/** * API method * Adds a group * @param mixed[] $params * @option string name * @option bool is_default */ function ws_groups_add($params, &$service) { $params['name'] = pwg_db_real_escape_string($params['name']); // is the name not already used ? $query = ' SELECT COUNT(*) FROM ' . GROUPS_TABLE . ' WHERE name = \'' . $params['name'] . '\' ;'; list($count) = pwg_db_fetch_row(pwg_query($query)); if ($count != 0) { return new PwgError(WS_ERR_INVALID_PARAM, 'This name is already used by another group.'); } // creating the group single_insert(GROUPS_TABLE, array('name' => $params['name'], 'is_default' => boolean_to_string($params['is_default']))); return $service->invoke('pwg.groups.getList', array('group_id' => pwg_db_insert_id())); }
/** * Creates a new user. * * @param string $login * @param string $password * @param string $mail_adress * @param bool $notify_admin * @param array &$errors populated with error messages * @param bool $notify_user * @return int|false user id or false */ function register_user($login, $password, $mail_address, $notify_admin = true, &$errors = array(), $notify_user = false) { global $conf; if ($login == '') { $errors[] = l10n('Please, enter a login'); } if (preg_match('/^.* $/', $login)) { $errors[] = l10n('login mustn\'t end with a space character'); } if (preg_match('/^ .*$/', $login)) { $errors[] = l10n('login mustn\'t start with a space character'); } if (get_userid($login)) { $errors[] = l10n('this login is already used'); } if ($login != strip_tags($login)) { $errors[] = l10n('html tags are not allowed in login'); } $mail_error = validate_mail_address(null, $mail_address); if ('' != $mail_error) { $errors[] = $mail_error; } if ($conf['insensitive_case_logon'] == true) { $login_error = validate_login_case($login); if ($login_error != '') { $errors[] = $login_error; } } $errors = trigger_change('register_user_check', $errors, array('username' => $login, 'password' => $password, 'email' => $mail_address)); // if no error until here, registration of the user if (count($errors) == 0) { $insert = array($conf['user_fields']['username'] => pwg_db_real_escape_string($login), $conf['user_fields']['password'] => $conf['password_hash']($password), $conf['user_fields']['email'] => $mail_address); single_insert(USERS_TABLE, $insert); $user_id = pwg_db_insert_id(); // Assign by default groups $query = ' SELECT id FROM ' . GROUPS_TABLE . ' WHERE is_default = \'' . boolean_to_string(true) . '\' ORDER BY id ASC ;'; $result = pwg_query($query); $inserts = array(); while ($row = pwg_db_fetch_assoc($result)) { $inserts[] = array('user_id' => $user_id, 'group_id' => $row['id']); } if (count($inserts) != 0) { mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts); } $override = array(); if ($language = get_browser_language()) { $override['language'] = $language; } create_user_infos($user_id, $override); if ($notify_admin and $conf['email_admin_on_new_user']) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $admin_url = get_absolute_root_url() . 'admin.php?page=user_list&username='******'User: %s', stripslashes($login)), get_l10n_args('Email: %s', $mail_address), get_l10n_args(''), get_l10n_args('Admin: %s', $admin_url)); pwg_mail_notification_admins(get_l10n_args('Registration of %s', stripslashes($login)), $keyargs_content); } if ($notify_user and email_check_format($mail_address)) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Hello %s,', stripslashes($login)), get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', stripslashes($login)), get_l10n_args('Password: %s', stripslashes($password)), get_l10n_args('Email: %s', $mail_address), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address())); pwg_mail($mail_address, array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Registration'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); } trigger_notify('register_user', array('id' => $user_id, 'username' => $login, 'email' => $mail_address)); return $user_id; } else { return false; } }
function ws_pfemail_mailbox_save($params, &$service) { $mailbox = array(); if (isset($params['id']) and !empty($params['id'])) { // we are edition mode $query = ' SELECT * FROM ' . PFEMAIL_MAILBOXES_TABLE . ' WHERE id = ' . $params['id'] . ' ;'; $mailboxes = query2array($query, 'id'); if (!isset($mailboxes[$params['id']])) { return new PwgError(404, 'id not found'); } $mailbox = $mailboxes[$params['id']]; } $mailbox['path'] = $params['path']; $mailbox['login'] = $params['login']; $mailbox['password'] = $params['password']; $mailbox['category_id'] = $params['category_id']; $mailbox['moderated'] = $params['moderated'] ? 'true' : 'false'; if (isset($mailbox['id'])) { single_update(PFEMAIL_MAILBOXES_TABLE, $mailbox, array('id' => $params['id'])); } else { single_insert(PFEMAIL_MAILBOXES_TABLE, $mailbox); $mailbox['id'] = pwg_db_insert_id(PFEMAIL_MAILBOXES_TABLE); } return $mailbox; }
/** * Create a new tag. * * @param string $tag_name * @return array ('id', info') or ('error') */ function create_tag($tag_name) { // does the tag already exists? $query = ' SELECT id FROM ' . TAGS_TABLE . ' WHERE name = \'' . $tag_name . '\' ;'; $existing_tags = query2array($query, null, 'id'); if (count($existing_tags) == 0) { single_insert(TAGS_TABLE, array('name' => $tag_name, 'url_name' => trigger_change('render_tag_url', $tag_name))); $inserted_id = pwg_db_insert_id(TAGS_TABLE); return array('info' => l10n('Tag "%s" was added', stripslashes($tag_name)), 'id' => $inserted_id); } else { return array('error' => l10n('Tag "%s" already exists', stripslashes($tag_name))); } }
/** * Creates an authentication key. * * @since 2.8 * @param int $user_id * @return array */ function create_user_auth_key($user_id, $user_status = null) { global $conf; if (0 == $conf['auth_key_duration']) { return false; } if (!isset($user_status)) { // we have to find the user status $query = ' SELECT status FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $user_id . ' ;'; $user_infos = query2array($query); if (count($user_infos) == 0) { return false; } $user_status = $user_infos[0]['status']; } if (!in_array($user_status, array('normal', 'generic'))) { return false; } $candidate = generate_key(30); $query = ' SELECT COUNT(*), NOW(), ADDDATE(NOW(), INTERVAL ' . $conf['auth_key_duration'] . ' SECOND) FROM ' . USER_AUTH_KEYS_TABLE . ' WHERE auth_key = \'' . $candidate . '\' ;'; list($counter, $now, $expiration) = pwg_db_fetch_row(pwg_query($query)); if (0 == $counter) { $key = array('auth_key' => $candidate, 'user_id' => $user_id, 'created_on' => $now, 'duration' => $conf['auth_key_duration'], 'expired_on' => $expiration); single_insert(USER_AUTH_KEYS_TABLE, $key); $key['auth_key_id'] = pwg_db_insert_id(); return $key; } else { return create_user_auth_key($user_id, $user_status); } }
WHERE id IN (' . $_POST['edit_list'] . ') ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $current_name_of[$row['id']] = $row['name']; } $updates = array(); // we must not rename tag with an already existing name foreach (explode(',', $_POST['edit_list']) as $tag_id) { $tag_name = stripslashes($_POST['tag_name-' . $tag_id]); if ($tag_name != $current_name_of[$tag_id]) { if (in_array($tag_name, $existing_names)) { $page['errors'][] = l10n('Tag "%s" already exists', $tag_name); } else { if (!empty($tag_name)) { single_insert(TAGS_TABLE, array('name' => $tag_name, 'url_name' => trigger_change('render_tag_url', $tag_name))); $query = ' SELECT id FROM ' . TAGS_TABLE . ' WHERE name = \'' . $tag_name . '\' ;'; $destination_tag = array_from_query($query, 'id'); $destination_tag_id = $destination_tag[0]; $query = ' SELECT image_id FROM ' . IMAGE_TAG_TABLE . ' WHERE tag_id = ' . $tag_id . ' ;'; $destination_tag_image_ids = array_from_query($query, 'image_id'); $inserts = array();
function add_uploaded_file($source_filepath, $original_filename = null, $categories = null, $level = null, $image_id = null, $original_md5sum = null) { // 1) move uploaded file to upload/2010/01/22/20100122003814-449ada00.jpg // // 2) keep/resize original // // 3) register in database // TODO // * check md5sum (already exists?) global $conf, $user; if (isset($original_md5sum)) { $md5sum = $original_md5sum; } else { $md5sum = md5_file($source_filepath); } $file_path = null; $is_tiff = false; if (isset($image_id)) { // this photo already exists, we update it $query = ' SELECT path FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $file_path = $row['path']; } if (!isset($file_path)) { die('[' . __FUNCTION__ . '] this photo does not exist in the database'); } // delete all physical files related to the photo (thumbnail, web site, HD) delete_element_files(array($image_id)); } else { // this photo is new // current date list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();')); list($year, $month, $day) = preg_split('/[^\\d]/', $dbnow, 4); // upload directory hierarchy $upload_dir = sprintf(PHPWG_ROOT_PATH . $conf['upload_dir'] . '/%s/%s/%s', $year, $month, $day); // compute file path $date_string = preg_replace('/[^\\d]/', '', $dbnow); $random_string = substr($md5sum, 0, 8); $filename_wo_ext = $date_string . '-' . $random_string; $file_path = $upload_dir . '/' . $filename_wo_ext . '.'; list($width, $height, $type) = getimagesize($source_filepath); if (IMAGETYPE_PNG == $type) { $file_path .= 'png'; } elseif (IMAGETYPE_GIF == $type) { $file_path .= 'gif'; } elseif (IMAGETYPE_TIFF_MM == $type or IMAGETYPE_TIFF_II == $type) { $is_tiff = true; $file_path .= 'tif'; } elseif (IMAGETYPE_JPEG == $type) { $file_path .= 'jpg'; } elseif (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types']) { $original_extension = strtolower(get_extension($original_filename)); if (in_array($original_extension, $conf['file_ext'])) { $file_path .= $original_extension; } else { die('unexpected file type'); } } else { die('forbidden file type'); } prepare_directory($upload_dir); } if (is_uploaded_file($source_filepath)) { move_uploaded_file($source_filepath, $file_path); } else { rename($source_filepath, $file_path); } @chmod($file_path, 0644); if ($is_tiff and pwg_image::get_library() == 'ext_imagick') { // move the uploaded file to pwg_representative sub-directory $representative_file_path = dirname($file_path) . '/pwg_representative/'; $representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.'; $representative_ext = $conf['tiff_representative_ext']; $representative_file_path .= $representative_ext; prepare_directory(dirname($representative_file_path)); $exec = $conf['ext_imagick_dir'] . 'convert'; if ('jpg' == $conf['tiff_representative_ext']) { $exec .= ' -quality 98'; } $exec .= ' "' . realpath($file_path) . '"'; $dest = pathinfo($representative_file_path); $exec .= ' "' . realpath($dest['dirname']) . '/' . $dest['basename'] . '"'; $exec .= ' 2>&1'; @exec($exec, $returnarray); // sometimes ImageMagick creates file-0.jpg (full size) + file-1.jpg // (thumbnail). I don't know how to avoid it. $representative_file_abspath = realpath($dest['dirname']) . '/' . $dest['basename']; if (!file_exists($representative_file_abspath)) { $first_file_abspath = preg_replace('/\\.' . $representative_ext . '$/', '-0.' . $representative_ext, $representative_file_abspath); if (file_exists($first_file_abspath)) { rename($first_file_abspath, $representative_file_abspath); } } } // // generate pwg_representative in case of video // $ffmpeg_video_exts = array('wmv', 'mov', 'mkv', 'mp4', 'mpg', 'flv', 'asf', 'xvid', 'divx', 'mpeg', 'avi', 'rm'); if (isset($original_extension) and in_array($original_extension, $ffmpeg_video_exts)) { $representative_file_path = dirname($file_path) . '/pwg_representative/'; $representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.'; $representative_ext = 'jpg'; $representative_file_path .= $representative_ext; prepare_directory(dirname($representative_file_path)); $second = 1; $ffmpeg = $conf['ffmpeg_dir'] . 'ffmpeg'; $ffmpeg .= ' -i "' . $file_path . '"'; $ffmpeg .= ' -an -ss ' . $second; $ffmpeg .= ' -t 1 -r 1 -y -vcodec mjpeg -f mjpeg'; $ffmpeg .= ' "' . $representative_file_path . '"'; // file_put_contents('/tmp/ffmpeg.log', "\n==== ".date('c')."\n".__FUNCTION__.' : '.$ffmpeg."\n", FILE_APPEND); @exec($ffmpeg); if (!file_exists($representative_file_path)) { $representative_ext = null; } } if (isset($original_extension) and 'pdf' == $original_extension and pwg_image::get_library() == 'ext_imagick') { $representative_file_path = dirname($file_path) . '/pwg_representative/'; $representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.'; $representative_ext = 'jpg'; $representative_file_path .= $representative_ext; prepare_directory(dirname($representative_file_path)); $exec = $conf['ext_imagick_dir'] . 'convert'; $exec .= ' -quality 98'; $exec .= ' "' . realpath($file_path) . '"[0]'; $dest = pathinfo($representative_file_path); $exec .= ' "' . realpath($dest['dirname']) . '/' . $dest['basename'] . '"'; $exec .= ' 2>&1'; @exec($exec, $returnarray); } if (pwg_image::get_library() != 'gd') { if ($conf['original_resize']) { $need_resize = need_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight']); if ($need_resize) { $img = new pwg_image($file_path); $img->pwg_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight'], $conf['original_resize_quality'], $conf['upload_form_automatic_rotation'], false); $img->destroy(); } } } // we need to save the rotation angle in the database to compute // width/height of "multisizes" $rotation_angle = pwg_image::get_rotation_angle($file_path); $rotation = pwg_image::get_rotation_code_from_angle($rotation_angle); $file_infos = pwg_image_infos($file_path); if (isset($image_id)) { $update = array('file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation); if (isset($level)) { $update['level'] = $level; } single_update(IMAGES_TABLE, $update, array('id' => $image_id)); } else { // database registration $file = pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)); $insert = array('file' => $file, 'name' => get_name_from_file($file), 'date_available' => $dbnow, 'path' => preg_replace('#^' . preg_quote(PHPWG_ROOT_PATH) . '#', '', $file_path), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation); if (isset($level)) { $insert['level'] = $level; } if (isset($representative_ext)) { $insert['representative_ext'] = $representative_ext; } single_insert(IMAGES_TABLE, $insert); $image_id = pwg_db_insert_id(IMAGES_TABLE); } if (isset($categories) and count($categories) > 0) { associate_images_to_categories(array($image_id), $categories); } // update metadata from the uploaded file (exif/iptc) if ($conf['use_exif'] and !function_exists('read_exif_data')) { $conf['use_exif'] = false; } sync_metadata(array($image_id)); invalidate_user_cache(); // cache thumbnail $query = ' SELECT id, path FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $image_infos = pwg_db_fetch_assoc(pwg_query($query)); set_make_full_url(); // in case we are on uploadify.php, we have to replace the false path $thumb_url = preg_replace('#admin/include/i#', 'i', DerivativeImage::thumb_url($image_infos)); unset_make_full_url(); fetchRemote($thumb_url, $dest); return $image_id; }
function pshare_log($key_id, $type = 'visit', $format_id = null) { global $user; list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();')); single_insert(PSHARE_LOG_TABLE, array('pshare_key_idx' => $key_id, 'occured_on' => $dbnow, 'type' => $type, 'ip_address' => $_SERVER['REMOTE_ADDR'], 'user_id' => $user['id'], 'format_id' => empty($format_id) ? '' : $format_id)); }
function add_uploaded_file($source_filepath, $original_filename = null, $categories = null, $level = null, $image_id = null, $original_md5sum = null) { // 1) move uploaded file to upload/2010/01/22/20100122003814-449ada00.jpg // // 2) keep/resize original // // 3) register in database // TODO // * check md5sum (already exists?) global $conf, $user; if (isset($original_md5sum)) { $md5sum = $original_md5sum; } else { $md5sum = md5_file($source_filepath); } $file_path = null; $is_tiff = false; if (isset($image_id)) { // this photo already exists, we update it $query = ' SELECT path FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $file_path = $row['path']; } if (!isset($file_path)) { die('[' . __FUNCTION__ . '] this photo does not exist in the database'); } // delete all physical files related to the photo (thumbnail, web site, HD) delete_element_files(array($image_id)); } else { // this photo is new // current date list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();')); list($year, $month, $day) = preg_split('/[^\\d]/', $dbnow, 4); // upload directory hierarchy $upload_dir = sprintf(PHPWG_ROOT_PATH . $conf['upload_dir'] . '/%s/%s/%s', $year, $month, $day); // compute file path $date_string = preg_replace('/[^\\d]/', '', $dbnow); $random_string = substr($md5sum, 0, 8); $filename_wo_ext = $date_string . '-' . $random_string; $file_path = $upload_dir . '/' . $filename_wo_ext . '.'; list($width, $height, $type) = getimagesize($source_filepath); if (IMAGETYPE_PNG == $type) { $file_path .= 'png'; } elseif (IMAGETYPE_GIF == $type) { $file_path .= 'gif'; } elseif (IMAGETYPE_TIFF_MM == $type or IMAGETYPE_TIFF_II == $type) { $is_tiff = true; $file_path .= 'tif'; } elseif (IMAGETYPE_JPEG == $type) { $file_path .= 'jpg'; } elseif (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types']) { $original_extension = strtolower(get_extension($original_filename)); if (in_array($original_extension, $conf['file_ext'])) { $file_path .= $original_extension; } else { die('unexpected file type'); } } else { die('forbidden file type'); } prepare_directory($upload_dir); } if (is_uploaded_file($source_filepath)) { move_uploaded_file($source_filepath, $file_path); } else { rename($source_filepath, $file_path); } @chmod($file_path, 0644); // handle the uploaded file type by potentially making a // pwg_representative file. $representative_ext = trigger_change('upload_file', null, $file_path); global $logger; $logger->info("Handling " . (string) $file_path . " got " . (string) $representative_ext); // If it is set to either true (the file didn't need a // representative generated) or false (the generation of the // representative failed), set it to null because we have no // representative file. if (is_bool($representative_ext)) { $representative_ext = null; } if (pwg_image::get_library() != 'gd') { if ($conf['original_resize']) { $need_resize = need_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight']); if ($need_resize) { $img = new pwg_image($file_path); $img->pwg_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight'], $conf['original_resize_quality'], $conf['upload_form_automatic_rotation'], false); $img->destroy(); } } } // we need to save the rotation angle in the database to compute // width/height of "multisizes" $rotation_angle = pwg_image::get_rotation_angle($file_path); $rotation = pwg_image::get_rotation_code_from_angle($rotation_angle); $file_infos = pwg_image_infos($file_path); if (isset($image_id)) { $update = array('file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation); if (isset($level)) { $update['level'] = $level; } single_update(IMAGES_TABLE, $update, array('id' => $image_id)); } else { // database registration $file = pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)); $insert = array('file' => $file, 'name' => get_name_from_file($file), 'date_available' => $dbnow, 'path' => preg_replace('#^' . preg_quote(PHPWG_ROOT_PATH) . '#', '', $file_path), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation); if (isset($level)) { $insert['level'] = $level; } if (isset($representative_ext)) { $insert['representative_ext'] = $representative_ext; } single_insert(IMAGES_TABLE, $insert); $image_id = pwg_db_insert_id(IMAGES_TABLE); } if (isset($categories) and count($categories) > 0) { associate_images_to_categories(array($image_id), $categories); } // update metadata from the uploaded file (exif/iptc) if ($conf['use_exif'] and !function_exists('read_exif_data')) { $conf['use_exif'] = false; } sync_metadata(array($image_id)); invalidate_user_cache(); // cache thumbnail $query = ' SELECT id, path FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $image_infos = pwg_db_fetch_assoc(pwg_query($query)); set_make_full_url(); // in case we are on uploadify.php, we have to replace the false path $thumb_url = preg_replace('#admin/include/i#', 'i', DerivativeImage::thumb_url($image_infos)); unset_make_full_url(); fetchRemote($thumb_url, $dest); return $image_id; }