function get_auth_subcat_ids($cid = 0, $cat_id = 0, $cat_parent_cache) { global $cat_subcat_ids; if (!isset($cat_parent_cache[$cid])) { return false; } foreach ($cat_parent_cache[$cid] as $key => $val) { $cat_subcat_ids[$cat_id][] = $val; get_subcat_ids($val, $cat_id, $cat_parent_cache); } return $cat_subcat_ids; }
function get_categories_ref_date($ids, $field = 'date_available', $minmax = 'max') { // we need to work on the whole tree under each category, even if we don't // want to sort sub categories $category_ids = get_subcat_ids($ids); // search for the reference date of each album $query = ' SELECT category_id, ' . $minmax . '(' . $field . ') as ref_date FROM ' . IMAGE_CATEGORY_TABLE . ' JOIN ' . IMAGES_TABLE . ' ON image_id = id WHERE category_id IN (' . implode(',', $category_ids) . ') GROUP BY category_id ;'; $ref_dates = query2array($query, 'category_id', 'ref_date'); // the iterate on all albums (having a ref_date or not) to find the // reference_date, with a search on sub-albums $query = ' SELECT id, uppercats FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $category_ids) . ') ;'; $uppercats_of = query2array($query, 'id', 'uppercats'); foreach (array_keys($uppercats_of) as $cat_id) { // find the subcats $subcat_ids = array(); foreach ($uppercats_of as $id => $uppercats) { if (preg_match('/(^|,)' . $cat_id . '(,|$)/', $uppercats)) { $subcat_ids[] = $id; } } $to_compare = array(); foreach ($subcat_ids as $id) { if (isset($ref_dates[$id])) { $to_compare[] = $ref_dates[$id]; } } if (count($to_compare) > 0) { $ref_dates[$cat_id] = 'max' == $minmax ? max($to_compare) : min($to_compare); } else { $ref_dates[$cat_id] = null; } } // only return the list of $ids, not the sub-categories $return = array(); foreach ($ids as $id) { $return[$id] = $ref_dates[$id]; } return $return; }
/** * API method * Moves a category * @param mixed[] $params * @option string|int[] category_id * @option int parent * @option string pwg_token */ function ws_categories_move($params, &$service) { global $page; if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } if (!is_array($params['category_id'])) { $params['category_id'] = preg_split('/[\\s,;\\|]/', $params['category_id'], -1, PREG_SPLIT_NO_EMPTY); } $params['category_id'] = array_map('intval', $params['category_id']); $category_ids = array(); foreach ($params['category_id'] as $category_id) { if ($category_id > 0) { $category_ids[] = $category_id; } } if (count($category_ids) == 0) { return new PwgError(403, 'Invalid category_id input parameter, no category to move'); } // we can't move physical categories $categories_in_db = array(); $query = ' SELECT id, name, dir FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $category_ids) . ') ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $categories_in_db[$row['id']] = $row; // we break on error at first physical category detected if (!empty($row['dir'])) { $row['name'] = strip_tags(trigger_change('render_category_name', $row['name'], 'ws_categories_move')); return new PwgError(403, sprintf('Category %s (%u) is not a virtual category, you cannot move it', $row['name'], $row['id'])); } } if (count($categories_in_db) != count($category_ids)) { $unknown_category_ids = array_diff($category_ids, array_keys($categories_in_db)); return new PwgError(403, sprintf('Category %u does not exist', $unknown_category_ids[0])); } // does this parent exists? This check should be made in the // move_categories function, not here // 0 as parent means "move categories at gallery root" if (0 != $params['parent']) { $subcat_ids = get_subcat_ids(array($params['parent'])); if (count($subcat_ids) == 0) { return new PwgError(403, 'Unknown parent category id'); } } $page['infos'] = array(); $page['errors'] = array(); include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; move_categories($category_ids, $params['parent']); invalidate_user_cache(); if (count($page['errors']) != 0) { return new PwgError(403, implode('; ', $page['errors'])); } }
} $sql_where_query = ""; if (!empty($search_id['image_ids'])) { $sql_where_query .= "AND image_id IN (" . $search_id['image_ids'] . ") "; } if (!empty($search_id['user_ids'])) { $sql_where_query .= "AND user_id IN (" . $search_id['user_ids'] . ") "; } if (!empty($search_id['search_new_images']) && $search_id['search_new_images'] == 1) { $new_cutoff = time() - 60 * 60 * 24 * $config['new_cutoff']; $sql_where_query .= "AND image_date >= {$new_cutoff} "; } if (!empty($search_id['search_cat']) && $search_id['search_cat'] != 0) { $cat_id_sql = 0; if (check_permission("auth_viewcat", $search_id['search_cat'])) { $sub_cat_ids = get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache); $cat_id_sql .= ", " . $search_id['search_cat']; if (!empty($sub_cat_ids[$search_id['search_cat']])) { foreach ($sub_cat_ids[$search_id['search_cat']] as $val) { if (check_permission("auth_viewcat", $val)) { $cat_id_sql .= ", " . $val; } } } } $cat_id_sql = $cat_id_sql !== 0 ? "AND cat_id IN ({$cat_id_sql})" : ""; } else { $cat_id_sql = get_auth_cat_sql("auth_viewcat", "NOTIN"); $cat_id_sql = $cat_id_sql !== 0 ? "AND cat_id NOT IN (" . $cat_id_sql . ")" : ""; } if (!empty($sql_where_query)) {
/** * Returns the SQL clause for a search. * Transforms the array returned by get_search_array() into SQL sub-query. * * @param array $search * @return string */ function get_sql_search_clause($search) { // SQL where clauses are stored in $clauses array during query // construction $clauses = array(); foreach (array('file', 'name', 'comment', 'author') as $textfield) { if (isset($search['fields'][$textfield])) { $local_clauses = array(); foreach ($search['fields'][$textfield]['words'] as $word) { if ('author' == $textfield) { $local_clauses[] = $textfield . "='" . $word . "'"; } else { $local_clauses[] = $textfield . " LIKE '%" . $word . "%'"; } } // adds brackets around where clauses $local_clauses = prepend_append_array_items($local_clauses, '(', ')'); $clauses[] = implode(' ' . $search['fields'][$textfield]['mode'] . ' ', $local_clauses); } } if (isset($search['fields']['allwords'])) { $fields = array('file', 'name', 'comment'); if (isset($search['fields']['allwords']['fields']) and count($search['fields']['allwords']['fields']) > 0) { $fields = array_intersect($fields, $search['fields']['allwords']['fields']); } // in the OR mode, request bust be : // ((field1 LIKE '%word1%' OR field2 LIKE '%word1%') // OR (field1 LIKE '%word2%' OR field2 LIKE '%word2%')) // // in the AND mode : // ((field1 LIKE '%word1%' OR field2 LIKE '%word1%') // AND (field1 LIKE '%word2%' OR field2 LIKE '%word2%')) $word_clauses = array(); foreach ($search['fields']['allwords']['words'] as $word) { $field_clauses = array(); foreach ($fields as $field) { $field_clauses[] = $field . " LIKE '%" . $word . "%'"; } // adds brackets around where clauses $word_clauses[] = implode("\n OR ", $field_clauses); } array_walk($word_clauses, create_function('&$s', '$s="(".$s.")";')); // make sure the "mode" is either OR or AND if ($search['fields']['allwords']['mode'] != 'AND' and $search['fields']['allwords']['mode'] != 'OR') { $search['fields']['allwords']['mode'] = 'AND'; } $clauses[] = "\n " . implode("\n " . $search['fields']['allwords']['mode'] . "\n ", $word_clauses); } foreach (array('date_available', 'date_creation') as $datefield) { if (isset($search['fields'][$datefield])) { $clauses[] = $datefield . " = '" . $search['fields'][$datefield]['date'] . "'"; } foreach (array('after', 'before') as $suffix) { $key = $datefield . '-' . $suffix; if (isset($search['fields'][$key])) { $clauses[] = $datefield . ($suffix == 'after' ? ' >' : ' <') . ($search['fields'][$key]['inc'] ? '=' : '') . " '" . $search['fields'][$key]['date'] . "'"; } } } if (isset($search['fields']['cat'])) { if ($search['fields']['cat']['sub_inc']) { // searching all the categories id of sub-categories $cat_ids = get_subcat_ids($search['fields']['cat']['words']); } else { $cat_ids = $search['fields']['cat']['words']; } $local_clause = 'category_id IN (' . implode(',', $cat_ids) . ')'; $clauses[] = $local_clause; } // adds brackets around where clauses $clauses = prepend_append_array_items($clauses, '(', ')'); $where_separator = implode("\n " . $search['mode'] . ' ', $clauses); $search_clause = $where_separator; return $search_clause; }
/** * API method * Removes permissions * @param mixed[] $params * @option int[] cat_id * @option int[] group_id (optional) * @option int[] user_id (optional) */ function ws_permissions_remove($params, &$service) { if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $cat_ids = get_subcat_ids($params['cat_id']); if (!empty($params['group_id'])) { $query = ' DELETE FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id IN (' . implode(',', $params['group_id']) . ') AND cat_id IN (' . implode(',', $cat_ids) . ') ;'; pwg_query($query); } if (!empty($params['user_id'])) { $query = ' DELETE FROM ' . USER_ACCESS_TABLE . ' WHERE user_id IN (' . implode(',', $params['user_id']) . ') AND cat_id IN (' . implode(',', $cat_ids) . ') ;'; pwg_query($query); } return $service->invoke('pwg.permissions.getList', array('cat_id' => $params['cat_id'])); }
// +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); trigger_notify('loc_begin_cat_modify'); //---------------------------------------------------------------- verification if (!isset($_GET['cat_id']) || !is_numeric($_GET['cat_id'])) { trigger_error('missing cat_id param', E_USER_ERROR); } //--------------------------------------------------------- form criteria check if (isset($_POST['submit'])) { $data = array('id' => $_GET['cat_id'], 'name' => @$_POST['name'], 'comment' => $conf['allow_html_descriptions'] ? @$_POST['comment'] : strip_tags(@$_POST['comment'])); if ($conf['activate_comments']) { $data['commentable'] = isset($_POST['commentable']) ? $_POST['commentable'] : 'false'; } single_update(CATEGORIES_TABLE, $data, array('id' => $data['id'])); if (isset($_POST['apply_commentable_on_sub'])) { $subcats = get_subcat_ids(array('id' => $data['id'])); $query = ' UPDATE ' . CATEGORIES_TABLE . ' SET commentable = \'' . $data['commentable'] . '\' WHERE id IN (' . implode(',', $subcats) . ') ;'; pwg_query($query); } // retrieve cat infos before continuing (following updates are expensive) $cat_info = get_cat_info($_GET['cat_id']); if ($_POST['visible'] == 'true_sub') { set_cat_visible(array($_GET['cat_id']), true, true); } elseif ($cat_info['visible'] != get_boolean($_POST['visible'])) { set_cat_visible(array($_GET['cat_id']), $_POST['visible']); } // in case the use moves his album to the gallery root, we force
;'; pwg_query($query); } // all sub-categories of private categories become private $cat_ids = array(); $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE status = \'private\' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { array_push($cat_ids, $row['id']); } if (count($cat_ids) > 0) { $privates = get_subcat_ids($cat_ids); $query = ' UPDATE ' . CATEGORIES_TABLE . ' SET status = \'private\' WHERE id IN (' . implode(',', $privates) . ') ;'; pwg_query($query); } // load the config file $config_file = PHPWG_ROOT_PATH . 'local/config/database.inc.php'; $config_file_contents = @file_get_contents($config_file); if ($config_file_contents === false) { die('CANNOT LOAD ' . $config_file); } $php_end_tag = strrpos($config_file_contents, '?' . '>'); if ($php_end_tag === false) {
/** * Initialize _$page_ and _$template_ vars for calendar view. */ function initialize_calendar() { global $page, $conf, $user, $template, $persistent_cache, $filter; //------------------ initialize the condition on items to take into account --- $inner_sql = ' FROM ' . IMAGES_TABLE; if ($page['section'] == 'categories') { // we will regenerate the items by including subcats elements $page['items'] = array(); $inner_sql .= ' INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' ON id = image_id'; if (isset($page['category'])) { $sub_ids = array_diff(get_subcat_ids(array($page['category']['id'])), explode(',', $user['forbidden_categories'])); if (empty($sub_ids)) { return; // nothing to do } $inner_sql .= ' WHERE category_id IN (' . implode(',', $sub_ids) . ')'; $inner_sql .= ' ' . get_sql_condition_FandF(array('visible_images' => 'id'), 'AND', false); } else { $inner_sql .= ' ' . get_sql_condition_FandF(array('forbidden_categories' => 'category_id', 'visible_categories' => 'category_id', 'visible_images' => 'id'), 'WHERE', true); } } else { if (empty($page['items'])) { return; // nothing to do } $inner_sql .= ' WHERE id IN (' . implode(',', $page['items']) . ')'; } //-------------------------------------- initialize the calendar parameters --- pwg_debug('start initialize_calendar'); $fields = array('created' => array('label' => l10n('Creation date')), 'posted' => array('label' => l10n('Post date'))); $styles = array('monthly' => array('include' => 'calendar_monthly.class.php', 'view_calendar' => true, 'classname' => 'CalendarMonthly'), 'weekly' => array('include' => 'calendar_weekly.class.php', 'view_calendar' => false, 'classname' => 'CalendarWeekly')); $views = array(CAL_VIEW_LIST, CAL_VIEW_CALENDAR); // Retrieve calendar field isset($fields[$page['chronology_field']]) or fatal_error('bad chronology field'); // Retrieve style if (!isset($styles[$page['chronology_style']])) { $page['chronology_style'] = 'monthly'; } $cal_style = $page['chronology_style']; $classname = $styles[$cal_style]['classname']; include PHPWG_ROOT_PATH . 'include/' . $styles[$cal_style]['include']; $calendar = new $classname(); // Retrieve view if (!isset($page['chronology_view']) or !in_array($page['chronology_view'], $views)) { $page['chronology_view'] = CAL_VIEW_LIST; } if (CAL_VIEW_CALENDAR == $page['chronology_view'] and !$styles[$cal_style]['view_calendar']) { $page['chronology_view'] = CAL_VIEW_LIST; } // perform a sanity check on $requested if (!isset($page['chronology_date'])) { $page['chronology_date'] = array(); } while (count($page['chronology_date']) > 3) { array_pop($page['chronology_date']); } $any_count = 0; for ($i = 0; $i < count($page['chronology_date']); $i++) { if ($page['chronology_date'][$i] == 'any') { if ($page['chronology_view'] == CAL_VIEW_CALENDAR) { // we dont allow any in calendar view while ($i < count($page['chronology_date'])) { array_pop($page['chronology_date']); } break; } $any_count++; } elseif ($page['chronology_date'][$i] == '') { while ($i < count($page['chronology_date'])) { array_pop($page['chronology_date']); } } else { $page['chronology_date'][$i] = (int) $page['chronology_date'][$i]; } } if ($any_count == 3) { array_pop($page['chronology_date']); } $calendar->initialize($inner_sql); //echo ('<pre>'. var_export($calendar, true) . '</pre>'); $must_show_list = true; // true until calendar generates its own display if (script_basename() != 'picture') { if ($calendar->generate_category_content()) { $page['items'] = array(); $must_show_list = false; } $page['comment'] = ''; $template->assign('FILE_CHRONOLOGY_VIEW', 'month_calendar.tpl'); foreach ($styles as $style => $style_data) { foreach ($views as $view) { if ($style_data['view_calendar'] or $view != CAL_VIEW_CALENDAR) { $selected = false; if ($style != $cal_style) { $chronology_date = array(); if (isset($page['chronology_date'][0])) { $chronology_date[] = $page['chronology_date'][0]; } } else { $chronology_date = $page['chronology_date']; } $url = duplicate_index_url(array('chronology_style' => $style, 'chronology_view' => $view, 'chronology_date' => $chronology_date)); if ($style == $cal_style and $view == $page['chronology_view']) { $selected = true; } $template->append('chronology_views', array('VALUE' => $url, 'CONTENT' => l10n('chronology_' . $style . '_' . $view), 'SELECTED' => $selected)); } } } $url = duplicate_index_url(array(), array('start', 'chronology_date')); $calendar_title = '<a href="' . $url . '">' . $fields[$page['chronology_field']]['label'] . '</a>'; $calendar_title .= $calendar->get_display_name(); $template->assign('chronology', array('TITLE' => $calendar_title)); } // end category calling if ($must_show_list) { if (isset($page['super_order_by'])) { $order_by = $conf['order_by']; } else { if (count($page['chronology_date']) == 0 or in_array('any', $page['chronology_date'])) { // selected period is very big so we show newest first $order = ' DESC, '; } else { // selected period is small (month,week) so we show oldest first $order = ' ASC, '; } $order_by = str_replace('ORDER BY ', 'ORDER BY ' . $calendar->date_field . $order, $conf['order_by']); } if ('categories' == $page['section'] && !isset($page['category']) && (count($page['chronology_date']) == 0 or $page['chronology_date'][0] == 'any' && count($page['chronology_date']) == 1)) { $cache_key = $persistent_cache->make_key($user['id'] . $user['cache_update_time'] . $calendar->date_field . $order_by); } if (!isset($cache_key) || !$persistent_cache->get($cache_key, $page['items'])) { $query = 'SELECT DISTINCT id ' . $calendar->inner_sql . ' ' . $calendar->get_date_where() . ' ' . $order_by; $page['items'] = array_from_query($query, 'id'); if (isset($cache_key)) { $persistent_cache->set($cache_key, $page['items']); } } } pwg_debug('end initialize_calendar'); }
$query = ' SELECT id FROM ' . IMAGES_TABLE . ' ' . $conf['order_by']; $filter_sets[] = query2array($query, null, 'id'); } break; default: $filter_sets = trigger_change('perform_batch_manager_prefilters', $filter_sets, $_SESSION['bulk_manager_filter']['prefilter']); break; } } if (isset($_SESSION['bulk_manager_filter']['category'])) { $categories = array(); if (isset($_SESSION['bulk_manager_filter']['category_recursive'])) { $categories = get_subcat_ids(array($_SESSION['bulk_manager_filter']['category'])); } else { $categories = array($_SESSION['bulk_manager_filter']['category']); } $query = ' SELECT DISTINCT(image_id) FROM ' . IMAGE_CATEGORY_TABLE . ' WHERE category_id IN (' . implode(',', $categories) . ') ;'; $filter_sets[] = query2array($query, null, 'image_id'); } if (isset($_SESSION['bulk_manager_filter']['level'])) { $operator = '='; if (isset($_SESSION['bulk_manager_filter']['level_include_lower'])) { $operator = '<='; }
function get_categories($cat_id = 0) { global $site_template, $site_db, $site_sess, $config, $lang; global $cat_cache, $cat_parent_cache, $new_image_cache, $subcat_ids; $cattable_width = ceil(intval($config['cat_table_width']) / $config['cat_cells']); if (substr($config['cat_table_width'], -1) == "%") { $cattable_width .= "%"; } if (!isset($cat_parent_cache[$cat_id])) { return ""; } $visible_cat_cache = array(); foreach ($cat_parent_cache[$cat_id] as $key => $val) { if (check_permission("auth_viewcat", $val)) { $visible_cat_cache[$key] = $val; } } if (empty($visible_cat_cache)) { return ""; } $total = sizeof($visible_cat_cache); $table_columns = intval($config['cat_cells']) ? intval($config['cat_cells']) : 2; if ($total <= $table_columns) { $table_rows = 1; } else { $table_rows = $total / $table_columns; if ($total >= $table_columns && !is_integer($table_rows)) { $table_rows = intval($table_rows) + 1; } } $categories = "\n<table width=\"" . $config['cat_table_width'] . "\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n<tr>\n<td valign=\"top\" width=\"" . $cattable_width . "\" class=\"catbgcolor\">\n"; $categories .= "<table border=\"0\" cellpadding=\"" . $config['cat_table_cellpadding'] . "\" cellspacing=\"" . $config['cat_table_cellspacing'] . "\">\n"; $count = 0; $count2 = 0; foreach ($visible_cat_cache as $key => $category_id) { $categories .= "<tr>\n<td valign=\"top\">\n"; $is_new = isset($new_image_cache[$category_id]) && $new_image_cache[$category_id] > 0 ? 1 : 0; $num_images = isset($cat_cache[$category_id]['num_images']) ? $cat_cache[$category_id]['num_images'] : 0; $subcat_ids = array(); get_subcat_ids($category_id, $category_id, $cat_parent_cache); if (isset($subcat_ids[$category_id])) { foreach ($subcat_ids[$category_id] as $val) { if (isset($new_image_cache[$val]) && $new_image_cache[$val] > 0) { $is_new = 1; } if (isset($cat_cache[$val]['num_images'])) { $num_images += $cat_cache[$val]['num_images']; } } } if (defined("SHOW_RANDOM_IMAGE") && SHOW_RANDOM_IMAGE == 0 || defined("SHOW_RANDOM_CAT_IMAGE") && SHOW_RANDOM_CAT_IMAGE == 0) { $random_cat_image_file = ""; } else { $random_cat_image_file = get_random_image($category_id, 0, 1); } $site_template->register_vars(array("cat_id" => $category_id, "cat_name" => format_text($cat_cache[$category_id]['cat_name'], 2), "cat_description" => format_text($cat_cache[$category_id]['cat_description'], 1), "cat_hits" => $cat_cache[$category_id]['cat_hits'], "cat_is_new" => $is_new, "lang_new" => $lang['new'], "sub_cats" => get_subcategories($category_id), "cat_url" => $site_sess->url(ROOT_PATH . "categories.php?" . URL_CAT_ID . "=" . $category_id), "random_cat_image_file" => $random_cat_image_file, "num_images" => $num_images)); $categories .= $site_template->parse_template("category_bit"); $count++; $count2++; $categories .= "</td>\n</tr>\n"; if ($count == $table_rows && $count2 < sizeof($visible_cat_cache)) { $categories .= "</table></td>\n"; $categories .= "<td valign=\"top\" width=\"" . $cattable_width . "\" class=\"catbgcolor\">\n"; $categories .= "<table border=\"0\" cellpadding=\"" . $config['cat_table_cellpadding'] . "\" cellspacing=\"" . $config['cat_table_cellspacing'] . "\">\n"; $total = $total - $count2; $table_columns = $table_columns - 1; /*if ($total <= $table_columns && $table_columns > 1) { $table_rows = 1; } else { $table_rows = $total / $table_columns; if ($total >= $table_columns && !is_integer($table_rows)) { $table_rows = intval($table_rows) + 1; } }*/ $count = 0; } } $categories .= "</table>\n</td>\n</tr>\n</table>\n"; return $categories; }
check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | variables init | // +-----------------------------------------------------------------------+ if (isset($_GET['group_id']) and is_numeric($_GET['group_id'])) { $page['group'] = $_GET['group_id']; } else { die('group_id URL parameter is missing'); } // +-----------------------------------------------------------------------+ // | updates | // +-----------------------------------------------------------------------+ if (isset($_POST['falsify']) and isset($_POST['cat_true']) and count($_POST['cat_true']) > 0) { // if you forbid access to a category, all sub-categories become // automatically forbidden $subcats = get_subcat_ids($_POST['cat_true']); $query = ' DELETE FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id = ' . $page['group'] . ' AND cat_id IN (' . implode(',', $subcats) . ') ;'; pwg_query($query); } else { if (isset($_POST['trueify']) and isset($_POST['cat_false']) and count($_POST['cat_false']) > 0) { $uppercats = get_uppercat_ids($_POST['cat_false']); $private_uppercats = array(); $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $uppercats) . ')
/** * Grant access to a list of categories for a list of users. * * @param int[] $category_ids * @param int[] $user_ids */ function add_permission_on_category($category_ids, $user_ids) { if (!is_array($category_ids)) { $category_ids = array($category_ids); } if (!is_array($user_ids)) { $user_ids = array($user_ids); } // check for emptiness if (count($category_ids) == 0 or count($user_ids) == 0) { return; } // make sure categories are private and select uppercats or subcats $cat_ids = get_uppercat_ids($category_ids); if (isset($_POST['apply_on_sub'])) { $cat_ids = array_merge($cat_ids, get_subcat_ids($category_ids)); } $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $cat_ids) . ') AND status = \'private\' ;'; $private_cats = query2array($query, null, 'id'); if (count($private_cats) == 0) { return; } $inserts = array(); foreach ($private_cats as $cat_id) { foreach ($user_ids as $user_id) { $inserts[] = array('user_id' => $user_id, 'cat_id' => $cat_id); } } mass_inserts(USER_ACCESS_TABLE, array('user_id', 'cat_id'), $inserts, array('ignore' => true)); }
if (isset($search['fields']['tags'])) { $template->assign('SEARCH_TAGS_MODE', $search['fields']['tags']['mode']); $query = ' SELECT name FROM ' . TAGS_TABLE . ' WHERE id IN (' . implode(',', $search['fields']['tags']['words']) . ') ;'; $template->assign('search_tags', array_from_query($query, 'name')); } if (isset($search['fields']['author'])) { $template->append('search_words', l10n('author(s) : %s', join(', ', array_map('strip_tags', $search['fields']['author']['words'])))); } if (isset($search['fields']['cat'])) { if ($search['fields']['cat']['sub_inc']) { // searching all the categories id of sub-categories $cat_ids = get_subcat_ids($search['fields']['cat']['words']); } else { $cat_ids = $search['fields']['cat']['words']; } $query = ' SELECT id, uppercats, global_rank FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $cat_ids) . ') ;'; $result = pwg_query($query); $categories = array(); if (!empty($result)) { while ($row = pwg_db_fetch_assoc($result)) { $categories[] = $row; } }
$users_granted = array_from_query($query, 'user_id'); if (!isset($_POST['users'])) { $_POST['users'] = array(); } // // remove permissions to users // $deny_users = array_diff($users_granted, $_POST['users']); if (count($deny_users) > 0) { // if you forbid access to an album, all sub-album become automatically // forbidden $query = ' DELETE FROM ' . USER_ACCESS_TABLE . ' WHERE user_id IN (' . implode(',', $deny_users) . ') AND cat_id IN (' . implode(',', get_subcat_ids(array($page['cat']))) . ') ;'; pwg_query($query); } // // add permissions to users // $grant_users = $_POST['users']; if (count($grant_users) > 0) { add_permission_on_category($page['cat'], $grant_users); } } $page['infos'][] = l10n('Album updated successfully'); } // +-----------------------------------------------------------------------+ // | template initialization |
if ($action == "checkimages") { if (isset($HTTP_GET_VARS['cat']) || isset($HTTP_POST_VARS['cat'])) { $cat = isset($HTTP_GET_VARS['cat']) ? intval($HTTP_GET_VARS['cat']) : intval($HTTP_POST_VARS['cat']); } else { $cat = 0; } if (isset($HTTP_GET_VARS['subcat']) || isset($HTTP_POST_VARS['subcat'])) { $subcat = isset($HTTP_GET_VARS['subcat']) ? intval($HTTP_GET_VARS['subcat']) : intval($HTTP_POST_VARS['subcat']); } else { $subcat = 0; } if ($cat) { $cats = array($cat); if ($subcat) { $subcat_ids = array(); get_subcat_ids($cat, $cat, $cat_parent_cache); if (isset($subcat_ids[$cat])) { $cats = array_merge($cats, $subcat_ids[$cat]); } } $condition = "WHERE cat_id IN (" . implode(",", $cats) . ")"; } else { $condition = ""; } if (isset($HTTP_GET_VARS['imchksize']) || isset($HTTP_POST_VARS['imchksize'])) { $imchksize = isset($HTTP_GET_VARS['imchksize']) ? intval($HTTP_GET_VARS['imchksize']) : intval($HTTP_POST_VARS['imchksize']); if (!$imchksize) { $imchksize = 25; } } else { $imchksize = 50;
$page['sort_order'] = $_GET['sort_order']; } // number of items to display // $page['items_number'] = $conf['comments_page_nb_comments']; if (isset($_GET['items_number'])) { $page['items_number'] = $_GET['items_number']; } if (!is_numeric($page['items_number']) and $page['items_number'] != 'all') { $page['items_number'] = 10; } $page['where_clauses'] = array(); // which category to filter on ? if (isset($_GET['cat']) and 0 != $_GET['cat']) { check_input_parameter('cat', $_GET, false, PATTERN_ID); $category_ids = get_subcat_ids(array($_GET['cat'])); if (empty($category_ids)) { $category_ids = array(-1); } $page['where_clauses'][] = 'category_id IN (' . implode(',', $category_ids) . ')'; } // search a particular author if (!empty($_GET['author'])) { $page['where_clauses'][] = '(u.' . $conf['user_fields']['username'] . ' = \'' . $_GET['author'] . '\' OR author = \'' . $_GET['author'] . '\')'; } // search a specific comment (if you're coming directly from an admin // notification email) if (!empty($_GET['comment_id'])) { check_input_parameter('comment_id', $_GET, false, PATTERN_ID); // currently, the $_GET['comment_id'] is only used by admins from email // for management purpose (validate/delete)