$objAlbumGuest->setName('albumpolicy_guest'); $objAlbumMember->setName('albumpolicy_member'); $objAlbumGroup->setName('albumpolicy_group'); /* Set the default width, height, and mime. */ if ($objAlbum->get('max_width', DEFAULT_X, true) == '') { $objAlbum->set('max_width', DEFAULT_X); } if ($objAlbum->get('max_height', DEFAULT_Y, true) == '') { $objAlbum->set('max_height', DEFAULT_Y); } if ($objAlbum->get('mime', DEFAULT_MIME, true) == '') { $objAlbum->set('mime', DEFAULT_MIME); } /* The template that looks after the edit page. */ $objEditTemplate = new clsTemplate('editalbum'); $objEditTemplate->setText('HIDDEN', $objAlbum->getHiddenField('id')); $objEditTemplate->setText('HIDDEN', $objAlbumGuest->getHiddenField('id')); $objEditTemplate->setText('HIDDEN', $objAlbumMember->getHiddenField('id')); $objEditTemplate->setText('HIDDEN', $objAlbumGroup->getHiddenField('id')); $objEditTemplate->setText('HIDDEN', $objAlbum->getHiddenField('album_id')); $objEditTemplate->setText('HIDDEN', "<input type='hidden' name='action' value='albums'>"); $objEditTemplate->setText('HIDDEN', "<input type='hidden' name='subaction' value='save'>"); $objEditTemplate->setText('MAXWIDTH', MAX_X); $objEditTemplate->setText('MAXHEIGHT', MAX_Y); $objEditTemplate->setText('NAME', $objAlbum->getTextField('name', new clsParameters('SIZE', 40))); $objEditTemplate->setText('PARENT', $objParent->isNew() ? "n/a" : $objParent->get('name')); $objEditTemplate->setText('GROUP', $objAlbum->getCombo('group_id', clsDB::getOptionsFromList(clsGroup::getGroups($objUser), 'name', 'id', "No group."))); $objEditTemplate->setText('CAPTION', $objAlbum->getTextArea('caption', 4, 45)); $objEditTemplate->setText('EXPORTKEY', $objAlbum->getTextField('export_tag', new clsParameters('SIZE', 4))); $objEditTemplate->setText('WIDTH', $objAlbum->getTextField('max_width', new clsParameters('SIZE', 3))); $objEditTemplate->setText('HEIGHT', $objAlbum->getTextField('max_height', new clsParameters('SIZE', 3)));
$objUser = clsUser::getCookie(); } else { $objUser = $_SESSION['objUser']; } /* This re-loads the user object in case it's changed. */ if ($objUser) { $objUser = new clsUser($objUser->get('id')); } if ($objUser && $objUser->isNew()) { $objUser = null; } if (!preg_match('/^[a-zA-Z2-9_-]*$/', $strAction)) { throw new Exception(ERRORMSG_INVALID); } $objTemplate = new clsTemplate('default'); $objTemplate->setText('SCRIPT', clsDB::initializeJS()); $objTemplate->setText('TITLE', "OSPAP2"); /* Inline CSS for advanced. */ $objTemplate->setText('HEAD', clsUser::getAdvancedStyle($objUser)); if (isset($_REQUEST['error']) && isset($arrMessages[$_REQUEST['error']])) { $objTemplate->setText('ERROR', $arrMessages[$_REQUEST['error']]); } else { if (isset($_REQUEST['message']) && isset($arrMessages[$_REQUEST['message']])) { $objTemplate->setText('MESSAGE', $arrMessages[$_REQUEST['message']]); } } $objTemplate->setScript('MENU', 'menu'); $objTemplate->setScript('LOGO', 'logo'); $objTemplate->setText('COPYRIGHT', "Written by <a href='mailto:ronospap@skullsecurity.org'>Ron</a>. This page and code are public domain. Code is available upon request. No warranty or promises of any kind."); switch ($strAction) { case '':
} else { if ($strSubAction == 'delete') { if (!$objComment->canDelete($objUser)) { throw new Exception('exception_accessdenied'); } $objComment->delete(); $objComment->save(); header("Location: index.php?action=picture&" . $objPicture->getIDPair()); } else { if ($strSubAction = 'viewnew') { if (!$objUser) { throw new Exception('exception_accessdenied'); } $arrComments = clsComment::getNewComments($objUser); foreach ($arrComments as $objComment) { $objComment = new clsComment($objComment->get('id')); $objPicture = new clsPicture($objComment->get('picture_id')); $objCommentTemplate = new clsTemplate('newcomment'); $objCommentTemplate->setText('IMAGE', "<a href='index.php?action=picture&" . $objPicture->getIDPair() . "'>" . $objPicture->getHtmlThumbnail(128, 128) . "</a>"); $objCommentTemplate->setText('TITLE', $objComment->get('title') . ' ' . $objComment->getNewIcon($objUser)); $objCommentTemplate->setText('USERNAME', $objComment->getUsername()); $objCommentTemplate->setText('DATE', time_to_text(strtotime($objComment->get('date')))); $objCommentTemplate->setText('TEXT', bbcode_format($objComment->get('text'))); print $objCommentTemplate->get(); /* Mark the comment as viewed */ $objComment->setViewed($objUser); } } } } }
$objMiniMenu->add('News Archive', 'index.php?subaction=archive'); } if ($objUser && $objUser->get('is_admin')) { $objMiniMenu->add('Post News', 'index.php?subaction=edit'); } $objMiniMenu->add('Upload Image', 'index.php?action=upload'); $objMiniMenu->add('Pending Uploads', 'index.php?action=upload&subaction=preview'); foreach ($arrNews as $objNews) { if ($objUser && $objUser->get('is_admin')) { $objNewsTemplate = new clsTemplate('newsitemadmin'); } else { $objNewsTemplate = new clsTemplate('newsitem'); } $objNewsUser = $objNews->getForeignObject('user'); $objAlbum = $objNews->getForeignObject('album'); $objNewsTemplate->setText('ID', $objNews->get('id')); $objNewsTemplate->setText('USERID', $objNewsUser->get('id')); $objNewsTemplate->setText('USERNAME', $objNewsUser->get('username')); $objNewsTemplate->setText('DATE', date('Y-m-d', strtotime($objNews->get('date')))); $objNewsTemplate->setText('TITLE', $objNews->get('title')); $objNewsTemplate->setText('TEXT', bbcode_format($objNews->get('text'))); echo $objNewsTemplate->get(); } } else { if (!$objUser || $objUser->get('is_admin') != 1) { throw new Exception("exception_accessdenied"); } $objNews = new clsDB('news'); $objNews->getFromRequest(array('id', 'title', 'text')); if ($strSubAction == 'edit') { $objNews->load();
$objMemberTemplate->setText('EMAIL', $objMember->getTextField('email')); $objMemberTemplate->setText('ADVANCED', $objMember->getCheckNoJavascript('is_advanced')); $objMemberTemplate->setText('SHOWEMPTY', $objMember->getCheckNoJavascript('show_empty')); $objMemberTemplate->setText('REMEMBERFILTER', $objMember->getCheckNoJavascript('remember_filter')); $objMemberTemplate->setText('REALNAME', $objMember->getTextField('realname')); $objMemberTemplate->setText('LOCATION', $objMember->getTextField('location')); $objMemberTemplate->setText('SAVE', $objMember->getSubmit('Save')); if (!$objMember->isNew()) { $objMemberTemplate->setText('BLANK', "(Blank not to change it.)"); } print $objMemberTemplate->get(); } else { $objTemplate->setText('PAGETITLE', 'Viewing ' . $objMember->get('username')); $objBreadcrumbs->add($objMember->get('username'), "index.php?action=members&subaction=view&" . $objMember->getIDPair()); $objMemberTemplate = new clsTemplate('viewuser'); $objMemberTemplate->setText('USERNAME', $objMember->get('username')); $objMemberTemplate->setText('REALNAME', $objMember->get('realname')); $objMemberTemplate->setText('LOCATION', $objMember->get('location')); print $objMemberTemplate->get(); } } if ($strSubAction == 'save') { if (!clsUser::canEdit($objMember, $objUser)) { throw new Exception('exception_accessdenied'); } $objMember->getFromRequest(array('id', 'username', 'password1', 'password2', 'email', 'is_advanced', 'show_empty', 'remember_filter', 'realname', 'location')); if ($objMember->isNew()) { $ret = $objMember->attemptCreate(); if (is_string($ret)) { $objMember->remove('password1'); $objMember->remove('password2');
$str = ''; $str .= "<tr>"; $str .= "<td><a href='index.php?action=members&subaction=view&" . $objMember->getIDPair() . "'>" . $objMember->get('username') . "</a></td>"; $str .= "<td>Awaiting Acceptance</td>"; $str .= "</tr>"; $objGroupTemplate->setText('PENDING', $str); } print $objGroupTemplate->get(); } if ($strSubAction == 'edit') { if (!$objGroup->canEdit($objUser)) { throw new Exception('exception_accessdenied'); } $objTemplate->setText('PAGETITLE', "Editing Group: " . $objGroup->get('name')); $objGroupTemplate = new clsTemplate('editgroup'); $objGroupTemplate->setText('HIDDEN', $objGroup->getHiddenField('id')); $objGroupTemplate->setText('HIDDEN', "<input type='hidden' name='action' value='groups'>"); $objGroupTemplate->setText('HIDDEN', "<input type='hidden' name='subaction' value='save'>"); $objGroupTemplate->setText('NAME', $objGroup->getTextField('name')); $objGroupTemplate->setText('ISPRIVATE', $objGroup->getCheckNoJavascript('is_private')); $objGroupTemplate->setText('ISHIDDEN', $objGroup->getCheckNoJavascript('is_hidden')); $objGroupTemplate->setText('SAVE', $objGroup->getSubmit('Save')); print $objGroupTemplate->get(); } if ($strSubAction == 'save') { if (!$objGroup->canEdit($objUser)) { throw new Exception('exception_accessdenied'); } $objGroup->getFromRequest(array('id', 'name', 'is_private', 'is_hidden')); if ($objGroup->isNew()) { $objGroup->set('user_id', $objUser->get('id'));
} else { if ($objNextPicture) { header("Location: index.php?action=picture&" . $objNextPicture->getIDPair()); } else { header("Location: index.php?action=albums&" . $objAlbum->getIDPair()); } } } } if ($strSubAction == 'edit') { if (!$objPicture->canEdit($objUser)) { throw new Exception('exception_accessdenied'); } $objTemplate->setText('PAGETITLE', "Editing " . $objPicture->get('title')); $objEditTemplate = new clsTemplate('editpicture'); $objEditTemplate->setText('HIDDEN', "<input type='hidden' name='action' value='picture'>"); $objEditTemplate->setText('HIDDEN', "<input type='hidden' name='subaction' value='save'>"); $objEditTemplate->setText('HIDDEN', $objPicture->getHiddenField('id')); $objEditTemplate->setText('ID', $objPicture->get('id')); $objEditTemplate->setText('WIDTH', $objPicture->get('width')); $objEditTemplate->setText('HEIGHT', $objPicture->get('height')); $objEditTemplate->setText('IMAGE', $objPicture->getHtmlThumbnail(250, 250)); $objEditTemplate->setText('ALBUM', $objAlbum->get('name')); $objEditTemplate->setText('TITLE', $objPicture->getTextField('title')); $objEditTemplate->setText('CAPTION', $objPicture->getTextArea('caption', 4, 45)); $objEditTemplate->setText('CONFIRMED', $objPicture->getCheckNoJavascript('confirmed')); $objEditTemplate->setText('SUBMIT', $objPicture->getSubmit('Save')); print $objEditTemplate->get(); } if ($strSubAction == 'save') { if (!$objPicture->canEdit($objUser)) {
public function display($objUser) { $objAlbumOwner = $this->getForeignObject('user'); $intPictureCount = sizeof($this->getPictures()); $intSubAlbumCount = sizeof($this->getSubAlbums($objUser)); if ($intPictureCount == 0 && $intAlbumCount == 0 && $objUser && $objUser->get('show_empty') == 0) { return ''; } $objAlbumTemplate = new clsTemplate('album'); $objAlbumTemplate->setText('NAME', "<a href='index.php?action=albums&" . $this->getIDPair() . "' class='albumentrylink'>" . $this->get('name') . "</a> " . $this->getNewIcon($objUser)); $objAlbumTemplate->setText('ID', $this->get('id')); $objAlbumTemplate->setText('USERNAME', $objAlbumOwner->get('username')); $objAlbumTemplate->setText('CAPTION', bbcode_format($this->get('caption'))); $objAlbumTemplate->setText('EXPANDCLICK', "toggle_album(\"" . $this->get('id') . "\");"); $objAlbumTemplate->setText('LASTUPDATED', $this->getLastUpdated()); $objAlbumTemplate->setText('PICTURECOUNT', $intPictureCount); $objAlbumTemplate->setText('ALBUMCOUNT', $intSubAlbumCount); if ($intPictureCount == 0 && $intSubAlbumCount == 0) { $objAlbumTemplate->setText('ISEMPTY', '(empty)'); } $strPreview = ""; $arrPictures = $this->getTopPictures(ALBUM_NUMPREVIEW); foreach ($arrPictures as $objPicture) { $objAlbumTemplate->setText('PREVIEW', $objPicture->getHtmlThumbnail(ALBUM_PREVIEWSIZE, ALBUM_PREVIEWSIZE)); } print $objAlbumTemplate->get(); }
} /* Make sure that users can only edit their own pictures. */ $objPicture->delete(); $objPicture->save(); header("Location: index.php?action=upload&subaction=preview"); } if ($strSubAction == 'preview') { $objTemplate->setText('PAGETITLE', "Pending Pictures"); $objBreadcrumbs->add('Upload', 'index.php?action=upload'); $objBreadcrumbs->add('Pending', 'index.php?action=upload&subaction=preview'); $arrPictures = clsPicture::getPending($objUser); print "You have <strong>" . sizeof($arrPictures) . "</strong> pictures waiting for attention" . ($objUser ? "" : " (note: unsaved images from all guests will appear here)") . ":<br><br>"; foreach ($arrPictures as $objPicture) { $objPicture = new clsPicture($objPicture->get('id')); $objAlbum = new clsAlbum($objPicture->get('album_id')); $objTemplate = new clsTemplate('preview'); $objTemplate->setText('HIDDEN', $objPicture->getHiddenField('id')); $objTemplate->setText('ALBUM', $objPicture->getCombo('album_id', clsDB::getOptionsFromList($objAlbum->getPostableAlbums($objUser), 'name', 'id', "Select an album"))); $objTemplate->setText('ID', $objPicture->get('id')); $objTemplate->setText('IMAGE', $objPicture->getHtmlThumbnail(250, 250)); /* TODO: Customizable? */ $objTemplate->setText('NAME', $objPicture->get('original_name')); $objTemplate->setText('WIDTH', $objPicture->get('width')); $objTemplate->setText('HEIGHT', $objPicture->get('height')); $objTemplate->setText('SAVEDELETE', $objPicture->getCombo('subaction', array('confirm' => 'Keep', 'delete' => 'Don\'t keep'), null, true)); $objTemplate->setText('TITLE', $objPicture->getTextField('title')); $objTemplate->setText('CAPTION', $objPicture->getTextArea('caption')); $objTemplate->setText('SUBMIT', $objPicture->getSubmit('Save')); print $objTemplate->get(); } }