vsgallery/index.php

175 lines
5.6 KiB
PHP

<?php
// Classes
require_once('lib/helpers.class.php');
require_once('lib/thumbs.class.php');
require_once('lib/template.class.php');
// Settings
require('conf/config.php');
// Prepare Some Basic Variables
$imagedir = Helpers::end_dir($conf['fs_imagedir']);
$thumbdir = Helpers::end_dir($conf['fs_thumbdir']);
$imageurl = Helpers::end_dir($conf['web_imagedir']);
$thumburl = Helpers::end_dir($conf['web_thumbdir']);
$galleryname = $conf['gallery_name'];
// Prepare Path Traversal Check
$r_basedir=realpath($imagedir);
// Get Parameters or Set Defaults
$page = $_GET['p'] ?? $conf['defpage'];
$slice = $_GET['s'] ?? $conf['defslice'];
$gslice = $_GET['gs'] ?? $conf['defslice'];
$dir = $_GET['d'] ?? $conf['defdir'];
$sort = $_GET['so'] ?? 1;
// Input Validation and Sanitazion
$page = Helpers::validate_int($page, 1, PHP_INT_MAX) ? $page : $conf['defpage'];
$slice = Helpers::validate_int($slice, 1, 100) ? $slice : $conf['defslice'];
$gslice = Helpers::validate_int($gslice, 1, 100) ? $gslice : $conf['defslice'];
$sort = Helpers::validate_int($sort, 0, 1) ? $sort : $conf['defslice'];
// Set Some Variables
$host = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
$proto = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ? $_SERVER['HTTP_X_FORWARDED_PROTO'] : $_SERVER['REQUEST_SCHEME'];
$secure = ($proto == 'https');
// Create or Load Session
session_set_cookie_params([ 'lifetime' => 3600, 'path' => '/', 'domain' => $host, 'secure' => $secure, 'httponly' => true, 'samesite' => 'lax' ]);
session_start();
// Initialize Thumbnail Handler
$t = new Thumb(Helpers::end_dir($imagedir.$dir), $thumbdir, $thumburl, 200, 200);
// Filelist Cache Handling
$cdir = $dir;
if (empty($cdir))
$cdir = '/';
if (isset($_SESSION[$cdir])
&& (time() - $_SESSION[$cdir]['t']) < $conf['flcache']
&& !isset($_GET['refcache']))
{
$files = $_SESSION[$cdir]['f'];
$dirs = $_SESSION[$cdir]['d'];
} else {
$r_imagedir = realpath($imagedir.$dir);
if ($r_imagedir === false || strpos(Helpers::end_dir($r_imagedir), $r_basedir.DIRECTORY_SEPARATOR) !== 0) {
$data['script'] = $_SERVER['PHP_SELF'];
$data['errormsg'] = 'A Path Traversal was Detected';
Template::view('tpl/error.html', $data);
exit();
}
$tmpdirs = glob(Helpers::end_dir($imagedir.$dir).'*' , GLOB_ONLYDIR);
if (!empty($tmpdirs)) {
foreach ($tmpdirs as $tmpdir)
$dirs[] = basename($tmpdir);
$rmdirs = $dirs;
}
$rmdirs[] = '.';
$rmdirs[] = '..';
$files = array_diff(scandir($imagedir.$dir, SCANDIR_SORT_DESCENDING), $rmdirs);
// Filter Unsupported Files
$files = array_values(preg_grep('/.*\.(?!(webm|sh)).*/i', $files));
$_SESSION[$cdir]['f'] = isset($files) ? $files : null;
$_SESSION[$cdir]['d'] = isset($dirs) ? $dirs : null;
$_SESSION[$cdir]['t'] = time();
}
// Apply Filters to Filelist
$filter='';
if (isset($_GET['f'])) {
if ($_GET['f'] != '') {
if (Helpers::validate_search($_GET['f'])) {
$tr = array('(' => '\(', ')' => '\)');
$f = strtr($_GET['f'], $tr);
if (!empty($files))
$files = array_values(preg_grep('/.*'.$f.'.*/i', $files));
if (!empty($dirs))
$dirs = array_values(preg_grep('/.*'.$f.'.*/i', $dirs));
$filter='&f='.$_GET['f'];
} else {
$data['script'] = $_SERVER['PHP_SELF'];
$data['errormsg'] = 'An Invalid Search String was detected';
Template::view('tpl/error.html', $data);
exit();
}
}
}
// Sort and Reverse Filelist
natcasesort($files);
if ($sort == 1) {
$files = array_reverse($files);
} else {
$files = array_values($files);
}
if (!empty($dirs))
$files = array_merge($dirs, $files);
// Get Files for current Page
$curfiles = array_slice($files, ($page-1)*$slice ,$slice, true);
if (!empty($curfiles)| !empty($dirs)) {
// Prepare Generic Data for Template
$data['galleryname'] = $galleryname;
$data['startpage'] = $_SERVER['PHP_SELF'];
$data['dir'] = $dir;
$data['sort'] = $sort;
$data['slice'] = $slice;
$data['filter'] = $filter;
$data['pretty_filter'] = substr($filter,3);
$data['page'] = $page;
$data['prev_page'] = $page - 1;
if ($data['prev_page'] < 1)
$data['prev_page'] = 1;
$data['next_page'] = $page + 1;
if ($data['next_page'] > ceil(count($files)/$slice))
$data['next_page'] = $page;
$data['last_page'] = ceil(count($files)/$slice);
// Prepare Mode Specific Data and Render Template
if ($slice > 1) {
if (!empty($curfiles)) {
foreach ($curfiles as $index => $image) {
if (!empty($dirs) && in_array($image, $dirs)) {
$data['dirs'][] = $image;
} else {
$tmp['n'] = $image;
$tmp['i'] = $index+1;
$tmp['t'] = $t->get_thumb($image);
$data['images'][] = $tmp;
}
}
if (!empty($dir)) {
$tmpdirs = array_filter(explode(DIRECTORY_SEPARATOR, $dir));
$tmppath = '';
foreach($tmpdirs as $tmpdir) {
$tmppath=$tmppath.DIRECTORY_SEPARATOR.$tmpdir;
$data['crumbs'][$tmpdir] = $tmppath;
}
}
}
Template::view('tpl/gallery.html', $data);
} else {
$data['gallery_page'] = ceil($page/$gslice);
$data['gallery_slice'] = $gslice;
foreach ($curfiles as $index => $image) {
$data['imageurl'] = str_replace("'", "&#39;", $imageurl.$dir.'/'.$image);
$data['imagename'] = $image;
$data['tags'] = array_filter(explode(" ", pathinfo(trim(strstr(strtolower($image), ' - '), " -"))['filename']));
}
Template::view('tpl/single.html', $data);
}
} else {
$data['filter'] = substr($filter,3);
$data['script'] = $_SERVER['PHP_SELF'];
Template::view('tpl/notfound.html', $data);
}
?>