PageRenderTime 63ms CodeModel.GetById 31ms RepoModel.GetById 1ms app.codeStats 0ms

/recipes.php

https://bitbucket.org/ryanhowdy/family-connections
PHP | 884 lines | 618 code | 139 blank | 127 comment | 43 complexity | 0d0d1b5d4e4240b512b1874fb7fa4442 MD5 | raw file
Possible License(s): Apache-2.0, GPL-2.0
  1. <?php
  2. /**
  3. * Recipes
  4. *
  5. * PHP versions 4 and 5
  6. *
  7. * @category FCMS
  8. * @package FamilyConnections
  9. * @author Ryan Haudenschilt <r.haudenschilt@gmail.com>
  10. * @copyright 2007 Haudenschilt LLC
  11. * @license http://www.gnu.org/licenses/gpl-2.0.html GPLv2
  12. * @link http://www.familycms.com/wiki/
  13. */
  14. session_start();
  15. define('URL_PREFIX', '');
  16. define('GALLERY_PREFIX', 'gallery/');
  17. require 'fcms.php';
  18. load('recipes', 'image');
  19. init();
  20. $rec = new Recipes($fcmsUser->id, 'mysql', $cfg_mysql_host, $cfg_mysql_db, $cfg_mysql_user, $cfg_mysql_pass);
  21. $img = new Image($fcmsUser->id);
  22. $TMPL = array(
  23. 'currentUserId' => $fcmsUser->id,
  24. 'sitename' => getSiteName(),
  25. 'nav-link' => getNavLinks(),
  26. 'pagetitle' => T_('Recipes'),
  27. 'path' => URL_PREFIX,
  28. 'displayname' => $fcmsUser->displayName,
  29. 'version' => getCurrentVersion(),
  30. 'year' => date('Y')
  31. );
  32. control();
  33. exit();
  34. /**
  35. * control
  36. *
  37. * The controlling structure for this script.
  38. *
  39. * @return void
  40. */
  41. function control ()
  42. {
  43. if (isset($_GET['addrecipe']))
  44. {
  45. displayAddRecipeForm();
  46. }
  47. elseif (isset($_POST['submitadd']))
  48. {
  49. displayAddRecipeSubmit();
  50. }
  51. elseif (isset($_POST['editrecipe']))
  52. {
  53. displayEditRecipeForm();
  54. }
  55. elseif (isset($_POST['submitedit']))
  56. {
  57. displayEditRecipeSubmit();
  58. }
  59. elseif (isset($_GET['thumbnail']))
  60. {
  61. displayEditThumbnailForm();
  62. }
  63. elseif (isset($_POST['changethumbnail']))
  64. {
  65. displayEditThumbnailSubmit();
  66. }
  67. elseif (isset($_GET['add']))
  68. {
  69. displayAddCategoryForm();
  70. }
  71. elseif (isset($_POST['submit-category']))
  72. {
  73. displayAddCategorySubmit();
  74. }
  75. elseif (isset($_POST['delrecipe']))
  76. {
  77. if (isset($_POST['confirmed']))
  78. {
  79. displayDeleteRecipeConfirmationSubmit();
  80. }
  81. else
  82. {
  83. displayDeleteRecipeConfirmationForm();
  84. }
  85. }
  86. elseif (isset($_GET['categoryedit']))
  87. {
  88. displayEditCategoryForm();
  89. }
  90. elseif (isset($_POST['submit_cat_edit']))
  91. {
  92. if (isset($_POST['delete']))
  93. {
  94. displayDeleteCategorySubmit();
  95. }
  96. else
  97. {
  98. displayEditCategorySubmit();
  99. }
  100. }
  101. elseif (isset($_GET['category']))
  102. {
  103. if (isset($_GET['id']))
  104. {
  105. if (isset($_POST['addcom']))
  106. {
  107. displayAddCommentSubmit();
  108. }
  109. elseif (isset($_POST['delcom']))
  110. {
  111. displayDeleteCommentSubmit();
  112. }
  113. else
  114. {
  115. displayRecipe();
  116. }
  117. }
  118. else
  119. {
  120. displayCategory();
  121. }
  122. }
  123. else
  124. {
  125. displayLatestRecipes();
  126. }
  127. }
  128. /**
  129. * displayHeader
  130. *
  131. * @return void
  132. */
  133. function displayHeader ()
  134. {
  135. global $fcmsUser, $TMPL;
  136. $TMPL['javascript'] = '
  137. <script type="text/javascript">
  138. //<![CDATA[
  139. Event.observe(window, \'load\', function() {
  140. initChatBar(\''.T_('Chat').'\', \''.$TMPL['path'].'\');
  141. initHideAddFormDetails();
  142. if (!$$(\'.delrec input[type="submit"]\')) { return; }
  143. $$(\'.delrec input[type="submit"]\').each(function(item) {
  144. item.onclick = function() { return confirm(\''.T_('Are you sure you want to DELETE this?').'\'); };
  145. var hid = document.createElement(\'input\');
  146. hid.setAttribute(\'type\', \'hidden\');
  147. hid.setAttribute(\'name\', \'confirmed\');
  148. hid.setAttribute(\'value\', \'true\');
  149. item.insert({\'after\':hid});
  150. });
  151. if ($(\'toolbar\')) {
  152. $(\'toolbar\').removeClassName("hideme");
  153. }
  154. if ($(\'smileys\')) {
  155. $(\'smileys\').removeClassName("hideme");
  156. }
  157. if ($(\'upimages\')) {
  158. $(\'upimages\').removeClassName("hideme");
  159. }
  160. return true;
  161. });
  162. //]]>
  163. </script>';
  164. include_once getTheme($fcmsUser->id).'header.php';
  165. echo '
  166. <div id="recipe-page" class="centercontent">';
  167. }
  168. /**
  169. * displayFooter
  170. *
  171. * @return void
  172. */
  173. function displayFooter ()
  174. {
  175. global $fcmsUser, $TMPL;
  176. echo '
  177. </div><!-- #recipe-page .centercontent -->';
  178. include_once getTheme($fcmsUser->id).'footer.php';
  179. }
  180. /**
  181. * displayAddRecipeSubmit
  182. *
  183. * @return void
  184. */
  185. function displayAddRecipeSubmit ()
  186. {
  187. global $img, $fcmsUser;
  188. $name = strip_tags($_POST['name']);
  189. $category = (int)$_POST['category'];
  190. $ingredients = strip_tags($_POST['ingredients']);
  191. $directions = strip_tags($_POST['directions']);
  192. $cleanName = escape_string($name);
  193. $cleanIngredients = escape_string($ingredients);
  194. $cleanDirections = escape_string($directions);
  195. $thumbnail = 'no_recipe.jpg';
  196. $uploadsPath = getUploadsAbsolutePath();
  197. // Upload Recipe Image
  198. if (isset($_FILES['thumbnail']) && $_FILES['thumbnail']['name'] && $_FILES['thumbnail']['error'] < 1)
  199. {
  200. $img->destination = $uploadsPath.'upimages/';
  201. $img->uniqueName = true;
  202. $thumbnail = $img->upload($_FILES['thumbnail']);
  203. if ($img->error == 1)
  204. {
  205. displayHeader();
  206. echo '
  207. <p class="error-alert">
  208. '.sprintf(T_('Thumbnail [%s] is not a supported type. Thumbnails must be of type (.jpg, .jpeg, .gif, .bmp or .png).'), $this->img->name).'
  209. </p>';
  210. displayFooter();
  211. return;
  212. }
  213. $img->resize(100, 100);
  214. if ($img->error > 0)
  215. {
  216. displayHeader();
  217. echo '
  218. <p class="error-alert">
  219. '.T_('There was an error uploading your thumbnail.').'
  220. </p>';
  221. displayFooter();
  222. return;
  223. }
  224. }
  225. $sql = "INSERT INTO `fcms_recipes`
  226. (`name`, `thumbnail`, `category`, `ingredients`, `directions`, `user`, `date`)
  227. VALUES(
  228. '$cleanName',
  229. '$thumbnail',
  230. '$category',
  231. '$cleanIngredients',
  232. '$cleanDirections',
  233. '$fcmsUser->id',
  234. NOW()
  235. )";
  236. if (!mysql_query($sql))
  237. {
  238. displayHeader();
  239. displaySqlError($sql, mysql_error());
  240. displayFooter();
  241. return;
  242. }
  243. $rec_id = mysql_insert_id();
  244. // Email members
  245. $sql = "SELECT u.`email`, s.`user`
  246. FROM `fcms_user_settings` AS s, `fcms_users` AS u
  247. WHERE `email_updates` = '1'
  248. AND u.`id` = s.`user`";
  249. $result = mysql_query($sql);
  250. if (!$result)
  251. {
  252. displayHeader();
  253. displaySqlError($sql, mysql_error());
  254. displayFooter();
  255. return;
  256. }
  257. if (mysql_num_rows($result) > 0)
  258. {
  259. while ($r = mysql_fetch_array($result))
  260. {
  261. $recipeUser = getUserDisplayName($fcmsUser->id);
  262. $to = getUserDisplayName($r['user']);
  263. $subject = sprintf(T_('%s has added the recipe: %s'), $recipeUser, $name);
  264. $email = $r['email'];
  265. $url = getDomainAndDir();
  266. $email_headers = getEmailHeaders();
  267. $msg = T_('Dear').' '.$to.',
  268. '.$subject.'
  269. '.$url.'recipes.php?category='.$category.'
  270. ----
  271. '.T_('To stop receiving these notifications, visit the following url and change your \'Email Update\' setting to No:').'
  272. '.$url.'settings.php
  273. ';
  274. mail($email, $subject, $msg, $email_headers);
  275. }
  276. }
  277. header("Location: recipes.php?category=$category&id=$rec_id");
  278. }
  279. /**
  280. * displayEditRecipeSubmit
  281. *
  282. * @return void
  283. */
  284. function displayEditRecipeSubmit ()
  285. {
  286. $id = (int)$_POST['id'];
  287. $category = (int)$_POST['category'];
  288. $name = strip_tags($_POST['name']);
  289. $ingredients = strip_tags($_POST['ingredients']);
  290. $directions = strip_tags($_POST['directions']);
  291. $name = escape_string($name);
  292. $ingredients = escape_string($ingredients);
  293. $directions = escape_string($directions);
  294. $sql = "UPDATE `fcms_recipes`
  295. SET `name` = '$name',
  296. `category` = '$category',
  297. `ingredients` = '$ingredients',
  298. `directions` = '$directions'
  299. WHERE `id` = '$id'";
  300. if(!mysql_query($sql))
  301. {
  302. displayHeader();
  303. displaySqlError($sql, mysql_error());
  304. displayFooter();
  305. return;
  306. }
  307. header("Location: recipes.php?category=$category&id=$id");
  308. }
  309. /**
  310. * displayAddCategorySubmit
  311. *
  312. * @return void
  313. */
  314. function displayAddCategorySubmit ()
  315. {
  316. global $fcmsUser, $rec;
  317. displayHeader();
  318. $name = strip_tags($_POST['name']);
  319. $name = escape_string($name);
  320. $sql = "INSERT INTO `fcms_category` (`name`, `type`, `user`)
  321. VALUES (
  322. '$name',
  323. 'recipe',
  324. '$fcmsUser->id'
  325. )";
  326. if (!mysql_query($sql))
  327. {
  328. displaySqlError($sql, mysql_error());
  329. displayFooter();
  330. return;
  331. }
  332. $cat = mysql_insert_id();
  333. $rec->displayAddRecipeForm($cat);
  334. displayFooter();
  335. }
  336. /**
  337. * displayDeleteRecipeConfirmationForm
  338. *
  339. * @return void
  340. */
  341. function displayDeleteRecipeConfirmationForm ()
  342. {
  343. displayHeader();
  344. echo '
  345. <div class="info-alert">
  346. <form action="recipes.php" method="post">
  347. <h2>'.T_('Are you sure you want to DELETE this?').'</h2>
  348. <p><b><i>'.T_('This can NOT be undone.').'</i></b></p>
  349. <div>
  350. <input type="hidden" name="id" value="'.(int)$_POST['id'].'"/>
  351. <input type="submit" name="confirmed" value="1"/>
  352. <input style="float:left;" type="submit" id="delrecipe" name="delrecipe" value="'.T_('Yes').'"/>
  353. <a style="float:right;" href="recipes.php">'.T_('Cancel').'</a>
  354. </div>
  355. </form>
  356. </div>';
  357. displayFooter();
  358. }
  359. /**
  360. * displayDeleteRecipeConfirmationSubmit
  361. *
  362. * @return void
  363. */
  364. function displayDeleteRecipeConfirmationSubmit ()
  365. {
  366. global $fcmsUser;
  367. $id = (int)$_POST['id'];
  368. // Get recipe info
  369. $sql = "SELECT `user`, `category`
  370. FROM `fcms_recipes`
  371. WHERE `id` = '$id'";
  372. $result = mysql_query($sql);
  373. if (!$result)
  374. {
  375. displayHeader();
  376. displaySqlError($sql, mysql_error());
  377. displayFooter();
  378. return;
  379. }
  380. $row = mysql_fetch_assoc($result);
  381. $category = $row['category'];
  382. // Only creator and admin can delete
  383. if ($row['user'] != $fcmsUser->id && checkAccess($fcmsUser->id) <= 1)
  384. {
  385. displayHeader();
  386. echo '
  387. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  388. displayFooter();
  389. return;
  390. }
  391. // Delete
  392. $sql = "DELETE FROM `fcms_recipes`
  393. WHERE `id` = '$id'";
  394. if (!mysql_query($sql))
  395. {
  396. displayHeader();
  397. displaySqlError($sql, mysql_error());
  398. displayFooter();
  399. return;
  400. }
  401. header("Location: recipes.php?category=$category");
  402. }
  403. /**
  404. * displayAddRecipeForm
  405. *
  406. * @return void
  407. */
  408. function displayAddRecipeForm ()
  409. {
  410. global $rec, $fcmsUser;
  411. displayHeader();
  412. $cat = isset($_GET['cat']) ? (int)$_GET['cat'] : 0;
  413. if (checkAccess($fcmsUser->id) > 5)
  414. {
  415. echo '
  416. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  417. displayFooter();
  418. return;
  419. }
  420. $rec->displayAddRecipeForm($cat);
  421. displayFooter();
  422. }
  423. /**
  424. * displayLatestRecipes
  425. *
  426. * @return void
  427. */
  428. function displayLatestRecipes ()
  429. {
  430. global $rec;
  431. displayHeader();
  432. $page = getPage();
  433. $rec->showRecipes($page);
  434. displayFooter();
  435. }
  436. /**
  437. * displayEditRecipeForm
  438. *
  439. * @return void
  440. */
  441. function displayEditRecipeForm ()
  442. {
  443. global $rec;
  444. displayHeader();
  445. $id = (int)$_POST['id'];
  446. $name = $_POST['name'];
  447. $thumbnail = $_POST['thumbnail'];
  448. $category = $_POST['category'];
  449. $ingredients = $_POST['ingredients'];
  450. $directions = $_POST['directions'];
  451. $rec->displayEditRecipeForm($id, $name, $thumbnail, $category, $ingredients, $directions);
  452. displayFooter();
  453. }
  454. /**
  455. * displayEditThumbnailForm
  456. *
  457. * @return void
  458. */
  459. function displayEditThumbnailForm ()
  460. {
  461. global $rec;
  462. displayHeader();
  463. $id = (int)$_GET['thumbnail'];
  464. $category = (int)$_GET['category'];
  465. echo '
  466. <form method="post" enctype="multipart/form-data" action="recipes.php">
  467. <fieldset>
  468. <legend><span>'.T_('Change Thumbnail').'</span></legend>
  469. <div>
  470. <label for="thumbnail">'.T_('Thumbnail').'</label>
  471. <input type="file" name="thumbnail" id="thumbnail"/>
  472. </div>
  473. <p>
  474. <input type="hidden" id="id" name="id" value="'.$id.'"/>
  475. <input type="hidden" id="category" name="category" value="'.$category.'"/>
  476. <input class="sub1" type="submit" name="changethumbnail" value="'.T_('Change').'"/> &nbsp;
  477. <a href="recipes.php?category='.$category.'&amp;id='.$id.'">'.T_('Cancel').'</a>
  478. </p>
  479. </fieldset>
  480. </form>';
  481. displayFooter();
  482. }
  483. /**
  484. * displayEditThumbnailSubmit
  485. *
  486. * @return void
  487. */
  488. function displayEditThumbnailSubmit ()
  489. {
  490. global $img;
  491. $id = (int)$_POST['id'];
  492. $category = (int)$_POST['category'];
  493. $thumbnail = 'no_recipe.jpg';
  494. $uploadsPath = getUploadsAbsolutePath();
  495. // Upload Recipe Image
  496. if (isset($_FILES['thumbnail']) && $_FILES['thumbnail']['name'] && $_FILES['thumbnail']['error'] < 1)
  497. {
  498. $img->destination = $uploadsPath.'upimages/';
  499. $img->uniqueName = true;
  500. $thumbnail = $img->upload($_FILES['thumbnail']);
  501. if ($img->error == 1)
  502. {
  503. displayHeader();
  504. echo '
  505. <p class="error-alert">
  506. '.sprintf(T_('Thumbnail [%s] is not a supported type. Thumbnails must be of type (.jpg, .jpeg, .gif, .bmp or .png).'), $this->img->name).'
  507. </p>';
  508. displayFooter();
  509. return;
  510. }
  511. $img->resize(100, 100);
  512. if ($img->error > 0)
  513. {
  514. displayHeader();
  515. echo '
  516. <p class="error-alert">
  517. '.T_('There was an error uploading your thumbnail.').'
  518. </p>';
  519. displayFooter();
  520. return;
  521. }
  522. }
  523. $sql = "UPDATE `fcms_recipes`
  524. SET `thumbnail` = '$thumbnail'
  525. WHERE `id` = '$id'";
  526. if (!mysql_query($sql))
  527. {
  528. displayHeader();
  529. displaySqlError($sql, mysql_error());
  530. displayFooter();
  531. return;
  532. }
  533. header("Location: recipes.php?category=$category&id=$id");
  534. }
  535. /**
  536. * displayAddCategoryForm
  537. *
  538. * @return void
  539. */
  540. function displayAddCategoryForm ()
  541. {
  542. global $rec, $fcmsUser;
  543. displayHeader();
  544. if (checkAccess($fcmsUser->id) > 5)
  545. {
  546. echo '
  547. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  548. displayFooter();
  549. return;
  550. }
  551. $rec->displayAddCategoryForm();
  552. displayFooter();
  553. }
  554. /**
  555. * displayAddCommentSubmit
  556. *
  557. * @return void
  558. */
  559. function displayAddCommentSubmit ()
  560. {
  561. global $fcmsUser;
  562. $categoryId = (int)$_GET['category'];
  563. $recipeId = (int)$_POST['recipe'];
  564. $comment = strip_tags($_POST['comment']);
  565. $comment = escape_string($comment);
  566. $sql = "INSERT INTO `fcms_recipe_comment` (`recipe`, `comment`, `user`, `date`)
  567. VALUES (
  568. '$recipeId',
  569. '$comment',
  570. '$fcmsUser->id',
  571. NOW()
  572. )";
  573. if (!mysql_query($sql))
  574. {
  575. displayHeader();
  576. displaySqlError($sql, mysql_error());
  577. displayFooter();
  578. return;
  579. }
  580. $comId = mysql_insert_id();
  581. header("Location: recipes.php?category=$categoryId&id=$recipeId#comment$comId");
  582. }
  583. /**
  584. * displayDeleteCommentSubmit
  585. *
  586. * @return void
  587. */
  588. function displayDeleteCommentSubmit ()
  589. {
  590. $categoryId = (int)$_GET['category'];
  591. $recipeId = (int)$_POST['id'];
  592. if ($fcmsUser->id != $_POST['user'] && checkAccess($fcmsUser->id) > 2)
  593. {
  594. displayHeader();
  595. echo '
  596. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  597. displayFooter();
  598. return;
  599. }
  600. $sql = "DELETE FROM `fcms_recipe_comment`
  601. WHERE `id` = '$recipeId'";
  602. if (!mysql_query($sql))
  603. {
  604. displayHeader();
  605. displaySqlError($sql, mysql_error());
  606. displayFooter();
  607. return;
  608. }
  609. header("Location: recipes.php?category=$categoryId&id=$recipeId");
  610. }
  611. /**
  612. * displayEditCategoryForm
  613. *
  614. * @return void
  615. */
  616. function displayEditCategoryForm ()
  617. {
  618. global $fcmsUser, $rec;
  619. displayHeader();
  620. if (checkAccess($fcmsUser->id) > 2)
  621. {
  622. echo '
  623. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  624. displayFooter();
  625. return;
  626. }
  627. if (isset($_SESSION['ok']))
  628. {
  629. unset($_SESSION['ok']);
  630. displayOkMessage();
  631. }
  632. $rec->displayEditCategoryForm();
  633. displayFooter();
  634. }
  635. /**
  636. * displayEditCategorySubmit
  637. *
  638. * @return void
  639. */
  640. function displayEditCategorySubmit ()
  641. {
  642. global $fcmsUser;
  643. if (checkAccess($fcmsUser->id) > 2)
  644. {
  645. displayHeader();
  646. echo '
  647. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  648. displayFooter();
  649. return;
  650. }
  651. $ids = $_POST['id'];
  652. foreach ($_POST['category'] as $key => $category)
  653. {
  654. $id = (int)$ids[$key];
  655. $category = strip_tags($category);
  656. $category = escape_string($category);
  657. $sql = "UPDATE `fcms_category`
  658. SET `name` = '$category'
  659. WHERE `id` = '$id'";
  660. if (!mysql_query($sql))
  661. {
  662. dislayHeader();
  663. displaySqlError($sql, mysql_error());
  664. displayFooter();
  665. return;
  666. }
  667. }
  668. $_SESSION['ok'] = 1;
  669. header("Location: recipes.php?categoryedit=1");
  670. }
  671. /**
  672. * displayDeleteCategorySubmit
  673. *
  674. * @return void
  675. */
  676. function displayDeleteCategorySubmit ()
  677. {
  678. global $fcmsUser;
  679. if (checkAccess($fcmsUser->id) > 2)
  680. {
  681. displayHeader();
  682. echo '
  683. <p class="error-alert">'.T_('You do not have permission to perform this task.').'</p>';
  684. displayFooter();
  685. return;
  686. }
  687. foreach ($_POST['delete'] as $id)
  688. {
  689. // Delete recipes
  690. $sql = "DELETE FROM `fcms_recipes`
  691. WHERE `category` = '".(int)$id."'";
  692. if (!mysql_query($sql))
  693. {
  694. displayHeader();
  695. displaySqlError($sql, mysql_error());
  696. displayFooter();
  697. return;
  698. }
  699. // Delete category
  700. $sql = "DELETE FROM `fcms_category`
  701. WHERE `id` = '".(int)$id."'";
  702. if (!mysql_query($sql))
  703. {
  704. displayHeader();
  705. displaySqlError($sql, mysql_error());
  706. displayFooter();
  707. return;
  708. }
  709. }
  710. $_SESSION['ok'] = 1;
  711. header("Location: recipes.php?categoryedit=1");
  712. }
  713. /**
  714. * displayCategory
  715. *
  716. * @return void
  717. */
  718. function displayCategory ()
  719. {
  720. global $rec;
  721. $page = getPage();
  722. $category = (int)$_GET['category'];
  723. displayHeader();
  724. $rec->showRecipeInCategory($category, $page);
  725. displayFooter();
  726. }
  727. /**
  728. * displayRecipe
  729. *
  730. * @return void
  731. */
  732. function displayRecipe ()
  733. {
  734. global $rec;
  735. $id = (int)$_GET['id'];
  736. $category = (int)$_GET['category'];
  737. displayHeader();
  738. $rec->showRecipe($category, $id);
  739. displayFooter();
  740. }