Example #1
0
 static function load_request($allow)
 {
     $uri = getRequestURI();
     $parts = explode('?', $uri);
     $uri = $parts[0];
     $path = ltrim(substr($uri, strlen(WEBPATH) + 1), '/');
     if (empty($path)) {
         return $allow;
     } else {
         $rest = strpos($path, '/');
         if ($rest === false) {
             if (strpos($path, '?') === 0) {
                 // only a parameter string
                 return $allow;
             }
             $l = $path;
         } else {
             $l = substr($path, 0, $rest);
         }
     }
     $locale = validateLocale($l, 'seo_locale');
     if ($locale) {
         // set the language cookie and redirect to the "base" url
         zp_setCookie('dynamic_locale', $locale);
         $uri = pathurlencode(preg_replace('|/' . $l . '[/$]|', '/', $uri));
         if (isset($parts[1])) {
             $uri .= '?' . $parts[1];
         }
         header("HTTP/1.0 302 Found");
         header("Status: 302 Found");
         header('Location: ' . $uri);
         exitZP();
     }
     return $allow;
 }
Example #2
0
 static function invalidate($cookies)
 {
     global $_zp_loggedin, $_zp_current_admin_obj;
     if (zp_getCookie('cookieInvalidator') != ($newBase = getOption('cookieInvalidator_base'))) {
         foreach ($cookies as $cookie => $value) {
             zp_clearCookie($cookie);
         }
         zp_setCookie('cookieInvalidator', $newBase);
         $_zp_current_admin_obj = $_zp_loggedin = NULL;
     }
 }
Example #3
0
function filterLocale_load_request($allow)
{
    $uri = urldecode(sanitize($_SERVER['REQUEST_URI'], 0));
    $path = substr($uri, strlen(WEBPATH) + 1);
    $path = str_replace('\\', '/', $path);
    if (substr($path, 0, 1) == '/') {
        $path = substr($path, 1);
    }
    if (empty($path)) {
        return $allow;
    } else {
        $rest = strpos($path, '/');
        if ($rest === false) {
            if (strpos($path, '?') === 0) {
                // only a parameter string
                return $allow;
            }
            $l = $path;
        } else {
            $l = substr($path, 0, $rest);
        }
    }
    $locale = validateLocale($l, 'seo_locale');
    if ($locale) {
        // set the language cookie and redirect to the "base" url
        zp_setCookie('dynamic_locale', $locale);
        if (substr($path, -1, 1) == '/') {
            $path = substr($path, 0, strlen($path) - 1);
        }
        $path = FULLWEBPATH . substr($path, strlen($l));
        header("HTTP/1.0 302 Found");
        header("Status: 302 Found");
        header('Location: ' . $path);
        exit;
    }
    return $allow;
}
Example #4
0
 /**
  * Set log-in cookie for a user
  * @param object $user
  */
 static function logUser($user)
 {
     $user->set('lastloggedin', $user->get('loggedin'));
     $user->set('loggedin', date('Y-m-d H:i:s'));
     $user->save();
     zp_setCookie("zp_user_auth", $user->getPass() . '.' . $user->getID(), NULL, NULL, secureServer());
 }
Example #5
0
require_once dirname(__FILE__) . '/admin-globals.php';
admin_securityChecks(UPLOAD_RIGHTS | FILES_RIGHTS, $return = currentRelativeURL());
if (isset($_GET['page'])) {
    $page = sanitize($_GET['page']);
} else {
    $link = $zenphoto_tabs['upload']['link'];
    if (strpos($link, 'admin-upload.php') == false) {
        header('location: ' . $link);
        exitZP();
    }
    $page = "upload";
    $_GET['page'] = 'upload';
}
if (isset($_GET['type'])) {
    $uploadtype = sanitize($_GET['tab']);
    zp_setCookie('uploadtype', $uploadtype);
} else {
    $uploadtype = zp_getcookie('uploadtype');
    $_GET['tab'] = $uploadtype;
}
$handlers = array_keys($uploadHandlers = zp_apply_filter('upload_handlers', array()));
if (!zp_loggedin(UPLOAD_RIGHTS) || empty($handlers)) {
    //	redirect to the files page if present
    if (isset($zenphoto_tabs['upload']['subtabs'])) {
        header('location: ' . array_shift($zenphoto_tabs['upload']['subtabs']));
        exitZP();
    }
    $handlers = array();
}
if (count($handlers) > 0) {
    if (!isset($uploadHandlers[$uploadtype]) || !file_exists($uploadHandlers[$uploadtype] . '/upload_form.php')) {
Example #6
0
/**
 *
 * Handles the POSTing of a comment
 * @return NULL|boolean
 */
function comment_form_handle_comment()
{
    global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_article, $_zp_current_page, $_zp_HTML_cache;
    $comment_error = 0;
    $cookie = zp_getCookie('zenphoto_comment');
    if (isset($_POST['comment']) && (!isset($_POST['username']) || empty($_POST['username']))) {
        // 'username' is a honey-pot trap
        /*
         * do not save the post page in the cache
         * Also the cache should be cleared so that a new page is saved at the first non-comment posting viewing.
         * But this has to wait until processing is finished to avoid race conditions.
         */
        $_zp_HTML_cache->disable();
        if (in_context(ZP_IMAGE)) {
            $commentobject = $_zp_current_image;
            $redirectTo = $_zp_current_image->getLink();
        } else {
            if (in_context(ZP_ALBUM)) {
                $commentobject = $_zp_current_album;
                $redirectTo = $_zp_current_album->getLink();
            } else {
                if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
                    $commentobject = $_zp_current_article;
                    $redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_article->getTitlelink();
                } else {
                    if (in_context(ZP_ZENPAGE_PAGE)) {
                        $commentobject = $_zp_current_page;
                        $redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_page->getTitlelink();
                    } else {
                        $commentobject = NULL;
                        $error = gettext('Comment posted on unknown page!');
                    }
                }
            }
        }
        if (is_object($commentobject)) {
            if (isset($_POST['name'])) {
                $p_name = sanitize($_POST['name'], 3);
            } else {
                $p_name = NULL;
            }
            if (isset($_POST['email'])) {
                $p_email = sanitize($_POST['email'], 3);
                if (!is_valid_email_zp($p_email)) {
                    $p_email = NULL;
                }
            } else {
                $p_email = NULL;
            }
            if (isset($_POST['website'])) {
                $p_website = sanitize($_POST['website'], 3);
                if ($p_website && strpos($p_website, 'http') !== 0) {
                    $p_website = 'http://' . $p_website;
                }
                if (!isValidURL($p_website)) {
                    $p_website = NULL;
                }
            } else {
                $p_website = NULL;
            }
            if (isset($_POST['comment'])) {
                $p_comment = sanitize($_POST['comment'], 1);
            } else {
                $p_comment = '';
            }
            $p_server = getUserIP();
            if (isset($_POST['code'])) {
                $code1 = sanitize($_POST['code'], 3);
                $code2 = sanitize($_POST['code_h'], 3);
            } else {
                $code1 = '';
                $code2 = '';
            }
            $p_private = isset($_POST['private']);
            $p_anon = isset($_POST['anon']);
            $commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon, serialize(getCommentAddress(0)));
            $comment_error = $commentadded->getInModeration();
            $_zp_comment_stored = array('name' => $commentadded->getName(), 'email' => $commentadded->getEmail(), 'website' => $commentadded->getWebsite(), 'comment' => $commentadded->getComment(), 'saved' => isset($_POST['remember']), 'private' => $commentadded->getPrivate(), 'anon' => $commentadded->getAnon(), 'custom' => $commentadded->getCustomData());
            if ($comment_error) {
                $error = $commentadded->comment_error_text;
                $comment_error++;
            } else {
                $_zp_HTML_cache->clearHtmlCache();
                $error = NULL;
                if (isset($_POST['remember'])) {
                    // Should always re-cookie to update info in case it's changed...
                    $_zp_comment_stored['comment'] = '';
                    // clear the comment itself
                    zp_setCookie('zenphoto_comment', serialize($_zp_comment_stored));
                } else {
                    zp_clearCookie('zenphoto_comment');
                }
                //use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour)
                if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) {
                    // but not for Microsoft IIS because that server fails if we redirect!
                    header('Location: ' . $redirectTo . '#zp_comment_id_' . $commentadded->getId());
                    exitZP();
                }
            }
        }
        return $error;
    } else {
        if (!empty($cookie)) {
            $cookiedata = getSerializedArray($cookie);
            if (count($cookiedata) > 1) {
                $_zp_comment_stored = $cookiedata;
            }
        }
    }
    return false;
}
Example #7
0
 setOption('charset', sanitize($_POST['charset']), 3);
 setOption('site_email', sanitize($_POST['site_email']), 3);
 $_zp_gallery->setGallerySession((int) isset($_POST['album_session']));
 $_zp_gallery->save();
 if (isset($_POST['zenphoto_cookie_path'])) {
     $p = sanitize($_POST['zenphoto_cookie_path']);
     if (empty($p)) {
         zp_clearCookie('zenphoto_cookie_path');
     } else {
         $p = '/' . trim($p, '/') . '/';
         if ($p == '//') {
             $p = '/';
         }
         //	save a cookie to see if change works
         $returntab .= '&cookiepath';
         zp_setCookie('zenphoto_cookie_path', $p, NULL, $p);
     }
     setOption('zenphoto_cookie_path', $p);
     if (isset($_POST['cookie_persistence'])) {
         setOption('cookie_persistence', sanitize_numeric($_POST['cookie_persistence']));
     }
 }
 setOption('site_email_name', process_language_string_save('site_email_name', 3));
 setOption('users_per_page', sanitize_numeric($_POST['users_per_page']));
 setOption('plugins_per_page', sanitize_numeric($_POST['plugins_per_page']));
 if (isset($_POST['articles_per_page'])) {
     setOption('articles_per_page', sanitize_numeric($_POST['articles_per_page']));
 }
 setOption('multi_lingual', (int) isset($_POST['multi_lingual']));
 $f = sanitize($_POST['date_format_list'], 3);
 if ($f == 'custom') {
/**
 *
 * Clears a cookie
 * @param string $name
 * @param string $path
 * @param bool $secure true if secure cookie
 */
function zp_clearCookie($name, $path = NULl, $secure = false)
{
    zp_setCookie($name, '', -368000, $path, $secure);
}
Example #9
0
/**
 * checks password posting
 *
 * @param string $authType override of athorization type
 */
function zp_handle_password($authType = NULL, $check_auth = NULL, $check_user = NULL)
{
    global $_zp_loggedin, $_zp_login_error, $_zp_current_album, $_zp_current_zenpage_page, $_zp_gallery;
    if (empty($authType)) {
        // not supplied by caller
        $check_auth = '';
        if (isset($_GET['z']) && @$_GET['p'] == 'full-image' || isset($_GET['p']) && $_GET['p'] == '*full-image') {
            $authType = 'zp_image_auth';
            $check_auth = getOption('protected_image_password');
            $check_user = getOption('protected_image_user');
        } else {
            if (in_context(ZP_SEARCH)) {
                // search page
                $authType = 'zp_search_auth';
                $check_auth = getOption('search_password');
                $check_user = getOption('search_user');
            } else {
                if (in_context(ZP_ALBUM)) {
                    // album page
                    $authType = "zp_album_auth_" . $_zp_current_album->getID();
                    $check_auth = $_zp_current_album->getPassword();
                    $check_user = $_zp_current_album->getUser();
                    if (empty($check_auth)) {
                        $parent = $_zp_current_album->getParent();
                        while (!is_null($parent)) {
                            $check_auth = $parent->getPassword();
                            $check_user = $parent->getUser();
                            $authType = "zp_album_auth_" . $parent->getID();
                            if (!empty($check_auth)) {
                                break;
                            }
                            $parent = $parent->getParent();
                        }
                    }
                } else {
                    if (in_context(ZP_ZENPAGE_PAGE)) {
                        $authType = "zp_page_auth_" . $_zp_current_zenpage_page->getID();
                        $check_auth = $_zp_current_zenpage_page->getPassword();
                        $check_user = $_zp_current_zenpage_page->getUser();
                        if (empty($check_auth)) {
                            $pageobj = $_zp_current_zenpage_page;
                            while (empty($check_auth)) {
                                $parentID = $pageobj->getParentID();
                                if ($parentID == 0) {
                                    break;
                                }
                                $sql = 'SELECT `titlelink` FROM ' . prefix('pages') . ' WHERE `id`=' . $parentID;
                                $result = query_single_row($sql);
                                $pageobj = new ZenpagePage($result['titlelink']);
                                $authType = "zp_page_auth_" . $pageobj->getID();
                                $check_auth = $pageobj->getPassword();
                                $check_user = $pageobj->getUser();
                            }
                        }
                    }
                }
            }
        }
        if (empty($check_auth)) {
            // anything else is controlled by the gallery credentials
            $authType = 'zp_gallery_auth';
            $check_auth = $_zp_gallery->getPassword();
            $check_user = $_zp_gallery->getUser();
        }
    }
    // Handle the login form.
    if (DEBUG_LOGIN) {
        debugLog("zp_handle_password: \$authType={$authType}; \$check_auth={$check_auth}; \$check_user={$check_user}; ");
    }
    if (isset($_POST['password']) && isset($_POST['pass'])) {
        // process login form
        if (isset($_POST['user'])) {
            $post_user = sanitize($_POST['user']);
        } else {
            $post_user = '';
        }
        $post_pass = $_POST['pass'];
        // We should not sanitize the password
        foreach (Zenphoto_Authority::$hashList as $hash => $hi) {
            $auth = Zenphoto_Authority::passwordHash($post_user, $post_pass, $hi);
            $success = $auth == $check_auth && $post_user == $check_user;
            if (DEBUG_LOGIN) {
                debugLog("zp_handle_password({$success}): \$post_user={$post_user}; \$post_pass={$post_pass}; \$check_auth={$check_auth}; \$auth={$auth}; \$hash={$hash};");
            }
            if ($success) {
                break;
            }
        }
        $success = zp_apply_filter('guest_login_attempt', $success, $post_user, $post_pass, $authType);
        if ($success) {
            // Correct auth info. Set the cookie.
            if (DEBUG_LOGIN) {
                debugLog("zp_handle_password: valid credentials");
            }
            zp_setCookie($authType, $auth);
            if (isset($_POST['redirect'])) {
                $redirect_to = sanitizeRedirect($_POST['redirect'], true);
                if (!empty($redirect_to)) {
                    header("Location: " . $redirect_to);
                    exitZP();
                }
            }
        } else {
            // Clear the cookie, just in case
            if (DEBUG_LOGIN) {
                debugLog("zp_handle_password: invalid credentials");
            }
            zp_clearCookie($authType);
            $_zp_login_error = true;
        }
        return;
    }
    if (empty($check_auth)) {
        //no password on record or admin logged in
        return;
    }
    if (($saved_auth = zp_getCookie($authType)) != '') {
        if ($saved_auth == $check_auth) {
            if (DEBUG_LOGIN) {
                debugLog("zp_handle_password: valid cookie");
            }
            return;
        } else {
            // Clear the cookie
            if (DEBUG_LOGIN) {
                debugLog("zp_handle_password: invalid cookie");
            }
            zp_clearCookie($authType);
        }
    }
}
Example #10
0
function processEditSelection($subtab)
{
    global $subalbum_nesting, $album_nesting, $imagesTab_imageCount;
    if (isset($_GET['selection'])) {
        switch ($subtab) {
            case '':
                $album_nesting = max(1, sanitize_numeric($_GET['selection']));
                zp_setCookie('gallery_nesting', $album_nesting);
                break;
            case 'subalbuminfo':
                $subalbum_nesting = max(1, sanitize_numeric($_GET['selection']));
                zp_setCookie('subalbum_nesting', $subalbum_nesting);
                break;
            case 'imageinfo':
                $imagesTab_imageCount = max(ADMIN_IMAGES_STEP, sanitize_numeric($_GET['selection']));
                zp_setCookie('imagesTab_imageCount', $imagesTab_imageCount);
                break;
        }
    } else {
        switch ($subtab) {
            case '':
                $album_nesting = zp_getCookie('gallery_nesting');
                break;
            case 'subalbuminfo':
                $subalbum_nesting = zp_getCookie('subalbum_nesting');
                break;
            case 'imageinfo':
                $count = zp_getCookie('imagesTab_imageCount');
                if ($count) {
                    $imagesTab_imageCount = $count;
                }
                break;
        }
    }
}
Example #11
0
 /**
  * Checks saved cookies to see if a user is logged in
  */
 function checkCookieCredentials()
 {
     if (getOption('strong_hash')) {
         $hashlen = 40;
     } else {
         $hashlen = 32;
     }
     $auth = zp_getCookie('zenphoto_auth');
     if (strlen($auth) > $hashlen) {
         $id = substr($auth, $hashlen);
         $auth = substr($auth, 0, $hashlen);
     } else {
         $id = NULL;
     }
     $_zp_loggedin = $this->checkAuthorization($auth, $id);
     if ($_zp_loggedin) {
         return $_zp_loggedin;
     } else {
         zp_setCookie("zenphoto_auth", "", -368000);
         return false;
     }
 }
Example #12
0
 static function post_processor()
 {
     global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message;
     //Handle registration
     if (isset($_POST['username']) && !empty($_POST['username'])) {
         $_notify = 'honeypot';
         // honey pot check
     }
     if (getOption('register_user_captcha')) {
         if (isset($_POST['code'])) {
             $code = sanitize($_POST['code'], 3);
             $code_ok = sanitize($_POST['code_h'], 3);
         } else {
             $code = '';
             $code_ok = '';
         }
         if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
             $_notify = 'invalidcaptcha';
         }
     }
     $admin_n = trim(sanitize($_POST['admin_name']));
     if (empty($admin_n)) {
         $_notify = 'incomplete';
     }
     if (isset($_POST['admin_email'])) {
         $admin_e = trim(sanitize($_POST['admin_email']));
     } else {
         $admin_e = trim(sanitize($_POST['user'], 0));
     }
     if (!is_valid_email_zp($admin_e)) {
         $_notify = 'invalidemail';
     }
     $pass = trim(sanitize($_POST['pass'], 0));
     $user = trim(sanitize($_POST['user'], 0));
     if (empty($pass)) {
         $_notify = 'empty';
     } else {
         if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
             if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) {
                 $currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
                 if (is_object($currentadmin)) {
                     $_notify = 'exists';
                 } else {
                     if ($_zp_authority->getAnAdmin(array('`email`=' => $admin_e, '`valid`=' => '1'))) {
                         $_notify = 'dup_email';
                     }
                 }
                 if (empty($_notify)) {
                     $userobj = $_zp_authority->newAdministrator('');
                     $userobj->transient = false;
                     $userobj->setUser($user);
                     $userobj->setPass($pass);
                     $userobj->setName($admin_n);
                     $userobj->setEmail($admin_e);
                     $userobj->setRights(0);
                     $userobj->setObjects(NULL);
                     $userobj->setGroup('');
                     $userobj->setCustomData('');
                     $userobj->setLanguage(getUserLocale());
                     if (extensionEnabled('userAddressFields')) {
                         $addresses = getOption('register_user_address_info');
                         $userinfo = register_user::getUserInfo(0);
                         $_comment_form_save_post = serialize($userinfo);
                         if ($addresses == 'required') {
                             if (!isset($userinfo['street']) || empty($userinfo['street'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the street field.');
                             }
                             if (!isset($userinfo['city']) || empty($userinfo['city'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the city field.');
                             }
                             if (!isset($userinfo['state']) || empty($userinfo['state'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the state field.');
                             }
                             if (!isset($userinfo['country']) || empty($userinfo['country'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the country field.');
                             }
                             if (!isset($userinfo['postal']) || empty($userinfo['postal'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the postal code field.');
                             }
                         }
                         zp_setCookie('reister_user_form_addresses', $_comment_form_save_post);
                         userAddressFields::setCustomData($userobj, $userinfo);
                     }
                     zp_apply_filter('register_user_registered', $userobj);
                     if ($userobj->transient) {
                         if (empty($_notify)) {
                             $_notify = 'filter';
                         }
                     } else {
                         $userobj->save();
                         if (MOD_REWRITE) {
                             $verify = '?verify=';
                         } else {
                             $verify = '&verify=';
                         }
                         $_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
                         $_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass);
                         $_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e));
                         if (empty($_notify)) {
                             $_notify = 'accepted';
                         }
                     }
                 }
             } else {
                 $_notify = 'mismatch';
             }
         } else {
             $_notify = 'incomplete';
         }
     }
 }
Example #13
0
    }
    static function active()
    {
        global $_showNotLoggedin_real_auth;
        if (is_object($_showNotLoggedin_real_auth)) {
            $loggedin = $_showNotLoggedin_real_auth->getRights();
        } else {
            $loggedin = zp_loggedin();
        }
        return !getOption('themeSwitcher_adminOnly') || $loggedin & (ADMIN_RIGHTS | THEMES_RIGHTS);
    }
}
$_themeSwitcherThemelist = array();
foreach ($_zp_gallery->getThemes() as $__key => $__theme) {
    $set = getOption('themeSwitcher_theme_' . $__key);
    if (is_null($set)) {
        //newly arrived theme?
        $set = 1;
    }
    $_themeSwitcherThemelist[$__key] = $set;
}
unset($__key);
unset($__theme);
if (isset($_GET['themeSwitcher'])) {
    zp_setCookie('themeSwitcher_theme', sanitize($_GET['themeSwitcher']), getOption('themeSwitcher_timeout') * 60);
}
if (zp_getCookie('themeSwitcher_theme')) {
    zp_register_filter('setupTheme', 'themeSwitcher::theme');
}
zp_register_filter('theme_head', 'themeSwitcher::head', 999);
zp_register_filter('theme_body_open', 'themeSwitcher::controlLink');
Example #14
0
<?php

// force UTF-8 Ø
if (!defined('WEBPATH')) {
    die;
}
$_noFlash = false;
if (($personality = getOption('Theme_personality')) != "Simpleviewer" || !MOD_REWRITE) {
    $_noFlash = true;
} else {
    // Simpleviewer initialization stuff
    if (isset($_GET['noflash'])) {
        $_noFlash = true;
        zp_setCookie("noFlash", "noFlash");
    } elseif (zp_getCookie("noFlash") != '') {
        $_noFlash = true;
    }
    // Change the Simpleviewer configuration here
    $maxImageWidth = "600";
    $maxImageHeight = "600";
    $preloaderColor = "0xFFFFFF";
    $textColor = "0xFFFFFF";
    $frameColor = "0xFFFFFF";
    $frameWidth = "10";
    $stagePadding = "20";
    $thumbnailColumns = "3";
    $thumbnailRows = "5";
    $navPosition = "left";
    $enableRightClickOpen = "true";
    $backgroundImagePath = "";
    // End of Simpeviewer config
Example #15
0
        $locale = $_zp_current_admin_obj->getLanguage();
        if (!empty($locale)) {
            //	set his prefered language
            setupCurrentLocale($locale);
        }
        $_zp_loggedin = zp_apply_filter('authorization_cookie', $_zp_loggedin);
    }
}
if (!$_zp_loggedin) {
    //	Clear the ssl cookie
    zp_setCookie("zenphoto_ssl", "", -368000);
}
// Handle a logout action.
if (isset($_REQUEST['logout'])) {
    $_zp_authority->handleLogout();
    zp_setCookie("zenphoto_ssl", "", -368000);
    $redirect = '';
    if (isset($_GET['p'])) {
        $redirect .= "&p=" . sanitize($_GET['p']);
    }
    if (isset($_GET['searchfields'])) {
        $redirect .= "&searchfields=" . sanitize($_GET['searchfields']);
    }
    if (isset($_GET['words'])) {
        $redirect .= "&words=" . sanitize($_GET['words']);
    }
    if (isset($_GET['date'])) {
        $redirect .= "&date=" . sanitize($_GET['date']);
    }
    if (isset($_GET['album'])) {
        $redirect .= "&album=" . sanitize($_GET['album']);
Example #16
0
/**
 * Sets the locale, etc. to the zenphoto domain details.
 * Returns the result of setupCurrentLocale()
 *
 */
function setMainDomain()
{
    global $_zp_current_admin_obj, $_zp_current_locale;
    if (DEBUG_LOCALE) {
        debugLogBackTrace("setMainDomain()");
    }
    if (isset($_REQUEST['locale'])) {
        $_zp_current_locale = validateLocale(sanitize($_REQUEST['locale']), isset($_POST['locale']) ? 'POST' : 'URI string');
        if ($_zp_current_locale) {
            zp_setCookie('dynamic_locale', $_zp_current_locale);
        } else {
            zp_clearCookie('dynamic_locale');
        }
        if (DEBUG_LOCALE) {
            debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale']) . "=>{$_zp_current_locale}");
        }
    } else {
        $matches = explode('.', @$_SERVER['HTTP_HOST']);
        $_zp_current_locale = validateLocale($matches[0], 'HTTP_HOST');
        if ($_zp_current_locale && zp_getCookie('dynamic_locale')) {
            zp_clearCookie('dynamic_locale');
        }
        if (DEBUG_LOCALE) {
            debugLog("dynamic_locale from HTTP_HOST: " . sanitize($matches[0]) . "=>{$_zp_current_locale}");
        }
    }
    if (!$_zp_current_locale && is_object($_zp_current_admin_obj)) {
        $_zp_current_locale = $_zp_current_admin_obj->getLanguage();
        if (DEBUG_LOCALE) {
            debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $_zp_current_locale);
        }
        if (empty($localeOption) && empty($_zp_current_locale)) {
            // if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE'
            $languageSupport = generateLanguageList();
            $userLang = parseHttpAcceptLanguage();
            foreach ($userLang as $lang) {
                $l = strtoupper($lang['fullcode']);
                $_zp_current_locale = validateLocale($l, 'HTTP Accept Language');
                if ($_zp_current_locale) {
                    break;
                }
            }
        } else {
            if (empty($_zp_current_locale)) {
                $_zp_current_locale = $localeOption;
            }
        }
    }
    if (empty($_zp_current_locale)) {
        // return "default" language, English if allowed, otherwise whatever is the "first" allowed language
        $languageSupport = generateLanguageList();
        if (defined('BASE_LOCALE')) {
            $loc = BASE_LOCALE;
        } else {
            $loc = 'en_US';
        }
        if (empty($languageSupport) || in_array($loc, $languageSupport)) {
            $_zp_current_locale = $loc;
        } else {
            $_zp_current_locale = array_shift($languageSupport);
        }
        if (DEBUG_LOCALE) {
            debugLog("locale from language list: " . $_zp_current_locale);
        }
    } else {
        setOption('locale', $_zp_current_locale, false);
    }
    if (DEBUG_LOCALE) {
        debugLog("getUserLocale Returning locale: " . $_zp_current_locale);
    }
    return setupCurrentLocale($_zp_current_locale);
}
/**
 * Loads the search object if it hasn't already been loaded.
 */
function zp_load_search()
{
    global $_zp_current_search;
    zp_setCookie("zenphoto_search_params", "", -368000);
    if (!is_object($_zp_current_search)) {
        $_zp_current_search = new SearchEngine();
    }
    add_context(ZP_SEARCH);
    $params = $_zp_current_search->getSearchParams();
    zp_setCookie("zenphoto_search_params", $params, SEARCH_DURATION);
    return $_zp_current_search;
}
Example #18
0
    define('VIEW_ALL_RIGHTS', ALL_ALBUMS_RIGHTS | ALL_PAGES_RIGHTS | ALL_NEWS_RIGHTS);
}
// If the auth variable gets set somehow before this, get rid of it.
$_zp_loggedin = false;
// we have the ssl marker cookie, normally we are already logged in
// but we need to redirect to ssl to retrive the auth cookie (set as secure).
if (zp_getCookie('zenphoto_ssl') && !secureServer()) {
    $redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI();
    header("Location:{$redirect}");
    exitZP();
}
if (isset($_POST['login'])) {
    //	Handle the login form.
    if (secureServer()) {
        // https: set the 'zenphoto_ssl' marker for redirection
        zp_setCookie("zenphoto_ssl", "needed");
    }
    $_zp_loggedin = $_zp_authority->handleLogon();
    if ($_zp_loggedin) {
        if (isset($_POST['redirect'])) {
            $redirect = sanitizeRedirect($_POST['redirect']);
            if (!empty($redirect)) {
                header("Location: " . $redirect);
                exitZP();
            }
        }
    }
} else {
    //	no login form, check the cookie
    if (isset($_GET['ticket'])) {
        // password reset query
Example #19
0
<?php

/**
 * This is the "files" upload tab
 *
 * @package plugins
 * @subpackage admin
 */
require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php';
admin_securityChecks(FILES_RIGHTS, currentRelativeURL());
zp_setCookie('uploadtype', 'elFinder');
$locale = substr(getOption("locale"), 0, 2);
if (empty($locale)) {
    $locale = 'en';
}
printAdminHeader('upload', 'files');
if (isset($_REQUEST['themeEdit'])) {
    $theme = sanitize($_REQUEST['themeEdit']);
    $_zp_admin_tab = 'themes';
    $title = gettext('Theme Manager');
} else {
    $theme = false;
    $title = gettext('File Manager');
}
?>

<link rel="stylesheet" type="text/css" media="screen" href="<?php 
echo WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/elFinder/';
?>
css/elfinder.min.css">
<script type="text/javascript" src="<?php 
Example #20
0
    } else {
        $_zp_obj = THEMEFOLDER . "/{$theme}/{$page}.php";
        $_zp_gallery_page = basename($_zp_obj);
    }
    // Display an Image page.
} else {
    if (in_context(ZP_IMAGE)) {
        handleSearchParms('image', $_zp_current_album, $_zp_current_image);
        $theme = setupTheme();
        $_zp_gallery_page = basename($_zp_obj = THEMEFOLDER . "/{$theme}/image.php");
        // Display an Album page.
    } else {
        if (in_context(ZP_ALBUM)) {
            if ($_zp_current_album->isDynamic()) {
                $search = $_zp_current_album->getSearchEngine();
                zp_setCookie("zenphoto_search_params", $search->getSearchParams(), SEARCH_DURATION);
            } else {
                handleSearchParms('album', $_zp_current_album);
            }
            $theme = setupTheme();
            $_zp_gallery_page = basename($_zp_obj = THEMEFOLDER . "/{$theme}/album.php");
            // Display the Index page.
        } else {
            if (in_context(ZP_INDEX)) {
                handleSearchParms('index');
                $theme = setupTheme();
                $_zp_gallery_page = basename($_zp_obj = THEMEFOLDER . "/{$theme}/index.php");
            }
        }
    }
}
         $notify = $fail;
     }
 }
 setOption('gallery_hint', process_language_string_save('gallery_hint', 3));
 setOption('search_hint', process_language_string_save('search_hint', 3));
 setBoolOption('persistent_archive', isset($_POST['persistent_archive']));
 setBoolOption('album_session', isset($_POST['album_session']));
 $oldloc = getOption('locale', true);
 // get the option as stored in the database, not what might have been set by a cookie
 $newloc = sanitize($_POST['locale'], 3);
 if ($newloc != $oldloc) {
     $cookiepath = WEBPATH;
     if (WEBPATH == '') {
         $cookiepath = '/';
     }
     zp_setCookie('dynamic_locale', $newloc, time() - 368000, $cookiepath);
     // clear the language cookie
     $encoding = getOption('charset');
     if (empty($encoding)) {
         $encoding = 'UTF-8';
     }
     $result = setlocale(LC_ALL, $newloc . '.' . $encoding);
     if ($result === false) {
         $result = setlocale(LC_ALL, $newloc);
     }
     if (!empty($newloc) && $result === false) {
         $notify = '?local_failed=' . $newloc;
     }
     setOption('locale', $newloc);
 }
 setBoolOption('multi_lingual', isset($_POST['multi_lingual']));
Example #22
0
    {
        if (getOption('mobileTheme_test')) {
            return true;
        }
        return parent::isMobile();
    }
    /**
     * (non-PHPdoc)
     * @see Mobile_Detect::isTablet()
     */
    function isTablet($userAgent = NULL, $httpHeaders = NULL)
    {
        if (getOption('mobileTheme_test') == 'tablet') {
            return true;
        }
        return parent::isTablet();
    }
}
if (isset($_GET['mobileTheme'])) {
    switch ($_GET['mobileTheme']) {
        case 'on':
            zp_setCookie('mobileTheme_disable', 0);
            break;
        case 'off':
            zp_setCookie('mobileTheme_disable', 1);
            break;
    }
}
if (!zp_getCookie('mobileTheme_disable')) {
    zp_register_filter('setupTheme', 'mobileTheme::theme');
}
/**
 * Returns a saved (or posted) locale. Posted locales are stored as a cookie.
 *
 * Sets the 'locale' option to the result (non-persistent)
 */
function getUserLocale()
{
    global $_zp_current_admin_obj;
    if (DEBUG_LOCALE) {
        debugLogBackTrace("getUserLocale()");
    }
    if (isset($_REQUEST['locale'])) {
        if (isset($_POST['locale'])) {
            $locale = validateLocale(sanitize($_POST['locale'], 0), 'POST');
        } else {
            $locale = validateLocale(sanitize($_GET['locale'], 0), 'URI string');
        }
        if ($locale) {
            zp_setCookie('dynamic_locale', $locale);
        }
        if (DEBUG_LOCALE) {
            debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale'], 0) . "=>{$locale}");
        }
    } else {
        $locale = false;
    }
    if (!$locale && is_object($_zp_current_admin_obj)) {
        $locale = $_zp_current_admin_obj->getLanguage();
        if (DEBUG_LOCALE) {
            debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $locale);
        }
        if (empty($localeOption) && empty($locale)) {
            // if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE'
            $languageSupport = generateLanguageList();
            $userLang = parseHttpAcceptLanguage();
            foreach ($userLang as $lang) {
                $l = strtoupper($lang['fullcode']);
                $locale = validateLocale($l, 'HTTP Accept Language');
                if ($locale) {
                    break;
                }
            }
        } else {
            if (empty($locale)) {
                $locale = $localeOption;
            }
        }
    }
    if (empty($locale)) {
        // return "default" language, English if allowed, otherwise whatever is the "first" allowed language
        $languageSupport = generateLanguageList();
        if (in_array('en_US', $languageSupport)) {
            $locale = 'en_US';
        } else {
            $locale = array_shift($languageSupport);
        }
    } else {
        setOption('locale', $locale, false);
    }
    if (DEBUG_LOCALE) {
        debugLog("getUserLocale Returning locale: " . $locale);
    }
    return $locale;
}
/**
 *
 * sets up for loading an album page
 */
function prepareAlbumPage()
{
    global $_zp_current_album, $_zp_gallery_page, $_zp_script;
    if ($search = $_zp_current_album->getSearchEngine()) {
        zp_setCookie("zenphoto_search_params", $search->getSearchParams(), SEARCH_DURATION);
    } else {
        handleSearchParms('album', $_zp_current_album);
    }
    $theme = setupTheme();
    $_zp_gallery_page = "album.php";
    $_zp_script = THEMEFOLDER . "/{$theme}/album.php";
    return $theme;
}
/**
 * Returns a saved (or posted) locale. Posted locales are stored as a cookie.
 *
 * Sets the 'locale' option to the result (non-persistent)
 */
function getUserLocale()
{
    if (DEBUG_LOCALE) {
        debugLogBackTrace("getUserLocale()");
    }
    $cookiepath = WEBPATH;
    if (WEBPATH == '') {
        $cookiepath = '/';
    }
    if (isset($_POST['dynamic-locale'])) {
        $locale = sanitize($_POST['dynamic-locale'], 0);
        zp_setCookie('dynamic_locale', $locale, time() + COOKIE_PESISTENCE, $cookiepath);
        if (DEBUG_LOCALE) {
            debugLog("dynamic_locale post: {$locale}");
        }
    } else {
        $localeOption = getOption('locale');
        $locale = zp_getCookie('dynamic_locale');
        if (DEBUG_LOCALE) {
            debugLog("locale from option: " . $localeOption . '; dynamic locale=' . $locale);
        }
        if (empty($localeOption) && $locale === false) {
            // if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE'
            $languageSupport = generateLanguageList();
            $userLang = parseHttpAcceptLanguage();
            foreach ($userLang as $lang) {
                $l = strtoupper($lang['fullcode']);
                foreach ($languageSupport as $key => $value) {
                    if (strtoupper($value) == $l) {
                        // we got a match
                        $locale = $value;
                        if (DEBUG_LOCALE) {
                            debugLog("locale set from HTTP Accept Language: " . $locale);
                        }
                        break;
                    } else {
                        if (preg_match('/^' . $l . '/', strtoupper($value))) {
                            // we got a partial match
                            $locale = $value;
                            if (DEBUG_LOCALE) {
                                debugLog("locale set from HTTP Accept Language (partial match): " . $locale);
                            }
                            break;
                        }
                    }
                }
                if ($locale) {
                    break;
                }
            }
        }
    }
    if ($locale !== false) {
        setOption('locale', $locale, false);
    }
    if (DEBUG_LOCALE) {
        debugLog("Returning locale: " . $locale);
    }
    return $locale;
}