Esempio n. 1
0
function phphoto_admin($db, $settings, $admin)
{
    switch ($admin) {
        case GET_VALUE_ADMIN_GALLERY:
            $gallery_id = isset($_GET[GET_KEY_GALLERY_ID]) ? $_GET[GET_KEY_GALLERY_ID] : INVALID_ID;
            if (is_numeric($gallery_id) && $gallery_id != INVALID_ID) {
                phphoto_echo_admin_gallery($db, $gallery_id);
            } else {
                phphoto_echo_admin_galleries($db);
            }
            break;
        case GET_VALUE_ADMIN_TAG:
            $tag_id = isset($_GET[GET_KEY_TAG_ID]) ? $_GET[GET_KEY_TAG_ID] : INVALID_ID;
            if (is_numeric($tag_id) && $tag_id != INVALID_ID) {
                phphoto_echo_admin_tag($db, $tag_id);
            } else {
                phphoto_echo_admin_tags($db);
            }
            break;
        case GET_VALUE_ADMIN_IMAGE:
            $image_id = isset($_GET[GET_KEY_IMAGE_ID]) ? $_GET[GET_KEY_IMAGE_ID] : INVALID_ID;
            if (is_numeric($image_id) && $image_id != INVALID_ID) {
                phphoto_echo_admin_image($db, $image_id);
            } else {
                phphoto_echo_admin_images($db);
            }
            break;
        case GET_VALUE_ADMIN_CAMERA:
            phphoto_echo_admin_cameras($db);
            break;
        default:
            phphoto_echo_admin_default($db, $settings);
            break;
    }
}
Esempio n. 2
0
function phphoto_echo_admin_gallery($db, $gallery_id)
{
    assert(is_numeric($gallery_id));
    // prevent SQL injections
    // OPERATIONS
    if (isset($_GET[GET_KEY_OPERATION])) {
        if (isset($_REQUEST[GET_KEY_IMAGE_ID]) && is_numeric($_REQUEST[GET_KEY_IMAGE_ID])) {
            // operate on image in gallery
            $image_id = $_REQUEST[GET_KEY_IMAGE_ID];
            assert(is_numeric($image_id));
            // prevent SQL injections
            if ($_GET[GET_KEY_OPERATION] == GET_VALUE_CREATE) {
                // add image to gallery
                $sql = "INSERT INTO image_to_gallery (gallery_id, image_id, created) VALUES ({$gallery_id}, {$image_id}, NOW())";
                if (phphoto_db_query($db, $sql) == 1) {
                    phphoto_popup_message(phphoto_text($db, 'gallery', 'image_added'), 'info');
                }
            }
            if ($_GET[GET_KEY_OPERATION] == GET_VALUE_DELETE) {
                // remove image from gallery
                $sql = "DELETE FROM image_to_gallery WHERE gallery_id = {$gallery_id} AND image_id = {$image_id}";
                if (phphoto_db_query($db, $sql) == 1) {
                    phphoto_popup_message(phphoto_text($db, 'gallery', 'image_removed'), 'info');
                }
            }
        } else {
            if ($_GET[GET_KEY_OPERATION] == GET_VALUE_UPDATE && isset($_POST['title']) && isset($_POST['description'])) {
                // update gallery
                $title = $_POST['title'];
                $description = $_POST['description'];
                $active = isset($_POST['active']) ? 'TRUE' : 'FALSE';
                $sql = sprintf("UPDATE galleries SET title = '%s', description = '%s', active = %s WHERE id = %s", mysql_real_escape_string($title, $db), mysql_real_escape_string($description, $db), $active, $gallery_id);
                if (phphoto_db_query($db, $sql) == 1) {
                    phphoto_popup_message(phphoto_text($db, 'gallery', 'updated'), 'info');
                }
            }
            if ($_GET[GET_KEY_OPERATION] == GET_VALUE_DELETE) {
                // delete gallery
                $sql = "DELETE FROM galleries WHERE id = {$gallery_id}";
                if (phphoto_db_query($db, $sql) == 1) {
                    phphoto_popup_message(phphoto_text($db, 'gallery', 'deleted'), 'info');
                    phphoto_echo_admin_galleries($db);
                    return;
                } else {
                    phphoto_popup_message(phphoto_text($db, 'gallery', 'delete_error'), 'error');
                }
            }
        }
    }
    $sql = "\n        SELECT\n            id,\n            title,\n            description,\n            views,\n            (SELECT COUNT(*) FROM image_to_gallery WHERE gallery_id = id) AS images,\n            active,\n            changed,\n            created\n        FROM\n            galleries\n        WHERE\n            id = {$gallery_id}\n    ";
    $gallery_data = phphoto_db_query($db, $sql);
    if (count($gallery_data) != 1) {
        phphoto_popup_message(phphoto_text($db, 'gallery', 'unknown'), 'error');
        echo "\n</div>";
        return;
    }
    $gallery_data = $gallery_data[0];
    phphoto_gallery_thumbnail($db, $gallery_id);
    $table_data = array();
    array_push($table_data, array('&nbsp;', "<img src='image.php?" . GET_KEY_GALLERY_ID . "=" . $gallery_id . "' />"));
    array_push($table_data, array(phphoto_text($db, 'header', 'views'), $gallery_data['views']));
    array_push($table_data, array(phphoto_text($db, 'header', 'images'), $gallery_data['images']));
    array_push($table_data, array(phphoto_text($db, 'header', 'title'), "<input type='input' name='title' maxlength='255' value='{$gallery_data['title']}'>"));
    array_push($table_data, array(phphoto_text($db, 'header', 'description'), "<textarea name='description'>{$gallery_data['description']}</textarea>"));
    array_push($table_data, array(phphoto_text($db, 'header', 'active'), "<input type='checkbox' name='active'" . ($gallery_data['active'] ? ' checked' : '') . ">"));
    array_push($table_data, array(phphoto_text($db, 'header', 'changed'), format_date_time($gallery_data['changed'])));
    array_push($table_data, array(phphoto_text($db, 'header', 'created'), format_date_time($gallery_data['created'])));
    array_push($table_data, array('&nbsp;', "<input type='submit' value='" . phphoto_text($db, 'button', 'update') . "'>"));
    echo "\n<div class='admin'>";
    echo "\n    <h1>" . phphoto_text($db, 'gallery', 'edit') . "</h1>";
    echo "\n    <form method='post' action='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_GALLERY . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_UPDATE . '&' . GET_KEY_GALLERY_ID . "={$gallery_id}'>";
    phphoto_to_html_table($table_data);
    echo "\n    </form>";
    echo "\n</div>";
    // images not in this gallery
    echo "\n<div class='admin'>";
    echo "\n    <h1>" . phphoto_text($db, 'gallery', 'images_not_in') . "</h1>";
    $sql = "\n        SELECT\n            id,\n            IF (LENGTH(title) > 0, title, filename) AS name\n        FROM\n            images\n        WHERE\n            id NOT IN (SELECT image_id FROM image_to_gallery WHERE gallery_id = {$gallery_id})\n    ";
    $images = phphoto_db_query($db, $sql);
    if (count($images) > 0) {
        echo "\n    <form method='post' action='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_GALLERY . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_CREATE . '&' . GET_KEY_GALLERY_ID . "={$gallery_id}'>";
        echo "\n        <select name='" . GET_KEY_IMAGE_ID . "'>";
        foreach ($images as $row) {
            echo "\n            <option value='{$row['id']}'>{$row['name']}</option>";
        }
        echo "\n        </select>";
        echo "\n        <input type='submit' value='" . phphoto_text($db, 'button', 'add') . "'>";
        echo "\n    </form>";
    }
    echo "\n</div>";
    // images in this gallery
    $sql = "\n        SELECT\n            id,\n            IF (LENGTH(title) > 0, title, filename) AS name,\n            active\n        FROM\n            images\n        WHERE\n            id IN (SELECT image_id FROM image_to_gallery WHERE gallery_id = {$gallery_id})\n    ";
    $header = array(phphoto_text($db, 'header', 'thumbnail'), phphoto_text($db, 'header', 'name'), phphoto_text($db, 'header', 'active'), '&nbsp;');
    $images = array();
    foreach (phphoto_db_query($db, $sql) as $row) {
        array_push($images, array("<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_IMAGE . '&' . GET_KEY_IMAGE_ID . "={$row['id']}'>\n                    <img src='image.php?" . GET_KEY_IMAGE_ID . "={$row['id']}t' class='thumbnail' /></a>", $row['name'], format_bool($row['active']), "<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_GALLERY . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_DELETE . '&' . GET_KEY_GALLERY_ID . '=' . $gallery_id . '&' . GET_KEY_IMAGE_ID . "={$row['id']}'><img src='./icons/process-stop.png' /></a>"));
    }
    echo "\n<div class='admin'>";
    echo "\n    <h1>" . phphoto_text($db, 'gallery', 'images_in') . "</h1>";
    phphoto_to_html_table($images, $header);
    echo "\n</div>";
}