su_check(access_control::SU_RIGHT_UPLOADCONTROL,true); if (is_numeric($_GET['checkto'])) { picture_save_checker($_GET['checkto'],$_GET['type'],$_GET['uid'],true); redirect( urldecode($_GET['ret']) ); } /*if ($_GET['checkedby']) { picture_save_checker($_GET['checkedby'],$_GET['type'],$_GET['uid']); //redirect( urldecode($_GET['ret']) ); }*/ //Soll ein Bild gesperrt werden? if ($_GET['locking']) { picture_locking(); redirect( urldecode($_GET['ret']) ); } //Soll ein Bild wieder frei gegeben werden? if ($_GET['unblock']) { picture_unblock(); redirect( urldecode($_GET['ret']) ); } //Soll ein Bild gelöscht werden? if ($_GET['erase']) { picture_erase(); redirect( urldecode($_GET['ret']) ); } //Name der Datei... $str_filename = basename(__FILE__); //Name der Datei samt allen GET-Parametern $str_filename_get = $str_filename . '?'; foreach ($_GET AS $key => $val) { $str_filename_get .= $key . '=' . $val . '&'; } //Page-Header = Denglish deluxe ;) page_header('Bilder Upload Control Center - BUCC'); //Die Output-Datei $str_output = ''; //Eine einheitliche Überschrift output('`0`c`&Bilder Upload Control Center - BUCC`0`c`n'); //Ein Rettungsanker ;) .. .noch nicht eingebaut ;) /*if( !empty($_REQUEST['ret']) ) { addnav('Zum Ausgangspunkt',urldecode($_REQUEST['ret'])); }*/ grotto_nav(); // Alle Links in der Kontrolle picture_control_nav(); // Evtl. Fehler / Erfolgsmeldungen anzeigen if($session['message'] && $_GET['op'] != 'single') { $str_output .= '`n`b'.$session['message'].'`b`n`n'; unset($session['message']); } if (!is_array($session['cache']['accounts']) || !is_array($session['cache']['account_keys'])) { $session['cache']['accounts'] = db_create_list(db_query('SELECT `acctid`,`login`, `name` FROM `accounts`'),'acctid'); $session['cache']['account_keys'] = array_keys($session['cache']['accounts']); } switch ($_GET['op']) { default: die('Huch, diesen GET-Parameter [op] gibt es gar nicht!'); break; //Falls leer, zeige die Pakete an... case '': //Der Start-Parameter ist die Paketnummer... $get_start = (int) $_GET['start']; //Die $start-Variable ist der Start-Wert für die folgende DB-Abfrage... $start = ($get_start > 0 ? $get_start * $bilder_max : 0) ; //Hole alle User des Pakets... /*$sql = " SELECT `acctid`, `login`, `name` FROM `accounts` LIMIT " . $start . "," . $bilder_max . " "; $res = db_query($sql); $max = db_num_rows($res);*/ $max = empty($session['cache']['account_keys'][$start + $bilder_max]) ? $user_gesamt - $start : $bilder_max; //Navigation durch die Pakete addnav('Navigation'); $str_output .= '`c'; if ($start) { $before = ($start/$bilder_max - 1); $str_output .= create_lnk('<<', $str_filename . '?start=' . $before ,true,true,'',false,'Zurück (Nr. ' . $before . ')',CREATE_LINK_LEFT_NAV_HOTKEY); } else { $str_output .= '<<'; } $str_output .= ' `bPaket Nr. ' . $get_start . '`b '; if ($max == $bilder_max) { $next = ($start/$bilder_max + 1); $str_output .= create_lnk('>>', $str_filename . '?start=' . $next,true,true,'',false,'Weiter (Nr. ' . $next . ')',CREATE_LINK_LEFT_NAV_HOTKEY); } else { $str_output .= '>>'; } $str_output .= '`c`n'; //Kleine Überschrift für die Pakete... $str_output .= $max . ' Charaktere gefunden: '; $str_output .= '(Nr. ' . ($get_start * $bilder_max + 1) . ' - ' . ($get_start * $bilder_max + $max); $str_output .= ' von ' . $user_gesamt . ' angemeldeten)'; $str_output .= '`n`n'; $str_output .= ' `c '; //Schreibe und verlinke alle User des Pakets... for ($i = 0, $j = $start; $j < ($start + $bilder_max - 1) && !empty($session['cache']['account_keys'][$j]) ; $j++, $i++) { $row = $session['cache']['accounts'][$session['cache']['account_keys'][$j]]; $class = $i%2?'trlight':'trdark'; $str_output .= ' '; } break; //Für einzelne User... case 'single': //Die Acctid wird entweder per $_GET['id'] (normale Links), oder per $_POST['acctid'] (Suchformular) übergeben... if (empty($_GET['id'])) { $id = (int) $_POST['acctid']; redirect($str_filename . '?op=single&id='.$id); } else { $id = (int) $_GET['id']; } if ($id <= 0) { $session['message'] = '`4Ungültige Id mitgeschickt! Bitte nur natürliche Zahlen verwenden.`0'; redirect($str_filename . '?op=search'); } picture_control_user_single($id); break; //AJAX-Suchformular, gesucht werden kann nicht nach der Acctid x( case 'search': $str_output .= '`0 `c `tUser-Suche`0 `c

`INach wem möchtest du suchen?`n `y(Unvollständige Namen werden automatisch ergänzt. Du wirst nochmal zum Bestätigen aufgefordert).`0`n `n '.form_header($str_filename . '?op=single','post',true,'search_form','if(document.getElementById(\'search_sel\').selectedIndex > -1) {this.submit();} else {search();return false;}').' '.jslib_search('document.getElementById("search_form").submit();','User betrachten!','account','',true).'

'; //Traditionelle Suche ;) $str_output .= '`n`n `IHier kannst du auch die Account-Id direkt eingeben, wenn du willst:`0`n `n `n '; break; case 'search_comments': $str_output .= ' `ISoso, du willst also die Künstler und Kommentare durchsuchen?`n Nach was genau denn?`0`n '.form_header($str_filename . '?op=search_comments_found'). ' Standardsuchstring ist "%Suchbegriff%"! Für weitere Platzhalter, füge weitere "%" ein:`n '; if ($_GET['mistake']) { $str_output .= '`n`4' . $_GET['mistake'] . '`0'; } break; case 'search_comments_found': if ($_POST['search']) { $search = $_POST['search']; $search_type = $_POST['search_type']; }elseif ($_GET['search']) { $search = $_GET['search']; $search_type = $_GET['search_type']; } $_GET['search'] = urlencode($search); $_GET['search_type'] = urlencode($search_type); $search = db_real_escape_string($search); if (!$search) redirect($str_filename . '?op=search_comments&mistake=' . urlencode("Hast du überhaupt 'was eingegeben?!")); //Der Start-Parameter ist die Paketnummer... $get_start = (int) $_GET['start']; //Die $start-Variable ist der Start-Wert für die folgende DB-Abfrage... $start = ($get_start > 0 ? $get_start * $bilder_max : 0) ; $sql = " SELECT * FROM `" . PICTURE_TABLE . "` WHERE `author` LIKE '%" . $search."%' OR `text` LIKE '%" . $search."%' LIMIT " . $start . "," . $bilder_max . " "; $res = db_query($sql); $str_output .= '`c

Account-Id	Name	Link
' . $row['acctid'] . '	' . jslib_getmenuuserlink($row,$row, true) . '	' . create_lnk('Betrachten', $str_filename . '?op=single&id=' . $row['acctid']) . '

'; while ($row = db_fetch_object($res)) { if (is_numeric($row->small_letter)) $row->small_letter = '[' . $row->small_letter . ']'; $path = AVATAR_UPLOAD_WEBDIR . $row->userid . '.' . $row->small_letter . '.jpg'; $path_sec = AVATAR_SECURE_WEBDIR . $row->userid . '.' . $row->small_letter . '.jpg'; if (is_file($path) && ($search_type == 'blocked' || $search_type == 'both')) { picture_show_single(AVATAR_UPLOAD_WEBDIR, $row->userid, $row->small_letter); } if (is_file($path_sec) && ($search_type == 'free' || $search_type == 'both')) { picture_show_single(AVATAR_SECURE_WEBDIR, $row->userid, $row->small_letter); } } $str_output .= '

`c'; break; case 'blocked': if($f_handle = @dir(AVATAR_UPLOAD_WEBDIR)) { $shown_picture = false; $sql = " SELECT * FROM `" . PICTURE_TABLE . "` "; $res = db_query($sql); while ($row = db_fetch_object($res)) { $pictures_info[$row->userid][$row->small_letter]['author'] = $row->author; $pictures_info[$row->userid][$row->small_letter]['text'] = $row->text; } $str_output .= '`c'; while (false !== ($str_file = $f_handle->read())) { // Infos rausfiltern $arr_tmp = explode('.',$str_file); if (end($arr_tmp) != 'jpg') continue; picture_show_single(AVATAR_UPLOAD_WEBDIR, $arr_tmp[0], $arr_tmp[1]); } if (!$shown_picture) { $str_output .= ''; } $str_output .= '

`4Keine Bilder gesperrt!`0

`c'; if ($session['message']) { $str_output .= $session['message']; $session['message'] = ''; } } else { die('Fehler beim Verzeichnisöffnen'); } break; case 'importthelatest': $sql = " SELECT * FROM `" . PICTURE_TABLE . "` WHERE `time` = '00-00-00 00:00' LIMIT 100 "; $res = db_query($sql); $max = db_num_rows($res); if ($max) { $str_output .= $max . ' Einträge gefunden!`n Trage ein:`n `n '; for ($i = 1; $row = db_fetch_object($res); $i++) { $str_output .= '`^' . $i . ' '; $path = AVATAR_SECURE_WEBDIR . $row->userid . '.' . $row->small_letter . '.jpg'; $time = 0; if (is_file($path)) $time = filemtime($path); if ($time) { $str_output .= '`7Bild von User ' . $row->userid . ' mit Small_letter ' . $row->small_letter . ' im Uploadordner gefunden!`n'; } else { $path = AVATAR_UPLOAD_WEBDIR . $row->userid . '.' . $row->small_letter . '.jpg'; if (is_file($path)) $time = filemtime($path); if ($time) { $str_output .= '`7Bild von User ' . $row->userid . ' mit Small_letter ' . $row->small_letter . ' im Sperrordner gefunden!`n'; } else { $str_output .= '`4Datei des Users `@' . $row->userid . ' `4mit Small_letter `@' . $row->small_letter . " `4wurde nicht gefunden, trotz DB-Eintrag!`n"; } } if ($time) { $sql = " UPDATE `" . PICTURE_TABLE . "` SET `time` = '" . date('Y-m-d H:i', $time) . "' WHERE `userid` = '" . $row->userid . "' AND `small_letter` = '" . $row->small_letter . "' "; db_query($sql); } else { $sql = " UPDATE `" . PICTURE_TABLE . "` SET `time` = '0000-00-00 00:01' WHERE `userid` = '" . $row->userid . "' AND `small_letter` = '" . $row->small_letter . "' "; db_query($sql); } } } else { $str_output .= 'Scheinbar nichts mehr einzutragen...?'; } break; case 'latest': $dir = $_GET['subop'] == 'blocked' ? AVATAR_UPLOAD_WEBDIR : AVATAR_SECURE_WEBDIR; $page = (!empty($_GET['page']))?(int)$_GET['page']:0; $per_page = 50; $data = array(); $str_output .= ' `c`tDie neuesten' . ($_GET['subop'] == 'blocked' ? ' `4blockierten`t' : '') . ' Bilder!`0`n`n '; //Sortierung nach Speicherdatum abwärts $handle = opendir($dir); while ($file = readdir($handle)) { $arr_tmp = explode('.',$file); if (end($arr_tmp) != 'jpg') continue; $filedate = filemtime($dir . $file); $data[$file] = $filedate; } closedir($handle); $found = count($data); natsort($data); $data = array_reverse($data); $i = 0; foreach ($data AS $file => $filedate) { $i++; if ($i > $per_page * $page && $i <= $per_page * $page + $per_page) { $arr_tmp = explode('.',$file); picture_show_single($dir, $arr_tmp[0], $arr_tmp[1]); } } $str_output .= '

`c'; page_nav($str_filename . '?op=latest&subop=' . urlencode($_GET['subop']), $found, $per_page); break; case 'unchecked': $str_output .= 'Hier max. 50 der unkontrollierten Bilder:`n`n`c'; $sql = " SELECT * FROM `" . PICTURE_TABLE . "` WHERE `checkedby` = 0 AND `status` = 0 ORDER BY `time` DESC LIMIT 50 "; $res = db_query($sql); if(!db_num_rows($res)) { $str_output .= ''; } while ($row = db_fetch_object($res)) { if (is_numeric($row->small_letter)) $row->small_letter = '[' . $row->small_letter . ']'; $path = AVATAR_UPLOAD_WEBDIR . $row->userid . '.' . $row->small_letter . '.jpg'; $path_sec = AVATAR_SECURE_WEBDIR . $row->userid . '.' . $row->small_letter . '.jpg'; if (is_file($path)) { picture_show_single(AVATAR_UPLOAD_WEBDIR, $row->userid, $row->small_letter, true); } if (is_file($path_sec)) { picture_show_single(AVATAR_SECURE_WEBDIR, $row->userid, $row->small_letter, true); } } $str_output .= '

Nix gefunden!

`c'; break; case 'myunchecked': $str_output .= 'Hier alle meine mir zugewiesenen Bilder:`n`n`c'; $sql = " SELECT * FROM `" . PICTURE_TABLE . "` WHERE `status` = " . $session['user']['acctid'] . " ORDER BY `userid` DESC "; $res = db_query($sql); if(!db_num_rows($res)) { $str_output .= ''; } while ($row = db_fetch_object($res)) { if (is_numeric($row->small_letter)) $row->small_letter = '[' . $row->small_letter . ']'; $path = AVATAR_UPLOAD_WEBDIR . $row->userid . '.' . $row->small_letter . '.jpg'; $path_sec = AVATAR_SECURE_WEBDIR . $row->userid . '.' . $row->small_letter . '.jpg'; if (is_file($path)) { picture_show_single(AVATAR_UPLOAD_WEBDIR, $row->userid, $row->small_letter, true); } if (is_file($path_sec)) { picture_show_single(AVATAR_SECURE_WEBDIR, $row->userid, $row->small_letter, true); } } break; } //Das Output ausspucken... output($str_output); //Das AJAX-Menü laden jslib_initmenu(); //Page-Footer -> FERDISCH x) page_footer(); ?>

Nix gefunden!