$CPG_REFERER = 'index.php'; } else { /** * Using getRaw() since we are checking the referer in the above if condition. */ $CPG_REFERER = $superCage->get->getRaw('referer'); } /** * CPGPluginAPI::action('page_start',null) * * Executes page_start action on all plugins * * @param null * @return N/A **/ CPGPluginAPI::action('page_start', null); // load the main template load_template(); $CONFIG['template_loaded'] = true; // Remove expired bans $now = date('Y-m-d H:i:s'); if ($CONFIG['purge_expired_bans'] == 1) { cpg_db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE expiry < '{$now}'"); } // Check if the user is banned $user_id = USER_ID; // Compose the query $query_string = "SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE ("; if (USER_ID) { $query_string .= "user_id={$user_id} OR "; }
/** * CPGPluginAPI::uninstall() * * Uninstalls a plugin and executes 'plugin_uninstall' action * * @param integer $plugin_id * @return N/A **/ function uninstall($plugin_id) { global $CONFIG, $USER_DATA, $CPG_PLUGINS, $thisplugin, $lang_plugin_api; if (!isset($CPG_PLUGINS[$plugin_id])) { return true; } // Grab the plugin from the global scope $thisplugin =& $CPG_PLUGINS[$plugin_id]; // Grab the priority level, so you can shift the ones in the database $priority = $thisplugin->priority; // If plugin has an uninstall action, execute it $uninstalled = CPGPluginAPI::action('plugin_uninstall', true, $plugin_id); if (is_bool($uninstalled) && $uninstalled) { $sql = 'delete from ' . $CONFIG['TABLE_PLUGINS'] . ' ' . 'where plugin_id=' . $plugin_id . ';'; $result = cpg_db_query($sql); // Shift the plugins up $sql = 'update ' . $CONFIG['TABLE_PLUGINS'] . ' set priority=priority-1 where priority>' . $priority . ';'; $result = cpg_db_query($sql); unset($CPG_PLUGINS[$plugin_id]); if ($CONFIG['log_mode']) { log_write("Plugin '" . $name . "' uninstalled at " . date("F j, Y, g:i a"), CPG_GLOBAL_LOG); } return true; // If $uninstalled is an integer then the plugin needs to be cleaned up; Return the value } elseif (is_numeric($uninstalled)) { return $uninstalled; } else { // The plugin's uninstall action failed cpg_die(CRITICAL_ERROR, sprintf($lang_plugin_api['error_uninstall'], $thisplugin->name), __FILE__, __LINE__); } }
/** * CPGPluginAPI::uninstall() * * Uninstalls a plugin and executes 'plugin_uninstall' action * * @param integer $plugin_id * @return N/A **/ public static function uninstall($plugin_id) { global $CONFIG, $USER_DATA, $CPG_PLUGINS, $thisplugin, $lang_plugin_api, $name; if (!isset($CPG_PLUGINS[$plugin_id])) { return true; } // Grab the plugin from the global scope $thisplugin =& $CPG_PLUGINS[$plugin_id]; // Grab the priority level, so you can shift the ones in the database $priority = $thisplugin->priority; // If plugin has an uninstall action, execute it $uninstalled = CPGPluginAPI::action('plugin_uninstall', true, $plugin_id); if (is_bool($uninstalled) && $uninstalled) { $sql = "DELETE FROM {$CONFIG['TABLE_PLUGINS']} WHERE plugin_id = {$plugin_id}"; $result = cpg_db_query($sql); // Shift the plugins up $sql = "UPDATE {$CONFIG['TABLE_PLUGINS']} SET priority = priority - 1 WHERE priority > {$priority}"; $result = cpg_db_query($sql); unset($CPG_PLUGINS[$plugin_id]); if ($CONFIG['log_mode']) { log_write("Plugin '" . $thisplugin->name . "' uninstalled", CPG_GLOBAL_LOG); } return true; // If $uninstalled is an integer then the plugin needs to be cleaned up; Return the value } elseif (is_numeric($uninstalled)) { return $uninstalled; } else { // The plugin's uninstall action failed cpg_die(CRITICAL_ERROR, sprintf($lang_plugin_api['error_uninstall'], $thisplugin->name), __FILE__, __LINE__); } }
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } // Create and send the e-card if ($superCage->post->keyExists('sender_name') && $valid_sender_email && $valid_recipient_email) { if ($CONFIG['ecard_captcha'] == 1 || $CONFIG['ecard_captcha'] == 2 && !USER_ID) { if (!captcha_plugin_enabled('ecard')) { require "include/captcha.inc.php"; $matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/'); if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) { if ($CONFIG['log_mode'] != 0) { log_write('Captcha authentication for ecard failed for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG); } cpg_die(ERROR, $lang_errors['captcha_error'], __FILE__, __LINE__); } } else { CPGPluginAPI::action('captcha_ecard_validate', null); } } require 'include/mailer.inc.php'; if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) { $n_picname = get_pic_url($row, 'normal'); } else { $n_picname = get_pic_url($row, 'fullsize'); } if (!stristr($n_picname, 'http:')) { $n_picname = $gallery_url_prefix . $n_picname; } $msg_content = process_smilies($message, $gallery_url_prefix); $data = array('rn' => $superCage->post->noTags('recipient_name'), 'sn' => $superCage->post->noTags('sender_name'), 'se' => $sender_email, 'p' => $n_picname, 'g' => $greetings, 'm' => $message, 'pid' => $pid, 'pt' => $pic_title, 'pc' => $pic_caption); $encoded_data = urlencode(base64_encode(serialize($data))); $params = array('{LANG_DIR}' => $lang_text_dir, '{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name), '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'], '{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data={$encoded_data}", '{VIEW_ECARD_LNK}' => $lang_ecard_php['view_ecard'], '{VIEW_ECARD_LNK_PLAINTEXT}' => $lang_ecard_php['view_ecard_plaintext'], '{PIC_URL}' => $n_picname, '{URL_PREFIX}' => $gallery_url_prefix, '{GREETINGS}' => $greetings, '{MESSAGE}' => bb_decode($msg_content), '{PLAINTEXT_MESSAGE}' => $message, '{SENDER_EMAIL}' => $sender_email, '{SENDER_NAME}' => $sender_name, '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'], '{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'], '{PID}' => $pid, '{PIC_TITLE}' => $pic_title, '{PIC_CAPTION}' => bb_decode($pic_caption), '{PIC_MARKUP}' => $pic_markup);
function theme_display_thumbnails(&$thumb_list, $nbThumb, $album_name, $aid, $cat, $page, $total_pages, $sort_options, $display_tabs, $mode = 'thumb', $date = '') { global $CONFIG, $CURRENT_ALBUM_DATA; global $template_thumb_view_title_row, $template_fav_thumb_view_title_row, $lang_thumb_view, $lang_common, $template_tab_display, $template_thumbnail_view, $lang_album_list, $lang_errors; $superCage = Inspekt::makeSuperCage(); static $header = ''; static $thumb_cell = ''; static $empty_cell = ''; static $row_separator = ''; static $footer = ''; static $tabs = ''; static $spacer = ''; if ($header == '') { $thumb_cell = template_extract_block($template_thumbnail_view, 'thumb_cell'); $tabs = template_extract_block($template_thumbnail_view, 'tabs'); $header = template_extract_block($template_thumbnail_view, 'header'); $empty_cell = template_extract_block($template_thumbnail_view, 'empty_cell'); $row_separator = template_extract_block($template_thumbnail_view, 'row_separator'); $footer = template_extract_block($template_thumbnail_view, 'footer'); $spacer = template_extract_block($template_thumbnail_view, 'spacer'); } $cat_link = is_numeric($aid) ? '' : '&cat=' . $cat; $date_link = $date == '' ? '' : '&date=' . $date; if ($superCage->get->getInt('uid')) { $uid_link = '&uid=' . $superCage->get->getInt('uid'); } else { $uid_link = ''; } $album_types = array('albums' => array('lastalb')); $album_types = CPGPluginAPI::filter('theme_thumbnails_album_types', $album_types); $theme_thumb_tab_tmpl = $template_tab_display; if ($mode == 'thumb') { $theme_thumb_tab_tmpl['left_text'] = strtr($theme_thumb_tab_tmpl['left_text'], array('{LEFT_TEXT}' => in_array($aid, $album_types['albums']) ? $lang_album_list['album_on_page'] : $lang_thumb_view['pic_on_page'])); $theme_thumb_tab_tmpl['page_link'] = strtr($theme_thumb_tab_tmpl['page_link'], array('{LINK}' => 'thumbnails.php?album=' . $aid . $cat_link . $date_link . $uid_link . '&page=%d')); } else { $theme_thumb_tab_tmpl['left_text'] = strtr($theme_thumb_tab_tmpl['left_text'], array('{LEFT_TEXT}' => $lang_thumb_view['user_on_page'])); $theme_thumb_tab_tmpl['page_link'] = strtr($theme_thumb_tab_tmpl['page_link'], array('{LINK}' => 'index.php?cat=' . $cat . '&page=%d')); } $thumbcols = $CONFIG['thumbcols']; $cell_width = ceil(100 / $CONFIG['thumbcols']) . '%'; $tabs_html = $display_tabs ? create_tabs($nbThumb, $page, $total_pages, $theme_thumb_tab_tmpl) : ''; if (!GALLERY_ADMIN_MODE && stripos($template_thumb_view_title_row, 'admin_buttons') !== false) { template_extract_block($template_thumb_view_title_row, 'admin_buttons'); } // The sort order options are not available for meta albums if ($sort_options) { if (GALLERY_ADMIN_MODE) { $param = array('{ALBUM_ID}' => $aid, '{CAT_ID}' => $cat > 0 ? $cat : $CURRENT_ALBUM_DATA['category'], '{MODIFY_LNK}' => $lang_common['album_properties'], '{MODIFY_ICO}' => cpg_fetch_icon('modifyalb', 1), '{PARENT_CAT_LNK}' => $lang_common['parent_category'], '{PARENT_CAT_ICO}' => cpg_fetch_icon('category', 1), '{EDIT_PICS_LNK}' => $lang_common['edit_files'], '{EDIT_PICS_ICO}' => cpg_fetch_icon('edit', 1), '{ALBUM_MGR_LNK}' => $lang_common['album_manager'], '{ALBUM_MGR_ICO}' => cpg_fetch_icon('alb_mgr', 1)); } else { $param = array(); } $param['{ALBUM_NAME}'] = $album_name; // Plugin Filter: allow plugin to modify or add tags to process $param = CPGPluginAPI::filter('theme_thumbnails_title', $param); $title = template_eval($template_thumb_view_title_row, $param); } elseif ($aid == 'favpics' && $CONFIG['enable_zipdownload'] > 0) { //Lots of stuff can be added here later $param = array('{ALBUM_ID}' => $aid, '{ALBUM_NAME}' => $album_name, '{DOWNLOAD_ZIP}' => cpg_fetch_icon('zip', 2) . $lang_thumb_view['download_zip']); // Plugin Filter: allow plugin to modify or add tags to process $param = CPGPluginAPI::filter('theme_thumbnails_title', $param); $title = template_eval($template_fav_thumb_view_title_row, $param); } else { $title = $album_name; } CPGPluginAPI::action('theme_thumbnails_wrapper_start', null); if ($mode == 'thumb') { starttable('100%', $title, $thumbcols); } else { starttable('100%'); } $header = CPGPluginAPI::filter('theme_thumbnails_header', $header); echo $header; $i = 0; global $thumb; // make $thumb accessible to plugins foreach ($thumb_list as $thumb) { $i++; if ($mode == 'thumb') { if (in_array($aid, $album_types['albums'])) { $params = array('{CELL_WIDTH}' => $cell_width, '{LINK_TGT}' => "thumbnails.php?album={$thumb['aid']}", '{THUMB}' => $thumb['image'], '{CAPTION}' => $thumb['caption'], '{ADMIN_MENU}' => $thumb['admin_menu']); } else { // determine if thumbnail link targets should open in a pop-up if ($CONFIG['thumbnail_to_fullsize'] == 1) { // code for full-size pop-up if (!USER_ID && $CONFIG['allow_unlogged_access'] <= 2) { $target = 'javascript:;" onclick="alert(\'' . sprintf($lang_errors['login_needed'], '', '', '', '') . '\');'; } elseif (USER_ID && USER_ACCESS_LEVEL <= 2) { $target = 'javascript:;" onclick="alert(\'' . sprintf($lang_errors['access_intermediate_only'], '', '', '', '') . '\');'; } else { $target = 'javascript:;" onclick="MM_openBrWindow(\'displayimage.php?pid=' . $thumb['pid'] . '&fullsize=1\',\'' . uniqid(rand()) . '\',\'scrollbars=yes,toolbar=no,status=no,resizable=yes,width=' . ((int) $thumb['pwidth'] + (int) $CONFIG['fullsize_padding_x']) . ',height=' . ((int) $thumb['pheight'] + (int) $CONFIG['fullsize_padding_y']) . '\');'; } } elseif ($aid == 'random') { $target = "displayimage.php?pid={$thumb['pid']}{$uid_link}#top_display_media"; } elseif ($aid == 'lastcom' || $aid == 'lastcomby') { $page = cpg_get_comment_page_number($thumb['msg_id']); $page = is_numeric($page) ? "&page={$page}" : ''; $target = "displayimage.php?album={$aid}{$cat_link}{$date_link}&pid={$thumb['pid']}{$uid_link}&msg_id={$thumb['msg_id']}{$page}#comment{$thumb['msg_id']}"; } else { $target = "displayimage.php?album={$aid}{$cat_link}{$date_link}&pid={$thumb['pid']}{$uid_link}#top_display_media"; } $params = array('{CELL_WIDTH}' => $cell_width, '{LINK_TGT}' => $target, '{THUMB}' => $thumb['image'], '{CAPTION}' => $thumb['caption'], '{ADMIN_MENU}' => $thumb['admin_menu']); } } else { // mode != 'thumb' // Used for mode = 'user' from list_users() in index.php $params = array('{CELL_WIDTH}' => $cell_width, '{LINK_TGT}' => "index.php?cat={$thumb['cat']}", '{THUMB}' => $thumb['image'], '{CAPTION}' => $thumb['caption'], '{ADMIN_MENU}' => ''); } // Plugin Filter: allow plugin to modify or add tags to process $params = CPGPluginAPI::filter('theme_display_thumbnails_params', $params); echo template_eval($thumb_cell, $params); if ($i % $thumbcols == 0 && $i < count($thumb_list)) { echo $row_separator; } } // foreach $thumb unset($thumb); // unset $thumb to avoid conflicting with global for (; $i % $thumbcols; $i++) { echo $empty_cell; } $footer = CPGPluginAPI::filter('theme_thumbnails_footer', $footer); echo $footer; if ($display_tabs) { $params = array('{THUMB_COLS}' => $thumbcols, '{TABS}' => $tabs_html); echo template_eval($tabs, $params); } endtable(); CPGPluginAPI::action('theme_thumbnails_wrapper_end', null); echo $spacer; }
$approved_no_set .= $superCage->post->getInt('status_approved_no' . $message_id_check) . ','; } } $approved_yes_set = rtrim($approved_yes_set, ','); $approved_no_set = rtrim($approved_no_set, ','); $nb_com_yes = 0; $nb_com_no = 0; if ($approved_yes_set != '') { cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET `approval` = 'YES' WHERE msg_id IN ({$approved_yes_set})"); $nb_com_yes = mysql_affected_rows(); } if ($approved_no_set != '') { cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET `approval` = 'NO' WHERE msg_id IN ({$approved_no_set})"); $nb_com_no = mysql_affected_rows(); } CPGPluginAPI::action('comment_approve', array('approved_yes_set' => $approved_yes_set, 'approved_no_set' => $approved_no_set)); } $nb_com_del = 0; //if (isset($_POST['cid_array'])) { // have any checkboxes been ticked? if ($superCage->post->keyExists('cid_array')) { $cid_array = $superCage->post->getEscaped('cid_array'); $cid_set = ''; foreach ($cid_array as $cid) { $cid_set .= $cid_set == '' ? '(' . $cid : ', ' . $cid; if ($superCage->post->getAlpha('with_selected') == 'approve' && $superCage->post->getInt('spam' . $cid) == 'YES') { $akismet_ham_array[] = $cid; } } $cid_set .= ')'; //Check if the form token is valid if (!checkFormToken()) {
function delete_picture($pid, $tablecellstyle = 'tableb') { global $CONFIG, $header_printed, $lang_errors, $lang_delete_php, $LINEBREAK; if (!$header_printed) { output_table_header(); } $green = cpg_fetch_icon('ok', 0, $lang_delete_php['del_success']); $red = cpg_fetch_icon('stop', 0, $lang_delete_php['err_del']); // We will be selecting pid in the query as we need it in $pic array for the plugin filter if (GALLERY_ADMIN_MODE) { $query = "SELECT pid, aid, filepath, filename FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}'"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = $result->fetchAssoc(true); } else { $query = "SELECT pid, p.aid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid='{$pid}'"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = $result->fetchAssoc(true); if (!($pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } } $aid = $pic['aid']; $dir = $CONFIG['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], htmlspecialchars($dir)), __FILE__, __LINE__); } // Plugin filter to be called before deleting a file CPGPluginAPI::action('before_delete_file', $pic); echo '<tr>'; echo "<td class=\"" . $tablecellstyle . "\">" . htmlspecialchars($file) . "</td>"; $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); // Check for custom thumbnails for non-images if (!is_image($file)) { $mime_content = cpg_get_type($file); $file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file)); foreach (array('.gif', '.png', '.jpg') as $thumb_extension) { if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) { // Thumbnail found, check if it's the only file using that thumbnail $count = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'")->result(0); if ($count == 1) { unset($files[count($files) - 1]); $files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension; break; } } } } foreach ($files as $currFile) { echo "<td class=\"" . $tablecellstyle . "\" align=\"center\">"; if (is_file($currFile)) { if (@unlink($currFile)) { echo $green; } else { echo $red; } } else { echo " "; } echo "</td>"; } $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; cpg_db_query($query); echo "<td class=\"" . $tablecellstyle . "\" align=\"center\">"; if (cpg_db_affected_rows() > 0) { echo $green; } else { echo " "; } echo "</td>"; $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = {$pid}"; cpg_db_query($query); $query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1"; cpg_db_query($query); echo "<td class=\"" . $tablecellstyle . "\" align=\"center\">"; if (cpg_db_affected_rows() > 0) { echo $green; } else { echo $red; } $query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '{$pid}'"; cpg_db_query($query); echo '</td>'; echo '</tr>' . $LINEBREAK; // Plugin filter to be called after a file is deleted CPGPluginAPI::action('after_delete_file', $pic); return $aid; }
$message = addslashes(htmlspecialchars($superCage->post->getRaw('message'))); $captcha = ($matches = $superCage->post->getMatched('captcha', '/^[a-zA-Z0-9]+$/')) ? $matches[0] : ''; // sanitize user-input $html_message = str_replace('<', '<', $message); $expand_array = array(); // check captcha if (!USER_ID && $CONFIG['contact_form_guest_enable'] == 1 || USER_ID && $CONFIG['contact_form_registered_enable'] == 1) { if (!captcha_plugin_enabled('contact')) { require_once "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha)) { $captcha_remark = $lang_errors['captcha_error']; $expand_array[] = 'captcha_remark'; $error++; } } else { CPGPluginAPI::action('captcha_contact_validate', null); } } // check email address if (!USER_ID && $CONFIG['contact_form_guest_email_field'] == 2) { if (!Inspekt::isEmail($email_address)) { $expand_array[] = 'email_remark'; $error++; } } // check subject field if ($CONFIG['contact_form_subject_field'] >= 2 && $subject == '') { $expand_array[] = 'subject_remark'; $error++; } // check message field
{$lastComDate} {$lastComText} </td> </tr> <tr> <td align="left" valign="top" class="tableb tableb_alternate"> {$lang_register_php['last_uploads']} {$lastUploadByText} </td> <td align="left" valign="top" class="tableb tableb_alternate"> {$lastUploadText} </td> </tr> EOT; CPGPluginAPI::action('profile_display_form', null); echo <<<EOT <tr> <td colspan="2" align="center" class="tablef"> <button type="submit" class="button" name="change_profile" id="change_profile" value="{$lang_common['apply_changes']}">{$icon_array['ok']}{$lang_common['apply_changes']}</button> <button type="submit" class="button" name="change_pass" id="change_pass" value="{$lang_register_php['change_pass']}">{$icon_array['password']}{$lang_register_php['change_pass']}</button> </td> </tr> EOT; endtable(); list($timestamp, $form_token) = getFormToken(); echo "<input type=\"hidden\" name=\"form_token\" value=\"{$form_token}\" />\n <input type=\"hidden\" name=\"timestamp\" value=\"{$timestamp}\" /></form>"; if ($CONFIG['allow_user_account_delete'] != 0) { // user is allowed to delete his account --- start print <<<EOT
/** * process_post_data() * * Function to process the form posted */ function process_post_data() { global $CONFIG, $user_albums_list, $lang_errors; $superCage = Inspekt::makeSuperCage(); //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $user_album_set = array(); $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'"); while ($row = $result->fetchAssoc()) { $user_album_set[$row['aid']] = 1; } $result->free(); $pid_array = $superCage->post->getInt('pid'); if (!is_array($pid_array)) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } if ($superCage->post->keyExists('galleryicon')) { $galleryicon = $superCage->post->getInt('galleryicon'); } else { $galleryicon = ''; } foreach ($pid_array as $pid) { $aid = $superCage->post->getInt("aid{$pid}"); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $delete = false; $reset_vcount = false; $reset_votes = false; $del_comments = false; $isgalleryicon = $galleryicon === $pid; if ($superCage->post->keyExists('delete' . $pid)) { $delete = $superCage->post->getInt('delete' . $pid); } if ($superCage->post->keyExists('reset_vcount' . $pid)) { $reset_vcount = $superCage->post->getInt('reset_vcount' . $pid); } if ($superCage->post->keyExists('reset_votes' . $pid)) { $reset_votes = $superCage->post->getInt('reset_votes' . $pid); } if ($superCage->post->keyExists('del_comments' . $pid)) { $del_comments = $superCage->post->getInt('del_comments' . $pid); } // We will be selecting pid in the query as we need it in $pic array for the plugin filter $query = "SELECT pid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = {$pid}"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = $result->fetchAssoc(true); if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } } cpg_trim_keywords($keywords); $update = "aid = '{$aid}'"; $update .= ", title = '{$title}'"; $update .= ", caption = '{$caption}'"; $update .= ", keywords = '{$keywords}'"; $update .= ", user1 = '{$user1}'"; $update .= ", user2 = '{$user2}'"; $update .= ", user3 = '{$user3}'"; $update .= ", user4 = '{$user4}'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}"); $update .= ", galleryicon = " . $galleryicon; } if (is_movie($pic['filename'])) { $pwidth = $superCage->post->getInt('pwidth' . $pid); $pheight = $superCage->post->getInt('pheight' . $pid); $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } if ($reset_vcount) { $update .= ", hits = 0"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = 0, votes = 0"; resetDetailVotes($pid); } if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) { $approved = ''; if ($superCage->post->keyExists('approved' . $pid)) { $approved = $superCage->post->getAlpha('approved' . $pid); } if ($approved == 'YES') { $update .= ", approved = 'YES'"; } else { $update .= ", approved = 'NO'"; } } if ($del_comments || $delete) { cpg_db_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = {$pid}"); } if ($delete) { $dir = $CONFIG['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__); } $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); // Check for custom thumbnails for non-images if (!is_image($file)) { $mime_content = cpg_get_type($file); $file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file)); foreach (array('.gif', '.png', '.jpg') as $thumb_extension) { if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) { // Thumbnail found, check if it's the only file using that thumbnail $count = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'")->result(0); if ($count == 1) { unset($files[count($files) - 1]); $files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension; break; } } } } foreach ($files as $currFile) { if (is_file($currFile)) { @unlink($currFile); } } // Plugin filter to be called before deleting a file CPGPluginAPI::action('before_delete_file', $pic); cpg_db_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid} LIMIT 1"); cpg_db_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '{$pid}'"); // Plugin filter to be called after a file is deleted CPGPluginAPI::action('after_delete_file', $pic); } else { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid = {$pid}"); // Executes after a file update is committed CPGPluginAPI::action('after_edit_file', $pid); } } }
// Check that the file uploaded has a valid extension if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { cpg_die(ERROR, $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } $uploaded_pic = $dest_dir . $picture_name; CPGPluginAPI::action('upload_html_pre_move', $superCage->files->getRaw("/userpicture/tmp_name")); // Move the picture into its final location // getRaw is safe here since this filename is generated by the server if (!move_uploaded_file($superCage->files->getRaw("/userpicture/tmp_name"), $uploaded_pic)) { cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true); } // Change file permission chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); // Get picture information // Check that picture file size is lower than the maximum allowed if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] * 1024) { @unlink($uploaded_pic); cpg_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__); } elseif (is_image($picture_name)) { $imginfo = cpg_getimagesize($uploaded_pic); if ($imginfo == null) {
// Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } // Create path for final location. $uploaded_pic = $dest_dir . $picture_name; // Form path to temporary image. $path_to_image = './' . $CONFIG['fullpath'] . 'edit/' . $tempname; // prevent moving the edit directory... if (is_dir($path_to_image)) { echo 'error|' . $lang_upload_php['failure'] . " - '{$path_to_image}'|0"; exit; } CPGPluginAPI::action('upload_swf_pre_move', $path_to_image); // Move the picture into its final location if (rename($path_to_image, $uploaded_pic)) { // Change file permission @chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); //silence the output in case chmod is disabled $CURRENT_PIC_DATA = array(); // Create thumbnail and intermediate image and add the image into the DB $result = add_picture($album, $filepath, $picture_name, 0, '', '', '', '', '', '', '', $category); if ($result !== true) { // The file could not be placed. $file_placement = 'no'; } else { $CURRENT_PIC_DATA['url_prefix'] = 0; // The file was placed successfully. $file_placement = 'yes';
function check_user_info(&$error) { global $CONFIG; global $lang_register_php, $lang_common, $lang_register_approve_email; global $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>'; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>'; } if ($password == $user_name) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>'; } if ($password != $password_again) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>'; } if (!Inspekt::isEmail($email)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>'; } // Perform the ban check against email address and username $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>'; } mysql_free_result($result); $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>'; } mysql_free_result($result); // check captcha if ($CONFIG['registration_captcha'] != 0) { if (!captcha_plugin_enabled('register')) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>'; } } else { $error = CPGPluginAPI::filter('captcha_register_validate', $error); } } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>'; } mysql_free_result($result); } $error = CPGPluginAPI::filter('register_form_validate', $error); if ($error != '') { return false; } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } $encpassword = md5($password); $user_language = $CONFIG['lang']; $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')"; $result = cpg_db_query($sql); $user_array = array(); $user_array['user_id'] = mysql_insert_id(); $user_array['user_name'] = $user_name; $user_array['user_email'] = $email; $user_array['user_active'] = $active; CPGPluginAPI::action('register_form_submit', $user_array); if ($CONFIG['log_mode']) { log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG); } // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $user_id = mysql_insert_id(); $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})"); } // Registrations must be activated/verified by the user clicking a link in an email if ($CONFIG['reg_requires_valid_email']) { // Mail the user the activation/verification link $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } else { if ($CONFIG['admin_activation']) { // We need admin activation only msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { // No activation required, account is ready for login msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } } // email notification or actication link to admin if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { if (UDB_INTEGRATION == 'coppermine') { // get default language in which to inform the admins $result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1"); while ($row = mysql_fetch_assoc($result)) { if (!empty($row['user_email'])) { $admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']); } } } else { //@todo: is it possible to get the language from bridged installs? $admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english'); } foreach ($admins as $admin) { //check if the admin language is available if (file_exists("lang/{$admin['lang']}.php")) { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']); } else { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); } // if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } elseif ($CONFIG['reg_notify_admin_email']) { // otherwise, email is for information only cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } } return true; }
function process_post_data() { global $CONFIG, $USER_DATA, $lang_errors, $lang_editpics_php, $superCage; //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $user_album_set = array(); $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'"); while ($row = mysql_fetch_assoc($result)) { $user_album_set[$row['aid']] = 1; } mysql_free_result($result); $pid = $superCage->post->getInt('id'); $aid = $superCage->post->getInt('aid'); $pwidth = $superCage->post->getInt('pwidth'); $pheight = $superCage->post->getInt('pheight'); $title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title')); $caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption')); $keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords'))); $user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1')); $user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2')); $user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3')); $user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4')); $galleryicon = $superCage->post->getInt('galleryicon'); $isgalleryicon = $galleryicon == $pid; $read_exif = $superCage->post->keyExists('read_exif') ? $superCage->post->getInt('read_exif') : 0; $reset_vcount = $superCage->post->keyExists('reset_vcount') ? $superCage->post->getInt('reset_vcount') : 0; $reset_votes = $superCage->post->keyExists('reset_votes') ? $superCage->post->getInt('reset_votes') : 0; $del_comments = $superCage->post->keyExists('del_comments') ? $superCage->post->getInt('del_comments') : 0; $result = cpg_db_query("SELECT category, owner_id, url_prefix, filepath, filename, pwidth, pheight, p.aid AS aid FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = '{$pid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_assoc($result); mysql_free_result($result); if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } } if (!USER_ID || !(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '{$aid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $new_alb = mysql_fetch_assoc($result); mysql_free_result($result); cpg_trim_keywords($keywords); $update = "aid = '{$aid}'"; if (is_movie($pic['filename'])) { $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } $update .= ", title = '{$title}'"; $update .= ", caption = '{$caption}'"; $update .= ", keywords = '{$keywords}'"; if (GALLERY_ADMIN_MODE) { $approved = $superCage->post->getAlpha('approved'); $update .= ", approved = '{$approved}'"; } elseif ($new_alb['category'] < FIRST_USER_CAT && $aid != $pic['aid']) { $approved = $USER_DATA['pub_upl_need_approval'] ? 'NO' : 'YES'; $update .= ", approved = '{$approved}'"; } elseif ($new_alb['category'] > FIRST_USER_CAT && $aid != $pic['aid'] && $pic['category'] < FIRST_USER_CAT) { $approved = $USER_DATA['priv_upl_need_approval'] ? 'NO' : 'YES'; $update .= ", approved = '{$approved}'"; } $update .= ", user1 = '{$user1}'"; $update .= ", user2 = '{$user2}'"; $update .= ", user3 = '{$user3}'"; $update .= ", user4 = '{$user4}'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = "UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}"; cpg_db_query($sql); $update .= ", galleryicon = " . $galleryicon; } if ($reset_vcount) { $update .= ", hits = 0"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = 0, votes = 0"; resetDetailVotes($pid); } if ($read_exif) { // If "read exif info again" is checked then just delete the entry from the exif table. // The new exif information will automatically be read when someone views the image. $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = '{$pid}'"; cpg_db_query($query); } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '{$pid}'"; cpg_db_query($query); } $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; cpg_db_query($query); // Executes after a file update is committed CPGPluginAPI::action('after_edit_file', $pid); // rename a file if ($superCage->post->keyExists('filename')) { $post_filename = $superCage->post->getEscaped('filename'); } if ($post_filename != $pic['filename']) { if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($pic['pwidth'], $pic['pheight'])) { $prefixes = array('fullsize', 'normal', 'thumb'); } else { $prefixes = array('fullsize', 'thumb'); } if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { $prefixes[] = 'orig'; } if (!is_image($pic['filename'])) { $prefixes = array('fullsize'); // Check for custom thumbnails $mime_content_old = cpg_get_type($pic['filename']); $mime_content_new = cpg_get_type(replace_forbidden($post_filename)); $file_base_name_old = str_replace('.' . $mime_content_old['extension'], '', basename($pic['filename'])); foreach (array('.gif', '.png', '.jpg') as $thumb_extension) { if (file_exists($CONFIG['fullpath'] . $pic['filepath'] . $CONFIG['thumb_pfx'] . $file_base_name_old . $thumb_extension)) { // Thumbnail found, check if it's the only file using that thumbnail $count = mysql_result(cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name_old}.%'"), 0); if ($count == 1) { $prefixes[] = 'thumb'; $custom_thumb = TRUE; break; } } } } $pic_prefix = array('thumb' => $CONFIG['thumb_pfx'], 'normal' => $CONFIG['normal_pfx'], 'orig' => $CONFIG['orig_pfx'], 'fullsize' => ''); $files_to_rename = array(); foreach ($prefixes as $prefix) { $oldname = urldecode($CONFIG['fullpath'] . $pic['filepath'] . $pic_prefix[$prefix] . $pic['filename']); $filename = replace_forbidden($post_filename); $newname = str_replace($pic['filename'], $filename, $oldname); if ($custom_thumb == TRUE && $prefix == 'thumb') { $oldname = str_replace('.' . $mime_content_old['extension'], $thumb_extension, $oldname); $newname = str_replace('.' . $mime_content_new['extension'], $thumb_extension, $newname); } $old_mime = cpg_get_type($oldname); $new_mime = cpg_get_type($newname); if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__); } if (!is_known_filetype($newname)) { cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__); } if (file_exists($newname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__); } if (!file_exists($oldname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__); } // Check if there will be no conflicts before doing anything $files_to_rename[] = array('oldname' => $oldname, 'filename' => $filename, 'newname' => $newname); } if (count($files_to_rename) > 0) { foreach ($files_to_rename as $file) { if (rename($file['oldname'], $file['newname'])) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$file['filename']}' WHERE pid = '{$pid}' LIMIT 1"); } else { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); } } } } }
function add_picture($aid, $filepath, $filename, $position = 0, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0) { global $CONFIG, $USER_DATA, $PIC_NEED_APPROVAL, $CURRENT_PIC_DATA; global $lang_errors, $lang_db_input_php; $image = $CONFIG['fullpath'] . $filepath . $filename; $normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename; $thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename; $orig = $CONFIG['fullpath'] . $filepath . $CONFIG['orig_pfx'] . $filename; // $mini = $CONFIG['fullpath'] . $filepath . $CONFIG['mini_pfx'] . $filename; $work_image = $image; if (!is_known_filetype($image)) { return array('error' => $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], 'halt_upload' => 0); } elseif (is_image($filename)) { $imagesize = cpg_getimagesize($image); if ($CONFIG['read_iptc_data']) { // read IPTC data $iptc = get_IPTC($image); if (is_array($iptc) && !$title && !$caption && !$keywords) { //if any of those 3 are filled out we don't want to override them, they may be blank on purpose. $title = isset($iptc['Headline']) ? trim($iptc['Headline']) : $title; $caption = isset($iptc['Caption']) ? trim($iptc['Caption']) : $caption; $keywords = isset($iptc['Keywords']) ? implode($CONFIG['keyword_separator'], $iptc['Keywords']) : $keywords; } } // resize picture if it's bigger than the max width or height for uploaded pictures if (max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) { if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) { $resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use']; resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $resize_method, 'false'); $imagesize = cpg_getimagesize($image); } elseif (USER_IS_ADMIN) { // skip resizing for admin $picture_original_size = true; } else { @unlink($uploaded_pic); $msg = sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']); return array('error' => $msg, 'halt_upload' => 1); } } // create backup of full sized picture if watermark is enabled for full sized pictures if (!file_exists($orig) && $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { if (!copy($image, $orig)) { return false; } else { $work_image = $orig; } } if (!file_exists($thumb)) { // create thumbnail if (($result = resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1)) !== true) { return $result; } } if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($imagesize[0], $imagesize[1]) && !file_exists($normal)) { // create intermediate sized picture $resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use']; $watermark = $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'resized') ? 'true' : 'false'; if (($result = resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, $watermark)) !== true) { return $result; } } // watermark full sized picture if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { $wm_max_upl_width_height = $picture_original_size ? max($imagesize[0], $imagesize[1]) : $CONFIG['max_upl_width_height']; // use max aspect of original image if it hasn't been resized earlier if (($result = resize_image($work_image, $image, $wm_max_upl_width_height, $CONFIG['thumb_method'], 'any', 'true')) !== true) { return $result; } } } else { $imagesize[0] = $iwidth; $imagesize[1] = $iheight; } clearstatcache(); $image_filesize = filesize($image); $total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize; // Test if disk quota exceeded if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota'] && $category == FIRST_USER_CAT + USER_ID) { $result = cpg_db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'"); $record = mysql_fetch_array($result); $total_space_used = $record[0]; mysql_free_result($result); if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) { @unlink($image); if (is_image($image)) { @unlink($normal); @unlink($thumb); } $msg = $lang_errors['quota_exceeded'] . '<br /> <br />' . strtr($lang_errors['quota_exceeded_details'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10)); return array('error' => $msg, 'halt_upload' => 1); } } // Test if picture requires approval if (GALLERY_ADMIN_MODE) { $approved = 'YES'; } elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) { $approved = 'YES'; } elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) { $approved = 'YES'; } else { $approved = 'NO'; } $PIC_NEED_APPROVAL = $approved == 'NO'; // User ID is recorded when in admin mode $user_id = USER_ID; // Populate Array to pass to plugins, then to SQL $CURRENT_PIC_DATA['aid'] = $aid; $CURRENT_PIC_DATA['filepath'] = $filepath; $CURRENT_PIC_DATA['filename'] = $filename; $CURRENT_PIC_DATA['filesize'] = $image_filesize; $CURRENT_PIC_DATA['total_filesize'] = $total_filesize; $CURRENT_PIC_DATA['pwidth'] = $imagesize[0]; $CURRENT_PIC_DATA['pheight'] = $imagesize[1]; $CURRENT_PIC_DATA['owner_id'] = $user_id; $CURRENT_PIC_DATA['title'] = $title; $CURRENT_PIC_DATA['caption'] = $caption; $CURRENT_PIC_DATA['keywords'] = $keywords; $CURRENT_PIC_DATA['approved'] = $approved; $CURRENT_PIC_DATA['user1'] = $user1; $CURRENT_PIC_DATA['user2'] = $user2; $CURRENT_PIC_DATA['user3'] = $user3; $CURRENT_PIC_DATA['user4'] = $user4; $CURRENT_PIC_DATA['pic_raw_ip'] = $raw_ip; $CURRENT_PIC_DATA['pic_hdr_ip'] = $hdr_ip; $CURRENT_PIC_DATA['position'] = $position; $CURRENT_PIC_DATA['guest_token'] = USER_ID == 0 ? cpg_get_guest_token() : ''; $CURRENT_PIC_DATA = CPGPluginAPI::filter('add_file_data', $CURRENT_PIC_DATA); if (USER_ID > 0 || $CONFIG['allow_guests_enter_file_details'] == 1) { $query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '{$CURRENT_PIC_DATA['title']}', '{$CURRENT_PIC_DATA['caption']}', '{$CURRENT_PIC_DATA['keywords']}', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')"; } else { $query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '', '', '', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')"; } $result = cpg_db_query($query); // Put the pid in current_pic_data and call the plugin filter for file data success $CURRENT_PIC_DATA['pid'] = mysql_insert_id($CONFIG['LINK_ID']); CPGPluginAPI::action('add_file_data_success', $CURRENT_PIC_DATA); //return $result; return true; }
function reply() { include BASE_DIR . 'include' . DS . 'smilies.inc.php'; include BASE_DIR . 'include' . DS . 'mailer.inc.php'; $vars = array(); $errors = array(); $authorizer = check_model::getInstance(); $vars['topic_id'] = $this->validate->get->getInt('id'); if (!$authorizer->is_topic_id($vars['topic_id'])) { cpg_die(ERROR, Lang::item('error.wrong_topic_id'), __FILE__, __LINE__); } if (!$authorizer->can_reply($vars['topic_id'])) { cpg_die(ERROR, Lang::item('error.perm_denied'), __FILE__, __LINE__); } $vars['nagavitor'] = $this->forum->get_nagavitor(); $vars['icons'] = $this->forum->get_icons(); $topic = $this->forum->get_topic_data($vars['topic_id'], 'board_id'); $messages = $this->forum->get_message($vars['topic_id'], 'subject', 'msg_id asc', '1'); $data = array('icon' => 'icon1', 'subject' => Lang::item('topic.re') . $messages[0]['subject']); if ($this->validate->post->keyExists('submit')) { $data = array('topic_id' => $vars['topic_id'], 'icon' => $this->validate->post->getRaw('icon'), 'subject' => $this->validate->post->getEscaped('subject'), 'body' => $this->validate->post->getRaw('body'), 'board_id' => $topic['board_id'], 'poster_time' => time(), 'poster_id' => USER_ID, 'poster_name' => USER_NAME, 'poster_ip' => Config::item('hdr_ip'), 'smileys_enabled' => 1); if (Config::item('fr_msg_icons') == 0 && $data['icon'] == '') { $data['icon'] = 'icon1'; } if ($data['subject'] == '') { $errors[] = Lang::item('error.empty_subject'); } if ($data['icon'] == '') { $errors[] = Lang::item('error.no_msg_icon'); } if ($data['body'] == '') { $errors[] = Lang::item('error.empty_body'); } if (strlen($data['body']) > Config::item('fr_msg_max_size') && Config::item('fr_msg_max_size')) { $data['body'] = substr($data['body'], 0, Config::item('fr_msg_max_size')); } global $CONFIG; if ($CONFIG['comment_captcha'] == 1 || $CONFIG['comment_captcha'] == 2 && !USER_ID) { if (!captcha_plugin_enabled('comment')) { global $lang_errors; $superCage = Inspekt::makeSuperCage(); require "include/captcha.inc.php"; $matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/'); if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) { $errors[] = $lang_errors['captcha_error']; } } else { CPGPluginAPI::action('captcha_comment_validate', null); } } if (count($errors) == 0) { if ($authorizer->double_post()) { cpg_die(ERROR, Lang::item('error.already_post'), __FILE__, __LINE__); } else { $msg_id = $this->forum->insert_message($data); // to-do: send notify email $users = $this->forum->get_notify_user('', $vars['topic_id']); foreach ($users as $user) { if ($user['user_id'] == USER_ID) { continue; } $user = $this->forum->get_user_data($user['user_id'], 'user_email'); // prepare email $email_subject = Lang::item('topic.topic_reply') . $data['subject']; $email_body = sprintf(Lang::item('topic.notify_email'), Config::item('fr_prefix_url') . 'profile.php?uid=' . USER_ID, USER_NAME, Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_title')); // send mail cpg_mail($user['user_email'], $email_subject, $email_body, 'text/html', Config::item('fr_title'), Config::item('gallery_admin_email')); // set send = 0 $this->forum->set_topic_notify($vars['topic_id'], 0, $user['user_id']); } if ($this->validate->post->getInt('notify') === 1) { $this->forum->set_topic_notify($vars['topic_id'], $this->validate->post->getInt('notify')); } if ($this->validate->post->getInt('notify') === 0) { $this->forum->unnotify_topic($vars['topic_id']); } forum::message(Lang::item('common.message'), sprintf(Lang::item('message.new_msg_success'), $data['subject']), 'forum.php?c=message&id=' . $msg_id); } } } $vars['errors'] = $errors; $vars['form'] = $data; $this->view->render('topic/reply', $vars); }
starttable('100%', $lang_pluginmgr_php['configure_plugin'] . ': ' . $CPG_PLUGINS['new']->name); echo <<<EOT <tr> <td class="tableb" valign="top" width="100%"> EOT; // Execute 'plugin_configure' action on the new plugin CPGPluginAPI::action('plugin_configure', $installed, CPG_EXEC_NEW); echo <<<EOT </td> </tr> EOT; // End the table endtable(); } else { // Display cleanup page table header starttable('100%', $lang_pluginmgr_php['cleanup_plugin'] . ': ' . $CPG_PLUGINS[$plugin_id]->name); echo <<<EOT <tr> <td class="tableb" valign="top" width="100%"> EOT; // Execute 'plugin_cleanup' action on the plugin CPGPluginAPI::action('plugin_cleanup', $uninstalled, $plugin_id); echo <<<EOT </td> </tr> EOT; // End the table endtable(); } echo '<br />' . $LINEBREAK; pagefooter();
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = {$album} AND alb_password != ''"; $result = cpg_db_query($sql); if ($result->numRows()) { // This album has a password. // Check whether the cookie is set for the current albums password $albpw = $superCage->cookie->getEscaped($CONFIG['cookie_name'] . '_albpw'); if (!empty($albpw)) { $alb_pw = unserialize($albpw); // Check whether the alubm id in the cookie is same as that of the album id send by get if (isset($alb_pw[$album])) { $sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE alb_password = '******' AND aid = {$album}"; $result = cpg_db_query($sql); if ($result->numRows()) { $valid = true; //The album password is correct. Show the album details. get_private_album_set(); } } } } else { // Album with no password. Might be a private or normal album. Just set valid as true. $valid = true; } } CPGPluginAPI::action('post_breadcrumb', null); if (!$valid) { form_albpw(); } else { display_thumbnails($album, isset($cat) ? $cat : 0, $page, $CONFIG['thumbcols'], $CONFIG['thumbrows'], true); } pagefooter();