From 805aeeb5ccc6c025dea8f16660f8ddbd78aab20a Mon Sep 17 00:00:00 2001 From: plegall Date: Tue, 29 Mar 2011 10:52:44 +0000 Subject: merge back r9743, wrong method to merge a commit from trunk to branch 2.1 git-svn-id: http://piwigo.org/svn/branches/2.1@9913 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/ws_functions.inc.php | 607 ++++++++----------------------------------- 1 file changed, 115 insertions(+), 492 deletions(-) (limited to 'include/ws_functions.inc.php') diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php index 849ff949e..1e414b9ce 100644 --- a/include/ws_functions.inc.php +++ b/include/ws_functions.inc.php @@ -1,8 +1,8 @@ ='".$params['f_min_date_available']."'"; + $clauses[] = $tbl_name."date_available>='".$params['f_min_date_posted']."'"; } - if ( isset($params['f_max_date_available']) ) + if ( isset($params['f_max_date_posted']) ) { - $clauses[] = $tbl_name."date_available<'".$params['f_max_date_available']."'"; + $clauses[] = $tbl_name."date_available<'".$params['f_max_date_posted']."'"; } if ( isset($params['f_min_date_created']) ) { @@ -175,7 +175,7 @@ function ws_std_get_image_xml_attributes() function ws_getVersion($params, &$service) { global $conf; - if ($conf['show_version'] or is_admin() ) + if ($conf['show_version']) return PHPWG_VERSION; else return new PwgError(403, 'Forbidden'); @@ -742,7 +742,7 @@ SELECT id, date, author, content ) { $comment_post_data['author'] = stripslashes($user['username']); - $comment_post_data['key'] = get_ephemeral_key(2, $params['image_id']); + $comment_post_data['key'] = get_comment_post_key($params['image_id']); } $ret = $image_row; @@ -892,7 +892,7 @@ SELECT * FROM '.IMAGES_TABLE.' function ws_images_setPrivacyLevel($params, &$service) { - if (!is_admin()) + if (!is_admin() || is_adviser() ) { return new PwgError(401, 'Access denied'); } @@ -935,7 +935,7 @@ function ws_images_add_chunk($params, &$service) // type {thumb, file, high} // position - if (!is_admin()) + if (!is_admin() || is_adviser() ) { return new PwgError(401, 'Access denied'); } @@ -1076,8 +1076,6 @@ function merge_chunks($output_filepath, $original_sum, $type) */ function add_file($file_path, $type, $original_sum, $file_sum) { - include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); - $file_path = file_path_for_type($file_path, $type); $upload_dir = dirname($file_path); @@ -1141,7 +1139,7 @@ function ws_images_addFile($params, &$service) // sum global $conf; - if (!is_admin()) + if (!is_admin() || is_adviser() ) { return new PwgError(401, 'Access denied'); } @@ -1209,8 +1207,8 @@ SELECT function ws_images_add($params, &$service) { - global $conf, $user; - if (!is_admin()) + global $conf; + if (!is_admin() || is_adviser() ) { return new PwgError(401, 'Access denied'); } @@ -1284,7 +1282,6 @@ SELECT 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $params['original_sum'], - 'added_by' => $user['id'], ); $info_columns = array( @@ -1340,122 +1337,6 @@ SELECT invalidate_user_cache(); } -function ws_images_addSimple($params, &$service) -{ - global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - - $params['image_id'] = (int)$params['image_id']; - if ($params['image_id'] > 0) - { - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); - - $query=' -SELECT * - FROM '.IMAGES_TABLE.' - WHERE id = '.$params['image_id'].' -;'; - - $image_row = pwg_db_fetch_assoc(pwg_query($query)); - if ($image_row == null) - { - return new PwgError(404, "image_id not found"); - } - } - - // category - $params['category'] = (int)$params['category']; - if ($params['category'] <= 0 and $params['image_id'] <= 0) - { - return new PwgError(WS_ERR_INVALID_PARAM, "Invalid category_id"); - } - - include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); - prepare_upload_configuration(); - - $image_id = add_uploaded_file( - $_FILES['image']['tmp_name'], - $_FILES['image']['name'], - $params['category'] > 0 ? array($params['category']) : null, - 8, - $params['image_id'] > 0 ? $params['image_id'] : null - ); - - $info_columns = array( - 'name', - 'author', - 'comment', - 'level', - 'date_creation', - ); - - foreach ($info_columns as $key) - { - if (isset($params[$key])) - { - $update[$key] = $params[$key]; - } - } - - if (count(array_keys($update)) > 0) - { - $update['id'] = $image_id; - - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); - mass_updates( - IMAGES_TABLE, - array( - 'primary' => array('id'), - 'update' => array_diff(array_keys($update), array('id')) - ), - array($update) - ); - } - - - if (isset($params['tags']) and !empty($params['tags'])) - { - $tag_ids = array(); - $tag_names = explode(',', $params['tags']); - foreach ($tag_names as $tag_name) - { - $tag_id = tag_id_from_tag_name($tag_name); - array_push($tag_ids, $tag_id); - } - - add_tags($tag_ids, array($image_id)); - } - - $url_params = array('image_id' => $image_id); - - if ($params['category'] > 0) - { - $query = ' -SELECT id, name, permalink - FROM '.CATEGORIES_TABLE.' - WHERE id = '.$params['category'].' -;'; - $result = pwg_query($query); - $category = pwg_db_fetch_assoc($result); - - $url_params['section'] = 'categories'; - $url_params['category'] = $category; - } - - return array( - 'image_id' => $image_id, - 'url' => make_picture_url($url_params), - ); -} - /** * perform a login (web service method) */ @@ -1579,48 +1460,69 @@ function ws_tags_getImages($params, &$service) $tag_ids = array_keys($tags_by_id); - $where_clauses = ws_std_image_sql_filter($params); - if (!empty($where_clauses)) - { - $where_clauses = implode( ' AND ', $where_clauses); - } - $image_ids = get_image_ids_for_tags( - $tag_ids, - $params['tag_mode_and'] ? 'AND' : 'OR', - $where_clauses, - ws_std_image_sql_order($params) ); - - - $image_ids = array_slice($image_ids, (int)($params['per_page']*$params['page']), (int)$params['per_page'] ); - + $image_ids = array(); $image_tag_map = array(); - if ( !empty($image_ids) and !$params['tag_mode_and'] ) + + if ( !empty($tag_ids) ) { // build list of image ids with associated tags per image - $query = ' + if ($params['tag_mode_and']) + { + $image_ids = get_image_ids_for_tags( $tag_ids ); + } + else + { + $query = ' SELECT image_id, GROUP_CONCAT(tag_id) AS tag_ids FROM '.IMAGE_TAG_TABLE.' - WHERE tag_id IN ('.implode(',',$tag_ids).') AND image_id IN ('.implode(',',$image_ids).') + WHERE tag_id IN ('.implode(',',$tag_ids).') GROUP BY image_id'; - $result = pwg_query($query); - while ( $row=pwg_db_fetch_assoc($result) ) - { - $row['image_id'] = (int)$row['image_id']; - array_push( $image_ids, $row['image_id'] ); - $image_tag_map[ $row['image_id'] ] = explode(',', $row['tag_ids']); + $result = pwg_query($query); + while ( $row=pwg_db_fetch_assoc($result) ) + { + $row['image_id'] = (int)$row['image_id']; + array_push( $image_ids, $row['image_id'] ); + $image_tag_map[ $row['image_id'] ] = explode(',', $row['tag_ids']); + } } } $images = array(); - if (!empty($image_ids)) - { - $rank_of = array_flip($image_ids); - $result = pwg_query(' -SELECT * FROM '.IMAGES_TABLE.' - WHERE id IN ('.implode(',',$image_ids).')'); + if ( !empty($image_ids)) + { + $where_clauses = ws_std_image_sql_filter($params); + $where_clauses[] = get_sql_condition_FandF( + array + ( + 'forbidden_categories' => 'category_id', + 'visible_categories' => 'category_id', + 'visible_images' => 'i.id' + ), + '', true + ); + $where_clauses[] = 'id IN ('.implode(',',$image_ids).')'; + + $order_by = ws_std_image_sql_order($params); + if (empty($order_by)) + { + $order_by = $conf['order_by']; + } + else + { + $order_by = 'ORDER BY '.$order_by; + } + + $query = ' +SELECT DISTINCT i.* FROM '.IMAGES_TABLE.' i + INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON i.id=image_id + WHERE '. implode(' + AND ', $where_clauses).' +'.$order_by.' +LIMIT '.(int)$params['per_page'].' OFFSET '.(int)($params['per_page']*$params['page']); + + $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $image = array(); - $image['rank'] = $rank_of[ $row['id'] ]; foreach ( array('id', 'width', 'height', 'hit') as $k ) { if (isset($row[$k])) @@ -1664,8 +1566,6 @@ SELECT * FROM '.IMAGES_TABLE.' ); array_push($images, $image); } - usort($images, 'rank_compare'); - unset($rank_of); } return array( 'images' => @@ -1684,7 +1584,7 @@ SELECT * FROM '.IMAGES_TABLE.' function ws_categories_add($params, &$service) { - if (!is_admin()) + if (!is_admin() or is_adviser()) { return new PwgError(401, 'Access denied'); } @@ -1708,7 +1608,7 @@ function ws_categories_add($params, &$service) function ws_tags_add($params, &$service) { - if (!is_admin()) + if (!is_admin() or is_adviser()) { return new PwgError(401, 'Access denied'); } @@ -1729,7 +1629,7 @@ function ws_images_exist($params, &$service) { global $conf; - if (!is_admin()) + if (!is_admin() or is_adviser()) { return new PwgError(401, 'Access denied'); } @@ -1805,7 +1705,7 @@ SELECT function ws_images_checkFiles($params, &$service) { - if (!is_admin()) + if (!is_admin() or is_adviser()) { return new PwgError(401, 'Access denied'); } @@ -1844,7 +1744,6 @@ SELECT } if (isset($params[$param_name.'_sum'])) { - include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); $type_path = file_path_for_type($path, $type); if (!is_file($type_path)) { $ret[$param_name] = 'missing'; @@ -1863,10 +1762,35 @@ SELECT return $ret; } +function file_path_for_type($file_path, $type='thumb') +{ + // resolve the $file_path depending on the $type + if ('thumb' == $type) { + $file_path = get_thumbnail_location( + array( + 'path' => $file_path, + 'tn_ext' => 'jpg', + ) + ); + } + + if ('high' == $type) { + @include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php'); + $file_path = get_high_location( + array( + 'path' => $file_path, + 'has_high' => 'true' + ) + ); + } + + return $file_path; +} + function ws_images_setInfo($params, &$service) { global $conf; - if (!is_admin()) + if (!is_admin() || is_adviser() ) { return new PwgError(401, 'Access denied'); } @@ -1992,45 +1916,6 @@ SELECT * invalidate_user_cache(); } -function ws_images_delete($params, &$service) -{ - global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) - { - return new PwgError(403, 'Invalid security token'); - } - - $params['image_id'] = preg_split( - '/[\s,;\|]/', - $params['image_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); - $params['image_id'] = array_map('intval', $params['image_id']); - - $image_ids = array(); - foreach ($params['image_id'] as $image_id) - { - if ($image_id > 0) - { - array_push($image_ids, $image_id); - } - } - - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); - delete_elements($image_ids, true); -} - function ws_add_image_category_relations($image_id, $categories_string, $replace_mode=false) { // let's add links between the image and the categories @@ -2188,7 +2073,7 @@ SELECT function ws_categories_setInfo($params, &$service) { global $conf; - if (!is_admin()) + if (!is_admin() || is_adviser() ) { return new PwgError(401, 'Access denied'); } @@ -2243,195 +2128,6 @@ function ws_categories_setInfo($params, &$service) } -function ws_categories_delete($params, &$service) -{ - global $conf; - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) - { - return new PwgError(403, 'Invalid security token'); - } - - $modes = array('no_delete', 'delete_orphans', 'force_delete'); - if (!in_array($params['photo_deletion_mode'], $modes)) - { - return new PwgError( - 500, - '[ws_categories_delete]' - .' invalid parameter photo_deletion_mode "'.$params['photo_deletion_mode'].'"' - .', possible values are {'.implode(', ', $modes).'}.' - ); - } - - $params['category_id'] = preg_split( - '/[\s,;\|]/', - $params['category_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); - $params['category_id'] = array_map('intval', $params['category_id']); - - $category_ids = array(); - foreach ($params['category_id'] as $category_id) - { - if ($category_id > 0) - { - array_push($category_ids, $category_id); - } - } - - if (count($category_ids) == 0) - { - return; - } - - $query = ' -SELECT id - FROM '.CATEGORIES_TABLE.' - WHERE id IN ('.implode(',', $category_ids).') -;'; - $category_ids = array_from_query($query, 'id'); - - if (count($category_ids) == 0) - { - return; - } - - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); - delete_categories($category_ids, $params['photo_deletion_mode']); - update_global_rank(); -} - -function ws_categories_move($params, &$service) -{ - global $conf, $page; - - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (!$service->isPost()) - { - return new PwgError(405, "This method requires HTTP POST"); - } - - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) - { - return new PwgError(403, 'Invalid security token'); - } - - $params['category_id'] = preg_split( - '/[\s,;\|]/', - $params['category_id'], - -1, - PREG_SPLIT_NO_EMPTY - ); - $params['category_id'] = array_map('intval', $params['category_id']); - - $category_ids = array(); - foreach ($params['category_id'] as $category_id) - { - if ($category_id > 0) - { - array_push($category_ids, $category_id); - } - } - - if (count($category_ids) == 0) - { - return new PwgError(403, 'Invalid category_id input parameter, no category to move'); - } - - // we can't move physical categories - $categories_in_db = array(); - - $query = ' -SELECT - id, - name, - dir - FROM '.CATEGORIES_TABLE.' - WHERE id IN ('.implode(',', $category_ids).') -;'; - $result = pwg_query($query); - while ($row = pwg_db_fetch_assoc($result)) - { - $categories_in_db[$row['id']] = $row; - // we break on error at first physical category detected - if (!empty($row['dir'])) - { - $row['name'] = strip_tags( - trigger_event( - 'render_category_name', - $row['name'], - 'ws_categories_move' - ) - ); - - return new PwgError( - 403, - sprintf( - 'Category %s (%u) is not a virtual category, you cannot move it', - $row['name'], - $row['id'] - ) - ); - } - } - - if (count($categories_in_db) != count($category_ids)) - { - $unknown_category_ids = array_diff($category_ids, array_keys($categories_in_db)); - - return new PwgError( - 403, - sprintf( - 'Category %u does not exist', - $unknown_category_ids[0] - ) - ); - } - - // does this parent exists? This check should be made in the - // move_categories function, not here - // - // 0 as parent means "move categories at gallery root" - if (!is_numeric($params['parent'])) - { - return new PwgError(403, 'Invalid parent input parameter'); - } - - if (0 != $params['parent']) { - $params['parent'] = intval($params['parent']); - $subcat_ids = get_subcat_ids(array($params['parent'])); - if (count($subcat_ids) == 0) - { - return new PwgError(403, 'Unknown parent category id'); - } - } - - $page['infos'] = array(); - $page['errors'] = array(); - include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); - move_categories($category_ids, $params['parent']); - invalidate_user_cache(); - - if (count($page['errors']) != 0) - { - return new PwgError(403, implode('; ', $page['errors'])); - } -} - function ws_logfile($string) { global $conf; @@ -2451,12 +2147,11 @@ function ws_images_checkUpload($params, &$service) { global $conf; - if (!is_admin()) + if (!is_admin() or is_adviser()) { return new PwgError(401, 'Access denied'); } - include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); $ret['message'] = ready_for_upload_message(); $ret['ready_for_upload'] = true; @@ -2468,110 +2163,38 @@ function ws_images_checkUpload($params, &$service) return $ret; } -function ws_plugins_getList($params, &$service) +function ready_for_upload_message() { global $conf; - - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php'); - $plugins = new plugins(); - $plugins->sort_fs_plugins('name'); - $plugin_list = array(); + $relative_dir = preg_replace('#^'.PHPWG_ROOT_PATH.'#', '', $conf['upload_dir']); - foreach($plugins->fs_plugins as $plugin_id => $fs_plugin) + if (!is_dir($conf['upload_dir'])) { - if (isset($plugins->db_plugins_by_id[$plugin_id])) + if (!is_writable(dirname($conf['upload_dir']))) { - $state = $plugins->db_plugins_by_id[$plugin_id]['state']; - } - else - { - $state = 'uninstalled'; + return sprintf( + l10n('Create the "%s" directory at the root of your Piwigo installation'), + $relative_dir + ); } - - array_push( - $plugin_list, - array( - 'id' => $plugin_id, - 'name' => $fs_plugin['name'], - 'version' => $fs_plugin['version'], - 'state' => $state, - 'description' => $fs_plugin['description'], - ) - ); - } - - return $plugin_list; -} - -function ws_plugins_performAction($params, &$service) -{ - global $template; - - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) - { - return new PwgError(403, 'Invalid security token'); - } - - define('IN_ADMIN', true); - include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php'); - $plugins = new plugins(); - $errors = $plugins->perform_action($params['action'], $params['plugin']); - - - if (!empty($errors)) - { - return new PwgError(500, $errors); } else { - if (in_array($params['action'], array('activate', 'deactivate'))) + if (!is_writable($conf['upload_dir'])) { - $template->delete_compiled_templates(); + @chmod($conf['upload_dir'], 0777); + + if (!is_writable($conf['upload_dir'])) + { + return sprintf( + l10n('Give write access (chmod 777) to "%s" directory at the root of your Piwigo installation'), + $relative_dir + ); + } } - return true; - } -} - -function ws_themes_performAction($params, &$service) -{ - global $template; - - if (!is_admin()) - { - return new PwgError(401, 'Access denied'); - } - - if (empty($params['pwg_token']) or get_pwg_token() != $params['pwg_token']) - { - return new PwgError(403, 'Invalid security token'); } - define('IN_ADMIN', true); - include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php'); - $themes = new themes(); - $errors = $themes->perform_action($params['action'], $params['theme']); - - if (!empty($errors)) - { - return new PwgError(500, $errors); - } - else - { - if (in_array($params['action'], array('activate', 'deactivate'))) - { - $template->delete_compiled_templates(); - } - return true; - } + return null; } ?> -- cgit v1.2.3