/* PHPix photo album
* Copyright (C) 2001 Neale Pickett
* Copyright (C) 2000 Robert A. Holak
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
* 02111-1307 USA
*/
$productname = "PHPix2";
$version = "2.1";
include("config.inc");
## This is stuff they all need to do
preg_match("/(.*\/).*$/",$_SERVER['SCRIPT_FILENAME'],$matches);
chdir($matches[1]);
preg_match("/(.*\/).*$/",$_SERVER['SCRIPT_NAME'],$htmlmatches);
# set up the variables for user = use this way we can change the method of
# getting the user var and won't have to change the code much.
#variables:
# $scriptbase -> where the script is. (includes /)
# $realpixbase -> Where the pics are (includes /)
# $realdescbase -> Where the descs are (includes /)
# $userbase -> the user's public html dir (includes /)
# $htmlbase -> the scripts html base. (includes /)
# $htmluserbase -> the user's html base. (includes /)
# $username -> the username of the user we're accessing.
# $userstring -> how we pass on the username.
# $usercachebase -> Where in the cache the images are located.
# New Variable Structures
# Paths[] := Filesystem paths
# Config[] := Stuff that cannot be overridden
# Settings[] := Stuff that can be overridden
# Html[] := Paths for html files
# State[] := Stuff got from Request data
if (isset($_REQUEST['PHPSESSID'])) {
unset($_REQUEST['PHPSESSID']);
}
//$Paths = Array();
//$Paths['base'] = $matches[1];
//$Paths['pixbase'] = $Paths['base'].$pix_base."/";
//$Paths['descbase'] = $Paths['base'].$desc_base."/";
//$Paths['userbase'] = $Paths['base'];
$scriptbase = "$matches[1]";
$realpixbase = $scriptbase.$pix_base."/";
$realdescbase = $scriptbase.$desc_base."/";
$userbase = "$scriptbase";
//$Html = Array();
//$Html['base'] = $htmlmatches[1];
//$Html['userbase'] = $Html['base'];
//$Html['albumpath'] = $Html['base'].$Config['albumpath']
$htmlbase = "$htmlmatches[1]";
$htmluserbase = "$htmlmatches[1]";
$username = "";
$userstring = "";
$usercachebase = "";
if ($enable_users) {
$user = $_REQUEST['user'];
if ($user == '') {
if ($_SERVER['PATH_INFO'] != '') {
$user = substr($_SERVER['PATH_INFO'], 1);
}
}
if ($user != '') {
# Turn off error reporting, we don't care if the username doesn't exist
$error = error_reporting(0);
$userinfo = posix_getpwnam($user);
error_reporting($error);
if ($userinfo['uid'] > 100) {
$userbase = $userinfo['dir']."/".$public_html."/";
$realpixbase = $userbase.$pix_base."/";
$realdescbase = $userbase.$desc_base."/";
$htmluserbase = "/~${user}/";
$username = $user;
$userstring = "/${username}";
$usercachebase = "${username}/";
}
}
}
$mode = untaint($_REQUEST['mode']);
$dispsize = untaint($_REQUEST['dispsize']);
$start = untaint($_REQUEST['start']);
$album = untaint($_REQUEST['album']);
$pic = untaint($_REQUEST['pic']);
$picindex = untaint($_REQUEST['picindex']);
if ($dispsize == '') $dispsize = $default_size;
if ($start == '') $start = 0;
if (preg_match("/(^|\/)\.\.(\/|$)/", $album)) {
# Never attribute to malice what can be adequately explained by
# stupidity.
$album = "";
}
if (preg_match("/(^|\/)\.\.(\/|$)/", $pic)) {
$pic = "";
}
# Get a list of filenames
if (file_exists($realpixbase.$album)) {
$configoverride = FindFileDownPath($realpixbase.$album, ".config",
$realpixbase.$album);
if ($configoverride) {
include($configoverride);
}
$handle=opendir($realpixbase.$album);
while (($file = readdir($handle)) != '') {
if (!ereg("^\.", basename($file))) {
if (is_dir($realpixbase.$album."/".$file)) {
if (($file != ".") and ($file != "..")) {
$dirlist[] = $file;
}
} else {
if (($file != "style.css") && (! strstr($file, "__desc.txt"))) {
$filelist[] = $file;
}
}
}
}
$stylesheet = FindFileDownPath($realpixbase.$album, "style.css",
$realpixbase);
if ($userbase != "") {
$stylesheet = str_replace($userbase, "", $stylesheet);
# may be kludgy.
if ($stylesheet[0] == '/') {
$stylesheet = "";
}
}
if ($stylesheet != '') {
$stylesheet = $htmluserbase.urlencode_url($stylesheet);
}
}
if (is_array($dirlist)) { sort($dirlist); }
if (is_array($filelist)) {
sort($filelist);
$totalfiles = sizeof($filelist);
} else {
$totalfiles = 0;
}
$admin_mode = 0;
if ($enable_admin_mode) {
$adminUsers = $admin_user;
if ($mode == 'admin') {
if ($username != '') {
$adminUsers .= ',' + $username;
}
error_log("Users: $adminUsers");
check_pw($adminUsers, '');
// We'll only ever get here if the password was verified.
$admin_mode = 1;
// Change the file description
if (isset($_REQUEST['desc'])) {
if ($pic != '') {
$descfile = $realdescbase.$album."/${pic}__desc.txt";
} else {
$descfile = $realdescbase.$album."__desc.txt";
if (!file_exists($descfile)) {
$descfile = $realdescbase.$album."/__desc.txt";
}
}
if ($_REQUEST['desc'] == '') {
if (file_exists($descfile)) {
unlink($descfile);
}
} else {
$f = fopen($descfile, 'w');
fwrite($f, stripslashes($_REQUEST['desc']));
fclose($f);
unset($_REQUEST['desc']);
}
}
}
}
if ($enable_passwords && !$admin_mode) {
if ($user_required != '') {
check_pw($user_required, $pass_required);
}
}
function untaint($var) {
// Take out any characters that the shell could use against us.
return strtr($var, "`|;$*", " ");
}
function throw_auth_header()
{
header('WWW-Authenticate: Basic realm="PHPix 2"');
header('HTTP/1.0 401 Unauthorized');
print 'You need to authenticate to perform this action';
exit;
}
function check_pw($username, $password) {
global $password_file;
if (!isset($_SERVER['PHP_AUTH_USER']) ||
($username == '')) {
throw_auth_header();
} else {
if ($username == 'valid-user') {
$username = $_SERVER['PHP_AUTH_USER'];
} else {
$users = explode(",",$username);
if (is_array($users)) {
$users = array_map('trim', $users);
if (in_array($_SERVER['PHP_AUTH_USER'], $users)) {
$username = $_SERVER['PHP_AUTH_USER'];
} else {
throw_auth_header();
}
} else {
throw_auth_header();
}
}
if ($password == '') {
if ($password_file != '') {
$password_array = get_passwords($password_file);
$password = $password_array[$username];
if ($password == '') {
// Again, we want the system to fail out if the user does not
// exist.
throw_auth_header();
}
} else {
throw_auth_header();
}
} else {
// We don't care about the salt here, since it's only used for the
// compare in this function.
$password = crypt($password);
}
// At this point we have the right username, we just need to
// check the password.
if (crypt($_SERVER['PHP_AUTH_PW'], $password) != $password) {
throw_auth_header();
}
}
// If we reach here, the user is authenticated.
}
function get_passwords($filename)
{
$lines = file($filename);
foreach($lines as $line)
{
$array = explode(':',$line);
$user = $array[0];
$password = chop($array[1]);
$passwords[$user] = $password;
}
return $passwords;
}
function insert_modify_link($dir)
{
global $admin_mode;
global $enable_admin_mode;
if ($enable_admin_mode) {
$link = $_SERVER['PHP_SELF'];
if ($admin_mode) {
unset($_REQUEST['mode']);
$request = implode_with_keys('&', $_REQUEST, TRUE);
if ($request != '') {
$link .= "?".$request;
}
return "Exit Admin Mode";
} else {
if (is_writeable($dir)) {
$_REQUEST['mode'] = 'admin';
$request = implode_with_keys('&', $_REQUEST, TRUE);
if ($request != '') {
$link .= "?".$request;
}
return "Modify";
}
}
}
return '';
}
function implode_with_keys($glue, $array, $encode = FALSE) {
$output = array();
foreach( $array as $key => $item )
{
if ($encode) { $item = urlencode_url($item); }
$output[] = $key . "=" . $item;
}
return implode($glue, $output);
}
function FindFileDownPath($path, $filename, $stop) {
$filepath = $path;
$returned = "";
$stopped = 0;
while (($pos = strrpos($filepath, "/")) && !$stopped) {
# print "$pos - $filepath - $filename - $stop ";
if (file_exists($filepath."/".$filename)) {
$returned = $filepath."/".$filename;
$stopped = 1;
}
if ($filepath."/" == $stop) {
$stopped = 1;
# print "Stopped - $filepath - $stop ";
}
$filepath = substr($filepath, 0, $pos);
}
return $returned;
}
## Encode a string without escaping /
function urlencode_url($path) {
$parts = split("/", $path);
reset($parts);
while (list(, $dirname) = each($parts)) {
$url .= "/" . rawurlencode($dirname);
}
return substr($url, 1);
}
$colcounter = 0;
function MakeImgPath($album, $pic) {
global $realpixbase;
global $scriptbase;
if ($album == "##NONE##") {
return "$scriptbase/$pic";
} else {
return "$realpixbase/$album/$pic";
}
}
function DisplayImg2($href, $album, $pic, $dispsize, $desc=0, $class='body', $top_text='', $table = 1) {
global $colcounter;
global $display_cols;
global $imageview;
global $user;
global $htmlbase;
global $mode;
$width = 0;
$height = 0;
$image = MakeImgPath($album, $pic);
$error = error_reporting(0);
$srcsize = GetImageSize("$image");
error_reporting($error);
if ($srcsize[0]) {
$width = $srcsize[0];
$height = $srcsize[1];
} else {
$album="##NONE##";
$pic="";
$dispsize = 'Original';
}
if ($dispsize != 'Original') {
if ($width > $height) {
$new_width = $dispsize;
$new_height = ceil($dispsize * $height / $width);
} else {
$new_height = $dispsize;
$new_width = ceil($dispsize * $width / $height);
}
$width = $new_width;
$height = $new_height;
}
if ($table) {
if ($colcounter == $display_cols) {
print "
\n";
$colcounter += 1;
}
}
function PadTable($class="") {
global $colcounter;
global $display_cols;
global $thumb_size;
while ($colcounter != $display_cols) {
print "
\n";
print "\n";
print "
\n";
$colcounter += 1;
}
$colcounter = 0;
print "
\n";
}
# Checks directory existence along $pathname and create them as necessary
# Not sure if it's not over complicated
function checkdir($pathname) {
$darray = split("/",$pathname);
$chckdir = $darray[0];
for ($x=1; $x\n";
$output .= "