Context Navigation

source: branches/2.0/include/functions.inc.php @ 29875

Last change on this file since 29875 was 5210, checked in by ddtddt, 15 years ago
[Branche2] bug:1523 / Compatibility with PHP 5.3
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 42.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	include_once( PHPWG_ROOT_PATH .'include/functions_user.inc.php' );
25	include_once( PHPWG_ROOT_PATH .'include/functions_cookie.inc.php' );
26	include_once( PHPWG_ROOT_PATH .'include/functions_session.inc.php' );
27	include_once( PHPWG_ROOT_PATH .'include/functions_category.inc.php' );
28	include_once( PHPWG_ROOT_PATH .'include/functions_xml.inc.php' );
29	include_once( PHPWG_ROOT_PATH .'include/functions_html.inc.php' );
30	include_once( PHPWG_ROOT_PATH .'include/functions_tag.inc.php' );
31	include_once( PHPWG_ROOT_PATH .'include/functions_url.inc.php' );
32	include_once( PHPWG_ROOT_PATH .'include/functions_plugins.inc.php' );
33
34	//----------------------------------------------------------- generic functions
35
36	/**
37	* returns an array containing the possible values of an enum field
38	*
39	* @param string tablename
40	* @param string fieldname
41	*/
42	function get_enums($table, $field)
43	{
44	// retrieving the properties of the table. Each line represents a field :
45	// columns are 'Field', 'Type'
46	$result = pwg_query('desc '.$table);
47	while ($row = mysql_fetch_array($result))
48	{
49	// we are only interested in the the field given in parameter for the
50	// function
51	if ($row['Field'] == $field)
52	{
53	// retrieving possible values of the enum field
54	// enum('blue','green','black')
55	$options = explode(',', substr($row['Type'], 5, -1));
56	foreach ($options as $i => $option)
57	{
58	$options[$i] = str_replace("'", '',$option);
59	}
60	}
61	}
62	mysql_free_result($result);
63	return $options;
64	}
65
66	// get_boolean transforms a string to a boolean value. If the string is
67	// "false" (case insensitive), then the boolean value false is returned. In
68	// any other case, true is returned.
69	function get_boolean( $string )
70	{
71	$boolean = true;
72	if ( 'false' == strtolower($string) )
73	{
74	$boolean = false;
75	}
76	return $boolean;
77	}
78
79	/**
80	* returns boolean string 'true' or 'false' if the given var is boolean
81	*
82	* @param mixed $var
83	* @return mixed
84	*/
85	function boolean_to_string($var)
86	{
87	if (is_bool($var))
88	{
89	return $var ? 'true' : 'false';
90	}
91	else
92	{
93	return $var;
94	}
95	}
96
97	// The function get_moment returns a float value coresponding to the number
98	// of seconds since the unix epoch (1st January 1970) and the microseconds
99	// are precised : e.g. 1052343429.89276600
100	function get_moment()
101	{
102	$t1 = explode( ' ', microtime() );
103	$t2 = explode( '.', $t1[0] );
104	$t2 = $t1[1].'.'.$t2[1];
105	return $t2;
106	}
107
108	// The function get_elapsed_time returns the number of seconds (with 3
109	// decimals precision) between the start time and the end time given.
110	function get_elapsed_time( $start, $end )
111	{
112	return number_format( $end - $start, 3, '.', ' ').' s';
113	}
114
115	// - The replace_space function replaces space and '-' characters
116	// by their HTML equivalent &nbsb; and −
117	// - The function does not replace characters in HTML tags
118	// - This function was created because IE5 does not respect the
119	// CSS "white-space: nowrap;" property unless space and minus
120	// characters are replaced like this function does.
121	// - Example :
122	// <div class="foo">My friend</div>
123	// ( 01234567891111111111222222222233 )
124	// ( 0123456789012345678901 )
125	// becomes :
126	// <div class="foo">My friend</div>
127	function replace_space( $string )
128	{
129	//return $string;
130	$return_string = '';
131	// $remaining is the rest of the string where to replace spaces characters
132	$remaining = $string;
133	// $start represents the position of the next '<' character
134	// $end represents the position of the next '>' character
135	; // -> 0
136	$end = strpos ( $remaining, '>' ); // -> 16
137	// as long as a '<' and his friend '>' are found, we loop
138	while ( ($start=strpos( $remaining, '<' )) !==false
139	and ($end=strpos( $remaining, '>' )) !== false )
140	{
141	// $treatment is the part of the string to treat
142	// In the first loop of our example, this variable is empty, but in the
143	// second loop, it equals 'My friend'
144	$treatment = substr ( $remaining, 0, $start );
145	// Replacement of ' ' by his equivalent ' '
146	$treatment = str_replace( ' ', ' ', $treatment );
147	$treatment = str_replace( '-', '−', $treatment );
148	// composing the string to return by adding the treated string and the
149	// following HTML tag -> 'My friend</div>'
150	$return_string.= $treatment.substr( $remaining, $start, $end-$start+1 );
151	// the remaining string is deplaced to the part after the '>' of this
152	// loop
153	$remaining = substr ( $remaining, $end + 1, strlen( $remaining ) );
154	}
155	$treatment = str_replace( ' ', ' ', $remaining );
156	$treatment = str_replace( '-', '−', $treatment );
157	$return_string.= $treatment;
158
159	return $return_string;
160	}
161
162	// get_extension returns the part of the string after the last "."
163	function get_extension( $filename )
164	{
165	return substr( strrchr( $filename, '.' ), 1, strlen ( $filename ) );
166	}
167
168	// get_filename_wo_extension returns the part of the string before the last
169	// ".".
170	// get_filename_wo_extension( 'test.tar.gz' ) -> 'test.tar'
171	function get_filename_wo_extension( $filename )
172	{
173	$pos = strrpos( $filename, '.' );
174	return ($pos===false) ? $filename : substr( $filename, 0, $pos);
175	}
176
177	/**
178	* returns an array contening sub-directories, excluding ".svn"
179	*
180	* @param string $dir
181	* @return array
182	*/
183	function get_dirs($directory)
184	{
185	$sub_dirs = array();
186	if ($opendir = opendir($directory))
187	{
188	while ($file = readdir($opendir))
189	{
190	if ($file != '.'
191	and $file != '..'
192	and is_dir($directory.'/'.$file)
193	and $file != '.svn')
194	{
195	array_push($sub_dirs, $file);
196	}
197	}
198	closedir($opendir);
199	}
200	return $sub_dirs;
201	}
202
203	define('MKGETDIR_NONE', 0);
204	define('MKGETDIR_RECURSIVE', 1);
205	define('MKGETDIR_DIE_ON_ERROR', 2);
206	define('MKGETDIR_PROTECT_INDEX', 4);
207	define('MKGETDIR_PROTECT_HTACCESS', 8);
208	define('MKGETDIR_DEFAULT', 7);
209	/**
210	* creates directory if not exists; ensures that directory is writable
211	* @param:
212	* string $dir
213	* int $flags combination of MKGETDIR_xxx
214	* @return bool false on error else true
215	*/
216	function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
217	{
218	if ( !is_dir($dir) )
219	{
220	$umask = umask(0);
221	$mkd = @mkdir($dir, 0755, ($flags&MKGETDIR_RECURSIVE) ? true:false );
222	umask($umask);
223	if ($mkd==false)
224	{
225	!($flags&MKGETDIR_DIE_ON_ERROR) or fatal_error( "$dir ".l10n('no_write_access'));
226	return false;
227	}
228	if( $flags&MKGETDIR_PROTECT_HTACCESS )
229	{
230	$file = $dir.'/.htaccess';
231	file_exists($file) or @file_put_contents( $file, 'deny from all' );
232	}
233	if( $flags&MKGETDIR_PROTECT_INDEX )
234	{
235	$file = $dir.'/index.htm';
236	file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
237	}
238	}
239	if ( !is_writable($dir) )
240	{
241	!($flags&MKGETDIR_DIE_ON_ERROR) or fatal_error( "$dir ".l10n('no_write_access'));
242	return false;
243	}
244	return true;
245	}
246
247	/**
248	* returns thumbnail directory name of input diretoty name
249	* make thumbnail directory is necessary
250	* set error messages on array messages
251	*
252	* @param:
253	* string $dirname
254	* arrayy $errors
255	* @return bool false on error else string directory name
256	*/
257	function mkget_thumbnail_dir($dirname, &$errors)
258	{
259	$tndir = $dirname.'/thumbnail';
260	if (! mkgetdir($tndir, MKGETDIR_NONE) )
261	{
262	array_push($errors,
263	'['.$dirname.'] : '.l10n('no_write_access'));
264	return false;
265	}
266	return $tndir;
267	}
268
269	/* Returns true if the string appears to be encoded in UTF-8. (from wordpress)
270	* @param string Str
271	*/
272	function seems_utf8($Str) { # by bmorel at ssi dot fr
273	for ($i=0; $i<strlen($Str); $i++) {
274	if (ord($Str[$i]) < 0x80) continue; # 0bbbbbbb
275	elseif ((ord($Str[$i]) & 0xE0) == 0xC0) $n=1; # 110bbbbb
276	elseif ((ord($Str[$i]) & 0xF0) == 0xE0) $n=2; # 1110bbbb
277	elseif ((ord($Str[$i]) & 0xF8) == 0xF0) $n=3; # 11110bbb
278	elseif ((ord($Str[$i]) & 0xFC) == 0xF8) $n=4; # 111110bb
279	elseif ((ord($Str[$i]) & 0xFE) == 0xFC) $n=5; # 1111110b
280	else return false; # Does not match any model
281	for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
282	if ((++$i == strlen($Str)) \|\| ((ord($Str[$i]) & 0xC0) != 0x80))
283	return false;
284	}
285	}
286	return true;
287	}
288
289	/* Remove accents from a UTF-8 or ISO-859-1 string (from wordpress)
290	* @param string sstring - an UTF-8 or ISO-8859-1 string
291	*/
292	function remove_accents($string)
293	{
294	if ( !preg_match('/[\x80-\xff]/', $string) )
295	return $string;
296
297	if (seems_utf8($string)) {
298	$chars = array(
299	// Decompositions for Latin-1 Supplement
300	chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
301	chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
302	chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
303	chr(195).chr(135) => 'C', chr(195).chr(136) => 'E',
304	chr(195).chr(137) => 'E', chr(195).chr(138) => 'E',
305	chr(195).chr(139) => 'E', chr(195).chr(140) => 'I',
306	chr(195).chr(141) => 'I', chr(195).chr(142) => 'I',
307	chr(195).chr(143) => 'I', chr(195).chr(145) => 'N',
308	chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
309	chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
310	chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
311	chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
312	chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
313	chr(195).chr(159) => 's', chr(195).chr(160) => 'a',
314	chr(195).chr(161) => 'a', chr(195).chr(162) => 'a',
315	chr(195).chr(163) => 'a', chr(195).chr(164) => 'a',
316	chr(195).chr(165) => 'a', chr(195).chr(167) => 'c',
317	chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
318	chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
319	chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
320	chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
321	chr(195).chr(177) => 'n', chr(195).chr(178) => 'o',
322	chr(195).chr(179) => 'o', chr(195).chr(180) => 'o',
323	chr(195).chr(181) => 'o', chr(195).chr(182) => 'o',
324	chr(195).chr(182) => 'o', chr(195).chr(185) => 'u',
325	chr(195).chr(186) => 'u', chr(195).chr(187) => 'u',
326	chr(195).chr(188) => 'u', chr(195).chr(189) => 'y',
327	chr(195).chr(191) => 'y',
328	// Decompositions for Latin Extended-A
329	chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
330	chr(196).chr(130) => 'A', chr(196).chr(131) => 'a',
331	chr(196).chr(132) => 'A', chr(196).chr(133) => 'a',
332	chr(196).chr(134) => 'C', chr(196).chr(135) => 'c',
333	chr(196).chr(136) => 'C', chr(196).chr(137) => 'c',
334	chr(196).chr(138) => 'C', chr(196).chr(139) => 'c',
335	chr(196).chr(140) => 'C', chr(196).chr(141) => 'c',
336	chr(196).chr(142) => 'D', chr(196).chr(143) => 'd',
337	chr(196).chr(144) => 'D', chr(196).chr(145) => 'd',
338	chr(196).chr(146) => 'E', chr(196).chr(147) => 'e',
339	chr(196).chr(148) => 'E', chr(196).chr(149) => 'e',
340	chr(196).chr(150) => 'E', chr(196).chr(151) => 'e',
341	chr(196).chr(152) => 'E', chr(196).chr(153) => 'e',
342	chr(196).chr(154) => 'E', chr(196).chr(155) => 'e',
343	chr(196).chr(156) => 'G', chr(196).chr(157) => 'g',
344	chr(196).chr(158) => 'G', chr(196).chr(159) => 'g',
345	chr(196).chr(160) => 'G', chr(196).chr(161) => 'g',
346	chr(196).chr(162) => 'G', chr(196).chr(163) => 'g',
347	chr(196).chr(164) => 'H', chr(196).chr(165) => 'h',
348	chr(196).chr(166) => 'H', chr(196).chr(167) => 'h',
349	chr(196).chr(168) => 'I', chr(196).chr(169) => 'i',
350	chr(196).chr(170) => 'I', chr(196).chr(171) => 'i',
351	chr(196).chr(172) => 'I', chr(196).chr(173) => 'i',
352	chr(196).chr(174) => 'I', chr(196).chr(175) => 'i',
353	chr(196).chr(176) => 'I', chr(196).chr(177) => 'i',
354	chr(196).chr(178) => 'IJ',chr(196).chr(179) => 'ij',
355	chr(196).chr(180) => 'J', chr(196).chr(181) => 'j',
356	chr(196).chr(182) => 'K', chr(196).chr(183) => 'k',
357	chr(196).chr(184) => 'k', chr(196).chr(185) => 'L',
358	chr(196).chr(186) => 'l', chr(196).chr(187) => 'L',
359	chr(196).chr(188) => 'l', chr(196).chr(189) => 'L',
360	chr(196).chr(190) => 'l', chr(196).chr(191) => 'L',
361	chr(197).chr(128) => 'l', chr(197).chr(129) => 'L',
362	chr(197).chr(130) => 'l', chr(197).chr(131) => 'N',
363	chr(197).chr(132) => 'n', chr(197).chr(133) => 'N',
364	chr(197).chr(134) => 'n', chr(197).chr(135) => 'N',
365	chr(197).chr(136) => 'n', chr(197).chr(137) => 'N',
366	chr(197).chr(138) => 'n', chr(197).chr(139) => 'N',
367	chr(197).chr(140) => 'O', chr(197).chr(141) => 'o',
368	chr(197).chr(142) => 'O', chr(197).chr(143) => 'o',
369	chr(197).chr(144) => 'O', chr(197).chr(145) => 'o',
370	chr(197).chr(146) => 'OE',chr(197).chr(147) => 'oe',
371	chr(197).chr(148) => 'R',chr(197).chr(149) => 'r',
372	chr(197).chr(150) => 'R',chr(197).chr(151) => 'r',
373	chr(197).chr(152) => 'R',chr(197).chr(153) => 'r',
374	chr(197).chr(154) => 'S',chr(197).chr(155) => 's',
375	chr(197).chr(156) => 'S',chr(197).chr(157) => 's',
376	chr(197).chr(158) => 'S',chr(197).chr(159) => 's',
377	chr(197).chr(160) => 'S', chr(197).chr(161) => 's',
378	chr(197).chr(162) => 'T', chr(197).chr(163) => 't',
379	chr(197).chr(164) => 'T', chr(197).chr(165) => 't',
380	chr(197).chr(166) => 'T', chr(197).chr(167) => 't',
381	chr(197).chr(168) => 'U', chr(197).chr(169) => 'u',
382	chr(197).chr(170) => 'U', chr(197).chr(171) => 'u',
383	chr(197).chr(172) => 'U', chr(197).chr(173) => 'u',
384	chr(197).chr(174) => 'U', chr(197).chr(175) => 'u',
385	chr(197).chr(176) => 'U', chr(197).chr(177) => 'u',
386	chr(197).chr(178) => 'U', chr(197).chr(179) => 'u',
387	chr(197).chr(180) => 'W', chr(197).chr(181) => 'w',
388	chr(197).chr(182) => 'Y', chr(197).chr(183) => 'y',
389	chr(197).chr(184) => 'Y', chr(197).chr(185) => 'Z',
390	chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
391	chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
392	chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
393	// Euro Sign
394	chr(226).chr(130).chr(172) => 'E',
395	// GBP (Pound) Sign
396	chr(194).chr(163) => '');
397
398	$string = strtr($string, $chars);
399	} else {
400	// Assume ISO-8859-1 if not UTF-8
401	$chars['in'] = chr(128).chr(131).chr(138).chr(142).chr(154).chr(158)
402	.chr(159).chr(162).chr(165).chr(181).chr(192).chr(193).chr(194)
403	.chr(195).chr(196).chr(197).chr(199).chr(200).chr(201).chr(202)
404	.chr(203).chr(204).chr(205).chr(206).chr(207).chr(209).chr(210)
405	.chr(211).chr(212).chr(213).chr(214).chr(216).chr(217).chr(218)
406	.chr(219).chr(220).chr(221).chr(224).chr(225).chr(226).chr(227)
407	.chr(228).chr(229).chr(231).chr(232).chr(233).chr(234).chr(235)
408	.chr(236).chr(237).chr(238).chr(239).chr(241).chr(242).chr(243)
409	.chr(244).chr(245).chr(246).chr(248).chr(249).chr(250).chr(251)
410	.chr(252).chr(253).chr(255);
411
412	$chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
413
414	$string = strtr($string, $chars['in'], $chars['out']);
415	$double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
416	$double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
417	$string = str_replace($double_chars['in'], $double_chars['out'], $string);
418	}
419
420	return $string;
421	}
422
423	/**
424	* simplify a string to insert it into an URL
425	*
426	* @param string
427	* @return string
428	*/
429	function str2url($str)
430	{
431	$str = remove_accents($str);
432	$str = preg_replace('/[^a-z0-9_\s\'\:\/\[\],-]/','',strtolower($str));
433	$str = preg_replace('/[\s\'\:\/\[\],-]+/',' ',trim($str));
434	$res = str_replace(' ','_',$str);
435
436	return $res;
437	}
438
439	//-------------------------------------------- Piwigo specific functions
440
441	/**
442	* returns an array with a list of {language_code => language_name}
443	*
444	* @returns array
445	*/
446	function get_languages($target_charset = null)
447	{
448	if ( empty($target_charset) )
449	{
450	$target_charset = get_pwg_charset();
451	}
452	$target_charset = strtolower($target_charset);
453
454	$dir = opendir(PHPWG_ROOT_PATH.'language');
455	$languages = array();
456
457	while ($file = readdir($dir))
458	{
459	$path = PHPWG_ROOT_PATH.'language/'.$file;
460	if (!is_link($path) and is_dir($path) and file_exists($path.'/iso.txt'))
461	{
462	list($language_name) = @file($path.'/iso.txt');
463
464	$langdef = explode('.',$file);
465	if (count($langdef)>1) // (langCode,encoding)
466	{
467	$langdef[1] = strtolower($langdef[1]);
468
469	if (
470	$target_charset==$langdef[1]
471	or
472	($target_charset=='utf-8' and $langdef[1]=='iso-8859-1')
473	or
474	($target_charset=='iso-8859-1' and
475	in_array( substr($langdef[0],2), array('en','fr','de','es','it','nl')))
476	)
477	{
478	$language_name = convert_charset($language_name,
479	$langdef[1], $target_charset);
480	$languages[ $langdef[0] ] = $language_name;
481	}
482	else
483	continue; // the language encoding is not compatible with our charset
484	}
485	else
486	{ // UTF-8
487	$language_name = convert_charset($language_name,
488	'utf-8', $target_charset);
489	$languages[$file] = $language_name;
490	}
491	}
492	}
493	closedir($dir);
494	@asort($languages);
495
496	return $languages;
497	}
498
499	function pwg_log($image_id = null, $image_type = null)
500	{
501	global $conf, $user, $page;
502
503	$do_log = $conf['log'];
504	if (is_admin())
505	{
506	$do_log = $conf['history_admin'];
507	}
508	if (is_a_guest())
509	{
510	$do_log = $conf['history_guest'];
511	}
512
513	$do_log = trigger_event('pwg_log_allowed', $do_log, $image_id, $image_type);
514
515	if (!$do_log)
516	{
517	return false;
518	}
519
520	$tags_string = null;
521	if ('tags'==@$page['section'])
522	{
523	$tags_string = implode(',', $page['tag_ids']);
524	}
525
526	$query = '
527	INSERT INTO '.HISTORY_TABLE.'
528	(
529	date,
530	time,
531	user_id,
532	IP,
533	section,
534	category_id,
535	image_id,
536	image_type,
537	tag_ids
538	)
539	VALUES
540	(
541	CURDATE(),
542	CURTIME(),
543	'.$user['id'].',
544	\''.$_SERVER['REMOTE_ADDR'].'\',
545	'.(isset($page['section']) ? "'".$page['section']."'" : 'NULL').',
546	'.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').',
547	'.(isset($image_id) ? $image_id : 'NULL').',
548	'.(isset($image_type) ? "'".$image_type."'" : 'NULL').',
549	'.(isset($tags_string) ? "'".$tags_string."'" : 'NULL').'
550	)
551	;';
552	pwg_query($query);
553
554	return true;
555	}
556
557	// format_date returns a formatted date for display. The date given in
558	// argument must be an american format (2003-09-15). By option, you can show the time.
559	// The output is internationalized.
560	//
561	// format_date( "2003-09-15", true ) -> "Monday 15 September 2003 21:52"
562	function format_date($date, $show_time = false)
563	{
564	global $lang;
565
566	if (strpos($date, '0') == 0)
567	{
568	return l10n('N/A');
569	}
570
571	$ymdhms = array();
572	$tok = strtok( $date, '- :');
573	while ($tok !== false)
574	{
575	$ymdhms[] = $tok;
576	$tok = strtok('- :');
577	}
578
579	if ( count($ymdhms)<3 )
580	{
581	return false;
582	}
583
584	$formated_date = '';
585	// before 1970, Microsoft Windows can't mktime
586	if ($ymdhms[0] >= 1970)
587	{
588	// we ask midday because Windows think it's prior to midnight with a
589	// zero and refuse to work
590	$formated_date.= $lang['day'][date('w', mktime(12,0,0,$ymdhms[1],$ymdhms[2],$ymdhms[0]))];
591	}
592	$formated_date.= ' '.$ymdhms[2];
593	$formated_date.= ' '.$lang['month'][(int)$ymdhms[1]];
594	$formated_date.= ' '.$ymdhms[0];
595	if ($show_time and count($ymdhms)>=5 )
596	{
597	$formated_date.= ' '.$ymdhms[3].':'.$ymdhms[4];
598	}
599	return $formated_date;
600	}
601
602	function pwg_query($query)
603	{
604	global $conf,$page,$debug,$t2;
605
606	$start = get_moment();
607	($result = mysql_query($query)) or my_error($query, $conf['die_on_sql_error']);
608
609	$time = get_moment() - $start;
610
611	if (!isset($page['count_queries']))
612	{
613	$page['count_queries'] = 0;
614	$page['queries_time'] = 0;
615	}
616
617	$page['count_queries']++;
618	$page['queries_time']+= $time;
619
620	if ($conf['show_queries'])
621	{
622	$output = '';
623	$output.= '<pre>['.$page['count_queries'].'] ';
624	$output.= "\n".$query;
625	$output.= "\n".'(this query time : ';
626	$output.= '<b>'.number_format($time, 3, '.', ' ').' s)</b>';
627	$output.= "\n".'(total SQL time : ';
628	$output.= number_format($page['queries_time'], 3, '.', ' ').' s)';
629	$output.= "\n".'(total time : ';
630	$output.= number_format( ($time+$start-$t2), 3, '.', ' ').' s)';
631	if ( $result!=null and preg_match('/\s*SELECT\s+/i',$query) )
632	{
633	$output.= "\n".'(num rows : ';
634	$output.= mysql_num_rows($result).' )';
635	}
636	elseif ( $result!=null
637	and preg_match('/\s*INSERT\|UPDATE\|REPLACE\|DELETE\s+/i',$query) )
638	{
639	$output.= "\n".'(affected rows : ';
640	$output.= mysql_affected_rows().' )';
641	}
642	$output.= "</pre>\n";
643
644	$debug .= $output;
645	}
646
647	return $result;
648	}
649
650	function pwg_debug( $string )
651	{
652	global $debug,$t2,$page;
653
654	$now = explode( ' ', microtime() );
655	$now2 = explode( '.', $now[0] );
656	$now2 = $now[1].'.'.$now2[1];
657	$time = number_format( $now2 - $t2, 3, '.', ' ').' s';
658	$debug .= '<p>';
659	$debug.= '['.$time.', ';
660	$debug.= $page['count_queries'].' queries] : '.$string;
661	$debug.= "</p>\n";
662	}
663
664	/**
665	* Redirects to the given URL (HTTP method)
666	*
667	* Note : once this function called, the execution doesn't go further
668	* (presence of an exit() instruction.
669	*
670	* @param string $url
671	* @return void
672	*/
673	function redirect_http( $url )
674	{
675	if (ob_get_length () !== FALSE)
676	{
677	ob_clean();
678	}
679	// default url is on html format
680	$url = html_entity_decode($url);
681	header('Request-URI: '.$url);
682	header('Content-Location: '.$url);
683	header('Location: '.$url);
684	exit();
685	}
686
687	/**
688	* Redirects to the given URL (HTML method)
689	*
690	* Note : once this function called, the execution doesn't go further
691	* (presence of an exit() instruction.
692	*
693	* @param string $url
694	* @param string $title_msg
695	* @param integer $refreh_time
696	* @return void
697	*/
698	function redirect_html( $url , $msg = '', $refresh_time = 0)
699	{
700	global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
701
702	if (!isset($lang_info))
703	{
704	$user = build_user( $conf['guest_id'], true);
705	load_language('common.lang');
706	trigger_action('loading_lang');
707	load_language('local.lang', '', array('no_fallback'=>true) );
708	list($tmpl, $thm) = explode('/', get_default_template());
709	$template = new Template(PHPWG_ROOT_PATH.'template/'.$tmpl, $thm);
710	}
711	else
712	{
713	$template = new Template(PHPWG_ROOT_PATH.'template/'.$user['template'], $user['theme']);
714	}
715
716	if (empty($msg))
717	{
718	$msg = nl2br(l10n('redirect_msg'));
719	}
720
721	$refresh = $refresh_time;
722	$url_link = $url;
723	$title = 'redirection';
724
725	$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
726
727	include( PHPWG_ROOT_PATH.'include/page_header.php' );
728
729	$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
730	$template->assign('REDIRECT_MSG', $msg);
731
732	$template->parse('redirect');
733
734	include( PHPWG_ROOT_PATH.'include/page_tail.php' );
735
736	exit();
737	}
738
739	/**
740	* Redirects to the given URL (Switch to HTTP method or HTML method)
741	*
742	* Note : once this function called, the execution doesn't go further
743	* (presence of an exit() instruction.
744	*
745	* @param string $url
746	* @param string $title_msg
747	* @param integer $refreh_time
748	* @return void
749	*/
750	function redirect( $url , $msg = '', $refresh_time = 0)
751	{
752	global $conf;
753
754	// with RefeshTime <> 0, only html must be used
755	if ($conf['default_redirect_method']=='http'
756	and $refresh_time==0
757	and !headers_sent()
758	)
759	{
760	redirect_http($url);
761	}
762	else
763	{
764	redirect_html($url, $msg, $refresh_time);
765	}
766	}
767
768	/**
769	* returns $_SERVER['QUERY_STRING'] whitout keys given in parameters
770	*
771	* @param array $rejects
772	* @param boolean $escape - if true escape & to & (for html)
773	* @returns string
774	*/
775	function get_query_string_diff($rejects=array(), $escape=true)
776	{
777	$query_string = '';
778
779	$str = $_SERVER['QUERY_STRING'];
780	parse_str($str, $vars);
781
782	$is_first = true;
783	foreach ($vars as $key => $value)
784	{
785	if (!in_array($key, $rejects))
786	{
787	$query_string.= $is_first ? '?' : ($escape ? '&' : '&' );
788	$is_first = false;
789	$query_string.= $key.'='.$value;
790	}
791	}
792
793	return $query_string;
794	}
795
796	function url_is_remote($url)
797	{
798	if ( strncmp($url, 'http://', 7)==0
799	or strncmp($url, 'https://', 8)==0 )
800	{
801	return true;
802	}
803	return false;
804	}
805
806	/**
807	* returns available template/theme
808	*/
809	function get_pwg_themes()
810	{
811	global $conf;
812	$themes = array();
813
814	$template_dir = PHPWG_ROOT_PATH.'template';
815
816	foreach (get_dirs($template_dir) as $template)
817	{
818	foreach (get_dirs($template_dir.'/'.$template.'/theme') as $theme)
819	{
820	if ( ($template.'/'.$theme) != $conf['admin_layout'] )
821	array_push($themes, $template.'/'.$theme);
822	}
823	}
824
825	return $themes;
826	}
827
828	/* Returns the PATH to the thumbnail to be displayed. If the element does not
829	* have a thumbnail, the default mime image path is returned. The PATH can be
830	* used in the php script, but not sent to the browser.
831	* @param array element_info assoc array containing element info from db
832	* at least 'path', 'tn_ext' and 'id' should be present
833	*/
834	function get_thumbnail_path($element_info)
835	{
836	$path = get_thumbnail_location($element_info);
837	if ( !url_is_remote($path) )
838	{
839	$path = PHPWG_ROOT_PATH.$path;
840	}
841	return $path;
842	}
843
844	/* Returns the URL of the thumbnail to be displayed. If the element does not
845	* have a thumbnail, the default mime image url is returned. The URL can be
846	* sent to the browser, but not used in the php script.
847	* @param array element_info assoc array containing element info from db
848	* at least 'path', 'tn_ext' and 'id' should be present
849	*/
850	function get_thumbnail_url($element_info)
851	{
852	$path = get_thumbnail_location($element_info);
853	if ( !url_is_remote($path) )
854	{
855	$path = embellish_url(get_root_url().$path);
856	}
857
858	// plugins want another url ?
859	$path = trigger_event('get_thumbnail_url', $path, $element_info);
860	return $path;
861	}
862
863	/* returns the relative path of the thumnail with regards to to the root
864	of piwigo (not the current page!).This function is not intended to be
865	called directly from code.*/
866	function get_thumbnail_location($element_info)
867	{
868	global $conf;
869	if ( !empty( $element_info['tn_ext'] ) )
870	{
871	$path = substr_replace(
872	get_filename_wo_extension($element_info['path']),
873	'/thumbnail/'.$conf['prefix_thumbnail'],
874	strrpos($element_info['path'],'/'),
875	1
876	);
877	$path.= '.'.$element_info['tn_ext'];
878	}
879	else
880	{
881	$path = get_themeconf('mime_icon_dir')
882	.strtolower(get_extension($element_info['path'])).'.png';
883	}
884
885	// plugins want another location ?
886	$path = trigger_event( 'get_thumbnail_location', $path, $element_info);
887	return $path;
888	}
889
890	/* returns the title of the thumnail */
891	function get_thumbnail_title($element_info)
892	{
893	// message in title for the thumbnail
894	if (isset($element_info['file']))
895	{
896	$thumbnail_title = $element_info['file'];
897	}
898	else
899	{
900	$thumbnail_title = '';
901	}
902
903	if (!empty($element_info['filesize']))
904	{
905	$thumbnail_title .= ' : '.sprintf(l10n('%d Kb'), $element_info['filesize']);
906	}
907
908	return $thumbnail_title;
909	}
910
911	// my_error returns (or send to standard output) the message concerning the
912	// error occured for the last mysql query.
913	function my_error($header, $die)
914	{
915	$error = "[mysql error ".mysql_errno().'] '.mysql_error()."\n";
916	$error .= $header;
917
918	if ($die)
919	{
920	fatal_error($error);
921	}
922	echo("<pre>");
923	trigger_error($error, E_USER_WARNING);
924	echo("</pre>");
925	}
926
927
928	/**
929	* creates an array based on a query, this function is a very common pattern
930	* used here
931	*
932	* @param string $query
933	* @param string $fieldname
934	* @return array
935	*/
936	function array_from_query($query, $fieldname)
937	{
938	$array = array();
939
940	$result = pwg_query($query);
941	while ($row = mysql_fetch_array($result))
942	{
943	array_push($array, $row[$fieldname]);
944	}
945
946	return $array;
947	}
948
949	/**
950	* fill the current user caddie with given elements, if not already in
951	* caddie
952	*
953	* @param array elements_id
954	*/
955	function fill_caddie($elements_id)
956	{
957	global $user;
958
959	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
960
961	$query = '
962	SELECT element_id
963	FROM '.CADDIE_TABLE.'
964	WHERE user_id = '.$user['id'].'
965	;';
966	$in_caddie = array_from_query($query, 'element_id');
967
968	$caddiables = array_diff($elements_id, $in_caddie);
969
970	$datas = array();
971
972	foreach ($caddiables as $caddiable)
973	{
974	array_push($datas, array('element_id' => $caddiable,
975	'user_id' => $user['id']));
976	}
977
978	if (count($caddiables) > 0)
979	{
980	mass_inserts(CADDIE_TABLE, array('element_id','user_id'), $datas);
981	}
982	}
983
984	/**
985	* returns the element name from its filename
986	*
987	* @param string filename
988	* @return string name
989	*/
990	function get_name_from_file($filename)
991	{
992	return str_replace('_',' ',get_filename_wo_extension($filename));
993	}
994
995	/**
996	* returns the corresponding value from $lang if existing. Else, the key is
997	* returned
998	*
999	* @param string key
1000	* @return string
1001	*/
1002	function l10n($key)
1003	{
1004	global $lang, $conf;
1005
1006	if ($conf['debug_l10n'] and !isset($lang[$key]) and !empty($key))
1007	{
1008	trigger_error('[l10n] language key "'.$key.'" is not defined', E_USER_WARNING);
1009	}
1010
1011	return isset($lang[$key]) ? $lang[$key] : $key;
1012	}
1013
1014	/**
1015	* returns the prinft value for strings including %d
1016	* return is concorded with decimal value (singular, plural)
1017	*
1018	* @param singular string key
1019	* @param plural string key
1020	* @param decimal value
1021	* @return string
1022	*/
1023	function l10n_dec($singular_fmt_key, $plural_fmt_key, $decimal)
1024	{
1025	global $lang_info;
1026
1027	return
1028	sprintf(
1029	l10n((
1030	(($decimal > 1) or ($decimal == 0 and $lang_info['zero_plural']))
1031	? $plural_fmt_key
1032	: $singular_fmt_key
1033	)), $decimal);
1034	}
1035	/*
1036	* returns a single element to use with l10n_args
1037	*
1038	* @param string key: translation key
1039	* @param array/string/../number args:
1040	* arguments to use on sprintf($key, args)
1041	* if args is a array, each values are used on sprintf
1042	* @return string
1043	*/
1044	function get_l10n_args($key, $args)
1045	{
1046	if (is_array($args))
1047	{
1048	$key_arg = array_merge(array($key), $args);
1049	}
1050	else
1051	{
1052	$key_arg = array($key, $args);
1053	}
1054	return array('key_args' => $key_arg);
1055	}
1056
1057	/*
1058	* returns a string with formated with l10n_args elements
1059	*
1060	* @param element/array $key_args: element or array of l10n_args elements
1061	* @param $sep: if $key_args is array,
1062	* separator is used when translated l10n_args elements are concated
1063	* @return string
1064	*/
1065	function l10n_args($key_args, $sep = "\n")
1066	{
1067	if (is_array($key_args))
1068	{
1069	foreach ($key_args as $key => $element)
1070	{
1071	if (isset($result))
1072	{
1073	$result .= $sep;
1074	}
1075	else
1076	{
1077	$result = '';
1078	}
1079
1080	if ($key === 'key_args')
1081	{
1082	array_unshift($element, l10n(array_shift($element)));
1083	$result .= call_user_func_array('sprintf', $element);
1084	}
1085	else
1086	{
1087	$result .= l10n_args($element, $sep);
1088	}
1089	}
1090	}
1091	else
1092	{
1093	fatal_error('l10n_args: Invalid arguments');
1094	}
1095
1096	return $result;
1097	}
1098
1099	/**
1100	* returns the corresponding value from $themeconf if existing. Else, the
1101	* key is returned
1102	*
1103	* @param string key
1104	* @return string
1105	*/
1106	function get_themeconf($key)
1107	{
1108	global $template;
1109
1110	return $template->get_themeconf($key);
1111	}
1112
1113	/**
1114	* Returns webmaster mail address depending on $conf['webmaster_id']
1115	*
1116	* @return string
1117	*/
1118	function get_webmaster_mail_address()
1119	{
1120	global $conf;
1121
1122	$query = '
1123	SELECT '.$conf['user_fields']['email'].'
1124	FROM '.USERS_TABLE.'
1125	WHERE '.$conf['user_fields']['id'].' = '.$conf['webmaster_id'].'
1126	;';
1127	list($email) = mysql_fetch_array(pwg_query($query));
1128
1129	return $email;
1130	}
1131
1132	/**
1133	* Add configuration parameters from database to global $conf array
1134	*
1135	* @return void
1136	*/
1137	function load_conf_from_db($condition = '')
1138	{
1139	global $conf;
1140
1141	$query = '
1142	SELECT param, value
1143	FROM '.CONFIG_TABLE.'
1144	'.(!empty($condition) ? 'WHERE '.$condition : '').'
1145	;';
1146	$result = pwg_query($query);
1147
1148	if ((mysql_num_rows($result) == 0) and !empty($condition))
1149	{
1150	fatal_error('No configuration data');
1151	}
1152
1153	while ($row = mysql_fetch_array($result))
1154	{
1155	$conf[ $row['param'] ] = isset($row['value']) ? $row['value'] : '';
1156
1157	// If the field is true or false, the variable is transformed into a
1158	// boolean value.
1159	if ($conf[$row['param']] == 'true' or $conf[$row['param']] == 'false')
1160	{
1161	$conf[ $row['param'] ] = get_boolean($conf[ $row['param'] ]);
1162	}
1163	}
1164	}
1165
1166	/**
1167	* Prepends and appends a string at each value of the given array.
1168	*
1169	* @param array
1170	* @param string prefix to each array values
1171	* @param string suffix to each array values
1172	*/
1173	function prepend_append_array_items($array, $prepend_str, $append_str)
1174	{
1175	array_walk(
1176	$array,
1177	create_function('&$s', '$s = "'.$prepend_str.'".$s."'.$append_str.'";')
1178	);
1179
1180	return $array;
1181	}
1182
1183	/**
1184	* creates an hashed based on a query, this function is a very common
1185	* pattern used here. Among the selected columns fetched, choose one to be
1186	* the key, another one to be the value.
1187	*
1188	* @param string $query
1189	* @param string $keyname
1190	* @param string $valuename
1191	* @return array
1192	*/
1193	function simple_hash_from_query($query, $keyname, $valuename)
1194	{
1195	$array = array();
1196
1197	$result = pwg_query($query);
1198	while ($row = mysql_fetch_array($result))
1199	{
1200	$array[ $row[$keyname] ] = $row[$valuename];
1201	}
1202
1203	return $array;
1204	}
1205
1206	/**
1207	* creates an hashed based on a query, this function is a very common
1208	* pattern used here. The key is given as parameter, the value is an associative
1209	* array.
1210	*
1211	* @param string $query
1212	* @param string $keyname
1213	* @return array
1214	*/
1215	function hash_from_query($query, $keyname)
1216	{
1217	$array = array();
1218	$result = pwg_query($query);
1219	while ($row = mysql_fetch_assoc($result))
1220	{
1221	$array[ $row[$keyname] ] = $row;
1222	}
1223	return $array;
1224	}
1225
1226	/**
1227	* Return basename of the current script
1228	* Lower case convertion is applied on return value
1229	* Return value is without file extention ".php"
1230	*
1231	* @param void
1232	*
1233	* @return script basename
1234	*/
1235	function script_basename()
1236	{
1237	global $conf;
1238
1239	foreach (array('SCRIPT_NAME', 'SCRIPT_FILENAME', 'PHP_SELF') as $value)
1240	{
1241	if (!empty($_SERVER[$value]))
1242	{
1243	$filename = strtolower($_SERVER[$value]);
1244	if ($conf['php_extension_in_urls'] and get_extension($filename)!=='php')
1245	continue;
1246	$basename = basename($filename, '.php');
1247	if (!empty($basename))
1248	{
1249	return $basename;
1250	}
1251	}
1252	}
1253	return '';
1254	}
1255
1256	/**
1257	* Return value for the current page define on $conf['filter_pages']
1258	* Îf value is not defined, default value are returned
1259	*
1260	* @param value name
1261	*
1262	* @return filter page value
1263	*/
1264	function get_filter_page_value($value_name)
1265	{
1266	global $conf;
1267
1268	$page_name = script_basename();
1269
1270	if (isset($conf['filter_pages'][$page_name][$value_name]))
1271	{
1272	return $conf['filter_pages'][$page_name][$value_name];
1273	}
1274	else if (isset($conf['filter_pages']['default'][$value_name]))
1275	{
1276	return $conf['filter_pages']['default'][$value_name];
1277	}
1278	else
1279	{
1280	return null;
1281	}
1282	}
1283
1284	/**
1285	* returns the character set of data sent to browsers / received from forms
1286	*/
1287	function get_pwg_charset()
1288	{
1289	defined('PWG_CHARSET') or fatal_error('PWG_CHARSET undefined');
1290	return PWG_CHARSET;
1291	}
1292
1293	/**
1294	* includes a language file or returns the content of a language file
1295	* availability of the file
1296	*
1297	* in descending order of preference:
1298	* param language, user language, default language
1299	* Piwigo default language.
1300	*
1301	* @param string filename
1302	* @param string dirname
1303	* @param mixed options can contain
1304	* language - language to load (if empty uses user language)
1305	* return - if true the file content is returned otherwise the file is evaluated as php
1306	* target_charset -
1307	* no_fallback - the language must be respected
1308	* @return boolean success status or a string if options['return'] is true
1309	*/
1310	function load_language($filename, $dirname = '',
1311	$options = array() )
1312	{
1313	global $user;
1314
1315	if (! @$options['return'] )
1316	{
1317	$filename .= '.php'; //MAYBE to do .. load .po and .mo localization files
1318	}
1319	if (empty($dirname))
1320	{
1321	$dirname = PHPWG_ROOT_PATH;
1322	}
1323	$dirname .= 'language/';
1324
1325	$languages = array();
1326	if ( !empty($options['language']) )
1327	{
1328	$languages[] = $options['language'];
1329	}
1330	if ( !empty($user['language']) )
1331	{
1332	$languages[] = $user['language'];
1333	}
1334	if ( ! @$options['no_fallback'] )
1335	{
1336	if ( defined('PHPWG_INSTALLED') )
1337	{
1338	$languages[] = get_default_language();
1339	}
1340	$languages[] = PHPWG_DEFAULT_LANGUAGE;
1341	}
1342
1343	$languages = array_unique($languages);
1344
1345	if ( empty($options['target_charset']) )
1346	{
1347	$target_charset = get_pwg_charset();
1348	}
1349	else
1350	{
1351	$target_charset = $options['target_charset'];
1352	}
1353	$target_charset = strtolower($target_charset);
1354	$source_charset = '';
1355	$source_file = '';
1356	foreach ($languages as $language)
1357	{
1358	$dir = $dirname.$language;
1359
1360	if ($target_charset!='utf-8')
1361	{
1362	// exact charset match - no conversion required
1363	$f = $dir.'.'.$target_charset.'/'.$filename;
1364	if (file_exists($f))
1365	{
1366	$source_file = $f;
1367	break;
1368	}
1369	}
1370
1371	// UTF-8 ?
1372	$f = $dir.'/'.$filename;
1373	if (file_exists($f))
1374	{
1375	$source_charset = 'utf-8';
1376	$source_file = $f;
1377	break;
1378	}
1379	}
1380
1381	if ( !empty($source_file) )
1382	{
1383	if (! @$options['return'] )
1384	{
1385	@include($source_file);
1386	$load_lang = @$lang;
1387	$load_lang_info = @$lang_info;
1388
1389	global $lang, $lang_info;
1390	if ( !isset($lang) ) $lang=array();
1391	if ( !isset($lang_info) ) $lang_info=array();
1392
1393	if ( !empty($source_charset) and $source_charset!=$target_charset)
1394	{
1395	if ( is_array($load_lang) )
1396	{
1397	foreach ($load_lang as $k => $v)
1398	{
1399	if ( is_array($v) )
1400	{
1401	$func = create_function('$v', 'return convert_charset($v, "'.$source_charset.'","'.$target_charset.'");' );
1402	$lang[$k] = array_map($func, $v);
1403	}
1404	else
1405	$lang[$k] = convert_charset($v, $source_charset, $target_charset);
1406	}
1407	}
1408	if ( is_array($load_lang_info) )
1409	{
1410	foreach ($load_lang_info as $k => $v)
1411	{
1412	$lang_info[$k] = convert_charset($v, $source_charset, $target_charset);
1413	}
1414	}
1415	}
1416	else
1417	{
1418	$lang = array_merge( $lang, (array)$load_lang );
1419	$lang_info = array_merge( $lang_info, (array)$load_lang_info );
1420	}
1421	return true;
1422	}
1423	else
1424	{
1425	$content = @file_get_contents($source_file);
1426	if ( !empty($source_charset) and $source_charset!=$target_charset)
1427	{
1428	$content = convert_charset($content, $source_charset, $target_charset);
1429	}
1430	return $content;
1431	}
1432	}
1433	return false;
1434	}
1435
1436	/**
1437	* converts a string from a character set to another character set
1438	* @param string str the string to be converted
1439	* @param string source_charset the character set in which the string is encoded
1440	* @param string dest_charset the destination character set
1441	*/
1442	function convert_charset($str, $source_charset, $dest_charset)
1443	{
1444	if ($source_charset==$dest_charset)
1445	return $str;
1446	if ($source_charset=='iso-8859-1' and $dest_charset=='utf-8')
1447	{
1448	return utf8_encode($str);
1449	}
1450	if ($source_charset=='utf-8' and $dest_charset=='iso-8859-1')
1451	{
1452	return utf8_decode($str);
1453	}
1454	if (function_exists('iconv'))
1455	{
1456	return iconv($source_charset, $dest_charset, $str);
1457	}
1458	if (function_exists('mb_convert_encoding'))
1459	{
1460	return mb_convert_encoding( $str, $dest_charset, $source_charset );
1461	}
1462	return $str; //???
1463	}
1464
1465	/**
1466	* makes sure a index.htm protects the directory from browser file listing
1467	*
1468	* @param string dir directory
1469	*/
1470	function secure_directory($dir)
1471	{
1472	$file = $dir.'/index.htm';
1473	if (!file_exists($file))
1474	{
1475	@file_put_contents($file, 'Not allowed!');
1476	}
1477	}
1478
1479	/**
1480	* returns a "secret key" that is to be sent back when a user enters a comment
1481	*
1482	* @param int image_id
1483	*/
1484	function get_comment_post_key($image_id)
1485	{
1486	global $conf;
1487
1488	$time = time();
1489
1490	return sprintf(
1491	'%s:%s',
1492	$time,
1493	hash_hmac(
1494	'md5',
1495	$time.':'.$image_id,
1496	$conf['secret_key']
1497	)
1498	);
1499	}
1500
1501	/*
1502	* breaks the script execution if the given value doesn't match the given
1503	* pattern. This should happen only during hacking attempts.
1504	*
1505	* @param string param_name
1506	* @param array param_array
1507	* @param boolean is_array
1508	* @param string pattern
1509	*
1510	* @return void
1511	*/
1512	function check_input_parameter($param_name, $param_array, $is_array, $pattern)
1513	{
1514	$param_value = null;
1515	if (isset($param_array[$param_name]))
1516	{
1517	$param_value = $param_array[$param_name];
1518	}
1519
1520	// it's ok if the input parameter is null
1521	if (empty($param_value))
1522	{
1523	return true;
1524	}
1525
1526	if ($is_array)
1527	{
1528	if (!is_array($param_value))
1529	{
1530	fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
1531	}
1532
1533	foreach ($param_value as $item_to_check)
1534	{
1535	if (!preg_match($pattern, $item_to_check))
1536	{
1537	fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
1538	}
1539	}
1540	}
1541	else
1542	{
1543	if (!preg_match($pattern, $param_value))
1544	{
1545	fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" is not valid');
1546	}
1547	}
1548	}
1549
1550	/**
1551	* check token comming from form posted or get params to prevent csrf attacks
1552	* if pwg_token is empty action doesn't require token
1553	* else pwg_token is compare to server token
1554	*
1555	* @return void access denied if token given is not equal to server token
1556	*/
1557	function check_pwg_token()
1558	{
1559	$valid_token = get_pwg_token();
1560	$given_token = null;
1561
1562	if (!empty($_POST['pwg_token']))
1563	{
1564	$given_token = $_POST['pwg_token'];
1565	}
1566	elseif (!empty($_GET['pwg_token']))
1567	{
1568	$given_token = $_GET['pwg_token'];
1569	}
1570	if ($given_token != $valid_token)
1571	{
1572	access_denied();
1573	}
1574	}
1575
1576	function get_pwg_token()
1577	{
1578	global $conf;
1579
1580	return hash_hmac('md5', session_id(), $conf['secret_key']);
1581	}
1582	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: