if (isset($_POST['set_defaults'])) {
XSRFdefender('publishContent');
$_zp_gallery->setAlbumPublish((int) isset($_POST['album_default']));
$_zp_gallery->setImagePublish((int) isset($_POST['image_default']));
$_zp_gallery->save();
$report = 'defaults';
} else {
if (isset($_POST['publish'])) {
$action = sanitize($_POST['publish']);
unset($_POST['publish']);
XSRFdefender('publishContent');
switch ($action) {
case 'albums':
unset($_POST['checkAllAuto']);
foreach ($_POST as $key => $albumid) {
$album = newAlbum(postIndexDecode($key));
$album->setShow(1);
$album->save();
}
$report = 'albums';
break;
case 'images':
foreach ($_POST as $action) {
$i = strrpos($action, '_');
$imageid = sanitize_numeric(substr($action, $i + 1));
$rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid);
$rowa = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $rowi['albumid']);
$album = newAlbum($rowa['folder']);
$image = newImage($album, $rowi['filename']);
switch (substr($action, 0, $i)) {
case 'pub':
function processManagedObjects($i, &$rights)
{
$objects = array();
$albums = array();
$pages = array();
$news = array();
$l_a = strlen($prefix_a = 'managed_albums_list_' . $i . '_');
$l_p = strlen($prefix_p = 'managed_pages_list_' . $i . '_');
$l_n = strlen($prefix_n = 'managed_news_list_' . $i . '_');
foreach ($_POST as $key => $value) {
if (substr($key, 0, $l_a) == $prefix_a) {
//albums
$key = sanitize(substr($key, $l_a));
if (preg_match('/(.*)(_edit|_view|_upload|_name)$/', $key, $matches)) {
$key = postIndexDecode($matches[1]);
if (array_key_exists($key, $albums)) {
switch ($matches[2]) {
case '_edit':
$albums[$key]['edit'] = $albums[$key]['edit'] | MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_MEMBER;
break;
case '_upload':
$albums[$key]['edit'] = $albums[$key]['edit'] | MANAGED_OBJECT_RIGHTS_UPLOAD | MANAGED_OBJECT_MEMBER;
break;
case '_view':
$albums[$key]['edit'] = $albums[$key]['edit'] | MANAGED_OBJECT_RIGHTS_VIEW | MANAGED_OBJECT_MEMBER;
break;
case '_name':
$albums[$key]['name'] = $value;
break;
}
}
} else {
if ($value) {
$key = postIndexDecode($key);
$albums[$key] = array('data' => $key, 'name' => '', 'type' => 'album', 'edit' => MANAGED_OBJECT_MEMBER);
}
}
}
if (substr($key, 0, $l_p) == $prefix_p) {
//pages
$key = sanitize(substr($key, $l_p));
if (preg_match('/(.*)(_edit|_view|_name)$/', $key, $matches)) {
$key = postIndexDecode($matches[1]);
if (array_key_exists($key, $pages)) {
switch ($matches[2]) {
case '_edit':
$pages[$key]['edit'] = $pages[$key]['edit'] | MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_MEMBER;
break;
case '_view':
$pages[$key]['edit'] = $pages[$key]['edit'] | MANAGED_OBJECT_RIGHTS_VIEW | MANAGED_OBJECT_MEMBER;
break;
case '_name':
$pages[$key]['name'] = $value;
break;
}
}
} else {
if ($value) {
$key = postIndexDecode($key);
$pages[$key] = array('data' => $key, 'type' => 'pages', 'edit' => MANAGED_OBJECT_MEMBER);
}
}
}
if (substr($key, 0, $l_n) == $prefix_n) {
//news
$key = sanitize(substr($key, $l_n));
if (preg_match('/(.*)(_edit|_view|_name)$/', $key, $matches)) {
$key = postIndexDecode($matches[1]);
if (array_key_exists($key, $news)) {
switch ($matches[2]) {
case '_edit':
$news[$key]['edit'] = $news[$key]['edit'] | MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_MEMBER;
break;
case '_view':
$news[$key]['edit'] = $news[$key]['edit'] | MANAGED_OBJECT_RIGHTS_VIEW | MANAGED_OBJECT_MEMBER;
break;
case '_name':
$news[$key]['name'] = $value;
break;
}
}
} else {
if ($value) {
$key = postIndexDecode($key);
$news[$key] = array('data' => $key, 'type' => 'news', 'edit' => MANAGED_OBJECT_MEMBER);
}
}
}
}
foreach ($albums as $key => $analbum) {
unset($albums[$key]);
$albums[] = $analbum;
}
if (empty($albums)) {
if (!($rights & MANAGE_ALL_ALBUM_RIGHTS)) {
$rights = $rights & ~ALBUM_RIGHTS;
}
} else {
$rights = $rights | ALBUM_RIGHTS;
if ($rights & (MANAGE_ALL_ALBUM_RIGHTS | ADMIN_RIGHTS)) {
$albums = array();
}
}
if (empty($pages)) {
if (!($rights & MANAGE_ALL_PAGES_RIGHTS)) {
$rights = $rights & ~ZENPAGE_PAGES_RIGHTS;
}
} else {
$rights = $rights | ZENPAGE_PAGES_RIGHTS;
if ($rights & (MANAGE_ALL_PAGES_RIGHTS | ADMIN_RIGHTS)) {
$pages = array();
}
}
if (empty($news)) {
if (!($rights & MANAGE_ALL_NEWS_RIGHTS)) {
$rights = $rights & ~ZENPAGE_NEWS_RIGHTS;
}
} else {
$rights = $rights | ZENPAGE_NEWS_RIGHTS;
if ($rights & (MANAGE_ALL_NEWS_RIGHTS | ADMIN_RIGHTS)) {
$news = array();
}
}
$objects = array_merge($albums, $pages, $news);
return $objects;
}
query($sql);
}
}
break;
}
}
// tag action
if (isset($_GET['rename'])) {
XSRFdefender('tag_rename');
unset($_POST['XSRFToken']);
foreach ($_POST as $key => $newName) {
if (!empty($newName)) {
$newName = sanitize($newName, 3);
$key = substr($key, 2);
// strip off the 'R_'
$key = postIndexDecode(sanitize($key));
$newtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($newName));
$oldtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($key));
if (is_array($newtag)) {
// there is an existing tag of the same name
$existing = $newtag['id'] != $oldtag['id'];
// but maybe it is actually the original in a different case.
} else {
$existing = false;
}
if ($existing) {
query('DELETE FROM ' . prefix('tags') . ' WHERE `id`=' . $oldtag['id']);
query('UPDATE ' . prefix('obj_to_tag') . ' SET `tagid`=' . $newtag['id'] . ' WHERE `tagid`=' . $oldtag['id']);
} else {
query('UPDATE ' . prefix('tags') . ' SET `name`=' . db_quote($newName) . ' WHERE `id`=' . $oldtag['id']);
}
if (isset($_POST['set_defaults'])) {
XSRFdefender('publishContent');
$_zp_gallery->setAlbumPublish((int) isset($_POST['album_default']));
$_zp_gallery->setImagePublish((int) isset($_POST['image_default']));
$_zp_gallery->save();
$report = 'defaults';
} else {
if (isset($_POST['publish'])) {
$action = sanitize($_POST['publish']);
unset($_POST['publish']);
XSRFdefender('publishContent');
switch ($action) {
case 'albums':
unset($_POST['checkAllAuto']);
foreach ($_POST as $key => $albumid) {
$album = newAlbum(sanitize(postIndexDecode($key)));
$album->setShow(1);
$album->save();
}
$report = 'albums';
break;
case 'images':
foreach ($_POST as $action) {
$i = strrpos($action, '_');
$imageid = sanitize_numeric(substr($action, $i + 1));
$rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid);
$rowa = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $rowi['albumid']);
$album = newAlbum($rowa['folder']);
$image = newImage($album, $rowi['filename']);
switch (substr($action, 0, $i)) {
case 'pub':
/**
* Processes the check box bulk actions
*
*/
function processZenpageBulkActions($type, &$reports)
{
global $_zp_zenpage;
if (isset($_POST['ids'])) {
//echo "action for checked items:". $_POST['checkallaction'];
$action = sanitize($_POST['checkallaction']);
$links = $_POST['ids'];
$total = count($links);
$message = NULL;
$sql = '';
if ($action != 'noaction') {
if ($total > 0) {
if ($action == 'addtags' || $action == 'alltags') {
foreach ($_POST as $key => $value) {
$key = postIndexDecode($key);
if (substr($key, 0, 10) == 'mass_tags_') {
if ($value) {
$tags[] = substr($key, 10);
}
}
}
$tags = sanitize($tags, 3);
}
$n = 0;
switch ($action) {
case 'deleteall':
$message = gettext('Selected items deleted');
break;
case 'showall':
$message = gettext('Selected items published');
break;
case 'hideall':
$message = gettext('Selected items unpublished');
break;
case 'commentson':
$message = gettext('Comments enabled for selected items');
break;
case 'commentsoff':
$message = gettext('Comments disabled for selected items');
break;
case 'resethitcounter':
$message = gettext('Hitcounter for selected items');
break;
case 'addtags':
$message = gettext('Tags added to selected items');
break;
case 'cleartags':
$message = gettext('Tags cleared from selected items');
break;
case 'alltags':
$message = gettext('Tags added to articles of selected items');
break;
case 'clearalltags':
$message = gettext('Tags cleared from articles of selected items');
break;
}
foreach ($links as $titlelink) {
$class = 'Zenpage' . $type;
$obj = new $class($titlelink);
switch ($action) {
case 'deleteall':
$obj->remove();
break;
case 'addtags':
$mytags = array_unique(array_merge($tags, $obj->getTags()));
$obj->setTags($mytags);
break;
case 'cleartags':
$obj->setTags(array());
break;
case 'alltags':
$allarticles = $obj->getArticles('', 'all', true);
foreach ($allarticles as $article) {
$newsobj = new ZenpageNews($article['titlelink']);
$mytags = array_unique(array_merge($tags, $newsobj->getTags()));
$newsobj->setTags($mytags);
$newsobj->save();
}
break;
case 'clearalltags':
$allarticles = $obj->getArticles('', 'all', true);
foreach ($allarticles as $article) {
$newsobj = new ZenpageNews($article['titlelink']);
$newsobj->setTags(array());
$newsobj->save();
}
break;
case 'showall':
$obj->set('show', 1);
break;
case 'hideall':
$obj->set('show', 0);
break;
case 'commentson':
$obj->set('commentson', 1);
break;
case 'commentsoff':
$obj->set('commentson', 0);
break;
case 'resethitcounter':
$obj->set('hitcounter', 0);
break;
}
$obj->save();
}
if (!is_null($message)) {
$reports[] = "<p class='messagebox fade-message'>" . $message . "</p>";
}
}
}
}
}
$_zp_gallery->setWebsiteURL($web);
$_zp_gallery->setAlbumUseImagedate((int) isset($_POST['album_use_new_image_date']));
$st = strtolower(sanitize($_POST['gallery_sorttype'], 3));
if ($st == 'custom') {
$st = strtolower(sanitize($_POST['customalbumsort'], 3));
}
$_zp_gallery->setSortType($st);
if ($st == 'manual' || $st == 'random') {
$_zp_gallery->setSortDirection(false);
} else {
$_zp_gallery->setSortDirection(isset($_POST['gallery_sortdirection']));
}
foreach ($_POST as $item => $value) {
if (strpos($item, 'gallery-page_') === 0) {
$encoded = substr($item, 13);
$item = sanitize(postIndexDecode($encoded));
$_zp_gallery->setUnprotectedPage($item, (int) isset($_POST['gallery_page_unprotected_' . $encoded]));
}
}
$_zp_gallery->setSecurity(sanitize($_POST['gallery_security'], 3));
$notify = processCredentials($_zp_gallery);
if (zp_loggedin(CODEBLOCK_RIGHTS)) {
processCodeblockSave(0, $_zp_gallery);
}
$_zp_gallery->save();
$returntab = "&tab=gallery";
}
/* * * Search options ** */
if (isset($_POST['savesearchoptions'])) {
$fail = '';
$search = new SearchEngine();
if (isset($_POST['return_images'])) {
$images = $search->getImages();
foreach ($images as $animage) {
$image = newImage(newAlbum($animage['folder']), $animage['filename']);
if ($unpublished || $image->getShow()) {
$tags = array_unique(array_merge($image->getTags(), array($words)));
$image->setTags($tags);
$image->save();
}
}
}
} else {
$searchfields = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'SEARCH_') !== false) {
$searchfields[] = sanitize(str_replace('SEARCH_', '', postIndexDecode($key)));
}
}
$words = sanitize($_POST['words']);
}
if (isset($_POST['thumb'])) {
$thumb = sanitize($_POST['thumb']);
} else {
$thumb = '';
}
$constraints = "\nCONSTRAINTS=" . 'inalbums=' . (int) isset($_POST['return_albums']) . '&inimages=' . (int) isset($_POST['return_images']) . '&unpublished=' . (int) isset($_POST['return_unpublished']);
$redirect = $album . '/' . $albumname . '.alb';
if (!empty($albumname)) {
$f = fopen(internalToFilesystem(ALBUM_FOLDER_SERVERPATH . $redirect), 'w');
if ($f !== false) {
fwrite($f, "WORDS={$words}\nTHUMB={$thumb}\nFIELDS=" . implode(',', $searchfields) . $constraints . "\n");
if ($group->getName() == 'group') {
//have to update any users who have this group designate.
foreach ($admins as $admin) {
if ($admin['valid'] && $admin['group'] === $groupname) {
$user = $_zp_authority->newAdministrator($admin['user'], $admin['valid']);
$user->setRights($group->getRights());
$user->setObjects($group->getObjects());
$user->save();
}
}
//user assignments: first clear out existing ones
$_zp_authority->updateAdminField('group', NULL, array('`valid`>=' => '1', '`group`=' => $groupname));
//then add the ones marked
$target = 'user_' . $i . '-';
foreach ($_POST as $item => $username) {
$item = sanitize(postIndexDecode($item));
if (strpos($item, $target) !== false) {
$username = substr($item, strlen($target));
$user = $_zp_authority->getAnAdmin(array('`user`=' => $username, '`valid`>=' => 1));
$user->setRights($group->getRights());
$user->setObjects($group->getObjects());
$user->setGroup($groupname);
$user->save();
}
}
}
}
}
header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_groups/user_groups-tab.php?page=users&tab=groups&saved');
exit;
} else {
}
$sqltags = substr($sqltags, 0, strlen($sqltags) - 4);
query($sqltags);
$sqlobjects = substr($sqlobjects, 0, strlen($sqlobjects) - 4);
query($sqlobjects);
}
}
}
// delete
if (isset($_GET['rename'])) {
XSRFdefender('tag_rename');
unset($_POST['XSRFToken']);
foreach ($_POST as $key => $newName) {
if (!empty($newName)) {
$newName = sanitize($newName, 3);
$key = postIndexDecode($key);
$key = substr($key, 2);
// strip off the 'R_'
$newtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($newName));
$oldtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($key));
if (is_array($newtag)) {
// there is an existing tag of the same name
$existing = $newtag['id'] != $oldtag['id'];
// but maybe it is actually the original in a different case.
} else {
$existing = false;
}
if ($existing) {
query('DELETE FROM ' . prefix('tags') . ' WHERE `id`=' . $oldtag['id']);
query('UPDATE ' . prefix('obj_to_tag') . ' SET `tagid`=' . $newtag['id'] . ' WHERE `tagid`=' . $oldtag['id']);
} else {
/**
* Handles Image bulk actions
* @param $album
*/
function processBulkImageActions($album)
{
$action = sanitize($_POST['checkallaction']);
$ids = $_POST['ids'];
$total = count($ids);
$message = NULL;
if ($action != 'noaction') {
if ($total > 0) {
if ($action == 'addtags') {
foreach ($_POST as $key => $value) {
$key = postIndexDecode($key);
if (substr($key, 0, 10) == 'mass_tags_') {
if ($value) {
$tags[] = substr($key, 10);
}
}
}
$tags = sanitize($tags, 3);
}
if ($action == 'moveimages' || $action == 'copyimages') {
$dest = sanitize($_POST['massalbumselect']);
$folder = sanitize($_POST['massfolder']);
if (!$dest || $dest == $folder) {
return "&mcrerr=2";
}
}
$n = 0;
foreach ($ids as $filename) {
$n++;
$imageobj = newImage($album, $filename);
switch ($action) {
case 'deleteall':
$imageobj->remove();
break;
case 'showall':
$imageobj->set('show', 1);
break;
case 'hideall':
$imageobj->set('show', 0);
break;
case 'commentson':
$imageobj->set('commentson', 1);
break;
case 'commentsoff':
$imageobj->set('commentson', 0);
break;
case 'resethitcounter':
$imageobj->set('hitcounter', 0);
break;
case 'addtags':
$mytags = array_unique(array_merge($tags, $imageobj->getTags()));
$imageobj->setTags($mytags);
break;
case 'cleartags':
$imageobj->setTags(array());
break;
case 'copyimages':
if ($e = $imageobj->copy($dest)) {
return "&mcrerr=" . $e;
}
break;
case 'moveimages':
if ($e = $imageobj->moveImage($dest)) {
return "&mcrerr=" . $e;
}
break;
}
$imageobj->save();
}
}
return $action;
}
}
/**
* Process the bulk tags
*
* @return array
*/
function bulkTags()
{
$tags = array();
foreach ($_POST as $key => $value) {
$key = postIndexDecode($key);
if ($value && substr($key, 0, 10) == 'mass_tags_') {
$tags[] = sanitize(substr($key, 10));
}
}
return $tags;
}
/**
* This is the "tokens" upload tab
*
* @author Stephen Billard (sbillard)
*
* Copyright 2014 by Stephen L Billard for use in {@link https://github.com/ZenPhoto20/ZenPhoto20 ZenPhoto20}
*
* @package plugins
* @subpackage development
*/
require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php';
admin_securityChecks(DEBUG_RIGHTS, $return = currentRelativeURL());
if (isset($_POST['delete_cookie'])) {
foreach ($_POST['delete_cookie'] as $cookie => $v) {
zp_clearCookie(postIndexDecode($cookie));
}
header('location: ?page=develpment&tab=cookie');
exitZP();
}
$subtab = getSubtabs();
printAdminHeader('development', $subtab);
echo "\n</head>";
?>
<body>
<?php
printLogoAndLinks();
?>
<div id="main">
/**
* processes the post from the above
*@param int param1 the index of the entry in mass edit or 0 if single album
*@param object param2 the album object
*@return string error flag if passwords don't match
*@since 1.1.3
*/
function processAlbumEdit($index, $album)
{
if ($index == 0) {
$prefix = '';
} else {
$prefix = "{$index}-";
}
$tagsprefix = 'tags_' . $prefix;
$notify = '';
$album->setTitle(process_language_string_save($prefix . 'albumtitle', 2));
$album->setDesc(process_language_string_save($prefix . 'albumdesc', 1));
$tags = array();
for ($i = 0; $i < 4; $i++) {
if (isset($_POST[$tagsprefix . 'new_tag_value_' . $i])) {
$tag = trim(strip($_POST[$tagsprefix . 'new_tag_value_' . $i]));
unset($_POST[$tagsprefix . 'new_tag_value_' . $i]);
if (!empty($tag)) {
$tags[] = $tag;
}
}
}
$l = strlen($tagsprefix);
foreach ($_POST as $key => $value) {
$key = postIndexDecode($key);
if (substr($key, 0, $l) == $tagsprefix) {
if ($value) {
$tags[] = substr($key, $l);
}
}
}
$tags = array_unique($tags);
$album->setTags($tags);
$album->setDateTime(strip($_POST[$prefix . "albumdate"]));
$album->setPlace(process_language_string_save($prefix . 'albumplace', 3));
if (isset($_POST[$prefix . 'thumb'])) {
$album->setAlbumThumb(strip($_POST[$prefix . 'thumb']));
}
$album->setShow(isset($_POST[$prefix . 'Published']));
$album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments']));
$sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3));
}
$album->setSortType($sorttype);
if ($sorttype == 'manual') {
$album->setSortDirection('image', 0);
} else {
if (empty($sorttype)) {
$direction = 0;
} else {
$direction = isset($_POST[$prefix . 'image_sortdirection']);
}
$album->setSortDirection('image', $direction);
}
$sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3));
}
$album->setSubalbumSortType($sorttype);
if ($sorttype == 'manual') {
$album->setSortDirection('album', 0);
} else {
$album->setSortDirection('album', isset($_POST[$prefix . 'album_sortdirection']));
}
if (isset($_POST[$prefix . 'reset_hitcounter'])) {
$album->set('hitcounter', 0);
}
if (isset($_POST[$prefix . 'reset_rating'])) {
$album->set('total_value', 0);
$album->set('total_votes', 0);
$album->set('used_ips', 0);
}
$olduser = $album->getUser();
$newuser = $_POST[$prefix . 'albumuser'];
$pwd = trim($_POST[$prefix . 'albumpass']);
$fail = '';
if ($olduser != $newuser) {
if ($pwd != $_POST[$prefix . 'albumpass_2']) {
$pwd2 = trim($_POST[$prefix . 'albumpass_2']);
$_POST[$prefix . 'albumpass'] = $pwd;
// invalidate password, user changed without password beign set
if (!empty($newuser) && empty($pwd) && empty($pwd2)) {
$fail = '&mismatch=user';
}
}
}
if ($_POST[$prefix . 'albumpass'] == $_POST[$prefix . 'albumpass_2']) {
$album->setUser($newuser);
if (empty($pwd)) {
if (empty($_POST[$prefix . 'albumpass'])) {
$album->setPassword(NULL);
// clear the gallery password
}
} else {
$album->setPassword($pwd);
}
} else {
if (empty($fail)) {
$notify = '&mismatch=album';
} else {
$notify = $fail;
}
}
$oldtheme = $album->getAlbumTheme();
if (isset($_POST[$prefix . 'album_theme'])) {
$newtheme = strip($_POST[$prefix . 'album_theme']);
if ($oldtheme != $newtheme) {
$album->setAlbumTheme($newtheme);
}
}
$album->setPasswordHint(process_language_string_save($prefix . 'albumpass_hint', 3));
$album->setCustomData(process_language_string_save($prefix . 'album_custom_data', 1));
$album->save();
// Move/Copy/Rename the album after saving.
$movecopyrename_action = '';
if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) {
$movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3);
}
if ($movecopyrename_action == 'move') {
$dest = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3));
// Append the album name.
$dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name));
if ($dest && $dest != $album->name) {
if ($returnalbum = $album->moveAlbum($dest)) {
// A slight hack to redirect to the new album after moving.
$_GET['album'] = $returnalbum;
} else {
$notify .= "&mcrerr=1";
}
} else {
// Cannot move album to same album.
}
} else {
if ($movecopyrename_action == 'copy') {
$dest = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3));
// Append the album name.
$dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name));
if ($dest && $dest != $album->name) {
if (!$album->copyAlbum($dest)) {
$notify .= "&mcrerr=1";
}
} else {
// Cannot copy album to existing album.
// Or, copy with rename?
}
} else {
if ($movecopyrename_action == 'rename') {
$renameto = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-renameto'], 3));
$renameto = str_replace(array('/', '\\'), '', $renameto);
if (dirname($album->name) != '.') {
$renameto = dirname($album->name) . '/' . $renameto;
}
if ($renameto != $album->name) {
if ($returnalbum = $album->renameAlbum($renameto)) {
// A slight hack to redirect to the new album after moving.
$_GET['album'] = $returnalbum;
} else {
$notify .= "&mcrerr=1";
}
}
}
}
}
return $notify;
}
if ($admin['valid']) {
$hisgroups = explode(',', $admin['group']);
if (in_array($groupname, $hisgroups)) {
$user = Zenphoto_Authority::newAdministrator($admin['user'], $admin['valid']);
user_groups::merge_rights($user, $hisgroups, user_groups::getPrimeObjects($user));
$user->save();
}
}
}
//user assignments: first clear out existing ones
Zenphoto_Authority::updateAdminField('group', NULL, array('`valid`>=' => '1', '`group`=' => $groupname));
//then add the ones marked
$target = 'user_' . $i . '-';
foreach ($_POST as $item => $username) {
if (strpos($item, $target) !== false) {
$username = postIndexDecode(substr(sanitize($item), strlen($target)));
//$username = substr($item, strlen($target));
$user = $_zp_authority->getAnAdmin(array('`user`=' => $username, '`valid`>=' => 1));
user_groups::merge_rights($user, $hisgroups, user_groups::getPrimeObjects($user));
$user->save();
}
}
}
}
}
$notify = '&saved';
} else {
$notify = '&post_error';
}
header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_groups/user_groups-tab.php?page=users&tab=groups&subpage=' . $subpage . $notify);
exitZP();
$_zp_gallery->setSecurity(sanitize($_POST['gallery_security'], 3));
$notify = processCredentials($_zp_gallery);
if (zp_loggedin(CODEBLOCK_RIGHTS)) {
$_zp_gallery->setCodeblock(processCodeblockSave(0));
}
$_zp_gallery->save();
$returntab = "&tab=gallery";
}
/* * * Search options ** */
if (isset($_POST['savesearchoptions'])) {
$fail = '';
$search = new SearchEngine();
$searchfields = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'SEARCH_') !== false) {
$searchfields[] = substr(sanitize(postIndexDecode($key)), 7);
}
}
setOption('search_fields', implode(',', $searchfields));
setOption('search_cache_duration', sanitize_numeric($_POST['search_cache_duration']));
$notify = processCredentials('search');
setOption('exact_tag_match', sanitize($_POST['tag_match']));
setOption('exact_string_match', sanitize($_POST['string_match']));
setOption('search_space_is', sanitize($_POST['search_space_is']));
setOption('search_no_albums', (int) isset($_POST['search_no_albums']));
setOption('search_no_images', (int) isset($_POST['search_no_images']));
setOption('search_no_pages', (int) isset($_POST['search_no_pages']));
setOption('search_no_news', (int) isset($_POST['search_no_news']));
setOption('search_within', (int) ($_POST['search_within'] && true));
$sorttype = strtolower(sanitize($_POST['sortby'], 3));
if ($sorttype == 'custom') {
/**
* Processes the check box bulk actions
*
*/
function processZenpageBulkActions($type)
{
global $_zp_zenpage;
$action = false;
if (isset($_POST['ids'])) {
//echo "action for checked items:". $_POST['checkallaction'];
$action = sanitize($_POST['checkallaction']);
$links = sanitize($_POST['ids']);
$total = count($links);
$message = NULL;
$sql = '';
if ($action != 'noaction') {
if ($total > 0) {
if ($action == 'addtags' || $action == 'alltags') {
$tags = bulkTags();
}
if ($action == 'addcats') {
foreach ($_POST as $key => $value) {
$key = postIndexDecode($key);
if (substr($key, 0, 3) == 'cat') {
if ($value) {
$cats[] = substr($key, 3);
}
}
}
$cats = sanitize($cats, 3);
}
$n = 0;
foreach ($links as $titlelink) {
$class = 'Zenpage' . $type;
$obj = new $class($titlelink);
switch ($action) {
case 'deleteall':
$obj->remove();
SearchEngine::clearSearchCache();
break;
case 'addtags':
$mytags = array_unique(array_merge($tags, $obj->getTags()));
$obj->setTags($mytags);
break;
case 'cleartags':
$obj->setTags(array());
break;
case 'alltags':
$allarticles = $obj->getArticles('', 'all', true);
foreach ($allarticles as $article) {
$newsobj = new ZenpageNews($article['titlelink']);
$mytags = array_unique(array_merge($tags, $newsobj->getTags()));
$newsobj->setTags($mytags);
$newsobj->save();
}
break;
case 'clearalltags':
$allarticles = $obj->getArticles('', 'all', true);
foreach ($allarticles as $article) {
$newsobj = new ZenpageNews($article['titlelink']);
$newsobj->setTags(array());
$newsobj->save();
}
break;
case 'addcats':
$catarray = array();
$allcats = $obj->getCategories();
foreach ($cats as $cat) {
$catitem = $_zp_zenpage->getCategory($cat);
$catarray[] = $catitem['titlelink'];
//to use the setCategories method we need an array with just the titlelinks!
}
$allcatsarray = array();
foreach ($allcats as $allcat) {
$allcatsarray[] = $allcat['titlelink'];
//same here!
}
$mycats = array_unique(array_merge($catarray, $allcatsarray));
$obj->setCategories($mycats);
break;
case 'clearcats':
$obj->setCategories(array());
break;
case 'showall':
$obj->set('show', 1);
break;
case 'hideall':
$obj->set('show', 0);
break;
case 'commentson':
$obj->set('commentson', 1);
break;
case 'commentsoff':
$obj->set('commentson', 0);
break;
case 'resethitcounter':
$obj->set('hitcounter', 0);
break;
}
$obj->save();
}
}
}
}
return $action;
}
$ordered[$key] = $admin['date'];
}
}
asort($ordered);
$adminordered = array();
foreach ($ordered as $key => $user) {
$adminordered[] = $admins[$key];
}
$msg = NULL;
if (isset($_GET['action'])) {
$action = sanitize($_GET['action']);
XSRFdefender($action);
if ($action == 'expiry') {
foreach ($_POST as $key => $action) {
if (strpos($key, 'r_') === 0) {
$userobj = $_zp_authority->getAnAdmin(array('`id`=' => str_replace('r_', '', postIndexDecode($key))));
if ($userobj) {
switch ($action) {
case 'delete':
$userobj->remove();
break;
case 'disable':
$userobj->setValid(2);
$userobj->save();
break;
case 'enable':
$userobj->setValid(1);
$userobj->save();
break;
case 'renew':
$newdate = getOption('user_expiry_interval') * 86400 + strtotime($userobj->getDateTime());
$ordered[$key] = $admin['date'];
}
}
asort($ordered);
$adminordered = array();
foreach ($ordered as $key => $user) {
$adminordered[] = $admins[$key];
}
$msg = NULL;
if (isset($_GET['action'])) {
$action = sanitize($_GET['action']);
XSRFdefender($action);
if ($action == 'expiry') {
foreach ($_POST as $key => $action) {
if (strpos($key, 'r_') === 0) {
$userobj = Zenphoto_Authority::getAnAdmin(array('`id`=' => str_replace('r_', '', postIndexDecode($key))));
if ($userobj) {
switch ($action) {
case 'delete':
$userobj->remove();
break;
case 'disable':
$userobj->setValid(2);
$userobj->save();
break;
case 'enable':
$userobj->setValid(1);
$userobj->save();
break;
case 'renew':
$newdate = getOption('user_expiry_interval') * 86400 + strtotime($userobj->getDateTime());
