/**
* Event handler for method invocation security check. Should return a PwgError
* if the preconditions are not satifsied for method invocation.
*/
function ws_isInvokeAllowed($res, $methodName, $params)
{
global $conf;
if (strpos($methodName, 'reflection.') === 0) {
// OK for reflection
return $res;
}
if (!is_autorize_status(ACCESS_GUEST) and strpos($methodName, 'pwg.session.') !== 0) {
return new PwgError(401, 'Access denied');
}
return $res;
}
/**
* Returns if user is a webmaster.
*
* @param string $user_status used if $user not initialized
* @return bool
*/
function is_webmaster($user_status = '')
{
return is_autorize_status(ACCESS_WEBMASTER, $user_status);
}
SELECT COUNT(rate) AS count
, ROUND(AVG(rate),2) AS average
FROM ' . RATE_TABLE . '
WHERE element_id = ' . $picture['current']['id'] . '
;';
list($rate_summary['count'], $rate_summary['average']) = pwg_db_fetch_row(pwg_query($query));
}
$template->assign('rate_summary', $rate_summary);
$user_rate = null;
if ($conf['rate_anonymous'] or is_autorize_status(ACCESS_CLASSIC)) {
if ($rate_summary['count'] > 0) {
$query = 'SELECT rate
FROM ' . RATE_TABLE . '
WHERE element_id = ' . $page['image_id'] . '
AND user_id = ' . $user['id'];
if (!is_autorize_status(ACCESS_CLASSIC)) {
$ip_components = explode('.', $_SERVER['REMOTE_ADDR']);
if (count($ip_components) > 3) {
array_pop($ip_components);
}
$anonymous_id = implode('.', $ip_components);
$query .= ' AND anonymous_id = \'' . $anonymous_id . '\'';
}
$result = pwg_query($query);
if (pwg_db_num_rows($result) > 0) {
$row = pwg_db_fetch_assoc($result);
$user_rate = $row['rate'];
}
}
$template->assign('rating', array('F_ACTION' => add_url_params($url_self, array('action' => 'rate')), 'USER_RATE' => $user_rate, 'marks' => $conf['rate_items']));
}
$consensus_top_number = $conf['top_number'];
if (isset($_GET['consensus_top_number'])) {
$consensus_top_number = (int) $_GET['consensus_top_number'];
}
// build users
global $conf;
$query = 'SELECT DISTINCT
u.' . $conf['user_fields']['id'] . ' AS id,
u.' . $conf['user_fields']['username'] . ' AS name,
ui.status
FROM ' . USERS_TABLE . ' AS u INNER JOIN ' . USER_INFOS_TABLE . ' AS ui
ON u.' . $conf['user_fields']['id'] . ' = ui.user_id';
$users_by_id = array();
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$users_by_id[(int) $row['id']] = array('name' => $row['name'], 'anon' => is_autorize_status(ACCESS_CLASSIC, $row['status']) ? false : true);
}
$by_user_rating_model = array('rates' => array());
foreach ($conf['rate_items'] as $rate) {
$by_user_rating_model['rates'][$rate] = array();
}
// by user aggregation
$image_ids = array();
$by_user_ratings = array();
$query = '
SELECT * FROM ' . RATE_TABLE . ' ORDER by date DESC';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
if (!isset($users_by_id[$row['user_id']])) {
$users_by_id[$row['user_id']] = array('name' => '???' . $row['user_id'], 'anon' => false);
}
/**
* Setups each block the main menubar.
*/
function initialize_menu()
{
global $page, $conf, $user, $template, $filter;
$menu = new BlockManager("menubar");
$menu->load_registered_blocks();
$menu->prepare_display();
if (@$page['section'] == 'search' and isset($page['qsearch_details'])) {
$template->assign('QUERY_SEARCH', htmlspecialchars($page['qsearch_details']['q']));
}
//--------------------------------------------------------------- external links
if ($block = $menu->get_block('mbLinks') and !empty($conf['links'])) {
$block->data = array();
foreach ($conf['links'] as $url => $url_data) {
if (!is_array($url_data)) {
$url_data = array('label' => $url_data);
}
if (!isset($url_data['eval_visible']) or eval($url_data['eval_visible'])) {
$tpl_var = array('URL' => $url, 'LABEL' => $url_data['label']);
if (!isset($url_data['new_window']) or $url_data['new_window']) {
$tpl_var['new_window'] = array('NAME' => isset($url_data['nw_name']) ? $url_data['nw_name'] : '', 'FEATURES' => isset($url_data['nw_features']) ? $url_data['nw_features'] : '');
}
$block->data[] = $tpl_var;
}
}
if (!empty($block->data)) {
$block->template = 'menubar_links.tpl';
}
}
//-------------------------------------------------------------- categories
$block = $menu->get_block('mbCategories');
//------------------------------------------------------------------------ filter
if ($conf['menubar_filter_icon'] and !empty($conf['filter_pages']) and get_filter_page_value('used')) {
if ($filter['enabled']) {
$template->assign('U_STOP_FILTER', add_url_params(make_index_url(array()), array('filter' => 'stop')));
} else {
$template->assign('U_START_FILTER', add_url_params(make_index_url(array()), array('filter' => 'start-recent-' . $user['recent_period'])));
}
}
if ($block != null) {
$block->data = array('NB_PICTURE' => $user['nb_total_images'], 'MENU_CATEGORIES' => get_categories_menu(), 'U_CATEGORIES' => make_index_url(array('section' => 'categories')));
$block->template = 'menubar_categories.tpl';
}
//------------------------------------------------------------------------ tags
$block = $menu->get_block('mbTags');
if ($block != null and !empty($page['items']) and 'picture' != script_basename()) {
if ('tags' == @$page['section']) {
$tags = get_common_tags($page['items'], $conf['menubar_tag_cloud_items_number'], $page['tag_ids']);
$tags = add_level_to_tags($tags);
foreach ($tags as $tag) {
$block->data[] = array_merge($tag, array('U_ADD' => make_index_url(array('tags' => array_merge($page['tags'], array($tag)))), 'URL' => make_index_url(array('tags' => array($tag)))));
}
} else {
$selection = array_slice($page['items'], $page['start'], $page['nb_image_page']);
$tags = add_level_to_tags(get_common_tags($selection, $conf['content_tag_cloud_items_number']));
foreach ($tags as $tag) {
$block->data[] = array_merge($tag, array('URL' => make_index_url(array('tags' => array($tag)))));
}
}
if (!empty($block->data)) {
$block->template = 'menubar_tags.tpl';
}
}
//----------------------------------------------------------- special categories
if (($block = $menu->get_block('mbSpecials')) != null) {
if (!is_a_guest()) {
// favorites
$block->data['favorites'] = array('URL' => make_index_url(array('section' => 'favorites')), 'TITLE' => l10n('display your favorites photos'), 'NAME' => l10n('Your favorites'));
}
$block->data['most_visited'] = array('URL' => make_index_url(array('section' => 'most_visited')), 'TITLE' => l10n('display most visited photos'), 'NAME' => l10n('Most visited'));
if ($conf['rate']) {
$block->data['best_rated'] = array('URL' => make_index_url(array('section' => 'best_rated')), 'TITLE' => l10n('display best rated photos'), 'NAME' => l10n('Best rated'));
}
$block->data['recent_pics'] = array('URL' => make_index_url(array('section' => 'recent_pics')), 'TITLE' => l10n('display most recent photos'), 'NAME' => l10n('Recent photos'));
$block->data['recent_cats'] = array('URL' => make_index_url(array('section' => 'recent_cats')), 'TITLE' => l10n('display recently updated albums'), 'NAME' => l10n('Recent albums'));
$block->data['random'] = array('URL' => get_root_url() . 'random.php', 'TITLE' => l10n('display a set of random photos'), 'NAME' => l10n('Random photos'), 'REL' => 'rel="nofollow"');
$block->data['calendar'] = array('URL' => make_index_url(array('chronology_field' => $conf['calendar_datefield'] == 'date_available' ? 'posted' : 'created', 'chronology_style' => 'monthly', 'chronology_view' => 'calendar')), 'TITLE' => l10n('display each day with photos, month per month'), 'NAME' => l10n('Calendar'), 'REL' => 'rel="nofollow"');
$block->template = 'menubar_specials.tpl';
}
//---------------------------------------------------------------------- summary
if (($block = $menu->get_block('mbMenu')) != null) {
// quick search block will be displayed only if data['qsearch'] is set
// to "yes"
$block->data['qsearch'] = true;
// tags link
$block->data['tags'] = array('TITLE' => l10n('display available tags'), 'NAME' => l10n('Tags'), 'URL' => get_root_url() . 'tags.php', 'COUNTER' => get_nb_available_tags());
// search link
$block->data['search'] = array('TITLE' => l10n('search'), 'NAME' => l10n('Search'), 'URL' => get_root_url() . 'search.php', 'REL' => 'rel="search"');
if ($conf['activate_comments']) {
// comments link
$block->data['comments'] = array('TITLE' => l10n('display last user comments'), 'NAME' => l10n('Comments'), 'URL' => get_root_url() . 'comments.php', 'COUNTER' => get_nb_available_comments());
}
// about link
$block->data['about'] = array('TITLE' => l10n('About Piwigo'), 'NAME' => l10n('About'), 'URL' => get_root_url() . 'about.php');
// notification
$block->data['rss'] = array('TITLE' => l10n('RSS feed'), 'NAME' => l10n('Notification'), 'URL' => get_root_url() . 'notification.php', 'REL' => 'rel="nofollow"');
$block->template = 'menubar_menu.tpl';
}
//--------------------------------------------------------------- identification
if (is_a_guest()) {
$template->assign(array('U_LOGIN' => get_root_url() . 'identification.php', 'U_LOST_PASSWORD' => get_root_url() . 'password.php', 'AUTHORIZE_REMEMBERING' => $conf['authorize_remembering']));
if ($conf['allow_user_registration']) {
$template->assign('U_REGISTER', get_root_url() . 'register.php');
}
} else {
$template->assign('USERNAME', stripslashes($user['username']));
if (is_autorize_status(ACCESS_CLASSIC)) {
$template->assign('U_PROFILE', get_root_url() . 'profile.php');
}
// the logout link has no meaning with Apache authentication : it is not
// possible to logout with this kind of authentication.
if (!$conf['apache_authentication']) {
$template->assign('U_LOGOUT', get_root_url() . '?act=logout');
}
if (is_admin()) {
$template->assign('U_ADMIN', get_root_url() . 'admin.php');
}
}
if (($block = $menu->get_block('mbIdentification')) != null) {
$block->template = 'menubar_identification.tpl';
}
$menu->apply('MENUBAR', 'menubar.tpl');
}
do_timeout_treatment('cat_false', $check_key_treated);
}
}
break;
case 'send':
if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content'])) {
$check_key_treated = do_action_send_mail_notification('send', $_POST['send_selection'], stripslashes($_POST['send_customize_mail_content']));
do_timeout_treatment('send_selection', $check_key_treated);
}
}
// +-----------------------------------------------------------------------+
// | template initialization |
// +-----------------------------------------------------------------------+
$template->set_filenames(array('double_select' => 'double_select.tpl', 'notification_by_mail' => 'notification_by_mail.tpl'));
$template->assign(array('U_HELP' => get_root_url() . 'admin/popuphelp.php?page=notification_by_mail', 'F_ACTION' => $base_url . get_query_string_diff(array())));
if (is_autorize_status(ACCESS_WEBMASTER)) {
// TabSheet
$tabsheet = new tabsheet();
$tabsheet->set_id('nbm');
$tabsheet->select($page['mode']);
$tabsheet->assign();
}
if ($must_repost) {
// Get name of submit button
$repost_submit_name = '';
if (isset($_POST['falsify'])) {
$repost_submit_name = 'falsify';
} elseif (isset($_POST['trueify'])) {
$repost_submit_name = 'trueify';
} elseif (isset($_POST['send_submit'])) {
$repost_submit_name = 'send_submit';
/**
* Rate a picture by the current user.
*
* @param int $image_id
* @param float $rate
* @return array as return by update_rating_score()
*/
function rate_picture($image_id, $rate)
{
global $conf, $user;
if (!isset($rate) or !$conf['rate'] or !preg_match('/^[0-9]+$/', $rate) or !in_array($rate, $conf['rate_items'])) {
return false;
}
$user_anonymous = is_autorize_status(ACCESS_CLASSIC) ? false : true;
if ($user_anonymous and !$conf['rate_anonymous']) {
return false;
}
$ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
if (count($ip_components) > 3) {
array_pop($ip_components);
}
$anonymous_id = implode('.', $ip_components);
if ($user_anonymous) {
$save_anonymous_id = pwg_get_cookie_var('anonymous_rater', $anonymous_id);
if ($anonymous_id != $save_anonymous_id) {
// client has changed his IP adress or he's trying to fool us
$query = '
SELECT element_id
FROM ' . RATE_TABLE . '
WHERE user_id = ' . $user['id'] . '
AND anonymous_id = \'' . $anonymous_id . '\'
;';
$already_there = array_from_query($query, 'element_id');
if (count($already_there) > 0) {
$query = '
DELETE
FROM ' . RATE_TABLE . '
WHERE user_id = ' . $user['id'] . '
AND anonymous_id = \'' . $save_anonymous_id . '\'
AND element_id IN (' . implode(',', $already_there) . ')
;';
pwg_query($query);
}
$query = '
UPDATE ' . RATE_TABLE . '
SET anonymous_id = \'' . $anonymous_id . '\'
WHERE user_id = ' . $user['id'] . '
AND anonymous_id = \'' . $save_anonymous_id . '\'
;';
pwg_query($query);
}
// end client changed ip
pwg_set_cookie_var('anonymous_rater', $anonymous_id);
}
// end anonymous user
$query = '
DELETE
FROM ' . RATE_TABLE . '
WHERE element_id = ' . $image_id . '
AND user_id = ' . $user['id'] . '
';
if ($user_anonymous) {
$query .= ' AND anonymous_id = \'' . $anonymous_id . '\'';
}
pwg_query($query);
$query = '
INSERT
INTO ' . RATE_TABLE . '
(user_id,anonymous_id,element_id,rate,date)
VALUES
(' . $user['id'] . ',' . '\'' . $anonymous_id . '\',' . $image_id . ',' . $rate . ',NOW())
;';
pwg_query($query);
return update_rating_score($image_id);
}