<?php
/*
* ***********************************************************************************************
* Filename: admin_module_new.inc.php
* Module: Admin-Module
* Subcategory: Create New Album
* Description: Creates new album and initializes it ( = creates necessary files)
* ***********************************************************************************************
*
*
* Project: yappa-ng : yet another php photo album - next generation
* Author: Fritz Berger <hide@address.com>
* Copyright: 2003 Fritz Berger
* $Header: /cvsroot/yappa-ng/yappa-ng/admin_modules/admin_module_new.inc.php,v 1.25 2005/04/25 18:02:07 zirkon13 Exp $
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* You may contact the author of yappa-ng by e-mail at:
* hide@address.com
*
* The latest version of yappa-ng can be obtained from:
* http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_ger.html (german)
* http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_eng.html (english)
*
* ***********************************************************************************************
* ***********************************************************************************************
* *** ***
* *** yappa-ng is based on "YAPPA v1.7 devel - 22.April 2002" ***
* *** released on http://sourceforge.net/projects/yappa/ ***
* *** YAPPA is Copyright Federico 'pix' Feroldi (hide@address.com) ***
* *** YAPPA is released under the GNU GPL ***
* *** ***
* ***********************************************************************************************
* ***********************************************************************************************
*/
?>
<?php
/*
* Standard Security Check
*/
if (!defined('SecCheck')) {
die("You Cannot Access This Script Directly - Have a Nice Day.");
}
//include_once("check_html.inc.php");
/* Cleanup the file name removing any special characters. */
/* Code for this function submitted by:
* Marc Andrew Pawlowsky (marcpawl at users dot sourceforge dot net)
* changed by wizard
*/
function CleanFileName($old_name) {
$first_letter_good = false;
while ( (! $first_letter_good) && ($old_name != "") ) {
$first_letter = substr($old_name, 0, 1);
if (($first_letter == '.') || ($first_letter == '_') || ($first_letter == ' ')) {
// We do not allow the first letter to be a period since this is
// special indicating a hidden file in Unix.
// We do not allow the first letter to be an underscore since this is
// special indicating the directory for the userfiles of this album.
// And blank will get converted to underscore later on!
$old_name = substr($old_name, 1);
} else {
$first_letter_good = true;
}
}
/* In this section we only let through characters we know as safe.
* The dangerous alternative is to try to filter out characters,
* but that makes it possible to make mistakes such having
* special HTML characters, e.g. < or >
*
* changed by Fritz Berger
* the following could be solved by a good erig_replace - but i'm not so good with regular expressions.
*
* Keep only alphanumeric letters
* and SOME special chars:
* blank will get changed to "_" (underscore)
* "_", "-" and "." will be allowed
* AND the dot only one at a time!
*/
$new_name = "";
$i = 0;
// check that there are not 2 or more dots in row
$l_one_dot_check = 0;
// be sure that after deleting some bad chars there is not a dot in first place AGAIN!
$l_dot_is_now_first = 1;
// and there has to be at lest one alphanumeric character in the directoryname!
$l_one_alphanum = 0;
$len = strlen($old_name);
while ($i < $len) {
$letter = substr($old_name, $i, 1);
/* because the ctype_alnum is still not widely spread (january 2004) and many
* server have the PHP compiled without the ctype_alnum option I stop using it
* (for the moment) and reset to "conventional" (but slower) methods */
// if ( ctype_alnum($letter) ) {
if ( ereg("[A-Za-z0-9]", $letter) ) {
$new_name = $new_name . $letter;
$l_one_dot_check = 0;
$l_dot_is_now_first = 0;
$l_one_alphanum = 1;
} else {
if ($letter == " ") {
$letter = "_";
}
if (($letter == ".") && ($l_one_dot_check == 0) && ($l_dot_is_now_first == 0)) {
$new_name = $new_name . $letter;
$l_one_dot_check = 1;
}
if (($letter == "_") || ($letter == "-")) {
$new_name = $new_name . $letter;
$l_one_dot_check = 0;
$l_dot_is_now_first = 0;
}
}
$i = $i + 1;
}
// check if there is at least one alphanum char inthe string (not only dots and underscores and hyphen ]
if ($l_one_alphanum == 0) {
$new_name ="";
}
return $new_name;
}
function HandleForm () {
global $config_album;
global $config;
global $selected_album;
// check filename
/* here some checks are done
* - only alphanumeric chars are accepted [a-zA-Z0-9]
* - blanks get converted to underscore [" " -> "_" ]
* - dots ".", hyphen "-" and underscores "_" are accepted
* - no dot at the beginning and not more than one dot behind each other
* - everything else removed
* - the resulting directoryname has to be at least 2 chars long
* if everytthing is ok set $check to true
*/
$return_value = array();
$check = false;
$l_original_dirname = basename($_POST['admin_form']['newdirname']);
$check_dir_name = CleanFileName($l_original_dirname);
if (strlen($check_dir_name) > 2) {
$check = true;
}
if ($check) {
// pathname is ok
$return_value["newdir"] = $check_dir_name;;
if ($config["demo_gallery"] == "yes") {
// if in DEMO mode set Admin-Password to "nonono"
$_POST['admin_form']['adminpwd'] = "nonono";
$_POST['admin_form']['adminpwd2'] = "nonono";
}
// check, if password is empty (not permitted!!)
if ($_POST['admin_form']['adminpwd'] == "") {
// empty passwords not permitted!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: Empty password not permitted for new directory '" . $check_dir_name . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 4;
return $return_value;
} else {
// check if no typo is in the password
if ($_POST['admin_form']['adminpwd'] == $_POST['admin_form']['adminpwd2']) {
// everything ok - set password!
// password encryption thanks to Gertjan Vinkesteijn
// who sent me the code ready for cut&paste! THANKS!!
if ($config['use_MD5'] != "yes") {
$config_album["adminpwd"] = $_POST['admin_form']['adminpwd'];
} else {
$md5_adminpwd = md5($_POST['admin_form']['adminpwd']);
$config_album["adminpwd"] = $md5_adminpwd;
}
// $config_album["userpwd"] = "";
// $config_album["userpwd_set"] = "no";
$config_album["creation_time"] = date('U');
$dirname = singleslash($config["photo_root"] . "/" . rawurldecode($_GET["album"]) . "/" . $check_dir_name);
$dirdataname = singleslash($config["photo_root"] . "/" . rawurldecode($_GET["album"]) . "/" . $check_dir_name . "/" . $config['data_dirname']);
// creating album directory
if (mkdir ($dirname, intval($config['mkdir_mode'], 8))) {
// directory successfully created!
@chmod($dirname, intval($config['mkdir_mode'], 8));
} else {
// directory not created!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating new directory '" . $dirname . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 6;
return $return_value;
}
// creating data-directory for this album
if (mkdir ($dirdataname, intval($config['mkdir_mode'], 8))) {
// directory successfully created!
@chmod($dirdataname, intval($config['mkdir_mode'], 8));
} else {
// directory not created!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating new data-directory '" . $dirdataname . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 6;
return $return_value;
}
// creating album config for this album
$check = write_albumconf($dirname, $config_album);
if ($check != 1) {
// configfile not created!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the Album Config '" . $check_dir_name . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 3;
return $return_value;
}
// creating logfile for hitcounters for this album
$logfilename = singleslash($dirdataname . "/" . $config["log_filename"]);
$hitcounter_array = array();
$hitcounter_array["_AlbumHitCounter_"] = 0;
$fd = fopen($logfilename, "w");
if ($fd) {
// configfile created successfully
flock($fd, 2); // get an exclusive lock
fwrite($fd, serialize($hitcounter_array));
flock($fd, 3); // release the lock
fclose($fd);
} else {
// hitcounter not created!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the hitcounter '" . $logfilename . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 5;
return $return_value;
}
// creating rating list for album/image ratings for this album
$rating_file = singleslash($dirdataname . "/" . $config['rating_filename']);
$rating_array = array();
$rating_array["_AlbumRating_"]['rate'] = 0;
$rating_array["_AlbumRating_"]['votes'] = 0;
$rating_array["_AlbumRating_"]['full'] = 0;
$rating_array["_AlbumRating_"]['half'] = 0;
if($fd = fopen($rating_file, "w")) {
flock($fd, LOCK_EX); // get an exclusive lock
fwrite($fd, serialize($rating_array));
flock($fd, LOCK_UN); // release the lock
fclose($fd);
} else {
// rating list not created!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the rating list '" . $rating_file . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 5;
return $return_value;
}
// initialize the comments list
$comment_file = singleslash($dirdataname . "/" . $config['comment_filename']);
$commentlist = array();
$commentlist['_AlbumComment_']['count'] = 0;
$commentlist['_AlbumComment_']['date'] = date('U');
if($fd = fopen($comment_file, "w")) {
flock($fd, LOCK_EX); // get an exclusive lock
fwrite($fd, serialize($commentlist));
flock($fd, LOCK_UN); // release the lock
fclose($fd);
} else {
// commentlist not created!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the commentlist '" . $comment_file . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 5;
return $return_value;
}
// creating index.html for this album
$logfilename = singleslash($dirname . "/index.html");
$indexfilecontent = "<HTML>\n<HEAD>\n<TITLE>nothing here</TITLE>\n</HEAD>\n<BODY>\nNothing here for you!\n</BODY>\n</HTML>\n";
$fd = fopen($logfilename, "w");
if ($fd) {
// index.html of album created successfully
flock($fd, 2); // get an exclusive lock
fwrite($fd, $indexfilecontent);
flock($fd, 3); // release the lock
fclose($fd);
} else {
// index.html of album not created!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the index.html for album '" . $logfilename . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 8;
return $return_value;
}
// creating index.html for the data directory of this album
$logfilename = singleslash($dirdataname . "/index.html");
$indexfilecontent = "<HTML>\n<HEAD>\n<TITLE>nothing here</TITLE>\n</HEAD>\n<BODY>\nNothing here for you!\n</BODY>\n</HTML>\n";
$fd = fopen($logfilename, "w");
if ($fd) {
// index.html of album created successfully
flock($fd, 2); // get an exclusive lock
fwrite($fd, $indexfilecontent);
flock($fd, 3); // release the lock
fclose($fd);
} else {
// index.html of album not created!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the index.html for data-directory of album '" . $logfilename . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 8;
return $return_value;
}
if ($config_album["userpwd_set"] != "no") {
$pwdfilename = singleslash($dirdataname . "/passwd_txt.inc.php");
$pwdhelp = "<?php \n \$passwd_txt = \"" . $config_album["userpwd"] . "\" \n ?>";
$fd = fopen($pwdfilename, "w");
if ($fd) {
flock($fd, 2); // get an exclusive lock
fwrite($fd, $pwdhelp);
flock($fd, 3); // release the lock
fclose($fd);
} else {
// userpasswordfile not created
$return_value["check"] = 9;
return $return_value;
}
}
// everything ok
// log the rest to the logfile
if($l_original_dirname != $check_dir_name) {
// log level 1: Administration
if((int)"1" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Administration|" . "AlbumAdmin New Album: CHANGED dirname from '" . $l_original_dirname . "' to '" . $check_dir_name . "' !|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
}
// log level 1: Administration
if((int)"1" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Administration|" . "AlbumAdmin New Album: CREATED new Album '" . $check_dir_name . "' successful !|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 1;
return $return_value;
} else {
// passwords dont match - no change!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: PASSWORDS not matching - Album '" . $check_dir_name . "' not created!|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 2;
return $return_value;
}
}
} else {
// no valid dirname!
// log level: Warning
if((int)"8" & (int)$config["loglevel"]) {
$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: NO VALID directoryname '" . $l_original_dirname . "' - Album not created!|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
@error_log($log_msg, 3, "yappa-ng.log");
}
$return_value["check"] = 7;
return $return_value;
}
}
$uri_base = str_replace("&admintask=CreateNew","",$global_var['self_url']);
if(isset($_POST['BeenSubmitted'])) {
/* go on executing this part of the script regardless if the user
* aborts this session or not! */
ignore_user_abort(1);
$answer = array();
$answer = HandleForm();
/* permit recognition of userabort again! */
ignore_user_abort(0);
}
?>
<form action="<?php print $global_var['self_url']; ?>" method="post">
<table cellspacing="0" cellpadding="5" border="0" width="100%">
<tr valign="top">
<td class="thumbnailCell">
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr><td colspan=4 align="center" class="adminHeading"><?php print $lang_akt["admin_new_hmain"]; ?></td></tr>
<tr><td colspan=4 align="center" class="adminComments"><?php print $lang_akt["admin_new_expl1"] . $selected_album; ?></td></tr>
<tr><td colspan=4 align="center" class="adminComments"><?php print $lang_akt["admin_new_expl2"]; ?></td></tr>
<tr><td colspan="4" class="passwdAdminCancel" align="center" >
[ <b><a href="<?php echo $uri_base ?>"><?php echo $lang_akt["passwd_admin_cancel"]; ?></b></a> ]</td></tr>
<tr><td width="10%"> </td><td width="25%"> </td><td width="5%"> </td><td> </td></tr>
<?php if ($config["demo_gallery"] == "yes") { ?>
<tr><td colspan=4 align="center" class="adminDemo"><?php print $lang_akt["admin_info_demo1"]; ?></td></tr>
<tr><td colspan=4 align="center" class="adminDemo"><?php print $lang_akt["admin_new_demo2"]; ?></td></tr>
<tr><td colspan="4"> </td></tr>
<?php } ?>
<tr><td colspan="4" align="center" class="adminStatus">
<?php if(isset($_POST['BeenSubmitted'])) {
$desition = $answer["check"];
switch($desition) {
case 1:
print $lang_akt["admin_new_status1a"];
// print $lang_akt["admin_new_status1b"];
$new_url = $_SERVER['PHP_SELF'] . "?album=" . $selected_album . "/" . $answer["newdir"] . "&adminlogin=yes&";
?>
<a href="<?php print $new_url; ?>" >[ <?php echo $lang_akt["admin_deldir_linkout"]; ?> ]</a></br>
<?php
if ($config["demo_gallery"] == "yes") {
print "<br>";
print $lang_akt["admin_new_status1x"];
}
break;
case 2:
// The 2 passwords do not match -> no change
print $lang_akt["admin_cpwduser_status2"];
break;
case 3:
// The configfile could not be created! The directory itself written!
print $lang_akt["admin_new_status3"];
break;
case 4:
// Empty userpassword! No change was made!
print $lang_akt["admin_cpwduser_status4"];
break;
case 5:
// The hitcounter could not be created! The directory is written!
print $lang_akt["admin_new_status5"];
break;
case 6:
// he directory could not be created. Maybe the directory already exists OR check the permissions for the directory or ask your Admin)!
print $lang_akt["admin_new_status6"];
break;
case 7:
// This is no valid directoryname!!
print $lang_akt["admin_new_status7"];
break;
case 8:
print $lang_akt["admin_new_status8"];
break;
case 9:
print $lang_akt["admin_new_status9"];
break;
default:
print "";
break;
}
} else {
$desition = 0;
} ?>
</td></tr>
<tr><td colspan="4"> </td></tr>
<tr><td colspan="4"> </td></tr>
<?php if ($desition != 1) { ?>
<tr><td colspan=4 class="adminDescription"><?php print $lang_akt["admin_new_nameosh"]; ?></td></tr>
<tr><td colspan=4 class="adminComments"><?php print $lang_akt["admin_new_nameosfull"]; ?></td></tr>
<tr>
<td> </td>
<td colspan="3" class="adminSelection"><input type="text" name="admin_form[newdirname]" value=""> <?php print $lang_akt["admin_new_nameostext"]; ?></td>
</tr>
<tr><td colspan="4"> </td></tr>
<tr><td colspan=4 class="adminDescription"><?php print $lang_akt["admin_new_adminpwdh"]; ?></td></tr>
<tr><td colspan=4 class="adminComments"><?php print $lang_akt["admin_new_adminpwdfull"]; ?></td></tr>
<tr>
<td width="10%"> </td>
<td colspan="3" class="adminSelection"><input type="password" name="admin_form[adminpwd]" value=""> <?php print $lang_akt["admin_cpwdadmin_text1"]; ?></td>
</tr>
<tr>
<td width="10%"> </td>
<td colspan="3" class="adminSelection"><input type="password" name="admin_form[adminpwd2]" value=""> <?php print $lang_akt["admin_cpwdadmin_text2"]; ?></td>
</tr>
<tr><td colspan="4"> </td></tr>
<tr><td colspan="4" align="center">
<input type="hidden" name="BeenSubmitted" value="true">
<input type="submit" name="submit" value="<?php print $lang_akt['submit']; ?>">
</td>
</tr>
<?php
} ?>
</table>
</td>
</tr>
</table>
</form>
<?php
?>