Subversion Repositories svnkaklik

Rev

Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
/*************************
3
  Coppermine Photo Gallery
4
  ************************
5
  Copyright (c) 2003-2005 Coppermine Dev Team
6
  v1.1 originaly written by Gregory DEMAR
7
 
8
  This program is free software; you can redistribute it and/or modify
9
  it under the terms of the GNU General Public License as published by
10
  the Free Software Foundation; either version 2 of the License, or
11
  (at your option) any later version.
12
  ********************************************
13
  Coppermine version: 1.3.3
14
  $Source: /cvsroot/coppermine/stable/xp_publish.php,v $
15
  $Revision: 1.8 $
16
  $Author: gaugau $
17
  $Date: 2005/04/19 03:17:11 $
18
  **********************************************
19
  Coppermine Windows XP Web Publishing Wizard Client
20
  Based on the article posted by Sebastian Delmont
21
  http://www.zonageek.com/code/misc/wizards/
22
  **********************************************
23
  Other information can be found on Microsoft web site
24
  http://www.microsoft.com/whdc/hwdev/tech/WIA/imaging/webwizard.mspx
25
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/shell/programmersguide/shell_basics/shell_basics_extending/publishing_wizard/pubwiz_intro.asp
26
  **********************************************
27
  Original implementation comes from Gallery
28
  http://gallery.menalto.com
29
  **********************************************/
30
 
31
// Declare we are in Coppermine.
32
define('IN_COPPERMINE', true);
33
 
34
// Set the language block.
35
define('XP_PUBLISH_PHP', true);
36
 
37
// Language file entry for xp_publish.php
38
// You can copy and paste the code below in your language file and translate it.
39
// ------------------------------------------------------------------------- //
40
// File xp_publish.php
41
// ------------------------------------------------------------------------- //
42
if (defined('XP_PUBLISH_PHP')) $lang_xp_publish_php = array('title' => 'Coppermine - XP Web Publishing Wizard',
43
        'welcome' => 'Welcome <b>%s</b>,',
44
        'need_login' => 'You need to login to the gallery using your web browser before you can use this wizard.<p/><p>When you login don\'t forget to select the <b>remember me</b> option if it is present.',
45
        'no_alb' => 'Sorry but there is no album where you are allowed to upload pictures with this wizard.',
46
        'upload' => 'Upload your pictures into an existing album',
47
        'create_new' => 'Create a new album for your pictures',
48
        'album' => 'Album',
49
        'category' => 'Category',
50
        'new_alb_created' => 'Your new album &quot;<b>%s</b>&quot; was created.',
51
        'continue' => 'Press &quot;Next&quot; to start to upload your pictures',
52
        );
53
// ------------------------------------------------------------------------- //
54
 
55
// Activate more language block sets.
56
define('LOGIN_PHP', true);
57
define('DB_INPUT_PHP', true);
58
define('ALBMGR_PHP', true);
59
 
60
 
61
// Call necessaryy files and subroutines.
62
require('include/init.inc.php');
63
require('include/picmgmt.inc.php');
64
 
65
// Set the log file path.
66
define('LOGFILE', 'xp_publish.log');
67
// ------------------------------------------------------------------------- //
68
 
69
// HTML template for the login screen
70
$template_login = <<<EOT
71
        <p><b>{ENTER_LOGIN_PSWD}</b></p>
72
        <form method="post" id="login" action="{POST_ACTION}">
73
            <table border="0" cellpadding="0" cellspasing="0">
74
                <tr>
75
                        <td>{USERNAME}:&nbsp;</td>
76
                        <td><input type="text" name="username" value="" maxlength="25" /></td>
77
                </tr>
78
                <tr>
79
                        <td>{PASSWORD}:&nbsp;</td>
80
                        <td><input type="password" name="password" value="" maxlength="25" /></td>
81
            </tr>
82
            </table>
83
        </form>
84
EOT;
85
 
86
// HTML template for a successful login
87
$template_login_success = <<< EOT
88
        <p>{WELCOME}</p>
89
        <form method="post" id="dummy" action="{POST_ACTION}">
90
                <input type="hidden" name="dummy_val" value="1" />
91
        </form>
92
<script language="javascript">
93
dummy.submit();
94
</script>
95
EOT;
96
// HTML template for an unsuccessful login
97
$template_login_failure = <<< EOT
98
        <p>{ERROR}</p>
99
        <form method="post" id="dummy" action="{POST_ACTION}">
100
                <input type="hidden" name="dummy_val" value="1" />
101
        </form>
102
EOT;
103
 
104
// HTML template for the select destination/create new album screen
105
$template_select_album = <<<EOT
106
        <p>{WELCOME}</p>
107
        <br />
108
<!-- BEGIN no_album -->
109
        <p>{NO_ALBUM}</p>
110
<!-- END no_album -->
111
   <table border="0" cellpadding="0" cellspasing="0">
112
<!-- BEGIN existing_albums -->
113
        <tr>
114
                <td colspan="2"><b>{UPLOAD}</b></td>
115
        </tr>
116
        <form id="selform">
117
    <tr>
118
                <td>{ALBUM}: &nbsp;</td>
119
                <td><select id="album" name="album">{SELECT_ALBUM}</select></td>
120
        </tr>
121
        </form>
122
        <tr>
123
                <td>&nbsp;</td>
124
        </tr>
125
<!-- END existing_albums -->
126
<!-- BEGIN create_album -->
127
        <form method="post" id="createAlb" action="{POST_ACTION}">
128
        <tr>
129
                <td colspan="2"><b>{CREATE_NEW}</b></td>
130
        </tr>
131
    <tr>
132
                <td>{ALBUM}: &nbsp;</td>
133
                <td><input type="text" id="newAlbName" name="new_alb_name" value="" maxlength="255" /></td>
134
        </tr>
135
<!-- BEGIN select_category -->
136
        <tr>
137
                <td>{CATEGORY}: &nbsp;</td>
138
                <td><select name="cat">{SELECT_CATEGORY}</select></td>
139
        </tr>
140
<!-- END select_category -->
141
        </form>
142
<!-- END create_album -->
143
        </table>
144
 
145
EOT;
146
// HTML template for a successful album creation
147
$template_create_album = <<<EOT
148
        <p>{NEW_ALB_CREATED}</p>
149
        <p>{CONTINUE}</p>
150
        <form id="selform">
151
                <input type="hidden" id="album" name="album" value ="{ALBUM_ID}">
152
        </form>
153
 
154
EOT;
155
// ------------------------------------------------------------------------- //
156
 
157
// Simple die function (replace the cpg_die function that can't be used inside the wizard)
158
function simple_die($msg_code, $msg_text, $error_file, $error_line, $output_buffer = false)
159
{
160
    global $CONFIG, $lang_cpg_die;
161
 
162
    $msg = $lang_cpg_die[$msg_code] . ': ' . $msg_text;
163
 
164
    if (!$CONFIG['debug_mode']) {
165
        $msg .= '(' . $lang_cpg_die['file'] . ': ' . $error_file . ' / ' . $lang_cpg_die['line'] . ': ' . $error_line . ')';
166
    }
167
 
168
    echo $msg;
169
    // If debug mode is active, write the output into a log file
170
    if (!$CONFIG['debug_mode']) {
171
        $ob = ob_get_contents();
172
        fwrite(fopen(LOGFILE, 'w'), $ob);
173
    }
174
 
175
    exit;
176
}
177
// Quote a string in order to make a valid JavaScript string
178
function javascript_string($str)
179
{
180
    // replace \ with \\ and then ' with \'.
181
    $str = str_replace('\\', '\\\\', $str);
182
    $str = str_replace('\'', '\\\'', $str);
183
 
184
    return $str;
185
}
186
 
187
// Retrieve the category list
188
function get_subcat_data($parent, $ident = '')
189
{
190
    global $CONFIG, $CAT_LIST;
191
 
192
    $result = db_query("SELECT cid, name, description FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos");
193
    if (mysql_num_rows($result) > 0) {
194
        $rowset = db_fetch_rowset($result);
195
        foreach ($rowset as $subcat) {
196
            $CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name']);
197
            get_subcat_data($subcat['cid'], $ident . '&nbsp;&nbsp;&nbsp;');
198
        }
199
    }
200
}
201
 
202
// Return the HTML code for the album list select box
203
function html_album_list(&$alb_count)
204
{
205
    global $CONFIG;
206
 
207
    if (USER_IS_ADMIN) {
208
        $public_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title");
209
        if (mysql_num_rows($public_albums)) {
210
            $public_albums_list = db_fetch_rowset($public_albums);
211
        } else {
212
            $public_albums_list = array();
213
        }
214
    } else {
215
        $public_albums_list = array();
216
    }
217
 
218
    if (USER_ID) {
219
        $user_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
220
        if (mysql_num_rows($user_albums)) {
221
            $user_albums_list = db_fetch_rowset($user_albums);
222
        } else {
223
            $user_albums_list = array();
224
        }
225
    } else {
226
        $user_albums_list = array();
227
    }
228
 
229
    $alb_count = count($public_albums_list) + count($user_albums_list);
230
 
231
    $html = "\n";
232
    foreach($user_albums_list as $album) {
233
        $html .= '                        <option value="' . $album['aid'] . '">* ' . $album['title'] . "</option>\n";
234
    }
235
    foreach($public_albums_list as $album) {
236
        $html .= '                        <option value="' . $album['aid'] . '">' . $album['title'] . "</option>\n";
237
    }
238
 
239
    return $html;
240
}
241
// Return the HTML code for the category list select box
242
function html_cat_list()
243
{
244
    global $CONFIG, $CAT_LIST;
245
    global $lang_albmgr_php;
246
 
247
    $CAT_LIST = array();
248
    if (USER_CAN_CREATE_ALBUMS) $CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_albmgr_php['my_gallery']);
249
    $CAT_LIST[] = array(0, $lang_albmgr_php['no_category']);
250
 
251
    get_subcat_data(0, '');
252
 
253
    $html = "\n";
254
    foreach($CAT_LIST as $category) {
255
        $html .= '                        <option value="' . $category[0] . '">' . $category[1] . "</option>\n";
256
    }
257
 
258
    return $html;
259
}
260
 
261
// Display information on how to use/install the wizard client
262
function display_instructions()
263
{
264
    global $PHP_SELF;
265
 
266
    ?>
267
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
268
<html xmlns="http://www.w3.org/1999/xhtml">
269
<head>
270
<title>Coppermine Photo Gallery - XP Publish README</title>
271
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
272
<style type="text/css">
273
<!--
274
body {
275
        font-family : Verdana, Arial, Helvetica, sans-serif;
276
        font-size: 12px;
277
        background : #F7F7F7 ;
278
        color : Black;
279
        margin: 30px;
280
        line-height: 1.5;
281
}
282
 
283
td {
284
        font-size: 12px;
285
}
286
 
287
h1{
288
        font-weight: bold;
289
        font-size: 22px;
290
        font-family: "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif;
291
        text-decoration: none;
292
        line-height : 120%;
293
        color : #000000;
294
}
295
 
296
h2 {
297
        font-family: Arial, Helvetica, sans-serif;
298
        font-size: 18px;
299
        color: #0E72A4;
300
        text-decoration: underline;
301
        margin-top: 20px;
302
        margin-bottom: 10px;
303
}
304
 
305
h3 {
306
        font-weight: bold;
307
        font-family: Verdana, Arial, Helvetica, sans-serif;
308
        font-size: 12px;
309
        text-decoration: underline;
310
}
311
 
312
p {
313
        font-family : Verdana, Arial, Helvetica, sans-serif;
314
        font-size: 12px;
315
        margin: 10px 10px 0px 0px;
316
}
317
 
318
ul {
319
        margin-left: 5px;
320
        margin-right: 0px;
321
        margin-top: 10px;
322
        margin-bottom: 10px;
323
        padding: 0px;
324
        list-style-type: square;
325
}
326
 
327
li {
328
        margin-left: 10px;
329
        margin-top: 6px;
330
        margin-bottom: 6px;
331
        padding: 0px;
332
        list-style-position: outside;
333
}
334
-->
335
</style>
336
<!-- $Id: xp_publish.php,v 1.8 2005/04/19 03:17:11 gaugau Exp $ -->
337
</head>
338
 
339
<body>
340
<h1><img src="images/coppermine_logo.png" width="300" height="75" alt="Coppermine Photo Gallery"/></h1>
341
<h1>XP Web Publishing Wizard Client</h1>
342
<p>This module allows to use <b>Windows XP</b> web publishing wizard with
343
Coppermine.</p>
344
<p>Code is based on article posted by Sebastian Delmont
345
<a href="http://www.zonageek.com/code/misc/wizards/">Creating your own XP Publishing Wizard</a>.</p>
346
 
347
<h2>What is required</h2>
348
<ul>
349
  <li>Windows XP in order to have the wizard.</li>
350
  <li>A working installation of Coppermine on which <b>the web upload function works properly.</b></li>
351
</ul>
352
<h2>How to install on client side</h2>
353
<ul>
354
  <li>Right click on <a href="<?php echo $PHP_SELF ?>?cmd=send_reg">this link</a>. Select &quot;save
355
   target as..&quot;. Save the file on your hard drive. When saving the file, check that the proposed
356
   file name is <b>cpg_###.reg</b> (the ### represents a numerical timestamp). Change it to that name if necessary (leave the numbers). When downloaded, double click on the
357
   file in order to register your server with the web publishing wizard.</li>
358
</ul>
359
<h2>Testing</h2>
360
<ul>
361
  <li>In Windows Explorer, select some files and click on <b>Publish xxx on the web</b>
362
  in the left pane.</li>
363
  <li>Confirm your file selection. Click on <b>Next</b>.</li>
364
  <li>In the list of services that appear, select the one for your photo gallery (it has the name
365
  of your gallery). If the service does not appear, check that you have installed
366
  <b>cpg_pub_wizard.reg</b> as described above.</li>
367
  <li>Input your login information if required.</li>
368
  <li>Select the target album for your pictures or create a new one.</li>
369
  <li>Click on <b>next</b>. The upload of your pictures starts.</li>
370
  <li>When it is completed, check your gallery to see if pictures have been properly added.</li>
371
</ul>
372
<h2>Notes :</h2>
373
<ul>
374
  <li>Once the upload has started, the wizard can't display any error message returned by
375
  the script so you can't know if the upload failed or succeeded until you check your gallery.</li>
376
  <li>If the upload fails, enable &quot;Debug mode&quot; on the Coppermine config page,
377
  try with one single picture and check error messages in the
378
  <a href="<?php echo dirname($PHP_SELF) . '/' . LOGFILE ?>"><?php echo LOGFILE ?></a> file
379
  that is located in Coppermine directory on your server.</li>
380
  <li>In order to avoid that the gallery be <i>flooded</i> by pictures uploaded through the wizard,
381
  only the <b>gallery admins</b> and <b>users that can have their own albums</b> can use this feature.</li>
382
</body>
383
</html>
384
<?php
385
}
386
 
387
// Output page header
388
function output_header()
389
{
390
    global $CONFIG;
391
    global $lang_charset, $lang_text_dir, $lang_xp_publish_php;
392
 
393
    ?>
394
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
395
<html dir="ltr">
396
<head>
397
<title><?php echo $lang_xp_publish_php['title'] ?></title>
398
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'];
399
    ?>" />
400
<style type="text/css">
401
<!--
402
body {
403
        font-family : Verdana, Arial, Helvetica, sans-serif;
404
        font-size: 12px;
405
        background : #FFFFFF ;
406
        color : Black;
407
        margin: 20px;
408
        border: 1px solid #000000;
409
}
410
 
411
td {
412
        font-size: 12px;
413
        padding-top: 5px;
414
        padding-bottom: 0px;
415
}
416
 
417
h1{
418
        font-weight: bold;
419
        font-size: 22px;
420
        font-family: Arial, Helvetica, sans-serif;
421
        text-decoration: none;
422
        line-height : 120%;
423
        color : #0E72A4;
424
}
425
 
426
h2 {
427
        font-family: Arial, Helvetica, sans-serif;
428
        font-size: 18px;
429
        color: #0E72A4;
430
        text-decoration: underline;
431
}
432
 
433
h3 {
434
        font-weight: bold;
435
        font-family: Verdana, Arial, Helvetica, sans-serif;
436
        font-size: 12px;
437
        text-decoration: underline;
438
}
439
 
440
p {
441
        font-family : Verdana, Arial, Helvetica, sans-serif;
442
        font-size: 12px;
443
        margin: 10px 10px 0px 0px;
444
}
445
 
446
ul {
447
        margin-left: 5px;
448
        margin-right: 0px;
449
        margin-top: 10px;
450
        margin-bottom: 10px;
451
        padding: 0px;
452
}
453
 
454
li {
455
        margin-left: 10px;
456
        margin-top: 4px;
457
        margin-bottom: 4px;
458
        padding: 0px;
459
        list-style-position: outside;
460
        list-style-type: disc;
461
}
462
 
463
form {
464
        display: inline;
465
}
466
 
467
input {
468
        width: 200px;
469
}
470
 
471
-->
472
</style>
473
</head>
474
 
475
<body>
476
<h1><?php echo $lang_xp_publish_php['title'] ?></h1>
477
<p></p>
478
<?php
479
}
480
 
481
// Output page footer
482
function output_footer()
483
{
484
    global $WIZARD_BUTTONS, $ONBACK_SCRIPT, $ONNEXT_SCRIPT;
485
    global $HTTP_SERVER_VARS, $PHP_SELF, $CONFIG;
486
 
487
    ?>
488
 
489
<div id="content"></div>
490
 
491
<script language='javascript'>
492
function create_alb() {
493
        if (createAlb.newAlbName.value == ''){
494
                return false;
495
        } else {
496
                createAlb.submit();
497
        }
498
}
499
 
500
function create_alb_or_use_existing() {
501
        if (createAlb.newAlbName.value == ''){
502
                startUpload();
503
        } else {
504
                createAlb.submit();
505
        }
506
}
507
 
508
function startUpload() {
509
        var xml = window.external.Property('TransferManifest');
510
        var files = xml.selectNodes('transfermanifest/filelist/file');
511
 
512
        for (i = 0; i < files.length; i++) {
513
                var postTag = xml.createNode(1, 'post', '');
514
                postTag.setAttribute('href', '<?php echo 'http://' . $HTTP_SERVER_VARS['HTTP_HOST'] . $PHP_SELF . '?cmd=add_picture'?>&album=' + selform.album.value);
515
                postTag.setAttribute('name', 'userpicture');
516
 
517
                var dataTag = xml.createNode(1, 'formdata', '');
518
                dataTag.setAttribute('name', 'MAX_FILE_SIZE');
519
                dataTag.text = '10000000';
520
                postTag.appendChild(dataTag);
521
 
522
                files.item(i).appendChild(postTag);
523
        }
524
 
525
        var uploadTag = xml.createNode(1, 'uploadinfo', '');
526
        uploadTag.setAttribute('friendlyname', '<?php echo javascript_string($CONFIG['gallery_name'])?>');
527
        var htmluiTag = xml.createNode(1, 'htmlui', '');
528
        htmluiTag.text = '<?php echo 'http://' . $HTTP_SERVER_VARS['HTTP_HOST'] . dirname($PHP_SELF) . '/'?>';
529
        uploadTag.appendChild(htmluiTag);
530
 
531
        xml.documentElement.appendChild(uploadTag);
532
 
533
        window.external.Property('TransferManifest')=xml;
534
        window.external.SetWizardButtons(true,true,true);
535
        content.innerHtml=xml;
536
        window.external.FinalNext();
537
}
538
 
539
function OnBack() {
540
        <?php echo $ONBACK_SCRIPT;
541
    ?>
542
        window.external.SetWizardButtons(false,true,false);
543
}
544
 
545
function OnNext() {
546
        <?php echo $ONNEXT_SCRIPT;
547
    ?>
548
}
549
 
550
function OnCancel() {
551
}
552
 
553
function window.onload() {
554
        window.external.SetHeaderText('<?php echo javascript_string($CONFIG['gallery_name'])?>','<?php echo javascript_string($CONFIG['gallery_description'])?>');
555
        window.external.SetWizardButtons(<?php echo $WIZARD_BUTTONS;
556
    ?>);
557
}
558
</script>
559
</body>
560
</html>
561
<?php
562
}
563
 
564
// Send the file needed to register the service under Windows XP
565
function send_reg_file()
566
{
567
    global $CONFIG, $HTTP_SERVER_VARS, $PHP_SELF;
568
 
569
    header("Content-Type: application/octet-stream");
570
    $time_stamp = time();
571
        header("Content-Disposition: attachment; filename=cpg_".$time_stamp.".reg");
572
 
573
    $lines[] = 'Windows Registry Editor Version 5.00';
574
    //$lines[] = '[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\PublishingWizard\Providers\CopperminePhotoGallery]';
575
        $lines[] = '[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\PublishingWizard\Providers\\'. $CONFIG['gallery_name'] .']';
576
    $lines[] = '"displayname"="' . $CONFIG['gallery_name'] . '"';
577
    $lines[] = '"description"="' . $CONFIG['gallery_description'] . '"';
578
    $lines[] = '"href"="' . "http://" . $HTTP_SERVER_VARS['HTTP_HOST'] . $PHP_SELF . '?cmd=publish"';
579
    $lines[] = '"icon"="' . "http://" . $HTTP_SERVER_VARS['HTTP_HOST'] . '/favicon.ico"';
580
    print join("\r\n", $lines);
581
    print "\r\n";
582
    exit;
583
}
584
 
585
// Display the login page
586
function form_login()
587
{
588
    global $PHP_SELF;
589
    global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS;
590
    global $template_login;
591
    global $lang_login_php, $lang_xp_publish_php;
592
 
593
    global $HTTP_COOKIE_VARS;
594
 
595
    if (defined('UDB_INTEGRATION')) {
596
        echo '<p>' . $lang_xp_publish_php['need_login'] . '</p>';
597
        $ONNEXT_SCRIPT = '';
598
        $ONBACK_SCRIPT = 'window.external.FinalBack();';
599
        $WIZARD_BUTTONS = 'false,false,false';
600
        return;
601
    }
602
 
603
    $params = array('{POST_ACTION}' => $PHP_SELF . '?cmd=publish',
604
        '{ENTER_LOGIN_PSWD}' => $lang_login_php['enter_login_pswd'],
605
        '{USERNAME}' => $lang_login_php['username'],
606
        '{PASSWORD}' => $lang_login_php['password'],
607
        );
608
 
609
    echo template_eval($template_login, $params);
610
 
611
    $ONNEXT_SCRIPT = 'login.submit();';
612
    $ONBACK_SCRIPT = 'window.external.FinalBack();';
613
    $WIZARD_BUTTONS = 'true,true,false';
614
}
615
 
616
// Process login information
617
function process_login()
618
{
619
    global $CONFIG, $HTTP_POST_VARS, $PHP_SELF, $USER;
620
    global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS;
621
    global $template_login_success, $template_login_failure;
622
    global $lang_login_php;
623
 
624
    $results = db_query("SELECT user_id, user_name, user_password FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '" . addslashes($HTTP_POST_VARS['username']) . "' AND BINARY user_password = '" . addslashes($HTTP_POST_VARS['password']) . "' AND user_active = 'YES'");
625
    if (mysql_num_rows($results)) {
626
        $USER_DATA = mysql_fetch_array($results);
627
 
628
        $cookie_life_time = 86400;
629
        setcookie($CONFIG['cookie_name'] . '_uid', $USER_DATA['user_id'], time() + $cookie_life_time, $CONFIG['cookie_path']);
630
        setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['password']), time() + $cookie_life_time, $CONFIG['cookie_path']);
631
        $USER['am'] = 1;
632
        user_save_profile();
633
 
634
        $params = array('{WELCOME}' => sprintf($lang_login_php['welcome'], USER_NAME),
635
            '{POST_ACTION}' => $PHP_SELF . '?cmd=publish',
636
            );
637
 
638
        echo template_eval($template_login_success, $params);
639
    } else {
640
        $params = array('{ERROR}' => $lang_login_php['err_login'],
641
            '{POST_ACTION}' => $PHP_SELF . '?cmd=publish',
642
            );
643
 
644
        echo template_eval($template_login_failure, $params);
645
    }
646
 
647
    $ONNEXT_SCRIPT = 'dummy.submit();';
648
    $ONBACK_SCRIPT = 'dummy.submit();';
649
    $WIZARD_BUTTONS = 'true,true,false';
650
}
651
 
652
// Display the form that allows to choose/create the destination album
653
function form_publish()
654
{
655
    global $CONFIG, $CAT_LIST, $PHP_SELF;
656
    global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS;
657
    global $template_select_album;
658
    global $lang_xp_publish_php;
659
 
660
    $alb_count = 0;
661
    $html_album_list = html_album_list($alb_count);
662
    $html_cat_list = html_cat_list();
663
 
664
    if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) {
665
        template_extract_block($template_select_album, 'existing_albums');
666
        template_extract_block($template_select_album, 'create_album');
667
 
668
        $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME),
669
            '{NO_ALBUM}' => $lang_xp_publish_php['no_alb'],
670
            );
671
 
672
        echo template_eval($template_select_album, $params);
673
 
674
        $WIZARD_BUTTONS = "false,false,false";
675
    } elseif (!$alb_count) {
676
        template_extract_block($template_select_album, 'no_album');
677
        template_extract_block($template_select_album, 'existing_albums');
678
 
679
        if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category');
680
 
681
        $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME),
682
            '{CREATE_NEW}' => $lang_xp_publish_php['create_new'],
683
            '{ALBUM}' => $lang_xp_publish_php['album'],
684
            '{CATEGORY}' => $lang_xp_publish_php['category'],
685
            '{SELECT_CATEGORY}' => $html_cat_list,
686
            '{POST_ACTION}' => $PHP_SELF . '?cmd=create_album',
687
            );
688
 
689
        echo template_eval($template_select_album, $params);
690
 
691
        $ONNEXT_SCRIPT = 'create_alb();';
692
        $ONBACK_SCRIPT = 'window.external.FinalBack();';
693
        $WIZARD_BUTTONS = 'true,true,false';
694
    } else {
695
        template_extract_block($template_select_album, 'no_album');
696
 
697
        if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category');
698
 
699
        $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME),
700
            '{UPLOAD}' => $lang_xp_publish_php['upload'],
701
            '{ALBUM}' => $lang_xp_publish_php['album'],
702
            '{SELECT_ALBUM}' => $html_album_list,
703
            '{CATEGORY}' => $lang_xp_publish_php['category'],
704
            '{SELECT_CATEGORY}' => $html_cat_list,
705
            '{CREATE_NEW}' => $lang_xp_publish_php['create_new'],
706
            '{POST_ACTION}' => $PHP_SELF . '?cmd=create_album',
707
            );
708
 
709
        echo template_eval($template_select_album, $params);
710
 
711
        $ONNEXT_SCRIPT = 'create_alb_or_use_existing();';
712
        $ONBACK_SCRIPT = 'window.external.FinalBack();';
713
        $WIZARD_BUTTONS = 'true,true,false';
714
    }
715
}
716
 
717
// Create a new album where pictures will be uploaded
718
function create_album()
719
{
720
    global $CONFIG, $HTTP_POST_VARS;
721
    global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS;
722
    global $template_create_album;
723
    global $lang_errors, $lang_xp_publish_php;
724
 
725
    if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
726
 
727
    if (USER_IS_ADMIN) {
728
        $category = (int)$HTTP_POST_VARS['cat'];
729
    } else {
730
        $category = FIRST_USER_CAT + USER_ID;
731
    }
732
 
733
    $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($HTTP_POST_VARS['new_alb_name']) . "', 'NO',  '0')";
734
    db_query($query);
735
 
736
    $params = array('{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $HTTP_POST_VARS['new_alb_name']),
737
        '{CONTINUE}' => $lang_xp_publish_php['continue'],
738
        '{ALBUM_ID}' => mysql_insert_id(),
739
        );
740
 
741
    echo template_eval($template_create_album, $params);
742
 
743
    $ONNEXT_SCRIPT = 'startUpload();';
744
    $ONBACK_SCRIPT = 'window.external.FinalBack();';
745
    $WIZARD_BUTTONS = 'true,true,true';
746
}
747
 
748
// Add a picture
749
function process_picture()
750
{
751
    global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_POST_FILES, $CONFIG, $IMG_TYPES;
752
    global $lang_db_input_php, $lang_errors;
753
 
754
    @unlink(LOGFILE);
755
 
756
    if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
757
 
758
    $album = (int)$HTTP_GET_VARS['album'];
759
    $title = '';
760
    $caption = '';
761
    $keywords = '';
762
    $user1 = '';
763
    $user2 = '';
764
    $user3 = '';
765
    $user4 = '';
766
    // Check if the album id provided is valid
767
    if (!USER_IS_ADMIN) {
768
        $result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and category = '" . (USER_ID + FIRST_USER_CAT) . "'");
769
        if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
770
        $row = mysql_fetch_array($result);
771
        mysql_free_result($result);
772
        $category = $row['category'];
773
    } else {
774
        $result = db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'");
775
        if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
776
        $row = mysql_fetch_array($result);
777
        mysql_free_result($result);
778
        $category = $row['category'];
779
    }
780
    // Test if the filename of the temporary uploaded picture is empty
781
    if ($HTTP_POST_FILES['userpicture']['tmp_name'] == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__);
782
    // Create destination directory for pictures
783
    if (USER_ID && !defined('SILLY_SAFE_MODE')) {
784
        if (USER_IS_ADMIN && ($category != (USER_ID + FIRST_USER_CAT))) {
785
            $filepath = 'wpw-' . date("Ymd");
786
        } else {
787
            $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT);
788
        }
789
        $dest_dir = $CONFIG['fullpath'] . $filepath;
790
        if (!is_dir($dest_dir)) {
791
            mkdir($dest_dir, octdec($CONFIG['default_dir_mode']));
792
            if (!is_dir($dest_dir)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true);
793
            chmod($dest_dir, octdec($CONFIG['default_dir_mode']));
794
            $fp = fopen($dest_dir . '/index.html', 'w');
795
            fwrite($fp, ' ');
796
            fclose($fp);
797
        }
798
        $dest_dir .= '/';
799
        $filepath .= '/';
800
    } else {
801
        $filepath = $CONFIG['userpics'];
802
        $dest_dir = $CONFIG['fullpath'] . $filepath;
803
    }
804
    // Check that target dir is writable
805
    if (!is_writable($dest_dir)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true);
806
 
807
    $matches = array();
808
 
809
    if (get_magic_quotes_gpc()) $HTTP_POST_FILES['userpicture']['name'] = stripslashes($HTTP_POST_FILES['userpicture']['name']);
810
    // Replace forbidden chars with underscores
811
    $forbidden_chars = strtr($CONFIG['forbiden_fname_char'], array('&amp;' => '&', '&quot;' => '"', '&lt;' => '<', '&gt;' => '>'));
812
    $picture_name = strtr($HTTP_POST_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char'])));
813
    // Check that the file uploaded has a valid extension
814
    if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) {
815
        $matches[1] = 'invalid_fname';
816
        $matches[2] = 'xxx';
817
    }
818
 
819
    if ($matches[2] == '' || !is_known_filetype($matches)) {
820
        simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__);
821
    }
822
 
823
    // Create a unique name for the uploaded file
824
    $nr = 0;
825
    $picture_name = $matches[1] . '.' . $matches[2];
826
    while (file_exists($dest_dir . $picture_name)) {
827
        $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2];
828
    }
829
    $uploaded_pic = $dest_dir . $picture_name;
830
    // Move the picture into its final location
831
    if (!move_uploaded_file($HTTP_POST_FILES['userpicture']['tmp_name'], $uploaded_pic))
832
        simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true);
833
    // Change file permission
834
    chmod($uploaded_pic, octdec($CONFIG['default_file_mode']));
835
 
836
    // Check file size. Delete if it is excessive.
837
    if (filesize($uploaded_pic) > ($CONFIG['max_upl_size'] << 10)) {
838
        @unlink($uploaded_pic);
839
        simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__);
840
    } elseif (is_image($picture_name)) {
841
 
842
        // Get picture information
843
        $imginfo = getimagesize($uploaded_pic);
844
 
845
        // getimagesize does not recognize the file as a picture
846
        if ($imginfo == null) {
847
            @unlink($uploaded_pic);
848
            simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true);
849
        }
850
 
851
        // JPEG and PNG only are allowed with GD
852
        if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) {
853
            @unlink($uploaded_pic);
854
            simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true);
855
        }
856
 
857
        // Check that picture size (in pixels) is lower than the maximum allowed
858
        if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) {
859
            @unlink($uploaded_pic);
860
            simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__);
861
        }
862
 
863
    }
864
 
865
    // Create thumbnail and internediate image and add the image into the DB
866
    $result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category);
867
    if (!$result) {
868
        @unlink($uploaded_pic);
869
        simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
870
    } else {
871
        echo ("SUCCESS");
872
        exit;
873
    }
874
 
875
}
876
// ------------------------------------------------------------------------- //
877
if (USER_IS_ADMIN && !GALLERY_ADMIN_MODE) {
878
    $USER['am'] = 1;
879
    user_save_profile();
880
}
881
 
882
$cmd = empty($HTTP_GET_VARS['cmd']) ? '' : $HTTP_GET_VARS['cmd'];
883
 
884
if (!USER_ID && $cmd && $cmd != 'send_reg') $cmd = 'login';
885
if (!empty($HTTP_POST_VARS['username'])) $cmd = 'process_login';
886
 
887
switch ($cmd) {
888
    case 'login' :
889
        output_header();
890
        form_login();
891
        output_footer();
892
        break;
893
 
894
    case 'process_login' :
895
        output_header();
896
        process_login();
897
        output_footer();
898
        break;
899
 
900
    case 'publish' :
901
        output_header();
902
        form_publish();
903
        output_footer();
904
        break;
905
 
906
    case 'create_album' :
907
        output_header();
908
        create_album();
909
        output_footer();
910
        break;
911
 
912
    case 'add_picture' :
913
        process_picture();
914
        break;
915
 
916
    case 'send_reg' :
917
        send_reg_file();
918
        break;
919
 
920
    default:
921
        display_instructions();
922
} // switch
923
 
924
?>