Source of “photos.php”.
253 lines, 8.8 KBytes.   Last modified 1:24 pm, 9th April 2016 PDT.
1 <?php // Emacs settings: -*- mode: Fundamental; tab-width: 4; -*- 2 3 //////////////////////////////////////////////////////////////////////////// 4 // // 5 // Andrew's Album Application: photos.php // 6 // // 7 // Copyright (c) 2004-2005, Andrew Birrell // 8 // // 9 // This script delivers XML (op=xml) describing the images stored in its // 10 // C_images sub-directory. It also maintains (op=xmlSave) a title // 11 // database for the images. Finally, it creates, and caches scaled // 12 // versions of the images for use as thumbnails and screen-sized // 13 // versions of the images. // 14 // // 15 // This script is intended to be called from a client-side program. // 16 // // 17 // This script doesn't generate any HTML itself, only XML. // 18 // // 19 // Place this script in the top-level directory of your photograph album, // 20 // and place the raw photographs in the C_images sub-directory there, // 21 // world-readable. // 22 // // 23 // You need to create two sub-directories there, named with the values // 24 // of the "C_cache" and "C_hash" constants defined below, and you need // 25 // to grant RWX access to those two directories to this program running // 26 // under your web server. For example: // 27 // // 28 // mkdir cache // 29 // mkdir titles // 30 // mkdir titles/hash // 31 // chgrp www-data cache titles/hash // 32 // chmod 775 cache titles/hash // 33 // // 34 // The only non-obvious dependency is on the "convert" and "identify" // 35 // programs (part of the "ImageMagick" package). // 36 // // 37 //////////////////////////////////////////////////////////////////////////// 38 39 40 $start = microtime(); 41 require("shared-php.txt"); 42 require("/home/pachylet/html/pachyauth.php"); 43 44 45 // 46 // Acquire parameters 47 // 48 49 $args = ($_SERVER['REQUEST_METHOD'] == "POST" ? $_POST : $_GET); 50 51 $op = (isset($args["op"]) ? $args["op"] : "missing"); 52 53 $argPath = (isset($args["path"]) ? $args["path"] : ""); 54 if (get_magic_quotes_gpc() == 1) $argPath = stripslashes($argPath); 55 $path = cleanPath($argPath); // Canonicalize and restrict to relative path 56 $path = C_images . ($path == "." ? "" : "/$path"); 57 58 // set_magic_quotes_runtime(0); 59 set_time_limit(0); 60 61 // 62 // The operations 63 // 64 65 header("Expires: Sat, 1 Jan 2000 00:00:01 GMT"); 66 header("Cache-Control: no-store, no-cache, " . 67 "must-revalidate, proxy-revalidate"); 68 header("Content-type: text/xml; charset=UTF-8"); 69 ob_start(); 70 echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"; 71 72 if ($op == "xml") { 73 // Get XML describing the image or folder $path 74 75 // Top-level result is <folder> or <photo> tag. 76 // 77 // All <folder> and <photo> tags have path and title attributes. 78 // Each can have a display image: width, height, and src attributes. 79 // <photo> tag additionally has raw attribute, for the raw image's URL, 80 // size attribute and optional date and exposure attributes. 81 // Top-level <photo> and <folder> tags additionally have 82 // next, prev, skip attributes. 83 // 84 // Top-level <folder> and <photo> tags have <parent> child tags, 85 // describing the folder's or photo's ancestry. 86 // 87 // Top-level <folder> tag has <folder> and <photo> child tags, 88 // describing the folder's immediate contents. It also has a 89 // first attribute, giving the first image in the folder or its 90 // sub-folders. 91 // 92 // Top-level <photo> tag has no children. 93 // 94 // <parent> tags have path and title attributes. 95 96 if (!file_exists($path)) { // find a path with the same basename instead 97 $path = findPath(basename($path)); 98 if (is_null($path)) $path = C_images; 99 } 100 101 if (is_dir($path)) { 102 $next = findNextDir($path, true); 103 $prev = findPrevDir($path); 104 $skipNext = findNextDir($path, false); 105 $firstImage = findFirst($path); 106 $entries = getEntries($path); 107 ?> 108 <folder 109 path="<?php echo urlPath($path) ?>" 110 next="<?php echo urlPath($next) ?>" 111 prev="<?php echo urlPath($prev) ?>" 112 skip="<?php echo urlPath($skipNext) ?>" 113 first="<?php echo urlPath($firstImage) ?>" 114 folderMaxW="<?php echo C_thumbW+2*C_decorSpace ?>" 115 folderMaxH="<?php echo C_thumbH+2*C_decorSpace ?>" 116 photoMaxW="<?php echo C_thumbW+2*C_decorSpace ?>" 117 photoMaxH="<?php echo C_thumbH+2*C_decorSpace ?>" 118 thumb="<?php echo (isMetaThumbpath($path) ? "Y" : "N") ?>" 119 > 120 <?php 121 putTitleXML($path); 122 putParentXML($path); 123 putThumbXML($path); 124 foreach ($entries->dirs as $entry) { 125 $thisPath = "$path/$entry"; 126 $thumb = findThumb($thisPath); 127 if (!is_null($thumb)) { 128 ?> 129 <folder 130 path="<?php echo urlPath($thisPath) ?>" 131 <?php putImageXML($thumb, C_thumbSize) ?>> 132 <?php putTitleXML($thisPath) ?> 133 </folder> 134 <?php 135 } 136 } 137 foreach ($entries->images as $entry) { 138 $thisPath = "$path/$entry"; 139 ?> 140 <photo 141 path="<?php echo urlPath($thisPath) ?>" 142 <?php putCommentsXML($thisPath) ?> 143 <?php putImageXML($thisPath, C_thumbSize) ?> 144 raw="<?php echo urlForRawImage($thisPath) ?>"> 145 <?php putTitleXML($thisPath) ?> 146 </photo> 147 <?php 148 } 149 ?> 150 <elapsed msec="<?php echo elapsed($start) ?>"/> 151 </folder> 152 <?php 153 } else { 154 $skipNextD = findNextDir(dirname($path), true); 155 $skipNext = (is_null($skipNextD) ? null : findFirst($skipNextD)); 156 $prev = findPrev($path); 157 $next = findNext($path); 158 cacheDerivedFile($path, C_thumbSize); // preload cache 159 ?> 160 <photo 161 path="<?php echo urlPath($path) ?>" 162 next="<?php echo urlPath($next) ?>" 163 prev="<?php echo urlPath($prev) ?>" 164 skip="<?php echo urlPath($skipNext) ?>" 165 thumb="<?php echo (isMetaThumbpath($path) ? "Y" : "N") ?>" 166 <?php putCommentsXML($path) ?> 167 <?php putImageXML($path, C_mainSize) ?> 168 raw="<?php echo urlForRawImage($path) ?>"> 169 <?php 170 putTitleXML($path); 171 putParentXML($path); 172 putThumbXML($path); 173 ?> 174 <elapsed msec="<?php echo elapsed($start) ?>"/> 175 </photo> 176 <?php 177 } 178 179 } else if (!file_exists($path)) { 180 ?> 181 <unknownPath><?php urlPath($path) ?></unknownPath> 182 <?php 183 184 } else if ($op == "xmlSave") { 185 // Perform a "save" operation for a title 186 // Result XML is a <save> tag with path, title and status attributes 187 188 $user = (isset($args["user"]) ? $args["user"] : ""); 189 if (get_magic_quotes_gpc() == 1) $user = stripslashes($user); 190 $pwd = (isset($args["pwd"]) ? $args["pwd"] : ""); 191 if (get_magic_quotes_gpc() == 1) $pwd = stripslashes($pwd); 192 193 if (!isset($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on") { 194 $loginStatus = "this is available only over TLS (HTTPS)"; 195 } else if (!checkReferrer()) { 196 $loginStatus = "this can be used only from the photo album script"; 197 } else if (!verifyDerivedKey($user, getDerivedKey($user, $pwd))) { 198 $loginStatus = "incorrect name or password"; 199 } else if (isset($args["title"])) { 200 $loginStatus = "ok"; 201 $title = $args["title"]; 202 if (get_magic_quotes_gpc() == 1) $title = stripslashes($title); 203 if ($title != fileTitle($path)) { 204 writeLog("user $user write title $path"); 205 $rc = writeFileTitle($path, $title); 206 if ($rc !== true) $loginStatus = $rc; 207 } 208 if ($loginStatus == "ok" && isset($args["thumb"])) { 209 $thumb = ($args["thumb"] == "Y"); 210 writeLog("user $user write thumb $path"); 211 $rc = writeMetaThumb($path, $thumb); 212 if ($rc !== true) $loginStatus = $rc; 213 } 214 } else if (isset($args["sort"])) { 215 $loginStatus = "ok"; 216 $sortArg = $args["sort"]; 217 if (get_magic_quotes_gpc() == 1) $sortArg = stripslashes($sortArg); 218 writeLog("user $user write sort $path"); 219 $rc = writeSort($path, $sortArg); 220 if ($rc !== true) $loginStatus = $rc; 221 } else { 222 $loginStatus = "unknown save operation"; 223 } 224 if ($loginStatus != "ok") { 225 writeLog("user $user login $loginStatus"); 226 } 227 ?> 228 <save 229 path="<?php echo urlPath($path) ?>" 230 status="<?php echo htmlspecialchars($loginStatus) ?>"> 231 <elapsed msec="<?php echo elapsed($start) ?>"/> 232 </save> 233 <?php 234 235 236 // 237 // Junk 238 // 239 240 } else { 241 // Unknown operation 242 243 // Result XML is an <unknown> tag, with op attribute and text message 244 ?> 245 <unknownOp 246 op="<?php echo htmlspecialchars($op) ?>" 247 >Unknown operator "<?php echo htmlspecialchars($op) ?>"</unknownOp> 248 <?php 249 } 250 251 ob_end_flush(); 252 253 ?>
End of listing