function ws_images_addFlickr($photo, &$service)
{
if (!is_admin()) {
return new PwgError(403, 'Forbidden');
}
global $conf;
if (empty($conf['flickr2piwigo']['api_key']) or empty($conf['flickr2piwigo']['secret_key'])) {
return new PwgError(null, l10n('Please fill your API keys on the configuration tab'));
}
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
include_once PHPWG_ROOT_PATH . 'admin/include/functions_upload.inc.php';
include_once FLICKR_PATH . 'include/functions.inc.php';
if (test_remote_download() === false) {
return new PwgError(null, l10n('No download method available'));
}
// init flickr API
include_once FLICKR_PATH . 'include/phpFlickr/phpFlickr.php';
$flickr = new phpFlickr($conf['flickr2piwigo']['api_key'], $conf['flickr2piwigo']['secret_key']);
$flickr->enableCache('fs', FLICKR_FS_CACHE);
// user
$u = $flickr->test_login();
if ($u === false or empty($_SESSION['phpFlickr_auth_token'])) {
return new PwgError(403, l10n('API not authenticated'));
}
// photos infos
$photo_f = $flickr->photos_getInfo($photo['id']);
$photo = array_merge($photo, $photo_f['photo']);
$photo['url'] = $flickr->get_biggest_size($photo['id'], 'original');
$photo['path'] = FLICKR_FS_CACHE . 'flickr-' . $u['username'] . '-' . $photo['id'] . '.' . get_extension($photo['url']);
// copy file
if (download_remote_file($photo['url'], $photo['path']) == false) {
return new PwgError(null, l10n('Can\'t download file'));
}
// category
if (!preg_match('#^[0-9]+$#', $photo['category'])) {
$categories_names = explode(',', $photo['category']);
$photo['category'] = array();
foreach ($categories_names as $category_name) {
$query = '
SELECT id FROM ' . CATEGORIES_TABLE . '
WHERE LOWER(name) = "' . strtolower($category_name) . '"
;';
$result = pwg_query($query);
if (pwg_db_num_rows($result)) {
list($cat_id) = pwg_db_fetch_row($result);
$photo['category'][] = $cat_id;
} else {
$cat = create_virtual_category($category_name);
$photo['category'][] = $cat['id'];
}
}
} else {
$photo['category'] = array($photo['category']);
}
// add photo
$photo['image_id'] = add_uploaded_file($photo['path'], basename($photo['path']), $photo['category']);
// do some updates
if (!empty($photo['fills'])) {
$photo['fills'] = rtrim($photo['fills'], ',');
$photo['fills'] = explode(',', $photo['fills']);
$updates = array();
if (in_array('fill_name', $photo['fills'])) {
$updates['name'] = pwg_db_real_escape_string($photo['title']);
}
if (in_array('fill_posted', $photo['fills'])) {
$updates['date_available'] = date('Y-m-d H:i:s', $photo['dates']['posted']);
}
if (in_array('fill_taken', $photo['fills'])) {
$updates['date_creation'] = $photo['dates']['taken'];
}
if (in_array('fill_author', $photo['fills'])) {
$updates['author'] = pwg_db_real_escape_string($photo['owner']['username']);
}
if (in_array('fill_description', $photo['fills'])) {
$updates['comment'] = pwg_db_real_escape_string(@$photo['description']);
}
if (in_array('fill_geotag', $photo['fills']) and !empty($photo['location'])) {
$updates['latitude'] = pwg_db_real_escape_string($photo['location']['latitude']);
$updates['longitude'] = pwg_db_real_escape_string($photo['location']['longitude']);
}
if (in_array('level', $photo['fills']) && !$photo['visibility']['ispublic']) {
$updates['level'] = 8;
if ($photo['visibility']['isfamily']) {
$updates['level'] = 4;
}
if ($photo['visibility']['isfriend']) {
$updates['level'] = 2;
}
}
if (count($updates)) {
single_update(IMAGES_TABLE, $updates, array('id' => $photo['image_id']));
}
if (!empty($photo['tags']['tag']) and in_array('fill_tags', $photo['fills'])) {
$raw_tags = array_map(create_function('$t', 'return $t["_content"];'), $photo['tags']['tag']);
$raw_tags = implode(',', $raw_tags);
set_tags(get_tag_ids($raw_tags), $photo['image_id']);
}
}
return l10n('Photo "%s" imported', $photo['title']);
}
/**
* Default method for user login, can be overwritten with 'try_log_user' trigger.
* @see try_log_user()
*
* @param string $username
* @param string $password
* @param bool $remember_me
* @return bool
*/
function pwg_login($success, $username, $password, $remember_me)
{
if ($success === true) {
return true;
}
// we force the session table to be clean
pwg_session_gc();
global $conf;
// retrieving the encrypted password of the login submitted
$query = '
SELECT ' . $conf['user_fields']['id'] . ' AS id,
' . $conf['user_fields']['password'] . ' AS password
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\'
;';
$row = pwg_db_fetch_assoc(pwg_query($query));
if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id'])) {
log_user($row['id'], $remember_me);
trigger_notify('login_success', stripslashes($username));
return true;
}
trigger_notify('login_failure', stripslashes($username));
return false;
}
function plugin_install($id, $version, &$errors)
{
global $conf;
/* ****************************************************************** */
/* **************** BEGIN - Data preparation in vars **************** */
/* ****************************************************************** */
$defaultPH = array();
// Set current plugin version in config table
$plugin = PHInfos(PH_PATH);
$version = $plugin['version'];
// Default global parameters for Prune History conf
// -------------------------------------------------
$defaultPH = array('PHVersion' => $version, 'AUTOPRUNE' => 'false', 'RANGEVALUE' => '0', 'RANGE' => '0');
// Create Prune History conf if not already exists
// ------------------------------------------------
$query = '
SELECT param
FROM ' . CONFIG_TABLE . '
WHERE param = "PruneHistory"
;';
$count = pwg_db_num_rows(pwg_query($query));
if ($count == 0) {
$q = '
INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment)
VALUES ("PruneHistory","' . pwg_db_real_escape_string(serialize($defaultPH)) . '","Prune History parameters")
;';
pwg_query($q);
}
}
function upgrade_210()
{
global $conf;
$default = array('Blacklist' => "0", 'Version' => "2.1.1");
$q = '
INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment)
VALUES ("HistoryIPConfig","' . pwg_db_real_escape_string(serialize($default)) . '","History IP Excluder options");
';
pwg_query($q);
upgrade_211();
}
function plugin_install()
{
$eml_conf = array('content' => '', 'enabled' => false);
$query = '
INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment)
VALUES (
\'eml\',
\'' . pwg_db_real_escape_string(serialize($eml_conf)) . '\',
\'Parameters of Extend Notification Link plugin\'
)
;';
pwg_query($query);
}
function activate($theme_version, &$errors = array())
{
global $conf, $prefixeTable;
if (empty($conf['smartpocket'])) {
$conf['smartpocket'] = serialize($this->default_conf);
$query = "\n INSERT INTO " . CONFIG_TABLE . " (param,value,comment)\n VALUES ('smartpocket' , '" . pwg_db_real_escape_string($conf['smartpocket']) . "' , 'loop#autohide');";
pwg_query($query);
} elseif (count(unserialize($conf['smartpocket'])) != 2) {
$conff = unserialize($conf['smartpocket']);
$config = array('loop' => !empty($conff['loop']) ? $conff['loop'] : true, 'autohide' => !empty($conff['autohide']) ? $conff['autohide'] : 5000);
conf_update_param('smartpocket', pwg_db_real_escape_string(serialize($config)));
load_conf_from_db();
}
$this->installed = true;
}
function upgrade_100_110()
{
global $conf;
load_language('plugin.lang', PH_PATH);
// Upgrading options - Changing config variables to assoc array
// ------------------------------------------------------------
// Upgrade $conf_PH options
$conf_PH = unserialize($conf['PruneHistory']);
$Newconf_PH = array('PHVersion' => $conf_PH[0], 'AUTOPRUNE' => $conf_PH[1], 'RANGEVALUE' => $conf_PH[2], 'RANGE' => $conf_PH[3]);
// unset obsolete conf
// -------------------
for ($i = 0; $i <= 3; $i++) {
unset($conf_PH[$i]);
}
$update_conf = serialize($Newconf_PH);
conf_update_param('PruneHistory', pwg_db_real_escape_string($update_conf));
}
function plugin_install($id, $version, &$errors)
{
global $conf;
// Set current plugin version in config table
$plugin = CM_Infos(CM_PATH);
$version = $plugin['version'];
$default = array('CMVersion' => $version, 'CM_No_Comment_Anonymous' => 'false', 'CM_GROUPCOMM' => 'false', 'CM_ALLOWCOMM_GROUP' => -1, 'CM_GROUPVALID1' => 'false', 'CM_VALIDCOMM1_GROUP' => -1, 'CM_GROUPVALID2' => 'false', 'CM_VALIDCOMM2_GROUP' => -1);
$query = '
SELECT param
FROM ' . CONFIG_TABLE . '
WHERE param = "CommentsManager"
;';
$count = pwg_db_num_rows(pwg_query($query));
if ($count == 0) {
$q = '
INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment)
VALUES ("CommentsManager","' . pwg_db_real_escape_string(serialize($default)) . '","Comments Access Manager parameters")
;';
pwg_query($q);
}
}
function upgrade_240_250()
{
global $conf;
load_language('plugin.lang', REGFLUXBB_PATH);
$plugin = RegFluxBB_Infos(REGFLUXBB_PATH);
$version = $plugin['version'];
// Upgrading options - Changing config variables to assoc array
// ------------------------------------------------------------
$conf_RegFluxBB = isset($conf['Register_FluxBB']) ? explode(";", $conf['Register_FluxBB']) : array();
$Newconf_RegFluxBB = array('REGFLUXBB_VERSION' => $version, 'FLUXBB_PREFIX' => $conf_RegFluxBB[0], 'FLUXBB_ADMIN' => $conf_RegFluxBB[1], 'FLUXBB_GUEST' => $conf_RegFluxBB[2], 'FLUXBB_DEL_PT' => $conf_RegFluxBB[3], 'FLUXBB_CONFIRM' => $conf_RegFluxBB[4], 'FLUXBB_DETAIL' => $conf_RegFluxBB[5], 'FLUXBB_UAM_LINK' => $conf_RegFluxBB[6], 'FLUXBB_GROUP' => $conf_RegFluxBB[7]);
$update_conf = serialize($Newconf_RegFluxBB);
$q = '
DELETE FROM ' . CONFIG_TABLE . '
WHERE param="Register_FluxBB" LIMIT 1
;';
pwg_query($q);
$q = '
INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment)
VALUES ("Register_FluxBB","' . pwg_db_real_escape_string($update_conf) . '","Register_FluxBB parameters")
;';
pwg_query($q);
}
function plugin_install($id, $version, &$errors)
{
global $prefixeTable, $conf;
// Set current plugin version in config table
$plugin = RegFluxBB_Infos(REGFLUXBB_PATH);
$version = $plugin['version'];
// Default global parameters for RegisterFluxBB conf
// -------------------------------------------------
$defaultRegFluxBB = array('REGFLUXBB_VERSION' => $version, 'FLUXBB_PREFIX' => '', 'FLUXBB_ADMIN' => '', 'FLUXBB_GUEST' => '', 'FLUXBB_DEL_PT' => 'false', 'FLUXBB_CONFIRM' => 'false', 'FLUXBB_DETAIL' => 'false', 'FLUXBB_UAM_LINK' => 'false', 'FLUXBB_GROUP' => '');
// Create RegisterFluxBB conf if not already exists
// ------------------------------------------------
$query = '
SELECT param
FROM ' . CONFIG_TABLE . '
WHERE param = "Register_FluxBB"
;';
$count = pwg_db_num_rows(pwg_query($query));
if ($count == 0) {
$q = '
INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment)
VALUES ("Register_FluxBB","' . pwg_db_real_escape_string(serialize($defaultRegFluxBB)) . '","Register_FluxBB parameters")
;';
pwg_query($q);
}
// Create relation table between FluxBB and Piwigo
// -----------------------------------------------
$q = '
CREATE TABLE IF NOT EXISTS ' . Register_FluxBB_ID_TABLE . ' (
id_user_pwg smallint(5) NOT NULL default "0",
id_user_FluxBB int(10) NOT NULL default "0",
PwdSynch varchar(3) default NULL,
PRIMARY KEY (id_user_pwg),
KEY id_user_pwg (id_user_pwg, id_user_FluxBB, PwdSynch)
)
;';
pwg_query($q);
}
function plugin_install($id, $version, &$errors)
{
global $conf;
// Set plugin parameters
$default = array();
$query = '
SELECT param
FROM ' . CONFIG_TABLE . '
WHERE param = "HistoryIPExcluder"
;';
$count = pwg_db_num_rows(pwg_query($query));
if ($count == 0) {
$q = '
INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment)
VALUES ("HistoryIPExcluder","","History IP Excluder parameters");
';
pwg_query($q);
}
// Set plugin config
$plugin = HIPE_infos(HIPE_PATH);
$version = $plugin['version'];
$default = array('Blacklist' => "0", 'Version' => $version);
$query = '
SELECT param
FROM ' . CONFIG_TABLE . '
WHERE param = "HistoryIPConfig"
;';
$count = pwg_db_num_rows(pwg_query($query));
if ($count == 0) {
$q = '
INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment)
VALUES ("HistoryIPConfig","' . pwg_db_real_escape_string(serialize($default)) . '","History IP Excluder options");
';
pwg_query($q);
}
}
Audit_PWG_PhpBB();
} else {
if (isset($_GET['action']) and $_GET['action'] == 'new_link' and isset($_GET['pwg_id']) and isset($_GET['bb_id'])) {
PhpBB_Linkuser($_GET['pwg_id'], $_GET['bb_id']);
Audit_PWG_PhpBB();
} else {
if (isset($_GET['action']) and $_GET['action'] == 'sync_user' and isset($_GET['username'])) {
$query = "\nSELECT id AS id_pwg, username, password, mail_address\nFROM " . USERS_TABLE . "\nWHERE BINARY username = BINARY '" . pwg_db_real_escape_string($_GET['username']) . "'\nLIMIT 1\n;";
$data = pwg_db_fetch_assoc(pwg_query($query));
if (!empty($data)) {
PhpBB_Updateuser($data['id_pwg'], stripslashes($data['username']), $data['password'], $data['mail_address']);
}
Audit_PWG_PhpBB();
} else {
if (isset($_GET['action']) and $_GET['action'] == 'add_user' and isset($_GET['username'])) {
$query = "\nSELECT id, username, password, mail_address\nFROM " . USERS_TABLE . "\nWHERE BINARY username = BINARY '" . pwg_db_real_escape_string($_GET['username']) . "'\nLIMIT 1\n;";
$data = pwg_db_fetch_assoc(pwg_query($query));
if (!empty($data)) {
PhpBB_Adduser($data['id'], stripslashes($data['username']), $data['password'], $data['mail_address']);
}
Audit_PWG_PhpBB();
} else {
if (isset($_GET['action']) and $_GET['action'] == 'del_user' and isset($_GET['id'])) {
PhpBB_Deluser($_GET['id'], true);
Audit_PWG_PhpBB();
}
}
}
}
}
}
function upgradeCM_240_250()
{
global $conf;
// Upgrading options - Changing config variables to assoc array
// ------------------------------------------------------------
// Upgrade $conf_CM options
$conf_CM = unserialize($conf['CommentsManager']);
$Newconf_CM = array('CMVersion' => $conf_CM[0], 'CM_No_Comment_Anonymous' => $conf_CM[1], 'CM_GROUPCOMM' => $conf_CM[2], 'CM_ALLOWCOMM_GROUP' => $conf_CM[3], 'CM_GROUPVALID1' => $conf_CM[4], 'CM_VALIDCOMM1_GROUP' => $conf_CM[5], 'CM_GROUPVALID2' => $conf_CM[6], 'CM_VALIDCOMM2_GROUP' => $conf_CM[7]);
// unset obsolete conf
// -------------------
for ($i = 0; $i <= 7; $i++) {
unset($conf_CM[$i]);
}
$update_conf = serialize($Newconf_CM);
conf_update_param('CommentsManager', pwg_db_real_escape_string($update_conf));
}
/**
* register page
*/
function oauth_begin_register()
{
global $conf, $template, $hybridauth_conf, $page, $user;
if ($hybridauth_conf['enabled'] == 0) {
return;
}
// coming from identification page
if (pwg_get_session_var('oauth_new_user') != null) {
list($provider, $user_identifier) = pwg_get_session_var('oauth_new_user');
try {
if ($provider == 'Persona') {
$template->assign('OAUTH_USER', array('provider' => 'Persona', 'username' => $user_identifier, 'u_profile' => null, 'avatar' => null));
oauth_assign_template_vars();
$template->append('OAUTH', array('persona_email' => $user_identifier), true);
$conf['oauth']['include_common_template'] = true;
} else {
require_once OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php';
$hybridauth = new Hybrid_Auth($hybridauth_conf);
$adapter = $hybridauth->authenticate($provider);
$remote_user = $adapter->getUserProfile();
// security, check remote identifier
if ($remote_user->identifier != $user_identifier) {
pwg_unset_session_var('oauth_new_user');
throw new Exception('Hacking attempt!', 403);
}
$template->assign('OAUTH_USER', array('provider' => $hybridauth_conf['providers'][$provider]['name'], 'username' => $remote_user->displayName, 'u_profile' => $remote_user->profileURL, 'avatar' => $remote_user->photoURL));
}
$oauth_id = pwg_db_real_escape_string($provider . '---' . $user_identifier);
$page['infos'][] = l10n('Your registration is almost done, please complete the registration form.');
// register form submited
if (isset($_POST['submit'])) {
$user_id = register_user($_POST['login'], hash('sha1', $oauth_id . $conf['secret_key']), $_POST['mail_address'], true, $page['errors'], false);
if ($user_id !== false) {
pwg_unset_session_var('oauth_new_user');
// update oauth field
single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user_id));
// log_user and redirect
log_user($user_id, false);
redirect('profile.php');
}
unset($_POST['submit']);
} else {
if (isset($_POST['login']) && $conf['oauth']['allow_merge_accounts']) {
if ($conf['insensitive_case_logon'] == true) {
$_POST['username'] = search_case_username($_POST['username']);
}
$user_id = get_userid($_POST['username']);
if ($user_id === false) {
$page['errors'][] = l10n('Invalid username or email');
} else {
if ($user_id == $conf['webmaster_id']) {
$page['errors'][] = l10n('For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.');
} else {
if (pwg_login(false, $_POST['username'], $_POST['password'], false)) {
// update oauth field
single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user['id']));
pwg_unset_session_var('oauth_new_user');
redirect('profile.php');
} else {
$page['errors'][] = l10n('Invalid password!');
}
}
}
}
}
// overwrite fields with remote datas
if ($provider == 'Persona') {
$_POST['login'] = '';
$_POST['mail_address'] = $user_identifier;
} else {
$_POST['login'] = $remote_user->displayName;
$_POST['mail_address'] = $remote_user->email;
}
// template
$template->assign('OAUTH_PATH', OAUTH_PATH);
if ($conf['oauth']['allow_merge_accounts']) {
$template->assign('OAUTH_LOGIN_IN_REGISTER', true);
$template->set_prefilter('register', 'oauth_add_login_in_register');
} else {
$template->set_prefilter('register', 'oauth_add_profile_prefilter');
$template->set_prefilter('register', 'oauth_remove_password_fields_prefilter');
}
} catch (Exception $e) {
$page['errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode());
}
} else {
if ($conf['oauth']['display_register']) {
oauth_assign_template_vars(get_gallery_home_url());
$template->set_prefilter('register', 'oauth_add_buttons_prefilter');
}
}
}
<?php
// Need upgrade?
global $conf;
include PHPWG_THEMES_PATH . 'elegant/admin/upgrade.inc.php';
load_language('theme.lang', PHPWG_THEMES_PATH . 'elegant/');
$config_send = array();
if (isset($_POST['submit_elegant'])) {
$config_send['p_main_menu'] = (isset($_POST['p_main_menu']) and !empty($_POST['p_main_menu'])) ? $_POST['p_main_menu'] : 'on';
$config_send['p_pict_descr'] = (isset($_POST['p_pict_descr']) and !empty($_POST['p_pict_descr'])) ? $_POST['p_pict_descr'] : 'on';
$config_send['p_pict_comment'] = (isset($_POST['p_pict_comment']) and !empty($_POST['p_pict_comment'])) ? $_POST['p_pict_comment'] : 'off';
$conf['elegant'] = serialize($config_send);
conf_update_param('elegant', pwg_db_real_escape_string($conf['elegant']));
array_push($page['infos'], l10n('Information data registered in database'));
}
$template->set_filenames(array('theme_admin_content' => dirname(__FILE__) . '/admin.tpl'));
$template->assign('options', unserialize($conf['elegant']));
$template->assign_var_from_handle('ADMIN_CONTENT', 'theme_admin_content');
$template->assign('GB_OPEN', true);
$page['errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
break;
default:
trigger_error('Invalid comment action ' . $comment_action, E_USER_WARNING);
}
}
// +-----------------------------------------------------------------------+
// | display comments |
// +-----------------------------------------------------------------------+
$where_clauses = array('1=1');
if (!is_admin()) {
$where_clauses[] = 'validated = \'true\'';
}
if (isset($_GET['comment_id'])) {
$where_clauses[] = 'com.id = ' . pwg_db_real_escape_string($_GET['comment_id']);
}
// number of comments for this picture
$query = '
SELECT
COUNT(*) AS nb_comments
FROM ' . GUESTBOOK_TABLE . ' as com
WHERE ' . implode(' AND ', $where_clauses) . '
;';
$row = pwg_db_fetch_assoc(pwg_query($query));
// navigation bar creation
$page['start'] = 0;
if (isset($_GET['start']) && is_numeric($_GET['start']) && $_GET['start'] >= 0) {
$page['start'] = $_GET['start'];
}
$navigation_bar = create_navigation_bar(GUESTBOOK_URL, $row['nb_comments'], $page['start'], $conf['guestbook']['nb_comment_page'], false);
<?php
// Chech whether we are indeed included by Piwigo.
if (!defined('PHPWG_ROOT_PATH')) {
die('Hacking attempt!');
}
load_language('plugin.lang', STAT_PATH);
$eml_conf = unserialize($conf['eml']);
$template->assign(array('EML_CONTENT' => $eml_conf['content'], 'EML_ENABLED' => $eml_conf['enabled'] ? 'checked="checked"' : ''));
if (isset($_POST['submit'])) {
$eml_content = stripslashes($_POST['eml_content']);
$eml_conf = array('content' => $eml_content, 'enabled' => isset($_POST['eml_enabled']));
$query = '
UPDATE ' . CONFIG_TABLE . '
SET value = \'' . pwg_db_real_escape_string(serialize($eml_conf)) . '\'
WHERE param = \'eml\'
;';
pwg_query($query);
array_push($page['infos'], l10n('Config saved'));
$template->assign(array('EML_CONTENT' => $eml_content, 'EML_ENABLED' => isset($_POST['eml_enabled']) ? 'checked="checked"' : ''));
}
// Add our template to the global template
$template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/admin.tpl'));
// Assign the template contents to ADMIN_CONTENT
$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
if (!empty($_POST['start_year'])) {
$search['fields'][$type_date . '-after'] = array('date' => sprintf('%d-%02d-%02d 00:00:00', $_POST['start_year'], $_POST['start_month'] != 0 ? $_POST['start_month'] : '01', $_POST['start_day'] != 0 ? $_POST['start_day'] : '01'), 'inc' => true);
}
if (!empty($_POST['end_year'])) {
$search['fields'][$type_date . '-before'] = array('date' => sprintf('%d-%02d-%02d 23:59:59', $_POST['end_year'], $_POST['end_month'] != 0 ? $_POST['end_month'] : '12', $_POST['end_day'] != 0 ? $_POST['end_day'] : '31'), 'inc' => true);
}
if (!empty($search)) {
// default search mode : each clause must be respected
$search['mode'] = 'AND';
// register search rules in database, then they will be available on
// thumbnails page and picture page.
$query = '
INSERT INTO ' . SEARCH_TABLE . '
(rules, last_seen)
VALUES
(\'' . pwg_db_real_escape_string(serialize($search)) . '\', NOW())
;';
pwg_query($query);
$search_id = pwg_db_insert_id(SEARCH_TABLE);
} else {
$page['errors'][] = l10n('Empty query. No criteria has been entered.');
}
}
//----------------------------------------------------------------- redirection
if (isset($_POST['submit']) and count($page['errors']) == 0) {
redirect(make_index_url(array('section' => 'search', 'search' => $search_id)));
}
//----------------------------------------------------- template initialization
//
// Start output of page
//
}
}
if ($is_plugin_installed) {
$query = '
SELECT
id,
datas
FROM ' . $plugin_table . '
WHERE path LIKE \'%plugins/PWG_Stuffs/modules/Personal%\'
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$content_orig = $row['datas'];
$content_new = serialize(replace_hotlinks(unserialize($content_orig)));
if ($content_orig != $content_new) {
single_update($plugin_table, array('datas' => pwg_db_real_escape_string($content_new)), array('id' => $row['id']));
}
}
$upgrade_description .= ', PWG Stuffs';
}
$upgrade_description .= ')';
echo "\n" . $upgrade_description . "\n";
// +-----------------------------------------------------------------------+
// | Functions |
// +-----------------------------------------------------------------------+
function replace_hotlinks($string)
{
global $conf;
// websize 2.3 = medium 2.4
$string = preg_replace('#(upload/\\d{4}/\\d{2}/\\d{2}/\\d{14}-\\w{8})(\\.(jpg|png))#', 'i.php?/$1-me$2', $string);
// I've tried but I didn't find the way to do it correctly
function login($success, $username, $password, $remember_me)
{
global $conf;
$allow_auth = False;
$obj = new Ldap();
$obj->load_config();
$obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString());
// if there's a users group...
if ($obj->config['users_group']) {
// and the user is in
if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) {
// it can continue
$allow_auth = True;
} else {
// otherwise it means the user is not allowed to enter !
fail($username);
}
} else {
// if there's no user group, we can continue.
$allow_auth = True;
}
if ($allow_auth) {
if ($obj->ldap_bind_as($username, $password)) {
// bind with userdn
// search user in piwigo database
$query = '
SELECT ' . $conf['user_fields']['id'] . ' AS id
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';';
$row = pwg_db_fetch_assoc(pwg_query($query));
// if query is not empty, it means everything is ok and we can continue, auth is done !
if (!empty($row['id'])) {
update_user($username, $row['id']);
log_user($row['id'], $remember_me);
trigger_action('login_success', stripslashes($username));
return True;
} else {
// this is where we check we are allowed to create new users upon that.
if ($obj->config['allow_newusers']) {
// we got the email address
if ($obj->ldap_mail($username)) {
$mail = $obj->ldap_mail($username);
} else {
$mail = NULL;
}
// we actually register the new user
$new_id = register_user($username, random_password(8), $mail);
update_user($username, $new_id);
// now we fetch again his id in the piwigo db, and we get them, as we just created him !
log_user($new_id, False);
trigger_action('login_success', stripslashes($username));
redirect('profile.php');
return true;
} else {
fail($username);
}
}
} else {
fail($username);
}
} else {
fail($username);
}
}
/**
* checks the activation key: does it match the expected pattern? is it
* linked to a user? is this user allowed to reset his password?
*
* @return mixed (user_id if OK, false otherwise)
*/
function check_password_reset_key($reset_key)
{
global $page, $conf;
list($key, $email) = explode('-', $reset_key, 2);
if (!preg_match('/^[a-z0-9]{20}$/i', $key)) {
$page['errors'][] = l10n('Invalid key');
return false;
}
$user_ids = array();
$query = '
SELECT
' . $conf['user_fields']['id'] . ' AS id
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['email'] . ' = \'' . pwg_db_real_escape_string($email) . '\'
;';
$user_ids = query2array($query, null, 'id');
if (count($user_ids) == 0) {
$page['errors'][] = l10n('Invalid username or email');
return false;
}
$user_id = null;
$query = '
SELECT
user_id,
status,
activation_key,
activation_key_expire,
NOW() AS dbnow
FROM ' . USER_INFOS_TABLE . '
WHERE user_id IN (' . implode(',', $user_ids) . ')
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
if (pwg_password_verify($key, $row['activation_key'])) {
if (strtotime($row['dbnow']) > strtotime($row['activation_key_expire'])) {
// key has expired
$page['errors'][] = l10n('Invalid key');
return false;
}
if (is_a_guest($row['status']) or is_generic($row['status'])) {
$page['errors'][] = l10n('Password reset is not allowed for this user');
return false;
}
$user_id = $row['user_id'];
}
}
if (empty($user_id)) {
$page['errors'][] = l10n('Invalid key');
return false;
}
return $user_id;
}
function check_extensions()
{
global $conf;
if (!$this->get_server_extensions()) {
return false;
}
$_SESSION['extensions_need_update'] = array();
foreach ($this->types as $type) {
$fs = 'fs_' . $type;
$server = 'server_' . $type;
$server_ext = $this->{$type}->{$server};
$fs_ext = $this->{$type}->{$fs};
$ignore_list = array();
$need_upgrade = array();
foreach ($fs_ext as $ext_id => $fs_ext) {
if (isset($fs_ext['extension']) and isset($server_ext[$fs_ext['extension']])) {
$ext_info = $server_ext[$fs_ext['extension']];
if (!safe_version_compare($fs_ext['version'], $ext_info['revision_name'], '>=')) {
if (in_array($ext_id, $conf['updates_ignored'][$type])) {
$ignore_list[] = $ext_id;
} else {
$_SESSION['extensions_need_update'][$type][$ext_id] = $ext_info['revision_name'];
}
}
}
}
$conf['updates_ignored'][$type] = $ignore_list;
}
conf_update_param('updates_ignored', pwg_db_real_escape_string(serialize($conf['updates_ignored'])));
}
function plugin_install($id, $version, &$errors)
{
global $conf;
// Set current plugin version in config table
// ------------------------------------------
$plugin = PPInfos(PP_PATH);
$version = $plugin['version'];
/* ****************************************************************** */
/* **************** BEGIN - Data preparation in vars **************** */
/* ****************************************************************** */
// Default global parameters for PasswordPolicy conf
// -------------------------------------------------
$defaultPP = array('PPVersion' => $version, 'PASSWORDENF' => 'false', 'PASSWORD_SCORE' => '100', 'ADMINPASSWENF' => 'false', 'PWDRESET' => 'false', 'LOGFAILBLOCK' => 'false', 'NBLOGFAIL' => '0', 'USRLOCKEDTXT' => l10n('PP_User_Account_Locked_Txt'));
/* **************************************************************** */
/* **************** END - Data preparation in vars **************** */
/* **************************************************************** */
/* ***************************************************************************** */
/* **************** BEGIN - Database actions and initialization **************** */
/* ***************************************************************************** */
// Create PasswordPolicy conf if not already exists
// ------------------------------------------------
$query = '
SELECT param
FROM ' . CONFIG_TABLE . '
WHERE param = "PasswordPolicy"
;';
$count = pwg_db_num_rows(pwg_query($query));
if ($count == 0) {
$q = '
INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment)
VALUES ("PasswordPolicy","' . pwg_db_real_escape_string(serialize($defaultPP)) . '","Password Policy parameters")
;';
pwg_query($q);
}
// Piwigo's native tables modifications for password reset function - Add pwdreset column if not already exists
// ------------------------------------------------------------------------------------------------------------
$query = '
SHOW COLUMNS FROM ' . USERS_TABLE . '
LIKE "PP_pwdreset"
;';
$result = pwg_query($query);
if (!pwg_db_fetch_row($result)) {
$q = '
ALTER TABLE ' . USERS_TABLE . '
ADD PP_pwdreset enum("true","false")
;';
pwg_query($q);
}
// Piwigo's native tables modifications for failed login attempts count
// --------------------------------------------------------------------
$query = '
SHOW COLUMNS FROM ' . USERS_TABLE . '
LIKE "PP_loginfailcount"
;';
$result = pwg_query($query);
if (!pwg_db_fetch_row($result)) {
$q = '
ALTER TABLE ' . USERS_TABLE . '
ADD PP_loginfailcount INT NOT NULL DEFAULT "0"
;';
pwg_query($q);
}
// Piwigo's native tables modifications for locked accounts
// --------------------------------------------------------
$query = '
SHOW COLUMNS FROM ' . USERS_TABLE . '
LIKE "PP_lock"
;';
$result = pwg_query($query);
if (!pwg_db_fetch_row($result)) {
$q = '
ALTER TABLE ' . USERS_TABLE . '
ADD PP_lock enum("true","false")
;';
pwg_query($q);
}
/* *************************************************************************** */
/* **************** END - Database actions and initialization **************** */
/* *************************************************************************** */
}
function PhpBB_Updateuser($pwg_id, $username, $password, $adresse_mail)
{
include_once PHPWG_ROOT_PATH . 'include/common.inc.php';
$query = "\nSELECT id_user_PhpBB as PhpBB_id\nFROM " . Register_PhpBB_ID_TABLE . "\nWHERE id_user_pwg = " . $pwg_id . "\n;";
$row = pwg_db_fetch_assoc(pwg_query($query));
if (!empty($row)) {
$query = "\nUPDATE " . PhpBB_USERS_TABLE . "\nSET username = '******', username_clean = '" . strtolower(pwg_db_real_escape_string($username)) . "', user_email = '" . $adresse_mail . "', user_password = '******'\nWHERE user_id = " . $row['PhpBB_id'] . "\n;";
$result = pwg_query($query);
PhpBB_Linkuser($pwg_id, $row['PhpBB_id']);
} else {
$query = "\nSELECT user_id as PhpBB_id\nFROM " . PhpBB_USERS_TABLE . "\nWHERE BINARY username = BINARY '" . pwg_db_real_escape_string($username) . "'\n;";
$row = pwg_db_fetch_assoc(pwg_query($query));
if (!empty($row)) {
$query = "\nUPDATE " . PhpBB_USERS_TABLE . "\nSET username = '******', username_clean = '" . strtolower(pwg_db_real_escape_string($username)) . "', user_email = '" . $adresse_mail . "', user_password = '******'\nWHERE user_id = " . $row['PhpBB_id'] . "\n;";
$result = pwg_query($query);
PhpBB_Linkuser($pwg_id, $row['PhpBB_id']);
}
}
}
function check_upgrade_access_rights()
{
global $conf, $page, $current_release;
if (version_compare($current_release, '2.0', '>=') and isset($_COOKIE[session_name()])) {
// Check if user is already connected as webmaster
session_start();
if (!empty($_SESSION['pwg_uid'])) {
$query = '
SELECT status
FROM ' . USER_INFOS_TABLE . '
WHERE user_id = ' . $_SESSION['pwg_uid'] . '
;';
pwg_query($query);
$row = pwg_db_fetch_assoc(pwg_query($query));
if (isset($row['status']) and $row['status'] == 'webmaster') {
define('PHPWG_IN_UPGRADE', true);
return;
}
}
}
if (!isset($_POST['username']) or !isset($_POST['password'])) {
return;
}
$username = $_POST['username'];
$password = $_POST['password'];
if (!@get_magic_quotes_gpc()) {
$username = pwg_db_real_escape_string($username);
}
if (version_compare($current_release, '2.0', '<')) {
$username = utf8_decode($username);
$password = utf8_decode($password);
}
if (version_compare($current_release, '1.5', '<')) {
$query = '
SELECT password, status
FROM ' . USERS_TABLE . '
WHERE username = \'' . $username . '\'
;';
} else {
$query = '
SELECT u.password, ui.status
FROM ' . USERS_TABLE . ' AS u
INNER JOIN ' . USER_INFOS_TABLE . ' AS ui
ON u.' . $conf['user_fields']['id'] . '=ui.user_id
WHERE ' . $conf['user_fields']['username'] . '=\'' . $username . '\'
;';
}
$row = pwg_db_fetch_assoc(pwg_query($query));
if (!$conf['password_verify']($password, $row['password'])) {
$page['errors'][] = l10n('Invalid password!');
} elseif ($row['status'] != 'admin' and $row['status'] != 'webmaster') {
$page['errors'][] = l10n('You do not have access rights to run upgrade');
} else {
define('PHPWG_IN_UPGRADE', true);
}
}
/**
* PH specific database dump
* Creates an SQL dump of history table for safety before manual prune
*
* @returns : Boolean to manage appropriate message display
*
*/
function PH_dump($download)
{
global $conf;
$plugin = PHInfos(PH_PATH);
$version = $plugin['version'];
// Initial backup folder creation and file initialisation
// ------------------------------------------------------
if (!is_dir(PH_PATH . '/include/backup')) {
mkdir(PH_PATH . '/include/backup');
}
$Backup_File = PH_PATH . '/include/backup/PH_Historybackup.sql';
$fp = fopen($Backup_File, 'w');
// Writing plugin version
$insertions = "-- " . $version . " --\n\n";
fwrite($fp, $insertions);
// Saving History table
// --------------------
$ListTables = array(HISTORY_TABLE);
$j = 0;
while ($j < count($ListTables)) {
$sql = 'SHOW CREATE TABLE ' . $ListTables[$j];
$res = pwg_query($sql);
if ($res) {
$insertions = "-- -------------------------------------------------------\n";
$insertions .= "-- Create " . $ListTables[$j] . " table\n";
$insertions .= "-- ------------------------------------------------------\n\n";
$insertions .= "DROP TABLE IF EXISTS " . $ListTables[$j] . ";\n\n";
$array = pwg_db_fetch_row($res);
$array[1] .= ";\n\n";
$insertions .= $array[1];
$req_table = pwg_query('DESCRIBE ' . $ListTables[$j] . ';') or die(my_error());
$nb_fields = pwg_db_num_rows($req_table);
$req_table2 = pwg_query('SELECT * FROM ' . $ListTables[$j]) or die(my_error());
while ($line = pwg_db_fetch_row($req_table2)) {
$insertions .= 'INSERT INTO ' . $ListTables[$j] . ' VALUES (';
for ($i = 0; $i < $nb_fields; $i++) {
$insertions .= '\'' . pwg_db_real_escape_string($line[$i]) . '\', ';
}
$insertions = substr($insertions, 0, -2);
$insertions .= ");\n";
}
$insertions .= "\n\n";
}
fwrite($fp, $insertions);
$j++;
}
fclose($fp);
// Download generated dump file
// ----------------------------
if ($download == 'true') {
if (@filesize($Backup_File)) {
$http_headers = array('Content-Length: ' . @filesize($Backup_File), 'Content-Type: text/x-sql', 'Content-Disposition: attachment; filename="PH_Historybackup.sql";', 'Content-Transfer-Encoding: binary');
foreach ($http_headers as $header) {
header($header);
}
@readfile($Backup_File);
exit;
}
}
return true;
}
if ($count != 0) {
$page['errors'][] = l10n('This name is already used by another group.');
break;
}
// creating the group
$query = '
INSERT INTO ' . GROUPS_TABLE . '
(name)
VALUES
(\'' . pwg_db_real_escape_string($_POST['duplicate_' . $group . '']) . '\')
;';
pwg_query($query);
$query = '
SELECT id
FROM ' . GROUPS_TABLE . '
WHERE name = \'' . pwg_db_real_escape_string($_POST['duplicate_' . $group . '']) . '\'
;';
list($groupid) = pwg_db_fetch_row(pwg_query($query));
$query = '
SELECT *
FROM ' . GROUP_ACCESS_TABLE . '
WHERE group_id = ' . $group . '
;';
$grp_access = array();
$res = pwg_query($query);
while ($row = pwg_db_fetch_assoc($res)) {
$grp_access[] = array('cat_id' => $row['cat_id'], 'group_id' => $groupid);
}
mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $grp_access);
$query = '
SELECT *
/**
* Called by PHP session manager, writes data in the sessions table.
*
* @param string $session_id
* @param sring $data
* @return true
*/
function pwg_session_write($session_id, $data)
{
$query = '
REPLACE INTO ' . SESSIONS_TABLE . '
(id,data,expiration)
VALUES(\'' . get_remote_addr_session_hash() . $session_id . '\',\'' . pwg_db_real_escape_string($data) . '\',now())
;';
pwg_query($query);
return true;
}
<?php
// Need upgrade?
global $conf;
include PHPWG_THEMES_PATH . 'smartpocket/admin/upgrade.inc.php';
load_language('theme.lang', PHPWG_THEMES_PATH . 'smartpocket/');
$config_send = array();
if (isset($_POST['submit_smartpocket'])) {
$config_send['loop'] = isset($_POST['loop']);
$config_send['autohide'] = isset($_POST['autohide']) ? 5000 : 0;
$conf['smartpocket'] = serialize($config_send);
conf_update_param('smartpocket', pwg_db_real_escape_string($conf['smartpocket']));
array_push($page['infos'], l10n('Information data registered in database'));
}
$template->set_filenames(array('theme_admin_content' => dirname(__FILE__) . '/admin.tpl'));
$template->assign('options', unserialize($conf['smartpocket']));
$template->assign_var_from_handle('ADMIN_CONTENT', 'theme_admin_content');
$page['start'] = $page['startcat'] = 0;
// some ISPs set PATH_INFO to empty string or to SCRIPT_FILENAME while in the
// default apache implementation it is not set
if ($conf['question_mark_in_urls'] == false and isset($_SERVER["PATH_INFO"]) and !empty($_SERVER["PATH_INFO"])) {
$rewritten = $_SERVER["PATH_INFO"];
$rewritten = str_replace('//', '/', $rewritten);
$path_count = count(explode('/', $rewritten));
$page['root_path'] = PHPWG_ROOT_PATH . str_repeat('../', $path_count - 1);
} else {
$rewritten = '';
foreach (array_keys($_GET) as $keynum => $key) {
$rewritten = $key;
break;
}
// the $_GET keys are not protected in include/common.inc.php, only the values
$rewritten = pwg_db_real_escape_string($rewritten);
$page['root_path'] = PHPWG_ROOT_PATH;
}
if (strncmp($page['root_path'], './', 2) == 0) {
$page['root_path'] = substr($page['root_path'], 2);
}
// deleting first "/" if displayed
$tokens = explode('/', ltrim($rewritten, '/'));
// $tokens = array(
// 0 => category,
// 1 => 12-foo,
// 2 => start-24
// );
$next_token = 0;
// +-----------------------------------------------------------------------+
// | picture page |
