function ws_images_addFlickr($photo, &$service) { if (!is_admin()) { return new PwgError(403, 'Forbidden'); } global $conf; if (empty($conf['flickr2piwigo']['api_key']) or empty($conf['flickr2piwigo']['secret_key'])) { return new PwgError(null, l10n('Please fill your API keys on the configuration tab')); } include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; include_once PHPWG_ROOT_PATH . 'admin/include/functions_upload.inc.php'; include_once FLICKR_PATH . 'include/functions.inc.php'; if (test_remote_download() === false) { return new PwgError(null, l10n('No download method available')); } // init flickr API include_once FLICKR_PATH . 'include/phpFlickr/phpFlickr.php'; $flickr = new phpFlickr($conf['flickr2piwigo']['api_key'], $conf['flickr2piwigo']['secret_key']); $flickr->enableCache('fs', FLICKR_FS_CACHE); // user $u = $flickr->test_login(); if ($u === false or empty($_SESSION['phpFlickr_auth_token'])) { return new PwgError(403, l10n('API not authenticated')); } // photos infos $photo_f = $flickr->photos_getInfo($photo['id']); $photo = array_merge($photo, $photo_f['photo']); $photo['url'] = $flickr->get_biggest_size($photo['id'], 'original'); $photo['path'] = FLICKR_FS_CACHE . 'flickr-' . $u['username'] . '-' . $photo['id'] . '.' . get_extension($photo['url']); // copy file if (download_remote_file($photo['url'], $photo['path']) == false) { return new PwgError(null, l10n('Can\'t download file')); } // category if (!preg_match('#^[0-9]+$#', $photo['category'])) { $categories_names = explode(',', $photo['category']); $photo['category'] = array(); foreach ($categories_names as $category_name) { $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE LOWER(name) = "' . strtolower($category_name) . '" ;'; $result = pwg_query($query); if (pwg_db_num_rows($result)) { list($cat_id) = pwg_db_fetch_row($result); $photo['category'][] = $cat_id; } else { $cat = create_virtual_category($category_name); $photo['category'][] = $cat['id']; } } } else { $photo['category'] = array($photo['category']); } // add photo $photo['image_id'] = add_uploaded_file($photo['path'], basename($photo['path']), $photo['category']); // do some updates if (!empty($photo['fills'])) { $photo['fills'] = rtrim($photo['fills'], ','); $photo['fills'] = explode(',', $photo['fills']); $updates = array(); if (in_array('fill_name', $photo['fills'])) { $updates['name'] = pwg_db_real_escape_string($photo['title']); } if (in_array('fill_posted', $photo['fills'])) { $updates['date_available'] = date('Y-m-d H:i:s', $photo['dates']['posted']); } if (in_array('fill_taken', $photo['fills'])) { $updates['date_creation'] = $photo['dates']['taken']; } if (in_array('fill_author', $photo['fills'])) { $updates['author'] = pwg_db_real_escape_string($photo['owner']['username']); } if (in_array('fill_description', $photo['fills'])) { $updates['comment'] = pwg_db_real_escape_string(@$photo['description']); } if (in_array('fill_geotag', $photo['fills']) and !empty($photo['location'])) { $updates['latitude'] = pwg_db_real_escape_string($photo['location']['latitude']); $updates['longitude'] = pwg_db_real_escape_string($photo['location']['longitude']); } if (in_array('level', $photo['fills']) && !$photo['visibility']['ispublic']) { $updates['level'] = 8; if ($photo['visibility']['isfamily']) { $updates['level'] = 4; } if ($photo['visibility']['isfriend']) { $updates['level'] = 2; } } if (count($updates)) { single_update(IMAGES_TABLE, $updates, array('id' => $photo['image_id'])); } if (!empty($photo['tags']['tag']) and in_array('fill_tags', $photo['fills'])) { $raw_tags = array_map(create_function('$t', 'return $t["_content"];'), $photo['tags']['tag']); $raw_tags = implode(',', $raw_tags); set_tags(get_tag_ids($raw_tags), $photo['image_id']); } } return l10n('Photo "%s" imported', $photo['title']); }
/** * Default method for user login, can be overwritten with 'try_log_user' trigger. * @see try_log_user() * * @param string $username * @param string $password * @param bool $remember_me * @return bool */ function pwg_login($success, $username, $password, $remember_me) { if ($success === true) { return true; } // we force the session table to be clean pwg_session_gc(); global $conf; // retrieving the encrypted password of the login submitted $query = ' SELECT ' . $conf['user_fields']['id'] . ' AS id, ' . $conf['user_fields']['password'] . ' AS password FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\' ;'; $row = pwg_db_fetch_assoc(pwg_query($query)); if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id'])) { log_user($row['id'], $remember_me); trigger_notify('login_success', stripslashes($username)); return true; } trigger_notify('login_failure', stripslashes($username)); return false; }
function plugin_install($id, $version, &$errors) { global $conf; /* ****************************************************************** */ /* **************** BEGIN - Data preparation in vars **************** */ /* ****************************************************************** */ $defaultPH = array(); // Set current plugin version in config table $plugin = PHInfos(PH_PATH); $version = $plugin['version']; // Default global parameters for Prune History conf // ------------------------------------------------- $defaultPH = array('PHVersion' => $version, 'AUTOPRUNE' => 'false', 'RANGEVALUE' => '0', 'RANGE' => '0'); // Create Prune History conf if not already exists // ------------------------------------------------ $query = ' SELECT param FROM ' . CONFIG_TABLE . ' WHERE param = "PruneHistory" ;'; $count = pwg_db_num_rows(pwg_query($query)); if ($count == 0) { $q = ' INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment) VALUES ("PruneHistory","' . pwg_db_real_escape_string(serialize($defaultPH)) . '","Prune History parameters") ;'; pwg_query($q); } }
function upgrade_210() { global $conf; $default = array('Blacklist' => "0", 'Version' => "2.1.1"); $q = ' INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment) VALUES ("HistoryIPConfig","' . pwg_db_real_escape_string(serialize($default)) . '","History IP Excluder options"); '; pwg_query($q); upgrade_211(); }
function plugin_install() { $eml_conf = array('content' => '', 'enabled' => false); $query = ' INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment) VALUES ( \'eml\', \'' . pwg_db_real_escape_string(serialize($eml_conf)) . '\', \'Parameters of Extend Notification Link plugin\' ) ;'; pwg_query($query); }
function activate($theme_version, &$errors = array()) { global $conf, $prefixeTable; if (empty($conf['smartpocket'])) { $conf['smartpocket'] = serialize($this->default_conf); $query = "\n INSERT INTO " . CONFIG_TABLE . " (param,value,comment)\n VALUES ('smartpocket' , '" . pwg_db_real_escape_string($conf['smartpocket']) . "' , 'loop#autohide');"; pwg_query($query); } elseif (count(unserialize($conf['smartpocket'])) != 2) { $conff = unserialize($conf['smartpocket']); $config = array('loop' => !empty($conff['loop']) ? $conff['loop'] : true, 'autohide' => !empty($conff['autohide']) ? $conff['autohide'] : 5000); conf_update_param('smartpocket', pwg_db_real_escape_string(serialize($config))); load_conf_from_db(); } $this->installed = true; }
function upgrade_100_110() { global $conf; load_language('plugin.lang', PH_PATH); // Upgrading options - Changing config variables to assoc array // ------------------------------------------------------------ // Upgrade $conf_PH options $conf_PH = unserialize($conf['PruneHistory']); $Newconf_PH = array('PHVersion' => $conf_PH[0], 'AUTOPRUNE' => $conf_PH[1], 'RANGEVALUE' => $conf_PH[2], 'RANGE' => $conf_PH[3]); // unset obsolete conf // ------------------- for ($i = 0; $i <= 3; $i++) { unset($conf_PH[$i]); } $update_conf = serialize($Newconf_PH); conf_update_param('PruneHistory', pwg_db_real_escape_string($update_conf)); }
function plugin_install($id, $version, &$errors) { global $conf; // Set current plugin version in config table $plugin = CM_Infos(CM_PATH); $version = $plugin['version']; $default = array('CMVersion' => $version, 'CM_No_Comment_Anonymous' => 'false', 'CM_GROUPCOMM' => 'false', 'CM_ALLOWCOMM_GROUP' => -1, 'CM_GROUPVALID1' => 'false', 'CM_VALIDCOMM1_GROUP' => -1, 'CM_GROUPVALID2' => 'false', 'CM_VALIDCOMM2_GROUP' => -1); $query = ' SELECT param FROM ' . CONFIG_TABLE . ' WHERE param = "CommentsManager" ;'; $count = pwg_db_num_rows(pwg_query($query)); if ($count == 0) { $q = ' INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment) VALUES ("CommentsManager","' . pwg_db_real_escape_string(serialize($default)) . '","Comments Access Manager parameters") ;'; pwg_query($q); } }
function upgrade_240_250() { global $conf; load_language('plugin.lang', REGFLUXBB_PATH); $plugin = RegFluxBB_Infos(REGFLUXBB_PATH); $version = $plugin['version']; // Upgrading options - Changing config variables to assoc array // ------------------------------------------------------------ $conf_RegFluxBB = isset($conf['Register_FluxBB']) ? explode(";", $conf['Register_FluxBB']) : array(); $Newconf_RegFluxBB = array('REGFLUXBB_VERSION' => $version, 'FLUXBB_PREFIX' => $conf_RegFluxBB[0], 'FLUXBB_ADMIN' => $conf_RegFluxBB[1], 'FLUXBB_GUEST' => $conf_RegFluxBB[2], 'FLUXBB_DEL_PT' => $conf_RegFluxBB[3], 'FLUXBB_CONFIRM' => $conf_RegFluxBB[4], 'FLUXBB_DETAIL' => $conf_RegFluxBB[5], 'FLUXBB_UAM_LINK' => $conf_RegFluxBB[6], 'FLUXBB_GROUP' => $conf_RegFluxBB[7]); $update_conf = serialize($Newconf_RegFluxBB); $q = ' DELETE FROM ' . CONFIG_TABLE . ' WHERE param="Register_FluxBB" LIMIT 1 ;'; pwg_query($q); $q = ' INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment) VALUES ("Register_FluxBB","' . pwg_db_real_escape_string($update_conf) . '","Register_FluxBB parameters") ;'; pwg_query($q); }
function plugin_install($id, $version, &$errors) { global $prefixeTable, $conf; // Set current plugin version in config table $plugin = RegFluxBB_Infos(REGFLUXBB_PATH); $version = $plugin['version']; // Default global parameters for RegisterFluxBB conf // ------------------------------------------------- $defaultRegFluxBB = array('REGFLUXBB_VERSION' => $version, 'FLUXBB_PREFIX' => '', 'FLUXBB_ADMIN' => '', 'FLUXBB_GUEST' => '', 'FLUXBB_DEL_PT' => 'false', 'FLUXBB_CONFIRM' => 'false', 'FLUXBB_DETAIL' => 'false', 'FLUXBB_UAM_LINK' => 'false', 'FLUXBB_GROUP' => ''); // Create RegisterFluxBB conf if not already exists // ------------------------------------------------ $query = ' SELECT param FROM ' . CONFIG_TABLE . ' WHERE param = "Register_FluxBB" ;'; $count = pwg_db_num_rows(pwg_query($query)); if ($count == 0) { $q = ' INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment) VALUES ("Register_FluxBB","' . pwg_db_real_escape_string(serialize($defaultRegFluxBB)) . '","Register_FluxBB parameters") ;'; pwg_query($q); } // Create relation table between FluxBB and Piwigo // ----------------------------------------------- $q = ' CREATE TABLE IF NOT EXISTS ' . Register_FluxBB_ID_TABLE . ' ( id_user_pwg smallint(5) NOT NULL default "0", id_user_FluxBB int(10) NOT NULL default "0", PwdSynch varchar(3) default NULL, PRIMARY KEY (id_user_pwg), KEY id_user_pwg (id_user_pwg, id_user_FluxBB, PwdSynch) ) ;'; pwg_query($q); }
function plugin_install($id, $version, &$errors) { global $conf; // Set plugin parameters $default = array(); $query = ' SELECT param FROM ' . CONFIG_TABLE . ' WHERE param = "HistoryIPExcluder" ;'; $count = pwg_db_num_rows(pwg_query($query)); if ($count == 0) { $q = ' INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment) VALUES ("HistoryIPExcluder","","History IP Excluder parameters"); '; pwg_query($q); } // Set plugin config $plugin = HIPE_infos(HIPE_PATH); $version = $plugin['version']; $default = array('Blacklist' => "0", 'Version' => $version); $query = ' SELECT param FROM ' . CONFIG_TABLE . ' WHERE param = "HistoryIPConfig" ;'; $count = pwg_db_num_rows(pwg_query($query)); if ($count == 0) { $q = ' INSERT INTO ' . CONFIG_TABLE . ' (param,value,comment) VALUES ("HistoryIPConfig","' . pwg_db_real_escape_string(serialize($default)) . '","History IP Excluder options"); '; pwg_query($q); } }
Audit_PWG_PhpBB(); } else { if (isset($_GET['action']) and $_GET['action'] == 'new_link' and isset($_GET['pwg_id']) and isset($_GET['bb_id'])) { PhpBB_Linkuser($_GET['pwg_id'], $_GET['bb_id']); Audit_PWG_PhpBB(); } else { if (isset($_GET['action']) and $_GET['action'] == 'sync_user' and isset($_GET['username'])) { $query = "\nSELECT id AS id_pwg, username, password, mail_address\nFROM " . USERS_TABLE . "\nWHERE BINARY username = BINARY '" . pwg_db_real_escape_string($_GET['username']) . "'\nLIMIT 1\n;"; $data = pwg_db_fetch_assoc(pwg_query($query)); if (!empty($data)) { PhpBB_Updateuser($data['id_pwg'], stripslashes($data['username']), $data['password'], $data['mail_address']); } Audit_PWG_PhpBB(); } else { if (isset($_GET['action']) and $_GET['action'] == 'add_user' and isset($_GET['username'])) { $query = "\nSELECT id, username, password, mail_address\nFROM " . USERS_TABLE . "\nWHERE BINARY username = BINARY '" . pwg_db_real_escape_string($_GET['username']) . "'\nLIMIT 1\n;"; $data = pwg_db_fetch_assoc(pwg_query($query)); if (!empty($data)) { PhpBB_Adduser($data['id'], stripslashes($data['username']), $data['password'], $data['mail_address']); } Audit_PWG_PhpBB(); } else { if (isset($_GET['action']) and $_GET['action'] == 'del_user' and isset($_GET['id'])) { PhpBB_Deluser($_GET['id'], true); Audit_PWG_PhpBB(); } } } } } }
function upgradeCM_240_250() { global $conf; // Upgrading options - Changing config variables to assoc array // ------------------------------------------------------------ // Upgrade $conf_CM options $conf_CM = unserialize($conf['CommentsManager']); $Newconf_CM = array('CMVersion' => $conf_CM[0], 'CM_No_Comment_Anonymous' => $conf_CM[1], 'CM_GROUPCOMM' => $conf_CM[2], 'CM_ALLOWCOMM_GROUP' => $conf_CM[3], 'CM_GROUPVALID1' => $conf_CM[4], 'CM_VALIDCOMM1_GROUP' => $conf_CM[5], 'CM_GROUPVALID2' => $conf_CM[6], 'CM_VALIDCOMM2_GROUP' => $conf_CM[7]); // unset obsolete conf // ------------------- for ($i = 0; $i <= 7; $i++) { unset($conf_CM[$i]); } $update_conf = serialize($Newconf_CM); conf_update_param('CommentsManager', pwg_db_real_escape_string($update_conf)); }
/** * register page */ function oauth_begin_register() { global $conf, $template, $hybridauth_conf, $page, $user; if ($hybridauth_conf['enabled'] == 0) { return; } // coming from identification page if (pwg_get_session_var('oauth_new_user') != null) { list($provider, $user_identifier) = pwg_get_session_var('oauth_new_user'); try { if ($provider == 'Persona') { $template->assign('OAUTH_USER', array('provider' => 'Persona', 'username' => $user_identifier, 'u_profile' => null, 'avatar' => null)); oauth_assign_template_vars(); $template->append('OAUTH', array('persona_email' => $user_identifier), true); $conf['oauth']['include_common_template'] = true; } else { require_once OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php'; $hybridauth = new Hybrid_Auth($hybridauth_conf); $adapter = $hybridauth->authenticate($provider); $remote_user = $adapter->getUserProfile(); // security, check remote identifier if ($remote_user->identifier != $user_identifier) { pwg_unset_session_var('oauth_new_user'); throw new Exception('Hacking attempt!', 403); } $template->assign('OAUTH_USER', array('provider' => $hybridauth_conf['providers'][$provider]['name'], 'username' => $remote_user->displayName, 'u_profile' => $remote_user->profileURL, 'avatar' => $remote_user->photoURL)); } $oauth_id = pwg_db_real_escape_string($provider . '---' . $user_identifier); $page['infos'][] = l10n('Your registration is almost done, please complete the registration form.'); // register form submited if (isset($_POST['submit'])) { $user_id = register_user($_POST['login'], hash('sha1', $oauth_id . $conf['secret_key']), $_POST['mail_address'], true, $page['errors'], false); if ($user_id !== false) { pwg_unset_session_var('oauth_new_user'); // update oauth field single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user_id)); // log_user and redirect log_user($user_id, false); redirect('profile.php'); } unset($_POST['submit']); } else { if (isset($_POST['login']) && $conf['oauth']['allow_merge_accounts']) { if ($conf['insensitive_case_logon'] == true) { $_POST['username'] = search_case_username($_POST['username']); } $user_id = get_userid($_POST['username']); if ($user_id === false) { $page['errors'][] = l10n('Invalid username or email'); } else { if ($user_id == $conf['webmaster_id']) { $page['errors'][] = l10n('For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.'); } else { if (pwg_login(false, $_POST['username'], $_POST['password'], false)) { // update oauth field single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user['id'])); pwg_unset_session_var('oauth_new_user'); redirect('profile.php'); } else { $page['errors'][] = l10n('Invalid password!'); } } } } } // overwrite fields with remote datas if ($provider == 'Persona') { $_POST['login'] = ''; $_POST['mail_address'] = $user_identifier; } else { $_POST['login'] = $remote_user->displayName; $_POST['mail_address'] = $remote_user->email; } // template $template->assign('OAUTH_PATH', OAUTH_PATH); if ($conf['oauth']['allow_merge_accounts']) { $template->assign('OAUTH_LOGIN_IN_REGISTER', true); $template->set_prefilter('register', 'oauth_add_login_in_register'); } else { $template->set_prefilter('register', 'oauth_add_profile_prefilter'); $template->set_prefilter('register', 'oauth_remove_password_fields_prefilter'); } } catch (Exception $e) { $page['errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode()); } } else { if ($conf['oauth']['display_register']) { oauth_assign_template_vars(get_gallery_home_url()); $template->set_prefilter('register', 'oauth_add_buttons_prefilter'); } } }
<?php // Need upgrade? global $conf; include PHPWG_THEMES_PATH . 'elegant/admin/upgrade.inc.php'; load_language('theme.lang', PHPWG_THEMES_PATH . 'elegant/'); $config_send = array(); if (isset($_POST['submit_elegant'])) { $config_send['p_main_menu'] = (isset($_POST['p_main_menu']) and !empty($_POST['p_main_menu'])) ? $_POST['p_main_menu'] : 'on'; $config_send['p_pict_descr'] = (isset($_POST['p_pict_descr']) and !empty($_POST['p_pict_descr'])) ? $_POST['p_pict_descr'] : 'on'; $config_send['p_pict_comment'] = (isset($_POST['p_pict_comment']) and !empty($_POST['p_pict_comment'])) ? $_POST['p_pict_comment'] : 'off'; $conf['elegant'] = serialize($config_send); conf_update_param('elegant', pwg_db_real_escape_string($conf['elegant'])); array_push($page['infos'], l10n('Information data registered in database')); } $template->set_filenames(array('theme_admin_content' => dirname(__FILE__) . '/admin.tpl')); $template->assign('options', unserialize($conf['elegant'])); $template->assign_var_from_handle('ADMIN_CONTENT', 'theme_admin_content');
$template->assign('GB_OPEN', true); $page['errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules'); break; default: trigger_error('Invalid comment action ' . $comment_action, E_USER_WARNING); } } // +-----------------------------------------------------------------------+ // | display comments | // +-----------------------------------------------------------------------+ $where_clauses = array('1=1'); if (!is_admin()) { $where_clauses[] = 'validated = \'true\''; } if (isset($_GET['comment_id'])) { $where_clauses[] = 'com.id = ' . pwg_db_real_escape_string($_GET['comment_id']); } // number of comments for this picture $query = ' SELECT COUNT(*) AS nb_comments FROM ' . GUESTBOOK_TABLE . ' as com WHERE ' . implode(' AND ', $where_clauses) . ' ;'; $row = pwg_db_fetch_assoc(pwg_query($query)); // navigation bar creation $page['start'] = 0; if (isset($_GET['start']) && is_numeric($_GET['start']) && $_GET['start'] >= 0) { $page['start'] = $_GET['start']; } $navigation_bar = create_navigation_bar(GUESTBOOK_URL, $row['nb_comments'], $page['start'], $conf['guestbook']['nb_comment_page'], false);
<?php // Chech whether we are indeed included by Piwigo. if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } load_language('plugin.lang', STAT_PATH); $eml_conf = unserialize($conf['eml']); $template->assign(array('EML_CONTENT' => $eml_conf['content'], 'EML_ENABLED' => $eml_conf['enabled'] ? 'checked="checked"' : '')); if (isset($_POST['submit'])) { $eml_content = stripslashes($_POST['eml_content']); $eml_conf = array('content' => $eml_content, 'enabled' => isset($_POST['eml_enabled'])); $query = ' UPDATE ' . CONFIG_TABLE . ' SET value = \'' . pwg_db_real_escape_string(serialize($eml_conf)) . '\' WHERE param = \'eml\' ;'; pwg_query($query); array_push($page['infos'], l10n('Config saved')); $template->assign(array('EML_CONTENT' => $eml_content, 'EML_ENABLED' => isset($_POST['eml_enabled']) ? 'checked="checked"' : '')); } // Add our template to the global template $template->set_filenames(array('plugin_admin_content' => dirname(__FILE__) . '/admin.tpl')); // Assign the template contents to ADMIN_CONTENT $template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
if (!empty($_POST['start_year'])) { $search['fields'][$type_date . '-after'] = array('date' => sprintf('%d-%02d-%02d 00:00:00', $_POST['start_year'], $_POST['start_month'] != 0 ? $_POST['start_month'] : '01', $_POST['start_day'] != 0 ? $_POST['start_day'] : '01'), 'inc' => true); } if (!empty($_POST['end_year'])) { $search['fields'][$type_date . '-before'] = array('date' => sprintf('%d-%02d-%02d 23:59:59', $_POST['end_year'], $_POST['end_month'] != 0 ? $_POST['end_month'] : '12', $_POST['end_day'] != 0 ? $_POST['end_day'] : '31'), 'inc' => true); } if (!empty($search)) { // default search mode : each clause must be respected $search['mode'] = 'AND'; // register search rules in database, then they will be available on // thumbnails page and picture page. $query = ' INSERT INTO ' . SEARCH_TABLE . ' (rules, last_seen) VALUES (\'' . pwg_db_real_escape_string(serialize($search)) . '\', NOW()) ;'; pwg_query($query); $search_id = pwg_db_insert_id(SEARCH_TABLE); } else { $page['errors'][] = l10n('Empty query. No criteria has been entered.'); } } //----------------------------------------------------------------- redirection if (isset($_POST['submit']) and count($page['errors']) == 0) { redirect(make_index_url(array('section' => 'search', 'search' => $search_id))); } //----------------------------------------------------- template initialization // // Start output of page //
} } if ($is_plugin_installed) { $query = ' SELECT id, datas FROM ' . $plugin_table . ' WHERE path LIKE \'%plugins/PWG_Stuffs/modules/Personal%\' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $content_orig = $row['datas']; $content_new = serialize(replace_hotlinks(unserialize($content_orig))); if ($content_orig != $content_new) { single_update($plugin_table, array('datas' => pwg_db_real_escape_string($content_new)), array('id' => $row['id'])); } } $upgrade_description .= ', PWG Stuffs'; } $upgrade_description .= ')'; echo "\n" . $upgrade_description . "\n"; // +-----------------------------------------------------------------------+ // | Functions | // +-----------------------------------------------------------------------+ function replace_hotlinks($string) { global $conf; // websize 2.3 = medium 2.4 $string = preg_replace('#(upload/\\d{4}/\\d{2}/\\d{2}/\\d{14}-\\w{8})(\\.(jpg|png))#', 'i.php?/$1-me$2', $string); // I've tried but I didn't find the way to do it correctly
function login($success, $username, $password, $remember_me) { global $conf; $allow_auth = False; $obj = new Ldap(); $obj->load_config(); $obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString()); // if there's a users group... if ($obj->config['users_group']) { // and the user is in if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) { // it can continue $allow_auth = True; } else { // otherwise it means the user is not allowed to enter ! fail($username); } } else { // if there's no user group, we can continue. $allow_auth = True; } if ($allow_auth) { if ($obj->ldap_bind_as($username, $password)) { // bind with userdn // search user in piwigo database $query = ' SELECT ' . $conf['user_fields']['id'] . ' AS id FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';'; $row = pwg_db_fetch_assoc(pwg_query($query)); // if query is not empty, it means everything is ok and we can continue, auth is done ! if (!empty($row['id'])) { update_user($username, $row['id']); log_user($row['id'], $remember_me); trigger_action('login_success', stripslashes($username)); return True; } else { // this is where we check we are allowed to create new users upon that. if ($obj->config['allow_newusers']) { // we got the email address if ($obj->ldap_mail($username)) { $mail = $obj->ldap_mail($username); } else { $mail = NULL; } // we actually register the new user $new_id = register_user($username, random_password(8), $mail); update_user($username, $new_id); // now we fetch again his id in the piwigo db, and we get them, as we just created him ! log_user($new_id, False); trigger_action('login_success', stripslashes($username)); redirect('profile.php'); return true; } else { fail($username); } } } else { fail($username); } } else { fail($username); } }
/** * checks the activation key: does it match the expected pattern? is it * linked to a user? is this user allowed to reset his password? * * @return mixed (user_id if OK, false otherwise) */ function check_password_reset_key($reset_key) { global $page, $conf; list($key, $email) = explode('-', $reset_key, 2); if (!preg_match('/^[a-z0-9]{20}$/i', $key)) { $page['errors'][] = l10n('Invalid key'); return false; } $user_ids = array(); $query = ' SELECT ' . $conf['user_fields']['id'] . ' AS id FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['email'] . ' = \'' . pwg_db_real_escape_string($email) . '\' ;'; $user_ids = query2array($query, null, 'id'); if (count($user_ids) == 0) { $page['errors'][] = l10n('Invalid username or email'); return false; } $user_id = null; $query = ' SELECT user_id, status, activation_key, activation_key_expire, NOW() AS dbnow FROM ' . USER_INFOS_TABLE . ' WHERE user_id IN (' . implode(',', $user_ids) . ') ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { if (pwg_password_verify($key, $row['activation_key'])) { if (strtotime($row['dbnow']) > strtotime($row['activation_key_expire'])) { // key has expired $page['errors'][] = l10n('Invalid key'); return false; } if (is_a_guest($row['status']) or is_generic($row['status'])) { $page['errors'][] = l10n('Password reset is not allowed for this user'); return false; } $user_id = $row['user_id']; } } if (empty($user_id)) { $page['errors'][] = l10n('Invalid key'); return false; } return $user_id; }
function check_extensions() { global $conf; if (!$this->get_server_extensions()) { return false; } $_SESSION['extensions_need_update'] = array(); foreach ($this->types as $type) { $fs = 'fs_' . $type; $server = 'server_' . $type; $server_ext = $this->{$type}->{$server}; $fs_ext = $this->{$type}->{$fs}; $ignore_list = array(); $need_upgrade = array(); foreach ($fs_ext as $ext_id => $fs_ext) { if (isset($fs_ext['extension']) and isset($server_ext[$fs_ext['extension']])) { $ext_info = $server_ext[$fs_ext['extension']]; if (!safe_version_compare($fs_ext['version'], $ext_info['revision_name'], '>=')) { if (in_array($ext_id, $conf['updates_ignored'][$type])) { $ignore_list[] = $ext_id; } else { $_SESSION['extensions_need_update'][$type][$ext_id] = $ext_info['revision_name']; } } } } $conf['updates_ignored'][$type] = $ignore_list; } conf_update_param('updates_ignored', pwg_db_real_escape_string(serialize($conf['updates_ignored']))); }
function plugin_install($id, $version, &$errors) { global $conf; // Set current plugin version in config table // ------------------------------------------ $plugin = PPInfos(PP_PATH); $version = $plugin['version']; /* ****************************************************************** */ /* **************** BEGIN - Data preparation in vars **************** */ /* ****************************************************************** */ // Default global parameters for PasswordPolicy conf // ------------------------------------------------- $defaultPP = array('PPVersion' => $version, 'PASSWORDENF' => 'false', 'PASSWORD_SCORE' => '100', 'ADMINPASSWENF' => 'false', 'PWDRESET' => 'false', 'LOGFAILBLOCK' => 'false', 'NBLOGFAIL' => '0', 'USRLOCKEDTXT' => l10n('PP_User_Account_Locked_Txt')); /* **************************************************************** */ /* **************** END - Data preparation in vars **************** */ /* **************************************************************** */ /* ***************************************************************************** */ /* **************** BEGIN - Database actions and initialization **************** */ /* ***************************************************************************** */ // Create PasswordPolicy conf if not already exists // ------------------------------------------------ $query = ' SELECT param FROM ' . CONFIG_TABLE . ' WHERE param = "PasswordPolicy" ;'; $count = pwg_db_num_rows(pwg_query($query)); if ($count == 0) { $q = ' INSERT INTO ' . CONFIG_TABLE . ' (param, value, comment) VALUES ("PasswordPolicy","' . pwg_db_real_escape_string(serialize($defaultPP)) . '","Password Policy parameters") ;'; pwg_query($q); } // Piwigo's native tables modifications for password reset function - Add pwdreset column if not already exists // ------------------------------------------------------------------------------------------------------------ $query = ' SHOW COLUMNS FROM ' . USERS_TABLE . ' LIKE "PP_pwdreset" ;'; $result = pwg_query($query); if (!pwg_db_fetch_row($result)) { $q = ' ALTER TABLE ' . USERS_TABLE . ' ADD PP_pwdreset enum("true","false") ;'; pwg_query($q); } // Piwigo's native tables modifications for failed login attempts count // -------------------------------------------------------------------- $query = ' SHOW COLUMNS FROM ' . USERS_TABLE . ' LIKE "PP_loginfailcount" ;'; $result = pwg_query($query); if (!pwg_db_fetch_row($result)) { $q = ' ALTER TABLE ' . USERS_TABLE . ' ADD PP_loginfailcount INT NOT NULL DEFAULT "0" ;'; pwg_query($q); } // Piwigo's native tables modifications for locked accounts // -------------------------------------------------------- $query = ' SHOW COLUMNS FROM ' . USERS_TABLE . ' LIKE "PP_lock" ;'; $result = pwg_query($query); if (!pwg_db_fetch_row($result)) { $q = ' ALTER TABLE ' . USERS_TABLE . ' ADD PP_lock enum("true","false") ;'; pwg_query($q); } /* *************************************************************************** */ /* **************** END - Database actions and initialization **************** */ /* *************************************************************************** */ }
function PhpBB_Updateuser($pwg_id, $username, $password, $adresse_mail) { include_once PHPWG_ROOT_PATH . 'include/common.inc.php'; $query = "\nSELECT id_user_PhpBB as PhpBB_id\nFROM " . Register_PhpBB_ID_TABLE . "\nWHERE id_user_pwg = " . $pwg_id . "\n;"; $row = pwg_db_fetch_assoc(pwg_query($query)); if (!empty($row)) { $query = "\nUPDATE " . PhpBB_USERS_TABLE . "\nSET username = '******', username_clean = '" . strtolower(pwg_db_real_escape_string($username)) . "', user_email = '" . $adresse_mail . "', user_password = '******'\nWHERE user_id = " . $row['PhpBB_id'] . "\n;"; $result = pwg_query($query); PhpBB_Linkuser($pwg_id, $row['PhpBB_id']); } else { $query = "\nSELECT user_id as PhpBB_id\nFROM " . PhpBB_USERS_TABLE . "\nWHERE BINARY username = BINARY '" . pwg_db_real_escape_string($username) . "'\n;"; $row = pwg_db_fetch_assoc(pwg_query($query)); if (!empty($row)) { $query = "\nUPDATE " . PhpBB_USERS_TABLE . "\nSET username = '******', username_clean = '" . strtolower(pwg_db_real_escape_string($username)) . "', user_email = '" . $adresse_mail . "', user_password = '******'\nWHERE user_id = " . $row['PhpBB_id'] . "\n;"; $result = pwg_query($query); PhpBB_Linkuser($pwg_id, $row['PhpBB_id']); } } }
function check_upgrade_access_rights() { global $conf, $page, $current_release; if (version_compare($current_release, '2.0', '>=') and isset($_COOKIE[session_name()])) { // Check if user is already connected as webmaster session_start(); if (!empty($_SESSION['pwg_uid'])) { $query = ' SELECT status FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $_SESSION['pwg_uid'] . ' ;'; pwg_query($query); $row = pwg_db_fetch_assoc(pwg_query($query)); if (isset($row['status']) and $row['status'] == 'webmaster') { define('PHPWG_IN_UPGRADE', true); return; } } } if (!isset($_POST['username']) or !isset($_POST['password'])) { return; } $username = $_POST['username']; $password = $_POST['password']; if (!@get_magic_quotes_gpc()) { $username = pwg_db_real_escape_string($username); } if (version_compare($current_release, '2.0', '<')) { $username = utf8_decode($username); $password = utf8_decode($password); } if (version_compare($current_release, '1.5', '<')) { $query = ' SELECT password, status FROM ' . USERS_TABLE . ' WHERE username = \'' . $username . '\' ;'; } else { $query = ' SELECT u.password, ui.status FROM ' . USERS_TABLE . ' AS u INNER JOIN ' . USER_INFOS_TABLE . ' AS ui ON u.' . $conf['user_fields']['id'] . '=ui.user_id WHERE ' . $conf['user_fields']['username'] . '=\'' . $username . '\' ;'; } $row = pwg_db_fetch_assoc(pwg_query($query)); if (!$conf['password_verify']($password, $row['password'])) { $page['errors'][] = l10n('Invalid password!'); } elseif ($row['status'] != 'admin' and $row['status'] != 'webmaster') { $page['errors'][] = l10n('You do not have access rights to run upgrade'); } else { define('PHPWG_IN_UPGRADE', true); } }
/** * PH specific database dump * Creates an SQL dump of history table for safety before manual prune * * @returns : Boolean to manage appropriate message display * */ function PH_dump($download) { global $conf; $plugin = PHInfos(PH_PATH); $version = $plugin['version']; // Initial backup folder creation and file initialisation // ------------------------------------------------------ if (!is_dir(PH_PATH . '/include/backup')) { mkdir(PH_PATH . '/include/backup'); } $Backup_File = PH_PATH . '/include/backup/PH_Historybackup.sql'; $fp = fopen($Backup_File, 'w'); // Writing plugin version $insertions = "-- " . $version . " --\n\n"; fwrite($fp, $insertions); // Saving History table // -------------------- $ListTables = array(HISTORY_TABLE); $j = 0; while ($j < count($ListTables)) { $sql = 'SHOW CREATE TABLE ' . $ListTables[$j]; $res = pwg_query($sql); if ($res) { $insertions = "-- -------------------------------------------------------\n"; $insertions .= "-- Create " . $ListTables[$j] . " table\n"; $insertions .= "-- ------------------------------------------------------\n\n"; $insertions .= "DROP TABLE IF EXISTS " . $ListTables[$j] . ";\n\n"; $array = pwg_db_fetch_row($res); $array[1] .= ";\n\n"; $insertions .= $array[1]; $req_table = pwg_query('DESCRIBE ' . $ListTables[$j] . ';') or die(my_error()); $nb_fields = pwg_db_num_rows($req_table); $req_table2 = pwg_query('SELECT * FROM ' . $ListTables[$j]) or die(my_error()); while ($line = pwg_db_fetch_row($req_table2)) { $insertions .= 'INSERT INTO ' . $ListTables[$j] . ' VALUES ('; for ($i = 0; $i < $nb_fields; $i++) { $insertions .= '\'' . pwg_db_real_escape_string($line[$i]) . '\', '; } $insertions = substr($insertions, 0, -2); $insertions .= ");\n"; } $insertions .= "\n\n"; } fwrite($fp, $insertions); $j++; } fclose($fp); // Download generated dump file // ---------------------------- if ($download == 'true') { if (@filesize($Backup_File)) { $http_headers = array('Content-Length: ' . @filesize($Backup_File), 'Content-Type: text/x-sql', 'Content-Disposition: attachment; filename="PH_Historybackup.sql";', 'Content-Transfer-Encoding: binary'); foreach ($http_headers as $header) { header($header); } @readfile($Backup_File); exit; } } return true; }
if ($count != 0) { $page['errors'][] = l10n('This name is already used by another group.'); break; } // creating the group $query = ' INSERT INTO ' . GROUPS_TABLE . ' (name) VALUES (\'' . pwg_db_real_escape_string($_POST['duplicate_' . $group . '']) . '\') ;'; pwg_query($query); $query = ' SELECT id FROM ' . GROUPS_TABLE . ' WHERE name = \'' . pwg_db_real_escape_string($_POST['duplicate_' . $group . '']) . '\' ;'; list($groupid) = pwg_db_fetch_row(pwg_query($query)); $query = ' SELECT * FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id = ' . $group . ' ;'; $grp_access = array(); $res = pwg_query($query); while ($row = pwg_db_fetch_assoc($res)) { $grp_access[] = array('cat_id' => $row['cat_id'], 'group_id' => $groupid); } mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $grp_access); $query = ' SELECT *
/** * Called by PHP session manager, writes data in the sessions table. * * @param string $session_id * @param sring $data * @return true */ function pwg_session_write($session_id, $data) { $query = ' REPLACE INTO ' . SESSIONS_TABLE . ' (id,data,expiration) VALUES(\'' . get_remote_addr_session_hash() . $session_id . '\',\'' . pwg_db_real_escape_string($data) . '\',now()) ;'; pwg_query($query); return true; }
<?php // Need upgrade? global $conf; include PHPWG_THEMES_PATH . 'smartpocket/admin/upgrade.inc.php'; load_language('theme.lang', PHPWG_THEMES_PATH . 'smartpocket/'); $config_send = array(); if (isset($_POST['submit_smartpocket'])) { $config_send['loop'] = isset($_POST['loop']); $config_send['autohide'] = isset($_POST['autohide']) ? 5000 : 0; $conf['smartpocket'] = serialize($config_send); conf_update_param('smartpocket', pwg_db_real_escape_string($conf['smartpocket'])); array_push($page['infos'], l10n('Information data registered in database')); } $template->set_filenames(array('theme_admin_content' => dirname(__FILE__) . '/admin.tpl')); $template->assign('options', unserialize($conf['smartpocket'])); $template->assign_var_from_handle('ADMIN_CONTENT', 'theme_admin_content');
$page['start'] = $page['startcat'] = 0; // some ISPs set PATH_INFO to empty string or to SCRIPT_FILENAME while in the // default apache implementation it is not set if ($conf['question_mark_in_urls'] == false and isset($_SERVER["PATH_INFO"]) and !empty($_SERVER["PATH_INFO"])) { $rewritten = $_SERVER["PATH_INFO"]; $rewritten = str_replace('//', '/', $rewritten); $path_count = count(explode('/', $rewritten)); $page['root_path'] = PHPWG_ROOT_PATH . str_repeat('../', $path_count - 1); } else { $rewritten = ''; foreach (array_keys($_GET) as $keynum => $key) { $rewritten = $key; break; } // the $_GET keys are not protected in include/common.inc.php, only the values $rewritten = pwg_db_real_escape_string($rewritten); $page['root_path'] = PHPWG_ROOT_PATH; } if (strncmp($page['root_path'], './', 2) == 0) { $page['root_path'] = substr($page['root_path'], 2); } // deleting first "/" if displayed $tokens = explode('/', ltrim($rewritten, '/')); // $tokens = array( // 0 => category, // 1 => 12-foo, // 2 => start-24 // ); $next_token = 0; // +-----------------------------------------------------------------------+ // | picture page |