$_pages[AT_PA_BASENAME . 'edit_photos.php?aid=' . $id . SEP . 'org=1']['title_var'] = 'pa_organize_photos'; $_pages[AT_PA_BASENAME . 'edit_photos.php?aid=' . $id . SEP . 'org=1']['parent'] = AT_PA_BASENAME . 'albums.php'; } //TODO: handle add_photo if (isset($_POST['upload'])) { //check file size, filename, and extension $_FILES['photo'] = checkPhoto($_FILES['photo']); if ($_FILES['photo'] === false || !$action_permission && $info['type_id'] != AT_PA_TYPE_COURSE_ALBUM) { //owner and course members can upload pictures. Not edit though. header('Location: ../' . $_SESSION['redirect_to']['profile_pic']); exit; } //computer album folder name and photo filename, if exist, shift bits //goal: generate a random yet computable file structure to disallow // users to browse through others' photos through URLs. $album_file_path = getAlbumFilePath($id, $info['created_date']); $album_file_path_tn = $album_file_path . '_tn' . DIRECTORY_SEPARATOR; $album_file_path .= DIRECTORY_SEPARATOR; if (!is_dir(AT_PA_CONTENT_DIR . $album_file_path)) { mkdir(AT_PA_CONTENT_DIR . $album_file_path); } if (!is_dir(AT_PA_CONTENT_DIR . $album_file_path_tn)) { mkdir(AT_PA_CONTENT_DIR . $album_file_path_tn); } //add the photo $added_photo_id = $pa->addPhoto($_FILES['photo']['name'], $_POST['photo_comment'], $_SESSION['member_id']); if ($added_photo_id <= 0) { $msg->addError('PA_ADD_PHOTO_FAILED'); } if (!$msg->containsErrors()) { //get photo filepath
/** * Delete an album and all associations */ function deleteAlbum() { //TODO Error checking on each step, if anyone fails, should report it to user $id = $this->id; //clean directory $sql = "SELECT created_date FROM %spa_albums WHERE id=%d"; $row = queryDB($sql, array(TABLE_PREFIX, $id), TRUE); $filepath = AT_PA_CONTENT_DIR . getAlbumFilePath($id, $row['created_date']); //orig $filepath_tn = $filepath . '_tn'; //thumbnails //delete files if (is_dir($filepath) && is_dir($filepath_tn)) { clr_dir($filepath); clr_dir($filepath_tn); } //delete all photo comments $sql = "DELETE c.* FROM %spa_photo_comments c LEFT JOIN %spa_photos p ON c.photo_id=p.id WHERE p.album_id=%d"; queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $id)); //delete all photos within this album $sql = "DELETE FROM %spa_photos WHERE album_id=%d"; queryDB($sql, array(TABLE_PREFIX, $id)); //delete all album comments $sql = "DELETE FROM %spa_album_comments WHERE album_id=%d"; queryDB($sql, array(TABLE_PREFIX, $id)); //delete album $sql = "DELETE FROM %spa_albums WHERE id=%d"; queryDB($sql, array(TABLE_PREFIX, $id)); }
/** * Return the total personal data usage (in bytes) */ function memoryUsage($member_id) { global $db; $member_id = intval($member_id); if ($member_id < 1) { return false; } $memory_usage = 0; $sql = 'SELECT p.* FROM ' . TABLE_PREFIX . 'pa_photos p LEFT JOIN ' . TABLE_PREFIX . "pa_course_album ca ON p.album_id=ca.album_id WHERE member_id={$member_id} AND ca.course_id IS NULL"; $result = mysql_query($sql, $db); if ($result) { while ($row = mysql_fetch_assoc($result)) { $pa = new PhotoAlbum($row['album_id']); $album_info = $pa->getAlbumInfo(); $photo_info = $pa->getPhotoInfo($row['id']); $album_file_path = getAlbumFilePath($album_info['id'], $album_info['created_date']); $photo_file_path = getPhotoFilePath($photo_info['id'], $photo_info['name'], $photo_info['created_date']); $file = AT_PA_CONTENT_DIR . $album_file_path . DIRECTORY_SEPARATOR . $photo_file_path; if (file_exists($file)) { $memory_usage += filesize($file); } } } return $memory_usage; }
/** * Delete an album and all associations */ function deleteAlbum() { //TODO Error checking on each step, if anyone fails, should report it to user global $db; $id = $this->id; //clean directory $sql = 'SELECT created_date FROM ' . TABLE_PREFIX . "pa_albums WHERE id={$id}"; $result = mysql_query($sql, $db); if ($result) { $row = mysql_fetch_assoc($result); } $filepath = AT_PA_CONTENT_DIR . getAlbumFilePath($id, $row['created_date']); //orig $filepath_tn = $filepath . '_tn'; //thumbnails //delete files if (is_dir($filepath) && is_dir($filepath_tn)) { clr_dir($filepath); clr_dir($filepath_tn); } //delete all photo comments $sql = 'DELETE c.* FROM ' . TABLE_PREFIX . 'pa_photo_comments c LEFT JOIN ' . TABLE_PREFIX . "pa_photos p ON c.photo_id=p.id WHERE p.album_id={$id}"; mysql_query($sql, $db); //delete all photos within this album $sql = "DELETE FROM " . TABLE_PREFIX . "pa_photos WHERE album_id={$id}"; mysql_query($sql, $db); //delete all album comments $sql = 'DELETE FROM ' . TABLE_PREFIX . "pa_album_comments WHERE album_id={$id}"; mysql_query($sql, $db); //delete album $sql = "DELETE FROM " . TABLE_PREFIX . "pa_albums WHERE id={$id}"; mysql_query($sql, $db); }
$msg->addError("ACCESS_DENIED"); header('location: index.php'); exit; } // get the current photo info, and paths $album_file_path = getAlbumFilePath($album_info['id'], $album_info['created_date']); $album_file_path_tn = $album_file_path . '_tn' . DIRECTORY_SEPARATOR; $album_file_path .= DIRECTORY_SEPARATOR; $photo_file_path = getPhotoFilePath($photo_info['id'], $photo_info['name'], $photo_info['created_date']); $photo_location = AT_PA_CONTENT_DIR . $album_file_path . $photo_file_path; $photo_tn_location = AT_PA_CONTENT_DIR . $album_file_path_tn . $photo_file_path; if ($aid != $profile_aid) { // now, get the new photo info, and path $pa_profile->addPhoto($photo_info['name'], $photo_info['description'], $_SESSION['member_id']); $album_info_new = $pa_profile->getAlbumInfo(); $album_file_path_new = getAlbumFilePath($album_info_new['id'], $album_info_new['created_date']); $album_file_path_tn_new = $album_file_path_new . '_tn' . DIRECTORY_SEPARATOR; $album_file_path_new .= DIRECTORY_SEPARATOR; $added_photo_id = mysql_insert_id(); $photo_info_new = $pa->getPhotoInfo($added_photo_id); $photo_file_path_new = getPhotoFilePath($added_photo_id, $photo_info_new['name'], $photo_info_new['created_date']); $photo_location_new = AT_PA_CONTENT_DIR . $album_file_path_new . $photo_file_path_new; $photo_tn_location_new = AT_PA_CONTENT_DIR . $album_file_path_tn_new . $photo_file_path_new; // if directory does not exist, create it. if (!is_dir(AT_PA_CONTENT_DIR . $album_file_path_new)) { mkdir(AT_PA_CONTENT_DIR . $album_file_path_new); } if (!is_dir(AT_PA_CONTENT_DIR . $album_file_path_tn_new)) { mkdir(AT_PA_CONTENT_DIR . $album_file_path_tn_new); } // copy both original and thumbnail over to the profile album
include AT_PA_INCLUDE . 'lib.inc.php'; $aid = intval($_GET['aid']); //album id $pid = intval($_GET['pid']); //photo id $ph = $_GET['ph']; //pid hash //To increase security so users can't freely browse thru the album, //add a block here to take in an extra $_GET variable that reads the pid_path //check it against the PhotoFilePath here and see if it matches. //if not, return a "File not found" image. //TODO $pa = new PhotoAlbum($aid); $album_info = $pa->getAlbumInfo(); $photo_info = $pa->getPhotoInfo($pid); $album_file_path = getAlbumFilePath($album_info['id'], $album_info['created_date']); if (isset($_GET['size']) && $_GET['size'] == 'o') { //if original $album_file_path .= DIRECTORY_SEPARATOR; } else { //if thumbnail $album_file_path .= '_tn' . DIRECTORY_SEPARATOR; } $photo_file_path = getPhotoFilePath($photo_info['id'], $photo_info['name'], $photo_info['created_date']); $photo_file_hash = getPhotoFilePath($photo_info['id'], '', $photo_info['created_date']); $file = AT_PA_CONTENT_DIR . $album_file_path . $photo_file_path; //if file does not exist, quit. if (!file_exists($file)) { //TODO: Clean files silently, cleaned but garbaged link remains on page. //Remove node from the DOM tree? $pa->deletePhoto($pid);
/** * Return the total personal data usage (in bytes) */ function memoryUsage($member_id) { global $db; $member_id = intval($member_id); if ($member_id < 1) { return false; } $memory_usage = 0; $sql = "SELECT p.* FROM %spa_photos p LEFT JOIN %spa_course_album ca ON p.album_id=ca.album_id WHERE member_id=%d AND ca.course_id IS NULL"; $rows_photos = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $member_id)); if (count($rows_photos) > 0) { foreach ($rows_photos as $row) { $pa = new PhotoAlbum($row['album_id']); $album_info = $pa->getAlbumInfo(); $photo_info = $pa->getPhotoInfo($row['id']); $album_file_path = getAlbumFilePath($album_info['id'], $album_info['created_date']); $photo_file_path = getPhotoFilePath($photo_info['id'], $photo_info['name'], $photo_info['created_date']); $file = AT_PA_CONTENT_DIR . $album_file_path . DIRECTORY_SEPARATOR . $photo_file_path; if (file_exists($file)) { $memory_usage += filesize($file); } } } return $memory_usage; }