* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ include "config.inc.php"; if($thumb_generator=="convert") { @exec("which convert", $my_convert_path); if($my_convert_path[0]=="") die("install convert (see manual) or use 'GD' or 'manual' as thumb generator"); } function set_cookie_val($val) { global $cookiesite; setcookie("LoginValue",$val,time()+(3600*24*365*3),"/"); } function get_comment($nom) { global $sDB,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($sDB,$cmd,$nConnection); $row=mysql_fetch_array($res); return $row["descr"]; } function get_rating($nom) { global $sDB,$nConnection,$sTableRatings; $cmd="select avg(rating), count(*) from $sTableRatings where pic_name='".addslashes($nom)."'"; $res=mysql_db_query($sDB,$cmd,$nConnection); $row=mysql_fetch_array($res); return ($row[1]?$row[0]:false); } function already_rated($nom) { global $sDB,$nConnection,$sTableRatings; $cmd="select * from $sTableRatings where pic_name='".addslashes($nom)."' and ip='".getenv("REMOTE_ADDR")."'"; $res=mysql_db_query($sDB,$cmd,$nConnection); $row=mysql_fetch_array($res); return($row); } function get_level_db($nom) { global $sDB,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($sDB,$cmd,$nConnection); $row=mysql_fetch_array($res); return (int)$row["seclevel"]; } function get_level($pic) { if(!strstr($pic,"/")) return (int)get_level_db($pic); $l=get_level_db($pic); if($l!=0) return (int)$l; $l2=get_level_db($pic."/"); if($l2!=0) return (int)$l2; return (int)(get_level(substr($pic,0,strrpos($pic,"/")))); } function reformat($s) { if($s) $s=StripSlashes($s); if(!strstr($s,"..")) { } else $s=""; // ANTI HACK :) return($s); } // sound/video/text functions function get_movie_type($doc) { if (eregi("mov$", $doc)) { return "video/quicktime"; } if (eregi("avi$", $doc)) { return "video/x-msvideo"; } else if (eregi("mpe?g$", $doc)) { return "video/mpeg"; } return 0; } function get_sound_type($doc) { if (eregi("wav$", $doc)) { return "audio/x-wav"; } else if (eregi("mp3$", $doc)) { return "audio/mp3"; } return 0; } function get_text_type($doc) { if (eregi("txt$", $doc)) { return "text/plain"; } return 0; } // image convertion functions function wait_convert_proc() { global $sem,$use_sem; register_shutdown_function("end_convert_proc"); if($use_sem) { $sem=sem_get(31337); sem_acquire($sem); } } function end_convert_proc() { global $sem,$use_sem; if($use_sem) { sem_release($sem); } register_shutdown_function(""); } function convert_image($sourcepic,$destpic,$res,$quality) { global $my_convert_path,$thumb_generator; if (get_sound_type($sourcepic)) { copy("icons/sound.gif", $destpic); return; } else if (get_movie_type($sourcepic)) { copy("icons/movie.gif", $destpic); return; } else if (get_text_type($sourcepic)) { copy("icons/text.gif", $destpic); return; } wait_convert_proc(); if($thumb_generator=="convert") { @exec($my_convert_path[0]." -geometry ".$res." -quality ".$quality." \"".$sourcepic."\" \"".$destpic."\""); } else if($thumb_generator=="gd") { if(eregi("\.(jpg|jpeg)$",$sourcepic)) $im=imagecreatefromjpeg($sourcepic); else if (eregi("\.png$",$fn)) $im=imagecreatefrompng($createfn); if ($im != "") { $dims=explode("x",$res); $newh=$dims[1]; $neww=$newh/imagesy($im) * imagesx($im); if ($neww > imagesx($im)) { $neww=imagesx($im); $newh=imagesy($im); } if ($neww > $dims[0]) { $neww=$dims[0]; $newh=$neww/imagesx($im) * imagesy($im); } $im2=ImageCreate($neww,$newh); ImageCopyResized($im2,$im,0,0,0,0,$neww,$newh,imagesx($im),imagesy($im)); if (eregi("\.(jpg|jpeg)$",$sourcepic)) imagejpeg($im2,$destpic,$quality); else if (eregi("\.png$",$fn)) imagepng($im2,$destpic); ImageDestroy($im); ImageDestroy($im2); } else { debug_image("Error loading file!"); } } end_convert_proc(); } //show debug info in image format function debug_image($str){ $im = ImageCreate (150, 50); /* Create a blank image */ $bgc = ImageColorAllocate ($im, 255, 255, 255); $tc = ImageColorAllocate ($im, 0, 0, 0); ImageFilledRectangle ($im, 0, 0, 150, 30, $bgc); /* Output an errmsg */ ImageString ($im, 1, 5, 5, $str, $tc); ImageJPEG($im); } // comments functions function get_nb_comments($id) { global $sDB,$nConnection,$sTableComments; $cmd="select * from ".$sTableComments." where pic_name='".addslashes($id)."'"; $res=mysql_db_query($sDB,$cmd,$nConnection); return mysql_num_rows($res); } function display_comments($id) { /* global $sDB,$nConnection,$sTableComments,$admin; global $txt_comments,$txt_add_comment,$txt_comment_from,$txt_comment_on; ?>
0) { ?>

".$txt_comment_from."".htmlentities($row["user"])."".$txt_comment_on.$row["datetime"]; if($admin) { echo " | Delete"; } echo "
"; echo nl2br(htmlentities($row["comment"]))."
"; echo "
"; }*/ } // logout ? /* if($logout) { set_cookie_val(""); header("Location: ".$SCRIPT_NAME); exit; } // logging in ? unset($user_row); if($startlogin) { $cmd="select * from ".$sTableUsers." where login='$user' and pass='$pass'"; $res = mysql_db_query($sDB,$cmd,$nConnection); if(!$res || mysql_num_rows($res)==0 ) $error_login=1; else { $logged=1; $user_row=mysql_fetch_array($res); set_cookie_val($user_row["cookieval"]); } } else if($LoginValue) { // login cookie present ? $cmd="select * from ".$sTableUsers." where cookieval='$LoginValue'"; $res = mysql_db_query($sDB,$cmd,$nConnection); if($res && mysql_num_rows($res)>0 ) { $logged=1; $user_row=mysql_fetch_array($res); } } $admin=($user_row["seclevel"]==999); // pic rating update ? if ($display&&$rating) { if (!already_rated($display) && ($rating>=1) && ($rating<=10)) { $cmd="insert into $sTableRatings (datetime, pic_name, ip, rating) values (now(), '$display', '".getenv("REMOTE_ADDR")."', $rating)"; mysql_db_query($sDB,$cmd,$nConnection); } else { $cmd="insert into $sTableRatings (datetime, pic_name, ip, rating) values (now(), '$display', '".getenv("REMOTE_ADDR")."', 10)"; mysql_db_query($sDB,$cmd,$nConnection); } } // pic description update ? if($updpic=="1"&&$admin) { $cmd="replace into $sTable values('$display','$dsc','$lev')"; mysql_db_query($sDB,$cmd,$nConnection); } // dir level update ? if($dirlevelchange&&$admin) { $cmd="replace into $sTable values('$dir','','$dirlevel')"; mysql_db_query($sDB,$cmd,$nConnection); } */ if($_REQUEST['dir']) $dir=reformat($_REQUEST['dir']); if($_REQUEST['display']) $display=reformat($_REQUEST['display']); if($_REQUEST['displaypic']) $displaypic=reformat($_REQUEST['displaypic']); if($_REQUEST['preview']) $preview=reformat($_REQUEST['preview']); if($_REQUEST['non_lr']) $non_lr=$_REQUEST['non_lr']; if($display) $dir=dirname($_REQUEST['display']); if(substr($_REQUEST['root_dir'],-1)!='/') $_REQUEST['root_dir'].='/'; if($dir && substr($dir,-1)!='/') $dir.='/'; // dir creation ? /* if($dircreate&&$admin) { mkdir($root_dir.$dir.$createdirname,0755); } // file uploaded ? if($admin&&$picupload&&$picuploadname!="none") { Exec("cp -f \"$picuploadname\" \"".$root_dir.$dir.$picuploadname_name."\""); Exec("chmod 755 \"".$root_dir.$dir.$picuploadname_name."\""); } // adding comment ? if($addingcomment && (trim($comment) || trim($user))) { $picname=reformat($picname); $cmd="insert into ".$sTableComments." values(0,'".addslashes($picname)."','$comment','".date("Y-m-d H:i:s")."','$user','$REMOTE_ADDR')"; mysql_db_query($sDB,$cmd,$nConnection); ?> =$lr_limit && !$non_lr) { // switch to lr_mode $lrdir=$root_dir.dirname($displaypic)."/.thumbs"; $lrfile=$lrdir."/lr_".basename($displaypic); if(!file_exists($lrfile)) { if(!is_dir($lrdir)) mkdir($lrdir,0755); convert_image($root_dir.$displaypic,$lrfile,$lr_res,$lr_quality); } readfile($lrfile); } else readfile($root_dir.$displaypic); exit; } if($_REQUEST['preview']) $preview = $_REQUEST['preview']; if($preview) { header("Content-type: image/jpeg"); $prdir=$root_dir.dirname($preview)."/.thumbs"; $prfile=$prdir."/thumb_".basename($preview); if(!file_exists($prfile)) { if(!is_dir($prdir)) mkdir($prdir,0755); convert_image($root_dir.$preview,$prfile,$thumb_res,$thumb_quality); } readfile($prfile); exit; } // random image? /* if($random) { $level=0; if($logged) $level=(int)$user_row["seclevel"]; $ok=0; srand ((double) microtime() * 1000000); exec('find '.$root_dir.' -type f -print | egrep -i "\.(jpg|jpeg|gif|png)$" | grep -v ".thumbs/"',$find_ar); $l=sizeof($find_ar); for($try=0;!$ok && $try<32;$try++) { $pickline=substr($find_ar[rand(0,$l)],strlen($root_dir)); $ok = (get_level($pickline)<=$level); } $display = $pickline; $dir = substr($display,0,strrpos($display,"/"))."/"; } */ // generate all thumbnails/low res /* if($genall&&$admin) { echo "Generating all missing thumbnails/low res pictures: (be patient)

"; flush(); $gen_lr=0; $gen_th=0; exec('find '.$root_dir.' -type f -print | egrep -i "\.(jpg|jpeg|gif|png)$" | grep -v ".thumbs/"',$find_ar); for($i=0;$find_ar[$i];$i++) { $pic=substr($find_ar[$i],strlen($root_dir)); $lrdir=$root_dir.dirname($pic)."/.thumbs"; if(!is_dir($lrdir)) mkdir($lrdir,0755); // low res check if(filesize($root_dir.$pic)>=$lr_limit) { $lrfile=$lrdir."/lr_".basename($pic); if(!file_exists($lrfile)) { echo "Generating low res picture for $pic
"; flush(); convert_image($root_dir.$pic,$lrfile,$lr_res,$lr_quality); $gen_lr++; } } // thumbnail check $prfile=$lrdir."/thumb_".basename($pic); if(!file_exists($prfile)) { echo "Generating thumbnail picture for $pic
"; flush(); convert_image($root_dir.$pic,$prfile,$thumb_res,$thumb_quality); $gen_th++; } } echo "
"; echo "Generated $gen_lr low res pictures and $gen_th thumbnails.
"; echo "Your library has ".sizeof($find_ar)." pictures.
"; exit; } // pic delete if($updpic=="del"&&$admin) { $cmd="delete from $sTable where name='$display'"; $db=mysql_db_query($sDB,$cmd,$nConnection); $cmd="delete from $sTableComments where pic_name='$display'"; $db=mysql_db_query($sDB,$cmd,$nConnection); $filename=$root_dir.$display; $thumbname=$root_dir.dirname($display)."/.thumbs/thumb_".basename($display); $lrname=$root_dir.dirname($display)."/.thumbs/lr_".basename($display); if (file_exists($filename))unlink($filename); if (file_exists($thumbname))unlink($thumbname); if (file_exists($lrname))unlink($lrname); //jump back to the directory after deleting the pic $dir=dirname($display); header("Location: ./?dir=$dir"); exit; } */ // test if display is video or sound if ($display) { if (($type = get_movie_type($display)) || ($type = get_sound_type($display)) || ($type = get_text_type($display))) { header("Content-type: ".$type); header("Content-Disposition: inline; filename=".basename($display)); readfile($root_dir.$display); return; } } ?>

"; ?>
Directory to create:
"; ?>
File to upload:
\n"; $id=reformat($id); ?>




Last added comments :
"; echo "
"; $cmd="select * from ".$sTableComments." order by datetime desc"; $res=mysql_db_query($sDB,$cmd,$nConnection); $i=0; if(!empty($res)) { while(($row=mysql_fetch_array($res)) && $i<20) { if(get_level($row["pic_name"])>(int)$user_row["seclevel"]) continue; echo ""; echo $row["datetime"]." by ".htmlentities($row["user"])." : "; $comment=get_comment($row["pic_name"]); if(trim($comment)=="") $comment=$row["pic_name"]; echo "".$comment.""; echo "
"; $i++; } } echo "
"; echo "Go back
"; echo "
"; include "footer.inc.php"; exit; } else if($topratings) { // display top ratings echo "Top ".$nb_top_rating." rated pictures :
"; echo "
"; $cmd="select *,avg(rating) as rat from ".$sTableRatings." group by pic_name order by rat desc"; $res=mysql_db_query($sDB,$cmd,$nConnection); $i=0; if(!empty($res)) { while(($row=mysql_fetch_array($res)) && $i<$nb_top_rating) { if(get_level($row["pic_name"])>(int)$user_row["seclevel"]) continue; echo "".($i+1).": "; $comment=get_comment($row["pic_name"]); if(trim($comment)=="") $comment=$row["pic_name"]; echo "".$comment.""; echo " (".sprintf("%.1f", $row["rat"]).")"; echo "
"; $i++; } } echo "
"; echo "Go back
"; echo "
"; include "footer.inc.php"; exit; } */ ?> (int)$user_row["seclevel"]) exit; // antihack :) // scan dir $nb_dirs=0; $nb_files=0; $dirs[0]=""; $files[0]=""; $dh=dir($root_dir.$dir); //$dh=dir($root_dir.$dir); while ($file=$dh->read()) { if(substr($file,0,1)==".") continue; // if(substr($file,-3)=="_lr") continue; // if(substr($file,-6)=="_thumb") continue; if(substr($file,-8)=="_comment") continue; if(is_dir($root_dir.$dir.$file)) { // directory if(get_level($dir.$file."/")<=(int)$user_row["seclevel"]) $dirs[$nb_dirs++]=$file; } else { // file if(get_level($dir.$file)<=(int)$user_row["seclevel"]) $files[$nb_files++]=$file; } } $dh->close(); sort($dirs); if (is_file($root_dir.$dir."/.desc")) rsort($files); else sort($files); ?>
".$txt_root_dir."/"; $alldirs=explode("/",$dir); $alldirtmp=""; for($i=0;$alldirs[$i];$i++) { $alldirtmp.=$alldirs[$i]."/"; if($alldirs[$i+1] || $display) echo ""; echo $alldirs[$i]; if($alldirs[$i+1] || $display) echo "/"; } echo "
"; ?>
create dir - upload - "; echo "gen all pics - "; } ?> logout -
".$dirs[$i]."
\n"; } ?> Directory security level: "; echo ""; echo ""; echo " "; } ?>
";
  system("cat \"".$root_dir.$dir.".welcome\"");
/*  exec("cat ".$root_dir.$dir.".welcome",$welcome);
  for($i=0;$i";
  echo "
"; // echo "
"; } */ ?> "; $comment=get_comment($dir.$files[$i]); if($comment=="") $comment=$files[$i]; echo ""; } if(!$startpic) $startpic=0; echo ""; echo "
".nl2br(htmlentities($comment)).""; if(($nbc=get_nb_comments($dir.$files[$i]))>0) { echo "
".$nbc." comments"; } if(($rtg=get_rating($dir.$files[$i]))!==false) { echo "

rating : ".sprintf("%.1f", $rtg).""; } echo "
"; for($i=$startpic;$i<$nb_files && $i<($startpic+$nb_pic_max);$i++) { echo ""; echo_pic($i); echo ""; } echo "
"; $startpic2=$i; for(;$i<$nb_files && $i<($startpic2+$nb_pic_max);$i++) { echo ""; echo_pic($i); echo ""; } echo "
"; echo "
"; if($startpic!=0) { $a=$startpic-($nb_pic_max*2); if($a<0) $a=0; echo "".$txt_previous_page." "; } if($i!=$nb_files) { echo "".$txt_next_page.""; } echo "
"; ?> "; echo ""; //$comment=get_comment($display); $comment = ""; //if($comment!="") echo nl2br(htmlentities($comment)); else echo basename($display); echo "
"; //if($i!=0) echo "".$txt_previous_image." "; //echo " (".($i+1)."/".$nb_files.") "; if(filesize($root_dir.$display)>=$lr_limit && !$non_lr) echo " ".$txt_hires_image." "; if(filesize($root_dir.$display)>=$lr_limit && $non_lr) echo " ".$txt_lores_image." "; if($files[$i+1]) echo "".$txt_next_image.""; echo "
"; /* if ($use_rating) { $pic_rating=get_rating($display); if ($pic_rating===false) echo $txt_no_rating; else echo $txt_pic_rating."".sprintf("%.1f", $pic_rating).""; echo "
"; if (!already_rated($display)) { $rate_url="?display=".rawurlencode($display); if (strpos($rate_url, "?")!==false) $rate_url.="&rating="; else $rate_url.="?rating="; echo ""; } } */ echo "

"; /* if($admin) { ?>


";
  system("cat \"".$root_dir.$display."_comment\"");
  echo "
"; } */ /*?>