function get_auth_subcat_ids($cid = 0, $cat_id = 0, $cat_parent_cache)
{
global $cat_subcat_ids;
if (!isset($cat_parent_cache[$cid])) {
return false;
}
foreach ($cat_parent_cache[$cid] as $key => $val) {
$cat_subcat_ids[$cat_id][] = $val;
get_subcat_ids($val, $cat_id, $cat_parent_cache);
}
return $cat_subcat_ids;
}
function get_categories_ref_date($ids, $field = 'date_available', $minmax = 'max')
{
// we need to work on the whole tree under each category, even if we don't
// want to sort sub categories
$category_ids = get_subcat_ids($ids);
// search for the reference date of each album
$query = '
SELECT
category_id,
' . $minmax . '(' . $field . ') as ref_date
FROM ' . IMAGE_CATEGORY_TABLE . '
JOIN ' . IMAGES_TABLE . ' ON image_id = id
WHERE category_id IN (' . implode(',', $category_ids) . ')
GROUP BY category_id
;';
$ref_dates = query2array($query, 'category_id', 'ref_date');
// the iterate on all albums (having a ref_date or not) to find the
// reference_date, with a search on sub-albums
$query = '
SELECT
id,
uppercats
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $category_ids) . ')
;';
$uppercats_of = query2array($query, 'id', 'uppercats');
foreach (array_keys($uppercats_of) as $cat_id) {
// find the subcats
$subcat_ids = array();
foreach ($uppercats_of as $id => $uppercats) {
if (preg_match('/(^|,)' . $cat_id . '(,|$)/', $uppercats)) {
$subcat_ids[] = $id;
}
}
$to_compare = array();
foreach ($subcat_ids as $id) {
if (isset($ref_dates[$id])) {
$to_compare[] = $ref_dates[$id];
}
}
if (count($to_compare) > 0) {
$ref_dates[$cat_id] = 'max' == $minmax ? max($to_compare) : min($to_compare);
} else {
$ref_dates[$cat_id] = null;
}
}
// only return the list of $ids, not the sub-categories
$return = array();
foreach ($ids as $id) {
$return[$id] = $ref_dates[$id];
}
return $return;
}
/**
* API method
* Moves a category
* @param mixed[] $params
* @option string|int[] category_id
* @option int parent
* @option string pwg_token
*/
function ws_categories_move($params, &$service)
{
global $page;
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
if (!is_array($params['category_id'])) {
$params['category_id'] = preg_split('/[\\s,;\\|]/', $params['category_id'], -1, PREG_SPLIT_NO_EMPTY);
}
$params['category_id'] = array_map('intval', $params['category_id']);
$category_ids = array();
foreach ($params['category_id'] as $category_id) {
if ($category_id > 0) {
$category_ids[] = $category_id;
}
}
if (count($category_ids) == 0) {
return new PwgError(403, 'Invalid category_id input parameter, no category to move');
}
// we can't move physical categories
$categories_in_db = array();
$query = '
SELECT id, name, dir
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $category_ids) . ')
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$categories_in_db[$row['id']] = $row;
// we break on error at first physical category detected
if (!empty($row['dir'])) {
$row['name'] = strip_tags(trigger_change('render_category_name', $row['name'], 'ws_categories_move'));
return new PwgError(403, sprintf('Category %s (%u) is not a virtual category, you cannot move it', $row['name'], $row['id']));
}
}
if (count($categories_in_db) != count($category_ids)) {
$unknown_category_ids = array_diff($category_ids, array_keys($categories_in_db));
return new PwgError(403, sprintf('Category %u does not exist', $unknown_category_ids[0]));
}
// does this parent exists? This check should be made in the
// move_categories function, not here
// 0 as parent means "move categories at gallery root"
if (0 != $params['parent']) {
$subcat_ids = get_subcat_ids(array($params['parent']));
if (count($subcat_ids) == 0) {
return new PwgError(403, 'Unknown parent category id');
}
}
$page['infos'] = array();
$page['errors'] = array();
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
move_categories($category_ids, $params['parent']);
invalidate_user_cache();
if (count($page['errors']) != 0) {
return new PwgError(403, implode('; ', $page['errors']));
}
}
}
$sql_where_query = "";
if (!empty($search_id['image_ids'])) {
$sql_where_query .= "AND image_id IN (" . $search_id['image_ids'] . ") ";
}
if (!empty($search_id['user_ids'])) {
$sql_where_query .= "AND user_id IN (" . $search_id['user_ids'] . ") ";
}
if (!empty($search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
$new_cutoff = time() - 60 * 60 * 24 * $config['new_cutoff'];
$sql_where_query .= "AND image_date >= {$new_cutoff} ";
}
if (!empty($search_id['search_cat']) && $search_id['search_cat'] != 0) {
$cat_id_sql = 0;
if (check_permission("auth_viewcat", $search_id['search_cat'])) {
$sub_cat_ids = get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
$cat_id_sql .= ", " . $search_id['search_cat'];
if (!empty($sub_cat_ids[$search_id['search_cat']])) {
foreach ($sub_cat_ids[$search_id['search_cat']] as $val) {
if (check_permission("auth_viewcat", $val)) {
$cat_id_sql .= ", " . $val;
}
}
}
}
$cat_id_sql = $cat_id_sql !== 0 ? "AND cat_id IN ({$cat_id_sql})" : "";
} else {
$cat_id_sql = get_auth_cat_sql("auth_viewcat", "NOTIN");
$cat_id_sql = $cat_id_sql !== 0 ? "AND cat_id NOT IN (" . $cat_id_sql . ")" : "";
}
if (!empty($sql_where_query)) {
/**
* Returns the SQL clause for a search.
* Transforms the array returned by get_search_array() into SQL sub-query.
*
* @param array $search
* @return string
*/
function get_sql_search_clause($search)
{
// SQL where clauses are stored in $clauses array during query
// construction
$clauses = array();
foreach (array('file', 'name', 'comment', 'author') as $textfield) {
if (isset($search['fields'][$textfield])) {
$local_clauses = array();
foreach ($search['fields'][$textfield]['words'] as $word) {
if ('author' == $textfield) {
$local_clauses[] = $textfield . "='" . $word . "'";
} else {
$local_clauses[] = $textfield . " LIKE '%" . $word . "%'";
}
}
// adds brackets around where clauses
$local_clauses = prepend_append_array_items($local_clauses, '(', ')');
$clauses[] = implode(' ' . $search['fields'][$textfield]['mode'] . ' ', $local_clauses);
}
}
if (isset($search['fields']['allwords'])) {
$fields = array('file', 'name', 'comment');
if (isset($search['fields']['allwords']['fields']) and count($search['fields']['allwords']['fields']) > 0) {
$fields = array_intersect($fields, $search['fields']['allwords']['fields']);
}
// in the OR mode, request bust be :
// ((field1 LIKE '%word1%' OR field2 LIKE '%word1%')
// OR (field1 LIKE '%word2%' OR field2 LIKE '%word2%'))
//
// in the AND mode :
// ((field1 LIKE '%word1%' OR field2 LIKE '%word1%')
// AND (field1 LIKE '%word2%' OR field2 LIKE '%word2%'))
$word_clauses = array();
foreach ($search['fields']['allwords']['words'] as $word) {
$field_clauses = array();
foreach ($fields as $field) {
$field_clauses[] = $field . " LIKE '%" . $word . "%'";
}
// adds brackets around where clauses
$word_clauses[] = implode("\n OR ", $field_clauses);
}
array_walk($word_clauses, create_function('&$s', '$s="(".$s.")";'));
// make sure the "mode" is either OR or AND
if ($search['fields']['allwords']['mode'] != 'AND' and $search['fields']['allwords']['mode'] != 'OR') {
$search['fields']['allwords']['mode'] = 'AND';
}
$clauses[] = "\n " . implode("\n " . $search['fields']['allwords']['mode'] . "\n ", $word_clauses);
}
foreach (array('date_available', 'date_creation') as $datefield) {
if (isset($search['fields'][$datefield])) {
$clauses[] = $datefield . " = '" . $search['fields'][$datefield]['date'] . "'";
}
foreach (array('after', 'before') as $suffix) {
$key = $datefield . '-' . $suffix;
if (isset($search['fields'][$key])) {
$clauses[] = $datefield . ($suffix == 'after' ? ' >' : ' <') . ($search['fields'][$key]['inc'] ? '=' : '') . " '" . $search['fields'][$key]['date'] . "'";
}
}
}
if (isset($search['fields']['cat'])) {
if ($search['fields']['cat']['sub_inc']) {
// searching all the categories id of sub-categories
$cat_ids = get_subcat_ids($search['fields']['cat']['words']);
} else {
$cat_ids = $search['fields']['cat']['words'];
}
$local_clause = 'category_id IN (' . implode(',', $cat_ids) . ')';
$clauses[] = $local_clause;
}
// adds brackets around where clauses
$clauses = prepend_append_array_items($clauses, '(', ')');
$where_separator = implode("\n " . $search['mode'] . ' ', $clauses);
$search_clause = $where_separator;
return $search_clause;
}
/**
* API method
* Removes permissions
* @param mixed[] $params
* @option int[] cat_id
* @option int[] group_id (optional)
* @option int[] user_id (optional)
*/
function ws_permissions_remove($params, &$service)
{
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$cat_ids = get_subcat_ids($params['cat_id']);
if (!empty($params['group_id'])) {
$query = '
DELETE
FROM ' . GROUP_ACCESS_TABLE . '
WHERE group_id IN (' . implode(',', $params['group_id']) . ')
AND cat_id IN (' . implode(',', $cat_ids) . ')
;';
pwg_query($query);
}
if (!empty($params['user_id'])) {
$query = '
DELETE
FROM ' . USER_ACCESS_TABLE . '
WHERE user_id IN (' . implode(',', $params['user_id']) . ')
AND cat_id IN (' . implode(',', $cat_ids) . ')
;';
pwg_query($query);
}
return $service->invoke('pwg.permissions.getList', array('cat_id' => $params['cat_id']));
}
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
trigger_notify('loc_begin_cat_modify');
//---------------------------------------------------------------- verification
if (!isset($_GET['cat_id']) || !is_numeric($_GET['cat_id'])) {
trigger_error('missing cat_id param', E_USER_ERROR);
}
//--------------------------------------------------------- form criteria check
if (isset($_POST['submit'])) {
$data = array('id' => $_GET['cat_id'], 'name' => @$_POST['name'], 'comment' => $conf['allow_html_descriptions'] ? @$_POST['comment'] : strip_tags(@$_POST['comment']));
if ($conf['activate_comments']) {
$data['commentable'] = isset($_POST['commentable']) ? $_POST['commentable'] : 'false';
}
single_update(CATEGORIES_TABLE, $data, array('id' => $data['id']));
if (isset($_POST['apply_commentable_on_sub'])) {
$subcats = get_subcat_ids(array('id' => $data['id']));
$query = '
UPDATE ' . CATEGORIES_TABLE . '
SET commentable = \'' . $data['commentable'] . '\'
WHERE id IN (' . implode(',', $subcats) . ')
;';
pwg_query($query);
}
// retrieve cat infos before continuing (following updates are expensive)
$cat_info = get_cat_info($_GET['cat_id']);
if ($_POST['visible'] == 'true_sub') {
set_cat_visible(array($_GET['cat_id']), true, true);
} elseif ($cat_info['visible'] != get_boolean($_POST['visible'])) {
set_cat_visible(array($_GET['cat_id']), $_POST['visible']);
}
// in case the use moves his album to the gallery root, we force
;';
pwg_query($query);
}
// all sub-categories of private categories become private
$cat_ids = array();
$query = '
SELECT id
FROM ' . CATEGORIES_TABLE . '
WHERE status = \'private\'
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
array_push($cat_ids, $row['id']);
}
if (count($cat_ids) > 0) {
$privates = get_subcat_ids($cat_ids);
$query = '
UPDATE ' . CATEGORIES_TABLE . '
SET status = \'private\'
WHERE id IN (' . implode(',', $privates) . ')
;';
pwg_query($query);
}
// load the config file
$config_file = PHPWG_ROOT_PATH . 'local/config/database.inc.php';
$config_file_contents = @file_get_contents($config_file);
if ($config_file_contents === false) {
die('CANNOT LOAD ' . $config_file);
}
$php_end_tag = strrpos($config_file_contents, '?' . '>');
if ($php_end_tag === false) {
/**
* Initialize _$page_ and _$template_ vars for calendar view.
*/
function initialize_calendar()
{
global $page, $conf, $user, $template, $persistent_cache, $filter;
//------------------ initialize the condition on items to take into account ---
$inner_sql = ' FROM ' . IMAGES_TABLE;
if ($page['section'] == 'categories') {
// we will regenerate the items by including subcats elements
$page['items'] = array();
$inner_sql .= '
INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' ON id = image_id';
if (isset($page['category'])) {
$sub_ids = array_diff(get_subcat_ids(array($page['category']['id'])), explode(',', $user['forbidden_categories']));
if (empty($sub_ids)) {
return;
// nothing to do
}
$inner_sql .= '
WHERE category_id IN (' . implode(',', $sub_ids) . ')';
$inner_sql .= '
' . get_sql_condition_FandF(array('visible_images' => 'id'), 'AND', false);
} else {
$inner_sql .= '
' . get_sql_condition_FandF(array('forbidden_categories' => 'category_id', 'visible_categories' => 'category_id', 'visible_images' => 'id'), 'WHERE', true);
}
} else {
if (empty($page['items'])) {
return;
// nothing to do
}
$inner_sql .= '
WHERE id IN (' . implode(',', $page['items']) . ')';
}
//-------------------------------------- initialize the calendar parameters ---
pwg_debug('start initialize_calendar');
$fields = array('created' => array('label' => l10n('Creation date')), 'posted' => array('label' => l10n('Post date')));
$styles = array('monthly' => array('include' => 'calendar_monthly.class.php', 'view_calendar' => true, 'classname' => 'CalendarMonthly'), 'weekly' => array('include' => 'calendar_weekly.class.php', 'view_calendar' => false, 'classname' => 'CalendarWeekly'));
$views = array(CAL_VIEW_LIST, CAL_VIEW_CALENDAR);
// Retrieve calendar field
isset($fields[$page['chronology_field']]) or fatal_error('bad chronology field');
// Retrieve style
if (!isset($styles[$page['chronology_style']])) {
$page['chronology_style'] = 'monthly';
}
$cal_style = $page['chronology_style'];
$classname = $styles[$cal_style]['classname'];
include PHPWG_ROOT_PATH . 'include/' . $styles[$cal_style]['include'];
$calendar = new $classname();
// Retrieve view
if (!isset($page['chronology_view']) or !in_array($page['chronology_view'], $views)) {
$page['chronology_view'] = CAL_VIEW_LIST;
}
if (CAL_VIEW_CALENDAR == $page['chronology_view'] and !$styles[$cal_style]['view_calendar']) {
$page['chronology_view'] = CAL_VIEW_LIST;
}
// perform a sanity check on $requested
if (!isset($page['chronology_date'])) {
$page['chronology_date'] = array();
}
while (count($page['chronology_date']) > 3) {
array_pop($page['chronology_date']);
}
$any_count = 0;
for ($i = 0; $i < count($page['chronology_date']); $i++) {
if ($page['chronology_date'][$i] == 'any') {
if ($page['chronology_view'] == CAL_VIEW_CALENDAR) {
// we dont allow any in calendar view
while ($i < count($page['chronology_date'])) {
array_pop($page['chronology_date']);
}
break;
}
$any_count++;
} elseif ($page['chronology_date'][$i] == '') {
while ($i < count($page['chronology_date'])) {
array_pop($page['chronology_date']);
}
} else {
$page['chronology_date'][$i] = (int) $page['chronology_date'][$i];
}
}
if ($any_count == 3) {
array_pop($page['chronology_date']);
}
$calendar->initialize($inner_sql);
//echo ('<pre>'. var_export($calendar, true) . '</pre>');
$must_show_list = true;
// true until calendar generates its own display
if (script_basename() != 'picture') {
if ($calendar->generate_category_content()) {
$page['items'] = array();
$must_show_list = false;
}
$page['comment'] = '';
$template->assign('FILE_CHRONOLOGY_VIEW', 'month_calendar.tpl');
foreach ($styles as $style => $style_data) {
foreach ($views as $view) {
if ($style_data['view_calendar'] or $view != CAL_VIEW_CALENDAR) {
$selected = false;
if ($style != $cal_style) {
$chronology_date = array();
if (isset($page['chronology_date'][0])) {
$chronology_date[] = $page['chronology_date'][0];
}
} else {
$chronology_date = $page['chronology_date'];
}
$url = duplicate_index_url(array('chronology_style' => $style, 'chronology_view' => $view, 'chronology_date' => $chronology_date));
if ($style == $cal_style and $view == $page['chronology_view']) {
$selected = true;
}
$template->append('chronology_views', array('VALUE' => $url, 'CONTENT' => l10n('chronology_' . $style . '_' . $view), 'SELECTED' => $selected));
}
}
}
$url = duplicate_index_url(array(), array('start', 'chronology_date'));
$calendar_title = '<a href="' . $url . '">' . $fields[$page['chronology_field']]['label'] . '</a>';
$calendar_title .= $calendar->get_display_name();
$template->assign('chronology', array('TITLE' => $calendar_title));
}
// end category calling
if ($must_show_list) {
if (isset($page['super_order_by'])) {
$order_by = $conf['order_by'];
} else {
if (count($page['chronology_date']) == 0 or in_array('any', $page['chronology_date'])) {
// selected period is very big so we show newest first
$order = ' DESC, ';
} else {
// selected period is small (month,week) so we show oldest first
$order = ' ASC, ';
}
$order_by = str_replace('ORDER BY ', 'ORDER BY ' . $calendar->date_field . $order, $conf['order_by']);
}
if ('categories' == $page['section'] && !isset($page['category']) && (count($page['chronology_date']) == 0 or $page['chronology_date'][0] == 'any' && count($page['chronology_date']) == 1)) {
$cache_key = $persistent_cache->make_key($user['id'] . $user['cache_update_time'] . $calendar->date_field . $order_by);
}
if (!isset($cache_key) || !$persistent_cache->get($cache_key, $page['items'])) {
$query = 'SELECT DISTINCT id ' . $calendar->inner_sql . '
' . $calendar->get_date_where() . '
' . $order_by;
$page['items'] = array_from_query($query, 'id');
if (isset($cache_key)) {
$persistent_cache->set($cache_key, $page['items']);
}
}
}
pwg_debug('end initialize_calendar');
}
$query = '
SELECT id
FROM ' . IMAGES_TABLE . '
' . $conf['order_by'];
$filter_sets[] = query2array($query, null, 'id');
}
break;
default:
$filter_sets = trigger_change('perform_batch_manager_prefilters', $filter_sets, $_SESSION['bulk_manager_filter']['prefilter']);
break;
}
}
if (isset($_SESSION['bulk_manager_filter']['category'])) {
$categories = array();
if (isset($_SESSION['bulk_manager_filter']['category_recursive'])) {
$categories = get_subcat_ids(array($_SESSION['bulk_manager_filter']['category']));
} else {
$categories = array($_SESSION['bulk_manager_filter']['category']);
}
$query = '
SELECT DISTINCT(image_id)
FROM ' . IMAGE_CATEGORY_TABLE . '
WHERE category_id IN (' . implode(',', $categories) . ')
;';
$filter_sets[] = query2array($query, null, 'image_id');
}
if (isset($_SESSION['bulk_manager_filter']['level'])) {
$operator = '=';
if (isset($_SESSION['bulk_manager_filter']['level_include_lower'])) {
$operator = '<=';
}
function get_categories($cat_id = 0)
{
global $site_template, $site_db, $site_sess, $config, $lang;
global $cat_cache, $cat_parent_cache, $new_image_cache, $subcat_ids;
$cattable_width = ceil(intval($config['cat_table_width']) / $config['cat_cells']);
if (substr($config['cat_table_width'], -1) == "%") {
$cattable_width .= "%";
}
if (!isset($cat_parent_cache[$cat_id])) {
return "";
}
$visible_cat_cache = array();
foreach ($cat_parent_cache[$cat_id] as $key => $val) {
if (check_permission("auth_viewcat", $val)) {
$visible_cat_cache[$key] = $val;
}
}
if (empty($visible_cat_cache)) {
return "";
}
$total = sizeof($visible_cat_cache);
$table_columns = intval($config['cat_cells']) ? intval($config['cat_cells']) : 2;
if ($total <= $table_columns) {
$table_rows = 1;
} else {
$table_rows = $total / $table_columns;
if ($total >= $table_columns && !is_integer($table_rows)) {
$table_rows = intval($table_rows) + 1;
}
}
$categories = "\n<table width=\"" . $config['cat_table_width'] . "\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n<tr>\n<td valign=\"top\" width=\"" . $cattable_width . "\" class=\"catbgcolor\">\n";
$categories .= "<table border=\"0\" cellpadding=\"" . $config['cat_table_cellpadding'] . "\" cellspacing=\"" . $config['cat_table_cellspacing'] . "\">\n";
$count = 0;
$count2 = 0;
foreach ($visible_cat_cache as $key => $category_id) {
$categories .= "<tr>\n<td valign=\"top\">\n";
$is_new = isset($new_image_cache[$category_id]) && $new_image_cache[$category_id] > 0 ? 1 : 0;
$num_images = isset($cat_cache[$category_id]['num_images']) ? $cat_cache[$category_id]['num_images'] : 0;
$subcat_ids = array();
get_subcat_ids($category_id, $category_id, $cat_parent_cache);
if (isset($subcat_ids[$category_id])) {
foreach ($subcat_ids[$category_id] as $val) {
if (isset($new_image_cache[$val]) && $new_image_cache[$val] > 0) {
$is_new = 1;
}
if (isset($cat_cache[$val]['num_images'])) {
$num_images += $cat_cache[$val]['num_images'];
}
}
}
if (defined("SHOW_RANDOM_IMAGE") && SHOW_RANDOM_IMAGE == 0 || defined("SHOW_RANDOM_CAT_IMAGE") && SHOW_RANDOM_CAT_IMAGE == 0) {
$random_cat_image_file = "";
} else {
$random_cat_image_file = get_random_image($category_id, 0, 1);
}
$site_template->register_vars(array("cat_id" => $category_id, "cat_name" => format_text($cat_cache[$category_id]['cat_name'], 2), "cat_description" => format_text($cat_cache[$category_id]['cat_description'], 1), "cat_hits" => $cat_cache[$category_id]['cat_hits'], "cat_is_new" => $is_new, "lang_new" => $lang['new'], "sub_cats" => get_subcategories($category_id), "cat_url" => $site_sess->url(ROOT_PATH . "categories.php?" . URL_CAT_ID . "=" . $category_id), "random_cat_image_file" => $random_cat_image_file, "num_images" => $num_images));
$categories .= $site_template->parse_template("category_bit");
$count++;
$count2++;
$categories .= "</td>\n</tr>\n";
if ($count == $table_rows && $count2 < sizeof($visible_cat_cache)) {
$categories .= "</table></td>\n";
$categories .= "<td valign=\"top\" width=\"" . $cattable_width . "\" class=\"catbgcolor\">\n";
$categories .= "<table border=\"0\" cellpadding=\"" . $config['cat_table_cellpadding'] . "\" cellspacing=\"" . $config['cat_table_cellspacing'] . "\">\n";
$total = $total - $count2;
$table_columns = $table_columns - 1;
/*if ($total <= $table_columns && $table_columns > 1) {
$table_rows = 1;
}
else {
$table_rows = $total / $table_columns;
if ($total >= $table_columns && !is_integer($table_rows)) {
$table_rows = intval($table_rows) + 1;
}
}*/
$count = 0;
}
}
$categories .= "</table>\n</td>\n</tr>\n</table>\n";
return $categories;
}
check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | variables init |
// +-----------------------------------------------------------------------+
if (isset($_GET['group_id']) and is_numeric($_GET['group_id'])) {
$page['group'] = $_GET['group_id'];
} else {
die('group_id URL parameter is missing');
}
// +-----------------------------------------------------------------------+
// | updates |
// +-----------------------------------------------------------------------+
if (isset($_POST['falsify']) and isset($_POST['cat_true']) and count($_POST['cat_true']) > 0) {
// if you forbid access to a category, all sub-categories become
// automatically forbidden
$subcats = get_subcat_ids($_POST['cat_true']);
$query = '
DELETE
FROM ' . GROUP_ACCESS_TABLE . '
WHERE group_id = ' . $page['group'] . '
AND cat_id IN (' . implode(',', $subcats) . ')
;';
pwg_query($query);
} else {
if (isset($_POST['trueify']) and isset($_POST['cat_false']) and count($_POST['cat_false']) > 0) {
$uppercats = get_uppercat_ids($_POST['cat_false']);
$private_uppercats = array();
$query = '
SELECT id
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $uppercats) . ')
/**
* Grant access to a list of categories for a list of users.
*
* @param int[] $category_ids
* @param int[] $user_ids
*/
function add_permission_on_category($category_ids, $user_ids)
{
if (!is_array($category_ids)) {
$category_ids = array($category_ids);
}
if (!is_array($user_ids)) {
$user_ids = array($user_ids);
}
// check for emptiness
if (count($category_ids) == 0 or count($user_ids) == 0) {
return;
}
// make sure categories are private and select uppercats or subcats
$cat_ids = get_uppercat_ids($category_ids);
if (isset($_POST['apply_on_sub'])) {
$cat_ids = array_merge($cat_ids, get_subcat_ids($category_ids));
}
$query = '
SELECT id
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $cat_ids) . ')
AND status = \'private\'
;';
$private_cats = query2array($query, null, 'id');
if (count($private_cats) == 0) {
return;
}
$inserts = array();
foreach ($private_cats as $cat_id) {
foreach ($user_ids as $user_id) {
$inserts[] = array('user_id' => $user_id, 'cat_id' => $cat_id);
}
}
mass_inserts(USER_ACCESS_TABLE, array('user_id', 'cat_id'), $inserts, array('ignore' => true));
}
if (isset($search['fields']['tags'])) {
$template->assign('SEARCH_TAGS_MODE', $search['fields']['tags']['mode']);
$query = '
SELECT name
FROM ' . TAGS_TABLE . '
WHERE id IN (' . implode(',', $search['fields']['tags']['words']) . ')
;';
$template->assign('search_tags', array_from_query($query, 'name'));
}
if (isset($search['fields']['author'])) {
$template->append('search_words', l10n('author(s) : %s', join(', ', array_map('strip_tags', $search['fields']['author']['words']))));
}
if (isset($search['fields']['cat'])) {
if ($search['fields']['cat']['sub_inc']) {
// searching all the categories id of sub-categories
$cat_ids = get_subcat_ids($search['fields']['cat']['words']);
} else {
$cat_ids = $search['fields']['cat']['words'];
}
$query = '
SELECT id, uppercats, global_rank
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $cat_ids) . ')
;';
$result = pwg_query($query);
$categories = array();
if (!empty($result)) {
while ($row = pwg_db_fetch_assoc($result)) {
$categories[] = $row;
}
}
$users_granted = array_from_query($query, 'user_id');
if (!isset($_POST['users'])) {
$_POST['users'] = array();
}
//
// remove permissions to users
//
$deny_users = array_diff($users_granted, $_POST['users']);
if (count($deny_users) > 0) {
// if you forbid access to an album, all sub-album become automatically
// forbidden
$query = '
DELETE
FROM ' . USER_ACCESS_TABLE . '
WHERE user_id IN (' . implode(',', $deny_users) . ')
AND cat_id IN (' . implode(',', get_subcat_ids(array($page['cat']))) . ')
;';
pwg_query($query);
}
//
// add permissions to users
//
$grant_users = $_POST['users'];
if (count($grant_users) > 0) {
add_permission_on_category($page['cat'], $grant_users);
}
}
$page['infos'][] = l10n('Album updated successfully');
}
// +-----------------------------------------------------------------------+
// | template initialization |
if ($action == "checkimages") {
if (isset($HTTP_GET_VARS['cat']) || isset($HTTP_POST_VARS['cat'])) {
$cat = isset($HTTP_GET_VARS['cat']) ? intval($HTTP_GET_VARS['cat']) : intval($HTTP_POST_VARS['cat']);
} else {
$cat = 0;
}
if (isset($HTTP_GET_VARS['subcat']) || isset($HTTP_POST_VARS['subcat'])) {
$subcat = isset($HTTP_GET_VARS['subcat']) ? intval($HTTP_GET_VARS['subcat']) : intval($HTTP_POST_VARS['subcat']);
} else {
$subcat = 0;
}
if ($cat) {
$cats = array($cat);
if ($subcat) {
$subcat_ids = array();
get_subcat_ids($cat, $cat, $cat_parent_cache);
if (isset($subcat_ids[$cat])) {
$cats = array_merge($cats, $subcat_ids[$cat]);
}
}
$condition = "WHERE cat_id IN (" . implode(",", $cats) . ")";
} else {
$condition = "";
}
if (isset($HTTP_GET_VARS['imchksize']) || isset($HTTP_POST_VARS['imchksize'])) {
$imchksize = isset($HTTP_GET_VARS['imchksize']) ? intval($HTTP_GET_VARS['imchksize']) : intval($HTTP_POST_VARS['imchksize']);
if (!$imchksize) {
$imchksize = 25;
}
} else {
$imchksize = 50;
$page['sort_order'] = $_GET['sort_order'];
}
// number of items to display
//
$page['items_number'] = $conf['comments_page_nb_comments'];
if (isset($_GET['items_number'])) {
$page['items_number'] = $_GET['items_number'];
}
if (!is_numeric($page['items_number']) and $page['items_number'] != 'all') {
$page['items_number'] = 10;
}
$page['where_clauses'] = array();
// which category to filter on ?
if (isset($_GET['cat']) and 0 != $_GET['cat']) {
check_input_parameter('cat', $_GET, false, PATTERN_ID);
$category_ids = get_subcat_ids(array($_GET['cat']));
if (empty($category_ids)) {
$category_ids = array(-1);
}
$page['where_clauses'][] = 'category_id IN (' . implode(',', $category_ids) . ')';
}
// search a particular author
if (!empty($_GET['author'])) {
$page['where_clauses'][] = '(u.' . $conf['user_fields']['username'] . ' = \'' . $_GET['author'] . '\' OR author = \'' . $_GET['author'] . '\')';
}
// search a specific comment (if you're coming directly from an admin
// notification email)
if (!empty($_GET['comment_id'])) {
check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
// currently, the $_GET['comment_id'] is only used by admins from email
// for management purpose (validate/delete)
