Location: PHPKode > scripts > Particle Gallery > includes/functions_images.php
<?php
// moderation for images (user level so seperate to moderate.php)
function uploadimages($albumid, $files, $titles){
	global $db, $dbprefix, $photo_types, $usr, $config;
	
	// validate the album id
	$albumid = intval($albumid);
	$sql = "SELECT * FROM " . $dbprefix . "albums WHERE albumid = " . dbSecure($albumid);
	$alb = $db->execute($sql);
	if ($alb->rows < 1){ return "The album could not be located"; }
	
	// run checks for regular users
	if ($usr->Access < 2){
		// check album isn't locked
		if ($alb->fields["status"] <> 1){
			return "This album is locked";
		} elseif ($config["useruploading"] <> "true"){
			return "Users are not allowed to upload";
		}
	}
	
	// work out visibility
	if ($usr->Access < 2){
		$visible = ($config["usermoderation"] == "true") ? 0 : 1;
	} else {
		$visible = 1;
	}
	
	// set up some data
	$counter = 0;
	$ctime = time();
	
	while($counter <= count($files["name"])){
		if($files['size'][$counter] > 0){
			if(!array_key_exists($files['type'][$counter], $photo_types)) {
				$result .= "File " . ($counter + 1) . " is not an acceptable format<br />\n";
			} else {
				// ok, let's process this image
				$sql  = "INSERT INTO " . $dbprefix . "images (albumid, userid, title, postdate, imagefile, format, extention, visible) VALUES (";
				$sql .= $alb->fields["albumid"] . ", ";
				$sql .= dbSecure($_SESSION["userid"]) . ", ";
				$sql .= "'" . dbSecure(strip_tags($titles[$counter])) . "', ";
				$sql .= ($ctime + $counter) . ", ";
				$sql .= "'" . addslashes(file_get_contents($files["tmp_name"][$counter])) . "', ";
				$sql .= "'" . dbSecure($files["type"][$counter]) . "', ";
				$sql .= "'" . dbSecure($photo_types[$files["type"][$counter]]) . "', ";
				$sql .= $visible . ")";
				$db->execute($sql);
				
				$result .= "File " . ($counter + 1) . " uploaded successfully<br />\n";
			}
		}
	$counter = ($counter + 1);
	}
	
	// complete results
	$result .= "Process complete!";
	
	// check for moderation
	if ($usr->Access < 2 && $config["usermoderation"] == "true"){
		$result .= "<br /><br />\n\n";
		$result .= "Your uploads will be reviewed by a moderator shortly";
	}
	
	// and return
	return $result;
}

function editimage($imageid, $albumid, $status, $title = "", $newfile = ""){
	global $db, $dbprefix, $photo_types, $usr, $config;
	
	// standard validation
	$imageid = intval($imageid);
	$albumid = intval($albumid);
	$status  = intval($status);
	
	$status  = ($status > 0) ? 1 : 0;
	
	// find the image
	$sql = "SELECT * FROM " . $dbprefix . "images WHERE imageid = " . dbSecure($imageid);
	$img = $db->execute($sql);
	if ($img->rows < 1){ return "The image could not be found"; }
	
	// find the album
	$sql = "SELECT * FROM " . $dbprefix . "albums WHERE albumid = " . dbSecure($albumid);
	$alb = $db->execute($sql);
	if ($alb->rows < 1){ return "The album could not be found"; }
	
	// find the previous album if different
	if ($img->fields["albumid"] <> $albumid){
		// moving to a new album, check old album
		$sql = "SELECT * FROM " . $dbprefix . "albums WHERE albumid = " . $img->fields["albumid"];
		$old = $db->execute($sql);
		$statuscheck = $old->fields["status"];
	} else {
		$statuscheck = $alb->fields["status"];
	}
	
	// carry out non-moderator checks
	if ($usr->Access < 2){
		if ($alb->fields["status"] == 0){
			return "Image cannot be edited while the album is locked";
		} elseif ($_SESSION["userid"] <> $img->fields["userid"]){
			return "Only the uploader of this image or a moderator can edit it";
		}
	}
	
	// work out visibility
	if ($usr->Access > 1){
		$visible = $img->fields["visible"];
	} else {
		// regular user
		if ($config["usermoderationonedit"] == "true"){
			$visible = 0;
		} else {
			$visible = $img->fields["visible"];
		}
	}
	
	// and run the normal update
	$sql  = "UPDATE " . $dbprefix . "images SET ";
	$sql .= "albumid = " . dbSecure($albumid) . ", ";
	$sql .= "status = " . dbSecure($status) . ", ";
	$sql .= "visible = " . dbSecure($visible) . ", ";
	$sql .= "title = '" . dbSecure(strip_tags($title)) . "' ";
	$sql .= "WHERE imageid = " . $img->fields["imageid"];
	$db->execute($sql);
	
	// clear cache
	uncache($img->fields["imageid"]);
	
	// maybe a new image file?
	if ($newfile == ""){
		return "Image updated, new file not uploaded";
	} else {
		// new file
		// check the file size
		if($newfile["size"] > 0){
			if(!array_key_exists($newfile["type"], $photo_types)){
				return "image updated, but new file was not an acceptable format";
			} else {
				// seems to be ok, let's run the update
				$sql  = "UPDATE " . $dbprefix . "images SET ";
				$sql .= "imagefile = '" . addslashes(file_get_contents($newfile["tmp_name"])) . "', ";
				$sql .= "format = '" . dbSecure($newfile["type"]) . "', ";
				$sql .= "extention = '" . dbSecure($photo_types[$newfile["type"]]) . "' ";
				$sql .= "WHERE imageid = " . $img->fields["imageid"];
				$db->execute($sql);
				
				// and return
				return "Image and file updated successfully!";
			}
		} else {
			return "Image updated, but new file was an empty file";
		}
	}
}

function deleteimage($imageid, $confirm){
	global $db, $dbprefix, $usr;
	
	$imageid = intval($imageid);
	
	if ($confirm <> "delete"){ return "You did not confirm the deletion"; }
	
	// validate the existance
	$sql = "SELECT * FROM " . $dbprefix . "images WHERE imageid = " . dbSecure($imageid);
	$img = $db->execute($sql);
	if ($img->rows < 1){ return "The image could not be found"; }
	
	// and select the album
	$sql = "SELECT * FROM " . $dbprefix . "albums WHERE albumid = " . $img->fields["albumid"];
	$alb = $db->execute($sql);
	if ($alb->rows < 1){ return "The album could not be found"; }
	
	// run non-moderator checks
	if ($usr->Access < 2){
		if ($alb->fields["status"] == 0){
			return "Image cannot be deleted while the album is locked";
		} elseif ($_SESSION["userid"] <> $img->fields["userid"]){
			return "Only the uploader of this image or a moderator can delete it";
		}
	}
	
	// delete it from the cache
	uncache($img->fields["imageid"]);
	
	// delete comments, votes, reports
	$sql = "DELETE FROM " . $dbprefix . "comments WHERE imageid = " . dbSecure($imageid);
	$db->execute($sql);
	
	$sql = "DELETE FROM " . $dbprefix . "votes WHERE imageid = " . dbSecure($imageid);
	$db->execute($sql);
	
	$sql = "DELETE FROM " . $dbprefix . "reported WHERE imageid = " . dbSecure($imageid);
	$db->execute($sql);
	
	// and delete it
	$sql = "DELETE FROM " . $dbprefix . "images WHERE imageid = " . dbSecure($imageid);
	$db->execute($sql);
	
	// and return
	return "Image removed successfully!";
}

function rateimage($imageid, $vote){
	global $db, $dbprefix, $config, $usr;
	
	// check feature is enabled
	if ($config["enablevoting"] <> "true"){
		return "The voting system is not enabled";
	}
	
	// validate vote
	$vote = intval($vote);
	if ($vote < 1 || $vote > 5){ return "Invalid rating"; }
	
	// get image recordset
	$sql = "SELECT * FROM " . $dbprefix . "images WHERE imageid = " . dbSecure(intval($imageid));
	$img = $db->execute($sql);
	if ($img->rows < 1){ return "The image could not be found"; }
	
	// get album recordset
	$sql = "SELECT * FROM " . $dbprefix . "albums WHERE albumid = " . $img->fields["albumid"];
	$alb = $db->execute($sql);
	if ($alb->rows < 1){ return "The album could not be found"; }
	
	// validate lockage status
	if ($usr->Access < 2){
		if ($img->fields["status"] == 0){
			return "You cannot rate a locked image";
		} elseif ($alb->fields["status"] == 0){
			return "You cannot rate an image in a locked album";
		}
	}
	
	// check the user is signed in
	$userid = intval($_SESSION["userid"]);
	if ($_SESSION["userid"] == 0){ return "You are not signed in"; }
	
	// check for existing votes
	$sql  = "SELECT * FROM " . $dbprefix . "votes WHERE ";
	$sql .= "imageid = " . $img->fields["imageid"] . " AND ";
	$sql .= "userid = " . $userid;
	$vchk = $db->execute($sql);
	
	if ($vchk->rows > 0){
		// update the users vote
		$sql  = "UPDATE " . $dbprefix . "votes SET ";
		$sql .= "vote = " . $vote . " WHERE ";
		$sql .= "voteid = " . $vchk->fields["voteid"];
		$db->execute($sql);
		
		return "Your vote was updated successfully";
		
	} else {
		// insert the users vote
		$sql  = "INSERT INTO " . $dbprefix . "votes (imageid, userid, vote) VALUES (";
		$sql .= $img->fields["imageid"] . ", ";
		$sql .= $userid . ", ";
		$sql .= $vote . ")";
		$db->execute($sql);
		
		return "Your vote was recorded successfully";
	}
}

function reportimage($imageid, $reason, $reason2 = ""){
	global $db, $dbprefix, $config, $usr;
	
	// standard validation
	$imageid = intval($imageid);
	$usr->Auth(1);
	
	// check reporting
	if ($config["enablereporting"] <> "true"){
		return "Reporting is not enabled";
	}
	
	// check reason
	if ($reason2 <> ""){
		$e_reason = $reason2;
	} elseif ($reason <> ""){
		$e_reason = $reason;
	} else {
		return "No reason supplied";
	}
	
	// validate image
	$sql = "SELECT * FROM " . $dbprefix . "images WHERE imageid = " . dbSecure($imageid);
	$img = $db->execute($sql);
	if ($img->rows < 1){ return "The image could not be found"; }
	
	// check it isn't queued already
	$sql = "SELECT * FROM " . $dbprefix . "reported WHERE imageid = " . dbSecure($imageid);
	$chk = $db->execute($sql);
	if ($chk->rows > 0){ return "This image has already been reported and will be reviewed shortly"; }
	
	// insert the record
	$sql  = "INSERT INTO " . $dbprefix . "reported (imageid, userid, postdate, reason) VALUES (";
	$sql .= dbSecure($imageid) . ", ";
	$sql .= dbSecure(intval($_SESSION["userid"])) . ", ";
	$sql .= time() . ", ";
	$sql .= "'" . dbSecure($e_reason) . "')";
	$db->execute($sql);
	
	// and return
	return "Thank you, the image has been reported successfully";
}

// for removing an image from the cache
function uncache($imageid){
	$cachepath = "cache/thumb" . $imageid;
	if (file_exists($cachepath)){
		@unlink($cachepath);
	}
}
?>
Web-based Email Marketing Software for sending email newsletters
Return current item: Particle Gallery