// the action
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'set_as_icon') {
$action = 'image:set_as_icon';
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'set_as_avatar') {
$action = 'image:set_as_avatar';
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'set_as_thumbnail') {
$action = 'image:set_as_thumbnail';
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'set_as_both') {
$action = 'image:set_as_both';
} else {
$action = 'image:update';
}
// touch the related anchor
$anchor->touch($action, $_REQUEST['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y');
// clear cache
Images::clear($_REQUEST);
// forward to the view page
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . Images::get_url($_REQUEST['id']));
}
// display the form on GET
} else {
$with_form = TRUE;
}
// display the form
if ($with_form) {
// the form to edit an image
$context['text'] .= '<form method="post" action="' . $context['script_url'] . '" id="main_form" enctype="multipart/form-data"><div>';
$fields = array();
// the section
if ($anchor) {
$context['text'] .= '<input type="hidden" name="anchor" value="' . $anchor->get_reference() . '" />';
/**
* post a new image or an updated image
*
* Accept following situations:
* - id+image: update an existing entry in the database
* - id+no image: only update the database
* - no id+image: create a new entry in the database
* - no id+no image: create a new entry in the database
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the image, or FALSE on error
**/
public static function post(&$fields)
{
global $context;
// no anchor reference
if (!isset($fields['anchor']) || !$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// get the anchor
if (!($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values
if (!isset($fields['use_thumbnail']) || !Surfer::get_id()) {
$fields['use_thumbnail'] = 'Y';
}
// only authenticated users can select to not moderate image sizes
// set default values for this editor
Surfer::check_default_editor($fields);
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
$query = "UPDATE " . SQL::table_name('images') . " SET ";
if (isset($fields['image_name']) && $fields['image_name'] != 'none') {
$query .= "image_name='" . SQL::escape($fields['image_name']) . "'," . "thumbnail_name='" . SQL::escape($fields['thumbnail_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "',";
}
$query .= "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'" . " WHERE id = " . SQL::escape($fields['id']);
// actual update
if (SQL::query($query) === FALSE) {
return FALSE;
}
// insert a new record
} elseif (isset($fields['image_name']) && $fields['image_name'] && isset($fields['image_size']) && $fields['image_size']) {
$query = "INSERT INTO " . SQL::table_name('images') . " SET ";
$query .= "anchor='" . SQL::escape($fields['anchor']) . "'," . "image_name='" . SQL::escape($fields['image_name']) . "'," . "image_size='" . SQL::escape($fields['image_size']) . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "use_thumbnail='" . SQL::escape($fields['use_thumbnail']) . "'," . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'," . "thumbnail_name='" . SQL::escape(isset($fields['thumbnail_name']) ? $fields['thumbnail_name'] : '') . "'," . "link_url='" . SQL::escape(isset($fields['link_url']) ? $fields['link_url'] : '') . "'," . "edit_name='" . SQL::escape($fields['edit_name']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . "," . "edit_address='" . SQL::escape($fields['edit_address']) . "'," . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
// actual update
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// nothing done
} else {
Logger::error(i18n::s('No image has been added.'));
return FALSE;
}
// clear the cache
Images::clear($fields);
// end of job
return $fields['id'];
}
// not found
if (!isset($item['id'])) {
include '../error.php';
// permission denied
} elseif (!$permitted) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// deletion is confirmed
} elseif (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 'yes') {
// touch the related anchor before actual deletion, since the image has to be accessible at that time
if (is_object($anchor)) {
$anchor->touch('image:delete', $item['id']);
}
// if no error, back to the anchor or to the index page
if (Images::delete($item['id'])) {
Images::clear($item);
if (isset($_REQUEST['strait'])) {
$output['success'] = true;
// provide a new field if required
if (isset($_REQUEST['newfield'])) {
$indice = $_REQUEST['newfield'] ? $_REQUEST['newfield'] : '';
$output['replace'] = Skin::build_input_file('upload' . $indice);
}
} elseif (isset($_REQUEST['follow_up'])) {
Safe::redirect($_REQUEST['follow_up']);
} elseif (is_object($anchor)) {
Safe::redirect($anchor->get_url());
} else {
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'images/');
}
}