Exemple #1
0
function phphoto_admin($db, $settings, $admin)
{
    switch ($admin) {
        case GET_VALUE_ADMIN_GALLERY:
            $gallery_id = isset($_GET[GET_KEY_GALLERY_ID]) ? $_GET[GET_KEY_GALLERY_ID] : INVALID_ID;
            if (is_numeric($gallery_id) && $gallery_id != INVALID_ID) {
                phphoto_echo_admin_gallery($db, $gallery_id);
            } else {
                phphoto_echo_admin_galleries($db);
            }
            break;
        case GET_VALUE_ADMIN_TAG:
            $tag_id = isset($_GET[GET_KEY_TAG_ID]) ? $_GET[GET_KEY_TAG_ID] : INVALID_ID;
            if (is_numeric($tag_id) && $tag_id != INVALID_ID) {
                phphoto_echo_admin_tag($db, $tag_id);
            } else {
                phphoto_echo_admin_tags($db);
            }
            break;
        case GET_VALUE_ADMIN_IMAGE:
            $image_id = isset($_GET[GET_KEY_IMAGE_ID]) ? $_GET[GET_KEY_IMAGE_ID] : INVALID_ID;
            if (is_numeric($image_id) && $image_id != INVALID_ID) {
                phphoto_echo_admin_image($db, $image_id);
            } else {
                phphoto_echo_admin_images($db);
            }
            break;
        case GET_VALUE_ADMIN_CAMERA:
            phphoto_echo_admin_cameras($db);
            break;
        default:
            phphoto_echo_admin_default($db, $settings);
            break;
    }
}
Exemple #2
0
function phphoto_echo_admin_image($db, $image_id)
{
    assert(is_numeric($image_id));
    // prevent SQL injections
    // OPERATIONS
    if (isset($_GET[GET_KEY_OPERATION])) {
        if ($_GET[GET_KEY_OPERATION] == GET_VALUE_UPDATE && isset($_POST['title']) && isset($_POST['description'])) {
            // update image
            $title = $_POST['title'];
            $description = $_POST['description'];
            $active = isset($_POST['active']) ? 'TRUE' : 'FALSE';
            $sql = sprintf("UPDATE images SET title = '%s', description = '%s', active = %s WHERE id = %s", mysql_real_escape_string($title, $db), mysql_real_escape_string($description, $db), $active, $image_id);
            if (phphoto_db_query($db, $sql) == 1) {
                phphoto_popup_message(phphoto_text($db, 'image', 'updated'), 'info');
            }
        }
        if ($_GET[GET_KEY_OPERATION] == GET_VALUE_DELETE && isset($_GET[GET_KEY_IMAGE_ID])) {
            // delete image
            $sql = "DELETE FROM images WHERE id = {$image_id}";
            if (phphoto_db_query($db, $sql) == 1) {
                phphoto_popup_message(phphoto_text($db, 'image', 'deleted'), 'info');
                phphoto_echo_admin_images($db);
                return;
            } else {
                phphoto_popup_message(phphoto_text($db, 'image', 'delete_error'), 'error');
            }
        }
    }
    $sql = "\n        SELECT\n            id,\n            type,\n            width,\n            height,\n            filesize,\n            filename,\n            exif,\n            title,\n            description,\n            active,\n            changed,\n            created\n        FROM\n            images\n        WHERE\n            id = {$image_id}\n    ";
    $image_data = phphoto_db_query($db, $sql);
    $sql = "\n        SELECT\n            id,\n            title\n        FROM\n            galleries\n        WHERE\n            id IN (SELECT gallery_id FROM image_to_gallery WHERE image_id = {$image_id})\n    ";
    $gallery_data = phphoto_db_query($db, $sql);
    $sql = "\n        SELECT\n            id,\n            name\n        FROM\n            tags\n        WHERE\n            id IN (SELECT tag_id FROM image_to_tag WHERE image_id = {$image_id})\n    ";
    $tag_data = phphoto_db_query($db, $sql);
    if (count($image_data) != 1) {
        phphoto_popup_message(phphoto_text($db, 'image', 'unknown'), 'error');
        echo "\n</div>";
        return;
    }
    $gallery_names = array();
    foreach ($gallery_data as $gallery) {
        array_push($gallery_names, "<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_GALLERY . '&' . GET_KEY_GALLERY_ID . "={$gallery['id']}'>" . format_string($gallery['title']) . "</a>");
    }
    $tag_names = array();
    foreach ($tag_data as $tag) {
        array_push($tag_names, "<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_TAG . '&' . GET_KEY_TAG_ID . "={$tag['id']}'>" . format_string($tag['name']) . "</a>");
    }
    $image_data = $image_data[0];
    if ($image_data['exif']) {
        eval('$exif = ' . $image_data['exif'] . ';');
    } else {
        $exif = array();
    }
    $table_data = array();
    array_push($table_data, array('&nbsp;', "<a href='image.php?" . GET_KEY_IMAGE_ID . '=' . $image_id . '&' . GET_KEY_ADMIN_QUERY . "=preview'><img src='image.php?" . GET_KEY_IMAGE_ID . '=' . $image_id . "t' /></a>"));
    array_push($table_data, array(phphoto_text($db, 'header', 'filename'), $image_data['filename']));
    array_push($table_data, array(phphoto_text($db, 'header', 'format'), image_type_to_mime_type($image_data['type'])));
    array_push($table_data, array(phphoto_text($db, 'header', 'filesize'), format_byte($image_data['filesize'])));
    array_push($table_data, array(phphoto_text($db, 'header', 'resolution'), $image_data['width'] . 'x' . $image_data['height'] . ' (' . phphoto_image_aspect_ratio($image_data['width'], $image_data['height']) . ')'));
    array_push($table_data, array(phphoto_text($db, 'header', 'camera'), "<img src='./icons/camera-photo.png' />&nbsp;&nbsp;&nbsp;" . format_camera_model($exif)));
    array_push($table_data, array(phphoto_text($db, 'header', 'settings'), "<img src='./icons/image-x-generic.png' />&nbsp;&nbsp;&nbsp;" . format_camera_settings($exif)));
    array_push($table_data, array(phphoto_text($db, 'header', 'galleries'), implode('<br>', $gallery_names)));
    array_push($table_data, array(phphoto_text($db, 'header', 'tags'), implode('<br>', $tag_names)));
    array_push($table_data, array(phphoto_text($db, 'header', 'title'), "<input type='input' name='title' maxlength='255' value='{$image_data['title']}'>"));
    array_push($table_data, array(phphoto_text($db, 'header', 'description'), "<textarea name='description'>{$image_data['description']}</textarea>"));
    array_push($table_data, array(phphoto_text($db, 'header', 'active'), "<input type='checkbox' name='active'" . ($image_data['active'] ? ' checked' : '') . ">"));
    array_push($table_data, array(phphoto_text($db, 'header', 'changed'), format_date_time($image_data['changed'])));
    array_push($table_data, array(phphoto_text($db, 'header', 'created'), format_date_time($image_data['created'])));
    array_push($table_data, array('&nbsp;', "<input type='submit' value='" . phphoto_text($db, 'button', 'update') . "'>"));
    echo "\n<div class='admin'>";
    echo "\n    <h1>" . phphoto_text($db, 'image', 'edit') . "</h1>";
    echo "\n    <form method='post' action='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_IMAGE . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_UPDATE . '&' . GET_KEY_IMAGE_ID . "={$image_id}'>";
    phphoto_to_html_table($table_data);
    echo "\n    </form>";
    echo "\n</div>";
}