240 lines
8.8 KiB
PHP
240 lines
8.8 KiB
PHP
<?php
|
|
|
|
// Copyright (C) 2002-2006 Balint Kis (balint@k-i-s.net)
|
|
// Copyright (C) 2005-2013 Solomon Peachy (pizza@shaftnet.org)
|
|
|
|
// This program is free software; you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation; either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with this program; if not, write to the Free Software
|
|
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
include_once "include/config.php";
|
|
include_once "include/common.php";
|
|
include_once "include/site.php";
|
|
|
|
$database = site_prolog(PO_USER_TYPE_CLIENT);
|
|
|
|
$album_id = isset($_REQUEST['album']) ? pg_escape_string($database, $_REQUEST['album']) : FALSE;
|
|
|
|
$comment = isset($_REQUEST['comment']) ? pg_escape_string($database, $_REQUEST['comment']) : '';
|
|
$new_rating = isset($_REQUEST['new_rating']) ? pg_escape_string($database, $_REQUEST['new_rating']) : 0;
|
|
|
|
$size = isset($_REQUEST['size']) ? pg_escape_string($database, $_REQUEST['size']) : 2;
|
|
|
|
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'add';
|
|
$go = isset($_REQUEST['go']);
|
|
|
|
$extra_col = "";
|
|
|
|
switch($action) {
|
|
case 'add':
|
|
$photo_id = pg_escape_string($database, $_REQUEST['photo']);
|
|
$version = pg_escape_string($database, $_REQUEST['version']);
|
|
$sql_select = "photo_version.identifier = '$version' and photo_version.photo = '$photo_id'";
|
|
break;
|
|
case 'edit':
|
|
case 'delete':
|
|
$rating_id = pg_escape_string($database, $_REQUEST['rating']);
|
|
$sql_select = "rating.identifier = '$rating_id' and photo_version.identifier = rating.version";
|
|
$extra_col = ", rating";
|
|
break;
|
|
}
|
|
|
|
$photo_data = pg_fetch_assoc(pg_query($database, "
|
|
select photo.users, caption, title, access_rights,
|
|
can_access_photo(photo.identifier, $po_user[id], '{".$passwords."}') as ok, folder, photo.identifier as photo, photo_version.identifier as version, original_image_name
|
|
from photo, photo_version $extra_col
|
|
where photo.identifier = photo_version.photo
|
|
and $sql_select
|
|
"));
|
|
|
|
if ($photo_data) {
|
|
$owner_id = $photo_data['users'];
|
|
$photo_id = $photo_data['photo'];
|
|
$version = $photo_data['version'];
|
|
}
|
|
|
|
if ($photo_data['ok'] != 't') {
|
|
if ($photo_data['access_rights'] == $access['private']) {
|
|
header("HTTP/1.1 403 Forbidden");
|
|
site_header($strings['generic_display_folder']);
|
|
site_navigator(1);
|
|
site_navigator_status(disp_user_string($database, 0). " : ". $strings['errors_private'], "");
|
|
site_footer($database);
|
|
site_epilog($database);
|
|
} else {
|
|
site_push_error($strings['errors_protected']);
|
|
header("Location: $site_url/login.php?reason=protected&orig=".urlencode(generate_link('photo', $photo_id, array('ver'=>$version, 'detail_info'=>6,'album'=>$album_id), TRUE)));
|
|
}
|
|
exit();
|
|
}
|
|
|
|
switch($action) {
|
|
case 'add':
|
|
$rating = pg_fetch_row(pg_query($database, "
|
|
select value, identifier, users
|
|
from rating
|
|
where photo='$photo_id'
|
|
and version='$version'
|
|
and users='$po_user[id]'"));
|
|
break;
|
|
case 'edit':
|
|
case 'delete':
|
|
$rating = pg_fetch_row(pg_query($database, "
|
|
select value, users, photo, version, comment
|
|
from rating
|
|
where identifier='$rating_id'"));
|
|
|
|
$value = $rating[0];
|
|
|
|
/* Enforce ownership */
|
|
if (($po_user['type'] != PO_USER_TYPE_ADMIN) &&
|
|
($po_user['id'] != $rating[1])) {
|
|
site_push_error($strings['errors_not_owner']);
|
|
site_epilog($database);
|
|
header("Location: ".generate_link('photo', $photo_id, array('ver'=>$version, 'detail_info'=>6,'album'=>$album_id), TRUE));
|
|
exit();
|
|
}
|
|
break;
|
|
}
|
|
|
|
if ($go) {
|
|
$result = FALSE;
|
|
switch ($action) {
|
|
case 'add':
|
|
$result = pg_query($database, "insert into rating (identifier, photo, users, value, comment, version)
|
|
values (nextval('rating_id_sequence'), '$photo_id', '$po_user[id]', $new_rating, '$comment', $version)");
|
|
break;
|
|
case 'edit':
|
|
case 'delete':
|
|
if ($action == 'edit') {
|
|
$result = pg_query($database, "update rating set value='$new_rating', comment='$comment' where identifier='$rating_id' and users=$po_user[id]");
|
|
} else {
|
|
$result = pg_query($database, "delete from rating where identifier='$rating_id' and users=$po_user[id]");
|
|
}
|
|
if (!$result) {
|
|
site_push_error($strings['errors_db_insert_failed']);
|
|
}
|
|
break;
|
|
}
|
|
if (!$result) {
|
|
site_push_error($strings['errors_db_insert_failed']);
|
|
}
|
|
site_epilog($database);
|
|
header("Location: ".generate_link('photo', $photo_id, array('ver'=>$version, 'detail_info'=>6,'album'=>$album_id), TRUE));
|
|
exit();
|
|
}
|
|
|
|
site_header(sprintf($strings["profile_$action"], $strings['generic_rating']));
|
|
|
|
$user_display_string = disp_user_string($database, $photo_data['users']);
|
|
if ($po_user['id'] == $photo_data['users']) {
|
|
site_navigator(5);
|
|
} else {
|
|
site_navigator(1);
|
|
}
|
|
|
|
$path_to_folder = get_path_to_folder($database, $photo_data['folder']);
|
|
$title = get_photo_title($photo_data['caption'], $photo_data['title'], $photo_data['original_image_name']);
|
|
site_navigator_status("$user_display_string $path_to_folder : ".emit_a(generate_link('photo', $photo_id, array('ver'=>$version, 'detail_info'=>5,'album'=>$album_id)), $title)." : ". sprintf($strings["profile_$action"], $strings['generic_rating']), "");
|
|
|
|
print "<div align=\"center\">";
|
|
theme_display_photo(generate_link('image', $photo_id, array('ver'=>$version, 'size'=>$size)), "");
|
|
print "</div>";
|
|
|
|
print "<div align=\"center\">";
|
|
switch($action) {
|
|
case 'add':
|
|
if ($rating[0]) {
|
|
print err_str($strings['errors_already_rated']);
|
|
print "<p>";
|
|
print sprintf ($strings['photo_rating_text'], $rating[0]);
|
|
print "</p>";
|
|
print $thm_elem['button.back'];
|
|
} else {
|
|
print "<form method=\"post\" action=\"photo.rating.php\" accept-charset=\"".$strings['formats_encoding']."\">\n";
|
|
print "<input type=\"hidden\" name=\"photo\" value=\"$photo_id\"/>\n";
|
|
print "<input type=\"hidden\" name=\"version\" value=\"$version\"/>\n";
|
|
print "<input type=\"hidden\" name=\"go\" value=\"go\"/>\n";
|
|
if ($album_id) {
|
|
print "<input type=\"hidden\" name=\"album\" value=\"$album_id\"/>\n";
|
|
}
|
|
print "<input type=\"hidden\" name=\"action\" value=\"add\"/>\n";
|
|
print "<table class=\"profile\">\n";
|
|
print "<tr>";
|
|
print emit_th($strings['photo_rating'], "width=\"12%\"");
|
|
print emit_th($strings['generic_remark'], "width=\"88%\"");
|
|
print "</tr><tr>";
|
|
print "<td>";
|
|
print "<select name=\"new_rating\">";
|
|
for ($i=1; $i <= 10; $i++) {
|
|
print emit_option($i, $i, FALSE);
|
|
}
|
|
print "</select>";
|
|
print "</td>";
|
|
print "<td><textarea name=\"comment\" rows=\"5\" cols=\"60\"></textarea></td>";
|
|
print "</tr>";
|
|
print "</table>\n";
|
|
print $thm_elem['button.submit'];
|
|
print $thm_elem['button.cancel'];
|
|
print "</form>\n";
|
|
}
|
|
break;
|
|
case 'edit':
|
|
print "<form method=\"post\" action=\"photo.rating.php\" accept-charset=\"".$strings['formats_encoding']."\">\n";
|
|
print "<input type=\"hidden\" name=\"rating\" value=\"$rating_id\"/>\n";
|
|
if ($album_id) {
|
|
print "<input type=\"hidden\" name=\"album\" value=\"$album_id\"/>\n";
|
|
}
|
|
print "<input type=\"hidden\" name=\"go\" value=\"go\"/>\n";
|
|
print "<input type=\"hidden\" name=\"action\" value=\"edit\"/>\n";
|
|
print "<table class=\"profile\">\n";
|
|
print "<tr>";
|
|
print emit_th($strings['photo_rating'], "width=\"12%\"");
|
|
print emit_th($strings['generic_remark'], "width=\"88%\"");
|
|
|
|
print "</tr><tr>";
|
|
print "<td>";
|
|
print "<select name=\"new_rating\">";
|
|
for ($i=1; $i <= 10; $i++) {
|
|
print emit_option($i, $i, $i == $rating[0]);
|
|
}
|
|
print "</select>";
|
|
print "</td>";
|
|
print "<td><textarea name=\"comment\" rows=\"5\" cols=\"60\">$rating[4]</textarea></td>";
|
|
print "</tr>";
|
|
print "</table>\n";
|
|
print $thm_elem['button.submit'];
|
|
print $thm_elem['button.cancel'];
|
|
print "</form>\n";
|
|
break;
|
|
case 'delete':
|
|
print "<form method=\"post\" action=\"photo.rating.php\" accept-charset=\"".$strings['formats_encoding']."\">\n";
|
|
print "<input type=\"hidden\" name=\"rating\" value=\"$rating_id\"/>\n";
|
|
if ($album_id) {
|
|
print "<input type=\"hidden\" name=\"album\" value=\"$album_id\"/>\n";
|
|
}
|
|
print "<input type=\"hidden\" name=\"go\" value=\"go\"/>\n";
|
|
print "<input type=\"hidden\" name=\"action\" value=\"delete\"/>\n";
|
|
print "<p>";
|
|
print sprintf ($strings['photo_rating_text'], $rating[0]);
|
|
print "</p>";
|
|
print $thm_elem['button.confirm.delete'];
|
|
print $thm_elem['button.cancel'];
|
|
print "</form>\n";
|
|
break;
|
|
}
|
|
|
|
site_footer($database);
|
|
site_epilog($database);
|
|
?>
|