function phphoto_admin($db, $settings, $admin) { switch ($admin) { case GET_VALUE_ADMIN_GALLERY: $gallery_id = isset($_GET[GET_KEY_GALLERY_ID]) ? $_GET[GET_KEY_GALLERY_ID] : INVALID_ID; if (is_numeric($gallery_id) && $gallery_id != INVALID_ID) { phphoto_echo_admin_gallery($db, $gallery_id); } else { phphoto_echo_admin_galleries($db); } break; case GET_VALUE_ADMIN_TAG: $tag_id = isset($_GET[GET_KEY_TAG_ID]) ? $_GET[GET_KEY_TAG_ID] : INVALID_ID; if (is_numeric($tag_id) && $tag_id != INVALID_ID) { phphoto_echo_admin_tag($db, $tag_id); } else { phphoto_echo_admin_tags($db); } break; case GET_VALUE_ADMIN_IMAGE: $image_id = isset($_GET[GET_KEY_IMAGE_ID]) ? $_GET[GET_KEY_IMAGE_ID] : INVALID_ID; if (is_numeric($image_id) && $image_id != INVALID_ID) { phphoto_echo_admin_image($db, $image_id); } else { phphoto_echo_admin_images($db); } break; case GET_VALUE_ADMIN_CAMERA: phphoto_echo_admin_cameras($db); break; default: phphoto_echo_admin_default($db, $settings); break; } }
function phphoto_echo_admin_tag($db, $tag_id) { assert(is_numeric($tag_id)); // prevent SQL injections // OPERATIONS if (isset($_GET[GET_KEY_OPERATION])) { if (isset($_REQUEST[GET_KEY_IMAGE_ID]) && is_numeric($_REQUEST[GET_KEY_IMAGE_ID])) { // operate on image in tag $image_id = $_REQUEST[GET_KEY_IMAGE_ID]; assert(is_numeric($image_id)); // prevent SQL injections if ($_GET[GET_KEY_OPERATION] == GET_VALUE_CREATE) { // add image to tag $sql = "INSERT INTO image_to_tag (tag_id, image_id, created) VALUES ({$tag_id}, {$image_id}, NOW())"; if (phphoto_db_query($db, $sql) == 1) { phphoto_popup_message(phphoto_text($db, 'tag', 'image_added'), 'info'); } } if ($_GET[GET_KEY_OPERATION] == GET_VALUE_DELETE) { // remove image from tag $sql = "DELETE FROM image_to_tag WHERE tag_id = {$tag_id} AND image_id = {$image_id}"; if (phphoto_db_query($db, $sql) == 1) { phphoto_popup_message(phphoto_text($db, 'tag', 'image_removed'), 'info'); } } } else { if ($_GET[GET_KEY_OPERATION] == GET_VALUE_UPDATE && isset($_POST['name']) && isset($_POST['description'])) { // update tag $name = $_POST['name']; $description = $_POST['description']; $active = isset($_POST['active']) ? 'TRUE' : 'FALSE'; $sql = sprintf("UPDATE tags SET name = '%s', description = '%s', active = %s WHERE id = %s", mysql_real_escape_string($name, $db), mysql_real_escape_string($description, $db), $active, $tag_id); if (phphoto_db_query($db, $sql) == 1) { phphoto_popup_message(phphoto_text($db, 'tag', 'updated'), 'info'); } } if ($_GET[GET_KEY_OPERATION] == GET_VALUE_DELETE) { // delete tag $sql = "DELETE FROM tags WHERE id = {$tag_id}"; if (phphoto_db_query($db, $sql) == 1) { phphoto_popup_message(phphoto_text($db, 'tag', 'deleted'), 'info'); phphoto_echo_admin_tags($db); return; } else { phphoto_popup_message(phphoto_text($db, 'tag', 'delete_error'), 'error'); } } } } $sql = "\n SELECT\n id,\n name,\n description,\n (SELECT COUNT(*) FROM image_to_tag WHERE tag_id = id) AS images,\n active,\n changed,\n created\n FROM\n tags\n WHERE\n id = {$tag_id}\n "; $tag_data = phphoto_db_query($db, $sql); if (count($tag_data) != 1) { phphoto_popup_message(phphoto_text($db, 'tag', 'unknown'), 'error'); echo "\n</div>"; return; } $tag_data = $tag_data[0]; $table_data = array(); array_push($table_data, array(phphoto_text($db, 'header', 'name'), "<input type='input' name='name' maxlength='255' value='{$tag_data['name']}'>")); array_push($table_data, array(phphoto_text($db, 'header', 'description'), "<textarea name='description'>{$tag_data['description']}</textarea>")); array_push($table_data, array(phphoto_text($db, 'header', 'active'), "<input type='checkbox' name='active'" . ($tag_data['active'] ? ' checked' : '') . ">")); array_push($table_data, array(phphoto_text($db, 'header', 'changed'), format_date_time($tag_data['changed']))); array_push($table_data, array(phphoto_text($db, 'header', 'created'), format_date_time($tag_data['created']))); array_push($table_data, array(' ', "<input type='submit' value='" . phphoto_text($db, 'button', 'update') . "'>")); echo "\n<div class='admin'>"; echo "\n <h1>" . phphoto_text($db, 'tag', 'edit') . "</h1>"; echo "\n <form method='post' action='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_TAG . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_UPDATE . '&' . GET_KEY_TAG_ID . "={$tag_id}'>"; phphoto_to_html_table($table_data); echo "\n </form>"; echo "\n</div>"; // images not tagged with this tag echo "\n<div class='admin'>"; echo "\n <h1>" . phphoto_text($db, 'tag', 'not_tagged_images') . "</h1>"; $sql = "\n SELECT\n id,\n IF (LENGTH(title) > 0, title, filename) AS name\n FROM\n images\n WHERE\n id NOT IN (SELECT image_id FROM image_to_tag WHERE tag_id = {$tag_id})\n "; $images = phphoto_db_query($db, $sql); if (count($images) > 0) { echo "\n <form method='post' action='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_TAG . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_CREATE . '&' . GET_KEY_TAG_ID . "={$tag_id}'>"; echo "\n <select name='" . GET_KEY_IMAGE_ID . "'>"; foreach ($images as $row) { echo "\n <option value='{$row['id']}'>{$row['name']}</option>"; } echo "\n </select>"; echo "\n <input type='submit' value='" . phphoto_text($db, 'button', 'add') . "'>"; echo "\n </form>"; } echo "\n</div>"; // images tagged $sql = "\n SELECT\n id,\n IF (LENGTH(title) > 0, title, filename) AS name,\n active\n FROM\n images\n WHERE\n id IN (SELECT image_id FROM image_to_tag WHERE tag_id = {$tag_id})\n "; $header = array(phphoto_text($db, 'header', 'thumbnail'), phphoto_text($db, 'header', 'name'), phphoto_text($db, 'header', 'active'), ' '); $images = array(); foreach (phphoto_db_query($db, $sql) as $row) { array_push($images, array("<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_IMAGE . '&' . GET_KEY_IMAGE_ID . "={$row['id']}'>\n <img src='image.php?" . GET_KEY_IMAGE_ID . "={$row['id']}t' class='thumbnail' /></a>", $row['name'], format_bool($row['active']), "<a href='" . CURRENT_PAGE . '?' . GET_KEY_ADMIN_QUERY . '=' . GET_VALUE_ADMIN_TAG . '&' . GET_KEY_OPERATION . '=' . GET_VALUE_DELETE . '&' . GET_KEY_TAG_ID . '=' . $tag_id . '&' . GET_KEY_IMAGE_ID . "={$row['id']}'><img src='./icons/process-stop.png' /></a>")); } echo "\n<div class='admin'>"; echo "\n <h1>" . phphoto_text($db, 'tag', 'tagged_images') . "</h1>"; phphoto_to_html_table($images, $header); echo "\n</div>"; }