/**
* proccess_request
* Process the request for the public area
*/
private function proccess_request()
{
global $lang;
$this->template = 404;
// Default template
$this->pages = $this->get_pages();
// get theme pages
// Prepare te request array to use the legacy request (?v=file.ext)
if (check_value($_GET['v']) && preg_match("/^\\w*\\.jpg|png|gif\$/", $_GET['v'])) {
$this->base_request = '?' . $this->request_array[1];
unset($this->request_array[1]);
}
@session_start();
if (count($_SESSION['ImagesUp']) > 0) {
$_SESSION['ImagesUp'] = array_values($_SESSION['ImagesUp']);
self::$uploaded = true;
}
if (chevereto_config('maintenance')) {
$this->base_request = 'maintenance';
}
// Switch according the request
switch ($this->base_request) {
case '':
case 'index.php':
@session_start();
$_SESSION['last_upload_request'] = time();
$this->template = 'index';
break;
case 'json':
json_prepare();
// Do a special trick for the json action=login
if ($_REQUEST['action'] == 'login') {
// Check for user match...
$login_user = login_user($_REQUEST['password'], $_REQUEST['keep']);
if ($login_user !== false) {
$json_array = array('status_code' => 200, 'status_txt' => 'logged in');
} else {
$json_array = array('status_code' => 403, 'status_txt' => 'invalid login');
}
} elseif ($_REQUEST['action'] == 'logout') {
do_logout();
$json_array = array('status_code' => 200, 'status_txt' => 'logged out');
}
$json_array = check_value($json_array) ? $json_array : array('status' => 403, 'status_txt' => 'unauthorized');
session_write_close();
die(json_output($json_array));
break;
case __CHV_VIRTUALFOLDER_IMAGE__:
// View request
$id_public = $this->request_array[1];
$this->template = !is_upload_result() ? 'view' : 'uploaded';
self::$is_viewer = true;
break;
case __CHV_VIRTUALFOLDER_UPLOADED__:
@session_start();
if (count($_SESSION['ImagesUp']) > 0) {
$this->template = 'uploaded';
self::$doctitle = $lang['doctitle_upload_complete'];
} else {
$this->redirect(__CHV_BASE_URL__, 400);
}
break;
case 'error-javascript':
chevereto_die(array(get_lang_txt('critical_js_step_1'), get_lang_txt('critical_js_step_2')), 'JavaScript', array(get_lang_txt('critical_js')));
break;
case '?chevereto':
$this->template = 'bool';
break;
// Legacy viewer
// Legacy viewer
case '?v=' . $_GET['v']:
// View request
$id_public = $_GET['v'];
$this->legacy_redirect = true;
break;
case 'delete':
case 'delete-confirm':
//$delete_what = $this->request_array[1];
$id_public = $this->request_array[2];
$deleteHash = $this->request_array[3];
$this->template = $this->base_request;
self::$is_viewer = true;
break;
case 'maintenance':
$this->template = 'maintenance';
self::$doctitle = chevereto_config('doctitle');
break;
default:
// Pages request
require_once $this->path_theme . 'pages/pages_config.php';
// We load the special pages config
if (in_array($this->base_request . '.php', $this->pages) and $this->request_array[1] == '' and $pages_config[$this->base_request]['live']) {
$this->template = 'pages/' . $this->base_request;
self::$doctitle = $pages_config[$this->base_request]['title'];
} else {
$this->template = 'shorturl';
$id_public = $this->base_request;
self::$is_viewer = true;
}
break;
}
// Ask for the login on index and pages
if ($this->template == 'index' || $this->template == 'pages/' . $this->base_request) {
if (conditional_config('private_mode')) {
if (!is_logged_user()) {
$doctitle = get_lang_txt('txt_enter_password') . ' - ' . chevereto_config('doctitle');
include __CHV_PATH_SYSTEM__ . 'login.php';
die;
}
}
}
if ($this->template == 'uploaded') {
self::$doctitle = get_lang_txt('doctitle_upload_complete');
self::$image_info = $_SESSION['ImagesUp'][0];
self::$uploaded_images = $_SESSION['ImagesUp'];
$_SESSION['ImagesUp'] = NULL;
unset($_SESSION['ImagesUp']);
}
if (preg_match('/view|shorturl|delete/', $this->template) || $this->legacy_redirect) {
// Test connection
if ($this->dB->dead) {
self::$doctitle = 'dB connection error';
$this->template = 404;
} else {
// get image info
$imageID = $this->legacy_redirect ? $id_public : decodeID($id_public);
self::$image_info = $this->dB->image_info($imageID);
self::$id_public = $id_public;
if (!is_array(self::$image_info)) {
// Record?
if ($this->template == 'delete-confirm') {
json_output(array('status_code' => 403, 'status_txt' => 'target image doesn\'t exists'));
} else {
$this->template = 404;
}
} else {
if ($this->legacy_redirect) {
$this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . encodeID(self::$image_info['image_id']), 301);
}
$target = get_image_target(self::$image_info);
self::$image_target = $target['image_path'];
self::$image_thumb_target = $target['image_thumb_path'];
self::$image_url = absolute_to_url($target['image_path']);
self::$image_thumb_url = absolute_to_url($target['image_thumb_path']);
self::$image_filename = self::$image_info['image_filename'];
self::$image_viewer = __CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . $id_public;
self::$delete_image_url = __CHV_BASE_URL__ . 'delete/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash'];
$image_delete_proceed = !empty(self::$image_info['image_delete_hash']) && $deleteHash === self::$image_info['image_delete_hash'] ? true : false;
switch ($this->template) {
case 'delete':
if (!$image_delete_proceed) {
$this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . self::$id_public, 301);
}
self::$delete_image_confirm_url = __CHV_BASE_URL__ . 'delete-confirm/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash'];
self::$doctitle = get_lang_txt('doctitle_delete_confirm') . ' ' . self::$image_info['image_filename'];
break;
case 'delete-confirm':
if (!$image_delete_proceed) {
json_output(array('status_code' => 403, 'status_txt' => 'invalid delete hash'));
} else {
require_once __CHV_PATH_ADMIN_CLASSES__ . 'class.manage.php';
$manage = new Manage(array('id' => self::$image_info['image_id'], 'action' => 'delete'));
if ($manage->dead) {
$json_array = array('status_code' => 403, 'status_txt' => $manage->error);
} else {
$json_array = $manage->process();
}
}
// Make the status_txt more readable...
switch ($json_array['status_code']) {
case 200:
$json_array['status_txt'] = get_lang_txt('txt_image_deleted');
break;
default:
case 403:
$json_array['status_txt'] = get_lang_txt('txt_error_deleting_image');
break;
}
json_output($json_array);
break;
default:
self::$doctitle = get_lang_txt('doctitle_viewing_image') . ' ' . self::$image_info['image_filename'];
break;
}
}
}
}
if ($this->template == 404) {
status_header(404);
self::$doctitle = check_value(self::$doctitle) ? self::$doctitle : get_lang_txt('txt_404_title');
} else {
status_header(200);
}
// We load the template
if ($this->template == 'bool') {
exit(json_encode(true));
} else {
$this->load_template();
}
}
function __construct($valid_request)
{
global $lang, $Login, $dB;
@session_start();
// Redirect plain /admin/index.php access
if (preg_match('/index\\.php/', $_SERVER['REQUEST_URI'])) {
$this->redirect($this->base_redirection($this->root_url), 301);
}
$admin_request = sanitize_path(str_replace(sanitize_path(__CHV_FOLDER_ADMIN__), "", str_replace(sanitize_path(__CHV_RELATIVE_ROOT__) . '/', "", $valid_request)));
// json?blabla instead of (folder?)/admin/json?blabla
$this->request_array = explode('/', $admin_request);
$request_file = str_replace('//', '/', __CHV_ROOT_DIR__ . str_replace(__CHV_RELATIVE_ROOT__ == '/' ? '' : __CHV_RELATIVE_ROOT__, '', $_SERVER['REQUEST_URI']));
// Serve the static file or call the handler?
if (file_exists($request_file) and !is_dir($request_file) and !preg_match('/php/', get_mime($request_file)) and trim($_SERVER['REQUEST_URI'], '/') !== trim(dirname($_SERVER['SCRIPT_NAME']), '/')) {
error_reporting(0);
header('Content-Type: ' . get_mime($request_file) . '; Cache-Control: no-cache; Pragma: no-cache');
die(readfile($request_file));
}
// Now, deny all direct access to the other resources
if ((file_exists($request_file) or is_dir($request_file)) and trim($_SERVER['REQUEST_URI'], '/') !== trim(dirname($_SERVER['SCRIPT_NAME']), '/') and !$Login->is_admin()) {
status_header(403);
die('Forbidden');
}
// Organize the source request
$request_array_explode = explode('?', $this->request_array[0]);
$request_base = $request_array_explode[0];
// Now, lets do sub request according to the base request
switch ($request_base) {
case '':
break;
// admin main
// admin main
case 'json':
json_prepare();
// Do a special trick for the json action=login
if ($_REQUEST['action'] !== 'login' and !is_admin()) {
$json_array = array('status_code' => 401, 'status_txt' => 'unauthorized');
} elseif ($_REQUEST['action'] == 'login') {
// Check for admin match...
$login_user = login_user($_REQUEST['password'], $_REQUEST['keep']);
if ($login_user == 'admin') {
$json_array = array('status_code' => 200, 'status_txt' => 'logged in');
} else {
$json_array = array('status_code' => 403, 'status_txt' => 'invalid login');
}
} elseif ($_REQUEST['action'] == 'logout') {
do_logout();
$json_array = array('status_code' => 200, 'status_txt' => 'logged out');
} elseif ($_REQUEST['action'] == 'filelist') {
require_once __CHV_PATH_CLASSES__ . 'class.filelist.php';
$filelist = new FileList($_REQUEST['type'], $_REQUEST['sort'], $_REQUEST['limit'], $_REQUEST['keyword']);
$json_array = $filelist->filelist;
} elseif ($_REQUEST['action'] == 'uploaded') {
// In some point there will be a stats class that will help us to output all the stats. This is just the number of uploaded files now.
$json_array = array('total' => total_images_uploaded());
// The rest of the actions are for the manage class (delete|rename|resize)
} else {
require_once __CHV_PATH_ADMIN_CLASSES__ . 'class.manage.php';
$manage = new Manage($_REQUEST);
if ($manage->dead) {
$json_array = array('status_code' => 403, 'status_txt' => $manage->error);
} else {
$json_array = $manage->process();
}
}
$json_array = check_value($json_array) ? $json_array : array('status_code' => 403, 'status_txt' => 'empty json');
die(json_output($json_array));
break;
// json
// json
default:
if (is_admin()) {
status_header(404);
die('Not found');
} else {
status_header(403);
die('Forbidden');
}
break;
}
// Send the OK status header
status_header(200);
if (!is_admin()) {
$doctitle = get_lang_txt('txt_enter_password') . ' - Chevereto File Manager';
require_once __CHV_PATH_SYSTEM__ . 'login.php';
} else {
require_once __CHV_PATH_ADMIN_SYSTEM__ . 'header.php';
require_once __CHV_PATH_ADMIN_SYSTEM__ . 'filemanager.php';
}
}
