$option) { $options[$i] = str_replace("'", '',$option); } } } mysql_free_result($result); return $options; } // get_boolean transforms a string to a boolean value. If the string is // "false" (case insensitive), then the boolean value false is returned. In // any other case, true is returned. function get_boolean( $string ) { $boolean = true; if ( 'false' == strtolower($string) ) { $boolean = false; } return $boolean; } /** * returns boolean string 'true' or 'false' if the given var is boolean * * @param mixed $var * @return mixed */ function boolean_to_string($var) { if (is_bool($var)) { return $var ? 'true' : 'false'; } else { return $var; } } // The function get_moment returns a float value coresponding to the number // of seconds since the unix epoch (1st January 1970) and the microseconds // are precised : e.g. 1052343429.89276600 function get_moment() { $t1 = explode( ' ', microtime() ); $t2 = explode( '.', $t1[0] ); $t2 = $t1[1].'.'.$t2[1]; return $t2; } // The function get_elapsed_time returns the number of seconds (with 3 // decimals precision) between the start time and the end time given. function get_elapsed_time( $start, $end ) { return number_format( $end - $start, 3, '.', ' ').' s'; } // - The replace_space function replaces space and '-' characters // by their HTML equivalent &nbsb; and − // - The function does not replace characters in HTML tags // - This function was created because IE5 does not respect the // CSS "white-space: nowrap;" property unless space and minus // characters are replaced like this function does. // - Example : //
['.$page['count_queries'].'] '; $output.= "\n".$query; $output.= "\n".'(this query time : '; $output.= ''.number_format($time, 3, '.', ' ').' s)'; $output.= "\n".'(total SQL time : '; $output.= number_format($page['queries_time'], 3, '.', ' ').' s)'; $output.= "\n".'(total time : '; $output.= number_format( ($time+$start-$t2), 3, '.', ' ').' s)'; if ( $result!=null and preg_match('/\s*SELECT\s+/i',$query) ) { $output.= "\n".'(num rows : '; $output.= mysql_num_rows($result).' )'; } elseif ( $result!=null and preg_match('/\s*INSERT|UPDATE|REPLACE|DELETE\s+/i',$query) ) { $output.= "\n".'(affected rows : '; $output.= mysql_affected_rows().' )'; } $output.= "\n"; $debug .= $output; } return $result; } function pwg_debug( $string ) { global $debug,$t2,$page; $now = explode( ' ', microtime() ); $now2 = explode( '.', $now[0] ); $now2 = $now[1].'.'.$now2[1]; $time = number_format( $now2 - $t2, 3, '.', ' ').' s'; $debug .= '
'; $debug.= '['.$time.', '; $debug.= $page['count_queries'].' queries] : '.$string; $debug.= "
\n"; } /** * Redirects to the given URL (HTTP method) * * Note : once this function called, the execution doesn't go further * (presence of an exit() instruction. * * @param string $url * @return void */ function redirect_http( $url ) { if (ob_get_length () !== FALSE) { ob_clean(); } // default url is on html format $url = html_entity_decode($url); header('Request-URI: '.$url); header('Content-Location: '.$url); header('Location: '.$url); exit(); } /** * Redirects to the given URL (HTML method) * * Note : once this function called, the execution doesn't go further * (presence of an exit() instruction. * * @param string $url * @param string $title_msg * @param integer $refreh_time * @return void */ function redirect_html( $url , $msg = '', $refresh_time = 0) { global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug; if (!isset($lang_info)) { $user = build_user( $conf['guest_id'], true); load_language('common.lang'); trigger_action('loading_lang'); load_language('local.lang', '', array('no_fallback'=>true) ); list($tmpl, $thm) = explode('/', get_default_template()); $template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm); } else { $template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']); } if (empty($msg)) { $msg = nl2br(l10n('redirect_msg')); } $refresh = $refresh_time; $url_link = $url; $title = 'redirection'; $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) ); include( PHPWG_ROOT_PATH.'include/page_header.php' ); $template->set_filenames( array( 'redirect' => 'redirect.tpl' ) ); $template->assign('REDIRECT_MSG', $msg); $template->parse('redirect'); include( PHPWG_ROOT_PATH.'include/page_tail.php' ); exit(); } /** * Redirects to the given URL (Switch to HTTP method or HTML method) * * Note : once this function called, the execution doesn't go further * (presence of an exit() instruction. * * @param string $url * @param string $title_msg * @param integer $refreh_time * @return void */ function redirect( $url , $msg = '', $refresh_time = 0) { global $conf; // with RefeshTime <> 0, only html must be used if ($conf['default_redirect_method']=='http' and $refresh_time==0 and !headers_sent() ) { redirect_http($url); } else { redirect_html($url, $msg, $refresh_time); } } /** * returns $_SERVER['QUERY_STRING'] whitout keys given in parameters * * @param array $rejects * @param boolean $escape - if true escape & to & (for html) * @returns string */ function get_query_string_diff($rejects=array(), $escape=true) { $query_string = ''; $str = $_SERVER['QUERY_STRING']; parse_str($str, $vars); $is_first = true; foreach ($vars as $key => $value) { if (!in_array($key, $rejects)) { $query_string.= $is_first ? '?' : ($escape ? '&' : '&' ); $is_first = false; $query_string.= $key.'='.$value; } } return $query_string; } function url_is_remote($url) { if ( strncmp($url, 'http://', 7)==0 or strncmp($url, 'https://', 8)==0 ) { return true; } return false; } /** * returns available template/theme */ function get_pwg_themes() { global $conf; $themes = array(); $template_dir = PHPWG_ROOT_PATH.'template'; foreach (get_dirs($template_dir) as $template) { foreach (get_dirs($template_dir.'/'.$template.'/theme') as $theme) { if ( ($template.'/'.$theme) != $conf['admin_layout'] ) array_push($themes, $template.'/'.$theme); } } return $themes; } /* Returns the PATH to the thumbnail to be displayed. If the element does not * have a thumbnail, the default mime image path is returned. The PATH can be * used in the php script, but not sent to the browser. * @param array element_info assoc array containing element info from db * at least 'path', 'tn_ext' and 'id' should be present */ function get_thumbnail_path($element_info) { $path = get_thumbnail_location($element_info); if ( !url_is_remote($path) ) { $path = PHPWG_ROOT_PATH.$path; } return $path; } /* Returns the URL of the thumbnail to be displayed. If the element does not * have a thumbnail, the default mime image url is returned. The URL can be * sent to the browser, but not used in the php script. * @param array element_info assoc array containing element info from db * at least 'path', 'tn_ext' and 'id' should be present */ function get_thumbnail_url($element_info) { $path = get_thumbnail_location($element_info); if ( !url_is_remote($path) ) { $path = embellish_url(get_root_url().$path); } // plugins want another url ? $path = trigger_event('get_thumbnail_url', $path, $element_info); return $path; } /* returns the relative path of the thumnail with regards to to the root of piwigo (not the current page!).This function is not intended to be called directly from code.*/ function get_thumbnail_location($element_info) { global $conf; if ( !empty( $element_info['tn_ext'] ) ) { $path = substr_replace( get_filename_wo_extension($element_info['path']), '/thumbnail/'.$conf['prefix_thumbnail'], strrpos($element_info['path'],'/'), 1 ); $path.= '.'.$element_info['tn_ext']; } else { $path = get_themeconf('mime_icon_dir') .strtolower(get_extension($element_info['path'])).'.png'; } // plugins want another location ? $path = trigger_event( 'get_thumbnail_location', $path, $element_info); return $path; } /* returns the title of the thumnail */ function get_thumbnail_title($element_info) { // message in title for the thumbnail if (isset($element_info['file'])) { $thumbnail_title = $element_info['file']; } else { $thumbnail_title = ''; } if (!empty($element_info['filesize'])) { $thumbnail_title .= ' : '.sprintf(l10n('%d Kb'), $element_info['filesize']); } return $thumbnail_title; } // my_error returns (or send to standard output) the message concerning the // error occured for the last mysql query. function my_error($header, $die) { $error = "[mysql error ".mysql_errno().'] '.mysql_error()."\n"; $error .= $header; if ($die) { fatal_error($error); } echo(""); trigger_error($error, E_USER_WARNING); echo(""); } /** * creates an array based on a query, this function is a very common pattern * used here * * @param string $query * @param string $fieldname * @return array */ function array_from_query($query, $fieldname) { $array = array(); $result = pwg_query($query); while ($row = mysql_fetch_array($result)) { array_push($array, $row[$fieldname]); } return $array; } /** * fill the current user caddie with given elements, if not already in * caddie * * @param array elements_id */ function fill_caddie($elements_id) { global $user; include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); $query = ' SELECT element_id FROM '.CADDIE_TABLE.' WHERE user_id = '.$user['id'].' ;'; $in_caddie = array_from_query($query, 'element_id'); $caddiables = array_diff($elements_id, $in_caddie); $datas = array(); foreach ($caddiables as $caddiable) { array_push($datas, array('element_id' => $caddiable, 'user_id' => $user['id'])); } if (count($caddiables) > 0) { mass_inserts(CADDIE_TABLE, array('element_id','user_id'), $datas); } } /** * returns the element name from its filename * * @param string filename * @return string name */ function get_name_from_file($filename) { return str_replace('_',' ',get_filename_wo_extension($filename)); } /** * returns the corresponding value from $lang if existing. Else, the key is * returned * * @param string key * @return string */ function l10n($key) { global $lang, $conf; if ($conf['debug_l10n'] and !isset($lang[$key]) and !empty($key)) { trigger_error('[l10n] language key "'.$key.'" is not defined', E_USER_WARNING); } return isset($lang[$key]) ? $lang[$key] : $key; } /** * returns the prinft value for strings including %d * return is concorded with decimal value (singular, plural) * * @param singular string key * @param plural string key * @param decimal value * @return string */ function l10n_dec($singular_fmt_key, $plural_fmt_key, $decimal) { global $lang_info; return sprintf( l10n(( (($decimal > 1) or ($decimal == 0 and $lang_info['zero_plural'])) ? $plural_fmt_key : $singular_fmt_key )), $decimal); } /* * returns a single element to use with l10n_args * * @param string key: translation key * @param array/string/../number args: * arguments to use on sprintf($key, args) * if args is a array, each values are used on sprintf * @return string */ function get_l10n_args($key, $args) { if (is_array($args)) { $key_arg = array_merge(array($key), $args); } else { $key_arg = array($key, $args); } return array('key_args' => $key_arg); } /* * returns a string with formated with l10n_args elements * * @param element/array $key_args: element or array of l10n_args elements * @param $sep: if $key_args is array, * separator is used when translated l10n_args elements are concated * @return string */ function l10n_args($key_args, $sep = "\n") { if (is_array($key_args)) { foreach ($key_args as $key => $element) { if (isset($result)) { $result .= $sep; } else { $result = ''; } if ($key === 'key_args') { array_unshift($element, l10n(array_shift($element))); $result .= call_user_func_array('sprintf', $element); } else { $result .= l10n_args($element, $sep); } } } else { fatal_error('l10n_args: Invalid arguments'); } return $result; } /** * returns the corresponding value from $themeconf if existing. Else, the * key is returned * * @param string key * @return string */ function get_themeconf($key) { global $template; return $template->get_themeconf($key); } /** * Returns webmaster mail address depending on $conf['webmaster_id'] * * @return string */ function get_webmaster_mail_address() { global $conf; $query = ' SELECT '.$conf['user_fields']['email'].' FROM '.USERS_TABLE.' WHERE '.$conf['user_fields']['id'].' = '.$conf['webmaster_id'].' ;'; list($email) = mysql_fetch_array(pwg_query($query)); return $email; } /** * Add configuration parameters from database to global $conf array * * @return void */ function load_conf_from_db($condition = '') { global $conf; $query = ' SELECT param, value FROM '.CONFIG_TABLE.' '.(!empty($condition) ? 'WHERE '.$condition : '').' ;'; $result = pwg_query($query); if ((mysql_num_rows($result) == 0) and !empty($condition)) { fatal_error('No configuration data'); } while ($row = mysql_fetch_array($result)) { $conf[ $row['param'] ] = isset($row['value']) ? $row['value'] : ''; // If the field is true or false, the variable is transformed into a // boolean value. if ($conf[$row['param']] == 'true' or $conf[$row['param']] == 'false') { $conf[ $row['param'] ] = get_boolean($conf[ $row['param'] ]); } } } /** * Prepends and appends a string at each value of the given array. * * @param array * @param string prefix to each array values * @param string suffix to each array values */ function prepend_append_array_items($array, $prepend_str, $append_str) { array_walk( $array, create_function('&$s', '$s = "'.$prepend_str.'".$s."'.$append_str.'";') ); return $array; } /** * creates an hashed based on a query, this function is a very common * pattern used here. Among the selected columns fetched, choose one to be * the key, another one to be the value. * * @param string $query * @param string $keyname * @param string $valuename * @return array */ function simple_hash_from_query($query, $keyname, $valuename) { $array = array(); $result = pwg_query($query); while ($row = mysql_fetch_array($result)) { $array[ $row[$keyname] ] = $row[$valuename]; } return $array; } /** * creates an hashed based on a query, this function is a very common * pattern used here. The key is given as parameter, the value is an associative * array. * * @param string $query * @param string $keyname * @return array */ function hash_from_query($query, $keyname) { $array = array(); $result = pwg_query($query); while ($row = mysql_fetch_assoc($result)) { $array[ $row[$keyname] ] = $row; } return $array; } /** * Return basename of the current script * Lower case convertion is applied on return value * Return value is without file extention ".php" * * @param void * * @return script basename */ function script_basename() { global $conf; foreach (array('SCRIPT_NAME', 'SCRIPT_FILENAME', 'PHP_SELF') as $value) { if (!empty($_SERVER[$value])) { $filename = strtolower($_SERVER[$value]); if ($conf['php_extension_in_urls'] and get_extension($filename)!=='php') continue; $basename = basename($filename, '.php'); if (!empty($basename)) { return $basename; } } } return ''; } /** * Return value for the current page define on $conf['filter_pages'] * Îf value is not defined, default value are returned * * @param value name * * @return filter page value */ function get_filter_page_value($value_name) { global $conf; $page_name = script_basename(); if (isset($conf['filter_pages'][$page_name][$value_name])) { return $conf['filter_pages'][$page_name][$value_name]; } else if (isset($conf['filter_pages']['default'][$value_name])) { return $conf['filter_pages']['default'][$value_name]; } else { return null; } } /** * returns the character set of data sent to browsers / received from forms */ function get_pwg_charset() { defined('PWG_CHARSET') or fatal_error('PWG_CHARSET undefined'); return PWG_CHARSET; } /** * includes a language file or returns the content of a language file * availability of the file * * in descending order of preference: * param language, user language, default language * Piwigo default language. * * @param string filename * @param string dirname * @param mixed options can contain * language - language to load (if empty uses user language) * return - if true the file content is returned otherwise the file is evaluated as php * target_charset - * no_fallback - the language must be respected * @return boolean success status or a string if options['return'] is true */ function load_language($filename, $dirname = '', $options = array() ) { global $user; if (! @$options['return'] ) { $filename .= '.php'; //MAYBE to do .. load .po and .mo localization files } if (empty($dirname)) { $dirname = PHPWG_ROOT_PATH; } $dirname .= 'language/'; $languages = array(); if ( !empty($options['language']) ) { $languages[] = $options['language']; } if ( !empty($user['language']) ) { $languages[] = $user['language']; } if ( ! @$options['no_fallback'] ) { if ( defined('PHPWG_INSTALLED') ) { $languages[] = get_default_language(); } $languages[] = PHPWG_DEFAULT_LANGUAGE; } $languages = array_unique($languages); if ( empty($options['target_charset']) ) { $target_charset = get_pwg_charset(); } else { $target_charset = $options['target_charset']; } $target_charset = strtolower($target_charset); $source_charset = ''; $source_file = ''; foreach ($languages as $language) { $dir = $dirname.$language; if ($target_charset!='utf-8') { // exact charset match - no conversion required $f = $dir.'.'.$target_charset.'/'.$filename; if (file_exists($f)) { $source_file = $f; break; } } // UTF-8 ? $f = $dir.'/'.$filename; if (file_exists($f)) { $source_charset = 'utf-8'; $source_file = $f; break; } } if ( !empty($source_file) ) { if (! @$options['return'] ) { @include($source_file); $load_lang = @$lang; $load_lang_info = @$lang_info; global $lang, $lang_info; if ( !isset($lang) ) $lang=array(); if ( !isset($lang_info) ) $lang_info=array(); if ( !empty($source_charset) and $source_charset!=$target_charset) { if ( is_array($load_lang) ) { foreach ($load_lang as $k => $v) { if ( is_array($v) ) { $func = create_function('$v', 'return convert_charset($v, "'.$source_charset.'","'.$target_charset.'");' ); $lang[$k] = array_map($func, $v); } else $lang[$k] = convert_charset($v, $source_charset, $target_charset); } } if ( is_array($load_lang_info) ) { foreach ($load_lang_info as $k => $v) { $lang_info[$k] = convert_charset($v, $source_charset, $target_charset); } } } else { $lang = array_merge( $lang, (array)$load_lang ); $lang_info = array_merge( $lang_info, (array)$load_lang_info ); } return true; } else { $content = @file_get_contents($source_file); if ( !empty($source_charset) and $source_charset!=$target_charset) { $content = convert_charset($content, $source_charset, $target_charset); } return $content; } } return false; } /** * converts a string from a character set to another character set * @param string str the string to be converted * @param string source_charset the character set in which the string is encoded * @param string dest_charset the destination character set */ function convert_charset($str, $source_charset, $dest_charset) { if ($source_charset==$dest_charset) return $str; if ($source_charset=='iso-8859-1' and $dest_charset=='utf-8') { return utf8_encode($str); } if ($source_charset=='utf-8' and $dest_charset=='iso-8859-1') { return utf8_decode($str); } if (function_exists('iconv')) { return iconv($source_charset, $dest_charset, $str); } if (function_exists('mb_convert_encoding')) { return mb_convert_encoding( $str, $dest_charset, $source_charset ); } return $str; //??? } /** * makes sure a index.htm protects the directory from browser file listing * * @param string dir directory */ function secure_directory($dir) { $file = $dir.'/index.htm'; if (!file_exists($file)) { @file_put_contents($file, 'Not allowed!'); } } /** * returns a "secret key" that is to be sent back when a user enters a comment * * @param int image_id */ function get_comment_post_key($image_id) { global $conf; $time = time(); return sprintf( '%s:%s', $time, hash_hmac( 'md5', $time.':'.$image_id, $conf['secret_key'] ) ); } /* * breaks the script execution if the given value doesn't match the given * pattern. This should happen only during hacking attempts. * * @param string param_name * @param array param_array * @param boolean is_array * @param string pattern * * @return void */ function check_input_parameter($param_name, $param_array, $is_array, $pattern) { $param_value = null; if (isset($param_array[$param_name])) { $param_value = $param_array[$param_name]; } // it's ok if the input parameter is null if (empty($param_value)) { return true; } if ($is_array) { if (!is_array($param_value)) { die('[Hacking attempt] the input parameter "'.$param_name.'" should be an array'); } foreach ($param_value as $item_to_check) { if (!preg_match($pattern, $item_to_check)) { die('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"'); } } } else { if (!preg_match($pattern, $param_value)) { die('[Hacking attempt] the input parameter "'.$param_name.'" is not valid'); } } } /** * check token comming from form posted or get params to prevent csrf attacks * if pwg_token is empty action doesn't require token * else pwg_token is compare to server token * * @return void access denied if token given is not equal to server token */ function check_pwg_token() { $valid_token = get_pwg_token(); $given_token = null; if (!empty($_POST['pwg_token'])) { $given_token = $_POST['pwg_token']; } elseif (!empty($_GET['pwg_token'])) { $given_token = $_GET['pwg_token']; } if ($given_token != $valid_token) { access_denied(); } } function get_pwg_token() { global $conf; return hash_hmac('md5', session_id(), $conf['secret_key']); } ?>