Esempio n. 1
0
/**
* saves the specified album information
*
* @param    int     album_id    album_id to edit
* @return   string              HTML
*
*/
function MG_saveAlbum($album_id, $actionURL = '')
{
    global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
    $update = 0;
    if (isset($_POST['album_id'])) {
        $aid = COM_applyFilter($_POST['album_id'], true);
    } else {
        $aid = 0;
    }
    if (isset($_POST['force_child_update'])) {
        $forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true);
    } else {
        $forceChildPermUpdate = 0;
    }
    $thumb = $_FILES['thumbnail'];
    $thumbnail = $thumb['tmp_name'];
    if (isset($_POST['attach_tn'])) {
        $att = COM_applyFilter($_POST['attach_tn']);
    } else {
        $att = 0;
    }
    if ($aid > 0) {
        // should be 0 or negative 1 for create
        $album = $MG_albums[$aid];
        $oldparent = $album->parent;
        $old_tn_attached = $album->tn_attached;
        $old_featured = $album->featured;
        $update = 1;
    } else {
        $album = new mgAlbum();
        $album->id = $aid;
        $update = 0;
        $old_tn_attached = 0;
    }
    if ($_MG_CONF['htmlallowed'] == 1) {
        $album->title = COM_checkHTML(COM_killJS($_POST['album_name']));
        $album->description = COM_checkHTML(COM_killJS($_POST['album_desc']));
    } else {
        $album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name']))));
        $album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc']))));
    }
    if ($album->title == "") {
        return MG_errorHandler("You must enter an Album Name");
    }
    $album->parent = COM_applyFilter($_POST['parentaid'], true);
    // we should not need this
    if (isset($_POST['hidden'])) {
        $album->hidden = COM_applyFilter($_POST['hidden'], true);
    } else {
        $album->hidden = 0;
    }
    $album->cover = COM_applyFilter($_POST['cover']);
    $album->cover_filename = COM_applyFilter($_POST['album_cover_filename']);
    if (isset($_POST['enable_album_views'])) {
        $album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true);
    } else {
        $album->enable_album_views = 0;
    }
    $album->image_skin = COM_applyFilter($_POST['skin']);
    $album->album_skin = COM_applyFilter($_POST['askin']);
    $album->display_skin = COM_applyFilter($_POST['dskin']);
    if (isset($_POST['display_album_desc'])) {
        $album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true);
    } else {
        $album->display_album_desc = 0;
    }
    if (isset($_POST['enable_comments'])) {
        $album->enable_comments = COM_applyFilter($_POST['enable_comments'], true);
    } else {
        $album->enable_comments = 0;
    }
    $album->exif_display = COM_applyFilter($_POST['enable_exif'], true);
    if (isset($_POST['enable_rating'])) {
        $album->enable_rating = COM_applyFilter($_POST['enable_rating'], true);
    } else {
        $album->enable_rating = 0;
    }
    $album->playback_type = COM_applyFilter($_POST['playback_type'], true);
    $album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0;
    $album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true);
    if (isset($_POST['enable_random'])) {
        $album->enable_random = COM_applyFilter($_POST['enable_random'], true);
    } else {
        $album->enable_random = 0;
    }
    if (isset($_POST['enable_shutterfly'])) {
        $album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true);
    } else {
        $album->enable_shutterfly = 0;
    }
    if (isset($_POST['enable_views'])) {
        $album->enable_views = COM_applyFilter($_POST['enable_views'], true);
    } else {
        $album->enable_views = 0;
    }
    if (isset($_POST['enable_keywords'])) {
        $album->enable_keywords = COM_applyFilter($_POST['enable_keywords'], true);
    } else {
        $album->enable_keywords = 0;
    }
    if (isset($_POST['enable_sort'])) {
        $album->enable_sort = COM_applyFilter($_POST['enable_sort'], true);
    } else {
        $album->enable_sort = 0;
    }
    if (isset($_POST['enable_rss'])) {
        $album->enable_rss = COM_applyFilter($_POST['enable_rss'], true);
    } else {
        $album->enable_rss = 0;
    }
    $album->enable_postcard = COM_applyFilter($_POST['enable_postcard'], true);
    if (isset($_POST['albums_first'])) {
        $album->albums_first = COM_applyFilter($_POST['albums_first'], true);
    } else {
        $album->albums_first = 0;
    }
    if (isset($_POST['allow_download'])) {
        $album->allow_download = COM_applyFilter($_POST['allow_download'], true);
    } else {
        $album->allow_download = 0;
    }
    if (isset($_POST['usealternate'])) {
        $album->useAlternate = COM_applyFilter($_POST['usealternate'], true);
    } else {
        $album->useAlternate = 0;
    }
    $album->full = COM_applyFilter($_POST['full_display'], true);
    $album->tn_size = COM_applyFilter($_POST['tn_size'], true);
    $album->max_image_height = COM_applyFilter($_POST['max_image_height'], true);
    $album->max_image_width = COM_applyFilter($_POST['max_image_width'], true);
    $album->max_filesize = COM_applyFilter($_POST['max_filesize'], true);
    if ($album->max_filesize != 0) {
        $album->max_filesize = $album->max_filesize * 1024;
    }
    $album->display_image_size = COM_applyFilter($_POST['display_image_size'], true);
    $album->display_rows = COM_applyFilter($_POST['display_rows'], true);
    $album->display_columns = COM_applyFilter($_POST['display_columns'], true);
    $album->skin = COM_applyFilter($_POST['album_theme']);
    if (isset($_POST['filename_title'])) {
        $album->filename_title = COM_applyFilter($_POST['filename_title'], true);
    } else {
        $album->filename_title = 0;
    }
    $album->shopping_cart = 0;
    if (isset($_POST['wm_auto'])) {
        $album->wm_auto = COM_applyFilter($_POST['wm_auto'], true);
    } else {
        $album->wm_auto = 0;
    }
    $album->wm_id = COM_applyFilter($_POST['wm_id']);
    $album->wm_opacity = COM_applyFilter($_POST['wm_opacity'], true);
    $album->wm_location = COM_applyFilter($_POST['wm_location'], true);
    $album->album_sort_order = COM_applyFilter($_POST['album_sort_order'], true);
    if (isset($_POST['uploads'])) {
        $album->member_uploads = COM_applyFilter($_POST['uploads'], true);
    } else {
        $album->member_uploads = 0;
    }
    if (isset($_POST['moderate'])) {
        $album->moderate = COM_applyFilter($_POST['moderate'], true);
    } else {
        $album->moderate = 0;
    }
    if (isset($_POST['email_mod'])) {
        $album->email_mod = COM_applyFilter($_POST['email_mod'], true);
    } else {
        $album->email_mod = 0;
    }
    if (isset($_POST['podcast'])) {
        $album->podcast = COM_applyFilter($_POST['podcast'], true);
    } else {
        $album->podcast = 0;
    }
    if (isset($_POST['mp3ribbon'])) {
        $album->mp3ribbon = COM_applyFilter($_POST['mp3ribbon'], true);
    } else {
        $album->mp3ribbon = 0;
    }
    if (isset($_POST['rsschildren'])) {
        $album->rssChildren = COM_applyFilter($_POST['rsschildren'], true);
    } else {
        $album->rssChildren = 0;
    }
    if (isset($_POST['tnheight'])) {
        $album->tnHeight = COM_applyFilter($_POST['tnheight'], true);
        if ($album->tnHeight == 0) {
            $album->tnHeight = 200;
        }
    } else {
        $album->tnHeight = 200;
    }
    if (isset($_POST['tnwidth'])) {
        $album->tnWidth = COM_applyFilter($_POST['tnwidth'], true);
        if ($album->tnWidth == 0) {
            $album->tnWidth = 200;
        }
    } else {
        $album->tnWidth = 200;
    }
    if (SEC_hasRights('mediagallery.admin')) {
        $format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0;
        $format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0;
        $format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0;
        $format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0;
        $format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0;
        $format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0;
        $format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0;
        $format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0;
        $format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0;
        $format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0;
        $format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0;
        $format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0;
        $format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0;
        $format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0;
        $format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0;
        $format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0;
        $format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0;
        $format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0;
        $format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0;
        $album->valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb;
        if (isset($_POST['featured'])) {
            $album->featured = COM_applyFilter($_POST['featured'], true);
            // admin only
        } else {
            $album->featured = 0;
        }
        $album->cbposition = COM_applyFilter($_POST['featureposition'], true);
        // admin only
        $album->cbpage = COM_applyFilter($_POST['featurepage']);
        // admin only
        $album->group_id = isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id']) : 0;
        // admin only
        $album->mod_group_id = isset($_POST['mod_id']) ? COM_applyFilter($_POST['mod_id'], true) : 0;
        // admin only
        $perm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0;
        // admin only
        $perm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0;
        // admin only
        $perm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0;
        $perm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0;
        list($album->perm_owner, $album->perm_group, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    } else {
        $perm_owner = $album->perm_owner;
        // already set by existing album?
        $perm_group = $album->perm_group;
        // already set by existing album?
        if ($update == 0) {
            if (isset($MG_albums[$album->parent]->group_id)) {
                $grp_id = $MG_albums[$album->parent]->group_id;
                $album->group_id = $grp_id;
            } else {
                $gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'");
                $grow = DB_fetchArray($gresult);
                $grp_id = $grow['grp_id'];
                $album->group_id = $grp_id;
                // only do these two if create....
            }
            $album->mod_group_id = $_MG_CONF['member_mod_group_id'];
            if ($album->mod_group_id == '' || $album->mod_group_id < 1) {
                $album->mod_group_id = $grp_id;
            }
        }
        $perm_members = $_POST['perm_members'];
        $perm_anon = $_POST['perm_anon'];
        list($junk1, $junk2, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if (isset($_POST['owner_id'])) {
        $album->owner_id = COM_applyFilter($_POST['owner_id']);
    } else {
        $album->owner_id = 2;
    }
    // simple check to see if we can create off the album root...
    if (!SEC_hasRights('mediagallery.admin')) {
        if ($album->parent == $_MG_CONF['member_album_root'] && $update == 0) {
            if ($_MG_CONF['member_create_new'] == 0) {
                return MG_errorHandler("Cannot create a new album off the member root, please select a new parent album");
            }
        }
    }
    // final permission check to make sure we have the proper rights to create here....
    if ($album->parent == 0 && $update == 0 && !$_MG_CONF['member_albums'] == 1 && !$_MG_CONF['member_album_root'] == 0) {
        // see if we are mediagallery.admin
        if (!SEC_hasRights('mediagallery.admin')) {
            COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album in Root.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
            return MG_genericError($LANG_MG00['access_denied_msg']);
        }
    } elseif ($album->parent != 0) {
        if (!isset($MG_albums[$album->parent]->id)) {
            // does not exist...
            COM_errorLog("MediaGallery: Someone has tried to save a album to non-existent parent album.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
            return MG_genericError($LANG_MG00['access_denied_msg']);
        } else {
            if ($MG_albums[$album->parent]->access != 3 && !SEC_hasRights('mediagallery.admin') && !$_MG_CONF['member_albums'] && !($_MG_CONF['member_album_root'] == $MG_album[$album->parent]->id)) {
                COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
                return MG_genericError($LANG_MG00['access_denied_msg']);
            }
        }
    }
    if ($old_tn_attached == 0 && $album->tn_attached == 1 && $thumb['tmp_name'] == '') {
        $album->tn_attached = 0;
    }
    if ($old_tn_attached == 1 && $album->tn_attached == 0) {
        $remove_old_tn = 1;
    } else {
        $remove_old_tn = 0;
    }
    if ($thumb['tmp_name'] != '' && $album->tn_attached == 1) {
        $thumbnail = $thumb['tmp_name'];
        $attachtn = 1;
    } else {
        $attachtn = 0;
    }
    // pull the watermark id associated with the filename...
    if ($album->wm_id == 'blank.png') {
        $wm_id = 0;
    } else {
        $wm_id = DB_getItem($_TABLES['mg_watermarks'], 'wm_id', 'filename="' . DB_escapeString($album->wm_id) . '"');
    }
    if ($wm_id == '') {
        $wm_id = 0;
    }
    if ($wm_id == 0) {
        $album->wm_auto = 0;
    }
    $album->wm_id = $wm_id;
    // handle new featured albums
    if (SEC_hasRights('mediagallery.admin')) {
        if ($album->featured) {
            // check for other featured albums, we can only have one
            $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE featured=1 AND cbpage='" . DB_escapeString($album->cbpage) . "'";
            $result = DB_query($sql);
            $nRows = DB_numRows($result);
            if ($nRows > 0) {
                $row = DB_fetchArray($result);
                $sql = "UPDATE {$_TABLES['mg_albums']} SET featured=0 WHERE album_id=" . $row['album_id'];
                DB_query($sql);
            }
        }
    } else {
        // if a new album, set the member album defaults since we are a non-admin
        if ($album->isMemberAlbum() && update == 0) {
            $album->perm_owner = $_MG_CONF['member_perm_owner'];
            $album->perm_group = $_MG_CONF['member_perm_group'];
            $album->enable_random = $_MG_CONF['member_enable_random'];
            $album->max_image_height = $_MG_CONF['member_max_height'];
            $album->max_image_width = $_MG_CONF['member_max_width'];
            $album->max_filesize = $_MG_CONF['member_max_filesize'];
            $album->member_uploads = $_MG_CONF['member_uploads'];
            $album->moderate = $_MG_CONF['member_moderate'];
            $album->email_mod = $_MG_CONF['member_email_mod'];
            $album->valid_formats = $_MG_CONF['member_valid_formats'];
        }
    }
    $album->title = substr($album->title, 0, 254);
    if ($_DB_dbms == "mssql") {
        $album->description = substr($album->description, 0, 1500);
    }
    if ($album->last_update == '') {
        $album->last_update = 0;
    }
    $album->last_update = intval($album->last_update);
    if ($album->id < 1) {
        $album->id = $album->createAlbumID();
        $aid = $album->id;
        $album->order = $album->getNextSortOrder();
    }
    if ($album->id == 0) {
        COM_errorLog("MediaGallery: Internal Error - album_id = 0 - Contact mark@glfusion.org  ");
        return MG_genericError($LANG_MG00['access_denied_msg']);
    }
    $album->saveAlbum();
    $album->updateChildPermissions($forceChildPermUpdate);
    // now handle the attached cover...
    if ($attachtn == 1) {
        if (!function_exists('MG_getFile')) {
            require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
        }
        $media_filename = $_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id;
        MG_attachThumbnail($album->id, $thumbnail, $media_filename);
    }
    if ($remove_old_tn == 1) {
        foreach ($_MG_CONF['validExtensions'] as $ext) {
            if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext)) {
                @unlink($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext);
                break;
            }
        }
    }
    MG_initAlbums(1);
    // do any album sorting here...
    if (isset($MG_albums[$aid]) && $MG_albums[$aid]->parent == 0) {
        switch ($MG_albums[$aid]->album_sort_order) {
            case 0:
                break;
            case 3:
                // upload, asc
                MG_staticSortAlbum($aid, 2, 1, 0);
                break;
            case 4:
                // upload, desc
                MG_staticSortAlbum($aid, 2, 0, 0);
                break;
            case 5:
                // title, asc
                MG_staticSortAlbum($aid, 0, 1, 0);
                break;
            case 6:
                // title, desc
                MG_staticSortAlbum($aid, 0, 0, 0);
                break;
            case 7:
                // rating, desc
                MG_staticSortAlbum($aid, 3, 0, 0);
                break;
            case 8:
                // rating, desc
                MG_staticSortAlbum($aid, 3, 1, 0);
                break;
            default:
                // skip it...
                break;
        }
    } else {
        // not a root album...
        switch ($MG_albums[$MG_albums[$aid]->parent]->album_sort_order) {
            case 0:
                break;
            case 3:
                // upload, asc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 1, 0);
                break;
            case 4:
                // upload, desc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 0, 0);
                break;
            case 5:
                // title, asc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 1, 0);
                break;
            case 6:
                // title, desc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 0, 0);
                break;
            case 7:
                // rating, desc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 0, 0);
                break;
            case 8:
                // rating, desc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 1, 0);
                break;
            default:
                // skip it...
                break;
        }
        // now call it for myself to sort my subs
        switch ($MG_albums[$aid]->album_sort_order) {
            case 0:
                break;
            case 3:
                // upload, asc
                MG_staticSortAlbum($aid, 2, 1, 0);
                break;
            case 4:
                // upload, desc
                MG_staticSortAlbum($aid, 2, 0, 0);
                break;
            case 5:
                // title, asc
                MG_staticSortAlbum($aid, 0, 1, 0);
                break;
            case 6:
                // title, desc
                MG_staticSortAlbum($aid, 0, 0, 0);
                break;
            case 7:
                // rating, desc
                MG_staticSortAlbum($aid, 3, 0, 0);
                break;
            case 8:
                // rating, desc
                MG_staticSortAlbum($aid, 3, 1, 0);
                break;
            default:
                // skip it...
                break;
        }
    }
    if (!function_exists('MG_buildFullRSS')) {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
    }
    MG_buildFullRSS();
    MG_buildAlbumRSS($album->id);
    $actionURL = $_MG_CONF['site_url'] . '/album.php?aid=' . $album->id;
    echo COM_refresh($actionURL);
    exit;
}