Exemplo n.º 1
0
function isAllowedTo($permission = '')
{
    global $mybb, $lang;
    $permTitle = 'cannot_ezgallery_' . $permission;
    if (allowedTo($permission) == false) {
        fatal_error2($permTitle);
    }
}
Exemplo n.º 2
0
function ViewPicture()
{
    global $context, $db, $mybb, $gallerySettings, $lang, $config, $parser, $parser_options, $plugins;
    isAllowedTo('view');
    // Get the picture ID
    $id = intval($_REQUEST['id']);
    if (empty($id)) {
        fatal_error2($lang->gallery_error_no_pic_selected, false);
    }
    GalleryTopButtons();
    // Get the picture information
    $dbresult = $db->query("\n    SELECT \n    \tp.ID_PICTURE, p.width, p.height, p.allowcomments, p.ID_CAT, p.keywords, p.commenttotal, p.filesize, p.filename, p.approved, \n    \tp.views, p.title, p.ID_MEMBER, m.username, p.date, p.description, c.title CATNAME  \n    FROM " . TABLE_PREFIX . "gallery_pic as p\n    LEFT JOIN " . TABLE_PREFIX . "gallery_cat AS c ON (c.ID_CAT= p.ID_CAT) \n    LEFT JOIN " . TABLE_PREFIX . "users AS m ON (p.ID_MEMBER = m.uid) \n    WHERE p.ID_PICTURE = {$id}   LIMIT 1");
    $row = $db->fetch_array($dbresult);
    add_breadcrumb(htmlspecialchars_uni($row['CATNAME']), 'ezgallery.php?cat=' . $row['ID_CAT']);
    add_breadcrumb(htmlspecialchars_uni($row['title']), 'ezgallery.php?sa=view&id=' . $id);
    // Checked if they are allowed to view an unapproved picture.
    if ($row['approved'] == 0 && $mybb->user['uid'] != $row['ID_MEMBER']) {
        if (!allowedTo('manage')) {
            fatal_error2($lang->gallery_error_pic_notapproved, false);
        }
    }
    $plugins->run_hooks("gallery_view_picture_start");
    $context['linktree'][] = array('url' => 'ezgallery.php?cat=' . $row['ID_CAT'], 'name' => $row['CATNAME']);
    // Gallery picture information
    $context['gallery_pic'] = array('ID_PICTURE' => $row['ID_PICTURE'], 'ID_MEMBER' => $row['ID_MEMBER'], 'commenttotal' => $row['commenttotal'], 'views' => $row['views'], 'title' => $row['title'], 'description' => $row['description'], 'filesize' => $row['filesize'], 'filename' => $row['filename'], 'width' => $row['width'], 'height' => $row['height'], 'allowcomments' => $row['allowcomments'], 'ID_CAT' => $row['ID_CAT'], 'date' => my_date($mybb->settings['dateformat'], $row['date']), 'keywords' => $row['keywords'], 'username' => $row['username'], 'username' => $row['username']);
    // Update the number of views.
    $dbresult = $db->query("UPDATE " . TABLE_PREFIX . "gallery_pic\n\t\tSET views = views + 1 WHERE ID_PICTURE = {$id} LIMIT 1");
    $context['page_title'] = $context['gallery_pic']['title'];
    gallery_header();
    if (!empty($gallerySettings['gallery_who_viewing'])) {
        $context['can_moderate_forum'] = allowedTo('manage');
        // Start out with no one at all viewing it.
        $context['view_members'] = array();
        $context['view_members_list'] = array();
        $context['view_num_hidden'] = 0;
        $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins'] * 60;
        // Search for members who have this picture id set in their GET data.
        $request = $db->query("SELECT\n\t\t\t\t\t\tlo.uid, lo.time, mem.username, mem.invisible,\n\t\t\t\t\t\tmg.namestyle, mg.gid, mg.title\n\t\t\t\t\tFROM (" . TABLE_PREFIX . "sessions AS lo)\n\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "users AS mem ON (mem.uid = lo.uid)\n\t\t\t\t\t\tLEFT JOIN " . TABLE_PREFIX . "usergroups AS mg ON (mem.usergroup = mg.gid)\n\t\t\t\t\tWHERE INSTR(lo.location, 'ezgallery.php?action=view&id={$id}') AND lo.time > {$timesearch}");
        while ($row = $db->fetch_array($request)) {
            if (empty($row['uid'])) {
                continue;
            }
            if (!empty($row['namestyle'])) {
                $link = '<a href="member.php?action=profile&uid=' . $row['uid'] . '">' . str_replace("{username}", $row['username'], $row['namestyle']) . '</a>';
            } else {
                $link = '<a href="member.php?action=profile&uid=' . $row['uid'] . '">' . $row['username'] . '</a>';
            }
            // Add them both to the list and to the more detailed list.
            if (empty($row['invisible'])) {
                $context['view_members_list'][$row['time'] . $row['username']] = !empty($row['invisible']) ? '<i>' . $link . '</i>' : $link;
            }
            $context['view_members'][$row['time'] . $row['username']] = array('id' => $row['uid'], 'username' => $row['username'], 'name' => $row['username'], 'group' => $row['gid'], 'href' => 'member.php?action=profile&uid=' . $row['uid'], 'link' => $link, 'hidden' => !empty($row['invisible']));
            if (!empty($row['invisible'])) {
                $context['view_num_hidden']++;
            }
        }
        // The number of guests is equal to the rows minus the ones we actually used ;).
        $context['view_num_guests'] = $db->num_rows($request) - count($context['view_members']);
        // Sort the list.
        krsort($context['view_members']);
        krsort($context['view_members_list']);
    }
    $dbresult = $db->query("\n\t\tSELECT \n\t\t\tc.ID_PICTURE,  c.ID_COMMENT, c.date, c.comment, c.ID_MEMBER, m.postnum, m.username, m.avatar  \n\t\t\tFROM " . TABLE_PREFIX . "gallery_comment as c\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "users AS m ON (c.ID_MEMBER = m.uid) \n\t\tWHERE   c.ID_PICTURE = " . $context['gallery_pic']['ID_PICTURE'] . " ORDER BY c.ID_COMMENT DESC");
    $context['gallery_comment_list'] = array();
    while ($row = $db->fetch_array($dbresult)) {
        $context['gallery_comment_list'][] = $row;
    }
    $context['gallery_comment_count'] = count($context['gallery_comment_list']);
    $plugins->run_hooks("gallery_view_picture_finish");
    // Load permissions
    $g_manage = allowedTo('manage');
    $g_edit_own = allowedTo('edit');
    $g_delete_own = allowedTo('delete');
    // Keywords
    $keywords = explode(' ', $context['gallery_pic']['keywords']);
    $keywordscount = count($keywords);
    echo '<table border="0" cellspacing="0" cellpadding="4" align="center" width="90%" class="tborder" >
					<tr class="tcat">
						<td align="center">&nbsp;</td>
					</tr>
					</table>
				<table border="0" cellpadding="0" cellspacing="0" align="center" width="90%">
						<tr>
							<td style="padding-right: 1ex;" align="right" >
						<table cellpadding="0" cellspacing="0" align="right">
									<tr>
						', DoToolBarStrip($context['gallery']['buttons'], 'top'), '
							</tr>
							</table>
						</td>
						</tr>
					</table>
				<br />';
    echo '<br /><table cellspacing="0" cellpadding="10" border="0" align="center" width="90%" class="tborder">
			<tr class="tcat">
				<td align="center">' . $context['gallery_pic']['title'] . '</td>
			</tr>
			<tr class="trow2">
				<td align="center"><img height="' . $context['gallery_pic']['height'] . '" width="' . $context['gallery_pic']['width'] . '" src="' . $gallerySettings['gallery_url'] . $context['gallery_pic']['filename'] . '" alt="" /></td>
			</tr>
			<tr class="trow2">

				<td>
				<b>' . $lang->gallery_form_description . ' </b>' . $parser->parse_message($context['gallery_pic']['description'], $parser_options) . '
				<hr />
				' . $lang->gallery_text_picstats . '<br />

				' . $lang->gallery_text_views . $context['gallery_pic']['views'] . '<br />
				' . $lang->gallery_text_filesize . gallery_format_size($context['gallery_pic']['filesize'], 2) . '<br />
				' . $lang->gallery_text_height . ' ' . $context['gallery_pic']['height'] . '  ' . $lang->gallery_text_width . ' ' . $context['gallery_pic']['width'] . '<br />
				';
    if (!empty($context['gallery_pic']['keywords'])) {
        echo $lang->gallery_form_keywords . ' ';
        for ($i = 0; $i < $keywordscount; $i++) {
            echo '<a href="ezgallery.php?action=search2&key=' . $keywords[$i] . '">' . $keywords[$i] . '</a>&nbsp;';
        }
        echo '<br />';
    }
    if ($context['gallery_pic']['username'] != '') {
        echo $lang->gallery_text_postedby . '<a href="member.php?action=profile&uid=' . $context['gallery_pic']['ID_MEMBER'] . '">' . $context['gallery_pic']['username'] . '</a>' . $lang->gallery_at . $context['gallery_pic']['date'] . '<br /><br />';
    } else {
        echo $lang->gallery_text_postedby . $lang->gallery_guest . $lang->gallery_at . $context['gallery_pic']['date'] . '<br /><br />';
    }
    // Show image linking codes
    if ($gallerySettings['gallery_set_showcode_bbc_image'] || $gallerySettings['gallery_set_showcode_directlink'] || $gallerySettings['gallery_set_showcode_htmllink']) {
        echo '<b>', $lang->gallery_txt_image_linking, '</b><br />
					<table border="0">
					';
        if ($gallerySettings['gallery_set_showcode_bbc_image']) {
            echo '<tr><td width="30%">', $lang->gallery_txt_bbcimage, '</td><td> <input type="text" value="[img]' . $gallerySettings['gallery_url'] . $context['gallery_pic']['filename'] . '[/img]" size="50" /></td></tr>';
        }
        if ($gallerySettings['gallery_set_showcode_directlink']) {
            echo '<tr><td width="30%">', $lang->gallery_txt_directlink, '</td><td> <input type="text" value="' . $gallerySettings['gallery_url'] . $context['gallery_pic']['filename'] . '" size="50" /></td></tr>';
        }
        if ($gallerySettings['gallery_set_showcode_htmllink']) {
            echo '<tr><td width="30%">', $lang->gallery_set_showcode_htmllink, '</td><td> <input type="text" value="<img src=&#34;' . $gallerySettings['gallery_url'] . $context['gallery_pic']['filename'] . '&#34; />" size="50" /></td></tr>';
        }
        echo '</table>';
    }
    // Show edit picture links if allowed
    if ($g_manage) {
        echo '&nbsp;<a href="' . $mybb->settings['bburl'] . '/' . $config['admin_dir'] . '/index.php?module=config/ezgallery&action=unapprove&id=' . $context['gallery_pic']['ID_PICTURE'] . '">' . $lang->gallery_text_unapprove . '</a>';
    }
    if ($g_manage || $g_edit_own && $context['gallery_pic']['ID_MEMBER'] == $mybb->user['uid']) {
        echo '&nbsp;<a href="ezgallery.php?action=edit&id=' . $context['gallery_pic']['ID_PICTURE'] . '">' . $lang->gallery_text_edit . '</a>';
    }
    if ($g_manage || $g_delete_own && $context['gallery_pic']['ID_MEMBER'] == $mybb->user['uid']) {
        echo '&nbsp;<a href="ezgallery.php?action=delete&id=' . $context['gallery_pic']['ID_PICTURE'] . '">' . $lang->gallery_text_delete . '</a>';
    }
    // Show report picture link
    if (allowedTo('report')) {
        echo '&nbsp;<a href="ezgallery.php?action=report&id=' . $context['gallery_pic']['ID_PICTURE'] . '">' . $lang->gallery_text_reportpicture . '</a>';
    }
    echo '
				</td>
			</tr>';
    // Display who is viewing the picture.
    if (!empty($gallerySettings['gallery_who_viewing'])) {
        echo '<tr>
			<td align="center" class="trow2"><span class="smalltext">';
        // Show just numbers...?
        // show the actual people viewing the topic?
        echo empty($context['view_members_list']) ? '0 ' . $lang->gallery_who_members : implode(', ', $context['view_members_list']) . (empty($context['view_num_hidden']) || $context['can_moderate_forum'] ? '' : ' (+ ' . $context['view_num_hidden'] . ' ' . $lang->gallery_who_hidden . ')');
        // Now show how many guests are here too.
        echo $lang->who_and, @$context['view_num_guests'], ' ', @$context['view_num_guests'] == 1 ? $lang->guest : $lang->guests, $lang->gallery_who_viewpicture, '</span></td></tr>';
    }
    echo '
		</table><br />';
    //Check if allowed to display comments for this picture
    if ($context['gallery_pic']['allowcomments']) {
        //Show comments
        echo '<table cellspacing="0" cellpadding="10" border="0" align="center" width="90%" class="tborder">
				<tr class="tcat">
					<td align="center" colspan="2">' . $lang->gallery_text_comments . '</td>
				</tr>';
        if (allowedTo('comment')) {
            //Show Add Comment
            echo '
				<tr class="tcat"><td colspan="2">
				<a href="ezgallery.php?action=comment&id=' . $context['gallery_pic']['ID_PICTURE'] . '">' . $lang->gallery_text_addcomment . '</a></td>
				</tr>';
        }
        // Display all user comments
        $comment_count = $context['gallery_comment_count'];
        foreach ($context['gallery_comment_list'] as $row) {
            echo '<tr class="trow1">';
            // Display member info
            echo '<td width="10%" valign="top">';
            if (empty($row['ID_MEMBER'])) {
                echo $lang->gallery_guest;
            } else {
                echo '
			<a href="member.php?action=profile&uid=' . $row['ID_MEMBER'] . '">' . $row['username'] . '</a><br />
			<span class="smalltext">' . $lang->gallery_text_posts . ' ' . $row['postnum'] . '</span><br />';
            }
            // Display the users avatar
            if (!empty($row['avatar'])) {
                echo '<img src="' . $row['avatar'] . '" alt="" />';
            }
            echo '
			</td>';
            // Display the comment
            echo '<td width="90%"><span class="smalltext">' . my_date($mybb->settings['dateformat'], $row['date']) . '</span><hr />';
            echo $parser->parse_message($row['comment'], $parser_options);
            // Check if the user is allowed to delete the comment.
            if ($g_manage) {
                echo '<br /><a href="' . $mybb->settings['bburl'] . '/' . $config['admin_dir'] . '/index.php?module=config/ezgallery&action=delcomment&id=' . $row['ID_COMMENT'] . '">' . $lang->gallery_text_delcomment . '</a>';
            }
            echo '</td>';
            echo '</tr>';
        }
        // Show Add Comment link again if there are more than one comment
        if (allowedTo('comment') && $comment_count != 0) {
            // Show Add Comment
            echo '
				<tr class="tcat">
					<td colspan="2">
					<a href="ezgallery.php?action=comment&id=' . $context['gallery_pic']['ID_PICTURE'] . '">' . $lang->gallery_text_addcomment . '</a>
					</td>
				</tr>';
        }
        echo '</table><br />';
    }
    // Link back to the gallery index
    echo '<div align="center"><a href="ezgallery.php">' . $lang->gallery_text_returngallery . '</a></div><br />';
    //GalleryCopyright();
    gallery_footer();
}