@version 2.6.0
@author Rodolfo Berríos A. <http://rodolfoberrios.com/>
<*****@*****.**>
Copyright (c) Rodolfo Berrios <*****@*****.**>
Licensed under the MIT license
http://opensource.org/licenses/MIT
--------------------------------------------------------------------- */
define('access', 'API');
require_once 'includes/chevereto.php';
/*** Die, die, die my darling ***/
if (chevereto_config('api_key') == 'my_api_key' and chevereto_config('api_mode') == 'private' and !is_localhost()) {
chevereto_die(array('Open <code>includes/config.php</code>', 'Edit <code>$config[\'api_key\'] = \'my_api_key\';</code> with a different key.'), 'API key', array('You haven\'t changed the default api key, the API won\'t work until you fix this.'));
}
$key = $_REQUEST['key'];
$to_upload = $_REQUEST['upload'];
$to_resize = $_REQUEST['resize_width'];
$format = $_REQUEST['format'];
$callback = $_REQUEST['callback'];
/*** Checks the auth ***/
if (api_mode('private') and api_key() !== $key and !is_localhost()) {
$error_key_msg = 'Invalid API key';
$ERROR_AUTH_API = array('status_code' => 403, 'status_txt' => $error_key_msg);
switch ($format) {
default:
case 'json':
default:
json_output($ERROR_AUTH_API, $callback);
/**
* proccess_request
* Process the request for the public area
*/
private function proccess_request()
{
global $lang;
$this->template = 404;
// Default template
$this->pages = $this->get_pages();
// get theme pages
// Prepare te request array to use the legacy request (?v=file.ext)
if (check_value($_GET['v']) && preg_match("/^\\w*\\.jpg|png|gif\$/", $_GET['v'])) {
$this->base_request = '?' . $this->request_array[1];
unset($this->request_array[1]);
}
@session_start();
if (count($_SESSION['ImagesUp']) > 0) {
$_SESSION['ImagesUp'] = array_values($_SESSION['ImagesUp']);
self::$uploaded = true;
}
if (chevereto_config('maintenance')) {
$this->base_request = 'maintenance';
}
// Switch according the request
switch ($this->base_request) {
case '':
case 'index.php':
@session_start();
$_SESSION['last_upload_request'] = time();
$this->template = 'index';
break;
case 'json':
json_prepare();
// Do a special trick for the json action=login
if ($_REQUEST['action'] == 'login') {
// Check for user match...
$login_user = login_user($_REQUEST['password'], $_REQUEST['keep']);
if ($login_user !== false) {
$json_array = array('status_code' => 200, 'status_txt' => 'logged in');
} else {
$json_array = array('status_code' => 403, 'status_txt' => 'invalid login');
}
} elseif ($_REQUEST['action'] == 'logout') {
do_logout();
$json_array = array('status_code' => 200, 'status_txt' => 'logged out');
}
$json_array = check_value($json_array) ? $json_array : array('status' => 403, 'status_txt' => 'unauthorized');
session_write_close();
die(json_output($json_array));
break;
case __CHV_VIRTUALFOLDER_IMAGE__:
// View request
$id_public = $this->request_array[1];
$this->template = !is_upload_result() ? 'view' : 'uploaded';
self::$is_viewer = true;
break;
case __CHV_VIRTUALFOLDER_UPLOADED__:
@session_start();
if (count($_SESSION['ImagesUp']) > 0) {
$this->template = 'uploaded';
self::$doctitle = $lang['doctitle_upload_complete'];
} else {
$this->redirect(__CHV_BASE_URL__, 400);
}
break;
case 'error-javascript':
chevereto_die(array(get_lang_txt('critical_js_step_1'), get_lang_txt('critical_js_step_2')), 'JavaScript', array(get_lang_txt('critical_js')));
break;
case '?chevereto':
$this->template = 'bool';
break;
// Legacy viewer
// Legacy viewer
case '?v=' . $_GET['v']:
// View request
$id_public = $_GET['v'];
$this->legacy_redirect = true;
break;
case 'delete':
case 'delete-confirm':
//$delete_what = $this->request_array[1];
$id_public = $this->request_array[2];
$deleteHash = $this->request_array[3];
$this->template = $this->base_request;
self::$is_viewer = true;
break;
case 'maintenance':
$this->template = 'maintenance';
self::$doctitle = chevereto_config('doctitle');
break;
default:
// Pages request
require_once $this->path_theme . 'pages/pages_config.php';
// We load the special pages config
if (in_array($this->base_request . '.php', $this->pages) and $this->request_array[1] == '' and $pages_config[$this->base_request]['live']) {
$this->template = 'pages/' . $this->base_request;
self::$doctitle = $pages_config[$this->base_request]['title'];
} else {
$this->template = 'shorturl';
$id_public = $this->base_request;
self::$is_viewer = true;
}
break;
}
// Ask for the login on index and pages
if ($this->template == 'index' || $this->template == 'pages/' . $this->base_request) {
if (conditional_config('private_mode')) {
if (!is_logged_user()) {
$doctitle = get_lang_txt('txt_enter_password') . ' - ' . chevereto_config('doctitle');
include __CHV_PATH_SYSTEM__ . 'login.php';
die;
}
}
}
if ($this->template == 'uploaded') {
self::$doctitle = get_lang_txt('doctitle_upload_complete');
self::$image_info = $_SESSION['ImagesUp'][0];
self::$uploaded_images = $_SESSION['ImagesUp'];
$_SESSION['ImagesUp'] = NULL;
unset($_SESSION['ImagesUp']);
}
if (preg_match('/view|shorturl|delete/', $this->template) || $this->legacy_redirect) {
// Test connection
if ($this->dB->dead) {
self::$doctitle = 'dB connection error';
$this->template = 404;
} else {
// get image info
$imageID = $this->legacy_redirect ? $id_public : decodeID($id_public);
self::$image_info = $this->dB->image_info($imageID);
self::$id_public = $id_public;
if (!is_array(self::$image_info)) {
// Record?
if ($this->template == 'delete-confirm') {
json_output(array('status_code' => 403, 'status_txt' => 'target image doesn\'t exists'));
} else {
$this->template = 404;
}
} else {
if ($this->legacy_redirect) {
$this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . encodeID(self::$image_info['image_id']), 301);
}
$target = get_image_target(self::$image_info);
self::$image_target = $target['image_path'];
self::$image_thumb_target = $target['image_thumb_path'];
self::$image_url = absolute_to_url($target['image_path']);
self::$image_thumb_url = absolute_to_url($target['image_thumb_path']);
self::$image_filename = self::$image_info['image_filename'];
self::$image_viewer = __CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . $id_public;
self::$delete_image_url = __CHV_BASE_URL__ . 'delete/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash'];
$image_delete_proceed = !empty(self::$image_info['image_delete_hash']) && $deleteHash === self::$image_info['image_delete_hash'] ? true : false;
switch ($this->template) {
case 'delete':
if (!$image_delete_proceed) {
$this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . self::$id_public, 301);
}
self::$delete_image_confirm_url = __CHV_BASE_URL__ . 'delete-confirm/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash'];
self::$doctitle = get_lang_txt('doctitle_delete_confirm') . ' ' . self::$image_info['image_filename'];
break;
case 'delete-confirm':
if (!$image_delete_proceed) {
json_output(array('status_code' => 403, 'status_txt' => 'invalid delete hash'));
} else {
require_once __CHV_PATH_ADMIN_CLASSES__ . 'class.manage.php';
$manage = new Manage(array('id' => self::$image_info['image_id'], 'action' => 'delete'));
if ($manage->dead) {
$json_array = array('status_code' => 403, 'status_txt' => $manage->error);
} else {
$json_array = $manage->process();
}
}
// Make the status_txt more readable...
switch ($json_array['status_code']) {
case 200:
$json_array['status_txt'] = get_lang_txt('txt_image_deleted');
break;
default:
case 403:
$json_array['status_txt'] = get_lang_txt('txt_error_deleting_image');
break;
}
json_output($json_array);
break;
default:
self::$doctitle = get_lang_txt('doctitle_viewing_image') . ' ' . self::$image_info['image_filename'];
break;
}
}
}
}
if ($this->template == 404) {
status_header(404);
self::$doctitle = check_value(self::$doctitle) ? self::$doctitle : get_lang_txt('txt_404_title');
} else {
status_header(200);
}
// We load the template
if ($this->template == 'bool') {
exit(json_encode(true));
} else {
$this->load_template();
}
}
/**
* check_config
* This checks the script configuration... Like upload limit, thumbs, etc.
*/
function check_config()
{
global $config, $install_errors;
if (!defined('HTTP_HOST')) {
$install_errors[] = 'Can\'t resolve <code>HTTP_HOST</code>. Please check at the bottom of <code>config.php</code>';
}
// Upload limit vs php.ini value -> http://php.net/manual/ini.php
$ini_upload_bytes = return_bytes(trim(ini_get('upload_max_filesize')) . 'B');
$max_size_bytes = return_bytes($config['max_filesize']);
if (!is_numeric($max_size_bytes)) {
$install_errors[] = 'Invalid numeric value in <code>$config[\'max_filesize\']</code>';
} else {
if ($ini_upload_bytes < $max_size_bytes) {
$install_errors[] = 'Max. image size (' . $config['max_filesize'] . ') is greater than the value in <code>php.ini</code> (' . format_bytes($ini_upload_bytes) . ')';
}
}
if (!is_int($config['thumb_width'])) {
$install_errors[] = 'Invalid thumb size width in <code>$config[\'thumb_width\']</code>';
}
if (!is_int($config['thumb_height'])) {
$install_errors[] = 'Invalid thumb size height in <code>$config[\'thumb_height\']</code>';
}
if (!is_int($config['min_resize_size']) || $config['min_resize_size'] < 0) {
$install_errors[] = 'Invalid minimum resize size in <code>$config[\'min_resize_size\']</code>';
}
if (!is_int($config['max_resize_size']) || $config['max_resize_size'] < 0) {
$install_errors[] = 'Invalid maximum resize size in <code>$config[\'max_resize_size\']</code>';
}
if (is_int($config['min_resize_size']) && is_int($config['max_resize_size']) && $config['min_resize_size'] > $config['max_resize_size']) {
$install_errors[] = 'Minimum resize size can\'t be larger than maximum resize size. Please check <code>$config[\'min_resize_size\']</code> and <code>$config[\'max_resize_size\']</code>';
}
if (!conditional_config('multiupload')) {
$config['multiupload_limit'] = 1;
} else {
if ($config['multiupload_limit'] <= 0 || $config['multiupload_limit'] == '') {
$config['multiupload_limit'] = 0;
}
}
if (!check_value(chevereto_config('file_naming')) || !in_array(chevereto_config('file_naming'), array('original', 'random', 'mixed'))) {
$config['file_naming'] = 'original';
}
if (!is_numeric($config['multiupload_limit']) && !is_bool($config['multiupload_limit'])) {
$install_errors[] = 'Invalid multiupload limit value in <code>$config[\'multiupload_limit\']</code>';
}
if ($config['multiupload_limit'] > 100) {
$install_errors[] = 'Multiupload limit value can\'t be higher than 100 in <code>$config[\'multiupload_limit\']</code>';
}
if ($config['short_url_service'] == 'bitly') {
$bitly_status = fetch_url('http://api.bit.ly/v3/validate?x_login='******'short_url_user'] . '&x_apiKey=' . $config['short_url_keypass'] . '&apiKey=' . $config['short_url_keypass'] . '&login='******'short_url_user'] . '&format=json');
$bitly_json = json_decode($bitly_status);
if ($bitly_json->data->valid !== 1) {
$install_errors[] = 'The <a href="http://bit.ly/" target="_blank">bit.ly</a> user/api is invalid. bitly server says <code>' . $bitly_json->status_txt . '</code>. Please double check your data.';
}
}
// Facebook comments
if (use_facebook_comments() && !check_value($config['facebook_app_id'])) {
$install_errors[] = 'You are are trying to use Facebook comments but <code>$config[\'facebook_app_id\']</code> is not setted.';
}
// Virtual folders
foreach (array('virtual_folder_image', 'virtual_folder_uploaded') as $value) {
if (!check_value($config[$value])) {
$install_errors[] = '<code>$config[\'' . $value . '\']</code> is not setted.';
}
}
// Passwords
if ($config['user_password'] == $config['admin_password']) {
$install_errors[] = 'Admin and user passwords must be different. Please check <code>$config[\'admin_password\']</code> and <code>$config[\'user_password\']</code>';
}
// Flood report email?
if (check_value($config['flood_report_email']) && !check_email_address($config['flood_report_email'])) {
$install_errors[] = 'It appears that <code>$config[\'flood_report_email\']</code> has a invalid email address';
}
// Watermark
if (conditional_config('watermark_enable')) {
define('__CHV_WATERMARK_FILE__', __CHV_ROOT_DIR__ . ltrim($config['watermark_image'], '/'));
if (!is_int($config['watermark_margin'])) {
$install_errors[] = 'Watermark margin must be integer in <code>$config[\'watermark_margin\']</code>';
}
if (!is_int($config['watermark_opacity'])) {
$install_errors[] = 'Watermark opacity must be integer in <code>$config[\'watermark_opacity\']</code>';
}
if ($config['watermark_opacity'] > 100 or $config['watermark_opacity'] < 0) {
$install_errors[] = 'Watermark opacity value out of limis (' . $config['watermark_opacity'] . '). <code>$config[\'watermark_opacity\']</code> must be in the range 0 to 100';
}
// Watermark position
if (!check_value($config['watermark_position'])) {
$config['watermark_position'] = 'center center';
}
$watermark_position = explode(' ', strtolower($config['watermark_position']));
if (!isset($watermark_position[1])) {
$watermark_position[1] = 'center';
}
if (preg_match('/^left|center|right$/', $watermark_position[0])) {
$config['watermark_x_position'] = $watermark_position[0];
} else {
$install_errors[] = 'Invalid watermark horizontal position in <code>$config[\'watermark_position\']</code>';
}
if (preg_match('/^top|center|bottom$/', $watermark_position[1])) {
$config['watermark_y_position'] = $watermark_position[1];
} else {
$install_errors[] = 'Invalid watermark vertical position in <code>$config[\'watermark_position\']</code>';
}
if (!file_exists(__CHV_WATERMARK_FILE__)) {
$install_errors[] = 'Watermark image file doesn\'t exists. Please check the path in <code>$config[\'watermark_image\']</code>';
} else {
$watermark_image_info = get_info(__CHV_WATERMARK_FILE__);
if ($watermark_image_info['mime'] !== 'image/png') {
$install_errors[] = 'Watermark image file must be a PNG image in <code>$config[\'watermark_image\']</code>';
}
}
}
// Flood limits
$flood_limits = array('minute', 'hour', 'day', 'week', 'month');
$flood_value_error = false;
foreach ($flood_limits as $value) {
if (!check_value($config['max_uploads_per_' . $value]) || !is_numeric($config['max_uploads_per_' . $value])) {
$install_errors[] = 'Invalid config value in <code>$config[\'' . $value . '\']</code>';
$flood_value_error = true;
}
}
if ($flood_value_error == false) {
$flood_lower_than = array('minute' => array('hour', 'day', 'week', 'month'), 'hour' => array('day', 'week', 'month'), 'day' => array('week', 'month'), 'week' => array('month'));
foreach ($flood_lower_than as $period => $lower_than) {
foreach ($lower_than as $value) {
if ($config['max_uploads_per_' . $period] >= $config['max_uploads_per_' . $value]) {
$install_errors[] = '<code>max_uploads_per_' . $period . '</code> must be lower than <code>max_uploads_per_' . $value . '</code>';
}
}
}
}
// dB settings
foreach (array('db_host', 'db_name', 'db_user') as $value) {
if (!check_value($config[$value])) {
$install_errors[] = '<code>$config[\'' . $value . '\']</code>';
}
}
if (count($install_errors) == 0) {
require_once __CHV_PATH_CLASSES__ . 'class.db.php';
$dB = new dB();
if ($dB->dead) {
chevereto_die('<code>' . $dB->error . '</code>', 'Database error', array('The system has encountered a error when it try to connect to the database server.', 'Please note this error and if you need help go to <a href="http://chevereto.com/support/">Chevereto support</a>.'));
} else {
// Check maintenance mode
if ($dB->get_option('maintenance') && !defined('SKIP_MAINTENANCE')) {
$config['maintenance'] = true;
}
}
}
return count($install_errors) == 0 ? true : false;
}
$imageCount = 0;
foreach ($image_dir as $image) {
if (!$image->isFile() || !in_array(strtolower(pathinfo($image, PATHINFO_EXTENSION)), array('jpg', 'png', 'gif')) || file_exists(__CHV_OLD_PATH__ . $image->getFilename())) {
continue;
}
$imageCount++;
}
return $imageCount;
}
if (!is_admin()) {
include __CHV_PATH_SYSTEM__ . 'login.php';
die;
}
/*** Require the dB ***/
if ($dB->dead) {
chevereto_die(array($dB->error), 'dB error', array('There is a problem with the dB. The error reported is:', 'Please check your dB settings in the config file, if the problem persist go to our <a href="http://chevereto.com/support">Tech Support</a> area'));
//
}
// This is actually the update tool
if (isset($_GET['ajax-update'])) {
if (!$dB->get_option('maintenance')) {
die(json_output(array('status_code' => 403, 'status_txt' => 'Maintenance mode is not enabled.')));
}
if ($_SESSION['update_info']['update_completed'] >= $_SESSION['update_info']['update_queue']) {
die(json_output(array('status_code' => 200, 'status_txt' => 'Update completed', 'completed' => '100%')));
}
if (!check_permissions(array(__CHV_OLD_PATH__))) {
die('Wrong permissions in ' . __CHV_OLD_PATH__);
}
define('__CHV_PATH_THUMBS__', __CHV_ROOT_DIR__ . $config['folder_thumbs'] . '/');
$image_dir = new DirectoryIterator(__CHV_PATH_IMAGES__);
