Context Navigation

source: trunk/include/functions.inc.php @ 5982

Last change on this file since 5982 was 5982, checked in by plg, 14 years ago

feature 1630: upgrade to Piwigo 2.1 :-)

bug 1604: only activate core themes not all themes.

Property svn:eol-style set to LF
Property svn:mergeinfo set to
/branches/2.0/include/functions.inc.php merged eligible

File size: 40.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	include_once( PHPWG_ROOT_PATH .'include/functions_user.inc.php' );
25	include_once( PHPWG_ROOT_PATH .'include/functions_cookie.inc.php' );
26	include_once( PHPWG_ROOT_PATH .'include/functions_session.inc.php' );
27	include_once( PHPWG_ROOT_PATH .'include/functions_category.inc.php' );
28	include_once( PHPWG_ROOT_PATH .'include/functions_xml.inc.php' );
29	include_once( PHPWG_ROOT_PATH .'include/functions_html.inc.php' );
30	include_once( PHPWG_ROOT_PATH .'include/functions_tag.inc.php' );
31	include_once( PHPWG_ROOT_PATH .'include/functions_url.inc.php' );
32	include_once( PHPWG_ROOT_PATH .'include/functions_plugins.inc.php' );
33
34	//----------------------------------------------------------- generic functions
35	function get_extra_fields($order_by_fields)
36	{
37	$fields = str_ireplace(array(' order by ', ' desc', ' asc'),
38	array('', '', ''),
39	$order_by_fields
40	);
41	if (!empty($fields))
42	{
43	$fields = ','.$fields;
44	}
45	return $fields;
46	}
47
48	// The function get_moment returns a float value coresponding to the number
49	// of seconds since the unix epoch (1st January 1970) and the microseconds
50	// are precised : e.g. 1052343429.89276600
51	function get_moment()
52	{
53	$t1 = explode( ' ', microtime() );
54	$t2 = explode( '.', $t1[0] );
55	$t2 = $t1[1].'.'.$t2[1];
56	return $t2;
57	}
58
59	// The function get_elapsed_time returns the number of seconds (with 3
60	// decimals precision) between the start time and the end time given.
61	function get_elapsed_time( $start, $end )
62	{
63	return number_format( $end - $start, 3, '.', ' ').' s';
64	}
65
66	// - The replace_space function replaces space and '-' characters
67	// by their HTML equivalent &nbsb; and −
68	// - The function does not replace characters in HTML tags
69	// - This function was created because IE5 does not respect the
70	// CSS "white-space: nowrap;" property unless space and minus
71	// characters are replaced like this function does.
72	// - Example :
73	// <div class="foo">My friend</div>
74	// ( 01234567891111111111222222222233 )
75	// ( 0123456789012345678901 )
76	// becomes :
77	// <div class="foo">My friend</div>
78	function replace_space( $string )
79	{
80	//return $string;
81	$return_string = '';
82	// $remaining is the rest of the string where to replace spaces characters
83	$remaining = $string;
84	// $start represents the position of the next '<' character
85	// $end represents the position of the next '>' character
86	; // -> 0
87	$end = strpos ( $remaining, '>' ); // -> 16
88	// as long as a '<' and his friend '>' are found, we loop
89	while ( ($start=strpos( $remaining, '<' )) !==false
90	and ($end=strpos( $remaining, '>' )) !== false )
91	{
92	// $treatment is the part of the string to treat
93	// In the first loop of our example, this variable is empty, but in the
94	// second loop, it equals 'My friend'
95	$treatment = substr ( $remaining, 0, $start );
96	// Replacement of ' ' by his equivalent ' '
97	$treatment = str_replace( ' ', ' ', $treatment );
98	$treatment = str_replace( '-', '−', $treatment );
99	// composing the string to return by adding the treated string and the
100	// following HTML tag -> 'My friend</div>'
101	$return_string.= $treatment.substr( $remaining, $start, $end-$start+1 );
102	// the remaining string is deplaced to the part after the '>' of this
103	// loop
104	$remaining = substr ( $remaining, $end + 1, strlen( $remaining ) );
105	}
106	$treatment = str_replace( ' ', ' ', $remaining );
107	$treatment = str_replace( '-', '−', $treatment );
108	$return_string.= $treatment;
109
110	return $return_string;
111	}
112
113	// get_extension returns the part of the string after the last "."
114	function get_extension( $filename )
115	{
116	return substr( strrchr( $filename, '.' ), 1, strlen ( $filename ) );
117	}
118
119	// get_filename_wo_extension returns the part of the string before the last
120	// ".".
121	// get_filename_wo_extension( 'test.tar.gz' ) -> 'test.tar'
122	function get_filename_wo_extension( $filename )
123	{
124	$pos = strrpos( $filename, '.' );
125	return ($pos===false) ? $filename : substr( $filename, 0, $pos);
126	}
127
128	/**
129	* returns an array contening sub-directories, excluding ".svn"
130	*
131	* @param string $dir
132	* @return array
133	*/
134	function get_dirs($directory)
135	{
136	$sub_dirs = array();
137	if ($opendir = opendir($directory))
138	{
139	while ($file = readdir($opendir))
140	{
141	if ($file != '.'
142	and $file != '..'
143	and is_dir($directory.'/'.$file)
144	and $file != '.svn')
145	{
146	array_push($sub_dirs, $file);
147	}
148	}
149	closedir($opendir);
150	}
151	return $sub_dirs;
152	}
153
154	define('MKGETDIR_NONE', 0);
155	define('MKGETDIR_RECURSIVE', 1);
156	define('MKGETDIR_DIE_ON_ERROR', 2);
157	define('MKGETDIR_PROTECT_INDEX', 4);
158	define('MKGETDIR_PROTECT_HTACCESS', 8);
159	define('MKGETDIR_DEFAULT', 7);
160	/**
161	* creates directory if not exists; ensures that directory is writable
162	* @param:
163	* string $dir
164	* int $flags combination of MKGETDIR_xxx
165	* @return bool false on error else true
166	*/
167	function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
168	{
169	if ( !is_dir($dir) )
170	{
171	$umask = umask(0);
172	$mkd = @mkdir($dir, 0755, ($flags&MKGETDIR_RECURSIVE) ? true:false );
173	umask($umask);
174	if ($mkd==false)
175	{
176	!($flags&MKGETDIR_DIE_ON_ERROR) or fatal_error( "$dir ".l10n('no write access'));
177	return false;
178	}
179	if( $flags&MKGETDIR_PROTECT_HTACCESS )
180	{
181	$file = $dir.'/.htaccess';
182	file_exists($file) or @file_put_contents( $file, 'deny from all' );
183	}
184	if( $flags&MKGETDIR_PROTECT_INDEX )
185	{
186	$file = $dir.'/index.htm';
187	file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
188	}
189	}
190	if ( !is_writable($dir) )
191	{
192	!($flags&MKGETDIR_DIE_ON_ERROR) or fatal_error( "$dir ".l10n('no write access'));
193	return false;
194	}
195	return true;
196	}
197
198	/**
199	* returns thumbnail directory name of input diretoty name
200	* make thumbnail directory is necessary
201	* set error messages on array messages
202	*
203	* @param:
204	* string $dirname
205	* arrayy $errors
206	* @return bool false on error else string directory name
207	*/
208	function mkget_thumbnail_dir($dirname, &$errors)
209	{
210	global $conf;
211
212	$tndir = $dirname.'/'.$conf['dir_thumbnail'];
213	if (! mkgetdir($tndir, MKGETDIR_NONE) )
214	{
215	array_push($errors,
216	'['.$dirname.'] : '.l10n('no write access'));
217	return false;
218	}
219	return $tndir;
220	}
221
222	/* Returns true if the string appears to be encoded in UTF-8. (from wordpress)
223	* @param string Str
224	*/
225	function seems_utf8($Str) { # by bmorel at ssi dot fr
226	for ($i=0; $i<strlen($Str); $i++) {
227	if (ord($Str[$i]) < 0x80) continue; # 0bbbbbbb
228	elseif ((ord($Str[$i]) & 0xE0) == 0xC0) $n=1; # 110bbbbb
229	elseif ((ord($Str[$i]) & 0xF0) == 0xE0) $n=2; # 1110bbbb
230	elseif ((ord($Str[$i]) & 0xF8) == 0xF0) $n=3; # 11110bbb
231	elseif ((ord($Str[$i]) & 0xFC) == 0xF8) $n=4; # 111110bb
232	elseif ((ord($Str[$i]) & 0xFE) == 0xFC) $n=5; # 1111110b
233	else return false; # Does not match any model
234	for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
235	if ((++$i == strlen($Str)) \|\| ((ord($Str[$i]) & 0xC0) != 0x80))
236	return false;
237	}
238	}
239	return true;
240	}
241
242	/* Remove accents from a UTF-8 or ISO-859-1 string (from wordpress)
243	* @param string sstring - an UTF-8 or ISO-8859-1 string
244	*/
245	function remove_accents($string)
246	{
247	if ( !preg_match('/[\x80-\xff]/', $string) )
248	return $string;
249
250	if (seems_utf8($string)) {
251	$chars = array(
252	// Decompositions for Latin-1 Supplement
253	chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
254	chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
255	chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
256	chr(195).chr(135) => 'C', chr(195).chr(136) => 'E',
257	chr(195).chr(137) => 'E', chr(195).chr(138) => 'E',
258	chr(195).chr(139) => 'E', chr(195).chr(140) => 'I',
259	chr(195).chr(141) => 'I', chr(195).chr(142) => 'I',
260	chr(195).chr(143) => 'I', chr(195).chr(145) => 'N',
261	chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
262	chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
263	chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
264	chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
265	chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
266	chr(195).chr(159) => 's', chr(195).chr(160) => 'a',
267	chr(195).chr(161) => 'a', chr(195).chr(162) => 'a',
268	chr(195).chr(163) => 'a', chr(195).chr(164) => 'a',
269	chr(195).chr(165) => 'a', chr(195).chr(167) => 'c',
270	chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
271	chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
272	chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
273	chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
274	chr(195).chr(177) => 'n', chr(195).chr(178) => 'o',
275	chr(195).chr(179) => 'o', chr(195).chr(180) => 'o',
276	chr(195).chr(181) => 'o', chr(195).chr(182) => 'o',
277	chr(195).chr(182) => 'o', chr(195).chr(185) => 'u',
278	chr(195).chr(186) => 'u', chr(195).chr(187) => 'u',
279	chr(195).chr(188) => 'u', chr(195).chr(189) => 'y',
280	chr(195).chr(191) => 'y',
281	// Decompositions for Latin Extended-A
282	chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
283	chr(196).chr(130) => 'A', chr(196).chr(131) => 'a',
284	chr(196).chr(132) => 'A', chr(196).chr(133) => 'a',
285	chr(196).chr(134) => 'C', chr(196).chr(135) => 'c',
286	chr(196).chr(136) => 'C', chr(196).chr(137) => 'c',
287	chr(196).chr(138) => 'C', chr(196).chr(139) => 'c',
288	chr(196).chr(140) => 'C', chr(196).chr(141) => 'c',
289	chr(196).chr(142) => 'D', chr(196).chr(143) => 'd',
290	chr(196).chr(144) => 'D', chr(196).chr(145) => 'd',
291	chr(196).chr(146) => 'E', chr(196).chr(147) => 'e',
292	chr(196).chr(148) => 'E', chr(196).chr(149) => 'e',
293	chr(196).chr(150) => 'E', chr(196).chr(151) => 'e',
294	chr(196).chr(152) => 'E', chr(196).chr(153) => 'e',
295	chr(196).chr(154) => 'E', chr(196).chr(155) => 'e',
296	chr(196).chr(156) => 'G', chr(196).chr(157) => 'g',
297	chr(196).chr(158) => 'G', chr(196).chr(159) => 'g',
298	chr(196).chr(160) => 'G', chr(196).chr(161) => 'g',
299	chr(196).chr(162) => 'G', chr(196).chr(163) => 'g',
300	chr(196).chr(164) => 'H', chr(196).chr(165) => 'h',
301	chr(196).chr(166) => 'H', chr(196).chr(167) => 'h',
302	chr(196).chr(168) => 'I', chr(196).chr(169) => 'i',
303	chr(196).chr(170) => 'I', chr(196).chr(171) => 'i',
304	chr(196).chr(172) => 'I', chr(196).chr(173) => 'i',
305	chr(196).chr(174) => 'I', chr(196).chr(175) => 'i',
306	chr(196).chr(176) => 'I', chr(196).chr(177) => 'i',
307	chr(196).chr(178) => 'IJ',chr(196).chr(179) => 'ij',
308	chr(196).chr(180) => 'J', chr(196).chr(181) => 'j',
309	chr(196).chr(182) => 'K', chr(196).chr(183) => 'k',
310	chr(196).chr(184) => 'k', chr(196).chr(185) => 'L',
311	chr(196).chr(186) => 'l', chr(196).chr(187) => 'L',
312	chr(196).chr(188) => 'l', chr(196).chr(189) => 'L',
313	chr(196).chr(190) => 'l', chr(196).chr(191) => 'L',
314	chr(197).chr(128) => 'l', chr(197).chr(129) => 'L',
315	chr(197).chr(130) => 'l', chr(197).chr(131) => 'N',
316	chr(197).chr(132) => 'n', chr(197).chr(133) => 'N',
317	chr(197).chr(134) => 'n', chr(197).chr(135) => 'N',
318	chr(197).chr(136) => 'n', chr(197).chr(137) => 'N',
319	chr(197).chr(138) => 'n', chr(197).chr(139) => 'N',
320	chr(197).chr(140) => 'O', chr(197).chr(141) => 'o',
321	chr(197).chr(142) => 'O', chr(197).chr(143) => 'o',
322	chr(197).chr(144) => 'O', chr(197).chr(145) => 'o',
323	chr(197).chr(146) => 'OE',chr(197).chr(147) => 'oe',
324	chr(197).chr(148) => 'R',chr(197).chr(149) => 'r',
325	chr(197).chr(150) => 'R',chr(197).chr(151) => 'r',
326	chr(197).chr(152) => 'R',chr(197).chr(153) => 'r',
327	chr(197).chr(154) => 'S',chr(197).chr(155) => 's',
328	chr(197).chr(156) => 'S',chr(197).chr(157) => 's',
329	chr(197).chr(158) => 'S',chr(197).chr(159) => 's',
330	chr(197).chr(160) => 'S', chr(197).chr(161) => 's',
331	chr(197).chr(162) => 'T', chr(197).chr(163) => 't',
332	chr(197).chr(164) => 'T', chr(197).chr(165) => 't',
333	chr(197).chr(166) => 'T', chr(197).chr(167) => 't',
334	chr(197).chr(168) => 'U', chr(197).chr(169) => 'u',
335	chr(197).chr(170) => 'U', chr(197).chr(171) => 'u',
336	chr(197).chr(172) => 'U', chr(197).chr(173) => 'u',
337	chr(197).chr(174) => 'U', chr(197).chr(175) => 'u',
338	chr(197).chr(176) => 'U', chr(197).chr(177) => 'u',
339	chr(197).chr(178) => 'U', chr(197).chr(179) => 'u',
340	chr(197).chr(180) => 'W', chr(197).chr(181) => 'w',
341	chr(197).chr(182) => 'Y', chr(197).chr(183) => 'y',
342	chr(197).chr(184) => 'Y', chr(197).chr(185) => 'Z',
343	chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
344	chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
345	chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
346	// Euro Sign
347	chr(226).chr(130).chr(172) => 'E',
348	// GBP (Pound) Sign
349	chr(194).chr(163) => '');
350
351	$string = strtr($string, $chars);
352	} else {
353	// Assume ISO-8859-1 if not UTF-8
354	$chars['in'] = chr(128).chr(131).chr(138).chr(142).chr(154).chr(158)
355	.chr(159).chr(162).chr(165).chr(181).chr(192).chr(193).chr(194)
356	.chr(195).chr(196).chr(197).chr(199).chr(200).chr(201).chr(202)
357	.chr(203).chr(204).chr(205).chr(206).chr(207).chr(209).chr(210)
358	.chr(211).chr(212).chr(213).chr(214).chr(216).chr(217).chr(218)
359	.chr(219).chr(220).chr(221).chr(224).chr(225).chr(226).chr(227)
360	.chr(228).chr(229).chr(231).chr(232).chr(233).chr(234).chr(235)
361	.chr(236).chr(237).chr(238).chr(239).chr(241).chr(242).chr(243)
362	.chr(244).chr(245).chr(246).chr(248).chr(249).chr(250).chr(251)
363	.chr(252).chr(253).chr(255);
364
365	$chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
366
367	$string = strtr($string, $chars['in'], $chars['out']);
368	$double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
369	$double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
370	$string = str_replace($double_chars['in'], $double_chars['out'], $string);
371	}
372
373	return $string;
374	}
375
376	/**
377	* simplify a string to insert it into an URL
378	*
379	* @param string
380	* @return string
381	*/
382	function str2url($str)
383	{
384	$str = remove_accents($str);
385	$str = preg_replace('/[^a-z0-9_\s\'\:\/\[\],-]/','',strtolower($str));
386	$str = preg_replace('/[\s\'\:\/\[\],-]+/',' ',trim($str));
387	$res = str_replace(' ','_',$str);
388
389	return $res;
390	}
391
392	//-------------------------------------------- Piwigo specific functions
393
394	/**
395	* returns an array with a list of {language_code => language_name}
396	*
397	* @returns array
398	*/
399	function get_languages()
400	{
401	$query = '
402	SELECT id, name
403	FROM '.LANGUAGES_TABLE.'
404	ORDER BY name ASC
405	;';
406	$result = pwg_query($query);
407
408	$languages = array();
409	while ($row = pwg_db_fetch_assoc($result))
410	{
411	if (is_dir(PHPWG_ROOT_PATH.'language/'.$row['id']))
412	{
413	$languages[ $row['id'] ] = $row['name'];
414	}
415	}
416
417	return $languages;
418	}
419
420	function pwg_log($image_id = null, $image_type = null)
421	{
422	global $conf, $user, $page;
423
424	$do_log = $conf['log'];
425	if (is_admin())
426	{
427	$do_log = $conf['history_admin'];
428	}
429	if (is_a_guest())
430	{
431	$do_log = $conf['history_guest'];
432	}
433
434	$do_log = trigger_event('pwg_log_allowed', $do_log, $image_id, $image_type);
435
436	if (!$do_log)
437	{
438	return false;
439	}
440
441	$tags_string = null;
442	if ('tags'==@$page['section'])
443	{
444	$tags_string = implode(',', $page['tag_ids']);
445	}
446
447	$query = '
448	INSERT INTO '.HISTORY_TABLE.'
449	(
450	date,
451	time,
452	user_id,
453	IP,
454	section,
455	category_id,
456	image_id,
457	image_type,
458	tag_ids
459	)
460	VALUES
461	(
462	CURRENT_DATE,
463	CURRENT_TIME,
464	'.$user['id'].',
465	\''.$_SERVER['REMOTE_ADDR'].'\',
466	'.(isset($page['section']) ? "'".$page['section']."'" : 'NULL').',
467	'.(isset($page['category']['id']) ? $page['category']['id'] : 'NULL').',
468	'.(isset($image_id) ? $image_id : 'NULL').',
469	'.(isset($image_type) ? "'".$image_type."'" : 'NULL').',
470	'.(isset($tags_string) ? "'".$tags_string."'" : 'NULL').'
471	)
472	;';
473	pwg_query($query);
474
475	return true;
476	}
477
478	// format_date returns a formatted date for display. The date given in
479	// argument must be an american format (2003-09-15). By option, you can show the time.
480	// The output is internationalized.
481	//
482	// format_date( "2003-09-15", true ) -> "Monday 15 September 2003 21:52"
483	function format_date($date, $show_time = false)
484	{
485	global $lang;
486
487	if (strpos($date, '0') == 0)
488	{
489	return l10n('N/A');
490	}
491
492	$ymdhms = array();
493	$tok = strtok( $date, '- :');
494	while ($tok !== false)
495	{
496	$ymdhms[] = $tok;
497	$tok = strtok('- :');
498	}
499
500	if ( count($ymdhms)<3 )
501	{
502	return false;
503	}
504
505	$formated_date = '';
506	// before 1970, Microsoft Windows can't mktime
507	if ($ymdhms[0] >= 1970)
508	{
509	// we ask midday because Windows think it's prior to midnight with a
510	// zero and refuse to work
511	$formated_date.= $lang['day'][date('w', mktime(12,0,0,$ymdhms[1],$ymdhms[2],$ymdhms[0]))];
512	}
513	$formated_date.= ' '.$ymdhms[2];
514	$formated_date.= ' '.$lang['month'][(int)$ymdhms[1]];
515	$formated_date.= ' '.$ymdhms[0];
516	if ($show_time and count($ymdhms)>=5 )
517	{
518	$formated_date.= ' '.$ymdhms[3].':'.$ymdhms[4];
519	}
520	return $formated_date;
521	}
522
523	function pwg_debug( $string )
524	{
525	global $debug,$t2,$page;
526
527	$now = explode( ' ', microtime() );
528	$now2 = explode( '.', $now[0] );
529	$now2 = $now[1].'.'.$now2[1];
530	$time = number_format( $now2 - $t2, 3, '.', ' ').' s';
531	$debug .= '<p>';
532	$debug.= '['.$time.', ';
533	$debug.= $page['count_queries'].' queries] : '.$string;
534	$debug.= "</p>\n";
535	}
536
537	/**
538	* Redirects to the given URL (HTTP method)
539	*
540	* Note : once this function called, the execution doesn't go further
541	* (presence of an exit() instruction.
542	*
543	* @param string $url
544	* @return void
545	*/
546	function redirect_http( $url )
547	{
548	if (ob_get_length () !== FALSE)
549	{
550	ob_clean();
551	}
552	// default url is on html format
553	$url = html_entity_decode($url);
554	header('Request-URI: '.$url);
555	header('Content-Location: '.$url);
556	header('Location: '.$url);
557	exit();
558	}
559
560	/**
561	* Redirects to the given URL (HTML method)
562	*
563	* Note : once this function called, the execution doesn't go further
564	* (presence of an exit() instruction.
565	*
566	* @param string $url
567	* @param string $title_msg
568	* @param integer $refreh_time
569	* @return void
570	*/
571	function redirect_html( $url , $msg = '', $refresh_time = 0)
572	{
573	global $user, $template, $lang_info, $conf, $lang, $t2, $page, $debug;
574
575	if (!isset($lang_info))
576	{
577	$user = build_user( $conf['guest_id'], true);
578	load_language('common.lang');
579	trigger_action('loading_lang');
580	load_language('lang', PHPWG_ROOT_PATH.'local/', array('no_fallback'=>true, 'local'=>true) );
581	$template = new Template(PHPWG_ROOT_PATH.'themes', get_default_theme());
582	}
583	else
584	{
585	$template = new Template(PHPWG_ROOT_PATH.'themes', $user['theme']);
586	}
587
588	if (empty($msg))
589	{
590	$msg = nl2br(l10n('Redirection...'));
591	}
592
593	$refresh = $refresh_time;
594	$url_link = $url;
595	$title = 'redirection';
596
597	$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
598
599	include( PHPWG_ROOT_PATH.'include/page_header.php' );
600
601	$template->set_filenames( array( 'redirect' => 'redirect.tpl' ) );
602	$template->assign('REDIRECT_MSG', $msg);
603
604	$template->parse('redirect');
605
606	include( PHPWG_ROOT_PATH.'include/page_tail.php' );
607
608	exit();
609	}
610
611	/**
612	* Redirects to the given URL (Switch to HTTP method or HTML method)
613	*
614	* Note : once this function called, the execution doesn't go further
615	* (presence of an exit() instruction.
616	*
617	* @param string $url
618	* @param string $title_msg
619	* @param integer $refreh_time
620	* @return void
621	*/
622	function redirect( $url , $msg = '', $refresh_time = 0)
623	{
624	global $conf;
625
626	// with RefeshTime <> 0, only html must be used
627	if ($conf['default_redirect_method']=='http'
628	and $refresh_time==0
629	and !headers_sent()
630	)
631	{
632	redirect_http($url);
633	}
634	else
635	{
636	redirect_html($url, $msg, $refresh_time);
637	}
638	}
639
640	/**
641	* returns $_SERVER['QUERY_STRING'] whitout keys given in parameters
642	*
643	* @param array $rejects
644	* @param boolean $escape - if true escape & to & (for html)
645	* @returns string
646	*/
647	function get_query_string_diff($rejects=array(), $escape=true)
648	{
649	$query_string = '';
650
651	$str = $_SERVER['QUERY_STRING'];
652	parse_str($str, $vars);
653
654	$is_first = true;
655	foreach ($vars as $key => $value)
656	{
657	if (!in_array($key, $rejects))
658	{
659	$query_string.= $is_first ? '?' : ($escape ? '&' : '&' );
660	$is_first = false;
661	$query_string.= $key.'='.$value;
662	}
663	}
664
665	return $query_string;
666	}
667
668	function url_is_remote($url)
669	{
670	if ( strncmp($url, 'http://', 7)==0
671	or strncmp($url, 'https://', 8)==0 )
672	{
673	return true;
674	}
675	return false;
676	}
677
678	/**
679	* returns available themes
680	*/
681	function get_pwg_themes()
682	{
683	global $conf;
684
685	$themes = array();
686
687	$query = '
688	SELECT
689	id,
690	name
691	FROM '.THEMES_TABLE.'
692	ORDER BY name ASC
693	;';
694	$result = pwg_query($query);
695	while ($row = pwg_db_fetch_assoc($result))
696	{
697	if (check_theme_installed($row['id']))
698	{
699	$themes[ $row['id'] ] = $row['name'];
700	}
701	}
702
703	// plugins want remove some themes based on user status maybe?
704	$themes = trigger_event('get_pwg_themes', $themes);
705
706	return $themes;
707	}
708
709	function check_theme_installed($theme_id)
710	{
711	global $conf;
712
713	return file_exists($conf['themes_dir'].'/'.$theme_id.'/'.'themeconf.inc.php');
714	}
715
716	/* Returns the PATH to the thumbnail to be displayed. If the element does not
717	* have a thumbnail, the default mime image path is returned. The PATH can be
718	* used in the php script, but not sent to the browser.
719	* @param array element_info assoc array containing element info from db
720	* at least 'path', 'tn_ext' and 'id' should be present
721	*/
722	function get_thumbnail_path($element_info)
723	{
724	$path = get_thumbnail_location($element_info);
725	if ( !url_is_remote($path) )
726	{
727	$path = PHPWG_ROOT_PATH.$path;
728	}
729	return $path;
730	}
731
732	/* Returns the URL of the thumbnail to be displayed. If the element does not
733	* have a thumbnail, the default mime image url is returned. The URL can be
734	* sent to the browser, but not used in the php script.
735	* @param array element_info assoc array containing element info from db
736	* at least 'path', 'tn_ext' and 'id' should be present
737	*/
738	function get_thumbnail_url($element_info)
739	{
740	$path = get_thumbnail_location($element_info);
741	if ( !url_is_remote($path) )
742	{
743	$path = embellish_url(get_root_url().$path);
744	}
745
746	// plugins want another url ?
747	$path = trigger_event('get_thumbnail_url', $path, $element_info);
748	return $path;
749	}
750
751	/* returns the relative path of the thumnail with regards to to the root
752	of piwigo (not the current page!).This function is not intended to be
753	called directly from code.*/
754	function get_thumbnail_location($element_info)
755	{
756	global $conf;
757	if ( !empty( $element_info['tn_ext'] ) )
758	{
759	$path = substr_replace(
760	get_filename_wo_extension($element_info['path']),
761	'/'.$conf['dir_thumbnail'].'/'.$conf['prefix_thumbnail'],
762	strrpos($element_info['path'],'/'),
763	1
764	);
765	$path.= '.'.$element_info['tn_ext'];
766	}
767	else
768	{
769	$path = get_themeconf('mime_icon_dir')
770	.strtolower(get_extension($element_info['path'])).'.png';
771	}
772
773	// plugins want another location ?
774	$path = trigger_event( 'get_thumbnail_location', $path, $element_info);
775	return $path;
776	}
777
778	/* returns the title of the thumnail */
779	function get_thumbnail_title($element_info)
780	{
781	// message in title for the thumbnail
782	if (isset($element_info['file']))
783	{
784	$thumbnail_title = $element_info['file'];
785	}
786	else
787	{
788	$thumbnail_title = '';
789	}
790
791	if (!empty($element_info['filesize']))
792	{
793	$thumbnail_title .= ' : '.sprintf(l10n('%d Kb'), $element_info['filesize']);
794	}
795
796	return $thumbnail_title;
797	}
798
799	/**
800	* fill the current user caddie with given elements, if not already in
801	* caddie
802	*
803	* @param array elements_id
804	*/
805	function fill_caddie($elements_id)
806	{
807	global $user;
808
809	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
810
811	$query = '
812	SELECT element_id
813	FROM '.CADDIE_TABLE.'
814	WHERE user_id = '.$user['id'].'
815	;';
816	$in_caddie = array_from_query($query, 'element_id');
817
818	$caddiables = array_diff($elements_id, $in_caddie);
819
820	$datas = array();
821
822	foreach ($caddiables as $caddiable)
823	{
824	array_push($datas, array('element_id' => $caddiable,
825	'user_id' => $user['id']));
826	}
827
828	if (count($caddiables) > 0)
829	{
830	mass_inserts(CADDIE_TABLE, array('element_id','user_id'), $datas);
831	}
832	}
833
834	/**
835	* returns the element name from its filename
836	*
837	* @param string filename
838	* @return string name
839	*/
840	function get_name_from_file($filename)
841	{
842	return str_replace('_',' ',get_filename_wo_extension($filename));
843	}
844
845	/**
846	* returns the corresponding value from $lang if existing. Else, the key is
847	* returned
848	*
849	* @param string key
850	* @return string
851	*/
852	function l10n($key, $textdomain='messages')
853	{
854	global $lang, $conf;
855
856	if ($conf['debug_l10n'] and !isset($lang[$key]) and !empty($key))
857	{
858	trigger_error('[l10n] language key "'.$key.'" is not defined', E_USER_WARNING);
859	}
860
861	return isset($lang[$key]) ? $lang[$key] : $key;
862	}
863
864	/**
865	* returns the prinft value for strings including %d
866	* return is concorded with decimal value (singular, plural)
867	*
868	* @param singular string key
869	* @param plural string key
870	* @param decimal value
871	* @return string
872	*/
873	function l10n_dec($singular_fmt_key, $plural_fmt_key, $decimal)
874	{
875	global $lang_info;
876
877	return
878	sprintf(
879	l10n((
880	(($decimal > 1) or ($decimal == 0 and $lang_info['zero_plural']))
881	? $plural_fmt_key
882	: $singular_fmt_key
883	)), $decimal);
884	}
885
886	/*
887	* returns a single element to use with l10n_args
888	*
889	* @param string key: translation key
890	* @param array/string/../number args:
891	* arguments to use on sprintf($key, args)
892	* if args is a array, each values are used on sprintf
893	* @return string
894	*/
895	function get_l10n_args($key, $args)
896	{
897	if (is_array($args))
898	{
899	$key_arg = array_merge(array($key), $args);
900	}
901	else
902	{
903	$key_arg = array($key, $args);
904	}
905	return array('key_args' => $key_arg);
906	}
907
908	/*
909	* returns a string with formated with l10n_args elements
910	*
911	* @param element/array $key_args: element or array of l10n_args elements
912	* @param $sep: if $key_args is array,
913	* separator is used when translated l10n_args elements are concated
914	* @return string
915	*/
916	function l10n_args($key_args, $sep = "\n")
917	{
918	if (is_array($key_args))
919	{
920	foreach ($key_args as $key => $element)
921	{
922	if (isset($result))
923	{
924	$result .= $sep;
925	}
926	else
927	{
928	$result = '';
929	}
930
931	if ($key === 'key_args')
932	{
933	array_unshift($element, l10n(array_shift($element)));
934	$result .= call_user_func_array('sprintf', $element);
935	}
936	else
937	{
938	$result .= l10n_args($element, $sep);
939	}
940	}
941	}
942	else
943	{
944	fatal_error('l10n_args: Invalid arguments');
945	}
946
947	return $result;
948	}
949
950	/**
951	* returns the corresponding value from $themeconf if existing. Else, the
952	* key is returned
953	*
954	* @param string key
955	* @return string
956	*/
957	function get_themeconf($key)
958	{
959	global $template;
960
961	return $template->get_themeconf($key);
962	}
963
964	/**
965	* Returns webmaster mail address depending on $conf['webmaster_id']
966	*
967	* @return string
968	*/
969	function get_webmaster_mail_address()
970	{
971	global $conf;
972
973	$query = '
974	SELECT '.$conf['user_fields']['email'].'
975	FROM '.USERS_TABLE.'
976	WHERE '.$conf['user_fields']['id'].' = '.$conf['webmaster_id'].'
977	;';
978	list($email) = pwg_db_fetch_row(pwg_query($query));
979
980	return $email;
981	}
982
983	/**
984	* Add configuration parameters from database to global $conf array
985	*
986	* @return void
987	*/
988	function load_conf_from_db($condition = '')
989	{
990	global $conf;
991
992	$query = '
993	SELECT param, value
994	FROM '.CONFIG_TABLE.'
995	'.(!empty($condition) ? 'WHERE '.$condition : '').'
996	;';
997	$result = pwg_query($query);
998
999	if ((pwg_db_num_rows($result) == 0) and !empty($condition))
1000	{
1001	fatal_error('No configuration data');
1002	}
1003
1004	while ($row = pwg_db_fetch_assoc($result))
1005	{
1006	$conf[ $row['param'] ] = isset($row['value']) ? $row['value'] : '';
1007
1008	// If the field is true or false, the variable is transformed into a
1009	// boolean value.
1010	if ($conf[$row['param']] == 'true' or $conf[$row['param']] == 'false')
1011	{
1012	$conf[ $row['param'] ] = get_boolean($conf[ $row['param'] ]);
1013	}
1014	}
1015	}
1016
1017	function conf_update_param($param, $value)
1018	{
1019	$query = '
1020	DELETE
1021	FROM '.CONFIG_TABLE.'
1022	WHERE param = \''.$param.'\'
1023	;';
1024	pwg_query($query);
1025
1026	$query = '
1027	INSERT
1028	INTO '.CONFIG_TABLE.'
1029	(param, value)
1030	VALUES(\''.$param.'\', \''.$value.'\')
1031	;';
1032	pwg_query($query);
1033	}
1034
1035	/**
1036	* Prepends and appends a string at each value of the given array.
1037	*
1038	* @param array
1039	* @param string prefix to each array values
1040	* @param string suffix to each array values
1041	*/
1042	function prepend_append_array_items($array, $prepend_str, $append_str)
1043	{
1044	array_walk(
1045	$array,
1046	create_function('&$s', '$s = "'.$prepend_str.'".$s."'.$append_str.'";')
1047	);
1048
1049	return $array;
1050	}
1051
1052	/**
1053	* creates an hashed based on a query, this function is a very common
1054	* pattern used here. Among the selected columns fetched, choose one to be
1055	* the key, another one to be the value.
1056	*
1057	* @param string $query
1058	* @param string $keyname
1059	* @param string $valuename
1060	* @return array
1061	*/
1062	function simple_hash_from_query($query, $keyname, $valuename)
1063	{
1064	$array = array();
1065
1066	$result = pwg_query($query);
1067	while ($row = pwg_db_fetch_assoc($result))
1068	{
1069	$array[ $row[$keyname] ] = $row[$valuename];
1070	}
1071
1072	return $array;
1073	}
1074
1075	/**
1076	* creates an hashed based on a query, this function is a very common
1077	* pattern used here. The key is given as parameter, the value is an associative
1078	* array.
1079	*
1080	* @param string $query
1081	* @param string $keyname
1082	* @return array
1083	*/
1084	function hash_from_query($query, $keyname)
1085	{
1086	$array = array();
1087	$result = pwg_query($query);
1088	while ($row = pwg_db_fetch_assoc($result))
1089	{
1090	$array[ $row[$keyname] ] = $row;
1091	}
1092	return $array;
1093	}
1094
1095	/**
1096	* Return basename of the current script
1097	* Lower case convertion is applied on return value
1098	* Return value is without file extention ".php"
1099	*
1100	* @param void
1101	*
1102	* @return script basename
1103	*/
1104	function script_basename()
1105	{
1106	global $conf;
1107
1108	foreach (array('SCRIPT_NAME', 'SCRIPT_FILENAME', 'PHP_SELF') as $value)
1109	{
1110	if (!empty($_SERVER[$value]))
1111	{
1112	$filename = strtolower($_SERVER[$value]);
1113	if ($conf['php_extension_in_urls'] and get_extension($filename)!=='php')
1114	continue;
1115	$basename = basename($filename, '.php');
1116	if (!empty($basename))
1117	{
1118	return $basename;
1119	}
1120	}
1121	}
1122	return '';
1123	}
1124
1125	/**
1126	* Return value for the current page define on $conf['filter_pages']
1127	* Îf value is not defined, default value are returned
1128	*
1129	* @param value name
1130	*
1131	* @return filter page value
1132	*/
1133	function get_filter_page_value($value_name)
1134	{
1135	global $conf;
1136
1137	$page_name = script_basename();
1138
1139	if (isset($conf['filter_pages'][$page_name][$value_name]))
1140	{
1141	return $conf['filter_pages'][$page_name][$value_name];
1142	}
1143	else if (isset($conf['filter_pages']['default'][$value_name]))
1144	{
1145	return $conf['filter_pages']['default'][$value_name];
1146	}
1147	else
1148	{
1149	return null;
1150	}
1151	}
1152
1153	/**
1154	* returns the character set of data sent to browsers / received from forms
1155	*/
1156	function get_pwg_charset()
1157	{
1158	$pwg_charset = 'utf-8';
1159	if (defined('PWG_CHARSET'))
1160	{
1161	$pwg_charset = PWG_CHARSET;
1162	}
1163	return $pwg_charset;
1164	}
1165
1166	/**
1167	* includes a language file or returns the content of a language file
1168	* availability of the file
1169	*
1170	* in descending order of preference:
1171	* param language, user language, default language
1172	* Piwigo default language.
1173	*
1174	* @param string filename
1175	* @param string dirname
1176	* @param mixed options can contain
1177	* language - language to load (if empty uses user language)
1178	* return - if true the file content is returned otherwise the file is evaluated as php
1179	* target_charset -
1180	* no_fallback - the language must be respected
1181	* local - if true, get local language file
1182	* @return boolean success status or a string if options['return'] is true
1183	*/
1184	function load_language($filename, $dirname = '',
1185	$options = array() )
1186	{
1187	global $user;
1188
1189	if (! @$options['return'] )
1190	{
1191	$filename .= '.php'; //MAYBE to do .. load .po and .mo localization files
1192	}
1193	if (empty($dirname))
1194	{
1195	$dirname = PHPWG_ROOT_PATH;
1196	}
1197	$dirname .= 'language/';
1198
1199	$languages = array();
1200	if ( !empty($options['language']) )
1201	{
1202	$languages[] = $options['language'];
1203	}
1204	if ( !empty($user['language']) )
1205	{
1206	$languages[] = $user['language'];
1207	}
1208	if ( ! @$options['no_fallback'] )
1209	{
1210	if ( defined('PHPWG_INSTALLED') )
1211	{
1212	$languages[] = get_default_language();
1213	}
1214	$languages[] = PHPWG_DEFAULT_LANGUAGE;
1215	}
1216
1217	$languages = array_unique($languages);
1218
1219	if ( empty($options['target_charset']) )
1220	{
1221	$target_charset = get_pwg_charset();
1222	}
1223	else
1224	{
1225	$target_charset = $options['target_charset'];
1226	}
1227	$target_charset = strtolower($target_charset);
1228	$source_file = '';
1229	foreach ($languages as $language)
1230	{
1231	$f = @$options['local'] ?
1232	$dirname.$language.'.'.$filename:
1233	$dirname.$language.'/'.$filename;
1234
1235	if (file_exists($f))
1236	{
1237	$source_file = $f;
1238	break;
1239	}
1240	}
1241
1242	if ( !empty($source_file) )
1243	{
1244	if (! @$options['return'] )
1245	{
1246	@include($source_file);
1247	$load_lang = @$lang;
1248	$load_lang_info = @$lang_info;
1249
1250	global $lang, $lang_info;
1251	if ( !isset($lang) ) $lang=array();
1252	if ( !isset($lang_info) ) $lang_info=array();
1253
1254	if ( 'utf-8'!=$target_charset)
1255	{
1256	if ( is_array($load_lang) )
1257	{
1258	foreach ($load_lang as $k => $v)
1259	{
1260	if ( is_array($v) )
1261	{
1262	$func = create_function('$v', 'return convert_charset($v, "'.$target_charset.'");' );
1263	$lang[$k] = array_map($func, $v);
1264	}
1265	else
1266	$lang[$k] = convert_charset($v, $target_charset);
1267	}
1268	}
1269	if ( is_array($load_lang_info) )
1270	{
1271	foreach ($load_lang_info as $k => $v)
1272	{
1273	$lang_info[$k] = convert_charset($v, $target_charset);
1274	}
1275	}
1276	}
1277	else
1278	{
1279	$lang = array_merge( $lang, (array)$load_lang );
1280	$lang_info = array_merge( $lang_info, (array)$load_lang_info );
1281	}
1282	return true;
1283	}
1284	else
1285	{
1286	$content = @file_get_contents($source_file);
1287	$content = convert_charset($content, $target_charset);
1288	return $content;
1289	}
1290	}
1291	return false;
1292	}
1293
1294	/**
1295	* converts a string from utf-8 character set to another character set
1296	* @param string str the string to be converted
1297	* @param string dest_charset the destination character set
1298	*/
1299	function convert_charset($str, $dest_charset)
1300	{
1301	if ($dest_charset=='utf-8')
1302	{
1303	return $str;
1304	}
1305	if ($dest_charset=='iso-8859-1')
1306	{
1307	return utf8_decode($str);
1308	}
1309	if (function_exists('iconv'))
1310	{
1311	return iconv('utf-8', $dest_charset, $str);
1312	}
1313	if (function_exists('mb_convert_encoding'))
1314	{
1315	return mb_convert_encoding( $str, $dest_charset, 'utf-8' );
1316	}
1317	return $str; //???
1318	}
1319
1320	/**
1321	* makes sure a index.htm protects the directory from browser file listing
1322	*
1323	* @param string dir directory
1324	*/
1325	function secure_directory($dir)
1326	{
1327	$file = $dir.'/index.htm';
1328	if (!file_exists($file))
1329	{
1330	@file_put_contents($file, 'Not allowed!');
1331	}
1332	}
1333
1334	/**
1335	* returns a "secret key" that is to be sent back when a user enters a comment
1336	*
1337	* @param int image_id
1338	*/
1339	function get_comment_post_key($image_id)
1340	{
1341	global $conf;
1342
1343	$time = time();
1344
1345	return sprintf(
1346	'%s:%s',
1347	$time,
1348	hash_hmac(
1349	'md5',
1350	$time.':'.$image_id,
1351	$conf['secret_key']
1352	)
1353	);
1354	}
1355
1356	/**
1357	* return an array which will be sent to template to display navigation bar
1358	*/
1359	function create_navigation_bar($url, $nb_element, $start, $nb_element_page, $clean_url = false)
1360	{
1361	global $conf;
1362
1363	$navbar = array();
1364	$pages_around = $conf['paginate_pages_around'];
1365	$start_str = $clean_url ? '/start-' : (strpos($url, '?')===false ? '?':'&').'start=';
1366
1367	if (!isset($start) or !is_numeric($start) or (is_numeric($start) and $start < 0))
1368	{
1369	$start = 0;
1370	}
1371
1372	// navigation bar useful only if more than one page to display !
1373	if ($nb_element > $nb_element_page)
1374	{
1375	$cur_page = ceil($start / $nb_element_page) + 1;
1376	$maximum = ceil($nb_element / $nb_element_page);
1377	$previous = $start - $nb_element_page;
1378	$next = $start + $nb_element_page;
1379	$last = ($maximum - 1) * $nb_element_page;
1380
1381	$navbar['CURRENT_PAGE'] = $cur_page;
1382
1383	// link to first page and previous page?
1384	if ($cur_page != 1)
1385	{
1386	$navbar['URL_FIRST'] = $url;
1387	$navbar['URL_PREV'] = $url.($previous > 0 ? $start_str.$previous : '');
1388	}
1389	// link on next page and last page?
1390	if ($cur_page != $maximum)
1391	{
1392	$navbar['URL_NEXT'] = $url.$start_str.$next;
1393	$navbar['URL_LAST'] = $url.$start_str.$last;
1394	}
1395
1396	// pages to display
1397	$navbar['pages'] = array();
1398	$navbar['pages'][1] = $url;
1399	$navbar['pages'][$maximum] = $url.$start_str.$last;
1400
1401	for ($i = max($cur_page - $pages_around , 2), $stop = min($cur_page + $pages_around + 1, $maximum);
1402	$i < $stop; $i++)
1403	{
1404	$navbar['pages'][$i] = $url.$start_str.(($i - 1) * $nb_element_page);
1405	}
1406	ksort($navbar['pages']);
1407	}
1408	return $navbar;
1409	}
1410
1411	/**
1412	* return an array which will be sent to template to display recent icon
1413	*/
1414	function get_icon($date, $is_child_date = false)
1415	{
1416	global $cache, $user;
1417
1418	if (empty($date))
1419	{
1420	return false;
1421	}
1422
1423	if (!isset($cache['get_icon']['title']))
1424	{
1425	$cache['get_icon']['title'] = sprintf(
1426	l10n('images posted during the last %d days'),
1427	$user['recent_period']
1428	);
1429	}
1430
1431	$icon = array(
1432	'TITLE' => $cache['get_icon']['title'],
1433	'IS_CHILD_DATE' => $is_child_date,
1434	);
1435
1436	if (isset($cache['get_icon'][$date]))
1437	{
1438	return $cache['get_icon'][$date] ? $icon : array();
1439	}
1440
1441	if (!isset($cache['get_icon']['sql_recent_date']))
1442	{
1443	// Use MySql date in order to standardize all recent "actions/queries"
1444	$cache['get_icon']['sql_recent_date'] = pwg_db_get_recent_period($user['recent_period']);
1445	}
1446
1447	$cache['get_icon'][$date] = $date > $cache['get_icon']['sql_recent_date'];
1448
1449	return $cache['get_icon'][$date] ? $icon : array();
1450	}
1451
1452	/**
1453	* check token comming from form posted or get params to prevent csrf attacks
1454	* if pwg_token is empty action doesn't require token
1455	* else pwg_token is compare to server token
1456	*
1457	* @return void access denied if token given is not equal to server token
1458	*/
1459	function check_pwg_token()
1460	{
1461	if (!empty($_REQUEST['pwg_token']))
1462	{
1463	if (get_pwg_token() != $_REQUEST['pwg_token'])
1464	{
1465	access_denied();
1466	}
1467	}
1468	else
1469	bad_request('missing token');
1470	}
1471
1472	function get_pwg_token()
1473	{
1474	global $conf;
1475
1476	return hash_hmac('md5', session_id(), $conf['secret_key']);
1477	}
1478
1479	/*
1480	* breaks the script execution if the given value doesn't match the given
1481	* pattern. This should happen only during hacking attempts.
1482	*
1483	* @param string param_name
1484	* @param array param_array
1485	* @param boolean is_array
1486	* @param string pattern
1487	*
1488	* @return void
1489	*/
1490	function check_input_parameter($param_name, $param_array, $is_array, $pattern)
1491	{
1492	$param_value = null;
1493	if (isset($param_array[$param_name]))
1494	{
1495	$param_value = $param_array[$param_name];
1496	}
1497
1498	// it's ok if the input parameter is null
1499	if (empty($param_value))
1500	{
1501	return true;
1502	}
1503
1504	if ($is_array)
1505	{
1506	if (!is_array($param_value))
1507	{
1508	fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
1509	}
1510
1511	foreach ($param_value as $item_to_check)
1512	{
1513	if (!preg_match($pattern, $item_to_check))
1514	{
1515	fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
1516	}
1517	}
1518	}
1519	else
1520	{
1521	if (!preg_match($pattern, $param_value))
1522	{
1523	fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" is not valid');
1524	}
1525	}
1526	}
1527	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: