set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } if (isset($_GET['article_id'])) { // Have we asked for a specific plant article? $view_extra = true; $extra_type = '2'; $extra_name = 'article'; $extra_id = $_GET['article_id']; if (empty($_GET['catalogue_id'])) { $article_sql = "SELECT * FROM x_catalogue_articles a WHERE a.article_id = '". tep_db_input($_GET['article_id']) ."' AND a.isactive = '1' LIMIT 1"; } else { $article_sql = "SELECT a.*, t.code, t.NAME, t.NOTES, REPLACE(CONCAT_WS(' ', g.groupname, s.groupname, c.classname), ' ', ' ') concat_name from x_catalogue_articles a INNER JOIN x_catalogue_to_article x ON a.article_id = x.article_id INNER JOIN x_catalogue t ON x.catalogue_id = t.seqno INNER JOIN x_stock_groups g ON g.groupno = t.stockgroup INNER JOIN x_stock_group2s s ON s.groupno = t.stockgroup2 INNER JOIN x_stock_classifications c ON c.classno = t.stock_classification WHERE a.article_id = '". tep_db_input($_GET['article_id']) ."' AND t.SEQNO = '". tep_db_input($_GET['catalogue_id']) ."' AND a.isactive = '1' LIMIT 1"; } $article_array = tep_db_query( $article_sql ); if ($article_item = tep_db_fetch_array($article_array)) { $sts->template['hide_right_column'] = 1; // Turn off right-hand column. $pagetitle = $article_item['heading']; if (!empty($_GET['catalogue_id'])) { // If we've got a catalogue item linked, use it for the description meta tag $sts->template['meta_desc'] = $pagetitle . ' ' . ($article_item['NAME']=='' ? '' : '('.$article_item['NAME'].') ') . '- ' . $article_item['NOTES']; } if (!empty($article_item['code'])) { $pagecontent = '« Return to main '.trim($article_item['concat_name']).' page
'; } else { $pagecontent = ''; } $pagecontent .= '
' . replace_glossary_words($article_item['article']) . '
'; } else { $pagetitle = 'Error:'; $pagecontent = 'The article you requested is currently unavailable. Please click here to return to the front page.'; } } elseif (isset($_GET['photo_id'])) { // Have we asked for a specific photo? $view_extra = true; $extra_type = '1'; $extra_name = 'photo'; $extra_id = $_GET['photo_id']; $photo_sql = "SELECT t.code, t.NAME, t.NOTES, REPLACE(CONCAT_WS(' ', g.groupname, s.groupname, c.classname), ' ', ' ') concat_name, p.photo_id, p.catalogue_id, p.nickname, p.customers_id, p.comment from x_catalogue t INNER JOIN x_stock_groups g ON g.groupno = t.stockgroup INNER JOIN x_stock_group2s s ON s.groupno = t.stockgroup2 INNER JOIN x_stock_classifications c ON c.classno = t.stock_classification INNER JOIN x_catalogue_photos p ON p.catalogue_id= t.seqno WHERE p.photo_id = '". tep_db_input($_GET['photo_id']) ."' AND p.status = '1' LIMIT 1"; $photo_array = tep_db_query( $photo_sql ); if ($extra_item = tep_db_fetch_array($photo_array)) { $sts->template['hide_right_column'] = 1; // Turn off right-hand column. $pagetitle = trim($extra_item['concat_name'] ); $sts->template['meta_desc'] = $pagetitle . ' ' . ($extra_item['NAME']=='' ? '' : '('.$extra_item['NAME'].') ') . '- ' . $extra_item['NOTES']; $catalogue_id = $extra_item['catalogue_id']; $comment = ( strlen(trim($extra_item['comment'])) > 1) ? $extra_item['comment'] . '
' : ''; $submittedby = ( strlen(trim($extra_item['nickname'])) > 1) ? '
Thanks to '. $extra_item['nickname'] .' for sharing this photo!': ''; $pagecontent = '« Return to main '.$pagetitle.' page
'. $pagetitle .'
'. $comment . $submittedby . '
'; } else { $pagetitle = 'Error:'; $pagecontent = 'The photo you requested is currently unavailable. Please click here to return to the front page.'; } } else { $view_extra = false; } if ($view_extra && $pagetitle!='Error:') { // Have we asked for a specific extra? $comments_link = (!tep_session_is_registered('customer_id')) ? $PHP_SELF . "?action=comments_login&" . $extra_name . "_id=".$extra_id : "javascript: toggle_visibility('share_tips');"; $comments_login = ($_GET['action']=='comments_login') ? 1 : 0; $pagecontent .= '
» Would you like to comment on this '.$extra_name.'? Click here...
'; $pagecontent .= ($extra_type == '2') ? '' : '» If you\'ve got a photo of '. $pagetitle .' you\'d like to share, click here...'; // Are there any comments for this extra? $comment_sql = "SELECT * FROM x_catalogue_comments WHERE comment_type = '".$extra_type."' AND parent_id = '". $extra_id ."' AND status = '1' ORDER BY date_uploaded"; $comment_array = tep_db_query( $comment_sql ); if ($comment_item = tep_db_fetch_array($comment_array)) { $pagecontent .= '

Comments
'; do { $suggested = 'On ' . tep_date_short($comment_item['date_uploaded']) .', '; $suggested .= (strlen(trim($comment_item['nickname'])) > 1) ? $comment_item['nickname'] . ' said:' : 'Anonymous said:'; $pagecontent .= '
'. $suggested .'
'. $comment_item['comment'] .'
'; } while ($comment_item = tep_db_fetch_array($comment_array)); } } elseif ($pagetitle!='Error:') { // No specific photo requested? Then we must want to upload one of our own... // If we're not already logged in, then log in. if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } // Is there a legitimate, active, catalogue_id set? $legit_catid = false; if (isset($_GET['catalogue_id']) || isset($_POST['catalogue_id'])) { $catalogue_id = (isset($_GET['catalogue_id'])) ? $_GET['catalogue_id'] : $_POST['catalogue_id']; $cat_sql = "SELECT t.code, REPLACE(CONCAT_WS(' ', g.groupname, s.groupname, c.classname), ' ', ' ') concat_name from x_catalogue t INNER JOIN x_stock_groups g ON g.groupno = t.stockgroup INNER JOIN x_stock_group2s s ON s.groupno = t.stockgroup2 INNER JOIN x_stock_classifications c ON c.classno = t.stock_classification WHERE t.seqno = '". tep_db_input($catalogue_id) ."' AND t.isactive = 'Y' LIMIT 1"; $cat_array = tep_db_query( $cat_sql ); if ($cat_item = tep_db_fetch_array($cat_array)) { $legit_catid = true; } } if (!$legit_catid) { die("ERROR! Bad catalogue id!"); } // If we've made it this far, everything must be ok, so display the form, the upload confirmation, or submit data, depending on situation... if (isset($_POST['catalogue_id'])) { // Save submitted photo to database $result = false; if ($_FILES) { $photofile = $_FILES['photofile']['tmp_name']; if ( is_uploaded_file($photofile) ) { // Read the file to be submitted ('rb' = read binary) $file = fopen($photofile,'rb'); $file_size = filesize($photofile); $allowed_size = 1048576; $data = fread($file,$file_size); fclose($file); $file_type = $_FILES['photofile']['type']; $file_name = $customer_id . '_'.md5($data); // Check it's a legit upload, and move to the right place: if (move_uploaded_file($_FILES['photofile']['tmp_name'], DIR_FS_CATALOG . DIR_WS_PHOTOS . $file_name)) { // Everything else correct? Then add to the DB if ( $file_size < $allowed_size && ($file_type == "image/jpeg" || $file_type == "image/pjpeg") ) { $sql = "INSERT INTO x_catalogue_photos ( catalogue_id, file_name, file_size, customers_id, nickname, comment, date_uploaded ) VALUES ('".$catalogue_id."', '".$file_name."', '".$file_size."', '".$customer_id."', '".tep_db_input(tep_db_prepare_input($_POST['nickname']))."', '".tep_db_input(tep_db_prepare_input($_POST['comment']))."', NOW() )"; // That INSERT worked ok? Sweet! Now let's update the catalogue entry to reflect that... if ( tep_db_query($sql) ) { $sql = "UPDATE x_catalogue c SET PHOTOS_AVAILABLE = (SELECT COUNT(*) total FROM x_catalogue_photos p WHERE p.catalogue_id=c.SEQNO) WHERE SEQNO = '".$catalogue_id."'"; if ( tep_db_query($sql) ) { $result = true; } } } } } } $pagetitle = trim($cat_item['concat_name'] ); if ($result) { tep_redirect($_SERVER['PHP_SELF'] . "?catalogue_id=$catalogue_id&upload=1&result=1"); } else { // Delete file if we can @unlink(DIR_FS_CATALOG . DIR_WS_PHOTOS . $file_name); tep_redirect($_SERVER['PHP_SELF'] . "?catalogue_id=$catalogue_id&upload=1&result=0"); } } elseif ($_GET['upload']==1) { // Do upload confirmation page if ($_GET['result']==1) { $pagecontent = 'Thanks for sharing! Your photo has been uploaded to our database successfully.'; } else { $pagecontent = 'There was a problem uploading your photo. Please ensure the file you uploaded is an image file in JPEG format, and no bigger than 1Mb.

If the filesize is too large you may need to shrink it - try 1000 pixels wide. We recommend using the FastStone Photo Resizer utility. It\'s free, simple, and can convert an entire batch of photos at once.'; } $pagecontent .= '

Click here to return to the main ' . $pagetitle . ' page.'; } else { // Display form $pagetitle = trim($cat_item['concat_name'] ); $pagecontent = 'Have you got a photo of '. $pagetitle .' you\'d like to share with us? We\'d love to see it.

Select your image file:

Your name: (optional)

Your caption: (optional)

By submitting this form, you acknowledge you have read and agree to our terms of use.

'; // Copyright info taken from http://www.microsoft.com/info/cpyright.mspx#E3D //

I have read and agree to your terms and conditions.

// } } if ($_GET['t']=='1') { $messageStack->add('insert', 'Thanks for sharing that comment with us!', 'success'); } ?>