cpg_fetch_icon('modifyalb', 2),
'thumbnail_view' => cpg_fetch_icon('thumbnails', 2),
'file_info' => cpg_fetch_icon('info', 2),
'album' => cpg_fetch_icon('alb_mgr', 2),
'move' => cpg_fetch_icon('move', 2),
'title' => cpg_fetch_icon('title', 2),
'file_name' => cpg_fetch_icon('filename', 2),
'description' => cpg_fetch_icon('text_left', 2),
'keyword' => cpg_fetch_icon('keyword_mgr', 2),
'file_approval' => cpg_fetch_icon('file_approval', 2),
'file_approve' => cpg_fetch_icon('file_approve', 0, $lang_editpics_php['approve_pic']),
'file_approve_all' => cpg_fetch_icon('file_approve', 0, $lang_editpics_php['approve_all']),
'file_disapprove' => cpg_fetch_icon('file_disapprove', 2),
'exif' => cpg_fetch_icon('exif_mgr', 2),
'reset_views' => cpg_fetch_icon('stats_delete', 0),
'reset_views_all' => cpg_fetch_icon('stats_delete', 0, $lang_editpics_php['reset_all_view_count']),
'reset_votes' => cpg_fetch_icon('blank', 2),
'ok' => cpg_fetch_icon('ok', 2),
'category' => cpg_fetch_icon('category', 2),
'delete' => cpg_fetch_icon('delete', 0, $lang_editpics_php['del_pic']),
'delete_all' => cpg_fetch_icon('delete', 0, $lang_editpics_php['del_all']),
'comment_delete' => cpg_fetch_icon('comment_disapprove', 0, $lang_editpics_php['del_comm']),
'comment_delete_all' => cpg_fetch_icon('comment_disapprove', 0, $lang_editpics_php['del_all_comm']),
'edit_files' => cpg_fetch_icon('edit', 2),
'continue' => cpg_fetch_icon('right', 0),
);
if ($superCage->get->keyExists('album')) {
$album_id = $superCage->get->getInt('album');
} elseif ($superCage->post->keyExists('album')) {
$album_id = $superCage->post->getInt('album');
} else {
$album_id = 0;
}
if (isset($USER_DATA['allowed_albums']) && count($USER_DATA['allowed_albums']) > 0) {
define('MODERATOR_MODE', 1);
$albStr = implode(',', $USER_DATA['allowed_albums']);
$albStr = "($albStr)";
if (isset($album_id) && in_array($album_id, $USER_DATA['allowed_albums'])) {
define('MODERATOR_EDIT_MODE', 1);
} else {
define('MODERATOR_EDIT_MODE', 0);
}
} else {
define('MODERATOR_MODE', 0);
define('MODERATOR_EDIT_MODE', 0);
}
if (!(USER_IS_ADMIN || USER_ADMIN_MODE || MODERATOR_MODE || USER_CAN_UPLOAD_PICTURES)) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
if (USER_ID == 0 && $CONFIG['allow_guests_enter_file_details'] == 0) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
define('UPLOAD_APPROVAL_MODE', $superCage->get->keyExists('mode'));
define('EDIT_PICTURES_MODE', !$superCage->get->keyExists('mode'));
if (UPLOAD_APPROVAL_MODE && !GALLERY_ADMIN_MODE && !MODERATOR_MODE) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
// Remove outdated guest tokens every hour at maximum
if ($CONFIG['guest_token_cleanup'] < time() - 3600) {
$guest_token_lifetime = $CONFIG['form_token_lifetime'] * 5;
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET guest_token = '' WHERE ctime < ".time()." - {$guest_token_lifetime}");
cpg_db_query("UPDATE {$CONFIG['TABLE_CONFIG']} SET value = ".time()." WHERE name = 'guest_token_cleanup'");
}
if (EDIT_PICTURES_MODE) {
$query = "SELECT title, category, keyword FROM {$CONFIG['TABLE_ALBUMS']} "
." WHERE aid = '$album_id'";
$result = cpg_db_query($query);
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$ALBUM_DATA = mysql_fetch_assoc($result);
mysql_free_result($result);
$cat = $ALBUM_DATA['category'];
$actual_cat = $cat;
if ((!user_is_allowed() && !GALLERY_ADMIN_MODE && !MODERATOR_EDIT_MODE)) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
} else {
$ALBUM_DATA = array();
}
$THUMB_ROWSPAN = 5;
if ($CONFIG['user_field1_name'] != '') {
$THUMB_ROWSPAN++;
}
if ($CONFIG['user_field2_name'] != '') {
$THUMB_ROWSPAN++;
}
if ($CONFIG['user_field3_name'] != '') {
$THUMB_ROWSPAN++;
}
if ($CONFIG['user_field4_name'] != '') {
$THUMB_ROWSPAN++;
}
// Type 0 => input
// 1 => album list
// 2 => text_area
// 3 => picture information
$captionLabel = $lang_editpics_php['desc'];
$keywordLabel = sprintf($lang_common['keywords_insert1'], $lang_common['keyword_separators'][$CONFIG['keyword_separator']])
. '
' . $lang_common['keywords_insert2'] .'';
if ($CONFIG['show_bbcode_help']) {
$captionLabel .= ' '. cpg_display_help('f=empty.html&h=lang_bbcode_help_title&t=lang_bbcode_help', 500, 300);
}
$data = array(
array($icon_array['file_info'] . $lang_editpics_php['pic_info'], '', 3),
array($icon_array['album'] . $lang_common['album'], 'aid', 1),
array($icon_array['title'] . $lang_common['title'], 'title', 0, 255),
array($icon_array['description'] . $captionLabel, 'caption', 2, $CONFIG['max_img_desc_length']),
array($icon_array['keyword'] . $keywordLabel, 'keywords', 0, 255),
array($CONFIG['user_field1_name'], 'user1', 0, 255),
array($CONFIG['user_field2_name'], 'user2', 0, 255),
array($CONFIG['user_field3_name'], 'user3', 0, 255),
array($CONFIG['user_field4_name'], 'user4', 0, 255),
);
/**
* get_post_var()
*
* Function to fetch the given key's data from post and return it
*
* @param string String part of the key
* @param int The pid attached to the key
*
* @return string Data from post
*/
function get_post_var($var, $pid)
{
global $lang_errors;
$superCage = Inspekt::makeSuperCage();
$var_name = $var.$pid;
if ($superCage->post->keyExists($var_name)) {
return $superCage->post->getEscaped($var_name);
} else {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing']." ($var_name)", __FILE__, __LINE__);
}
}
/**
* process_post_data()
*
* Function to process the form posted
*/
function process_post_data()
{
global $CONFIG, $user_albums_list, $lang_errors;
$superCage = Inspekt::makeSuperCage();
//Check if the form token is valid
if(!checkFormToken()){
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$user_album_set = array();
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'");
while ($row = mysql_fetch_assoc($result)) {
$user_album_set[$row['aid']] = 1;
}
mysql_free_result($result);
$pid_array = $superCage->post->getInt('pid');
if (!is_array($pid_array)) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
if ($superCage->post->keyExists('galleryicon')) {
$galleryicon = $superCage->post->getInt('galleryicon');
} else {
$galleryicon = '';
}
foreach ($pid_array as $pid) {
$aid = $superCage->post->getInt("aid$pid");
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = false;
$reset_vcount = false;
$reset_votes = false;
$del_comments = false;
$isgalleryicon = ($galleryicon === $pid);
if ($superCage->post->keyExists('delete' . $pid)) {
$delete = $superCage->post->getInt('delete' . $pid);
}
if ($superCage->post->keyExists('reset_vcount' . $pid)) {
$reset_vcount = $superCage->post->getInt('reset_vcount' . $pid);
}
if ($superCage->post->keyExists('reset_votes' . $pid)) {
$reset_votes = $superCage->post->getInt('reset_votes' . $pid);
}
if ($superCage->post->keyExists('del_comments' . $pid)) {
$del_comments = $superCage->post->getInt('del_comments' . $pid);
}
// We will be selecting pid in the query as we need it in $pic array for the plugin filter
$query = "SELECT pid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = $pid";
$result = cpg_db_query($query);
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_assoc($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics'] ) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}
cpg_trim_keywords($keywords);
$update = "aid = '$aid'";
$update .= ", title = '$title'";
$update .= ", caption = '$caption'";
$update .= ", keywords = '$keywords'";
$update .= ", user1 = '$user1'";
$update .= ", user2 = '$user2'";
$update .= ", user3 = '$user3'";
$update .= ", user4 = '$user4'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}");
$update .= ", galleryicon = " . $galleryicon;
}
if (is_movie($pic['filename'])) {
$pwidth = $superCage->post->getInt('pwidth' . $pid);
$pheight = $superCage->post->getInt('pheight' . $pid);
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
if ($reset_vcount) {
$update .= ", hits = 0";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = 0, votes = 0";
resetDetailVotes($pid);
}
if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) {
$approved = '';
if ($superCage->post->keyExists('approved' . $pid)) {
$approved = $superCage->post->getAlpha('approved' . $pid);
}
if ($approved == 'YES') {
$update .= ", approved = 'YES'";
} else {
$update .= ", approved = 'NO'";
}
}
if ($del_comments || $delete) {
cpg_db_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = $pid");
}
if ($delete) {
$dir = $CONFIG['fullpath'].$pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
}
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
// Check for custom thumbnails for non-images
if (!is_image($file)) {
$mime_content = cpg_get_type($file);
$file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file));
foreach (array('.gif','.png','.jpg') as $thumb_extension) {
if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) {
// Thumbnail found, check if it's the only file using that thumbnail
$count = mysql_result(cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'"), 0);
if ($count == 1) {
unset($files[count($files)-1]);
$files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension;
break;
}
}
}
}
foreach ($files as $currFile) {
if (is_file($currFile)) {
@unlink($currFile);
}
}
// Plugin filter to be called before deleting a file
CPGPluginAPI::action('before_delete_file', $pic);
cpg_db_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = $pid LIMIT 1");
cpg_db_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '$pid'");
// Plugin filter to be called after a file is deleted
CPGPluginAPI::action('after_delete_file', $pic);
} else {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET $update WHERE pid = $pid");
// Executes after a file update is committed
CPGPluginAPI::action('after_edit_file', $pid);
}
}
}
function form_label($text)
{
echo <<< EOT
{$icon_array['file_name']}{$lang_common['filename']}: {$CONFIG['site_url']}{$CONFIG['fullpath']}{$filepath}{$filename} | |||||
$approve_html |