/************************* Coppermine Photo Gallery ************************ Copyright (c) 2003-2008 Dev Team v1.1 originally written by Gregory DEMAR This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 3 as published by the Free Software Foundation. ******************************************** Coppermine version: 1.4.16 $HeadURL: https://coppermine.svn.sourceforge.net/svnroot/coppermine/trunk/cpg1.4.x/index.php $ $Revision: 4233 $ $Author: gaugau $ $Date: 2008-02-02 09:23:58 +0100 (Sa, 02 Feb 2008) $ **********************************************/ /** * Coppermine Photo Gallery 1.4.14 index.php * * This file is the main display for categories and album it also displays thumbnails, * also see documentation for this file's {@relativelink ../_index.php.php Free Standing Code} * * @copyright 2002-2005 Gregory DEMAR, Coppermine Dev Team * @license http://www.gnu.org/licenses/gpl.html GNU General Public License V3 * @package Coppermine * @version $Id: index.php 4233 2008-02-02 08:23:58Z gaugau $ */ /** * Unless this is true most things wont work - protection against direct execution of inc files */ define('IN_COPPERMINE', true); if (isset($_GET['file'])) { // Scrub: Remove '..' and leftover '//' from filename $file = str_replace('..','',str_replace('//','',$_GET['file'])); $fileValidationPattern = "/^([a-zA-Z0-9_\-]+)(\/{0,1}?)([a-zA-Z0-9_\-]+)$/"; // There can be only alphanumerals in a plugin's folder name. There mustn't be any dots or other special chars in it. // The only exception is the hypen (-) and underscore (_) // Examples for folder names: "myplugin" = OK, "my_plugin" = OK, "my plugin" = BAD, "mü_plugin" = BAD // Files the plugin is meant to include can only contain one single dot that separates the actual filename from the php-extension // Same restrictions apply as for the folder name (only alphanumerals, hyphen and underscore) if (preg_match($fileValidationPattern, $file) == FALSE) { $file = ''; // something's fishy with the filename, let's drop it } $path = './plugins/'.$file.'.php'; // Don't include the codebase and credits files if ($file != 'codebase' && $file != 'configuration' && file_exists($path)) { // Include the code from the plugin include_once($path); $file = true; } else { $file = false; } } else $file = false; if (!$file) { /** * Sets the flag for lang file */ define('INDEX_PHP', true); require('include/init.inc.php'); if (!USER_ID && $CONFIG['allow_unlogged_access'] == 0) { $redirect = $redirect . "login.php"; header("Location: $redirect"); exit(); } if ($CONFIG['enable_smilies']) include("include/smilies.inc.php"); } /** * Local functions definition */ /** * html_albummenu() * * This function draws the links for admin menu of Albums * * @param integer $id ID of the album for which the links are being drawn * @return string The evaluated template block with links **/ function html_albummenu($id) { global $template_album_admin_menu, $lang_album_admin_menu; static $template = ''; if ($template == '') { $params = array('{CONFIRM_DELETE}' => $lang_album_admin_menu['confirm_delete'], '{DELETE}' => $lang_album_admin_menu['delete'], '{MODIFY}' => $lang_album_admin_menu['modify'], '{EDIT_PICS}' => $lang_album_admin_menu['edit_pics'], ); } $params = array('{ALBUM_ID}' => $id, ); } /** * get_subcat_data() * * Get the data about the sub categories which are going to be shown on the index page, this function is called recursively * * @param integer $parent Parent Category * @param array $cat_data * @param array $album_set_array * @param integer $level Level being displayed * @param string $ident String to use as indentation for Categories * @return void **/ function get_subcat_data($parent, &$cat_data, &$album_set_array, $level, $ident = '') { global $CONFIG, $HIDE_USER_CAT, $FORBIDDEN_SET, $cpg_show_private_album; $album_filter = ''; $pic_filter = ''; if (!empty($FORBIDDEN_SET) && !$cpg_show_private_album) { $album_filter = ' and ' . str_replace('p.', 'a.', $FORBIDDEN_SET); $pic_filter = ' and ' . str_replace('p.', $CONFIG['TABLE_PICTURES'] . '.', $FORBIDDEN_SET); } if ($CONFIG['categories_alpha_sort'] == 1) {$cat_sort_order = 'name';}else{$cat_sort_order = 'pos';} $result = cpg_db_query("SELECT cid, name, description, thumb FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' ORDER BY $cat_sort_order"); if (mysql_num_rows($result) > 0) { $rowset = cpg_db_fetch_rowset($result); foreach ($rowset as $subcat) { if ($subcat['cid'] == USER_GAL_CAT) { $sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} as a WHERE category>=" . FIRST_USER_CAT . $album_filter; $result = cpg_db_query($sql); $album_count = mysql_num_rows($result); while ($row = mysql_fetch_array($result)) { $album_set_array[] = $row['aid']; } // while mysql_free_result($result); $result = cpg_db_query("SELECT count(*) FROM {$CONFIG['TABLE_PICTURES']} as p, {$CONFIG['TABLE_ALBUMS']} as a WHERE p.aid = a.aid AND approved='YES' AND category >= " . FIRST_USER_CAT . $album_filter); $nbEnr = mysql_fetch_array($result); $pic_count = $nbEnr[0]; $subcat['description'] = preg_replace("/document.write('');"; echo ""; echo ""; ?>