function __construct($array) { global $dB; $this->dB = $dB; $id = $array['id']; $action = $array['action']; $this->resize_width = intval($array['resize_width']); $this->rename_name = sanitize($array['rename_name'], false); if (!check_value($id) || !preg_match("/^\\d+\$/", $id)) { $this->error = "invalid image id"; } else { if (!check_value($action) || !preg_match("/^(rename|delete|resize)\$/", $action)) { $this->error = "invalid action"; } } if (!check_value($this->error)) { switch ($action) { case 'rename': if (empty($this->rename_name)) { $this->error = "invalid rename value"; } break; case 'resize': if (!preg_match("/^\\d+\$/", $array['resize_width'])) { $this->error = "invalid resize width"; } break; } } if (!check_value($this->error)) { // Test connection if ($this->dB->dead) { $this->dead = true; $this->error = $this->dB->error; } else { $this->id = $id; $this->action = $action; // get image info $this->image_info = $this->dB->image_info($id); if (!is_array($this->image_info)) { // Record? $this->dead = true; $this->error = $this->dB->error; } else { $this->image_name = $this->image_info['image_name']; $this->image_type = $this->image_info['image_type']; $image_target = get_image_target($this->image_info); $this->image_target = $image_target['image_path']; $this->image_thumb_target = $image_target['image_thumb_path']; } } } else { $this->dead = true; } }
/** * proccess_request * Process the request for the public area */ private function proccess_request() { global $lang; $this->template = 404; // Default template $this->pages = $this->get_pages(); // get theme pages // Prepare te request array to use the legacy request (?v=file.ext) if (check_value($_GET['v']) && preg_match("/^\\w*\\.jpg|png|gif\$/", $_GET['v'])) { $this->base_request = '?' . $this->request_array[1]; unset($this->request_array[1]); } @session_start(); if (count($_SESSION['ImagesUp']) > 0) { $_SESSION['ImagesUp'] = array_values($_SESSION['ImagesUp']); self::$uploaded = true; } if (chevereto_config('maintenance')) { $this->base_request = 'maintenance'; } // Switch according the request switch ($this->base_request) { case '': case 'index.php': @session_start(); $_SESSION['last_upload_request'] = time(); $this->template = 'index'; break; case 'json': json_prepare(); // Do a special trick for the json action=login if ($_REQUEST['action'] == 'login') { // Check for user match... $login_user = login_user($_REQUEST['password'], $_REQUEST['keep']); if ($login_user !== false) { $json_array = array('status_code' => 200, 'status_txt' => 'logged in'); } else { $json_array = array('status_code' => 403, 'status_txt' => 'invalid login'); } } elseif ($_REQUEST['action'] == 'logout') { do_logout(); $json_array = array('status_code' => 200, 'status_txt' => 'logged out'); } $json_array = check_value($json_array) ? $json_array : array('status' => 403, 'status_txt' => 'unauthorized'); session_write_close(); die(json_output($json_array)); break; case __CHV_VIRTUALFOLDER_IMAGE__: // View request $id_public = $this->request_array[1]; $this->template = !is_upload_result() ? 'view' : 'uploaded'; self::$is_viewer = true; break; case __CHV_VIRTUALFOLDER_UPLOADED__: @session_start(); if (count($_SESSION['ImagesUp']) > 0) { $this->template = 'uploaded'; self::$doctitle = $lang['doctitle_upload_complete']; } else { $this->redirect(__CHV_BASE_URL__, 400); } break; case 'error-javascript': chevereto_die(array(get_lang_txt('critical_js_step_1'), get_lang_txt('critical_js_step_2')), 'JavaScript', array(get_lang_txt('critical_js'))); break; case '?chevereto': $this->template = 'bool'; break; // Legacy viewer // Legacy viewer case '?v=' . $_GET['v']: // View request $id_public = $_GET['v']; $this->legacy_redirect = true; break; case 'delete': case 'delete-confirm': //$delete_what = $this->request_array[1]; $id_public = $this->request_array[2]; $deleteHash = $this->request_array[3]; $this->template = $this->base_request; self::$is_viewer = true; break; case 'maintenance': $this->template = 'maintenance'; self::$doctitle = chevereto_config('doctitle'); break; default: // Pages request require_once $this->path_theme . 'pages/pages_config.php'; // We load the special pages config if (in_array($this->base_request . '.php', $this->pages) and $this->request_array[1] == '' and $pages_config[$this->base_request]['live']) { $this->template = 'pages/' . $this->base_request; self::$doctitle = $pages_config[$this->base_request]['title']; } else { $this->template = 'shorturl'; $id_public = $this->base_request; self::$is_viewer = true; } break; } // Ask for the login on index and pages if ($this->template == 'index' || $this->template == 'pages/' . $this->base_request) { if (conditional_config('private_mode')) { if (!is_logged_user()) { $doctitle = get_lang_txt('txt_enter_password') . ' - ' . chevereto_config('doctitle'); include __CHV_PATH_SYSTEM__ . 'login.php'; die; } } } if ($this->template == 'uploaded') { self::$doctitle = get_lang_txt('doctitle_upload_complete'); self::$image_info = $_SESSION['ImagesUp'][0]; self::$uploaded_images = $_SESSION['ImagesUp']; $_SESSION['ImagesUp'] = NULL; unset($_SESSION['ImagesUp']); } if (preg_match('/view|shorturl|delete/', $this->template) || $this->legacy_redirect) { // Test connection if ($this->dB->dead) { self::$doctitle = 'dB connection error'; $this->template = 404; } else { // get image info $imageID = $this->legacy_redirect ? $id_public : decodeID($id_public); self::$image_info = $this->dB->image_info($imageID); self::$id_public = $id_public; if (!is_array(self::$image_info)) { // Record? if ($this->template == 'delete-confirm') { json_output(array('status_code' => 403, 'status_txt' => 'target image doesn\'t exists')); } else { $this->template = 404; } } else { if ($this->legacy_redirect) { $this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . encodeID(self::$image_info['image_id']), 301); } $target = get_image_target(self::$image_info); self::$image_target = $target['image_path']; self::$image_thumb_target = $target['image_thumb_path']; self::$image_url = absolute_to_url($target['image_path']); self::$image_thumb_url = absolute_to_url($target['image_thumb_path']); self::$image_filename = self::$image_info['image_filename']; self::$image_viewer = __CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . $id_public; self::$delete_image_url = __CHV_BASE_URL__ . 'delete/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash']; $image_delete_proceed = !empty(self::$image_info['image_delete_hash']) && $deleteHash === self::$image_info['image_delete_hash'] ? true : false; switch ($this->template) { case 'delete': if (!$image_delete_proceed) { $this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . self::$id_public, 301); } self::$delete_image_confirm_url = __CHV_BASE_URL__ . 'delete-confirm/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash']; self::$doctitle = get_lang_txt('doctitle_delete_confirm') . ' ' . self::$image_info['image_filename']; break; case 'delete-confirm': if (!$image_delete_proceed) { json_output(array('status_code' => 403, 'status_txt' => 'invalid delete hash')); } else { require_once __CHV_PATH_ADMIN_CLASSES__ . 'class.manage.php'; $manage = new Manage(array('id' => self::$image_info['image_id'], 'action' => 'delete')); if ($manage->dead) { $json_array = array('status_code' => 403, 'status_txt' => $manage->error); } else { $json_array = $manage->process(); } } // Make the status_txt more readable... switch ($json_array['status_code']) { case 200: $json_array['status_txt'] = get_lang_txt('txt_image_deleted'); break; default: case 403: $json_array['status_txt'] = get_lang_txt('txt_error_deleting_image'); break; } json_output($json_array); break; default: self::$doctitle = get_lang_txt('doctitle_viewing_image') . ' ' . self::$image_info['image_filename']; break; } } } } if ($this->template == 404) { status_header(404); self::$doctitle = check_value(self::$doctitle) ? self::$doctitle : get_lang_txt('txt_404_title'); } else { status_header(200); } // We load the template if ($this->template == 'bool') { exit(json_encode(true)); } else { $this->load_template(); } }
/** * getlist * get the filelist according to the params * * @param string * @return mixed */ private function getlist($type, $order_sort, $limit, $keyword) { // Defaults if (!preg_match('/jpg|png|gif|all/', $type)) { $type = 'all'; } if (!check_value($order_sort)) { $order_sort = 'date_desc'; } if (!check_value($limit)) { $limit = 50; } // Type cleaning if ($type == 'all') { $type_qry = ''; } else { $types = explode(',', $type); $types_qry = array(); foreach ($types as $type_qry) { if (!in_array($type_qry, array('jpg', 'png', 'gif', 'all'))) { continue; // Continue (and warn)... } $types_qry[] = "'" . $type_qry . "'"; } $sql_types = implode(',', $types_qry); $type_qry = "WHERE image_type IN ({$sql_types})"; } // Order sort $ordersort = explode("_", $order_sort); $order = strtolower($ordersort[0]); $sort = strtolower($ordersort[1]); // Order clean if (!in_array($order, array('date', 'size'))) { $order = "date"; } $order = 'image_' . $order; // Sort clean if (!in_array($sort, array('asc', 'desc'))) { $sort = "desc"; } // Limits clean $limits = explode(',', $limit); $limits_qry = array(); if (count($limits) > 1) { for ($i = 0; $i <= 1; ++$i) { // Allow only two limits $limits_qry[] = intval($limits[$i]); } $sql_limits = implode(',', $limits_qry); } else { $sql_limits = intval($limit); } $base_qry = "SELECT * FROM chv_images LEFT JOIN chv_storages ON chv_images.storage_id = chv_storages.storage_id {$type_qry}"; $prepare = array(); if (check_value($keyword)) { $prepare[':keyword'] = "%{$keyword}%"; $keyword_qry = check_value($type_qry) ? "AND" : "WHERE" . " chv_images.image_name LIKE :keyword"; } $results = $this->dB->query_fetch("SELECT * FROM chv_images LEFT JOIN chv_storages ON chv_images.storage_id = chv_storages.storage_id {$type_qry} {$keyword_qry} ORDER BY {$order} {$sort} LIMIT {$sql_limits}", $prepare); if (is_array($results)) { // Now we got the results: Fix the result array in something actually usable $output = array(); foreach ($results as $result) { foreach ($result as $filevalues) { $file_array = $result; $image_target = get_image_target($file_array); // if the image doesn't exits remove it from the dB if ($this->dB->must_delete_image_record($file_array['image_id'], $image_target)) { unset($output['"' . $file_array['image_id'] . '"']); continue 2; } // Recreate the thumb recreate_thumb($image_target); $filename = $file_array['image_name'] . '.' . $file_array['image_type']; $file_array['image_viewer'] = __CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . encodeID($file_array['image_id']); $file_array['image_size'] = format_bytes($result['image_size'], 0); $file_array['image_url'] = absolute_to_url($image_target['image_path']); $file_array['image_thumb_url'] = absolute_to_url($image_target['image_thumb_path']); $file_array['image_shorturl'] = __CHV_BASE_URL__ . encodeID($file_array['image_id']); $file_array['timestamp'] = strtotime($file_array['image_date']); $file_array['image_date'] = date('Y-m-d', $file_array['timestamp']); } $output['"' . $file_array['image_id'] . '"'] = $file_array; // Defined as "1" instead of 1 to don't rely on browser json sort (Chrome) } return $output; } else { return $this->dB->error; } }
/** * image_info * get the image info from the dB * * @access public * @param string * @return array */ public function image_info($id) { $query = 'SELECT * FROM chv_images LEFT JOIN chv_storages ON chv_images.storage_id = chv_storages.storage_id WHERE '; // Legacy request (file.ext) if (preg_match("/(\\w*\\.)(jpg|png|gif)\$/", $id)) { $target = explode(".", $id); $query .= 'chv_images.storage_id=1 AND chv_images.image_name=? AND chv_images.image_type=?'; $query_array = array($target[0], $target[1]); } else { $query .= 'chv_images.image_id=?'; $query_array = array($id); } $imageDB = $this->query_fetch_single($query, $query_array); if (is_array($imageDB)) { $id = $imageDB['image_id']; $id_public = encodeID($id); $image_target = get_image_target($imageDB); // if the image doesn't exits remove it from the dB if ($this->must_delete_image_record($id, $image_target)) { $this->dead = true; $this->error = "file doesn't exists"; return false; } else { // Recreate the thumb recreate_thumb($image_target); // Fix the dB values just in case... $imageDB['image_width'] = intval($imageDB['image_width']); $imageDB['image_height'] = intval($imageDB['image_height']); $imageDB['image_size'] = intval($imageDB['image_size']); // Populate the array $populate = array('image_filename' => $imageDB['image_name'] . '.' . $imageDB['image_type'], 'image_id_public' => $id_public, 'image_path' => $image_target['image_path'], 'image_url' => absolute_to_url($image_target['image_path']), 'image_attr' => 'width="' . $imageDB['image_width'] . '" height="' . $imageDB['image_height'] . '"', 'image_bytes' => intval($imageDB['image_size']), 'image_size' => format_bytes($imageDB['image_size']), 'image_thumb_url' => absolute_to_url($image_target['image_thumb_path']), 'image_thumb_path' => $image_target['image_thumb_path'], 'image_thumb_width' => chevereto_config('thumb_width'), 'image_thumb_height' => chevereto_config('thumb_height'), 'image_viewer' => __CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . $id_public, 'image_shorturl' => __CHV_BASE_URL__ . $id_public, 'image_delete_url' => __CHV_BASE_URL__ . 'delete/image/' . $id_public . '/' . $imageDB['image_delete_hash'], 'image_delete_confirm_url' => __CHV_BASE_URL__ . 'delete-confirm/image/' . $id_public . '/' . $imageDB['image_delete_hash']); return array_merge($imageDB, $populate); } } else { $this->error = 'invalid id record (' . $id . ')'; return false; } }