archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

*** empty log message ***

Browse source 
git-svn-id: http://piwigo.org/svn/trunk@10 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
z0rglub 2003-05-17 10:49:14 +00:00
commit 8b044b0111
21 changed files with 1098 additions and 507 deletions
Download patch file Download diff file Expand all files Collapse all files

6
admin/admin.php
View file

@ -35,7 +35,7 @@ switch ( $_GET['page'] )
$titre = $lang['title_modify']; $page_valide = true; break;
case 'historique':
$titre = $lang['title_history']; $page_valide = true; break;
case 'miseajour':
case 'update':
$titre = $lang['title_update']; $page_valide = true; break;
case 'configuration':
$titre = $lang['title_configuration']; $page_valide = true; break;
@ -115,7 +115,7 @@ $vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
$vtp->setVar( $handle, 'summary.link',
add_session_id( $link_start.'waiting' ) );
$query = 'select id from '.$prefixeTable.'waiting;';
$query = 'select id from '.PREFIX_TABLE.'waiting;';
$result = mysql_query( $query );
$nb_waiting = '';
if ( mysql_num_rows( $result ) > 0 )
@ -128,7 +128,7 @@ $vtp->closeSession( $handle, 'summary' );
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
$vtp->setVar( $handle, 'summary.link',
add_session_id( $link_start.'miseajour' ) );
add_session_id( $link_start.'update' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_update'] );
$vtp->closeSession( $handle, 'summary' );
// thumbnails

37
admin/cat.php
View file

@ -1,11 +1,10 @@
<?php
/***************************************************************************
* this file is a part of PhpWebGallery *
* cat.php *
* ------------------- *
* version : 1.3 *
* url : http://phpwebgallery.net *
* help : http://forum.phpwebgallery.net *
* author : Pierrick LE GALL *
* application : PhpWebGallery 1.3 *
* website : http://www.phpwebgallery.net *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@ -32,7 +31,7 @@ if ( isset( $_GET['up'] ) && is_numeric( $_GET['up'] ) )
// 1. searching level (id_uppercat)
// and rank of the category to move
$query = 'select id_uppercat,rank';
$query.= ' from '.$prefixeTable.'categories';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where id = '.$_GET['up'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
@ -41,7 +40,7 @@ if ( isset( $_GET['up'] ) && is_numeric( $_GET['up'] ) )
// 2. searching the id and the rank of the category
// just above at the same level
$query = 'select id,rank';
$query.= ' from '.$prefixeTable.'categories';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where rank < '.$rank;
if ( $level == '' )
{
@ -58,12 +57,12 @@ if ( isset( $_GET['up'] ) && is_numeric( $_GET['up'] ) )
$new_rank = $row['rank'];
$replaced_cat = $row['id'];
// 3. exchanging ranks between the two categories
$query = 'update '.$prefixeTable.'categories';
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$new_rank;
$query.= ' where id = '.$_GET['up'];
$query.= ';';
mysql_query( $query );
$query = 'update '.$prefixeTable.'categories';
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$rank;
$query.= ' where id = '.$replaced_cat;
$query.= ';';
@ -74,7 +73,7 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) )
// 1. searching level (id_uppercat)
// and rank of the category to move
$query = 'select id_uppercat,rank';
$query.= ' from '.$prefixeTable.'categories';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where id = '.$_GET['down'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
@ -83,7 +82,7 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) )
// 2. searching the id and the rank of the category
// just below at the same level
$query = 'select id,rank';
$query.= ' from '.$prefixeTable.'categories';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where rank > '.$rank;
if ( $level == '' )
{
@ -100,12 +99,12 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) )
$new_rank = $row['rank'];
$replaced_cat = $row['id'];
// 3. exchanging ranks between the two categories
$query = 'update '.$prefixeTable.'categories';
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$new_rank;
$query.= ' where id = '.$_GET['down'];
$query.= ';';
mysql_query( $query );
$query = 'update '.$prefixeTable.'categories';
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$rank;
$query.= ' where id = '.$replaced_cat;
$query.= ';';
@ -114,12 +113,10 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) )
//------------------------------------------------------------------ reordering
function ordering( $id_uppercat )
{
global $prefixeTable;
$rank = 1;
$query = 'select id';
$query.= ' from '.$prefixeTable.'categories';
$query.= ' from '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
$query.= ' where id_uppercat is NULL';
@ -133,7 +130,7 @@ function ordering( $id_uppercat )
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$query = 'update '.$prefixeTable.'categories';
$query = 'update '.PREFIX_TABLE.'categories';
$query.= ' set rank = '.$rank;
$query.= ' where id = '.$row['id'];
$query.= ';';
@ -148,11 +145,11 @@ ordering( 'NULL' );
function display_cat_manager( $id_uppercat, $indent,
$uppercat_visible, $level )
{
global $prefixeTable,$lang,$conf,$sub,$vtp;
global $lang,$conf,$sub,$vtp;
// searching the min_rank and the max_rank of the category
$query = 'select min(rank) as min, max(rank) as max';
$query.= ' from '.$prefixeTable.'categories';
$query.= ' from '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
$query.= ' where id_uppercat is NULL';
@ -180,7 +177,7 @@ function display_cat_manager( $id_uppercat, $indent,
}
$query = 'select id,name,dir,nb_images,status,rank,site_id';
$query.= ' from '.$prefixeTable.'categories';
$query.= ' from '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
$query.= ' where id_uppercat is NULL';

41
admin/configuration.php
View file

@ -3,6 +3,7 @@
* configuration.php *
* ------------------- *
* application : PhpWebGallery 1.3 *
* website : http://www.phpwebgallery.net *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@ -34,17 +35,16 @@ $Caracs = array("
"ù" => "u", "ú" => "u", "û" => "u", "ü" => "u",
"ý" => "y", "ÿ" => "y");
//------------------------------ verification and registration of modifications
$conf_infos = array( 'prefixe_thumbnail', 'webmaster', 'mail_webmaster',
'acces', 'session_id_size', 'session_time',
'session_keyword', 'max_user_listbox', 'show_comments',
'nb_comment_page', 'upload_available',
'upload_maxfilesize', 'upload_maxwidth',
'upload_maxheight', 'upload_maxwidth_thumbnail',
'upload_maxheight_thumbnail' );
$default_user_infos = array( 'nb_image_line', 'nb_line_page', 'theme',
'language', 'maxwidth', 'maxheight', 'expand',
'show_nb_comments', 'short_period', 'long_period',
'template' );
$conf_infos =
array( 'prefixe_thumbnail','webmaster','mail_webmaster','acces',
'session_id_size','session_time','session_keyword','max_user_listbox',
'show_comments','nb_comment_page','upload_available',
'upload_maxfilesize', 'upload_maxwidth','upload_maxheight',
'upload_maxwidth_thumbnail','upload_maxheight_thumbnail' );
$default_user_infos =
array( 'nb_image_line','nb_line_page','theme','language','maxwidth',
'maxheight','expand','show_nb_comments','short_period','long_period',
'template' );
$error = array();
$i = 0;
if ( $_GET['valider'] == 1 )
@ -52,13 +52,13 @@ if ( $_GET['valider'] == 1 )
//purge de la table des session si demandé
if ( $_POST['empty_session_table'] == 1 )
{
$query = 'delete from '.$prefixeTable.'sessions';
$query = 'delete from '.PREFIX_TABLE.'sessions';
$query.= ' where expiration < '.time().';';
mysql_query( $query );
}
// deletion of site as asked
$query = 'select id';
$query.= ' from '.$prefixeTable.'sites';
$query.= ' from '.PREFIX_TABLE.'sites';
$query.= " where galleries_url <> './galleries/';";
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
@ -182,8 +182,8 @@ if ( $_GET['valider'] == 1 )
// dans le cas où il n'y aucune erreurs
if ( sizeof( $error ) == 0 )
{
mysql_query( 'delete from '.$prefixeTable.'config;' );
$query = 'insert into '.$prefixeTable.'config';
mysql_query( 'delete from '.PREFIX_TABLE.'config;' );
$query = 'insert into '.PREFIX_TABLE.'config';
$query.= ' (';
for ( $i = 0; $i < sizeof( $conf_infos ); $i++ )
{
@ -219,7 +219,7 @@ if ( $_GET['valider'] == 1 )
$tab_theme = explode( ' - ', $_POST['theme'] );
$_POST['theme'] = $tab_theme[0].'/'.$tab_theme[1];
$query = 'update '.$prefixeTable.'users';
$query = 'update '.PREFIX_TABLE.'users';
$query.= ' set';
for ( $i = 0; $i < sizeof( $default_user_infos ); $i++ )
{
@ -271,7 +271,7 @@ else
}
$query.= $conf_infos[$i];
}
$query .= ' from '.$prefixeTable.'config;';
$query .= ' from '.PREFIX_TABLE.'config;';
$row = mysql_fetch_array( mysql_query( $query ) );
@ -292,7 +292,7 @@ else
}
$query.= $default_user_infos[$i];
}
$query .= ' from '.$prefixeTable.'users';
$query .= ' from '.PREFIX_TABLE.'users';
$query.= " where username = 'guest'";
$query.= ';';
@ -308,8 +308,7 @@ $sub = $vtp->Open( '../template/'.$user['template'].
'/admin/configuration.vtp' );
// language
$vtp->setGlobalVar( $sub, 'conf_confirmation', $lang['conf_confirmation'] );
$vtp->setGlobalVar( $sub, 'conf_remote_site_title',
$lang['conf_remote_site_title'] );
$vtp->setGlobalVar( $sub, 'remote_site', $lang['remote_site'] );
$vtp->setGlobalVar( $sub, 'delete', $lang['delete'] );
$vtp->setGlobalVar( $sub, 'conf_remote_site_delete_info',
$lang['conf_remote_site_delete_info'] );
@ -885,7 +884,7 @@ $vtp->closeSession( $sub, 'space_line' );
$vtp->closeSession( $sub, 'line' );
//------------------------------------------------ remote sites administration
$query = 'select id,galleries_url';
$query.= ' from '.$prefixeTable.'sites';
$query.= ' from '.PREFIX_TABLE.'sites';
$query.= " where galleries_url <> './galleries/';";
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )

274
admin/create_listing_file.php
View file

@ -1,128 +1,162 @@
<?php
$prefixe_thumbnail = "TN-";
$prefixe_thumbnail = 'TN-';
$tab_ext = array ( 'jpg', 'JPG','gif','GIF','png','PNG' );
$conf['picture_ext'] = array ( 'jpg', 'gif', 'png', 'JPG', 'GIF', 'PNG' );
$listing = "";
$local_folder = substr( $PHP_SELF, 0, strrpos( $PHP_SELF, "/" ) + 1 );
$url = "http://".$HTTP_HOST.$local_folder;
$listing.= "<url>$url</url>";
// get_dirs retourne un tableau contenant tous les sous-répertoires d'un répertoire
function get_dirs( $rep, $indent, $level )
{
$sub_rep = array();
$i = 0;
$dirs = "";
if ( $opendir = opendir ( $rep ) )
{
while ( $file = readdir ( $opendir ) )
{
if ( $file != "." && $file != ".." && is_dir ( $rep."/".$file ) && $file != "thumbnail" )
{
$sub_rep[$i++] = $file;
}
}
}
// write of the dirs
for ( $i = 0; $i < sizeof( $sub_rep ); $i++ )
{
$dirs.= "\n".$indent."<dir".$level.">";
$dirs.= "\n".$indent."\t<name>".$sub_rep[$i]."</name>";
$dirs.= get_pictures( $rep."/".$sub_rep[$i], $indent."\t" );
$dirs.= get_dirs( $rep."/".$sub_rep[$i], $indent."\t", $level + 1 );
$dirs.= "\n".$indent."</dir".$level.">";
}
return $dirs;
}
function is_image ( $filename )
{
global $tab_ext;
if ( in_array ( substr ( strrchr($filename,"."), 1, strlen ( $filename ) ), $tab_ext ) )
{
return true;
}
else
{
return false;
}
}
function TN_exist ( $dir, $file )
{
global $tab_ext, $prefixe_thumbnail;
$titre = substr ( $file, 0, -4 );
for ( $i = 0; $i < sizeof ( $tab_ext ); $i++ )
{
$test = $dir."/thumbnail/".$prefixe_thumbnail.$titre.".".$tab_ext[$i];
if ( is_file ( $test ) )
{
return $tab_ext[$i];
}
}
return false;
}
$listing = '';
function get_pictures( $rep, $indent )
{
$pictures = array();
$i = 0;
$tn_ext = "";
$root = "";
if ( $opendir = opendir ( $rep ) )
{
while ( $file = readdir ( $opendir ) )
{
if ( is_image( $file ) && $tn_ext = TN_exist( $rep, $file ) )
{
$pictures[$i] = array();
$pictures[$i]['file'] = $file;
$pictures[$i]['tn_ext'] = $tn_ext;
$pictures[$i]['date'] = date( "Y-m-d", filemtime ( $rep."/".$file ) );
$pictures[$i]['filesize'] = floor ( filesize( $rep."/".$file ) / 1024 );
$image_size = @getimagesize( $rep."/".$file );
$pictures[$i]['width'] = $image_size[0];
$pictures[$i]['height'] = $image_size[1];
$i++;
}
}
}
// write of the node <root> with all the pictures at the root of the directory
$root.= "\n".$indent."<root>";
if ( sizeof( $pictures ) > 0 )
{
for( $i = 0; $i < sizeof( $pictures ); $i++ )
{
$root.= "\n".$indent."\t<picture>";
$root.= "\n".$indent."\t\t<file>".$pictures[$i]['file']."</file>";
$root.= "\n".$indent."\t\t<tn_ext>".$pictures[$i]['tn_ext']."</tn_ext>";
$root.= "\n".$indent."\t\t<date>".$pictures[$i]['date']."</date>";
$root.= "\n".$indent."\t\t<filesize>".$pictures[$i]['filesize']."</filesize>";
$root.= "\n".$indent."\t\t<width>".$pictures[$i]['width']."</width>";
$root.= "\n".$indent."\t\t<height>".$pictures[$i]['height']."</height>";
$root.= "\n".$indent."\t</picture>";
}
}
$root.= "\n".$indent."</root>";
return $root;
}
$end = strrpos( $_SERVER['PHP_SELF'], '/' ) + 1;
$local_folder = substr( $_SERVER['PHP_SELF'], 0, $end );
$url = 'http://'.$_SERVER['HTTP_HOST'].$local_folder;
$listing.= get_dirs( ".", "", 0 );
$listing.= "<url>$url</url>";
// get_dirs retourne un tableau contenant tous les sous-répertoires d'un
// répertoire
function get_dirs( $rep, $indent, $level )
{
$sub_rep = array();
$i = 0;
$dirs = "";
if ( $opendir = opendir ( $rep ) )
{
while ( $file = readdir ( $opendir ) )
{
if ( $file != "."
and $file != ".."
and is_dir ( $rep."/".$file )
and $file != "thumbnail" )
{
$sub_rep[$i++] = $file;
}
}
}
// write of the dirs
for ( $i = 0; $i < sizeof( $sub_rep ); $i++ )
{
$dirs.= "\n".$indent.'<dir'.$level.' name="'.$sub_rep[$i].'">';
$dirs.= get_pictures( $rep.'/'.$sub_rep[$i], $indent.' ' );
$dirs.= get_dirs( $rep.'/'.$sub_rep[$i], $indent.' ', $level + 1 );
$dirs.= "\n".$indent.'</dir'.$level.'>';
}
return $dirs;
}
if ( $fp = @fopen("./listing.xml","w") )
{
fwrite( $fp, $listing );
fclose( $fp );
}
else
{
echo "impossible de créer ou d'écrire dans le fichier listing.xml";
}
// get_extension returns the part of the string after the last "."
function get_extension( $filename )
{
return substr( strrchr( $filename, '.' ), 1, strlen ( $filename ) );
}
//echo str_replace( "\t", "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;", nl2br( htmlspecialchars( $listing, ENT_QUOTES ) ) );
echo "listing.xml created";
// get_filename_wo_extension returns the part of the string before the last
// ".".
// get_filename_wo_extension( 'test.tar.gz' ) -> 'test.tar'
function get_filename_wo_extension( $filename )
{
return substr( $filename, 0, strrpos( $filename, '.' ) );
}
function is_image( $filename )
{
global $conf;
if ( !is_dir( $filename )
and in_array( get_extension( $filename ), $conf['picture_ext'] ) )
{
return true;
}
return false;
}
function TN_exists( $dir, $file )
{
global $conf, $prefixe_thumbnail;
$titre = get_filename_wo_extension( $file );
for ( $i = 0; $i < sizeof ( $conf['picture_ext'] ); $i++ )
{
$base_tn_name = $dir.'/thumbnail/'.$prefixe_thumbnail.$titre.'.';
$ext = $conf['picture_ext'][$i];
if ( is_file( $base_tn_name.$ext ) )
{
return $ext;
}
}
echo 'The thumbnail is missing for '.$dir.'/'.$file;
echo '-> '.$dir.'/thumbnail/'.$prefixe_thumbnail.$titre.'.xxx';
echo ' ("xxx" can be : ';
for ( $i = 0; $i < sizeof ( $conf['picture_ext'] ); $i++ )
{
if ( $i > 0 )
{
echo ', ';
}
echo '"'.$conf['picture_ext'][$i].'"';
}
echo ')<br />';
return false;
}
function get_pictures( $rep, $indent )
{
$pictures = array();
$tn_ext = '';
$root = '';
if ( $opendir = opendir ( $rep ) )
{
while ( $file = readdir ( $opendir ) )
{
if ( is_image( $file ) and $tn_ext = TN_exists( $rep, $file ) )
{
$picture = array();
$picture['file'] = $file;
$picture['tn_ext'] = $tn_ext;
$picture['date'] = date('Y-m-d',filemtime( $rep.'/'.$file ) );
$picture['filesize'] = floor( filesize( $rep."/".$file ) / 1024 );
$image_size = @getimagesize( $rep."/".$file );
$picture['width'] = $image_size[0];
$picture['height'] = $image_size[1];
array_push( $pictures, $picture );
}
}
}
// write of the node <root> with all the pictures at the root of the
// directory
$root.= "\n".$indent."<root>";
if ( sizeof( $pictures ) > 0 )
{
for( $i = 0; $i < sizeof( $pictures ); $i++ )
{
$root.= "\n".$indent.' ';
$root.= '<picture';
$root.= ' file="'. $pictures[$i]['file']. '"';
$root.= ' tn_ext="'. $pictures[$i]['tn_ext']. '"';
$root.= ' date="'. $pictures[$i]['date']. '"';
$root.= ' filesize="'. $pictures[$i]['filesize']. '"';
$root.= ' width="'. $pictures[$i]['width']. '"';
$root.= ' height="'. $pictures[$i]['height']. '"';
$root.= ' />';
}
}
$root.= "\n".$indent.'</root>';
return $root;
}
$listing.= get_dirs( '.', '', 0 );
if ( $fp = @fopen("./listing.xml","w") )
{
fwrite( $fp, $listing );
fclose( $fp );
}
else
{
echo "I can't write the file listing.xml";
}
echo "listing.xml created";
?>

8
admin/edit_cat.php
View file

@ -18,7 +18,7 @@
if ( $HTTP_GET_VARS['valider'] == 1 )
{
$query = "update $prefixeTable"."categories ";
$query = "update PREFIX_TABLE"."categories ";
if ( $HTTP_POST_VARS['name'] == "" )
{
$query.= "set name = NULL, ";
@ -39,7 +39,7 @@
$query.= "where id = '".$HTTP_GET_VARS['cat']."';";
mysql_query( $query );
$result = mysql_query( "select id from $prefixeTable"."users where pseudo != '".$conf['webmaster']."';" );
$result = mysql_query( "select id from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
while ( $row = mysql_fetch_array ( $result ) )
{
check_favorites( $row['id'] );
@ -52,7 +52,7 @@
<form action=\"".add_session_id_to_url( "./admin.php?page=edit_cat&amp;cat=".$HTTP_GET_VARS['cat']."&amp;valider=1" )."\" method=\"post\">
<table style=\"width:100%;\">";
$query = "select a.id,name,dir,status,comment,id_uppercat,site_id,galleries_url";
$query.= " from $prefixeTable"."categories as a, $prefixeTable"."sites as b";
$query.= " from PREFIX_TABLE"."categories as a, PREFIX_TABLE"."sites as b";
$query.= " where a.id = ".$HTTP_GET_VARS['cat'];
$query.= " and a.site_id = b.id;";
$row = mysql_fetch_array( mysql_query( $query ) );
@ -86,7 +86,7 @@
// on récupère toutes les status possibles dans la base
// par l'intermédiaire de la fonction get_enums trouvable
// dans le fichier config.php
$option = get_enums( $prefixeTable."categories", "status" );
$option = get_enums( PREFIX_TABLE."categories", "status" );
for ( $i = 0; $i < sizeof( $option ); $i++ )
{
if ( $option[$i] == $row['status'] )

6
admin/historique.php
View file

@ -18,7 +18,7 @@
if ( $HTTP_GET_VARS['empty'] == 1 )
{
mysql_query( "delete from $prefixeTable"."history;" );
mysql_query( "delete from PREFIX_TABLE"."history;" );
}
define (NB_JOUR_HISTO,"7");
$tMois = array("janvier", "février", "mars", "avril", "mai", "juin", "juillet", "août", "septembre", "octobre", "novembre", "décembre");
@ -28,7 +28,7 @@
// il faut trouver le unix date de la veille à 00h00 :
// time (); nous donne le nombre de secondes actuelle
$date_ref = time() - (7*24*60*60);
$result = mysql_query( "select date,login,IP,categorie,page,titre,commentaire from $prefixeTable"."history where date > '$date_ref' order by date desc;");
$result = mysql_query( "select date,login,IP,categorie,page,titre,commentaire from PREFIX_TABLE"."history where date > '$date_ref' order by date desc;");
echo"<div style=\"text-align:center;\"><a href=\"".add_session_id_to_url( "./admin.php?page=historique&amp;empty=1" )."\">empty / vider</a></div>";
echo"<div style=\"color:green;text-align:center;margin:10px\">";
// affichage de la date du jour
@ -71,7 +71,7 @@
</tr>";
// 2. affichage de tous les évènements pour le jour donné
// entre la veille à 23h59m59s et le jour même 23h59m59s
$result = mysql_query("select date,login,IP,categorie,page,titre,commentaire from $prefixeTable"."history where date > '$debut' and date < '$fin' order by date desc;");
$result = mysql_query("select date,login,IP,categorie,page,titre,commentaire from PREFIX_TABLE"."history where date > '$debut' and date < '$fin' order by date desc;");
$fin = $debut;
// on recule le début d'une journée complète
$debut = $debut - 24*60*60;

10
admin/infos_images.php
View file

@ -53,7 +53,7 @@
//------------------------------------------------------------mises à jour
// 1. options individuelles
$query = "select id,file ";
$query.= "from $prefixeTable"."images ";
$query.= "from PREFIX_TABLE"."images ";
$query.= "where cat_id = ".$page['cat']." ";
$result = mysql_query( $query );
$i = 1;
@ -65,7 +65,7 @@
$date_creation = "date_creation-".$row['id'];
if ( isset( $HTTP_POST_VARS[$name] ) )
{
$query = "update $prefixeTable"."images ";
$query = "update PREFIX_TABLE"."images ";
if ( $HTTP_POST_VARS[$name] == "" )
{
$query.= "set name = NULL ";
@ -106,7 +106,7 @@
// 2. options générales
if ( $HTTP_POST_VARS['use_common_author'] == 1 )
{
$query = "update $prefixeTable"."images ";
$query = "update PREFIX_TABLE"."images ";
if ( $HTTP_POST_VARS['author_cat'] == "" )
{
$query.= "set author = NULL ";
@ -125,7 +125,7 @@
if ( check_date_format( $HTTP_POST_VARS['date_creation_cat'] ) )
{
$date = date_convert( $HTTP_POST_VARS['date_creation_cat'] );
$query = "update $prefixeTable"."images ";
$query = "update PREFIX_TABLE"."images ";
if ( $HTTP_POST_VARS['date_creation_cat'] == "" )
{
$query.= "set date_creation = NULL ";
@ -200,7 +200,7 @@
<td class=\"row2\" style=\"text-align:center;\">".$lang['infoimage_creation_date']."</td>
</tr>";
$query = "select id,file,comment,author,tn_ext,name,date_creation";
$query.= " from $prefixeTable"."images";
$query.= " from PREFIX_TABLE"."images";
$query.= " where cat_id = ".$page['cat'];
$query.= $conf['order_by'];
$query.= " limit ".$page['start'].",".$page['nb_image_page'];

442
admin/install.php
View file

@ -14,9 +14,9 @@
* the Free Software Foundation; *
* *
***************************************************************************/
function header_install()
{
$output = "
function header_install()
{
$output = "
<html>
<head>
<title>PhpWebGallery 1.2</title>
@ -125,12 +125,12 @@
<table width=\"700\" class=\"table1\" style=\"margin:auto;\">
<tr>
<td class=\"contenucellule\">";
return $output;
}
return $output;
}
function footer_install()
{
$output = "
function footer_install()
{
$output = "
</td>
</tr>
</table>
@ -139,92 +139,92 @@
</table>
</body>
</html>";
return $output;
}
return $output;
}
if ( isset( $HTTP_GET_VARS['language'] ) )
{
$isadmin = true;
$lang = array();
include( "../language/".$HTTP_GET_VARS['language'].".php" );
}
if ( isset( $HTTP_GET_VARS['language'] ) )
{
$isadmin = true;
$lang = array();
include( "../language/".$HTTP_GET_VARS['language'].".php" );
}
/*---------------------------------------Step 1------------------------------------*/
if ( $HTTP_GET_VARS['step'] == 1 )
{
$erreur1 = true;
$message = "";
// création du fichier de configuration de connexion à la BD mysql
if( isset( $HTTP_POST_VARS['cfgBase'] ) && isset( $HTTP_POST_VARS['cfgUser'] ) && isset( $HTTP_POST_VARS['cfgPassword'] ) && isset( $HTTP_POST_VARS['cfgHote'] ) )
{
if ( @mysql_connect( $HTTP_POST_VARS['cfgHote'], $HTTP_POST_VARS['cfgUser'], $HTTP_POST_VARS['cfgPassword'] ) )
{
if ( @mysql_select_db($HTTP_POST_VARS['cfgBase'] ) )
{
$message.= "<div class=\"info\">".$lang['step1_confirmation']."</div>";
$erreur1 = false;
}
else
{
$message.= "<div class=\"erreur\">".$lang['step1_err_db']."</div>";
}
}
else
{
$message.= "<div class=\"erreur\">".$lang['step1_err_server']."</div>";
}
/*---------------------------------------Step 1------------------------------------*/
if ( $HTTP_GET_VARS['step'] == 1 )
{
$erreur1 = true;
$message = "";
// création du fichier de configuration de connexion à la BD mysql
if( isset( $HTTP_POST_VARS['cfgBase'] ) && isset( $HTTP_POST_VARS['cfgUser'] ) && isset( $HTTP_POST_VARS['cfgPassword'] ) && isset( $HTTP_POST_VARS['cfgHote'] ) )
{
if ( @mysql_connect( $HTTP_POST_VARS['cfgHote'], $HTTP_POST_VARS['cfgUser'], $HTTP_POST_VARS['cfgPassword'] ) )
{
if ( @mysql_select_db($HTTP_POST_VARS['cfgBase'] ) )
{
$message.= "<div class=\"info\">".$lang['step1_confirmation']."</div>";
$erreur1 = false;
}
else
{
$message.= "<div class=\"erreur\">".$lang['step1_err_db']."</div>";
}
}
else
{
$message.= "<div class=\"erreur\">".$lang['step1_err_server']."</div>";
}
if ( !$erreur1 )
{
// écriture du fichier de configuration
if ( $fp = @fopen("../include/mysql.inc.php","a+") )
{
fwrite( $fp, "<?php\n\t\$cfgBase='".$HTTP_POST_VARS['cfgBase']."';\n\t\$cfgUser='".$HTTP_POST_VARS['cfgUser']."';\n\t\$cfgPassword='".$HTTP_POST_VARS['cfgPassword']."';\n\t\$cfgHote='".$HTTP_POST_VARS['cfgHote']."';\n\t\$prefixeTable='".$HTTP_POST_VARS['prefixe']."';\n?>" );
fclose( $fp );
}
$cfgHote = "";
$cfgUser = "";
$cfgPassword = "";
$cfgBase = "";
include ( "../include/mysql.inc.php" );
$erreur2 = true;
if ( @mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) )
{
if ( @mysql_select_db ( $cfgBase ) )
{
$erreur2 = false;
}
}
if ( $erreur2 )
{
$message.="<br /><br />".$lang['step1_err_copy']." :<br />
if ( !$erreur1 )
{
// écriture du fichier de configuration
if ( $fp = @fopen("../include/mysql.inc.php","a+") )
{
fwrite( $fp, "<?php\n\t\$cfgBase='".$HTTP_POST_VARS['cfgBase']."';\n\t\$cfgUser='".$HTTP_POST_VARS['cfgUser']."';\n\t\$cfgPassword='".$HTTP_POST_VARS['cfgPassword']."';\n\t\$cfgHote='".$HTTP_POST_VARS['cfgHote']."';\n\t\PREFIX_TABLE='".$HTTP_POST_VARS['prefixe']."';\n?>" );
fclose( $fp );
}
$cfgHote = "";
$cfgUser = "";
$cfgPassword = "";
$cfgBase = "";
include ( "../include/mysql.inc.php" );
$erreur2 = true;
if ( @mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) )
{
if ( @mysql_select_db ( $cfgBase ) )
{
$erreur2 = false;
}
}
if ( $erreur2 )
{
$message.="<br /><br />".$lang['step1_err_copy']." :<br />
-----------------------------------------------------<br />
<div style=\"color:blue;\">&lt;?php<br />
\$cfgBase = '".$HTTP_POST_VARS['cfgBase']."';<br />
\$cfgUser = '".$HTTP_POST_VARS['cfgUser']."';<br />
\$cfgPassword = '".$HTTP_POST_VARS['cfgPassword']."';<br />
\$cfgHote = '".$HTTP_POST_VARS['cfgHote']."';<br />
\$prefixeTable = '".$HTTP_POST_VARS['prefixe']."';<br />
\PREFIX_TABLE = '".$HTTP_POST_VARS['prefixe']."';<br />
?&gt;</div>
-----------------------------------------------------<br />";
$message.= "<div style=\"text-align:center;\">".$lang['step1_err_copy_2']."<br />";
$message.= "<a href=\"install.php?step=2&amp;language=".$HTTP_GET_VARS['language']."\">".$lang['step1_err_copy_next']."</a></div>";
}
else
{
$url = "install.php?step=2&language=".$HTTP_GET_VARS['language'];
header("Request-URI: $url");
header("Content-Location: $url");
header("Location: $url");
exit();
}
}
}
$message.= "<div style=\"text-align:center;\">".$lang['step1_err_copy_2']."<br />";
$message.= "<a href=\"install.php?step=2&amp;language=".$HTTP_GET_VARS['language']."\">".$lang['step1_err_copy_next']."</a></div>";
}
else
{
$url = "install.php?step=2&language=".$HTTP_GET_VARS['language'];
header("Request-URI: $url");
header("Content-Location: $url");
header("Location: $url");
exit();
}
}
}
echo header_install();
if ( isset( $message ) && $message != "" )
{
echo"
echo header_install();
if ( isset( $message ) && $message != "" )
{
echo"
<table width=\"100%\">
<tr>
<th>".$lang['install_message']."</th>
@ -233,10 +233,10 @@
<td>$message</td>
</tr>
</table>";
}
if ( $erreur1 )
{
echo"
}
if ( $erreur1 )
{
echo"
<form method=\"post\" action=\"install.php?step=1&amp;language=".$HTTP_GET_VARS['language']."\">
<table width=\"100%\">
<tr>
@ -248,15 +248,15 @@
<tr>
<td>".$lang['step1_host']."</td>
<td align=center><input type='text' name='cfgHote' value='";
if ( !isset( $HTTP_POST_VARS['cfgHote'] ) )
{
echo"localhost";
}
else
{
echo $HTTP_POST_VARS['cfgHote'];
}
echo"'></td>
if ( !isset( $HTTP_POST_VARS['cfgHote'] ) )
{
echo"localhost";
}
else
{
echo $HTTP_POST_VARS['cfgHote'];
}
echo"'></td>
<td class=\"row2\">".$lang['step1_host_info']."</td>
</tr>
<tr>
@ -277,15 +277,15 @@
<tr>
<td>".$lang['step1_prefix']."</td>
<td align=center><input type='text' name='prefixe' value='";
if ( !isset( $HTTP_POST_VARS['prefixe'] ) )
{
echo"phpwebgallery_";
}
else
{
echo $HTTP_POST_VARS['prefixe'];
}
echo"'></td>
if ( !isset( $HTTP_POST_VARS['prefixe'] ) )
{
echo"phpwebgallery_";
}
else
{
echo $HTTP_POST_VARS['prefixe'];
}
echo"'></td>
<td class=\"row2\">".$lang['step1_prefix_info']."</td>
</tr>
<tr>
@ -296,19 +296,19 @@
</tr>
</table>
</form>";
}
echo footer_install();
}
/*---------------------------------------Step 2------------------------------------*/
else if ( $HTTP_GET_VARS['step'] == 2 )
{
include( "../include/mysql.inc.php" );
mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) or die ( "erreur de connexion au serveur" );
mysql_select_db( $cfgBase ) or die ( "erreur de connexion a la base de donnees" );
}
echo footer_install();
}
/*---------------------------------------Step 2------------------------------------*/
else if ( $HTTP_GET_VARS['step'] == 2 )
{
include( "../include/mysql.inc.php" );
mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) or die ( "erreur de connexion au serveur" );
mysql_select_db( $cfgBase ) or die ( "erreur de connexion a la base de donnees" );
if ( !isset( $HTTP_POST_VARS['submit'] ) )
{
$query = "CREATE TABLE ".$prefixeTable."categories (
if ( !isset( $HTTP_POST_VARS['submit'] ) )
{
$query = "CREATE TABLE ".PREFIX_TABLE."categories (
id tinyint(3) unsigned NOT NULL auto_increment,
date_dernier date NOT NULL default '0000-00-00',
nb_images smallint(5) unsigned NOT NULL default '0',
@ -321,8 +321,8 @@
site_id tinyint(4) unsigned NOT NULL default '1',
PRIMARY KEY (id)
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."comments (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."comments (
id int(11) unsigned NOT NULL auto_increment,
image_id smallint(5) unsigned NOT NULL default '0',
date int(11) unsigned NOT NULL default '0',
@ -330,8 +330,8 @@
content longtext,
PRIMARY KEY (id)
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."config (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."config (
periode_courte smallint(5) unsigned NOT NULL default '7',
periode_longue smallint(5) unsigned NOT NULL default '14',
prefixe_thumbnail varchar(10) NOT NULL default 'TN-',
@ -352,14 +352,14 @@
upload_maxwidth_thumbnail smallint(5) unsigned NOT NULL default '150',
upload_maxheight_thumbnail smallint(5) unsigned NOT NULL default '100'
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."favorites (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."favorites (
user_id smallint(5) unsigned NOT NULL default '0',
image_id smallint(5) unsigned NOT NULL default '0',
KEY user_id (user_id,image_id)
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."history (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."history (
date int(11) NOT NULL default '0',
login varchar(15) default NULL,
IP varchar(50) NOT NULL default '',
@ -368,8 +368,8 @@
titre varchar(150) default NULL,
commentaire varchar(200) default NULL
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."images (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."images (
id smallint(5) unsigned NOT NULL auto_increment,
file varchar(255) NOT NULL default '',
cat_id tinyint(3) unsigned NOT NULL default '0',
@ -386,29 +386,29 @@
PRIMARY KEY (id),
KEY cat_id (cat_id)
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."restrictions (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."restrictions (
user_id smallint(5) unsigned NOT NULL default '0',
cat_id tinyint(3) unsigned NOT NULL default '0',
PRIMARY KEY (user_id,cat_id)
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."sessions (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."sessions (
id varchar(255) binary NOT NULL default '',
user_id smallint(5) unsigned NOT NULL default '0',
expiration int(10) unsigned NOT NULL default '0',
ip varchar(255) NOT NULL default '',
PRIMARY KEY (id)
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."sites (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."sites (
id tinyint(4) NOT NULL auto_increment,
galleries_url varchar(255) NOT NULL default '',
PRIMARY KEY (id),
UNIQUE KEY galleries_url (galleries_url)
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."users (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."users (
id smallint(5) unsigned NOT NULL auto_increment,
pseudo varchar(20) binary NOT NULL default '',
password varchar(255) NOT NULL default '',
@ -423,8 +423,8 @@
PRIMARY KEY (id),
UNIQUE KEY pseudo (pseudo)
);";
mysql_query( $query );
$query = "CREATE TABLE ".$prefixeTable."waiting (
mysql_query( $query );
$query = "CREATE TABLE ".PREFIX_TABLE."waiting (
id int(10) unsigned NOT NULL auto_increment,
cat_id tinyint(3) unsigned NOT NULL default '0',
file varchar(255) NOT NULL default '',
@ -434,67 +434,67 @@
tn_ext char(3) default NULL,
PRIMARY KEY (id)
);";
mysql_query( $query );
}
if ( isset( $HTTP_POST_VARS['submit'] ) )
{
$configuration = false;
$erreur = "";
$nb_erreur = 0;
// le pseudo du webmaster ne doit pas
// 1. être vide
// 2. commencer ou se terminer par un espace
// 3. comporter les caractères ' ou "
// Notes sur le pseudo du webmaster :
// - lorsque l'on trouve plusieurs occurences
// consécutives du caractère espace, on réduit à une seule occurence
if ( $HTTP_POST_VARS['webmaster'] == "" )
{
$erreur .= "<li>".$lang['step2_err_login1']."</li>";
$nb_erreur++;
}
$webmaster = ereg_replace( "[ ]{2,}", " ", $HTTP_POST_VARS['webmaster'] );
if ( ereg( "^.* $", $webmaster ) || ereg( "^ .*$", $webmaster) )
{
$erreur .= "<li>".$lang['step2_err_login2']."</li>";
$nb_erreur++;
}
if ( ereg( "'",$webmaster ) || ereg( "\"",$webmaster ) )
{
$erreur .= "<li>".$lang['step2_err_login3']."</li>";
$nb_erreur++;
}
// on vérifie que le password rentré correspond bien à la confirmation faite par l'utilisateur
if ( $HTTP_POST_VARS['pwdWebmaster'] != $HTTP_POST_VARS['pwdWebmasterConf'] )
{
$erreur .= "<li>".$lang['step2_err_pass']."</li>";
$nb_erreur++;
}
// le mail doit être conforme à qqch du type : nom@serveur.com
if( !ereg("([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", $HTTP_POST_VARS['mail_webmaster'] ) )
{
$erreur .= "<li>".$lang['step2_err_mail']."</li>";
$nb_erreur++;
}
// on met à jour les paramètres de l'application dans le cas où il n'y aucune erreur
if ( $nb_erreur == 0 )
{
mysql_query( "delete from $prefixeTable"."config" );
$query = "insert into $prefixeTable"."config (webmaster,mail_webmaster) values ('$webmaster','".$HTTP_POST_VARS['mail_webmaster']."')";
mysql_query($query);
$query = "insert into $prefixeTable"."sites values (1, './galleries/');";
mysql_query($query);
$query = "insert into $prefixeTable"."users (pseudo,password,status,language) values ('$webmaster','".md5( $pwdWebmaster )."','admin','".$HTTP_GET_VARS['language']."')";
mysql_query($query);
mysql_query("insert into $prefixeTable"."users (pseudo,password,status,language) values ('visiteur','".md5( "" )."','visiteur','".$HTTP_GET_VARS['language']."')");
$configuration = true;
}
}
mysql_query( $query );
}
if ( isset( $HTTP_POST_VARS['submit'] ) )
{
$configuration = false;
$erreur = "";
$nb_erreur = 0;
// le pseudo du webmaster ne doit pas
// 1. être vide
// 2. commencer ou se terminer par un espace
// 3. comporter les caractères ' ou "
// Notes sur le pseudo du webmaster :
// - lorsque l'on trouve plusieurs occurences
// consécutives du caractère espace, on réduit à une seule occurence
if ( $HTTP_POST_VARS['webmaster'] == "" )
{
$erreur .= "<li>".$lang['step2_err_login1']."</li>";
$nb_erreur++;
}
$webmaster = ereg_replace( "[ ]{2,}", " ", $HTTP_POST_VARS['webmaster'] );
if ( ereg( "^.* $", $webmaster ) || ereg( "^ .*$", $webmaster) )
{
$erreur .= "<li>".$lang['step2_err_login2']."</li>";
$nb_erreur++;
}
if ( ereg( "'",$webmaster ) || ereg( "\"",$webmaster ) )
{
$erreur .= "<li>".$lang['step2_err_login3']."</li>";
$nb_erreur++;
}
// on vérifie que le password rentré correspond bien à la confirmation faite par l'utilisateur
if ( $HTTP_POST_VARS['pwdWebmaster'] != $HTTP_POST_VARS['pwdWebmasterConf'] )
{
$erreur .= "<li>".$lang['step2_err_pass']."</li>";
$nb_erreur++;
}
// le mail doit être conforme à qqch du type : nom@serveur.com
if( !ereg("([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", $HTTP_POST_VARS['mail_webmaster'] ) )
{
$erreur .= "<li>".$lang['step2_err_mail']."</li>";
$nb_erreur++;
}
// on met à jour les paramètres de l'application dans le cas où il n'y aucune erreur
if ( $nb_erreur == 0 )
{
mysql_query( "delete from PREFIX_TABLE"."config" );
$query = "insert into PREFIX_TABLE"."config (webmaster,mail_webmaster) values ('$webmaster','".$HTTP_POST_VARS['mail_webmaster']."')";
mysql_query($query);
$query = "insert into PREFIX_TABLE"."sites values (1, './galleries/');";
mysql_query($query);
$query = "insert into PREFIX_TABLE"."users (pseudo,password,status,language) values ('$webmaster','".md5( $pwdWebmaster )."','admin','".$HTTP_GET_VARS['language']."')";
mysql_query($query);
mysql_query("insert into PREFIX_TABLE"."users (pseudo,password,status,language) values ('visiteur','".md5( "" )."','visiteur','".$HTTP_GET_VARS['language']."')");
$configuration = true;
}
}
echo header_install();
if ( $configuration )
{
echo"
echo header_install();
if ( $configuration )
{
echo"
<table width=\"100%\">
<tr>
<th>".$lang['install_end_title']."</th>
@ -506,12 +506,12 @@
<td>".$lang['install_end_message']."</td>
</tr>
</table>";
}
else
{
if ( $nb_erreur > 0 )
{
echo"
}
else
{
if ( $nb_erreur > 0 )
{
echo"
<table width=100%>
<tr>
<th>".$lang['install_message']."</th>
@ -526,8 +526,8 @@
<td>&nbsp;</td>
</tr>
</table>";
}
echo"
}
echo"
<form method=\"post\" action=\"install.php?step=2&amp;language=".$HTTP_GET_VARS['language']."\">
<table width=100%>
<tr>
@ -566,34 +566,34 @@
</tr>
</table>
</form>";
}
echo footer_install();
}
/*----------------------------------Language choice------------------------------------*/
else
{
include( "../include/functions.php" );
echo header_install();
echo"
}
echo footer_install();
}
/*----------------------------------Language choice------------------------------------*/
else
{
include( "../include/functions.php" );
echo header_install();
echo"
<form method=\"get\" action=\"install.php\">
<input type=\"hidden\" name=\"step\" value=\"1\"/>
<table width=\"100%\">
<tr>
<td align=\"center\">
<select name=\"language\">";
$languages = get_languages( "../language/" );
for ( $i = 0; $i < sizeof ( $languages ); $i++ )
{
echo"
$languages = get_languages( "../language/" );
for ( $i = 0; $i < sizeof ( $languages ); $i++ )
{
echo"
<option>".$languages[$i]."</option>";
}
echo"
}
echo"
</select>
<input type=\"submit\" value=\"Go\">
</td>
</tr>
</table>
</form>";
echo footer_install();
}
echo footer_install();
}
?>

20
admin/perm.php
View file

@ -18,7 +18,7 @@
//---------------------------------------------------données de l'utilisateur
if ( isset( $HTTP_GET_VARS['user_id'] ) )
{
$query = "select id,pseudo,status from $prefixeTable"."users where id = '".$HTTP_GET_VARS['user_id']."';";
$query = "select id,pseudo,status from PREFIX_TABLE"."users where id = '".$HTTP_GET_VARS['user_id']."';";
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
$page['pseudo'] = $row['pseudo'];
@ -51,14 +51,14 @@
{
if ( isset( $HTTP_GET_VARS['user_id'] ) )
{
mysql_query ( "delete from $prefixeTable"."restrictions where user_id = ".$HTTP_GET_VARS['user_id'].";" );
$result = mysql_query ( "select id from $prefixeTable"."categories;" );
mysql_query ( "delete from PREFIX_TABLE"."restrictions where user_id = ".$HTTP_GET_VARS['user_id'].";" );
$result = mysql_query ( "select id from PREFIX_TABLE"."categories;" );
while ( $row = mysql_fetch_array ( $result ) )
{
$nom_select = "acces-".$row['id'];
if ( $HTTP_POST_VARS[$nom_select] == 1 )
{
mysql_query ( "insert into $prefixeTable"."restrictions (user_id,cat_id) values ('".$HTTP_GET_VARS['user_id']."','".$row['id']."');" );
mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$HTTP_GET_VARS['user_id']."','".$row['id']."');" );
}
}
check_favorites( $HTTP_GET_VARS['user_id'] );
@ -66,14 +66,14 @@
}
else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
{
mysql_query ( "delete from $prefixeTable"."restrictions where cat_id = '".$page['cat']."';" );
$result = mysql_query( "select id from $prefixeTable"."users where pseudo != '".$conf['webmaster']."';" );
mysql_query ( "delete from PREFIX_TABLE"."restrictions where cat_id = '".$page['cat']."';" );
$result = mysql_query( "select id from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
while ( $row = mysql_fetch_array ( $result ) )
{
$nom_select = "acces-".$row['id'];
if ( $HTTP_POST_VARS[$nom_select] == 1 )
{
mysql_query ( "insert into $prefixeTable"."restrictions (user_id,cat_id) values ('".$row['id']."','".$page['cat']."');" );
mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$row['id']."','".$page['cat']."');" );
}
check_favorites( $row['id'] );
}
@ -83,7 +83,7 @@
//--------------------------------------------------------------- formulaire
function display_cat_manager( $id_uppercat, $indent, $uppercat_authorized, $level, $restriction )
{
global $prefixeTable,$lang,$conf;
global PREFIX_TABLE,$lang,$conf;
$output = "";
@ -121,7 +121,7 @@
}
$query = "select id,name,dir,rank";
$query.= " from $prefixeTable"."categories";
$query.= " from PREFIX_TABLE"."categories";
if ( !is_numeric( $id_uppercat ) )
{
$query.= " where id_uppercat is NULL";
@ -214,7 +214,7 @@
<form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['cat'] )."\" method=\"post\">
<table style=\"width:100%;\">";
$result = mysql_query( "select id,pseudo,status from $prefixeTable"."users where pseudo != '".$conf['webmaster']."';" );
$result = mysql_query( "select id,pseudo,status from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
$i = 0;
while ( $row = mysql_fetch_array( $result ) )
{

575
admin/update.php Normal file
View file

@ -0,0 +1,575 @@
<?php
/***************************************************************************
* update.php *
* ------------------ *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
/***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//------------------------------------------------------------------- functions
function insert_local_category( $cat_id )
{
global $conf, $page;
$site_id = 1;
// 0. retrieving informations on the category to display
$cat_directory = '../galleries';
if ( is_numeric( $cat_id ) )
{
$result = get_cat_info( $cat_id );
$cat_directory.= '/'.$result['local_dir'];
// 1. display the category name to update
$output = '<img src="./images/puce.gif" alt="&gt;" />';
$output.= '<span style="font-weight:bold;">'.$result['name'][0].'</span>';
$output.= ' [ '.$result['last_dir'].' ]';
$output.= '<div class="retrait">';
// 2. we search pictures of the category only if the update is for all
// or a cat_id is specified
if ( isset( $page['cat'] ) or $_GET['update'] == 'all' )
{
$output.= insert_local_image( $cat_directory, $cat_id );
update_cat_info( $cat_id );
}
}
// 3. we have to remove the categories of the database not present anymore
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE site_id = '.$site_id;
if ( !is_numeric( $cat_id ) )
{
$query.= ' AND id_uppercat IS NULL';
}
else
{
$query.= ' AND id_uppercat = '.$cat_id;
}
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
// retrieving the directory
$rep = '../galleries';
$resultat = get_cat_info( $row['id'] );
$rep.= '/'.$resultat['local_dir'];
// is the directory present ?
if ( !is_dir( $rep ) )
{
delete_category( $row['id'] );
}
}
// 4. retrieving the sub-directories
$sub_rep = array();
$i = 0;
$dirs = '';
if ( $opendir = opendir ( $cat_directory ) )
{
while ( $file = readdir ( $opendir ) )
{
if ( $file != '.'
and $file != '..'
and is_dir ( $cat_directory.'/'.$file )
and $file != 'thumbnail' )
{
$sub_rep[$i++] = $file;
}
}
}
for ( $i = 0; $i < sizeof( $sub_rep ); $i++ )
{
// 5. Is the category already existing ? we create a subcat if not
// existing
$category_id = '';
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE site_id = '.$site_id;
$query.= " AND dir = '".$sub_rep[$i]."'";
if ( !is_numeric( $cat_id ) )
{
$query.= ' AND id_uppercat IS NULL';
}
else
{
$query.= ' AND id_uppercat = '.$cat_id;
}
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) == 0 )
{
// we have to create the category
$query = 'INSERT INTO '.PREFIX_TABLE.'categories';
$query.= ' (dir,site_id,id_uppercat) VALUES';
$query.= " ('".$sub_rep[$i]."','".$site_id."'";
if ( !is_numeric( $cat_id ) )
{
$query.= ',NULL';
}
else
{
$query.= ",'".$cat_id."'";
}
$query.= ');';
mysql_query( $query );
$category_id = mysql_insert_id();
}
else
{
// we get the already registered id
$row = mysql_fetch_array( $result );
$category_id = $row['id'];
}
// 6. recursive call
$output.= insert_local_category( $category_id );
}
if ( is_numeric( $cat_id ) )
{
$output.= '</div>';
}
return $output;
}
function insert_local_image( $rep, $category_id )
{
global $lang,$conf,$count_new;
$output = '';
// we have to delete all the images from the database that :
// - are not in the directory anymore
// - don't have the associated thumbnail available anymore
$query = 'SELECT id,file,tn_ext';
$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= ' WHERE cat_id = '.$category_id;
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$lien_image = $rep.'/'.$row['file'];
$lien_thumbnail = $rep.'/thumbnail/'.$conf['prefixe_thumbnail'];
$lien_thumbnail.= get_filename_wo_extension( $row['file'] );
$lien_thumbnail.= '.'.$row['tn_ext'];
if ( !is_file ( $lien_image ) or !is_file ( $lien_thumbnail ) )
{
if ( !is_file ( $lien_image ) )
{
$output.= $row['file'];
$output.= ' <span style="font-weight:bold;">';
$output.= $lang['update_disappeared'].'</span><br />';
}
if ( !is_file ( $lien_thumbnail ) )
{
$output.= $row['file'];
$output.= ' : <span style="font-weight:bold;">';
$output.= $lang['update_disappeared_tn'].'</span><br />';
}
// suppression de la base :
delete_image( $row['id'] );
}
}
// searching the new images in the directory
$pictures = array();
$tn_ext = '';
if ( $opendir = opendir ( $rep ) )
{
while ( $file = readdir ( $opendir ) )
{
if ( is_file( $rep.'/'.$file ) and is_image( $rep.'/'.$file ) )
{
// is the picture waiting for validation by an administrator ?
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'waiting';
$query.= ' WHERE cat_id = '.$category_id;
$query.= " AND file = '".$file."'";
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) == 0 )
{
if ( $tn_ext = TN_exists( $rep, $file ) )
{
// is the picture already in the database ?
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= ' WHERE cat_id = '.$category_id;
$query.= " AND file = '".$file."'";
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) == 0 )
{
$picture = array();
$picture['file'] = $file;
$picture['tn_ext'] = $tn_ext;
$picture['date'] = date( 'Y-m-d', filemtime ( $rep.'/'.$file ) );
$picture['filesize'] = floor( filesize( $rep.'/'.$file ) / 1024);
$image_size = @getimagesize( $rep.'/'.$file );
$picture['width'] = $image_size[0];
$picture['height'] = $image_size[1];
array_push( $pictures, $picture );
}
}
else
{
$output.= '<span style="color:red;">';
$output.= $lang['update_missing_tn'].' : '.$file;
$output.= ' (<span style="font-weight:bold;">';
$output.= $conf['prefixe_thumbnail'];
$output.= get_filename_wo_extension( $file ).'.XXX</span>';
$output.= ', XXX = ';
$output.= implode( ', ', $conf['picture_ext'] );
$output.= ')</span><br />';
}
}
}
}
}
// inserting the pictures found in the directory
foreach ( $pictures as $picture ) {
$query = 'INSERT INTO '.PREFIX_TABLE.'images';
$query.= ' (file,cat_id,date_available,tn_ext,filesize,width,height)';
$query.= ' VALUES ';
$query.= "('".$picture['file']."','".$category_id."'";
$query.= ",'".$picture['date']."','".$picture['tn_ext']."'";
$query.= ",'".$picture['filesize']."','".$picture['width']."'";
$query.= ",'".$picture['height']."')";
$query.= ';';
mysql_query( $query );
$count_new++;
$output.= $picture['file'];
$output.= ' <span style="font-weight:bold;">';
$output.= $lang['update_research_added'].'</span>';
$output.= ' ('.$lang['update_research_tn_ext'].' '.$picture['tn_ext'].')';
$output.= '<br />';
}
return $output;
}
// The function "update_cat_info" updates the information about the last
// online image and the number of images in the category
function update_cat_info( $category_id )
{
$query = 'SELECT date_available';
$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= ' WHERE cat_id = '.$category_id;
$query.= ' ORDER BY date_available DESC';
$query.= ' LIMIT 0,1';
$query.= ';';
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
$date_last = $row['date_available'];
$query = 'SELECT COUNT(*) as nb_images';
$query.= ' FROM '.PREFIX_TABLE.'images';
$query.= ' WHERE cat_id = '.$category_id;
$result = mysql_query( $query );
$row = mysql_fetch_array( $result );
$nb_images = $row['nb_images'];
$query = 'UPDATE '.PREFIX_TABLE.'categories';
$query.= " SET date_dernier = '".$date_last."'";
$query.= ', nb_images = '.$nb_images;
$query.= ' where id = '.$category_id;
$query.= ';';
mysql_query( $query );
}
// remote_images verifies if a file named "listing.xml" is present is the
// admin directory. If it is the case, creation of a remote picture storage
// site if it doesn't already exists. Then, the function calls
// insert_remote_category for this remote site on the root category.
function remote_images()
{
global $conf, $lang, $vtp, $sub;
// 1. is there a file listing.xml ?
if ( !( $xml_content = getXmlCode( 'listing.xml' ) ) )
{
return false;
}
$url = getContent( getChild( $xml_content, 'url' ) );
$vtp->setVar( $sub, 'remote_update.url', $url );
// 2. is the site already existing ?
$query = 'select id';
$query.= ' from '.PREFIX_TABLE.'sites';
$query.= " where galleries_url = '".$url."'";
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows($result ) == 0 )
{
// we have to register this site in the database
$query = 'insert into '.PREFIX_TABLE.'sites';
$query.= " (galleries_url) values ('".$url."')";
$query.= ';';
mysql_query( $query );
$site_id = mysql_insert_id();
}
else
{
// we get the already registered id
$row = mysql_fetch_array( $result );
$site_id = $row['id'];
}
// 3. available dirs in the file
$categories = insert_remote_category( $xml_content, $site_id, 'NULL', 0 );
$vtp->setVar( $sub, 'remote_update.categories', $categories );
}
// insert_remote_category searchs the "dir" node of the xml_dir given and
// insert the contained categories if the are not in the database yet. The
// function also deletes the categories that are in the database and not in
// the xml_file.
function insert_remote_category( $xml_dir, $site_id, $id_uppercat, $level )
{
global $conf;
$output = '';
$categories = array();
$list_dirs = getChildren( $xml_dir, 'dir'.$level );
for ( $i = 0; $i < sizeof( $list_dirs ); $i++ )
{
// is the category already existing ?
$category_id = '';
$name = getAttribute( $list_dirs[$i], 'name' );
$categories[$i] = $name;
$output.= '<img src="./images/puce.gif">';
$output.= '<span style="font-weight:bold;">'.$name.'</span>';
$output.= '<div class="retrait">';
$query = 'select id';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where site_id = '.$site_id;
$query.= " and dir = '".$name."'";
if ( $id_uppercat == 'NULL' )
{
$query.= ' and id_uppercat is NULL';
}
else
{
$query.= ' and id_uppercat = '.$id_uppercat;
}
$query.= ';';
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) == 0 )
{
// we have to create the category
$query = 'insert into '.PREFIX_TABLE.'categories';
$query.= " (dir,site_id,id_uppercat) values ('".$name."',".$site_id;
if ( !is_numeric( $id_uppercat ) )
{
$query.= ',NULL';
}
else
{
$query.= ','.$id_uppercat;
}
$query.= ');';
mysql_query( $query );
$category_id = mysql_insert_id();
}
else
{
// we get the already registered id
$row = mysql_fetch_array( $result );
$category_id = $row['id'];
}
$output.= insert_remote_image( $list_dirs[$i], $category_id );
update_cat_info( $category_id );
$output.= insert_remote_category( $list_dirs[$i], $site_id,
$category_id, $level+1 );
$output.= '</div>';
}
// we have to remove the categories of the database not present in the xml
// file (ie deleted from the picture storage server)
$query = 'select dir,id';
$query.= ' from '.PREFIX_TABLE.'categories';
$query.= ' where site_id = '.$site_id;
if ( !is_numeric( $id_uppercat ) )
{
$query.= ' and id_uppercat is NULL';
}
else
{
$query.= ' and id_uppercat = '.$id_uppercat;
}
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
// is the category in the xml file ?
if ( !in_array( $row['dir'], $categories ) )
{
delete_category( $row['id'] );
}
}
return $output;
}
// insert_remote_image searchs the "root" node of the xml_dir given and
// insert the contained pictures if the are not in the database yet.
function insert_remote_image( $xml_dir, $category_id )
{
global $count_new,$lang;
$output = '';
$root = getChild( $xml_dir, 'root' );
$pictures = array();
$xml_pictures = getChildren( $root, 'picture' );
for ( $j = 0; $j < sizeof( $xml_pictures ); $j++ )
{
//<picture file="albatros.jpg" tn_ext="png" date="2002-04-14"
// filesize="35" width="640" height="480" />
$file = getAttribute( $xml_pictures[$j], 'file' );
$tn_ext = getAttribute( $xml_pictures[$j], 'tn_ext' );
$date = getAttribute( $xml_pictures[$j], 'date' );
$filesize = getAttribute( $xml_pictures[$j], 'filesize' );
$width = getAttribute( $xml_pictures[$j], 'width' );
$height = getAttribute( $xml_pictures[$j], 'height' );
$pictures[$j] = $file;
// is the picture already existing in the database ?
$query = 'select id,tn_ext';
$query.= ' from '.PREFIX_TABLE.'images';
$query.= ' where cat_id = '.$category_id;
$query.= " and file = '".$file."'";
$query.= ';';
$result = mysql_query( $query );
$query = '';
if ( mysql_num_rows( $result ) == 0 )
{
$query = 'insert into '.PREFIX_TABLE.'images';
$query.= ' (file,cat_id,date_available,tn_ext,filesize,width,height)';
$query.= ' values (';
$query.= "'".$file."'";
$query.= ",'".$category_id."'";
$query.= ",'".$date."'";
$query.= ",'".$tn_ext."'";
$query.= ",'".$filesize."'";
$query.= ",'".$width."'";
$query.= ",'".$height."'";
$query.= ')';
$query.= ';';
$output.= $file;
$output.= ' <span style="font-weight:bold;">';
$output.= $lang['update_research_added'].'</span>';
$output.= ' ('.$lang['update_research_tn_ext'].' '.$tn_ext.')<br />';
$count_new++;
}
else
{
// is the tn_ext the same in the xml file and in the database ?
$row = mysql_fetch_array( $result );
if ( $row['tn_ext'] != $tn_ext )
{
$query = 'update '.PREFIX_TABLE.'images';
$query.= ' set';
$query.= " tn_ext = '".$tn_ext."'";
$query.= ' where cat_id = '.$category_id;
$query.= " and file = '".$file."'";
$query.= ';';
}
}
// execution of the query
if ( $query != '' )
{
mysql_query( $query );
}
}
// we have to remove the pictures of the database not present in the xml file
// (ie deleted from the picture storage server)
$query = 'select id,file';
$query.= ' from '.PREFIX_TABLE.'images';
$query.= ' where cat_id = '.$category_id;
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
// is the file in the xml file ?
if ( !in_array( $row['file'], $pictures ) )
{
delete_image( $row['id'] );
}
}
return $output;
}
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/update.vtp' );
$tpl = array( 'update_default_title', 'update_only_cat', 'update_all',
'update_research_conclusion', 'update_deletion_conclusion',
'remote_site', 'update_part_research' );
templatize_array( $tpl, 'lang', $sub );
//-------------------------------------------- introduction : choices of update
// Display choice if "update" var is not specified
check_cat_id( $_GET['update'] );
if ( !isset( $_GET['update'] )
and !( isset( $page['cat'] )
or $_GET['update'] == 'cats'
or $_GET['update'] == 'all' ) )
{
$vtp->addSession( $sub, 'introduction' );
// only update the categories, not the pictures.
$url = add_session_id( './admin.php?page=update&amp;update=cats' );
$vtp->setVar( $sub, 'introduction.only_cat:url', $url );
// update the entire tree folder
$url = add_session_id( './admin.php?page=update&amp;update=all' );
$vtp->setVar( $sub, 'introduction.all:url', $url );
$vtp->closeSession( $sub, 'introduction' );
}
//------------------------------------------------- local update : ../galleries
else
{
$count_new = 0;
$count_deleted = 0;
$vtp->addSession( $sub, 'local_update' );
if ( isset( $page['cat'] ) )
{
$categories = insert_local_category( $page['cat'] );
}
else
{
$categories = insert_local_category( 'NULL' );
}
$vtp->setVar( $sub, 'local_update.categories', $categories );
$vtp->setVar( $sub, 'local_update.count_new', $count_new );
$vtp->setVar( $sub, 'local_update.count_deleted', $count_deleted );
$vtp->closeSession( $sub, 'local_update' );
}
//------------------------------------------------- remote update : listing.xml
if ( @is_file( './listing.xml' ) )
{
$count_new = 0;
$count_deleted = 0;
$vtp->addSession( $sub, 'remote_update' );
remote_images();
$vtp->setVar( $sub, 'remote_update.count_new', $count_new );
$vtp->setVar( $sub, 'remote_update.count_deleted', $count_deleted );
$vtp->closeSession( $sub, 'remote_update' );
}
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?>

2
admin/user_add.php
View file

@ -63,7 +63,7 @@ if ( !isset( $_POST['status'] ) )
{
$_POST['status'] = 'guest';
}
$option = get_enums( $prefixeTable.'users', 'status' );
$option = get_enums( PREFIX_TABLE.'users', 'status' );
for ( $i = 0; $i < sizeof( $option ); $i++ )
{
$vtp->addSession( $sub, 'status_option' );

8
admin/user_list.php
View file

@ -41,7 +41,7 @@ $vtp->setGlobalVar( $sub, 'listuser_button_create_address',
if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
{
$query = 'select username';
$query.= ' from '.$prefixeTable.'users';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= ' where id = '.$_GET['delete'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
@ -65,7 +65,7 @@ if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
and $row['username'] != $conf['webmaster'] )
{
$query = 'select count(*) as nb_result';
$query.= ' from '.$prefixeTable.'users';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= ' where id = '.$_GET['delete'];
$query.= ';';
$row2 = mysql_fetch_array( mysql_query( $query ) );
@ -103,7 +103,7 @@ else
$vtp->setVar( $sub, 'users.form_action', $action );
$query = 'select id,username,status,mail_address';
$query.= ' from '.$prefixeTable.'users';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= ' order by status asc, username asc';
$query.= ';';
$result = mysql_query( $query );
@ -217,7 +217,7 @@ else
$i = 0;
$query = 'select';
$query.= ' id,mail_address';
$query.= ' from '.$prefixeTable.'users';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )

4
admin/user_modify.php
View file

@ -30,7 +30,7 @@ $display_form = true;
// id in $_GET['user_id']
$query = 'select';
$query.= ' username,status,mail_address';
$query.= ' from '.$prefixeTable.'users';
$query.= ' from '.PREFIX_TABLE.'users';
$query.= ' where id = '.$_GET['user_id'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
@ -107,7 +107,7 @@ if ( $display_form )
{
$_POST['status'] = 'guest';
}
$option = get_enums( $prefixeTable.'users', 'status' );
$option = get_enums( PREFIX_TABLE.'users', 'status' );
for ( $i = 0; $i < sizeof( $option ); $i++ )
{
$vtp->addSession( $sub, 'status_option' );

6
admin/waiting.php
View file

@ -19,7 +19,7 @@
if ( isset( $HTTP_POST_VARS['submit'] ) )
{
$query = "select id,cat_id,file,tn_ext";
$query.= " from $prefixeTable"."waiting";
$query.= " from PREFIX_TABLE"."waiting";
$query.= ";";
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
@ -27,7 +27,7 @@
$key = "validate-".$row['id'];
if ( isset( $HTTP_POST_VARS[$key] ) )
{
$query = "delete from $prefixeTable"."waiting";
$query = "delete from PREFIX_TABLE"."waiting";
$query.= " where id = ".$row['id'];
$query.= ";";
mysql_query( $query );
@ -59,7 +59,7 @@
<th style=\"width:1px;\">&nbsp;</th>
</tr>";
$query = "select id,cat_id,file,username,mail_address,date,tn_ext";
$query.= " from $prefixeTable"."waiting";
$query.= " from PREFIX_TABLE"."waiting";
$query.= " order by cat_id";
$query.= ";";
$result = mysql_query( $query );