/**
* Connect to the database server and select the database.
* @param array $config the db configuration parameters
* @param bool $errorstop set to false to omit error messages
* @return true if successful connection
*/
function db_connect($config, $errorstop = true)
{
global $_zp_DB_connection, $_zp_DB_details;
$_zp_DB_details = unserialize(DB_NOT_CONNECTED);
if (function_exists('mysqli_connect')) {
$_zp_DB_connection = @mysqli_connect($config['mysql_host'], $config['mysql_user'], $config['mysql_pass']);
} else {
$_zp_DB_connection = NULL;
}
if (!$_zp_DB_connection) {
if ($errorstop) {
zp_error(gettext('MySQLi Error: Zenphoto could not instantiate a connection.'));
}
return false;
}
$_zp_DB_details['mysql_host'] = $config['mysql_host'];
if (!$_zp_DB_connection->select_db($config['mysql_database'])) {
if ($errorstop) {
zp_error(sprintf(gettext('MySQLi Error: MySQLi returned the error %1$s when Zenphoto tried to select the database %2$s.'), $_zp_DB_connection->error, $config['mysql_database']));
}
return false;
}
$_zp_DB_details = $config;
if (array_key_exists('UTF-8', $config) && $config['UTF-8']) {
$_zp_DB_connection->set_charset("utf8");
}
// set the sql_mode to relaxed (if possible)
@$_zp_DB_connection->query('SET SESSION sql_mode="";');
return $_zp_DB_connection;
}
/**
* Connect to the database server and select the database.
* @param array $config the db configuration parameters
* @param bool $errorstop set to false to omit error messages
* @return true if successful connection
*/
function db_connect($config, $errorstop = true)
{
global $_zp_DB_connection, $_zp_DB_details;
$_zp_DB_details = unserialize(DB_NOT_CONNECTED);
if (function_exists('mysql_connect')) {
$_zp_DB_connection = @mysql_connect($config['mysql_host'], $config['mysql_user'], $config['mysql_pass']);
} else {
$_zp_DB_connection = NULL;
}
if (!$_zp_DB_connection) {
if ($errorstop) {
zp_error(sprintf(gettext('MySQL Error: ZenPhoto20 received the error %s when connecting to the database server.'), mysql_error()));
}
return false;
}
$_zp_DB_details['mysql_host'] = $config['mysql_host'];
if (!@mysql_select_db($config['mysql_database'])) {
if ($errorstop) {
zp_error(sprintf(gettext('MySQL Error: MySQL returned the error %1$s when ZenPhoto20 tried to select the database %2$s.'), mysql_error(), $config['mysql_database']));
}
return false;
}
$_zp_DB_details = $config;
if (array_key_exists('UTF-8', $config) && $config['UTF-8']) {
mysql_set_charset('utf8', $_zp_DB_connection);
}
// set the sql_mode to relaxed (if possible)
@mysql_query('SET SESSION sql_mode="";');
return $_zp_DB_connection;
}
/**
* Connect to the database server and select the database.
* @param array $config the db configuration parameters
* @param bool $errorstop set to false to omit error messages
* @return true if successful connection
*/
function db_connect($config, $errorstop = true)
{
global $_zp_DB_connection, $_zp_DB_details;
$_zp_DB_details = unserialize(DB_NOT_CONNECTED);
$_zp_DB_connection = NULL;
if ($errorstop) {
zp_error(gettext('MySQLi Error: Zenphoto could not instantiate a connection.'));
}
return false;
return $_zp_DB_connection;
}
/**
* The main query function. Runs the SQL on the connection and handles errors.
* @param string $sql sql code
* @param bool $noerrmsg set to false to supress the error message
* @return results of the sql statements
* @since 0.6
*/
function query($sql, $errorstop = true)
{
global $_zp_DB_connection, $_zp_conf_vars;
if (is_null($_zp_DB_connection)) {
db_connect();
}
// Changed this to mysql_query - *never* call query functions recursively...
$result = mysql_query($sql, $_zp_DB_connection);
if (!$result) {
if ($errorstop) {
$sql = html_encode($sql);
zp_error(sprintf(gettext('MySQL Query ( <em>%1$s</em> ) failed. MySQL returned the error <em>%2$s</em>'), $sql, mysql_error()));
}
return false;
}
return $result;
}
function __construct()
{
global $_configMutex, $_zp_conf_vars;
$_configMutex->lock();
$zp_cfg = file_get_contents(SERVERPATH . '/' . DATA_FOLDER . '/' . CONFIGFILE);
$i = strpos($zp_cfg, "\$conf['special_pages']");
$j = strpos($zp_cfg, '//', $i);
if ($i === false || $j === false) {
$conf = array('special_pages' => array());
$this->conf_vars = $conf['special_pages'];
$i = strpos($zp_cfg, '/** Do not edit below this line. **/');
if ($i === false) {
zp_error(gettext('The Zenphoto configuration file is corrupt. You will need to restore it from a backup.'));
}
$this->zp_cfg_a = substr($zp_cfg, 0, $i);
$this->zp_cfg_b = "//\n" . substr($zp_cfg, $i);
} else {
$this->zp_cfg_a = substr($zp_cfg, 0, $i);
$this->zp_cfg_b = substr($zp_cfg, $j);
eval(substr($zp_cfg, $i, $j - $i));
$this->conf_vars = $conf['special_pages'];
foreach ($_zp_conf_vars['special_pages'] as $page => $element) {
if (isset($element['option'])) {
$this->plugin_vars[$page] = $element;
}
}
}
if (OFFSET_PATH == 2) {
$old = array_keys($conf['special_pages']);
$zp_cfg = file_get_contents(SERVERPATH . '/' . ZENFOLDER . '/zenphoto_cfg.txt');
$i = strpos($zp_cfg, "\$conf['special_pages']");
$j = strpos($zp_cfg, '//', $i);
eval(substr($zp_cfg, $i, $j - $i));
$new = array_keys($conf['special_pages']);
if ($old != $new) {
//Things have changed, need to reset to defaults;
setOption('rewriteTokens_restore', 1);
$this->handleOptionSave(NULL, NULL);
setupLog(gettext('rewriteTokens restored to default'), true);
}
} else {
enableExtension('rewriteTokens', 97 | ADMIN_PLUGIN);
// plugin must be enabled for saving options
}
}
/**
* The main query function. Runs the SQL on the connection and handles errors.
* @param string $sql sql code
* @param bool $noerrmsg set to false to supress the error message
* @return results of the sql statements
* @since 0.6
*/
function query($sql, $errorstop = true)
{
global $_zp_DB_connection, $_zp_DB_last_result, $_zp_conf_vars;
if ($_zp_DB_connection == null) {
db_connect();
}
$_zp_DB_last_result = false;
try {
$_zp_DB_last_result = $_zp_DB_connection->query($sql);
return $_zp_DB_last_result;
} catch (PDOException $e) {
$_zp_DB_last_result = $e;
if (true || $noerrmsg) {
zp_error(sprintf(gettext('%1$s Error: Zenphoto received the error <em>%2$s</em> from the database server.'), DATABASE_SOFTWARE, $e->getMessage()));
}
return false;
}
}
/**
* Connect to the database server and select the database.
* @param array $config the db configuration parameters
* @param bool $errorstop set to false to omit error messages
* @return true if successful connection
*/
function db_connect($config, $errorstop = true)
{
global $_zp_DB_connection, $_zp_DB_details, $_zp_DB_last_result;
$_zp_DB_details = unserialize(DB_NOT_CONNECTED);
$_zp_DB_connection = $_zp_DB_last_result = NULL;
if (array_key_exists('UTF-8', $config) && $config['UTF-8']) {
$utf8 = ';charset=utf8';
} else {
$utf8 = false;
}
try {
$db = $config['mysql_database'];
$hostname = $config['mysql_host'];
$username = $config['mysql_user'];
$password = $config['mysql_pass'];
if (class_exists('PDO')) {
$_zp_DB_connection = new PDO("mysql:host={$hostname};dbname={$db}{$utf8}", $username, $password);
}
} catch (PDOException $e) {
$_zp_DB_last_result = $e;
if ($errorstop) {
zp_error(sprintf(gettext('MySql Error: Zenphoto received the error %s when connecting to the database server.'), $e->getMessage()));
}
$_zp_DB_connection = NULL;
return false;
}
$_zp_DB_details = $config;
if ($utf8 && version_compare(PHP_VERSION, '5.3.6', '<')) {
try {
$_zp_DB_connection->query("SET NAMES 'utf8'");
} catch (PDOException $e) {
// :(
}
}
// set the sql_mode to relaxed (if possible)
try {
$_zp_DB_connection->query('SET SESSION sql_mode="";');
} catch (PDOException $e) {
// What can we do :(
}
return $_zp_DB_connection;
}
/**
* Updates an item in the configuration file
* @param unknown_type $item
* @param unknown_type $value
* @param unknown_type $quote
*/
function updateConfigItem($item, $value, $zp_cfg, $quote = true)
{
if ($quote) {
$value = '"' . $value . '"';
}
$i = strpos($zp_cfg, $item);
if ($i === false) {
$parts = preg_split('~\\/\\*.*Do not edit below this line.*\\*\\/~', $zp_cfg);
if (isset($parts[1])) {
$zp_cfg = $parts[0] . "\$conf['" . $item . "'] = " . $value . ";\n/** Do not edit below this line. **/" . $parts[1];
} else {
zp_error(gettext('The Zenphoto configuration file is corrupt. You will need to restore it from a backup.'));
}
} else {
$i = strpos($zp_cfg, '=', $i);
$j = strpos($zp_cfg, "\n", $i);
$zp_cfg = substr($zp_cfg, 0, $i) . '= ' . $value . ';' . substr($zp_cfg, $j);
}
return $zp_cfg;
}
/**
* Constructor for class-video
*
* @param object &$album the owning album
* @param sting $filename the filename of the image
* @return Image
*/
function __construct($album, $filename, $quiet = false)
{
global $_zp_supported_images;
$msg = false;
if (!is_object($album) || !$album->exists) {
$msg = gettext('Invalid video instantiation: Album does not exist');
} else {
if (!$this->classSetup($album, $filename) || !file_exists($this->localpath) || is_dir($this->localpath)) {
$msg = gettext('Invalid video instantiation: file does not exist.');
}
}
if ($msg) {
$this->exists = false;
if (!$quiet) {
zp_error($msg, E_USER_WARNING);
}
return;
}
$alts = explode(',', extensionEnabled('class-video_videoalt'));
foreach ($alts as $alt) {
$this->videoalt[] = trim(strtolower($alt));
}
$this->sidecars = $_zp_supported_images;
$this->video = true;
$this->objectsThumb = checkObjectsThumb($this->localpath);
// This is where the magic happens...
$album_name = $album->name;
$this->updateDimensions();
$new = $this->instantiate('images', array('filename' => $filename, 'albumid' => $this->album->getID()), 'filename', true, empty($album_name));
if ($new || $this->filemtime != $this->get('mtime')) {
if ($new) {
$this->setTitle($this->displayname);
}
$this->updateMetaData();
$this->set('mtime', $this->filemtime);
$this->save();
if ($new) {
zp_apply_filter('new_image', $this);
}
}
}
/**
* Connect to the database server and select the database.
* @param bool $errorstop set to false to omit error messages
* @return true if successful connection
*/
function db_connect($errorstop = true)
{
global $_zp_DB_connection, $_zp_DB_last_result, $_zp_conf_vars;
$_zp_DB_last_result = NULL;
$db = $_zp_conf_vars['mysql_database'];
if (!is_array($_zp_conf_vars)) {
if ($errorstop) {
zp_error(gettext('The <code>$_zp_conf_vars</code> variable is not an array. Zenphoto has not been instantiated correctly.'));
}
return false;
}
try {
$hostname = $_zp_conf_vars['mysql_host'];
$username = $_zp_conf_vars['mysql_user'];
$password = $_zp_conf_vars['mysql_pass'];
$_zp_DB_connection = new PDO("mysql:host={$hostname};dbname={$db}", $username, $password);
} catch (PDOException $e) {
$_zp_DB_last_result = $e;
if ($errorstop) {
zp_error(sprintf(gettext('MySql Error: Zenphoto received the error <em>%s</em> when connecting to the database server.'), $e->getMessage()));
}
return false;
}
if (array_key_exists('UTF-8', $_zp_conf_vars) && $_zp_conf_vars['UTF-8']) {
try {
$_zp_DB_connection->query("SET NAMES 'utf8'");
} catch (PDOException $e) {
// :(
}
}
// set the sql_mode to relaxed (if possible)
try {
$_zp_DB_connection->query('SET SESSION sql_mode="";');
} catch (PDOException $e) {
// What can we do :(
}
return $_zp_DB_connection;
}
/**
* Connect to the database server and select the database.
* @param bool $errorstop set to false to omit error messages
* @return true if successful connection
*/
function db_connect($errorstop = true)
{
global $_zp_DB_connection, $_zp_DB_last_result, $_zp_conf_vars;
$_zp_DB_last_result = NULL;
$db = $_zp_conf_vars['mysql_database'];
if (!is_array($_zp_conf_vars)) {
if ($errorstop) {
zp_error(gettext('The <code>$_zp_conf_vars</code> variable is not an array. Zenphoto has not been instantiated correctly.'));
}
return false;
}
if (empty($folder) || $folder == 'localhost') {
$folder = dirname(dirname(__FILE__)) . '/zp-data/';
} else {
$folder = str_replace($_zp_conf_vars['mysql_host'], '\\', '/');
if (substr($folder, -1, 1) != '/') {
$folder .= '/';
}
}
try {
$_zp_DB_connection = new PDO('sqlite:' . $folder . $_zp_conf_vars['mysql_database']);
} catch (PDOException $e) {
$_zp_DB_last_result = $e;
if ($errorstop) {
zp_error(sprintf(gettext('SQLite Error: Zenphoto received the error <em>%s</em> when connecting to the database server.'), $e->getMessage()));
}
return false;
}
try {
$_zp_DB_connection->query('PRAGMA encoding = "UTF-8"');
} catch (PDOException $e) {
if (true || $noerrmsg) {
zp_error(sprintf(gettext('%1$s Error: Zenphoto received the error <em>%2$s</em> from the database server.'), DATABASE_SOFTWARE, $e->getMessage()));
}
return false;
}
return $_zp_DB_connection;
}
/**
* The main query function. Runs the SQL on the connection and handles errors.
* @param string $sql sql code
* @param bool $noerrmsg set to true to supress the error message
* @return results of the sql statements
* @since 0.6
*/
function query($sql, $noerrmsg = false)
{
global $mysql_connection, $_zp_query_count, $_zp_conf_vars;
if ($mysql_connection == null) {
db_connect();
}
$result = mysql_query($sql, $mysql_connection);
if (!$result) {
if ($noerrmsg) {
return false;
} else {
$sql = sanitize($sql, 3);
$error = sprintf(gettext('MySQL Query ( <em>%1$s</em> ) failed. Error: %2$s'), $sql, mysql_error());
// Changed this to mysql_query - *never* call query functions recursively...
if (!mysql_query("SELECT 1 FROM " . prefix('albums') . " LIMIT 0", $mysql_connection)) {
$error .= "<br />" . gettext("It looks like your zenphoto tables haven't been created.") . ' ' . sprintf(gettext('You may need to run <a href="%s/%s/setup.php">the setup script.</a>'), WEBPATH, ZENFOLDER);
}
zp_error($error);
return false;
}
}
$_zp_query_count++;
return $result;
}
<?php
echo "\n</head>";
?>
<body>
<?php
$checkarray_images = array(gettext('*Bulk actions*') => 'noaction', gettext('Delete') => 'deleteall', gettext('Set to published') => 'showall', gettext('Set to unpublished') => 'hideall', gettext('Add tags') => 'addtags', gettext('Clear tags') => 'cleartags', gettext('Disable comments') => 'commentsoff', gettext('Enable comments') => 'commentson', gettext('Change owner') => 'changeowner');
if (extensionEnabled('hitcounter')) {
$checkarray_images['Reset hitcounter'] = 'resethitcounter';
}
$checkarray_images = zp_apply_filter('bulk_image_actions', $checkarray_images);
// Create our album
if (!isset($_GET['album'])) {
zp_error(gettext("No album provided to sort."));
} else {
// Layout the page
printLogoAndLinks();
?>
<div id="main">
<?php
printTabs();
?>
<div id="content">
<?php
zp_apply_filter('admin_note', 'albums', 'sort');
if ($album->getParent()) {
$link = getAlbumBreadcrumbAdmin($album);
} else {
$query['albumzip'] = 'true';
if ($fromcache) {
$query['fromcache'] = 'true';
}
$link = FULLWEBPATH . '/' . preg_replace('~^' . WEBPATH . '/~', '', $request['path']) . '?' . http_build_query($query);
echo '<a href="' . html_encode($link) . '" rel="nofollow" class="downloadlist_link">' . html_encode($file) . '</a>' . $filesize;
}
}
/**
* Process any download requests
*/
if (isset($_GET['download'])) {
$item = sanitize($_GET['download']);
if (empty($item) || !extensionEnabled('downloadList')) {
if (TEST_RELEASE) {
zp_error(gettext('Forbidden'));
} else {
header("HTTP/1.0 403 " . gettext("Forbidden"));
header("Status: 403 " . gettext("Forbidden"));
exitZP();
// terminate the script with no output
}
}
$hash = getOption('downloadList_password');
if (GALLERY_SECURITY != 'public' || $hash) {
// credentials required to download
if (!zp_loggedin(getOption('downloadList_rights') ? FILES_RIGHTS : ALL_RIGHTS)) {
$user = getOption('downloadList_user');
zp_handle_password('download_auth', $hash, $user);
if (!empty($hash) && zp_getCookie('download_auth') != $hash) {
$show = $user ? true : NULL;
mkdir($uploaddir, CHMOD_VALUE);
}
@chmod($uploaddir, CHMOD_VALUE);
$album = new Album($gallery, $folder);
if ($album->exists) {
if (!isset($_POST['publishalbum'])) {
$album->setShow(false);
}
$title = sanitize($_POST['albumtitle'], 2);
if (!empty($title) && $newAlbum) {
$album->setTitle($title);
}
$album->save();
} else {
$AlbumDirName = str_replace(SERVERPATH, '', $gallery->albumdir);
zp_error(gettext("The album couldn't be created in the 'albums' folder. This is usually a permissions problem. Try setting the permissions on the albums and cache folders to be world-writable using a shell:") . " <code>chmod 777 " . $AlbumDirName . CACHEFOLDER . "</code>, " . gettext("or use your FTP program to give everyone write permissions to those folders."));
}
$error = false;
foreach ($_FILES['files']['error'] as $key => $error) {
if ($_FILES['files']['name'][$key] == "") {
continue;
}
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES['files']['tmp_name'][$key];
$name = $_FILES['files']['name'][$key];
$soename = UTF8toFilesystem(seoFriendlyURL($name));
if (is_valid_image($name) || is_valid_other_type($name)) {
$uploadfile = $uploaddir . '/' . $soename;
move_uploaded_file($tmp_name, $uploadfile);
@chmod($uploadfile, 0666 & CHMOD_VALUE);
$image = newImage($album, $soename);
$path_info = pathinfo($file);
$themefiles_to_ext[$path_info['extension']][] = $file;
// array(['php']=>array('file.php', 'image.php'),['css']=>array('style.css'))
} else {
unset($themefiles[$file]);
// $themefile will eventually have all editable files and nothing else
}
}
// Check that the theme is valid to edit
if (!themeIsEditable($theme)) {
zp_error(gettext('Cannot edit this theme!'));
}
// If we're attempting to edit a file that's not a text file or that does not belong to the theme directory, this is an illegal attempt
if ($file_to_edit) {
if (!in_array($file_to_edit, $themefiles) or !isTextFile($file_to_edit) or filesize($file_to_edit) == 0) {
zp_error(gettext('Cannot edit this file!'));
}
}
// realpath() to take care of ../../file.php schemes, str_replace() to sanitize Win32 filenames
// Handle POST that updates a file
if (isset($_POST['action']) && $_POST['action'] == 'edit_file' && $file_to_edit) {
XSRFdefender('edit_theme');
$file_content = sanitize($_POST['newcontent'], 0);
$theme = urlencode($theme);
if (is_writeable($file_to_edit)) {
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
$f = @fopen($file_to_edit, 'w+');
if ($f !== FALSE) {
@fwrite($f, $file_content);
fclose($f);
clearstatcache();
function __construct($p_zipname)
{
// ----- Tests the zlib
if (!function_exists('gzopen')) {
zp_error('Abort ' . basename(__FILE__) . ' : Missing zlib extensions');
}
// ----- Set the attributes
$this->zipname = $p_zipname;
$this->zip_fd = 0;
$this->magic_quotes_status = -1;
// ----- Return
return;
}
/**
* Load all of the filenames that are found in this Albums directory on disk.
* Returns an array with all the names.
*
* @param $dirs Whether or not to return directories ONLY with the file array.
* @return array
*/
protected function loadFileNames($dirs = false)
{
clearstatcache();
$albumdir = $this->localpath;
$dir = @opendir($albumdir);
if (!$dir) {
if (is_dir($albumdir)) {
$msg = sprintf(gettext("Error: The album %s is not readable."), html_encode($this->name));
} else {
$msg = sprintf(gettext("Error: The album named %s cannot be found."), html_encode($this->name));
}
zp_error($msg, E_USER_WARNING);
return array();
}
$files = array();
$others = array();
while (false !== ($file = readdir($dir))) {
$file8 = filesystemToInternal($file);
if (@$file8[0] != '.') {
if ($dirs && (is_dir($albumdir . $file) || hasDynamicAlbumSuffix($file))) {
$files[] = $file8;
} else {
if (!$dirs && is_file($albumdir . $file)) {
if ($handler = Gallery::imageObjectClass($file)) {
$files[] = $file8;
if ($handler !== 'Image') {
$others[] = $file8;
}
}
}
}
}
}
closedir($dir);
if (count($others) > 0) {
$others_thumbs = array();
foreach ($others as $other) {
$others_root = substr($other, 0, strrpos($other, "."));
foreach ($files as $image) {
if ($image != $other) {
$image_root = substr($image, 0, strrpos($image, "."));
if ($image_root == $others_root && Gallery::imageObjectClass($image) == 'Image') {
$others_thumbs[] = $image;
}
}
}
}
$files = array_diff($files, $others_thumbs);
}
if ($dirs) {
return zp_apply_filter('album_filter', $files);
} else {
return zp_apply_filter('image_filter', $files);
}
}
/**
* Save the updates made to this object since the last update. Returns
* true if successful, false if not.
*/
function save()
{
if ($this->transient) {
return false;
}
// If this object isn't supposed to be persisted, don't save it.
if (!$this->unique_set) {
// If we don't have a unique set, then this is incorrect. Don't attempt to save.
zp_error('empty $this->unique set is empty');
return false;
}
if (!$this->id) {
$this->setDefaults();
// Create a new object and set the id from the one returned.
$insert_data = array_merge($this->unique_set, $this->updates, $this->tempdata);
if (empty($insert_data)) {
return true;
}
$i = 0;
$cols = $vals = '';
foreach ($insert_data as $col => $value) {
if ($i > 0) {
$cols .= ", ";
}
$cols .= "`{$col}`";
if ($i > 0) {
$vals .= ", ";
}
if (is_null($value)) {
$vals .= "NULL";
} else {
$vals .= db_quote($value);
}
$i++;
}
$sql = 'INSERT INTO ' . prefix($this->table) . ' (' . $cols . ') VALUES (' . $vals . ')';
$success = query($sql);
if (!$success || db_affected_rows() != 1) {
return false;
}
foreach ($insert_data as $key => $value) {
// copy over any changes
$this->data[$key] = $value;
}
$this->data['id'] = $this->id = (int) db_insert_id();
// so 'get' will retrieve it!
$this->loaded = true;
$this->updates = array();
$this->tempdata = array();
} else {
// Save the existing object (updates only) based on the existing id.
if (empty($this->updates)) {
return true;
} else {
$sql = 'UPDATE ' . prefix($this->table) . ' SET';
$i = 0;
foreach ($this->updates as $col => $value) {
if ($i > 0) {
$sql .= ",";
}
if (is_null($value)) {
$sql .= " `{$col}` = NULL";
} else {
$sql .= " `{$col}` = " . db_quote($value);
}
$this->data[$col] = $value;
$i++;
}
$sql .= ' WHERE id=' . $this->id . ';';
$success = query($sql);
if (!$success || db_affected_rows() != 1) {
return false;
}
foreach ($this->updates as $key => $value) {
$this->data[$key] = $value;
}
$this->updates = array();
}
}
zp_apply_filter('save_object', true, $this);
$this->addToCache($this->data);
return true;
}
/**
* "Rewrite" handling for zenphoto
*
* The basic rules are found in the zenphoto-rewrite.txt file. Additional rules can be provided by plugins. But
* for the plugin to load in time for the rules to be seen it must be either a CLASS_PLUGIN or a FEATURE_PLUGIN.
* Plugins add rules by inserting them into the $_zp_conf_vars['special_pages'] array. Each "rule" is an array
* of three elements: <var>define</var>, <var>rewrite</var>, and (optionally) <var>rule</rule>.
*
* Elemments which have a <var>define</var> and no <var>rule</rule> are processed by rewrite rules in the
* zenphoto-rewrite.txt file and the <var>define</var> is used internally to zenphoto to reference
* the rewrite text when building links.
*
* Elements with a <var>rule</rule> defined are processed after Search, Pages, and News rewrite rules and before
* Image and album rewrite rules. The tag %REWRITE% in the rule is replaced with the <var>rewrite</var> text
* before processing the rule. Thus <var>rewrite</var> is the token that should appear in the acutal URL.
*
* It makes no sense to have an element without either a <var>define</var> or a <var>rule</rule> as nothing will happen.
*
* At present all rules are presumed to to stop processing the rule set. Historically that is what all our rules have done, but I suppose
* we could change that. The "R" flag may be used to cause a <var>header</var> status to be sent. However, we do not redirect
* back to index.php, so the "R" flag is only useful if the target is a different script.
*
* @author Stephen Billard (sbillard)
*
* @package admin
*/
function rewriteHandler()
{
global $_zp_conf_vars, $_zp_rewritten;
$_zp_rewritten = false;
$definitions = array();
// query parameters should already be loaded into the $_GET and $_REQUEST arrays, so we discard them here
$request = explode('?', getRequestURI());
//rewrite base
$requesturi = ltrim(substr($request[0], strlen(WEBPATH)), '/');
list($definitions, $rules) = getRules();
//process the rules
foreach ($rules as $rule) {
if ($rule = trim($rule)) {
if ($rule[0] != '#') {
if (preg_match('~^rewriterule~i', $rule)) {
// it is a rewrite rule, see if it is applicable
$rule = strtr($rule, $definitions);
preg_match('~^rewriterule\\s+(.*?)\\s+(.*?)\\s*\\[(.*)\\]$~i', $rule, $matches);
if (array_key_exists(1, $matches)) {
if (preg_match('~' . $matches[1] . '~', $requesturi, $subs)) {
$params = array();
// setup the rule replacement values
foreach ($subs as $key => $sub) {
$params['$' . $key] = urlencode($sub);
// parse_str is going to decode the string!
}
// parse rewrite rule flags
$flags = array();
$banner = explode(',', strtoupper($matches[3]));
foreach ($banner as $flag) {
$flag = strtoupper(trim($flag));
$f = explode('=', $flag);
$flags[trim($f[0])] = isset($f[1]) ? trim($f[1]) : NULL;
}
if (!array_key_exists('QSA', $flags)) {
// QSA means merge the query parameters. Otherwise we clear them
$_REQUEST = array_diff($_REQUEST, $_GET);
$_GET = array();
}
preg_match('~(.*?)\\?(.*)~', $matches[2], $action);
if (empty($action)) {
$action[1] = $matches[2];
}
if (array_key_exists(2, $action)) {
// process the rules replacements
$query = strtr($action[2], $params);
parse_str($query, $gets);
$_GET = array_merge($_GET, $gets);
$_REQUEST = array_merge($_REQUEST, $gets);
}
// we will execute the index.php script in due course. But if the rule
// action takes us elsewhere we will have to re-direct to that script.
if (isset($action[1]) && $action[1] != 'index.php') {
$qs = http_build_query($_GET);
if ($qs) {
$qs = '?' . $qs;
}
if (array_key_exists('R', $flags)) {
header('Status: ' . $flags['R']);
}
header('Location: ' . WEBPATH . '/' . $action[1] . $qs);
exit;
}
$_zp_rewritten = true;
break;
}
} else {
zp_error(sprintf(gettext('Error processing rewrite rule: “%s”'), trim(preg_replace('~^rewriterule~i', '', $rule))), E_USER_WARNING);
}
} else {
if (preg_match('~define\\s+(.*?)\\s*\\=\\>\\s*(.*)$~i', $rule, $matches)) {
// store definitions
eval('$definitions[$matches[1]] = ' . $matches[2] . ';');
}
}
}
}
}
}
/**
* Load all of the filenames that are found in this Albums directory on disk.
* Returns an array with all the names.
*
* @param $dirs Whether or not to return directories ONLY with the file array.
* @return array
*/
function loadFileNames($dirs = false)
{
if ($this->isDynamic()) {
// there are no 'real' files
return array();
}
$albumdir = $this->localpath;
if (!is_dir($albumdir) || !is_readable($albumdir)) {
if (!is_dir($albumdir)) {
$msg = sprintf(gettext("Error: The album named %s cannot be found."), $this->name);
} else {
$msg = sprintf(gettext("Error: The album %s is not readable."), $this->name);
}
zp_error($msg, false);
return array();
}
$dir = opendir($albumdir);
$files = array();
$others = array();
while (false !== ($file = readdir($dir))) {
$file8 = filesystemToInternal($file);
if ($dirs && (is_dir($albumdir . $file) && substr($file, 0, 1) != '.' || hasDynamicAlbumSuffix($file))) {
$files[] = $file8;
} else {
if (!$dirs && is_file($albumdir . $file)) {
if (is_valid_other_type($file)) {
$files[] = $file8;
$others[] = $file8;
} else {
if (is_valid_image($file)) {
$files[] = $file8;
}
}
}
}
}
closedir($dir);
if (count($others) > 0) {
$others_thumbs = array();
foreach ($others as $other) {
$others_root = substr($other, 0, strrpos($other, "."));
foreach ($files as $image) {
$image_root = substr($image, 0, strrpos($image, "."));
if ($image_root == $others_root && $image != $other && is_valid_image($image)) {
$others_thumbs[] = $image;
}
}
}
$files = array_diff($files, $others_thumbs);
}
if ($dirs) {
return zp_apply_filter('album_filter', $files);
} else {
return zp_apply_filter('image_filter', $files);
}
}
/**
* Load all of the albums names that are found in the Albums directory on disk.
* Returns an array containing this list.
*
* @return array
*/
private function loadAlbumNames()
{
$albumdir = $this->getAlbumDir();
$dir = opendir($albumdir);
if (!$dir) {
if (!is_dir($albumdir)) {
$msg .= sprintf(gettext('Error: The “albums” directory (%s) cannot be found.'), $this->albumdir);
} else {
$msg .= sprintf(gettext('Error: The “albums” directory (%s) is not readable.'), $this->albumdir);
}
zp_error($msg);
}
$albums = array();
while ($dirname = readdir($dir)) {
if ($dirname[0] != '.' && (is_dir($albumdir . $dirname) || hasDynamicAlbumSuffix($dirname))) {
$albums[] = filesystemToInternal($dirname);
}
}
closedir($dir);
return zp_apply_filter('album_filter', $albums);
}
/**
* Common error reporting for query errors
* @param type $sql
*/
function dbErrorReport($sql)
{
zp_error(sprintf(gettext('%1$s Error: ( %2$s ) failed. %1$s returned the error %3$s'), DATABASE_SOFTWARE, $sql, db_error()), E_USER_ERROR);
}
function editInPlace_handle_request($context = '', $field = '', $value = '', $orig_value = '')
{
// Cannot edit when context not set in current page (should happen only when editing in place from index.php page)
if (!in_context(ZP_IMAGE) && !in_context(ZP_ALBUM) && !in_context(ZP_ZENPAGE_PAGE) && !in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
die($orig_value . '<script type="text/javascript">alert("' . gettext('Oops.. Cannot edit from this page') . '");</script>');
}
// Make a copy of context object
switch ($context) {
case 'image':
global $_zp_current_image;
$object = $_zp_current_image;
break;
case 'album':
global $_zp_current_album;
$object = $_zp_current_album;
break;
case 'zenpage_page':
global $_zp_current_zenpage_page;
$object = $_zp_current_zenpage_page;
break;
case 'zenpage_news':
global $_zp_current_zenpage_news;
$object = $_zp_current_zenpage_news;
break;
default:
die(gettext('Error: malformed Ajax POST'));
}
// Dates need to be handled before stored
if ($field == 'date') {
$value = date('Y-m-d H:i:s', strtotime($value));
}
// Sanitize new value
switch ($field) {
case 'desc':
$level = 1;
break;
case 'title':
$level = 2;
break;
default:
$level = 3;
}
$value = str_replace("\n", '<br />', sanitize($value, $level));
// note: not using nl2br() here because it adds an extra "\n"
// Write new value
if ($field == '_update_tags') {
$value = trim($value, ', ');
$object->setTags($value);
} else {
$object->set($field, $value);
}
$result = $object->save();
if ($result !== false) {
echo $value;
} else {
echo '<script type="text/javascript">alert("' . gettext('Could not save!') . '");</script>' . $orig_value;
}
zp_error(gettext('Front_end_edit could not save changes!'));
}
/**
* returns the current values for the image size or its height & width
* This information comes form (in order of priority)
* 1. The posting of a radio button selection
* 2. A cookie stored from #1
* 3. The default (either as passed, or from the plugin option.)
*
* The function is used internally, so the above priority determines the
* image sizing.
*
* @param string $default the default (initial) value for the image sizing
* @param int $size The size of the image (Width and Height are NULL)
* @param int $width The width of the image (size is null)
* @param int $height The height of the image (size is null)
*/
function getViewerImageSize($default, &$size, &$width, &$height)
{
global $postdefault;
if (isset($_POST['viewer_size_image_selection']) || empty($default)) {
$msg = gettext('There is a format error in user size selection');
$validate = $postdefault;
} else {
$msg = gettext('There is a format error in your $default parameter');
$validate = $default;
}
$size = $width = $height = NULL;
preg_match_all('/(\\$[shw])[\\s]*=[\\s]*([0-9]+)/', $validate, $matches);
if ($matches) {
foreach ($matches[0] as $key => $str) {
switch ($matches[1][$key]) {
case '$s':
$size = $matches[2][$key];
break;
case '$w':
$width = $matches[2][$key];
break;
case '$h':
$height = $matches[2][$key];
break;
}
}
if (!empty($size)) {
$width = $height = NULL;
} else {
$size = NULL;
}
}
if (empty($size) && empty($width) && empty($height)) {
zp_error($msg, E_USER_NOTICE);
}
}
getSubalbumImages($folder);
}
}
$search = new SearchEngine(true);
if (isset($_POST['savealbum'])) {
XSRFdefender('savealbum');
$albumname = sanitize($_POST['album']);
if ($album = sanitize($_POST['albumselect'])) {
$albumobj = newAlbum($album);
$allow = $albumobj->isMyItem(ALBUM_RIGHTS);
} else {
$allow = zp_loggedin(MANAGE_ALL_ALBUM_RIGHTS);
}
if (!$allow) {
if (!zp_apply_filter('admin_managed_albums_access', false, $return)) {
zp_error(gettext("You do not have edit rights on this album."));
}
}
if ($_POST['create_tagged'] == 'static') {
$unpublished = isset($_POST['return_unpublished']);
$_POST['return_unpublished'] = true;
// state is frozen at this point, so unpublishing should not impact
$words = sanitize($_POST['album_tag']);
$searchfields[] = 'tags_exact';
// now tag each element
if (isset($_POST['return_albums'])) {
$subalbums = $search->getAlbums(0);
foreach ($subalbums as $analbum) {
$albumobj = newAlbum($analbum);
if ($unpublished || $albumobj->getShow()) {
$tags = array_unique(array_merge($albumobj->getTags(), array($words)));
/**
* Gets the feed items
*
* @return array
*/
public function getitems()
{
global $_zp_CMS;
switch ($this->feedtype) {
case 'gallery':
if ($this->mode == "albums") {
$items = getAlbumStatistic($this->itemnumber, $this->sortorder, $this->albumfolder, 0, $this->sortdirection);
} else {
$items = getImageStatistic($this->itemnumber, $this->sortorder, $this->albumfolder, $this->collection, 0, $this->sortdirection);
}
break;
case 'news':
switch ($this->newsoption) {
case "category":
if ($this->sortorder) {
$items = getZenpageStatistic($this->itemnumber, 'categories', $this->sortorder, $this->sortdirection);
} else {
$items = getLatestNews($this->itemnumber, $this->catlink, false, $this->sortdirection);
}
break;
default:
case "news":
if ($this->sortorder) {
$items = getZenpageStatistic($this->itemnumber, 'news', $this->sortorder, $this->sortdirection);
} else {
// Needed baceause type variable "news" is used by the feed item method and not set by the class method getArticles!
$items = getLatestNews($this->itemnumber, '', false, $this->sortdirection);
}
break;
}
break;
case "pages":
if ($this->sortorder) {
$items = getZenpageStatistic($this->itemnumber, 'pages', $this->sortorder, $this->sortdirection);
} else {
$items = $_zp_CMS->getPages(NULL, false, $this->itemnumber);
}
break;
case 'comments':
switch ($type = $this->commentfeedtype) {
case 'gallery':
$items = getLatestComments($this->itemnumber, 'all');
break;
case 'album':
$items = getLatestComments($this->itemnumber, 'album', $this->id);
break;
case 'image':
$items = getLatestComments($this->itemnumber, 'image', $this->id);
break;
case 'zenpage':
$type = 'all';
case 'news':
case 'page':
if (function_exists('getLatestZenpageComments')) {
$items = getLatestZenpageComments($this->itemnumber, $type, $this->id);
}
break;
case 'allcomments':
$items = getLatestComments($this->itemnumber, 'all');
$items_zenpage = array();
if (function_exists('getLatestZenpageComments')) {
$items_zenpage = getLatestZenpageComments($this->itemnumber, 'all', $this->id);
$items = array_merge($items, $items_zenpage);
$items = sortMultiArray($items, 'date', true);
$items = array_slice($items, 0, $this->itemnumber);
}
break;
}
break;
}
if (isset($items)) {
return $items;
}
if (TEST_RELEASE) {
zp_error(gettext('Bad ' . $this->feed . ' feed:' . $this->feedtype), E_USER_WARNING);
}
return NULL;
}
/**
* Creates a menu set from the items passed. But only if the menu set does not already exist
* @param array $menuitems items for the menuset
* array elements:
* 'type'=>menuset type
* 'title'=>title for the menu item
* 'link'=>URL or other data for the item link
* 'show'=>set to 1:"visible" or 0:"hidden",
* 'nesting'=>nesting level of this item in the menu heirarchy
*
* @param string $menuset current menuset
*/
function createMenuIfNotExists($menuitems, $menuset = 'default')
{
$count = db_count('menu', 'WHERE menuset=' . db_quote($menuset));
if ($count == 0) {
// there was not an existing menu set
require_once dirname(__FILE__) . '/menu_manager/menu_manager-admin-functions.php';
$success = 1;
$orders = array();
foreach ($menuitems as $key => $result) {
if (array_key_exists('nesting', $result)) {
$nesting = $result['nesting'];
} else {
$nesting = 0;
}
while ($nesting + 1 < count($orders)) {
array_pop($orders);
}
while ($nesting + 1 > count($orders)) {
array_push($orders, -1);
}
$result['id'] = 0;
if (isset($result['include_li'])) {
$includeli = $result['include_li'];
} else {
$includeli = 1;
}
$type = $result['type'];
switch ($type) {
case 'all_items':
$orders[$nesting]++;
query("INSERT INTO " . prefix('menu') . " (`title`,`link`,`type`,`show`,`menuset`,`sort_order`) " . "VALUES ('" . gettext('Home') . "', '" . WEBPATH . '/' . "','galleryindex','1'," . db_quote($menuset) . ',' . db_quote($orders), true);
$orders[$nesting] = addAlbumsToDatabase($menuset, $orders);
if (extensionEnabled('zenpage')) {
$orders[$nesting]++;
query("INSERT INTO " . prefix('menu') . " (title`,`link`,`type`,`show`,`menuset`,`sort_order`) " . "VALUES ('" . gettext('News index') . "', '" . getNewsIndexURL() . "','newsindex','1'," . db_quote($menuset) . ',' . db_quote(sprintf('%03u', $base + 1)), true);
$orders[$nesting] = addPagesToDatabase($menuset, $orders) + 1;
$orders[$nesting] = addCategoriesToDatabase($menuset, $orders);
}
$type = false;
break;
case 'all_albums':
$orders[$nesting]++;
$orders[$nesting] = addAlbumsToDatabase($menuset, $orders);
$type = false;
break;
case 'all_Pages':
$orders[$nesting]++;
$orders[$nesting] = addPagesToDatabase($menuset, $orders);
$type = false;
break;
case 'all_categorys':
$orders[$nesting]++;
$orders[$nesting] = addCategoriesToDatabase($menuset, $orders);
$type = false;
break;
case 'album':
$result['title'] = NULL;
if (empty($result['link'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty link.'), $key));
}
break;
case 'galleryindex':
$result['link'] = NULL;
if (empty($result['title'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty title.'), $key));
}
break;
case 'Page':
$result['title'] = NULL;
if (empty($result['link'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty link.'), $key));
}
break;
case 'newsindex':
$result['link'] = NULL;
if (empty($result['title'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty title.'), $key));
}
break;
case 'category':
$result['title'] = NULL;
if (empty($result['link'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty link.'), $key));
}
break;
case 'custompage':
if (empty($result['title']) || empty($result['link'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty title or link.'), $key));
}
break;
case 'customlink':
if (empty($result['title'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty title.'), $key));
} else {
if (empty($result['link'])) {
$result['link'] = seoFriendly(get_language_string($result['title']));
}
}
break;
case 'menulabel':
if (empty($result['title'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty title.'), $key));
}
$result['link'] = sha1($result['title']);
break;
case 'menufunction':
if (empty($result['title']) || empty($result['link'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty title or link.'), $key));
}
break;
case 'html':
if (empty($result['title']) || empty($result['link'])) {
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an empty title or link.'), $key));
}
break;
default:
$success = -1;
debugLog(sprintf(gettext('createMenuIfNotExists item %s has an invalid type.'), $key));
break;
}
if ($success > 0 && $type) {
$orders[$nesting]++;
$sort_order = '';
for ($i = 0; $i < count($orders); $i++) {
$sort_order .= sprintf('%03u', $orders[$i]) . '-';
}
$sort_order = substr($sort_order, 0, -1);
$sql = "INSERT INTO " . prefix('menu') . " (`title`,`link`,`type`,`show`,`menuset`,`sort_order`,`include_li`) " . "VALUES (" . db_quote($result['title']) . ", " . db_quote($result['link']) . "," . db_quote($result['type']) . "," . $result['show'] . "," . db_quote($menuset) . "," . db_quote($sort_order) . ",{$includeli})";
if (!query($sql, false)) {
$success = -2;
debugLog(sprintf(gettext('createMenuIfNotExists item %1$s query (%2$s) failed: %3$s.'), $key, $sql, db_error()));
}
}
}
} else {
$success = 0;
}
if ($success < 0) {
zp_error(gettext('createMenuIfNotExists has posted processing errors to your debug log.'), E_USER_NOTICE);
}
return $success;
}
/**
* Sets default values for a new album
*
* @return bool
*/
protected function setDefaults()
{
global $_zp_gallery;
if (TEST_RELEASE) {
$bt = debug_backtrace();
$good = false;
foreach ($bt as $b) {
if ($b['function'] == "newAlbum") {
$good = true;
break;
}
}
if (!$good) {
zp_error(gettext('An album object was instantiated without using the newAlbum() function.'), E_USER_WARNING);
}
}
// Set default data for a new Album (title and parent_id)
$parentalbum = NULL;
$this->setShow($_zp_gallery->getAlbumPublish());
$this->set('mtime', time());
$title = trim($this->name);
$this->set('title', sanitize($title, 2));
return true;
}
/**
* Migrates credentials
*
* @param int $oldversion
*/
function migrateAuth($to)
{
if ($to > self::$supports_version || $to < self::$preferred_version - 1) {
zp_error(sprintf(gettext('Cannot migrate rights to version %1$s (Zenphoto_Authority supports only %2$s and %3$s.)'), $to, self::$supports_version, self::$preferred_version), E_USER_NOTICE);
return false;
}
$success = true;
$oldversion = self::getVersion();
setOption('libauth_version', $to);
$this->admin_users = array();
$sql = "SELECT * FROM " . prefix('administrators') . "ORDER BY `rights` DESC, `id`";
$admins = query($sql, false);
if ($admins) {
// something to migrate
$oldrights = array();
foreach (self::getRights($oldversion) as $key => $right) {
$oldrights[$key] = $right['value'];
}
$currentrights = self::getRights($to);
while ($user = db_fetch_assoc($admins)) {
$update = false;
$rights = $user['rights'];
$newrights = $currentrights['NO_RIGHTS']['value'];
foreach ($currentrights as $key => $right) {
if ($right['display']) {
if (array_key_exists($key, $oldrights) && $rights & $oldrights[$key]) {
$newrights = $newrights | $right['value'];
}
}
}
if ($oldversion < 4) {
$newrights = $newrights | $currentrights['USER_RIGHTS']['value'];
}
if ($to >= 3 && $oldversion < 3) {
if ($rights & $oldrights['VIEW_ALL_RIGHTS']) {
$updaterights = $currentrights['ALL_ALBUMS_RIGHTS']['value'] | $currentrights['ALL_PAGES_RIGHTS']['value'] | $currentrights['ALL_NEWS_RIGHTS']['value'] | $currentrights['VIEW_SEARCH_RIGHTS']['value'] | $currentrights['VIEW_GALLERY_RIGHTS']['value'] | $currentrights['VIEW_FULLIMAGE_RIGHTS']['value'];
$newrights = $newrights | $updaterights;
}
}
if ($oldversion >= 3 && $to < 3) {
if ($oldrights['ALL_ALBUMS_RIGHTS'] || $oldrights['ALL_PAGES_RIGHTS'] || $oldrights['ALL_NEWS_RIGHTS']) {
$newrights = $newrights | $currentrights['VIEW_ALL_RIGHTS']['value'];
}
}
if ($oldversion == 1) {
// need to migrate zenpage rights
if ($rights & $oldrights['ZENPAGE_RIGHTS']) {
$newrights = $newrights | $currentrights['ZENPAGE_PAGES_RIGHTS'] | $currentrights['ZENPAGE_NEWS_RIGHTS'] | $currentrights['FILES_RIGHTS'];
}
}
if ($to >= 3) {
if ($newrights & $currentrights['ADMIN_RIGHTS']['value']) {
$newrights = $currentrights['ALL_RIGHTS']['value'];
} else {
if ($newrights & $currentrights['MANAGE_ALL_ALBUM_RIGHTS']['value']) {
// these are lock-step linked!
$newrights = $newrights | $currentrights['ALBUM_RIGHTS']['value'];
}
if ($newrights & $currentrights['MANAGE_ALL_NEWS_RIGHTS']['value']) {
// these are lock-step linked!
$newrights = $newrights | $currentrights['ZENPAGE_NEWS_RIGHTS']['value'];
}
if ($newrights & $currentrights['MANAGE_ALL_PAGES_RIGHTS']['value']) {
// these are lock-step linked!
$newrights = $newrights | $currentrights['ZENPAGE_PAGES_RIGHTS']['value'];
}
}
}
$sql = 'UPDATE ' . prefix('administrators') . ' SET `rights`=' . $newrights . ' WHERE `id`=' . $user['id'];
$success = $success && query($sql);
}
// end loop
db_free_result($admins);
}
return $success;
}
