/** * Delete files on the server * * @author Thibaud Rohmer */ public function delete() { /// Just to be really sure... if (!(CurrentUser::$admin || CurrentUser::$uploader)) { return; } $del = File::r2a(stripslashes($_POST['del'])); if ($del == Settings::$photos_dir) { return; } return AdminDelete::rec_del($del); }
public static function small($file) { require_once dirname(__FILE__) . '/../phpthumb/phpthumb.class.php'; $basefile = new File($file); $basepath = File::a2r($file); $webimg = dirname($basepath) . "/" . $basefile->name . "_small." . $basefile->extension; list($x, $y) = getimagesize($file); if ($x <= 1200 && $y <= 1200) { return $file; } $path = File::r2a($webimg, Settings::$thumbs_dir); /// Create smaller image if (!file_exists($path) || filectime($file) > filectime($path)) { if (!file_exists(dirname($path))) { @mkdir(dirname($path), 0755, true); } $thumb = new phpthumb(); $thumb->config_imagemagick_path = Settings::$imagemagick_path; $thumb->setSourceData(file_get_contents($file)); $thumb->CalculateThumbnailDimensions(); $thumb->w = 1200; $thumb->h = 1200; $thumb->q = Settings::$quality_small; if (File::Type($file) == 'Image' && Provider::get_orientation_degrees($file) != 0) { $thumb->SourceImageToGD(); //$thumb->ra = Provider::get_orientation_degrees($file); $thumb->Rotate(); } $thumb->GenerateThumbnail(); $thumb->RenderToFile($path); } return $path; }
/** * Provide an image to the user, if he is allowed to * see it. If $thumb is true, provide the thumb associated * to the image. * * @param string $file * @param string $thumb * @return void * @author Thibaud Rohmer */ public static function image($file, $thumb = false, $large = false, $output = true, $dl = false) { if (!Judge::view($file)) { return; } if (function_exists("error_reporting")) { error_reporting(0); } /// Check item //~ if(!File::Type($file) || File::Type($file) != "Image"){ //~ return; //~ } if (File::Type($file) == "Video") { $basefile = new File($file); $basepath = File::a2r($file); /// Build relative path to webimg $path = Settings::$thumbs_dir . dirname($basepath) . "/" . $basefile->name . ".jpg"; Video::FastEncodeVideo($file, $basefile->extension); $large = true; } if (!$large) { try { if ($thumb) { $path = File::r2a(File::a2r($file), Settings::$thumbs_dir); if (!file_exists($path) || filectime($file) > filectime($path)) { require_once dirname(__FILE__) . '/../phpthumb/ThumbLib.inc.php'; /// Create directories if (!file_exists(dirname($path))) { @mkdir(dirname($path), 0750, true); } /// Create thumbnail $thumb = PhpThumbFactory::create($file); $thumb->resize(200, 200); $thumb->save($path); } } else { list($x, $y) = getimagesize($file); if ($x > 800 || $y > 600) { require_once dirname(__FILE__) . '/../phpthumb/ThumbLib.inc.php'; $basefile = new File($file); $basepath = File::a2r($file); /// Build relative path to webimg $webimg = dirname($basepath) . "/" . $basefile->name . "_small." . $basefile->extension; /// Set absolute path to comments file $path = File::r2a($webimg, Settings::$thumbs_dir); if (!file_exists($path) || filectime($file) > filectime($path)) { /// Create smaller image if (!file_exists(dirname($path))) { @mkdir(dirname($path), 0755, true); } $thumb = PhpThumbFactory::create($file); $thumb->resize(800, 600); $thumb->save($path); } } else { $path = $file; } } } catch (Exception $e) { // do nothing } } if (!isset($path) || !file_exists($path)) { $path = $file; } if ($output) { if ($dl) { header('Content-Disposition: attachment; filename="' . basename($file) . '"'); header('Content-type: image/jpeg'); } else { $expires = 60 * 60 * 24 * 14; $last_modified_time = filemtime($path); $last_modified_time = 0; $etag = md5_file($file); header("Last-Modified: " . 0 . " GMT"); header("Pragma: public"); header("Cache-Control: max-age=360000"); header("Etag: {$etag}"); header("Cache-Control: maxage=" . $expires); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $expires) . ' GMT'); header('Content-type: image/jpeg'); } readfile($path); } }
/** * Retrieves info for the current user account * * @author Thibaud Rohmer */ public static function init() { CurrentUser::$accounts_file = Settings::$conf_dir . "/accounts.xml"; CurrentUser::$groups_file = Settings::$conf_dir . "/groups.xml"; /// Set path if (isset($_GET['f'])) { CurrentUser::$path = stripslashes(File::r2a($_GET['f'])); if (isset($_GET['p'])) { switch ($_GET['p']) { case 'n': CurrentUser::$path = File::next(CurrentUser::$path); break; case 'p': CurrentUser::$path = File::prev(CurrentUser::$path); break; } } } else { /// Path not defined in URL CurrentUser::$path = Settings::$photos_dir; } /// Set CurrentUser account if (isset($_SESSION['login'])) { self::$account = new Account($_SESSION['login']); // groups sometimes can be null $groups = self::$account->groups === NULL ? array() : self::$account->groups; self::$admin = in_array("root", $groups); self::$uploader = in_array("uploaders", $groups); } /// Set action (needed for page layout) if (isset($_GET['t'])) { switch ($_GET['t']) { case "Page": case "Img": case "Thb": CurrentUser::$action = $_GET['t']; break; case "Big": case "BDl": case "Zip": if (!Settings::$nodownload) { CurrentUser::$action = $_GET['t']; } break; case "Reg": if (isset($_POST['login']) && isset($_POST['password'])) { if (!Account::create($_POST['login'], $_POST['password'], $_POST['verif'])) { echo "Error creating account."; } } case "Log": if (isset($_SESSION['login'])) { CurrentUser::logout(); echo "logged out"; break; } if (isset($_POST['login']) && isset($_POST['password'])) { try { if (!CurrentUser::login($_POST['login'], $_POST['password'])) { echo "Wrong password"; } } catch (Exception $e) { echo "Account not found"; } } if (!isset(CurrentUser::$account)) { CurrentUser::$action = $_GET['t']; } break; case "Acc": if (isset($_POST['old_password'])) { Account::edit($_POST['login'], $_POST['old_password'], $_POST['password'], $_POST['name'], $_POST['email']); } CurrentUser::$action = "Acc"; break; case "Adm": if (CurrentUser::$admin) { CurrentUser::$action = "Adm"; } break; case "Com": Comments::add(CurrentUser::$path, $_POST['content'], $_POST['login']); break; case "Rig": Judge::edit(CurrentUser::$path, $_POST['users'], $_POST['groups'], true); CurrentUser::$action = "Judge"; break; case "Pub": Judge::edit(CurrentUser::$path); CurrentUser::$action = "Judge"; break; case "Pri": Judge::edit(CurrentUser::$path, array(), array(), true); CurrentUser::$action = "Judge"; break; case "Inf": CurrentUser::$action = "Inf"; break; case "Fs": if (is_file(CurrentUser::$path)) { CurrentUser::$action = "Fs"; } break; default: CurrentUser::$action = "Page"; break; } } else { CurrentUser::$action = "Page"; } if (isset($_GET['a']) && CurrentUser::$action != "Adm") { if (CurrentUser::$admin || CurrentUser::$uploader) { new Admin(); } } if (isset($_GET['j'])) { CurrentUser::$action = "JS"; } /// Set default action if (!isset(CurrentUser::$action)) { CurrentUser::$action = "Page"; } /// Throw exception if accounts file is missing if (!file_exists(CurrentUser::$accounts_file)) { throw new Exception("Accounts file missing", 69); } /// Create Group File if it doesn't exist if (!file_exists(CurrentUser::$groups_file)) { Group::create_group_file(); } if (isset(CurrentUser::$account)) { CurrentUser::$admin = in_array("root", CurrentUser::$account->groups); } }
/** * Check if a file is viewable in a folder, and returns path to that file. */ public static function searchDir($dir, $public_search = false) { $rightsdir = File::r2a(File::a2r($dir), Settings::$thumbs_dir); $rightsfiles = glob($rightsdir . "/.*ights.xml"); // Check files foreach ($rightsfiles as $rf) { $f = Judge::associated_file($rf); if ($public_search and Judge::is_public($f) or !$public_search and Judge::view($f)) { if (is_file($f)) { return $f; } else { foreach (Menu::list_files($f, true) as $p) { if ($public_search and Judge::is_public($p) or !$public_search and Judge::view($p)) { return $p; } } } } } // Check subdirs foreach (Menu::list_dirs($dir) as $d) { if ($f = Judge::searchDir($d, $public_search)) { return $f; } } return false; }
/** * Returns path to associated file */ public static function associated_file($rf) { $associated_dir = File::r2a(File::a2r(dirname($rf), Settings::$thumbs_dir), Settings::$photos_dir); if (basename($rf) == ".rights.xml") { return $associated_dir; } else { return $associated_dir . "/" . substr(basename($rf), 1, -11); } }
/** * Path comes in, relative and absolute path come out * * @param string $path * @return void * @author Thibaud Rohmer */ public static function paths($path, $dir = NULL) { if (!isset($dir)) { $dir = Settings::$photos_dir; } try { $rel = File::a2r($path, $dir); $abs = $path; } catch (Exception $e) { // This path is already relative $rel = $path; $abs = File::r2a($path, $dir); } return array($rel, $abs); }
/** * Delete files on the server * * @author Thibaud Rohmer */ public function delete() { /// Just to be really sure... if (!(CurrentUser::$admin || CurrentUser::$uploader)) { return; } if (!is_array($_POST['del'])) { $del = File::r2a(stripslashes($_POST['del'])); return Admin::rec_del($del); } else { foreach ($_POST['del'] as $todel) { $del = File::r2a(stripslashes($todel)); Admin::rec_del($del); } } }
/** * Read comments for item $file * * @param string $file * @author Thibaud Rohmer */ public function __construct($file = null) { /// No item, no comment ! if (!isset($file)) { return; } /// Set variables $this->file = $file; $settings = new Settings(); $basefile = new File($file); $basepath = File::a2r($file); /// Urlencode basepath $this->webfile = urlencode(File::a2r($file)); /// Build relative path to comments file if (is_file($file)) { $comments = dirname($basepath) . "/." . basename($file) . "_comments.xml"; } else { $comments = $basepath . "/.comments.xml"; } /// Set absolute path to comments file $this->commentsfile = File::r2a($comments, Settings::$thumbs_dir); /// Check that comments file exists if (file_exists($this->commentsfile)) { $this->parse_comments_file(); } }
/** * Create admin page * * @author Thibaud Rohmer */ public function __construct() { /// Check that current user is an admin or an uploader if (!(CurrentUser::$admin || CurrentUser::$uploader)) { return; } /// Get actions available for Uploaders too if (isset($_GET['a'])) { switch ($_GET['a']) { case "Abo": $this->page = new AdminAbout(); break; case "Upl": if (isset($_POST['path'])) { AdminUpload::upload(); CurrentUser::$path = File::r2a(stripslashes($_POST['path'])); } $this->page = new AdminFiles(); break; case "Mov": if (isset($_POST['pathFrom'])) { try { CurrentUser::$path = File::r2a(dirname(stripslashes($_POST['pathFrom']))); } catch (Exception $e) { CurrentUser::$path = Settings::$photos_dir; } } AdminMove::move(); if (isset($_POST['move']) && $_POST['move'] == "rename") { try { // if(is_dir(File::r2a(stripslashes($_POST['pathFrom'])))){ // CurrentUser::$path = dirname(File::r2a(stripslashes($_POST['pathFrom'])))."/".stripslashes($_POST['pathTo']); // } } catch (Exception $e) { CurrentUser::$path = Settings::$photos_dir; } } $this->page = new AdminFiles(); break; case "Del": if (isset($_POST['del'])) { CurrentUser::$path = dirname(File::r2a(stripslashes($_POST['del']))); AdminDelete::delete(); } $this->page = new AdminFiles(); break; } } /// Check that current user is an admin if (!CurrentUser::$admin) { return; } /// Get action if (isset($_GET['a'])) { switch ($_GET['a']) { case "Sta": $this->page = new AdminStats(); break; case "Acc": if (isset($_POST['old_password'])) { Account::edit($_POST['login'], $_POST['old_password'], $_POST['password'], $_POST['name'], $_POST['email']); } if (isset($_POST['login'])) { $this->page = new Account($_POST['login']); } else { $this->page = CurrentUser::$account; } break; case "GC": Group::create($_POST['group']); $this->page = new JSAccounts(); break; case "AAc": Account::create($_POST['login'], $_POST['password'], $_POST['verif']); $this->page = new JSAccounts(); break; case "AGA": $a = new Account($_POST['acc']); $a->add_group($_POST['group']); $a->save(); $this->page = CurrentUser::$account; break; case "AGR": $a = new Account($_POST['acc']); $a->remove_group($_POST['group']); $a->save(); $this->page = CurrentUser::$account; break; case "ADe": Account::delete($_POST['name']); $this->page = new JSAccounts(); break; case "GDe": Group::delete($_POST['name']); $this->page = new JSAccounts(); break; case "CDe": CurrentUser::$path = File::r2a($_POST['image']); Comments::delete($_POST['image'], $_POST['date']); $this->page = new MainPage(); break; case "Fil": $this->page = new AdminFiles(); break; case "JS": break; case "EdA": $this->page = new JSAccounts(); break; case "GAl": if (isset($_POST['path'])) { Settings::gener_all(File::r2a(stripslashes($_POST['path']))); } case "Set": if (isset($_POST['name'])) { Settings::set(); } $this->page = new Settings(); break; } } if (!isset($this->page)) { $this->page = new AdminStats(); } /// Create menu $this->menu = new AdminMenu(); }
/** * Upload files on the server * * @author Thibaud Rohmer */ public function upload() { $allowedExtensions = array("tiff", "jpg", "jpeg", "gif", "png"); /// Just to be really sure ffmpeg enable - necessary generate thumbnail jpg and webm if (Settings::$encode_video) { array_push($allowedExtensions, "flv", "mov", "mpg", "mp4", "ogv", "mts", "3gp", "webm"); } $already_set_rights = false; /// Just to be really sure... if (!(CurrentUser::$admin || CurrentUser::$uploader)) { return; } /// Set upload path $path = stripslashes(File::r2a($_POST['path'])); /// Create dir and update upload path if required if (strlen(stripslashes($_POST['newdir'])) > 0 && !strpos(stripslashes($_POST['newdir']), '..')) { $path = $path . "/" . stripslashes($_POST['newdir']); if (!file_exists($path)) { @mkdir($path, 0750, true); @mkdir(File::r2a(File::a2r($path), Settings::$thumbs_dir), 0750, true); } /// Setup rights if (!isset($_POST['inherit'])) { if (isset($_POST['public'])) { Judge::edit($path); } else { Judge::edit($path, $_POST['users'], $_POST['groups']); } } $already_set_rights = true; } if (!isset($_FILES["images"])) { return; } /// Treat uploaded files foreach ($_FILES["images"]["error"] as $key => $error) { // Check that file is uploaded if ($error == UPLOAD_ERR_OK) { // Name of the stored file $tmp_name = $_FILES["images"]["tmp_name"][$key]; // Name on the website $name = $_FILES["images"]["name"][$key]; $info = pathinfo($name); $base_name = basename($name, '.' . $info['extension']); // Check filetype if (!in_array(strtolower($info['extension']), $allowedExtensions)) { continue; } // Rename until this name isn't taken $i = 1; while (file_exists("{$path}/{$name}")) { $name = $base_name . "-" . $i . "." . $info['extension']; $i++; } // Save the files if (move_uploaded_file($tmp_name, "{$path}/{$name}")) { // $done .= "Successfully uploaded $name"; Video::FastEncodeVideo("{$path}/{$name}"); } /// Setup rights if (!$already_set_rights && !isset($_POST['inherit'])) { if (isset($_POST['public'])) { Judge::edit($path); } else { Judge::edit($path, $_POST['users'], $_POST['groups']); } } } } }
/** * Upload files on the server * * @author Thibaud Rohmer */ public function move() { /// Just to be really sure... if (!(CurrentUser::$admin || CurrentUser::$uploader)) { return; } $from = File::r2a(stripslashes($_POST['pathFrom'])); $to = File::r2a(stripslashes($_POST['pathTo'])); $type = $_POST['move']; if ($from == $to) { return; } if ($type == "rename") { @rename($from, dirname($from) . "/" . stripslashes($_POST['pathTo'])); return; } if (is_file($from) || $type == "directory") { @rename($from, $to . "/" . basename($from)); return; } /// We are moving multiple files $files = scandir($from); foreach ($files as $file) { if ($file != "." && $file != "..") { @rename($from . "/" . $file, $to . "/" . $file); } } return; }
/** * Return image(s) $img */ public static function get_img($key, $img, $t = 'large') { if (is_array($img)) { $res = array(); foreach ($img as $i) { $p = get_img($key, $i, $t); if (isset($p)) { $res[] = $p; } } return $res; } else { $i = File::r2a($img); if (Judge::view($i)) { switch ($t) { case "thumb": return file_get_contents(Provider::thumb($i)); case "small": return file_get_contents(Provider::small($i)); case "large": default: return file_get_contents($i); } } } }