1<?php 2// +-----------------------------------------------------------------------+ 3// | This file is part of Piwigo. | 4// | | 5// | For copyright and license information, please view the COPYING.txt | 6// | file that was distributed with this source code. | 7// +-----------------------------------------------------------------------+ 8 9if (!defined('PHPWG_ROOT_PATH')) 10{ 11 die ("Hacking attempt!"); 12} 13 14include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 15include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 16 17// +-----------------------------------------------------------------------+ 18// | Check Access and exit when user status is not ok | 19// +-----------------------------------------------------------------------+ 20 21check_status(ACCESS_ADMINISTRATOR); 22 23// +-----------------------------------------------------------------------+ 24// | variable initialization | 25// +-----------------------------------------------------------------------+ 26 27$page['cat'] = $category['id']; 28 29// +-----------------------------------------------------------------------+ 30// | form submission | 31// +-----------------------------------------------------------------------+ 32 33// info by email to an access granted group of category informations 34if (isset($_POST['submitEmail'])) 35{ 36 set_make_full_url(); 37 38 $img = array(); 39 40 /* TODO: if $category['representative_picture_id'] 41 is empty find child representative_picture_id */ 42 if (!empty($category['representative_picture_id'])) 43 { 44 $query = ' 45SELECT id, file, path, representative_ext 46 FROM '.IMAGES_TABLE.' 47 WHERE id = '.$category['representative_picture_id'].' 48;'; 49 50 $result = pwg_query($query); 51 if (pwg_db_num_rows($result) > 0) 52 { 53 $element = pwg_db_fetch_assoc($result); 54 55 $img = array( 56 'link' => make_picture_url( 57 array( 58 'image_id' => $element['id'], 59 'image_file' => $element['file'], 60 'category' => $category 61 ) 62 ), 63 'src' => DerivativeImage::url(IMG_THUMB, $element), 64 ); 65 } 66 } 67 68 $args = array( 69 'subject' => l10n('[%s] Visit album %s', $conf['gallery_title'], trigger_change('render_category_name', $category['name'], 'admin_cat_list')), 70 // TODO : change this language variable to 'Visit album %s' 71 // TODO : 'language_selected' => .... 72 ); 73 74 $tpl = array( 75 'filename' => 'cat_group_info', 76 'assign' => array( 77 'IMG' => $img, 78 'CAT_NAME' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'), 79 'LINK' => make_index_url( 80 array( 81 'category' => array( 82 'id' => $category['id'], 83 'name' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'), 84 'permalink' => $category['permalink'] 85 ) 86 ) 87 ), 88 'CPL_CONTENT' => empty($_POST['mail_content']) ? '' : stripslashes($_POST['mail_content']), 89 ) 90 ); 91 92 if ('users' == $_POST['who'] and isset($_POST['users']) and count($_POST['users']) > 0) 93 { 94 check_input_parameter('users', $_POST, true, PATTERN_ID); 95 96 // TODO code very similar to function pwg_mail_group. We'd better create 97 // a function pwg_mail_users that could be called from here and from 98 // pwg_mail_group 99 100 // TODO to make checks even better, we should check that theses users 101 // have access to this album. No real privacy issue here, even if we 102 // send the email to a user without permission. 103 104 $query = ' 105SELECT 106 ui.user_id, 107 ui.status, 108 ui.language, 109 u.'.$conf['user_fields']['email'].' AS email, 110 u.'.$conf['user_fields']['username'].' AS username 111 FROM '.USER_INFOS_TABLE.' AS ui 112 JOIN '.USERS_TABLE.' AS u ON u.'.$conf['user_fields']['id'].' = ui.user_id 113 WHERE ui.user_id IN ('.implode(',', $_POST['users']).') 114;'; 115 $users = query2array($query); 116 $usernames = array(); 117 118 foreach ($users as $u) 119 { 120 $usernames[] = $u['username']; 121 122 $authkey = create_user_auth_key($u['user_id'], $u['status']); 123 124 $user_tpl = $tpl; 125 126 if ($authkey !== false) 127 { 128 $user_tpl['assign']['LINK'] = add_url_params($tpl['assign']['LINK'], array('auth' => $authkey['auth_key'])); 129 130 if (isset($user_tpl['assign']['IMG']['link'])) 131 { 132 $user_tpl['assign']['IMG']['link'] = add_url_params( 133 $user_tpl['assign']['IMG']['link'], 134 array('auth' => $authkey['auth_key']) 135 ); 136 } 137 } 138 139 $user_args = $args; 140 if (isset($authkey)) 141 { 142 $user_args['auth_key'] = $authkey['auth_key']; 143 } 144 145 switch_lang_to($u['language']); 146 pwg_mail($u['email'], $user_args, $user_tpl); 147 switch_lang_back(); 148 } 149 150 $message = l10n_dec('%d mail was sent.', '%d mails were sent.', count($users)); 151 $message.= ' ('.implode(', ', $usernames).')'; 152 153 $page['infos'][] = $message; 154 } 155 elseif ('group' == $_POST['who'] and !empty($_POST['group'])) 156 { 157 check_input_parameter('group', $_POST, false, PATTERN_ID); 158 159 pwg_mail_group($_POST['group'], $args, $tpl); 160 161 $query = ' 162SELECT 163 name 164 FROM `'.GROUPS_TABLE.'` 165 WHERE id = '.$_POST['group'].' 166;'; 167 list($group_name) = pwg_db_fetch_row(pwg_query($query)); 168 169 $page['infos'][] = l10n('An information email was sent to group "%s"', $group_name); 170 } 171 172 unset_make_full_url(); 173} 174 175// +-----------------------------------------------------------------------+ 176// | template initialization | 177// +-----------------------------------------------------------------------+ 178 179$template->set_filename('album_notification', 'album_notification.tpl'); 180 181$template->assign( 182 array( 183 'CATEGORIES_NAV' => 184 get_cat_display_name_from_id( 185 $page['cat'], 186 'admin.php?page=album-' 187 ), 188 'F_ACTION' => $admin_album_base_url.'-notification', 189 'PWG_TOKEN' => get_pwg_token(), 190 ) 191 ); 192 193if ($conf['auth_key_duration'] > 0) 194{ 195 $template->assign( 196 'auth_key_duration', 197 time_since( 198 strtotime('now -'.$conf['auth_key_duration'].' second'), 199 'second', 200 null, 201 false 202 ) 203 ); 204} 205 206// +-----------------------------------------------------------------------+ 207// | form construction | 208// +-----------------------------------------------------------------------+ 209 210$query = ' 211SELECT 212 id AS group_id 213 FROM `'.GROUPS_TABLE.'` 214;'; 215$all_group_ids = array_from_query($query, 'group_id'); 216 217if (count($all_group_ids) == 0) 218{ 219 $template->assign('no_group_in_gallery', true); 220} 221else 222{ 223 if ('private' == $category['status']) 224 { 225 $query = ' 226SELECT 227 group_id 228 FROM '.GROUP_ACCESS_TABLE.' 229 WHERE cat_id = '.$category['id'].' 230;'; 231 $group_ids = array_from_query($query, 'group_id'); 232 233 if (count($group_ids) == 0) 234 { 235 $template->assign('permission_url', $admin_album_base_url.'-permissions'); 236 } 237 } 238 else 239 { 240 $group_ids = $all_group_ids; 241 } 242 243 if (count($group_ids) > 0) 244 { 245 $query = ' 246SELECT 247 id, 248 name 249 FROM `'.GROUPS_TABLE.'` 250 WHERE id IN ('.implode(',', $group_ids).') 251 ORDER BY name ASC 252;'; 253 $template->assign( 254 'group_mail_options', 255 simple_hash_from_query($query, 'id', 'name') 256 ); 257 } 258} 259 260// all users with status != guest and permitted to this this album (for a 261// perfect search, we should also check that album is not only filled with 262// private photos) 263$query = ' 264SELECT 265 user_id 266 FROM '.USER_INFOS_TABLE.' 267 WHERE status != \'guest\' 268;'; 269$all_user_ids = query2array($query, null, 'user_id'); 270 271if ('private' == $category['status']) 272{ 273 $user_ids_access_indirect = array(); 274 275 if (isset($group_ids) and count($group_ids) > 0) 276 { 277 $query = ' 278SELECT 279 user_id 280 FROM '.USER_GROUP_TABLE.' 281 WHERE group_id IN ('.implode(',', $group_ids).') 282'; 283 $user_ids_access_indirect = query2array($query, null, 'user_id'); 284 } 285 286 $query = ' 287SELECT 288 user_id 289 FROM '.USER_ACCESS_TABLE.' 290 WHERE cat_id = '.$category['id'].' 291;'; 292 $user_ids_access_direct = query2array($query, null, 'user_id'); 293 294 $user_ids_access = array_unique(array_merge($user_ids_access_direct, $user_ids_access_indirect)); 295 296 $user_ids = array_intersect($user_ids_access, $all_user_ids); 297} 298else 299{ 300 $user_ids = $all_user_ids; 301} 302 303if (count($user_ids) > 0) 304{ 305 $query = ' 306SELECT 307 '.$conf['user_fields']['id'].' AS id, 308 '.$conf['user_fields']['username'].' AS username 309 FROM '.USERS_TABLE.' 310 WHERE id IN ('.implode(',', $user_ids).') 311;'; 312 313 $users = query2array($query, 'id', 'username'); 314 315 $template->assign('user_options', $users); 316} 317 318// +-----------------------------------------------------------------------+ 319// | sending html code | 320// +-----------------------------------------------------------------------+ 321 322$template->assign_var_from_handle('ADMIN_CONTENT', 'album_notification'); 323?> 324