Tobias Reich
parent
75e63a9e3a
commit
01d367beb9
@ -120,7 +120,7 @@ class Admin extends Access {
|
||||
|
||||
Module::dependencies(isset($_POST['albumIDs']));
|
||||
$album = new Album($this->database, $this->plugins, $this->settings, $_POST['albumIDs']);
|
||||
echo $album->delete($_POST['albumIDs']);
|
||||
echo $album->delete();
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -39,7 +39,8 @@ class Album extends Module {
|
||||
|
||||
# Database
|
||||
$sysstamp = time();
|
||||
$result = $this->database->query("INSERT INTO lychee_albums (title, sysstamp, public, visible) VALUES ('$title', '$sysstamp', '$public', '$visible');");
|
||||
$query = Database::prepare($this->database, "INSERT INTO ? (title, sysstamp, public, visible) VALUES ('?', '?', '?', '?')", [LYCHEE_TABLE_ALBUMS, $title, $sysstamp, $public, $visible]);
|
||||
$result = $this->database->query($query);
|
||||
|
||||
# Call plugins
|
||||
$this->plugins(__METHOD__, 1, func_get_args());
|
||||
@ -64,22 +65,23 @@ class Album extends Module {
|
||||
switch ($this->albumIDs) {
|
||||
|
||||
case 'f': $return['public'] = false;
|
||||
$query = "SELECT id, title, tags, public, star, album, thumbUrl, takestamp FROM lychee_photos WHERE star = 1 " . $this->settings['sorting'];
|
||||
$query = Database::prepare($this->database, "SELECT id, title, tags, public, star, album, thumbUrl, takestamp FROM ? WHERE star = 1 " . $this->settings['sorting'], [LYCHEE_TABLE_PHOTOS]);
|
||||
break;
|
||||
|
||||
case 's': $return['public'] = false;
|
||||
$query = "SELECT id, title, tags, public, star, album, thumbUrl, takestamp FROM lychee_photos WHERE public = 1 " . $this->settings['sorting'];
|
||||
$query = Database::prepare($this->database, "SELECT id, title, tags, public, star, album, thumbUrl, takestamp FROM ? WHERE public = 1 " . $this->settings['sorting'], [LYCHEE_TABLE_PHOTOS]);
|
||||
break;
|
||||
|
||||
case 'r': $return['public'] = false;
|
||||
$query = "SELECT id, title, tags, public, star, album, thumbUrl, takestamp FROM lychee_photos WHERE LEFT(id, 10) >= unix_timestamp(DATE_SUB(NOW(), INTERVAL 1 DAY)) " . $this->settings['sorting'];
|
||||
$query = Database::prepare($this->database, "SELECT id, title, tags, public, star, album, thumbUrl, takestamp FROM ? WHERE LEFT(id, 10) >= unix_timestamp(DATE_SUB(NOW(), INTERVAL 1 DAY)) " . $this->settings['sorting'], [LYCHEE_TABLE_PHOTOS]);
|
||||
break;
|
||||
|
||||
case '0': $return['public'] = false;
|
||||
$query = "SELECT id, title, tags, public, star, album, thumbUrl, takestamp FROM lychee_photos WHERE album = 0 " . $this->settings['sorting'];
|
||||
$query = Database::prepare($this->database, "SELECT id, title, tags, public, star, album, thumbUrl, takestamp FROM ? WHERE album = 0 " . $this->settings['sorting'], [LYCHEE_TABLE_PHOTOS]);
|
||||
break;
|
||||
|
||||
default: $albums = $this->database->query("SELECT * FROM lychee_albums WHERE id = '$this->albumIDs' LIMIT 1;");
|
||||
default: $query = Database::prepare($this->database, "SELECT * FROM ? WHERE id = '?' LIMIT 1", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$albums = $this->database->query($query);
|
||||
$return = $albums->fetch_assoc();
|
||||
$return['sysdate'] = date('d M. Y', $return['sysstamp']);
|
||||
$return['password'] = ($return['password']=='' ? false : true);
|
||||
@ -154,11 +156,15 @@ class Album extends Module {
|
||||
if ($public===false) $return = $this->getSmartInfo();
|
||||
|
||||
# Albums query
|
||||
$query = 'SELECT id, title, public, sysstamp, password FROM lychee_albums WHERE public = 1 AND visible <> 0';
|
||||
if ($public===false) $query = 'SELECT id, title, public, sysstamp, password FROM lychee_albums';
|
||||
$query = Database::prepare($this->database, 'SELECT id, title, public, sysstamp, password FROM ? WHERE public = 1 AND visible <> 0', [LYCHEE_TABLE_ALBUMS]);
|
||||
if ($public===false) $query = Database::prepare($this->database, 'SELECT id, title, public, sysstamp, password FROM ?', [LYCHEE_TABLE_ALBUMS]);
|
||||
|
||||
# Execute query
|
||||
$albums = $this->database->query($query) OR exit('Error: ' . $this->database->error);
|
||||
$albums = $this->database->query($query);
|
||||
if (!$albums) {
|
||||
Log::error($database, __METHOD__, __LINE__, 'Could not get all albums (' . $database->error . ')');
|
||||
exit('Error: ' . $this->database->error);
|
||||
}
|
||||
|
||||
# For each album
|
||||
while ($album = $albums->fetch_assoc()) {
|
||||
@ -171,7 +177,8 @@ class Album extends Module {
|
||||
if (($public===true&&$album['password']===false)||($public===false)) {
|
||||
|
||||
# Execute query
|
||||
$thumbs = $this->database->query("SELECT thumbUrl FROM lychee_photos WHERE album = '" . $album['id'] . "' ORDER BY star DESC, " . substr($this->settings['sorting'], 9) . " LIMIT 3");
|
||||
$query = Database::prepare($this->database, "SELECT thumbUrl FROM ? WHERE album = '?' ORDER BY star DESC, " . substr($this->settings['sorting'], 9) . " LIMIT 3", [LYCHEE_TABLE_PHOTOS, $album['id']]);
|
||||
$thumbs = $this->database->query($query);
|
||||
|
||||
# For each thumb
|
||||
$k = 0;
|
||||
@ -203,7 +210,8 @@ class Album extends Module {
|
||||
self::dependencies(isset($this->database, $this->settings));
|
||||
|
||||
# Unsorted
|
||||
$unsorted = $this->database->query("SELECT thumbUrl FROM lychee_photos WHERE album = 0 " . $this->settings['sorting']);
|
||||
$query = Database::prepare($this->database, 'SELECT thumbUrl FROM ? WHERE album = 0 ' . $this->settings['sorting'], [LYCHEE_TABLE_PHOTOS]);
|
||||
$unsorted = $this->database->query($query);
|
||||
$i = 0;
|
||||
while($row = $unsorted->fetch_object()) {
|
||||
if ($i<3) {
|
||||
@ -214,7 +222,8 @@ class Album extends Module {
|
||||
$return['unsortedNum'] = $unsorted->num_rows;
|
||||
|
||||
# Public
|
||||
$public = $this->database->query("SELECT thumbUrl FROM lychee_photos WHERE public = 1 " . $this->settings['sorting']);
|
||||
$query = Database::prepare($this->database, 'SELECT thumbUrl FROM ? WHERE public = 1 ' . $this->settings['sorting'], [LYCHEE_TABLE_PHOTOS]);
|
||||
$public = $this->database->query($query);
|
||||
$i = 0;
|
||||
while($row2 = $public->fetch_object()) {
|
||||
if ($i<3) {
|
||||
@ -225,7 +234,8 @@ class Album extends Module {
|
||||
$return['publicNum'] = $public->num_rows;
|
||||
|
||||
# Starred
|
||||
$starred = $this->database->query("SELECT thumbUrl FROM lychee_photos WHERE star = 1 " . $this->settings['sorting']);
|
||||
$query = Database::prepare($this->database, 'SELECT thumbUrl FROM ? WHERE star = 1 ' . $this->settings['sorting'], [LYCHEE_TABLE_PHOTOS]);
|
||||
$starred = $this->database->query($query);
|
||||
$i = 0;
|
||||
while($row3 = $starred->fetch_object()) {
|
||||
if ($i<3) {
|
||||
@ -236,7 +246,8 @@ class Album extends Module {
|
||||
$return['starredNum'] = $starred->num_rows;
|
||||
|
||||
# Recent
|
||||
$recent = $this->database->query("SELECT thumbUrl FROM lychee_photos WHERE LEFT(id, 10) >= unix_timestamp(DATE_SUB(NOW(), INTERVAL 1 DAY)) " . $this->settings['sorting']);
|
||||
$query = Database::prepare($this->database, 'SELECT thumbUrl FROM ? WHERE LEFT(id, 10) >= unix_timestamp(DATE_SUB(NOW(), INTERVAL 1 DAY)) ' . $this->settings['sorting'], [LYCHEE_TABLE_PHOTOS]);
|
||||
$recent = $this->database->query($query);
|
||||
$i = 0;
|
||||
while($row3 = $recent->fetch_object()) {
|
||||
if ($i<3) {
|
||||
@ -267,27 +278,30 @@ class Album extends Module {
|
||||
# Photos query
|
||||
switch($this->albumIDs) {
|
||||
case 's':
|
||||
$photos = "SELECT title, url FROM lychee_photos WHERE public = '1';";
|
||||
$zipTitle = 'Public';
|
||||
$photos = Database::prepare($this->database, 'SELECT title, url FROM ? WHERE public = 1', [LYCHEE_TABLE_PHOTOS]);
|
||||
$zipTitle = 'Public';
|
||||
break;
|
||||
case 'f':
|
||||
$photos = "SELECT title, url FROM lychee_photos WHERE star = '1';";
|
||||
$zipTitle = 'Starred';
|
||||
$photos = Database::prepare($this->database, 'SELECT title, url FROM ? WHERE star = 1', [LYCHEE_TABLE_PHOTOS]);
|
||||
$zipTitle = 'Starred';
|
||||
break;
|
||||
case 'r':
|
||||
$photos = "SELECT title, url FROM lychee_photos WHERE LEFT(id, 10) >= unix_timestamp(DATE_SUB(NOW(), INTERVAL 1 DAY));";
|
||||
$zipTitle = 'Recent';
|
||||
$photos = Database::prepare($this->database, 'SELECT title, url FROM ? WHERE LEFT(id, 10) >= unix_timestamp(DATE_SUB(NOW(), INTERVAL 1 DAY)) GROUP BY checksum', [LYCHEE_TABLE_PHOTOS]);
|
||||
$zipTitle = 'Recent';
|
||||
break;
|
||||
default:
|
||||
$photos = "SELECT title, url FROM lychee_photos WHERE album = '$this->albumIDs';";
|
||||
$zipTitle = 'Unsorted';
|
||||
$photos = Database::prepare($this->database, "SELECT title, url FROM ? WHERE album = '?'", [LYCHEE_TABLE_PHOTOS, $this->albumIDs]);
|
||||
$zipTitle = 'Unsorted';
|
||||
}
|
||||
|
||||
# Set title
|
||||
$album = $this->database->query("SELECT title FROM lychee_albums WHERE id = '$this->albumIDs' LIMIT 1;");
|
||||
if ($this->albumIDs!=0&&is_numeric($this->albumIDs)) $zipTitle = $album->fetch_object()->title;
|
||||
if ($this->albumIDs!=0&&is_numeric($this->albumIDs)) {
|
||||
$query = Database::prepare($this->database, "SELECT title FROM ? WHERE id = '?' LIMIT 1", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$album = $this->database->query($query);
|
||||
$zipTitle = $album->fetch_object()->title;
|
||||
}
|
||||
|
||||
# Parse title
|
||||
# Escape title
|
||||
$zipTitle = str_replace($badChars, '', $zipTitle);
|
||||
|
||||
$filename = LYCHEE_DATA . $zipTitle . '.zip';
|
||||
@ -380,7 +394,8 @@ class Album extends Module {
|
||||
if (strlen($title)>50) $title = substr($title, 0, 50);
|
||||
|
||||
# Execute query
|
||||
$result = $this->database->query("UPDATE lychee_albums SET title = '$title' WHERE id IN ($this->albumIDs);");
|
||||
$query = Database::prepare($this->database, "UPDATE ? SET title = '?' WHERE id IN (?)", [LYCHEE_TABLE_ALBUMS, $title, $this->albumIDs]);
|
||||
$result = $this->database->query($query);
|
||||
|
||||
# Call plugins
|
||||
$this->plugins(__METHOD__, 1, func_get_args());
|
||||
@ -406,7 +421,8 @@ class Album extends Module {
|
||||
if (strlen($description)>1000) $description = substr($description, 0, 1000);
|
||||
|
||||
# Execute query
|
||||
$result = $this->database->query("UPDATE lychee_albums SET description = '$description' WHERE id IN ($this->albumIDs);");
|
||||
$query = Database::prepare($this->database, "UPDATE ? SET description = '?' WHERE id IN (?)", [LYCHEE_TABLE_ALBUMS, $description, $this->albumIDs]);
|
||||
$result = $this->database->query($query);
|
||||
|
||||
# Call plugins
|
||||
$this->plugins(__METHOD__, 1, func_get_args());
|
||||
@ -430,7 +446,8 @@ class Album extends Module {
|
||||
if ($this->albumIDs==='0'||$this->albumIDs==='s'||$this->albumIDs==='f') return false;
|
||||
|
||||
# Execute query
|
||||
$albums = $this->database->query("SELECT public FROM lychee_albums WHERE id = '$this->albumIDs' LIMIT 1;");
|
||||
$query = Database::prepare($this->database, "SELECT public FROM ? WHERE id = '?' LIMIT 1", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$albums = $this->database->query($query);
|
||||
$album = $albums->fetch_object();
|
||||
|
||||
# Call plugins
|
||||
@ -449,10 +466,11 @@ class Album extends Module {
|
||||
# Call plugins
|
||||
$this->plugins(__METHOD__, 0, func_get_args());
|
||||
|
||||
if ($this->albumIDs==='0'||$this->albumIDs==='s'||$this->albumIDs==='f') return false;
|
||||
if ($this->albumIDs==='0'||$this->albumIDs==='s'||$this->albumIDs==='f'||$this->albumIDs==='r') return false;
|
||||
|
||||
# Execute query
|
||||
$albums = $this->database->query("SELECT downloadable FROM lychee_albums WHERE id = '$this->albumIDs' LIMIT 1;");
|
||||
$query = Database::prepare($this->database, "SELECT downloadable FROM ? WHERE id = '?' LIMIT 1", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$albums = $this->database->query($query);
|
||||
$album = $albums->fetch_object();
|
||||
|
||||
# Call plugins
|
||||
@ -472,7 +490,8 @@ class Album extends Module {
|
||||
$this->plugins(__METHOD__, 0, func_get_args());
|
||||
|
||||
# Get public
|
||||
$albums = $this->database->query("SELECT id, public FROM lychee_albums WHERE id IN ('$this->albumIDs');");
|
||||
$query = Database::prepare($this->database, "SELECT id, public FROM ? WHERE id IN ('?')", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$albums = $this->database->query($query);
|
||||
|
||||
while ($album = $albums->fetch_object()) {
|
||||
|
||||
@ -486,7 +505,8 @@ class Album extends Module {
|
||||
$downloadable = ($downloadable==='true' ? 1 : 0);
|
||||
|
||||
# Set public
|
||||
$result = $this->database->query("UPDATE lychee_albums SET public = '$public', visible = '$visible', downloadable = '$downloadable', password = NULL WHERE id = '$album->id';");
|
||||
$query = Database::prepare($this->database, "UPDATE ? SET public = '?', visible = '?', downloadable = '?', password = NULL WHERE id = '?'", [LYCHEE_TABLE_ALBUMS, $public, $visible, $downloadable, $album->id]);
|
||||
$result = $this->database->query($query);
|
||||
if (!$result) {
|
||||
Log::error($this->database, __METHOD__, __LINE__, $this->database->error);
|
||||
return false;
|
||||
@ -494,7 +514,8 @@ class Album extends Module {
|
||||
|
||||
# Reset permissions for photos
|
||||
if ($public===1) {
|
||||
$result = $this->database->query("UPDATE lychee_photos SET public = 0 WHERE album = '$album->id';");
|
||||
$query = Database::prepare($this->database, "UPDATE ? SET public = 0 WHERE album = '?'", [LYCHEE_TABLE_PHOTOS, $album->id]);
|
||||
$result = $this->database->query($query);
|
||||
if (!$result) {
|
||||
Log::error($this->database, __METHOD__, __LINE__, $this->database->error);
|
||||
return false;
|
||||
@ -527,12 +548,16 @@ class Album extends Module {
|
||||
$password = get_hashed_password($password);
|
||||
|
||||
# Set hashed password
|
||||
$result = $this->database->query("UPDATE lychee_albums SET password = '$password' WHERE id IN ('$this->albumIDs');");
|
||||
# Do not prepare $password because it is hashed and save
|
||||
# Preparing (escaping) the password would destroy the hash
|
||||
$query = Database::prepare($this->database, "UPDATE ? SET password = '$password' WHERE id IN ('?')", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$result = $this->database->query($query);
|
||||
|
||||
} else {
|
||||
|
||||
# Unset password
|
||||
$result = $this->database->query("UPDATE lychee_albums SET password = NULL WHERE id IN ('$this->albumIDs');");
|
||||
$query = Database::prepare($this->database, "UPDATE ? SET password = NULL WHERE id IN ('?')", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$result = $this->database->query($query);
|
||||
|
||||
}
|
||||
|
||||
@ -556,7 +581,8 @@ class Album extends Module {
|
||||
$this->plugins(__METHOD__, 0, func_get_args());
|
||||
|
||||
# Execute query
|
||||
$albums = $this->database->query("SELECT password FROM lychee_albums WHERE id = '$this->albumIDs' LIMIT 1;");
|
||||
$query = Database::prepare($this->database, "SELECT password FROM ? WHERE id = '?' LIMIT 1", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$albums = $this->database->query($query);
|
||||
$album = $albums->fetch_object();
|
||||
|
||||
# Call plugins
|
||||
@ -568,7 +594,7 @@ class Album extends Module {
|
||||
|
||||
}
|
||||
|
||||
public function delete($albumIDs) {
|
||||
public function delete() {
|
||||
|
||||
# Check dependencies
|
||||
self::dependencies(isset($this->database, $this->albumIDs));
|
||||
@ -580,7 +606,8 @@ class Album extends Module {
|
||||
$error = false;
|
||||
|
||||
# Execute query
|
||||
$photos = $this->database->query("SELECT id FROM lychee_photos WHERE album IN ($albumIDs);");
|
||||
$query = Database::prepare($this->database, "SELECT id FROM ? WHERE album IN (?)", [LYCHEE_TABLE_PHOTOS, $this->albumIDs]);
|
||||
$photos = $this->database->query($query);
|
||||
|
||||
# For each album delete photo
|
||||
while ($row = $photos->fetch_object()) {
|
||||
@ -591,7 +618,8 @@ class Album extends Module {
|
||||
}
|
||||
|
||||
# Delete albums
|
||||
$result = $this->database->query("DELETE FROM lychee_albums WHERE id IN ($albumIDs);");
|
||||
$query = Database::prepare($this->database, "DELETE FROM ? WHERE id IN (?)", [LYCHEE_TABLE_ALBUMS, $this->albumIDs]);
|
||||
$result = $this->database->query($query);
|
||||
|
||||
# Call plugins
|
||||
$this->plugins(__METHOD__, 1, func_get_args());
|
||||
|
||||
Loading…
Reference in New Issue
Block a user