Context Navigation

source: trunk/include/functions.inc.php @ 5306

Last change on this file since 5306 was 5306, checked in by patdenice, 14 years ago

feature 1502: bug corrected on guest setting page.
Remove $confdefault_theme from config file (useless).
Check if theme is still installed in pwg_get_themes.

Property svn:eol-style set to LF
Property svn:mergeinfo set to
/branches/2.0/include/functions.inc.php merged eligible

File size: 40.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	include_once( PHPWG_ROOT_PATH .'include/functions_user.inc.php' );
25	include_once( PHPWG_ROOT_PATH .'include/functions_cookie.inc.php' );
26	include_once( PHPWG_ROOT_PATH .'include/functions_session.inc.php' );
27	include_once( PHPWG_ROOT_PATH .'include/functions_category.inc.php' );
28	include_once( PHPWG_ROOT_PATH .'include/functions_xml.inc.php' );
29	include_once( PHPWG_ROOT_PATH .'include/functions_html.inc.php' );
30	include_once( PHPWG_ROOT_PATH .'include/functions_tag.inc.php' );
31	include_once( PHPWG_ROOT_PATH .'include/functions_url.inc.php' );
32	include_once( PHPWG_ROOT_PATH .'include/functions_plugins.inc.php' );
33
34	//----------------------------------------------------------- generic functions
35	function get_extra_fields($order_by_fields)
36	{
37	$fields = str_ireplace(array(' order by ', ' desc', ' asc'),
38	array('', '', ''),
39	$order_by_fields
40	);
41	if (!empty($fields))
42	{
43	$fields = ','.$fields;
44	}
45	return $fields;
46	}
47
48	// The function get_moment returns a float value coresponding to the number
49	// of seconds since the unix epoch (1st January 1970) and the microseconds
50	// are precised : e.g. 1052343429.89276600
51	function get_moment()
52	{
53	$t1 = explode( ' ', microtime() );
54	$t2 = explode( '.', $t1[0] );
55	$t2 = $t1[1].'.'.$t2[1];
56	return $t2;
57	}
58
59	// The function get_elapsed_time returns the number of seconds (with 3
60	// decimals precision) between the start time and the end time given.
61	function get_elapsed_time( $start, $end )
62	{
63	return number_format( $end - $start, 3, '.', ' ').' s';
64	}
65
66	// - The replace_space function replaces space and '-' characters
67	// by their HTML equivalent &nbsb; and −
68	// - The function does not replace characters in HTML tags
69	// - This function was created because IE5 does not respect the
70	// CSS "white-space: nowrap;" property unless space and minus
71	// characters are replaced like this function does.
72	// - Example :
73	// <div class="foo">My friend</div>
74	// ( 01234567891111111111222222222233 )
75	// ( 0123456789012345678901 )
76	// becomes :
77	// <div class="foo">My friend</div>
78	function replace_space( $string )
79	{
80	//return $string;
81	$return_string = '';
82	// $remaining is the rest of the string where to replace spaces characters
83	$remaining = $string;
84	// $start represents the position of the next '<' character
85	// $end represents the position of the next '>' character
86	; // -> 0
87	$end = strpos ( $remaining, '>' ); // -> 16
88	// as long as a '<' and his friend '>' are found, we loop
89	while ( ($start=strpos( $remaining, '<' )) !==false
90	and ($end=strpos( $remaining, '>' )) !== false )
91	{
92	// $treatment is the part of the string to treat
93	// In the first loop of our example, this variable is empty, but in the
94	// second loop, it equals 'My friend'
95	$treatment = substr ( $remaining, 0, $start );
96	// Replacement of ' ' by his equivalent ' '
97	$treatment = str_replace( ' ', ' ', $treatment );
98	$treatment = str_replace( '-', '−', $treatment );
99	// composing the string to return by adding the treated string and the
100	// following HTML tag -> 'My friend</div>'
101	$return_string.= $treatment.substr( $remaining, $start, $end-$start+1 );
102	// the remaining string is deplaced to the part after the '>' of this
103	// loop
104	$remaining = substr ( $remaining, $end + 1, strlen( $remaining ) );
105	}
106	$treatment = str_replace( ' ', ' ', $remaining );
107	$treatment = str_replace( '-', '−', $treatment );
108	$return_string.= $treatment;
109
110	return $return_string;
111	}
112
113	// get_extension returns the part of the string after the last "."
114	function get_extension( $filename )
115	{
116	return substr( strrchr( $filename, '.' ), 1, strlen ( $filename ) );
117	}
118
119	// get_filename_wo_extension returns the part of the string before the last
120	// ".".
121	// get_filename_wo_extension( 'test.tar.gz' ) -> 'test.tar'
122	function get_filename_wo_extension( $filename )
123	{
124	$pos = strrpos( $filename, '.' );
125	return ($pos===false) ? $filename : substr( $filename, 0, $pos);
126	}
127
128	/**
129	* returns an array contening sub-directories, excluding ".svn"
130	*
131	* @param string $dir
132	* @return array
133	*/
134	function get_dirs($directory)
135	{
136	$sub_dirs = array();
137	if ($opendir = opendir($directory))
138	{
139	while ($file = readdir($opendir))
140	{
141	if ($file != '.'
142	and $file != '..'
143	and is_dir($directory.'/'.$file)
144	and $file != '.svn')
145	{
146	array_push($sub_dirs, $file);
147	}
148	}
149	closedir($opendir);
150	}
151	return $sub_dirs;
152	}
153
154	define('MKGETDIR_NONE', 0);
155	define('MKGETDIR_RECURSIVE', 1);
156	define('MKGETDIR_DIE_ON_ERROR', 2);
157	define('MKGETDIR_PROTECT_INDEX', 4);
158	define('MKGETDIR_PROTECT_HTACCESS', 8);
159	define('MKGETDIR_DEFAULT', 7);
160	/**
161	* creates directory if not exists; ensures that directory is writable
162	* @param:
163	* string $dir
164	* int $flags combination of MKGETDIR_xxx
165	* @return bool false on error else true
166	*/
167	function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
168	{
169	if ( !is_dir($dir) )
170	{
171	$umask = umask(0);
172	$mkd = @mkdir($dir, 0755, ($flags&MKGETDIR_RECURSIVE) ? true:false );
173	umask($umask);
174	if ($mkd==false)
175	{
176	!($flags&MKGETDIR_DIE_ON_ERROR) or fatal_error( "$dir ".l10n('no write access'));
177	return false;
178	}
179	if( $flags&MKGETDIR_PROTECT_HTACCESS )
180	{
181	$file = $dir.'/.htaccess';
182	file_exists($file) or @file_put_contents( $file, 'deny from all' );
183	}
184	if( $flags&MKGETDIR_PROTECT_INDEX )
185	{
186	$file = $dir.'/index.htm';
187	file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
188	}
189	}
190	if ( !is_writable($dir) )
191	{
192	!($flags&MKGETDIR_DIE_ON_ERROR) or fatal_error( "$dir ".l10n('no write access'));
193	return false;
194	}
195	return true;
196	}
197
198	/**
199	* returns thumbnail directory name of input diretoty name
200	* make thumbnail directory is necessary
201	* set error messages on array messages
202	*
203	* @param:
204	* string $dirname
205	* arrayy $errors
206	* @return bool false on error else string directory name
207	*/
208	function mkget_thumbnail_dir($dirname, &$errors)
209	{
210	global $conf;
211
212	$tndir = $dirname.'/'.$conf['dir_thumbnail'];
213	if (! mkgetdir($tndir, MKGETDIR_NONE) )
214	{
215	array_push($errors,
216	'['.$dirname.'] : '.l10n('no write access'));
217	return false;
218	}
219	return $tndir;
220	}
221
222	/* Returns true if the string appears to be encoded in UTF-8. (from wordpress)
223	* @param string Str
224	*/
225	function seems_utf8($Str) { # by bmorel at ssi dot fr
226	for ($i=0; $i<strlen($Str); $i++) {
227	if (ord($Str[$i]) < 0x80) continue; # 0bbbbbbb
228	elseif ((ord($Str[$i]) & 0xE0) == 0xC0) $n=1; # 110bbbbb
229	elseif ((ord($Str[$i]) & 0xF0) == 0xE0) $n=2; # 1110bbbb
230	elseif ((ord($Str[$i]) & 0xF8) == 0xF0) $n=3; # 11110bbb
231	elseif ((ord($Str[$i]) & 0xFC) == 0xF8) $n=4; # 111110bb
232	elseif ((ord($Str[$i]) & 0xFE) == 0xFC) $n=5; # 1111110b
233	else return false; # Does not match any model
234	for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
235	if ((++$i == strlen($Str)) \|\| ((ord($Str[$i]) & 0xC0) != 0x80))
236	return false;
237	}
238	}
239	return true;
240	}
241
242	/* Remove accents from a UTF-8 or ISO-859-1 string (from wordpress)
243	* @param string sstring - an UTF-8 or ISO-8859-1 string
244	*/
245	function remove_accents($string)
246	{
247	if ( !preg_match('/[\x80-\xff]/', $string) )
248	return $string;
249
250	if (seems_utf8($string)) {
251	$chars = array(
252	// Decompositions for Latin-1 Supplement
253	chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
254	chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
255	chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
256	chr(195).chr(135) => 'C', chr(195).chr(136) => 'E',
257	chr(195).chr(137) => 'E', chr(195).chr(138) => 'E',
258	chr(195).chr(139) => 'E', chr(195).chr(140) => 'I',
259	chr(195).chr(141) => 'I', chr(195).chr(142) => 'I',
260	chr(195).chr(143) => 'I', chr(195).chr(145) => 'N',
261	chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
262	chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
263	chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
264	chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
265	chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
266	chr(195).chr(159) => 's', chr(195).chr(160) => 'a',
267	chr(195).chr(161) => 'a', chr(195).chr(162) => 'a',
268	chr(195).chr(163) => 'a', chr(195).chr(164) => 'a',
269	chr(195).chr(165) => 'a', chr(195).chr(167) => 'c',
270	chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
271	chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
272	chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
273	chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
274	chr(195).chr(177) => 'n', chr(195).chr(178) => 'o',
275	chr(195).chr(179) => 'o', chr(195).chr(180) => 'o',
276	chr(195).chr(181) => 'o', chr(195).chr(182) => 'o',
277	chr(195).chr(182) => 'o', chr(195).chr(185) => 'u',
278	chr(195).chr(186) => 'u', chr(195).chr(187) => 'u',
279	chr(195).chr(188) => 'u', chr(195).chr(189) => 'y',
280	chr(195).chr(191) => 'y',
281	// Decompositions for Latin Extended-A
282	chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
283	chr(196).chr(130) => 'A', chr(196).chr(131) => 'a',
284	chr(196).chr(132) => 'A', chr(196).chr(133) => 'a',
285	chr(196).chr(134) => 'C', chr(196).chr(135) => 'c',
286	chr(196).chr(136) => 'C', chr(196).chr(137) => 'c',
287	chr(196).chr(138) => 'C', chr(196).chr(139) => 'c',
288	chr(196).chr(140) => 'C', chr(196).chr(141) => 'c',
289	chr(196).chr(142) => 'D', chr(196).chr(143) => 'd',
290	chr(196).chr(144) => 'D', chr(196).chr(145) => 'd',
291	chr(196).chr(146) => 'E', chr(196).chr(147) => 'e',
292	chr(196).chr(148) => 'E', chr(196).chr(149) => 'e',
293	chr(196).chr(150) => 'E', chr(196).chr(151) => 'e',
294	chr(196).chr(152) => 'E', chr(196).chr(153) => 'e',
295	chr(196).chr(154) => 'E', chr(196).chr(155) => 'e',
296	chr(196).chr(156) => 'G', chr(196).chr(157) => 'g',
297	chr(196).chr(158) => 'G', chr(196).chr(159) => 'g',
298	chr(196).chr(160) => 'G', chr(196).chr(161) => 'g',
299	chr(196).chr(162) => 'G', chr(196).chr(163) => 'g',
300	chr(196).chr(164) => 'H', chr(196).chr(165) => 'h',
301	chr(196).chr(166) => 'H', chr(196).chr(167) => 'h',
302	chr(196).chr(168) => 'I', chr(196).chr(169) => 'i',
303	chr(196).chr(170) => 'I', chr(196).chr(171) => 'i',
304	chr(196).chr(172) => 'I', chr(196).chr(173) => 'i',
305	chr(196).chr(174) => 'I', chr(196).chr(175) => 'i',
306	chr(196).chr(176) => 'I', chr(196).chr(177) => 'i',
307	chr(196).chr(178) => 'IJ',chr(196).chr(179) => 'ij',
308	chr(196).chr(180) => 'J', chr(196).chr(181) => 'j',
309	chr(196).chr(182) => 'K', chr(196).chr(183) => 'k',
310	chr(196).chr(184) => 'k', chr(196).chr(185) => 'L',
311	chr(196).chr(186) => 'l', chr(196).chr(187) => 'L',
312	chr(196).chr(188) => 'l', chr(196).chr(189) => 'L',
313	chr(196).chr(190) => 'l', chr(196).chr(191) => 'L',
314	chr(197).chr(128) => 'l', chr(197).chr(129) => 'L',
315	chr(197).chr(130) => 'l', chr(197).chr(131) => 'N',
316	chr(197).chr(132) => 'n', chr(197).chr(133) => 'N',
317	chr(197).chr(134) => 'n', chr(197).chr(135) => 'N',
318	chr(197).chr(136) => 'n', chr(197).chr(137) => 'N',
319	chr(197).chr(138) => 'n', chr(197).chr(139) => 'N',
320	chr(197).chr(140) => 'O', chr(197).chr(141) => 'o',
321	chr(197).chr(142) => 'O', chr(197).chr(143) => 'o',
322	chr(197).chr(144) => 'O', chr(197).chr(145) => 'o',
323	chr(197).chr(146) => 'OE',chr(197).chr(147) => 'oe',
324	chr(197).chr(148) => 'R',chr(197).chr(149) => 'r',
325	chr(197).chr(150) => 'R',chr(197).chr(151) => 'r',
326	chr(197).chr(152) => 'R',chr(197).chr(153) => 'r',
327	chr(197).chr(154) => 'S',chr(197).chr(155) => 's',
328	chr(197).chr(156) => 'S',chr(197).chr(157) => 's',
329	chr(197).chr(158) => 'S',chr(197).chr(159) => 's',
330	chr(197).chr(160) => 'S', chr(197).chr(161) => 's',
331	chr(197).chr(162) => 'T', chr(197).chr(163) => 't',
332	chr(197).chr(164) => 'T', chr(197).chr(165) => 't',
333	chr(197).chr(166) => 'T', chr(197).chr(167) => 't',
334	chr(197).chr(168) => 'U', chr(197).chr(169) => 'u',
335	chr(197).chr(170) => 'U', chr(197).chr(171) => 'u',
336	chr(197).chr(172) => 'U', chr(197).chr(173) => 'u',
337	chr(197).chr(174) => 'U', chr(197).chr(175) => 'u',
338	chr(197).chr(176) => 'U', chr(197).chr(177) => 'u',
339	chr(197).chr(178) => 'U', chr(197).chr(179) => 'u',
340	chr(197).chr(180) => 'W', chr(197).chr(181) => 'w',
341	chr(197).chr(182) => 'Y', chr(197).chr(183) => 'y',
342	chr(197).chr(184) => 'Y', chr(197).chr(185) => 'Z',
343	chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
344	chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
345	chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
346	// Euro Sign
347	chr(226).chr(130).chr(172) => 'E',
348	// GBP (Pound) Sign
349	chr(194).chr(163) => '');
350
351	$string = strtr($string, $chars);
352	} else {
353	// Assume ISO-8859-1 if not UTF-8
354	$chars['in'] = chr(128).chr(131).chr(138).chr(142).chr(154).chr(158)
355	.chr(159).chr(162).chr(165).chr(181).chr(192).chr(193).chr(194)
356	.chr(195).chr(196).chr(197).chr(199).chr(200).chr(201).chr(202)
357	.chr(203).chr(204).chr(205).chr(206).chr(207).chr(209).chr(210)
358	.chr(211).chr(212).chr(213).chr(214).chr(216).chr(217).chr(218)
359	.chr(219).chr(220).chr(221).chr(224).chr(225).chr(226).chr(227)
360	.chr(228).chr(229).chr(231).chr(232).chr(233).chr(234).chr(235)
361	.chr(236).chr(237).chr(238).chr(239).chr(241).chr(242).chr(243)
362	.chr(244).chr(245).chr(246).chr(248).chr(249).chr(250).chr(251)
363	.chr(252).chr(253).chr(255);
364
365	$chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
366
367	$string = strtr($string, $chars['in'], $chars['out']);
368	$double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
369	$double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
370	$string = str_replace($double_chars['in'], $double_chars['out'], $string);
371	}
372
373	return $string;
374	}
375
376	/**
377	* simplify a string to insert it into an URL
378	*
379	* @param string
380	* @return string
381	*/
382	function str2url($str)
383	{
384	$str = remove_accents($str);
385	$str = preg_replace('/[^a-z0-9_\s\'\:\/\[\],-]/','',strtolower($str));
386	$str = preg_replace('/[\s\'\:\/\[\],-]+/',' ',trim($str));
387	$res = str_replace(' ','_',$str);
388
389	return $res;
390	}
391
392	//-------------------------------------------- Piwigo specific functions
393
394	/**
395	* returns an array with a list of {language_code => language_name}
396	*
397	* @returns array
398	*/
399	function get_languages($target_charset = null)
400	{
401	if ( empty($target_charset) )
402	{
403	$target_charset = get_pwg_charset();
404	}
405	$target_charset = strtolower($target_charset);
406
407	$dir = opendir(PHPWG_ROOT_PATH.'language');
408	$languages = array();
409
410	while ($file = readdir($dir))
411	{
412	$path = PHPWG_ROOT_PATH.'language/'.$file;
413	if (!is_link($path) and is_dir($path) and file_exists($path.'/iso.txt'))
414	{
415	list($language_name) = @file($path.'/iso.txt');
416
417	$languages[$file] = convert_charset($language_name, $target_charset);
418	}
419	}
420	closedir($dir);
421	@asort($languages);
422
423	return $languages;
424	}
425
426	function pwg_log($image_id = null, $image_type = null)
427	{
428	global $conf, $user, $page;
429
430	$do_log = $conf['log'];
431	if (is_admin())
432	{
433	$do_log = $conf['history_admin'];
434	}
435	if (is_a_guest())
436	{
437	$do_log = $conf['history_guest'];
438	}
439
440	$do_log = trigger_event('pwg_log_allowed', $do_log, $image_id, $image_type);
441
442	if (!$do_log)
443	{
444	return false;
445	}
446
447	$tags_string = null;
448	if ('tags'==@$page['section'])
449	{
450	$tags_string = implode(',', $page['tag_ids']);
451	}
452
453	$query = '
454	INSERT INTO '.HISTORY_TABLE.'
455	(
456	date,
457	time,
458	user_id,
459	IP,
460	section,
461	category_id,
462	image_id,
463	image_type,
464	tag_ids
465	)
466	VALUES
467	(
468	CURRENT_DATE,
469	CURRENT_TIME,
470	'.$user['id'].',
471	\''.$_SERVER['REMOTE_ADDR'].'\',
472	'.(isset($page['section']) ? "'".$page['section']."'" : 'NULL').',
473	'.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').',
474	'.(isset($image_id) ? $image_id : 'NULL').',
475	'.(isset($image_type) ? "'".$image_type."'" : 'NULL').',
476	'.(isset($tags_string) ? "'".$tags_string."'" : 'NULL').'
477	)
478	;';
479	pwg_query($query);
480
481	return true;
482	}
483
484	// format_date returns a formatted date for display. The date given in
485	// argument must be an american format (2003-09-15). By option, you can show the time.
486	// The output is internationalized.
487	//
488	// format_date( "2003-09-15", true ) -> "Monday 15 September 2003 21:52"
489	function format_date($date, $show_time = false)
490	{
491	global $lang;
492
493	if (strpos($date, '0') == 0)
494	{
495	return l10n('N/A');
496	}
497
498	$ymdhms = array();
499	$tok = strtok( $date, '- :');
500	while ($tok !== false)
501	{
502	$ymdhms[] = $tok;
503	$tok = strtok('- :');
504	}
505
506	if ( count($ymdhms)<3 )
507	{
508	return false;
509	}
510
511	$formated_date = '';
512	// before 1970, Microsoft Windows can't mktime
513	if ($ymdhms[0] >= 1970)
514	{
515	// we ask midday because Windows think it's prior to midnight with a
516	// zero and refuse to work
517	$formated_date.= $lang['day'][date('w', mktime(12,0,0,$ymdhms[1],$ymdhms[2],$ymdhms[0]))];
518	}
519	$formated_date.= ' '.$ymdhms[2];
520	$formated_date.= ' '.$lang['month'][(int)$ymdhms[1]];
521	$formated_date.= ' '.$ymdhms[0];
522	if ($show_time and count($ymdhms)>=5 )
523	{
524	$formated_date.= ' '.$ymdhms[3].':'.$ymdhms[4];
525	}
526	return $formated_date;
527	}
528
529	function pwg_debug( $string )
530	{
531	global $debug,$t2,$page;
532
533	$now = explode( ' ', microtime() );
534	$now2 = explode( '.', $now[0] );
535	$now2 = $now[1].'.'.$now2[1];
536	$time = number_format( $now2 - $t2, 3, '.', ' ').' s';
537	$debug .= '<p>';
538	$debug.= '['.$time.', ';
539	$debug.= $page['count_queries'].' queries] : '.$string;
540	$debug.= "</p>\n";
541	}
542
543	/**
544	* Redirects to the given URL (HTTP method)
545	*
546	* Note : once this function called, the execution doesn't go further
547	* (presence of an exit() instruction.
548	*
549	* @param string $url
550	* @return void
551	*/
552	function redirect_http( $url )
553	{
554	if (ob_get_length () !== FALSE)
555	{
556	ob_clean();
557	}
558	// default url is on html format
559	$url = html_entity_decode($url);
560	header('Request-URI: '.$url);
561	header('Content-Location: '.$url);
562	header('Location: '.$url);
563	exit();
564	}
565
566	/**
567	* Redirects to the given URL (HTML method)
568	*
569	* Note : once this function called, the execution doesn't go further
570	* (presence of an exit() instruction.
571	*
572	* @param string $url
573	* @param string $title_msg
574	* @param integer $refreh_time
575	* @return void
576	*/
577	function redirect_html( $url , $msg = '', $refresh_time = 0)
578	{
579	global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
580
581	if (!isset($lang_info))
582	{
583	$user = build_user( $conf['guest_id'], true);
584	load_language('common.lang');
585	trigger_action('loading_lang');
586	load_language('lang', PHPWG_ROOT_PATH.'local/', array('no_fallback'=>true, 'local'=>true) );
587	$template = new Template(PHPWG_ROOT_PATH.'themes', get_default_theme());
588	}
589	else
590	{
591	$template = new Template(PHPWG_ROOT_PATH.'themes', $user['theme']);
592	}
593
594	if (empty($msg))
595	{
596	$msg = nl2br(l10n('Redirection...'));
597	}
598
599	$refresh = $refresh_time;
600	$url_link = $url;
601	$title = 'redirection';
602
603	$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
604
605	include( PHPWG_ROOT_PATH.'include/page_header.php' );
606
607	$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
608	$template->assign('REDIRECT_MSG', $msg);
609
610	$template->parse('redirect');
611
612	include( PHPWG_ROOT_PATH.'include/page_tail.php' );
613
614	exit();
615	}
616
617	/**
618	* Redirects to the given URL (Switch to HTTP method or HTML method)
619	*
620	* Note : once this function called, the execution doesn't go further
621	* (presence of an exit() instruction.
622	*
623	* @param string $url
624	* @param string $title_msg
625	* @param integer $refreh_time
626	* @return void
627	*/
628	function redirect( $url , $msg = '', $refresh_time = 0)
629	{
630	global $conf;
631
632	// with RefeshTime <> 0, only html must be used
633	if ($conf['default_redirect_method']=='http'
634	and $refresh_time==0
635	and !headers_sent()
636	)
637	{
638	redirect_http($url);
639	}
640	else
641	{
642	redirect_html($url, $msg, $refresh_time);
643	}
644	}
645
646	/**
647	* returns $_SERVER['QUERY_STRING'] whitout keys given in parameters
648	*
649	* @param array $rejects
650	* @param boolean $escape - if true escape & to & (for html)
651	* @returns string
652	*/
653	function get_query_string_diff($rejects=array(), $escape=true)
654	{
655	$query_string = '';
656
657	$str = $_SERVER['QUERY_STRING'];
658	parse_str($str, $vars);
659
660	$is_first = true;
661	foreach ($vars as $key => $value)
662	{
663	if (!in_array($key, $rejects))
664	{
665	$query_string.= $is_first ? '?' : ($escape ? '&' : '&' );
666	$is_first = false;
667	$query_string.= $key.'='.$value;
668	}
669	}
670
671	return $query_string;
672	}
673
674	function url_is_remote($url)
675	{
676	if ( strncmp($url, 'http://', 7)==0
677	or strncmp($url, 'https://', 8)==0 )
678	{
679	return true;
680	}
681	return false;
682	}
683
684	/**
685	* returns available themes
686	*/
687	function get_pwg_themes()
688	{
689	global $conf;
690
691	$themes = array();
692
693	$query = '
694	SELECT
695	id,
696	name
697	FROM '.THEMES_TABLE.'
698	ORDER BY name ASC
699	;';
700	$result = pwg_query($query);
701	while ($row = pwg_db_fetch_assoc($result))
702	{
703	if (file_exists($conf['themes_dir'].'/'.$row['name'].'/'.'themeconf.inc.php'))
704	{
705	$themes[ $row['id'] ] = $row['name'];
706	}
707	}
708
709	// plugins want remove some themes based on user status maybe?
710	$themes = trigger_event('get_pwg_themes', $themes);
711
712	return $themes;
713	}
714
715	/* Returns the PATH to the thumbnail to be displayed. If the element does not
716	* have a thumbnail, the default mime image path is returned. The PATH can be
717	* used in the php script, but not sent to the browser.
718	* @param array element_info assoc array containing element info from db
719	* at least 'path', 'tn_ext' and 'id' should be present
720	*/
721	function get_thumbnail_path($element_info)
722	{
723	$path = get_thumbnail_location($element_info);
724	if ( !url_is_remote($path) )
725	{
726	$path = PHPWG_ROOT_PATH.$path;
727	}
728	return $path;
729	}
730
731	/* Returns the URL of the thumbnail to be displayed. If the element does not
732	* have a thumbnail, the default mime image url is returned. The URL can be
733	* sent to the browser, but not used in the php script.
734	* @param array element_info assoc array containing element info from db
735	* at least 'path', 'tn_ext' and 'id' should be present
736	*/
737	function get_thumbnail_url($element_info)
738	{
739	$path = get_thumbnail_location($element_info);
740	if ( !url_is_remote($path) )
741	{
742	$path = embellish_url(get_root_url().$path);
743	}
744
745	// plugins want another url ?
746	$path = trigger_event('get_thumbnail_url', $path, $element_info);
747	return $path;
748	}
749
750	/* returns the relative path of the thumnail with regards to to the root
751	of piwigo (not the current page!).This function is not intended to be
752	called directly from code.*/
753	function get_thumbnail_location($element_info)
754	{
755	global $conf;
756	if ( !empty( $element_info['tn_ext'] ) )
757	{
758	$path = substr_replace(
759	get_filename_wo_extension($element_info['path']),
760	'/'.$conf['dir_thumbnail'].'/'.$conf['prefix_thumbnail'],
761	strrpos($element_info['path'],'/'),
762	1
763	);
764	$path.= '.'.$element_info['tn_ext'];
765	}
766	else
767	{
768	$path = get_themeconf('mime_icon_dir')
769	.strtolower(get_extension($element_info['path'])).'.png';
770	}
771
772	// plugins want another location ?
773	$path = trigger_event( 'get_thumbnail_location', $path, $element_info);
774	return $path;
775	}
776
777	/* returns the title of the thumnail */
778	function get_thumbnail_title($element_info)
779	{
780	// message in title for the thumbnail
781	if (isset($element_info['file']))
782	{
783	$thumbnail_title = $element_info['file'];
784	}
785	else
786	{
787	$thumbnail_title = '';
788	}
789
790	if (!empty($element_info['filesize']))
791	{
792	$thumbnail_title .= ' : '.sprintf(l10n('%d Kb'), $element_info['filesize']);
793	}
794
795	return $thumbnail_title;
796	}
797
798	/**
799	* fill the current user caddie with given elements, if not already in
800	* caddie
801	*
802	* @param array elements_id
803	*/
804	function fill_caddie($elements_id)
805	{
806	global $user;
807
808	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
809
810	$query = '
811	SELECT element_id
812	FROM '.CADDIE_TABLE.'
813	WHERE user_id = '.$user['id'].'
814	;';
815	$in_caddie = array_from_query($query, 'element_id');
816
817	$caddiables = array_diff($elements_id, $in_caddie);
818
819	$datas = array();
820
821	foreach ($caddiables as $caddiable)
822	{
823	array_push($datas, array('element_id' => $caddiable,
824	'user_id' => $user['id']));
825	}
826
827	if (count($caddiables) > 0)
828	{
829	mass_inserts(CADDIE_TABLE, array('element_id','user_id'), $datas);
830	}
831	}
832
833	/**
834	* returns the element name from its filename
835	*
836	* @param string filename
837	* @return string name
838	*/
839	function get_name_from_file($filename)
840	{
841	return str_replace('_',' ',get_filename_wo_extension($filename));
842	}
843
844	/**
845	* returns the corresponding value from $lang if existing. Else, the key is
846	* returned
847	*
848	* @param string key
849	* @return string
850	*/
851	function l10n($key, $textdomain='messages')
852	{
853	global $lang, $conf;
854
855	if ($conf['debug_l10n'] and !isset($lang[$key]) and !empty($key))
856	{
857	trigger_error('[l10n] language key "'.$key.'" is not defined', E_USER_WARNING);
858	}
859
860	return isset($lang[$key]) ? $lang[$key] : $key;
861	}
862
863	/**
864	* returns the prinft value for strings including %d
865	* return is concorded with decimal value (singular, plural)
866	*
867	* @param singular string key
868	* @param plural string key
869	* @param decimal value
870	* @return string
871	*/
872	function l10n_dec($singular_fmt_key, $plural_fmt_key, $decimal)
873	{
874	global $lang_info;
875
876	return
877	sprintf(
878	l10n((
879	(($decimal > 1) or ($decimal == 0 and $lang_info['zero_plural']))
880	? $plural_fmt_key
881	: $singular_fmt_key
882	)), $decimal);
883	}
884
885	/*
886	* returns a single element to use with l10n_args
887	*
888	* @param string key: translation key
889	* @param array/string/../number args:
890	* arguments to use on sprintf($key, args)
891	* if args is a array, each values are used on sprintf
892	* @return string
893	*/
894	function get_l10n_args($key, $args)
895	{
896	if (is_array($args))
897	{
898	$key_arg = array_merge(array($key), $args);
899	}
900	else
901	{
902	$key_arg = array($key, $args);
903	}
904	return array('key_args' => $key_arg);
905	}
906
907	/*
908	* returns a string with formated with l10n_args elements
909	*
910	* @param element/array $key_args: element or array of l10n_args elements
911	* @param $sep: if $key_args is array,
912	* separator is used when translated l10n_args elements are concated
913	* @return string
914	*/
915	function l10n_args($key_args, $sep = "\n")
916	{
917	if (is_array($key_args))
918	{
919	foreach ($key_args as $key => $element)
920	{
921	if (isset($result))
922	{
923	$result .= $sep;
924	}
925	else
926	{
927	$result = '';
928	}
929
930	if ($key === 'key_args')
931	{
932	array_unshift($element, l10n(array_shift($element)));
933	$result .= call_user_func_array('sprintf', $element);
934	}
935	else
936	{
937	$result .= l10n_args($element, $sep);
938	}
939	}
940	}
941	else
942	{
943	fatal_error('l10n_args: Invalid arguments');
944	}
945
946	return $result;
947	}
948
949	/**
950	* returns the corresponding value from $themeconf if existing. Else, the
951	* key is returned
952	*
953	* @param string key
954	* @return string
955	*/
956	function get_themeconf($key)
957	{
958	global $template;
959
960	return $template->get_themeconf($key);
961	}
962
963	/**
964	* Returns webmaster mail address depending on $conf['webmaster_id']
965	*
966	* @return string
967	*/
968	function get_webmaster_mail_address()
969	{
970	global $conf;
971
972	$query = '
973	SELECT '.$conf['user_fields']['email'].'
974	FROM '.USERS_TABLE.'
975	WHERE '.$conf['user_fields']['id'].' = '.$conf['webmaster_id'].'
976	;';
977	list($email) = pwg_db_fetch_row(pwg_query($query));
978
979	return $email;
980	}
981
982	/**
983	* Add configuration parameters from database to global $conf array
984	*
985	* @return void
986	*/
987	function load_conf_from_db($condition = '')
988	{
989	global $conf;
990
991	$query = '
992	SELECT param, value
993	FROM '.CONFIG_TABLE.'
994	'.(!empty($condition) ? 'WHERE '.$condition : '').'
995	;';
996	$result = pwg_query($query);
997
998	if ((pwg_db_num_rows($result) == 0) and !empty($condition))
999	{
1000	fatal_error('No configuration data');
1001	}
1002
1003	while ($row = pwg_db_fetch_assoc($result))
1004	{
1005	$conf[ $row['param'] ] = isset($row['value']) ? $row['value'] : '';
1006
1007	// If the field is true or false, the variable is transformed into a
1008	// boolean value.
1009	if ($conf[$row['param']] == 'true' or $conf[$row['param']] == 'false')
1010	{
1011	$conf[ $row['param'] ] = get_boolean($conf[ $row['param'] ]);
1012	}
1013	}
1014	}
1015
1016	function conf_update_param($param, $value)
1017	{
1018	$query = '
1019	DELETE
1020	FROM '.CONFIG_TABLE.'
1021	WHERE param = "'.$param.'"
1022	;';
1023	pwg_query($query);
1024
1025	$query = '
1026	INSERT
1027	INTO '.CONFIG_TABLE.'
1028	SET param = "'.$param.'"
1029	, value = "'.$value.'"
1030	;';
1031	pwg_query($query);
1032	}
1033
1034	/**
1035	* Prepends and appends a string at each value of the given array.
1036	*
1037	* @param array
1038	* @param string prefix to each array values
1039	* @param string suffix to each array values
1040	*/
1041	function prepend_append_array_items($array, $prepend_str, $append_str)
1042	{
1043	array_walk(
1044	$array,
1045	create_function('&$s', '$s = "'.$prepend_str.'".$s."'.$append_str.'";')
1046	);
1047
1048	return $array;
1049	}
1050
1051	/**
1052	* creates an hashed based on a query, this function is a very common
1053	* pattern used here. Among the selected columns fetched, choose one to be
1054	* the key, another one to be the value.
1055	*
1056	* @param string $query
1057	* @param string $keyname
1058	* @param string $valuename
1059	* @return array
1060	*/
1061	function simple_hash_from_query($query, $keyname, $valuename)
1062	{
1063	$array = array();
1064
1065	$result = pwg_query($query);
1066	while ($row = pwg_db_fetch_assoc($result))
1067	{
1068	$array[ $row[$keyname] ] = $row[$valuename];
1069	}
1070
1071	return $array;
1072	}
1073
1074	/**
1075	* creates an hashed based on a query, this function is a very common
1076	* pattern used here. The key is given as parameter, the value is an associative
1077	* array.
1078	*
1079	* @param string $query
1080	* @param string $keyname
1081	* @return array
1082	*/
1083	function hash_from_query($query, $keyname)
1084	{
1085	$array = array();
1086	$result = pwg_query($query);
1087	while ($row = pwg_db_fetch_assoc($result))
1088	{
1089	$array[ $row[$keyname] ] = $row;
1090	}
1091	return $array;
1092	}
1093
1094	/**
1095	* Return basename of the current script
1096	* Lower case convertion is applied on return value
1097	* Return value is without file extention ".php"
1098	*
1099	* @param void
1100	*
1101	* @return script basename
1102	*/
1103	function script_basename()
1104	{
1105	global $conf;
1106
1107	foreach (array('SCRIPT_NAME', 'SCRIPT_FILENAME', 'PHP_SELF') as $value)
1108	{
1109	if (!empty($_SERVER[$value]))
1110	{
1111	$filename = strtolower($_SERVER[$value]);
1112	if ($conf['php_extension_in_urls'] and get_extension($filename)!=='php')
1113	continue;
1114	$basename = basename($filename, '.php');
1115	if (!empty($basename))
1116	{
1117	return $basename;
1118	}
1119	}
1120	}
1121	return '';
1122	}
1123
1124	/**
1125	* Return value for the current page define on $conf['filter_pages']
1126	* Îf value is not defined, default value are returned
1127	*
1128	* @param value name
1129	*
1130	* @return filter page value
1131	*/
1132	function get_filter_page_value($value_name)
1133	{
1134	global $conf;
1135
1136	$page_name = script_basename();
1137
1138	if (isset($conf['filter_pages'][$page_name][$value_name]))
1139	{
1140	return $conf['filter_pages'][$page_name][$value_name];
1141	}
1142	else if (isset($conf['filter_pages']['default'][$value_name]))
1143	{
1144	return $conf['filter_pages']['default'][$value_name];
1145	}
1146	else
1147	{
1148	return null;
1149	}
1150	}
1151
1152	/**
1153	* returns the character set of data sent to browsers / received from forms
1154	*/
1155	function get_pwg_charset()
1156	{
1157	defined('PWG_CHARSET') or fatal_error('PWG_CHARSET undefined');
1158	return PWG_CHARSET;
1159	}
1160
1161	/**
1162	* includes a language file or returns the content of a language file
1163	* availability of the file
1164	*
1165	* in descending order of preference:
1166	* param language, user language, default language
1167	* Piwigo default language.
1168	*
1169	* @param string filename
1170	* @param string dirname
1171	* @param mixed options can contain
1172	* language - language to load (if empty uses user language)
1173	* return - if true the file content is returned otherwise the file is evaluated as php
1174	* target_charset -
1175	* no_fallback - the language must be respected
1176	* local - if true, get local language file
1177	* @return boolean success status or a string if options['return'] is true
1178	*/
1179	function load_language($filename, $dirname = '',
1180	$options = array() )
1181	{
1182	global $user;
1183
1184	if (! @$options['return'] )
1185	{
1186	$filename .= '.php'; //MAYBE to do .. load .po and .mo localization files
1187	}
1188	if (empty($dirname))
1189	{
1190	$dirname = PHPWG_ROOT_PATH;
1191	}
1192	$dirname .= 'language/';
1193
1194	$languages = array();
1195	if ( !empty($options['language']) )
1196	{
1197	$languages[] = $options['language'];
1198	}
1199	if ( !empty($user['language']) )
1200	{
1201	$languages[] = $user['language'];
1202	}
1203	if ( ! @$options['no_fallback'] )
1204	{
1205	if ( defined('PHPWG_INSTALLED') )
1206	{
1207	$languages[] = get_default_language();
1208	}
1209	$languages[] = PHPWG_DEFAULT_LANGUAGE;
1210	}
1211
1212	$languages = array_unique($languages);
1213
1214	if ( empty($options['target_charset']) )
1215	{
1216	$target_charset = get_pwg_charset();
1217	}
1218	else
1219	{
1220	$target_charset = $options['target_charset'];
1221	}
1222	$target_charset = strtolower($target_charset);
1223	$source_file = '';
1224	foreach ($languages as $language)
1225	{
1226	$f = @$options['local'] ?
1227	$dirname.$language.'.'.$filename:
1228	$dirname.$language.'/'.$filename;
1229
1230	if (file_exists($f))
1231	{
1232	$source_file = $f;
1233	break;
1234	}
1235	}
1236
1237	if ( !empty($source_file) )
1238	{
1239	if (! @$options['return'] )
1240	{
1241	@include($source_file);
1242	$load_lang = @$lang;
1243	$load_lang_info = @$lang_info;
1244
1245	global $lang, $lang_info;
1246	if ( !isset($lang) ) $lang=array();
1247	if ( !isset($lang_info) ) $lang_info=array();
1248
1249	if ( 'utf-8'!=$target_charset)
1250	{
1251	if ( is_array($load_lang) )
1252	{
1253	foreach ($load_lang as $k => $v)
1254	{
1255	if ( is_array($v) )
1256	{
1257	$func = create_function('$v', 'return convert_charset($v, "'.$target_charset.'");' );
1258	$lang[$k] = array_map($func, $v);
1259	}
1260	else
1261	$lang[$k] = convert_charset($v, $target_charset);
1262	}
1263	}
1264	if ( is_array($load_lang_info) )
1265	{
1266	foreach ($load_lang_info as $k => $v)
1267	{
1268	$lang_info[$k] = convert_charset($v, $target_charset);
1269	}
1270	}
1271	}
1272	else
1273	{
1274	$lang = array_merge( $lang, (array)$load_lang );
1275	$lang_info = array_merge( $lang_info, (array)$load_lang_info );
1276	}
1277	return true;
1278	}
1279	else
1280	{
1281	$content = @file_get_contents($source_file);
1282	$content = convert_charset($content, $target_charset);
1283	return $content;
1284	}
1285	}
1286	return false;
1287	}
1288
1289	/**
1290	* converts a string from utf-8 character set to another character set
1291	* @param string str the string to be converted
1292	* @param string dest_charset the destination character set
1293	*/
1294	function convert_charset($str, $dest_charset)
1295	{
1296	if ($dest_charset=='utf-8')
1297	{
1298	return $str;
1299	}
1300	if ($dest_charset=='iso-8859-1')
1301	{
1302	return utf8_decode($str);
1303	}
1304	if (function_exists('iconv'))
1305	{
1306	return iconv('utf-8', $dest_charset, $str);
1307	}
1308	if (function_exists('mb_convert_encoding'))
1309	{
1310	return mb_convert_encoding( $str, $dest_charset, 'utf-8' );
1311	}
1312	return $str; //???
1313	}
1314
1315	/**
1316	* makes sure a index.htm protects the directory from browser file listing
1317	*
1318	* @param string dir directory
1319	*/
1320	function secure_directory($dir)
1321	{
1322	$file = $dir.'/index.htm';
1323	if (!file_exists($file))
1324	{
1325	@file_put_contents($file, 'Not allowed!');
1326	}
1327	}
1328
1329	/**
1330	* returns a "secret key" that is to be sent back when a user enters a comment
1331	*
1332	* @param int image_id
1333	*/
1334	function get_comment_post_key($image_id)
1335	{
1336	global $conf;
1337
1338	$time = time();
1339
1340	return sprintf(
1341	'%s:%s',
1342	$time,
1343	hash_hmac(
1344	'md5',
1345	$time.':'.$image_id,
1346	$conf['secret_key']
1347	)
1348	);
1349	}
1350
1351	/**
1352	* return an array which will be sent to template to display navigation bar
1353	*/
1354	function create_navigation_bar($url, $nb_element, $start, $nb_element_page, $clean_url = false)
1355	{
1356	global $conf;
1357
1358	$navbar = array();
1359	$pages_around = $conf['paginate_pages_around'];
1360	$start_str = $clean_url ? '/start-' : (strpos($url, '?')===false ? '?':'&').'start=';
1361
1362	if (!isset($start) or !is_numeric($start) or (is_numeric($start) and $start < 0))
1363	{
1364	$start = 0;
1365	}
1366
1367	// navigation bar useful only if more than one page to display !
1368	if ($nb_element > $nb_element_page)
1369	{
1370	$cur_page = ceil($start / $nb_element_page) + 1;
1371	$maximum = ceil($nb_element / $nb_element_page);
1372	$previous = $start - $nb_element_page;
1373	$next = $start + $nb_element_page;
1374	$last = ($maximum - 1) * $nb_element_page;
1375
1376	$navbar['CURRENT_PAGE'] = $cur_page;
1377
1378	// link to first page and previous page?
1379	if ($cur_page != 1)
1380	{
1381	$navbar['URL_FIRST'] = $url;
1382	$navbar['URL_PREV'] = $url.($previous > 0 ? $start_str.$previous : '');
1383	}
1384	// link on next page and last page?
1385	if ($cur_page != $maximum)
1386	{
1387	$navbar['URL_NEXT'] = $url.$start_str.$next;
1388	$navbar['URL_LAST'] = $url.$start_str.$last;
1389	}
1390
1391	// pages to display
1392	$navbar['pages'] = array();
1393	$navbar['pages'][1] = $url;
1394	$navbar['pages'][$maximum] = $url.$start_str.$last;
1395
1396	for ($i = max($cur_page - $pages_around , 2), $stop = min($cur_page + $pages_around + 1, $maximum);
1397	$i < $stop; $i++)
1398	{
1399	$navbar['pages'][$i] = $url.$start_str.(($i - 1) * $nb_element_page);
1400	}
1401	ksort($navbar['pages']);
1402	}
1403	return $navbar;
1404	}
1405
1406	/**
1407	* return an array which will be sent to template to display recent icon
1408	*/
1409	function get_icon($date, $is_child_date = false)
1410	{
1411	global $cache, $user;
1412
1413	if (empty($date))
1414	{
1415	return false;
1416	}
1417
1418	if (!isset($cache['get_icon']['title']))
1419	{
1420	$cache['get_icon']['title'] = sprintf(
1421	l10n('images posted during the last %d days'),
1422	$user['recent_period']
1423	);
1424	}
1425
1426	$icon = array(
1427	'TITLE' => $cache['get_icon']['title'],
1428	'IS_CHILD_DATE' => $is_child_date,
1429	);
1430
1431	if (isset($cache['get_icon'][$date]))
1432	{
1433	return $cache['get_icon'][$date] ? $icon : array();
1434	}
1435
1436	if (!isset($cache['get_icon']['sql_recent_date']))
1437	{
1438	// Use MySql date in order to standardize all recent "actions/queries"
1439	$cache['get_icon']['sql_recent_date'] = pwg_db_get_recent_period($user['recent_period']);
1440	}
1441
1442	$cache['get_icon'][$date] = $date > $cache['get_icon']['sql_recent_date'];
1443
1444	return $cache['get_icon'][$date] ? $icon : array();
1445	}
1446
1447	/**
1448	* check token comming from form posted or get params to prevent csrf attacks
1449	* if pwg_token is empty action doesn't require token
1450	* else pwg_token is compare to server token
1451	*
1452	* @return void access denied if token given is not equal to server token
1453	*/
1454	function check_pwg_token()
1455	{
1456	$valid_token = get_pwg_token();
1457	$given_token = null;
1458
1459	if (!empty($_POST['pwg_token']))
1460	{
1461	$given_token = $_POST['pwg_token'];
1462	}
1463	elseif (!empty($_GET['pwg_token']))
1464	{
1465	$given_token = $_GET['pwg_token'];
1466	}
1467	if ($given_token != $valid_token)
1468	{
1469	access_denied();
1470	}
1471	}
1472
1473	function get_pwg_token()
1474	{
1475	global $conf;
1476
1477	return hash_hmac('md5', session_id(), $conf['secret_key']);
1478	}
1479
1480	/*
1481	* breaks the script execution if the given value doesn't match the given
1482	* pattern. This should happen only during hacking attempts.
1483	*
1484	* @param string param_name
1485	* @param array param_array
1486	* @param boolean is_array
1487	* @param string pattern
1488	*
1489	* @return void
1490	*/
1491	function check_input_parameter($param_name, $param_array, $is_array, $pattern)
1492	{
1493	$param_value = null;
1494	if (isset($param_array[$param_name]))
1495	{
1496	$param_value = $param_array[$param_name];
1497	}
1498
1499	// it's ok if the input parameter is null
1500	if (empty($param_value))
1501	{
1502	return true;
1503	}
1504
1505	if ($is_array)
1506	{
1507	if (!is_array($param_value))
1508	{
1509	fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
1510	}
1511
1512	foreach ($param_value as $item_to_check)
1513	{
1514	if (!preg_match($pattern, $item_to_check))
1515	{
1516	fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
1517	}
1518	}
1519	}
1520	else
1521	{
1522	if (!preg_match($pattern, $param_value))
1523	{
1524	fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" is not valid');
1525	}
1526	}
1527	}
1528	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: