Location: PHPKode > projects > Gnew > Gnew-2013.1/admin/emoticons.php
<?php
// -----------------------------------------------------------------------------
// $Id: emoticons.php 644 2013-03-22 12:54:09Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['ADMIN_EMOTICONS']);

// Moderator?
if ($users['user_level'] > 1)
{
    // http://www.php.net/post-max-size
    // If the size of POST data is greater than post_max_size, the $_POST and $_FILES superglobals will be empty
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0)
    {
        $valid_size = return_bytes(ini_get('post_max_size'));
        error_template(sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size));
    }
    // Add?
    elseif (isset($_POST['add_emoticon']))
    {
        $error = '';
        $upload_dir = './../images/emoticons/';
        // http://bugs.php.net/bug.php?id=47096
        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
        {
            $upload_name = preg_replace(array('`[^a-z0-9-_.\s]`i', '`\s+`'), array(' ', '_'), $_FILES['emoticon_image']['name']);
        }
        else
        {
            $upload_name = preg_replace('`["!#$%&\'*+/=?^\`{|}~()<>\[\]:;@\\\\,\s\t]+`', '_', $_FILES['emoticon_image']['name']);
        }
        $upload_file = $upload_dir . $upload_name;
        $upload_ext = substr($upload_name, strrpos($upload_name, '.'));
        $valid_ext = array('.gif', '.GIF', '.jpg', '.JPG', '.jpeg', '.JPEG', '.png', '.PNG');
        $valid_size = return_bytes(ini_get('upload_max_filesize'));
        // Check code
        if (!trim($_POST['emoticon_code']))
        {
            $error .= $lang['ERROR_NO_CODE'];
        }
        else
        {
            $sql->query('SELECT emoticon_code
                         FROM ' . TABLE_EMOTICONS . '
                         WHERE emoticon_code = \'' . utf8_entities($_POST['emoticon_code']) . '\'');
            $table_emoticons = $sql->fetch();
            // Check duplicate codes
            if ($table_emoticons['emoticon_code'])
            {
                $error .= $lang['ERROR_CODE_USED'];
            }
        }
        // Check image
        if (!trim($upload_name))
        {
            $error .= $lang['ERROR_NO_IMAGE'];
        }
        else
        {
            // Check directory permissions
            if (!is_writable($upload_dir))
            {
                $error .= sprintf($lang['ERROR_DIR_NOT_WRITABLE'], $upload_dir);
            }
            // Check duplicate images
            if (file_exists($upload_file))
            {
                $error .= $lang['ERROR_IMAGE_EXISTS'];
            }
            // Check image format
            if (!in_array($upload_ext, $valid_ext))
            {
                $error .= $lang['ERROR_INVALID_IMAGE_FILE'];
            }
            // Check file size
            if ($_FILES['emoticon_image']['size'] > $valid_size)
            {
                $error .= sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size);
            }
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            if (move_uploaded_file($_FILES['emoticon_image']['tmp_name'], $upload_file))
            {
                $sql->query('INSERT INTO ' . TABLE_EMOTICONS . ' (emoticon_code, emoticon_image, emoticon_creation)
                             VALUES (\'' . utf8_entities($_POST['emoticon_code']) . '\', \'' . utf8_entities($upload_file) . '\', \'' . time() . '\')');
                $GLOBALS['cache']->clean(TABLE_EMOTICONS);
                success_template($lang['EMOTICON_ADDED'], './../admin/emoticons.php?action=view_emoticons');
            }
            else
            {
                error_template($lang['ERROR_INVALID_UPLOADED_FILE']);
            }
        }
    }
    // Emoticons list
    elseif (isset($_GET['action']) && $_GET['action'] == 'view_emoticons')
    {
        // Query string - ?action=view_emoticons&sort=&order=&page=&list=
        if (!empty($_GET['sort']) && preg_match('`^(emoticon_id|emoticon_code)$`', $_GET['sort']))
        {
            $query = 'sort=' . $_GET['sort'];
        }
        if (!empty($_GET['order']) && preg_match('`^(ASC|DESC)$`', $_GET['order']))
        {
            if (!empty($_GET['sort']) && preg_match('`^(emoticon_id|emoticon_code)$`', $_GET['sort']))
            {
                $query .= '&amp;order=' . $_GET['order'];
            }
        }
        if ((empty($_GET['sort']) || !preg_match('`^(emoticon_id|emoticon_code)$`', $_GET['sort'])) || (empty($_GET['order']) || !preg_match('`^(ASC|DESC)$`', $_GET['order'])))
        {
            $clause = '';
            $query = '';
        }
        else
        {
            $clause = 'ORDER BY ' . $_GET['sort'] . ' ' . $_GET['order'];
            $query .= '&amp;';
        }

        // Create pages list
        if (empty($_GET['page']) || !string_is_int($_GET['page']))
        {
            $_GET['page'] = 1;
        }
        $emoticons_per_page = 20;
        $emoticons_offset = ($_GET['page'] - 1) * $emoticons_per_page;
        $sql->query('SELECT emoticon_id
                     FROM ' . TABLE_EMOTICONS);
        $num_emoticons = $sql->num_rows();
        $num_pages = ceil($num_emoticons / $emoticons_per_page);
        $pages_list = get_pages_list('./../admin/emoticons.php?action=view_emoticons&amp;' . $query, $num_pages);

        $template->set_file('admin', 'admin/emoticons/view.htpl');
        $template->set_block('admin', 'EMOTICONS_BLOCK', 'emoticons');
        $sql->query('SELECT emoticon_code, emoticon_id, emoticon_image
                     FROM ' . TABLE_EMOTICONS . '
                     ' . $clause . '
                     LIMIT ' . $emoticons_per_page . ' OFFSET ' . $emoticons_offset);
        while ($table_emoticons = $sql->fetch())
        {
            $template->set_var(array('EMOTICON_CODE' => $table_emoticons['emoticon_code'],
                                     'EMOTICON_ID' => $table_emoticons['emoticon_id'],
                                     'EMOTICON_IMAGE' => utf8_chars($table_emoticons['emoticon_image'])));
            $template->parse('EMOTICONS_BLOCK', 'emoticons', true);
        }
        $template->set_var('PAGES', sprintf($lang['PAGES'], $pages_list));
        $template->parse('admin');
    }
    // Edit form
    elseif (isset($_GET['action']) && $_GET['action'] == 'edit_emoticon')
    {
        // Check query
        if (!empty($_GET['emoticon_id']) && string_is_int($_GET['emoticon_id']))
        {
            $sql->query('SELECT emoticon_code, emoticon_id, emoticon_image
                         FROM ' . TABLE_EMOTICONS . '
                         WHERE emoticon_id = \'' . $_GET['emoticon_id'] . '\'');
            $table_emoticons = $sql->fetch();
            // Check emoticon
            if (!$table_emoticons['emoticon_id'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                $template->set_file('admin', 'admin/emoticons/edit.htpl');
                $template->set_var(array('EMOTICON_CODE' => $table_emoticons['emoticon_code'],
                                         'EMOTICON_ID' => $table_emoticons['emoticon_id'],
                                         'EMOTICON_IMAGE' => utf8_chars($table_emoticons['emoticon_image'])));
                $template->parse('admin');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Edit?
    elseif (isset($_POST['edit_emoticon']))
    {
        $error = '';
        $upload_dir = './../images/emoticons/';
        // http://bugs.php.net/bug.php?id=47096
        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
        {
            $upload_name = preg_replace(array('`[^a-z0-9-_.\s]`i', '`\s+`'), array(' ', '_'), $_FILES['emoticon_image2']['name']);
        }
        else
        {
            $upload_name = preg_replace('`["!#$%&\'*+/=?^\`{|}~()<>\[\]:;@\\\\,\s\t]+`', '_', $_FILES['emoticon_image2']['name']);
        }
        $upload_file = $upload_dir . $upload_name;
        $upload_ext = substr($upload_name, strrpos($upload_name, '.'));
        $valid_ext = array('.gif', '.GIF', '.jpg', '.JPG', '.jpeg', '.JPEG', '.png', '.PNG');
        $valid_size = return_bytes(ini_get('upload_max_filesize'));
        // Check code
        if (!trim($_POST['emoticon_code']))
        {
            $error .= $lang['ERROR_NO_CODE'];
        }
        else
        {
            $sql->query('SELECT emoticon_code
                         FROM ' . TABLE_EMOTICONS . '
                         WHERE emoticon_code = \'' . utf8_entities($_POST['emoticon_code']) . '\'
                         AND emoticon_id <> \'' . $_POST['emoticon_id'] . '\'');
            $table_emoticons = $sql->fetch();
            // Check duplicate codes
            if ($table_emoticons['emoticon_code'])
            {
                $error .= $lang['ERROR_CODE_USED'];
            }
        }
        // Check new image
        if (!empty($upload_name))
        {
            // Check directory permissions
            if (!is_writable($upload_dir))
            {
                $error .= sprintf($lang['ERROR_DIR_NOT_WRITABLE'], $upload_dir);
            }
            // Check duplicate images
            if (file_exists($upload_file))
            {
                $error .= $lang['ERROR_IMAGE_EXISTS'];
            }
            // Check image format
            if (!in_array($upload_ext, $valid_ext))
            {
                $error .= $lang['ERROR_INVALID_IMAGE_FILE'];
            }
            // Check file size
            if ($_FILES['emoticon_image2']['size'] > $valid_size)
            {
                $error .= sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size);
            }
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            // New image?
            if (!empty($upload_name))
            {
                if (move_uploaded_file($_FILES['emoticon_image2']['tmp_name'], $upload_file))
                {
                    // Delete old image
                    unlink($_POST['emoticon_image']);
                    $sql->query('UPDATE ' . TABLE_EMOTICONS . '
                                 SET emoticon_code = \'' . utf8_entities($_POST['emoticon_code']) . '\', emoticon_image = \'' . utf8_entities($upload_file) . '\', emoticon_edition = \'' . time() . '\', edition_id = \'' . $_SESSION['user_id'] . '\', edition_name = \'' . $users['user_name'] . '\'
                                 WHERE emoticon_id = \'' . $_POST['emoticon_id'] . '\'');
                    $GLOBALS['cache']->clean(TABLE_EMOTICONS);
                    success_template($lang['EMOTICON_EDITED'], './../admin/emoticons.php?action=view_emoticons');
                }
                else
                {
                    error_template($lang['ERROR_INVALID_UPLOADED_FILE']);
                }
            }
            else
            {
                $sql->query('UPDATE ' . TABLE_EMOTICONS . '
                             SET emoticon_code = \'' . utf8_entities($_POST['emoticon_code']) . '\', emoticon_image = \'' . utf8_entities($_POST['emoticon_image']) . '\', emoticon_edition = \'' . time() . '\', edition_id = \'' . $_SESSION['user_id'] . '\', edition_name = \'' . $users['user_name'] . '\'
                             WHERE emoticon_id = \'' . $_POST['emoticon_id'] . '\'');
                $GLOBALS['cache']->clean(TABLE_EMOTICONS);
                success_template($lang['EMOTICON_EDITED'], './../admin/emoticons.php?action=view_emoticons');
            }
        }
    }
    // Delete?
    elseif (isset($_GET['action']) && $_GET['action'] == 'delete_emoticon')
    {
        // Check query
        if (!empty($_GET['emoticon_id']) && string_is_int($_GET['emoticon_id']))
        {
            $sql->query('SELECT emoticon_image
                         FROM ' . TABLE_EMOTICONS . '
                         WHERE emoticon_id = \'' . $_GET['emoticon_id'] . '\'');
            $table_emoticons = $sql->fetch();
            // Check emoticon
            if (!$table_emoticons['emoticon_image'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                // Delete old image
                unlink(utf8_chars($table_emoticons['emoticon_image']));
                $sql->query('DELETE FROM ' . TABLE_EMOTICONS . '
                             WHERE emoticon_id = \'' . $_GET['emoticon_id'] . '\'');
                $GLOBALS['cache']->clean(TABLE_EMOTICONS);
                success_template($lang['EMOTICON_DELETED'], './../admin/emoticons.php?action=view_emoticons');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Add form
    else
    {
        $template->set_file('admin', 'admin/emoticons/add.htpl');
        $template->parse('admin');
    }
}
// Other
else
{
    error_template($lang['ERROR_LEVEL_ACCESS']);
}

page_footer();

?>
Return current item: Gnew