Merge branch 'master' into issue-2386-update-filters-users-activity

This commit is contained in:
Perrom
2025-08-07 17:28:39 +02:00
28 changed files with 675 additions and 154 deletions
+22
View File
@@ -1127,6 +1127,12 @@ function auto_login()
$key = calculate_auto_login_key( $cookie[0], $cookie[1], $username );
if ($key!==false and $key===$cookie[2])
{
// Since Piwigo 16, 'connected_with' in the session defines the authentication context (UI, API, etc).
// Auto-login via remember-me may miss this, so we set it to 'pwg_ui' for UI logins (not API).
if (script_basename() != 'ws')
{
$_SESSION['connected_with'] = 'pwg_ui';
}
log_user($cookie[0], true);
trigger_notify('login_success', stripslashes($username));
return true;
@@ -2633,4 +2639,20 @@ SELECT
return $api_keys;
}
/**
* Is connected with pwg_ui (identification.php)
*
* @since 16
* @return bool
*/
function connected_with_pwg_ui()
{
// You can manage your api key only if you are connected via identification.php
if (isset($_SESSION['connected_with']) and 'pwg_ui' === $_SESSION['connected_with'])
{
return true;
}
return false;
}
?>
+54 -8
View File
@@ -1780,6 +1780,7 @@ function ws_images_upload($params, $service)
@fclose($out);
@fclose($in);
$add_status = "add";
// Check if file has been uploaded
if (!$chunks || $chunk == $chunks - 1)
{
@@ -1803,22 +1804,44 @@ SELECT *
$image = $images[0];
add_format($filePath, $format_ext, $image['id']);
$add_status = add_format($filePath, $format_ext, $image['id']);
return array(
'image_id' => $image['id'],
'src' => DerivativeImage::thumb_url($image),
'square_src' => DerivativeImage::url(ImageStdParams::get_by_type(IMG_SQUARE), $image),
'name' => $image['name'],
);
'add_status' => $add_status,
);
}
$name = pwg_db_real_escape_string(stripslashes($params['name']));
$id_image = null; //null by default
if ($params['update_mode'])
{
$query = '
SELECT
id
FROM '.IMAGES_TABLE.' AS i
INNER JOIN '.IMAGE_CATEGORY_TABLE.' as ic ON ic.image_id = i.id
WHERE i.file = \''.$name.'\'
AND ic.category_id = '.$params['category'][0].'
;';
$images = query2array($query);
if ($images != null)
{
$id_image = $images[0]['id']; //take the id of the already existing image to replace it
$add_status = "update";
}
}
$image_id = add_uploaded_file(
$filePath,
stripslashes($params['name']), // function add_uploaded_file will secure before insert
$name, // function add_uploaded_file will secure before insert
$params['category'],
$params['level'],
null // image_id = not provided, this is a new photo
$id_image
);
$query = '
@@ -1845,6 +1868,7 @@ SELECT
COUNT(*)
FROM '.LOUNGE_TABLE.'
WHERE category_id = '.$params['category'][0].'
AND image_id NOT IN (Select image_id from '.IMAGE_CATEGORY_TABLE.')
;';
list($nb_photos_lounge) = pwg_db_fetch_row(pwg_query($query));
@@ -1859,7 +1883,8 @@ SELECT
'id' => $params['category'][0],
'nb_photos' => $category_infos['nb_photos'] + $nb_photos_lounge,
'label' => $category_name,
)
),
'add_status' => $add_status
);
}
}
@@ -2220,7 +2245,6 @@ SELECT id, file
*
* @since 13
* @param mixed[] $params
* @option string category_id (optional)
* @option string filename_list
*/
function ws_images_formats_searchImage($params, $service)
@@ -2251,6 +2275,19 @@ SELECT
return strlen($b) - strlen($a);
});
$query = '
SELECT
image_id,
ext
FROM '.IMAGE_FORMAT_TABLE.'
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result))
{
$format_image_id = $row['image_id'];
@$format_db[ $format_image_id ][] = $row['ext'];
}
$result = array();
foreach ($candidates as $format_external_id => $format_filename)
@@ -2275,8 +2312,17 @@ SELECT
$result[$format_external_id] = array('status' => 'multiple');
continue;
}
$result[$format_external_id] = array('status' => 'found', 'image_id' => $unique_filenames_db[$candidate_filename_wo_ext][0]);
$img_id = $unique_filenames_db[$candidate_filename_wo_ext][0];
$mult_form = false;
if (isset($format_db[$img_id]))
{
$format_ext = pathinfo($format_filename, PATHINFO_EXTENSION);
if (array_search($format_ext, $format_db[$img_id])!==false)
{
$mult_form = true;
}
}
$result[$format_external_id] = array('status' => 'found', 'image_id' => $img_id, 'format_exist' => $mult_form);
continue;
}
+4 -14
View File
@@ -962,7 +962,7 @@ function ws_create_api_key($params, &$service)
{
global $user, $logger;
if (is_a_guest() OR !can_manage_api_key()) return new PwgError(401, 'Acces Denied');
if (is_a_guest() OR !connected_with_pwg_ui()) return new PwgError(401, 'Acces Denied');
if (get_pwg_token() != $params['pwg_token'])
{
@@ -999,7 +999,7 @@ function ws_revoke_api_key($params, &$service)
{
global $user, $logger;
if (is_a_guest() OR !can_manage_api_key()) return new PwgError(401, 'Acces Denied');
if (is_a_guest() OR !connected_with_pwg_ui()) return new PwgError(401, 'Acces Denied');
if (get_pwg_token() != $params['pwg_token'])
{
@@ -1038,7 +1038,7 @@ function ws_edit_api_key($params, &$service)
return new PwgError(401, 'Acces Denied');
}
if (!can_manage_api_key())
if (!connected_with_pwg_ui())
{
return new PwgError(401, 'Acces Denied');
}
@@ -1081,7 +1081,7 @@ function ws_get_api_key($params, &$service)
return new PwgError(401, 'Acces Denied');
}
if (!can_manage_api_key())
if (!connected_with_pwg_ui())
{
return new PwgError(401, 'Acces Denied');
}
@@ -1095,14 +1095,4 @@ function ws_get_api_key($params, &$service)
return $api_keys ?? l10n('No API key found');
}
function can_manage_api_key()
{
// You can manage your api key only if you are connected via identification.php
if (isset($_SESSION['connected_with']) and 'pwg_ui' === $_SESSION['connected_with'])
{
return true;
}
return false;
}
?>