PageRenderTime 62ms CodeModel.GetById 14ms RepoModel.GetById 0ms app.codeStats 0ms

/images/delete.php

https://github.com/agnesrambaud/yacs
PHP | 188 lines | 94 code | 35 blank | 59 comment | 32 complexity | a5995cce19c8d71504563932a9fd7b8f MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * delete an image
    4. 

  4.  *
    5. 

  5.  * This script calls for confirmation, then actually deletes the image.
    6. 

  6.  * It updates the database, then redirects to the anchor page.
    7. 

  7.  *
    8. 

  8.  * Restrictions apply on this page:
    9. 

  9.  * - associates and authenticated editors are allowed to move forward
    10. 

  10.  * - permission is denied if the anchor is not viewable by this surfer
    11. 

  11.  * - permission is granted if the anchor is the profile of this member
    12. 

  12.  * - authenticated users may suppress their own posts
    13. 

  13.  * - else permission is denied
    14. 

  14.  *
    15. 

  15.  * Accept following invocations:
    16. 

  16.  * - delete.php/12
    17. 

  17.  * - delete.php?id=12
    18. 

  18.  *
    19. 

  19.  * If the anchor for this item specifies a specific skin (option keyword '[code]skin_xyz[/code]'),
    20. 

  20.  * or a specific variant (option keyword '[code]variant_xyz[/code]'), they are used instead default values.
    21. 

  21.  *
    22. 

  22.  * @author Bernard Paques
    23. 

  23.  * @author GnapZ
    24. 

  24.  * @tester Guillaume Perez
    25. 

  25.  * @reference
    26. 

  26.  * @license http://www.gnu.org/copyleft/lesser.txt GNU Lesser General Public License
    27. 

  27.  */
    28. 

  28. 

  29. // common definitions and initial processing
    30. 

  30. include_once '../shared/global.php';
    31. 

  31. include_once 'images.php';
    32. 

  32. 

  33. // look for the id
    34. 

  34. $id = NULL;
    35. 

  35. if(isset($_REQUEST['id']))
    36. 

  36. 	$id = $_REQUEST['id'];
    37. 

  37. elseif(isset($context['arguments'][0]))
    38. 

  38. 	$id = $context['arguments'][0];
    39. 

  39. $id = strip_tags($id);
    40. 

  40. 

  41. // get the item from the database
    42. 

  42. $item =& Images::get($id);
    43. 

  43. 

  44. // get the related anchor, if any
    45. 

  45. $anchor = NULL;
    46. 

  46. if(isset($item['anchor']) && $item['anchor'])
    47. 

  47. 	$anchor =& Anchors::get($item['anchor']);
    48. 

  48. 

  49. // associates and authenticated editors can do what they want
    50. 

  50. if(Surfer::is_associate() || (Surfer::is_member() && is_object($anchor) && $anchor->is_assigned()))
    51. 

  51. 	$permitted = TRUE;
    52. 

  52. 

  53. // the anchor has to be viewable by this surfer
    54. 

  54. elseif(is_object($anchor) && !$anchor->is_viewable())
    55. 

  55. 	$permitted = FALSE;
    56. 

  56. 

  57. // the item is anchored to the profile of this member
    58. 

  58. elseif(Surfer::is_member() && !strcmp($item['anchor'], 'user:'.Surfer::get_id()))
    59. 

  59. 	$permitted = TRUE;
    60. 

  60. 

  61. // authenticated surfers may suppress their own posts --no create_id yet...
    62. 

  62. elseif(isset($item['edit_id']) && Surfer::is($item['edit_id']))
    63. 

  63. 	$permitted = TRUE;
    64. 

  64. 

  65. // the default is to deny access
    66. 

  66. else
    67. 

  67. 	$permitted = FALSE;
    68. 

  68. 

  69. // load the skin, maybe with a variant
    70. 

  70. load_skin('images', $anchor);
    71. 

  71. 

  72. // clear the tab we are in, if any
    73. 

  73. if(is_object($anchor))
    74. 

  74. 	$context['current_focus'] = $anchor->get_focus();
    75. 

  75. 

  76. // the path to this page
    77. 

  77. if(is_object($anchor) && $anchor->is_viewable())
    78. 

  78. 	$context['path_bar'] = $anchor->get_path_bar();
    79. 

  79. else
    80. 

  80. 	$context['path_bar'] = array( 'images/' => i18n::s('Images') );
    81. 

  81. 

  82. // the title of the page
    83. 

  83. $context['page_title'] = i18n::s('Delete an image');
    84. 

  84. 

  85. // not found
    86. 

  86. if(!isset($item['id'])) {
    87. 

  87. 	include '../error.php';
    88. 

  88. 

  89. // permission denied
    90. 

  90. } elseif(!$permitted) {
    91. 

  91. 	Safe::header('Status: 401 Forbidden', TRUE, 401);
    92. 

  92. 	Logger::error(i18n::s('You are not allowed to perform this operation.'));
    93. 

  93. 

  94. // deletion is confirmed
    95. 

  95. } elseif(isset($_REQUEST['confirm']) && ($_REQUEST['confirm'] == 'yes')) {
    96. 

  96. 

  97. 	// touch the related anchor before actual deletion, since the image has to be accessible at that time
    98. 

  98. 	if(is_object($anchor))
    99. 

  99. 		$anchor->touch('image:delete', $item['id']);
    100. 

  100. 

  101. 	// if no error, back to the anchor or to the index page
    102. 

  102. 	if(Images::delete($item['id'])) {
    103. 

  103. 		Images::clear($item);
    104. 

  104. 		if(is_object($anchor))
    105. 

  105. 			Safe::redirect($context['url_to_home'].$context['url_to_root'].$anchor->get_url());
    106. 

  106. 		else
    107. 

  107. 			Safe::redirect($context['url_to_home'].$context['url_to_root'].'images/');
    108. 

  108. 	}
    109. 

  109. 

  110. // deletion has to be confirmed
    111. 

  111. } elseif(isset($_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'POST'))
    112. 

  112. 	Logger::error(i18n::s('The action has not been confirmed.'));
    113. 

  113. 

  114. // ask for confirmation
    115. 

  115. else {
    116. 

  116. 

  117. 	// commands
    118. 

  118. 	$menu = array();
    119. 

  119. 	$menu[] = Skin::build_submit_button(i18n::s('Yes, I want to delete this image'), NULL, NULL, 'confirmed');
    120. 

  120. 	if(isset($item['id']))
    121. 

  121. 		$menu[] = Skin::build_link(Images::get_url($item['id']), i18n::s('Cancel'), 'span');
    122. 

  122. 

  123. 	// the submit button
    124. 

  124. 	$context['text'] .= '<form method="post" action="'.$context['script_url'].'" id="main_form"><p>'."\n"
    125. 

  125. 		.Skin::finalize_list($menu, 'menu_bar')
    126. 

  126. 		.'<input type="hidden" name="id" value="'.$item['id'].'" />'."\n"
    127. 

  127. 		.'<input type="hidden" name="confirm" value="yes" />'."\n"
    128. 

  128. 		.'</p></form>'."\n";
    129. 

  129. 

  130. 	// set the focus
    131. 

  131. 	$context['text'] .= JS_PREFIX
    132. 

  132. 		.'// set the focus on first form field'."\n"
    133. 

  133. 		.'$("confirmed").focus();'."\n"
    134. 

  134. 		.JS_SUFFIX."\n";
    135. 

  135. 

  136. 	// the title of the image
    137. 

  137. 	if($item['title'])
    138. 

  138. 		$context['text'] .= Skin::build_block($item['title'], 'title');
    139. 

  139. 	else
    140. 

  140. 		$context['text'] .= Skin::build_block($item['image_name'], 'title');
    141. 

  141. 

  142. 	// display the full text
    143. 

  143. 	$context['text'] .= '<div style="margin: 1em 0;">'.Codes::beautify($item['description']).'</div>'."\n";
    144. 

  144. 

  145. 	// build the path to the image file
    146. 

  146. 	list($anchor_type, $anchor_id) = explode(':', $item['anchor']);
    147. 

  147. 	$url = $anchor_type.'/'.$anchor_id.'/'.$item['image_name'];
    148. 

  148. 	$context['text'] .= "\n<p>".'<img src="'.$context['url_to_root'].'images/'.$url.'" alt="" /></p>';
    149. 

  149. 

  150. 	// details
    151. 

  151. 	$details = array();
    152. 

  152. 

  153. 	// the image name, if it has not already been used as title
    154. 

  154. 	if($item['title'])
    155. 

  155. 		$details[] = $item['image_name'];
    156. 

  156. 

  157. 	// file size
    158. 

  158. 	if($item['image_size'] > 1)
    159. 

  159. 		$details[] = number_format($item['image_size']).'&nbsp;'.i18n::s('bytes');
    160. 

  160. 

  161. 	// information on uploader
    162. 

  162. 	if(Surfer::is_member())
    163. 

  163. 		$details[] = sprintf(i18n::s('edited by %s %s'), Users::get_link($item['edit_name'], $item['edit_address'], $item['edit_id']), Skin::build_date($item['edit_date']));
    164. 

  164. 

  165. 	// the complete details
    166. 

  166. 	if($details)
    167. 

  167. 		$context['text'] .= '<p class="details">'.ucfirst(implode(', ', $details))."</p>\n";
    168. 

  168. 

  169. 	// display the source, if any
    170. 

  170. 	if($item['source']) {
    171. 

  171. 		if(preg_match('/http:\/\/([^\s]+)/', $item['source'], $matches))
    172. 

  172. 			$item['source'] = Skin::build_link($matches[0], $matches[0], 'external');
    173. 

  173. 		else {
    174. 

  174. 			include_once '../links/links.php';
    175. 

  175. 			if($attributes = Links::transform_reference($item['source'])) {
    176. 

  176. 				list($link, $title, $description) = $attributes;
    177. 

  177. 				$item['source'] = Skin::build_link($link, $title);
    178. 

  178. 			}
    179. 

  179. 		}
    180. 

  180. 		$context['text'] .= '<p class="details">'.sprintf(i18n::s('Source: %s'), $item['source'])."</p>\n";
    181. 

  181. 	}
    182. 

  182. 

  183. }
    184. 

  184. 

  185. // render the skin
    186. 

  186. render_skin();
    187. 

  187. 

  188. ?>
    189.