Esempio n. 1
 static function load_request($allow)
     $uri = getRequestURI();
     $parts = explode('?', $uri);
     $uri = $parts[0];
     $path = ltrim(substr($uri, strlen(WEBPATH) + 1), '/');
     if (empty($path)) {
         return $allow;
     } else {
         $rest = strpos($path, '/');
         if ($rest === false) {
             if (strpos($path, '?') === 0) {
                 // only a parameter string
                 return $allow;
             $l = $path;
         } else {
             $l = substr($path, 0, $rest);
     $locale = validateLocale($l, 'seo_locale');
     if ($locale) {
         // set the language cookie and redirect to the "base" url
         zp_setCookie('dynamic_locale', $locale);
         $uri = pathurlencode(preg_replace('|/' . $l . '[/$]|', '/', $uri));
         if (isset($parts[1])) {
             $uri .= '?' . $parts[1];
         header("HTTP/1.0 302 Found");
         header("Status: 302 Found");
         header('Location: ' . $uri);
     return $allow;
Esempio n. 2
 * If in debug mode, prints the given error message and continues; otherwise redirects
 * to the given error message image and exits; designed for a production gallery.
 * @param $errormessage string the error message to print if $_GET['debug'] is set.
 * @param $errorimg string the filename of the error image to display for production. Defaults
 *   to 'err-imagegeneral.png'. Images should be located in /zen/images .
function imageError($status_text, $errormessage, $errorimg = 'err-imagegeneral.png')
    global $newfilename, $album, $image;
    $debug = isset($_GET['debug']);
    if ($debug) {
        echo '<strong>' . sprintf(gettext('Zenphoto Image Processing Error: %s'), $errormessage) . '</strong>' . '<br /><br />' . sprintf(gettext('Request URI: [ <code>%s</code> ]'), html_encode(getRequestURI())) . '<br />PHP_SELF: [ <code>' . html_encode($_SERVER['PHP_SELF']) . '</code> ]' . (empty($newfilename) ? '' : '<br />' . sprintf(gettext('Cache: [<code>%s</code>]'), '/' . CACHEFOLDER . '/' . html_encode(sanitize($newfilename, 3))) . ' ') . (empty($image) || empty($album) ? '' : ' <br />' . sprintf(gettext('Image: [<code>%s</code>]'), html_encode(sanitize($album . '/' . $image, 3))) . ' <br />');
    } else {
        if (DEBUG_IMAGE_ERR) {
            trigger_error($errormessage, E_USER_NOTICE);
        header("HTTP/1.0 {$status_text}");
        header("Status: {$status_text}");
        header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/images/' . $errorimg);
Esempio n. 3
 * If in debug mode, prints the given error message and continues; otherwise redirects
 * to the given error message image and exits; designed for a production gallery.
 * @param $errormessage string the error message to print if $_GET['debug'] is set.
 * @param $errorimg string the filename of the error image to display for production. Defaults
 *   to 'err-imagegeneral.png'. Images should be located in /zen/images .
function imageError($status_text, $errormessage, $errorimg = 'err-imagegeneral.png')
    global $newfilename, $album, $image;
    $debug = isset($_GET['debug']);
    $err = sprintf(gettext('Image Processing Error: %s'), $errormessage);
    if ($debug) {
        echo '<strong>' . $err . '</strong>';
    } else {
        if (DEBUG_IMAGE) {
            $msg = $err . "\n\t\t" . sprintf(gettext('Request URI: [%s]'), getRequestURI()) . "\n\t\t" . 'PHP_SELF: [' . sanitize($_SERVER['PHP_SELF'], 3) . ']';
            if ($newfilename) {
                $msg .= "\n\t\t" . sprintf(gettext('Cache: [%s]'), '/' . CACHEFOLDER . '/' . sanitize($newfilename, 3));
            if ($image || $album) {
                $msg .= "\n\t\t" . sprintf(gettext('Image: [%s]'), sanitize($album . '/' . $image, 3));
        header("HTTP/1.0 {$status_text}");
        header("Status: {$status_text}");
        header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/images/' . $errorimg);
Esempio n. 4
	<div id="content">
echo gettext('Zenphoto License agreement');
		<div id="container">
			<p class="notebox">
printf(gettext('This license is in English because the <em>Free Software Foundation</em> does not approve translations as officially valid. Unofficial translations are available <a href="%s">here</a>.'), '');
if (!getOption('license_accepted')) {
    $_SESSION['license_return'] = getRequestURI();
				<p class="buttons">
					<a href="<?php 
    echo FULLWEBPATH . '/' . ZENFOLDER . '/license.php?licenseAccept&amp;XSRFToken=' . getXSRFToken('ZenphotoLicense');
" alt="<?php 
    echo gettext('You must accept this license to continue to use Zenphoto.');
    echo gettext('I agree to these terms and conditions');
				<br class="clearall" />
Esempio n. 5
 * prints a form for selecting a locale
 * The POST handling is by getUserLocale() called in functions.php
function printLanguageSelector($flags = NULL)
    $languages = generateLanguageList();
    if (isset($_REQUEST['locale'])) {
        $locale = sanitize($_REQUEST['locale']);
        if (getOption('locale') != $locale) {
			<div class="errorbox">
            printf(gettext('<em>%s</em> is not available.'), html_encode($locale));
            printf(gettext('The locale %s is not supported on your server.'), html_encode($locale));
					<br />
            echo gettext('See the troubleshooting guide on for details.');
    if (is_null($flags)) {
        $flags = getOption('dynamic_locale_visual');
    if ($flags) {
		<ul class="flags">
        $currentValue = getOption('locale');
        $request = parse_url(getRequestURI());
        $separator = '?';
        if (isset($request['query'])) {
            $query = explode('&', $request['query']);
            $uri['query'] = '';
            foreach ($query as $key => $str) {
                if (preg_match('/^locale\\s*=/', $str)) {
            if (empty($query)) {
            } else {
                $request['query'] = implode('&', $query);
                $separator = '&';
        $uri = $request['path'];
        if (isset($request['query'])) {
            $uri .= '?' . $request['query'];
        foreach ($languages as $text => $lang) {
            if ($lang == $currentValue) {
                echo ' class="currentLanguage"';
            if ($lang != $currentValue) {
                switch (LOCALE_TYPE) {
                    case 2:
								<a href="<?php 
                        echo dynamic_locale::fullHostPath($lang) . html_encode($uri);
" >
                    case 1:
									<a href="<?php 
                        echo str_replace(WEBPATH, seo_locale::localePath(false, $lang), html_encode($uri));
" >
										<a href="<?php 
                        echo $uri . $separator;
                        echo $lang;
" >
            $flag = getLanguageFlag($lang);
								<img src="<?php 
            echo $flag;
" alt="<?php 
            echo $text;
" title="<?php 
            echo $text;
" />
            if ($lang != $currentValue) {
    } else {
						<form action="#" method="post">
							<input type="hidden" name="oldlocale" value="<?php 
        echo getOption('locale');
" />
							<select id="dynamic-locale" class="languageselect" name="locale" onchange="this.form.submit()">
        $currentValue = getOption('locale');
        foreach ($languages as $key => $item) {
            echo '<option class="languageoption" value="' . html_encode($item) . '"';
            if ($item == $currentValue) {
                echo ' selected="selected"';
            echo ' >';
            echo html_encode($key) . "</option>\n";
Esempio n. 6
     * Prints the feed xml
    public function printFeed()
        global $_zp_gallery;
        $feeditems = $this->getitems();
        if (is_array($feeditems)) {
            header('Content-Type: application/xml');
			<external version="1.0" >
            if ($this->key) {
                $key = md5($this->key . serialize($_SERVER));
                query('UPDATE ' . prefix('plugin_storage') . ' SET `data`=' . db_quote($key) . ' WHERE `type`="externalFeed" AND `data`=' . db_quote($this->key));
                echo $key;

					<link href="<?php 
            echo PROTOCOL;
            echo $this->host;
            echo html_encode(getRequestURI());
" />
            echo $this->locale_xml;
            foreach ($feeditems as $feeditem) {
                switch ($this->feedtype) {
                    case 'gallery':
                        $item = $this->getItemGallery($feeditem);
                    case 'news':
                        $item = $this->getItemNews($feeditem);
                    case 'pages':
                        $item = $this->getitemPages($feeditem, getOption('externalFeed_truncate_length'));
                    case 'comments':
                        $item = $this->getitemComments($feeditem);
                        $item = $feeditem;
                echo $item['title'];
                echo PROTOCOL . '://' . $_SERVER['HTTP_HOST'] . WEBPATH . '/' . html_encode(ltrim($item['link'], '/'));
                echo $item['desc'];
                if (!empty($item['enclosure'])) {
                    echo $item['enclosure'] . "\n";
                    //prints xml as well
                if (!empty($item['category'])) {
                    echo $item['category'];
                if (!empty($item['media_content'])) {
                    echo $item['media_content'] . "\n";
                    //prints xml as well
                if (!empty($item['media_thumbnail'])) {
                    echo $item['media_thumbnail'] . "\n";
                    //prints xml as well
                echo $item['pubdate'];
            // foreach
Esempio n. 7
     * Prints html meta data to be used in the <head> section of a page
    static function getHTMLMetaData()
        global $_zp_gallery, $_zp_galley_page, $_zp_current_album, $_zp_current_image, $_zp_current_zenpage_news, $_zp_current_zenpage_page, $_zp_gallery_page, $_zp_current_category, $_zp_authority, $_zp_conf_vars, $_myFavorites, $htmlmetatags_need_cache, $_zp_page;
        zp_register_filter('image_processor_uri', 'htmlmetatags::ipURI');
        $host = sanitize("http://" . $_SERVER['HTTP_HOST']);
        $url = $host . getRequestURI();
        // Convert locale shorttag to allowed html meta format
        $locale = str_replace("_", "-", getUserLocale());
        $canonicalurl = '';
        // generate page title, get date
        $pagetitle = "";
        // for gallery index setup below switch
        $date = strftime(DATE_FORMAT);
        // if we don't have a item date use current date
        $desc = getBareGalleryDesc();
        $thumb = '';
        if (getOption('htmlmeta_sitelogo')) {
            $thumb = getOption('htmlmeta_sitelogo');
        if (getOption('htmlmeta_og-image') || getOption('htmlmeta_twittercard')) {
            $ogimage_width = getOption('htmlmeta_ogimage_width');
            $ogimage_height = getOption('htmlmeta_ogimage_height');
            if (empty($ogimage_width)) {
                $ogimage_width = 1280;
            if (empty($ogimage_height)) {
                $ogimage_height = 900;
        $type = 'article';
        switch ($_zp_gallery_page) {
            case 'index.php':
                $desc = getBareGalleryDesc();
                //$canonicalurl = $host . getGalleryIndexURL();
                $canonicalurl = $host . getPageNumURL($_zp_page);
                $type = 'website';
            case 'album.php':
                $pagetitle = getBareAlbumTitle() . " - ";
                $date = getAlbumDate();
                $desc = getBareAlbumDesc();
                $canonicalurl = $host . getPageNumURL($_zp_page);
                if (getOption('htmlmeta_og-image') || getOption('htmlmeta_twittercard')) {
                    $thumbimg = $_zp_current_album->getAlbumThumbImage();
                    getMaxSpaceContainer($ogimage_width, $ogimage_height, $thumbimg, false);
                    $thumb = $host . html_encode(pathurlencode($thumbimg->getCustomImage(NULL, $ogimage_width, $ogimage_height, NULL, NULL, NULL, NULL, false, NULL)));
            case 'image.php':
                $pagetitle = getBareImageTitle() . " (" . getBareAlbumTitle() . ") - ";
                $date = getImageDate();
                $desc = getBareImageDesc();
                $canonicalurl = $host . getImageURL();
                if (getOption('htmlmeta_og-image') || getOption('htmlmeta_twittercard')) {
                    $thumb = $host . html_encode(pathurlencode(getCustomSizedImageMaxSpace($ogimage_width, $ogimage_height)));
            case 'news.php':
                if (function_exists("is_NewsArticle")) {
                    if (is_NewsArticle()) {
                        $pagetitle = getBareNewsTitle() . " - ";
                        $date = getNewsDate();
                        $desc = trim(getBare(getNewsContent()));
                        $canonicalurl = $host . $_zp_current_zenpage_news->getLink();
                    } else {
                        if (is_NewsCategory()) {
                            $pagetitle = $_zp_current_category->getTitlelink() . " - ";
                            $date = strftime(DATE_FORMAT);
                            $desc = trim(getBare($_zp_current_category->getDesc()));
                            $canonicalurl = $host . $_zp_current_category->getLink();
                            $type = 'category';
                        } else {
                            $pagetitle = gettext('News') . " - ";
                            $desc = '';
                            $canonicalurl = $host . getNewsIndexURL();
                            $type = 'website';
                    if ($_zp_page != 1) {
                        $canonicalurl .= '/' . $_zp_page;
            case 'pages.php':
                $pagetitle = getBarePageTitle() . " - ";
                $date = getPageDate();
                $desc = trim(getBare(getPageContent()));
                $canonicalurl = $host . $_zp_current_zenpage_page->getLink();
                // for all other possible static custom pages
                $custompage = stripSuffix($_zp_gallery_page);
                $standard = array('contact' => gettext('Contact'), 'register' => gettext('Register'), 'search' => gettext('Search'), 'archive' => gettext('Archive view'), 'password' => gettext('Password required'));
                if (is_object($_myFavorites)) {
                    $standard['favorites'] = gettext('My favorites');
                if (array_key_exists($custompage, $standard)) {
                    $pagetitle = $standard[$custompage] . " - ";
                } else {
                    $pagetitle = $custompage . " - ";
                $desc = '';
                $canonicalurl = $host . getCustomPageURL($custompage);
                if ($_zp_page != 1) {
                    $canonicalurl .= '/' . $_zp_page;
        // shorten desc to the allowed 200 characters if necesssary.
        $desc = html_encode(trim(substr(getBare($desc), 0, 160)));
        $pagetitle = $pagetitle . getBareGalleryTitle();
        // get master admin
        $admin = $_zp_authority->getMasterUser();
        $author = $admin->getName();
        $meta = '';
        if (getOption('htmlmeta_http-equiv-cache-control')) {
            $meta .= '<meta http-equiv="Cache-control" content="' . getOption("htmlmeta_cache_control") . '">' . "\n";
        if (getOption('htmlmeta_http-equiv-pragma')) {
            $meta .= '<meta http-equiv="pragma" content="' . getOption("htmlmeta_pragma") . '">' . "\n";
        if (getOption('htmlmeta_name-keywords')) {
            $meta .= '<meta name="keywords" content="' . htmlmetatags::getMetaKeywords() . '">' . "\n";
        if (getOption('htmlmeta_name-description')) {
            $meta .= '<meta name="description" content="' . $desc . '">' . "\n";
        if (getOption('htmlmeta_name-page-topic')) {
            $meta .= '<meta name="page-topic" content="' . $desc . '">' . "\n";
        if (getOption('htmlmeta_name-robots')) {
            $meta .= '<meta name="robots" content="' . getOption("htmlmeta_robots") . '">' . "\n";
        if (getOption('htmlmeta_name-publisher')) {
            $meta .= '<meta name="publisher" content="' . FULLWEBPATH . '">' . "\n";
        if (getOption('htmlmeta_name-creator')) {
            $meta .= '<meta name="creator" content="' . FULLWEBPATH . '">' . "\n";
        if (getOption('htmlmeta_name-author')) {
            $meta .= '<meta name="author" content="' . $author . '">' . "\n";
        if (getOption('htmlmeta_name-copyright')) {
            $meta .= '<meta name="copyright" content=" (c) ' . FULLWEBPATH . ' - ' . $author . '">' . "\n";
        if (getOption('htmlmeta_name-rights')) {
            $meta .= '<meta name="rights" content="' . $author . '">' . "\n";
        if (getOption('htmlmeta_name-generator')) {
            $meta .= '<meta name="generator" content="Zenphoto ' . ZENPHOTO_VERSION . '">' . "\n";
        if (getOption('htmlmeta_name-revisit-after')) {
            $meta .= '<meta name="revisit-after" content="' . getOption("htmlmeta_revisit_after") . '">' . "\n";
        if (getOption('htmlmeta_name-expires')) {
            $expires = getOption("htmlmeta_expires");
            if ($expires == (int) $expires) {
                $expires = preg_replace('|\\s\\-\\d+|', '', date('r', time() + $expires)) . ' GMT';
            $meta .= '<meta name="expires" content="' . $expires . '">' . "\n";
        // OpenGraph meta
        if (getOption('htmlmeta_og-title')) {
            $meta .= '<meta property="og:title" content="' . $pagetitle . '">' . "\n";
        if (getOption('htmlmeta_og-image') && !empty($thumb)) {
            $meta .= '<meta property="og:image" content="' . $thumb . '">' . "\n";
        if (getOption('htmlmeta_og-description')) {
            $meta .= '<meta property="og:description" content="' . $desc . '">' . "\n";
        if (getOption('htmlmeta_og-url')) {
            $meta .= '<meta property="og:url" content="' . html_encode($url) . '">' . "\n";
        if (getOption('htmlmeta_og-type')) {
            $meta .= '<meta property="og:type" content="' . $type . '">' . "\n";
        // Social network extras
        if (getOption('htmlmeta_name-pinterest')) {
            $meta .= '<meta name="pinterest" content="nopin">' . "\n";
        // dissalow users to pin images on Pinterest
        // Twitter card
        $twittername = getOption('htmlmeta_twittername');
        if (getOption('htmlmeta_twittercard') || !empty($twittername)) {
            $meta .= '<meta property="twitter:creator" content="' . $twittername . '">' . "\n";
            $meta .= '<meta property="twitter:site" content="' . $twittername . '">' . "\n";
            $meta .= '<meta property="twitter:card" content="summary">' . "\n";
            $meta .= '<meta property="twitter:title" content="' . $pagetitle . '">' . "\n";
            $meta .= '<meta property="twitter:description" content="' . $desc . '">' . "\n";
            if (!empty($thumb)) {
                $meta .= '<meta property="twitter:image" content="' . $thumb . '">' . "\n";
        // Canonical url
        if (getOption('htmlmeta_canonical-url')) {
            $meta .= '<link rel="canonical" href="' . $canonicalurl . '">' . "\n";
            if (METATAG_LOCALE_TYPE) {
                $langs = generateLanguageList();
                if (count($langs) != 1) {
                    foreach ($langs as $text => $lang) {
                        $langcheck = zpFunctions::getLanguageText($lang, '-');
                        //	for hreflang we need en-US
                        if ($langcheck != $locale) {
                            switch (METATAG_LOCALE_TYPE) {
                                case 1:
                                    $altlink = seo_locale::localePath(true, $lang);
                                case 2:
                                    $altlink = dynamic_locale::fullHostPath($lang);
                            switch ($_zp_gallery_page) {
                                case 'index.php':
                                    $altlink .= '/';
                                case 'gallery.php':
                                    $altlink .= '/' . _PAGE_ . '/gallery';
                                case 'album.php':
                                    $altlink .= '/' . html_encode($_zp_current_album->name) . '/';
                                case 'image.php':
                                    $altlink .= '/' . html_encode($_zp_current_album->name) . '/' . html_encode($_zp_current_image->filename) . IM_SUFFIX;
                                case 'news.php':
                                    if (function_exists("is_NewsArticle")) {
                                        if (is_NewsArticle()) {
                                            $altlink .= '/' . _NEWS_ . '/' . html_encode($_zp_current_zenpage_news->getTitlelink());
                                        } else {
                                            if (is_NewsCategory()) {
                                                $altlink .= '/' . _NEWS_ . '/' . html_encode($_zp_current_category->getTitlelink());
                                            } else {
                                                $altlink .= '/' . _NEWS_;
                                case 'pages.php':
                                    $altlink .= '/' . _PAGES_ . '/' . html_encode($_zp_current_zenpage_page->getTitlelink());
                                case 'archive.php':
                                    $altlink .= '/' . _ARCHIVE_;
                                case 'search.php':
                                    $altlink .= '/' . _SEARCH_ . '/';
                                case 'contact.php':
                                    $altlink .= '/' . _CONTACT_ . '/';
                                    // for all other possible none standard custom pages
                                    $altlink .= '/' . _PAGE_ . '/' . html_encode($pagetitle);
                            // switch
                            //append page number if needed
                            switch ($_zp_gallery_page) {
                                case 'index.php':
                                case 'album.php':
                                    if ($_zp_page != 1) {
                                        $altlink .= _PAGE_ . '/' . $_zp_page . '/';
                                case 'gallery.php':
                                case 'news.php':
                                    if ($_zp_page != 1) {
                                        $altlink .= '/' . $_zp_page;
                            $meta .= '<link rel="alternate" hreflang="' . $langcheck . '" href="' . $altlink . '">' . "\n";
                        // if lang
                    // foreach
                // if count
            // if option
        // if canonical
        if (!empty($htmlmetatags_need_cache)) {
            $meta .= '<script type="text/javascript">' . "\n";
            $meta .= 'var caches = ["' . implode('","', $htmlmetatags_need_cache) . '"];' . "\n";
            $meta .= '
					window.onload = function() {
						var index,value;
						for (index in caches) {
								value = caches[index];
									cache: false,
									type: "GET",
									url: value
            $meta .= '</script>' . "\n";
        zp_remove_filter('image_processor_uri', 'htmlmetatags::ipURI');
        echo $meta;
 * Returns a redirection link for the password form
 * @return string
function getPageRedirect()
    global $_zp_login_error, $_zp_password_form_printed, $_zp_current_search, $_zp_gallery_page, $_zp_current_album, $_zp_current_image, $_zp_current_zenpage_news;
    switch ($_zp_gallery_page) {
        case 'index.php':
            $action = '/index.php';
        case 'album.php':
            $action = '/index.php?userlog=1&album=' . pathurlencode($_zp_current_album->name);
        case 'image.php':
            $action = '/index.php?userlog=1&album=' . pathurlencode($_zp_current_album->name) . '&image=' . urlencode($_zp_current_image->filename);
        case 'pages.php':
            $action = '/index.php?userlog=1&p=pages&title=' . urlencode(getPageTitlelink());
        case 'news.php':
            $action = '/index.php?userlog=1&p=news';
            if (!is_null($_zp_current_zenpage_news)) {
                $action .= '&title=' . urlencode($_zp_current_zenpage_news->getTitlelink());
        case 'password.php':
            $action = str_replace(SEO_WEBPATH, '', getRequestURI());
            if ($action == '/' . _PAGE_ . '/password' || $action == '/index.php?p=password') {
                $action = '/index.php';
            if (in_context(ZP_SEARCH)) {
                $action = '/index.php?userlog=1&p=search' . $_zp_current_search->getSearchParams();
            } else {
                $action = '/index.php?userlog=1&p=' . substr($_zp_gallery_page, 0, -4);
    return SEO_WEBPATH . $action;
Esempio n. 9

 * Form for registering users
 * @package plugins
 * @subpackage users
$action = preg_replace('/\\?verify=(.*)/', '', getRequestURI());
<div id="registration_form">
	<form action="<?php 
echo $action;
" method="post" autocomplete="off">
		<input type="hidden" name="register_user" value="yes" />
		<p style="display:none;">
			<label for="username"><?php 
echo gettext("Username* (this will be your user username)");
			<input type="text" id="username" name="username" value="" size="<?php 
" />
			<label for="adminuser">
if ($emailid = getOption('register_user_email_is_id')) {
Esempio n. 10
    static function ad_removeButton($obj, $id, $v, $add, $instance, $multi)
        global $_myFavorites;
        $table = $obj->table;
        if ($v) {
            $tag = '_add';
        } else {
            $tag = '_remove';
        if ($instance && $multi) {
            $add .= '[' . $instance . ']';
		<form name="<?php 
        echo $table . $obj->getID();
        echo $instance . $tag;
" class = "<?php 
        echo $table;
        echo $tag;
"  action = "<?php 
        echo html_encode(getRequestURI());
" method = "post" accept-charset = "UTF-8">
			<input type = "hidden" name = "addToFavorites" value = "<?php 
        echo $v;
" />
			<input type = "hidden" name = "type" value = "<?php 
        echo html_encode($table);
" />
			<input type = "hidden" name = "id" value = "<?php 
        echo html_encode($id);
" />
			<input type = "submit" class = "button buttons" value = "<?php 
        echo $add;
" title = "<?php 
        echo $add;
        if ($v) {
            if ($multi) {
					<span class="tagSuggestContainer">
						<input type="text" name="instance" class="favorite_instance" value="" />
        } else {
				<input type="hidden" name="instance" value="<?php 
            echo $_myFavorites->instance;
" />
Esempio n. 11
 * Checks if protocol not https and redirects if https required
function httpsRedirect()
    if (defined('SERVER_PROTOCOL') && SERVER_PROTOCOL == 'https_admin') {
        // force https login
        if (!isset($_SERVER["HTTPS"])) {
            $redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI();
Esempio n. 12
     * places a selector so a user may change thems
     * @param string $text link text
    static function controlLink($textIn = NULL)
        global $_zp_gallery, $_themeSwitcherThemelist, $_zp_gallery_page;
        if (self::active()) {
            $themes = array();
            foreach ($_zp_gallery->getThemes() as $theme => $details) {
                if ($_themeSwitcherThemelist[$theme]) {
                    if (getPlugin($_zp_gallery_page, $theme)) {
                        $themes[$details['name']] = $theme;
            $text = $textIn;
            if (empty($text)) {
                $text = gettext('Theme');
            $reloc = pathurlencode(trim(preg_replace('~themeSwitcher=.*?&~', '', getRequestURI() . '&'), '?&'));
            if (strpos($reloc, '?')) {
                $reloc .= '&themeSwitcher=%t';
            } else {
                $reloc .= '?themeSwitcher=%t';
            $theme = $_zp_gallery->getCurrentTheme();
            $icon = zp_apply_filter('iconColor', getPlugin('themeSwitcher/menu.png', true, true));
			<div class="themeSwitcherMenuMain themeSwitcherMenu themeSwitcherControl">
				<img src="<?php 
            echo $icon;
" onclick="$('.themeSwitcherControl').toggle();" title="<?php 
            echo gettext('Switch themes');
" />
			<div class="themeSwitcherControlLink themeSwitcherControl" style="display:none;">
				<div class="themeSwitcherMenu">
					<img src="<?php 
            echo WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER;
/themeSwitcher/menu.png" onclick="$('.themeSwitcherControl').toggle();" title="<?php 
            echo gettext('Close');
" />
            echo $text;
				<select name="themeSwitcher" id="themeSwitcher" onchange="switchTheme('<?php 
            echo html_encode($reloc);
')" title="<?php 
            echo gettext("Themes will not show in this list if selecting them would result in a “not found” error.");
            generateListFromArray(array($theme), $themes, false, true);
            zp_apply_filter('themeSwitcher_Controllink', $theme);
        return $textIn;
Esempio n. 13
 * "Rewrite" handling for zenphoto
 * The basic rules are found in the zenphoto-rewrite.txt file. Additional rules can be provided by plugins. But
 * for the plugin to load in time for the rules to be seen it must be either a CLASS_PLUGIN or a FEATURE_PLUGIN.
 * Plugins add rules by inserting them into the $_zp_conf_vars['special_pages'] array. Each "rule" is an array
 * of three elements: <var>define</var>, <var>rewrite</var>, and (optionally) <var>rule</rule>.
 * Elemments which have a <var>define</var> and no <var>rule</rule> are processed by rewrite rules in the
 * zenphoto-rewrite.txt file and the <var>define</var> is used internally to zenphoto to reference
 * the rewrite text when building links.
 * Elements with a <var>rule</rule> defined are processed after Search, Pages, and News rewrite rules and before
 * Image and album rewrite rules. The tag %REWRITE% in the rule is replaced with the <var>rewrite</var> text
 * before processing the rule. Thus <var>rewrite</var> is the token that should appear in the acutal URL.
 * It makes no sense to have an element without either a <var>define</var> or a <var>rule</rule> as nothing will happen.
 * At present all rules are presumed to to stop processing the rule set. Historically that is what all our rules have done, but I suppose
 * we could change that. The "R" flag may be used to cause a <var>header</var> status to be sent. However, we do not redirect
 * back to index.php, so the "R" flag is only useful if the target is a different script.
 * @author Stephen Billard (sbillard)
 * @package admin
function rewriteHandler()
    global $_zp_conf_vars, $_zp_rewritten;
    $_zp_rewritten = false;
    $definitions = array();
    //	query parameters should already be loaded into the $_GET and $_REQUEST arrays, so we discard them here
    $request = explode('?', getRequestURI());
    //rewrite base
    $requesturi = ltrim(substr($request[0], strlen(WEBPATH)), '/');
    list($definitions, $rules) = getRules();
    //process the rules
    foreach ($rules as $rule) {
        if ($rule = trim($rule)) {
            if ($rule[0] != '#') {
                if (preg_match('~^rewriterule~i', $rule)) {
                    // it is a rewrite rule, see if it is applicable
                    $rule = strtr($rule, $definitions);
                    preg_match('~^rewriterule\\s+(.*?)\\s+(.*?)\\s*\\[(.*)\\]$~i', $rule, $matches);
                    if (array_key_exists(1, $matches)) {
                        if (preg_match('~' . $matches[1] . '~', $requesturi, $subs)) {
                            $params = array();
                            //	setup the rule replacement values
                            foreach ($subs as $key => $sub) {
                                $params['$' . $key] = urlencode($sub);
                                // parse_str is going to decode the string!
                            //	parse rewrite rule flags
                            $flags = array();
                            $banner = explode(',', strtoupper($matches[3]));
                            foreach ($banner as $flag) {
                                $flag = strtoupper(trim($flag));
                                $f = explode('=', $flag);
                                $flags[trim($f[0])] = isset($f[1]) ? trim($f[1]) : NULL;
                            if (!array_key_exists('QSA', $flags)) {
                                //	QSA means merge the query parameters. Otherwise we clear them
                                $_REQUEST = array_diff($_REQUEST, $_GET);
                                $_GET = array();
                            preg_match('~(.*?)\\?(.*)~', $matches[2], $action);
                            if (empty($action)) {
                                $action[1] = $matches[2];
                            if (array_key_exists(2, $action)) {
                                //	process the rules replacements
                                $query = strtr($action[2], $params);
                                parse_str($query, $gets);
                                $_GET = array_merge($_GET, $gets);
                                $_REQUEST = array_merge($_REQUEST, $gets);
                            //	we will execute the index.php script in due course. But if the rule
                            //	action takes us elsewhere we will have to re-direct to that script.
                            if (isset($action[1]) && $action[1] != 'index.php') {
                                $qs = http_build_query($_GET);
                                if ($qs) {
                                    $qs = '?' . $qs;
                                if (array_key_exists('R', $flags)) {
                                    header('Status: ' . $flags['R']);
                                header('Location: ' . WEBPATH . '/' . $action[1] . $qs);
                            $_zp_rewritten = true;
                    } else {
                        zp_error(sprintf(gettext('Error processing rewrite rule: “%s”'), trim(preg_replace('~^rewriterule~i', '', $rule))), E_USER_WARNING);
                } else {
                    if (preg_match('~define\\s+(.*?)\\s*\\=\\>\\s*(.*)$~i', $rule, $matches)) {
                        //	store definitions
                        eval('$definitions[$matches[1]] = ' . $matches[2] . ';');
Esempio n. 14
function print404status()
    global $_404_data;
    list($album, $image, $galleryPage, $theme, $page) = $_404_data;
    if (DEBUG_404) {
        $list = explode('/', $album);
        if (array_shift($list) != 'cache') {
            $target = getRequestURI();
            if (!in_array($target, array(WEBPATH . '/favicon.ico', WEBPATH . '/zp-data/tést.jpg'))) {
                $output = "404 error details\n\t\t\tSERVER:\n";
                foreach (array('REQUEST_URI', 'HTTP_REFERER', 'REMOTE_ADDR', 'REDIRECT_STATUS') as $key) {
                    if (is_null(@$_SERVER[$key])) {
                        $value = 'NULL';
                    } else {
                        $value = "'{$_SERVER[$key]}'";
                    $output .= "\t\t\t\t\t{$key}\t=>\t{$value}\n";
                $output .= "\t\t\tREQUEST:\n";
                $request = $_REQUEST;
                $request['theme'] = $theme;
                if (!empty($image)) {
                    $request['image'] = $image;
                foreach ($request as $key => $value) {
                    $output .= "\t\t\t\t\t{$key}\t=>\t'{$value}'\n";
    echo "\n<strong>" . gettext("Error:</strong> the requested object was not found.");
    if ($album) {
        echo '<br />' . sprintf(gettext('Album: %s'), html_encode($album));
        if ($image) {
            echo '<br />' . sprintf(gettext('Image: %s'), html_encode($image));
    } else {
        echo '<br />' . sprintf(gettext('Page: %s'), html_encode(substr(basename($galleryPage), 0, -4)));
    if ($page > 1) {
        echo '/' . $page;
Esempio n. 15
 * Parses the verification and registration if they have occurred
 * places the user registration form
 * @param string $thanks the message shown on successful registration
function printRegistrationForm($thanks = NULL)
    global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message;
    require_once SERVERPATH . '/' . ZENFOLDER . '/admin-functions.php';
    $userobj = NULL;
    // handle any postings
    if (isset($_GET['verify'])) {
        $currentadmins = $_zp_authority->getAdministrators();
        $params = unserialize(pack("H*", trim(sanitize($_GET['verify']), '.')));
        // expung the verify query string as it will cause us to come back here if login fails.
        $_link = explode('?', getRequestURI());
        $p = array();
        if (isset($_link[1])) {
            $p = explode('&', $_link[1]);
            foreach ($p as $k => $v) {
                if (strpos($v, 'verify=') === 0) {
        $_SERVER['REQUEST_URI'] = $_link[0];
        if (!empty($p)) {
            $_SERVER['REQUEST_URI'] .= '?' . implode('&', $p);
        $userobj = $_zp_authority->getAnAdmin(array('`user`=' => $params['user'], '`valid`=' => 1));
        if ($userobj && $userobj->getEmail() == $params['email']) {
            if (!$userobj->getRights()) {
                $userobj->setCredentials(array('registered', 'user', 'email'));
                $rights = getOption('register_user_user_rights');
                $group = NULL;
                if (!is_numeric($rights)) {
                    //  a group or template
                    $admin = $_zp_authority->getAnAdmin(array('`user`=' => $rights, '`valid`=' => 0));
                    if ($admin) {
                        if ($admin->getName() != 'template') {
                            $group = $rights;
                        $rights = $admin->getRights();
                    } else {
                        $rights = NO_RIGHTS;
                $userobj->setRights($rights | NO_RIGHTS);
                zp_apply_filter('register_user_verified', $userobj);
                if (getOption('register_user_notify')) {
                    $_notify = zp_mail(gettext('ZenPhoto20 Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail()));
                if (empty($_notify)) {
                    if (getOption('register_user_create_album')) {
                    $_notify = 'verified';
                    $_POST['user'] = $userobj->getUser();
            } else {
                $_notify = 'already_verified';
        } else {
            $_notify = 'not_verified';
            // User ID no longer exists
    if (isset($_GET['login'])) {
        //presumably the user failed to login....
        $_notify = 'loginfailed';
    if (zp_loggedin()) {
        if (isset($_GET['login'])) {
            echo '<meta http-equiv="refresh" content="1; url=' . WEBPATH . '/">';
        } else {
            echo '<div class="errorbox fade-message">';
            echo '<h2>' . gettext("you are already logged in.") . '</h2>';
            echo '</div>';
    if (isset($_GET['login'])) {
        //presumably the user failed to login....
        $_notify = 'loginfailed';
    if (!empty($_notify)) {
        switch ($_notify) {
            case 'verified':
                if (is_null($thanks)) {
                    $thanks = gettext("Thank you for registering.");
				<div class="Messagebox fade-message">
                echo $thanks;
                echo gettext('You may now log onto the site and verify your personal information.');
            case 'already_verified':
            case 'loginfailed':
                $_link = getRequestURI();
                if (strpos($_link, '?') === false) {
                    $_SERVER['REQUEST_URI'] = $_link . '?login=true';
                } else {
                    $_SERVER['REQUEST_URI'] = $_link . '&login=true';
                require_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_login-out.php';
                printPasswordForm(NULL, true, false, WEBPATH . '/' . ZENFOLDER . '/admin-users.php?page=users');
                $_notify = 'success';
            case 'honeypot':
                //pretend it was accepted
            //pretend it was accepted
            case 'accepted':
				<div class="Messagebox fade-message">
                echo gettext('Your registration information has been accepted. An email has been sent to you to verify your email address.');
                if ($_notify != 'honeypot') {
                    $_notify = 'success';
                // of course honeypot catches are no success!
            case 'exists':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                printf(gettext('The user ID <em>%s</em> is already in use.'), $user);
            case 'dup_email':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                printf(gettext('A user with the e-mail <em>%s</em> already exists.'), $admin_e);
            case 'empty':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                echo gettext('Passwords may not be empty.');
            case 'mismatch':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                echo gettext('Your passwords did not match.');
            case 'incomplete':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                echo gettext('You have not filled in all the fields.');
            case 'notverified':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                echo gettext('Invalid verification link.');
            case 'invalidemail':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                echo gettext('Enter a valid email address.');
            case 'invalidcaptcha':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                echo gettext('The CAPTCHA you entered was not correct.');
            case 'not_verified':
				<div class="errorbox fade-message">
                echo gettext("Verification failed.");
                echo gettext('Your registration request could not be completed.');
            case 'filter':
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                if (is_object($userobj) && !empty($userobj->msg)) {
                    echo $userobj->msg;
                } else {
                    echo gettext('Your registration attempt failed a <code>register_user_registered</code> filter check.');
				<div class="errorbox fade-message">
                echo gettext("Registration failed.");
                echo $_notify;
    if ($_notify != 'success') {
        $form = getPlugin('register_user/register_user_form.php', true);
        require_once $form;
 * Checks to see if the current URL is a query string url when mod_rewrite is active.
 * If so it will redirects to the rewritten URL with a 301 Moved Permanently.
function fix_path_redirect()
    if (MOD_REWRITE) {
        $request_uri = getRequestURI(false);
        $parts = parse_url($request_uri);
        $redirectURL = NULL;
        if (isset($parts['path'])) {
            // don't know how this can happen, but if it does, don't redirect
            if (isset($parts['query'])) {
                parse_str($parts['query'], $query);
                $redirectURL = zpRewriteURL($query);
            } else {
                $query = array();
            if (isset($_GET['album'])) {
                if (isset($_GET['image'])) {
                    //image URLs should not end in a slash
                    if (substr($parts['path'], -1, 1) == '/') {
                        $redirectURL = zpRewriteURL($_GET);
                } else {
                    //album URLs should end in a slash for consistency
                    if (substr($parts['path'], -1, 1) != '/') {
                        $redirectURL = zpRewriteURL($_GET);
            if (isset($_GET['p'])) {
                switch ($_GET['p']) {
                    case 'news':
                        if (isset($_GET['title'])) {
                            //article URLs should not end in slash
                            if (substr($parts['path'], -1, 1) == '/') {
                                $redirectURL = zpRewriteURL($_GET);
                        } else {
                            //should be news/
                            if (substr($parts['path'], -1, 1) != '/') {
                                $redirectURL = zpRewriteURL($_GET);
                    case 'search':
                        if (isset($_GET['date'])) {
                            if (substr($parts['path'], -1, 1) != '/') {
                                $redirectURL = zpRewriteURL($_GET);
            //page numbers do not have trailing slash
            if (isset($_GET['page'])) {
                if (substr($parts['path'], -1, 1) == '/') {
                    $redirectURL = zpRewriteURL($_GET);
            if ($redirectURL) {
                $parts2 = parse_url($redirectURL);
                if (isset($parts2['query'])) {
                    parse_str($parts2['query'], $query2);
                } else {
                    $query2 = array();
                if ($query != $query2 || preg_replace('~^' . WEBPATH . '/~', '', $parts['path']) != preg_replace('~^' . WEBPATH . '/~', '', html_encode($parts['path']))) {
                    header("HTTP/1.0 301 Moved Permanently");
                    header("Status: 301 Moved Permanently");
                    header('Location: ' . FULLWEBPATH . '/' . preg_replace('~^' . WEBPATH . '/~', '', $redirectURL));
Esempio n. 17
 * Prints a download link for an album zip of the current album (therefore to be used only on album.php/image.php).
 * This function only creates a download count and then redirects to the original Zenphoto album zip download.
 * @param string $linktext
 * @param object $albumobj
 * @param bool $fromcache if true get the images from the cache
function printDownloadAlbumZipURL($linktext = NULL, $albumobj = NULL, $fromcache = NULL)
    global $_zp_current_album;
    $request = parse_url(getRequestURI());
    if (isset($request['query'])) {
        $query = parse_query($request['query']);
    } else {
        $query = array();
    if (is_null($albumobj)) {
        $albumobj = $_zp_current_album;
    if (!is_null($albumobj) && !$albumobj->isDynamic()) {
        $file = $albumobj->name . '.zip';
        if (getOption('downloadList_showdownloadcounter')) {
            $downloaditem = DownloadList::getListItemFromDB($file);
            if ($downloaditem) {
                $downloadcount = ' - ' . sprintf(ngettext('%u download', '%u downloads', $downloaditem['data']), $downloaditem['data']);
            } else {
                $downloadcount = ' - ' . gettext('0 downloads');
            $filesize = '<small>' . $downloadcount . '</small>';
        } else {
            $filesize = '';
        if (!empty($linktext)) {
            $file = $linktext;
        $query['download'] = $albumobj->name;
        $query['albumzip'] = 'true';
        if ($fromcache) {
            $query['fromcache'] = 'true';
        $link = FULLWEBPATH . '/' . preg_replace('~^' . WEBPATH . '/~', '', $request['path']) . '?' . http_build_query($query);
        echo '<a href="' . html_encode($link) . '" rel="nofollow" class="downloadlist_link">' . html_encode($file) . '</a>' . $filesize;
 * Checks to see if the current URL is a query string url when mod_rewrite is active.
 * If so it will redirects to the rewritten URL with a 301 Moved Permanently.
function fix_path_redirect()
    if (MOD_REWRITE) {
        $request_uri = getRequestURI();
        $parts = parse_url($request_uri);
        if (isset($parts['query'])) {
            parse_str($parts['query'], $query);
            $redirectURL = zpRewriteURL($query);
            if ($redirectURL) {
                header("HTTP/1.0 301 Moved Permanently");
                header("Status: 301 Moved Permanently");
                header('Location: ' . FULLWEBPATH . '/' . $redirectURL);
Esempio n. 19
  * Logs blocked accesses to Managed albums
  * @param bool $allow set to true to override the block
  * @param string $page the "return" link
 static function adminAlbumGate($allow, $page)
     list($user, $name) = security_logger::populate_user();
     switch (getOption('logger_log_type')) {
         case 'all':
         case 'all_user':
             if (!$user) {
                 return $allow;
     if (!$allow) {
         security_logger::Logger(2, $user, $name, 'blocked_album', '', getRequestURI());
     return $allow;
Esempio n. 20
  * Prints html meta data to be used in the <head> section of a page
 static function getHTMLMetaData()
     global $_zp_gallery, $_zp_page, $_zp_current_album, $_zp_current_image, $_zp_current_search, $_zp_current_article, $_zp_current_page, $_zp_gallery_page, $_zp_current_category, $_zp_authority, $_zp_conf_vars, $_myFavorites;
     $host = sanitize("http://" . $_SERVER['HTTP_HOST']);
     $url = $host . getRequestURI();
     // Convert locale shorttag to allowed html meta format
     $locale_ = getUserLocale();
     $locale = zpFunctions::getLanguageText($locale_, '-');
     $canonicalurl = '';
     // generate page title, get date
     $pagetitle = "";
     // for gallery index setup below switch
     $date = strftime(DATE_FORMAT);
     // if we don't have a item date use current date
     $desc = getBareGalleryDesc();
     $thumb = '';
     if (getOption('htmlmeta_sitelogo')) {
         $thumb = getOption('htmlmeta_sitelogo');
     if (getOption('htmlmeta_og-image') || getOption('htmlmeta_twittercard')) {
         $ogimage_width = getOption('htmlmeta_ogimage_width');
         $ogimage_height = getOption('htmlmeta_ogimage_height');
         if (empty($ogimage_width)) {
             $ogimage_width = 1280;
         if (empty($ogimage_height)) {
             $ogimage_height = 900;
         $twittercard_type = 'summary';
     $type = 'article';
     switch ($_zp_gallery_page) {
         case 'index.php':
             $desc = getBareGalleryDesc();
             $canonicalurl = $host . $_zp_gallery->getLink($_zp_page);
             $type = 'website';
         case 'album.php':
         case 'favorites.php':
             $pagetitle = getBareAlbumTitle() . " - ";
             $date = getAlbumDate();
             $desc = getBareAlbumDesc();
             $canonicalurl = $host . $_zp_current_album->getLink($_zp_page);
             if (getOption('htmlmeta_og-image') || getOption('htmlmeta_twittercard')) {
                 $thumbimg = $_zp_current_album->getAlbumThumbImage();
                 getMaxSpaceContainer($ogimage_width, $ogimage_height, $thumbimg, false);
                 $thumb = $host . html_encode(pathurlencode($thumbimg->getCustomImage(NULL, $ogimage_width, $ogimage_height, NULL, NULL, NULL, NULL, false, NULL)));
                 $twittercard_type = 'summary_large_image';
         case 'image.php':
             $pagetitle = getBareImageTitle() . " (" . getBareAlbumTitle() . ") - ";
             $date = getImageDate();
             $desc = getBareImageDesc();
             $canonicalurl = $host . $_zp_current_image->getLink();
             if (getOption('htmlmeta_og-image') || getOption('htmlmeta_twittercard')) {
                 $thumb = $host . html_encode(pathurlencode(getCustomSizedImageMaxSpace($ogimage_width, $ogimage_height)));
                 $twittercard_type = 'summary_large_image';
         case 'news.php':
             if (function_exists("is_NewsArticle")) {
                 if (is_NewsArticle()) {
                     $pagetitle = getBareNewsTitle() . " - ";
                     $date = getNewsDate();
                     $desc = trim(getBare(getNewsContent()));
                     $canonicalurl = $host . $_zp_current_article->getLink();
                 } else {
                     if (is_NewsCategory()) {
                         $pagetitle = $_zp_current_category->getTitlelink() . " - ";
                         $date = strftime(DATE_FORMAT);
                         $desc = trim(getBare($_zp_current_category->getDesc()));
                         $canonicalurl = $host . $_zp_current_category->getLink($_zp_page);
                         $type = 'category';
                     } else {
                         $pagetitle = gettext('News') . " - ";
                         $desc = '';
                         $canonicalurl = $host . getNewsPathNav($_zp_page);
                         $type = 'website';
         case 'pages.php':
             $pagetitle = getBarePageTitle() . " - ";
             $date = getPageDate();
             $desc = trim(getBare(getPageContent()));
             $canonicalurl = $host . $_zp_current_page->getLink();
             // for all other possible static custom pages
             $custompage = stripSuffix($_zp_gallery_page);
             $standard = array('contact' => gettext('Contact'), 'register' => gettext('Register'), 'search' => gettext('Search'), 'archive' => gettext('Archive view'), 'password' => gettext('Password required'));
             if (is_object($_myFavorites)) {
                 $standard['favorites'] = gettext('My favorites');
             if (array_key_exists($custompage, $standard)) {
                 $pagetitle = $standard[$custompage] . " - ";
             } else {
                 $pagetitle = $custompage . " - ";
             $desc = '';
             $canonicalurl = $host . getCustomPageURL($custompage);
     // shorten desc to the allowed 200 characters if necesssary.
     $desc = html_encode(trim(substr(getBare($desc), 0, 160)));
     $pagetitle = $pagetitle . getBareGalleryTitle();
     // get master admin
     $admin = $_zp_authority->getMasterUser();
     $author = $admin->getName();
     $meta = '';
     if (getOption('htmlmeta_http-equiv-cache-control')) {
         $meta .= '<meta http-equiv="Cache-control" content="' . getOption("htmlmeta_cache_control") . '">' . "\n";
     if (getOption('htmlmeta_http-equiv-pragma')) {
         $meta .= '<meta http-equiv="pragma" content="' . getOption("htmlmeta_pragma") . '">' . "\n";
     if (getOption('htmlmeta_name-keywords')) {
         $meta .= '<meta name="keywords" content="' . htmlmetatags::getMetaKeywords() . '">' . "\n";
     if (getOption('htmlmeta_name-description')) {
         $meta .= '<meta name="description" content="' . $desc . '">' . "\n";
     if (getOption('htmlmeta_name-page-topic')) {
         $meta .= '<meta name="page-topic" content="' . $desc . '">' . "\n";
     if (getOption('htmlmeta_name-robots')) {
         $meta .= '<meta name="robots" content="' . getOption("htmlmeta_robots") . '">' . "\n";
     if (getOption('htmlmeta_name-publisher')) {
         $meta .= '<meta name="publisher" content="' . FULLWEBPATH . '">' . "\n";
     if (getOption('htmlmeta_name-creator')) {
         $meta .= '<meta name="creator" content="' . FULLWEBPATH . '">' . "\n";
     if (getOption('htmlmeta_name-author')) {
         $meta .= '<meta name="author" content="' . $author . '">' . "\n";
     if (getOption('htmlmeta_name-copyright')) {
         $meta .= '<meta name="copyright" content=" (c) ' . FULLWEBPATH . ' - ' . $author . '">' . "\n";
     if (getOption('htmlmeta_name-rights')) {
         $meta .= '<meta name="rights" content="' . $author . '">' . "\n";
     if (getOption('htmlmeta_name-generator')) {
         $meta .= '<meta name="generator" content="ZenPhoto20 ' . ZENPHOTO_VERSION . '">' . "\n";
     if (getOption('htmlmeta_name-revisit-after')) {
         $meta .= '<meta name="revisit-after" content="' . getOption("htmlmeta_revisit_after") . ' days">' . "\n";
     if (getOption('htmlmeta_name-expires')) {
         $expires = getOption("htmlmeta_expires");
         if ($expires == (int) $expires) {
             $expires = preg_replace('|\\s\\-\\d+|', '', date('r', time() + $expires)) . ' GMT';
         $meta .= '<meta name="expires" content="' . $expires . '">' . "\n";
     // OpenGraph meta
     if (getOption('htmlmeta_opengraph')) {
         $meta .= '<meta property="og:title" content="' . $pagetitle . '">' . "\n";
         if (!empty($thumb)) {
             $meta .= '<meta property="og:image" content="' . $thumb . '">' . "\n";
         $meta .= '<meta property="og:description" content="' . $desc . '">' . "\n";
         $meta .= '<meta property="og:url" content="' . html_encode($url) . '">' . "\n";
         $meta .= '<meta property="og:type" content="' . $type . '">' . "\n";
     // Social network extras
     if (getOption('htmlmeta_name-pinterest')) {
         $meta .= '<meta name="pinterest" content="nopin">' . "\n";
     // dissalow users to pin images on Pinterest
     // Twitter card
     $twittername = getOption('htmlmeta_twittername');
     if (getOption('htmlmeta_twittercard') || !empty($twittername)) {
         $meta .= '<meta name="twitter:creator" content="' . $twittername . '">' . "\n";
         $meta .= '<meta name="twitter:site" content="' . $twittername . '">' . "\n";
         $meta .= '<meta name="twitter:card" content="' . $twittercard_type . '">' . "\n";
         $meta .= '<meta name="twitter:title" content="' . $pagetitle . '">' . "\n";
         $meta .= '<meta name="twitter:description" content="' . $desc . '">' . "\n";
         if (!empty($thumb)) {
             $meta .= '<meta name="twitter:image" content="' . $thumb . '">' . "\n";
     // Canonical url
     if (getOption('htmlmeta_canonical-url')) {
         $meta .= '<link rel="canonical" href="' . $canonicalurl . '">' . "\n";
         if (METATAG_LOCALE_TYPE) {
             $langs = generateLanguageList();
             if (count($langs) != 1) {
                 if (METATAG_LOCALE_TYPE == 1) {
                     $locallink = seo_locale::localePath(false, $locale_);
                 } else {
                     $locallink = '';
                 foreach ($langs as $text => $lang) {
                     $langcheck = zpFunctions::getLanguageText($lang, '-');
                     //	for hreflang we need en-US
                     if ($langcheck != $locale) {
                         if (METATAG_LOCALE_TYPE == 1) {
                             $altlink = seo_locale::localePath(true, $lang);
                         } else {
                             $altlink = dynamic_locale::fullHostPath($lang);
                         switch ($_zp_gallery_page) {
                             case 'index.php':
                                 $altlink .= str_replace($locallink, '', $_zp_gallery->getLink($_zp_page));
                             case 'album.php':
                             case 'favorites.php':
                                 $altlink .= str_replace($locallink, '', $_zp_current_album->getLink($_zp_page));
                             case 'image.php':
                                 $altlink .= str_replace($locallink, '', $_zp_current_image->getLink());
                             case 'news.php':
                                 if (function_exists("is_NewsArticle")) {
                                     if (is_NewsArticle()) {
                                         $altlink .= str_replace($locallink, '', $_zp_current_article->getLink());
                                     } else {
                                         if (is_NewsCategory()) {
                                             $altlink .= str_replace($locallink, '', $_zp_current_category->getLink($_zp_page));
                                         } else {
                                             $altlink .= getNewsPathNav($_zp_page);
                             case 'pages.php':
                                 $altlink .= str_replace($locallink, '', $_zp_current_page->getLink());
                             case 'archive.php':
                                 $altlink .= getCustomPageURL('archive');
                             case 'search.php':
                                 $searchwords = $_zp_current_search->codifySearchString();
                                 $searchdate = $_zp_current_search->getSearchDate();
                                 $searchfields = $_zp_current_search->getSearchFields(true);
                                 $searchpagepath = getSearchURL($searchwords, $searchdate, $searchfields, $_zp_page, array('albums' => $_zp_current_search->getAlbumList()));
                                 $altlink .= $searchpagepath;
                             case 'contact.php':
                                 $altlink .= getCustomPageURL('contact');
                                 // for all other possible none standard custom pages
                                 $altlink .= getCustomPageURL($pagetitle);
                         // switch
                         $meta .= '<link rel="alternate" hreflang="' . $langcheck . '" href="' . html_encode($altlink) . '">' . "\n";
                     // if lang
                 // foreach
             // if count
         // if option
     // if canonical
     echo $meta;
Esempio n. 21
if (defined('VIEW_ALL_RIGHTS')) {
} else {
// If the auth variable gets set somehow before this, get rid of it.
$_zp_loggedin = false;
// we have the ssl marker cookie, normally we are already logged in
// but we need to redirect to ssl to retrive the auth cookie (set as secure).
if (zp_getCookie('zenphoto_ssl') && !secureServer()) {
    $redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI();
if (isset($_POST['login'])) {
    //	Handle the login form.
    if (secureServer()) {
        // https: set the 'zenphoto_ssl' marker for redirection
        zp_setCookie("zenphoto_ssl", "needed");
    $_zp_loggedin = $_zp_authority->handleLogon();
    if ($_zp_loggedin) {
        if (isset($_POST['redirect'])) {
            $redirect = sanitizeRedirect($_POST['redirect']);
            if (!empty($redirect)) {
                header("Location: " . $redirect);
Esempio n. 22
 * Prints the mail contact form, handles checks and the mail sending. It uses Zenphoto's check for valid e-mail address and website URL and also supports CAPTCHA.
 * The contact form itself is a separate file and is located within the /contact_form/form.php so that it can be style as needed.
 * @param string $subject_override set to override the subject.
function printContactForm($subject_override = '')
    global $_zp_UTF8, $_zp_captcha, $_processing_post, $_zp_current_admin_obj;
    $error = array();
    if (isset($_POST['sendmail'])) {
        $mailcontent = array();
        $mailcontent['title'] = getField('title');
        $mailcontent['name'] = getField('name');
        $mailcontent['honeypot'] = getField('username');
        $mailcontent['company'] = getField('company');
        $mailcontent['street'] = getField('street');
        $mailcontent['city'] = getField('city');
        $mailcontent['state'] = getField('state');
        $mailcontent['postal'] = getField('postal');
        $mailcontent['country'] = getField('country');
        $mailcontent['email'] = getField('email');
        $mailcontent['website'] = getField('website');
        $mailcontent['phone'] = getField('phone');
        $mailcontent['subject'] = getField('subject');
        $mailcontent['message'] = getField('message', 1);
        // if you want other required fields or less add/modify their checks here
        if (getOption('contactform_title') == "required" && empty($mailcontent['title'])) {
            $error[1] = gettext("a title");
        if (getOption('contactform_name') == "required" && empty($mailcontent['name'])) {
            $error[2] = gettext("a name");
        if (getOption('contactform_company') == "required" && empty($mailcontent['company'])) {
            $error[3] = gettext("a company");
        if (getOption('contactform_street') == "required" && empty($mailcontent['street'])) {
            $error[4] = gettext("a street");
        if (getOption('contactform_city') == "required" && empty($mailcontent['city'])) {
            $error[5] = gettext("a city");
        if (getOption('contactform_state') == "required" && empty($mailcontent['state'])) {
            $error[5] = gettext("a state");
        if (getOption('contactform_postal') == "required" && empty($mailcontent['postal'])) {
            $error[5] = gettext("a postal code");
        if (getOption('contactform_country') == "required" && empty($mailcontent['country'])) {
            $error[6] = gettext("a country");
        if (getOption('contactform_email') == "required" && (empty($mailcontent['email']) || !is_valid_email_zp($mailcontent['email']))) {
            $error[7] = gettext("a valid email address");
        if (getOption('contactform_website') == "required" && empty($mailcontent['website'])) {
            $error[8] = gettext('a website');
        } else {
            if (!empty($mailcontent['website'])) {
                if (substr($mailcontent['website'], 0, 7) != "http: //") {
                    $mailcontent['website'] = "http://" . $mailcontent['website'];
        if (getOption("contactform_phone") == "required" && empty($mailcontent['phone'])) {
            $error[9] = gettext("a phone number");
        if (empty($mailcontent['subject'])) {
            $error[10] = gettext("a subject");
        if (empty($mailcontent['message'])) {
            $error[11] = gettext("a message");
        // CAPTCHA start
        if (getOption("contactform_captcha")) {
            $code_ok = trim(sanitize(isset($_POST['code_h']) ? $_POST['code_h'] : NULL));
            $code = trim(sanitize(isset($_POST['code']) ? $_POST['code'] : NULL));
            if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
                $error[5] = gettext("the correct CAPTCHA verification code");
            // no ticket
        // CAPTCHA end
        // If required fields are empty or not valide print note
        if (count($error) != 0) {
			<div class="errorbox">
            $err = $error;
            switch (count($err)) {
                case 1:
                    printf(gettext('Please enter %s. Thanks.'), array_shift($err));
                case 2:
                    printf(gettext('Please enter %1$s and %2$s. Thanks.'), array_shift($err), array_shift($err));
                    $list = '<ul class="errorlist">';
                    foreach ($err as $item) {
                        $list .= '<li>' . $item . '</li>';
                    $list .= '</ul>';
                    printf(gettext('Please enter: %sThanks.'), $list);
        } else {
            $mailaddress = $mailcontent['email'];
            $name = $mailcontent['name'];
            $subject = $mailcontent['subject'] . " (" . getBareGalleryTitle() . ")";
            $message = '';
            if (!empty($mailcontent['title'])) {
                $message .= $mailcontent['title'] . "\n";
            if (!empty($mailcontent['name'])) {
                $message .= $mailcontent['name'] . "\n";
            if (!empty($mailcontent['email'])) {
                $message .= $mailcontent['email'] . "\n";
            if (!empty($mailcontent['company'])) {
                $message .= $mailcontent['company'] . "\n";
            if (!empty($mailcontent['street'])) {
                $message .= $mailcontent['street'] . "\n";
            if (!empty($mailcontent['city'])) {
                $message .= $mailcontent['city'] . "\n";
            if (!empty($mailcontent['state'])) {
                $message .= $mailcontent['state'] . "\n";
            if (!empty($mailcontent['postal'])) {
                $message .= $mailcontent['postal'] . "\n";
            if (!empty($mailcontent['country'])) {
                $message .= $mailcontent['country'] . "\n";
            if (!empty($mailcontent['phone'])) {
                $message .= $mailcontent['phone'] . "\n";
            if (!empty($mailcontent['website'])) {
                $message .= $mailcontent['website'] . "\n";
            $message .= "\n\n" . $mailcontent['message'];
            $message .= "\n\n";
            if (getOption('contactform_confirm')) {
                echo get_language_string(getOption("contactform_confirmtext"));
                if (getOption('contactform_sendcopy')) {
                    echo get_language_string(getOption("contactform_sendcopy_text"));
                $_processing_post = true;
                include getPlugin('contact_form/form.php', true);
					<form id="confirm" action="<?php 
                echo html_encode(getRequestURI());
" method="post" accept-charset="UTF-8" style="float: left">
						<input type="hidden" id="confirm" name="confirm" value="confirm" />
						<input type="hidden" id="name" name="name"	value="<?php 
                echo html_encode($name);
" />
						<input type="hidden" id="subject" name="subject"	value="<?php 
                echo html_encode($subject);
" />
						<input type="hidden" id="message"	name="message" value="<?php 
                echo html_encode($message);
" />
						<input type="hidden" id="mailaddress" name="mailaddress" value="<?php 
                echo html_encode($mailaddress);
" />
      <input type="text" id="username" name="username" value="<?php 
                echo html_encode($mailcontent['honeypot']);
" style="display: none" />
						<input type="submit" value="<?php 
                echo gettext("Confirm");
" />
					<form id="discard" action="<?php 
                echo html_encode(getRequestURI());
" method="post" accept-charset="UTF-8">
						<input type="hidden" id="discard" name="discard" value="discard" />
						<input type="submit" value="<?php 
                echo gettext("Discard");
" />
            } else {
                // simulate confirmation action
                $_POST['confirm'] = true;
                $_POST['subject'] = $subject;
                $_POST['message'] = $message;
                $_POST['mailaddress'] = $mailaddress;
                $_POST['name'] = $name;
    if (isset($_POST['confirm'])) {
        $subject = sanitize($_POST['subject']);
        $message = sanitize($_POST['message'], 1);
        $mailaddress = sanitize($_POST['mailaddress']);
        $honeypot = sanitize($_POST['username']);
        $name = sanitize($_POST['name']);
        $mailinglist = explode(';', getOption("contactform_mailaddress"));
        if (getOption('contactform_sendcopy')) {
            $sendcopy = array($name => $mailaddress);
        } else {
            $sendcopy = NULL;
        // If honeypot was triggered, silently don't send the message
        $err_msg = false;
        if (empty($honeypot)) {
            $err_msg = zp_mail($subject, $message, $mailinglist, $sendcopy, NULL, array($name => $mailaddress));
        if ($err_msg) {
            $msgs = explode('.', $err_msg);
            //	the "mail send failed" text
            //	a trailing empty one
			<div class="errorbox">
            echo ngettext('Error sending mail:', 'Errors sending mail:', count($msgs));
				<ul class="errorlist">
            foreach ($msgs as $line) {
                echo '<li>' . trim($line) . '</li>';
        } else {
            echo get_language_string(getOption("contactform_thankstext"));
        echo '<p><a  href="?again">' . get_language_string(getOption('contactform_newmessagelink')) . '</a></p>';
    } else {
        if (count($error) <= 0) {
            if (zp_loggedin()) {
                $mailcontent = array('title' => '', 'name' => $_zp_current_admin_obj->getName(), 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'postal' => '', 'email' => $_zp_current_admin_obj->getEmail(), 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => '', 'honeypot' => '');
                if (extensionEnabled('comment_form')) {
                    $address = getSerializedArray($_zp_current_admin_obj->getCustomData());
                    foreach ($address as $key => $field) {
                        $mailcontent[$key] = $field;
            } else {
                $mailcontent = array('title' => '', 'name' => '', 'company' => '', 'street' => '', 'city' => '', 'st ate' => '', 'country' => '', 'email' => '', 'postal' => '', 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => '', 'honeypot' => '');
        echo get_language_string(getOption("contactform_introtext"));
        if (getOption('contactform_sendcopy')) {
            echo get_language_string(getOption("contactform_sendcopy_text"));
        $_processing_post = false;
        include getPlugin('contact_form/form.php', true);
Esempio n. 23
 * produce debugging information on 404 errors
 * @param string $album
 * @param string $image
 * @param string $theme
function debug404($album, $image, $theme)
    if (DEBUG_404) {
        $list = explode('/', $album);
        if (array_shift($list) == 'cache') {
        $ignore = array('/favicon.ico', '/zp-data/tést.jpg');
        $target = getRequestURI();
        foreach ($ignore as $uri) {
            if ($target == $uri) {
        $server = array();
        foreach (array('REQUEST_URI', 'HTTP_REFERER', 'REMOTE_ADDR', 'REDIRECT_STATUS') as $key) {
            $server[$key] = @$_SERVER[$key];
        $request = $_REQUEST;
        $request['theme'] = $theme;
        if (!empty($image)) {
            $request['image'] = $image;
        trigger_error(sprintf(gettext('Zenphoto processed a 404 error on %s. See the debug log for details.'), $target), E_USER_NOTICE);
        $server = preg_replace('~array\\s*\\(.*\\)\\s*~', '', html_decode(getBare(ob_get_contents())));
        $request['theme'] = $theme;
        if (!empty($image)) {
            $request['image'] = $image;
        $request = preg_replace('~array\\s*\\(.*\\)\\s*~', '', html_decode(getBare(ob_get_contents())));
        debugLog("404 error details\n" . $server . $request);
Esempio n. 24
 * Prints a list of all pages.
 * @param string $prevtext Insert here the linktext like 'previous page'
 * @param string $menuset current menu set
 * @param string $menuset current menu set
 * @param string $class the css class to use, "pagelist" by default
 * @param string $nextprev set to true to get the 'next' and 'prev' links printed
 * @param string $id the css id to use
 * @param bool $firstlast Add links to the first and last pages of you gallery
 * @param int $navlen Number of navigation links to show (0 for all pages). Works best if the number is odd.
function printMenuemanagerPageListWithNav($prevtext, $nexttext, $menuset = 'default', $class = 'pagelist', $nextprev = true, $id = NULL, $firstlast = true, $navlen = 9)
    $currentitem = getMenuFromLink(html_encode(urldecode(getRequestURI())), $menuset);
    if (is_null($currentitem)) {
    // we are not in menuset
    $orders = explode('-', $currentitem['sort_order']);
    $lookfor = implode('-', $orders) . '-';
    $sql = 'SELECT `sort_order` FROM ' . prefix('menu') . ' WHERE `sort_order` LIKE "' . $lookfor . '%" ORDER BY `sort_order` ASC';
    $result = query_full_array($sql, false, 'sort_order');
    if (is_array($result)) {
        $l = strlen($lookfor) + 3;
        foreach ($result as $key => $item) {
            // discard next level items
            if (strlen($key) > $l) {
        $itemlist = array_keys($result);
        $total = count($itemlist);
        $current = array_search($currentitem['sort_order'], $itemlist) + 1;
        if ($total < 2) {
            $class .= ' disabled_nav';
        if ($navlen == 0) {
            $navlen = $total;
        $extralinks = 2;
        if ($firstlast) {
            $extralinks = $extralinks + 2;
        $len = floor(($navlen - $extralinks) / 2);
        $j = max(round($extralinks / 2), min($current - $len - (2 - round($extralinks / 2)), $total - $navlen + $extralinks - 1));
        $ilim = min($total, max($navlen - round($extralinks / 2), $current + floor($len)));
        $k1 = round(($j - 2) / 2) + 1;
        $k2 = $total - round(($total - $ilim) / 2);
        $items = getMenuItems($menuset, getMenuVisibility());
        echo "<div" . ($id ? " id=\"{$id}\"" : "") . " class=\"{$class}\">\n";
        echo "<ul class=\"{$class}\">\n";
        if ($nextprev) {
            echo "<li class=\"prev\">";
            printMenumanagerPrevLink($prevtext, $menuset, $prevtext, gettext("Previous Page"));
            echo "</li>\n";
        if ($firstlast) {
            echo '<li class="' . ($current == 1 ? 'current' : 'first') . '">';
            $itemarray = getItemTitleAndURL($items[$itemlist[0]]);
            printLinkHTML($itemarray['url'], 1, gettext("Page 1"));
            echo "</li>\n";
            if ($j > 2) {
                echo "<li>";
                $itemarray = getItemTitleAndURL($items[$itemlist[$k1 - 1]]);
                printLinkHTML($itemarray['url'], $j - 1 > 2 ? '...' : $k1, sprintf(ngettext('Page %u', 'Page %u', $k1), $k1));
                echo "</li>\n";
        for ($i = $j; $i <= $ilim; $i++) {
            echo "<li" . ($i == $current ? " class=\"current\"" : "") . ">";
            $itemarray = getItemTitleAndURL($items[$itemlist[$i - 1]]);
            if ($i == $current) {
                $title = sprintf(ngettext('Page %1$u (Current Page)', 'Page %1$u (Current Page)', $i), $i);
            } else {
                $title = sprintf(ngettext('Page %1$u', 'Page %1$u', $i), $i);
            printLinkHTML($itemarray['url'], $i, $title);
            echo "</li>\n";
        if ($i < $total) {
            echo "<li>";
            $itemarray = getItemTitleAndURL($items[$itemlist[$k2 - 1]]);
            printLinkHTML($itemarray['url'], $total - $i > 1 ? '...' : $k2, sprintf(ngettext('Page %u', 'Page %u', $k2), $k2));
            echo "</li>\n";
        if ($firstlast && $i <= $total) {
            echo "\n  <li class=\"last\">";
            $itemarray = getItemTitleAndURL($items[$itemlist[$total - 1]]);
            printLinkHTML($itemarray['url'], $total, sprintf(ngettext('Page {%u}', 'Page {%u}', $total), $total));
            echo "</li>";
        if ($nextprev) {
            echo "<li class=\"next\">";
            printMenumanagerNextLink($nexttext, gettext("Next Page"));
            echo "</li>\n";
        echo "</ul>\n";
        echo "</div>\n";
Esempio n. 25

 * Form for contact_form plugin
 * @package plugins
<form id="mailform" action="<?php 
echo html_encode(getRequestURI());
" method="post" accept-charset="UTF-8">
	<input type="hidden" id="sendmail" name="sendmail" value="sendmail" />
$star = '<strong>*</strong>';
if (showOrNotShowField(getOption('contactform_title'))) {
			<label for="title"><?php 
    printf(gettext("Title%s"), checkRequiredField(getOption('contactform_title')));
			<input type="text" id="title" name="title" size="50" value="<?php 
    echo html_encode($mailcontent['title']);
    if ($_processing_post) {
        echo ' disabled="disabled"';
Esempio n. 26

/*	zpBase simple social sharing include 
*	This file is included on a page to show social sharing links, if set in options
================================================== */
$host = sanitize("http://" . $_SERVER['HTTP_HOST']);
$url = $host . getRequestURI();
$fb_url = '' . $url;
$tw_url = '' . $url;
$g_url = '' . $url;

<span id="social-share">
echo gettext('Share: ');
	<a target="_blank" class="share fb" href="<?php 
echo $fb_url;
" title="<?php 
echo gettext('Share on Facebook');
	, <a target="_blank" class="share tw" href="<?php 
echo $tw_url;
" title="<?php 
echo gettext('Share on Twitter');
function errorLogin($errormsg = null, $errorurl = null, $EOS = null)
    if ($errormsg == null) {
        global $lang;
        $errormsg = array($lang->phrase('not_allowed'));
    } elseif (!is_array($errormsg)) {
        $errormsg = array($errormsg);
    if ($errorurl == null) {
        $errorurl = htmlspecialchars(getRequestURI());
    general_message('not_allowed', 'errorlogin', $errormsg, $errorurl, $EOS);
Esempio n. 28
     * Prints the RSS feed xml
    public function printFeed()
        global $_zp_gallery;
        $feeditems = $this->getitems();
        //NOTE: feeditems are complete HTML so necessarily must have been properly endoded by the server function!
        if (is_array($feeditems)) {
            header('Content-Type: application/xml');
            echo '<?xml-stylesheet type="text/css" href="' . WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/rss/rss.css" ?>' . "\n";
			<rss version="2.0" xmlns:atom="" xmlns:media="">
            echo $this->channel_title;
            echo PROTOCOL . '://' . $this->host . WEBPATH;
					<atom:link href="<?php 
            echo PROTOCOL;
            echo $this->host;
            echo html_encode(getRequestURI());
" rel="self"	type="application/rss+xml" />
            echo getBare($_zp_gallery->getDesc($this->locale));
            echo $this->locale_xml;
            echo date("r", time());
            echo date("r", time());
					<generator>Zenphoto RSS Generator</generator>
            foreach ($feeditems as $feeditem) {
                switch ($this->feedtype) {
                    case 'gallery':
                        $item = $this->getItemGallery($feeditem);
                    case 'news':
                        $item = $this->getItemNews($feeditem);
                    case 'pages':
                        $item = $this->getitemPages($feeditem, getOption('RSS_truncate_length'));
                    case 'comments':
                        $item = $this->getitemComments($feeditem);
                        $item = $feeditem;
                echo $item['title'];
                echo html_encode($item['link']);
                echo $item['desc'];
                if (!empty($item['enclosure'])) {
                    echo $item['enclosure'];
                    //prints xml as well
                if (!empty($item['category'])) {
                    echo $item['category'];
                if (!empty($item['media_content'])) {
                    echo $item['media_content'];
                    //prints xml as well
                if (!empty($item['media_thumbnail'])) {
                    echo $item['media_thumbnail'];
                    //prints xml as well
                echo html_encode($item['link']);
                echo html_encode($item['pubdate']);
            // foreach
Esempio n. 29
     * Print the login form for ZP. This will take into account whether mod_rewrite is enabled or not.
     * @param string $redirect URL to return to after login
     * @param bool $logo set to true to display the ADMIN zenphoto logo.
     * @param bool $showUserField set to true to display the user input
     * @param bool $showCaptcha set to false to not display the forgot password captcha.
     * @param string $hint optional hint for the password
    function printLoginForm($redirect = null, $logo = true, $showUserField = true, $showCaptcha = true, $hint = '')
        global $_zp_login_error, $_zp_captcha, $_zp_gallery;
        if (is_null($redirect)) {
            $redirect = getRequestURI();
        if (is_null($showUserField)) {
            $showUserField = $_zp_gallery->getUserLogonField();
        $cycle = sanitize_numeric(@$_GET['cycle']) + 1;
        if (isset($_POST['user'])) {
            $requestor = sanitize($_POST['user'], 0);
        } else {
            $requestor = '';
        if (empty($requestor)) {
            if (isset($_GET['ref'])) {
                $requestor = sanitize($_GET['ref']);
        $alt_handlers = zp_apply_filter('alt_login_handler', array());
        $star = false;
        $mails = array();
        $info = array('challenge' => '', 'response' => '');
        if (!empty($requestor)) {
            if ($admin = $this->getAnAdmin(array('`user`=' => $requestor, '`valid`=' => 1))) {
                $info = $admin->getChallengePhraseInfo();
            } else {
                $info = array('challenge' => '');
            if (empty($info['challenge']) || $cycle > 2 && $cycle % 5 != 1) {
                $locale = getUserLocale();
                $questions = array();
                foreach (getSerializedArray(getOption('challenge_foils')) as $question) {
                    $questions[] = get_language_string($question);
                $rslt = query('SELECT `challenge_phrase`,`language` FROM ' . prefix('administrators') . ' WHERE `challenge_phrase` IS NOT NULL');
                while ($row = db_fetch_assoc($rslt)) {
                    if (is_null($row['language']) || $row['language'] == $locale) {
                        $q = getSerializedArray($row['challenge_phrase']);
                        $questions[] = $q['challenge'];
                $questions = array_unique($questions);
                $info = array('challenge' => $questions[$cycle % count($questions)], 'response' => 0x0);
            } else {
                if ($admin->getEmail()) {
                    $star = $showCaptcha;
        if (!$star) {
            $admins = $this->getAdministrators();
            while (count($admins) > 0) {
                $user = array_shift($admins);
                if ($user['email']) {
                    $star = $showCaptcha;
        $whichForm = sanitize(@$_REQUEST['logon_step']);
		<div id="loginform">
        if ($logo) {
					<img src="<?php 
            echo WEBPATH . '/' . ZENFOLDER;
/images/zen-logo.png" title="ZenPhoto" alt="ZenPhoto" />
        switch ($_zp_login_error) {
            case 1:
					<div class="errorbox" id="message"><h2><?php 
                echo gettext("There was an error logging in.");
                if ($showUserField) {
                    echo gettext("Check your username and password and try again.");
                } else {
                    echo gettext("Check password and try again.");
            case 2:
					<div class="messagebox fade-message">
                echo gettext("A reset request has been sent.");
                if (!empty($_zp_login_error)) {
						<div class="errorbox fade-message">
                    echo $_zp_login_error;
        switch ($whichForm) {
            case 'challenge':
					<form name="login" action="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/admin.php" method="post">
						<fieldset id="logon_box">
							<input type="hidden" name="login" value="1" />
							<input type="hidden" name="password" value="challenge" />
							<input type="hidden" name="redirect" value="<?php 
                echo html_encode(pathurlencode($redirect));
" />
                echo gettext('User');
								<input class="textfield" name="user" id="user" type="text" size="35" value="<?php 
                echo html_encode($requestor);
" />
                if ($requestor) {
								<p class="logon_form_text"><?php 
                    echo gettext('Supply the correct response to the question below and you will be directed to a page where you can change your password.');
                    echo gettext('Challenge question:');
                    echo html_encode($info['challenge']);
                    echo gettext('Your response');
									<input class="textfield" name="pass" id="pass" type="text" size="35" />
								<br />
                } else {
								<p class="logon_form_text">
                    echo gettext('Enter your User ID and press <code>Refresh</code> to get your challenge question.');
							<div class="buttons">
								<button type="submit" value="<?php 
                echo gettext("Submit");
                if (!$info['challenge']) {
                    echo ' disabled="disabled"';
 ><img src="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/images/pass.png" alt="" /><?php 
                echo gettext("Submit");
								<button type="button" value="<?php 
                echo gettext("Refresh");
" id="challenge_refresh" onclick="launchScript('<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/admin.php', ['logon_step=challenge', 'ref=' + $('#user').val(), 'cycle=<?php 
                echo $cycle;
']);" ><img src="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/images/refresh.png" alt="" /><?php 
                echo gettext("Refresh");
								<button type="button" value="<?php 
                echo gettext("Return");
" onclick="launchScript('<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/admin.php', ['logon_step=', 'ref=' + $('#user').val(), 'cycle=<?php 
                echo $cycle;
']);" ><img src="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/images/refresh.png" alt="" /><?php 
                echo gettext("Return");
							<br class="clearall" />
						<br />
                if ($star) {
							<p class="logon_link">
								<a href="javascript:launchScript('<?php 
                    echo WEBPATH . '/' . ZENFOLDER;
/admin.php',['logon_step=captcha', 'ref='+$('#user').val()]);" >
                    echo gettext('Request reset by e-mail');
                if (empty($alt_handlers)) {
                    $legend = gettext('Login');
                } else {
						<script type="text/javascript">
							// <!-- <![CDATA[
							var handlers = [];
                    $list = '<select id="logon_choices" onchange="changeHandler(handlers[$(this).val()]);">' . '<option value="0">' . html_encode(get_language_string($_zp_gallery->getTitle())) . '</option>';
                    $c = 0;
                    foreach ($alt_handlers as $handler => $details) {
                        $details['params'][] = 'redirect=' . $redirect;
                        if (!empty($requestor)) {
                            $details['params'][] = 'requestor=' . $requestor;
                        echo "handlers[" . $c . "]=['" . $details['script'] . "','" . implode("','", $details['params']) . "'];";
                        $list .= '<option value="' . $c . '">' . $handler . '</option>';
                    $list .= '</select>';
                    $legend = sprintf(gettext('Logon using:%s'), $list);
							function changeHandler(handler) {
								var script = handler.shift();
								launchScript(script, handler);
							// ]]> -->
                $redirect = zp_apply_filter('login_redirect_link', $redirect);
					<form name="login" action="<?php 
                echo html_encode(pathurlencode($redirect));
" method="post">
						<input type="hidden" name="login" value="1" />
						<input type="hidden" name="password" value="1" />
						<input type="hidden" name="redirect" value="<?php 
                echo html_encode(pathurlencode($redirect));
" />
						<fieldset id="logon_box"><legend><?php 
                echo $legend;
                if ($showUserField) {
                    //	requires a "user" field
                    echo gettext("User");
									<input class="textfield" name="user" id="user" type="text" size="35" value="<?php 
                    echo html_encode($requestor);
" />
                echo gettext("Password");
								<input class="textfield" name="pass" id="pass" type="password" size="35" /><br />
								<label><input type="checkbox" name="disclose_password" id="disclose_password" onclick="togglePassword('');" /><?php 
                echo gettext('Show password');
							<br />
							<div class="buttons">
								<button type="submit" value="<?php 
                echo gettext("Log in");
" ><img src="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/images/pass.png" alt="" /><?php 
                echo gettext("Log in");
								<button type="reset" value="<?php 
                echo gettext("Reset");
" ><img src="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/images/reset.png" alt="" /><?php 
                echo gettext("Reset");
							<br class="clearall" />
                if ($hint) {
                    echo '<p>' . $hint . '</p>';
                if ($showUserField && OFFSET_PATH != 2) {
						<p class="logon_link">
							<a href="javascript:launchScript('<?php 
                    echo WEBPATH . '/' . ZENFOLDER;
/admin.php',['logon_step=challenge', 'ref='+$('#user').val()]);" >
                    echo gettext('I forgot my <strong>User ID</strong>/<strong>Password</strong>');
            case 'captcha':
                $captcha = $_zp_captcha->getCaptcha(NULL);
					<form name="login" action="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/admin.php" method="post">
                if (isset($captcha['hidden'])) {
                    echo $captcha['hidden'];
						<input type="hidden" name="login" value="1" />
						<input type="hidden" name="password" value="captcha" />
						<input type="hidden" name="redirect" value="<?php 
                echo html_encode(pathurlencode($redirect));
" />
						<fieldset id="logon_box">
                echo gettext('User');
								<input class="textfield" name="user" id="user" type="text" value="<?php 
                echo html_encode($requestor);
" />
                if (isset($captcha['html'])) {
                    echo $captcha['html'];
                if (isset($captcha['input'])) {
                    echo gettext("Enter CAPTCHA");
                    echo $captcha['input'];
							<br />
							<div class="buttons">
								<button type="submit" value="<?php 
                echo gettext("Request");
" ><img src="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/images/pass.png" alt="" /><?php 
                echo gettext("Request password reset");
								<button type="button" value="<?php 
                echo gettext("Return");
" onclick="launchScript('<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/admin.php', ['logon_step=', 'ref=' + $('#user').val()]);" ><img src="<?php 
                echo WEBPATH . '/' . ZENFOLDER;
/images/refresh.png" alt="" /><?php 
                echo gettext("Return");
							<br class="clearall" />
Esempio n. 30
     * places a selector so a user may change thems
     * @param string $text link text
    static function controlLink($textIn = NULL)
        global $_zp_gallery, $_themeSwitcherThemelist, $_zp_gallery_page;
        if (self::active()) {
            $themes = array();
            foreach ($_zp_gallery->getThemes() as $theme => $details) {
                if ($_themeSwitcherThemelist[$theme]) {
                    if (getPlugin($_zp_gallery_page, $theme)) {
                        $themes[$details['name']] = $theme;
            $text = $textIn;
            if (empty($text)) {
                $text = gettext('Theme');
            $reloc = pathurlencode(trim(preg_replace('~themeSwitcher=.*?&~', '', getRequestURI() . '&'), '?&'));
            if (strpos($reloc, '?')) {
                $reloc .= '&themeSwitcher=%t';
            } else {
                $reloc .= '?themeSwitcher=%t';
            $theme = $_zp_gallery->getCurrentTheme();
			<span class="themeSwitcherControlLink">
				<span title="<?php 
            echo gettext("Themes will not show in this list if selecting them would result in a “not found” error.");
            echo $text;
					<select name="themeSwitcher" id="themeSwitcher" onchange="switchTheme('<?php 
            echo html_encode($reloc);
            generateListFromArray(array($theme), $themes, false, true);
            zp_apply_filter('themeSwitcher_Controllink', $theme);
        return $textIn;