Location: PHPKode > scripts > TinyWebGallery > tinywebgallery/admin/upload/tfu_helper.php
<?php
/**
 * TWG Flash uploader 2.10.x
 *
 * Copyright (c) 2004-2009 TinyWebGallery
 * written by Michael Dempfle
 *
 *
 *        This file has all the helper functions.
 *        Normally you don't have to modify anything here.
 */
/**
 * * ensure this file is being included by a parent file
 */
defined('_VALID_TWG') or die('Direct Access to this location is not allowed.');

// some globals you can change
$session_double_fix = false; // this is only needed if you get errors because of corrupt sessions. If you turn this on a backup is made and checked if the first one is corrupt
$timezone = ''; // Please set your timezone here if you have problems with timezones - if you need exact times - enter your timezone - see http://www.dynamicwebpages.de/php/timezones.php
if (function_exists('date_default_timezone_set')) { // php 5.1.x
        if ($timezone != '') {
          @date_default_timezone_set($timezone);
        } else if (function_exists('date_default_timezone_get')) {
          set_error_handler('on_error_no_output');
          @date_default_timezone_set(@date_default_timezone_get());
          set_error_handler('on_error');
        } else {
          @date_default_timezone_set('Europe/Berlin');
        }
}
// default settings you should normally not change.
$bg_color_preview_R = 255;
$bg_color_preview_G = 255;
$bg_color_preview_B = 255;
$input_invalid = false;
$old_error_handler = false;

tfu_setHeader();

@ob_start();
// neede to be here because of possible depreciate warning!
include dirname(__FILE__) . '/tfu_zip.class.php';
/**
 * * Needed for Https and IE!
 */
function tfu_setHeader()
{
    header('Pragma: I-hate-internet-explorer');
    header('Cache-Control:no-store');
}
/**
 * function:tfu_debug()
 */
function tfu_debug($data)
{
    global $debug_file; // set in the tfu_config.php or is overwritten by the twg config
    global $enable_enhanced_debug;
    	$data = replaceInput($data); // we check output data too - you never know!
	    $input_invalid = false;

      if(stristr($data, 'called statically') === false && stristr($data, 'deprecated') === false) { // This error can happen in Joomla and can be ignored
        $debug_string = date('m.d.Y G:i:s') . ' - ' . $data . "\n";
	      if ($enable_enhanced_debug) {
          $debug_string .= '    Request: ' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'] . "\n";
          foreach (debug_backtrace() as $element) {
            $debug_string .= '      Stack: ' . basename($element['file']) . ":" . $element['line'] . ":" . $element['function'];
            foreach ($element['args'] as $par) {
              if (is_array($par)) {
                $par = str_replace("\n", "", print_r($par, true));  
              }    
              $debug_string .= ":" . substr($par, 0, 100); // max 100 chars
            }
            $debug_string .= "\n";
          }
        }
        if ($debug_file == '') {
		      error_log($debug_string, 0);
		      return;
	      }

        if (file_exists($debug_file)) {
            if (filesize($debug_file) > 2000000) { // debug file max = 2MB !
                // we move the old one and start a new one - but only once!
                rename (dirname(__FILE__) . '/tfu.log', dirname(__FILE__) . '/tfu.log.bak');
                $debug_file_local = fopen($debug_file, 'w');
            } else {
                $debug_file_local = fopen($debug_file, 'a');
            }
            fputs($debug_file_local, $debug_string);
            fclose($debug_file_local);
        } else {
            if (is_writeable(dirname(__FILE__))) {
                if (!isset($debug_file)) { // if helper is included somewhere else!
                  $debug_file = dirname(__FILE__) . "/tfu.log";
                }
                $debug_file_local = @fopen($debug_file, 'a');
                @fputs($debug_file_local, $debug_string);
                @fclose($debug_file_local);
                clearstatcache();
            } else {
                error_log($debug_string, 0);
            }
        }
    }
}

function on_error($num, $str, $file, $line)
{
    if ((strpos ($file, 'email.inc.php') === false) && (strpos ($str, 'fopen') === false) && (strpos ($str, 'Deprecated') === false)) {
        tfu_debug("ERROR $num in " . substr($file, -40) . ", line $line: $str");
    }
}

function on_error_no_output($num, $str, $file, $line)
{
}

if (!isset($skip_error_handling)) {
  @ini_set('display_errors','On');
  $old_error_handler = set_error_handler("on_error");
}


/**
 * Resizes a jpg/png/gif file if needed and stores it back to the original location
 * Needs gdlib > 2.0!
 * All other files are untouched
 * 1 = ok
 * 0 = failed
 * 2 = unknown - we retry after the save later.
 *
 */
function resize_file($image, $size, $compression, $image_name, $dest_image = false)
{
    global $use_image_magic, $image_magic_path, $enable_upload_debug, $store;

    if (!isset($store)) {
      $store = 0;
    }
    set_error_handler('on_error_no_output');
    ini_set('gd.jpeg_ignore_warning', 1); // since php 5.1.3 this leads that corrupt jpgs are read much better!
    set_error_handler('on_error');
    // we can do some caching here! - nice for 2.6 ;).
    if ($size == 'undefined') {
      tfu_debug('Resize: ERROR - No size is sent from the flash. Make sure that you have at least one value entered in the config. The image is NOT resized.');
      return 1;
    }

    $srcx = 0;
    $srcy = 0;
    if ($enable_upload_debug) { tfu_debug('Resize: Preparing to resize "' . $image . ' with size: '.$size.'"'); }
    if (file_exists($image)) {
        $oldsize = getimagesize($image);
        if ($oldsize[0] == 0) {
            // for broken images we try to read the exif data!
            $oldsize = get_exif_size($image, $image_name);
        }
        $oldsizex = $oldsize[0];
        $oldsizey = $oldsize[1];

        if (($oldsizex < $size) && ($oldsizey < $size)) {
            if ($enable_upload_debug) { tfu_debug('Resize: Image ('. $oldsizex .'x' .$oldsizey. ') is not resized with setting "' . $size . '"'); }
            return 1;
        }

        if ($oldsizex > $oldsizey) { // querformat - this keeps the dimension between horzonal and vertical
            $width = $size;
            $height = ($width / $oldsizex) * $oldsizey;
        } else { // hochformat - this keeps the dimension between horzonal an vertical
            $height = $size;
            $width = ($height / $oldsizey) * $oldsizex;
        }

        $height = round($height);
        $width =  round($width);

        if ($use_image_magic) {
            if ($enable_upload_debug) {
              tfu_debug("Resize: Image magick is used");
            }
            $ima = $loc_ima = realpath($image);
            $resize = $width . 'x' . $height;
            if ($dest_image) {
              $store = 1;
              $loc_ima = $dest_image;
            } else {
              if ($store == 2) { // 1st attempt was not o.k. - we try it with a backup name.
                $loc_ima = $ima . '.bak';
              }
            }
            $command = $image_magic_path . ' "' . $ima . '" -quality ' . $compression . ' -resize ' . $resize . ' "' . $loc_ima . '"';
            if ($enable_upload_debug) {
              tfu_debug("Resize: Image magick command: " . $command);
            }
            execute_command ($command);
             // we check if the resize was o.k.
              if ($store == 0) { // we do the resize to the same image again
                 // we check if the resize was o.k.
                $newsize = getimagesize($ima);
                if ($width != $newsize[0]) { // resize failed for unknown reasons.
                   if ($enable_upload_debug) { tfu_debug("Resize: Image could not be resized."); }
                   return 2; // we try to resize again later!
                } else {
                   return 1;
                }
              } else { // we resize to a temp file
                if (file_exists($ima . '.bak')) {
                $newsize = getimagesize($ima . '.bak');
                 if ($width != $newsize[0]) { // resize failed for unknown reasons.
                   if ($enable_upload_debug) { tfu_debug("Resize: Image could not be resized - wrong size"); }
                   unlink($ima . '.bak');
                   return 2; // we try to resize again later!
                 } else { // resize is o.k.
                   unlink($ima);
                   rename($ima . '.bak',$ima);
                   return 1;
                }
                } else {
                  if ($enable_upload_debug) { tfu_debug("Resize: Image could not be resized - no file"); }
                  return 2;
                }
              }
        } else {
            if ($enable_upload_debug) { tfu_debug("Resize: gd-lib is used."); }
            if (!isMemoryOk($oldsize, $image_name, true)) {
                return 0;
            }
            if ($enable_upload_debug) { tfu_debug("Resize: memory is o.k."); }

            $src = get_image_src($image, $oldsize[2]);
            if (!$src) {
                tfu_debug('File ' . $image_name . ' cannot be resized!');
                return false;
            }
            $dst = ImageCreateTrueColor($width, $height);
            imagecopyresampled($dst, $src, 0, 0, $srcx, $srcy , $width, $height, $oldsizex, $oldsizey);
            @imagedestroy($src);

            if ($dest_image) {
                $image = $dest_image;
            }
            if ($enable_upload_debug) { tfu_debug("Resize: image was resampled."); }

            if ($oldsize[2] == 1) { // gif
                $res = imagegif($dst, $image);
            } else if ($oldsize[2] == 2) { // jpg
                $res = imagejpeg($dst, $image, $compression);
            } else if ($oldsize[2] == 3) { // png
                $res = imagepng($dst, $image);
            } else {
                $res = imagejpeg($dst, $image, $compression);
            }
            if ($res) {
                // we check if the resize was o.k.
                $newsize = getimagesize($image);
                if ($width != $newsize[0]) { // resize failed for unknown reasons.
                     if ($enable_upload_debug) { tfu_debug("Resize: Image could not be resized."); }
                     return 2;
                }
                if ($enable_upload_debug) { tfu_debug("Resize: Image was saved and resized."); }
                @imagedestroy($dst);
                return 1;
            } else {
                tfu_debug('cannot save: ' . $image);
                return 0;
            }
        }
    } else
        return 2;
}

/**
 * resizes a file and writes it back to the user! - can do jpg, png and gif if the support is there !
 * renamed png's (that that are actually jpg's are handled as well!)
 * Needs gdlib > 2.0!
 */
function send_thumb($image, $compression, $sizex, $sizey, $generateOnly = false)
{
    global $bg_color_preview_R, $bg_color_preview_G, $bg_color_preview_B;

    set_error_handler('on_error_no_output');
    ini_set('gd.jpeg_ignore_warning', 1); // since php 5.1.3 this leads that corrupt jpgs are read much better!
    set_error_handler('on_error');
    $srcx = 0;
    $srcy = 0;
    $dimx = $sizex;
    $dimy = $sizey;
    $usethumbs = false;

    if (file_exists(dirname(__FILE__) . '/thumbs') && is_writable(dirname(__FILE__) . '/thumbs')) { // is a caching dir available and writeable?
        $cachename = dirname(__FILE__) . '/thumbs/' . sha1($image . $sizex) . '.jpg';
        $usethumbs = true;
    }

    if ($usethumbs && file_exists($cachename)) {
        // we return the jpg!
        header('Content-type: image/jpg');
        header('Content-Length: ' . filesize($cachename));
        header('Pragma: no-cache');
        header('Expires: 0');
        $fp = fopen($cachename, 'rb');
        while ($content = fread($fp, 8192)) {
            print $content;
        }
        fclose($fp);
        return true;
    } else if (file_exists($image)) {
        if (filesize($image) == 0) {
          return false;
        }
        $oldsize = getimagesize($image);
        // for broken images we try to read the exif data!
        if ($oldsize[0] == 0) {
            $oldsize = get_exif_size($image, $image);
        }
        $oldsizex = $oldsize[0];
        $oldsizey = $oldsize[1];

        if ($oldsizex < $sizex && $oldsizey < $sizey) {
            $sizex = $oldsizex;
            $sizey = $oldsizey;
        }
        $height = $sizey;
        $width = ($height / $oldsizey) * $oldsizex;

        if ($width > $sizex) {
            $width = $sizex;
            $height = ($width / $oldsizex) * $oldsizey;
        }

        if (isMemoryOk($oldsize, '')) {
            $src = get_image_src($image, $oldsize[2]);
            if (!$src) { // error in image!
                if ($sizex < 100) {
                    // we return an empty white one ;).
                    $src = ImageCreateTrueColor($oldsizex, $oldsizey);
                    $back = imagecolorallocate($src, 255, 255, 255);
                    imagefilledrectangle($src, 0, 0, $oldsizex, $oldsizex, $back);
                }
                tfu_debug($image . ' is not a valid image - please check the file.');
                return false;
            }
            // $dst = ImageCreateTrueColor($width, $height);
            $dst = ImageCreateTrueColor($dimx, $dimy);
            if ($dimx < 100) { // white bg for small preview
                $back = imagecolorallocate($dst, $bg_color_preview_R, $bg_color_preview_G, $bg_color_preview_B);
            } else { // gray bg for big preview
                $back = imagecolorallocate($dst, 245, 245, 245);
            }
            imagefilledrectangle($dst, 0, 0, $dimx, $dimy, $back);
            if ($dimx > 100) { // border
                imagerectangle ($dst, 0, 0, $dimx-1, $dimy-1, imagecolorallocate($dst, 160, 160, 160));
            }

            $offsetx = 0;
            $offsetx_b = 0;
            if ($dimx > $width) { // we have to center!
                $offsetx = floor(($dimx - $width) / 2);
            } else if ($dimx > 100) {
                $offsetx = 4;
                $offsetx_b = 8;
            }

            $offsety = 0;
            $offsety_b = 0;
            if ($dimy > $height) { // we have to center!
                $offsety = floor(($dimy - $height) / 2);
            } else if ($dimx > 100) {
                $offsety = 4;
                $offsety_b = 8;
            }

            $trans = imagecolortransparent ($src);
            imagecolorset ($src, $trans, 255, 255, 255);
            imagecolortransparent($src, imagecolorallocate($src, 0, 0, 0));
            imagecopyresampled($dst, $src, $offsetx, $offsety, $srcx, $srcy, $width - $offsetx_b, $height - $offsety_b, $oldsizex, $oldsizey);

            header('Content-type: image/jpg');
            if ($usethumbs) { // we save the thumb
                imagejpeg($dst, $cachename, $compression);
            }
            if (!$generateOnly) {
                header('Pragma: no-cache');
                header('Expires: 0');
                ob_start();
                if (imagejpeg($dst, '', $compression)) {
                    $buffer = ob_get_contents();
                    header('Content-Length: ' . strlen($buffer));
                    ob_end_clean();
                    echo $buffer;
                    @imagedestroy($dst);
                    return true;
                } else {
                    ob_end_flush();
                    tfu_debug('cannot save: ' . $image);
                    @imagedestroy($src);
                }
            }
        }
    }
    return false;
}
// we check if we can get a memory problem!
function isMemoryOk($oldsize, $image_name, $debug = true)
{
    $memory = ($oldsize[0] * $oldsize[1] * 6) + 1048576; // mem and we add 1 MB for safty
    // I try to increase the memory if more is needed and if it is possible.
    if (function_exists("memory_get_usage")) {
      $InUse=memory_get_usage();
      if ($memory > return_kbytes(ini_get('memory_limit')*1024) - $InUse)
      {
        @ini_set('memory_limit',$memory + $InUse + 3000000); // 3 MB for processing extra!
      }
    }
    $memory_limit = return_kbytes(ini_get('memory_limit')) * 1024;
    if ($memory > $memory_limit && $memory_limit > 0) { // we store the number of images that have a size problem in the session and output this in the readDir file
        $mem_errors = 0;
        if (isset($_SESSION['upload_memory_limit'])) {
            $mem_errors = $_SESSION['upload_memory_limit'];
        }
        $_SESSION['upload_memory_limit'] = ($mem_errors + 1);
        if ($debug) {
            tfu_debug('File ' . $image_name . ' cannot be processed because not enough memory is available! Needed: ~' . $memory . '. Available: ' . $memory_limit);
        }
        return false;
    } else {
        return true;
    }
}
$sn = get_server_name();

function get_image_src($image, $type)
{
    set_error_handler('on_error_no_output'); // No error shown because we handle this error!
    if ($type == 1) { // gif
        $src = imagecreatefromgif($image);
    } else if ($type == 2) { // jpg
        $src = imagecreatefromjpeg($image);
    } else if ($type == 3) { // png
        $src = @imagecreatefrompng($image);
    } else {
        $src = imagecreatefromjpeg($image); // if error we try read an jpg!
    }
    set_error_handler('on_error');
    return $src;
}
/**
 * A small helper function !
 */
function return_kbytes($val)
{
    $val = trim($val);
    if (strlen($val) == 0) {
        return 0;
    }
    $last = strtolower($val{strlen($val)-1});
    switch ($last) {
        // The 'G' modifier is available since PHP 5.1.0
        case 'g':
            $val *= 1024;
        case 'm':
            $val *= 1024;
        case 'k':
            $val *= 1;
    }
    return $val;
}
$m = is_renameable();

/**
 * get maximum upload size
 */
function getMaximumUploadSize()
{
    $upload_max = return_kbytes(ini_get('upload_max_filesize'));
    $post_max = return_kbytes(ini_get('post_max_size'));
    return $upload_max < $post_max ? $upload_max : $post_max;
}

/**
 * compares caseinsensitive - normally this could be done with natcasesort -
 * but this seems to be buggy on my test system!
 */
function mycmp ($a, $b)
{
    return strnatcasecmp ($a, $b);
}

/**
 * compares caseinsensitive - ascending for date
 */
function mycmp_date ($a, $b)
{
    return strnatcasecmp ($b, $a);
}

function cmp_dec ($a, $b)
{
    return mycmp(urldecode($a), urldecode($b));
}

function cmp_dir_dec ($a, $b)
{
    $a = substr($a, 0);
    $b = substr($b, 0);
    return mycmp(urldecode($a), urldecode($b));
}

function cmp_date_dec ($a, $b)
{
    return mycmp_date(urldecode($a), urldecode($b));
}

/**
 * deletes everything from the starting dir on! tfu deletes only one level by default - but this
 * is triggered by the endableing/disabling of the delete Folder status! not by this function!
 */
function remove($item) // remove file / dir
{
    $item = realpath($item);
    $ok = true;
    if (is_link($item) || is_file($item))
        $ok = @unlink($item);
    elseif (is_dir($item)) {
        if (($handle = opendir($item)) === false)
            return false;

        while (($file = readdir($handle)) !== false) {
            if (($file == '..' || $file == '.')) continue;

            $new_item = $item . '/' . $file;
            if (!file_exists($new_item))
                return false;
            if (is_dir($new_item)) {
                $ok = remove($new_item);
            } else {
                $ok = @unlink($new_item);
            }
        }
        closedir($handle);
        $ok = @rmdir($item);
    }
    return $ok;
}

function is_tfu_deletable($file)
{
    $isWindows = substr(PHP_OS, 0, 3) == 'WIN';

    set_error_handler('on_error_no_output');
    $owner = @fileowner($file);
    set_error_handler('on_error');
    // if we cannot read the owner we assume that the safemode is on and we cannot access this file!
    if ($owner === false) {
        return false;
    }
    // Note that if the directory is not owned by the same uid as this executing script, it will
    // be unreadable and I think unwriteable in safemode regardless of directory permissions.
    // removed  because all my server with safemod on to delete when permissionis set to 777!
    // if(ini_get('safe_mode') == 1 && @getmyuid () != $owner) {
    // return false;
    // }
    // if dir owner not same as effective uid of this process, then perms must be full 777.
    // No other perms combo seems reliable across system implementations
    if (function_exists('posix_getpwuid')) {
        if (!$isWindows && posix_geteuid() !== $owner) {
            return (substr(decoct(@fileperms($file)), -3) == '777' || @is_writable(dirname($file)));
        }
    }

    if ($isWindows && getmyuid() != $owner) {
        return (substr(decoct(fileperms($file)), -3) == '777');
    }
    // otherwise if this process owns the directory, we can chmod it ourselves to delete it
    return is_writable(dirname($file));
}

function replaceInput($input)
{
    global $input_invalid;

    $output = str_replace('<', '_', $input);
    $output = str_replace('>', '_', $output);
    // we check some other settings too :)
    if (strpos($output, 'cookie(') || strpos($output, 'popup(') || strpos($output, 'open(') || strpos($output, 'alert(') || strpos($output, 'reload(') || strpos($output, 'refresh(')) {
        $input_inv_alid = true;
    }
    // we check for security if a .. is in the path we remove this!	and .// like in http:// is invalid too!
	  $output = str_replace("..", "__", $output);
	  $output = str_replace("://", "___", $output);
    if ($input != $output) {
        $input_invalid = true;
    }
    return $output;
}

function getCurrentDir()
{
    // we read the dir - first session, then parameter, then default!
    if (isset($_SESSION['TFU_DIR'])) {
        $dir = $_SESSION['TFU_DIR'];
    } else {
        $dir = 'upload';
    }
    return $dir;
}

function getFileName($dir)
{
    global $fix_utf8, $exclude_directories, $sort_files_by_date, $hide_hidden_files;
    $sort_by_date = $sort_files_by_date;

    if (!isset($_GET['index']) || $_GET['index'] == '') {
        return '';
    }
    $index = parseInputParameter($_GET['index']);
    // All files are sorted in the array myFiles
    $dirhandle = opendir($dir);
    $myFiles = array();
    while (($file = readdir($dirhandle)) !== false) {
        if ($file != '.' && $file != '..' && !in_array($file, $exclude_directories)&& (!($hide_hidden_files && (strpos($file, '.') === 0)))) {
            if (!is_dir($dir . '/' . $file) && check_view_extension($file)) {
                if ($sort_by_date) {
                    $file = filemtime(($dir . '/' . $file)) . $file;
                }
                array_push($myFiles, fix_encoding($file, $fix_utf8));
            }
        }
    }
    closedir ($dirhandle);
    if ($sort_by_date) {
        usort ($myFiles, 'mycmp_date');
    } else {
        usort ($myFiles, 'mycmp');
    }
    // now we have the same order as in the listing and check if we have one or multiple indexes !
    if (strpos($index, ',') === false) { // only 1 selection
        return get_decoded_string($dir, $myFiles[$index]);
    } else { // we return an array !
        // we need the offset
        $offset = parseInputParameter($_GET['offset']);
        $filenames = array();
        $index = trim($index, ',');
        $indices = explode(',', $index);
        foreach ($indices as $ind) {
            $filenames[] = get_decoded_string($dir, $myFiles[$ind - $offset]);
        }
        return $filenames;
    }
}

function get_decoded_string($dir, $string)
{
    global $fix_utf8;
    if ($fix_utf8 == '') {
        return $dir . '/' . utf8_decode(remove_sort_prefix($string));
    } else {
        return $dir . '/' . iconv('UTF-8', $fix_utf8, remove_sort_prefix($string));
    }
}

function remove_sort_prefix($string)
{
    global $sort_files_by_date;
    if ($sort_files_by_date) {
        return substr($string, 10);
    } else {
        return $string;
    }
}

function getRootUrl()
{
    if (isset($_SERVER)) {
        $GLOBALS['__SERVER'] = &$_SERVER;
    } elseif (isset($HTTP_SERVER_VARS)) {
        $GLOBALS['__SERVER'] = &$HTTP_SERVER_VARS;
    }
    $dirn = dirname ($GLOBALS['__SERVER']['PHP_SELF']);
    if ($dirn == '\\') $dirn = '';
    return 'http://' . $GLOBALS['__SERVER']['HTTP_HOST'] . $dirn . '/';
}

function tfu_checkSession()
{
}
if (isset($_SESSION['TF' . 'U_RN'])) {
    $s = $_SESSION['TF' . 'U_RN'];
    $t = substr($s, 0, 3) . substr($s, 21, 3) . substr($s, 10, 4);
    if (time() > ($t + (6 * 12 * 2 * 1000))) $_SESSION['TF' . 'U_RN'] = '0';
}

/**
 * * removes ../ in a pathname!
 */
function fixUrl($url)
{
    $pos = strpos ($url, '../');
   	while ($pos !== false && $pos != 0) {
        $before = substr($url, 0, $pos-1);
        $after = substr($url, $pos + 3);
        $before = substr($before, 0, strrpos($before, '/') + 1);
        $url = $before . $after;
        $pos = strpos ($url, '../');
    }
    return $url;
}

function runsNotAsCgi()
{
    $no_cgi = true;
    if (isset($_SERVER['SERVER_SOFTWARE'])) {
        $mystring = $_SERVER['SERVER_SOFTWARE'];
        $pos = strpos ($mystring, 'CGI');
        if ($pos === false) {
            // nicht gefunden...
        } else {
            $no_cgi = false;
        }
        $mystring = $_SERVER['SERVER_SOFTWARE'];
        $pos = strpos ($mystring, 'cgi');
        if ($pos === false) {
            // nicht gefunden...
        } else {
            $no_cgi = false;
        }
    }
    return $no_cgi;
}

function has_safemode_problem_global()
{
    $isWindows = substr(PHP_OS, 0, 3) == 'WIN';

    $no_cgi = runsNotAsCgi();

    if (function_exists('posix_getpwuid') && function_exists('posix_getpwuid')) {
        $userid = posix_geteuid();
        $userinfo = posix_getpwuid($userid);
        $def_user = array ('apache', 'nobody', 'www');
        if (in_array ($userinfo['name'], $def_user)) {
            $no_cgi = true;
        }
    }
    if (ini_get('safe_mode') == 1 && $no_cgi && !$isWindows) {
        return true;
    }
    return false;
}
// set a umask that makes the files deletable again!
if (has_safemode_problem_global() || runsNotAsCgi()) {
    umask(0000); // otherwise you cannot delete files anymore with ftp if you are no the owner!
} else {
    umask(0022); // Added to make created files/dirs group writable
}

function gd_version()
{
    static $gd_version_number = null;
    if ($gd_version_number === null) {
        if (function_exists('gd_info')) {
            $info = gd_info();
            $module_info = $info['GD Version'];
            if (preg_match("/[^\d\n\r]*?([\d\.]+)/i",
                    $module_info, $matches)) {
                $gd_version_number = $matches[1];
            } else {
                $gd_version_number = 0;
            }
        } else { // needed before 4.3 !
            ob_start();
            phpinfo(8);
            $module_info = ob_get_contents();
            @ob_end_clean();
            if (preg_match("/\bgd\s+version\b[^\d\n\r]+?([\d\.]+)/i",
                    $module_info, $matches)) {
                $gd_version_number = $matches[1];
            } else {
                $gd_version_number = 0;
            }
        }
    }
    return $gd_version_number;
}

function is_gd_version_min_20()
{
    if (gd_version() >= 2) {
        return 'true';
    } else {
        return 'false';
    }
}

function restore_split_files($items)
{
    $split_array = array();
    // first we check if files are split and group he splited files
    foreach ($items as $filename) {
        if (is_part($filename)) {
            $split_array[removeExtension($filename)][] = $filename;
        }
    }

    foreach ($split_array as $restore => $parts) {
        $totsize = 0;
        // sorting of parts is important!
        usort($parts, 'mycmp');
        // we open the destination
        $dest_file = fopen($restore, 'wb');
        foreach ($parts as $parts_name) {
            $totsize += filesize($parts_name);
            $fp = fopen($parts_name, 'rb');
            while ($content = fread($fp, 8192)) {
                fputs($dest_file, $content);
            }
            fclose($fp);
        }
        fclose($dest_file);
        // if o.k. we delete the .part files! - check the filesize maybe?
        if (filesize($restore) == $totsize) {
            array_map('unlink', $parts);
        }
    }
}

function resize_merged_files($items, $size)
{
    $split_array = array();
    // first we check if files are split and group the splited files
    foreach ($items as $filename) {
        if (is_part($filename)) {
            $split_array[removeExtension($filename)][] = $filename;
        }
    }
    foreach ($split_array as $restore => $parts) {
        if (is_supported_tfu_image(my_basename($restore), $restore) && $size < 100000) {
          resize_file($restore, $size, 80, my_basename($restore));
        }
    }
}

function is_part($str)
{
    global $split_extension;
    $ex = substr (strrchr ($str, '.'), 1);
    $pos = strpos ($ex, $split_extension);
    if ($pos === false) {
        return false;
    } else if ($pos == 0) {
        return true;
    } else {
        return false;
    }
}

function is_supported_tfu_image($image,$current)
{
    $image = strtolower ($image);
    $isimage = preg_match('/.*\.(jp)(e){0,1}(g)$/', $image) ||
    preg_match('/.*\.(gif)$/', $image) ||
    preg_match('/.*\.(png)$/', $image) ;
    if ($isimage) {
      // we check if this is really an image - if we cannot read the size we assume it could be a php fake
      set_error_handler('on_error_no_output');
      if (file_exists($current)) {
        $size = @getimagesize ($current);
        if ($size === false) {
          // seems not to be an image - now we we replace the <?php with <_php
          $data = file_get_contents($current);
          $data2 = str_replace("<?php","<_php",$data);
          if ($data2 != $data) {
            file_put_contents($current, $data2);
            tfu_debug("SECURITY WARNING: Please check the file ".$image.". It was uploaded with an image extensions but included php code. The php start of this file was changed because of security issues!" );
          }
        }
      }
      set_error_handler('on_error');
    }
    return $isimage;
}

if (!isset($skip_error_handling)) {
  set_error_handler("on_error_no_output"); // 4.x gives depreciated errors here but if I change it it does only work with 5.x - therefore I don't show any errors here !
}
if (file_exists('tfu_exifReader.php')) {
  include 'tfu_exifReader.php';
}
if (!isset($skip_error_handling)) {
  set_error_handler("on_error");
}



function get_exif_size($filename, $image_name)
{
    set_error_handler('on_error_no_output'); // is needed because error are most likly but we don't care about fields we don't even know
    $er = new phpExifReader($filename);
    $er->processFile();
    $exif_info = $er->getImageInfo();
    set_error_handler('on_error');

    $size_array = array();
    $size_array[2] = 2;
    if (isset($er->ImageInfo[TAG_EXIF_IMAGEWIDTH])) {
        $size_array[0] = $er->ImageInfo[TAG_EXIF_IMAGEWIDTH];
    } else {
        $size_array[0] = 1024;
        tfu_debug('Size of image ' . $image_name . ' cannot be detected using 1024x768.');
    }

    if (isset($er->ImageInfo[TAG_EXIF_IMAGELENGTH])) {
        $size_array[1] = $er->ImageInfo[TAG_EXIF_IMAGELENGTH];
    } else {
        $size_array[1] = 768;
    }
    return $size_array;
}

function removeCacheThumb($filename)
{
    $thumbsdir = dirname(__FILE__) . '/thumbs';
    if (file_exists($thumbsdir) && is_writable($thumbsdir)) { // is a caching dir available and writeable?
        $cachename = $thumbsdir . '/' . sha1($filename . '160') . '.jpg'; // small
        if (file_exists($cachename)) {
            @unlink($cachename);
        }
        $cachename = $thumbsdir . '/' . sha1($filename . '400') . '.jpg'; // big
        if (file_exists($cachename)) {
            @unlink($cachename);
        }
    }
    cleanup_thumbs_cache();
}

function cleanup_thumbs_cache()
{
    if (isset($_SESSION['checkcache'])) { // we only check once per session!
        return;
    }
    $_SESSION['checkcache'] = 'TRUE';

    $cache_time = 10; // in days !!
    $thumbsdir = dirname(__FILE__) . '/thumbs';

    $cache_time = $cache_time * 86400;
    $del_time = time() - $cache_time;
    if (file_exists($thumbsdir) && is_writable($thumbsdir)) {
        $d = opendir($thumbsdir);
        $i = 0;
        while (false !== ($entry = readdir($d))) {
            if ($entry != '.' && $entry != '..') {
                $atime = fileatime($thumbsdir . '/' . $entry);
                if ($atime < $del_time) {
                    @unlink($thumbsdir . '/' . $entry);
                }
            }
        }
        closedir($d);
    }
}

function removeExtension($name)
{
    return substr($name, 0, strrpos ($name, '.'));
}

/**
 * * create a unique directory - 1 st is year, 2 and 3 rd is month - rest is unique up to length
 */
function createUniqueDir($basedir, $length = 10)
{
    $dir = '';
    $prefix = substr(date('Ym'), 3);
    while ($dir == '') {
        $start = pow (10, $length-3);
        $stop = pow (10, $length-2)-1;
        $value = rand($start, $stop);

        $tempdir = $basedir . $prefix . $value;
        if (!file_exists($tempdir)) {
            mkdir($tempdir);
            $dir = $tempdir;
            break;
        }
    }
    return $dir;
}

/**
 * Finds the destination folder depending on the id - the id has the format 1,2,0
 * means folder 2 in level 1, 3 rd folder in level 2, 1st folder in level 3.....
 * empty means root!
 */
function getDestinationFolder($id_list)
{
    global $exclude_directories, $hide_hidden_files;
    $base_dir = $_SESSION['TFU_ROOT_DIR'];
    if ($id_list == '') return $base_dir;
    $ids = explode(',', $id_list);
    $dir = $base_dir;
    foreach ($ids as $id) {
        // read the dir - get the directory and set the base to the new level.
        $dirhandle = opendir($dir);
        $myDirs = array();
        while (false !== ($filed = readdir($dirhandle))) {
            if ($filed != '.' && $filed != '..' && !in_array($filed, $exclude_directories) && (!($hide_hidden_files && (strpos($filed, '.') === 0)))) {
                if (is_dir($dir . '/' . $filed)) {
                    array_push($myDirs, $filed);
                }
            }
        }
        usort ($myDirs, 'mycmp');
        $dir = $dir . '/' . $myDirs[$id];
    }
    return $dir;
}

function get_tree_xml()
{
    if (isset($_SESSION["TREE_" . $_SESSION['TFU_ROOT_DIR']])) {
      return $_SESSION["TREE_" . $_SESSION['TFU_ROOT_DIR']];
    } else {
      $tree = '<node><node label="/"  id="">' . show_dir_xml($_SESSION['TFU_ROOT_DIR']) . '</node></node>';
      $_SESSION["TREE_" . $_SESSION['TFU_ROOT_DIR']] = $tree;
      return $tree;
    }
}

function show_dir_xml($myDir = '.', $indent = 0, $levelStr = '')
{
    global $exclude_directories, $hide_hidden_files;
    $dir = opendir($myDir);
    $einrueckung = str_repeat(' ', $indent * 4);
    if ($levelStr != '') {
        $levelStr .= ',';
    }
    $foo = '';
    $counter = 0;
    $dirlist = array();

    while ($file = readdir($dir)) {
        $dirlist[] = $file;
    }
    usort ($dirlist, 'mycmp');
    foreach ($dirlist as $file) {
        $newDir = $myDir . '/' . $file;

        if ($file == '.' || $file == '..' || in_array($file, $exclude_directories)&& (!($hide_hidden_files && (strpos($file, '.') === 0))))
            continue;

        if (is_dir($newDir)) {
            $curLevelStr = $levelStr . '' . $counter++;
            $foo .= '<node id="' . $curLevelStr . '" label="' . $file . '">' . "\n" . show_dir_xml($newDir . '/', 1, $curLevelStr) . "</node>\n";
        }
    }
    return $foo;
}

function get_unique_filename($dir, $image)
{
    $i = 1;
    $probeer = $image;
    while (file_exists($dir . $probeer)) {
        $punt = strrpos($image, '.');
        if (substr($image, ($punt-3), 1) !== ('(') && substr($image, ($punt-1), 1) !== (')')) {
            $probeer = substr($image, 0, $punt) . '(' . $i . ')' .
            substr($image, ($punt), strlen($image) - $punt);
        } else {
            $probeer = substr($image, 0, ($punt-3)) . '(' . $i . ')' .
            substr($image, ($punt), strlen($image) - $punt);
        }
        $i++;
    }
    return $probeer;
}

/**
 * Needed for loading saving text files
 */
$cp1252_map = array(
		      '\xc2\x80' => '\xe2\x82\xac', /* EURO SIGN */
		      '\xc2\x82' => '\xe2\x80\x9a', /* SINGLE LOW-9 QUOTATION MARK */
		      '\xc2\x83' => '\xc6\x92',     /* LATIN SMALL LETTER F WITH HOOK */
		      '\xc2\x84' => '\xe2\x80\x9e', /* DOUBLE LOW-9 QUOTATION MARK */
		      '\xc2\x85' => '\xe2\x80\xa6', /* HORIZONTAL ELLIPSIS */
		      '\xc2\x86' => '\xe2\x80\xa0', /* DAGGER */
		      '\xc2\x87' => '\xe2\x80\xa1', /* DOUBLE DAGGER */
		      '\xc2\x88' => '\xcb\x86',     /* MODIFIER LETTER CIRCUMFLEX ACCENT */
		      '\xc2\x89' => '\xe2\x80\xb0', /* PER MILLE SIGN */
		      '\xc2\x8a' => '\xc5\xa0',     /* LATIN CAPITAL LETTER S WITH CARON */
		      '\xc2\x8b' => '\xe2\x80\xb9', /* SINGLE LEFT-POINTING ANGLE QUOTATION */
		      '\xc2\x8c' => '\xc5\x92',     /* LATIN CAPITAL LIGATURE OE */
		      '\xc2\x8e' => '\xc5\xbd',     /* LATIN CAPITAL LETTER Z WITH CARON */
		      '\xc2\x91' => '\xe2\x80\x98', /* LEFT SINGLE QUOTATION MARK */
		      '\xc2\x92' => '\xe2\x80\x99', /* RIGHT SINGLE QUOTATION MARK */
		      '\xc2\x93' => '\xe2\x80\x9c', /* LEFT DOUBLE QUOTATION MARK */
		      '\xc2\x94' => '\xe2\x80\x9d', /* RIGHT DOUBLE QUOTATION MARK */
		      '\xc2\x95' => '\xe2\x80\xa2', /* BULLET */
		      '\xc2\x96' => '\xe2\x80\x93', /* EN DASH */
		      '\xc2\x97' => '\xe2\x80\x94', /* EM DASH */

		      '\xc2\x98' => '\xcb\x9c',     /* SMALL TILDE */
		      '\xc2\x99' => '\xe2\x84\xa2', /* TRADE MARK SIGN */
		      '\xc2\x9a' => '\xc5\xa1',     /* LATIN SMALL LETTER S WITH CARON */
		      '\xc2\x9b' => '\xe2\x80\xba', /* SINGLE RIGHT-POINTING ANGLE QUOTATION*/
		      '\xc2\x9c' => '\xc5\x93',     /* LATIN SMALL LIGATURE OE */
		      '\xc2\x9e' => '\xc5\xbe',     /* LATIN SMALL LETTER Z WITH CARON */
		      '\xc2\x9f' => '\xc5\xb8'      /* LATIN CAPITAL LETTER Y WITH DIAERESIS*/
    );

function tfu_seems_utf8($Str)
{
    for ($i = 0; $i < strlen($Str); $i++) {
        if (ord($Str[$i]) < 0x80) $n = 0; # 0bbbbbbb
        elseif ((ord($Str[$i]) &0xE0) == 0xC0) $n = 1; # 110bbbbb
        elseif ((ord($Str[$i]) &0xF0) == 0xE0) $n = 2; # 1110bbbb
        elseif ((ord($Str[$i]) &0xF0) == 0xF0) $n = 3; # 1111bbbb
        else return false; # Does not match any model
        for ($j = 0; $j < $n; $j++) { // n octets that match 10bbbbbb follow ?
            if ((++$i == strlen($Str)) || ((ord($Str[$i]) &0xC0) != 0x80)) return false;
        }
    }
    return true;
}

function cp1252_to_utf8($str)
{
    global $cp1252_map;
    return strtr(utf8_encode($str), $cp1252_map);
}

function utf8_to_cp1252($str)
{
    global $cp1252_map;
    return utf8_decode(strtr($str, array_flip($cp1252_map)));
}

function getExtension($name)
{
    $name = rtrim($name, ".,; \t\n\r\0\x0B");
    return substr (strrchr ($name, '.'), 1);
}


function space_enc($string) {
  global $description_mode;

  if ($description_mode == 'true') { // - description is added at the end - we don't encode ' : ' and the rest.
    $teile = explode(" : ", $string,2);
    $teile[0] =  str_replace(" ", "%20",  $teile[0]);
    $string = implode(" : ", $teile);
  } else {
    $string =  str_replace(" ", "%20", $string);
  }
  return $string;

}
/**
 * This does a nice character exchange with a random crypt key!
 * If you need a 100% secure connection please use https!
 */
function tfu_enc($str, $id, $length = false)
{
    if ($length) {
        $str = substr($str, 0, $length);
    }
    for ($i = 0; $i < strlen($id); $i++) {
        if (ord($id{$i}) > 127) {
            tfu_debug('The crypt key at position ' . $i . ' is not valid - please change the implementation.');
            return $str;
        }
    }
    $code = '';
    $keylen = strlen($id);
    for ($i = 0; $i < strlen($str); $i++) {
        $code .= chr(ord($str{$i}) + ord($id{($i%$keylen)}));
    }
    return utf8_encode($code);
}

function setSessionVariables()
{
    global $folder, $user, $login;
    // this settings are needed in the other php files too!
    if ($login == 'true') {
        $_SESSION['TFU_LOGIN'] = 'true';
    }
    $_SESSION['TFU_RN'] = parseInputParameter($_POST['twg_rn']);
    $_SESSION['TFU_ROOT_DIR'] = $_SESSION['TFU_DIR'] = $folder;
    if (!isset($_SESSION['TFU_USER']) || $user != '') {
      $_SESSION['TFU_USER'] = ($user != '') ? $user : $_SERVER['REMOTE_ADDR'];
    }
    store_temp_session();
}

/**
 * All parameters a sent to the flash
 * First I wanted to introduce a Config class but this is the only place where they
 * have to be passed globaly - therefore no class is used now.
 */
function sendConfigData()
{
    global $login, $rn, $maxfilesize, $resize_show, $resize_data, $resize_label, $resize_default, $allowed_file_extensions;
    global $forbidden_file_extensions, $show_delete, $enable_folder_browsing, $enable_folder_creation;
    global $enable_folder_deletion, $enable_file_download, $keep_file_extension, $show_preview, $show_big_preview;
    global $enable_file_rename, $enable_folder_rename, $enable_folder_move, $enable_file_copymove, $language_dropdown;
    global $preview_textfile_extensions, $edit_textfile_extensions;
    //, $maxfilesize_split;
    // optional settings
    global $reg_infos, $login_text, $relogin_text, $upload_file, $base_dir, $titel;
    global $warning_setting, $hide_remote_view, $directory_file_limit, $remote_label;
    global $preview_label, $show_full_url_for_selected_file, $upload_finished_js_url;
    global $preview_select_js_url, $delete_js_url, $js_change_folder, $js_create_folder;
    global $js_rename_folder, $js_delete_folder, $js_copymove, $queue_file_limit, $show_size;
    global $queue_file_limit_size, $split_extension, $hide_help_button, $direct_download;
    global $description_mode_show_default, $description_mode, $download_multiple_files_as_zip;
    global $overwrite_files, $description_mode_mandatory, $post_upload_panel, $form_fields;
    global $big_progressbar,$img_progressbar,$img_progressbar_back,$img_progressbar_anim;
    
    // the sessionid is mandatory because upload in flash and Firefox would create a new session otherwise - sessionhandled login would fail then!
    $output = '&session_id=' . session_id() . '&login=' . tfu_enc($login, $rn);
    $output .= '&maxfilesize=' . tfu_enc('' . $maxfilesize, $rn); // ;  . '&dir=' . $folder; // folder not sent anymore - only session is used!
    // $output .= '&maxfilesize_split=' . tfu_enc('' . $maxfilesize_split, $rn);
    // $output .= '&maxfilesize_php=' . getMaximumUploadSize();
    $output .= '&resize_show=' . $resize_show . '&resize_data=' . $resize_data;
    $output .= '&resize_label=' . urlencode($resize_label) . '&resize_default=' . $resize_default;
    $output .= '&allowed_file_extensions=' . tfu_enc($allowed_file_extensions, $rn) . '&forbidden_file_extensions=' . $forbidden_file_extensions;
    $output .= '&show_delete=' . $show_delete . '&enable_folder_browsing=' . $enable_folder_browsing;
    $output .= '&enable_folder_creation=' . $enable_folder_creation . '&enable_folder_deletion=' . $enable_folder_deletion ;
    $output .= '&enable_file_download=' . $enable_file_download . '&keep_file_extension=' . $keep_file_extension;
    $output .= '&show_preview=' . $show_preview . '&show_big_preview=' . $show_big_preview ;
    $output .= '&enable_file_rename=' . $enable_file_rename . '&enable_folder_rename=' . $enable_folder_rename;
    $output .= '&enable_folder_copy=' . $enable_folder_move . '&enable_file_copy=' . $enable_file_copymove;
    $output .= '&language_dropdown=' . $language_dropdown;
    $output .= '&preview_textfile_extensions=' . $preview_textfile_extensions . '&edit_textfile_extensions=' . $edit_textfile_extensions;
    // optional settings
    $output .= $reg_infos . '&login_text=' . $login_text;
    $output .= '&relogin_text=' . $relogin_text . '&upload_file=' . $upload_file;
    $output .= '&base_dir=' . $base_dir . '&titel=' . urlencode($titel);
    $output .= '&warning_setting=' . $warning_setting . '&hide_remote_view=' . $hide_remote_view;
    $output .= '&directory_file_limit=' . $directory_file_limit;
    $output .= '&remote_label=' . urlencode($remote_label) . '&preview_label=' . $preview_label;
    $output .= '&show_full_url_for_selected_file=' . $show_full_url_for_selected_file;
    $output .= '&upload_finished_js_url=' . urlencode($upload_finished_js_url) . '&preview_select_js_url=' . urlencode($preview_select_js_url);
    $output .= '&delete_js_url=' . urlencode($delete_js_url) . '&js_change_folder=' . urlencode($js_change_folder);
    $output .= '&js_create_folder=' . urlencode($js_create_folder) . '&js_rename_folder=' . urlencode($js_rename_folder);
    $output .= '&js_delete_folder=' . urlencode($js_delete_folder) . '&js_copymove=' . urlencode($js_copymove);
    $output .= '&queue_file_limit=' . $queue_file_limit . '&queue_file_limit_size=' . $queue_file_limit_size;
    $output .= '&split_extension=' . $split_extension . '&hide_help_button=' . $hide_help_button;
    $output .= '&direct_download=' . $direct_download . '&show_size=' . $show_size;
    $output .= '&description_mode=' . $description_mode . '&description_mode_show_default=' . $description_mode_show_default;
    $output .= '&multiple_zip_download=' . $download_multiple_files_as_zip;
    $output .= '&overwrite_files=' . $overwrite_files . '&description_mode_mandatory=' . $description_mode_mandatory;
    $output .= '&post_upload_panel=' . $post_upload_panel . '&form_fields=' .$form_fields;
    $output .= '&big_progressbar=' . $big_progressbar . '&img_progressbar=' .$img_progressbar;
    $output .= '&img_progressbar_back=' . $img_progressbar_back . '&img_progressbar_anim=' .$img_progressbar_anim;

    echo $output;
}

/**
 * This stores all data in a session in a temporary folder as well if it does exist.
 * This is a workaround if a session is lost and empty in the tfu_upload.php and restored there!
 */
function store_temp_session()
{
    global $session_double_fix;
    if (file_exists(dirname(__FILE__) . '/session_cache') && session_id() != "") { // we do your own small session handling
        $cachename = dirname(__FILE__) . '/session_cache/' . session_id();
        $ser_file = fopen($cachename, 'w');
        fwrite($ser_file, serialize($_SESSION));
        fclose($ser_file);
        if ($session_double_fix) {
            $ser_file = fopen($cachename . '2', 'w');
            fwrite($ser_file, serialize($_SESSION));
            fclose($ser_file);
        }
    }
}

function checkSessionTempDir($type = 0)
{
    global $keep_internal_session_handling;
    if (isset($_FILES) && (count ($_FILES) > 0)) {
        $filen = array_shift($_FILES);
        $filename = $filen['name'];
        tfu_debug('It can be possible that someone tried to upload something without permissions! If you think this is the case the IP of this user is logged: ' . $_SERVER['REMOTE_ADDR'] . '. He tried to upload the following file: ' . $filename);
    }
    if (!file_exists(dirname(__FILE__) . '/session_cache')) {
        tfu_debug('Or it is possible that the session handling of the server is not o.k. Therefore TFU simulates a basic session handling and uses the session_cache folder for that.');
        if (!mkdir(dirname(__FILE__) . '/session_cache')) {
            tfu_debug('Directory session_cache could not be created! Please create the sub directoy session_cache and set the permissions of it to 777.');
        } else {
            tfu_debug('Directory session_cache could be created! TFU does now an internal session handling. Delete the directory session_cache to turn the internal handling off.');
            @chmod(dirname(__FILE__) . '/session_cache', 0777);
            // we create an index.htm to prevent listings!
            $datei = fopen(dirname(__FILE__) . '/session_cache/index.htm', 'w');
            fclose($datei);
        }

    } if ($type == 5) { // the upload check has to fail because the whole session data is gone.
      echo 'int_session_handling=true';
    } else {
        tfu_debug('It seems that the session handling of the server is not o.k. TFU already tried a workaround that does not seem to work. TFU deleted the session_cache folder. Maybe it was created because of a wrong request! Please go to http://www.tinywebgallery.com/de/tfu/web_faq.php#12. If this does not help please report this in the forum to find a solution!');
        if (!$keep_internal_session_handling) {
            remove(dirname(__FILE__) . '/session_cache');
        }
      echo 'int_session_handling=false';
    }
}

$check_server_file_extensions = $m;

function restore_temp_session($checkrn = false)
{
    global $session_double_fix;

    if (file_exists(dirname(__FILE__) . '/session_cache')) { // we do your own small session handling
        $cachename = dirname(__FILE__) . '/session_cache/' . session_id();
        if (file_exists($cachename)) {
            $data = file_get_contents($cachename);
            set_error_handler('on_error_no_output'); // is needed because error are most likly but we don't care about fields we don't even know
            $sdata = unserialize($data);
            set_error_handler('on_error');
            if (isset($sdata) && (isset($sdata['TFU_RN']) || $checkrn)) {
                $_SESSION = $sdata;
            } else { // we try again
                sleep(1);
                if ($session_double_fix) {
                    $cachename .= '2';
                }
                $data = file_get_contents ($cachename);
                set_error_handler('on_error_no_output'); // is needed because error are most likly but we don't care about fields we don't even know
                $sdata = unserialize($data);
                set_error_handler('on_error');
                if (isset($sdata) && (isset($sdata['TFU_RN'])|| $checkrn)) {
                    $_SESSION = $sdata;
                } else {
                    tfu_debug('Session data could no be restored :' . $data);
                }
            }
        }
        // now we have to clean old temp sessions! - we do this once a day only!
        // first we check if we have done this already!
        $today = dirname(__FILE__) . '/session_cache/_cache_day_' . date('Y_m_d') . '.tmp';
        if (file_exists($today)) {
            return;
        }
        // not done - we delete all files on this folder older than 1 day + the _cache_day_*.tmp files
        $d = opendir(dirname(__FILE__) . '/session_cache');
        $i = 0;
        $del_time = time() - 86000; // we delete file older then 24 hours
        while (false !== ($entry = readdir($d))) {
            if ($entry != '.' && $entry != '..') {
                $atime = fileatime(dirname(__FILE__) . '/session_cache/' . $entry);
                if ($atime < $del_time) {
                    @unlink(dirname(__FILE__) . '/session_cache/' . $entry);
                }
            }
        }
        $tmp_files = glob(dirname(__FILE__) . '/session_cache/*.tmp');
        if ($tmp_files) {
            foreach($tmp_files as $fn) {
                if ($fn != '/session_cache/.' && $fn != '/session_cache/..') {
                  @unlink($fn);
                }
            }
        }
        // now we write the flag
        $fh = fopen($today, 'w');
        fclose($fh);
    }

    // Joomla session update!
    if (isset($_SESSION['__default']['session.counter'])) {
      $_SESSION['__default']['session.counter'] = $_SESSION['__default']['session.counter'] + 1;
      $_SESSION['__default']['session.timer.now'] = time();
      $_SESSION['__default']['session.timer.last'] = $_SESSION['__default']['session.timer.now'];
    }
}

// checks if the extension is allowed to be viewed!
function check_view_extension($name)
{
    global $check_server_file_extensions, $allowed_view_file_extensions, $forbidden_view_file_extensions;
    $allowed_view_file_extensions = str_replace(' ', '', strtolower($allowed_view_file_extensions));
    $forbidden_view_file_extensions = str_replace(' ', '', strtolower($forbidden_view_file_extensions));

    if ((($allowed_view_file_extensions != 'all') || ($forbidden_view_file_extensions != '')) && (strlen($check_server_file_extensions) > 10)) {
        if (strpos($name, '.') === false) {
            return false;
        } else {
            $ext = strtolower(getExtension($name));
            if ($allowed_view_file_extensions == 'all') { // we check the not allowed extensions
                return !in_array($ext, explode(',', $forbidden_view_file_extensions));
            } else { // we only allow the allowed extension
                return in_array($ext, explode(',', $allowed_view_file_extensions));
            }
        }
    } else {
        return true;
    }
}

function t($l, $s)
{
    $n = '';
    $m = explode(';', $l);
    foreach($m as $v) {
      $nrp = substr_count($v, '.');
      if ($nrp == 1 && (strpos($v,'*')=== false)) { $nrp++; $v.="*."; }
        $el = explode('.', $s);
        if ($el !== false) {
          $r = array_slice($el, 0, -$nrp);
          $n .= ';' . str_replace('*', 'ww'.'w'. ((count($r) >0) ? ('.'.array_pop($r)) : ''), $v);
        }
      }
    return $n;
}
// Checks if the uploaded extension is o.k. on the server side!
// Trailing . are removed because of security issues.
function check_valid_extension($name)
{
    global $forbidden_file_extensions, $allowed_file_extensions;
    $afe = str_replace(' ', '', strtolower($allowed_file_extensions));
    $name = rtrim($name, ".,; \t\n\r\0\x0B");
    $path_info = pathinfo($name);
    $file_extension = strtolower($path_info['extension']);
    if ($afe == '') { // this can be useful if you don't allow to upload - only to download!
        return false;
    }
    if ($afe != 'all') {
        $extension_whitelist = explode(',', $afe); // Allowed file extensions
        // $valid_chars_regex = '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-';				// Characters allowed in the file name (in a Regular Expression format)
        $is_valid_extension = false;
        foreach ($extension_whitelist as $extension) {
            if ($file_extension == $extension) {
                $is_valid_extension = true;
                break;
            }
        }
    } else { // not allowed extensions
        $nafe = str_replace(' ', '', strtolower($forbidden_file_extensions));
        $is_valid_extension = true;
        if ($nafe != '') {
            $extension_blacklist = explode(',', $nafe);
            foreach ($extension_blacklist as $extension) {
                if (strpos($file_extension, $extension) === true) {
                    $is_valid_extension = false;
                    break;
                }
            }
        }
    }
    if (!$is_valid_extension) {
        header('HTTP/1.1 500 Internal Server Error');
        echo 'No valid extension - upload not permitted.';
        exit(0);
    }
    return true;
}
// Validate the file size (Warning the largest files supported by this code is 2GB)
function check_valid_filesize($name)
{
    global $maxfilesize;
    $file_size = sprintf("%u", @filesize($name));
    if (!$file_size || $file_size > ($maxfilesize * 1024)) {
        @unlink($name);
        header('HTTP/1.1 500 Internal Server Error');
        echo 'File size too big - upload not permitted.';
        exit(0);
    }
}

/**
 * Right now the parameters are only checked very basic because they are not
 * returned back to a frontend or passed somewhere else.
 * Therefore only a basic regular expression is used!
 * You can pass a different regex if you want to restrict something more (e.g a file name)
 * The are 2 functions
 * - parseInputParameter check for valid caracters because there I know the proper values
 * - parseInputParameterFile is an exclude - there I only check for chars that are not allowed in file names!
 */
function parseInputParameter($value, $def = '', $valid_chars_regex = '.\w_,-')
{
    return (isset($value)) ? preg_replace('/[^' . $valid_chars_regex . ']|\.+$/i', '_', $value) : $def;
}

function parseInputParameterFile($value, $def = '')
{
    if (isset($value)) {
        $reserved = preg_quote("\/:*?'<>", "/");
        return preg_replace("/([\\x00-\\x1f{$reserved}])/", '_', $value);
    } else {
        return $def;
    }
}

function printServerInfo()
{   
   global $check_image_magic;                                                                                                                                                                                   global $m;
    echo '
  <style type="text/css">
  body { 	font-family : Arial, Helvetica, sans-serif; font-size: 12px; background-color:#ffffff; }
  td { vertical-align: top; font-size: 12px; }
  .install {  margin-left: auto;  margin-right: auto;  margin-top: 3em;  margin-bottom: 3em; padding: 10px; border: 1px solid #cccccc;  width: 650px; background: #F1F1F1; }
  </style>
';
    $limit = return_kbytes(ini_get('memory_limit'));

    echo '<br><p><center>Some info\'s about your server. This limits are not TFU limits. You have to change this in the php.ini.</center></p>';
    echo '<div class="install">';
    echo '<table><tr><td>';
    echo '<tr><td width="400">TFU version:</td><td width="250">2.10.7&nbsp;';
    // simply output the license type by checking the strings in the license. No real check like in the flash is done here.
    if ($m != "" && $m != "s" && $m !="w" ) {
        ob_start();
        $ff = dirname(__FILE__) . "/twg.lic.php";
        if (!file_exists($ff)) { // we are in TWG
          $ff = dirname(__FILE__) . "/../../twg.lic.php";  
        } 
        include  $ff;
        ob_end_clean();
        if ($l == $d) {
          echo " (Enterprise Edition License)";
        } else if (strpos($d, "TWG_PROFESSIONAL") !== false) {
          echo " (Professional Edition License)";
        } else if (strpos($d, "TWG_SOURCE") !== false) {
          echo " (Source code Edition License)";
        } else {
          echo " (Standart Edition License)";
        }
    } else {
      echo " (Freeware Edition)";
    }
    echo  '</td></tr>';

    echo '<tr><td width="400">Server name:</td><td width="250">' . get_server_name() . '</td></tr>';
    echo '<tr><td>PHP upload limit (in KB): </td><td>' . getMaximumUploadSize() . '</td></tr>';
    echo '<tr><td>PHP memory limit (in KB):&nbsp;&nbsp;&nbsp;</td><td>' . $limit . '</td></tr>';
    echo '<tr><td>Safe mode:</td><td>';
    echo (ini_get('safe_mode') == 1) ? 'ON<br>You maybe have some limitations creating folders or uploading<br>if the permissions are not set properly.<br>Please check the TWG FAQ 30 if you want to know more about<br>safe mode and the problems that comes with this setting.' : 'OFF';
    echo '</td></tr><tr><td>GD lib:</td><td>';
    echo (!function_exists('imagecreatetruecolor')) ? '<font color="red">GDlib is not installed properly.<br>TFU Preview does not work!</font>' : 'Available';
    echo '</td></tr>';
    echo '<tr><td>Max resize resolution (GDlib):</td><td>';
    if (!$limit) {
        echo '<font color="green">No limit</font>';
    } else {
        $xy = $limit * 1024 / 6;
        $x = floor(sqrt ($xy / 0.75));
        $y = floor(sqrt($xy / 1.33));
        if ($x > 4000) {
            echo '<font color="green">~ ' . $x . ' x ' . $y . '</font>';
        } else if ($x > 2000) {
            echo '<font color="orange">~ ' . $x . ' x ' . $y . '</font>';
        } else {
            echo '<font color="red">~ ' . $x . ' x ' . $y . '</font>';
        }
    }
    echo '</td></tr>';
    $test = check_image_magic("",$check_image_magic);
    echo '<tr><td>Image magick support:&nbsp;&nbsp;&nbsp;</td><td>' . (($test == '1') ? '<font color="green">Available</font>' : (($test == '0') ? '<b><font color="red">Not available</b><br>(or test could not be performed!)</font>': '<font color="red">Test disabled</font>')) . '</td></tr>';
    echo '<tr><td>The times below have to be longer than the maximum<br>upload duration! Otherwise the upload will fail.</td><td>&nbsp;</td></tr>';
    echo '<tr><td>PHP maximum execution time: </td><td>' . ini_get('max_execution_time') . ' s</td></tr>';
    echo '<tr><td>PHP maximum input time: </td><td>' . ini_get('max_input_time') . ' s</td></tr>';
    echo '<tr><td>PHP default socket timeout: </td><td>' . ini_get('default_socket_timeout') . ' s</td></tr>';
    echo '</table>';
    echo '</div>';
}

/*
  We check if we can create a image with image magick
  The check is only done once per session because in JFU this function is called every time we access
  a profile page. If this function has a problem because of the execute you would never get to the config page.
*/
function check_image_magic($path = "", $check_image_magic = true) {
   global $folder, $image_magic_path;

   if ($check_image_magic) {
     if (isset($_SESSION['IM_CHECK'])) {
        return ($_SESSION['IM_CHECK']);
     }
     $inputimage = dirname(__FILE__) . "/lang/de.gif";
     set_error_handler('on_error_no_output'); // is needed because the cache folder could be not reachable because of base_dir restrictions
     if (!file_exists($folder)) {
       $folder =  dirname(__FILE__) . "/../../../../cache"; // if the tfu folder is in the administration
          if (!file_exists($folder) && (!is_writeable($folder))) {
            $folder =  dirname(__FILE__) . "/../../../cache"; // if the tfu folder is in the frontend
            if (!file_exists($folder) && (!is_writeable($folder))) {
            // now we check if we can do the test in the local directoy
            $folder = dirname(__FILE__);
            if (!is_writeable($folder)) {
              set_error_handler('on_error');
              return '0';
            }
          }
       }
     }
     set_error_handler('on_error');
  
     if ($path != "") {
       $image_magic_path = $path;
     }
     $outputcachetest = $folder . "/_image_magick_test.jpg";
     $fh=fopen($outputcachetest,'w'); // fix for a but in some php - versions - thanks to Anders
     fclose($fh);
     $command = $image_magic_path. " \"" .  realpath($inputimage) . "\" -quality 80 -resize 120x81  \"" . realpath($outputcachetest) . "\"";
     @unlink($outputcachetest);
     $_SESSION['IM_CHECK'] = '0';
     execute_command($command);
     if (file_exists($outputcachetest)) {
        $ok = '1';
        @unlink($outputcachetest);
        $_SESSION['IM_CHECK'] = '1';
     } else {
       $ok = '0';
     }
     return $ok;
   } else { 
    return '-1';
   } 
}

/**
 *  Normalizes the file names - fix_encoding has to be called before this function is used.
 *  This isn't done here because normalize filenames is an optional step while fix_encoding
 *  is always done.
 **/
function normalizeFileNames($imageName){
   global $fix_utf8, $normalizeSpaces;

  // we make the file name lowercase
  $imageName = strtolower($imageName);

  if ($normalizeSpaces == 'true') {
    $imageName=str_replace(' ','_',$imageName);
  }

  // Some characters I know how to fix ;).
  $imageName=str_replace(array('ä','ö','ü','ß'),array('ae','oe','ue','ss'),$imageName);
  // and some others might need
  $imageName=str_replace(array('á','à','ã','â','ç','¢','é','ê','è','ë','í','î','ï','ì','ñ','ô','ó','õ','ò','š','ú','ù','û','ü','ý','ÿ','ž'),
                         array('a','a','a','a','c','c','e','e','e','e','i','i','i','i','n','o','o','o','o','s','u','u','u','u','y','y','z'),$imageName);
  // we remove the rest of unwanted chars
  $patterns[] = '/[\x7b-\xff]/';  // remove all characters above the letter z.  This will eliminate some non-English language letters
  $patterns[] = '/[\x21-\x2c]/'; // remove range of shifted characters on keyboard - !"#$%&'()*+
  $patterns[] = '/[\x5b-\x60]/'; // remove range including brackets - []\^_`
  // we remove all kind of special characters for utf8 encoding as well
  $patterns[] = '/[\x7b-\xff]/u';  // remove all characters above the letter z.  This will eliminate some non-English language letters
  $patterns[] = '/[\x21-\x2c]/u'; // remove range of shifted characters on keyboard - !"#$%&'()*+
  $patterns[] = '/[\x5b-\x60]/u'; // remove range including brackets - []\^_`
  $replacement ="_";
  return preg_replace($patterns, $replacement, $imageName);
}

function execute_command ($command) {
  $use_shell_exec = true;;
  ob_start();
  set_error_handler('on_error_no_output');
  if (substr(@php_uname(), 0, 7) == "Windows"){
  	   // Make a new instance of the COM object
  		$WshShell = new COM("WScript.Shell");
  		 // Make the command window but dont show it.
  	   $oExec = $WshShell->Run("cmd /C " . $command, 0, true);
  } else {
      if ($use_shell_exec) {
         shell_exec($command);
       } else {
  	      exec($command . " > /dev/null");
       }
  }
  set_error_handler('on_error');
  ob_end_clean();
}

/*
          Functions used for file handling
*/
function tfu_rename_file($dir, $file, $enable_file_rename, $keep_file_extension, $fix_utf8) {
    global $normalise_file_names;
    if ($enable_file_rename != 'true') {
        echo 'This action is not enabled!';
        exit(0);
    }
    $newName = parseInputParameterFile(trim(my_basename(' ' . $_GET['newfilename']))); // fixes that file can be renamed to an upper dir.
    $newName = fix_decoding($newName, $fix_utf8);
    if ($normalise_file_names) {
       $newName = normalizeFileNames($newName);
    }
    if ($keep_file_extension == 'true') {
        $newNameEx = getExtension($newName);
        $fileEx = getExtension($file);
        if ($newNameEx != $fileEx) {
            echo 'This action is not allowed. Changing file extensions is disabled because of security issues!';
            exit(0);
        }
    }

    $newName = $dir . '/' . $newName;
    if (!file_exists($newName)) {
        if (is_writeable($file)) {
            $result = @rename($file, $newName);
            if ($result) {
                echo '&result=true';
            } else {
                echo '&result=false';
            }
        } else {
            echo '&result=perm';
        }
    } else {
        echo '&result=exists';
    }
}

function tfu_delete_file($file, $show_delete) {
    // first we check if delete is enabled!
    if ($show_delete != 'true') {
        echo 'This action is not enabled!';
        exit(0);
    }
    if (is_tfu_deletable($file)) {
        set_error_handler('on_error_no_output');
        @chmod($file , 0777);
        set_error_handler('on_error');
        $result = @unlink($file);
        if ($result) {
            echo '&result=true';
        } else {
            echo '&result=false';
        }
    } else {
        echo '&result=perm';
    }
}

function tfu_delete_files($file, $show_delete) {
    // first we check if delete is enabled!
    if ($show_delete != 'true') {
        echo 'This action is not enabled!';
        exit(0);
    }
    $deleted = 0;
    $perm = 0;
    $notdel = 0;
    foreach ($file as $ff) {
        if (is_tfu_deletable($ff)) {
            set_error_handler('on_error_no_output');
            @chmod($ff , 0777);
            set_error_handler('on_error');
            $result = @unlink($ff);
            if ($result) {
                $deleted++;
            } else {
                $notdel++;
            }
        } else {
            $perm++;
        }
    }

    echo '&result=multiple&nr_del=' . $deleted . '&nr_perm=' . $perm . '&nr_not_del=' . $notdel;
}

function tfu_copy_move($dir, $file, $enable_file_copymove, $enable_folder_copymove ) {
    // first we check if delete is enabled!
    if ($enable_file_copymove != 'true' && $enable_folder_copymove != 'true') {
        echo 'This action is not enabled!';
        exit(0);
    }
    $done = 0;
    $total = 0;
    $error = 0;
    $exists = 0;
    $overwrite = parseInputParameter($_GET['overwrite']);
    $folder = getDestinationFolder(parseInputParameter($_GET['target']));
    $dest_folder = $folder . '/' . my_basename($dir);
    if ($_GET['copyfolder'] == 'true') {
        if ($folder == $dir) {
            $error = 1;
        } else if (strpos ($folder, $dir) !== false) {
            $error = 2;
        } else if ($overwrite == 'false' && file_exists($dest_folder)) {
            $error = 3;
        } else {
            if (@rename($dir, $dest_folder)) {
                $done = 1;
                $upperdir = substr($dir, 0, strrpos ($dir, "/"));
                $_SESSION['TFU_DIR'] = $upperdir;
            } else {
                $error = 4;
            }
        }
    } else {
        foreach ($file as $ff) {
            $total++;
            $dest = $folder . '/' . my_basename($ff);
            if ($_GET['type'] == 'c') {
                if ($folder == $dir) {
                    $u_file = get_unique_filename($folder, my_basename($ff));
                    $dest = $folder . "/" . $u_file;
                }
                if (file_exists($dest) && $overwrite == 'false') { // if file exists and not overwrite = error
                    $exists++;
                } else {
                    if ($ff == $dest) {
                        $nr = 2;
                        $dest = $folder . '/Copy of ' . my_basename($ff);
                        while (file_exists($dest)) {
                            $dest = $folder . '/Copy (' . $nr++ . ') of ' . my_basename($ff);
                        }
                    }
                    if (@copy($ff, $dest)) {
                        $done++;
                    } else {
                        $error++;
                    }
                }
            } else {
                if ($ff != $dest) {
                    if (file_exists($dest) && $overwrite) {
                        @unlink($dest);
                    }
                    if (!file_exists($dest)) {
                        if (@rename($ff, $dest)) {
                            $done++;
                        } else {
                            $error++;
                        }
                    }
                }
            }
        }
    }
    echo '&total=' . $total . '&ok=' . $done . '&error=' . $error . '&exists=' . $exists ;
}

function tfu_preview($file) {
    global $use_image_magic, $image_magic_path;
    $pdf_preview = false;
    if (file_exists(dirname(__FILE__) . '/thumbs') && is_writable(dirname(__FILE__) . '/thumbs')) { // is a caching dir available and writeable?
        $pdf_preview = true;
    }

    // we store the url of the last preview image in the session - use it if you need it ;).
    // we generate thumbs for jpge,png and gif!
    if (preg_match("/.*\.(j|J)(p|P)(e|E){0,1}(g|G)$/", $file) ||
            preg_match("/.*\.(p|P)(n|N)(g|G)$/", $file) ||
            preg_match("/.*\.(g|G)(i|I)(f|F)$/", $file)) {
        if (isset($_GET['big'])) {
            send_thumb($file, 90, 440, 280); // big preview 4x bigger!
        } else {
            send_thumb($file, 90, 80, 55); // small preview
        }
    } else if (preg_match("/.*\.(p|P)(d|D)(f|F)$/", $file) && $use_image_magic && $pdf_preview) {
            $cachename = dirname(__FILE__) . '/thumbs/' . sha1($file) . '.jpg';
            if (!file_exists($cachename)) {
              $ima = realpath($file);
              $resize = '1000x1000';
              $command = $image_magic_path . ' "' . $ima . '[0]" -border 1x1 -quality 80 -thumbnail ' . $resize . ' "' . $cachename . '"';
              execute_command ($command);
            }
            if (isset($_GET['big'])) {
              send_thumb($cachename, 90, 440, 280); // big preview 4x bigger!
            } else {
              send_thumb($cachename, 90, 80, 55); // small preview
            }
            // the cleanup is done in the thumbs folder which is cleaned up regularly
            // @unlink($cachename);
            return;
    } else {
        return; // we return nothing if no image.
    }
}

function tfu_info($file) {
    global $use_image_magic;
    unset($_SESSION['TFU_LAST_UPLOADS']);
    $_SESSION['TFU_LAST_PREVIEW'] = fixUrl(getRootUrl() . $file);
    echo '&size=' . sprintf("%u", @filesize($file));
    // we check if the image can be resized
    if (is_supported_tfu_image($file,$file)) {
        set_error_handler('on_error_no_output'); // is needed because error are most likly but we don't care about fields we don't even know
        $oldsize = @getimagesize($file);
        set_error_handler('on_error');
        if ($oldsize) {
            if (isMemoryOk($oldsize, "")) {
                echo '&hasPreview=true&tfu_x=' . $oldsize[0] . '&tfu_y=' . $oldsize[1] ; // has preview!
            } else {
                echo '&hasPreview=error'; // too big! - same error massage as hasPreview=false
            }
            return;
        }
        echo '&hasPreview=false'; // no image!
    }
    if (preg_match("/.*\.(p|P)(d|D)(f|F)$/", $file) && $use_image_magic &&
        file_exists(dirname(__FILE__) . '/thumbs') && is_writable(dirname(__FILE__) . '/thumbs')) {  // check if pdf
       echo '&hasPreview=true&tfu_x=1000&tfu_y=1000'; // has preview! - pdfs are max 1000x1000';
       return;
    }
    echo '&hasPreview=false';
}

function  tfu_text($file) {
    if (is_writable($file)) {
        echo '&writeable=true';
    } else {
        echo '&writeable=false';
    }
    echo '&data=';
    $enc = 'UTF-8';
    $format = 'UNIX';
    $fp = fopen($file, 'rb');
    $content = fread ($fp, filesize ($file));
    // we replace \r with nothing
    $content_new = str_replace("\r", "", $content);
    if ($content_new != $content) {
        $format = 'DOS';
    }
    if (!tfu_seems_utf8($content_new)) {
        $content_new = cp1252_to_utf8($content_new);
        $enc = 'ANSI';
    }
    echo urlencode($content_new);
    echo '&encoding=' . $enc;
    echo '&format=' . $format;
    fclose($fp);
}

function tfu_savetext($file) {
    $content = urldecode($_POST['data']);
    if ($_POST['encoding'] == 'ANSI') {
        $content = utf8_to_cp1252($content);
    }
    if ($_POST['format'] == 'DOS') {
        $content = preg_replace("/\r\n|\r|\n/", chr(13) . chr(10), $content);
    } else {
        $content = preg_replace("/\r\n|\r|\n/", chr(10), $content);
    }
    // now we write the file again
    $file_local = fopen($file, 'w');
    if (getExtension($file) == 'php') { // we remove leading and trailing spaces returns if it is a php file!
        $content = trim($content);
    }
    fputs($file_local, $content);
    fclose($file_local);
}

function tfu_download($file, $enable_file_download) {
    if ($enable_file_download == 'false' && !isset($_GET['fullscreen'])) {
        echo 'This action is not enabled!';
        exit(0);
    }

    if (isset($_GET['fullscreen'])) { // we check if we have an image in the cache folder!
       $cachename = dirname(__FILE__) . '/thumbs/' . sha1($file) . '.jpg';
       if (file_exists($cachename)) {
         $file = $cachename;
       }
    }
    header('Content-type: application/octet-stream');
    header('Content-disposition: attachment; filename=' . my_basename($file));
    header('Content-Length: ' . filesize($file));
    header('Pragma: no-cache');
    header('Expires: 0');
    $fp = fopen($file, 'rb');
    while ($content = fread($fp, 8192 * 128)) {
        print $content;
    }
    fclose($fp);
}

function tfu_zip_download($files, $enable_file_download) {
    global $zip_folder; // The folder is used to create the temp download files!
    if ($enable_file_download == 'false' && !isset($_GET['fullscreen'])) {
        echo 'This action is not enabled!';
        exit(0);
    }

    /*
    $createZip = new createZip;
    $nrfiles = count($files);
    for ($i = 0; $i < $nrfiles; $i++) {
      $createZip -> addFile(file_get_contents($files[$i]), my_basename($files[$i]));
    }
    $fileName = $zip_folder . '/' . $_GET['zipname'];
    $fd = fopen ($fileName, "wb");
    $out = fwrite ($fd, $createZip -> getZippedfile());
    fclose ($fd);
    */
    $fileName = $zip_folder . '/' . $_GET['zipname'];
    $fd = fopen ($fileName, "wb");
    $createZip = new TFUZipFile($fd);
    $nrfiles = count($files);
    for ($i = 0; $i < $nrfiles; $i++) {
      $createZip -> addFile($files[$i], my_basename($files[$i]));
    }
    $createZip -> close();

    tfu_download($fileName, $enable_file_download);
    @unlink($fileName);
}

/*
          Functions used for directory handling
*/
function create_dir($dir, $enable_folder_creation, $fix_utf8) {
    global $normalise_directory_names, $dir_chmod;
    global $ftp_enable, $ftp_host, $ftp_port, $ftp_user, $ftp_pass, $ftp_root;
    if ($enable_folder_creation != 'true') {
            echo 'This action is not enabled!';
            exit(0);
        }
        $newdir = parseInputParameterFile(trim(my_basename(' ' . $_GET['newdir'])));
        $newdir = fix_decoding($newdir, $fix_utf8);
        if ($normalise_directory_names) {
           $newdir = normalizeFileNames($newdir);
        }
        $createdir = $dir . "/" . $newdir;
        if (file_exists($createdir)) {
            $status = '&create_dir=exists';
        } else {
            // check if we should create directories by ftp. - not ready yet - will come in 2.11
            if (false && isset($ftp_enable) && $ftp_enable == '1') {
              $conn_id = ftp_connect($ftp_host, $ftp_port);
              $login_result = ftp_login($conn_id, $ftp_user, $ftp_pass);
              ftp_chdir($conn_id, $ftp_root);
              // tfu_debug("createdir: " . $createdir);
              /*
              $result = ftp_mkdir ($conn_id , $createdir);
              if ($result && $dir_chmod != 0) {
                @chmod($createdir, $dir_chmod);
              }
              */
              ftp_close($conn_id);
            } else {
              $result = mkdir ($createdir);
              if ($result && $dir_chmod != 0) {
              @chmod($createdir, $dir_chmod);
              }
            }
            $status = ($result) ? '&create_dir=true':'&create_dir=false';
        }
    return $status;
}

function rename_dir( &$dir, $enable_folder_rename, $fix_utf8) {
    global $normalise_directory_names;

    if ($enable_folder_rename != 'true') {
            echo 'This action is not enabled!';
            exit(0);
        }
        $upperdir = substr($dir, 0, strrpos ($dir, "/"));
        $newdir = parseInputParameterFile(trim(my_basename(' ' . $_GET['newdir'])));
        $newdir = fix_decoding($newdir, $fix_utf8);
        if ($normalise_directory_names) {
           $newdir = normalizeFileNames($newdir);
        }
        if ($dir == $_SESSION["TFU_ROOT_DIR"]) {
            $status = "&rename_dir=main";
        } else {
            $createdir = $upperdir . "/" . $newdir;
            if (file_exists($createdir)) {
                $status = "&rename_dir=exists";
            } else {
                $result = rename ($dir, $upperdir . "/" . $newdir);
                if ($result) {
                    $dir = $createdir;
                    $_SESSION["TFU_DIR"] = $dir;
                    $status = "&rename_dir=true";
                } else {
                    $status = "&rename_dir=false";
                }
            }
        }
    return $status;
}

function delete_folder(&$dir, $enable_folder_deletion, $fix_utf8) {
   global $folder; // the root folder!
   if ($enable_folder_deletion != 'true') {
            echo 'This action is not enabled!';
            exit(0);
    }
    // we check if this is the root dir. We don't allow this even when the request was faked!
    if ($dir == $folder) {
       echo 'Deleting the root folder is not allowed!';
       exit(0);
    }

    $upperdir = substr($dir, 0, strrpos ($dir, "/"));
    $result = remove($dir);
    if ($result) {
        $status = "&delete_dir=true";
        $dir = $upperdir;
        $_SESSION["TFU_DIR"] = $dir;
    } else {
        $status = "&delete_dir=false";
    }
   return $status;
}

function change_folder($dir, $show_root, $enable_folder_browsing, $exclude_directories) {
    global $hide_hidden_files;
    
    if ($enable_folder_browsing != 'true') {
        echo 'This action is not enabled!';
        exit(0);
    }
    $index = parseInputParameter($_GET['index']);
    if ($index == 0 && $show_root) { // we go up!
        $dir = substr($_SESSION["TFU_DIR"], 0, strrpos ($_SESSION["TFU_DIR"], "/"));
    } else { // we go deeper
        if ($show_root) {
            $index--;
        }
        $dirhandle = opendir($dir);
        $myDirs = array();
        while (false !== ($filed = readdir($dirhandle))) {
            if ($filed != "." && $filed != ".." && !in_array($filed, $exclude_directories) && (!($hide_hidden_files && (strpos($filed, '.') === 0)))) {
                if (is_dir($dir . '/' . $filed)) {
                    array_push($myDirs, $filed);
                }
            }
        }
        usort ($myDirs, "mycmp");
        $dir = $dir . "/" . $myDirs[$index];
    }
    $_SESSION["TFU_DIR"] = $dir;
    return $dir;
}

function create_directory_title($dir, $hide_directory_in_title, $truncate_dir_in_title, $fix_utf8) {
    if ($hide_directory_in_title == 'true') {
        $dirsub = " ";
    } else if ($truncate_dir_in_title == 'true') {
      $root = isset($_SESSION["TFU_ROOT_DIR"]) ? $_SESSION["TFU_ROOT_DIR"] : '';
      $folder =  substr($dir, strlen($root) + 1);
      $dirsub = " - Upload Folder: " . $folder;
    } else {
        // we only show the path - relative path is not shown! Therefore I replace some things.
        $dirsub = ($fix_utf8 == "") ? utf8_encode(str_replace("../", "", $dir)) : str_replace("../", "", $dir);
        $dirsub = str_replace("..", "", str_replace("//", "/", $dirsub)); // display fixes
        $dirsub = " - Upload Folder: " . $dirsub;
    }
    return $dirsub;
}

function read_dir($dir, &$myFiles, &$myDirs, $fix_utf8, $exclude_directories, $sort_files_by_date) {
    global $hide_hidden_files;
    $size = 0;
    if (!file_exists($dir)) {
      return;
    }
    $dirhandle = opendir($dir);
    while (false !== ($file = readdir($dirhandle))) {
        if ($file != "." && $file != ".." && !in_array($file, $exclude_directories) && (!($hide_hidden_files && (strpos($file, '.') === 0)))) {
            $filepath = $dir . '/' . $file;
            if (is_dir($filepath)) {
                if ($fix_utf8 == "") {
                    array_push($myDirs, "" . urlencode(utf8_encode($file)) . "");
                } else {
                    array_push($myDirs, "" . urlencode(iconv($fix_utf8, "UTF-8", $file)) . "");
                }
            } else if (check_view_extension($file)) {
                set_error_handler("on_error_no_output");
                $current_size = sprintf("%u", @filesize($dir . '/' . $file));
                $file = $file . "**" . $current_size;
                $size += $current_size;
                if ($sort_files_by_date) {
                    $file = filemtime(($filepath)) . $file;
                }
                set_error_handler("on_error");
                array_push($myFiles, urlencode(fix_encoding($file, $fix_utf8)));
            }
        }
    }
    closedir ($dirhandle);
    return $size;
}

function sort_data (&$myFiles, &$myDirs, $sort_files_by_date) {
    if ($sort_files_by_date) {
        usort ($myFiles, "cmp_date_dec");
        $i = 0;
        foreach ($myFiles as $fieldName) {
            $myFiles[$i] = substr($myFiles[$i], 10);
            $i++;
        }
    } else {
        usort ($myFiles, "cmp_dec");
    }
    reset($myFiles);
    usort ($myDirs, "cmp_dir_dec");
}

function check_restrictions($dir, $show_root, &$myFiles, $fix_utf8, $status) {
    global $enable_dir_create_detection;
    // this is a check if the dir exists - this is a configuration error!
    if (file_exists($dir)) {
      $status .=  "&dir_exists=true";
    } else {
      $status .=  "&dir_exists=false";
      // no other checks are made because the directory is not available!
      return $status;
    }
    // now we check if we can delete the current folder - root folder cannot be deleted!
    $status .= (is_tfu_deletable($dir) && $show_root) ? "&dir_delete=true" : "&dir_delete=false";
    // new we check if we can create folders - we have to check safemode too!
    set_error_handler("on_error_no_output");
    $sm_prob = has_safemode_problem_global() && runsNotAsCgi();

    if (is_writeable($dir)) {
        if ($enable_dir_create_detection) { // the detection of the safemode does not work on all systems - therefore it can be disabled.
          $status .= ($sm_prob) ? "&dir_create=subdir" : "&dir_create=true";
        } else {
          $status .= "&dir_create=true";
        }
    } else {
        $status .= ($sm_prob) ? "&dir_create=safemode" : "&dir_create=false";
    }
    set_error_handler("on_error");

    $nrFiles = count($myFiles);
    // now we check if can delete files - we only check the 1st file!
    if ($nrFiles > 0) {
        $delfile = fix_decoding($myFiles[0], $fix_utf8);
        // we have to remove the ** before checking
        $delfile = substr($delfile, 0, strpos($delfile, "**"));
        $status .= (is_tfu_deletable($dir . "/" . $delfile)) ? "&file_delete=true" : "&file_delete=false";
    }
   return $status;
}

function get_server_name() {
  if(isset($_SERVER['HTTP_HOST'])) {
    $domain = $_SERVER['HTTP_HOST'];
  } else if(isset($_SERVER['SERVER_NAME'])) {
   $domain = $_SERVER['SERVER_NAME'];
  } else {
    $domain = '';
  }
  $port = strpos($domain, ':');
  if ( $port !== false ) $domain = substr($domain, 0, $port);
  return $domain;
}


/*
encodes only the part without the /
*/
function tfu_urlencode($data)
{
	$data = str_replace("/", "__TWG__", $data);
	$data = str_replace(":", "__QT__", $data);
	$parts = explode (" - ", $data); // descripton should not be encoded
	if (count($parts) > 1) {
      	$parts[0] = rawurlencode ($parts[0]);
      	$data = implode(" - ", $parts);
    } else {
      	$data = rawurlencode ($data);
    }
	$data = str_replace("__QT__", ":", $data);
	return str_replace("__TWG__", "/", $data);
}

// only executes basename if a / or \ is in the filename.
// Fixes the problem that basename e.g. destroys chinese filename encoded in utf-8
function  my_basename($name) {
  if ((strpos($name, '\\') === false) && (strpos($name, '/') === false)) {
    return $name;
  } else {
    return basename($name);
  }
}

/**
 * Fixes the encoding of the file names we get from the flash. They come utf-8 encoded
 * from the flash and writing this directly to the filesystem produces depending on the
 * system unreadable file names. Especially if special characters like öäü or even
 * chinese Characters are used.
*/
function fix_decoding($encoded_filename, $fix_utf8) {
  $temp = str_replace("\\'", "'", $encoded_filename ); // we change escaped ' to normal '
  return ($fix_utf8 == '') ? utf8_decode($temp ) :  iconv('UTF-8', $fix_utf8, $temp);
}

function fix_encoding($decoded_filename, $fix_utf8) {
    return ($fix_utf8 == '') ? utf8_encode($decoded_filename) : iconv($fix_utf8, 'UTF-8', $decoded_filename);
}

// Specifiy the file_put_contents() function for PHP version 4
if (function_exists('file_put_contents') == false) {
  function file_put_contents($file, $string) {
  $f=fopen($file, 'w');
  fwrite($f, $string);
  fclose($f);
  }
}

function formatSize($size) {
		if ($size>=1048576*1000) {
			//  > 1000 MB - no komma - display e.g. 1421 MB
			$strSize = floor($size/1048576)." MB";
		} else if ($size>1048576*100) {
		  // > 100 MB - 1 digit - e.g.  71.5 MB
		  $num = floor($size/1048576.0);
			$strSize = $num . "." . floor(($size-($num*1048576))/104857.6) . " MB";
		} else if ($size>1048576) {
			// > 1 MB - 2 digit - e.g.  2.53 MB
			$num = floor($size/1048576.0);
			$komma = floor(($size-($num*1048576.0))/1048.576);
			$pad = "";
			if ($komma<100) {	$pad = "0";	}
			if ($komma<10) {	$pad = "00"; }
			$strSize = $num . "." . $pad. $komma ." KB";
		} else if ($size == 0) {
			$strSize = "0 KB";
		} else {
			$strSize = ceil($size/1024)." KB";
		}
		return $strSize;
}

@ob_end_clean();

?>
Return current item: TinyWebGallery