$objAlbumGuest->setName('albumpolicy_guest');
$objAlbumMember->setName('albumpolicy_member');
$objAlbumGroup->setName('albumpolicy_group');
/* Set the default width, height, and mime. */
if ($objAlbum->get('max_width', DEFAULT_X, true) == '') {
$objAlbum->set('max_width', DEFAULT_X);
}
if ($objAlbum->get('max_height', DEFAULT_Y, true) == '') {
$objAlbum->set('max_height', DEFAULT_Y);
}
if ($objAlbum->get('mime', DEFAULT_MIME, true) == '') {
$objAlbum->set('mime', DEFAULT_MIME);
}
/* The template that looks after the edit page. */
$objEditTemplate = new clsTemplate('editalbum');
$objEditTemplate->setText('HIDDEN', $objAlbum->getHiddenField('id'));
$objEditTemplate->setText('HIDDEN', $objAlbumGuest->getHiddenField('id'));
$objEditTemplate->setText('HIDDEN', $objAlbumMember->getHiddenField('id'));
$objEditTemplate->setText('HIDDEN', $objAlbumGroup->getHiddenField('id'));
$objEditTemplate->setText('HIDDEN', $objAlbum->getHiddenField('album_id'));
$objEditTemplate->setText('HIDDEN', "<input type='hidden' name='action' value='albums'>");
$objEditTemplate->setText('HIDDEN', "<input type='hidden' name='subaction' value='save'>");
$objEditTemplate->setText('MAXWIDTH', MAX_X);
$objEditTemplate->setText('MAXHEIGHT', MAX_Y);
$objEditTemplate->setText('NAME', $objAlbum->getTextField('name', new clsParameters('SIZE', 40)));
$objEditTemplate->setText('PARENT', $objParent->isNew() ? "n/a" : $objParent->get('name'));
$objEditTemplate->setText('GROUP', $objAlbum->getCombo('group_id', clsDB::getOptionsFromList(clsGroup::getGroups($objUser), 'name', 'id', "No group.")));
$objEditTemplate->setText('CAPTION', $objAlbum->getTextArea('caption', 4, 45));
$objEditTemplate->setText('EXPORTKEY', $objAlbum->getTextField('export_tag', new clsParameters('SIZE', 4)));
$objEditTemplate->setText('WIDTH', $objAlbum->getTextField('max_width', new clsParameters('SIZE', 3)));
$objEditTemplate->setText('HEIGHT', $objAlbum->getTextField('max_height', new clsParameters('SIZE', 3)));
$objUser = clsUser::getCookie();
} else {
$objUser = $_SESSION['objUser'];
}
/* This re-loads the user object in case it's changed. */
if ($objUser) {
$objUser = new clsUser($objUser->get('id'));
}
if ($objUser && $objUser->isNew()) {
$objUser = null;
}
if (!preg_match('/^[a-zA-Z2-9_-]*$/', $strAction)) {
throw new Exception(ERRORMSG_INVALID);
}
$objTemplate = new clsTemplate('default');
$objTemplate->setText('SCRIPT', clsDB::initializeJS());
$objTemplate->setText('TITLE', "OSPAP2");
/* Inline CSS for advanced. */
$objTemplate->setText('HEAD', clsUser::getAdvancedStyle($objUser));
if (isset($_REQUEST['error']) && isset($arrMessages[$_REQUEST['error']])) {
$objTemplate->setText('ERROR', $arrMessages[$_REQUEST['error']]);
} else {
if (isset($_REQUEST['message']) && isset($arrMessages[$_REQUEST['message']])) {
$objTemplate->setText('MESSAGE', $arrMessages[$_REQUEST['message']]);
}
}
$objTemplate->setScript('MENU', 'menu');
$objTemplate->setScript('LOGO', 'logo');
$objTemplate->setText('COPYRIGHT', "Written by <a href='mailto:ronospap@skullsecurity.org'>Ron</a>. This page and code are public domain. Code is available upon request. No warranty or promises of any kind.");
switch ($strAction) {
case '':
} else {
if ($strSubAction == 'delete') {
if (!$objComment->canDelete($objUser)) {
throw new Exception('exception_accessdenied');
}
$objComment->delete();
$objComment->save();
header("Location: index.php?action=picture&" . $objPicture->getIDPair());
} else {
if ($strSubAction = 'viewnew') {
if (!$objUser) {
throw new Exception('exception_accessdenied');
}
$arrComments = clsComment::getNewComments($objUser);
foreach ($arrComments as $objComment) {
$objComment = new clsComment($objComment->get('id'));
$objPicture = new clsPicture($objComment->get('picture_id'));
$objCommentTemplate = new clsTemplate('newcomment');
$objCommentTemplate->setText('IMAGE', "<a href='index.php?action=picture&" . $objPicture->getIDPair() . "'>" . $objPicture->getHtmlThumbnail(128, 128) . "</a>");
$objCommentTemplate->setText('TITLE', $objComment->get('title') . ' ' . $objComment->getNewIcon($objUser));
$objCommentTemplate->setText('USERNAME', $objComment->getUsername());
$objCommentTemplate->setText('DATE', time_to_text(strtotime($objComment->get('date'))));
$objCommentTemplate->setText('TEXT', bbcode_format($objComment->get('text')));
print $objCommentTemplate->get();
/* Mark the comment as viewed */
$objComment->setViewed($objUser);
}
}
}
}
}
$objMiniMenu->add('News Archive', 'index.php?subaction=archive');
}
if ($objUser && $objUser->get('is_admin')) {
$objMiniMenu->add('Post News', 'index.php?subaction=edit');
}
$objMiniMenu->add('Upload Image', 'index.php?action=upload');
$objMiniMenu->add('Pending Uploads', 'index.php?action=upload&subaction=preview');
foreach ($arrNews as $objNews) {
if ($objUser && $objUser->get('is_admin')) {
$objNewsTemplate = new clsTemplate('newsitemadmin');
} else {
$objNewsTemplate = new clsTemplate('newsitem');
}
$objNewsUser = $objNews->getForeignObject('user');
$objAlbum = $objNews->getForeignObject('album');
$objNewsTemplate->setText('ID', $objNews->get('id'));
$objNewsTemplate->setText('USERID', $objNewsUser->get('id'));
$objNewsTemplate->setText('USERNAME', $objNewsUser->get('username'));
$objNewsTemplate->setText('DATE', date('Y-m-d', strtotime($objNews->get('date'))));
$objNewsTemplate->setText('TITLE', $objNews->get('title'));
$objNewsTemplate->setText('TEXT', bbcode_format($objNews->get('text')));
echo $objNewsTemplate->get();
}
} else {
if (!$objUser || $objUser->get('is_admin') != 1) {
throw new Exception("exception_accessdenied");
}
$objNews = new clsDB('news');
$objNews->getFromRequest(array('id', 'title', 'text'));
if ($strSubAction == 'edit') {
$objNews->load();
$objMemberTemplate->setText('EMAIL', $objMember->getTextField('email'));
$objMemberTemplate->setText('ADVANCED', $objMember->getCheckNoJavascript('is_advanced'));
$objMemberTemplate->setText('SHOWEMPTY', $objMember->getCheckNoJavascript('show_empty'));
$objMemberTemplate->setText('REMEMBERFILTER', $objMember->getCheckNoJavascript('remember_filter'));
$objMemberTemplate->setText('REALNAME', $objMember->getTextField('realname'));
$objMemberTemplate->setText('LOCATION', $objMember->getTextField('location'));
$objMemberTemplate->setText('SAVE', $objMember->getSubmit('Save'));
if (!$objMember->isNew()) {
$objMemberTemplate->setText('BLANK', "(Blank not to change it.)");
}
print $objMemberTemplate->get();
} else {
$objTemplate->setText('PAGETITLE', 'Viewing ' . $objMember->get('username'));
$objBreadcrumbs->add($objMember->get('username'), "index.php?action=members&subaction=view&" . $objMember->getIDPair());
$objMemberTemplate = new clsTemplate('viewuser');
$objMemberTemplate->setText('USERNAME', $objMember->get('username'));
$objMemberTemplate->setText('REALNAME', $objMember->get('realname'));
$objMemberTemplate->setText('LOCATION', $objMember->get('location'));
print $objMemberTemplate->get();
}
}
if ($strSubAction == 'save') {
if (!clsUser::canEdit($objMember, $objUser)) {
throw new Exception('exception_accessdenied');
}
$objMember->getFromRequest(array('id', 'username', 'password1', 'password2', 'email', 'is_advanced', 'show_empty', 'remember_filter', 'realname', 'location'));
if ($objMember->isNew()) {
$ret = $objMember->attemptCreate();
if (is_string($ret)) {
$objMember->remove('password1');
$objMember->remove('password2');
$str = '';
$str .= "<tr>";
$str .= "<td><a href='index.php?action=members&subaction=view&" . $objMember->getIDPair() . "'>" . $objMember->get('username') . "</a></td>";
$str .= "<td>Awaiting Acceptance</td>";
$str .= "</tr>";
$objGroupTemplate->setText('PENDING', $str);
}
print $objGroupTemplate->get();
}
if ($strSubAction == 'edit') {
if (!$objGroup->canEdit($objUser)) {
throw new Exception('exception_accessdenied');
}
$objTemplate->setText('PAGETITLE', "Editing Group: " . $objGroup->get('name'));
$objGroupTemplate = new clsTemplate('editgroup');
$objGroupTemplate->setText('HIDDEN', $objGroup->getHiddenField('id'));
$objGroupTemplate->setText('HIDDEN', "<input type='hidden' name='action' value='groups'>");
$objGroupTemplate->setText('HIDDEN', "<input type='hidden' name='subaction' value='save'>");
$objGroupTemplate->setText('NAME', $objGroup->getTextField('name'));
$objGroupTemplate->setText('ISPRIVATE', $objGroup->getCheckNoJavascript('is_private'));
$objGroupTemplate->setText('ISHIDDEN', $objGroup->getCheckNoJavascript('is_hidden'));
$objGroupTemplate->setText('SAVE', $objGroup->getSubmit('Save'));
print $objGroupTemplate->get();
}
if ($strSubAction == 'save') {
if (!$objGroup->canEdit($objUser)) {
throw new Exception('exception_accessdenied');
}
$objGroup->getFromRequest(array('id', 'name', 'is_private', 'is_hidden'));
if ($objGroup->isNew()) {
$objGroup->set('user_id', $objUser->get('id'));
} else {
if ($objNextPicture) {
header("Location: index.php?action=picture&" . $objNextPicture->getIDPair());
} else {
header("Location: index.php?action=albums&" . $objAlbum->getIDPair());
}
}
}
}
if ($strSubAction == 'edit') {
if (!$objPicture->canEdit($objUser)) {
throw new Exception('exception_accessdenied');
}
$objTemplate->setText('PAGETITLE', "Editing " . $objPicture->get('title'));
$objEditTemplate = new clsTemplate('editpicture');
$objEditTemplate->setText('HIDDEN', "<input type='hidden' name='action' value='picture'>");
$objEditTemplate->setText('HIDDEN', "<input type='hidden' name='subaction' value='save'>");
$objEditTemplate->setText('HIDDEN', $objPicture->getHiddenField('id'));
$objEditTemplate->setText('ID', $objPicture->get('id'));
$objEditTemplate->setText('WIDTH', $objPicture->get('width'));
$objEditTemplate->setText('HEIGHT', $objPicture->get('height'));
$objEditTemplate->setText('IMAGE', $objPicture->getHtmlThumbnail(250, 250));
$objEditTemplate->setText('ALBUM', $objAlbum->get('name'));
$objEditTemplate->setText('TITLE', $objPicture->getTextField('title'));
$objEditTemplate->setText('CAPTION', $objPicture->getTextArea('caption', 4, 45));
$objEditTemplate->setText('CONFIRMED', $objPicture->getCheckNoJavascript('confirmed'));
$objEditTemplate->setText('SUBMIT', $objPicture->getSubmit('Save'));
print $objEditTemplate->get();
}
if ($strSubAction == 'save') {
if (!$objPicture->canEdit($objUser)) {
public function display($objUser)
{
$objAlbumOwner = $this->getForeignObject('user');
$intPictureCount = sizeof($this->getPictures());
$intSubAlbumCount = sizeof($this->getSubAlbums($objUser));
if ($intPictureCount == 0 && $intAlbumCount == 0 && $objUser && $objUser->get('show_empty') == 0) {
return '';
}
$objAlbumTemplate = new clsTemplate('album');
$objAlbumTemplate->setText('NAME', "<a href='index.php?action=albums&" . $this->getIDPair() . "' class='albumentrylink'>" . $this->get('name') . "</a> " . $this->getNewIcon($objUser));
$objAlbumTemplate->setText('ID', $this->get('id'));
$objAlbumTemplate->setText('USERNAME', $objAlbumOwner->get('username'));
$objAlbumTemplate->setText('CAPTION', bbcode_format($this->get('caption')));
$objAlbumTemplate->setText('EXPANDCLICK', "toggle_album(\"" . $this->get('id') . "\");");
$objAlbumTemplate->setText('LASTUPDATED', $this->getLastUpdated());
$objAlbumTemplate->setText('PICTURECOUNT', $intPictureCount);
$objAlbumTemplate->setText('ALBUMCOUNT', $intSubAlbumCount);
if ($intPictureCount == 0 && $intSubAlbumCount == 0) {
$objAlbumTemplate->setText('ISEMPTY', '(empty)');
}
$strPreview = "";
$arrPictures = $this->getTopPictures(ALBUM_NUMPREVIEW);
foreach ($arrPictures as $objPicture) {
$objAlbumTemplate->setText('PREVIEW', $objPicture->getHtmlThumbnail(ALBUM_PREVIEWSIZE, ALBUM_PREVIEWSIZE));
}
print $objAlbumTemplate->get();
}
}
/* Make sure that users can only edit their own pictures. */
$objPicture->delete();
$objPicture->save();
header("Location: index.php?action=upload&subaction=preview");
}
if ($strSubAction == 'preview') {
$objTemplate->setText('PAGETITLE', "Pending Pictures");
$objBreadcrumbs->add('Upload', 'index.php?action=upload');
$objBreadcrumbs->add('Pending', 'index.php?action=upload&subaction=preview');
$arrPictures = clsPicture::getPending($objUser);
print "You have <strong>" . sizeof($arrPictures) . "</strong> pictures waiting for attention" . ($objUser ? "" : " (note: unsaved images from all guests will appear here)") . ":<br><br>";
foreach ($arrPictures as $objPicture) {
$objPicture = new clsPicture($objPicture->get('id'));
$objAlbum = new clsAlbum($objPicture->get('album_id'));
$objTemplate = new clsTemplate('preview');
$objTemplate->setText('HIDDEN', $objPicture->getHiddenField('id'));
$objTemplate->setText('ALBUM', $objPicture->getCombo('album_id', clsDB::getOptionsFromList($objAlbum->getPostableAlbums($objUser), 'name', 'id', "Select an album")));
$objTemplate->setText('ID', $objPicture->get('id'));
$objTemplate->setText('IMAGE', $objPicture->getHtmlThumbnail(250, 250));
/* TODO: Customizable? */
$objTemplate->setText('NAME', $objPicture->get('original_name'));
$objTemplate->setText('WIDTH', $objPicture->get('width'));
$objTemplate->setText('HEIGHT', $objPicture->get('height'));
$objTemplate->setText('SAVEDELETE', $objPicture->getCombo('subaction', array('confirm' => 'Keep', 'delete' => 'Don\'t keep'), null, true));
$objTemplate->setText('TITLE', $objPicture->getTextField('title'));
$objTemplate->setText('CAPTION', $objPicture->getTextArea('caption'));
$objTemplate->setText('SUBMIT', $objPicture->getSubmit('Save'));
print $objTemplate->get();
}
}
