source: trunk/admin/cat_list.php @ 1033

Last change on this file since 1033 was 1004, checked in by nikrou, 19 years ago

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 11.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-01-15 13:45:42 +0000 (Sun, 15 Jan 2006) $
10// | last modifier : $Author: nikrou $
11// | revision      : $Revision: 1004 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28if (!defined('PHPWG_ROOT_PATH'))
29{
30  die('Hacking attempt!');
31}
32include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
33
34// +-----------------------------------------------------------------------+
35// |                               functions                               |
36// +-----------------------------------------------------------------------+
37
38/**
39 * save the rank depending on given categories order
40 *
41 * The list of ordered categories id is supposed to be in the same parent
42 * category
43 *
44 * @param array categories
45 * @return void
46 */
47function save_categories_order($categories)
48{
49  $current_rank = 0;
50  $datas = array();
51  foreach ($categories as $id)
52  {
53    array_push($datas, array('id' => $id, 'rank' => ++$current_rank));
54  }
55  $fields = array('primary' => array('id'), 'update' => array('rank'));
56  mass_updates(CATEGORIES_TABLE, $fields, $datas);
57
58  update_global_rank(@$_GET['parent_id']);
59}
60
61// +-----------------------------------------------------------------------+
62// |                            initialization                             |
63// +-----------------------------------------------------------------------+
64
65$categories = array();
66
67$base_url = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
68$navigation = '<a class="" href="'.$base_url.'">';
69$navigation.= $lang['home'];
70$navigation.= '</a>';
71
72// +-----------------------------------------------------------------------+
73// |                    virtual categories management                      |
74// +-----------------------------------------------------------------------+
75// request to delete a virtual category
76if (isset($_GET['delete']) and is_numeric($_GET['delete']))
77{
78  delete_categories(array($_GET['delete']));
79  array_push($page['infos'], $lang['cat_virtual_deleted']);
80  ordering();
81  update_global_rank();
82}
83// request to add a virtual category
84else if (isset($_POST['submitAdd']))
85{
86  // is the given category name only containing blank spaces ?
87  if (preg_match('/^\s*$/', $_POST['virtual_name']))
88  {
89    array_push($page['errors'], $lang['cat_error_name']);
90  }
91       
92  if (!count($page['errors']))
93  {
94    $parent_id = !empty($_GET['parent_id'])?$_GET['parent_id']:'NULL';
95   
96    if ($parent_id != 'NULL')
97    {
98      $query = '
99SELECT id,uppercats,global_rank,visible,status
100  FROM '.CATEGORIES_TABLE.'
101  WHERE id = '.$parent_id.'
102;';
103      $row = mysql_fetch_array(pwg_query($query));
104      $parent = array('id' => $row['id'],
105                      'uppercats' => $row['uppercats'],
106                      'visible' => $row['visible'],
107                      'status' => $row['status'],
108                      'global_rank' => $row['global_rank']);
109    }
110
111    // what will be the inserted id ?
112    $query = '
113SELECT IF(MAX(id)+1 IS NULL, 1, MAX(id)+1)
114  FROM '.CATEGORIES_TABLE.'
115;';
116    list($next_id) = mysql_fetch_array(pwg_query($query));
117   
118    $insert = array();
119    $insert{'id'} = $next_id++;
120    $insert{'name'} = $_POST['virtual_name'];
121    $insert{'rank'} = $_POST['rank'];
122    $insert{'commentable'} = $conf['newcat_default_commentable'];
123
124    // a virtual category can't be uploadable
125    $insert{'uploadable'} = 'false';
126   
127    if (isset($parent))
128    {
129      $insert{'id_uppercat'} = $parent{'id'};
130      $insert{'uppercats'}   = $parent{'uppercats'}.','.$insert{'id'};
131      $insert{'global_rank'} = $parent{'global_rank'}.'.'.$insert{'rank'};
132      // at creation, must a category be visible or not ? Warning : if
133      // the parent category is invisible, the category is automatically
134      // create invisible. (invisible = locked)
135      if ('false' == $parent['visible'])
136      {
137        $insert{'visible'} = 'false';
138      }
139      else
140      {
141        $insert{'visible'} = $conf['newcat_default_visible'];
142      }
143      // at creation, must a category be public or private ? Warning :
144      // if the parent category is private, the category is
145      // automatically create private.
146      if ('private' == $parent['status'])
147      {
148        $insert{'status'} = 'private';
149      }
150      else
151      {
152        $insert{'status'} = $conf['newcat_default_status'];
153      }
154    }
155    else
156    {
157      $insert{'visible'} = $conf['newcat_default_visible'];
158      $insert{'status'} = $conf['newcat_default_status'];
159      $insert{'uppercats'} = $insert{'id'};
160      $insert{'global_rank'} = $insert{'rank'};
161    }
162
163    $inserts = array($insert);
164   
165    // we have then to add the virtual category
166    $dbfields = array('id','site_id','name','id_uppercat','rank',
167                      'commentable','uploadable','visible','status',
168                      'uppercats','global_rank');
169    mass_inserts(CATEGORIES_TABLE, $dbfields, $inserts);
170
171    array_push($page['infos'], $lang['cat_virtual_added']);
172  }
173}
174else if (isset($_POST['submitOrder']))
175{
176  asort($_POST['catOrd'], SORT_NUMERIC);
177  save_categories_order(array_keys($_POST['catOrd']));
178}
179// +-----------------------------------------------------------------------+
180// |                           Cache management                            |
181// +-----------------------------------------------------------------------+
182$query = '
183SELECT *
184  FROM '.CATEGORIES_TABLE;
185if (!isset($_GET['parent_id']))
186{
187  $query.= '
188  WHERE id_uppercat IS NULL';
189}
190else
191{
192  $query.= '
193  WHERE id_uppercat = '.$_GET['parent_id'];
194}
195$query.= '
196  ORDER BY rank ASC
197;';
198$result = pwg_query($query);
199while ($row = mysql_fetch_assoc($result))
200{
201  $categories[$row['rank']] = $row;
202  $categories[$row['rank']]['nb_subcats'] = 0;
203}
204
205// +-----------------------------------------------------------------------+
206// |                            Navigation path                            |
207// +-----------------------------------------------------------------------+
208
209if (isset($_GET['parent_id']))
210{
211  $navigation.= $conf['level_separator'];
212
213  $current_category = get_cat_info($_GET['parent_id']);
214  $navigation.= get_cat_display_name($current_category['name'],
215                                     $base_url.'&amp;parent_id=',
216                                     false);
217}
218// +-----------------------------------------------------------------------+
219// |                       template initialization                         |
220// +-----------------------------------------------------------------------+
221$template->set_filenames(array('categories'=>'admin/cat_list.tpl'));
222
223$form_action = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
224if (isset($_GET['parent_id']))
225{
226  $form_action.= '&amp;parent_id='.$_GET['parent_id'];
227}
228
229if (count($categories) > 0)
230{
231  $next_rank = max(array_keys($categories)) + 1;
232}
233else
234{
235  $next_rank = 1;
236}
237
238$template->assign_vars(array(
239  'CATEGORIES_NAV'=>$navigation,
240  'NEXT_RANK'=>$next_rank,
241  'F_ACTION'=>$form_action,
242 
243  'L_ADD_VIRTUAL'=>$lang['cat_add'],
244  'L_SUBMIT'=>$lang['submit'],
245  'L_STORAGE'=>$lang['storage'],
246  'L_NB_IMG'=>$lang['pictures'],
247  'L_MOVE_UP'=>$lang['up'],
248  'L_EDIT'=>$lang['edit'],
249  'L_DELETE'=>$lang['delete'],
250 ));
251 
252$tpl = array('cat_first','cat_last');
253// +-----------------------------------------------------------------------+
254// |                          Categories display                           |
255// +-----------------------------------------------------------------------+
256
257$categories = array();
258
259$query = '
260SELECT id, name, dir, rank, nb_images, status
261  FROM '.CATEGORIES_TABLE;
262if (!isset($_GET['parent_id']))
263{
264  $query.= '
265  WHERE id_uppercat IS NULL';
266}
267else
268{
269  $query.= '
270  WHERE id_uppercat = '.$_GET['parent_id'];
271}
272$query.= '
273  ORDER BY rank ASC
274;';
275$result = pwg_query($query);
276while ($row = mysql_fetch_array($result))
277{
278  $categories[$row['id']] = $row;
279  // by default, let's consider there is no sub-categories. This will be
280  // calculated after.
281  $categories[$row['id']]['nb_subcats'] = 0;
282}
283
284if (count($categories) > 0)
285{
286  $query = '
287SELECT id_uppercat, COUNT(*) AS nb_subcats
288  FROM '. CATEGORIES_TABLE.'
289  WHERE id_uppercat IN ('.implode(',', array_keys($categories)).')
290  GROUP BY id_uppercat
291;';
292  $result = pwg_query($query);
293  while ($row = mysql_fetch_array($result))
294  {
295    $categories[$row['id_uppercat']]['nb_subcats'] = $row['nb_subcats'];
296  }
297}
298
299foreach ($categories as $category)
300{
301  // TODO : not used anymore ?
302  //$images_folder = PHPWG_ROOT_PATH.'template/';
303  //$images_folder.= $user['template'].'/admin/images';
304 
305  $base_url = PHPWG_ROOT_PATH.'admin.php?page=';
306  $cat_list_url = $base_url.'cat_list';
307 
308  $self_url = $cat_list_url;
309  if (isset($_GET['parent_id']))
310  {
311    $self_url.= '&amp;parent_id='.$_GET['parent_id'];
312  }
313
314  $template->assign_block_vars(
315    'category',
316    array(
317      'NAME'=>$category['name'],
318      'ID'=>$category['id'],
319      'RANK'=>$category['rank']*10,
320
321      'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
322      'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],     
323      'U_EDIT'=>$base_url.'cat_modify&amp;cat_id='.$category['id']
324      )
325    );
326 
327  if (empty($category['dir']))
328  {
329    $template->assign_block_vars(
330      'category.delete',
331      array(
332        'URL'=>$self_url.'&amp;delete='.$category['id']
333        )
334      );
335  }
336 
337  if ($category['nb_images'] > 0)
338  {
339    $template->assign_block_vars(
340      'category.elements',
341      array(
342        'URL'=>$base_url.'element_set&amp;cat='.$category['id']
343        )
344      );
345  }
346
347  if ('private' == $category['status'])
348  {
349    $template->assign_block_vars(
350      'category.permissions',
351      array(
352        'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
353        )
354      );
355  }
356}
357// +-----------------------------------------------------------------------+
358// |                          sending html code                            |
359// +-----------------------------------------------------------------------+
360$template->assign_var_from_handle('ADMIN_CONTENT', 'categories');
361?>
Note: See TracBrowser for help on using the repository browser.