cpg_db_query($query); } else { cpg_die(CRITICAL_ERROR, sprintf($lang_delete_php['err_invalid_data'], $sort_list_matched[0]), __FILE__, __LINE__); } } $album_id = $superCage->post->getInt('album_id'); $result = cpg_db_query("SELECT aid, pid, filename, title, position FROM {$CONFIG['TABLE_PICTURES']} WHERE aid = '{$album_id}' ORDER BY position ASC, pid"); $rowset = cpg_db_fetch_rowset($result, true); if ($superCage->post->keyExists('picture_order')) { //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } //get the sorted order - cast to int below $get_rows = $superCage->post->getEscaped('picture_order'); $sort_rows = parse_pic_list($get_rows); $returnOutput .= '<tr><td colspan="6"><ul>'; $update_count = 0; foreach ($sort_rows as $key => $option_value) { $option_value = (int) $option_value; if ($option_value == $rowset[$key]['pid']) { continue; } //update the new position $returnOutput .= '<li>' . sprintf($lang_delete_php['moved_picture_to_position'], $option_value, $rowset[$key]['position']) . '</li>'; $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET position = '{$rowset[$key]['position']}' WHERE pid = '{$option_value}' {$restrict} LIMIT 1"; cpg_db_query($query); $update_count++; } if ($update_count == 0) { $returnOutput .= '<li>' . $lang_albmgr_php['no_change'] . '</li>';
} else { $restrict = ''; } pageheader($lang_delete_php['pic_mgr']); starttable("100%", $lang_delete_php['pic_mgr'], 6); $orig_sort_order = parse_pic_list($_POST['sort_order']); foreach ($orig_sort_order as $picture) { $op = parse_pic_orig_sort_order($picture); if (count($op) == 2) { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET position='{$op['pos']}' WHERE pid='{$op['aid']}' {$restrict} LIMIT 1"; cpg_db_query($query); } else { cpg_die(sprintf(CRITICAL_ERROR, $lang_delete_php['err_invalid_data'], $_POST['sort_order']), __FILE__, __LINE__); } } $to_delete = parse_pic_list($_POST['delete_picture']); foreach ($to_delete as $picture_id) { delete_picture((int) $picture_id); } if (isset($_POST['to'])) { foreach ($_POST['to'] as $option_value) { $op = parse_pic_select_option(stripslashes($option_value)); switch ($op['action']) { case '0': break; case '1': if (GALLERY_ADMIN_MODE) { $category = (int) $_POST['cat']; } else { $category = FIRST_USER_CAT + USER_ID; }
$restrict = "AND (category = '" . (FIRST_USER_CAT + USER_ID) . "'"; } else { $restrict = "AND (0"; } foreach ($rowset as $key => $value) { $restrict .= " OR category = '" . $value['cid'] . "'"; } $restrict .= ")"; } else { $restrict = ''; } $returnOutput = ''; // the var that will later be shown as a result of the action performed $returnOutput .= '<table border="0" cellspacing="0" cellpadding="0" width="100%">'; $sort_list_matched = $superCage->post->getMatched('sort_order', '/^[0-9@,]+$/'); $orig_sort_order = parse_pic_list($sort_list_matched[0]); foreach ($orig_sort_order as $album) { $alb = parse_pic_orig_sort_order($album); $sort_array[$i] = $alb['aid']; if (count($alb) == 2) { $query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET pos = '{$alb['pos']}' WHERE aid = '{$alb['pid']}' {$restrict} LIMIT 1"; cpg_db_query($query); } else { cpg_die(CRITICAL_ERROR, sprintf($lang_delete_php['err_invalid_data'], $sort_list_matched[0]), __FILE__, __LINE__); } } //prevent sorting of the albums if not admin or in own album $sorted_list = $superCage->post->getMatched('sort_order', '/^[0-9@,]+$/'); //getting the category to redirect to album manager //$category = $superCage->get->getInt('cat'); if ($superCage->get->keyExists('cat')) {