| [ PHPXref.com ] | [ Generated: Sun Jul 20 17:05:41 2008 ] | [ Coppermine 1.4.5 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /************************* 3 Coppermine Photo Gallery 4 ************************ 5 Copyright (c) 2003-2006 Coppermine Dev Team 6 v1.1 originally written by Gregory DEMAR 7 8 This program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by 10 the Free Software Foundation; either version 2 of the License, or 11 (at your option) any later version. 12 ******************************************** 13 Coppermine version: 1.4.5 14 $Source: /cvsroot/coppermine/stable/delete.php,v $ 15 $Revision: 1.15 $ 16 $Author: gaugau $ 17 $Date: 2006/03/02 08:17:40 $ 18 **********************************************/ 19 20 define('IN_COPPERMINE', true); 21 define('DELETE_PHP', true); 22 23 require ('include/init.inc.php'); 24 25 /** 26 * Local functions definition 27 */ 28 29 $header_printed = false; 30 $need_caption = false; 31 32 function output_table_header() 33 { 34 global $header_printed, $need_caption, $lang_delete_php; 35 36 $header_printed = true; 37 $need_caption = true; 38 39 echo <<<EOT 40 <tr> 41 <td class="tableh2"><b>{$lang_delete_php['npic']}</b></td> 42 <td class="tableh2" align="center"><b>{$lang_delete_php['fs_pic']}</b></td> 43 <td class="tableh2" align="center"><b>{$lang_delete_php['ns_pic']}</b></td> 44 <td class="tableh2" align="center"><b>{$lang_delete_php['thumb_pic']}</b></td> 45 <td class="tableh2" align="center"><b>{$lang_delete_php['comment']}</b></td> 46 <td class="tableh2" align="center"><b>{$lang_delete_php['im_in_alb']}</b></td> 47 </tr> 48 EOT; 49 } 50 51 function output_caption() 52 { 53 global $lang_delete_php 54 ?> 55 <tr><td colspan="6" class="tableb"> </td></tr> 56 <tr><td colspan="6" class="tableh2"><b><?php echo $lang_delete_php['caption'] ?></b></tr> 57 <tr><td colspan="6" class="tableb"> 58 <table cellpadding="1" cellspacing="0"> 59 <tr><td><b>F</b></td><td>:</td><td><?php echo $lang_delete_php['fs_pic'] ?></td><td width="20"> </td><td><img src="images/green.gif" border="0" width="12" height="12" align="absmiddle"></td><td>:</td><td><?php echo $lang_delete_php['del_success'] ?></td></tr> 60 <tr><td><b>N</b></td><td>:</td><td><?php echo $lang_delete_php['ns_pic'] ?></td><td width="20"> </td><td><img src="images/red.gif" border="0" width="12" height="12" align="absmiddle"></td><td>:</td><td><?php echo $lang_delete_php['err_del'] ?></td></tr> 61 <tr><td><b>T</b></td><td>:</td><td><?php echo $lang_delete_php['thumb_pic'] ?></td></tr> 62 <tr><td><b>C</b></td><td>:</td><td><?php echo $lang_delete_php['comment'] ?></td></tr> 63 <tr><td><b>D</b></td><td>:</td><td><?php echo $lang_delete_php['im_in_alb'] ?></td></tr> 64 </table> 65 </td> 66 </tr> 67 <?php 68 } 69 70 function delete_picture($pid) 71 { 72 global $CONFIG, $header_printed, $lang_errors; 73 74 if (!$header_printed) 75 output_table_header(); 76 77 $green = "<img src=\"images/green.gif\" border=\"0\" width=\"12\" height=\"12\"><br />"; 78 $red = "<img src=\"images/red.gif\" border=\"0\" width=\"12\" height=\"12\"><br />"; 79 80 if (GALLERY_ADMIN_MODE) { 81 $query = "SELECT aid, filepath, filename FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='$pid'"; 82 $result = cpg_db_query($query); 83 if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); 84 $pic = mysql_fetch_array($result); 85 } else { 86 $query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid as aid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'"; 87 $result = cpg_db_query($query); 88 if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); 89 $pic = mysql_fetch_array($result); 90 if (!($pic['category'] == FIRST_USER_CAT + USER_ID || ($CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)) || !USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); 91 } 92 93 $aid = $pic['aid']; 94 $dir = $CONFIG['fullpath'] . $pic['filepath']; 95 $file = $pic['filename']; 96 97 98 if (!is_writable($dir)) cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], htmlspecialchars($dir)), __FILE__, __LINE__); 99 100 echo "<td class=\"tableb\">" . htmlspecialchars($file) . "</td>"; 101 102 $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); 103 foreach ($files as $currFile) { 104 echo "<td class=\"tableb\" align=\"center\">"; 105 if (is_file($currFile)) { 106 if (@unlink($currFile)) 107 echo $green; 108 else 109 echo $red; 110 } else 111 echo " "; 112 echo "</td>"; 113 } 114 115 $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='$pid'"; 116 $result = cpg_db_query($query); 117 echo "<td class=\"tableb\" align=\"center\">"; 118 if (mysql_affected_rows() > 0) 119 echo $green; 120 else 121 echo " "; 122 echo "</td>"; 123 124 $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE filename='$dir$file' LIMIT 1"; 125 $result = cpg_db_query($query); 126 127 $query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='$pid' LIMIT 1"; 128 $result = cpg_db_query($query); 129 echo "<td class=\"tableb\" align=\"center\">"; 130 if (mysql_affected_rows() > 0) 131 echo $green; 132 else 133 echo $red; 134 echo "</td>"; 135 136 echo "</tr>\n"; 137 138 return $aid; 139 } 140 141 function delete_album($aid) 142 { 143 global $CONFIG, $lang_errors, $lang_delete_php; 144 145 $query = "SELECT title, category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid ='$aid'"; 146 $result = cpg_db_query($query); 147 if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); 148 $album_data = mysql_fetch_array($result); 149 150 if (!GALLERY_ADMIN_MODE) { 151 if ($album_data['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); 152 } 153 154 $query = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='$aid'"; 155 $result = cpg_db_query($query); 156 // Delete all files 157 while ($pic = mysql_fetch_array($result)) { 158 delete_picture($pic['pid']); 159 } 160 // Delete album 161 $query = "DELETE from {$CONFIG['TABLE_ALBUMS']} WHERE aid='$aid'"; 162 $result = cpg_db_query($query); 163 if (mysql_affected_rows() > 0) 164 echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['alb_del_success'], $album_data['title']) . "</td></tr>\n"; 165 } 166 167 /** 168 * Album manager functions 169 */ 170 171 function parse_select_option($value) 172 { 173 global $HTML_SUBST; 174 175 if (!preg_match("/.+?no=(\d+),album_nm='(.+?)',album_sort=(\d+),action=(\d)/", $value, $matches)) 176 return false; 177 178 return array('album_no' => (int)$matches[1], 179 'album_nm' => get_magic_quotes_gpc() ? strtr(stripslashes($matches[2]), $HTML_SUBST) : strtr($matches[2], $HTML_SUBST), 180 'album_sort' => (int)$matches[3], 181 'action' => (int)$matches[4] 182 ); 183 } 184 185 function parse_orig_sort_order($value) 186 { 187 if (!preg_match("/(\d+)@(\d+)/", $value, $matches)) 188 return false; 189 190 return array('aid' => (int)$matches[1], 191 'pos' => (int)$matches[2], 192 ); 193 } 194 195 function parse_list($value) 196 { 197 return preg_split("/,/", $value, -1, PREG_SPLIT_NO_EMPTY); 198 } 199 200 /************************************************************************** 201 * Picture manager functions 202 **************************************************************************/ 203 204 function parse_pic_select_option($value) 205 { 206 global $HTML_SUBST; 207 208 if (!preg_match("/.+?no=(\d+),picture_nm='(.+?)',picture_sort=(\d+),action=(\d)/", $value, $matches)) 209 return false; 210 211 return array( 212 'picture_no' => (int)$matches[1], 213 'picture_nm' => get_magic_quotes_gpc() ? strtr(stripslashes($matches[2]), $HTML_SUBST) : strtr($matches[2], $HTML_SUBST), 214 'picture_sort' => (int)$matches[3], 215 'action' => (int)$matches[4] 216 ); 217 } 218 219 function parse_pic_orig_sort_order($value) 220 { 221 if (!preg_match("/(\d+)@(\d+)/", $value, $matches)) 222 return false; 223 224 return array( 225 'aid' => (int)$matches[1], 226 'pos' => (int)$matches[2], 227 ); 228 } 229 230 231 function parse_pic_list($value) 232 { 233 return preg_split("/,/", $value, -1, PREG_SPLIT_NO_EMPTY); 234 } 235 236 237 /** 238 * Main code starts here 239 */ 240 241 if (!isset($_GET['what']) && !isset($_POST['what'])) { 242 cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); 243 } 244 245 $what = isset($_GET['what']) ? $_GET['what'] : $_POST['what']; 246 switch ($what) { 247 248 // Album manager (don't necessarily delete something ;-) 249 250 case 'albmgr': 251 if (!(GALLERY_ADMIN_MODE || USER_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); 252 253 if (!GALLERY_ADMIN_MODE) { 254 $restrict = "AND category = '" . (FIRST_USER_CAT + USER_ID) . "'"; 255 } else { 256 $restrict = ''; 257 } 258 259 pageheader($lang_delete_php['alb_mgr']); 260 starttable("100%", $lang_delete_php['alb_mgr'], 6); 261 262 $orig_sort_order = parse_list($_POST['sort_order']); 263 foreach ($orig_sort_order as $album) { 264 $op = parse_orig_sort_order($album); 265 if (count ($op) == 2) { 266 $query = "UPDATE $CONFIG[TABLE_ALBUMS] SET pos='{$op['pos']}' WHERE aid='{$op['aid']}' $restrict LIMIT 1"; 267 cpg_db_query($query); 268 } else { 269 cpg_die (sprintf(CRITICAL_ERROR, $lang_delete_php['err_invalid_data'], $_POST['sort_order']), __FILE__, __LINE__); 270 } 271 } 272 273 $to_delete = parse_list($_POST['delete_album']); 274 foreach ($to_delete as $album_id) { 275 delete_album((int)$album_id); 276 } 277 278 if (isset($_POST['to'])) foreach ($_POST['to'] as $option_value) { 279 $op = parse_select_option(stripslashes($option_value)); 280 switch ($op['action']) { 281 case '0': 282 break; 283 case '1': 284 if (GALLERY_ADMIN_MODE) { 285 $category = (int)$_POST['cat']; 286 } else { 287 $category = FIRST_USER_CAT + USER_ID; 288 } 289 echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['create_alb'], $op['album_nm']) . "</td></tr>\n"; 290 $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($op['album_nm']) . "', 'NO', '{$op['album_sort']}')"; 291 cpg_db_query($query); 292 break; 293 case '2': 294 echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['update_alb'], $op['album_no'], $op['album_nm'], $op['album_sort']) . "</td></tr>\n"; 295 $query = "UPDATE $CONFIG[TABLE_ALBUMS] SET title='" . addslashes($op['album_nm']) . "', pos='{$op['album_sort']}' WHERE aid='{$op['album_no']}' $restrict LIMIT 1"; 296 cpg_db_query($query); 297 break; 298 default: 299 cpg_die (CRITICAL_ERROR, $lang_delete_php['err_invalid_data'], __FILE__, __LINE__); 300 } 301 } 302 if ($need_caption) output_caption(); 303 echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n"; 304 echo "<div class=\"admin_menu_thumb\"><a href=\"index.php\" class=\"adm_menu\">$lang_continue</a></div>\n"; 305 echo "</td></tr>"; 306 endtable(); 307 pagefooter(); 308 ob_end_flush(); 309 break; 310 311 // 312 // Picture manager (don't necessarily delete something ;-) 313 // 314 case 'picmgr': 315 if (!(GALLERY_ADMIN_MODE || USER_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); 316 317 if(!GALLERY_ADMIN_MODE){ 318 //$restrict = "AND category = '".(FIRST_USER_CAT + USER_ID)."'"; 319 $restrict = ''; 320 } else { 321 $restrict = ''; 322 } 323 324 pageheader($lang_delete_php['pic_mgr']); 325 starttable("100%", $lang_delete_php['pic_mgr'], 6); 326 327 $orig_sort_order = parse_pic_list($_POST['sort_order']); 328 foreach ($orig_sort_order as $picture){ 329 $op = parse_pic_orig_sort_order($picture); 330 if (count ($op) == 2){ 331 $query = "UPDATE $CONFIG[TABLE_PICTURES] SET position='{$op['pos']}' WHERE pid='{$op['aid']}' $restrict LIMIT 1"; 332 cpg_db_query($query); 333 } else { 334 cpg_die (sprintf(CRITICAL_ERROR, $lang_delete_php['err_invalid_data'], $_POST['sort_order']), __FILE__, __LINE__); 335 } 336 } 337 338 $to_delete = parse_pic_list($_POST['delete_picture']); 339 foreach ($to_delete as $picture_id){ 340 delete_picture((int)$picture_id); 341 } 342 343 if (isset($_POST['to'])) foreach ($_POST['to'] as $option_value){ 344 $op = parse_pic_select_option(stripslashes($option_value)); 345 switch ($op['action']){ 346 case '0': 347 break; 348 case '1': 349 if(GALLERY_ADMIN_MODE){ 350 $category = (int)$_POST['cat']; 351 } else { 352 $category = FIRST_USER_CAT + USER_ID; 353 } 354 echo "<tr><td colspan=\"6\" class=\"tableb\">".sprintf($lang_delete_php['create_alb'], $op['album_nm'])."</td></tr>\n"; 355 $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '".addslashes($op['album_nm'])."', 'NO', '{$op['album_sort']}')"; 356 cpg_db_query($query); 357 break; 358 case '2': 359 echo "<tr><td colspan=\"6\" class=\"tableb\">".sprintf($lang_delete_php['update_pic'], $op['picture_no'], $op['picture_nm'], $op['picture_sort'])."</td></tr>\n"; 360 $query = "UPDATE $CONFIG[TABLE_PICTURES] SET position='{$op['picture_sort']}' WHERE pid='{$op['picture_no']}' $restrict LIMIT 1"; 361 cpg_db_query($query); 362 break; 363 default: 364 cpg_die (CRITICAL_ERROR, $lang_delete_php['err_invalid_data'], __FILE__, __LINE__); 365 } 366 } 367 if ($need_caption) output_caption(); 368 echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n"; 369 echo "<div class=\"admin_menu_thumb\"><a href=\"index.php\" class=\"adm_menu\">$lang_continue</a></div>\n"; 370 echo "</td></tr>"; 371 endtable(); 372 pagefooter(); 373 ob_end_flush(); 374 break; 375 376 377 378 // Comment 379 380 case 'comment': 381 $msg_id = (int)$_GET['msg_id']; 382 383 $result = cpg_db_query("SELECT pid FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id'"); 384 if (!mysql_num_rows($result)) { 385 cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_comment'], __FILE__, __LINE__); 386 } else { 387 $comment_data = mysql_fetch_array($result); 388 } 389 390 if (GALLERY_ADMIN_MODE) { 391 $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id'"; 392 } elseif (USER_ID) { 393 $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id' AND author_id ='" . USER_ID . "' LIMIT 1"; 394 } else { 395 $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$msg_id' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1"; 396 } 397 $result = cpg_db_query($query); 398 399 $header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: '; 400 $redirect = "displayimage.php?pos=" . (- $comment_data['pid']); 401 header($header_location . $redirect); 402 pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url=$redirect\">"); 403 msg_box($lang_info, $lang_delete_php['comment_deleted'], $lang_continue, $redirect); 404 pagefooter(); 405 ob_end_flush(); 406 break; 407 408 // Picture 409 410 case 'picture': 411 $pid = (int)$_GET['id']; 412 413 pageheader($lang_delete_php['del_pic']); 414 starttable("100%", $lang_delete_php['del_pic'], 6); 415 output_table_header(); 416 $aid = delete_picture($pid); 417 output_caption(); 418 echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n"; 419 echo "<div class=\"admin_menu_thumb\"><a href=\"thumbnails.php?album=$aid\" class=\"adm_menu\">$lang_continue</a></div>\n"; 420 echo "</td></tr>\n"; 421 endtable(); 422 pagefooter(); 423 ob_end_flush(); 424 break; 425 426 // Album 427 428 case 'album': 429 if (!(GALLERY_ADMIN_MODE || USER_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); 430 431 $aid = (int)$_GET['id']; 432 433 pageheader($lang_delete_php['del_alb']); 434 starttable("100%", $lang_delete_php['del_alb'], 6); 435 436 delete_album($aid); 437 if ($need_caption) output_caption(); 438 439 echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n"; 440 echo "<div class=\"admin_menu_thumb\"><a href=\"index.php\" class=\"adm_menu\">$lang_continue</a></div>\n"; 441 echo "</td></tr>"; 442 endtable(); 443 pagefooter(); 444 ob_end_flush(); 445 break; 446 447 // User 448 449 case 'user': 450 $user_id = str_replace('u', '', $_GET['id']); 451 $users_scheduled_for_action = explode(',', $user_id); 452 if (!(GALLERY_ADMIN_MODE) || ($user_id == USER_ID) || UDB_INTEGRATION != 'coppermine') cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); 453 454 switch ($_REQUEST['action']) { 455 case 'delete': 456 pageheader($lang_delete_php['del_user']); 457 starttable("100%", $lang_delete_php['del_user'], 6); 458 foreach($users_scheduled_for_action as $key) { 459 $result = cpg_db_query("SELECT user_name FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$key'"); 460 print '<tr>'; 461 if (!mysql_num_rows($result)) { 462 print '<td class="tableb">'.$lang_delete_php['err_unknown_user'].'</td>'; 463 } else { 464 $user_data = mysql_fetch_array($result); 465 print '<td class="tableb">'; 466 // First delete the albums 467 $result2 = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = '" . (FIRST_USER_CAT + $key) . "'"); 468 $user_alb_counter = 0; 469 while ($album = mysql_fetch_array($result2)) { 470 starttable('100%'); 471 delete_album($album['aid']); 472 endtable(); 473