diff options
Diffstat (limited to '')
-rw-r--r-- | admin/update.php | 4 | ||||
-rw-r--r-- | admin/waiting.php | 106 |
2 files changed, 56 insertions, 54 deletions
diff --git a/admin/update.php b/admin/update.php index 627af7812..42683f3cd 100644 --- a/admin/update.php +++ b/admin/update.php @@ -25,6 +25,10 @@ // | USA. | // +-----------------------------------------------------------------------+ +if( !defined("PHPWG_ROOT_PATH") ) +{ + die ("Hacking attempt!"); +} include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); define('CURRENT_DATE', "'".date('Y-m-d')."'"); diff --git a/admin/waiting.php b/admin/waiting.php index feda12754..ebced6120 100644 --- a/admin/waiting.php +++ b/admin/waiting.php @@ -24,14 +24,16 @@ // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ -include_once( './admin/include/isadmin.inc.php' ); +if( !defined("PHPWG_ROOT_PATH") ) +{ + die ("Hacking attempt!"); +} +include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); //--------------------------------------------------------------------- updates if ( isset( $_POST['submit'] ) ) { - $query = 'SELECT id,storage_category_id,file,tn_ext'; - $query.= ' FROM '.PREFIX_TABLE.'waiting'; - $query.= " WHERE validated = 'false'"; - $query.= ';'; + $query = 'SELECT * FROM '.WAITING_TABLE; + $query.= " WHERE validated = 'false';"; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) { @@ -42,7 +44,7 @@ if ( isset( $_POST['submit'] ) ) { // The uploaded element was validated, we have to set the // "validated" field to "true" - $query = 'UPDATE '.PREFIX_TABLE.'waiting'; + $query = 'UPDATE '.WAITING_TABLE; $query.= " SET validated = 'true'"; $query.= ' WHERE id = '.$row['id']; $query.= ';'; @@ -54,7 +56,7 @@ if ( isset( $_POST['submit'] ) ) { // The uploaded element was refused, we have to delete its reference // in the database and to delete the element as well. - $query = 'DELETE FROM '.PREFIX_TABLE.'waiting'; + $query = 'DELETE FROM '.WAITING_TABLE; $query.= ' WHERE id = '.$row['id']; $query.= ';'; mysql_query( $query ); @@ -66,29 +68,37 @@ if ( isset( $_POST['submit'] ) ) $thumbnail = $conf['prefix_thumbnail']; $thumbnail.= get_filename_wo_extension( $row['file'] ); $thumbnail.= '.'.$row['tn_ext']; - $url = '.'.$dir.'thumbnail/'.$thumbnail; + $url = PHPWG_ROOT_PATH.$dir.'thumbnail/'.$thumbnail; unlink( $url ); } } } } } + //----------------------------------------------------- template initialization -$sub = $vtp->Open( './template/'.$user['template'].'/admin/waiting.vtp' ); -$tpl = array( 'category','date','author','thumbnail','file','delete', - 'submit','waiting_update' ); -templatize_array( $tpl, 'lang', $sub ); +$template->set_filenames(array('waiting'=>'admin/waiting.tpl')); +$template->assign_vars(array( + 'L_WAITING_CONFIRMATION'=>$lang['waiting_update'], + 'L_AUTHOR'=>$lang['author'], + 'L_THUMBNAIL'=>$lang['thumbnail'], + 'L_DATE'=>$lang['date'], + 'L_FILE'=>$lang['file'], + 'L_CATEGORY'=>$lang['category'], + 'L_SUBMIT'=>$lang['submit'], + 'L_DELETE'=>$lang['delete'], + + 'F_ACTION'=>add_session_id(str_replace( '&', '&', $_SERVER['REQUEST_URI'] )) + )); + //-------------------------------------------------------- confirmation message -if ( isset( $_POST['submit'] ) ) +if (isset($_POST['submit'])) { - $vtp->addSession( $sub, 'confirmation' ); - $vtp->closeSession( $sub, 'confirmation' ); + $template->assign_block_vars('confirmation' ,array()); } //---------------------------------------------------------------- form display $cat_names = array(); -$query = 'SELECT id,storage_category_id,file,username,mail_address'; -$query.= ',date,tn_ext'; -$query.= ' FROM '.PREFIX_TABLE.'waiting'; +$query = 'SELECT * FROM '.WAITING_TABLE; $query.= " WHERE validated = 'false'"; $query.= ' ORDER BY storage_category_id'; $query.= ';'; @@ -96,57 +106,45 @@ $result = mysql_query( $query ); $i = 0; while ( $row = mysql_fetch_array( $result ) ) { - $vtp->addSession( $sub, 'picture' ); - $vtp->setVar( $sub, 'picture.id', $row['id'] ); - if ( $i++ % 2 == 0 ) - { - $vtp->setVar( $sub, 'picture.class', 'row2' ); - } if ( !isset( $cat_names[$row['storage_category_id']] ) ) { $cat = get_cat_info( $row['storage_category_id'] ); $cat_names[$row['storage_category_id']] = array(); $cat_names[$row['storage_category_id']]['dir'] = - '.'.get_complete_dir( $row['storage_category_id'] ); + PHPWG_ROOT_PATH.get_complete_dir( $row['storage_category_id'] ); $cat_names[$row['storage_category_id']]['display_name'] = get_cat_display_name( $cat['name'], ' > ', 'font-weight:bold;' ); } - // category name - $vtp->setVar( $sub, 'picture.cat_name', - $cat_names[$row['storage_category_id']]['display_name'] ); - // date displayed like this (in English ) : - // Sunday 15 June 2003 21:29 - $date = format_date( $row['date'], 'unix', true ); - $vtp->setVar( $sub, 'picture.date', $date ); - // file preview link - $url = $cat_names[$row['storage_category_id']]['dir'].$row['file']; - $vtp->setVar( $sub, 'picture.preview_url', $url ); - // file name - $vtp->setVar( $sub, 'picture.file', $row['file'] ); + $preview_url = PHPWG_ROOT_PATH.$cat_names[$row['storage_category_id']]['dir'].$row['file']; + $class='row1'; + if ( $i++ % 2== 0 ) $class='row2'; + + $template->assign_block_vars('picture' ,array( + 'WAITING_CLASS'=>$class, + 'CATEGORY_IMG'=>$cat_names[$row['storage_category_id']]['display_name'], + 'ID_IMG'=>$row['id'], + 'DATE_IMG'=>format_date( $row['date'], 'unix', true ), + 'FILE_IMG'=>$row['file'], + 'PREVIEW_URL_IMG'=>$preview_url, + 'UPLOAD_EMAIL'=>$row['mail_address'], + 'UPLOAD_USERNAME'=>$row['username'] + )); + // is there an existing associated thumnail ? - if ( isset( $row['tn_ext'] ) and $row['tn_ext'] != '' ) + if ( !empty( $row['tn_ext'] )) { - $vtp->addSession( $sub, 'thumbnail' ); $thumbnail = $conf['prefix_thumbnail']; $thumbnail.= get_filename_wo_extension( $row['file'] ); $thumbnail.= '.'.$row['tn_ext']; - $url = $cat_names[$row['storage_category_id']]['dir']; + $url = $cat_names[$row['storage_category_id']]['dir']; $url.= 'thumbnail/'.$thumbnail; - $vtp->setVar( $sub, 'thumbnail.preview_url', $url ); - $vtp->setVar( $sub, 'thumbnail.file', $thumbnail ); - $vtp->closeSession( $sub, 'thumbnail' ); + + $template->assign_block_vars('picture.thumbnail' ,array( + 'PREVIEW_URL_TN_IMG'=>$url, + 'FILE_TN_IMG'=>$thumbnail + )); } - else - { - $vtp->addSession( $sub, 'no_thumbnail' ); - $vtp->closeSession( $sub, 'no_thumbnail' ); - } - // username and associated mail address - $vtp->setVar( $sub, 'picture.mail_address', $row['mail_address'] ); - $vtp->setVar( $sub, 'picture.username', $row['username'] ); - - $vtp->closeSession( $sub, 'picture' ); } //----------------------------------------------------------- sending html code -$vtp->Parse( $handle , 'sub', $sub ); +$template->assign_var_from_handle('ADMIN_CONTENT', 'waiting'); ?> |