function h5u_config_save($sC, $revert = false)
{
global $CONFIG, $superCage, $lang_plugin_html5upload, $lang_common, $lang_errors;
if (!checkFormToken()) {
global $lang_errors;
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$grpn = 0;
if ($superCage->post->keyExists('h5u_gSel')) {
$grpn = (int) $superCage->post->getEscaped('h5u_gSel');
}
$grpc = $grpn ? $grpn : '';
if ($revert && $grpc) {
cpg_db_query("DELETE FROM {$CONFIG['TABLE_CONFIG']} WHERE name = 'html5upload_config{$grpc}'");
return;
}
$cfg = isset($CONFIG['html5upload_config' . $grpc]) ? unserialize($CONFIG['html5upload_config' . $grpc]) : unserialize($CONFIG['html5upload_config']);
if ($superCage->post->keyExists('upsize')) {
$uplsiz = (int) $superCage->post->getEscaped('upsize');
$uplsizm = (int) $superCage->post->getEscaped('upsizem');
for ($i = 0; $i < $uplsizm + 1; $i++) {
$uplsiz = $uplsiz << 10;
}
$cfg['upldsize'] = $uplsiz;
}
if ($superCage->post->keyExists('concurrent')) {
$cfg['concurrent'] = (int) $superCage->post->getEscaped('concurrent');
}
if ($superCage->post->keyExists('acptmime')) {
$mtypes = trim($superCage->post->getEscaped('acptmime'));
$mtypes = str_replace('"', '', $mtypes);
$mtypes = trim($mtypes);
$mtypes = preg_replace('/([^,\\s])[,\\s]+([^,\\s])/', '$1,$2', $mtypes);
$mtypes = preg_replace('/\\s+/', '', $mtypes);
$cfg['acptmime'] = $mtypes;
}
$cfg['autoedit'] = $superCage->post->keyExists('autoedit') ? 1 : 0;
$cfg['enabtitl'] = $superCage->post->keyExists('titlfld') ? 1 : 0;
$cfg['enabdesc'] = $superCage->post->keyExists('descfld') ? 1 : 0;
$cfg['enabkeys'] = $superCage->post->keyExists('keysfld') ? 1 : 0;
$cfg['enabusr1'] = $superCage->post->keyExists('usr1fld') ? 1 : 0;
$cfg['enabusr2'] = $superCage->post->keyExists('usr2fld') ? 1 : 0;
$cfg['enabusr3'] = $superCage->post->keyExists('usr3fld') ? 1 : 0;
$cfg['enabusr4'] = $superCage->post->keyExists('usr4fld') ? 1 : 0;
$scfg = cpg_db_escape_string(serialize($cfg));
if (isset($CONFIG['html5upload_config' . $grpc])) {
cpg_db_query("UPDATE {$CONFIG['TABLE_CONFIG']} SET value = '{$scfg}' WHERE name = 'html5upload_config{$grpc}'");
} else {
cpg_db_query("INSERT INTO {$CONFIG['TABLE_CONFIG']} (name, value) VALUES ('html5upload_config{$grpc}', '{$scfg}')");
}
starttable('100%', $lang_common['information']);
echo <<<EOT
\t<tr>
\t\t<td class="tableb" width="200">
\t\t\t<div class="cpg_message_info">{$lang_plugin_html5upload['saved']}</div>
\t\t</td>
\t</tr>
EOT;
endtable();
echo '<br />';
}
function get_user_data($pri_group, $groups, $default_group_id = 3)
{
//Parameters :
// $pri_group (scalar) : Group ID number of the user's 'main' group. This is the group that will be
// the user's profile display. ($USER_DATA['group_id'])
//
// $groups (array) : List of group ids of all the groups that the user is a member of. IF this list
// does not include the $pri_group, it will be added.
//
// $default_group_id (scalar) : The group used as a fall-back if no valid group ids are specified.
// If this group also does not exist then CPG will abort with a critical
// error.
//
// Returns an array containing most of the data to put into in $USER_DATA.
global $CONFIG;
foreach ($groups as $key => $val) {
if (!is_numeric($val)) {
unset($groups[$key]);
}
}
if (!in_array($pri_group, $groups)) {
array_push($groups, $pri_group);
}
$result = cpg_db_query("SELECT MAX(group_quota) AS disk_max, MIN(group_quota) AS disk_min, " . "MAX(can_rate_pictures) AS can_rate_pictures, MAX(can_send_ecards) AS can_send_ecards, " . "MAX(can_post_comments) AS can_post_comments, MAX(can_upload_pictures) AS can_upload_pictures, " . "MAX(can_create_albums) AS can_create_albums, " . "MAX(has_admin_access) AS has_admin_access, " . "MAX(access_level) AS access_level, " . "MIN(pub_upl_need_approval) AS pub_upl_need_approval, MIN( priv_upl_need_approval) AS\t priv_upl_need_approval " . "FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id in (" . implode(",", $groups) . ")");
if ($result->numRows()) {
$USER_DATA = $result->fetchAssoc(true);
$result = cpg_db_query("SELECT group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id= " . $pri_group);
$temp_arr = $result->fetchAssoc();
$USER_DATA["group_name"] = $temp_arr["group_name"];
} else {
$result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = {$default_group_id}");
if (!$result->numRows()) {
$this->synchronize_groups();
die('<strong>Coppermine critical error</strong>:<br />The group table does not contain the Anonymous group !');
}
$USER_DATA = $result->fetchAssoc(true);
}
$result->free();
$result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_CATMAP']} WHERE group_id in (" . implode(",", $groups) . ")");
if ($result->result(0, 0, true) > 0) {
$USER_DATA['can_create_public_albums'] = 1;
} else {
$USER_DATA['can_create_public_albums'] = 0;
}
$result->free();
$USER_DATA["group_quota"] = $USER_DATA["disk_min"] ? $USER_DATA["disk_max"] : 0;
$USER_DATA['can_see_all_albums'] = $USER_DATA['has_admin_access'];
$USER_DATA["group_id"] = $pri_group;
$USER_DATA['groups'] = $groups;
if (get_magic_quotes_gpc() == 0) {
$USER_DATA['group_name'] = cpg_db_escape_string($USER_DATA['group_name']);
}
return $USER_DATA;
}
function get_pic_pos($album, $pid)
{
global $USER, $CONFIG, $CURRENT_ALBUM_KEYWORD, $FORBIDDEN_SET_DATA, $USER_DATA;
global $RESTRICTEDWHERE, $FORBIDDEN_SET;
global $lang_errors;
// Regular albums
if (is_numeric($album)) {
if (count($FORBIDDEN_SET_DATA) > 0) {
$forbidden_set_string = ' AND aid NOT IN (' . implode(', ', $FORBIDDEN_SET_DATA) . ')';
} else {
$forbidden_set_string = '';
}
$album_name_keyword = get_album_name($album);
//$album_name = $album_name_keyword['title'];
$album_keyword = addslashes($album_name_keyword['keyword']);
if (!empty($album_keyword)) {
$keyword = "OR (keywords like '%{$album_keyword}%' {$forbidden_set_string} )";
} else {
$keyword = '';
}
$approved = GALLERY_ADMIN_MODE ? '' : 'AND approved=\'YES\'';
$result = cpg_db_query("SELECT filename, title, pid, position, ctime FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}");
if (!$result->numRows()) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = $result->fetchAssoc(true);
$pic['title'] = cpg_db_escape_string($pic['title']);
$sort_array = array('na' => "(filename < '{$pic['filename']}' OR filename = '{$pic['filename']}' AND pid < {$pic['pid']})", 'nd' => "(filename > '{$pic['filename']}' OR filename = '{$pic['filename']}' AND pid > {$pic['pid']})", 'ta' => "(title < '{$pic['title']}' OR title = '{$pic['title']}' AND pid < {$pic['pid']})", 'td' => "(title > '{$pic['title']}' OR title = '{$pic['title']}' AND pid > {$pic['pid']})", 'da' => "(ctime < '{$pic['ctime']}' OR ctime = '{$pic['ctime']}' AND pid < {$pic['pid']})", 'dd' => "(ctime > '{$pic['ctime']}' OR ctime = '{$pic['ctime']}' AND pid > {$pic['pid']})", 'pa' => "(position < {$pic['position']} OR position = {$pic['position']} AND pid < {$pic['pid']})", 'pd' => "(position > {$pic['position']} OR position = {$pic['position']} AND pid > {$pic['pid']})");
$sort_code = isset($USER['sort']) && $CONFIG['custom_sortorder_thumbs'] ? $USER['sort'] : $CONFIG['default_sort_order'];
$sort_order = isset($sort_array[$sort_code]) ? $sort_array[$sort_code] : $sort_array[$CONFIG['default_sort_order']];
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']}\n WHERE ((aid='{$album}' {$forbidden_set_string}) {$keyword}) {$approved}\n AND {$sort_order}";
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
}
// Meta albums
switch ($album) {
case 'lastcom':
// Latest comments
$superCage = Inspekt::makeSuperCage();
if (!$superCage->get->getInt('msg_id')) {
cpg_die(ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n INNER JOIN {$CONFIG['TABLE_COMMENTS']} AS c ON c.pid = p.pid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND approval = 'YES'\n AND msg_id > " . $superCage->get->getInt('msg_id');
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
case 'lastcomby':
// Latest comments by a specific user
if (isset($USER['uid'])) {
$uid = (int) $USER['uid'];
} else {
$uid = -1;
}
$superCage = Inspekt::makeSuperCage();
if (!$superCage->get->getInt('msg_id')) {
cpg_die(ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n INNER JOIN {$CONFIG['TABLE_COMMENTS']} AS c ON c.pid = p.pid\n {$RESTRICTEDWHERE}\n AND author_id = {$uid}\n AND approved = 'YES'\n AND approval = 'YES'\n AND msg_id > " . $superCage->get->getInt('msg_id');
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
case 'lastup':
// Latest (most recent) uploads
$query = "SELECT ctime FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$ctime = $result->result(0, 0, true);
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND (ctime > {$ctime}\n OR ctime = {$ctime} AND pid > {$pid})";
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
case 'lastupby':
// Latest (most recent) uploads by a specific user
if (isset($USER['uid'])) {
$uid = (int) $USER['uid'];
} else {
$uid = -1;
}
$query = "SELECT ctime FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$ctime = $result->result(0, 0, true);
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND p.owner_id = {$uid}\n AND approved = 'YES'\n AND (ctime > {$ctime}\n OR ctime = {$ctime} AND pid > {$pid})";
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
case 'topn':
// Most viewed files
$query = "SELECT hits FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$hits = $result->result(0, 0, true);
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND (hits > {$hits}\n OR hits = {$hits} AND pid < {$pid})";
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
case 'toprated':
// Top rated pictures
$query = "SELECT pic_rating, votes FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
list($pic_rating, $votes) = $result->fetchRow(true);
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND p.votes >= '{$CONFIG['min_votes_for_rating']}'\n AND (pic_rating > {$pic_rating}\n OR (pic_rating = {$pic_rating} AND p.votes > {$votes})\n OR (pic_rating = {$pic_rating} AND p.votes = {$votes} AND pid > {$pid}))";
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
case 'lasthits':
// Last viewed files (most recently-viewed files)
$query = "SELECT mtime FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$mtime = $result->result(0, 0, true);
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND hits > 0\n AND (mtime > '{$mtime}'\n OR mtime = '{$mtime}' AND pid < {$pid})";
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
case 'search':
// Search results
$superCage = Inspekt::makeSuperCage();
if (isset($USER['search']['search'])) {
$search_string = $USER['search']['search'];
} else {
$search_string = '';
}
$get_pic_pos = true;
include 'include/search.inc.php';
return $pos;
break;
case 'favpics':
// Favorite Files
global $FAVPICS;
if (empty($FAVPICS)) {
return 0;
}
$favs = implode(', ', $FAVPICS);
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND pid IN ({$favs})\n AND pid < {$pid}";
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
case 'datebrowse':
// Browsing by uploading date
$superCage = Inspekt::makeSuperCage();
// Using getRaw(): The date is sanitized in the called function
$date = $superCage->get->keyExists('date') ? cpgValidateDate($superCage->get->getRaw('date')) : null;
$query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND substring(from_unixtime(ctime),1,10) = '" . substr($date, 0, 10) . "'\n AND pid < {$pid}";
$result = cpg_db_query($query);
list($pos) = $result->fetchRow(true);
return $pos;
break;
default:
// Invalid/custom meta album
$pos = CPGPluginAPI::filter('meta_album_get_pic_pos', $album);
if (is_numeric($pos)) {
return $pos;
// Custom meta album
} else {
return FALSE;
// Invalid meta album
}
}
// switch
}
**********************************************/
define('IN_COPPERMINE', true);
define('DB_ECARD_PHP', true);
define('ECARDS_PHP', true);
define('SMILIES_PHP', true);
require 'include/init.inc.php';
require 'include/smilies.inc.php';
if (!$superCage->get->keyExists('data')) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
/**
* Clean up GPC and other Globals here
*/
$tmpData['data'] = @unserialize(@base64_decode($superCage->get->getRaw('data')));
if (!is_array($tmpData['data'])) {
$CLEAN['data'] = cpg_db_escape_string($tmpData['data']);
} else {
// Remove HTML tags as we can't trust what we receive
foreach ($tmpData['data'] as $key => $value) {
$CLEAN['data'][$key] = $value;
if ($key == 'pid') {
$CLEAN['data'][$key] = (int) $CLEAN['data'][$key];
} else {
$CLEAN['data'][$key] = htmlspecialchars($CLEAN['data'][$key]);
}
}
}
// attempt to obtain full link from db if ecard logging enabled and min 12 chars of data is provided and only 1 match
if (!is_array($CLEAN['data']) && $CONFIG['log_ecards'] && strlen($CLEAN['data']) > 12) {
$result = cpg_db_query("SELECT link FROM {$CONFIG['TABLE_ECARDS']} WHERE link LIKE '{$CLEAN['data']}%'");
if ($result->numRows() === 1) {
/**
* Returns the value escaped using database method.
*
* @param mixed $value
* @return string
*
* @tag filter
*/
public static function getEscaped($value)
{
if (is_array($value)) {
return self::_walkArray($value, 'getEscaped');
} elseif (!empty($value)) {
global $CONFIG;
if (isset($CONFIG['LINK_ID']) && $CONFIG['LINK_ID']) {
return cpg_db_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);
} else {
return cpg_db_escape_string(htmlspecialchars($value, ENT_QUOTES));
}
} else {
return $value;
}
}
function html5upload_install()
{
global $CONFIG, $h5a_upload;
$scfg = cpg_db_escape_string(serialize($h5a_upload->h5u_config_default));
cpg_db_query("INSERT INTO {$CONFIG['TABLE_CONFIG']} (name, value) VALUES ('html5upload_config', '{$scfg}')");
return true;
}
