source: extensions/community/add_photos.php @ 9536

Last change on this file since 9536 was 9504, checked in by plg, 14 years ago

let's make it simpler : a user uploaded photo with no admin moderation can be seen by anyone (level = 0)

File size: 9.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25
26global $template, $conf, $user;
27
28include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
29include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
30include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
31
32define('PHOTOS_ADD_BASE_URL', make_index_url(array('section' => 'add_photos')));
33
34prepare_upload_configuration();
35
36$user_permissions = community_get_user_permissions($user['id']);
37
38// +-----------------------------------------------------------------------+
39// |                             process form                              |
40// +-----------------------------------------------------------------------+
41
42$page['errors'] = array();
43$page['infos'] = array();
44$_POST['level'] = 16;
45
46if (isset($_GET['processed']))
47{
48  $hacking_attempt = false;
49 
50  if ('existing' == $_POST['category_type'])
51  {
52    // is the user authorized to upload in this album?
53    if (!in_array($_POST['category'], $user_permissions['upload_categories']))
54    {
55      echo 'Hacking attempt, you have no permission to upload in this album';
56      $hacking_attempt = true;
57    }
58  }
59  elseif ('new' == $_POST['category_type'])
60  {
61    if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
62    {
63      echo 'Hacking attempt, you have no permission to create this album';
64      $hacking_attempt = true;
65    }
66  }
67
68  if ($hacking_attempt)
69  {
70    if (isset($_SESSION['uploads'][ $_POST['upload_id'] ]))
71    {
72      delete_elements($_SESSION['uploads'][ $_POST['upload_id'] ], true);
73    }
74    exit();
75  }
76}
77
78include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_process.inc.php');
79
80if (isset($image_ids) and count($image_ids) > 0)
81{
82  // reinitialize the informations to display on the result page
83  $page['infos'] = array();
84 
85  // $category_id is set in the photos_add_direct_process.inc.php included script
86  $category_infos = get_cat_info($category_id);
87  $category_name = get_cat_display_name($category_infos['upper_names']);
88
89  array_push(
90    $page['infos'],
91    sprintf(
92      l10n('%d photos uploaded into album "%s"'),
93      count($page['thumbnails']),
94      '<em>'.$category_name.'</em>'
95      )
96    );
97
98  // should the photos be moderated?
99  //
100  // if one of the user community permissions is not moderated on the path
101  // to gallery root, then the upload is not moderated. For example, if the
102  // user is allowed to upload to events/parties with no admin moderation,
103  // then he's not moderated when uploading in
104  // events/parties/happyNewYear2011
105  $moderate = true;
106  if (is_admin())
107  {
108    $moderate = false;
109  }
110  else
111  { 
112    $query = '
113SELECT
114    cp.category_id,
115    c.uppercats
116  FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
117    LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
118  WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
119    AND cp.moderated = \'false\'
120;';
121    $result = pwg_query($query);
122    while ($row = pwg_db_fetch_assoc($result))
123    {
124      if (empty($row['category_id']))
125      {
126        $moderate = false;
127      }
128      elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats']))
129      {
130        $moderate = false;
131      }
132    }
133  }
134 
135  if ($moderate)
136  {
137    $inserts = array();
138
139    $query = '
140SELECT
141    id,
142    date_available
143  FROM '.IMAGES_TABLE.'
144  WHERE id IN ('.implode(',', $image_ids).')
145;';
146    $result = pwg_query($query);
147    while ($row = pwg_db_fetch_assoc($result))
148    {
149      array_push(
150        $inserts,
151        array(
152          'image_id' => $row['id'],
153          'added_on' => $row['date_available'],
154          'state' => 'moderation_pending',
155          )
156        );
157    }
158   
159    mass_inserts(
160      COMMUNITY_PENDINGS_TABLE,
161      array_keys($inserts[0]),
162      $inserts
163      );
164
165    // the link on thumbnail must go to the websize photo
166    foreach ($page['thumbnails'] as $idx => $thumbnail)
167    {
168      $page['thumbnails'][$idx]['link'] = str_replace(
169        'thumbnail/'.$conf['prefix_thumbnail'],
170        '',
171        $thumbnail['src']
172        );
173    }
174
175    array_push(
176      $page['infos'],
177      l10n('Your photos are waiting for validation, administrators have been notified')
178      );
179  }
180  else
181  {
182    // the level of a user upload photo with no moderation is 0
183    $query = '
184UPDATE '.IMAGES_TABLE.'
185  SET level = 0
186  WHERE id IN ('.implode(',', $image_ids).')
187;';
188    pwg_query($query);
189
190    // the link on thumbnail must go to picture.php
191    foreach ($page['thumbnails'] as $idx => $thumbnail)
192    {
193      if (preg_match('/image_id=(\d+)/', $thumbnail['link'], $matches))
194      {
195        $page['thumbnails'][$idx]['link'] = make_picture_url(
196          array(
197            'image_id' => $matches[1],
198            'image_file' => $thumbnail['file'],
199            'category' => $category_infos,
200            )
201          );
202      }
203    }
204  }
205
206  invalidate_user_cache();
207
208  // let's notify administrators
209  include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
210
211  $keyargs_content = array(
212    get_l10n_args('Hi administrators,', ''),
213    get_l10n_args('', ''),
214    get_l10n_args('Album: %s', get_cat_display_name($category_infos['upper_names'], null, false)),
215    get_l10n_args('User: %s', $user['username']),
216    get_l10n_args('Email: %s', $user['email']),
217    );
218
219  if ($moderate)
220  {
221    $keyargs_content[] = get_l10n_args('', '');
222   
223    array_push(
224      $keyargs_content,
225      get_l10n_args(
226        'Validation page: %s',
227        get_absolute_root_url().'admin.php?page=plugin-community-pendings'
228        )
229      );
230  }
231
232  pwg_mail_notification_admins(
233    get_l10n_args('%d photos uploaded by %s', array(count($image_ids), $user['username'])),
234    $keyargs_content,
235    false
236    );
237}
238
239// +-----------------------------------------------------------------------+
240// |                             prepare form                              |
241// +-----------------------------------------------------------------------+
242
243$template->set_filenames(array('add_photos' => dirname(__FILE__).'/add_photos.tpl'));
244
245include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
246
247// we have to change the list of uploadable albums
248$query = '
249SELECT id,name,uppercats,global_rank
250  FROM '.CATEGORIES_TABLE.'
251  WHERE id IN ('.implode(',', $user_permissions['upload_categories']).')
252;';
253
254display_select_cat_wrapper(
255  $query,
256  $selected_category,
257  'category_options'
258  );
259
260$create_subcategories = false;
261
262if (count($user_permissions['create_categories']) > 0)
263{
264  $create_subcategories = true;
265  $category_ids = null;
266 
267  $query = '
268SELECT id,name,uppercats,global_rank
269  FROM '.CATEGORIES_TABLE.'
270  WHERE id IN ('.implode(',', $user_permissions['create_categories']).')
271;';
272
273  display_select_cat_wrapper(
274    $query,
275    $selected_category,
276    'category_parent_options'
277    );
278}
279
280$template->assign(
281  array(
282    'create_subcategories' => $create_subcategories,
283    'create_whole_gallery' => $user_permissions['create_whole_gallery'],
284    )
285  );
286
287
288// +-----------------------------------------------------------------------+
289// |                             display page                              |
290// +-----------------------------------------------------------------------+
291
292if (count($page['errors']) != 0)
293{
294  $template->assign('errors', $page['errors']);
295}
296
297if (count($page['infos']) != 0)
298{
299  $template->assign('infos', $page['infos']);
300}
301
302$title = l10n('Upload Photos');
303$page['body_id'] = 'theUploadPage';
304
305$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
306
307$template->clear_assign(array('U_MODE_POSTED', 'U_MODE_CREATED'));
308
309$template->assign(
310  array(
311    'TITLE' => '<a href="'.get_gallery_home_url().'">'.l10n('Home').'</a>'.$conf['level_separator'].$title,
312    )
313  );
314?>
Note: See TracBrowser for help on using the repository browser.