po/src/photo.rating.php

240 lines
8.8 KiB
PHP

<?php
// Copyright (C) 2002-2006 Balint Kis (balint@k-i-s.net)
// Copyright (C) 2005-2013 Solomon Peachy (pizza@shaftnet.org)
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
include_once "include/config.php";
include_once "include/common.php";
include_once "include/site.php";
$database = site_prolog(PO_USER_TYPE_CLIENT);
$album_id = isset($_REQUEST['album']) ? pg_escape_string($database, $_REQUEST['album']) : FALSE;
$comment = isset($_REQUEST['comment']) ? pg_escape_string($database, $_REQUEST['comment']) : '';
$new_rating = isset($_REQUEST['new_rating']) ? pg_escape_string($database, $_REQUEST['new_rating']) : 0;
$size = isset($_REQUEST['size']) ? pg_escape_string($database, $_REQUEST['size']) : 2;
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'add';
$go = isset($_REQUEST['go']);
$extra_col = "";
switch($action) {
case 'add':
$photo_id = pg_escape_string($database, $_REQUEST['photo']);
$version = pg_escape_string($database, $_REQUEST['version']);
$sql_select = "photo_version.identifier = '$version' and photo_version.photo = '$photo_id'";
break;
case 'edit':
case 'delete':
$rating_id = pg_escape_string($database, $_REQUEST['rating']);
$sql_select = "rating.identifier = '$rating_id' and photo_version.identifier = rating.version";
$extra_col = ", rating";
break;
}
$photo_data = pg_fetch_assoc(pg_query($database, "
select photo.users, caption, title, access_rights,
can_access_photo(photo.identifier, $po_user[id], '{".$passwords."}') as ok, folder, photo.identifier as photo, photo_version.identifier as version, original_image_name
from photo, photo_version $extra_col
where photo.identifier = photo_version.photo
and $sql_select
"));
if ($photo_data) {
$owner_id = $photo_data['users'];
$photo_id = $photo_data['photo'];
$version = $photo_data['version'];
}
if ($photo_data['ok'] != 't') {
if ($photo_data['access_rights'] == $access['private']) {
header("HTTP/1.1 403 Forbidden");
site_header($strings['generic_display_folder']);
site_navigator(1);
site_navigator_status(disp_user_string($database, 0). " : ". $strings['errors_private'], "");
site_footer($database);
site_epilog($database);
} else {
site_push_error($strings['errors_protected']);
header("Location: $site_url/login.php?reason=protected&orig=".urlencode(generate_link('photo', $photo_id, array('ver'=>$version, 'detail_info'=>6,'album'=>$album_id), TRUE)));
}
exit();
}
switch($action) {
case 'add':
$rating = pg_fetch_row(pg_query($database, "
select value, identifier, users
from rating
where photo='$photo_id'
and version='$version'
and users='$po_user[id]'"));
break;
case 'edit':
case 'delete':
$rating = pg_fetch_row(pg_query($database, "
select value, users, photo, version, comment
from rating
where identifier='$rating_id'"));
$value = $rating[0];
/* Enforce ownership */
if (($po_user['type'] != PO_USER_TYPE_ADMIN) &&
($po_user['id'] != $rating[1])) {
site_push_error($strings['errors_not_owner']);
site_epilog($database);
header("Location: ".generate_link('photo', $photo_id, array('ver'=>$version, 'detail_info'=>6,'album'=>$album_id), TRUE));
exit();
}
break;
}
if ($go) {
$result = FALSE;
switch ($action) {
case 'add':
$result = pg_query($database, "insert into rating (identifier, photo, users, value, comment, version)
values (nextval('rating_id_sequence'), '$photo_id', '$po_user[id]', $new_rating, '$comment', $version)");
break;
case 'edit':
case 'delete':
if ($action == 'edit') {
$result = pg_query($database, "update rating set value='$new_rating', comment='$comment' where identifier='$rating_id' and users=$po_user[id]");
} else {
$result = pg_query($database, "delete from rating where identifier='$rating_id' and users=$po_user[id]");
}
if (!$result) {
site_push_error($strings['errors_db_insert_failed']);
}
break;
}
if (!$result) {
site_push_error($strings['errors_db_insert_failed']);
}
site_epilog($database);
header("Location: ".generate_link('photo', $photo_id, array('ver'=>$version, 'detail_info'=>6,'album'=>$album_id), TRUE));
exit();
}
site_header(sprintf($strings["profile_$action"], $strings['generic_rating']));
$user_display_string = disp_user_string($database, $photo_data['users']);
if ($po_user['id'] == $photo_data['users']) {
site_navigator(5);
} else {
site_navigator(1);
}
$path_to_folder = get_path_to_folder($database, $photo_data['folder']);
$title = get_photo_title($photo_data['caption'], $photo_data['title'], $photo_data['original_image_name']);
site_navigator_status("$user_display_string $path_to_folder : ".emit_a(generate_link('photo', $photo_id, array('ver'=>$version, 'detail_info'=>5,'album'=>$album_id)), $title)." : ". sprintf($strings["profile_$action"], $strings['generic_rating']), "");
print "<div align=\"center\">";
theme_display_photo(generate_link('image', $photo_id, array('ver'=>$version, 'size'=>$size)), "");
print "</div>";
print "<div align=\"center\">";
switch($action) {
case 'add':
if ($rating[0]) {
print err_str($strings['errors_already_rated']);
print "<p>";
print sprintf ($strings['photo_rating_text'], $rating[0]);
print "</p>";
print $thm_elem['button.back'];
} else {
print "<form method=\"post\" action=\"photo.rating.php\" accept-charset=\"".$strings['formats_encoding']."\">\n";
print "<input type=\"hidden\" name=\"photo\" value=\"$photo_id\"/>\n";
print "<input type=\"hidden\" name=\"version\" value=\"$version\"/>\n";
print "<input type=\"hidden\" name=\"go\" value=\"go\"/>\n";
if ($album_id) {
print "<input type=\"hidden\" name=\"album\" value=\"$album_id\"/>\n";
}
print "<input type=\"hidden\" name=\"action\" value=\"add\"/>\n";
print "<table class=\"profile\">\n";
print "<tr>";
print emit_th($strings['photo_rating'], "width=\"12%\"");
print emit_th($strings['generic_remark'], "width=\"88%\"");
print "</tr><tr>";
print "<td>";
print "<select name=\"new_rating\">";
for ($i=1; $i <= 10; $i++) {
print emit_option($i, $i, FALSE);
}
print "</select>";
print "</td>";
print "<td><textarea name=\"comment\" rows=\"5\" cols=\"60\"></textarea></td>";
print "</tr>";
print "</table>\n";
print $thm_elem['button.submit'];
print $thm_elem['button.cancel'];
print "</form>\n";
}
break;
case 'edit':
print "<form method=\"post\" action=\"photo.rating.php\" accept-charset=\"".$strings['formats_encoding']."\">\n";
print "<input type=\"hidden\" name=\"rating\" value=\"$rating_id\"/>\n";
if ($album_id) {
print "<input type=\"hidden\" name=\"album\" value=\"$album_id\"/>\n";
}
print "<input type=\"hidden\" name=\"go\" value=\"go\"/>\n";
print "<input type=\"hidden\" name=\"action\" value=\"edit\"/>\n";
print "<table class=\"profile\">\n";
print "<tr>";
print emit_th($strings['photo_rating'], "width=\"12%\"");
print emit_th($strings['generic_remark'], "width=\"88%\"");
print "</tr><tr>";
print "<td>";
print "<select name=\"new_rating\">";
for ($i=1; $i <= 10; $i++) {
print emit_option($i, $i, $i == $rating[0]);
}
print "</select>";
print "</td>";
print "<td><textarea name=\"comment\" rows=\"5\" cols=\"60\">$rating[4]</textarea></td>";
print "</tr>";
print "</table>\n";
print $thm_elem['button.submit'];
print $thm_elem['button.cancel'];
print "</form>\n";
break;
case 'delete':
print "<form method=\"post\" action=\"photo.rating.php\" accept-charset=\"".$strings['formats_encoding']."\">\n";
print "<input type=\"hidden\" name=\"rating\" value=\"$rating_id\"/>\n";
if ($album_id) {
print "<input type=\"hidden\" name=\"album\" value=\"$album_id\"/>\n";
}
print "<input type=\"hidden\" name=\"go\" value=\"go\"/>\n";
print "<input type=\"hidden\" name=\"action\" value=\"delete\"/>\n";
print "<p>";
print sprintf ($strings['photo_rating_text'], $rating[0]);
print "</p>";
print $thm_elem['button.confirm.delete'];
print $thm_elem['button.cancel'];
print "</form>\n";
break;
}
site_footer($database);
site_epilog($database);
?>