/** * Triggered on loc_begin_index * * Perform user logout after registration if account locked and redirection to profile page is password renewal is set */ function PP_Init() { global $conf, $user; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $conf_PP = unserialize($conf['PasswordPolicy']); // Perfoming redirection for locked accounts // ----------------------------------------- if (!is_a_guest() and $user['username'] != "16" and $user['username'] != "18") { // Perform user logout if user account is locked if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true' and PP_UsrBlock_Verif($user['username']) and !is_admin() and !is_webmaster()) { invalidate_user_cache(); logout_user(); if ($conf['guest_access']) { redirect(make_index_url() . '?PP_msg=locked', 0); } else { redirect(get_root_url() . 'identification.php?PP_msg=locked', 0); } } } // Performing redirection to profile page for password reset // --------------------------------------------------------- if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') { $query = ' SELECT user_id, status FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $user['id'] . ' ;'; $data = pwg_db_fetch_assoc(pwg_query($query)); if ($data['status'] != "webmaster" and $data['status'] != "generic") { if (PP_check_pwdreset($user['id'])) { redirect(PHPWG_ROOT_PATH . 'profile.php'); } } } }
function gb_index() { global $template, $page, $conf; if (isset($page['section']) and $page['section'] == 'guestbook') { if (is_a_guest() && !$conf['guestbook']['guest_can_view']) { access_denied(); } include GUESTBOOK_PATH . '/include/guestbook.inc.php'; } }
/** * Triggered on loc_begin_index * * Initiating GhostTracker - Perform user logout after registration if not validated */ function UAM_Init() { global $conf, $user; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $conf_UAM = unserialize($conf['UserAdvManager']); // Admins, Guests and Adult_Content users are not tracked for Ghost Tracker or Users Tracker // ----------------------------------------------------------------------------------------- if (!is_admin() and !is_a_guest() and $user['username'] != "16" and $user['username'] != "18") { if (isset($conf_UAM['GHOSTRACKER']) and $conf_UAM['GHOSTRACKER'] == 'true' or isset($conf_UAM['ADDLASTVISIT']) and $conf_UAM['ADDLASTVISIT'] == 'true') { $userid = get_userid($user['username']); // Looking for existing entry in last visit table // ---------------------------------------------- $query = ' SELECT * FROM ' . USER_LASTVISIT_TABLE . ' WHERE user_id = ' . $userid . ' ;'; $count = pwg_db_num_rows(pwg_query($query)); if ($count == 0) { // If not, data are inserted in table // ---------------------------------- $query = ' INSERT INTO ' . USER_LASTVISIT_TABLE . ' (user_id, lastvisit, reminder) VALUES (' . $userid . ', now(), "false") ;'; pwg_query($query); } else { if ($count > 0) { // If yes, data are updated in table // --------------------------------- $query = ' UPDATE ' . USER_LASTVISIT_TABLE . ' SET lastvisit = now(), reminder = "false" WHERE user_id = ' . $userid . ' LIMIT 1 ;'; pwg_query($query); } } } // Perform user logout after registration if not validated if (isset($conf_UAM['CONFIRM_MAIL']) and ($conf_UAM['CONFIRM_MAIL'] == 'true' or $conf_UAM['CONFIRM_MAIL'] == 'local') and (isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'true') and !UAM_UsrReg_Verif($user['id']) and !is_admin() and !is_webmaster()) { invalidate_user_cache(); logout_user(); if ($conf['guest_access']) { redirect(make_index_url() . '?UAM_msg=rejected', 0); } else { redirect(get_root_url() . 'identification.php?UAM_msg=rejected', 0); } } } }
/** * Check comment rules set in plugin before accepting it * * @param : comment action, comment * * @return : comment action * */ function CM_CheckComment($comment_action, $comm) { global $page, $conf, $user, $template; load_language('plugin.lang', CM_PATH); $conf_CM = unserialize($conf['CommentsManager']); if ($conf['comments_forall']) { // Does not allow empty author name on comments for all if (isset($conf_CM['CM_No_Comment_Anonymous']) and $conf_CM['CM_No_Comment_Anonymous'] == 'true' and $comm['author'] == 'guest') { $comment_action = 'reject'; array_push($page['errors'], l10n('CM_Not_Allowed_Author')); } if (isset($conf_CM['CM_GROUPVALID2']) and $conf_CM['CM_GROUPVALID2'] == 'true' and !is_a_guest() and $conf['comments_validation']) { if (CM_CheckValidGroup($comm['author']) or is_admin()) { $comment_action = 'validate'; // Comment is validated if author is not in the validated group } else { $comment_action = 'moderate'; // Comment needs moderation if author is not in the validated group } } } // Rules on comments NOT for all if (!$conf['comments_forall'] and !is_admin()) { if (isset($conf_CM['CM_GROUPCOMM']) and $conf_CM['CM_GROUPCOMM'] == 'true' and (isset($conf_CM['CM_GROUPVALID1']) and $conf_CM['CM_GROUPVALID1'] == 'false') and !CM_CheckAuthor($comm['author'])) { $comment_action = 'reject'; // Comment rejected if author is not in the allowed group array_push($page['errors'], l10n('CM_Not_Allowed_Author')); } elseif (isset($conf_CM['CM_GROUPCOMM']) and $conf_CM['CM_GROUPCOMM'] == 'false' and (isset($conf_CM['CM_GROUPVALID1']) and $conf_CM['CM_GROUPVALID1'] == 'true') and $conf['comments_validation']) { if (CM_CheckValidGroup($comm['author']) and $conf['comments_validation']) { $comment_action = 'validate'; // Comment is validated if author is not in the validated group } else { $comment_action = 'moderate'; // Comment needs moderation if author is not in the validated group } } elseif (isset($conf_CM['CM_GROUPCOMM']) and $conf_CM['CM_GROUPCOMM'] == 'true' and (isset($conf_CM['CM_GROUPVALID1']) and $conf_CM['CM_GROUPVALID1'] == 'true') and $conf['comments_validation']) { if (!CM_CheckAuthor($comm['author'])) { $comment_action = 'reject'; // Comment rejected if author is not in the allowed group array_push($page['errors'], l10n('CM_Not_Allowed_Author')); } elseif (CM_CheckValidGroup($comm['author']) and $conf['comments_validation']) { $comment_action = 'validate'; // Comment is validated if author is not in the validated group } else { $comment_action = 'moderate'; } // Comment needs moderation if author is not in the validated group } } return $comment_action; }
function language_controler_switch() { global $user; $same = $user['language']; if (isset($_GET['lang'])) { include_once PHPWG_ROOT_PATH . 'admin/include/languages.class.php'; $languages = new languages(); if (!in_array($_GET['lang'], array_keys($languages->fs_languages))) { $_GET['lang'] = PHPWG_DEFAULT_LANGUAGE; } if (!empty($_GET['lang']) and file_exists(PHPWG_ROOT_PATH . 'language/' . $_GET['lang'] . '/common.lang.php')) { if (is_a_guest() or is_generic()) { pwg_set_session_var('lang_switch', $_GET['lang']); } else { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET language = \'' . $_GET['lang'] . '\' WHERE user_id = ' . $user['id'] . ' ;'; pwg_query($query); } $user['language'] = $_GET['lang']; } } elseif (is_a_guest() or is_generic()) { $user['language'] = pwg_get_session_var('lang_switch', $user['language']); } // Reload language only if it isn't the same one if ($same !== $user['language']) { load_language('common.lang', '', array('language' => $user['language'])); load_language('lang', PHPWG_ROOT_PATH . PWG_LOCAL_DIR, array('language' => $user['language'], 'no_fallback' => true, 'local' => true)); if (defined('IN_ADMIN') and IN_ADMIN) { // Never currently load_language('admin.lang', '', array('language' => $user['language'])); } } }
/** * Does basic check on comment and returns action to perform. * This method is called by a trigger_change() * * @param string $action before check * @param array $comment * @return string validate, moderate, reject */ function user_comment_check($action, $comment) { global $conf, $user; if ($action == 'reject') { return $action; } $my_action = $conf['comment_spam_reject'] ? 'reject' : 'moderate'; if ($action == $my_action) { return $action; } // we do here only BASIC spam check (plugins can do more) if (!is_a_guest()) { return $action; } $link_count = preg_match_all('/https?:\\/\\//', $comment['content'], $matches); if (strpos($comment['author'], 'http://') !== false) { $link_count++; } if ($link_count > $conf['comment_spam_max_links']) { $_POST['cr'][] = 'links'; return $my_action; } return $action; }
/** * API method * Returns info about the current user * @param mixed[] $params */ function ws_session_getStatus($params, &$service) { global $user, $conf; $res['username'] = is_a_guest() ? 'guest' : stripslashes($user['username']); foreach (array('status', 'theme', 'language') as $k) { $res[$k] = $user[$k]; } $res['pwg_token'] = get_pwg_token(); $res['charset'] = get_pwg_charset(); list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();')); $res['current_datetime'] = $dbnow; $res['version'] = PHPWG_VERSION; if (is_admin()) { $res['upload_file_types'] = implode(',', array_unique(array_map('strtolower', $conf['upload_form_all_types'] ? $conf['file_ext'] : $conf['picture_ext']))); $res['upload_form_chunk_size'] = $conf['upload_form_chunk_size']; } return $res; }
define('PHPWG_URL', 'http://' . PHPWG_DOMAIN); if (isset($conf['alternative_pem_url']) and $conf['alternative_pem_url'] != '') { define('PEM_URL', $conf['alternative_pem_url']); } else { define('PEM_URL', 'http://' . PHPWG_DOMAIN . '/ext'); } // language files load_language('common.lang'); if (is_admin() || (defined('IN_ADMIN') and IN_ADMIN)) { load_language('admin.lang'); } trigger_notify('loading_lang'); load_language('lang', PHPWG_ROOT_PATH . PWG_LOCAL_DIR, array('no_fallback' => true, 'local' => true)); // only now we can set the localized username of the guest user (and not in // include/user.inc.php) if (is_a_guest()) { $user['username'] = l10n('guest'); } // template instance if (defined('IN_ADMIN') and IN_ADMIN) { // Admin template $template = new Template(PHPWG_ROOT_PATH . 'admin/themes', $conf['admin_theme']); } else { // Classic template $theme = $user['theme']; if (script_basename() != 'ws' and mobile_theme()) { $theme = $conf['mobile_theme']; } $template = new Template(PHPWG_ROOT_PATH . 'themes', $theme); } if (!isset($conf['no_photo_yet'])) {
/** * log the visit into history table * * @param int $image_id * @param string $image_type * @return bool */ function pwg_log($image_id = null, $image_type = null) { global $conf, $user, $page; $do_log = $conf['log']; if (is_admin()) { $do_log = $conf['history_admin']; } if (is_a_guest()) { $do_log = $conf['history_guest']; } $do_log = trigger_change('pwg_log_allowed', $do_log, $image_id, $image_type); if (!$do_log) { return false; } $tags_string = null; if ('tags' == @$page['section']) { $tags_string = implode(',', $page['tag_ids']); } $query = ' INSERT INTO ' . HISTORY_TABLE . ' ( date, time, user_id, IP, section, category_id, image_id, image_type, tag_ids ) VALUES ( CURRENT_DATE, CURRENT_TIME, ' . $user['id'] . ', \'' . $_SERVER['REMOTE_ADDR'] . '\', ' . (isset($page['section']) ? "'" . $page['section'] . "'" : 'NULL') . ', ' . (isset($page['category']['id']) ? $page['category']['id'] : 'NULL') . ', ' . (isset($image_id) ? $image_id : 'NULL') . ', ' . (isset($image_type) ? "'" . $image_type . "'" : 'NULL') . ', ' . (isset($tags_string) ? "'" . $tags_string . "'" : 'NULL') . ' ) ;'; pwg_query($query); return true; }
$tpl_comment['IN_EDIT'] = true; $tpl_comment['KEY'] = get_ephemeral_key(2); $tpl_comment['CONTENT'] = $row['content']; $tpl_comment['PWG_TOKEN'] = get_pwg_token(); $tpl_comment['U_CANCEL'] = $url_self; } } if (is_admin()) { if ($row['validated'] != 'true') { $tpl_comment['U_VALIDATE'] = add_url_params($url_self, array('action' => 'validate_comment', 'comment_to_validate' => $row['id'], 'pwg_token' => get_pwg_token())); } } $template->append('comments', $tpl_comment); } } $show_add_comment_form = !is_a_guest() || $conf['guestbook']['guest_can_add']; if (isset($edit_comment)) { $show_add_comment_form = false; } if ($show_add_comment_form) { foreach (array('content', 'author', 'website', 'email') as $el) { ${$el} = ''; if ('reject' === @$comment_action and !empty($comm[$el])) { ${$el} = htmlspecialchars(stripslashes($comm[$el])); } } if (is_classic_user()) { $author = $user['username']; $email = $user['email']; } if (empty($conf['comments_email_mandatory'])) {
/** * event handler that registers standard methods with the web service */ function ws_addDefaultMethods($arr) { global $conf, $user; $service =& $arr[0]; include_once PHPWG_ROOT_PATH . 'include/ws_functions.inc.php'; $ws_functions_root = PHPWG_ROOT_PATH . 'include/ws_functions/'; $f_params = array('f_min_rate' => array('default' => null, 'type' => WS_TYPE_FLOAT), 'f_max_rate' => array('default' => null, 'type' => WS_TYPE_FLOAT), 'f_min_hit' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'f_max_hit' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'f_min_ratio' => array('default' => null, 'type' => WS_TYPE_FLOAT | WS_TYPE_POSITIVE), 'f_max_ratio' => array('default' => null, 'type' => WS_TYPE_FLOAT | WS_TYPE_POSITIVE), 'f_max_level' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'f_min_date_available' => array('default' => null), 'f_max_date_available' => array('default' => null), 'f_min_date_created' => array('default' => null), 'f_max_date_created' => array('default' => null)); $service->addMethod('pwg.getVersion', 'ws_getVersion', null, 'Returns the Piwigo version.', $ws_functions_root . 'pwg.php'); $service->addMethod('pwg.getInfos', 'ws_getInfos', null, 'Returns general informations.', $ws_functions_root . 'pwg.php', array('admin_only' => true)); $service->addMethod('pwg.caddie.add', 'ws_caddie_add', array('image_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID)), 'Adds elements to the caddie. Returns the number of elements added.', $ws_functions_root . 'pwg.php', array('admin_only' => true)); $service->addMethod('pwg.categories.getImages', 'ws_categories_getImages', array_merge(array('cat_id' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'recursive' => array('default' => false, 'type' => WS_TYPE_BOOL), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_images_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => null, 'info' => 'id, file, name, hit, rating_score, date_creation, date_available, random')), $f_params), 'Returns elements for the corresponding categories. <br><b>cat_id</b> can be empty if <b>recursive</b> is true. <br><b>order</b> comma separated fields for sorting', $ws_functions_root . 'pwg.categories.php'); $service->addMethod('pwg.categories.getList', 'ws_categories_getList', array('cat_id' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE, 'info' => 'Parent category. "0" or empty for root.'), 'recursive' => array('default' => false, 'type' => WS_TYPE_BOOL), 'public' => array('default' => false, 'type' => WS_TYPE_BOOL), 'tree_output' => array('default' => false, 'type' => WS_TYPE_BOOL), 'fullname' => array('default' => false, 'type' => WS_TYPE_BOOL)), 'Returns a list of categories.', $ws_functions_root . 'pwg.categories.php'); $service->addMethod('pwg.getMissingDerivatives', 'ws_getMissingDerivatives', array_merge(array('types' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'info' => 'square, thumb, 2small, xsmall, small, medium, large, xlarge, xxlarge'), 'ids' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'max_urls' => array('default' => 200, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'prev_page' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE)), $f_params), 'Returns a list of derivatives to build.', $ws_functions_root . 'pwg.php', array('admin_only' => true)); $service->addMethod('pwg.images.addComment', 'ws_images_addComment', array('image_id' => array('type' => WS_TYPE_ID), 'author' => array('default' => is_a_guest() ? 'guest' : $user['username']), 'content' => array(), 'key' => array()), 'Adds a comment to an image.', $ws_functions_root . 'pwg.images.php', array('post_only' => true)); $service->addMethod('pwg.images.getInfo', 'ws_images_getInfo', array('image_id' => array('type' => WS_TYPE_ID), 'comments_page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'comments_per_page' => array('default' => $conf['nb_comment_page'], 'maxValue' => 2 * $conf['nb_comment_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE)), 'Returns information about an image.', $ws_functions_root . 'pwg.images.php'); $service->addMethod('pwg.images.rate', 'ws_images_rate', array('image_id' => array('type' => WS_TYPE_ID), 'rate' => array('type' => WS_TYPE_FLOAT)), 'Rates an image.', $ws_functions_root . 'pwg.images.php'); $service->addMethod('pwg.images.search', 'ws_images_search', array_merge(array('query' => array(), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_images_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => null, 'info' => 'id, file, name, hit, rating_score, date_creation, date_available, random')), $f_params), 'Returns elements for the corresponding query search.', $ws_functions_root . 'pwg.images.php'); $service->addMethod('pwg.images.setPrivacyLevel', 'ws_images_setPrivacyLevel', array('image_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'level' => array('maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE)), 'Sets the privacy levels for the images.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.images.setRank', 'ws_images_setRank', array('image_id' => array('type' => WS_TYPE_ID), 'category_id' => array('type' => WS_TYPE_ID), 'rank' => array('type' => WS_TYPE_INT | WS_TYPE_POSITIVE | WS_TYPE_NOTNULL)), 'Sets the rank of a photo for a given album.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.rates.delete', 'ws_rates_delete', array('user_id' => array('type' => WS_TYPE_ID), 'anonymous_id' => array('default' => null), 'image_id' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID)), 'Deletes all rates for a user.', $ws_functions_root . 'pwg.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.session.getStatus', 'ws_session_getStatus', null, 'Gets information about the current session. Also provides a token useable with admin methods.', $ws_functions_root . 'pwg.php'); $service->addMethod('pwg.session.login', 'ws_session_login', array('username', 'password'), 'Tries to login the user.', $ws_functions_root . 'pwg.php', array('post_only' => true)); $service->addMethod('pwg.session.logout', 'ws_session_logout', null, 'Ends the current session.', $ws_functions_root . 'pwg.php'); $service->addMethod('pwg.tags.getList', 'ws_tags_getList', array('sort_by_counter' => array('default' => false, 'type' => WS_TYPE_BOOL)), 'Retrieves a list of available tags.', $ws_functions_root . 'pwg.tags.php'); $service->addMethod('pwg.tags.getImages', 'ws_tags_getImages', array_merge(array('tag_id' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'tag_url_name' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY), 'tag_name' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY), 'tag_mode_and' => array('default' => false, 'type' => WS_TYPE_BOOL), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_images_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => null, 'info' => 'id, file, name, hit, rating_score, date_creation, date_available, random')), $f_params), 'Returns elements for the corresponding tags. Fill at least tag_id, tag_url_name or tag_name.', $ws_functions_root . 'pwg.tags.php'); $service->addMethod('pwg.images.addChunk', 'ws_images_add_chunk', array('data' => array(), 'original_sum' => array(), 'type' => array('default' => 'file', 'info' => 'Must be "file", for backward compatiblity "high" and "thumb" are allowed.'), 'position' => array()), 'Add a chunk of a file.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.images.addFile', 'ws_images_addFile', array('image_id' => array('type' => WS_TYPE_ID), 'type' => array('default' => 'file', 'info' => 'Must be "file", for backward compatiblity "high" and "thumb" are allowed.'), 'sum' => array()), 'Add or update a file for an existing photo. <br>pwg.images.addChunk must have been called before (maybe several times).', $ws_functions_root . 'pwg.images.php', array('admin_only' => true)); $service->addMethod('pwg.images.add', 'ws_images_add', array('thumbnail_sum' => array('default' => null), 'high_sum' => array('default' => null), 'original_sum' => array(), 'original_filename' => array('default' => null, 'Provide it if "check_uniqueness" is true and $conf["uniqueness_mode"] is "filename".'), 'name' => array('default' => null), 'author' => array('default' => null), 'date_creation' => array('default' => null), 'comment' => array('default' => null), 'categories' => array('default' => null, 'info' => 'String list "category_id[,rank];category_id[,rank]".<br>The rank is optional and is equivalent to "auto" if not given.'), 'tag_ids' => array('default' => null, 'info' => 'Comma separated ids'), 'level' => array('default' => 0, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'check_uniqueness' => array('default' => true, 'type' => WS_TYPE_BOOL), 'image_id' => array('default' => null, 'type' => WS_TYPE_ID)), 'Add an image. <br>pwg.images.addChunk must have been called before (maybe several times). <br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true)); $service->addMethod('pwg.images.addSimple', 'ws_images_addSimple', array('category' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'name' => array('default' => null), 'author' => array('default' => null), 'comment' => array('default' => null), 'level' => array('default' => 0, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'tags' => array('default' => null, 'flags' => WS_PARAM_ACCEPT_ARRAY), 'image_id' => array('default' => null, 'type' => WS_TYPE_ID)), 'Add an image. <br>Use the <b>$_FILES[image]</b> field for uploading file. <br>Set the form encoding to "form-data". <br>You can update an existing photo if you define an existing image_id.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.images.upload', 'ws_images_upload', array('name' => array('default' => null), 'category' => array('default' => null, 'flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'level' => array('default' => 0, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'pwg_token' => array()), 'Add an image. <br>Use the <b>$_FILES[image]</b> field for uploading file. <br>Set the form encoding to "form-data".', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.images.delete', 'ws_images_delete', array('image_id' => array('flags' => WS_PARAM_ACCEPT_ARRAY), 'pwg_token' => array()), 'Deletes image(s).', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.categories.getAdminList', 'ws_categories_getAdminList', null, 'Get albums list as displayed on admin page.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true)); $service->addMethod('pwg.categories.add', 'ws_categories_add', array('name' => array(), 'parent' => array('default' => null, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'comment' => array('default' => null), 'visible' => array('default' => true, 'type' => WS_TYPE_BOOL), 'status' => array('default' => null, 'info' => 'public, private'), 'commentable' => array('default' => true, 'type' => WS_TYPE_BOOL)), 'Adds an album.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true)); $service->addMethod('pwg.categories.delete', 'ws_categories_delete', array('category_id' => array('flags' => WS_PARAM_ACCEPT_ARRAY), 'photo_deletion_mode' => array('default' => 'delete_orphans'), 'pwg_token' => array()), 'Deletes album(s). <br><b>photo_deletion_mode</b> can be "no_delete" (may create orphan photos), "delete_orphans" (default mode, only deletes photos linked to no other album) or "force_delete" (delete all photos, even those linked to other albums)', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.categories.move', 'ws_categories_move', array('category_id' => array('flags' => WS_PARAM_ACCEPT_ARRAY), 'parent' => array('type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'pwg_token' => array()), 'Move album(s). <br>Set parent as 0 to move to gallery root. Only virtual categories can be moved.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.categories.setRepresentative', 'ws_categories_setRepresentative', array('category_id' => array('type' => WS_TYPE_ID), 'image_id' => array('type' => WS_TYPE_ID)), 'Sets the representative photo for an album. The photo doesn\'t have to belong to the album.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.categories.deleteRepresentative', 'ws_categories_deleteRepresentative', array('category_id' => array('type' => WS_TYPE_ID)), 'Deletes the album thumbnail. Only possible if $conf[\'allow_random_representative\']', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.categories.refreshRepresentative', 'ws_categories_refreshRepresentative', array('category_id' => array('type' => WS_TYPE_ID)), 'Find a new album thumbnail.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.tags.getAdminList', 'ws_tags_getAdminList', null, '<b>Admin only.</b>', $ws_functions_root . 'pwg.tags.php', array('admin_only' => true)); $service->addMethod('pwg.tags.add', 'ws_tags_add', array('name'), 'Adds a new tag.', $ws_functions_root . 'pwg.tags.php', array('admin_only' => true)); $service->addMethod('pwg.images.exist', 'ws_images_exist', array('md5sum_list' => array('default' => null), 'filename_list' => array('default' => null)), 'Checks existence of images. <br>Give <b>md5sum_list</b> if $conf[uniqueness_mode]==md5sum. Give <b>filename_list</b> if $conf[uniqueness_mode]==filename.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true)); $service->addMethod('pwg.images.checkFiles', 'ws_images_checkFiles', array('image_id' => array('type' => WS_TYPE_ID), 'file_sum' => array('default' => null), 'thumbnail_sum' => array('default' => null), 'high_sum' => array('default' => null)), 'Checks if you have updated version of your files for a given photo, the answer can be "missing", "equals" or "differs". <br>Don\'t use "thumbnail_sum" and "high_sum", these parameters are here for backward compatibility.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true)); $service->addMethod('pwg.images.checkUpload', 'ws_images_checkUpload', null, 'Checks if Piwigo is ready for upload.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true)); $service->addMethod('pwg.images.setInfo', 'ws_images_setInfo', array('image_id' => array('type' => WS_TYPE_ID), 'file' => array('default' => null), 'name' => array('default' => null), 'author' => array('default' => null), 'date_creation' => array('default' => null), 'comment' => array('default' => null), 'categories' => array('default' => null, 'info' => 'String list "category_id[,rank];category_id[,rank]".<br>The rank is optional and is equivalent to "auto" if not given.'), 'tag_ids' => array('default' => null, 'info' => 'Comma separated ids'), 'level' => array('default' => null, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'single_value_mode' => array('default' => 'fill_if_empty'), 'multiple_value_mode' => array('default' => 'append')), 'Changes properties of an image. <br><b>single_value_mode</b> can be "fill_if_empty" (only use the input value if the corresponding values is currently empty) or "replace" (overwrite any existing value) and applies to single values properties like name/author/date_creation/comment. <br><b>multiple_value_mode</b> can be "append" (no change on existing values, add the new values) or "replace" and applies to multiple values properties like tag_ids/categories.', $ws_functions_root . 'pwg.images.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.categories.setInfo', 'ws_categories_setInfo', array('category_id' => array('type' => WS_TYPE_ID), 'name' => array('default' => null), 'comment' => array('default' => null)), 'Changes properties of an album.', $ws_functions_root . 'pwg.categories.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.plugins.getList', 'ws_plugins_getList', null, 'Gets the list of plugins with id, name, version, state and description.', $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true)); $service->addMethod('pwg.plugins.performAction', 'ws_plugins_performAction', array('action' => array('info' => 'install, activate, deactivate, uninstall, delete'), 'plugin' => array(), 'pwg_token' => array()), null, $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true)); $service->addMethod('pwg.themes.performAction', 'ws_themes_performAction', array('action' => array('info' => 'activate, deactivate, delete, set_default'), 'theme' => array(), 'pwg_token' => array()), null, $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true)); $service->addMethod('pwg.extensions.update', 'ws_extensions_update', array('type' => array('info' => 'plugins, languages, themes'), 'id' => array(), 'revision' => array(), 'pwg_token' => array()), '<b>Webmaster only.</b>', $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true)); $service->addMethod('pwg.extensions.ignoreUpdate', 'ws_extensions_ignoreupdate', array('type' => array('default' => null, 'info' => 'plugins, languages, themes'), 'id' => array('default' => null), 'reset' => array('default' => false, 'type' => WS_TYPE_BOOL, 'info' => 'If true, all ignored extensions will be reinitilized.'), 'pwg_token' => array()), '<b>Webmaster only.</b> Ignores an extension if it needs update.', $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true)); $service->addMethod('pwg.extensions.checkUpdates', 'ws_extensions_checkupdates', null, 'Checks if piwigo or extensions are up to date.', $ws_functions_root . 'pwg.extensions.php', array('admin_only' => true)); $service->addMethod('pwg.groups.getList', 'ws_groups_getList', array('group_id' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'name' => array('flags' => WS_PARAM_OPTIONAL, 'info' => 'Use "%" as wildcard.'), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_users_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => 'name', 'info' => 'id, name, nb_users, is_default')), 'Retrieves a list of all groups. The list can be filtered.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true)); $service->addMethod('pwg.groups.add', 'ws_groups_add', array('name' => array(), 'is_default' => array('default' => false, 'type' => WS_TYPE_BOOL)), 'Creates a group and returns the new group record.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.groups.delete', 'ws_groups_delete', array('group_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Deletes a or more groups. Users and photos are not deleted.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.groups.setInfo', 'ws_groups_setInfo', array('group_id' => array('type' => WS_TYPE_ID), 'name' => array('flags' => WS_PARAM_OPTIONAL), 'is_default' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'pwg_token' => array()), 'Updates a group. Leave a field blank to keep the current value.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.groups.addUser', 'ws_groups_addUser', array('group_id' => array('type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Adds one or more users to a group.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.groups.deleteUser', 'ws_groups_deleteUser', array('group_id' => array('type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Removes one or more users from a group.', $ws_functions_root . 'pwg.groups.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.users.getList', 'ws_users_getList', array('user_id' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'username' => array('flags' => WS_PARAM_OPTIONAL, 'info' => 'Use "%" as wildcard.'), 'status' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'info' => 'guest,generic,normal,admin,webmaster'), 'min_level' => array('default' => 0, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'group_id' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'per_page' => array('default' => 100, 'maxValue' => $conf['ws_max_users_per_page'], 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'page' => array('default' => 0, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'order' => array('default' => 'id', 'info' => 'id, username, level, email'), 'display' => array('default' => 'basics', 'info' => 'Comma saparated list (see method description)')), 'Retrieves a list of all the users.<br> <br> <b>display</b> controls which data are returned, possible values are:<br> all, basics, none,<br> username, email, status, level, groups,<br> language, theme, nb_image_page, recent_period, expand, show_nb_comments, show_nb_hits,<br> enabled_high, registration_date, registration_date_string, registration_date_since, last_visit, last_visit_string, last_visit_since<br> <b>basics</b> stands for "username,email,status,level,groups"', $ws_functions_root . 'pwg.users.php', array('admin_only' => true)); $service->addMethod('pwg.users.add', 'ws_users_add', array('username' => array(), 'password' => array('default' => null), 'password_confirm' => array('flags' => WS_PARAM_OPTIONAL), 'email' => array('default' => null), 'send_password_by_mail' => array('default' => false, 'type' => WS_TYPE_BOOL), 'pwg_token' => array()), 'Registers a new user.', $ws_functions_root . 'pwg.users.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.users.delete', 'ws_users_delete', array('user_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Deletes on or more users. Photos owned by this user are not deleted.', $ws_functions_root . 'pwg.users.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.users.setInfo', 'ws_users_setInfo', array('user_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'username' => array('flags' => WS_PARAM_OPTIONAL), 'password' => array('flags' => WS_PARAM_OPTIONAL), 'email' => array('flags' => WS_PARAM_OPTIONAL), 'status' => array('flags' => WS_PARAM_OPTIONAL, 'info' => 'guest,generic,normal,admin,webmaster'), 'level' => array('flags' => WS_PARAM_OPTIONAL, 'maxValue' => max($conf['available_permission_levels']), 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'language' => array('flags' => WS_PARAM_OPTIONAL), 'theme' => array('flags' => WS_PARAM_OPTIONAL), 'group_id' => array('flags' => WS_PARAM_OPTIONAL | WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_INT), 'nb_image_page' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE | WS_TYPE_NOTNULL), 'recent_period' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_INT | WS_TYPE_POSITIVE), 'expand' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'show_nb_comments' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'show_nb_hits' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'enabled_high' => array('flags' => WS_PARAM_OPTIONAL, 'type' => WS_TYPE_BOOL), 'pwg_token' => array()), 'Updates a user. Leave a field blank to keep the current value. <br>"username", "password" and "email" are ignored if "user_id" is an array. <br>set "group_id" to -1 if you want to dissociate users from all groups', $ws_functions_root . 'pwg.users.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.permissions.getList', 'ws_permissions_getList', array('cat_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'group_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID)), 'Returns permissions: user ids and group ids having access to each album ; this list can be filtered. <br>Provide only one parameter!', $ws_functions_root . 'pwg.permissions.php', array('admin_only' => true)); $service->addMethod('pwg.permissions.add', 'ws_permissions_add', array('cat_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'group_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'recursive' => array('default' => false, 'type' => WS_TYPE_BOOL), 'pwg_token' => array()), 'Adds permissions to an album.', $ws_functions_root . 'pwg.permissions.php', array('admin_only' => true, 'post_only' => true)); $service->addMethod('pwg.permissions.remove', 'ws_permissions_remove', array('cat_id' => array('flags' => WS_PARAM_FORCE_ARRAY, 'type' => WS_TYPE_ID), 'group_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'user_id' => array('flags' => WS_PARAM_FORCE_ARRAY | WS_PARAM_OPTIONAL, 'type' => WS_TYPE_ID), 'pwg_token' => array()), 'Removes permissions from an album.', $ws_functions_root . 'pwg.permissions.php', array('admin_only' => true, 'post_only' => true)); }
// | | // | This program is distributed in the hope that it will be useful, but | // | WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | // | General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ $template->set_filenames(array('tail' => 'footer.tpl')); trigger_notify('loc_begin_page_tail'); $template->assign(array('VERSION' => $conf['show_version'] ? PHPWG_VERSION : '', 'PHPWG_URL' => defined('PHPWG_URL') ? PHPWG_URL : '')); //--------------------------------------------------------------------- contact if (!is_a_guest()) { $template->assign('CONTACT_MAIL', get_webmaster_mail_address()); } //------------------------------------------------------------- generation time $debug_vars = array(); if ($conf['show_queries']) { $debug_vars = array_merge($debug_vars, array('QUERIES_LIST' => $debug)); } if ($conf['show_gt']) { if (!isset($page['count_queries'])) { $page['count_queries'] = 0; $page['queries_time'] = 0; } $time = get_elapsed_time($t2, get_moment()); $debug_vars = array_merge($debug_vars, array('TIME' => $time, 'NB_QUERIES' => $page['count_queries'], 'SQL_TIME' => number_format($page['queries_time'], 3, '.', ' ') . ' s')); }
/** * Exits the current script (or redirect to login page if not logged). */ function access_denied() { global $user; $login_url = get_root_url() . 'identification.php?redirect=' . urlencode(urlencode($_SERVER['REQUEST_URI'])); set_status_header(401); if (isset($user) and !is_a_guest()) { echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; echo '<div style="text-align:center;">' . l10n('You are not authorized to access the requested page') . '<br>'; echo '<a href="' . get_root_url() . 'identification.php">' . l10n('Identification') . '</a> '; echo '<a href="' . make_index_url() . '">' . l10n('Home') . '</a></div>'; echo str_repeat(' ', 512); //IE6 doesn't error output if below a size exit; } else { redirect_html($login_url); } }
/** * checks the activation key: does it match the expected pattern? is it * linked to a user? is this user allowed to reset his password? * * @return mixed (user_id if OK, false otherwise) */ function check_password_reset_key($reset_key) { global $page, $conf; list($key, $email) = explode('-', $reset_key, 2); if (!preg_match('/^[a-z0-9]{20}$/i', $key)) { $page['errors'][] = l10n('Invalid key'); return false; } $user_ids = array(); $query = ' SELECT ' . $conf['user_fields']['id'] . ' AS id FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['email'] . ' = \'' . pwg_db_real_escape_string($email) . '\' ;'; $user_ids = query2array($query, null, 'id'); if (count($user_ids) == 0) { $page['errors'][] = l10n('Invalid username or email'); return false; } $user_id = null; $query = ' SELECT user_id, status, activation_key, activation_key_expire, NOW() AS dbnow FROM ' . USER_INFOS_TABLE . ' WHERE user_id IN (' . implode(',', $user_ids) . ') ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { if (pwg_password_verify($key, $row['activation_key'])) { if (strtotime($row['dbnow']) > strtotime($row['activation_key_expire'])) { // key has expired $page['errors'][] = l10n('Invalid key'); return false; } if (is_a_guest($row['status']) or is_generic($row['status'])) { $page['errors'][] = l10n('Password reset is not allowed for this user'); return false; } $user_id = $row['user_id']; } } if (empty($user_id)) { $page['errors'][] = l10n('Invalid key'); return false; } return $user_id; }
/** * Returns if current user can edit/delete/validate a comment. * * @param string $action edit/delete/validate * @param int $comment_author_id * @return bool */ function can_manage_comment($action, $comment_author_id) { global $user, $conf; if (is_a_guest()) { return false; } if (!in_array($action, array('delete', 'edit', 'validate'))) { return false; } if (is_admin()) { return true; } if ('edit' == $action and $conf['user_can_edit_comment']) { if ($comment_author_id == $user['id']) { return true; } } if ('delete' == $action and $conf['user_can_delete_comment']) { if ($comment_author_id == $user['id']) { return true; } } return false; }
/** * Setups each block the main menubar. */ function initialize_menu() { global $page, $conf, $user, $template, $filter; $menu = new BlockManager("menubar"); $menu->load_registered_blocks(); $menu->prepare_display(); if (@$page['section'] == 'search' and isset($page['qsearch_details'])) { $template->assign('QUERY_SEARCH', htmlspecialchars($page['qsearch_details']['q'])); } //--------------------------------------------------------------- external links if ($block = $menu->get_block('mbLinks') and !empty($conf['links'])) { $block->data = array(); foreach ($conf['links'] as $url => $url_data) { if (!is_array($url_data)) { $url_data = array('label' => $url_data); } if (!isset($url_data['eval_visible']) or eval($url_data['eval_visible'])) { $tpl_var = array('URL' => $url, 'LABEL' => $url_data['label']); if (!isset($url_data['new_window']) or $url_data['new_window']) { $tpl_var['new_window'] = array('NAME' => isset($url_data['nw_name']) ? $url_data['nw_name'] : '', 'FEATURES' => isset($url_data['nw_features']) ? $url_data['nw_features'] : ''); } $block->data[] = $tpl_var; } } if (!empty($block->data)) { $block->template = 'menubar_links.tpl'; } } //-------------------------------------------------------------- categories $block = $menu->get_block('mbCategories'); //------------------------------------------------------------------------ filter if ($conf['menubar_filter_icon'] and !empty($conf['filter_pages']) and get_filter_page_value('used')) { if ($filter['enabled']) { $template->assign('U_STOP_FILTER', add_url_params(make_index_url(array()), array('filter' => 'stop'))); } else { $template->assign('U_START_FILTER', add_url_params(make_index_url(array()), array('filter' => 'start-recent-' . $user['recent_period']))); } } if ($block != null) { $block->data = array('NB_PICTURE' => $user['nb_total_images'], 'MENU_CATEGORIES' => get_categories_menu(), 'U_CATEGORIES' => make_index_url(array('section' => 'categories'))); $block->template = 'menubar_categories.tpl'; } //------------------------------------------------------------------------ tags $block = $menu->get_block('mbTags'); if ($block != null and !empty($page['items']) and 'picture' != script_basename()) { if ('tags' == @$page['section']) { $tags = get_common_tags($page['items'], $conf['menubar_tag_cloud_items_number'], $page['tag_ids']); $tags = add_level_to_tags($tags); foreach ($tags as $tag) { $block->data[] = array_merge($tag, array('U_ADD' => make_index_url(array('tags' => array_merge($page['tags'], array($tag)))), 'URL' => make_index_url(array('tags' => array($tag))))); } } else { $selection = array_slice($page['items'], $page['start'], $page['nb_image_page']); $tags = add_level_to_tags(get_common_tags($selection, $conf['content_tag_cloud_items_number'])); foreach ($tags as $tag) { $block->data[] = array_merge($tag, array('URL' => make_index_url(array('tags' => array($tag))))); } } if (!empty($block->data)) { $block->template = 'menubar_tags.tpl'; } } //----------------------------------------------------------- special categories if (($block = $menu->get_block('mbSpecials')) != null) { if (!is_a_guest()) { // favorites $block->data['favorites'] = array('URL' => make_index_url(array('section' => 'favorites')), 'TITLE' => l10n('display your favorites photos'), 'NAME' => l10n('Your favorites')); } $block->data['most_visited'] = array('URL' => make_index_url(array('section' => 'most_visited')), 'TITLE' => l10n('display most visited photos'), 'NAME' => l10n('Most visited')); if ($conf['rate']) { $block->data['best_rated'] = array('URL' => make_index_url(array('section' => 'best_rated')), 'TITLE' => l10n('display best rated photos'), 'NAME' => l10n('Best rated')); } $block->data['recent_pics'] = array('URL' => make_index_url(array('section' => 'recent_pics')), 'TITLE' => l10n('display most recent photos'), 'NAME' => l10n('Recent photos')); $block->data['recent_cats'] = array('URL' => make_index_url(array('section' => 'recent_cats')), 'TITLE' => l10n('display recently updated albums'), 'NAME' => l10n('Recent albums')); $block->data['random'] = array('URL' => get_root_url() . 'random.php', 'TITLE' => l10n('display a set of random photos'), 'NAME' => l10n('Random photos'), 'REL' => 'rel="nofollow"'); $block->data['calendar'] = array('URL' => make_index_url(array('chronology_field' => $conf['calendar_datefield'] == 'date_available' ? 'posted' : 'created', 'chronology_style' => 'monthly', 'chronology_view' => 'calendar')), 'TITLE' => l10n('display each day with photos, month per month'), 'NAME' => l10n('Calendar'), 'REL' => 'rel="nofollow"'); $block->template = 'menubar_specials.tpl'; } //---------------------------------------------------------------------- summary if (($block = $menu->get_block('mbMenu')) != null) { // quick search block will be displayed only if data['qsearch'] is set // to "yes" $block->data['qsearch'] = true; // tags link $block->data['tags'] = array('TITLE' => l10n('display available tags'), 'NAME' => l10n('Tags'), 'URL' => get_root_url() . 'tags.php', 'COUNTER' => get_nb_available_tags()); // search link $block->data['search'] = array('TITLE' => l10n('search'), 'NAME' => l10n('Search'), 'URL' => get_root_url() . 'search.php', 'REL' => 'rel="search"'); if ($conf['activate_comments']) { // comments link $block->data['comments'] = array('TITLE' => l10n('display last user comments'), 'NAME' => l10n('Comments'), 'URL' => get_root_url() . 'comments.php', 'COUNTER' => get_nb_available_comments()); } // about link $block->data['about'] = array('TITLE' => l10n('About Piwigo'), 'NAME' => l10n('About'), 'URL' => get_root_url() . 'about.php'); // notification $block->data['rss'] = array('TITLE' => l10n('RSS feed'), 'NAME' => l10n('Notification'), 'URL' => get_root_url() . 'notification.php', 'REL' => 'rel="nofollow"'); $block->template = 'menubar_menu.tpl'; } //--------------------------------------------------------------- identification if (is_a_guest()) { $template->assign(array('U_LOGIN' => get_root_url() . 'identification.php', 'U_LOST_PASSWORD' => get_root_url() . 'password.php', 'AUTHORIZE_REMEMBERING' => $conf['authorize_remembering'])); if ($conf['allow_user_registration']) { $template->assign('U_REGISTER', get_root_url() . 'register.php'); } } else { $template->assign('USERNAME', stripslashes($user['username'])); if (is_autorize_status(ACCESS_CLASSIC)) { $template->assign('U_PROFILE', get_root_url() . 'profile.php'); } // the logout link has no meaning with Apache authentication : it is not // possible to logout with this kind of authentication. if (!$conf['apache_authentication']) { $template->assign('U_LOGOUT', get_root_url() . '?act=logout'); } if (is_admin()) { $template->assign('U_ADMIN', get_root_url() . 'admin.php'); } } if (($block = $menu->get_block('mbIdentification')) != null) { $block->template = 'menubar_identification.tpl'; } $menu->apply('MENUBAR', 'menubar.tpl'); }
// logout logout_user(); redirect(get_gallery_home_url()); } elseif (!empty($_SESSION['pwg_uid'])) { $user['id'] = $_SESSION['pwg_uid']; } } // Now check the auto-login if ($user['id'] == $conf['guest_id']) { auto_login(); } // using Apache authentication override the above user search if ($conf['apache_authentication']) { $remote_user = null; foreach (array('REMOTE_USER', 'REDIRECT_REMOTE_USER') as $server_key) { if (isset($_SERVER[$server_key])) { $remote_user = $_SERVER[$server_key]; break; } } if (isset($remote_user)) { if (!($user['id'] = get_userid($remote_user))) { $user['id'] = register_user($remote_user, '', '', false); } } } $user = build_user($user['id'], (defined('IN_ADMIN') and IN_ADMIN) ? false : true); if ($conf['browser_language'] and (is_a_guest() or is_generic())) { get_browser_language($user['language']); } trigger_notify('user_init', $user);
function pshare_section_init() { global $tokens, $page, $conf, $user, $template; if ($tokens[0] == 'pshare') { $page['section'] = 'pshare'; $page['title'] = l10n('Shared Picture'); if (!isset($tokens[1])) { die("missing key"); } if (!preg_match(PSHARE_KEY_PATTERN, $tokens[1])) { die("invalid key"); } $page['pshare_key'] = $tokens[1]; $query = ' SELECT *, NOW() AS dbnow FROM ' . PSHARE_KEYS_TABLE . ' WHERE uuid = \'' . $page['pshare_key'] . '\' ;'; $shares = query2array($query); if (count($shares) == 0) { die('unknown key'); } $share = $shares[0]; pshare_log($share['pshare_key_id'], 'visit'); // is the key still valid? if (strtotime($share['expire_on']) < strtotime($share['dbnow'])) { die('expired key'); } // if the user is permitted for this photo, let's redirect to // picture.php (with full details and actions) if (!is_a_guest() and pshare_is_photo_visible($share['image_id'])) { // find the first reachable category linked to the photo $query = ' SELECT category_id FROM ' . IMAGE_CATEGORY_TABLE . ' WHERE image_id = ' . $share['image_id'] . ' ;'; $authorizeds = array_diff(array_from_query($query, 'category_id'), explode(',', calculate_permissions($user['id'], $user['status']))); foreach ($authorizeds as $category_id) { $url = make_picture_url(array('image_id' => $share['image_id'], 'category' => get_cat_info($category_id))); if (function_exists('Fotorama_is_replace_picture') and Fotorama_is_replace_picture()) { $url .= '&slidestop'; } redirect($url); } redirect(make_picture_url(array('image_id' => $share['image_id']))); } $query = ' SELECT * FROM ' . IMAGES_TABLE . ' WHERE id = ' . $share['image_id'] . ' ;'; $rows = query2array($query); $image = $rows[0]; $src_image = new SrcImage($image); if (isset($tokens[2]) && 'download' == $tokens[2]) { $format_id = null; if (isset($tokens[3]) && preg_match('/^f(\\d+)$/', $tokens[3], $matches)) { $format_id = $matches[1]; $query = ' SELECT * FROM ' . IMAGE_FORMAT_TABLE . ' WHERE format_id = ' . $format_id . ' AND image_id = ' . $image['id'] . ' ;'; $formats = query2array($query); if (count($formats) == 0) { do_error(400, 'Invalid request - format'); } $format = $formats[0]; $file = original_to_format(get_element_path($image), $format['ext']); $image['file'] = get_filename_wo_extension($image['file']) . '.' . $format['ext']; } else { $file = $image['path']; } $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)) . ' GMT'; $http_headers = array('Content-Length: ' . @filesize($file), 'Last-Modified: ' . $gmt_mtime, 'Content-Type: ' . mime_content_type($file), 'Content-Disposition: attachment; filename="' . $image['file'] . '";', 'Content-Transfer-Encoding: binary'); foreach ($http_headers as $header) { header($header); } readfile($file); pshare_log($share['pshare_key_id'], 'download', $format_id); exit; } $template->set_filename('shared_picture', realpath(PSHARE_PATH . 'template/shared_picture.tpl')); $derivative = new DerivativeImage(ImageStdParams::get_by_type(IMG_MEDIUM), $src_image); $derivative_size = $derivative->get_size(); // a random string to avoid browser cache $rand = '&download=' . substr(md5(time()), 0, 6); $template->assign(array('SRC' => $derivative->get_url(), 'IMG_WIDTH' => $derivative_size[0], 'IMG_HEIGHT' => $derivative_size[1], 'DOWNLOAD_URL' => duplicate_index_url() . '/' . $page['pshare_key'] . '/download' . $rand)); // formats if (defined('IMAGE_FORMAT_TABLE')) { $query = ' SELECT * FROM ' . IMAGE_FORMAT_TABLE . ' WHERE image_id = ' . $share['image_id'] . ' ;'; $formats = query2array($query); if (!empty($formats)) { foreach ($formats as &$format) { $format['download_url'] = duplicate_index_url() . '/' . $page['pshare_key'] . '/download'; $format['download_url'] .= '/f' . $format['format_id'] . $rand; $format['filesize'] = sprintf('%.1fMB', $format['filesize'] / 1024); } } $template->assign('formats', $formats); } $template->parse('shared_picture'); $template->p(); exit; } }
$tpl_comment['PWG_TOKEN'] = get_pwg_token(); $tpl_comment['U_CANCEL'] = $url_self; } } if (is_admin()) { $tpl_comment['EMAIL'] = $email; if ($row['validated'] != 'true') { $tpl_comment['U_VALIDATE'] = add_url_params($url_self, array('action' => 'validate_comment', 'comment_to_validate' => $row['id'], 'pwg_token' => get_pwg_token())); } } $template->append('comments', $tpl_comment); } } $show_add_comment_form = true; if (isset($edit_comment)) { $show_add_comment_form = false; } if (is_a_guest() and !$conf['comments_forall']) { $show_add_comment_form = false; } if ($show_add_comment_form) { $key = get_ephemeral_key(3, $page['image_id']); $tpl_var = array('F_ACTION' => $url_self, 'KEY' => $key, 'CONTENT' => '', 'SHOW_AUTHOR' => !is_classic_user(), 'AUTHOR_MANDATORY' => $conf['comments_author_mandatory'], 'AUTHOR' => '', 'WEBSITE_URL' => '', 'SHOW_EMAIL' => !is_classic_user() or empty($user['email']), 'EMAIL_MANDATORY' => $conf['comments_email_mandatory'], 'EMAIL' => '', 'SHOW_WEBSITE' => $conf['comments_enable_website']); if ('reject' == @$comment_action) { foreach (array('content', 'author', 'website_url', 'email') as $k) { $tpl_var[strtoupper($k)] = htmlspecialchars(stripslashes(@$_POST[$k])); } } $template->assign('comment_add', $tpl_var); } }
/** * API method * Returns detailed information for an element * @param mixed[] $params * @option int image_id * @option int comments_page * @option int comments_per_page */ function ws_images_getInfo($params, $service) { global $user, $conf; $query = ' SELECT * FROM ' . IMAGES_TABLE . ' WHERE id=' . $params['image_id'] . get_sql_condition_FandF(array('visible_images' => 'id'), ' AND') . ' LIMIT 1 ;'; $result = pwg_query($query); if (pwg_db_num_rows($result) == 0) { return new PwgError(404, 'image_id not found'); } $image_row = pwg_db_fetch_assoc($result); $image_row = array_merge($image_row, ws_std_get_urls($image_row)); //-------------------------------------------------------- related categories $query = ' SELECT id, name, permalink, uppercats, global_rank, commentable FROM ' . IMAGE_CATEGORY_TABLE . ' INNER JOIN ' . CATEGORIES_TABLE . ' ON category_id = id WHERE image_id = ' . $image_row['id'] . get_sql_condition_FandF(array('forbidden_categories' => 'category_id'), ' AND') . ' ;'; $result = pwg_query($query); $is_commentable = false; $related_categories = array(); while ($row = pwg_db_fetch_assoc($result)) { if ($row['commentable'] == 'true') { $is_commentable = true; } unset($row['commentable']); $row['url'] = make_index_url(array('category' => $row)); $row['page_url'] = make_picture_url(array('image_id' => $image_row['id'], 'image_file' => $image_row['file'], 'category' => $row)); $row['id'] = (int) $row['id']; $related_categories[] = $row; } usort($related_categories, 'global_rank_compare'); if (empty($related_categories)) { return new PwgError(401, 'Access denied'); } //-------------------------------------------------------------- related tags $related_tags = get_common_tags(array($image_row['id']), -1); foreach ($related_tags as $i => $tag) { $tag['url'] = make_index_url(array('tags' => array($tag))); $tag['page_url'] = make_picture_url(array('image_id' => $image_row['id'], 'image_file' => $image_row['file'], 'tags' => array($tag))); unset($tag['counter']); $tag['id'] = (int) $tag['id']; $related_tags[$i] = $tag; } //------------------------------------------------------------- related rates $rating = array('score' => $image_row['rating_score'], 'count' => 0, 'average' => null); if (isset($rating['score'])) { $query = ' SELECT COUNT(rate) AS count, ROUND(AVG(rate),2) AS average FROM ' . RATE_TABLE . ' WHERE element_id = ' . $image_row['id'] . ' ;'; $row = pwg_db_fetch_assoc(pwg_query($query)); $rating['score'] = (double) $rating['score']; $rating['average'] = (double) $row['average']; $rating['count'] = (int) $row['count']; } //---------------------------------------------------------- related comments $related_comments = array(); $where_comments = 'image_id = ' . $image_row['id']; if (!is_admin()) { $where_comments .= ' AND validated="true"'; } $query = ' SELECT COUNT(id) AS nb_comments FROM ' . COMMENTS_TABLE . ' WHERE ' . $where_comments . ' ;'; list($nb_comments) = query2array($query, null, 'nb_comments'); $nb_comments = (int) $nb_comments; if ($nb_comments > 0 and $params['comments_per_page'] > 0) { $query = ' SELECT id, date, author, content FROM ' . COMMENTS_TABLE . ' WHERE ' . $where_comments . ' ORDER BY date LIMIT ' . (int) $params['comments_per_page'] . ' OFFSET ' . (int) ($params['comments_per_page'] * $params['comments_page']) . ' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $row['id'] = (int) $row['id']; $related_comments[] = $row; } } $comment_post_data = null; if ($is_commentable and (!is_a_guest() or is_a_guest() and $conf['comments_forall'])) { $comment_post_data['author'] = stripslashes($user['username']); $comment_post_data['key'] = get_ephemeral_key(2, $params['image_id']); } $ret = $image_row; foreach (array('id', 'width', 'height', 'hit', 'filesize') as $k) { if (isset($ret[$k])) { $ret[$k] = (int) $ret[$k]; } } foreach (array('path', 'storage_category_id') as $k) { unset($ret[$k]); } $ret['rates'] = array(WS_XML_ATTRIBUTES => $rating); $ret['categories'] = new PwgNamedArray($related_categories, 'category', array('id', 'url', 'page_url')); $ret['tags'] = new PwgNamedArray($related_tags, 'tag', ws_std_get_tag_xml_attributes()); if (isset($comment_post_data)) { $ret['comment_post'] = array(WS_XML_ATTRIBUTES => $comment_post_data); } $ret['comments_paging'] = new PwgNamedStruct(array('page' => $params['comments_page'], 'per_page' => $params['comments_per_page'], 'count' => count($related_comments), 'total_count' => $nb_comments)); $ret['comments'] = new PwgNamedArray($related_comments, 'comment', array('id', 'date')); if ($service->_responseFormat != 'rest') { return $ret; // for backward compatibility only } else { return array('image' => new PwgNamedStruct($ret, null, array('name', 'comment'))); } }
$user['id'] = $_SESSION['pwg_uid']; } } // Now check the auto-login if ($user['id'] == $conf['guest_id']) { auto_login(); } // using Apache authentication override the above user search if ($conf['apache_authentication']) { $remote_user = null; foreach (array('REMOTE_USER', 'REDIRECT_REMOTE_USER') as $server_key) { if (isset($_SERVER[$server_key])) { $remote_user = $_SERVER[$server_key]; break; } } if (isset($remote_user)) { if (!($user['id'] = get_userid($remote_user))) { $user['id'] = register_user($remote_user, '', '', false); } } } // automatic login by authentication key if (isset($_GET['auth'])) { auth_key_login($_GET['auth']); } $user = build_user($user['id'], (defined('IN_ADMIN') and IN_ADMIN) ? false : true); if ($conf['browser_language'] and (is_a_guest() or is_generic()) and $language = get_browser_language()) { $user['language'] = $language; } trigger_notify('user_init', $user);
$template->assign(array('SECTION_TITLE' => $page['section_title'], 'PHOTO' => $title_nb, 'IS_HOME' => 'categories' == $page['section'] and !isset($page['category']), 'LEVEL_SEPARATOR' => $conf['level_separator'], 'U_UP' => $url_up, 'DISPLAY_NAV_BUTTONS' => $conf['picture_navigation_icons'], 'DISPLAY_NAV_THUMB' => $conf['picture_navigation_thumb'])); if ($conf['picture_metadata_icon']) { $template->assign('U_METADATA', $url_metadata); } //------------------------------------------------------- upper menu management // admin links if (is_admin()) { if (isset($page['category'])) { $template->assign(array('U_SET_AS_REPRESENTATIVE' => add_url_params($url_self, array('action' => 'set_as_representative')))); } $url_admin = get_root_url() . 'admin.php?page=photo-' . $page['image_id'] . (isset($page['category']) ? '&cat_id=' . $page['category']['id'] : ''); $template->assign(array('U_CADDIE' => add_url_params($url_self, array('action' => 'add_to_caddie')), 'U_PHOTO_ADMIN' => $url_admin)); $template->assign('available_permission_levels', get_privacy_level_options()); } // favorite manipulation if (!is_a_guest() and $conf['picture_favorite_icon']) { // verify if the picture is already in the favorite of the user $query = ' SELECT COUNT(*) AS nb_fav FROM ' . FAVORITES_TABLE . ' WHERE image_id = ' . $page['image_id'] . ' AND user_id = ' . $user['id'] . ' ;'; $row = pwg_db_fetch_assoc(pwg_query($query)); $is_favorite = $row['nb_fav'] != 0; $template->assign('favorite', array('IS_FAVORITE' => $is_favorite, 'U_FAVORITE' => add_url_params($url_self, array('action' => !$is_favorite ? 'add_to_favorites' : 'remove_from_favorites')))); } //--------------------------------------------------------- picture information // legend if (isset($picture['current']['comment']) and !empty($picture['current']['comment'])) { $template->assign('COMMENT_IMG', trigger_change('render_element_description', $picture['current']['comment'], 'picture_page_element_description'));