1 files changed, 154 insertions, 26 deletions

diff --git a/admin/album_notification.php b/admin/album_notification.php
index 4dd578b1a..977c7b43a 100644
--- a/admin/album_notification.php
+++ b/admin/album_notification.php
@@ -46,7 +46,7 @@ $page['cat'] = $category['id'];
 // +-----------------------------------------------------------------------+
 
 // info by email to an access granted group of category informations
-if (isset($_POST['submitEmail']) and !empty($_POST['group']))
+if (isset($_POST['submitEmail']))
 {
   set_make_full_url();
 
@@ -80,41 +80,111 @@ SELECT id, file, path, representative_ext
     }
   }
 
-  pwg_mail_group(
-    $_POST['group'],
-    array(
-      'subject' => l10n('[%s] Visit album %s', $conf['gallery_title'], trigger_change('render_category_name', $category['name'], 'admin_cat_list')),
-      // TODO : change this language variable to 'Visit album %s'
-      // TODO : 'language_selected' => ....
-    ),
-    array(
-      'filename' => 'cat_group_info',
-      'assign' => array(
-        'IMG' => $img,
-        'CAT_NAME' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
-        'LINK' => make_index_url(array(
-            'category' => array(
-              'id' => $category['id'],
-              'name' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
-              'permalink' => $category['permalink']
-              )
-            )),
-        'CPL_CONTENT' => empty($_POST['mail_content']) ? '' : stripslashes($_POST['mail_content']),
-        )
+  $args = array(
+    'subject' => l10n('[%s] Visit album %s', $conf['gallery_title'], trigger_change('render_category_name', $category['name'], 'admin_cat_list')),
+    // TODO : change this language variable to 'Visit album %s'
+    // TODO : 'language_selected' => ....
+    );
+    
+  $tpl = array(
+    'filename' => 'cat_group_info',
+    'assign' => array(
+      'IMG' => $img,
+      'CAT_NAME' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
+      'LINK' => make_index_url(
+        array(
+          'category' => array(
+            'id' => $category['id'],
+            'name' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
+            'permalink' => $category['permalink']
+            )
+          )
+        ),
+      'CPL_CONTENT' => empty($_POST['mail_content']) ? '' : stripslashes($_POST['mail_content']),
       )
     );
 
-  unset_make_full_url();
+  if ('users' == $_POST['who'] and isset($_POST['users']) and count($_POST['users']) > 0)
+  {
+    check_input_parameter('users', $_POST, true, PATTERN_ID);
 
-  $query = '
+    // TODO code very similar to function pwg_mail_group. We'd better create
+    // a function pwg_mail_users that could be called from here and from
+    // pwg_mail_group
+
+    // TODO to make checks even better, we should check that theses users
+    // have access to this album. No real privacy issue here, even if we
+    // send the email to a user without permission.
+
+    $query = '
+SELECT
+    ui.user_id,
+    ui.status,
+    ui.language,
+    u.'.$conf['user_fields']['email'].' AS email,
+    u.'.$conf['user_fields']['username'].' AS username
+  FROM '.USER_INFOS_TABLE.' AS ui
+    JOIN '.USERS_TABLE.' AS u ON u.'.$conf['user_fields']['id'].' = ui.user_id
+  WHERE ui.user_id IN ('.implode(',', $_POST['users']).')
+;';
+    $users = query2array($query);
+    $usernames = array();
+    
+    foreach ($users as $u)
+    {
+      $usernames[] = $u['username'];
+      
+      $authkey = create_user_auth_key($u['user_id'], $u['status']);
+      
+      $user_tpl = $tpl;
+
+      if ($authkey !== false)
+      {
+        $user_tpl['assign']['LINK'] = add_url_params($tpl['assign']['LINK'], array('auth' => $authkey['auth_key']));
+
+        if (isset($user_tpl['assign']['IMG']['link']))
+        {
+          $user_tpl['assign']['IMG']['link'] = add_url_params(
+            $user_tpl['assign']['IMG']['link'],
+            array('auth' => $authkey['auth_key'])
+            );
+        }
+      }
+
+      $user_args = $args;
+      if (isset($authkey))
+      {
+        $user_args['auth_key'] = $authkey['auth_key'];
+      }
+
+      switch_lang_to($u['language']);
+      pwg_mail($u['email'], $user_args, $user_tpl);
+      switch_lang_back();
+    }
+
+    $message = l10n_dec('%d mail was sent.', '%d mails were sent.', count($users));
+    $message.= ' ('.implode(', ', $usernames).')';
+    
+    $page['infos'][] = $message;
+  }
+  elseif ('group' == $_POST['who'] and !empty($_POST['group']))
+  {
+    check_input_parameter('group', $_POST, false, PATTERN_ID);
+    
+    pwg_mail_group($_POST['group'], $args, $tpl);
+
+    $query = '
 SELECT
     name
   FROM '.GROUPS_TABLE.'
   WHERE id = '.$_POST['group'].'
 ;';
-  list($group_name) = pwg_db_fetch_row(pwg_query($query));
+    list($group_name) = pwg_db_fetch_row(pwg_query($query));
 
-  $page['infos'][] = l10n('An information email was sent to group "%s"', $group_name);
+    $page['infos'][] = l10n('An information email was sent to group "%s"', $group_name);
+  }
+
+  unset_make_full_url();
 }
 
 // +-----------------------------------------------------------------------+
@@ -189,6 +259,64 @@ SELECT
   }
 }
 
+// all users with status != guest and permitted to this this album (for a
+// perfect search, we should also check that album is not only filled with
+// private photos)
+$query = '
+SELECT
+    user_id
+  FROM '.USER_INFOS_TABLE.'
+  WHERE status != \'guest\'
+;';
+$all_user_ids = query2array($query, null, 'user_id');
+
+if ('private' == $category['status'])
+{
+  $user_ids_access_indirect = array();
+  
+  if (isset($group_ids) and count($group_ids) > 0)
+  {
+    $query = '
+SELECT
+    user_id
+  FROM '.USER_GROUP_TABLE.'
+  WHERE group_id IN ('.implode(',', $group_ids).') 
+';
+    $user_ids_access_indirect = query2array($query, null, 'user_id');
+  }
+
+  $query = '
+SELECT
+    user_id
+  FROM '.USER_ACCESS_TABLE.'
+  WHERE cat_id = '.$category['id'].'
+;';
+  $user_ids_access_direct = query2array($query, null, 'user_id');
+
+  $user_ids_access = array_unique(array_merge($user_ids_access_direct, $user_ids_access_indirect));
+
+  $user_ids = array_intersect($user_ids_access, $all_user_ids);
+}
+else
+{
+  $user_ids = $all_user_ids;
+}
+
+if (count($user_ids) > 0)
+{
+  $query = '
+SELECT
+    '.$conf['user_fields']['id'].' AS id,
+    '.$conf['user_fields']['username'].' AS username
+  FROM '.USERS_TABLE.'
+  WHERE id IN ('.implode(',', $user_ids).')
+;';
+
+  $users = query2array($query, 'id', 'username');
+
+  $template->assign('user_options', $users);
+}
+
 // +-----------------------------------------------------------------------+
 // |                           sending html code                           |
 // +-----------------------------------------------------------------------+