2004-02-02 01:55:18 +01:00
|
|
|
<?php
|
2004-02-07 20:36:44 +01:00
|
|
|
// +-----------------------------------------------------------------------+
|
2004-02-12 00:20:38 +01:00
|
|
|
// | common.inc.php |
|
2004-02-07 20:36:44 +01:00
|
|
|
// +-----------------------------------------------------------------------+
|
|
|
|
|
// | application : PhpWebGallery <http://phpwebgallery.net> |
|
2004-02-12 00:20:38 +01:00
|
|
|
// | branch : BSF (Best So Far) |
|
2004-02-07 20:36:44 +01:00
|
|
|
// +-----------------------------------------------------------------------+
|
|
|
|
|
// | file : $RCSfile$
|
|
|
|
|
// | last update : $Date$
|
|
|
|
|
// | last modifier : $Author$
|
|
|
|
|
// | revision : $Revision$
|
|
|
|
|
// +-----------------------------------------------------------------------+
|
|
|
|
|
// | This program is free software; you can redistribute it and/or modify |
|
|
|
|
|
// | it under the terms of the GNU General Public License as published by |
|
|
|
|
|
// | the Free Software Foundation |
|
|
|
|
|
// | |
|
|
|
|
|
// | This program is distributed in the hope that it will be useful, but |
|
|
|
|
|
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
|
|
|
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
|
|
|
|
// | General Public License for more details. |
|
|
|
|
|
// | |
|
|
|
|
|
// | You should have received a copy of the GNU General Public License |
|
|
|
|
|
// | along with this program; if not, write to the Free Software |
|
|
|
|
|
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
|
|
|
|
|
// | USA. |
|
|
|
|
|
// +-----------------------------------------------------------------------+
|
2004-03-05 00:56:02 +01:00
|
|
|
|
2004-02-19 01:31:09 +01:00
|
|
|
if( !defined("PHPWG_ROOT_PATH") )
|
|
|
|
|
{
|
|
|
|
|
die ("Hacking attempt!");
|
|
|
|
|
}
|
|
|
|
|
// determine the initial instant to indicate the generation time of this page
|
2004-02-02 01:55:18 +01:00
|
|
|
$t1 = explode( ' ', microtime() );
|
|
|
|
|
$t2 = explode( '.', $t1[0] );
|
|
|
|
|
$t2 = $t1[1].'.'.$t2[1];
|
|
|
|
|
|
|
|
|
|
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
|
|
|
|
|
|
|
|
|
|
//
|
2004-02-11 23:31:08 +01:00
|
|
|
// addslashes to vars if magic_quotes_gpc is off this is a security
|
|
|
|
|
// precaution to prevent someone trying to break out of a SQL statement.
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
|
|
|
|
if( !get_magic_quotes_gpc() )
|
|
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array( $_GET ) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
while( list($k, $v) = each($_GET) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array($_GET[$k]) )
|
|
|
|
|
{
|
|
|
|
|
while( list($k2, $v2) = each($_GET[$k]) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
$_GET[$k][$k2] = addslashes($v2);
|
|
|
|
|
}
|
|
|
|
|
@reset($_GET[$k]);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$_GET[$k] = addslashes($v);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
@reset($_GET);
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
|
|
|
|
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array($_POST) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
while( list($k, $v) = each($_POST) )
|
|
|
|
|
{
|
|
|
|
|
if( is_array($_POST[$k]) )
|
|
|
|
|
{
|
|
|
|
|
while( list($k2, $v2) = each($_POST[$k]) )
|
|
|
|
|
{
|
|
|
|
|
$_POST[$k][$k2] = addslashes($v2);
|
|
|
|
|
}
|
|
|
|
|
@reset($_POST[$k]);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$_POST[$k] = addslashes($v);
|
|
|
|
|
}
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-11 23:31:08 +01:00
|
|
|
@reset($_POST);
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-02 01:55:18 +01:00
|
|
|
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array($_COOKIE) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
while( list($k, $v) = each($_COOKIE) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array($_COOKIE[$k]) )
|
|
|
|
|
{
|
|
|
|
|
while( list($k2, $v2) = each($_COOKIE[$k]) )
|
|
|
|
|
{
|
|
|
|
|
$_COOKIE[$k][$k2] = addslashes($v2);
|
|
|
|
|
}
|
|
|
|
|
@reset($_COOKIE[$k]);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$_COOKIE[$k] = addslashes($v);
|
|
|
|
|
}
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-11 23:31:08 +01:00
|
|
|
@reset($_COOKIE);
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//
|
2004-02-11 23:31:08 +01:00
|
|
|
// Define some basic configuration arrays this also prevents malicious
|
|
|
|
|
// rewriting of language and otherarray values via URI params
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
|
|
|
|
$conf = array();
|
|
|
|
|
$page = array();
|
|
|
|
|
$user = array();
|
|
|
|
|
$lang = array();
|
|
|
|
|
|
2004-02-19 01:31:09 +01:00
|
|
|
|
2004-02-20 20:07:43 +01:00
|
|
|
include(PHPWG_ROOT_PATH .'include/mysql.inc.php');
|
2004-02-02 01:55:18 +01:00
|
|
|
if( !defined("PHPWG_INSTALLED") )
|
|
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
header( 'Location: install.php' );
|
|
|
|
|
exit;
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
|
|
|
|
|
2004-02-19 01:31:09 +01:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/constants.php');
|
2004-02-20 20:07:43 +01:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/config.inc.php');
|
2004-02-19 01:31:09 +01:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
|
|
|
|
|
include(PHPWG_ROOT_PATH . 'include/template.php');
|
2004-02-02 01:55:18 +01:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Database connection
|
|
|
|
|
//
|
|
|
|
|
|
2004-02-20 20:07:43 +01:00
|
|
|
mysql_connect( $dbhost, $dbuser, $dbpasswd )
|
- in admin/configuration, add new step with "sections" (general, comments,
default, upload, metadata, sessions)
- admin/configuration.php and its template have been higly simplificated by
making things more generic : for example, for each configuration
parameter, its name must correspond to the name we find in the config
table and belongs to a section, in the lang array we find :
- $lang['conf_<section>_<param>']
- $lang['conf_<section>_<param>_info']
- $lang['conf_<section>_<param>_error'] optionnaly
- more described message when connection to database server is impossible
- redefinitions of get_languages and get_templates functions
- deletion of configuration parameters : webmaster, session_keyword
- rename of configuration parameters :
- default_lang => default_language
- default_style => default_template
git-svn-id: http://piwigo.org/svn/trunk@512 68402e56-0260-453c-a942-63ccdbb3a9ee
2004-09-03 17:01:05 +02:00
|
|
|
or die ( "Could not connect to database server" );
|
2004-02-20 20:07:43 +01:00
|
|
|
mysql_select_db( $dbname )
|
2004-02-11 23:31:08 +01:00
|
|
|
or die ( "Could not connect to database" );
|
2004-02-02 01:55:18 +01:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Obtain and encode users IP
|
|
|
|
|
//
|
2004-02-11 23:31:08 +01:00
|
|
|
if ( getenv( 'HTTP_X_FORWARDED_FOR' ) != '' )
|
2004-02-02 01:55:18 +01:00
|
|
|
{
|
2004-03-26 18:08:09 +01:00
|
|
|
$client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ?
|
|
|
|
|
$_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
|
2004-02-02 01:55:18 +01:00
|
|
|
|
2004-02-11 23:31:08 +01:00
|
|
|
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/",
|
|
|
|
|
getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2004-02-11 23:31:08 +01:00
|
|
|
$private_ip = array( '/^0\./'
|
|
|
|
|
,'/^127\.0\.0\.1/'
|
|
|
|
|
,'/^192\.168\..*/'
|
|
|
|
|
,'/^172\.16\..*/'
|
|
|
|
|
,'/^10.\.*/'
|
|
|
|
|
,'/^224.\.*/'
|
|
|
|
|
,'/^240.\.*/'
|
|
|
|
|
);
|
2004-02-07 12:50:26 +01:00
|
|
|
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
|
|
|
|
|
}
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2004-03-26 18:08:09 +01:00
|
|
|
$client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ?
|
|
|
|
|
$_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
2004-02-07 12:50:26 +01:00
|
|
|
$user_ip = encode_ip($client_ip);
|
2004-02-02 01:55:18 +01:00
|
|
|
|
|
|
|
|
//
|
2004-03-26 18:08:09 +01:00
|
|
|
// Setup gallery wide options, if this fails then we output a CRITICAL_ERROR
|
|
|
|
|
// since basic gallery information is not available
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
2004-03-05 00:56:02 +01:00
|
|
|
$query = 'SELECT param,value';
|
|
|
|
|
$query.= ' FROM '.CONFIG_TABLE;
|
|
|
|
|
$query.= ';';
|
|
|
|
|
if( !( $result = mysql_query( $query ) ) )
|
2004-02-02 01:55:18 +01:00
|
|
|
{
|
2004-02-07 12:50:26 +01:00
|
|
|
die("Could not query config information");
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
|
|
|
|
|
2004-03-05 00:56:02 +01:00
|
|
|
while ( $row =mysql_fetch_array( $result ) )
|
|
|
|
|
{
|
|
|
|
|
if ( isset( $row['value'] ) )
|
|
|
|
|
{
|
|
|
|
|
$conf[$row['param']] = $row['value'];
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$conf[$row['param']] = '';
|
|
|
|
|
}
|
|
|
|
|
// If the field is true or false, the variable is transformed into a
|
|
|
|
|
// boolean value.
|
|
|
|
|
if ( $conf[$row['param']] == 'true' or $conf[$row['param']] == 'false' )
|
2004-02-02 01:55:18 +01:00
|
|
|
{
|
2004-03-05 00:56:02 +01:00
|
|
|
$conf[$row['param']] = get_boolean( $conf[$row['param']] );
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//---------------
|
|
|
|
|
// A partir d'ici il faudra dispatcher le code dans d'autres fichiers
|
|
|
|
|
//---------------
|
|
|
|
|
|
2004-02-19 01:31:09 +01:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/user.inc.php');
|
2004-02-02 01:55:18 +01:00
|
|
|
|
|
|
|
|
// displaying the username in the language of the connected user, instead of
|
|
|
|
|
// "guest" as you can find in the database
|
|
|
|
|
if ( $user['is_the_guest'] ) $user['username'] = $lang['guest'];
|
|
|
|
|
define('PREFIX_TABLE', $table_prefix);
|
2004-02-12 00:20:38 +01:00
|
|
|
?>
|
