4images PHP Cross Reference Image Galleries

Source: /postcards.php - 331 lines - 17107 bytes - Summary - Text - Print

   1  <?php
   2  /**************************************************************************
   3   *                                                                        *
   4   *    4images - A Web Based Image Gallery Management System               *
   5   *    ----------------------------------------------------------------    *
   6   *                                                                        *
   7   *             File: postcards.php                                        *
   8   *        Copyright: (C) 2002-2012 Jan Sorgalla                           *
   9   *            Email: jan@4homepages.de                                    *
  10   *              Web: http://www.4homepages.de                             *
  11   *    Scriptversion: 1.7.11                                               *
  12   *                                                                        *
  13   *    Never released without support from: Nicky (http://www.nicky.net)   *
  14   *                                                                        *
  15   **************************************************************************
  16   *                                                                        *
  17   *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
  18   *    bedingungen (Lizenz.txt) für weitere Informationen.                 *
  19   *    ---------------------------------------------------------------     *
  20   *    This script is NOT freeware! Please read the Copyright Notice       *
  21   *    (Licence.txt) for further information.                              *
  22   *                                                                        *
  23   *************************************************************************/
  24  
  25  define('GET_CACHES', 1);
  26  define('ROOT_PATH', './');
  27  define('MAIN_SCRIPT', __FILE__);
  28  include (ROOT_PATH.'global.php');
  29  require (ROOT_PATH.'includes/sessions.php');
  30  $user_access = get_permission();
  31  
  32  if (isset($HTTP_GET_VARS[URL_POSTCARD_ID]) || isset($HTTP_POST_VARS[URL_POSTCARD_ID])) {
  33    $postcard_id = (isset($HTTP_GET_VARS[URL_POSTCARD_ID])) ? trim($HTTP_GET_VARS[URL_POSTCARD_ID]) : trim($HTTP_POST_VARS[URL_POSTCARD_ID]);
  34  }
  35  else {
  36    $postcard_id = 0;
  37  }
  38  
  39  if ($action == "") {
  40    $action = ($postcard_id) ? "showcard" : "createcard";
  41  }
  42  
  43  if (isset($HTTP_GET_VARS['modifycard']) || isset($HTTP_POST_VARS['modifycard'])) {
  44    $action = "modifycard";
  45  }
  46  
  47  $main_template = ($action == "createcard" || $action == "modifycard") ? "postcard_create" : (($action == "previewcard") ? "postcard_create" : "postcard_send");
  48  include (ROOT_PATH.'includes/page_header.php');
  49  
  50  $sendprocess = 0;
  51  
  52  if ($action != "showcard") {
  53    $sql = "SELECT i.cat_id, i.image_name, i.image_media_file, i.image_thumb_file, c.cat_name".get_user_table_field(", u.", "user_name")."
  54            FROM (".IMAGES_TABLE." i,  ".CATEGORIES_TABLE." c)
  55            LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
  56            WHERE i.image_id = $image_id";
  57    $image_row = $site_db->query_firstrow($sql);
  58    if (!$image_row) {
  59      redirect($url);
  60    }
  61    $cat_id = $image_row['cat_id'];
  62    $image_row['user_name'] = $image_row[$user_table_fields['user_name']];
  63  
  64    if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !check_permission("auth_sendpostcard", $cat_id)) {
  65      redirect($url);
  66    }
  67  }
  68  
  69  if ($action == "sendcard") {
  70    $expiry = time() - 60 * 60 * 24 * POSTCARD_EXPIRY;
  71    $sql = "DELETE FROM ".POSTCARDS_TABLE."
  72            WHERE (postcard_date < $expiry)";
  73    $site_db->query($sql);
  74  
  75    $bg_color = un_htmlspecialchars(trim($HTTP_POST_VARS['bg_color']));
  76    $border_color = un_htmlspecialchars(trim($HTTP_POST_VARS['border_color']));
  77    $font_color = un_htmlspecialchars(trim($HTTP_POST_VARS['font_color']));
  78    $font_face = un_htmlspecialchars(trim($HTTP_POST_VARS['font_face']));
  79  
  80    $sender_name = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_name']));
  81    $sender_email = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_email']));
  82    $recipient_name = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_name']));
  83    $recipient_email = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_email']));
  84  
  85    $headline = un_htmlspecialchars(trim($HTTP_POST_VARS['headline']));
  86    $message = un_htmlspecialchars(trim($HTTP_POST_VARS['message']));
  87    $message = strip_tags($message);
  88  
  89    $captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
  90  
  91    $back_url = (!empty($HTTP_POST_VARS['back_url'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['back_url']))) : $site_sess->url(ROOT_PATH."index.php", "&");
  92  
  93    $postcard_id = get_random_key(POSTCARDS_TABLE, "postcard_id");
  94    $current_time = time();
  95  
  96    if ($captcha_enable_postcards && !captcha_validate($captcha)) {
  97        $msg .= (($msg != "") ? "<br />" : "").$lang['captcha_required'];
  98        $action = "previewcard";
  99        $main_template = "postcard_preview";
 100    } else {
 101      $sql = "INSERT INTO ".POSTCARDS_TABLE."
 102              (postcard_id, image_id, postcard_date, postcard_bg_color, postcard_border_color, postcard_font_color, postcard_font_face, postcard_sender_name, postcard_sender_email, postcard_recipient_name, postcard_recipient_email, postcard_headline, postcard_message)
 103              VALUES
 104              ('$postcard_id', $image_id, $current_time, '$bg_color', '$border_color', '$font_color', '$font_face', '$sender_name', '$sender_email', '$recipient_name', '$recipient_email', '$headline', '$message')";
 105      $result = $site_db->query($sql);
 106  
 107      if ($result) {
 108        $postcard_url = $script_url."/postcards.php?".URL_POSTCARD_ID."=".$postcard_id;
 109  
 110        include (ROOT_PATH.'includes/email.php');
 111        $site_email = new Email();
 112        $site_email->set_to(stripslashes($recipient_email));
 113        $site_email->set_from(stripslashes($sender_email), stripslashes($sender_name));
 114        $site_email->set_subject($lang['send_postcard_emailsubject']);
 115        $site_email->register_vars(array(
 116          "sender_name" => stripslashes($sender_name),
 117          "sender_email" => stripslashes($sender_email),
 118          "recipient_name" => stripslashes($recipient_name),
 119          "postcard_url" => stripslashes($postcard_url),
 120          "postcard_send_date" => format_date($config['date_format']." ".$config['time_format'], $current_time),
 121          "site_name" => $config['site_name']
 122        ));
 123        $site_email->set_body("postcard_message", $config['language_dir']);
 124        $site_email->send_email();
 125  
 126        $msg .= $lang['send_postcard_success'];
 127        $msg .= "<br /><a href=\"".$back_url."\">".$lang['back_to_gallery']."</a>";
 128        $action = "showcard";
 129      }
 130      else {
 131        $msg = $lang['general_error'];
 132        $action = "previewcard";
 133        $main_template = "postcard_preview";
 134      }
 135    }
 136  }
 137  
 138  if ($action == "showcard") {
 139    $expiry = time() - 60 * 60 * 24 * POSTCARD_EXPIRY;
 140    $sql = "DELETE FROM ".POSTCARDS_TABLE."
 141            WHERE (postcard_date < $expiry)";
 142    $site_db->query($sql);
 143  
 144    if (!$postcard_id){
 145      redirect("index.php");
 146    }
 147    else {
 148      $sql = "SELECT p.postcard_id, p.image_id, p.postcard_date, p.postcard_bg_color, p.postcard_border_color, p.postcard_font_color, p.postcard_font_face, p.postcard_sender_name, p.postcard_sender_email, p.postcard_recipient_name, p.postcard_recipient_email, p.postcard_headline, p.postcard_message, i.image_name, i.cat_id, i.image_media_file, i.image_thumb_file
 149              FROM (".POSTCARDS_TABLE." p, ".IMAGES_TABLE." i)
 150              WHERE p.postcard_id = '$postcard_id' AND p.image_id = i.image_id";
 151      $image_row = $site_db->query_firstrow($sql);
 152  
 153      if (!$image_row) {
 154        show_error_page($lang['invalid_postcard_id']);
 155      }
 156      else {
 157        $image = get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, 1);
 158        $thumbnail = get_thumbnail_code($image_row['image_media_file'], $image_row['image_thumb_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode);
 159        $image_name_link = "<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_row['image_id'])."\">".format_text($image_row['image_name'])."</a>";
 160        $site_template->register_vars(array(
 161          "image" => $image,
 162          "thumbnail" => $thumbnail,
 163          "image_name_link" => $image_name_link,
 164          "bg_color" => format_text($image_row['postcard_bg_color'], 2),
 165          "border_color" => format_text($image_row['postcard_border_color'], 2),
 166          "font_color" => format_text($image_row['postcard_font_color'], 2),
 167          "font_face" => format_text($image_row['postcard_font_face'], 2),
 168          "sender_name" => format_text($image_row['postcard_sender_name'], 2),
 169          "sender_email" => format_text($image_row['postcard_sender_email'], 2),
 170          "recipient_name" => format_text($image_row['postcard_recipient_name'], 2),
 171          "recipient_email" => format_text($image_row['postcard_recipient_email'], 2),
 172          "headline" => format_text($image_row['postcard_headline'], 2),
 173          "message" => format_text($image_row['postcard_message'], 0)
 174        ));
 175      }
 176    }
 177  }
 178  
 179  if ($action == "previewcard") {
 180    $error = 0;
 181    $bg_color = un_htmlspecialchars(trim($HTTP_POST_VARS['bg_color']));
 182    $border_color = un_htmlspecialchars(trim($HTTP_POST_VARS['border_color']));
 183    $font_color = un_htmlspecialchars(trim($HTTP_POST_VARS['font_color']));
 184    $font_face = un_htmlspecialchars(trim($HTTP_POST_VARS['font_face']));
 185  
 186    $sender_name = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_name']));
 187    $sender_email = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_email']));
 188    $recipient_name = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_name']));
 189    $recipient_email = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_email']));
 190  
 191    $headline = un_htmlspecialchars(trim($HTTP_POST_VARS['headline']));
 192    $message = un_htmlspecialchars(trim($HTTP_POST_VARS['message']));
 193  
 194    $back_url = (!empty($HTTP_POST_VARS['back_url'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['back_url']))) : $site_sess->url(ROOT_PATH."index.php", "&");
 195  
 196    if ($sender_name == "" || $sender_email == "" || $recipient_name == "" || $recipient_email == "" || $headline == "" || $message == "") {
 197      $msg .= $lang['lostfield_error'];
 198      $error = 1;
 199    }
 200    if (($sender_email != "" && !check_email($sender_email)) || ($recipient_email != "" && !check_email($recipient_email))) {
 201      $msg .= (($msg != "") ? "<br />" : "").$lang['invalid_email_format'];
 202      $error = 1;
 203    }
 204  
 205    if (!$error) {
 206      $main_template = "postcard_preview";
 207      $image = get_media_code($image_row['image_media_file'], $image_id, $cat_id, $image_row['image_name'], $mode, 1);
 208      $thumbnail = get_thumbnail_code($image_row['image_media_file'], $image_row['image_thumb_file'], $image_id, $cat_id, $image_row['image_name'], $mode);
 209      $site_template->register_vars(array(
 210        "image" => $image,
 211        "thumbnail" => $thumbnail,
 212        "image_name" => format_text($image_row['image_name']),
 213        "url_postcard" => $site_sess->url(ROOT_PATH."postcards.php?".URL_IMAGE_ID."=".$image_id),
 214        "bg_color" => format_text(stripslashes($bg_color), 2),
 215        "border_color" => format_text(stripslashes($border_color), 2),
 216        "font_color" => format_text(stripslashes($font_color), 2),
 217        "font_face" => format_text(stripslashes($font_face), 2),
 218        "sender_name" => format_text(stripslashes($sender_name), 2),
 219        "sender_email" => format_text(stripslashes($sender_email), 2),
 220        "recipient_name" => format_text(stripslashes($recipient_name), 2),
 221        "recipient_email" => format_text(stripslashes($recipient_email), 2),
 222        "headline" => format_text(stripslashes($headline), 2),
 223        "message" => format_text(stripslashes($message), 0),
 224        "message_hidden" => format_text(stripslashes($message), 2),
 225        "image_id" => $image_id,
 226        "lang_sender" => $lang['sender'],
 227        "lang_recipient" => $lang['recipient'],
 228        "lang_edit_postcard" => $lang['edit_postcard'],
 229        "lang_send_postcard" => $lang['send_postcard'],
 230        "back_url" => format_text($back_url),
 231        "lang_captcha" => $lang['captcha'],
 232        "lang_captcha_desc" => $lang['captcha_desc'],
 233        "captcha_postcards" => (bool)$captcha_enable_postcards
 234      ));
 235    }
 236    else {
 237      $action = "createcard";
 238      $main_template = "postcard_create";
 239      $sendprocess = 1;
 240    }
 241  }
 242  
 243  if ($action == "createcard" || $action == "modifycard") {
 244    if (!$sendprocess) {
 245      $bg_color = "";
 246      $border_color = "";
 247      $font_color = "";
 248      $font_face = "";
 249      $sender_name = ($user_info['user_level'] != GUEST) ? $user_info['user_name'] : "";
 250      $sender_email = ($user_info['user_level'] != GUEST) ? $user_info['user_email'] : "";
 251      $recipient_name = "";
 252      $recipient_email = "";
 253      $headline = "";
 254      $message = "";
 255    }
 256  
 257    if ($action == "modifycard") {
 258      $bg_color = un_htmlspecialchars(trim($HTTP_POST_VARS['bg_color']));
 259      $border_color = un_htmlspecialchars(trim($HTTP_POST_VARS['border_color']));
 260      $font_color = un_htmlspecialchars(trim($HTTP_POST_VARS['font_color']));
 261      $font_face = un_htmlspecialchars(trim($HTTP_POST_VARS['font_face']));
 262  
 263      $sender_name = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_name']));
 264      $sender_email = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_email']));
 265      $recipient_name = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_name']));
 266      $recipient_email = un_htmlspecialchars(trim($HTTP_POST_VARS['recipient_email']));
 267  
 268      $headline = un_htmlspecialchars(trim($HTTP_POST_VARS['headline']));
 269      $message = un_htmlspecialchars(trim($HTTP_POST_VARS['message']));
 270      $message = strip_tags($message);
 271    }
 272  
 273    $image = get_media_code($image_row['image_media_file'], $image_id, $cat_id, $image_row['image_name'], $mode, 1);
 274    $thumbnail = get_thumbnail_code($image_row['image_media_file'], $image_row['image_thumb_file'], $image_id, $cat_id, $image_row['image_name'], $mode);
 275    $site_template->register_vars(array(
 276      "image" => $image,
 277      "thumbnail" => $thumbnail,
 278      "image_name" => format_text($image_row['image_name']),
 279      "lang_bg_color" => $lang['bg_color'],
 280      "bg_color" => $bg_color,
 281      "lang_border_color" => $lang['border_color'],
 282      "border_color" => $border_color,
 283      "lang_font_color" => $lang['font_color'],
 284      "font_color" => $font_color,
 285      "lang_font_face" => $lang['font_face'],
 286      "font_face" => $font_face,
 287      "image_id" => $image_id,
 288        "lang_sender" => $lang['sender'],
 289      "lang_recipient" => $lang['recipient'],
 290      "lang_email" => $lang['email'],
 291      "lang_name" => $lang['name'],
 292      "lang_headline" => $lang['headline'],
 293      "lang_message" => $lang['message'],
 294      "lang_preview_postcard" => $lang['preview_postcard'],
 295      "url_postcard" => $site_sess->url(ROOT_PATH."postcards.php?".URL_IMAGE_ID."=".$image_id),
 296      "sender_name" => format_text(stripslashes($sender_name), 2),
 297      "sender_email" => format_text(stripslashes($sender_email), 2),
 298      "recipient_name" => format_text(stripslashes($recipient_name), 2),
 299      "recipient_email" => format_text(stripslashes($recipient_email), 2),
 300      "headline" => format_text(stripslashes($headline), 2),
 301      "message" => format_text(stripslashes($message), 2),
 302      "lang_send_postcard" => $lang['send_postcard'],
 303      "back_url" => format_text(stripslashes($url), 2)
 304    ));
 305  }
 306  
 307  //-----------------------------------------------------
 308  //--- Clickstream -------------------------------------
 309  //-----------------------------------------------------
 310  $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'];
 311  if ($mode == "lightbox" && !empty($user_info['lightbox_image_ids'])) {
 312    $clickstream .= "<a href=\"".$site_sess->url(ROOT_PATH."lightbox.php")."\" class=\"clickstream\">".$lang['lightbox']."</a>".$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id."&amp;mode=".$mode)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
 313  }
 314  elseif ($mode == "search" && !empty($session_info['search_id'])) {
 315    $clickstream .= "<a href=\"".$site_sess->url(ROOT_PATH."search.php?show_result=1")."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id."&amp;mode=".$mode)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
 316  }
 317  else {
 318    $clickstream .= get_category_path($cat_id, 1).$config['category_separator']."<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$image_id)."\" class=\"clickstream\">".$image_row['image_name']."</a>".$config['category_separator'];
 319  }
 320  $clickstream .= $lang['send_postcard']."</span>";
 321  
 322  //-----------------------------------------------------
 323  //--- Print Out ---------------------------------------
 324  //-----------------------------------------------------
 325  $site_template->register_vars(array(
 326    "msg" => $msg,
 327    "clickstream" => $clickstream,
 328  ));
 329  $site_template->print_template($site_template->parse_template($main_template));
 330  include (ROOT_PATH.'includes/page_footer.php');
 331  ?>

title

Description

title

Description

title

Description

title

title

Body