// Load wp-config so that we can use the fact that the user is logged in. require_once '../wp-config.php'; include_once '../hp-includes/people_lib.php'; include_once '../hp-includes/user_utils.php'; // current_user is a variable set by Wordpress. $uid = is_user_logged_in() ? $current_user->ID : 0; if ($uid == 0) { die("You're not logged in"); } if (getUserLevel($uid) == 0) { die("Not enough privileges"); } // Sanitize the inputs a little bit. $name = mysql_real_escape_string($_GET['name_all']); $displayName = mysql_real_escape_string($_GET['display_name']); $photoUrl = mysql_real_escape_string($_GET['photo_url']); $person = new Person(); $person->setName($name); $person->addExtraNames($displayName); $person->setDisplayName($displayName); $person->addToDatabaseIfNobody(); // Now also set the image URL. if ($photoUrl != '') { downloadPersonPhoto($person->id, $photoUrl); } // Also record this in the moderation queue so we can see who added what. $ip = $_SERVER['REMOTE_ADDR']; $userLogin = getUserLogin($uid); mysql_query("INSERT INTO moderation_queue(type, idperson, value, ip, time)\n VALUES('add_person', {$person->id}, 'by {$userLogin}', '{$ip}', " . time() . ")"); echo "Persoana X a fost adăugată. " . "Vizitează-le pagina <a href=/?cid=9&id={$person->id} " . "taget=_blank>aici</a>."; require_once '../_bottom.php';
?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php echo '<b>Photos</b><br>'; $_POST['id'] = (int) $_POST['id']; if ($_POST['action'] == 'addphoto') { // get the third slash from the url. $url = $_POST['photo'] ? $_POST['photo'] : $_POST['orig_url']; $person_id = (int) $_POST['pid']; downloadPersonPhoto($person_id, $url); echo "Saved as <a href=\"{$fname}\">{$fname}</a>. "; echo "Go to <a href=/?cid=9&id={$person_id}>his page</a>."; mysql_query("update moderation_queue set state=2 where id={$_POST['id']}"); } // See if there is already a photo to approve or delete if ($_GET['action'] == 'delete') { mysql_query("update moderation_queue set state=1 where id={$_GET['id']}"); } echo "<br>"; // get the photos. $s = mysql_query("SELECT m.id, value, type, display_name, m.idperson\n FROM moderation_queue AS m\n LEFT JOIN people AS p ON p.id = m.idperson\n WHERE state = 0\n ORDER BY time DESC"); while ($r = mysql_fetch_array($s)) { $url = $r['value']; $type = $r['type']; $name = $r['display_name'];