/**
  * proccess_request
  * Process the request for the public area
  */
 private function proccess_request()
 {
     global $lang;
     $this->template = 404;
     // Default template
     $this->pages = $this->get_pages();
     // get theme pages
     // Prepare te request array to use the legacy request (?v=file.ext)
     if (check_value($_GET['v']) && preg_match("/^\\w*\\.jpg|png|gif\$/", $_GET['v'])) {
         $this->base_request = '?' . $this->request_array[1];
         unset($this->request_array[1]);
     }
     @session_start();
     if (count($_SESSION['ImagesUp']) > 0) {
         $_SESSION['ImagesUp'] = array_values($_SESSION['ImagesUp']);
         self::$uploaded = true;
     }
     if (chevereto_config('maintenance')) {
         $this->base_request = 'maintenance';
     }
     // Switch according the request
     switch ($this->base_request) {
         case '':
         case 'index.php':
             @session_start();
             $_SESSION['last_upload_request'] = time();
             $this->template = 'index';
             break;
         case 'json':
             json_prepare();
             // Do a special trick for the json action=login
             if ($_REQUEST['action'] == 'login') {
                 // Check for user match...
                 $login_user = login_user($_REQUEST['password'], $_REQUEST['keep']);
                 if ($login_user !== false) {
                     $json_array = array('status_code' => 200, 'status_txt' => 'logged in');
                 } else {
                     $json_array = array('status_code' => 403, 'status_txt' => 'invalid login');
                 }
             } elseif ($_REQUEST['action'] == 'logout') {
                 do_logout();
                 $json_array = array('status_code' => 200, 'status_txt' => 'logged out');
             }
             $json_array = check_value($json_array) ? $json_array : array('status' => 403, 'status_txt' => 'unauthorized');
             session_write_close();
             die(json_output($json_array));
             break;
         case __CHV_VIRTUALFOLDER_IMAGE__:
             // View request
             $id_public = $this->request_array[1];
             $this->template = !is_upload_result() ? 'view' : 'uploaded';
             self::$is_viewer = true;
             break;
         case __CHV_VIRTUALFOLDER_UPLOADED__:
             @session_start();
             if (count($_SESSION['ImagesUp']) > 0) {
                 $this->template = 'uploaded';
                 self::$doctitle = $lang['doctitle_upload_complete'];
             } else {
                 $this->redirect(__CHV_BASE_URL__, 400);
             }
             break;
         case 'error-javascript':
             chevereto_die(array(get_lang_txt('critical_js_step_1'), get_lang_txt('critical_js_step_2')), 'JavaScript', array(get_lang_txt('critical_js')));
             break;
         case '?chevereto':
             $this->template = 'bool';
             break;
             // Legacy viewer
         // Legacy viewer
         case '?v=' . $_GET['v']:
             // View request
             $id_public = $_GET['v'];
             $this->legacy_redirect = true;
             break;
         case 'delete':
         case 'delete-confirm':
             //$delete_what = $this->request_array[1];
             $id_public = $this->request_array[2];
             $deleteHash = $this->request_array[3];
             $this->template = $this->base_request;
             self::$is_viewer = true;
             break;
         case 'maintenance':
             $this->template = 'maintenance';
             self::$doctitle = chevereto_config('doctitle');
             break;
         default:
             // Pages request
             require_once $this->path_theme . 'pages/pages_config.php';
             // We load the special pages config
             if (in_array($this->base_request . '.php', $this->pages) and $this->request_array[1] == '' and $pages_config[$this->base_request]['live']) {
                 $this->template = 'pages/' . $this->base_request;
                 self::$doctitle = $pages_config[$this->base_request]['title'];
             } else {
                 $this->template = 'shorturl';
                 $id_public = $this->base_request;
                 self::$is_viewer = true;
             }
             break;
     }
     // Ask for the login on index and pages
     if ($this->template == 'index' || $this->template == 'pages/' . $this->base_request) {
         if (conditional_config('private_mode')) {
             if (!is_logged_user()) {
                 $doctitle = get_lang_txt('txt_enter_password') . ' - ' . chevereto_config('doctitle');
                 include __CHV_PATH_SYSTEM__ . 'login.php';
                 die;
             }
         }
     }
     if ($this->template == 'uploaded') {
         self::$doctitle = get_lang_txt('doctitle_upload_complete');
         self::$image_info = $_SESSION['ImagesUp'][0];
         self::$uploaded_images = $_SESSION['ImagesUp'];
         $_SESSION['ImagesUp'] = NULL;
         unset($_SESSION['ImagesUp']);
     }
     if (preg_match('/view|shorturl|delete/', $this->template) || $this->legacy_redirect) {
         // Test connection
         if ($this->dB->dead) {
             self::$doctitle = 'dB connection error';
             $this->template = 404;
         } else {
             // get image info
             $imageID = $this->legacy_redirect ? $id_public : decodeID($id_public);
             self::$image_info = $this->dB->image_info($imageID);
             self::$id_public = $id_public;
             if (!is_array(self::$image_info)) {
                 // Record?
                 if ($this->template == 'delete-confirm') {
                     json_output(array('status_code' => 403, 'status_txt' => 'target image doesn\'t exists'));
                 } else {
                     $this->template = 404;
                 }
             } else {
                 if ($this->legacy_redirect) {
                     $this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . encodeID(self::$image_info['image_id']), 301);
                 }
                 $target = get_image_target(self::$image_info);
                 self::$image_target = $target['image_path'];
                 self::$image_thumb_target = $target['image_thumb_path'];
                 self::$image_url = absolute_to_url($target['image_path']);
                 self::$image_thumb_url = absolute_to_url($target['image_thumb_path']);
                 self::$image_filename = self::$image_info['image_filename'];
                 self::$image_viewer = __CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . $id_public;
                 self::$delete_image_url = __CHV_BASE_URL__ . 'delete/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash'];
                 $image_delete_proceed = !empty(self::$image_info['image_delete_hash']) && $deleteHash === self::$image_info['image_delete_hash'] ? true : false;
                 switch ($this->template) {
                     case 'delete':
                         if (!$image_delete_proceed) {
                             $this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . self::$id_public, 301);
                         }
                         self::$delete_image_confirm_url = __CHV_BASE_URL__ . 'delete-confirm/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash'];
                         self::$doctitle = get_lang_txt('doctitle_delete_confirm') . ' ' . self::$image_info['image_filename'];
                         break;
                     case 'delete-confirm':
                         if (!$image_delete_proceed) {
                             json_output(array('status_code' => 403, 'status_txt' => 'invalid delete hash'));
                         } else {
                             require_once __CHV_PATH_ADMIN_CLASSES__ . 'class.manage.php';
                             $manage = new Manage(array('id' => self::$image_info['image_id'], 'action' => 'delete'));
                             if ($manage->dead) {
                                 $json_array = array('status_code' => 403, 'status_txt' => $manage->error);
                             } else {
                                 $json_array = $manage->process();
                             }
                         }
                         // Make the status_txt more readable...
                         switch ($json_array['status_code']) {
                             case 200:
                                 $json_array['status_txt'] = get_lang_txt('txt_image_deleted');
                                 break;
                             default:
                             case 403:
                                 $json_array['status_txt'] = get_lang_txt('txt_error_deleting_image');
                                 break;
                         }
                         json_output($json_array);
                         break;
                     default:
                         self::$doctitle = get_lang_txt('doctitle_viewing_image') . ' ' . self::$image_info['image_filename'];
                         break;
                 }
             }
         }
     }
     if ($this->template == 404) {
         status_header(404);
         self::$doctitle = check_value(self::$doctitle) ? self::$doctitle : get_lang_txt('txt_404_title');
     } else {
         status_header(200);
     }
     // We load the template
     if ($this->template == 'bool') {
         exit(json_encode(true));
     } else {
         $this->load_template();
     }
 }
Exemple #2
0
<?php 
}
?>

</head>

<body>

<div id="wrap">
    <div id="top">
    	<a href="<?php 
show_base_url();
?>
"><img src="<?php 
show_theme_imgdir();
?>
logo.png" alt="<?php 
echo chevereto_config('site_name');
?>
" /></a>
    	<?php 
if (is_logged_user()) {
    ?>
<div id="logged">You are logged in <span class="sep">&middot;</span> <a rel="logout"><?php 
    show_lang_txt('txt_logout');
    ?>
</a></div><?php 
}
?>
    </div>
    
Exemple #3
0
}
/*** Session ***/
if (array_key_exists('sID', $_REQUEST)) {
    session_id($_REQUEST['sID']);
}
@session_start();
/** Block the invalid request ***/
if (is_invalid_request()) {
    json_output(array('error' => 'true', 'errorMsg' => 'bad request'));
}
/*** Detect Flood ***/
if (is_upload_flood()) {
    json_output(array('error' => 'true', 'errorMsg' => 'flood detected'));
}
/*** Ask for credentials ***/
if (is_config_private_mode() && !is_logged_user()) {
    json_output(array('error' => 'true', 'errorMsg' => 'login needed'));
}
/** Call the upload class ***/
require_once __CHV_PATH_CLASSES__ . 'class.upload.php';
$upload = new Upload($to_upload);
if ($is_remote) {
    $upload->is_remote = true;
}
$upload->img_upload_path = __CHV_PATH_IMAGES__;
if (isset($to_resize)) {
    $upload->resize_width = $to_resize;
}
$upload->thumb_width = chevereto_config('thumb_width');
$upload->thumb_height = chevereto_config('thumb_height');
$upload->max_size = return_bytes(chevereto_config('max_filesize'));