diff options
Diffstat (limited to '')
-rw-r--r-- | include/config.inc.php | 7 | ||||
-rw-r--r-- | include/functions.inc.php | 33 | ||||
-rw-r--r-- | include/functions_category.inc.php | 49 | ||||
-rw-r--r-- | include/functions_session.inc.php | 20 | ||||
-rw-r--r-- | include/functions_user.inc.php | 42 | ||||
-rw-r--r-- | include/functions_xml.inc.php | 119 | ||||
-rw-r--r-- | include/user.inc.php | 20 |
7 files changed, 216 insertions, 74 deletions
diff --git a/include/config.inc.php b/include/config.inc.php index f0a348a24..719edf156 100644 --- a/include/config.inc.php +++ b/include/config.inc.php @@ -20,10 +20,9 @@ $page = array(); $user = array(); $lang = array(); -include_once( PREFIXE_INCLUDE.'./include/mysql.inc.php' ); include_once( PREFIXE_INCLUDE.'./include/functions.inc.php' ); include_once( PREFIXE_INCLUDE.'./include/vtemplate.class.php' ); -// + // How to change the order of display for images in a category ? // // You have to modify $conf['order_by']. @@ -46,6 +45,8 @@ $conf['nb_row_page'] = array ('2','3','4','5','6','7','10','20','1000'); $conf['version'] = '1.3'; $conf['site_url'] = 'http://www.phpwebgallery.net'; $conf['forum_url'] = 'http://forum.phpwebgallery.net'; +$conf['picture_ext'] = array ( 'jpg','JPG','gif','GIF','png','PNG' ); +$conf['document_ext'] = array( 'doc','pdf','zip' ); database_connection(); // rertieving the configuration informations for site @@ -73,7 +74,7 @@ for ( $i = 0; $i < sizeof( $infos ); $i++ ) } $query.= $infos[$i]; } -$query .= ' from '.$prefixeTable.'config;'; +$query .= ' from '.PREFIX_TABLE.'config;'; $row = mysql_fetch_array( mysql_query( $query ) ); diff --git a/include/functions.inc.php b/include/functions.inc.php index 85db1eb76..41611df86 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -17,6 +17,7 @@ include( 'functions_user.inc.php' ); include( 'functions_session.inc.php' ); include( 'functions_category.inc.php' ); +include( 'functions_xml.inc.php' ); //----------------------------------------------------------- generic functions @@ -128,6 +129,20 @@ function replace_space( $string ) return $return_string; } +// get_extension returns the part of the string after the last "." +function get_extension( $filename ) +{ + return substr( strrchr( $filename, '.' ), 1, strlen ( $filename ) ); +} + +// get_filename_wo_extension returns the part of the string before the last +// ".". +// get_filename_wo_extension( 'test.tar.gz' ) -> 'test.tar' +function get_filename_wo_extension( $filename ) +{ + return substr( $filename, 0, strrpos( $filename, '.' ) ); +} + // get_dirs retourne un tableau contenant tous les sous-répertoires d'un // répertoire function get_dirs( $rep ) @@ -202,7 +217,6 @@ function get_picture_size( $original_width, $original_height, $picture_size[1] = $height; return $picture_size; } - //-------------------------------------------- PhpWebGallery specific functions // get_languages retourne un tableau contenant tous les languages @@ -278,20 +292,31 @@ function replace_search( $string, $search ) function database_connection() { - global $cfgHote,$cfgUser,$cfgPassword,$cfgBase; + // $cfgHote,$cfgUser,$cfgPassword,$cfgBase; + + $xml_content = getXmlCode( PREFIXE_INCLUDE.'./include/database_config.xml' ); + $mysql_conf = getChild( $xml_content, 'mysql' ); + + $cfgHote = getAttribute( $mysql_conf, 'host' ); + $cfgUser = getAttribute( $mysql_conf, 'user' ); + $cfgPassword = getAttribute( $mysql_conf, 'password' ); + $cfgBase = getAttribute( $mysql_conf, 'base' ); + @mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) or die ( "Could not connect to server" ); @mysql_select_db( $cfgBase ) or die ( "Could not connect to database" ); + + define( PREFIX_TABLE, getAttribute( $mysql_conf, 'tablePrefix' ) ); } function pwg_log( $file, $category, $picture = '' ) { - global $conf, $user, $prefixeTable; + global $conf, $user; if ( $conf['log'] ) { - $query = 'insert into '.$prefixeTable.'history'; + $query = 'insert into '.PREFIX_TABLE.'history'; $query.= ' (date,login,IP,file,category,picture) values'; $query.= " (".time().", '".$user['pseudo']."'"; $query.= ",'".$_SERVER['REMOTE_ADDR']."'"; diff --git a/include/functions_category.inc.php b/include/functions_category.inc.php index 115ee434e..3ec6102c1 100644 --- a/include/functions_category.inc.php +++ b/include/functions_category.inc.php @@ -16,14 +16,13 @@ ***************************************************************************/ function get_subcats_id( $cat_id ) { - global $prefixeTable; - $restricted_cat = array(); $i = 0; - $query = "select id"; - $query.= " from $prefixeTable"."categories"; - $query.= " where id_uppercat = $cat_id;"; + $query = 'select id'; + $query.= ' from '.PREFIX_TABLE.'categories'; + $query.= ' where id_uppercat = '.$cat_id; + $query.= ';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) { @@ -40,7 +39,7 @@ function get_subcats_id( $cat_id ) function check_restrictions( $category_id ) { - global $user,$lang,$prefixeTable; + global $user,$lang; if ( is_user_allowed( $category_id, $user['restrictions'] ) > 0 ) { @@ -57,13 +56,17 @@ function check_restrictions( $category_id ) // - $cat equals 'search' (when the result of a search is displayed) function check_cat_id( $cat ) { - global $page,$prefixeTable; + global $page; + unset( $page['cat'] ); if ( isset( $cat ) ) { if ( is_numeric( $cat ) ) { - $query = "select id from $prefixeTable"."categories where id = $cat;"; + $query = 'select id'; + $query.= ' from '.PREFIX_TABLE.'categories'; + $query.= ' where id = '.$cat; + $query. ';'; $result = mysql_query( $query ); if ( mysql_num_rows( $result ) != 0 ) { @@ -80,10 +83,10 @@ function check_cat_id( $cat ) function display_cat( $id_uppercat, $indent, $restriction, $tab_expand ) { - global $prefixeTable,$user,$lang,$conf,$page,$vtp,$handle; + global $user,$lang,$conf,$page,$vtp,$handle; $query = 'select name,id,date_dernier,nb_images,dir'; - $query.= ' from '.$prefixeTable.'categories'; + $query.= ' from '.PREFIX_TABLE.'categories'; $query.= ' where id_uppercat'; if ( $id_uppercat == "" ) { @@ -201,10 +204,10 @@ function display_cat( $id_uppercat, $indent, $restriction, $tab_expand ) function get_nb_subcats( $id ) { - global $prefixeTable,$user; + global $user; $query = 'select count(*) as count'; - $query.= ' from '.$prefixeTable.'categories'; + $query.= ' from '.PREFIX_TABLE.'categories'; $query.= ' where id_uppercat = '.$id; for ( $i = 0; $i < sizeof( $user['restrictions'] ); $i++ ) { @@ -218,12 +221,10 @@ function get_nb_subcats( $id ) function get_total_image( $id, $restriction ) { - global $prefixeTable; - $total = 0; $query = 'select id,nb_images'; - $query.= ' from '.$prefixeTable.'categories'; + $query.= ' from '.PREFIX_TABLE.'categories'; $query.= ' where id_uppercat'; if ( !is_numeric( $id ) ) { @@ -259,14 +260,12 @@ function get_total_image( $id, $restriction ) // $cat['site_id'] function get_cat_info( $id ) { - global $prefixeTable; - $cat = array(); $cat['name'] = array(); $query = 'select nb_images,id_uppercat,comment,site_id,galleries_url,dir'; - $query.= ' from '.$prefixeTable.'categories as a'; - $query.= ', '.$prefixeTable.'sites as b'; + $query.= ' from '.PREFIX_TABLE.'categories as a'; + $query.= ', '.PREFIX_TABLE.'sites as b'; $query.= ' where a.id = '.$id; $query.= ' and a.site_id = b.id;'; $row = mysql_fetch_array( mysql_query( $query ) ); @@ -284,7 +283,7 @@ function get_cat_info( $id ) while ( !$is_root ) { $query = 'select name,dir,id_uppercat'; - $query.= ' from '.$prefixeTable.'categories'; + $query.= ' from '.PREFIX_TABLE.'categories'; $query.= ' where id = '.$row['id_uppercat'].';'; $row = mysql_fetch_array( mysql_query( $query ) ); $cat['dir'] = $row['dir']."/".$cat['dir']; @@ -359,7 +358,7 @@ function get_cat_display_name( $array_cat_names, $separation, $style ) // 4. creation of the navigation bar function initialize_category( $calling_page = 'category' ) { - global $prefixeTable,$page,$lang,$user,$conf; + global $page,$lang,$user,$conf; if ( isset( $page['cat'] ) ) { @@ -397,7 +396,7 @@ function initialize_category( $calling_page = 'category' ) $page['where'].= " or comment like '%".$_GET['search']."%' )"; $query = 'select count(*) as nb_total_images'; - $query.= ' from '.$prefixeTable.'images'; + $query.= ' from '.PREFIX_TABLE.'images'; $query.= $page['where']; $query.= ';'; @@ -408,12 +407,12 @@ function initialize_category( $calling_page = 'category' ) { $page['title'] = $lang['favorites']; - $page['where'] = ', '.$prefixeTable.'favorites'; + $page['where'] = ', '.PREFIX_TABLE.'favorites'; $page['where'].= ' where user_id = '.$user['id']; $page['where'].= ' and image_id = id'; $query = 'select count(*) as nb_total_images'; - $query.= ' from '.$prefixeTable.'favorites'; + $query.= ' from '.PREFIX_TABLE.'favorites'; $query.= ' where user_id = '.$user['id']; $query.= ';'; } @@ -428,7 +427,7 @@ function initialize_category( $calling_page = 'category' ) $page['where'].= date( 'Y-m-d', $date )."'"; $query = 'select count(*) as nb_total_images'; - $query.= ' from '.$prefixeTable.'images'; + $query.= ' from '.PREFIX_TABLE.'images'; $query.= $page['where']; $query.= ';'; } diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 722627dc7..352e7cd7d 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -36,10 +36,10 @@ function generate_key() { $key .= chr( mt_rand( 65, 90 ) ); } - elseif ( $c == 1 ) - { - $key .= chr( mt_rand( 97, 122 ) ); - } + else if ( $c == 1 ) + { + $key .= chr( mt_rand( 97, 122 ) ); + } else { $key .= mt_rand( 0, 9 ); @@ -50,14 +50,14 @@ function generate_key() function session_create( $username ) { - global $conf,$prefixeTable,$REMOTE_ADDR; + global $conf; // 1. searching an unused sesison key $id_found = false; while ( !$id_found ) { $generated_id = generate_key(); $query = 'select id'; - $query.= ' from '.$prefixeTable.'sessions'; + $query.= ' from '.PREFIX_TABLE.'sessions'; $query.= " where id = '".$generated_id."';"; $result = mysql_query( $query ); if ( mysql_num_rows( $result ) == 0 ) @@ -67,16 +67,16 @@ function session_create( $username ) } // 2. retrieving id of the username given in parameter $query = 'select id'; - $query.= ' from '.$prefixeTable.'users'; + $query.= ' from '.PREFIX_TABLE.'users'; $query.= " where username = '".$username."';"; $row = mysql_fetch_array( mysql_query( $query ) ); $user_id = $row['id']; // 3. inserting session in database - $expiration = $conf['session_time']*60+time(); - $query = 'insert into '.$prefixeTable.'sessions'; + $expiration = $conf['session_time'] * 60 + time(); + $query = 'insert into '.PREFIX_TABLE.'sessions'; $query.= ' (id,user_id,expiration,ip) values'; $query.= "('".$generated_id."','".$user_id; - $query.= "','".$expiration."','".$REMOTE_ADDR."');"; + $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');"; mysql_query( $query ); return $generated_id; diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 03be22b1a..e9d3558d8 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -38,7 +38,7 @@ function validate_mail_address( $mail_address ) function register_user( $login, $password, $password_conf, $mail_address, $status = 'guest' ) { - global $prefixeTable, $lang; + global $lang; $error = array(); $i = 0; @@ -66,7 +66,7 @@ function register_user( else { $query = 'select id'; - $query.= ' from '.$prefixeTable.'users'; + $query.= ' from '.PREFIX_TABLE.'users'; $query.= " where username = '".$login."';"; $result = mysql_query( $query ); if ( mysql_num_rows( $result ) > 0 ) @@ -106,11 +106,11 @@ function register_user( } $query.= $infos[$i]; } - $query.= ' from '.$prefixeTable.'users'; + $query.= ' from '.PREFIX_TABLE.'users'; $query.= " where username = 'guest';"; $row = mysql_fetch_array( mysql_query( $query ) ); // 2. adding new user - $query = 'insert into '.$prefixeTable.'users'; + $query = 'insert into '.PREFIX_TABLE.'users'; $query.= ' ('; $query.= ' username,password,mail_address,status'; for ( $i = 0; $i < sizeof( $infos ); $i++ ) @@ -145,20 +145,20 @@ function register_user( mysql_query( $query ); // 3. retrieving the id of the newly created user $query = 'select id'; - $query.= ' from '.$prefixeTable.'users'; + $query.= ' from '.PREFIX_TABLE.'users'; $query.= " where username = '".$login."';"; $row = mysql_fetch_array( mysql_query( $query ) ); $user_id = $row['id']; // 4. adding restrictions to the new user, the same as the user "guest" $query = 'select cat_id'; - $query.= ' from '.$prefixeTable.'restrictions as r'; - $query.= ','.$prefixeTable.'users as u '; + $query.= ' from '.PREFIX_TABLE.'restrictions as r'; + $query.= ','.PREFIX_TABLE.'users as u '; $query.= ' where u.id = r.user_id'; $query.= " and u.username = 'guest';"; $result = mysql_query( $query ); while( $row = mysql_fetch_array( $result ) ) { - $query = 'insert into '.$prefixeTable.'restrictions'; + $query = 'insert into '.PREFIX_TABLE.'restrictions'; $query.= ' (user_id,cat_id) values'; $query.= ' ('.$user_id.','.$row['cat_id'].');'; mysql_query ( $query ); @@ -170,8 +170,6 @@ function register_user( function update_user( $user_id, $mail_address, $status, $use_new_password = false, $password = '' ) { - global $prefixeTable; - $error = array(); $i = 0; @@ -183,7 +181,7 @@ function update_user( $user_id, $mail_address, $status, if ( sizeof( $error ) == 0 ) { - $query = 'update '.$prefixeTable.'users'; + $query = 'update '.PREFIX_TABLE.'users'; $query.= " set status = '".$status."'"; if ( $use_new_password ) { @@ -224,12 +222,11 @@ function check_login_authorization() // are added to the restricted one in the array. function get_restrictions( $user_id, $user_status, $check_invisible ) { - global $prefixeTable; - // 1. getting the ids of the restricted categories - $query = "select cat_id"; - $query.= " from $prefixeTable"."restrictions"; - $query.= " where user_id = $user_id;"; + $query = 'select cat_id'; + $query.= ' from '.PREFIX_TABLE.'restrictions'; + $query.= ' where user_id = '.$user_id; + $query.= ';'; $result = mysql_query( $query ); $i = 0; $restriction = array(); @@ -243,7 +240,7 @@ function get_restrictions( $user_id, $user_status, $check_invisible ) if ( $user_status != "admin" ) { $query = 'select id'; - $query.= ' from '.$prefixeTable.'categories'; + $query.= ' from '.PREFIX_TABLE.'categories'; $query.= " where status='invisible';"; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) @@ -260,8 +257,6 @@ function get_restrictions( $user_id, $user_status, $check_invisible ) // sub-categories and invisible categories function get_all_restrictions( $user_id, $user_status ) { - global $prefixeTable; - $restricted_cat = get_restrictions( $user_id, $user_status, true ); $i = sizeof( $restricted_cat ); for ( $k = 0; $k < sizeof( $restricted_cat ); $k++ ) @@ -281,16 +276,17 @@ function get_all_restrictions( $user_id, $user_status ) // - 2 : if an uppercat category is not allowed function is_user_allowed( $category_id, $restrictions ) { - global $user,$prefixeTable; + global $user; $lowest_category_id = $category_id; $is_root = false; while ( !$is_root and !in_array( $category_id, $restrictions ) ) { - $query = "select id_uppercat"; - $query.= " from $prefixeTable"."categories"; - $query.= " where id = $category_id;"; + $query = 'select id_uppercat'; + $query.= ' from '.PREFIX_TABLE.'categories'; + $query.= ' where id = '.$category_id; + $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); if ( $row['id_uppercat'] == "" ) { diff --git a/include/functions_xml.inc.php b/include/functions_xml.inc.php new file mode 100644 index 000000000..1919608ad --- /dev/null +++ b/include/functions_xml.inc.php @@ -0,0 +1,119 @@ +<?php +/*************************************************************************** + * functions_xml.inc.php * + * ------------------- * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + *************************************************************************** + + *************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ + +//------------------------------------------------------------------ constantes +define( ATT_REG, '\w+' ); +define( VAL_REG, '[^"]*' ); + +//------------------------------------------------------------------- functions +// getContent returns the content of a tag +// +// example : getContent( "<name>Joe</name>" ) returns "Joe" +// +// It also works with strings containing themself sub-tags : +// <perso><name>Jean</name><firstname>Billie</fisrtname></perso> -> +// <name>Jean</name><firstname>Billie</firstname> +function getContent( $element ) +{ + // deleting start of the tag + $content = preg_replace( '/^<[^>]+>/', '', $element ); + // deleting end of the tag + $content = preg_replace( '/<\/\w+>$/', '', $content ); + // replacing multiple instance of space character + $content = preg_replace( '/\s+/', ' ', $content ); + + return $content; +} + +// The function get Attribute returns the value corresponding to the attribute +// $attribute for the tag $element. +function getAttribute( $element, $attribute ) +{ + $regex = '/^<\w+[^>]*'.$attribute.'\s*=\s*"('.VAL_REG.')"/i'; + if ( preg_match( $regex, $element, $out ) ) return $out[1]; + else return ''; +} + +function deprecated_getAttribute( $element, $attribute ) +{ + // Retrieving string with tag name and all attributes + $regex = '/^<\w+( '.ATT_REG.'="'.VAL_REG.'")*/'; + preg_match( $regex, $element, $out ); + + // Splitting string for retrieving separately attributes + // and corresponding values + $regex = '/('.ATT_REG.')="('.VAL_REG.')"/'; + preg_match_all( $regex, $out[0], $out ); + + // Searching and returning the value of the requested attribute + for ( $i = 0; $i < sizeof( $out[0] ); $i++ ) + { + if ( $out[1][$i] == $attribute ) + { + return $out[2][$i]; + } + } + return ''; +} + +// The function getChild returns the first child +// exemple : getChild( "<table><tr>XXX</tr><tr>YYY</tr></table>", "tr" ) +// returns "<tr>XXX</tr>" +function getChild( $document, $node ) +{ + $regex = '/<'.$node.'(\s+'.ATT_REG.'="'.VAL_REG.'")*'; + $regex.= '(\s*\/>|>.*<\/'.$node.'>)/U'; + + preg_match( $regex, $document, $out ); + return $out[0]; +} + +// getChildren returns a list of the children identified by the $node +// example : +// getChild( "<table><tr>XXX</tr><tr>YYY</tr></table>", "tr" ) +// returns an array with : +// $array[0] equals "<tr>XXX</tr>" +// $array[1] equals "<tr>YYY</tr>" +function getChildren( $document, $node ) +{ + $regex = '/<'.$node.'(\s+'.ATT_REG.'="'.VAL_REG.'")*'; + $regex.= '(\s*\/>|>.*<\/'.$node.'>)/U'; + + preg_match_all( $regex, $document, $out ); + return $out[0]; +} + +// get_CodeXML places the content of a text file in a PHP variable and +// return it. If the file can't be opened, returns false. +function getXmlCode( $filename ) +{ + $file = fopen( $filename, 'r' ); + if ( !$file ) + { + return false; + } + while ( !feof( $file ) ) + { + $xml_content .= fgets( $file, 1024 ); + } + fclose( $file ); + $xml_content = str_replace( "\n", '', $xml_content ); + $xml_content = str_replace( "\t", '', $xml_content ); + + return $xml_content; +} +?>
\ No newline at end of file diff --git a/include/user.inc.php b/include/user.inc.php index 3a95e08ab..6447b220e 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -37,16 +37,17 @@ for ( $i = 0; $i < sizeof( $infos ); $i++ ) } $query_user.= $infos[$i]; } -$query_user.= ' from '.$prefixeTable.'users'; +$query_user.= ' from '.PREFIX_TABLE.'users'; $query_done = false; $user['is_the_guest'] = false; if ( isset( $_GET['id'] ) && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) { $page['session_id'] = $_GET['id']; - $query = "select user_id, expiration, ip "; - $query.= "from $prefixeTable"."sessions "; - $query.= "where id = '".$_GET['id']."';"; + $query = 'select user_id,expiration,ip'; + $query.= ' from '.PREFIX_TABLE.'sessions'; + $query.= " where id = '".$_GET['id']."'"; + $query.= ';'; $result = mysql_query( $query ); if ( mysql_num_rows( $result ) > 0 ) { @@ -55,13 +56,14 @@ if ( isset( $_GET['id'] ) { // deletion of the session from the database, // because it is out-of-date - $delete_query = "delete from ".$prefixeTable."sessions"; - $delete_query.= " where id = ".$page['session_id'].";"; + $delete_query = 'delete from '.PREFIX_TABLE.'sessions'; + $delete_query.= " where id = '".$page['session_id']."'"; + $delete_query.= ';'; mysql_query( $delete_query ); } else { - if ( $REMOTE_ADDR == $row['ip'] ) + if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) { $query_user .= ' where id = '.$row['user_id']; $query_done = true; @@ -83,8 +85,8 @@ $row = mysql_fetch_array( mysql_query( $query_user ) ); for ( $i = 0; $i < sizeof( $infos ); $i++ ) { $user[$infos[$i]] = $row[$infos[$i]]; - // If the field is true or false, the variable is transformed into a boolean - // value. + // If the field is true or false, the variable is transformed into a + // boolean value. if ( $row[$infos[$i]] == 'true' || $row[$infos[$i]] == 'false' ) { $user[$infos[$i]] = get_boolean( $row[$infos[$i]] ); |