function GalleryController()
{
global $_zp_gallery;
zp_load_page();
$this->requestedPage = getCurrentPage() >= 1 ? getCurrentPage() : 1;
if (!isset($_zp_gallery)) {
load_gallery();
}
list($album, $image) = rewrite_get_album_image('album', 'image');
$this->setAlbum($album);
$this->setImage($image);
}
require_once dirname(__FILE__) . "/functions.php";
require_once dirname(__FILE__) . "/functions-image.php";
$disposal = getOption('protect_full_image');
if ($disposal == 'No access') {
// illegal use of the script!
imageError('403 Forbidden', gettext("Forbidden"));
} else {
if (isset($_GET['dsp'])) {
$disposal = sanitize($_GET['dsp']);
}
}
// Check for minimum parameters.
if (!isset($_GET['a']) || !isset($_GET['i'])) {
imageError('404 Not Found', gettext("Too few arguments! Image not found."), 'err-imagenotfound.png');
}
list($album8, $image8) = rewrite_get_album_image('a', 'i');
$album = internalToFilesystem($album8);
$image = internalToFilesystem($image8);
/* Prevent hotlinking to the full image from other domains. */
if (getOption('hotlink_protection') && isset($_SERVER['HTTP_REFERER'])) {
preg_match('|(.*)//([^/]*)|', $_SERVER['HTTP_REFERER'], $matches);
$checkstring = preg_replace('/^www./', '', strtolower($matches[2]));
if (strpos($checkstring, ":")) {
$checkstring = substr($checkstring, 0, strpos($checkstring, ":"));
}
if (preg_replace('/^www./', '', strtolower($_SERVER['SERVER_NAME'])) != $checkstring) {
/* It seems they are directly requesting the full image. */
header('Location: ' . FULLWEBPATH . '/index.php?album=' . $album8 . '&image=' . $image8);
exitZP();
}
}
<?php
// force UTF-8// Ø
list($album, $image) = rewrite_get_album_image('album', 'image');
$folders = explode('/', $album);
if (array_key_exists(0, $folders) && $folders[0] == CACHEFOLDER) {
// a failed reference to a cached image?
require_once SERVERPATH . '/' . ZENFOLDER . '/admin-functions.php';
require_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/cacheManager/functions.php';
unset($folders[0]);
list($image, $args) = getImageProcessorURIFromCacheName(implode('/', $folders) . '/' . $image, getWatermarks());
if (file_exists(getAlbumFolder() . $image)) {
$uri = getImageURI($args, dirname($image), basename($image), NULL);
header("HTTP/1.0 302 Found");
header("Status: 302 Found");
header('Location: ' . $uri);
exitZP();
}
}
if (isset($_GET['fromlogout'])) {
header("HTTP/1.0 302 Found");
header("Status: 302 Found");
header('Location: ' . WEBPATH . '/index.php');
exitZP();
}
$obj = @$_zp_gallery_page;
$_zp_gallery_page = '404.php';
if (isset($_index_theme)) {
$_zp_script = SERVERPATH . "/" . THEMEFOLDER . '/' . internalToFilesystem($_index_theme) . '/404.php';
} else {
$_zp_script = NULL;
/**
* returns the auth type of a guest login
*
* @param string $hint
* @param string $show
* @return string
*/
function checkForGuest(&$hint = NULL, &$show = NULL)
{
global $_zp_gallery, $_zp_gallery_page, $_zp_current_zenpage_page, $_zp_current_category, $_zp_current_zenpage_news;
$authType = zp_apply_filter('checkForGuest', NULL);
if (!is_null($authType)) {
return $authType;
}
if (in_context(ZP_SEARCH)) {
// search page
$hash = getOption('search_password');
if (getOption('search_user') != '') {
$show = true;
}
$hint = get_language_string(getOption('search_hint'));
$authType = 'zp_search_auth';
if (empty($hash)) {
$hash = $_zp_gallery->getPassword();
if ($_zp_gallery->getUser() != '') {
$show = true;
}
$hint = $_zp_gallery->getPasswordHint();
$authType = 'zp_gallery_auth';
}
if (!empty($hash) && zp_getCookie($authType) == $hash) {
return $authType;
}
} else {
if (!is_null($_zp_current_zenpage_news)) {
$authType = $_zp_current_zenpage_news->checkAccess($hint, $show);
return $authType;
} else {
if (isset($_GET['album'])) {
// album page
list($album, $image) = rewrite_get_album_image('album', 'image');
if ($authType = checkAlbumPassword($album, $hint)) {
return $authType;
} else {
$alb = newAlbum($album);
if ($alb->getUser() != '') {
$show = true;
}
return false;
}
} else {
// other page
$hash = $_zp_gallery->getPassword();
if ($_zp_gallery->getUser() != '') {
$show = true;
}
$hint = $_zp_gallery->getPasswordHint();
if (!empty($hash) && zp_getCookie('zp_gallery_auth') == $hash) {
return 'zp_gallery_auth';
}
}
}
}
if (empty($hash)) {
return 'zp_public_access';
}
return false;
}
/**
* Figures out what is being accessed and calls the appropriate load function
*
* @return bool
*/
function zp_load_request()
{
if ($success = zp_apply_filter('load_request', true)) {
// filter allowed the load
zp_load_page();
if (isset($_GET['p'])) {
$page = str_replace(array('/', '\\', '.'), '', sanitize($_GET['p']));
switch ($page) {
case 'search':
return zp_load_search();
break;
case 'pages':
if (extensionEnabled('zenpage')) {
return load_zenpage_pages(sanitize(rtrim(@$_GET['title'], '/')));
}
break;
case 'news':
if (extensionEnabled('zenpage')) {
return load_zenpage_news(sanitize($_GET));
}
break;
}
}
// may need image and album parameters processed
list($album, $image) = rewrite_get_album_image('album', 'image');
if (!empty($image)) {
return zp_load_image($album, $image);
} else {
if (!empty($album)) {
return zp_load_album($album);
}
}
}
return $success;
}
/**
* Figures out what is being accessed and calls the appropriate load function
*
* @return bool
*/
function zp_load_request()
{
if ($success = zp_apply_filter('load_request', true)) {
// filter allowed the load
zp_load_page();
if (isset($_GET['p'])) {
$page = str_replace(array('/', '\\', '.'), '', sanitize($_GET['p']));
if (isset($_GET['t'])) {
// Zenphoto tiny url
unset($_GET['t']);
$tiny = sanitize_numeric($page);
$asoc = getTableAsoc();
$tbl = $tiny & 7;
if (array_key_exists($tbl, $asoc)) {
$tbl = $asoc[$tbl];
$id = $tiny >> 3;
$result = query_single_row('SELECT * FROM ' . prefix($tbl) . ' WHERE `id`=' . $id);
if ($result) {
switch ($tbl) {
case 'news':
case 'pages':
$page = $_GET['p'] = $tbl;
$_GET['title'] = $result['titlelink'];
break;
case 'images':
$image = $_GET['image'] = $result['filename'];
$result = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $result['albumid']);
case 'albums':
$album = $_GET['album'] = $result['folder'];
unset($_GET['p']);
if (!empty($image)) {
return zp_load_image($album, $image);
} else {
if (!empty($album)) {
return zp_load_album($album);
}
}
break;
case 'comments':
unset($_GET['p']);
$commentid = $id;
$type = $result['type'];
$result = query_single_row('SELECT * FROM ' . prefix($result['type']) . ' WHERE `id`=' . $result['ownerid']);
switch ($type) {
case 'images':
$image = $result['filename'];
$result = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $result['albumid']);
$redirect = 'index.php?album=' . $result['folder'] . '&image=' . $image;
break;
case 'albums':
$album = $result['folder'];
$redirect = 'index.php?album=' . $result['folder'];
break;
case 'pages':
$redirect = 'index.php?p=pages&title=' . $result['titlelink'];
break;
}
$redirect .= '#c_' . $commentid;
header("HTTP/1.0 301 Moved Permanently");
header("Status: 301 Moved Permanently");
header('Location: ' . FULLWEBPATH . '/' . $redirect);
exit;
break;
}
}
}
}
switch ($page) {
case 'search':
return zp_load_search();
break;
case 'pages':
if (getOption('zp_plugin_zenpage')) {
return zenpage_load_page();
}
break;
case 'news':
if (getOption('zp_plugin_zenpage')) {
return zenpage_load_news();
}
break;
}
}
// may need image and album parameters processed
list($album, $image) = rewrite_get_album_image('album', 'image');
if (!empty($image)) {
return zp_load_image($album, $image);
} else {
if (!empty($album)) {
return zp_load_album($album);
}
}
}
return $success;
}
* @package core
*/
// force UTF-8 Ø
if (!defined('OFFSET_PATH')) {
define('OFFSET_PATH', 2);
}
require_once dirname(__FILE__) . '/functions-basic.php';
require_once dirname(__FILE__) . '/functions-image.php';
$debug = isset($_GET['debug']);
// Check for minimum parameters.
if (!isset($_GET['a']) || !isset($_GET['i'])) {
imageError('404 Not Found', gettext("Too few arguments! Image not found."), 'err-imagenotfound.png');
}
// Fix special characters in the album and image names if mod_rewrite is on:
// URL looks like: "/album1/subalbum/picture.jpg"
list($ralbum, $rimage) = rewrite_get_album_image('a', 'i');
$ralbum = internalToFilesystem($ralbum);
$rimage = internalToFilesystem($rimage);
$album = sanitize_path($ralbum);
$image = sanitize($rimage);
$theme = imageThemeSetup(filesystemToInternal($album));
// loads the theme based image options.
if (getOption('secure_image_processor')) {
require_once dirname(__FILE__) . '/functions.php';
$albumobj = newAlbum(filesystemToInternal($album));
if (!$albumobj->checkAccess()) {
imageError('403 Forbidden', gettext("Forbidden(1)"));
}
}
$args = getImageArgs($_GET);
$adminrequest = $args[12];
function zp_load_request()
{
list($album, $image) = rewrite_get_album_image('album', 'image');
zp_load_page();
$success = true;
if (!empty($image)) {
$success = zp_load_image($album, $image);
} else {
if (!empty($album)) {
$success = zp_load_album($album);
}
}
if (isset($_GET['p'])) {
$page = str_replace(array('/', '\\', '.'), '', $_GET['p']);
if ($page == "search") {
$success = zp_load_search();
}
}
return $success;
}
/**
* Checks to see if a password is needed
* displays a password form if log-on is required
*
* Returns true if a login form has been displayed
*
* The password protection is hereditary. This normally only impacts direct url access to an album or image since if
* you are going down the tree you will be stopped at the first place a password is required.
*
* If the gallery is password protected then every album & image will require that password.
*
* If an album is password protected then all subalbums and images treed below that album will require
* the password. If there are multiple passwords in the tree and you direct link, the password that is
* required will be that of the nearest parent that has a password. (The gallery is the ur-parrent to all
* albums.)
*
* @param bool $silent set to true to inhibit the logon form
* @return bool
* @since 1.1.3
*/
function checkforPassword($silent = false)
{
global $_zp_current_album, $_zp_current_search, $_zp_gallery, $_zp_loggedin;
if (zp_loggedin(MAIN_RIGHTS | VIEWALL_RIGHTS | ALL_ALBUMS_RIGHTS)) {
return false;
}
// you're the admin, you don't need the passwords.
if (in_context(ZP_SEARCH)) {
// search page
$hash = getOption('search_password');
$show = getOption('search_user') != '';
$hint = get_language_string(getOption('search_hint'));
$authType = 'zp_search_auth';
if (empty($hash)) {
$hash = getOption('gallery_password');
$show = getOption('gallery_user') != '';
$hint = get_language_string(getOption('gallery_hint'));
$authType = 'zp_gallery_auth';
}
if (!empty($hash)) {
if (zp_getCookie($authType) != $hash) {
if (!$silent) {
printPasswordForm($hint, true, getOption('login_user_field') || $show);
}
return true;
}
}
} else {
if (isset($_GET['album'])) {
// album page
list($album, $image) = rewrite_get_album_image('album', 'image');
if (checkAlbumPassword($album, $hint)) {
return false;
} else {
if (!$silent) {
$alb = new Album($_zp_gallery, $album);
printPasswordForm($hint, true, getOption('login_user_field') || $alb->getUser() != '');
}
return true;
}
} else {
// index page
if ($_zp_loggedin) {
return false;
}
$hash = getOption('gallery_password');
$hint = get_language_string(getOption('gallery_hint'));
if (!empty($hash)) {
if (zp_getCookie('zp_gallery_auth') != $hash) {
if (!$silent) {
printPasswordForm($hint, true, getOption('login_user_field') || getOption('gallery_user') != '');
}
return true;
}
}
}
}
return false;
}
