示例#1
0
/**
 * Event handler for method invocation security check. Should return a PwgError
 * if the preconditions are not satifsied for method invocation.
 */
function ws_isInvokeAllowed($res, $methodName, $params)
{
    global $conf;
    if (strpos($methodName, 'reflection.') === 0) {
        // OK for reflection
        return $res;
    }
    if (!is_autorize_status(ACCESS_GUEST) and strpos($methodName, 'pwg.session.') !== 0) {
        return new PwgError(401, 'Access denied');
    }
    return $res;
}
示例#2
0
/**
 * Returns if user is a webmaster.
 *
 * @param string $user_status used if $user not initialized
 * @return bool
 */
function is_webmaster($user_status = '')
{
    return is_autorize_status(ACCESS_WEBMASTER, $user_status);
}
示例#3
0
SELECT COUNT(rate) AS count
     , ROUND(AVG(rate),2) AS average
  FROM ' . RATE_TABLE . '
  WHERE element_id = ' . $picture['current']['id'] . '
;';
        list($rate_summary['count'], $rate_summary['average']) = pwg_db_fetch_row(pwg_query($query));
    }
    $template->assign('rate_summary', $rate_summary);
    $user_rate = null;
    if ($conf['rate_anonymous'] or is_autorize_status(ACCESS_CLASSIC)) {
        if ($rate_summary['count'] > 0) {
            $query = 'SELECT rate
      FROM ' . RATE_TABLE . '
      WHERE element_id = ' . $page['image_id'] . '
      AND user_id = ' . $user['id'];
            if (!is_autorize_status(ACCESS_CLASSIC)) {
                $ip_components = explode('.', $_SERVER['REMOTE_ADDR']);
                if (count($ip_components) > 3) {
                    array_pop($ip_components);
                }
                $anonymous_id = implode('.', $ip_components);
                $query .= ' AND anonymous_id = \'' . $anonymous_id . '\'';
            }
            $result = pwg_query($query);
            if (pwg_db_num_rows($result) > 0) {
                $row = pwg_db_fetch_assoc($result);
                $user_rate = $row['rate'];
            }
        }
        $template->assign('rating', array('F_ACTION' => add_url_params($url_self, array('action' => 'rate')), 'USER_RATE' => $user_rate, 'marks' => $conf['rate_items']));
    }
示例#4
0
$consensus_top_number = $conf['top_number'];
if (isset($_GET['consensus_top_number'])) {
    $consensus_top_number = (int) $_GET['consensus_top_number'];
}
// build users
global $conf;
$query = 'SELECT DISTINCT
  u.' . $conf['user_fields']['id'] . ' AS id,
  u.' . $conf['user_fields']['username'] . ' AS name,
  ui.status
  FROM ' . USERS_TABLE . ' AS u INNER JOIN ' . USER_INFOS_TABLE . ' AS ui
    ON u.' . $conf['user_fields']['id'] . ' = ui.user_id';
$users_by_id = array();
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
    $users_by_id[(int) $row['id']] = array('name' => $row['name'], 'anon' => is_autorize_status(ACCESS_CLASSIC, $row['status']) ? false : true);
}
$by_user_rating_model = array('rates' => array());
foreach ($conf['rate_items'] as $rate) {
    $by_user_rating_model['rates'][$rate] = array();
}
// by user aggregation
$image_ids = array();
$by_user_ratings = array();
$query = '
SELECT * FROM ' . RATE_TABLE . ' ORDER by date DESC';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
    if (!isset($users_by_id[$row['user_id']])) {
        $users_by_id[$row['user_id']] = array('name' => '???' . $row['user_id'], 'anon' => false);
    }
示例#5
0
/**
 * Setups each block the main menubar.
 */
function initialize_menu()
{
    global $page, $conf, $user, $template, $filter;
    $menu = new BlockManager("menubar");
    $menu->load_registered_blocks();
    $menu->prepare_display();
    if (@$page['section'] == 'search' and isset($page['qsearch_details'])) {
        $template->assign('QUERY_SEARCH', htmlspecialchars($page['qsearch_details']['q']));
    }
    //--------------------------------------------------------------- external links
    if ($block = $menu->get_block('mbLinks') and !empty($conf['links'])) {
        $block->data = array();
        foreach ($conf['links'] as $url => $url_data) {
            if (!is_array($url_data)) {
                $url_data = array('label' => $url_data);
            }
            if (!isset($url_data['eval_visible']) or eval($url_data['eval_visible'])) {
                $tpl_var = array('URL' => $url, 'LABEL' => $url_data['label']);
                if (!isset($url_data['new_window']) or $url_data['new_window']) {
                    $tpl_var['new_window'] = array('NAME' => isset($url_data['nw_name']) ? $url_data['nw_name'] : '', 'FEATURES' => isset($url_data['nw_features']) ? $url_data['nw_features'] : '');
                }
                $block->data[] = $tpl_var;
            }
        }
        if (!empty($block->data)) {
            $block->template = 'menubar_links.tpl';
        }
    }
    //-------------------------------------------------------------- categories
    $block = $menu->get_block('mbCategories');
    //------------------------------------------------------------------------ filter
    if ($conf['menubar_filter_icon'] and !empty($conf['filter_pages']) and get_filter_page_value('used')) {
        if ($filter['enabled']) {
            $template->assign('U_STOP_FILTER', add_url_params(make_index_url(array()), array('filter' => 'stop')));
        } else {
            $template->assign('U_START_FILTER', add_url_params(make_index_url(array()), array('filter' => 'start-recent-' . $user['recent_period'])));
        }
    }
    if ($block != null) {
        $block->data = array('NB_PICTURE' => $user['nb_total_images'], 'MENU_CATEGORIES' => get_categories_menu(), 'U_CATEGORIES' => make_index_url(array('section' => 'categories')));
        $block->template = 'menubar_categories.tpl';
    }
    //------------------------------------------------------------------------ tags
    $block = $menu->get_block('mbTags');
    if ($block != null and !empty($page['items']) and 'picture' != script_basename()) {
        if ('tags' == @$page['section']) {
            $tags = get_common_tags($page['items'], $conf['menubar_tag_cloud_items_number'], $page['tag_ids']);
            $tags = add_level_to_tags($tags);
            foreach ($tags as $tag) {
                $block->data[] = array_merge($tag, array('U_ADD' => make_index_url(array('tags' => array_merge($page['tags'], array($tag)))), 'URL' => make_index_url(array('tags' => array($tag)))));
            }
        } else {
            $selection = array_slice($page['items'], $page['start'], $page['nb_image_page']);
            $tags = add_level_to_tags(get_common_tags($selection, $conf['content_tag_cloud_items_number']));
            foreach ($tags as $tag) {
                $block->data[] = array_merge($tag, array('URL' => make_index_url(array('tags' => array($tag)))));
            }
        }
        if (!empty($block->data)) {
            $block->template = 'menubar_tags.tpl';
        }
    }
    //----------------------------------------------------------- special categories
    if (($block = $menu->get_block('mbSpecials')) != null) {
        if (!is_a_guest()) {
            // favorites
            $block->data['favorites'] = array('URL' => make_index_url(array('section' => 'favorites')), 'TITLE' => l10n('display your favorites photos'), 'NAME' => l10n('Your favorites'));
        }
        $block->data['most_visited'] = array('URL' => make_index_url(array('section' => 'most_visited')), 'TITLE' => l10n('display most visited photos'), 'NAME' => l10n('Most visited'));
        if ($conf['rate']) {
            $block->data['best_rated'] = array('URL' => make_index_url(array('section' => 'best_rated')), 'TITLE' => l10n('display best rated photos'), 'NAME' => l10n('Best rated'));
        }
        $block->data['recent_pics'] = array('URL' => make_index_url(array('section' => 'recent_pics')), 'TITLE' => l10n('display most recent photos'), 'NAME' => l10n('Recent photos'));
        $block->data['recent_cats'] = array('URL' => make_index_url(array('section' => 'recent_cats')), 'TITLE' => l10n('display recently updated albums'), 'NAME' => l10n('Recent albums'));
        $block->data['random'] = array('URL' => get_root_url() . 'random.php', 'TITLE' => l10n('display a set of random photos'), 'NAME' => l10n('Random photos'), 'REL' => 'rel="nofollow"');
        $block->data['calendar'] = array('URL' => make_index_url(array('chronology_field' => $conf['calendar_datefield'] == 'date_available' ? 'posted' : 'created', 'chronology_style' => 'monthly', 'chronology_view' => 'calendar')), 'TITLE' => l10n('display each day with photos, month per month'), 'NAME' => l10n('Calendar'), 'REL' => 'rel="nofollow"');
        $block->template = 'menubar_specials.tpl';
    }
    //---------------------------------------------------------------------- summary
    if (($block = $menu->get_block('mbMenu')) != null) {
        // quick search block will be displayed only if data['qsearch'] is set
        // to "yes"
        $block->data['qsearch'] = true;
        // tags link
        $block->data['tags'] = array('TITLE' => l10n('display available tags'), 'NAME' => l10n('Tags'), 'URL' => get_root_url() . 'tags.php', 'COUNTER' => get_nb_available_tags());
        // search link
        $block->data['search'] = array('TITLE' => l10n('search'), 'NAME' => l10n('Search'), 'URL' => get_root_url() . 'search.php', 'REL' => 'rel="search"');
        if ($conf['activate_comments']) {
            // comments link
            $block->data['comments'] = array('TITLE' => l10n('display last user comments'), 'NAME' => l10n('Comments'), 'URL' => get_root_url() . 'comments.php', 'COUNTER' => get_nb_available_comments());
        }
        // about link
        $block->data['about'] = array('TITLE' => l10n('About Piwigo'), 'NAME' => l10n('About'), 'URL' => get_root_url() . 'about.php');
        // notification
        $block->data['rss'] = array('TITLE' => l10n('RSS feed'), 'NAME' => l10n('Notification'), 'URL' => get_root_url() . 'notification.php', 'REL' => 'rel="nofollow"');
        $block->template = 'menubar_menu.tpl';
    }
    //--------------------------------------------------------------- identification
    if (is_a_guest()) {
        $template->assign(array('U_LOGIN' => get_root_url() . 'identification.php', 'U_LOST_PASSWORD' => get_root_url() . 'password.php', 'AUTHORIZE_REMEMBERING' => $conf['authorize_remembering']));
        if ($conf['allow_user_registration']) {
            $template->assign('U_REGISTER', get_root_url() . 'register.php');
        }
    } else {
        $template->assign('USERNAME', stripslashes($user['username']));
        if (is_autorize_status(ACCESS_CLASSIC)) {
            $template->assign('U_PROFILE', get_root_url() . 'profile.php');
        }
        // the logout link has no meaning with Apache authentication : it is not
        // possible to logout with this kind of authentication.
        if (!$conf['apache_authentication']) {
            $template->assign('U_LOGOUT', get_root_url() . '?act=logout');
        }
        if (is_admin()) {
            $template->assign('U_ADMIN', get_root_url() . 'admin.php');
        }
    }
    if (($block = $menu->get_block('mbIdentification')) != null) {
        $block->template = 'menubar_identification.tpl';
    }
    $menu->apply('MENUBAR', 'menubar.tpl');
}
示例#6
0
                do_timeout_treatment('cat_false', $check_key_treated);
            }
        }
        break;
    case 'send':
        if (isset($_POST['send_submit']) and isset($_POST['send_selection']) and isset($_POST['send_customize_mail_content'])) {
            $check_key_treated = do_action_send_mail_notification('send', $_POST['send_selection'], stripslashes($_POST['send_customize_mail_content']));
            do_timeout_treatment('send_selection', $check_key_treated);
        }
}
// +-----------------------------------------------------------------------+
// | template initialization                                               |
// +-----------------------------------------------------------------------+
$template->set_filenames(array('double_select' => 'double_select.tpl', 'notification_by_mail' => 'notification_by_mail.tpl'));
$template->assign(array('U_HELP' => get_root_url() . 'admin/popuphelp.php?page=notification_by_mail', 'F_ACTION' => $base_url . get_query_string_diff(array())));
if (is_autorize_status(ACCESS_WEBMASTER)) {
    // TabSheet
    $tabsheet = new tabsheet();
    $tabsheet->set_id('nbm');
    $tabsheet->select($page['mode']);
    $tabsheet->assign();
}
if ($must_repost) {
    // Get name of submit button
    $repost_submit_name = '';
    if (isset($_POST['falsify'])) {
        $repost_submit_name = 'falsify';
    } elseif (isset($_POST['trueify'])) {
        $repost_submit_name = 'trueify';
    } elseif (isset($_POST['send_submit'])) {
        $repost_submit_name = 'send_submit';
示例#7
0
/**
 * Rate a picture by the current user.
 *
 * @param int $image_id
 * @param float $rate
 * @return array as return by update_rating_score()
 */
function rate_picture($image_id, $rate)
{
    global $conf, $user;
    if (!isset($rate) or !$conf['rate'] or !preg_match('/^[0-9]+$/', $rate) or !in_array($rate, $conf['rate_items'])) {
        return false;
    }
    $user_anonymous = is_autorize_status(ACCESS_CLASSIC) ? false : true;
    if ($user_anonymous and !$conf['rate_anonymous']) {
        return false;
    }
    $ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
    if (count($ip_components) > 3) {
        array_pop($ip_components);
    }
    $anonymous_id = implode('.', $ip_components);
    if ($user_anonymous) {
        $save_anonymous_id = pwg_get_cookie_var('anonymous_rater', $anonymous_id);
        if ($anonymous_id != $save_anonymous_id) {
            // client has changed his IP adress or he's trying to fool us
            $query = '
SELECT element_id
  FROM ' . RATE_TABLE . '
  WHERE user_id = ' . $user['id'] . '
    AND anonymous_id = \'' . $anonymous_id . '\'
;';
            $already_there = array_from_query($query, 'element_id');
            if (count($already_there) > 0) {
                $query = '
DELETE
  FROM ' . RATE_TABLE . '
  WHERE user_id = ' . $user['id'] . '
    AND anonymous_id = \'' . $save_anonymous_id . '\'
    AND element_id IN (' . implode(',', $already_there) . ')
;';
                pwg_query($query);
            }
            $query = '
UPDATE ' . RATE_TABLE . '
  SET anonymous_id = \'' . $anonymous_id . '\'
  WHERE user_id = ' . $user['id'] . '
    AND anonymous_id = \'' . $save_anonymous_id . '\'
;';
            pwg_query($query);
        }
        // end client changed ip
        pwg_set_cookie_var('anonymous_rater', $anonymous_id);
    }
    // end anonymous user
    $query = '
DELETE
  FROM ' . RATE_TABLE . '
  WHERE element_id = ' . $image_id . '
    AND user_id = ' . $user['id'] . '
';
    if ($user_anonymous) {
        $query .= ' AND anonymous_id = \'' . $anonymous_id . '\'';
    }
    pwg_query($query);
    $query = '
INSERT
  INTO ' . RATE_TABLE . '
  (user_id,anonymous_id,element_id,rate,date)
  VALUES
  (' . $user['id'] . ',' . '\'' . $anonymous_id . '\',' . $image_id . ',' . $rate . ',NOW())
;';
    pwg_query($query);
    return update_rating_score($image_id);
}