mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-05 17:32:25 +02:00
Merge branch 'master' into issue-2386-update-filters-users-activity
This commit is contained in:
@@ -1127,6 +1127,12 @@ function auto_login()
|
||||
$key = calculate_auto_login_key( $cookie[0], $cookie[1], $username );
|
||||
if ($key!==false and $key===$cookie[2])
|
||||
{
|
||||
// Since Piwigo 16, 'connected_with' in the session defines the authentication context (UI, API, etc).
|
||||
// Auto-login via remember-me may miss this, so we set it to 'pwg_ui' for UI logins (not API).
|
||||
if (script_basename() != 'ws')
|
||||
{
|
||||
$_SESSION['connected_with'] = 'pwg_ui';
|
||||
}
|
||||
log_user($cookie[0], true);
|
||||
trigger_notify('login_success', stripslashes($username));
|
||||
return true;
|
||||
@@ -2633,4 +2639,20 @@ SELECT
|
||||
|
||||
return $api_keys;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is connected with pwg_ui (identification.php)
|
||||
*
|
||||
* @since 16
|
||||
* @return bool
|
||||
*/
|
||||
function connected_with_pwg_ui()
|
||||
{
|
||||
// You can manage your api key only if you are connected via identification.php
|
||||
if (isset($_SESSION['connected_with']) and 'pwg_ui' === $_SESSION['connected_with'])
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -1780,6 +1780,7 @@ function ws_images_upload($params, $service)
|
||||
@fclose($out);
|
||||
@fclose($in);
|
||||
|
||||
$add_status = "add";
|
||||
// Check if file has been uploaded
|
||||
if (!$chunks || $chunk == $chunks - 1)
|
||||
{
|
||||
@@ -1803,22 +1804,44 @@ SELECT *
|
||||
|
||||
$image = $images[0];
|
||||
|
||||
add_format($filePath, $format_ext, $image['id']);
|
||||
$add_status = add_format($filePath, $format_ext, $image['id']);
|
||||
|
||||
return array(
|
||||
'image_id' => $image['id'],
|
||||
'src' => DerivativeImage::thumb_url($image),
|
||||
'square_src' => DerivativeImage::url(ImageStdParams::get_by_type(IMG_SQUARE), $image),
|
||||
'name' => $image['name'],
|
||||
);
|
||||
'add_status' => $add_status,
|
||||
);
|
||||
}
|
||||
|
||||
$name = pwg_db_real_escape_string(stripslashes($params['name']));
|
||||
$id_image = null; //null by default
|
||||
|
||||
if ($params['update_mode'])
|
||||
{
|
||||
$query = '
|
||||
SELECT
|
||||
id
|
||||
FROM '.IMAGES_TABLE.' AS i
|
||||
INNER JOIN '.IMAGE_CATEGORY_TABLE.' as ic ON ic.image_id = i.id
|
||||
WHERE i.file = \''.$name.'\'
|
||||
AND ic.category_id = '.$params['category'][0].'
|
||||
;';
|
||||
$images = query2array($query);
|
||||
if ($images != null)
|
||||
{
|
||||
$id_image = $images[0]['id']; //take the id of the already existing image to replace it
|
||||
$add_status = "update";
|
||||
}
|
||||
}
|
||||
|
||||
$image_id = add_uploaded_file(
|
||||
$filePath,
|
||||
stripslashes($params['name']), // function add_uploaded_file will secure before insert
|
||||
$name, // function add_uploaded_file will secure before insert
|
||||
$params['category'],
|
||||
$params['level'],
|
||||
null // image_id = not provided, this is a new photo
|
||||
$id_image
|
||||
);
|
||||
|
||||
$query = '
|
||||
@@ -1845,6 +1868,7 @@ SELECT
|
||||
COUNT(*)
|
||||
FROM '.LOUNGE_TABLE.'
|
||||
WHERE category_id = '.$params['category'][0].'
|
||||
AND image_id NOT IN (Select image_id from '.IMAGE_CATEGORY_TABLE.')
|
||||
;';
|
||||
list($nb_photos_lounge) = pwg_db_fetch_row(pwg_query($query));
|
||||
|
||||
@@ -1859,7 +1883,8 @@ SELECT
|
||||
'id' => $params['category'][0],
|
||||
'nb_photos' => $category_infos['nb_photos'] + $nb_photos_lounge,
|
||||
'label' => $category_name,
|
||||
)
|
||||
),
|
||||
'add_status' => $add_status
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -2220,7 +2245,6 @@ SELECT id, file
|
||||
*
|
||||
* @since 13
|
||||
* @param mixed[] $params
|
||||
* @option string category_id (optional)
|
||||
* @option string filename_list
|
||||
*/
|
||||
function ws_images_formats_searchImage($params, $service)
|
||||
@@ -2251,6 +2275,19 @@ SELECT
|
||||
return strlen($b) - strlen($a);
|
||||
});
|
||||
|
||||
$query = '
|
||||
SELECT
|
||||
image_id,
|
||||
ext
|
||||
FROM '.IMAGE_FORMAT_TABLE.'
|
||||
;';
|
||||
$result = pwg_query($query);
|
||||
while ($row = pwg_db_fetch_assoc($result))
|
||||
{
|
||||
$format_image_id = $row['image_id'];
|
||||
@$format_db[ $format_image_id ][] = $row['ext'];
|
||||
}
|
||||
|
||||
$result = array();
|
||||
|
||||
foreach ($candidates as $format_external_id => $format_filename)
|
||||
@@ -2275,8 +2312,17 @@ SELECT
|
||||
$result[$format_external_id] = array('status' => 'multiple');
|
||||
continue;
|
||||
}
|
||||
|
||||
$result[$format_external_id] = array('status' => 'found', 'image_id' => $unique_filenames_db[$candidate_filename_wo_ext][0]);
|
||||
$img_id = $unique_filenames_db[$candidate_filename_wo_ext][0];
|
||||
$mult_form = false;
|
||||
if (isset($format_db[$img_id]))
|
||||
{
|
||||
$format_ext = pathinfo($format_filename, PATHINFO_EXTENSION);
|
||||
if (array_search($format_ext, $format_db[$img_id])!==false)
|
||||
{
|
||||
$mult_form = true;
|
||||
}
|
||||
}
|
||||
$result[$format_external_id] = array('status' => 'found', 'image_id' => $img_id, 'format_exist' => $mult_form);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
@@ -962,7 +962,7 @@ function ws_create_api_key($params, &$service)
|
||||
{
|
||||
global $user, $logger;
|
||||
|
||||
if (is_a_guest() OR !can_manage_api_key()) return new PwgError(401, 'Acces Denied');
|
||||
if (is_a_guest() OR !connected_with_pwg_ui()) return new PwgError(401, 'Acces Denied');
|
||||
|
||||
if (get_pwg_token() != $params['pwg_token'])
|
||||
{
|
||||
@@ -999,7 +999,7 @@ function ws_revoke_api_key($params, &$service)
|
||||
{
|
||||
global $user, $logger;
|
||||
|
||||
if (is_a_guest() OR !can_manage_api_key()) return new PwgError(401, 'Acces Denied');
|
||||
if (is_a_guest() OR !connected_with_pwg_ui()) return new PwgError(401, 'Acces Denied');
|
||||
|
||||
if (get_pwg_token() != $params['pwg_token'])
|
||||
{
|
||||
@@ -1038,7 +1038,7 @@ function ws_edit_api_key($params, &$service)
|
||||
return new PwgError(401, 'Acces Denied');
|
||||
}
|
||||
|
||||
if (!can_manage_api_key())
|
||||
if (!connected_with_pwg_ui())
|
||||
{
|
||||
return new PwgError(401, 'Acces Denied');
|
||||
}
|
||||
@@ -1081,7 +1081,7 @@ function ws_get_api_key($params, &$service)
|
||||
return new PwgError(401, 'Acces Denied');
|
||||
}
|
||||
|
||||
if (!can_manage_api_key())
|
||||
if (!connected_with_pwg_ui())
|
||||
{
|
||||
return new PwgError(401, 'Acces Denied');
|
||||
}
|
||||
@@ -1095,14 +1095,4 @@ function ws_get_api_key($params, &$service)
|
||||
|
||||
return $api_keys ?? l10n('No API key found');
|
||||
}
|
||||
|
||||
function can_manage_api_key()
|
||||
{
|
||||
// You can manage your api key only if you are connected via identification.php
|
||||
if (isset($_SESSION['connected_with']) and 'pwg_ui' === $_SESSION['connected_with'])
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user