2004-02-02 01:55:18 +01:00
|
|
|
<?php
|
2004-02-07 20:36:44 +01:00
|
|
|
// +-----------------------------------------------------------------------+
|
2011-01-18 01:02:52 +01:00
|
|
|
// | Piwigo - a PHP based photo gallery |
|
2008-04-05 00:57:23 +02:00
|
|
|
// +-----------------------------------------------------------------------+
|
2014-01-05 01:19:25 +01:00
|
|
|
// | Copyright(C) 2008-2014 Piwigo Team http://piwigo.org |
|
2008-04-05 00:57:23 +02:00
|
|
|
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
|
|
|
|
|
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
|
|
|
|
|
// +-----------------------------------------------------------------------+
|
|
|
|
|
// | This program is free software; you can redistribute it and/or modify |
|
|
|
|
|
// | it under the terms of the GNU General Public License as published by |
|
2004-02-07 20:36:44 +01:00
|
|
|
// | the Free Software Foundation |
|
|
|
|
|
// | |
|
|
|
|
|
// | This program is distributed in the hope that it will be useful, but |
|
|
|
|
|
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
|
|
|
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
|
|
|
|
// | General Public License for more details. |
|
|
|
|
|
// | |
|
|
|
|
|
// | You should have received a copy of the GNU General Public License |
|
|
|
|
|
// | along with this program; if not, write to the Free Software |
|
|
|
|
|
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
|
|
|
|
|
// | USA. |
|
|
|
|
|
// +-----------------------------------------------------------------------+
|
2004-03-05 00:56:02 +01:00
|
|
|
|
2008-09-05 03:24:01 +02:00
|
|
|
defined('PHPWG_ROOT_PATH') or trigger_error('Hacking attempt!', E_USER_ERROR);
|
|
|
|
|
|
2004-02-19 01:31:09 +01:00
|
|
|
// determine the initial instant to indicate the generation time of this page
|
2012-01-17 22:58:18 +01:00
|
|
|
$t2 = microtime(true);
|
2004-02-02 01:55:18 +01:00
|
|
|
|
2009-08-17 18:21:09 +02:00
|
|
|
@set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
|
2004-02-02 01:55:18 +01:00
|
|
|
|
|
|
|
|
//
|
2004-02-11 23:31:08 +01:00
|
|
|
// addslashes to vars if magic_quotes_gpc is off this is a security
|
|
|
|
|
// precaution to prevent someone trying to break out of a SQL statement.
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
2009-10-09 16:41:30 +02:00
|
|
|
if( !@get_magic_quotes_gpc() )
|
2004-02-02 01:55:18 +01:00
|
|
|
{
|
2008-10-18 02:45:45 +02:00
|
|
|
function sanitize_mysql_kv(&$v, $k)
|
|
|
|
|
{
|
|
|
|
|
$v = addslashes($v);
|
|
|
|
|
}
|
2004-02-11 23:31:08 +01:00
|
|
|
if( is_array( $_GET ) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2008-10-18 02:45:45 +02:00
|
|
|
array_walk_recursive( $_GET, 'sanitize_mysql_kv' );
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2008-10-18 02:45:45 +02:00
|
|
|
if( is_array( $_POST ) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2008-10-18 02:45:45 +02:00
|
|
|
array_walk_recursive( $_POST, 'sanitize_mysql_kv' );
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2008-10-18 02:45:45 +02:00
|
|
|
if( is_array( $_COOKIE ) )
|
2004-02-07 12:50:26 +01:00
|
|
|
{
|
2008-10-18 02:45:45 +02:00
|
|
|
array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' );
|
2004-02-07 12:50:26 +01:00
|
|
|
}
|
2004-02-02 01:55:18 +01:00
|
|
|
}
|
2008-08-23 03:18:13 +02:00
|
|
|
if ( !empty($_SERVER["PATH_INFO"]) )
|
|
|
|
|
{
|
|
|
|
|
$_SERVER["PATH_INFO"] = addslashes($_SERVER["PATH_INFO"]);
|
|
|
|
|
}
|
2004-02-02 01:55:18 +01:00
|
|
|
|
|
|
|
|
//
|
2004-02-11 23:31:08 +01:00
|
|
|
// Define some basic configuration arrays this also prevents malicious
|
|
|
|
|
// rewriting of language and otherarray values via URI params
|
2004-02-02 01:55:18 +01:00
|
|
|
//
|
|
|
|
|
$conf = array();
|
2011-12-18 22:46:24 +01:00
|
|
|
$page = array(
|
|
|
|
|
'infos' => array(),
|
|
|
|
|
'errors' => array(),
|
2012-10-04 18:03:25 +02:00
|
|
|
'warnings' => array(),
|
2011-12-18 22:46:24 +01:00
|
|
|
);
|
2004-02-02 01:55:18 +01:00
|
|
|
$user = array();
|
|
|
|
|
$lang = array();
|
2006-06-29 00:50:30 +02:00
|
|
|
$header_msgs = array();
|
2006-12-21 22:38:20 +01:00
|
|
|
$header_notes = array();
|
2007-09-30 00:36:00 +02:00
|
|
|
$filter = array();
|
2004-02-19 01:31:09 +01:00
|
|
|
|
2007-01-23 02:22:52 +01:00
|
|
|
foreach( array(
|
|
|
|
|
) as $func)
|
|
|
|
|
{
|
|
|
|
|
if (!function_exists($func))
|
|
|
|
|
{
|
|
|
|
|
include_once(PHPWG_ROOT_PATH . 'include/php_compat/'.$func.'.php');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-26 00:11:57 +02:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
|
2010-03-21 14:31:20 +01:00
|
|
|
@include(PHPWG_ROOT_PATH. 'local/config/config.inc.php');
|
2011-12-29 06:48:16 +01:00
|
|
|
|
2011-12-19 21:25:42 +01:00
|
|
|
defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/');
|
2011-07-01 15:19:35 +02:00
|
|
|
|
2011-12-19 21:25:42 +01:00
|
|
|
@include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php');
|
|
|
|
|
if (!defined('PHPWG_INSTALLED'))
|
2011-07-01 15:19:35 +02:00
|
|
|
{
|
2011-12-19 21:25:42 +01:00
|
|
|
header('Location: install.php');
|
|
|
|
|
exit;
|
2011-07-01 15:19:35 +02:00
|
|
|
}
|
2009-11-29 13:35:19 +01:00
|
|
|
include(PHPWG_ROOT_PATH .'include/dblayer/functions_'.$conf['dblayer'].'.inc.php');
|
2008-11-10 11:15:04 +01:00
|
|
|
|
|
|
|
|
if(isset($conf['show_php_errors']) && !empty($conf['show_php_errors']))
|
|
|
|
|
{
|
2008-12-28 15:23:22 +01:00
|
|
|
@ini_set('error_reporting', $conf['show_php_errors']);
|
|
|
|
|
@ini_set('display_errors', true);
|
2008-11-10 11:15:04 +01:00
|
|
|
}
|
|
|
|
|
|
2005-08-08 22:52:19 +02:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/constants.php');
|
2004-02-19 01:31:09 +01:00
|
|
|
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
|
2012-01-17 22:58:18 +01:00
|
|
|
|
2014-05-11 10:26:41 +02:00
|
|
|
$persistent_cache = new PersistentFileCache();
|
2004-02-02 01:55:18 +01:00
|
|
|
|
|
|
|
|
// Database connection
|
2010-03-21 23:51:36 +01:00
|
|
|
try
|
|
|
|
|
{
|
2013-02-12 12:06:00 +01:00
|
|
|
pwg_db_connect($conf['db_host'], $conf['db_user'],
|
|
|
|
|
$conf['db_password'], $conf['db_base']);
|
2010-03-21 23:51:36 +01:00
|
|
|
}
|
|
|
|
|
catch (Exception $e)
|
|
|
|
|
{
|
2010-06-12 11:55:41 +02:00
|
|
|
my_error(l10n($e->getMessage()), true);
|
2010-03-21 23:51:36 +01:00
|
|
|
}
|
2005-11-24 22:37:29 +01:00
|
|
|
|
2009-11-20 15:17:04 +01:00
|
|
|
pwg_db_check_charset();
|
2007-10-09 03:43:29 +02:00
|
|
|
|
2006-04-27 23:08:50 +02:00
|
|
|
load_conf_from_db();
|
2011-06-26 00:03:12 +02:00
|
|
|
|
|
|
|
|
if (!$conf['check_upgrade_feed'])
|
|
|
|
|
{
|
|
|
|
|
if (!isset($conf['piwigo_db_version']) or $conf['piwigo_db_version'] != get_branch_from_version(PHPWG_VERSION))
|
|
|
|
|
{
|
|
|
|
|
redirect(get_root_url().'upgrade.php');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-12-27 06:26:44 +01:00
|
|
|
ImageStdParams::load_from_db();
|
|
|
|
|
|
2013-02-07 06:43:44 +01:00
|
|
|
session_start();
|
2006-12-14 01:58:57 +01:00
|
|
|
load_plugins();
|
2004-02-02 01:55:18 +01:00
|
|
|
|
2011-07-01 15:19:35 +02:00
|
|
|
// users can have defined a custom order pattern, incompatible with GUI form
|
|
|
|
|
if (isset($conf['order_by_custom']))
|
|
|
|
|
{
|
|
|
|
|
$conf['order_by'] = $conf['order_by_custom'];
|
|
|
|
|
}
|
|
|
|
|
if (isset($conf['order_by_inside_category_custom']))
|
|
|
|
|
{
|
|
|
|
|
$conf['order_by_inside_category'] = $conf['order_by_inside_category_custom'];
|
|
|
|
|
}
|
|
|
|
|
|
2004-12-20 20:26:43 +01:00
|
|
|
include(PHPWG_ROOT_PATH.'include/user.inc.php');
|
2005-08-08 22:52:19 +02:00
|
|
|
|
2013-03-03 23:24:15 +01:00
|
|
|
if (in_array( substr($user['language'],0,2), array('fr','it','de','es','pl','hu','ru','nl','tr','da') ) )
|
2010-03-18 15:30:04 +01:00
|
|
|
{
|
|
|
|
|
define('PHPWG_DOMAIN', substr($user['language'],0,2).'.piwigo.org');
|
2010-02-01 19:53:59 +01:00
|
|
|
}
|
2010-03-18 15:30:04 +01:00
|
|
|
elseif ('zh_CN' == $user['language']) {
|
2010-02-01 19:53:59 +01:00
|
|
|
define('PHPWG_DOMAIN', 'cn.piwigo.org');
|
|
|
|
|
}
|
2013-05-09 14:24:30 +02:00
|
|
|
elseif ('pt_BR' == $user['language']) {
|
|
|
|
|
define('PHPWG_DOMAIN', 'br.piwigo.org');
|
|
|
|
|
}
|
2009-03-14 00:43:50 +01:00
|
|
|
else {
|
|
|
|
|
define('PHPWG_DOMAIN', 'piwigo.org');
|
|
|
|
|
}
|
|
|
|
|
define('PHPWG_URL', 'http://'.PHPWG_DOMAIN);
|
2010-10-30 17:07:18 +02:00
|
|
|
|
|
|
|
|
if(isset($conf['alternative_pem_url']) and $conf['alternative_pem_url']!='')
|
|
|
|
|
{
|
|
|
|
|
define('PEM_URL', $conf['alternative_pem_url']);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
define('PEM_URL', 'http://'.PHPWG_DOMAIN.'/ext');
|
|
|
|
|
}
|
2006-10-20 04:17:53 +02:00
|
|
|
|
2005-08-08 22:52:19 +02:00
|
|
|
// language files
|
2007-10-09 01:46:09 +02:00
|
|
|
load_language('common.lang');
|
2008-07-02 03:11:26 +02:00
|
|
|
if ( is_admin() || (defined('IN_ADMIN') and IN_ADMIN) )
|
2005-08-08 22:52:19 +02:00
|
|
|
{
|
2007-10-09 01:46:09 +02:00
|
|
|
load_language('admin.lang');
|
2005-08-08 22:52:19 +02:00
|
|
|
}
|
2007-01-08 01:16:10 +01:00
|
|
|
trigger_action('loading_lang');
|
2011-01-17 19:48:13 +01:00
|
|
|
load_language('lang', PHPWG_ROOT_PATH.PWG_LOCAL_DIR, array('no_fallback'=>true, 'local'=>true) );
|
2005-08-08 22:52:19 +02:00
|
|
|
|
2006-10-20 04:17:53 +02:00
|
|
|
// only now we can set the localized username of the guest user (and not in
|
|
|
|
|
// include/user.inc.php)
|
2007-06-06 00:01:15 +02:00
|
|
|
if (is_a_guest())
|
2006-10-20 04:17:53 +02:00
|
|
|
{
|
2008-01-30 23:07:07 +01:00
|
|
|
$user['username'] = l10n('guest');
|
2006-10-20 04:17:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// template instance
|
2010-04-18 20:59:37 +02:00
|
|
|
if (defined('IN_ADMIN') and IN_ADMIN )
|
2008-11-04 02:47:48 +01:00
|
|
|
{// Admin template
|
2010-03-13 01:00:52 +01:00
|
|
|
$template = new Template(PHPWG_ROOT_PATH.'admin/themes', $conf['admin_theme']);
|
2007-06-21 22:49:45 +02:00
|
|
|
}
|
|
|
|
|
else
|
2008-11-04 02:47:48 +01:00
|
|
|
{ // Classic template
|
2012-06-07 23:33:30 +02:00
|
|
|
$theme = $user['theme'];
|
|
|
|
|
if (script_basename() != 'ws' and mobile_theme())
|
|
|
|
|
{
|
|
|
|
|
$theme = $conf['mobile_theme'];
|
|
|
|
|
}
|
2012-02-15 17:52:24 +01:00
|
|
|
$template = new Template(PHPWG_ROOT_PATH.'themes', $theme );
|
2007-06-21 22:49:45 +02:00
|
|
|
}
|
2006-10-20 04:17:53 +02:00
|
|
|
|
2010-03-31 22:36:32 +02:00
|
|
|
if ( !isset($conf['no_photo_yet']) )
|
2010-03-15 00:56:21 +01:00
|
|
|
{
|
2010-03-31 22:36:32 +02:00
|
|
|
include(PHPWG_ROOT_PATH.'include/no_photo_yet.inc.php');
|
2010-03-15 00:56:21 +01:00
|
|
|
}
|
|
|
|
|
|
2007-07-07 11:23:04 +02:00
|
|
|
if (isset($user['internal_status']['guest_must_be_guest'])
|
|
|
|
|
and
|
|
|
|
|
$user['internal_status']['guest_must_be_guest'] === true)
|
|
|
|
|
{
|
2010-03-02 15:54:22 +01:00
|
|
|
$header_msgs[] = l10n('Bad status for user "guest", using default status. Please notify the webmaster.');
|
2007-07-07 11:23:04 +02:00
|
|
|
}
|
|
|
|
|
|
2006-02-12 22:52:16 +01:00
|
|
|
if ($conf['gallery_locked'])
|
|
|
|
|
{
|
2010-03-02 15:54:22 +01:00
|
|
|
$header_msgs[] = l10n('The gallery is locked for maintenance. Please, come back later.');
|
2006-02-12 22:52:16 +01:00
|
|
|
|
2007-01-02 23:57:33 +01:00
|
|
|
if ( script_basename() != 'identification' and !is_admin() )
|
2006-02-12 22:52:16 +01:00
|
|
|
{
|
2007-06-28 00:50:36 +02:00
|
|
|
set_status_header(503, 'Service Unavailable');
|
|
|
|
|
@header('Retry-After: 900');
|
2009-05-06 23:09:06 +02:00
|
|
|
header('Content-Type: text/html; charset='.get_pwg_charset());
|
2010-03-02 15:54:22 +01:00
|
|
|
echo '<a href="'.get_absolute_root_url(false).'identification.php">'.l10n('The gallery is locked for maintenance. Please, come back later.').'</a>';
|
2008-09-17 03:48:31 +02:00
|
|
|
echo str_repeat( ' ', 512); //IE6 doesn't error output if below a size
|
2006-02-12 22:52:16 +01:00
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-17 22:51:51 +02:00
|
|
|
if ($conf['check_upgrade_feed'])
|
2006-06-22 21:21:56 +02:00
|
|
|
{
|
2009-02-13 14:01:03 +01:00
|
|
|
include_once(PHPWG_ROOT_PATH.'admin/include/functions_upgrade.php');
|
|
|
|
|
if (check_upgrade_feed())
|
2006-10-20 04:17:53 +02:00
|
|
|
{
|
|
|
|
|
$header_msgs[] = 'Some database upgrades are missing, '
|
2007-01-24 06:07:08 +01:00
|
|
|
.'<a href="'.get_absolute_root_url(false).'upgrade_feed.php">upgrade now</a>';
|
2006-10-20 04:17:53 +02:00
|
|
|
}
|
|
|
|
|
}
|
2005-12-03 18:33:38 +01:00
|
|
|
|
2006-06-29 00:50:30 +02:00
|
|
|
if (count($header_msgs) > 0)
|
2006-06-22 23:28:54 +02:00
|
|
|
{
|
2008-03-02 01:29:27 +01:00
|
|
|
$template->assign('header_msgs', $header_msgs);
|
|
|
|
|
$header_msgs=array();
|
2006-06-22 23:28:54 +02:00
|
|
|
}
|
2006-11-08 05:28:30 +01:00
|
|
|
|
2007-01-15 01:09:14 +01:00
|
|
|
if (!empty($conf['filter_pages']) and get_filter_page_value('used'))
|
2006-12-21 22:38:20 +01:00
|
|
|
{
|
|
|
|
|
include(PHPWG_ROOT_PATH.'include/filter.inc.php');
|
|
|
|
|
}
|
2007-01-15 01:09:14 +01:00
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$filter['enabled'] = false;
|
|
|
|
|
}
|
2006-12-21 22:38:20 +01:00
|
|
|
|
|
|
|
|
if (isset($conf['header_notes']))
|
|
|
|
|
{
|
|
|
|
|
$header_notes = array_merge($header_notes, $conf['header_notes']);
|
|
|
|
|
}
|
|
|
|
|
|
2006-11-08 05:28:30 +01:00
|
|
|
// default event handlers
|
2007-10-02 07:38:54 +02:00
|
|
|
add_event_handler('render_category_literal_description', 'render_category_literal_description');
|
2009-02-05 04:03:30 +01:00
|
|
|
if ( !$conf['allow_html_descriptions'] )
|
|
|
|
|
{
|
|
|
|
|
add_event_handler('render_category_description', 'nl2br');
|
|
|
|
|
}
|
2010-12-23 06:22:19 +01:00
|
|
|
add_event_handler('render_comment_content', 'render_comment_content');
|
2007-06-07 20:50:25 +02:00
|
|
|
add_event_handler('render_comment_author', 'strip_tags');
|
2011-11-05 17:15:58 +01:00
|
|
|
add_event_handler('render_tag_url', 'str2url');
|
2008-08-28 02:32:39 +02:00
|
|
|
add_event_handler('blockmanager_register_blocks', 'register_default_menubar_blocks', EVENT_HANDLER_PRIORITY_NEUTRAL-1);
|
2013-02-02 08:09:52 +01:00
|
|
|
if ( !empty($conf['original_url_protection']) )
|
|
|
|
|
{
|
|
|
|
|
add_event_handler('get_element_url', 'get_element_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 );
|
|
|
|
|
add_event_handler('get_src_image_url', 'get_src_image_url_protection_handler', EVENT_HANDLER_PRIORITY_NEUTRAL, 2 );
|
|
|
|
|
}
|
2006-11-08 05:28:30 +01:00
|
|
|
trigger_action('init');
|
2010-10-30 17:07:18 +02:00
|
|
|
?>
|
