function phphoto_admin($db, $settings, $admin)
{
switch ($admin) {
case GET_VALUE_ADMIN_GALLERY:
$gallery_id = isset($_GET[GET_KEY_GALLERY_ID]) ? $_GET[GET_KEY_GALLERY_ID] : INVALID_ID;
if (is_numeric($gallery_id) && $gallery_id != INVALID_ID) {
phphoto_echo_admin_gallery($db, $gallery_id);
} else {
phphoto_echo_admin_galleries($db);
}
break;
case GET_VALUE_ADMIN_TAG:
$tag_id = isset($_GET[GET_KEY_TAG_ID]) ? $_GET[GET_KEY_TAG_ID] : INVALID_ID;
if (is_numeric($tag_id) && $tag_id != INVALID_ID) {
phphoto_echo_admin_tag($db, $tag_id);
} else {
phphoto_echo_admin_tags($db);
}
break;
case GET_VALUE_ADMIN_IMAGE:
$image_id = isset($_GET[GET_KEY_IMAGE_ID]) ? $_GET[GET_KEY_IMAGE_ID] : INVALID_ID;
if (is_numeric($image_id) && $image_id != INVALID_ID) {
phphoto_echo_admin_image($db, $image_id);
} else {
phphoto_echo_admin_images($db);
}
break;
case GET_VALUE_ADMIN_CAMERA:
phphoto_echo_admin_cameras($db);
break;
default:
phphoto_echo_admin_default($db, $settings);
break;
}
}
function phphoto_echo_admin_image($db, $image_id)
{
assert(is_numeric($image_id));
// prevent SQL injections
// OPERATIONS
if (isset($_GET[GET_KEY_OPERATION])) {
if ($_GET[GET_KEY_OPERATION] == GET_VALUE_UPDATE && isset($_POST['title']) && isset($_POST['description'])) {
// update image
$title = $_POST['title'];
$description = $_POST['description'];
$active = isset($_POST['active']) ? 'TRUE' : 'FALSE';
$sql = sprintf("UPDATE images SET title = '%s', description = '%s', active = %s WHERE id = %s", mysql_real_escape_string($title, $db), mysql_real_escape_string($description, $db), $active, $image_id);
if (phphoto_db_query($db, $sql) == 1) {
phphoto_popup_message(phphoto_text($db, 'image', 'updated'), 'info');
}
}
if ($_GET[GET_KEY_OPERATION] == GET_VALUE_DELETE && isset($_GET[GET_KEY_IMAGE_ID])) {
// delete image
$sql = "DELETE FROM images WHERE id = {$image_id}";
if (phphoto_db_query($db, $sql) == 1) {
phphoto_popup_message(phphoto_text($db, 'image', 'deleted'), 'info');
phphoto_echo_admin_images($db);
return;
} else {
phphoto_popup_message(phphoto_text($db, 'image', 'delete_error'), 'error');
}
}
}
$sql = "\n SELECT\n id,\n type,\n width,\n height,\n filesize,\n filename,\n exif,\n title,\n description,\n active,\n changed,\n created\n FROM\n images\n WHERE\n id = {$image_id}\n ";
$image_data = phphoto_db_query($db, $sql);
$sql = "\n SELECT\n id,\n title\n FROM\n galleries\n WHERE\n id IN (SELECT gallery_id FROM image_to_gallery WHERE image_id = {$image_id})\n ";
$gallery_data = phphoto_db_query($db, $sql);
$sql = "\n SELECT\n id,\n name\n FROM\n tags\n WHERE\n id IN (SELECT tag_id FROM image_to_tag WHERE image_id = {$image_id})\n ";
$tag_data = phphoto_db_query($db, $sql);
if (count($image_data) != 1) {
phphoto_popup_message(phphoto_text($db, 'image', 'unknown'), 'error');
echo "\n</div>";
return;
}
$gallery_names = array();
foreach ($gallery_data as $gallery) {
array_push($gallery_names, "<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_GALLERY . '&' . GET_KEY_GALLERY_ID . "={$gallery['id']}'>" . format_string($gallery['title']) . "</a>");
}
$tag_names = array();
foreach ($tag_data as $tag) {
array_push($tag_names, "<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_TAG . '&' . GET_KEY_TAG_ID . "={$tag['id']}'>" . format_string($tag['name']) . "</a>");
}
$image_data = $image_data[0];
if ($image_data['exif']) {
eval('$exif = ' . $image_data['exif'] . ';');
} else {
$exif = array();
}
$table_data = array();
array_push($table_data, array(' ', "<a href='image.php?" . GET_KEY_IMAGE_ID . '=' . $image_id . '&' . GET_KEY_ADMIN_QUERY . "=preview'><img src='image.php?" . GET_KEY_IMAGE_ID . '=' . $image_id . "t' /></a>"));
array_push($table_data, array(phphoto_text($db, 'header', 'filename'), $image_data['filename']));
array_push($table_data, array(phphoto_text($db, 'header', 'format'), image_type_to_mime_type($image_data['type'])));
array_push($table_data, array(phphoto_text($db, 'header', 'filesize'), format_byte($image_data['filesize'])));
array_push($table_data, array(phphoto_text($db, 'header', 'resolution'), $image_data['width'] . 'x' . $image_data['height'] . ' (' . phphoto_image_aspect_ratio($image_data['width'], $image_data['height']) . ')'));
array_push($table_data, array(phphoto_text($db, 'header', 'camera'), "<img src='./icons/camera-photo.png' /> " . format_camera_model($exif)));
array_push($table_data, array(phphoto_text($db, 'header', 'settings'), "<img src='./icons/image-x-generic.png' /> " . format_camera_settings($exif)));
array_push($table_data, array(phphoto_text($db, 'header', 'galleries'), implode('<br>', $gallery_names)));
array_push($table_data, array(phphoto_text($db, 'header', 'tags'), implode('<br>', $tag_names)));
array_push($table_data, array(phphoto_text($db, 'header', 'title'), "<input type='input' name='title' maxlength='255' value='{$image_data['title']}'>"));
array_push($table_data, array(phphoto_text($db, 'header', 'description'), "<textarea name='description'>{$image_data['description']}</textarea>"));
array_push($table_data, array(phphoto_text($db, 'header', 'active'), "<input type='checkbox' name='active'" . ($image_data['active'] ? ' checked' : '') . ">"));
array_push($table_data, array(phphoto_text($db, 'header', 'changed'), format_date_time($image_data['changed'])));
array_push($table_data, array(phphoto_text($db, 'header', 'created'), format_date_time($image_data['created'])));
array_push($table_data, array(' ', "<input type='submit' value='" . phphoto_text($db, 'button', 'update') . "'>"));
echo "\n<div class='admin'>";
echo "\n <h1>" . phphoto_text($db, 'image', 'edit') . "</h1>";
echo "\n <form method='post' action='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_IMAGE . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_UPDATE . '&' . GET_KEY_IMAGE_ID . "={$image_id}'>";
phphoto_to_html_table($table_data);
echo "\n </form>";
echo "\n</div>";
}