
197  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
198    JOIN '.IMAGES_TABLE.' AS i ON ic.image_id = i.id
199  WHERE category_id = '.$category_id.'
200;';
201    $result = pwg_query($query);
202    while ($row = pwg_db_fetch_assoc($result))
203    {
204      if (in_array($row['image_id'], $image_ids))
205      {
206        continue;
207      }
208
209      if (!isset($category_min_level))
210      {
211        $category_min_level = $row['level'];
212      }
213
214      if ($row['level'] < $category_min_level)
215      {
216        $category_min_level = $row['level'];
217      }
218    }
219
220    if (!isset($category_min_level))
221    {
222      $category_min_level = 0;
223    }
224
225    $level = min($category_min_level, $user['level']);
226
227    $query = '
228UPDATE '.IMAGES_TABLE.'
229  SET level = '.$level.'
230  WHERE id IN ('.implode(',', $image_ids).')
231;';
232    pwg_query($query);
233
234    // the link on thumbnail must go to picture.php
235    foreach ($page['thumbnails'] as $idx => $thumbnail)
236    {
237      if (preg_match('/image_id=(\d+)/', $thumbnail['link'], $matches))
238      {
239        $page['thumbnails'][$idx]['link'] = make_picture_url(
240          array(
241            'image_id' => $matches[1],
242            'image_file' => $thumbnail['file'],
243            'category' => $category_infos,
244            )
245          );
246      }
247    }
248  }
249
250  invalidate_user_cache();
251
252  // let's notify administrators
253  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
254
255  $keyargs_content = array(
256    get_l10n_args('Hi administrators,', ''),
257    get_l10n_args('', ''),
258    get_l10n_args('Album: %s', get_cat_display_name($category_infos['upper_names'], null, false)),
259    get_l10n_args('User: %s', $user['username']),
260    get_l10n_args('Email: %s', $user['email']),
261    );
262
263  if ($moderate)
264  {
265    $keyargs_content[] = get_l10n_args('', '');
266   
267    array_push(
268      $keyargs_content,
269      get_l10n_args(
270        'Validation page: %s',
271        get_absolute_root_url().'admin.php?page=plugin-community-pendings'
272        )
273      );
274  }
275
276  pwg_mail_notification_admins(
277    get_l10n_args('%d photos uploaded by %s', array(count($image_ids), $user['username'])),
278    $keyargs_content,
279    false
280    );
281}
282
283// +-----------------------------------------------------------------------+
284// |                             prepare form                              |
285// +-----------------------------------------------------------------------+
286
287$template->set_filenames(array('add_photos' => dirname(__FILE__).'/add_photos.tpl'));
288
289include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
290
291if (!$user_permissions['upload_whole_gallery'])
292{
293  // we have to change the list of uploadable albums
294  $query = '
295SELECT id,name,uppercats,global_rank
296  FROM '.CATEGORIES_TABLE.'
297  WHERE id IN ('.implode(',', $user_permissions['upload_categories']).')
298;';
299
300  display_select_cat_wrapper(
301    $query,
302    $selected_category,
303    'category_options'
304    );
305}
306
307$create_subcategories = false;
308
309if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0)
310{
311  $create_subcategories = true;
312  $category_ids = null;
313 
314  $query = '
315SELECT id,name,uppercats,global_rank
316  FROM '.CATEGORIES_TABLE;
317 
318  if (!$user_permissions['create_whole_gallery'])
319  {
320    $query.= '
321  WHERE id IN ('.implode(',', $user_permissions['create_categories']).')';
322  }
323
324  $query.= '
325;';
326
327  display_select_cat_wrapper(
328    $query,
329    $selected_category,
330    'category_parent_options'
331    );
332}
333
334$template->assign(
335  array(
336    'create_subcategories' => $create_subcategories,
337    'create_whole_gallery' => $user_permissions['create_whole_gallery'],
338    )
339  );
340
341
342// +-----------------------------------------------------------------------+
343// |                             display page                              |
344// +-----------------------------------------------------------------------+
345
346if (count($page['errors']) != 0)
347{
348  $template->assign('errors', $page['errors']);
349}
350
351if (count($page['infos']) != 0)
352{
353  $template->assign('infos', $page['infos']);
354}
355
356$title = l10n('Upload Photos');
357$page['body_id'] = 'theUploadPage';
358// include(PHPWG_ROOT_PATH.'include/page_header.php');
359// $template->pparse('add_photos');
360// include(PHPWG_ROOT_PATH.'include/page_tail.php');
361
362$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
363
364$template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED'));
365
366$template->assign(
367  array(
368    'TITLE' => '<a href="'.get_gallery_home_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].$title,
369    )
370  );
371?>
Note: See TracBrowser for help on using the repository browser.