<?php
// The above must be the VERY FIRST LINE OF THE FILE!
// Check whether the user is correctly logged in, etc.
// at this point - that depends on YOUR reasons for
// doing this, of course
// Figure out which image to send them
$image = $_GET['image'];
// MAKE SURE IT IS SAFE! Allow only letters,
// numbers, and underscores in the filename,
// don't let them sneak around with ../ and
// download other files on the system!
if (!preg_match("\^\w+$\", $image)) {
header("Content-type: image/gif");
readfile("/path/to/access_denied.gif");
exit(0);
}
// log a view here
// OK, they're cool, send them the image.
// /path/to/my/images should be OUTSIDE
// your web space, somewhere else in the
// file system, because the whole point is to
// keep people from downloading what they
// don't have permission to download!
header("Content-type: image/jpeg");
readfile("/path/to/my/images/$image");
exit(0);
?>
echo ('<div id="galleria">');
$index = 0;
$j = 0;
$img = $startvalue + $img;
echo ('<div id="galleria">');
while($index < $imagesinthispage){
$imageid_ = mysql_result($resultsqlquery, $index, photoid);
$thumbnail_ = mysql_result($resultsqlquery, $index, thumbnailname);
$phototext_ = mysql_result($resultsqlquery, $index, phototext);
$text_ = html_entity_decode($phototext_);
$text_original = html_entity_decode($phototext_);
$text_ = substr($text_,0,20);
$count_ = strlen($phototext_);
$date = mysql_result($result, $index, addtime);
$updatedtime = mysql_result($resultsqlquery, $index, date);
$eventid = mysql_result($resultsqlquery, $index, photoevent_);
$folder_ = mysql_result($resultsqlquery, $index, folder);
$filename_ = mysql_result($resultsqlquery, $index, filename);
$number = preg_replace('/[^0-9]/', '', $filename_);
if ($number > 1000)
{
$number = $number1[strlen($number)-1];
}
echo "<div style=\"float: left; border: 1px solid #dadada; padding: 3px; margin: 5px;\">";
echo "<a href=\"albumi/$folder_/$filename_\"><img src=\"albumi/$folder_/$thumbnail_\" style=\"border: none; padding: 5px;\" title=\"$text_original\"/></a></div>".PHP_EOL;
$number = $number - 1;
$index++;
$img++;
updatelastreadphoto($eventid,$pid,$count_views,$count_picture);
}
echo ('</div>'); // end <div id="galleria">
echo "<script language=\"javascript\" type=\"text/javascript\">
Galleria.run('#galleria')
Galleria.configure({
imageCrop:false
})";
echo "</script>";
echo "</div>";
Galleria.ready(function() {
this.bind("image", function(e) {
var imageLocation = e.imageTarget.src;
var imagelocationArray = imageLocation.split("/");
var imageName = $(imagelocationArray).last()[0];
// process image view
$("#galleria_processview_message").load("processview.php?img="+imageName, function(response, status, xhr) {
if (status == "error") {
$("#galleria_processview_message").html("<strong>ERROR: </strong> script error! ("+xhr.status + " " + xhr.statusText+")");
}else if(status == "success"){
// let php show the message
}
});
});
});
<?php
// you should validat the imput
$imagefile = $_GET['img'];
// process image click here
// show message for demo purposes
echo 'SUCCESS image '.$imagefile.' processed!';
?>
include('db_connect.php');
$yearid = $_GET['id'];
$eventid = $_GET['show'];
$imageid = $_GET['img'];
$count = $_GET['count'];
$test= 'eventid='.$eventid.'imageid='.$imageid.'count='.$count;
if($count == 1)
{
$getid = "select id from photos where photoevent_='$eventid'
order by filename limit 1 offset $imageid";
$result = mysql_query($getid);
$dbimageid = mysql_result($result,0,id);
$sql = "UPDATE photos set count_views = (count_views + 1 ), updatetime = updatetime WHERE id = '$dbimageid'";
mysql_query($sql);
$loggeduserid_ = $_SESSION['users_id'];
$microseconds_ = ((double) microtime()) * 1000000;
// check if user has already row for current header
$lastreadchecksql = "SELECT 1 FROM photos_read WHERE user_r ='$loggeduserid_' AND eventid_ = '$eventid' AND photoid_ = '$dbimageid'";
$lastreadcheck = mysql_query($lastreadchecksql);
$num = mysql_num_rows($lastreadcheck);
//echo('num='.$num);
// if not found, add new row
if($num == 0)
{
$insertlastreadsql = "INSERT INTO photos_read(eventid_,photoid_,user_r,lastreadmicrosec) VALUES
('$eventid','$dbimageid', '$loggeduserid_','$microseconds_')";
$insertlastread = mysql_query($insertlastreadsql);
}
// else update old row
else
{
$updatelastreadsql = "UPDATE photos_read SET lastread = now(), lastreadmicrosec = '$microseconds_' WHERE eventid_='$eventid' AND photoid_='$dbimageid' AND user_r='$loggeduserid_'";
$updatelastread = mysql_query($updatelastreadsql);
}
}
$("#galleria_processview_message").load("updateviewcount.php?id=$year&show=$eventid&img="+imageName, function(response, status, xhr)
<?
// use php to define javascript variables
echo 'var year = '.$year;
echo 'var eventid = '.$eventid;
?>
$("#galleria_processview_message").load("updateviewcount.php?id="+year="&show="+eventid+"&img="+imageName, function(response, status, xhr)
echo ('<div id="galleria">');
$index = 0;
$j = 0;
$img = $startvalue + $img;
while($index < $imagesinthispage){
$imageid_ = mysql_result($resultsqlquery, $index, photoid);
$thumbnail_ = mysql_result($resultsqlquery, $index, thumbnailname);
$phototext_ = mysql_result($resultsqlquery, $index, phototext);
$text_ = html_entity_decode($phototext_);
$text_original = html_entity_decode($phototext_);
$text_ = substr($text_,0,20);
$count_ = strlen($phototext_);
$date = mysql_result($result, $index, addtime);
$updatedtime = mysql_result($resultsqlquery, $index, date);
$eventid = mysql_result($resultsqlquery, $index, photoevent_);
$folder_ = mysql_result($resultsqlquery, $index, folder);
$filename_ = mysql_result($resultsqlquery, $index, filename);
$number = preg_replace('/[^0-9]/', '', $filename_);
if ($number > 1000)
{
$number = $number1[strlen($number)-1];
}
echo "<div style=\"float: left; border: 1px solid #dadada; padding: 3px; margin: 5px;\">";
echo "<a href=\"albumi/$folder_/$filename_\"><img src=\"albumi/$folder_/$thumbnail_\" style=\"border: none; padding: 5px;\" title=\"$text_original\"/></a></div>".PHP_EOL;
$number = $number - 1;
$index++;
$img++;
updatelastreadphoto($eventid,$pid,$count_views,$count_picture);
}
echo ('</div>'); // end <div id="galleria">
echo ('<div id="galleria_processview_message"></div>');
?>
<script language="javascript" type="text/javascript">
Galleria.run('#galleria');
Galleria.configure({
imageCrop:false
});
</script>
<script language="javascript" type="text/javascript">
Galleria.ready(function() {
<?php
// use php to define javascript variables
echo 'var year = '.$year;
echo 'var eventid = '.$eventid;
?>
this.bind("image", function(e) {
var imageLocation = e.imageTarget.src;
var imagelocationArray = imageLocation.split("/");
var imageName = $(imagelocationArray).last()[0];
// process image view
$("#galleria_processview_message").load("updateviewcount.php?id="+year="&show="+eventid+"&img="+imageName, function(response, status, xhr){
if (status == "error") {
$("#galleria_processview_message").html("<strong>ERROR: </strong> script error! ("+xhr.status + " " + xhr.statusText+")");
}else if(status == "success"){
// let php show the message
}
});
});
});
</script>
<?
// use php to define javascript variables
echo 'var year = "'.$year.'"';
echo 'var eventid = "'.$eventid.'"';
?>
<script language="javascript" type="text/javascript">
Galleria.ready(function() {
var year = "2012"
var eventid = "48"
var imageid = "3686" // imageid from db
this.bind("image", function(e) {
var imageLocation = e.imageTarget.src;
var imagelocationArray = imageLocation.split("/");
var imageName = $(imagelocationArray).last()[0];
// process image view
$("#galleria_processview_message").load("updateviewcount.php?id="+year"&show="+eventid+"&img="+imageName, function(response, status, xhr){
if (status == "error") {
$("#galleria_processview_message").html("<strong>ERROR: </strong> script error! ("+xhr.status + " " + xhr.statusText+")");
}else if(status == "success"){
// let php show the message
}
});
});
});
</script>
<?php
include('/home/tobiasfr/include/db_connect.php');
$yearid = $_GET['id'];
$eventid = $_GET['show'];
$imageid = $_GET['img'];
$count = $_GET['count'];
$test= 'eventid='.$eventid.'<br/>imageid='.$imageid.'<br/>count='.$count.'';
echo $test;
if($count == 1)
{
$getid = "select id from photos where photoevent_='$eventid' order by filename limit 1 offset $imageid";
echo $getid;
$result = mysql_query($getid);
$dbimageid = mysql_result($result,0,id);
echo $sql = "UPDATE photos set count_views = (count_views + 1 ), updatetime = updatetime WHERE id = '$dbimageid'";
mysql_query($sql);
$loggeduserid_ = $_SESSION['users_id'];
$microseconds_ = ((double) microtime()) * 1000000;
// check if user has already row for current header
$lastreadchecksql = "SELECT 1 FROM photos_read WHERE user_r ='$loggeduserid_' AND eventid_ = '$eventid' AND photoid_ = '$dbimageid'";
$lastreadcheck = mysql_query($lastreadchecksql);
$num = mysql_num_rows($lastreadcheck);
//echo('num='.$num);
// if not found, add new row
if($num == 0)
{
$insertlastreadsql = "INSERT INTO photos_read(eventid_,photoid_,user_r,lastreadmicrosec) VALUES ('$eventid','$dbimageid', '$loggeduserid_','$microseconds_')";
$insertlastread = mysql_query($insertlastreadsql);
}
// else update old row
else
{
$updatelastreadsql = "UPDATE photos_read SET lastread = now(), lastreadmicrosec = '$microseconds_' WHERE eventid_='$eventid' AND photoid_='$dbimageid' AND user_r='$loggeduserid_'";
$updatelastread = mysql_query($updatelastreadsql);
}
}
?>