Blame | Last modification | View Log | Download
<?php
/*************************
Coppermine Photo Gallery
************************
Copyright (c) 2003-2005 Coppermine Dev Team
v1.1 originaly written by Gregory DEMAR
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
********************************************
Coppermine version: 1.3.3
$Source: /cvsroot/coppermine/stable/include/init.inc.php,v $
$Revision: 1.15 $
$Author: gaugau $
$Date: 2005/04/19 21:54:31 $
**********************************************/
define('COPPERMINE_VERSION', '1.3.3');
// User database integration
// Uncomment the applicable line if you want to use it
// define('UDB_INTEGRATION', 'phpbb');
// define('UDB_INTEGRATION', 'invisionboard');
// define('UDB_INTEGRATION', 'vbulletin23');
// define('UDB_INTEGRATION', 'vbulletin30');
// define('UDB_INTEGRATION', 'yabbse');
// define('UDB_INTEGRATION', 'smf');
// define('UDB_INTEGRATION', 'woltlab21');
// define('UDB_INTEGRATION', 'punbb');
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
// Start output buffering
ob_start();
// Report all errors except E_NOTICE
// This is the default value set in php.ini
// error_reporting (E_ALL ^ E_NOTICE);
error_reporting(E_ALL);
set_magic_quotes_runtime(0);
// used for timing purpose
$query_stats = array();
$queries = array();
// Perform database queries to calculate user's privileges based on group membership
function cpgGetUserData($pri_group, $groups, $default_group_id = 3)
{
//Parameters :
// $pri_group (scalar) : Group ID number of the user's 'main' group. This is the group that will be
// the user's profile display. ($USER_DATA['group_id'])
//
// $groups (array) : List of group ids of all the groups that the user is a member of. IF this list
// does not include the $pri_group, it will be added.
//
// $default_group_id (scalar) : The group used as a fall-back if no valid group ids are specified.
// If this group also does not exist then CPG will abort with a critical
// error.
//
// Returns an array containing most of the data to put into in $USER_DATA.
global $CONFIG;
foreach ($groups as $key => $val)
if (!is_numeric($val))
unset ($groups[$key]);
if (!in_array($pri_group, $groups)) array_push($groups, $pri_group);
$result = db_query("SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, " .
"MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, " .
"MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, " .
"MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, " .
"MAX(num_URI_upload) as num_URI_upload, " .
"MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, " .
"MAX(can_create_albums) as can_create_albums, " .
"MAX(has_admin_access) as has_admin_access, " .
"MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as priv_upl_need_approval ".
"FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id in (" . implode(",", $groups). ")");
if (mysql_num_rows($result)) {
$USER_DATA = mysql_fetch_assoc($result);
$result = db_query("SELECT group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id= " . $pri_group);
$temp_arr = mysql_fetch_assoc($result);
$USER_DATA["group_name"] = $temp_arr["group_name"];
} else {
$result = db_query("SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = $default_group_id");
if (!mysql_num_rows($resultt)) die('<b>Coppermine critical error</b>:<br />The group table does not contain the Anonymous group !');
$USER_DATA = mysql_fetch_assoc($result);
}
mysql_free_result($result);
if ( $USER_DATA['ufc_max'] == $USER_DATA['ufc_min'] ) {
$USER_DATA["upload_form_config"] = $USER_DATA['ufc_min'];
} elseif ($USER_DATA['ufc_min'] == 0) {
$USER_DATA["upload_form_config"] = $USER_DATA['ufc_max'];
} elseif ((($USER_DATA['ufc_max'] == 2) or ($USER_DATA['ufc_max'] == 3)) and ($USER_DATA['ufc_min'] == 1)) {
$USER_DATA["upload_form_config"] = 3;
} elseif (($USER_DATA['ufc_max'] == 3) and ($USER_DATA['ufc_min'] == 2)) {
$USER_DATA["upload_form_config"] = 3;
} else {
$USER_DATA["upload_form_config"] = 0;
}
$USER_DATA["group_quota"] = ($USER_DATA["disk_min"])?$USER_DATA["disk_max"]:0;
$USER_DATA['can_see_all_albums'] = $USER_DATA['has_admin_access'];
$USER_DATA["group_id"] = $pri_group;
$USER_DATA['groups'] = $groups;
if (get_magic_quotes_gpc() == 0)
$USER_DATA['group_name'] = mysql_escape_string($USER_DATA['group_name']);
return($USER_DATA);
}
function cpgGetMicroTime()
{
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
$time_start = cpgGetMicroTime();
// Do some cleanup in GET, POST and cookie data and un-register global vars
$HTML_SUBST = array('"' => '"', '<' => '<', '>' => '>');
if (get_magic_quotes_gpc()) {
if (is_array($HTTP_POST_VARS)) {
foreach ($HTTP_POST_VARS as $key => $value) {
if (!is_array($value))
$HTTP_POST_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}
if (is_array($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $key => $value) {
$HTTP_GET_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}
if (is_array($HTTP_COOKIE_VARS)) {
foreach ($HTTP_COOKIE_VARS as $key => $value) {
if (!is_array($value))
$HTTP_COOKIE_VARS[$key] = stripslashes($value);
if (isset($$key)) unset($$key);
}
}
} else {
if (is_array($HTTP_POST_VARS)) {
foreach ($HTTP_POST_VARS as $key => $value) {
if (!is_array($value))
$HTTP_POST_VARS[$key] = strtr($value, $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}
if (is_array($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $key => $value) {
$HTTP_GET_VARS[$key] = strtr($value, $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}
if (is_array($HTTP_COOKIE_VARS)) {
foreach ($HTTP_COOKIE_VARS as $key => $value) {
if (isset($$key)) unset($$key);
}
}
}
// Initialise the $CONFIG array and some other variables
$CONFIG = array();
$PHP_SELF = isset($HTTP_SERVER_VARS['REDIRECT_URL']) ? $HTTP_SERVER_VARS['REDIRECT_URL'] : $HTTP_SERVER_VARS['SCRIPT_NAME'];
$REFERER = urlencode($PHP_SELF . (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING'] ? '?' . $HTTP_SERVER_VARS['QUERY_STRING'] : ''));
$ALBUM_SET = '';
$FORBIDDEN_SET = '';
$CURRENT_CAT_NAME = '';
$CAT_LIST = '';
// Record User's IP address
$raw_ip = stripslashes($HTTP_SERVER_VARS['REMOTE_ADDR']);
if (isset($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
$hdr_ip = stripslashes($HTTP_SERVER_VARS['HTTP_CLIENT_IP']);
} else {
if (isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
$hdr_ip = stripslashes($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
} else {
$hdr_ip = $raw_ip;
}
}
if (!preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $raw_ip)) $raw_ip = '0.0.0.0';
if (!preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $hdr_ip)) $hdr_ip = '0.0.0.0';
// Define some constants
define('USER_GAL_CAT', 1);
define('FIRST_USER_CAT', 10000);
define('RANDPOS_MAX_PIC', 200);
define('TEMPLATE_FILE', 'template.html');
// Constants used by the cpg_die function
define('INFORMATION', 1);
define('ERROR', 2);
define('CRITICAL_ERROR', 3);
// Include config and functions files
if(file_exists('include/config.inc.php')){
require 'include/config.inc.php';
} else {
// error handling: if the config file doesn't exist go to install
print <<< EOT
<html>
<head>
<title>Coppermine not installed yet</title>
<meta http-equiv="refresh" content="10;url=install.php">
<style type="text/css">
<!--
body { font-size: 12px; background: #FFFFFF; margin: 20%; color: black; font-family: verdana, arial, helvetica, sans-serif;}
-->
</style>
</head>
<body>
<img src="images/coppermine_logo.png" alt="Coppermine Photo Gallery - Your Online Photo Gallery" /><br />
Coppermine Photo Gallery seems not to be installed correctly, or you're running coppermine for the first time. You'll be redirected to the installer. If your browser doesn't support redirect, click <a href="install.php">here</a>.
</body>
</html>
EOT;
die();
}
require 'include/functions.inc.php';
$CONFIG['TABLE_PICTURES'] = $CONFIG['TABLE_PREFIX']."pictures";
$CONFIG['TABLE_ALBUMS'] = $CONFIG['TABLE_PREFIX']."albums";
$CONFIG['TABLE_COMMENTS'] = $CONFIG['TABLE_PREFIX']."comments";
$CONFIG['TABLE_CATEGORIES'] = $CONFIG['TABLE_PREFIX']."categories";
$CONFIG['TABLE_CONFIG'] = $CONFIG['TABLE_PREFIX']."config";
$CONFIG['TABLE_USERGROUPS'] = $CONFIG['TABLE_PREFIX']."usergroups";
$CONFIG['TABLE_VOTES'] = $CONFIG['TABLE_PREFIX']."votes";
$CONFIG['TABLE_USERS'] = $CONFIG['TABLE_PREFIX']."users";
$CONFIG['TABLE_BANNED'] = $CONFIG['TABLE_PREFIX']."banned";
$CONFIG['TABLE_EXIF'] = $CONFIG['TABLE_PREFIX']."exif";
$CONFIG['TABLE_FILETYPES'] = $CONFIG['TABLE_PREFIX']."filetypes";
$CONFIG['TABLE_ECARDS'] = $CONFIG['TABLE_PREFIX']."ecards";
$CONFIG['TABLE_TEMPDATA'] = $CONFIG['TABLE_PREFIX']."temp_data";
// User DB system
if (defined('UDB_INTEGRATION')) require 'bridge/' . UDB_INTEGRATION . '.inc.php';
// Connect to database
cpg_db_connect() || die("<b>Coppermine critical error</b>:<br />Unable to connect to database !<br /><br />MySQL said: <b>" . mysql_error() . "</b>");
// Retrieve DB stored configuration
$results = db_query("SELECT * FROM {$CONFIG['TABLE_CONFIG']}");
while ($row = mysql_fetch_array($results)) {
$CONFIG[$row['name']] = $row['value'];
} // while
mysql_free_result($results);
require 'include/media.functions.inc.php';
// Parse cookie stored user profile
user_get_profile();
// Authenticate
if (defined('UDB_INTEGRATION')) {
udb_authenticate();
} else {
if (!isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid']) || !isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass'])) {
$cookie_uid = 0;
$cookie_pass = '*';
} else {
$cookie_uid = (int)$HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_uid'];
$cookie_pass = substr(addslashes($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_pass']), 0, 32);
}
$sql = "SELECT * " . "FROM {$CONFIG['TABLE_USERS']} WHERE user_id='$cookie_uid'" . "AND user_active = 'YES' " . "AND user_password != '' " . "AND BINARY MD5(user_password) = '$cookie_pass'";
$results = db_query($sql);
if (mysql_num_rows($results)) {
$USER_DATA = mysql_fetch_assoc($results);
//unset($USER_DATA['user_password']);
$USER_DATA['user_password'] = '********';
$USER_DATA = $USER_DATA + cpgGetUserData($USER_DATA['user_group'], explode(',', $USER_DATA['user_group_list']));
define('USER_ID', (int)$USER_DATA['user_id']);
define('USER_NAME', $USER_DATA['user_name']);
define('USER_GROUP', $USER_DATA['group_name']);
define('USER_GROUP_SET', '(' . implode(',', $USER_DATA['groups']) . ')');
define('USER_IS_ADMIN', (int)$USER_DATA['has_admin_access']);
define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
define('USER_CAN_CREATE_ALBUMS', (int)$USER_DATA['can_create_albums']);
define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
mysql_free_result($results);
} else {
$USER_DATA = cpgGetUserData(3, array(3));
define('USER_ID', 0);
define('USER_NAME', 'Anonymous');
define('USER_GROUP', $USER_DATA['group_name']);
define('USER_GROUP_SET', '(' . $USER_DATA['group_id'] . ')');
define('USER_IS_ADMIN', 0);
define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
define('USER_CAN_CREATE_ALBUMS', 0);
define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
mysql_free_result($results);
}
}
// Test if admin mode
$USER['am'] = isset($USER['am']) ? (int)$USER['am'] : 0;
define('GALLERY_ADMIN_MODE', USER_IS_ADMIN && $USER['am']);
define('USER_ADMIN_MODE', USER_ID && USER_CAN_CREATE_ALBUMS && $USER['am'] && !GALLERY_ADMIN_MODE);
// Set error logging level
if ($CONFIG['debug_notice']==1 && ($CONFIG['debug_mode']==1 || ($CONFIG['debug_mode']==2 && GALLERY_ADMIN_MODE ))) {
error_reporting (E_ALL);
} else {
error_reporting (E_ALL ^ E_NOTICE);
}
// Process theme selection if present in URI or in user profile
if (!empty($HTTP_GET_VARS['theme'])) {
$USER['theme'] = $HTTP_GET_VARS['theme'];
}
// Load theme file
if (isset($USER['theme']) && !strstr($USER['theme'], '/') && is_dir('themes/' . $USER['theme'])) {
$CONFIG['theme'] = strtr($USER['theme'], '$/\\:*?"\'<>|`', '____________');
} else {
unset($USER['theme']);
}
if (!file_exists("themes/{$CONFIG['theme']}/theme.php")) $CONFIG['theme'] = 'classic';
require "themes/{$CONFIG['theme']}/theme.php";
$THEME_DIR = "themes/{$CONFIG['theme']}/";
// Process language selection if present in URI or in user profile or try
// autodetection if default charset is utf-8
if (!empty($HTTP_GET_VARS['lang'])) {
$USER['lang'] = $HTTP_GET_VARS['lang'];
}
if (isset($USER['lang']) && !strstr($USER['lang'], '/') && file_exists('lang/' . $USER['lang'] . '.php')) {
$CONFIG['default_lang'] = $CONFIG['lang']; // Save default language
$CONFIG['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________');
} elseif ($CONFIG['charset'] == 'utf-8') {
include('include/select_lang.inc.php');
if (file_exists('lang/' . $USER['lang'] . '.php')) {
$CONFIG['default_lang'] = $CONFIG['lang']; // Save default language
$CONFIG['lang'] = $USER['lang'];
}
} else {
unset($USER['lang']);
}
if (!file_exists("lang/{$CONFIG['lang']}.php")) $CONFIG['lang'] = 'english';
require "lang/{$CONFIG['lang']}.php";
// See if the fav cookie is set else set it
if (isset($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_fav'])) {
$FAVPICS = @unserialize(@base64_decode($HTTP_COOKIE_VARS[$CONFIG['cookie_name'] . '_fav']));
foreach ($FAVPICS as $key => $id ){
$FAVPICS[$key] = (int)$id; //protect against sql injection attacks
}
} else {
$FAVPICS = array();
}
// load the main template
load_template();
// Remove expired bans
$now = date('Y-m-d H:i:s');
db_query("DELETE FROM {$CONFIG['TABLE_BANNED']} WHERE expiry < '$now'");
// Check if the user is banned
$user_id = USER_ID;
$result = db_query("SELECT * FROM {$CONFIG['TABLE_BANNED']} WHERE ip_addr='$raw_ip' OR ip_addr='$hdr_ip' OR user_id=$user_id");
if (mysql_num_rows($result)) {
pageheader($lang_error);
msg_box($lang_info, $lang_errors['banned']);
pagefooter();
exit;
}
mysql_free_result($result);
// Retrieve the "private" album set
if (!GALLERY_ADMIN_MODE && $CONFIG['allow_private_albums']) get_private_album_set();
if (!USER_IS_ADMIN && $CONFIG['offline'] && !strstr($_SERVER["SCRIPT_NAME"],'login')) {
pageheader($lang_errors['offline_title']);
msg_box($lang_errors['offline_title'], $lang_errors['offline_text']);
pagefooter();
exit;
}
?>