/** * Activate a named plugin. * * Parses the plugins directory to look for a pluginname.yaml * file and adds the plugin to the plugins database, setting * the inst_version field to the version specified in the yaml file. * * @param string $name Name of plugin to be activated. * @return bool Returns true if plugin directory was found. * @see deactivate_plugin */ function activate_plugin($name) { $plugins_dir = dirname(__FILE__) . '/../plugins/'; $plugin_dir = $plugins_dir . $name; if (file_exists($plugin_dir)) { $plugin_yaml = get_plugin_yaml("{$plugin_dir}/{$name}.yaml", false); # If no yaml, or yaml file but no description present, attempt to read an 'about.txt' file if ($plugin_yaml['desc'] == '') { $about = $plugins_dir . $name . '/about.txt'; if (file_exists($about)) { $plugin_yaml['desc'] = substr(file_get_contents($about), 0, 95) . '...'; } } # escape the plugin information $plugin_yaml_esc = array(); foreach (array_keys($plugin_yaml) as $thekey) { $plugin_yaml_esc[$thekey] = escape_check($plugin_yaml[$thekey]); } # Add/Update plugin information. # Check if the plugin is already in the table. $c = sql_value("SELECT name as value FROM plugins WHERE name='{$name}'", ''); if ($c == '') { sql_query("INSERT INTO plugins(name) VALUE ('{$name}')"); } sql_query("UPDATE plugins SET config_url='{$plugin_yaml_esc['config_url']}', " . "descrip='{$plugin_yaml_esc['desc']}', author='{$plugin_yaml_esc['author']}', " . "inst_version='{$plugin_yaml_esc['version']}', " . "priority='{$plugin_yaml_esc['default_priority']}', " . "update_url='{$plugin_yaml_esc['update_url']}', info_url='{$plugin_yaml_esc['info_url']}' " . "WHERE name='{$plugin_yaml_esc['name']}'"); return true; } else { return false; } }
function save_themename() { global $baseurl, $link, $themename, $collection_column; $sql="update collection set " . $collection_column . "='" . getvalescaped("rename","") . "' where " . $collection_column . "='" . escape_check($themename)."'"; sql_query($sql); header("location:".$baseurl. "/pages/" . $link); }
function save_themename() { global $baseurl, $link, $themename, $collection_column; $sql = "update collection set\t" . $collection_column . "='" . getvalescaped("rename", "") . "' where " . $collection_column . "='" . escape_check($themename) . "'"; sql_query($sql); hook("after_save_themename"); redirect("pages/" . $link); }
function get_youtube_access_token($refresh = false) { global $baseurl, $userref, $youtube_publish_client_id, $youtube_publish_client_secret, $youtube_publish_callback_url, $code; $url = 'https://accounts.google.com/o/oauth2/token'; if ($refresh) { $refresh_token = sql_value("select youtube_refresh_token as value from user where ref='{$userref}'", ""); if ($refresh_token == "") { get_youtube_authorization_code(); exit; } $params = array("client_id" => $youtube_publish_client_id, "client_secret" => $youtube_publish_client_secret, "refresh_token" => $refresh_token, "grant_type" => "refresh_token"); } else { $params = array("code" => $code, "client_id" => $youtube_publish_client_id, "client_secret" => $youtube_publish_client_secret, "redirect_uri" => $baseurl . $youtube_publish_callback_url, "grant_type" => "authorization_code"); } $curl = curl_init("https://accounts.google.com/o/oauth2/token"); curl_setopt($curl, CURLOPT_HEADER, "Content-Type:application/x-www-form-urlencoded"); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, $params); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1); $response = json_decode(curl_exec($curl), true); curl_close($curl); //exit (print_r($response)); if (isset($response["error"])) { sql_query("update user set youtube_access_token='' where ref='{$userref}'"); //exit("ERROR: bad response" . print_r($response)); get_youtube_authorization_code(); exit; } if (isset($response["access_token"])) { $access_token = escape_check($response["access_token"]); sql_query("update user set youtube_access_token='{$access_token}' where ref='{$userref}'"); if (isset($response["refresh_token"])) { $refresh_token = escape_check($response["refresh_token"]); sql_query("update user set youtube_refresh_token='{$refresh_token}' where ref='{$userref}'"); } debug("YouTube plugin: Access token: " . $access_token); debug("YouTube plugin: Refresh token: " . $refresh_token); } # Get user account details and store these so we can tell which account they will be uploading to $headers = array("Authorization: Bearer " . $access_token, "GData-Version: 2"); $curl = curl_init("https://gdata.youtube.com/feeds/api/users/default"); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_HTTPGET, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 1); #$response = json_decode( curl_exec( $curl ), true ); $response = curl_exec($curl); $userdataxml = new SimpleXmlElement($response, LIBXML_NOCDATA); //exit(print_r($userdataxml)); $youtube_username = escape_check($userdataxml->title); sql_query("update user set youtube_username='******' where ref='{$userref}'"); return $access_token; }
function HookGrant_editEditeditbeforeheader() { global $ref, $baseurl, $usergroup, $grant_edit_groups, $collection; // Do we have access to do any of this, or is it a template if (!in_array($usergroup, $grant_edit_groups) || $ref < 0) { return; } // Check for Ajax POST to delete users $grant_edit_action = getvalescaped("grant_edit_action", ""); if ($grant_edit_action != "") { if ($grant_edit_action == "delete") { $remove_user = escape_check(getvalescaped("remove_user", "", TRUE)); if ($remove_user != "") { sql_query("delete from grant_edit where resource='{$ref}' and user={$remove_user}"); exit("SUCCESS"); } } exit("FAILED"); } # If 'users' is specified (i.e. access is private) then rebuild users list $users = getvalescaped("users", false); if ($users != false) { # Build a new list and insert $users = resolve_userlist_groups($users); $ulist = array_unique(trim_array(explode(",", $users))); $urefs = sql_array("select ref value from user where username in ('" . join("','", $ulist) . "')"); if (count($urefs) > 0) { $inserttext = array(); $grant_edit_expiry = getvalescaped("grant_edit_expiry", ""); foreach ($urefs as $uref) { if ($grant_edit_expiry != "") { $inserttext[] = $uref . ",'" . $grant_edit_expiry . "'"; } else { $inserttext[] = $uref . ",NULL"; } } if ($collection != "") { global $items; foreach ($items as $collection_resource) { sql_query("delete from grant_edit where resource='{$collection_resource}' and user in (" . implode(",", $urefs) . ")"); sql_query("insert into grant_edit(resource,user,expiry) values ({$collection_resource}," . join("),(" . $collection_resource . ",", $inserttext) . ")"); #log this global $lang; resource_log($collection_resource, 's', "", "Grant Edit - " . $users . " - " . $lang['expires'] . ": " . ($grant_edit_expiry != "" ? nicedate($grant_edit_expiry) : $lang['never'])); } } else { sql_query("delete from grant_edit where resource='{$ref}' and user in (" . implode(",", $urefs) . ")"); sql_query("insert into grant_edit(resource,user,expiry) values ({$ref}," . join("),(" . $ref . ",", $inserttext) . ")"); #log this global $lang; resource_log($ref, 's', "", "Grant Edit - " . $users . " - " . $lang['expires'] . ": " . ($grant_edit_expiry != "" ? nicedate($grant_edit_expiry) : $lang['never'])); } } } return true; }
function HookDiscount_codePurchase_callbackPayment_complete() { # Find out the discount code applied to this collection. $code = sql_value("select discount_code value from collection_resource where collection='" . getvalescaped("custom", "") . "' limit 1", ""); # Find out the purchasing user # As this is a callback script being called by PayPal, there is no login/authentication and we can't therefore simply use $userref. $user = sql_value("select ref value from user where current_collection='" . getvalescaped("custom", "") . "'", 0); # Insert used discount code row sql_query("insert into discount_code_used (code,user) values ('" . escape_check($code) . "','{$user}')"); }
/** * Returns the size record from the database specified by its ID. */ function getImageFormat($size) { if (empty($size)) { return array('width' => 0, 'height' => 0); } $results = sql_query("select * from preview_size where id='" . escape_check($size) . "'"); if (empty($results)) { die('Unknown size: "' . $size . '"'); } return $results[0]; }
function message_add($users, $text, $url = "", $owner = null, $notification_type = MESSAGE_ENUM_NOTIFICATION_TYPE_SCREEN, $ttl_seconds = MESSAGE_DEFAULT_TTL_SECONDS) { global $userref; $text = escape_check($text); $url = escape_check($url); if (!is_array($users)) { $users = array($users); } if (is_null($owner)) { $owner = $userref; } sql_query("INSERT INTO `message` (`owner`, `created`, `expires`, `message`, `url`) VALUES ({$owner}, NOW(), DATE_ADD(NOW(), INTERVAL {$ttl_seconds} SECOND), '{$text}', '{$url}')"); $message_ref = sql_insert_id(); foreach ($users as $user) { sql_query("INSERT INTO `user_message` (`user`, `message`) VALUES ({$user},{$message_ref})"); } }
function getThemeList($parents = array()) { if (count($parents) == 0) { // just retrieve all the top level themes $sql = "select distinct theme as value from collection where theme is not null and theme <> '' order by theme"; } else { // we were passed an array of parents, so we need to narrow our search for ($i = 1; $i < count($parents) + 1; $i++) { if ($i == 1) { $searchfield = 'theme'; } else { $searchfield = "theme{$i}"; } $whereclause = "{$searchfield} = '" . escape_check($parents[$i - 1]) . "' "; } $sql = "select distinct theme{$i} as value from collection where {$whereclause} and theme{$i} is not null and theme{$i} <> '' order by theme{$i}"; //echo $sql; } $result = sql_array($sql); return $result; }
function HookUser_preferencesuser_preferencesSaveadditionaluserpreferences() { global $user_preferences_change_username, $user_preferences_change_email, $user_preferences_change_name, $userref, $useremail, $username, $userfullname, $lang; $newUsername = trim(safe_file_name(getvalescaped('username', $username))); $newEmail = getvalescaped('email', $userfullname); $newFullname = getvalescaped('fullname', $userfullname); # Check if a user with that username already exists if ($user_preferences_change_username && $username != $newUsername) { $existing = sql_query('select ref from user where username=\'' . escape_check($newUsername) . '\''); if (!empty($existing)) { $GLOBALS['errorUsername'] = $lang['useralreadyexists']; return false; } } # Check if a user with that email already exists if ($user_preferences_change_email && $useremail != $newEmail) { $existing = sql_query('select ref from user where email=\'' . escape_check($newEmail) . '\''); if (!empty($existing)) { $GLOBALS['errorEmail'] = $lang['useremailalreadyexists']; return false; } } # Store changed values in DB, and update the global variables as header.php is included next if ($user_preferences_change_username && $username != $newUsername) { sql_query("update user set username='******' where ref='" . $userref . "'"); $username = $newUsername; } if ($user_preferences_change_email && $useremail != $newEmail) { sql_query("update user set email='" . escape_check($newEmail) . "' where ref='" . $userref . "'"); $useremail = $newEmail; } if ($user_preferences_change_name && $userfullname != $newFullname) { sql_query("update user set fullname='" . escape_check($newFullname) . "' where ref='" . $userref . "'"); $userfullname = $newFullname; } return getvalescaped('currentpassword', '') == '' || getvalescaped('password', '') == '' && getvalescaped('password2', '') == ''; }
function ProcessFolder($folder) { #echo "<br>processing folder $folder"; global $syncdir, $nogo, $max, $count, $done, $modtimes, $lastsync, $ffmpeg_preview_extension, $staticsync_autotheme, $staticsync_extension_mapping_default, $staticsync_extension_mapping, $staticsync_mapped_category_tree, $staticsync_title_includes_path, $staticsync_ingest, $staticsync_mapfolders, $staticsync_alternatives_suffix, $staticsync_alt_suffixes, $staticsync_alt_suffix_array, $file_minimum_age, $staticsync_run_timestamp; $collection = 0; echo "Processing Folder: {$folder}\n"; # List all files in this folder. $dh = opendir($folder); echo date('Y-m-d H:i:s '); echo "Reading from {$folder}\n"; while (($file = readdir($dh)) !== false) { // because of alternative processing, some files may disappear during the run // that's ok - just ignore it and move on if (!file_exists($folder . "/" . $file)) { echo date('Y-m-d H:i:s '); echo "File {$file} missing. Moving on.\n"; continue; } $filetype = filetype($folder . "/" . $file); $fullpath = $folder . "/" . $file; $shortpath = str_replace($syncdir . "/", "", $fullpath); if ($staticsync_mapped_category_tree) { $path_parts = explode("/", $shortpath); array_pop($path_parts); touch_category_tree_level($path_parts); } # -----FOLDERS------------- if (($filetype == "dir" || $filetype == "link") && $file != "." && $file != ".." && strpos($nogo, "[" . $file . "]") === false && strpos($file, $staticsync_alternatives_suffix) === false) { # Recurse #echo "\n$file : " . filemtime($folder . "/" . $file) . " > " . $lastsync; if (true || strlen($lastsync) == "" || filemtime($folder . "/" . $file) > $lastsync - 26000) { ProcessFolder($folder . "/" . $file); } } # -------FILES--------------- if ($filetype == "file" && substr($file, 0, 1) != "." && strtolower($file) != "thumbs.db" && !ss_is_alt($file)) { // we want to make sure we don't touch files that are too new // so check this if (time() - filectime($folder . "/" . $file) < $file_minimum_age) { echo date('Y-m-d H:i:s '); echo " {$file} too new -- skipping .\n"; //echo filectime($folder . "/" . $file) . " " . time() . "\n"; continue; } # Already exists? if (!in_array($shortpath, $done)) { $count++; if ($count > $max) { return true; } echo date('Y-m-d H:i:s '); echo "Processing file: {$fullpath}\n"; if ($collection == 0 && $staticsync_autotheme) { # Make a new collection for this folder. $e = explode("/", $shortpath); $theme = ucwords($e[0]); $name = count($e) == 1 ? "" : $e[count($e) - 2]; echo date('Y-m-d H:i:s '); echo "\nCollection {$name}, theme={$theme}"; $collection = sql_value("select ref value from collection where name='" . escape_check($name) . "' and theme='" . escape_check($theme) . "'", 0); if ($collection == 0) { sql_query("insert into collection (name,created,public,theme,allow_changes) values ('" . escape_check($name) . "',now(),1,'" . escape_check($theme) . "',0)"); $collection = sql_insert_id(); } } # Work out extension $extension = explode(".", $file); $extension = trim(strtolower($extension[count($extension) - 1])); // if coming from collections or la folders, assume these are the resource types if (stristr(strtolower($fullpath), 'collection services/curatorial')) { $type = 5; } elseif (stristr(strtolower($fullpath), 'collection services/conservation')) { $type = 5; } elseif (stristr(strtolower($fullpath), 'collection services/library_archives')) { $type = 6; } else { # Work out a resource type based on the extension. $type = $staticsync_extension_mapping_default; reset($staticsync_extension_mapping); foreach ($staticsync_extension_mapping as $rt => $extensions) { if ($rt == 5 or $rt == 6) { continue; } // we already eliminated those if (in_array($extension, $extensions)) { $type = $rt; } } } # Formulate a title if ($staticsync_title_includes_path) { $title = str_ireplace("." . $extension, "", str_replace("/", " - ", $shortpath)); $title = ucfirst(str_replace("_", " ", $title)); } else { $title = str_ireplace("." . $extension, "", $file); } # Import this file $r = import_resource($shortpath, $type, $title, $staticsync_ingest); if ($r !== false) { # Add to mapped category tree (if configured) if (isset($staticsync_mapped_category_tree)) { $basepath = ""; # Save tree position to category tree field # For each node level, expand it back to the root so the full path is stored. for ($n = 0; $n < count($path_parts); $n++) { if ($basepath != "") { $basepath .= "~"; } $basepath .= $path_parts[$n]; $path_parts[$n] = $basepath; } update_field($r, $staticsync_mapped_category_tree, "," . join(",", $path_parts)); #echo "update_field($r,$staticsync_mapped_category_tree," . "," . join(",",$path_parts) . ");\n"; } # StaticSync path / metadata mapping # Extract metadata from the file path as per $staticsync_mapfolders in config.php if (isset($staticsync_mapfolders)) { foreach ($staticsync_mapfolders as $mapfolder) { $match = $mapfolder["match"]; $field = $mapfolder["field"]; $level = $mapfolder["level"]; if (strpos("/" . $shortpath, $match) !== false) { # Match. Extract metadata. $path_parts = explode("/", $shortpath); if ($level < count($path_parts)) { # Save the value print_r($path_parts); $value = $path_parts[$level - 1]; update_field($r, $field, $value); echo " - Extracted metadata from path: {$value}\n"; } } } } // add the timestamp from this run to the keywords field to help retrieve this batch later $currentkeywords = sql_value("select value from resource_data where resource = '{$r}' and resource_type_field = '1'", ""); if (strlen($currentkeywords) > 0) { $currentkeywords .= ','; } update_field($r, 1, $currentkeywords . $staticsync_run_timestamp); if (function_exists('staticsync_local_functions')) { // if local cleanup functions have been defined, run them staticsync_local_functions($r); } # Add any alternative files $altpath = $fullpath . $staticsync_alternatives_suffix; if ($staticsync_ingest && file_exists($altpath)) { $adh = opendir($altpath); while (($altfile = readdir($adh)) !== false) { $filetype = filetype($altpath . "/" . $altfile); if ($filetype == "file" && substr($file, 0, 1) != "." && strtolower($file) != "thumbs.db") { # Create alternative file global $lang; # Find extension $ext = explode(".", $altfile); $ext = $ext[count($ext) - 1]; $aref = add_alternative_file($r, $altfile, strtoupper($ext) . " " . $lang["file"], $altfile, $ext, filesize_unlimited($altpath . "/" . $altfile)); $path = get_resource_path($r, true, "", true, $ext, -1, 1, false, "", $aref); rename($altpath . "/" . $altfile, $path); # Move alternative file } } } # check for alt files that match suffix list if ($staticsync_alt_suffixes) { $ss_nametocheck = substr($file, 0, strlen($file) - strlen($extension) - 1); //review all files still in directory and see if they are alt files matching this one $althandle = opendir($folder); while (($altcandidate = readdir($althandle)) !== false) { if ($filetype == "file" && substr($file, 0, 1) != "." && strtolower($file) != "thumbs.db") { # Find extension $ext = explode(".", $altcandidate); $ext = $ext[count($ext) - 1]; $altcandidate_name = substr($altcandidate, 0, strlen($altcandidate) - strlen($ext) - 1); $altcandidate_validated = false; foreach ($staticsync_alt_suffix_array as $sssuffix) { if ($altcandidate_name == $ss_nametocheck . $sssuffix) { $altcandidate_validated = true; $thisfilesuffix = $sssuffix; break; } } if ($altcandidate_validated) { echo date('Y-m-d H:i:s '); echo " Attaching {$altcandidate} as alternative.\n"; $filetype = filetype($folder . "/" . $altcandidate); # Create alternative file global $lang; if (preg_match("/^_VERSO[0-9]*/i", $thisfilesuffix)) { $alt_title = "Verso"; } elseif (preg_match("/^_DNG[0-9]*/i", $thisfilesuffix)) { $alt_title = "DNG"; } elseif (preg_match("/^_ORIG[0-9]*/i", $thisfilesuffix)) { $alt_title = "Original Scan"; } elseif (preg_match("/^_TPV[0-9]*/i", $thisfilesuffix)) { $alt_title = "Title Page Verso"; } elseif (preg_match("/^_TP[0-9]*/i", $thisfilesuffix)) { $alt_title = "Title Page"; } elseif (preg_match("/^_COV[0-9]*/i", $thisfilesuffix)) { $alt_title = "Cover"; } elseif (preg_match("/^_SCR[0-9]*/i", $thisfilesuffix)) { $alt_title = "Inscription"; } elseif (preg_match("/^_EX[0-9]*/i", $thisfilesuffix)) { $alt_title = "Enclosure"; } else { $alt_title = $altcandidate; } $aref = add_alternative_file($r, $alt_title, strtoupper($ext) . " " . $lang["file"], $altcandidate, $ext, filesize_unlimited($folder . "/" . $altcandidate)); $path = get_resource_path($r, true, "", true, $ext, -1, 1, false, "", $aref); rename($folder . "/" . $altcandidate, $path); # Move alternative file global $alternative_file_previews; if ($alternative_file_previews) { create_previews($r, false, $ext, false, false, $aref); } } } } } # Add to collection if ($staticsync_autotheme) { sql_query("insert into collection_resource(collection,resource,date_added) values ('{$collection}','{$r}',now())"); } // fix permissions // get directory to fix global $scramble_key; $permfixfolder = "/hne/rs/filestore/"; for ($n = 0; $n < strlen($r); $n++) { $permfixfolder .= substr($r, $n, 1); if ($n == strlen($r) - 1) { $permfixfolder .= "_" . substr(md5($r . "_" . $scramble_key), 0, 15); } $permfixfolder .= "/"; } exec("/bin/chown -R wwwrun {$permfixfolder}"); exec("/bin/chgrp -R www {$permfixfolder}"); } else { # Import failed - file still being uploaded? echo date('Y-m-d H:i:s '); echo " *** Skipping file - it was not possible to move the file (still being imported/uploaded?) \n"; } } else { # check modified date and update previews if necessary $filemod = filemtime($fullpath); if (array_key_exists($shortpath, $modtimes) && $filemod > strtotime($modtimes[$shortpath])) { # File has been modified since we last created previews. Create again. $rd = sql_query("select ref,has_image,file_modified,file_extension from resource where file_path='" . escape_check($shortpath) . "'"); if (count($rd) > 0) { $rd = $rd[0]; $rref = $rd["ref"]; echo date('Y-m-d H:i:s '); echo "Resource {$rref} has changed, regenerating previews: {$fullpath}\n"; create_previews($rref, false, $rd["file_extension"]); sql_query("update resource set file_modified=now() where ref='{$rref}'"); } } } } } }
$aref = add_alternative_file($alternative, $plfilename); # Work out the extension $extension = explode(".", $plfilepath); $extension = trim(strtolower($extension[count($extension) - 1])); # Find the path for this resource. $path = get_resource_path($alternative, true, "", true, $extension, -1, 1, false, "", $aref); # Move the sent file to the alternative file location # PLUpload - file was sent chunked and reassembled - use the reassembled file location $result = rename($plfilepath, $path); if ($result === false) { exit("ERROR: File upload error. Please check the size of the file you are trying to upload."); } chmod($path, 0777); $file_size = @filesize_unlimited($path); # Save alternative file data. sql_query("update resource_alt_files set file_name='" . escape_check($plfilename) . "',file_extension='" . escape_check($extension) . "',file_size='" . $file_size . "',creation_date=now() where resource='{$alternative}' and ref='{$aref}'"); if ($alternative_file_previews_batch) { create_previews($alternative, false, $extension, false, false, $aref); } echo "SUCCESS"; exit; } if ($replace == "" && $replace_resource == "") { # Standard upload of a new resource $ref = copy_resource(0 - $userref); # Copy from user template # Add to collection? if ($collection_add != "") { add_resource_to_collection($ref, $collection_add); } # Log this
<?php /*** * plugin.php - Maps requests to plugin pages to requested plugin. * * @package ResourceSpace * @subpackage Plugins * ***/ # Define this page as an acceptable entry point. define('RESOURCESPACE', true); include '../include/db.php'; include '../include/general.php'; $query = explode('&', $_SERVER['QUERY_STRING']); $plugin_query = explode('/', $query[0]); if (!is_plugin_activated(escape_check($plugin_query[0]))) { die('Plugin does not exist or is not enabled'); } if (isset($plugin_query[1])) { if (preg_match('/[\\/]/', $plugin_query[1])) { die('Invalid plugin page.'); } $page_path = $baseurl_short . "plugins/{$plugin_query[0]}/pages/{$plugin_query[1]}.php"; if (file_exists($page_path)) { include $page_path; } else { die('Plugin page not found.'); } } else { if (file_exists("../plugins/{$plugin_query[0]}/pages/index.php")) { include "../plugins/{$plugin_query[0]}/pages/index.php";
<?php include "../../../include/db.php"; include "../../../include/general.php"; if (array_key_exists("user", $_COOKIE)) { # Check to see if this user is logged in. $session_hash = $_COOKIE["user"]; $loggedin = sql_value("select count(*) value from user where session='" . escape_check($session_hash) . "' and approved=1 and timestampdiff(second,last_active,now())<(30*60)", 0); if ($loggedin > 0 || $session_hash == "|") { # User is logged in. Proceed to full authentication. include "../../../include/authenticate.php"; } } if (!isset($userref)) { # User is not logged in. Fetch username from posted form value. $username = getval("username", ""); $usergroupname = "(Not logged in)"; $userfullname = ""; $anonymous_login = $username; $pagename = "terms"; $plugins = array(); } $error = ""; $errorfields = array(); $sent = false; if (getval("send", "") != "") { $csvheaders = "\"date\""; $csvline = "\"" . date("Y-m-d") . "\""; $message = "Date: " . date("Y-m-d") . "\n"; for ($n = 1; $n <= count($feedback_questions); $n++) { $type = $feedback_questions[$n]["type"];
$ref = getvalescaped("ref", ""); $resource = getvalescaped("resource", ""); # Check access $edit_access = get_edit_access($resource); if (!$edit_access) { exit("Access denied"); } # Should never arrive at this page without edit access if (getval("submitted", "") != "") { # Save license data # Construct expiry date $expires = getvalescaped("expires_year", "") . "-" . getvalescaped("expires_month", "") . "-" . getvalescaped("expires_day", ""); # Construct usage $license_usage = ""; if (isset($_POST["license_usage"])) { $license_usage = escape_check(join(", ", $_POST["license_usage"])); } if ($ref == "new") { # New record sql_query("insert into resource_license (resource,outbound,holder,license_usage,description,expires) values ('" . getvalescaped("resource", "") . "', '" . getvalescaped("outbound", "") . "', '" . getvalescaped("holder", "") . "', '{$license_usage}', '" . getvalescaped("description", "") . "', '{$expires}')"); $ref = sql_insert_id(); resource_log($resource, "", "", $lang["new_license"] . " " . $ref); } else { # Existing record sql_query("update resource_license set outbound='" . getvalescaped("outbound", "") . "',holder='" . getvalescaped("holder", "") . "', license_usage='{$license_usage}',description='" . getvalescaped("description", "") . "',expires='{$expires}' where ref='{$ref}' and resource='{$resource}'"); resource_log($resource, "", "", $lang["edit_license"] . " " . $ref); } redirect("pages/view.php?ref=" . $resource); } # Fetch license data if ($ref == "new") {
function create_password_reset_key($username) { global $scramble_key; $resetuniquecode = make_password(); $password_reset_hash = hash('sha256', date("Ymd") . md5("RS" . $resetuniquecode . $username . $scramble_key)); sql_query("update user set password_reset_hash='{$password_reset_hash}' where username='******'"); $password_reset_url_key = substr(hash('sha256', date("Ymd") . $password_reset_hash . $username . $scramble_key), 0, 15); return $password_reset_url_key; }
// avoid bad characters in filenames $filename = preg_replace("/[^A-Za-z0-9_\\- ]/", '', $filename); //$filename = str_replace(' ','_',trim($filename)); // if there is not a filename, create one if ($cropper_custom_filename && strlen($filename) > 0) { $filename = "{$filename}"; } else { if (!$alternative_file_previews || $download || getval("slideshow", "") != "") { $filename = $ref . "_" . strtolower($lang['transformed']); } elseif ($original && !$cropperestricted) { // fixme } else { $filename = "alt_{$newfile}"; } } $filename = escape_check($filename); $lcext = strtolower($new_ext); $mpcalc = round($newfilewidth * $newfileheight / 1000000, 1); // don't show a megapixel count if it rounded down to 0 if ($mpcalc > 0) { $mptext = " ({$mpcalc} " . $lang["megapixel-short"] . ")"; } else { $mptext = ''; } if (strlen($mydesc) > 0) { $deschyphen = ' - '; } else { $deschyphen = ''; } // Do something with the final file: if ($cropper_enable_alternative_files && !$download && !$original && getval("slideshow", "") == "" && !$cropperestricted) {
$accepted = sql_value("select accepted_terms value from user where username='******' and (password='******' or password='******'password_hash'] . "')", 0); if ($accepted == 0 && $terms_login && !checkperm("p")) { redirect("pages/terms.php?noredir=true&url=" . urlencode("pages/user/user_change_password.php")); } else { redirect($url); } } else { sleep($password_brute_force_delay); $error = $result['error']; hook("dispcreateacct"); } } } if (getval("logout", "") != "" && array_key_exists("user", $_COOKIE)) { #fetch username and update logged in status $session = escape_check($_COOKIE["user"]); sql_query("update user set logged_in=0,session='' where session='{$session}'"); hook("removeuseridcookie"); #blank cookie rs_setcookie("user", "", time() - 3600); # Also blank search related cookies setcookie("search", "", 0, '', '', false, true); setcookie("saved_offset", "", 0, '', '', false, true); setcookie("saved_archive", "", 0, '', '', false, true); unset($username); hook("postlogout"); if (isset($anonymous_login)) { # If the system is set up with anonymous access, redirect to the home page after logging out. redirect("pages/" . $default_home_page); } }
function ProcessFolder($folder, $version_dir, &$resource_array, &$resource_error) { global $lang, $syncdir, $nogo, $staticsync_max_files, $count, $done, $modtimes, $lastsync, $ffmpeg_preview_extension, $staticsync_autotheme, $staticsync_folder_structure, $staticsync_extension_mapping_default, $staticsync_extension_mapping, $staticsync_mapped_category_tree, $staticsync_title_includes_path, $staticsync_ingest, $staticsync_mapfolders, $staticsync_alternatives_suffix, $theme_category_levels, $staticsync_defaultstate, $additional_archive_states, $staticsync_extension_mapping_append_values, $image_alternatives, $exclude_resize, $post_host, $media_endpoint, $image_required_height, $sync_bucket, $aws_key, $aws_secret_key; $collection = 0; echo "Processing Folder: {$folder}" . PHP_EOL; #$alt_path = get_resource_path(59, TRUE, '', FALSE, 'png', -1, 1, FALSE, '', 4); # List all files in this folder. $dh = opendir($folder); while (($file = readdir($dh)) !== false) { if ($file == '.' || $file == '..') { continue; } $filetype = filetype($folder . "/" . $file); $fullpath = $folder . "/" . $file; $shortpath = str_replace($syncdir . "/", '', $fullpath); # Work out extension $extension = explode(".", $file); if (count($extension) > 1) { $extension = trim(strtolower($extension[count($extension) - 1])); } else { //No extension $extension = ""; } if (strpos($fullpath, $nogo)) { echo "This directory is to be ignored." . PHP_EOL; continue; } if ($staticsync_mapped_category_tree) { $path_parts = explode("/", $shortpath); array_pop($path_parts); touch_category_tree_level($path_parts); } # -----FOLDERS------------- if (($filetype == "dir" || $filetype == "link") && strpos($nogo, "[{$file}]") === false && strpos($file, $staticsync_alternatives_suffix) === false) { # Get current version direcotries. if (preg_match("/[0-9]{2}-[0-9]{2}-[0-9]{4}\$/", $file)) { if (!in_array($file, $version_dir)) { array_push($version_dir, $file); } if (preg_match('/in_progress*/', $file)) { echo "The Barcode is still being processed." . PHP_EOL; continue; } } # Recurse ProcessFolder($folder . "/" . $file, $version_dir, $resource_array, $resource_error); } $psd_files = array(); if (preg_match('/images/', $fullpath)) { $path_array = explode('/', $fullpath); $psd_array = array_splice($path_array, 0, array_search('images', $path_array)); $psd_path = implode('/', $psd_array) . '/psd/'; $psd_files = array_diff(scandir($psd_path), array('..', '.')); foreach ($psd_files as $index => $psd_file) { $psd_files[$index] = pathinfo($psd_file, PATHINFO_FILENAME); } } # -------FILES--------------- if ($filetype == "file" && substr($file, 0, 1) != "." && strtolower($file) != "thumbs.db") { /* Below Code Adapted from CMay's bug report */ global $banned_extensions; # Check to see if extension is banned, do not add if it is banned if (array_search($extension, $banned_extensions)) { continue; } /* Above Code Adapted from CMay's bug report */ $count++; if ($count > $staticsync_max_files) { return true; } $last_sync_date = sql_value("select value from sysvars where name = 'last_sync'", ""); $file_creation_date = date("Y-m-d H:i:s", filectime($fullpath)); if (isset($last_sync_date) && $last_sync_date > $file_creation_date) { echo "No new file found.." . PHP_EOL; continue; } # Already exists? if (!isset($done[$shortpath])) { echo "Processing file: {$fullpath}" . PHP_EOL; if ($collection == 0 && $staticsync_autotheme) { # Make a new collection for this folder. $e = explode("/", $shortpath); $theme = ucwords($e[0]); $themesql = "theme='" . ucwords(escape_check($e[0])) . "'"; $themecolumns = "theme"; $themevalues = "'" . ucwords(escape_check($e[0])) . "'"; if ($staticsync_folder_structure) { for ($x = 0; $x < count($e) - 1; $x++) { if ($x != 0) { $themeindex = $x + 1; if ($themeindex > $theme_category_levels) { $theme_category_levels = $themeindex; if ($x == count($e) - 2) { echo PHP_EOL . PHP_EOL . "UPDATE THEME_CATEGORY_LEVELS TO {$themeindex} IN CONFIG!!!!" . PHP_EOL . PHP_EOL; } } $th_name = ucwords(escape_check($e[$x])); $themesql .= " AND theme{$themeindex} = '{$th_name}'"; $themevalues .= ",'{$th_name}'"; $themecolumns .= ",theme{$themeindex}"; } } } $name = count($e) == 1 ? '' : $e[count($e) - 2]; echo "Collection {$name}, theme={$theme}" . PHP_EOL; $ul_username = $theme; $escaped_name = escape_check($name); $collection = sql_value("SELECT ref value FROM collection WHERE name='{$escaped_name}' AND {$themesql}", 0); if ($collection == 0) { sql_query("INSERT INTO collection (name,created,public,{$themecolumns},allow_changes)\n VALUES ('{$escaped_name}', NOW(), 1, {$themevalues}, 0)"); $collection = sql_insert_id(); } } # Work out a resource type based on the extension. $type = $staticsync_extension_mapping_default; reset($staticsync_extension_mapping); foreach ($staticsync_extension_mapping as $rt => $extensions) { if (in_array($extension, $extensions)) { $type = $rt; } } $modified_type = hook('modify_type', 'staticsync', array($type)); if (is_numeric($modified_type)) { $type = $modified_type; } # Formulate a title if ($staticsync_title_includes_path) { $title_find = array('/', '_', ".{$extension}"); $title_repl = array(' - ', ' ', ''); $title = ucfirst(str_ireplace($title_find, $title_repl, $shortpath)); } else { $title = str_ireplace(".{$extension}", '', $file); } $modified_title = hook('modify_title', 'staticsync', array($title)); if ($modified_title !== false) { $title = $modified_title; } # Import this file #$r = import_resource($shortpath, $type, $title, $staticsync_ingest); #Check for file name containing the psd. if (!empty($psd_files)) { $image_file_array = explode('/', $fullpath); $image_file = $image_file_array[count($image_file_array) - 1]; $image_psd_name = explode('_', $image_file)[0]; if (array_search($image_psd_name, $psd_files)) { #Image name is in right format. if (!validate_image_size($fullpath, $image_required_height)) { $resource_error['size'][$file] = $fullpath; } $r = import_resource($fullpath, $type, $title, $staticsync_ingest); sql_query("INSERT INTO resource_data (resource,resource_type_field,value)\n VALUES ('{$r}', (SELECT ref FROM resource_type_field WHERE name = 'logical_id'), '{$image_psd_name}')"); $original_filepath = sql_query("SELECT value FROM resource_data WHERE resource = '{$r}' AND\n resource_type_field = (SELECT ref FROM resource_type_field where name = 'original_filepath')"); if (isset($original_filepath)) { sql_query("INSERT INTO resource_data (resource,resource_type_field,value)\n VALUES ('{$r}',(SELECT ref FROM resource_type_field WHERE name = 'original_filepath'), '{$fullpath}')"); } } else { echo "Filename '{$fullpath}' is not in right format.." . PHP_EOL; $resource_error['name'][$file] = $fullpath; continue; } } elseif (word_in_string($exclude_resize, explode('/', $fullpath))) { $r = import_resource($fullpath, $type, $title, $staticsync_ingest); } if ($r !== false) { array_push($resource_array, $r); # Create current version for resource. #print_r($version_dir); if (count($version_dir) == 1) { sql_query("INSERT into resource_data (resource,resource_type_field,value)\n VALUES ('{$r}',(SELECT ref FROM resource_type_field WHERE name = 'current'), 'TRUE')"); } $sync_status = sync_to_s3($syncdir, $sync_bucket, $aws_key, $aws_secret_key); if (!$sync_status) { echo "Failed to sync"; } # Add to mapped category tree (if configured) if (isset($staticsync_mapped_category_tree)) { $basepath = ''; # Save tree position to category tree field # For each node level, expand it back to the root so the full path is stored. for ($n = 0; $n < count($path_parts); $n++) { if ($basepath != '') { $basepath .= "~"; } $basepath .= $path_parts[$n]; $path_parts[$n] = $basepath; } update_field($r, $staticsync_mapped_category_tree, "," . join(",", $path_parts)); } #This is an override to add user data to the resouces if (!isset($userref)) { $ul_username = ucfirst(strtolower($ul_username)); $current_user_ref = sql_query("Select ref from user where username = '******' "); if (!empty($current_user_ref)) { $current_user_ref = $current_user_ref[0]['ref']; sql_query("UPDATE resource SET created_by='{$current_user_ref}' where ref = {$r}"); } } # default access level. This may be overridden by metadata mapping. $accessval = 0; # StaticSync path / metadata mapping # Extract metadata from the file path as per $staticsync_mapfolders in config.php if (isset($staticsync_mapfolders)) { foreach ($staticsync_mapfolders as $mapfolder) { $match = $mapfolder["match"]; $field = $mapfolder["field"]; $level = $mapfolder["level"]; if (strpos("/" . $shortpath, $match) !== false) { # Match. Extract metadata. $path_parts = explode("/", $shortpath); if ($level < count($path_parts)) { // special cases first. if ($field == 'access') { # access level is a special case # first determine if the value matches a defined access level $value = $path_parts[$level - 1]; for ($n = 0; $n < 3; $n++) { # if we get an exact match or a match except for case if ($value == $lang["access" . $n] || strtoupper($value) == strtoupper($lang['access' . $n])) { $accessval = $n; echo "Will set access level to " . $lang['access' . $n] . " ({$n})" . PHP_EOL; } } } else { if ($field == 'archive') { # archive level is a special case # first determin if the value matches a defined archive level $value = $mapfolder["archive"]; $archive_array = array_merge(array(-2, -1, 0, 1, 2, 3), $additional_archive_states); if (in_array($value, $archive_array)) { $archiveval = $value; echo "Will set archive level to " . $lang['status' . $value] . " ({$archiveval})" . PHP_EOL; } } else { # Save the value #print_r($path_parts); $value = $path_parts[$level - 1]; if ($staticsync_extension_mapping_append_values) { $given_value = $value; // append the values if possible...not used on dropdown, date, categroy tree, datetime, or radio buttons $field_info = get_resource_type_field($field); if (in_array($field['type'], array(0, 1, 2, 4, 5, 6, 7, 8))) { $old_value = sql_value("select value value from resource_data where resource={$r} and resource_type_field={$field}", ""); $value = append_field_value($field_info, $value, $old_value); } } update_field($r, $field, trim($value)); if (strtotime(trim($value))) { add_keyword_mappings($r, trim($value), $field, false, true); } else { add_keyword_mappings($r, trim($value), $field); } if ($staticsync_extension_mapping_append_values) { $value = $given_value; } echo " - Extracted metadata from path: {$value}" . PHP_EOL; } } } } } } #Resize only original images. if (!word_in_string($exclude_resize, explode('/', $fullpath))) { echo "Creating preview.."; create_previews($r, false, $extension, false, false, -1, false, $staticsync_ingest); } # update access level sql_query("UPDATE resource SET access = '{$accessval}',archive='{$staticsync_defaultstate}' WHERE ref = '{$r}'"); # Add any alternative files $altpath = $fullpath . $staticsync_alternatives_suffix; if ($staticsync_ingest && file_exists($altpath)) { $adh = opendir($altpath); while (($altfile = readdir($adh)) !== false) { $filetype = filetype($altpath . "/" . $altfile); if ($filetype == "file" && substr($file, 0, 1) != "." && strtolower($file) != "thumbs.db") { # Create alternative file # Find extension $ext = explode(".", $altfile); $ext = $ext[count($ext) - 1]; $description = str_replace("?", strtoupper($ext), $lang["originalfileoftype"]); $file_size = filesize_unlimited($altpath . "/" . $altfile); $aref = add_alternative_file($r, $altfile, $description, $altfile, $ext, $file_size); $path = get_resource_path($r, true, '', true, $ext, -1, 1, false, '', $aref); rename($altpath . "/" . $altfile, $path); # Move alternative file } } } # Add to collection if ($staticsync_autotheme) { $test = ''; $test = sql_query("SELECT * FROM collection_resource WHERE collection='{$collection}' AND resource='{$r}'"); if (count($test) == 0) { sql_query("INSERT INTO collection_resource (collection, resource, date_added)\n VALUES ('{$collection}', '{$r}', NOW())"); } } } else { # Import failed - file still being uploaded? echo " *** Skipping file - it was not possible to move the file (still being imported/uploaded?)" . PHP_EOL; } } else { # check modified date and update previews if necessary $filemod = filemtime($fullpath); if (array_key_exists($shortpath, $modtimes) && $filemod > strtotime($modtimes[$shortpath])) { # File has been modified since we last created previews. Create again. $rd = sql_query("SELECT ref, has_image, file_modified, file_extension FROM resource\n WHERE file_path='" . escape_check($shortpath) . "'"); if (count($rd) > 0) { $rd = $rd[0]; $rref = $rd["ref"]; echo "Resource {$rref} has changed, regenerating previews: {$fullpath}" . PHP_EOL; extract_exif_comment($rref, $rd["file_extension"]); # extract text from documents (e.g. PDF, DOC). global $extracted_text_field; if (isset($extracted_text_field)) { if (isset($unoconv_path) && in_array($extension, $unoconv_extensions)) { // omit, since the unoconv process will do it during preview creation below } else { extract_text($rref, $extension); } } # Store original filename in field, if set global $filename_field; if (isset($filename_field)) { update_field($rref, $filename_field, $file); } create_previews($rref, false, $rd["file_extension"], false, false, -1, false, $staticsync_ingest); sql_query("UPDATE resource SET file_modified=NOW() WHERE ref='{$rref}'"); } } } } } }
function delete_resource_custom_access_usergroups($ref) { # delete all usergroup specific access to resource $ref sql_query("delete from resource_custom_access where resource='" . escape_check($ref) . "' and usergroup is not null"); }
function populate_metadata_from_dump($id, $meta) { global $fields_title, $fields_embeddedequiv, $fields_type, $optionlists; // read in the metadata file and dump it into the right places in the database $metadump = file_get_contents($meta); // lazy solution: the resourcespace XML namespace is not formally defined // and thus the docs will not validate. For now we're just going to do some // regex magic to get rid of the namespaces alltogether. Fixme - would be // nice to make the metadump files validate $metadump = preg_replace('/([<\\/])([a-z0-9]+):/i', '$1$2', $metadump); $metadump = preg_replace('/(resourcespace):(resourceid="\\d+">)/i', '$1$2', $metadump); # Fix an issue whereby the resourcespace namespace is not defined. Add a fake namespace to the header. $metadump = str_replace("xmlns:dc", "xmlns:resourcespace='http://www.resourcespace.org' xmlns:dc", $metadump); $metadump = stripInvalidXml($metadump); //echo $metadump; $xml = new SimpleXMLElement($metadump); //print_r($xml); //echo "\n field ref for title is " . $xml->dctitle['rsfieldref'] . "\n"; foreach ($xml as $fieldxml) { if ($fieldxml == '') { continue; } $value = $fieldxml; $rsfieldtitle = $fieldxml['rsfieldtitle']; $rsembeddedequiv = $fieldxml['rsembeddedequiv']; $rsfieldref = $fieldxml['rsfieldref']; $rsfieldtype = $fieldxml['rsfieldtype']; echo "\n==========\n"; echo " rsfieldtitle: {$rsfieldtitle}\n"; echo " rsembeddedequiv: {$rsembeddedequiv}\n"; echo " rsfieldref: {$rsfieldref}\n"; echo " rsfieldtype: {$rsfieldtype}\n"; echo " value: {$value}\n"; $rsfieldtitle = escape_check($rsfieldtitle); $newid = sql_value("select ref value from resource_type_field where title = '{$rsfieldtitle}' and type = '{$rsfieldtype}'", 0); if ($newid > 0) { $finalid = $newid; } else { if ($rsfieldtype == '7') { // category trees are too complicated to construct, so we're going to treat them as text fields for now. $rsfieldtype = '1'; } $sql = "insert into resource_type_field (title,type,name) values ('{$rsfieldtitle}','{$rsfieldtype}','{$rsembeddedequiv}')"; $result = sql_query($sql); $finalid = sql_insert_id(); } if ($rsfieldtype == 2 || $rsfieldtype == 3) { if (!isset($optionlists[$finalid])) { $optionlists[$finalid] = array(); } if (!in_array($value, $optionlists[$finalid])) { $optionlists[$finalid][] = $value; } } $fields_title["{$rsfieldref}"] = $rsfieldtitle; $fields_embeddedequiv["{$rsfieldref}"] = $rsembeddedequiv; $fields_type["{$rsfieldref}"] = $rsfieldtype; $value = escape_check($value); $sql = "insert into resource_data (resource, resource_type_field, value) values ('{$id}','{$rsfieldref}','{$value}')"; sql_query($sql); } }
function pagename() { $name = safe_file_name(getvalescaped('pagename', '')); if (!empty($name)) { return $name; } $url = str_replace("\\", "/", $_SERVER["PHP_SELF"]); // To work with Windows command line scripts $urlparts = explode("/", $url); $url = $urlparts[count($urlparts) - 1]; return escape_check($url); }
function collection_set_themes($collection, $themearr) { // add theme categories to this collection if (is_numeric($collection) && is_array($themearr)) { global $theme_category_levels; $clause = ''; for ($i = 0; $i < $theme_category_levels; $i++) { if ($i == 0) { $column = 'theme'; } else { $column = "theme" . ($i + 1); } if (isset($themearr[$i])) { if (strlen($clause) > 0) { $clause .= ", "; } $clause .= " {$column} = '" . escape_check($themearr[$i]) . "' "; } } if (strlen($clause) > 0) { $sql = "update collection set {$clause} where ref = '{$collection}'"; sql_query($sql); return true; } else { return false; } } else { return false; } }
function get_resource_files($ref,$includeorphan=false){ // returns array of all files associated with a resource // if $includeorphan set to true, will also return all files in the // resource dir even if the system doesn't understand why they're there. $filearray = array(); $file_checklist = array(); global $config_windows; if ($config_windows){ $sep = "\\"; } else { $sep = "/"; } $sizearray = sql_array("select id value from preview_size",false); $original_ext = sql_value("select file_extension value from resource where ref = '".escape_check($ref)."'",''); $rootpath=dirname(get_resource_path($ref,true,"pre",true)); // get listing of all files in resource dir to compare mark off as we find them if (is_dir($rootpath)) { if ($dh = opendir($rootpath)) { while (($file = readdir($dh)) !== false) { if (!($file == '.' || $file == '..')){ $file_checklist[$rootpath.$sep.$file] = 1; } } closedir($dh); } } // first get the resource itself $original = get_resource_path($ref,true,'',false,$original_ext); if (file_exists($original)){ array_push($filearray,$original); unset($file_checklist[$original]); } // in some cases, the system also generates a jpeg equivalent of the original, so check for that $original = get_resource_path($ref,true,'',false,'jpg'); if (file_exists($original)){ array_push($filearray,$original); unset($file_checklist[$original]); } // in some cases, the system also generates an mp3 equivalent of the original, so check for that $original = get_resource_path($ref,true,'',false,'mp3'); if (file_exists($original)){ array_push($filearray,$original); unset($file_checklist[$original]); } // in some cases, the system also generates an extracted icc profile, so check for that $original = get_resource_path($ref,true,'',false,'icc'); if (file_exists($original)){ array_push($filearray,$original); unset($file_checklist[$original]); } # check for pages $page = 1; $misscount = 0; // just to be safe, we'll try at least 4 pages ahead to make sure none got skipped while($misscount < 4){ $thepath = get_resource_path($ref,true,"scr",false,'jpg',-1,$page,"","",""); if (file_exists($thepath)){ array_push($filearray,$thepath); unset($file_checklist[$thepath]); $page++; } else { $misscount++; $page++; } } // now look for other sizes foreach($sizearray as $size){ $thepath = get_resource_path($ref,true,$size,false,'jpg'); if (file_exists($thepath)){ array_push($filearray,$thepath); unset($file_checklist[$thepath]); } } // get alternative files $altfiles = get_alternative_files($ref); foreach($altfiles as $altfile){ // first get original $alt_ext = sql_value("select file_extension value from resource_alt_files where ref = '" . $altfile['ref'] . "'",''); $thepath = get_resource_path($ref,true,'',false,$alt_ext,-1,1,false,"",$altfile["ref"]); if (file_exists($thepath)){ array_push($filearray,$thepath); unset($file_checklist[$thepath]); } // now check for previews foreach($sizearray as $size){ $thepath = get_resource_path($ref,true,$size,false,"jpg",-1,1,false,"",$altfile["ref"]); if (file_exists($thepath)){ array_push($filearray,$thepath); unset($file_checklist[$thepath]); } } # check for pages $page = 1; while($page <> 0){ $thepath = get_resource_path($ref,true,"scr",false,'jpg',-1,$page,"","",$altfile['ref']); if (file_exists($thepath)){ array_push($filearray,$thepath); unset($file_checklist[$thepath]); $page++; } else { $page = 0; } } // in some cases, the system also generates a jpeg equivalent of the original, so check for that $original = get_resource_path($ref,true,'',false,'jpg',-1,1,'','',$altfile['ref']); if (file_exists($original)){ array_push($filearray,$original); unset($file_checklist[$original]); } // in some cases, the system also generates a mp3 equivalent of the original, so check for that $original = get_resource_path($ref,true,'',false,'mp3',-1,1,'','',$altfile['ref']); if (file_exists($original)){ array_push($filearray,$original); unset($file_checklist[$original]); } // in some cases, the system also generates an extracted icc profile, so check for that $original = get_resource_path($ref,true,'',false,'icc',-1,1,'','',$altfile['ref']); if (file_exists($original)){ array_push($filearray,$original); unset($file_checklist[$original]); } } // check for metadump $thefile="$rootpath/metadump.xml"; if (file_exists($thefile)){ array_push($filearray,$thefile); unset($file_checklist[$thefile]); } // check for ffmpeg previews global $ffmpeg_preview_extension; $flvfile=get_resource_path($ref,true,"pre",false,$ffmpeg_preview_extension); if (file_exists($flvfile)){ array_push($filearray,$flvfile); unset($file_checklist[$flvfile]); } if (count($file_checklist)>0){ foreach (array_keys($file_checklist) as $thefile){ error_log("ResourceSpace: Orphaned file, resource $ref: $thefile"); if ($includeorphan) { array_push($filearray,$thefile); } } } return array_unique($filearray); }
function empty_user_dash($user, $purge = true) { $usertiles = sql_query("SELECT dash_tile FROM user_dash_tile WHERE user_dash_tile.user='******'"); sql_query("DELETE FROM user_dash_tile WHERE user='******'"); if ($purge) { foreach ($usertiles as $tile) { $existing = sql_query("SELECT count(*) as 'count' FROM user_dash_tile WHERE dash_tile='" . $tile["dash_tile"] . "'"); if ($existing[0]["count"] < 1) { delete_dash_tile($tile["dash_tile"]); } } } }
# Store original filename in field, if set global $filename_field; if (isset($filename_field)) { $wait = update_field($ref, $filename_field, $_FILES['userfile']['name']); } // extract metadata $wait = extract_exif_comment($ref, $extension); $resource = get_resource_data($ref); //create previews if ($camera_autorotation) { AutoRotateImage($filepath); } $wait = create_previews($ref, false, $extension); // add resource to collection if ($collection != "") { $collection_exists = sql_value("select name value from collection where ref='" . escape_check($collection) . "'", ""); if ($collection_exists != "") { if (!add_resource_to_collection($ref, $collection)) { header("HTTP/1.0 403 Forbidden."); echo "HTTP/1.0 403 Forbidden. Collection is not writable by this user.\n"; exit; } } else { header("HTTP/1.0 403 Forbidden."); echo "HTTP/1.0 403 Forbidden. Collection does not exist.\n"; exit; } } // make sure non-required fields get written. Note this behavior is somewhat different than in the system since these override extracted data reset($_POST); reset($_GET);
function generate_session_hash($password_hash) { # Generates a unique session hash global $randomised_session_hash, $scramble_key; if ($randomised_session_hash) { # Completely randomised session hashes. May be more secure, but allows only one user at a time. while (true) { $session = md5(rand() . microtime()); if (sql_value("select count(*) value from user where session='" . escape_check($session) . "'", 0) == 0) { return $session; } # Return a unique hash only. } } else { # Session hash is based on the password hash and the date, so there is one new session hash each day. Allows two users to use the same login. $suffix = ""; while (true) { $session = md5($scramble_key . $password_hash . date("Ymd") . $suffix); if (sql_value("select count(*) value from user where session='" . escape_check($session) . "' and password<>'" . escape_check($password_hash) . "'", 0) == 0) { return $session; } # Return a unique hash only. $suffix .= "."; # Extremely unlikely case that this was not a unique session (hash collision) - alter the string slightly and try again. } } }
unlink($apathtmp); } } if (file_exists($apath)) { # Update the database with the new file details. $file_size = filesize_unlimited($apath); # SQL Connection may have hit a timeout sql_connect(); sql_query("update resource_alt_files set file_name='" . escape_check($ffmpeg_alternatives[$n]["filename"] . "." . $ffmpeg_alternatives[$n]["extension"]) . "',file_extension='" . escape_check($ffmpeg_alternatives[$n]["extension"]) . "',file_size='" . $file_size . "',creation_date=now() where ref='{$aref}'"); // add this filename to be added to resource.ffmpeg_alt_previews if (isset($ffmpeg_alternatives[$n]['alt_preview']) && $ffmpeg_alternatives[$n]['alt_preview'] == true) { $ffmpeg_alt_previews[] = basename($apath); } } } /*// update the resource table with any ffmpeg_alt_previews if (count($ffmpeg_alt_previews)>0){ $ffmpeg_alternative_previews=implode(",",$ffmpeg_alt_previews); sql_query("update resource set ffmpeg_alt_previews='".escape_check($ffmpeg_alternative_previews)."' where ref='$ref'"); } */ } } if (RUNNING_ASYNC) { # SQL Connection may have hit a timeout sql_connect(); sql_query("UPDATE resource SET is_transcoding = 0 WHERE ref = '" . escape_check($ref) . "'"); if ($previewonly) { unlink($file); } }
/** * Performs the login using the global $username, and $password. Since the "externalauth" hook * is allowed to change the credentials later on, the $password_hash needs to be global as well. * * @return array Containing the login details ('valid' determines whether or not the login succeeded). */ function perform_login() { global $api, $scramble_key, $enable_remote_apis, $lang, $max_login_attempts_wait_minutes, $max_login_attempts_per_ip, $max_login_attempts_per_username, $global_cookies, $username, $password, $password_hash; if (!$api && strlen($password) == 32 && getval("userkey", "") != md5($username . $scramble_key)) { exit("Invalid password."); # Prevent MD5s being entered directly while still supporting direct entry of plain text passwords (for systems that were set up prior to MD5 password encryption was added). If a special key is sent, which is the md5 hash of the username and the secret scramble key, then allow a login using the MD5 password hash as the password. This is for the 'log in as this user' feature. } if (strlen($password) != 32) { # Provided password is not a hash, so generate a hash. $password_hash = md5("RS" . $username . $password); } else { $password_hash = $password; } $ip = get_ip(); # This may change the $username, $password, and $password_hash hook("externalauth", "", array($username, $password)); #Attempt external auth if configured $session_hash = md5($password_hash . $username . $password . date("Y-m-d")); if ($enable_remote_apis) { $session_hash = md5($password_hash . $username . date("Y-m-d")); } // no longer necessary to omit password in this hash for api support $valid = sql_query("select ref,usergroup from user where lower(username)='" . escape_check($username) . "' and (password='******' or password='******')"); # Prepare result array $result = array(); $result['valid'] = false; if (count($valid) >= 1) { # Account expiry $expires = sql_value("select account_expires value from user where username='******' and password='******'", ""); if ($expires != "" && $expires != "0000-00-00 00:00:00" && strtotime($expires) <= time()) { $result['error'] = $lang["accountexpired"]; return $result; } $result['valid'] = true; $result['session_hash'] = $session_hash; $result['password_hash'] = $password_hash; # Update the user record. Set the password hash again in case a plain text password was provided. sql_query("update user set password='******',session='" . escape_check($session_hash) . "',last_active=now(),login_tries=0,lang='" . getvalescaped("language", "") . "' where lower(username)='" . escape_check($username) . "' and (password='******' or password='******')"); # Log this $userref = $valid[0]["ref"]; $usergroup = $valid[0]["usergroup"]; daily_stat("User session", $userref); sql_query("insert into resource_log(date,user,resource,type) values (now()," . ($userref != "" ? "'{$userref}'" : "null") . ",0,'l')"); # Blank the IP address lockout counter for this IP sql_query("delete from ip_lockout where ip='" . escape_check($ip) . "'"); return $result; } # Invalid login $result['error'] = $lang["loginincorrect"]; hook("loginincorrect"); # Add / increment a lockout value for this IP $lockouts = sql_value("select count(*) value from ip_lockout where ip='" . escape_check($ip) . "' and tries<'" . $max_login_attempts_per_ip . "'", ""); if ($lockouts > 0) { # Existing row with room to move $tries = sql_value("select tries value from ip_lockout where ip='" . escape_check($ip) . "'", 0); $tries++; if ($tries == $max_login_attempts_per_ip) { # Show locked out message. $result['error'] = str_replace("?", $max_login_attempts_wait_minutes, $lang["max_login_attempts_exceeded"]); } # Increment sql_query("update ip_lockout set last_try=now(),tries=tries+1 where ip='" . escape_check($ip) . "'"); } else { # New row sql_query("delete from ip_lockout where ip='" . escape_check($ip) . "'"); sql_query("insert into ip_lockout (ip,tries,last_try) values ('" . escape_check($ip) . "',1,now())"); } # Increment a lockout value for any matching username. $ulocks = sql_query("select ref,login_tries,login_last_try from user where username='******'"); if (count($ulocks) > 0) { $tries = $ulocks[0]["login_tries"]; if ($tries == "") { $tries = 1; } else { $tries++; } if ($tries > $max_login_attempts_per_username) { $tries = 1; } if ($tries == $max_login_attempts_per_username) { # Show locked out message. $result['error'] = str_replace("?", $max_login_attempts_wait_minutes, $lang["max_login_attempts_exceeded"]); } sql_query("update user set login_tries='{$tries}',login_last_try=now() where username='******'"); } return $result; }
function managed_collection_request($ref,$details,$ref_is_resource=false) { # Request mode 1 # Managed via the administrative interface # An e-mail is still sent. global $applicationname,$email_from,$baseurl,$email_notify,$username,$useremail,$userref,$lang,$request_senduserupdates; # Has a resource reference (instead of a collection reference) been passed? # Manage requests only work with collections. Create a collection containing only this resource. if ($ref_is_resource) { $c=create_collection($userref,$lang["request"] . " " . date("ymdHis")); add_resource_to_collection($ref,$c); $ref=$c; # Proceed as normal } # Fomulate e-mail text $message=""; reset ($_POST); foreach ($_POST as $key=>$value) { if (strpos($key,"_label")!==false) { # Add custom field $setting=trim($_POST[str_replace("_label","",$key)]); if ($setting!="") { $message.=$value . ": " . $setting . "\n\n"; } } } if (trim($details)!="") {$message.=$lang["requestreason"] . ": " . newlines($details) . "\n\n";} else {return false;} # Add custom fields $c=""; global $custom_request_fields,$custom_request_required; if (isset($custom_request_fields)) { $custom=explode(",",$custom_request_fields); # Required fields? if (isset($custom_request_required)) {$required=explode(",",$custom_request_required);} for ($n=0;$n<count($custom);$n++) { if (isset($required) && in_array($custom[$n],$required) && getval("custom" . $n,"")=="") { return false; # Required field was not set. } $message.=i18n_get_translated($custom[$n]) . ": " . getval("custom" . $n,"") . "\n\n"; } } # Create the request sql_query("insert into request(user,collection,created,request_mode,status,comments) values ('$userref','$ref',now(),1,0,'" . escape_check($message) . "')"); $request=sql_insert_id(); # Send the e-mail $userconfirmmessage = $lang["requestsenttext"]; $message=$lang["username"] . ": " . $username . "\n" . $message; $message.=$lang["viewrequesturl"] . ":\n$baseurl/?q=$request"; send_mail($email_notify,$applicationname . ": " . $lang["requestcollection"] . " - $ref",$message,$useremail); if ($request_senduserupdates){send_mail($useremail,$applicationname . ": " . $lang["requestsent"] . " - $ref",$userconfirmmessage,$email_from);} # Increment the request counter sql_query("update resource set request_count=request_count+1 where ref='$ref'"); return true; }