static function checkPerm($perm)
{
global $db;
if (Permissions::isAnon()) {
return false;
}
if (Permissions::isAdmin()) {
return true;
}
$session = Session::singletone();
$q = $db->prepare("SELECT permission FROM phph_permissions WHERE permission = ? AND user_id = ?");
if (PEAR::isError($q)) {
die($q->getMessage());
}
$r = $db->execute($q, array($perm, $session->_uid));
if (PEAR::isError($r)) {
die($r->getMessage());
}
if ($r->numRows() > 0) {
return true;
}
$q = $db->prepare("SELECT permission FROM phph_permissions WHERE permission = ? AND group_id IN (SELECT group_id FROM phph_group_users WHERE user_id = ?)");
if (PEAR::isError($q)) {
die($q->getMessage());
}
$r = $db->execute($q, array($perm, $session->_uid));
if (PEAR::isError($r)) {
die($r->getMessage());
}
if ($r->numRows() > 0) {
return true;
}
return false;
}
static function url($action, $attrs = array(), $script = "index.php")
{
$s = Config::get("site_url") . "/{$script}?action={$action}";
$s = Session::singletone()->addSID($s);
//$ref = self::pg("ref");
//if (!empty($ref))
// $s .= "&ref=" . htmlspecialchars(urlencode($ref));
foreach ($attrs as $id => $val) {
$s .= htmlspecialchars("&{$id}=" . urlencode($val));
}
return $s;
}
<?php
// $Id$
set_include_path(get_include_path() . ":../");
require_once "includes/session.php";
require_once "includes/utils.php";
require_once "includes/permissions.php";
require_once "includes/photo.php";
$session = Session::singletone();
if ($session->requireLogin()) {
exit;
}
if (!Permissions::checkPerm('admin_panel')) {
die("Permission denied.");
}
if (!Permissions::checkPerm('delete_photos')) {
die("Permission denied.");
}
$ref = urldecode(Utils::pg("ref"));
$pid = urldecode(Utils::pg("pid"));
if (empty($pid)) {
die;
}
$photo = new Photo($pid);
$photo->remove();
header("Location: {$ref}");
ini_restore('include_path');
function update($title, $text)
{
$session = Session::singletone();
if ($this->_dbo->comment_title == $title && $this->_dbo->comment_text == $text) {
return;
}
$o_title = $this->_dbo->comment_title;
$o_text = $this->_dbo->comment_text;
$this->_dbo->comment_title = $title;
$this->_dbo->comment_text = $text;
$this->_dbo->update();
$photo = new Photo($this->_dbo->photo_id);
if ($photo->_dbo->user_id != $session->_uid) {
$user = new User($session->_uid);
$to_name = $photo->_user->user_login;
$photo_title = $photo->_dbo->photo_title;
$author = $user->_dbo->user_login;
$body = <<<EOT
Witaj {$to_name},
Uytkownik {$author} wyedytowa komentarz do Twojego zdj�ia "{$photo_title}".
Obecna tre�komentarza:
{$title}
{$text}
----
Poprzednia tre�komentarza:
{$o_title}
{$o_text}
--
Ten email zosta wysany automatycznie. Prosimy nie odpowiada�
EOT;
Utils::mail("Komentarz do Twojego zdj�ia \"{$photo_title}\" zosta zmieniony.", $body, $photo->_user->user_email, $photo->_user->user_name);
}
if ($this->_dbo->user_id != $session->_uid) {
$user = new User($session->_uid);
$to_name = $this->_user->user_login;
$photo_title = $photo->_dbo->photo_title;
$author = $user->_dbo->user_login;
$body = <<<EOT
Witaj {$to_name},
Uytkownik {$author} wyedytowa Tw� komentarz do zdj�ia "{$photo_title}".
Obecna tre�komentarza:
{$title}
{$text}
----
Poprzednia tre�komentarza:
{$o_title}
{$o_text}
--
Ten email zosta wysany automatycznie. Prosimy nie odpowiada�
EOT;
Utils::mail("Tw� komentarz do zdj�ia \"{$photo_title}\" zosta zmieniony.", $body, $this->_user->user_email, $this->_user->user_name);
}
}
function login($login, $pass)
{
$session = Session::singletone();
$db = Database::singletone()->db();
$sth = $db->prepare("SELECT * FROM phph_users WHERE user_login = :login AND user_pass = :pass");
$sth->bindParam(":login", $login);
$sth->bindValue(":pass", md5($pass));
$sth->execute();
if (!($this->_dbdata = $sth->fetch())) {
throw new Exception("Nieudane logowanie.");
}
$sth = null;
$this->_orig_dbdata = $this->_dbdata;
$this->updateLastLogin();
$this->_uid = $this->_dbdata['user_id'];
$session->_uid = $this->_dbdata['user_id'];
$session->newSession();
}
function getLogins()
{
$session = Session::singletone();
$db = Database::singletone()->db();
$sth = $db->prepare("SELECT user_login FROM phph_users ORDER BY user_login");
$sth->execute();
while ($row = $sth->fetch()) {
$this->_response->appendChild($this->_dom->createElement('login', $row['user_login']));
}
$this->success();
}
function addMember($user)
{
$db = Database::singletone()->db();
if ($this->isMember($user->uid())) {
throw new Exception(_T("Użytkownik jest już członkiem tej grupy."));
}
$sth = $db->prepare('INSERT INTO phph_group_members (user_id, group_id, added_by, add_time) VALUES (:user_id, :group_id, :added_by, :add_time)');
$sth->bindValue(':user_id', $user->uid());
$sth->bindValue(':group_id', $this->gid());
$sth->bindValue(':added_by', Session::singletone()->uid());
$sth->bindValue(':add_time', time());
$sth->execute();
$sth = null;
$user->addToGroup($this, false);
$this->updateDBData();
}
function save()
{
$db = Database::singletone()->db();
$parent = $this->dbdata('category_parent', 0);
$o_parent = $this->origDBData('category_parent', 0);
if ($this->dbdata('category_name') != $this->origDBData('category_name') || $parent != $o_parent) {
if ($parent > 0) {
$sth = $db->prepare('SELECT COUNT(*) FROM phph_categories WHERE category_name = :category_name AND category_parent = :parent');
$sth->bindParam(':parent', $parent);
} else {
$sth = $db->prepare('SELECT COUNT(*) FROM phph_categories WHERE category_name = :category_name AND category_parent IS NULL');
}
$sth->bindValue(':category_name', $this->dbdata('category_name'));
$sth->execute();
$r = $sth->fetchColumn(0);
$sth = null;
if ($r > 0) {
throw new Exception(_T('Kategoria o tej nazwie już istnieje.'));
}
}
if ($this->cid() == 0 || $parent != $o_parent) {
if ($parent > 0) {
$sth = $db->prepare("SELECT IFNULL(MAX(category_order), 0) AS ord FROM phph_categories WHERE category_parent = :parent");
$sth->bindParam(':parent', $parent);
} else {
$sth = $db->prepare("SELECT IFNULL(MAX(category_order), 0) AS ord FROM phph_categories WHERE category_parent IS NULL");
}
$sth->execute();
$this->setDBData('category_order', $sth->fetchColumn(0) + 1);
$sth = null;
}
if ($this->cid() == 0) {
$sth = $db->prepare('INSERT INTO phph_categories ' . '(category_name, category_description, category_created, category_creator, category_parent, category_order) ' . 'VALUES ' . '(:category_name, :category_description, :category_created, :category_creator, :category_parent, :category_order)');
$sth->bindValue(':category_created', time());
$sth->bindValue(':category_creator', Session::singletone()->uid());
} else {
$sth = $db->prepare('UPDATE phph_categories SET ' . 'category_name = :category_name, ' . 'category_description = :category_description, ' . 'category_order = :category_order, ' . 'category_parent = :category_parent ' . 'WHERE category_id = :category_id');
$sth->bindValue(':category_id', $this->cid());
}
$sth->bindValue(":category_name", $this->dbdata('category_name'));
$sth->bindValue(":category_description", $this->dbdata('category_description'));
$sth->bindValue(":category_order", $this->dbdata('category_order'));
if (empty($parent)) {
$parent = null;
}
$sth->bindParam(":category_parent", $parent);
$sth->execute();
if ($this->cid() == 0) {
$this->_cid = $db->lastInsertId();
}
$sth = null;
$this->updateDBData();
}
function addComment($title, $text)
{
$session = Session::singletone();
$dbo = DB_DataObject::Factory("phph_comments");
if (PEAR::isError($dbo)) {
throw new Exception2(_INTERNAL_ERROR, $dbo->getMessage());
}
$dbo->comment_title = $title;
$dbo->comment_text = $text;
$dbo->photo_id = $this->_pid;
$dbo->comment_date = time();
$dbo->user_id = $session->_uid;
$dbo->insert();
if ($this->_dbo->user_id != $session->_uid) {
$user = new User($session->_uid);
$to_name = $this->_user->user_login;
$photo_title = $this->_dbo->photo_title;
$author = $user->_dbo->user_login;
$body = <<<EOT
Witaj {$to_name},
U¿ytkownik {$author} doda³ do Twojego zdjêcia "{$photo_title}" komentarz. Poni¿ej znajduje siê tre¶æ komentarza:
{$title}
{$text}
--
Ten email zosta³ wys³any automatycznie. Prosimy nie odpowiadaæ.
EOT;
Utils::mail("Nowy komentarz do Twojego zdjêcia \"{$photo_title}\".", $body, $this->_user->user_email, $this->_user->user_name);
}
}
function moderationXML($xml, $name = 'moderation')
{
$db = Database::singletone()->db();
$session = Session::singletone();
$this->moderation();
$status = 'waiting';
if ($this->dbdata('moderation_id', 0) > 0) {
$moder = new PhotoModeration($this->dbdata('moderation_id'));
$status = $moder->dbdata('moderation_mode');
}
$el = $xml->createElement($name);
$el->setAttribute('status', $status);
foreach ($this->_moderation as $moder) {
$el->appendChild($moder->xml($xml));
}
return $el;
}
function action_postcomment()
{
global $ref;
$session = Session::singletone();
if ($session->requireLogin(false)) {
header("Location: {$ref}");
exit;
}
$pid = Utils::p('pid');
$photo = new Photo($pid);
$photo->addComment($_POST['comment_title'], $_POST['comment_text']);
header("Location: {$ref}");
exit;
}
function __construct($action)
{
if (!$this->supported($action)) {
$this->_valid = false;
$this->_status_code = 404;
return;
}
$this->_template_vars = array();
$this->_url = Config::get("site_url");
//$this->_ref = Utils::secureHeaderData($_SERVER['HTTP_REFERER']);
$this->_ref = Utils::secureHeaderData(Utils::pg("ref"));
$this->_action = $action;
$this->_main_template = "index.tpl";
$this->_session = Session::singletone();
$this->_smarty = new PhphSmarty($this->_action);
$this->setTemplateVar('ref', $this->_ref);
$this->setTemplateVar('base_url', $this->_url);
$this->setTemplateVar('ajax_http_method', Config::get('ajax-http-method', 'POST'));
$this->setTemplateVar('self', Utils::selfURL());
$this->setTemplateVar('action', $this->_action);
$this->setTemplateVar('is_superuser', $this->session()->isAdmin());
$this->_templates = array();
// action => template, default: action => action.tpl
$this->_actions = array();
// action => function, default: action => $this->_action()
$this->_default_page = 0;
$this->_default_count = 20;
$args = array();
foreach ($_GET as $id => $val) {
$args[$id] = $val;
}
foreach ($_POST as $id => $val) {
$args[$id] = $val;
}
$this->setTemplateVar('_ARGS', $args);
$this->setTemplateVar('_POST', $_POST);
$this->setTemplateVar('_GET', $_GET);
$this->_db = Database::singletone()->db();
if (!empty($this->_templates[$this->_action])) {
$this->_template = $this->_templates[$this->_action];
} else {
$this->_template = $this->_action . ".tpl";
}
if (!empty($this->_actions[$this->_action])) {
$this->_action_fn = $this->_actions[$this->_action];
} else {
$this->_action_fn = '$this->_' . $this->_action;
}
$this->_action_fn = str_replace("-", "_", $this->_action_fn);
$this->_action_fn = str_replace("_>", "->", $this->_action_fn);
$this->_smarty->register_function('url', 'smarty_url');
$this->_smarty->register_function('full_url', 'smarty_full_url');
$this->_smarty->register_function('decode_ip', 'smarty_decode_ip');
$this->_valid = true;
/*
$this->_templates = array(
'index' => 'index.tpl',
'view' => 'view.tpl',
'categories' => 'categories.tpl',
'category' => 'category.tpl',
'user' => 'user.tpl',
'register' => 'register-form.tpl',
'registered' => 'registered.tpl',
'reg-disabled' => 'reg-disabled.tpl',
'activate' => 'activation.tpl',
'login' => 'login.tpl'
);
*/
}
function renderContent() {
$comments = $this->_photo->getComments();
$session = Session::singletone();
if (!empty($comments)) {
foreach ($comments as $cmnt) {
?>
<div class="a_comment">
<div class="a_comment_hdr"><?=htmlspecialchars($cmnt->_dbo->comment_title)?></div>
<div class="a_comment_text">
<div class="a_table_list_details"><?=htmlspecialchars($cmnt->_user->user_login)?>, <?=Utils::formatTime($cmnt->_dbo->comment_date)?></div>
<?=nl2br(htmlspecialchars($cmnt->_dbo->comment_text))?>
</div>
<div class="a_comment_actions">
<?php if ($cmnt->_dbo->user_id == $session->_uid || Permissions::checkPermAndLevel('edit_comments', $cmnt->_dbo->user_id)) { ?>
<a href="<?php echo HTML::addRef($session->addSID("edit_comment.php?cmid=" . $cmnt->_cmid));?>" title="Edytuj komentarz"><?php HTML::img("edit.gif", "Edytuj komentarz"); ?></a>
<? } ?>
<?php if ($cmnt->_dbo->user_id == $session->_uid || Permissions::checkPermAndLevel('delete_comments', $cmnt->_dbo->user_id)) { ?>
<a href="<?php echo HTML::addRef($session->addSID("remove_comment.php?cmid=" . $cmnt->_cmid));?>" onclick='return confirm("Czy na pewno usun±æ komentarz?");' title="Usuñ komentarz"><?php HTML::img("trash.gif", "Usuñ komentarz"); ?></a>
<?php } ?>
</div>
</div>
<?php
}
} else {
?>
<div class="a_comment">Brak komentarzy.</div>
<?php
}
}
function login($login, $pass)
{
$session = Session::singletone();
$this->_dbo = DB_DataObject::Factory('phph_users');
if (PEAR::isError($this->_dbo)) {
throw new Exception2(_INTERNAL_ERROR, $this->_dbo->getMessage());
}
$this->_dbo->user_login = $login;
$this->_dbo->user_pass = md5($pass);
$r = $this->_dbo->find();
if (PEAR::isError($r)) {
throw new Exception2(_INTERNAL_ERROR, $r->getMessage());
}
if ($r == 0) {
throw new Exception2(_LOGIN_FAILED, "");
}
$r = $this->_dbo->fetch();
if (PEAR::isError($r)) {
throw new Exception2(_INTERNAL_ERROR, $r->getMessage());
}
$this->_dbo->user_lastlogin = time();
$this->_dbo->update();
$this->_uid = $this->_dbo->user_id;
$session->_uid = $this->_dbo->user_id;
$session->newSession();
}
