} if (!empty($_POST['filename'])) { $search['fields']['filename'] = str_replace('*', '%', pwg_db_real_escape_string($_POST['filename'])); } if (!empty($_POST['ip'])) { $search['fields']['ip'] = str_replace('*', '%', pwg_db_real_escape_string($_POST['ip'])); } check_input_parameter('display_thumbnail', $_POST, false, '/^(' . implode('|', array_keys($display_thumbnails)) . ')$/'); $search['fields']['display_thumbnail'] = $_POST['display_thumbnail']; // Display choise are also save to one cookie if (!empty($_POST['display_thumbnail']) and isset($display_thumbnails[$_POST['display_thumbnail']])) { $cookie_val = $_POST['display_thumbnail']; } else { $cookie_val = null; } pwg_set_cookie_var('display_thumbnail', $cookie_val, strtotime('+1 month')); // TODO manage inconsistency of having $_POST['image_id'] and // $_POST['filename'] simultaneously if (!empty($search)) { // register search rules in database, then they will be available on // thumbnails page and picture page. $query = ' INSERT INTO ' . SEARCH_TABLE . ' (rules) VALUES (\'' . pwg_db_real_escape_string(serialize($search)) . '\') ;'; pwg_query($query); $search_id = pwg_db_insert_id(SEARCH_TABLE); redirect(PHPWG_ROOT_PATH . 'admin.php?page=history&search_id=' . $search_id); } else {
/** * Rate a picture by the current user. * * @param int $image_id * @param float $rate * @return array as return by update_rating_score() */ function rate_picture($image_id, $rate) { global $conf, $user; if (!isset($rate) or !$conf['rate'] or !preg_match('/^[0-9]+$/', $rate) or !in_array($rate, $conf['rate_items'])) { return false; } $user_anonymous = is_autorize_status(ACCESS_CLASSIC) ? false : true; if ($user_anonymous and !$conf['rate_anonymous']) { return false; } $ip_components = explode('.', $_SERVER["REMOTE_ADDR"]); if (count($ip_components) > 3) { array_pop($ip_components); } $anonymous_id = implode('.', $ip_components); if ($user_anonymous) { $save_anonymous_id = pwg_get_cookie_var('anonymous_rater', $anonymous_id); if ($anonymous_id != $save_anonymous_id) { // client has changed his IP adress or he's trying to fool us $query = ' SELECT element_id FROM ' . RATE_TABLE . ' WHERE user_id = ' . $user['id'] . ' AND anonymous_id = \'' . $anonymous_id . '\' ;'; $already_there = array_from_query($query, 'element_id'); if (count($already_there) > 0) { $query = ' DELETE FROM ' . RATE_TABLE . ' WHERE user_id = ' . $user['id'] . ' AND anonymous_id = \'' . $save_anonymous_id . '\' AND element_id IN (' . implode(',', $already_there) . ') ;'; pwg_query($query); } $query = ' UPDATE ' . RATE_TABLE . ' SET anonymous_id = \'' . $anonymous_id . '\' WHERE user_id = ' . $user['id'] . ' AND anonymous_id = \'' . $save_anonymous_id . '\' ;'; pwg_query($query); } // end client changed ip pwg_set_cookie_var('anonymous_rater', $anonymous_id); } // end anonymous user $query = ' DELETE FROM ' . RATE_TABLE . ' WHERE element_id = ' . $image_id . ' AND user_id = ' . $user['id'] . ' '; if ($user_anonymous) { $query .= ' AND anonymous_id = \'' . $anonymous_id . '\''; } pwg_query($query); $query = ' INSERT INTO ' . RATE_TABLE . ' (user_id,anonymous_id,element_id,rate,date) VALUES (' . $user['id'] . ',' . '\'' . $anonymous_id . '\',' . $image_id . ',' . $rate . ',NOW()) ;'; pwg_query($query); return update_rating_score($image_id); }