PageRenderTime 99ms CodeModel.GetById 29ms RepoModel.GetById 0ms app.codeStats 0ms

/fsn-site-central/mediatheque/admin/album_notification.php

https://gitlab.com/team_fsn/fsn-php
PHP | 338 lines | 234 code | 51 blank | 53 comment | 22 complexity | f026f2dce574923c051b5640c6c400d7 MD5 | raw file
  1. <?php
  2. // +-----------------------------------------------------------------------+
  3. // | Piwigo - a PHP based photo gallery |
  4. // +-----------------------------------------------------------------------+
  5. // | Copyright(C) 2008-2016 Piwigo Team http://piwigo.org |
  6. // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
  7. // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
  8. // +-----------------------------------------------------------------------+
  9. // | This program is free software; you can redistribute it and/or modify |
  10. // | it under the terms of the GNU General Public License as published by |
  11. // | the Free Software Foundation |
  12. // | |
  13. // | This program is distributed in the hope that it will be useful, but |
  14. // | WITHOUT ANY WARRANTY; without even the implied warranty of |
  15. // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
  16. // | General Public License for more details. |
  17. // | |
  18. // | You should have received a copy of the GNU General Public License |
  19. // | along with this program; if not, write to the Free Software |
  20. // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
  21. // | USA. |
  22. // +-----------------------------------------------------------------------+
  23. if (!defined('PHPWG_ROOT_PATH'))
  24. {
  25. die ("Hacking attempt!");
  26. }
  27. include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
  28. include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
  29. // +-----------------------------------------------------------------------+
  30. // | Check Access and exit when user status is not ok |
  31. // +-----------------------------------------------------------------------+
  32. check_status(ACCESS_ADMINISTRATOR);
  33. // +-----------------------------------------------------------------------+
  34. // | variable initialization |
  35. // +-----------------------------------------------------------------------+
  36. $page['cat'] = $category['id'];
  37. // +-----------------------------------------------------------------------+
  38. // | form submission |
  39. // +-----------------------------------------------------------------------+
  40. // info by email to an access granted group of category informations
  41. if (isset($_POST['submitEmail']))
  42. {
  43. set_make_full_url();
  44. /* TODO: if $category['representative_picture_id']
  45. is empty find child representative_picture_id */
  46. if (!empty($category['representative_picture_id']))
  47. {
  48. $img = array();
  49. $query = '
  50. SELECT id, file, path, representative_ext
  51. FROM '.IMAGES_TABLE.'
  52. WHERE id = '.$category['representative_picture_id'].'
  53. ;';
  54. $result = pwg_query($query);
  55. if (pwg_db_num_rows($result) > 0)
  56. {
  57. $element = pwg_db_fetch_assoc($result);
  58. $img = array(
  59. 'link' => make_picture_url(
  60. array(
  61. 'image_id' => $element['id'],
  62. 'image_file' => $element['file'],
  63. 'category' => $category
  64. )
  65. ),
  66. 'src' => DerivativeImage::url(IMG_THUMB, $element),
  67. );
  68. }
  69. }
  70. $args = array(
  71. 'subject' => l10n('[%s] Visit album %s', $conf['gallery_title'], trigger_change('render_category_name', $category['name'], 'admin_cat_list')),
  72. // TODO : change this language variable to 'Visit album %s'
  73. // TODO : 'language_selected' => ....
  74. );
  75. $tpl = array(
  76. 'filename' => 'cat_group_info',
  77. 'assign' => array(
  78. 'IMG' => $img,
  79. 'CAT_NAME' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
  80. 'LINK' => make_index_url(
  81. array(
  82. 'category' => array(
  83. 'id' => $category['id'],
  84. 'name' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
  85. 'permalink' => $category['permalink']
  86. )
  87. )
  88. ),
  89. 'CPL_CONTENT' => empty($_POST['mail_content']) ? '' : stripslashes($_POST['mail_content']),
  90. )
  91. );
  92. if ('users' == $_POST['who'] and isset($_POST['users']) and count($_POST['users']) > 0)
  93. {
  94. check_input_parameter('users', $_POST, true, PATTERN_ID);
  95. // TODO code very similar to function pwg_mail_group. We'd better create
  96. // a function pwg_mail_users that could be called from here and from
  97. // pwg_mail_group
  98. // TODO to make checks even better, we should check that theses users
  99. // have access to this album. No real privacy issue here, even if we
  100. // send the email to a user without permission.
  101. $query = '
  102. SELECT
  103. ui.user_id,
  104. ui.status,
  105. ui.language,
  106. u.'.$conf['user_fields']['email'].' AS email,
  107. u.'.$conf['user_fields']['username'].' AS username
  108. FROM '.USER_INFOS_TABLE.' AS ui
  109. JOIN '.USERS_TABLE.' AS u ON u.'.$conf['user_fields']['id'].' = ui.user_id
  110. WHERE ui.user_id IN ('.implode(',', $_POST['users']).')
  111. ;';
  112. $users = query2array($query);
  113. $usernames = array();
  114. foreach ($users as $u)
  115. {
  116. $usernames[] = $u['username'];
  117. $authkey = create_user_auth_key($u['user_id'], $u['status']);
  118. $user_tpl = $tpl;
  119. if ($authkey !== false)
  120. {
  121. $user_tpl['assign']['LINK'] = add_url_params($tpl['assign']['LINK'], array('auth' => $authkey['auth_key']));
  122. if (isset($user_tpl['assign']['IMG']['link']))
  123. {
  124. $user_tpl['assign']['IMG']['link'] = add_url_params(
  125. $user_tpl['assign']['IMG']['link'],
  126. array('auth' => $authkey['auth_key'])
  127. );
  128. }
  129. }
  130. $user_args = $args;
  131. if (isset($authkey))
  132. {
  133. $user_args['auth_key'] = $authkey['auth_key'];
  134. }
  135. switch_lang_to($u['language']);
  136. pwg_mail($u['email'], $user_args, $user_tpl);
  137. switch_lang_back();
  138. }
  139. $message = l10n_dec('%d mail was sent.', '%d mails were sent.', count($users));
  140. $message.= ' ('.implode(', ', $usernames).')';
  141. $page['infos'][] = $message;
  142. }
  143. elseif ('group' == $_POST['who'] and !empty($_POST['group']))
  144. {
  145. check_input_parameter('group', $_POST, false, PATTERN_ID);
  146. pwg_mail_group($_POST['group'], $args, $tpl);
  147. $query = '
  148. SELECT
  149. name
  150. FROM '.GROUPS_TABLE.'
  151. WHERE id = '.$_POST['group'].'
  152. ;';
  153. list($group_name) = pwg_db_fetch_row(pwg_query($query));
  154. $page['infos'][] = l10n('An information email was sent to group "%s"', $group_name);
  155. }
  156. unset_make_full_url();
  157. }
  158. // +-----------------------------------------------------------------------+
  159. // | template initialization |
  160. // +-----------------------------------------------------------------------+
  161. $template->set_filename('album_notification', 'album_notification.tpl');
  162. $template->assign(
  163. array(
  164. 'CATEGORIES_NAV' =>
  165. get_cat_display_name_from_id(
  166. $page['cat'],
  167. 'admin.php?page=album-'
  168. ),
  169. 'F_ACTION' => $admin_album_base_url.'-notification',
  170. 'PWG_TOKEN' => get_pwg_token(),
  171. )
  172. );
  173. if ($conf['auth_key_duration'] > 0)
  174. {
  175. $template->assign(
  176. 'auth_key_duration',
  177. time_since(
  178. strtotime('now -'.$conf['auth_key_duration'].' second'),
  179. 'second',
  180. null,
  181. false
  182. )
  183. );
  184. }
  185. // +-----------------------------------------------------------------------+
  186. // | form construction |
  187. // +-----------------------------------------------------------------------+
  188. $query = '
  189. SELECT
  190. id AS group_id
  191. FROM '.GROUPS_TABLE.'
  192. ;';
  193. $all_group_ids = array_from_query($query, 'group_id');
  194. if (count($all_group_ids) == 0)
  195. {
  196. $template->assign('no_group_in_gallery', true);
  197. }
  198. else
  199. {
  200. if ('private' == $category['status'])
  201. {
  202. $query = '
  203. SELECT
  204. group_id
  205. FROM '.GROUP_ACCESS_TABLE.'
  206. WHERE cat_id = '.$category['id'].'
  207. ;';
  208. $group_ids = array_from_query($query, 'group_id');
  209. if (count($group_ids) == 0)
  210. {
  211. $template->assign('permission_url', $admin_album_base_url.'-permissions');
  212. }
  213. }
  214. else
  215. {
  216. $group_ids = $all_group_ids;
  217. }
  218. if (count($group_ids) > 0)
  219. {
  220. $query = '
  221. SELECT
  222. id,
  223. name
  224. FROM '.GROUPS_TABLE.'
  225. WHERE id IN ('.implode(',', $group_ids).')
  226. ORDER BY name ASC
  227. ;';
  228. $template->assign(
  229. 'group_mail_options',
  230. simple_hash_from_query($query, 'id', 'name')
  231. );
  232. }
  233. }
  234. // all users with status != guest and permitted to this this album (for a
  235. // perfect search, we should also check that album is not only filled with
  236. // private photos)
  237. $query = '
  238. SELECT
  239. user_id
  240. FROM '.USER_INFOS_TABLE.'
  241. WHERE status != \'guest\'
  242. ;';
  243. $all_user_ids = query2array($query, null, 'user_id');
  244. if ('private' == $category['status'])
  245. {
  246. $user_ids_access_indirect = array();
  247. if (isset($group_ids) and count($group_ids) > 0)
  248. {
  249. $query = '
  250. SELECT
  251. user_id
  252. FROM '.USER_GROUP_TABLE.'
  253. WHERE group_id IN ('.implode(',', $group_ids).')
  254. ';
  255. $user_ids_access_indirect = query2array($query, null, 'user_id');
  256. }
  257. $query = '
  258. SELECT
  259. user_id
  260. FROM '.USER_ACCESS_TABLE.'
  261. WHERE cat_id = '.$category['id'].'
  262. ;';
  263. $user_ids_access_direct = query2array($query, null, 'user_id');
  264. $user_ids_access = array_unique(array_merge($user_ids_access_direct, $user_ids_access_indirect));
  265. $user_ids = array_intersect($user_ids_access, $all_user_ids);
  266. }
  267. else
  268. {
  269. $user_ids = $all_user_ids;
  270. }
  271. if (count($user_ids) > 0)
  272. {
  273. $query = '
  274. SELECT
  275. '.$conf['user_fields']['id'].' AS id,
  276. '.$conf['user_fields']['username'].' AS username
  277. FROM '.USERS_TABLE.'
  278. WHERE id IN ('.implode(',', $user_ids).')
  279. ;';
  280. $users = query2array($query, 'id', 'username');
  281. $template->assign('user_options', $users);
  282. }
  283. // +-----------------------------------------------------------------------+
  284. // | sending html code |
  285. // +-----------------------------------------------------------------------+
  286. $template->assign_var_from_handle('ADMIN_CONTENT', 'album_notification');
  287. ?>