function MG_saveMedia($album_id, $actionURL = '')
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03;
// check permissions...
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
if (DB_error() != 0) {
echo COM_errorLog("Media Gallery - Error retrieving album cover.");
}
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access != 3 && !SEC_hasRights('mediagallery.admin')) {
COM_errorLog("Someone has tried to illegally manage (save) Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
$numItems = count($_POST['mid']);
for ($i = 0; $i < $numItems; $i++) {
$media[$i]['mid'] = $_POST['mid'][$i];
$media[$i]['seq'] = $_POST['seq'][$i];
$media[$i]['oldseq'] = $_POST['oldseq'][$i];
$media[$i]['title'] = COM_stripslashes($_POST['mtitle'][$i]);
$media[$i]['description'] = COM_stripslashes($_POST['mdesc'][$i]);
$media[$i]['include_ss'] = $_POST['ss'][$i];
$media[$i]['keywords'] = COM_stripslashes($_POST['mkeywords'][$i]);
$media[$i]['cat_id'] = $_POST['cat_id'][$i];
}
for ($i = 0; $i < $numItems; $i++) {
$media_title_safe = substr($media[$i]['title'], 0, 254);
if ($_MG_CONF['htmlallowed'] != 1) {
$media_title = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_title_safe))));
$media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media[$i]['description']))));
} else {
$media_title = addslashes($media_title_safe);
$media_desc = addslashes($media[$i]['description']);
}
if ($media[$i]['include_ss'] == 1) {
$ss = 1;
} else {
$ss = 0;
}
$media_keywords_safe = substr($media[$i]['keywords'], 0, 254);
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
$cat_id = $media[$i]['cat_id'];
$sql = "UPDATE {$_TABLES['mg_media']} SET media_title='" . $media_title . "',media_desc='" . $media_desc . "',include_ss=" . intval($ss) . ",media_keywords='" . $media_keywords . "',media_category=" . $cat_id . " WHERE media_id='" . addslashes($media[$i]['mid']) . "'";
DB_query($sql);
$sql = "UPDATE {$_TABLES['mg_media_albums']}" . " SET media_order=" . intval($media[$i]['seq']) . " WHERE album_id=" . intval($album_id) . " AND media_id='" . addslashes($media[$i]['mid']) . "'";
DB_query($sql);
PLG_itemSaved($media[$i]['mid'], 'mediagallery');
}
MG_reorderMedia($album_id);
// Now do the album cover...
$cover = isset($_POST['cover']) ? COM_applyFilter($_POST['cover'], true) : 0;
if ($cover == 0) {
$cover = -1;
}
// get the filename
// we need to fix this so that it pulls the whole media record, if it is a video / audio file
// we need to see if a thumbnail is attached and then act properly.
if ($cover != -1) {
$sql = "SELECT media_type,media_tn_attached,media_filename " . "FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($cover) . "'";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$row = DB_fetchArray($result);
switch ($row['media_type']) {
case 0:
// image
if ($row['media_tn_attached'] == 1) {
$coverFilename = 'tn_' . $row['media_filename'];
} else {
$coverFilename = $row['media_filename'];
}
break;
default:
// we will treat all the non image media the same...
if ($row['media_tn_attached'] == 1) {
$coverFilename = 'tn_' . $row['media_filename'];
} else {
$coverFilename = '';
}
}
}
if ($coverFilename != '') {
DB_change($_TABLES['mg_albums'], 'album_cover', addslashes($cover), 'album_id', intval($album_id));
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $coverFilename, 'album_id', intval($album_id));
}
}
if ($cover == -2) {
// reset
MG_resetAlbumCover($album_id);
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildAlbumRSS($album_id);
echo COM_refresh($actionURL);
exit;
}
/**
* deletes specified album and moves contents if target_id not 0
*
* @param int album_id album_id to delete
* @param int target_id album id of where to move the delted albums contents
* @return string HTML
*
*/
function MG_deleteAlbum($album_id, $target_id, $actionURL = '')
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01;
$album = new mgAlbum($album_id);
if ($actionURL == '') {
$actionURL = $_CONF['site_admin_url'] . '/plugins/mediagallery/index.php';
}
// need to check perms here...
if ($album->access != 3) {
COM_errorLog("MediaGallery: Someone has tried to illegally delete an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
if ($target_id == 0) {
// Delete all images -- need to recurse through all sub-albums...
MG_deleteChildAlbums($album_id);
} else {
// move the stuff to another album...
// add a check to make sure we have edit rights to the target album...
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($target_id);
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows <= 0) {
COM_errorLog("MediaGallery: Deleting Album - ERROR - Target albums does not exist");
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
$row = DB_fetchArray($result);
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access != 3 && !SEC_hasRights('mediagallery.admin')) {
COM_errorLog("MediaGallery: User attempting to move to an album that user does not have privelges too!");
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
DB_change($_TABLES['mg_media_albums'], 'album_id', intval($target_id), 'album_id', intval($album_id));
DB_change($_TABLES['mg_albums'], 'album_parent', intval($target_id), 'album_parent', intval($album_id));
DB_delete($_TABLES['mg_albums'], 'album_id', intval($album_id));
// update the media_count and thumbnail image for this album....
$dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', intval($target_id));
DB_change($_TABLES['mg_albums'], 'media_count', $dbCount, 'album_id', intval($target_id));
MG_resetAlbumCover($target_id);
}
// check and see if we need to reset the member_gallery flag...
if ($_MG_CONF['member_albums'] == 1 && $album->parent == $_MG_CONF['member_album_root']) {
$c = DB_count($_TABLES['mg_albums'], array('owner_id', 'album_parent'), array($album->owner_id, $album->parent));
if ($c == 0) {
DB_change($_TABLES['mg_userprefs'], 'member_gallery', 0, 'uid', $album->owner_id);
}
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
if ($target_id != 0) {
MG_buildAlbumRSS($target_id);
}
echo COM_refresh($actionURL);
exit;
}