Context Navigation

source: tags/release-1_3_0/picture.php @ 3592

Last change on this file since 3592 was 183, checked in by z0rglub, 21 years ago
Wash filename if it has to be used as page title
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 27.2 KB

Line
1	<?php
2	/***************************************************************************
3	* picture.php *
4	* ------------------- *
5	* application : PhpWebGallery 1.3 <http://phpwebgallery.net> *
6	* author : Pierrick LE GALL <pierrick@z0rglub.com> *
7	* *
8	* $Id: picture.php 183 2003-10-08 18:10:47Z z0rglub $
9	* *
10	***************************************************************************/
11
12	/***************************************************************************
13	* *
14	* This program is free software; you can redistribute it and/or modify *
15	* it under the terms of the GNU General Public License as published by *
16	* the Free Software Foundation; *
17	* *
18	***************************************************************************/
19
20	// this page shows the image full size
21	//----------------------------------------------------------- personnal include
22	include_once( './include/init.inc.php' );
23	//-------------------------------------------------- access authorization check
24	check_cat_id( $_GET['cat'] );
25	check_login_authorization();
26	$page['plain_structure'] = get_plain_structure();
27	if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
28	{
29	check_restrictions( $page['cat'] );
30	}
31	//---------------------------------------- incrementation of the number of hits
32	$query = 'UPDATE '.PREFIX_TABLE.'images';
33	$query.= ' SET hit=hit+1';
34	$query.= ' WHERE id='.$_GET['image_id'];
35	$query.= ';';
36	@mysql_query( $query );
37	//-------------------------------------------------------------- initialization
38	initialize_category( 'picture' );
39	//------------------------------------- main picture information initialization
40	$query = 'SELECT id,date_available,comment,hit,keywords';
41	$query.= ',author,name,file,date_creation,filesize,width,height';
42	$query.= ',storage_category_id';
43	if ( is_numeric( $page['cat'] ) )
44	{
45	$query.= ',category_id';
46	}
47	$query.= ' FROM '.PREFIX_TABLE.'images';
48	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic ON id = ic.image_id';
49	$query.= $page['where'];
50	$query.= ' AND id = '.$_GET['image_id'];
51	$query.= $conf['order_by'];
52	$query.= ';';
53	$result = mysql_query( $query );
54	// if this image_id doesn't correspond to this category, an error message is
55	// displayed, and execution is stopped
56	if ( mysql_num_rows( $result ) == 0 )
57	{
58	echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
59	echo '<a href="'.add_session_id( './category.php' ).'">';
60	echo $lang['thumbnails'].'</a></div>';
61	exit();
62	}
63	$row = mysql_fetch_array( $result );
64	$page['id'] = $row['id'];
65	$page['file'] = $row['file'];
66	$page['name'] = $row['name'];
67	$page['date_available'] = $row['date_available'];
68	$page['comment'] = $row['comment'];
69	$page['hit'] = $row['hit'];
70	$page['author'] = $row['author'];
71	$page['date_creation'] = $row['date_creation'];
72	$page['filesize'] = $row['filesize'];
73	$page['width'] = $row['width'];
74	$page['height'] = $row['height'];
75	$page['category_id'] = $row['category_id'];
76	$page['keywords'] = $row['keywords'];
77	$page['storage_category_id'] = $row['storage_category_id'];
78	// retrieving the number of the picture in its category (in order)
79	$query = 'SELECT DISTINCT(id)';
80	$query.= ' FROM '.PREFIX_TABLE.'images';
81	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic ON id = ic.image_id';
82	$query.= $page['where'];
83	$query.= $conf['order_by'];
84	$query.= ';';
85	$result = mysql_query( $query );
86	$page['num'] = 0;
87	$row = mysql_fetch_array( $result );
88	while ( $row['id'] != $page['id'] )
89	{
90	$page['num']++;
91	$row = mysql_fetch_array( $result );
92	}
93	//--------------------------------------------------------- favorite management
94	if ( isset( $_GET['add_fav'] ) )
95	{
96	if ( $_GET['add_fav'] == 1 )
97	{
98	// verify if the picture is already in the favorite of the user
99	$query = 'SELECT COUNT(*) AS nb_fav';
100	$query.= ' FROM '.PREFIX_TABLE.'favorites';
101	$query.= ' WHERE image_id = '.$page['id'];
102	$query.= ' AND user_id = '.$user['id'];
103	$query.= ';';
104	$result = mysql_query( $query );
105	$row = mysql_fetch_array( $result );
106	if ( $row['nb_fav'] == 0 )
107	{
108	$query = 'INSERT INTO '.PREFIX_TABLE.'favorites';
109	$query.= ' (image_id,user_id) VALUES';
110	$query.= ' ('.$page['id'].','.$user['id'].')';
111	$query.= ';';
112	$result = mysql_query( $query );
113	}
114	}
115	if ( $_GET['add_fav'] == 0 )
116	{
117	$query = 'DELETE FROM '.PREFIX_TABLE.'favorites';
118	$query.= ' WHERE user_id = '.$user['id'];
119	$query.= ' AND image_id = '.$page['id'];
120	$query.= ';';
121	$result = mysql_query( $query );
122
123	$page['cat_nb_images'] = $page['cat_nb_images'] - 1;
124	if ( $page['cat_nb_images'] <= 0 )
125	{
126	// there is no favorite picture anymore
127	// we redirect the user to the category page
128	$url = add_session_id( 'category.php' );
129	header( 'Request-URI: '.$url );
130	header( 'Content-Location: '.$url );
131	header( 'Location: '.$url );
132	exit();
133	}
134	// redirection of the user to the picture.php page
135	// with the right picture
136	$page['num'] = $page['num'] - 1;
137	if ( $page['num'] == -1 )
138	{
139	$page['num'] = 0;
140	}
141	$query = 'SELECT id';
142	$query.= ' FROM '.PREFIX_TABLE.'images';
143	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic';
144	$query.= ' ON id = ic.image_id';
145	$query.= $page['where'];
146	$query.= $conf['order_by'];
147	$query.= ' LIMIT '.$page['num'].',1';
148	$query.= ';';
149	$result = mysql_query( $query );
150	$row = mysql_fetch_array( $result );
151	$redirect = './picture.php?image_id='.$row['id'].'&cat='.$page['cat'];
152	$redirect.= '&expand='.$_GET['expand'];
153	if ( $page['cat'] == 'search' )
154	{
155	$redirect.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
156	}
157	$url = add_session_id( $redirect, true );
158	header( 'Request-URI: '.$url );
159	header( 'Content-Location: '.$url );
160	header( 'Location: '.$url );
161	exit();
162	}
163	}
164	//----------------------------------------------------- template initialization
165	$vtp = new VTemplate;
166	$handle = $vtp->Open( './template/'.$user['template'].'/picture.vtp' );
167	initialize_template();
168
169	$tpl = array( 'back','submit','comments_title','comments_del','delete',
170	'comments_add','author','slideshow','slideshow_stop',
171	'period_seconds' );
172	templatize_array( $tpl, 'lang', $handle );
173	$vtp->setGlobalVar( $handle, 'user_template', $user['template'] );
174	$vtp->setGlobalVar( $handle, 'text_color', $user['couleur_text'] );
175	//-------------------------------------------------------- slideshow management
176	if ( isset( $_GET['slideshow'] ) )
177	{
178	if ( !is_numeric( $_GET['slideshow'] ) )
179	$_GET['slideshow'] = $conf['slideshow_period'][0];
180	$vtp->addSession( $handle, 'stop_slideshow' );
181	$url = './picture.php';
182	$url.= '?image_id='.$page['id'];
183	$url.= '&cat='.$page['cat'];
184	$url.= '&expand='.$_GET['expand'];
185	if ( $page['cat'] == 'search' )
186	{
187	$url.= '&search='.$_GET['search'];
188	$url.= '&mode='.$_GET['mode'];
189	}
190	$vtp->setVar( $handle, 'stop_slideshow.url', add_session_id( $url ) );
191	$vtp->closeSession( $handle, 'stop_slideshow' );
192	}
193	else
194	{
195	$vtp->addSession( $handle, 'start_slideshow' );
196	foreach ( $conf['slideshow_period'] as $option ) {
197	$vtp->addSession( $handle, 'second' );
198	$vtp->setVar( $handle, 'second.option', $option );
199	$url = './picture.php';
200	$url.= '?image_id='.$page['id'];
201	$url.= '&cat='.$page['cat'];
202	$url.= '&expand='.$_GET['expand'];
203	if ( $page['cat'] == 'search' )
204	{
205	$url.= '&search='.$_GET['search'];
206	$url.= '&mode='.$_GET['mode'];
207	}
208	$url.= '&slideshow='.$option;
209	$vtp->setVar( $handle, 'second.url', add_session_id( $url ) );
210	$vtp->closeSession( $handle, 'second' );
211	}
212	$vtp->closeSession( $handle, 'start_slideshow' );
213	}
214	//------------------------------------------------------------------ page title
215	if ( $page['name'] != '' )
216	{
217	$vtp->setGlobalVar( $handle, 'page_title', $page['name'] );
218	}
219	else
220	{
221	$page_title = str_replace("_"," ",get_filename_wo_extension($page['file']));
222	$vtp->setGlobalVar( $handle, 'page_title', $page_title );
223	}
224	//-------------------------------------------------- previous picture thumbnail
225	if ( $page['num'] >= 1 )
226	{
227	$prev = $page['num'] - 1;
228	$query = 'SELECT DISTINCT(id),name,file,tn_ext,storage_category_id';
229	$query.= ' FROM '.PREFIX_TABLE.'images';
230	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic ON id=ic.image_id';
231	$query.= $page['where'];
232	$query.= $conf['order_by'];
233	$query.= ' LIMIT '.$prev.',1';
234	$query.= ';';
235	$result = mysql_query( $query );
236	$row = mysql_fetch_array( $result );
237
238	if ( $array_cat_directories[$row['storage_category_id']] == '' )
239	{
240	$array_cat_directories[$row['storage_category_id']] =
241	get_complete_dir( $row['storage_category_id'] );
242	}
243	$cat_directory = $array_cat_directories[$row['storage_category_id']];
244
245	$file = substr( $row['file'], 0, strrpos ( $row['file'], '.' ) );
246	$lien_thumbnail = $cat_directory.'/thumbnail/';
247	$lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext'];
248
249	$prev_title = $lang['previous_image'].' : ';
250	$alt_thumbnaill = '';
251	if ( $row['name'] != '' ) $alt_thumbnail = $row['name'];
252	else $alt_thumbnail = $file;
253	$prev_title.= $alt_thumbnail;
254
255	$url_link = './picture.php?image_id='.$row['id'].'&cat='.$page['cat'];
256	$url_link.= '&expand='.$_GET['expand'];
257	if ( $page['cat'] == 'search' )
258	{
259	$url_link.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
260	}
261	// sending vars for display
262	$vtp->addSession( $handle, 'previous' );
263	$vtp->setGlobalVar( $handle, 'previous.url', add_session_id( $url_link ) );
264	$vtp->setGlobalVar( $handle, 'previous.title', $prev_title );
265	$vtp->setGlobalVar( $handle, 'previous.src', $lien_thumbnail );
266	$vtp->setGlobalVar( $handle, 'previous.alt', $alt_thumbnail );
267	$vtp->closeSession( $handle, 'previous' );
268	}
269	else
270	{
271	$vtp->addSession( $handle, 'previous_empty' );
272	$vtp->closeSession( $handle, 'previous_empty' );
273	}
274	//-------------------------------------------------------- main picture display
275	if ( is_numeric( $page['cat'] ) )
276	{
277	$intitule_cat = get_cat_display_name( $page['cat_name'], " - ",
278	"font-style:italic;" );
279	}
280	else
281	{
282	$intitule_cat = $page['title'];
283	}
284
285	if ( $array_cat_directories[$page['storage_category_id']] == '' )
286	{
287	$array_cat_directories[$page['storage_category_id']] =
288	get_complete_dir( $page['storage_category_id'] );
289	}
290	$cat_directory = $array_cat_directories[$page['storage_category_id']];
291
292	$n = $page['num'] + 1;
293	$intitule_titre = replace_space( $intitule_cat." - " ).$n.'/'.
294	$intitule_titre.= $page['cat_nb_images']."<br />";
295	if ( $page['name'] != "" )
296	{
297	$intitule_file = $page['name'];
298	}
299	else
300	{
301	$intitule_file = str_replace( "_", " ",
302	substr( $page['file'], 0,
303	strrpos ( $page['file'], ".") ) );
304	}
305	if ( $page['cat'] == 'search' )
306	{
307	$intitule_file = replace_search( $intitule_file, $_GET['search'] );
308	}
309	$vtp->setGlobalVar( $handle, 'title', $intitule_titre.$intitule_file );
310
311	$lien_image = $cat_directory.$page['file'];
312
313	// calculation of width and height
314	if ( $page['width'] == "" )
315	{
316	$taille_image = @getimagesize( $lien_image );
317	$original_width = $taille_image[0];
318	$original_height = $taille_image[1];
319	}
320	else
321	{
322	$original_width = $page['width'];
323	$original_height = $page['height'];
324	}
325
326	$picture_size = get_picture_size( $original_width, $original_height,
327	$user['maxwidth'], $user['maxheight'] );
328	$final_width = $picture_size[0];
329	$final_height = $picture_size[1];
330
331	$url_link = './category.php?cat='.$page['cat'].'&';
332	$url_link.= 'num='.$page['num'].'&expand='.$_GET['expand'];
333	if ( $page['cat'] == 'search' )
334	{
335	$url_link.= "&search=".$_GET['search'].'&mode='.$_GET['mode'];
336	}
337	$vtp->setGlobalVar( $handle, 'picture_link', add_session_id( $url_link ) );
338	$vtp->setGlobalVar( $handle, 'picture_width', $final_width );
339	$vtp->setGlobalVar( $handle, 'picture_height', $final_height );
340	$vtp->setGlobalVar( $handle, 'picture_border_color', $user['couleur_text'] );
341	$vtp->setGlobalVar( $handle, 'picture_src', $lien_image );
342	$vtp->setGlobalVar( $handle, 'picture_alt', $page['file'] );
343
344	if ( $page['comment'] != '' )
345	{
346	if ( $page['cat'] == 'search' )
347	{
348	$picture_comment = replace_search( $page['comment'], $_GET['search'] );
349	$vtp->setGlobalVar( $handle, 'picture_comment', $picture_comment );
350	}
351	else
352	{
353	$vtp->setGlobalVar( $handle, 'picture_comment', $page['comment'] );
354	}
355	}
356	//--------------------------------------------------------- picture information
357	// author
358	if ( $page['author'] != "" )
359	{
360	$vtp->addSession( $handle, 'info_line' );
361	$vtp->setVar( $handle, 'info_line.name', $lang['author'].' : ' );
362	$vtp->setVar( $handle, 'info_line.content', $page['author'] );
363	$vtp->closeSession( $handle, 'info_line' );
364	}
365	// creation date
366	if ( $page['date_creation'] != "" )
367	{
368	$vtp->addSession( $handle, 'info_line' );
369	$vtp->setVar( $handle, 'info_line.name', $lang['creation_date'].' : ' );
370	$vtp->setVar( $handle, 'info_line.content',
371	format_date( $page['date_creation'] ) );
372	$vtp->closeSession( $handle, 'info_line' );
373	}
374	// date of availability
375	$vtp->addSession( $handle, 'info_line' );
376	$vtp->setVar( $handle, 'info_line.name', $lang['registration_date'].' : ' );
377	list( $year,$month,$day ) = explode( '-', $page['date_available'] );
378	$vtp->setVar( $handle, 'info_line.content',
379	format_date( $page['date_available'] ) );
380	$vtp->closeSession( $handle, 'info_line' );
381	// size in pixels
382	$vtp->addSession( $handle, 'info_line' );
383	$vtp->setVar( $handle, 'info_line.name', $lang['size'].' : ' );
384	if ( $original_width != $final_width or $original_height != $final_height )
385	{
386	$content = '[ <a href="'.$lien_image.'" title="'.$lang['true_size'].'">';
387	$content.= $original_width.'*'.$original_height.'</a> ]';
388	$vtp->setVar( $handle, 'info_line.content', $content );
389	}
390	else
391	{
392	$content = $original_width.'*'.$original_height;
393	$vtp->setVar( $handle, 'info_line.content', $content );
394	}
395	$vtp->closeSession( $handle, 'info_line' );
396	// file
397	$vtp->addSession( $handle, 'info_line' );
398	$vtp->setVar( $handle, 'info_line.name', $lang['file'].' : ' );
399	if ( $page['cat'] == 'search' )
400	{
401	$content = replace_search( $page['file'], $_GET['search'] );
402	$vtp->setVar( $handle, 'info_line.content', $content );
403	}
404	else
405	{
406	$vtp->setVar( $handle, 'info_line.content', $page['file'] );
407	}
408	$vtp->closeSession( $handle, 'info_line' );
409	// filesize
410	if ( $page['filesize'] == "" )
411	{
412	$poids = floor ( filesize( $lien_image ) / 1024 );
413	}
414	else
415	{
416	$poids = $page['filesize'];
417	}
418	$vtp->addSession( $handle, 'info_line' );
419	$vtp->setVar( $handle, 'info_line.name', $lang['filesize'].' : ' );
420	$vtp->setVar( $handle, 'info_line.content', $poids.' KB' );
421	$vtp->closeSession( $handle, 'info_line' );
422	// keywords
423	if ( $page['keywords'] != '' )
424	{
425	$vtp->addSession( $handle, 'info_line' );
426	$vtp->setVar( $handle, 'info_line.name', $lang['keywords'].' : ' );
427	$keywords = explode( ',', $page['keywords'] );
428	$content = '';
429	$url = './category.php?cat=search&expand='.$_GET['expand'];
430	$url.= '&mode=OR&search=';
431	foreach ( $keywords as $i => $keyword ) {
432	$local_url = add_session_id( $url.$keyword );
433	if ( $i > 0 ) $content.= ',';
434	$content.= '<a href="'.$local_url.'">'.$keyword.'</a>';
435	}
436	$vtp->setVar( $handle, 'info_line.content', $content );
437	$vtp->closeSession( $handle, 'info_line' );
438	}
439	// number of visits
440	$vtp->addSession( $handle, 'info_line' );
441	$vtp->setVar( $handle, 'info_line.name', $lang['visited'].' : ' );
442	$vtp->setVar( $handle, 'info_line.content', $page['hit'].' '.$lang['times'] );
443	$vtp->closeSession( $handle, 'info_line' );
444	//------------------------------------------------------- favorite manipulation
445	if ( $page['cat'] != 'fav' and !$user['is_the_guest'] )
446	{
447	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
448	$url.= '&expand='.$_GET['expand'].'&add_fav=1';
449	if ( $page['cat'] == 'search' )
450	{
451	$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
452	}
453	$vtp->addSession( $handle, 'favorite' );
454	$vtp->setVar( $handle, 'favorite.link', add_session_id( $url ) );
455	$vtp->setVar( $handle, 'favorite.title', $lang['add_favorites_hint'] );
456	$vtp->setVar( $handle, 'favorite.src',
457	'./template/'.$user['template'].'/theme/favorite.gif' );
458	$vtp->setVar( $handle, 'favorite.alt','[ '.$lang['add_favorites_alt'].' ]' );
459	$vtp->closeSession( $handle, 'favorite' );
460	}
461	if ( $page['cat'] == 'fav' )
462	{
463	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
464	$url.= '&expand='.$_GET['expand'].'&add_fav=0';
465	$vtp->addSession( $handle, 'favorite' );
466	$vtp->setVar( $handle, 'favorite.link', add_session_id( $url ) );
467	$vtp->setVar( $handle, 'favorite.title', $lang['del_favorites_hint'] );
468	$vtp->setVar( $handle, 'favorite.src',
469	'./template/'.$user['template'].'/theme/del_favorite.gif' );
470	$vtp->setVar( $handle, 'favorite.alt','[ '.$lang['del_favorites_alt'].' ]' );
471	$vtp->closeSession( $handle, 'favorite' );
472	}
473	//------------------------------------ admin link for information modifications
474	if ( $user['status'] == 'admin' )
475	{
476	$vtp->addSession( $handle, 'modification' );
477	$url = './admin/admin.php?page=picture_modify&cat_id='.$page['cat'];
478	$url.= '&image_id='.$page['id'];
479	$vtp->setVar( $handle, 'modification.link', add_session_id( $url ) );
480	$vtp->setVar( $handle, 'modification.name', $lang['link_info_image'] );
481	}
482	//---------------------------------------------- next picture thumbnail display
483	if ( $page['num'] < $page['cat_nb_images']-1 )
484	{
485	$next = $page['num'] + 1;
486	$query = 'SELECT DISTINCT(id),name,file,tn_ext,storage_category_id';
487	$query.= ' FROM '.PREFIX_TABLE.'images';
488	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic ON id=ic.image_id';
489	$query.= $page['where'];
490	$query.= $conf['order_by'];
491	$query.= ' LIMIT '.$next.',1';
492	$query.= ';';
493	$result = mysql_query( $query );
494	$row = mysql_fetch_array( $result );
495
496	if ( $array_cat_directories[$row['storage_category_id']] == '' )
497	{
498	$array_cat_directories[$row['storage_category_id']] =
499	get_complete_dir( $row['storage_category_id'] );
500	}
501	$cat_directory = $array_cat_directories[$row['storage_category_id']];
502
503	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
504	$lien_thumbnail = $cat_directory.'thumbnail/';
505	$lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext'];
506
507	if ( $row['name'] != "" )
508	{
509	$alt_thumbnail = $row['name'];
510	}
511	else
512	{
513	$alt_thumbnail = $file;
514	}
515	$next_title = $lang['next_image']." : ".$alt_thumbnail;
516
517	$url_link = './picture.php?image_id='.$row['id'].'&cat='.$page['cat'];
518	$url_link.= '&expand='.$_GET['expand'];
519	if ( $page['cat'] == 'search' )
520	{
521	$url_link.= "&search=".$_GET['search'].'&mode='.$_GET['mode'];
522	}
523	// sending vars for display
524	$vtp->addSession( $handle, 'next' );
525	$vtp->setGlobalVar( $handle, 'next.url', add_session_id( $url_link ) );
526	$vtp->setGlobalVar( $handle, 'next.title', $next_title );
527	$vtp->setGlobalVar( $handle, 'next.src', $lien_thumbnail );
528	$vtp->setGlobalVar( $handle, 'next.alt', $alt_thumbnail );
529	$vtp->closeSession( $handle, 'next' );
530	// slideshow
531	if ( isset( $_GET['slideshow'] ) )
532	{
533	$vtp->addSession( $handle, 'refresh' );
534	$vtp->setVar( $handle, 'refresh.time', $_GET['slideshow'] );
535	$url = $url_link.'&slideshow='.$_GET['slideshow'];
536	$vtp->setVar( $handle, 'refresh.url', add_session_id( $url ) );
537	$vtp->closeSession( $handle, 'refresh' );
538	}
539	}
540	else
541	{
542	$vtp->addSession( $handle, 'previous_empty' );
543	$vtp->closeSession( $handle, 'previous_empty' );
544	}
545	//---------------------------------------------------- users's comments display
546	if ( $conf['show_comments'] )
547	{
548	$vtp->addSession( $handle, 'comments' );
549	// comment registeration
550	if ( isset( $_POST['content'] ) and $_POST['content'] != '' )
551	{
552	$register_comment = true;
553
554	if ( !$user['is_the_guest'] ) $author = $user['username'];
555	if ( $_POST['author'] != '' ) $author = $_POST['author'];
556	// if a guest try to use the name of an already existing user, he must
557	// be rejected
558	if ( isset( $author ) and $author != $user['username'] )
559	{
560	$query = 'SELECT COUNT(*) AS user_exists';
561	$query.= ' FROM '.PREFIX_TABLE.'users';
562	$query.= " WHERE username = '".$author."'";
563	$query.= ';';
564	$row = mysql_fetch_array( mysql_query( $query ) );
565	if ( $row['user_exists'] == 1 )
566	{
567	$vtp->addSession( $handle, 'information' );
568	$message = $lang['comment_user_exists'];
569	$vtp->setVar( $handle, 'information.content', $message );
570	$vtp->closeSession( $handle, 'information' );
571	$register_comment = false;
572	}
573	}
574
575	if ( $register_comment )
576	{
577	// anti-flood system
578	$reference_date = time() - $conf['anti-flood_time'];
579	$query = 'SELECT id';
580	$query.= ' FROM '.PREFIX_TABLE.'comments';
581	$query.= ' WHERE date > '.$reference_date;
582	$query.= " AND author = '".$author."'";
583	$query.= ';';
584	if ( mysql_num_rows( mysql_query( $query ) ) == 0
585	or $conf['anti-flood_time'] == 0 )
586	{
587	$query = 'INSERT INTO '.PREFIX_TABLE.'comments';
588	$query.= ' (author,date,image_id,content,validated) VALUES';
589	$query.= ' (';
590	if ( !isset( $author ) ) $query.= 'NULL';
591	else $query.= "'".$author."'";
592	$query.= ','.time().','.$page['id'];
593	$query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
594	if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
595	$query.= ",'true'";
596	else
597	$query.= ",'false'";
598	$query.= ');';
599	mysql_query( $query );
600	// information message
601	$vtp->addSession( $handle, 'information' );
602	$message = $lang['comment_added'];
603	if ( $conf['comments_validation'] and $user['status'] != 'admin' )
604	{
605	$message.= '<br />'.$lang['comment_to_validate'];
606	}
607	$vtp->setVar( $handle, 'information.content', $message );
608	$vtp->closeSession( $handle, 'information' );
609	// notification to the administrators
610	if ( $conf['mail_notification'] )
611	{
612	$cat_name = get_cat_display_name( $page['cat_name'], ' > ', '' );
613	$cat_name = strip_tags( $cat_name );
614	if ( $page['name'] == '' ) $picture = $page['file'];
615	else $picture = $page['name'];
616	notify( 'comment', $cat_name.' > '.$picture );
617	}
618	}
619	else
620	{
621	// information message
622	$vtp->addSession( $handle, 'information' );
623	$message = $lang['comment_anti-flood'];
624	$vtp->setVar( $handle, 'information.content', $message );
625	$vtp->closeSession( $handle, 'information' );
626	}
627	}
628	}
629	// comment deletion
630	if ( isset( $_GET['del'] )
631	and is_numeric( $_GET['del'] )
632	and $user['status'] == 'admin' )
633	{
634	$query = 'DELETE FROM '.PREFIX_TABLE.'comments';
635	$query.= ' WHERE id = '.$_GET['del'].';';
636	mysql_query( $query );
637	}
638	// number of comment for this picture
639	$query = 'SELECT COUNT(*) AS nb_comments';
640	$query.= ' FROM '.PREFIX_TABLE.'comments';
641	$query.= ' WHERE image_id = '.$page['id'];
642	$query.= " AND validated = 'true'";
643	$query.= ';';
644	$row = mysql_fetch_array( mysql_query( $query ) );
645	$page['nb_comments'] = $row['nb_comments'];
646	// navigation bar creation
647	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
648	$url.= '&expand='.$_GET['expand'];
649	if ( $page['cat'] == 'search' )
650	{
651	$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
652	}
653	if( !isset( $_GET['start'] )
654	or !is_numeric( $_GET['start'] )
655	or ( is_numeric( $_GET['start'] ) and $_GET['start'] < 0 ) )
656	{
657	$page['start'] = 0;
658	}
659	else
660	{
661	$page['start'] = $_GET['start'];
662	}
663	$page['navigation_bar'] = create_navigation_bar( $url, $page['nb_comments'],
664	$page['start'],
665	$conf['nb_comment_page'],
666	'' );
667	// sending vars for display
668	$vtp->setGlobalVar( $handle, 'navigation_bar', $page['navigation_bar'] );
669	$vtp->setGlobalVar( $handle, 'nb_comments', $page['nb_comments'] );
670
671	$query = 'SELECT id,author,date,image_id,content';
672	$query.= ' FROM '.PREFIX_TABLE.'comments';
673	$query.= ' WHERE image_id = '.$page['id'];
674	$query.= " AND validated = 'true'";
675	$query.= ' ORDER BY date ASC';
676	$query.= ' LIMIT '.$page['start'].', '.$conf['nb_comment_page'].';';
677	$result = mysql_query( $query );
678
679	while ( $row = mysql_fetch_array( $result ) )
680	{
681	$vtp->addSession( $handle, 'comment' );
682	$author = $row['author'];
683	if ( $row['author'] == '' ) $author = $lang['guest'];
684	$vtp->setVar( $handle, 'comment.author', $author );
685	$vtp->setVar( $handle, 'comment.date',
686	format_date( $row['date'], 'unix', true ) );
687	$content = nl2br( $row['content'] );
688
689	// replace _word_ by an underlined word
690	$pattern = '/_([^\s]*)_/';
691	$replacement = '<span style="text-decoration:underline;">\1</span>';
692	$content = preg_replace( $pattern, $replacement, $content );
693
694	// replace word by a bolded word
695	$pattern = '/\([^\s])\*/';
696	$replacement = '<span style="font-weight:bold;">\1</span>';
697	$content = preg_replace( $pattern, $replacement, $content );
698
699	// replace /word/ by an italic word
700	$pattern = '/\/([^\s]*)\//';
701	$replacement = '<span style="font-style:italic;">\1</span>';
702	$content = preg_replace( $pattern, $replacement, $content );
703
704	$vtp->setVar( $handle, 'comment.content', $content );
705	if ( $user['status'] == 'admin' )
706	{
707	$vtp->addSession( $handle, 'delete' );
708	$vtp->setVar( $handle, 'delete.link',
709	add_session_id( $url.'&del='.$row['id'] ) );
710	$vtp->closeSession( $handle, 'delete' );
711	}
712	$vtp->closeSession( $handle, 'comment' );
713	}
714
715	if ( !$user['is_the_guest']
716	or ( $user['is_the_guest'] and $conf['comments_forall'] ) )
717	{
718	$vtp->addSession( $handle, 'add_comment' );
719	// form action
720	$action = str_replace( '&', '&', $_SERVER['REQUEST_URI'] );
721	$vtp->setGlobalVar( $handle, 'form_action', $action );
722	// display author field if the user is not logged in
723	if ( !$user['is_the_guest'] )
724	{
725	$vtp->addSession( $handle, 'author_known' );
726	$vtp->setVar( $handle, 'author_known.value', $user['pseudo'] );
727	$vtp->closeSession( $handle, 'author_known' );
728	}
729	else
730	{
731	$vtp->addSession( $handle, 'author_field' );
732	$vtp->closeSession( $handle, 'author_field' );
733	}
734	$vtp->closeSession( $handle, 'add_comment' );
735	}
736	$vtp->closeSession( $handle, 'comments' );
737	}
738	//------------------------------------------------------------ log informations
739	pwg_log( 'picture', $intitule_cat, $page['file'] );
740	mysql_close();
741	//----------------------------------------------------------- html code display
742	$code = $vtp->Display( $handle, 0 );
743	echo $code;
744	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: