Example #1
0
 static function invalidate($cookies)
 {
     global $_zp_loggedin, $_zp_current_admin_obj;
     if (zp_getCookie('cookieInvalidator') != ($newBase = getOption('cookieInvalidator_base'))) {
         foreach ($cookies as $cookie => $value) {
             zp_clearCookie($cookie);
         }
         zp_setCookie('cookieInvalidator', $newBase);
         $_zp_current_admin_obj = $_zp_loggedin = NULL;
     }
 }
Example #2
0
 /**
  *
  * Filter to "setupTheme" that will override the gallery theme with user selected theme
  * @param string $theme
  */
 static function theme($theme)
 {
     global $_zp_gallery;
     $new = zp_getCookie('themeSwitcher_theme');
     if ($new) {
         if (array_key_exists($new, $_zp_gallery->getThemes())) {
             $theme = $new;
         }
     }
     return $theme;
 }
/**
 *checks for album password posting
 */
function zp_handle_password()
{
    global $_zp_loggedin, $_zp_login_error, $_zp_current_album;
    if (zp_loggedin()) {
        return;
    }
    // who cares, we don't need any authorization
    $cookiepath = WEBPATH;
    if (WEBPATH == '') {
        $cookiepath = '/';
    }
    $check_auth = '';
    if (in_context(ZP_SEARCH)) {
        // search page
        $authType = 'zp_search_auth';
        $check_auth = getOption('search_password');
        $check_user = getOption('search_user');
    } else {
        if (in_context(ZP_ALBUM)) {
            // album page
            $authType = "zp_album_auth_" . cookiecode($_zp_current_album->name);
            $check_auth = $_zp_current_album->getPassword();
            $check_user = $_zp_current_album->getUser();
            if (empty($check_auth)) {
                $parent = $_zp_current_album->getParent();
                while (!is_null($parent)) {
                    $check_auth = $parent->getPassword();
                    $check_user = $parent->getUser();
                    $authType = "zp_album_auth_" . cookiecode($parent->name);
                    if (!empty($check_auth)) {
                        break;
                    }
                    $parent = $parent->getParent();
                }
            }
        }
    }
    if (empty($check_auth)) {
        // anything else is controlled by the gallery credentials
        $authType = 'zp_gallery_auth';
        $check_auth = getOption('gallery_password');
        $check_user = getOption('gallery_user');
    }
    // Handle the login form.
    if (isset($_POST['password']) && isset($_POST['pass'])) {
        $post_user = $_POST['user'];
        $post_pass = $_POST['pass'];
        $auth = md5($post_user . $post_pass);
        if ($_zp_loggedin = checkLogon($post_user, $post_pass)) {
            // allow Admin user login
            zp_setcookie("zenphoto_auth", $auth, time() + COOKIE_PESISTENCE, $cookiepath);
        } else {
            if ($auth == $check_auth && $post_user == $check_user) {
                // Correct auth info. Set the cookie.
                zp_setcookie($authType, $auth, time() + COOKIE_PESISTENCE, $cookiepath);
            } else {
                // Clear the cookie, just in case
                zp_setcookie($authType, "", time() - 368000, $cookiepath);
                $_zp_login_error = true;
            }
        }
        return;
    }
    if (empty($check_auth)) {
        //no password on record
        return;
    }
    if (($saved_auth = zp_getCookie($authType)) != '') {
        if ($saved_auth == $check_auth) {
            return;
        } else {
            // Clear the cookie
            zp_setcookie($authType, "", time() - 368000, $cookiepath);
        }
    }
}
Example #4
0
             $show = $albumobj->getUser();
             if (!empty($hash)) {
                 break;
             }
             $albumobj = $albumobj->getParent();
         }
     }
 }
 if (empty($hash)) {
     // check for gallery password
     $hash = $_zp_gallery->getPassword();
     $authType = 'zp_gallery_auth';
     $hint = $_zp_gallery->getPasswordHint();
     $show = $_zp_gallery->getUser();
 }
 if (empty($hash) || !empty($hash) && zp_getCookie($authType) != $hash) {
     require_once SERVERPATH . "/" . ZENFOLDER . '/rewrite.php';
     require_once dirname(__FILE__) . "/template-functions.php";
     require_once SERVERPATH . "/" . ZENFOLDER . '/functions-controller.php';
     zp_load_gallery();
     foreach (getEnabledPlugins() as $extension => $plugin) {
         if ($plugin['priority'] & THEME_PLUGIN) {
             require_once $plugin['path'];
             $_zp_loaded_plugins[$extension] = $extension;
         }
     }
     $theme = setupTheme($albumobj);
     $custom = $_zp_themeroot . '/functions.php';
     if (file_exists($custom)) {
         require_once $custom;
     }
Example #5
0
        echo '<strong>*</strong>';
    }
    ?>
</label>
				<input type="text" id="admin_email" name="admin_email" value="<?php 
    echo html_encode($admin_e);
    ?>
" size="<?php 
    echo TEXT_INPUT_SIZE;
    ?>
" />
			</p>
			<?php 
}
if (extensionEnabled('userAddressFields')) {
    $address = getSerializedArray(zp_getCookie('reister_user_form_addresses'));
    if (empty($address)) {
        $address = array('street' => '', 'city' => '', 'state' => '', 'country' => '', 'postal' => '', 'website' => '');
    }
    $show = $required = getOption('register_user_address_info');
    if ($required == 'required') {
        $required = '<strong>*</strong>';
    } else {
        $required = false;
    }
    if ($show) {
        ?>
				<p>
					<label for="comment_form_street">
						<?php 
        printf(gettext('Street%s'), $required);
/**
 * returns the auth type of a guest login
 *
 * @param string $hint
 * @param string $show
 * @return string
 */
function checkForGuest(&$hint = NULL, &$show = NULL)
{
    global $_zp_gallery, $_zp_gallery_page, $_zp_current_zenpage_page, $_zp_current_category, $_zp_current_zenpage_news;
    $authType = zp_apply_filter('checkForGuest', NULL);
    if (!is_null($authType)) {
        return $authType;
    }
    if (in_context(ZP_SEARCH)) {
        // search page
        $hash = getOption('search_password');
        if (getOption('search_user') != '') {
            $show = true;
        }
        $hint = get_language_string(getOption('search_hint'));
        $authType = 'zp_search_auth';
        if (empty($hash)) {
            $hash = $_zp_gallery->getPassword();
            if ($_zp_gallery->getUser() != '') {
                $show = true;
            }
            $hint = $_zp_gallery->getPasswordHint();
            $authType = 'zp_gallery_auth';
        }
        if (!empty($hash) && zp_getCookie($authType) == $hash) {
            return $authType;
        }
    } else {
        if (!is_null($_zp_current_zenpage_news)) {
            $authType = $_zp_current_zenpage_news->checkAccess($hint, $show);
            return $authType;
        } else {
            if (isset($_GET['album'])) {
                // album page
                list($album, $image) = rewrite_get_album_image('album', 'image');
                if ($authType = checkAlbumPassword($album, $hint)) {
                    return $authType;
                } else {
                    $alb = newAlbum($album);
                    if ($alb->getUser() != '') {
                        $show = true;
                    }
                    return false;
                }
            } else {
                // other page
                $hash = $_zp_gallery->getPassword();
                if ($_zp_gallery->getUser() != '') {
                    $show = true;
                }
                $hint = $_zp_gallery->getPasswordHint();
                if (!empty($hash) && zp_getCookie('zp_gallery_auth') == $hash) {
                    return 'zp_gallery_auth';
                }
            }
        }
    }
    if (empty($hash)) {
        return 'zp_public_access';
    }
    return false;
}
Example #7
0
 /**
  * Returns a canonical language name string for the location
  *
  * @param string $loc the location. If NULL use the current cookie
  * @param string separator will be used between the major and qualifier parts, e.g. en_US
  *
  * @return string
  */
 static function getLanguageText($loc = NULL, $separator = NULL)
 {
     global $_locale_Subdomains;
     if (is_null($loc)) {
         $text = @$_locale_Subdomains[zp_getCookie('dynamic_locale')];
     } else {
         $text = @$_locale_Subdomains[$loc];
         //en_US always is always empty here so so urls in dynamic locale or html_meta_tags are wrong (Quickfix)
         if (empty($text)) {
             $text = $loc;
         }
     }
     if (!is_null($separator)) {
         $text = str_replace('_', $separator, $text);
     }
     return $text;
 }
Example #8
0
 static function localePath($full = false, $loc = NULL)
 {
     global $_zp_page, $_zp_gallery_page, $_zp_current_locale;
     if ($full) {
         $path = FULLWEBPATH;
     } else {
         $path = WEBPATH;
     }
     if (is_null($loc)) {
         $loc = zp_getCookie('dynamic_locale');
     }
     if ($loc != $_zp_current_locale) {
         if ($locale = zpFunctions::getLanguageText($loc)) {
             $path .= '/' . $locale;
         }
     }
     return $path;
 }
Example #9
0
     if (TEST_RELEASE) {
         zp_error(gettext('Forbidden'));
     } else {
         header("HTTP/1.0 403 " . gettext("Forbidden"));
         header("Status: 403 " . gettext("Forbidden"));
         exitZP();
         //	terminate the script with no output
     }
 }
 $hash = getOption('downloadList_password');
 if (GALLERY_SECURITY != 'public' || $hash) {
     //	credentials required to download
     if (!zp_loggedin(getOption('downloadList_rights') ? FILES_RIGHTS : ALL_RIGHTS)) {
         $user = getOption('downloadList_user');
         zp_handle_password('download_auth', $hash, $user);
         if (!empty($hash) && zp_getCookie('download_auth') != $hash) {
             $show = $user ? true : NULL;
             $hint = '';
             if (!empty($hash)) {
                 $hint = get_language_string(getOption('downloadList_hint'));
             }
             if (isset($_GET['albumzip'])) {
                 $item .= '&albumzip';
             }
             printPasswordForm($hint, true, $show, '?download=' . $item);
             exitZP();
         }
     }
 }
 if (isset($_GET['albumzip'])) {
     DownloadList::updateListItemCount($item . '.zip');
        setOptionDefault('viewer_size_image_default', '$s=' . $default);
    }
    function getOptionsSupported()
    {
        return array(gettext('Image sizes allowed') => array('key' => 'viewer_size_image_sizes', 'type' => 3, 'desc' => gettext('List of sizes from which the viewer may select.<br />The form is "$s=<size>" or "$h=<height>,$w=<width>;"....<br />See printCustomSizedImage() for details')), gettext('Default size') => array('key' => 'viewer_size_image_default', 'type' => 0, 'desc' => gettext('The initial size for the image. Format is a single instance of the sizes list.')));
    }
    function handleOption($option, $currentValue)
    {
    }
}
if (!OFFSET_PATH) {
    $cookiepath = WEBPATH;
    if (WEBPATH == '') {
        $cookiepath = '/';
    }
    $saved = zp_getCookie('viewer_size_image_saved');
    if (empty($saved)) {
        $postdefault = trim(getOption('viewer_size_image_default'));
    } else {
        $_POST['viewer_size_image_selection'] = true;
        // ignore default size
        $postdefault = $saved;
    }
}
/**
 * prints the radio button image size selection list
 *
 * @param string $text text to introduce the radio button list
 * @param string $default the default (initial) for the image sizing
 * @param array $usersizes an array of sizes which may be choosen.
 */
/**
 * Returns the value of a cookie from either the cookies or from $_SESSION[]
 *
 * @param string $name the name of the cookie
 */
function zp_getCookie($name)
{
    if (isset($_COOKIE[$name])) {
        $cookiev = sanitize($_COOKIE[$name]);
    } else {
        $cookiev = '';
    }
    if (DEBUG_LOGIN) {
        if (isset($_SESSION[$name])) {
            $sessionv = sanitize($_SESSION[$name]);
        } else {
            $sessionv = '';
        }
        debugLog(zp_getCookie($name) . '=::' . 'album_session=' . GALLERY_SESSION . "; SESSION[" . session_id() . "]=" . sanitize($sessionv) . ", COOKIE=" . sanitize($cookiev));
    }
    if (!empty($cookiev) && (defined('GALLERY_SESSION') && !GALLERY_SESSION)) {
        return zp_cookieEncode($cookiev);
    }
    if (isset($_SESSION[$name])) {
        return sanitize($_SESSION[$name]);
    }
    return NULL;
}
 function handleComment()
 {
     global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_zenpage_news, $_zp_current_zenpage_page;
     $activeImage = false;
     $comment_error = 0;
     $cookie = zp_getCookie('zenphoto');
     if (isset($_POST['comment'])) {
         if (in_context(ZP_ALBUM) || in_context(ZP_ZENPAGE_NEWS_ARTICLE) || in_context(ZP_ZENPAGE_PAGE)) {
             if (isset($_POST['name'])) {
                 $p_name = sanitize($_POST['name'], 3);
             } else {
                 $p_name = '';
             }
             if (isset($_POST['email'])) {
                 $p_email = sanitize($_POST['email'], 3);
             } else {
                 $p_email = "";
             }
             if (isset($_POST['website'])) {
                 $p_website = sanitize($_POST['website'], 3);
             } else {
                 $p_website = "";
             }
             if (isset($_POST['comment'])) {
                 $p_comment = sanitize($_POST['comment'], 1);
             } else {
                 $p_comment = '';
             }
             $p_server = ThemeUtil::getUserIP();
             if (isset($_POST['code'])) {
                 $code1 = sanitize($_POST['code'], 3);
                 $code2 = sanitize($_POST['code_h'], 3);
             } else {
                 $code1 = '';
                 $code2 = '';
             }
             $p_private = isset($_POST['private']);
             $p_anon = isset($_POST['anon']);
             if (isset($_POST['imageid'])) {
                 //used (only?) by the tricasa hack to know which image the client is working with.
                 $activeImage = zp_load_image_from_id(sanitize_numeric($_POST['imageid']));
                 if ($activeImage !== false) {
                     $commentadded = $activeImage->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon);
                     $redirectTo = $activeImage->getLink();
                 }
             } else {
                 if (in_context(ZP_IMAGE) and in_context(ZP_ALBUM)) {
                     $commentobject = $_zp_current_image;
                     $redirectTo = $_zp_current_image->getLink();
                 } else {
                     if (!in_context(ZP_IMAGE) and in_context(ZP_ALBUM)) {
                         $commentobject = $_zp_current_album;
                         $redirectTo = $_zp_current_album->getAlbumLink();
                     } else {
                         if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
                             $commentobject = $_zp_current_zenpage_news;
                             $redirectTo = FULLWEBPATH . '/index.php?p=' . ZENPAGE_NEWS . '&title=' . $_zp_current_zenpage_news->getTitlelink();
                         } else {
                             if (in_context(ZP_ZENPAGE_PAGE)) {
                                 $commentobject = $_zp_current_zenpage_page;
                                 $redirectTo = FULLWEBPATH . '/index.php?p=' . ZENPAGE_PAGES . '&title=' . $_zp_current_zenpage_page->getTitlelink();
                             }
                         }
                     }
                 }
                 $commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon);
             }
             $comment_error = $commentadded->getInModeration();
             $_zp_comment_stored = array($commentadded->getName(), $commentadded->getEmail(), $commentadded->getWebsite(), $commentadded->getComment(), false, $commentadded->getPrivate(), $commentadded->getAnon(), $commentadded->getCustomData());
             if (isset($_POST['remember'])) {
                 $_zp_comment_stored[4] = true;
             }
             if (!$comment_error) {
                 if (isset($_POST['remember'])) {
                     // Should always re-cookie to update info in case it's changed...
                     $_zp_comment_stored[3] = '';
                     // clear the comment itself
                     zp_setcookie('zenphoto', implode('|~*~|', $_zp_comment_stored), time() + COOKIE_PESISTENCE, '/');
                 } else {
                     zp_setcookie('zenphoto', '', time() - 368000, '/');
                 }
                 return COMMENT_SUCCESS;
             } else {
                 $comment_error++;
                 if ($activeImage !== false and !in_context(ZP_ZENPAGE_NEWS_ARTICLE) and !in_context(ZP_ZENPAGE_PAGE)) {
                     // tricasa hack? Set the context to the image on which the comment was posted
                     $_zp_current_image = $activeImage;
                     $_zp_current_album = $activeImage->getAlbum();
                     set_context(ZP_IMAGE | ZP_ALBUM | ZP_INDEX);
                 }
             }
         }
     } else {
         if (!empty($cookie)) {
             // Comment form was not submitted; get the saved info from the cookie.
             $_zp_comment_stored = explode('|~*~|', stripslashes($cookie));
             $_zp_comment_stored[4] = true;
             if (!isset($_zp_comment_stored[5])) {
                 $_zp_comment_stored[5] = false;
             }
             if (!isset($_zp_comment_stored[6])) {
                 $_zp_comment_stored[6] = false;
             }
             if (!isset($_zp_comment_stored[7])) {
                 $_zp_comment_stored[7] = false;
             }
         } else {
             $_zp_comment_stored = array('', '', '', '', false, false, false, false);
         }
     }
     return $comment_error;
 }
Example #13
0
             $show = $albumobj->getUser();
             if (!empty($hash)) {
                 break;
             }
             $albumobj = $albumobj->getParent();
         }
     }
 }
 if (empty($hash)) {
     // check for gallery password
     $hash = $_zp_gallery->getPassword();
     $authType = 'zp_gallery_auth';
     $hint = $_zp_gallery->getPasswordHint();
     $show = $_zp_gallery->getUser();
 }
 if (empty($hash) && GALLERY_SECURITY == 'private' || !empty($hash) && zp_getCookie($authType) != $hash) {
     require_once dirname(__FILE__) . "/template-functions.php";
     $parms = '';
     if (isset($_GET['wmk'])) {
         $parms = '&wmk=' . $_GET['wmk'];
     }
     if (isset($_GET['q'])) {
         $parms .= '&q=' . sanitize_numeric($_GET['q']);
     }
     if (isset($_GET['dsp'])) {
         $parms .= '&dsp=' . sanitize_numeric($_GET['dsp']);
     }
     $action = WEBPATH . '/' . ZENFOLDER . '/full-image.php?userlog=1&a=' . pathurlencode($album8) . '&i=' . urlencode($image8) . $parms;
     printPasswordForm($hint, true, $_zp_gallery->getUserLogonField() || $show, $action);
     exit;
 }
Example #14
0
    $offer = $_GET['ticket'];
    $admins = getAdministrators();
    $admin = array_shift($admins);
    $req = getOption('admin_reset_date');
    $adm = $admin['user'];
    $pas = $admin['pass'];
    $ref = md5($req . $adm . $pas);
    if ($ref === $offer) {
        if (time() <= $req + 3 * 24 * 60 * 60) {
            // you have one week to use the request
            setOption('admin_reset_date', NULL);
        }
    }
}
if (!isset($_POST['login'])) {
    $_zp_loggedin = checkAuthorization(zp_getCookie('zenphoto_auth'));
    if (!$_zp_loggedin) {
        // Clear the cookie
        zp_setcookie("zenphoto_auth", "", time() - 368000, $cookiepath);
    }
} else {
    // Handle the login form.
    if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) {
        $post_user = sanitize($_POST['user'], 3);
        $post_pass = sanitize($_POST['pass'], 3);
        $redirect = sanitize_path($_POST['redirect']);
        if ($_zp_loggedin = checkLogon($post_user, $post_pass)) {
            zp_setcookie("zenphoto_auth", passwordHash($post_user, $post_pass), time() + COOKIE_PESISTENCE, $cookiepath);
            if (!empty($redirect)) {
                header("Location: " . FULLWEBPATH . '/' . $redirect);
            }
Example #15
0
 /**
  * Checks saved cookies to see if a user is logged in
  */
 function checkCookieCredentials()
 {
     list($auth, $id) = explode('.', zp_getCookie('zp_user_auth') . '.');
     $loggedin = $this->checkAuthorization($auth, (int) $id);
     $loggedin = zp_apply_filter('authorization_cookie', $loggedin, $auth, $id);
     if ($loggedin) {
         return $loggedin;
     }
     zp_clearCookie("zp_user_auth");
     return NULL;
 }
Example #16
0
 /**
  * Checks saved cookies to see if a user is logged in
  */
 function checkCookieCredentials()
 {
     if (getOption('strong_hash')) {
         $hashlen = 40;
     } else {
         $hashlen = 32;
     }
     $auth = zp_getCookie('zenphoto_auth');
     if (strlen($auth) > $hashlen) {
         $id = substr($auth, $hashlen);
         $auth = substr($auth, 0, $hashlen);
     } else {
         $id = NULL;
     }
     $_zp_loggedin = $this->checkAuthorization($auth, $id);
     if ($_zp_loggedin) {
         return $_zp_loggedin;
     } else {
         zp_setCookie("zenphoto_auth", "", -368000);
         return false;
     }
 }
 /**
  * Checks if user is allowed to access the page
  * @param $hint
  * @param $show
  */
 function checkforGuest(&$hint = NULL, &$show = NULL)
 {
     if (!parent::checkForGuest()) {
         return false;
     }
     $pageobj = $this;
     $hash = $pageobj->getPassword();
     while (empty($hash) && !is_null($pageobj)) {
         $parentID = $pageobj->getParentID();
         if (empty($parentID)) {
             $pageobj = NULL;
         } else {
             $sql = 'SELECT `titlelink` FROM ' . prefix('pages') . ' WHERE `id`=' . $parentID;
             $result = query_single_row($sql);
             $pageobj = new ZenpagePage($result['titlelink']);
             $hash = $pageobj->getPassword();
         }
     }
     if (empty($hash)) {
         // no password required
         return 'zp_public_access';
     } else {
         $authType = "zp_page_auth_" . $pageobj->get('id');
         $saved_auth = zp_getCookie($authType);
         if ($saved_auth == $hash) {
             return $authType;
         } else {
             $user = $pageobj->getUser();
             $show = !empty($user);
             $hint = $pageobj->getPasswordHint();
             return false;
         }
     }
 }
function zp_handle_comment()
{
    global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_zenpage_news, $_zp_current_zenpage_page;
    $activeImage = false;
    $comment_error = 0;
    $cookie = zp_getCookie('zenphoto_comment');
    if (isset($_POST['comment'])) {
        if (in_context(ZP_ALBUM) || in_context(ZP_ZENPAGE_NEWS_ARTICLE) || in_context(ZP_ZENPAGE_PAGE)) {
            if (isset($_POST['name'])) {
                $p_name = sanitize($_POST['name'], 3);
            } else {
                $p_name = NULL;
            }
            if (isset($_POST['email'])) {
                $p_email = sanitize($_POST['email'], 3);
            } else {
                $p_email = NULL;
            }
            if (isset($_POST['website'])) {
                $p_website = sanitize($_POST['website'], 3);
            } else {
                $p_website = NULL;
            }
            if (isset($_POST['comment'])) {
                $p_comment = sanitize($_POST['comment'], 1);
            } else {
                $p_comment = '';
            }
            $p_server = getUserIP();
            if (isset($_POST['code'])) {
                $code1 = sanitize($_POST['code'], 3);
                $code2 = sanitize($_POST['code_h'], 3);
            } else {
                $code1 = '';
                $code2 = '';
            }
            $p_private = isset($_POST['private']);
            $p_anon = isset($_POST['anon']);
            if (isset($_POST['imageid'])) {
                //used (only?) by the tricasa hack to know which image the client is working with.
                $activeImage = zp_load_image_from_id(sanitize_numeric($_POST['imageid']));
                if ($activeImage !== false) {
                    $commentadded = $activeImage->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon);
                    $redirectTo = $activeImage->getImageLink();
                }
            } else {
                if (in_context(ZP_IMAGE) and in_context(ZP_ALBUM)) {
                    $commentobject = $_zp_current_image;
                    $redirectTo = $_zp_current_image->getImageLink();
                } else {
                    if (!in_context(ZP_IMAGE) and in_context(ZP_ALBUM)) {
                        $commentobject = $_zp_current_album;
                        $redirectTo = $_zp_current_album->getAlbumLink();
                    } else {
                        if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
                            $commentobject = $_zp_current_zenpage_news;
                            $redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_zenpage_news->getTitlelink();
                        } else {
                            if (in_context(ZP_ZENPAGE_PAGE)) {
                                $commentobject = $_zp_current_zenpage_page;
                                $redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_zenpage_page->getTitlelink();
                            }
                        }
                    }
                }
                $commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon);
            }
            $comment_error = $commentadded->getInModeration();
            $_zp_comment_stored = array($commentadded->getName(), $commentadded->getEmail(), $commentadded->getWebsite(), $commentadded->getComment(), false, $commentadded->getPrivate(), $commentadded->getAnon(), $commentadded->getCustomData());
            if (isset($_POST['remember'])) {
                $_zp_comment_stored[4] = true;
            }
            if (!$comment_error) {
                if (isset($_POST['remember'])) {
                    // Should always re-cookie to update info in case it's changed...
                    $_zp_comment_stored[3] = '';
                    // clear the comment itself
                    zp_setCookie('zenphoto_comment', implode('|~*~|', $_zp_comment_stored), NULL, '/');
                } else {
                    zp_setCookie('zenphoto_comment', '', -368000, '/');
                }
                //use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour)
                if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) {
                    // but not for Microsoft IIS because that server fails if we redirect!
                    header('Location: ' . $redirectTo);
                    exit;
                }
            } else {
                $comment_error++;
                if ($activeImage !== false and !in_context(ZP_ZENPAGE_NEWS_ARTICLE) and !in_context(ZP_ZENPAGE_PAGE)) {
                    // tricasa hack? Set the context to the image on which the comment was posted
                    $_zp_current_image = $activeImage;
                    $_zp_current_album = $activeImage->getAlbum();
                    add_context(ZP_ALBUM | ZP_INDEX);
                }
            }
        }
        return $commentadded->comment_error_text;
    } else {
        if (!empty($cookie)) {
            // Comment form was not submitted; get the saved info from the cookie.
            $_zp_comment_stored = explode('|~*~|', stripslashes($cookie));
            $_zp_comment_stored[4] = true;
            if (!isset($_zp_comment_stored[5])) {
                $_zp_comment_stored[5] = false;
            }
            if (!isset($_zp_comment_stored[6])) {
                $_zp_comment_stored[6] = false;
            }
            if (!isset($_zp_comment_stored[7])) {
                $_zp_comment_stored[7] = false;
            }
        } else {
            $_zp_comment_stored = array('', '', '', '', false, false, false, false);
        }
    }
    return false;
}
Example #19
0
/**
 * Sets the locale, etc. to the zenphoto domain details.
 * Returns the result of setupCurrentLocale()
 *
 */
function setMainDomain()
{
    global $_zp_current_admin_obj, $_zp_current_locale;
    if (DEBUG_LOCALE) {
        debugLogBackTrace("setMainDomain()");
    }
    if (isset($_REQUEST['locale'])) {
        $_zp_current_locale = validateLocale(sanitize($_REQUEST['locale']), isset($_POST['locale']) ? 'POST' : 'URI string');
        if ($_zp_current_locale) {
            zp_setCookie('dynamic_locale', $_zp_current_locale);
        } else {
            zp_clearCookie('dynamic_locale');
        }
        if (DEBUG_LOCALE) {
            debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale']) . "=>{$_zp_current_locale}");
        }
    } else {
        $matches = explode('.', @$_SERVER['HTTP_HOST']);
        $_zp_current_locale = validateLocale($matches[0], 'HTTP_HOST');
        if ($_zp_current_locale && zp_getCookie('dynamic_locale')) {
            zp_clearCookie('dynamic_locale');
        }
        if (DEBUG_LOCALE) {
            debugLog("dynamic_locale from HTTP_HOST: " . sanitize($matches[0]) . "=>{$_zp_current_locale}");
        }
    }
    if (!$_zp_current_locale && is_object($_zp_current_admin_obj)) {
        $_zp_current_locale = $_zp_current_admin_obj->getLanguage();
        if (DEBUG_LOCALE) {
            debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $_zp_current_locale);
        }
        if (empty($localeOption) && empty($_zp_current_locale)) {
            // if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE'
            $languageSupport = generateLanguageList();
            $userLang = parseHttpAcceptLanguage();
            foreach ($userLang as $lang) {
                $l = strtoupper($lang['fullcode']);
                $_zp_current_locale = validateLocale($l, 'HTTP Accept Language');
                if ($_zp_current_locale) {
                    break;
                }
            }
        } else {
            if (empty($_zp_current_locale)) {
                $_zp_current_locale = $localeOption;
            }
        }
    }
    if (empty($_zp_current_locale)) {
        // return "default" language, English if allowed, otherwise whatever is the "first" allowed language
        $languageSupport = generateLanguageList();
        if (defined('BASE_LOCALE')) {
            $loc = BASE_LOCALE;
        } else {
            $loc = 'en_US';
        }
        if (empty($languageSupport) || in_array($loc, $languageSupport)) {
            $_zp_current_locale = $loc;
        } else {
            $_zp_current_locale = array_shift($languageSupport);
        }
        if (DEBUG_LOCALE) {
            debugLog("locale from language list: " . $_zp_current_locale);
        }
    } else {
        setOption('locale', $_zp_current_locale, false);
    }
    if (DEBUG_LOCALE) {
        debugLog("getUserLocale Returning locale: " . $_zp_current_locale);
    }
    return setupCurrentLocale($_zp_current_locale);
}
Example #20
0
?>
</h1>
					<script type="text/javascript">
						$().ready(function () {
							var elf = $('#elfinder').elfinder({
								lang: '<?php 
echo $locale;
?>
', // language (OPTIONAL)
								customData: {
									'XSRFToken': '<?php 
echo getXSRFToken('elFinder');
?>
',
									'zp_user_auth': '<?php 
echo zp_getCookie('zp_user_auth');
?>
',
<?php 
if ($theme) {
    if (zp_loggedin(THEMES_RIGHTS) && is_dir(SERVERPATH . '/' . THEMEFOLDER . '/' . $theme)) {
        ?>
											'themeEdit': '<?php 
        echo $theme;
        ?>
',
		<?php 
    }
} else {
    $theme = false;
}
Example #21
0
function processEditSelection($subtab)
{
    global $subalbum_nesting, $album_nesting, $imagesTab_imageCount;
    if (isset($_GET['selection'])) {
        switch ($subtab) {
            case '':
                $album_nesting = max(1, sanitize_numeric($_GET['selection']));
                zp_setCookie('gallery_nesting', $album_nesting);
                break;
            case 'subalbuminfo':
                $subalbum_nesting = max(1, sanitize_numeric($_GET['selection']));
                zp_setCookie('subalbum_nesting', $subalbum_nesting);
                break;
            case 'imageinfo':
                $imagesTab_imageCount = max(ADMIN_IMAGES_STEP, sanitize_numeric($_GET['selection']));
                zp_setCookie('imagesTab_imageCount', $imagesTab_imageCount);
                break;
        }
    } else {
        switch ($subtab) {
            case '':
                $album_nesting = zp_getCookie('gallery_nesting');
                break;
            case 'subalbuminfo':
                $subalbum_nesting = zp_getCookie('subalbum_nesting');
                break;
            case 'imageinfo':
                $count = zp_getCookie('imagesTab_imageCount');
                if ($count) {
                    $imagesTab_imageCount = $count;
                }
                break;
        }
    }
}
Example #22
0
    /**
     *
     * places a link on the theme page to switch to or from the mobile theme
     * @param string $text link text
     */
    static function controlLink($text = NULL, $before = NULL, $after = Null)
    {
        $detect = new mobile();
        if ($detect->isMobile()) {
            if (zp_getCookie('mobileTheme_disable')) {
                if (is_null($text)) {
                    $text = gettext('View the mobile gallery');
                }
                $enable = 'on';
            } else {
                if (is_null($text)) {
                    $text = gettext('View the normal gallery');
                }
                $enable = 'off';
            }
            if ($before) {
                echo '<span class="beforetext">' . html_encode($before) . '</span>';
            }
            ?>
			<span class="mobileThemeControlLink">
				<a href="?mobileTheme=<?php 
            echo $enable;
            ?>
" rel="external">
					<?php 
            echo html_encode($text);
            ?>
				</a>
			</span>
			<?php 
            if ($after) {
                echo '<span class="aftertext">' . html_encode($after) . '</span>';
            }
        }
    }
Example #23
0
}
if (defined('VIEW_ALL_RIGHTS')) {
    define('ALL_ALBUMS_RIGHTS', VIEW_ALL_RIGHTS);
    define('ALL_PAGES_RIGHTS', VIEW_ALL_RIGHTS);
    define('ALL_NEWS_RIGHTS', VIEW_ALL_RIGHTS);
    define('VIEW_SEARCH_RIGHTS', NO_RIGHTS);
    define('VIEW_GALLERY_RIGHTS', NO_RIGHTS);
    define('VIEW_FULLIMAGE_RIGHTS', NO_RIGHTS);
} else {
    define('VIEW_ALL_RIGHTS', ALL_ALBUMS_RIGHTS | ALL_PAGES_RIGHTS | ALL_NEWS_RIGHTS);
}
// If the auth variable gets set somehow before this, get rid of it.
$_zp_loggedin = false;
// we have the ssl marker cookie, normally we are already logged in
// but we need to redirect to ssl to retrive the auth cookie (set as secure).
if (zp_getCookie('zenphoto_ssl') && !secureServer()) {
    $redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI();
    header("Location:{$redirect}");
    exitZP();
}
if (isset($_POST['login'])) {
    //	Handle the login form.
    if (secureServer()) {
        // https: set the 'zenphoto_ssl' marker for redirection
        zp_setCookie("zenphoto_ssl", "needed");
    }
    $_zp_loggedin = $_zp_authority->handleLogon();
    if ($_zp_loggedin) {
        if (isset($_POST['redirect'])) {
            $redirect = sanitizeRedirect($_POST['redirect']);
            if (!empty($redirect)) {
/**
 * Returns a saved (or posted) locale. Posted locales are stored as a cookie.
 *
 * Sets the 'locale' option to the result (non-persistent)
 */
function getUserLocale()
{
    global $_zp_current_admin_obj;
    if (DEBUG_LOCALE) {
        debugLogBackTrace("getUserLocale()");
    }
    if (isset($_REQUEST['locale'])) {
        if (isset($_POST['locale'])) {
            $locale = validateLocale(sanitize($_POST['locale'], 0), 'POST');
        } else {
            $locale = validateLocale(sanitize($_GET['locale'], 0), 'URI string');
        }
        if ($locale) {
            zp_setCookie('dynamic_locale', $locale);
        }
        if (DEBUG_LOCALE) {
            debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale'], 0) . "=>{$locale}");
        }
    } else {
        $locale = false;
    }
    if (!$locale && is_object($_zp_current_admin_obj)) {
        $locale = $_zp_current_admin_obj->getLanguage();
        if (DEBUG_LOCALE) {
            debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $locale);
        }
        if (empty($localeOption) && empty($locale)) {
            // if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE'
            $languageSupport = generateLanguageList();
            $userLang = parseHttpAcceptLanguage();
            foreach ($userLang as $lang) {
                $l = strtoupper($lang['fullcode']);
                $locale = validateLocale($l, 'HTTP Accept Language');
                if ($locale) {
                    break;
                }
            }
        } else {
            if (empty($locale)) {
                $locale = $localeOption;
            }
        }
    }
    if (empty($locale)) {
        // return "default" language, English if allowed, otherwise whatever is the "first" allowed language
        $languageSupport = generateLanguageList();
        if (in_array('en_US', $languageSupport)) {
            $locale = 'en_US';
        } else {
            $locale = array_shift($languageSupport);
        }
    } else {
        setOption('locale', $locale, false);
    }
    if (DEBUG_LOCALE) {
        debugLog("getUserLocale Returning locale: " . $locale);
    }
    return $locale;
}
Example #25
0
 /**
  * Returns a canonical language name string for the location
  *
  * @param string $loc the location. If NULL use the current cookie
  * @param string separator will be used between the major and qualifier parts, e.g. en_US
  *
  * @return string
  */
 static function getLanguageText($loc = NULL, $separator = NULL)
 {
     global $_locale_Subdomains;
     if (is_null($loc)) {
         $text = @$_locale_Subdomains[zp_getCookie('dynamic_locale')];
     } else {
         $text = @$_locale_Subdomains[$loc];
     }
     if (!is_null($separator)) {
         $text = str_replace('_', $separator, $text);
     }
     return $text;
 }
Example #26
0
<?php

define('ALBUMCOLUMNS', 3);
define('IMAGECOLUMNS', 5);
if (!defined('WEBPATH')) {
    die;
}
$_noFlash = false;
if (($personality = getOption('Theme_personality')) != "Simpleviewer" || !getOption('mod_rewrite')) {
    $_noFlash = true;
} else {
    // Simpleviewer initialization stuff
    if (isset($_GET['noflash'])) {
        $_noFlash = true;
        zp_setcookie("noFlash", "noFlash");
    } elseif (zp_getCookie("noFlash") != '') {
        $_noFlash = true;
    }
    // Change the Simpleviewer configuration here
    $maxImageWidth = "600";
    $maxImageHeight = "600";
    $preloaderColor = "0xFFFFFF";
    $textColor = "0xFFFFFF";
    $frameColor = "0xFFFFFF";
    $frameWidth = "10";
    $stagePadding = "20";
    $thumbnailColumns = "3";
    $thumbnailRows = "5";
    $navPosition = "left";
    $enableRightClickOpen = "true";
    $backgroundImagePath = "";
Example #27
0
    /**
     *
     * places a link on the theme page to switch to or from the mobile theme
     * @param string $text link text
     */
    static function controlLink($text = NULL, $before = NULL, $after = Null)
    {
        $detect = new mobile();
        if ($detect->isMobile()) {
            if (zp_getCookie('mobileTheme_disable')) {
                if (is_null($text)) {
                    $text = gettext('View the mobile gallery');
                }
                $enable = 'on';
            } else {
                if (is_null($text)) {
                    $text = gettext('View the normal gallery');
                }
                $enable = 'off';
            }
            if ($before) {
                echo '<span class="beforetext">' . html_encode($before) . '</span>';
            }
            if (MOD_REWRITE) {
                $link = '?mobileTheme=' . $enable;
            } else {
                global $_zp_gallery_page, $_zp_current_images, $_zp_current_album, $_zp_current_zenpage_news, $_zp_current_category, $_zp_current_zenpage_page;
                switch ($_zp_gallery_page) {
                    case 'index.php':
                        $link = 'index.php?mobileTheme=' . $enable;
                        break;
                    case 'gallery.php':
                        $link = 'index.php?p=gallery&amp;mobileTheme=' . $enable;
                        break;
                    case 'album.php':
                        $link = pathurlencode($_zp_current_album->getLink(null)) . '&amp;mobileTheme=' . $enable;
                        break;
                    case 'image.php':
                        $link = pathurlencode($_zp_current_image->getLink(null)) . '&amp;mobileTheme=' . $enable;
                        break;
                    case 'news.php':
                        if (is_NewsArticle()) {
                            $link = html_encode($_zp_current_zenpage_news->getLink(null)) . '&amp;mobileTheme=' . $enable;
                        } else {
                            if (is_NewsCategory()) {
                                $link = html_encode($_zp_current_category->getLink(null)) . '&amp;mobileTheme=' . $enable;
                            } else {
                                $link = html_encode(getNewsIndexURL()) . '&amp;mobileTheme=' . $enable;
                            }
                        }
                        break;
                    case 'pages.php':
                        $link = html_encode($_zp_current_zenpage_page->getLink()) . '&amp;mobileTheme=' . $enable;
                        break;
                    default:
                        $link = html_encode($_zp_gallery_page) . '?mobileTheme=' . $enable;
                        break;
                }
            }
            ?>
			<span class="mobileThemeControlLink">
				
				<a href="<?php 
            echo $link;
            ?>
" rel="external">
					<?php 
            echo html_encode($text);
            ?>
				</a>
			</span>
			<?php 
            if ($after) {
                echo '<span class="aftertext">' . html_encode($after) . '</span>';
            }
        }
    }
Example #28
0
/**
 * recovers search parameters from stored cookie, clears the cookie
 *
 * @param string $what the page type
 * @param string $album Name of the album
 * @param string $image Name of the image
 */
function handleSearchParms($what, $album = NULL, $image = NULL)
{
    global $_zp_current_search, $zp_request;
    $cookiepath = WEBPATH;
    if (WEBPATH == '') {
        $cookiepath = '/';
    }
    if (is_null($album)) {
        if (is_object($zp_request)) {
            $reset = get_class($zp_request) != 'SearchEngine';
        } else {
            $reset = $zp_request;
        }
        if ($reset) {
            // clear the cookie if no album and not a search
            if (!isset($_REQUEST['preserve_serch_params'])) {
                zp_setcookie("zenphoto_image_search_params", "", time() - 368000, $cookiepath);
            }
            return;
        }
    }
    $context = get_context();
    $params = zp_getCookie('zenphoto_image_search_params');
    if (!empty($params)) {
        $_zp_current_search = new SearchEngine();
        $_zp_current_search->setSearchParams($params);
        // check to see if we are still "in the search context"
        if (!is_null($image)) {
            if ($_zp_current_search->getImageIndex($album->name, $image->filename) !== false) {
                $context = $context | ZP_SEARCH_LINKED | ZP_IMAGE_LINKED;
            }
        }
        if (!is_null($album)) {
            $albumname = $album->name;
            $albumlist = $_zp_current_search->getAlbums(0);
            foreach ($albumlist as $searchalbum) {
                if (strpos($albumname, $searchalbum) !== false) {
                    $context = $context | ZP_SEARCH_LINKED | ZP_ALBUM_LINKED;
                    break;
                }
            }
        }
        if ($context & ZP_SEARCH_LINKED) {
            set_context($context);
        } else {
            $_zp_current_search = null;
        }
    }
}
Example #29
0
" title="<?php 
        echo gettext('Albums Index');
        ?>
"><?php 
        printGalleryTitle();
        ?>
</a> |
										<?php 
    }
    printGalleryTitle();
    ?>
</a> |
									<?php 
    if (is_null($_zp_current_album)) {
        $search = new SearchEngine();
        $params = trim(zp_getCookie('zenphoto_search_params'));
        $search->setSearchParams($params);
        $images = $search->getImages(0);
        $searchwords = $search->getSearchWords();
        $searchdate = $search->getSearchDate();
        $searchfields = $search->getSearchFields(true);
        $page = $search->page;
        $returnpath = getSearchURL($searchwords, $searchdate, $searchfields, $page);
        echo '<a href=' . html_encode($returnpath) . '><em>' . gettext('Search') . '</em></a> | ';
    } else {
        printParentBreadcrumb();
        printAlbumBreadcrumb("", " | ");
    }
    ?>
 </span>
								Slideshow
/**
 * Checks to see if a password is needed
 * displays a password form if log-on is required
 *
 * Returns true if a login form has been displayed
 *
 * The password protection is hereditary. This normally only impacts direct url access to an album or image since if
 * you are going down the tree you will be stopped at the first place a password is required.
 *
 * If the gallery is password protected then every album & image will require that password.
 *
 * If an album is password protected then all subalbums and images treed below that album will require
 * the password. If there are multiple passwords in the tree and you direct link, the password that is
 * required will be that of the nearest parent that has a password. (The gallery is the ur-parrent to all
 * albums.)
 *
 * @param bool $silent set to true to inhibit the logon form
 * @return bool
 * @since 1.1.3
 */
function checkforPassword($silent = false)
{
    global $_zp_current_album, $_zp_current_search, $_zp_gallery, $_zp_loggedin;
    if (zp_loggedin(MAIN_RIGHTS | VIEWALL_RIGHTS | ALL_ALBUMS_RIGHTS)) {
        return false;
    }
    // you're the admin, you don't need the passwords.
    if (in_context(ZP_SEARCH)) {
        // search page
        $hash = getOption('search_password');
        $show = getOption('search_user') != '';
        $hint = get_language_string(getOption('search_hint'));
        $authType = 'zp_search_auth';
        if (empty($hash)) {
            $hash = getOption('gallery_password');
            $show = getOption('gallery_user') != '';
            $hint = get_language_string(getOption('gallery_hint'));
            $authType = 'zp_gallery_auth';
        }
        if (!empty($hash)) {
            if (zp_getCookie($authType) != $hash) {
                if (!$silent) {
                    printPasswordForm($hint, true, getOption('login_user_field') || $show);
                }
                return true;
            }
        }
    } else {
        if (isset($_GET['album'])) {
            // album page
            list($album, $image) = rewrite_get_album_image('album', 'image');
            if (checkAlbumPassword($album, $hint)) {
                return false;
            } else {
                if (!$silent) {
                    $alb = new Album($_zp_gallery, $album);
                    printPasswordForm($hint, true, getOption('login_user_field') || $alb->getUser() != '');
                }
                return true;
            }
        } else {
            // index page
            if ($_zp_loggedin) {
                return false;
            }
            $hash = getOption('gallery_password');
            $hint = get_language_string(getOption('gallery_hint'));
            if (!empty($hash)) {
                if (zp_getCookie('zp_gallery_auth') != $hash) {
                    if (!$silent) {
                        printPasswordForm($hint, true, getOption('login_user_field') || getOption('gallery_user') != '');
                    }
                    return true;
                }
            }
        }
    }
    return false;
}