Beispiel #1
0
<?php

/**
 * Root-level include that handles all user requests.
 * @package core
 */
// force UTF-8 Ø
/*** Request Handler **********************
 ******************************************/
// This is the main top-level action handler for user requests. It parses a
// request, validates the input, loads the appropriate objects, and sets
// the context. All that is done in functions-controller.php.
zp_load_gallery();
//	load the gallery and set the context to be on the front-end
$zp_request = zp_load_request();
// handle any passwords that might have been posted
if (!zp_loggedin()) {
    zp_handle_password();
}
// Handle any comments that might be posted.
$_zp_comment_error = zp_apply_filter('handle_comment', false);
/*** Consistent URL redirection ***********
 ******************************************/
// Check to see if we use mod_rewrite, but got a query-string request for a page.
// If so, redirect with a 301 to the correct URL.
// This is mostly helpful for SEO, but also for users. Consistent URLs are a Good Thing.
fix_path_redirect();
Beispiel #2
0
}
$albumobj = newAlbum($album8, true, true);
$imageobj = newImage($albumobj, $image8, true);
$args = getImageArgs($_GET);
$args[0] = 'FULL';
$adminrequest = $args[12];
if ($forbidden = getOption('image_processor_flooding_protection') && (!isset($_GET['check']) || $_GET['check'] != sha1(HASH_SEED . serialize($args)))) {
    // maybe it was from the tinyZenpage javascript which does not know better!
    zp_session_start();
    $forbidden = !isset($_SESSION['adminRequest']) || $_SESSION['adminRequest'] != @$_COOKIE['zp_user_auth'];
}
$args[0] = 'FULL';
$hash = getOption('protected_image_password');
if (($hash || !$albumobj->checkAccess()) && !zp_loggedin(VIEW_FULLIMAGE_RIGHTS)) {
    //	handle password form if posted
    zp_handle_password('zp_image_auth', getOption('protected_image_password'), getOption('protected_image_user'));
    //check for passwords
    $authType = 'zp_image_auth';
    $hint = get_language_string(getOption('protected_image_hint'));
    $show = getOption('protected_image_user');
    if (empty($hash)) {
        // check for album password
        $hash = $albumobj->getPassword();
        $authType = "zp_album_auth_" . $albumobj->getID();
        $hint = $albumobj->getPasswordHint();
        $show = $albumobj->getUser();
        if (empty($hash)) {
            $albumobj = $albumobj->getParent();
            while (!is_null($albumobj)) {
                $hash = $albumobj->getPassword();
                $authType = "zp_album_auth_" . $albumobj->getID();
Beispiel #3
0
 if (empty($item) || !extensionEnabled('downloadList')) {
     if (TEST_RELEASE) {
         zp_error(gettext('Forbidden'));
     } else {
         header("HTTP/1.0 403 " . gettext("Forbidden"));
         header("Status: 403 " . gettext("Forbidden"));
         exitZP();
         //	terminate the script with no output
     }
 }
 $hash = getOption('downloadList_password');
 if (GALLERY_SECURITY != 'public' || $hash) {
     //	credentials required to download
     if (!zp_loggedin(getOption('downloadList_rights') ? FILES_RIGHTS : ALL_RIGHTS)) {
         $user = getOption('downloadList_user');
         zp_handle_password('download_auth', $hash, $user);
         if (!empty($hash) && zp_getCookie('download_auth') != $hash) {
             $show = $user ? true : NULL;
             $hint = '';
             if (!empty($hash)) {
                 $hint = get_language_string(getOption('downloadList_hint'));
             }
             if (isset($_GET['albumzip'])) {
                 $item .= '&albumzip';
             }
             printPasswordForm($hint, true, $show, '?download=' . $item);
             exitZP();
         }
     }
 }
 if (isset($_GET['albumzip'])) {