[1075] | 1 | <?php |
---|
| 2 | // +-----------------------------------------------------------------------+ |
---|
[8728] | 3 | // | Piwigo - a PHP based photo gallery | |
---|
[2297] | 4 | // +-----------------------------------------------------------------------+ |
---|
[19703] | 5 | // | Copyright(C) 2008-2013 Piwigo Team http://piwigo.org | |
---|
[2297] | 6 | // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | |
---|
| 7 | // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | |
---|
| 8 | // +-----------------------------------------------------------------------+ |
---|
| 9 | // | This program is free software; you can redistribute it and/or modify | |
---|
| 10 | // | it under the terms of the GNU General Public License as published by | |
---|
| 11 | // | the Free Software Foundation | |
---|
| 12 | // | | |
---|
| 13 | // | This program is distributed in the hope that it will be useful, but | |
---|
| 14 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
| 15 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
| 16 | // | General Public License for more details. | |
---|
| 17 | // | | |
---|
| 18 | // | You should have received a copy of the GNU General Public License | |
---|
| 19 | // | along with this program; if not, write to the Free Software | |
---|
| 20 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
| 21 | // | USA. | |
---|
| 22 | // +-----------------------------------------------------------------------+ |
---|
[1075] | 23 | |
---|
| 24 | function check_upgrade() |
---|
| 25 | { |
---|
[2836] | 26 | if (defined('PHPWG_IN_UPGRADE')) |
---|
[1075] | 27 | { |
---|
[2836] | 28 | return PHPWG_IN_UPGRADE; |
---|
[1075] | 29 | } |
---|
[2836] | 30 | return false; |
---|
[1075] | 31 | } |
---|
| 32 | |
---|
[2096] | 33 | // concerning upgrade, we use the default tables |
---|
| 34 | function prepare_conf_upgrade() |
---|
| 35 | { |
---|
[2104] | 36 | global $prefixeTable; |
---|
[1075] | 37 | |
---|
[2104] | 38 | // $conf is not used for users tables |
---|
| 39 | // define cannot be re-defined |
---|
| 40 | define('CATEGORIES_TABLE', $prefixeTable.'categories'); |
---|
| 41 | define('COMMENTS_TABLE', $prefixeTable.'comments'); |
---|
| 42 | define('CONFIG_TABLE', $prefixeTable.'config'); |
---|
| 43 | define('FAVORITES_TABLE', $prefixeTable.'favorites'); |
---|
| 44 | define('GROUP_ACCESS_TABLE', $prefixeTable.'group_access'); |
---|
| 45 | define('GROUPS_TABLE', $prefixeTable.'groups'); |
---|
| 46 | define('HISTORY_TABLE', $prefixeTable.'history'); |
---|
| 47 | define('HISTORY_SUMMARY_TABLE', $prefixeTable.'history_summary'); |
---|
| 48 | define('IMAGE_CATEGORY_TABLE', $prefixeTable.'image_category'); |
---|
| 49 | define('IMAGES_TABLE', $prefixeTable.'images'); |
---|
| 50 | define('SESSIONS_TABLE', $prefixeTable.'sessions'); |
---|
| 51 | define('SITES_TABLE', $prefixeTable.'sites'); |
---|
| 52 | define('USER_ACCESS_TABLE', $prefixeTable.'user_access'); |
---|
| 53 | define('USER_GROUP_TABLE', $prefixeTable.'user_group'); |
---|
| 54 | define('USERS_TABLE', $prefixeTable.'users'); |
---|
| 55 | define('USER_INFOS_TABLE', $prefixeTable.'user_infos'); |
---|
| 56 | define('USER_FEED_TABLE', $prefixeTable.'user_feed'); |
---|
| 57 | define('RATE_TABLE', $prefixeTable.'rate'); |
---|
| 58 | define('USER_CACHE_TABLE', $prefixeTable.'user_cache'); |
---|
| 59 | define('USER_CACHE_CATEGORIES_TABLE', $prefixeTable.'user_cache_categories'); |
---|
| 60 | define('CADDIE_TABLE', $prefixeTable.'caddie'); |
---|
| 61 | define('UPGRADE_TABLE', $prefixeTable.'upgrade'); |
---|
| 62 | define('SEARCH_TABLE', $prefixeTable.'search'); |
---|
| 63 | define('USER_MAIL_NOTIFICATION_TABLE', $prefixeTable.'user_mail_notification'); |
---|
| 64 | define('TAGS_TABLE', $prefixeTable.'tags'); |
---|
| 65 | define('IMAGE_TAG_TABLE', $prefixeTable.'image_tag'); |
---|
| 66 | define('PLUGINS_TABLE', $prefixeTable.'plugins'); |
---|
| 67 | define('OLD_PERMALINKS_TABLE', $prefixeTable.'old_permalinks'); |
---|
[5387] | 68 | define('THEMES_TABLE', $prefixeTable.'themes'); |
---|
| 69 | define('LANGUAGES_TABLE', $prefixeTable.'languages'); |
---|
[2096] | 70 | } |
---|
| 71 | |
---|
[2815] | 72 | // Deactivate all non-standard plugins |
---|
| 73 | function deactivate_non_standard_plugins() |
---|
| 74 | { |
---|
| 75 | global $page; |
---|
| 76 | |
---|
| 77 | $standard_plugins = array( |
---|
| 78 | 'admin_multi_view', |
---|
| 79 | 'c13y_upgrade', |
---|
| 80 | 'event_tracer', |
---|
| 81 | 'language_switch', |
---|
| 82 | 'LocalFilesEditor' |
---|
| 83 | ); |
---|
| 84 | |
---|
| 85 | $query = ' |
---|
| 86 | SELECT id |
---|
| 87 | FROM '.PREFIX_TABLE.'plugins |
---|
[6654] | 88 | WHERE state = \'active\' |
---|
[6550] | 89 | AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\') |
---|
[2815] | 90 | ;'; |
---|
| 91 | |
---|
| 92 | $result = pwg_query($query); |
---|
| 93 | $plugins = array(); |
---|
[4325] | 94 | while ($row = pwg_db_fetch_assoc($result)) |
---|
[2815] | 95 | { |
---|
[25018] | 96 | $plugins[] = $row['id']; |
---|
[2815] | 97 | } |
---|
| 98 | |
---|
| 99 | if (!empty($plugins)) |
---|
| 100 | { |
---|
| 101 | $query = ' |
---|
| 102 | UPDATE '.PREFIX_TABLE.'plugins |
---|
[6654] | 103 | SET state=\'inactive\' |
---|
[6550] | 104 | WHERE id IN (\'' . implode('\',\'', $plugins) . '\') |
---|
[2815] | 105 | ;'; |
---|
[2884] | 106 | pwg_query($query); |
---|
[2815] | 107 | |
---|
[25018] | 108 | $page['infos'][] = l10n('As a precaution, following plugins have been deactivated. You must check for plugins upgrade before reactiving them:') |
---|
| 109 | .'<p><i>'.implode(', ', $plugins).'</i></p>'; |
---|
[2815] | 110 | } |
---|
| 111 | } |
---|
| 112 | |
---|
[9597] | 113 | // Deactivate all non-standard themes |
---|
| 114 | function deactivate_non_standard_themes() |
---|
| 115 | { |
---|
[10426] | 116 | global $page, $conf; |
---|
[9597] | 117 | |
---|
| 118 | $standard_themes = array( |
---|
| 119 | 'clear', |
---|
| 120 | 'Sylvia', |
---|
| 121 | 'dark', |
---|
[13467] | 122 | 'elegant', |
---|
[15678] | 123 | 'smartpocket', |
---|
[9597] | 124 | ); |
---|
| 125 | |
---|
| 126 | $query = ' |
---|
| 127 | SELECT |
---|
| 128 | id, |
---|
| 129 | name |
---|
| 130 | FROM '.PREFIX_TABLE.'themes |
---|
| 131 | WHERE id NOT IN (\''.implode("','", $standard_themes).'\') |
---|
| 132 | ;'; |
---|
| 133 | $result = pwg_query($query); |
---|
| 134 | $theme_ids = array(); |
---|
| 135 | $theme_names = array(); |
---|
| 136 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 137 | { |
---|
[25018] | 138 | $theme_ids[] = $row['id']; |
---|
| 139 | $theme_names[] = $row['name']; |
---|
[9597] | 140 | } |
---|
| 141 | |
---|
| 142 | if (!empty($theme_ids)) |
---|
| 143 | { |
---|
| 144 | $query = ' |
---|
| 145 | DELETE |
---|
| 146 | FROM '.PREFIX_TABLE.'themes |
---|
| 147 | WHERE id IN (\''.implode("','", $theme_ids).'\') |
---|
| 148 | ;'; |
---|
| 149 | pwg_query($query); |
---|
| 150 | |
---|
[25018] | 151 | $page['infos'][] = l10n('As a precaution, following themes have been deactivated. You must check for themes upgrade before reactiving them:') |
---|
| 152 | .'<p><i>'.implode(', ', $theme_names).'</i></p>'; |
---|
[10426] | 153 | |
---|
| 154 | // what is the default theme? |
---|
| 155 | $query = ' |
---|
| 156 | SELECT theme |
---|
| 157 | FROM '.PREFIX_TABLE.'user_infos |
---|
| 158 | WHERE user_id = '.$conf['default_user_id'].' |
---|
| 159 | ;'; |
---|
| 160 | list($default_theme) = pwg_db_fetch_row(pwg_query($query)); |
---|
| 161 | |
---|
| 162 | // if the default theme has just been deactivated, let's set another core theme as default |
---|
| 163 | if (in_array($default_theme, $theme_ids)) |
---|
| 164 | { |
---|
| 165 | $query = ' |
---|
| 166 | UPDATE '.PREFIX_TABLE.'user_infos |
---|
[13467] | 167 | SET theme = \'elegant\' |
---|
[10426] | 168 | WHERE user_id = '.$conf['default_user_id'].' |
---|
| 169 | ;'; |
---|
| 170 | pwg_query($query); |
---|
| 171 | } |
---|
[9597] | 172 | } |
---|
| 173 | } |
---|
| 174 | |
---|
[14206] | 175 | // Deactivate all templates |
---|
| 176 | function deactivate_templates() |
---|
| 177 | { |
---|
| 178 | $query = ' |
---|
| 179 | UPDATE '.PREFIX_TABLE.'config |
---|
| 180 | SET value = \''. array() .'\' |
---|
| 181 | WHERE param = \'extents_for_templates\';'; |
---|
| 182 | } |
---|
| 183 | |
---|
[2836] | 184 | // Check access rights |
---|
[6110] | 185 | function check_upgrade_access_rights() |
---|
[2836] | 186 | { |
---|
[6110] | 187 | global $conf, $page, $current_release; |
---|
[2836] | 188 | |
---|
[6110] | 189 | if (version_compare($current_release, '2.0', '>=') and isset($_COOKIE[session_name()])) |
---|
| 190 | { |
---|
| 191 | // Check if user is already connected as webmaster |
---|
| 192 | session_start(); |
---|
| 193 | if (!empty($_SESSION['pwg_uid'])) |
---|
| 194 | { |
---|
| 195 | $query = ' |
---|
| 196 | SELECT status |
---|
| 197 | FROM '.USER_INFOS_TABLE.' |
---|
| 198 | WHERE user_id = '.$_SESSION['pwg_uid'].' |
---|
| 199 | ;'; |
---|
| 200 | pwg_query($query); |
---|
| 201 | |
---|
| 202 | $row = pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 203 | if (isset($row['status']) and $row['status'] == 'webmaster') |
---|
| 204 | { |
---|
| 205 | define('PHPWG_IN_UPGRADE', true); |
---|
| 206 | return; |
---|
| 207 | } |
---|
| 208 | } |
---|
| 209 | } |
---|
| 210 | |
---|
| 211 | if (!isset($_POST['username']) or !isset($_POST['password'])) |
---|
| 212 | { |
---|
| 213 | return; |
---|
| 214 | } |
---|
| 215 | |
---|
[6131] | 216 | $username = $_POST['username']; |
---|
[6110] | 217 | $password = $_POST['password']; |
---|
| 218 | |
---|
[4006] | 219 | if(!@get_magic_quotes_gpc()) |
---|
[2838] | 220 | { |
---|
[4325] | 221 | $username = pwg_db_real_escape_string($username); |
---|
[2838] | 222 | } |
---|
| 223 | |
---|
[2900] | 224 | if (version_compare($current_release, '2.0', '<')) |
---|
[2836] | 225 | { |
---|
[2900] | 226 | $username = utf8_decode($username); |
---|
| 227 | $password = utf8_decode($password); |
---|
| 228 | } |
---|
| 229 | |
---|
| 230 | if (version_compare($current_release, '1.5', '<')) |
---|
| 231 | { |
---|
[2836] | 232 | $query = ' |
---|
| 233 | SELECT password, status |
---|
[2838] | 234 | FROM '.USERS_TABLE.' |
---|
[6550] | 235 | WHERE username = \''.$username.'\' |
---|
[2836] | 236 | ;'; |
---|
| 237 | } |
---|
| 238 | else |
---|
| 239 | { |
---|
| 240 | $query = ' |
---|
| 241 | SELECT u.password, ui.status |
---|
[4280] | 242 | FROM '.USERS_TABLE.' AS u |
---|
[2838] | 243 | INNER JOIN '.USER_INFOS_TABLE.' AS ui |
---|
| 244 | ON u.'.$conf['user_fields']['id'].'=ui.user_id |
---|
[6550] | 245 | WHERE '.$conf['user_fields']['username'].'=\''.$username.'\' |
---|
[2836] | 246 | ;'; |
---|
| 247 | } |
---|
[4325] | 248 | $row = pwg_db_fetch_assoc(pwg_query($query)); |
---|
[2836] | 249 | |
---|
[18889] | 250 | if (!$conf['password_verify']($password, $row['password'])) |
---|
[2836] | 251 | { |
---|
[25018] | 252 | $page['errors'][] = l10n('Invalid password!'); |
---|
[2836] | 253 | } |
---|
| 254 | elseif ($row['status'] != 'admin' and $row['status'] != 'webmaster') |
---|
| 255 | { |
---|
[25018] | 256 | $page['errors'][] = l10n('You do not have access rights to run upgrade'); |
---|
[2836] | 257 | } |
---|
| 258 | else |
---|
| 259 | { |
---|
| 260 | define('PHPWG_IN_UPGRADE', true); |
---|
| 261 | } |
---|
| 262 | } |
---|
[3136] | 263 | |
---|
| 264 | /** |
---|
| 265 | * which upgrades are available ? |
---|
| 266 | * |
---|
| 267 | * @return array |
---|
| 268 | */ |
---|
| 269 | function get_available_upgrade_ids() |
---|
| 270 | { |
---|
| 271 | $upgrades_path = PHPWG_ROOT_PATH.'install/db'; |
---|
| 272 | |
---|
| 273 | $available_upgrade_ids = array(); |
---|
| 274 | |
---|
| 275 | if ($contents = opendir($upgrades_path)) |
---|
| 276 | { |
---|
| 277 | while (($node = readdir($contents)) !== false) |
---|
| 278 | { |
---|
| 279 | if (is_file($upgrades_path.'/'.$node) |
---|
| 280 | and preg_match('/^(.*?)-database\.php$/', $node, $match)) |
---|
| 281 | { |
---|
[25018] | 282 | $available_upgrade_ids[] = $match[1]; |
---|
[3136] | 283 | } |
---|
| 284 | } |
---|
| 285 | } |
---|
| 286 | natcasesort($available_upgrade_ids); |
---|
| 287 | |
---|
| 288 | return $available_upgrade_ids; |
---|
| 289 | } |
---|
| 290 | |
---|
| 291 | |
---|
| 292 | /** |
---|
| 293 | * returns true if there are available upgrade files |
---|
| 294 | */ |
---|
| 295 | function check_upgrade_feed() |
---|
| 296 | { |
---|
| 297 | // retrieve already applied upgrades |
---|
| 298 | $query = ' |
---|
| 299 | SELECT id |
---|
| 300 | FROM '.UPGRADE_TABLE.' |
---|
| 301 | ;'; |
---|
| 302 | $applied = array_from_query($query, 'id'); |
---|
| 303 | |
---|
| 304 | // retrieve existing upgrades |
---|
| 305 | $existing = get_available_upgrade_ids(); |
---|
| 306 | |
---|
| 307 | // which upgrades need to be applied? |
---|
| 308 | return (count(array_diff($existing, $applied)) > 0); |
---|
| 309 | } |
---|
| 310 | |
---|
[5387] | 311 | function upgrade_db_connect() |
---|
| 312 | { |
---|
| 313 | global $conf; |
---|
| 314 | |
---|
| 315 | try |
---|
| 316 | { |
---|
[20720] | 317 | pwg_db_connect($conf['db_host'], $conf['db_user'], |
---|
| 318 | $conf['db_password'], $conf['db_base']); |
---|
| 319 | pwg_db_check_version(); |
---|
[5387] | 320 | } |
---|
| 321 | catch (Exception $e) |
---|
| 322 | { |
---|
| 323 | my_error(l10n($e->getMessage()), true); |
---|
| 324 | } |
---|
| 325 | } |
---|
[3136] | 326 | ?> |
---|