qemudb/screenshots.php

<?php
/*******************************************************************/
/* this script expects appId and optionally versionId as arguments */
/* OR                                                              */
/* cmd and imageId                                                 */
/*******************************************************************/

/*
 * application environment
 */ 
include("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/screenshot.php");
require(BASE."include/application.php");
require(BASE."include/mail.php");

$aClean = array(); //array of filtered user input

$aClean['cmd'] = makeSafe($_REQUEST['cmd']);
$aClean['versionId'] = makeSafe($_REQUEST['versionId']);
$aClean['screenshot_desc'] = makeSafe($_REQUEST['screenshot_desc']);
$aClean['imageId'] = makeSafe($_REQUEST['imageId']);
$aClean['appId'] = makeSafe($_REQUEST['appId']);

/*
 * We issued a command.
 */ 
if($aClean['cmd'])
{
    // process screenshot upload
    if($aClean['cmd'] == "screenshot_upload")
    {   
        if($_FILES['imagefile']['size']>600000)
        {
            addmsg("Your screenshot was not accepted because it is too big. Please try to keep your screenshots under 600KB by saving games/video screenshots to jpeg and normal applications to png you might be able to achieve very good results with less bytes", "red");
        } else
        {
            $oScreenshot = new Screenshot();
            $oScreenshot->create($aClean['versionId'], $aClean['screenshot_desc'], $_FILES['imagefile']);
            $oScreenshot->free();
        }
    } elseif($aClean['cmd'] == "delete" && is_numeric($aClean['imageId'])) // process screenshot deletion
    {
        $oScreenshot = new Screenshot($aClean['imageId']);
        $oScreenshot->delete();
        $oScreenshot->free();
    } 
    redirect(apidb_fullurl("screenshots.php?appId=".$aClean['appId']."&versionId=".$aClean['versionId']));
}


/*
 * We didn't issued any command.
 */ 
$hResult = get_screenshots($aClean['appId'], $aClean['versionId']);   
apidb_header("Screenshots");
$oApp = new Application($aClean['appId']);
$oVersion = new Version($aClean['versionId']);

if($hResult && mysql_num_rows($hResult))
{
    echo html_frame_start("Screenshot Gallery for ".$oApp->sName." ".$oVersion->sName,500);

    // display thumbnails
    $c = 1;
    echo "<div align=center><table><tr>\n";
    while($oRow = mysql_fetch_object($hResult))
    {
        if(!$aClean['versionId'] && $oRow->versionId != $currentVersionId)
        {
            if($currentVersionId)
            {
                echo "</tr></table></div>\n";
                echo html_frame_end();
                $c=1;
            }
            $currentVersionId=$oRow->versionId;
            echo html_frame_start("Version ".Version::lookup_name($currentVersionId));
            echo "<div align=center><table><tr>\n";
        }
        $img = get_thumbnail($oRow->id);
        // display image
        echo "<td>\n";
        echo $img;
        echo "<div align=center>". substr($oRow->description,0,20). "\n";
        
        //show admin delete link
        if($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || 
               $_SESSION['current']->isMaintainer($aClean['versionId'])))
        {
            echo "<br />[<a href='screenshots.php?cmd=delete&imageId=$oRow->id&appId=".$aClean['appId']."&versionId=".$aClean['versionId']."'>Delete Image</a>]";
        }

        echo "</div></td>\n";

        // end row if counter of 3
        if ($c % 3 == 0) echo "</tr><tr>\n";

        $c++;
    }
    echo "</tr></table></div><br />\n";

    echo html_frame_end("Click thumbnail to view image in new window.");
} else {
 echo "<p align=\"center\">There are currently no screenshots for the selected version of this application.";
 echo "<br />Please consider submitting a screenshot for the selected version yourself.</p>";
}

if($aClean['versionId'])
{
    //image upload box
    echo '<form enctype="multipart/form-data" action="screenshots.php" name="imageForm" method="post">',"\n";
    echo html_frame_start("Upload Screenshot","400","",0);
    echo '<table border=0 cellpadding=6 cellspacing=0 width="100%">',"\n";
      
    echo '<tr><td class=color1>Image</td><td class=color0><input name="imagefile" type="file" size="24"></td></tr>',"\n";
    echo '<tr><td class="color1">Description</td><td class="color0"><input type="text" name="screenshot_desc" maxlength="20" size="24"></td></tr>',"\n";
       
    echo '<tr><td colspan=2 align=center class=color3><input type="submit" value="Send File"></td></tr>',"\n";
    echo '</table>',"\n";
    echo html_frame_end();
    echo '<input type="hidden" name="MAX_FILE_SIZE" value="4000000" />',"\n";
    echo '<input type="hidden" name="cmd" value="screenshot_upload" />',"\n";
    echo '<input type="hidden" name="versionId" value="'.$aClean['versionId'].'"></form />',"\n";
}
echo html_back_link(1);
apidb_footer();
?>
- replaced mysql_query() with query_appdb() - removed opendb() - removed query_userdb() - removed error handling from the code as it is done with query_appdb() 2005-01-12 16:22:55 +00:00			`<?php`
- displays an app screenshot gallery when one of the random screeshot is clicked - tabs removed - indentation fixed in screenshots.php 2004-12-11 22:33:01 +00:00			`/*******************************************************************/`
Assorted spelling fixes. Small wording tweaks. Capitalize Wine when referring to the project. 2005-01-10 22:15:44 +00:00			`/* this script expects appId and optionally versionId as arguments */`
- displays an app screenshot gallery when one of the random screeshot is clicked - tabs removed - indentation fixed in screenshots.php 2004-12-11 22:33:01 +00:00			`/* OR */`
			`/* cmd and imageId */`
			`/*******************************************************************/`

Uniform headers 2004-12-25 20:08:00 +00:00			`/*`
Fix header patch typo 2004-12-27 23:54:55 +00:00			`* application environment`
Uniform headers 2004-12-25 20:08:00 +00:00			`*/`
Initial revision 2004-03-15 16:22:00 +00:00			`include("path.php");`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`require(BASE."include/incl.php");`
Let maintainers and super maintainers process the application versions and images submitted for applications they maintain 2005-08-05 22:07:41 +00:00			`require_once(BASE."include/screenshot.php");`
- use mail_appdb() instead of mail() for better error handling and to avoid code duplication - use \r\n as line separator in mail (RFC compliant) 2005-01-30 00:57:34 +00:00			`require(BASE."include/application.php");`
			`require(BASE."include/mail.php");`

Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$aClean = array(); //array of filtered user input`

			`$aClean['cmd'] = makeSafe($_REQUEST['cmd']);`
			`$aClean['versionId'] = makeSafe($_REQUEST['versionId']);`
			`$aClean['screenshot_desc'] = makeSafe($_REQUEST['screenshot_desc']);`
			`$aClean['imageId'] = makeSafe($_REQUEST['imageId']);`
			`$aClean['appId'] = makeSafe($_REQUEST['appId']);`
Uniform headers 2004-12-25 20:08:00 +00:00
- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00			`/*`
			`* We issued a command.`
			`*/`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`if($aClean['cmd'])`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00			`// process screenshot upload`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`if($aClean['cmd'] == "screenshot_upload")`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`{`
Give a useful message to the user when the screenshot size is too big to be accepted 2005-07-14 01:32:26 +00:00			`if($_FILES['imagefile']['size']>600000)`
			`{`
			`addmsg("Your screenshot was not accepted because it is too big. Please try to keep your screenshots under 600KB by saving games/video screenshots to jpeg and normal applications to png you might be able to achieve very good results with less bytes", "red");`
			`} else`
			`{`
			`$oScreenshot = new Screenshot();`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$oScreenshot->create($aClean['versionId'], $aClean['screenshot_desc'], $_FILES['imagefile']);`
Give a useful message to the user when the screenshot size is too big to be accepted 2005-07-14 01:32:26 +00:00			`$oScreenshot->free();`
			`}`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`} elseif($aClean['cmd'] == "delete" && is_numeric($aClean['imageId'])) // process screenshot deletion`
- displays an app screenshot gallery when one of the random screeshot is clicked - tabs removed - indentation fixed in screenshots.php 2004-12-11 22:33:01 +00:00			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$oScreenshot = new Screenshot($aClean['imageId']);`
- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00			`$oScreenshot->delete();`
			`$oScreenshot->free();`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`}`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`redirect(apidb_fullurl("screenshots.php?appId=".$aClean['appId']."&versionId=".$aClean['versionId']));`
Initial revision 2004-03-15 16:22:00 +00:00			`}`

- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00
			`/*`
			`* We didn't issued any command.`
			`*/`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$hResult = get_screenshots($aClean['appId'], $aClean['versionId']);`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`apidb_header("Screenshots");`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$oApp = new Application($aClean['appId']);`
			`$oVersion = new Version($aClean['versionId']);`
- improve application and related classes - use application/version/vendor class in scripts - don't use a full table for queued appication but only one field in the application and version tables - simplify the code in many places 2005-02-07 23:21:33 +00:00
- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00			`if($hResult && mysql_num_rows($hResult))`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
- improve application and related classes - use application/version/vendor class in scripts - don't use a full table for queued appication but only one field in the application and version tables - simplify the code in many places 2005-02-07 23:21:33 +00:00			`echo html_frame_start("Screenshot Gallery for ".$oApp->sName." ".$oVersion->sName,500);`
Let Maintainers add and delete screenshots and send an email notification when they do 2004-11-17 22:57:20 +00:00
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`// display thumbnails`
			`$c = 1;`
			`echo "<div align=center><table><tr>\n";`
- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00			`while($oRow = mysql_fetch_object($hResult))`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`if(!$aClean['versionId'] && $oRow->versionId != $currentVersionId)`
Let Maintainers add and delete screenshots and send an email notification when they do 2004-11-17 22:57:20 +00:00			`{`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`if($currentVersionId)`
- displays an app screenshot gallery when one of the random screeshot is clicked - tabs removed - indentation fixed in screenshots.php 2004-12-11 22:33:01 +00:00			`{`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`echo "</tr></table></div>\n";`
			`echo html_frame_end();`
			`$c=1;`
- displays an app screenshot gallery when one of the random screeshot is clicked - tabs removed - indentation fixed in screenshots.php 2004-12-11 22:33:01 +00:00			`}`
- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00			`$currentVersionId=$oRow->versionId;`
Fix missed lookup_version_name() -> Version::lookup_name() in version cleanup patch 2006-06-29 19:00:41 +00:00			`echo html_frame_start("Version ".Version::lookup_name($currentVersionId));`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`echo "<div align=center><table><tr>\n";`
			`}`
Refactor screenshots.php to use get_thumbnail() 2005-07-26 03:54:57 +00:00			`$img = get_thumbnail($oRow->id);`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`// display image`
			`echo "<td>\n";`
			`echo $img;`
- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00			`echo "<div align=center>". substr($oRow->description,0,20). "\n";`
Move description below screenshot instead of header 2005-01-30 22:38:44 +00:00
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`//show admin delete link`
- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling 2005-01-30 23:12:48 +00:00			`if($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") \|\|`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$_SESSION['current']->isMaintainer($aClean['versionId'])))`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`echo "<br />[<a href='screenshots.php?cmd=delete&imageId=$oRow->id&appId=".$aClean['appId']."&versionId=".$aClean['versionId']."'>Delete Image</a>]";`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`}`
- displays an app screenshot gallery when one of the random screeshot is clicked - tabs removed - indentation fixed in screenshots.php 2004-12-11 22:33:01 +00:00
Move description below screenshot instead of header 2005-01-30 22:38:44 +00:00			`echo "</div></td>\n";`
- displays an app screenshot gallery when one of the random screeshot is clicked - tabs removed - indentation fixed in screenshots.php 2004-12-11 22:33:01 +00:00
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`// end row if counter of 3`
			`if ($c % 3 == 0) echo "</tr><tr>\n";`
Initial revision 2004-03-15 16:22:00 +00:00
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`$c++;`
Let Maintainers add and delete screenshots and send an email notification when they do 2004-11-17 22:57:20 +00:00			`}`
Clean up HTML and PHP, remove extranious checks for loggedin() 2004-12-29 20:21:31 +00:00			`echo "</tr></table></div><br />\n";`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00
			`echo html_frame_end("Click thumbnail to view image in new window.");`
			`} else {`
Fix grammatical error 2006-06-06 18:55:04 +00:00			`echo "<p align=\"center\">There are currently no screenshots for the selected version of this application.";`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`echo "<br />Please consider submitting a screenshot for the selected version yourself.</p>";`
			`}`

Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`if($aClean['versionId'])`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`{`
			`//image upload box`
- no more appId in appData as appVersion implies an appId* - screenshot class has been reworked to remove need of appId - screenshot class has been improved to send e-mails so that email handling can be removed from other scripts 2005-02-04 02:55:50 +00:00			`echo '<form enctype="multipart/form-data" action="screenshots.php" name="imageForm" method="post">',"\n";`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`echo html_frame_start("Upload Screenshot","400","",0);`
			`echo '<table border=0 cellpadding=6 cellspacing=0 width="100%">',"\n";`
Let Maintainers add and delete screenshots and send an email notification when they do 2004-11-17 22:57:20 +00:00
limit description of screenshot to 20 chars as we don't display more 2005-01-31 01:42:08 +00:00			`echo '<tr><td class=color1>Image</td><td class=color0><input name="imagefile" type="file" size="24"></td></tr>',"\n";`
			`echo '<tr><td class="color1">Description</td><td class="color0"><input type="text" name="screenshot_desc" maxlength="20" size="24"></td></tr>',"\n";`
Let Maintainers add and delete screenshots and send an email notification when they do 2004-11-17 22:57:20 +00:00
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`echo '<tr><td colspan=2 align=center class=color3><input type="submit" value="Send File"></td></tr>',"\n";`
			`echo '</table>',"\n";`
			`echo html_frame_end();`
Give a useful message to the user when the screenshot size is too big to be accepted 2005-07-14 01:32:26 +00:00			`echo '<input type="hidden" name="MAX_FILE_SIZE" value="4000000" />',"\n";`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`echo '<input type="hidden" name="cmd" value="screenshot_upload" />',"\n";`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`echo '<input type="hidden" name="versionId" value="'.$aClean['versionId'].'"></form />',"\n";`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
Implemented the user friendly screenshot submitting feature 2004-12-18 06:06:46 +00:00			`echo html_back_link(1);`
			`apidb_footer();`
Initial revision 2004-03-15 16:22:00 +00:00			`?>`