setdp.pl
Copying Source is Forbidden
109 lines of code
1
#!/usr/local/bin/perl
2
3
# must have's!
4
use strict;
5
use warnings;
6
use CGI::Carp qw(fatalsToBrowser);
7
use DBI;
8
use URI::Escape;
9
10
use lib "/var/www/html/Pm";
11
12
use Html qw(pre_html_header);
13
use Redir qw(notice_redir error_redir);
14
use User qw(isUserSubscriber $USER_DATA);
15
use Bc_chef qw(cookie_get);
16
use Bc_misc qw(get_param);
17
use Bc_sql qw(
18
get_constant
19
sql_execute
20
user_exists
21
$QUERY_PAGE
22
$QUERY_UID
23
$LOGGEDIN
24
25
$DB
26
);
27
28
use Security qw(banned);
29
30
my $PAGE = $QUERY_PAGE;
31
32
my $DEBUG = 0;
33
if (not user_exists($LOGGEDIN) or banned($LOGGEDIN)) {
34
my $msg = "Access Denied";
35
if ($DEBUG) { $msg .= " (setdp.pl)"; }
36
print error_redir("/", $msg);
37
38
exit 1;
39
}
40
41
my $id = get_param("id");
42
my $clear = get_param("c");
43
44
if ($clear) {
45
my $sql = "update images set dp = '1' where UID = " . $DB->quote($LOGGEDIN) . " and dp = '2'";
46
if (sql_execute($sql, "setdp.pl")) {
47
print notice_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "Display picture cleared");
48
} else {
49
print notice_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "Failed to clear display picture, or nothing to clear");
50
}
51
}
52
53
# now, we've got the relevant info, let's make sure $LOGGEDIN is setting
54
# their dp to an image THEY own, and not someone else's image
55
56
my $sql = "select * from images where ID = " . $DB->quote($id);
57
my $ref = sql_execute($sql, "setdp.pl"); # again, just one hit should be returned!
58
59
if (ref $ref eq "HASH") {
60
# okay, we got one hit, cool
61
if ($ref->{UID} eq $LOGGEDIN) {
62
# and the image belongs to $LOGGEDIN
63
# so now, set the "dp" flag for this image to 2.
64
# and set all other image's dp field to 1.
65
my $orig_dp_sql = "select * from images where UID = " . $DB->quote($LOGGEDIN) . " and dp = '2'";
66
my $orig_ref = sql_execute($orig_dp_sql, "setdp.pl");
67
if (ref $orig_ref eq "HASH") {
68
# user has a display picture set. set dp flag for this image to 1
69
my $clear_dp_sql = "update images set dp = '1' where ID = " . $DB->quote($orig_ref->{ID});
70
my $results = sql_execute($clear_dp_sql, "setdp.pl");
71
if ($results ne "0E0") {
72
# current dp cleared
73
# now set the new one
74
75
my $new_dp_sql = "update images set dp = '2' where ID = " . $DB->quote($id);
76
my $results = sql_execute($new_dp_sql, "setdp.pl");
77
if ($results ne "0E0") {
78
# yay! finally! the dp is now set
79
print notice_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "Display picture updated");
80
} else {
81
print error_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "Unable to set dp to selected image!");
82
}
83
} else {
84
# could not clear CURRENT dp
85
print error_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "Unable to clear current dp!");
86
}
87
} else {
88
my $new_dp_sql = "update images set dp = '2' where ID = " . $DB->quote($id);
89
my $results = sql_execute($new_dp_sql, "setdp.pl");
90
if ($results ne "0E0") {
91
# yay! finally! the dp is now set
92
print notice_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "Display picture updated");
93
} else {
94
print error_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "Unable to set dp to selected image!");
95
}
96
}
97
} else {
98
# user does NOT have a display picture set
99
# so their dp just has to be changed to a 2
100
# and the image does NOT belong to $LOGGEDIN
101
print error_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "You don't own this image!");
102
}
103
} else {
104
# invalid image ID, or too many images returned
105
print error_redir("/?$PAGE=" . get_constant("PHOTOS_PAGE"), "Invalid image ID!");
106
}
107
108
109
exit 1;