function edit_pic_views_after_edit_file($pid)
{
global $CONFIG;
$hits = get_post_var('hits', $pid);
if (is_numeric($hits) && $hits >= 0) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET hits = '{$hits}' WHERE pid = {$pid} LIMIT 1");
}
}
function load_shared_user_schedules()
{
global $global_user;
global $maindb;
// get some values
$s_year = get_post_var("year");
$s_semester = get_post_var("semester");
// get the set of usernames and ids
$a_queryvars = array("database" => $maindb, "table" => "students", "disabled" => "0");
$s_querystring = "SELECT `username`,`id` FROM `[database]`.`[table]` WHERE `disabled`='[disabled]'";
$user_data = db_query($s_querystring, $a_queryvars);
// get the users that shared their schedules with this user
$a_queryvars = array("database" => $maindb, "table" => "user_settings", "id" => $global_user->get_id());
$s_querystring = "SELECT GROUP_CONCAT(`user_id`,',') AS `ids` FROM `[database]`.`[table]` WHERE `share_schedule_with` LIKE '%|[id]|%'";
$can_view_db = db_query($s_querystring, $a_queryvars);
$can_view_db = explode(",", $can_view_db[0]["ids"]);
$can_view = array();
for ($i = 0; $i < count($can_view_db); $i++) {
$can_view_db[$i] = intval($can_view_db[$i]);
}
// get the users that can view this user's schedule
$shared_with_db = $global_user->get_schedule_shared_users();
$shared_with = array();
// translate user ids to usernames
for ($i = 0; $i < count($user_data); $i++) {
$id = intval($user_data[$i]["id"]);
$username = $user_data[$i]["username"];
if (in_array($id, $can_view_db)) {
$user = user::load_user_by_id($id, FALSE);
if ($user !== null) {
$can_view[] = $user;
}
}
if (in_array($id, $shared_with_db)) {
$shared_with[] = $username;
}
}
// build the return value
$retval = new stdClass();
$retval->sharedUsers = new stdClass();
$retval->otherUserSchedules = array();
for ($i = 0; $i < count($shared_with); $i++) {
$retval->sharedUsers->{$shared_with}[$i] = TRUE;
}
for ($i = 0; $i < count($can_view); $i++) {
$retval->otherUserSchedules[$i] = new stdClass();
$retval->otherUserSchedules[$i]->username = $can_view[$i]->get_name();
$a_classes = $can_view[$i]->get_user_classes($s_year, $s_semester);
$a_crns = array();
for ($j = 0; $j < count($a_classes); $j++) {
$a_crns[] = $a_classes[$j]->crn;
}
$retval->otherUserSchedules[$i]->schedule = $a_crns;
}
// return the return value
return json_encode(array(new command("success", $retval)));
}
function enable_account()
{
global $maindb;
global $mysqli;
$username = get_post_var("username");
$query = db_query("UPDATE `{$maindb}`.`students` SET `disabled`='0' WHERE `username`='[username]'", array("username" => $username));
if ($query !== FALSE && $mysqli->affected_rows > 0) {
return json_encode(array(new command("print success", "The account has been enabled. Reload the page to see the affects of the changes.")));
}
return json_encode(array(new command("print failure", "Failed to enable account \"{$username}\".")));
}
function gu_sender_test()
{
// Get current settings, which may not have been saved
$use_smtp = is_post_var('use_smtp');
$smtp_server = get_post_var('smtp_server');
$smtp_port = (int) get_post_var('smtp_port');
$smtp_encryption = get_post_var('smtp_encryption');
$smtp_username = get_post_var('smtp_username');
$smtp_password = get_post_var('smtp_password');
$use_sendmail = is_post_var('use_sendmail');
$use_phpmail = is_post_var('use_phpmail');
if (!($use_smtp || $use_sendmail || $use_phpmail)) {
return gu_error(t('No method of mail transportation has been configured'));
}
$test_msg = t('If you have received this email then your settings clearly work!');
// Test SMTP settings first
if ($use_smtp) {
$mailer = new gu_mailer();
if ($mailer->init(TRUE, $smtp_server, $smtp_port, $smtp_encryption, $smtp_username, $smtp_password, FALSE, FALSE)) {
if (!$mailer->send_admin_mail('[' . gu_config::get('collective_name') . '] Testing SMTP', $test_msg)) {
return gu_error(t('Unable to send test message using SMTP'));
}
} else {
return gu_error(t('Unable to initialize mailer with the SMTP settings'));
}
$mailer->disconnect();
}
// Test Sendmail next
if ($use_sendmail) {
$mailer = new gu_mailer();
if ($mailer->init(FALSE, '', '', '', '', '', FALSE, FALSE)) {
if (!$mailer->send_admin_mail('[' . gu_config::get('collective_name') . '] Testing Sendmail', $test_msg)) {
return gu_error(t('Unable to send test message using Sendmail'));
}
} else {
return gu_error(t('Unable to initialize mailer with Sendmail'));
}
$mailer->disconnect();
}
// Test PHP mail next
if ($use_phpmail) {
$mailer = new gu_mailer();
if ($mailer->init(FALSE, '', '', '', '', '', FALSE, TRUE)) {
if (!$mailer->send_admin_mail('[' . gu_config::get('collective_name') . '] Testing PHP mail', $test_msg)) {
return gu_error(t('Unable to send test message using PHP mail'));
}
} else {
return gu_error(t('Unable to initialize mailer with PHP mail'));
}
$mailer->disconnect();
}
gu_success(t('Test messages sent to <br><i>%</i></b>', array(gu_config::get('admin_email'))));
}
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
mysql_free_result($result);
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
mysql_free_result($result);
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
mysql_free_result($result);
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
$encpassword = md5($password);
$user_language = $CONFIG['lang'];
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = mysql_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = mysql_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row = mysql_fetch_assoc($result)) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach ($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
fail('MySQL fetch', $db->error);
}
// Mitigate timing attacks (probing for valid usernames)
if (isset($dummy_salt) && strlen($hash) < 20) {
$hash = $dummy_salt;
}
if ($hasher->CheckPassword($pass, $hash)) {
$what = 'Authentication succeeded';
} else {
$what = 'Authentication failed';
$op = 'fail';
// Definitely not 'change'
}
if ($op === 'change') {
$stmt->close();
$newpass = get_post_var('newpass');
if (strlen($newpass) > 72) {
fail('The new password is too long');
}
if (($check = my_pwqcheck($newpass, $pass, $user)) !== 'OK') {
fail($check);
}
$hash = $hasher->HashPassword($newpass);
if (strlen($hash) < 20) {
fail('Failed to hash new password');
}
unset($hasher);
($stmt = $db->prepare('update users set user_password=? where user_name=?')) || fail('MySQL prepare', $db->error);
$stmt->bind_param('ss', $hash, $user) || fail('MySQL bind_param', $db->error);
$stmt->execute() || fail('MySQL execute', $db->error);
$what = 'Password changed';
<?php
define('puush', '');
require_once 'config.php';
require_once 'func.php';
// ?
$k = get_post_var('k');
// ?
$c = get_post_var('c');
// Check for the file
if (!isset($_FILES['f'])) {
exit('ERR No file provided.');
}
// The file they are uploading
$file = $_FILES['f'];
// Check the size, max 250 MB
if ($file['size'] > MAX_FILE_SIZE) {
exit('ERR File is too big.');
}
// Ensure the image is actually a file and not a friendly virus
if (validate_image($file) === FALSE) {
exit('ERR Invalid image.');
}
// Generate a new file name
$ext = get_ext($file['name']);
$generated_name = generate_upload_name($ext);
// Move the file
move_uploaded_file($file['tmp_name'], UPLOAD_DIR . $generated_name . '.' . $ext);
// ahem
echo '0,' . sprintf(FORMATTED_URL, $generated_name) . ',-1,-1';
function check_user_info(&$error)
{
global $CONFIG;
//, $PHP_SELF;
global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login;
//$CONFIG['admin_activation'] = FALSE;
//$CONFIG['admin_activation'] = TRUE;
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = addslashes($_POST['user_profile1']);
$profile2 = addslashes($_POST['user_profile2']);
$profile3 = addslashes($_POST['user_profile3']);
$profile4 = addslashes($_POST['user_profile4']);
$profile5 = addslashes($_POST['user_profile5']);
$profile6 = addslashes($_POST['user_profile6']);
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_user_exists'];
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li>' . $lang_register_php['err_uname_short'];
}
if (utf_strlen($password) < 2) {
$error .= '<li>' . $lang_register_php['err_password_short'];
}
if ($password == $user_name) {
$error .= '<li>' . $lang_register_php['err_uname_pass_diff'];
}
if ($password != $password_again) {
$error .= '<li>' . $lang_register_php['err_password_mismatch'];
}
if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) {
$error .= '<li>' . $lang_register_php['err_invalid_email'];
}
if ($error != '') {
return false;
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_duplicate_email'];
return false;
}
mysql_free_result($result);
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
if ($CONFIG['enable_encrypted_passwords']) {
$encpassword = md5($password);
} else {
$encpassword = $password;
}
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')";
if ($CONFIG['log_mode']) {
log_write('New user "' . addslashes($user_name) . '" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG);
}
$result = cpg_db_query($sql);
if ($CONFIG['reg_requires_valid_email']) {
if (!$CONFIG['admin_activation'] == 1) {
//user gets activation email
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
}
if ($CONFIG['admin_activation'] == 1) {
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_continue, 'index.php');
} else {
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php');
}
} else {
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
}
// email notification to admin
if ($CONFIG['reg_notify_admin_email']) {
// get default language in which to inform the admin
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
if ($CONFIG['admin_activation'] == 1) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} else {
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
return true;
}
function process_post_data()
{
global $CONFIG, $lang_errors;
$superCage = Inspekt::makeSuperCage();
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$field_list = array('group_name', 'group_quota', 'can_rate_pictures', 'can_send_ecards', 'can_post_comments', 'can_upload_pictures', 'pub_upl_need_approval', 'can_create_albums', 'priv_upl_need_approval', 'access_level');
$group_id_array = get_post_var('group_id');
$guests_disabled = $CONFIG['allow_unlogged_access'] == 0;
foreach ($group_id_array as $key => $group_id) {
// For guest/anonymous group, update the configuration setting 'allow_unlogged_access'
if ($group_id == 3) {
cpg_config_set('allow_unlogged_access', $superCage->post->getInt('access_level_' . $group_id));
}
// For the guest/anonymous group, don't update the database if the settings were disabled
if ($group_id == 3 && $guests_disabled) {
continue;
}
$set_statement = '';
foreach ($field_list as $field) {
if ($field == 'group_name') {
$set_statement .= $field . "='" . $superCage->post->getEscaped($field . '_' . $group_id) . "',";
} else {
$set_statement .= $field . "='" . $superCage->post->getInt($field . '_' . $group_id) . "',";
}
}
$set_statement = substr($set_statement, 0, -1);
cpg_db_query("UPDATE {$CONFIG['TABLE_USERGROUPS']} SET {$set_statement} WHERE group_id = '{$group_id}' LIMIT 1");
}
}
}
// Create and send the e-card
if ($superCage->post->keyExists('subject') && $valid_sender_email) {
$gallery_url_prefix = $CONFIG['ecards_more_pic_target'] . (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/');
if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
$n_picname = get_pic_url($row, 'normal');
} else {
$n_picname = get_pic_url($row, 'fullsize');
}
if (!stristr($n_picname, 'http:')) {
$n_picname = $gallery_url_prefix . $n_picname;
}
//output list of reasons checkmarked
$reasons = $lang_report_php['reasons_list_heading'] . $LINEBREAK;
if ($superCage->post->keyExists('reason')) {
foreach (get_post_var('reason') as $value) {
$value = $lang_report_php["{$value}"];
$reason_list .= "{$value}, ";
}
} else {
$reasons .= "{$lang_report_php['no_reason_given']}";
}
$reason_list = substr($reason_list, 0, -2);
//remove trailing comma and space
$reasons .= $reason_list;
$msg_content = nl2br(strip_tags($message));
$data = array('sn' => $sender_name, 'se' => $sender_email, 'p' => $n_picname, 'su' => $subject, 'm' => $message, 'r' => $reasons, 'c' => $comment, 'cid' => $cid, 'pid' => $pid, 't' => $what);
$encoded_data = urlencode(base64_encode(serialize($data)));
$params = array('{LANG_DIR}' => $lang_text_dir, '{TITLE}' => sprintf($lang_report_php['report_subject'], $sender_name, $type), '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'], '{VIEW_REPORT_TGT}' => "{$gallery_url_prefix}displayreport.php?data={$encoded_data}", '{VIEW_REPORT_LNK}' => $lang_report_php['view_report'], '{VIEW_REPORT_LNK_PLAINTEXT}' => $lang_report_php['view_report_plaintext'], '{PIC_URL}' => $n_picname, '{URL_PREFIX}' => $gallery_url_prefix, '{PIC_TGT}' => "{$CONFIG['ecards_more_pic_target']}displayimage.php?pid=" . $pid, '{SUBJECT}' => $subject, '{MESSAGE}' => $msg_content, '{PLAINTEXT_MESSAGE}' => $message, '{SENDER_EMAIL}' => $sender_email, '{SENDER_NAME}' => $sender_name, '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'], '{VIEW_MORE_LNK}' => $lang_report_php['view_more_pics'], '{REASON}' => $reasons, '{COMMENT}' => $comment, '{COMMENT_ID}' => $cid, '{VIEW_COMMENT_LNK}' => $lang_report_php['view_comment'], '{COMMENT_TGT}' => "{$CONFIG['ecards_more_pic_target']}displayimage.php?pid={$pid}#comment{$cid}", '{PID}' => $pid);
$message = template_eval($template, $params);
$plaintext_message = template_eval($template_report_plaintext, $params);
function process_post_data()
{
global $HTTP_POST_VARS, $CONFIG;
global $user_albums_list, $lang_errors;
$user_album_set = array();
foreach ($user_albums_list as $album) {
$user_album_set[$album['aid']] = 1;
}
if (!is_array($HTTP_POST_VARS['pid'])) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
$pid_array =& $HTTP_POST_VARS['pid'];
foreach ($pid_array as $pid) {
$pid = (int) $pid;
$aid = (int) get_post_var('aid', $pid);
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = isset($HTTP_POST_VARS['delete' . $pid]);
$reset_vcount = isset($HTTP_POST_VARS['reset_vcount' . $pid]);
$reset_votes = isset($HTTP_POST_VARS['reset_votes' . $pid]);
$del_comments = isset($HTTP_POST_VARS['del_comments' . $pid]) || $delete;
$query = "SELECT category, filepath, filename FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'";
$result = db_query($query);
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(target album = {$aid})", __FILE__, __LINE__);
}
}
$update = "aid = '" . $aid . "'";
$update .= ", title = '" . addslashes($title) . "'";
$update .= ", caption = '" . addslashes($caption) . "'";
$update .= ", keywords = '" . addslashes($keywords) . "'";
$update .= ", user1 = '" . addslashes($user1) . "'";
$update .= ", user2 = '" . addslashes($user2) . "'";
$update .= ", user3 = '" . addslashes($user3) . "'";
$update .= ", user4 = '" . addslashes($user4) . "'";
if (is_movie($pic['filename'])) {
$pwidth = get_post_var('pwidth', $pid);
$pheight = get_post_var('pheight', $pid);
$update .= ", pwidth = " . (int) $pwidth;
$update .= ", pheight = " . (int) $pheight;
}
if ($reset_vcount) {
$update .= ", hits = '0'";
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
}
if (UPLOAD_APPROVAL_MODE) {
$approved = get_post_var('approved', $pid);
if ($approved == 'YES') {
$update .= ", approved = 'YES'";
} elseif ($approved == 'DELETE') {
$del_comments = 1;
$delete = 1;
}
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
$result = db_query($query);
}
if ($delete) {
$dir = $CONFIG['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
}
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
foreach ($files as $currFile) {
if (is_file($currFile)) {
@unlink($currFile);
}
}
$query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1";
$result = db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = db_query($query);
}
}
}
function edit_custom_course()
{
$sem = get_post_var("semester");
$year = get_post_var("year");
$crn = get_post_var("crn");
$attribute = get_post_var("attribute");
$value = get_post_var("value");
return edit_custom_course($sem, $year, $crn, $attribute, $value);
}
if (is_get_var('token') && is_get_var('ref') && get_get_var('ref') == 'deluser.php') {
list($name, $username, $password, $salt, $userProfile, $id, $record_to_del) = explode('[::]', unserialize(base64_decode($_GET['token'])));
$user = false;
}
if (plx_gu_session_authenticate($name, $username, $password, $remember, $user)) {
// Redirect to page that referred here - or to the home page
$redirect = is_get_var('ref') ? urldecode(get_get_var('ref')) . (is_get_var('token') ? '?token=' . get_get_var('token') : '') : absolute_url('index.php');
header('Location: ' . $redirect);
exit;
} else {
$name = '';
gu_error(t('Incorrect username or password'));
}
} elseif (is_get_var('action') && get_get_var('action') == 'login') {
$username = is_post_var('u') ? get_post_var('u') : '';
$password = is_post_var('p') ? get_post_var('p') : '';
$remember = is_post_var('login_remember');
if (gu_session_authenticate($username, $password, $remember)) {
// Redirect to page that referred here - or to the home page
$redirect = is_get_var('ref') ? urldecode(get_get_var('ref')) : absolute_url('index.php');
header('Location: ' . $redirect);
exit;
} else {
gu_error(t('Incorrect username or password'));
}
} elseif (is_get_var('action') && get_get_var('action') == 'logout') {
// Invalidate session flag
gu_session_set_valid(FALSE);
}
gu_theme_start();
?>
function process_post_data()
{
global $db, $CONFIG;
global $user_albums_list;
$user_album_set = array();
foreach ($user_albums_list as $album) {
$user_album_set[$album['aid']] = 1;
}
if (!is_array($_POST['pid'])) {
cpg_die(_CRITICAL_ERROR, PARAM_MISSING, __FILE__, __LINE__);
}
$pid_array =& $_POST['pid'];
foreach ($pid_array as $pid) {
//init.inc $pid = (int)$pid;
if (!is_numeric($aid . $pid)) {
cpg_die(_CRITICAL_ERROR, PARAM_MISSING, __FILE__, __LINE__);
}
$aid = get_post_var('aid', $pid);
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid, 1);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = isset($_POST['delete' . $pid]);
$reset_vcount = isset($_POST['reset_vcount' . $pid]);
$reset_votes = isset($_POST['reset_votes' . $pid]);
$del_comments = isset($_POST['del_comments' . $pid]) || $delete;
$query = "SELECT category, filepath, filename FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'";
$result = $db->sql_query($query);
if (!$db->sql_numrows($result)) {
cpg_die(_CRITICAL_ERROR, NON_EXIST_AP, __FILE__, __LINE__);
}
$pic = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!GALLERY_ADMIN_MODE) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(_ERROR, PERM_DENIED . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(_ERROR, PERM_DENIED . "<br />(target album = {$aid})", __FILE__, __LINE__);
}
}
$update = "aid = '" . $aid . "' ";
$update .= ", title = '" . $title . " ' ";
$update .= ", caption = '" . $caption . "' ";
$update .= ", keywords = '" . $keywords . "' ";
$update .= ", user1 = '" . $user1 . "' ";
$update .= ", user2 = '" . $user2 . "' ";
$update .= ", user3 = '" . $user3 . "' ";
$update .= ", user4 = '" . $user4 . "' ";
if ($reset_vcount) {
$update .= ", hits = '0'";
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
}
if (UPLOAD_APPROVAL_MODE) {
$approved = get_post_var('approved', $pid);
if ($approved == '1') {
$update .= ", approved = '1'";
} elseif ($approved == 'DELETE') {
$del_comments = 1;
$delete = 1;
}
}
if ($del_comments) {
$result = $db->sql_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'");
}
if ($delete) {
$dir = $CONFIG['fullpath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(_CRITICAL_ERROR, sprintf(DIRECTORY_RO, $dir), __FILE__, __LINE__);
}
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
foreach ($files as $currFile) {
if (is_file($currFile)) {
unlink($currFile);
}
}
$result = $db->sql_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}'");
} else {
$result = $db->sql_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}'");
}
}
speedup_pictures();
}
/* Gutama plugin package
* @version 1.6
* @date 01/10/2013
* @author Cyril MAGUIRE
*/
include_once 'inc/gutuma.php';
include_once 'inc/subscription.php';
// Initialize Gutuma without validation or redirection
gu_init(FALSE, FALSE);
gu_theme_start('ok');
// If variables have been posted then they may have prefixes
$posted_address = '';
$posted_lists = array();
$posted_action = '';
foreach (array_keys($_POST) as $var) {
$val = get_post_var($var);
if (strpos($var, 'subscribe_address') !== FALSE) {
$posted_address = trim($val);
} elseif (strpos($var, 'subscribe_list') !== FALSE) {
$posted_lists = is_array($val) ? $val : ((int) $val != 0 ? array((int) $val) : array());
} elseif (strpos($var, 'unsubscribe_submit') !== FALSE) {
$posted_action = 'unsubscribe';
} elseif (strpos($var, 'subscribe_submit') !== FALSE) {
$posted_action = 'subscribe';
}
}
// Check if we've got what we need to do a posted (un)subscription
if ($posted_action != '' && $posted_address != '' && count($posted_lists) > 0) {
gu_subscription_process($posted_address, $posted_lists, $posted_action == 'subscribe');
}
// Get querystring variables
// If pluxml is used
if (isset($_profil['salt'])) {
$salt = $_profil['salt'];
} else {
$salt = gu_config::plx_charAleatoire();
}
// If settings already exist, go into update mode
$update_mode = gu_config::load();
// Check if everything is already up-to-date
$install_success = $update_mode && gu_config::get_version() == GUTUMA_VERSION_NUM;
if (!$install_success) {
// Run installtion or update script
if ($update_mode && is_post_var('update_submit')) {
$install_success = gu_update();
} elseif (!$update_mode && is_post_var('install_submit')) {
$install_success = gu_install(get_post_var('collective_name'), get_post_var('admin_username'), sha1($salt . md5(get_post_var('admin_password'))), get_post_var('admin_email'), $salt);
}
}
// Get title of page
if ($install_success) {
$title = t('Finished');
} elseif ($update_mode) {
$title = t('Update to Gutuma ') . GUTUMA_VERSION_NAME;
} else {
$title = t('Install Gutuma ') . GUTUMA_VERSION_NAME;
}
gu_theme_start();
// Output title
echo '<h2>' . $title . '</h2>';
gu_theme_messages();
if ($install_success) {
/**
* process_post_data()
*
* Function to process the form posted
*/
function process_post_data()
{
global $CONFIG, $user_albums_list, $lang_errors;
$superCage = Inspekt::makeSuperCage();
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$user_album_set = array();
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'");
while ($row = $result->fetchAssoc()) {
$user_album_set[$row['aid']] = 1;
}
$result->free();
$pid_array = $superCage->post->getInt('pid');
if (!is_array($pid_array)) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
if ($superCage->post->keyExists('galleryicon')) {
$galleryicon = $superCage->post->getInt('galleryicon');
} else {
$galleryicon = '';
}
foreach ($pid_array as $pid) {
$aid = $superCage->post->getInt("aid{$pid}");
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = false;
$reset_vcount = false;
$reset_votes = false;
$del_comments = false;
$isgalleryicon = $galleryicon === $pid;
if ($superCage->post->keyExists('delete' . $pid)) {
$delete = $superCage->post->getInt('delete' . $pid);
}
if ($superCage->post->keyExists('reset_vcount' . $pid)) {
$reset_vcount = $superCage->post->getInt('reset_vcount' . $pid);
}
if ($superCage->post->keyExists('reset_votes' . $pid)) {
$reset_votes = $superCage->post->getInt('reset_votes' . $pid);
}
if ($superCage->post->keyExists('del_comments' . $pid)) {
$del_comments = $superCage->post->getInt('del_comments' . $pid);
}
// We will be selecting pid in the query as we need it in $pic array for the plugin filter
$query = "SELECT pid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = {$pid}";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = $result->fetchAssoc(true);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}
cpg_trim_keywords($keywords);
$update = "aid = '{$aid}'";
$update .= ", title = '{$title}'";
$update .= ", caption = '{$caption}'";
$update .= ", keywords = '{$keywords}'";
$update .= ", user1 = '{$user1}'";
$update .= ", user2 = '{$user2}'";
$update .= ", user3 = '{$user3}'";
$update .= ", user4 = '{$user4}'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}");
$update .= ", galleryicon = " . $galleryicon;
}
if (is_movie($pic['filename'])) {
$pwidth = $superCage->post->getInt('pwidth' . $pid);
$pheight = $superCage->post->getInt('pheight' . $pid);
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
if ($reset_vcount) {
$update .= ", hits = 0";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = 0, votes = 0";
resetDetailVotes($pid);
}
if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) {
$approved = '';
if ($superCage->post->keyExists('approved' . $pid)) {
$approved = $superCage->post->getAlpha('approved' . $pid);
}
if ($approved == 'YES') {
$update .= ", approved = 'YES'";
} else {
$update .= ", approved = 'NO'";
}
}
if ($del_comments || $delete) {
cpg_db_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = {$pid}");
}
if ($delete) {
$dir = $CONFIG['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
}
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
// Check for custom thumbnails for non-images
if (!is_image($file)) {
$mime_content = cpg_get_type($file);
$file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file));
foreach (array('.gif', '.png', '.jpg') as $thumb_extension) {
if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) {
// Thumbnail found, check if it's the only file using that thumbnail
$count = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'")->result(0);
if ($count == 1) {
unset($files[count($files) - 1]);
$files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension;
break;
}
}
}
}
foreach ($files as $currFile) {
if (is_file($currFile)) {
@unlink($currFile);
}
}
// Plugin filter to be called before deleting a file
CPGPluginAPI::action('before_delete_file', $pic);
cpg_db_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid} LIMIT 1");
cpg_db_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '{$pid}'");
// Plugin filter to be called after a file is deleted
CPGPluginAPI::action('after_delete_file', $pic);
} else {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid = {$pid}");
// Executes after a file update is committed
CPGPluginAPI::action('after_edit_file', $pid);
}
}
}
<?php
require_once dirname(__FILE__) . "/../../resources/common_functions.php";
require_once dirname(__FILE__) . "/login.php";
require_once dirname(__FILE__) . "/../../objects/command.php";
$s_command = get_post_var("command");
function check_session_expired()
{
my_session_start();
if (get_session_expired()) {
return json_encode(array(new command("alert", "Your session has expired. You are now being redirected to the login screen.\n(change the time it takes to expire under settings)"), new command("load page", "/pages/login/index.php")));
} else {
return "[]";
}
}
if ($s_command == "check_session_expired") {
echo check_session_expired();
} else {
echo json_encode(array(new command("failure", "bad command")));
}
$name = is_post_var('name') ? trim(get_post_var('name')) : '';
$private = is_post_var('private') ? (bool) get_post_var('private') : false;
gu_ajax_list_add($name, $private);
break;
case 'list_delete':
$list = is_post_var('list') ? gu_list::get((int) get_post_var('list'), TRUE) : NULL;
gu_ajax_list_delete($list);
break;
case 'remove_address':
$list = is_post_var('list') ? gu_list::get((int) get_post_var('list'), TRUE) : NULL;
$address = is_post_var('address') ? get_post_var('address') : '';
$address_id = is_post_var('address_id') ? (int) get_post_var('address_id') : 0;
gu_ajax_remove_address($list, $address, $address_id);
break;
case 'newsletter_delete':
$newsletter = is_post_var('newsletter') ? gu_newsletter::get((int) get_post_var('newsletter')) : NULL;
gu_ajax_newsletter_delete($newsletter);
break;
}
// If action function hasn't already returned due to error, return now
gu_ajax_return();
/**
* Called when an error has occured.
* @param string $msg The error message to send to the client
*/
function gu_ajax_error($msg)
{
gu_error($msg);
gu_ajax_return();
}
/**
function check_user_info(&$error)
{
// function check_user_info - start
global $CONFIG;
//, $PHP_SELF;
global $lang_register_php, $lang_register_confirm_email, $lang_common, $lang_register_approve_email;
global $lang_register_activated_email, $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
//$CONFIG['admin_activation'] = FALSE;
//$CONFIG['admin_activation'] = TRUE;
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . $user_name . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li>' . $lang_register_php['err_uname_short'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li>' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li>' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li>' . $lang_register_php['err_password_short'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li>' . $lang_register_php['err_uname_pass_diff'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li>' . $lang_register_php['err_password_mismatch'] . '</li>';
}
if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) {
$error .= '<li>' . $lang_register_php['err_invalid_email'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li>' . $lang_register_php['err_disclaimer'] . '</li>';
}
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li>' . $lang_errors['captcha_error'] . '</li>';
}
}
if ($error != '') {
return false;
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_duplicate_email'] . '</li>';
return false;
}
mysql_free_result($result);
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
if ($CONFIG['enable_encrypted_passwords']) {
$encpassword = md5($password);
} else {
$encpassword = $password;
}
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')";
if ($CONFIG['log_mode']) {
log_write('New user "$user_name" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG);
}
$result = cpg_db_query($sql);
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
print 'sub<br />';
$catid = mysql_insert_id() + FIRST_USER_CAT;
print $catid;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})");
print "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})";
}
if ($CONFIG['reg_requires_valid_email']) {
if (!$CONFIG['admin_activation'] == 1) {
//user gets activation email
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
}
if ($CONFIG['admin_activation'] == 1) {
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
}
} else {
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
// email notification to admin
if ($CONFIG['reg_notify_admin_email']) {
// get default language in which to inform the admin
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
if ($CONFIG['admin_activation'] == 1) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} else {
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
return true;
}
$website = get_post_var('website');
$occupation = get_post_var('occupation');
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_location = '{$location}', " . "user_interests = '{$interests}', " . "user_website = '{$website}', " . "user_occupation = '{$occupation}' " . "WHERE user_id = '" . USER_ID . "'";
$result = db_query($sql);
$title = sprintf($lang_register_php['x_s_profile'], USER_NAME);
$redirect = "index.php";
pageheader($title, "<META http-equiv=\"refresh\" content=\"3;url={$redirect}\">");
msg_box($lang_info, $lang_register_php['update_success'], $lang_continue, $redirect);
pagefooter();
ob_end_flush();
exit;
}
if (isset($HTTP_POST_VARS['change_password']) && USER_ID && !defined('UDB_INTEGRATION')) {
$current_pass = get_post_var('current_pass');
$new_pass = get_post_var('new_pass');
$new_pass_again = get_post_var('new_pass_again');
if (strlen($new_pass) < 2) {
cpg_die(ERROR, $lang_register_php['err_password_short'], __FILE__, __LINE__);
}
if ($new_pass != $new_pass_again) {
cpg_die(ERROR, $lang_register_php['err_password_mismatch'], __FILE__, __LINE__);
}
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_password = '******' " . "WHERE user_id = '" . USER_ID . "' AND BINARY user_password = '******'";
$result = db_query($sql);
if (!mysql_affected_rows()) {
cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__);
}
setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['new_pass']), time() + 86400, $CONFIG['cookie_path']);
$title = sprintf($lang_register_php['x_s_profile'], USER_NAME);
$redirect = $PHP_SELF . "?op=edit_profile";
pageheader($title, "<META http-equiv=\"refresh\" content=\"3;url={$redirect}\">");
<?php
require_once dirname(__FILE__) . "/../../resources/common_functions.php";
require_once dirname(__FILE__) . "/../../objects/user.php";
require_once dirname(__FILE__) . "/../../objects/command.php";
$action = get_post_var("action");
if ($action == "logout") {
my_session_start();
logout_session();
echo json_encode(array(new command("load page", "/pages/login/index.php")));
} else {
echo json_encode(array(new command("alert", "unknown parameters")));
}
$pos = $superCage->get->getInt('pos');
$sender_name = get_post_var('sender_name', USER_NAME ? USER_NAME : (isset($USER['name']) ? $USER['name'] : ''));
if (USER_ID) {
$USER_DATA = array_merge($USER_DATA, $cpg_udb->get_user_infos(USER_ID));
}
if ($USER_DATA['user_email']) {
$sender_email = $USER_DATA['user_email'];
$sender_box = $sender_email;
} else {
$sender_email = get_post_var('sender_email', $USER['email'] ? $USER['email'] : '');
$sender_box = "<input type=\"text\" class=\"textinput\" value=\"{$sender_email}\" name=\"sender_email\" style=\"width: 100%;\" />";
}
$recipient_name = get_post_var('recipient_name');
$recipient_email = get_post_var('recipient_email');
$greetings = get_post_var('greetings');
$message = get_post_var('message');
$sender_email_warning = '';
$recipient_email_warning = '';
// Get picture thumbnail url
$result = cpg_db_query("SELECT url_prefix, filepath, filename, title, caption, pwidth, pheight FROM {$CONFIG['TABLE_PICTURES']} AS p WHERE pid='{$pid}' {$FORBIDDEN_SET}");
if (!$result->numRows()) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$row = $result->fetchAssoc(true);
$thumb_pic_url = get_pic_url($row, 'thumb');
$normal_pic_url = get_pic_url($row, 'normal');
if (strpos($normal_pic_url, 'thumb_nopic.png') > 0) {
$normal_pic_url = get_pic_url($row, 'fullsize');
}
$pic_title = $row['title'];
$pic_caption = $row['caption'];
if ($newsletter->is_sending()) {
gu_success(t('Newsletter sent to first batch of recipients'));
} else {
gu_success(t('Newsletter sent to all recipients'));
}
}
}
$newsletter = new gu_newsletter();
$is_modified = FALSE;
}
} elseif (is_post_var('attach_submit') && $_FILES['attach_file']['name'] != '') {
if ($newsletter->store_attachment($_FILES['attach_file']['tmp_name'], $_FILES['attach_file']['name'])) {
gu_success(t('Attachment <b><i>%</i></b> added', array($_FILES['attach_file']['name'])));
}
} elseif (is_post_var('remove_submit')) {
$attachment = get_post_var('msg_attachments');
if ($newsletter->delete_attachment($attachment)) {
gu_success(t('Attachment <i>%</i> removed', array($attachment)));
}
} elseif (is_post_var('save_submit')) {
if ($newsletter->save()) {
$is_modified = FALSE;
gu_success(t('Newsletter saved as draft'));
}
}
// Get all newsletters as mailbox
$mailbox = gu_newsletter::get_mailbox();
// Get list of attachments
$attachments = $newsletter->get_attachments();
if (!$preview_mode) {
// Only enable the TinyMCE compressor if zlib compression is disabled on the server
function process_post_data()
{
global $db, $CONFIG;
$field_list = array('group_name', 'group_quota', 'can_rate_pictures', 'can_send_ecards', 'can_post_comments', 'can_upload_pictures', 'pub_upl_need_approval', 'can_create_albums', 'priv_upl_need_approval');
$group_id_array = get_post_var('group_id');
foreach ($group_id_array as $key => $group_id) {
$set_statment = '';
foreach ($field_list as $field) {
if (!isset($_POST[$field . '_' . $group_id])) {
cpg_die(_CRITICAL_ERROR, PARAM_MISSING . " ({$field}_{$group_id})", __FILE__, __LINE__);
}
if ($field == 'group_name') {
$set_statment .= $field . "='" . $_POST[$field . '_' . $group_id] . "',";
} else {
$set_statment .= $field . "='" . intval($_POST[$field . '_' . $group_id]) . "',";
}
}
$set_statment = substr($set_statment, 0, -1);
$db->sql_query("UPDATE {$CONFIG['TABLE_USERGROUPS']} SET {$set_statment} WHERE group_id = '{$group_id}'");
}
}
function process_post_data()
{
global $_POST, $xoopsModuleConfig, $xoopsDB;
global $user_albums_list, $xoopsModule, $myts;
$user_album_set = array();
foreach ($user_albums_list as $album) {
$user_album_set[$album['aid']] = 1;
}
if (!is_array($_POST['pid'])) {
redirect_header('index.php', 2, _MD_PARAM_MISSING);
}
$pid_array =& $_POST['pid'];
foreach ($pid_array as $pid) {
$pid = (int) $pid;
$aid = (int) get_post_var('aid', $pid);
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = isset($_POST['delete' . $pid]);
$reset_vcount = isset($_POST['reset_vcount' . $pid]);
$reset_votes = isset($_POST['reset_votes' . $pid]);
$del_comments = isset($_POST['del_comments' . $pid]) || $delete;
$query = "SELECT category, filepath, filename, owner_id FROM " . $xoopsDB->prefix("xcgal_pictures") . ", " . $xoopsDB->prefix("xcgal_albums") . " WHERE " . $xoopsDB->prefix("xcgal_pictures") . ".aid = " . $xoopsDB->prefix("xcgal_albums") . ".aid AND pid='{$pid}'";
$result = $xoopsDB->query($query);
if (!$xoopsDB->getRowsNum($result)) {
redirect_header('index.php', 2, _MD_NON_EXIST_AP);
}
$pic = $xoopsDB->fetchArray($result);
$xoopsDB->freeRecordSet($result);
if (!USER_IS_ADMIN) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
redirect_header('index.php', 2, _MD_PERM_DENIED . "<br />(picture category = {$pic['category']}/ {$pid})");
}
if (!isset($user_album_set[$aid])) {
redirect_header('index.php', 2, _MD_PERM_DENIED . "<br />(target album = {$aid})");
}
}
$update = "aid = '" . $aid . "'";
$update .= ", title = '" . $myts->makeTboxData4Save($title) . "'";
$update .= ", caption = '" . $myts->makeTareaData4Save($caption, 0) . "'";
$update .= ", keywords = '" . $myts->makeTboxData4Save($keywords) . "'";
$update .= ", user1 = '" . $myts->makeTboxData4Save($user1) . "'";
$update .= ", user2 = '" . $myts->makeTboxData4Save($user2) . "'";
$update .= ", user3 = '" . $myts->makeTboxData4Save($user3) . "'";
$update .= ", user4 = '" . $myts->makeTboxData4Save($user4) . "'";
if ($reset_vcount) {
$update .= ", hits = '0'";
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
}
if (UPLOAD_APPROVAL_MODE) {
$approved = get_post_var('approved', $pid);
if ($approved == 'YES') {
$update .= ", approved = 'YES'";
} elseif ($approved == 'DELETE') {
$del_comments = 1;
$delete = 1;
}
}
if ($del_comments) {
//$query = "DELETE FROM ".$xoopsDB->prefix("xcgal_comments")." WHERE pid='$pid'";
//$result =$xoopsDB->query($query);
xoops_comment_delete($xoopsModule->getVar('mid'), $pid);
}
if ($delete) {
$dir = $xoopsModuleConfig['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
redirect_header('index.php', 2, sprintf(_MD_DIRECTORY_RO, $dir));
}
$files = array($dir . $file, $dir . $xoopsModuleConfig['normal_pfx'] . $file, $dir . $xoopsModuleConfig['thumb_pfx'] . $file);
foreach ($files as $currFile) {
if (is_file($currFile)) {
@unlink($currFile);
}
}
$query = "DELETE FROM " . $xoopsDB->prefix("xcgal_pictures") . " WHERE pid='{$pid}' LIMIT 1";
$result = $xoopsDB->query($query);
} else {
$query = "UPDATE " . $xoopsDB->prefix("xcgal_pictures") . " SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = $xoopsDB->query($query);
if ($pic['owner_id'] != 0) {
$submitter = new XoopsUser($pic['owner_id']);
$submitter->incrementPost();
}
}
}
}
$script_create = 'gu_gadgets_create_basic_form(' . $gadget_list . ', "' . $gadget_btn_text . '", "' . $gadget_prefix . '")';
$script_write = '<script type="text/javascript">gu_gadgets_write_basic_form(' . $gadget_list . ', "' . $gadget_btn_text . '", "' . $gadget_prefix . '")</script>';
$gadget_params = array('list', 'btn_text', 'prefix');
$gadget_requires_import = FALSE;
break;
case 'ajax_link':
$gadget_text = is_post_var('gadget_text') ? get_post_var('gadget_text') : t('Subscribe to my newsletter');
$script_create = 'gu_gadgets_create_ajax_link(' . $gadget_list . ', "' . $gadget_text . '")';
$script_write = '<script type="text/javascript">gu_gadgets_write_ajax_link(' . $gadget_list . ', "' . $gadget_text . '")</script>';
$gadget_params = array('list', 'text');
$gadget_requires_import = TRUE;
break;
case 'ajax_form':
$gadget_btn_text = is_post_var('gadget_btn_text') ? get_post_var('gadget_btn_text') : t('Subscribe');
$gadget_email_hint = is_post_var('gadget_email_hint') ? get_post_var('gadget_email_hint') : t('Your email');
$gadget_prefix = is_post_var('gadget_prefix') ? get_post_var('gadget_prefix') : 'gu_';
$script_create = 'gu_gadgets_create_ajax_form(' . $gadget_list . ', "' . $gadget_btn_text . '", "' . $gadget_email_hint . '", "' . $gadget_prefix . '")';
$script_write = '<script type="text/javascript">gu_gadgets_write_ajax_form(' . $gadget_list . ', "' . $gadget_btn_text . '", "' . $gadget_email_hint . '", "' . $gadget_prefix . '")</script>';
$gadget_params = array('list', 'btn_text', 'email_hint', 'prefix');
$gadget_requires_import = TRUE;
break;
}
}
function create_list_control($name, $value, $all_option)
{
global $lists;
$html = '<select id="' . $name . '" name="' . $name . '">';
if ($all_option) {
$html .= '<option value="0" ' . ($value == 0 ? 'selected="selected"' : '') . '>(' . t('All') . ')</option>';
}
foreach ($lists as $l) {
<!DOCTYPE html>
<?php
require_once dirname(__FILE__) . "/login.php";
if (check_logged_in()) {
header('Location: /pages/classes/main.php');
} else {
echo manage_output(draw_login_page(get_post_var('session_expired')));
}
function process_post_data()
{
global $CONFIG;
$superCage = Inspekt::makeSuperCage();
$field_list = array('group_name', 'group_quota', 'can_rate_pictures', 'can_send_ecards', 'can_post_comments', 'can_upload_pictures', 'pub_upl_need_approval', 'can_create_albums', 'priv_upl_need_approval', 'upload_form_config', 'custom_user_upload', 'num_file_upload', 'num_URI_upload');
$group_id_array = get_post_var('group_id');
$upload_form_config = 0;
foreach ($group_id_array as $key => $group_id) {
$set_statment = '';
foreach ($field_list as $field) {
//if (!isset($_POST[$field . '_' . $group_id])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'] . " ({$field}_{$group_id})", __FILE__, __LINE__);
//set the 'upload_form_config' entry
$numFile = $superCage->post->getInt('num_file_upload_' . $group_id);
$numURI = $superCage->post->getInt('num_URI_upload_' . $group_id);
// case File upload boxes=1 and URI upload boxes=0 => single uploads (0)
if ($numFile == 1 && $numURI == 0) {
$upload_form_config = 0;
}
// case File upload boxes>1 and URI upload boxes=0 => multi file uploads (1)
if ($numFile > 1 && $numURI == 0) {
$upload_form_config = 1;
}
// case File upload boxes=0 and URI upload boxes>0 => multi uri uploads (2)
if ($numFile == 0 && $numURI > 0) {
$upload_form_config = 2;
}
// case File upload boxes>0 and URI upload boxes>0 => File and URI uploads (3)
if ($numFile > 0 && $numURI > 0) {
$upload_form_config = 3;
}
// case File upload boxes=0 and URI upload boxes=0 => input error, default to single uploads (0)
if ($numFile == 0 && $numURI == 0) {
$upload_form_config = 0;
}
if ($field == 'group_name') {
$set_statment .= $field . "='" . $superCage->post->getEscaped($field . '_' . $group_id) . "',";
} else {
if ($field == 'upload_form_config') {
$set_statment .= $field . "='" . $upload_form_config . "',";
} else {
$set_statment .= $field . "='" . $superCage->post->getInt($field . '_' . $group_id) . "',";
}
}
}
$set_statment = substr($set_statment, 0, -1);
cpg_db_query("UPDATE {$CONFIG['TABLE_USERGROUPS']} SET {$set_statment} WHERE group_id = '{$group_id}' LIMIT 1");
}
}
/**
* process_post_data()
*
* Function to process the form posted
*/
function process_post_data()
{
global $CONFIG;
global $user_albums_list, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_album_set = array();
foreach ($user_albums_list as $album) {
$user_album_set[$album['aid']] = 1;
}
$pid = $superCage->post->getInt('pid');
if (!is_array($pid)) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
$pid_array = $pid;
if ($superCage->post->keyExists('galleryicon')) {
$galleryincon = $superCage->post->getInt('galleyicon');
} else {
$galleryicon = '';
}
foreach ($pid_array as $pid) {
$aid = $superCage->post->getInt("aid{$pid}");
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = false;
$reset_vcount = false;
$reset_votes = false;
$del_comments = false;
$isgalleryicon = $galleryicon === $pid;
if ($superCage->post->keyExists('delete' . $pid)) {
$delete = $superCage->post->getInt('delete' . $pid);
}
if ($superCage->post->keyExists('reset_vcount' . $pid)) {
$reset_vcount = $superCage->post - getInt('reset_vcount' . $pid);
}
if ($superCage->post->keyExists('reset_votes' . $pid)) {
$reset_votes = $superCage->post->getInt('reset_votes' . $pid);
}
if ($superCage->post->keyExists('del_comments' . $pid)) {
$del_comments = $superCage->post->getInt('del_comments' . $pid) || $delete;
}
// OVI
//$query = "SELECT category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'";
$query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid, category, filepath, filename, owner_id, total_filesize FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'";
$result = cpg_db_query($query);
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_array($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(target album = {$aid})", __FILE__, __LINE__);
}
}
$update = "aid = '{$aid}'";
$update .= ", title = '{$title}'";
$update .= ", caption = '{$caption}'";
$update .= ", keywords = '{$keywords}'";
$update .= ", user1 = '{$user1}'";
$update .= ", user2 = '{$user2}'";
$update .= ", user3 = '{$user3}'";
$update .= ", user4 = '{$user4}'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = 'UPDATE ' . $CONFIG['TABLE_PICTURES'] . ' SET galleryicon=0 WHERE owner_id=' . $pic['owner_id'] . ';';
cpg_db_query($sql);
$update .= ", galleryicon = " . addslashes($galleryicon);
}
if (is_movie($pic['filename'])) {
$pwidth = $superCage->post->getInt('pwidth' . $pid);
$pheight = $superCage->post->getInt('pheight' . $pid);
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
if ($reset_vcount) {
$update .= ", hits = '0'";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = '0', votes = '0'";
resetDetailVotes($pid);
}
if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) {
if ($superCage->post->keyExists('approved' . $pid)) {
$approved = $superCage->post->getAlpha('approved' . $pid);
}
if ($approved) {
$update .= ", approved = 'YES'";
} else {
$update .= ", approved = 'NO'";
}
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
$result = cpg_db_query($query);
}
if ($delete) {
$dir = $CONFIG['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
}
///////// OVI
$picture_id = $pid;
$owner_id = $pic['owner_id'];
$imageContainer = new FileContainer($picture_id, $owner_id);
$imageContainer->original_path = $dir . $file;
// check
$imageContainer->total_filesize = $pic['total_filesize'];
///////// OVI
/* // OVI
$files = array ($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
foreach ($files as $currFile){
if (is_file($currFile)) @unlink($currFile);
}
*/
///////// OVI
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
foreach ($files as $currFile) {
if ($currFile != $dir . $file) {
$imageContainer->thumb_paths[] = $currFile;
}
if (is_file($currFile)) {
@unlink($currFile);
}
}
///////// OVI
///// OVI
global $storage;
$storage->delete_file($imageContainer);
///// OVI
$query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
} else {
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
$result = cpg_db_query($query);
}
}
}
