/**
* @return array
*/
private static function pathAuthConfig()
{
if (self::$pathAuthConfig === null) {
self::$pathAuthConfig = loadPicFile("helpers/pathauthconfig.php");
}
return self::$pathAuthConfig;
}
/**
* @param string $filename
* @param array $vars
*/
function loadPicTemplate($filename, array $vars = array())
{
if (isset($_GET["templates"]) && $_GET["templates"] == 1) {
$template = loadPicFile($filename, $vars, true);
loadPicFile("classes/jstemplatebuilder.php");
loadPicFile("helpers/jstemplates.php", array("template" => $template));
} else {
header("Content-type: text/html; charset=UTF-8");
loadPicFile($filename, $vars);
}
exit;
}
/**
* @param array $config
*/
public static function create(array $config)
{
$conn = loadPicFile("db/sqlite.php", array("config" => $config));
$conn->exec("CREATE TABLE system (\n key TEXT NOT NULL,\n value TEXT NOT NULL\n )");
$conn->exec("CREATE TABLE users (\n id INTEGER PRIMARY KEY NOT NULL,\n name TEXT NOT NULL,\n username TEXT UNIQUE NOT NULL,\n password TEXT NOT NULL\n )");
$conn->exec("CREATE TABLE groups (\n id INTEGER PRIMARY KEY NOT NULL,\n name TEXT UNIQUE NOT NULL\n )");
$conn->exec("CREATE TABLE group_memberships (\n id INTEGER PRIMARY KEY NOT NULL,\n group_id INTEGER NOT NULL,\n user_id INTEGER NOT NULL,\n FOREIGN KEY (group_id) REFERENCES groups (id) ON DELETE CASCADE ON UPDATE CASCADE,\n FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE,\n UNIQUE (group_id, user_id)\n )");
$conn->exec("CREATE TABLE paths (\n id INTEGER PRIMARY KEY NOT NULL,\n name TEXT NOT NULL,\n path TEXT NOT NULL,\n sort_order INTEGER NOT NULL DEFAULT 1\n )");
$conn->exec("CREATE TABLE path_permissions (\n id INTEGER PRIMARY KEY NOT NULL,\n path_id INTEGER NOT NULL,\n permission TEXT NOT NULL,\n FOREIGN KEY (path_id) REFERENCES paths (id) ON DELETE CASCADE ON UPDATE CASCADE,\n UNIQUE (path_id, permission)\n )");
$conn->exec("CREATE TABLE path_access (\n id INTEGER PRIMARY KEY NOT NULL,\n path_id INTEGER NOT NULL,\n auth_type TEXT NOT NULL CHECK (auth_type IN ('allow', 'deny')),\n id_type TEXT NOT NULL CHECK (id_type IN ('users', 'groups')),\n auth_id INTEGER NOT NULL,\n FOREIGN KEY (path_id) REFERENCES paths (id) ON DELETE CASCADE ON UPDATE CASCADE,\n UNIQUE (path_id, auth_type, id_type, auth_id)\n )");
$conn->exec("CREATE TABLE shares (\n id INTEGER PRIMARY KEY NOT NULL,\n share_id TEXT UNIQUE NOT NULL,\n path_id INTEGER NOT NULL,\n files TEXT NOT NULL,\n FOREIGN KEY (path_id) REFERENCES paths (id) ON DELETE CASCADE ON UPDATE CASCADE,\n UNIQUE (path_id, files)\n )");
$conn->exec("INSERT INTO system (key, value) VALUES ('version', '" . VERSION . "')");
}
}
require BASE_PATH . "main/bootstrap-base.php";
loadPicFile("classes/cli.php");
PicCLI::initCLI();
PicCLI::initGetopt(array("dbtype:", "appname:", "cachedir:", "asset-baseurl:", "script-baseurl:", "webroot:"));
$io = PicCLI::getIO();
if (!is_writeable(BASE_PATH . "/conf")) {
$io->errln("Current user must have permission to write to conf directory.");
exit(PicCLI::EXIT_FAIL);
}
$dbType = PicCLI::getGetopt("--dbtype");
if (!file_exists(BASE_PATH . "helpers/install/db.{$dbType}.php")) {
$io->errln("You must specify a supported database type.");
exit(PicCLI::EXIT_USAGE);
}
$appConf = loadPicFile("helpers/install/appconf.php");
loadPicFile("helpers/install/db.{$dbType}.php");
$dbConf = array("type" => $dbType, "config" => PicDBInstall::configure());
$webroot = loadPicFile("helpers/install/webroot.php");
$webEntryTemplate = '<?php
define("BASE_PATH", "%s");
require(BASE_PATH . "entry/web.php");';
file_put_contents(BASE_PATH . "/conf/app.json", json_encode($appConf, JSON_PRETTY_PRINT));
file_put_contents(BASE_PATH . "/conf/db.json", json_encode($dbConf, JSON_PRETTY_PRINT));
if ($webroot) {
$webroot = rtrim($webroot, "/");
file_put_contents($webroot . $appConf["constants"]["SCRIPT_BASE_URL"], sprintf($webEntryTemplate, BASE_PATH));
symlink(BASE_PATH . "assets", $webroot . rtrim($appConf["constants"]["ASSET_BASE_URL"], "/"));
}
PicDBInstall::create($dbConf["config"]);
PicCLI::success();
public static function initDB()
{
$dbConf = loadPicFile("conf/db.json");
self::$queryFactory = new QueryFactory($dbConf["type"], QueryFactory::COMMON);
self::$conn = loadPicFile("helpers/db/" . $dbConf["type"] . ".php", array("config" => $dbConf["config"]));
}
<?php
$fullFilename = loadPicFile("helpers/checkfilepath.php");
list($normalisedExtension, $mimeType) = loadPicFile("helpers/checkimagetype.php", array("filename" => $fullFilename));
$imageSizes = loadPicFile("conf/app.json")["image_sizes"];
if (empty($_POST["size"]) || !in_array($_POST["size"], array_keys($imageSizes))) {
$imageSize = $imageSizes["medium"];
} else {
$imageSize = $imageSizes[$_POST["size"]];
}
$path = Access::getCurrentPath();
$image = PicImage::open($fullFilename);
$image->cropResize($imageSize["width"], $imageSize["height"]);
$image->fixOrientation();
$imageData = $image->cacheData($normalisedExtension);
header("Content-type: {$mimeType}");
loadPicFile("classes/exif.php");
$exif = Exif::read($fullFilename);
if ($path->hasPermission("metadata") && $exif) {
header("X-Pictorials-Pic-Metadata: " . json_encode(array_filter(array("date_taken" => $exif->getCreationDate() ? $exif->getCreationDate()->format("Y-m-d") : null, "exposure" => $exif->getExposure(), "iso" => $exif->getIso(), "focal_length" => $exif->getFocalLength()))));
}
if ($path->hasPermission("gps") && $exif) {
if ($gpsCoords = $exif->getGPS()) {
list($gpsLat, $gpsLon) = explode(",", $gpsCoords);
header("X-Pictorials-Pic-GPS: " . json_encode(array("lat" => (double) $gpsLat, "lon" => (double) $gpsLon)));
}
}
echo $imageData;
<?php
$imageTypes = loadPicFile("conf/app.json")["image_types"];
$allImageTypes = array();
foreach ($imageTypes as $imageType) {
$allImageTypes = array_merge($allImageTypes, array_merge([$imageType], MrMime::getOtherExtensions($imageType)));
}
return array_map("strtolower", $allImageTypes);
sendError(400);
}
if ($_GET["share"] === "submit") {
if (empty($_POST["files"]) || is_array($_POST["files"]) === false) {
sendError(400);
}
$pathID = Access::verifyCurrentPathAccess();
$shareID = loadPicFile("helpers/share/submit.php", array("pathID" => $pathID, "files" => $_POST["files"]));
if (!$shareID) {
sendError(500);
}
header("Content-type: text/plain");
echo $shareID;
} elseif ($_GET["share"] === "receive") {
if (empty($_POST["shareID"])) {
sendError(400);
}
$decodedShareID = loadPicFile("helpers/share/receive.php", array("shareID" => $_POST["shareID"]));
if (!$decodedShareID) {
sendError(404);
}
list($pathID, $files) = $decodedShareID;
$allowedPaths = Access::getAllowedPaths();
if (!isset($allowedPaths[$pathID])) {
sendError(404);
}
header("Content-type: application/json");
echo json_encode(array("path" => $pathID, "files" => $files));
} else {
sendError(404);
}
<?php
require __DIR__ . "/bootstrap-base.php";
loadPicFile("main/app.php");
loadPicFile("main/func.php");
loadPicFile("classes/cache.php");
loadPicFile("classes/conf.php");
loadPicFile("classes/path.php");
<?php
define("BASE_PATH", dirname(__DIR__) . "/");
if (!file_exists(BASE_PATH . "conf/app.json")) {
fwrite(STDERR, "Pictorials is not installed.\n");
exit(1);
}
if (empty($argv[1])) {
fwrite(STDERR, "No sub-command specified.\n");
exit(1);
}
require BASE_PATH . "main/bootstrap.php";
loadPicFile("classes/cli.php");
try {
$command = PicCLI::initCommandCLI(array("create", "update", "delete", "view", "list", "allow", "deny", "permission"));
} catch (Exception $e) {
PicCLI::getIO()->errln($e->getMessage());
exit(PicCLI::EXIT_USAGE);
}
loadPicFile("entry/_path/{$command}.php");
<?php
require BASE_PATH . "main/bootstrap.php";
loadPicFile("main/logging.php");
loadPicFile("classes/db.php");
loadPicFile("classes/accesscontrol.php");
loadPicFile("classes/image.php");
loadPicFile("classes/mrmime.php");
PicDB::initDB();
loadPicFile("main/auth.php");
if (empty($_GET["mode"])) {
loadPicFile("modes/filebrowser.php");
exit;
}
switch ($_GET["mode"]) {
case "download":
case "filebrowser":
case "loadimage":
case "share":
case "sysload":
loadPicFile("modes/{$_GET["mode"]}.php");
break;
default:
sendError(404);
}
<?php
try {
loadPicFile("entry/_path/_access.php", array("authType" => "deny"));
} catch (PicPathAccessException $e) {
if ($e->mode === "add") {
PicCLI::warn(sprintf('%1$s \'%2$s\' is already denied access to this path.', ucwords($e->idType), $e->label));
} elseif ($e->mode === "remove") {
PicCLI::warn(sprintf('%1$s \'%2$s\' is already not explicitly denied access to this path.', ucwords($e->idType), $e->label));
}
}
<?php
sort($files);
$partsEncoded = implode(PATH_SEPARATOR, $files);
$shareID = strtolower(sha1($pathID . PATH_SEPARATOR . $partsEncoded));
$row = loadPicFile("helpers/share/receive.php", array("shareID" => $shareID));
if ($row) {
return $shareID;
}
$insert = PicDB::newInsert();
$insert->into("shares")->cols(array("share_id" => $shareID, "path_id" => $pathID, "files" => $partsEncoded));
PicDB::crud($insert);
return $shareID;
<?php
define("BASE_PATH", dirname(__DIR__) . "/");
if (!file_exists(BASE_PATH . "conf/app.json")) {
fwrite(STDERR, "Pictorials is not installed.\n");
exit(1);
}
if (empty($argv[1])) {
fwrite(STDERR, "No sub-command specified.\n");
exit(1);
}
require BASE_PATH . "main/bootstrap.php";
loadPicFile("classes/cli.php");
try {
$command = PicCLI::initCommandCLI(array("create", "update", "delete", "view"));
} catch (Exception $e) {
PicCLI::getIO()->errln($e->getMessage());
exit(PicCLI::EXIT_USAGE);
}
loadPicFile("entry/_user/{$command}.php");
<?php
define("BASE_PATH", dirname(__DIR__) . "/");
if (!file_exists(BASE_PATH . "conf/app.json")) {
fwrite(STDERR, "Pictorials is not installed.\n");
exit(1);
}
if (empty($argv[1])) {
fwrite(STDERR, "No sub-command specified.\n");
exit(1);
}
require BASE_PATH . "main/bootstrap.php";
loadPicFile("classes/cli.php");
try {
$command = PicCLI::initCommandCLI(array("create", "update", "delete", "view", "adduser"));
} catch (Exception $e) {
PicCLI::getIO()->errln($e->getMessage());
exit(PicCLI::EXIT_USAGE);
}
loadPicFile("entry/_group/{$command}.php");
<?php
class_alias("\\Psr\\Log\\LogLevel", "LogLevel");
loadPicFile("classes/logger.php");
Logger::configure(loadPicFile("conf/logging.json", array(), true));
<?php
$appConfig = loadPicFile("conf/app.json");
$constants = $appConfig["constants"];
foreach ($constants as $name => $value) {
define($name, $value);
}
}
}
if (!($username = PicCLI::getGetopt(2))) {
$username = PicCLI::prompt("Username");
if (!$username) {
$io->errln("No username specified.");
exit(PicCLI::EXIT_INPUT);
}
}
loadPicFile("classes/db.php");
PicDB::initDB();
$groupId = loadPicFile("helpers/id/group.php", array("name" => $groupName));
if (!$groupId) {
$io->errln(sprintf("Group '%s' does not exist.", $groupName));
exit(PicCLI::EXIT_INPUT);
}
$userId = loadPicFile("helpers/id/user.php", array("username" => $username));
if (!$userId) {
$io->errln(sprintf("User '%s' does not exist.", $username));
exit(PicCLI::EXIT_INPUT);
}
$select = PicDB::newSelect();
$select->cols(array("id"))->from("group_memberships")->where("group_id = :group_id")->where("user_id = :user_id")->bindValues(array("group_id" => $groupId, "user_id" => $userId));
if (PicDB::fetch($select, "one")) {
PicCLI::warn(sprintf('User \'%1$s\' is already a member of group \'%2$s\'.', $username, $groupName));
exit;
}
$insert = PicDB::newInsert();
$insert->into("group_memberships")->cols(array("group_id" => $groupId, "user_id" => $userId));
PicDB::crud($insert);
PicCLI::success();
} else {
$io->errln("No mode specified.");
exit(PicCLI::EXIT_USAGE);
}
if (!($pathID = PicCLI::getGetopt(1))) {
$io->errln("No path ID specified.");
exit(PicCLI::EXIT_USAGE);
}
if (!is_numeric($pathID)) {
$io->errln("Invalid path ID specified.");
exit(PicCLI::EXIT_INPUT);
}
$pathID = (int) $pathID;
loadPicFile("classes/db.php");
PicDB::initDB();
if (!loadPicFile("helpers/id/path.php", array("id" => $pathID))) {
$io->errln(sprintf("Path %d does not exist.", $pathID));
exit(PicCLI::EXIT_INPUT);
}
if (!($permission = PicCLI::getGetopt(2))) {
$permission = PicCLI::prompt("Permission");
if (!$permission) {
$io->errln("No permission specified.");
exit(PicCLI::EXIT_INPUT);
}
}
if (!in_array($permission, array("gps", "metadata", "nsfw", "symlinks"))) {
$io->errln("Invalid permission supplied.");
exit(PicCLI::EXIT_INPUT);
}
$select = PicDB::newSelect();
<?php
PicCLI::initGetopt(array());
$io = PicCLI::getIO();
if (!($name = PicCLI::getGetopt(1))) {
$name = PicCLI::prompt("Name");
if (!$name) {
$io->errln("No name specified.");
exit(PicCLI::EXIT_INPUT);
}
}
loadPicFile("classes/db.php");
PicDB::initDB();
$insert = PicDB::newInsert();
$insert->into("groups")->cols(array("name" => $name));
PicDB::crud($insert);
PicCLI::success();
<?php
define("VERSION", "0.4.0-dev");
/**
* @param string $includePicFilename
* @param array $extractVars
* @param bool $getContentsOverride
*/
function loadPicFile($includePicFilename, array $extractVars = array(), $getContentsOverride = false)
{
$fileExtension = pathinfo($includePicFilename, PATHINFO_EXTENSION);
if ($getContentsOverride === true || !in_array($fileExtension, ["json", "php", "phtml"])) {
return file_get_contents(BASE_PATH . $includePicFilename);
}
if ($fileExtension === "json") {
return json_decode(file_get_contents(BASE_PATH . $includePicFilename), true);
}
if (!empty($extractVars)) {
extract($extractVars);
}
return require BASE_PATH . $includePicFilename;
}
loadPicFile("vendor/autoload.php");
<?php
if (empty($_POST["filename"])) {
sendError(400);
}
$filename = loadPicFile("helpers/filenamereject.php", array("filename" => $_POST["filename"]));
$path = Access::getCurrentPath();
$fullFilename = $path->path . $filename;
if (!is_file($fullFilename)) {
sendError(404);
}
if ($path->hasPermission("nsfw") === false) {
$nsfwRegexPathTest = preg_match("/.*\\/NSFW\\/.*/", $fullFilename);
if ($nsfwRegexPathTest === 1 || $nsfwRegexPathTest === false) {
sendError(404);
}
$nsfwRegexPathTest = preg_match("/NSFW\\/.*/", $fullFilename);
if ($nsfwRegexPathTest === 1 || $nsfwRegexPathTest === false) {
sendError(404);
}
}
return $fullFilename;
$directoryFinder->followLinks();
}
if (!empty($relpath)) {
$directoryFinder->path($relpath)->depth(substr_count($relpath, "/") + 1);
}
if ($path->hasPermission("nsfw") === false) {
$directoryFinder->notPath("/.*\\/NSFW\\/.*/")->notPath("/NSFW\\/.*/")->notPath("/.*\\/NSFW/");
}
$directoryIterator = $directoryFinder->in($path->path);
$directoryArray = array();
foreach ($directoryIterator as $directory) {
$directoryArray[] = array("path" => $directory->getRelativePathname(), "name" => $directory->getBasename());
}
$fileFinder = new Finder();
$fileFinder->files()->ignoreUnreadableDirs()->depth(0);
$allowedImageTypes = loadPicFile("helpers/imagetypes.php");
foreach ($allowedImageTypes as $imageType) {
$fileFinder->name("*.{$imageType}");
}
foreach (array_map("strtoupper", $allowedImageTypes) as $imageType) {
$fileFinder->name("*.{$imageType}");
}
$fileFinder->sortByName();
if ($path->hasPermission("symlinks")) {
$fileFinder->followLinks();
}
if (!empty($relpath)) {
$fileFinder->path($relpath)->depth(substr_count($relpath, "/") + 1);
}
if ($path->hasPermission("nsfw") === false) {
$fileFinder->notPath("/.*\\/NSFW\\/.*/")->notPath("/NSFW\\/.*/")->notPath("/.*\\/NSFW/");
$id = loadPicFile("helpers/id/user.php", array("username" => $username));
if (!$id) {
$io->errln(sprintf("User '%s' does not exist.", $username));
exit(PicCLI::EXIT_INPUT);
}
$idType = "users";
$label = $username;
} elseif (PicCLI::getGetopt("--group")) {
if (!($name = PicCLI::getGetopt(2))) {
$name = PicCLI::prompt("Name");
if (!$name) {
$io->errln("No group name specified.");
exit(PicCLI::EXIT_INPUT);
}
}
$id = loadPicFile("helpers/id/group.php", array("name" => $name));
if (!$id) {
$io->errln(sprintf("Group '%s' does not exist.", $name));
exit(PicCLI::EXIT_INPUT);
}
$idType = "groups";
$label = $name;
} else {
$io->errln("No ID type specified.");
exit(PicCLI::EXIT_USAGE);
}
$select = PicDB::newSelect();
$select->cols(array("id"))->from("path_access")->where("path_id = :path_id")->where("auth_type = :auth_type")->where("id_type = :id_type")->where("auth_id = :auth_id")->bindValues(array("path_id" => $pathID, "auth_type" => $authType, "id_type" => $idType, "auth_id" => $id));
$row = PicDB::fetch($select, "one");
class PicPathAccessException extends Exception
{
<?php
$fullFilename = loadPicFile("helpers/checkfilepath.php");
loadPicFile("helpers/checkimagetype.php", array("filename" => $fullFilename));
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($fullFilename) . '"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: no-cache');
header('Content-Length: ' . filesize($fullFilename));
readfile($fullFilename);
Logger::info("main", "Image downloaded", array("filename" => $fullFilename));