function GalleryController() { global $_zp_gallery; zp_load_page(); $this->requestedPage = getCurrentPage() >= 1 ? getCurrentPage() : 1; if (!isset($_zp_gallery)) { load_gallery(); } list($album, $image) = rewrite_get_album_image('album', 'image'); $this->setAlbum($album); $this->setImage($image); }
require_once dirname(__FILE__) . "/functions.php"; require_once dirname(__FILE__) . "/functions-image.php"; $disposal = getOption('protect_full_image'); if ($disposal == 'No access') { // illegal use of the script! imageError('403 Forbidden', gettext("Forbidden")); } else { if (isset($_GET['dsp'])) { $disposal = sanitize($_GET['dsp']); } } // Check for minimum parameters. if (!isset($_GET['a']) || !isset($_GET['i'])) { imageError('404 Not Found', gettext("Too few arguments! Image not found."), 'err-imagenotfound.png'); } list($album8, $image8) = rewrite_get_album_image('a', 'i'); $album = internalToFilesystem($album8); $image = internalToFilesystem($image8); /* Prevent hotlinking to the full image from other domains. */ if (getOption('hotlink_protection') && isset($_SERVER['HTTP_REFERER'])) { preg_match('|(.*)//([^/]*)|', $_SERVER['HTTP_REFERER'], $matches); $checkstring = preg_replace('/^www./', '', strtolower($matches[2])); if (strpos($checkstring, ":")) { $checkstring = substr($checkstring, 0, strpos($checkstring, ":")); } if (preg_replace('/^www./', '', strtolower($_SERVER['SERVER_NAME'])) != $checkstring) { /* It seems they are directly requesting the full image. */ header('Location: ' . FULLWEBPATH . '/index.php?album=' . $album8 . '&image=' . $image8); exitZP(); } }
<?php // force UTF-8// Ø list($album, $image) = rewrite_get_album_image('album', 'image'); $folders = explode('/', $album); if (array_key_exists(0, $folders) && $folders[0] == CACHEFOLDER) { // a failed reference to a cached image? require_once SERVERPATH . '/' . ZENFOLDER . '/admin-functions.php'; require_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/cacheManager/functions.php'; unset($folders[0]); list($image, $args) = getImageProcessorURIFromCacheName(implode('/', $folders) . '/' . $image, getWatermarks()); if (file_exists(getAlbumFolder() . $image)) { $uri = getImageURI($args, dirname($image), basename($image), NULL); header("HTTP/1.0 302 Found"); header("Status: 302 Found"); header('Location: ' . $uri); exitZP(); } } if (isset($_GET['fromlogout'])) { header("HTTP/1.0 302 Found"); header("Status: 302 Found"); header('Location: ' . WEBPATH . '/index.php'); exitZP(); } $obj = @$_zp_gallery_page; $_zp_gallery_page = '404.php'; if (isset($_index_theme)) { $_zp_script = SERVERPATH . "/" . THEMEFOLDER . '/' . internalToFilesystem($_index_theme) . '/404.php'; } else { $_zp_script = NULL;
/** * returns the auth type of a guest login * * @param string $hint * @param string $show * @return string */ function checkForGuest(&$hint = NULL, &$show = NULL) { global $_zp_gallery, $_zp_gallery_page, $_zp_current_zenpage_page, $_zp_current_category, $_zp_current_zenpage_news; $authType = zp_apply_filter('checkForGuest', NULL); if (!is_null($authType)) { return $authType; } if (in_context(ZP_SEARCH)) { // search page $hash = getOption('search_password'); if (getOption('search_user') != '') { $show = true; } $hint = get_language_string(getOption('search_hint')); $authType = 'zp_search_auth'; if (empty($hash)) { $hash = $_zp_gallery->getPassword(); if ($_zp_gallery->getUser() != '') { $show = true; } $hint = $_zp_gallery->getPasswordHint(); $authType = 'zp_gallery_auth'; } if (!empty($hash) && zp_getCookie($authType) == $hash) { return $authType; } } else { if (!is_null($_zp_current_zenpage_news)) { $authType = $_zp_current_zenpage_news->checkAccess($hint, $show); return $authType; } else { if (isset($_GET['album'])) { // album page list($album, $image) = rewrite_get_album_image('album', 'image'); if ($authType = checkAlbumPassword($album, $hint)) { return $authType; } else { $alb = newAlbum($album); if ($alb->getUser() != '') { $show = true; } return false; } } else { // other page $hash = $_zp_gallery->getPassword(); if ($_zp_gallery->getUser() != '') { $show = true; } $hint = $_zp_gallery->getPasswordHint(); if (!empty($hash) && zp_getCookie('zp_gallery_auth') == $hash) { return 'zp_gallery_auth'; } } } } if (empty($hash)) { return 'zp_public_access'; } return false; }
/** * Figures out what is being accessed and calls the appropriate load function * * @return bool */ function zp_load_request() { if ($success = zp_apply_filter('load_request', true)) { // filter allowed the load zp_load_page(); if (isset($_GET['p'])) { $page = str_replace(array('/', '\\', '.'), '', sanitize($_GET['p'])); switch ($page) { case 'search': return zp_load_search(); break; case 'pages': if (extensionEnabled('zenpage')) { return load_zenpage_pages(sanitize(rtrim(@$_GET['title'], '/'))); } break; case 'news': if (extensionEnabled('zenpage')) { return load_zenpage_news(sanitize($_GET)); } break; } } // may need image and album parameters processed list($album, $image) = rewrite_get_album_image('album', 'image'); if (!empty($image)) { return zp_load_image($album, $image); } else { if (!empty($album)) { return zp_load_album($album); } } } return $success; }
/** * Figures out what is being accessed and calls the appropriate load function * * @return bool */ function zp_load_request() { if ($success = zp_apply_filter('load_request', true)) { // filter allowed the load zp_load_page(); if (isset($_GET['p'])) { $page = str_replace(array('/', '\\', '.'), '', sanitize($_GET['p'])); if (isset($_GET['t'])) { // Zenphoto tiny url unset($_GET['t']); $tiny = sanitize_numeric($page); $asoc = getTableAsoc(); $tbl = $tiny & 7; if (array_key_exists($tbl, $asoc)) { $tbl = $asoc[$tbl]; $id = $tiny >> 3; $result = query_single_row('SELECT * FROM ' . prefix($tbl) . ' WHERE `id`=' . $id); if ($result) { switch ($tbl) { case 'news': case 'pages': $page = $_GET['p'] = $tbl; $_GET['title'] = $result['titlelink']; break; case 'images': $image = $_GET['image'] = $result['filename']; $result = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $result['albumid']); case 'albums': $album = $_GET['album'] = $result['folder']; unset($_GET['p']); if (!empty($image)) { return zp_load_image($album, $image); } else { if (!empty($album)) { return zp_load_album($album); } } break; case 'comments': unset($_GET['p']); $commentid = $id; $type = $result['type']; $result = query_single_row('SELECT * FROM ' . prefix($result['type']) . ' WHERE `id`=' . $result['ownerid']); switch ($type) { case 'images': $image = $result['filename']; $result = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $result['albumid']); $redirect = 'index.php?album=' . $result['folder'] . '&image=' . $image; break; case 'albums': $album = $result['folder']; $redirect = 'index.php?album=' . $result['folder']; break; case 'pages': $redirect = 'index.php?p=pages&title=' . $result['titlelink']; break; } $redirect .= '#c_' . $commentid; header("HTTP/1.0 301 Moved Permanently"); header("Status: 301 Moved Permanently"); header('Location: ' . FULLWEBPATH . '/' . $redirect); exit; break; } } } } switch ($page) { case 'search': return zp_load_search(); break; case 'pages': if (getOption('zp_plugin_zenpage')) { return zenpage_load_page(); } break; case 'news': if (getOption('zp_plugin_zenpage')) { return zenpage_load_news(); } break; } } // may need image and album parameters processed list($album, $image) = rewrite_get_album_image('album', 'image'); if (!empty($image)) { return zp_load_image($album, $image); } else { if (!empty($album)) { return zp_load_album($album); } } } return $success; }
* @package core */ // force UTF-8 Ø if (!defined('OFFSET_PATH')) { define('OFFSET_PATH', 2); } require_once dirname(__FILE__) . '/functions-basic.php'; require_once dirname(__FILE__) . '/functions-image.php'; $debug = isset($_GET['debug']); // Check for minimum parameters. if (!isset($_GET['a']) || !isset($_GET['i'])) { imageError('404 Not Found', gettext("Too few arguments! Image not found."), 'err-imagenotfound.png'); } // Fix special characters in the album and image names if mod_rewrite is on: // URL looks like: "/album1/subalbum/picture.jpg" list($ralbum, $rimage) = rewrite_get_album_image('a', 'i'); $ralbum = internalToFilesystem($ralbum); $rimage = internalToFilesystem($rimage); $album = sanitize_path($ralbum); $image = sanitize($rimage); $theme = imageThemeSetup(filesystemToInternal($album)); // loads the theme based image options. if (getOption('secure_image_processor')) { require_once dirname(__FILE__) . '/functions.php'; $albumobj = newAlbum(filesystemToInternal($album)); if (!$albumobj->checkAccess()) { imageError('403 Forbidden', gettext("Forbidden(1)")); } } $args = getImageArgs($_GET); $adminrequest = $args[12];
function zp_load_request() { list($album, $image) = rewrite_get_album_image('album', 'image'); zp_load_page(); $success = true; if (!empty($image)) { $success = zp_load_image($album, $image); } else { if (!empty($album)) { $success = zp_load_album($album); } } if (isset($_GET['p'])) { $page = str_replace(array('/', '\\', '.'), '', $_GET['p']); if ($page == "search") { $success = zp_load_search(); } } return $success; }
/** * Checks to see if a password is needed * displays a password form if log-on is required * * Returns true if a login form has been displayed * * The password protection is hereditary. This normally only impacts direct url access to an album or image since if * you are going down the tree you will be stopped at the first place a password is required. * * If the gallery is password protected then every album & image will require that password. * * If an album is password protected then all subalbums and images treed below that album will require * the password. If there are multiple passwords in the tree and you direct link, the password that is * required will be that of the nearest parent that has a password. (The gallery is the ur-parrent to all * albums.) * * @param bool $silent set to true to inhibit the logon form * @return bool * @since 1.1.3 */ function checkforPassword($silent = false) { global $_zp_current_album, $_zp_current_search, $_zp_gallery, $_zp_loggedin; if (zp_loggedin(MAIN_RIGHTS | VIEWALL_RIGHTS | ALL_ALBUMS_RIGHTS)) { return false; } // you're the admin, you don't need the passwords. if (in_context(ZP_SEARCH)) { // search page $hash = getOption('search_password'); $show = getOption('search_user') != ''; $hint = get_language_string(getOption('search_hint')); $authType = 'zp_search_auth'; if (empty($hash)) { $hash = getOption('gallery_password'); $show = getOption('gallery_user') != ''; $hint = get_language_string(getOption('gallery_hint')); $authType = 'zp_gallery_auth'; } if (!empty($hash)) { if (zp_getCookie($authType) != $hash) { if (!$silent) { printPasswordForm($hint, true, getOption('login_user_field') || $show); } return true; } } } else { if (isset($_GET['album'])) { // album page list($album, $image) = rewrite_get_album_image('album', 'image'); if (checkAlbumPassword($album, $hint)) { return false; } else { if (!$silent) { $alb = new Album($_zp_gallery, $album); printPasswordForm($hint, true, getOption('login_user_field') || $alb->getUser() != ''); } return true; } } else { // index page if ($_zp_loggedin) { return false; } $hash = getOption('gallery_password'); $hint = get_language_string(getOption('gallery_hint')); if (!empty($hash)) { if (zp_getCookie('zp_gallery_auth') != $hash) { if (!$silent) { printPasswordForm($hint, true, getOption('login_user_field') || getOption('gallery_user') != ''); } return true; } } } } return false; }