}
if (!empty($_POST['filename'])) {
$search['fields']['filename'] = str_replace('*', '%', pwg_db_real_escape_string($_POST['filename']));
}
if (!empty($_POST['ip'])) {
$search['fields']['ip'] = str_replace('*', '%', pwg_db_real_escape_string($_POST['ip']));
}
check_input_parameter('display_thumbnail', $_POST, false, '/^(' . implode('|', array_keys($display_thumbnails)) . ')$/');
$search['fields']['display_thumbnail'] = $_POST['display_thumbnail'];
// Display choise are also save to one cookie
if (!empty($_POST['display_thumbnail']) and isset($display_thumbnails[$_POST['display_thumbnail']])) {
$cookie_val = $_POST['display_thumbnail'];
} else {
$cookie_val = null;
}
pwg_set_cookie_var('display_thumbnail', $cookie_val, strtotime('+1 month'));
// TODO manage inconsistency of having $_POST['image_id'] and
// $_POST['filename'] simultaneously
if (!empty($search)) {
// register search rules in database, then they will be available on
// thumbnails page and picture page.
$query = '
INSERT INTO ' . SEARCH_TABLE . '
(rules)
VALUES
(\'' . pwg_db_real_escape_string(serialize($search)) . '\')
;';
pwg_query($query);
$search_id = pwg_db_insert_id(SEARCH_TABLE);
redirect(PHPWG_ROOT_PATH . 'admin.php?page=history&search_id=' . $search_id);
} else {
/**
* Rate a picture by the current user.
*
* @param int $image_id
* @param float $rate
* @return array as return by update_rating_score()
*/
function rate_picture($image_id, $rate)
{
global $conf, $user;
if (!isset($rate) or !$conf['rate'] or !preg_match('/^[0-9]+$/', $rate) or !in_array($rate, $conf['rate_items'])) {
return false;
}
$user_anonymous = is_autorize_status(ACCESS_CLASSIC) ? false : true;
if ($user_anonymous and !$conf['rate_anonymous']) {
return false;
}
$ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
if (count($ip_components) > 3) {
array_pop($ip_components);
}
$anonymous_id = implode('.', $ip_components);
if ($user_anonymous) {
$save_anonymous_id = pwg_get_cookie_var('anonymous_rater', $anonymous_id);
if ($anonymous_id != $save_anonymous_id) {
// client has changed his IP adress or he's trying to fool us
$query = '
SELECT element_id
FROM ' . RATE_TABLE . '
WHERE user_id = ' . $user['id'] . '
AND anonymous_id = \'' . $anonymous_id . '\'
;';
$already_there = array_from_query($query, 'element_id');
if (count($already_there) > 0) {
$query = '
DELETE
FROM ' . RATE_TABLE . '
WHERE user_id = ' . $user['id'] . '
AND anonymous_id = \'' . $save_anonymous_id . '\'
AND element_id IN (' . implode(',', $already_there) . ')
;';
pwg_query($query);
}
$query = '
UPDATE ' . RATE_TABLE . '
SET anonymous_id = \'' . $anonymous_id . '\'
WHERE user_id = ' . $user['id'] . '
AND anonymous_id = \'' . $save_anonymous_id . '\'
;';
pwg_query($query);
}
// end client changed ip
pwg_set_cookie_var('anonymous_rater', $anonymous_id);
}
// end anonymous user
$query = '
DELETE
FROM ' . RATE_TABLE . '
WHERE element_id = ' . $image_id . '
AND user_id = ' . $user['id'] . '
';
if ($user_anonymous) {
$query .= ' AND anonymous_id = \'' . $anonymous_id . '\'';
}
pwg_query($query);
$query = '
INSERT
INTO ' . RATE_TABLE . '
(user_id,anonymous_id,element_id,rate,date)
VALUES
(' . $user['id'] . ',' . '\'' . $anonymous_id . '\',' . $image_id . ',' . $rate . ',NOW())
;';
pwg_query($query);
return update_rating_score($image_id);
}
