/**
* Handle user- & total image_counter
*
* @param array $image_id_ary array with the image_ids which changed their status
* @param bool $add are we adding or removing the images
* @param bool $readd is it possible that there are images which aren't really changed
*/
public static function handle_counter($image_id_ary, $add, $readd = false)
{
global $db;
$num_images = $num_comments = 0;
$sql = 'SELECT SUM(image_comments) comments
FROM ' . GALLERY_IMAGES_TABLE . '
WHERE image_status ' . ($readd ? '=' : '<>') . ' ' . self::STATUS_UNAPPROVED . '
AND ' . $db->sql_in_set('image_id', $image_id_ary) . '
GROUP BY image_user_id';
$result = $db->sql_query($sql);
$num_comments = $db->sql_fetchfield('comments');
$db->sql_freeresult($result);
$sql = 'SELECT COUNT(image_id) images, image_user_id
FROM ' . GALLERY_IMAGES_TABLE . '
WHERE image_status ' . ($readd ? '=' : '<>') . ' ' . self::STATUS_UNAPPROVED . '
AND ' . $db->sql_in_set('image_id', $image_id_ary) . '
GROUP BY image_user_id';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$sql_ary = array('user_id' => $row['image_user_id'], 'user_images' => $row['images']);
phpbb_gallery_hookup::add_image($row['image_user_id'], $add ? $row['images'] : 0 - $row['images']);
$num_images = $num_images + $row['images'];
$sql = 'UPDATE ' . GALLERY_USERS_TABLE . '
SET user_images = user_images ' . ($add ? '+ ' : '- ') . $row['images'] . '
WHERE ' . $db->sql_in_set('user_id', $row['image_user_id']);
$db->sql_query($sql);
if ($db->sql_affectedrows() != 1) {
$sql = 'INSERT INTO ' . GALLERY_USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
}
}
$db->sql_freeresult($result);
if ($add) {
phpbb_gallery_config::inc('num_images', $num_images);
phpbb_gallery_config::inc('num_comments', $num_comments);
} else {
phpbb_gallery_config::dec('num_images', $num_images);
phpbb_gallery_config::dec('num_comments', $num_comments);
}
}
/**
* Generate personal album for user, when moving image into it
*/
public static function generate_personal_album($album_name, $user_id, $user_colour, $gallery_user)
{
global $cache, $db;
$album_data = array('album_name' => $album_name, 'parent_id' => 0, 'album_desc_options' => 7, 'album_desc' => '', 'album_parents' => '', 'album_type' => self::TYPE_UPLOAD, 'album_status' => self::STATUS_UNLOCKED, 'album_user_id' => $user_id, 'album_last_username' => '', 'album_last_user_colour' => $user_colour);
$db->sql_query('INSERT INTO ' . GALLERY_ALBUMS_TABLE . ' ' . $db->sql_build_array('INSERT', $album_data));
$personal_album_id = $db->sql_nextid();
$gallery_user->update_data(array('personal_album_id' => $personal_album_id));
phpbb_gallery_config::inc('num_pegas', 1);
// Update the config for the statistic on the index
phpbb_gallery_config::set('newest_pega_user_id', $user_id);
phpbb_gallery_config::set('newest_pega_username', $album_name);
phpbb_gallery_config::set('newest_pega_user_colour', $user_colour);
phpbb_gallery_config::set('newest_pega_album_id', $personal_album_id);
$cache->destroy('_albums');
$cache->destroy('sql', GALLERY_ALBUMS_TABLE);
return $personal_album_id;
}
function import()
{
global $db, $template, $user;
$import_schema = request_var('import_schema', '');
$images = request_var('images', array(''), true);
$submit = isset($_POST['submit']) ? true : (empty($images) ? false : true);
if ($import_schema) {
if (phpbb_gallery_url::_file_exists($import_schema, 'import', '')) {
include phpbb_gallery_url::_return_file($import_schema, 'import', '');
// Replace the md5 with the ' again and remove the space at the end to prevent \' troubles
$user_data['username'] = utf8_substr(str_replace("{{$import_schema}}", "'", $user_data['username']), 0, -1);
$image_name = utf8_substr(str_replace("{{$import_schema}}", "'", $image_name), 0, -1);
} else {
global $phpEx;
trigger_error(sprintf($user->lang['MISSING_IMPORT_SCHEMA'], $import_schema . '.' . $phpEx), E_USER_WARNING);
}
$images_loop = 0;
foreach ($images as $image_src) {
/**
* Import the images
*/
$image_src = str_replace("{{$import_schema}}", "'", $image_src);
$image_src_full = phpbb_gallery_url::path('import') . utf8_decode($image_src);
if (file_exists($image_src_full)) {
$filetype = getimagesize($image_src_full);
$filetype_ext = '';
switch ($filetype['mime']) {
case 'image/jpeg':
case 'image/jpg':
case 'image/pjpeg':
$filetype_ext = '.jpg';
$read_function = 'imagecreatefromjpeg';
if (substr(strtolower($image_src), -4) != '.jpg' && substr(strtolower($image_src), -5) != '.jpeg') {
trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING);
}
break;
case 'image/png':
case 'image/x-png':
$filetype_ext = '.png';
$read_function = 'imagecreatefrompng';
if (substr(strtolower($image_src), -4) != '.png') {
trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING);
}
break;
case 'image/gif':
case 'image/giff':
$filetype_ext = '.gif';
$read_function = 'imagecreatefromgif';
if (substr(strtolower($image_src), -4) != '.gif') {
trigger_error(sprintf($user->lang['FILETYPE_MIMETYPE_MISMATCH'], $image_src, $filetype['mime']), E_USER_WARNING);
}
break;
default:
trigger_error('NOT_ALLOWED_FILE_TYPE');
break;
}
$image_filename = md5(unique_id()) . $filetype_ext;
if (!@move_uploaded_file($image_src_full, phpbb_gallery_url::path('upload') . $image_filename)) {
if (!@copy($image_src_full, phpbb_gallery_url::path('upload') . $image_filename)) {
$user->add_lang('posting');
trigger_error(sprintf($user->lang['GENERAL_UPLOAD_ERROR'], phpbb_gallery_url::path('upload') . $image_filename), E_USER_WARNING);
}
}
@chmod(phpbb_gallery_url::path('upload') . $image_filename, 0777);
// The source image is imported, so we delete it.
@unlink($image_src_full);
$sql_ary = array('image_filename' => $image_filename, 'image_thumbnail' => '', 'image_desc' => '', 'image_desc_uid' => '', 'image_desc_bitfield' => '', 'image_user_id' => $user_data['user_id'], 'image_username' => $user_data['username'], 'image_username_clean' => utf8_clean_string($user_data['username']), 'image_user_colour' => $user_data['user_colour'], 'image_user_ip' => $user->ip, 'image_time' => $start_time + $done_images, 'image_album_id' => $album_id, 'image_status' => phpbb_gallery_image::STATUS_APPROVED, 'image_exif_data' => '');
$image_tools = new phpbb_gallery_image_tools();
$image_tools->set_image_options(phpbb_gallery_config::get('max_filesize'), phpbb_gallery_config::get('max_height'), phpbb_gallery_config::get('max_width'));
$image_tools->set_image_data(phpbb_gallery_url::path('upload') . $image_filename);
// Read exif data from file
$image_tools->read_exif_data();
$sql_ary['image_exif_data'] = $image_tools->exif_data_serialized;
$sql_ary['image_has_exif'] = $image_tools->exif_data_exist;
if ($filetype[0] > phpbb_gallery_config::get('max_width') || $filetype[1] > phpbb_gallery_config::get('max_height')) {
/**
* Resize overside images
*/
if (phpbb_gallery_config::get('allow_resize')) {
$image_tools->resize_image(phpbb_gallery_config::get('max_width'), phpbb_gallery_config::get('max_height'));
if ($image_tools->resized) {
$image_tools->write_image(phpbb_gallery_url::path('upload') . $image_filename, phpbb_gallery_config::get('jpg_quality'), true);
}
}
}
if (!$image_tools->exif_data_force_db && $sql_ary['image_has_exif'] == phpbb_gallery_constants::EXIF_DBSAVED) {
// Image was not resized, so we can pull the Exif from the image to save db-memory.
$sql_ary['image_has_exif'] = phpbb_gallery_constants::EXIF_AVAILABLE;
$sql_ary['image_exif_data'] = '';
}
// Try to get real filesize from temporary folder (not always working) ;)
$sql_ary['filesize_upload'] = @filesize(phpbb_gallery_url::path('upload') . $image_filename) ? @filesize(phpbb_gallery_url::path('upload') . $image_filename) : 0;
if ($filename || $image_name == '') {
$sql_ary['image_name'] = str_replace("_", " ", utf8_substr($image_src, 0, -4));
} else {
$sql_ary['image_name'] = str_replace('{NUM}', $num_offset + $done_images, $image_name);
}
$sql_ary['image_name_clean'] = utf8_clean_string($sql_ary['image_name']);
// Put the images into the database
$db->sql_query('INSERT INTO ' . GALLERY_IMAGES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$done_images++;
}
// Remove the image from the list
unset($images[$images_loop]);
$images_loop++;
if ($images_loop == 10) {
// We made 10 images, so we end for this turn
break;
}
}
if ($images_loop) {
$image_user = new phpbb_gallery_user($db, $user_data['user_id'], false);
$image_user->update_images($images_loop);
phpbb_gallery_config::inc('num_images', $images_loop);
$todo_images = $todo_images - $images_loop;
}
phpbb_gallery_album::update_info($album_id);
if (!$todo_images) {
unlink(phpbb_gallery_url::_return_file($import_schema, 'import', ''));
trigger_error(sprintf($user->lang['IMPORT_FINISHED'], $done_images) . adm_back_link($this->u_action));
} else {
// Write the new list
$this->create_import_schema($import_schema, $album_id, $user_data, $start_time, $num_offset, $done_images, $todo_images, $image_name, $filename, $images);
// Redirect
$forward_url = $this->u_action . "&import_schema={$import_schema}";
meta_refresh(1, $forward_url);
trigger_error(sprintf($user->lang['IMPORT_DEBUG_MES'], $done_images, $todo_images));
}
} else {
if ($submit) {
if (!check_form_key('acp_gallery')) {
trigger_error('FORM_INVALID', E_USER_WARNING);
}
if (!$images) {
trigger_error('NO_FILE_SELECTED', E_USER_WARNING);
}
// Who is the uploader?
$username = request_var('username', '', true);
$user_id = 0;
if ($username) {
if (!function_exists('user_get_id_name')) {
phpbb_gallery_url::_include('functions_user', 'phpbb');
}
user_get_id_name($user_id, $username);
}
if (is_array($user_id)) {
$user_id = $user_id[0];
}
if (!$user_id) {
$user_id = $user->data['user_id'];
}
$sql = 'SELECT username, user_colour, user_id
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$user_row) {
trigger_error('HACKING_ATTEMPT', E_USER_WARNING);
}
// Where do we put them to?
$album_id = request_var('album_id', 0);
$sql = 'SELECT album_id, album_name
FROM ' . GALLERY_ALBUMS_TABLE . '
WHERE album_id = ' . $album_id;
$result = $db->sql_query($sql);
$album_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$album_row) {
trigger_error('HACKING_ATTEMPT', E_USER_WARNING);
}
$start_time = time();
$import_schema = md5($start_time);
$filename = request_var('filename', '') == 'filename' ? true : false;
$image_name = request_var('image_name', '', true);
$num_offset = request_var('image_num', 0);
$this->create_import_schema($import_schema, $album_row['album_id'], $user_row, $start_time, $num_offset, 0, sizeof($images), $image_name, $filename, $images);
$forward_url = $this->u_action . "&import_schema={$import_schema}";
meta_refresh(2, $forward_url);
trigger_error('IMPORT_SCHEMA_CREATED');
}
}
$handle = opendir(phpbb_gallery_url::path('import'));
$files = array();
while ($file = readdir($handle)) {
if (!is_dir(phpbb_gallery_url::path('import') . $file) && (substr(strtolower($file), -4) == '.png' && phpbb_gallery_config::get('allow_png') || substr(strtolower($file), -4) == '.gif' && phpbb_gallery_config::get('allow_gif') || substr(strtolower($file), -4) == '.jpg' && phpbb_gallery_config::get('allow_jpg') || substr(strtolower($file), -5) == '.jpeg' && phpbb_gallery_config::get('allow_jpg'))) {
$files[utf8_strtolower($file)] = $file;
}
}
closedir($handle);
// Sort the files by name again
ksort($files);
foreach ($files as $file) {
$template->assign_block_vars('imagerow', array('FILE_NAME' => utf8_encode($file)));
}
$template->assign_vars(array('S_IMPORT_IMAGES' => true, 'ACP_GALLERY_TITLE' => $user->lang['ACP_IMPORT_ALBUMS'], 'ACP_GALLERY_TITLE_EXPLAIN' => $user->lang['ACP_IMPORT_ALBUMS_EXPLAIN'], 'L_IMPORT_DIR_EMPTY' => sprintf($user->lang['IMPORT_DIR_EMPTY'], phpbb_gallery_url::path('import')), 'S_ALBUM_IMPORT_ACTION' => $this->u_action, 'S_SELECT_IMPORT' => phpbb_gallery_album::get_albumbox(false, 'album_id', false, false, false, phpbb_gallery_album::PUBLIC_ALBUM, phpbb_gallery_album::TYPE_UPLOAD), 'U_FIND_USERNAME' => phpbb_gallery_url::append_sid('phpbb', 'memberlist', 'mode=searchuser&form=acp_gallery&field=username&select_single=true')));
}
$sql_update = 'UPDATE ' . GALLERY_IMAGES_TABLE . '
SET image_contest_end = ' . $contest_end_time . ',
image_contest_rank = 1
WHERE image_id = ' . $first;
$db->sql_query($sql_update);
$sql_update = 'UPDATE ' . GALLERY_IMAGES_TABLE . '
SET image_contest_end = ' . $contest_end_time . ',
image_contest_rank = 2
WHERE image_id = ' . $second;
$db->sql_query($sql_update);
$sql_update = 'UPDATE ' . GALLERY_IMAGES_TABLE . '
SET image_contest_end = ' . $contest_end_time . ',
image_contest_rank = 3
WHERE image_id = ' . $third;
$db->sql_query($sql_update);
phpbb_gallery_config::inc('contests_ended', 1);
$album_data['contest_marked'] = phpbb_gallery_image::NO_CONTEST;
}
/**
* Build auth-list
*/
phpbb_gallery::$auth->gen_auth_level('album', $album_id, $album_data['album_status'], $album_data['album_user_id']);
if (!phpbb_gallery::$auth->acl_check('i_view', $album_id, $album_data['album_user_id'])) {
if ($user->data['is_bot']) {
phpbb_gallery::redirect('index');
}
if (!$user->data['is_registered']) {
login_box();
} else {
trigger_error('NOT_AUTHORISED');
}
public static function end($album_id, $contest_id, $end_time)
{
global $db;
$sql = 'UPDATE ' . GALLERY_IMAGES_TABLE . '
SET image_contest = ' . phpbb_gallery_image::NO_CONTEST . '
WHERE image_album_id = ' . $album_id;
$db->sql_query($sql);
$sql = 'SELECT image_id
FROM ' . GALLERY_IMAGES_TABLE . '
WHERE image_album_id = ' . $album_id . '
ORDER BY ' . self::get_tabulation();
$result = $db->sql_query_limit($sql, self::NUM_IMAGES);
$first = (int) $db->sql_fetchfield('image_id');
$second = (int) $db->sql_fetchfield('image_id');
$third = (int) $db->sql_fetchfield('image_id');
$db->sql_freeresult($result);
$sql = 'UPDATE ' . GALLERY_CONTESTS_TABLE . '
SET contest_marked = ' . phpbb_gallery_image::NO_CONTEST . ",\n\t\t\t\tcontest_first = {$first},\n\t\t\t\tcontest_second = {$second},\n\t\t\t\tcontest_third = {$third}\n\t\t\tWHERE contest_id = " . (int) $contest_id;
$db->sql_query($sql);
$sql = 'UPDATE ' . GALLERY_IMAGES_TABLE . '
SET image_contest_end = ' . (int) $end_time . ',
image_contest_rank = 1
WHERE image_id = ' . $first;
$db->sql_query($sql);
$sql = 'UPDATE ' . GALLERY_IMAGES_TABLE . '
SET image_contest_end = ' . (int) $end_time . ',
image_contest_rank = 2
WHERE image_id = ' . $second;
$db->sql_query($sql);
$sql = 'UPDATE ' . GALLERY_IMAGES_TABLE . '
SET image_contest_end = ' . (int) $end_time . ',
image_contest_rank = 3
WHERE image_id = ' . $third;
$db->sql_query($sql);
phpbb_gallery_config::inc('contests_ended', 1);
}
function initialise_album()
{
global $cache, $db, $template, $user;
if (!phpbb_gallery::$user->get_data('personal_album_id')) {
// Check if the user is allowed to have one
if (!phpbb_gallery::$auth->acl_check('i_upload', phpbb_gallery_auth::OWN_ALBUM)) {
trigger_error('NO_PERSALBUM_ALLOWED');
}
$album_data = array('album_name' => $user->data['username'], 'parent_id' => request_var('parent_id', 0), 'album_desc_options' => 7, 'album_desc' => utf8_normalize_nfc(request_var('album_desc', '', true)), 'album_parents' => '', 'album_type' => phpbb_gallery_album::TYPE_UPLOAD, 'album_status' => phpbb_gallery_album::STATUS_OPEN, 'album_user_id' => $user->data['user_id'], 'album_last_username' => '', 'album_last_user_colour' => $user->data['user_colour']);
$db->sql_query('INSERT INTO ' . GALLERY_ALBUMS_TABLE . ' ' . $db->sql_build_array('INSERT', $album_data));
$album_id = $db->sql_nextid();
phpbb_gallery::$user->update_data(array('personal_album_id' => $album_id));
phpbb_gallery_config::inc('num_pegas', 1);
// Update the config for the statistic on the index
phpbb_gallery_config::set('newest_pega_user_id', $user->data['user_id']);
phpbb_gallery_config::set('newest_pega_username', $user->data['username']);
phpbb_gallery_config::set('newest_pega_user_colour', $user->data['user_colour']);
phpbb_gallery_config::set('newest_pega_album_id', $album_id);
$cache->destroy('_albums');
$cache->destroy('sql', GALLERY_ALBUMS_TABLE);
phpbb_gallery_auth::set_user_permissions('all', '');
}
redirect($this->u_action);
}
$error .= ($error ? '<br />' : '') . $user->lang['MISSING_COMMENT'];
}
if (utf8_strlen($comment_text) > phpbb_gallery_config::get('comment_length')) {
$submit = false;
$error .= ($error ? '<br />' : '') . $user->lang['COMMENT_TOO_LONG'];
}
$message_parser = new parse_message();
$message_parser->message = utf8_normalize_nfc($comment_text);
if ($message_parser->message) {
$message_parser->parse(true, true, true, true, false, true, true, true);
}
$sql_ary = array('comment_image_id' => $image_id, 'comment_user_id' => $user->data['user_id'], 'comment_username' => $user->data['user_id'] != ANONYMOUS ? $user->data['username'] : $comment_username, 'comment_user_colour' => $user->data['user_colour'], 'comment_user_ip' => $user->ip, 'comment_time' => time(), 'comment' => $message_parser->message, 'comment_uid' => $message_parser->bbcode_uid, 'comment_bitfield' => $message_parser->bbcode_bitfield);
if (!$error && $sql_ary['comment'] != '') {
$db->sql_query('INSERT INTO ' . GALLERY_COMMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
$newest_comment = $db->sql_nextid();
phpbb_gallery_config::inc('num_comments', 1);
if (phpbb_gallery_misc::display_captcha('comment')) {
$captcha->reset();
}
$sql = 'UPDATE ' . GALLERY_IMAGES_TABLE . "\n\t\t\t\t\t\t\tSET image_comments = image_comments + 1,\n\t\t\t\t\t\t\t\timage_last_comment = {$newest_comment}\n\t\t\t\t\t\t\tWHERE " . $db->sql_in_set('image_id', $image_id);
$db->sql_query($sql);
if (phpbb_gallery::$user->get_data('watch_com') && !$image_data['watch_id']) {
$sql_ary = array('image_id' => $image_id, 'user_id' => $user->data['user_id']);
$sql = 'INSERT INTO ' . GALLERY_WATCH_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
}
phpbb_gallery_misc::notification('image', $image_id, $image_data['image_name']);
$message .= $user->lang['COMMENT_STORED'] . '<br />';
} else {
if (phpbb_gallery_misc::display_captcha('comment')) {
$s_captcha_hidden_fields = $captcha->is_solved() ? build_hidden_fields($captcha->get_hidden_fields()) : '';
