Context Navigation

source: trunk/include/functions.inc.php @ 12878

Last change on this file since 12878 was 12878, checked in by rvelices, 12 years ago
bug 2553 hide menubar/register on indentification page if gallery is locked or guest_access is false
Property svn:eol-style set to `LF`
File size: 42.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2012 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	include_once( PHPWG_ROOT_PATH .'include/functions_user.inc.php' );
25	include_once( PHPWG_ROOT_PATH .'include/functions_cookie.inc.php' );
26	include_once( PHPWG_ROOT_PATH .'include/functions_session.inc.php' );
27	include_once( PHPWG_ROOT_PATH .'include/functions_category.inc.php' );
28	include_once( PHPWG_ROOT_PATH .'include/functions_xml.inc.php' );
29	include_once( PHPWG_ROOT_PATH .'include/functions_html.inc.php' );
30	include_once( PHPWG_ROOT_PATH .'include/functions_tag.inc.php' );
31	include_once( PHPWG_ROOT_PATH .'include/functions_url.inc.php' );
32	include_once( PHPWG_ROOT_PATH .'include/functions_plugins.inc.php' );
33	include_once( PHPWG_ROOT_PATH .'include/derivative_params.inc.php');
34	include_once( PHPWG_ROOT_PATH .'include/derivative_std_params.inc.php');
35	include_once( PHPWG_ROOT_PATH .'include/derivative.inc.php');
36
37	//----------------------------------------------------------- generic functions
38
39	/**
40	* stupidly returns the current microsecond since Unix epoch
41	*/
42	function micro_seconds()
43	{
44	$t1 = explode(' ', microtime());
45	$t2 = explode('.', $t1[0]);
46	$t2 = $t1[1].substr($t2[1], 0, 6);
47	return $t2;
48	}
49
50	// The function get_moment returns a float value coresponding to the number
51	// of seconds since the unix epoch (1st January 1970) and the microseconds
52	// are precised : e.g. 1052343429.89276600
53	function get_moment()
54	{
55	$t1 = explode( ' ', microtime() );
56	$t2 = explode( '.', $t1[0] );
57	$t2 = $t1[1].'.'.$t2[1];
58	return $t2;
59	}
60
61	// The function get_elapsed_time returns the number of seconds (with 3
62	// decimals precision) between the start time and the end time given.
63	function get_elapsed_time( $start, $end )
64	{
65	return number_format( $end - $start, 3, '.', ' ').' s';
66	}
67
68	// - The replace_space function replaces space and '-' characters
69	// by their HTML equivalent &nbsb; and −
70	// - The function does not replace characters in HTML tags
71	// - This function was created because IE5 does not respect the
72	// CSS "white-space: nowrap;" property unless space and minus
73	// characters are replaced like this function does.
74	// - Example :
75	// <div class="foo">My friend</div>
76	// ( 01234567891111111111222222222233 )
77	// ( 0123456789012345678901 )
78	// becomes :
79	// <div class="foo">My friend</div>
80	function replace_space( $string )
81	{
82	//return $string;
83	$return_string = '';
84	// $remaining is the rest of the string where to replace spaces characters
85	$remaining = $string;
86	// $start represents the position of the next '<' character
87	// $end represents the position of the next '>' character
88	; // -> 0
89	$end = strpos ( $remaining, '>' ); // -> 16
90	// as long as a '<' and his friend '>' are found, we loop
91	while ( ($start=strpos( $remaining, '<' )) !==false
92	and ($end=strpos( $remaining, '>' )) !== false )
93	{
94	// $treatment is the part of the string to treat
95	// In the first loop of our example, this variable is empty, but in the
96	// second loop, it equals 'My friend'
97	$treatment = substr ( $remaining, 0, $start );
98	// Replacement of ' ' by his equivalent ' '
99	$treatment = str_replace( ' ', ' ', $treatment );
100	$treatment = str_replace( '-', '−', $treatment );
101	// composing the string to return by adding the treated string and the
102	// following HTML tag -> 'My friend</div>'
103	$return_string.= $treatment.substr( $remaining, $start, $end-$start+1 );
104	// the remaining string is deplaced to the part after the '>' of this
105	// loop
106	$remaining = substr ( $remaining, $end + 1, strlen( $remaining ) );
107	}
108	$treatment = str_replace( ' ', ' ', $remaining );
109	$treatment = str_replace( '-', '−', $treatment );
110	$return_string.= $treatment;
111
112	return $return_string;
113	}
114
115	// get_extension returns the part of the string after the last "."
116	function get_extension( $filename )
117	{
118	return substr( strrchr( $filename, '.' ), 1, strlen ( $filename ) );
119	}
120
121	// get_filename_wo_extension returns the part of the string before the last
122	// ".".
123	// get_filename_wo_extension( 'test.tar.gz' ) -> 'test.tar'
124	function get_filename_wo_extension( $filename )
125	{
126	$pos = strrpos( $filename, '.' );
127	return ($pos===false) ? $filename : substr( $filename, 0, $pos);
128	}
129
130	/**
131	* returns an array contening sub-directories, excluding ".svn"
132	*
133	* @param string $dir
134	* @return array
135	*/
136	function get_dirs($directory)
137	{
138	$sub_dirs = array();
139	if ($opendir = opendir($directory))
140	{
141	while ($file = readdir($opendir))
142	{
143	if ($file != '.'
144	and $file != '..'
145	and is_dir($directory.'/'.$file)
146	and $file != '.svn')
147	{
148	array_push($sub_dirs, $file);
149	}
150	}
151	closedir($opendir);
152	}
153	return $sub_dirs;
154	}
155
156	define('MKGETDIR_NONE', 0);
157	define('MKGETDIR_RECURSIVE', 1);
158	define('MKGETDIR_DIE_ON_ERROR', 2);
159	define('MKGETDIR_PROTECT_INDEX', 4);
160	define('MKGETDIR_PROTECT_HTACCESS', 8);
161	define('MKGETDIR_DEFAULT', 7);
162	/**
163	* creates directory if not exists; ensures that directory is writable
164	* @param:
165	* string $dir
166	* int $flags combination of MKGETDIR_xxx
167	* @return bool false on error else true
168	*/
169	function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
170	{
171	if ( !is_dir($dir) )
172	{
173	global $conf;
174	if (substr(PHP_OS, 0, 3) == 'WIN')
175	{
176	$dir = str_replace('/', DIRECTORY_SEPARATOR, $dir);
177	}
178	$umask = umask(0);
179	$mkd = @mkdir($dir, $conf['chmod_value'], ($flags&MKGETDIR_RECURSIVE) ? true:false );
180	umask($umask);
181	if ($mkd==false)
182	{
183	!($flags&MKGETDIR_DIE_ON_ERROR) or fatal_error( "$dir ".l10n('no write access'));
184	return false;
185	}
186	if( $flags&MKGETDIR_PROTECT_HTACCESS )
187	{
188	$file = $dir.'/.htaccess';
189	file_exists($file) or @file_put_contents( $file, 'deny from all' );
190	}
191	if( $flags&MKGETDIR_PROTECT_INDEX )
192	{
193	$file = $dir.'/index.htm';
194	file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
195	}
196	}
197	if ( !is_writable($dir) )
198	{
199	!($flags&MKGETDIR_DIE_ON_ERROR) or fatal_error( "$dir ".l10n('no write access'));
200	return false;
201	}
202	return true;
203	}
204
205	/**
206	* returns thumbnail directory name of input diretoty name
207	* make thumbnail directory is necessary
208	* set error messages on array messages
209	*
210	* @param:
211	* string $dirname
212	* arrayy $errors
213	* @return bool false on error else string directory name
214	*/
215	function mkget_thumbnail_dir($dirname, &$errors)
216	{
217	global $conf;
218
219	$tndir = $dirname.'/'.$conf['dir_thumbnail'];
220	if (! mkgetdir($tndir, MKGETDIR_NONE) )
221	{
222	array_push($errors,
223	'['.$dirname.'] : '.l10n('no write access'));
224	return false;
225	}
226	return $tndir;
227	}
228
229	/* Returns true if the string appears to be encoded in UTF-8. (from wordpress)
230	* @param string Str
231	*/
232	function seems_utf8($Str) { # by bmorel at ssi dot fr
233	for ($i=0; $i<strlen($Str); $i++) {
234	if (ord($Str[$i]) < 0x80) continue; # 0bbbbbbb
235	elseif ((ord($Str[$i]) & 0xE0) == 0xC0) $n=1; # 110bbbbb
236	elseif ((ord($Str[$i]) & 0xF0) == 0xE0) $n=2; # 1110bbbb
237	elseif ((ord($Str[$i]) & 0xF8) == 0xF0) $n=3; # 11110bbb
238	elseif ((ord($Str[$i]) & 0xFC) == 0xF8) $n=4; # 111110bb
239	elseif ((ord($Str[$i]) & 0xFE) == 0xFC) $n=5; # 1111110b
240	else return false; # Does not match any model
241	for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
242	if ((++$i == strlen($Str)) \|\| ((ord($Str[$i]) & 0xC0) != 0x80))
243	return false;
244	}
245	}
246	return true;
247	}
248
249	/* Remove accents from a UTF-8 or ISO-859-1 string (from wordpress)
250	* @param string sstring - an UTF-8 or ISO-8859-1 string
251	*/
252	function remove_accents($string)
253	{
254	if ( !preg_match('/[\x80-\xff]/', $string) )
255	return $string;
256
257	if (seems_utf8($string)) {
258	$chars = array(
259	// Decompositions for Latin-1 Supplement
260	"\xc3\x80"=>'A', "\xc3\x81"=>'A',
261	"\xc3\x82"=>'A', "\xc3\x83"=>'A',
262	"\xc3\x84"=>'A', "\xc3\x85"=>'A',
263	"\xc3\x87"=>'C', "\xc3\x88"=>'E',
264	"\xc3\x89"=>'E', "\xc3\x8a"=>'E',
265	"\xc3\x8b"=>'E', "\xc3\x8c"=>'I',
266	"\xc3\x8d"=>'I', "\xc3\x8e"=>'I',
267	"\xc3\x8f"=>'I', "\xc3\x91"=>'N',
268	"\xc3\x92"=>'O', "\xc3\x93"=>'O',
269	"\xc3\x94"=>'O', "\xc3\x95"=>'O',
270	"\xc3\x96"=>'O', "\xc3\x99"=>'U',
271	"\xc3\x9a"=>'U', "\xc3\x9b"=>'U',
272	"\xc3\x9c"=>'U', "\xc3\x9d"=>'Y',
273	"\xc3\x9f"=>'s', "\xc3\xa0"=>'a',
274	"\xc3\xa1"=>'a', "\xc3\xa2"=>'a',
275	"\xc3\xa3"=>'a', "\xc3\xa4"=>'a',
276	"\xc3\xa5"=>'a', "\xc3\xa7"=>'c',
277	"\xc3\xa8"=>'e', "\xc3\xa9"=>'e',
278	"\xc3\xaa"=>'e', "\xc3\xab"=>'e',
279	"\xc3\xac"=>'i', "\xc3\xad"=>'i',
280	"\xc3\xae"=>'i', "\xc3\xaf"=>'i',
281	"\xc3\xb1"=>'n', "\xc3\xb2"=>'o',
282	"\xc3\xb3"=>'o', "\xc3\xb4"=>'o',
283	"\xc3\xb5"=>'o', "\xc3\xb6"=>'o',
284	"\xc3\xb9"=>'u', "\xc3\xba"=>'u',
285	"\xc3\xbb"=>'u', "\xc3\xbc"=>'u',
286	"\xc3\xbd"=>'y', "\xc3\xbf"=>'y',
287	// Decompositions for Latin Extended-A
288	"\xc4\x80"=>'A', "\xc4\x81"=>'a',
289	"\xc4\x82"=>'A', "\xc4\x83"=>'a',
290	"\xc4\x84"=>'A', "\xc4\x85"=>'a',
291	"\xc4\x86"=>'C', "\xc4\x87"=>'c',
292	"\xc4\x88"=>'C', "\xc4\x89"=>'c',
293	"\xc4\x8a"=>'C', "\xc4\x8b"=>'c',
294	"\xc4\x8c"=>'C', "\xc4\x8d"=>'c',
295	"\xc4\x8e"=>'D', "\xc4\x8f"=>'d',
296	"\xc4\x90"=>'D', "\xc4\x91"=>'d',
297	"\xc4\x92"=>'E', "\xc4\x93"=>'e',
298	"\xc4\x94"=>'E', "\xc4\x95"=>'e',
299	"\xc4\x96"=>'E', "\xc4\x97"=>'e',
300	"\xc4\x98"=>'E', "\xc4\x99"=>'e',
301	"\xc4\x9a"=>'E', "\xc4\x9b"=>'e',
302	"\xc4\x9c"=>'G', "\xc4\x9d"=>'g',
303	"\xc4\x9e"=>'G', "\xc4\x9f"=>'g',
304	"\xc4\xa0"=>'G', "\xc4\xa1"=>'g',
305	"\xc4\xa2"=>'G', "\xc4\xa3"=>'g',
306	"\xc4\xa4"=>'H', "\xc4\xa5"=>'h',
307	"\xc4\xa6"=>'H', "\xc4\xa7"=>'h',
308	"\xc4\xa8"=>'I', "\xc4\xa9"=>'i',
309	"\xc4\xaa"=>'I', "\xc4\xab"=>'i',
310	"\xc4\xac"=>'I', "\xc4\xad"=>'i',
311	"\xc4\xae"=>'I', "\xc4\xaf"=>'i',
312	"\xc4\xb0"=>'I', "\xc4\xb1"=>'i',
313	"\xc4\xb2"=>'IJ', "\xc4\xb3"=>'ij',
314	"\xc4\xb4"=>'J', "\xc4\xb5"=>'j',
315	"\xc4\xb6"=>'K', "\xc4\xb7"=>'k',
316	"\xc4\xb8"=>'k', "\xc4\xb9"=>'L',
317	"\xc4\xba"=>'l', "\xc4\xbb"=>'L',
318	"\xc4\xbc"=>'l', "\xc4\xbd"=>'L',
319	"\xc4\xbe"=>'l', "\xc4\xbf"=>'L',
320	"\xc5\x80"=>'l', "\xc5\x81"=>'L',
321	"\xc5\x82"=>'l', "\xc5\x83"=>'N',
322	"\xc5\x84"=>'n', "\xc5\x85"=>'N',
323	"\xc5\x86"=>'n', "\xc5\x87"=>'N',
324	"\xc5\x88"=>'n', "\xc5\x89"=>'N',
325	"\xc5\x8a"=>'n', "\xc5\x8b"=>'N',
326	"\xc5\x8c"=>'O', "\xc5\x8d"=>'o',
327	"\xc5\x8e"=>'O', "\xc5\x8f"=>'o',
328	"\xc5\x90"=>'O', "\xc5\x91"=>'o',
329	"\xc5\x92"=>'OE', "\xc5\x93"=>'oe',
330	"\xc5\x94"=>'R', "\xc5\x95"=>'r',
331	"\xc5\x96"=>'R', "\xc5\x97"=>'r',
332	"\xc5\x98"=>'R', "\xc5\x99"=>'r',
333	"\xc5\x9a"=>'S', "\xc5\x9b"=>'s',
334	"\xc5\x9c"=>'S', "\xc5\x9d"=>'s',
335	"\xc5\x9e"=>'S', "\xc5\x9f"=>'s',
336	"\xc5\xa0"=>'S', "\xc5\xa1"=>'s',
337	"\xc5\xa2"=>'T', "\xc5\xa3"=>'t',
338	"\xc5\xa4"=>'T', "\xc5\xa5"=>'t',
339	"\xc5\xa6"=>'T', "\xc5\xa7"=>'t',
340	"\xc5\xa8"=>'U', "\xc5\xa9"=>'u',
341	"\xc5\xaa"=>'U', "\xc5\xab"=>'u',
342	"\xc5\xac"=>'U', "\xc5\xad"=>'u',
343	"\xc5\xae"=>'U', "\xc5\xaf"=>'u',
344	"\xc5\xb0"=>'U', "\xc5\xb1"=>'u',
345	"\xc5\xb2"=>'U', "\xc5\xb3"=>'u',
346	"\xc5\xb4"=>'W', "\xc5\xb5"=>'w',
347	"\xc5\xb6"=>'Y', "\xc5\xb7"=>'y',
348	"\xc5\xb8"=>'Y', "\xc5\xb9"=>'Z',
349	"\xc5\xba"=>'z', "\xc5\xbb"=>'Z',
350	"\xc5\xbc"=>'z', "\xc5\xbd"=>'Z',
351	"\xc5\xbe"=>'z', "\xc5\xbf"=>'s',
352	// Euro Sign
353	"\xe2\x82\xac"=>'E',
354	// GBP (Pound) Sign
355	"\xc2\xa3"=>'');
356
357	$string = strtr($string, $chars);
358	} else {
359	// Assume ISO-8859-1 if not UTF-8
360	$chars['in'] = chr(128).chr(131).chr(138).chr(142).chr(154).chr(158)
361	.chr(159).chr(162).chr(165).chr(181).chr(192).chr(193).chr(194)
362	.chr(195).chr(196).chr(197).chr(199).chr(200).chr(201).chr(202)
363	.chr(203).chr(204).chr(205).chr(206).chr(207).chr(209).chr(210)
364	.chr(211).chr(212).chr(213).chr(214).chr(216).chr(217).chr(218)
365	.chr(219).chr(220).chr(221).chr(224).chr(225).chr(226).chr(227)
366	.chr(228).chr(229).chr(231).chr(232).chr(233).chr(234).chr(235)
367	.chr(236).chr(237).chr(238).chr(239).chr(241).chr(242).chr(243)
368	.chr(244).chr(245).chr(246).chr(248).chr(249).chr(250).chr(251)
369	.chr(252).chr(253).chr(255);
370
371	$chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
372
373	$string = strtr($string, $chars['in'], $chars['out']);
374	$double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
375	$double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
376	$string = str_replace($double_chars['in'], $double_chars['out'], $string);
377	}
378
379	return $string;
380	}
381
382	/**
383	* simplify a string to insert it into an URL
384	*
385	* @param string
386	* @return string
387	*/
388	function str2url($str)
389	{
390	$raw = $str;
391
392	$str = remove_accents($str);
393	$str = preg_replace('/[^a-z0-9_\s\'\:\/\[\],-]/','',strtolower($str));
394	$str = preg_replace('/[\s\'\:\/\[\],-]+/',' ',trim($str));
395	$res = str_replace(' ','_',$str);
396
397	if (empty($res))
398	{
399	$res = str_replace(' ','_', $raw);
400	}
401
402	return $res;
403	}
404
405	//-------------------------------------------- Piwigo specific functions
406
407	/**
408	* returns an array with a list of {language_code => language_name}
409	*
410	* @returns array
411	*/
412	function get_languages()
413	{
414	$query = '
415	SELECT id, name
416	FROM '.LANGUAGES_TABLE.'
417	ORDER BY name ASC
418	;';
419	$result = pwg_query($query);
420
421	$languages = array();
422	while ($row = pwg_db_fetch_assoc($result))
423	{
424	if (is_dir(PHPWG_ROOT_PATH.'language/'.$row['id']))
425	{
426	$languages[ $row['id'] ] = $row['name'];
427	}
428	}
429
430	return $languages;
431	}
432
433	function pwg_log($image_id = null, $image_type = null)
434	{
435	global $conf, $user, $page;
436
437	$do_log = $conf['log'];
438	if (is_admin())
439	{
440	$do_log = $conf['history_admin'];
441	}
442	if (is_a_guest())
443	{
444	$do_log = $conf['history_guest'];
445	}
446
447	$do_log = trigger_event('pwg_log_allowed', $do_log, $image_id, $image_type);
448
449	if (!$do_log)
450	{
451	return false;
452	}
453
454	$tags_string = null;
455	if ('tags'==@$page['section'])
456	{
457	$tags_string = implode(',', $page['tag_ids']);
458	}
459
460	$query = '
461	INSERT INTO '.HISTORY_TABLE.'
462	(
463	date,
464	time,
465	user_id,
466	IP,
467	section,
468	category_id,
469	image_id,
470	image_type,
471	tag_ids
472	)
473	VALUES
474	(
475	CURRENT_DATE,
476	CURRENT_TIME,
477	'.$user['id'].',
478	\''.$_SERVER['REMOTE_ADDR'].'\',
479	'.(isset($page['section']) ? "'".$page['section']."'" : 'NULL').',
480	'.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').',
481	'.(isset($image_id) ? $image_id : 'NULL').',
482	'.(isset($image_type) ? "'".$image_type."'" : 'NULL').',
483	'.(isset($tags_string) ? "'".$tags_string."'" : 'NULL').'
484	)
485	;';
486	pwg_query($query);
487
488	return true;
489	}
490
491	// format_date returns a formatted date for display. The date given in
492	// argument must be an american format (2003-09-15). By option, you can show the time.
493	// The output is internationalized.
494	//
495	// format_date( "2003-09-15", true ) -> "Monday 15 September 2003 21:52"
496	function format_date($date, $show_time = false)
497	{
498	global $lang;
499
500	if (strpos($date, '0') == 0)
501	{
502	return l10n('N/A');
503	}
504
505	$ymdhms = array();
506	$tok = strtok( $date, '- :');
507	while ($tok !== false)
508	{
509	$ymdhms[] = $tok;
510	$tok = strtok('- :');
511	}
512
513	if ( count($ymdhms)<3 )
514	{
515	return false;
516	}
517
518	$formated_date = '';
519	// before 1970, Microsoft Windows can't mktime
520	if ($ymdhms[0] >= 1970)
521	{
522	// we ask midday because Windows think it's prior to midnight with a
523	// zero and refuse to work
524	$formated_date.= $lang['day'][date('w', mktime(12,0,0,$ymdhms[1],$ymdhms[2],$ymdhms[0]))];
525	}
526	$formated_date.= ' '.$ymdhms[2];
527	$formated_date.= ' '.$lang['month'][(int)$ymdhms[1]];
528	$formated_date.= ' '.$ymdhms[0];
529	if ($show_time and count($ymdhms)>=5 )
530	{
531	$formated_date.= ' '.$ymdhms[3].':'.$ymdhms[4];
532	}
533	return $formated_date;
534	}
535
536	function pwg_debug( $string )
537	{
538	global $debug,$t2,$page;
539
540	$now = explode( ' ', microtime() );
541	$now2 = explode( '.', $now[0] );
542	$now2 = $now[1].'.'.$now2[1];
543	$time = number_format( $now2 - $t2, 3, '.', ' ').' s';
544	$debug .= '<p>';
545	$debug.= '['.$time.', ';
546	$debug.= $page['count_queries'].' queries] : '.$string;
547	$debug.= "</p>\n";
548	}
549
550	/**
551	* Redirects to the given URL (HTTP method)
552	*
553	* Note : once this function called, the execution doesn't go further
554	* (presence of an exit() instruction.
555	*
556	* @param string $url
557	* @return void
558	*/
559	function redirect_http( $url )
560	{
561	if (ob_get_length () !== FALSE)
562	{
563	ob_clean();
564	}
565	// default url is on html format
566	$url = html_entity_decode($url);
567	header('Request-URI: '.$url);
568	header('Content-Location: '.$url);
569	header('Location: '.$url);
570	exit();
571	}
572
573	/**
574	* Redirects to the given URL (HTML method)
575	*
576	* Note : once this function called, the execution doesn't go further
577	* (presence of an exit() instruction.
578	*
579	* @param string $url
580	* @param string $title_msg
581	* @param integer $refreh_time
582	* @return void
583	*/
584	function redirect_html( $url , $msg = '', $refresh_time = 0)
585	{
586	global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
587
588	if (!isset($lang_info) \|\| !isset($template) )
589	{
590	$user = build_user( $conf['guest_id'], true);
591	load_language('common.lang');
592	trigger_action('loading_lang');
593	load_language('lang', PHPWG_ROOT_PATH.PWG_LOCAL_DIR, array('no_fallback'=>true, 'local'=>true) );
594	$template = new Template(PHPWG_ROOT_PATH.'themes', get_default_theme());
595	}
596	elseif (defined('IN_ADMIN') and IN_ADMIN)
597	{
598	$template = new Template(PHPWG_ROOT_PATH.'themes', get_default_theme());
599	}
600
601	if (empty($msg))
602	{
603	$msg = nl2br(l10n('Redirection...'));
604	}
605
606	$refresh = $refresh_time;
607	$url_link = $url;
608	$title = 'redirection';
609
610	$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
611
612	include( PHPWG_ROOT_PATH.'include/page_header.php' );
613
614	$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
615	$template->assign('REDIRECT_MSG', $msg);
616
617	$template->parse('redirect');
618
619	include( PHPWG_ROOT_PATH.'include/page_tail.php' );
620
621	exit();
622	}
623
624	/**
625	* Redirects to the given URL (Switch to HTTP method or HTML method)
626	*
627	* Note : once this function called, the execution doesn't go further
628	* (presence of an exit() instruction.
629	*
630	* @param string $url
631	* @param string $title_msg
632	* @param integer $refreh_time
633	* @return void
634	*/
635	function redirect( $url , $msg = '', $refresh_time = 0)
636	{
637	global $conf;
638
639	// with RefeshTime <> 0, only html must be used
640	if ($conf['default_redirect_method']=='http'
641	and $refresh_time==0
642	and !headers_sent()
643	)
644	{
645	redirect_http($url);
646	}
647	else
648	{
649	redirect_html($url, $msg, $refresh_time);
650	}
651	}
652
653	/**
654	* returns $_SERVER['QUERY_STRING'] whitout keys given in parameters
655	*
656	* @param array $rejects
657	* @param boolean $escape - if true escape & to & (for html)
658	* @returns string
659	*/
660	function get_query_string_diff($rejects=array(), $escape=true)
661	{
662	if (empty($_SERVER['QUERY_STRING']))
663	{
664	return '';
665	}
666
667	$query_string = '';
668
669	$str = $_SERVER['QUERY_STRING'];
670	parse_str($str, $vars);
671
672	$is_first = true;
673	foreach ($vars as $key => $value)
674	{
675	if (!in_array($key, $rejects))
676	{
677	$query_string.= $is_first ? '?' : ($escape ? '&' : '&' );
678	$is_first = false;
679	$query_string.= $key.'='.$value;
680	}
681	}
682
683	return $query_string;
684	}
685
686	function url_is_remote($url)
687	{
688	if ( strncmp($url, 'http://', 7)==0
689	or strncmp($url, 'https://', 8)==0 )
690	{
691	return true;
692	}
693	return false;
694	}
695
696	/**
697	* returns available themes
698	*/
699	function get_pwg_themes()
700	{
701	global $conf;
702
703	$themes = array();
704
705	$query = '
706	SELECT
707	id,
708	name
709	FROM '.THEMES_TABLE.'
710	ORDER BY name ASC
711	;';
712	$result = pwg_query($query);
713	while ($row = pwg_db_fetch_assoc($result))
714	{
715	if (check_theme_installed($row['id']))
716	{
717	$themes[ $row['id'] ] = $row['name'];
718	}
719	}
720
721	// plugins want remove some themes based on user status maybe?
722	$themes = trigger_event('get_pwg_themes', $themes);
723
724	return $themes;
725	}
726
727	function check_theme_installed($theme_id)
728	{
729	global $conf;
730
731	return file_exists($conf['themes_dir'].'/'.$theme_id.'/'.'themeconf.inc.php');
732	}
733
734	/** Transforms an original path to its pwg representative */
735	function original_to_representative($path, $representative_ext)
736	{
737	$pos = strrpos($path, '/');
738	$path = substr_replace($path, 'pwg_representative/', $pos+1, 0);
739	$pos = strrpos($path, '.');
740	return substr_replace($path, $representative_ext, $pos+1);
741	}
742
743	/**
744	* @param element_info array containing element information from db;
745	* at least 'id', 'path' should be present
746	*/
747	function get_element_path($element_info)
748	{
749	$path = $element_info['path'];
750	if ( !url_is_remote($path) )
751	{
752	$path = PHPWG_ROOT_PATH.$path;
753	}
754	return $path;
755	}
756
757
758	/* Returns the PATH to the thumbnail to be displayed. If the element does not
759	* have a thumbnail, the default mime image path is returned. The PATH can be
760	* used in the php script, but not sent to the browser.
761	* @param array element_info assoc array containing element info from db
762	* at least 'path', 'tn_ext' and 'id' should be present
763	*/
764	function get_thumbnail_path($element_info)
765	{
766	$path = get_thumbnail_location($element_info);
767	if ( !url_is_remote($path) )
768	{
769	$path = PHPWG_ROOT_PATH.$path;
770	}
771	return $path;
772	}
773
774	/* Returns the URL of the thumbnail to be displayed. If the element does not
775	* have a thumbnail, the default mime image url is returned. The URL can be
776	* sent to the browser, but not used in the php script.
777	* @param array element_info assoc array containing element info from db
778	* at least 'path', 'tn_ext' and 'id' should be present
779	*/
780	function get_thumbnail_url($element_info)
781	{
782	$loc = $url = get_thumbnail_location($element_info);
783	if ( !url_is_remote($loc) )
784	{
785	$url = (get_root_url().$loc);
786	}
787	// plugins want another url ?
788	$url = trigger_event('get_thumbnail_url', $url, $element_info, $loc);
789	return embellish_url($url);
790	}
791
792	/* returns the relative path of the thumnail with regards to to the root
793	of piwigo (not the current page!).This function is not intended to be
794	called directly from code.*/
795	function get_thumbnail_location($element_info)
796	{
797	global $conf;
798	if ( !empty( $element_info['tn_ext'] ) )
799	{
800	$path = substr_replace(
801	get_filename_wo_extension($element_info['path']),
802	'/'.$conf['dir_thumbnail'].'/'.$conf['prefix_thumbnail'],
803	strrpos($element_info['path'],'/'),
804	1
805	);
806	$path.= '.'.$element_info['tn_ext'];
807	}
808	else
809	{
810	$path = get_themeconf('mime_icon_dir')
811	.strtolower(get_extension($element_info['path'])).'.png';
812	// plugins want another location ?
813	$path = trigger_event( 'get_thumbnail_location', $path, $element_info);
814	}
815	return $path;
816	}
817
818	/**
819	* returns the title of the thumbnail based on photo properties
820	*/
821	function get_thumbnail_title($info)
822	{
823	global $conf, $user;
824
825	$title = get_picture_title($info);
826
827	$details = array();
828
829	if (!empty($info['hit']))
830	{
831	$details[] = $info['hit'].' '.strtolower(l10n('Visits'));
832	}
833
834	if ($conf['rate'] and !empty($info['rating_score']))
835	{
836	$details[] = strtolower(l10n('Rating score')).' '.$info['rating_score'];
837	}
838
839	if (isset($info['nb_comments']) and $info['nb_comments'] != 0)
840	{
841	$details[] = l10n_dec('%d comment', '%d comments', $info['nb_comments']);
842	}
843
844	if (count($details) > 0)
845	{
846	$title.= ' ('.implode(', ', $details).')';
847	}
848
849	if (!empty($info['comment']))
850	{
851	$info['comment'] = trigger_event('render_element_description', $info['comment']);
852	$title.= ' '.substr($info['comment'], 0, 100).(strlen($info['comment']) > 100 ? '...' : '');
853	}
854
855	$title = htmlspecialchars(strip_tags($title));
856
857	$title = trigger_event('get_thumbnail_title', $title, $info);
858
859	return $title;
860	}
861
862	/**
863	* fill the current user caddie with given elements, if not already in
864	* caddie
865	*
866	* @param array elements_id
867	*/
868	function fill_caddie($elements_id)
869	{
870	global $user;
871
872	$query = '
873	SELECT element_id
874	FROM '.CADDIE_TABLE.'
875	WHERE user_id = '.$user['id'].'
876	;';
877	$in_caddie = array_from_query($query, 'element_id');
878
879	$caddiables = array_diff($elements_id, $in_caddie);
880
881	$datas = array();
882
883	foreach ($caddiables as $caddiable)
884	{
885	array_push($datas, array('element_id' => $caddiable,
886	'user_id' => $user['id']));
887	}
888
889	if (count($caddiables) > 0)
890	{
891	mass_inserts(CADDIE_TABLE, array('element_id','user_id'), $datas);
892	}
893	}
894
895	/**
896	* returns the element name from its filename
897	*
898	* @param string filename
899	* @return string name
900	*/
901	function get_name_from_file($filename)
902	{
903	return str_replace('_',' ',get_filename_wo_extension($filename));
904	}
905
906	/**
907	*/
908	function get_picture_title($info)
909	{
910	if (isset($info['name']) and !empty($info['name']))
911	{
912	return trigger_event('render_element_description', $info['name']);
913	}
914
915	return get_name_from_file($info['file']);
916	}
917
918	/**
919	* returns the corresponding value from $lang if existing. Else, the key is
920	* returned
921	*
922	* @param string key
923	* @return string
924	*/
925	function l10n($key, $textdomain='messages')
926	{
927	global $lang, $conf;
928
929	if ($conf['debug_l10n'] and !isset($lang[$key]) and !empty($key))
930	{
931	trigger_error('[l10n] language key "'.$key.'" is not defined', E_USER_WARNING);
932	}
933
934	return isset($lang[$key]) ? $lang[$key] : $key;
935	}
936
937	/**
938	* returns the prinft value for strings including %d
939	* return is concorded with decimal value (singular, plural)
940	*
941	* @param singular string key
942	* @param plural string key
943	* @param decimal value
944	* @return string
945	*/
946	function l10n_dec($singular_fmt_key, $plural_fmt_key, $decimal)
947	{
948	global $lang_info;
949
950	return
951	sprintf(
952	l10n((
953	(($decimal > 1) or ($decimal == 0 and $lang_info['zero_plural']))
954	? $plural_fmt_key
955	: $singular_fmt_key
956	)), $decimal);
957	}
958
959	/*
960	* returns a single element to use with l10n_args
961	*
962	* @param string key: translation key
963	* @param array/string/../number args:
964	* arguments to use on sprintf($key, args)
965	* if args is a array, each values are used on sprintf
966	* @return string
967	*/
968	function get_l10n_args($key, $args)
969	{
970	if (is_array($args))
971	{
972	$key_arg = array_merge(array($key), $args);
973	}
974	else
975	{
976	$key_arg = array($key, $args);
977	}
978	return array('key_args' => $key_arg);
979	}
980
981	/*
982	* returns a string with formated with l10n_args elements
983	*
984	* @param element/array $key_args: element or array of l10n_args elements
985	* @param $sep: if $key_args is array,
986	* separator is used when translated l10n_args elements are concated
987	* @return string
988	*/
989	function l10n_args($key_args, $sep = "\n")
990	{
991	if (is_array($key_args))
992	{
993	foreach ($key_args as $key => $element)
994	{
995	if (isset($result))
996	{
997	$result .= $sep;
998	}
999	else
1000	{
1001	$result = '';
1002	}
1003
1004	if ($key === 'key_args')
1005	{
1006	array_unshift($element, l10n(array_shift($element)));
1007	$result .= call_user_func_array('sprintf', $element);
1008	}
1009	else
1010	{
1011	$result .= l10n_args($element, $sep);
1012	}
1013	}
1014	}
1015	else
1016	{
1017	fatal_error('l10n_args: Invalid arguments');
1018	}
1019
1020	return $result;
1021	}
1022
1023	/**
1024	* returns the corresponding value from $themeconf if existing. Else, the
1025	* key is returned
1026	*
1027	* @param string key
1028	* @return string
1029	*/
1030	function get_themeconf($key)
1031	{
1032	global $template;
1033
1034	return $template->get_themeconf($key);
1035	}
1036
1037	/**
1038	* Returns webmaster mail address depending on $conf['webmaster_id']
1039	*
1040	* @return string
1041	*/
1042	function get_webmaster_mail_address()
1043	{
1044	global $conf;
1045
1046	$query = '
1047	SELECT '.$conf['user_fields']['email'].'
1048	FROM '.USERS_TABLE.'
1049	WHERE '.$conf['user_fields']['id'].' = '.$conf['webmaster_id'].'
1050	;';
1051	list($email) = pwg_db_fetch_row(pwg_query($query));
1052
1053	return $email;
1054	}
1055
1056	/**
1057	* Add configuration parameters from database to global $conf array
1058	*
1059	* @return void
1060	*/
1061	function load_conf_from_db($condition = '')
1062	{
1063	global $conf;
1064
1065	$query = '
1066	SELECT param, value
1067	FROM '.CONFIG_TABLE.'
1068	'.(!empty($condition) ? 'WHERE '.$condition : '').'
1069	;';
1070	$result = pwg_query($query);
1071
1072	if ((pwg_db_num_rows($result) == 0) and !empty($condition))
1073	{
1074	fatal_error('No configuration data');
1075	}
1076
1077	while ($row = pwg_db_fetch_assoc($result))
1078	{
1079	$val = isset($row['value']) ? $row['value'] : '';
1080	// If the field is true or false, the variable is transformed into a boolean value.
1081	if ($val == 'true')
1082	{
1083	$val = true;
1084	}
1085	elseif ($val == 'false')
1086	{
1087	$val = false;
1088	}
1089	$conf[ $row['param'] ] = $val;
1090	}
1091	}
1092
1093	function conf_update_param($param, $value)
1094	{
1095	$query = '
1096	SELECT
1097	param,
1098	value
1099	FROM '.CONFIG_TABLE.'
1100	WHERE param = \''.$param.'\'
1101	;';
1102	$params = array_from_query($query, 'param');
1103
1104	if (count($params) == 0)
1105	{
1106	$query = '
1107	INSERT
1108	INTO '.CONFIG_TABLE.'
1109	(param, value)
1110	VALUES(\''.$param.'\', \''.$value.'\')
1111	;';
1112	pwg_query($query);
1113	}
1114	else
1115	{
1116	$query = '
1117	UPDATE '.CONFIG_TABLE.'
1118	SET value = \''.$value.'\'
1119	WHERE param = \''.$param.'\'
1120	;';
1121	pwg_query($query);
1122	}
1123	}
1124
1125	/**
1126	* Prepends and appends a string at each value of the given array.
1127	*
1128	* @param array
1129	* @param string prefix to each array values
1130	* @param string suffix to each array values
1131	*/
1132	function prepend_append_array_items($array, $prepend_str, $append_str)
1133	{
1134	array_walk(
1135	$array,
1136	create_function('&$s', '$s = "'.$prepend_str.'".$s."'.$append_str.'";')
1137	);
1138
1139	return $array;
1140	}
1141
1142	/**
1143	* creates an hashed based on a query, this function is a very common
1144	* pattern used here. Among the selected columns fetched, choose one to be
1145	* the key, another one to be the value.
1146	*
1147	* @param string $query
1148	* @param string $keyname
1149	* @param string $valuename
1150	* @return array
1151	*/
1152	function simple_hash_from_query($query, $keyname, $valuename)
1153	{
1154	$array = array();
1155
1156	$result = pwg_query($query);
1157	while ($row = pwg_db_fetch_assoc($result))
1158	{
1159	$array[ $row[$keyname] ] = $row[$valuename];
1160	}
1161
1162	return $array;
1163	}
1164
1165	/**
1166	* creates an hashed based on a query, this function is a very common
1167	* pattern used here. The key is given as parameter, the value is an associative
1168	* array.
1169	*
1170	* @param string $query
1171	* @param string $keyname
1172	* @return array
1173	*/
1174	function hash_from_query($query, $keyname)
1175	{
1176	$array = array();
1177	$result = pwg_query($query);
1178	while ($row = pwg_db_fetch_assoc($result))
1179	{
1180	$array[ $row[$keyname] ] = $row;
1181	}
1182	return $array;
1183	}
1184
1185	/**
1186	* Return basename of the current script
1187	* Lower case convertion is applied on return value
1188	* Return value is without file extention ".php"
1189	*
1190	* @param void
1191	*
1192	* @return script basename
1193	*/
1194	function script_basename()
1195	{
1196	global $conf;
1197
1198	foreach (array('SCRIPT_NAME', 'SCRIPT_FILENAME', 'PHP_SELF') as $value)
1199	{
1200	if (!empty($_SERVER[$value]))
1201	{
1202	$filename = strtolower($_SERVER[$value]);
1203	if ($conf['php_extension_in_urls'] and get_extension($filename)!=='php')
1204	continue;
1205	$basename = basename($filename, '.php');
1206	if (!empty($basename))
1207	{
1208	return $basename;
1209	}
1210	}
1211	}
1212	return '';
1213	}
1214
1215	/**
1216	* Return value for the current page define on $conf['filter_pages']
1217	* Îf value is not defined, default value are returned
1218	*
1219	* @param value name
1220	*
1221	* @return filter page value
1222	*/
1223	function get_filter_page_value($value_name)
1224	{
1225	global $conf;
1226
1227	$page_name = script_basename();
1228
1229	if (isset($conf['filter_pages'][$page_name][$value_name]))
1230	{
1231	return $conf['filter_pages'][$page_name][$value_name];
1232	}
1233	else if (isset($conf['filter_pages']['default'][$value_name]))
1234	{
1235	return $conf['filter_pages']['default'][$value_name];
1236	}
1237	else
1238	{
1239	return null;
1240	}
1241	}
1242
1243	/**
1244	* returns the character set of data sent to browsers / received from forms
1245	*/
1246	function get_pwg_charset()
1247	{
1248	$pwg_charset = 'utf-8';
1249	if (defined('PWG_CHARSET'))
1250	{
1251	$pwg_charset = PWG_CHARSET;
1252	}
1253	return $pwg_charset;
1254	}
1255
1256	/**
1257	* includes a language file or returns the content of a language file
1258	* availability of the file
1259	*
1260	* in descending order of preference:
1261	* param language, user language, default language
1262	* Piwigo default language.
1263	*
1264	* @param string filename
1265	* @param string dirname
1266	* @param mixed options can contain
1267	* language - language to load (if empty uses user language)
1268	* return - if true the file content is returned otherwise the file is evaluated as php
1269	* target_charset -
1270	* no_fallback - the language must be respected
1271	* local - if true, get local language file
1272	* @return boolean success status or a string if options['return'] is true
1273	*/
1274	function load_language($filename, $dirname = '',
1275	$options = array() )
1276	{
1277	global $user;
1278
1279	if (! @$options['return'] )
1280	{
1281	$filename .= '.php'; //MAYBE to do .. load .po and .mo localization files
1282	}
1283	if (empty($dirname))
1284	{
1285	$dirname = PHPWG_ROOT_PATH;
1286	}
1287	$dirname .= 'language/';
1288
1289	$languages = array();
1290	if ( !empty($options['language']) )
1291	{
1292	$languages[] = $options['language'];
1293	}
1294	if ( !empty($user['language']) )
1295	{
1296	$languages[] = $user['language'];
1297	}
1298	if ( ! @$options['no_fallback'] )
1299	{
1300	if ( defined('PHPWG_INSTALLED') )
1301	{
1302	$languages[] = get_default_language();
1303	}
1304	$languages[] = PHPWG_DEFAULT_LANGUAGE;
1305	}
1306
1307	$languages = array_unique($languages);
1308
1309	if ( empty($options['target_charset']) )
1310	{
1311	$target_charset = get_pwg_charset();
1312	}
1313	else
1314	{
1315	$target_charset = $options['target_charset'];
1316	}
1317	$target_charset = strtolower($target_charset);
1318	$source_file = '';
1319	foreach ($languages as $language)
1320	{
1321	$f = @$options['local'] ?
1322	$dirname.$language.'.'.$filename:
1323	$dirname.$language.'/'.$filename;
1324
1325	if (file_exists($f))
1326	{
1327	$source_file = $f;
1328	break;
1329	}
1330	}
1331
1332	if ( !empty($source_file) )
1333	{
1334	if (! @$options['return'] )
1335	{
1336	@include($source_file);
1337	$load_lang = @$lang;
1338	$load_lang_info = @$lang_info;
1339
1340	global $lang, $lang_info;
1341	if ( !isset($lang) ) $lang=array();
1342	if ( !isset($lang_info) ) $lang_info=array();
1343
1344	if ( 'utf-8'!=$target_charset)
1345	{
1346	if ( is_array($load_lang) )
1347	{
1348	foreach ($load_lang as $k => $v)
1349	{
1350	if ( is_array($v) )
1351	{
1352	$func = create_function('$v', 'return convert_charset($v, "utf-8", "'.$target_charset.'");' );
1353	$lang[$k] = array_map($func, $v);
1354	}
1355	else
1356	$lang[$k] = convert_charset($v, 'utf-8', $target_charset);
1357	}
1358	}
1359	if ( is_array($load_lang_info) )
1360	{
1361	foreach ($load_lang_info as $k => $v)
1362	{
1363	$lang_info[$k] = convert_charset($v, 'utf-8', $target_charset);
1364	}
1365	}
1366	}
1367	else
1368	{
1369	$lang = array_merge( $lang, (array)$load_lang );
1370	$lang_info = array_merge( $lang_info, (array)$load_lang_info );
1371	}
1372	return true;
1373	}
1374	else
1375	{
1376	$content = @file_get_contents($source_file);
1377	$content = convert_charset($content, 'utf-8', $target_charset);
1378	return $content;
1379	}
1380	}
1381	return false;
1382	}
1383
1384	/**
1385	* converts a string from a character set to another character set
1386	* @param string str the string to be converted
1387	* @param string source_charset the character set in which the string is encoded
1388	* @param string dest_charset the destination character set
1389	*/
1390	function convert_charset($str, $source_charset, $dest_charset)
1391	{
1392	if ($source_charset==$dest_charset)
1393	return $str;
1394	if ($source_charset=='iso-8859-1' and $dest_charset=='utf-8')
1395	{
1396	return utf8_encode($str);
1397	}
1398	if ($source_charset=='utf-8' and $dest_charset=='iso-8859-1')
1399	{
1400	return utf8_decode($str);
1401	}
1402	if (function_exists('iconv'))
1403	{
1404	return iconv($source_charset, $dest_charset, $str);
1405	}
1406	if (function_exists('mb_convert_encoding'))
1407	{
1408	return mb_convert_encoding( $str, $dest_charset, $source_charset );
1409	}
1410	return $str; //???
1411	}
1412
1413	/**
1414	* makes sure a index.htm protects the directory from browser file listing
1415	*
1416	* @param string dir directory
1417	*/
1418	function secure_directory($dir)
1419	{
1420	$file = $dir.'/index.htm';
1421	if (!file_exists($file))
1422	{
1423	@file_put_contents($file, 'Not allowed!');
1424	}
1425	}
1426
1427	/**
1428	* returns a "secret key" that is to be sent back when a user posts a form
1429	*
1430	* @param int valid_after_seconds - key validity start time from now
1431	*/
1432	function get_ephemeral_key($valid_after_seconds, $aditionnal_data_to_hash = '')
1433	{
1434	global $conf;
1435	$time = round(microtime(true), 1);
1436	return $time.':'.$valid_after_seconds.':'
1437	.hash_hmac(
1438	'md5',
1439	$time.substr($_SERVER['REMOTE_ADDR'],0,5).$valid_after_seconds.$aditionnal_data_to_hash,
1440	$conf['secret_key']);
1441	}
1442
1443	function verify_ephemeral_key($key, $aditionnal_data_to_hash = '')
1444	{
1445	global $conf;
1446	$time = microtime(true);
1447	$key = explode( ':', @$key );
1448	if ( count($key)!=3
1449	or $key[0]>$time-(float)$key[1] // page must have been retrieved more than X sec ago
1450	or $key[0]<$time-3600 // 60 minutes expiration
1451	or hash_hmac(
1452	'md5', $key[0].substr($_SERVER['REMOTE_ADDR'],0,5).$key[1].$aditionnal_data_to_hash, $conf['secret_key']
1453	) != $key[2]
1454	)
1455	{
1456	return false;
1457	}
1458	return true;
1459	}
1460
1461	/**
1462	* return an array which will be sent to template to display navigation bar
1463	*/
1464	function create_navigation_bar($url, $nb_element, $start, $nb_element_page, $clean_url = false)
1465	{
1466	global $conf;
1467
1468	$navbar = array();
1469	$pages_around = $conf['paginate_pages_around'];
1470	$start_str = $clean_url ? '/start-' : (strpos($url, '?')===false ? '?':'&').'start=';
1471
1472	if (!isset($start) or !is_numeric($start) or (is_numeric($start) and $start < 0))
1473	{
1474	$start = 0;
1475	}
1476
1477	// navigation bar useful only if more than one page to display !
1478	if ($nb_element > $nb_element_page)
1479	{
1480	$cur_page = ceil($start / $nb_element_page) + 1;
1481	$maximum = ceil($nb_element / $nb_element_page);
1482	$previous = $start - $nb_element_page;
1483	$next = $start + $nb_element_page;
1484	$last = ($maximum - 1) * $nb_element_page;
1485
1486	$navbar['CURRENT_PAGE'] = $cur_page;
1487
1488	// link to first page and previous page?
1489	if ($cur_page != 1)
1490	{
1491	$navbar['URL_FIRST'] = $url;
1492	$navbar['URL_PREV'] = $url.($previous > 0 ? $start_str.$previous : '');
1493	}
1494	// link on next page and last page?
1495	if ($cur_page != $maximum)
1496	{
1497	$navbar['URL_NEXT'] = $url.$start_str.$next;
1498	$navbar['URL_LAST'] = $url.$start_str.$last;
1499	}
1500
1501	// pages to display
1502	$navbar['pages'] = array();
1503	$navbar['pages'][1] = $url;
1504	$navbar['pages'][$maximum] = $url.$start_str.$last;
1505
1506	for ($i = max($cur_page - $pages_around , 2), $stop = min($cur_page + $pages_around + 1, $maximum);
1507	$i < $stop; $i++)
1508	{
1509	$navbar['pages'][$i] = $url.$start_str.(($i - 1) * $nb_element_page);
1510	}
1511	ksort($navbar['pages']);
1512	}
1513	return $navbar;
1514	}
1515
1516	/**
1517	* return an array which will be sent to template to display recent icon
1518	*/
1519	function get_icon($date, $is_child_date = false)
1520	{
1521	global $cache, $user;
1522
1523	if (empty($date))
1524	{
1525	return false;
1526	}
1527
1528	if (!isset($cache['get_icon']['title']))
1529	{
1530	$cache['get_icon']['title'] = sprintf(
1531	l10n('photos posted during the last %d days'),
1532	$user['recent_period']
1533	);
1534	}
1535
1536	$icon = array(
1537	'TITLE' => $cache['get_icon']['title'],
1538	'IS_CHILD_DATE' => $is_child_date,
1539	);
1540
1541	if (isset($cache['get_icon'][$date]))
1542	{
1543	return $cache['get_icon'][$date] ? $icon : array();
1544	}
1545
1546	if (!isset($cache['get_icon']['sql_recent_date']))
1547	{
1548	// Use MySql date in order to standardize all recent "actions/queries"
1549	$cache['get_icon']['sql_recent_date'] = pwg_db_get_recent_period($user['recent_period']);
1550	}
1551
1552	$cache['get_icon'][$date] = $date > $cache['get_icon']['sql_recent_date'];
1553
1554	return $cache['get_icon'][$date] ? $icon : array();
1555	}
1556
1557	/**
1558	* check token comming from form posted or get params to prevent csrf attacks
1559	* if pwg_token is empty action doesn't require token
1560	* else pwg_token is compare to server token
1561	*
1562	* @return void access denied if token given is not equal to server token
1563	*/
1564	function check_pwg_token()
1565	{
1566	if (!empty($_REQUEST['pwg_token']))
1567	{
1568	if (get_pwg_token() != $_REQUEST['pwg_token'])
1569	{
1570	access_denied();
1571	}
1572	}
1573	else
1574	bad_request('missing token');
1575	}
1576
1577	function get_pwg_token()
1578	{
1579	global $conf;
1580
1581	return hash_hmac('md5', session_id(), $conf['secret_key']);
1582	}
1583
1584	/*
1585	* breaks the script execution if the given value doesn't match the given
1586	* pattern. This should happen only during hacking attempts.
1587	*
1588	* @param string param_name
1589	* @param array param_array
1590	* @param boolean is_array
1591	* @param string pattern
1592	*
1593	* @return void
1594	*/
1595	function check_input_parameter($param_name, $param_array, $is_array, $pattern)
1596	{
1597	$param_value = null;
1598	if (isset($param_array[$param_name]))
1599	{
1600	$param_value = $param_array[$param_name];
1601	}
1602
1603	// it's ok if the input parameter is null
1604	if (empty($param_value))
1605	{
1606	return true;
1607	}
1608
1609	if ($is_array)
1610	{
1611	if (!is_array($param_value))
1612	{
1613	fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
1614	}
1615
1616	foreach ($param_value as $item_to_check)
1617	{
1618	if (!preg_match($pattern, $item_to_check))
1619	{
1620	fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
1621	}
1622	}
1623	}
1624	else
1625	{
1626	if (!preg_match($pattern, $param_value))
1627	{
1628	fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" is not valid');
1629	}
1630	}
1631	}
1632
1633
1634	function get_privacy_level_options()
1635	{
1636	global $conf;
1637
1638	$options = array();
1639	foreach (array_reverse($conf['available_permission_levels']) as $level)
1640	{
1641	$label = null;
1642
1643	if (0 == $level)
1644	{
1645	$label = l10n('Everybody');
1646	}
1647	else
1648	{
1649	$labels = array();
1650	$sub_levels = array_reverse($conf['available_permission_levels']);
1651	foreach ($sub_levels as $sub_level)
1652	{
1653	if ($sub_level == 0 or $sub_level < $level)
1654	{
1655	break;
1656	}
1657	array_push(
1658	$labels,
1659	l10n(
1660	sprintf(
1661	'Level %d',
1662	$sub_level
1663	)
1664	)
1665	);
1666	}
1667
1668	$label = implode(', ', $labels);
1669	}
1670	$options[$level] = $label;
1671	}
1672	return $options;
1673	}
1674
1675
1676	/**
1677	* return the branch from the version. For example version 2.2.4 is for branch 2.2
1678	*/
1679	function get_branch_from_version($version)
1680	{
1681	return implode('.', array_slice(explode('.', $version), 0, 2));
1682	}
1683	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: