1 | <?php |
---|
2 | // +-----------------------------------------------------------------------+ |
---|
3 | // | Piwigo - a PHP based photo gallery | |
---|
4 | // +-----------------------------------------------------------------------+ |
---|
5 | // | Copyright(C) 2008-2011 Piwigo Team http://piwigo.org | |
---|
6 | // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | |
---|
7 | // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | |
---|
8 | // +-----------------------------------------------------------------------+ |
---|
9 | // | This program is free software; you can redistribute it and/or modify | |
---|
10 | // | it under the terms of the GNU General Public License as published by | |
---|
11 | // | the Free Software Foundation | |
---|
12 | // | | |
---|
13 | // | This program is distributed in the hope that it will be useful, but | |
---|
14 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
15 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
16 | // | General Public License for more details. | |
---|
17 | // | | |
---|
18 | // | You should have received a copy of the GNU General Public License | |
---|
19 | // | along with this program; if not, write to the Free Software | |
---|
20 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
21 | // | USA. | |
---|
22 | // +-----------------------------------------------------------------------+ |
---|
23 | |
---|
24 | function check_upgrade() |
---|
25 | { |
---|
26 | if (defined('PHPWG_IN_UPGRADE')) |
---|
27 | { |
---|
28 | return PHPWG_IN_UPGRADE; |
---|
29 | } |
---|
30 | return false; |
---|
31 | } |
---|
32 | |
---|
33 | // concerning upgrade, we use the default tables |
---|
34 | function prepare_conf_upgrade() |
---|
35 | { |
---|
36 | global $prefixeTable; |
---|
37 | |
---|
38 | // $conf is not used for users tables |
---|
39 | // define cannot be re-defined |
---|
40 | define('CATEGORIES_TABLE', $prefixeTable.'categories'); |
---|
41 | define('COMMENTS_TABLE', $prefixeTable.'comments'); |
---|
42 | define('CONFIG_TABLE', $prefixeTable.'config'); |
---|
43 | define('FAVORITES_TABLE', $prefixeTable.'favorites'); |
---|
44 | define('GROUP_ACCESS_TABLE', $prefixeTable.'group_access'); |
---|
45 | define('GROUPS_TABLE', $prefixeTable.'groups'); |
---|
46 | define('HISTORY_TABLE', $prefixeTable.'history'); |
---|
47 | define('HISTORY_SUMMARY_TABLE', $prefixeTable.'history_summary'); |
---|
48 | define('IMAGE_CATEGORY_TABLE', $prefixeTable.'image_category'); |
---|
49 | define('IMAGES_TABLE', $prefixeTable.'images'); |
---|
50 | define('SESSIONS_TABLE', $prefixeTable.'sessions'); |
---|
51 | define('SITES_TABLE', $prefixeTable.'sites'); |
---|
52 | define('USER_ACCESS_TABLE', $prefixeTable.'user_access'); |
---|
53 | define('USER_GROUP_TABLE', $prefixeTable.'user_group'); |
---|
54 | define('USERS_TABLE', $prefixeTable.'users'); |
---|
55 | define('USER_INFOS_TABLE', $prefixeTable.'user_infos'); |
---|
56 | define('USER_FEED_TABLE', $prefixeTable.'user_feed'); |
---|
57 | define('RATE_TABLE', $prefixeTable.'rate'); |
---|
58 | define('USER_CACHE_TABLE', $prefixeTable.'user_cache'); |
---|
59 | define('USER_CACHE_CATEGORIES_TABLE', $prefixeTable.'user_cache_categories'); |
---|
60 | define('CADDIE_TABLE', $prefixeTable.'caddie'); |
---|
61 | define('UPGRADE_TABLE', $prefixeTable.'upgrade'); |
---|
62 | define('SEARCH_TABLE', $prefixeTable.'search'); |
---|
63 | define('USER_MAIL_NOTIFICATION_TABLE', $prefixeTable.'user_mail_notification'); |
---|
64 | define('TAGS_TABLE', $prefixeTable.'tags'); |
---|
65 | define('IMAGE_TAG_TABLE', $prefixeTable.'image_tag'); |
---|
66 | define('PLUGINS_TABLE', $prefixeTable.'plugins'); |
---|
67 | define('OLD_PERMALINKS_TABLE', $prefixeTable.'old_permalinks'); |
---|
68 | define('THEMES_TABLE', $prefixeTable.'themes'); |
---|
69 | define('LANGUAGES_TABLE', $prefixeTable.'languages'); |
---|
70 | } |
---|
71 | |
---|
72 | // Deactivate all non-standard plugins |
---|
73 | function deactivate_non_standard_plugins() |
---|
74 | { |
---|
75 | global $page; |
---|
76 | |
---|
77 | $standard_plugins = array( |
---|
78 | 'admin_multi_view', |
---|
79 | 'c13y_upgrade', |
---|
80 | 'event_tracer', |
---|
81 | 'language_switch', |
---|
82 | 'LocalFilesEditor' |
---|
83 | ); |
---|
84 | |
---|
85 | $query = ' |
---|
86 | SELECT id |
---|
87 | FROM '.PREFIX_TABLE.'plugins |
---|
88 | WHERE state = \'active\' |
---|
89 | AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\') |
---|
90 | ;'; |
---|
91 | |
---|
92 | $result = pwg_query($query); |
---|
93 | $plugins = array(); |
---|
94 | while ($row = pwg_db_fetch_assoc($result)) |
---|
95 | { |
---|
96 | array_push($plugins, $row['id']); |
---|
97 | } |
---|
98 | |
---|
99 | if (!empty($plugins)) |
---|
100 | { |
---|
101 | $query = ' |
---|
102 | UPDATE '.PREFIX_TABLE.'plugins |
---|
103 | SET state=\'inactive\' |
---|
104 | WHERE id IN (\'' . implode('\',\'', $plugins) . '\') |
---|
105 | ;'; |
---|
106 | pwg_query($query); |
---|
107 | |
---|
108 | array_push($page['infos'], |
---|
109 | l10n('As a precaution, following plugins have been deactivated. You must check for plugins upgrade before reactiving them:').'<p><i>'.implode(', ', $plugins).'</i></p>'); |
---|
110 | } |
---|
111 | } |
---|
112 | |
---|
113 | // Deactivate all non-standard themes |
---|
114 | function deactivate_non_standard_themes() |
---|
115 | { |
---|
116 | global $page; |
---|
117 | |
---|
118 | $standard_themes = array( |
---|
119 | 'clear', |
---|
120 | 'Sylvia', |
---|
121 | 'dark', |
---|
122 | ); |
---|
123 | |
---|
124 | $query = ' |
---|
125 | SELECT |
---|
126 | id, |
---|
127 | name |
---|
128 | FROM '.PREFIX_TABLE.'themes |
---|
129 | WHERE id NOT IN (\''.implode("','", $standard_themes).'\') |
---|
130 | ;'; |
---|
131 | $result = pwg_query($query); |
---|
132 | $theme_ids = array(); |
---|
133 | $theme_names = array(); |
---|
134 | while ($row = pwg_db_fetch_assoc($result)) |
---|
135 | { |
---|
136 | array_push($theme_ids, $row['id']); |
---|
137 | array_push($theme_names, $row['name']); |
---|
138 | } |
---|
139 | |
---|
140 | if (!empty($theme_ids)) |
---|
141 | { |
---|
142 | $query = ' |
---|
143 | DELETE |
---|
144 | FROM '.PREFIX_TABLE.'themes |
---|
145 | WHERE id IN (\''.implode("','", $theme_ids).'\') |
---|
146 | ;'; |
---|
147 | pwg_query($query); |
---|
148 | |
---|
149 | array_push($page['infos'], |
---|
150 | l10n('As a precaution, following themes have been deactivated. You must check for themes upgrade before reactiving them:').'<p><i>'.implode(', ', $theme_names).'</i></p>'); |
---|
151 | } |
---|
152 | } |
---|
153 | |
---|
154 | // Check access rights |
---|
155 | function check_upgrade_access_rights() |
---|
156 | { |
---|
157 | global $conf, $page, $current_release; |
---|
158 | |
---|
159 | if (version_compare($current_release, '2.0', '>=') and isset($_COOKIE[session_name()])) |
---|
160 | { |
---|
161 | // Check if user is already connected as webmaster |
---|
162 | session_start(); |
---|
163 | if (!empty($_SESSION['pwg_uid'])) |
---|
164 | { |
---|
165 | $query = ' |
---|
166 | SELECT status |
---|
167 | FROM '.USER_INFOS_TABLE.' |
---|
168 | WHERE user_id = '.$_SESSION['pwg_uid'].' |
---|
169 | ;'; |
---|
170 | pwg_query($query); |
---|
171 | |
---|
172 | $row = pwg_db_fetch_assoc(pwg_query($query)); |
---|
173 | if (isset($row['status']) and $row['status'] == 'webmaster') |
---|
174 | { |
---|
175 | define('PHPWG_IN_UPGRADE', true); |
---|
176 | return; |
---|
177 | } |
---|
178 | } |
---|
179 | } |
---|
180 | |
---|
181 | if (!isset($_POST['username']) or !isset($_POST['password'])) |
---|
182 | { |
---|
183 | return; |
---|
184 | } |
---|
185 | |
---|
186 | $username = $_POST['username']; |
---|
187 | $password = $_POST['password']; |
---|
188 | |
---|
189 | if(!@get_magic_quotes_gpc()) |
---|
190 | { |
---|
191 | $username = pwg_db_real_escape_string($username); |
---|
192 | } |
---|
193 | |
---|
194 | if (version_compare($current_release, '2.0', '<')) |
---|
195 | { |
---|
196 | $username = utf8_decode($username); |
---|
197 | $password = utf8_decode($password); |
---|
198 | } |
---|
199 | |
---|
200 | if (version_compare($current_release, '1.5', '<')) |
---|
201 | { |
---|
202 | $query = ' |
---|
203 | SELECT password, status |
---|
204 | FROM '.USERS_TABLE.' |
---|
205 | WHERE username = \''.$username.'\' |
---|
206 | ;'; |
---|
207 | } |
---|
208 | else |
---|
209 | { |
---|
210 | $query = ' |
---|
211 | SELECT u.password, ui.status |
---|
212 | FROM '.USERS_TABLE.' AS u |
---|
213 | INNER JOIN '.USER_INFOS_TABLE.' AS ui |
---|
214 | ON u.'.$conf['user_fields']['id'].'=ui.user_id |
---|
215 | WHERE '.$conf['user_fields']['username'].'=\''.$username.'\' |
---|
216 | ;'; |
---|
217 | } |
---|
218 | $row = pwg_db_fetch_assoc(pwg_query($query)); |
---|
219 | |
---|
220 | if (!isset($conf['pass_convert'])) |
---|
221 | { |
---|
222 | $conf['pass_convert'] = create_function('$s', 'return md5($s);'); |
---|
223 | } |
---|
224 | |
---|
225 | if ($row['password'] != $conf['pass_convert']($password)) |
---|
226 | { |
---|
227 | array_push($page['errors'], l10n('Invalid password!')); |
---|
228 | } |
---|
229 | elseif ($row['status'] != 'admin' and $row['status'] != 'webmaster') |
---|
230 | { |
---|
231 | array_push($page['errors'], l10n('You do not have access rights to run upgrade')); |
---|
232 | } |
---|
233 | else |
---|
234 | { |
---|
235 | define('PHPWG_IN_UPGRADE', true); |
---|
236 | } |
---|
237 | } |
---|
238 | |
---|
239 | /** |
---|
240 | * which upgrades are available ? |
---|
241 | * |
---|
242 | * @return array |
---|
243 | */ |
---|
244 | function get_available_upgrade_ids() |
---|
245 | { |
---|
246 | $upgrades_path = PHPWG_ROOT_PATH.'install/db'; |
---|
247 | |
---|
248 | $available_upgrade_ids = array(); |
---|
249 | |
---|
250 | if ($contents = opendir($upgrades_path)) |
---|
251 | { |
---|
252 | while (($node = readdir($contents)) !== false) |
---|
253 | { |
---|
254 | if (is_file($upgrades_path.'/'.$node) |
---|
255 | and preg_match('/^(.*?)-database\.php$/', $node, $match)) |
---|
256 | { |
---|
257 | array_push($available_upgrade_ids, $match[1]); |
---|
258 | } |
---|
259 | } |
---|
260 | } |
---|
261 | natcasesort($available_upgrade_ids); |
---|
262 | |
---|
263 | return $available_upgrade_ids; |
---|
264 | } |
---|
265 | |
---|
266 | |
---|
267 | /** |
---|
268 | * returns true if there are available upgrade files |
---|
269 | */ |
---|
270 | function check_upgrade_feed() |
---|
271 | { |
---|
272 | // retrieve already applied upgrades |
---|
273 | $query = ' |
---|
274 | SELECT id |
---|
275 | FROM '.UPGRADE_TABLE.' |
---|
276 | ;'; |
---|
277 | $applied = array_from_query($query, 'id'); |
---|
278 | |
---|
279 | // retrieve existing upgrades |
---|
280 | $existing = get_available_upgrade_ids(); |
---|
281 | |
---|
282 | // which upgrades need to be applied? |
---|
283 | return (count(array_diff($existing, $applied)) > 0); |
---|
284 | } |
---|
285 | |
---|
286 | function upgrade_db_connect() |
---|
287 | { |
---|
288 | global $conf; |
---|
289 | |
---|
290 | try |
---|
291 | { |
---|
292 | $pwg_db_link = pwg_db_connect($conf['db_host'], $conf['db_user'], $conf['db_password'], $conf['db_base']); |
---|
293 | if ($pwg_db_link) |
---|
294 | { |
---|
295 | pwg_db_check_version(); |
---|
296 | } |
---|
297 | } |
---|
298 | catch (Exception $e) |
---|
299 | { |
---|
300 | my_error(l10n($e->getMessage()), true); |
---|
301 | } |
---|
302 | } |
---|
303 | ?> |
---|