'.$reason.'
'); } function alt(&$p1 = NULL, &$p2 = NULL, &$p3 = NULL) { if (isset($p1)) return $p1; if (isset($p2)) return $p2; return $p2; } function computeUnsignedChecksum($bytestring) { $unsigned_chksum = 0; for($i=0; $i<512; $i++) $unsigned_chksum += ord($bytestring[$i]); for($i=0; $i<8; $i++) $unsigned_chksum -= ord($bytestring[148 + $i]); $unsigned_chksum += ord(" ") * 8; return $unsigned_chksum; } function tarHeader($Name, $Size, $information=NULL) { if (strlen($Name)>99) { $ext = preg_replace('/.*\./', '', $Name); $Name = substr($Name, 0, 98-strlen($ext)).'.'.$ext; } $header = str_pad($Name,100,chr(0)); $header .= str_pad("777",7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct($information["user_id"]),7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct($information["group_id"]),7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct($Size),11,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct(time(0)),11,"0",STR_PAD_LEFT) . chr(0); $header .= str_repeat(" ",8); $header .= "0"; $header .= str_repeat(chr(0),100); $header .= str_pad("ustar",6,chr(32)); $header .= chr(32) . chr(0); $header .= str_pad($information["user_name"],32,chr(0)); $header .= str_pad($information["group_name"],32,chr(0)); $header .= str_repeat(chr(0),8); $header .= str_repeat(chr(0),8); $header .= str_repeat(chr(0),155); $header .= str_repeat(chr(0),12); $checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT); for($i=0; $i<6; $i++) { $header[(148 + $i)] = substr($checksum,$i,1); } $header[154] = chr(0); $header[155] = chr(32); return $header; } function checkPath($pathToCheck) { global $path, $subpath; if (ereg('^[-_a-zA-Z0-9äöüÄÖÜ/]*$', $pathToCheck) && is_dir($path.'/'.$pathToCheck)) { $subpath=$pathToCheck; $path .= '/'.$pathToCheck; } else { error_die('path not allowed: '.htmlentities($pathToCheck)); } } function checkFile($fileToCheck, $thumb = false) { global $path, $file, $subpath, $thumbs, $imgfile; if (!ereg('/', $fileToCheck) && is_file($path.'/'.$fileToCheck)) { $imgfile = $fileToCheck; } else { error_die('file not found', '404 Not Found'); } if ($thumb) { // image from thumbnail path $file = $thumbs.'/'.$subpath.'/'.$fileToCheck; if (!is_dir($thumbs.'/'.$subpath)) mkdir($thumbs.'/'.$subpath, 0777, true); if (!is_file($file)) { // create thumbnail $image = new Imagick(); $image->readImage($path.'/'.$fileToCheck); $image->thumbnailImage(200, 200, true); $image->writeImage($file); } } else { $file = $path.'/'.$fileToCheck; } } function returnFile($file) { $ext=strtolower(preg_replace('/.*\./', '', $file)); switch ($ext) { case 'jpg': case 'jpeg': $type="image/jpeg"; break; case 'tif': case 'tiff': $type="image/tiff"; break; case 'gif': $type="image/gif"; break; case 'png': $type="image/png"; break; case 'bmp': $type="image/bmp"; break; } if (!is_file($file)) { error_die('file does not exist', '404 Not Found'); } if (!isset($_REQUEST['view'])) { header('Content-type: '.$type); header('Content-Length: '.filesize($file)); header('Content-Transfer-Encoding: binary'); flush(); readfile($file); exit; } } function extractDir($path) { $res['dirs'] = array(); $res['files'] = array(); if ($d=opendir($path)) { while (false!==($f=readdir($d))) if (!ereg('^\.', $f) && is_dir($path.'/'.$f)) $res['dirs'][] = $f; elseif (!ereg('^\.', $f) && is_file($path.'/'.$f)) switch (strtolower(preg_replace('/.*\./', '', $f))) { case "jpg": case "jpeg": case "png": $res['files'][] = $f; } } closedir($d); asort($res['dirs']); asort($res['dirs']); return $res; } /*function encrypt2($text) { global $_REQUEST, $server_password; return bin2hex(mcrypt_encrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB)); } function decrypt2($text) { global $_REQUEST, $server_password; return unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB))); }*/ function encrypt($text, $password = NULL) { global $_REQUEST, $server_password; if (!$password) $password = $_REQUEST['password']; return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $password+$server_password, bzcompress(serialize($text)), MCRYPT_MODE_ECB)); } function decrypt($text) { global $_REQUEST, $server_password; $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, base64_decode($text), MCRYPT_MODE_ECB))); if (!$res) $res = @unserialize(bzdecompress(mcrypt_decrypt(MCRYPT_BLOWFISH, $_REQUEST['password']+$server_password, hex2bin($text), MCRYPT_MODE_ECB))); return $res; } function makelink($link, $img, $filename, $style="") { echo ''; } function linkorselect($link, $img, $filename) { if (isset($_REQUEST['select'])) { echo ''; echo ''; } else { makelink($link, $img, $filename); } } $server_password=file_get_contents('/etc/gallery/password'); require('/etc/gallery/settings.php'); if (!$server_password) $server_password=str_shuffle(sha1(rand().time()."ashu87as")); $username=""; if (!isset($_REQUEST['secret'])) { require('/etc/gallery/authentication.php'); require('/etc/gallery/usersettings.php'); if ($username=="") error_die('not authorized', '403 Forbidden'); if (isset($_REQUEST['path'])) checkPath($_REQUEST['path']); if (isset($_REQUEST['folder']) && !ereg('/', $_REQUEST['folder'])) { $file = $thumbs.'/folders/'.$subpath.'/'.$_REQUEST['folder'].'.png'; $type="image/png"; if (!is_dir($thumbs.'/folders/'.$subpath)) mkdir($thumbs.'/folders/'.$subpath, 0777, true); if (!is_file($file)) { // create folder image $txt = wordwrap(preg_replace('/ +/', ' ', preg_replace('/-/', ' - ', preg_replace('/_/', " ", $_REQUEST['folder']))), 16, "\n", true); $image = new Imagick(); $image->readImage('folder.png'); // read local template file $draw = new ImagickDraw(); $draw->setFillColor('black'); $draw->setFont('arial'); if (mb_strlen($txt)<2) { $draw->setFontSize(60); $x = 75; } else { $draw->setFontSize(15); $x = 50; } $image->annotateImage($draw, 10, $x, 0, $txt); $image->writeImage($file); } } elseif (isset($_REQUEST['file'])) checkFile($_REQUEST['file'], isset($_REQUEST['thumb'])); if ($file!="") returnFile($file); } else { if (isset($_REQUEST['password'])) { $secret = decrypt($_REQUEST['secret']) or error_die('bad password', '403 Forbidden'); if (!isset($secret['valid-until'])) error_die('missing validation date'); if (!isset($max_validity_days)) error_die('maximum validity days not set'); if (strtotime($secret['valid-until'])>time()+$max_validity_days*86400) error_die('validity limitation not respected'); if (strtotime($secret['valid-until'])