source: trunk/admin/picture_modify.php @ 1571

Last change on this file since 1571 was 1571, checked in by rub, 18 years ago

Resolved Issue ID 0000356:

o Increase security on adviser mode

First modifications of n modifications.
All the others modifications will be done on BSF branch.

Merge branch-1_6 1568:1570 into BSF

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 11.6 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-10-21 12:28:07 +0000 (Sat, 21 Oct 2006) $
10// | last modifier : $Author: rub $
11// | revision      : $Revision: 1571 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28if(!defined("PHPWG_ROOT_PATH"))
29{
30  die('Hacking attempt!');
31}
32
33include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
34
35// +-----------------------------------------------------------------------+
36// | Check Access and exit when user status is not ok                      |
37// +-----------------------------------------------------------------------+
38check_status(ACCESS_ADMINISTRATOR);
39
40// +-----------------------------------------------------------------------+
41// |                          synchronize metadata                         |
42// +-----------------------------------------------------------------------+
43
44if (isset($_GET['sync_metadata']) and !is_adviser())
45{
46  $query = '
47SELECT path
48  FROM '.IMAGES_TABLE.'
49  WHERE id = '.$_GET['image_id'].'
50;';
51  list($path) = mysql_fetch_row(pwg_query($query));
52  update_metadata(array($_GET['image_id'] => $path));
53
54  array_push($page['infos'], l10n('Metadata synchronized from file'));
55}
56
57//--------------------------------------------------------- update informations
58
59// first, we verify whether there is a mistake on the given creation date
60if (isset($_POST['date_creation_action'])
61    and 'set' == $_POST['date_creation_action'])
62{
63  if (!checkdate(
64        $_POST['date_creation_month'],
65        $_POST['date_creation_day'],
66        $_POST['date_creation_year'])
67    )
68  {
69    array_push($page['errors'], $lang['err_date']);
70  }
71}
72
73if (isset($_POST['submit']) and count($page['errors']) == 0 and !is_adviser())
74{
75  $data = array();
76  $data{'id'} = $_GET['image_id'];
77  $data{'name'} = $_POST['name'];
78  $data{'author'} = $_POST['author'];
79
80  if ($conf['allow_html_descriptions'])
81  {
82    $data{'comment'} = @$_POST['description'];
83  }
84  else
85  {
86    $data{'comment'} = strip_tags(@$_POST['description']);
87  }
88
89  if (isset($_POST['date_creation_action']))
90  {
91    if ('set' == $_POST['date_creation_action'])
92    {
93      $data{'date_creation'} = $_POST['date_creation_year']
94                                 .'-'.$_POST['date_creation_month']
95                                 .'-'.$_POST['date_creation_day'];
96    }
97    else if ('unset' == $_POST['date_creation_action'])
98    {
99      $data{'date_creation'} = '';
100    }
101  }
102
103  mass_updates(
104    IMAGES_TABLE,
105    array(
106      'primary' => array('id'),
107      'update' => array_diff(array_keys($data), array('id'))
108      ),
109    array($data)
110    );
111
112  set_tags(
113    isset($_POST['tags']) ? $_POST['tags'] : array(),
114    $_GET['image_id']
115    );
116
117  array_push($page['infos'], l10n('Picture informations updated'));
118}
119// associate the element to other categories than its storage category
120if (isset($_POST['associate'])
121    and isset($_POST['cat_dissociated'])
122    and count($_POST['cat_dissociated']) > 0
123    and !is_adviser()
124  )
125{
126  associate_images_to_categories(
127    array($_GET['image_id']),
128    $_POST['cat_dissociated']
129    );
130}
131// dissociate the element from categories (but not from its storage category)
132if (isset($_POST['dissociate'])
133    and isset($_POST['cat_associated'])
134    and count($_POST['cat_associated']) > 0
135    and !is_adviser()
136  )
137{
138  $query = '
139DELETE FROM '.IMAGE_CATEGORY_TABLE.'
140  WHERE image_id = '.$_GET['image_id'].'
141    AND category_id IN ('.implode(',', $_POST['cat_associated']).')
142';
143  pwg_query($query);
144 
145  update_category($_POST['cat_associated']);
146}
147// elect the element to represent the given categories
148if (isset($_POST['elect'])
149    and isset($_POST['cat_dismissed'])
150    and count($_POST['cat_dismissed']) > 0
151    and !is_adviser()
152  )
153{
154  $datas = array();
155  foreach ($_POST['cat_dismissed'] as $category_id)
156  {
157    array_push($datas,
158               array('id' => $category_id,
159                     'representative_picture_id' => $_GET['image_id']));
160  }
161  $fields = array('primary' => array('id'),
162                  'update' => array('representative_picture_id'));
163  mass_updates(CATEGORIES_TABLE, $fields, $datas);
164}
165// dismiss the element as representant of the given categories
166if (isset($_POST['dismiss'])
167    and isset($_POST['cat_elected'])
168    and count($_POST['cat_elected']) > 0
169    and !is_adviser()
170  )
171{
172  set_random_representant($_POST['cat_elected']);
173}
174
175// retrieving direct information about picture
176$query = '
177SELECT *
178  FROM '.IMAGES_TABLE.'
179  WHERE id = '.$_GET['image_id'].'
180;';
181$row = mysql_fetch_array(pwg_query($query));
182
183$storage_category_id = $row['storage_category_id'];
184$image_file = $row['file'];
185
186// tags
187$query = '
188SELECT tag_id
189  FROM '.IMAGE_TAG_TABLE.'
190  WHERE image_id = '.$_GET['image_id'].'
191;';
192$selected_tags = array_from_query($query, 'tag_id');
193
194// Navigation path
195
196$date = isset($_POST['date_creation']) && empty($page['errors'])
197?$_POST['date_creation']:date_convert_back(@$row['date_creation']);
198
199// +-----------------------------------------------------------------------+
200// |                             template init                             |
201// +-----------------------------------------------------------------------+
202
203$template->set_filenames(
204  array(
205    'picture_modify' => 'admin/picture_modify.tpl'
206    )
207  );
208
209$all_tags = get_all_tags();
210
211if (count($all_tags) > 0)
212{
213  $tag_selection = get_html_tag_selection(
214    get_all_tags(),
215    'tags',
216    $selected_tags
217    );
218}
219else
220{
221  $tag_selection =
222    '<p>'.
223    l10n('No tag defined. Use Administration>Pictures>Tags').
224    '</p>';
225}
226 
227$template->assign_vars(
228  array(
229    'U_SYNC' =>
230        PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
231        '&amp;image_id='.$_GET['image_id'].
232        (isset($_GET['cat_id']) ? '&amp;cat_id='.$_GET['cat_id'] : '').
233        '&amp;sync_metadata=1',
234
235    'PATH'=>$row['path'],
236
237    'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),
238
239    'NAME' =>
240      isset($_POST['name']) ?
241        stripslashes($_POST['name']) : @$row['name'],
242
243    'DIMENSIONS' => @$row['width'].' * '.@$row['height'],
244
245    'FILESIZE' => @$row['filesize'].' KB',
246
247    'REGISTRATION_DATE' =>
248      format_date($row['date_available'], 'mysql_datetime', false),
249
250    'AUTHOR' => isset($_POST['author']) ? $_POST['author'] : @$row['author'],
251
252    'CREATION_DATE' => $date,
253
254    'TAG_SELECTION' => $tag_selection,
255
256    'DESCRIPTION' =>
257      isset($_POST['description']) ?
258        stripslashes($_POST['description']) : @$row['comment'],
259
260    'F_ACTION' =>
261        PHPWG_ROOT_PATH.'admin.php'
262        .get_query_string_diff(array('sync_metadata'))
263    )
264  );
265
266// creation date
267unset($day, $month, $year);
268
269if (isset($_POST['date_creation_action'])
270    and 'set' == $_POST['date_creation_action'])
271{
272  foreach (array('day', 'month', 'year') as $varname)
273  {
274    $$varname = $_POST['date_creation_'.$varname];
275  }
276}
277else if (isset($row['date_creation']) and !empty($row['date_creation']))
278{
279  list($year, $month, $day) = explode('-', $row['date_creation']);
280}
281else
282{
283  list($year, $month, $day) = array('', 0, 0);
284}
285get_day_list('date_creation_day', $day);
286get_month_list('date_creation_month', $month);
287$template->assign_vars(array('DATE_CREATION_YEAR_VALUE' => $year));
288
289$query = '
290SELECT category_id, uppercats
291  FROM '.IMAGE_CATEGORY_TABLE.' AS ic
292    INNER JOIN '.CATEGORIES_TABLE.' AS c
293      ON c.id = ic.category_id
294  WHERE image_id = '.$_GET['image_id'].'
295;';
296$result = pwg_query($query);
297
298if (mysql_num_rows($result) > 1)
299{
300  $template->assign_block_vars('links', array());
301}
302
303while ($row = mysql_fetch_array($result))
304{
305  $name =
306    get_cat_display_name_cache(
307      $row['uppercats'],
308      PHPWG_ROOT_PATH.'admin.php?page=cat_modify&amp;cat_id=',
309      false
310      );
311
312  if ($row['category_id'] == $storage_category_id)
313  {
314    $template->assign_vars(array('STORAGE_CATEGORY' => $name));
315  }
316  else
317  {
318    $template->assign_block_vars('links.category', array('NAME' => $name));
319  }
320}
321
322// jump to link
323//
324// 1. find all linked categories that are reachable for the current user.
325// 2. if a category is available in the URL, use it if reachable
326// 3. if URL category not available or reachable, use the first reachable
327//    linked category
328// 4. if no category reachable, no jumpto link
329
330$query = '
331SELECT category_id
332  FROM '.IMAGE_CATEGORY_TABLE.'
333  WHERE image_id = '.$_GET['image_id'].'
334;';
335
336$authorizeds = array_diff(
337  array_from_query($query, 'category_id'),
338  explode(
339    ',',
340    calculate_permissions($user['id'], $user['status'])
341    )
342  );
343
344if (isset($_GET['cat_id'])
345    and in_array($_GET['cat_id'], $authorizeds))
346{
347  $url_img = make_picture_url(
348    array(
349      'image_id' => $_GET['image_id'],
350      'image_file' => $image_file,
351      'category' => $_GET['cat_id'],
352      )
353    );
354}
355else
356{
357  foreach ($authorizeds as $category)
358  {
359    $url_img = make_picture_url(
360      array(
361        'image_id' => $_GET['image_id'],
362        'image_file' => $image_file,
363        'category' => $category,
364        )
365      );
366    break;
367  }
368}
369
370if (isset($url_img))
371{
372  $template->assign_block_vars(
373    'jumpto',
374    array(
375      'URL' => $url_img
376      )
377    );
378}
379
380// associate to another category ?
381$query = '
382SELECT id,name,uppercats,global_rank
383  FROM '.CATEGORIES_TABLE.'
384    INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
385  WHERE image_id = '.$_GET['image_id'].'
386    AND id != '.$storage_category_id.'
387;';
388display_select_cat_wrapper($query, array(), 'associated_option');
389
390$result = pwg_query($query);
391$associateds = array($storage_category_id);
392while ($row = mysql_fetch_array($result))
393{
394  array_push($associateds, $row['id']);
395}
396$query = '
397SELECT id,name,uppercats,global_rank
398  FROM '.CATEGORIES_TABLE.'
399  WHERE id NOT IN ('.implode(',', $associateds).')
400;';
401display_select_cat_wrapper($query, array(), 'dissociated_option');
402
403// representing
404$query = '
405SELECT id,name,uppercats,global_rank
406  FROM '.CATEGORIES_TABLE.'
407  WHERE representative_picture_id = '.$_GET['image_id'].'
408;';
409display_select_cat_wrapper($query, array(), 'elected_option');
410
411$query = '
412SELECT id,name,uppercats,global_rank
413  FROM '.CATEGORIES_TABLE.'
414  WHERE representative_picture_id != '.$_GET['image_id'].'
415    OR representative_picture_id IS NULL
416;';
417display_select_cat_wrapper($query, array(), 'dismissed_option');
418
419//----------------------------------------------------------- sending html code
420
421$template->assign_var_from_handle('ADMIN_CONTENT', 'picture_modify');
422?>
Note: See TracBrowser for help on using the repository browser.