Context Navigation

source: trunk/admin/rating.php @ 4304

Last change on this file since 4304 was 4304, checked in by Eric, 14 years ago

Escape all login and username characters in database
Display correctly usernames

(I hope not to have made mistakes)

Property svn:eol-style set to LF

File size: 7.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if (!defined('PHPWG_ROOT_PATH'))
25	{
26	die ("Hacking attempt!");
27	}
28
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31	// +-----------------------------------------------------------------------+
32	// \| Check Access and exit when user status is not ok \|
33	// +-----------------------------------------------------------------------+
34	check_status(ACCESS_ADMINISTRATOR);
35
36	// +-----------------------------------------------------------------------+
37	// \| initialization \|
38	// +-----------------------------------------------------------------------+
39	if (isset($_GET['start']) and is_numeric($_GET['start']))
40	{
41	$start = $_GET['start'];
42	}
43	else
44	{
45	$start = 0;
46	}
47
48	$elements_per_page=10;
49	if (isset($_GET['display']) and is_numeric($_GET['display']))
50	{
51	$elements_per_page = $_GET['display'];
52	}
53
54	$order_by_index=0;
55	if (isset($_GET['order_by']) and is_numeric($_GET['order_by']))
56	{
57	$order_by_index = $_GET['order_by'];
58	}
59
60	$page['user_filter'] = '';
61	if (isset($_GET['users']))
62	{
63	if ($_GET['users'] == 'user')
64	{
65	$page['user_filter'] = ' AND r.user_id <> '.$conf['guest_id'];
66	}
67	elseif ($_GET['users'] == 'guest')
68	{
69	$page['user_filter'] = ' AND r.user_id = '.$conf['guest_id'];
70	}
71	}
72
73	if (isset($_GET['del']) and !is_adviser())
74	{
75	$del_params = urldecode( $_GET['del'] );
76	parse_str($del_params, $vars);
77	if ( !is_numeric($vars['e']) or !is_numeric($vars['u']) )
78	{
79	die('Hacking attempt');
80	}
81	$query = '
82	DELETE FROM '. RATE_TABLE .'
83	WHERE element_id=' . $vars['e'] . '
84	AND user_id=' . $vars['u'] . '
85	AND anonymous_id=\'' . $vars['a'] . '\'
86	;';
87	pwg_query($query);
88	update_average_rate( $vars['e'] );
89	}
90
91	$users = array();
92	$query = '
93	SELECT '.$conf['user_fields']['username'].' as username, '.$conf['user_fields']['id'].' as id
94	FROM '.USERS_TABLE.'
95	;';
96	$result = pwg_query($query);
97	while ($row = mysql_fetch_assoc($result))
98	{
99	$users[$row['id']]=stripslashes($row['username']);
100	}
101
102
103	$query = 'SELECT COUNT(DISTINCT(i.id))
104	FROM '.RATE_TABLE.' AS r, '.IMAGES_TABLE.' AS i
105	WHERE r.element_id=i.id'. $page['user_filter'] .
106	';';
107	list($nb_images) = mysql_fetch_row(pwg_query($query));
108
109
110	// +-----------------------------------------------------------------------+
111	// \| template init \|
112	// +-----------------------------------------------------------------------+
113
114	$template->set_filename('rating', 'rating.tpl');
115
116	$template->assign(
117	array(
118	'navbar' => create_navigation_bar(
119	PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start','del')),
120	$nb_images,
121	$start,
122	$elements_per_page
123	),
124	'F_ACTION' => PHPWG_ROOT_PATH.'admin.php',
125	'DISPLAY' => $elements_per_page,
126	'NB_ELEMENTS' => $nb_images,
127	)
128	);
129
130
131
132	$available_order_by= array(
133	array(l10n('Rate date'), 'recently_rated DESC'),
134	array(l10n('Average rate'), 'average_rate DESC'),
135	array(l10n('Number of rates'), 'nb_rates DESC'),
136	array(l10n('Sum of rates'), 'sum_rates DESC'),
137	array(l10n('Controversy'), 'std_rates DESC'),
138	array(l10n('File name'), 'file DESC'),
139	array(l10n('Creation date'), 'date_creation DESC'),
140	array(l10n('Post date'), 'date_available DESC'),
141
142	);
143
144	for ($i=0; $i<count($available_order_by); $i++)
145	{
146	$template->append(
147	'order_by_options',
148	$available_order_by[$i][0]
149	);
150	}
151	$template->assign('order_by_options_selected', array($order_by_index) );
152
153
154	$user_options = array(
155	'all' => l10n('all'),
156	'user' => l10n('Users'),
157	'guest' => l10n('Guests'),
158	);
159
160	$template->assign('user_options', $user_options );
161	$template->assign('user_options_selected', array(@$_GET['users']) );
162
163
164	$query = '
165	SELECT i.id,
166	i.path,
167	i.file,
168	i.tn_ext,
169	i.average_rate,
170	MAX(r.date) AS recently_rated,
171	COUNT(r.rate) AS nb_rates,
172	SUM(r.rate) AS sum_rates,
173	ROUND(STD(r.rate),2) AS std_rates
174	FROM '.RATE_TABLE.' AS r
175	LEFT JOIN '.IMAGES_TABLE.' AS i ON r.element_id = i.id
176	WHERE 1 = 1 ' . $page['user_filter'] . '
177	GROUP BY r.element_id
178	ORDER BY ' . $available_order_by[$order_by_index][1] .'
179	LIMIT '.$start.','.$elements_per_page.'
180	;';
181
182	$images = array();
183	$result = pwg_query($query);
184	while ($row = mysql_fetch_assoc($result))
185	{
186	array_push($images, $row);
187	}
188
189	$template->assign( 'images', array() );
190	foreach ($images as $image)
191	{
192	$thumbnail_src = get_thumbnail_url($image);
193
194	$image_url = PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
195	'&image_id='.$image['id'];
196
197	$query = 'SELECT *
198	FROM '.RATE_TABLE.' AS r
199	WHERE r.element_id='.$image['id'] . '
200	ORDER BY date DESC;';
201	$result = pwg_query($query);
202	$nb_rates = mysql_num_rows($result);
203
204	$tpl_image =
205	array(
206	'U_THUMB' => $thumbnail_src,
207	'U_URL' => $image_url,
208	'AVG_RATE' => $image['average_rate'],
209	'STD_RATE' => $image['std_rates'],
210	'SUM_RATE' => $image['sum_rates'],
211	'NB_RATES' => (int)$image['nb_rates'],
212	'NB_RATES_TOTAL' => (int)$nb_rates,
213	'FILE' => $image['file'],
214	'rates' => array()
215	);
216
217	while ($row = mysql_fetch_assoc($result))
218	{
219
220	$url_del = PHPWG_ROOT_PATH.'admin.php'.
221	get_query_string_diff(array('del'));
222
223	$del_param = 'e='.$image['id'].
224	'&u='.$row['user_id'].
225	'&a='.$row['anonymous_id'];
226
227	$url_del .= '&del='.urlencode(urlencode($del_param));
228
229	if ( isset($users[$row['user_id']]) )
230	{
231	$user_rate = $users[$row['user_id']];
232	}
233	else
234	{
235	$user_rate = '? '. $row['user_id'];
236	}
237	if ( strlen($row['anonymous_id'])>0 )
238	{
239	$user_rate .= '('.$row['anonymous_id'].')';
240	}
241
242	$tpl_image['rates'][] =
243	array(
244	'DATE' => format_date($row['date']),
245	'RATE' => $row['rate'],
246	'USER' => $user_rate,
247	'U_DELETE' => $url_del
248	);
249	}
250	$template->append( 'images', $tpl_image );
251	}
252
253	// +-----------------------------------------------------------------------+
254	// \| sending html code \|
255	// +-----------------------------------------------------------------------+
256	$template->assign_var_from_handle('ADMIN_CONTENT', 'rating');
257	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: