2004-02-02 01:55:18 +01:00
|
|
|
<?php
|
2004-02-07 20:36:44 +01:00
|
|
|
// +-----------------------------------------------------------------------+
|
2004-11-06 22:12:59 +01:00
|
|
|
// | PhpWebGallery - a PHP based picture gallery |
|
|
|
|
|
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
|
2006-03-10 21:17:18 +01:00
|
|
|
// | Copyright (C) 2003-2006 PhpWebGallery Team - http://phpwebgallery.net |
|
2004-02-07 20:36:44 +01:00
|
|
|
// +-----------------------------------------------------------------------+
|
2004-11-06 22:12:59 +01:00
|
|
|
// | branch : BSF (Best So Far)
|
2006-11-08 05:28:30 +01:00
|
|
|
// | file : $Id$
|
2004-02-07 20:36:44 +01:00
|
|
|
// | last update : $Date$
|
|
|
|
|
// | last modifier : $Author$
|
|
|
|
|
// | revision : $Revision$
|
|
|
|
|
// +-----------------------------------------------------------------------+
|
|
|
|
|
// | This program is free software; you can redistribute it and/or modify |
|
|
|
|
|
// | it under the terms of the GNU General Public License as published by |
|
|
|
|
|
// | the Free Software Foundation |
|
|
|
|
|
// | |
|
|
|
|
|
// | This program is distributed in the hope that it will be useful, but |
|
|
|
|
|
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
|
|
|
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
|
|
|
|
// | General Public License for more details. |
|
|
|
|
|
// | |
|
|
|
|
|
// | You should have received a copy of the GNU General Public License |
|
|
|
|
|
// | along with this program; if not, write to the Free Software |
|
|
|
|
|
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
|
|
|
|
|
// | USA. |
|
|
|
|
|
// +-----------------------------------------------------------------------+
|
2004-03-05 00:56:02 +01:00
|
|
|
|
2004-12-20 20:26:43 +01:00
|
|
|
if (!defined('PHPWG_ROOT_PATH'))
|
2004-02-19 01:31:09 +01:00
|
|
|
{
|
2004-12-20 20:26:43 +01:00
|
|
|
die('Hacking attempt!');
|
2004-02-19 01:31:09 +01:00
|
|
|
}
|
|
|
|
|
// determine the initial instant to indicate the generation time of this page
|
2004-02-02 01:55:18 +01:00
|
|
|
$t1 = explode( ' ', microtime() );
|
|
|
|
|
$t2 = explode( '.', $t1[0] );
|
|
|
|
|
$t2 = $t1[1].'.'.$t2[1];
|
|
|
|
|
|
|
|
|
|
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
|
|
|
|
|
|
|
|
|
|
//
|
2004-02-11 23:31:08 +01:00
|
|
|
// addslashes to vars if magic_quotes_gpc is off this is a security
|
|
|
|
|
// precaution to prevent someone trying to break out of a SQL statement.
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
|
|
|
|
if( !get_magic_quotes_gpc() )
|
|
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array( $_GET ) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
while( list($k, $v) = each($_GET) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array($_GET[$k]) )
|
|
|
|
|
{
|
|
|
|
|
while( list($k2, $v2) = each($_GET[$k]) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
$_GET[$k][$k2] = addslashes($v2);
|
|
|
|
|
}
|
|
|
|
|
@reset($_GET[$k]);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$_GET[$k] = addslashes($v);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
@reset($_GET);
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2006-03-22 02:01:47 +01:00
|
|
|
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array($_POST) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
while( list($k, $v) = each($_POST) )
|
|
|
|
|
{
|
|
|
|
|
if( is_array($_POST[$k]) )
|
|
|
|
|
{
|
|
|
|
|
while( list($k2, $v2) = each($_POST[$k]) )
|
|
|
|
|
{
|
|
|
|
|
$_POST[$k][$k2] = addslashes($v2);
|
|
|
|
|
}
|
|
|
|
|
@reset($_POST[$k]);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$_POST[$k] = addslashes($v);
|
|
|
|
|
}
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-11 23:31:08 +01:00
|
|
|
@reset($_POST);
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-02 01:55:18 +01:00
|
|
|
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array($_COOKIE) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
while( list($k, $v) = each($_COOKIE) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array($_COOKIE[$k]) )
|
|
|
|
|
{
|
|
|
|
|
while( list($k2, $v2) = each($_COOKIE[$k]) )
|
|
|
|
|
{
|
|
|
|
|
$_COOKIE[$k][$k2] = addslashes($v2);
|
|
|
|
|
}
|
|
|
|
|
@reset($_COOKIE[$k]);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$_COOKIE[$k] = addslashes($v);
|
|
|
|
|
}
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-11 23:31:08 +01:00
|
|
|
@reset($_COOKIE);
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
2004-02-11 23:31:08 +01:00
|
|
|
// Define some basic configuration arrays this also prevents malicious
|
|
|
|
|
// rewriting of language and otherarray values via URI params
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
|
|
|
|
$conf = array();
|
|
|
|
|
$page = array();
|
|
|
|
|
$user = array();
|
|
|
|
|
$lang = array();
|
2006-06-29 00:50:30 +02:00
|
|
|
$header_msgs = array();
|
2006-12-21 22:38:20 +01:00
|
|
|
$header_notes = array();
|
2004-02-19 01:31:09 +01:00
|
|
|
|
2005-04-25 17:41:56 +02:00
|
|
|
@include(PHPWG_ROOT_PATH .'include/mysql.inc.php');
|
2004-12-20 20:26:43 +01:00
|
|
|
if (!defined('PHPWG_INSTALLED'))
|
2004-02-02 01:55:18 +01:00
|
|
|
{
|
2004-12-20 20:26:43 +01:00
|
|
|
header('Location: install.php');
|
2004-02-11 23:31:08 +01:00
|
|
|
exit;
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
|
|
|
|
|
2005-04-26 00:11:57 +02:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
|
|
|
|
|
@include(PHPWG_ROOT_PATH. 'include/config_local.inc.php');
|
2005-08-08 22:52:19 +02:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/constants.php');
|
2004-02-19 01:31:09 +01:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
|
|
|
|
|
include(PHPWG_ROOT_PATH . 'include/template.php');
|
2004-02-02 01:55:18 +01:00
|
|
|
|
|
|
|
|
// Database connection
|
2005-01-09 00:32:25 +01:00
|
|
|
mysql_connect( $cfgHote, $cfgUser, $cfgPassword )
|
- in admin/configuration, add new step with "sections" (general, comments,
default, upload, metadata, sessions)
- admin/configuration.php and its template have been higly simplificated by
making things more generic : for example, for each configuration
parameter, its name must correspond to the name we find in the config
table and belongs to a section, in the lang array we find :
- $lang['conf_<section>_<param>']
- $lang['conf_<section>_<param>_info']
- $lang['conf_<section>_<param>_error'] optionnaly
- more described message when connection to database server is impossible
- redefinitions of get_languages and get_templates functions
- deletion of configuration parameters : webmaster, session_keyword
- rename of configuration parameters :
- default_lang => default_language
- default_style => default_template
git-svn-id: http://piwigo.org/svn/trunk@512 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-09-03 17:01:05 +02:00
|
|
|
or die ( "Could not connect to database server" );
|
2005-01-09 00:32:25 +01:00
|
|
|
mysql_select_db( $cfgBase )
|
2004-02-11 23:31:08 +01:00
|
|
|
or die ( "Could not connect to database" );
|
2005-11-24 22:37:29 +01:00
|
|
|
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
2004-03-26 18:08:09 +01:00
|
|
|
// Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
|
|
|
|
|
// since basic gallery information is not available
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
2006-04-27 23:08:50 +02:00
|
|
|
load_conf_from_db();
|
2006-12-14 01:58:57 +01:00
|
|
|
load_plugins();
|
2004-02-02 01:55:18 +01:00
|
|
|
|
2004-12-20 20:26:43 +01:00
|
|
|
include(PHPWG_ROOT_PATH.'include/user.inc.php');
|
2005-08-08 22:52:19 +02:00
|
|
|
|
2006-10-20 04:17:53 +02:00
|
|
|
|
2005-08-08 22:52:19 +02:00
|
|
|
// language files
|
2005-09-27 23:57:14 +02:00
|
|
|
include_once(get_language_filepath('common.lang.php'));
|
2005-08-08 22:52:19 +02:00
|
|
|
if (defined('IN_ADMIN') and IN_ADMIN)
|
|
|
|
|
{
|
2005-09-27 23:57:14 +02:00
|
|
|
include_once(get_language_filepath('admin.lang.php'));
|
2005-08-08 22:52:19 +02:00
|
|
|
}
|
|
|
|
|
|
2006-10-20 04:17:53 +02:00
|
|
|
// only now we can set the localized username of the guest user (and not in
|
|
|
|
|
// include/user.inc.php)
|
|
|
|
|
if ($user['is_the_guest'])
|
|
|
|
|
{
|
|
|
|
|
$user['username'] = $lang['guest'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// template instance
|
|
|
|
|
$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme'] );
|
|
|
|
|
|
2006-02-12 22:52:16 +01:00
|
|
|
if ($conf['gallery_locked'])
|
|
|
|
|
{
|
2006-10-20 04:17:53 +02:00
|
|
|
$header_msgs[] = $lang['gallery_locked_message'];
|
2006-02-12 22:52:16 +01:00
|
|
|
|
2006-10-20 04:17:53 +02:00
|
|
|
if ( basename($_SERVER["SCRIPT_FILENAME"]) != 'identification.php'
|
2006-03-09 00:14:53 +01:00
|
|
|
and !is_admin() )
|
2006-02-12 22:52:16 +01:00
|
|
|
{
|
2006-10-20 04:17:53 +02:00
|
|
|
//next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
|
|
|
|
|
$page['root_path'] = cookie_path();
|
|
|
|
|
echo $lang['gallery_locked_message']
|
|
|
|
|
.'<a href="'.get_root_url().'identification.php">.</a>';
|
2006-02-12 22:52:16 +01:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2006-10-20 04:17:53 +02:00
|
|
|
if ($user['is_the_guest'] and !$conf['guest_access']
|
|
|
|
|
and !in_array( basename($_SERVER['SCRIPT_FILENAME']),
|
|
|
|
|
array('identification.php',
|
|
|
|
|
'password.php',
|
|
|
|
|
'register.php'
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
)
|
2005-08-08 22:52:19 +02:00
|
|
|
{
|
2006-10-20 04:17:53 +02:00
|
|
|
//next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
|
|
|
|
|
$page['root_path'] = cookie_path();
|
|
|
|
|
redirect (get_root_url().'identification.php');
|
2005-08-08 22:52:19 +02:00
|
|
|
}
|
|
|
|
|
|
2006-10-20 04:17:53 +02:00
|
|
|
if ($conf['check_upgrade_feed']
|
|
|
|
|
and defined('PHPWG_IN_UPGRADE')
|
|
|
|
|
and PHPWG_IN_UPGRADE)
|
2006-06-22 21:21:56 +02:00
|
|
|
{
|
2006-10-26 05:35:20 +02:00
|
|
|
|
2006-10-20 04:17:53 +02:00
|
|
|
// retrieve already applied upgrades
|
|
|
|
|
$query = '
|
|
|
|
|
SELECT id
|
|
|
|
|
FROM '.UPGRADE_TABLE.'
|
|
|
|
|
;';
|
|
|
|
|
$applied = array_from_query($query, 'id');
|
2005-12-03 18:33:38 +01:00
|
|
|
|
2006-10-20 04:17:53 +02:00
|
|
|
// retrieve existing upgrades
|
|
|
|
|
$existing = get_available_upgrade_ids();
|
|
|
|
|
|
|
|
|
|
// which upgrades need to be applied?
|
|
|
|
|
if (count(array_diff($existing, $applied)) > 0)
|
|
|
|
|
{
|
|
|
|
|
//next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
|
|
|
|
|
$page['root_path'] = cookie_path();
|
|
|
|
|
$header_msgs[] = 'Some database upgrades are missing, '
|
|
|
|
|
.'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>';
|
|
|
|
|
}
|
|
|
|
|
}
|
2005-12-03 18:33:38 +01:00
|
|
|
|
2006-05-08 00:52:25 +02:00
|
|
|
if (is_adviser())
|
|
|
|
|
{
|
2006-06-29 00:50:30 +02:00
|
|
|
$header_msgs[] = $lang['adviser_mode_enabled'];
|
2006-05-08 00:52:25 +02:00
|
|
|
}
|
|
|
|
|
|
2006-06-29 00:50:30 +02:00
|
|
|
if (count($header_msgs) > 0)
|
2006-06-22 23:28:54 +02:00
|
|
|
{
|
2006-06-29 00:50:30 +02:00
|
|
|
$template->assign_block_vars('header_msgs',array());
|
|
|
|
|
foreach ($header_msgs as $header_msg)
|
2006-06-22 23:28:54 +02:00
|
|
|
{
|
2006-06-30 00:16:35 +02:00
|
|
|
$template->assign_block_vars('header_msgs.header_msg',
|
|
|
|
|
array('HEADER_MSG'=>$header_msg));
|
2006-06-22 23:28:54 +02:00
|
|
|
}
|
|
|
|
|
}
|
2006-11-08 05:28:30 +01:00
|
|
|
|
2006-12-21 22:38:20 +01:00
|
|
|
if (!defined('IN_ADMIN') or !IN_ADMIN)
|
|
|
|
|
{
|
|
|
|
|
include(PHPWG_ROOT_PATH.'include/functions_filter.inc.php');
|
|
|
|
|
include(PHPWG_ROOT_PATH.'include/filter.inc.php');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (isset($conf['header_notes']))
|
|
|
|
|
{
|
|
|
|
|
$header_notes = array_merge($header_notes, $conf['header_notes']);
|
|
|
|
|
}
|
|
|
|
|
|
2006-11-08 05:28:30 +01:00
|
|
|
// default event handlers
|
|
|
|
|
add_event_handler('render_comment_content', 'parse_comment_content');
|
|
|
|
|
trigger_action('init');
|
2006-10-20 04:17:53 +02:00
|
|
|
?>
|
