function admin_delete_photo($user_id, $image_id)
{
global $hp_includepath;
require_once $hp_includepath . 'message-functions.php';
deletePhoto($user_id, $image_id);
$title = 'En bild i ditt fotoalbum har tagits bort';
$message = 'Bild nummer ' . intval($image_id + 1) . ' i ditt fotoalbum har raderats av en administratör.' . "\n";
$message .= 'Det kan finnas många anledningar till att en bild tas bort, men oftast beror det på något av följande:' . "\n";
$message .= '* Bilden innehöll rasistisk eller nazistisk propaganda.' . "\n";
$message .= '* Bilden var pornografisk.' . "\n";
$message .= '* Bilden var rent ut sagt äcklig eller vidrig, och kunde verka obehaglig för våra yngre medlemmar.' . "\n";
$message .= '* Bilden var kränkande.' . "\n";
$message .= "\n\n";
$message .= 'Vi som arbetar med hamsterpaj vill göra siten till en så trevlig webbplats som möjligt, därför är behöver vi';
$message .= ' ibland ta bort bilder. Vi hoppas att du förstår varför bilden togs bort och önskar dig en trevlig tid här på hamsterpaj.';
$message .= "\n\n\n" . 'Med vänliga hälsningar, hamsterpaj.net administrations-team.';
messages_send(2348, $user_id, $title, $message);
//log_admin_event('deleted photo', $message , $_SESSION['login']['id'], $user_id, $image_id);
//loggning görs i deletePhoto()
}
$photo_album->setValue('pho_quantity', $photo_album->getValue('pho_quantity') - 1);
$photo_album->save();
}
}
// Foto um 90° drehen
if ($getJob === 'rotate') {
// nur bei gueltigen Uebergaben weiterarbeiten
if ($getDirection !== '') {
// Aufruf des ggf. uebergebenen Albums
$photo_album = new TablePhotos($gDb, $getPhotoId);
// Thumbnail loeschen
deleteThumbnail($photo_album, $getPhotoNr);
// Ordnerpfad zusammensetzen
$photo_path = SERVER_PATH . '/adm_my_files/photos/' . $photo_album->getValue('pho_begin', 'Y-m-d') . '_' . $photo_album->getValue('pho_id') . '/' . $getPhotoNr . '.jpg';
// Bild drehen
$image = new Image($photo_path);
$image->rotate($getDirection);
$image->delete();
}
} elseif ($getJob === 'delete') {
// das entsprechende Bild wird physikalisch und in der DB geloescht
deletePhoto($getPhotoId, $getPhotoNr);
// Neu laden der Albumdaten
$photo_album = new TablePhotos($gDb);
if ($getPhotoId > 0) {
$photo_album->readDataById($getPhotoId);
}
$_SESSION['photo_album'] = $photo_album;
// Loeschen erfolgreich -> Rueckgabe fuer XMLHttpRequest
echo 'done';
}
}
$json = file_get_contents('php://input');
$data = json_decode($json);
$headers = apache_request_headers();
$header = str_replace("Bearer ", "", $headers['Authorization']);
$contentHeaders = explode(';', $headers['Content-Type'], 2);
$JWT = new JWT();
try {
$decoded_token = $JWT->decode($header, $key, array($alg));
if ($contentHeaders[0] != 'multipart/form-data') {
if ($data->location === 'fetch_photos') {
fetchPhotos($data, $db);
} elseif ($data->location === 'update_caption') {
updateCaption($data, $db);
} elseif ($data->location === 'delete_photo') {
deletePhoto($data, $db);
}
} elseif ($contentHeaders[0] == 'multipart/form-data') {
$data = json_decode($_POST['data']);
if ($data->location === 'insert_photos') {
insertPhotos($data, $db);
}
}
} catch (DomainException $e) {
header_status(401);
$response['status'] = 'Error';
$response['message'] = $e->getMessage();
echo json_encode($response);
die;
}
function insertPhotos($data, $db)
public function loadProfil()
{
$pseudouser = str_replace(' ', '-', $_SESSION['user']['pseudo']);
$succes = "";
$error = "";
$nomville = "";
if (!empty($_POST)) {
if (!empty($_POST['modifyProfil'])) {
$verification = new Verification($_POST);
$verificationPhoto = new Verification($_FILES);
$verification->notEmpty('email', "Veuillez compléter le champ email.");
$verification->notEmpty('nom', "Spécifiez votre nom de famille.");
$verification->notEmpty('prenom', "Spécifiez votre prénom.");
$verification->notEmpty('sexe', "Êtes-vous un homme ou une femme?");
$verification->notEmpty('ville', "Choississez une ville.");
$error .= $verification->error;
if ($verification->isValid()) {
if (!empty($_FILES['photo']['name'])) {
$verificationPhoto->PhotoOk('photo', $pseudouser . '.jpg', 'Users/Profil', false);
}
if (!empty($_FILES['couverture']['name'])) {
$verificationPhoto->PhotoOk('couverture', $pseudouser . '.jpg', 'Users/Bannière', false);
}
if (!$verificationPhoto->isValid()) {
$error .= "Un problème s'est produit lors de l'ajout des photos.";
} else {
if (!empty($_FILES['photo']['name'])) {
deletePhoto($pseudouser . '.jpg', 'Users/Profil', 'photo');
}
if (!empty($_FILES['couverture']['name'])) {
deletePhoto($pseudouser . '.jpg', 'Users/Bannière', 'couverture');
}
/*upload images*/
//
$error .= uploadPhoto($pseudouser . '.jpg', 'Users/Profil', 'photo');
$error .= uploadPhoto($pseudouser . '.jpg', 'Users/Bannière', 'couverture');
}
if (empty($error)) {
$ville = $this->groupe->getVilleByName($_POST['ville'])->fetch();
$id_ville = $ville['id'];
$this->user->modifierProfil($_SESSION['user']['pseudo'], $id_ville);
$succes = "Profil modifié avec succès!";
}
}
}
if (!empty($_POST['changePw'])) {
$verification = new Verification($_POST);
$verificationPhoto = new Verification($_FILES);
$verification->notEmpty('ex_mot_de_passe', "Veuillez spécifier votre ancien mot de passer.");
$verification->notEmpty('mot_de_passe', "Spécifiez votre nouveau mot de passe.");
$verification->notEmpty('mot_de_passe_confirmation', "Retapez votre nouveau mot de passe.");
$error .= $verification->error;
if ($verification->isValid()) {
if ($this->user->CheckPasswordUser()) {
if ($_POST['mot_de_passe'] == $_POST['mot_de_passe_confirmation']) {
if (passwordOk($_POST['mot_de_passe'])) {
$this->user->updatePw();
$data = $this->user->CheckUser()->fetch();
$_SESSION['user'] = $data;
$succes = "Mot de passe modifié avec succès.";
} else {
$error .= 'Le mot de passe ne possède pas les bons critères';
}
} else {
$error .= 'Les deux nouveaux mots de passent ne correspondent pas.';
}
} else {
$error .= "L'ancien mot de passe fourni n'est pas correcte.";
}
}
}
}
$id_ville = $_SESSION['user']['id_ville'];
if (!empty($_SESSION['user']['id_ville'])) {
$ville = $this->groupe->getVilleById($id_ville)->fetch();
$nomville = $ville['name'];
}
$_SESSION['user'] = $this->user->getDataUser($_SESSION['user']['pseudo'])->fetch();
//refresh la session.
$vue = new Vue("Profil", "User", ['stylesheet.css'], ['calendrier.js', 'modifier_profil.js', 'showphoto.js', 'RechercheGroupe.js', 'Verification.js']);
$vue->loadpage(['nomville' => $nomville, 'pseudouser' => $pseudouser, 'error' => $error, 'succes' => $succes]);
}
/**
* Lists the reports.
*
* @param int $page
*/
public function index($page = 1)
{
// If user doesn't have access, redirect to dashboard
if (!admin::permissions($this->user, "reports_view")) {
url::redirect(url::site() . 'admin/dashboard');
}
$this->template->content = new View('admin/reports');
$this->template->content->title = Kohana::lang('ui_admin.reports');
//hook into the event for the reports::fetch_incidents() method
Event::add('ushahidi_filter.fetch_incidents_set_params', array($this, '_add_incident_filters'));
$status = "0";
if (!empty($_GET['status'])) {
$status = $_GET['status'];
if (strtolower($status) == 'a') {
array_push($this->params, 'i.incident_active = 0');
} elseif (strtolower($status) == 'v') {
array_push($this->params, 'i.incident_verified = 0');
} else {
$status = "0";
}
}
// Get Search Keywords (If Any)
if (isset($_GET['k'])) {
// Brute force input sanitization
// Phase 1 - Strip the search string of all non-word characters
$keyword_raw = isset($_GET['k']) ? preg_replace('#/\\w+/#', '', $_GET['k']) : "";
// Strip any HTML tags that may have been missed in Phase 1
$keyword_raw = strip_tags($keyword_raw);
// Phase 3 - Invoke Kohana's XSS cleaning mechanism just incase an outlier wasn't caught
// in the first 2 steps
$keyword_raw = $this->input->xss_clean($keyword_raw);
$filter = " (" . $this->_get_searchstring($keyword_raw) . ")";
array_push($this->params, $filter);
} else {
$keyword_raw = "";
}
// Check, has the form been submitted?
$form_error = FALSE;
$form_saved = FALSE;
$form_action = "";
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('action', 'required', 'alpha', 'length[1,1]');
$post->add_rules('incident_id.*', 'required', 'numeric');
if ($post->validate()) {
// Approve Action
if ($post->action == 'a') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == TRUE) {
$update->incident_active = $update->incident_active == 0 ? '1' : '0';
// Tag this as a report that needs to be sent out as an alert
if ($update->incident_alert_status != '2') {
// 2 = report that has had an alert sent
$update->incident_alert_status = '1';
}
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '1';
// Record 'Verified By' Action
$verify->user_id = $_SESSION['auth_user']->id;
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
// Action::report_approve - Approve a Report
Event::run('ushahidi_action.report_approve', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.approved'));
} elseif ($post->action == 'u') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == TRUE) {
$update->incident_active = '0';
// If Alert hasn't been sent yet, disable it
if ($update->incident_alert_status == '1') {
$update->incident_alert_status = '0';
}
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '0';
// Record 'Verified By' Action
$verify->user_id = $_SESSION['auth_user']->id;
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
// Action::report_unapprove - Unapprove a Report
Event::run('ushahidi_action.report_unapprove', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.unapproved'));
} elseif ($post->action == 'v') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
$verify = new Verify_Model();
if ($update->loaded == TRUE) {
if ($update->incident_verified == '1') {
$update->incident_verified = '0';
$verify->verified_status = '0';
} else {
$update->incident_verified = '1';
$verify->verified_status = '2';
}
$update->save();
$verify->incident_id = $item;
// Record 'Verified By' Action
$verify->user_id = $_SESSION['auth_user']->id;
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
}
}
// Set the form action
$form_action = strtoupper(Kohana::lang('ui_admin.verified_unverified'));
} elseif ($post->action == 'd') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == TRUE) {
$incident_id = $update->id;
$location_id = $update->location_id;
$update->delete();
// Delete Location
ORM::factory('location')->where('id', $location_id)->delete_all();
// Delete Categories
ORM::factory('incident_category')->where('incident_id', $incident_id)->delete_all();
// Delete Translations
ORM::factory('incident_lang')->where('incident_id', $incident_id)->delete_all();
// Delete Photos From Directory
foreach (ORM::factory('media')->where('incident_id', $incident_id)->where('media_type', 1) as $photo) {
deletePhoto($photo->id);
}
// Delete Media
ORM::factory('media')->where('incident_id', $incident_id)->delete_all();
// Delete Sender
ORM::factory('incident_person')->where('incident_id', $incident_id)->delete_all();
// Delete relationship to SMS message
$updatemessage = ORM::factory('message')->where('incident_id', $incident_id)->find();
if ($updatemessage->loaded == TRUE) {
$updatemessage->incident_id = 0;
$updatemessage->save();
}
// Delete Comments
ORM::factory('comment')->where('incident_id', $incident_id)->delete_all();
// Delete form responses
ORM::factory('form_response')->where('incident_id', $incident_id)->delete_all();
// Action::report_delete - Deleted a Report
Event::run('ushahidi_action.report_delete', $incident_id);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.deleted'));
}
$form_saved = TRUE;
} else {
$form_error = TRUE;
}
}
// Fetch all incidents
$all_incidents = reports::fetch_incidents();
// Pagination
$pagination = new Pagination(array('style' => 'front-end-reports', 'query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page'), 'total_items' => $all_incidents->count()));
Event::run('ushahidi_filter.pagination', $pagination);
// Reports
$incidents = Incident_Model::get_incidents(reports::$params, $pagination);
Event::run('ushahidi_filter.filter_incidents', $incidents);
$this->template->content->countries = Country_Model::get_countries_list();
$this->template->content->incidents = $incidents;
$this->template->content->pagination = $pagination;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->form_action = $form_action;
// Total Reports
$this->template->content->total_items = $pagination->total_items;
// Status Tab
$this->template->content->status = $status;
// Javascript Header
$this->template->js = new View('admin/reports_js');
}
<?php
include "connect/database.php";
validaSession();
securityValidation($_COOKIE['id'], "14");
if (isset($_GET['i'])) {
$rs_banDel = mysql_fetch_object(listAll("banners", "WHERE id = {$_GET['i']}"));
deletePhoto($rs_banDel->img, "../../www/beta/fototea/banners/");
eliminarRegistro('banners', 'id', $_GET['i']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Banner</title>
<link rel="stylesheet" href="css/style.css" type="text/css" />
<!--[if IE 9]>
<link rel="stylesheet" media="screen" href="css/ie9.css"/>
<![endif]-->
<!--[if IE 8]>
<link rel="stylesheet" media="screen" href="css/ie8.css"/>
<![endif]-->
<!--[if IE 7]>
<link rel="stylesheet" media="screen" href="css/ie7.css"/>
<![endif]-->
<script type="text/javascript" src="js/plugins/jquery-1.7.min.js"></script>
<script type="text/javascript" src="js/plugins/jquery.flot.min.js"></script>
/**
* Processes loading of this sample code through a web browser. Uses AuthSub
* authentication and outputs a list of a user's albums if succesfully
* authenticated.
*
* @return void
*/
function processPageLoad()
{
global $_SESSION, $_GET;
if (!isset($_SESSION['sessionToken']) && !isset($_GET['token'])) {
requestUserLogin('Please login to your Google Account.');
} else {
$client = getAuthSubHttpClient();
if (!empty($_REQUEST['command'])) {
switch ($_REQUEST['command']) {
case 'retrieveSelf':
outputUserFeed($client, "default");
break;
case 'retrieveUser':
outputUserFeed($client, $_REQUEST['user']);
break;
case 'retrieveAlbumFeed':
outputAlbumFeed($client, $_REQUEST['user'], $_REQUEST['album']);
break;
case 'retrievePhotoFeed':
outputPhotoFeed($client, $_REQUEST['user'], $_REQUEST['album'], $_REQUEST['photo']);
break;
}
}
// Now we handle the potentially destructive commands, which have to
// be submitted by POST only.
if (!empty($_POST['command'])) {
switch ($_POST['command']) {
case 'addPhoto':
addPhoto($client, $_POST['user'], $_POST['album'], $_FILES['photo']);
break;
case 'deletePhoto':
deletePhoto($client, $_POST['user'], $_POST['album'], $_POST['photo']);
break;
case 'addAlbum':
addAlbum($client, $_POST['user'], $_POST['name']);
break;
case 'deleteAlbum':
deleteAlbum($client, $_POST['user'], $_POST['album']);
break;
case 'addComment':
addComment($client, $_POST['user'], $_POST['album'], $_POST['photo'], $_POST['comment']);
break;
case 'addTag':
addTag($client, $_POST['user'], $_POST['album'], $_POST['photo'], $_POST['tag']);
break;
case 'deleteComment':
deleteComment($client, $_POST['user'], $_POST['album'], $_POST['photo'], $_POST['comment']);
break;
case 'deleteTag':
deleteTag($client, $_POST['user'], $_POST['album'], $_POST['photo'], $_POST['tag']);
break;
default:
break;
}
}
// If a menu parameter is available, display a submenu.
if (!empty($_REQUEST['menu'])) {
switch ($_REQUEST['menu']) {
case 'user':
displayUserMenu();
break;
case 'photo':
displayPhotoMenu();
break;
case 'album':
displayAlbumMenu();
break;
case 'logout':
logout();
break;
default:
header('HTTP/1.1 400 Bad Request');
echo "<h2>Invalid menu selection.</h2>\n";
echo "<p>Please check your request and try again.</p>";
}
}
if (empty($_REQUEST['menu']) && empty($_REQUEST['command'])) {
displayMenu();
}
}
}
/**
* Lists the reports.
* @param int $page
*/
function index($page = 1)
{
$this->template->content = new View('admin/reports');
$this->template->content->title = Kohana::lang('ui_admin.reports');
if (!empty($_GET['status'])) {
$status = $_GET['status'];
if (strtolower($status) == 'a') {
$filter = 'incident_active = 0';
} elseif (strtolower($status) == 'v') {
$filter = 'incident_verified = 0';
} else {
$status = "0";
$filter = '1=1';
}
} else {
$status = "0";
$filter = "1=1";
}
// Get Search Keywords (If Any)
if (isset($_GET['k'])) {
$keyword_raw = $_GET['k'];
$filter .= " AND (" . $this->_get_searchstring($keyword_raw) . ")";
} else {
$keyword_raw = "";
}
// check, has the form been submitted?
$form_error = FALSE;
$form_saved = FALSE;
$form_action = "";
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('action', 'required', 'alpha', 'length[1,1]');
$post->add_rules('incident_id.*', 'required', 'numeric');
if ($post->validate()) {
if ($post->action == 'a') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$update->incident_active = '1';
// Tag this as a report that needs to be sent out as an alert
$update->incident_alert_status = '1';
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '1';
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.approved'));
} elseif ($post->action == 'u') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$update->incident_active = '0';
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '0';
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.unapproved'));
} elseif ($post->action == 'v') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
$verify = new Verify_Model();
if ($update->loaded == true) {
if ($update->incident_verified == '1') {
$update->incident_verified = '0';
$verify->verified_status = '0';
} else {
$update->incident_verified = '1';
$verify->verified_status = '2';
}
$update->save();
$verify->incident_id = $item;
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
}
}
$form_action = "VERIFIED";
} elseif ($post->action == 'd') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$incident_id = $update->id;
$location_id = $update->location_id;
$update->delete();
// Delete Location
ORM::factory('location')->where('id', $location_id)->delete_all();
// Delete Categories
ORM::factory('incident_category')->where('incident_id', $incident_id)->delete_all();
// Delete Translations
ORM::factory('incident_lang')->where('incident_id', $incident_id)->delete_all();
// Delete Photos From Directory
foreach (ORM::factory('media')->where('incident_id', $incident_id)->where('media_type', 1) as $photo) {
deletePhoto($photo->id);
}
// Delete Media
ORM::factory('media')->where('incident_id', $incident_id)->delete_all();
// Delete Sender
ORM::factory('incident_person')->where('incident_id', $incident_id)->delete_all();
// Delete relationship to SMS message
$updatemessage = ORM::factory('message')->where('incident_id', $incident_id)->find();
if ($updatemessage->loaded == true) {
$updatemessage->incident_id = 0;
$updatemessage->save();
}
// Delete relationship to Twitter message
$updatemessage = ORM::factory('twitter')->where('incident_id', $incident_id)->find();
if ($updatemessage->loaded == true) {
$updatemessage->incident_id = 0;
$updatemessage->save();
}
// Delete Comments
ORM::factory('comment')->where('incident_id', $incident_id)->delete_all();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.deleted'));
}
$form_saved = TRUE;
} else {
$form_error = TRUE;
}
}
// Pagination
$pagination = new Pagination(array('query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page_admin'), 'total_items' => ORM::factory('incident')->where($filter)->join('location', 'incident.location_id', 'location.id', 'INNER')->count_all()));
$incidents = ORM::factory('incident')->where($filter)->orderby('incident_dateadd', 'desc')->join('location', 'incident.location_id', 'location.id', 'INNER')->find_all((int) Kohana::config('settings.items_per_page_admin'), $pagination->sql_offset);
//GET countries
$countries = array();
foreach (ORM::factory('country')->orderby('country')->find_all() as $country) {
// Create a list of all categories
$this_country = $country->country;
if (strlen($this_country) > 35) {
$this_country = substr($this_country, 0, 35) . "...";
}
$countries[$country->id] = $this_country;
}
$this->template->content->countries = $countries;
$this->template->content->incidents = $incidents;
$this->template->content->pagination = $pagination;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->form_action = $form_action;
// Total Reports
$this->template->content->total_items = $pagination->total_items;
// Status Tab
$this->template->content->status = $status;
// Javascript Header
$this->template->js = new View('admin/reports_js');
}
$category = [];
}
foreach ($category as $value) {
bindPhotoCategory($photo['id'], $value);
}
$update_photo = updatePhoto($photo['id'], $letitre, $ladesc);
if ($update_photo == false) {
$editerror = 'La modification a échoué !';
}
// errors ? stack in a variable and show them
} else {
header('Location: ./?page=deconnect');
}
} elseif ($action == 'delete') {
unbindPhotoCategory($photo['id']);
deletePhoto($photo['id']);
unlink(CHEMIN_RACINE . $dossier_ori . $photo['lenom'] . '.' . $photo['lextension']);
unlink(CHEMIN_RACINE . $dossier_gd . $photo['lenom'] . '.jpg');
unlink(CHEMIN_RACINE . $dossier_mini . $photo['lenom'] . '.jpg');
}
} else {
header('Location: ./?page=deconnect');
}
} else {
header('Location: ./?page=deconnect');
}
} else {
header('Location: ./?page=deconnect');
}
}
// photo upload
<?php
include "connect/database.php";
validaSession();
securityValidation($_COOKIE['id'], "14");
$ban = listAll("banners", "WHERE\tid = {$_GET['i']}");
$rs_ban = mysql_fetch_object($ban);
if ($_POST) {
$img_del = deletePhoto($rs_ban->img, "../../www/beta/fototea/banners/");
$imagen = uploadFile("imagen", "../../www/beta/fototea/banners/", "50");
$values = "titulo = '" . $_POST['titulo'] . "',texto = '" . $_POST['texto'] . "',orden = '" . $_POST['orden'] . "',img = '" . $imagen . "'";
$bannerIn = updateTable("banners", $values, "id = {$_GET['i']}");
if ($bannerIn != false) {
?>
<script>
alert("Se ha modificado el banner correctamente.");
window.location="banner.php";
</script>
<?php
} else {
?>
<script>
alert("No se ha podido modificar el banner correctamente.");
window.history.back();
</script>
<?php
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
/**
* Lists the reports.
* @param int $page
*/
function index($page = 1)
{
// If user doesn't have access, redirect to dashboard
if (!admin::permissions($this->user, "reports_view")) {
url::redirect(url::site() . 'admin/dashboard');
}
$this->template->content = new View('adminmap/adminmap_reports');
$this->template->content->title = Kohana::lang('ui_admin.reports');
if (!empty($_GET['status'])) {
$status = $_GET['status'];
if (strtolower($status) == 'a') {
$filter = 'incident.incident_active = 0';
} elseif (strtolower($status) == 'v') {
$filter = 'incident.incident_verified = 0';
} else {
$status = "0";
$filter = '1=1';
}
} else {
$status = "0";
$filter = "1=1";
}
// check, has the form been submitted?
$form_error = FALSE;
$form_saved = FALSE;
$form_action = "";
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('action', 'required', 'alpha', 'length[1,1]');
$post->add_rules('incident_id.*', 'required', 'numeric');
if ($post->validate()) {
if ($post->action == 'a') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
if ($update->incident_active == 0) {
$update->incident_active = '1';
} else {
$update->incident_active = '0';
}
// Tag this as a report that needs to be sent out as an alert
if ($update->incident_alert_status != '2') {
// 2 = report that has had an alert sent
$update->incident_alert_status = '1';
}
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '1';
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
// Action::report_approve - Approve a Report
Event::run('ushahidi_action.report_approve', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.approved'));
} elseif ($post->action == 'u') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$update->incident_active = '0';
// If Alert hasn't been sent yet, disable it
if ($update->incident_alert_status == '1') {
$update->incident_alert_status = '0';
}
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '0';
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
// Action::report_unapprove - Unapprove a Report
Event::run('ushahidi_action.report_unapprove', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.unapproved'));
} elseif ($post->action == 'v') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
$verify = new Verify_Model();
if ($update->loaded == true) {
if ($update->incident_verified == '1') {
$update->incident_verified = '0';
$verify->verified_status = '0';
} else {
$update->incident_verified = '1';
$verify->verified_status = '2';
}
$update->save();
$verify->incident_id = $item;
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
}
}
$form_action = "VERIFIED";
} elseif ($post->action == 'd') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$incident_id = $update->id;
$location_id = $update->location_id;
$update->delete();
// Delete Location
ORM::factory('location')->where('id', $location_id)->delete_all();
// Delete Categories
ORM::factory('incident_category')->where('incident_id', $incident_id)->delete_all();
// Delete Translations
ORM::factory('incident_lang')->where('incident_id', $incident_id)->delete_all();
// Delete Photos From Directory
foreach (ORM::factory('media')->where('incident_id', $incident_id)->where('media_type', 1) as $photo) {
deletePhoto($photo->id);
}
// Delete Media
ORM::factory('media')->where('incident_id', $incident_id)->delete_all();
// Delete Sender
ORM::factory('incident_person')->where('incident_id', $incident_id)->delete_all();
// Delete relationship to SMS message
$updatemessage = ORM::factory('message')->where('incident_id', $incident_id)->find();
if ($updatemessage->loaded == true) {
$updatemessage->incident_id = 0;
$updatemessage->save();
}
// Delete Comments
ORM::factory('comment')->where('incident_id', $incident_id)->delete_all();
// Action::report_delete - Deleted a Report
Event::run('ushahidi_action.report_delete', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.deleted'));
}
$form_saved = TRUE;
} else {
$form_error = TRUE;
}
}
$db = new Database();
// Category ID
$category_ids = array();
if (isset($_GET['c']) and !empty($_GET['c'])) {
$category_ids = explode(",", $_GET['c']);
//get rid of that trailing ","
} else {
$category_ids = array("0");
}
// logical operator
$logical_operator = "or";
if (isset($_GET['lo']) and !empty($_GET['lo'])) {
$logical_operator = $_GET['lo'];
}
$show_unapproved = "3";
//1 show only approved, 2 show only unapproved, 3 show all
//figure out if we're showing unapproved stuff or what.
if (isset($_GET['u']) and !empty($_GET['u'])) {
$show_unapproved = (int) $_GET['u'];
}
$approved_text = "";
if ($show_unapproved == 1) {
$approved_text = "incident.incident_active = 1 ";
} else {
if ($show_unapproved == 2) {
$approved_text = "incident.incident_active = 0 ";
} else {
if ($show_unapproved == 3) {
$approved_text = " (incident.incident_active = 0 OR incident.incident_active = 1) ";
}
}
}
// Start Date
$start_date = (isset($_GET['s']) and !empty($_GET['s'])) ? (int) $_GET['s'] : "0";
// End Date
$end_date = (isset($_GET['e']) and !empty($_GET['e'])) ? (int) $_GET['e'] : "0";
$filter .= $start_date ? " AND incident.incident_date >= '" . date("Y-m-d H:i:s", $start_date) . "'" : "";
$filter .= $end_date ? " AND incident.incident_date <= '" . date("Y-m-d H:i:s", $end_date) . "'" : "";
$location_where = "";
// Break apart location variables, if necessary
$southwest = array();
if (isset($_GET['sw'])) {
$southwest = explode(",", $_GET['sw']);
}
$northeast = array();
if (isset($_GET['ne'])) {
$northeast = explode(",", $_GET['ne']);
}
if (count($southwest) == 2 and count($northeast) == 2) {
$lon_min = (double) $southwest[0];
$lon_max = (double) $northeast[0];
$lat_min = (double) $southwest[1];
$lat_max = (double) $northeast[1];
$location_where = ' AND (location.latitude >=' . $lat_min . ' AND location.latitude <=' . $lat_max . ' AND location.longitude >=' . $lon_min . ' AND location.longitude <=' . $lon_max . ') ';
}
$reports_count = adminmap_reports::get_reports_count($category_ids, $approved_text, $location_where . " AND " . $filter, $logical_operator);
// Pagination
$pagination = new Pagination(array('query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page'), 'total_items' => $reports_count));
$incidents = adminmap_reports::get_reports($category_ids, $approved_text, $location_where . " AND " . $filter, $logical_operator, "incident.incident_date", "asc", (int) Kohana::config('settings.items_per_page_admin'), $pagination->sql_offset);
//GET countries
$countries = array();
foreach (ORM::factory('country')->orderby('country')->find_all() as $country) {
// Create a list of all categories
$this_country = $country->country;
if (strlen($this_country) > 35) {
$this_country = substr($this_country, 0, 35) . "...";
}
$countries[$country->id] = $this_country;
}
$this->template->content->countries = $countries;
$this->template->content->incidents = $incidents;
$this->template->content->pagination = $pagination;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->form_action = $form_action;
// Total Reports
$this->template->content->total_items = $pagination->total_items;
// Status Tab
$this->template->content->status = $status;
// Javascript Header
$this->template->js = new View('admin/reports_js');
}
public function loadEvenementsGroupe($id_groupe)
{
$vue = new Vue("EvenementsGroupe", "Groupe", ['stylesheet.css']);
$succes = "";
$error = "";
if (!empty($_POST)) {
if (!empty($_POST['abonnement'])) {
$this->groupe->joinGroupe($_SESSION['user']['id'], $id_groupe);
$this->groupe->quitInvit($_SESSION['user']['id'], $id_groupe);
$succes = 'Vous avez rejoint le groupe avec succès!';
}
if (!empty($_POST['desabonnement'])) {
$this->groupe->quitGroupe($_SESSION['user']['id'], $id_groupe);
$succes = "Vous avez quitté le groupe avec succès.";
}
if (!empty($_POST['desiste'])) {
$this->groupe->quitInvit($_SESSION['user']['id'], $id_groupe);
$succes = "Vous avez refusé l'invitation";
}
if (!empty($_POST['deleteEve'])) {
$this->groupe->deleteEvenement($id_groupe);
$nom_evenement = str_replace(' ', '-', $_POST['nom']);
$error .= deletePhoto($nom_evenement . '.jpg', 'Groupes/Evenements', 'Erreur lors de la suppression de la photo.');
if (empty($error)) {
$succes = "Evenement effacé avec succès!";
}
}
}
$isMembre = $this->groupe->isMembre($_SESSION['user']['id'], $id_groupe);
$isLeader = $this->groupe->isleader($_SESSION['user']['id'], $id_groupe);
$datagroupe = $this->groupe->getInfoGroup($id_groupe)->fetch();
$ville = $this->groupe->getVilleById($datagroupe['id_ville'])->fetch();
$NBmembres = $this->groupe->countmembres($id_groupe)->fetchAll();
$isInvit = $this->groupe->isInvit($id_groupe, $_SESSION['user']['id']);
$sport = $this->groupe->getSport($datagroupe['id_sport'])->fetch();
$evenement = $this->groupe->getEvenements($id_groupe)->fetchAll();
$vue->loadpage(['datagroupe' => $datagroupe, 'isInvit' => $isInvit, 'NBmembres' => $NBmembres, 'ville' => $ville, 'sport' => $sport, 'isLeader' => $isLeader, 'evenement' => $evenement, 'isMembre' => $isMembre, 'error' => $error, 'succes' => $succes]);
}
public function loadBackOfficeClub()
{
if (!empty($_POST)) {
if (isset($_POST['modifierclub'])) {
$verification = new Verification($_POST);
$verificationPhoto = new Verification($_FILES);
if (!empty($_FILES['photo']['name'])) {
$verificationPhoto->PhotoOk('photo', $_POST['nomclub'] . '.jpg', 'Clubs/Bannière/', false);
}
$verification->notEmpty('informations', "Veuillez remplir la description du club.");
$verification->notEmpty('telephone', "Veuillez remplir le numéro de téléphone du club.");
$verification->notEmpty('email', "Veuillez remplir l'adresse email du club.");
$verification->notEmpty('lien', "Veuillez ajouter le lien du site du club.");
$verification->notEmpty('adresse', "Veuillez remplir l'adresse du club.");
$error = $verification->error;
if ($verification->isValid() && $verificationPhoto->isValid()) {
if (!empty($_FILES['photo']['name'])) {
deletePhoto($_POST['nomclub'] . '.jpg', 'Clubs/Bannière', 'photo');
}
/*upload images*/
$error .= uploadPhoto($_POST['nomclub'] . '.jpg', 'Clubs/Bannière', 'photo');
if (empty($error)) {
$this->admin->updateClub($_POST['id_club']);
$succes = "Club modifié avec succès!";
}
}
}
if (isset($_POST['addclub'])) {
if (!empty($_FILES['photo']['name'])) {
$error .= "Veuillez selectionner une icone pour le club.";
}
$verification = new Verification($_POST);
$verificationPhoto = new Verification($_FILES);
$verification->notEmpty('informations', "Veuillez remplir la description du club.");
$verification->notEmpty('telephone', "Veuillez remplir le numéro de téléphone du club.");
$verification->notEmpty('email', "Veuillez remplir l'adresse email du club.");
$verification->notEmpty('lien', "Veuillez ajouter le lien du site du club.");
$verification->notEmpty('nom', "Veuillez remplir le nom du club.");
$verification->notEmpty('adresse', "Veuillez remplir l'adresse du club.");
$nomclub = str_replace(' ', '-', $_POST['nom']);
$verificationPhoto->PhotoOk('photo', $nomclub . '.jpg', 'Clubs/Bannière');
$error = $verification->error;
if ($verification->isValid() && $verificationPhoto->isValid()) {
$error .= uploadPhoto($nomclub . '.jpg', 'Clubs/Bannière/', 'photo');
if (empty($error)) {
$this->admin->addClub();
$succes = "Club ajouté avec succès!";
}
}
}
if (isset($_POST['Suppr'])) {
//supprimer club ici.
$this->admin->deleteClub();
$succes = "Suppression réussie!";
}
}
$clubs = $this->groupe->getClubs()->fetchAll();
$vue = new Vue("BackOfficeClub", "Admin", ['font-awesome.css', 'admin.css'], ['Admin/admin.js']);
$vue->loadbackoffice(['clubs' => $clubs, 'error' => $error, 'succes' => $succes]);
}
$lefteye_x = $mysqli->real_escape_string(filter_input(INPUT_POST, "lefteyeX"));
$lefteye_y = $mysqli->real_escape_string(filter_input(INPUT_POST, "lefteyeY"));
$righteye_x = $mysqli->real_escape_string(filter_input(INPUT_POST, "righteyeX"));
$righteye_y = $mysqli->real_escape_string(filter_input(INPUT_POST, "righteyeY"));
if ($method == "newuser") {
$answer = newUser($firstname, $lastname, $nickname, $sex, $birthday);
} elseif ($method == "getallusers") {
$answer = getAllUsers();
} elseif ($method == "getuserdata") {
$answer = getUserData($id);
} elseif ($method == "updateuser") {
$answer = updateUser($id, $firstname, $lastname, $nickname, $sex, $birthday);
} elseif ($method == "deleteuser") {
$answer = deleteuser($id);
} elseif ($method == "getuserimageids") {
$answer = getUserImageIds($id);
} elseif ($method == "newphoto") {
$answer = uploadNewPhoto($id);
} elseif ($method == "deletephoto") {
$answer = deletePhoto($id);
} elseif ($method == "updateeyes") {
$answer = updateEyes($id, $lefteye_x, $lefteye_y, $righteye_x, $righteye_y);
} else {
echo "\"{$method}\" is an unknown method";
}
echo $answer;
return;
}
header($_SERVER["SERVER_PROTOCOL"] . " 400 Bad Request");
echo "no method";
return;
/**
* Lists the reports.
* @param int $page
*/
function index($page = 1)
{
$auth = new auth();
if (!($auth and $auth->logged_in('superadmin'))) {
url::redirect('admin/dashboard');
}
$this->template->content = new View('simplegroups/reportssuper');
$this->template->content->title = Kohana::lang('ui_admin.reports');
if (!empty($_GET['status'])) {
$status = $_GET['status'];
if (strtolower($status) == 'a') {
$filter = 'incident_active = 0';
} elseif (strtolower($status) == 'v') {
$filter = 'incident_verified = 0';
} else {
$status = "0";
$filter = '1=1';
}
} else {
$status = "0";
$filter = "1=1";
}
// Get Search Keywords (If Any)
if (isset($_GET['k'])) {
// Brute force input sanitization
// Phase 1 - Strip the search string of all non-word characters
$keyword_raw = preg_replace('/[^\\w+]\\w*/', '', $_GET['k']);
// Strip any HTML tags that may have been missed in Phase 1
$keyword_raw = strip_tags($keyword_raw);
// Phase 3 - Invoke Kohana's XSS cleaning mechanism just incase an outlier wasn't caught
// in the first 2 steps
$keyword_raw = $this->input->xss_clean($keyword_raw);
$filter .= " AND (" . $this->_get_searchstring($keyword_raw) . ")";
} else {
$keyword_raw = "";
}
// check, has the form been submitted?
$form_error = FALSE;
$form_saved = FALSE;
$form_action = "";
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('action', 'required', 'alpha', 'length[1,1]');
$post->add_rules('incident_id.*', 'required', 'numeric');
if ($post->validate()) {
if ($post->action == 'a') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
if ($update->incident_active == 0) {
$update->incident_active = '1';
} else {
$update->incident_active = '0';
}
// Tag this as a report that needs to be sent out as an alert
if ($update->incident_alert_status != '2') {
// 2 = report that has had an alert sent
$update->incident_alert_status = '1';
}
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '1';
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
// Action::report_approve - Approve a Report
Event::run('ushahidi_action.report_approve', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.approved'));
} elseif ($post->action == 'u') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$update->incident_active = '0';
// If Alert hasn't been sent yet, disable it
if ($update->incident_alert_status == '1') {
$update->incident_alert_status = '0';
}
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '0';
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
// Action::report_unapprove - Unapprove a Report
Event::run('ushahidi_action.report_unapprove', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.unapproved'));
} elseif ($post->action == 'v') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
$verify = new Verify_Model();
if ($update->loaded == true) {
if ($update->incident_verified == '1') {
$update->incident_verified = '0';
$verify->verified_status = '0';
} else {
$update->incident_verified = '1';
$verify->verified_status = '2';
}
$update->save();
$verify->incident_id = $item;
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
}
}
$form_action = "VERIFIED";
} elseif ($post->action == 'd') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$incident_id = $update->id;
$location_id = $update->location_id;
$update->delete();
// Delete Location
ORM::factory('location')->where('id', $location_id)->delete_all();
// Delete Categories
ORM::factory('incident_category')->where('incident_id', $incident_id)->delete_all();
// Delete Translations
ORM::factory('incident_lang')->where('incident_id', $incident_id)->delete_all();
// Delete Photos From Directory
foreach (ORM::factory('media')->where('incident_id', $incident_id)->where('media_type', 1) as $photo) {
deletePhoto($photo->id);
}
// Delete Media
ORM::factory('media')->where('incident_id', $incident_id)->delete_all();
// Delete Sender
ORM::factory('incident_person')->where('incident_id', $incident_id)->delete_all();
// Delete relationship to SMS message
$updatemessage = ORM::factory('message')->where('incident_id', $incident_id)->find();
if ($updatemessage->loaded == true) {
$updatemessage->incident_id = 0;
$updatemessage->save();
}
// Delete Comments
ORM::factory('comment')->where('incident_id', $incident_id)->delete_all();
//Delete Group
ORM::factory("simplegroups_groups_incident")->where('incident_id', $incident_id)->delete_all();
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.deleted'));
}
$form_saved = TRUE;
} else {
$form_error = TRUE;
}
}
$db = new Database();
// Category ID
$category_ids = array();
if (isset($_GET['c']) and !empty($_GET['c'])) {
$category_ids = explode(",", $_GET['c']);
//get rid of that trailing ","
} else {
$category_ids = array("0");
}
// logical operator
$logical_operator = "or";
if (isset($_GET['lo']) and !empty($_GET['lo'])) {
$logical_operator = $_GET['lo'];
}
$show_unapproved = "3";
//1 show only approved, 2 show only unapproved, 3 show all
//figure out if we're showing unapproved stuff or what.
if (isset($_GET['u']) and !empty($_GET['u'])) {
$show_unapproved = (int) $_GET['u'];
}
$approved_text = "";
if ($show_unapproved == 1) {
$approved_text = "incident.incident_active = 1 ";
} else {
if ($show_unapproved == 2) {
$approved_text = "incident.incident_active = 0 ";
} else {
if ($show_unapproved == 3) {
$approved_text = " (incident.incident_active = 0 OR incident.incident_active = 1) ";
}
}
}
$location_where = "";
// Break apart location variables, if necessary
$southwest = array();
if (isset($_GET['sw'])) {
$southwest = explode(",", $_GET['sw']);
}
$northeast = array();
if (isset($_GET['ne'])) {
$northeast = explode(",", $_GET['ne']);
}
if (count($southwest) == 2 and count($northeast) == 2) {
$lon_min = (double) $southwest[0];
$lon_max = (double) $northeast[0];
$lat_min = (double) $southwest[1];
$lat_max = (double) $northeast[1];
$location_where = ' AND (location.latitude >=' . $lat_min . ' AND location.latitude <=' . $lat_max . ' AND location.longitude >=' . $lon_min . ' AND location.longitude <=' . $lon_max . ') ';
}
$group = 0;
//figure out if we're showing unapproved stuff or what.
if (isset($_GET['sg']) and !empty($_GET['sg'])) {
$group = (int) $_GET['sg'];
}
$group_where = " (1=1) ";
if ($group != 0) {
$group_where = " (simplegroups_groups_incident.simplegroups_groups_id = " . $group . ") ";
}
$reports_count = groups::get_reports_count($category_ids, $approved_text, $location_where . " AND " . $filter . " AND " . $group_where, $logical_operator);
// Pagination
$pagination = new Pagination(array('query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page'), 'total_items' => $reports_count));
$incidents = groups::get_reports($category_ids, $approved_text, $location_where . " AND " . $filter . " AND " . $group_where, $logical_operator, "incident.incident_date", "asc", (int) Kohana::config('settings.items_per_page_admin'), $pagination->sql_offset);
$location_ids = array();
foreach ($incidents as $incident) {
$location_ids[] = $incident->location_id;
}
//check if location_ids is not empty
if (count($location_ids) > 0) {
$locations_result = ORM::factory('location')->in('id', implode(',', $location_ids))->find_all();
$locations = array();
foreach ($locations_result as $loc) {
$locations[$loc->id] = $loc->location_name;
}
} else {
$locations = array();
}
$this->template->content->locations = $locations;
//GET countries
$countries = array();
foreach (ORM::factory('country')->orderby('country')->find_all() as $country) {
// Create a list of all categories
$this_country = $country->country;
if (strlen($this_country) > 35) {
$this_country = substr($this_country, 0, 35) . "...";
}
$countries[$country->id] = $this_country;
}
$this->template->content->countries = $countries;
$this->template->content->incidents = $incidents;
$this->template->content->pagination = $pagination;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->form_action = $form_action;
// Total Reports
$this->template->content->total_items = $pagination->total_items;
// Status Tab
$this->template->content->status = $status;
// Javascript Header
$this->template->js = new View('simplegroups/reports_js');
}
/**
* Lists the reports.
* @param int $page
*/
function index($page = 1)
{
$this->template->content = new View('members/reports');
$this->template->content->title = Kohana::lang('ui_admin.reports');
if (!empty($_GET['status'])) {
$status = $_GET['status'];
if (strtolower($status) == 'a') {
$filter = 'incident_active = 0';
} elseif (strtolower($status) == 'v') {
$filter = 'incident_verified = 0';
} else {
$status = "0";
$filter = '1=1';
}
} else {
$status = "0";
$filter = "1=1";
}
// Get Search Keywords (If Any)
if (isset($_GET['k'])) {
// Brute force input sanitization
// Phase 1 - Strip the search string of all non-word characters
$keyword_raw = preg_replace('/[^\\w+]\\w*/', '', $_GET['k']);
// Strip any HTML tags that may have been missed in Phase 1
$keyword_raw = strip_tags($keyword_raw);
// Phase 3 - Invoke Kohana's XSS cleaning mechanism just incase an outlier wasn't caught
// in the first 2 steps
$keyword_raw = $this->input->xss_clean($keyword_raw);
$filter .= " AND (" . $this->_get_searchstring($keyword_raw) . ")";
} else {
$keyword_raw = "";
}
// check, has the form been submitted?
$form_error = FALSE;
$form_saved = FALSE;
$form_action = "";
if ($_POST) {
// Setup validation
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('action', 'required', 'alpha', 'length[1,1]');
$post->add_rules('incident_id.*', 'required', 'numeric');
if ($post->validate()) {
if ($post->action == 'd') {
foreach ($post->incident_id as $item) {
$update = ORM::factory('incident')->where('user_id', $this->user->id)->find($item);
if ($update->loaded == true) {
$incident_id = $update->id;
$location_id = $update->location_id;
$update->delete();
// Delete Location
ORM::factory('location')->where('id', $location_id)->delete_all();
// Delete Categories
ORM::factory('incident_category')->where('incident_id', $incident_id)->delete_all();
// Delete Translations
ORM::factory('incident_lang')->where('incident_id', $incident_id)->delete_all();
// Delete Photos From Directory
foreach (ORM::factory('media')->where('incident_id', $incident_id)->where('media_type', 1) as $photo) {
deletePhoto($photo->id);
}
// Delete Media
ORM::factory('media')->where('incident_id', $incident_id)->delete_all();
// Delete Sender
ORM::factory('incident_person')->where('incident_id', $incident_id)->delete_all();
// Delete relationship to SMS message
$updatemessage = ORM::factory('message')->where('incident_id', $incident_id)->find();
if ($updatemessage->loaded) {
$updatemessage->incident_id = 0;
$updatemessage->save();
}
// Delete Comments
ORM::factory('comment')->where('incident_id', $incident_id)->delete_all();
// Action::report_delete - Deleted a Report
Event::run('ushahidi_action.report_delete', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.deleted'));
}
$form_saved = TRUE;
} else {
$form_error = TRUE;
}
}
// Pagination
$pagination = new Pagination(array('query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page_admin'), 'total_items' => ORM::factory('incident')->join('location', 'incident.location_id', 'location.id', 'INNER')->where($filter)->where('user_id', $this->user->id)->count_all()));
$incidents = ORM::factory('incident')->join('location', 'incident.location_id', 'location.id', 'INNER')->where($filter)->where('user_id', $this->user->id)->orderby('incident_dateadd', 'desc')->find_all((int) Kohana::config('settings.items_per_page_admin'), $pagination->sql_offset);
$location_ids = array();
$country_ids = array();
foreach ($incidents as $incident) {
$location_ids[] = $incident->location_id;
}
//check if location_ids is not empty
if (count($location_ids) > 0) {
$locations_result = ORM::factory('location')->in('id', implode(',', $location_ids))->find_all();
$locations = array();
foreach ($locations_result as $loc) {
$locations[$loc->id] = $loc->location_name;
$country_ids[$loc->id]['country_id'] = $loc->country_id;
}
} else {
$locations = array();
}
$this->template->content->locations = $locations;
$this->template->content->country_ids = $country_ids;
//GET countries
$countries = array();
foreach (ORM::factory('country')->orderby('country')->find_all() as $country) {
// Create a list of all categories
$this_country = $country->country;
if (strlen($this_country) > 35) {
$this_country = substr($this_country, 0, 35) . "...";
}
$countries[$country->id] = $this_country;
}
$this->template->content->countries = $countries;
$this->template->content->incidents = $incidents;
$this->template->content->pagination = $pagination;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->form_action = $form_action;
// Total Reports
$this->template->content->total_items = $pagination->total_items;
// Status Tab
$this->template->content->status = $status;
// Javascript Header
$this->template->js = new View('admin/reports_js');
}
$smarty->assign('photoInfoArr', $photoInfoArr);
}
$smarty->assign('userId', $userId);
$smarty->assign('userName', $userName);
$smarty->assign('albumId', $albumId);
$smarty->assign('albumCover', $albumCover);
$smarty->assign('cssFileName', 'photoList');
$smarty->display('photoList.tpl');
}
if (!empty($_POST['albumId']) && !empty($_POST['act']) && $_POST['act'] == 'delAlbum') {
$albumId = $_POST['albumId'];
$result = selectSql('photos', 'photo_id', 'album_id=' . $albumId);
if ($result['state'] == 1) {
//删除文件夹里的图片
while ($rows = mysql_fetch_array($result['msg'])) {
deletePhoto($rows['photo_id']);
}
}
//删除照片数据表中数据
$result = deleteSql('photos', 'album_id=' . $albumId);
if ($result['state'] == 0) {
echo json_encode(array('state' => 0, 'msg' => '删除失败'));
return false;
}
//删除相册数据表中数据
$result = deleteSql('albums', 'album_id=' . $albumId);
if ($result['state'] == 0) {
echo json_encode(array('state' => 0, 'msg' => '删除失败'));
return false;
}
echo json_encode(array('state' => 1, 'msg' => '删除成功'));
/**
* Lists the reports.
* @param int $page
*/
function index($page = 1)
{
// If user doesn't have access, redirect to dashboard
if (!admin::permissions($this->user, "reports_view")) {
url::redirect(url::site() . 'admin/dashboard');
}
$this->template->content = new View('admin/reports');
$this->template->content->title = Kohana::lang('ui_admin.reports');
if (!empty($_GET['status'])) {
$status = $_GET['status'];
if (strtolower($status) == 'a') {
$filter = 'incident_active = 0';
} elseif (strtolower($status) == 'v') {
$filter = 'incident_verified = 0';
} else {
$status = "0";
$filter = '1=1';
}
} else {
$status = "0";
$filter = "1=1";
}
// Get Search Keywords (If Any)
if (isset($_GET['k'])) {
// Brute force input sanitization
// Phase 1 - Strip the search string of all non-word characters
$keyword_raw = preg_replace('/[^\\w+]\\w*/', '', $_GET['k']);
// Strip any HTML tags that may have been missed in Phase 1
$keyword_raw = strip_tags($keyword_raw);
// Phase 3 - Invoke Kohana's XSS cleaning mechanism just incase an outlier wasn't caught
// in the first 2 steps
$keyword_raw = $this->input->xss_clean($keyword_raw);
$filter .= " AND (" . $this->_get_searchstring($keyword_raw) . ")";
} else {
$keyword_raw = "";
}
// check, has the form been submitted?
$form_error = FALSE;
$form_saved = FALSE;
$form_action = "";
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
// Add some rules, the input field, followed by a list of checks, carried out in order
$post->add_rules('action', 'required', 'alpha', 'length[1,1]');
$post->add_rules('incident_id.*', 'required', 'numeric');
if ($post->validate()) {
if ($post->action == 'a') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
if ($update->incident_active == 0) {
$update->incident_active = '1';
} else {
$update->incident_active = '0';
}
// Tag this as a report that needs to be sent out as an alert
if ($update->incident_alert_status != '2') {
// 2 = report that has had an alert sent
$update->incident_alert_status = '1';
}
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '1';
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
// Action::report_approve - Approve a Report
Event::run('ushahidi_action.report_approve', $update);
// XXX notify user that incident has been approved
if (!empty($update->incident_person->person_email)) {
$to = $update->incident_person->person_email;
$from = Kohana::lang('ui_admin.incident_approved_from');
$subject = Kohana::lang('ui_admin.incident_approved_subject');
$message = "Yay! Your entry has been approved.\n\n";
$message .= "See it now: " . url::site('reports/view/' . $update->id) . "\n";
email::send($to, $from, $subject, $message);
}
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.approved'));
} elseif ($post->action == 'u') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$update->incident_active = '0';
// If Alert hasn't been sent yet, disable it
if ($update->incident_alert_status == '1') {
$update->incident_alert_status = '0';
}
$update->save();
$verify = new Verify_Model();
$verify->incident_id = $item;
$verify->verified_status = '0';
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
// Action::report_unapprove - Unapprove a Report
Event::run('ushahidi_action.report_unapprove', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.unapproved'));
} elseif ($post->action == 'v') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
$verify = new Verify_Model();
if ($update->loaded == true) {
if ($update->incident_verified == '1') {
$update->incident_verified = '0';
$verify->verified_status = '0';
} else {
$update->incident_verified = '1';
$verify->verified_status = '2';
}
$update->save();
$verify->incident_id = $item;
$verify->user_id = $_SESSION['auth_user']->id;
// Record 'Verified By' Action
$verify->verified_date = date("Y-m-d H:i:s", time());
$verify->save();
}
}
$form_action = "VERIFIED";
} elseif ($post->action == 'd') {
foreach ($post->incident_id as $item) {
$update = new Incident_Model($item);
if ($update->loaded == true) {
$incident_id = $update->id;
$location_id = $update->location_id;
$update->delete();
// Delete Location
ORM::factory('location')->where('id', $location_id)->delete_all();
// Delete Categories
ORM::factory('incident_category')->where('incident_id', $incident_id)->delete_all();
// Delete Translations
ORM::factory('incident_lang')->where('incident_id', $incident_id)->delete_all();
// Delete Photos From Directory
foreach (ORM::factory('media')->where('incident_id', $incident_id)->where('media_type', 1) as $photo) {
deletePhoto($photo->id);
}
// Delete Media
ORM::factory('media')->where('incident_id', $incident_id)->delete_all();
// Delete Sender
ORM::factory('incident_person')->where('incident_id', $incident_id)->delete_all();
// Delete relationship to SMS message
$updatemessage = ORM::factory('message')->where('incident_id', $incident_id)->find();
if ($updatemessage->loaded == true) {
$updatemessage->incident_id = 0;
$updatemessage->save();
}
// Delete Comments
ORM::factory('comment')->where('incident_id', $incident_id)->delete_all();
// Action::report_delete - Deleted a Report
Event::run('ushahidi_action.report_delete', $update);
}
}
$form_action = strtoupper(Kohana::lang('ui_admin.deleted'));
}
$form_saved = TRUE;
} else {
$form_error = TRUE;
}
}
// Pagination
$pagination = new Pagination(array('query_string' => 'page', 'items_per_page' => (int) Kohana::config('settings.items_per_page_admin'), 'total_items' => ORM::factory('incident')->join('location', 'incident.location_id', 'location.id', 'INNER')->where($filter)->count_all()));
$incidents = ORM::factory('incident')->join('location', 'incident.location_id', 'location.id', 'INNER')->where($filter)->orderby('incident_dateadd', 'desc')->find_all((int) Kohana::config('settings.items_per_page_admin'), $pagination->sql_offset);
$location_ids = array();
foreach ($incidents as $incident) {
$location_ids[] = $incident->location_id;
}
//check if location_ids is not empty
if (count($location_ids) > 0) {
$locations_result = ORM::factory('location')->in('id', implode(',', $location_ids))->find_all();
$locations = array();
foreach ($locations_result as $loc) {
$locations[$loc->id] = $loc->location_name;
}
} else {
$locations = array();
}
$this->template->content->locations = $locations;
//GET countries
$countries = array();
foreach (ORM::factory('country')->orderby('country')->find_all() as $country) {
// Create a list of all categories
$this_country = $country->country;
if (strlen($this_country) > 35) {
$this_country = substr($this_country, 0, 35) . "...";
}
$countries[$country->id] = $this_country;
}
$this->template->content->countries = $countries;
$this->template->content->incidents = $incidents;
$this->template->content->pagination = $pagination;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->form_action = $form_action;
// Total Reports
$this->template->content->total_items = $pagination->total_items;
// Status Tab
$this->template->content->status = $status;
// Javascript Header
$this->template->js = new View('admin/reports_js');
}
$nick = $_SESSION['nick'];
$email = $_SESSION['email'];
$albumName = $_GET['albumName'];
$path = $_GET['path'];
$role = getRole($nick);
if (strcmp($role, "admin") == 0) {
$targetNick = $_GET['nick'];
} else {
$targetNick = $nick;
}
if (strcmp($role, "partner") == 0) {
if (isAlbum($nick, $albumName)) {
if (deletePhoto($albumName, $path, $email, $ip)) {
echo "Se ha borrado la foto correctamente.";
}
} else {
echo "No se ha podido borrar foto, no existe.";
}
} else {
if (deletePhoto($albumName, $path, $email, $ip)) {
echo "Se ha borrado la foto correctamente.";
} else {
echo "No se ha podido borrar foto, no existe.";
}
}
//En eliminar album deberia contemplarse la opcion de eliminar todas las fotos.
//Si el mismo usuario borra y crea el mismo album recupera todas las fotos.
//Hay que eliminar path y album, el nick va implícito en el path
?>
<?php
if (isset($_POST["envoyer"]) and isset($_POST['etape2Valide']) and isset($_POST['nomAlbum']) and isset($_POST['idAlbum'])) {
deletePhoto($_POST['nomPhoto'], $_POST['idAlbum']);
unlink("vues/images/album/" . $_POST['nomAlbum'] . "/" . $_POST['nomPhoto']);
unlink("vues/images/album/" . $_POST['nomAlbum'] . "/min/" . $_POST['nomPhoto']);
//---------
//echo "vues/images/album/".$_POST['nomAlbum']."/".$_POST['nomPhoto'];
//---------
if (photoExistInTableVote("../vues/images/album/" . $_POST['nomAlbum'] . "/" . $_POST['nomPhoto']) == true) {
deletePhotoInTableVote("../vues/images/album/" . $_POST['nomAlbum'] . "/" . $_POST['nomPhoto']);
}
?>
<section class="slice bg-3">
<div class="w-section inverse">
<div class="container">
<div class="row">
<div class="col-md-7">
<p>Information :</p>
<ul class="list-check">
<li><i class="fa fa-check"></i> La photo <?php
echo $_POST['nomPhoto'];
?>
a bien été supprimée !</li>
</ul>
</div>
</div>
</div>
</div>
</section>
<?
// Manages PhotoGallery Operations
//include("validaterequest.php");
require("../db.php");
extract($_POST);
if ($_GET['method'] == "ADD") {
addNewPhoto();
} else if ($_GET['method'] == "UPDATE") {
editExistingPhoto();
} else if ($_GET['method'] == "DELETE") {
deletePhoto();
}
function addNewPhoto() {
$id = generateUniqueId("jos_photo");
$fileName = rand(1000, 100000000) . $_FILES['photo']['name'];
$path = "./images/" . $fileName;
$title = $_POST['title'];
$descr = $_POST['desc'];
$landing_url = $_POST['landing_url'];
$query = "INSERT INTO review_pic (review_id, review_header, review_content, landing_url, pic_url, is_deleted) VALUES ($id, '$title', '$descr', '$landing_url', '$path', 0)";
$path = dirname(__FILE__) . "\\images\\" . $fileName;
move_uploaded_file($_FILES['photo']['tmp_name'], $path);
mysql_query($query) or die("Couldn't execute query");
header("Location: ../index.php?msg=Added Successfully");
}
function editExistingPhoto() {
//读取照片评论
$commentInfoArr = getComments($photoId, $defaultAvatar, $avatarPath);
}
$smarty->assign('photoId', $photoId);
$smarty->assign('userId', $userId);
$smarty->assign('userName', $userName);
$smarty->assign('photoInfoArr', $photoInfoArr);
$smarty->assign('commentInfoArr', $commentInfoArr);
$smarty->assign('allPhotoInfoArr', $allPhotoInfoArr);
$smarty->assign('cssFileName', 'photoBrowser');
$smarty->display('photoBrowser.tpl');
}
if (!empty($_POST['photoId']) && !empty($_POST['act']) && $_POST['act'] == 'delPh') {
$photoId = $_POST['photoId'];
//删除文件夹里的图片
deletePhoto($photoId);
$result = deleteSql('photos', 'photo_id=' . $photoId);
if ($result['state'] == 1) {
echo json_encode(array('state' => 1, 'msg' => '删除成功.'));
} else {
echo json_encode(array('state' => 0, 'msg' => '删除失败.'));
}
return false;
}
if (isset($_POST['editName']) && !empty($_POST['photoId']) && !empty($_POST['act']) && $_POST['act'] == 'editPh') {
$photoId = $_POST['photoId'];
$editName = $_POST['editName'];
$photoDesc = $_POST['photoDesc'];
$result = updateSql('photos', "edit_name='{$editName}',photo_desc='{$photoDesc}'", 'photo_id=' . $photoId);
if ($result['state'] == 1) {
echo json_encode(array('state' => 1, 'msg' => '编辑成功.'));
