Context Navigation

source: trunk/category.php @ 1008

Last change on this file since 1008 was 1004, checked in by nikrou, 19 years ago

Improve security of sessions:

use only cookies to store session id on client side
use default php session system with database handler to store sessions on server side

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 12.4 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2006-01-15 13:45:42 +0000 (Sun, 15 Jan 2006) $
10	// \| last modifier : $Author: nikrou $
11	// \| revision : $Revision: 1004 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	//--------------------------------------------------------------------- include
29	define('PHPWG_ROOT_PATH','./');
30	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
31	//---------------------------------------------------------------------- logout
32	if ( isset( $_GET['act'] )
33	and $_GET['act'] == 'logout'
34	and isset( $_COOKIE[session_name()] ) )
35	{
36	// cookie deletion if exists
37	$_SESSION = array();
38	session_unset();
39	session_destroy();
40	setcookie(session_name(),'',0,'/');
41	$url = 'category.php';
42	redirect( $url );
43	}
44	//-------------------------------------------------- access authorization check
45	if (isset($_GET['cat']))
46	{
47	check_cat_id($_GET['cat']);
48	}
49	check_login_authorization();
50	if (isset($page['cat']) and is_numeric($page['cat']))
51	{
52	check_restrictions($page['cat']);
53	}
54	//-------------------------------------------------------------- initialization
55	// detection of the start picture to display
56	if ( !isset( $_GET['start'] )
57	or !is_numeric( $_GET['start'] )
58	or ( is_numeric( $_GET['start'] ) and $_GET['start'] < 0 ) )
59	{
60	$page['start'] = 0;
61	}
62	else
63	{
64	$page['start'] = $_GET['start'];
65	}
66
67	// Sometimes, a "num" is provided in the URL. It is the number
68	// of the picture to show. This picture must be in the thumbnails page.
69	// We have to find the right $page['start'] that show the num picture
70	// in this category
71	if ( isset( $_GET['num'] )
72	and is_numeric( $_GET['num'] )
73	and $_GET['num'] >= 0 )
74	{
75	$page['start'] = floor( $_GET['num'] / $user['nb_image_page'] );
76	$page['start']*= $user['nb_image_page'];
77	}
78
79	initialize_category();
80
81	// caddie filling :-)
82	if (isset($_GET['caddie']))
83	{
84	// include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
85
86	$query = '
87	SELECT DISTINCT(id)
88	FROM '.IMAGES_TABLE.' AS i
89	INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON id = ic.image_id
90	'.$page['where'].'
91	;';
92	fill_caddie(array_from_query($query, 'id'));
93	}
94
95	// creation of the array containing the cat ids to expand in the menu
96	// $page['tab_expand'] contains an array with the category ids
97	// $page['expand'] contains the string to display in URL with comma
98	$page['tab_expand'] = array();
99	if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
100	{
101	// the category displayed (in the URL cat=23) must be seen in the menu ->
102	// parent categories must be expanded
103	$uppercats = explode( ',', $page['uppercats'] );
104	foreach ( $uppercats as $uppercat ) {
105	array_push( $page['tab_expand'], $uppercat );
106	}
107	}
108	// in case of expanding all authorized cats $page['tab_expand'] is empty
109	if ( $user['expand'] )
110	{
111	$page['tab_expand'] = array();
112	}
113	//----------------------------------------------------- template initialization
114	//
115	// Start output of page
116	//
117	$title = $page['title'];
118	$page['body_id'] = 'theCategoryPage';
119	include(PHPWG_ROOT_PATH.'include/page_header.php');
120
121	$template->set_filenames( array('category'=>'category.tpl') );
122	//-------------------------------------------------------------- category title
123	if (isset($page['cat']) and is_numeric($page['cat']))
124	{
125	$template_title = get_cat_display_name($page['cat_name'],
126	'category.php?cat=',
127	false);
128	}
129	else
130	{
131	$template_title = $page['title'];
132	}
133
134	if ( isset( $page['cat_nb_images'] ) and $page['cat_nb_images'] > 0 )
135	{
136	$template_title.= ' ['.$page['cat_nb_images'].']';
137	}
138
139	$icon_recent = get_icon(date('Y-m-d'));
140
141	$template->assign_vars(
142	array(
143	'NB_PICTURE' => count_user_total_images(),
144	'TITLE' => $template_title,
145	'USERNAME' => $user['username'],
146	'TOP_NUMBER'=>$conf['top_number'],
147	'MENU_CATEGORIES_CONTENT'=>get_categories_menu(),
148
149	'L_CATEGORIES' => $lang['categories'],
150	'L_HINT_CATEGORY' => $lang['hint_category'],
151	'L_SUBCAT' => $lang['sub-cat'],
152	'L_IMG_AVAILABLE' => $lang['images_available'],
153	'L_TOTAL' => $lang['total'],
154	'L_SPECIAL_CATEGORIES' => $lang['special_categories'],
155	'L_SUMMARY' => $lang['title_menu'],
156	'L_UPLOAD' => $lang['upload_picture'],
157	'L_COMMENT' => $lang['comments'],
158	'L_IDENTIFY' => $lang['identification'],
159	'L_PASSWORD' => $lang['password'],
160	'L_HELLO' => $lang['hello'],
161	'L_REGISTER' => $lang['ident_register'],
162	'L_LOGOUT' => $lang['logout'],
163	'L_ADMIN' => $lang['admin'],
164	'L_ADMIN_HINT' => $lang['hint_admin'],
165	'L_PROFILE' => $lang['customize'],
166	'L_PROFILE_HINT' => $lang['hint_customize'],
167	'L_REMEMBER_ME' => $lang['remember_me'],
168
169	'F_IDENTIFY' => PHPWG_ROOT_PATH.'identification.php',
170	'T_RECENT' => $icon_recent,
171
172	'U_HOME' => PHPWG_ROOT_PATH.'category.php',
173	'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
174	'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
175	'U_LOGOUT' => PHPWG_ROOT_PATH.'category.php?act=logout',
176	'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
177	'U_PROFILE'=> PHPWG_ROOT_PATH.'profile.php'
178	)
179	);
180	//-------------------------------------------------------------- external links
181	if (count($conf['links']) > 0)
182	{
183	$template->assign_block_vars('links', array());
184
185	foreach ($conf['links'] as $url => $label)
186	{
187	$template->assign_block_vars(
188	'links.link',
189	array(
190	'URL' => $url,
191	'LABEL' => $label
192	));
193	}
194	}
195	//---------------------------------------------------------- special categories
196	// favorites categories
197	if ( !$user['is_the_guest'] )
198	{
199	$template->assign_block_vars('username', array());
200
201	$template->assign_block_vars(
202	'special_cat',
203	array(
204	'URL' => PHPWG_ROOT_PATH.'category.php?cat=fav',
205	'TITLE' => $lang['favorite_cat_hint'],
206	'NAME' => $lang['favorite_cat']
207	));
208	}
209	// most visited
210	$template->assign_block_vars(
211	'special_cat',
212	array(
213	'URL' => PHPWG_ROOT_PATH.'category.php?cat=most_visited',
214	'TITLE' => $lang['most_visited_cat_hint'],
215	'NAME' => $lang['most_visited_cat']
216	));
217	// best rated
218	if ($conf['rate'])
219	{
220	$template->assign_block_vars(
221	'special_cat',
222	array(
223	'URL' => PHPWG_ROOT_PATH.'category.php?cat=best_rated',
224	'TITLE' => $lang['best_rated_cat_hint'],
225	'NAME' => $lang['best_rated_cat']
226	)
227	);
228	}
229	// random
230	$template->assign_block_vars(
231	'special_cat',
232	array(
233	'URL' => PHPWG_ROOT_PATH.'random.php',
234	'TITLE' => $lang['random_cat_hint'],
235	'NAME' => $lang['random_cat']
236	));
237	// recent pics
238	$template->assign_block_vars(
239	'special_cat',
240	array(
241	'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_pics',
242	'TITLE' => $lang['recent_pics_cat_hint'],
243	'NAME' => $lang['recent_pics_cat']
244	));
245	// recent cats
246	$template->assign_block_vars(
247	'special_cat',
248	array(
249	'URL' => PHPWG_ROOT_PATH.'category.php?cat=recent_cats',
250	'TITLE' => $lang['recent_cats_cat_hint'],
251	'NAME' => $lang['recent_cats_cat']
252	));
253	// calendar
254	$template->assign_block_vars(
255	'special_cat',
256	array(
257	'URL' => PHPWG_ROOT_PATH.'category.php?cat=calendar',
258	'TITLE' => $lang['calendar_hint'],
259	'NAME' => $lang['calendar']
260	));
261	//--------------------------------------------------------------------- summary
262
263	if ($user['is_the_guest'])
264	{
265	$template->assign_block_vars('register', array());
266	$template->assign_block_vars('login', array());
267
268	$template->assign_block_vars('quickconnect', array());
269	if ($conf['authorize_remembering'])
270	{
271	$template->assign_block_vars('quickconnect.remember_me', array());
272	}
273	}
274	else
275	{
276	$template->assign_block_vars('hello', array());
277	$template->assign_block_vars('profile', array());
278
279	// the logout link has no meaning with Apache authentication : it is not
280	// possible to logout with this kind of authentication.
281	if (!$conf['apache_authentication'])
282	{
283	$template->assign_block_vars('logout', array());
284	}
285
286	if ('admin' == $user['status'])
287	{
288	$template->assign_block_vars('admin', array());
289	}
290	}
291
292	// search link
293	$template->assign_block_vars('summary', array(
294	'TITLE'=>$lang['hint_search'],
295	'NAME'=>$lang['search'],
296	'U_SUMMARY'=> 'search.php',
297	));
298
299	// comments link
300	$template->assign_block_vars('summary', array(
301	'TITLE'=>$lang['hint_comments'],
302	'NAME'=>$lang['comments'],
303	'U_SUMMARY'=> 'comments.php',
304	));
305
306	// about link
307	$template->assign_block_vars('summary', array(
308	'TITLE'=>$lang['about_page_title'],
309	'NAME'=>$lang['About'],
310	'U_SUMMARY'=> 'about.php?'.str_replace( '&', '&', $_SERVER['QUERY_STRING'] )
311	));
312
313	// notification
314	$template->assign_block_vars(
315	'summary',
316	array(
317	'TITLE'=>l10n('notification'),
318	'NAME'=>l10n('Notification'),
319	'U_SUMMARY'=> PHPWG_ROOT_PATH.'notification.php'
320	));
321
322	if (isset($page['cat'])
323	and is_numeric($page['cat'])
324	and 'admin' == $user['status'])
325	{
326	$template->assign_block_vars(
327	'edit',
328	array(
329	'URL' =>
330	PHPWG_ROOT_PATH.'admin.php?page=cat_modify'
331	.'&cat_id='.$page['cat']
332	)
333	);
334	}
335
336	//------------------------------------------------------ main part : thumbnails
337	if (isset($page['cat'])
338	and ((is_numeric($page['cat']) and $page['cat_nb_images'] != 0)
339	or in_array($page['cat'],
340	array('search'
341	,'most_visited'
342	,'recent_pics'
343	,'best_rated'
344	,'list'
345	,'fav'
346	))))
347	{
348	include(PHPWG_ROOT_PATH.'include/category_default.inc.php');
349
350	if ('admin' == $user['status'])
351	{
352	$template->assign_block_vars(
353	'caddie',
354	array(
355	'URL' =>
356	PHPWG_ROOT_PATH.'category.php'
357	.get_query_string_diff(array('caddie')).'&caddie=1')
358	);
359	}
360	}
361	elseif (isset($page['cat']) and $page['cat'] == 'calendar')
362	{
363	include(PHPWG_ROOT_PATH.'include/category_calendar.inc.php');
364	}
365	elseif (isset($page['cat']) and $page['cat'] == 'recent_cats')
366	{
367	include(PHPWG_ROOT_PATH.'include/category_recent_cats.inc.php');
368	}
369	else
370	{
371	include(PHPWG_ROOT_PATH.'include/category_subcats.inc.php');
372	}
373	//------------------------------------------------------- category informations
374	if ( isset ( $page['cat'] ) )
375	{
376	// upload a picture in the category
377	if (is_numeric($page['cat'])
378	and $page['cat_site_id'] == 1
379	and $page['cat_dir'] != ''
380	and $page['cat_uploadable'])
381	{
382	$url = PHPWG_ROOT_PATH.'upload.php?cat='.$page['cat'];
383	$template->assign_block_vars(
384	'upload',
385	array('U_UPLOAD'=> $url )
386	);
387	}
388
389	if ( $page['navigation_bar'] != ''
390	or ( isset( $page['comment'] ) and $page['comment'] != '' ) )
391	{
392	$template->assign_block_vars('cat_infos',array());
393	}
394
395	// navigation bar
396	if ( $page['navigation_bar'] != '' )
397	{
398	$template->assign_block_vars(
399	'cat_infos.navigation',
400	array('NAV_BAR' => $page['navigation_bar'])
401	);
402	}
403	// category comment
404	if ( isset( $page['comment'] ) and $page['comment'] != '' )
405	{
406	$template->assign_block_vars(
407	'cat_infos.comment',
408	array('COMMENTS' => $page['comment'])
409	);
410	}
411	}
412	//------------------------------------------------------------ log informations
413	pwg_log( 'category', $page['title'] );
414
415	$template->parse('category');
416	include(PHPWG_ROOT_PATH.'include/page_tail.php');
417	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: