Location: PHPKode > projects > Yappa-ng > yappa-ng/admin_modules/admin_module_new.inc.php
<?php

/*
 * ***********************************************************************************************
 * Filename:     admin_module_new.inc.php
 * Module:       Admin-Module
 * Subcategory:  Create New Album
 * Description:  Creates new album and initializes it ( = creates necessary files)
 * ***********************************************************************************************
 *
 *
 * Project:     yappa-ng : yet another php photo album - next generation
 * Author:      Fritz Berger <hide@address.com>
 * Copyright:   2003 Fritz Berger
 * $Header: /cvsroot/yappa-ng/yappa-ng/admin_modules/admin_module_new.inc.php,v 1.25 2005/04/25 18:02:07 zirkon13 Exp $
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * You may contact the author of yappa-ng by e-mail at:
 *    hide@address.com
 *
 * The latest version of yappa-ng can be obtained from:
 *    http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_ger.html (german)
 *    http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_eng.html (english)
 *
 * ***********************************************************************************************
 * ***********************************************************************************************
 * ***                                                                                         ***
 * ***   yappa-ng is based on "YAPPA v1.7 devel - 22.April 2002"                               ***
 * ***                         released on http://sourceforge.net/projects/yappa/              ***
 * ***   YAPPA is Copyright Federico 'pix' Feroldi (hide@address.com)                           ***
 * ***   YAPPA is released under the GNU GPL                                                   ***
 * ***                                                                                         ***
 * ***********************************************************************************************
 * ***********************************************************************************************
 */

?>

<?php


/*
 * Standard Security Check
 */

if (!defined('SecCheck')) {
	die("You Cannot Access This Script Directly - Have a Nice Day.");
}

//include_once("check_html.inc.php");


/* Cleanup the file name removing any special characters. */
/* Code for this function submitted by:
 *     Marc Andrew Pawlowsky (marcpawl at users dot sourceforge dot net)
 *     changed by wizard
 */
function CleanFileName($old_name) {
	$first_letter_good = false;
	while ( (! $first_letter_good) && ($old_name != "") ) {
		$first_letter = substr($old_name, 0, 1);
		if (($first_letter == '.') || ($first_letter == '_') || ($first_letter == ' ')) {
			// We do not allow the first letter to be a period since this is
			// special indicating a hidden file in Unix.
			// We do not allow the first letter to be an underscore since this is
			// special indicating the directory for the userfiles of this album.
			// And blank will get converted to underscore later on!
			$old_name = substr($old_name, 1);
		} else {
			$first_letter_good = true;
		}
	}

	/* In this section we only let through characters we know as safe.
	 * The dangerous alternative is to try to filter out characters,
	 * but that makes it possible to make mistakes such having
	 * special HTML characters, e.g. < or >
	 *
	 * changed by Fritz Berger
	 * the following could be solved by a good erig_replace - but i'm not so good with regular expressions.
	 *
	 * Keep only alphanumeric letters
	 * and SOME special chars:
	 * blank will get changed to "_" (underscore)
	 * "_", "-" and "." will be allowed
	 * AND the dot only one at a time!
	 */
	$new_name = "";
	$i = 0;
	// check that there are not 2 or more dots in row
	$l_one_dot_check = 0;
	// be sure that after deleting some bad chars there is not a dot in first place AGAIN!
	$l_dot_is_now_first = 1;
	// and there has to be at lest one alphanumeric character in the directoryname!
	$l_one_alphanum = 0;
	$len = strlen($old_name);
	while ($i < $len) {
		$letter = substr($old_name, $i, 1);
		/* because the ctype_alnum is still not widely spread (january 2004) and many
		 * server have the PHP compiled without the ctype_alnum option I stop using it
		 * (for the moment) and reset to "conventional" (but slower) methods */
		// if ( ctype_alnum($letter) ) {
		if ( ereg("[A-Za-z0-9]", $letter) ) {
			$new_name = $new_name . $letter;
			$l_one_dot_check = 0;
			$l_dot_is_now_first = 0;
			$l_one_alphanum = 1;
		} else {
			if ($letter ==  " ") {
				$letter = "_";
			}
			if (($letter == ".") && ($l_one_dot_check == 0) && ($l_dot_is_now_first == 0)) {
				$new_name = $new_name . $letter;
				$l_one_dot_check = 1;
			}
			if (($letter == "_") || ($letter == "-")) {
				$new_name = $new_name . $letter;
				$l_one_dot_check = 0;
				$l_dot_is_now_first = 0;
			}
		}
		$i = $i + 1;
	}
	// check if there is at least one alphanum char inthe string (not only dots and underscores and hyphen ]
	if ($l_one_alphanum == 0) {
		$new_name ="";
	}

	return $new_name;
}


function HandleForm () {
	global $config_album;
	global $config;
	global $selected_album;

	// check filename
	/* here some checks are done
	 *  - only alphanumeric chars are accepted [a-zA-Z0-9]
	 *  - blanks get converted to underscore [" " -> "_" ]
	 *  - dots ".", hyphen "-" and underscores "_" are accepted
	 *  - no dot at the beginning and not more than one dot behind each other
	 *  - everything else removed
	 *  - the resulting directoryname has to be at least 2 chars long
	 *  if everytthing is ok set $check to true
	 */
	$return_value = array();
	$check = false;
	$l_original_dirname = basename($_POST['admin_form']['newdirname']);
	$check_dir_name =  CleanFileName($l_original_dirname);
	if (strlen($check_dir_name) > 2) {
	 	$check = true;
	}
	if ($check) {
	// pathname is ok
		$return_value["newdir"] = $check_dir_name;;
		if ($config["demo_gallery"] == "yes") {
			// if in DEMO mode set Admin-Password to "nonono"
			$_POST['admin_form']['adminpwd'] = "nonono";
			$_POST['admin_form']['adminpwd2'] = "nonono";
		}
		// check, if password is empty (not permitted!!)
		if ($_POST['admin_form']['adminpwd'] == "") {
			// empty passwords not permitted!
			// log level: Warning
			if((int)"8" & (int)$config["loglevel"]) {
				$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: Empty password not permitted for new directory '" . $check_dir_name . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
				@error_log($log_msg, 3, "yappa-ng.log");
			}
			$return_value["check"] = 4;
			return $return_value;
		} else {
			// check if no typo is in the password
			if ($_POST['admin_form']['adminpwd'] == $_POST['admin_form']['adminpwd2']) {
				// everything ok - set password!
				// password encryption thanks to Gertjan Vinkesteijn
				// who sent me the code ready for cut&paste! THANKS!!
				if ($config['use_MD5'] != "yes") {
					$config_album["adminpwd"] = $_POST['admin_form']['adminpwd'];
				} else {
					$md5_adminpwd = md5($_POST['admin_form']['adminpwd']);
					$config_album["adminpwd"] = $md5_adminpwd;
				}
				// $config_album["userpwd"] = "";
				// $config_album["userpwd_set"] = "no";

				$config_album["creation_time"] = date('U');
				$dirname = singleslash($config["photo_root"] . "/" . rawurldecode($_GET["album"]) . "/" . $check_dir_name);
				$dirdataname = singleslash($config["photo_root"] . "/" . rawurldecode($_GET["album"]) . "/" . $check_dir_name . "/" . $config['data_dirname']);

				// creating album directory
				if (mkdir ($dirname, intval($config['mkdir_mode'], 8))) {
					// directory successfully created!
					@chmod($dirname, intval($config['mkdir_mode'], 8));
				} else {
					// directory not created!
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating new directory '" . $dirname . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					$return_value["check"] = 6;
					return $return_value;
				}

				// creating data-directory for this album
				if (mkdir ($dirdataname, intval($config['mkdir_mode'], 8))) {
					// directory successfully created!
					@chmod($dirdataname, intval($config['mkdir_mode'], 8));
				} else {
					// directory not created!
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating new data-directory '" . $dirdataname . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					$return_value["check"] = 6;
					return $return_value;
				}

				// creating album config for this album
				$check = write_albumconf($dirname, $config_album);
				if ($check != 1) {
					// configfile not created!
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the Album Config '" . $check_dir_name . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					$return_value["check"] = 3;
					return $return_value;
				}

				// creating logfile for hitcounters for this album
				$logfilename = singleslash($dirdataname . "/" . $config["log_filename"]);
				$hitcounter_array = array();
				$hitcounter_array["_AlbumHitCounter_"] = 0;

				$fd = fopen($logfilename, "w");
				if ($fd) {
				// configfile created successfully
					flock($fd, 2); // get an exclusive lock
					fwrite($fd, serialize($hitcounter_array));
					flock($fd, 3); // release the lock
					fclose($fd);
				} else {
					// hitcounter not created!
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the hitcounter '" . $logfilename . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					$return_value["check"] = 5;
					return $return_value;
				}

				// creating rating list for album/image ratings for this album
				$rating_file = singleslash($dirdataname . "/" . $config['rating_filename']);
				$rating_array = array();
				$rating_array["_AlbumRating_"]['rate'] = 0;
				$rating_array["_AlbumRating_"]['votes'] = 0;
				$rating_array["_AlbumRating_"]['full'] = 0;
				$rating_array["_AlbumRating_"]['half'] = 0;
				if($fd = fopen($rating_file, "w")) {
					flock($fd, LOCK_EX); // get an exclusive lock
					fwrite($fd, serialize($rating_array));
					flock($fd, LOCK_UN); // release the lock
					fclose($fd);
				} else {
					// rating list not created!
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the rating list '" . $rating_file . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					$return_value["check"] = 5;
					return $return_value;
				}

				// initialize the comments list
				$comment_file = singleslash($dirdataname . "/" . $config['comment_filename']);
				$commentlist = array();
				$commentlist['_AlbumComment_']['count'] = 0;
				$commentlist['_AlbumComment_']['date'] = date('U');
				if($fd = fopen($comment_file, "w")) {
					flock($fd, LOCK_EX); // get an exclusive lock
					fwrite($fd, serialize($commentlist));
					flock($fd, LOCK_UN); // release the lock
					fclose($fd);
				} else {
					// commentlist not created!
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the commentlist '" . $comment_file . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					$return_value["check"] = 5;
					return $return_value;
				}

				// creating index.html for this album
				$logfilename = singleslash($dirname . "/index.html");
				$indexfilecontent = "<HTML>\n<HEAD>\n<TITLE>nothing here</TITLE>\n</HEAD>\n<BODY>\nNothing here for you!\n</BODY>\n</HTML>\n";
				$fd = fopen($logfilename, "w");
				if ($fd) {
				// index.html of album created successfully
					flock($fd, 2); // get an exclusive lock
					fwrite($fd, $indexfilecontent);
					flock($fd, 3); // release the lock
					fclose($fd);
				} else {
					// index.html of album not created!
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the index.html for album '" . $logfilename . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					$return_value["check"] = 8;
					return $return_value;
				}
				// creating index.html for the data directory of this album
				$logfilename = singleslash($dirdataname . "/index.html");
				$indexfilecontent = "<HTML>\n<HEAD>\n<TITLE>nothing here</TITLE>\n</HEAD>\n<BODY>\nNothing here for you!\n</BODY>\n</HTML>\n";
				$fd = fopen($logfilename, "w");
				if ($fd) {
				// index.html of album created successfully
					flock($fd, 2); // get an exclusive lock
					fwrite($fd, $indexfilecontent);
					flock($fd, 3); // release the lock
					fclose($fd);
				} else {
					// index.html of album not created!
					// log level: Warning
					if((int)"8" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: ERROR in creating the index.html for data-directory of album '" . $logfilename . "'|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
					$return_value["check"] = 8;
					return $return_value;
				}

				if ($config_album["userpwd_set"] != "no") {
					$pwdfilename = singleslash($dirdataname . "/passwd_txt.inc.php");
					$pwdhelp = "<?php \n \$passwd_txt = \"" . $config_album["userpwd"] . "\" \n ?>";
					$fd = fopen($pwdfilename, "w");
					if ($fd) {
						flock($fd, 2); // get an exclusive lock
						fwrite($fd, $pwdhelp);
						flock($fd, 3); // release the lock
						fclose($fd);
					} else {
						// userpasswordfile not created
						$return_value["check"] = 9;
						return $return_value;
					}
				}

				// everything ok
				// log the rest to the logfile
				if($l_original_dirname != $check_dir_name) {
					// log level 1: Administration
					if((int)"1" & (int)$config["loglevel"]) {
						$log_msg = date("U") . "|Administration|" . "AlbumAdmin  New Album: CHANGED dirname from '" . $l_original_dirname . "' to '" . $check_dir_name . "' !|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
						@error_log($log_msg, 3, "yappa-ng.log");
					}
				}
				// log level 1: Administration
				if((int)"1" & (int)$config["loglevel"]) {
					$log_msg = date("U") . "|Administration|" . "AlbumAdmin  New Album: CREATED new Album '" . $check_dir_name . "' successful !|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
					@error_log($log_msg, 3, "yappa-ng.log");
				}
				$return_value["check"] = 1;
				return $return_value;
			} else {
				// passwords dont match - no change!
				// log level: Warning
				if((int)"8" & (int)$config["loglevel"]) {
					$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: PASSWORDS not matching - Album '" . $check_dir_name . "' not created!|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
					@error_log($log_msg, 3, "yappa-ng.log");
				}
				$return_value["check"] = 2;
				return $return_value;
			}
		}
	} else {
		// no valid dirname!
		// log level: Warning
		if((int)"8" & (int)$config["loglevel"]) {
			$log_msg = date("U") . "|Warning|" . "AlbumAdmin New Album: NO VALID directoryname '" . $l_original_dirname . "' - Album not created!|" . $_SERVER['REMOTE_ADDR'] . "|-|" . basename(__FILE__) . "|" . __LINE__ . "\n";
			@error_log($log_msg, 3, "yappa-ng.log");
		}
		$return_value["check"] = 7;
		return $return_value;
	}
}

$uri_base = str_replace("&admintask=CreateNew","",$global_var['self_url']);

if(isset($_POST['BeenSubmitted'])) {
	/* go on executing this part of the script regardless if the user
	* aborts this session or not! */
	ignore_user_abort(1);
	$answer = array();
	$answer = HandleForm();
	/* permit recognition of userabort again! */
	ignore_user_abort(0);
}
?>

<form action="<?php print $global_var['self_url']; ?>" method="post">
<table cellspacing="0" cellpadding="5" border="0" width="100%">
<tr valign="top">
<td class="thumbnailCell">
<table width="100%" border="0" cellspacing="0" cellpadding="3">

	<tr><td colspan=4 align="center" class="adminHeading"><?php print $lang_akt["admin_new_hmain"]; ?></td></tr>
	<tr><td colspan=4 align="center" class="adminComments"><?php print $lang_akt["admin_new_expl1"] . $selected_album; ?></td></tr>
	<tr><td colspan=4 align="center" class="adminComments"><?php print $lang_akt["admin_new_expl2"]; ?></td></tr>

	<tr><td colspan="4" class="passwdAdminCancel" align="center" >
	[ <b><a href="<?php echo $uri_base ?>"><?php echo $lang_akt["passwd_admin_cancel"]; ?></b></a> ]</td></tr>
	<tr><td width="10%">&nbsp;</td><td width="25%">&nbsp;</td><td width="5%">&nbsp;</td><td>&nbsp;</td></tr>
	<?php if ($config["demo_gallery"] == "yes") { ?>
		<tr><td colspan=4 align="center" class="adminDemo"><?php print $lang_akt["admin_info_demo1"]; ?></td></tr>
		<tr><td colspan=4 align="center" class="adminDemo"><?php print $lang_akt["admin_new_demo2"]; ?></td></tr>
		<tr><td colspan="4">&nbsp;</td></tr>
	<?php } ?>
	<tr><td colspan="4" align="center" class="adminStatus">
	<?php if(isset($_POST['BeenSubmitted'])) {
		$desition = $answer["check"];
		switch($desition) {
			case 1:
				print $lang_akt["admin_new_status1a"];
				// print $lang_akt["admin_new_status1b"];
				$new_url = $_SERVER['PHP_SELF'] . "?album=" . $selected_album . "/" . $answer["newdir"] . "&amp;adminlogin=yes&amp;";
				?>
				<a href="<?php print $new_url; ?>" >[ <?php echo $lang_akt["admin_deldir_linkout"]; ?> ]</a></br>
				<?php
				if ($config["demo_gallery"] == "yes") {
					print "<br>";
					print $lang_akt["admin_new_status1x"];
				}
				break;
			case 2:
				// The 2 passwords do not match -> no change
				print $lang_akt["admin_cpwduser_status2"];
				break;
			case 3:
				// The configfile could not be created! The directory itself written!
				print $lang_akt["admin_new_status3"];
				break;
			case 4:
				// Empty userpassword! No change was made!
				print $lang_akt["admin_cpwduser_status4"];
				break;
			case 5:
				// The hitcounter could not be created! The directory is written!
				print $lang_akt["admin_new_status5"];
				break;
			case 6:
				// he directory could not be created. Maybe the directory already exists OR check the permissions for the directory or ask your Admin)!
				print $lang_akt["admin_new_status6"];
				break;
			case 7:
				// This is no valid directoryname!!
				print $lang_akt["admin_new_status7"];
				break;
			case 8:
				print $lang_akt["admin_new_status8"];
				break;
			case 9:
				print $lang_akt["admin_new_status9"];
				break;
			default:
				print "";
				break;
		}
	} else {
		$desition = 0;
	} ?>
	</td></tr>
	<tr><td colspan="4">&nbsp;</td></tr>
	<tr><td colspan="4">&nbsp;</td></tr>

	<?php if ($desition != 1) { ?>
		<tr><td colspan=4 class="adminDescription"><?php print $lang_akt["admin_new_nameosh"]; ?></td></tr>
		<tr><td colspan=4 class="adminComments"><?php print $lang_akt["admin_new_nameosfull"]; ?></td></tr>
		<tr>
		<td>&nbsp;</td>
		<td colspan="3" class="adminSelection"><input type="text" name="admin_form[newdirname]" value=""> <?php print $lang_akt["admin_new_nameostext"]; ?></td>
		</tr>
		<tr><td colspan="4">&nbsp;</td></tr>


		<tr><td colspan=4 class="adminDescription"><?php print $lang_akt["admin_new_adminpwdh"]; ?></td></tr>
		<tr><td colspan=4 class="adminComments"><?php print $lang_akt["admin_new_adminpwdfull"]; ?></td></tr>
		<tr>
		<td width="10%">&nbsp;</td>
		<td colspan="3" class="adminSelection"><input type="password" name="admin_form[adminpwd]" value=""> <?php print $lang_akt["admin_cpwdadmin_text1"]; ?></td>
		</tr>
		<tr>
		<td width="10%">&nbsp;</td>
		<td colspan="3" class="adminSelection"><input type="password" name="admin_form[adminpwd2]" value=""> <?php print $lang_akt["admin_cpwdadmin_text2"]; ?></td>
		</tr>


		<tr><td colspan="4">&nbsp;</td></tr>
		<tr><td colspan="4" align="center">
			<input type="hidden" name="BeenSubmitted" value="true">
			<input type="submit" name="submit" value="<?php print $lang_akt['submit']; ?>">
		</td>
		</tr>
	<?php
	} ?>

</table>
</td>
</tr>
</table>
</form>


<?php



?>
Return current item: Yappa-ng