public static function canVote($objPicture, $objUser, $strIP)
{
$objAlbum = new clsAlbum($objPicture->get('album_id'));
if (!$objAlbum->canRate($objUser)) {
return false;
}
if (clsVote::hasVoted($objPicture, $objUser, $strIP)) {
return false;
}
return true;
}
public static function getNewPictures($objUser)
{
$arrPictures = clsDB::selectQueryObjects('picture', "\n\t\t\tSELECT `<<tbl><picture>>`.*\n\t\t\tFROM `<<tbl><picture>>` \n\t\t\t\t\tJOIN `<<tbl><album>>` ON `<<foreign><picture><album>>`=`<<album><id>>`\n\t\t\t\tWHERE `<<isdel><picture>>`='0'\n\t\t\t\t\tAND `<<picture><confirmed>>`='1'\n\t\t\t\t\tAND `<<isdel><album>>`='0'\n\t\t\t\t\tAND `<<picture><id>>` NOT IN \n\t\t\t\t\t(\n\t\t\t\t\t\tSELECT `<<foreign><userpictureview><picture>>`\n\t\t\t\t\t\t\tFROM `<<tbl><userpictureview>>`\n\t\t\t\t\t\t\tWHERE `<<foreign><userpictureview><user>>`='" . $objUser->get('id') . "'\n\t\t\t\t\t\t\t\tAND `<<isdel><userpictureview>>`='0'\n\t\t\t\t\t)\n\t\t\t\tORDER BY `<<picture><date>>` DESC\n\t\t\t\t\t");
$arrRet = array();
foreach ($arrPictures as $objPicture) {
$objAlbum = new clsAlbum($objPicture->get('album_id'));
/* TODO: Speed this up? */
if ($objAlbum->canView($objUser)) {
$arrRet[] = new clsPicture($objPicture->get('id'));
}
}
return $arrRet;
}
}
if ($strSubAction == 'seen') {
clsAlbum::markSeen($objUser, $objAlbum);
if ($objAlbum->isNew()) {
header("Location: index.php");
} else {
header("Location: index.php?action=albums&" . $objAlbum->getIDPair());
}
}
if ($strSubAction == 'edit') {
if (!$objAlbum->canEdit($objUser)) {
throw new Exception('exception_accessdenied');
}
/* Get the parent album based on the album_id that the user specified. */
$objAlbum->getFromRequest();
$objParent = new clsAlbum($objAlbum->get('album_id'));
if (!$objParent->canCreateSubalbum($objUser)) {
throw new Exception('exception_accessdenied');
}
/* Set the breadcrumbs and title. */
$objBreadcrumbs->add('Albums', 'index.php?action=albums');
$objAlbum->addBreadcrumbs($objBreadcrumbs, false);
$objBreadcrumbs->add('Edit', 'index.php?action=albums&subaction=edit');
$objTemplate->setText('PAGETITLE', "Editing an Album");
/* Set up the option list. */
if ($objParent->isNew()) {
$arrOptions = array(NO => "No", YES => "Yes");
} else {
$arrOptions = array(INHERIT => "Inherit", NO => "No", YES => "Yes");
}
/* On a new album, set the default policies. After this, the policy objects should never change. If the
<?php
require_once 'cls/clsAlbum.php';
require_once 'cls/clsPicture.php';
print "<span class='recentheader'>New Pictures</span>";
$arrPictures = clsPicture::getRecentPictures($objUser, 5);
foreach ($arrPictures as $objPicture) {
$objPicture = new clsPicture($objPicture->get('id'));
$objAlbum = new clsAlbum($objPicture->get('album_id'));
print "<p>";
print $objPicture->getHtmlThumbnail(100, 100) . "<br>";
print "<a href='index.php?action=picture&" . $objPicture->getIDPair() . "' class='recentlink'>" . $objPicture->get('title') . "</a> <span class='recentdate'>in</span> <a href='index.php?action=albums&" . $objAlbum->getIDPair() . "' class='recentlink'>" . $objAlbum->get('name') . "</a><br>";
print "<span class='recentdate'>" . $objPicture->getUsername() . "<br>";
print time_to_text(strtotime($objPicture->get('date'))) . "</span>";
print "</p>";
}
public static function getPicturesByGroup($objUser, $objGroup)
{
$arrPictures = clsDB::selectQueryObjects('picture', "SELECT `<<tbl><picture>>`.*\n FROM `<<tbl><album>>`\n LEFT JOIN `<<tbl><picture>>` ON `<<foreign><picture><album>>`=`<<album><id>>`\n WHERE `<<foreign><album><group>>`='" . $objGroup->get('id') . "' \n AND `<<isdel><album>>`='0'\n AND `<<isdel><picture>>`='0'\n AND `<<picture><confirmed>>`='1'\n ORDER BY `<<picture><date>>` DESC\n ");
$arrRet = array();
/* TODO: Might be able to make this more efficient. Make sure that canView() isn't running a query every time. */
foreach ($arrPictures as $objPicture) {
$objAlbum = new clsAlbum($objPicture->get('album_id'));
if ($objAlbum->canView($objUser)) {
$arrRet[] = new clsPicture($objPicture->get('id'));
}
}
return $arrRet;
}
<?php
require_once 'cls/clsAlbum.php';
require_once 'cls/clsComment.php';
require_once 'cls/clsPicture.php';
$objComment = new clsComment();
$objComment->getFromRequest();
$objComment->load();
$objPicture = new clsPicture();
$objPicture->getFromRequest();
$objPicture->load();
$objAlbum = new clsAlbum($objPicture->get('album_id'));
if ($strSubAction == 'edit') {
if ($objComment->isNew() && !$objAlbum->canPostComment($objUser)) {
throw new Exception('exception_accessdenied');
}
if (!$objComment->canEdit($objUser)) {
throw new Exception('exception_accessdenied');
}
$objAlbum->addBreadcrumbs($objBreadcrumbs);
$objBreadcrumbs->add($objPicture->get('name'), 'index.php?action=picture&' . $objPicture->getIDPair());
$objBreadcrumbs->add('Post comment', 'comment.php?action=edit&' . $objPicture->getIDPair() . '&' . $objComment->getIDPair());
$objCommentTemplate = new clsTemplate('editcomment');
$objCommentTemplate->setText('HIDDEN', $objComment->getHiddenField('id'));
$objCommentTemplate->setText('HIDDEN', $objPicture->getHiddenField('id'));
$objCommentTemplate->setText('HIDDEN', "<input type='hidden' name='action' value='comment'>");
$objCommentTemplate->setText('HIDDEN', "<input type='hidden' name='subaction' value='save'>");
if ($objUser) {
$objCommentTemplate->setText('NAME', '<strong>' . $objUser->get('username') . '</strong>');
} else {
$objCommentTemplate->setText('NAME', $objComment->getTextField('username'));
require_once 'include/messages.php';
session_start();
clsSetting::load_settings();
try {
if (!isset($_SESSION['objUser'])) {
$objUser = clsUser::getCookie();
} else {
$objUser = $_SESSION['objUser'];
}
$objPicture = new clsPicture();
$objPicture->getFromRequest(array('id'));
$objPicture->load();
if ($objPicture->isnew()) {
throw new Exception('exception_invalidrequest');
}
$objAlbum = new clsAlbum($objPicture->get('album_id'));
if (!$objAlbum->canView($objUser)) {
throw new Exception('exception_invalidrequest');
}
if (isset($_REQUEST['tn']) || isset($_REQUEST['action']) && $_REQUEST['action'] == 'tn') {
$intWidth = isset($_REQUEST['w']) ? $_REQUEST['w'] : -1;
$intHeight = isset($_REQUEST['h']) ? $_REQUEST['h'] : -1;
if (!is_numeric($intWidth) || $intWidth < 0 || $intWidth > MAX_X) {
throw new Exception('exception_invalidrequest');
}
if (!is_numeric($intHeight) || $intHeight < 0 || $intHeight > MAX_Y) {
throw new Exception('exception_invalidrequest');
}
$objThumbnail = clsThumbnail::getThumbnail($objUser, $objPicture->get('id'), $intWidth, $intHeight, $objAlbum);
if (is_string($objThumbnail)) {
throw new Exception($objThumbnail);
}
if ($strSubAction == 'save') {
if (!clsUser::canEdit($objMember, $objUser)) {
throw new Exception('exception_accessdenied');
}
$objMember->getFromRequest(array('id', 'username', 'password1', 'password2', 'email', 'is_advanced', 'show_empty', 'remember_filter', 'realname', 'location'));
if ($objMember->isNew()) {
$ret = $objMember->attemptCreate();
if (is_string($ret)) {
$objMember->remove('password1');
$objMember->remove('password2');
header("Location: index.php?action=members&subaction=view&error={$ret}&" . $objMember->getQueryString());
} else {
$objUser = $ret;
$_SESSION['objUser'] = $objUser;
clsAlbum::markSeen($objUser);
header("Location: index.php?message=register_successful");
}
} else {
if (strlen($objMember->get('password1'))) {
$ret = $objMember->changePassword();
if (is_string($ret)) {
header("Location: index.php?action=members&subaction=view&" . $objMember->getIDPair() . "&error={$ret}");
exit;
}
}
$objMember->remove('password1');
$objMember->remove('password2');
$objMember->save();
if ($objMember->get('id') == $objUser->get('id')) {
$_SESSION['objUser'] = $objMember;
require_once 'cls/clsVote.php';
$objBreadcrumbs->add('Albums', 'index.php?action=albums');
$objPicture = new clsPicture();
$objPicture->getFromRequest();
$objPicture->load();
$objPrevPicture = $objPicture->getPrev();
$objNextPicture = $objPicture->getNext();
if ($objPicture->isNew()) {
throw new Exception('exception_invalidrequest');
}
if (!$objPicture->get('confirmed')) {
header("Location: index.php?action=upload&subaction=preview");
die;
}
/* Check for access. */
$objAlbum = new clsAlbum($objPicture->get('album_id'));
if (!$objAlbum->canView($objUser)) {
throw new Exception('exception_accessdenied');
}
$objAlbum->addBreadcrumbs($objBreadcrumbs);
// $strMiniMenu = "<li><a href='index.php?action=picture&subaction=edit&" . $objPicture->getIDPair() . "'>Create Album</a></li>";
// $objTemplate->setText('MINIMENU', "<ul>$strMiniMenu</ul>");
if ($strSubAction == '') {
$objTemplate->setText('PAGETITLE', "Viewing " . $objPicture->get('title'));
$objBreadcrumbs->add($objPicture->get('title'), "index.php?action=picture&" . $objPicture->getIDPair());
if ($objPicture->canEdit($objUser)) {
$objMiniMenu->add('Edit', 'index.php?action=picture&subaction=edit&' . $objPicture->getIDPair());
}
if ($objAlbum->canDeletePicture($objUser)) {
$objMiniMenu->add('Delete', 'index.php?action=picture&subaction=delete&' . $objPicture->getIDPair());
}
/** Get recently updated albums for a particular user. */
public static function getRecentAlbums($objUser, $num)
{
if (!is_numeric($num)) {
throw new exception('exception_internalerror');
}
$arrAlbums = clsDB::selectQueryObjects('album', "\n\t\t\t\t\t\t\t\t\t\tSELECT `<<tbl><album>>`.*, `<<picture><confirmed>>`, MAX(`<<picture><date>>`) AS `<<album><last_updated>>`\n\t\t\t\t\t\t\t\t\t\tFROM `<<tbl><album>>`\n\t\t\t\t\t\t\t\t\t\t\tJOIN `<<tbl><picture>>` ON `<<foreign><picture><album>>`=`<<album><id>>`\n\t\t\t\t\t\t\t\t\t\t\tWHERE `<<isdel><album>>`='0'\n\t\t\t\t\t\t\t\t\t\t\t\tAND `<<isdel><picture>>`='0'\n\t\t\t\t\t\t\t\t\t\t\t\tAND `<<picture><confirmed>>`='1'\n\t\t\t\t\t\t\t\t\t\tGROUP BY `<<album><id>>`\n\t\t\t\t\t\t\t\t\t\tORDER BY `<<album><last_updated>>` DESC\n\t\t");
$arrRet = array();
foreach ($arrAlbums as $objAlbum) {
if (sizeof($arrRet) == $num) {
return $arrRet;
}
$objAlbum = new clsAlbum($objAlbum->get('id'));
if ($objAlbum->canView($objUser)) {
$arrRet[] = $objAlbum;
}
}
return $arrRet;
}
if (!mysql_select_db($db_name, $conDB)) {
print "Error: couldn't connect to the ospap database: " . mysql_error($conDB);
} else {
$result = mysql_query("SELECT * FROM categories");
$arrAlbums = array();
$i = 0;
while ($arrResult = mysql_fetch_assoc($result)) {
if (!$objAdmin->exists('category' . $arrResult['category_id']) || $objAdmin->get('category' . $arrResult['category_id']) == 0) {
print "Skipping '" . $arrResult['name'] . "'<br>";
continue;
}
$user_id = $objAdmin->get('category' . $arrResult['category_id']);
$objOwner = new clsUser($user_id);
/* Create the album if we haven't already. */
if (!isset($arrAlbums[$arrResult['category_id']])) {
$objAlbum = new clsAlbum();
$objAlbum->set('name', str_replace("<br />", "", html_entity_decode($arrResult['name'])));
$objAlbum->set('caption', str_replace("<br />", "", html_entity_decode($arrResult['caption'])));
$objAlbum->set('date', date('Y-m-d H:i:s', strtotime($arrResult['date_created']) + $i++), false);
/* Adding '$i' here is a bit of a kludge, but it keeps dates sortable (since ospap1 didn't keep track of times). */
$objAlbum->set('user_id', $user_id);
$objAlbum->set('mime', 'image/jpeg');
$objAlbum->set('max_width', '640');
$objAlbum->set('max_height', '480');
$objAlbum->setDefaultPolicies($objOwner);
$objAlbum->save();
$arrAlbums[$arrResult['category_id']] = $objAlbum;
}
$objAlbum = $arrAlbums[$arrResult['category_id']];
print "Importing from '" . $objAlbum->get('name') . "'<br>";
$i = 0;
<?php
require_once 'cls/clsAlbum.php';
print "<span class='recentheader'>Recently Updated Albums</span>";
$arrAlbums = clsAlbum::getRecentAlbums($objUser, 5);
foreach ($arrAlbums as $objAlbum) {
$objAlbum = new clsAlbum($objAlbum->get('id'));
print "<p><a href='index.php?action=albums&" . $objAlbum->getIDPair() . "' class='recentlink'>" . $objAlbum->get('name') . "</a> <span class='recentdate'>(" . $objAlbum->getUsername() . ")</span> " . $objAlbum->getNewIcon($objUser) . "<br>";
print "<span class='recentdate'>(" . $objAlbum->getLastUpdated() . ")</span></p>";
}
throw new Exception('exception_accessdenied');
}
/* Make sure that users can only edit their own pictures. */
$objPicture->delete();
$objPicture->save();
header("Location: index.php?action=upload&subaction=preview");
}
if ($strSubAction == 'preview') {
$objTemplate->setText('PAGETITLE', "Pending Pictures");
$objBreadcrumbs->add('Upload', 'index.php?action=upload');
$objBreadcrumbs->add('Pending', 'index.php?action=upload&subaction=preview');
$arrPictures = clsPicture::getPending($objUser);
print "You have <strong>" . sizeof($arrPictures) . "</strong> pictures waiting for attention" . ($objUser ? "" : " (note: unsaved images from all guests will appear here)") . ":<br><br>";
foreach ($arrPictures as $objPicture) {
$objPicture = new clsPicture($objPicture->get('id'));
$objAlbum = new clsAlbum($objPicture->get('album_id'));
$objTemplate = new clsTemplate('preview');
$objTemplate->setText('HIDDEN', $objPicture->getHiddenField('id'));
$objTemplate->setText('ALBUM', $objPicture->getCombo('album_id', clsDB::getOptionsFromList($objAlbum->getPostableAlbums($objUser), 'name', 'id', "Select an album")));
$objTemplate->setText('ID', $objPicture->get('id'));
$objTemplate->setText('IMAGE', $objPicture->getHtmlThumbnail(250, 250));
/* TODO: Customizable? */
$objTemplate->setText('NAME', $objPicture->get('original_name'));
$objTemplate->setText('WIDTH', $objPicture->get('width'));
$objTemplate->setText('HEIGHT', $objPicture->get('height'));
$objTemplate->setText('SAVEDELETE', $objPicture->getCombo('subaction', array('confirm' => 'Keep', 'delete' => 'Don\'t keep'), null, true));
$objTemplate->setText('TITLE', $objPicture->getTextField('title'));
$objTemplate->setText('CAPTION', $objPicture->getTextArea('caption'));
$objTemplate->setText('SUBMIT', $objPicture->getSubmit('Save'));
print $objTemplate->get();
}