Location: PHPKode > scripts > PhotoblogX > photoblogx-master/photo.php
<?php
	require_once('pbadmin/config.php');
	require_once('pbadmin/sanitize.php');
	function show_photo($id_photo,$x,$y,$z) {
		include('pbadmin/config.php');
		$photo_dir = "images/";
		$id = sanitize($id_photo);
		$query_photo = $db_connection->prepare('SELECT photo_file, photo_name, photo_description, photo_date, photo_time, photo_tags FROM photoblog_photo WHERE photo_id = ?;');
		$query_photo->execute(array($id));
		$result_photo = $query_photo->fetch(PDO::FETCH_ASSOC);
		$photo_file = $result_photo['photo_file'];
		$photo_name = $result_photo['photo_name'];
		$photo_description = $result_photo['photo_description'];
		$photo_date = $result_photo['photo_date'];
		$photo_time = $result_photo['photo_time'];
		$photo_tags = $result_photo['photo_tags'];
		if (!empty($id) && is_numeric($id)) {
			print '<div class="content" id="content-margin">'."\n";
			$query_photo_prev1 = $db_connection->prepare('SELECT photo_id, photo_name FROM photoblog_photo WHERE photo_id < ? ORDER BY photo_id DESC LIMIT 1;');
			$query_photo_prev1->execute(array($id));
			$previous_photo1 = $query_photo_prev1->fetch(PDO::FETCH_ASSOC);
			$previous_photo_id1 = $previous_photo1['photo_id'];
			$previous_photo_name1 = $previous_photo1['photo_name'];
			$query_photo_next1 = $db_connection->prepare('SELECT photo_id, photo_name FROM photoblog_photo WHERE photo_id > ? ORDER BY photo_id ASC LIMIT 1;');
			$query_photo_next1->execute(array($id));
			$next_photo1 = $query_photo_next1->fetch(PDO::FETCH_ASSOC);
			$next_photo_id1 = $next_photo1['photo_id'];
			$next_photo_name1 = $next_photo1['photo_name'];
			if (!isset($next_photo_id1) || !is_numeric($next_photo_id1)) {
				$query_photo_next2 = $db_connection->prepare('SELECT photo_id, photo_name FROM photoblog_photo ORDER BY photo_id ASC LIMIT 1;');
				$query_photo_next2->execute();
				$next_photo2 = $query_photo_next2->fetch(PDO::FETCH_ASSOC);
				$next_photo_id2 = $next_photo2['photo_id'];
				$next_photo_name2 = $next_photo2['photo_name'];
			}
			if (!isset($previous_photo_id1) || !is_numeric($previous_photo_id1)) {
				$query_photo_prev2 = $db_connection->prepare('SELECT photo_id, photo_name FROM photoblog_photo ORDER BY photo_id DESC LIMIT 1;');
				$query_photo_prev2->execute();
				$previous_photo2 = $query_photo_prev2->fetch(PDO::FETCH_ASSOC);
				$previous_photo_id2 = $previous_photo2['photo_id'];
				$previous_photo_name2 = $previous_photo2['photo_name'];
			}
			if (isset($previous_photo_id2)) {
				print '<p class="back"><a href="index.php?show_image='.$previous_photo_id2.'" title="Previous Image ['.$previous_photo_name2.']" alt="'.$previous_photo_name2.'">&lt;</a></p>'."\n";
			} else {
				print '<p class="back"><a href="index.php?show_image='.$previous_photo_id1.'" title="Previous Image ['.$previous_photo_name1.']" alt="'.$previous_photo_name1.'">&lt;</a></p>'."\n";
			}
			print '<a class="photo_colorbox" href="'.$photo_dir.$photo_file.'" title="'.$photo_name.'" alt="'.$photo_name.'"><img src="'.$photo_dir.$photo_file.'" title="'.$photo_name.'" alt="'.$photo_name.'" id="main_photo" /></a>'."\n";
			if (isset($next_photo_id2)) {
				print '<p class="forward"><a href="index.php?show_image='.$next_photo_id2.'" title="Next Image ['.$next_photo_name2.']" alt="'.$next_photo_name2.'">&gt;</a></p>'."\n";
			} else {
				print '<p class="forward"><a href="index.php?show_image='.$next_photo_id1.'" title="Next Image ['.$next_photo_name1.']" alt="'.$next_photo_name1.'">&gt;</a></p>'."\n";
			}
			print "</div>\n";
			print '<div id="info-photo" style="margin-top:25px;"><br />'."\n";
			print "<p>Title:&nbsp; <span>$photo_name</span></p>\n";
			if (!empty($photo_description) || $photo_description != "") {
				print "<p>Description:&nbsp; <span>$photo_description</span></p>\n";
			}
			if (!empty($photo_tags) || $photo_tags != "") {
				print "<p>tags:&nbsp;<span>$photo_tags</span></p>\n";
			}
			$count_comments_query = $db_connection->prepare('SELECT COUNT(comment_content) FROM photoblog_comments WHERE comment_photo_id = ?');
			$count_comments_query->execute(array($id));
			$count_comments = $count_comments_query->fetchColumn();
			print "<span>Sent on $photo_date at $photo_time</span>\n";
			print '<p><span><a href="javascript: void(0);" onclick="showform();" title="Comment on Photo" alt="Comment on Photo">Comment on photo</a><span>&nbsp; <span class="comments-number"><a href="javascript: void(0)" onclick="showcomments();" title="Watch comments" alt="Watch Comments">&nbsp;Watch comments (';
			if (!empty($count_comments) && is_numeric($count_comments)) {
				print $count_comments;
			} else if (empty($count_comments) || $count_comments == "") {
				print "0";
			}
			print ")</a></span></p><br />\n";
			print '<form action="comment.php" method="get" id="make_comment" onsubmit="return false;">'."\n";
			print '<p><a href="javascript: void(0);" onclick="hideform();" title="Hide comment form" alt="Hide comment form">Hide comment form</a></p><br />'."\n";
			print '<input type="hidden" name="id_comment" value="'.$id.'" id="comment" />'."\n";
			print '<p>Your Name&nbsp; (Required)&nbsp; <input type="text" name="name" id="name-comment" title="Your name" alt="Your Name" /></p>'."\n";
			print '<p>Mail&nbsp; (not required, but will be not shown)&nbsp; <input type="text" name="mail" id="mail-comment" title="Email" alt="Email" /></p>'."\n";
			print '<p>Comment&nbsp; (Required)&nbsp; <input type="text" name="comment" id="content-comment" title="Comment" alt="Comment" /></p>'."\n";
			print '<p>Solve the next sum&nbsp;&nbsp;</p><br /><span>'.$x.'+'.$y.'+'.$z.'</span><p><input type="text" name="captcha" id="captcha-comment" title="Captcha" alt="Captcha" /></p>'."\n";
			print '<p><button id="insert-comment" type="button" title="Submit Comment">Submit Comment</button></p><br />';
			print '<div id="comment"></div><br />'."\n";
			print "</form>\n";
			print '<div id="comments_display">'."\n";
			$comments_query = $db_connection->prepare('SELECT comment_name, comment_content FROM photoblog_comments WHERE comment_photo_id = ?');
			$comments_query->execute(array($id));
			$comments_result = $comments_query->fetchAll(PDO::FETCH_ASSOC);
			foreach ($comments_result as $comment) {
				$comment_name = $comment['comment_name'];
				$comment_content = $comment['comment_content'];
				if (!empty($comment_name) && $comment_name != "" && !empty($comment_content) && $comment_content != "") {
					print "<p>Name: $comment_name</p>";
					print "<p>Comment: $comment_content</p><br />";
					$print_hide = true;
				}
			}
			print '<span class="hide-comment">'."\n";
			if (isset($print_hide)) {
				print '<p><a href="javascript: void(0);" onclick="hidecomments();" title="Hide comments" alt="Hide comments">Hide comments</a></p><br />'."\n";
			}
			print "</span>\n</div>\n</div>\n";
		}
	}
	if (empty($_GET["show_image"])) {
	    $query_photo = $db_connection->prepare('SELECT photo_id FROM photoblog_photo ORDER BY photo_id DESC LIMIT 1;');
		$query_photo->execute();
		$photo_result = $query_photo->fetch(PDO::FETCH_ASSOC);
		$photo_id = $photo_result['photo_id'];
		$x = mt_rand(10,30);
		$y = mt_rand(1,20);
		$z = mt_rand(1,9);
		$captcha_sum = $x+$y+$z;
		$_SESSION["photoblog_captcha"] = $captcha_sum;
		show_photo($photo_id,$x,$y,$z);
	} else if (!empty($_GET["show_image"]) && is_numeric($_GET["show_image"])) {
		$photo_id = sanitize($_GET["show_image"]);
	    $query_photo = $db_connection->prepare('SELECT photo_id FROM photoblog_photo WHERE photo_id = ? ORDER BY photo_id DESC LIMIT 1;');
		$query_photo->execute(array($photo_id));
		$photo_result = $query_photo->fetch(PDO::FETCH_ASSOC);
		$photo_id = $photo_result['photo_id'];
		$x = mt_rand(10,30);
		$y = mt_rand(1,20);
		$z = mt_rand(1,9);
		$captcha_sum = $x+$y+$z;
		$_SESSION["photoblog_captcha"] = $captcha_sum;
		show_photo($photo_id,$x,$y,$z);
	}
?>
Return current item: PhotoblogX