cpg_db_query($query);
} else {
cpg_die(CRITICAL_ERROR, sprintf($lang_delete_php['err_invalid_data'], $sort_list_matched[0]), __FILE__, __LINE__);
}
}
$album_id = $superCage->post->getInt('album_id');
$result = cpg_db_query("SELECT aid, pid, filename, title, position FROM {$CONFIG['TABLE_PICTURES']} WHERE aid = '{$album_id}' ORDER BY position ASC, pid");
$rowset = cpg_db_fetch_rowset($result, true);
if ($superCage->post->keyExists('picture_order')) {
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
//get the sorted order - cast to int below
$get_rows = $superCage->post->getEscaped('picture_order');
$sort_rows = parse_pic_list($get_rows);
$returnOutput .= '<tr><td colspan="6"><ul>';
$update_count = 0;
foreach ($sort_rows as $key => $option_value) {
$option_value = (int) $option_value;
if ($option_value == $rowset[$key]['pid']) {
continue;
}
//update the new position
$returnOutput .= '<li>' . sprintf($lang_delete_php['moved_picture_to_position'], $option_value, $rowset[$key]['position']) . '</li>';
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET position = '{$rowset[$key]['position']}' WHERE pid = '{$option_value}' {$restrict} LIMIT 1";
cpg_db_query($query);
$update_count++;
}
if ($update_count == 0) {
$returnOutput .= '<li>' . $lang_albmgr_php['no_change'] . '</li>';
} else {
$restrict = '';
}
pageheader($lang_delete_php['pic_mgr']);
starttable("100%", $lang_delete_php['pic_mgr'], 6);
$orig_sort_order = parse_pic_list($_POST['sort_order']);
foreach ($orig_sort_order as $picture) {
$op = parse_pic_orig_sort_order($picture);
if (count($op) == 2) {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET position='{$op['pos']}' WHERE pid='{$op['aid']}' {$restrict} LIMIT 1";
cpg_db_query($query);
} else {
cpg_die(sprintf(CRITICAL_ERROR, $lang_delete_php['err_invalid_data'], $_POST['sort_order']), __FILE__, __LINE__);
}
}
$to_delete = parse_pic_list($_POST['delete_picture']);
foreach ($to_delete as $picture_id) {
delete_picture((int) $picture_id);
}
if (isset($_POST['to'])) {
foreach ($_POST['to'] as $option_value) {
$op = parse_pic_select_option(stripslashes($option_value));
switch ($op['action']) {
case '0':
break;
case '1':
if (GALLERY_ADMIN_MODE) {
$category = (int) $_POST['cat'];
} else {
$category = FIRST_USER_CAT + USER_ID;
}
$restrict = "AND (category = '" . (FIRST_USER_CAT + USER_ID) . "'";
} else {
$restrict = "AND (0";
}
foreach ($rowset as $key => $value) {
$restrict .= " OR category = '" . $value['cid'] . "'";
}
$restrict .= ")";
} else {
$restrict = '';
}
$returnOutput = '';
// the var that will later be shown as a result of the action performed
$returnOutput .= '<table border="0" cellspacing="0" cellpadding="0" width="100%">';
$sort_list_matched = $superCage->post->getMatched('sort_order', '/^[0-9@,]+$/');
$orig_sort_order = parse_pic_list($sort_list_matched[0]);
foreach ($orig_sort_order as $album) {
$alb = parse_pic_orig_sort_order($album);
$sort_array[$i] = $alb['aid'];
if (count($alb) == 2) {
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET pos = '{$alb['pos']}' WHERE aid = '{$alb['pid']}' {$restrict} LIMIT 1";
cpg_db_query($query);
} else {
cpg_die(CRITICAL_ERROR, sprintf($lang_delete_php['err_invalid_data'], $sort_list_matched[0]), __FILE__, __LINE__);
}
}
//prevent sorting of the albums if not admin or in own album
$sorted_list = $superCage->post->getMatched('sort_order', '/^[0-9@,]+$/');
//getting the category to redirect to album manager
//$category = $superCage->get->getInt('cat');
if ($superCage->get->keyExists('cat')) {
