Subversion Repositories svnkaklik

Rev

Go to most recent revision | Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
/*************************
3
  Coppermine Photo Gallery
4
  ************************
5
  Copyright (c) 2003-2005 Coppermine Dev Team
6
  v1.1 originaly written by Gregory DEMAR
7
 
8
  This program is free software; you can redistribute it and/or modify
9
  it under the terms of the GNU General Public License as published by
10
  the Free Software Foundation; either version 2 of the License, or
11
  (at your option) any later version.
12
  ********************************************
13
  Coppermine version: 1.3.3
14
  $Source: /cvsroot/coppermine/stable/include/init.inc.php,v $
15
  $Revision: 1.15 $
16
  $Author: gaugau $
17
  $Date: 2005/04/19 21:54:31 $
18
**********************************************/
19
 
20
define('COPPERMINE_VERSION', '1.3.3');
21
// User database integration
22
// Uncomment the applicable line if you want to use it
23
// define('UDB_INTEGRATION', 'phpbb');
24
// define('UDB_INTEGRATION', 'invisionboard');
25
// define('UDB_INTEGRATION', 'vbulletin23');
26
// define('UDB_INTEGRATION', 'vbulletin30');
27
// define('UDB_INTEGRATION', 'yabbse');
28
// define('UDB_INTEGRATION', 'smf');
29
// define('UDB_INTEGRATION', 'woltlab21');
30
// define('UDB_INTEGRATION', 'punbb');
31
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
32
// Start output buffering
33
ob_start();
34
// Report all errors except E_NOTICE
35
// This is the default value set in php.ini
36
// error_reporting (E_ALL ^ E_NOTICE);
37
error_reporting(E_ALL);
38
 
39
set_magic_quotes_runtime(0);
40
// used for timing purpose
41
$query_stats = array();
42
$queries = array();
43
 
44
// Perform database queries to calculate user's privileges based on group membership
45
function cpgGetUserData($pri_group, $groups, $default_group_id = 3)
46
{
47
 
48
        //Parameters :
49
        //                $pri_group (scalar) :         Group ID number of the user's 'main' group. This is the group that will be
50
        //                                                                                        the user's profile display. ($USER_DATA['group_id'])
51
        //
52
        //                $groups (array) :                        List of group ids of all the groups that the user is a member of. IF this list
53
        //                                                                                        does not include the $pri_group, it will be added.
54
        //
55
        //                $default_group_id (scalar) :         The group used as a fall-back if no valid group ids are specified.
56
        //                                                                                                        If this group also does not exist then CPG will abort with a critical
57
        //                                                                                                        error.
58
        //
59
        // Returns an array containing most of the data to put into in $USER_DATA.
60
 
61
        global $CONFIG;
62
 
63
        foreach ($groups as $key => $val)
64
                if (!is_numeric($val))
65
                        unset ($groups[$key]);
66
        if (!in_array($pri_group, $groups)) array_push($groups, $pri_group);
67
 
68
        $result = db_query("SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, " .
69
                        "MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, " .
70
                        "MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, " .
71
                        "MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, " .
72
                        "MAX(num_URI_upload) as num_URI_upload, " .
73
                        "MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, " .
74
                        "MAX(can_create_albums) as can_create_albums, " .
75
                        "MAX(has_admin_access) as has_admin_access, " .
76
                        "MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval ".
77
                        "FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id in (" .  implode(",", $groups). ")");
78
 
79
        if (mysql_num_rows($result)) {
80
                $USER_DATA = mysql_fetch_assoc($result);
81
                $result = db_query("SELECT group_name FROM  {$CONFIG['TABLE_USERGROUPS']} WHERE group_id= " . $pri_group);
82
                $temp_arr = mysql_fetch_assoc($result);
83
                $USER_DATA["group_name"] = $temp_arr["group_name"];
84
        } else {
85
                $result = db_query("SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = $default_group_id");
86
               if (!mysql_num_rows($resultt)) die('<b>Coppermine critical error</b>:<br />The group table does not contain the Anonymous group !');
87
                       $USER_DATA = mysql_fetch_assoc($result);
88
                }
89
        mysql_free_result($result);
90
 
91
        if ( $USER_DATA['ufc_max'] == $USER_DATA['ufc_min'] ) {
92
                $USER_DATA["upload_form_config"] = $USER_DATA['ufc_min'];
93
        } elseif ($USER_DATA['ufc_min'] == 0) {
94
                $USER_DATA["upload_form_config"] = $USER_DATA['ufc_max'];
95
        } elseif ((($USER_DATA['ufc_max'] == 2) or ($USER_DATA['ufc_max'] == 3)) and ($USER_DATA['ufc_min'] == 1)) {
96
                $USER_DATA["upload_form_config"] = 3;
97
        } elseif (($USER_DATA['ufc_max'] == 3) and ($USER_DATA['ufc_min'] == 2)) {
98
                $USER_DATA["upload_form_config"] = 3;
99
        } else {
100
                $USER_DATA["upload_form_config"] = 0;
101
        }
102
        $USER_DATA["group_quota"] = ($USER_DATA["disk_min"])?$USER_DATA["disk_max"]:0;
103
 
104
        $USER_DATA['can_see_all_albums'] = $USER_DATA['has_admin_access'];
105
 
106
        $USER_DATA["group_id"] = $pri_group;
107
        $USER_DATA['groups'] = $groups;
108
 
109
        if (get_magic_quotes_gpc() == 0)
110
                        $USER_DATA['group_name'] = mysql_escape_string($USER_DATA['group_name']);
111
 
112
        return($USER_DATA);
113
}
114
 
115
 
116
function cpgGetMicroTime()
117
{
118
    list($usec, $sec) = explode(" ", microtime());
119
    return ((float)$usec + (float)$sec);
120
}
121
$time_start = cpgGetMicroTime();
122
// Do some cleanup in GET, POST and cookie data and un-register global vars
123
$HTML_SUBST = array('"' => '&quot;', '<' => '&lt;', '>' => '&gt;');
124
if (get_magic_quotes_gpc()) {
125
    if (is_array($HTTP_POST_VARS)) {
126
        foreach ($HTTP_POST_VARS as $key => $value) {
127
            if (!is_array($value))
128
                $HTTP_POST_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
129
            if (isset($$key)) unset($$key);
130
        }
131
    }
132
 
133
    if (is_array($HTTP_GET_VARS)) {
134
        foreach ($HTTP_GET_VARS as $key => $value) {
135
            $HTTP_GET_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
136
            if (isset($$key)) unset($$key);
137
        }
138
    }
139
 
140
    if (is_array($HTTP_COOKIE_VARS)) {
141
        foreach ($HTTP_COOKIE_VARS as $key => $value) {
142
            if (!is_array($value))
143
                $HTTP_COOKIE_VARS[$key] = stripslashes($value);
144
            if (isset($$key)) unset($$key);
145
        }
146
    }
147
} else {
148
    if (is_array($HTTP_POST_VARS)) {
149
        foreach ($HTTP_POST_VARS as $key => $value) {
150
            if (!is_array($value))
151
                $HTTP_POST_VARS[$key] = strtr($value, $HTML_SUBST);
152
            if (isset($$key)) unset($$key);
153
        }
154
    }
155
 
156
    if (is_array($HTTP_GET_VARS)) {
157
        foreach ($HTTP_GET_VARS as $key => $value) {
158
            $HTTP_GET_VARS[$key] = strtr($value, $HTML_SUBST);
159
            if (isset($$key)) unset($$key);
160
        }
161
    }
162
 
163
    if (is_array($HTTP_COOKIE_VARS)) {
164
        foreach ($HTTP_COOKIE_VARS as $key => $value) {
165
            if (isset($$key)) unset($$key);
166
        }
167
    }
168
}
169
// Initialise the $CONFIG array and some other variables
170
$CONFIG = array();
171
$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];
172
$REFERER = urlencode($PHP_SELF . (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING'] ? '?' . $HTTP_SERVER_VARS['QUERY_STRING'] : ''));
173
$ALBUM_SET = '';
174
$FORBIDDEN_SET = '';
175
$CURRENT_CAT_NAME = '';
176
$CAT_LIST = '';
177
// Record User's IP address
178
$raw_ip = stripslashes($HTTP_SERVER_VARS['REMOTE_ADDR']);
179
 
180
if (isset($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
181
    $hdr_ip = stripslashes($HTTP_SERVER_VARS['HTTP_CLIENT_IP']);
182
} else {
183
    if (isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
184
        $hdr_ip = stripslashes($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
185
    } else {
186
        $hdr_ip = $raw_ip;
187
    }
188
}
189
 
190
if (!preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $raw_ip)) $raw_ip = '0.0.0.0';
191
if (!preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $hdr_ip)) $hdr_ip = '0.0.0.0';
192
 
193
// Define some constants
194
define('USER_GAL_CAT', 1);
195
define('FIRST_USER_CAT', 10000);
196
define('RANDPOS_MAX_PIC', 200);
197
define('TEMPLATE_FILE', 'template.html');
198
// Constants used by the cpg_die function
199
define('INFORMATION', 1);
200
define('ERROR', 2);
201
define('CRITICAL_ERROR', 3);
202
 
203
// Include config and functions files
204
if(file_exists('include/config.inc.php')){
205
  require 'include/config.inc.php';
206
} else {
207
  // error handling: if the config file doesn't exist go to install
208
  print <<< EOT
209
<html>
210
    <head>
211
      <title>Coppermine not installed yet</title>
212
      <meta http-equiv="refresh" content="10;url=install.php">
213
      <style type="text/css">
214
      <!--
215
      body { font-size: 12px; background: #FFFFFF; margin: 20%; color: black; font-family: verdana, arial, helvetica, sans-serif;}
216
      -->
217
      </style>
218
    </head>
219
    <body>
220
      <img src="images/coppermine_logo.png" alt="Coppermine Photo Gallery - Your Online Photo Gallery" /><br />
221
      Coppermine Photo Gallery seems not to be installed correctly, or you're running coppermine for the first time. You'll be redirected to the installer. If your browser doesn't support redirect, click <a href="install.php">here</a>.
222
    </body>
223
</html>
224
EOT;
225
  die();
226
}
227
require 'include/functions.inc.php';
228
 
229
$CONFIG['TABLE_PICTURES']        = $CONFIG['TABLE_PREFIX']."pictures";
230
$CONFIG['TABLE_ALBUMS']                = $CONFIG['TABLE_PREFIX']."albums";
231
$CONFIG['TABLE_COMMENTS']        = $CONFIG['TABLE_PREFIX']."comments";
232
$CONFIG['TABLE_CATEGORIES']        = $CONFIG['TABLE_PREFIX']."categories";
233
$CONFIG['TABLE_CONFIG']                = $CONFIG['TABLE_PREFIX']."config";
234
$CONFIG['TABLE_USERGROUPS']        = $CONFIG['TABLE_PREFIX']."usergroups";
235
$CONFIG['TABLE_VOTES']                = $CONFIG['TABLE_PREFIX']."votes";
236
$CONFIG['TABLE_USERS']                = $CONFIG['TABLE_PREFIX']."users";
237
$CONFIG['TABLE_BANNED']                = $CONFIG['TABLE_PREFIX']."banned";
238
$CONFIG['TABLE_EXIF']                = $CONFIG['TABLE_PREFIX']."exif";
239
$CONFIG['TABLE_FILETYPES']          = $CONFIG['TABLE_PREFIX']."filetypes";
240
$CONFIG['TABLE_ECARDS']          = $CONFIG['TABLE_PREFIX']."ecards";
241
$CONFIG['TABLE_TEMPDATA']        = $CONFIG['TABLE_PREFIX']."temp_data";
242
 
243
// User DB system
244
if (defined('UDB_INTEGRATION')) require 'bridge/' . UDB_INTEGRATION . '.inc.php';
245
// Connect to database
246
cpg_db_connect() || die("<b>Coppermine critical error</b>:<br />Unable to connect to database !<br /><br />MySQL said: <b>" . mysql_error() . "</b>");
247
// Retrieve DB stored configuration
248
$results = db_query("SELECT * FROM {$CONFIG['TABLE_CONFIG']}");
249
while ($row = mysql_fetch_array($results)) {
250
    $CONFIG[$row['name']] = $row['value'];
251
} // while
252
mysql_free_result($results);
253
 
254
require 'include/media.functions.inc.php';
255
 
256
// Parse cookie stored user profile
257
user_get_profile();
258
// Authenticate
259
if (defined('UDB_INTEGRATION')) {
260
    udb_authenticate();
261
} else {
262
    if (!isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid']) || !isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass'])) {
263
        $cookie_uid = 0;
264
        $cookie_pass = '*';
265
    } else {
266
        $cookie_uid = (int)$HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid'];
267
        $cookie_pass = substr(addslashes($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass']), 0, 32);
268
    }
269
 
270
    $sql = "SELECT * " . "FROM {$CONFIG['TABLE_USERS']} WHERE user_id='$cookie_uid'" . "AND user_active = 'YES' " . "AND user_password != '' " . "AND BINARY MD5(user_password) = '$cookie_pass'";
271
    $results = db_query($sql);
272
 
273
    if (mysql_num_rows($results)) {
274
        $USER_DATA = mysql_fetch_assoc($results);
275
        //unset($USER_DATA['user_password']);
276
        $USER_DATA['user_password'] = '********';
277
 
278
                $USER_DATA = $USER_DATA + cpgGetUserData($USER_DATA['user_group'], explode(',', $USER_DATA['user_group_list']));
279
 
280
        define('USER_ID', (int)$USER_DATA['user_id']);
281
        define('USER_NAME', $USER_DATA['user_name']);
282
        define('USER_GROUP', $USER_DATA['group_name']);
283
        define('USER_GROUP_SET', '(' . implode(',', $USER_DATA['groups']) . ')');
284
        define('USER_IS_ADMIN', (int)$USER_DATA['has_admin_access']);
285
        define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
286
        define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
287
        define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
288
        define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
289
        define('USER_CAN_CREATE_ALBUMS', (int)$USER_DATA['can_create_albums']);
290
        define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
291
        define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
292
        define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
293
        define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
294
        mysql_free_result($results);
295
    } else {
296
        $USER_DATA = cpgGetUserData(3, array(3));
297
        define('USER_ID', 0);
298
        define('USER_NAME', 'Anonymous');
299
        define('USER_GROUP', $USER_DATA['group_name']);
300
        define('USER_GROUP_SET', '(' . $USER_DATA['group_id'] . ')');
301
        define('USER_IS_ADMIN', 0);
302
        define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
303
        define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
304
        define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
305
        define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
306
        define('USER_CAN_CREATE_ALBUMS', 0);
307
        define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
308
        define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
309
        define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
310
        define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
311
        mysql_free_result($results);
312
    }
313
}
314
// Test if admin mode
315
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
316
define('GALLERY_ADMIN_MODE', USER_IS_ADMIN && $USER['am']);
317
define('USER_ADMIN_MODE', USER_ID && USER_CAN_CREATE_ALBUMS && $USER['am'] && !GALLERY_ADMIN_MODE);
318
// Set error logging level
319
if ($CONFIG['debug_notice']==1 && ($CONFIG['debug_mode']==1 || ($CONFIG['debug_mode']==2 && GALLERY_ADMIN_MODE ))) {
320
    error_reporting (E_ALL);
321
} else {
322
    error_reporting (E_ALL ^ E_NOTICE);
323
}
324
 
325
 
326
// Process theme selection if present in URI or in user profile
327
if (!empty($HTTP_GET_VARS['theme'])) {
328
    $USER['theme'] = $HTTP_GET_VARS['theme'];
329
}
330
// Load theme file
331
if (isset($USER['theme']) && !strstr($USER['theme'], '/') && is_dir('themes/' . $USER['theme'])) {
332
    $CONFIG['theme'] = strtr($USER['theme'], '$/\\:*?"\'<>|`', '____________');
333
} else {
334
    unset($USER['theme']);
335
}
336
 
337
if (!file_exists("themes/{$CONFIG['theme']}/theme.php")) $CONFIG['theme'] = 'classic';
338
require "themes/{$CONFIG['theme']}/theme.php";
339
$THEME_DIR = "themes/{$CONFIG['theme']}/";
340
// Process language selection if present in URI or in user profile or try
341
// autodetection if default charset is utf-8
342
if (!empty($HTTP_GET_VARS['lang'])) {
343
    $USER['lang'] = $HTTP_GET_VARS['lang'];
344
}
345
 
346
if (isset($USER['lang']) && !strstr($USER['lang'], '/') && file_exists('lang/' . $USER['lang'] . '.php')) {
347
    $CONFIG['default_lang'] = $CONFIG['lang'];          // Save default language
348
    $CONFIG['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________');
349
} elseif ($CONFIG['charset'] == 'utf-8') {
350
    include('include/select_lang.inc.php');
351
    if (file_exists('lang/' . $USER['lang'] . '.php')) {
352
        $CONFIG['default_lang'] = $CONFIG['lang'];      // Save default language
353
        $CONFIG['lang'] = $USER['lang'];
354
    }
355
} else {
356
    unset($USER['lang']);
357
}
358
 
359
if (!file_exists("lang/{$CONFIG['lang']}.php")) $CONFIG['lang'] = 'english';
360
require "lang/{$CONFIG['lang']}.php";
361
// See if the fav cookie is set else set it
362
if (isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_fav'])) {
363
    $FAVPICS = @unserialize(@base64_decode($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_fav']));
364
    foreach ($FAVPICS as $key => $id ){
365
        $FAVPICS[$key] = (int)$id; //protect against sql injection attacks
366
    }
367
} else {
368
    $FAVPICS = array();
369
}
370
// load the main template
371
load_template();
372
// Remove expired bans
373
$now = date('Y-m-d H:i:s');
374
db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE expiry < '$now'");
375
// Check if the user is banned
376
$user_id = USER_ID;
377
$result = db_query("SELECT * FROM {$CONFIG['TABLE_BANNED']} WHERE ip_addr='$raw_ip' OR ip_addr='$hdr_ip' OR user_id=$user_id");
378
if (mysql_num_rows($result)) {
379
    pageheader($lang_error);
380
    msg_box($lang_info, $lang_errors['banned']);
381
    pagefooter();
382
    exit;
383
}
384
mysql_free_result($result);
385
// Retrieve the "private" album set
386
if (!GALLERY_ADMIN_MODE && $CONFIG['allow_private_albums']) get_private_album_set();
387
 
388
if (!USER_IS_ADMIN && $CONFIG['offline'] && !strstr($_SERVER["SCRIPT_NAME"],'login')) {
389
pageheader($lang_errors['offline_title']);
390
msg_box($lang_errors['offline_title'], $lang_errors['offline_text']);
391
pagefooter();
392
exit;
393
}
394
 
395
 
396
?>