diff options
Diffstat (limited to '')
| -rw-r--r-- | picture.php | 184 |
1 files changed, 91 insertions, 93 deletions
diff --git a/picture.php b/picture.php index 03d5300c3..d28dde037 100644 --- a/picture.php +++ b/picture.php @@ -47,7 +47,7 @@ initialize_category( 'picture' ); if ( 0 ) { echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; - echo '<a href="'.add_session_id( './category.php' ).'">'; + echo '<a href="'.add_session_id( PHPWG_ROOT_PATH.'category.php' ).'">'; echo $lang['thumbnails'].'</a></div>'; exit(); } @@ -130,18 +130,14 @@ for ($i=0; $i<$nb_row;$i++) $picture[$j]['url'] = PHPWG_ROOT_PATH.'picture.php?image_id='.$row['id']; $picture[$j]['url'].= '&cat='.$page['cat']; - if ( isset( $_GET['expand'] ) ) - $picture[$j]['url'].= '&expand='.$_GET['expand']; if ( $page['cat'] == 'search' ) { $picture[$j]['url'].= "&search=".$_GET['search'].'&mode='.$_GET['mode']; } } -$url_home = './category.php?cat='.$page['cat'].'&'; +$url_home = PHPWG_ROOT_PATH.'category.php?cat='.$page['cat'].'&'; $url_home.= 'num='.$page['num']; -if (isset($_GET['expand'])) - $url_home.='&expand='.$_GET['expand']; if ( $page['cat'] == 'search' ) { $url_home.= "&search=".$_GET['search'].'&mode='.$_GET['mode']; @@ -190,6 +186,80 @@ if ( isset( $_GET['add_fav'] ) ) } } +//--------------------------------------------------------- comment registeration + if ( isset( $_POST['content'] ) && !empty($_POST['content']) ) + { + $register_comment = true; + $author = !empty($_POST['author'])?$_POST['author']:$lang['guest']; + // if a guest try to use the name of an already existing user, he must + // be rejected + if ( $author != $user['username'] ) + { + $query = 'SELECT COUNT(*) AS user_exists'; + $query.= ' FROM '.USERS_TABLE; + $query.= " WHERE username = '".$author."'"; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + if ( $row['user_exists'] == 1 ) + { + $template->assign_block_vars('information', array('INFORMATION'=>$lang['comment_user_exists'])); + $register_comment = false; + } + } + + if ( $register_comment ) + { + // anti-flood system + $reference_date = time() - $conf['anti-flood_time']; + $query = 'SELECT id FROM '.COMMENTS_TABLE; + $query.= ' WHERE date > '.$reference_date; + $query.= " AND author = '".$author."'"; + $query.= ';'; + if ( mysql_num_rows( mysql_query( $query ) ) == 0 + || $conf['anti-flood_time'] == 0 ) + { + $query = 'INSERT INTO '.COMMENTS_TABLE; + $query.= ' (author,date,image_id,content,validated) VALUES ('; + $query.= "'".$author."'"; + $query.= ','.time().','.$_GET['image_id']; + $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'"; + if ( !$conf['comments_validation'] || $user['status'] == 'admin' ) + $query.= ",'true'"; + else + $query.= ",'false'"; + $query.= ');'; + mysql_query( $query ); + // information message + $message = $lang['comment_added']; + if ( $conf['comments_validation'] and $user['status'] != 'admin' ) + { + $message.= '<br />'.$lang['comment_to_validate']; + } + $template->assign_block_vars('information', array('INFORMATION'=>$message)); + // notification to the administrators + if ( $conf['mail_notification'] ) + { + $cat_name = get_cat_display_name( $page['cat_name'], ' > ', '' ); + $cat_name = strip_tags( $cat_name ); + notify( 'comment', $cat_name.' > '.$picture['current']['name']); + } + } + else + { + // information message + $template->assign_block_vars('information', array('INFORMATION'=>$lang['comment_anti-flood'])); + } + } + } + // comment deletion + if ( isset( $_GET['del'] ) + && is_numeric( $_GET['del'] ) + && $user['status'] == 'admin' ) + { + $query = 'DELETE FROM '.COMMENTS_TABLE.' WHERE id = '.$_GET['del'].';'; + mysql_query( $query ); + } + // // Start output of page // @@ -235,7 +305,6 @@ $picture_size = get_picture_size( $original_width, $original_height, include(PHPWG_ROOT_PATH.'include/page_header.php'); $template->set_filenames(array('picture'=>'picture.tpl')); -initialize_template(); $template->assign_vars(array( 'CATEGORY' => $title_img, @@ -263,8 +332,9 @@ $template->assign_vars(array( 'L_DELETE' =>$lang['delete'], 'L_SUBMIT' =>$lang['submit'], 'L_AUTHOR' =>$lang['author'], + 'L_COMMENT' =>$lang['comment'], - 'T_DEL_IMG' =>'./template/'.$user['template'].'/theme/delete.gif', + 'T_DEL_IMG' =>PHPWG_ROOT_PATH.'template/'.$user['template'].'/theme/delete.gif', 'U_PREV_IMG' => add_session_id($picture['prev']['url']), 'U_NEXT_IMG' => add_session_id($picture['next']['url']), @@ -299,6 +369,12 @@ if ($prev>=0) $template->assign_block_vars('previous', array()); if ($next) $template->assign_block_vars('next', array()); //--------------------------------------------------------- picture information +// legend +if ( !empty($picture['current']['comment']) ) +{ + $template->assign_block_vars('legend', array()); +} + // author if ( !empty($picture['current']['author']) ) { @@ -358,8 +434,7 @@ if ( !empty($picture['current']['keywords'])) { $keywords = explode( ',', $picture['current']['keywords'] ); $content = ''; - $url = './category.php?cat=search'; - if ( isset( $_GET['expand'] ) ) $url.= '&expand='.$_GET['expand']; + $url = PHPWG_ROOT_PATH.'category.php?cat=search'; $url.= '&mode=OR&search='; foreach ( $keywords as $i => $keyword ) { $local_url = add_session_id( $url.$keyword ); @@ -388,16 +463,14 @@ if ( !$user['is_the_guest'] ) $row = mysql_fetch_array( $result ); if (!$row['nb_fav']) { - $url = './picture.php?cat='.$page['cat'].'&image_id='.$_GET['image_id']; - if (isset($_GET['expand'])) - $url.= '&expand='.$_GET['expand']; + $url = PHPWG_ROOT_PATH.'picture.php?cat='.$page['cat'].'&image_id='.$_GET['image_id']; $url.='&add_fav=1'; if ( $page['cat'] == 'search' ) { $url.= '&search='.$_GET['search'].'&mode='.$_GET['mode']; } $template->assign_block_vars('favorite', array( - 'FAVORITE_IMG' => './template/'.$user['template'].'/theme/favorite.gif', + 'FAVORITE_IMG' => PHPWG_ROOT_PATH.'template/'.$user['template'].'/theme/favorite.gif', 'FAVORITE_HINT' =>$lang['add_favorites_hint'], 'FAVORITE_ALT' =>'[ '.$lang['add_favorites_alt'].' ]', 'U_FAVORITE'=> add_session_id( $url ) @@ -405,10 +478,10 @@ if ( !$user['is_the_guest'] ) } else { - $url = './picture.php?cat='.$page['cat'].'&image_id='.$_GET['image_id']; - $url.= '&expand='.$_GET['expand'].'&add_fav=0'; + $url = PHPWG_ROOT_PATH.'picture.php?cat='.$page['cat'].'&image_id='.$_GET['image_id']; + $url.= '&add_fav=0'; $template->assign_block_vars('favorite', array( - 'FAVORITE_IMG' => './template/'.$user['template'].'/theme/del_favorite.gif', + 'FAVORITE_IMG' => PHPWG_ROOT_PATH.'template/'.$user['template'].'/theme/del_favorite.gif', 'FAVORITE_HINT' =>$lang['del_favorites_hint'], 'FAVORITE_ALT' =>'[ '.$lang['del_favorites_alt'].' ]', 'U_FAVORITE'=> add_session_id( $url ) @@ -424,79 +497,6 @@ if ( $user['status'] == 'admin' ) //---------------------------------------------------- users's comments display if ( $conf['show_comments'] ) { - // comment registeration - if ( isset( $_POST['content'] ) && !empty($_POST['content']) ) - { - $register_comment = true; - $author = !empty($_POST['author'])?$_POST['author']:$lang['guest']; - // if a guest try to use the name of an already existing user, he must - // be rejected - if ( $author != $user['username'] ) - { - $query = 'SELECT COUNT(*) AS user_exists'; - $query.= ' FROM '.USERS_TABLE; - $query.= " WHERE username = '".$author."'"; - $query.= ';'; - $row = mysql_fetch_array( mysql_query( $query ) ); - if ( $row['user_exists'] == 1 ) - { - $template->assign_block_vars('information', array('INFORMATION'=>$lang['comment_user_exists'])); - $register_comment = false; - } - } - - if ( $register_comment ) - { - // anti-flood system - $reference_date = time() - $conf['anti-flood_time']; - $query = 'SELECT id FROM '.COMMENTS_TABLE; - $query.= ' WHERE date > '.$reference_date; - $query.= " AND author = '".$author."'"; - $query.= ';'; - if ( mysql_num_rows( mysql_query( $query ) ) == 0 - || $conf['anti-flood_time'] == 0 ) - { - $query = 'INSERT INTO '.COMMENTS_TABLE; - $query.= ' (author,date,image_id,content,validated) VALUES ('; - $query.= "'".$author."'"; - $query.= ','.time().','.$_GET['image_id']; - $query.= ",'".htmlspecialchars( $_POST['content'], ENT_QUOTES)."'"; - if ( !$conf['comments_validation'] || $user['status'] == 'admin' ) - $query.= ",'true'"; - else - $query.= ",'false'"; - $query.= ');'; - mysql_query( $query ); - // information message - $message = $lang['comment_added']; - if ( $conf['comments_validation'] and $user['status'] != 'admin' ) - { - $message.= '<br />'.$lang['comment_to_validate']; - } - $template->assign_block_vars('information', array('INFORMATION'=>$message)); - // notification to the administrators - if ( $conf['mail_notification'] ) - { - $cat_name = get_cat_display_name( $page['cat_name'], ' > ', '' ); - $cat_name = strip_tags( $cat_name ); - notify( 'comment', $cat_name.' > '.$picture['current']['name']); - } - } - else - { - // information message - $template->assign_block_vars('information', array('INFORMATION'=>$lang['comment_anti-flood'])); - } - } - } - // comment deletion - if ( isset( $_GET['del'] ) - && is_numeric( $_GET['del'] ) - && $user['status'] == 'admin' ) - { - $query = 'DELETE FROM '.COMMENTS_TABLE.' WHERE id = '.$_GET['del'].';'; - mysql_query( $query ); - } // number of comment for this picture $query = 'SELECT COUNT(*) AS nb_comments'; $query.= ' FROM '.COMMENTS_TABLE.' WHERE image_id = '.$_GET['image_id']; @@ -505,9 +505,7 @@ if ( $conf['show_comments'] ) $row = mysql_fetch_array( mysql_query( $query ) ); // navigation bar creation - $url = './picture.php?cat='.$page['cat'].'&image_id='.$_GET['image_id']; - if (isset($_GET['expand'])) - $url.= '&expand='.$_GET['expand']; + $url = PHPWG_ROOT_PATH.'picture.php?cat='.$page['cat'].'&image_id='.$_GET['image_id']; if ( $page['cat'] == 'search' ) { $url.= '&search='.$_GET['search'].'&mode='.$_GET['mode']; |