escape all users input strings
[photo-tags.git] / index.php
1 <?php
2 /* parse ini -file */
3 $iniarray=parse_ini_file("config.ini");
4 $webbase=$iniarray["webbase"];
5 $dbprefix=$iniarray["dbprefix"];
6 $admin=$iniarray["admin"];
7 $title=$iniarray["title"];
8 $N=$iniarray["pics_per_page"];
9 /* end parse ini-file */
10
11 /* parse flags */
12 if(isset($_REQUEST["page"]))
13   $page = intval($_REQUEST["page"]);
14 else
15   $page = 1;
16
17 if(isset($_REQUEST["tag"]))
18   $tags = htmlentities($_REQUEST["tag"]);
19 else
20   $tags = "";
21
22 ?>
23 <html>
24 <title><?php echo htmlspecialchars($title) ?></title>
25 <script src="<?php echo $webbase?>/d3.min.js"></script>
26 <link rel="stylesheet" type="text/css" href="<?php echo $webbase?>/normalize.css" />
27 <link rel="stylesheet" type="text/css" href="<?php echo $webbase?>/style.css" />
28
29 <body>
30
31 <div class="debug">test</div>
32 <h1><?php echo htmlspecialchars($title) ?></h1>
33
34 <button class="prev" disabled="disabled" onclick="left()"> prev </button>
35 <button class="next"   onclick="right()">next </button>
36
37 <div class="permalink"></div>
38
39 <div class="tagsearch">
40 <form method="get" action="">
41  Tags: <input list="MyTags" id="MyTagsInput" type="text" value="" />
42   <datalist id="MyTags">
43   </datalist>
44 </form>
45 </div>
46
47 <div class="index"></div>
48 <div class="pics"> </div>
49
50 <footer>
51   This gallery belongs to <?php echo htmlspecialchars($admin) ?>.
52   <div class="copyright"> code: copyright 2011 Arun Persaud arun@nubati.net, code available at nubati.net/git/f-spot-gallery</div>
53 </footer>
54
55
56 <script type="text/javascript" >
57
58 var pics = d3.select(".pics").append("ul");
59
60 var page=<?php echo $page ?>;
61 var N=<?php echo $N ?>;
62 var T="<?php echo $tags ?>";
63 var count=0;
64
65 /* populate data list with tags*/
66 d3.json("<?php echo $webbase?>/getjson.php?S", function(json) {
67     d3.select("#MyTags").selectAll("option").data(json)
68       .enter().append("option").attr("value",function(d) {return d.name});
69   });
70
71 /* update form to point to new link */
72 d3.select("input").on("keyup", function(d) {
73     d3.select('form').attr("action","<?php echo $webbase?>/tag/"+document.getElementById('MyTagsInput').value);
74 });
75
76 function myreload(a) {
77   d3.select(".debug").text("T,P,N ="+T+" "+a+" "+N);
78
79   if(T!="")
80     url = "<?php echo $webbase?>/getjson.php?T="+T+"&P="+a;
81   else
82     url = "<?php echo $webbase?>/getjson.php?P="+a;
83
84   d3.json(url, function(json) {
85
86       /* update index, show only page +-5 pages max */
87       s="page ";
88       n = Math.floor(json[0][0].total/N);
89
90       if(a>7)
91         {
92           s+=" <a href=\"<?php echo $webbase?>";
93           if(T!="")
94             s+="/tag/"+T;
95           s+="/page/1\">1</a>...";
96           start = a-5;
97         }
98       else
99         start=1;
100
101       for(i=start;i<=Math.min(n+1,a+5);i++)
102         {
103           if(i==a)
104             s+= " "+i+" ";
105           else
106             {
107               s+=" <a href=\"<?php echo $webbase?>";
108               if(T!="")
109                 s+="/tag/"+T;
110               s+="/page/"+i+"\">"+i+"</a>";
111             }
112         }
113
114       if(a+5<n)
115         {
116           s+="... <a href=\"<?php echo $webbase?>";
117           if(T!="")
118             s+="/tag/"+T;
119           s+="/page/"+(n+1)+"\">"+(n+1)+"</a>";
120         }
121       else if(a+5==n)
122         {
123           s+=" <a href=\"<?php echo $webbase?>";
124           if(T!="")
125             s+="/tag/"+T;
126           s+="/page/"+(n+1)+"\">"+(n+1)+"</a>";
127         };
128
129
130       d3.select(".index").html(s);
131
132       /* update pics */
133       count=0;
134       pics.selectAll("li").remove();
135       picdata=json[1];
136       pics.selectAll("li").data(picdata)
137         .enter().append("li")
138         .append("a")
139         .attr("href",function(d) {
140             s= d.base_uri+'/'+d.filename;
141             s = s.replace('file:\/\/<?php echo "".str_replace("/","\/",$dbprefix); ?>','<?php echo $webbase; ?>/Photos-small/');
142             return s;
143           })
144         .append("img")
145         .attr("src",function(d) {
146             count++;
147             s= d.base_uri+'/'+d.filename;
148             s = s.replace('file:\/\/<?php echo "".str_replace("/","\/",$dbprefix); ?>','<?php echo $webbase?>/Photos-tiny/');
149             return s;
150           });
151       checkbutton();
152     });
153
154   permalink="<?php echo $webbase ?>/page/"+page;
155   d3.select(".permalink").html("Permalink: <a href=\""+permalink+"\">"+permalink+"</a>");
156 }
157
158 function left() {
159   if (page>=2) page=page-1;
160   myreload(page);
161 }
162
163 function right() {
164   page=page+1;
165   myreload(page);
166 }
167
168 function checkbutton() {
169
170   if (page==1)
171     { d3.select("button.prev").attr("disabled","disabled");}
172   else
173     { d3.select("button.prev").attr("disabled", null);};
174
175   if (count<N)
176     { d3.select("button.next").attr("disabled","disabled");}
177   else
178     { d3.select("button.next").attr("disabled",null);}
179 }
180
181 myreload(page);
182
183 </script>
184
185 </body>
186 </html>