function process_post_data()
{
global $CONFIG, $mb_utf8_regex;
global $lang_errors, $lang_editpics_php;
$pid = (int) $_POST['id'];
$aid = (int) $_POST['aid'];
$pwidth = (int) $_POST['pwidth'];
$pheight = (int) $_POST['pheight'];
$title = $_POST['title'];
$caption = $_POST['caption'];
$keywords = $_POST['keywords'];
$user1 = $_POST['user1'];
$user2 = $_POST['user2'];
$user3 = $_POST['user3'];
$user4 = $_POST['user4'];
$galleryicon = (int) $_POST['galleryicon'];
$isgalleryicon = $galleryicon === $pid;
// need to implement "Read EXIF info again" checkbox; comment out for now
// $read_exif = isset($_POST['read_exif']);
$reset_vcount = isset($_POST['reset_vcount']);
$reset_votes = isset($_POST['reset_votes']);
$del_comments = isset($_POST['del_comments']) || $delete;
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$update = "aid = '" . $aid . "'";
if (is_movie($pic['filename'])) {
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
$update .= ", title = '" . addslashes($title) . "'";
$update .= ", caption = '" . addslashes($caption) . "'";
$update .= ", keywords = '" . addslashes($keywords) . "'";
$update .= ", user1 = '" . addslashes($user1) . "'";
$update .= ", user2 = '" . addslashes($user2) . "'";
$update .= ", user3 = '" . addslashes($user3) . "'";
$update .= ", user4 = '" . addslashes($user4) . "'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';';
cpg_db_query($sql);
$update .= ", galleryicon = " . addslashes($galleryicon);
}
if ($reset_vcount) {
$update .= ", hits = '0'";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
resetDetailVotes($pid);
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
$result = cpg_db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
}
// rename a file
if ($_POST['filename'] != $pic['filename']) {
if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) {
$condition = true;
} elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) {
$condition = true;
} elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) {
$condition = true;
} else {
$condition = false;
}
if ($CONFIG['make_intermediate'] && $condition) {
$prefices = array('fullsize', 'normal', 'thumb');
} else {
$prefices = array('fullsize', 'thumb');
}
if (!is_image($pic['filename'])) {
$prefices = array('fullsize');
}
foreach ($prefices as $prefix) {
$oldname = urldecode(get_pic_url($pic, $prefix));
$filename = replace_forbidden($_POST['filename']);
$newname = str_replace($pic['filename'], $filename, $oldname);
$old_mime = cpg_get_type($oldname);
$new_mime = cpg_get_type($newname);
if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
}
if (!is_known_filetype($newname)) {
cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
}
if (file_exists($newname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
}
if (!file_exists($oldname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
}
if (rename($oldname, $newname)) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1");
} else {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
}
}
}
}
$result = cpg_db_query($query);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$pid[] = $row['pid'];
}
}
if ($reset_views) {
// if reset_views start
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET hits='0' WHERE aid='{$aid}'";
$update = cpg_db_query($query);
if (isset($CONFIG['debug_mode']) && $CONFIG['debug_mode'] == 1) {
$queries[] = $query;
}
if (mysql_affected_rows()) {
$counter_affected_rows++;
}
resetDetailHits($pid);
}
// if reset_views end
if ($reset_rating) {
// if reset_rating start
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET pic_rating='0', votes='0' WHERE aid='{$aid}'";
$update = cpg_db_query($query);
if (isset($CONFIG['debug_mode']) && $CONFIG['debug_mode'] == 1) {
$queries[] = $query;
}
if (mysql_affected_rows()) {
$counter_affected_rows++;
}
resetDetailVotes($pid);
}
// if reset_rating end
/**
* process_post_data()
*
* Function to process the form posted
*/
function process_post_data()
{
global $CONFIG, $user_albums_list, $lang_errors;
$superCage = Inspekt::makeSuperCage();
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$user_album_set = array();
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'");
while ($row = $result->fetchAssoc()) {
$user_album_set[$row['aid']] = 1;
}
$result->free();
$pid_array = $superCage->post->getInt('pid');
if (!is_array($pid_array)) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
if ($superCage->post->keyExists('galleryicon')) {
$galleryicon = $superCage->post->getInt('galleryicon');
} else {
$galleryicon = '';
}
foreach ($pid_array as $pid) {
$aid = $superCage->post->getInt("aid{$pid}");
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = false;
$reset_vcount = false;
$reset_votes = false;
$del_comments = false;
$isgalleryicon = $galleryicon === $pid;
if ($superCage->post->keyExists('delete' . $pid)) {
$delete = $superCage->post->getInt('delete' . $pid);
}
if ($superCage->post->keyExists('reset_vcount' . $pid)) {
$reset_vcount = $superCage->post->getInt('reset_vcount' . $pid);
}
if ($superCage->post->keyExists('reset_votes' . $pid)) {
$reset_votes = $superCage->post->getInt('reset_votes' . $pid);
}
if ($superCage->post->keyExists('del_comments' . $pid)) {
$del_comments = $superCage->post->getInt('del_comments' . $pid);
}
// We will be selecting pid in the query as we need it in $pic array for the plugin filter
$query = "SELECT pid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = {$pid}";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = $result->fetchAssoc(true);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}
cpg_trim_keywords($keywords);
$update = "aid = '{$aid}'";
$update .= ", title = '{$title}'";
$update .= ", caption = '{$caption}'";
$update .= ", keywords = '{$keywords}'";
$update .= ", user1 = '{$user1}'";
$update .= ", user2 = '{$user2}'";
$update .= ", user3 = '{$user3}'";
$update .= ", user4 = '{$user4}'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}");
$update .= ", galleryicon = " . $galleryicon;
}
if (is_movie($pic['filename'])) {
$pwidth = $superCage->post->getInt('pwidth' . $pid);
$pheight = $superCage->post->getInt('pheight' . $pid);
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
if ($reset_vcount) {
$update .= ", hits = 0";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = 0, votes = 0";
resetDetailVotes($pid);
}
if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) {
$approved = '';
if ($superCage->post->keyExists('approved' . $pid)) {
$approved = $superCage->post->getAlpha('approved' . $pid);
}
if ($approved == 'YES') {
$update .= ", approved = 'YES'";
} else {
$update .= ", approved = 'NO'";
}
}
if ($del_comments || $delete) {
cpg_db_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = {$pid}");
}
if ($delete) {
$dir = $CONFIG['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
}
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
// Check for custom thumbnails for non-images
if (!is_image($file)) {
$mime_content = cpg_get_type($file);
$file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file));
foreach (array('.gif', '.png', '.jpg') as $thumb_extension) {
if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) {
// Thumbnail found, check if it's the only file using that thumbnail
$count = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'")->result(0);
if ($count == 1) {
unset($files[count($files) - 1]);
$files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension;
break;
}
}
}
}
foreach ($files as $currFile) {
if (is_file($currFile)) {
@unlink($currFile);
}
}
// Plugin filter to be called before deleting a file
CPGPluginAPI::action('before_delete_file', $pic);
cpg_db_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid} LIMIT 1");
cpg_db_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '{$pid}'");
// Plugin filter to be called after a file is deleted
CPGPluginAPI::action('after_delete_file', $pic);
} else {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid = {$pid}");
// Executes after a file update is committed
CPGPluginAPI::action('after_edit_file', $pid);
}
}
}
/**
* process_post_data()
*
* Function to process the form posted
*/
function process_post_data()
{
global $CONFIG;
global $user_albums_list, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_album_set = array();
foreach ($user_albums_list as $album) {
$user_album_set[$album['aid']] = 1;
}
$pid = $superCage->post->getInt('pid');
if (!is_array($pid)) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
$pid_array = $pid;
if ($superCage->post->keyExists('galleryicon')) {
$galleryincon = $superCage->post->getInt('galleyicon');
} else {
$galleryicon = '';
}
foreach ($pid_array as $pid) {
$aid = $superCage->post->getInt("aid{$pid}");
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = false;
$reset_vcount = false;
$reset_votes = false;
$del_comments = false;
$isgalleryicon = $galleryicon === $pid;
if ($superCage->post->keyExists('delete' . $pid)) {
$delete = $superCage->post->getInt('delete' . $pid);
}
if ($superCage->post->keyExists('reset_vcount' . $pid)) {
$reset_vcount = $superCage->post - getInt('reset_vcount' . $pid);
}
if ($superCage->post->keyExists('reset_votes' . $pid)) {
$reset_votes = $superCage->post->getInt('reset_votes' . $pid);
}
if ($superCage->post->keyExists('del_comments' . $pid)) {
$del_comments = $superCage->post->getInt('del_comments' . $pid) || $delete;
}
// OVI
//$query = "SELECT category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'";
$query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid, category, filepath, filename, owner_id, total_filesize FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'";
$result = cpg_db_query($query);
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(target album = {$aid})", __FILE__, __LINE__);
}
}
$update = "aid = '{$aid}'";
$update .= ", title = '{$title}'";
$update .= ", caption = '{$caption}'";
$update .= ", keywords = '{$keywords}'";
$update .= ", user1 = '{$user1}'";
$update .= ", user2 = '{$user2}'";
$update .= ", user3 = '{$user3}'";
$update .= ", user4 = '{$user4}'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = 'UPDATE ' . $CONFIG['TABLE_PICTURES'] . ' SET galleryicon=0 WHERE owner_id=' . $pic['owner_id'] . ';';
cpg_db_query($sql);
$update .= ", galleryicon = " . addslashes($galleryicon);
}
if (is_movie($pic['filename'])) {
$pwidth = $superCage->post->getInt('pwidth' . $pid);
$pheight = $superCage->post->getInt('pheight' . $pid);
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
if ($reset_vcount) {
$update .= ", hits = '0'";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
resetDetailVotes($pid);
}
if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) {
if ($superCage->post->keyExists('approved' . $pid)) {
$approved = $superCage->post->getAlpha('approved' . $pid);
}
if ($approved) {
$update .= ", approved = 'YES'";
} else {
$update .= ", approved = 'NO'";
}
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
$result = cpg_db_query($query);
}
if ($delete) {
$dir = $CONFIG['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
}
///////// OVI
$picture_id = $pid;
$owner_id = $pic['owner_id'];
$imageContainer = new FileContainer($picture_id, $owner_id);
$imageContainer->original_path = $dir . $file;
// check
$imageContainer->total_filesize = $pic['total_filesize'];
///////// OVI
/* // OVI
$files = array ($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
foreach ($files as $currFile){
if (is_file($currFile)) @unlink($currFile);
}
*/
///////// OVI
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
foreach ($files as $currFile) {
if ($currFile != $dir . $file) {
$imageContainer->thumb_paths[] = $currFile;
}
if (is_file($currFile)) {
@unlink($currFile);
}
}
///////// OVI
///// OVI
global $storage;
$storage->delete_file($imageContainer);
///// OVI
$query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
}
}
}
function process_post_data()
{
global $CONFIG, $USER_DATA, $lang_errors, $lang_editpics_php, $superCage;
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$user_album_set = array();
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'");
while ($row = mysql_fetch_assoc($result)) {
$user_album_set[$row['aid']] = 1;
}
mysql_free_result($result);
$pid = $superCage->post->getInt('id');
$aid = $superCage->post->getInt('aid');
$pwidth = $superCage->post->getInt('pwidth');
$pheight = $superCage->post->getInt('pheight');
$title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title'));
$caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption'));
$keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords')));
$user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1'));
$user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2'));
$user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3'));
$user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4'));
$galleryicon = $superCage->post->getInt('galleryicon');
$isgalleryicon = $galleryicon == $pid;
$read_exif = $superCage->post->keyExists('read_exif') ? $superCage->post->getInt('read_exif') : 0;
$reset_vcount = $superCage->post->keyExists('reset_vcount') ? $superCage->post->getInt('reset_vcount') : 0;
$reset_votes = $superCage->post->keyExists('reset_votes') ? $superCage->post->getInt('reset_votes') : 0;
$del_comments = $superCage->post->keyExists('del_comments') ? $superCage->post->getInt('del_comments') : 0;
$result = cpg_db_query("SELECT category, owner_id, url_prefix, filepath, filename, pwidth, pheight, p.aid AS aid FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = '{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_assoc($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}
if (!USER_ID || !(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '{$aid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$new_alb = mysql_fetch_assoc($result);
mysql_free_result($result);
cpg_trim_keywords($keywords);
$update = "aid = '{$aid}'";
if (is_movie($pic['filename'])) {
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
$update .= ", title = '{$title}'";
$update .= ", caption = '{$caption}'";
$update .= ", keywords = '{$keywords}'";
if (GALLERY_ADMIN_MODE) {
$approved = $superCage->post->getAlpha('approved');
$update .= ", approved = '{$approved}'";
} elseif ($new_alb['category'] < FIRST_USER_CAT && $aid != $pic['aid']) {
$approved = $USER_DATA['pub_upl_need_approval'] ? 'NO' : 'YES';
$update .= ", approved = '{$approved}'";
} elseif ($new_alb['category'] > FIRST_USER_CAT && $aid != $pic['aid'] && $pic['category'] < FIRST_USER_CAT) {
$approved = $USER_DATA['priv_upl_need_approval'] ? 'NO' : 'YES';
$update .= ", approved = '{$approved}'";
}
$update .= ", user1 = '{$user1}'";
$update .= ", user2 = '{$user2}'";
$update .= ", user3 = '{$user3}'";
$update .= ", user4 = '{$user4}'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = "UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}";
cpg_db_query($sql);
$update .= ", galleryicon = " . $galleryicon;
}
if ($reset_vcount) {
$update .= ", hits = 0";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = 0, votes = 0";
resetDetailVotes($pid);
}
if ($read_exif) {
// If "read exif info again" is checked then just delete the entry from the exif table.
// The new exif information will automatically be read when someone views the image.
$query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = '{$pid}'";
cpg_db_query($query);
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '{$pid}'";
cpg_db_query($query);
}
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
cpg_db_query($query);
// Executes after a file update is committed
CPGPluginAPI::action('after_edit_file', $pid);
// rename a file
if ($superCage->post->keyExists('filename')) {
$post_filename = $superCage->post->getEscaped('filename');
}
if ($post_filename != $pic['filename']) {
if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($pic['pwidth'], $pic['pheight'])) {
$prefixes = array('fullsize', 'normal', 'thumb');
} else {
$prefixes = array('fullsize', 'thumb');
}
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$prefixes[] = 'orig';
}
if (!is_image($pic['filename'])) {
$prefixes = array('fullsize');
// Check for custom thumbnails
$mime_content_old = cpg_get_type($pic['filename']);
$mime_content_new = cpg_get_type(replace_forbidden($post_filename));
$file_base_name_old = str_replace('.' . $mime_content_old['extension'], '', basename($pic['filename']));
foreach (array('.gif', '.png', '.jpg') as $thumb_extension) {
if (file_exists($CONFIG['fullpath'] . $pic['filepath'] . $CONFIG['thumb_pfx'] . $file_base_name_old . $thumb_extension)) {
// Thumbnail found, check if it's the only file using that thumbnail
$count = mysql_result(cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name_old}.%'"), 0);
if ($count == 1) {
$prefixes[] = 'thumb';
$custom_thumb = TRUE;
break;
}
}
}
}
$pic_prefix = array('thumb' => $CONFIG['thumb_pfx'], 'normal' => $CONFIG['normal_pfx'], 'orig' => $CONFIG['orig_pfx'], 'fullsize' => '');
$files_to_rename = array();
foreach ($prefixes as $prefix) {
$oldname = urldecode($CONFIG['fullpath'] . $pic['filepath'] . $pic_prefix[$prefix] . $pic['filename']);
$filename = replace_forbidden($post_filename);
$newname = str_replace($pic['filename'], $filename, $oldname);
if ($custom_thumb == TRUE && $prefix == 'thumb') {
$oldname = str_replace('.' . $mime_content_old['extension'], $thumb_extension, $oldname);
$newname = str_replace('.' . $mime_content_new['extension'], $thumb_extension, $newname);
}
$old_mime = cpg_get_type($oldname);
$new_mime = cpg_get_type($newname);
if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
}
if (!is_known_filetype($newname)) {
cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
}
if (file_exists($newname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
}
if (!file_exists($oldname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
}
// Check if there will be no conflicts before doing anything
$files_to_rename[] = array('oldname' => $oldname, 'filename' => $filename, 'newname' => $newname);
}
if (count($files_to_rename) > 0) {
foreach ($files_to_rename as $file) {
if (rename($file['oldname'], $file['newname'])) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$file['filename']}' WHERE pid = '{$pid}' LIMIT 1");
} else {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
}
}
}
}
}
function process_post_data()
{
global $CONFIG;
global $user_albums_list, $lang_errors;
$user_album_set = array();
foreach ($user_albums_list as $album) {
$user_album_set[$album['aid']] = 1;
}
if (!is_array($_POST['pid'])) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
$pid_array =& $_POST['pid'];
$galleryicon = (int) $_POST['galleryicon'];
foreach ($pid_array as $pid) {
$pid = (int) $pid;
$aid = (int) get_post_var('aid', $pid);
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$isgalleryicon = $galleryicon === $pid;
$delete = isset($_POST['delete' . $pid]);
$reset_vcount = isset($_POST['reset_vcount' . $pid]);
$reset_votes = isset($_POST['reset_votes' . $pid]);
$del_comments = isset($_POST['del_comments' . $pid]) || $delete;
$query = "SELECT category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'";
$result = cpg_db_query($query);
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(target album = {$aid})", __FILE__, __LINE__);
}
}
$update = "aid = '" . $aid . "'";
$update .= ", title = '" . addslashes($title) . "'";
$update .= ", caption = '" . addslashes($caption) . "'";
$update .= ", keywords = '" . addslashes($keywords) . "'";
$update .= ", user1 = '" . addslashes($user1) . "'";
$update .= ", user2 = '" . addslashes($user2) . "'";
$update .= ", user3 = '" . addslashes($user3) . "'";
$update .= ", user4 = '" . addslashes($user4) . "'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';';
cpg_db_query($sql);
$update .= ", galleryicon = " . addslashes($galleryicon);
}
if (is_movie($pic['filename'])) {
$pwidth = get_post_var('pwidth', $pid);
$pheight = get_post_var('pheight', $pid);
$update .= ", pwidth = " . (int) $pwidth;
$update .= ", pheight = " . (int) $pheight;
}
if ($reset_vcount) {
$update .= ", hits = '0'";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
resetDetailVotes($pid);
}
if (UPLOAD_APPROVAL_MODE) {
$approved = get_post_var('approved', $pid);
if ($approved == 'YES') {
$update .= ", approved = 'YES'";
} elseif ($approved == 'DELETE') {
$del_comments = 1;
$delete = 1;
}
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
$result = cpg_db_query($query);
}
if ($delete) {
$dir = $CONFIG['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
}
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
foreach ($files as $currFile) {
if (is_file($currFile)) {
@unlink($currFile);
}
}
$query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
}
}
}
function process_post_data()
{
global $CONFIG, $mb_utf8_regex;
global $lang_errors, $lang_editpics_php;
$superCage = Inspekt::makeSuperCage();
$pid = $superCage->post->getInt('id');
$aid = $superCage->post->getInt('aid');
$pwight = $superCage->post->getInt('pwidth');
$pheight = $superCage->post->getInt('pheight');
$title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title'));
$caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption'));
$keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords')));
$user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1'));
$user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2'));
$user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3'));
$user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4'));
$galleryicon = $superCage->post->getInt('galleryicon');
$isgalleryicon = $galleryicon === $pid;
if ($superCage->post->keyExists('read_exif')) {
$read_exif = $superCage->post->getInt('read_exif');
}
if ($superCage->post->keyExists('reset_vcount')) {
$reset_vcount = $superCage->post->getInt('reset_vcount');
}
if ($superCage->post->keyExists('reset_votes')) {
$reset_votes = $superCage->post->getInt('reset_votes');
}
if ($superCage->post->keyExists('del_comments')) {
$del_comments = $superCage->post->getInt('del_comments') || $delete;
}
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$update = "aid = '" . $aid . "'";
if (is_movie($pic['filename'])) {
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
$update .= ", title = '" . $title . "'";
$update .= ", caption = '" . $caption . "'";
$update .= ", keywords = '" . $keywords . "'";
if (GALLERY_ADMIN_MODE) {
$approved = $superCage->post->getAlpha('approved');
$update .= ", approved = '" . $approved . "'";
}
$update .= ", user1 = '" . $user1 . "'";
$update .= ", user2 = '" . $user2 . "'";
$update .= ", user3 = '" . $user3 . "'";
$update .= ", user4 = '" . $user4 . "'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';';
cpg_db_query($sql);
$update .= ", galleryicon = " . $galleryicon;
}
if ($reset_vcount) {
$update .= ", hits = '0'";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
resetDetailVotes($pid);
}
if ($read_exif) {
$filepath = urldecode(get_pic_url($pic, 'fullsize'));
// If read exif info again is checked then we will just delete the entry from exif table. The new exif information will automatically be read when someone views the image.
$query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE filename = '{$filepath}'";
cpg_db_query($query);
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
$result = cpg_db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
}
// rename a file
if ($superCage->post->keyExists('filename') && ($matches = $superCage->post->getMatched('filename', '/^[0-9A-Za-z\\/_.-]+$/'))) {
$post_filename = $matches[0];
}
if ($post_filename != $pic['filename']) {
if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) {
$condition = true;
} elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) {
$condition = true;
} elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) {
$condition = true;
} else {
$condition = false;
}
if ($CONFIG['make_intermediate'] && $condition) {
$prefices = array('fullsize', 'normal', 'thumb');
} else {
$prefices = array('fullsize', 'thumb');
}
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$prefices[] = 'orig';
}
if (!is_image($pic['filename'])) {
$prefices = array('fullsize');
}
foreach ($prefices as $prefix) {
// OVI
// $oldname = urldecode(get_pic_url($pic, $prefix));
$oldname = urldecode(get_pic_url($pic, $prefix, false, true));
// OVI
$filename = replace_forbidden($post_filename);
$newname = str_replace($pic['filename'], $filename, $oldname);
$old_mime = cpg_get_type($oldname);
$new_mime = cpg_get_type($newname);
if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
}
if (!is_known_filetype($newname)) {
cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
}
// OVI
//if (file_exists($newname))
//cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
//if (!file_exists($oldname))
//cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
// OVI
// OVI
$imageContainer = new FileContainer($pic['pid'], $pic['owner_id']);
$imageContainer->original_path = $oldname;
//echo $imageContainer->original_path." ".$newname;exit(1);
global $storage;
if (!$storage->rename_file($imageContainer, $newname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
}
// OVI
/*if (rename($oldname, $newname))
{
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '$filename' WHERE pid = '$pid' LIMIT 1");
} else cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
*/
}
// foreach
// OVI
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1");
// OVI
}
}
