Context Navigation

source: trunk/picture.php @ 934

Last change on this file since 934 was 934, checked in by plg, 18 years ago
bug 207 fixed : security issue. Any visitor can reach any picture in picture.php only by deleting value for URL parameter "cat".
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 28.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2005-11-16 21:18:56 +0000 (Wed, 16 Nov 2005) $
10	// \| last modifier : $Author: plg $
11	// \| revision : $Revision: 934 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	$rate_items = array(0,1,2,3,4,5);
29	//--------------------------------------------------------------------- include
30	define('PHPWG_ROOT_PATH','./');
31	include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
32	//-------------------------------------------------- access authorization check
33	check_cat_id( $_GET['cat'] );
34
35	if (!isset($page['cat']))
36	{
37	die($lang['access_forbiden']);
38	}
39
40	check_login_authorization();
41	if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
42	{
43	check_restrictions( $page['cat'] );
44	}
45	//---------------------------------------- incrementation of the number of hits
46	$query = '
47	UPDATE '.IMAGES_TABLE.'
48	SET hit = hit+1
49	WHERE id = '.$_GET['image_id'].'
50	;';
51	@pwg_query( $query );
52	//-------------------------------------------------------------- initialization
53	initialize_category( 'picture' );
54	// retrieving the number of the picture in its category (in order)
55	$query = '
56	SELECT DISTINCT(id)
57	FROM '.IMAGES_TABLE.'
58	INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON id = ic.image_id
59	'.$page['where'].'
60	'.$conf['order_by'].'
61	;';
62	$result = pwg_query( $query );
63	$page['num'] = 0;
64	$belongs = false;
65	while ($row = mysql_fetch_array($result))
66	{
67	if ($row['id'] == $_GET['image_id'])
68	{
69	$belongs = true;
70	break;
71	}
72	$page['num']++;
73	}
74	// if this image_id doesn't correspond to this category, an error message is
75	// displayed, and execution is stopped
76	if (!$belongs)
77	{
78	echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
79	echo '<a href="'.add_session_id( PHPWG_ROOT_PATH.'category.php' ).'">';
80	echo $lang['thumbnails'].'</a></div>';
81	exit();
82	}
83	//-------------------------------------------------------------- representative
84	if ('admin' == $user['status'] and isset($_GET['representative']))
85	{
86	$query = '
87	UPDATE '.CATEGORIES_TABLE.'
88	SET representative_picture_id = '.$_GET['image_id'].'
89	WHERE id = '.$page['cat'].'
90	;';
91	pwg_query($query);
92
93	$url =
94	PHPWG_ROOT_PATH
95	.'picture.php'
96	.get_query_string_diff(array('representative'));
97	redirect($url);
98	}
99
100	//-------------------------------------------------------------- caddie filling
101
102	if (isset($_GET['caddie']))
103	{
104	fill_caddie(array($_GET['image_id']));
105
106	$url =
107	PHPWG_ROOT_PATH
108	.'picture.php'
109	.get_query_string_diff(array('caddie'));
110	redirect($url);
111	}
112
113	//---------------------------------------------------------- related categories
114	$query = '
115	SELECT category_id,uppercats,commentable,global_rank
116	FROM '.IMAGE_CATEGORY_TABLE.'
117	INNER JOIN '.CATEGORIES_TABLE.' ON category_id = id
118	WHERE image_id = '.$_GET['image_id'].'
119	AND category_id NOT IN ('.$user['forbidden_categories'].')
120	;';
121	$result = pwg_query($query);
122	$related_categories = array();
123	while ($row = mysql_fetch_array($result))
124	{
125	array_push($related_categories, $row);
126	}
127	usort($related_categories, 'global_rank_compare');
128	//------------------------------------- prev, current & next picture management
129	$picture = array();
130
131	if ($page['num'] == 0)
132	{
133	$has_prev = false;
134	}
135	else
136	{
137	$has_prev = true;
138	}
139
140	if ($page['num'] == $page['cat_nb_images'] - 1)
141	{
142	$has_next = false;
143	}
144	else
145	{
146	$has_next = true;
147	}
148
149	$query = '
150	SELECT DISTINCT(i.id), i.*
151	FROM '.IMAGES_TABLE.' AS i
152	INNER JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON i.id = ic.image_id
153	'.$page['where'].'
154	'.$conf['order_by'].'
155	';
156
157	if ( !$has_prev )
158	{
159	$query.= ' LIMIT 0,2';
160	}
161	else
162	{
163	$query.= ' LIMIT '.($page['num'] - 1).',3';
164	}
165	$query.= ';';
166
167	$result = pwg_query( $query );
168	$indexes = array('prev', 'current', 'next');
169
170	foreach (array('prev', 'current', 'next') as $i)
171	{
172	if ($i == 'prev' and !$has_prev)
173	{
174	continue;
175	}
176	if ($i == 'next' and !$has_next)
177	{
178	break;
179	}
180
181	$row = mysql_fetch_array($result);
182	foreach (array_keys($row) as $key)
183	{
184	if (!is_numeric($key))
185	{
186	$picture[$i][$key] = $row[$key];
187	}
188	}
189
190	$picture[$i]['is_picture'] = false;
191	if (in_array(get_extension($row['file']), $conf['picture_ext']))
192	{
193	$picture[$i]['is_picture'] = true;
194	}
195
196	$cat_directory = dirname($row['path']);
197	$file_wo_ext = get_filename_wo_extension($row['file']);
198
199	$icon = PHPWG_ROOT_PATH.'template/'.$user['template'].'/mimetypes/';
200	$icon.= strtolower(get_extension($row['file'])).'.png';
201
202	if (isset($row['representative_ext']) and $row['representative_ext'] != '')
203	{
204	$picture[$i]['src'] = $cat_directory.'/pwg_representative/';
205	$picture[$i]['src'].= $file_wo_ext.'.'.$row['representative_ext'];
206	}
207	else
208	{
209	$picture[$i]['src'] = $icon;
210	}
211	// special case for picture files
212	if ($picture[$i]['is_picture'])
213	{
214	$picture[$i]['src'] = $row['path'];
215	// if we are working on the "current" element, we search if there is a
216	// high quality picture
217	// FIXME : with remote pictures, this "remote fopen" takes long...
218	if ($i == 'current')
219	{
220	if (@fopen($cat_directory.'/pwg_high/'.$row['file'], 'r'))
221	{
222	$picture[$i]['high'] = $cat_directory.'/pwg_high/'.$row['file'];
223	}
224	}
225	}
226
227	// if picture is not a file, we need the download link
228	if (!$picture[$i]['is_picture'])
229	{
230	$picture[$i]['download'] = $row['path'];
231	}
232
233	$picture[$i]['thumbnail'] = get_thumbnail_src($row['path'], @$row['tn_ext']);
234
235	if ( !empty( $row['name'] ) )
236	{
237	$picture[$i]['name'] = $row['name'];
238	}
239	else
240	{
241	$picture[$i]['name'] = str_replace('_', ' ', $file_wo_ext);
242	}
243
244	$picture[$i]['url'] = PHPWG_ROOT_PATH.'picture.php';
245	$picture[$i]['url'].= get_query_string_diff(array('image_id','add_fav',
246	'slideshow','rate'));
247	$picture[$i]['url'].= '&image_id='.$row['id'];
248	}
249
250	$url_up = PHPWG_ROOT_PATH.'category.php?cat='.$page['cat'].'&';
251	$url_up.= 'num='.$page['num'];
252	if ( $page['cat'] == 'search' )
253	{
254	$url_up.= "&search=".$_GET['search'];
255	}
256	if ( $page['cat'] == 'list' )
257	{
258	$url_up.= "&list=".$_GET['list'];
259	}
260
261	$url_admin = PHPWG_ROOT_PATH.'admin.php?page=picture_modify';
262	$url_admin.= '&cat_id='.$page['cat'];
263	$url_admin.= '&image_id='.$_GET['image_id'];
264
265	$url_slide = $picture['current']['url'];
266	$url_slide.= '&slideshow='.$conf['slideshow_period'];
267
268	//----------------------------------------------------------- rate registration
269	if (isset($_GET['rate'])
270	and $conf['rate']
271	and !$user['is_the_guest']
272	and in_array($_GET['rate'], $rate_items))
273	{
274	$query = '
275	DELETE
276	FROM '.RATE_TABLE.'
277	WHERE user_id = '.$user['id'].'
278	AND element_id = '.$_GET['image_id'].'
279	;';
280	pwg_query($query);
281	$query = '
282	INSERT INTO '.RATE_TABLE.'
283	(user_id,element_id,rate)
284	VALUES
285	('.$user['id'].','.$_GET['image_id'].','.$_GET['rate'].')
286	;';
287	pwg_query($query);
288
289	// update of images.average_rate field
290	$query = '
291	SELECT ROUND(AVG(rate),2) AS average_rate
292	FROM '.RATE_TABLE.'
293	WHERE element_id = '.$_GET['image_id'].'
294	;';
295	$row = mysql_fetch_array(pwg_query($query));
296	$query = '
297	UPDATE '.IMAGES_TABLE.'
298	SET average_rate = '.$row['average_rate'].'
299	WHERE id = '.$_GET['image_id'].'
300	;';
301	pwg_query($query);
302	}
303	//--------------------------------------------------------- favorite management
304	if ( isset( $_GET['add_fav'] ) )
305	{
306	$query = 'DELETE FROM '.FAVORITES_TABLE;
307	$query.= ' WHERE user_id = '.$user['id'];
308	$query.= ' AND image_id = '.$picture['current']['id'];
309	$query.= ';';
310	$result = pwg_query( $query );
311
312	if ( $_GET['add_fav'] == 1 )
313	{
314	$query = 'INSERT INTO '.FAVORITES_TABLE;
315	$query.= ' (image_id,user_id) VALUES';
316	$query.= ' ('.$picture['current']['id'].','.$user['id'].')';
317	$query.= ';';
318	$result = pwg_query( $query );
319	}
320	if ( !$_GET['add_fav'] and $page['cat'] == 'fav' )
321	{
322	if (!$has_prev and !$has_next)
323	{
324	// there is no favorite picture anymore we redirect the user to the
325	// category page
326	$url = add_session_id($url_up);
327	redirect($url);
328	}
329	else if (!$has_prev)
330	{
331	$url = str_replace( '&', '&', $picture['next']['url'] );
332	$url = add_session_id( $url, true);
333	}
334	else
335	{
336	$url = str_replace('&', '&', $picture['prev']['url'] );
337	$url = add_session_id( $url, true);
338	}
339	redirect( $url );
340	}
341	}
342
343	//------------------------------------------------------ comment registeration
344	if ( isset( $_POST['content'] ) && !empty($_POST['content']) )
345	{
346	$register_comment = true;
347	$author = !empty($_POST['author'])?$_POST['author']:$lang['guest'];
348	// if a guest try to use the name of an already existing user, he must be
349	// rejected
350	if ( $author != $user['username'] )
351	{
352	$query = 'SELECT COUNT(*) AS user_exists';
353	$query.= ' FROM '.USERS_TABLE;
354	$query.= ' WHERE '.$conf['user_fields']['username']." = '".$author."'";
355	$query.= ';';
356	$row = mysql_fetch_array( pwg_query( $query ) );
357	if ( $row['user_exists'] == 1 )
358	{
359	$template->assign_block_vars(
360	'information',
361	array('INFORMATION'=>$lang['comment_user_exists']));
362	$register_comment = false;
363	}
364	}
365
366	if ( $register_comment )
367	{
368	// anti-flood system
369	$reference_date = time() - $conf['anti-flood_time'];
370	$query = 'SELECT id FROM '.COMMENTS_TABLE;
371	$query.= ' WHERE date > FROM_UNIXTIME('.$reference_date.')';
372	$query.= " AND author = '".$author."'";
373	$query.= ';';
374	if ( mysql_num_rows( pwg_query( $query ) ) == 0
375	or $conf['anti-flood_time'] == 0 )
376	{
377	list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
378
379	$data = array();
380	$data{'author'} = $author;
381	$data{'date'} = $dbnow;
382	$data{'image_id'} = $_GET['image_id'];
383	$data{'content'} = htmlspecialchars( $_POST['content'], ENT_QUOTES);
384
385	if (!$conf['comments_validation'] or $user['status'] == 'admin')
386	{
387	$data{'validated'} = 'true';
388	$data{'validation_date'} = $dbnow;
389	}
390	else
391	{
392	$data{'validated'} = 'false';
393	}
394
395	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
396	$fields = array('author', 'date', 'image_id', 'content', 'validated',
397	'validation_date');
398	mass_inserts(COMMENTS_TABLE, $fields, array($data));
399
400	// information message
401	$message = $lang['comment_added'];
402
403	if (!$conf['comments_validation'] or $user['status'] == 'admin')
404
405	if ( $conf['comments_validation'] and $user['status'] != 'admin' )
406	{
407	$message.= '<br />'.$lang['comment_to_validate'];
408	}
409	$template->assign_block_vars('information',
410	array('INFORMATION'=>$message));
411	}
412	else
413	{
414	// information message
415	$template->assign_block_vars(
416	'information',
417	array('INFORMATION'=>$lang['comment_anti-flood']));
418	}
419	}
420	}
421	// comment deletion
422	if ( isset( $_GET['del'] )
423	and is_numeric( $_GET['del'] )
424	and $user['status'] == 'admin' )
425	{
426	$query = 'DELETE FROM '.COMMENTS_TABLE;
427	$query.= ' WHERE id = '.$_GET['del'];
428	$query.= ';';
429	pwg_query( $query );
430	}
431
432	//
433	// Start output of page
434	//
435
436	$title = $picture['current']['name'];
437	$refresh = 0;
438	if ( isset( $_GET['slideshow'] ) and $has_next )
439	{
440	$refresh= $_GET['slideshow'];
441	$url_link = $picture['next']['url'].'&slideshow='.$refresh;
442	}
443
444	$title_img = $picture['current']['name'];
445	$title_nb = '';
446	if (is_numeric( $page['cat'] ))
447	{
448	$title_img = replace_space(get_cat_display_name($page['cat_name']));
449	$n = $page['num'] + 1;
450	$title_nb = $n.'/'.$page['cat_nb_images'];
451	}
452	else if ( $page['cat'] == 'search' )
453	{
454	$title_img = replace_search( $title_img, $_GET['search'] );
455	}
456
457	// calculation of width and height
458	if (empty($picture['current']['width']))
459	{
460	$taille_image = @getimagesize($picture['current']['src']);
461	$original_width = $taille_image[0];
462	$original_height = $taille_image[1];
463	}
464	else
465	{
466	$original_width = $picture['current']['width'];
467	$original_height = $picture['current']['height'];
468	}
469
470	$picture_size = get_picture_size($original_width, $original_height,
471	@$user['maxwidth'], @$user['maxheight']);
472
473	// metadata
474	if ($conf['show_exif'] or $conf['show_iptc'])
475	{
476	$metadata_showable = true;
477	}
478	else
479	{
480	$metadata_showable = false;
481	}
482
483	$url_metadata = PHPWG_ROOT_PATH.'picture.php';
484	$url_metadata .= get_query_string_diff(array('add_fav', 'slideshow', 'show_metadata'));
485	if ($metadata_showable and !isset($_GET['show_metadata']))
486	{
487	$url_metadata.= '&show_metadata=1';
488	}
489
490	$page['body_id'] = 'thePicturePage';
491	include(PHPWG_ROOT_PATH.'include/page_header.php');
492	$template->set_filenames(array('picture'=>'picture.tpl'));
493
494	$template->assign_vars(array(
495	'CATEGORY' => $title_img,
496	'PHOTO' => $title_nb,
497	'TITLE' => $picture['current']['name'],
498	'SRC_IMG' => $picture['current']['src'],
499	'ALT_IMG' => $picture['current']['file'],
500	'WIDTH_IMG' => $picture_size[0],
501	'HEIGHT_IMG' => $picture_size[1],
502
503	'LEVEL_SEPARATOR' => $conf['level_separator'],
504
505	'L_HOME' => $lang['home'],
506	'L_SLIDESHOW' => $lang['slideshow'],
507	'L_STOP_SLIDESHOW' => $lang['slideshow_stop'],
508	'L_PREV_IMG' =>$lang['previous_page'].' : ',
509	'L_NEXT_IMG' =>$lang['next_page'].' : ',
510	'L_ADMIN' =>$lang['link_info_image'],
511	'L_COMMENT_TITLE' =>$lang['comments_title'],
512	'L_ADD_COMMENT' =>$lang['comments_add'],
513	'L_DELETE_COMMENT' =>$lang['comments_del'],
514	'L_DELETE' =>$lang['delete'],
515	'L_SUBMIT' =>$lang['submit'],
516	'L_AUTHOR' => $lang['upload_author'],
517	'L_COMMENT' =>$lang['comment'],
518	'L_DOWNLOAD' => $lang['download'],
519	'L_DOWNLOAD_HINT' => $lang['download_hint'],
520	'L_PICTURE_METADATA' => $lang['picture_show_metadata'],
521	'L_PICTURE_HIGH' => $lang['picture_high'],
522	'L_UP_HINT' => $lang['home_hint'],
523	'L_UP_ALT' => $lang['home'],
524
525	'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
526	'U_UP' => add_session_id($url_up),
527	'U_METADATA' => add_session_id($url_metadata),
528	'U_ADMIN' => add_session_id($url_admin),
529	'U_SLIDESHOW'=> add_session_id($url_slide),
530	'U_ADD_COMMENT' => add_session_id(str_replace( '&', '&', $_SERVER['REQUEST_URI'] ))
531	)
532	);
533
534	if ($conf['show_picture_name_on_title'])
535	{
536	$template->assign_block_vars('title', array());
537	}
538
539	//------------------------------------------------------- upper menu management
540	// download link if file is not a picture
541	if (!$picture['current']['is_picture'])
542	{
543	$template->assign_block_vars(
544	'download',
545	array('U_DOWNLOAD' => $picture['current']['download']));
546	}
547	else
548	{
549	$template->assign_block_vars(
550	'ecard',
551	array('U_ECARD' => $picture['current']['url']));
552	}
553	// display a high quality link if present
554	if (isset($picture['current']['high']))
555	{
556	$full_size = @getimagesize($picture['current']['high']);
557	$full_width = $full_size[0];
558	$full_height = $full_size[1];
559	$uuid = uniqid(rand());
560	$template->assign_block_vars('high', array(
561	'U_HIGH' => $picture['current']['high'],
562	'UUID'=>$uuid,
563	'WIDTH_IMG'=>($full_width + 16),
564	'HEIGHT_IMG'=>($full_height + 16)
565	));
566	}
567	// button to set the current picture as representative
568	if ('admin' == $user['status'] and is_numeric($page['cat']))
569	{
570	$template->assign_block_vars(
571	'representative',
572	array(
573	'URL' =>
574	PHPWG_ROOT_PATH.'picture.php'
575	.get_query_string_diff(array())
576	.'&representative=1'
577	)
578	);
579	}
580
581	if ('admin' == $user['status'])
582	{
583	$template->assign_block_vars(
584	'caddie',
585	array(
586	'URL' =>
587	add_session_id(
588	PHPWG_ROOT_PATH.'picture.php'
589	.get_query_string_diff(array('caddie')).'&caddie=1')
590	)
591	);
592	}
593
594	//------------------------------------------------------- favorite manipulation
595	if ( !$user['is_the_guest'] )
596	{
597	// verify if the picture is already in the favorite of the user
598	$query = 'SELECT COUNT(*) AS nb_fav';
599	$query.= ' FROM '.FAVORITES_TABLE.' WHERE image_id = '.$_GET['image_id'];
600	$query.= ' AND user_id = '.$user['id'].';';
601	$result = pwg_query( $query );
602	$row = mysql_fetch_array( $result );
603	if (!$row['nb_fav'])
604	{
605	$url = PHPWG_ROOT_PATH.'picture.php';
606	$url.= get_query_string_diff(array('rate','add_fav'));
607	$url.= '&add_fav=1';
608
609	$template->assign_block_vars(
610	'favorite',
611	array(
612	'FAVORITE_IMG' => PHPWG_ROOT_PATH.'template/'.$user['template'].'/theme/favorite.png',
613	'FAVORITE_HINT' =>$lang['add_favorites_hint'],
614	'FAVORITE_ALT' =>$lang['add_favorites_alt'],
615	'U_FAVORITE' => $url
616	));
617	}
618	else
619	{
620	$url = PHPWG_ROOT_PATH.'picture.php';
621	$url.= get_query_string_diff(array('rate','add_fav'));
622	$url.= '&add_fav=0';
623
624	$template->assign_block_vars(
625	'favorite',
626	array(
627	'FAVORITE_IMG' => PHPWG_ROOT_PATH.'template/'.$user['template'].'/theme/del_favorite.png',
628	'FAVORITE_HINT' =>$lang['del_favorites_hint'],
629	'FAVORITE_ALT' =>$lang['del_favorites_alt'],
630	'U_FAVORITE'=> $url
631	));
632	}
633	}
634	//------------------------------------ admin link for information modifications
635	if ( $user['status'] == 'admin' )
636	{
637	$template->assign_block_vars('admin', array());
638	}
639
640	//-------------------------------------------------------- navigation management
641	if ($has_prev)
642	{
643	$template->assign_block_vars(
644	'previous',
645	array(
646	'TITLE_IMG' => $picture['prev']['name'],
647	'IMG' => $picture['prev']['thumbnail'],
648	'U_IMG' => add_session_id($picture['prev']['url'])
649	));
650	}
651
652	if ($has_next)
653	{
654	$template->assign_block_vars(
655	'next',
656	array(
657	'TITLE_IMG' => $picture['next']['name'],
658	'IMG' => $picture['next']['thumbnail'],
659	'U_IMG' => add_session_id($picture['next']['url'])
660	));
661	}
662
663	//--------------------------------------------------------- picture information
664	// legend
665	if (isset($picture['current']['comment'])
666	and !empty($picture['current']['comment']))
667	{
668	$template->assign_block_vars(
669	'legend',
670	array(
671	'COMMENT_IMG' => nl2br($picture['current']['comment'])
672	));
673	}
674
675	$infos = array();
676
677	// author
678	if (!empty($picture['current']['author']))
679	{
680	$infos['INFO_AUTHOR'] =
681	'<a href="'.
682	add_session_id(
683	PHPWG_ROOT_PATH.'category.php?cat=search'.
684	'&search=author:'.$picture['current']['author']
685	).
686	'">'.$picture['current']['author'].'</a>';
687	}
688	else
689	{
690	$infos['INFO_AUTHOR'] = l10n('N/A');
691	}
692
693	// creation date
694	if (!empty($picture['current']['date_creation']))
695	{
696	$infos['INFO_CREATION_DATE'] =
697	'<a href="'.
698	add_session_id(
699	PHPWG_ROOT_PATH.'category.php?cat=search'.
700	'&search=date_creation:'.$picture['current']['date_creation']
701	).
702	'">'.format_date($picture['current']['date_creation']).'</a>';
703	}
704	else
705	{
706	$infos['INFO_CREATION_DATE'] = l10n('N/A');
707	}
708
709	// date of availability
710	$infos['INFO_AVAILABILITY_DATE'] =
711	'<a href="'.
712	add_session_id(
713	PHPWG_ROOT_PATH.'category.php?cat=search'.
714	'&search=date_available:'.
715	substr($picture['current']['date_available'], 0, 10)
716	).
717	'">'.
718	format_date($picture['current']['date_available'], 'mysql_datetime').
719	'</a>';
720
721	// size in pixels
722	if ($picture['current']['is_picture'])
723	{
724	if ($original_width != $picture_size[0]
725	or $original_height != $picture_size[1])
726	{
727	$infos['INFO_DIMENSIONS'] =
728	'<a href="'.$picture['current']['src'].'" title="'.
729	l10n('Original dimensions').'">'.
730	$original_width.'*'.$original_height.'</a>';
731	}
732	else
733	{
734	$infos['INFO_DIMENSIONS'] = $original_width.'*'.$original_height;
735	}
736	}
737	else
738	{
739	$infos['INFO_DIMENSIONS'] = l10n('N/A');
740	}
741
742	// filesize
743	if (!empty($picture['current']['filesize']))
744	{
745	$infos['INFO_FILESIZE'] =
746	sprintf(l10n('%d Kb'), $picture['current']['filesize']);
747	}
748	else
749	{
750	$infos['INFO_FILESIZE'] = l10n('N/A');
751	}
752
753	// number of visits
754	$infos['INFO_VISITS'] = $picture['current']['hit'];
755
756	// file
757	$infos['INFO_FILE'] = $picture['current']['file'];
758
759	// keywords
760	if (!empty($picture['current']['keywords']))
761	{
762	$infos['INFO_KEYWORDS'] =
763	preg_replace(
764	'/([^,]+)/',
765	'<a href="'.
766	add_session_id(
767	PHPWG_ROOT_PATH.'category.php?cat=search&search=keywords:$1'
768	).
769	'">$1</a>',
770	$picture['current']['keywords']
771	);
772	}
773	else
774	{
775	$infos['INFO_KEYWORDS'] = l10n('N/A');
776	}
777
778	$template->assign_vars($infos);
779
780	// related categories
781	foreach ($related_categories as $category)
782	{
783	$template->assign_block_vars(
784	'category',
785	array(
786	'LINE' => count($related_categories) > 3
787	? get_cat_display_name_cache($category['uppercats'])
788	: get_cat_display_name_from_id($category['category_id'])
789	)
790	);
791	}
792
793	//------------------------------------------------------------------- metadata
794	if ($metadata_showable and isset($_GET['show_metadata']))
795	{
796	include_once(PHPWG_ROOT_PATH.'/include/functions_metadata.inc.php');
797	$template->assign_block_vars('metadata', array());
798	if ($conf['show_exif'])
799	{
800	if (!function_exists('read_exif_data'))
801	{
802	die('Exif extension not available, admin should disable exif display');
803	}
804
805	if ($exif = @read_exif_data($picture['current']['src']))
806	{
807	$template->assign_block_vars(
808	'metadata.headline',
809	array('TITLE' => 'EXIF Metadata')
810	);
811
812	foreach ($conf['show_exif_fields'] as $field)
813	{
814	if (strpos($field, ';') === false)
815	{
816	if (isset($exif[$field]))
817	{
818	$key = $field;
819	if (isset($lang['exif_field_'.$field]))
820	{
821	$key = $lang['exif_field_'.$field];
822	}
823
824	$template->assign_block_vars(
825	'metadata.line',
826	array(
827	'KEY' => $key,
828	'VALUE' => $exif[$field]
829	)
830	);
831	}
832	}
833	else
834	{
835	$tokens = explode(';', $field);
836	if (isset($exif[$tokens[0]][$tokens[1]]))
837	{
838	$key = $tokens[1];
839	if (isset($lang['exif_field_'.$tokens[1]]))
840	{
841	$key = $lang['exif_field_'.$tokens[1]];
842	}
843
844	$template->assign_block_vars(
845	'metadata.line',
846	array(
847	'KEY' => $key,
848	'VALUE' => $exif[$tokens[0]][$tokens[1]]
849	)
850	);
851	}
852	}
853	}
854	}
855	}
856	if ($conf['show_iptc'])
857	{
858	$iptc = get_iptc_data($picture['current']['src'],
859	$conf['show_iptc_mapping']);
860
861	if (count($iptc) > 0)
862	{
863	$template->assign_block_vars(
864	'metadata.headline',
865	array('TITLE' => 'IPTC Metadata')
866	);
867	}
868
869	foreach ($iptc as $field => $value)
870	{
871	$key = $field;
872	if (isset($lang[$field]))
873	{
874	$key = $lang[$field];
875	}
876
877	$template->assign_block_vars(
878	'metadata.line',
879	array(
880	'KEY' => $key,
881	'VALUE' => $value
882	)
883	);
884	}
885	}
886	}
887	//slideshow end
888	if ( isset( $_GET['slideshow'] ) )
889	{
890	if ( !is_numeric( $_GET['slideshow'] ) ) $_GET['slideshow'] = $conf['slideshow_period'];
891
892	$template->assign_block_vars('stop_slideshow', array(
893	'U_SLIDESHOW'=>add_session_id( $picture['current']['url'] )
894	));
895	}
896
897	//------------------------------------------------------------------- rating
898	if ($conf['rate'])
899	{
900	$query = '
901	SELECT COUNT(rate) AS count
902	, ROUND(AVG(rate),2) AS average
903	, ROUND(STD(rate),2) AS STD
904	FROM '.RATE_TABLE.'
905	WHERE element_id = '.$picture['current']['id'].'
906	;';
907	$row = mysql_fetch_array(pwg_query($query));
908	if ($row['count'] == 0)
909	{
910	$value = $lang['no_rate'];
911	}
912	else
913	{
914	$value = sprintf(
915	l10n('%.2f (rated %d times, standard deviation = %.2f)'),
916	$row['average'],
917	$row['count'],
918	$row['STD']
919	);
920	}
921
922	if (!$user['is_the_guest'])
923	{
924	$query = 'SELECT rate
925	FROM '.RATE_TABLE.'
926	WHERE user_id = '.$user['id'].'
927	AND element_id = '.$_GET['image_id'].';';
928	$result = pwg_query($query);
929	if (mysql_num_rows($result) > 0)
930	{
931	$row = mysql_fetch_array($result);
932	$sentence = $lang['already_rated'];
933	$sentence.= ' ('.$row['rate'].'). ';
934	$sentence.= $lang['update_rate'];
935	}
936	else
937	{
938	$sentence = $lang['never_rated'].'. '.$lang['to_rate'];
939	}
940	$template->assign_block_vars(
941	'rate',
942	array(
943	'CONTENT' => $value,
944	'SENTENCE' => $sentence
945	));
946
947	$template->assign_block_vars('info_rate', array('CONTENT' => $value));
948
949	$template->assign_vars(
950	array(
951	'INFO_RATE' => $value
952	)
953	);
954
955	foreach ($rate_items as $num => $mark)
956	{
957	if ($num > 0)
958	{
959	$separator = '\|';
960	}
961	else
962	{
963	$separator = '';
964	}
965
966	$url = PHPWG_ROOT_PATH.'picture.php';
967	$url.= get_query_string_diff(array('rate','add_fav'));
968	$url.= '&rate='.$mark;
969
970	$template->assign_block_vars(
971	'rate.rate_option',
972	array(
973	'OPTION' => $mark,
974	'URL' => $url,
975	'SEPARATOR' => $separator
976	));
977	}
978	}
979	}
980
981	//---------------------------------------------------- users's comments display
982
983	// the picture is commentable if it belongs at least to one category which
984	// is commentable
985	$page['show_comments'] = false;
986	foreach ($related_categories as $category)
987	{
988	if ($category['commentable'] == 'true')
989	{
990	$page['show_comments'] = true;
991	}
992	}
993
994	if ($page['show_comments'])
995	{
996	// number of comment for this picture
997	$query = 'SELECT COUNT(*) AS nb_comments';
998	$query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$_GET['image_id'];
999	$query.= " AND validated = 'true'";
1000	$query.= ';';
1001	$row = mysql_fetch_array( pwg_query( $query ) );
1002
1003	// navigation bar creation
1004	$url = PHPWG_ROOT_PATH.'picture.php';
1005	$url.= get_query_string_diff(array('rate','add_fav'));
1006
1007	if (!isset( $_GET['start'] )
1008	or !is_numeric( $_GET['start'] )
1009	or ( is_numeric( $_GET['start'] ) and $_GET['start'] < 0 ) )
1010	{
1011	$page['start'] = 0;
1012	}
1013	else
1014	{
1015	$page['start'] = $_GET['start'];
1016	}
1017	$page['navigation_bar'] = create_navigation_bar( $url, $row['nb_comments'],
1018	$page['start'],
1019	$conf['nb_comment_page'],
1020	'' );
1021	$template->assign_block_vars('comments', array(
1022	'NB_COMMENT'=>$row['nb_comments'],
1023	'NAV_BAR'=>$page['navigation_bar']));
1024
1025	$query = 'SELECT id,author,date,image_id,content';
1026	$query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$_GET['image_id'];
1027	$query.= " AND validated = 'true'";
1028	$query.= ' ORDER BY date ASC';
1029	$query.= ' LIMIT '.$page['start'].', '.$conf['nb_comment_page'].';';
1030	$result = pwg_query( $query );
1031
1032	while ( $row = mysql_fetch_array( $result ) )
1033	{
1034	$template->assign_block_vars(
1035	'comments.comment',
1036	array(
1037	'COMMENT_AUTHOR'=>empty($row['author'])?$lang['guest']:$row['author'],
1038	'COMMENT_DATE'=>format_date($row['date'], 'mysql_datetime', true),
1039	'COMMENT'=>parse_comment_content($row['content'])
1040	));
1041
1042	if ( $user['status'] == 'admin' )
1043	{
1044	$template->assign_block_vars(
1045	'comments.comment.delete',
1046	array('U_COMMENT_DELETE'=>add_session_id( $url.'&del='.$row['id'])
1047	));
1048	}
1049	}
1050
1051	if (!$user['is_the_guest']
1052	or ($user['is_the_guest'] and $conf['comments_forall']))
1053	{
1054	$template->assign_block_vars('comments.add_comment', array());
1055	// display author field if the user is not logged in
1056	if (!$user['is_the_guest'])
1057	{
1058	$template->assign_block_vars(
1059	'comments.add_comment.author_known',
1060	array('KNOWN_AUTHOR'=>$user['username'])
1061	);
1062	}
1063	else
1064	{
1065	$template->assign_block_vars(
1066	'comments.add_comment.author_field', array()
1067	);
1068	}
1069	}
1070	}
1071	//------------------------------------------------------------ log informations
1072	pwg_log( 'picture', $title_img, $picture['current']['file'] );
1073
1074	$template->parse('picture');
1075	include(PHPWG_ROOT_PATH.'include/page_tail.php');
1076	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: