Context Navigation

source: trunk/picture.php @ 79

Last change on this file since 79 was 78, checked in by z0rglub, 21 years ago

A guest can't take the username of an already existing user

If a guest post a comment without giving a username, the $langguest is displayed

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 25.8 KB

Line
1	<?php
2	/***************************************************************************
3	* picture.php *
4	* ------------------- *
5	* application : PhpWebGallery 1.3 <http://phpwebgallery.net> *
6	* author : Pierrick LE GALL <pierrick@z0rglub.com> *
7	* *
8	* $Id: picture.php 78 2003-09-07 21:33:36Z z0rglub $
9	* *
10	***************************************************************************/
11
12	/***************************************************************************
13	* *
14	* This program is free software; you can redistribute it and/or modify *
15	* it under the terms of the GNU General Public License as published by *
16	* the Free Software Foundation; *
17	* *
18	***************************************************************************/
19
20	// this page shows the image full size
21	//----------------------------------------------------------- personnal include
22	include_once( './include/init.inc.php' );
23	//-------------------------------------------------- access authorization check
24	check_cat_id( $_GET['cat'] );
25	check_login_authorization();
26	$page['plain_structure'] = get_plain_structure();
27	if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
28	{
29	check_restrictions( $page['cat'] );
30	}
31	//---------------------------------------- incrementation of the number of hits
32	$query = 'UPDATE '.PREFIX_TABLE.'images';
33	$query.= ' SET hit=hit+1';
34	$query.= ' WHERE id='.$_GET['image_id'];
35	$query.= ';';
36	@mysql_query( $query );
37	//-------------------------------------------------------------- initialization
38	initialize_category( 'picture' );
39	$cat_directory = $page['cat_dir']; // by default
40	//------------------------------------- main picture information initialization
41	$query = 'SELECT id,date_available,comment,hit,keywords';
42	$query.= ',author,name,file,date_creation,filesize,width,height';
43	$query.= ',storage_category_id';
44	if ( is_numeric( $page['cat'] ) )
45	{
46	$query.= ',category_id';
47	}
48	$query.= ' FROM '.PREFIX_TABLE.'images';
49	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic ON id = ic.image_id';
50	$query.= $page['where'];
51	$query.= ' AND id = '.$_GET['image_id'];
52	$query.= $conf['order_by'];
53	$query.= ';';
54	$result = mysql_query( $query );
55	$row = mysql_fetch_array( $result );
56	$page['id'] = $row['id'];
57	$page['file'] = $row['file'];
58	$page['name'] = $row['name'];
59	$page['date_available'] = $row['date_available'];
60	$page['comment'] = $row['comment'];
61	$page['hit'] = $row['hit'];
62	$page['author'] = $row['author'];
63	$page['date_creation'] = $row['date_creation'];
64	$page['filesize'] = $row['filesize'];
65	$page['width'] = $row['width'];
66	$page['height'] = $row['height'];
67	$page['category_id'] = $row['category_id'];
68	$page['keywords'] = $row['keywords'];
69	$page['storage_category_id'] = $row['storage_category_id'];
70	// retrieving the number of the picture in its category (in order)
71	$query = 'SELECT DISTINCT(id)';
72	$query.= ' FROM '.PREFIX_TABLE.'images';
73	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic ON id = ic.image_id';
74	$query.= $page['where'];
75	$query.= $conf['order_by'];
76	$query.= ';';
77	$result = mysql_query( $query );
78	$page['num'] = 0;
79	$row = mysql_fetch_array( $result );
80	while ( $row['id'] != $page['id'] )
81	{
82	$page['num']++;
83	$row = mysql_fetch_array( $result );
84	}
85	//--------------------------------------------------------- favorite management
86	if ( isset( $_GET['add_fav'] ) )
87	{
88	if ( $_GET['add_fav'] == 1 )
89	{
90	// verify if the picture is already in the favorite of the user
91	$query = 'SELECT COUNT(*) AS nb_fav';
92	$query.= ' FROM '.PREFIX_TABLE.'favorites';
93	$query.= ' WHERE image_id = '.$page['id'];
94	$query.= ' AND user_id = '.$user['id'];
95	$query.= ';';
96	$result = mysql_query( $query );
97	$row = mysql_fetch_array( $result );
98	if ( $row['nb_fav'] == 0 )
99	{
100	$query = 'INSERT INTO '.PREFIX_TABLE.'favorites';
101	$query.= ' (image_id,user_id) VALUES';
102	$query.= ' ('.$page['id'].','.$user['id'].')';
103	$query.= ';';
104	$result = mysql_query( $query );
105	}
106	}
107	if ( $_GET['add_fav'] == 0 )
108	{
109	$query = 'DELETE FROM '.PREFIX_TABLE.'favorites';
110	$query.= ' WHERE user_id = '.$user['id'];
111	$query.= ' AND image_id = '.$page['id'];
112	$query.= ';';
113	$result = mysql_query( $query );
114
115	$page['cat_nb_images'] = $page['cat_nb_images'] - 1;
116	if ( $page['cat_nb_images'] <= 0 )
117	{
118	// there is no favorite picture anymore
119	// we redirect the user to the category page
120	$url = add_session_id( 'category.php' );
121	header( 'Request-URI: '.$url );
122	header( 'Content-Location: '.$url );
123	header( 'Location: '.$url );
124	exit();
125	}
126	// redirection of the user to the picture.php page
127	// with the right picture
128	$page['num'] = $page['num'] - 1;
129	if ( $page['num'] == -1 )
130	{
131	$page['num'] = 0;
132	}
133	$query = 'SELECT id';
134	$query.= ' FROM '.PREFIX_TABLE.'images';
135	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic';
136	$query.= ' ON id = ic.image_id';
137	$query.= $page['where'];
138	$query.= $conf['order_by'];
139	$query.= ' LIMIT '.$page['num'].',1';
140	$query.= ';';
141	$result = mysql_query( $query );
142	$row = mysql_fetch_array( $result );
143	$redirect = './picture.php?image_id='.$row['id'].'&cat='.$page['cat'];
144	$redirect.= '&expand='.$_GET['expand'];
145	if ( $page['cat'] == 'search' )
146	{
147	$redirect.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
148	}
149	$url = add_session_id( $redirect, true );
150	header( 'Request-URI: '.$url );
151	header( 'Content-Location: '.$url );
152	header( 'Location: '.$url );
153	exit();
154	}
155	}
156	//----------------------------------------------------- template initialization
157	$vtp = new VTemplate;
158	$handle = $vtp->Open( './template/'.$user['template'].'/picture.vtp' );
159	initialize_template();
160
161	$tpl = array( 'back','submit','comments_title','comments_del','delete',
162	'comments_add','author','slideshow','slideshow_stop',
163	'period_seconds' );
164	templatize_array( $tpl, 'lang', $handle );
165	$vtp->setGlobalVar( $handle, 'user_template', $user['template'] );
166	$vtp->setGlobalVar( $handle, 'text_color', $user['couleur_text'] );
167	//-------------------------------------------------------- slideshow management
168	if ( isset( $_GET['slideshow'] ) )
169	{
170	if ( !is_numeric( $_GET['slideshow'] ) )
171	$_GET['slideshow'] = $conf['slideshow_period'][0];
172	$vtp->addSession( $handle, 'stop_slideshow' );
173	$url = './picture.php';
174	$url.= '?image_id='.$page['id'];
175	$url.= '&cat='.$page['cat'];
176	$url.= '&expand='.$_GET['expand'];
177	if ( $page['cat'] == 'search' )
178	{
179	$url.= '&search='.$_GET['search'];
180	$url.= '&mode='.$_GET['mode'];
181	}
182	$vtp->setVar( $handle, 'stop_slideshow.url', add_session_id( $url ) );
183	$vtp->closeSession( $handle, 'stop_slideshow' );
184	}
185	else
186	{
187	$vtp->addSession( $handle, 'start_slideshow' );
188	foreach ( $conf['slideshow_period'] as $option ) {
189	$vtp->addSession( $handle, 'second' );
190	$vtp->setVar( $handle, 'second.option', $option );
191	$url = './picture.php';
192	$url.= '?image_id='.$page['id'];
193	$url.= '&cat='.$page['cat'];
194	$url.= '&expand='.$_GET['expand'];
195	if ( $page['cat'] == 'search' )
196	{
197	$url.= '&search='.$_GET['search'];
198	$url.= '&mode='.$_GET['mode'];
199	}
200	$url.= '&slideshow='.$option;
201	$vtp->setVar( $handle, 'second.url', add_session_id( $url ) );
202	$vtp->closeSession( $handle, 'second' );
203	}
204	$vtp->closeSession( $handle, 'start_slideshow' );
205	}
206	//------------------------------------------------------------------ page title
207	if ( $page['name'] != '' )
208	{
209	$vtp->setGlobalVar( $handle, 'page_title', $page['name'] );
210	}
211	else
212	{
213	$vtp->setGlobalVar( $handle, 'page_title', $page['file'] );
214	}
215	//-------------------------------------------------- previous picture thumbnail
216	if ( $page['num'] >= 1 )
217	{
218	$prev = $page['num'] - 1;
219	$query = 'SELECT DISTINCT(id),name,file,tn_ext,storage_category_id';
220	$query.= ' FROM '.PREFIX_TABLE.'images';
221	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic ON id=ic.image_id';
222	$query.= $page['where'];
223	$query.= $conf['order_by'];
224	$query.= ' LIMIT '.$prev.',1';
225	$query.= ';';
226	$result = mysql_query( $query );
227	$row = mysql_fetch_array( $result );
228
229	if ( $array_cat_directories[$row['storage_category_id']] == '' )
230	{
231	$array_cat_directories[$row['storage_category_id']] =
232	get_complete_dir( $row['storage_category_id'] );
233	}
234	$cat_directory = $array_cat_directories[$row['storage_category_id']];
235
236	$file = substr( $row['file'], 0, strrpos ( $row['file'], '.' ) );
237	$lien_thumbnail = $cat_directory.'/thumbnail/';
238	$lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext'];
239
240	$prev_title = $lang['previous_image'].' : ';
241	$alt_thumbnaill = '';
242	if ( $row['name'] != '' ) $alt_thumbnail = $row['name'];
243	else $alt_thumbnail = $file;
244	$prev_title.= $alt_thumbnail;
245
246	$url_link = './picture.php?image_id='.$row['id'].'&cat='.$page['cat'];
247	$url_link.= '&expand='.$_GET['expand'];
248	if ( $page['cat'] == 'search' )
249	{
250	$url_link.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
251	}
252	// sending vars for display
253	$vtp->addSession( $handle, 'previous' );
254	$vtp->setGlobalVar( $handle, 'previous.url', add_session_id( $url_link ) );
255	$vtp->setGlobalVar( $handle, 'previous.title', $prev_title );
256	$vtp->setGlobalVar( $handle, 'previous.src', $lien_thumbnail );
257	$vtp->setGlobalVar( $handle, 'previous.alt', $alt_thumbnail );
258	$vtp->closeSession( $handle, 'previous' );
259	}
260	else
261	{
262	$vtp->addSession( $handle, 'previous_empty' );
263	$vtp->closeSession( $handle, 'previous_empty' );
264	}
265	//-------------------------------------------------------- main picture display
266	if ( is_numeric( $page['cat'] ) )
267	{
268	$intitule_cat = get_cat_display_name( $page['cat_name'], " - ",
269	"font-style:italic;" );
270	}
271	else
272	{
273	$intitule_cat = $page['title'];
274	}
275
276	if ( $array_cat_directories[$page['storage_category_id']] == '' )
277	{
278	$array_cat_directories[$page['storage_category_id']] =
279	get_complete_dir( $page['storage_category_id'] );
280	}
281	$cat_directory = $array_cat_directories[$page['storage_category_id']];
282
283	$n = $page['num'] + 1;
284	$intitule_titre = replace_space( $intitule_cat." - " ).$n.'/'.
285	$intitule_titre.= $page['cat_nb_images']."<br />";
286	if ( $page['name'] != "" )
287	{
288	$intitule_file = $page['name'];
289	}
290	else
291	{
292	$intitule_file = str_replace( "_", " ",
293	substr( $page['file'], 0,
294	strrpos ( $page['file'], ".") ) );
295	}
296	if ( $page['cat'] == 'search' )
297	{
298	$intitule_file = replace_search( $intitule_file, $_GET['search'] );
299	}
300	$vtp->setGlobalVar( $handle, 'title', $intitule_titre.$intitule_file );
301
302	$lien_image = $cat_directory.$page['file'];
303
304	// calculation of width and height
305	if ( $page['width'] == "" )
306	{
307	$taille_image = @getimagesize( $lien_image );
308	$original_width = $taille_image[0];
309	$original_height = $taille_image[1];
310	}
311	else
312	{
313	$original_width = $page['width'];
314	$original_height = $page['height'];
315	}
316
317	$picture_size = get_picture_size( $original_width, $original_height,
318	$user['maxwidth'], $user['maxheight'] );
319	$final_width = $picture_size[0];
320	$final_height = $picture_size[1];
321
322	$url_link = './category.php?cat='.$page['cat'].'&';
323	$url_link.= 'num='.$page['num'].'&expand='.$_GET['expand'];
324	if ( $page['cat'] == 'search' )
325	{
326	$url_link.= "&search=".$_GET['search'].'&mode='.$_GET['mode'];
327	}
328	$vtp->setGlobalVar( $handle, 'picture_link', add_session_id( $url_link ) );
329	$vtp->setGlobalVar( $handle, 'picture_width', $final_width );
330	$vtp->setGlobalVar( $handle, 'picture_height', $final_height );
331	$vtp->setGlobalVar( $handle, 'picture_border_color', $user['couleur_text'] );
332	$vtp->setGlobalVar( $handle, 'picture_src', $lien_image );
333	$vtp->setGlobalVar( $handle, 'picture_alt', $page['file'] );
334
335	if ( $page['comment'] != '' )
336	{
337	if ( $page['cat'] == 'search' )
338	{
339	$picture_comment = replace_search( $page['comment'], $_GET['search'] );
340	$vtp->setGlobalVar( $handle, 'picture_comment', $picture_comment );
341	}
342	else
343	{
344	$vtp->setGlobalVar( $handle, 'picture_comment', $page['comment'] );
345	}
346	}
347	//--------------------------------------------------------- picture information
348	// author
349	if ( $page['author'] != "" )
350	{
351	$vtp->addSession( $handle, 'info_line' );
352	$vtp->setVar( $handle, 'info_line.name', $lang['author'].' : ' );
353	$vtp->setVar( $handle, 'info_line.content', $page['author'] );
354	$vtp->closeSession( $handle, 'info_line' );
355	}
356	// creation date
357	if ( $page['date_creation'] != "" )
358	{
359	$vtp->addSession( $handle, 'info_line' );
360	$vtp->setVar( $handle, 'info_line.name', $lang['creation_date'].' : ' );
361	$vtp->setVar( $handle, 'info_line.content',
362	format_date( $page['date_creation'] ) );
363	$vtp->closeSession( $handle, 'info_line' );
364	}
365	// date of availability
366	$vtp->addSession( $handle, 'info_line' );
367	$vtp->setVar( $handle, 'info_line.name', $lang['registration_date'].' : ' );
368	list( $year,$month,$day ) = explode( '-', $page['date_available'] );
369	$vtp->setVar( $handle, 'info_line.content',
370	format_date( $page['date_available'] ) );
371	$vtp->closeSession( $handle, 'info_line' );
372	// size in pixels
373	$vtp->addSession( $handle, 'info_line' );
374	$vtp->setVar( $handle, 'info_line.name', $lang['size'].' : ' );
375	if ( $original_width != $final_width or $original_height != $final_height )
376	{
377	$content = '[ <a href="'.$lien_image.'" title="'.$lang['true_size'].'">';
378	$content.= $original_width.'*'.$original_height.'</a> ]';
379	$vtp->setVar( $handle, 'info_line.content', $content );
380	}
381	else
382	{
383	$content = $original_width.'*'.$original_height;
384	$vtp->setVar( $handle, 'info_line.content', $content );
385	}
386	$vtp->closeSession( $handle, 'info_line' );
387	// file
388	$vtp->addSession( $handle, 'info_line' );
389	$vtp->setVar( $handle, 'info_line.name', $lang['file'].' : ' );
390	if ( $page['cat'] == 'search' )
391	{
392	$content = replace_search( $page['file'], $_GET['search'] );
393	$vtp->setVar( $handle, 'info_line.content', $content );
394	}
395	else
396	{
397	$vtp->setVar( $handle, 'info_line.content', $page['file'] );
398	}
399	$vtp->closeSession( $handle, 'info_line' );
400	// filesize
401	if ( $page['filesize'] == "" )
402	{
403	$poids = floor ( filesize( $lien_image ) / 1024 );
404	}
405	else
406	{
407	$poids = $page['filesize'];
408	}
409	$vtp->addSession( $handle, 'info_line' );
410	$vtp->setVar( $handle, 'info_line.name', $lang['filesize'].' : ' );
411	$vtp->setVar( $handle, 'info_line.content', $poids.' KB' );
412	$vtp->closeSession( $handle, 'info_line' );
413	// keywords
414	if ( $page['keywords'] != '' )
415	{
416	$vtp->addSession( $handle, 'info_line' );
417	$vtp->setVar( $handle, 'info_line.name', $lang['keywords'].' : ' );
418	$keywords = explode( ',', $page['keywords'] );
419	$content = '';
420	$url = './category.php?cat=search&expand='.$_GET['expand'];
421	$url.= '&mode=OR&search=';
422	foreach ( $keywords as $i => $keyword ) {
423	$local_url = add_session_id( $url.$keyword );
424	if ( $i > 0 ) $content.= ',';
425	$content.= '<a href="'.$local_url.'">'.$keyword.'</a>';
426	}
427	$vtp->setVar( $handle, 'info_line.content', $content );
428	$vtp->closeSession( $handle, 'info_line' );
429	}
430	// number of visits
431	$vtp->addSession( $handle, 'info_line' );
432	$vtp->setVar( $handle, 'info_line.name', $lang['visited'].' : ' );
433	$vtp->setVar( $handle, 'info_line.content', $page['hit'].' '.$lang['times'] );
434	$vtp->closeSession( $handle, 'info_line' );
435	//------------------------------------------------------- favorite manipulation
436	if ( $page['cat'] != 'fav' and !$user['is_the_guest'] )
437	{
438	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
439	$url.= '&expand='.$_GET['expand'].'&add_fav=1';
440	if ( $page['cat'] == 'search' )
441	{
442	$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
443	}
444	$vtp->addSession( $handle, 'favorite' );
445	$vtp->setVar( $handle, 'favorite.link', add_session_id( $url ) );
446	$vtp->setVar( $handle, 'favorite.title', $lang['add_favorites_hint'] );
447	$vtp->setVar( $handle, 'favorite.src',
448	'./template/'.$user['template'].'/theme/favorite.gif' );
449	$vtp->setVar( $handle, 'favorite.alt','[ '.$lang['add_favorites_alt'].' ]' );
450	$vtp->closeSession( $handle, 'favorite' );
451	}
452	if ( $page['cat'] == 'fav' )
453	{
454	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
455	$url.= '&expand='.$_GET['expand'].'&add_fav=0';
456	$vtp->addSession( $handle, 'favorite' );
457	$vtp->setVar( $handle, 'favorite.link', add_session_id( $url ) );
458	$vtp->setVar( $handle, 'favorite.title', $lang['del_favorites_hint'] );
459	$vtp->setVar( $handle, 'favorite.src',
460	'./template/'.$user['template'].'/theme/del_favorite.gif' );
461	$vtp->setVar( $handle, 'favorite.alt','[ '.$lang['del_favorites_alt'].' ]' );
462	$vtp->closeSession( $handle, 'favorite' );
463	}
464	//------------------------------------ admin link for information modifications
465	if ( $user['status'] == 'admin' )
466	{
467	$vtp->addSession( $handle, 'modification' );
468	$url = './admin/admin.php?page=picture_modify&cat_id='.$page['cat'];
469	$url.= '&image_id='.$page['id'];
470	$vtp->setVar( $handle, 'modification.link', add_session_id( $url ) );
471	$vtp->setVar( $handle, 'modification.name', $lang['link_info_image'] );
472	}
473	//---------------------------------------------- next picture thumbnail display
474	if ( $page['num'] < $page['cat_nb_images']-1 )
475	{
476	$next = $page['num'] + 1;
477	$query = 'SELECT DISTINCT(id),name,file,tn_ext,storage_category_id';
478	$query.= ' FROM '.PREFIX_TABLE.'images';
479	$query.= ' LEFT JOIN '.PREFIX_TABLE.'image_category AS ic ON id=ic.image_id';
480	$query.= $page['where'];
481	$query.= $conf['order_by'];
482	$query.= ' LIMIT '.$next.',1';
483	$query.= ';';
484	$result = mysql_query( $query );
485	$row = mysql_fetch_array( $result );
486
487	if ( $array_cat_directories[$row['storage_category_id']] == '' )
488	{
489	$array_cat_directories[$row['storage_category_id']] =
490	get_complete_dir( $row['storage_category_id'] );
491	}
492	$cat_directory = $array_cat_directories[$row['storage_category_id']];
493
494	$file = substr ( $row['file'], 0, strrpos ( $row['file'], ".") );
495	$lien_thumbnail = $cat_directory.'thumbnail/';
496	$lien_thumbnail.= $conf['prefix_thumbnail'].$file.".".$row['tn_ext'];
497
498	if ( $row['name'] != "" )
499	{
500	$alt_thumbnail = $row['name'];
501	}
502	else
503	{
504	$alt_thumbnail = $file;
505	}
506	$next_title = $lang['next_image']." : ".$alt_thumbnail;
507
508	$url_link = './picture.php?image_id='.$row['id'].'&cat='.$page['cat'];
509	$url_link.= '&expand='.$_GET['expand'];
510	if ( $page['cat'] == 'search' )
511	{
512	$url_link.= "&search=".$_GET['search'].'&mode='.$_GET['mode'];
513	}
514	// sending vars for display
515	$vtp->addSession( $handle, 'next' );
516	$vtp->setGlobalVar( $handle, 'next.url', add_session_id( $url_link ) );
517	$vtp->setGlobalVar( $handle, 'next.title', $next_title );
518	$vtp->setGlobalVar( $handle, 'next.src', $lien_thumbnail );
519	$vtp->setGlobalVar( $handle, 'next.alt', $alt_thumbnail );
520	$vtp->closeSession( $handle, 'next' );
521	// slideshow
522	if ( isset( $_GET['slideshow'] ) )
523	{
524	$vtp->addSession( $handle, 'refresh' );
525	$vtp->setVar( $handle, 'refresh.time', 2 );
526	$url = $url_link.'&slideshow='.$_GET['slideshow'];
527	$vtp->setVar( $handle, 'refresh.url', add_session_id( $url ) );
528	$vtp->closeSession( $handle, 'refresh' );
529	}
530	}
531	else
532	{
533	$vtp->addSession( $handle, 'previous_empty' );
534	$vtp->closeSession( $handle, 'previous_empty' );
535	}
536	//---------------------------------------------------- users's comments display
537	if ( $conf['show_comments'] )
538	{
539	$vtp->addSession( $handle, 'comments' );
540	// comment registeration
541	if ( isset( $_POST['content'] ) and $_POST['content'] != '' )
542	{
543	$register_comment = true;
544
545	if ( !$user['is_the_guest'] ) $author = $user['username'];
546	if ( $_POST['author'] != '' ) $author = $_POST['author'];
547	// if a guest try to use the name of an already existing user, he must
548	// be rejected
549	if ( isset( $author ) and $author != $user['username'] )
550	{
551	$query = 'SELECT COUNT(*) AS user_exists';
552	$query.= ' FROM '.PREFIX_TABLE.'users';
553	$query.= " WHERE username = '".$author."'";
554	$query.= ';';
555	$row = mysql_fetch_array( mysql_query( $query ) );
556	if ( $row['user_exists'] == 1 )
557	{
558	$vtp->addSession( $handle, 'information' );
559	$message = $lang['comment_user_exists'];
560	$vtp->setVar( $handle, 'information.content', $message );
561	$vtp->closeSession( $handle, 'information' );
562	$register_comment = false;
563	}
564	}
565
566	if ( $register_comment )
567	{
568	// anti-flood system
569	$reference_date = time() - $conf['anti-flood_time'];
570	$query = 'SELECT id';
571	$query.= ' FROM '.PREFIX_TABLE.'comments';
572	$query.= ' WHERE date > '.$reference_date;
573	$query.= " AND author = '".$author."'";
574	$query.= ';';
575	if ( mysql_num_rows( mysql_query( $query ) ) == 0
576	or $conf['anti-flood_time'] == 0 )
577	{
578	$query = 'INSERT INTO '.PREFIX_TABLE.'comments';
579	$query.= ' (author,date,image_id,content,validated) VALUES';
580	$query.= ' (';
581	if ( !isset( $author ) ) $query.= 'NULL';
582	else $query.= "'".$author."'";
583	$query.= ','.time().','.$page['id'];
584	$query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'";
585	if ( !$conf['comments_validation'] or $user['status'] == 'admin' )
586	$query.= ",'true'";
587	else
588	$query.= ",'false'";
589	$query.= ');';
590	mysql_query( $query );
591	// information message
592	$vtp->addSession( $handle, 'information' );
593	$message = $lang['comment_added'];
594	if ( $conf['comments_validation'] and $user['status'] != 'admin' )
595	{
596	$message.= '<br />'.$lang['comment_to_validate'];
597	}
598	$vtp->setVar( $handle, 'information.content', $message );
599	$vtp->closeSession( $handle, 'information' );
600	}
601	else
602	{
603	// information message
604	$vtp->addSession( $handle, 'information' );
605	$message = $lang['comment_anti-flood'];
606	$vtp->setVar( $handle, 'information.content', $message );
607	$vtp->closeSession( $handle, 'information' );
608	}
609	}
610	}
611	// comment deletion
612	if ( isset( $_GET['del'] )
613	and is_numeric( $_GET['del'] )
614	and $user['status'] == 'admin' )
615	{
616	$query = 'DELETE FROM '.PREFIX_TABLE.'comments';
617	$query.= ' WHERE id = '.$_GET['del'].';';
618	mysql_query( $query );
619	}
620	// number of comment for this picture
621	$query = 'SELECT COUNT(*) AS nb_comments';
622	$query.= ' FROM '.PREFIX_TABLE.'comments';
623	$query.= ' WHERE image_id = '.$page['id'];
624	$query.= " AND validated = 'true'";
625	$query.= ';';
626	$row = mysql_fetch_array( mysql_query( $query ) );
627	$page['nb_comments'] = $row['nb_comments'];
628	// navigation bar creation
629	$url = './picture.php?cat='.$page['cat'].'&image_id='.$page['id'];
630	$url.= '&expand='.$_GET['expand'];
631	if ( $page['cat'] == 'search' )
632	{
633	$url.= '&search='.$_GET['search'].'&mode='.$_GET['mode'];
634	}
635	if( !isset( $_GET['start'] )
636	or !is_numeric( $_GET['start'] )
637	or ( is_numeric( $_GET['start'] ) and $_GET['start'] < 0 ) )
638	{
639	$page['start'] = 0;
640	}
641	else
642	{
643	$page['start'] = $_GET['start'];
644	}
645	$page['navigation_bar'] = create_navigation_bar( $url, $page['nb_comments'],
646	$page['start'],
647	$conf['nb_comment_page'],
648	'' );
649	// sending vars for display
650	$vtp->setGlobalVar( $handle, 'navigation_bar', $page['navigation_bar'] );
651	$vtp->setGlobalVar( $handle, 'nb_comments', $page['nb_comments'] );
652
653	$query = 'SELECT id,author,date,image_id,content';
654	$query.= ' FROM '.PREFIX_TABLE.'comments';
655	$query.= ' WHERE image_id = '.$page['id'];
656	$query.= " AND validated = 'true'";
657	$query.= ' ORDER BY date ASC';
658	$query.= ' LIMIT '.$page['start'].', '.$conf['nb_comment_page'].';';
659	$result = mysql_query( $query );
660
661	while ( $row = mysql_fetch_array( $result ) )
662	{
663	$vtp->addSession( $handle, 'comment' );
664	$author = $row['author'];
665	if ( $row['author'] == '' ) $author = $lang['guest'];
666	$vtp->setVar( $handle, 'comment.author', $author );
667	$vtp->setVar( $handle, 'comment.date',
668	format_date( $row['date'], 'unix', true ) );
669	$vtp->setVar( $handle, 'comment.content', nl2br( $row['content'] ) );
670	if ( $user['status'] == 'admin' )
671	{
672	$vtp->addSession( $handle, 'delete' );
673	$vtp->setVar( $handle, 'delete.link',
674	add_session_id( $url.'&del='.$row['id'] ) );
675	$vtp->closeSession( $handle, 'delete' );
676	}
677	$vtp->closeSession( $handle, 'comment' );
678	}
679
680	if ( !$user['is_the_guest']
681	or ( $user['is_the_guest'] and $conf['comments_forall'] ) )
682	{
683	$vtp->addSession( $handle, 'add_comment' );
684	// form action
685	$action = str_replace( '&', '&', $_SERVER['REQUEST_URI'] );
686	$vtp->setGlobalVar( $handle, 'form_action', $action );
687	// display author field if the user is not logged in
688	if ( !$user['is_the_guest'] )
689	{
690	$vtp->addSession( $handle, 'author_known' );
691	$vtp->setVar( $handle, 'author_known.value', $user['pseudo'] );
692	$vtp->closeSession( $handle, 'author_known' );
693	}
694	else
695	{
696	$vtp->addSession( $handle, 'author_field' );
697	$vtp->closeSession( $handle, 'author_field' );
698	}
699	$vtp->closeSession( $handle, 'add_comment' );
700	}
701	$vtp->closeSession( $handle, 'comments' );
702	}
703	//------------------------------------------------------------ log informations
704	pwg_log( 'picture', $intitule_cat, $page['file'] );
705	mysql_close();
706	//----------------------------------------------------------- html code display
707	$code = $vtp->Display( $handle, 0 );
708	echo $code;
709	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: