<?php
/**
* Root-level include that handles all user requests.
* @package core
*/
// force UTF-8 Ø
/*** Request Handler **********************
******************************************/
// This is the main top-level action handler for user requests. It parses a
// request, validates the input, loads the appropriate objects, and sets
// the context. All that is done in functions-controller.php.
zp_load_gallery();
// load the gallery and set the context to be on the front-end
$zp_request = zp_load_request();
// handle any passwords that might have been posted
if (!zp_loggedin()) {
zp_handle_password();
}
// Handle any comments that might be posted.
$_zp_comment_error = zp_apply_filter('handle_comment', false);
/*** Consistent URL redirection ***********
******************************************/
// Check to see if we use mod_rewrite, but got a query-string request for a page.
// If so, redirect with a 301 to the correct URL.
// This is mostly helpful for SEO, but also for users. Consistent URLs are a Good Thing.
fix_path_redirect();
}
$albumobj = newAlbum($album8, true, true);
$imageobj = newImage($albumobj, $image8, true);
$args = getImageArgs($_GET);
$args[0] = 'FULL';
$adminrequest = $args[12];
if ($forbidden = getOption('image_processor_flooding_protection') && (!isset($_GET['check']) || $_GET['check'] != sha1(HASH_SEED . serialize($args)))) {
// maybe it was from the tinyZenpage javascript which does not know better!
zp_session_start();
$forbidden = !isset($_SESSION['adminRequest']) || $_SESSION['adminRequest'] != @$_COOKIE['zp_user_auth'];
}
$args[0] = 'FULL';
$hash = getOption('protected_image_password');
if (($hash || !$albumobj->checkAccess()) && !zp_loggedin(VIEW_FULLIMAGE_RIGHTS)) {
// handle password form if posted
zp_handle_password('zp_image_auth', getOption('protected_image_password'), getOption('protected_image_user'));
//check for passwords
$authType = 'zp_image_auth';
$hint = get_language_string(getOption('protected_image_hint'));
$show = getOption('protected_image_user');
if (empty($hash)) {
// check for album password
$hash = $albumobj->getPassword();
$authType = "zp_album_auth_" . $albumobj->getID();
$hint = $albumobj->getPasswordHint();
$show = $albumobj->getUser();
if (empty($hash)) {
$albumobj = $albumobj->getParent();
while (!is_null($albumobj)) {
$hash = $albumobj->getPassword();
$authType = "zp_album_auth_" . $albumobj->getID();
if (empty($item) || !extensionEnabled('downloadList')) {
if (TEST_RELEASE) {
zp_error(gettext('Forbidden'));
} else {
header("HTTP/1.0 403 " . gettext("Forbidden"));
header("Status: 403 " . gettext("Forbidden"));
exitZP();
// terminate the script with no output
}
}
$hash = getOption('downloadList_password');
if (GALLERY_SECURITY != 'public' || $hash) {
// credentials required to download
if (!zp_loggedin(getOption('downloadList_rights') ? FILES_RIGHTS : ALL_RIGHTS)) {
$user = getOption('downloadList_user');
zp_handle_password('download_auth', $hash, $user);
if (!empty($hash) && zp_getCookie('download_auth') != $hash) {
$show = $user ? true : NULL;
$hint = '';
if (!empty($hash)) {
$hint = get_language_string(getOption('downloadList_hint'));
}
if (isset($_GET['albumzip'])) {
$item .= '&albumzip';
}
printPasswordForm($hint, true, $show, '?download=' . $item);
exitZP();
}
}
}
if (isset($_GET['albumzip'])) {