function phphoto_admin($db, $settings, $admin)
{
switch ($admin) {
case GET_VALUE_ADMIN_GALLERY:
$gallery_id = isset($_GET[GET_KEY_GALLERY_ID]) ? $_GET[GET_KEY_GALLERY_ID] : INVALID_ID;
if (is_numeric($gallery_id) && $gallery_id != INVALID_ID) {
phphoto_echo_admin_gallery($db, $gallery_id);
} else {
phphoto_echo_admin_galleries($db);
}
break;
case GET_VALUE_ADMIN_TAG:
$tag_id = isset($_GET[GET_KEY_TAG_ID]) ? $_GET[GET_KEY_TAG_ID] : INVALID_ID;
if (is_numeric($tag_id) && $tag_id != INVALID_ID) {
phphoto_echo_admin_tag($db, $tag_id);
} else {
phphoto_echo_admin_tags($db);
}
break;
case GET_VALUE_ADMIN_IMAGE:
$image_id = isset($_GET[GET_KEY_IMAGE_ID]) ? $_GET[GET_KEY_IMAGE_ID] : INVALID_ID;
if (is_numeric($image_id) && $image_id != INVALID_ID) {
phphoto_echo_admin_image($db, $image_id);
} else {
phphoto_echo_admin_images($db);
}
break;
case GET_VALUE_ADMIN_CAMERA:
phphoto_echo_admin_cameras($db);
break;
default:
phphoto_echo_admin_default($db, $settings);
break;
}
}
function phphoto_echo_admin_gallery($db, $gallery_id)
{
assert(is_numeric($gallery_id));
// prevent SQL injections
// OPERATIONS
if (isset($_GET[GET_KEY_OPERATION])) {
if (isset($_REQUEST[GET_KEY_IMAGE_ID]) && is_numeric($_REQUEST[GET_KEY_IMAGE_ID])) {
// operate on image in gallery
$image_id = $_REQUEST[GET_KEY_IMAGE_ID];
assert(is_numeric($image_id));
// prevent SQL injections
if ($_GET[GET_KEY_OPERATION] == GET_VALUE_CREATE) {
// add image to gallery
$sql = "INSERT INTO image_to_gallery (gallery_id, image_id, created) VALUES ({$gallery_id}, {$image_id}, NOW())";
if (phphoto_db_query($db, $sql) == 1) {
phphoto_popup_message(phphoto_text($db, 'gallery', 'image_added'), 'info');
}
}
if ($_GET[GET_KEY_OPERATION] == GET_VALUE_DELETE) {
// remove image from gallery
$sql = "DELETE FROM image_to_gallery WHERE gallery_id = {$gallery_id} AND image_id = {$image_id}";
if (phphoto_db_query($db, $sql) == 1) {
phphoto_popup_message(phphoto_text($db, 'gallery', 'image_removed'), 'info');
}
}
} else {
if ($_GET[GET_KEY_OPERATION] == GET_VALUE_UPDATE && isset($_POST['title']) && isset($_POST['description'])) {
// update gallery
$title = $_POST['title'];
$description = $_POST['description'];
$active = isset($_POST['active']) ? 'TRUE' : 'FALSE';
$sql = sprintf("UPDATE galleries SET title = '%s', description = '%s', active = %s WHERE id = %s", mysql_real_escape_string($title, $db), mysql_real_escape_string($description, $db), $active, $gallery_id);
if (phphoto_db_query($db, $sql) == 1) {
phphoto_popup_message(phphoto_text($db, 'gallery', 'updated'), 'info');
}
}
if ($_GET[GET_KEY_OPERATION] == GET_VALUE_DELETE) {
// delete gallery
$sql = "DELETE FROM galleries WHERE id = {$gallery_id}";
if (phphoto_db_query($db, $sql) == 1) {
phphoto_popup_message(phphoto_text($db, 'gallery', 'deleted'), 'info');
phphoto_echo_admin_galleries($db);
return;
} else {
phphoto_popup_message(phphoto_text($db, 'gallery', 'delete_error'), 'error');
}
}
}
}
$sql = "\n SELECT\n id,\n title,\n description,\n views,\n (SELECT COUNT(*) FROM image_to_gallery WHERE gallery_id = id) AS images,\n active,\n changed,\n created\n FROM\n galleries\n WHERE\n id = {$gallery_id}\n ";
$gallery_data = phphoto_db_query($db, $sql);
if (count($gallery_data) != 1) {
phphoto_popup_message(phphoto_text($db, 'gallery', 'unknown'), 'error');
echo "\n</div>";
return;
}
$gallery_data = $gallery_data[0];
phphoto_gallery_thumbnail($db, $gallery_id);
$table_data = array();
array_push($table_data, array(' ', "<img src='image.php?" . GET_KEY_GALLERY_ID . "=" . $gallery_id . "' />"));
array_push($table_data, array(phphoto_text($db, 'header', 'views'), $gallery_data['views']));
array_push($table_data, array(phphoto_text($db, 'header', 'images'), $gallery_data['images']));
array_push($table_data, array(phphoto_text($db, 'header', 'title'), "<input type='input' name='title' maxlength='255' value='{$gallery_data['title']}'>"));
array_push($table_data, array(phphoto_text($db, 'header', 'description'), "<textarea name='description'>{$gallery_data['description']}</textarea>"));
array_push($table_data, array(phphoto_text($db, 'header', 'active'), "<input type='checkbox' name='active'" . ($gallery_data['active'] ? ' checked' : '') . ">"));
array_push($table_data, array(phphoto_text($db, 'header', 'changed'), format_date_time($gallery_data['changed'])));
array_push($table_data, array(phphoto_text($db, 'header', 'created'), format_date_time($gallery_data['created'])));
array_push($table_data, array(' ', "<input type='submit' value='" . phphoto_text($db, 'button', 'update') . "'>"));
echo "\n<div class='admin'>";
echo "\n <h1>" . phphoto_text($db, 'gallery', 'edit') . "</h1>";
echo "\n <form method='post' action='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_GALLERY . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_UPDATE . '&' . GET_KEY_GALLERY_ID . "={$gallery_id}'>";
phphoto_to_html_table($table_data);
echo "\n </form>";
echo "\n</div>";
// images not in this gallery
echo "\n<div class='admin'>";
echo "\n <h1>" . phphoto_text($db, 'gallery', 'images_not_in') . "</h1>";
$sql = "\n SELECT\n id,\n IF (LENGTH(title) > 0, title, filename) AS name\n FROM\n images\n WHERE\n id NOT IN (SELECT image_id FROM image_to_gallery WHERE gallery_id = {$gallery_id})\n ";
$images = phphoto_db_query($db, $sql);
if (count($images) > 0) {
echo "\n <form method='post' action='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_GALLERY . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_CREATE . '&' . GET_KEY_GALLERY_ID . "={$gallery_id}'>";
echo "\n <select name='" . GET_KEY_IMAGE_ID . "'>";
foreach ($images as $row) {
echo "\n <option value='{$row['id']}'>{$row['name']}</option>";
}
echo "\n </select>";
echo "\n <input type='submit' value='" . phphoto_text($db, 'button', 'add') . "'>";
echo "\n </form>";
}
echo "\n</div>";
// images in this gallery
$sql = "\n SELECT\n id,\n IF (LENGTH(title) > 0, title, filename) AS name,\n active\n FROM\n images\n WHERE\n id IN (SELECT image_id FROM image_to_gallery WHERE gallery_id = {$gallery_id})\n ";
$header = array(phphoto_text($db, 'header', 'thumbnail'), phphoto_text($db, 'header', 'name'), phphoto_text($db, 'header', 'active'), ' ');
$images = array();
foreach (phphoto_db_query($db, $sql) as $row) {
array_push($images, array("<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_IMAGE . '&' . GET_KEY_IMAGE_ID . "={$row['id']}'>\n <img src='image.php?" . GET_KEY_IMAGE_ID . "={$row['id']}t' class='thumbnail' /></a>", $row['name'], format_bool($row['active']), "<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_GALLERY . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_DELETE . '&' . GET_KEY_GALLERY_ID . '=' . $gallery_id . '&' . GET_KEY_IMAGE_ID . "={$row['id']}'><img src='./icons/process-stop.png' /></a>"));
}
echo "\n<div class='admin'>";
echo "\n <h1>" . phphoto_text($db, 'gallery', 'images_in') . "</h1>";
phphoto_to_html_table($images, $header);
echo "\n</div>";
}