static function checkPerm($perm)
 {
     global $db;
     if (Permissions::isAnon()) {
         return false;
     }
     if (Permissions::isAdmin()) {
         return true;
     }
     $session = Session::singletone();
     $q = $db->prepare("SELECT permission FROM phph_permissions WHERE permission = ? AND user_id = ?");
     if (PEAR::isError($q)) {
         die($q->getMessage());
     }
     $r = $db->execute($q, array($perm, $session->_uid));
     if (PEAR::isError($r)) {
         die($r->getMessage());
     }
     if ($r->numRows() > 0) {
         return true;
     }
     $q = $db->prepare("SELECT permission FROM phph_permissions WHERE permission = ? AND group_id IN (SELECT group_id FROM phph_group_users WHERE user_id = ?)");
     if (PEAR::isError($q)) {
         die($q->getMessage());
     }
     $r = $db->execute($q, array($perm, $session->_uid));
     if (PEAR::isError($r)) {
         die($r->getMessage());
     }
     if ($r->numRows() > 0) {
         return true;
     }
     return false;
 }
Example #2
0
 static function url($action, $attrs = array(), $script = "index.php")
 {
     $s = Config::get("site_url") . "/{$script}?action={$action}";
     $s = Session::singletone()->addSID($s);
     //$ref = self::pg("ref");
     //if (!empty($ref))
     //	$s .= "&ref=" . htmlspecialchars(urlencode($ref));
     foreach ($attrs as $id => $val) {
         $s .= htmlspecialchars("&{$id}=" . urlencode($val));
     }
     return $s;
 }
<?php

// $Id$
set_include_path(get_include_path() . ":../");
require_once "includes/session.php";
require_once "includes/utils.php";
require_once "includes/permissions.php";
require_once "includes/photo.php";
$session = Session::singletone();
if ($session->requireLogin()) {
    exit;
}
if (!Permissions::checkPerm('admin_panel')) {
    die("Permission denied.");
}
if (!Permissions::checkPerm('delete_photos')) {
    die("Permission denied.");
}
$ref = urldecode(Utils::pg("ref"));
$pid = urldecode(Utils::pg("pid"));
if (empty($pid)) {
    die;
}
$photo = new Photo($pid);
$photo->remove();
header("Location: {$ref}");
ini_restore('include_path');
Example #4
0
    function update($title, $text)
    {
        $session = Session::singletone();
        if ($this->_dbo->comment_title == $title && $this->_dbo->comment_text == $text) {
            return;
        }
        $o_title = $this->_dbo->comment_title;
        $o_text = $this->_dbo->comment_text;
        $this->_dbo->comment_title = $title;
        $this->_dbo->comment_text = $text;
        $this->_dbo->update();
        $photo = new Photo($this->_dbo->photo_id);
        if ($photo->_dbo->user_id != $session->_uid) {
            $user = new User($session->_uid);
            $to_name = $photo->_user->user_login;
            $photo_title = $photo->_dbo->photo_title;
            $author = $user->_dbo->user_login;
            $body = <<<EOT
Witaj {$to_name},

Uytkownik {$author} wyedytowa komentarz do Twojego zdj�ia "{$photo_title}".

Obecna tre�komentarza:

{$title}

{$text}

----

Poprzednia tre�komentarza:

{$o_title}

{$o_text}

-- 
Ten email zosta wysany automatycznie. Prosimy nie odpowiada�
EOT;
            Utils::mail("Komentarz do Twojego zdj�ia \"{$photo_title}\" zosta zmieniony.", $body, $photo->_user->user_email, $photo->_user->user_name);
        }
        if ($this->_dbo->user_id != $session->_uid) {
            $user = new User($session->_uid);
            $to_name = $this->_user->user_login;
            $photo_title = $photo->_dbo->photo_title;
            $author = $user->_dbo->user_login;
            $body = <<<EOT
Witaj {$to_name},

Uytkownik {$author} wyedytowa Tw� komentarz do zdj�ia "{$photo_title}".

Obecna tre�komentarza:

{$title}

{$text}

----

Poprzednia tre�komentarza:

{$o_title}

{$o_text}

-- 
Ten email zosta wysany automatycznie. Prosimy nie odpowiada�
EOT;
            Utils::mail("Tw� komentarz do zdj�ia \"{$photo_title}\" zosta zmieniony.", $body, $this->_user->user_email, $this->_user->user_name);
        }
    }
Example #5
0
 function login($login, $pass)
 {
     $session = Session::singletone();
     $db = Database::singletone()->db();
     $sth = $db->prepare("SELECT * FROM phph_users WHERE user_login = :login AND user_pass = :pass");
     $sth->bindParam(":login", $login);
     $sth->bindValue(":pass", md5($pass));
     $sth->execute();
     if (!($this->_dbdata = $sth->fetch())) {
         throw new Exception("Nieudane logowanie.");
     }
     $sth = null;
     $this->_orig_dbdata = $this->_dbdata;
     $this->updateLastLogin();
     $this->_uid = $this->_dbdata['user_id'];
     $session->_uid = $this->_dbdata['user_id'];
     $session->newSession();
 }
 function getLogins()
 {
     $session = Session::singletone();
     $db = Database::singletone()->db();
     $sth = $db->prepare("SELECT user_login FROM phph_users ORDER BY user_login");
     $sth->execute();
     while ($row = $sth->fetch()) {
         $this->_response->appendChild($this->_dom->createElement('login', $row['user_login']));
     }
     $this->success();
 }
Example #7
0
 function addMember($user)
 {
     $db = Database::singletone()->db();
     if ($this->isMember($user->uid())) {
         throw new Exception(_T("Użytkownik jest już członkiem tej grupy."));
     }
     $sth = $db->prepare('INSERT INTO phph_group_members (user_id, group_id, added_by, add_time) VALUES (:user_id, :group_id, :added_by, :add_time)');
     $sth->bindValue(':user_id', $user->uid());
     $sth->bindValue(':group_id', $this->gid());
     $sth->bindValue(':added_by', Session::singletone()->uid());
     $sth->bindValue(':add_time', time());
     $sth->execute();
     $sth = null;
     $user->addToGroup($this, false);
     $this->updateDBData();
 }
 function save()
 {
     $db = Database::singletone()->db();
     $parent = $this->dbdata('category_parent', 0);
     $o_parent = $this->origDBData('category_parent', 0);
     if ($this->dbdata('category_name') != $this->origDBData('category_name') || $parent != $o_parent) {
         if ($parent > 0) {
             $sth = $db->prepare('SELECT COUNT(*) FROM phph_categories WHERE category_name = :category_name AND category_parent = :parent');
             $sth->bindParam(':parent', $parent);
         } else {
             $sth = $db->prepare('SELECT COUNT(*) FROM phph_categories WHERE category_name = :category_name AND category_parent IS NULL');
         }
         $sth->bindValue(':category_name', $this->dbdata('category_name'));
         $sth->execute();
         $r = $sth->fetchColumn(0);
         $sth = null;
         if ($r > 0) {
             throw new Exception(_T('Kategoria o tej nazwie już istnieje.'));
         }
     }
     if ($this->cid() == 0 || $parent != $o_parent) {
         if ($parent > 0) {
             $sth = $db->prepare("SELECT IFNULL(MAX(category_order), 0) AS ord FROM phph_categories WHERE category_parent = :parent");
             $sth->bindParam(':parent', $parent);
         } else {
             $sth = $db->prepare("SELECT IFNULL(MAX(category_order), 0) AS ord FROM phph_categories WHERE category_parent IS NULL");
         }
         $sth->execute();
         $this->setDBData('category_order', $sth->fetchColumn(0) + 1);
         $sth = null;
     }
     if ($this->cid() == 0) {
         $sth = $db->prepare('INSERT INTO phph_categories ' . '(category_name, category_description, category_created, category_creator, category_parent, category_order) ' . 'VALUES ' . '(:category_name, :category_description, :category_created, :category_creator, :category_parent, :category_order)');
         $sth->bindValue(':category_created', time());
         $sth->bindValue(':category_creator', Session::singletone()->uid());
     } else {
         $sth = $db->prepare('UPDATE phph_categories SET ' . 'category_name = :category_name, ' . 'category_description = :category_description, ' . 'category_order = :category_order, ' . 'category_parent = :category_parent ' . 'WHERE category_id = :category_id');
         $sth->bindValue(':category_id', $this->cid());
     }
     $sth->bindValue(":category_name", $this->dbdata('category_name'));
     $sth->bindValue(":category_description", $this->dbdata('category_description'));
     $sth->bindValue(":category_order", $this->dbdata('category_order'));
     if (empty($parent)) {
         $parent = null;
     }
     $sth->bindParam(":category_parent", $parent);
     $sth->execute();
     if ($this->cid() == 0) {
         $this->_cid = $db->lastInsertId();
     }
     $sth = null;
     $this->updateDBData();
 }
Example #9
0
    function addComment($title, $text)
    {
        $session = Session::singletone();
        $dbo = DB_DataObject::Factory("phph_comments");
        if (PEAR::isError($dbo)) {
            throw new Exception2(_INTERNAL_ERROR, $dbo->getMessage());
        }
        $dbo->comment_title = $title;
        $dbo->comment_text = $text;
        $dbo->photo_id = $this->_pid;
        $dbo->comment_date = time();
        $dbo->user_id = $session->_uid;
        $dbo->insert();
        if ($this->_dbo->user_id != $session->_uid) {
            $user = new User($session->_uid);
            $to_name = $this->_user->user_login;
            $photo_title = $this->_dbo->photo_title;
            $author = $user->_dbo->user_login;
            $body = <<<EOT
Witaj {$to_name},

U¿ytkownik {$author} doda³ do Twojego zdjêcia "{$photo_title}" komentarz. Poni¿ej znajduje siê tre¶æ komentarza:

{$title}

{$text}

-- 
Ten email zosta³ wys³any automatycznie. Prosimy nie odpowiadaæ.
EOT;
            Utils::mail("Nowy komentarz do Twojego zdjêcia \"{$photo_title}\".", $body, $this->_user->user_email, $this->_user->user_name);
        }
    }
Example #10
0
 function moderationXML($xml, $name = 'moderation')
 {
     $db = Database::singletone()->db();
     $session = Session::singletone();
     $this->moderation();
     $status = 'waiting';
     if ($this->dbdata('moderation_id', 0) > 0) {
         $moder = new PhotoModeration($this->dbdata('moderation_id'));
         $status = $moder->dbdata('moderation_mode');
     }
     $el = $xml->createElement($name);
     $el->setAttribute('status', $status);
     foreach ($this->_moderation as $moder) {
         $el->appendChild($moder->xml($xml));
     }
     return $el;
 }
Example #11
0
function action_postcomment()
{
    global $ref;
    $session = Session::singletone();
    if ($session->requireLogin(false)) {
        header("Location: {$ref}");
        exit;
    }
    $pid = Utils::p('pid');
    $photo = new Photo($pid);
    $photo->addComment($_POST['comment_title'], $_POST['comment_text']);
    header("Location: {$ref}");
    exit;
}
Example #12
0
 function __construct($action)
 {
     if (!$this->supported($action)) {
         $this->_valid = false;
         $this->_status_code = 404;
         return;
     }
     $this->_template_vars = array();
     $this->_url = Config::get("site_url");
     //$this->_ref = Utils::secureHeaderData($_SERVER['HTTP_REFERER']);
     $this->_ref = Utils::secureHeaderData(Utils::pg("ref"));
     $this->_action = $action;
     $this->_main_template = "index.tpl";
     $this->_session = Session::singletone();
     $this->_smarty = new PhphSmarty($this->_action);
     $this->setTemplateVar('ref', $this->_ref);
     $this->setTemplateVar('base_url', $this->_url);
     $this->setTemplateVar('ajax_http_method', Config::get('ajax-http-method', 'POST'));
     $this->setTemplateVar('self', Utils::selfURL());
     $this->setTemplateVar('action', $this->_action);
     $this->setTemplateVar('is_superuser', $this->session()->isAdmin());
     $this->_templates = array();
     // action => template, default: action => action.tpl
     $this->_actions = array();
     // action => function, default: action => $this->_action()
     $this->_default_page = 0;
     $this->_default_count = 20;
     $args = array();
     foreach ($_GET as $id => $val) {
         $args[$id] = $val;
     }
     foreach ($_POST as $id => $val) {
         $args[$id] = $val;
     }
     $this->setTemplateVar('_ARGS', $args);
     $this->setTemplateVar('_POST', $_POST);
     $this->setTemplateVar('_GET', $_GET);
     $this->_db = Database::singletone()->db();
     if (!empty($this->_templates[$this->_action])) {
         $this->_template = $this->_templates[$this->_action];
     } else {
         $this->_template = $this->_action . ".tpl";
     }
     if (!empty($this->_actions[$this->_action])) {
         $this->_action_fn = $this->_actions[$this->_action];
     } else {
         $this->_action_fn = '$this->_' . $this->_action;
     }
     $this->_action_fn = str_replace("-", "_", $this->_action_fn);
     $this->_action_fn = str_replace("_>", "->", $this->_action_fn);
     $this->_smarty->register_function('url', 'smarty_url');
     $this->_smarty->register_function('full_url', 'smarty_full_url');
     $this->_smarty->register_function('decode_ip', 'smarty_decode_ip');
     $this->_valid = true;
     /*
     		$this->_templates = array(
     			'index' => 'index.tpl',
     			'view' => 'view.tpl',
     			'categories' => 'categories.tpl',
     			'category' => 'category.tpl',
     			'user' => 'user.tpl',
     			'register' => 'register-form.tpl',
     			'registered' => 'registered.tpl',
     			'reg-disabled' => 'reg-disabled.tpl',
     			'activate' => 'activation.tpl',
     			'login' => 'login.tpl'
     		);
     */
 }
	function renderContent() {

		$comments = $this->_photo->getComments();
		$session = Session::singletone();

		if (!empty($comments)) {
			foreach ($comments as $cmnt) {
?>
<div class="a_comment">
<div class="a_comment_hdr"><?=htmlspecialchars($cmnt->_dbo->comment_title)?></div>
<div class="a_comment_text">
<div class="a_table_list_details"><?=htmlspecialchars($cmnt->_user->user_login)?>, <?=Utils::formatTime($cmnt->_dbo->comment_date)?></div>
<?=nl2br(htmlspecialchars($cmnt->_dbo->comment_text))?>
</div>

<div class="a_comment_actions">
<?php if ($cmnt->_dbo->user_id == $session->_uid || Permissions::checkPermAndLevel('edit_comments', $cmnt->_dbo->user_id)) { ?>
	<a href="<?php echo HTML::addRef($session->addSID("edit_comment.php?cmid=" . $cmnt->_cmid));?>" title="Edytuj komentarz"><?php HTML::img("edit.gif", "Edytuj komentarz"); ?></a>
<? } ?>
<?php if ($cmnt->_dbo->user_id == $session->_uid || Permissions::checkPermAndLevel('delete_comments', $cmnt->_dbo->user_id)) { ?>
	<a href="<?php echo HTML::addRef($session->addSID("remove_comment.php?cmid=" . $cmnt->_cmid));?>" onclick='return confirm("Czy na pewno usun±æ komentarz?");' title="Usuñ komentarz"><?php HTML::img("trash.gif", "Usuñ komentarz"); ?></a>
<?php } ?>
</div>
</div>
<?php
			}
		} else {
?>
<div class="a_comment">Brak komentarzy.</div>
<?php
		}
	}
Example #14
0
 function login($login, $pass)
 {
     $session = Session::singletone();
     $this->_dbo = DB_DataObject::Factory('phph_users');
     if (PEAR::isError($this->_dbo)) {
         throw new Exception2(_INTERNAL_ERROR, $this->_dbo->getMessage());
     }
     $this->_dbo->user_login = $login;
     $this->_dbo->user_pass = md5($pass);
     $r = $this->_dbo->find();
     if (PEAR::isError($r)) {
         throw new Exception2(_INTERNAL_ERROR, $r->getMessage());
     }
     if ($r == 0) {
         throw new Exception2(_LOGIN_FAILED, "");
     }
     $r = $this->_dbo->fetch();
     if (PEAR::isError($r)) {
         throw new Exception2(_INTERNAL_ERROR, $r->getMessage());
     }
     $this->_dbo->user_lastlogin = time();
     $this->_dbo->update();
     $this->_uid = $this->_dbo->user_id;
     $session->_uid = $this->_dbo->user_id;
     $session->newSession();
 }