SET representative_picture_id = ' . $page['image_id'] . ' WHERE id = ' . $page['category']['id'] . ' ;'; pwg_query($query); include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; invalidate_user_cache(); } redirect($url_self); break; case 'add_to_caddie': fill_caddie(array($page['image_id'])); redirect($url_self); break; case 'rate': include_once PHPWG_ROOT_PATH . 'include/functions_rate.inc.php'; rate_picture($page['image_id'], $_POST['rate']); redirect($url_self); case 'edit_comment': include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id($_GET['comment_to_edit']); if (can_manage_comment('edit', $author_id)) { if (!empty($_POST['content'])) { check_pwg_token(); $comment_action = update_user_comment(array('comment_id' => $_GET['comment_to_edit'], 'image_id' => $page['image_id'], 'content' => $_POST['content'], 'website_url' => @$_POST['website_url']), $_POST['key']); $perform_redirect = false; switch ($comment_action) { case 'moderate': $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.'); case 'validate': $_SESSION['page_infos'][] = l10n('Your comment has been registered');
/** * API method * Rates an image * @param mixed[] $params * @option int image_id * @option float rate */ function ws_images_rate($params, $service) { $query = ' SELECT DISTINCT id FROM ' . IMAGES_TABLE . ' INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' ON id=image_id WHERE id=' . $params['image_id'] . get_sql_condition_FandF(array('forbidden_categories' => 'category_id', 'forbidden_images' => 'id'), ' AND') . ' LIMIT 1 ;'; if (pwg_db_num_rows(pwg_query($query)) == 0) { return new PwgError(404, 'Invalid image_id or access denied'); } include_once PHPWG_ROOT_PATH . 'include/functions_rate.inc.php'; $res = rate_picture($params['image_id'], (int) $params['rate']); if ($res == false) { global $conf; return new PwgError(403, 'Forbidden or rate not in ' . implode(',', $conf['rate_items'])); } return $res; }