static function invalidate($cookies)
{
global $_zp_loggedin, $_zp_current_admin_obj;
if (zp_getCookie('cookieInvalidator') != ($newBase = getOption('cookieInvalidator_base'))) {
foreach ($cookies as $cookie => $value) {
zp_clearCookie($cookie);
}
zp_setCookie('cookieInvalidator', $newBase);
$_zp_current_admin_obj = $_zp_loggedin = NULL;
}
}
/**
*
* Filter to "setupTheme" that will override the gallery theme with user selected theme
* @param string $theme
*/
static function theme($theme)
{
global $_zp_gallery;
$new = zp_getCookie('themeSwitcher_theme');
if ($new) {
if (array_key_exists($new, $_zp_gallery->getThemes())) {
$theme = $new;
}
}
return $theme;
}
/**
*checks for album password posting
*/
function zp_handle_password()
{
global $_zp_loggedin, $_zp_login_error, $_zp_current_album;
if (zp_loggedin()) {
return;
}
// who cares, we don't need any authorization
$cookiepath = WEBPATH;
if (WEBPATH == '') {
$cookiepath = '/';
}
$check_auth = '';
if (in_context(ZP_SEARCH)) {
// search page
$authType = 'zp_search_auth';
$check_auth = getOption('search_password');
$check_user = getOption('search_user');
} else {
if (in_context(ZP_ALBUM)) {
// album page
$authType = "zp_album_auth_" . cookiecode($_zp_current_album->name);
$check_auth = $_zp_current_album->getPassword();
$check_user = $_zp_current_album->getUser();
if (empty($check_auth)) {
$parent = $_zp_current_album->getParent();
while (!is_null($parent)) {
$check_auth = $parent->getPassword();
$check_user = $parent->getUser();
$authType = "zp_album_auth_" . cookiecode($parent->name);
if (!empty($check_auth)) {
break;
}
$parent = $parent->getParent();
}
}
}
}
if (empty($check_auth)) {
// anything else is controlled by the gallery credentials
$authType = 'zp_gallery_auth';
$check_auth = getOption('gallery_password');
$check_user = getOption('gallery_user');
}
// Handle the login form.
if (isset($_POST['password']) && isset($_POST['pass'])) {
$post_user = $_POST['user'];
$post_pass = $_POST['pass'];
$auth = md5($post_user . $post_pass);
if ($_zp_loggedin = checkLogon($post_user, $post_pass)) {
// allow Admin user login
zp_setcookie("zenphoto_auth", $auth, time() + COOKIE_PESISTENCE, $cookiepath);
} else {
if ($auth == $check_auth && $post_user == $check_user) {
// Correct auth info. Set the cookie.
zp_setcookie($authType, $auth, time() + COOKIE_PESISTENCE, $cookiepath);
} else {
// Clear the cookie, just in case
zp_setcookie($authType, "", time() - 368000, $cookiepath);
$_zp_login_error = true;
}
}
return;
}
if (empty($check_auth)) {
//no password on record
return;
}
if (($saved_auth = zp_getCookie($authType)) != '') {
if ($saved_auth == $check_auth) {
return;
} else {
// Clear the cookie
zp_setcookie($authType, "", time() - 368000, $cookiepath);
}
}
}
$show = $albumobj->getUser();
if (!empty($hash)) {
break;
}
$albumobj = $albumobj->getParent();
}
}
}
if (empty($hash)) {
// check for gallery password
$hash = $_zp_gallery->getPassword();
$authType = 'zp_gallery_auth';
$hint = $_zp_gallery->getPasswordHint();
$show = $_zp_gallery->getUser();
}
if (empty($hash) || !empty($hash) && zp_getCookie($authType) != $hash) {
require_once SERVERPATH . "/" . ZENFOLDER . '/rewrite.php';
require_once dirname(__FILE__) . "/template-functions.php";
require_once SERVERPATH . "/" . ZENFOLDER . '/functions-controller.php';
zp_load_gallery();
foreach (getEnabledPlugins() as $extension => $plugin) {
if ($plugin['priority'] & THEME_PLUGIN) {
require_once $plugin['path'];
$_zp_loaded_plugins[$extension] = $extension;
}
}
$theme = setupTheme($albumobj);
$custom = $_zp_themeroot . '/functions.php';
if (file_exists($custom)) {
require_once $custom;
}
echo '<strong>*</strong>';
}
?>
</label>
<input type="text" id="admin_email" name="admin_email" value="<?php
echo html_encode($admin_e);
?>
" size="<?php
echo TEXT_INPUT_SIZE;
?>
" />
</p>
<?php
}
if (extensionEnabled('userAddressFields')) {
$address = getSerializedArray(zp_getCookie('reister_user_form_addresses'));
if (empty($address)) {
$address = array('street' => '', 'city' => '', 'state' => '', 'country' => '', 'postal' => '', 'website' => '');
}
$show = $required = getOption('register_user_address_info');
if ($required == 'required') {
$required = '<strong>*</strong>';
} else {
$required = false;
}
if ($show) {
?>
<p>
<label for="comment_form_street">
<?php
printf(gettext('Street%s'), $required);
/**
* returns the auth type of a guest login
*
* @param string $hint
* @param string $show
* @return string
*/
function checkForGuest(&$hint = NULL, &$show = NULL)
{
global $_zp_gallery, $_zp_gallery_page, $_zp_current_zenpage_page, $_zp_current_category, $_zp_current_zenpage_news;
$authType = zp_apply_filter('checkForGuest', NULL);
if (!is_null($authType)) {
return $authType;
}
if (in_context(ZP_SEARCH)) {
// search page
$hash = getOption('search_password');
if (getOption('search_user') != '') {
$show = true;
}
$hint = get_language_string(getOption('search_hint'));
$authType = 'zp_search_auth';
if (empty($hash)) {
$hash = $_zp_gallery->getPassword();
if ($_zp_gallery->getUser() != '') {
$show = true;
}
$hint = $_zp_gallery->getPasswordHint();
$authType = 'zp_gallery_auth';
}
if (!empty($hash) && zp_getCookie($authType) == $hash) {
return $authType;
}
} else {
if (!is_null($_zp_current_zenpage_news)) {
$authType = $_zp_current_zenpage_news->checkAccess($hint, $show);
return $authType;
} else {
if (isset($_GET['album'])) {
// album page
list($album, $image) = rewrite_get_album_image('album', 'image');
if ($authType = checkAlbumPassword($album, $hint)) {
return $authType;
} else {
$alb = newAlbum($album);
if ($alb->getUser() != '') {
$show = true;
}
return false;
}
} else {
// other page
$hash = $_zp_gallery->getPassword();
if ($_zp_gallery->getUser() != '') {
$show = true;
}
$hint = $_zp_gallery->getPasswordHint();
if (!empty($hash) && zp_getCookie('zp_gallery_auth') == $hash) {
return 'zp_gallery_auth';
}
}
}
}
if (empty($hash)) {
return 'zp_public_access';
}
return false;
}
/**
* Returns a canonical language name string for the location
*
* @param string $loc the location. If NULL use the current cookie
* @param string separator will be used between the major and qualifier parts, e.g. en_US
*
* @return string
*/
static function getLanguageText($loc = NULL, $separator = NULL)
{
global $_locale_Subdomains;
if (is_null($loc)) {
$text = @$_locale_Subdomains[zp_getCookie('dynamic_locale')];
} else {
$text = @$_locale_Subdomains[$loc];
//en_US always is always empty here so so urls in dynamic locale or html_meta_tags are wrong (Quickfix)
if (empty($text)) {
$text = $loc;
}
}
if (!is_null($separator)) {
$text = str_replace('_', $separator, $text);
}
return $text;
}
static function localePath($full = false, $loc = NULL)
{
global $_zp_page, $_zp_gallery_page, $_zp_current_locale;
if ($full) {
$path = FULLWEBPATH;
} else {
$path = WEBPATH;
}
if (is_null($loc)) {
$loc = zp_getCookie('dynamic_locale');
}
if ($loc != $_zp_current_locale) {
if ($locale = zpFunctions::getLanguageText($loc)) {
$path .= '/' . $locale;
}
}
return $path;
}
if (TEST_RELEASE) {
zp_error(gettext('Forbidden'));
} else {
header("HTTP/1.0 403 " . gettext("Forbidden"));
header("Status: 403 " . gettext("Forbidden"));
exitZP();
// terminate the script with no output
}
}
$hash = getOption('downloadList_password');
if (GALLERY_SECURITY != 'public' || $hash) {
// credentials required to download
if (!zp_loggedin(getOption('downloadList_rights') ? FILES_RIGHTS : ALL_RIGHTS)) {
$user = getOption('downloadList_user');
zp_handle_password('download_auth', $hash, $user);
if (!empty($hash) && zp_getCookie('download_auth') != $hash) {
$show = $user ? true : NULL;
$hint = '';
if (!empty($hash)) {
$hint = get_language_string(getOption('downloadList_hint'));
}
if (isset($_GET['albumzip'])) {
$item .= '&albumzip';
}
printPasswordForm($hint, true, $show, '?download=' . $item);
exitZP();
}
}
}
if (isset($_GET['albumzip'])) {
DownloadList::updateListItemCount($item . '.zip');
setOptionDefault('viewer_size_image_default', '$s=' . $default);
}
function getOptionsSupported()
{
return array(gettext('Image sizes allowed') => array('key' => 'viewer_size_image_sizes', 'type' => 3, 'desc' => gettext('List of sizes from which the viewer may select.<br />The form is "$s=<size>" or "$h=<height>,$w=<width>;"....<br />See printCustomSizedImage() for details')), gettext('Default size') => array('key' => 'viewer_size_image_default', 'type' => 0, 'desc' => gettext('The initial size for the image. Format is a single instance of the sizes list.')));
}
function handleOption($option, $currentValue)
{
}
}
if (!OFFSET_PATH) {
$cookiepath = WEBPATH;
if (WEBPATH == '') {
$cookiepath = '/';
}
$saved = zp_getCookie('viewer_size_image_saved');
if (empty($saved)) {
$postdefault = trim(getOption('viewer_size_image_default'));
} else {
$_POST['viewer_size_image_selection'] = true;
// ignore default size
$postdefault = $saved;
}
}
/**
* prints the radio button image size selection list
*
* @param string $text text to introduce the radio button list
* @param string $default the default (initial) for the image sizing
* @param array $usersizes an array of sizes which may be choosen.
*/
/**
* Returns the value of a cookie from either the cookies or from $_SESSION[]
*
* @param string $name the name of the cookie
*/
function zp_getCookie($name)
{
if (isset($_COOKIE[$name])) {
$cookiev = sanitize($_COOKIE[$name]);
} else {
$cookiev = '';
}
if (DEBUG_LOGIN) {
if (isset($_SESSION[$name])) {
$sessionv = sanitize($_SESSION[$name]);
} else {
$sessionv = '';
}
debugLog(zp_getCookie($name) . '=::' . 'album_session=' . GALLERY_SESSION . "; SESSION[" . session_id() . "]=" . sanitize($sessionv) . ", COOKIE=" . sanitize($cookiev));
}
if (!empty($cookiev) && (defined('GALLERY_SESSION') && !GALLERY_SESSION)) {
return zp_cookieEncode($cookiev);
}
if (isset($_SESSION[$name])) {
return sanitize($_SESSION[$name]);
}
return NULL;
}
function handleComment()
{
global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_zenpage_news, $_zp_current_zenpage_page;
$activeImage = false;
$comment_error = 0;
$cookie = zp_getCookie('zenphoto');
if (isset($_POST['comment'])) {
if (in_context(ZP_ALBUM) || in_context(ZP_ZENPAGE_NEWS_ARTICLE) || in_context(ZP_ZENPAGE_PAGE)) {
if (isset($_POST['name'])) {
$p_name = sanitize($_POST['name'], 3);
} else {
$p_name = '';
}
if (isset($_POST['email'])) {
$p_email = sanitize($_POST['email'], 3);
} else {
$p_email = "";
}
if (isset($_POST['website'])) {
$p_website = sanitize($_POST['website'], 3);
} else {
$p_website = "";
}
if (isset($_POST['comment'])) {
$p_comment = sanitize($_POST['comment'], 1);
} else {
$p_comment = '';
}
$p_server = ThemeUtil::getUserIP();
if (isset($_POST['code'])) {
$code1 = sanitize($_POST['code'], 3);
$code2 = sanitize($_POST['code_h'], 3);
} else {
$code1 = '';
$code2 = '';
}
$p_private = isset($_POST['private']);
$p_anon = isset($_POST['anon']);
if (isset($_POST['imageid'])) {
//used (only?) by the tricasa hack to know which image the client is working with.
$activeImage = zp_load_image_from_id(sanitize_numeric($_POST['imageid']));
if ($activeImage !== false) {
$commentadded = $activeImage->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon);
$redirectTo = $activeImage->getLink();
}
} else {
if (in_context(ZP_IMAGE) and in_context(ZP_ALBUM)) {
$commentobject = $_zp_current_image;
$redirectTo = $_zp_current_image->getLink();
} else {
if (!in_context(ZP_IMAGE) and in_context(ZP_ALBUM)) {
$commentobject = $_zp_current_album;
$redirectTo = $_zp_current_album->getAlbumLink();
} else {
if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
$commentobject = $_zp_current_zenpage_news;
$redirectTo = FULLWEBPATH . '/index.php?p=' . ZENPAGE_NEWS . '&title=' . $_zp_current_zenpage_news->getTitlelink();
} else {
if (in_context(ZP_ZENPAGE_PAGE)) {
$commentobject = $_zp_current_zenpage_page;
$redirectTo = FULLWEBPATH . '/index.php?p=' . ZENPAGE_PAGES . '&title=' . $_zp_current_zenpage_page->getTitlelink();
}
}
}
}
$commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon);
}
$comment_error = $commentadded->getInModeration();
$_zp_comment_stored = array($commentadded->getName(), $commentadded->getEmail(), $commentadded->getWebsite(), $commentadded->getComment(), false, $commentadded->getPrivate(), $commentadded->getAnon(), $commentadded->getCustomData());
if (isset($_POST['remember'])) {
$_zp_comment_stored[4] = true;
}
if (!$comment_error) {
if (isset($_POST['remember'])) {
// Should always re-cookie to update info in case it's changed...
$_zp_comment_stored[3] = '';
// clear the comment itself
zp_setcookie('zenphoto', implode('|~*~|', $_zp_comment_stored), time() + COOKIE_PESISTENCE, '/');
} else {
zp_setcookie('zenphoto', '', time() - 368000, '/');
}
return COMMENT_SUCCESS;
} else {
$comment_error++;
if ($activeImage !== false and !in_context(ZP_ZENPAGE_NEWS_ARTICLE) and !in_context(ZP_ZENPAGE_PAGE)) {
// tricasa hack? Set the context to the image on which the comment was posted
$_zp_current_image = $activeImage;
$_zp_current_album = $activeImage->getAlbum();
set_context(ZP_IMAGE | ZP_ALBUM | ZP_INDEX);
}
}
}
} else {
if (!empty($cookie)) {
// Comment form was not submitted; get the saved info from the cookie.
$_zp_comment_stored = explode('|~*~|', stripslashes($cookie));
$_zp_comment_stored[4] = true;
if (!isset($_zp_comment_stored[5])) {
$_zp_comment_stored[5] = false;
}
if (!isset($_zp_comment_stored[6])) {
$_zp_comment_stored[6] = false;
}
if (!isset($_zp_comment_stored[7])) {
$_zp_comment_stored[7] = false;
}
} else {
$_zp_comment_stored = array('', '', '', '', false, false, false, false);
}
}
return $comment_error;
}
$show = $albumobj->getUser();
if (!empty($hash)) {
break;
}
$albumobj = $albumobj->getParent();
}
}
}
if (empty($hash)) {
// check for gallery password
$hash = $_zp_gallery->getPassword();
$authType = 'zp_gallery_auth';
$hint = $_zp_gallery->getPasswordHint();
$show = $_zp_gallery->getUser();
}
if (empty($hash) && GALLERY_SECURITY == 'private' || !empty($hash) && zp_getCookie($authType) != $hash) {
require_once dirname(__FILE__) . "/template-functions.php";
$parms = '';
if (isset($_GET['wmk'])) {
$parms = '&wmk=' . $_GET['wmk'];
}
if (isset($_GET['q'])) {
$parms .= '&q=' . sanitize_numeric($_GET['q']);
}
if (isset($_GET['dsp'])) {
$parms .= '&dsp=' . sanitize_numeric($_GET['dsp']);
}
$action = WEBPATH . '/' . ZENFOLDER . '/full-image.php?userlog=1&a=' . pathurlencode($album8) . '&i=' . urlencode($image8) . $parms;
printPasswordForm($hint, true, $_zp_gallery->getUserLogonField() || $show, $action);
exit;
}
$offer = $_GET['ticket'];
$admins = getAdministrators();
$admin = array_shift($admins);
$req = getOption('admin_reset_date');
$adm = $admin['user'];
$pas = $admin['pass'];
$ref = md5($req . $adm . $pas);
if ($ref === $offer) {
if (time() <= $req + 3 * 24 * 60 * 60) {
// you have one week to use the request
setOption('admin_reset_date', NULL);
}
}
}
if (!isset($_POST['login'])) {
$_zp_loggedin = checkAuthorization(zp_getCookie('zenphoto_auth'));
if (!$_zp_loggedin) {
// Clear the cookie
zp_setcookie("zenphoto_auth", "", time() - 368000, $cookiepath);
}
} else {
// Handle the login form.
if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) {
$post_user = sanitize($_POST['user'], 3);
$post_pass = sanitize($_POST['pass'], 3);
$redirect = sanitize_path($_POST['redirect']);
if ($_zp_loggedin = checkLogon($post_user, $post_pass)) {
zp_setcookie("zenphoto_auth", passwordHash($post_user, $post_pass), time() + COOKIE_PESISTENCE, $cookiepath);
if (!empty($redirect)) {
header("Location: " . FULLWEBPATH . '/' . $redirect);
}
/**
* Checks saved cookies to see if a user is logged in
*/
function checkCookieCredentials()
{
list($auth, $id) = explode('.', zp_getCookie('zp_user_auth') . '.');
$loggedin = $this->checkAuthorization($auth, (int) $id);
$loggedin = zp_apply_filter('authorization_cookie', $loggedin, $auth, $id);
if ($loggedin) {
return $loggedin;
}
zp_clearCookie("zp_user_auth");
return NULL;
}
/**
* Checks saved cookies to see if a user is logged in
*/
function checkCookieCredentials()
{
if (getOption('strong_hash')) {
$hashlen = 40;
} else {
$hashlen = 32;
}
$auth = zp_getCookie('zenphoto_auth');
if (strlen($auth) > $hashlen) {
$id = substr($auth, $hashlen);
$auth = substr($auth, 0, $hashlen);
} else {
$id = NULL;
}
$_zp_loggedin = $this->checkAuthorization($auth, $id);
if ($_zp_loggedin) {
return $_zp_loggedin;
} else {
zp_setCookie("zenphoto_auth", "", -368000);
return false;
}
}
/**
* Checks if user is allowed to access the page
* @param $hint
* @param $show
*/
function checkforGuest(&$hint = NULL, &$show = NULL)
{
if (!parent::checkForGuest()) {
return false;
}
$pageobj = $this;
$hash = $pageobj->getPassword();
while (empty($hash) && !is_null($pageobj)) {
$parentID = $pageobj->getParentID();
if (empty($parentID)) {
$pageobj = NULL;
} else {
$sql = 'SELECT `titlelink` FROM ' . prefix('pages') . ' WHERE `id`=' . $parentID;
$result = query_single_row($sql);
$pageobj = new ZenpagePage($result['titlelink']);
$hash = $pageobj->getPassword();
}
}
if (empty($hash)) {
// no password required
return 'zp_public_access';
} else {
$authType = "zp_page_auth_" . $pageobj->get('id');
$saved_auth = zp_getCookie($authType);
if ($saved_auth == $hash) {
return $authType;
} else {
$user = $pageobj->getUser();
$show = !empty($user);
$hint = $pageobj->getPasswordHint();
return false;
}
}
}
function zp_handle_comment()
{
global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_zenpage_news, $_zp_current_zenpage_page;
$activeImage = false;
$comment_error = 0;
$cookie = zp_getCookie('zenphoto_comment');
if (isset($_POST['comment'])) {
if (in_context(ZP_ALBUM) || in_context(ZP_ZENPAGE_NEWS_ARTICLE) || in_context(ZP_ZENPAGE_PAGE)) {
if (isset($_POST['name'])) {
$p_name = sanitize($_POST['name'], 3);
} else {
$p_name = NULL;
}
if (isset($_POST['email'])) {
$p_email = sanitize($_POST['email'], 3);
} else {
$p_email = NULL;
}
if (isset($_POST['website'])) {
$p_website = sanitize($_POST['website'], 3);
} else {
$p_website = NULL;
}
if (isset($_POST['comment'])) {
$p_comment = sanitize($_POST['comment'], 1);
} else {
$p_comment = '';
}
$p_server = getUserIP();
if (isset($_POST['code'])) {
$code1 = sanitize($_POST['code'], 3);
$code2 = sanitize($_POST['code_h'], 3);
} else {
$code1 = '';
$code2 = '';
}
$p_private = isset($_POST['private']);
$p_anon = isset($_POST['anon']);
if (isset($_POST['imageid'])) {
//used (only?) by the tricasa hack to know which image the client is working with.
$activeImage = zp_load_image_from_id(sanitize_numeric($_POST['imageid']));
if ($activeImage !== false) {
$commentadded = $activeImage->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon);
$redirectTo = $activeImage->getImageLink();
}
} else {
if (in_context(ZP_IMAGE) and in_context(ZP_ALBUM)) {
$commentobject = $_zp_current_image;
$redirectTo = $_zp_current_image->getImageLink();
} else {
if (!in_context(ZP_IMAGE) and in_context(ZP_ALBUM)) {
$commentobject = $_zp_current_album;
$redirectTo = $_zp_current_album->getAlbumLink();
} else {
if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
$commentobject = $_zp_current_zenpage_news;
$redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_zenpage_news->getTitlelink();
} else {
if (in_context(ZP_ZENPAGE_PAGE)) {
$commentobject = $_zp_current_zenpage_page;
$redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_zenpage_page->getTitlelink();
}
}
}
}
$commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon);
}
$comment_error = $commentadded->getInModeration();
$_zp_comment_stored = array($commentadded->getName(), $commentadded->getEmail(), $commentadded->getWebsite(), $commentadded->getComment(), false, $commentadded->getPrivate(), $commentadded->getAnon(), $commentadded->getCustomData());
if (isset($_POST['remember'])) {
$_zp_comment_stored[4] = true;
}
if (!$comment_error) {
if (isset($_POST['remember'])) {
// Should always re-cookie to update info in case it's changed...
$_zp_comment_stored[3] = '';
// clear the comment itself
zp_setCookie('zenphoto_comment', implode('|~*~|', $_zp_comment_stored), NULL, '/');
} else {
zp_setCookie('zenphoto_comment', '', -368000, '/');
}
//use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour)
if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) {
// but not for Microsoft IIS because that server fails if we redirect!
header('Location: ' . $redirectTo);
exit;
}
} else {
$comment_error++;
if ($activeImage !== false and !in_context(ZP_ZENPAGE_NEWS_ARTICLE) and !in_context(ZP_ZENPAGE_PAGE)) {
// tricasa hack? Set the context to the image on which the comment was posted
$_zp_current_image = $activeImage;
$_zp_current_album = $activeImage->getAlbum();
add_context(ZP_ALBUM | ZP_INDEX);
}
}
}
return $commentadded->comment_error_text;
} else {
if (!empty($cookie)) {
// Comment form was not submitted; get the saved info from the cookie.
$_zp_comment_stored = explode('|~*~|', stripslashes($cookie));
$_zp_comment_stored[4] = true;
if (!isset($_zp_comment_stored[5])) {
$_zp_comment_stored[5] = false;
}
if (!isset($_zp_comment_stored[6])) {
$_zp_comment_stored[6] = false;
}
if (!isset($_zp_comment_stored[7])) {
$_zp_comment_stored[7] = false;
}
} else {
$_zp_comment_stored = array('', '', '', '', false, false, false, false);
}
}
return false;
}
/**
* Sets the locale, etc. to the zenphoto domain details.
* Returns the result of setupCurrentLocale()
*
*/
function setMainDomain()
{
global $_zp_current_admin_obj, $_zp_current_locale;
if (DEBUG_LOCALE) {
debugLogBackTrace("setMainDomain()");
}
if (isset($_REQUEST['locale'])) {
$_zp_current_locale = validateLocale(sanitize($_REQUEST['locale']), isset($_POST['locale']) ? 'POST' : 'URI string');
if ($_zp_current_locale) {
zp_setCookie('dynamic_locale', $_zp_current_locale);
} else {
zp_clearCookie('dynamic_locale');
}
if (DEBUG_LOCALE) {
debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale']) . "=>{$_zp_current_locale}");
}
} else {
$matches = explode('.', @$_SERVER['HTTP_HOST']);
$_zp_current_locale = validateLocale($matches[0], 'HTTP_HOST');
if ($_zp_current_locale && zp_getCookie('dynamic_locale')) {
zp_clearCookie('dynamic_locale');
}
if (DEBUG_LOCALE) {
debugLog("dynamic_locale from HTTP_HOST: " . sanitize($matches[0]) . "=>{$_zp_current_locale}");
}
}
if (!$_zp_current_locale && is_object($_zp_current_admin_obj)) {
$_zp_current_locale = $_zp_current_admin_obj->getLanguage();
if (DEBUG_LOCALE) {
debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $_zp_current_locale);
}
if (empty($localeOption) && empty($_zp_current_locale)) {
// if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE'
$languageSupport = generateLanguageList();
$userLang = parseHttpAcceptLanguage();
foreach ($userLang as $lang) {
$l = strtoupper($lang['fullcode']);
$_zp_current_locale = validateLocale($l, 'HTTP Accept Language');
if ($_zp_current_locale) {
break;
}
}
} else {
if (empty($_zp_current_locale)) {
$_zp_current_locale = $localeOption;
}
}
}
if (empty($_zp_current_locale)) {
// return "default" language, English if allowed, otherwise whatever is the "first" allowed language
$languageSupport = generateLanguageList();
if (defined('BASE_LOCALE')) {
$loc = BASE_LOCALE;
} else {
$loc = 'en_US';
}
if (empty($languageSupport) || in_array($loc, $languageSupport)) {
$_zp_current_locale = $loc;
} else {
$_zp_current_locale = array_shift($languageSupport);
}
if (DEBUG_LOCALE) {
debugLog("locale from language list: " . $_zp_current_locale);
}
} else {
setOption('locale', $_zp_current_locale, false);
}
if (DEBUG_LOCALE) {
debugLog("getUserLocale Returning locale: " . $_zp_current_locale);
}
return setupCurrentLocale($_zp_current_locale);
}
?>
</h1>
<script type="text/javascript">
$().ready(function () {
var elf = $('#elfinder').elfinder({
lang: '<?php
echo $locale;
?>
', // language (OPTIONAL)
customData: {
'XSRFToken': '<?php
echo getXSRFToken('elFinder');
?>
',
'zp_user_auth': '<?php
echo zp_getCookie('zp_user_auth');
?>
',
<?php
if ($theme) {
if (zp_loggedin(THEMES_RIGHTS) && is_dir(SERVERPATH . '/' . THEMEFOLDER . '/' . $theme)) {
?>
'themeEdit': '<?php
echo $theme;
?>
',
<?php
}
} else {
$theme = false;
}
function processEditSelection($subtab)
{
global $subalbum_nesting, $album_nesting, $imagesTab_imageCount;
if (isset($_GET['selection'])) {
switch ($subtab) {
case '':
$album_nesting = max(1, sanitize_numeric($_GET['selection']));
zp_setCookie('gallery_nesting', $album_nesting);
break;
case 'subalbuminfo':
$subalbum_nesting = max(1, sanitize_numeric($_GET['selection']));
zp_setCookie('subalbum_nesting', $subalbum_nesting);
break;
case 'imageinfo':
$imagesTab_imageCount = max(ADMIN_IMAGES_STEP, sanitize_numeric($_GET['selection']));
zp_setCookie('imagesTab_imageCount', $imagesTab_imageCount);
break;
}
} else {
switch ($subtab) {
case '':
$album_nesting = zp_getCookie('gallery_nesting');
break;
case 'subalbuminfo':
$subalbum_nesting = zp_getCookie('subalbum_nesting');
break;
case 'imageinfo':
$count = zp_getCookie('imagesTab_imageCount');
if ($count) {
$imagesTab_imageCount = $count;
}
break;
}
}
}
/**
*
* places a link on the theme page to switch to or from the mobile theme
* @param string $text link text
*/
static function controlLink($text = NULL, $before = NULL, $after = Null)
{
$detect = new mobile();
if ($detect->isMobile()) {
if (zp_getCookie('mobileTheme_disable')) {
if (is_null($text)) {
$text = gettext('View the mobile gallery');
}
$enable = 'on';
} else {
if (is_null($text)) {
$text = gettext('View the normal gallery');
}
$enable = 'off';
}
if ($before) {
echo '<span class="beforetext">' . html_encode($before) . '</span>';
}
?>
<span class="mobileThemeControlLink">
<a href="?mobileTheme=<?php
echo $enable;
?>
" rel="external">
<?php
echo html_encode($text);
?>
</a>
</span>
<?php
if ($after) {
echo '<span class="aftertext">' . html_encode($after) . '</span>';
}
}
}
}
if (defined('VIEW_ALL_RIGHTS')) {
define('ALL_ALBUMS_RIGHTS', VIEW_ALL_RIGHTS);
define('ALL_PAGES_RIGHTS', VIEW_ALL_RIGHTS);
define('ALL_NEWS_RIGHTS', VIEW_ALL_RIGHTS);
define('VIEW_SEARCH_RIGHTS', NO_RIGHTS);
define('VIEW_GALLERY_RIGHTS', NO_RIGHTS);
define('VIEW_FULLIMAGE_RIGHTS', NO_RIGHTS);
} else {
define('VIEW_ALL_RIGHTS', ALL_ALBUMS_RIGHTS | ALL_PAGES_RIGHTS | ALL_NEWS_RIGHTS);
}
// If the auth variable gets set somehow before this, get rid of it.
$_zp_loggedin = false;
// we have the ssl marker cookie, normally we are already logged in
// but we need to redirect to ssl to retrive the auth cookie (set as secure).
if (zp_getCookie('zenphoto_ssl') && !secureServer()) {
$redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI();
header("Location:{$redirect}");
exitZP();
}
if (isset($_POST['login'])) {
// Handle the login form.
if (secureServer()) {
// https: set the 'zenphoto_ssl' marker for redirection
zp_setCookie("zenphoto_ssl", "needed");
}
$_zp_loggedin = $_zp_authority->handleLogon();
if ($_zp_loggedin) {
if (isset($_POST['redirect'])) {
$redirect = sanitizeRedirect($_POST['redirect']);
if (!empty($redirect)) {
/**
* Returns a saved (or posted) locale. Posted locales are stored as a cookie.
*
* Sets the 'locale' option to the result (non-persistent)
*/
function getUserLocale()
{
global $_zp_current_admin_obj;
if (DEBUG_LOCALE) {
debugLogBackTrace("getUserLocale()");
}
if (isset($_REQUEST['locale'])) {
if (isset($_POST['locale'])) {
$locale = validateLocale(sanitize($_POST['locale'], 0), 'POST');
} else {
$locale = validateLocale(sanitize($_GET['locale'], 0), 'URI string');
}
if ($locale) {
zp_setCookie('dynamic_locale', $locale);
}
if (DEBUG_LOCALE) {
debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale'], 0) . "=>{$locale}");
}
} else {
$locale = false;
}
if (!$locale && is_object($_zp_current_admin_obj)) {
$locale = $_zp_current_admin_obj->getLanguage();
if (DEBUG_LOCALE) {
debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $locale);
}
if (empty($localeOption) && empty($locale)) {
// if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE'
$languageSupport = generateLanguageList();
$userLang = parseHttpAcceptLanguage();
foreach ($userLang as $lang) {
$l = strtoupper($lang['fullcode']);
$locale = validateLocale($l, 'HTTP Accept Language');
if ($locale) {
break;
}
}
} else {
if (empty($locale)) {
$locale = $localeOption;
}
}
}
if (empty($locale)) {
// return "default" language, English if allowed, otherwise whatever is the "first" allowed language
$languageSupport = generateLanguageList();
if (in_array('en_US', $languageSupport)) {
$locale = 'en_US';
} else {
$locale = array_shift($languageSupport);
}
} else {
setOption('locale', $locale, false);
}
if (DEBUG_LOCALE) {
debugLog("getUserLocale Returning locale: " . $locale);
}
return $locale;
}
/**
* Returns a canonical language name string for the location
*
* @param string $loc the location. If NULL use the current cookie
* @param string separator will be used between the major and qualifier parts, e.g. en_US
*
* @return string
*/
static function getLanguageText($loc = NULL, $separator = NULL)
{
global $_locale_Subdomains;
if (is_null($loc)) {
$text = @$_locale_Subdomains[zp_getCookie('dynamic_locale')];
} else {
$text = @$_locale_Subdomains[$loc];
}
if (!is_null($separator)) {
$text = str_replace('_', $separator, $text);
}
return $text;
}
<?php
define('ALBUMCOLUMNS', 3);
define('IMAGECOLUMNS', 5);
if (!defined('WEBPATH')) {
die;
}
$_noFlash = false;
if (($personality = getOption('Theme_personality')) != "Simpleviewer" || !getOption('mod_rewrite')) {
$_noFlash = true;
} else {
// Simpleviewer initialization stuff
if (isset($_GET['noflash'])) {
$_noFlash = true;
zp_setcookie("noFlash", "noFlash");
} elseif (zp_getCookie("noFlash") != '') {
$_noFlash = true;
}
// Change the Simpleviewer configuration here
$maxImageWidth = "600";
$maxImageHeight = "600";
$preloaderColor = "0xFFFFFF";
$textColor = "0xFFFFFF";
$frameColor = "0xFFFFFF";
$frameWidth = "10";
$stagePadding = "20";
$thumbnailColumns = "3";
$thumbnailRows = "5";
$navPosition = "left";
$enableRightClickOpen = "true";
$backgroundImagePath = "";
/**
*
* places a link on the theme page to switch to or from the mobile theme
* @param string $text link text
*/
static function controlLink($text = NULL, $before = NULL, $after = Null)
{
$detect = new mobile();
if ($detect->isMobile()) {
if (zp_getCookie('mobileTheme_disable')) {
if (is_null($text)) {
$text = gettext('View the mobile gallery');
}
$enable = 'on';
} else {
if (is_null($text)) {
$text = gettext('View the normal gallery');
}
$enable = 'off';
}
if ($before) {
echo '<span class="beforetext">' . html_encode($before) . '</span>';
}
if (MOD_REWRITE) {
$link = '?mobileTheme=' . $enable;
} else {
global $_zp_gallery_page, $_zp_current_images, $_zp_current_album, $_zp_current_zenpage_news, $_zp_current_category, $_zp_current_zenpage_page;
switch ($_zp_gallery_page) {
case 'index.php':
$link = 'index.php?mobileTheme=' . $enable;
break;
case 'gallery.php':
$link = 'index.php?p=gallery&mobileTheme=' . $enable;
break;
case 'album.php':
$link = pathurlencode($_zp_current_album->getLink(null)) . '&mobileTheme=' . $enable;
break;
case 'image.php':
$link = pathurlencode($_zp_current_image->getLink(null)) . '&mobileTheme=' . $enable;
break;
case 'news.php':
if (is_NewsArticle()) {
$link = html_encode($_zp_current_zenpage_news->getLink(null)) . '&mobileTheme=' . $enable;
} else {
if (is_NewsCategory()) {
$link = html_encode($_zp_current_category->getLink(null)) . '&mobileTheme=' . $enable;
} else {
$link = html_encode(getNewsIndexURL()) . '&mobileTheme=' . $enable;
}
}
break;
case 'pages.php':
$link = html_encode($_zp_current_zenpage_page->getLink()) . '&mobileTheme=' . $enable;
break;
default:
$link = html_encode($_zp_gallery_page) . '?mobileTheme=' . $enable;
break;
}
}
?>
<span class="mobileThemeControlLink">
<a href="<?php
echo $link;
?>
" rel="external">
<?php
echo html_encode($text);
?>
</a>
</span>
<?php
if ($after) {
echo '<span class="aftertext">' . html_encode($after) . '</span>';
}
}
}
/**
* recovers search parameters from stored cookie, clears the cookie
*
* @param string $what the page type
* @param string $album Name of the album
* @param string $image Name of the image
*/
function handleSearchParms($what, $album = NULL, $image = NULL)
{
global $_zp_current_search, $zp_request;
$cookiepath = WEBPATH;
if (WEBPATH == '') {
$cookiepath = '/';
}
if (is_null($album)) {
if (is_object($zp_request)) {
$reset = get_class($zp_request) != 'SearchEngine';
} else {
$reset = $zp_request;
}
if ($reset) {
// clear the cookie if no album and not a search
if (!isset($_REQUEST['preserve_serch_params'])) {
zp_setcookie("zenphoto_image_search_params", "", time() - 368000, $cookiepath);
}
return;
}
}
$context = get_context();
$params = zp_getCookie('zenphoto_image_search_params');
if (!empty($params)) {
$_zp_current_search = new SearchEngine();
$_zp_current_search->setSearchParams($params);
// check to see if we are still "in the search context"
if (!is_null($image)) {
if ($_zp_current_search->getImageIndex($album->name, $image->filename) !== false) {
$context = $context | ZP_SEARCH_LINKED | ZP_IMAGE_LINKED;
}
}
if (!is_null($album)) {
$albumname = $album->name;
$albumlist = $_zp_current_search->getAlbums(0);
foreach ($albumlist as $searchalbum) {
if (strpos($albumname, $searchalbum) !== false) {
$context = $context | ZP_SEARCH_LINKED | ZP_ALBUM_LINKED;
break;
}
}
}
if ($context & ZP_SEARCH_LINKED) {
set_context($context);
} else {
$_zp_current_search = null;
}
}
}
" title="<?php
echo gettext('Albums Index');
?>
"><?php
printGalleryTitle();
?>
</a> |
<?php
}
printGalleryTitle();
?>
</a> |
<?php
if (is_null($_zp_current_album)) {
$search = new SearchEngine();
$params = trim(zp_getCookie('zenphoto_search_params'));
$search->setSearchParams($params);
$images = $search->getImages(0);
$searchwords = $search->getSearchWords();
$searchdate = $search->getSearchDate();
$searchfields = $search->getSearchFields(true);
$page = $search->page;
$returnpath = getSearchURL($searchwords, $searchdate, $searchfields, $page);
echo '<a href=' . html_encode($returnpath) . '><em>' . gettext('Search') . '</em></a> | ';
} else {
printParentBreadcrumb();
printAlbumBreadcrumb("", " | ");
}
?>
</span>
Slideshow
/**
* Checks to see if a password is needed
* displays a password form if log-on is required
*
* Returns true if a login form has been displayed
*
* The password protection is hereditary. This normally only impacts direct url access to an album or image since if
* you are going down the tree you will be stopped at the first place a password is required.
*
* If the gallery is password protected then every album & image will require that password.
*
* If an album is password protected then all subalbums and images treed below that album will require
* the password. If there are multiple passwords in the tree and you direct link, the password that is
* required will be that of the nearest parent that has a password. (The gallery is the ur-parrent to all
* albums.)
*
* @param bool $silent set to true to inhibit the logon form
* @return bool
* @since 1.1.3
*/
function checkforPassword($silent = false)
{
global $_zp_current_album, $_zp_current_search, $_zp_gallery, $_zp_loggedin;
if (zp_loggedin(MAIN_RIGHTS | VIEWALL_RIGHTS | ALL_ALBUMS_RIGHTS)) {
return false;
}
// you're the admin, you don't need the passwords.
if (in_context(ZP_SEARCH)) {
// search page
$hash = getOption('search_password');
$show = getOption('search_user') != '';
$hint = get_language_string(getOption('search_hint'));
$authType = 'zp_search_auth';
if (empty($hash)) {
$hash = getOption('gallery_password');
$show = getOption('gallery_user') != '';
$hint = get_language_string(getOption('gallery_hint'));
$authType = 'zp_gallery_auth';
}
if (!empty($hash)) {
if (zp_getCookie($authType) != $hash) {
if (!$silent) {
printPasswordForm($hint, true, getOption('login_user_field') || $show);
}
return true;
}
}
} else {
if (isset($_GET['album'])) {
// album page
list($album, $image) = rewrite_get_album_image('album', 'image');
if (checkAlbumPassword($album, $hint)) {
return false;
} else {
if (!$silent) {
$alb = new Album($_zp_gallery, $album);
printPasswordForm($hint, true, getOption('login_user_field') || $alb->getUser() != '');
}
return true;
}
} else {
// index page
if ($_zp_loggedin) {
return false;
}
$hash = getOption('gallery_password');
$hint = get_language_string(getOption('gallery_hint'));
if (!empty($hash)) {
if (zp_getCookie('zp_gallery_auth') != $hash) {
if (!$silent) {
printPasswordForm($hint, true, getOption('login_user_field') || getOption('gallery_user') != '');
}
return true;
}
}
}
}
return false;
}