| Folder: ' . htmlspecialchars($row['img_title']) . ' | |
|---|---|
| Unique ID: | -' . $row['img_id'] . ' (view folder contents) | -
| Parent folders: | -' . /* Yeah it's dirty, but hey, it gets the job done ;-) */ ( ( $x = str_replace('»', '»', htmlspecialchars(str_replace('_', ' ', implode(' » ', $folders)))) ) ? $x : '<in root>' ) . ' | -
| Folder name: | -- |
| Move to folder: | -
-
-
-
-
- 
- Select folder
-
-
-
- - Unselect field - |
-
| Image: ' . htmlspecialchars($row['img_title']) . ' | |
|---|---|
| Unique ID: | -' . $row['img_id'] . ' (view image\'s page) | -
| Thumbnail: | -|
| Image title: | -- |
| Image description: | -- |
| Permissions: | -Only works in Firefox 1.5 or later, Safari 3.x or later, or Opera 9.0 or later. |
-
| Move to folder: | -
-
-
-
-
-
- Select folder
-
-
-
- - Unselect field - |
- Upload new version: | -- '; - - // Finish table - echo ' |
- ';
- // Mover widget
- if ( $num_edit > 1 ):
- ?>
-
-
';
-
- }
- else
- {
- echo '| Move all to folder: Other folder fields on this page can override this for individual images. |
-
-
-
-
-
-
- Select folder
-
-
-
- - Unselect field - |
- '; - echo ' |
|---|
No images that matched the ID list could be found.
'; - } - - echo ''; - - $template->footer(); - return; - } - - if ( isset($_GET['rm']) ) - { - $warnings = array(); - - if ( !preg_match('/^[0-9]+$/', $_GET['rm']) ) - die_friendly('Bad Request', '$_GET[rm] needs to be an integer.
'); - - $rm_id = intval($_GET['rm']); - - if ( isset($_POST['confirmed']) ) - { - // The user confirmed the request. Start plowing through data to decide what to delete. - - // Array of images and folder rows to delete - $del_imgs = array($rm_id); - // Array of files to delete - $del_files = array(); - // Array of comment entries to delete - $del_comments = array(); - - $all_children = gal_fetch_all_children($rm_id); - $del_imgs = array_merge($del_imgs, $all_children); - - $imglist = 'img_id=' . implode(' OR img_id=', $del_imgs); - $sql = "SELECT img_id, img_filename FROM ".table_prefix."gallery WHERE ( $imglist ) AND is_folder!=1;"; - - if ( !$db->sql_query($sql) ) - { - $db->_die(); - } - - while ( $row = $db->fetchrow() ) - { - $files = array( - ENANO_ROOT . '/files/' . $row['img_filename'], - ENANO_ROOT . '/cache/' . $row['img_filename'] . '-thumb.jpg', - ENANO_ROOT . '/cache/' . $row['img_filename'] . '-preview.jpg' - ); - $del_files = array_merge($del_files, $files); - - $del_comments[] = intval($row['img_id']); - } - - $commentlist = 'page_id=\'' . implode('\' OR page_id=\'', $del_imgs) . '\''; - - // Main deletion cycle - - foreach ( $del_files as $file ) - { - @unlink($file) or $warnings[] = 'Could not delete file ' . $file; - } - - if ( !$db->sql_query('DELETE FROM '.table_prefix.'gallery WHERE ' . $imglist . ';') ) - { - $warnings[] = 'Main delete query failed: ' . $db->get_error(); - } - - if ( !$db->sql_query('DELETE FROM '.table_prefix.'comments WHERE ( ' . $commentlist . ' ) AND namespace=\'Gallery\';') ) - { - $warnings[] = 'Comment delete query failed: ' . $db->get_error(); - } - - if ( count($warnings) > 0 ) - { - $template->header(); - - echo 'Error during deletion process
'; - echo 'The deletion process generated some warnings which are shown below.
'; - echo '- ' . implode('
- ', $warnings) . '
- The following errors were encountered during the upload:
-
';
- }
- ?>
- -
-
-
- ' . implode(" \n
- ", $errors) . ' -
-
-
-
-
-
- ';
-
- $template->footer();
-
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ if ( $session->user_level < USER_LEVEL_ADMIN )
+ {
+ die_friendly('Access denied', '| Upload images to gallery | -|
|---|---|
| Image name template: | -- |
| Image description template: | -- |
|
- The name and description templates can contain the following variables: -
Example: - |
- |
|
- Image files:
-
- - Your server has support for zip files. - Instead of uploading many image files, you can upload a single zip file here. Note that if you send a zip file through, - it must be the first and only file or it will be ignored. Any files in the zip archive that are not supported image - files will be ignored. - The maximum file size is {$sz}B."; - } - ?> - - - |
-
- - - - - - - - |
-
| Upload to folder: | -
-
-
-
-
-
- Select folder
-
-
-
- |
-
| - Please press the Upload button only once! Depending on the size of your image files and the speed of your connection, the upload may take several minutes. - | -
- - |
-
|---|
You need to have administrative rights to use the gallery\'s upload features.
'); + } + + $zip_support = ( class_exists('ZipArchive') || ( file_exists('/usr/bin/unzip') && is_executable('/usr/bin/unzip') ) ); + + $errors = array(); + $template->add_header(''); + $template->add_header(''); + + $max_size_field = get_max_size_field(); + + // + // EDIT IMAGES + // + if ( isset($_GET['edit_img']) ) + { + $edit_parms = $_GET['edit_img']; + $regex = '/^((([0-9]+),)*)?([0-9]+?)$/'; + if ( !preg_match($regex, $edit_parms) ) + { + die_friendly('Bad request', '$_GET[\'edit_img\'] must be a comma-separated list of image IDs.
'); + } + + // process any uploaded images + // FIXME is this a bad place for this? + $limit = isset($_GET['ajax']) ? '' : "LIMIT 5"; + $q = $db->sql_query('SELECT img_id FROM ' . table_prefix . "gallery WHERE is_folder = 0 AND processed = 0 $limit;"); + if ( !$q ) + $db->_die(); + if ( $db->numrows() > 0 ) + { + while ( $row = $db->fetchrow($q) ) + { + snapr_process_image($row['img_id']); + } + $q = $db->sql_query('SELECT COUNT(img_id) FROM ' . table_prefix . "gallery WHERE is_folder = 0 AND processed = 0;"); + if ( !$q ) + $db->_die(); + list($count) = $db->fetchrow_num(); + $db->free_result(); + if ( intval($count) > 0 ) + redirect(makeUrlNS('Special', 'GalleryUpload', "edit_img={$_GET['edit_img']}"), "Processing images", "Processing images... $count remaining", 1); + } + + if ( !isset($_GET['ajax']) ) + $template->header(); + + snapr_editform($edit_parms); + + if ( !isset($_GET['ajax']) ) + $template->footer(); + + return; + } + // + // REMOVE IMAGES + // + else if ( isset($_GET['rm']) ) + { + $warnings = array(); + + if ( !preg_match('/^[0-9]+$/', $_GET['rm']) ) + die_friendly('Bad Request', '$_GET[rm] needs to be an integer.
'); + + $rm_id = intval($_GET['rm']); + + if ( isset($_POST['confirmed']) ) + { + // The user confirmed the request. Start plowing through data to decide what to delete. + + // Array of images and folder rows to delete + $del_imgs = array($rm_id); + // Array of files to delete + $del_files = array(); + // Array of comment entries to delete + $del_comments = array(); + + $all_children = gal_fetch_all_children($rm_id); + $del_imgs = array_merge($del_imgs, $all_children); + + $imglist = 'img_id=' . implode(' OR img_id=', $del_imgs); + $sql = "SELECT img_id, img_filename FROM ".table_prefix."gallery WHERE ( $imglist ) AND is_folder!=1;"; + + if ( !$db->sql_query($sql) ) + { + $db->_die(); + } + + while ( $row = $db->fetchrow() ) + { + $files = array( + ENANO_ROOT . '/files/' . $row['img_filename'], + ENANO_ROOT . '/cache/' . $row['img_filename'] . '-thumb.jpg', + ENANO_ROOT . '/cache/' . $row['img_filename'] . '-preview.jpg' + ); + $del_files = array_merge($del_files, $files); + + $del_comments[] = intval($row['img_id']); + } + + $commentlist = 'page_id=\'' . implode('\' OR page_id=\'', $del_imgs) . '\''; + + // Main deletion cycle + + foreach ( $del_files as $file ) + { + @unlink($file) or $warnings[] = 'Could not delete file ' . $file; + } + + if ( !$db->sql_query('DELETE FROM '.table_prefix.'gallery WHERE ' . $imglist . ';') ) + { + $warnings[] = 'Main delete query failed: ' . $db->get_error(); + } + + if ( !$db->sql_query('DELETE FROM '.table_prefix.'comments WHERE ( ' . $commentlist . ' ) AND namespace=\'Gallery\';') ) + { + $warnings[] = 'Comment delete query failed: ' . $db->get_error(); + } + + if ( count($warnings) > 0 ) + { + $template->header(); + + echo 'Error during deletion process
'; + echo 'The deletion process generated some warnings which are shown below.
'; + echo '- ' . implode('
- ', $warnings) . '
[' . $idlist . ']
';
+ //snapr_editform($idlist);
+ return;
+ }
+
+ // Oh yes, the image uploader!
+ $template->preload_js(array('jquery', 'jquery-ui', 'upload'));
+ $template->header();
+
+ ?>
+
+
+ footer();
+
+}
+
+function snapr_editform($edit_parms)
+{
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ $max_size_field = get_max_size_field();
+ $errors = array();
+ $idlist = explode(',', $edit_parms);
+ $num_edit = count($idlist);
+ $idlist = "SELECT img_id,img_title,img_desc,img_filename,is_folder FROM ".table_prefix."gallery WHERE img_id=" . implode(' OR img_id=', $idlist) . ';';
+
+ if ( !$e = $db->sql_query($idlist) )
+ $db->_die();
+
+ if ( isset($_POST['edit_do_save']) )
+ {
+ @set_time_limit(0);
+
+ $arr_img_data = array();
+ while ( $row = $db->fetchrow($e) )
+ $arr_img_data[$row['img_id']] = $row;
+
+ // Allow breaking out
+ switch(true):case true:
+
+ if ( !is_array($_POST['img']) )
+ {
+ $errors[] = 'No images passed to processor.';
+ break;
+ }
+
+ // Main updater loop
+ foreach ( $_POST['img'] as $img_id => $img_data )
+ {
+
+ if ( !preg_match('/^[0-9]+$/', $img_id) )
+ {
+ $errors[] = 'SQL injection attempted!';
+ break 2;
+ }
+
+ // Array of columns to update
+ $to_update = array();
+
+ $key = 'reupload_' . $img_data['id'];
+ if ( isset($_FILES[$key]) )
+ {
+ $file =& $_FILES[ $key ];
+ if ( $file['tmp_name'] != '' )
+ {
+ // Reupload
+ $filename = ENANO_ROOT . '/files/' . $arr_img_data[ $img_data['id'] ]['img_filename'];
+ if ( !unlink($filename) )
+ {
+ $errors[] = "Could not delete $filename";
+ break 2;
+ }
+ if ( !@move_uploaded_file($file['tmp_name'], $filename) )
+ {
+ $errors[] = "Could not move uploaded file to $filename";
+ break 2;
+ }
+
+ //
+ // Create scaled images
+ //
+
+ // Create thumbnail image
+ $thumb_filename = ENANO_ROOT . '/cache/' . $arr_img_data[ $img_data['id'] ]['img_filename'] . '-thumb.jpg';
+ if ( !unlink($thumb_filename) )
+ {
+ $errors[] = "Could not delete $thumb_filename";
+ break 2;
+ }
+
+ if ( !scale_image($filename, $thumb_filename, 80, 80) )
+ {
+ $errors[] = 'Couldn\'t scale image '.$i.': ImageMagick failed us';
+ break 2;
+ }
+
+ // Create preview image
+ $preview_filename = ENANO_ROOT . '/cache/' . $arr_img_data[ $img_data['id'] ]['img_filename'] . '-preview.jpg';
+ if ( !unlink($preview_filename) )
+ {
+ $errors[] = "Could not delete $preview_filename";
+ break 2;
+ }
+
+ if ( !scale_image($filename, $preview_filename, 640, 480) )
+ {
+ $errors[] = 'Couldn\'t scale image '.$i.': ImageMagick failed us';
+ break 2;
+ }
+
+ $to_update['img_time_mod'] = strval(time());
+ }
+ }
+
+ $vars = array(
+ 'year' => date('Y'),
+ 'month' => date('F'),
+ 'day' => date('d'),
+ 'time12' => date('g:i A'),
+ 'time24' => date('G:i')
+ );
+
+ // Image name/title
+
+ $title = $template->makeParserText($img_data['title']);
+ $title->assign_vars($vars);
+ $executed = $title->run();
+ if ( $executed == '_id' )
+ {
+ $errors[] = 'You cannot name an image or folder "_id", this name is reserved for internal functions.';
+ break 2;
+ }
+ if ( $executed == '' )
+ {
+ $errors[] = 'Please enter a name for the item with unique ID ' . $img_data['id'] . '. ' . print_r($_POST,true) . ''; + break 2; + } + $to_update['img_title'] = $executed; + + // Image description + + if ( isset($img_data['desc']) ) + { + $desc = $template->makeParserText($img_data['desc']); + $desc->assign_vars($vars); + $executed = $desc->run(); + $executed = RenderMan::preprocess_text($executed, false, false); + $to_update['img_desc'] = $executed; + } + + // Folder + $target_folder = false; + + if ( !empty($_POST['override_folder']) ) + { + if ( $_POST['override_folder'] == 'NULL' || preg_match('/^[0-9]+$/', $_POST['override_folder']) ) + { + $target_folder = $_POST['override_folder']; + } + } + + if ( !empty($img_data['folder']) ) + { + if ( $img_data['folder'] == 'NULL' || preg_match('/^[0-9]+$/', $img_data['folder']) ) + { + $target_folder = $img_data['folder']; + } + } + + if ( $target_folder ) + { + // Make sure we're not trying to move a folder to itself or a subdirectory of itself + + $children = gal_fetch_all_children(intval($img_data['id'])); + if ( $img_data['id'] == $target_folder || in_array($target_folder, $children) ) + { + $errors[] = 'You are trying to move a folder to itself, or to a subdirectory of itself, which is not allowed. If done manually (i.e. via an SQL client) this will result in infinite loops in the folder sorting code.'; + break 2; + } + + $to_update['folder_parent'] = $target_folder; + } + + if ( count($to_update) > 0 ) + { + $up_keys = array_keys($to_update); + $up_vals = array_values($to_update); + + $bin_cols = array('folder_parent'); + + $sql = 'UPDATE ' . table_prefix.'gallery SET '; + + foreach ( $up_keys as $i => $key ) + { + if ( in_array($key, $bin_cols) ) + { + $sql .= $key . '=' . $up_vals[$i] . ','; + } + else + { + $sql .= $key . '=\'' . $db->escape($up_vals[$i]) . '\','; + } + } + + $sql = preg_replace('/,$/i', '', $sql) . ' WHERE img_id=' . $img_data['id'] . ';'; + + if ( !$db->sql_query($sql) ) + { + $db->_die(); + } + + } + + } + + echo '
Your changes have been saved.
';
+
+ endswitch;
+
+ // Rerun select query to make sure information in PHP memory is up-to-date
+ if ( !$e = $db->sql_query($idlist) )
+ $db->_die();
+
+ }
+
+ if ( count($errors) > 0 )
+ {
+ echo '
+ The following errors were encountered while updating the image data:
+
';
+ }
+
+ echo '+
-
+
- ' . implode(" \n
- ", $errors) . ' +