$CPG_REFERER = 'index.php';
} else {
/**
* Using getRaw() since we are checking the referer in the above if condition.
*/
$CPG_REFERER = $superCage->get->getRaw('referer');
}
/**
* CPGPluginAPI::action('page_start',null)
*
* Executes page_start action on all plugins
*
* @param null
* @return N/A
**/
CPGPluginAPI::action('page_start', null);
// load the main template
load_template();
$CONFIG['template_loaded'] = true;
// Remove expired bans
$now = date('Y-m-d H:i:s');
if ($CONFIG['purge_expired_bans'] == 1) {
cpg_db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE expiry < '{$now}'");
}
// Check if the user is banned
$user_id = USER_ID;
// Compose the query
$query_string = "SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE (";
if (USER_ID) {
$query_string .= "user_id={$user_id} OR ";
}
/**
* CPGPluginAPI::uninstall()
*
* Uninstalls a plugin and executes 'plugin_uninstall' action
*
* @param integer $plugin_id
* @return N/A
**/
function uninstall($plugin_id)
{
global $CONFIG, $USER_DATA, $CPG_PLUGINS, $thisplugin, $lang_plugin_api;
if (!isset($CPG_PLUGINS[$plugin_id])) {
return true;
}
// Grab the plugin from the global scope
$thisplugin =& $CPG_PLUGINS[$plugin_id];
// Grab the priority level, so you can shift the ones in the database
$priority = $thisplugin->priority;
// If plugin has an uninstall action, execute it
$uninstalled = CPGPluginAPI::action('plugin_uninstall', true, $plugin_id);
if (is_bool($uninstalled) && $uninstalled) {
$sql = 'delete from ' . $CONFIG['TABLE_PLUGINS'] . ' ' . 'where plugin_id=' . $plugin_id . ';';
$result = cpg_db_query($sql);
// Shift the plugins up
$sql = 'update ' . $CONFIG['TABLE_PLUGINS'] . ' set priority=priority-1 where priority>' . $priority . ';';
$result = cpg_db_query($sql);
unset($CPG_PLUGINS[$plugin_id]);
if ($CONFIG['log_mode']) {
log_write("Plugin '" . $name . "' uninstalled at " . date("F j, Y, g:i a"), CPG_GLOBAL_LOG);
}
return true;
// If $uninstalled is an integer then the plugin needs to be cleaned up; Return the value
} elseif (is_numeric($uninstalled)) {
return $uninstalled;
} else {
// The plugin's uninstall action failed
cpg_die(CRITICAL_ERROR, sprintf($lang_plugin_api['error_uninstall'], $thisplugin->name), __FILE__, __LINE__);
}
}
/**
* CPGPluginAPI::uninstall()
*
* Uninstalls a plugin and executes 'plugin_uninstall' action
*
* @param integer $plugin_id
* @return N/A
**/
public static function uninstall($plugin_id)
{
global $CONFIG, $USER_DATA, $CPG_PLUGINS, $thisplugin, $lang_plugin_api, $name;
if (!isset($CPG_PLUGINS[$plugin_id])) {
return true;
}
// Grab the plugin from the global scope
$thisplugin =& $CPG_PLUGINS[$plugin_id];
// Grab the priority level, so you can shift the ones in the database
$priority = $thisplugin->priority;
// If plugin has an uninstall action, execute it
$uninstalled = CPGPluginAPI::action('plugin_uninstall', true, $plugin_id);
if (is_bool($uninstalled) && $uninstalled) {
$sql = "DELETE FROM {$CONFIG['TABLE_PLUGINS']} WHERE plugin_id = {$plugin_id}";
$result = cpg_db_query($sql);
// Shift the plugins up
$sql = "UPDATE {$CONFIG['TABLE_PLUGINS']} SET priority = priority - 1 WHERE priority > {$priority}";
$result = cpg_db_query($sql);
unset($CPG_PLUGINS[$plugin_id]);
if ($CONFIG['log_mode']) {
log_write("Plugin '" . $thisplugin->name . "' uninstalled", CPG_GLOBAL_LOG);
}
return true;
// If $uninstalled is an integer then the plugin needs to be cleaned up; Return the value
} elseif (is_numeric($uninstalled)) {
return $uninstalled;
} else {
// The plugin's uninstall action failed
cpg_die(CRITICAL_ERROR, sprintf($lang_plugin_api['error_uninstall'], $thisplugin->name), __FILE__, __LINE__);
}
}
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
// Create and send the e-card
if ($superCage->post->keyExists('sender_name') && $valid_sender_email && $valid_recipient_email) {
if ($CONFIG['ecard_captcha'] == 1 || $CONFIG['ecard_captcha'] == 2 && !USER_ID) {
if (!captcha_plugin_enabled('ecard')) {
require "include/captcha.inc.php";
$matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/');
if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) {
if ($CONFIG['log_mode'] != 0) {
log_write('Captcha authentication for ecard failed for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG);
}
cpg_die(ERROR, $lang_errors['captcha_error'], __FILE__, __LINE__);
}
} else {
CPGPluginAPI::action('captcha_ecard_validate', null);
}
}
require 'include/mailer.inc.php';
if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
$n_picname = get_pic_url($row, 'normal');
} else {
$n_picname = get_pic_url($row, 'fullsize');
}
if (!stristr($n_picname, 'http:')) {
$n_picname = $gallery_url_prefix . $n_picname;
}
$msg_content = process_smilies($message, $gallery_url_prefix);
$data = array('rn' => $superCage->post->noTags('recipient_name'), 'sn' => $superCage->post->noTags('sender_name'), 'se' => $sender_email, 'p' => $n_picname, 'g' => $greetings, 'm' => $message, 'pid' => $pid, 'pt' => $pic_title, 'pc' => $pic_caption);
$encoded_data = urlencode(base64_encode(serialize($data)));
$params = array('{LANG_DIR}' => $lang_text_dir, '{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name), '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'], '{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data={$encoded_data}", '{VIEW_ECARD_LNK}' => $lang_ecard_php['view_ecard'], '{VIEW_ECARD_LNK_PLAINTEXT}' => $lang_ecard_php['view_ecard_plaintext'], '{PIC_URL}' => $n_picname, '{URL_PREFIX}' => $gallery_url_prefix, '{GREETINGS}' => $greetings, '{MESSAGE}' => bb_decode($msg_content), '{PLAINTEXT_MESSAGE}' => $message, '{SENDER_EMAIL}' => $sender_email, '{SENDER_NAME}' => $sender_name, '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'], '{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'], '{PID}' => $pid, '{PIC_TITLE}' => $pic_title, '{PIC_CAPTION}' => bb_decode($pic_caption), '{PIC_MARKUP}' => $pic_markup);
function theme_display_thumbnails(&$thumb_list, $nbThumb, $album_name, $aid, $cat, $page, $total_pages, $sort_options, $display_tabs, $mode = 'thumb', $date = '')
{
global $CONFIG, $CURRENT_ALBUM_DATA;
global $template_thumb_view_title_row, $template_fav_thumb_view_title_row, $lang_thumb_view, $lang_common, $template_tab_display, $template_thumbnail_view, $lang_album_list, $lang_errors;
$superCage = Inspekt::makeSuperCage();
static $header = '';
static $thumb_cell = '';
static $empty_cell = '';
static $row_separator = '';
static $footer = '';
static $tabs = '';
static $spacer = '';
if ($header == '') {
$thumb_cell = template_extract_block($template_thumbnail_view, 'thumb_cell');
$tabs = template_extract_block($template_thumbnail_view, 'tabs');
$header = template_extract_block($template_thumbnail_view, 'header');
$empty_cell = template_extract_block($template_thumbnail_view, 'empty_cell');
$row_separator = template_extract_block($template_thumbnail_view, 'row_separator');
$footer = template_extract_block($template_thumbnail_view, 'footer');
$spacer = template_extract_block($template_thumbnail_view, 'spacer');
}
$cat_link = is_numeric($aid) ? '' : '&cat=' . $cat;
$date_link = $date == '' ? '' : '&date=' . $date;
if ($superCage->get->getInt('uid')) {
$uid_link = '&uid=' . $superCage->get->getInt('uid');
} else {
$uid_link = '';
}
$album_types = array('albums' => array('lastalb'));
$album_types = CPGPluginAPI::filter('theme_thumbnails_album_types', $album_types);
$theme_thumb_tab_tmpl = $template_tab_display;
if ($mode == 'thumb') {
$theme_thumb_tab_tmpl['left_text'] = strtr($theme_thumb_tab_tmpl['left_text'], array('{LEFT_TEXT}' => in_array($aid, $album_types['albums']) ? $lang_album_list['album_on_page'] : $lang_thumb_view['pic_on_page']));
$theme_thumb_tab_tmpl['page_link'] = strtr($theme_thumb_tab_tmpl['page_link'], array('{LINK}' => 'thumbnails.php?album=' . $aid . $cat_link . $date_link . $uid_link . '&page=%d'));
} else {
$theme_thumb_tab_tmpl['left_text'] = strtr($theme_thumb_tab_tmpl['left_text'], array('{LEFT_TEXT}' => $lang_thumb_view['user_on_page']));
$theme_thumb_tab_tmpl['page_link'] = strtr($theme_thumb_tab_tmpl['page_link'], array('{LINK}' => 'index.php?cat=' . $cat . '&page=%d'));
}
$thumbcols = $CONFIG['thumbcols'];
$cell_width = ceil(100 / $CONFIG['thumbcols']) . '%';
$tabs_html = $display_tabs ? create_tabs($nbThumb, $page, $total_pages, $theme_thumb_tab_tmpl) : '';
if (!GALLERY_ADMIN_MODE && stripos($template_thumb_view_title_row, 'admin_buttons') !== false) {
template_extract_block($template_thumb_view_title_row, 'admin_buttons');
}
// The sort order options are not available for meta albums
if ($sort_options) {
if (GALLERY_ADMIN_MODE) {
$param = array('{ALBUM_ID}' => $aid, '{CAT_ID}' => $cat > 0 ? $cat : $CURRENT_ALBUM_DATA['category'], '{MODIFY_LNK}' => $lang_common['album_properties'], '{MODIFY_ICO}' => cpg_fetch_icon('modifyalb', 1), '{PARENT_CAT_LNK}' => $lang_common['parent_category'], '{PARENT_CAT_ICO}' => cpg_fetch_icon('category', 1), '{EDIT_PICS_LNK}' => $lang_common['edit_files'], '{EDIT_PICS_ICO}' => cpg_fetch_icon('edit', 1), '{ALBUM_MGR_LNK}' => $lang_common['album_manager'], '{ALBUM_MGR_ICO}' => cpg_fetch_icon('alb_mgr', 1));
} else {
$param = array();
}
$param['{ALBUM_NAME}'] = $album_name;
// Plugin Filter: allow plugin to modify or add tags to process
$param = CPGPluginAPI::filter('theme_thumbnails_title', $param);
$title = template_eval($template_thumb_view_title_row, $param);
} elseif ($aid == 'favpics' && $CONFIG['enable_zipdownload'] > 0) {
//Lots of stuff can be added here later
$param = array('{ALBUM_ID}' => $aid, '{ALBUM_NAME}' => $album_name, '{DOWNLOAD_ZIP}' => cpg_fetch_icon('zip', 2) . $lang_thumb_view['download_zip']);
// Plugin Filter: allow plugin to modify or add tags to process
$param = CPGPluginAPI::filter('theme_thumbnails_title', $param);
$title = template_eval($template_fav_thumb_view_title_row, $param);
} else {
$title = $album_name;
}
CPGPluginAPI::action('theme_thumbnails_wrapper_start', null);
if ($mode == 'thumb') {
starttable('100%', $title, $thumbcols);
} else {
starttable('100%');
}
$header = CPGPluginAPI::filter('theme_thumbnails_header', $header);
echo $header;
$i = 0;
global $thumb;
// make $thumb accessible to plugins
foreach ($thumb_list as $thumb) {
$i++;
if ($mode == 'thumb') {
if (in_array($aid, $album_types['albums'])) {
$params = array('{CELL_WIDTH}' => $cell_width, '{LINK_TGT}' => "thumbnails.php?album={$thumb['aid']}", '{THUMB}' => $thumb['image'], '{CAPTION}' => $thumb['caption'], '{ADMIN_MENU}' => $thumb['admin_menu']);
} else {
// determine if thumbnail link targets should open in a pop-up
if ($CONFIG['thumbnail_to_fullsize'] == 1) {
// code for full-size pop-up
if (!USER_ID && $CONFIG['allow_unlogged_access'] <= 2) {
$target = 'javascript:;" onclick="alert(\'' . sprintf($lang_errors['login_needed'], '', '', '', '') . '\');';
} elseif (USER_ID && USER_ACCESS_LEVEL <= 2) {
$target = 'javascript:;" onclick="alert(\'' . sprintf($lang_errors['access_intermediate_only'], '', '', '', '') . '\');';
} else {
$target = 'javascript:;" onclick="MM_openBrWindow(\'displayimage.php?pid=' . $thumb['pid'] . '&fullsize=1\',\'' . uniqid(rand()) . '\',\'scrollbars=yes,toolbar=no,status=no,resizable=yes,width=' . ((int) $thumb['pwidth'] + (int) $CONFIG['fullsize_padding_x']) . ',height=' . ((int) $thumb['pheight'] + (int) $CONFIG['fullsize_padding_y']) . '\');';
}
} elseif ($aid == 'random') {
$target = "displayimage.php?pid={$thumb['pid']}{$uid_link}#top_display_media";
} elseif ($aid == 'lastcom' || $aid == 'lastcomby') {
$page = cpg_get_comment_page_number($thumb['msg_id']);
$page = is_numeric($page) ? "&page={$page}" : '';
$target = "displayimage.php?album={$aid}{$cat_link}{$date_link}&pid={$thumb['pid']}{$uid_link}&msg_id={$thumb['msg_id']}{$page}#comment{$thumb['msg_id']}";
} else {
$target = "displayimage.php?album={$aid}{$cat_link}{$date_link}&pid={$thumb['pid']}{$uid_link}#top_display_media";
}
$params = array('{CELL_WIDTH}' => $cell_width, '{LINK_TGT}' => $target, '{THUMB}' => $thumb['image'], '{CAPTION}' => $thumb['caption'], '{ADMIN_MENU}' => $thumb['admin_menu']);
}
} else {
// mode != 'thumb'
// Used for mode = 'user' from list_users() in index.php
$params = array('{CELL_WIDTH}' => $cell_width, '{LINK_TGT}' => "index.php?cat={$thumb['cat']}", '{THUMB}' => $thumb['image'], '{CAPTION}' => $thumb['caption'], '{ADMIN_MENU}' => '');
}
// Plugin Filter: allow plugin to modify or add tags to process
$params = CPGPluginAPI::filter('theme_display_thumbnails_params', $params);
echo template_eval($thumb_cell, $params);
if ($i % $thumbcols == 0 && $i < count($thumb_list)) {
echo $row_separator;
}
}
// foreach $thumb
unset($thumb);
// unset $thumb to avoid conflicting with global
for (; $i % $thumbcols; $i++) {
echo $empty_cell;
}
$footer = CPGPluginAPI::filter('theme_thumbnails_footer', $footer);
echo $footer;
if ($display_tabs) {
$params = array('{THUMB_COLS}' => $thumbcols, '{TABS}' => $tabs_html);
echo template_eval($tabs, $params);
}
endtable();
CPGPluginAPI::action('theme_thumbnails_wrapper_end', null);
echo $spacer;
}
$approved_no_set .= $superCage->post->getInt('status_approved_no' . $message_id_check) . ',';
}
}
$approved_yes_set = rtrim($approved_yes_set, ',');
$approved_no_set = rtrim($approved_no_set, ',');
$nb_com_yes = 0;
$nb_com_no = 0;
if ($approved_yes_set != '') {
cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET `approval` = 'YES' WHERE msg_id IN ({$approved_yes_set})");
$nb_com_yes = mysql_affected_rows();
}
if ($approved_no_set != '') {
cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET `approval` = 'NO' WHERE msg_id IN ({$approved_no_set})");
$nb_com_no = mysql_affected_rows();
}
CPGPluginAPI::action('comment_approve', array('approved_yes_set' => $approved_yes_set, 'approved_no_set' => $approved_no_set));
}
$nb_com_del = 0;
//if (isset($_POST['cid_array'])) { // have any checkboxes been ticked?
if ($superCage->post->keyExists('cid_array')) {
$cid_array = $superCage->post->getEscaped('cid_array');
$cid_set = '';
foreach ($cid_array as $cid) {
$cid_set .= $cid_set == '' ? '(' . $cid : ', ' . $cid;
if ($superCage->post->getAlpha('with_selected') == 'approve' && $superCage->post->getInt('spam' . $cid) == 'YES') {
$akismet_ham_array[] = $cid;
}
}
$cid_set .= ')';
//Check if the form token is valid
if (!checkFormToken()) {
function delete_picture($pid, $tablecellstyle = 'tableb')
{
global $CONFIG, $header_printed, $lang_errors, $lang_delete_php, $LINEBREAK;
if (!$header_printed) {
output_table_header();
}
$green = cpg_fetch_icon('ok', 0, $lang_delete_php['del_success']);
$red = cpg_fetch_icon('stop', 0, $lang_delete_php['err_del']);
// We will be selecting pid in the query as we need it in $pic array for the plugin filter
if (GALLERY_ADMIN_MODE) {
$query = "SELECT pid, aid, filepath, filename FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}'";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = $result->fetchAssoc(true);
} else {
$query = "SELECT pid, p.aid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid='{$pid}'";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = $result->fetchAssoc(true);
if (!($pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
}
$aid = $pic['aid'];
$dir = $CONFIG['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], htmlspecialchars($dir)), __FILE__, __LINE__);
}
// Plugin filter to be called before deleting a file
CPGPluginAPI::action('before_delete_file', $pic);
echo '<tr>';
echo "<td class=\"" . $tablecellstyle . "\">" . htmlspecialchars($file) . "</td>";
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
// Check for custom thumbnails for non-images
if (!is_image($file)) {
$mime_content = cpg_get_type($file);
$file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file));
foreach (array('.gif', '.png', '.jpg') as $thumb_extension) {
if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) {
// Thumbnail found, check if it's the only file using that thumbnail
$count = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'")->result(0);
if ($count == 1) {
unset($files[count($files) - 1]);
$files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension;
break;
}
}
}
}
foreach ($files as $currFile) {
echo "<td class=\"" . $tablecellstyle . "\" align=\"center\">";
if (is_file($currFile)) {
if (@unlink($currFile)) {
echo $green;
} else {
echo $red;
}
} else {
echo " ";
}
echo "</td>";
}
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'";
cpg_db_query($query);
echo "<td class=\"" . $tablecellstyle . "\" align=\"center\">";
if (cpg_db_affected_rows() > 0) {
echo $green;
} else {
echo " ";
}
echo "</td>";
$query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = {$pid}";
cpg_db_query($query);
$query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1";
cpg_db_query($query);
echo "<td class=\"" . $tablecellstyle . "\" align=\"center\">";
if (cpg_db_affected_rows() > 0) {
echo $green;
} else {
echo $red;
}
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '{$pid}'";
cpg_db_query($query);
echo '</td>';
echo '</tr>' . $LINEBREAK;
// Plugin filter to be called after a file is deleted
CPGPluginAPI::action('after_delete_file', $pic);
return $aid;
}
$message = addslashes(htmlspecialchars($superCage->post->getRaw('message')));
$captcha = ($matches = $superCage->post->getMatched('captcha', '/^[a-zA-Z0-9]+$/')) ? $matches[0] : '';
// sanitize user-input
$html_message = str_replace('<', '<', $message);
$expand_array = array();
// check captcha
if (!USER_ID && $CONFIG['contact_form_guest_enable'] == 1 || USER_ID && $CONFIG['contact_form_registered_enable'] == 1) {
if (!captcha_plugin_enabled('contact')) {
require_once "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha)) {
$captcha_remark = $lang_errors['captcha_error'];
$expand_array[] = 'captcha_remark';
$error++;
}
} else {
CPGPluginAPI::action('captcha_contact_validate', null);
}
}
// check email address
if (!USER_ID && $CONFIG['contact_form_guest_email_field'] == 2) {
if (!Inspekt::isEmail($email_address)) {
$expand_array[] = 'email_remark';
$error++;
}
}
// check subject field
if ($CONFIG['contact_form_subject_field'] >= 2 && $subject == '') {
$expand_array[] = 'subject_remark';
$error++;
}
// check message field
{$lastComDate}
{$lastComText}
</td>
</tr>
<tr>
<td align="left" valign="top" class="tableb tableb_alternate">
{$lang_register_php['last_uploads']}
{$lastUploadByText}
</td>
<td align="left" valign="top" class="tableb tableb_alternate">
{$lastUploadText}
</td>
</tr>
EOT;
CPGPluginAPI::action('profile_display_form', null);
echo <<<EOT
<tr>
<td colspan="2" align="center" class="tablef">
<button type="submit" class="button" name="change_profile" id="change_profile" value="{$lang_common['apply_changes']}">{$icon_array['ok']}{$lang_common['apply_changes']}</button>
<button type="submit" class="button" name="change_pass" id="change_pass" value="{$lang_register_php['change_pass']}">{$icon_array['password']}{$lang_register_php['change_pass']}</button>
</td>
</tr>
EOT;
endtable();
list($timestamp, $form_token) = getFormToken();
echo "<input type=\"hidden\" name=\"form_token\" value=\"{$form_token}\" />\n <input type=\"hidden\" name=\"timestamp\" value=\"{$timestamp}\" /></form>";
if ($CONFIG['allow_user_account_delete'] != 0) {
// user is allowed to delete his account --- start
print <<<EOT
/**
* process_post_data()
*
* Function to process the form posted
*/
function process_post_data()
{
global $CONFIG, $user_albums_list, $lang_errors;
$superCage = Inspekt::makeSuperCage();
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$user_album_set = array();
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'");
while ($row = $result->fetchAssoc()) {
$user_album_set[$row['aid']] = 1;
}
$result->free();
$pid_array = $superCage->post->getInt('pid');
if (!is_array($pid_array)) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__);
}
if ($superCage->post->keyExists('galleryicon')) {
$galleryicon = $superCage->post->getInt('galleryicon');
} else {
$galleryicon = '';
}
foreach ($pid_array as $pid) {
$aid = $superCage->post->getInt("aid{$pid}");
$title = get_post_var('title', $pid);
$caption = get_post_var('caption', $pid);
$keywords = get_post_var('keywords', $pid);
$user1 = get_post_var('user1', $pid);
$user2 = get_post_var('user2', $pid);
$user3 = get_post_var('user3', $pid);
$user4 = get_post_var('user4', $pid);
$delete = false;
$reset_vcount = false;
$reset_votes = false;
$del_comments = false;
$isgalleryicon = $galleryicon === $pid;
if ($superCage->post->keyExists('delete' . $pid)) {
$delete = $superCage->post->getInt('delete' . $pid);
}
if ($superCage->post->keyExists('reset_vcount' . $pid)) {
$reset_vcount = $superCage->post->getInt('reset_vcount' . $pid);
}
if ($superCage->post->keyExists('reset_votes' . $pid)) {
$reset_votes = $superCage->post->getInt('reset_votes' . $pid);
}
if ($superCage->post->keyExists('del_comments' . $pid)) {
$del_comments = $superCage->post->getInt('del_comments' . $pid);
}
// We will be selecting pid in the query as we need it in $pic array for the plugin filter
$query = "SELECT pid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = {$pid}";
$result = cpg_db_query($query);
if (!$result->numRows()) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = $result->fetchAssoc(true);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}
cpg_trim_keywords($keywords);
$update = "aid = '{$aid}'";
$update .= ", title = '{$title}'";
$update .= ", caption = '{$caption}'";
$update .= ", keywords = '{$keywords}'";
$update .= ", user1 = '{$user1}'";
$update .= ", user2 = '{$user2}'";
$update .= ", user3 = '{$user3}'";
$update .= ", user4 = '{$user4}'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}");
$update .= ", galleryicon = " . $galleryicon;
}
if (is_movie($pic['filename'])) {
$pwidth = $superCage->post->getInt('pwidth' . $pid);
$pheight = $superCage->post->getInt('pheight' . $pid);
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
if ($reset_vcount) {
$update .= ", hits = 0";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = 0, votes = 0";
resetDetailVotes($pid);
}
if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) {
$approved = '';
if ($superCage->post->keyExists('approved' . $pid)) {
$approved = $superCage->post->getAlpha('approved' . $pid);
}
if ($approved == 'YES') {
$update .= ", approved = 'YES'";
} else {
$update .= ", approved = 'NO'";
}
}
if ($del_comments || $delete) {
cpg_db_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = {$pid}");
}
if ($delete) {
$dir = $CONFIG['fullpath'] . $pic['filepath'];
$file = $pic['filename'];
if (!is_writable($dir)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__);
}
$files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file);
// Check for custom thumbnails for non-images
if (!is_image($file)) {
$mime_content = cpg_get_type($file);
$file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file));
foreach (array('.gif', '.png', '.jpg') as $thumb_extension) {
if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) {
// Thumbnail found, check if it's the only file using that thumbnail
$count = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'")->result(0);
if ($count == 1) {
unset($files[count($files) - 1]);
$files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension;
break;
}
}
}
}
foreach ($files as $currFile) {
if (is_file($currFile)) {
@unlink($currFile);
}
}
// Plugin filter to be called before deleting a file
CPGPluginAPI::action('before_delete_file', $pic);
cpg_db_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid} LIMIT 1");
cpg_db_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '{$pid}'");
// Plugin filter to be called after a file is deleted
CPGPluginAPI::action('after_delete_file', $pic);
} else {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid = {$pid}");
// Executes after a file update is committed
CPGPluginAPI::action('after_edit_file', $pid);
}
}
}
// Check that the file uploaded has a valid extension
if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) {
$matches[1] = 'invalid_fname';
$matches[2] = 'xxx';
}
if ($matches[2] == '' || !is_known_filetype($matches)) {
cpg_die(ERROR, $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], __FILE__, __LINE__);
}
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
$uploaded_pic = $dest_dir . $picture_name;
CPGPluginAPI::action('upload_html_pre_move', $superCage->files->getRaw("/userpicture/tmp_name"));
// Move the picture into its final location
// getRaw is safe here since this filename is generated by the server
if (!move_uploaded_file($superCage->files->getRaw("/userpicture/tmp_name"), $uploaded_pic)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
}
// Change file permission
chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
// Get picture information
// Check that picture file size is lower than the maximum allowed
if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] * 1024) {
@unlink($uploaded_pic);
cpg_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
} elseif (is_image($picture_name)) {
$imginfo = cpg_getimagesize($uploaded_pic);
if ($imginfo == null) {
// Create a unique name for the uploaded file
$nr = 0;
$picture_name = $matches[1] . '.' . $matches[2];
while (file_exists($dest_dir . $picture_name)) {
$picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
}
// Create path for final location.
$uploaded_pic = $dest_dir . $picture_name;
// Form path to temporary image.
$path_to_image = './' . $CONFIG['fullpath'] . 'edit/' . $tempname;
// prevent moving the edit directory...
if (is_dir($path_to_image)) {
echo 'error|' . $lang_upload_php['failure'] . " - '{$path_to_image}'|0";
exit;
}
CPGPluginAPI::action('upload_swf_pre_move', $path_to_image);
// Move the picture into its final location
if (rename($path_to_image, $uploaded_pic)) {
// Change file permission
@chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
//silence the output in case chmod is disabled
$CURRENT_PIC_DATA = array();
// Create thumbnail and intermediate image and add the image into the DB
$result = add_picture($album, $filepath, $picture_name, 0, '', '', '', '', '', '', '', $category);
if ($result !== true) {
// The file could not be placed.
$file_placement = 'no';
} else {
$CURRENT_PIC_DATA['url_prefix'] = 0;
// The file was placed successfully.
$file_placement = 'yes';
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
mysql_free_result($result);
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
mysql_free_result($result);
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
mysql_free_result($result);
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
$encpassword = md5($password);
$user_language = $CONFIG['lang'];
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = mysql_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = mysql_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row = mysql_fetch_assoc($result)) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach ($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
function process_post_data()
{
global $CONFIG, $USER_DATA, $lang_errors, $lang_editpics_php, $superCage;
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$user_album_set = array();
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'");
while ($row = mysql_fetch_assoc($result)) {
$user_album_set[$row['aid']] = 1;
}
mysql_free_result($result);
$pid = $superCage->post->getInt('id');
$aid = $superCage->post->getInt('aid');
$pwidth = $superCage->post->getInt('pwidth');
$pheight = $superCage->post->getInt('pheight');
$title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title'));
$caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption'));
$keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords')));
$user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1'));
$user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2'));
$user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3'));
$user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4'));
$galleryicon = $superCage->post->getInt('galleryicon');
$isgalleryicon = $galleryicon == $pid;
$read_exif = $superCage->post->keyExists('read_exif') ? $superCage->post->getInt('read_exif') : 0;
$reset_vcount = $superCage->post->keyExists('reset_vcount') ? $superCage->post->getInt('reset_vcount') : 0;
$reset_votes = $superCage->post->keyExists('reset_votes') ? $superCage->post->getInt('reset_votes') : 0;
$del_comments = $superCage->post->keyExists('del_comments') ? $superCage->post->getInt('del_comments') : 0;
$result = cpg_db_query("SELECT category, owner_id, url_prefix, filepath, filename, pwidth, pheight, p.aid AS aid FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = '{$pid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$pic = mysql_fetch_assoc($result);
mysql_free_result($result);
if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) {
if ($pic['category'] != FIRST_USER_CAT + USER_ID) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if (!isset($user_album_set[$aid])) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}
if (!USER_ID || !(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '{$aid}'");
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
}
$new_alb = mysql_fetch_assoc($result);
mysql_free_result($result);
cpg_trim_keywords($keywords);
$update = "aid = '{$aid}'";
if (is_movie($pic['filename'])) {
$update .= ", pwidth = " . $pwidth;
$update .= ", pheight = " . $pheight;
}
$update .= ", title = '{$title}'";
$update .= ", caption = '{$caption}'";
$update .= ", keywords = '{$keywords}'";
if (GALLERY_ADMIN_MODE) {
$approved = $superCage->post->getAlpha('approved');
$update .= ", approved = '{$approved}'";
} elseif ($new_alb['category'] < FIRST_USER_CAT && $aid != $pic['aid']) {
$approved = $USER_DATA['pub_upl_need_approval'] ? 'NO' : 'YES';
$update .= ", approved = '{$approved}'";
} elseif ($new_alb['category'] > FIRST_USER_CAT && $aid != $pic['aid'] && $pic['category'] < FIRST_USER_CAT) {
$approved = $USER_DATA['priv_upl_need_approval'] ? 'NO' : 'YES';
$update .= ", approved = '{$approved}'";
}
$update .= ", user1 = '{$user1}'";
$update .= ", user2 = '{$user2}'";
$update .= ", user3 = '{$user3}'";
$update .= ", user4 = '{$user4}'";
if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) {
$sql = "UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}";
cpg_db_query($sql);
$update .= ", galleryicon = " . $galleryicon;
}
if ($reset_vcount) {
$update .= ", hits = 0";
resetDetailHits($pid);
}
if ($reset_votes) {
$update .= ", pic_rating = 0, votes = 0";
resetDetailVotes($pid);
}
if ($read_exif) {
// If "read exif info again" is checked then just delete the entry from the exif table.
// The new exif information will automatically be read when someone views the image.
$query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = '{$pid}'";
cpg_db_query($query);
}
if ($del_comments) {
$query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '{$pid}'";
cpg_db_query($query);
}
$query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1";
cpg_db_query($query);
// Executes after a file update is committed
CPGPluginAPI::action('after_edit_file', $pid);
// rename a file
if ($superCage->post->keyExists('filename')) {
$post_filename = $superCage->post->getEscaped('filename');
}
if ($post_filename != $pic['filename']) {
if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($pic['pwidth'], $pic['pheight'])) {
$prefixes = array('fullsize', 'normal', 'thumb');
} else {
$prefixes = array('fullsize', 'thumb');
}
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$prefixes[] = 'orig';
}
if (!is_image($pic['filename'])) {
$prefixes = array('fullsize');
// Check for custom thumbnails
$mime_content_old = cpg_get_type($pic['filename']);
$mime_content_new = cpg_get_type(replace_forbidden($post_filename));
$file_base_name_old = str_replace('.' . $mime_content_old['extension'], '', basename($pic['filename']));
foreach (array('.gif', '.png', '.jpg') as $thumb_extension) {
if (file_exists($CONFIG['fullpath'] . $pic['filepath'] . $CONFIG['thumb_pfx'] . $file_base_name_old . $thumb_extension)) {
// Thumbnail found, check if it's the only file using that thumbnail
$count = mysql_result(cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name_old}.%'"), 0);
if ($count == 1) {
$prefixes[] = 'thumb';
$custom_thumb = TRUE;
break;
}
}
}
}
$pic_prefix = array('thumb' => $CONFIG['thumb_pfx'], 'normal' => $CONFIG['normal_pfx'], 'orig' => $CONFIG['orig_pfx'], 'fullsize' => '');
$files_to_rename = array();
foreach ($prefixes as $prefix) {
$oldname = urldecode($CONFIG['fullpath'] . $pic['filepath'] . $pic_prefix[$prefix] . $pic['filename']);
$filename = replace_forbidden($post_filename);
$newname = str_replace($pic['filename'], $filename, $oldname);
if ($custom_thumb == TRUE && $prefix == 'thumb') {
$oldname = str_replace('.' . $mime_content_old['extension'], $thumb_extension, $oldname);
$newname = str_replace('.' . $mime_content_new['extension'], $thumb_extension, $newname);
}
$old_mime = cpg_get_type($oldname);
$new_mime = cpg_get_type($newname);
if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__);
}
if (!is_known_filetype($newname)) {
cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__);
}
if (file_exists($newname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__);
}
if (!file_exists($oldname)) {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__);
}
// Check if there will be no conflicts before doing anything
$files_to_rename[] = array('oldname' => $oldname, 'filename' => $filename, 'newname' => $newname);
}
if (count($files_to_rename) > 0) {
foreach ($files_to_rename as $file) {
if (rename($file['oldname'], $file['newname'])) {
cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$file['filename']}' WHERE pid = '{$pid}' LIMIT 1");
} else {
cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__);
}
}
}
}
}
function add_picture($aid, $filepath, $filename, $position = 0, $title = '', $caption = '', $keywords = '', $user1 = '', $user2 = '', $user3 = '', $user4 = '', $category = 0, $raw_ip = '', $hdr_ip = '', $iwidth = 0, $iheight = 0)
{
global $CONFIG, $USER_DATA, $PIC_NEED_APPROVAL, $CURRENT_PIC_DATA;
global $lang_errors, $lang_db_input_php;
$image = $CONFIG['fullpath'] . $filepath . $filename;
$normal = $CONFIG['fullpath'] . $filepath . $CONFIG['normal_pfx'] . $filename;
$thumb = $CONFIG['fullpath'] . $filepath . $CONFIG['thumb_pfx'] . $filename;
$orig = $CONFIG['fullpath'] . $filepath . $CONFIG['orig_pfx'] . $filename;
// $mini = $CONFIG['fullpath'] . $filepath . $CONFIG['mini_pfx'] . $filename;
$work_image = $image;
if (!is_known_filetype($image)) {
return array('error' => $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], 'halt_upload' => 0);
} elseif (is_image($filename)) {
$imagesize = cpg_getimagesize($image);
if ($CONFIG['read_iptc_data']) {
// read IPTC data
$iptc = get_IPTC($image);
if (is_array($iptc) && !$title && !$caption && !$keywords) {
//if any of those 3 are filled out we don't want to override them, they may be blank on purpose.
$title = isset($iptc['Headline']) ? trim($iptc['Headline']) : $title;
$caption = isset($iptc['Caption']) ? trim($iptc['Caption']) : $caption;
$keywords = isset($iptc['Keywords']) ? implode($CONFIG['keyword_separator'], $iptc['Keywords']) : $keywords;
}
}
// resize picture if it's bigger than the max width or height for uploaded pictures
if (max($imagesize[0], $imagesize[1]) > $CONFIG['max_upl_width_height']) {
if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) {
$resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
resize_image($image, $image, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $resize_method, 'false');
$imagesize = cpg_getimagesize($image);
} elseif (USER_IS_ADMIN) {
// skip resizing for admin
$picture_original_size = true;
} else {
@unlink($uploaded_pic);
$msg = sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']);
return array('error' => $msg, 'halt_upload' => 1);
}
}
// create backup of full sized picture if watermark is enabled for full sized pictures
if (!file_exists($orig) && $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
if (!copy($image, $orig)) {
return false;
} else {
$work_image = $orig;
}
}
if (!file_exists($thumb)) {
// create thumbnail
if (($result = resize_image($work_image, $thumb, $CONFIG['thumb_width'], $CONFIG['thumb_method'], $CONFIG['thumb_use'], "false", 1)) !== true) {
return $result;
}
}
if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($imagesize[0], $imagesize[1]) && !file_exists($normal)) {
// create intermediate sized picture
$resize_method = $CONFIG['picture_use'] == "thumb" ? $CONFIG['thumb_use'] == "ex" ? "any" : $CONFIG['thumb_use'] : $CONFIG['picture_use'];
$watermark = $CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'resized') ? 'true' : 'false';
if (($result = resize_image($work_image, $normal, $CONFIG['picture_width'], $CONFIG['thumb_method'], $resize_method, $watermark)) !== true) {
return $result;
}
}
// watermark full sized picture
if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) {
$wm_max_upl_width_height = $picture_original_size ? max($imagesize[0], $imagesize[1]) : $CONFIG['max_upl_width_height'];
// use max aspect of original image if it hasn't been resized earlier
if (($result = resize_image($work_image, $image, $wm_max_upl_width_height, $CONFIG['thumb_method'], 'any', 'true')) !== true) {
return $result;
}
}
} else {
$imagesize[0] = $iwidth;
$imagesize[1] = $iheight;
}
clearstatcache();
$image_filesize = filesize($image);
$total_filesize = is_image($filename) ? $image_filesize + (file_exists($normal) ? filesize($normal) : 0) + filesize($thumb) : $image_filesize;
// Test if disk quota exceeded
if (!GALLERY_ADMIN_MODE && $USER_DATA['group_quota'] && $category == FIRST_USER_CAT + USER_ID) {
$result = cpg_db_query("SELECT sum(total_filesize) FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND category = '" . (FIRST_USER_CAT + USER_ID) . "'");
$record = mysql_fetch_array($result);
$total_space_used = $record[0];
mysql_free_result($result);
if ($total_space_used + $total_filesize >> 10 > $USER_DATA['group_quota']) {
@unlink($image);
if (is_image($image)) {
@unlink($normal);
@unlink($thumb);
}
$msg = $lang_errors['quota_exceeded'] . '<br /> <br />' . strtr($lang_errors['quota_exceeded_details'], array('[quota]' => $USER_DATA['group_quota'], '[space]' => $total_space_used >> 10));
return array('error' => $msg, 'halt_upload' => 1);
}
}
// Test if picture requires approval
if (GALLERY_ADMIN_MODE) {
$approved = 'YES';
} elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) {
$approved = 'YES';
} elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) {
$approved = 'YES';
} else {
$approved = 'NO';
}
$PIC_NEED_APPROVAL = $approved == 'NO';
// User ID is recorded when in admin mode
$user_id = USER_ID;
// Populate Array to pass to plugins, then to SQL
$CURRENT_PIC_DATA['aid'] = $aid;
$CURRENT_PIC_DATA['filepath'] = $filepath;
$CURRENT_PIC_DATA['filename'] = $filename;
$CURRENT_PIC_DATA['filesize'] = $image_filesize;
$CURRENT_PIC_DATA['total_filesize'] = $total_filesize;
$CURRENT_PIC_DATA['pwidth'] = $imagesize[0];
$CURRENT_PIC_DATA['pheight'] = $imagesize[1];
$CURRENT_PIC_DATA['owner_id'] = $user_id;
$CURRENT_PIC_DATA['title'] = $title;
$CURRENT_PIC_DATA['caption'] = $caption;
$CURRENT_PIC_DATA['keywords'] = $keywords;
$CURRENT_PIC_DATA['approved'] = $approved;
$CURRENT_PIC_DATA['user1'] = $user1;
$CURRENT_PIC_DATA['user2'] = $user2;
$CURRENT_PIC_DATA['user3'] = $user3;
$CURRENT_PIC_DATA['user4'] = $user4;
$CURRENT_PIC_DATA['pic_raw_ip'] = $raw_ip;
$CURRENT_PIC_DATA['pic_hdr_ip'] = $hdr_ip;
$CURRENT_PIC_DATA['position'] = $position;
$CURRENT_PIC_DATA['guest_token'] = USER_ID == 0 ? cpg_get_guest_token() : '';
$CURRENT_PIC_DATA = CPGPluginAPI::filter('add_file_data', $CURRENT_PIC_DATA);
if (USER_ID > 0 || $CONFIG['allow_guests_enter_file_details'] == 1) {
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '{$CURRENT_PIC_DATA['title']}', '{$CURRENT_PIC_DATA['caption']}', '{$CURRENT_PIC_DATA['keywords']}', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')";
} else {
$query = "INSERT INTO {$CONFIG['TABLE_PICTURES']} (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('{$CURRENT_PIC_DATA['aid']}', '" . addslashes($CURRENT_PIC_DATA['filepath']) . "', '" . addslashes($CURRENT_PIC_DATA['filename']) . "', '{$CURRENT_PIC_DATA['filesize']}', '{$CURRENT_PIC_DATA['total_filesize']}', '{$CURRENT_PIC_DATA['pwidth']}', '{$CURRENT_PIC_DATA['pheight']}', '" . time() . "', '{$CURRENT_PIC_DATA['owner_id']}', '', '', '', '{$CURRENT_PIC_DATA['approved']}', '{$CURRENT_PIC_DATA['user1']}', '{$CURRENT_PIC_DATA['user2']}', '{$CURRENT_PIC_DATA['user3']}', '{$CURRENT_PIC_DATA['user4']}', '{$CURRENT_PIC_DATA['pic_raw_ip']}', '{$CURRENT_PIC_DATA['pic_hdr_ip']}', '{$CURRENT_PIC_DATA['position']}', '{$CURRENT_PIC_DATA['guest_token']}')";
}
$result = cpg_db_query($query);
// Put the pid in current_pic_data and call the plugin filter for file data success
$CURRENT_PIC_DATA['pid'] = mysql_insert_id($CONFIG['LINK_ID']);
CPGPluginAPI::action('add_file_data_success', $CURRENT_PIC_DATA);
//return $result;
return true;
}
function reply()
{
include BASE_DIR . 'include' . DS . 'smilies.inc.php';
include BASE_DIR . 'include' . DS . 'mailer.inc.php';
$vars = array();
$errors = array();
$authorizer = check_model::getInstance();
$vars['topic_id'] = $this->validate->get->getInt('id');
if (!$authorizer->is_topic_id($vars['topic_id'])) {
cpg_die(ERROR, Lang::item('error.wrong_topic_id'), __FILE__, __LINE__);
}
if (!$authorizer->can_reply($vars['topic_id'])) {
cpg_die(ERROR, Lang::item('error.perm_denied'), __FILE__, __LINE__);
}
$vars['nagavitor'] = $this->forum->get_nagavitor();
$vars['icons'] = $this->forum->get_icons();
$topic = $this->forum->get_topic_data($vars['topic_id'], 'board_id');
$messages = $this->forum->get_message($vars['topic_id'], 'subject', 'msg_id asc', '1');
$data = array('icon' => 'icon1', 'subject' => Lang::item('topic.re') . $messages[0]['subject']);
if ($this->validate->post->keyExists('submit')) {
$data = array('topic_id' => $vars['topic_id'], 'icon' => $this->validate->post->getRaw('icon'), 'subject' => $this->validate->post->getEscaped('subject'), 'body' => $this->validate->post->getRaw('body'), 'board_id' => $topic['board_id'], 'poster_time' => time(), 'poster_id' => USER_ID, 'poster_name' => USER_NAME, 'poster_ip' => Config::item('hdr_ip'), 'smileys_enabled' => 1);
if (Config::item('fr_msg_icons') == 0 && $data['icon'] == '') {
$data['icon'] = 'icon1';
}
if ($data['subject'] == '') {
$errors[] = Lang::item('error.empty_subject');
}
if ($data['icon'] == '') {
$errors[] = Lang::item('error.no_msg_icon');
}
if ($data['body'] == '') {
$errors[] = Lang::item('error.empty_body');
}
if (strlen($data['body']) > Config::item('fr_msg_max_size') && Config::item('fr_msg_max_size')) {
$data['body'] = substr($data['body'], 0, Config::item('fr_msg_max_size'));
}
global $CONFIG;
if ($CONFIG['comment_captcha'] == 1 || $CONFIG['comment_captcha'] == 2 && !USER_ID) {
if (!captcha_plugin_enabled('comment')) {
global $lang_errors;
$superCage = Inspekt::makeSuperCage();
require "include/captcha.inc.php";
$matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/');
if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) {
$errors[] = $lang_errors['captcha_error'];
}
} else {
CPGPluginAPI::action('captcha_comment_validate', null);
}
}
if (count($errors) == 0) {
if ($authorizer->double_post()) {
cpg_die(ERROR, Lang::item('error.already_post'), __FILE__, __LINE__);
} else {
$msg_id = $this->forum->insert_message($data);
// to-do: send notify email
$users = $this->forum->get_notify_user('', $vars['topic_id']);
foreach ($users as $user) {
if ($user['user_id'] == USER_ID) {
continue;
}
$user = $this->forum->get_user_data($user['user_id'], 'user_email');
// prepare email
$email_subject = Lang::item('topic.topic_reply') . $data['subject'];
$email_body = sprintf(Lang::item('topic.notify_email'), Config::item('fr_prefix_url') . 'profile.php?uid=' . USER_ID, USER_NAME, Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_title'));
// send mail
cpg_mail($user['user_email'], $email_subject, $email_body, 'text/html', Config::item('fr_title'), Config::item('gallery_admin_email'));
// set send = 0
$this->forum->set_topic_notify($vars['topic_id'], 0, $user['user_id']);
}
if ($this->validate->post->getInt('notify') === 1) {
$this->forum->set_topic_notify($vars['topic_id'], $this->validate->post->getInt('notify'));
}
if ($this->validate->post->getInt('notify') === 0) {
$this->forum->unnotify_topic($vars['topic_id']);
}
forum::message(Lang::item('common.message'), sprintf(Lang::item('message.new_msg_success'), $data['subject']), 'forum.php?c=message&id=' . $msg_id);
}
}
}
$vars['errors'] = $errors;
$vars['form'] = $data;
$this->view->render('topic/reply', $vars);
}
starttable('100%', $lang_pluginmgr_php['configure_plugin'] . ': ' . $CPG_PLUGINS['new']->name);
echo <<<EOT
<tr>
<td class="tableb" valign="top" width="100%">
EOT;
// Execute 'plugin_configure' action on the new plugin
CPGPluginAPI::action('plugin_configure', $installed, CPG_EXEC_NEW);
echo <<<EOT
</td>
</tr>
EOT;
// End the table
endtable();
} else {
// Display cleanup page table header
starttable('100%', $lang_pluginmgr_php['cleanup_plugin'] . ': ' . $CPG_PLUGINS[$plugin_id]->name);
echo <<<EOT
<tr>
<td class="tableb" valign="top" width="100%">
EOT;
// Execute 'plugin_cleanup' action on the plugin
CPGPluginAPI::action('plugin_cleanup', $uninstalled, $plugin_id);
echo <<<EOT
</td>
</tr>
EOT;
// End the table
endtable();
}
echo '<br />' . $LINEBREAK;
pagefooter();
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = {$album} AND alb_password != ''";
$result = cpg_db_query($sql);
if ($result->numRows()) {
// This album has a password.
// Check whether the cookie is set for the current albums password
$albpw = $superCage->cookie->getEscaped($CONFIG['cookie_name'] . '_albpw');
if (!empty($albpw)) {
$alb_pw = unserialize($albpw);
// Check whether the alubm id in the cookie is same as that of the album id send by get
if (isset($alb_pw[$album])) {
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE alb_password = '******' AND aid = {$album}";
$result = cpg_db_query($sql);
if ($result->numRows()) {
$valid = true;
//The album password is correct. Show the album details.
get_private_album_set();
}
}
}
} else {
// Album with no password. Might be a private or normal album. Just set valid as true.
$valid = true;
}
}
CPGPluginAPI::action('post_breadcrumb', null);
if (!$valid) {
form_albpw();
} else {
display_thumbnails($album, isset($cat) ? $cat : 0, $page, $CONFIG['thumbcols'], $CONFIG['thumbrows'], true);
}
pagefooter();
