'; } // Set the log file path. define('LOGFILE', 'xp_publish.log'); // ------------------------------------------------------------------------- // // HTML template for the login screen $template_login = <<{ENTER_LOGIN_PSWD}

EOT; // HTML template for a successful login $template_login_success = <<< EOT

{WELCOME}

EOT; // HTML template for an unsuccessful login $template_login_failure = <<< EOT

{ERROR}

EOT; // HTML template for the select destination/create new album screen $template_select_album = <<{WELCOME}

{NO_ALBUM}

{UPLOAD}
{ALBUM}:

{CREATE_NEW}
{ALBUM}:
{CATEGORY}:

EOT; // HTML template for a successful album creation $template_create_album = <<{NEW_ALB_CREATED}

{CONTINUE}

EOT; // ------------------------------------------------------------------------- // // Simple die function (replace the cpg_die function that can't be used inside the wizard) function simple_die($msg_code, $msg_text, $error_file, $error_line, $output_buffer = false) { global $CONFIG, $lang_cpg_die; $msg = $lang_cpg_die[$msg_code] . ': ' . $msg_text; if (!$CONFIG['debug_mode']) { $msg .= '(' . $lang_cpg_die['file'] . ': ' . $error_file . ' / ' . $lang_cpg_die['line'] . ': ' . $error_line . ')'; } echo $msg; // If debug mode is active, write the output into a log file if (!$CONFIG['debug_mode']) { $ob = ob_get_contents(); fwrite(fopen(LOGFILE, 'w'), $ob); } exit; } // Quote a string in order to make a valid JavaScript string function javascript_string($str) { // replace \ with \\ and then ' with \'. $str = str_replace('\\', '\\\\', $str); $str = str_replace('\'', '\\\'', $str); return $str; } // Return the HTML code for the album list select box function html_album_list(&$alb_count) { global $CONFIG, $LINEBREAK; if (USER_IS_ADMIN) { $public_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title"); if (mysql_num_rows($public_albums)) { $public_albums_list = cpg_db_fetch_rowset($public_albums); } else { $public_albums_list = array(); } } else { $public_albums_list = array(); } if (USER_ID) { $user_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title"); if (mysql_num_rows($user_albums)) { $user_albums_list = cpg_db_fetch_rowset($user_albums); } else { $user_albums_list = array(); } } else { $user_albums_list = array(); } $alb_count = count($public_albums_list) + count($user_albums_list); $html = $LINEBREAK; foreach($user_albums_list as $album) { $html .= ' ' . $LINEBREAK; } foreach($public_albums_list as $album) { $html .= ' ' . $LINEBREAK; } return $html; } // Return the HTML code for the category list select box function html_cat_list() { global $CONFIG, $CAT_LIST; global $lang_albmgr_php; $CAT_LIST = array(); if (USER_CAN_CREATE_ALBUMS) $CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_albmgr_php['my_gallery']); $CAT_LIST[] = array(0, $lang_albmgr_php['no_category']); get_cat_data(); $html = $LINEBREAK; foreach($CAT_LIST as $category) { $html .= ' ' . $LINEBREAK; } return $html; } // Display information on how to use/install the wizard client function display_instructions() { global $lang_xp_publish_required, $lang_xp_publish_client, $lang_xp_publish_select, $lang_xp_publish_testing, $lang_xp_publish_notes, $lang_xp_publish_flood, $lang_xp_publish_php, $icon_array; global $CONFIG, $lang_charset, $lang_common, $lang_errors, $CPG_PHP_SELF; $publish_help = ' '.cpg_display_help('f=uploading_xp-publisher.htm&as=xp&ae=xp_end', '600', '600'); //$requirements_help = ' '.cpg_display_help('f=uploading_xp-publisher.htm&as=xp&ae=xp_end', '600', '600'); $install_help = ' '.cpg_display_help('f=uploading_xp-publisher.htm&as=xp_publish_setup&ae=xp_publish_setup_end', '450', '400'); $usage_help = ' '.cpg_display_help('f=uploading_xp-publisher.htm&as=xp_publish_upload&ae=xp_publish_upload_end', '600', '450'); $ok_icon = cpg_fetch_icon('ok', 0); $stop_icon = cpg_fetch_icon('stop', 0); $warning_icon = cpg_fetch_icon('warning', 0); pageheader($CONFIG['gallery_name'] . ' • ' . $lang_xp_publish_php['title']); starttable('100%' , $icon_array['xp'] . $lang_xp_publish_php['client_header'] . $publish_help, 1); print <<< EOT

{$lang_xp_publish_php['requirements']}

{$lang_xp_publish_php['windows_xp']}

{$ok_icon}{$lang_common['ok']} - {$lang_xp_publish_php['windows_xp']}

{$stop_icon}{$lang_xp_publish_php['no_windows_xp']}

{$warning_icon}{$lang_xp_publish_php['no_os_detect']}
{$lang_xp_publish_php['requirement_ie']}

{$ok_icon}{$lang_common['ok']} - {$lang_xp_publish_php['requirement_ie']}

{$stop_icon}{$lang_xp_publish_php['no_ie']}

{$warning_icon}{$lang_xp_publish_php['no_browser_detect']}
{$lang_xp_publish_php['requirement_http_upload']}
'.$stop_icon.$lang_xp_publish_php['no_gallery_name'].'
'.$stop_icon.$lang_xp_publish_php['no_gallery_description'].'
{$lang_xp_publish_php['requirement_permissions']}
{$lang_xp_publish_php['requirement_login']}

{$lang_xp_publish_php['howto_install']}{$install_help}

EOT; printf($lang_xp_publish_php['install_right_click'],''.cpg_fetch_icon('download',0), ''); print <<< EOT
{$lang_xp_publish_php['install_save']}
{$lang_xp_publish_php['install_execute']}

{$lang_xp_publish_php['usage']}{$usage_help}

{$lang_xp_publish_php['select_files']}
{$lang_xp_publish_php['display_tasks']}
{$lang_xp_publish_php['publish_on_the_web']}
{$lang_xp_publish_php['confirm_selection']}, {$lang_xp_publish_php['next']}
{$lang_xp_publish_php['select_service']}
{$lang_xp_publish_php['enter_login']}
{$lang_xp_publish_php['select_album']}, {$lang_xp_publish_php['next']}
{$lang_xp_publish_php['upload_starts']}
{$lang_xp_publish_php['upload_completed']}

EOT; endtable(); print <<< EOT EOT; pagefooter(); } // Output page header function output_header() { global $CONFIG; global $lang_charset, $lang_text_dir, $lang_xp_publish_php; if ($CONFIG['charset'] == 'language file') { $language = $lang_charset; } else { $language = $CONFIG['charset']; } print <<< EOT {$lang_xp_publish_php['title']} EOT; print '

'. $CONFIG['gallery_name'] .''; if ($CONFIG['gallery_description'] != '') { print ' • ' . $CONFIG['gallery_description']; } print '

'; print '

'. $lang_xp_publish_php['title'] . '

'; } // Output page footer function output_footer() { global $WIZARD_BUTTONS, $ONBACK_SCRIPT, $ONNEXT_SCRIPT; global $CONFIG, $CPG_PHP_SELF; $site_url = trim($CONFIG['site_url'], '/') . '/'; $gallery_name_javascript = javascript_string($CONFIG['gallery_name']); $gallery_description_javascript = javascript_string($CONFIG['gallery_description']); print <<< EOT

EOT; } // Send the file needed to register the service under Windows XP function send_reg_file() { global $CONFIG, $CPG_PHP_SELF, $LINEBREAK; //, $PHP_SELF; $superCage = Inspekt::makeSuperCage(); header("Content-Type: application/octet-stream"); $time_stamp = time(); header("Content-Disposition: attachment; filename=cpg_".$time_stamp.".reg"); // Come up with gallery name and description in iso8859-1 and utf-8 if ($CONFIG['charset'] == 'utf-8') { } else { } $name_iso = ''; $description_iso = ''; $name_utf = ''; $description_utf = ''; $lines[] = 'Windows Registry Editor Version 5.00'; $lines[] = '[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\PublishingWizard\Providers\\'. utf8_decode($CONFIG['gallery_name']) .']'; $lines[] = '"displayname"="' . $CONFIG['gallery_name'] . '"'; $lines[] = '"description"="' . $CONFIG['gallery_description'] . '"'; $lines[] = '"href"="' . trim($CONFIG['site_url'], '/') . '/' . $CPG_PHP_SELF . '?cmd=publish"'; $lines[] = '"icon"="' . trim($CONFIG['site_url'], '/') . '/' . 'favicon.ico"'; $lines[] = '[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\InternetPhotoprinting\providers\\' . utf8_decode($CONFIG['gallery_name'] .']'); print join($LINEBREAK, $lines); print $LINEBREAK; exit; } // Display the login page function form_login() { //global $PHP_SELF; global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_login; global $lang_login_php, $lang_xp_publish_php, $cpg_udb; global $CONFIG, $CPG_PHP_SELF; if (!method_exists($cpg_udb,'login')) { echo '

' . $lang_xp_publish_php['need_login'] . '

'; $ONNEXT_SCRIPT = ''; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'false,false,false'; return; } $params = array('{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $CPG_PHP_SELF . '?cmd=publish', '{ENTER_LOGIN_PSWD}' => $lang_login_php['enter_login_pswd'], '{USERNAME}' => $lang_login_php['username'], '{PASSWORD}' => $lang_login_php['password'], ); echo template_eval($template_login, $params); $ONNEXT_SCRIPT = 'login.submit();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,false'; } // Process login information function process_login() { global $CONFIG, $USER, $CPG_PHP_SELF; global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_login_success, $template_login_failure,$template_login; global $lang_login_php, $cpg_udb; $superCage = Inspekt::makeSuperCage(); $tt = 'worked'; if ($USER_DATA = $cpg_udb->login($superCage->post->getEscaped('username'), $superCage->post->getEscaped('password'))) { $USER['am'] = 1; user_save_profile(); $params = array('{WELCOME}' => sprintf($lang_login_php['welcome'], USER_NAME), '{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $CPG_PHP_SELF . '?cmd=publish', ); echo template_eval($template_login_success, $params); } else { $params = array('{ERROR}' => $lang_login_php['err_login'], '{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $CPG_PHP_SELF . '?cmd=publish', ); echo template_eval($template_login_failure, $params); } $ONNEXT_SCRIPT = 'dummy.submit();'; $ONBACK_SCRIPT = 'dummy.submit();'; $WIZARD_BUTTONS = 'true,true,false'; } // Display the form that allows to choose/create the destination album function form_publish() { global $CONFIG, $CAT_LIST, $CPG_PHP_SELF; global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_select_album; global $lang_xp_publish_php, $lang_common; $alb_count = 0; $html_album_list = html_album_list($alb_count); $html_cat_list = html_cat_list(); if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) { template_extract_block($template_select_album, 'existing_albums'); template_extract_block($template_select_album, 'create_album'); $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME), '{NO_ALBUM}' => $lang_xp_publish_php['no_alb'], ); echo template_eval($template_select_album, $params); $WIZARD_BUTTONS = "false,false,false"; } elseif (!$alb_count) { template_extract_block($template_select_album, 'no_album'); template_extract_block($template_select_album, 'existing_albums'); if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category'); $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME), '{CREATE_NEW}' => $lang_xp_publish_php['create_new'], '{ALBUM}' => $lang_common['album'], '{CATEGORY}' => $lang_xp_publish_php['category'], '{SELECT_CATEGORY}' => $html_cat_list, '{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $CPG_PHP_SELF . '?cmd=create_album', ); echo template_eval($template_select_album, $params); $ONNEXT_SCRIPT = 'create_alb();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,false'; } else { template_extract_block($template_select_album, 'no_album'); if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category'); $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME), '{UPLOAD}' => $lang_xp_publish_php['upload'], '{ALBUM}' => $lang_common['album'], '{SELECT_ALBUM}' => $html_album_list, '{CATEGORY}' => $lang_xp_publish_php['category'], '{SELECT_CATEGORY}' => $html_cat_list, '{CREATE_NEW}' => $lang_xp_publish_php['create_new'], '{POST_ACTION}' => trim($CONFIG['site_url'], '/') . '/' . $CPG_PHP_SELF . '?cmd=create_album', ); echo template_eval($template_select_album, $params); $ONNEXT_SCRIPT = 'create_alb_or_use_existing();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,false'; } } // Create a new album where pictures will be uploaded function create_album() { global $CONFIG; global $ONNEXT_SCRIPT, $ONBACK_SCRIPT, $WIZARD_BUTTONS; global $template_create_album; global $lang_errors, $lang_xp_publish_php; $superCage = Inspekt::makeSuperCage(); if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) { simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if (USER_IS_ADMIN) { $category = $superCage->post->getInt('cat'); } else { $category = FIRST_USER_CAT + USER_ID; } $user_id = USER_ID; $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos, description, owner) VALUES ('$category', '" . $superCage->post->getEscaped('new_alb_name') . "', 'NO', '0', '', $user_id)"; cpg_db_query($query); $new_alb_name = $superCage->post->getMatched('new_alb_name', '/^[0-9A-Za-z\/_]+$/'); $new_alb_name = $new_alb_name[1]; $params = array( '{NEW_ALB_CREATED}' => sprintf($lang_xp_publish_php['new_alb_created'], $new_alb_name), '{CONTINUE}' => $lang_xp_publish_php['continue'], '{ALBUM_ID}' => mysql_insert_id($CONFIG['LINK_ID']), ); echo template_eval($template_create_album, $params); $ONNEXT_SCRIPT = 'startUpload();'; $ONBACK_SCRIPT = 'window.external.FinalBack();'; $WIZARD_BUTTONS = 'true,true,true'; } // Add a picture function process_picture() { global $CONFIG, $IMG_TYPES; global $lang_db_input_php, $lang_errors; $superCage = Inspekt::makeSuperCage(); @unlink(LOGFILE); if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); //$album = (int)$_GET['album']; $album = $superCage->get->getInt('album'); $title = ''; $caption = ''; $keywords = ''; $user1 = ''; $user2 = ''; $user3 = ''; $user4 = ''; $position = 0; // Check if the album id provided is valid if (!USER_IS_ADMIN) { $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and category = '" . (USER_ID + FIRST_USER_CAT) . "'"); if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } else { $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album'"); if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } // Get position $result = cpg_db_query("SELECT position FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='$album' order by position desc"); if (mysql_num_rows($result) == 0) { $position = 100; } else { $row = mysql_fetch_array($result); mysql_free_result($result); if ($row['position']) { $position = $row['position']; $position++; } } // Test if the filename of the temporary uploaded picture is empty // if ($_FILES['userpicture']['tmp_name'] == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__); if ($superCage->files->getRaw('/userpicture/tmp_name') == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__); // Create destination directory for pictures if (USER_ID && $CONFIG['silly_safe_mode'] != 1) { if (USER_IS_ADMIN && ($category != (USER_ID + FIRST_USER_CAT))) { $filepath = 'wpw-' . date("Ymd"); } else { $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT); } $dest_dir = $CONFIG['fullpath'] . $filepath; if (!is_dir($dest_dir)) { mkdir($dest_dir, octdec($CONFIG['default_dir_mode'])); if (!is_dir($dest_dir)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true); chmod($dest_dir, octdec($CONFIG['default_dir_mode'])); $fp = fopen($dest_dir . '/index.php', 'w'); fwrite($fp, ' '); fclose($fp); } $dest_dir .= '/'; $filepath .= '/'; } else { $filepath = $CONFIG['userpics']; $dest_dir = $CONFIG['fullpath'] . $filepath; } // Check that target dir is writable if (!is_writable($dest_dir)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true); $matches = array(); //if (get_magic_quotes_gpc()) $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']); //using getRaw as it will be sanitized in the code below in the preg_match. {SaWey} $filename = $superCage->files->getRaw('/userpicture/name'); if (get_magic_quotes_gpc()){ $filename = stripslashes($filename); } // Replace forbidden chars with underscores //$picture_name = replace_forbidden($_FILES['userpicture']['name']); $picture_name = replace_forbidden($filename); // Check that the file uploaded has a valid extension if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } $uploaded_pic = $dest_dir . $picture_name; // Move the picture into its final location if (!move_uploaded_file($superCage->files->getRaw('/userpicture/tmp_name'), $uploaded_pic)) simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true); // Change file permission chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); // Check file size. Delete if it is excessive. if (filesize($uploaded_pic) > ($CONFIG['max_upl_size'] << 10)) { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__); } elseif (is_image($picture_name)) { // Get picture information $imginfo = getimagesize($uploaded_pic); // cpg_getimagesize does not recognize the file as a picture if ($imginfo == null) { @unlink($uploaded_pic); simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true); } // JPEG and PNG only are allowed with GD //if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) { if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $CONFIG['GIF_support'] == 0) { @unlink($uploaded_pic); simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true); } // Check that picture size (in pixels) is lower than the maximum allowed if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) { if ((USER_IS_ADMIN && $CONFIG['auto_resize'] == 1) || (!USER_IS_ADMIN && $CONFIG['auto_resize'] > 0)) //($CONFIG['auto_resize']==1) { //resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $imginfo[0] > $CONFIG['max_upl_width_height'] ? 'wd' : 'ht'); resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $CONFIG['thumb_use']); } else { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__); } } } // Create thumbnail and internediate image and add the image into the DB $result = add_picture($album, $filepath, $picture_name, $position, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category); if ($result !== true) { @unlink($uploaded_pic); simple_die(CRITICAL_ERROR, (isset($result['error'])) ? $result['error'] : sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '

' . $ERROR, __FILE__, __LINE__, true); } else { echo ("SUCCESS"); exit; } } // ------------------------------------------------------------------------- // if (USER_IS_ADMIN && !GALLERY_ADMIN_MODE) { $USER['am'] = 1; user_save_profile(); } //$cmd = empty($_GET['cmd']) ? '' : $_GET['cmd']; if ($superCage->get->keyExists('cmd')){ //no need to do a sanitization here, as this var is only used in the switch statement, //and it has a default operation if no match is found. {SaWey} $cmd = $superCage->get->getRaw('cmd'); } else{ $cmd = ''; } if (!USER_ID && $cmd && $cmd != 'send_reg') $cmd = 'login'; //if (!empty($_POST['username'])) $cmd = 'process_login'; if ($superCage->post->keyExists('username')) $cmd = 'process_login'; switch ($cmd) { case 'login' : output_header(); form_login(); output_footer(); break; case 'process_login' : output_header(); process_login(); output_footer(); break; case 'publish' : output_header(); form_publish(); output_footer(); break; case 'create_album' : output_header(); create_album(); output_footer(); break; case 'add_picture' : process_picture(); break; case 'send_reg' : send_reg_file(); break; default: display_instructions(); } // switch ?>

{USERNAME}:
{PASSWORD}: