function process_post_data()
{
    global $CONFIG, $USER_DATA, $lang_errors, $lang_editpics_php, $superCage;
    //Check if the form token is valid
    if (!checkFormToken()) {
        cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
    }
    $user_album_set = array();
    $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'");
    while ($row = mysql_fetch_assoc($result)) {
        $user_album_set[$row['aid']] = 1;
    }
    mysql_free_result($result);
    $pid = $superCage->post->getInt('id');
    $aid = $superCage->post->getInt('aid');
    $pwidth = $superCage->post->getInt('pwidth');
    $pheight = $superCage->post->getInt('pheight');
    $title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title'));
    $caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption'));
    $keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords')));
    $user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1'));
    $user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2'));
    $user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3'));
    $user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4'));
    $galleryicon = $superCage->post->getInt('galleryicon');
    $isgalleryicon = $galleryicon == $pid;
    $read_exif = $superCage->post->keyExists('read_exif') ? $superCage->post->getInt('read_exif') : 0;
    $reset_vcount = $superCage->post->keyExists('reset_vcount') ? $superCage->post->getInt('reset_vcount') : 0;
    $reset_votes = $superCage->post->keyExists('reset_votes') ? $superCage->post->getInt('reset_votes') : 0;
    $del_comments = $superCage->post->keyExists('del_comments') ? $superCage->post->getInt('del_comments') : 0;
    $result = cpg_db_query("SELECT category, owner_id, url_prefix, filepath, filename, pwidth, pheight, p.aid AS aid FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = '{$pid}'");
    if (!mysql_num_rows($result)) {
        cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
    }
    $pic = mysql_fetch_assoc($result);
    mysql_free_result($result);
    if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
        if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
        }
        if (!isset($user_album_set[$aid])) {
            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
        }
    }
    if (!USER_ID || !(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)) {
        cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
    }
    $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '{$aid}'");
    if (!mysql_num_rows($result)) {
        cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
    }
    $new_alb = mysql_fetch_assoc($result);
    mysql_free_result($result);
    cpg_trim_keywords($keywords);
    $update = "aid = '{$aid}'";
    if (is_movie($pic['filename'])) {
        $update .= ", pwidth = " . $pwidth;
        $update .= ", pheight = " . $pheight;
    }
    $update .= ", title = '{$title}'";
    $update .= ", caption = '{$caption}'";
    $update .= ", keywords = '{$keywords}'";
    if (GALLERY_ADMIN_MODE) {
        $approved = $superCage->post->getAlpha('approved');
        $update .= ", approved = '{$approved}'";
    } elseif ($new_alb['category'] < FIRST_USER_CAT && $aid != $pic['aid']) {
        $approved = $USER_DATA['pub_upl_need_approval'] ? 'NO' : 'YES';
        $update .= ", approved = '{$approved}'";
    } elseif ($new_alb['category'] > FIRST_USER_CAT && $aid != $pic['aid'] && $pic['category'] < FIRST_USER_CAT) {
        $approved = $USER_DATA['priv_upl_need_approval'] ? 'NO' : 'YES';
        $update .= ", approved = '{$approved}'";
    }
    $update .= ", user1 = '{$user1}'";
    $update .= ", user2 = '{$user2}'";
    $update .= ", user3 = '{$user3}'";
    $update .= ", user4 = '{$user4}'";
    if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
        $sql = "UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}";
        cpg_db_query($sql);
        $update .= ", galleryicon = " . $galleryicon;
    }
    if ($reset_vcount) {
        $update .= ", hits = 0";
        resetDetailHits($pid);
    }
    if ($reset_votes) {
        $update .= ", pic_rating = 0, votes = 0";
        resetDetailVotes($pid);
    }
    if ($read_exif) {
        // If "read exif info again" is checked then just delete the entry from the exif table.
        // The new exif information will automatically be read when someone views the image.
        $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = '{$pid}'";
        cpg_db_query($query);
    }
    if ($del_comments) {
        $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '{$pid}'";
        cpg_db_query($query);
    }
    $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
    cpg_db_query($query);
    // Executes after a file update is committed
    CPGPluginAPI::action('after_edit_file', $pid);
    // rename a file
    if ($superCage->post->keyExists('filename')) {
        $post_filename = $superCage->post->getEscaped('filename');
    }
    if ($post_filename != $pic['filename']) {
        if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($pic['pwidth'], $pic['pheight'])) {
            $prefixes = array('fullsize', 'normal', 'thumb');
        } else {
            $prefixes = array('fullsize', 'thumb');
        }
        if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
            $prefixes[] = 'orig';
        }
        if (!is_image($pic['filename'])) {
            $prefixes = array('fullsize');
            // Check for custom thumbnails
            $mime_content_old = cpg_get_type($pic['filename']);
            $mime_content_new = cpg_get_type(replace_forbidden($post_filename));
            $file_base_name_old = str_replace('.' . $mime_content_old['extension'], '', basename($pic['filename']));
            foreach (array('.gif', '.png', '.jpg') as $thumb_extension) {
                if (file_exists($CONFIG['fullpath'] . $pic['filepath'] . $CONFIG['thumb_pfx'] . $file_base_name_old . $thumb_extension)) {
                    // Thumbnail found, check if it's the only file using that thumbnail
                    $count = mysql_result(cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name_old}.%'"), 0);
                    if ($count == 1) {
                        $prefixes[] = 'thumb';
                        $custom_thumb = TRUE;
                        break;
                    }
                }
            }
        }
        $pic_prefix = array('thumb' => $CONFIG['thumb_pfx'], 'normal' => $CONFIG['normal_pfx'], 'orig' => $CONFIG['orig_pfx'], 'fullsize' => '');
        $files_to_rename = array();
        foreach ($prefixes as $prefix) {
            $oldname = urldecode($CONFIG['fullpath'] . $pic['filepath'] . $pic_prefix[$prefix] . $pic['filename']);
            $filename = replace_forbidden($post_filename);
            $newname = str_replace($pic['filename'], $filename, $oldname);
            if ($custom_thumb == TRUE && $prefix == 'thumb') {
                $oldname = str_replace('.' . $mime_content_old['extension'], $thumb_extension, $oldname);
                $newname = str_replace('.' . $mime_content_new['extension'], $thumb_extension, $newname);
            }
            $old_mime = cpg_get_type($oldname);
            $new_mime = cpg_get_type($newname);
            if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
                cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
            }
            if (!is_known_filetype($newname)) {
                cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
            }
            if (file_exists($newname)) {
                cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
            }
            if (!file_exists($oldname)) {
                cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
            }
            // Check if there will be no conflicts before doing anything
            $files_to_rename[] = array('oldname' => $oldname, 'filename' => $filename, 'newname' => $newname);
        }
        if (count($files_to_rename) > 0) {
            foreach ($files_to_rename as $file) {
                if (rename($file['oldname'], $file['newname'])) {
                    cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$file['filename']}' WHERE pid = '{$pid}' LIMIT 1");
                } else {
                    cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
                }
            }
        }
    }
}
예제 #2
0
    $newsletter_categories_db[$loopCounter]['public_view'] = $row['public_view'];
    $newsletter_categories_db[$loopCounter]['frequency_year'] = $row['frequency_year'];
    $newsletter_categories_db[$loopCounter]['subscription_count'] = $row['subscription_count'];
    $loopCounter++;
}
mysql_free_result($result);
if ($superCage->post->keyExists('submit')) {
    // The form has been submit
    //Check if the form token is valid
    if (!checkFormToken()) {
        cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
    }
    // Build the arrays that hold the submit data using getRaw - we'll have to sanitize that later, but basically we rely on the fact that this page is admin-only
    $submit_cat_id = $superCage->post->getInt('cat_id');
    $submit_name = cpgSanitizeUserTextInput($superCage->post->getEscaped('name'));
    $submit_description = cpgSanitizeUserTextInput($superCage->post->getRaw('description'));
    $submit_open_for_subscription = $superCage->post->getInt('open_for_subscription');
    $submit_publicly_viewable = $superCage->post->getInt('publicly_viewable');
    $submit_frequency_year = $superCage->post->getInt('frequency_year');
    $submit_delete = $superCage->post->getInt('delete');
    $loopCounter = 0;
    foreach ($submit_cat_id as $cat_key => $cat_id) {
        // Convert the checkbox fields to YES/NO records
        if ($submit_open_for_subscription[$cat_key] == 1) {
            $submit_open_for_subscription[$cat_key] = 'YES';
        } else {
            $submit_open_for_subscription[$cat_key] = 'NO';
        }
        if ($submit_publicly_viewable[$cat_key] == 1) {
            $submit_publicly_viewable[$cat_key] = 'YES';
        } else {
예제 #3
0
function process_post_data()
{
    global $CONFIG, $mb_utf8_regex;
    global $lang_errors, $lang_editpics_php;
    $superCage = Inspekt::makeSuperCage();
    $pid = $superCage->post->getInt('id');
    $aid = $superCage->post->getInt('aid');
    $pwight = $superCage->post->getInt('pwidth');
    $pheight = $superCage->post->getInt('pheight');
    $title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title'));
    $caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption'));
    $keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords')));
    $user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1'));
    $user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2'));
    $user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3'));
    $user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4'));
    $galleryicon = $superCage->post->getInt('galleryicon');
    $isgalleryicon = $galleryicon === $pid;
    if ($superCage->post->keyExists('read_exif')) {
        $read_exif = $superCage->post->getInt('read_exif');
    }
    if ($superCage->post->keyExists('reset_vcount')) {
        $reset_vcount = $superCage->post->getInt('reset_vcount');
    }
    if ($superCage->post->keyExists('reset_votes')) {
        $reset_votes = $superCage->post->getInt('reset_votes');
    }
    if ($superCage->post->keyExists('del_comments')) {
        $del_comments = $superCage->post->getInt('del_comments') || $delete;
    }
    $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'");
    if (!mysql_num_rows($result)) {
        cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
    }
    $pic = mysql_fetch_array($result);
    mysql_free_result($result);
    if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) {
        cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
    }
    $update = "aid = '" . $aid . "'";
    if (is_movie($pic['filename'])) {
        $update .= ", pwidth = " . $pwidth;
        $update .= ", pheight = " . $pheight;
    }
    $update .= ", title = '" . $title . "'";
    $update .= ", caption = '" . $caption . "'";
    $update .= ", keywords = '" . $keywords . "'";
    if (GALLERY_ADMIN_MODE) {
        $approved = $superCage->post->getAlpha('approved');
        $update .= ", approved = '" . $approved . "'";
    }
    $update .= ", user1 = '" . $user1 . "'";
    $update .= ", user2 = '" . $user2 . "'";
    $update .= ", user3 = '" . $user3 . "'";
    $update .= ", user4 = '" . $user4 . "'";
    if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
        $sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';';
        cpg_db_query($sql);
        $update .= ", galleryicon = " . $galleryicon;
    }
    if ($reset_vcount) {
        $update .= ", hits = '0'";
        resetDetailHits($pid);
    }
    if ($reset_votes) {
        $update .= ", pic_rating = '0', votes = '0'";
        resetDetailVotes($pid);
    }
    if ($read_exif) {
        $filepath = urldecode(get_pic_url($pic, 'fullsize'));
        // If read exif info again is checked then we will just delete the entry from exif table. The new exif information will automatically be read when someone views the image.
        $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE filename = '{$filepath}'";
        cpg_db_query($query);
    }
    if ($del_comments) {
        $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
        $result = cpg_db_query($query);
    } else {
        $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
        $result = cpg_db_query($query);
    }
    // rename a file
    if ($superCage->post->keyExists('filename') && ($matches = $superCage->post->getMatched('filename', '/^[0-9A-Za-z\\/_.-]+$/'))) {
        $post_filename = $matches[0];
    }
    if ($post_filename != $pic['filename']) {
        if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) {
            $condition = true;
        } elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) {
            $condition = true;
        } elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) {
            $condition = true;
        } else {
            $condition = false;
        }
        if ($CONFIG['make_intermediate'] && $condition) {
            $prefices = array('fullsize', 'normal', 'thumb');
        } else {
            $prefices = array('fullsize', 'thumb');
        }
        if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
            $prefices[] = 'orig';
        }
        if (!is_image($pic['filename'])) {
            $prefices = array('fullsize');
        }
        foreach ($prefices as $prefix) {
            // OVI
            // $oldname = urldecode(get_pic_url($pic, $prefix));
            $oldname = urldecode(get_pic_url($pic, $prefix, false, true));
            // OVI
            $filename = replace_forbidden($post_filename);
            $newname = str_replace($pic['filename'], $filename, $oldname);
            $old_mime = cpg_get_type($oldname);
            $new_mime = cpg_get_type($newname);
            if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
                cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
            }
            if (!is_known_filetype($newname)) {
                cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
            }
            // OVI
            //if (file_exists($newname))
            //cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
            //if (!file_exists($oldname))
            //cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
            // OVI
            // OVI
            $imageContainer = new FileContainer($pic['pid'], $pic['owner_id']);
            $imageContainer->original_path = $oldname;
            //echo $imageContainer->original_path." ".$newname;exit(1);
            global $storage;
            if (!$storage->rename_file($imageContainer, $newname)) {
                cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
            }
            // OVI
            /*if (rename($oldname, $newname))
                       {
                           cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '$filename' WHERE pid = '$pid' LIMIT 1");
                       } else cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
            		*/
        }
        // foreach
        // OVI
        cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1");
        // OVI
    }
}