/** * Triggered on loc_begin_index * * Perform user logout after registration if account locked and redirection to profile page is password renewal is set */ function PP_Init() { global $conf, $user; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $conf_PP = unserialize($conf['PasswordPolicy']); // Perfoming redirection for locked accounts // ----------------------------------------- if (!is_a_guest() and $user['username'] != "16" and $user['username'] != "18") { // Perform user logout if user account is locked if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true' and PP_UsrBlock_Verif($user['username']) and !is_admin() and !is_webmaster()) { invalidate_user_cache(); logout_user(); if ($conf['guest_access']) { redirect(make_index_url() . '?PP_msg=locked', 0); } else { redirect(get_root_url() . 'identification.php?PP_msg=locked', 0); } } } // Performing redirection to profile page for password reset // --------------------------------------------------------- if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') { $query = ' SELECT user_id, status FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $user['id'] . ' ;'; $data = pwg_db_fetch_assoc(pwg_query($query)); if ($data['status'] != "webmaster" and $data['status'] != "generic") { if (PP_check_pwdreset($user['id'])) { redirect(PHPWG_ROOT_PATH . 'profile.php'); } } } }
// | virtual categories management | // +-----------------------------------------------------------------------+ // request to delete a virtual category if (isset($_GET['delete']) and is_numeric($_GET['delete'])) { delete_categories(array($_GET['delete'])); $_SESSION['page_infos'] = array(l10n('Virtual album deleted')); update_global_rank(); invalidate_user_cache(); $redirect_url = get_root_url() . 'admin.php?page=cat_list'; if (isset($_GET['parent_id'])) { $redirect_url .= '&parent_id=' . $_GET['parent_id']; } redirect($redirect_url); } elseif (isset($_POST['submitAdd'])) { $output_create = create_virtual_category($_POST['virtual_name'], @$_GET['parent_id']); invalidate_user_cache(); if (isset($output_create['error'])) { $page['errors'][] = $output_create['error']; } else { $page['infos'][] = $output_create['info']; } } elseif (isset($_POST['submitManualOrder'])) { asort($_POST['catOrd'], SORT_NUMERIC); save_categories_order(array_keys($_POST['catOrd'])); $page['infos'][] = l10n('Album manual order was saved'); } elseif (isset($_POST['submitAutoOrder'])) { if (!isset($sort_orders[$_POST['order_by']])) { die('Invalid sort order'); } $query = ' SELECT id
/** * API method * Moves a category * @param mixed[] $params * @option string|int[] category_id * @option int parent * @option string pwg_token */ function ws_categories_move($params, &$service) { global $page; if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } if (!is_array($params['category_id'])) { $params['category_id'] = preg_split('/[\\s,;\\|]/', $params['category_id'], -1, PREG_SPLIT_NO_EMPTY); } $params['category_id'] = array_map('intval', $params['category_id']); $category_ids = array(); foreach ($params['category_id'] as $category_id) { if ($category_id > 0) { $category_ids[] = $category_id; } } if (count($category_ids) == 0) { return new PwgError(403, 'Invalid category_id input parameter, no category to move'); } // we can't move physical categories $categories_in_db = array(); $query = ' SELECT id, name, dir FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $category_ids) . ') ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $categories_in_db[$row['id']] = $row; // we break on error at first physical category detected if (!empty($row['dir'])) { $row['name'] = strip_tags(trigger_change('render_category_name', $row['name'], 'ws_categories_move')); return new PwgError(403, sprintf('Category %s (%u) is not a virtual category, you cannot move it', $row['name'], $row['id'])); } } if (count($categories_in_db) != count($category_ids)) { $unknown_category_ids = array_diff($category_ids, array_keys($categories_in_db)); return new PwgError(403, sprintf('Category %u does not exist', $unknown_category_ids[0])); } // does this parent exists? This check should be made in the // move_categories function, not here // 0 as parent means "move categories at gallery root" if (0 != $params['parent']) { $subcat_ids = get_subcat_ids(array($params['parent'])); if (count($subcat_ids) == 0) { return new PwgError(403, 'Unknown parent category id'); } } $page['infos'] = array(); $page['errors'] = array(); include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; move_categories($category_ids, $params['parent']); invalidate_user_cache(); if (count($page['errors']) != 0) { return new PwgError(403, implode('; ', $page['errors'])); } }
function pfemail_reject($id) { global $conf, $page; $query = ' DELETE FROM ' . PFEMAIL_PENDINGS_TABLE . ' WHERE image_id = ' . $id . ' ;'; pwg_query($query); delete_elements(array($id), true); array_push($page['infos'], l10n('Photo rejected')); invalidate_user_cache(); return true; }
VALUES (\'TakeATour\', \'active\') ;'; pwg_query($query); $template->assign(array('button_label' => l10n('Home'), 'button_link' => 'index.php')); // if the webmaster has a session, let's give a link to discover new features if (!empty($_SESSION['pwg_uid'])) { $version_ = str_replace('.', '_', get_branch_from_version(PHPWG_VERSION) . '.0'); if (file_exists(PHPWG_PLUGINS_PATH . 'TakeATour/tours/' . $version_ . '/config.inc.php')) { load_language('plugin.lang', PHPWG_PLUGINS_PATH . 'TakeATour/', array('language' => $language, 'force_fallback' => 'en_UK')); // we need the secret key for get_pwg_token() load_conf_from_db(); $template->assign(array('button_label' => l10n('2_7_0_descrp'), 'button_link' => 'admin.php?submited_tour_path=tours/' . $version_ . '&pwg_token=' . get_pwg_token())); } } // Delete cache data invalidate_user_cache(true); $template->delete_compiled_templates(); // Restore $page['infos'] in order to hide informations messages from functions calles // errors messages are not hide $page['infos'] = $page['infos_sav']; } } else { if (!defined('PWG_CHARSET')) { define('PWG_CHARSET', 'utf-8'); } include_once PHPWG_ROOT_PATH . 'admin/include/languages.class.php'; $languages = new languages(); foreach ($languages->fs_languages as $language_code => $fs_language) { if ($language == $language_code) { $template->assign('language_selection', $language_code); }
/** * Save picture form * @trigger loc_begin_picture */ function admintools_save_picture() { global $page, $conf, $MultiView, $user, $picture; if (!isset($_GET['delete']) and !isset($_POST['action']) and @$_POST['action'] != 'quick_edit') { return; } $query = 'SELECT added_by FROM ' . IMAGES_TABLE . ' WHERE id = ' . $page['image_id'] . ';'; list($added_by) = pwg_db_fetch_row(pwg_query($query)); if (!$MultiView->is_admin() and $user['id'] != $added_by) { return; } if (isset($_GET['delete']) and get_pwg_token() == @$_GET['pwg_token']) { include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; delete_elements(array($page['image_id']), true); invalidate_user_cache(); if (isset($page['rank_of'][$page['image_id']])) { redirect(duplicate_index_url(array('start' => floor($page['rank_of'][$page['image_id']] / $page['nb_image_page']) * $page['nb_image_page']))); } else { redirect(make_index_url()); } } if ($_POST['action'] == 'quick_edit') { include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $data = array('name' => $_POST['name'], 'author' => $_POST['author']); if ($MultiView->is_admin()) { $data['level'] = $_POST['level']; } if ($conf['allow_html_descriptions']) { $data['comment'] = @$_POST['comment']; } else { $data['comment'] = strip_tags(@$_POST['comment']); } if (!empty($_POST['date_creation']) and strtotime($_POST['date_creation']) !== false) { $data['date_creation'] = $_POST['date_creation'] . ' ' . $_POST['date_creation_time']; } single_update(IMAGES_TABLE, $data, array('id' => $page['image_id'])); $tag_ids = array(); if (!empty($_POST['tags'])) { $tag_ids = get_tag_ids($_POST['tags']); } set_tags($tag_ids, $page['image_id']); } }
static function upgrade_to($upgrade_to, &$step, $check_current_version = true) { global $page, $conf, $template; if ($check_current_version and !version_compare($upgrade_to, PHPWG_VERSION, '>')) { redirect(get_root_url() . 'admin.php?page=plugin-' . basename(dirname(__FILE__))); } if ($step == 2) { preg_match('/(\\d+\\.\\d+)\\.(\\d+)/', PHPWG_VERSION, $matches); $code = $matches[1] . '.x_to_' . $upgrade_to; $dl_code = str_replace(array('.', '_'), '', $code); $remove_path = $code; $obsolete_list = 'obsolete.list'; } else { $code = $upgrade_to; $dl_code = $code; $remove_path = version_compare($code, '2.0.8', '>=') ? 'piwigo' : 'piwigo-' . $code; $obsolete_list = PHPWG_ROOT_PATH . 'install/obsolete.list'; } if (empty($page['errors'])) { $path = PHPWG_ROOT_PATH . $conf['data_location'] . 'update'; $filename = $path . '/' . $code . '.zip'; @mkgetdir($path); $chunk_num = 0; $end = false; $zip = @fopen($filename, 'w'); while (!$end) { $chunk_num++; if (@fetchRemote(PHPWG_URL . '/download/dlcounter.php?code=' . $dl_code . '&chunk_num=' . $chunk_num, $result) and $input = @unserialize($result)) { if (0 == $input['remaining']) { $end = true; } @fwrite($zip, base64_decode($input['data'])); } else { $end = true; } } @fclose($zip); if (@filesize($filename)) { $zip = new PclZip($filename); if ($result = $zip->extract(PCLZIP_OPT_PATH, PHPWG_ROOT_PATH, PCLZIP_OPT_REMOVE_PATH, $remove_path, PCLZIP_OPT_SET_CHMOD, 0755, PCLZIP_OPT_REPLACE_NEWER)) { //Check if all files were extracted $error = ''; foreach ($result as $extract) { if (!in_array($extract['status'], array('ok', 'filtered', 'already_a_directory'))) { // Try to change chmod and extract if (@chmod(PHPWG_ROOT_PATH . $extract['filename'], 0777) and $res = $zip->extract(PCLZIP_OPT_BY_NAME, $remove_path . '/' . $extract['filename'], PCLZIP_OPT_PATH, PHPWG_ROOT_PATH, PCLZIP_OPT_REMOVE_PATH, $remove_path, PCLZIP_OPT_SET_CHMOD, 0755, PCLZIP_OPT_REPLACE_NEWER) and isset($res[0]['status']) and $res[0]['status'] == 'ok') { continue; } else { $error .= $extract['filename'] . ': ' . $extract['status'] . "\n"; } } } if (empty($error)) { self::process_obsolete_list($obsolete_list); deltree(PHPWG_ROOT_PATH . $conf['data_location'] . 'update'); invalidate_user_cache(true); $template->delete_compiled_templates(); unset($_SESSION['need_update']); if ($step == 2) { $page['infos'][] = l10n('Update Complete'); $page['infos'][] = $upgrade_to; $step = -1; } else { redirect(PHPWG_ROOT_PATH . 'upgrade.php?now='); } } else { file_put_contents(PHPWG_ROOT_PATH . $conf['data_location'] . 'update/log_error.txt', $error); $page['errors'][] = l10n('An error has occured during extract. Please check files permissions of your piwigo installation.<br><a href="%s">Click here to show log error</a>.', get_root_url() . $conf['data_location'] . 'update/log_error.txt'); } } else { deltree(PHPWG_ROOT_PATH . $conf['data_location'] . 'update'); $page['errors'][] = l10n('An error has occured during upgrade.'); } } else { $page['errors'][] = l10n('Piwigo cannot retrieve upgrade file from server'); } } }
/** * API method * Updates users * @param mixed[] $params * @option int[] user_id * @option string username (optional) * @option string password (optional) * @option string email (optional) * @option string status (optional) * @option int level (optional) * @option string language (optional) * @option string theme (optional) * @option int nb_image_page (optional) * @option int recent_period (optional) * @option bool expand (optional) * @option bool show_nb_comments (optional) * @option bool show_nb_hits (optional) * @option bool enabled_high (optional) */ function ws_users_setInfo($params, &$service) { if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } global $conf, $user; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $updates = $updates_infos = array(); $update_status = null; if (count($params['user_id']) == 1) { if (get_username($params['user_id'][0]) === false) { return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.'); } if (!empty($params['username'])) { $user_id = get_userid($params['username']); if ($user_id and $user_id != $params['user_id'][0]) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used')); } if ($params['username'] != strip_tags($params['username'])) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login')); } $updates[$conf['user_fields']['username']] = $params['username']; } if (!empty($params['email'])) { if (($error = validate_mail_address($params['user_id'][0], $params['email'])) != '') { return new PwgError(WS_ERR_INVALID_PARAM, $error); } $updates[$conf['user_fields']['email']] = $params['email']; } if (!empty($params['password'])) { $updates[$conf['user_fields']['password']] = $conf['password_hash']($params['password']); } } if (!empty($params['status'])) { if (in_array($params['status'], array('webmaster', 'admin')) and !is_webmaster()) { return new PwgError(403, 'Only webmasters can grant "webmaster/admin" status'); } if (!in_array($params['status'], array('guest', 'generic', 'normal', 'admin', 'webmaster'))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status'); } $protected_users = array($user['id'], $conf['guest_id'], $conf['webmaster_id']); // an admin can't change status of other admin/webmaster if ('admin' == $user['status']) { $query = ' SELECT user_id FROM ' . USER_INFOS_TABLE . ' WHERE status IN (\'webmaster\', \'admin\') ;'; $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); } // status update query is separated from the rest as not applying to the same // set of users (current, guest and webmaster can't be changed) $params['user_id_for_status'] = array_diff($params['user_id'], $protected_users); $update_status = $params['status']; } if (!empty($params['level']) or @$params['level'] === 0) { if (!in_array($params['level'], $conf['available_permission_levels'])) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid level'); } $updates_infos['level'] = $params['level']; } if (!empty($params['language'])) { if (!in_array($params['language'], array_keys(get_languages()))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid language'); } $updates_infos['language'] = $params['language']; } if (!empty($params['theme'])) { if (!in_array($params['theme'], array_keys(get_pwg_themes()))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid theme'); } $updates_infos['theme'] = $params['theme']; } if (!empty($params['nb_image_page'])) { $updates_infos['nb_image_page'] = $params['nb_image_page']; } if (!empty($params['recent_period']) or @$params['recent_period'] === 0) { $updates_infos['recent_period'] = $params['recent_period']; } if (!empty($params['expand']) or @$params['expand'] === false) { $updates_infos['expand'] = boolean_to_string($params['expand']); } if (!empty($params['show_nb_comments']) or @$params['show_nb_comments'] === false) { $updates_infos['show_nb_comments'] = boolean_to_string($params['show_nb_comments']); } if (!empty($params['show_nb_hits']) or @$params['show_nb_hits'] === false) { $updates_infos['show_nb_hits'] = boolean_to_string($params['show_nb_hits']); } if (!empty($params['enabled_high']) or @$params['enabled_high'] === false) { $updates_infos['enabled_high'] = boolean_to_string($params['enabled_high']); } // perform updates single_update(USERS_TABLE, $updates, array($conf['user_fields']['id'] => $params['user_id'][0])); if (isset($update_status) and count($params['user_id_for_status']) > 0) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET status = "' . $update_status . '" WHERE user_id IN(' . implode(',', $params['user_id_for_status']) . ') ;'; pwg_query($query); } if (count($updates_infos) > 0) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET '; $first = true; foreach ($updates_infos as $field => $value) { if (!$first) { $query .= ', '; } else { $first = false; } $query .= $field . ' = "' . $value . '"'; } $query .= ' WHERE user_id IN(' . implode(',', $params['user_id']) . ') ;'; pwg_query($query); } // manage association to groups if (!empty($params['group_id'])) { $query = ' DELETE FROM ' . USER_GROUP_TABLE . ' WHERE user_id IN (' . implode(',', $params['user_id']) . ') ;'; pwg_query($query); // we remove all provided groups that do not really exist $query = ' SELECT id FROM ' . GROUPS_TABLE . ' WHERE id IN (' . implode(',', $params['group_id']) . ') ;'; $group_ids = array_from_query($query, 'id'); // if only -1 (a group id that can't exist) is in the list, then no // group is associated if (count($group_ids) > 0) { $inserts = array(); foreach ($group_ids as $group_id) { foreach ($params['user_id'] as $user_id) { $inserts[] = array('user_id' => $user_id, 'group_id' => $group_id); } } mass_inserts(USER_GROUP_TABLE, array_keys($inserts[0]), $inserts); } } invalidate_user_cache(); return $service->invoke('pwg.users.getList', array('user_id' => $params['user_id'], 'display' => 'basics,' . implode(',', array_keys($updates_infos)))); }
/** * API method * Removes user(s) from a group * @param mixed[] $params * @option int group_id * @option int[] user_id */ function ws_groups_deleteUser($params, &$service) { if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } // does the group exist ? $query = ' SELECT COUNT(*) FROM ' . GROUPS_TABLE . ' WHERE id = ' . $params['group_id'] . ' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); if ($count == 0) { return new PwgError(WS_ERR_INVALID_PARAM, 'This group does not exist.'); } $query = ' DELETE FROM ' . USER_GROUP_TABLE . ' WHERE group_id = ' . $params['group_id'] . ' AND user_id IN(' . implode(',', $params['user_id']) . ') ;'; pwg_query($query); include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; invalidate_user_cache(); return $service->invoke('pwg.groups.getList', array('group_id' => $params['group_id'])); }
/** * API method * Deletes an image * @param mixed[] $params * @option int|int[] image_id * @option string pwg_token */ function ws_images_delete($params, $service) { if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } if (!is_array($params['image_id'])) { $params['image_id'] = preg_split('/[\\s,;\\|]/', $params['image_id'], -1, PREG_SPLIT_NO_EMPTY); } $params['image_id'] = array_map('intval', $params['image_id']); $image_ids = array(); foreach ($params['image_id'] as $image_id) { if ($image_id > 0) { $image_ids[] = $image_id; } } include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; delete_elements($image_ids, true); invalidate_user_cache(); }
function pqv_end_section_init() { global $template, $page; if (!pqv_is_active()) { return; } if (empty($page['items'])) { return; } $query = ' SELECT id FROM ' . IMAGES_TABLE . ' WHERE id IN (' . implode(',', $page['items']) . ') AND pqv_validated = \'false\' ;'; $pqv_rejected = query2array($query, null, 'id'); if (isset($_GET['pqv_delete']) and count($pqv_rejected) > 0) { include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $deleted_count = delete_elements($pqv_rejected, true); if ($deleted_count > 0) { invalidate_user_cache(); $_SESSION['page_infos'][] = l10n_dec('%d photo was deleted', '%d photos were deleted', $deleted_count); $redirect_url = duplicate_index_url(array(), array('pqv_delete')); redirect($redirect_url); } } if (count($pqv_rejected) > 0) { $delete_url = add_url_params(duplicate_index_url(), array('pqv_delete' => 1)); $template->assign('CONTENT_DESCRIPTION', '<a href="' . $delete_url . '" onclick="return confirm(\'' . l10n('Are you sure?') . '\');">delete the ' . count($pqv_rejected) . ' rejected photo(s)</a>'); } }
function add_uploaded_file($source_filepath, $original_filename = null, $categories = null, $level = null, $image_id = null, $original_md5sum = null) { // 1) move uploaded file to upload/2010/01/22/20100122003814-449ada00.jpg // // 2) keep/resize original // // 3) register in database // TODO // * check md5sum (already exists?) global $conf, $user; if (isset($original_md5sum)) { $md5sum = $original_md5sum; } else { $md5sum = md5_file($source_filepath); } $file_path = null; $is_tiff = false; if (isset($image_id)) { // this photo already exists, we update it $query = ' SELECT path FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $file_path = $row['path']; } if (!isset($file_path)) { die('[' . __FUNCTION__ . '] this photo does not exist in the database'); } // delete all physical files related to the photo (thumbnail, web site, HD) delete_element_files(array($image_id)); } else { // this photo is new // current date list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();')); list($year, $month, $day) = preg_split('/[^\\d]/', $dbnow, 4); // upload directory hierarchy $upload_dir = sprintf(PHPWG_ROOT_PATH . $conf['upload_dir'] . '/%s/%s/%s', $year, $month, $day); // compute file path $date_string = preg_replace('/[^\\d]/', '', $dbnow); $random_string = substr($md5sum, 0, 8); $filename_wo_ext = $date_string . '-' . $random_string; $file_path = $upload_dir . '/' . $filename_wo_ext . '.'; list($width, $height, $type) = getimagesize($source_filepath); if (IMAGETYPE_PNG == $type) { $file_path .= 'png'; } elseif (IMAGETYPE_GIF == $type) { $file_path .= 'gif'; } elseif (IMAGETYPE_TIFF_MM == $type or IMAGETYPE_TIFF_II == $type) { $is_tiff = true; $file_path .= 'tif'; } elseif (IMAGETYPE_JPEG == $type) { $file_path .= 'jpg'; } elseif (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types']) { $original_extension = strtolower(get_extension($original_filename)); if (in_array($original_extension, $conf['file_ext'])) { $file_path .= $original_extension; } else { die('unexpected file type'); } } else { die('forbidden file type'); } prepare_directory($upload_dir); } if (is_uploaded_file($source_filepath)) { move_uploaded_file($source_filepath, $file_path); } else { rename($source_filepath, $file_path); } @chmod($file_path, 0644); if ($is_tiff and pwg_image::get_library() == 'ext_imagick') { // move the uploaded file to pwg_representative sub-directory $representative_file_path = dirname($file_path) . '/pwg_representative/'; $representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.'; $representative_ext = $conf['tiff_representative_ext']; $representative_file_path .= $representative_ext; prepare_directory(dirname($representative_file_path)); $exec = $conf['ext_imagick_dir'] . 'convert'; if ('jpg' == $conf['tiff_representative_ext']) { $exec .= ' -quality 98'; } $exec .= ' "' . realpath($file_path) . '"'; $dest = pathinfo($representative_file_path); $exec .= ' "' . realpath($dest['dirname']) . '/' . $dest['basename'] . '"'; $exec .= ' 2>&1'; @exec($exec, $returnarray); // sometimes ImageMagick creates file-0.jpg (full size) + file-1.jpg // (thumbnail). I don't know how to avoid it. $representative_file_abspath = realpath($dest['dirname']) . '/' . $dest['basename']; if (!file_exists($representative_file_abspath)) { $first_file_abspath = preg_replace('/\\.' . $representative_ext . '$/', '-0.' . $representative_ext, $representative_file_abspath); if (file_exists($first_file_abspath)) { rename($first_file_abspath, $representative_file_abspath); } } } // // generate pwg_representative in case of video // $ffmpeg_video_exts = array('wmv', 'mov', 'mkv', 'mp4', 'mpg', 'flv', 'asf', 'xvid', 'divx', 'mpeg', 'avi', 'rm'); if (isset($original_extension) and in_array($original_extension, $ffmpeg_video_exts)) { $representative_file_path = dirname($file_path) . '/pwg_representative/'; $representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.'; $representative_ext = 'jpg'; $representative_file_path .= $representative_ext; prepare_directory(dirname($representative_file_path)); $second = 1; $ffmpeg = $conf['ffmpeg_dir'] . 'ffmpeg'; $ffmpeg .= ' -i "' . $file_path . '"'; $ffmpeg .= ' -an -ss ' . $second; $ffmpeg .= ' -t 1 -r 1 -y -vcodec mjpeg -f mjpeg'; $ffmpeg .= ' "' . $representative_file_path . '"'; // file_put_contents('/tmp/ffmpeg.log', "\n==== ".date('c')."\n".__FUNCTION__.' : '.$ffmpeg."\n", FILE_APPEND); @exec($ffmpeg); if (!file_exists($representative_file_path)) { $representative_ext = null; } } if (isset($original_extension) and 'pdf' == $original_extension and pwg_image::get_library() == 'ext_imagick') { $representative_file_path = dirname($file_path) . '/pwg_representative/'; $representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.'; $representative_ext = 'jpg'; $representative_file_path .= $representative_ext; prepare_directory(dirname($representative_file_path)); $exec = $conf['ext_imagick_dir'] . 'convert'; $exec .= ' -quality 98'; $exec .= ' "' . realpath($file_path) . '"[0]'; $dest = pathinfo($representative_file_path); $exec .= ' "' . realpath($dest['dirname']) . '/' . $dest['basename'] . '"'; $exec .= ' 2>&1'; @exec($exec, $returnarray); } if (pwg_image::get_library() != 'gd') { if ($conf['original_resize']) { $need_resize = need_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight']); if ($need_resize) { $img = new pwg_image($file_path); $img->pwg_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight'], $conf['original_resize_quality'], $conf['upload_form_automatic_rotation'], false); $img->destroy(); } } } // we need to save the rotation angle in the database to compute // width/height of "multisizes" $rotation_angle = pwg_image::get_rotation_angle($file_path); $rotation = pwg_image::get_rotation_code_from_angle($rotation_angle); $file_infos = pwg_image_infos($file_path); if (isset($image_id)) { $update = array('file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation); if (isset($level)) { $update['level'] = $level; } single_update(IMAGES_TABLE, $update, array('id' => $image_id)); } else { // database registration $file = pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)); $insert = array('file' => $file, 'name' => get_name_from_file($file), 'date_available' => $dbnow, 'path' => preg_replace('#^' . preg_quote(PHPWG_ROOT_PATH) . '#', '', $file_path), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation); if (isset($level)) { $insert['level'] = $level; } if (isset($representative_ext)) { $insert['representative_ext'] = $representative_ext; } single_insert(IMAGES_TABLE, $insert); $image_id = pwg_db_insert_id(IMAGES_TABLE); } if (isset($categories) and count($categories) > 0) { associate_images_to_categories(array($image_id), $categories); } // update metadata from the uploaded file (exif/iptc) if ($conf['use_exif'] and !function_exists('read_exif_data')) { $conf['use_exif'] = false; } sync_metadata(array($image_id)); invalidate_user_cache(); // cache thumbnail $query = ' SELECT id, path FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $image_infos = pwg_db_fetch_assoc(pwg_query($query)); set_make_full_url(); // in case we are on uploadify.php, we have to replace the false path $thumb_url = preg_replace('#admin/include/i#', 'i', DerivativeImage::thumb_url($image_infos)); unset_make_full_url(); fetchRemote($thumb_url, $dest); return $image_id; }
function add_uploaded_file($source_filepath, $original_filename = null, $categories = null, $level = null, $image_id = null, $original_md5sum = null) { // 1) move uploaded file to upload/2010/01/22/20100122003814-449ada00.jpg // // 2) keep/resize original // // 3) register in database // TODO // * check md5sum (already exists?) global $conf, $user; if (isset($original_md5sum)) { $md5sum = $original_md5sum; } else { $md5sum = md5_file($source_filepath); } $file_path = null; $is_tiff = false; if (isset($image_id)) { // this photo already exists, we update it $query = ' SELECT path FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $file_path = $row['path']; } if (!isset($file_path)) { die('[' . __FUNCTION__ . '] this photo does not exist in the database'); } // delete all physical files related to the photo (thumbnail, web site, HD) delete_element_files(array($image_id)); } else { // this photo is new // current date list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();')); list($year, $month, $day) = preg_split('/[^\\d]/', $dbnow, 4); // upload directory hierarchy $upload_dir = sprintf(PHPWG_ROOT_PATH . $conf['upload_dir'] . '/%s/%s/%s', $year, $month, $day); // compute file path $date_string = preg_replace('/[^\\d]/', '', $dbnow); $random_string = substr($md5sum, 0, 8); $filename_wo_ext = $date_string . '-' . $random_string; $file_path = $upload_dir . '/' . $filename_wo_ext . '.'; list($width, $height, $type) = getimagesize($source_filepath); if (IMAGETYPE_PNG == $type) { $file_path .= 'png'; } elseif (IMAGETYPE_GIF == $type) { $file_path .= 'gif'; } elseif (IMAGETYPE_TIFF_MM == $type or IMAGETYPE_TIFF_II == $type) { $is_tiff = true; $file_path .= 'tif'; } elseif (IMAGETYPE_JPEG == $type) { $file_path .= 'jpg'; } elseif (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types']) { $original_extension = strtolower(get_extension($original_filename)); if (in_array($original_extension, $conf['file_ext'])) { $file_path .= $original_extension; } else { die('unexpected file type'); } } else { die('forbidden file type'); } prepare_directory($upload_dir); } if (is_uploaded_file($source_filepath)) { move_uploaded_file($source_filepath, $file_path); } else { rename($source_filepath, $file_path); } @chmod($file_path, 0644); // handle the uploaded file type by potentially making a // pwg_representative file. $representative_ext = trigger_change('upload_file', null, $file_path); global $logger; $logger->info("Handling " . (string) $file_path . " got " . (string) $representative_ext); // If it is set to either true (the file didn't need a // representative generated) or false (the generation of the // representative failed), set it to null because we have no // representative file. if (is_bool($representative_ext)) { $representative_ext = null; } if (pwg_image::get_library() != 'gd') { if ($conf['original_resize']) { $need_resize = need_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight']); if ($need_resize) { $img = new pwg_image($file_path); $img->pwg_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight'], $conf['original_resize_quality'], $conf['upload_form_automatic_rotation'], false); $img->destroy(); } } } // we need to save the rotation angle in the database to compute // width/height of "multisizes" $rotation_angle = pwg_image::get_rotation_angle($file_path); $rotation = pwg_image::get_rotation_code_from_angle($rotation_angle); $file_infos = pwg_image_infos($file_path); if (isset($image_id)) { $update = array('file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation); if (isset($level)) { $update['level'] = $level; } single_update(IMAGES_TABLE, $update, array('id' => $image_id)); } else { // database registration $file = pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)); $insert = array('file' => $file, 'name' => get_name_from_file($file), 'date_available' => $dbnow, 'path' => preg_replace('#^' . preg_quote(PHPWG_ROOT_PATH) . '#', '', $file_path), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation); if (isset($level)) { $insert['level'] = $level; } if (isset($representative_ext)) { $insert['representative_ext'] = $representative_ext; } single_insert(IMAGES_TABLE, $insert); $image_id = pwg_db_insert_id(IMAGES_TABLE); } if (isset($categories) and count($categories) > 0) { associate_images_to_categories(array($image_id), $categories); } // update metadata from the uploaded file (exif/iptc) if ($conf['use_exif'] and !function_exists('read_exif_data')) { $conf['use_exif'] = false; } sync_metadata(array($image_id)); invalidate_user_cache(); // cache thumbnail $query = ' SELECT id, path FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $image_infos = pwg_db_fetch_assoc(pwg_query($query)); set_make_full_url(); // in case we are on uploadify.php, we have to replace the false path $thumb_url = preg_replace('#admin/include/i#', 'i', DerivativeImage::thumb_url($image_infos)); unset_make_full_url(); fetchRemote($thumb_url, $dest); return $image_id; }
/** * Function called from ConfirmMail.php to verify validation key used by user according time limit * Return true is key validation is OK else return false * * @param : User id * * @return : Bool * */ function VerifyConfirmMail($id) { global $conf; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $conf_UAM = unserialize($conf['UserAdvManager']); $conf_UAM_ConfirmMail = unserialize($conf['UserAdvManager_ConfirmMail']); $query = ' SELECT COUNT(*) FROM ' . USER_CONFIRM_MAIL_TABLE . ' WHERE id = "' . $id . '" ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); if ($count == 1) { $query = ' SELECT user_id, status, date_check FROM ' . USER_CONFIRM_MAIL_TABLE . ' WHERE id = "' . $id . '" ;'; $data = pwg_db_fetch_assoc(pwg_query($query)); if (!empty($data) and isset($data['user_id']) and is_null($data['date_check'])) { $query = ' SELECT registration_date FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $data['user_id'] . ' ;'; list($registration_date) = pwg_db_fetch_row(pwg_query($query)); // Time limit process // ******************************************** if (!empty($registration_date)) { // Verify Confirmmail with time limit ON // ------------------------------------- if (isset($conf_UAM_ConfirmMail['CONFIRMMAIL_DELAY'])) { // Dates formating and compare // --------------------------- $today = date("d-m-Y"); // Get today's date list($day, $month, $year) = explode('-', $today); // explode date of today $daytimestamp = mktime(0, 0, 0, $month, $day, $year); // Generate UNIX timestamp list($regdate, $regtime) = explode(' ', $registration_date); // Explode date and time from registration date list($regyear, $regmonth, $regday) = explode('-', $regdate); // Explode date from registration date $regtimestamp = mktime(0, 0, 0, $regmonth, $regday, $regyear); // Generate UNIX timestamp $deltasecs = $daytimestamp - $regtimestamp; // Compare the 2 UNIX timestamps $deltadays = floor($deltasecs / 86400); // Convert result from seconds to days // Condition with the value set for time limit // ------------------------------------------- if ($deltadays <= $conf_UAM_ConfirmMail['CONFIRMMAIL_DELAY']) { $dbnow = date("Y-m-d H:i:s"); // Update ConfirmMail table // ------------------------ $query = ' UPDATE ' . USER_CONFIRM_MAIL_TABLE . ' SET date_check="' . $dbnow . '", reminder="false" WHERE id = "' . $id . '" ;'; pwg_query($query); // Update LastVisit table - Force reminder field to false // Usefull when a user has been automatically downgraded and revalidate its registration // ------------------------------------------------------------------------------------- $query = ' UPDATE ' . USER_LASTVISIT_TABLE . ' SET reminder="false" WHERE user_id = "' . $data['user_id'] . '" ;'; pwg_query($query); if ($conf_UAM['NO_CONFIRM_GROUP'] != -1) { $query = ' DELETE FROM ' . USER_GROUP_TABLE . ' WHERE user_id = ' . $data['user_id'] . ' AND group_id = ' . $conf_UAM['NO_CONFIRM_GROUP'] . ' ;'; pwg_query($query); } if ($conf_UAM['VALIDATED_GROUP'] != -1) { $query = ' INSERT INTO ' . USER_GROUP_TABLE . ' (user_id, group_id) VALUES (' . $data['user_id'] . ', ' . $conf_UAM['VALIDATED_GROUP'] . ') ;'; pwg_query($query); } if ($conf_UAM['VALIDATED_STATUS'] != -1) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET status = "' . $conf_UAM['VALIDATED_STATUS'] . '" WHERE user_id = ' . $data['user_id'] . ' ;'; pwg_query($query); } if ($conf_UAM['VALID_LEVEL'] != -1) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET level = "' . $conf_UAM['VALID_LEVEL'] . '" WHERE user_id = ' . $data['user_id'] . ' ;'; pwg_query($query); } // Set UAM_validated field to True in #_users table SetValidated($data['user_id']); // Refresh user's category cache // ----------------------------- invalidate_user_cache(); return true; } elseif ($deltadays > $conf_UAM_ConfirmMail['CONFIRMMAIL_DELAY']) { return false; } } else { $dbnow = date("Y-m-d H:i:s"); // Update ConfirmMail table // ------------------------ $query = ' UPDATE ' . USER_CONFIRM_MAIL_TABLE . ' SET date_check="' . $dbnow . '" WHERE id = "' . $id . '" ;'; pwg_query($query); // Update LastVisit table - Force reminder field to false // Usefull when a user has been automatically downgraded and revalidate its registration // ------------------------------------------------------------------------------------- $query = ' UPDATE ' . USER_LASTVISIT_TABLE . ' SET reminder="false" WHERE user_id = "' . $data['user_id'] . '" ;'; pwg_query($query); if ($conf_UAM['NO_CONFIRM_GROUP'] != -1) { $query = ' DELETE FROM ' . USER_GROUP_TABLE . ' WHERE user_id = ' . $data['user_id'] . ' AND group_id = ' . $conf_UAM['NO_CONFIRM_GROUP'] . ' ;'; pwg_query($query); } if ($conf_UAM['VALIDATED_GROUP'] != -1) { $query = ' DELETE FROM ' . USER_GROUP_TABLE . ' WHERE user_id = ' . $data['user_id'] . ' AND group_id = ' . $conf_UAM['VALIDATED_GROUP'] . ' ;'; pwg_query($query); $query = ' INSERT INTO ' . USER_GROUP_TABLE . ' (user_id, group_id) VALUES (' . $data['user_id'] . ', ' . $conf_UAM['VALIDATED_GROUP'] . ') ;'; pwg_query($query); } if ($conf_UAM['VALIDATED_STATUS'] != -1) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET status = "' . $conf_UAM['VALIDATED_STATUS'] . '" WHERE user_id = ' . $data['user_id'] . ' ;'; pwg_query($query); } if ($conf_UAM['VALID_LEVEL'] != -1) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET level = "' . $conf_UAM['VALID_LEVEL'] . '" WHERE user_id = ' . $data['user_id'] . ' ;'; pwg_query($query); } // Set UAM_validated field to True in #_users table SetValidated($data['user_id']); // Refresh user's category cache // ----------------------------- invalidate_user_cache(); return true; } } } else { if (!empty($data) and !is_null($data['date_check'])) { return false; } } } else { return false; } }