New installation detected, you will be redirected in 3 seconds...';
exit;
}
if (!validate_running_config()) {
trigger_error(CONF_DIR.INI_FILE.' contains error(s), please correct the problem(s) and reload the page', E_USER_ERROR);
}
/*****************************************************
**** Dynamic Include/Define section ***
*****************************************************/
// For internal use (include, etc.)
define('CURRENT_THEME_DIR', THEMES_DIR.$config['theme'].DIR_SEP);
// For external use (within content was will be output and for which we need '/')
$theme_dir = CURRENT_THEME_DIR;
$base_3rd_part_dir = BASE_DIR . '3rd-part/';
$base_images_dir = BASE_DIR . 'images/';
$base_styles_dir = BASE_DIR . 'styles/';
$base_js_dir = BASE_DIR . 'js/';
if ($config['script_name']) {
define('SCRIPT_NAME', $config['script_name']);
} else define('SCRIPT_NAME', $_SERVER['SCRIPT_NAME']);
// You might want to use SERVER_NAME instead of HTTP_HOST - HTTP_HOST seems to deal better with domain alias than SERVER_NAME
define('HTTP_HOST', $_SERVER['HTTP_HOST']);
if ($config['use_exif'] || $config['use_iptc']) include_once INCLUDE_DIR."functions_metadata.inc.php";
if($config['database_type']=="mysql") require_once INCLUDE_DIR."db_mysql.inc.php";
elseif($config['database_type']=="file") require_once INCLUDE_DIR."db_file.inc.php";
else die("ERROR, Please choose either 'mysql' or 'file' as database type in your config file");
/**********************************************
**** Error Handler init ***
**********************************************/
include_once INCLUDE_DIR . 'yorsh-errorhandler.class.php';
// Set PHP error reporting to max level
error_reporting(E_ALL ^ E_NOTICE);
// Define parameters depending of $config['debug_mode']
switch ($config['debug_mode']) {
case 0:
define('ERROR_REPORT_LEVEL', 'FATAL');
// error_reporting(0);
$error_display = 1;
$error_log = 1;
$error_verbose = 0;
$error_generic = 1;
break;
case 1:
define('ERROR_REPORT_LEVEL', 'ERROR');
$error_display = 1;
$error_log = 1;
$error_verbose = 0;
$error_generic = 0;
break;
case 2:
define('ERROR_REPORT_LEVEL', 'WARNING');
$error_display = 1;
$error_log = 1;
$error_verbose = 0;
$error_generic = 0;
break;
case 3:
define('ERROR_REPORT_LEVEL', 'DEBUG');
$error_display = 1;
$error_log = 1;
$error_verbose = 1;
$error_generic = 0;
case 4:
define('ERROR_REPORT_LEVEL', 'DEBUG');
$error_display = 1;
$error_log = 1;
$error_verbose = 1;
$error_generic = 0;
break;
default:
die('FATAL ERROR, Current value set for debug_mode in conf/config.ini.php is incorrect, please read the manual to see what values are allowed, correct the problem and reload this page');
}
$error_handler = new YorshErrorHandler($error_display, $error_log, $error_verbose, $error_generic);
// Don't display DEBUG messages but keep them safe in a buffer
$error_handler->setBufferizeDebug(1);
/**********************************************
**** Configuration check & Init ***
**********************************************/
if ($config['debug_mode'] >= 4) {
$error_handler->disableDisplay();
trigger_error('DEBUG: --MARK-- Configuration Check & Init', DEBUG);
$error_handler->restoreDisplay();
}
if ($_GET['displaypic'] || $_GET['previewpic']) {
/**
* For now, only used to know if we can output error messages
* Typically, when the script is called to display an image,
* it's considered in BACKGROUND_MODE
*/
define('BACKGROUND_MODE', TRUE);
$error_handler->setDisplay(0);
}
if (is_readable(LANG_DIR.DEFAULT_LANG_FILE)) include_once LANG_DIR.DEFAULT_LANG_FILE; else trigger_error("Can NOT open the default language file '".DEFAULT_LANG_FILE."'", FATAL);
if ($config['database_type'] == 'mysql') {
if (!mysql_db_connect($config['db_host'], $config['db_name'], $config['db_user'], $config['db_pass'])) {
trigger_error("DEBUG: MySQL Error: ".$mysql_error, DEBUG);
trigger_error("Unable to connect to MySQL database", FATAL);
}
}
if (!is_writable($config['data_dir'])) {
trigger_error("Your data directory is NOT writable, check the permissions", FATAL);
}
if (is_dir($config['data_dir'].'compiled')) {
if (!is_writable($config['data_dir'].'compiled')) {
trigger_error("'".$config['data_dir'].'compiled'."' directory is NOT writable, check the permissions", FATAL);
}
} else {
mkdir($config['data_dir'].'compiled');
}
if (!is_readable($config['pictures_dir'])) trigger_error('Can not access pictures_dir directory, either change the path in your config file or check the permissions', FATAL);
// Defining which image/types are handled (depending on the $config['thumb_generator'])
// TODO: Rewrite a clean method that is used everywhere, in the meantime, this should do the job
if ($config['thumb_generator'] == "convert") {
// Unfortunately, even if convert does definitly handle tiff files,
// the actual code because it assumes the thumb/lowres does have
// the exact same name and so the same extension and browsers don't
// handle anything but jpeg, gif and png...
$handled_image_types_preg = '/\.(jpe?g|gif|png)$/i';
} elseif ($config['thumb_generator'] == "gd") {
$handled_image_types_preg = '/\.(jpe?g|gif|png)$/i';
} else {
// Fall-back to "manual", all the pictures are theoritically handled
// the only limitation being the user web browser
$handled_image_types_preg = '/\.(jpe?g|gif|png)$/i';
}
if ($config['language_file'] && $config['language_file'] != DEFAULT_LANG_FILE) {
if (is_file(LANG_DIR.$config['language_file'])) {
include_once LANG_DIR.$config['language_file'];
} else trigger_error("Can NOT open non-default language file '".$config['language_file']."' defined in the config. ", ERROR);
}
if (is_file(CURRENT_THEME_DIR.CUSTOM_LANG_FILE)) include_once CURRENT_THEME_DIR.CUSTOM_LANG_FILE;
if ($config['use_sem'] && !function_exists(sem_get)) {
$config['use_sem'] = 0;
trigger_error("use_sem is actually set to active in your config file but your php was not compiled with the semaphore option. Please disable it as you may encounter problems", WARNING);
}
if ($config['use_direct_urls']) {
if (is_file($config['pictures_dir'].'.htaccess')) cust_error('00201');
}
if (function_exists('ini_get') && ini_get('safe_mode')) {
define('SAFE_MODE', true);
} else define('SAFE_MODE', false);
/**********************************************
**** Classes Init / Object creations ***
**********************************************/
require_once INCLUDE_DIR . 'filetypes.class.php';
require_once INCLUDE_DIR . 'filetypes_data.inc.php';
$pgFileTypes = new handledphpGraphyFileTypes();
require_once INCLUDE_DIR . 'phpgraphy-naming-standard.class.php';
$phpGraphyNaming = new phpGraphyNamingStandard();
/**********************************************
**** Template Engine Init ***
**********************************************/
if ($config['debug_mode'] >= 4) {
$error_handler->disableDisplay();
trigger_error('DEBUG: --MARK-- Template Engine Init', DEBUG);
$error_handler->restoreDisplay();
}
require_once TPL_ENGINE_DIR."class.template.php";
$tpl = new template;
$tpl->force_compile = true;
$tpl->compile_check = true;
$tpl->cache = false;
$tpl->cache_lifetime = 3600;
$tpl->config_overwrite = false;
$tpl->template_dir = PHPGRAPHY_DIR . CURRENT_THEME_DIR . 'templates' . DIR_SEP;
$tpl->compile_dir = PHPGRAPHY_DIR . $config['data_dir'] . 'compiled';
/**********************************************
**** Session handling ***
**********************************************/
if ($config['debug_mode'] >= 4) {
$error_handler->setDisplay(0);
trigger_error('DEBUG: --MARK-- Session Handling', DEBUG);
$error_handler->setDisplay(1);
}
if ($config['use_session']) {
if (is_writable(session_save_path())) {
// Line below added so the page is still W3C valid
if (function_exists("ini_set")) ini_set("arg_separator.output","&");
session_start();
} else {
$config['use_session'] = 0;
trigger_error("\$config['use_session'] is set to 1 in the config file but the server session_save_path ".session_save_path()." is currently not writable - correct the directory problem or disable the sessions use", WARNING);
}
}
/****************************************************************
**** $_REQUEST ($_GET / $_POST / $_COOKIE) input validation ***
****************************************************************/
if ($config['debug_mode'] >= 4) {
$error_handler->disableDisplay();
trigger_error('DEBUG: --MARK-- $_REQUEST input validation', DEBUG);
$error_handler->restoreDisplay();
}
require_once INCLUDE_DIR.'yorsh-variablevalidation.class.php';
// Extend the class with $_REQUEST data
require_once INCLUDE_DIR.'yorsh-varval-request_data.inc.php';
// Create object that will be used to validate $_REQUEST
$request_validation = new RequestYorshVariableValidation();
foreach ($_REQUEST as $varname => $value) {
// Removing slashes if already added by magic_quotes_gpc
// (We will handle the quote protection at the DB Layer)
if (get_magic_quotes_gpc()) {
$value=stripslashes($value);
}
if ($request_validation->check_var($varname, $value)) {
// Registering $varname in the global scope if not a COOKIE
if (!isset($_COOKIE[$varname])) {
// trigger_error("DEBUG: Registering \$".$varname." in the global scope", WARNING);
$$varname=$value;
} else {
// Unregistering COOKIE value from global scope, we don't want it there
trigger_error("DEBUG: Cookie content for ".$varname." has been cleared from the global scope", DEBUG);
if (isset($$varname)) $$varname = null;
}
} else {
// Unregistering variable from globalscope if registered by register_globals
$error_handler->disableDisplay();
if (isset($$varname)) $$varname = null;
trigger_error("DEBUG:".$varname." has not cleared from the global scope", DEBUG);
$error_handler->restoreDisplay();
}
}
/*****************************************
**** Login/Logout - SessionHandling ***
*****************************************/
if ($config['debug_mode'] >= 4) {
$error_handler->disableDisplay();
trigger_error('DEBUG: --MARK-- Login/Logout - SessionHandling', DEBUG);
$error_handler->restoreDisplay();
}
// Output Buffering
if ($config['use_ob']) ob_start();
// logout ?
if($logout) {
if ($_COOKIE['phpGraphyLoginValue']) set_cookie_login_val("");
session_unset();
header("Location: " . SCRIPT_NAME);
exit;
}
// logging in ?
$user_row = null;
$logged = 0;
if ($startlogin) {
if (!headers_sent()) {
if ($user_row=is_login_ok($user,$pass)) {
if ($rememberme) {
set_cookie_login_val($user_row["cookieval"]);
}
$_SESSION['phpGraphyLoginValue']=$user_row["cookieval"];
$logged=1;
} else {
trigger_error("DEBUG: authentication of user '$user' FAILED", DEBUG);
trigger_error("Authentication failed, invalid login/password", ERROR);
$error_login=1;
// Re-set $login to ask again for a login/pass
$login=1;
}
} else trigger_error("In order for the authentication to work, you must resolve the error above", ERROR);
} elseif ($_COOKIE['phpGraphyLoginValue']) { // login cookie present ?
if (!BACKGROUND_MODE) {
$error_handler->disableDisplay();
trigger_error("DEBUG:Found an authentication cookie, trying to match it with a login", DEBUG);
$error_handler->restoreDisplay();
}
if ($user_row=db_get_login($_COOKIE['phpGraphyLoginValue'])) {
if (!BACKGROUND_MODE) {
$error_handler->disableDisplay();
trigger_error('DEBUG:User \''.$user_row['login'].'\' successfully authenticated', DEBUG);
$error_handler->restoreDisplay();
}
$logged=1;
} else {
set_cookie_login_val("");
trigger_error("An invalid authentication cookie has been found and deleted", WARNING);
}
} elseif ($_SESSION['phpGraphyLoginValue']) { // valid session present ?
$error_handler->disableDisplay();
trigger_error("DEBUG:Found a session cookie, trying to match it with a login", DEBUG);
$error_handler->restoreDisplay();
if ($user_row=db_get_login($_SESSION['phpGraphyLoginValue'])) {
$error_handler->disableDisplay();
trigger_error('DEBUG:User \''.$user_row['login'].'\' successfully authenticated', DEBUG);
$error_handler->restoreDisplay();
$logged=1;
} else {
trigger_error("Session authentication error, try closing your browser or removing the session cookie", WARNING);
}
}
$admin=($user_row["seclevel"]==999);
/******************************************************
**** Main program - $_REQUEST dependant behavior ***
******************************************************/
if ($config['debug_mode'] >= 4) {
$error_handler->disableDisplay();
trigger_error('DEBUG: --MARK-- Main program - $_REQUEST dependant behavior', DEBUG);
$error_handler->restoreDisplay();
}
// Assign a value to $dir if not done already
if($display && (dirname($display) != ".")) $dir=dirname($display);
// Directory name NEED a trailing slash !
if($dir && substr($dir,-1)!='/') $dir.='/';
// pic rating update ?
if ($display && $rating) {
// TODO: Translate errors
if (!already_rated($display)) {
if ($rating > 0 && $rating <= $config['highest_rating']) {
if (!db_add_rating($display,$rating)) trigger_error("An error has occured while recording rating", WARNING);
} else trigger_error("Rating value should be between 1 and ".$config['highest_rating'], ERROR);
} else trigger_error("You've already voted", ERROR);
}
// adding comment ?
if(isset($addingcomment) && (trim($comment) || trim($user))) {
if ((int)$user_row["seclevel"] < $config['postcomment_min_level']) {
trigger_error("You don't have enough privileges to post a comment", E_USER_NOTICE);
exit;
}
$picname=reformat($picname);
if ($rememberme && $user) set_cookie_commentname_val($user);
if (!$rememberme && $_COOKIE['phpGraphyVisitorName']) set_cookie_commentname_val("");
// if value has been filtered, replace it with a filtered msg
if ($_REQUEST['comment'] && !$comment) $comment = $txt['*filtered*'];
if ($_REQUEST['user'] && !$user) $user = $txt['*filtered*'];
db_add_user_comment($picname,$comment,$user); ?>
= 4) {
$error_handler->disableDisplay();
trigger_error('DEBUG: --MARK-- Main program - ADMIN only part', DEBUG);
$error_handler->restoreDisplay();
}
// pic comment update ?
if ($updpic == "1" && $admin) db_update_pic($display,$dsc,$lev);
// dir level update ?
if ($updatedir && $admin) db_update_pic($dir,$dirtitle,$dirlevel);
// directory cover picture change
if ($dirthumbchange && $dirthumbnail && $admin) {
if (is_file($phpGraphyNaming->getFileFullPath($dir.$dirthumbnail))) {
$dirthumbnail = $phpGraphyNaming->getThumbPath($dir.$dirthumbnail);
} elseif (is_file($phpGraphyNaming->pictures_directory.$phpGraphyNaming->getThumbPathForDirectory($dir.$dirthumbnail))) {
$dirthumbnail = $phpGraphyNaming->getThumbPathForDirectory($dir.$dirthumbnail);
} elseif ($dirthumbnail != "-remove-") {
trigger_error("Unable to find source picture '$dirthumbnail' to update '$dir' cover.", ERROR);
$dirthumbnail_error = 1;
}
if (!$dirthumbnail_error) {
trigger_error("DEBUG:Updating directory cover for directory '$dir' with '$dirthumbnail'", DEBUG);
update_directory_cover($dir, $dirthumbnail);
}
}
// dir creation ?
if ($admin && $dircreate && $createdirname != "") {
if (!mkdir($config['pictures_dir'].$dir.$createdirname,0755)) trigger_error("Unable to create ".$dir, ERROR);
if ($config['default_file_permissions']) chmod($config['pictures_dir'].$dir.$createdirname, $config['default_file_permissions']);
}
// file uploaded ?
if ($admin && $picupload && is_array($_FILES['pictures'])) {
trigger_error("DEBUG: File upload detected", E_USER_NOTICE);
foreach ($_FILES["pictures"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["pictures"]["tmp_name"][$key];
$filename = basename($_FILES['pictures']['name'][$key]);
$destpath = $config['pictures_dir'].$dir."/";
trigger_error("DEBUG: Moving uploaded file \"$filename\" to $destpath", DEBUG);
if (!is_file($destpath.$filename)) {
if (!move_uploaded_file($tmp_name, $destpath.$filename)) {
trigger_error("Failed to move uploaded file \"$filename\" to $destpath", ERROR);
}
if ($config['default_file_permissions']) {
trigger_error('DEBUG: Setting permissions of '.$filename.' to '.$config['default_file_permissions'], DEBUG);
chmod($destpath.$filename, octdec($config['default_file_permissions']));
}
} else {
unlink($tmp_name);
cust_error('00401', $filename);
}
}
}
}
// file copy from an url ? (Need PHP 4.3.0)
if ($admin && $copyfromurl && $userurl) {
$filename=basename($userurl);
$full_dir=$config['pictures_dir'].$dir;
if (!is_file($full_dir.$filename)) {
if (is_writable($full_dir)) {
if (!copy($userurl,$full_dir.$filename)) trigger_error('Copy from url failed', ERROR);
} else trigger_error("Unable to write in $dir", ERROR);
if ($config['default_file_permissions']) {
trigger_error('DEBUG: Setting permissions of '.$filename.' to '.$config['default_file_permissions'], DEBUG);
chmod($full_dir.$filename, octdec($config['default_file_permissions']));
}
} else {
cust_error('00401', $filename);
}
}
// deleting comment ?
if($admin && $delcom) db_del_user_comment($display,$delcom);
// updating .welcome ?
if ($admin && $updwelcome && isset($welcomedata) && check_welcome($dir)) {
if (strlen($welcomedata) < 10000) {
write_welcome($dir,$welcomedata);
echo "";
} else echo "Sorry more data (10k) than allowed, protection aborting the operation ";
exit;
}
// rotating image ?
// NB: As we use the user input validation now, we won't re-check the validity of the input
if ($admin && $display && $rotatepic) {
// Get the rotation value (1, 2 or 3)
$rotate_value=$rotatepic;
// We first delete the lowres and thumb as they won't be valid anymore
delete_pic($display,"thumb");
trigger_error("DEBUG: calling rotate_image($display,$rotate_value)", E_USER_NOTICE);
rotate_image($config['pictures_dir'].$display, $rotate_value);
}
// pic delete
if($updpic=="del"&&$admin) {
delete_pic($display);
//jump back to the directory after deleting the pic
$dir=dirname($display);
header("Location: ./?dir=$dir&startpic=$i");
exit;
}
// Delete thumbs and lr pictures (handful function when generation has failed for some reasons)
if($updpic=="delthumb"&&$admin) {
delete_pic($display,"thumb");
//jump back to the directory after deleting the pic
$dir=dirname($display);
header("Location: ./?dir=$dir&startpic=$i");
exit;
}
}// EOF if ($admin)
/***************************************************************
**** Main program (background operations/image display) *****
***************************************************************/
if ($config['debug_mode'] >= 4) {
$error_handler->disableDisplay();
trigger_error('DEBUG: --MARK-- Main program - background operations/image display', DEBUG);
$error_handler->restoreDisplay();
}
// If random picture, pickup a random pic and assign it to $display, $displaypic or $previewpic
if (isset($random)) {
$level = 0;
if ($logged) $level = (int)$user_row["seclevel"];
$ok = 0;
srand ((double) microtime() * 1000000);
if ($find_ar=scan_dir($config['pictures_dir'], $handled_image_types_preg)) {
$l=sizeof($find_ar) - 1;
for($try=0;!$ok && $try<32;$try++) {
$random_nb=rand(0,$l);
$pickline=substr($find_ar[$random_nb],strlen($config['pictures_dir']));
if (get_level($pickline) <= $level) $ok = 1;
}
if ($ok) {
if (isset($previewpic)) {
$previewpic = $pickline;
} elseif (isset($displaypic)) {
$displaypic = $pickline;
} else {
$display = $pickline;
$dir = substr($display,0,strrpos($display,"/"))."/";
}
}
}
}
// BEGIN - DISPLAYPIC
if($displaypic && get_level($displaypic)<=(int)$user_row["seclevel"]) {
// This is all background, don't ouput errors
$error_handler->disableDisplay();
if ($config['debug_mode'] >= 4) {
trigger_error('DEBUG: --MARK-- Main program - displaying picture in highres/lowres', DEBUG);
}
// If handled content but not image, send content with mime type
if($pgFileTypes->isHandled($displaypic) && !$pgFileTypes->isImage($displaypic)) {
header("Content-type: ".$pgFileTypes->getFileMimeType($displaypic));
if ($mode == 'saveas') header('Content-Disposition: attachement; filename="'.basename($displaypic).'"');
else header('Content-Disposition: inline; filename="'.basename($displaypic).'"');
readfile($config['pictures_dir'].$displaypic);
exit;
}
// Do we handle this type of picture ?
if (!$pgFileTypes->isImage($displaypic)) {
header("Content-type: image/gif");
readfile($base_images_dir.'unknow_type.gif');
trigger_error("Can't display '".basename($displaypic)."', picture type not supported", FATAL);
}
// Fall back to default - handled image type
header("Content-type: " . $pgFileTypes->getFileMimeType($displaypic));
if(filesize($phpGraphyNaming->getFileFullPath($displaypic))>=$config['lr_limit'] && !$non_lr) {
// switch to lr_mode
$lrdir = $phpGraphyNaming->getLowresFullDir($displaypic);
$lrfile = $phpGraphyNaming->getLowresFullPath($displaypic);
if(!file_exists($lrfile)) {
if ($config['thumb_generator'] == 'manual') {
trigger_error("No lowres found for '$displaypic' generate one yourself or choose a thumb_generator", FATAL);
}
if (!is_dir($lrdir)) {
if (!@mkdir($lrdir,0755)) {
trigger_error("mkdir($lrdir) failed", ERROR);
}
if ($config['default_file_permissions']) chmod($lrdir, $config['default_file_permissions']);
}
if (!convert_image($phpGraphyNaming->getFileFullPath($displaypic),$lrfile,$config['lr_res'],$config['lr_quality'])) {
trigger_error("convert_image() of '$displaypic' has failed", FATAL);
}
}
if(file_exists($lrfile)) {
header('Content-Disposition: inline; filename="'.'lr_'.basename($displaypic).'"');
readfile($lrfile);
trigger_error('DEBUG: --MARK-- Main program - Just displayed lowres pic "'.$lrfile.'"', DEBUG);
} else {
trigger_error("File '$lrfile' is not readable or does not exist", ERROR);
}
exit;
} elseif (filesize($phpGraphyNaming->getFileFullPath($displaypic))<$config['lr_limit'] || (int)$user_row["seclevel"]>=$config['highres_min_level']) {
header('Content-Disposition: inline; filename="'.basename($displaypic).'"');
readfile($config['pictures_dir'].$displaypic);
trigger_error('DEBUG: --MARK-- Main program - Just displayed highres pic "'.$displaypic.'"', DEBUG);
exit;
}
// We should never trigger the following one
trigger_error('A fatal error has occured will trying to display a picture', FATAL);
die;
}
// END - DISPLAYPIC
// BEGIN - PREVIEWPIC JS Mode - Javascript Code Generation (for remote inclusion)
if($previewpic && get_level($previewpic)<=(int)$user_row["seclevel"] && $mode == 'js') {
$picinfo=getimagesize($phpGraphyNaming->getThumbFullPath($previewpic));
$picinfo['title'] = get_title($previewpic);
if ($_SERVER['HTTPS'] == on) $proto == 'https'; else $proto='http';
header("Content-type: application/x-javascript");
$html = "var phpg_txt = '';\n";
$html .= "phpg_txt+='
';\n";
$html .= "document.write(phpg_txt);";
echo $html;
exit;
}
// BEGIN - PREVIEWPIC
if($previewpic && get_level($previewpic)<=(int)$user_row["seclevel"]) {
// This is all background, don't ouput errors
$error_handler->disableDisplay();
if ($config['debug_mode'] >= 4) {
trigger_error('DEBUG: --MARK-- Main program - displaying thumbnail', DEBUG);
}
$prdir = $phpGraphyNaming->getThumbFullDir($previewpic);
if (!is_dir($prdir)) {
if (!@mkdir($prdir,0755)) trigger_error("mkdir($prdir) failed", ERROR);
if ($config['default_file_permissions']) chmod($lrdir, $config['default_file_permissions']);
}
$prfile = $phpGraphyNaming->getThumbFullPath($previewpic);
// Is this a registered filetype ?
if ($ft=$pgFileTypes->getFileInfo($previewpic)) {
// Is this a picture ?
if ($pgFileTypes->isImage($previewpic)) {
header("Content-type: ".$pgFileTypes->getFileMimeType($previewpic));
header('Content-Disposition: inline; filename="'.basename($previewpic).'"');
if(!file_exists($prfile)) {
if ($config['thumb_generator'] == 'manual') {
trigger_error("No thumbnail found for '$previewpic' generate one yourself or choose a thumb_generator", FATAL);
}
// No thumbnail found, generating one
if (!convert_image($phpGraphyNaming->getFileFullPath($previewpic),$prfile,$config['thumb_res'],$config['thumb_quality'])) {
trigger_error("Error while generating thumbnail for '$previewpic'", FATAL);
}
}
readfile($prfile);
exit;
} elseif ($pgFileTypes->isVideo($previewpic)) {
// Is this a video ?
if (!file_exists($prfile) && $config['movie_extractor'] == 'ffmpeg') {
require_once INCLUDE_DIR . 'yorsh-ffmpeg-wrapper.class.php';
// If thumbnail doesn't exists yet and video thumbnail support is enabled, try to create one
// Get movie information
if ($movie = new YorshffmpegWrapper($phpGraphyNaming->getFileFullPath($previewpic))) {
// Calculate size of the thumb
$thumb_res = calculate_thumb_size($movie->getVideoResolution(), 1);
// Generate thumb from movie
if ($movie->extractFrameToJpeg($prfile, 1, $thumb_res)) {
trigger_error("DEBUG: Successfully generated thumbnail for movie '".$previewpic."'", DEBUG);
} else trigger_error('Failed to generate thumbnail for movie \''.$previewpic.'\'', ERROR);
} else trigger_error('Unable to gather information for movie \''.$previewpic.'\'', ERROR);
}
if (file_exists($prfile)) {
// There is a thumbnail, displaying it
header("Content-type: image/jpeg");
header('Content-Disposition: inline; filename="'.$phpGraphyNaming->getThumbName($previewpic).'"');
readfile($prfile);
exit;
} else {
// No thumbnail, displaying an icon instead
header("Content-type: ".$ft["mime"]);
readfile($base_images_dir.$ft["icon"]);
exit;
}
} else {
// Ok if we arrive here, we have some handled content but without thumbnail, displaying icon
header("Content-type: ".$ft["mime"]);
readfile($base_images_dir.$ft["icon"]);
exit;
}
} else {
// Unknow filetype, display a questionmark icon
header("Content-type: image/gif");
readfile($base_images_dir.'unknow_type.gif');
trigger_error("Can't display '".basename($previewpic)."', picture type not supported", FATAL);
exit;
}
// We should never trigger the following one
trigger_error('A fatal error has occured will trying to display a thumbnail', FATAL);
die;
}
// END - PREVIEWPIC
// New way to check security, if not allowed, to redirect to the login page
// Protection against unauthorized directory viewing
$url=SCRIPT_NAME.'?dir='.urlencode($dir).'&login=1';
if ((get_level($dir) > (int)$user_row["seclevel"]) && !$login) {
header("Location: ".$url);
exit;
}
// Protection against unauthorized picture viewing
$url=SCRIPT_NAME.'?display='.urlencode($display).'&login=1';
if ((get_level($display) > (int)$user_row["seclevel"]) && !$login) {
header("Location: ".$url);
exit;
}
/*************************************************
**** Main program (HTML output) *****
*************************************************/
if ($config['debug_mode'] >= 4) {
$error_handler->disableDisplay();
trigger_error('DEBUG: --MARK-- Main program - HTML output (Displaying Header)', DEBUG);
$error_handler->restoreDisplay();
}
if(!isset($rss)) {
include CURRENT_THEME_DIR.HEADER_FILE;
if ($admin && $config['debug_mode'] >= 2) echo '
';
}
include CURRENT_THEME_DIR.FOOTER_FILE;
exit;
}
// directory delete (recursive)
if($deldir && $dir && $admin) {
if (delete_dir($dir)) echo "".$txt_admin['Directory deleted successfully'].""; else printf("%s %s", $txt_admin['Problem while deleting this directory'], $txt_admin['(Please check errors msgs above, to resolve this you may have to delete (or change permissions) using your FTP access as it\'s very likely some pictures/directories belong to your FTP user.)']);
echo " ";
echo "
";
foreach($all_user_info as $user_id => $user) {
echo "
{$user['login']}
".str_pad(NULL, strlen($user['login']), "*")."
{$user['security_level']}
";
if ($user_row['login'] != $user['login']) echo "";
echo "
";
}
echo "
\n";
break;
}
}
include CURRENT_THEME_DIR.FOOTER_FILE;
exit;
}
// Configuration Editor Mode
if ($mode == 'config' && $admin) {
require INCLUDE_DIR."functions_config.inc.php";
if ($updateconfig) {
$config_validation = new ConfigYorshVariableValidation();
foreach ($_POST as $key => $value) {
if ($config_validation->check_var($key, $value)) {
// Because config variables are not recognized by the YorshVariableValidation systen
// We've to handle the quotes there
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Variable is valid
// Putting it in the array that will be passed to the write_ini function
$new_config[$key] = $value;
// Setting it for the running script
$config[$key] = $value;
} elseif ($config_validation->is_found($key)) {
// Variable has been recognized as an official config variable but the value is incorrect
$config_error[$key] = sprintf($txt_admin['Value for %s is incorrect'], $key);
} else {
// Variable not recognized not be there, discarding it
}
}
if (is_array($config_error)) {
$config_update_msg = '