Coppermine PHP Cross Reference Image Galleries

Source: /report_file.php - 359 lines - 14778 bytes - Summary - Text - Print

   1  <?php
   2  /*************************

   3    Coppermine Photo Gallery

   4    ************************

   5    Copyright (c) 2003-2014 Coppermine Dev Team

   6    v1.0 originally written by Gregory Demar

   7  

   8    This program is free software; you can redistribute it and/or modify

   9    it under the terms of the GNU General Public License version 3

  10    as published by the Free Software Foundation.

  11  

  12    ********************************************

  13    Coppermine version: 1.5.28

  14    $HeadURL: https://svn.code.sf.net/p/coppermine/code/trunk/cpg1.5.x/report_file.php $

  15    $Revision: 8683 $

  16  **********************************************/
  17  
  18  define('IN_COPPERMINE', true);
  19  define('REPORT_FILE_PHP', true);
  20  
  21  require ('include/init.inc.php');
  22  require ('include/mailer.inc.php');
  23  
  24  if ((!$CONFIG['report_post']==1) || (!USER_CAN_SEND_ECARDS)) {
  25      cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
  26  }
  27  
  28  $icon_array['ok'] = cpg_fetch_icon('ok', 1);
  29  $icon_array['report'] = cpg_fetch_icon('report', 2);
  30  
  31  if ($CONFIG['enable_smilies']) {
  32      include ("include/smilies.inc.php");
  33  }
  34  
  35  function get_post_var($name, $default = '')
  36  {
  37      $superCage = Inspekt::makeSuperCage();
  38      if ($superCage->post->keyExists($name)) {
  39          return get_magic_quotes_gpc() ? stripslashes_deep($superCage->post->noTags($name)) : $superCage->post->noTags($name);
  40      } else {
  41          return $default;
  42      }
  43  }
  44  
  45  $pid = $superCage->get->getInt('pid');
  46  $cid = $superCage->get->getInt('msg_id');
  47  $what = $superCage->get->getAlpha('what');
  48  
  49  $type = $lang_report_php['type_file'];
  50  $template = $template_report;
  51  
  52  $sender_name = get_post_var('sender_name', USER_NAME ? USER_NAME : (isset($USER['name']) ? $USER['name'] : ''));
  53  if (defined('UDB_INTEGRATION')AND USER_ID) {
  54      $USER_DATA = array_merge($USER_DATA,$cpg_udb->get_user_infos(USER_ID));
  55  }
  56  
  57  if ($USER_DATA['user_email']) {
  58      $sender_email = $USER_DATA['user_email'];
  59      $sender_box = $sender_email;
  60      $sender_name = $USER_DATA['user_name'];
  61      $sender_name_box = $sender_name;
  62  } else {
  63      $sender_email = get_post_var('sender_email',$USER['email'] ? $USER['email'] : '');
  64      $sender_box = "<input type=\"text\" class=\"textinput\" value=\"$sender_email\" name=\"sender_email\" style=\"width: 100%;\" />";
  65      $sender_name = get_post_var('sender_name',$USER['name'] ? $USER['name'] : '');
  66      $sender_name_box = "<input type=\"text\" class=\"textinput\" value=\"$sender_name\" name=\"sender_name\" style=\"width: 100%;\" />";
  67  }
  68  
  69  $subject = get_post_var('subject');
  70  $message = get_post_var('message');
  71  $sender_email_warning = '';
  72  $form_action="$CPG_PHP_SELF?pid=$pid";
  73  
  74  // Get picture thumbnail url

  75  $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} p WHERE pid='$pid' $FORBIDDEN_SET");
  76  if (!mysql_num_rows($result)) {
  77      cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
  78  }
  79  
  80  $row = mysql_fetch_array($result);
  81  $thumb_pic_url = get_pic_url($row, 'thumb');
  82  
  83  if ($what == 'comment') {
  84      $result = cpg_db_query("SELECT msg_id, msg_author, msg_body, UNIX_TIMESTAMP(msg_date) AS msg_date, author_id, author_md5_id, msg_raw_ip, msg_hdr_ip, approval FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='$cid' AND approval = 'YES' AND pid='$pid'");
  85      if (!mysql_num_rows($result)) {
  86          cpg_die(ERROR, $lang_errors['non_exist_comment'], __FILE__, __LINE__);
  87      }
  88  
  89      $row = mysql_fetch_array($result);
  90      $comment = bb_decode($row['msg_body']);
  91      if ($CONFIG['enable_smilies']) {
  92          $comment = process_smilies($comment);
  93      }
  94  
  95      $msg_author = $row['msg_author'];
  96      $comment_field_name = sprintf($lang_report_php['comment_field_name'], $msg_author);
  97      $type = $lang_report_php['type_comment'];
  98      $template = $template_report_comment_email;
  99      $form_action ="$CPG_PHP_SELF?pid=$pid&amp;msg_id=$cid&amp;what=comment";
 100  
 101      //template_extract_block($template_report_form, 'reason_missing'); //need help to toggle off reason(missing) since doesn't apply to comments

 102  } else {
 103      //template_extract_block($template_report_form, 'display_comment'); //need help remove comment preview when reporting picture

 104  }
 105  
 106  // Check supplied email address

 107  $valid_sender_email = Inspekt::isEmail($sender_email);
 108  $invalid_email = '<div class="cpg_message_error">' . $lang_report_php['invalid_email'] . '</div>';
 109  
 110  if (!$valid_sender_email && $superCage->post->keyExists('subject')) {
 111      $sender_email_warning = $invalid_email;
 112  }
 113  
 114  // Create and send the e-card

 115  if ($superCage->post->keyExists('subject') && $valid_sender_email) {
 116      $gallery_url_prefix = $CONFIG['ecards_more_pic_target']. (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/');
 117      if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
 118          $n_picname = get_pic_url($row, 'normal');
 119      } else {
 120          $n_picname = get_pic_url($row, 'fullsize');
 121      }
 122  
 123      if (!stristr($n_picname, 'http:')) {
 124          $n_picname = $gallery_url_prefix . $n_picname;
 125      }
 126      //output list of reasons checkmarked

 127      $reasons = $lang_report_php['reasons_list_heading'] . $LINEBREAK;
 128      if ($superCage->post->keyExists('reason')) {
 129          foreach(get_post_var('reason') as $value) {
 130              $value = $lang_report_php["$value"];
 131              $reason_list .= "$value, ";
 132          }
 133      } else {
 134          $reasons .= "{$lang_report_php['no_reason_given']}";
 135      }
 136  
 137      $reason_list = substr($reason_list, 0, -2); //remove trailing comma and space

 138      $reasons .= $reason_list;
 139      $msg_content = nl2br(strip_tags($message));
 140  
 141      $data = array(
 142          'sn' => $sender_name,
 143          'se' => $sender_email,
 144          'p' => $n_picname,
 145          'su' => $subject,
 146          'm' => $message,
 147          'r' => $reasons,
 148          'c' => $comment,
 149          'cid' => $cid,
 150          'pid' => $pid,
 151          't' => $what,
 152          );
 153  
 154      $encoded_data = urlencode(base64_encode(serialize($data)));
 155  
 156      $params = array('{LANG_DIR}' => $lang_text_dir,
 157          '{TITLE}' => sprintf($lang_report_php['report_subject'], $sender_name, $type),
 158          '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'],
 159          '{VIEW_REPORT_TGT}' => "{$gallery_url_prefix}displayreport.php?data=$encoded_data",
 160          '{VIEW_REPORT_LNK}' => $lang_report_php['view_report'],
 161          '{VIEW_REPORT_LNK_PLAINTEXT}' => $lang_report_php['view_report_plaintext'],
 162          '{PIC_URL}' => $n_picname,
 163          '{URL_PREFIX}' => $gallery_url_prefix,
 164          '{PIC_TGT}' => "{$CONFIG['ecards_more_pic_target']}displayimage.php?pid=" . $pid,
 165          '{SUBJECT}' => $subject,
 166          '{MESSAGE}' => $msg_content,
 167          '{PLAINTEXT_MESSAGE}' => $message,
 168          '{SENDER_EMAIL}' => $sender_email,
 169          '{SENDER_NAME}' => $sender_name,
 170          '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'],
 171          '{VIEW_MORE_LNK}' => $lang_report_php['view_more_pics'],
 172          '{REASON}' => $reasons,
 173          '{COMMENT}' => $comment,
 174          '{COMMENT_ID}' => $cid,
 175          '{VIEW_COMMENT_LNK}' => $lang_report_php['view_comment'],
 176          '{COMMENT_TGT}' => "{$CONFIG['ecards_more_pic_target']}displayimage.php?pid=$pid#comment$cid",
 177          '{PID}' => $pid,
 178          );
 179  
 180      $message = template_eval($template, $params);
 181      $plaintext_message = template_eval($template_report_plaintext, $params);
 182  
 183      $tempTime = time();
 184      $message .= sprintf($lang_report_php['report_footer'], $sender_name, $raw_ip, localised_date(-1,$lang_date['comment']));
 185      $subject = sprintf($lang_report_php['report_subject'], $sender_name, $type);
 186  
 187      $result = cpg_mail('admin', $subject, $message, 'text/html', $sender_name, $sender_email, $plaintext_message);
 188  
 189      /*//write log

 190      if ($CONFIG['log_ecards'] == 1) {

 191          $result_log = cpg_db_query("INSERT INTO {$CONFIG['TABLE_ECARDS']} (sender_name, sender_email, recipient_name, recipient_email, link, date, sender_ip) VALUES ('$sender_name', '$sender_email', '$recipient_name', '$recipient_email',   '$encoded_data', '$tempTime', '$raw_ip')");

 192      }*/
 193  
 194      if (!USER_ID) {
 195          $USER['name'] = $sender_name;
 196          $USER['email'] = $sender_email;
 197      }
 198  
 199      if ($result) {
 200          pageheader($lang_report_php['title'], "<meta http-equiv=\"refresh\" content=\"3;url=displayimage.php?pid={$pid}\" />");
 201          msg_box($lang_cpg_die[INFORMATION], $lang_report_php['send_success'], $lang_common['continue'], "displayimage.php?pid={$pid}");
 202          pagefooter();
 203          exit;
 204      } else {
 205          cpg_die(ERROR, $lang_report_php['send_failed'], __FILE__, __LINE__);
 206      }
 207  }
 208  
 209  if ($superCage->post->keyExists('submit')) {
 210      //Check if the form token is valid

 211      if(!checkFormToken()){
 212          cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
 213      }
 214  }
 215  pageheader($lang_report_php['title']);
 216  echo <<< EOT
 217  <form method="post" name="post" id="cpgform" action="$form_action">
 218  EOT;
 219  starttable("100%", $icon_array['report'] . $lang_report_php['title'], 3);
 220  
 221  echo <<<EOT
 222          <tr>
 223                  <td class="tableh2" colspan="2"><strong>{$lang_report_php['from']}</strong></td>
 224  <!-- BEGIN display_thumbnail -->
 225                  <td rowspan="6" align="center" valign="top" class="tableb">
 226                          <img src="$thumb_pic_url" alt="" vspace="8" border="0" class="image" /><br />
 227                  </td>
 228  <!-- END display_thumbnail -->
 229          </tr>
 230          <tr>
 231                  <td class="tableb" valign="top" width="40%">
 232                          {$lang_report_php['your_name']}<br />
 233                  </td>
 234                  <td valign="top" class="tableb" width="60%">
 235                          {$sender_name_box}
 236                  </td>
 237          </tr>
 238          <tr>
 239                  <td class="tableb" valign="top" width="40%">
 240                          {$lang_report_php['your_email']}<br />
 241                  </td>
 242                  <td valign="top" class="tableb" width="60%">
 243                          {$sender_box}
 244                          {$sender_email_warning}
 245                  </td>
 246          </tr>
 247          <tr>
 248                  <td class="tableh2" colspan="2"><strong>{$lang_report_php['to']}</strong></td>
 249          </tr>
 250          <tr>
 251                  <td class="tableb" valign="top" width="40%" colspan="2">
 252                          {$lang_report_php['administrator']}<br />
 253                  </td>
 254          </tr>
 255  
 256                  <tr>
 257                  <td class="tableh2" colspan="3"><strong>{$lang_report_php['refers_to']}:</strong></td>
 258          </tr>
 259          <tr>
 260                  <td class="tableb" colspan="3">
 261                      <a href="{$CONFIG['ecards_more_pic_target']}displayimage.php?pid={$pid}">
 262                      {$CONFIG['ecards_more_pic_target']}displayimage.php?pid={$pid}</a>
 263                  </td>
 264          </tr>
 265  <!-- BEGIN display_comment -->
 266                                  <tr>
 267                  <td class="tableh2" valign="top" width="40%" colspan="3"><strong>$comment_field_name</strong></td>
 268                                  </tr>
 269          <tr>
 270                  <td class="tableb" valign="top" width="40%" colspan="3">
 271             $comment<br />
 272                  </td>
 273          </tr>
 274  <!-- END display_comment -->
 275          <tr>
 276                  <td class="tableh2" colspan="3"><strong>{$lang_report_php['subject']}</strong></td>
 277          </tr>
 278          <tr>
 279                  <td class="tableb" colspan="3">
 280                                                                                  <input type="text" class="textinput" name="subject"  value="$subject" style="width: 100%;" /><br />
 281                  </td>
 282          </tr>
 283          <tr>
 284                  <td class="tableh2" colspan="3"><strong>{$lang_report_php['reason']}</strong></td>
 285          </tr>
 286          <tr>
 287                  <td class="tableb" colspan="3">
 288                      <table border="0" cellspacing="0" cellpadding="0" width="100%">
 289          </tr>
 290          <tr>
 291  <!-- BEGIN reason_obscene -->
 292              <td>
 293                  <input value="obscene" type="checkbox" name="reason[]" id="obscene" />
 294                  <label for="obscene" class="clickable_option">{$lang_report_php['obscene']}</label>
 295              </td>
 296  <!-- END reason_obscene -->
 297  <!-- BEGIN reason_offensive -->
 298              <td>
 299                  <input value="offensive" type="checkbox" name="reason[]" id="offensive" />
 300                  <label for="offensive" class="clickable_option">{$lang_report_php['offensive']}</label>
 301              </td>
 302  <!-- END reason_offensive -->
 303  
 304  <!-- BEGIN reason_misplaced -->
 305              <td>
 306                  <input value="misplaced" type="checkbox" name="reason[]" id="misplaced" />
 307                  <label for="misplaced" class="clickable_option">{$lang_report_php['misplaced']}</label>
 308              </td>
 309  <!-- END reason_misplaced -->
 310  <!-- BEGIN reason_missing -->
 311              <td>
 312                  <input value="missing" type="checkbox" name="reason[]" id="missing" />
 313                  <label for="missing" class="clickable_option">{$lang_report_php['missing']}</label>
 314              </td>
 315  <!-- END reason_missing -->
 316  <!-- BEGIN reason_issue -->
 317              <td>
 318                  <input value="issue" type="checkbox" name="reason[]" id="issue" />
 319                  <label for="issue" class="clickable_option">{$lang_report_php['issue']}</label>
 320              </td>
 321  <!-- END reason_issue -->
 322  <!-- BEGIN reason_other -->
 323              <td>
 324                  <input value="other" type="checkbox" name="reason[]" id="other" />
 325                  <label for="other" class="clickable_option">{$lang_report_php['other']}</label>
 326              </td>
 327  <!-- END reason_other -->
 328          </tr>
 329      </table>
 330      </td>
 331          </tr>
 332          <tr>
 333                  <td class="tableh2" colspan="3"><strong>{$lang_report_php['message']}</strong></td>
 334          </tr>
 335          <tr>
 336                  <td class="tableb" colspan="3" valign="top">
 337                      <textarea name="message" class="textinput" rows="8" cols="40" onselect="storeCaret_post(this);" onclick="storeCaret_post(this);" onkeyup="storeCaret_post(this);" style="width: 100%;">$message</textarea><br /><br />
 338                  </td>
 339          </tr>
 340          <tr>
 341                  <td colspan="3" align="center" class="tablef">
 342                          <button type="submit" class="button" name="submit" id="submit" value="{$lang_report_php['title']}">{$icon_array['ok']}{$lang_report_php['title']}</button>
 343                  </td>
 344          </tr>
 345  EOT;
 346  
 347  endtable();
 348  
 349  list($timestamp, $form_token) = getFormToken();
 350  echo <<< EOT
 351  <input type="hidden" name="form_token" value="{$form_token}" />
 352  <input type="hidden" name="timestamp" value="{$timestamp}" />
 353  </form>
 354  
 355  EOT;
 356  
 357  pagefooter();
 358  
 359  ?>

title

Description

title

Description

title

Description

title

title

Body