| 6 |
kaklik |
1 |
<?php
|
|
|
2 |
/*************************
|
|
|
3 |
Coppermine Photo Gallery
|
|
|
4 |
************************
|
|
|
5 |
Copyright (c) 2003-2005 Coppermine Dev Team
|
|
|
6 |
v1.1 originaly written by Gregory DEMAR
|
|
|
7 |
|
|
|
8 |
This program is free software; you can redistribute it and/or modify
|
|
|
9 |
it under the terms of the GNU General Public License as published by
|
|
|
10 |
the Free Software Foundation; either version 2 of the License, or
|
|
|
11 |
(at your option) any later version.
|
|
|
12 |
********************************************
|
|
|
13 |
Coppermine version: 1.3.3
|
|
|
14 |
$Source: /cvsroot/coppermine/stable/include/init.inc.php,v $
|
|
|
15 |
$Revision: 1.15 $
|
|
|
16 |
$Author: gaugau $
|
|
|
17 |
$Date: 2005/04/19 21:54:31 $
|
|
|
18 |
**********************************************/
|
|
|
19 |
|
|
|
20 |
define('COPPERMINE_VERSION', '1.3.3');
|
|
|
21 |
// User database integration
|
|
|
22 |
// Uncomment the applicable line if you want to use it
|
|
|
23 |
// define('UDB_INTEGRATION', 'phpbb');
|
|
|
24 |
// define('UDB_INTEGRATION', 'invisionboard');
|
|
|
25 |
// define('UDB_INTEGRATION', 'vbulletin23');
|
|
|
26 |
// define('UDB_INTEGRATION', 'vbulletin30');
|
|
|
27 |
// define('UDB_INTEGRATION', 'yabbse');
|
|
|
28 |
// define('UDB_INTEGRATION', 'smf');
|
|
|
29 |
// define('UDB_INTEGRATION', 'woltlab21');
|
|
|
30 |
// define('UDB_INTEGRATION', 'punbb');
|
|
|
31 |
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
|
|
|
32 |
// Start output buffering
|
|
|
33 |
ob_start();
|
|
|
34 |
// Report all errors except E_NOTICE
|
|
|
35 |
// This is the default value set in php.ini
|
|
|
36 |
// error_reporting (E_ALL ^ E_NOTICE);
|
|
|
37 |
error_reporting(E_ALL);
|
|
|
38 |
|
|
|
39 |
set_magic_quotes_runtime(0);
|
|
|
40 |
// used for timing purpose
|
|
|
41 |
$query_stats = array();
|
|
|
42 |
$queries = array();
|
|
|
43 |
|
|
|
44 |
// Perform database queries to calculate user's privileges based on group membership
|
|
|
45 |
function cpgGetUserData($pri_group, $groups, $default_group_id = 3)
|
|
|
46 |
{
|
|
|
47 |
|
|
|
48 |
//Parameters :
|
|
|
49 |
// $pri_group (scalar) : Group ID number of the user's 'main' group. This is the group that will be
|
|
|
50 |
// the user's profile display. ($USER_DATA['group_id'])
|
|
|
51 |
//
|
|
|
52 |
// $groups (array) : List of group ids of all the groups that the user is a member of. IF this list
|
|
|
53 |
// does not include the $pri_group, it will be added.
|
|
|
54 |
//
|
|
|
55 |
// $default_group_id (scalar) : The group used as a fall-back if no valid group ids are specified.
|
|
|
56 |
// If this group also does not exist then CPG will abort with a critical
|
|
|
57 |
// error.
|
|
|
58 |
//
|
|
|
59 |
// Returns an array containing most of the data to put into in $USER_DATA.
|
|
|
60 |
|
|
|
61 |
global $CONFIG;
|
|
|
62 |
|
|
|
63 |
foreach ($groups as $key => $val)
|
|
|
64 |
if (!is_numeric($val))
|
|
|
65 |
unset ($groups[$key]);
|
|
|
66 |
if (!in_array($pri_group, $groups)) array_push($groups, $pri_group);
|
|
|
67 |
|
|
|
68 |
$result = db_query("SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, " .
|
|
|
69 |
"MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, " .
|
|
|
70 |
"MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, " .
|
|
|
71 |
"MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, " .
|
|
|
72 |
"MAX(num_URI_upload) as num_URI_upload, " .
|
|
|
73 |
"MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, " .
|
|
|
74 |
"MAX(can_create_albums) as can_create_albums, " .
|
|
|
75 |
"MAX(has_admin_access) as has_admin_access, " .
|
|
|
76 |
"MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as priv_upl_need_approval ".
|
|
|
77 |
"FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id in (" . implode(",", $groups). ")");
|
|
|
78 |
|
|
|
79 |
if (mysql_num_rows($result)) {
|
|
|
80 |
$USER_DATA = mysql_fetch_assoc($result);
|
|
|
81 |
$result = db_query("SELECT group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id= " . $pri_group);
|
|
|
82 |
$temp_arr = mysql_fetch_assoc($result);
|
|
|
83 |
$USER_DATA["group_name"] = $temp_arr["group_name"];
|
|
|
84 |
} else {
|
|
|
85 |
$result = db_query("SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = $default_group_id");
|
|
|
86 |
if (!mysql_num_rows($resultt)) die('<b>Coppermine critical error</b>:<br />The group table does not contain the Anonymous group !');
|
|
|
87 |
$USER_DATA = mysql_fetch_assoc($result);
|
|
|
88 |
}
|
|
|
89 |
mysql_free_result($result);
|
|
|
90 |
|
|
|
91 |
if ( $USER_DATA['ufc_max'] == $USER_DATA['ufc_min'] ) {
|
|
|
92 |
$USER_DATA["upload_form_config"] = $USER_DATA['ufc_min'];
|
|
|
93 |
} elseif ($USER_DATA['ufc_min'] == 0) {
|
|
|
94 |
$USER_DATA["upload_form_config"] = $USER_DATA['ufc_max'];
|
|
|
95 |
} elseif ((($USER_DATA['ufc_max'] == 2) or ($USER_DATA['ufc_max'] == 3)) and ($USER_DATA['ufc_min'] == 1)) {
|
|
|
96 |
$USER_DATA["upload_form_config"] = 3;
|
|
|
97 |
} elseif (($USER_DATA['ufc_max'] == 3) and ($USER_DATA['ufc_min'] == 2)) {
|
|
|
98 |
$USER_DATA["upload_form_config"] = 3;
|
|
|
99 |
} else {
|
|
|
100 |
$USER_DATA["upload_form_config"] = 0;
|
|
|
101 |
}
|
|
|
102 |
$USER_DATA["group_quota"] = ($USER_DATA["disk_min"])?$USER_DATA["disk_max"]:0;
|
|
|
103 |
|
|
|
104 |
$USER_DATA['can_see_all_albums'] = $USER_DATA['has_admin_access'];
|
|
|
105 |
|
|
|
106 |
$USER_DATA["group_id"] = $pri_group;
|
|
|
107 |
$USER_DATA['groups'] = $groups;
|
|
|
108 |
|
|
|
109 |
if (get_magic_quotes_gpc() == 0)
|
|
|
110 |
$USER_DATA['group_name'] = mysql_escape_string($USER_DATA['group_name']);
|
|
|
111 |
|
|
|
112 |
return($USER_DATA);
|
|
|
113 |
}
|
|
|
114 |
|
|
|
115 |
|
|
|
116 |
function cpgGetMicroTime()
|
|
|
117 |
{
|
|
|
118 |
list($usec, $sec) = explode(" ", microtime());
|
|
|
119 |
return ((float)$usec + (float)$sec);
|
|
|
120 |
}
|
|
|
121 |
$time_start = cpgGetMicroTime();
|
|
|
122 |
// Do some cleanup in GET, POST and cookie data and un-register global vars
|
|
|
123 |
$HTML_SUBST = array('"' => '"', '<' => '<', '>' => '>');
|
|
|
124 |
if (get_magic_quotes_gpc()) {
|
|
|
125 |
if (is_array($HTTP_POST_VARS)) {
|
|
|
126 |
foreach ($HTTP_POST_VARS as $key => $value) {
|
|
|
127 |
if (!is_array($value))
|
|
|
128 |
$HTTP_POST_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
|
|
|
129 |
if (isset($$key)) unset($$key);
|
|
|
130 |
}
|
|
|
131 |
}
|
|
|
132 |
|
|
|
133 |
if (is_array($HTTP_GET_VARS)) {
|
|
|
134 |
foreach ($HTTP_GET_VARS as $key => $value) {
|
|
|
135 |
$HTTP_GET_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
|
|
|
136 |
if (isset($$key)) unset($$key);
|
|
|
137 |
}
|
|
|
138 |
}
|
|
|
139 |
|
|
|
140 |
if (is_array($HTTP_COOKIE_VARS)) {
|
|
|
141 |
foreach ($HTTP_COOKIE_VARS as $key => $value) {
|
|
|
142 |
if (!is_array($value))
|
|
|
143 |
$HTTP_COOKIE_VARS[$key] = stripslashes($value);
|
|
|
144 |
if (isset($$key)) unset($$key);
|
|
|
145 |
}
|
|
|
146 |
}
|
|
|
147 |
} else {
|
|
|
148 |
if (is_array($HTTP_POST_VARS)) {
|
|
|
149 |
foreach ($HTTP_POST_VARS as $key => $value) {
|
|
|
150 |
if (!is_array($value))
|
|
|
151 |
$HTTP_POST_VARS[$key] = strtr($value, $HTML_SUBST);
|
|
|
152 |
if (isset($$key)) unset($$key);
|
|
|
153 |
}
|
|
|
154 |
}
|
|
|
155 |
|
|
|
156 |
if (is_array($HTTP_GET_VARS)) {
|
|
|
157 |
foreach ($HTTP_GET_VARS as $key => $value) {
|
|
|
158 |
$HTTP_GET_VARS[$key] = strtr($value, $HTML_SUBST);
|
|
|
159 |
if (isset($$key)) unset($$key);
|
|
|
160 |
}
|
|
|
161 |
}
|
|
|
162 |
|
|
|
163 |
if (is_array($HTTP_COOKIE_VARS)) {
|
|
|
164 |
foreach ($HTTP_COOKIE_VARS as $key => $value) {
|
|
|
165 |
if (isset($$key)) unset($$key);
|
|
|
166 |
}
|
|
|
167 |
}
|
|
|
168 |
}
|
|
|
169 |
// Initialise the $CONFIG array and some other variables
|
|
|
170 |
$CONFIG = array();
|
|
|
171 |
$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];
|
|
|
172 |
$REFERER = urlencode($PHP_SELF . (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING'] ? '?' . $HTTP_SERVER_VARS['QUERY_STRING'] : ''));
|
|
|
173 |
$ALBUM_SET = '';
|
|
|
174 |
$FORBIDDEN_SET = '';
|
|
|
175 |
$CURRENT_CAT_NAME = '';
|
|
|
176 |
$CAT_LIST = '';
|
|
|
177 |
// Record User's IP address
|
|
|
178 |
$raw_ip = stripslashes($HTTP_SERVER_VARS['REMOTE_ADDR']);
|
|
|
179 |
|
|
|
180 |
if (isset($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
|
|
|
181 |
$hdr_ip = stripslashes($HTTP_SERVER_VARS['HTTP_CLIENT_IP']);
|
|
|
182 |
} else {
|
|
|
183 |
if (isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
|
|
|
184 |
$hdr_ip = stripslashes($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
|
|
|
185 |
} else {
|
|
|
186 |
$hdr_ip = $raw_ip;
|
|
|
187 |
}
|
|
|
188 |
}
|
|
|
189 |
|
|
|
190 |
if (!preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $raw_ip)) $raw_ip = '0.0.0.0';
|
|
|
191 |
if (!preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $hdr_ip)) $hdr_ip = '0.0.0.0';
|
|
|
192 |
|
|
|
193 |
// Define some constants
|
|
|
194 |
define('USER_GAL_CAT', 1);
|
|
|
195 |
define('FIRST_USER_CAT', 10000);
|
|
|
196 |
define('RANDPOS_MAX_PIC', 200);
|
|
|
197 |
define('TEMPLATE_FILE', 'template.html');
|
|
|
198 |
// Constants used by the cpg_die function
|
|
|
199 |
define('INFORMATION', 1);
|
|
|
200 |
define('ERROR', 2);
|
|
|
201 |
define('CRITICAL_ERROR', 3);
|
|
|
202 |
|
|
|
203 |
// Include config and functions files
|
|
|
204 |
if(file_exists('include/config.inc.php')){
|
|
|
205 |
require 'include/config.inc.php';
|
|
|
206 |
} else {
|
|
|
207 |
// error handling: if the config file doesn't exist go to install
|
|
|
208 |
print <<< EOT
|
|
|
209 |
<html>
|
|
|
210 |
<head>
|
|
|
211 |
<title>Coppermine not installed yet</title>
|
|
|
212 |
<meta http-equiv="refresh" content="10;url=install.php">
|
|
|
213 |
<style type="text/css">
|
|
|
214 |
<!--
|
|
|
215 |
body { font-size: 12px; background: #FFFFFF; margin: 20%; color: black; font-family: verdana, arial, helvetica, sans-serif;}
|
|
|
216 |
-->
|
|
|
217 |
</style>
|
|
|
218 |
</head>
|
|
|
219 |
<body>
|
|
|
220 |
<img src="images/coppermine_logo.png" alt="Coppermine Photo Gallery - Your Online Photo Gallery" /><br />
|
|
|
221 |
Coppermine Photo Gallery seems not to be installed correctly, or you're running coppermine for the first time. You'll be redirected to the installer. If your browser doesn't support redirect, click <a href="install.php">here</a>.
|
|
|
222 |
</body>
|
|
|
223 |
</html>
|
|
|
224 |
EOT;
|
|
|
225 |
die();
|
|
|
226 |
}
|
|
|
227 |
require 'include/functions.inc.php';
|
|
|
228 |
|
|
|
229 |
$CONFIG['TABLE_PICTURES'] = $CONFIG['TABLE_PREFIX']."pictures";
|
|
|
230 |
$CONFIG['TABLE_ALBUMS'] = $CONFIG['TABLE_PREFIX']."albums";
|
|
|
231 |
$CONFIG['TABLE_COMMENTS'] = $CONFIG['TABLE_PREFIX']."comments";
|
|
|
232 |
$CONFIG['TABLE_CATEGORIES'] = $CONFIG['TABLE_PREFIX']."categories";
|
|
|
233 |
$CONFIG['TABLE_CONFIG'] = $CONFIG['TABLE_PREFIX']."config";
|
|
|
234 |
$CONFIG['TABLE_USERGROUPS'] = $CONFIG['TABLE_PREFIX']."usergroups";
|
|
|
235 |
$CONFIG['TABLE_VOTES'] = $CONFIG['TABLE_PREFIX']."votes";
|
|
|
236 |
$CONFIG['TABLE_USERS'] = $CONFIG['TABLE_PREFIX']."users";
|
|
|
237 |
$CONFIG['TABLE_BANNED'] = $CONFIG['TABLE_PREFIX']."banned";
|
|
|
238 |
$CONFIG['TABLE_EXIF'] = $CONFIG['TABLE_PREFIX']."exif";
|
|
|
239 |
$CONFIG['TABLE_FILETYPES'] = $CONFIG['TABLE_PREFIX']."filetypes";
|
|
|
240 |
$CONFIG['TABLE_ECARDS'] = $CONFIG['TABLE_PREFIX']."ecards";
|
|
|
241 |
$CONFIG['TABLE_TEMPDATA'] = $CONFIG['TABLE_PREFIX']."temp_data";
|
|
|
242 |
|
|
|
243 |
// User DB system
|
|
|
244 |
if (defined('UDB_INTEGRATION')) require 'bridge/' . UDB_INTEGRATION . '.inc.php';
|
|
|
245 |
// Connect to database
|
|
|
246 |
cpg_db_connect() || die("<b>Coppermine critical error</b>:<br />Unable to connect to database !<br /><br />MySQL said: <b>" . mysql_error() . "</b>");
|
|
|
247 |
// Retrieve DB stored configuration
|
|
|
248 |
$results = db_query("SELECT * FROM {$CONFIG['TABLE_CONFIG']}");
|
|
|
249 |
while ($row = mysql_fetch_array($results)) {
|
|
|
250 |
$CONFIG[$row['name']] = $row['value'];
|
|
|
251 |
} // while
|
|
|
252 |
mysql_free_result($results);
|
|
|
253 |
|
|
|
254 |
require 'include/media.functions.inc.php';
|
|
|
255 |
|
|
|
256 |
// Parse cookie stored user profile
|
|
|
257 |
user_get_profile();
|
|
|
258 |
// Authenticate
|
|
|
259 |
if (defined('UDB_INTEGRATION')) {
|
|
|
260 |
udb_authenticate();
|
|
|
261 |
} else {
|
|
|
262 |
if (!isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid']) || !isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass'])) {
|
|
|
263 |
$cookie_uid = 0;
|
|
|
264 |
$cookie_pass = '*';
|
|
|
265 |
} else {
|
|
|
266 |
$cookie_uid = (int)$HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid'];
|
|
|
267 |
$cookie_pass = substr(addslashes($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass']), 0, 32);
|
|
|
268 |
}
|
|
|
269 |
|
|
|
270 |
$sql = "SELECT * " . "FROM {$CONFIG['TABLE_USERS']} WHERE user_id='$cookie_uid'" . "AND user_active = 'YES' " . "AND user_password != '' " . "AND BINARY MD5(user_password) = '$cookie_pass'";
|
|
|
271 |
$results = db_query($sql);
|
|
|
272 |
|
|
|
273 |
if (mysql_num_rows($results)) {
|
|
|
274 |
$USER_DATA = mysql_fetch_assoc($results);
|
|
|
275 |
//unset($USER_DATA['user_password']);
|
|
|
276 |
$USER_DATA['user_password'] = '********';
|
|
|
277 |
|
|
|
278 |
$USER_DATA = $USER_DATA + cpgGetUserData($USER_DATA['user_group'], explode(',', $USER_DATA['user_group_list']));
|
|
|
279 |
|
|
|
280 |
define('USER_ID', (int)$USER_DATA['user_id']);
|
|
|
281 |
define('USER_NAME', $USER_DATA['user_name']);
|
|
|
282 |
define('USER_GROUP', $USER_DATA['group_name']);
|
|
|
283 |
define('USER_GROUP_SET', '(' . implode(',', $USER_DATA['groups']) . ')');
|
|
|
284 |
define('USER_IS_ADMIN', (int)$USER_DATA['has_admin_access']);
|
|
|
285 |
define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
|
|
|
286 |
define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
|
|
|
287 |
define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
|
|
|
288 |
define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
|
|
|
289 |
define('USER_CAN_CREATE_ALBUMS', (int)$USER_DATA['can_create_albums']);
|
|
|
290 |
define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
|
|
|
291 |
define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
|
|
|
292 |
define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
|
|
|
293 |
define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
|
|
|
294 |
mysql_free_result($results);
|
|
|
295 |
} else {
|
|
|
296 |
$USER_DATA = cpgGetUserData(3, array(3));
|
|
|
297 |
define('USER_ID', 0);
|
|
|
298 |
define('USER_NAME', 'Anonymous');
|
|
|
299 |
define('USER_GROUP', $USER_DATA['group_name']);
|
|
|
300 |
define('USER_GROUP_SET', '(' . $USER_DATA['group_id'] . ')');
|
|
|
301 |
define('USER_IS_ADMIN', 0);
|
|
|
302 |
define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
|
|
|
303 |
define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
|
|
|
304 |
define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
|
|
|
305 |
define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
|
|
|
306 |
define('USER_CAN_CREATE_ALBUMS', 0);
|
|
|
307 |
define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
|
|
|
308 |
define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
|
|
|
309 |
define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
|
|
|
310 |
define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
|
|
|
311 |
mysql_free_result($results);
|
|
|
312 |
}
|
|
|
313 |
}
|
|
|
314 |
// Test if admin mode
|
|
|
315 |
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
|
|
|
316 |
define('GALLERY_ADMIN_MODE', USER_IS_ADMIN && $USER['am']);
|
|
|
317 |
define('USER_ADMIN_MODE', USER_ID && USER_CAN_CREATE_ALBUMS && $USER['am'] && !GALLERY_ADMIN_MODE);
|
|
|
318 |
// Set error logging level
|
|
|
319 |
if ($CONFIG['debug_notice']==1 && ($CONFIG['debug_mode']==1 || ($CONFIG['debug_mode']==2 && GALLERY_ADMIN_MODE ))) {
|
|
|
320 |
error_reporting (E_ALL);
|
|
|
321 |
} else {
|
|
|
322 |
error_reporting (E_ALL ^ E_NOTICE);
|
|
|
323 |
}
|
|
|
324 |
|
|
|
325 |
|
|
|
326 |
// Process theme selection if present in URI or in user profile
|
|
|
327 |
if (!empty($HTTP_GET_VARS['theme'])) {
|
|
|
328 |
$USER['theme'] = $HTTP_GET_VARS['theme'];
|
|
|
329 |
}
|
|
|
330 |
// Load theme file
|
|
|
331 |
if (isset($USER['theme']) && !strstr($USER['theme'], '/') && is_dir('themes/' . $USER['theme'])) {
|
|
|
332 |
$CONFIG['theme'] = strtr($USER['theme'], '$/\\:*?"\'<>|`', '____________');
|
|
|
333 |
} else {
|
|
|
334 |
unset($USER['theme']);
|
|
|
335 |
}
|
|
|
336 |
|
|
|
337 |
if (!file_exists("themes/{$CONFIG['theme']}/theme.php")) $CONFIG['theme'] = 'classic';
|
|
|
338 |
require "themes/{$CONFIG['theme']}/theme.php";
|
|
|
339 |
$THEME_DIR = "themes/{$CONFIG['theme']}/";
|
|
|
340 |
// Process language selection if present in URI or in user profile or try
|
|
|
341 |
// autodetection if default charset is utf-8
|
|
|
342 |
if (!empty($HTTP_GET_VARS['lang'])) {
|
|
|
343 |
$USER['lang'] = $HTTP_GET_VARS['lang'];
|
|
|
344 |
}
|
|
|
345 |
|
|
|
346 |
if (isset($USER['lang']) && !strstr($USER['lang'], '/') && file_exists('lang/' . $USER['lang'] . '.php')) {
|
|
|
347 |
$CONFIG['default_lang'] = $CONFIG['lang']; // Save default language
|
|
|
348 |
$CONFIG['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________');
|
|
|
349 |
} elseif ($CONFIG['charset'] == 'utf-8') {
|
|
|
350 |
include('include/select_lang.inc.php');
|
|
|
351 |
if (file_exists('lang/' . $USER['lang'] . '.php')) {
|
|
|
352 |
$CONFIG['default_lang'] = $CONFIG['lang']; // Save default language
|
|
|
353 |
$CONFIG['lang'] = $USER['lang'];
|
|
|
354 |
}
|
|
|
355 |
} else {
|
|
|
356 |
unset($USER['lang']);
|
|
|
357 |
}
|
|
|
358 |
|
|
|
359 |
if (!file_exists("lang/{$CONFIG['lang']}.php")) $CONFIG['lang'] = 'english';
|
|
|
360 |
require "lang/{$CONFIG['lang']}.php";
|
|
|
361 |
// See if the fav cookie is set else set it
|
|
|
362 |
if (isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_fav'])) {
|
|
|
363 |
$FAVPICS = @unserialize(@base64_decode($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_fav']));
|
|
|
364 |
foreach ($FAVPICS as $key => $id ){
|
|
|
365 |
$FAVPICS[$key] = (int)$id; //protect against sql injection attacks
|
|
|
366 |
}
|
|
|
367 |
} else {
|
|
|
368 |
$FAVPICS = array();
|
|
|
369 |
}
|
|
|
370 |
// load the main template
|
|
|
371 |
load_template();
|
|
|
372 |
// Remove expired bans
|
|
|
373 |
$now = date('Y-m-d H:i:s');
|
|
|
374 |
db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE expiry < '$now'");
|
|
|
375 |
// Check if the user is banned
|
|
|
376 |
$user_id = USER_ID;
|
|
|
377 |
$result = db_query("SELECT * FROM {$CONFIG['TABLE_BANNED']} WHERE ip_addr='$raw_ip' OR ip_addr='$hdr_ip' OR user_id=$user_id");
|
|
|
378 |
if (mysql_num_rows($result)) {
|
|
|
379 |
pageheader($lang_error);
|
|
|
380 |
msg_box($lang_info, $lang_errors['banned']);
|
|
|
381 |
pagefooter();
|
|
|
382 |
exit;
|
|
|
383 |
}
|
|
|
384 |
mysql_free_result($result);
|
|
|
385 |
// Retrieve the "private" album set
|
|
|
386 |
if (!GALLERY_ADMIN_MODE && $CONFIG['allow_private_albums']) get_private_album_set();
|
|
|
387 |
|
|
|
388 |
if (!USER_IS_ADMIN && $CONFIG['offline'] && !strstr($_SERVER["SCRIPT_NAME"],'login')) {
|
|
|
389 |
pageheader($lang_errors['offline_title']);
|
|
|
390 |
msg_box($lang_errors['offline_title'], $lang_errors['offline_text']);
|
|
|
391 |
pagefooter();
|
|
|
392 |
exit;
|
|
|
393 |
}
|
|
|
394 |
|
|
|
395 |
|
|
|
396 |
?>
|