static function load_request($allow) { $uri = getRequestURI(); $parts = explode('?', $uri); $uri = $parts[0]; $path = ltrim(substr($uri, strlen(WEBPATH) + 1), '/'); if (empty($path)) { return $allow; } else { $rest = strpos($path, '/'); if ($rest === false) { if (strpos($path, '?') === 0) { // only a parameter string return $allow; } $l = $path; } else { $l = substr($path, 0, $rest); } } $locale = validateLocale($l, 'seo_locale'); if ($locale) { // set the language cookie and redirect to the "base" url zp_setCookie('dynamic_locale', $locale); $uri = pathurlencode(preg_replace('|/' . $l . '[/$]|', '/', $uri)); if (isset($parts[1])) { $uri .= '?' . $parts[1]; } header("HTTP/1.0 302 Found"); header("Status: 302 Found"); header('Location: ' . $uri); exitZP(); } return $allow; }
static function invalidate($cookies) { global $_zp_loggedin, $_zp_current_admin_obj; if (zp_getCookie('cookieInvalidator') != ($newBase = getOption('cookieInvalidator_base'))) { foreach ($cookies as $cookie => $value) { zp_clearCookie($cookie); } zp_setCookie('cookieInvalidator', $newBase); $_zp_current_admin_obj = $_zp_loggedin = NULL; } }
function filterLocale_load_request($allow) { $uri = urldecode(sanitize($_SERVER['REQUEST_URI'], 0)); $path = substr($uri, strlen(WEBPATH) + 1); $path = str_replace('\\', '/', $path); if (substr($path, 0, 1) == '/') { $path = substr($path, 1); } if (empty($path)) { return $allow; } else { $rest = strpos($path, '/'); if ($rest === false) { if (strpos($path, '?') === 0) { // only a parameter string return $allow; } $l = $path; } else { $l = substr($path, 0, $rest); } } $locale = validateLocale($l, 'seo_locale'); if ($locale) { // set the language cookie and redirect to the "base" url zp_setCookie('dynamic_locale', $locale); if (substr($path, -1, 1) == '/') { $path = substr($path, 0, strlen($path) - 1); } $path = FULLWEBPATH . substr($path, strlen($l)); header("HTTP/1.0 302 Found"); header("Status: 302 Found"); header('Location: ' . $path); exit; } return $allow; }
/** * Set log-in cookie for a user * @param object $user */ static function logUser($user) { $user->set('lastloggedin', $user->get('loggedin')); $user->set('loggedin', date('Y-m-d H:i:s')); $user->save(); zp_setCookie("zp_user_auth", $user->getPass() . '.' . $user->getID(), NULL, NULL, secureServer()); }
require_once dirname(__FILE__) . '/admin-globals.php'; admin_securityChecks(UPLOAD_RIGHTS | FILES_RIGHTS, $return = currentRelativeURL()); if (isset($_GET['page'])) { $page = sanitize($_GET['page']); } else { $link = $zenphoto_tabs['upload']['link']; if (strpos($link, 'admin-upload.php') == false) { header('location: ' . $link); exitZP(); } $page = "upload"; $_GET['page'] = 'upload'; } if (isset($_GET['type'])) { $uploadtype = sanitize($_GET['tab']); zp_setCookie('uploadtype', $uploadtype); } else { $uploadtype = zp_getcookie('uploadtype'); $_GET['tab'] = $uploadtype; } $handlers = array_keys($uploadHandlers = zp_apply_filter('upload_handlers', array())); if (!zp_loggedin(UPLOAD_RIGHTS) || empty($handlers)) { // redirect to the files page if present if (isset($zenphoto_tabs['upload']['subtabs'])) { header('location: ' . array_shift($zenphoto_tabs['upload']['subtabs'])); exitZP(); } $handlers = array(); } if (count($handlers) > 0) { if (!isset($uploadHandlers[$uploadtype]) || !file_exists($uploadHandlers[$uploadtype] . '/upload_form.php')) {
/** * * Handles the POSTing of a comment * @return NULL|boolean */ function comment_form_handle_comment() { global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_article, $_zp_current_page, $_zp_HTML_cache; $comment_error = 0; $cookie = zp_getCookie('zenphoto_comment'); if (isset($_POST['comment']) && (!isset($_POST['username']) || empty($_POST['username']))) { // 'username' is a honey-pot trap /* * do not save the post page in the cache * Also the cache should be cleared so that a new page is saved at the first non-comment posting viewing. * But this has to wait until processing is finished to avoid race conditions. */ $_zp_HTML_cache->disable(); if (in_context(ZP_IMAGE)) { $commentobject = $_zp_current_image; $redirectTo = $_zp_current_image->getLink(); } else { if (in_context(ZP_ALBUM)) { $commentobject = $_zp_current_album; $redirectTo = $_zp_current_album->getLink(); } else { if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) { $commentobject = $_zp_current_article; $redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_article->getTitlelink(); } else { if (in_context(ZP_ZENPAGE_PAGE)) { $commentobject = $_zp_current_page; $redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_page->getTitlelink(); } else { $commentobject = NULL; $error = gettext('Comment posted on unknown page!'); } } } } if (is_object($commentobject)) { if (isset($_POST['name'])) { $p_name = sanitize($_POST['name'], 3); } else { $p_name = NULL; } if (isset($_POST['email'])) { $p_email = sanitize($_POST['email'], 3); if (!is_valid_email_zp($p_email)) { $p_email = NULL; } } else { $p_email = NULL; } if (isset($_POST['website'])) { $p_website = sanitize($_POST['website'], 3); if ($p_website && strpos($p_website, 'http') !== 0) { $p_website = 'http://' . $p_website; } if (!isValidURL($p_website)) { $p_website = NULL; } } else { $p_website = NULL; } if (isset($_POST['comment'])) { $p_comment = sanitize($_POST['comment'], 1); } else { $p_comment = ''; } $p_server = getUserIP(); if (isset($_POST['code'])) { $code1 = sanitize($_POST['code'], 3); $code2 = sanitize($_POST['code_h'], 3); } else { $code1 = ''; $code2 = ''; } $p_private = isset($_POST['private']); $p_anon = isset($_POST['anon']); $commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon, serialize(getCommentAddress(0))); $comment_error = $commentadded->getInModeration(); $_zp_comment_stored = array('name' => $commentadded->getName(), 'email' => $commentadded->getEmail(), 'website' => $commentadded->getWebsite(), 'comment' => $commentadded->getComment(), 'saved' => isset($_POST['remember']), 'private' => $commentadded->getPrivate(), 'anon' => $commentadded->getAnon(), 'custom' => $commentadded->getCustomData()); if ($comment_error) { $error = $commentadded->comment_error_text; $comment_error++; } else { $_zp_HTML_cache->clearHtmlCache(); $error = NULL; if (isset($_POST['remember'])) { // Should always re-cookie to update info in case it's changed... $_zp_comment_stored['comment'] = ''; // clear the comment itself zp_setCookie('zenphoto_comment', serialize($_zp_comment_stored)); } else { zp_clearCookie('zenphoto_comment'); } //use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour) if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) { // but not for Microsoft IIS because that server fails if we redirect! header('Location: ' . $redirectTo . '#zp_comment_id_' . $commentadded->getId()); exitZP(); } } } return $error; } else { if (!empty($cookie)) { $cookiedata = getSerializedArray($cookie); if (count($cookiedata) > 1) { $_zp_comment_stored = $cookiedata; } } } return false; }
setOption('charset', sanitize($_POST['charset']), 3); setOption('site_email', sanitize($_POST['site_email']), 3); $_zp_gallery->setGallerySession((int) isset($_POST['album_session'])); $_zp_gallery->save(); if (isset($_POST['zenphoto_cookie_path'])) { $p = sanitize($_POST['zenphoto_cookie_path']); if (empty($p)) { zp_clearCookie('zenphoto_cookie_path'); } else { $p = '/' . trim($p, '/') . '/'; if ($p == '//') { $p = '/'; } // save a cookie to see if change works $returntab .= '&cookiepath'; zp_setCookie('zenphoto_cookie_path', $p, NULL, $p); } setOption('zenphoto_cookie_path', $p); if (isset($_POST['cookie_persistence'])) { setOption('cookie_persistence', sanitize_numeric($_POST['cookie_persistence'])); } } setOption('site_email_name', process_language_string_save('site_email_name', 3)); setOption('users_per_page', sanitize_numeric($_POST['users_per_page'])); setOption('plugins_per_page', sanitize_numeric($_POST['plugins_per_page'])); if (isset($_POST['articles_per_page'])) { setOption('articles_per_page', sanitize_numeric($_POST['articles_per_page'])); } setOption('multi_lingual', (int) isset($_POST['multi_lingual'])); $f = sanitize($_POST['date_format_list'], 3); if ($f == 'custom') {
/** * * Clears a cookie * @param string $name * @param string $path * @param bool $secure true if secure cookie */ function zp_clearCookie($name, $path = NULl, $secure = false) { zp_setCookie($name, '', -368000, $path, $secure); }
/** * checks password posting * * @param string $authType override of athorization type */ function zp_handle_password($authType = NULL, $check_auth = NULL, $check_user = NULL) { global $_zp_loggedin, $_zp_login_error, $_zp_current_album, $_zp_current_zenpage_page, $_zp_gallery; if (empty($authType)) { // not supplied by caller $check_auth = ''; if (isset($_GET['z']) && @$_GET['p'] == 'full-image' || isset($_GET['p']) && $_GET['p'] == '*full-image') { $authType = 'zp_image_auth'; $check_auth = getOption('protected_image_password'); $check_user = getOption('protected_image_user'); } else { if (in_context(ZP_SEARCH)) { // search page $authType = 'zp_search_auth'; $check_auth = getOption('search_password'); $check_user = getOption('search_user'); } else { if (in_context(ZP_ALBUM)) { // album page $authType = "zp_album_auth_" . $_zp_current_album->getID(); $check_auth = $_zp_current_album->getPassword(); $check_user = $_zp_current_album->getUser(); if (empty($check_auth)) { $parent = $_zp_current_album->getParent(); while (!is_null($parent)) { $check_auth = $parent->getPassword(); $check_user = $parent->getUser(); $authType = "zp_album_auth_" . $parent->getID(); if (!empty($check_auth)) { break; } $parent = $parent->getParent(); } } } else { if (in_context(ZP_ZENPAGE_PAGE)) { $authType = "zp_page_auth_" . $_zp_current_zenpage_page->getID(); $check_auth = $_zp_current_zenpage_page->getPassword(); $check_user = $_zp_current_zenpage_page->getUser(); if (empty($check_auth)) { $pageobj = $_zp_current_zenpage_page; while (empty($check_auth)) { $parentID = $pageobj->getParentID(); if ($parentID == 0) { break; } $sql = 'SELECT `titlelink` FROM ' . prefix('pages') . ' WHERE `id`=' . $parentID; $result = query_single_row($sql); $pageobj = new ZenpagePage($result['titlelink']); $authType = "zp_page_auth_" . $pageobj->getID(); $check_auth = $pageobj->getPassword(); $check_user = $pageobj->getUser(); } } } } } } if (empty($check_auth)) { // anything else is controlled by the gallery credentials $authType = 'zp_gallery_auth'; $check_auth = $_zp_gallery->getPassword(); $check_user = $_zp_gallery->getUser(); } } // Handle the login form. if (DEBUG_LOGIN) { debugLog("zp_handle_password: \$authType={$authType}; \$check_auth={$check_auth}; \$check_user={$check_user}; "); } if (isset($_POST['password']) && isset($_POST['pass'])) { // process login form if (isset($_POST['user'])) { $post_user = sanitize($_POST['user']); } else { $post_user = ''; } $post_pass = $_POST['pass']; // We should not sanitize the password foreach (Zenphoto_Authority::$hashList as $hash => $hi) { $auth = Zenphoto_Authority::passwordHash($post_user, $post_pass, $hi); $success = $auth == $check_auth && $post_user == $check_user; if (DEBUG_LOGIN) { debugLog("zp_handle_password({$success}): \$post_user={$post_user}; \$post_pass={$post_pass}; \$check_auth={$check_auth}; \$auth={$auth}; \$hash={$hash};"); } if ($success) { break; } } $success = zp_apply_filter('guest_login_attempt', $success, $post_user, $post_pass, $authType); if ($success) { // Correct auth info. Set the cookie. if (DEBUG_LOGIN) { debugLog("zp_handle_password: valid credentials"); } zp_setCookie($authType, $auth); if (isset($_POST['redirect'])) { $redirect_to = sanitizeRedirect($_POST['redirect'], true); if (!empty($redirect_to)) { header("Location: " . $redirect_to); exitZP(); } } } else { // Clear the cookie, just in case if (DEBUG_LOGIN) { debugLog("zp_handle_password: invalid credentials"); } zp_clearCookie($authType); $_zp_login_error = true; } return; } if (empty($check_auth)) { //no password on record or admin logged in return; } if (($saved_auth = zp_getCookie($authType)) != '') { if ($saved_auth == $check_auth) { if (DEBUG_LOGIN) { debugLog("zp_handle_password: valid cookie"); } return; } else { // Clear the cookie if (DEBUG_LOGIN) { debugLog("zp_handle_password: invalid cookie"); } zp_clearCookie($authType); } } }
function processEditSelection($subtab) { global $subalbum_nesting, $album_nesting, $imagesTab_imageCount; if (isset($_GET['selection'])) { switch ($subtab) { case '': $album_nesting = max(1, sanitize_numeric($_GET['selection'])); zp_setCookie('gallery_nesting', $album_nesting); break; case 'subalbuminfo': $subalbum_nesting = max(1, sanitize_numeric($_GET['selection'])); zp_setCookie('subalbum_nesting', $subalbum_nesting); break; case 'imageinfo': $imagesTab_imageCount = max(ADMIN_IMAGES_STEP, sanitize_numeric($_GET['selection'])); zp_setCookie('imagesTab_imageCount', $imagesTab_imageCount); break; } } else { switch ($subtab) { case '': $album_nesting = zp_getCookie('gallery_nesting'); break; case 'subalbuminfo': $subalbum_nesting = zp_getCookie('subalbum_nesting'); break; case 'imageinfo': $count = zp_getCookie('imagesTab_imageCount'); if ($count) { $imagesTab_imageCount = $count; } break; } } }
/** * Checks saved cookies to see if a user is logged in */ function checkCookieCredentials() { if (getOption('strong_hash')) { $hashlen = 40; } else { $hashlen = 32; } $auth = zp_getCookie('zenphoto_auth'); if (strlen($auth) > $hashlen) { $id = substr($auth, $hashlen); $auth = substr($auth, 0, $hashlen); } else { $id = NULL; } $_zp_loggedin = $this->checkAuthorization($auth, $id); if ($_zp_loggedin) { return $_zp_loggedin; } else { zp_setCookie("zenphoto_auth", "", -368000); return false; } }
static function post_processor() { global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message; //Handle registration if (isset($_POST['username']) && !empty($_POST['username'])) { $_notify = 'honeypot'; // honey pot check } if (getOption('register_user_captcha')) { if (isset($_POST['code'])) { $code = sanitize($_POST['code'], 3); $code_ok = sanitize($_POST['code_h'], 3); } else { $code = ''; $code_ok = ''; } if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $_notify = 'invalidcaptcha'; } } $admin_n = trim(sanitize($_POST['admin_name'])); if (empty($admin_n)) { $_notify = 'incomplete'; } if (isset($_POST['admin_email'])) { $admin_e = trim(sanitize($_POST['admin_email'])); } else { $admin_e = trim(sanitize($_POST['user'], 0)); } if (!is_valid_email_zp($admin_e)) { $_notify = 'invalidemail'; } $pass = trim(sanitize($_POST['pass'], 0)); $user = trim(sanitize($_POST['user'], 0)); if (empty($pass)) { $_notify = 'empty'; } else { if (!empty($user) && !empty($admin_n) && !empty($admin_e)) { if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) { $currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0)); if (is_object($currentadmin)) { $_notify = 'exists'; } else { if ($_zp_authority->getAnAdmin(array('`email`=' => $admin_e, '`valid`=' => '1'))) { $_notify = 'dup_email'; } } if (empty($_notify)) { $userobj = $_zp_authority->newAdministrator(''); $userobj->transient = false; $userobj->setUser($user); $userobj->setPass($pass); $userobj->setName($admin_n); $userobj->setEmail($admin_e); $userobj->setRights(0); $userobj->setObjects(NULL); $userobj->setGroup(''); $userobj->setCustomData(''); $userobj->setLanguage(getUserLocale()); if (extensionEnabled('userAddressFields')) { $addresses = getOption('register_user_address_info'); $userinfo = register_user::getUserInfo(0); $_comment_form_save_post = serialize($userinfo); if ($addresses == 'required') { if (!isset($userinfo['street']) || empty($userinfo['street'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the street field.'); } if (!isset($userinfo['city']) || empty($userinfo['city'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the city field.'); } if (!isset($userinfo['state']) || empty($userinfo['state'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the state field.'); } if (!isset($userinfo['country']) || empty($userinfo['country'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the country field.'); } if (!isset($userinfo['postal']) || empty($userinfo['postal'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the postal code field.'); } } zp_setCookie('reister_user_form_addresses', $_comment_form_save_post); userAddressFields::setCustomData($userobj, $userinfo); } zp_apply_filter('register_user_registered', $userobj); if ($userobj->transient) { if (empty($_notify)) { $_notify = 'filter'; } } else { $userobj->save(); if (MOD_REWRITE) { $verify = '?verify='; } else { $verify = '&verify='; } $_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))); $_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass); $_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e)); if (empty($_notify)) { $_notify = 'accepted'; } } } } else { $_notify = 'mismatch'; } } else { $_notify = 'incomplete'; } } }
} static function active() { global $_showNotLoggedin_real_auth; if (is_object($_showNotLoggedin_real_auth)) { $loggedin = $_showNotLoggedin_real_auth->getRights(); } else { $loggedin = zp_loggedin(); } return !getOption('themeSwitcher_adminOnly') || $loggedin & (ADMIN_RIGHTS | THEMES_RIGHTS); } } $_themeSwitcherThemelist = array(); foreach ($_zp_gallery->getThemes() as $__key => $__theme) { $set = getOption('themeSwitcher_theme_' . $__key); if (is_null($set)) { //newly arrived theme? $set = 1; } $_themeSwitcherThemelist[$__key] = $set; } unset($__key); unset($__theme); if (isset($_GET['themeSwitcher'])) { zp_setCookie('themeSwitcher_theme', sanitize($_GET['themeSwitcher']), getOption('themeSwitcher_timeout') * 60); } if (zp_getCookie('themeSwitcher_theme')) { zp_register_filter('setupTheme', 'themeSwitcher::theme'); } zp_register_filter('theme_head', 'themeSwitcher::head', 999); zp_register_filter('theme_body_open', 'themeSwitcher::controlLink');
<?php // force UTF-8 Ø if (!defined('WEBPATH')) { die; } $_noFlash = false; if (($personality = getOption('Theme_personality')) != "Simpleviewer" || !MOD_REWRITE) { $_noFlash = true; } else { // Simpleviewer initialization stuff if (isset($_GET['noflash'])) { $_noFlash = true; zp_setCookie("noFlash", "noFlash"); } elseif (zp_getCookie("noFlash") != '') { $_noFlash = true; } // Change the Simpleviewer configuration here $maxImageWidth = "600"; $maxImageHeight = "600"; $preloaderColor = "0xFFFFFF"; $textColor = "0xFFFFFF"; $frameColor = "0xFFFFFF"; $frameWidth = "10"; $stagePadding = "20"; $thumbnailColumns = "3"; $thumbnailRows = "5"; $navPosition = "left"; $enableRightClickOpen = "true"; $backgroundImagePath = ""; // End of Simpeviewer config
$locale = $_zp_current_admin_obj->getLanguage(); if (!empty($locale)) { // set his prefered language setupCurrentLocale($locale); } $_zp_loggedin = zp_apply_filter('authorization_cookie', $_zp_loggedin); } } if (!$_zp_loggedin) { // Clear the ssl cookie zp_setCookie("zenphoto_ssl", "", -368000); } // Handle a logout action. if (isset($_REQUEST['logout'])) { $_zp_authority->handleLogout(); zp_setCookie("zenphoto_ssl", "", -368000); $redirect = ''; if (isset($_GET['p'])) { $redirect .= "&p=" . sanitize($_GET['p']); } if (isset($_GET['searchfields'])) { $redirect .= "&searchfields=" . sanitize($_GET['searchfields']); } if (isset($_GET['words'])) { $redirect .= "&words=" . sanitize($_GET['words']); } if (isset($_GET['date'])) { $redirect .= "&date=" . sanitize($_GET['date']); } if (isset($_GET['album'])) { $redirect .= "&album=" . sanitize($_GET['album']);
/** * Sets the locale, etc. to the zenphoto domain details. * Returns the result of setupCurrentLocale() * */ function setMainDomain() { global $_zp_current_admin_obj, $_zp_current_locale; if (DEBUG_LOCALE) { debugLogBackTrace("setMainDomain()"); } if (isset($_REQUEST['locale'])) { $_zp_current_locale = validateLocale(sanitize($_REQUEST['locale']), isset($_POST['locale']) ? 'POST' : 'URI string'); if ($_zp_current_locale) { zp_setCookie('dynamic_locale', $_zp_current_locale); } else { zp_clearCookie('dynamic_locale'); } if (DEBUG_LOCALE) { debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale']) . "=>{$_zp_current_locale}"); } } else { $matches = explode('.', @$_SERVER['HTTP_HOST']); $_zp_current_locale = validateLocale($matches[0], 'HTTP_HOST'); if ($_zp_current_locale && zp_getCookie('dynamic_locale')) { zp_clearCookie('dynamic_locale'); } if (DEBUG_LOCALE) { debugLog("dynamic_locale from HTTP_HOST: " . sanitize($matches[0]) . "=>{$_zp_current_locale}"); } } if (!$_zp_current_locale && is_object($_zp_current_admin_obj)) { $_zp_current_locale = $_zp_current_admin_obj->getLanguage(); if (DEBUG_LOCALE) { debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $_zp_current_locale); } if (empty($localeOption) && empty($_zp_current_locale)) { // if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE' $languageSupport = generateLanguageList(); $userLang = parseHttpAcceptLanguage(); foreach ($userLang as $lang) { $l = strtoupper($lang['fullcode']); $_zp_current_locale = validateLocale($l, 'HTTP Accept Language'); if ($_zp_current_locale) { break; } } } else { if (empty($_zp_current_locale)) { $_zp_current_locale = $localeOption; } } } if (empty($_zp_current_locale)) { // return "default" language, English if allowed, otherwise whatever is the "first" allowed language $languageSupport = generateLanguageList(); if (defined('BASE_LOCALE')) { $loc = BASE_LOCALE; } else { $loc = 'en_US'; } if (empty($languageSupport) || in_array($loc, $languageSupport)) { $_zp_current_locale = $loc; } else { $_zp_current_locale = array_shift($languageSupport); } if (DEBUG_LOCALE) { debugLog("locale from language list: " . $_zp_current_locale); } } else { setOption('locale', $_zp_current_locale, false); } if (DEBUG_LOCALE) { debugLog("getUserLocale Returning locale: " . $_zp_current_locale); } return setupCurrentLocale($_zp_current_locale); }
/** * Loads the search object if it hasn't already been loaded. */ function zp_load_search() { global $_zp_current_search; zp_setCookie("zenphoto_search_params", "", -368000); if (!is_object($_zp_current_search)) { $_zp_current_search = new SearchEngine(); } add_context(ZP_SEARCH); $params = $_zp_current_search->getSearchParams(); zp_setCookie("zenphoto_search_params", $params, SEARCH_DURATION); return $_zp_current_search; }
define('VIEW_ALL_RIGHTS', ALL_ALBUMS_RIGHTS | ALL_PAGES_RIGHTS | ALL_NEWS_RIGHTS); } // If the auth variable gets set somehow before this, get rid of it. $_zp_loggedin = false; // we have the ssl marker cookie, normally we are already logged in // but we need to redirect to ssl to retrive the auth cookie (set as secure). if (zp_getCookie('zenphoto_ssl') && !secureServer()) { $redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI(); header("Location:{$redirect}"); exitZP(); } if (isset($_POST['login'])) { // Handle the login form. if (secureServer()) { // https: set the 'zenphoto_ssl' marker for redirection zp_setCookie("zenphoto_ssl", "needed"); } $_zp_loggedin = $_zp_authority->handleLogon(); if ($_zp_loggedin) { if (isset($_POST['redirect'])) { $redirect = sanitizeRedirect($_POST['redirect']); if (!empty($redirect)) { header("Location: " . $redirect); exitZP(); } } } } else { // no login form, check the cookie if (isset($_GET['ticket'])) { // password reset query
<?php /** * This is the "files" upload tab * * @package plugins * @subpackage admin */ require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php'; admin_securityChecks(FILES_RIGHTS, currentRelativeURL()); zp_setCookie('uploadtype', 'elFinder'); $locale = substr(getOption("locale"), 0, 2); if (empty($locale)) { $locale = 'en'; } printAdminHeader('upload', 'files'); if (isset($_REQUEST['themeEdit'])) { $theme = sanitize($_REQUEST['themeEdit']); $_zp_admin_tab = 'themes'; $title = gettext('Theme Manager'); } else { $theme = false; $title = gettext('File Manager'); } ?> <link rel="stylesheet" type="text/css" media="screen" href="<?php echo WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/elFinder/'; ?> css/elfinder.min.css"> <script type="text/javascript" src="<?php
} else { $_zp_obj = THEMEFOLDER . "/{$theme}/{$page}.php"; $_zp_gallery_page = basename($_zp_obj); } // Display an Image page. } else { if (in_context(ZP_IMAGE)) { handleSearchParms('image', $_zp_current_album, $_zp_current_image); $theme = setupTheme(); $_zp_gallery_page = basename($_zp_obj = THEMEFOLDER . "/{$theme}/image.php"); // Display an Album page. } else { if (in_context(ZP_ALBUM)) { if ($_zp_current_album->isDynamic()) { $search = $_zp_current_album->getSearchEngine(); zp_setCookie("zenphoto_search_params", $search->getSearchParams(), SEARCH_DURATION); } else { handleSearchParms('album', $_zp_current_album); } $theme = setupTheme(); $_zp_gallery_page = basename($_zp_obj = THEMEFOLDER . "/{$theme}/album.php"); // Display the Index page. } else { if (in_context(ZP_INDEX)) { handleSearchParms('index'); $theme = setupTheme(); $_zp_gallery_page = basename($_zp_obj = THEMEFOLDER . "/{$theme}/index.php"); } } } }
$notify = $fail; } } setOption('gallery_hint', process_language_string_save('gallery_hint', 3)); setOption('search_hint', process_language_string_save('search_hint', 3)); setBoolOption('persistent_archive', isset($_POST['persistent_archive'])); setBoolOption('album_session', isset($_POST['album_session'])); $oldloc = getOption('locale', true); // get the option as stored in the database, not what might have been set by a cookie $newloc = sanitize($_POST['locale'], 3); if ($newloc != $oldloc) { $cookiepath = WEBPATH; if (WEBPATH == '') { $cookiepath = '/'; } zp_setCookie('dynamic_locale', $newloc, time() - 368000, $cookiepath); // clear the language cookie $encoding = getOption('charset'); if (empty($encoding)) { $encoding = 'UTF-8'; } $result = setlocale(LC_ALL, $newloc . '.' . $encoding); if ($result === false) { $result = setlocale(LC_ALL, $newloc); } if (!empty($newloc) && $result === false) { $notify = '?local_failed=' . $newloc; } setOption('locale', $newloc); } setBoolOption('multi_lingual', isset($_POST['multi_lingual']));
{ if (getOption('mobileTheme_test')) { return true; } return parent::isMobile(); } /** * (non-PHPdoc) * @see Mobile_Detect::isTablet() */ function isTablet($userAgent = NULL, $httpHeaders = NULL) { if (getOption('mobileTheme_test') == 'tablet') { return true; } return parent::isTablet(); } } if (isset($_GET['mobileTheme'])) { switch ($_GET['mobileTheme']) { case 'on': zp_setCookie('mobileTheme_disable', 0); break; case 'off': zp_setCookie('mobileTheme_disable', 1); break; } } if (!zp_getCookie('mobileTheme_disable')) { zp_register_filter('setupTheme', 'mobileTheme::theme'); }
/** * Returns a saved (or posted) locale. Posted locales are stored as a cookie. * * Sets the 'locale' option to the result (non-persistent) */ function getUserLocale() { global $_zp_current_admin_obj; if (DEBUG_LOCALE) { debugLogBackTrace("getUserLocale()"); } if (isset($_REQUEST['locale'])) { if (isset($_POST['locale'])) { $locale = validateLocale(sanitize($_POST['locale'], 0), 'POST'); } else { $locale = validateLocale(sanitize($_GET['locale'], 0), 'URI string'); } if ($locale) { zp_setCookie('dynamic_locale', $locale); } if (DEBUG_LOCALE) { debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale'], 0) . "=>{$locale}"); } } else { $locale = false; } if (!$locale && is_object($_zp_current_admin_obj)) { $locale = $_zp_current_admin_obj->getLanguage(); if (DEBUG_LOCALE) { debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $locale); } if (empty($localeOption) && empty($locale)) { // if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE' $languageSupport = generateLanguageList(); $userLang = parseHttpAcceptLanguage(); foreach ($userLang as $lang) { $l = strtoupper($lang['fullcode']); $locale = validateLocale($l, 'HTTP Accept Language'); if ($locale) { break; } } } else { if (empty($locale)) { $locale = $localeOption; } } } if (empty($locale)) { // return "default" language, English if allowed, otherwise whatever is the "first" allowed language $languageSupport = generateLanguageList(); if (in_array('en_US', $languageSupport)) { $locale = 'en_US'; } else { $locale = array_shift($languageSupport); } } else { setOption('locale', $locale, false); } if (DEBUG_LOCALE) { debugLog("getUserLocale Returning locale: " . $locale); } return $locale; }
/** * * sets up for loading an album page */ function prepareAlbumPage() { global $_zp_current_album, $_zp_gallery_page, $_zp_script; if ($search = $_zp_current_album->getSearchEngine()) { zp_setCookie("zenphoto_search_params", $search->getSearchParams(), SEARCH_DURATION); } else { handleSearchParms('album', $_zp_current_album); } $theme = setupTheme(); $_zp_gallery_page = "album.php"; $_zp_script = THEMEFOLDER . "/{$theme}/album.php"; return $theme; }
/** * Returns a saved (or posted) locale. Posted locales are stored as a cookie. * * Sets the 'locale' option to the result (non-persistent) */ function getUserLocale() { if (DEBUG_LOCALE) { debugLogBackTrace("getUserLocale()"); } $cookiepath = WEBPATH; if (WEBPATH == '') { $cookiepath = '/'; } if (isset($_POST['dynamic-locale'])) { $locale = sanitize($_POST['dynamic-locale'], 0); zp_setCookie('dynamic_locale', $locale, time() + COOKIE_PESISTENCE, $cookiepath); if (DEBUG_LOCALE) { debugLog("dynamic_locale post: {$locale}"); } } else { $localeOption = getOption('locale'); $locale = zp_getCookie('dynamic_locale'); if (DEBUG_LOCALE) { debugLog("locale from option: " . $localeOption . '; dynamic locale=' . $locale); } if (empty($localeOption) && $locale === false) { // if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE' $languageSupport = generateLanguageList(); $userLang = parseHttpAcceptLanguage(); foreach ($userLang as $lang) { $l = strtoupper($lang['fullcode']); foreach ($languageSupport as $key => $value) { if (strtoupper($value) == $l) { // we got a match $locale = $value; if (DEBUG_LOCALE) { debugLog("locale set from HTTP Accept Language: " . $locale); } break; } else { if (preg_match('/^' . $l . '/', strtoupper($value))) { // we got a partial match $locale = $value; if (DEBUG_LOCALE) { debugLog("locale set from HTTP Accept Language (partial match): " . $locale); } break; } } } if ($locale) { break; } } } } if ($locale !== false) { setOption('locale', $locale, false); } if (DEBUG_LOCALE) { debugLog("Returning locale: " . $locale); } return $locale; }