* Copyright (C) 2000 Robert A. Holak * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA * 02111-1307 USA */ $productname = "PHPix2"; $version = "2.1"; include("config.inc"); ## This is stuff they all need to do preg_match("/(.*\/).*$/",$_SERVER['SCRIPT_FILENAME'],$matches); chdir($matches[1]); preg_match("/(.*\/).*$/",$_SERVER['SCRIPT_NAME'],$htmlmatches); # set up the variables for user = use this way we can change the method of # getting the user var and won't have to change the code much. #variables: # $scriptbase -> where the script is. (includes /) # $realpixbase -> Where the pics are (includes /) # $realdescbase -> Where the descs are (includes /) # $userbase -> the user's public html dir (includes /) # $htmlbase -> the scripts html base. (includes /) # $htmluserbase -> the user's html base. (includes /) # $username -> the username of the user we're accessing. # $userstring -> how we pass on the username. # $usercachebase -> Where in the cache the images are located. # New Variable Structures # Paths[] := Filesystem paths # Config[] := Stuff that cannot be overridden # Settings[] := Stuff that can be overridden # Html[] := Paths for html files # State[] := Stuff got from Request data if (isset($_REQUEST['PHPSESSID'])) { unset($_REQUEST['PHPSESSID']); } //$Paths = Array(); //$Paths['base'] = $matches[1]; //$Paths['pixbase'] = $Paths['base'].$pix_base."/"; //$Paths['descbase'] = $Paths['base'].$desc_base."/"; //$Paths['userbase'] = $Paths['base']; $scriptbase = "$matches[1]"; $realpixbase = $scriptbase.$pix_base."/"; $realdescbase = $scriptbase.$desc_base."/"; $userbase = "$scriptbase"; //$Html = Array(); //$Html['base'] = $htmlmatches[1]; //$Html['userbase'] = $Html['base']; //$Html['albumpath'] = $Html['base'].$Config['albumpath'] $htmlbase = "$htmlmatches[1]"; $htmluserbase = "$htmlmatches[1]"; $username = ""; $userstring = ""; $usercachebase = ""; if ($enable_users) { $user = $_REQUEST['user']; if ($user == '') { if ($_SERVER['PATH_INFO'] != '') { $user = substr($_SERVER['PATH_INFO'], 1); } } if ($user != '') { # Turn off error reporting, we don't care if the username doesn't exist $error = error_reporting(0); $userinfo = posix_getpwnam($user); error_reporting($error); if ($userinfo['uid'] > 100) { $userbase = $userinfo['dir']."/".$public_html."/"; $realpixbase = $userbase.$pix_base."/"; $realdescbase = $userbase.$desc_base."/"; $htmluserbase = "/~${user}/"; $username = $user; $userstring = "/${username}"; $usercachebase = "${username}/"; } } } $mode = untaint($_REQUEST['mode']); $dispsize = untaint($_REQUEST['dispsize']); $start = untaint($_REQUEST['start']); $album = untaint($_REQUEST['album']); $pic = untaint($_REQUEST['pic']); $picindex = untaint($_REQUEST['picindex']); if ($dispsize == '') $dispsize = $default_size; if ($start == '') $start = 0; if (preg_match("/(^|\/)\.\.(\/|$)/", $album)) { # Never attribute to malice what can be adequately explained by # stupidity. $album = ""; } if (preg_match("/(^|\/)\.\.(\/|$)/", $pic)) { $pic = ""; } # Get a list of filenames if (file_exists($realpixbase.$album)) { $configoverride = FindFileDownPath($realpixbase.$album, ".config", $realpixbase.$album); if ($configoverride) { include($configoverride); } $handle=opendir($realpixbase.$album); while (($file = readdir($handle)) != '') { if (!ereg("^\.", basename($file))) { if (is_dir($realpixbase.$album."/".$file)) { if (($file != ".") and ($file != "..")) { $dirlist[] = $file; } } else { if (($file != "style.css") && (! strstr($file, "__desc.txt"))) { $filelist[] = $file; } } } } $stylesheet = FindFileDownPath($realpixbase.$album, "style.css", $realpixbase); if ($userbase != "") { $stylesheet = str_replace($userbase, "", $stylesheet); # may be kludgy. if ($stylesheet[0] == '/') { $stylesheet = ""; } } if ($stylesheet != '') { $stylesheet = $htmluserbase.urlencode_url($stylesheet); } } if (is_array($dirlist)) { sort($dirlist); } if (is_array($filelist)) { sort($filelist); $totalfiles = sizeof($filelist); } else { $totalfiles = 0; } $admin_mode = 0; if ($enable_admin_mode) { $adminUsers = $admin_user; if ($mode == 'admin') { if ($username != '') { $adminUsers .= ',' + $username; } error_log("Users: $adminUsers"); check_pw($adminUsers, ''); // We'll only ever get here if the password was verified. $admin_mode = 1; // Change the file description if (isset($_REQUEST['desc'])) { if ($pic != '') { $descfile = $realdescbase.$album."/${pic}__desc.txt"; } else { $descfile = $realdescbase.$album."__desc.txt"; if (!file_exists($descfile)) { $descfile = $realdescbase.$album."/__desc.txt"; } } if ($_REQUEST['desc'] == '') { if (file_exists($descfile)) { unlink($descfile); } } else { $f = fopen($descfile, 'w'); fwrite($f, stripslashes($_REQUEST['desc'])); fclose($f); unset($_REQUEST['desc']); } } } } if ($enable_passwords && !$admin_mode) { if ($user_required != '') { check_pw($user_required, $pass_required); } } function untaint($var) { // Take out any characters that the shell could use against us. return strtr($var, "`|;$*", " "); } function throw_auth_header() { header('WWW-Authenticate: Basic realm="PHPix 2"'); header('HTTP/1.0 401 Unauthorized'); print 'You need to authenticate to perform this action'; exit; } function check_pw($username, $password) { global $password_file; if (!isset($_SERVER['PHP_AUTH_USER']) || ($username == '')) { throw_auth_header(); } else { if ($username == 'valid-user') { $username = $_SERVER['PHP_AUTH_USER']; } else { $users = explode(",",$username); if (is_array($users)) { $users = array_map('trim', $users); if (in_array($_SERVER['PHP_AUTH_USER'], $users)) { $username = $_SERVER['PHP_AUTH_USER']; } else { throw_auth_header(); } } else { throw_auth_header(); } } if ($password == '') { if ($password_file != '') { $password_array = get_passwords($password_file); $password = $password_array[$username]; if ($password == '') { // Again, we want the system to fail out if the user does not // exist. throw_auth_header(); } } else { throw_auth_header(); } } else { // We don't care about the salt here, since it's only used for the // compare in this function. $password = crypt($password); } // At this point we have the right username, we just need to // check the password. if (crypt($_SERVER['PHP_AUTH_PW'], $password) != $password) { throw_auth_header(); } } // If we reach here, the user is authenticated. } function get_passwords($filename) { $lines = file($filename); foreach($lines as $line) { $array = explode(':',$line); $user = $array[0]; $password = chop($array[1]); $passwords[$user] = $password; } return $passwords; } function insert_modify_link($dir) { global $admin_mode; global $enable_admin_mode; if ($enable_admin_mode) { $link = $_SERVER['PHP_SELF']; if ($admin_mode) { unset($_REQUEST['mode']); $request = implode_with_keys('&', $_REQUEST, TRUE); if ($request != '') { $link .= "?".$request; } return "Exit Admin Mode"; } else { if (is_writeable($dir)) { $_REQUEST['mode'] = 'admin'; $request = implode_with_keys('&', $_REQUEST, TRUE); if ($request != '') { $link .= "?".$request; } return "Modify"; } } } return ''; } function implode_with_keys($glue, $array, $encode = FALSE) { $output = array(); foreach( $array as $key => $item ) { if ($encode) { $item = urlencode_url($item); } $output[] = $key . "=" . $item; } return implode($glue, $output); } function FindFileDownPath($path, $filename, $stop) { $filepath = $path; $returned = ""; $stopped = 0; while (($pos = strrpos($filepath, "/")) && !$stopped) { # print "$pos - $filepath - $filename - $stop
"; if (file_exists($filepath."/".$filename)) { $returned = $filepath."/".$filename; $stopped = 1; } if ($filepath."/" == $stop) { $stopped = 1; # print "Stopped - $filepath - $stop
"; } $filepath = substr($filepath, 0, $pos); } return $returned; } ## Encode a string without escaping / function urlencode_url($path) { $parts = split("/", $path); reset($parts); while (list(, $dirname) = each($parts)) { $url .= "/" . rawurlencode($dirname); } return substr($url, 1); } $colcounter = 0; function MakeImgPath($album, $pic) { global $realpixbase; global $scriptbase; if ($album == "##NONE##") { return "$scriptbase/$pic"; } else { return "$realpixbase/$album/$pic"; } } function DisplayImg2($href, $album, $pic, $dispsize, $desc=0, $class='body', $top_text='', $table = 1) { global $colcounter; global $display_cols; global $imageview; global $user; global $htmlbase; global $mode; $width = 0; $height = 0; $image = MakeImgPath($album, $pic); $error = error_reporting(0); $srcsize = GetImageSize("$image"); error_reporting($error); if ($srcsize[0]) { $width = $srcsize[0]; $height = $srcsize[1]; } else { $album="##NONE##"; $pic=""; $dispsize = 'Original'; } if ($dispsize != 'Original') { if ($width > $height) { $new_width = $dispsize; $new_height = ceil($dispsize * $height / $width); } else { $new_height = $dispsize; $new_width = ceil($dispsize * $width / $height); } $width = $new_width; $height = $new_height; } if ($table) { if ($colcounter == $display_cols) { print "\n"; $colcounter = 0; } print "\n"; } if ($top_text) { if ($href) { print ""; } print $top_text; if ($href) { print "\n"; } print "
\n"; } if ($href) { print ""; } if ($pic != ""){ print "" . htmlentities($desc,ENT_QUOTES) . " $album, 'dispsize' => $dispsize, 'user' => $user, 'pic' => $pic, 'width' => $width, 'height' => $height, 'mode' => $mode ); print " src='$htmlbase$imageview?" . MakeQueryString($arr) . "'>"; } if ($href) { print "\n"; } if ($desc) { print "
\n"; if ($href) { print ""; } print htmlentities($desc,ENT_QUOTES); if ($href) { print "\n"; } } if ($table) { print "\n"; $colcounter += 1; } } function PadTable($class="") { global $colcounter; global $display_cols; global $thumb_size; while ($colcounter != $display_cols) { print "\n"; print "\n"; print "\n"; $colcounter += 1; } $colcounter = 0; print "\n"; } # Checks directory existence along $pathname and create them as necessary # Not sure if it's not over complicated function checkdir($pathname) { $darray = split("/",$pathname); $chckdir = $darray[0]; for ($x=1; $x\n"; $output .= "

\n"; $output .= "\n"; foreach ($_REQUEST as $key => $value) { $output .= "\n"; } $output .= "\n"; $output .= "
\n"; $output .= "\n"; return $output; } function NavBar($mode,$path,$start) { $endpoint = basename($path); global $dispsize; global $sitehome; global $albumpath; global $show_albums; global $userstring; global $htmlbase; if ($sitehome != '') { print "Home\n"; } if ($show_albums != 0) { if ($sitehome != '') { print " > "; } $arr = AlbumArray(); $arr['album'] = ''; print MakeLink($albumpath, "Albums", MakeQueryString($arr), 'navbar', 'albums') . "\n"; } $doo = split("/",$path); $prepath = ''; $st = 0; while (list($foo,$filename) = each($doo)) { if ($filename) { if ($prepath) { $fullname = $prepath . "/" . $filename; } else { $fullname = $filename; } print " > "; if ($filename == $endpoint) { print ""; $st = $start; } $arr = AlbumArray($st); $arr['album'] = $fullname; print MakeLink($albumpath, $filename, MakeQueryString($arr), 'navbar', 'dir'); if ($filename == $endpoint) { print ""; } print "\n"; $prepath = $fullname; } } } function MakeLink($file, $text, $querystr, $class='', $id='') { global $htmlbase; global $userstring; $link = ""; return $link; } function AlbumArray($st = 0) { global $album; global $mode; global $dispsize; $array = array( 'album' => $album, 'mode' => $mode, 'dispsize' => $dispsize, 'start' => $st ); return $array; } function MakeQueryString($array) { global $default_size; if (isset($array['album']) && ($array['album'] == '')) { unset($array['album']); } if (isset($array['dispsize']) && ($array['dispsize'] == $default_size)) { unset($array['dispsize']); } if (isset($array['start']) && ($array['start'] == 0)) { unset($array['start']); } if (isset($array['mode']) && ($array['mode'] == '')) { unset($array['mode']); } return implode_with_keys('&', $array, TRUE); } function StandardLinks($mode,$path,$start,$picindex="") { $endpoint = basename("/" . $path); global $dispsize; global $sitehome; global $albumpath; global $show_albums; global $userstring; global $htmlbase; global $filelist; global $viewpath; global $items_per_page; global $totalfiles; if ($sitehome != '') { print "\n"; } if ($show_albums != 0) { print "\n"; } if ($mode == "view") { print "\n"; $start_url = $htmlbase.$viewpath.$userstring."?album=" . urlencode($path) . "&pic=" . urlencode($filelist[0]) . "&dispsize=$dispsize&start=$start&picindex=0"; print "\n"; if ($filelist[($picindex-1)]) { $prev_url = $htmlbase.$viewpath.$userstring."?album=" . urlencode($path) . "&pic=" . urlencode($filelist[$picindex-1]) . "&dispsize=$dispsize&start=$start&picindex=" . ($picindex - 1); print "\n"; } if ($filelist[($picindex+1)]) { $next_url = $htmlbase.$viewpath.$userstring."?album=" . urlencode($path) . "&pic=" . urlencode($filelist[$picindex+1]) . "&dispsize=$dispsize&start=$start&picindex=" . ($picindex + 1); print "\n"; } $end_url = $htmlbase.$viewpath.$userstring."?album=" . urlencode($path) . "&pic=" . urlencode($filelist[$totalfiles-1]) . "&dispsize=$dispsize&start=$start&picindex=" . ($totalfiles - 1); print "\n"; } else { if ($endpoint == $path) { print "\n"; } else { print "\n"; } $thisbase = $htmlbase.$albumpath.$userstring."?album=" . urlencode($path) . "&dispsize=$dispsize"; print "\n"; if ($start > 0) { print "\n"; } # XXX: Gah, hack, bleh. for ($x = $start; $x < $start + $items_per_page and $filelist[$x]; $x++); if ($totalfiles > $x) { print "\n"; } print "\n"; } } ?> \n"; } else { print "\n"; } StandardLinks("view",$album,$start,$picindex); ?> \n"; } else { print "
\n"; } ?>