170 lines
5.5 KiB
PHP
170 lines
5.5 KiB
PHP
<?php
|
|
|
|
// Classes
|
|
require_once('lib/helpers.class.php');
|
|
require_once('lib/template.class.php');
|
|
|
|
// Settings
|
|
require('conf/config.php');
|
|
|
|
// Prepare Some Basic Variables
|
|
$imagedir = Helpers::end_dir($conf['fs_imagedir']);
|
|
$imageurl = Helpers::end_dir($conf['web_imagedir']);
|
|
|
|
$galleryname = $conf['gallery_name'];
|
|
|
|
// Prepare Path Traversal Check
|
|
$r_basedir=realpath($imagedir);
|
|
|
|
// Get Parameters or Set Defaults
|
|
$page = $_GET['p'] ?? $conf['defpage'];
|
|
$slice = $_GET['s'] ?? $conf['defslice'];
|
|
$gslice = $_GET['gs'] ?? $conf['defslice'];
|
|
$dir = $_GET['d'] ?? $conf['defdir'];
|
|
$sort = $_GET['so'] ?? 1;
|
|
|
|
// Input Validation and Sanitazion
|
|
$page = Helpers::validate_int($page, 1, PHP_INT_MAX) ? $page : $conf['defpage'];
|
|
$slice = Helpers::validate_int($slice, 1, 100) ? $slice : $conf['defslice'];
|
|
$gslice = Helpers::validate_int($gslice, 1, 100) ? $gslice : $conf['defslice'];
|
|
$sort = Helpers::validate_int($sort, 0, 1) ? $sort : $conf['defslice'];
|
|
|
|
// Set Some Variables
|
|
$host = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
|
|
$proto = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ? $_SERVER['HTTP_X_FORWARDED_PROTO'] : $_SERVER['REQUEST_SCHEME'];
|
|
$secure = ($proto == 'https');
|
|
|
|
// Create or Load Session
|
|
session_set_cookie_params([ 'lifetime' => 3600, 'path' => '/', 'domain' => $host, 'secure' => $secure, 'httponly' => true, 'samesite' => 'lax' ]);
|
|
session_start();
|
|
|
|
// Filelist Cache Handling
|
|
$cdir = $dir;
|
|
if (empty($cdir))
|
|
$cdir = '/';
|
|
|
|
if (isset($_SESSION[$cdir])
|
|
&& (time() - $_SESSION[$cdir]['t']) < $conf['flcache']
|
|
&& !isset($_GET['refcache']))
|
|
{
|
|
$files = $_SESSION[$cdir]['f'];
|
|
$dirs = $_SESSION[$cdir]['d'];
|
|
} else {
|
|
$r_imagedir = realpath($imagedir.$dir);
|
|
if ($r_imagedir === false || strpos(Helpers::end_dir($r_imagedir), $r_basedir.DIRECTORY_SEPARATOR) !== 0) {
|
|
$data['script'] = $_SERVER['PHP_SELF'];
|
|
$data['errormsg'] = 'A Path Traversal was Detected';
|
|
Template::view('tpl/error.html', $data);
|
|
exit();
|
|
}
|
|
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
|
|
if (!empty($tmpdirs)) {
|
|
foreach ($tmpdirs as $tmpdir)
|
|
$dirs[] = basename($tmpdir);
|
|
$rmdirs = $dirs;
|
|
}
|
|
$rmdirs[] = '.';
|
|
$rmdirs[] = '..';
|
|
$files = array_diff(scandir($imagedir.$dir, SCANDIR_SORT_DESCENDING), $rmdirs);
|
|
// Filter Unsupported Files
|
|
$files = array_values(preg_grep('/.*\.(?!(db|sh)).*/i', $files));
|
|
$_SESSION[$cdir]['f'] = isset($files) ? $files : null;
|
|
$_SESSION[$cdir]['d'] = isset($dirs) ? $dirs : null;
|
|
$_SESSION[$cdir]['t'] = time();
|
|
}
|
|
|
|
// Apply Filters to Filelist
|
|
$filter='';
|
|
if (isset($_GET['f'])) {
|
|
if ($_GET['f'] != '') {
|
|
if (Helpers::validate_search($_GET['f'])) {
|
|
$tr = array('(' => '\(', ')' => '\)');
|
|
$f = strtr($_GET['f'], $tr);
|
|
if (!empty($files))
|
|
$files = array_values(preg_grep('/.*'.$f.'.*/i', $files));
|
|
if (!empty($dirs))
|
|
$dirs = array_values(preg_grep('/.*'.$f.'.*/i', $dirs));
|
|
$filter='&f='.$_GET['f'];
|
|
} else {
|
|
$data['script'] = $_SERVER['PHP_SELF'];
|
|
$data['errormsg'] = 'An Invalid Search String was detected';
|
|
Template::view('tpl/error.html', $data);
|
|
exit();
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
// Sort and Reverse Filelist
|
|
natcasesort($files);
|
|
if ($sort == 1) {
|
|
$files = array_reverse($files);
|
|
} else {
|
|
$files = array_values($files);
|
|
}
|
|
|
|
if (!empty($dirs))
|
|
$files = array_merge($dirs, $files);
|
|
|
|
// Get Files for current Page
|
|
$curfiles = array_slice($files, ($page-1)*$slice ,$slice, true);
|
|
|
|
if (!empty($curfiles)| !empty($dirs)) {
|
|
// Prepare Generic Data for Template
|
|
$data['galleryname'] = $galleryname;
|
|
$data['startpage'] = $_SERVER['PHP_SELF'];
|
|
$data['dir'] = $dir;
|
|
$data['sort'] = $sort;
|
|
$data['slice'] = $slice;
|
|
$data['filter'] = $filter;
|
|
$data['pretty_filter'] = substr($filter,3);
|
|
$data['page'] = $page;
|
|
$data['prev_page'] = $page - 1;
|
|
if ($data['prev_page'] < 1)
|
|
$data['prev_page'] = 1;
|
|
$data['next_page'] = $page + 1;
|
|
if ($data['next_page'] > ceil(count($files)/$slice))
|
|
$data['next_page'] = $page;
|
|
$data['last_page'] = ceil(count($files)/$slice);
|
|
|
|
// Prepare Mode Specific Data and Render Template
|
|
if ($slice > 1) {
|
|
if (!empty($curfiles)) {
|
|
foreach ($curfiles as $index => $image) {
|
|
if (!empty($dirs) && in_array($image, $dirs)) {
|
|
$data['dirs'][] = $image;
|
|
} else {
|
|
$tmp['n'] = $image;
|
|
$tmp['i'] = $index+1;
|
|
$tmp['t'] = 'thumb.php?d='.Helpers::end_dir($imagedir.$dir).'&i='.$image;
|
|
$data['images'][] = $tmp;
|
|
}
|
|
}
|
|
if (!empty($dir)) {
|
|
$tmpdirs = array_filter(explode(DIRECTORY_SEPARATOR, $dir));
|
|
$tmppath = '';
|
|
foreach($tmpdirs as $tmpdir) {
|
|
$tmppath=$tmppath.DIRECTORY_SEPARATOR.$tmpdir;
|
|
$data['crumbs'][$tmpdir] = $tmppath;
|
|
}
|
|
}
|
|
}
|
|
Template::view('tpl/gallery.html', $data);
|
|
} else {
|
|
$data['gallery_page'] = ceil($page/$gslice);
|
|
$data['gallery_slice'] = $gslice;
|
|
foreach ($curfiles as $index => $image) {
|
|
$data['imageurl'] = str_replace("'", "'", $imageurl.$dir.'/'.$image);
|
|
$data['imagename'] = $image;
|
|
$data['filetype'] = mime_content_type(Helpers::end_dir($imagedir.$dir).$image);
|
|
$data['tags'] = array_filter(explode(" ", pathinfo(trim(strstr(strtolower($image), ' - '), " -"))['filename']));
|
|
}
|
|
Template::view('tpl/single.html', $data);
|
|
}
|
|
} else {
|
|
$data['filter'] = substr($filter,3);
|
|
$data['script'] = $_SERVER['PHP_SELF'];
|
|
Template::view('tpl/notfound.html', $data);
|
|
}
|
|
|
|
?>
|