1: <?php
   2: 
   3: /**
   4:  * basic functions used by zenphoto i.php
   5:  * Keep this file to the minimum to allow the largest available memory for processing images!
   6:  * Headers not sent yet!
   7:  * @package functions
   8:  *
   9:  */
  10: // force UTF-8 Ø
  11: require_once(dirname(__FILE__) . '/global-definitions.php');
  12: require_once(dirname(__FILE__) . '/functions-common.php');
  13: 
  14: /**
  15:  * OFFSET_PATH definitions:
  16:  *      0       root scripts (e.g. the root index.php)
  17:  *      1       zp-core scripts
  18:  *      2       setup scripts
  19:  *      3       plugin scripts
  20:  *      4       scripts in the theme folders
  21:  */
  22: global $_zp_conf_vars;
  23: $const_webpath = str_replace('\\', '/', dirname($_SERVER['SCRIPT_NAME']));
  24: $const_serverpath = str_replace('\\', '/', dirname($_SERVER['SCRIPT_FILENAME']));
  25: /**
  26:  * see if we are executing out of any of the known script folders. If so we know how to adjust the paths
  27:  * if not we presume the script is in the root of the installation. If it is not the script better have set
  28:  * the SERVERPATH and WEBPATH defines to the correct values
  29:  */
  30: if (!preg_match('~(.*)/(' . ZENFOLDER . ')~', $const_webpath, $matches)) {
  31:     preg_match('~(.*)/(' . USER_PLUGIN_FOLDER . '|' . THEMEFOLDER . ')~', $const_webpath, $matches);
  32: }
  33: if ($matches) {
  34:     $const_webpath = $matches[1];
  35:     $const_serverpath = substr($const_serverpath, 0, strrpos($const_serverpath, '/' . $matches[2]));
  36:     if (!defined('OFFSET_PATH')) {
  37:         switch ($matches[2]) {
  38:             case ZENFOLDER:
  39:                 define('OFFSET_PATH', 1);
  40:                 break;
  41:             case USER_PLUGIN_FOLDER:
  42:                 define('OFFSET_PATH', 3);
  43:                 break;
  44:             case THEMEFOLDER:
  45:                 define('OFFSET_PATH', 4);
  46:                 break;
  47:         }
  48:     }
  49:     unset($matches);
  50: } else {
  51:     if (!defined('OFFSET_PATH')) {
  52:         define('OFFSET_PATH', 0);
  53:     }
  54: }
  55: if ($const_webpath == '/' || $const_webpath == '.') {
  56:     $const_webpath = '';
  57: }
  58: 
  59: if (defined('SERVERPATH')) {
  60:     $const_serverpath = SERVERPATH;
  61: }
  62: 
  63: 
  64: // Contexts (Bitwise and combinable)
  65: define("ZP_INDEX", 1);
  66: define("ZP_ALBUM", 2);
  67: define("ZP_IMAGE", 4);
  68: define("ZP_COMMENT", 8);
  69: define("ZP_SEARCH", 16);
  70: define("ZP_SEARCH_LINKED", 32);
  71: define("ZP_ALBUM_LINKED", 64);
  72: define('ZP_IMAGE_LINKED', 128);
  73: define('ZP_ZENPAGE_NEWS_PAGE', 256);
  74: define('ZP_ZENPAGE_NEWS_ARTICLE', 512);
  75: define('ZP_ZENPAGE_NEWS_CATEGORY', 1024);
  76: define('ZP_ZENPAGE_NEWS_DATE', 2048);
  77: define('ZP_ZENPAGE_PAGE', 4096);
  78: define('ZP_ZENPAGE_SINGLE', 8192);
  79: 
  80: switch (PHP_MAJOR_VERSION) {
  81:     case 5:
  82:         switch (PHP_MINOR_VERSION) {
  83:             case 0:
  84:             case 1:
  85:             case 2:
  86:                 define('ENT_FLAGS', ENT_QUOTES);
  87:                 break;
  88:             case 3:
  89:                 define('ENT_FLAGS', ENT_QUOTES | ENT_IGNORE);
  90:                 break;
  91:             default: // 4 and beyond
  92:                 define('ENT_FLAGS', ENT_QUOTES | ENT_SUBSTITUTE);
  93:                 break;
  94:         }
  95:         break;
  96:     default: // PHP 6?
  97:         define('ENT_FLAGS', ENT_QUOTES | ENT_SUBSTITUTE);
  98:         break;
  99: }
 100: 
 101: // Set error reporting.
 102: if (TEST_RELEASE) {
 103:     error_reporting(E_ALL | E_STRICT);
 104:     @ini_set('display_errors', 1);
 105: }
 106: set_error_handler("zpErrorHandler");
 107: set_exception_handler("zpErrorHandler");
 108: $_configMutex = new zpMutex('cF');
 109: if (OFFSET_PATH != 2 && !file_exists($const_serverpath . '/' . DATA_FOLDER . '/' . CONFIGFILE)) {
 110:     require_once(dirname(__FILE__) . '/reconfigure.php');
 111:     reconfigureAction(1);
 112: }
 113: // Including the config file more than once is OK, and avoids $conf missing.
 114: eval('?>' . file_get_contents($const_serverpath . '/' . DATA_FOLDER . '/' . CONFIGFILE));
 115: if (!isset($_zp_conf_vars['special_pages'])) {
 116:     $_zp_conf_vars['special_pages'] = array();
 117: }
 118: 
 119: define('DATABASE_PREFIX', $_zp_conf_vars['mysql_prefix']);
 120: 
 121: if (!defined('WEBPATH')) {
 122:     define('WEBPATH', $const_webpath);
 123: }
 124: unset($const_webpath);
 125: 
 126: if (!defined('SERVERPATH')) {
 127:     define('SERVERPATH', $const_serverpath);
 128: }
 129: unset($const_serverpath);
 130: $_zp_mutex = new zpMutex();
 131: 
 132: if (OFFSET_PATH != 2 && empty($_zp_conf_vars['mysql_database'])) {
 133:     require_once(dirname(__FILE__) . '/reconfigure.php');
 134:     reconfigureAction(2);
 135: }
 136: 
 137: require_once(dirname(__FILE__) . '/lib-utf8.php');
 138: 
 139: 
 140: 
 141: if (!defined('CHMOD_VALUE')) {
 142:     define('CHMOD_VALUE', fileperms(dirname(__FILE__)) & 0666);
 143: }
 144: define('FOLDER_MOD', CHMOD_VALUE | 0311);
 145: define('FILE_MOD', CHMOD_VALUE & 0666);
 146: define('DATA_MOD', fileperms(SERVERPATH . '/' . DATA_FOLDER . '/' . CONFIGFILE) & 0777);
 147: 
 148: // If the server protocol is not set, set it to the default.
 149: if (!isset($_zp_conf_vars['server_protocol'])) {
 150:     $_zp_conf_vars['server_protocol'] = 'http';
 151: }
 152: 
 153: if (!defined('DATABASE_SOFTWARE') && extension_loaded(strtolower(@$_zp_conf_vars['db_software']))) {
 154:     require_once(dirname(__FILE__) . '/functions-db-' . $_zp_conf_vars['db_software'] . '.php');
 155:     $data = db_connect(array_intersect_key($_zp_conf_vars, array('db_software' => '', 'mysql_user' => '', 'mysql_pass' => '', 'mysql_host' => '', 'mysql_database' => '', 'mysql_prefix' => '', 'UTF-8' => '')), false);
 156: } else {
 157:     $data = false;
 158: }
 159: if (!$data && OFFSET_PATH != 2) {
 160:     require_once(dirname(__FILE__) . '/reconfigure.php');
 161:     reconfigureAction(3);
 162: }
 163: 
 164: if (!defined('FILESYSTEM_CHARSET')) {
 165:     if (isset($_zp_conf_vars['FILESYSTEM_CHARSET']) && $_zp_conf_vars['FILESYSTEM_CHARSET'] != 'unknown') {
 166:         define('FILESYSTEM_CHARSET', $_zp_conf_vars['FILESYSTEM_CHARSET']);
 167:     } else {
 168:         $data = getOption('filesystem_charset');
 169:         if(!$data) {
 170:             $data = 'UTF-8';
 171:         }
 172:         define('FILESYSTEM_CHARSET', $data);
 173:     }
 174: }
 175: 
 176: $data = getOption('charset');
 177: if (!$data) {
 178:     $data = 'UTF-8';
 179: }
 180: define('LOCAL_CHARSET', $data);
 181: 
 182: $data = getOption('gallery_data');
 183: if ($data) {
 184:     $data = getSerializedArray($data);
 185: } else {
 186:     $data = array();
 187: }
 188: define('GALLERY_SESSION', @$data['album_session']);
 189: define('GALLERY_SECURITY', @$data['gallery_security']);
 190: unset($data);
 191: 
 192: // insure a correct timezone
 193: if (function_exists('date_default_timezone_set')) {
 194:     $level = error_reporting(0);
 195:     $_zp_server_timezone = date_default_timezone_get();
 196:     date_default_timezone_set($_zp_server_timezone);
 197:     @ini_set('date.timezone', $_zp_server_timezone);
 198:     error_reporting($level);
 199: }
 200: 
 201: // Set the memory limit higher just in case -- suppress errors if user doesn't have control.
 202: // 100663296 bytes = 96M
 203: if (ini_get('memory_limit') && parse_size(ini_get('memory_limit')) < 100663296) {
 204:     @ini_set('memory_limit', '96M');
 205: }
 206: 
 207: // Set the internal encoding
 208: if (function_exists('mb_internal_encoding')) {
 209:     @mb_internal_encoding(LOCAL_CHARSET);
 210: }
 211: 
 212: // load graphics libraries in priority order
 213: // once a library has concented to load, all others will
 214: // abdicate.
 215: $_zp_graphics_optionhandlers = array();
 216: $try = array('lib-GD.php', 'lib-NoGraphics.php');
 217: if (getOption('use_imagick')) {
 218:     array_unshift($try, 'lib-Imagick.php');
 219: }
 220: while (!function_exists('zp_graphicsLibInfo')) {
 221:     require_once(dirname(__FILE__) . '/' . array_shift($try));
 222: }
 223: $_zp_cachefileSuffix = zp_graphicsLibInfo();
 224: 
 225: 
 226: define('GRAPHICS_LIBRARY', $_zp_cachefileSuffix['Library']);
 227: unset($_zp_cachefileSuffix['Library']);
 228: unset($_zp_cachefileSuffix['Library_desc']);
 229: $_zp_supported_images = array();
 230: foreach ($_zp_cachefileSuffix as $key => $type) {
 231:     if ($type) {
 232:         $_zp_supported_images[] = strtolower($key);
 233:     }
 234: }
 235: 
 236: require_once(dirname(__FILE__) . '/lib-encryption.php');
 237: 
 238: //NOTE: SERVER_PROTOCOL is the option PROTOCOL is what should be used in links!!!!
 239: define('SERVER_PROTOCOL', getOption('server_protocol'));
 240: switch (SERVER_PROTOCOL) {
 241:     case 'https':
 242:         define('PROTOCOL', 'https');
 243:         break;
 244:     default:
 245:         if (secureServer()) {
 246:             define('PROTOCOL', 'https');
 247:         } else {
 248:             define('PROTOCOL', 'http');
 249:         }
 250:         break;
 251: }
 252: 
 253: if (!defined('COOKIE_PESISTENCE')) {
 254:     $persistence = getOption('cookie_persistence');
 255:     if (!$persistence)
 256:         $persistence = 5184000;
 257:     define('COOKIE_PESISTENCE', $persistence);
 258:     unset($persistence);
 259: }
 260: if ($c = getOption('zenphoto_cookie_path')) {
 261:     define('COOKIE_PATH', $c);
 262: } else {
 263:     define('COOKIE_PATH', WEBPATH);
 264: }
 265: 
 266: define('SAFE_MODE', preg_match('#(1|ON)#i', ini_get('safe_mode')));
 267: define('FULLWEBPATH', PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . WEBPATH);
 268: define('SAFE_MODE_ALBUM_SEP', '__');
 269: define('SERVERCACHE', SERVERPATH . '/' . CACHEFOLDER);
 270: define('MOD_REWRITE', getOption('mod_rewrite'));
 271: 
 272: define('DEBUG_LOG_SIZE', getOption('debug_log_size'));
 273: 
 274: define('ALBUM_FOLDER_WEBPATH', getAlbumFolder(WEBPATH));
 275: define('ALBUM_FOLDER_SERVERPATH', getAlbumFolder(SERVERPATH));
 276: define('ALBUM_FOLDER_EMPTY', getAlbumFolder(''));
 277: 
 278: define('IMAGE_WATERMARK', getOption('fullimage_watermark'));
 279: define('FULLIMAGE_WATERMARK', getOption('fullsizeimage_watermark'));
 280: define('THUMB_WATERMARK', getOption('Image_watermark'));
 281: define('OPEN_IMAGE_CACHE', !getOption('protected_image_cache'));
 282: define('IMAGE_CACHE_SUFFIX', getOption('image_cache_suffix'));
 283: 
 284: define('DATE_FORMAT', getOption('date_format'));
 285: 
 286: define('IM_SUFFIX', getOption('mod_rewrite_image_suffix'));
 287: define('UTF8_IMAGE_URI', getOption('UTF8_image_URI'));
 288: define('MEMBERS_ONLY_COMMENTS', getOption('comment_form_members_only'));
 289: 
 290: define('HASH_SEED', getOption('extra_auth_hash_text'));
 291: define('IP_TIED_COOKIES', getOption('IP_tied_cookies'));
 292: 
 293: /**
 294:  * Decodes HTML Special Characters.
 295:  *
 296:  * @param string $text
 297:  * @return string
 298:  */
 299: 
 300: /**
 301:  * encodes a pre-sanitized string to be used as a Javascript parameter
 302:  *
 303:  * @param string $this_string
 304:  * @return string
 305:  */
 306: function js_encode($this_string) {
 307:     global $_zp_UTF8;
 308:     $this_string = preg_replace("/\r?\n/", "\\n", $this_string);
 309:     $this_string = utf8::encode_javascript($this_string);
 310:     return $this_string;
 311: }
 312: 
 313: /**
 314:  * Get a option stored in the database.
 315:  * This function reads the options only once, in order to improve performance.
 316:  * @param string $key the name of the option.
 317:  */
 318: function getOption($key) {
 319:     global $_zp_conf_vars, $_zp_options;
 320:     $key = strtolower($key);
 321:     if (is_null($_zp_options) && function_exists('query_full_array')) { // may be too early to use database!
 322:         // option table not yet loaded, load it (but not the theme options!)
 323:         $sql = "SELECT `name`, `value` FROM " . prefix('options') . ' WHERE (`theme`="" OR `theme` IS NULL) AND `ownerid`=0';
 324:         $optionlist = query_full_array($sql, false);
 325:         if ($optionlist !== false) {
 326:             $_zp_options = array();
 327:             foreach ($optionlist as $option) {
 328:                 $_zp_options[strtolower($option['name'])] = $option['value'];
 329:             }
 330:         }
 331:     }
 332:     if (isset($_zp_options[$key])) {
 333:         return $_zp_options[$key];
 334:     } else {
 335:         return NULL;
 336:     }
 337: }
 338: 
 339: /**
 340:  * Stores an option value.
 341:  *
 342:  * @param string $key name of the option.
 343:  * @param mixed $value new value of the option.
 344:  * @param bool $persistent set to false if the option is stored in memory only. Otherwise it is preserved in the database
 345:  * @param string $creator name of the creator the option belongs to. Normally NULL for backend core options. 
 346:  *               "zp-core/zp-extensions/<plugin>.php" for official plugin and /plugins/<plugin>.php for user plugin options
 347:  */
 348: function setOption($key, $value, $persistent = true, $creator = NULL) {
 349:     global $_zp_options;
 350:     if ($persistent) {
 351:         $sql = 'INSERT INTO ' . prefix('options') . ' (`name`,`ownerid`,`theme`,`value`,`creator`) VALUES (' . db_quote($key) . ',0,"",';
 352:         $sqlu = ' ON DUPLICATE KEY UPDATE `value`=';
 353:         if (is_null($value)) {
 354:             $sql .= 'NULL';
 355:             $sqlu .= 'NULL';
 356:         } else {
 357:             $sql .= db_quote($value);
 358:             $sqlu .= db_quote($value);
 359:         }
 360:   
 361:   if (is_null($creator)) {
 362:             $sql .= ',NULL';
 363:         } else {
 364:             $sql .= ','.db_quote($creator);
 365:         }
 366:   
 367:         $sql .= ') ' . $sqlu;
 368:         $result = query($sql, false);
 369:     } else {
 370:         $result = true;
 371:     }
 372:     if ($result) {
 373:         $_zp_options[strtolower($key)] = $value;
 374:         return true;
 375:     } else {
 376:         return false;
 377:     }
 378: }
 379: 
 380: /**
 381:  * Sets the default value of an option.
 382:  *
 383:  * If the option has never been set it is set to the value passed
 384:  *
 385:  * @param string $key the option name
 386:  * @param mixed $default the value to be used as the default
 387:  */
 388: function setOptionDefault($key, $default) {
 389:     global $_zp_options;
 390:     if (!is_null($default)) {
 391:         $bt = debug_backtrace();
 392:         $b = array_shift($bt);
 393: 
 394:         $serverpath = str_replace('\\', '/', dirname($b['file']));
 395:         if (!preg_match('~(.*)/(' . ZENFOLDER . ')~', $serverpath, $matches)) {
 396:             preg_match('~(.*)/(' . USER_PLUGIN_FOLDER . '|' . THEMEFOLDER . ')~', $serverpath, $matches);
 397:         }
 398:         if ($matches) {
 399:             $creator = str_replace($matches[1] . '/', '', str_replace('\\', '/', $b['file']));
 400:         } else {
 401:             $creator = NULL;
 402:         }
 403: 
 404:         $sql = 'INSERT INTO ' . prefix('options') . ' (`name`, `value`, `ownerid`, `theme`, `creator`) VALUES (' . db_quote($key) . ',';
 405:         if (is_null($default)) {
 406:             $sql .= 'NULL';
 407:         } else {
 408:             $sql .= db_quote($default);
 409:         }
 410:         $sql .= ',0,"",';
 411:         if (is_null($creator)) {
 412:             $sql .= 'NULL);';
 413:         } else {
 414:             $sql .= db_quote($creator) . ');';
 415:         }
 416:         if (query($sql, false)) {
 417:             $_zp_options[strtolower($key)] = $default;
 418:         }
 419:     }
 420: }
 421: 
 422: /**
 423:  * Loads option table with album/theme options
 424:  *
 425:  * @param int $albumid
 426:  * @param string $theme
 427:  */
 428: function loadLocalOptions($albumid, $theme) {
 429:     global $_zp_options;
 430:     //raw theme options
 431:     $sql = "SELECT `name`, `value` FROM " . prefix('options') . ' WHERE `theme`=' . db_quote($theme) . ' AND `ownerid`=0';
 432:     $optionlist = query_full_array($sql, false);
 433:     if ($optionlist !== false) {
 434:         foreach ($optionlist as $option) {
 435:             $_zp_options[strtolower($option['name'])] = $option['value'];
 436:         }
 437:     }
 438:     if ($albumid) {
 439:         //album-theme options
 440:         $sql = "SELECT `name`, `value` FROM " . prefix('options') . ' WHERE `theme`=' . db_quote($theme) . ' AND `ownerid`=' . $albumid;
 441:         $optionlist = query_full_array($sql, false);
 442:         if ($optionlist !== false) {
 443:             foreach ($optionlist as $option) {
 444:                 $_zp_options[strtolower($option['name'])] = $option['value'];
 445:             }
 446:         }
 447:     }
 448: }
 449: 
 450: function purgeOption($key) {
 451:     global $_zp_options;
 452:     unset($_zp_options[strtolower($key)]);
 453:     $sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`=' . db_quote($key);
 454:     query($sql, false);
 455: }
 456: 
 457: /**
 458:  * Retuns the option array
 459:  *
 460:  * @return array
 461:  */
 462: function getOptionList() {
 463:     global $_zp_options;
 464:     if (NULL == $_zp_options) {
 465:         getOption('nil'); // pre-load from the database
 466:     }
 467:     return $_zp_options;
 468: }
 469: 
 470: /**
 471:  * Returns true if the file has the dynamic album suffix
 472:  *
 473:  * @param string $path
 474:  * @return bool
 475:  */
 476: function hasDynamicAlbumSuffix($path) {
 477:     global $_zp_albumHandlers;
 478:     return array_key_exists(getSuffix($path), $_zp_albumHandlers);
 479: }
 480: 
 481: /**
 482:  * checks if there is a file with the prefix and one of the
 483:  * handled suffixes. Returns the found suffix
 484:  *
 485:  * @param type $path SERVER path to be tested
 486:  * @return string
 487:  */
 488: function isHandledAlbum($path) {
 489:     global $_zp_albumHandlers;
 490:     foreach (array_keys($_zp_albumHandlers) as $suffix) {
 491:         if (file_exists($path . '.' . $suffix)) {
 492:             //  it is a handled album sans suffix
 493:             return $suffix;
 494:         }
 495:     } return NULL;
 496: }
 497: 
 498: /**
 499:  * Handles the special cases of album/image[rewrite_suffix]
 500:  *
 501:  * Separates the image part from the album if it is an image reference
 502:  * Strips off the mod_rewrite_suffix if present
 503:  * Handles dynamic album names that do not have the .alb suffix appended
 504:  *
 505:  * @param string $albumvar  $_GET index for "albums"
 506:  * @param string $imagevar  $_GET index for "images"
 507:  */
 508: function rewrite_get_album_image($albumvar, $imagevar) {
 509:     global $_zp_rewritten, $_zp_albumHandlers;
 510:     $ralbum = isset($_GET[$albumvar]) ? trim(sanitize_path($_GET[$albumvar]), '/') : NULL;
 511:     $rimage = isset($_GET[$imagevar]) ? sanitize($_GET[$imagevar]) : NULL;
 512:     //  we assume that everything is correct if rewrite rules were not applied
 513:     if ($_zp_rewritten) {
 514:         if (!empty($ralbum) && empty($rimage)) { // rewrite rules never set the image part!
 515:             $path = internalToFilesystem(getAlbumFolder(SERVERPATH) . $ralbum);
 516:             if (IM_SUFFIX) { // require the rewrite have the suffix as well
 517:                 if (preg_match('|^(.*)' . preg_quote(IM_SUFFIX) . '$|', $ralbum, $matches)) {
 518:                     //has an IM_SUFFIX attached
 519:                     $rimage = basename($matches[1]);
 520:                     $ralbum = trim(dirname($matches[1]), '/');
 521:                     $path = internalToFilesystem(getAlbumFolder(SERVERPATH) . $ralbum);
 522:                 }
 523:             } else { // have to figure it out
 524:                 if (Gallery::validImage($ralbum) || Gallery::validImageAlt($ralbum)) { //   it is an image request
 525:                     $rimage = basename($ralbum);
 526:                     $ralbum = trim(dirname($ralbum), '/');
 527:                     $path = internalToFilesystem(getAlbumFolder(SERVERPATH) . $ralbum);
 528:                 }
 529:             }
 530:             if (!is_dir($path)) {
 531:                 if ($suffix = isHandledAlbum($path)) { //   it is a dynamic album sans suffix
 532:                     $ralbum .= '.' . $suffix;
 533:                 }
 534:             }
 535:         }
 536:         if (empty($ralbum)) {
 537:             unset($_GET[$albumvar]);
 538:         } else {
 539:             $_GET[$albumvar] = $ralbum;
 540:         }
 541:         if (empty($rimage)) {
 542:             unset($_GET[$imagevar]);
 543:         } else {
 544:             $_GET[$imagevar] = $rimage;
 545:         }
 546:     }
 547:     return array($ralbum, $rimage);
 548: }
 549: 
 550: /**
 551:  * Returns the path of an image for uses in caching it
 552:  * NOTE: character set if for the filesystem
 553:  *
 554:  * @param string $album album folder
 555:  * @param string $image image file name
 556:  * @param array $args cropping arguments
 557:  * @return string
 558:  */
 559: function getImageCacheFilename($album8, $image8, $args) {
 560:     global $_zp_supported_images, $_zp_cachefileSuffix;
 561:     // this function works in FILESYSTEM_CHARSET, so convert the file names
 562:     $album = internalToFilesystem($album8);
 563:     if (is_array($image8)) {
 564:         $image8 = $image8['name'];
 565:     }
 566:     if (IMAGE_CACHE_SUFFIX) {
 567:         $suffix = IMAGE_CACHE_SUFFIX;
 568:     } else {
 569:         $suffix = @$_zp_cachefileSuffix[strtoupper(getSuffix($image8))];
 570:         if (empty($suffix)) {
 571:             $suffix = 'jpg';
 572:         }
 573:     }
 574:     if (is_array($image8)) {
 575:         $image = internalToFilesystem($image8['name']);
 576:     } else {
 577:         $image = stripSuffix(internalToFilesystem($image8));
 578:     }
 579: 
 580:     // Set default variable values.
 581:     $postfix = getImageCachePostfix($args);
 582:     if (empty($album)) {
 583:         $albumsep = '';
 584:     } else {
 585:         if (SAFE_MODE) {
 586:             $albumsep = SAFE_MODE_ALBUM_SEP;
 587:             $album = str_replace(array('/', "\\"), $albumsep, $album);
 588:         } else {
 589:             $albumsep = '/';
 590:         }
 591:     }
 592:     if (getOption('obfuscate_cache')) {
 593:         $result = '/' . $album . $albumsep . sha1($image . HASH_SEED . $postfix) . '.' . $image . $postfix . '.' . $suffix;
 594:     } else {
 595:         $result = '/' . $album . $albumsep . $image . $postfix . '.' . $suffix;
 596:     }
 597:     return $result;
 598: }
 599: 
 600: /**
 601:  * Returns an i.php "image name" for an image not within the albums structure
 602:  *
 603:  * @param string $image Path to the image
 604:  * @return string
 605:  */
 606: function makeSpecialImageName($image) {
 607:     $filename = basename($image);
 608:     $base = explode('/', str_replace(SERVERPATH . '/', '', dirname($image)));
 609:     $sourceFolder = array_shift($base);
 610:     $sourceSubfolder = implode('/', $base);
 611:     return array('source' => $sourceFolder . '/' . $sourceSubfolder . '/' . $filename, 'name' => $sourceFolder . '_' . basename($sourceSubfolder) . '_' . $filename);
 612: }
 613: 
 614: define('NO_WATERMARK', '!');
 615: 
 616: /**
 617:  * Returns the watermark image to pass to i.php
 618:  *
 619:  * Note: this should be used for "real" images only since thumbnail handling for Video and TextObjects is special
 620:  * and the "album" thumbnail is not appropriate for the "default" images for those
 621:  *
 622:  * @param $image image object in question
 623:  * @param $use what the watermark use is
 624:  * @return string
 625:  */
 626: function getWatermarkParam($image, $use) {
 627:     $watermark_use_image = $image->getWatermark();
 628:     if (!empty($watermark_use_image) && ($image->getWMUse() & $use)) { //   Use the image defined watermark
 629:         return $watermark_use_image;
 630:     }
 631:     $id = NULL;
 632:     $album = $image->album;
 633:     if ($use & (WATERMARK_FULL)) { //   watermark for the full sized image
 634:         $watermark_use_image = getAlbumInherited($album->name, 'watermark', $id);
 635:         if (empty($watermark_use_image)) {
 636:             $watermark_use_image = FULLIMAGE_WATERMARK;
 637:         }
 638:     } else {
 639:         if ($use & (WATERMARK_IMAGE)) { //  watermark for the image
 640:             $watermark_use_image = getAlbumInherited($album->name, 'watermark', $id);
 641:             if (empty($watermark_use_image)) {
 642:                 $watermark_use_image = IMAGE_WATERMARK;
 643:             }
 644:         } else {
 645:             if ($use & WATERMARK_THUMB) { //    watermark for the thumb
 646:                 $watermark_use_image = getAlbumInherited($album->name, 'watermark_thumb', $id);
 647:                 if (empty($watermark_use_image)) {
 648:                     $watermark_use_image = THUMB_WATERMARK;
 649:                 }
 650:             }
 651:         }
 652:     }
 653:     if (!empty($watermark_use_image)) {
 654:         return $watermark_use_image;
 655:     }
 656:     return NO_WATERMARK; // apply no watermark
 657: }
 658: 
 659: /**
 660:  * Returns the crop/sizing string to postfix to a cache image
 661:  *
 662:  * @param array $args cropping arguments
 663:  * @return string
 664:  */
 665: function getImageCachePostfix($args) {
 666:     list($size, $width, $height, $cw, $ch, $cx, $cy, $quality, $thumb, $crop, $thumbStandin, $passedWM, $adminrequest, $effects) = $args;
 667:     $postfix_string = ($size ? "_$size" : "") .
 668:                     ($width ? "_w$width" : "") .
 669:                     ($height ? "_h$height" : "") .
 670:                     ($cw ? "_cw$cw" : "") .
 671:                     ($ch ? "_ch$ch" : "") .
 672:                     (is_numeric($cx) ? "_cx$cx" : "") .
 673:                     (is_numeric($cy) ? "_cy$cy" : "") .
 674:                     ($thumb || $thumbStandin ? '_thumb' : '') .
 675:                     ($adminrequest ? '_admin' : '') .
 676:                     (($passedWM && $passedWM != NO_WATERMARK) ? '_' . $passedWM : '') .
 677:                     ($effects ? '_' . $effects : '');
 678:     return $postfix_string;
 679: }
 680: 
 681: /**
 682:  * Validates and edits image size/cropping parameters
 683:  *
 684:  * @param array $args cropping arguments
 685:  * @return array
 686:  */
 687: function getImageParameters($args, $album = NULL) {
 688:     $thumb_crop = getOption('thumb_crop');
 689:     $thumb_size = getOption('thumb_size');
 690:     $thumb_crop_width = getOption('thumb_crop_width');
 691:     $thumb_crop_height = getOption('thumb_crop_height');
 692:     $thumb_quality = getOption('thumb_quality');
 693:     $image_default_size = getOption('image_size');
 694:     $quality = getOption('image_quality');
 695:     // Set up the parameters
 696:     $thumb = $crop = false;
 697:     @list($size, $width, $height, $cw, $ch, $cx, $cy, $quality, $thumb, $crop, $thumbstandin, $WM, $adminrequest, $effects) = $args;
 698:     $thumb = $thumbstandin;
 699: 
 700:     switch ($size) {
 701:         case 'thumb':
 702:             $thumb = true;
 703:             if ($thumb_crop) {
 704:                 $cw = $thumb_crop_width;
 705:                 $ch = $thumb_crop_height;
 706:             }
 707:             $size = round($thumb_size);
 708:             break;
 709:         case 'default':
 710:             $size = $image_default_size;
 711:             break;
 712:         case 0:
 713:         default:
 714:             if (empty($size) || !is_numeric($size)) {
 715:                 $size = false; // 0 isn't a valid size anyway, so this is OK.
 716:             } else {
 717:                 $size = round($size);
 718:             }
 719:             break;
 720:     }
 721: 
 722:     // Round each numeric variable, or set it to false if not a number.
 723:     list($width, $height, $cw, $ch, $quality) = array_map('sanitize_numeric', array($width, $height, $cw, $ch, $quality));
 724:     if (!is_null($cx)) {
 725:         $cx = sanitize_numeric($cx);
 726:     }
 727:     if (!is_null($cy)) {
 728:         $cy = sanitize_numeric($cy);
 729:     }
 730:     if (!empty($cw) || !empty($ch)) {
 731:         $crop = true;
 732:     }
 733:     if (is_null($effects)) {
 734:         if ($thumb) {
 735:             if (getOption('thumb_gray')) {
 736:                 $effects = 'gray';
 737:             }
 738:         } else {
 739:             if (getOption('image_gray')) {
 740:                 $effects = 'gray';
 741:             }
 742:         }
 743:     }
 744:     if (empty($quality)) {
 745:         if ($thumb) {
 746:             $quality = round($thumb_quality);
 747:         } else {
 748:             $quality = getOption('image_quality');
 749:         }
 750:     }
 751:     if (empty($WM)) {
 752:         if (!$thumb) {
 753:             if (!empty($album)) {
 754:                 $WM = getAlbumInherited($album, 'watermark', $id);
 755:             }
 756:             if (empty($WM)) {
 757:                 $WM = IMAGE_WATERMARK;
 758:             }
 759:         }
 760:     }
 761:     // Return an array of parameters used in image conversion.
 762:     $args = array($size, $width, $height, $cw, $ch, $cx, $cy, $quality, $thumb, $crop, $thumbstandin, $WM, $adminrequest, $effects);
 763:     return $args;
 764: }
 765: 
 766: /**
 767:  * forms the i.php parameter list for an image.
 768:  *
 769:  * @param array $args
 770:  * @param string $album the album name
 771:  * @param string $image the image name
 772:  * @return string
 773:  */
 774: function getImageProcessorURI($args, $album, $image) {
 775:     list($size, $width, $height, $cw, $ch, $cx, $cy, $quality, $thumb, $crop, $thumbstandin, $passedWM, $adminrequest, $effects) = $args;
 776:     $args[8] = NULL; // not used by image processor
 777:     $uri = WEBPATH . '/' . ZENFOLDER . '/i.php?a=' . $album;
 778:     if (is_array($image)) {
 779:         $uri .= '&i=' . $image['name'] . '&z=' . ($z = $image['source']);
 780:     } else {
 781:         $uri .= '&i=' . $image;
 782:         $z = NULL;
 783:     }
 784:     if (empty($size)) {
 785:         $args[0] = NULL;
 786:     } else {
 787:         $uri .= '&s=' . ($args[0] = (int) $size);
 788:     }
 789:     if ($width) {
 790:         $uri .= '&w=' . ($args[1] = (int) $width);
 791:     } else {
 792:         $args[1] = NULL;
 793:     }
 794:     if ($height) {
 795:         $uri .= '&h=' . ($args[2] = (int) $height);
 796:     } else {
 797:         $args[2] = NULL;
 798:     }
 799:     if (is_null($cw)) {
 800:         $args[3] = NULL;
 801:     } else {
 802:         $uri .= '&cw=' . ($args[3] = (int) $cw);
 803:     }
 804:     if (is_null($ch)) {
 805:         $args[4] = NULL;
 806:     } else {
 807:         $uri .= '&ch=' . ($args[4] = (int) $ch);
 808:     }
 809:     if (is_null($cx)) {
 810:         $args[5] = NULL;
 811:     } else {
 812:         $uri .= '&cx=' . ($args[5] = (int) $cx);
 813:     }
 814:     if (is_null($cy)) {
 815:         $args[6] = NULL;
 816:     } else {
 817:         $uri .= '&cy=' . ($args[6] = (int) $cy);
 818:     }
 819:     if ($quality) {
 820:         $uri .= '&q=' . ($args[7] = (int) $quality);
 821:     } else {
 822:         $args[7] = NULL;
 823:     }
 824:     $args[8] = NULL;
 825:     if ($crop) {
 826:         $uri .= '&c=' . ($args[9] = 1);
 827:     } else {
 828:         $args[9] = NULL;
 829:     }
 830:     if ($thumb || $thumbstandin) {
 831:         $uri .= '&t=' . ($args[10] = 1);
 832:     } else {
 833:         $args[10] = NULL;
 834:     }
 835:     if ($passedWM) {
 836:         $uri .= '&wmk=' . $passedWM;
 837:     } else {
 838:         $args[11] = NULL;
 839:     }
 840:     if ($adminrequest) {
 841:         $args[12] = true;
 842:         $uri .= '&admin=1';
 843:     } else {
 844:         $args[12] = false;
 845:     }
 846:     if ($effects) {
 847:         $uri .= '&effects=' . $effects;
 848:     } else {
 849:         $args[13] = NULL;
 850:     }
 851:     $args[14] = $z;
 852: 
 853:     $uri .= '&check=' . sha1(HASH_SEED . serialize($args));
 854: 
 855:     $uri = zp_apply_filter('image_processor_uri', $uri);
 856: 
 857:     return $uri;
 858: }
 859: 
 860: // Don't let anything get above this, to save the server from burning up...
 861: define('MAX_SIZE', getOption('image_max_size'));
 862: 
 863: /**
 864:  * Extract the image parameters from the input variables
 865:  * @param array $set
 866:  * @return array
 867:  */
 868: function getImageArgs($set) {
 869:     $args = array(NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 870:     if (isset($set['s'])) { //0
 871:         if (is_numeric($s = $set['s'])) {
 872:             if ($s) {
 873:                 $args[0] = (int) min(abs($s), MAX_SIZE);
 874:             }
 875:         } else {
 876:             $args[0] = sanitize($set['s']);
 877:         }
 878:     } else {
 879:         if (!isset($set['w']) && !isset($set['h'])) {
 880:             $args[0] = MAX_SIZE;
 881:         }
 882:     }
 883:     if (isset($set['w'])) { //1
 884:         $args[1] = (int) min(abs(sanitize_numeric($set['w'])), MAX_SIZE);
 885:     }
 886:     if (isset($set['h'])) { //2
 887:         $args[2] = (int) min(abs(sanitize_numeric($set['h'])), MAX_SIZE);
 888:     }
 889:     if (isset($set['cw'])) { //3
 890:         $args[3] = (int) sanitize_numeric(($set['cw']));
 891:     }
 892:     if (isset($set['ch'])) { //4
 893:         $args[4] = (int) sanitize_numeric($set['ch']);
 894:     }
 895:     if (isset($set['cx'])) { //5
 896:         $args[5] = (int) sanitize_numeric($set['cx']);
 897:     }
 898:     if (isset($set['cy'])) { //6
 899:         $args[6] = (int) sanitize_numeric($set['cy']);
 900:     }
 901:     if (isset($set['q'])) { //7
 902:         $args[7] = (int) sanitize_numeric($set['q']);
 903:     }
 904:     if (isset($set['c'])) {// 9
 905:         $args[9] = (int) sanitize($set['c']);
 906:     }
 907:     if (isset($set['t'])) { //10
 908:         $args[10] = (int) sanitize($set['t']);
 909:     }
 910:     if (isset($set['wmk']) && !isset($_GET['admin'])) { //11
 911:         $args[11] = sanitize($set['wmk']);
 912:     }
 913:     $args[12] = (bool) isset($_GET['admin']); //12
 914: 
 915:     if (isset($set['effects'])) { //13
 916:         $args[13] = sanitize($set['effects']);
 917:     }
 918:     if (isset($set['z'])) { //  14
 919:         $args[14] = sanitize($set['z']);
 920:     }
 921: 
 922:     return $args;
 923: }
 924: 
 925: /**
 926:  *
 927:  * Returns an URI to the image:
 928:  *
 929:  *  If the image is not cached, the uri will be to the image processor
 930:  *  If the image is cached then the uri will depend on the site option for
 931:  *  cache serving. If the site is set for open cache the uri will point to
 932:  *  the cached image. If the site is set for protected cache the uri will
 933:  *  point to the image processor (which will serve the image from the cache.)
 934:  *  NOTE: this latter implies added overhead for each and every image fetch!
 935:  *
 936:  * @param array $args
 937:  * @param string $album the album name
 938:  * @param string $image the image name
 939:  * @param int $mitme mtime of the image
 940:  * @return string
 941:  */
 942: function getImageURI($args, $album, $image, $mtime) {
 943:     $cachefilename = getImageCacheFilename($album, $image, $args);
 944:     if (OPEN_IMAGE_CACHE && file_exists(SERVERCACHE . $cachefilename) && (!$mtime || filemtime(SERVERCACHE . $cachefilename) >= $mtime)) {
 945:         return WEBPATH . '/' . CACHEFOLDER . imgSrcURI($cachefilename);
 946:     } else {
 947:         return getImageProcessorURI($args, $album, $image);
 948:     }
 949: }
 950: 
 951: /**
 952:  *
 953:  * Returns an array of html tags allowed
 954:  * @param string $which either 'allowed_tags' or 'style_tags' depending on which is wanted.
 955:  */
 956: function getAllowedTags($which) {
 957:     global $_user_tags, $_style_tags, $_default_tags;
 958:     switch ($which) {
 959:         case 'allowed_tags':
 960:             if (is_null($_user_tags)) {
 961:                 $user_tags = "(" . getOption('allowed_tags') . ")";
 962:                 $allowed_tags = parseAllowedTags($user_tags);
 963:                 if ($allowed_tags === false) { // someone has screwed with the 'allowed_tags' option row in the database, but better safe than sorry
 964:                     $allowed_tags = array();
 965:                 }
 966:                 $_user_tags = $allowed_tags;
 967:             }
 968:             return $_user_tags;
 969:             break;
 970:         case 'style_tags':
 971:             if (is_null($_style_tags)) {
 972:                 $style_tags = "(" . getOption('style_tags') . ")";
 973:                 $allowed_tags = parseAllowedTags($style_tags);
 974:                 if ($allowed_tags === false) { // someone has screwed with the 'style_tags' option row in the database, but better safe than sorry
 975:                     $allowed_tags = array();
 976:                 }
 977:                 $_style_tags = $allowed_tags;
 978:             }
 979:             return $_style_tags;
 980:             break;
 981:         case 'allowed_tags_default':
 982:             if (is_null($_default_tags)) {
 983:                 $default_tags = "(" . getOption('allowed_tags_default') . ")";
 984:                 $allowed_tags = parseAllowedTags($default_tags);
 985:                 if ($allowed_tags === false) { // someone has screwed with the 'allowed_tags' option row in the database, but better safe than sorry
 986:                     $allowed_tags = array();
 987:                 }
 988:                 $_default_tags = $allowed_tags;
 989:             }
 990:             return $_default_tags;
 991:             break;
 992:     }
 993:     return array();
 994: }
 995: 
 996: /**
 997:  * Returns either the rewrite path or the plain, non-mod_rewrite path
 998:  * based on the mod_rewrite option.
 999:  * The given paths can start /with or without a slash, it doesn't matter.
1000:  *
1001:  * IDEA: this function could be used to specially escape items in
1002:  * the rewrite chain, like the # character (a bug in mod_rewrite).
1003:  *
1004:  * This is here because it's used in both template-functions.php and in the classes.
1005:  * @param string $rewrite is the path to return if rewrite is enabled. (eg: "/myalbum")
1006:  * @param string $plain is the path if rewrite is disabled (eg: "/?album=myalbum")
1007:  * @param bool $webpath host path to be prefixed. If "false" is passed you will get a localized "WEBPATH"
1008:  * @return string
1009:  */
1010: function rewrite_path($rewrite, $plain, $webpath = NULL) {
1011:     if (is_null($webpath)) {
1012:         if (class_exists('seo_locale')) {
1013:             $webpath = seo_locale::localePath();
1014:         } else {
1015:             $webpath = WEBPATH;
1016:         }
1017:     }
1018:     if (MOD_REWRITE) {
1019:         $path = $rewrite;
1020:     } else {
1021:         $path = $plain;
1022:     }
1023:     if ($path{0} == "/") {
1024:         $path = substr($path, 1);
1025:     }
1026:     return $webpath . "/" . $path;
1027: }
1028: 
1029: /**
1030:  * parses a query string WITHOUT url decoding it!
1031:  * @param string $str
1032:  */
1033: function parse_query($str) {
1034:     $pairs = explode('&', $str);
1035:     $params = array();
1036:     foreach ($pairs as $pair) {
1037:         if (strpos($pair, '=') === false) {
1038:             $params[$pair] = NULL;
1039:         } else {
1040:             list($name, $value) = explode('=', $pair, 2);
1041:             $params[$name] = $value;
1042:         }
1043:     }
1044:     return $params;
1045: }
1046: 
1047: /**
1048:  * createsa query string from the array passed
1049:  * @param array $parts
1050:  * @return string
1051:  */
1052: function build_query($parts) {
1053:     $q = '';
1054:     foreach ($parts as $name => $value) {
1055:         $q .= $name . '=' . $value . '&';
1056:     }
1057:     return substr($q, 0, -1);
1058: }
1059: 
1060: /**
1061:  * Builds a url from parts
1062:  * @param array $parts
1063:  * @return string
1064:  */
1065: function build_url($parts) {
1066:     $u = '';
1067:     if (isset($parts['scheme'])) {
1068:         $u .= $parts['scheme'] . '://';
1069:     }
1070:     if (isset($parts['host'])) {
1071:         $u .= $parts['host'];
1072:     }
1073:     if (isset($parts['port'])) {
1074:         $u .= ':' . $parts['port'];
1075:     }
1076:     if (isset($parts['path'])) {
1077:         if (empty($u)) {
1078:             $u = $parts['path'];
1079:         } else {
1080:             $u .= '/' . ltrim($parts['path'], '/');
1081:         }
1082:     }
1083:     if (isset($parts['query'])) {
1084:         $u .= '?' . $parts['query'];
1085:     }
1086:     if (isset($parts['fragment '])) {
1087:         $u .= '#' . $parts['fragment '];
1088:     }
1089:     return $u;
1090: }
1091: 
1092: /**
1093:  * rawurlencode function that is path-safe (does not encode /)
1094:  *
1095:  * @param string $path URL
1096:  * @return string
1097:  */
1098: function pathurlencode($path) {
1099:     $parts = parse_url($path);
1100:     if (isset($parts['query'])) {
1101:         //  some kind of query link
1102:         $pairs = parse_query($parts['query']);
1103:         if (preg_match('/^a=.*\&i=?/i', $parts['query'])) { //image URI, handle & in file/folder names
1104:             $index = 'a';
1105:             foreach ($pairs as $p => $q) {
1106:                 switch ($p) {
1107:                     case 'i':
1108:                         $index = 'i';
1109:                     case 'a':
1110:                         break;
1111:                     default:
1112:                         if (is_null($q)) {
1113:                             $pairs[$index] .= '&' . $p;
1114:                         } else if (in_array($p, array('s', 'w', 'h', 'cw', 'ch', 'cx', 'cy', 'q', 'c', 't', 'wmk', 'admin', 'effects', 'z'))) { // image processor parameters
1115:                             break 2;
1116:                         } else {
1117:                             $pairs[$index] .= '&' . $p . '=' . $q;
1118:                         }
1119:                         unset($pairs[$p]);
1120:                         break;
1121:                 }
1122:             }
1123:         }
1124:         foreach ($pairs as $name => $value) {
1125:             if ($value) {
1126:                 $pairs[$name] = implode("/", array_map("rawurlencode", explode("/", $value)));
1127:             }
1128:         }
1129:         $parts['query'] = build_query($pairs);
1130:     }
1131:     $parts['path'] = implode("/", array_map("rawurlencode", explode("/", $parts['path'])));
1132:     return build_url($parts);
1133: }
1134: 
1135: /**
1136:  * Returns the fully qualified path to the album folders
1137:  *
1138:  * @param string $root the base from whence the path dereives
1139:  * @return sting
1140:  */
1141: function getAlbumFolder($root = SERVERPATH) {
1142:     global $_zp_album_folder, $_zp_conf_vars;
1143:     if (is_null($_zp_album_folder)) {
1144:         if (!isset($_zp_conf_vars['external_album_folder']) || empty($_zp_conf_vars['external_album_folder'])) {
1145:             if (!isset($_zp_conf_vars['album_folder']) || empty($_zp_conf_vars['album_folder'])) {
1146:                 $_zp_album_folder = $_zp_conf_vars['album_folder'] = '/' . ALBUMFOLDER . '/';
1147:             } else {
1148:                 $_zp_album_folder = str_replace('\\', '/', $_zp_conf_vars['album_folder']);
1149:             }
1150:         } else {
1151:             $_zp_conf_vars['album_folder_class'] = 'external';
1152:             $_zp_album_folder = str_replace('\\', '/', $_zp_conf_vars['external_album_folder']);
1153:         }
1154:         if (substr($_zp_album_folder, -1) != '/')
1155:             $_zp_album_folder .= '/';
1156:     }
1157:     $root = str_replace('\\', '/', $root);
1158:     switch (@$_zp_conf_vars['album_folder_class']) {
1159:         default:
1160:             $_zp_conf_vars['album_folder_class'] = 'std';
1161:         case 'std':
1162:             return $root . $_zp_album_folder;
1163:         case 'in_webpath':
1164:             if (WEBPATH) { // strip off the WEBPATH
1165:                 $pos = strrpos($root, WEBPATH);
1166:                 if ($pos !== false) {
1167:                     $root = substr_replace($root, '', $pos, strlen(WEBPATH));
1168:                 }
1169:                 if ($root == '/') {
1170:                     $root = '';
1171:                 }
1172:             }
1173:             return $root . $_zp_album_folder;
1174:         case 'external':
1175:             return $_zp_album_folder;
1176:     }
1177: }
1178: 
1179: /**
1180:  * Rolls a log over if it has grown too large.
1181:  *
1182:  * @param string $log
1183:  */
1184: function switchLog($log) {
1185:     $dir = getcwd();
1186:     chdir(SERVERPATH . '/' . DATA_FOLDER);
1187:     $list = safe_glob($log . '-*.log');
1188:     if (empty($list)) {
1189:         $counter = 1;
1190:     } else {
1191:         sort($list);
1192:         $last = array_pop($list);
1193:         preg_match('|' . $log . '-(.*).log|', $last, $matches);
1194:         $counter = $matches[1] + 1;
1195:     }
1196:     chdir($dir);
1197:     @copy(SERVERPATH . '/' . DATA_FOLDER . '/' . $log . '.log', SERVERPATH . '/' . DATA_FOLDER . '/' . $log . '-' . $counter . '.log');
1198:     if (getOption($log . '_log_mail')) {
1199:         zp_mail(sprintf(gettext('%s log size limit exceeded'), $log), sprintf(gettext('The %1$s log has exceeded its size limit and has been renamed to %2$s.'), $log, $log . '-' . $counter . '.log'));
1200:     }
1201: }
1202: 
1203: /**
1204:  * Write output to the debug log
1205:  * Use this for debugging when echo statements would come before headers are sent
1206:  * or would create havoc in the HTML.
1207:  * Creates (or adds to) a file named debug.log which is located in the zenphoto core folder
1208:  *
1209:  * @param string $message the debug information
1210:  * @param bool $reset set to true to reset the log to zero before writing the message
1211:  */
1212: function debugLog($message, $reset = false) {
1213:     if (defined('SERVERPATH')) {
1214:         global $_zp_mutex;
1215:         $path = SERVERPATH . '/' . DATA_FOLDER . '/debug.log';
1216:         $me = getmypid();
1217:         if (is_object($_zp_mutex))
1218:             $_zp_mutex->lock();
1219:         if ($reset || ($size = @filesize($path)) == 0 || (defined('DEBUG_LOG_SIZE') && DEBUG_LOG_SIZE && $size > DEBUG_LOG_SIZE)) {
1220:             if (!$reset && $size > 0) {
1221:                 switchLog('debug');
1222:             }
1223:             $f = fopen($path, 'w');
1224:             if ($f) {
1225:                 if (!class_exists('zpFunctions') || zpFunctions::hasPrimaryScripts()) {
1226:                     $clone = '';
1227:                 } else {
1228:                     $clone = ' ' . gettext('clone');
1229:                 }
1230:                 fwrite($f, '{' . $me . ':' . gmdate('D, d M Y H:i:s') . " GMT} Zenphoto v" . ZENPHOTO_VERSION . '[' . ZENPHOTO_FULL_RELEASE . ']' . $clone . "\n");
1231:             }
1232:         } else {
1233:             $f = fopen($path, 'a');
1234:             if ($f) {
1235:                 fwrite($f, '{' . $me . ':' . gmdate('D, d M Y H:i:s') . " GMT}\n");
1236:             }
1237:         }
1238:         if ($f) {
1239:             fwrite($f, "  " . $message . "\n");
1240:             fclose($f);
1241:             clearstatcache();
1242:             if (defined('DATA_MOD')) {
1243:                 @chmod($path, DATA_MOD);
1244:             }
1245:         }
1246:         if (is_object($_zp_mutex))
1247:             $_zp_mutex->unlock();
1248:     }
1249: }
1250: 
1251: /**
1252:  * Tool to log execution times of script bits
1253:  *
1254:  * @param string $point location identifier
1255:  */
1256: function instrument($point) {
1257:     global $_zp_timer;
1258:     $now = microtime(true);
1259:     if (empty($_zp_timer)) {
1260:         $delta = '';
1261:     } else {
1262:         $delta = ' (' . ($now - $_zp_timer) . ')';
1263:     }
1264:     $_zp_timer = microtime(true);
1265:     debugLogBacktrace($point . ' ' . $now . $delta);
1266: }
1267: 
1268: /**
1269:  * Parses a byte size from a size value (eg: 100M) for comparison.
1270:  */
1271: function parse_size($size) {
1272:     $suffixes = array(
1273:                     ''   => 1,
1274:                     'k'  => 1024,
1275:                     'm'  => 1048576, // 1024 * 1024
1276:                     'g'  => 1073741824, // 1024 * 1024 * 1024
1277:     );
1278:     if (preg_match('/([0-9]+)\s*(k|m|g)?(b?(ytes?)?)/i', $size, $match)) {
1279:         return $match[1] * $suffixes[strtolower($match[2])];
1280:     }
1281: }
1282: 
1283: /** getAlbumArray - returns an array of folder names corresponding to the
1284:  *     given album string.
1285:  * @param string $albumstring is the path to the album as a string. Ex: album/subalbum/my-album
1286:  * @param string $includepaths is a boolean whether or not to include the full path to the album
1287:  *    in each item of the array. Ex: when $includepaths==false, the above array would be
1288:  *    ['album', 'subalbum', 'my-album'], and with $includepaths==true,
1289:  *    ['album', 'album/subalbum', 'album/subalbum/my-album']
1290:  *  @return array
1291:  */
1292: function getAlbumArray($albumstring, $includepaths = false) {
1293:     if ($includepaths) {
1294:         $array = array($albumstring);
1295:         while ($slashpos = strrpos($albumstring, '/')) {
1296:             $albumstring = substr($albumstring, 0, $slashpos);
1297:             array_unshift($array, $albumstring);
1298:         }
1299:         return $array;
1300:     } else {
1301:         return explode('/', $albumstring);
1302:     }
1303: }
1304: 
1305: /**
1306:  * Returns an img src URI encoded based on the OS of the server
1307:  *
1308:  * @param string $uri uri in FILESYSTEM_CHARSET encoding
1309:  * @return string
1310:  */
1311: function imgSrcURI($uri) {
1312:     if (UTF8_IMAGE_URI)
1313:         return filesystemToInternal($uri);
1314:     return $uri;
1315: }
1316: 
1317: /**
1318:  * Returns the suffix of a file name
1319:  *
1320:  * @param string $filename
1321:  * @return string
1322:  */
1323: function getSuffix($filename) {
1324:     return strtolower(substr(strrchr($filename, "."), 1));
1325: }
1326: 
1327: /**
1328:  * returns a file name sans the suffix
1329:  *
1330:  * @param unknown_type $filename
1331:  * @return unknown
1332:  */
1333: function stripSuffix($filename) {
1334:     return str_replace(strrchr($filename, "."), '', $filename);
1335: }
1336: 
1337: /**
1338:  * returns the non-empty value of $field from the album or one of its parents
1339:  *
1340:  * @param string $folder the album name
1341:  * @param string $field the desired field name
1342:  * @param int $id will be set to the album `id` of the album which has the non-empty field
1343:  * @return string
1344:  */
1345: function getAlbumInherited($folder, $field, &$id) {
1346:     $folders = explode('/', filesystemToInternal($folder));
1347:     $album = array_shift($folders);
1348:     $like = ' LIKE ' . db_quote(db_LIKE_escape($album));
1349:     while (count($folders) > 0) {
1350:         $album .= '/' . array_shift($folders);
1351:         $like .= ' OR `folder` LIKE ' . db_quote(db_LIKE_escape($album));
1352:     }
1353:     $sql = 'SELECT `id`, `' . $field . '` FROM ' . prefix('albums') . ' WHERE `folder`' . $like;
1354:     $result = query_full_array($sql);
1355:     if (!is_array($result))
1356:         return '';
1357:     while (count($result) > 0) {
1358:         $try = array_pop($result);
1359:         if (!empty($try[$field])) {
1360:             $id = $try['id'];
1361:             return $try[$field];
1362:         }
1363:     }
1364:     return '';
1365: }
1366: 
1367: /**
1368:  * primitive theme setup for image handling scripts
1369:  *
1370:  * we need to conserve memory so loading the classes is out of the question.
1371:  *
1372:  * @param string $album
1373:  * @return string
1374:  */
1375: function themeSetup($album) {
1376:     // we need to conserve memory in i.php so loading the classes is out of the question.
1377:     $id = NULL;
1378:     $theme = getAlbumInherited(filesystemToInternal($album), 'album_theme', $id);
1379:     if (empty($theme)) {
1380:         $galleryoptions = getSerializedArray(getOption('gallery_data'));
1381:         $theme = @$galleryoptions['current_theme'];
1382:     }
1383:     loadLocalOptions($id, $theme);
1384:     return $theme;
1385: }
1386: 
1387: /**
1388:  * Checks access for the album root
1389:  *
1390:  * @param bit $action what the caller wants to do
1391:  *
1392:  */
1393: function accessAllAlbums($action) {
1394:     global $_zp_admin_album_list, $_zp_loggedin;
1395:     if (zp_loggedin(MANAGE_ALL_ALBUM_RIGHTS)) {
1396:         if (zp_loggedin($action))
1397:             return true;
1398:     }
1399:     if (zp_loggedin(ALL_ALBUMS_RIGHTS) && ($action == LIST_RIGHTS)) { // sees all
1400:         return $_zp_loggedin;
1401:     }
1402:     return false;
1403: }
1404: 
1405: /**
1406:  * Returns the path to a watermark
1407:  *
1408:  * @param string $wm watermark name
1409:  * @return string
1410:  */
1411: function getWatermarkPath($wm) {
1412:     $path = SERVERPATH . '/' . ZENFOLDER . '/watermarks/' . internalToFilesystem($wm) . '.png';
1413:     if (!file_exists($path)) {
1414:         $path = SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/watermarks/' . internalToFilesystem($wm) . '.png';
1415:     }
1416:     return $path;
1417: }
1418: 
1419: /**
1420:  * Checks to see if access was through a secure protocol
1421:  *
1422:  * @return bool
1423:  */
1424: function secureServer() {
1425:     return isset($_SERVER['HTTPS']) && strpos(strtolower($_SERVER['HTTPS']), 'on') === 0;
1426: }
1427: 
1428: /**
1429:  *
1430:  * Returns the script requesting URI.
1431:  *  Uses $_SERVER[REQUEST_URI] if it exists, otherwise it concocts the URI from
1432:  *  $_SERVER[SCRIPT_NAME] and $_SERVER[QUERY_STRING]
1433:  *
1434:  * @return string
1435:  */
1436: function getRequestURI() {
1437:     if (array_key_exists('REQUEST_URI', $_SERVER)) {
1438:         $uri = sanitize($_SERVER['REQUEST_URI']);
1439:         preg_match('|^(http[s]*\://[a-zA-Z0-9\-\.]+/?)*(.*)$|xis', $uri, $matches);
1440:         $uri = $matches[2];
1441:         if (!empty($matches[1])) {
1442:             $uri = '/' . $uri;
1443:         }
1444:     } else {
1445:         $uri = sanitize(@$_SERVER['SCRIPT_NAME']);
1446:     }
1447:     return urldecode(str_replace('\\', '/', $uri));
1448: }
1449: 
1450: /**
1451:  * Provide an alternative to glob which does not return filenames with accented charactes in them
1452:  *
1453:  * NOTE: this function ignores "hidden" files whose name starts with a period!
1454:  *
1455:  * @param string $pattern the 'pattern' for matching files
1456:  * @param bit $flags glob 'flags'
1457:  */
1458: function safe_glob($pattern, $flags = 0) {
1459:     $split = explode('/', $pattern);
1460:     $match = '/^' . strtr(addcslashes(array_pop($split), '\\.+^$(){}=!<>|'), array('*' => '.*', '?' => '.?')) . '$/i';
1461:     $path_return = $path = implode('/', $split);
1462:     if (empty($path)) {
1463:         $path = '.';
1464:     } else {
1465:         $path_return = $path_return . '/';
1466:     }
1467:     if (!is_dir($path))
1468:         return array();
1469:     if (($dir = opendir($path)) !== false) {
1470:         $glob = array();
1471:         while (($file = readdir($dir)) !== false) {
1472:             if (@preg_match($match, $file) && $file{0} != '.') {
1473:                 if (is_dir("$path/$file")) {
1474:                     if ($flags & GLOB_MARK)
1475:                         $file.='/';
1476:                     $glob[] = $path_return . $file;
1477:                 } else if (!is_dir("$path/$file") && !($flags & GLOB_ONLYDIR)) {
1478:                     $glob[] = $path_return . $file;
1479:                 }
1480:             }
1481:         }
1482:         closedir($dir);
1483:         if (!($flags & GLOB_NOSORT))
1484:             sort($glob);
1485:         return $glob;
1486:     } else {
1487:         return array();
1488:     }
1489: }
1490: 
1491: /**
1492:  *
1493:  * Check to see if the setup script needs to be run
1494:  */
1495: function checkInstall() {
1496:     preg_match('|([^-]*)|', ZENPHOTO_VERSION, $version);
1497:     if ($i = getOption('zenphoto_install')) {
1498:         $install = getSerializedArray($i);
1499:     } else {
1500:         $install = array('ZENPHOTO' => '0.0.0[0000]');
1501:     }
1502:     preg_match('|([^-]*).*\[(.*)\]|', $install['ZENPHOTO'], $matches);
1503:     if (isset($matches[1]) && isset($matches[2]) && $matches[1] != $version[1] || $matches[2] != ZENPHOTO_RELEASE || ((time() & 7) == 0) && OFFSET_PATH != 2 && $i != serialize(installSignature())) {
1504:         require_once(dirname(__FILE__) . '/reconfigure.php');
1505:         reconfigureAction(0);
1506:     }
1507: }
1508: 
1509: /**
1510:  *
1511:  * Call when terminating a script.
1512:  * Closes the database to be sure that we do not build up outstanding connections
1513:  */
1514: function exitZP() {
1515:     IF (function_exists('db_close'))
1516:         db_close();
1517:     exit();
1518: }
1519: 
1520: /**
1521:  *
1522:  * Computes the "installation signature" of the Zenphoto install
1523:  * @return string
1524:  */
1525: function installSignature() {
1526:     $testFiles = array('template-functions.php'  => filesize(SERVERPATH . '/' . ZENFOLDER . '/template-functions.php'),
1527:                     'functions-filter.php'       => filesize(SERVERPATH . '/' . ZENFOLDER . '/functions-filter.php'),
1528:                     'lib-auth.php'                       => filesize(SERVERPATH . '/' . ZENFOLDER . '/lib-auth.php'),
1529:                     'lib-utf8.php'                       => filesize(SERVERPATH . '/' . ZENFOLDER . '/lib-utf8.php'),
1530:                     'functions.php'                      => filesize(SERVERPATH . '/' . ZENFOLDER . '/functions.php'),
1531:                     'functions-basic.php'            => filesize(SERVERPATH . '/' . ZENFOLDER . '/functions-basic.php'),
1532:                     'functions-controller.php' => filesize(SERVERPATH . '/' . ZENFOLDER . '/functions-controller.php'),
1533:                     'functions-image.php'            => filesize(SERVERPATH . '/' . ZENFOLDER . '/functions-image.php'));
1534: 
1535:     if (isset($_SERVER['SERVER_SOFTWARE'])) {
1536:         $s = $_SERVER['SERVER_SOFTWARE'];
1537:     } else {
1538:         $s = 'software unknown';
1539:     }
1540:     $dbs = db_software();
1541:     $version = ZENPHOTO_VERSION;
1542:     $i = strpos($version, '-');
1543:     if ($i !== false) {
1544:         $version = substr($version, 0, $i);
1545:     }
1546:     return array_merge($testFiles, array('SERVER_SOFTWARE'   => $s,
1547:                     'ZENPHOTO'               => $version . '[' . ZENPHOTO_RELEASE . ']',
1548:                     'FOLDER'                     => dirname(SERVERPATH . '/' . ZENFOLDER),
1549:                     'DATABASE'               => $dbs['application'] . ' ' . $dbs['version']
1550:                     )
1551:     );
1552: }
1553: 
1554: /**
1555:  *
1556:  * Starts a zenphoto session (perhaps a secure one)
1557:  */
1558: function zp_session_start() {
1559:     if (session_id() == '') {
1560:         // force session cookie to be secure when in https
1561:         if (secureServer()) {
1562:             $CookieInfo = session_get_cookie_params();
1563:             session_set_cookie_params($CookieInfo['lifetime'], $CookieInfo['path'], $CookieInfo['domain'], TRUE);
1564:         }
1565:         session_start();
1566:     }
1567: }
1568: 
1569: /**
1570:  * Zenphoto Mutex class
1571:  * @author Stephen
1572:  *
1573:  */
1574: class zpMutex {
1575: 
1576:     private $locked = NULL;
1577:     private $ignoreUseAbort = NULL;
1578:     private $mutex = NULL;
1579:     private $lock = NULL;
1580: 
1581:     function __construct($lock = 'zP', $concurrent = NULL) {
1582:         // if any of the construction fails, run in free mode (lock = NULL)
1583:         if (function_exists('flock') && defined('SERVERPATH')) {
1584:             if ($concurrent) {
1585:                 If ($subLock = self::which_lock($lock, $concurrent)) {
1586:                     $this->lock = $lock . '_' . $subLock;
1587:                 }
1588:             } else {
1589:                 $this->lock = $lock;
1590:             }
1591:         }
1592:         return $this->lock;
1593:     }
1594: 
1595:     // returns the integer id of the lock to be obtained
1596:     // rotates locks sequentially mod $concurrent
1597:     private static function which_lock($lock, $concurrent) {
1598:         global $_zp_mutex;
1599:         $counter_file = SERVERPATH . '/' . DATA_FOLDER . '/' . MUTEX_FOLDER . '/' . $lock . '_counter';
1600:         $_zp_mutex->lock();
1601:         // increment the lock id:
1602:         if (@file_put_contents($counter_file, $count = (((int) @file_get_contents($counter_file)) + 1) % $concurrent)) {
1603:             $count++;
1604:         } else {
1605:             $count = false;
1606:         }
1607:         $_zp_mutex->unlock();
1608:         return $count;
1609:     }
1610: 
1611:     function __destruct() {
1612:         if ($this->locked) {
1613:             $this->unlock();
1614:         }
1615:     }
1616: 
1617:     public function lock() {
1618:         //if "flock" is not supported run un-serialized
1619:         //Only lock an unlocked mutex, we don't support recursive mutex'es
1620:         if (!$this->locked && $this->lock) {
1621:             if ($this->mutex = @fopen(SERVERPATH . '/' . DATA_FOLDER . '/' . MUTEX_FOLDER . '/' . $this->lock, 'wb')) {
1622:                 if (flock($this->mutex, LOCK_EX)) {
1623:                     $this->locked = true;
1624:                     //We are entering a critical section so we need to change the ignore_user_abort setting so that the
1625:                     //script doesn't stop in the critical section.
1626:                     $this->ignoreUserAbort = ignore_user_abort(true);
1627:                 }
1628:             }
1629:         }
1630:         return $this->locked;
1631:     }
1632: 
1633:     /**
1634:      *  Unlock the mutex.
1635:      */
1636:     public function unlock() {
1637:         if ($this->locked) {
1638:             //Only unlock a locked mutex.
1639:             $this->locked = false;
1640:             ignore_user_abort($this->ignoreUserAbort); //Restore the ignore_user_abort setting.
1641:             flock($this->mutex, LOCK_UN);
1642:             fclose($this->mutex);
1643:             return true;
1644:         }
1645:         return false;
1646:     }
1647: 
1648: }
1649: 
1650: ?>
1651: