Subversion Repositories svnkaklik

Rev

Go to most recent revision | Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
/*************************
3
  Coppermine Photo Gallery
4
  ************************
5
  Copyright (c) 2003-2005 Coppermine Dev Team
6
  v1.1 originaly written by Gregory DEMAR
7
 
8
  This program is free software; you can redistribute it and/or modify
9
  it under the terms of the GNU General Public License as published by
10
  the Free Software Foundation; either version 2 of the License, or
11
  (at your option) any later version.
12
  ********************************************
13
  Coppermine version: 1.3.3
14
  $Source: /cvsroot/coppermine/stable/delete.php,v $
15
  $Revision: 1.7 $
16
  $Author: gaugau $
17
  $Date: 2005/04/19 03:17:10 $
18
**********************************************/
19
 
20
define('IN_COPPERMINE', true);
21
define('DELETE_PHP', true);
22
 
23
require('include/init.inc.php');
24
 
25
/**
26
 * Local functions definition
27
 */
28
 
29
$header_printed = false;
30
$need_caption = false;
31
 
32
function output_table_header()
33
{
34
    global $header_printed, $need_caption;
35
 
36
    $header_printed = true;
37
    $need_caption = true;
38
 
39
    ?>
40
<tr>
41
<td class="tableh2"><b>Picture</b></td>
42
<td class="tableh2" align="center"><b>F</b></td>
43
<td class="tableh2" align="center"><b>N</b></td>
44
<td class="tableh2" align="center"><b>T</b></td>
45
<td class="tableh2" align="center"><b>C</b></td>
46
<td class="tableh2" align="center"><b>D</b></td>
47
</tr>
48
<?php
49
}
50
 
51
function output_caption()
52
{
53
    global $lang_delete_php
54
    ?>
55
<tr><td colspan="6" class="tableb">&nbsp;</td></tr>
56
<tr><td colspan="6" class="tableh2"><b><?php echo $lang_delete_php['caption'] ?></b></tr>
57
<tr><td colspan="6" class="tableb">
58
<table cellpadding="1" cellspacing="0">
59
<tr><td><b>F</b></td><td>:</td><td><?php echo $lang_delete_php['fs_pic'] ?></td><td width="20">&nbsp;</td><td><img src="images/green.gif" border="0" width="12" height="12" align="absmiddle"></td><td>:</td><td><?php echo $lang_delete_php['del_success'] ?></td></tr>
60
<tr><td><b>N</b></td><td>:</td><td><?php echo $lang_delete_php['ns_pic'] ?></td><td width="20">&nbsp</td><td><img src="images/red.gif" border="0" width="12" height="12" align="absmiddle"></td><td>:</td><td><?php echo $lang_delete_php['err_del'] ?></td></tr>
61
<tr><td><b>T</b></td><td>:</td><td><?php echo $lang_delete_php['thumb_pic'] ?></td></tr>
62
<tr><td><b>C</b></td><td>:</td><td><?php echo $lang_delete_php['comment'] ?></td></tr>
63
<tr><td><b>D</b></td><td>:</td><td><?php echo $lang_delete_php['im_in_alb'] ?></td></tr>
64
</table>
65
</td>
66
</tr>
67
<?php
68
}
69
 
70
function delete_picture($pid)
71
{
72
    global $CONFIG, $header_printed, $lang_errors;
73
 
74
    if (!$header_printed)
75
        output_table_header();
76
 
77
    $green = "<img src=\"images/green.gif\" border=\"0\" width=\"12\" height=\"12\"><br>";
78
    $red = "<img src=\"images/red.gif\" border=\"0\" width=\"12\" height=\"12\"><br>";
79
 
80
    if (GALLERY_ADMIN_MODE) {
81
        $query = "SELECT aid, filepath, filename FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='$pid'";
82
        $result = db_query($query);
83
        if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
84
        $pic = mysql_fetch_array($result);
85
    } else {
86
        $query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid as aid, category, filepath, filename FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'";
87
        $result = db_query($query);
88
        if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
89
        $pic = mysql_fetch_array($result);
90
        if ($pic['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
91
    }
92
 
93
    $aid = $pic['aid'];
94
    $dir = $CONFIG['fullpath'] . $pic['filepath'];
95
    $file = $pic['filename'];
96
 
97
 
98
    if (!is_writable($dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], htmlspecialchars($dir)), __FILE__, __LINE__);
99
 
100
    echo "<td class=\"tableb\">" . htmlspecialchars($file) . "</td>";
101
 
102
    $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
103
    foreach ($files as $currFile) {
104
        echo "<td class=\"tableb\" align=\"center\">";
105
        if (is_file($currFile)) {
106
            if (@unlink($currFile))
107
                echo $green;
108
            else
109
                echo $red;
110
        } else
111
            echo "&nbsp;";
112
        echo "</td>";
113
    }
114
 
115
    $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='$pid'";
116
    $result = db_query($query);
117
    echo "<td class=\"tableb\" align=\"center\">";
118
    if (mysql_affected_rows() > 0)
119
        echo $green;
120
    else
121
        echo "&nbsp;";
122
    echo "</td>";
123
 
124
    $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE filename='$dir$file' LIMIT 1";
125
    $result = db_query($query);
126
 
127
    $query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='$pid' LIMIT 1";
128
    $result = db_query($query);
129
    echo "<td class=\"tableb\" align=\"center\">";
130
    if (mysql_affected_rows() > 0)
131
        echo $green;
132
    else
133
        echo $red;
134
    echo "</td>";
135
 
136
    echo "</tr>\n";
137
 
138
    return $aid;
139
}
140
 
141
function delete_album($aid)
142
{
143
    global $CONFIG, $lang_errors, $lang_delete_php;
144
 
145
    $query = "SELECT title, category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid ='$aid'";
146
    $result = db_query($query);
147
    if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
148
    $album_data = mysql_fetch_array($result);
149
 
150
    if (!GALLERY_ADMIN_MODE) {
151
        if ($album_data['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
152
    }
153
 
154
    $query = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='$aid'";
155
    $result = db_query($query);
156
    // Delete all files
157
    while ($pic = mysql_fetch_array($result)) {
158
        delete_picture($pic['pid']);
159
    }
160
    // Delete album
161
    $query = "DELETE from {$CONFIG['TABLE_ALBUMS']} WHERE aid='$aid'";
162
    $result = db_query($query);
163
    if (mysql_affected_rows() > 0)
164
        echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['alb_del_success'], $album_data['title']) . "</td></tr>\n";
165
}
166
 
167
/**
168
 * Album manager functions
169
 */
170
 
171
function parse_select_option($value)
172
{
173
    global $HTML_SUBST;
174
 
175
    if (!preg_match("/.+?no=(\d+),album_nm='(.+?)',album_sort=(\d+),action=(\d)/", $value, $matches))
176
        return false;
177
 
178
    return array('album_no' => (int)$matches[1],
179
        'album_nm' => get_magic_quotes_gpc() ? strtr(stripslashes($matches[2]), $HTML_SUBST) : strtr($matches[2], $HTML_SUBST),
180
        'album_sort' => (int)$matches[3],
181
        'action' => (int)$matches[4]
182
        );
183
}
184
 
185
function parse_orig_sort_order($value)
186
{
187
    if (!preg_match("/(\d+)@(\d+)/", $value, $matches))
188
        return false;
189
 
190
    return array('aid' => (int)$matches[1],
191
        'pos' => (int)$matches[2],
192
        );
193
}
194
 
195
function parse_list($value)
196
{
197
    return preg_split("/,/", $value, -1, PREG_SPLIT_NO_EMPTY);
198
}
199
 
200
/**
201
 * Main code starts here
202
 */
203
 
204
if (!isset($HTTP_GET_VARS['what']) && !isset($HTTP_POST_VARS['what'])) {
205
    cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
206
}
207
 
208
$what = isset($HTTP_GET_VARS['what']) ? $HTTP_GET_VARS['what'] : $HTTP_POST_VARS['what'];
209
switch ($what) {
210
 
211
    // Album manager (don't necessarily delete something ;-)
212
 
213
    case 'albmgr':
214
        if (!(GALLERY_ADMIN_MODE || USER_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
215
 
216
        if (!GALLERY_ADMIN_MODE) {
217
            $restrict = "AND category = '" . (FIRST_USER_CAT + USER_ID) . "'";
218
        } else {
219
            $restrict = '';
220
        }
221
 
222
        pageheader($lang_delete_php['alb_mgr']);
223
        starttable("100%", $lang_delete_php['alb_mgr'], 6);
224
 
225
        $orig_sort_order = parse_list($HTTP_POST_VARS['sort_order']);
226
        foreach ($orig_sort_order as $album) {
227
            $op = parse_orig_sort_order($album);
228
            if (count ($op) == 2) {
229
                $query = "UPDATE $CONFIG[TABLE_ALBUMS] SET pos='{$op['pos']}' WHERE aid='{$op['aid']}' $restrict LIMIT 1";
230
                db_query($query);
231
            } else {
232
                cpg_die (sprintf(CRITICAL_ERROR, $lang_delete_php['err_invalid_data'], $HTTP_POST_VARS['sort_order']), __FILE__, __LINE__);
233
            }
234
        }
235
 
236
        $to_delete = parse_list($HTTP_POST_VARS['delete_album']);
237
        foreach ($to_delete as $album_id) {
238
            delete_album((int)$album_id);
239
        }
240
 
241
        if (isset($HTTP_POST_VARS['to'])) foreach ($HTTP_POST_VARS['to'] as $option_value) {
242
            $op = parse_select_option(stripslashes($option_value));
243
            switch ($op['action']) {
244
                case '0':
245
                    break;
246
                case '1':
247
                    if (GALLERY_ADMIN_MODE) {
248
                        $category = (int)$HTTP_POST_VARS['cat'];
249
                    } else {
250
                        $category = FIRST_USER_CAT + USER_ID;
251
                    }
252
                    echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['create_alb'], $op['album_nm']) . "</td></tr>\n";
253
                    $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($op['album_nm']) . "', 'NO',  '{$op['album_sort']}')";
254
                    db_query($query);
255
                    break;
256
                case '2':
257
                    echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['update_alb'], $op['album_no'], $op['album_nm'], $op['album_sort']) . "</td></tr>\n";
258
                    $query = "UPDATE $CONFIG[TABLE_ALBUMS] SET title='" . addslashes($op['album_nm']) . "', pos='{$op['album_sort']}' WHERE aid='{$op['album_no']}' $restrict LIMIT 1";
259
                    db_query($query);
260
                    break;
261
                default:
262
                    cpg_die (CRITICAL_ERROR, $lang_delete_php['err_invalid_data'], __FILE__, __LINE__);
263
            }
264
        }
265
        if ($need_caption) output_caption();
266
        echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n";
267
        echo "<div class=\"admin_menu_thumb\"><a href=\"index.php\"  class=\"adm_menu\">$lang_continue</a></div>\n";
268
        echo "</td></tr>";
269
        endtable();
270
        pagefooter();
271
        ob_end_flush();
272
        break;
273
 
274
    // Comment
275
 
276
    case 'comment':
277
        $msg_id = (int)$HTTP_GET_VARS['msg_id'];
278
 
279
        $result = db_query("SELECT pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id'");
280
        if (!mysql_num_rows($result)) {
281
            cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_comment'], __FILE__, __LINE__);
282
        } else {
283
            $comment_data = mysql_fetch_array($result);
284
        }
285
 
286
        if (GALLERY_ADMIN_MODE) {
287
            $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id'";
288
        } elseif (USER_ID) {
289
            $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id' AND author_id ='" . USER_ID . "' LIMIT 1";
290
        } else {
291
            $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1";
292
        }
293
        $result = db_query($query);
294
 
295
        $header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: ';
296
        $redirect = "displayimage.php?pos=" . (- $comment_data['pid']);
297
        header($header_location . $redirect);
298
        pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">");
299
        msg_box($lang_info, $lang_delete_php['comment_deleted'], $lang_continue, $redirect);
300
        pagefooter();
301
        ob_end_flush();
302
        break;
303
 
304
    // Picture
305
 
306
    case 'picture':
307
        if (!(GALLERY_ADMIN_MODE || USER_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
308
 
309
        $pid = (int)$HTTP_GET_VARS['id'];
310
 
311
        pageheader($lang_delete_php['del_pic']);
312
        starttable("100%", $lang_delete_php['del_pic'], 6);
313
        output_table_header();
314
        $aid = delete_picture($pid);
315
        output_caption();
316
        echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n";
317
        echo "<div class=\"admin_menu_thumb\"><a href=\"thumbnails.php?album=$aid\"  class=\"adm_menu\">$lang_continue</a></div>\n";
318
        echo "</td></tr>\n";
319
        endtable();
320
        pagefooter();
321
        ob_end_flush();
322
        break;
323
 
324
    // Album
325
 
326
    case 'album':
327
        if (!(GALLERY_ADMIN_MODE || USER_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
328
 
329
        $aid = (int)$HTTP_GET_VARS['id'];
330
 
331
        pageheader($lang_delete_php['del_alb']);
332
        starttable("100%", $lang_delete_php['del_alb'], 6);
333
 
334
        delete_album($aid);
335
        if ($need_caption) output_caption();
336
 
337
        echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n";
338
        echo "<div class=\"admin_menu_thumb\"><a href=\"index.php\"  class=\"adm_menu\">$lang_continue</a></div>\n";
339
        echo "</td></tr>";
340
        endtable();
341
        pagefooter();
342
        ob_end_flush();
343
        break;
344
 
345
    // User
346
 
347
    case 'user':
348
        $user_id = (int)$HTTP_GET_VARS['id'];
349
        if (!(GALLERY_ADMIN_MODE) || ($user_id == USER_ID) || defined('UDB_INTEGRATION')) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
350
 
351
        $result = db_query("SELECT user_name FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'");
352
        if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_delete_php['err_unknown_user'], __FILE__, __LINE__);
353
        $user_data = mysql_fetch_array($result);
354
        mysql_free_result($result);
355
 
356
        pageheader($lang_delete_php['del_user']);
357
        starttable("100%", $lang_delete_php['del_user'] . ' - ' . $user_data['user_name'], 6);
358
        // First delete the albums
359
        $result = db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = '" . (FIRST_USER_CAT + $user_id) . "'");
360
        while ($album = mysql_fetch_array($result)) {
361
            delete_album($album['aid']);
362
        } // while
363
        mysql_free_result($result);
364
 
365
        if ($need_caption) output_caption();
366
        // Then anonymize comments posted by the user
367
        db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET  author_id = '0' WHERE  author_id = '$user_id'");
368
        // Do the same for pictures uploaded in public albums
369
        db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET  owner_id = '0' WHERE  owner_id = '$user_id'");
370
        // Finally delete the user
371
        db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'");
372
 
373
        echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n";
374
        echo "<div class=\"admin_menu_thumb\"><a href=\"usermgr.php\"  class=\"adm_menu\">$lang_continue</a></div>\n";
375
        echo "</td></tr>";
376
        endtable();
377
        pagefooter();
378
        ob_end_flush();
379
        break;
380
 
381
    // Unknow command
382
 
383
    default:
384
        cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
385
}
386
 
387
?>