Changeset 569
- Timestamp:
- 07/29/08 16:01:29 (2 years ago)
- Location:
- trunk
- Files:
-
- 9 edited
-
plog-admin/index.php (modified) (1 diff)
-
plog-admin/plog-admin-functions.php (modified) (24 diffs)
-
plog-admin/plog-admin.php (modified) (2 diffs)
-
plog-admin/plog-feedback.php (modified) (1 diff)
-
plog-admin/plog-manage.php (modified) (12 diffs)
-
plog-admin/plog-upload.php (modified) (1 diff)
-
plog-download.php (modified) (5 diffs)
-
plog-includes/plog-functions.php (modified) (11 diffs)
-
plog-remote.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/plog-admin/index.php
r555 r569 2 2 // load configuration variables from database, plog-globals, & plog-includes/plog-functions 3 3 require_once(dirname(dirname(__FILE__))."/plog-load-config.php"); 4 5 // if we're already logged in, redirect to the upload page 6 if (isset($_SESSION['plogger_logged_in']) && $_SESSION['plogger_logged_in'] === true) { 7 header("Location: plog-upload.php"); 8 exit; 9 } 4 10 5 11 $output = ''; -
trunk/plog-admin/plog-admin-functions.php
r568 r569 33 33 } 34 34 35 function generate_pagination_view_menu() { 36 $url_query = "?"; 37 $url_parts = parse_url($_SERVER['REQUEST_URI']); 38 if (isset($url_parts['query'])) { 39 // if entries_per_page is already present in URL, remove it 40 if (strpos($url_parts['query'], "entries_per_page") !== false || strpos($url_parts['query'], "plog_page") !== false) { 41 parse_str($url_parts['query'], $query_parts); 42 foreach ($query_parts as $qkey => $qval) { 43 if ($qkey != "entries_per_page" && $qkey != "plog_page") { 44 $url_query .= $qkey."=".$qval."&"; 45 } 46 } 47 } else { 48 $url_query .= $url_parts['query']."&"; 49 } 50 } 51 52 $java = 'document.location.href = \''.$url_parts['path'].$url_query.'entries_per_page=\'+this.options[this.selectedIndex].value'; 53 54 $possible_values = array("1"=>1, "5"=>5, "10"=>10, "20"=>20, "50"=>50, "100"=>100, "250"=>250, "500"=>500); 55 $output= "\n\t\t\t" . '<label accesskey="e" for="entries_on_page">' .plog_tr('<em>E</em>ntries per page') . '</label> 56 <select class="entries-page" onchange="'.$java.'" name="entries_per_page" style="width: 60px;">'; 57 foreach ($possible_values as $key => $value) { 58 if ($_SESSION['entries_per_page'] == $key) { 59 $output .= "\n\t\t\t\t".'<option value="'.$value.'" selected="selected">'.$key.'</option>'; 60 } else { 61 $output .= "\n\t\t\t\t".'<option value="'.$value.'">'.$key.'</option>'; 62 } 63 } 64 $output.= "\n\t\t\t".'</select>'; 65 return $output; 66 } 67 35 68 function add_picture($album_id,$tmpname,$filename,$caption,$desc) { 36 69 global $config; … … 72 105 73 106 while (is_file($config['basedir'].'plog-content/images/'.$create_path."/".$unique_filename_base.".".$filename_ext)){ 74 $unique_filename_base = SmartStripSlashes($filename_base)." 75 } 76 77 $final_filename = $unique_filename_base. "." . $filename_ext;107 $unique_filename_base = SmartStripSlashes($filename_base)."(" . ++$i .")"; 108 } 109 110 $final_filename = sanitize_filename($unique_filename_base) . "." . $filename_ext; 78 111 79 112 // final fully qualified file name 80 $final_fqfn = $config[ "basedir"].'plog-content/images/'.$create_path.'/'.$final_filename;113 $final_fqfn = $config['basedir'].'plog-content/images/'.$create_path.'/'.$final_filename; 81 114 82 115 if (!makeDirs($config['basedir'].'plog-content/images/'.$create_path, 0777)) { … … 164 197 }; 165 198 166 function update_picture($id, $caption,$allow_comments,$description) {199 function update_picture($id, $caption, $allow_comments, $description) { 167 200 $id = intval($id); 168 201 $caption = mysql_real_escape_string($caption); … … 175 208 WHERE id='$id'"; 176 209 $result = mysql_query($query); 177 if ($result) 210 if ($result) { 178 211 return array('output' => plog_tr('You have successfully modified the selected picture.')); 179 else212 } else { 180 213 return array('errors' => mysql_error()); 214 } 181 215 } 182 216 … … 235 269 $i = 0; 236 270 while ($to_album != $picture['parent_album'] && is_file($config['basedir'].'plog-content/images/'.$target_path."/".$unique_filename_base.".".$filename_ext)){ 237 $unique_filename_base = $filename_base." 271 $unique_filename_base = $filename_base."(" . ++$i . ")"; 238 272 } 239 273 240 274 // final fully qualified file name 241 $picture_path = $target_path.'/'. $unique_filename_base.".".$filename_ext;275 $picture_path = $target_path.'/'.sanitize_filename($unique_filename_base).".".$filename_ext; 242 276 $final_fqfn = $config['basedir'].'plog-content/images/'.$picture_path; 243 277 … … 392 426 $target_path = $config["basedir"] . "plog-content/images/".$target_name; 393 427 394 // do not allow collections with duplicate names, otherwise mod_rewritten links will start 395 // to behave weird. 396 if ($row["name"] != $name && is_dir($target_path)) { 397 // if there is already a directory, check to see if it's in the database 398 $collection_data = get_collection_by_name($name); 399 if ($collection_data){ 400 // it's in the database, so throw duplicate collection error 401 return array("errors" => sprintf(plog_tr('Collection `%s` could not be renamed to `%s`, because there is another collection with that name'),$row['name'],$name)); 402 } else{ 403 // it's not in the database so attempt to delete the directory 404 if (!@rmdir($target_path)){ 405 // could not delete the directory, so prompt the user to delete it manually 406 return array("errors" => sprintf(plog_tr('Collection directory `%s` exists, but no collection exists in the database. Attempt to delete automatically failed. Please delete folder via FTP manually and try again.'), $target_path)); 428 // check for self-re-naming collection instance 429 if ($source_path != $target_path) { 430 // do not allow collections with duplicate names, otherwise mod_rewritten links will start 431 // to behave weird. 432 if (is_dir($target_path)) { 433 // if there is already a directory, check to see if it's in the database 434 $collection_data = get_collection_by_name($name); 435 if ($collection_data){ 436 // it's in the database, so throw duplicate collection error 437 return array("errors" => sprintf(plog_tr('Collection `%s` could not be renamed to `%s`, because there is another collection with that name'),$row['name'],$name)); 438 } else{ 439 // it's not in the database so attempt to delete the directory 440 if (!@rmdir($target_path)){ 441 // could not delete the directory, so prompt the user to delete it manually 442 return array("errors" => sprintf(plog_tr('Collection directory `%s` exists, but no collection exists in the database. Attempt to delete automatically failed. Please delete folder via FTP manually and try again.'), $target_path)); 443 } 407 444 } 408 445 } 409 } 410 411 // perform the rename on the directory412 if (!rename($source_path, $target_path)) {413 return array("errors" => sprintf(plog_tr("Error renaming directory! (%s to %s)"),$source_path,$target_path));446 447 // perform the rename on the directory 448 if (!rename($source_path, $target_path)) { 449 return array("errors" => sprintf(plog_tr("Error renaming directory! (%s to %s)"),$source_path,$target_path)); 450 } 414 451 } 415 452 … … 470 507 } else { 471 508 return array('errors' => plog_tr('Could not modify selected collection')); 472 } ;509 } 473 510 474 511 } … … 541 578 // first try to create the directory to hold the images, if that fails, then the album 542 579 // will be unusable anyway 543 $create_path = $config[ "basedir"] . "plog-content/images/".SmartStripSlashes($row["collection_path"])."/".$album_folder;580 $create_path = $config['basedir'] . "plog-content/images/".SmartStripSlashes($row['collection_path'])."/".$album_folder; 544 581 545 582 // check path so we are not creating duplicate albums within the same collection … … 582 619 } 583 620 584 function update_album($album_id,$name,$description,$thumbnail_id = 0) { 585 global $config; 586 621 function update_album($album_id, $name, $description, $thumbnail_id = 0) { 622 global $config; 587 623 $errors = $output = ""; 588 589 $target_name = strtolower(sanitize_filename(SmartStripSlashes($name))); 590 624 591 625 $album_id = intval($album_id); 592 626 $thumbnail_id = intval($thumbnail_id); 593 $name = mysql_real_escape_string(SmartStripSlashes( $name));627 $name = mysql_real_escape_string(SmartStripSlashes(trim($name))); 594 628 $description = mysql_real_escape_string(SmartStripSlashes($description)); 629 if (empty($name)) { 630 return array("errors" => plog_tr("Please enter a valid name for the album")); 631 } 632 633 $target_name = strtolower(sanitize_filename(SmartStripSlashes($name))); 595 634 596 635 // first, get the album name and collection name of our source album 597 $sql = "SELECT c.path AS collection_path, a.path AS album_path 636 $sql = "SELECT c.path AS collection_path, a.path AS album_path, a.parent_id AS collection_id 598 637 FROM ".TABLE_PREFIX."albums a, ".TABLE_PREFIX."collections c 599 WHERE c.id = a.parent_id AND a.id = '$album_id'";638 WHERE c.id = a.parent_id AND a.id = ".$album_id; 600 639 601 640 $result = run_query($sql); 602 641 $row = mysql_fetch_assoc($result); 603 642 604 $source_album_name = SmartStripSlashes($row[ "album_path"]);605 $source_collection_name = SmartStripSlashes($row[ "collection_path"]);643 $source_album_name = SmartStripSlashes($row['album_path']); 644 $source_collection_name = SmartStripSlashes($row['collection_path']); 606 645 607 646 $source_path = $config['basedir'] . "plog-content/images/".$source_collection_name."/".$source_album_name; 608 647 $target_path = $config['basedir'] . "plog-content/images/".$source_collection_name."/".$target_name; 609 648 610 // check path so we are not creating duplicate albums within the same collection 611 if (is_dir($target_path)){ 612 // if there is already a directory, check to see if it's in the database 613 $album_data = get_album_by_name($album_name, $to_collection); 614 if ($album_data) { 615 // it's in the database, so throw duplicate album error 616 return array("errors" => sprintf(plog_tr('New album could not be created, because there already is one named `%s` in the collection `%s`!'), $target_name, $source_collection_name)); 617 } else { 618 // it's not in the database so attempt to delete the directory 619 if (!@rmdir($target_path)){ 620 // could not delete the directory, so prompt the user to delete it manually 621 return array("errors" => sprintf(plog_tr('Album directory `%s` exists, but no album exists in the database. Attempt to delete automatically failed. Please delete folder via FTP manually and try again.'), $target_path)); 649 // check for self-re-naming album instance 650 if ($source_path != $target_path) { 651 // check path so we are not creating duplicate albums within the same collection 652 if (is_dir($target_path)) { 653 // if there is already a directory, check to see if it's in the database 654 $album_data = get_album_by_name($name, $row['collection_id']); 655 if ($album_data) { 656 // it's in the database, so throw duplicate album error 657 return array("errors" => sprintf(plog_tr('New album could not be created, because there already is one named `%s` in the collection `%s`!'), $target_name, $source_collection_name)); 658 } else { 659 // it's not in the database so attempt to delete the directory 660 if (!@rmdir($target_path)){ 661 // could not delete the directory, so prompt the user to delete it manually 662 return array("errors" => sprintf(plog_tr('Album directory `%s` exists, but no album exists in the database. Attempt to delete automatically failed. Please delete folder via FTP manually and try again.'), $target_path)); 663 } 622 664 } 623 665 } 624 } 625 626 // perform the rename on the directory627 if (!rename($source_path, $target_path))628 {629 return array(630 "errors" => sprintf(plog_tr("Error renaming directory! (%s to %s)"),$source_path,$target_path));666 667 // perform the rename on the directory 668 if (!rename($source_path, $target_path)) 669 { 670 return array( 671 "errors" => sprintf(plog_tr("Error renaming directory! (%s to %s)"),$source_path,$target_path)); 672 } 631 673 } 632 674 … … 925 967 return false; 926 968 } 927 $output .= "\n\t" . '<form class="edit" action="'.$_SERVER["PHP_SELF"].'" method="post"> 928 <table>'; 969 $query = ""; 970 if (strpos($_SERVER['PHP_SELF'], "plog-manage") !== false) { 971 $query = "?level=comments&id=".$comment['parent_id']; 972 } 973 974 $output .= "\n\t" . '<form class="edit" action="'.$_SERVER['PHP_SELF'].$query.'" method="post">'; 975 976 // get the thumbnail 977 $photo = get_picture_by_id($comment['parent_id']); 978 $thumbpath = generate_thumb(SmartStripSlashes($photo['path']), $photo['id'],THUMB_SMALL); 979 $output .= "\n\t\t" . '<div style="float: right;"><img src="'.$thumbpath.'" alt="" /></div>'; 980 981 $output .= "\n\t\t<table>"; 929 982 $output .= "\n\t\t\t" . '<tr> 930 983 <td>' . plog_tr('Author:') . '<br /><input size="30" name="author" id="author" value="'.SmartStripSlashes($comment['author']).'"/ ></td> … … 940 993 <input type="hidden" name="pid" value="'.$comment['id'].'" > 941 994 <input type="hidden" name="action" value="update-comment" > 942 <button class="submit" type="submit">' . plog_tr('Update') . '</button>'; 943 944 if (isset($_REQUEST["level"])) 945 { 946 $output .= "\n\t\t\t" . '<input type="hidden" name="level" value="'.$_REQUEST['level'].'" />'; 947 } 948 949 if (isset($_REQUEST["id"])) 950 { 951 $output .= "\n\t\t\t" . '<input type="hidden" name="id" value="'.$_REQUEST['id'].'" />'; 952 } 995 <input class="submit" name="update" value="' . plog_tr('Update') . '" type="submit" /> 996 <input class="submit" name="cancel" value="' . plog_tr('Cancel') . '" type="submit" />'; 953 997 954 998 $output .= "\n\n\t\t" . '</form>'; … … 1135 1179 1136 1180 /// XXX: something for the future: perhaps hooks for plugins should be implemented, 1137 // so plugi s could add new fields to all those forms.1181 // so plugins could add new fields to all those forms. 1138 1182 function plog_add_collection_form() { 1139 1183 $output = "\n\t\t" . '<input type="button" class="submit" id="show-collection" onclick="toggle(\'create-collection\'); toggle(\'show-collection\')" value="' . plog_tr('Create a Collection') . '" />'; … … 1178 1222 $output = ''; 1179 1223 $collection_id = intval($collection_id); 1180 $output .= "\n\t\t" . '<form class="edit" action="'.$_SERVER[ "REQUEST_URI"].'" method="post">';1224 $output .= "\n\t\t" . '<form class="edit" action="'.$_SERVER['PHP_SELF'].'" method="post">'; 1181 1225 $collection = get_collection_by_id($collection_id); 1182 1226 … … 1205 1249 $output .= "\n\t\t\t" . '<div> 1206 1250 <label accesskey="n" for="name">' . plog_tr('<em>N</em>ame') . ':</label><br /> 1207 <input size="30" name="name" id="name" value="'. SmartStripSlashes($collection['name']).'" /><br />1251 <input size="30" name="name" id="name" value="'.htmlspecialchars(SmartStripSlashes($collection['name'])).'" /><br /> 1208 1252 <label accesskey="d" for="description">' . plog_tr('<em>D</em>escription') . ':</label><br /> 1209 <input size="80" name="description" id="description" value="'. SmartStripSlashes($collection['description']).'" /><br />1253 <input size="80" name="description" id="description" value="'.htmlspecialchars(SmartStripSlashes($collection['description'])).'" /><br /> 1210 1254 Thumbnail:<br /> 1211 1255 <select name="thumbnail_id" onchange="updateThumbPreview(this)" class="thumbselect" id="thumbselect"> … … 1216 1260 <input type="hidden" name="action" value="update-collection" /> 1217 1261 <br /> 1218 <button class="submit" type="submit">' . plog_tr('Update') . '</button> 1262 <input class="submit" name="update" value="' . plog_tr('Update') . '" type="submit" /> 1263 <input class="submit" name="cancel" value="' . plog_tr('Cancel') . '" type="submit" /> 1219 1264 </div>'; 1220 1265 … … 1231 1276 $auto_graphic = $config['gallery_url']."plog-admin/images/auto.gif"; 1232 1277 1233 $output = "\n\t\t" . '<form class="edit" action="'.$_SERVER[ "PHP_SELF"].'?level=albums&id='.$album["parent_id"].'" method="post">';1278 $output = "\n\t\t" . '<form class="edit" action="'.$_SERVER['PHP_SELF'].'?level=albums&id='.$album['parent_id'].'" method="post">'; 1234 1279 1235 1280 $images = '<option class="thumboption" value="0" style="padding-left: 100px; background-image: url('.$auto_graphic.'); background-repeat: no-repeat;">' . plog_tr('automatic') . '</option>'; … … 1242 1287 $style = 'class="thumboption" style="padding-left: '.($thumbnail_config[THUMB_SMALL]["size"] + 5).'px; background-image: url('.generate_thumb(SmartStripSlashes($row["path"]), $row["id"]).'); background-repeat: no-repeat;"'; 1243 1288 1244 $images .= "\n\t\t\t\t<option $stylevalue='" . $row["id"] . "'" . $selected . ">";1289 $images .= "\n\t\t\t\t<option ".$style." value='" . $row["id"] . "'" . $selected . ">"; 1245 1290 $images .= !empty($row["caption"]) ? SmartStripSlashes($row["caption"]) : SmartStripSlashes(basename($row["path"])); 1246 1291 $images .= "</option>"; … … 1249 1294 $output .= "\n\t\t\t" . '<div> 1250 1295 <label for="name" accesskey="n">' . plog_tr('<em>N</em>ame') . ':</label><br /> 1251 <input size="30" name="name" id="name" value="'. SmartStripSlashes($album['name']).'" /><br />1296 <input size="30" name="name" id="name" value="'.htmlspecialchars(SmartStripSlashes($album['name'])).'" /><br /> 1252 1297 <label for="description" accesskey="d">' . plog_tr('<em>D</em>escription') . ':</label><br /> 1253 <input size="80" name="description" id="description" value="'. SmartStripSlashes($album['description']).'" /><br />1298 <input size="80" name="description" id="description" value="'.htmlspecialchars(SmartStripSlashes($album['description'])).'" /><br /> 1254 1299 Thumbnail:<br /> 1255 1300 <select name="thumbnail_id" class="thumbselect" id="thumbselect" onchange="updateThumbPreview(this)"> … … 1260 1305 <input type="hidden" name="action" value="update-album" /> 1261 1306 <br /> 1262 <button class="submit" type="submit">' . plog_tr('Update') . '</button> 1307 <input class="submit" name="update" value="' . plog_tr('Update') . '" type="submit" /> 1308 <input class="submit" name="cancel" value="' . plog_tr('Cancel') . '" type="submit" /> 1263 1309 </div>'; 1264 1310 $output .= "\n\t\t" . '</form>' . "\n"; … … 1331 1377 //$java = "javascript:this.ThumbPreviewPopup('$target')"; 1332 1378 $output .= "\n\t\t\t\t" . '<td><div class="img-shadow"><a href="'.plogger_get_picture_thumb(THUMB_LARGE).'" rel="lightbox" title="'.plogger_get_picture_caption().'">'.$imgtag.'</a></div></td>'; 1333 $output .= "\n\t\t\t\t <td><strong><a class='folder' href='?level=comments&id=" . $id . "'>" . basename(plogger_get_source_picture_path()) . "</a></strong></td>";1379 $output .= "\n\t\t\t\t".'<td><strong><a class="folder" href="'.$_SERVER['PHP_SELF'].'?level=comments&id=' . $id . '">' . basename(plogger_get_source_picture_path()) . '</a></strong> — ' . sprintf(plog_tr('contains %d comment(s)'), plogger_picture_comment_count()) . '</td>'; 1334 1380 $output .= "\n\t\t\t\t<td><p id=\"picture-caption-" . plogger_get_picture_id() ."\">" . plogger_get_picture_caption() . " </p></td>"; 1335 1381 $output .= "\n\t\t\t\t<td><p id=\"picture-description-" . plogger_get_picture_id() ."\">" . plogger_get_picture_description() . " </p></td>"; … … 1342 1388 1343 1389 $parent_id = $_REQUEST["id"]; 1344 $output .= '<a href="?action=1&selected%5B%5D=' . $id . '&level=pictures&delete_checked=1&id='.$parent_id; 1345 if (isset($_GET["entries_per_page"])) $output .= '&entries_per_page=' . intval($_GET["entries_per_page"]); 1346 if (isset($_GET["plog_page"])) $output .= '&plog_page=' . intval($_GET["plog_page"]); 1390 $output .= '<a href="?action=move-delete&selected%5B%5D=' . $id . '&level=pictures&delete_checked=1&id='.$parent_id; 1391 if (isset($_GET['plog_page'])) $output .= '&plog_page=' . intval($_GET['plog_page']); 1347 1392 $output .= '" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete this item?') . '\');"><img style="display: inline;" src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="' . plog_tr('Delete') . '" title="' . plog_tr('Delete') . '" /></a></td>'; 1348 1393 $output .= "\n\t\t\t</tr>"; … … 1415 1460 $counter++; 1416 1461 1417 $output .= "\n\t\t\t<tr class='$table_row_color'>"; 1418 $output .= "\n\t\t\t\t<td><input type='checkbox' name='selected[]' value='" . $id . "' /></td>"; 1419 $output .= "\n\t\t\t\t<td><a class='folder' href='?level=pictures&id=" .$id . "'><span id='album-name-" . plogger_get_album_id(). "'><strong>" . plogger_get_album_name() . "</strong></span></a> — " . sprintf(plog_tr('contains %d picture(s)'),plogger_album_picture_count()) . "</td>"; 1420 $output .= "\n\t\t\t\t<td><p id='album-description-" . plogger_get_album_id() . "'>" . plogger_get_album_description() . " </p></td>"; 1421 $output .= "\n\t\t\t\t" . '<td><a href="?action=edit-album&id=' . $id . '"><img style="display: inline;" src="'.$config['gallery_url'].'plog-admin/images/edit.gif" alt="' . plog_tr('Edit') . '" title="' . plog_tr('Edit') . '" /></a>'; 1422 $output .= '<a href="?action=1&selected%5B%5D=' . $id . '&level=albums&delete_checked=1&id='.$_REQUEST["id"].'" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete this item?') . '\');"><img style="display: inline;" src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="' . plog_tr('Delete') . '" title="' . plog_tr('Delete') . '" /></a></td>'; 1462 $output .= "\n\t\t\t".'<tr class="'.$table_row_color.'">'; 1463 $output .= "\n\t\t\t\t".'<td><input type="checkbox" name="selected[]" value="'.$id.'" /></td>'; 1464 $output .= "\n\t\t\t\t".'<td><a class="folder" href="'.$_SERVER['PHP_SELF'].'?level=pictures&id='.$id.'"><span id="album-name-'.plogger_get_album_id().'"><strong>'.plogger_get_album_name().'</strong></span></a> — ' . sprintf(plog_tr('contains %d picture(s)'), plogger_album_picture_count()) . '</td>'; 1465 $output .= "\n\t\t\t\t".'<td><p id="album-description-'.plogger_get_album_id().'">'.plogger_get_album_description().' </p></td>'; 1466 $output .= "\n\t\t\t\t".'<td><a href="'.$_SERVER['PHP_SELF'].'?action=edit-album&id='.$id.'"><img style="display: inline;" src="'.$config['gallery_url'].'plog-admin/images/edit.gif" alt="' . plog_tr('Edit') . '" title="' . plog_tr('Edit') . '" /></a>'; 1467 $output .= '<a href="'.$_SERVER['PHP_SELF'].'?action=move-delete&selected%5B%5D='.$id.'&level=albums&delete_checked=1&id='.$_REQUEST['id']; 1468 if (isset($_GET['plog_page'])) { $output .= '&plog_page='.intval($_GET['plog_page']); } 1469 $output .= '" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete this item?') . '\');"><img style="display: inline;" src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="' . plog_tr('Delete') . '" title="' . plog_tr('Delete') . '" /></a></td>'; 1423 1470 $output .= "\n\t\t\t</tr>"; 1424 1471 1425 } ;1426 $output .= "\n\t\t\t" .'<tr class="footer">1472 } 1473 $output .= "\n\t\t\t".'<tr class="footer"> 1427 1474 <td colspan="7"></td> 1428 1475 </tr> 1429 </table>' ."\n";1476 </table>'."\n"; 1430 1477 } else { 1431 1478 $output .= "\n\n\t\t<p class=\"actions\">" . plog_tr("There are no albums in this collection yet, why don't you create one?") . "</p>\n"; 1432 } ;1479 } 1433 1480 return $output; 1434 1481 … … 1488 1535 $output .= "\n\t\t\t<tr class=\"$table_row_color\">"; 1489 1536 $output .= "\n\t\t\t\t<td><input type='checkbox' name='selected[]' value='" . $id . "' /></td>"; 1490 $output .= "\n\t\t\t\t<td><a class='folder' href='?level=albums&id=" .$id . "'><span id='collection-name-" . plogger_get_collection_id() . "'><strong>" . plogger_get_collection_name() . "</strong></span></a> — " . sprintf(plog_tr('contains %d albums'),plogger_collection_album_count()) . "</td>";1491 $output .= "\n\t\t\t\t<td><p id='collection-description-" . plogger_get_collection_id() . "'>" . plogger_get_collection_description() ." </p></td>";1537 $output .= "\n\t\t\t\t<td><a class='folder' href='?level=albums&id=" .$id . "'><span id='collection-name-" . plogger_get_collection_id()."'><strong>".plogger_get_collection_name()."</strong></span></a> — " . sprintf(plog_tr('contains %d albums'), plogger_collection_album_count()) . "</td>"; 1538 $output .= "\n\t\t\t\t<td><p id='collection-description-" . plogger_get_collection_id() . "'>" . plogger_get_collection_description()." </p></td>"; 1492 1539 $output .= "\n\t\t\t\t" . '<td><a href="?action=edit-collection&id=' . $id . '"><img style="display: inline;" src="'.$config['gallery_url'].'plog-admin/images/edit.gif" alt="' . plog_tr('Edit') . '" title="' . plog_tr('Edit') . '" /></a>'; 1493 $output .= '<a href="?action=1&selected%5B%5D=' . $id . '&level=collections&delete_checked=1&id='.@$_REQUEST["id"].'" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete this item?') . '\');"><img style="display: inline;" src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="' . plog_tr('Delete') . '" title="' . plog_tr('Delete') . '" /></a></td>'; 1540 $output .= '<a href="?action=move-delete&selected%5B%5D=' . $id . '&level=collections&delete_checked=1&'; 1541 if (isset($_REQUEST['id'])) { $output .= 'id='.intval($_REQUEST['id']); } 1542 if (isset($_GET['plog_page'])) { $output .= '&plog_page=' . intval($_GET['plog_page']); } 1543 $output .= '" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete this item?') . '\');"><img style="display: inline;" src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="' . plog_tr('Delete') . '" title="' . plog_tr('Delete') . '" /></a></td>'; 1494 1544 $output .= "\n\t\t\t</tr>"; 1495 } ;1545 } 1496 1546 $output .= "\n\t\t\t" . '<tr class="footer"> 1497 1547 <td colspan="7"></td> … … 1500 1550 } else { 1501 1551 $output .= "\n\n\t\t<p class=\"actions\">" . plog_tr('There are no collections yet') . "</p>\n"; 1502 } ;1552 } 1503 1553 return $output; 1504 1554 } -
trunk/plog-admin/plog-admin.php
r567 r569 22 22 } 23 23 24 if (!isset($_SESSION[ "plogger_logged_in"])){24 if (!isset($_SESSION['plogger_logged_in']) || $_SESSION['plogger_logged_in'] !== true){ 25 25 header("Location: index.php"); 26 26 exit; … … 63 63 <script type="text/javascript" src="'.$config['gallery_url'].'plog-admin/js/plogger.js"></script> 64 64 <script type="text/javascript" src="'.$config['gallery_url'].'plog-admin/js/lightbox.js"></script> 65 <script type="text/javascript" src="'.$config['gallery_url'].'plog-admin/js/AmiJS.js"></script>66 <script type="text/javascript" src="'.$config['gallery_url'].'plog-admin/js/greybox.js"></script>67 65 '.$inHead.' 68 <script type="text/javascript">69 //GreyBox configuration70 //Use animation?71 var GB_ANIMATION = true;72 var GB_IMG_DIR = "'.$config['gallery_url'].'plog-admin/images/";73 //Clicking on the transparent overlay closes the GreyBox window?74 var GB_overlay_click_close = false;75 </script>76 66 </head> 77 67 -
trunk/plog-admin/plog-feedback.php
r568 r569 9 9 $inHead = '<script src="js/ajax_editing.js" type="text/javascript"></script>'; 10 10 11 function generate_pagination_view_menu() { 12 13 $java = 'document.location.href = \''.$_SERVER["PHP_SELF"].'?'.'&entries_per_page=\'+this.options[this.selectedIndex].value'; 14 15 $possible_values = array("5"=>5, "10"=>10, "20"=>20, "50"=>50); 16 $output = "\n\t\t\t\t\t" . '<label accesskey="e" for="entries_on_page">' .plog_tr('<em>E</em>ntries per page') . '</label> 17 <select class="entries-page" onchange="'.$java.'" name="entries_per_page" style="width: 60px;">'; 18 foreach ($possible_values as $key => $value) 19 if ($_SESSION['entries_per_page'] == $key) 20 $output .= "\n\t\t\t\t\t\t<option value=\"$value\" selected=\"selected\">$key</option>"; 21 else 22 $output .= "\n\t\t\t\t\t\t<option value=\"$value\">$key</option>"; 23 $output.= "\n\t\t\t\t\t</select>"; 24 25 return $output; 26 11 $output = "\n\t" . '<h1>'. plog_tr("Manage Feedback") . '</h1>' . "\n"; 12 13 if (isset($_REQUEST['action'])) { 14 if ($_REQUEST['action'] == "approve-delete") { 15 // here we will determine if we need to perform an approved or delete action. 16 $num_items = 0; 17 18 // perform the delete function on the selected items 19 if (isset($_REQUEST['delete_checked'])) { 20 if (isset($_REQUEST['selected'])) { 21 foreach($_REQUEST['selected'] as $del_id) { 22 // lets build the query string 23 $del_id = intval($del_id); 24 25 $query = "DELETE FROM ".TABLE_PREFIX."comments WHERE `id`= '".$del_id."'"; 26 $result = run_query($query); 27 28 $num_items++; 29 } 30 31 $output .= "\n\t".'<p class="actions">'.sprintf(plog_tr('You have deleted %d comment(s) successfully.'),$num_items).'</p>'; 32 33 } else{ 34 $output .= "\n\t".'<p class="errors">'.plog_tr('Nothing selected to delete!').'</p>'; 35 } 36 } else if (isset($_REQUEST['approve_checked'])) { 37 // set the approval bit to 1 for all selected comments 38 39 if (isset($_REQUEST['selected'])) { 40 foreach($_REQUEST['selected'] as $appr_id) { 41 // lets build the query string 42 $appr_id = intval($appr_id); 43 44 $query = "UPDATE ".TABLE_PREFIX."comments SET `approved` = 1 WHERE `id`= '".$appr_id."'"; 45 $result = run_query($query); 46 47 $num_items++; 48 } 49 50 $output .= "\n\t<p class=\"actions\">" . sprintf(plog_tr('You have approved %d comment(s) successfully.'),$num_items) . "</p>"; 51 } else { 52 $output .= "\n\t<p class=\"errors\">". plog_tr('Nothing selected to approve!') . "</p>"; 53 } 54 } 55 } else if ($_REQUEST['action'] == "edit-comment") { 56 // show the edit form 57 $output .= edit_comment_form($_REQUEST['pid']); 58 $edit_page = 1; 59 } else if ($_REQUEST['action'] == "update-comment") { 60 if (!isset($_REQUEST['cancel'])) { 61 // update comment in database 62 $result = update_comment($_POST['pid'],$_POST['author'],$_POST['email'],$_POST['url'],$_POST['comment']); 63 if (isset($result['errors'])) { 64 $output .= "\n\t" . '<p class="errors">' . $result['errors'] . '</p>'; 65 } else if (isset($result['output'])) { 66 $output .= "\n\t" . '<p class="actions">' . $result['output'] . '</p>'; 67 } 68 } 69 } 27 70 } 28 71 29 $output = "\n\t" . '<h1>'. plog_tr("Manage Feedback") . '</h1>' . "\n"; 30 31 // here we will determine if we need to perform a move or delete action. 32 $num_items = 0; 33 34 // perform the delete function on the selected items 35 if (isset($_REQUEST['delete_checked']) || (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_checked')) { 36 37 if (isset($_REQUEST["selected"])) { 38 foreach($_REQUEST["selected"] as $del_id) { 39 // lets build the query string 40 $del_id = intval($del_id); 41 42 $query = "DELETE FROM ".TABLE_PREFIX."comments WHERE `id`= '$del_id'"; 43 $result = run_query($query); 44 45 $num_items++; 46 } 47 48 $output .= "\n\t<p class=\"actions\">" . sprintf(plog_tr('You have deleted %d comment(s) successfully.'),$num_items) . "</p>"; 49 50 } else{ 51 $output .= "\n\t<p class=\"errors\">" . plog_tr('Nothing selected to delete!') . "</p>"; 52 } 53 }; 54 55 if (isset($_REQUEST['approve_checked']) || (isset($_REQUEST['action']) && $_REQUEST['action'] == 'approve_checked')) { 56 // set the approval bit to 1 for all selected comments 57 58 if (isset($_REQUEST["selected"])) { 59 foreach($_REQUEST["selected"] as $appr_id) { 60 // lets build the query string 61 $appr_id = intval($appr_id); 62 63 $query = "UPDATE ".TABLE_PREFIX."comments SET `approved` = 1 WHERE `id`= '$appr_id'"; 64 $result = run_query($query); 65 66 $num_items++; 67 } 68 69 $output .= "\n\t<p class=\"actions\">" . sprintf(plog_tr('You have approved %d comment(s) successfully.'),$num_items) . "</p>"; 72 if (!isset($edit_page)) { 73 // lets iterate through all the content and build a table 74 // set the default level if nothing is specified 75 76 // handle pagination 77 // lets determine the limit filter based on current page and number of results per page 78 if (isset($_REQUEST['entries_per_page'])) { 79 $_SESSION['entries_per_page'] = $_REQUEST['entries_per_page']; 80 } else if (!isset($_SESSION['entries_per_page'])){ 81 $_SESSION['entries_per_page'] = 20; 82 } 83 84 $plog_page = isset($_REQUEST['plog_page']) ? $_REQUEST['plog_page'] : 1; // default to the first page 85 86 $first_item = ($plog_page - 1) * $_SESSION['entries_per_page']; 87 if ($first_item < 0) { 88 $first_item = 0; 89 } 90 $limit = "LIMIT ".$first_item.", ".$_SESSION['entries_per_page']; 91 92 // lets generate the pagination menu as well 93 $recordCount = "SELECT count(*) AS num_comments FROM ".TABLE_PREFIX."comments WHERE `approved` = 1"; 94 $totalRowsResult = mysql_query($recordCount); 95 $num_comments = mysql_result($totalRowsResult,"num_comments"); 96 97 $query = "SELECT COUNT(*) as in_moderation from ".TABLE_PREFIX."comments WHERE `approved` = 0"; 98 $mod_result = run_query($query); 99 $num_comments_im = mysql_result($mod_result, "in_moderation"); 100 101 // filter based on whether were looking at approved comments or unmoderated comments 102 if (isset($_REQUEST['moderate']) && $_REQUEST['moderate'] == 1) { 103 $approved = 0; 104 $moderate = 1; 70 105 } else { 71 $output .= "\n\t<p class=\"errors\">". plog_tr('Nothing selected to approve!') . "</p>"; 72 } 73 }; 74 75 if (isset($_REQUEST["action"])) { 76 if ($_REQUEST["action"] == "edit-comment") { 77 // show the edit form 78 $output .= edit_comment_form($_REQUEST["pid"]); 79 } 80 81 else if ($_REQUEST["action"] == "update-comment") { 82 // update comment in database 83 $result = update_comment($_POST["pid"],$_POST["author"],$_POST["email"],$_POST["url"],$_POST["comment"]); 84 if (isset($result['errors'])) { 85 $output .= "\n\t" . '<p class="errors">' . $result['errors'] . '</p>'; 86 } elseif (isset($result['output'])) { 87 $output .= "\n\t" . '<p class="actions">' . $result['output'] . '</p>'; 88 89 } 90 } 91 106 $approved = 1; 107 $moderate = 0; 108 } 109 $output .= "\n\t\t" . '<form id="contentList" action="'.$_SERVER['PHP_SELF'].'?moderate='.$moderate.'" method="post">'; 110 111 if ($approved) { 112 $pagination_menu = generate_pagination("admin", "feedback", $plog_page, $num_comments, $_SESSION['entries_per_page']); 113 } else { 114 $pagination_menu = generate_pagination("admin", "feedback", $plog_page, $num_comments_im, $_SESSION['entries_per_page'], array("moderate" => 1)); 115 } 116 $pagination_menu = "\n\t\t" . '<div class="pagination">'.$pagination_menu.'</div>'; 117 118 // generate javascript init function for ajax editing 119 $query = "SELECT *, UNIX_TIMESTAMP(`date`) AS `unix_date` from ".TABLE_PREFIX."comments WHERE `approved` = ".$approved." ORDER BY `id` DESC ".$limit; 120 $result = run_query($query); 121 122 if (mysql_num_rows($result) > 0) { 123 $output .= "\n\t\t" . '<script type="text/javascript">'; 124 $output .= "\n\t\t\tEvent.observe(window, 'load', init, false);"; 125 $output .= "\n\t\t\tfunction init() {"; 126 127 while($row = mysql_fetch_assoc($result)) { 128 $output .= "\n\t\t\tmakeEditable('comment-comment-".$row['id']."'); 129 makeEditable('comment-author-".$row['id']."'); 130 makeEditable('comment-url-".$row['id']."'); 131 makeEditable('comment-email-".$row['id']."');"; 132 } 133 134 $output .= "\n\t\t\t}"; 135 $output .= "\n\t\t</script>"; 136 } 137 138 $query = "SELECT *, UNIX_TIMESTAMP(`date`) AS `unix_date` from ".TABLE_PREFIX."comments WHERE `approved` = ".$approved." ORDER BY `id` DESC ".$limit; 139 $result = run_query($query); 140 141 $empty = 0; 142 $allowedCommentKeys = array("unix_date", "author", "email", "url", "comment"); 143 if ($result) { 144 if (mysql_num_rows($result) == 0) { 145 if ($approved) { 146 $output .= "\n\t\t" . '<p class="actions">' . plog_tr('You have no user comments on your gallery.') . '</p>'; 147 } else { 148 $output .= "\n\t\t" . '<p class="actions">' . plog_tr('You have no comments waiting for approval.') . '</p>'; 149 } 150 $empty = 1; 151 } 152 if ($approved) { 153 if ($num_comments_im > 0) { 154 $output.= "\n\t\t" . '<p class="actions">' . sprintf(plog_tr('You have %d comment(s) waiting for approval.'),$num_comments_im) . ' <a href="plog-feedback.php?moderate=1">' . plog_tr('Click here') . '</a> to review and approve/delete the moderated comment(s).</p>'; 155 } 156 } 157 158 $counter = 0; 159 $allowedCommentKeys = array("unix_date", "author", "email", "url", "comment"); 160 161 while($row = mysql_fetch_assoc($result)) { 162 // if we're on our first iteration, dump the header 163 if ($counter == 0) { 164 if ($approved) { 165 $output .= "\n\n\t\t" . '<table style="width: 100%;"> 166 <tr> 167 <td>' . sprintf(plog_tr('You have <strong>%d</strong> user comment(s).'),$num_comments) . '</td>'; 168 } else { 169 $output .= "\n\n\t\t" . '<table style="width: 100%;"> 170 <tr> 171 <td>' . sprintf(plog_tr('You have <strong>%d</strong> user comment(s) awaiting approval.'),$num_comments_im) . '</td>'; 172 } 173 174 // output view entries pagination control 175 $output .= "\n\t\t\t\t" . '<td align="right">'.generate_pagination_view_menu().' 176 </td> 177 </tr> 178 </table>'; 179 180 if (!$empty) { $output .= $pagination_menu; } 181 182 $output .= "\n\n\t\t" . '<table style="width: 100%;" cellpadding="4"> 183 <tr class="header"> 184 <th class="table-header-left"></th> 185 <th class="table-header-middle">' . plog_tr('Thumb') . '</th>'; 186 187 foreach ($row as $name => $value) { 188 if (in_array($name, $allowedCommentKeys)) { 189 $output .= "\n\t\t\t\t<th class=\"table-header-middle\">". plog_tr(ucfirst($name)) ."</th>"; 190 } 191 } 192 193 $output .= "\n\t\t\t\t" . '<th class="table-header-right">' . plog_tr('Actions') . '</th> 194 </tr>'; 195 } 196 197 if ($counter%2 == 0) { 198 $table_row_color = "color-1"; 199 } else { 200 $table_row_color = "color-2"; 201 } 202 203 // start a new table row (alternating colors) 204 $output .= "\n\t\t\t".'<tr class="'.$table_row_color.'">'; 205 206 // give the row a checkbox 207 $output .= "\n\t\t\t\t" . '<td><input type="checkbox" name="selected[]" value="'.$row['id'].'" /></td>'; 208 209 // give the row a thumbnail, we need to look up the parent picture for the comment 210 $picture = get_picture_by_id($row['parent_id']); 211 $thumbpath = generate_thumb($picture['path'], $picture['id'], THUMB_SMALL); 212 213 // generate XHTML with thumbnail and link to picture view. 214 $imgtag = '<img src="'.$thumbpath.'" title="'.$picture['caption'].'" alt="'.$picture['caption'].'" />'; 215 $output .= "\n\t\t\t\t" . '<td><div class="img-shadow"><a href="'.generate_thumb($picture['path'], $picture['id'], THUMB_LARGE).'" rel="lightbox" title="'.plogger_get_picture_caption().'">'.$imgtag.'</a></div></td>'; 216 217 foreach ($row as $key => $value) { 218 $value = htmlspecialchars($value); 219 $value = SmartStripSlashes($value); 220 221 if ($key == "unix_date") { 222 $output .= "\n\t\t\t\t" . '<td>'.date($config['date_format'], $value).'</td>'; 223 } else if ($key == "allow_comments") { 224 if ($value) { 225 $output .= "\n\t\t\t\t<td>". plog_tr('Yes') . "</td>"; 226 } else { 227 $output .= "\n\t\t\t\t<td>" . plog_tr('No') . "</td>"; 228 } 229 } 230 //else if ($key == "ip") { 231 // $output .= "<td>" . @gethostbyaddr($value) . "</td>"; 232 //} 233 else { 234 if (in_array($key, $allowedCommentKeys)) 235 $output .= "\n\t\t\t\t".'<td><p id="comment-'.$key.'-'.$row['id'].'">'.$value.' </p></td>'; 236 } 237 } 238 239 // $output .= our actions panel 240 $query = "?action=edit-comment&pid=$row[id]"; 241 $output .= "\n\t\t\t\t" . '<td> 242 <div> 243 <a href="'.$_SERVER['PHP_SELF'].$query.'&entries_per_page='.$_SESSION['entries_per_page'].'&moderate='.$moderate.'"><img src="'.$config['gallery_url'].'plog-admin/images/edit.gif" alt="'.plog_tr('Edit').'" title="'.plog_tr('Edit').'" /></a> 244 <a href="'.$_SERVER['PHP_SELF'].'?action=approve-delete&delete_checked=1&selected[]='.$row['id'].'&moderate='.$moderate.'" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete this comment?') . '\');"><img src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="'.plog_tr('Delete').'" title="'.plog_tr('Delete').'" /></a>'; 245 246 if (!$approved){ 247 $output .= "\n\t\t\t\t\t\t".'<a href="'.$_SERVER['PHP_SELF'].'?action=approve-delete&approve_checked=1&selected[]='.$row['id'].'&moderate=1" onclick="return confirm(\''.plog_tr('Are you sure you want to approve this comment?').'\');"><img src="'.$config['gallery_url'].'plog-admin/images/new_file.gif" alt="'.plog_tr('Approve').'" title="'.plog_tr('Approve').'" /></a>'; 248 } 249 250 $output .= "\n\t\t\t\t\t</div>\n\t\t\t\t</td>\n\t\t\t</tr>"; 251 $counter++; 252 } 253 254 if ($counter > 0) { 255 $output .= "\n\t\t\t" . '<tr class="footer"> 256 <td colspan="9"></td> 257 </tr> 258 </table>'; 259 } 260 } 261 262 if (!$empty) { 263 $output .= "\n\n\t\t" . '<div><a href="#" onclick="checkAll(document.getElementById(\'contentList\')); return false;">' . plog_tr('Invert Checkbox Selection') . '</a></div> 264 '.$pagination_menu; 265 } 266 267 $output .= "\n\n\t\t" . '<div> 268 <input type="hidden" name="action" value="approve-delete" /> 269 <input class="submit" type="submit" name="delete_checked" onclick="return confirm(\''. plog_tr('Are you sure you want to delete the selected comments?') . '\');" value="' . plog_tr('Delete Checked') . '" />'; 270 271 if (!$approved) { 272 $output .= "\n\t\t\t" . '<input class="submit" type="submit" name="approve_checked" onclick="return confirm(\'' . plog_tr('Are you sure you want to approve the selected comments?') . '\');" value="' . plog_tr('Approve Checked') . '" />'; 273 } 274 275 $output .= "\n\n\t\t" . '</div>' . "\n\t\t" . '</form>'. "\n"; 92 276 } 93 277 94 $output .= "\n\t\t" . '<form id="contentList" action="'.$_SERVER["PHP_SELF"].'" method="get">';95 96 $allowedCommentKeys = array("unix_date", "author", "email", "url", "comment");97 98 // lets iterate through all the content and build a table99 // set the default level if nothing is specified100 101 // handle pagination102 // lets determine the limit filter based on current page and number of results per page103 if (!isset($_REQUEST["plog_page"])) $_REQUEST["plog_page"] = "1"; // we're on the first page104 105 if (isset($_REQUEST['entries_per_page'])) $_SESSION['entries_per_page'] = $_REQUEST['entries_per_page'];106 107 if (!isset($_SESSION['entries_per_page'])) $_SESSION['entries_per_page'] = 20;108 109 #$url = "&entries_per_page=$_SESSION[entries_per_page]&level=$_REQUEST[level]&id=$_REQUEST[id]";110 $url = "?entries_per_page=$_SESSION[entries_per_page]";111 112 $plog_page = isset($_REQUEST["plog_page"]) ? $_REQUEST["plog_page"] : 1;113 114 $first_item = ($plog_page - 1) * $_SESSION['entries_per_page'];115 $limit = "LIMIT $first_item, $_SESSION[entries_per_page]";116 117 // lets generate the pagination menu as well118 $recordCount = "SELECT count(*) AS num_comments FROM ".TABLE_PREFIX."comments WHERE `approved` = 1";119 $totalRowsResult = mysql_query($recordCount);120 $num_comments = mysql_result($totalRowsResult,"num_comments");121 122 $query = "SELECT COUNT(*) as in_moderation from ".TABLE_PREFIX."comments WHERE `approved` = 0";123 $mod_result = run_query($query);124 $num_comments_im = mysql_result($mod_result, "in_moderation");125 126 // filter based on whether were looking at approved comments or unmoderated comments127 $approved = isset($_REQUEST['moderate']) ? 0 : 1;128 129 if ($approved) {130 $pagination_menu = generate_pagination("admin", "feedback", $plog_page, $num_comments, $_SESSION['entries_per_page']);131 } else {132 $pagination_menu = generate_pagination("admin", "feedback", $plog_page, $num_comments_im, $_SESSION['entries_per_page'], array("moderate" => 1));133 }134 $pagination_menu = "\n\t\t" . '<div class="pagination">'.$pagination_menu.'</div>';135 136 // generate javascript init function for ajax editing137 $query = "SELECT *, UNIX_TIMESTAMP(`date`) AS `unix_date` from ".TABLE_PREFIX."comments WHERE `approved` = $approved ORDER BY `id` DESC $limit";138 $result = run_query($query);139 140 if (mysql_num_rows($result) > 0) {141 $output .= "\n\t\t" . '<script type="text/javascript">';142 $output .= "\n\t\t\tEvent.observe(window, 'load', init, false);";143 $output .= "\n\t\t\tfunction init() {";144 145 while($row = mysql_fetch_assoc($result)) {146 $output .= "\n\t\t\tmakeEditable('comment-comment-".$row['id']."');147 makeEditable('comment-author-".$row['id']."');148 makeEditable('comment-url-".$row['id']."');149 makeEditable('comment-email-".$row['id']."');";150 }151 152 $output .= "\n\t\t\t}";153 $output .= "\n\t\t</script>";154 }155 156 $query = "SELECT *, UNIX_TIMESTAMP(`date`) AS `unix_date` from ".TABLE_PREFIX."comments WHERE `approved` = $approved ORDER BY `id` DESC $limit";157 $result = run_query($query);158 159 $empty = 0;160 if ($result) {161 if (mysql_num_rows($result) == 0) {162 $output.= "\n\t\t" . '<p class="actions">' . plog_tr('You have no user comments on your gallery.') . '</p>';163 $empty = 1;164 }165 if ($approved) {166 if ($num_comments_im > 0) {167 $output.= "\n\t\t" . '<p class="actions">' . sprintf(plog_tr('You have %d comment(s) waiting for approval.'),$num_comments_im) . ' <a href="plog-feedback.php?moderate=1">' . plog_tr('Click here') . '</a> to review and approve/delete the moderated comment(s).</p>';168 }169 }170 $counter = 0;171 172 while($row = mysql_fetch_assoc($result)) {173 // if we're on our first iteration, dump the header174 if ($counter == 0) {175 if ($approved)176 $output .= "\n\n\t\t" . '<table style="width: 100%;">177 <tr>178 <td>' . sprintf(plog_tr('You have <strong>%d</strong> user comment(s).'),$num_comments) . '</td>';179 else180 $output .= "\n\n\t\t" . '<table style="width: 100%;">181 <tr>182 <td>' . sprintf(plog_tr('You have <strong>%d</strong> user comment(s) awaiting approval.'),$num_comments_im) . '</td>';183 184 // output view entries pagination control185 $output .= "\n\t\t\t\t" . '<td align="right">'.generate_pagination_view_menu().'186 </td>187 </tr>188 </table>';189 190 if (!$empty) { $output .= $pagination_menu; }191 192 $output .= "\n\n\t\t" . '<table style="width: 100%;" cellpadding="4">193 <tr class="header">194 <th class="table-header-left"></th>195 <th class="table-header-middle">' . plog_tr('Thumb') . '</th>';196 197 foreach ($row as $name => $value) {198 if (in_array($name, $allowedCommentKeys))199 $output .= "\n\t\t\t\t<th class=\"table-header-middle\">". plog_tr(ucfirst($name)) ."</th>";200 }201 202 $output .= "\n\t\t\t\t" . '<th class="table-header-right">' . plog_tr('Actions') . '</th>203 </tr>';204 }205 206 if ($counter%2 == 0) $table_row_color = "color-1";207 else $table_row_color = "color-2";208 209 // start a new table row (alternating colors)210 $output .= "\n\t\t\t<tr class=\"$table_row_color\">";211 212 // give the row a checkbox213 $output .= "\n\t\t\t\t" . '<td><input type="checkbox" name="selected[]" value="'.$row["id"].'" /></td>';214 215 // give the row a thumbnail, we need to look up the parent picture for the comment216 $picture = get_picture_by_id($row["parent_id"]);217 218 $thumbpath = generate_thumb($picture["path"],$picture["id"],THUMB_SMALL);219 220 // generate XHTML with thumbnail and link to picture view.221 $imgtag = '<img src="'.$thumbpath.'" title="'.$picture["caption"].'" alt="'.$picture["caption"].'" />';222 //$target = 'plog-thumbpopup.php?src='.$picture["id"];;223 //$java = "javascript:this.ThumbPreviewPopup('$target')";224 225 $output .= "\n\t\t\t\t" . '<td><div class="img-shadow"><a href="'.generate_thumb($picture["path"],$picture["id"],THUMB_LARGE).'" rel="lightbox" title="'.plogger_get_picture_caption().'">'.$imgtag.'</a></div></td>';226 227 foreach($row as $key => $value) {228 $value = htmlspecialchars($value);229 $value = SmartStripSlashes($value);230 231 if ($key == "unix_date") {232 $output .= "\n\t\t\t\t" . '<td>'.date($config["date_format"], $value).'</td>';233 }234 else if ($key == "allow_comments") {235 if ($value) $output .= "\n\t\t\t\t<td>". plog_tr('Yes') . "</td>";236 else $output .= "\n\t\t\t\t<td>" . plog_tr('No') . "</td>";237 }238 //else if ($key == "ip") {239 // $output .= "<td>" . @gethostbyaddr($value) . "</td>";240 //}241 242 else {243 if (in_array($key, $allowedCommentKeys))244 $output .= "\n\t\t\t\t<td><p id=\"comment-$key-" . $row['id'] ."\">$value </p></td>";245 }246 }247 248 // $output .= our actions panel249 $query = "?action=edit-comment&pid=$row[id]";250 251 if (!$approved) {252 $output .= "\n\t\t\t\t" . '<td>253 <div><a href="'.$_SERVER["PHP_SELF"]."$query&entries_per_page=$_SESSION[entries_per_page]&moderate=1".'"><img src="'.$config['gallery_url'].'plog-admin/images/edit.gif" alt="' . plog_tr('Edit') . '" title="' . plog_tr('Edit') . '" /></a>254 <a href="'.$_SERVER["PHP_SELF"]."?action=delete_checked&selected[]=$row[id]&moderate=1".'" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete this comment?') . '\');"><img src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="' . plog_tr('Delete') . '" title="' . plog_tr('Delete') . '" /></a>255 <a href="'.$_SERVER["PHP_SELF"]."?action=approve_checked&selected[]=$row[id]&moderate=1".'" onclick="return confirm(\'' . plog_tr('Are you sure you want to approve this comment?') . '\');"><img src="'.$config['gallery_url'].'plog-admin/images/new_file.gif" alt="' . plog_tr('Approve') . '" title="' . plog_tr('Approve') . '" /></a></div>256 </td>';257 }258 else259 $output .= "\n\t\t\t\t" . '<td>260 <div><a href="'.$_SERVER["PHP_SELF"]."$query&entries_per_page=$_SESSION[entries_per_page]&moderate=$approved".'"><img src="'.$config['gallery_url'].'plog-admin/images/edit.gif" alt="' . plog_tr('Edit') . '" title="' . plog_tr('Edit') . '" /></a>261 <a href="'.$_SERVER["PHP_SELF"]."?action=delete_checked&selected[]=$row[id]".'" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete this comment?') . '\');"><img src="'.$config['gallery_url'].'plog-admin/images/x.gif" alt="' . plog_tr('Delete') . '" title="' . plog_tr('Delete') . '" /></a></div>262 </td>';263 264 $output .= "\n\t\t\t</tr>";265 $counter++;266 }267 268 if ($counter > 0)269 $output .= "\n\t\t\t" . '<tr class="footer">270 <td colspan="9"></td>271 </tr>272 </table>';273 }274 275 if (!$empty) {276 $output .= "\n\n\t\t" . '<div><a href="#" onclick="checkAll(document.getElementById(\'contentList\')); return false;">' . plog_tr('Invert Checkbox Selection') . '</a></div>277 '.$pagination_menu;278 }279 280 $output .= "\n\n\t\t" . '<div><input class="submit" type="submit" name="delete_checked" onclick="return confirm(\''. plog_tr('Are you sure you want to delete the selected comments?') . '\');" value="' . plog_tr('Delete Checked') . '" />';281 if (!$approved) {282 $output .= '<input class="submit" type="submit" name="approve_checked" onclick="return confirm(\'' . plog_tr('Are you sure you want to approve the selected comments?') . '\');" value="' . plog_tr('Approve Checked') . '" /></div>';283 }284 285 $output .= "\n\t\t" . '</form>'. "\n";286 287 278 display($output, "feedback"); 288 279 -
trunk/plog-admin/plog-manage.php
r568 r569 9 9 $inHead = '<script src="js/ajax_editing.js" type="text/javascript"></script>'; 10 10 11 function generate_pagination_view_menu() {12 13 $java = 'document.location.href = \''.$_SERVER["PHP_SELF"].'?level='.$_REQUEST["level"].'&id='.$_REQUEST["id"].'&entries_per_page=\'+this.options[this.selectedIndex].value';14 15 $possible_values = array("5"=>5, "10"=>10, "20"=>20, "50"=>50);16 $output= "\n\t\t\t" . '<label accesskey="e" for="entries_on_page">' .plog_tr('<em>E</em>ntries per page') . '</label>17 <select class="entries-page" onchange="'.$java.'" name="entries_per_page" style="width: 60px;">';18 foreach ($possible_values as $key => $value)19 if ($_SESSION['entries_per_page'] == $key)20 $output .= "\n\t\t\t\t<option value=\"$value\" selected=\"selected\">$key</option>";21 else22 $output .= "\n\t\t\t\t<option value=\"$value\">$key</option>";23 $output.= "\n\t\t\t</select>";24 return $output;25 }26 27 11 function generate_move_menu($level) { 28 if ($level == "albums") $parent = "collections";29 if ($level == "pictures") $parent = "albums";30 $output = "\n\t\t\t" .'<input class="submit" type="submit" name="move_checked" value="' . plog_tr("Move Checked To") . '" />';12 if ($level == "albums") { $parent = "collections"; } 13 if ($level == "pictures") { $parent = "albums"; } 14 $output = "\n\t\t\t".'<input class="submit" type="submit" name="move_checked" value="' . plog_tr("Move Checked To") . '" />'; 31 15 32 16 if ($level == "pictures") { … … 34 18 $output .= generate_albums_menu($albums); 35 19 } else { 36 $output .= "\n\t\t\t\t" .'<select class="move-del-manage" id="group_id" name="group_id">';20 $output .= "\n\t\t\t\t".'<select class="move-del-manage" id="group_id" name="group_id">'; 37 21 $collections = get_collections(); 38 22 foreach($collections as $collection) { 39 $output .= "\n\t\t\t\t\t" . '<option value="'.$collection["id"].'">'.SmartStripSlashes($collection["name"]);23 $output .= "\n\t\t\t\t\t".'<option value="'.$collection['id'].'">'.SmartStripSlashes($collection['name']); 40 24 $output .= '</option>'; 41 25 } 42 $output .= "\n\t\t\t\t" .'</select>';26 $output .= "\n\t\t\t\t".'</select>'; 43 27 } 44 28 … … 47 31 48 32 function generate_albums_menu($albums) { 49 $output = "\n\t\t\t" .'<select id="group_id" name="group_id">';33 $output = "\n\t\t\t".'<select id="group_id" name="group_id">'; 50 34 foreach($albums as $album_id => $album) { 51 35 $selected = ''; 52 36 // if we are on the current album then set it to be the default option 53 if (isset($_REQUEST[ "albums_menu"]) && isset($_REQUEST["new_album_name"])){54 if ($albums_menu == $album_id || $new_album_name == $album['album_name']) {37 if (isset($_REQUEST['albums_menu']) && isset($_REQUEST['new_album_name'])) { 38 if ($albums_menu == $album_id || $new_album_name == $album['album_name']) { 55 39 $selected = " selected=\"selected\""; 56 40 } 57 41 } 58 42 59 $output .= "\n\t\t\t\t <option value=\"".$album_id."\"".$selected.">".SmartStripSlashes($album['collection_name']).": ".SmartStripSlashes($album['album_name'])."";43 $output .= "\n\t\t\t\t".'<option value="'.$album_id.'"'.$selected.'>'.SmartStripSlashes($album['collection_name']).': '.SmartStripSlashes($album['album_name']); 60 44 $output .= "</option>"; 61 45 } … … 65 49 } 66 50 67 function generate_breadcrumb_admin($level, $id = 0) {51 function generate_breadcrumb_admin($level, $id = 0) { 68 52 switch ($level){ 69 53 case 'collections': 70 54 $breadcrumbs = '<strong>' . plog_tr('Collections') . '</strong>'; 71 72 break; 55 break; 73 56 case 'albums': 74 57 $collection = get_collection_by_id($id); 75 $collection_name = SmartStripSlashes($collection["name"]); 76 $breadcrumbs = '<a href="'.$_SERVER["PHP_SELF"].'">' . plog_tr('Collections') . '</a> » ' . "<strong>".$collection_name."</strong>"; 77 78 break; 58 $collection_name = SmartStripSlashes($collection['name']); 59 $breadcrumbs = '<a href="'.$_SERVER['PHP_SELF'].'">' . plog_tr('Collections') . '</a> » ' . "<strong>".$collection_name."</strong>"; 60 break; 79 61 case 'pictures': 80 62 $album = get_album_by_id($id); 81 $album_link = SmartStripSlashes($album["name"]); 82 $collection_link = '<a href="'.$_SERVER["PHP_SELF"].'?level=albums&id='.$album["parent_id"].'">'.SmartStripSlashes($album["collection_name"]).'</a>'; 83 $breadcrumbs = '<a href="'.$_SERVER["PHP_SELF"].'">' . plog_tr('Collections') . '</a> » ' . $collection_link . ' » ' . '<strong>'.$album_link.'</strong>'; 84 break; 85 63 $album_link = SmartStripSlashes($album['name']); 64 $collection_link = '<a href="'.$_SERVER['PHP_SELF'].'?level=albums&id='.$album['parent_id'].'">'.SmartStripSlashes($album['collection_name']).'</a>'; 65 $breadcrumbs = '<a href="'.$_SERVER['PHP_SELF'].'">' . plog_tr('Collections') . '</a> » ' . $collection_link . ' » ' . '<strong>'.$album_link.'</strong>'; 66 break; 86 67 case 'comments': 87 88 68 $query = "SELECT * FROM `".TABLE_PREFIX."pictures` WHERE `id`='".$id."'"; 89 69 $result = run_query($query); 90 70 $row = mysql_fetch_assoc($result); 91 71 92 $picture_link = '<strong>'.SmartStripSlashes(basename($row[ "path"])).'</strong>';93 $album_id = $row[ "parent_album"];94 $collection_id = $row[ "parent_collection"];72 $picture_link = '<strong>'.SmartStripSlashes(basename($row['path'])).'</strong>'; 73 $album_id = $row['parent_album']; 74 $collection_id = $row['parent_collection']; 95 75 96 76 $query = "SELECT * FROM `".TABLE_PREFIX."albums` WHERE `id`='".$album_id."'"; … … 98 78 $row = mysql_fetch_assoc($result); 99 79 100 $album_link = '<a href="'.$_SERVER[ "PHP_SELF"].'?level=pictures&id='.$album_id.'">'.SmartStripSlashes($row["name"]).'</a>';80 $album_link = '<a href="'.$_SERVER['PHP_SELF'].'?level=pictures&id='.$album_id.'">'.SmartStripSlashes($row['name']).'</a>'; 101 81 102 82 $query = "SELECT * FROM `".TABLE_PREFIX."collections` WHERE `id`='".$collection_id."'"; … … 104 84 $row = mysql_fetch_assoc($result); 105 85 106 $collection_link = '<a href="'.$_SERVER[ "PHP_SELF"].'?level=albums&id='.$collection_id.'">'.SmartStripSlashes($row["name"]).'</a>';107 108 $breadcrumbs = '<a href="'.$_SERVER[ "PHP_SELF"].'">' . plog_tr('Collections') .' </a> » ' . $collection_link . ' » '86 $collection_link = '<a href="'.$_SERVER['PHP_SELF'].'?level=albums&id='.$collection_id.'">'.SmartStripSlashes($row['name']).'</a>'; 87 88 $breadcrumbs = '<a href="'.$_SERVER['PHP_SELF'].'">' . plog_tr('Collections') .' </a> » ' . $collection_link . ' » ' 109 89 .$album_link. ' » '.$picture_link . ' »' . " " . plog_tr('Comments'); 110 111 break; 90 break; 112 91 default: 113 $breadcrumbs = '<strong>' . plog_tr('Collections') . '</strong>';92 $breadcrumbs = '<strong>' . plog_tr('Collections') . '</strong>'; 114 93 } 115 94 … … 117 96 } 118 97 119 $id = isset($_GET['id']) ? intval($_REQUEST['id']) : 0; 120 121 if (!isset($_REQUEST["level"]) or $_REQUEST["level"] == '') $level = "collections"; 122 else $level = $_REQUEST['level']; 98 $id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; 99 $level = (isset($_REQUEST['level']) && $_REQUEST['level'] != '') ? $_REQUEST['level'] : "collections"; 123 100 124 101 $output = "\n\t" . '<h1>' . plog_tr('Manage Content') . '</h1>' . "\n"; … … 129 106 global $config; 130 107 131 if (empty($_REQUEST['level'])) { 132 $_REQUEST['level'] = ''; 133 } 134 135 // here we will determine if we need to perform a move or delete action. 136 if (isset($_REQUEST["action"])) { 137 $num_items = 0; 138 139 $action_result = array(); 140 141 if (isset($_REQUEST['delete_checked']) ) { 142 // perform the delete function on the selected items 143 144 if (isset($_REQUEST["selected"])) { 145 foreach($_REQUEST["selected"] as $del_id) { 146 // lets build the query string 147 if ($level == "pictures") { 148 $rv = delete_picture($del_id); 108 // here we will determine if we need to perform any form actions. 109 if (isset($_REQUEST['action'])) { 110 switch ($_REQUEST['action']) { 111 case 'move-delete': 112 // we're either moving or deleting 113 $num_items = 0; 114 $action_result = array(); 115 116 if (isset($_REQUEST['delete_checked']) ) { 117 // perform the delete function on the selected items 118 if (isset($_REQUEST['selected'])) { 119 foreach($_REQUEST['selected'] as $del_id) { 120 if ($level == "pictures") { 121 $rv = delete_picture($del_id); 122 } 123 if ($level == "collections") { 124 $rv = delete_collection($del_id); 125 } 126 if ($level == "albums") { 127 $rv = delete_album($del_id); 128 } 129 130 if (isset($rv['errors'])) { 131 $output .= "\n\t" . '<p class="errors">' . $rv['errors'] . '</p>' ."\n"; 132 } else { 133 $num_items++; 134 } 135 } 136 137 if ($num_items > 0) { 138 $output .= "\n\t<p class=\"actions\">"; 139 if ($num_items > 1) { 140 $output .= sprintf(plog_tr('You have deleted %d entries successfully'),$num_items); 141 } else { 142 $output .= sprintf(plog_tr('You have deleted %d entry successfully'),$num_items); 143 } 144 $output .= "</p>\n"; 145 146 } 147 } else { 148 $output .= "\n\t<p class=\"errors\">" . plog_tr('Nothing selected to delete!') . "</p>\n"; 149 149 } 150 if ($level == "collections") { 151 $rv = delete_collection($del_id); 150 } else if (isset($_REQUEST['move_checked'])) { 151 if ($level == "albums") { $parent = "parent_id"; } 152 if ($level == "pictures") { $parent = "parent_album"; } 153 154 // perform the move function on the selected items 155 $pid = $_REQUEST['group_id']; 156 157 if (isset($_REQUEST['selected'])) { 158 foreach ($_REQUEST['selected'] as $mov_id) { 159 160 // if we are using pictures we need to update the parent_collection as well 161 if ($level == "pictures") { 162 $result = move_picture($mov_id, $pid); 163 if (empty($result['errors'])) { 164 $num_items++; 165 } else { 166 $output .= "\n\t" . '<p class="errors">' . $result['errors'] . '</p>' . "\n"; 167 } 168 } else if ($level == "albums") { 169 // if we are moving entire albums then we need to rename the folder 170 // $pid is our target collection id, $mov_id is our source album 171 172 $result = move_album($mov_id,$pid); 173 if (empty($result['errors'])) { 174 $num_items++; 175 } else { 176 $output .= "\n\t" . '<p class="errors">' . $result['errors'] . '</p>' . "\n"; 177 } 178 } 179 180 } 181 182 $output .= "\n\t<p class=\"actions\">" . sprintf(plog_tr('You have moved %d entry(s) successfully.'),$num_items) . "</p>\n"; 183 } else { 184 $output .= "\n\t<p class=\"errors\">" . plog_tr('Nothing selected to move!') . "</p>\n"; 152 185 } 153 if ($level == "albums") { 154 $rv = delete_album($del_id); 155 } 156 157 if (isset($rv['errors'])) { 158 $output .= "\n\t" . '<p class="errors">' . $rv['errors'] . '</p>' ."\n"; 159 } else { 160 $num_items++; 161 }; 162 } 163 164 if ($num_items > 0){ 165 $output .= "\n\t<p class=\"actions\">"; 166 if ($num_items > 1) { 167 $output .= sprintf(plog_tr('You have deleted %d entries successfully'),$num_items); 168 } else { 169 $output .= sprintf(plog_tr('You have deleted %d entry successfully'),$num_items); 170 }; 171 $output .= "</p>\n"; 172 173 } 174 } 175 else{ 176 $output .= "\n\t<p class=\"errors\">" . plog_tr('Nothing selected to delete!') . "</p>\n"; 177 } 178 } 179 else if (isset($_REQUEST['move_checked'])) { 180 if ($level == "albums") $parent = "parent_id"; 181 if ($level == "pictures") $parent = "parent_album"; 182 183 // perform the move function on the selected items 184 $pid = $_REQUEST["group_id"]; 185 186 if (isset($_REQUEST["selected"])) { 187 foreach ($_REQUEST["selected"] as $mov_id) { 188 189 // if we are using pictures we need to update the parent_collection as well 190 if ($level == "pictures") { 191 // lets build the query string 192 $result = move_picture($mov_id,$pid); 193 if (empty($result['errors'])) { 194 $num_items++; 195 } else { 196 $output .= "\n\t" . '<p class="errors">' . $result['errors'] . '</p>' . "\n"; 197 } 198 } else if ($level == "albums") { 199 // if we are moving entire albums then we need to rename the folder 200 // $pid is our target collection id, $mov_id is our source album 201 202 $result = move_album($mov_id,$pid); 203 if (empty($result['errors'])) { 204 $num_items++; 205 } else { 206 $output .= "\n\t" . '<p class="errors">' . $result['errors'] . '</p>' . "\n"; 207 } 208 } 209 210 } 211 212 $output .= "\n\t<p class=\"actions\">" . sprintf(plog_tr('You have moved %d entry(s) successfully.'),$num_items) . "</p>\n"; 213 } 214 else{ 215 $output .= "\n\t<p class=\"errors\">" . plog_tr('Nothing selected to move!') . "</p>\n"; 216 } 217 } 218 else if (!empty($_GET["action"])){ 219 if($_GET["action"] == "edit-picture") { 186 } 187 break; 188 case "edit-picture": 220 189 $level = 'picture'; 221 // show the edit form222 $photo = get_picture_by_id($ _REQUEST["id"]);190 // show the edit picture form 191 $photo = get_picture_by_id($id); 223 192 if ($photo['allow_comments'] == 1) $state = "checked=\"checked\""; else $state = ""; 224 193 225 $output .= "\n\t\t" . '<form class="edit" action="'.$_SERVER["PHP_SELF"].'?level=pictures&id='.$photo["parent_album"]; 226 if (isset($_GET["entries_per_page"])) $output .= '&entries_per_page=' . intval($_GET["entries_per_page"]); 227 if (isset($_GET["plog_page"])) $output .= '&plog_page=' . intval($_GET["plog_page"]); 228 $output .= '" method="post">'; 194 $output .= "\n\t\t" . '<form class="edit" action="'.$_SERVER['PHP_SELF'].'?level=pictures&id='.$photo['parent_album'].'" method="post">'; 195 229 196 $thumbpath = generate_thumb(SmartStripSlashes($photo['path']), $photo['id'],THUMB_SMALL); 230 $output .= "\n\t\t\t<div style=\"float: right;\"><img src=\"$thumbpath\" alt=\"\" /></div>"; 197 $output .= "\n\t\t\t" . '<div style="float: right;"><img src="'.$thumbpath.'" alt="" /></div>'; 198 231 199 $output .= "\n\t\t\t" . '<div> 232 200 <label accesskey="c" for="caption">' . plog_tr('<em>C</em>aption') . ':</label><br /> 233 <input size="80" name="caption" id="caption" value="'. SmartStripSlashes($photo['caption']).'" /><br />201 <input size="80" name="caption" id="caption" value="'.htmlspecialchars(SmartStripSlashes($photo['caption'])).'" /><br /> 234 202 <label>' . plog_tr('Description') . ':</label><br /> 235 <textarea name="description" id="description" cols="60" rows="5">'. SmartStripSlashes($photo['description']).'</textarea><br />203 <textarea name="description" id="description" cols="60" rows="5">'.htmlspecialchars(SmartStripSlashes($photo['description'])).'</textarea><br /> 236 204 <label for="allow_comments" accesskey="w">' . plog_tr('Allo<em>w</em> Comments') . '?</label> <input type="checkbox" id="allow_comments" name="allow_comments" value="1"'." $state /><br /><br />"; 237 205 $output .= "\n\t\t\t\t" . '<input type="hidden" name="pid" value="'.$photo['id'].'" /> 238 206 <input type="hidden" name="action" value="update-picture" /> 239 <button class="submit" type="submit">' . plog_tr('Update') . '</button> 207 <input class="submit" name="update" value="' . plog_tr('Update') . '" type="submit" /> 208 <input class="submit" name="cancel" value="' . plog_tr('Cancel') . '" type="submit" /> 240 209 </div>'; 241 210 $output .= "\n\t\t" . '</form>' . "\n"; 242 243 } 244 else if ($_GET["action"] == "edit-album") { 245 // show the edit form 246 $output .= plog_edit_album_form($_REQUEST["id"]); 247 } 248 else if ($_GET["action"] == "edit-collection") { 249 $output .= plog_edit_collection_form($_GET["id"]); 250 } 251 else if ($_GET["action"] == "edit-comment") { 252 // show the edit form 253 $output .= edit_comment_form($_GET["pid"]); 254 } 255 } 256 else if (!empty($_POST["action"])){ 257 if ($_POST['action'] == 'update-picture') { 258 $action_result = update_picture($_POST['pid'],$_POST['caption'],$_POST['allow_comments'],$_POST['description']); 259 } 260 else if ($_POST['action'] == 'update-album') { 261 $action_result = update_album($_POST['pid'],$_POST['name'],$_POST['description'],$_POST['thumbnail_id']); 262 } 263 else if ($_POST["action"] == "update-collection") { 264 $action_result = update_collection($_POST["pid"],$_POST["name"],$_POST["description"],$_POST["thumbnail_id"]); 265 } 266 else if ($_POST["action"] == "update-comment") { 267 $action_result = update_comment($_POST["pid"],$_POST["author"],$_POST["email"],$_POST["url"],$_POST["comment"]); 268 } 269 else if ($_POST["action"] == "add-collection") { 270 $action_result = add_collection($_POST["name"],$_POST["description"]); 271 } 272 else if ($_POST["action"] == "add-album") { 273 $action_result = add_album($_POST["name"],$_POST["description"],$_POST["parent_collection"]); 274 } 211 $edit_page = 1; 212 break; 213 case "edit-album": 214 // show the edit album form 215 $output .= plog_edit_album_form($id); 216 $edit_page = 1; 217 break; 218 case "edit-collection": 219 // show the edit collection form 220 $output .= plog_edit_collection_form($id); 221 $edit_page = 1; 222 break; 223 case "edit-comment": 224 // show the edit comment form 225 $output .= edit_comment_form($id); 226 $edit_page = 1; 227 break; 228 case "update-picture": 229 // update the picture information 230 if (!isset($_REQUEST['cancel'])) { 231 $action_result = update_picture($_REQUEST['pid'], $_REQUEST['caption'], $_REQUEST['allow_comments'], $_REQUEST['description']); 232 } 233 break; 234 case "update-album": 235 // update the album information 236 if (!isset($_REQUEST['cancel'])) { 237 $action_result = update_album($_POST['pid'], $_POST['name'], $_POST['description'], $_POST['thumbnail_id']); 238 } 239 break; 240 case "update-collection": 241 // update the collection infomration 242 if (!isset($_REQUEST['cancel'])) { 243 $action_result = update_collection($_POST['pid'], $_POST['name'], $_POST['description'], $_POST['thumbnail_id']); 244 } 245 break; 246 case "update-comment": 247 // update the comment information 248 if (!isset($_REQUEST['cancel'])) { 249 $action_result = update_comment($_POST['pid'], $_POST['author'], $_POST['email'], $_POST['url'], $_POST['comment']); 250 } 251 break; 252 case "add-collection": 253 // add a new collection 254 $action_result = add_collection($_POST['name'], $_POST['description']); 255 break; 256 case "add-album": 257 // add a new album 258 $action_result = add_album($_POST['name'], $_POST['description'], $_POST['parent_collection']); 259 break; 275 260 } 276 261 277 262 if (!empty($action_result['errors'])) { 263 // if there are any errors from the actions above, display the errors for the user 278 264 $output .= "\n\t" . '<p class="errors">' . $action_result['errors'] . '</p>' . "\n"; 279 265 } elseif (!empty($action_result['output'])) { 266 // else if no errors, display the successful output 280 267 $output .= "\n\t" . '<p class="actions">' . $action_result['output'] . '</p>' . "\n"; 281 }; 282 283 if (($_REQUEST["action"] == '1') && isset($_GET["action"])){ 284 unset($_GET["action"]); 285 } 286 } 287 288 if (!isset($_GET["action"])){ 289 // here we will generate a "add collection/album" header 268 } 269 270 } 271 272 if (!isset($edit_page)) { 273 // here we will generate a "add collection/album" header form 290 274 if ($level == "collections") { 291 275 $output .= plog_add_collection_form(); … … 302 286 if (isset($_REQUEST['entries_per_page'])) { 303 287 $_SESSION['entries_per_page'] = $_REQUEST['entries_per_page']; 304 } else {288 } else if (!isset($_SESSION['entries_per_page'])){ 305 289 $_SESSION['entries_per_page'] = 20; 306 290 } … … 309 293 310 294 // determine the filtering conditional based on the level and id number 311 if ($level == "albums" or $level == "comments"){ 312 $cond = "WHERE `parent_id` = '$id'"; 313 } 314 else if ($level == "pictures"){ 315 $cond = "WHERE `parent_album` = '$id'"; 295 if ($level == "albums" || $level == "comments"){ 296 $cond = "WHERE `parent_id` = '".intval($id)."'"; 297 } else if ($level == "pictures"){ 298 $cond = "WHERE `parent_album` = '".intval($id)."'"; 316 299 } 317 300 … … 329 312 330 313 $pagination_menu = "\n\t\t" . '<div class="entries-page">'.generate_pagination_view_menu().'</div> 331 <div class="pagination">'.generate_pagination("admin", "manage", $plog_page, $totalRows, $_SESSION['entries_per_page'], array("level" => $level, "id" => $id , "entries_per_page" => $_SESSION['entries_per_page'])).'314 <div class="pagination">'.generate_pagination("admin", "manage", $plog_page, $totalRows, $_SESSION['entries_per_page'], array("level" => $level, "id" => $id)).' 332 315 </div>'; 333 316 334 $output .= "\n\t\t" . '<form id="contentList" action="'.$_SERVER["PHP_SELF"].'" method="get">'; 335 336 $level = $_REQUEST['level']; 337 338 if (empty($level) || $level == "collections") { 339 $output .= $pagination_menu.generate_breadcrumb_admin(""); 340 $output .= plog_collection_manager($first_item,$_SESSION['entries_per_page']); 341 } 342 343 if ($level == "albums") { 344 $output .= $pagination_menu.generate_breadcrumb_admin("albums", $id); 345 $output .= plog_album_manager($id,$first_item,$_SESSION['entries_per_page']); 346 }; 347 348 if ($level == "pictures") { 349 $output .= $pagination_menu.generate_breadcrumb_admin("pictures", $id); 350 $output .= plog_picture_manager($id,$first_item,$_SESSION['entries_per_page']); 351 352 }; 353 354 if ($level == "comments") { 355 $output .= $pagination_menu.generate_breadcrumb_admin("comments", $id); 356 $output .= plog_comment_manager($id,$first_item,$_SESSION['entries_per_page']); 357 }; 317 $output .= "\n\t\t" . '<form id="contentList" action="'.$_SERVER['PHP_SELF'].'" method="post">'; 318 319 switch ($level) { 320 case "comments": 321 $output .= $pagination_menu.generate_breadcrumb_admin("comments", $id); 322 $output .= plog_comment_manager($id,$first_item,$_SESSION['entries_per_page']); 323 break; 324 case "pictures": 325 $output .= $pagination_menu.generate_breadcrumb_admin("pictures", $id); 326 $output .= plog_picture_manager($id,$first_item,$_SESSION['entries_per_page']); 327 break; 328 case "albums": 329 $output .= $pagination_menu.generate_breadcrumb_admin("albums", $id); 330 $output .= plog_album_manager($id,$first_item,$_SESSION['entries_per_page']); 331 break; 332 case "collections": 333 default: 334 $output .= $pagination_menu.generate_breadcrumb_admin(""); 335 $output .= plog_collection_manager($first_item,$_SESSION['entries_per_page']); 336 break; 337 } 358 338 359 339 $output .= "\n\t\t" . '<div><a href="#" onclick="checkAll(document.getElementById(\'contentList\')); return false; ">' . plog_tr('Invert Checkbox Selection') . '</a></div> … … 362 342 <input type="hidden" name="level" value="'.$level.'" /> 363 343 <input type="hidden" name="id" value="'.$id.'" /> 364 <input type="hidden" name="action" value=" 1" />344 <input type="hidden" name="action" value="move-delete" /> 365 345 <input class="submit" type="submit" name="delete_checked" onclick="return confirm(\'' . plog_tr('Are you sure you want to delete selected items?') . '\');" value="' . plog_tr('Delete Checked') . '" />'; 366 346 if (!empty($level) && $level != "collections" && $level != "comments"){ 367 347 $output .= generate_move_menu($level); 368 } ;348 } 369 349 $output .= "\n\t\t</div>\n\t\t</form>\n"; 370 350 } -
trunk/plog-admin/plog-upload.php
r558 r569 16 16 foreach($albums as $album_id => $album) { 17 17 18 if ($albums_menu == $album_id || $new_album_name == $album['album_name']) 19 $selected = " selected='selected'"; else $selected = ""; 18 if ($albums_menu == $album_id || $new_album_name == $album['album_name']) { 19 $selected = " selected='selected'"; 20 } else { 21 $selected = ""; 22 } 20 23 21 24 $output .= "\n\t\t\t\t\t\t\t<option value=\"".$album_id."\"$selected>".SmartStripSlashes($album['collection_name']).": ".SmartStripSlashes($album['album_name'])."</option>"; -
trunk/plog-download.php
r568 r569 2 2 3 3 include(dirname(__FILE__)."/plog-load-config.php"); 4 if (!$config["allow_dl"]) { 5 // ignorance is bliss 6 exit(); 7 } 4 8 5 9 /* … … 194 198 if (!isset($_REQUEST["checked"]) || (!is_array($_REQUEST["checked"]))){ 195 199 echo 'No pictures were selected.'; 196 } 197 else{ 200 } else { 198 201 create_zip($_REQUEST["checked"], $_REQUEST["dl_type"]); 199 202 } … … 231 234 if ($type == "collections"){ 232 235 foreach ($checked as $cid){ 233 $query = "SELECT * FROM `".TABLE_PREFIX."collections` WHERE `id`='". $cid."'";236 $query = "SELECT * FROM `".TABLE_PREFIX."collections` WHERE `id`='".intval($cid)."'"; 234 237 $result = run_query($query); 235 238 … … 257 260 } 258 261 } 259 } 260 elseif($type == "collection"){ 262 } else if ($type == "collection") { 261 263 foreach ($checked as $aid){ 262 $query = "SELECT * FROM `".TABLE_PREFIX."albums` WHERE `id`='". $aid."'";264 $query = "SELECT * FROM `".TABLE_PREFIX."albums` WHERE `id`='".intval($aid)."'"; 263 265 $result = run_query($query); 264 266 … … 286 288 } 287 289 } 288 } 289 elseif($type == "album" || $type == "search"){ 290 } elseif ($type == "album" || $type == "search") { 290 291 foreach ($checked as $pid){ 291 $query = "SELECT * FROM `".TABLE_PREFIX."pictures` WHERE `id`='". $pid."'";292 $query = "SELECT * FROM `".TABLE_PREFIX."pictures` WHERE `id`='".intval($pid)."'"; 292 293 $result = run_query($query); 293 294 -
trunk/plog-includes/plog-functions.php
r568 r569 534 534 535 535 function get_active_collections_albums() { 536 $image_collection_count = array(); 537 $image_album_count = array(); 536 538 $return = array( 537 539 "collections" => '', … … 542 544 $result = run_query($sql); 543 545 while($row = mysql_fetch_assoc($result)) { 544 $image_collection_count[$row[ "parent_collection"]] = $row["imagecount"];545 $image_album_count[$row[ "parent_album"]] = $row["imagecount"];546 $image_collection_count[$row['parent_collection']] = $row['imagecount']; 547 $image_album_count[$row['parent_album']] = $row['imagecount']; 546 548 } 547 549 $return['collections'] = array_keys($image_collection_count); … … 800 802 } 801 803 802 function get_album_by_name($name ) {804 function get_album_by_name($name, $collection_id) { 803 805 $sql = "SELECT * 804 806 FROM `".TABLE_PREFIX."albums` 805 WHERE `name` = '".mysql_real_escape_string($name)."'"; 807 WHERE `name` = '".mysql_real_escape_string($name)."' 808 AND `parent_id` = ".intval($collection_id); 806 809 $result = run_query($sql); 807 810 … … 1189 1192 // sanitize filename by replacing international characters with underscores 1190 1193 function sanitize_filename($str) { 1191 // allow only alphanumeric characters, hyphen, [, ], dot and apostrophein file names1192 // the rest will be replaced1193 return preg_replace( "/[^\w|\.|'|\-|\[|\]]/","_",$str);1194 // allow only alphanumeric characters, hyphen, [, ], and dot in file names 1195 // quotes will be suppressed & the rest will be replaced with underscores 1196 return preg_replace(array("/['|\"]/", "/[^\w|\.|\-|\[|\]]/"), array("", "_"), $str); 1194 1197 } 1195 1198 … … 2020 2023 global $config; 2021 2024 2022 if ($GLOBALS['plogger_mode'] != 'slideshow' && $GLOBALS['plogger_level'] != '404' ) {2025 if ($GLOBALS['plogger_mode'] != 'slideshow' && $GLOBALS['plogger_level'] != '404' && $GLOBALS['plogger_level'] != "picture") { 2023 2026 $page = isset($_GET['plog_page']) ? intval($_GET['plog_page']) : 1; 2024 2027 $level = $GLOBALS['plogger_level']; … … 2079 2082 case "search": 2080 2083 $keyword = isset($_GET['searchterms']) ? str_replace(" ", ",", $_GET['searchterms']) : ''; 2081 $description = "Search results from my Plogger gallery";2084 $description = "Search results from ".$config['gallery_name']; 2082 2085 break; 2083 2086 2084 2087 default: 2085 2088 $keyword = SmartStripSlashes($config['gallery_name']); // used on gallery entry page 2086 $description = "This is my Plogger gallery"; // used on gallery entry page2089 $description = "This is ".$config['gallery_name']; // used on gallery entry page 2087 2090 break; 2088 2091 } 2089 2092 2090 return "\t<meta name=\"keywords\" content=\" $keyword\" />2091 <meta name=\"description\" content=\" $description\" />\n";2093 return "\t<meta name=\"keywords\" content=\"".htmlspecialchars($keyword)."\" /> 2094 <meta name=\"description\" content=\"".htmlspecialchars($description)."\" />\n"; 2092 2095 } 2093 2096 … … 2159 2162 } 2160 2163 2161 function plogger_get_comment_text( ) {2164 function plogger_get_comment_text($specialchars = false) { 2162 2165 $comment = $GLOBALS["current_comment"]; 2163 2166 return htmlspecialchars(SmartStripSlashes($comment["comment"])); … … 2197 2200 } 2198 2201 2199 function plogger_get_picture_caption() { 2200 if (!empty($GLOBALS["current_picture"]["caption"])) 2201 return SmartStripSlashes($GLOBALS["current_picture"]["caption"]); 2202 else 2203 return " "; 2202 function plogger_get_picture_caption($specialchars = false) { 2203 if (!empty($GLOBALS["current_picture"]["caption"])) { 2204 if ($specialchars) { 2205 return htmlspecialchars(SmartStripSlashes($GLOBALS['current_picture']['caption'])); 2206 } 2207 return SmartStripSlashes($GLOBALS['current_picture']['caption']); 2208 } else { 2209 return " "; 2210 } 2204 2211 } 2205 2212 … … 2233 2240 } 2234 2241 2235 function plogger_get_picture_description( ) {2242 function plogger_get_picture_description($specialchars = false) { 2236 2243 if (isset($GLOBALS['current_picture']['description'])){ 2244 if ($specialchars) { 2245 return htmlspecialchars(SmartStripSlashes($GLOBALS['current_picture']['description'])); 2246 } 2237 2247 return SmartStripSlashes($GLOBALS['current_picture']['description']); 2238 2248 } else { … … 2451 2461 } 2452 2462 2453 function plogger_get_collection_description() { 2454 return htmlspecialchars(SmartStripSlashes($GLOBALS["current_collection"]["description"])); 2455 } 2456 2457 function plogger_get_collection_name() { 2458 return htmlspecialchars(SmartStripSlashes($GLOBALS["current_collection"]["name"])); 2463 function plogger_get_collection_description($specialchars = false) { 2464 if ($specialchars){ 2465 return htmlspecialchars(SmartStripSlashes($GLOBALS['current_collection']['description'])); 2466 } 2467 return SmartStripSlashes($GLOBALS['current_collection']['description']); 2468 } 2469 2470 function plogger_get_collection_name($specialchars = false) { 2471 if ($specialchars) { 2472 return htmlspecialchars(SmartStripSlashes($GLOBALS['current_collection']['name'])); 2473 } 2474 return SmartStripSlashes($GLOBALS['current_collection']['name']); 2459 2475 } 2460 2476 … … 2524 2540 } 2525 2541 2526 function plogger_get_album_description() { 2527 return htmlspecialchars(SmartStripSlashes($GLOBALS["current_album"]["description"])); 2528 } 2529 2530 function plogger_get_album_name() { 2531 return htmlspecialchars(SmartStripSlashes($GLOBALS["current_album"]["name"])); 2542 function plogger_get_album_description($specialchars = false) { 2543 if ($specialchars) { 2544 return htmlspecialchars(SmartStripSlashes($GLOBALS['current_album']['description'])); 2545 } 2546 return SmartStripSlashes($GLOBALS['current_album']['description']); 2547 } 2548 2549 function plogger_get_album_name($specialchars = false) { 2550 if ($specialchars) { 2551 return htmlspecialchars(SmartStripSlashes($GLOBALS['current_album']['name'])); 2552 } 2553 return SmartStripSlashes($GLOBALS['current_album']['name']); 2532 2554 } 2533 2555 -
trunk/plog-remote.php
r568 r569 48 48 49 49 function get_album_by_name($name) { 50 $sqlAlbum = "SELECT * FROM `".TABLE_PREFIX."albums` WHERE name = ' $name'";50 $sqlAlbum = "SELECT * FROM `".TABLE_PREFIX."albums` WHERE name = '".mysql_real_escape_string($name)."'"; 51 51 $resultAlbum = run_query($sqlAlbum); 52 52 return mysql_fetch_assoc($resultAlbum); … … 175 175 176 176 if ($albuminfo) { 177 $sqlPictures = "SELECT * FROM `".TABLE_PREFIX."pictures` WHERE parent_album = " . $albuminfo["id"];177 $sqlPictures = "SELECT * FROM `".TABLE_PREFIX."pictures` WHERE parent_album = " . intval($albuminfo['id']); 178 178 $resultAlbum = run_query($sqlPictures); 179 179 while ($rowAlbum = mysql_fetch_assoc($resultAlbum)){ … … 194 194 function gr_add_album($parent,$name,$description) { 195 195 // parent is the name of the collection 196 $query = "SELECT * FROM `".TABLE_PREFIX."collections` WHERE name = '" . $parent. "'";196 $query = "SELECT * FROM `".TABLE_PREFIX."collections` WHERE name = '" . mysql_real_escape_string($parent) . "'"; 197 197 $result = run_query($query); 198 198
Note: See TracChangeset
for help on using the changeset viewer.
