Esempio n. 1
0
  @version	2.6.0
  @author	Rodolfo Berríos A. <http://rodolfoberrios.com/>
			<*****@*****.**>

  Copyright (c) Rodolfo Berrios <*****@*****.**>
  
  Licensed under the MIT license
  http://opensource.org/licenses/MIT

  --------------------------------------------------------------------- */
define('access', 'API');
require_once 'includes/chevereto.php';
/*** Die, die, die my darling ***/
if (chevereto_config('api_key') == 'my_api_key' and chevereto_config('api_mode') == 'private' and !is_localhost()) {
    chevereto_die(array('Open <code>includes/config.php</code>', 'Edit <code>$config[\'api_key\'] = \'my_api_key\';</code> with a different key.'), 'API key', array('You haven\'t changed the default api key, the API won\'t work until you fix this.'));
}
$key = $_REQUEST['key'];
$to_upload = $_REQUEST['upload'];
$to_resize = $_REQUEST['resize_width'];
$format = $_REQUEST['format'];
$callback = $_REQUEST['callback'];
/*** Checks the auth ***/
if (api_mode('private') and api_key() !== $key and !is_localhost()) {
    $error_key_msg = 'Invalid API key';
    $ERROR_AUTH_API = array('status_code' => 403, 'status_txt' => $error_key_msg);
    switch ($format) {
        default:
        case 'json':
        default:
            json_output($ERROR_AUTH_API, $callback);
Esempio n. 2
0
 /**
  * proccess_request
  * Process the request for the public area
  */
 private function proccess_request()
 {
     global $lang;
     $this->template = 404;
     // Default template
     $this->pages = $this->get_pages();
     // get theme pages
     // Prepare te request array to use the legacy request (?v=file.ext)
     if (check_value($_GET['v']) && preg_match("/^\\w*\\.jpg|png|gif\$/", $_GET['v'])) {
         $this->base_request = '?' . $this->request_array[1];
         unset($this->request_array[1]);
     }
     @session_start();
     if (count($_SESSION['ImagesUp']) > 0) {
         $_SESSION['ImagesUp'] = array_values($_SESSION['ImagesUp']);
         self::$uploaded = true;
     }
     if (chevereto_config('maintenance')) {
         $this->base_request = 'maintenance';
     }
     // Switch according the request
     switch ($this->base_request) {
         case '':
         case 'index.php':
             @session_start();
             $_SESSION['last_upload_request'] = time();
             $this->template = 'index';
             break;
         case 'json':
             json_prepare();
             // Do a special trick for the json action=login
             if ($_REQUEST['action'] == 'login') {
                 // Check for user match...
                 $login_user = login_user($_REQUEST['password'], $_REQUEST['keep']);
                 if ($login_user !== false) {
                     $json_array = array('status_code' => 200, 'status_txt' => 'logged in');
                 } else {
                     $json_array = array('status_code' => 403, 'status_txt' => 'invalid login');
                 }
             } elseif ($_REQUEST['action'] == 'logout') {
                 do_logout();
                 $json_array = array('status_code' => 200, 'status_txt' => 'logged out');
             }
             $json_array = check_value($json_array) ? $json_array : array('status' => 403, 'status_txt' => 'unauthorized');
             session_write_close();
             die(json_output($json_array));
             break;
         case __CHV_VIRTUALFOLDER_IMAGE__:
             // View request
             $id_public = $this->request_array[1];
             $this->template = !is_upload_result() ? 'view' : 'uploaded';
             self::$is_viewer = true;
             break;
         case __CHV_VIRTUALFOLDER_UPLOADED__:
             @session_start();
             if (count($_SESSION['ImagesUp']) > 0) {
                 $this->template = 'uploaded';
                 self::$doctitle = $lang['doctitle_upload_complete'];
             } else {
                 $this->redirect(__CHV_BASE_URL__, 400);
             }
             break;
         case 'error-javascript':
             chevereto_die(array(get_lang_txt('critical_js_step_1'), get_lang_txt('critical_js_step_2')), 'JavaScript', array(get_lang_txt('critical_js')));
             break;
         case '?chevereto':
             $this->template = 'bool';
             break;
             // Legacy viewer
         // Legacy viewer
         case '?v=' . $_GET['v']:
             // View request
             $id_public = $_GET['v'];
             $this->legacy_redirect = true;
             break;
         case 'delete':
         case 'delete-confirm':
             //$delete_what = $this->request_array[1];
             $id_public = $this->request_array[2];
             $deleteHash = $this->request_array[3];
             $this->template = $this->base_request;
             self::$is_viewer = true;
             break;
         case 'maintenance':
             $this->template = 'maintenance';
             self::$doctitle = chevereto_config('doctitle');
             break;
         default:
             // Pages request
             require_once $this->path_theme . 'pages/pages_config.php';
             // We load the special pages config
             if (in_array($this->base_request . '.php', $this->pages) and $this->request_array[1] == '' and $pages_config[$this->base_request]['live']) {
                 $this->template = 'pages/' . $this->base_request;
                 self::$doctitle = $pages_config[$this->base_request]['title'];
             } else {
                 $this->template = 'shorturl';
                 $id_public = $this->base_request;
                 self::$is_viewer = true;
             }
             break;
     }
     // Ask for the login on index and pages
     if ($this->template == 'index' || $this->template == 'pages/' . $this->base_request) {
         if (conditional_config('private_mode')) {
             if (!is_logged_user()) {
                 $doctitle = get_lang_txt('txt_enter_password') . ' - ' . chevereto_config('doctitle');
                 include __CHV_PATH_SYSTEM__ . 'login.php';
                 die;
             }
         }
     }
     if ($this->template == 'uploaded') {
         self::$doctitle = get_lang_txt('doctitle_upload_complete');
         self::$image_info = $_SESSION['ImagesUp'][0];
         self::$uploaded_images = $_SESSION['ImagesUp'];
         $_SESSION['ImagesUp'] = NULL;
         unset($_SESSION['ImagesUp']);
     }
     if (preg_match('/view|shorturl|delete/', $this->template) || $this->legacy_redirect) {
         // Test connection
         if ($this->dB->dead) {
             self::$doctitle = 'dB connection error';
             $this->template = 404;
         } else {
             // get image info
             $imageID = $this->legacy_redirect ? $id_public : decodeID($id_public);
             self::$image_info = $this->dB->image_info($imageID);
             self::$id_public = $id_public;
             if (!is_array(self::$image_info)) {
                 // Record?
                 if ($this->template == 'delete-confirm') {
                     json_output(array('status_code' => 403, 'status_txt' => 'target image doesn\'t exists'));
                 } else {
                     $this->template = 404;
                 }
             } else {
                 if ($this->legacy_redirect) {
                     $this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . encodeID(self::$image_info['image_id']), 301);
                 }
                 $target = get_image_target(self::$image_info);
                 self::$image_target = $target['image_path'];
                 self::$image_thumb_target = $target['image_thumb_path'];
                 self::$image_url = absolute_to_url($target['image_path']);
                 self::$image_thumb_url = absolute_to_url($target['image_thumb_path']);
                 self::$image_filename = self::$image_info['image_filename'];
                 self::$image_viewer = __CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . $id_public;
                 self::$delete_image_url = __CHV_BASE_URL__ . 'delete/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash'];
                 $image_delete_proceed = !empty(self::$image_info['image_delete_hash']) && $deleteHash === self::$image_info['image_delete_hash'] ? true : false;
                 switch ($this->template) {
                     case 'delete':
                         if (!$image_delete_proceed) {
                             $this->redirect(__CHV_BASE_URL__ . __CHV_VIRTUALFOLDER_IMAGE__ . '/' . self::$id_public, 301);
                         }
                         self::$delete_image_confirm_url = __CHV_BASE_URL__ . 'delete-confirm/image/' . self::$id_public . '/' . self::$image_info['image_delete_hash'];
                         self::$doctitle = get_lang_txt('doctitle_delete_confirm') . ' ' . self::$image_info['image_filename'];
                         break;
                     case 'delete-confirm':
                         if (!$image_delete_proceed) {
                             json_output(array('status_code' => 403, 'status_txt' => 'invalid delete hash'));
                         } else {
                             require_once __CHV_PATH_ADMIN_CLASSES__ . 'class.manage.php';
                             $manage = new Manage(array('id' => self::$image_info['image_id'], 'action' => 'delete'));
                             if ($manage->dead) {
                                 $json_array = array('status_code' => 403, 'status_txt' => $manage->error);
                             } else {
                                 $json_array = $manage->process();
                             }
                         }
                         // Make the status_txt more readable...
                         switch ($json_array['status_code']) {
                             case 200:
                                 $json_array['status_txt'] = get_lang_txt('txt_image_deleted');
                                 break;
                             default:
                             case 403:
                                 $json_array['status_txt'] = get_lang_txt('txt_error_deleting_image');
                                 break;
                         }
                         json_output($json_array);
                         break;
                     default:
                         self::$doctitle = get_lang_txt('doctitle_viewing_image') . ' ' . self::$image_info['image_filename'];
                         break;
                 }
             }
         }
     }
     if ($this->template == 404) {
         status_header(404);
         self::$doctitle = check_value(self::$doctitle) ? self::$doctitle : get_lang_txt('txt_404_title');
     } else {
         status_header(200);
     }
     // We load the template
     if ($this->template == 'bool') {
         exit(json_encode(true));
     } else {
         $this->load_template();
     }
 }
Esempio n. 3
0
/**
 * check_config
 * This checks the script configuration... Like upload limit, thumbs, etc. 
 */
function check_config()
{
    global $config, $install_errors;
    if (!defined('HTTP_HOST')) {
        $install_errors[] = 'Can\'t resolve <code>HTTP_HOST</code>. Please check at the bottom of <code>config.php</code>';
    }
    // Upload limit vs php.ini value -> http://php.net/manual/ini.php
    $ini_upload_bytes = return_bytes(trim(ini_get('upload_max_filesize')) . 'B');
    $max_size_bytes = return_bytes($config['max_filesize']);
    if (!is_numeric($max_size_bytes)) {
        $install_errors[] = 'Invalid numeric value in <code>$config[\'max_filesize\']</code>';
    } else {
        if ($ini_upload_bytes < $max_size_bytes) {
            $install_errors[] = 'Max. image size (' . $config['max_filesize'] . ') is greater than the value in <code>php.ini</code> (' . format_bytes($ini_upload_bytes) . ')';
        }
    }
    if (!is_int($config['thumb_width'])) {
        $install_errors[] = 'Invalid thumb size width in <code>$config[\'thumb_width\']</code>';
    }
    if (!is_int($config['thumb_height'])) {
        $install_errors[] = 'Invalid thumb size height in <code>$config[\'thumb_height\']</code>';
    }
    if (!is_int($config['min_resize_size']) || $config['min_resize_size'] < 0) {
        $install_errors[] = 'Invalid minimum resize size in <code>$config[\'min_resize_size\']</code>';
    }
    if (!is_int($config['max_resize_size']) || $config['max_resize_size'] < 0) {
        $install_errors[] = 'Invalid maximum resize size in <code>$config[\'max_resize_size\']</code>';
    }
    if (is_int($config['min_resize_size']) && is_int($config['max_resize_size']) && $config['min_resize_size'] > $config['max_resize_size']) {
        $install_errors[] = 'Minimum resize size can\'t be larger than maximum resize size. Please check <code>$config[\'min_resize_size\']</code> and <code>$config[\'max_resize_size\']</code>';
    }
    if (!conditional_config('multiupload')) {
        $config['multiupload_limit'] = 1;
    } else {
        if ($config['multiupload_limit'] <= 0 || $config['multiupload_limit'] == '') {
            $config['multiupload_limit'] = 0;
        }
    }
    if (!check_value(chevereto_config('file_naming')) || !in_array(chevereto_config('file_naming'), array('original', 'random', 'mixed'))) {
        $config['file_naming'] = 'original';
    }
    if (!is_numeric($config['multiupload_limit']) && !is_bool($config['multiupload_limit'])) {
        $install_errors[] = 'Invalid multiupload limit value in <code>$config[\'multiupload_limit\']</code>';
    }
    if ($config['multiupload_limit'] > 100) {
        $install_errors[] = 'Multiupload limit value can\'t be higher than 100 in <code>$config[\'multiupload_limit\']</code>';
    }
    if ($config['short_url_service'] == 'bitly') {
        $bitly_status = fetch_url('http://api.bit.ly/v3/validate?x_login='******'short_url_user'] . '&x_apiKey=' . $config['short_url_keypass'] . '&apiKey=' . $config['short_url_keypass'] . '&login='******'short_url_user'] . '&format=json');
        $bitly_json = json_decode($bitly_status);
        if ($bitly_json->data->valid !== 1) {
            $install_errors[] = 'The <a href="http://bit.ly/" target="_blank">bit.ly</a> user/api is invalid. bitly server says <code>' . $bitly_json->status_txt . '</code>. Please double check your data.';
        }
    }
    // Facebook comments
    if (use_facebook_comments() && !check_value($config['facebook_app_id'])) {
        $install_errors[] = 'You are are trying to use Facebook comments but <code>$config[\'facebook_app_id\']</code> is not setted.';
    }
    // Virtual folders
    foreach (array('virtual_folder_image', 'virtual_folder_uploaded') as $value) {
        if (!check_value($config[$value])) {
            $install_errors[] = '<code>$config[\'' . $value . '\']</code> is not setted.';
        }
    }
    // Passwords
    if ($config['user_password'] == $config['admin_password']) {
        $install_errors[] = 'Admin and user passwords must be different. Please check <code>$config[\'admin_password\']</code> and <code>$config[\'user_password\']</code>';
    }
    // Flood report email?
    if (check_value($config['flood_report_email']) && !check_email_address($config['flood_report_email'])) {
        $install_errors[] = 'It appears that <code>$config[\'flood_report_email\']</code> has a invalid email address';
    }
    // Watermark
    if (conditional_config('watermark_enable')) {
        define('__CHV_WATERMARK_FILE__', __CHV_ROOT_DIR__ . ltrim($config['watermark_image'], '/'));
        if (!is_int($config['watermark_margin'])) {
            $install_errors[] = 'Watermark margin must be integer in <code>$config[\'watermark_margin\']</code>';
        }
        if (!is_int($config['watermark_opacity'])) {
            $install_errors[] = 'Watermark opacity must be integer in <code>$config[\'watermark_opacity\']</code>';
        }
        if ($config['watermark_opacity'] > 100 or $config['watermark_opacity'] < 0) {
            $install_errors[] = 'Watermark opacity value out of limis (' . $config['watermark_opacity'] . '). <code>$config[\'watermark_opacity\']</code> must be in the range 0 to 100';
        }
        // Watermark position
        if (!check_value($config['watermark_position'])) {
            $config['watermark_position'] = 'center center';
        }
        $watermark_position = explode(' ', strtolower($config['watermark_position']));
        if (!isset($watermark_position[1])) {
            $watermark_position[1] = 'center';
        }
        if (preg_match('/^left|center|right$/', $watermark_position[0])) {
            $config['watermark_x_position'] = $watermark_position[0];
        } else {
            $install_errors[] = 'Invalid watermark horizontal position in <code>$config[\'watermark_position\']</code>';
        }
        if (preg_match('/^top|center|bottom$/', $watermark_position[1])) {
            $config['watermark_y_position'] = $watermark_position[1];
        } else {
            $install_errors[] = 'Invalid watermark vertical position in <code>$config[\'watermark_position\']</code>';
        }
        if (!file_exists(__CHV_WATERMARK_FILE__)) {
            $install_errors[] = 'Watermark image file doesn\'t exists. Please check the path in <code>$config[\'watermark_image\']</code>';
        } else {
            $watermark_image_info = get_info(__CHV_WATERMARK_FILE__);
            if ($watermark_image_info['mime'] !== 'image/png') {
                $install_errors[] = 'Watermark image file must be a PNG image in <code>$config[\'watermark_image\']</code>';
            }
        }
    }
    // Flood limits
    $flood_limits = array('minute', 'hour', 'day', 'week', 'month');
    $flood_value_error = false;
    foreach ($flood_limits as $value) {
        if (!check_value($config['max_uploads_per_' . $value]) || !is_numeric($config['max_uploads_per_' . $value])) {
            $install_errors[] = 'Invalid config value in <code>$config[\'' . $value . '\']</code>';
            $flood_value_error = true;
        }
    }
    if ($flood_value_error == false) {
        $flood_lower_than = array('minute' => array('hour', 'day', 'week', 'month'), 'hour' => array('day', 'week', 'month'), 'day' => array('week', 'month'), 'week' => array('month'));
        foreach ($flood_lower_than as $period => $lower_than) {
            foreach ($lower_than as $value) {
                if ($config['max_uploads_per_' . $period] >= $config['max_uploads_per_' . $value]) {
                    $install_errors[] = '<code>max_uploads_per_' . $period . '</code> must be lower than <code>max_uploads_per_' . $value . '</code>';
                }
            }
        }
    }
    // dB settings
    foreach (array('db_host', 'db_name', 'db_user') as $value) {
        if (!check_value($config[$value])) {
            $install_errors[] = '<code>$config[\'' . $value . '\']</code>';
        }
    }
    if (count($install_errors) == 0) {
        require_once __CHV_PATH_CLASSES__ . 'class.db.php';
        $dB = new dB();
        if ($dB->dead) {
            chevereto_die('<code>' . $dB->error . '</code>', 'Database error', array('The system has encountered a error when it try to connect to the database server.', 'Please note this error and if you need help go to <a href="http://chevereto.com/support/">Chevereto support</a>.'));
        } else {
            // Check maintenance mode
            if ($dB->get_option('maintenance') && !defined('SKIP_MAINTENANCE')) {
                $config['maintenance'] = true;
            }
        }
    }
    return count($install_errors) == 0 ? true : false;
}
Esempio n. 4
0
    $imageCount = 0;
    foreach ($image_dir as $image) {
        if (!$image->isFile() || !in_array(strtolower(pathinfo($image, PATHINFO_EXTENSION)), array('jpg', 'png', 'gif')) || file_exists(__CHV_OLD_PATH__ . $image->getFilename())) {
            continue;
        }
        $imageCount++;
    }
    return $imageCount;
}
if (!is_admin()) {
    include __CHV_PATH_SYSTEM__ . 'login.php';
    die;
}
/*** Require the dB ***/
if ($dB->dead) {
    chevereto_die(array($dB->error), 'dB error', array('There is a problem with the dB. The error reported is:', 'Please check your dB settings in the config file, if the problem persist go to our <a href="http://chevereto.com/support">Tech Support</a> area'));
    //
}
// This is actually the update tool
if (isset($_GET['ajax-update'])) {
    if (!$dB->get_option('maintenance')) {
        die(json_output(array('status_code' => 403, 'status_txt' => 'Maintenance mode is not enabled.')));
    }
    if ($_SESSION['update_info']['update_completed'] >= $_SESSION['update_info']['update_queue']) {
        die(json_output(array('status_code' => 200, 'status_txt' => 'Update completed', 'completed' => '100%')));
    }
    if (!check_permissions(array(__CHV_OLD_PATH__))) {
        die('Wrong permissions in ' . __CHV_OLD_PATH__);
    }
    define('__CHV_PATH_THUMBS__', __CHV_ROOT_DIR__ . $config['folder_thumbs'] . '/');
    $image_dir = new DirectoryIterator(__CHV_PATH_IMAGES__);