function debugLogArray($name, $source, $indent = 0, $trail = '')
{
if (is_array($source)) {
$msg = str_repeat(' ', $indent) . "{$name} => ( ";
if (count($source) > 0) {
foreach ($source as $key => $val) {
if (strlen($msg) > 72) {
debugLog($msg);
$msg = str_repeat(' ', $indent);
}
if (is_array($val)) {
if (!empty($msg)) {
debugLog($msg);
}
debugLogArray($key, $val, $indent + 5, ',');
$msg = '';
} else {
$msg .= $key . " => " . $val . ', ';
}
}
$msg = substr($msg, 0, strrpos($msg, ',')) . " )" . $trail;
} else {
$msg .= ")";
}
debugLog($msg);
} else {
debugLog($name . ' parameter is not an array.');
}
}
define('OFFSET_PATH', 3);
require_once dirname(dirname(__FILE__)) . '/admin-functions.php';
$_zp_loggedin = NULL;
if (isset($_POST['auth'])) {
$hash = sanitize($_POST['auth']);
$id = sanitize($_POST['id']);
$_zp_loggedin = $_zp_authority->checkAuthorization($hash, $id);
}
admin_securityChecks(UPLOAD_RIGHTS, $return = currentRelativeURL(__FILE__));
if (!empty($_FILES)) {
$gallery = new Gallery();
$name = trim(basename(sanitize($_FILES['file']['name'], 3)));
if (isset($_FILES['Filedata']['error']) && $_FILES['file']['error']) {
$error = $_FILES['Filedata']['error'];
debugLogArray('Uploadify error:', $_FILES);
trigger_error(sprintf(gettext('Uploadify error on %1$s. Review your debug log.'), $name));
} else {
$tempFile = sanitize($_FILES['file']['tmp_name'], 3);
$folder = trim(sanitize($_POST['http_folder'], 3));
if (substr($folder, 0, 1) == '/') {
$folder = substr($folder, 1);
}
if (substr($folder, 0, 1) == '/') {
$folder = substr($folder, 1);
}
if (substr($folder, -1) == '/') {
$folder = substr($folder, 0, -1);
}
$folder = zp_apply_filter('admin_upload_process', $folder);
$targetPath = ALBUM_FOLDER_SERVERPATH . internalToFilesystem($folder);
/**
* This function will parse a given HTTP Accepted language instruction
* (or retrieve it from $_SERVER if not provided) and will return a sorted
* array. For example, it will parse fr;en-us;q=0.8
*
* Thanks to Fredbird.org for this code.
*
* @param string $str optional language string
* @return array
*/
function parseHttpAcceptLanguage($str = NULL)
{
if (!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
return array();
}
// getting http instruction if not provided
if (!$str) {
$str = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
}
$langs = explode(',', $str);
// creating output list
$accepted = array();
foreach ($langs as $lang) {
// parsing language preference instructions
// 2_digit_code[-longer_code][;q=coefficient]
preg_match('/([A-Za-z]{1,2})(-([A-Za-z0-9]+))?(;q=([0-9\\.]+))?/', $lang, $found);
// 2 digit lang code
$code = $found[1];
// lang code complement
$morecode = array_key_exists(3, $found) ? $found[3] : false;
// full lang code
$fullcode = $morecode ? $code . '_' . $morecode : $code;
// coefficient
$coef = sprintf('%3.1f', array_key_exists(5, $found) ? $found[5] : '1');
// for sorting by coefficient
$key = $coef . '-' . $code;
// adding
$accepted[$key] = array('code' => $code, 'coef' => $coef, 'morecode' => $morecode, 'fullcode' => $fullcode);
}
// sorting the list by coefficient desc
krsort($accepted);
if (DEBUG_LOCALE) {
debugLog("parseHttpAcceptLanguage({$str})");
debugLogArray('$accepted', $accepted);
}
return $accepted;
}
/**
* Retuns the administration rights of a saved authorization code
* Will promote an admin to ADMIN_RIGHTS if he is the most privileged admin
*
* @param string $authCode the hash code to check
* @param int $id whom we think this is
*
* @return bit
*/
function checkAuthorization($authCode, $id)
{
global $_zp_current_admin_obj, $_zp_reset_admin, $_zp_null_account;
$_zp_current_admin_obj = NULL;
if (DEBUG_LOGIN) {
debugLogBacktrace("checkAuthorization({$authCode}, {$id})");
}
$admins = $this->getAdministrators();
if (DEBUG_LOGIN) {
debugLogArray("checkAuthorization: admins", $admins);
}
if (count($admins) == 0) {
if (DEBUG_LOGIN) {
debugLog("checkAuthorization: no admins");
}
$_zp_null_account = true;
return ADMIN_RIGHTS;
//no admins or reset request
}
if ($_zp_reset_admin) {
if (DEBUG_LOGIN) {
debugLog("checkAuthorization: reset request");
}
if (is_object($_zp_reset_admin)) {
return $_zp_reset_admin->getRights();
}
}
if (empty($authCode)) {
return 0;
}
// so we don't "match" with an empty password
$rights = 0;
$criteria = array('`pass`=' => $authCode, '`valid`=' => 1);
if (!is_null($id)) {
$criteria['`id`='] = $id;
}
$user = $this->getAnAdmin($criteria);
if (is_object($user)) {
$_zp_current_admin_obj = $user;
$rights = $user->getRights();
if (DEBUG_LOGIN) {
debugLog(sprintf('checkAuthorization: from $authcode %X', $rights));
}
return $rights;
}
$_zp_current_admin_obj = NULL;
if (DEBUG_LOGIN) {
debugLog("checkAuthorization: no match");
}
return 0;
// no rights
}
$commentcount++;
} else {
$postinfo .= '<li class="import-error">' . gettext('Comment could not be assigned!') . '</li>';
}
}
}
if ($commentexists_count != 0) {
$postinfo .= '<li class="import-exists">' . sprintf(ngettext('%1$u comment already exists.', '%1$u comments already exist.', $commentexists_count), $commentexists_count) . '</li>';
}
if ($commentcount != 0) {
$postinfo .= '<li class="import-success">' . sprintf(ngettext('%1$u comment imported.', '%1$u comments imported.', $commentcount), $commentcount) . '</li>';
}
} else {
$postinfo .= '<ul><li class="import-nothing">' . gettext('No comments to import') . '</li>';
}
debugLogArray('Wordpress import - Comments for "' . $post['title'] . '" (' . $post['type'] . ')', $comments);
$postinfo .= '</ul></li>';
$postcount++;
}
// posts foreach
$metaURL = 'wordpress_import.php?refresh=' . $postcount . '&dbname=' . $wp_dbname . '&dbuser='******'&dbpass='******'&dbhost=' . $wp_dbhost . '&tableprefix=' . $wp_prefix . '&convertlinefeeds=' . getcheckboxState('convertlinefeeds') . '&XSRFToken=' . getXSRFToken('wordpress');
} else {
// if posts are available at all
$metaURL = '';
// to be sure...
$postinfo .= "<li class='import-nothing'>" . gettext("No posts or pages to import.") . "</li>";
}
}
// if db data set
printAdminHeader(gettext('utilities'), gettext('Wordpress'));
if (!empty($metaURL) && $postcount < $posttotalcount) {
/**
* Retuns the administration rights of a saved authorization code
*
* @param string $authCode the md5 code to check
*
* @return bit
*/
function checkAuthorization($authCode)
{
if (DEBUG_LOGIN) {
debugLogBacktrace("checkAuthorization({$authCode})");
}
global $_zp_current_admin;
$admins = getAdministrators();
if (DEBUG_LOGIN) {
debugLogArray("admins", $admins);
}
$reset_date = getOption('admin_reset_date');
if (count($admins) == 0 || empty($reset_date)) {
$_zp_current_admin = null;
if (DEBUG_LOGIN) {
debugLog("no admin or reset request");
}
return ADMIN_RIGHTS;
//no admins or reset request
}
if (empty($authCode)) {
return 0;
}
// so we don't "match" with an empty password
$i = 0;
foreach ($admins as $key => $user) {
if (DEBUG_LOGIN) {
debugLog("checking: {$key}");
}
if ($user['pass'] == $authCode) {
$_zp_current_admin = $user;
$result = $user['rights'];
if ($i == 0) {
// the first admin is the master.
$result = $result | ADMIN_RIGHTS;
}
if (DEBUG_LOGIN) {
debugLog("match");
}
return $result;
}
$i++;
}
$_zp_current_admin = null;
return 0;
// no rights
}
/**
* produce debugging information on 404 errors
* @param string $album
* @param string $image
* @param string $theme
*/
function debug404($album, $image, $theme)
{
if (DEBUG_404) {
$ignore = array('/favicon.ico', '/zp-data/tést.jpg');
$target = $_SERVER['REQUEST_URI'];
foreach ($ignore as $uri) {
if ($target == $uri) {
return;
}
}
trigger_error(sprintf(gettext('Zenphoto processed a 404 error on %s. See the debug log for details.'), $target), E_USER_NOTICE);
debugLog("404 error: album={$album}; image={$image}; theme={$theme}");
debugLogArray('$_SERVER', $_SERVER, 0, '');
debugLogArray('$_REQUEST', $_REQUEST, 0, '');
debugLog('');
}
}
