<?php
define("IN_SCRIPT", true);
require("includes/global.php");
// work out image ID
$imageid = intval($_GET["imageid"]);
// check for authing
if ($_GET["act"] == "report"){
$usr->Auth(1);
}
// check for actions
if ($usr->Access > 0){
if ($_POST["do"] == "editimage"){
$errormsg = editimage($imageid, $_POST["albumid"], $_POST["status"], $_POST["title"], $_FILES["newfile"]);
} elseif ($_POST["do"] == "vote"){
$errormsg = rateimage($imageid, $_POST["vote"]);
} elseif ($_POST["do"] == "comment" && $_POST["commentid"] <> ""){
$errormsg = editcomments($_POST["commentid"], $_POST["comments"]);
} elseif ($_POST["do"] == "comment"){
$errormsg = postcomments($imageid, $_POST["comments"]);
} elseif ($_POST["do"] == "Delete Comment"){
$errormsg = deletecomments($_POST["commentid"]);
} elseif ($_POST["do"] == "massdeletecomments"){
$errormsg = massdeletecomments($_POST["ids"]);
} elseif ($_POST["do"] == "reportimage"){
$errormsg = reportimage($imageid, $_POST["reason"], $_POST["reason2"]);
}
}
if ($usr->Access > 1){
if ($_POST["do"] == "moderatereport"){
$errormsg = moderatereport($_POST["reportid"], $_POST["decision"], $_POST["uplink"]);
}
}
// image recordset
$sql = "SELECT * FROM " . $dbprefix . "images WHERE imageid = " . dbSecure($imageid);
$rec = $db->execute($sql);
if ($rec->rows < 1){ notfound(); }
// album recordset
$sql = "SELECT * FROM " . $dbprefix . "albums WHERE albumid = " . $rec->fields["albumid"];
$alb = $db->execute($sql);
if ($alb->rows < 1){ notfound(); }
// update image views
$sql = "UPDATE " . $dbprefix . "images SET views = " . ($rec->fields["views"] + 1) . " WHERE imageid = " . $rec->fields["imageid"];
$db->execute($sql);
$rec->fields["views"]++; // correct recordset
// work out breadcrumbs
$bread = breadcrumbs("album", $rec->fields["albumid"]);
if ($rec->fields["title"] <> ""){
$pagetitle = "Image: " . $rec->fields["title"];
} else {
$pagetitle = "Image: #" . $rec->fields["imageid"];
}
include("includes/page_header.php");
$core = "viewimage.php?imageid=" . $rec->fields["imageid"];
$t->set_var("FORM_LINK", $core);
$t->set_var("FORM_LINK_UP", "viewalbum.php?albumid=" . $rec->fields["albumid"]);
// work out path
$previewsize = intval($config["previewsize"]);
if ($gd === FALSE || $previewsize == 0){
$t->set_var("MAIN_IMAGE_PATH", "generators/original.php?imageid=" . $rec->fields["imageid"]);
} else {
$ur1 = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"];
$ur1 = str_replace("viewimage.php", "generators/original.php", $ur1);
$ur1 .= "?imageid=" . $rec->fields["imageid"];
$sizecheck = @getimagesize($ur1);
if ($sizecheck[0] > $previewsize || $sizecheck[1] > $previewsize || !(is_array($sizecheck))){
// this image needs a hyperlink
$t->set_var("IMAGE_A_1", '<a href="generators/original.php?imageid=' . $rec->fields["imageid"] . '">');
$t->set_var("IMAGE_A_2", '</a>');
}
$t->set_var("MAIN_IMAGE_PATH", "generators/preview.php?imageid=" . $rec->fields["imageid"]);
}
// image caption
$caption = ($rec->fields["title"] <> "") ? $rec->fields["title"] : "Untited";
$t->set_var("MAIN_IMAGE_CAPTION", $caption);
$t->set_var("MAIN_IMAGE_LINK", "generators/original.php?imageid=" . $rec->fields["imageid"]);
$t->set_var("IMAGE_POSTED", date($config["dateformat"], $rec->fields["postdate"]));
$t->set_var("IMAGE_VIEWS", number_format($rec->fields["views"]));
$t->set_var("IMAGE_UPLOADER", ucfirst(fetchusername($rec->fields["userid"])));
$t->set_var("IMAGE_UPLOADER_LINK", "search.php?order=date&user=" . fetchusername($rec->fields["userid"]));
// report image link?
if ($config["enablereporting"] == "true"){
$t->set_var("REPORT_LINK", '<a href="' . $core . '&act=report#report">Report this image</a>');
}
// work out album page number
if ($rec->fields["visible"] == 1){
$sql = "SELECT imageid FROM " . $dbprefix . "images WHERE visible = 1 AND albumid = " . $alb->fields["albumid"] . " AND postdate >= " . $rec->fields["postdate"] . " ORDER BY postdate DESC, imageid ASC";
$pag = $db->execute($sql);
if ($pag->rows < 1){
$pagenum = 1;
} else {
$prior = 0; $loop = 1;
do {
$prior++; // actually includes image itself too
if ($pag->fields["imageid"] == $rec->fields["imageid"]){ $loop = 0; }
} while ($pag->loop() && $loop == 1);
$pagenum = ceil($prior / intval($config["imagesperpage"]));
}
} else {
$pagenum = 1;
}
// other gallery images
$sql = "SELECT * FROM " . $dbprefix . "images WHERE albumid = " . $rec->fields["albumid"] . " AND visible = 1 ORDER BY postdate DESC, imageid ASC";
$oth = $db->execute($sql);
if ($oth->rows > 1){
// work out the position
$lower = 1; $upper = $oth->rows; $row = 1;
do {
if ($oth->fields["imageid"] == $imageid){
$position = $row;
}
$imgids["id" . $row] = $oth->fields["imageid"];
$row++;
} while ($oth->loop());
$oth->start(); // reset it
// work out links here
$prething = "viewimage.php?imageid=";
if ($position > $lower && $position < $upper){
$t->set_var("LINK_PREVIOUS", $prething . $imgids["id" . ($position - 1)]);
$t->set_var("LINK_NEXT", $prething . $imgids["id" . ($position + 1)]);
} elseif ($position == $lower){
$t->set_var("LINK_PREVIOUS", $prething . $imgids["id" . $upper]);
$t->set_var("LINK_NEXT", $prething . $imgids["id" . ($position + 1)]);
} else { // $position == $upper
$t->set_var("LINK_PREVIOUS", $prething . $imgids["id" . ($position - 1)]);
$t->set_var("LINK_NEXT", $prething . $imgids["id" . $lower]);
}
// work out thumbnails to display
$pid1 = ($imgids["id" . ($position - 2)]) ? $imgids["id" . ($position - 2)] : 0;
$pid2 = ($imgids["id" . ($position - 1)]) ? $imgids["id" . ($position - 1)] : 0;
$pid3 = ($imgids["id" . ($position + 0)]) ? $imgids["id" . ($position + 0)] : 0;
$pid4 = ($imgids["id" . ($position + 1)]) ? $imgids["id" . ($position + 1)] : 0;
$pid5 = ($imgids["id" . ($position + 2)]) ? $imgids["id" . ($position + 2)] : 0;
$pids = $pid1 . "|" . $pid2 . "|" . $pid3 . "|" . $pid4 . "|" . $pid5;
// get recordset of images
$sql = "SELECT * FROM " . $dbprefix . "images WHERE albumid = " . $rec->fields["albumid"] . " AND visible = 1 AND imageid REGEXP '^(" . $pids . ")$' ORDER BY postdate DESC, imageid ASC";
$oth = $db->execute($sql);
$t->set_var("IMAGE_SIZE", $config["thumbnailsize"]);
$t->set_file("imgbit_container", "imagebit_container");
if ($config["thumbnailswithoutgd"] == "true"){
$t->set_file("imgbit", "imagebit_size");
} else {
$t->set_file("imgbit", "imagebit");
}
if ($oth->rows > 0){ do {
if ($config["thumbnailswithoutgd"] == "true"){
$t->set_var("IMAGE_WIDTH", $config["thumbnailsize"]);
$t->set_var("IMAGE_HEIGHT", $config["thumbnailsize"]);
$t->set_var("IMAGE_PATH", "generators/original.php?imageid=" . $oth->fields["imageid"]);
} else {
$t->set_var("IMAGE_PATH", "generators/thumbnail.php?imageid=" . $oth->fields["imageid"]);
}
$t->set_var("IMAGE_LINK", "viewimage.php?imageid=" . $oth->fields["imageid"]);
$t->set_var("IMAGE_CAPTION", $oth->fields["title"]);
$t->parse("IMAGEBIT", "imgbit");
$t->parse("IMAGES", "imgbit_container", true);
} while ($oth->loop()); }
// parse other images in
$t->set_file("imagesholder", "viewalbum_images");
$t->parse("OTHER_IMAGES_MAIN", "imagesholder", true);
$t->set_file("navigationmeu", "viewimage_navigation");
$t->set_var("LINK_ALBUM", "viewalbum.php?albumid=" . $rec->fields["albumid"] . "&page=" . $pagenum);
$t->parse("NAVIGATION", "navigationmeu");
$t->set_file("otherimages", "viewimage_others");
$t->parse("OTHER_IMAGES", "otherimages");
}
// is voting enabled?
if ($config["enablevoting"] == "true"){
$sql = "SELECT * FROM " . $dbprefix . "votes WHERE imageid = " . dbSecure($imageid);
$vot = $db->execute($sql);
if ($vot->rows < 1){
$vote_text = "Rating: This image has not yet been rated";
} else {
$score = 0; do {
$score = ($score + $vot->fields["vote"]);
} while ($vot->loop());
$average_score = ($score / $vot->rows);
$vote_text = "Rating: Average rating of " . $average_score . " from " . $vot->rows . " vote(s)";
}
// parse in information
$t->set_var("IMAGE_RATING", $vote_text);
// user voting form
if ($usr->Access > 0 && $rec->fields["status"] == 1 && $alb->fields["status"] == 1){
$t->set_file("voting", "viewimage_voting");
$t->parse("IMAGE_VOTING", "voting");
}
}
// are comments enabled?
if ($config["enablecomments"] == "true"){
if (($usr->Access < 1 || $rec->fields["status"] == 0 || $alb->fields["status"] == 0) && $usr->Access < 2){
$t->set_var("COMMENTS_STATUS", "disabled");
if ($usr->Access < 1){
$t->set_var("COMMENTS_TEXT", "You must be signed in to post comments");
} else {
$t->set_var("COMMENTS_TEXT", "The image or album is locked");
}
}
// get all comments for this page
$sql = "SELECT * FROM " . $dbprefix . "comments WHERE imageid = " . dbSecure($imageid) . " ORDER BY postdate ASC";
$mex = $db->execute($sql);
// work out what page it is
if(!isset($_GET["commentspage"])){
$page = 1;
} else {
$page = intval($_GET["commentspage"]);
$page = ($page < 1) ? 1 : $page;
}
$maxitems = intval($config["commentsperpage"]);
$maxitems = ($maxitems < 1) ? 1 : $maxitems;
$from = (($page * $maxitems) - $maxitems);
$total_pages = ceil($mex->rows / $maxitems);
// get previous comments
$sql .= " LIMIT " . $from . ", " . $maxitems;
$com = $db->execute($sql);
if ($mex->rows > 0){
// comments exist!
$t->set_file("commentedit", "commentbit_edit");
$t->set_file("comment", "commentbit");
if ($usr->Access < 2){
$t->set_var("CHECKBOX_1", "<!--");
$t->set_var("CHECKBOX_2", "-->");
}
if ($com->rows > 0){ do {
// work out the comment info (username, date, ip)
$commentinfo = date($config["dateformat"], $com->fields["postdate"]);
if ($usr->Access > 1){
$commentinfo .= ", from " . $com->fields["ipaddress"];
}
// standard variables
$t->set_var("COMMENT_ID", $com->fields["commentid"]);
$t->set_var("COMMENT_INFO", $commentinfo);
$t->set_var("COMMENT_USER", ucfirst(fetchusername($com->fields["userid"])));
$t->set_var("COMMENT_BODY", bbcode($com->fields["comments"]));
$t->set_var("COMMENT_EDIT", $core . "&commentspage=" . $page . "&editcomment=" . $com->fields["commentid"] . "#comments_post");
// editing panel
if ($usr->Access > 1 || $_SESSION["userid"] == $com->fields["userid"]){
$t->parse("COMMENT_EDIT", "commentedit");
} else {
$t->set_var("COMMENT_EDIT", "");
}
$t->parse("COMMENTS", "comment", true);
} while ($com->loop()); }
// set up some variables prior to editing check
$t->set_var("COMMENTS_TYPE", "Post");
// work out comments page for a new comments (ie, spill-over?)
if (($mex->rows / $maxitems) == $total_pages){
// yes, page full, send user to next page
$t->set_var("COMMENTS_FORM", $core . "&commentspage=" . ($total_pages + 1));
} else {
// no, space on this page, post to current page
$t->set_var("COMMENTS_FORM", $core . "&commentspage=" . $total_pages);
}
// user is editing a comment?
$t->set_var("COMMENT_ID", "");
if ($_GET["editcomment"] <> ""){
$sql = "SELECT * FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure($_GET["editcomment"]);
$cme = $db->execute($sql);
if ($usr->Access > 1 || ($_SESSION["userid"] == $cme->fields["userid"])){
// allow user to edit the comment
$t->set_var("COMMENTS_TYPE", "Edit");
$t->set_var("COMMENT_ID", $cme->fields["commentid"]);
$t->set_var("COMMENTS_FORM", $core . "&commentspage=" . $page);
if ($_POST["comments"] <> ""){
$t->set_var("COMMENTS_TEXT", un($_POST["comments"]));
} else {
$t->set_var("COMMENTS_TEXT", $cme->fields["comments"]);
}
}
}
// comments moderation panel
if ($usr->Access > 1){
$t->set_file("moderate_comments", "viewimage_comments_moderate");
$t->parse("COMMENTS_MODERATE", "moderate_comments");
}
}
// parse in comments
$t->set_var("COMMENTS_PAGING", dopaging($total_pages, $page, "viewimage.php?imageid=" . $imageid, "commentspage"));
$t->set_file("comments", "viewimage_comments");
$t->parse("IMAGE_COMMENTS", "comments");
}
// is reporting enabled and wanted?
if ($config["enablereporting"] == "true" && $_GET["act"] == "report"){
// parse in content
$t->set_file("reportbox", "viewimage_report");
$t->parse("REPORT_IMAGE", "reportbox");
}
// parse in editor tools?
if (($usr->Access > 1) || ($usr->Access > 0 && ($_SESSION["userid"] == $rec->fields["userid"]))){
// image status
$vis1 = ($rec->fields["status"] == 1) ? " selected" : "";
$vis2 = ($rec->fields["status"] == 0) ? " selected" : "";
$t->set_var("ADMIN_STATUS_1", $vis1);
$t->set_var("ADMIN_STATUS_2", $vis2);
$t->set_file("uploadtools", "viewimage_edit");
$t->set_var("ADMIN_TITLE", $rec->fields["title"]);
$t->set_var("ADMIN_PARENT_OPTIONS", fetchoptions($rec->fields["albumid"], 0));
$t->set_var("ALBUMID", $rec->fields["albumid"]);
$t->set_var("IMAGEID", $imageid);
$t->parse("EDITOR_TOOLS", "uploadtools");
}
// parse in moderator tools?
if ($usr->Access > 1){
// now lets do the image reports stuff
$sql = "SELECT * FROM " . $dbprefix . "reported WHERE imageid = " . $rec->fields["imageid"];
$rep = $db->execute($sql);
if ($rep->rows > 0){
$t->set_file("imagereports", "viewimage_reports");
$t->set_var("REPORT_USER", fetchusername($rep->fields["userid"]));
$t->set_var("REPORT_REASON", $rep->fields["reason"]);
$t->set_var("REPORT_ID", $rep->fields["reportid"]);
$t->set_var("REPORT_UPLINK", "viewalbum.php?albumid=" . $rec->fields["albumid"]);
$t->parse("IMAGE_REPORTS", "imagereports");
}
}
// parse in error message?
if ($errormsg <> ""){
$t->set_file("noticebox", "errorbox");
$t->set_var("MESSAGE", $errormsg);
$t->parse("ERRORMSG", "noticebox");
}
$t->set_file("page_content", "viewimage");
$t->parse("page_all", "page_content", true);
include("includes/page_footer.php");
?>