Index: drupal.fndb.inc
===================================================================
RCS file: /cvs/drupal/contributions/modules/imagenotes/drupal.fndb.inc,v
retrieving revision 1.1
diff -u -r1.1 drupal.fndb.inc
--- drupal.fndb.inc	10 Nov 2006 19:18:32 -0000	1.1
+++ drupal.fndb.inc	4 Jun 2008 07:53:00 -0000
@@ -20,19 +20,57 @@
   
   function saveNewAnnotation($fn_image, $fn_annotation) {
     global $user;
-    $result = db_query("INSERT INTO {imagenotes} (nid, uid, annotation_id, title, content, xml) VALUES (%d, %d, '%s', '%s', '%s', '%s')",
-                       $fn_image->param['nid'], $user->uid, $fn_annotation->param['id'], $fn_annotation->param['title'], $fn_annotation->param['content'], $fn_annotation->param['src_xml']);
+    
+    $width = $fn_image->param['source_x'];
+    $height = $fn_image->param['source_y'];
+    
+    //watchdog('debug', print_r($fn_image,1));
+    //watchdog('debug', print_r($fn_annotation,1));
+    //return;
+    
+    //$file = str_replace($fn_annotation->param['annotationID'] .'@', '', $fn_annotation->param['id']);
+    //$info = image_get_info(file_directory_path() . '/images/' . $file);
+    
+    //watchdog('debug', print_r( $fn_annotation->param['content'],1));
+    //return;
+    
+    
+    
+    $result = db_query("INSERT INTO {imagenotes} (nid, uid, annotation_id, title, content, xml, width, height) VALUES (%d, %d, '%s', '%s', '%s', '%s', %d, %d)",
+                       $fn_image->param['nid'], $user->uid, $fn_annotation->param['id'], $fn_annotation->param['title'], htmlspecialchars($fn_annotation->param['content']), $fn_annotation->param['src_xml'], $width, $height);
     return true;
   }
 	
   function updateExistingAnnotationByID($fn_image, $fn_annotation) {
-    $result = db_query("UPDATE {imagenotes} SET title='%s', content='%s', xml='%s' WHERE annotation_id='%s'",
-                       $fn_annotation->param['title'], $fn_annotation->param['content'], $fn_annotation->param['src_xml'], $fn_annotation->param['id']);
-    return true;
+      
+    $width = $fn_image->param['source_x'];
+    $height = $fn_image->param['source_y'];
+
+    $entry = $fn_annotation->param['src_xml'];
+    
+    preg_match("#<title>(.*)</title>#Umsi", $entry, $data);
+    $title = $data[1];
+    preg_match("#<content.*>(.*)</content>#Umsi", $entry, $data);
+    $content = $data[1];
+	$id = $fn_annotation->param['id'];
+    /* $id = $temp = explode('/', $fn_annotation->param['id']);
+    $id = array_pop($temp); */
+	//watchdog('debug', print_r($id,1));
+    $nid = db_result(db_query("SELECT nid FROM {imagenotes} WHERE annotation_id='%s'", $id));
+    $node = node_load(array('nid' => $nid));
+    $node->changed = time();
+    node_save($node);
+	
+    $result = db_query("UPDATE {imagenotes} SET title='%s', content='%s', xml='%s', width=%d, height=%d WHERE annotation_id='%s'",
+                       $title, htmlspecialchars($content), $entry, $width, $height, $id);
+	return true;
   }
 	
   function deleteAnnotationByID($fn_image, $fn_annotation) {
-    $result = db_query("DELETE FROM {imagenotes} WHERE annotation_id = '%s'", $fn_annotation->param['id']);
+    $id = $fn_annotation->param['id'];
+    /* $temp = explode('/', $fn_annotation->param['id']);
+    $id = array_pop($temp); */
+    $result = db_query("DELETE FROM {imagenotes} WHERE annotation_id = '%s'", $id);
     return true;	
   }
 }
@@ -54,25 +92,26 @@
 	}
 		
 	function getAnnotations(&$fn_image) {
-      global $DHTML_MAXWIDTH, $DHTML_MAXHEIGHT;
+      //global $DHTML_MAXWIDTH, $DHTML_MAXHEIGHT;
 
-      $node = node_load($fn_image->param['nid']);
-      $this->image = file_create_path($node->images['preview']);
+      //$node = node_load($fn_image->param['nid']);
+      //$this->image = file_create_path($node->images['preview']);
 
-      $size = getimagesize($this->image);
-      displayDebugParam($size, 4);
-      $ratioWidth = $DHTML_MAXWIDTH /  $size[0];
-      $ratioHeight = $DHTML_MAXHEIGHT / $size[1];
-      
-      if($ratioHeight>$ratioWidth){$ratio=$ratioWidth;}else{$ratio=$ratioHeight;}
-      if($ratio>1){$ratio=1;}
-      
-      $fn_image->setFnImageParam('scalefactor', $ratio);
+      //$fn_image->setFnImageParam('scalefactor', $ratio);
       
-      $annoatations = array();
+      $annotations = array();
       $xml = '';
       $result = db_query("SELECT * FROM {imagenotes} WHERE nid=%d", arg(1));
       while ($row = db_fetch_object($result)) {
+
+        $ratioWidth = arg(2) / $row->width;
+        $ratioHeight = arg(3) / $row->height;
+
+        if($ratioHeight>$ratioWidth){$ratio=$ratioWidth;}else{$ratio=$ratioHeight;}
+        //if($ratio>1){$ratio=1;}
+        
+        //watchdog('debug', $row->width . ' / ' . $info['width']);
+
         $entry = $row->xml;
         preg_match("#<fn:boundingBox>(.*)</fn:boundingBox>#Umsi", $entry, $coordstring);
         $coords = explode(",", $coordstring[1]);
@@ -80,7 +119,7 @@
                 $annotation['upperlefty'], 
                 $annotation['lowerrightx'], 
                 $annotation['lowerrighty'])  = $coords;
-        $annotation['width'] = ($coords[2] - $coords[0])*$ratio;
+
         $annotation['width'] = ($coords[2] - $coords[0])*$ratio;
         $annotation['height'] = ($coords[3] - $coords[1])*$ratio;
         $annotation['upperlefty'] *= $ratio;
@@ -91,7 +130,7 @@
         preg_match("#<title>(.*)</title>#Umsi", $entry, $title);
         $annotation['title'] = $title[1];
         preg_match("#<content.*>(.*)</content>#Umsi", $entry, $content);
-        $annotation['content'] = $content[1];
+        $annotation['content'] = htmlspecialchars($content[1]);
         preg_match("#<name>(.*)</name>#Umsi", $entry, $author);
         $annotation['author'] = $author[1];
         preg_match("#<created>(.*)</created>#Umsi", $entry, $created);
@@ -103,10 +142,12 @@
         preg_match("#<id>(.*)</id>#Umsi", $entry, $id);
         //$annotation['id'] = basename($id[1]);  Do not get basename, use full url
         $annotation['id'] = $id[1];
+        
         preg_match("#<userid>(.*)</userid>#Umsi", $entry, $userid);
         $annotation['userid'] = $userid[1];
         $annotations[] = $annotation;
       }
+      
       return $annotations;
 	}
 	
Index: imagenotes.install
===================================================================
RCS file: /cvs/drupal/contributions/modules/imagenotes/imagenotes.install,v
retrieving revision 1.1
diff -u -r1.1 imagenotes.install
--- imagenotes.install	10 Nov 2006 19:18:32 -0000	1.1
+++ imagenotes.install	9 Jun 2008 19:54:05 -0000
@@ -8,13 +8,51 @@
   switch ($GLOBALS['db_type']) {
     case 'mysql':
     case 'mysqli':
-      db_query("CREATE TABLE IF NOT EXISTS {imagenotes} (
-        nid INTEGER UNSIGNED NOT NULL,
-        uid INTEGER UNSIGNED NOT NULL,
-        annotation_id VARCHAR(255),
-        title VARCHAR(255),
-        content TEXT,
-        xml TEXT
-        ) /*!40100 DEFAULT CHARACTER SET utf8 */;");
+
+        db_query("CREATE TABLE {imagenotes} (
+          `nid` int(10) unsigned NOT NULL,
+          `uid` int(10) unsigned NOT NULL,
+	  `annotation_id` varchar(255) NOT NULL default '',
+          `title` varchar(255) default NULL,
+          `content` text,
+          `xml` text,
+          `width` smallint(5) unsigned NOT NULL default '0',
+          `height` smallint(5) unsigned NOT NULL default '0',
+          PRIMARY KEY  (`annotation_id`),
+          KEY `nid` (`nid`)
+        )");
+	
+	db_query("CREATE TABLE {imagenotes_perm} (
+          `nid` int(10) unsigned NOT NULL,
+          `perm` int(10) unsigned NOT NULL,
+          PRIMARY KEY  (`nid`)
+        )");
+	$type = 'image';
+	$sql = "SELECT nid FROM {node} WHERE type = '%s'";
+	$result = db_query($sql,$type);
+	while($row = db_fetch_object($result)){
+		db_query("INSERT INTO {imagenotes_perm} SET nid = %d, perm = %d",$row->nid,1);
+	}
+
   }
+}
+function imagenotes_uninstall() {
+  db_query('DROP TABLE {imagenotes}');
+  db_query('DROP TABLE {imagenotes_perm}');
+}
+function imagenotes_update_1() {
+if (!db_table_exists('imagenotes_perm')) {
+  db_query("CREATE TABLE {imagenotes_perm} (
+          `nid` int(10) unsigned NOT NULL,
+          `perm` int(10) unsigned NOT NULL,
+          PRIMARY KEY  (`nid`)
+        )");
+}
+	db_query("TRUNCATE TABLE {imagenotes_perm}");
+	$sql = "SELECT nid FROM `node` WHERE `type` = 'image'";
+	$result = db_query($sql);
+	while($row = db_fetch_object($result)){
+		db_query("INSERT INTO {imagenotes_perm} SET nid = %d, perm = %d",$row->nid,1);
+	}
+return array();
 }
\ No newline at end of file
Index: imagenotes.module
===================================================================
RCS file: /cvs/drupal/contributions/modules/imagenotes/imagenotes.module,v
retrieving revision 1.2
diff -u -r1.2 imagenotes.module
--- imagenotes.module	10 Nov 2006 19:18:32 -0000	1.2
+++ imagenotes.module	9 Jun 2008 13:58:18 -0000
@@ -1,18 +1,7 @@
 <?php
-// $Id: imagenotes.module,v 1.2 2006/11/10 19:18:32 walkah Exp $
-
-/**
- * Implementation of hook_help
- */
-function imagenotes_help($section) {
-  switch ($section) {
-    case 'admin/modules#description':
-      return t('Allows users to add notes to images');
-  }
-}
 
 function imagenotes_perm() {
-  return array('create imagenotes');
+  return array('administer imagenotes','create imagenotes','create others imagenotes');
 }
 
 function imagenotes_menu($may_cache) {
@@ -28,35 +17,106 @@
 }
 
 function imagenotes_nodeapi(&$node, $op, $teaser, $page) {
-  if ($op == 'view' && $node->type == 'image' && $page) {
-    drupal_add_js(drupal_get_path('module', 'imagenotes') . '/fnclient/fnclientlib/js/fnclient.js');
-    drupal_set_html_head(theme('stylesheet_import', base_path() . drupal_get_path('module', 'imagenotes') .'/fnclient/fnclientlib/styles/fnclient.css'));
-    $js.= '<script type="text/javascript">';
-    $js .= "var fnServer = '". url('imagenotes/' . $node->nid) ."';\n";
-    $js.= "var fnAnnotateAll = true;\n";
-    $js.= "</script>\n";
-    drupal_set_html_head($js);
-  }
+
+    switch ($op)
+    {   case 'load':
+	    if($node->type == 'image'){
+	       $sql = "select perm from {imagenotes_perm} where nid = ".$node->nid;
+           $result = db_query($sql);
+		   $perm = db_fetch_object($result);
+		   $node->perm = $perm->perm;
+		 }
+		  break;
+	    case 'insert':
+	    case 'update':
+		$sql = "delete from {imagenotes_perm} where nid = ".$node->nid;
+           db_query($sql);
+		   $sql = "INSERT INTO {imagenotes_perm} ( `nid` , `perm` ) VALUES ( '".$node->nid."', '".$node->noteable."')";
+           db_query($sql);
+		   break;
+	
+	
+        case 'update index':
+        
+            $result = db_query("SELECT title, content FROM {imagenotes} WHERE nid=%d", $node->nid);
+            while ($db = db_fetch_object($result))
+            {
+                $text .= $db->title . ' ' . $db->content . ' ';
+            }
+            
+            return $text;
+        
+        case 'view':
+           if($node->type == 'image'){
+		       $sql = "select perm from {imagenotes_perm} where nid = ".$node->nid;
+	           $result = db_query($sql);
+			   $perm = db_fetch_object($result);
+			   $node->perm = $perm->perm;
+		 } 
+            			 
+            if ($node->type == 'image' && $page ) {
+                drupal_add_css(drupal_get_path('module', 'imagenotes') . '/fnclient/fnclientlib/styles/fnclient.css');
+                drupal_add_js(drupal_get_path('module', 'imagenotes') . '/fnclient/fnclientlib/js/fnclient.js');
+
+                
+                $size = $_GET['size'];
+                if (!$size)
+                {
+                  $size = IMAGE_PREVIEW;
+                }
+                
+                $info = image_get_info($node->images[$size]);
+                
+                $js .= "<script type=\"text/javascript\">\n";
+                $js .= "var fnServerPath = '". url('imagenotes/' . $node->nid) ."/" . $info['width'] . '/' . $info['height'] . "/';\n";
+
+                global $user;
+				if(user_access('administer imagenotes')){
+				    $js .= "var FN_ADD = 'allow';\n";
+                    $js .= "var FN_MODIFY = 'allow';\n";
+                    $js .= "var FN_DELETE = 'allow';\n";
+				}else if(user_access('create imagenotes') && $user->uid == $node->uid ){
+				    $js .= "var FN_ADD = 'allow';\n";
+                    $js .= "var FN_MODIFY = 'allow';\n";
+                    $js .= "var FN_DELETE = 'allow';\n";
+				}else if (user_access('create others imagenotes') && $user->uid != $node->uid  &&  $node->perm ){
+                    $js .= "var FN_ADD = 'allow';\n";
+                    $js .= "var FN_MODIFY = 'deny';\n";
+                    $js .= "var FN_DELETE = 'deny';\n";	
+					}
+					else{
+					$js .= "var FN_ADD = 'deny';\n";
+                    $js .= "var FN_MODIFY = 'deny';\n";
+                    $js .= "var FN_DELETE = 'deny';\n";	
+					
+					}
+                
+                $js .= "</script>\n";
+
+                drupal_set_html_head($js, 'inline');
+            }
+
+            break;
+    }
+
 }
 
-function imagenotes_callback($nid) {
+
+function imagenotes_callback($nid,$source_x,$source_y) {
   global $user, $PERMISSIONS, $FNSAVESTRATEGY, $FNRETRIEVESTRATEGY, $FNANNOTATIONFEEDSAVESTRATEGY, $FN_FEED_PATH, $DHTML_MAXWIDTH, $DHTML_MAXHEIGHT, $FN_FEED_PATH;
 
   $path = drupal_get_path('module', 'imagenotes') . '/fnclient/';
 
-  $PERMISSIONS = array('ADD' => 'allow',
-                       'MODIFY' => 'allow',
-                       'DELETE' => 'allow');
-  $PERMISSIONS = array('ADD' => 'deny',
+  
+ $PERMISSIONS = array('ADD' => 'deny',
                        'MODIFY' => 'deny',
                        'DELETE' => 'deny');
-  
   $dir = file_create_path('imagenotes');
   file_check_directory($dir, FILE_CREATE_DIRECTORY);
   $FN_FEED_PATH = $dir .'/';
 
-  $DHTML_MAXWIDTH	= 675;
-  $DHTML_MAXHEIGHT =	675;
+  $DHTML_MAXWIDTH = 675;
+  $DHTML_MAXHEIGHT = 675;
   
   $FNSAVESTRATEGY["FNSaveDatabaseRows"] = true;
   $FNSAVESTRATEGY["FNSaveDatabaseXMLBlock"] = false;
@@ -85,7 +145,7 @@
       break;
 	case "GET":
       foreach ($_GET as $key => $value) {
-        echo "\nkey: $key";
+        //echo "\nkey: $key";
         $fni->setFnImageParam($key, urldecode($value));
       }
       break;	
@@ -98,24 +158,57 @@
   // Set the nid as a param
   $fni->setFnImageParam('nid', $nid);
   
+  $fni->setFnImageParam('source_x', $source_x);
+  $fni->setFnImageParam('source_y', $source_y);
+  
   // CLEANUP incoming XML from client, if exists
+   
   if ($fni->fnImageParamExists("xml")) {
+    
+    
+ 
 	$fni->param["xml"] = preg_replace("#<\?xml.*>#Umsi", "", $fni->param["xml"]);
 	$fni->param["xml"] = preg_replace("#<feed.*>#Umsi", "", $fni->param["xml"]);
 	$fni->param["xml"] = preg_replace("#</feed>#Umsi", "", $fni->param["xml"]);
-	$fni->param["xml"] = stripslashes($fni->param["xml"]);
-
+	//$fni->param["xml"] = stripslashes($fni->param["xml"]);
 	$fni->param["xml"] = preg_replace("#<userid>.*</userid>#Umsi", "<userid>".$user->uid."</userid>", $fni->param["xml"]);	    
 	$fni->param["xml"] = preg_replace("#<name>.*</name>#Umsi", "<name>".$user->name."</name>", $fni->param["xml"]);	    
+    $ab = explode('content',$fni->param["xml"]);
+	$ab = html_entity_decode($ab[1]);
+	$fni->param["xml"] = preg_replace("#<content>.*</content>#Umsi", "<content".$ab."content>	", $fni->param["xml"]);
+	//$fni->param["xml"] = preg_replace("#<content>.*</content>#Umsi", "<content>testing again</content>	", $fni->param["xml"]);
+	 //watchdog('debug', print_r($fni,1));
   }
-
+ 
   // DO the requested action
   if ($fni->fnImageParamExists("action")) {
-    if ($fni->param['action'] == 'display' || user_access('create imagenotes')) {
+
+    $node = node_load(array('nid' => $nid));
+    
+    if ( $fni->param['action'] == 'display' || user_access('administer imagenotes') || ($user->uid == $node->uid && user_access('create imagenotes')) || (user_access('create others imagenotes') && $user->uid != $node->uid  &&  $node->perm ) ) {
       $fni->doFnAction();
     }
     else {
       die('success=denied');
     }
   }
-}
\ No newline at end of file
+  
+}
+function imagenotes_form_alter($form_id, &$form) {
+if(is_numeric(arg(1)) && arg(2) == 'edit'){
+$sql = "select perm from {imagenotes_perm} where nid = ".arg(1);
+	           $result = db_query($sql);
+			   $perm = db_fetch_object($result);
+			   $def = $perm->perm;
+}
+			   
+if ($form_id == 'image_node_form'){
+  $form['noteable'] = array(
+		'#title' => t('Can other users annotate this image? Check for yes. Uncheck for no.'),
+        '#type' => 'checkbox',
+        '#options' => array('0' => 'no' ,'1' => 'yes'),
+		'#default_value' => $def?$def:1,
+	    
+    );
+}
+}