function process_post_data() { global $CONFIG, $mb_utf8_regex; global $lang_errors, $lang_editpics_php; $pid = (int) $_POST['id']; $aid = (int) $_POST['aid']; $pwidth = (int) $_POST['pwidth']; $pheight = (int) $_POST['pheight']; $title = $_POST['title']; $caption = $_POST['caption']; $keywords = $_POST['keywords']; $user1 = $_POST['user1']; $user2 = $_POST['user2']; $user3 = $_POST['user3']; $user4 = $_POST['user4']; $galleryicon = (int) $_POST['galleryicon']; $isgalleryicon = $galleryicon === $pid; // need to implement "Read EXIF info again" checkbox; comment out for now // $read_exif = isset($_POST['read_exif']); $reset_vcount = isset($_POST['reset_vcount']); $reset_votes = isset($_POST['reset_votes']); $del_comments = isset($_POST['del_comments']) || $delete; $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_array($result); mysql_free_result($result); if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $update = "aid = '" . $aid . "'"; if (is_movie($pic['filename'])) { $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } $update .= ", title = '" . addslashes($title) . "'"; $update .= ", caption = '" . addslashes($caption) . "'"; $update .= ", keywords = '" . addslashes($keywords) . "'"; $update .= ", user1 = '" . addslashes($user1) . "'"; $update .= ", user2 = '" . addslashes($user2) . "'"; $update .= ", user3 = '" . addslashes($user3) . "'"; $update .= ", user4 = '" . addslashes($user4) . "'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';'; cpg_db_query($sql); $update .= ", galleryicon = " . addslashes($galleryicon); } if ($reset_vcount) { $update .= ", hits = '0'"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; resetDetailVotes($pid); } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; $result = cpg_db_query($query); } else { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } // rename a file if ($_POST['filename'] != $pic['filename']) { if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) { $condition = true; } elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) { $condition = true; } elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) { $condition = true; } else { $condition = false; } if ($CONFIG['make_intermediate'] && $condition) { $prefices = array('fullsize', 'normal', 'thumb'); } else { $prefices = array('fullsize', 'thumb'); } if (!is_image($pic['filename'])) { $prefices = array('fullsize'); } foreach ($prefices as $prefix) { $oldname = urldecode(get_pic_url($pic, $prefix)); $filename = replace_forbidden($_POST['filename']); $newname = str_replace($pic['filename'], $filename, $oldname); $old_mime = cpg_get_type($oldname); $new_mime = cpg_get_type($newname); if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__); } if (!is_known_filetype($newname)) { cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__); } if (file_exists($newname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__); } if (!file_exists($oldname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__); } if (rename($oldname, $newname)) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1"); } else { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); } } } }
$result = cpg_db_query($query); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $pid[] = $row['pid']; } } if ($reset_views) { // if reset_views start $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET hits='0' WHERE aid='{$aid}'"; $update = cpg_db_query($query); if (isset($CONFIG['debug_mode']) && $CONFIG['debug_mode'] == 1) { $queries[] = $query; } if (mysql_affected_rows()) { $counter_affected_rows++; } resetDetailHits($pid); } // if reset_views end if ($reset_rating) { // if reset_rating start $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET pic_rating='0', votes='0' WHERE aid='{$aid}'"; $update = cpg_db_query($query); if (isset($CONFIG['debug_mode']) && $CONFIG['debug_mode'] == 1) { $queries[] = $query; } if (mysql_affected_rows()) { $counter_affected_rows++; } resetDetailVotes($pid); } // if reset_rating end
/** * process_post_data() * * Function to process the form posted */ function process_post_data() { global $CONFIG, $user_albums_list, $lang_errors; $superCage = Inspekt::makeSuperCage(); //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $user_album_set = array(); $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'"); while ($row = $result->fetchAssoc()) { $user_album_set[$row['aid']] = 1; } $result->free(); $pid_array = $superCage->post->getInt('pid'); if (!is_array($pid_array)) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } if ($superCage->post->keyExists('galleryicon')) { $galleryicon = $superCage->post->getInt('galleryicon'); } else { $galleryicon = ''; } foreach ($pid_array as $pid) { $aid = $superCage->post->getInt("aid{$pid}"); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $delete = false; $reset_vcount = false; $reset_votes = false; $del_comments = false; $isgalleryicon = $galleryicon === $pid; if ($superCage->post->keyExists('delete' . $pid)) { $delete = $superCage->post->getInt('delete' . $pid); } if ($superCage->post->keyExists('reset_vcount' . $pid)) { $reset_vcount = $superCage->post->getInt('reset_vcount' . $pid); } if ($superCage->post->keyExists('reset_votes' . $pid)) { $reset_votes = $superCage->post->getInt('reset_votes' . $pid); } if ($superCage->post->keyExists('del_comments' . $pid)) { $del_comments = $superCage->post->getInt('del_comments' . $pid); } // We will be selecting pid in the query as we need it in $pic array for the plugin filter $query = "SELECT pid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = {$pid}"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = $result->fetchAssoc(true); if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } } cpg_trim_keywords($keywords); $update = "aid = '{$aid}'"; $update .= ", title = '{$title}'"; $update .= ", caption = '{$caption}'"; $update .= ", keywords = '{$keywords}'"; $update .= ", user1 = '{$user1}'"; $update .= ", user2 = '{$user2}'"; $update .= ", user3 = '{$user3}'"; $update .= ", user4 = '{$user4}'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}"); $update .= ", galleryicon = " . $galleryicon; } if (is_movie($pic['filename'])) { $pwidth = $superCage->post->getInt('pwidth' . $pid); $pheight = $superCage->post->getInt('pheight' . $pid); $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } if ($reset_vcount) { $update .= ", hits = 0"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = 0, votes = 0"; resetDetailVotes($pid); } if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) { $approved = ''; if ($superCage->post->keyExists('approved' . $pid)) { $approved = $superCage->post->getAlpha('approved' . $pid); } if ($approved == 'YES') { $update .= ", approved = 'YES'"; } else { $update .= ", approved = 'NO'"; } } if ($del_comments || $delete) { cpg_db_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = {$pid}"); } if ($delete) { $dir = $CONFIG['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__); } $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); // Check for custom thumbnails for non-images if (!is_image($file)) { $mime_content = cpg_get_type($file); $file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file)); foreach (array('.gif', '.png', '.jpg') as $thumb_extension) { if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) { // Thumbnail found, check if it's the only file using that thumbnail $count = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'")->result(0); if ($count == 1) { unset($files[count($files) - 1]); $files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension; break; } } } } foreach ($files as $currFile) { if (is_file($currFile)) { @unlink($currFile); } } // Plugin filter to be called before deleting a file CPGPluginAPI::action('before_delete_file', $pic); cpg_db_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid} LIMIT 1"); cpg_db_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '{$pid}'"); // Plugin filter to be called after a file is deleted CPGPluginAPI::action('after_delete_file', $pic); } else { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid = {$pid}"); // Executes after a file update is committed CPGPluginAPI::action('after_edit_file', $pid); } } }
/** * process_post_data() * * Function to process the form posted */ function process_post_data() { global $CONFIG; global $user_albums_list, $lang_errors; $superCage = Inspekt::makeSuperCage(); $user_album_set = array(); foreach ($user_albums_list as $album) { $user_album_set[$album['aid']] = 1; } $pid = $superCage->post->getInt('pid'); if (!is_array($pid)) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } $pid_array = $pid; if ($superCage->post->keyExists('galleryicon')) { $galleryincon = $superCage->post->getInt('galleyicon'); } else { $galleryicon = ''; } foreach ($pid_array as $pid) { $aid = $superCage->post->getInt("aid{$pid}"); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $delete = false; $reset_vcount = false; $reset_votes = false; $del_comments = false; $isgalleryicon = $galleryicon === $pid; if ($superCage->post->keyExists('delete' . $pid)) { $delete = $superCage->post->getInt('delete' . $pid); } if ($superCage->post->keyExists('reset_vcount' . $pid)) { $reset_vcount = $superCage->post - getInt('reset_vcount' . $pid); } if ($superCage->post->keyExists('reset_votes' . $pid)) { $reset_votes = $superCage->post->getInt('reset_votes' . $pid); } if ($superCage->post->keyExists('del_comments' . $pid)) { $del_comments = $superCage->post->getInt('del_comments' . $pid) || $delete; } // OVI //$query = "SELECT category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'"; $query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid, category, filepath, filename, owner_id, total_filesize FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'"; $result = cpg_db_query($query); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_array($result); mysql_free_result($result); if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(target album = {$aid})", __FILE__, __LINE__); } } $update = "aid = '{$aid}'"; $update .= ", title = '{$title}'"; $update .= ", caption = '{$caption}'"; $update .= ", keywords = '{$keywords}'"; $update .= ", user1 = '{$user1}'"; $update .= ", user2 = '{$user2}'"; $update .= ", user3 = '{$user3}'"; $update .= ", user4 = '{$user4}'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = 'UPDATE ' . $CONFIG['TABLE_PICTURES'] . ' SET galleryicon=0 WHERE owner_id=' . $pic['owner_id'] . ';'; cpg_db_query($sql); $update .= ", galleryicon = " . addslashes($galleryicon); } if (is_movie($pic['filename'])) { $pwidth = $superCage->post->getInt('pwidth' . $pid); $pheight = $superCage->post->getInt('pheight' . $pid); $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } if ($reset_vcount) { $update .= ", hits = '0'"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; resetDetailVotes($pid); } if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) { if ($superCage->post->keyExists('approved' . $pid)) { $approved = $superCage->post->getAlpha('approved' . $pid); } if ($approved) { $update .= ", approved = 'YES'"; } else { $update .= ", approved = 'NO'"; } } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; $result = cpg_db_query($query); } if ($delete) { $dir = $CONFIG['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__); } ///////// OVI $picture_id = $pid; $owner_id = $pic['owner_id']; $imageContainer = new FileContainer($picture_id, $owner_id); $imageContainer->original_path = $dir . $file; // check $imageContainer->total_filesize = $pic['total_filesize']; ///////// OVI /* // OVI $files = array ($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); foreach ($files as $currFile){ if (is_file($currFile)) @unlink($currFile); } */ ///////// OVI $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); foreach ($files as $currFile) { if ($currFile != $dir . $file) { $imageContainer->thumb_paths[] = $currFile; } if (is_file($currFile)) { @unlink($currFile); } } ///////// OVI ///// OVI global $storage; $storage->delete_file($imageContainer); ///// OVI $query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } else { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } } }
function process_post_data() { global $CONFIG, $USER_DATA, $lang_errors, $lang_editpics_php, $superCage; //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $user_album_set = array(); $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'"); while ($row = mysql_fetch_assoc($result)) { $user_album_set[$row['aid']] = 1; } mysql_free_result($result); $pid = $superCage->post->getInt('id'); $aid = $superCage->post->getInt('aid'); $pwidth = $superCage->post->getInt('pwidth'); $pheight = $superCage->post->getInt('pheight'); $title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title')); $caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption')); $keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords'))); $user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1')); $user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2')); $user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3')); $user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4')); $galleryicon = $superCage->post->getInt('galleryicon'); $isgalleryicon = $galleryicon == $pid; $read_exif = $superCage->post->keyExists('read_exif') ? $superCage->post->getInt('read_exif') : 0; $reset_vcount = $superCage->post->keyExists('reset_vcount') ? $superCage->post->getInt('reset_vcount') : 0; $reset_votes = $superCage->post->keyExists('reset_votes') ? $superCage->post->getInt('reset_votes') : 0; $del_comments = $superCage->post->keyExists('del_comments') ? $superCage->post->getInt('del_comments') : 0; $result = cpg_db_query("SELECT category, owner_id, url_prefix, filepath, filename, pwidth, pheight, p.aid AS aid FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = '{$pid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_assoc($result); mysql_free_result($result); if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } } if (!USER_ID || !(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '{$aid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $new_alb = mysql_fetch_assoc($result); mysql_free_result($result); cpg_trim_keywords($keywords); $update = "aid = '{$aid}'"; if (is_movie($pic['filename'])) { $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } $update .= ", title = '{$title}'"; $update .= ", caption = '{$caption}'"; $update .= ", keywords = '{$keywords}'"; if (GALLERY_ADMIN_MODE) { $approved = $superCage->post->getAlpha('approved'); $update .= ", approved = '{$approved}'"; } elseif ($new_alb['category'] < FIRST_USER_CAT && $aid != $pic['aid']) { $approved = $USER_DATA['pub_upl_need_approval'] ? 'NO' : 'YES'; $update .= ", approved = '{$approved}'"; } elseif ($new_alb['category'] > FIRST_USER_CAT && $aid != $pic['aid'] && $pic['category'] < FIRST_USER_CAT) { $approved = $USER_DATA['priv_upl_need_approval'] ? 'NO' : 'YES'; $update .= ", approved = '{$approved}'"; } $update .= ", user1 = '{$user1}'"; $update .= ", user2 = '{$user2}'"; $update .= ", user3 = '{$user3}'"; $update .= ", user4 = '{$user4}'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = "UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}"; cpg_db_query($sql); $update .= ", galleryicon = " . $galleryicon; } if ($reset_vcount) { $update .= ", hits = 0"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = 0, votes = 0"; resetDetailVotes($pid); } if ($read_exif) { // If "read exif info again" is checked then just delete the entry from the exif table. // The new exif information will automatically be read when someone views the image. $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = '{$pid}'"; cpg_db_query($query); } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '{$pid}'"; cpg_db_query($query); } $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; cpg_db_query($query); // Executes after a file update is committed CPGPluginAPI::action('after_edit_file', $pid); // rename a file if ($superCage->post->keyExists('filename')) { $post_filename = $superCage->post->getEscaped('filename'); } if ($post_filename != $pic['filename']) { if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($pic['pwidth'], $pic['pheight'])) { $prefixes = array('fullsize', 'normal', 'thumb'); } else { $prefixes = array('fullsize', 'thumb'); } if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { $prefixes[] = 'orig'; } if (!is_image($pic['filename'])) { $prefixes = array('fullsize'); // Check for custom thumbnails $mime_content_old = cpg_get_type($pic['filename']); $mime_content_new = cpg_get_type(replace_forbidden($post_filename)); $file_base_name_old = str_replace('.' . $mime_content_old['extension'], '', basename($pic['filename'])); foreach (array('.gif', '.png', '.jpg') as $thumb_extension) { if (file_exists($CONFIG['fullpath'] . $pic['filepath'] . $CONFIG['thumb_pfx'] . $file_base_name_old . $thumb_extension)) { // Thumbnail found, check if it's the only file using that thumbnail $count = mysql_result(cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name_old}.%'"), 0); if ($count == 1) { $prefixes[] = 'thumb'; $custom_thumb = TRUE; break; } } } } $pic_prefix = array('thumb' => $CONFIG['thumb_pfx'], 'normal' => $CONFIG['normal_pfx'], 'orig' => $CONFIG['orig_pfx'], 'fullsize' => ''); $files_to_rename = array(); foreach ($prefixes as $prefix) { $oldname = urldecode($CONFIG['fullpath'] . $pic['filepath'] . $pic_prefix[$prefix] . $pic['filename']); $filename = replace_forbidden($post_filename); $newname = str_replace($pic['filename'], $filename, $oldname); if ($custom_thumb == TRUE && $prefix == 'thumb') { $oldname = str_replace('.' . $mime_content_old['extension'], $thumb_extension, $oldname); $newname = str_replace('.' . $mime_content_new['extension'], $thumb_extension, $newname); } $old_mime = cpg_get_type($oldname); $new_mime = cpg_get_type($newname); if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__); } if (!is_known_filetype($newname)) { cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__); } if (file_exists($newname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__); } if (!file_exists($oldname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__); } // Check if there will be no conflicts before doing anything $files_to_rename[] = array('oldname' => $oldname, 'filename' => $filename, 'newname' => $newname); } if (count($files_to_rename) > 0) { foreach ($files_to_rename as $file) { if (rename($file['oldname'], $file['newname'])) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$file['filename']}' WHERE pid = '{$pid}' LIMIT 1"); } else { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); } } } } }
function process_post_data() { global $CONFIG; global $user_albums_list, $lang_errors; $user_album_set = array(); foreach ($user_albums_list as $album) { $user_album_set[$album['aid']] = 1; } if (!is_array($_POST['pid'])) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } $pid_array =& $_POST['pid']; $galleryicon = (int) $_POST['galleryicon']; foreach ($pid_array as $pid) { $pid = (int) $pid; $aid = (int) get_post_var('aid', $pid); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $isgalleryicon = $galleryicon === $pid; $delete = isset($_POST['delete' . $pid]); $reset_vcount = isset($_POST['reset_vcount' . $pid]); $reset_votes = isset($_POST['reset_votes' . $pid]); $del_comments = isset($_POST['del_comments' . $pid]) || $delete; $query = "SELECT category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'"; $result = cpg_db_query($query); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_array($result); mysql_free_result($result); if (!GALLERY_ADMIN_MODE) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(target album = {$aid})", __FILE__, __LINE__); } } $update = "aid = '" . $aid . "'"; $update .= ", title = '" . addslashes($title) . "'"; $update .= ", caption = '" . addslashes($caption) . "'"; $update .= ", keywords = '" . addslashes($keywords) . "'"; $update .= ", user1 = '" . addslashes($user1) . "'"; $update .= ", user2 = '" . addslashes($user2) . "'"; $update .= ", user3 = '" . addslashes($user3) . "'"; $update .= ", user4 = '" . addslashes($user4) . "'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';'; cpg_db_query($sql); $update .= ", galleryicon = " . addslashes($galleryicon); } if (is_movie($pic['filename'])) { $pwidth = get_post_var('pwidth', $pid); $pheight = get_post_var('pheight', $pid); $update .= ", pwidth = " . (int) $pwidth; $update .= ", pheight = " . (int) $pheight; } if ($reset_vcount) { $update .= ", hits = '0'"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; resetDetailVotes($pid); } if (UPLOAD_APPROVAL_MODE) { $approved = get_post_var('approved', $pid); if ($approved == 'YES') { $update .= ", approved = 'YES'"; } elseif ($approved == 'DELETE') { $del_comments = 1; $delete = 1; } } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; $result = cpg_db_query($query); } if ($delete) { $dir = $CONFIG['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__); } $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); foreach ($files as $currFile) { if (is_file($currFile)) { @unlink($currFile); } } $query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } else { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } } }
function process_post_data() { global $CONFIG, $mb_utf8_regex; global $lang_errors, $lang_editpics_php; $superCage = Inspekt::makeSuperCage(); $pid = $superCage->post->getInt('id'); $aid = $superCage->post->getInt('aid'); $pwight = $superCage->post->getInt('pwidth'); $pheight = $superCage->post->getInt('pheight'); $title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title')); $caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption')); $keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords'))); $user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1')); $user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2')); $user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3')); $user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4')); $galleryicon = $superCage->post->getInt('galleryicon'); $isgalleryicon = $galleryicon === $pid; if ($superCage->post->keyExists('read_exif')) { $read_exif = $superCage->post->getInt('read_exif'); } if ($superCage->post->keyExists('reset_vcount')) { $reset_vcount = $superCage->post->getInt('reset_vcount'); } if ($superCage->post->keyExists('reset_votes')) { $reset_votes = $superCage->post->getInt('reset_votes'); } if ($superCage->post->keyExists('del_comments')) { $del_comments = $superCage->post->getInt('del_comments') || $delete; } $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_array($result); mysql_free_result($result); if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $update = "aid = '" . $aid . "'"; if (is_movie($pic['filename'])) { $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } $update .= ", title = '" . $title . "'"; $update .= ", caption = '" . $caption . "'"; $update .= ", keywords = '" . $keywords . "'"; if (GALLERY_ADMIN_MODE) { $approved = $superCage->post->getAlpha('approved'); $update .= ", approved = '" . $approved . "'"; } $update .= ", user1 = '" . $user1 . "'"; $update .= ", user2 = '" . $user2 . "'"; $update .= ", user3 = '" . $user3 . "'"; $update .= ", user4 = '" . $user4 . "'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';'; cpg_db_query($sql); $update .= ", galleryicon = " . $galleryicon; } if ($reset_vcount) { $update .= ", hits = '0'"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; resetDetailVotes($pid); } if ($read_exif) { $filepath = urldecode(get_pic_url($pic, 'fullsize')); // If read exif info again is checked then we will just delete the entry from exif table. The new exif information will automatically be read when someone views the image. $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE filename = '{$filepath}'"; cpg_db_query($query); } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; $result = cpg_db_query($query); } else { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } // rename a file if ($superCage->post->keyExists('filename') && ($matches = $superCage->post->getMatched('filename', '/^[0-9A-Za-z\\/_.-]+$/'))) { $post_filename = $matches[0]; } if ($post_filename != $pic['filename']) { if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) { $condition = true; } elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) { $condition = true; } elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) { $condition = true; } else { $condition = false; } if ($CONFIG['make_intermediate'] && $condition) { $prefices = array('fullsize', 'normal', 'thumb'); } else { $prefices = array('fullsize', 'thumb'); } if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { $prefices[] = 'orig'; } if (!is_image($pic['filename'])) { $prefices = array('fullsize'); } foreach ($prefices as $prefix) { // OVI // $oldname = urldecode(get_pic_url($pic, $prefix)); $oldname = urldecode(get_pic_url($pic, $prefix, false, true)); // OVI $filename = replace_forbidden($post_filename); $newname = str_replace($pic['filename'], $filename, $oldname); $old_mime = cpg_get_type($oldname); $new_mime = cpg_get_type($newname); if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__); } if (!is_known_filetype($newname)) { cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__); } // OVI //if (file_exists($newname)) //cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__); //if (!file_exists($oldname)) //cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__); // OVI // OVI $imageContainer = new FileContainer($pic['pid'], $pic['owner_id']); $imageContainer->original_path = $oldname; //echo $imageContainer->original_path." ".$newname;exit(1); global $storage; if (!$storage->rename_file($imageContainer, $newname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); } // OVI /*if (rename($oldname, $newname)) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '$filename' WHERE pid = '$pid' LIMIT 1"); } else cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); */ } // foreach // OVI cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1"); // OVI } }