Messages

1

Discussion & Troubleshooting / Re: Instant redirecting to index.php error?

« on: January 13, 2011, 09:40:36 PM »

Thank you very much - it works now!

Because I inserted many mods and patches manually, I'm affraid to update galerry automatically,
thus it is outdated somewhat.

2

Discussion & Troubleshooting / Instant redirecting to index.php error?

« on: January 13, 2011, 12:24:06 PM »

After migration (to SUSE Novell, php5, MySql v.5.0.26) I encountered problem with my gallery:
http://149.156.194.203/~mczapkie/4images/index.php
every dynamic link redirect me back to index.php page

All files attr. are correct, mysql user/passwd/dataname correct, php safemode off,
what can be a cause?

My globals.php file:
if (!defined('ROOT_PATH')) {
  die("Security violation");
}

error_reporting(E_ERROR | E_WARNING | E_PARSE);
set_magic_quotes_runtime(0);
$start_time = microtime();

function addslashes_array($array) {
  foreach ($array as $key => $val) {
    $array[$key] = (is_array($val)) ? addslashes_array($val) : addslashes($val);
  }
  return $array;
}

if (get_magic_quotes_gpc() == 0) {
  $HTTP_GET_VARS = addslashes_array($HTTP_GET_VARS);
  $HTTP_POST_VARS = addslashes_array($HTTP_POST_VARS);
  $HTTP_COOKIE_VARS = addslashes_array($HTTP_COOKIE_VARS);
}

$cat_cache = array();
$cat_parent_cache = array();
$new_image_cache = array();
$session_info = array();
$user_info = array();
$user_access = array();
$config = array();
$lang = array();
$mime_type_match = array();
$additional_image_fields = array();
$additional_user_fields = array();
$additional_urls = array();
$global_info = array();
$auth_cat_sql = array();
unset($self_url);
unset($url);
unset($script_url);
unset($db_servertype);
@include(ROOT_PATH.'config.php');

if (!defined("4IMAGES_ACTIVE")) {
  header("Location: ".ROOT_PATH."install.php");
}

include(ROOT_PATH.'includes/constants.php');

if (isset($HTTP_GET_VARS['action']) || isset($HTTP_POST_VARS['action'])) {
  $action = (isset($HTTP_GET_VARS['action'])) ? stripslashes(trim($HTTP_GET_VARS['action'])) : stripslashes(trim($HTTP_POST_VARS['action']));
}
else {
  $action = "";
}

if (isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) {
  $mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
}
else {
  $mode = "";
}

if (isset($HTTP_GET_VARS[URL_CAT_ID]) || isset($HTTP_POST_VARS[URL_CAT_ID])) {
  $cat_id = (isset($HTTP_GET_VARS[URL_CAT_ID])) ? intval($HTTP_GET_VARS[URL_CAT_ID]) : intval($HTTP_POST_VARS[URL_CAT_ID]);
}
else {
  $cat_id = 0;
}

if (isset($HTTP_GET_VARS[URL_IMAGE_ID]) || isset($HTTP_POST_VARS[URL_IMAGE_ID])) {
  $image_id = (isset($HTTP_GET_VARS[URL_IMAGE_ID])) ? intval($HTTP_GET_VARS[URL_IMAGE_ID]) : intval($HTTP_POST_VARS[URL_IMAGE_ID]);
}
else {
  $image_id = 0;
}

if (isset($HTTP_GET_VARS[URL_ID]) || isset($HTTP_POST_VARS[URL_ID])) {
  $id = (isset($HTTP_GET_VARS[URL_ID])) ? intval($HTTP_GET_VARS[URL_ID]) : intval($HTTP_POST_VARS[URL_ID]);
}
else {
  $id = 0;
}

if (isset($HTTP_GET_VARS[URL_PAGE]) || isset($HTTP_POST_VARS[URL_PAGE])) {
  $page = (isset($HTTP_GET_VARS[URL_PAGE])) ? intval($HTTP_GET_VARS[URL_PAGE]) : intval($HTTP_POST_VARS[URL_PAGE]);
  if (!$page) {
    $page = 1;
  }
}
else {
  $page = 1;
}

//-----------------------------------------------------
//--- Start DB ----------------------------------------
//-----------------------------------------------------
include(ROOT_PATH.'includes/db_'.strtolower($db_servertype).'.php');
$site_db = new Db($db_host, $db_user, $db_password, $db_name);

//-----------------------------------------------------
//--- Generate Setting --------------------------------
//-----------------------------------------------------
$sql = "SELECT setting_name, setting_value
        FROM ".SETTINGS_TABLE;
$result = $site_db->query($sql);
if (!$result) {
  echo $lang['no_settings'];
  exit;
}
while ($row = $site_db->fetch_array($result)) {
  $config[$row['setting_name']] = $row['setting_value'];
}
$site_db->free_result();

$config['allowed_mediatypes'] = str_replace(" ", "", $config['allowed_mediatypes']);
$config['allowed_mediatypes_array'] = explode(",", $config['allowed_mediatypes']);
$config['allowed_mediatypes_match'] = str_replace(",", "|", $config['allowed_mediatypes']);

$msg = "";
$clickstream = "";
define('MEDIA_PATH', ROOT_PATH.MEDIA_DIR);
define('THUMB_PATH', ROOT_PATH.THUMB_DIR);
define('MEDIA_TEMP_PATH', ROOT_PATH.MEDIA_TEMP_DIR);
define('THUMB_TEMP_PATH', ROOT_PATH.THUMB_TEMP_DIR);
define('TEMPLATE_PATH', ROOT_PATH.TEMPLATE_DIR."/".$config['template_dir']);
define('ICON_PATH', ROOT_PATH.TEMPLATE_DIR."/".$config['template_dir']."/icons");

//-----------------------------------------------------
//--- Useful Stuff ------------------------------------
//-----------------------------------------------------
if (empty($PHP_SELF)) {
  if (!empty($HTTP_SERVER_VARS['PATH_INFO'])) {
    $PHP_SELF = $HTTP_SERVER_VARS['PATH_INFO'];
  }
  elseif (!empty($HTTP_SERVER_VARS['PHP_SELF'])) {
    $PHP_SELF = $HTTP_SERVER_VARS["PHP_SELF"];
  }
  elseif (!empty($HTTP_ENV_VARS['PHP_SELF'])) {
    $PHP_SELF = $HTTP_ENV_VARS["PHP_SELF"];
  }
  else {
    $PHP_SELF = getenv("SCRIPT_NAME");
  }
}

$self_url = basename($PHP_SELF);
if (empty($self_url) || !preg_match("/\.php$/", $self_url)) {
  $self_url = "index.php";
}

//if (getenv("QUERY_STRING")) {
//  $self_url .= "?".getenv("QUERY_STRING");
//  $self_url = preg_replace(array("/([?|&])action=[^?|&]*/", "/([?|&])mode=[^?|&]*/", "/([?|&])phpinfo=[^?|&]*/", "/([?|&])printstats=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", "", "", ""), $self_url);
//}
//else {
  if (preg_match("/details.php/", $self_url) && !preg_match("/[?|&]".URL_IMAGE_ID."=[^?|&]*/", $self_url) && $image_id) {
    $self_url .= "?".URL_IMAGE_ID."=".$image_id;
  }
  elseif (preg_match("/categories.php/", $self_url) && !preg_match("/[?|&]".URL_CAT_ID."=[^?|&]*/", $self_url)) {
    $self_url .= "?".URL_CAT_ID."=".$cat_id;
  }
  if (isset($show_result) && $show_result) {
    $self_url .= preg_match("/\?/", $self_url) ? "&" : "?";
    $self_url .= "show_result=1";
  }
  if ($page && $page != 1) {
    $self_url .= preg_match("/\?/", $self_url) ? "&" : "?";
    $self_url .= URL_PAGE."=".$page;
  }
//}

if (isset($HTTP_GET_VARS['url']) || isset($HTTP_POST_VARS['url'])) {
  $url = (isset($HTTP_GET_VARS['url'])) ? trim($HTTP_GET_VARS['url']) : trim($HTTP_POST_VARS['url']);
}
else {
  $url = "";
}
if (empty($url)) {
  $url = basename(getenv("HTTP_REFERER"));
}
else {
  if ($url == getenv("HTTP_REFERER")) {
    $url = "index.php";
  }
}
$url = preg_replace(array("/[?|&]action=[^?|&]*/", "/[?|&]mode=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", ""), $url);
if ($url == $self_url || $url == "" || !preg_match("/\.php/", $url)) {
  $url = "index.php";
}

if (defined("SCRIPT_URL") && SCRIPT_URL != "") {
  $script_url = SCRIPT_URL;
}
else {
  $port = (!preg_match("/^(80|443)$/", getenv("SERVER_PORT"), $port_match)) ? ":".getenv("SERVER_PORT") : "";
  $script_url  = ($port_match[1] == 443) ? "https://" : "http://";
  $script_url .= (!empty($HTTP_SERVER_VARS['HTTP_HOST'])) ? $HTTP_SERVER_VARS['HTTP_HOST'] : getenv("SERVER_NAME");
  $script_url .= $port;
  $script_url .= (dirname($PHP_SELF) != "/") ? dirname($PHP_SELF) : "";
}

//-----------------------------------------------------
//--- Templates ---------------------------------------
//-----------------------------------------------------
include(ROOT_PATH.'includes/template.php');
$site_template = new Template(TEMPLATE_PATH);

$config['language_dir_default'] = $config['language_dir'];
if (isset($HTTP_GET_VARS['l']) || isset($HTTP_POST_VARS['l'])) {
  $l = (isset($HTTP_GET_VARS['l'])) ? trim($HTTP_GET_VARS['l']) : trim($HTTP_POST_VARS['l']);
  if (file_exists(ROOT_PATH.'lang/'.$l.'/main.php')) {
    $config['language_dir'] = $l;
  }
}

include(ROOT_PATH.'lang/'.$config['language_dir'].'/main.php');
include(ROOT_PATH."includes/db_field_definitions.php");
require(ROOT_PATH.'includes/auth.php');
include(ROOT_PATH.'includes/functions.php');

//-----------------------------------------------------
//--- GZip Compression --------------------------------
//-----------------------------------------------------
$do_gzip_compress = 0;
if ($config['gz_compress'] == 1 && !isset($nozip)) {
  if (get_php_version() >= 40004) {
    if (extension_loaded("zlib")) {
      ob_start("ob_gzhandler");
    }
  }
  elseif (get_php_version() > 40000) {
    if (eregi("gzip", $HTTP_SERVER_VARS["HTTP_ACCEPT_ENCODING"]) || eregi("x-gzip", $HTTP_SERVER_VARS["HTTP_ACCEPT_ENCODING"])) {
      if (extension_loaded("zlib")) {
        $do_gzip_compress = 1;
        ob_start();
        ob_implicit_flush(0);
      }
    }
  }
}

if (defined("GET_CACHES")) {
  $new_cutoff = time() - (60 * 60 * 24 * $config['new_cutoff']);
  $sql = "SELECT c.cat_id, c.cat_name, c.cat_description, c.cat_parent_id, c.cat_hits, c.cat_order, c.auth_viewcat, c.auth_viewimage, c.auth_download, c.auth_upload, c.auth_directupload, c.auth_vote, c.auth_sendpostcard, c.auth_readcomment, c.auth_postcomment, COUNT(i.image_id) AS new_images 
          FROM ".CATEGORIES_TABLE." c 
          LEFT JOIN ".IMAGES_TABLE." i ON (i.cat_id = c.cat_id AND i.image_date >= $new_cutoff AND i.image_active = 1) 
          GROUP BY c.cat_id 
          ORDER BY c.cat_order, c.cat_name ASC";
  $result = $site_db->query($sql);

  while ($row = $site_db->fetch_array($result)) {
    $cat_cache[$row['cat_id']] = $row;
    $cat_parent_cache[$row['cat_parent_id']][] = $row['cat_id'];
    $new_image_cache[$row['cat_id']] = $row['new_images'];
  }
  $site_db->free_result();

  $sql = "SELECT cat_id, COUNT(*) AS num_images 
          FROM ".IMAGES_TABLE." 
          WHERE image_active = 1 
          GROUP BY cat_id";
  $result = $site_db->query($sql);

  while ($row = $site_db->fetch_array($result)) {
    $cat_cache[$row['cat_id']]['num_images'] = $row['num_images'];
  }
  $site_db->free_result();
} //end if GET_CACHES

3

Discussion & Troubleshooting / Re: Strange error with php.html

« on: January 09, 2007, 12:07:27 PM »

You mean settings in Control Panel?
BINGO! There was only php in the settings, obviously inserted by this hack, now it works (should I use comma delimiters for different types?)

Thank you for your reply!

4

Discussion & Troubleshooting / Re: Strange error with php.html

« on: January 02, 2007, 07:03:44 PM »

I found it - somebody, probably bot, hacked my gallery and uploaded php file with r57shell.php content, it was the origin of this error from topic.

But still I have another error, all images are displayed as 404.gif (they exist physically, and there is possibility of download of the real image).

Regards,
Mc

PS. now I see what for is this "Security fix for XSS vulnerability" ;->

5

Discussion & Troubleshooting / Strange error with php.html

« on: December 22, 2006, 04:00:08 PM »

Sudenly I got strange error with main index.php: http://149.156.194.203/~mczapkie/4images/index.php

Template Error: Couldn't open Template ./templates/TEMPLATEDIR/media/php.html

It occurs whenever TEMPLATEDIR is set as default or other template
Amin/index.php still works fine.

File and directory right seems to be correct, 777 for dir, 644 or even 666 for files does change anything.

There is no php.html file, but such file never existed before!

Does anybody know a reason of such malfunction?

Regards,
Mc

6

Discussion & Troubleshooting / Re: Error creating thumbnail!

« on: May 13, 2006, 01:37:05 PM »

I have this same situation with ImageMagick, after MySQL upgrade.
I'm sure that owner rights are OK, convert -version show ImageMagick 6.1.9

7

Discussion & Troubleshooting / Re: query problems with MySQL 5.0.x

« on: May 11, 2006, 04:47:25 PM »

Check permissions...

Bingo - most of directories were owned by noobody instead of user, i dont know why, but chown fixed it - jetz alles gut
THX for suggestion.

8

Discussion & Troubleshooting / Re: query problems with MySQL 5.0.x

« on: May 11, 2006, 03:16:38 PM »

But the files exist physically at his /data/media and /data/thumbnails locations as it was before SQL upgrade.
Seems that php cant find the proper path and make "if else" statement substitution.

9

Discussion & Troubleshooting / Re: query problems with MySQL 5.0.x

« on: May 11, 2006, 02:24:42 PM »

Ok, please test this (if it all works, I'll post it as a compability fix):
...

The SQL error vanished, by all my images either - there are standard 4images miniatures (jpg eye) instead of previous in images listing,
and 4images "error404" icon instead of image on details page:
http://149.156.194.203/~mczapkie/4images/index.php

I have no idea how to fix it.

Regards,
Mc