aboutsummaryrefslogtreecommitdiffstats
path: root/include/ws_functions.inc.php
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2007-02-22 01:12:32 +0000
committerrvelices <rv-github@modusoptimus.com>2007-02-22 01:12:32 +0000
commitcea58b64ee31c3b34887845bef6761edee3c6fc7 (patch)
tree66e631cdcad99b2189f57627fc77806fc3ca644f /include/ws_functions.inc.php
parent64108c075b87b5b4815f451909dd9d9b3a7f545a (diff)
- user comments are not saved in the database with htmlspecialchars anymore
- web service: added the possibility to enter a user comment using the service... - new comment functions from picture_comment.inc.php git-svn-id: http://piwigo.org/svn/trunk@1849 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/ws_functions.inc.php')
-rw-r--r--include/ws_functions.inc.php196
1 files changed, 163 insertions, 33 deletions
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 494b3596f..8af08204c 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -32,8 +32,19 @@
function ws_isInvokeAllowed($res, $methodName, $params)
{
global $conf, $calling_partner_id;
- if ( !$conf['ws_access_control']
- or strpos($methodName,'reflection.')===0 )
+
+ if ( strpos($methodName,'reflection.')===0 )
+ { // OK for reflection
+ return $res;
+ }
+
+ if ( !is_autorize_status(ACCESS_GUEST) and
+ strpos($methodName,'pwg.session.')!==0 )
+ {
+ return new PwgError(401, 'Access denied');
+ }
+
+ if ( !$conf['ws_access_control'] )
{
return $res; // No controls are requested
}
@@ -486,10 +497,69 @@ ORDER BY global_rank';
/**
* returns detailed information for an element (web service method)
*/
+function ws_images_addComment($params, &$service)
+{
+ $params['image_id'] = (int)$params['image_id'];
+ $query = '
+SELECT DISTINCT image_id
+ FROM '.IMAGE_CATEGORY_TABLE.' INNER JOIN '.CATEGORIES_TABLE.' ON category_id=id
+ WHERE commentable="true"
+ AND image_id='.$params['image_id'].
+ get_sql_condition_FandF(
+ array(
+ 'forbidden_categories' => 'id',
+ 'visible_categories' => 'id',
+ 'visible_images' => 'image_id'
+ ),
+ ' AND'
+ );
+ if ( !mysql_num_rows( pwg_query( $query ) ) )
+ {
+ return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
+ }
+
+ include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+
+ $comm = array(
+ 'author' => trim( stripslashes($params['author']) ),
+ 'content' => trim( stripslashes($params['content']) ),
+ 'image_id' => $params['image_id'],
+ );
+
+ include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+
+ $comment_action = insert_user_comment(
+ $comm, $params['key'], $infos
+ );
+
+ switch ($comment_action)
+ {
+ case 'reject':
+ array_push($infos, l10n('comment_not_added') );
+ return new PwgError(403, implode("\n", $infos) );
+ case 'validate':
+ case 'moderate':
+ $ret = array(
+ 'id' => $comm['id'],
+ 'validation' => $comment_action=='validate',
+ );
+ return new PwgNamedStruct(
+ 'comment',
+ $ret,
+ null, array()
+ );
+ default:
+ return new PwgError(500, "Unknown comment action ".$comment_action );
+ }
+}
+
+/**
+ * returns detailed information for an element (web service method)
+ */
function ws_images_getInfo($params, &$service)
{
@include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
- global $user;
+ global $user, $conf;
$params['image_id'] = (int)$params['image_id'];
if ( $params['image_id']<=0 )
{
@@ -515,16 +585,22 @@ LIMIT 1;';
//-------------------------------------------------------- related categories
$query = '
-SELECT c.id,c.name,c.uppercats,c.global_rank
+SELECT id,name,uppercats,global_rank,commentable
FROM '.IMAGE_CATEGORY_TABLE.'
- INNER JOIN '.CATEGORIES_TABLE.' c ON category_id = id
+ INNER JOIN '.CATEGORIES_TABLE.' ON category_id = id
WHERE image_id = '.$image_row['id'].'
AND category_id NOT IN ('.$user['forbidden_categories'].')
;';
$result = pwg_query($query);
+ $is_commentable = false;
$related_categories = array();
while ($row = mysql_fetch_assoc($result))
{
+ if ($row['commentable']=='true')
+ {
+ $is_commentable = true;
+ }
+ unset($row['commentable']);
$row['url'] = make_index_url(
array(
'category' => $row['id'],
@@ -540,6 +616,7 @@ SELECT c.id,c.name,c.uppercats,c.global_rank
'cat_name' => $row['name'],
)
);
+ $row['id']=(int)$row['id'];
array_push($related_categories, $row);
}
usort($related_categories, 'global_rank_compare');
@@ -565,51 +642,97 @@ SELECT c.id,c.name,c.uppercats,c.global_rank
)
);
unset($tag['counter']);
+ $tag['id']=(int)$tag['id'];
$related_tags[$i]=$tag;
}
+ //------------------------------------------------------------- related rates
+ $query = '
+SELECT COUNT(rate) AS count
+ , ROUND(AVG(rate),2) AS average
+ , ROUND(STD(rate),2) AS stdev
+ FROM '.RATE_TABLE.'
+ WHERE element_id = '.$image_row['id'].'
+;';
+ $rating = mysql_fetch_assoc(pwg_query($query));
+ $rating['count'] = (int)$rating['count'];
+
//---------------------------------------------------------- related comments
+ $related_comments = array();
+
+ $where_comments = 'image_id = '.$image_row['id'];
+ if ( !is_admin() )
+ {
+ $where_comments .= '
+ AND validated="true"';
+ }
+
$query = '
SELECT COUNT(id) nb_comments
FROM '.COMMENTS_TABLE.'
- WHERE image_id = '.$image_row['id'];
+ WHERE '.$where_comments;
list($nb_comments) = array_from_query($query, 'nb_comments');
+ $nb_comments = (int)$nb_comments;
- $query = '
+ if ( $nb_comments>0 and $params['comments_per_page']>0 )
+ {
+ $query = '
SELECT id, date, author, content
FROM '.COMMENTS_TABLE.'
- WHERE image_id = '.$image_row['id'].'
- AND validated="true"';
- $query .= '
- ORDER BY date DESC
- LIMIT 0, 5';
+ WHERE '.$where_comments.'
+ ORDER BY date
+ LIMIT '.$params['comments_per_page']*(int)$params['comments_page'].
+ ','.$params['comments_per_page'];
- $result = pwg_query($query);
- $related_comments = array();
- while ($row = mysql_fetch_assoc($result))
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_assoc($result))
+ {
+ $row['id']=(int)$row['id'];
+ array_push($related_comments, $row);
+ }
+ }
+
+ $comment_post_data = null;
+ if ($is_commentable and
+ (!$user['is_the_guest']
+ or ($user['is_the_guest'] and $conf['comments_forall'] )
+ )
+ )
{
- array_push($related_comments, $row);
+ include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
+ $comment_post_data['author'] = $user['username'];
+ $comment_post_data['key'] = get_comment_post_key($params['image_id']);
}
- //------------------------------------------------------------- related rates
- $query = '
-SELECT COUNT(rate) AS count
- , ROUND(AVG(rate),2) AS average
- , ROUND(STD(rate),2) AS stdev
- FROM '.RATE_TABLE.'
- WHERE element_id = '.$image_row['id'].'
-;';
- $row = mysql_fetch_assoc(pwg_query($query));
-
$ret = $image_row;
- $ret['rates'] = array( WS_XML_ATTRIBUTES => $row );
+ foreach ( array('id','width','height','hit','filesize') as $k )
+ {
+ if (isset($ret[$k]))
+ {
+ $ret[$k] = (int)$ret[$k];
+ }
+ }
+ foreach ( array('path', 'storage_category_id') as $k )
+ {
+ unset($ret[$k]);
+ }
+
+ $ret['rates'] = array( WS_XML_ATTRIBUTES => $rating );
$ret['categories'] = new PwgNamedArray($related_categories, 'category', array('id','url', 'page_url') );
$ret['tags'] = new PwgNamedArray($related_tags, 'tag', array('id','url_name','url','page_url') );
+ if ( isset($comment_post_data) )
+ {
+ $ret['comment_post'] = array( WS_XML_ATTRIBUTES => $comment_post_data );
+ }
$ret['comments'] = array(
- WS_XML_ATTRIBUTES => array('nb_comments' => $nb_comments),
- WS_XML_CONTENT => new PwgNamedArray($related_comments, 'comment', array('id') )
+ WS_XML_ATTRIBUTES =>
+ array(
+ 'page' => $params['comments_page'],
+ 'per_page' => $params['comments_per_page'],
+ 'count' => count($related_comments),
+ 'nb_comments' => $nb_comments,
+ ),
+ WS_XML_CONTENT => new PwgNamedArray($related_comments, 'comment', array('id','date') )
);
- unset($ret['path']);
- unset($ret['storage_category_id']);
return new PwgNamedStruct('image',$ret, null, array('name','comment') );
}
@@ -768,10 +891,17 @@ function ws_session_logout($params, &$service)
function ws_session_getStatus($params, &$service)
{
- global $user;
+ global $user, $lang_info;
$res = array();
$res['username'] = $user['is_the_guest'] ? 'guest' : $user['username'];
- $res['status'] = $user['status'];
+ foreach ( array('status', 'template', 'theme', 'language') as $k )
+ {
+ $res[$k] = $user[$k];
+ }
+ foreach ( array('charset') as $k )
+ {
+ $res[$k] = $lang_info[$k];
+ }
return $res;
}