#!/usr/local/bin/perl # gallery.cgi # flush the buffers $|=1; # find if it is a windows operating system my($dpath); my($windows); if ( ($^O eq 'MSWin32') || defined($ENV{'OS'}) ) { # this one for windows $windows = "true"; $dpath= "$ENV{'PATH_TRANSLATED'}"; $dpath =~ s/\\$ConfigCgi$//g; $slash = '\\'; }else{ # this one for unix type $windows = "false"; $dpath = "$ENV{'SCRIPT_FILENAME'}"; $dpath =~ s/\/$ConfigCgi$//g; $slash = '/'; } push (@INC, "$dpath"); eval { # load required files require 'uig.cfg'; push(@INC, "$ScriptPath"); require $ScriptPath.$slash."uiglib.cgi"; require $ScriptPath.$slash."memory.cgi"; require $ScriptPath.$slash."display.cgi"; }; if ($@) { print "Content-type: text/html\n\nError including the required files:\n\n"; print "$@\n\n"; exit; } use CGI; $cgi = new CGI; #eval use_named_parameters to work with both old and new versions of CGI.pm eval '$cgi->use_named_parameters'; #read cookie $CookieData = $cgi->cookie("$CookieName"); if ($CookieData){ CrumbleCookie(); } if($cgi->param("func") eq "setupdefaults") { LoadDefaultConfig(); WriteGalleryConfig(); } if($cgi->param("func") eq "logout") { Logout(); ShowAdminLogin(); } #Check login #if(UserExists($Username) eq "false") { # if($Username eq "") { ShowAdminLogin(); } # else { ShowAdminLogin("Sorry, The Username: $Username does not exist in our records."); } #} my $rval = ""; $newlogin = "false"; if($cgi->param("func") eq "login") { $rval = Login(); $newlogin = "true"; } else { $rval = CheckExistingLogin(); } if($rval eq "false") { @UserProfile = (); ShowAdminLogin("You entered an incorrect password."); } elsif($rval eq "true" && $newlogin eq "true") { WriteMessage("Welcome back $Username, you have been logged in."); } elsif($rval eq "dne" || $Username eq "") { if($Username eq "") { ShowAdminLogin(); } else { ShowAdminLogin("Sorry, The Username: $Username does not exist in our records."); } } if(!GetPermission("AccessAdmin")) { ShowAdminLogin("$Username, you do not have permission to access this area."); } #PrintHeader(); #print $cgi->dump(); #Check what requested action is. if($cgi->param("func") eq "newcat") { require $ScriptPath.$slash."categories.cgi"; require $ScriptPath.$slash."media.cgi"; CreateNewCategory($cgi->param("parent"), $cgi->param("name")); } elsif($cgi->param("func") eq "listplugins") { require $ScriptPath.$slash."plugins.cgi"; LoadPlugins(); ShowPlugins(); } elsif($cgi->param("func") eq "showeditpaths") { ShowEditPaths(); } elsif($cgi->param("func") eq "savepaths") { SavePaths(); ShowConfigMain(); } elsif($cgi->param("func") eq "editallcategories") { ShowEditAllCategories(); } elsif($cgi->param("func") eq "editcategory") { if($cgi->param("type") eq "save") { require $ScriptPath.$slash."categories.cgi"; require $ScriptPath.$slash."media.cgi"; EditExisitingCategory($cgi->param("category")); ShowEditAllCategories(); } elsif($cgi->param("type") eq "delete") { if($cgi->param("confirmed") eq "Yes") { require $ScriptPath.$slash."categories.cgi"; require $ScriptPath.$slash."media.cgi"; DeleteCategory($cgi->param("category")); BuildCatData(); ShowEditAllCategories(); } elsif($cgi->param("cancel")) { ShowEditAllCategories(); } else { ShowConfirmDeleteCategory(); } } elsif($cgi->param("type") eq "move") { if($cgi->param("confirmed") eq "Move") { require $ScriptPath.$slash."categories.cgi"; require $ScriptPath.$slash."media.cgi"; MoveCategory($cgi->param("category"), $cgi->param("parent")); BuildCatData(); ShowEditAllCategories(); } else { ShowConfirmMoveCategory(); } } else { ShowEditCategory($cgi->param("category")); } } elsif($cgi->param("func") eq "modifycatorder") { ModifyCategoryOrder(); ShowEditAllCategories(); } elsif($cgi->param("func") eq "createcategory") { if($cgi->param("type") eq "save") { require $ScriptPath.$slash."categories.cgi"; require $ScriptPath.$slash."media.cgi"; CreateNewCategory($cgi->param("parent"), DecodeURL($cgi->param("categoryname"))); BuildCatData(); ShowEditAllCategories(); } else { ShowCreateCategory(); } } elsif($cgi->param("func") eq "buildcatdata") { require $ScriptPath.$slash."categories.cgi"; require $ScriptPath.$slash."media.cgi"; if($cgi->param("type") eq "disregardorder") { $DisregardOrder = "true"; } BuildCatData(); #There's a better way to setup the image count...just need to think about it for a bit... ReadCategories(); for(my $counter = 0; $counter < @CategoryList; $counter++) { ReadMedia($counter); $CategoryList[$counter]->{COUNT} = @MediaList; WriteCatInfo($counter); } BuildCatData(); ShowEditAllCategories(); } elsif($cgi->param("func") eq "batchbuild") { $DisregardOrder = "true"; require $ScriptPath.$slash."categories.cgi"; require $ScriptPath.$slash."media.cgi"; BuildCatData(); FindNewMedia(-1); #There's a better way to setup the image count...just need to think about it for a bit... ReadCategories(); for(my $counter = 0; $counter < @CategoryList; $counter++) { ReadMedia($counter); $CategoryList[$counter]->{COUNT} = @MediaList; WriteCatInfo($counter); } BuildCatData(); WriteMessage(qq~Go back to Main~); } elsif($cgi->param("func") eq "editsearch") { ShowSearchExistingImages(); } elsif($cgi->param("func") eq "editmedia") { require $ScriptPath.$slash."media.cgi"; if($cgi->param("type") eq "new") { ReadMediaWaiting(); AddNewImages(); ReadMediaWaiting(); ShowAddNewImages(); } elsif ($cgi->param("type") eq "waiting") { ReadUserMediaWaiting(); ApproveNewImages(); ReadUserMediaWaiting(); ShowApproveWaitingHtml(); } elsif($cgi->param("type") eq "existing") { if($cgi->param("searchterm")) { ReadMedia($cgi->param("Category"), $cgi->param("searchterm"), $FILENAME); } else { ReadMedia($cgi->param("Category")); } SaveMediaChanges(); if($cgi->param("searchterm")) { ReadMedia($cgi->param("Category"), $cgi->param("searchterm"), $FILENAME); } else { ReadMedia($cgi->param("Category")); } ShowEditExistingImages(); } } elsif($cgi->param("func") eq "filetypes") { if($cgi->param("save")) { EditFileType(); } elsif($cgi->param("delete")) { DeleteFileType(); } elsif($cgi->param("Add")) { AddFileType(); } ShowFileTypes(); } elsif($cgi->param("func") eq "style") { if($cgi->param("type") eq "save") { SaveStyleSettings(); ShowConfigMain(); } else { ShowStyleSettings(); } } elsif($cgi->param("func") eq "displayoptions") { if($cgi->param("type") eq "save") { SaveDisplayOptions(); ShowConfigMain(); } else { ShowDisplayOptions(); } } elsif($cgi->param("func") eq "users") { ShowSearchUsers(); } elsif($cgi->param("func") eq "viewusers") { ShowSearchUsersResults(); } elsif($cgi->param("func") eq "edituser") { if($cgi->param("type") eq "save") { SaveUser(); ShowSearchUsers(); } elsif($cgi->param("type") eq "create") { SaveUser("new"); ShowSearchUsers(); } elsif($cgi->param("type") eq "new") { ShowCreateUser(); #ShowSearchUsers(); } elsif($cgi->param("type") eq "delete") { if($cgi->param("confirmed") eq "Yes") { DeleteUser(DecodeURL($cgi->param("username"))); ShowSearchUsers(); } elsif($cgi->param("cancel")) { ShowSearchUsers(); } else { ShowConfirmDeleteUser(); } } else { ShowEditUser(); } } elsif($cgi->param("func") eq "groups") { ShowViewGroups(); } elsif($cgi->param("func") eq "editgroup") { if($cgi->param("type") eq "delete") { if($cgi->param("confirmed") eq "Yes") { DeleteGroup(DecodeURL($cgi->param("group"))); ShowViewGroups(); } elsif($cgi->param("cancel")) { ShowViewGroups(); } else { ShowConfirmDeleteGroup(); } } elsif($cgi->param("type") eq "newgroup") { ShowCreateGroup(); } elsif($cgi->param("type") eq "create") { CreateNewGroup(); ShowViewGroups(); } elsif($cgi->param("type") eq "save") { SaveGroupChanges(); ShowViewGroups(); } else { ShowEditGroup(); } } elsif($cgi->param("func") eq "setdefaultgroup") { SetDefaultGroup(); ShowViewGroups(); } elsif($cgi->param("help") eq "filetypes") { require $ScriptPath.$slash."adminhtml.cgi"; FileTypeHelpHtml(); } elsif($cgi->param("help") eq "keywords") { require $ScriptPath.$slash."adminhtml.cgi"; KeywordHelpHtml(); } elsif($cgi->param("func") eq "setuptestdirectories") { require $ScriptPath.$slash."categories.cgi"; require $ScriptPath.$slash."media.cgi"; CreateNewCategory("", "Test Category 1"); CreateNewCategory("", "Test Category 2"); CreateNewCategory("", "Test Category 3"); CreateNewCategory("Test Category 1", "Test Category 1-1"); CreateNewCategory("Test Category 2", "Test Category 2-1"); CreateNewCategory("Test Category 2", "Test Category 2-2"); WriteMessage("Created Test Directories."); } elsif($cgi->param("func") eq "testbuildcatdata") { require $ScriptPath.$slash."categories.cgi"; BuildCatData(); } elsif($cgi->param("func") eq "testfindnewmedia") { require $ScriptPath.$slash."media.cgi"; FindNewMedia(-1); } elsif($cgi->param("func") eq "testwriteconfig") { WriteGalleryConfig(); WriteMessage("Wrote config to test.cfg"); } else { ShowConfigMain(); } $TotalTime = times(); WriteMessage("Elapsed Time: $TotalTime secs"); ############################################################### # SavePaths() # Pretty much the toughest function I've had to write yet. ############################################################### sub SavePaths { $GalleryPath = $cgi->param("GalleryPath"); #If WIN, change \ to \\ $MediaPath = $cgi->param("MediaPath"); $MemberPath = $cgi->param("MemberPath"); $ScriptPath = $cgi->param("ScriptPath"); $SkinPath = $cgi->param("SkinPath"); $WaitingPath = $cgi->param("WaitingPath"); $GalleryUrl = $cgi->param("GalleryUrl"); $MediaUrl = $cgi->param("MediaUrl"); $SkinUrl = $cgi->param("SkinUrl"); $WaitingUrl = $cgi->param("WaitingUrl"); WriteGalleryConfig(); WriteMessage("General Settings Saved."); } sub AddNewImages { if(!@CategoryList) { require $ScriptPath.$slash."categories.cgi"; ReadCategories(); } if($cgi->param("lastpage") ne ""){ $page = int($cgi->param("lastpage")); } $startindex = $cgi->param("startindex"); #print "
Start index is : $startindex"; $maxindex = $cgi->param("count") + $startindex; #print "
maxindex is : $maxindex"; my $counter; for($counter = $startindex; $counter <= $maxindex; $counter++) { #print "
Counter is : $counter"; #read form data and add to database. #array format needed for Add_Image() is : #($image, $thumb, $desc, $cat, $type, $date, $copyright, $author, $downloads, $votes, $rating, $user, $ip) #print "
AddNow$counter param is : "; #print $cgi->param("AddNow$counter"); if($cgi->param("AddNow$counter") ne "on") { #print "
Not Adding Image"; next; } #print "
Adding Image";
my(@NewData) = ();
if($cgi->param("FileName$counter") ne "") {
push(@NewData, $cgi->param("FileName$counter"));
} else {
FatalError("Database entry had no filename, insert failed.");
}
if($cgi->param("ThumbName$counter") ne "") {
push(@NewData, $cgi->param("ThumbName$counter"));
} else {
push(@NewData, "NODATA");
}
push(@NewData, AssignType($cgi->param("FileName$counter")));
if($cgi->param("Date$counter") ne "") {
push(@NewData, $cgi->param("Date$counter"));
} else {
push(@NewData, "NODATA");
}
if($cgi->param("Copyright$counter") ne "") {
push(@NewData, $cgi->param("Copyright$counter"));
} else {
push(@NewData, "NODATA");
}
if($cgi->param("Author$counter") ne "") {
push(@NewData, $cgi->param("Author$counter"));
} else {
push(@NewData, "NODATA");
}
push(@NewData, 0);
push(@NewData, 0);
push(@NewData, 0);
if($cgi->param("Description$counter") ne "") {
my($tempdesc) = $cgi->param("Description$counter");
$tempdesc =~ s/\n/\
/g;
push(@NewData, $tempdesc);
} else {
push(@NewData, "NODATA");
}
$catindex = int($cgi->param("Category$counter"));
if($cgi->param("user") ne "") {
push(@NewData, $cgi->param("user"));
} else {
push(@NewData, "NODATA");
}
if($cgi->param("IP") ne "") {
push(@NewData, $cgi->param("IP"));
} else {
push(@NewData, "NODATA");
}
MoveMedia($cgi->param("FileName$counter"), $cgi->param("ThumbName$counter"), -1, $catindex, @NewData);
WriteMessage(qq~Added $NewData[$TYPE]
Filename : '$NewData[$FILENAME]'
~);
}
}
sub ApproveNewImages {
if(!@CategoryList) {
require $ScriptPath.$slash."categories.cgi";
ReadCategories();
}
if($cgi->param("lastpage") ne ""){
$page = int($cgi->param("lastpage"));
}
$startindex = $cgi->param("startindex");
#print "
Thumbnail : '$NewData[$THUMBNAME]'
User : '$NewData[$USER]'
Start index is : $startindex"; $maxindex = $cgi->param("count") + $startindex; #print "
maxindex is : $maxindex"; my $counter; for($counter = $startindex; $counter <= $maxindex; $counter++) { #print "
Counter is : $counter"; #read form data and add to database. #array format needed for Add_Image() is : #($image, $thumb, $desc, $cat, $type, $date, $copyright, $author, $downloads, $votes, $rating, $user, $ip) #print "
AddNow$counter param is : ";
#print $cgi->param("AddNow$counter");
if($cgi->param("Task$counter") eq "Reject") {
#rejected so delete from disk...
DeleteMedia(-1, $cgi->param("FileName$counter"), "true");
next;
} elsif($cgi->param("Task$counter") eq "Approve") {
my(@NewData) = ();
if($cgi->param("FileName$counter") ne "") {
push(@NewData, $cgi->param("FileName$counter"));
} else {
FatalError("Database entry had no filename, insert failed.");
}
if($cgi->param("ThumbName$counter") ne "") {
push(@NewData, $cgi->param("ThumbName$counter"));
} else {
push(@NewData, "NODATA");
}
push(@NewData, AssignType($cgi->param("FileName$counter")));
if($cgi->param("Date$counter") ne "") {
push(@NewData, $cgi->param("Date$counter"));
} else {
push(@NewData, "NODATA");
}
if($cgi->param("Copyright$counter") ne "") {
push(@NewData, $cgi->param("Copyright$counter"));
} else {
push(@NewData, "NODATA");
}
if($cgi->param("Author$counter") ne "") {
push(@NewData, $cgi->param("Author$counter"));
} else {
push(@NewData, "NODATA");
}
push(@NewData, 0);
push(@NewData, 0);
push(@NewData, 0);
if($cgi->param("Description$counter") ne "") {
my($tempdesc) = $cgi->param("Description$counter");
$tempdesc =~ s/\n/\
/g;
push(@NewData, $tempdesc);
} else {
push(@NewData, "NODATA");
}
$catindex = int($cgi->param("Category$counter"));
if($cgi->param("user") ne "") {
push(@NewData, $cgi->param("user"));
} else {
push(@NewData, "NODATA");
}
if($cgi->param("IP") ne "") {
push(@NewData, $cgi->param("IP"));
} else {
push(@NewData, "NODATA");
}
MoveMedia($cgi->param("FileName$counter"), $cgi->param("ThumbName$counter"), -1, $catindex, @NewData);
WriteMessage(qq~Added $NewData[$TYPE]
Filename : '$NewData[$FILENAME]'
~);
}
}
}
sub SaveMediaChanges {
if($cgi->param("lastpage") ne ""){
$page = int($cgi->param("lastpage"));
}
$startindex = $cgi->param("startindex");
$maxindex = $cgi->param("count") + $startindex;
my $counter;
#gain some speed by not writing if nothing done.
my $changesmade = 0;
@EditList = @MediaList;
@MoveNeeded = ();
@SaveNeeded = ();
for($counter = $startindex; $counter <= $maxindex; $counter++) {
#print "
Thumbnail : '$NewData[$THUMBNAME]'
User : '$NewData[$USER]'
Counter is : $counter"; #print "
Task$counter param is : ";
#print $cgi->param("Task$counter");
if($cgi->param("Task$counter") eq "Save") {
#replace current values
#print "Looking at saving changes for file ".$cgi->param('FileName$counter')."
";
my $listcounter = 0;
for($listcounter = 0; $listcounter < @EditList; $listcounter++) {
if($EditList[$listcounter][$FILENAME] eq $cgi->param("FileName$counter")) {
#print "found a match, saving
";
push(@SaveNeeded, $listcounter);
$changesmade = 1;
$catindex = int($cgi->param("Category$counter"));
$oldcatindex = int($cgi->param("OldCategory$counter"));
#check to see if category was changed, if so move the image
if($catindex ne $oldcatindex || $catindex != $oldcatindex) {
$EditList[$listcounter][$NEWCATINDEX] = $catindex;
push(@MoveNeeded, $listcounter);
pop(@SaveNeeded);
}
#$EditList[$listcounter][$FILENAME] = $cgi->param("FileName$counter");
if($cgi->param("ThumbName$counter") ne "") {
$EditList[$listcounter][$THUMBNAME] = $cgi->param("ThumbName$counter");
} else {
$EditList[$listcounter][$THUMBNAME] = "NODATA";
}
if($cgi->param("Description$counter") ne "") {
my($tempdesc) = $cgi->param("Description$counter");
$tempdesc =~ s/\n/\
/g;
#print "
Description is '$tempdesc'
"; $EditList[$listcounter][$DESCRIPTION] = $tempdesc; } else { $EditList[$listcounter][$DESCRIPTION] = "NODATA"; } $EditList[$listcounter][$TYPE] = AssignType($EditList[$listcounter][$FILENAME]); if($cgi->param("Date$counter") ne "") { $EditList[$listcounter][$DATE] = $cgi->param("Date$counter"); } else { $EditList[$listcounter][$DATE] = "NODATA"; } if($cgi->param("Copyright$counter") ne "") { $EditList[$listcounter][$COPYRIGHT] = $cgi->param("Copyright$counter"); } else { $EditList[$listcounter][$COPYRIGHT] = "NODATA"; } if($cgi->param("Author$counter") ne "") { $EditList[$listcounter][$AUTHOR] = $cgi->param("Author$counter"); } else { $EditList[$listcounter][$AUTHOR] = "NODATA"; } $message = "Saved changes to ".$cgi->param("FileName$counter"); WriteMessage($message); last; } } } elsif($cgi->param("Task$counter") eq "DeleteFromDisk" || $cgi->param("Task$counter") eq "DeleteFromDatabase") { #delete the file from the database. my $listcounter = 0; for($listcounter = 0; $listcounter < @EditList; $listcounter++) { if($EditList[$listcounter][$FILENAME] eq $cgi->param("FileName$counter")) { #remove entry from list... #splice ARRAY,OFFSET,LENGTH DecCatImageCount($EditList[$listcounter][$CATEGORY]); if($cgi->param("Task$counter") eq "DeleteFromDisk") { $DeleteFromDisk = "true"; } else { $DeleteFromDisk = ""; } DeleteMedia($EditList[$listcounter][$CATINDEX], $EditList[$listcounter][$FILENAME], $DeleteFromDisk); splice(@EditList, $listcounter, 1); if($DeleteFromDisk ne "") { WriteMessage("Deleted ".$cgi->param("FileName$counter")." from the database and hard drive."); } else { WriteMessage("Deleted ".$cgi->param("FileName$counter")." from the database."); } @MediaList = @EditList; last; } } } } if($changesmade == 1) { @MediaList = @EditList; for(my $counter = 0; $counter < @MoveNeeded; $counter++) { MoveMedia($EditList[$MoveNeeded[$counter]][$FILENAME], $EditList[$MoveNeeded[$counter]][$THUMBNAME], $EditList[$MoveNeeded[$counter]][$CATINDEX], $EditList[$MoveNeeded[$counter]][$NEWCATINDEX], @{$EditList[$MoveNeeded[$counter]]}); $MediaList[$MoveNeeded[$counter]][$FILENAME] = ""; } #first we can reduce the amount of work we must do if these images are not search results... if($cgi->param("searchterm") || $cgi->param("Category") < 0) { for(my $counter = 0; $counter < @SaveNeeded; $counter++) { SaveMediaEntry($EditList[$SaveNeeded[$counter]][$FILENAME], $EditList[$MoveNeeded[$counter]][$THUMBNAME], $EditList[$SaveNeeded[$counter]][$CATINDEX], @{$EditList[$SaveNeeded[$counter]]}, $EditList[$MoveNeeded[$counter]][$THUMBNAME]); WriteMessage("Saved changes to: $EditList[$SaveNeeded[$counter]][$FILENAME]"); } } else { if($cgi->param("Category") ne "") { WriteMedia($cgi->param("Category")); WriteMessage("Wrote Database to file."); } else { FatalError("Unable to write database to file, no Category specified - This may be a bug."); } } } } sub EditFileType { ReadFileTypes(); my $class = DecodeURL($cgi->param("class")); my $ext = lc(DecodeURL($cgi->param("extension"))); my $code = DecodeURL($cgi->param("code")); my $open = $cgi->param("fileopen"); my $oldclass = DecodeURL($cgi->param("oldclass")); my $oldext = lc(DecodeURL($cgi->param("oldext"))); if($oldclass ne $class) { delete $FileExts{"$oldclass"}; delete $FileCode{"$oldclass"}; delete $FileOpen{"$oldclass"}; } if($oldext ne $ext) { delete $FileClass{"$oldext"}; } $FileClass{"$ext"} = $class; $FileExts{"$class"} = $ext; $FileCode{"$class"} = $code; $FileOpen{"$class"} = $open; WriteFileTypes(); WriteMessage("Saved Changes to File Type: $class"); } sub DeleteFileType { ReadFileTypes(); my $class = DecodeURL($cgi->param("class")); my $ext = lc(DecodeURL($cgi->param("extension"))); delete $FileClass{"$extension"}; delete $FileExts{"$class"}; delete $FileCode{"$class"}; delete $FileOpen{"$class"}; WriteFileTypes(); WriteMessage("Deleted File Type: $class"); } sub AddFileType { ReadFileTypes(); my $class = DecodeURL($cgi->param("class")); my $ext = lc(DecodeURL($cgi->param("extension"))); my $code = DecodeURL($cgi->param("code")); my $open = $cgi->param("fileopen"); @keys = keys(%FileClass); foreach $key (@keys) { if($key eq $ext) { FatalError("Unable to create new file type!The User Name you attempted to register is illegal for one of the following reasons:
1. You may not begin or end a User Name with a space.2. You may not have two or more consecutive spaces.
3. You may not use a name with a pipestem followed by an exclamation point.
4. You may not use a name with a pipestem.
5. You may not use any quotation marks.
6. Your email address must not contain any spaces.
7. You may not use a name that contains a < and a > .
8. You may not use a name that contains memberslist or emailfile.
9. You must start and end your username with an English letter or number or one of the following symbols: !, ?, #, $, @, *, &, ^, +, -, \~, :, ], [, '.
10. You may not include a semicolon.
10. You may not use the names emaillist, userlist or groups.
);
$ThumbDisplay = qq(
|