"; exit; } if($thumb_generator=="convert") { @exec("which convert", $my_convert_path); if($my_convert_path[0]=="") die("install convert (see manual) or use 'GD' or 'manual' as thumb generator"); } // /----------------------\ // | Function definitions | // \----------------------/ function set_cookie_val($val) { global $cookiesite; setcookie("LoginValue",$val,time()+(3600*24*365*3),"/"); } function get_comment($nom) { global $cfgBase,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return $row["descr"]; } function get_isbn($nom) { global $cfgBase,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return $row["isbn"]; } function get_author($nom) { global $cfgBase,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return $row["author"]; } function get_editor($nom) { global $cfgBase,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return $row["editor"]; } function get_price($nom) { global $cfgBase,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return $row["price"]; } function get_pages($nom) { global $cfgBase,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return $row["pages"]; } function get_rating($nom) { global $cfgBase,$nConnection,$sTableRatings; $cmd="select avg(rating), count(*) from $sTableRatings where pic_name='".addslashes($nom)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return ($row[1]?$row[0]:false); } function already_rated($nom) { global $cfgBase,$nConnection,$sTableRatings; $cmd="select * from $sTableRatings where pic_name='".addslashes($nom)."' and ip='".getenv("REMOTE_ADDR")."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return($row); } function get_level_db($nom) { global $cfgBase,$nConnection,$sTable; $cmd="select * from $sTable where name='".addslashes($nom)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $row=mysql_fetch_array($res); return (int)$row["seclevel"]; } function get_level($pic) { if(!strstr($pic,"/")) return (int)get_level_db($pic); $l=get_level_db($pic); if($l!=0) return (int)$l; $l2=get_level_db($pic."/"); if($l2!=0) return (int)$l2; return (int)(get_level(substr($pic,0,strrpos($pic,"/")))); } function reformat($s) { if($s) $s=StripSlashes($s); if(!strstr($s,"..")) { } else $s=""; // ANTI HACK :) return($s); } // sound/video/text functions function get_movie_type($doc) { if (eregi("mov$", $doc)) { return "video/quicktime"; } if (eregi("avi$", $doc)) { return "video/x-msvideo"; } else if (eregi("mpe?g$", $doc)) { return "video/mpeg"; } return 0; } function get_sound_type($doc) { if (eregi("wav$", $doc)) { return "audio/x-wav"; } else if (eregi("mp3$", $doc)) { return "audio/mp3"; } return 0; } function get_text_type($doc) { if (eregi("txt$", $doc)) { return "text/plain"; } return 0; } // image convertion functions function wait_convert_proc() { global $sem,$use_sem; register_shutdown_function("end_convert_proc"); if($use_sem) { $sem=sem_get(31337); sem_acquire($sem); } } function end_convert_proc() { global $sem,$use_sem; if($use_sem) { sem_release($sem); } register_shutdown_function(""); } function convert_image($sourcepic,$destpic,$res,$quality) { global $my_convert_path,$thumb_generator; if (get_sound_type($sourcepic)) { copy("icons/sound.gif", $destpic); return; } else if (get_movie_type($sourcepic)) { copy("icons/movie.gif", $destpic); return; } else if (get_text_type($sourcepic)) { copy("icons/text.gif", $destpic); return; } wait_convert_proc(); if($thumb_generator=="convert") { @exec($my_convert_path[0]." -geometry ".$res." -quality ".$quality." \"".$sourcepic."\" \"".$destpic."\""); } else if($thumb_generator=="gd") { if(eregi("\.(jpg|jpeg)$",$sourcepic)) $im=imagecreatefromjpeg($sourcepic); else if (eregi("\.png$",$fn)) $im=imagecreatefrompng($createfn); if ($im != "") { $dims=explode("x",$res); $newh=$dims[1]; $neww=$newh/imagesy($im) * imagesx($im); if ($neww > imagesx($im)) { $neww=imagesx($im); $newh=imagesy($im); } if ($neww > $dims[0]) { $neww=$dims[0]; $newh=$neww/imagesx($im) * imagesy($im); } $im2=ImageCreate($neww,$newh); ImageCopyResized($im2,$im,0,0,0,0,$neww,$newh,imagesx($im),imagesy($im)); if (eregi("\.(jpg|jpeg)$",$sourcepic)) imagejpeg($im2,$destpic,$quality); else if (eregi("\.png$",$fn)) imagepng($im2,$destpic); ImageDestroy($im); ImageDestroy($im2); } else { debug_image("Error loading file!"); } } end_convert_proc(); } //show debug info in image format function debug_image($str){ $im = ImageCreate (150, 50); /* Create a blank image */ $bgc = ImageColorAllocate ($im, 255, 255, 255); $tc = ImageColorAllocate ($im, 0, 0, 0); ImageFilledRectangle ($im, 0, 0, 150, 30, $bgc); /* Output an errmsg */ ImageString ($im, 1, 5, 5, $str, $tc); ImageJPEG($im); } // comments functions function get_nb_comments($id) { global $cfgBase,$nConnection,$sTableComments; $cmd="select * from ".$sTableComments." where pic_name='".addslashes($id)."'"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); return mysql_num_rows($res); } function display_comments($id) { global $cfgBase,$nConnection,$sTableComments,$admin; global $txt_comments,$txt_add_comment,$txt_comment_from,$txt_comment_on; ?>
0) { ?> :

"; } print "
"; echo $txt_comment_from."".htmlentities($row["user"])."".$txt_comment_on.$row["datetime"]; if($admin) { print " | Delete"; } print ""; echo nl2br(htmlentities($row["comment"])); print "
"; } function readfolder($dir) { $dossier=opendir($dir); $retour = array(); while ($fichier = readdir($dossier)) { $l = array('.', '..','.thumbs'); if (!in_array( $fichier, $l)) { if (is_dir($dir."/".$fichier)) { $retour[$fichier] = readfolder("$dir/$fichier"); } else { if (eregi(".jpg$" ,$fichier) || eregi(".jpeg$",$fichier) || eregi(".gif$" ,$fichier) || eregi(".png$" ,$fichier)) { $retour[$fichier] = $fichier; } } } } return $retour; } function readarray($array,$i,$path) { global $type_ar,$find_ar,$counter_ar; $display=""; while ( list($type_ar[$i],$key[$i]) = each($array) ) { if (!is_array($key[$i])) { for ($j=0;$j<=$i;$j++) { if (!$j) $display=$path.$type_ar[$j]; else $display=$display."/".$type_ar[$j]; } $find_ar[$counter_ar]=$display; $counter_ar++; } else { readarray($key[$i],$i+1,$path); } } } /*==========================================================*/ // logout ? if($logout) { set_cookie_val(""); header("Location: ".$HTTPPATH); exit; } // logging in ? unset($user_row); global $user_row; if($startlogin) { $cmd="select * from ".$sTableUsers." where login='$user' and pass='$pass'"; $res = mysql_db_query($cfgBase,$cmd,$nConnection); if(!$res || mysql_num_rows($res)==0 ) $error_login=1; else { $logged=1; $user_row=mysql_fetch_array($res); set_cookie_val($user_row["cookieval"]); } } else if($_COOKIE["LoginValue"]) { // login cookie present ? $cmd="select * from ".$sTableUsers." where cookieval='".$_COOKIE["LoginValue"]."'"; $res = mysql_db_query($cfgBase,$cmd,$nConnection); if($res && mysql_num_rows($res)>0 ) { $logged=1; $user_row=mysql_fetch_array($res); } } $admin=($user_row["seclevel"]==999); // pic rating update ? if ($display&&$rating) { if (!already_rated($display) && ($rating>0) && ($rating<=10)) { $cmd="insert into $sTableRatings (datetime, pic_name, ip, rating) values (now(), '$display', '".getenv("REMOTE_ADDR")."', $rating)"; mysql_db_query($cfgBase,$cmd,$nConnection); } } // pic comment update ? if($updpic=="1"&&$admin) { $cmd="select * from ".$sTable." where name='$display'"; $res = mysql_db_query($cfgBase,$cmd,$nConnection); if($res && mysql_num_rows($res)>0 ) { $cmd="UPDATE $sTable SET descr='$dsc',isbn='$isbn',author='$author',editor='$editor',price='$price',pages='$pages',seclevel='$lev' WHERE name='$display'"; mysql_db_query($cfgBase,$cmd,$nConnection); } else { $cmd="INSERT INTO $sTable (name,descr,seclevel,isbn,author,editor,price,pages) VALUES ('$display','$dsc','$lev','$isbn','$author','$editor','$price','$pages')"; mysql_db_query($cfgBase,$cmd,$nConnection); } } // dir level update ? if($dirlevelchange&&$admin) { $cmd="select * from ".$sTable." where name='$dir'"; $res = mysql_db_query($cfgBase,$cmd,$nConnection); if($res && mysql_num_rows($res)>0 ) { $cmd="UPDATE $sTable SET seclevel='$dirlevel' WHERE name='$dir'"; mysql_db_query($cfgBase,$cmd,$nConnection); } else { $cmd="INSERT INTO $sTable (name,descr,seclevel) VALUES ('$dir','','$dirlevel')"; mysql_db_query($cfgBase,$cmd,$nConnection); } } if($dir) $dir=reformat($dir); if($display) $display=reformat($display); if($displaypic) $displaypic=reformat($displaypic); if($preview) $preview=reformat($preview); if($display) $dir=dirname($display); if(substr($root_dir,-1)!='/') $root_dir.='/'; if($dir && substr($dir,-1)!='/') $dir.='/'; // dir creation ? if($dircreate&&$admin) { mkdir($root_dir.$dir.$createdirname,0755); } // file uploaded ? if($admin&&$picupload&&$picuploadname!="none") { Exec("cp -f \"$picuploadname\" \"".$root_dir.$dir.$picuploadname_name."\""); chmod("$picuploadname_name",0755); } // adding comment ? if($addingcomment && (trim($comment) || trim($user))) { $picname=reformat($picname); $cmd="insert into ".$sTableComments." values(0,'".addslashes($picname)."','$comment','".date("Y-m-d H:i:s")."','$user','$REMOTE_ADDR')"; mysql_db_query($cfgBase,$cmd,$nConnection); ?> =$lr_limit && !$non_lr) { // switch to lr_mode $lrdir=$root_dir.dirname($displaypic)."/.thumbs"; $lrfile=$lrdir."/lr_".basename($displaypic); if(!file_exists($lrfile)) { if(!is_dir($lrdir)) mkdir($lrdir,0755); convert_image($root_dir.$displaypic,$lrfile,$lr_res,$lr_quality); } readfile($lrfile); } else readfile($root_dir.$displaypic); exit; } if($preview) { header("Content-type: image/jpeg"); $prdir=$root_dir.dirname($preview)."/.thumbs"; $prfile=$prdir."/thumb_".basename($preview); if(!file_exists($prfile)) { if(!is_dir($prdir)) mkdir($prdir,0755); convert_image($root_dir.$preview,$prfile,$thumb_res,$thumb_quality); } readfile($prfile); exit; } // generate all thumbnails/low res if($genall&&$admin) { print "Generating all missing thumbnails/low res pictures: (be patient)

"; flush(); $gen_lr=0; $gen_th=0; //exec('find '.$root_dir.' -type f -print | egrep -i "\.(jpg|jpeg|gif|png)$" | grep -v ".thumbs/"',$find_ar); $counter_ar=0; readarray(readfolder($root_dir),0,$root_dir); for($i=0;$find_ar[$i];$i++) { $pic=substr($find_ar[$i],strlen($root_dir)); $lrdir=$root_dir.dirname($pic)."/.thumbs"; if(!is_dir($lrdir)) mkdir($lrdir,0755); // low res check if(filesize($root_dir.$pic)>=$lr_limit) { $lrfile=$lrdir."/lr_".basename($pic); if(!file_exists($lrfile)) { print "Generating low res picture for $pic
"; flush(); convert_image($root_dir.$pic,$lrfile,$lr_res,$lr_quality); $gen_lr++; } } // thumbnail check $prfile=$lrdir."/thumb_".basename($pic); if(!file_exists($prfile)) { print "Generating thumbnail picture for $pic
"; flush(); convert_image($root_dir.$pic,$prfile,$thumb_res,$thumb_quality); $gen_th++; } } print "
"; print "Generated $gen_lr low res pictures and $gen_th thumbnails.
"; print "Your library has ".sizeof($find_ar)." pictures.
"; exit; } // pic delete if($updpic=="del"&&$admin) { $cmd="delete from $sTable where name='$display'"; $db=mysql_db_query($cfgBase,$cmd,$nConnection); $cmd="delete from $sTableComments where pic_name='$display'"; $db=mysql_db_query($cfgBase,$cmd,$nConnection); $filename=$root_dir.$display; $thumbname=$root_dir.dirname($display)."/.thumbs/thumb_".basename($display); $lrname=$root_dir.dirname($display)."/.thumbs/lr_".basename($display); if (file_exists($filename))unlink($filename); if (file_exists($thumbname))unlink($thumbname); if (file_exists($lrname))unlink($lrname); //jump back to the directory after deleting the pic $dir=dirname($display); header("Location: ./?dir=$dir"); exit; } // test if display is video or sound if ($display) { if (($type = get_movie_type($display)) || ($type = get_sound_type($display)) || ($type = get_text_type($display))) { header("Content-type: ".$type); header("Content-Disposition: inline; filename=".basename($display)); readfile($root_dir.$display); return; } } ?>

"; require("$SYSTPATH/footer.php"); exit; } else if($create&&$admin) { // Create dir form print "Current directory : ".$dir."
"; ?>
Directory to create:
"; require("$SYSTPATH/footer.php"); exit; } else if($upload&&$admin) { // Create dir form print "Current directory : ".$dir."
"; ?>
File to upload:
"; require("$SYSTPATH/footer.php"); exit; } else if($addcomment) { // (little "add comment" popup window) $id=reformat($id); ?>




"; require("$SYSTPATH/footer.php"); exit; } else if($lastcomments) { // display last added comments prstr("Vos derniers commentaires:","smallred"); br(); print "\n"; $cmd="select * from ".$sTableComments." order by datetime desc"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $i=0; while(($row=mysql_fetch_array($res)) && $i<20) { if(get_level($row["pic_name"])>(int)$user_row["seclevel"]) continue; print ""; $i++; } print "
\n"; print ""; echo $row["datetime"]." by ".htmlentities($row["user"])." : "; print "\n"; $comment=get_comment($row["pic_name"]); if(trim($comment)=="") $comment=$row["pic_name"]; print "".$comment.""; print "
"; print "
"; print "Retour
"; print "
"; print ""; require("$SYSTPATH/footer.php"); exit; } else if($topratings) { // display top ratings prstr("Le Hit parade des ".$nb_top_rating." premiers livres:","smallred"); br(); print "\n"; $cmd="select *,avg(rating) as rat from ".$sTableRatings." group by pic_name order by rat desc"; $res=mysql_db_query($cfgBase,$cmd,$nConnection); $i=0; while(($row=mysql_fetch_array($res)) && $i<$nb_top_rating) { if(get_level($row["pic_name"])>(int)$user_row["seclevel"]) continue; print ""; $comment=get_comment($row["pic_name"]); if(trim($comment)=="") $comment=$row["pic_name"]; print ""; print ""; $i++; } print "
".($i+1).": ".$comment."(".sprintf("%.1f", $row["rat"]).")"; print "
"; print "
"; print "Retour
"; print "
"; print ""; require("$SYSTPATH/footer.php"); exit; } ?> (int)$user_row["seclevel"]) exit; // antihack :) // scan dir $nb_dirs=0; $nb_files=0; $dirs[0]=""; $files[0]=""; $dh=dir($root_dir.$dir); //$dh=dir($root_dir.$dir); while ($file=$dh->read()) { if(substr($file,0,1)==".") continue; // if(substr($file,-3)=="_lr") continue; // if(substr($file,-6)=="_thumb") continue; if(substr($file,-8)=="_comment") continue; if(is_dir($root_dir.$dir.$file)) { // directory if(get_level($dir.$file."/")<=(int)$user_row["seclevel"]) $dirs[$nb_dirs++]=$file; } else { // file if(get_level($dir.$file)<=(int)$user_row["seclevel"]) $files[$nb_files++]=$file; } } $dh->close(); sort($dirs); if (is_file($root_dir.$dir."/.desc")) rsort($files); else sort($files); ?> ".$txt_root_dir."/"; $alldirs=explode("/",$dir); $alldirtmp=""; for($i=0;$alldirs[$i];$i++) { $alldirtmp.=$alldirs[$i]."/"; if($alldirs[$i+1] || $display) print ""; print " ".$alldirs[$i]." "; if($alldirs[$i+1] || $display) print "/"; } if ($dir) print "
"; ?> ( create dir - upload - "; print "gen all pics - "; } ?> logout )
".$dirs[$i]."\n"; if ($i<$nb_dirs-1) print " - "; } ?> Directory security level: "; print ""; print ""; print " "; } ?>
";

  $welcomefile=$root_dir.$dir.".welcome".$lang;
  if (file_exists("$welcomefile"))
  {
   $file = fopen("$welcomefile", 'r');
   $line = fgets($file, 4096);     // get first line

   while (! feof($file))
   {
    print "$line";
    // Get next line
    $line = fgets($file, 4096);
   } // end of main while() loop

   fclose($file);
  }

  print "
"; } ?> \n"; print "\n"; $comment=get_comment($dir.$files[$i]); if($comment=="") $comment=$files[$i]; print "\n"; } if(!$startpic) $startpic=0; for ($i=$startpic;$i<$nb_files && $i<($startpic+$nb_pic_max);$i++) { print ""; echo_pic($i); print ""; } $startpic2=$i; for (;$i<$nb_files && $i<($startpic2+$nb_pic_max);$i++) { print ""; echo_pic($i); print ""; } print "
"; print "ISBN: $asin
\n"; print "Auteur: ".get_author($dir.$files[$i])."
\n"; print "Editeur: ".get_editor($dir.$files[$i])."
\n"; print "Prix: ".get_price($dir.$files[$i])."F (".get_pages($dir.$files[$i])." pages)
\n"; print "
".nl2br(htmlentities($comment))."\n"; print "
Achat en ligne avec amazon.fr\n"; if(($nbc=get_nb_comments($dir.$files[$i]))>0) { print "
".$nbc." commentaire(s)\n"; } if(($rtg=get_rating($dir.$files[$i]))!==false) { print "
Classement: ".sprintf("%.1f", $rtg)."\n"; } print "
\n"; print "
"; if($startpic!=0) { $a=$startpic-($nb_pic_max*2); if($a<0) $a=0; print "".$txt_previous_page."\n"; } if($i!=$nb_files) { print "".$txt_next_page."\n"; } print "
\n"; ?> "; $comment=get_comment($display); if($comment!="") prstr(nl2br(htmlentities($comment)),"greenbold"); else prstr(basename($display),"greenbold"); if($i!=0) print "".$txt_previous_image." "; print " (".($i+1)."/".$nb_files.") "; if(filesize($root_dir.$display)>=$lr_limit && !$non_lr) print " ".$txt_hires_image." "; if(filesize($root_dir.$display)>=$lr_limit && $non_lr) print " ".$txt_lores_image." "; if($files[$i+1]) print "".$txt_next_image.""; print "
"; if ($use_rating) { $pic_rating=get_rating($display); if ($pic_rating===false) echo $txt_no_rating; else prstr($txt_pic_rating."".sprintf("%.1f", $pic_rating)."","smallgreen"); print "
"; if (!already_rated($display)) { $rate_url="?display=".rawurlencode($display); if (strpos($rate_url, "?")!==false) $rate_url.="&rating="; else $rate_url.="?rating="; print ""; } } if($admin) { ?>
ISBN
Auteur
Editeur
Prix
Pages
";

  $welcomefile=$root_dir.$display."_comment";
  if (file_exists("$welcomefile"))
  {
   $file = fopen("$welcomefile", 'r');
   $line = fgets($file, 4096);     // get first line

   while (! feof($file))
   {
    print "$line";
    // Get next line
    $line = fgets($file, 4096);
   } // end of main while() loop

   fclose($file);
  }

  print "
"; } else br(); if(get_level($display)<=(int)$user_row["seclevel"]) { ?>

"; require("$SYSTPATH/footer.php"); ?>