/**
* Triggered on loc_begin_index
*
* Perform user logout after registration if account locked and redirection to profile page is password renewal is set
*/
function PP_Init()
{
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$conf_PP = unserialize($conf['PasswordPolicy']);
// Perfoming redirection for locked accounts
// -----------------------------------------
if (!is_a_guest() and $user['username'] != "16" and $user['username'] != "18") {
// Perform user logout if user account is locked
if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true' and PP_UsrBlock_Verif($user['username']) and !is_admin() and !is_webmaster()) {
invalidate_user_cache();
logout_user();
if ($conf['guest_access']) {
redirect(make_index_url() . '?PP_msg=locked', 0);
} else {
redirect(get_root_url() . 'identification.php?PP_msg=locked', 0);
}
}
}
// Performing redirection to profile page for password reset
// ---------------------------------------------------------
if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') {
$query = '
SELECT user_id, status
FROM ' . USER_INFOS_TABLE . '
WHERE user_id = ' . $user['id'] . '
;';
$data = pwg_db_fetch_assoc(pwg_query($query));
if ($data['status'] != "webmaster" and $data['status'] != "generic") {
if (PP_check_pwdreset($user['id'])) {
redirect(PHPWG_ROOT_PATH . 'profile.php');
}
}
}
}
function gb_index()
{
global $template, $page, $conf;
if (isset($page['section']) and $page['section'] == 'guestbook') {
if (is_a_guest() && !$conf['guestbook']['guest_can_view']) {
access_denied();
}
include GUESTBOOK_PATH . '/include/guestbook.inc.php';
}
}
/**
* Triggered on loc_begin_index
*
* Initiating GhostTracker - Perform user logout after registration if not validated
*/
function UAM_Init()
{
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$conf_UAM = unserialize($conf['UserAdvManager']);
// Admins, Guests and Adult_Content users are not tracked for Ghost Tracker or Users Tracker
// -----------------------------------------------------------------------------------------
if (!is_admin() and !is_a_guest() and $user['username'] != "16" and $user['username'] != "18") {
if (isset($conf_UAM['GHOSTRACKER']) and $conf_UAM['GHOSTRACKER'] == 'true' or isset($conf_UAM['ADDLASTVISIT']) and $conf_UAM['ADDLASTVISIT'] == 'true') {
$userid = get_userid($user['username']);
// Looking for existing entry in last visit table
// ----------------------------------------------
$query = '
SELECT *
FROM ' . USER_LASTVISIT_TABLE . '
WHERE user_id = ' . $userid . '
;';
$count = pwg_db_num_rows(pwg_query($query));
if ($count == 0) {
// If not, data are inserted in table
// ----------------------------------
$query = '
INSERT INTO ' . USER_LASTVISIT_TABLE . ' (user_id, lastvisit, reminder)
VALUES (' . $userid . ', now(), "false")
;';
pwg_query($query);
} else {
if ($count > 0) {
// If yes, data are updated in table
// ---------------------------------
$query = '
UPDATE ' . USER_LASTVISIT_TABLE . '
SET lastvisit = now(), reminder = "false"
WHERE user_id = ' . $userid . '
LIMIT 1
;';
pwg_query($query);
}
}
}
// Perform user logout after registration if not validated
if (isset($conf_UAM['CONFIRM_MAIL']) and ($conf_UAM['CONFIRM_MAIL'] == 'true' or $conf_UAM['CONFIRM_MAIL'] == 'local') and (isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'true') and !UAM_UsrReg_Verif($user['id']) and !is_admin() and !is_webmaster()) {
invalidate_user_cache();
logout_user();
if ($conf['guest_access']) {
redirect(make_index_url() . '?UAM_msg=rejected', 0);
} else {
redirect(get_root_url() . 'identification.php?UAM_msg=rejected', 0);
}
}
}
}
/**
* Check comment rules set in plugin before accepting it
*
* @param : comment action, comment
*
* @return : comment action
*
*/
function CM_CheckComment($comment_action, $comm)
{
global $page, $conf, $user, $template;
load_language('plugin.lang', CM_PATH);
$conf_CM = unserialize($conf['CommentsManager']);
if ($conf['comments_forall']) {
// Does not allow empty author name on comments for all
if (isset($conf_CM['CM_No_Comment_Anonymous']) and $conf_CM['CM_No_Comment_Anonymous'] == 'true' and $comm['author'] == 'guest') {
$comment_action = 'reject';
array_push($page['errors'], l10n('CM_Not_Allowed_Author'));
}
if (isset($conf_CM['CM_GROUPVALID2']) and $conf_CM['CM_GROUPVALID2'] == 'true' and !is_a_guest() and $conf['comments_validation']) {
if (CM_CheckValidGroup($comm['author']) or is_admin()) {
$comment_action = 'validate';
// Comment is validated if author is not in the validated group
} else {
$comment_action = 'moderate';
// Comment needs moderation if author is not in the validated group
}
}
}
// Rules on comments NOT for all
if (!$conf['comments_forall'] and !is_admin()) {
if (isset($conf_CM['CM_GROUPCOMM']) and $conf_CM['CM_GROUPCOMM'] == 'true' and (isset($conf_CM['CM_GROUPVALID1']) and $conf_CM['CM_GROUPVALID1'] == 'false') and !CM_CheckAuthor($comm['author'])) {
$comment_action = 'reject';
// Comment rejected if author is not in the allowed group
array_push($page['errors'], l10n('CM_Not_Allowed_Author'));
} elseif (isset($conf_CM['CM_GROUPCOMM']) and $conf_CM['CM_GROUPCOMM'] == 'false' and (isset($conf_CM['CM_GROUPVALID1']) and $conf_CM['CM_GROUPVALID1'] == 'true') and $conf['comments_validation']) {
if (CM_CheckValidGroup($comm['author']) and $conf['comments_validation']) {
$comment_action = 'validate';
// Comment is validated if author is not in the validated group
} else {
$comment_action = 'moderate';
// Comment needs moderation if author is not in the validated group
}
} elseif (isset($conf_CM['CM_GROUPCOMM']) and $conf_CM['CM_GROUPCOMM'] == 'true' and (isset($conf_CM['CM_GROUPVALID1']) and $conf_CM['CM_GROUPVALID1'] == 'true') and $conf['comments_validation']) {
if (!CM_CheckAuthor($comm['author'])) {
$comment_action = 'reject';
// Comment rejected if author is not in the allowed group
array_push($page['errors'], l10n('CM_Not_Allowed_Author'));
} elseif (CM_CheckValidGroup($comm['author']) and $conf['comments_validation']) {
$comment_action = 'validate';
// Comment is validated if author is not in the validated group
} else {
$comment_action = 'moderate';
}
// Comment needs moderation if author is not in the validated group
}
}
return $comment_action;
}
function language_controler_switch()
{
global $user;
$same = $user['language'];
if (isset($_GET['lang'])) {
include_once PHPWG_ROOT_PATH . 'admin/include/languages.class.php';
$languages = new languages();
if (!in_array($_GET['lang'], array_keys($languages->fs_languages))) {
$_GET['lang'] = PHPWG_DEFAULT_LANGUAGE;
}
if (!empty($_GET['lang']) and file_exists(PHPWG_ROOT_PATH . 'language/' . $_GET['lang'] . '/common.lang.php')) {
if (is_a_guest() or is_generic()) {
pwg_set_session_var('lang_switch', $_GET['lang']);
} else {
$query = '
UPDATE ' . USER_INFOS_TABLE . '
SET language = \'' . $_GET['lang'] . '\'
WHERE user_id = ' . $user['id'] . '
;';
pwg_query($query);
}
$user['language'] = $_GET['lang'];
}
} elseif (is_a_guest() or is_generic()) {
$user['language'] = pwg_get_session_var('lang_switch', $user['language']);
}
// Reload language only if it isn't the same one
if ($same !== $user['language']) {
load_language('common.lang', '', array('language' => $user['language']));
load_language('lang', PHPWG_ROOT_PATH . PWG_LOCAL_DIR, array('language' => $user['language'], 'no_fallback' => true, 'local' => true));
if (defined('IN_ADMIN') and IN_ADMIN) {
// Never currently
load_language('admin.lang', '', array('language' => $user['language']));
}
}
}
/**
* Does basic check on comment and returns action to perform.
* This method is called by a trigger_change()
*
* @param string $action before check
* @param array $comment
* @return string validate, moderate, reject
*/
function user_comment_check($action, $comment)
{
global $conf, $user;
if ($action == 'reject') {
return $action;
}
$my_action = $conf['comment_spam_reject'] ? 'reject' : 'moderate';
if ($action == $my_action) {
return $action;
}
// we do here only BASIC spam check (plugins can do more)
if (!is_a_guest()) {
return $action;
}
$link_count = preg_match_all('/https?:\\/\\//', $comment['content'], $matches);
if (strpos($comment['author'], 'http://') !== false) {
$link_count++;
}
if ($link_count > $conf['comment_spam_max_links']) {
$_POST['cr'][] = 'links';
return $my_action;
}
return $action;
}
/**
* API method
* Returns info about the current user
* @param mixed[] $params
*/
function ws_session_getStatus($params, &$service)
{
global $user, $conf;
$res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']);
foreach (array('status', 'theme', 'language') as $k) {
$res[$k] = $user[$k];
}
$res['pwg_token'] = get_pwg_token();
$res['charset'] = get_pwg_charset();
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
$res['current_datetime'] = $dbnow;
$res['version'] = PHPWG_VERSION;
if (is_admin()) {
$res['upload_file_types'] = implode(',', array_unique(array_map('strtolower', $conf['upload_form_all_types'] ? $conf['file_ext'] : $conf['picture_ext'])));
$res['upload_form_chunk_size'] = $conf['upload_form_chunk_size'];
}
return $res;
}
define('PHPWG_URL', 'http://' . PHPWG_DOMAIN);
if (isset($conf['alternative_pem_url']) and $conf['alternative_pem_url'] != '') {
define('PEM_URL', $conf['alternative_pem_url']);
} else {
define('PEM_URL', 'http://' . PHPWG_DOMAIN . '/ext');
}
// language files
load_language('common.lang');
if (is_admin() || (defined('IN_ADMIN') and IN_ADMIN)) {
load_language('admin.lang');
}
trigger_notify('loading_lang');
load_language('lang', PHPWG_ROOT_PATH . PWG_LOCAL_DIR, array('no_fallback' => true, 'local' => true));
// only now we can set the localized username of the guest user (and not in
// include/user.inc.php)
if (is_a_guest()) {
$user['username'] = l10n('guest');
}
// template instance
if (defined('IN_ADMIN') and IN_ADMIN) {
// Admin template
$template = new Template(PHPWG_ROOT_PATH . 'admin/themes', $conf['admin_theme']);
} else {
// Classic template
$theme = $user['theme'];
if (script_basename() != 'ws' and mobile_theme()) {
$theme = $conf['mobile_theme'];
}
$template = new Template(PHPWG_ROOT_PATH . 'themes', $theme);
}
if (!isset($conf['no_photo_yet'])) {
/**
* log the visit into history table
*
* @param int $image_id
* @param string $image_type
* @return bool
*/
function pwg_log($image_id = null, $image_type = null)
{
global $conf, $user, $page;
$do_log = $conf['log'];
if (is_admin()) {
$do_log = $conf['history_admin'];
}
if (is_a_guest()) {
$do_log = $conf['history_guest'];
}
$do_log = trigger_change('pwg_log_allowed', $do_log, $image_id, $image_type);
if (!$do_log) {
return false;
}
$tags_string = null;
if ('tags' == @$page['section']) {
$tags_string = implode(',', $page['tag_ids']);
}
$query = '
INSERT INTO ' . HISTORY_TABLE . '
(
date,
time,
user_id,
IP,
section,
category_id,
image_id,
image_type,
tag_ids
)
VALUES
(
CURRENT_DATE,
CURRENT_TIME,
' . $user['id'] . ',
\'' . $_SERVER['REMOTE_ADDR'] . '\',
' . (isset($page['section']) ? "'" . $page['section'] . "'" : 'NULL') . ',
' . (isset($page['category']['id']) ? $page['category']['id'] : 'NULL') . ',
' . (isset($image_id) ? $image_id : 'NULL') . ',
' . (isset($image_type) ? "'" . $image_type . "'" : 'NULL') . ',
' . (isset($tags_string) ? "'" . $tags_string . "'" : 'NULL') . '
)
;';
pwg_query($query);
return true;
}
$tpl_comment['IN_EDIT'] = true;
$tpl_comment['KEY'] = get_ephemeral_key(2);
$tpl_comment['CONTENT'] = $row['content'];
$tpl_comment['PWG_TOKEN'] = get_pwg_token();
$tpl_comment['U_CANCEL'] = $url_self;
}
}
if (is_admin()) {
if ($row['validated'] != 'true') {
$tpl_comment['U_VALIDATE'] = add_url_params($url_self, array('action' => 'validate_comment', 'comment_to_validate' => $row['id'], 'pwg_token' => get_pwg_token()));
}
}
$template->append('comments', $tpl_comment);
}
}
$show_add_comment_form = !is_a_guest() || $conf['guestbook']['guest_can_add'];
if (isset($edit_comment)) {
$show_add_comment_form = false;
}
if ($show_add_comment_form) {
foreach (array('content', 'author', 'website', 'email') as $el) {
${$el} = '';
if ('reject' === @$comment_action and !empty($comm[$el])) {
${$el} = htmlspecialchars(stripslashes($comm[$el]));
}
}
if (is_classic_user()) {
$author = $user['username'];
$email = $user['email'];
}
if (empty($conf['comments_email_mandatory'])) {
/**
* event handler that registers standard methods with the web service
*/
function ws_addDefaultMethods($arr)
{
global $conf, $user;
$service =& $arr[0];
include_once PHPWG_ROOT_PATH . 'include/ws_functions.inc.php';
$ws_functions_root = PHPWG_ROOT_PATH . 'include/ws_functions/';
$f_params = array('f_min_rate' => array('default' => null, 'type' => WS_TYPE_FLOAT), 'f_max_rate' => array('default' => null, 'type' => WS_TYPE_FLOAT), 'f_min_hit' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'f_max_hit' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'f_min_ratio' => array('default' => null, 'type' => WS_TYPE_FLOAT | WS_TYPE_POSITIVE), 'f_max_ratio' => array('default' => null, 'type' => WS_TYPE_FLOAT | WS_TYPE_POSITIVE), 'f_max_level' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'f_min_date_available' => array('default' => null), 'f_max_date_available' => array('default' => null), 'f_min_date_created' => array('default' => null), 'f_max_date_created' => array('default' => null));
$service->addMethod('pwg.getVersion', 'ws_getVersion', null, 'Returns the Piwigo version.', $ws_functions_root . 'pwg.php');
$service->addMethod('pwg.getInfos', 'ws_getInfos', null, 'Returns general informations.', $ws_functions_root . 'pwg.php', array('admin_only' => true));
$service->addMethod('pwg.caddie.add', 'ws_caddie_add', array('image_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID)), 'Adds elements to the caddie. Returns the number of elements added.', $ws_functions_root . 'pwg.php', array('admin_only' => true));
$service->addMethod('pwg.categories.getImages', 'ws_categories_getImages', array_merge(array('cat_id' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'recursive' => array('default' => false, 'type' => WS_TYPE_BOOL), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_images_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => null, 'info' => 'id, file, name, hit, rating_score, date_creation, date_available, random')), $f_params), 'Returns elements for the corresponding categories.
<br><b>cat_id</b> can be empty if <b>recursive</b> is true.
<br><b>order</b> comma separated fields for sorting', $ws_functions_root . 'pwg.categories.php');
$service->addMethod('pwg.categories.getList', 'ws_categories_getList', array('cat_id' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE, 'info' => 'Parent category. "0" or empty for root.'), 'recursive' => array('default' => false, 'type' => WS_TYPE_BOOL), 'public' => array('default' => false, 'type' => WS_TYPE_BOOL), 'tree_output' => array('default' => false, 'type' => WS_TYPE_BOOL), 'fullname' => array('default' => false, 'type' => WS_TYPE_BOOL)), 'Returns a list of categories.', $ws_functions_root . 'pwg.categories.php');
$service->addMethod('pwg.getMissingDerivatives', 'ws_getMissingDerivatives', array_merge(array('types' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'info' => 'square, thumb, 2small, xsmall, small, medium, large, xlarge, xxlarge'), 'ids' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'max_urls' => array('default' => 200, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'prev_page' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE)), $f_params), 'Returns a list of derivatives to build.', $ws_functions_root . 'pwg.php', array('admin_only' => true));
$service->addMethod('pwg.images.addComment', 'ws_images_addComment', array('image_id' => array('type' => WS_TYPE_ID), 'author' => array('default' => is_a_guest() ? 'guest' : $user['username']), 'content' => array(), 'key' => array()), 'Adds a comment to an image.', $ws_functions_root . 'pwg.images.php', array('post_only' => true));
$service->addMethod('pwg.images.getInfo', 'ws_images_getInfo', array('image_id' => array('type' => WS_TYPE_ID), 'comments_page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'comments_per_page' => array('default' => $conf['nb_comment_page'], 'maxValue' => 2 * $conf['nb_comment_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE)), 'Returns information about an image.', $ws_functions_root . 'pwg.images.php');
$service->addMethod('pwg.images.rate', 'ws_images_rate', array('image_id' => array('type' => WS_TYPE_ID), 'rate' => array('type' => WS_TYPE_FLOAT)), 'Rates an image.', $ws_functions_root . 'pwg.images.php');
$service->addMethod('pwg.images.search', 'ws_images_search', array_merge(array('query' => array(), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_images_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => null, 'info' => 'id, file, name, hit, rating_score, date_creation, date_available, random')), $f_params), 'Returns elements for the corresponding query search.', $ws_functions_root . 'pwg.images.php');
$service->addMethod('pwg.images.setPrivacyLevel', 'ws_images_setPrivacyLevel', array('image_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'level' => array('maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE)), 'Sets the privacy levels for the images.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.images.setRank', 'ws_images_setRank', array('image_id' => array('type' => WS_TYPE_ID), 'category_id' => array('type' => WS_TYPE_ID), 'rank' => array('type' => WS_TYPE_INT | WS_TYPE_POSITIVE | WS_TYPE_NOTNULL)), 'Sets the rank of a photo for a given album.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.rates.delete', 'ws_rates_delete', array('user_id' => array('type' => WS_TYPE_ID), 'anonymous_id' => array('default' => null), 'image_id' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID)), 'Deletes all rates for a user.', $ws_functions_root . 'pwg.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.session.getStatus', 'ws_session_getStatus', null, 'Gets information about the current session. Also provides a token useable with admin methods.', $ws_functions_root . 'pwg.php');
$service->addMethod('pwg.session.login', 'ws_session_login', array('username', 'password'), 'Tries to login the user.', $ws_functions_root . 'pwg.php', array('post_only' => true));
$service->addMethod('pwg.session.logout', 'ws_session_logout', null, 'Ends the current session.', $ws_functions_root . 'pwg.php');
$service->addMethod('pwg.tags.getList', 'ws_tags_getList', array('sort_by_counter' => array('default' => false, 'type' => WS_TYPE_BOOL)), 'Retrieves a list of available tags.', $ws_functions_root . 'pwg.tags.php');
$service->addMethod('pwg.tags.getImages', 'ws_tags_getImages', array_merge(array('tag_id' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'tag_url_name' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY), 'tag_name' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY), 'tag_mode_and' => array('default' => false, 'type' => WS_TYPE_BOOL), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_images_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => null, 'info' => 'id, file, name, hit, rating_score, date_creation, date_available, random')), $f_params), 'Returns elements for the corresponding tags. Fill at least tag_id, tag_url_name or tag_name.', $ws_functions_root . 'pwg.tags.php');
$service->addMethod('pwg.images.addChunk', 'ws_images_add_chunk', array('data' => array(), 'original_sum' => array(), 'type' => array('default' => 'file', 'info' => 'Must be "file", for backward compatiblity "high" and "thumb" are allowed.'), 'position' => array()), 'Add a chunk of a file.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.images.addFile', 'ws_images_addFile', array('image_id' => array('type' => WS_TYPE_ID), 'type' => array('default' => 'file', 'info' => 'Must be "file", for backward compatiblity "high" and "thumb" are allowed.'), 'sum' => array()), 'Add or update a file for an existing photo.
<br>pwg.images.addChunk must have been called before (maybe several times).', $ws_functions_root . 'pwg.images.php', array('admin_only' => true));
$service->addMethod('pwg.images.add', 'ws_images_add', array('thumbnail_sum' => array('default' => null), 'high_sum' => array('default' => null), 'original_sum' => array(), 'original_filename' => array('default' => null, 'Provide it if "check_uniqueness" is true and $conf["uniqueness_mode"] is "filename".'), 'name' => array('default' => null), 'author' => array('default' => null), 'date_creation' => array('default' => null), 'comment' => array('default' => null), 'categories' => array('default' => null, 'info' => 'String list "category_id[,rank];category_id[,rank]".<br>The rank is optional and is equivalent to "auto" if not given.'), 'tag_ids' => array('default' => null, 'info' => 'Comma separated ids'), 'level' => array('default' => 0, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'check_uniqueness' => array('default' => true, 'type' => WS_TYPE_BOOL), 'image_id' => array('default' => null, 'type' => WS_TYPE_ID)), 'Add an image.
<br>pwg.images.addChunk must have been called before (maybe several times).
<br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true));
$service->addMethod('pwg.images.addSimple', 'ws_images_addSimple', array('category' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'name' => array('default' => null), 'author' => array('default' => null), 'comment' => array('default' => null), 'level' => array('default' => 0, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'tags' => array('default' => null, 'flags' => WS_PARAM_ACCEPT_ARRAY), 'image_id' => array('default' => null, 'type' => WS_TYPE_ID)), 'Add an image.
<br>Use the <b>$_FILES[image]</b> field for uploading file.
<br>Set the form encoding to "form-data".
<br>You can update an existing photo if you define an existing image_id.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.images.upload', 'ws_images_upload', array('name' => array('default' => null), 'category' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'level' => array('default' => 0, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'pwg_token' => array()), 'Add an image.
<br>Use the <b>$_FILES[image]</b> field for uploading file.
<br>Set the form encoding to "form-data".', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.images.delete', 'ws_images_delete', array('image_id' => array('flags' => WS_PARAM_ACCEPT_ARRAY), 'pwg_token' => array()), 'Deletes image(s).', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.categories.getAdminList', 'ws_categories_getAdminList', null, 'Get albums list as displayed on admin page.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true));
$service->addMethod('pwg.categories.add', 'ws_categories_add', array('name' => array(), 'parent' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'comment' => array('default' => null), 'visible' => array('default' => true, 'type' => WS_TYPE_BOOL), 'status' => array('default' => null, 'info' => 'public, private'), 'commentable' => array('default' => true, 'type' => WS_TYPE_BOOL)), 'Adds an album.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true));
$service->addMethod('pwg.categories.delete', 'ws_categories_delete', array('category_id' => array('flags' => WS_PARAM_ACCEPT_ARRAY), 'photo_deletion_mode' => array('default' => 'delete_orphans'), 'pwg_token' => array()), 'Deletes album(s).
<br><b>photo_deletion_mode</b> can be "no_delete" (may create orphan photos), "delete_orphans"
(default mode, only deletes photos linked to no other album) or "force_delete" (delete all photos, even those linked to other albums)', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.categories.move', 'ws_categories_move', array('category_id' => array('flags' => WS_PARAM_ACCEPT_ARRAY), 'parent' => array('type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'pwg_token' => array()), 'Move album(s).
<br>Set parent as 0 to move to gallery root. Only virtual categories can be moved.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.categories.setRepresentative', 'ws_categories_setRepresentative', array('category_id' => array('type' => WS_TYPE_ID), 'image_id' => array('type' => WS_TYPE_ID)), 'Sets the representative photo for an album. The photo doesn\'t have to belong to the album.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.categories.deleteRepresentative', 'ws_categories_deleteRepresentative', array('category_id' => array('type' => WS_TYPE_ID)), 'Deletes the album thumbnail. Only possible if $conf[\'allow_random_representative\']', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.categories.refreshRepresentative', 'ws_categories_refreshRepresentative', array('category_id' => array('type' => WS_TYPE_ID)), 'Find a new album thumbnail.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.tags.getAdminList', 'ws_tags_getAdminList', null, '<b>Admin only.</b>', $ws_functions_root . 'pwg.tags.php', array('admin_only' => true));
$service->addMethod('pwg.tags.add', 'ws_tags_add', array('name'), 'Adds a new tag.', $ws_functions_root . 'pwg.tags.php', array('admin_only' => true));
$service->addMethod('pwg.images.exist', 'ws_images_exist', array('md5sum_list' => array('default' => null), 'filename_list' => array('default' => null)), 'Checks existence of images.
<br>Give <b>md5sum_list</b> if $conf[uniqueness_mode]==md5sum. Give <b>filename_list</b> if $conf[uniqueness_mode]==filename.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true));
$service->addMethod('pwg.images.checkFiles', 'ws_images_checkFiles', array('image_id' => array('type' => WS_TYPE_ID), 'file_sum' => array('default' => null), 'thumbnail_sum' => array('default' => null), 'high_sum' => array('default' => null)), 'Checks if you have updated version of your files for a given photo, the answer can be "missing", "equals" or "differs".
<br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true));
$service->addMethod('pwg.images.checkUpload', 'ws_images_checkUpload', null, 'Checks if Piwigo is ready for upload.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true));
$service->addMethod('pwg.images.setInfo', 'ws_images_setInfo', array('image_id' => array('type' => WS_TYPE_ID), 'file' => array('default' => null), 'name' => array('default' => null), 'author' => array('default' => null), 'date_creation' => array('default' => null), 'comment' => array('default' => null), 'categories' => array('default' => null, 'info' => 'String list "category_id[,rank];category_id[,rank]".<br>The rank is optional and is equivalent to "auto" if not given.'), 'tag_ids' => array('default' => null, 'info' => 'Comma separated ids'), 'level' => array('default' => null, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'single_value_mode' => array('default' => 'fill_if_empty'), 'multiple_value_mode' => array('default' => 'append')), 'Changes properties of an image.
<br><b>single_value_mode</b> can be "fill_if_empty" (only use the input value if the corresponding values is currently empty) or "replace"
(overwrite any existing value) and applies to single values properties like name/author/date_creation/comment.
<br><b>multiple_value_mode</b> can be "append" (no change on existing values, add the new values) or "replace" and applies to multiple values properties like tag_ids/categories.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.categories.setInfo', 'ws_categories_setInfo', array('category_id' => array('type' => WS_TYPE_ID), 'name' => array('default' => null), 'comment' => array('default' => null)), 'Changes properties of an album.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.plugins.getList', 'ws_plugins_getList', null, 'Gets the list of plugins with id, name, version, state and description.', $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true));
$service->addMethod('pwg.plugins.performAction', 'ws_plugins_performAction', array('action' => array('info' => 'install, activate, deactivate, uninstall, delete'), 'plugin' => array(), 'pwg_token' => array()), null, $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true));
$service->addMethod('pwg.themes.performAction', 'ws_themes_performAction', array('action' => array('info' => 'activate, deactivate, delete, set_default'), 'theme' => array(), 'pwg_token' => array()), null, $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true));
$service->addMethod('pwg.extensions.update', 'ws_extensions_update', array('type' => array('info' => 'plugins, languages, themes'), 'id' => array(), 'revision' => array(), 'pwg_token' => array()), '<b>Webmaster only.</b>', $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true));
$service->addMethod('pwg.extensions.ignoreUpdate', 'ws_extensions_ignoreupdate', array('type' => array('default' => null, 'info' => 'plugins, languages, themes'), 'id' => array('default' => null), 'reset' => array('default' => false, 'type' => WS_TYPE_BOOL, 'info' => 'If true, all ignored extensions will be reinitilized.'), 'pwg_token' => array()), '<b>Webmaster only.</b> Ignores an extension if it needs update.', $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true));
$service->addMethod('pwg.extensions.checkUpdates', 'ws_extensions_checkupdates', null, 'Checks if piwigo or extensions are up to date.', $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true));
$service->addMethod('pwg.groups.getList', 'ws_groups_getList', array('group_id' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'name' => array('flags' => WS_PARAM_OPTIONAL, 'info' => 'Use "%" as wildcard.'), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_users_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => 'name', 'info' => 'id, name, nb_users, is_default')), 'Retrieves a list of all groups. The list can be filtered.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true));
$service->addMethod('pwg.groups.add', 'ws_groups_add', array('name' => array(), 'is_default' => array('default' => false, 'type' => WS_TYPE_BOOL)), 'Creates a group and returns the new group record.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.groups.delete', 'ws_groups_delete', array('group_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Deletes a or more groups. Users and photos are not deleted.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.groups.setInfo', 'ws_groups_setInfo', array('group_id' => array('type' => WS_TYPE_ID), 'name' => array('flags' => WS_PARAM_OPTIONAL), 'is_default' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'pwg_token' => array()), 'Updates a group. Leave a field blank to keep the current value.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.groups.addUser', 'ws_groups_addUser', array('group_id' => array('type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Adds one or more users to a group.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.groups.deleteUser', 'ws_groups_deleteUser', array('group_id' => array('type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Removes one or more users from a group.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.users.getList', 'ws_users_getList', array('user_id' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'username' => array('flags' => WS_PARAM_OPTIONAL, 'info' => 'Use "%" as wildcard.'), 'status' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'info' => 'guest,generic,normal,admin,webmaster'), 'min_level' => array('default' => 0, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'group_id' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_users_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => 'id', 'info' => 'id, username, level, email'), 'display' => array('default' => 'basics', 'info' => 'Comma saparated list (see method description)')), 'Retrieves a list of all the users.<br>
<br>
<b>display</b> controls which data are returned, possible values are:<br>
all, basics, none,<br>
username, email, status, level, groups,<br>
language, theme, nb_image_page, recent_period, expand, show_nb_comments, show_nb_hits,<br>
enabled_high, registration_date, registration_date_string, registration_date_since, last_visit, last_visit_string, last_visit_since<br>
<b>basics</b> stands for "username,email,status,level,groups"', $ws_functions_root . 'pwg.users.php', array('admin_only' => true));
$service->addMethod('pwg.users.add', 'ws_users_add', array('username' => array(), 'password' => array('default' => null), 'password_confirm' => array('flags' => WS_PARAM_OPTIONAL), 'email' => array('default' => null), 'send_password_by_mail' => array('default' => false, 'type' => WS_TYPE_BOOL), 'pwg_token' => array()), 'Registers a new user.', $ws_functions_root . 'pwg.users.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.users.delete', 'ws_users_delete', array('user_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Deletes on or more users. Photos owned by this user are not deleted.', $ws_functions_root . 'pwg.users.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.users.setInfo', 'ws_users_setInfo', array('user_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'username' => array('flags' => WS_PARAM_OPTIONAL), 'password' => array('flags' => WS_PARAM_OPTIONAL), 'email' => array('flags' => WS_PARAM_OPTIONAL), 'status' => array('flags' => WS_PARAM_OPTIONAL, 'info' => 'guest,generic,normal,admin,webmaster'), 'level' => array('flags' => WS_PARAM_OPTIONAL, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'language' => array('flags' => WS_PARAM_OPTIONAL), 'theme' => array('flags' => WS_PARAM_OPTIONAL), 'group_id' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_INT), 'nb_image_page' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE | WS_TYPE_NOTNULL), 'recent_period' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'expand' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'show_nb_comments' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'show_nb_hits' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'enabled_high' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'pwg_token' => array()), 'Updates a user. Leave a field blank to keep the current value.
<br>"username", "password" and "email" are ignored if "user_id" is an array.
<br>set "group_id" to -1 if you want to dissociate users from all groups', $ws_functions_root . 'pwg.users.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.permissions.getList', 'ws_permissions_getList', array('cat_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'group_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID)), 'Returns permissions: user ids and group ids having access to each album ; this list can be filtered.
<br>Provide only one parameter!', $ws_functions_root . 'pwg.permissions.php', array('admin_only' => true));
$service->addMethod('pwg.permissions.add', 'ws_permissions_add', array('cat_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'group_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'recursive' => array('default' => false, 'type' => WS_TYPE_BOOL), 'pwg_token' => array()), 'Adds permissions to an album.', $ws_functions_root . 'pwg.permissions.php', array('admin_only' => true, 'post_only' => true));
$service->addMethod('pwg.permissions.remove', 'ws_permissions_remove', array('cat_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'group_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Removes permissions from an album.', $ws_functions_root . 'pwg.permissions.php', array('admin_only' => true, 'post_only' => true));
}
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
$template->set_filenames(array('tail' => 'footer.tpl'));
trigger_notify('loc_begin_page_tail');
$template->assign(array('VERSION' => $conf['show_version'] ? PHPWG_VERSION : '', 'PHPWG_URL' => defined('PHPWG_URL') ? PHPWG_URL : ''));
//--------------------------------------------------------------------- contact
if (!is_a_guest()) {
$template->assign('CONTACT_MAIL', get_webmaster_mail_address());
}
//------------------------------------------------------------- generation time
$debug_vars = array();
if ($conf['show_queries']) {
$debug_vars = array_merge($debug_vars, array('QUERIES_LIST' => $debug));
}
if ($conf['show_gt']) {
if (!isset($page['count_queries'])) {
$page['count_queries'] = 0;
$page['queries_time'] = 0;
}
$time = get_elapsed_time($t2, get_moment());
$debug_vars = array_merge($debug_vars, array('TIME' => $time, 'NB_QUERIES' => $page['count_queries'], 'SQL_TIME' => number_format($page['queries_time'], 3, '.', ' ') . ' s'));
}
/**
* Exits the current script (or redirect to login page if not logged).
*/
function access_denied()
{
global $user;
$login_url = get_root_url() . 'identification.php?redirect=' . urlencode(urlencode($_SERVER['REQUEST_URI']));
set_status_header(401);
if (isset($user) and !is_a_guest()) {
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<div style="text-align:center;">' . l10n('You are not authorized to access the requested page') . '<br>';
echo '<a href="' . get_root_url() . 'identification.php">' . l10n('Identification') . '</a> ';
echo '<a href="' . make_index_url() . '">' . l10n('Home') . '</a></div>';
echo str_repeat(' ', 512);
//IE6 doesn't error output if below a size
exit;
} else {
redirect_html($login_url);
}
}
/**
* checks the activation key: does it match the expected pattern? is it
* linked to a user? is this user allowed to reset his password?
*
* @return mixed (user_id if OK, false otherwise)
*/
function check_password_reset_key($reset_key)
{
global $page, $conf;
list($key, $email) = explode('-', $reset_key, 2);
if (!preg_match('/^[a-z0-9]{20}$/i', $key)) {
$page['errors'][] = l10n('Invalid key');
return false;
}
$user_ids = array();
$query = '
SELECT
' . $conf['user_fields']['id'] . ' AS id
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['email'] . ' = \'' . pwg_db_real_escape_string($email) . '\'
;';
$user_ids = query2array($query, null, 'id');
if (count($user_ids) == 0) {
$page['errors'][] = l10n('Invalid username or email');
return false;
}
$user_id = null;
$query = '
SELECT
user_id,
status,
activation_key,
activation_key_expire,
NOW() AS dbnow
FROM ' . USER_INFOS_TABLE . '
WHERE user_id IN (' . implode(',', $user_ids) . ')
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
if (pwg_password_verify($key, $row['activation_key'])) {
if (strtotime($row['dbnow']) > strtotime($row['activation_key_expire'])) {
// key has expired
$page['errors'][] = l10n('Invalid key');
return false;
}
if (is_a_guest($row['status']) or is_generic($row['status'])) {
$page['errors'][] = l10n('Password reset is not allowed for this user');
return false;
}
$user_id = $row['user_id'];
}
}
if (empty($user_id)) {
$page['errors'][] = l10n('Invalid key');
return false;
}
return $user_id;
}
/**
* Returns if current user can edit/delete/validate a comment.
*
* @param string $action edit/delete/validate
* @param int $comment_author_id
* @return bool
*/
function can_manage_comment($action, $comment_author_id)
{
global $user, $conf;
if (is_a_guest()) {
return false;
}
if (!in_array($action, array('delete', 'edit', 'validate'))) {
return false;
}
if (is_admin()) {
return true;
}
if ('edit' == $action and $conf['user_can_edit_comment']) {
if ($comment_author_id == $user['id']) {
return true;
}
}
if ('delete' == $action and $conf['user_can_delete_comment']) {
if ($comment_author_id == $user['id']) {
return true;
}
}
return false;
}
/**
* Setups each block the main menubar.
*/
function initialize_menu()
{
global $page, $conf, $user, $template, $filter;
$menu = new BlockManager("menubar");
$menu->load_registered_blocks();
$menu->prepare_display();
if (@$page['section'] == 'search' and isset($page['qsearch_details'])) {
$template->assign('QUERY_SEARCH', htmlspecialchars($page['qsearch_details']['q']));
}
//--------------------------------------------------------------- external links
if ($block = $menu->get_block('mbLinks') and !empty($conf['links'])) {
$block->data = array();
foreach ($conf['links'] as $url => $url_data) {
if (!is_array($url_data)) {
$url_data = array('label' => $url_data);
}
if (!isset($url_data['eval_visible']) or eval($url_data['eval_visible'])) {
$tpl_var = array('URL' => $url, 'LABEL' => $url_data['label']);
if (!isset($url_data['new_window']) or $url_data['new_window']) {
$tpl_var['new_window'] = array('NAME' => isset($url_data['nw_name']) ? $url_data['nw_name'] : '', 'FEATURES' => isset($url_data['nw_features']) ? $url_data['nw_features'] : '');
}
$block->data[] = $tpl_var;
}
}
if (!empty($block->data)) {
$block->template = 'menubar_links.tpl';
}
}
//-------------------------------------------------------------- categories
$block = $menu->get_block('mbCategories');
//------------------------------------------------------------------------ filter
if ($conf['menubar_filter_icon'] and !empty($conf['filter_pages']) and get_filter_page_value('used')) {
if ($filter['enabled']) {
$template->assign('U_STOP_FILTER', add_url_params(make_index_url(array()), array('filter' => 'stop')));
} else {
$template->assign('U_START_FILTER', add_url_params(make_index_url(array()), array('filter' => 'start-recent-' . $user['recent_period'])));
}
}
if ($block != null) {
$block->data = array('NB_PICTURE' => $user['nb_total_images'], 'MENU_CATEGORIES' => get_categories_menu(), 'U_CATEGORIES' => make_index_url(array('section' => 'categories')));
$block->template = 'menubar_categories.tpl';
}
//------------------------------------------------------------------------ tags
$block = $menu->get_block('mbTags');
if ($block != null and !empty($page['items']) and 'picture' != script_basename()) {
if ('tags' == @$page['section']) {
$tags = get_common_tags($page['items'], $conf['menubar_tag_cloud_items_number'], $page['tag_ids']);
$tags = add_level_to_tags($tags);
foreach ($tags as $tag) {
$block->data[] = array_merge($tag, array('U_ADD' => make_index_url(array('tags' => array_merge($page['tags'], array($tag)))), 'URL' => make_index_url(array('tags' => array($tag)))));
}
} else {
$selection = array_slice($page['items'], $page['start'], $page['nb_image_page']);
$tags = add_level_to_tags(get_common_tags($selection, $conf['content_tag_cloud_items_number']));
foreach ($tags as $tag) {
$block->data[] = array_merge($tag, array('URL' => make_index_url(array('tags' => array($tag)))));
}
}
if (!empty($block->data)) {
$block->template = 'menubar_tags.tpl';
}
}
//----------------------------------------------------------- special categories
if (($block = $menu->get_block('mbSpecials')) != null) {
if (!is_a_guest()) {
// favorites
$block->data['favorites'] = array('URL' => make_index_url(array('section' => 'favorites')), 'TITLE' => l10n('display your favorites photos'), 'NAME' => l10n('Your favorites'));
}
$block->data['most_visited'] = array('URL' => make_index_url(array('section' => 'most_visited')), 'TITLE' => l10n('display most visited photos'), 'NAME' => l10n('Most visited'));
if ($conf['rate']) {
$block->data['best_rated'] = array('URL' => make_index_url(array('section' => 'best_rated')), 'TITLE' => l10n('display best rated photos'), 'NAME' => l10n('Best rated'));
}
$block->data['recent_pics'] = array('URL' => make_index_url(array('section' => 'recent_pics')), 'TITLE' => l10n('display most recent photos'), 'NAME' => l10n('Recent photos'));
$block->data['recent_cats'] = array('URL' => make_index_url(array('section' => 'recent_cats')), 'TITLE' => l10n('display recently updated albums'), 'NAME' => l10n('Recent albums'));
$block->data['random'] = array('URL' => get_root_url() . 'random.php', 'TITLE' => l10n('display a set of random photos'), 'NAME' => l10n('Random photos'), 'REL' => 'rel="nofollow"');
$block->data['calendar'] = array('URL' => make_index_url(array('chronology_field' => $conf['calendar_datefield'] == 'date_available' ? 'posted' : 'created', 'chronology_style' => 'monthly', 'chronology_view' => 'calendar')), 'TITLE' => l10n('display each day with photos, month per month'), 'NAME' => l10n('Calendar'), 'REL' => 'rel="nofollow"');
$block->template = 'menubar_specials.tpl';
}
//---------------------------------------------------------------------- summary
if (($block = $menu->get_block('mbMenu')) != null) {
// quick search block will be displayed only if data['qsearch'] is set
// to "yes"
$block->data['qsearch'] = true;
// tags link
$block->data['tags'] = array('TITLE' => l10n('display available tags'), 'NAME' => l10n('Tags'), 'URL' => get_root_url() . 'tags.php', 'COUNTER' => get_nb_available_tags());
// search link
$block->data['search'] = array('TITLE' => l10n('search'), 'NAME' => l10n('Search'), 'URL' => get_root_url() . 'search.php', 'REL' => 'rel="search"');
if ($conf['activate_comments']) {
// comments link
$block->data['comments'] = array('TITLE' => l10n('display last user comments'), 'NAME' => l10n('Comments'), 'URL' => get_root_url() . 'comments.php', 'COUNTER' => get_nb_available_comments());
}
// about link
$block->data['about'] = array('TITLE' => l10n('About Piwigo'), 'NAME' => l10n('About'), 'URL' => get_root_url() . 'about.php');
// notification
$block->data['rss'] = array('TITLE' => l10n('RSS feed'), 'NAME' => l10n('Notification'), 'URL' => get_root_url() . 'notification.php', 'REL' => 'rel="nofollow"');
$block->template = 'menubar_menu.tpl';
}
//--------------------------------------------------------------- identification
if (is_a_guest()) {
$template->assign(array('U_LOGIN' => get_root_url() . 'identification.php', 'U_LOST_PASSWORD' => get_root_url() . 'password.php', 'AUTHORIZE_REMEMBERING' => $conf['authorize_remembering']));
if ($conf['allow_user_registration']) {
$template->assign('U_REGISTER', get_root_url() . 'register.php');
}
} else {
$template->assign('USERNAME', stripslashes($user['username']));
if (is_autorize_status(ACCESS_CLASSIC)) {
$template->assign('U_PROFILE', get_root_url() . 'profile.php');
}
// the logout link has no meaning with Apache authentication : it is not
// possible to logout with this kind of authentication.
if (!$conf['apache_authentication']) {
$template->assign('U_LOGOUT', get_root_url() . '?act=logout');
}
if (is_admin()) {
$template->assign('U_ADMIN', get_root_url() . 'admin.php');
}
}
if (($block = $menu->get_block('mbIdentification')) != null) {
$block->template = 'menubar_identification.tpl';
}
$menu->apply('MENUBAR', 'menubar.tpl');
}
// logout
logout_user();
redirect(get_gallery_home_url());
} elseif (!empty($_SESSION['pwg_uid'])) {
$user['id'] = $_SESSION['pwg_uid'];
}
}
// Now check the auto-login
if ($user['id'] == $conf['guest_id']) {
auto_login();
}
// using Apache authentication override the above user search
if ($conf['apache_authentication']) {
$remote_user = null;
foreach (array('REMOTE_USER', 'REDIRECT_REMOTE_USER') as $server_key) {
if (isset($_SERVER[$server_key])) {
$remote_user = $_SERVER[$server_key];
break;
}
}
if (isset($remote_user)) {
if (!($user['id'] = get_userid($remote_user))) {
$user['id'] = register_user($remote_user, '', '', false);
}
}
}
$user = build_user($user['id'], (defined('IN_ADMIN') and IN_ADMIN) ? false : true);
if ($conf['browser_language'] and (is_a_guest() or is_generic())) {
get_browser_language($user['language']);
}
trigger_notify('user_init', $user);
function pshare_section_init()
{
global $tokens, $page, $conf, $user, $template;
if ($tokens[0] == 'pshare') {
$page['section'] = 'pshare';
$page['title'] = l10n('Shared Picture');
if (!isset($tokens[1])) {
die("missing key");
}
if (!preg_match(PSHARE_KEY_PATTERN, $tokens[1])) {
die("invalid key");
}
$page['pshare_key'] = $tokens[1];
$query = '
SELECT
*,
NOW() AS dbnow
FROM ' . PSHARE_KEYS_TABLE . '
WHERE uuid = \'' . $page['pshare_key'] . '\'
;';
$shares = query2array($query);
if (count($shares) == 0) {
die('unknown key');
}
$share = $shares[0];
pshare_log($share['pshare_key_id'], 'visit');
// is the key still valid?
if (strtotime($share['expire_on']) < strtotime($share['dbnow'])) {
die('expired key');
}
// if the user is permitted for this photo, let's redirect to
// picture.php (with full details and actions)
if (!is_a_guest() and pshare_is_photo_visible($share['image_id'])) {
// find the first reachable category linked to the photo
$query = '
SELECT category_id
FROM ' . IMAGE_CATEGORY_TABLE . '
WHERE image_id = ' . $share['image_id'] . '
;';
$authorizeds = array_diff(array_from_query($query, 'category_id'), explode(',', calculate_permissions($user['id'], $user['status'])));
foreach ($authorizeds as $category_id) {
$url = make_picture_url(array('image_id' => $share['image_id'], 'category' => get_cat_info($category_id)));
if (function_exists('Fotorama_is_replace_picture') and Fotorama_is_replace_picture()) {
$url .= '&slidestop';
}
redirect($url);
}
redirect(make_picture_url(array('image_id' => $share['image_id'])));
}
$query = '
SELECT *
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $share['image_id'] . '
;';
$rows = query2array($query);
$image = $rows[0];
$src_image = new SrcImage($image);
if (isset($tokens[2]) && 'download' == $tokens[2]) {
$format_id = null;
if (isset($tokens[3]) && preg_match('/^f(\\d+)$/', $tokens[3], $matches)) {
$format_id = $matches[1];
$query = '
SELECT
*
FROM ' . IMAGE_FORMAT_TABLE . '
WHERE format_id = ' . $format_id . '
AND image_id = ' . $image['id'] . '
;';
$formats = query2array($query);
if (count($formats) == 0) {
do_error(400, 'Invalid request - format');
}
$format = $formats[0];
$file = original_to_format(get_element_path($image), $format['ext']);
$image['file'] = get_filename_wo_extension($image['file']) . '.' . $format['ext'];
} else {
$file = $image['path'];
}
$gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)) . ' GMT';
$http_headers = array('Content-Length: ' . @filesize($file), 'Last-Modified: ' . $gmt_mtime, 'Content-Type: ' . mime_content_type($file), 'Content-Disposition: attachment; filename="' . $image['file'] . '";', 'Content-Transfer-Encoding: binary');
foreach ($http_headers as $header) {
header($header);
}
readfile($file);
pshare_log($share['pshare_key_id'], 'download', $format_id);
exit;
}
$template->set_filename('shared_picture', realpath(PSHARE_PATH . 'template/shared_picture.tpl'));
$derivative = new DerivativeImage(ImageStdParams::get_by_type(IMG_MEDIUM), $src_image);
$derivative_size = $derivative->get_size();
// a random string to avoid browser cache
$rand = '&download=' . substr(md5(time()), 0, 6);
$template->assign(array('SRC' => $derivative->get_url(), 'IMG_WIDTH' => $derivative_size[0], 'IMG_HEIGHT' => $derivative_size[1], 'DOWNLOAD_URL' => duplicate_index_url() . '/' . $page['pshare_key'] . '/download' . $rand));
// formats
if (defined('IMAGE_FORMAT_TABLE')) {
$query = '
SELECT *
FROM ' . IMAGE_FORMAT_TABLE . '
WHERE image_id = ' . $share['image_id'] . '
;';
$formats = query2array($query);
if (!empty($formats)) {
foreach ($formats as &$format) {
$format['download_url'] = duplicate_index_url() . '/' . $page['pshare_key'] . '/download';
$format['download_url'] .= '/f' . $format['format_id'] . $rand;
$format['filesize'] = sprintf('%.1fMB', $format['filesize'] / 1024);
}
}
$template->assign('formats', $formats);
}
$template->parse('shared_picture');
$template->p();
exit;
}
}
$tpl_comment['PWG_TOKEN'] = get_pwg_token();
$tpl_comment['U_CANCEL'] = $url_self;
}
}
if (is_admin()) {
$tpl_comment['EMAIL'] = $email;
if ($row['validated'] != 'true') {
$tpl_comment['U_VALIDATE'] = add_url_params($url_self, array('action' => 'validate_comment', 'comment_to_validate' => $row['id'], 'pwg_token' => get_pwg_token()));
}
}
$template->append('comments', $tpl_comment);
}
}
$show_add_comment_form = true;
if (isset($edit_comment)) {
$show_add_comment_form = false;
}
if (is_a_guest() and !$conf['comments_forall']) {
$show_add_comment_form = false;
}
if ($show_add_comment_form) {
$key = get_ephemeral_key(3, $page['image_id']);
$tpl_var = array('F_ACTION' => $url_self, 'KEY' => $key, 'CONTENT' => '', 'SHOW_AUTHOR' => !is_classic_user(), 'AUTHOR_MANDATORY' => $conf['comments_author_mandatory'], 'AUTHOR' => '', 'WEBSITE_URL' => '', 'SHOW_EMAIL' => !is_classic_user() or empty($user['email']), 'EMAIL_MANDATORY' => $conf['comments_email_mandatory'], 'EMAIL' => '', 'SHOW_WEBSITE' => $conf['comments_enable_website']);
if ('reject' == @$comment_action) {
foreach (array('content', 'author', 'website_url', 'email') as $k) {
$tpl_var[strtoupper($k)] = htmlspecialchars(stripslashes(@$_POST[$k]));
}
}
$template->assign('comment_add', $tpl_var);
}
}
/**
* API method
* Returns detailed information for an element
* @param mixed[] $params
* @option int image_id
* @option int comments_page
* @option int comments_per_page
*/
function ws_images_getInfo($params, $service)
{
global $user, $conf;
$query = '
SELECT *
FROM ' . IMAGES_TABLE . '
WHERE id=' . $params['image_id'] . get_sql_condition_FandF(array('visible_images' => 'id'), ' AND') . '
LIMIT 1
;';
$result = pwg_query($query);
if (pwg_db_num_rows($result) == 0) {
return new PwgError(404, 'image_id not found');
}
$image_row = pwg_db_fetch_assoc($result);
$image_row = array_merge($image_row, ws_std_get_urls($image_row));
//-------------------------------------------------------- related categories
$query = '
SELECT id, name, permalink, uppercats, global_rank, commentable
FROM ' . IMAGE_CATEGORY_TABLE . '
INNER JOIN ' . CATEGORIES_TABLE . ' ON category_id = id
WHERE image_id = ' . $image_row['id'] . get_sql_condition_FandF(array('forbidden_categories' => 'category_id'), ' AND') . '
;';
$result = pwg_query($query);
$is_commentable = false;
$related_categories = array();
while ($row = pwg_db_fetch_assoc($result)) {
if ($row['commentable'] == 'true') {
$is_commentable = true;
}
unset($row['commentable']);
$row['url'] = make_index_url(array('category' => $row));
$row['page_url'] = make_picture_url(array('image_id' => $image_row['id'], 'image_file' => $image_row['file'], 'category' => $row));
$row['id'] = (int) $row['id'];
$related_categories[] = $row;
}
usort($related_categories, 'global_rank_compare');
if (empty($related_categories)) {
return new PwgError(401, 'Access denied');
}
//-------------------------------------------------------------- related tags
$related_tags = get_common_tags(array($image_row['id']), -1);
foreach ($related_tags as $i => $tag) {
$tag['url'] = make_index_url(array('tags' => array($tag)));
$tag['page_url'] = make_picture_url(array('image_id' => $image_row['id'], 'image_file' => $image_row['file'], 'tags' => array($tag)));
unset($tag['counter']);
$tag['id'] = (int) $tag['id'];
$related_tags[$i] = $tag;
}
//------------------------------------------------------------- related rates
$rating = array('score' => $image_row['rating_score'], 'count' => 0, 'average' => null);
if (isset($rating['score'])) {
$query = '
SELECT COUNT(rate) AS count, ROUND(AVG(rate),2) AS average
FROM ' . RATE_TABLE . '
WHERE element_id = ' . $image_row['id'] . '
;';
$row = pwg_db_fetch_assoc(pwg_query($query));
$rating['score'] = (double) $rating['score'];
$rating['average'] = (double) $row['average'];
$rating['count'] = (int) $row['count'];
}
//---------------------------------------------------------- related comments
$related_comments = array();
$where_comments = 'image_id = ' . $image_row['id'];
if (!is_admin()) {
$where_comments .= ' AND validated="true"';
}
$query = '
SELECT COUNT(id) AS nb_comments
FROM ' . COMMENTS_TABLE . '
WHERE ' . $where_comments . '
;';
list($nb_comments) = query2array($query, null, 'nb_comments');
$nb_comments = (int) $nb_comments;
if ($nb_comments > 0 and $params['comments_per_page'] > 0) {
$query = '
SELECT id, date, author, content
FROM ' . COMMENTS_TABLE . '
WHERE ' . $where_comments . '
ORDER BY date
LIMIT ' . (int) $params['comments_per_page'] . '
OFFSET ' . (int) ($params['comments_per_page'] * $params['comments_page']) . '
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$row['id'] = (int) $row['id'];
$related_comments[] = $row;
}
}
$comment_post_data = null;
if ($is_commentable and (!is_a_guest() or is_a_guest() and $conf['comments_forall'])) {
$comment_post_data['author'] = stripslashes($user['username']);
$comment_post_data['key'] = get_ephemeral_key(2, $params['image_id']);
}
$ret = $image_row;
foreach (array('id', 'width', 'height', 'hit', 'filesize') as $k) {
if (isset($ret[$k])) {
$ret[$k] = (int) $ret[$k];
}
}
foreach (array('path', 'storage_category_id') as $k) {
unset($ret[$k]);
}
$ret['rates'] = array(WS_XML_ATTRIBUTES => $rating);
$ret['categories'] = new PwgNamedArray($related_categories, 'category', array('id', 'url', 'page_url'));
$ret['tags'] = new PwgNamedArray($related_tags, 'tag', ws_std_get_tag_xml_attributes());
if (isset($comment_post_data)) {
$ret['comment_post'] = array(WS_XML_ATTRIBUTES => $comment_post_data);
}
$ret['comments_paging'] = new PwgNamedStruct(array('page' => $params['comments_page'], 'per_page' => $params['comments_per_page'], 'count' => count($related_comments), 'total_count' => $nb_comments));
$ret['comments'] = new PwgNamedArray($related_comments, 'comment', array('id', 'date'));
if ($service->_responseFormat != 'rest') {
return $ret;
// for backward compatibility only
} else {
return array('image' => new PwgNamedStruct($ret, null, array('name', 'comment')));
}
}
$user['id'] = $_SESSION['pwg_uid'];
}
}
// Now check the auto-login
if ($user['id'] == $conf['guest_id']) {
auto_login();
}
// using Apache authentication override the above user search
if ($conf['apache_authentication']) {
$remote_user = null;
foreach (array('REMOTE_USER', 'REDIRECT_REMOTE_USER') as $server_key) {
if (isset($_SERVER[$server_key])) {
$remote_user = $_SERVER[$server_key];
break;
}
}
if (isset($remote_user)) {
if (!($user['id'] = get_userid($remote_user))) {
$user['id'] = register_user($remote_user, '', '', false);
}
}
}
// automatic login by authentication key
if (isset($_GET['auth'])) {
auth_key_login($_GET['auth']);
}
$user = build_user($user['id'], (defined('IN_ADMIN') and IN_ADMIN) ? false : true);
if ($conf['browser_language'] and (is_a_guest() or is_generic()) and $language = get_browser_language()) {
$user['language'] = $language;
}
trigger_notify('user_init', $user);
$template->assign(array('SECTION_TITLE' => $page['section_title'], 'PHOTO' => $title_nb, 'IS_HOME' => 'categories' == $page['section'] and !isset($page['category']), 'LEVEL_SEPARATOR' => $conf['level_separator'], 'U_UP' => $url_up, 'DISPLAY_NAV_BUTTONS' => $conf['picture_navigation_icons'], 'DISPLAY_NAV_THUMB' => $conf['picture_navigation_thumb']));
if ($conf['picture_metadata_icon']) {
$template->assign('U_METADATA', $url_metadata);
}
//------------------------------------------------------- upper menu management
// admin links
if (is_admin()) {
if (isset($page['category'])) {
$template->assign(array('U_SET_AS_REPRESENTATIVE' => add_url_params($url_self, array('action' => 'set_as_representative'))));
}
$url_admin = get_root_url() . 'admin.php?page=photo-' . $page['image_id'] . (isset($page['category']) ? '&cat_id=' . $page['category']['id'] : '');
$template->assign(array('U_CADDIE' => add_url_params($url_self, array('action' => 'add_to_caddie')), 'U_PHOTO_ADMIN' => $url_admin));
$template->assign('available_permission_levels', get_privacy_level_options());
}
// favorite manipulation
if (!is_a_guest() and $conf['picture_favorite_icon']) {
// verify if the picture is already in the favorite of the user
$query = '
SELECT COUNT(*) AS nb_fav
FROM ' . FAVORITES_TABLE . '
WHERE image_id = ' . $page['image_id'] . '
AND user_id = ' . $user['id'] . '
;';
$row = pwg_db_fetch_assoc(pwg_query($query));
$is_favorite = $row['nb_fav'] != 0;
$template->assign('favorite', array('IS_FAVORITE' => $is_favorite, 'U_FAVORITE' => add_url_params($url_self, array('action' => !$is_favorite ? 'add_to_favorites' : 'remove_from_favorites'))));
}
//--------------------------------------------------------- picture information
// legend
if (isset($picture['current']['comment']) and !empty($picture['current']['comment'])) {
$template->assign('COMMENT_IMG', trigger_change('render_element_description', $picture['current']['comment'], 'picture_page_element_description'));
