/** * Edit rights of the Judge. Because you can. * * @param string $f * @param string $groups * @param string $users * @return void * @author Thibaud Rohmer */ public static function edit($f, $users = array(), $groups = array(), $private = false) { /// Just to be sure, check that user is admin if (!CurrentUser::$admin) { return; } if (is_array($f)) { foreach ($f as $file) { Judge::edit($file, $users, $groups, $private); } return; } // Create new Judge, no need to read its rights $rights = new Judge($f, false); /// Put the values in the Judge (poor guy) if (isset($groups)) { $rights->groups = $groups; } if (isset($users)) { $rights->users = $users; } $rights->public = !$private ? 1 : 0; // Save the Judge $rights->save(); }
/** * Retrieves info for the current user account * * @author Thibaud Rohmer */ public static function init() { CurrentUser::$accounts_file = Settings::$conf_dir . "/accounts.xml"; CurrentUser::$groups_file = Settings::$conf_dir . "/groups.xml"; /// Set path if (isset($_GET['f'])) { CurrentUser::$path = stripslashes(File::r2a($_GET['f'])); if (isset($_GET['p'])) { switch ($_GET['p']) { case 'n': CurrentUser::$path = File::next(CurrentUser::$path); break; case 'p': CurrentUser::$path = File::prev(CurrentUser::$path); break; } } } else { /// Path not defined in URL CurrentUser::$path = Settings::$photos_dir; } /// Set CurrentUser account if (isset($_SESSION['login'])) { self::$account = new Account($_SESSION['login']); // groups sometimes can be null $groups = self::$account->groups === NULL ? array() : self::$account->groups; self::$admin = in_array("root", $groups); self::$uploader = in_array("uploaders", $groups); } /// Set action (needed for page layout) if (isset($_GET['t'])) { switch ($_GET['t']) { case "Page": case "Img": case "Thb": CurrentUser::$action = $_GET['t']; break; case "Big": case "BDl": case "Zip": if (!Settings::$nodownload) { CurrentUser::$action = $_GET['t']; } break; case "Reg": if (isset($_POST['login']) && isset($_POST['password'])) { if (!Account::create($_POST['login'], $_POST['password'], $_POST['verif'])) { echo "Error creating account."; } } case "Log": if (isset($_SESSION['login'])) { CurrentUser::logout(); echo "logged out"; break; } if (isset($_POST['login']) && isset($_POST['password'])) { try { if (!CurrentUser::login($_POST['login'], $_POST['password'])) { echo "Wrong password"; } } catch (Exception $e) { echo "Account not found"; } } if (!isset(CurrentUser::$account)) { CurrentUser::$action = $_GET['t']; } break; case "Acc": if (isset($_POST['old_password'])) { Account::edit($_POST['login'], $_POST['old_password'], $_POST['password'], $_POST['name'], $_POST['email']); } CurrentUser::$action = "Acc"; break; case "Adm": if (CurrentUser::$admin) { CurrentUser::$action = "Adm"; } break; case "Com": Comments::add(CurrentUser::$path, $_POST['content'], $_POST['login']); break; case "Rig": Judge::edit(CurrentUser::$path, $_POST['users'], $_POST['groups'], true); CurrentUser::$action = "Judge"; break; case "Pub": Judge::edit(CurrentUser::$path); CurrentUser::$action = "Judge"; break; case "Pri": Judge::edit(CurrentUser::$path, array(), array(), true); CurrentUser::$action = "Judge"; break; case "Inf": CurrentUser::$action = "Inf"; break; case "Fs": if (is_file(CurrentUser::$path)) { CurrentUser::$action = "Fs"; } break; default: CurrentUser::$action = "Page"; break; } } else { CurrentUser::$action = "Page"; } if (isset($_GET['a']) && CurrentUser::$action != "Adm") { if (CurrentUser::$admin || CurrentUser::$uploader) { new Admin(); } } if (isset($_GET['j'])) { CurrentUser::$action = "JS"; } /// Set default action if (!isset(CurrentUser::$action)) { CurrentUser::$action = "Page"; } /// Throw exception if accounts file is missing if (!file_exists(CurrentUser::$accounts_file)) { throw new Exception("Accounts file missing", 69); } /// Create Group File if it doesn't exist if (!file_exists(CurrentUser::$groups_file)) { Group::create_group_file(); } if (isset(CurrentUser::$account)) { CurrentUser::$admin = in_array("root", CurrentUser::$account->groups); } }
/** * Upload files on the server * * @author Thibaud Rohmer */ public function upload() { $allowedExtensions = array("tiff", "jpg", "jpeg", "gif", "png"); /// Just to be really sure ffmpeg enable - necessary generate thumbnail jpg and webm if (Settings::$encode_video) { array_push($allowedExtensions, "flv", "mov", "mpg", "mp4", "ogv", "mts", "3gp", "webm"); } $already_set_rights = false; /// Just to be really sure... if (!(CurrentUser::$admin || CurrentUser::$uploader)) { return; } /// Set upload path $path = stripslashes(File::r2a($_POST['path'])); /// Create dir and update upload path if required if (strlen(stripslashes($_POST['newdir'])) > 0 && !strpos(stripslashes($_POST['newdir']), '..')) { $path = $path . "/" . stripslashes($_POST['newdir']); if (!file_exists($path)) { @mkdir($path, 0750, true); @mkdir(File::r2a(File::a2r($path), Settings::$thumbs_dir), 0750, true); } /// Setup rights if (!isset($_POST['inherit'])) { if (isset($_POST['public'])) { Judge::edit($path); } else { Judge::edit($path, $_POST['users'], $_POST['groups']); } } $already_set_rights = true; } if (!isset($_FILES["images"])) { return; } /// Treat uploaded files foreach ($_FILES["images"]["error"] as $key => $error) { // Check that file is uploaded if ($error == UPLOAD_ERR_OK) { // Name of the stored file $tmp_name = $_FILES["images"]["tmp_name"][$key]; // Name on the website $name = $_FILES["images"]["name"][$key]; $info = pathinfo($name); $base_name = basename($name, '.' . $info['extension']); // Check filetype if (!in_array(strtolower($info['extension']), $allowedExtensions)) { continue; } // Rename until this name isn't taken $i = 1; while (file_exists("{$path}/{$name}")) { $name = $base_name . "-" . $i . "." . $info['extension']; $i++; } // Save the files if (move_uploaded_file($tmp_name, "{$path}/{$name}")) { // $done .= "Successfully uploaded $name"; Video::FastEncodeVideo("{$path}/{$name}"); } /// Setup rights if (!$already_set_rights && !isset($_POST['inherit'])) { if (isset($_POST['public'])) { Judge::edit($path); } else { Judge::edit($path, $_POST['users'], $_POST['groups']); } } } } }