//Page for displaying the images a user has selected.
//Allows addition and removal of images
/*********************************************
* Copyright (c) 2002 TheGlasgowStory & HATII *
* Written by Brian Aitken, *
*********************************************/
/******************
* Image directory *
******************/
$imgdir = "images/";
//session needed for links & photo album
session_start();
include("error.inc");
include("staff/connect.php");
include("session.inc");
include("logon.php");
include("inc.inc");
//need to register user's IP address for all logs
//Only need to do this once per user
$isip = session_is_registered("userip");
if (!$isip)
{
session_register("userip");
if (getenv(HTTP_X_FORWARDED_FOR))
$userip=getenv(HTTP_X_FORWARDED_FOR);
else
$userip=getenv(REMOTE_ADDR);
}
//resets all session information to zero
if ($unreg == 1)
{
session_unregister("select_num");
session_unregister("select_ids");
$select_num = 0;
$select_ids = array();
//if user logged in empty save_auto as well
if($user)
{
$savea = mysql_query("delete from save_auto where user = '$user'");
}
}
//check to make sure link present and if not assign it to index
if (!$link)
$link = "index.php";
//assign error stuff
$head = "An error has occurred with TheGlasgowStory";
$back = "index.php";
$backtext = "Either click your browser's 'back' button or click on this link to return to TheGlasgowStory index page";
/***********************************
* Code to run if album to be saved *
***********************************/
if ($save == 99)
{
$head = "Problem saving album";
$backlink = "album.php?link=".$link;
$backtext = "Please try again";
//need to check a save name was entered
if (empty($savename))
{
dohead("TheGlasgowStory - ".$head);
$message = "You didn't enter a save name.
If the problem persists e-mail
webmaster@theglasgowstory.com quoting error code TGSEU011.
";
error($head, $message, $backlink, $backtext);
}
//add htmlspecialchars
$savename = htmlspecialchars($savename);
//first check to see whether savename already in use (unless already asked the question)
if ($okay != 99)
{
$check = mysql_query("select count(*) from save where user = '$user' and savename = '$savename'");
if (!$check)
{
dohead("TheGlasgowStory - ".$head);
$message = "Unable to save album at the moment.
If the problem persists e-mail
webmaster@theglasgowstory.com quoting error code TGSEU012.
";
error($head, $message, $backlink, $backtext);
}
$check = mysql_result($check,0,0);
}
/****************************************************
* Need to delete existing save file if user says so *
****************************************************/
if ($okay ==99)
{
$remove = mysql_query("delete from save where user = '$user' and savename = '$savename'");
if (!$remove)
{
dohead("TheGlasgowStory - ".$head);
$message = "Unable to remove your previously saved album at the moment.
If the problem persists e-mail
webmaster@theglasgowstory.com quoting error code TGSEU013.
";
error($head, $message, $backlink, $backtext);
}
}
/*********************************************************
* Check to make sure user doesn't have more than 5 saves *
*********************************************************/
if ($check <1)
{
$numsaves = mysql_query("select distinct savename from save where user = '$user'");
if (!$numsaves)
{
dohead("TheGlasgowStory - ".$head);
$message = "Unable save album at the moment.
If the problem persists e-mail
webmaster@theglasgowstory.com quoting error code TGSEU014.
";
error($head, $message, $backlink, $backtext);
}
$numsaves = mysql_num_rows($numsaves);
if ($numsaves >=5)
{
dohead("TheGlasgowStory - ".$head);
$message = "You already have 5 albums saved.";
error($head, $message, "saves.php", "To delete a saved album go to this page");
}
/**********************
* Insert save into db *
**********************/
while ($element = each($select_ids))
{
$saveinsert = mysql_query("insert into save set user = '$user', savename = '$savename', inum = '$element[key]'");
if (!$saveinsert)
{
dohead("TheGlasgowStory - ".$head);
$message = "A problem has arisen whilst saving you album.
If the problem persists e-mail
webmaster@theglasgowstory.com quoting error code TGSEU015.
";
error($head, $message, $backlink, $backtext);
}
}
reset($select_ids);
$saved = 99;
$link = urldecode($link);
/****************
* Log user save *
****************/
$date = date(U);
$log = mysql_query("insert into accesslog set ip = '$userip', uname = '$user', logdate = '$date',
actiontype = 'Album save', details = 'albumname = $savename'");
}
}
/****************************************
* Loads saved images if variable passed *
****************************************/
if ($load)
{
$load = htmlspecialchars($load);
/***********************************************************
* Check to make sure selected album is 'owned' by the user *
***********************************************************/
$owns = mysql_query("select count(savename) from save where savename = '$load' and user = '$user'");
if (!$owns)
{
dohead("TheGlasgowStory: Error");
$message = "Unable to load saved album.
If the problem persists e-mail
webmaster@theglasgowstory.com quoting error code TGSEU016.";
error($head, $message, $back, $backtext);
}
$owns = mysql_result($owns,0,0);
if ($owns <1)
{
dohead("TheGlasgowStory: Error");
$message = "Unable to load saved album.
If the problem persists e-mail
webmaster@theglasgowstory.com quoting error code TGSEU017.";
error($head, $message, $back, $backtext);
}
/***************************
* Retrieve saved image IDs *
***************************/
$getsave = mysql_query("select inum from save where savename = '$load' and user = '$user'");
if (!$getsave)
{
dohead("TheGlasgowStory: Error");
$message = "Unable to load saved album.
If the problem persists e-mail
webmaster@theglasgowstory.com quoting error code TGSEU018.";
error($head, $message, $back, $backtext);
}
session_unregister("select_num");
session_unregister("select_ids");
session_register("select_num");
session_register("select_ids");
/*********************************************
* NOTE: Also replacing save_auto with images *
*********************************************/
$del = mysql_query("delete from save_auto where user = '$user'");
$select_num = 0;
$select_ids = array();
$number = mysql_num_rows($getsave);
$select_num = $number;
for ($i=0;$i<$number;$i++)
{
$row = mysql_fetch_array($getsave);
$select_ids[$row[inum]] = 1;
$saveinsert = mysql_query("insert into save_auto set user = '$user', inum = '$row[inum]'");
}
/****************
* Log user load *
****************/
$date = date(U);
$log = mysql_query("insert into accesslog set ip = '$userip', uname = '$user', logdate = '$date',
actiontype = 'Album load', details = 'albumname = $load'");
}
$period = "N";
if ($save == 99 && $check >0)
$title = "Savename '".$savename."' already in use";
else if ($load)
$title = "Photo Album '".$load."' loaded";
else if ($saved == 99 && !$check)
$title = "Photo Album '".$savename."' saved";
else
$title = "Your Photo Album";
format_pre($period, stripslashes($title), $feature, $_COOKIE);
?>
Do you want to replace it?