1<?php
2// +-----------------------------------------------------------------------+
3// | This file is part of Piwigo.                                          |
4// |                                                                       |
5// | For copyright and license information, please view the COPYING.txt    |
6// | file that was distributed with this source code.                      |
7// +-----------------------------------------------------------------------+
8
9if (!defined('PHPWG_ROOT_PATH'))
10{
11  die ("Hacking attempt!");
12}
13
14include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
15include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
16
17// +-----------------------------------------------------------------------+
18// | Check Access and exit when user status is not ok                      |
19// +-----------------------------------------------------------------------+
20
21check_status(ACCESS_ADMINISTRATOR);
22
23// +-----------------------------------------------------------------------+
24// |                       variable initialization                         |
25// +-----------------------------------------------------------------------+
26
27$page['cat'] = $category['id'];
28
29// +-----------------------------------------------------------------------+
30// |                           form submission                             |
31// +-----------------------------------------------------------------------+
32
33// info by email to an access granted group of category informations
34if (isset($_POST['submitEmail']))
35{
36  set_make_full_url();
37
38  $img = array();
39
40  /* TODO: if $category['representative_picture_id']
41    is empty find child representative_picture_id */
42  if (!empty($category['representative_picture_id']))
43  {
44    $query = '
45SELECT id, file, path, representative_ext
46  FROM '.IMAGES_TABLE.'
47  WHERE id = '.$category['representative_picture_id'].'
48;';
49
50    $result = pwg_query($query);
51    if (pwg_db_num_rows($result) > 0)
52    {
53      $element = pwg_db_fetch_assoc($result);
54
55      $img = array(
56        'link' => make_picture_url(
57          array(
58            'image_id' => $element['id'],
59            'image_file' => $element['file'],
60            'category' => $category
61            )
62          ),
63        'src' => DerivativeImage::url(IMG_THUMB, $element),
64        );
65    }
66  }
67
68  $args = array(
69    'subject' => l10n('[%s] Visit album %s', $conf['gallery_title'], trigger_change('render_category_name', $category['name'], 'admin_cat_list')),
70    // TODO : change this language variable to 'Visit album %s'
71    // TODO : 'language_selected' => ....
72    );
73
74  $tpl = array(
75    'filename' => 'cat_group_info',
76    'assign' => array(
77      'IMG' => $img,
78      'CAT_NAME' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
79      'LINK' => make_index_url(
80        array(
81          'category' => array(
82            'id' => $category['id'],
83            'name' => trigger_change('render_category_name', $category['name'], 'admin_cat_list'),
84            'permalink' => $category['permalink']
85            )
86          )
87        ),
88      'CPL_CONTENT' => empty($_POST['mail_content']) ? '' : stripslashes($_POST['mail_content']),
89      )
90    );
91
92  if ('users' == $_POST['who'] and isset($_POST['users']) and count($_POST['users']) > 0)
93  {
94    check_input_parameter('users', $_POST, true, PATTERN_ID);
95
96    // TODO code very similar to function pwg_mail_group. We'd better create
97    // a function pwg_mail_users that could be called from here and from
98    // pwg_mail_group
99
100    // TODO to make checks even better, we should check that theses users
101    // have access to this album. No real privacy issue here, even if we
102    // send the email to a user without permission.
103
104    $query = '
105SELECT
106    ui.user_id,
107    ui.status,
108    ui.language,
109    u.'.$conf['user_fields']['email'].' AS email,
110    u.'.$conf['user_fields']['username'].' AS username
111  FROM '.USER_INFOS_TABLE.' AS ui
112    JOIN '.USERS_TABLE.' AS u ON u.'.$conf['user_fields']['id'].' = ui.user_id
113  WHERE ui.user_id IN ('.implode(',', $_POST['users']).')
114;';
115    $users = query2array($query);
116    $usernames = array();
117
118    foreach ($users as $u)
119    {
120      $usernames[] = $u['username'];
121
122      $authkey = create_user_auth_key($u['user_id'], $u['status']);
123
124      $user_tpl = $tpl;
125
126      if ($authkey !== false)
127      {
128        $user_tpl['assign']['LINK'] = add_url_params($tpl['assign']['LINK'], array('auth' => $authkey['auth_key']));
129
130        if (isset($user_tpl['assign']['IMG']['link']))
131        {
132          $user_tpl['assign']['IMG']['link'] = add_url_params(
133            $user_tpl['assign']['IMG']['link'],
134            array('auth' => $authkey['auth_key'])
135            );
136        }
137      }
138
139      $user_args = $args;
140      if (isset($authkey))
141      {
142        $user_args['auth_key'] = $authkey['auth_key'];
143      }
144
145      switch_lang_to($u['language']);
146      pwg_mail($u['email'], $user_args, $user_tpl);
147      switch_lang_back();
148    }
149
150    $message = l10n_dec('%d mail was sent.', '%d mails were sent.', count($users));
151    $message.= ' ('.implode(', ', $usernames).')';
152
153    $page['infos'][] = $message;
154  }
155  elseif ('group' == $_POST['who'] and !empty($_POST['group']))
156  {
157    check_input_parameter('group', $_POST, false, PATTERN_ID);
158
159    pwg_mail_group($_POST['group'], $args, $tpl);
160
161    $query = '
162SELECT
163    name
164  FROM `'.GROUPS_TABLE.'`
165  WHERE id = '.$_POST['group'].'
166;';
167    list($group_name) = pwg_db_fetch_row(pwg_query($query));
168
169    $page['infos'][] = l10n('An information email was sent to group "%s"', $group_name);
170  }
171
172  unset_make_full_url();
173}
174
175// +-----------------------------------------------------------------------+
176// |                       template initialization                         |
177// +-----------------------------------------------------------------------+
178
179$template->set_filename('album_notification', 'album_notification.tpl');
180
181$template->assign(
182  array(
183    'CATEGORIES_NAV' =>
184      get_cat_display_name_from_id(
185        $page['cat'],
186        'admin.php?page=album-'
187        ),
188    'F_ACTION' => $admin_album_base_url.'-notification',
189    'PWG_TOKEN' => get_pwg_token(),
190    )
191  );
192
193if ($conf['auth_key_duration'] > 0)
194{
195  $template->assign(
196    'auth_key_duration',
197    time_since(
198      strtotime('now -'.$conf['auth_key_duration'].' second'),
199      'second',
200      null,
201      false
202      )
203    );
204}
205
206// +-----------------------------------------------------------------------+
207// |                          form construction                            |
208// +-----------------------------------------------------------------------+
209
210$query = '
211SELECT
212    id AS group_id
213  FROM `'.GROUPS_TABLE.'`
214;';
215$all_group_ids = array_from_query($query, 'group_id');
216
217if (count($all_group_ids) == 0)
218{
219  $template->assign('no_group_in_gallery', true);
220}
221else
222{
223  if ('private' == $category['status'])
224  {
225    $query = '
226SELECT
227    group_id
228  FROM '.GROUP_ACCESS_TABLE.'
229  WHERE cat_id = '.$category['id'].'
230;';
231    $group_ids = array_from_query($query, 'group_id');
232
233    if (count($group_ids) == 0)
234    {
235      $template->assign('permission_url', $admin_album_base_url.'-permissions');
236    }
237  }
238  else
239  {
240    $group_ids = $all_group_ids;
241  }
242
243  if (count($group_ids) > 0)
244  {
245    $query = '
246SELECT
247    id,
248    name
249  FROM `'.GROUPS_TABLE.'`
250  WHERE id IN ('.implode(',', $group_ids).')
251  ORDER BY name ASC
252;';
253    $template->assign(
254      'group_mail_options',
255      simple_hash_from_query($query, 'id', 'name')
256      );
257  }
258}
259
260// all users with status != guest and permitted to this this album (for a
261// perfect search, we should also check that album is not only filled with
262// private photos)
263$query = '
264SELECT
265    user_id
266  FROM '.USER_INFOS_TABLE.'
267  WHERE status != \'guest\'
268;';
269$all_user_ids = query2array($query, null, 'user_id');
270
271if ('private' == $category['status'])
272{
273  $user_ids_access_indirect = array();
274
275  if (isset($group_ids) and count($group_ids) > 0)
276  {
277    $query = '
278SELECT
279    user_id
280  FROM '.USER_GROUP_TABLE.'
281  WHERE group_id IN ('.implode(',', $group_ids).')
282';
283    $user_ids_access_indirect = query2array($query, null, 'user_id');
284  }
285
286  $query = '
287SELECT
288    user_id
289  FROM '.USER_ACCESS_TABLE.'
290  WHERE cat_id = '.$category['id'].'
291;';
292  $user_ids_access_direct = query2array($query, null, 'user_id');
293
294  $user_ids_access = array_unique(array_merge($user_ids_access_direct, $user_ids_access_indirect));
295
296  $user_ids = array_intersect($user_ids_access, $all_user_ids);
297}
298else
299{
300  $user_ids = $all_user_ids;
301}
302
303if (count($user_ids) > 0)
304{
305  $query = '
306SELECT
307    '.$conf['user_fields']['id'].' AS id,
308    '.$conf['user_fields']['username'].' AS username
309  FROM '.USERS_TABLE.'
310  WHERE id IN ('.implode(',', $user_ids).')
311;';
312
313  $users = query2array($query, 'id', 'username');
314
315  $template->assign('user_options', $users);
316}
317
318// +-----------------------------------------------------------------------+
319// |                           sending html code                           |
320// +-----------------------------------------------------------------------+
321
322$template->assign_var_from_handle('ADMIN_CONTENT', 'album_notification');
323?>
324