Go to most recent revision | Blame | Last modification | View Log | Download
<?php
/*************************
Coppermine Photo Gallery
************************
Copyright (c) 2003-2005 Coppermine Dev Team
v1.1 originaly written by Gregory DEMAR
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
********************************************
Coppermine version: 1.3.3
$Source: /cvsroot/coppermine/stable/editpics.php,v $
$Revision: 1.8 $
$Author: gaugau $
$Date: 2005/04/19 03:17:10 $
**********************************************/
define('IN_COPPERMINE', true);
define('EDITPICS_PHP', true);
require('include/init.inc.php');
if (!(GALLERY_ADMIN_MODE || USER_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
define('UPLOAD_APPROVAL_MODE', isset($HTTP_GET_VARS['mode']));
define('EDIT_PICTURES_MODE', !isset($HTTP_GET_VARS['mode']));
if (isset($HTTP_GET_VARS['album'])) {
$album_id = (int)$HTTP_GET_VARS['album'];
} elseif (isset($HTTP_GET_VARS['album'])) {
$album_id = (int)$HTTP_POST_VARS['album'];
} else {
$album_id = -1;
}
if (UPLOAD_APPROVAL_MODE && !GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
if (EDIT_PICTURES_MODE) {
$result = db_query("SELECT title, category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '$album_id'");
if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
$ALBUM_DATA=mysql_fetch_array($result);
mysql_free_result($result);
$cat = $ALBUM_DATA['category'];
$actual_cat = $cat;
if ($cat != FIRST_USER_CAT + USER_ID && !GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
} else {
$ALBUM_DATA = array();
}
$THUMB_ROWSPAN=5;
if ($CONFIG['user_field1_name'] != '') $THUMB_ROWSPAN++;
if ($CONFIG['user_field2_name'] != '') $THUMB_ROWSPAN++;
if ($CONFIG['user_field3_name'] != '') $THUMB_ROWSPAN++;
if ($CONFIG['user_field4_name'] != '') $THUMB_ROWSPAN++;
$USER_ALBUMS_ARRAY=array(0 => array());
// Type 0 => input
// 1 => album list
// 2 => text_area
// 3 => picture information
$captionLabel = $lang_editpics_php['desc'];
if ($CONFIG['show_bbcode_help']) {$captionLabel .= '<hr />'.$lang_bbcode_help;}
$data = array(
array($lang_editpics_php['pic_info'], '', 3),
array($lang_editpics_php['album'], 'aid', 1),
array($lang_editpics_php['title'], 'title', 0, 255),
array($captionLabel, 'caption', 2, $CONFIG['max_img_desc_length']),
array($lang_editpics_php['keywords'], 'keywords', 0, 255),
array($CONFIG['user_field1_name'], 'user1', 0, 255),
array($CONFIG['user_field2_name'], 'user2', 0, 255),
array($CONFIG['user_field3_name'], 'user3', 0, 255),
array($CONFIG['user_field4_name'], 'user4', 0, 255),
array('', '', 4)
);
function get_post_var($var, $pid)
{
global $HTTP_POST_VARS, $lang_errors;
$var_name = $var.$pid;
if(!isset($HTTP_POST_VARS[$var_name])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing']." ($var_name)", __FILE__, __LINE__);
return $HTTP_POST_VARS[$var_name];
}
function process_post_data()
{
global $HTTP_POST_VARS, $CONFIG;
global $user_albums_list, $lang_errors;
$user_album_set = array();
foreach($user_albums_list as $album) $user_album_set[$album['aid']] = 1;
if (!is_array($HTTP_POST_VARS['pid'])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
$pid_array = &$HTTP_POST_VARS['pid'];
foreach($pid_array as $pid){
$pid = (int)$pid;
$aid = (int)get_post_var('aid', $pid);
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = isset($HTTP_POST_VARS['delete'.$pid]);
$reset_vcount = isset($HTTP_POST_VARS['reset_vcount'.$pid]);
$reset_votes = isset($HTTP_POST_VARS['reset_votes'.$pid]);
$del_comments = isset($HTTP_POST_VARS['del_comments'.$pid]) || $delete;
$query = "SELECT category, filepath, filename FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'";
$result = db_query($query);
if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied']."<br />(picture category = {$pic['category']}/ $pid)", __FILE__, __LINE__);
if (!isset($user_album_set[$aid])) cpg_die(ERROR, $lang_errors['perm_denied']."<br />(target album = $aid)", __FILE__, __LINE__);
}
$update = "aid = '".$aid."'";
$update .= ", title = '".addslashes($title)."'";
$update .= ", caption = '".addslashes($caption)."'";
$update .= ", keywords = '".addslashes($keywords)."'";
$update .= ", user1 = '".addslashes($user1)."'";
$update .= ", user2 = '".addslashes($user2)."'";
$update .= ", user3 = '".addslashes($user3)."'";
$update .= ", user4 = '".addslashes($user4)."'";
if (is_movie($pic['filename'])) {
$pwidth = get_post_var('pwidth', $pid);
$pheight = get_post_var('pheight', $pid);
$update .= ", pwidth = " . (int) $pwidth;
$update .= ", pheight = " . (int) $pheight;
}
if ($reset_vcount) $update .= ", hits = '0'";
if ($reset_votes) $update .= ", pic_rating = '0', votes = '0'";
if (UPLOAD_APPROVAL_MODE) {
$approved = get_post_var('approved', $pid);
if ($approved == 'YES') {
$update .= ", approved = 'YES'";
} elseif ($approved == 'DELETE') {
$del_comments = 1;
$delete = 1;
}
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='$pid'";
$result =db_query($query);
}
if ($delete) {
$dir=$CONFIG['fullpath'].$pic['filepath'];
$file=$pic['filename'];
if (!is_writable($dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
$files=array($dir.$file, $dir.$CONFIG['normal_pfx'].$file, $dir.$CONFIG['thumb_pfx'].$file);
foreach ($files as $currFile){
if (is_file($currFile)) @unlink($currFile);
}
$query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='$pid' LIMIT 1";
$result = db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET $update WHERE pid='$pid' LIMIT 1";
$result = db_query($query);
}
}
}
function form_label($text)
{
global $CURENT_PIC;
echo <<<EOT
<tr>
<td class="tableh2" colspan="3">
<b>$text</b>
</td>
</tr>
EOT;
}
function form_pic_info($text)
{
global $CURRENT_PIC, $THUMB_ROWSPAN, $CONFIG, $lang_byte_units, $lang_editpics_php;
if (!is_movie($CURRENT_PIC['filename'])) {
$pic_info = sprintf($lang_editpics_php['pic_info_str'], $CURRENT_PIC['pwidth'], $CURRENT_PIC['pheight'], ($CURRENT_PIC['filesize'] >> 10), $CURRENT_PIC['hits'], $CURRENT_PIC['votes']);
} else {
$pic_info = sprintf($lang_editpics_php['pic_info_str'], '<input type="text" name="pwidth'.$CURRENT_PIC['pid'].'" value="'.$CURRENT_PIC['pwidth'].'" size="5" maxlength="5" class="textinput" />', '<input type="text" name="pheight'.$CURRENT_PIC['pid'].'" value="'.$CURRENT_PIC['pheight'].'" size="5" maxlength="5" class="textinput" />', ($CURRENT_PIC['filesize'] >> 10), $CURRENT_PIC['hits'], $CURRENT_PIC['votes']);
}
if (UPLOAD_APPROVAL_MODE) {
// Commented out by Omni; Duplicate of above
//$pic_info = $CURRENT_PIC['pwidth'].' × '.$CURRENT_PIC['pheight'].' - '.($CURRENT_PIC['filesize'] >> 10).$lang_byte_units[1];
if($CURRENT_PIC['owner_name']){
$pic_info .= ' - <a href ="profile.php?uid='.$CURRENT_PIC['owner_id'].'" target="_blank">'.$CURRENT_PIC['owner_name'].'</a>';
}
}
$thumb_url = get_pic_url($CURRENT_PIC, 'thumb');
$thumb_link = 'displayimage.php?&pos='.(-$CURRENT_PIC['pid']);
$filename = htmlspecialchars($CURRENT_PIC['filename']);
echo <<<EOT
<input type="hidden" name="pid[]" value="{$CURRENT_PIC['pid']}">
<tr>
<td class="tableh2" colspan="3">
<b>$filename</b>
</td>
</tr>
<tr>
<td class="tableb" style="white-space: nowrap;">
$text
</td>
<td class="tableb">
$pic_info
</td>
<td class="tableb" align="center" rowspan="$THUMB_ROWSPAN">
<a href="$thumb_link" target="_blank"><img src="$thumb_url" class="image" border="0"><br /></a>
</td>
</tr>
EOT;
}
function form_options()
{
global $CURRENT_PIC, $lang_editpics_php;
if (UPLOAD_APPROVAL_MODE) {
echo <<<EOT
<tr>
<td class="tableb" colspan="3" align="center">
<b><input type="radio" name="approved{$CURRENT_PIC['pid']}" value="YES" class="radio">{$lang_editpics_php['approve']}</b>
<b><input type="radio" name="approved{$CURRENT_PIC['pid']}" value="NO" class="radio" checked>{$lang_editpics_php['postpone_app']}</b>
<b><input type="radio" name="approved{$CURRENT_PIC['pid']}" value="DELETE" class="radio">{$lang_editpics_php['del_pic']}</b>
</td>
</tr>
EOT;
} else {
echo <<<EOT
<tr>
<td class="tableb" colspan="3" align="center">
<b><input type="checkbox" name="delete{$CURRENT_PIC['pid']}" value="1" class="checkbox">{$lang_editpics_php['del_pic']}</b>
<b><input type="checkbox" name="reset_vcount{$CURRENT_PIC['pid']}" value="1" class="checkbox">{$lang_editpics_php['reset_view_count']}</b>
<b><input type="checkbox" name="reset_votes{$CURRENT_PIC['pid']}" value="1" class="checkbox">{$lang_editpics_php['reset_votes']}</b>
<b><input type="checkbox" name="del_comments{$CURRENT_PIC['pid']}" value="1" class="checkbox">{$lang_editpics_php['del_comm']}</b>
</td>
</tr>
EOT;
}
}
function form_input($text, $name, $max_length,$field_width=100)
{
global $CURRENT_PIC;
$value = $CURRENT_PIC[$name];
$name .= $CURRENT_PIC['pid'];
if ($text == '') {
echo " <input type=\"hidden\" name=\"$name\" value=\"\">\n";
return;
}
echo <<<EOT
<tr>
<td class="tableb" style="white-space: nowrap;">
$text
</td>
<td width="100%" class="tableb" valign="top">
<input type="text" style="width: {$field_width}%" name="$name" maxlength="$max_length" value="$value" class="textinput">
</td>
</tr>
EOT;
}
function form_alb_list_box($text, $name)
{
global $CONFIG, $CURRENT_PIC;
global $user_albums_list, $public_albums_list;
$sel_album = $CURRENT_PIC['aid'];
$name .= $CURRENT_PIC['pid'];
echo <<<EOT
<tr>
<td class="tableb" style="white-space: nowrap;">
$text
</td>
<td class="tableb" valign="top">
<select name="$name" class="listbox">
EOT;
foreach($public_albums_list as $album) {
echo ' <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . $album['cat_title'] . "</option>\n";
}
foreach($user_albums_list as $album){
echo ' <option value="'.$album['aid'].'"'.($album['aid'] == $sel_album ? ' selected' : '').'>* '.$album['title'] . "</option>\n";
}
echo <<<EOT
</select>
</td>
</tr>
EOT;
}
function form_textarea($text, $name, $max_length)
{
global $ALBUM_DATA, $CURRENT_PIC;
$value = $CURRENT_PIC[$name];
$name .= $CURRENT_PIC['pid'];
echo <<<EOT
<tr>
<td class="tableb" valign="top" style="white-space: nowrap;">
$text
</td>
<td class="tableb" valign="top">
<textarea name="$name" ROWS="5" COLS="40" WRAP="virtual" class="textinput" STYLE="WIDTH: 100%;" onKeyDown="textCounter(this, $max_length);" onKeyUp="textCounter(this, $max_length);">$value</textarea>
</td>
</tr>
EOT;
}
function create_form(&$data)
{
foreach($data as $element){
if ((is_array($element))) {
switch($element[2]){
case 0 :
form_input($element[0], $element[1], $element[3]);
break;
case 1 :
form_alb_list_box($element[0], $element[1]);
break;
case 2 :
form_textarea($element[0], $element[1], $element[3]);
break;
case 3 :
form_pic_info($element[0]);
break;
case 4 :
form_options();
break;
default:
cpg_die(CRITICAL_ERROR, 'Invalid action for form creation', __FILE__, __LINE__);
} // switch
} else {
form_label($element);
}
}
}
function get_user_albums($user_id)
{
global $CONFIG, $USER_ALBUMS_ARRAY, $user_albums_list;
if (!isset($USER_ALBUMS_ARRAY[$user_id])) {
$user_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='".(FIRST_USER_CAT + $user_id)."' ORDER BY title");
if (mysql_num_rows($user_albums)) {
$user_albums_list=db_fetch_rowset($user_albums);
} else {
$user_albums_list = array();
}
mysql_free_result($user_albums);
$USER_ALBUMS_ARRAY[$user_id] = $user_albums_list;
} else {
$user_albums_list = &$USER_ALBUMS_ARRAY[$user_id];
}
}
if (GALLERY_ADMIN_MODE) {
$public_albums = db_query("SELECT DISTINCT aid, title, IF(category = 0, CONCAT('> ', title), CONCAT(name,' < ',title)) AS cat_title FROM {$CONFIG['TABLE_ALBUMS']}, {$CONFIG['TABLE_CATEGORIES']} WHERE category < '" . FIRST_USER_CAT . "' AND (category = 0 OR category = cid) ORDER BY cat_title");
if (mysql_num_rows($public_albums)) {
$public_albums_list=db_fetch_rowset($public_albums);
} else {
$public_albums_list = array();
}
mysql_free_result($public_albums);
} else {
$public_albums_list = array();
}
get_user_albums(USER_ID);
if (count($HTTP_POST_VARS)) process_post_data();
$start = isset($HTTP_GET_VARS['start']) ? (int)$HTTP_GET_VARS['start'] : 0;
$count = isset($HTTP_GET_VARS['count']) ? (int)$HTTP_GET_VARS['count'] : 25;
$next_target = $PHP_SELF.'?album='.$album_id.'&start='.($start+$count).'&count='.$count.((UPLOAD_APPROVAL_MODE==1)?"&mode=upload_approval":"");
$prev_target = $PHP_SELF.'?album='.$album_id.'&start='.max(0,$start-$count).'&count='.$count.((UPLOAD_APPROVAL_MODE==1)?"&mode=upload_approval":"");
$s50 = $count == 50 ? 'selected' : '';
$s75 = $count == 75 ? 'selected' : '';
$s100 = $count == 100 ? 'selected' : '';
if (UPLOAD_APPROVAL_MODE) {
$result=db_query("SELECT count(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE approved = 'NO'");
$nbEnr = mysql_fetch_array($result);
$pic_count = $nbEnr[0];
// Update user names for pictures
$sql = "SELECT pid, owner_id FROM {$CONFIG['TABLE_PICTURES']} WHERE owner_id != 0 AND owner_name = ''";
$result = db_query($sql);
while($row = mysql_fetch_array($result)){
if(defined('UDB_INTEGRATION')){
$owner_name = udb_get_user_name($row['owner_id']);
} else {
$result2 = db_query("SELECT user_name FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '".$row['owner_id']."'");
if (mysql_num_rows($result2)){
$row2 = mysql_fetch_array($result2);
mysql_free_result($result2);
$owner_name = $row2['user_name'];
} else {
$owner_name = '';
}
}
if($owner_name){
db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET owner_name = '$owner_name' WHERE pid = {$row['pid']} LIMIT 1");
} else {
db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET owner_id = 0 WHERE pid = {$row['pid']} LIMIT 1");
}
}
mysql_free_result($result);
$sql = "SELECT * ".
"FROM {$CONFIG['TABLE_PICTURES']} ".
"WHERE approved = 'NO' ".
"ORDER BY pid ".
"LIMIT $start, $count";
$result = db_query($sql);
$form_target = $PHP_SELF.'?mode=upload_approval&start='.$start.'&count='.$count;
$title = $lang_editpics_php['upl_approval'];
} else {
$result=db_query("SELECT count(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE aid = '$album_id'");
$nbEnr = mysql_fetch_array($result);
$pic_count = $nbEnr[0];
mysql_free_result($result);
$result = db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} WHERE aid = '$album_id' ORDER BY filename LIMIT $start, $count");
$form_target = $PHP_SELF.'?album='.$album_id.'&start='.$start.'&count='.$count;
$title = $lang_editpics_php['edit_pics'];
}
if (!mysql_num_rows($result)) cpg_die(INFORMATION, $lang_errors['no_img_to_display'], __FILE__, __LINE__);
if ($start + $count < $pic_count) {
$next_link = "<a href=\"$next_target\"><b>{$lang_editpics_php['see_next']}</b></a> - ";
} else {
$next_link = '';
}
if ($start > 0) {
$prev_link = "<a href=\"$prev_target\"><b>{$lang_editpics_php['see_prev']}</b></a> - ";
} else {
$prev_link = '';
}
$pic_count_text = sprintf($lang_editpics_php['n_pic'], $pic_count);
pageheader($title);
starttable("100%", $title, 3);
echo <<<EOT
<SCRIPT LANGUAGE="JavaScript">
function textCounter(field, maxlimit) {
if (field.value.length > maxlimit) // if too long...trim it!
field.value = field.value.substring(0, maxlimit);
}
</script>
EOT;
$mode= (UPLOAD_APPROVAL_MODE==1) ? "&mode=upload_approval":"";
echo <<<EOT
<tr>
<td class="tableb" colspan="3" align="center">
<form method="post" action="$form_target$mode">
<b>$pic_count_text</b> -
$prev_link
$next_link
<b>{$lang_editpics_php['n_of_pic_to_disp']}</b>
<select onChange="if(this.options[this.selectedIndex].value) window.location.href='$PHP_SELF?album=$album_id$mode&start=$start&count='+this.options[this.selectedIndex].value;" name="count" class="listbox">
<option value="25">25</option>
<option value="50" $s50>50</option>
<option value="75" $s75>75</option>
<option value="100" $s100>100</option>
</select>
</td>
</tr>
EOT;
while($CURRENT_PIC = mysql_fetch_array($result)){
if (GALLERY_ADMIN_MODE) get_user_albums($CURRENT_PIC['owner_id']);
create_form($data);
flush();
} // while
mysql_free_result($result);
echo <<<EOT
<tr>
<td colspan="3" align="center" class="tablef">
<input type="submit" value="{$lang_editpics_php['apply']}" class="button">
</td>
</form>
</tr>
EOT;
endtable();
pagefooter();
ob_end_flush();
?>