/** * proccess_request * Process the request for the public area */ private function proccess_request() { global $lang; $this->template = 404; // Default template $this->pages = $this->get_pages(); // get theme pages // Prepare te request array to use the legacy request (?v=file.ext) if (check_value($_GET['v']) && preg_match("/^\\w*\\.jpg|png|gif\$/", $_GET['v'])) { $this->base_request = '?' . $this->request_array[1]; unset($this->request_array[1]); } @session_start(); if (count($_SESSION['ImagesUp']) > 0) { $_SESSION['ImagesUp'] = array_values($_SESSION['ImagesUp']); self::$uploaded = true; } if (chevereto_config('maintenance')) { $this->base_request = 'maintenance'; } // Switch according the request switch ($this->base_request) { case '': case 'index.php': @session_start(); $_SESSION['last_upload_request'] = time(); $this->template = 'index'; break; case 'json': json_prepare(); // Do a special trick for the json action=login if ($_REQUEST['action'] == 'login') { // Check for user match... $login_user = login_user($_REQUEST['password'], $_REQUEST['keep']); if ($login_user !== false) { $json_array = array('status_code' => 200, 'status_txt' => 'logged in'); } else { $json_array = array('status_code' => 403, 'status_txt' => 'invalid login'); } } elseif ($_REQUEST['action'] == 'logout') { do_logout(); $json_array = array('status_code' => 200, 'status_txt' => 'logged out'); } $json_array = check_value($json_array) ? $json_array : array('status' => 403, 'status_txt' => 'unauthorized'); session_write_close(); die(json_output($json_array)); break; case __CHV_VIRTUALFOLDER_IMAGE__: // View request $id_public = $this->request_array[1]; $this->template = !is_upload_result() ? 'view' : 'uploaded'; self::$is_viewer = true; break; case __CHV_VIRTUALFOLDER_UPLOADED__: @session_start(); if (count($_SESSION['ImagesUp']) > 0) { $this->template = 'uploaded'; self::$doctitle = $lang['doctitle_upload_complete']; } else { $this->redirect(__CHV_BASE_URL__, 400); } break; case 'error-javascript': chevereto_die(array(get_lang_txt('critical_js_step_1'), get_lang_txt('critical_js_step_2')), 'JavaScript', array(get_lang_txt('critical_js'))); break; case '?chevereto': $this->template = 'bool'; break; // Legacy viewer // Legacy viewer case '?v=' . $_GET['v']: // View request $id_public = $_GET['v']; $this->legacy_redirect = true; break; case 'delete': case 'delete-confirm': //$delete_what = $this->request_array[1]; $id_public = $this->request_array[2]; $deleteHash = $this->request_array[3]; $this->template = $this->base_request; self::$is_viewer = true; break; case 'maintenance': $this->template = 'maintenance'; self::$doctitle = chevereto_config('doctitle'); break; default: // Pages request require_once $this->path_theme . 'pages/pages_config.php'; // We load the special pages config if (in_array($this->base_request . '.php', $this->pages) and $this->request_array[1] == '' and $pages_config[$this->base_request]['live']) { $this->template = 'pages/' . $this->base_request; self::$doctitle = $pages_config[$this->base_request]['title']; } else { $this->template = 'shorturl'; $id_public = $this->base_request; self::$is_viewer = true; } break; } // Ask for the login on index and pages if ($this->template == 'index' || $this->template == 'pages/' . $this->base_request) { if (conditional_config('private_mode')) { if (!is_logged_user()) { $doctitle = get_lang_txt('txt_enter_password') . ' - ' . chevereto_config('doctitle'); include __CHV_PATH_SYSTEM__ . 'login.php'; die; } } } if ($this->template == 'uploaded') { self::$doctitle = get_lang_txt('doctitle_upload_complete'); self::$image_info = $_SESSION['ImagesUp'][0]; self::$uploaded_images = $_SESSION['ImagesUp']; $_SESSION['ImagesUp'] = NULL; unset($_SESSION['ImagesUp']); } if (preg_match('/view|shorturl|delete/', $this->template) || $this->legacy_redirect) { // Test connection if ($this->dB->dead) { self::$doctitle = 'dB connection error'; $this->template = 404; } else { // get image info $imageID = $this->legacy_redirect ? $id_public : decodeID($id_public); self::$image_info = $this->dB->image_info($imageID); self::$id_public = $id_public; if (!is_array(self::$image_info)) { // Record? if ($this->template == 'delete-confirm') { json_output(array('status_code' => 403, 'status_txt' => 'target image doesn\'t exists')); } else { $this->template = 404; } } else { if ($this->legacy_redirect) { $this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . encodeID(self::$image_info['image_id']), 301); } $target = get_image_target(self::$image_info); self::$image_target = $target['image_path']; self::$image_thumb_target = $target['image_thumb_path']; self::$image_url = absolute_to_url($target['image_path']); self::$image_thumb_url = absolute_to_url($target['image_thumb_path']); self::$image_filename = self::$image_info['image_filename']; self::$image_viewer = __CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . $id_public; self::$delete_image_url = __CHV_BASE_URL__ . 'delete/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash']; $image_delete_proceed = !empty(self::$image_info['image_delete_hash']) && $deleteHash === self::$image_info['image_delete_hash'] ? true : false; switch ($this->template) { case 'delete': if (!$image_delete_proceed) { $this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . self::$id_public, 301); } self::$delete_image_confirm_url = __CHV_BASE_URL__ . 'delete-confirm/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash']; self::$doctitle = get_lang_txt('doctitle_delete_confirm') . ' ' . self::$image_info['image_filename']; break; case 'delete-confirm': if (!$image_delete_proceed) { json_output(array('status_code' => 403, 'status_txt' => 'invalid delete hash')); } else { require_once __CHV_PATH_ADMIN_CLASSES__ . 'class.manage.php'; $manage = new Manage(array('id' => self::$image_info['image_id'], 'action' => 'delete')); if ($manage->dead) { $json_array = array('status_code' => 403, 'status_txt' => $manage->error); } else { $json_array = $manage->process(); } } // Make the status_txt more readable... switch ($json_array['status_code']) { case 200: $json_array['status_txt'] = get_lang_txt('txt_image_deleted'); break; default: case 403: $json_array['status_txt'] = get_lang_txt('txt_error_deleting_image'); break; } json_output($json_array); break; default: self::$doctitle = get_lang_txt('doctitle_viewing_image') . ' ' . self::$image_info['image_filename']; break; } } } } if ($this->template == 404) { status_header(404); self::$doctitle = check_value(self::$doctitle) ? self::$doctitle : get_lang_txt('txt_404_title'); } else { status_header(200); } // We load the template if ($this->template == 'bool') { exit(json_encode(true)); } else { $this->load_template(); } }
<?php } ?> </head> <body> <div id="wrap"> <div id="top"> <a href="<?php show_base_url(); ?> "><img src="<?php show_theme_imgdir(); ?> logo.png" alt="<?php echo chevereto_config('site_name'); ?> " /></a> <?php if (is_logged_user()) { ?> <div id="logged">You are logged in <span class="sep">·</span> <a rel="logout"><?php show_lang_txt('txt_logout'); ?> </a></div><?php } ?> </div>
} /*** Session ***/ if (array_key_exists('sID', $_REQUEST)) { session_id($_REQUEST['sID']); } @session_start(); /** Block the invalid request ***/ if (is_invalid_request()) { json_output(array('error' => 'true', 'errorMsg' => 'bad request')); } /*** Detect Flood ***/ if (is_upload_flood()) { json_output(array('error' => 'true', 'errorMsg' => 'flood detected')); } /*** Ask for credentials ***/ if (is_config_private_mode() && !is_logged_user()) { json_output(array('error' => 'true', 'errorMsg' => 'login needed')); } /** Call the upload class ***/ require_once __CHV_PATH_CLASSES__ . 'class.upload.php'; $upload = new Upload($to_upload); if ($is_remote) { $upload->is_remote = true; } $upload->img_upload_path = __CHV_PATH_IMAGES__; if (isset($to_resize)) { $upload->resize_width = $to_resize; } $upload->thumb_width = chevereto_config('thumb_width'); $upload->thumb_height = chevereto_config('thumb_height'); $upload->max_size = return_bytes(chevereto_config('max_filesize'));