<?php
 
// SVN file version:
// $Id: index.php 570 2008-03-04 20:11:17Z schonhose $
 
/*
 
Pixelpost version 1.7.1
 
Pixelpost www: http://www.pixelpost.org/
 
Version 1.7.1:
Development Team:
Ramin Mehran, Will Duncan, Joseph Spurling,
Piotr "GeoS" Galas, Dennis Mooibroek, Karin Uhlig, Jay Williams, David Kozikowski
 
Former members of the Development Team:
Connie Mueller-Goedecke
Version 1.1 to Version 1.3: Linus <http://www.shapestyle.se>
 
 
IMPORTANT!!!
Due to the nature of the characterset used in this file it is important to save this
file with an UTF-8 encoding.
 
Contact: thecrew (at) pixelpost (dot) org
Copyright 2007 Pixelpost.org <http://www.pixelpost.org>
 
License: http://www.gnu.org/copyleft/gpl.html
 
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
 
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 
*/
ini_set('arg_separator.output', '&amp;');
 
error_reporting(0);
 
/**
 * Define constants
 *
 */
define('PHP_SELF', 'index.php');
define('ADDON_DIR', 'addons/');
define('ADMIN_DIR', 'admin/');
 
if(file_exists("includes/pixelpost.php")){ require_once("includes/pixelpost.php"); }
 
require_once("includes/functions.php");
 
start_mysql('includes/pixelpost.php','front');
 
/**
 * Load the $cfgrow configuration variable and set the upload directory
 *
 */
if($cfgrow = sql_array("SELECT * FROM `".$pixelpost_db_prefix."config`"))
{
  //$upload_dir = $cfgrow['imagepath'];
}
else
{
  show_splash('Coming Soon. Not Installed Yet. Cause #1','templates');
}
 
/**
 * Begin frontpage addons
 *
 */
refresh_addons_table(ADDON_DIR);
 
$addon_front_functions = array(0 => array('function_name' => '', 'workspace' => '', 'menu_name' => '', 'submenu_name' => ''));
$addon_admin_functions = array(0 => array('function_name' => '', 'workspace' => '', 'menu_name' => '', 'submenu_name' => ''));
 
create_front_addon_array();
 
session_start();
 
// Initialize the workspace
eval_addon_front_workspace('frontpage_init');
 
// Fix proposed by tomyeah on the forum
header('Content-Type: text/html; charset=utf-8');
 
// Set a cookie for the visitor counter, re-count a person after 60 mins
setcookie("lastvisit","expires in 60 minutes",time() +60*60);
 
// save user info if requested
if(isset($_POST['vcookie']))
{
  $vcookiename  = clean($_POST['name']);
  $vcookieurl   = clean($_POST['url']);
  $vcookieemail = clean($_POST['email']);
 
  setcookie("visitorinfo","$vcookiename%$vcookieurl%$vcookieemail",time() +60*60*24*30); // save cookie 30 days
}
 
// cleanup $_GET['x']
if(isset($_GET['x'])){ $_GET['x'] = eregi_replace('[^a-z0-9_-]', '', $_GET['x']); }
 
if(isset($_GET['errors']) && $_SESSION["pixelpost_admin"])
{
  error_reporting(E_ALL ^ E_NOTICE);
 
}
elseif(isset($_GET['errorsall']) && $_SESSION["pixelpost_admin"])
{
  error_reporting(E_ALL);
}
 
if(isset($_GET['showimage'])){ $_GET['showimage'] = (int) $_GET['showimage']; }
 
if($cfgrow['markdown'] == 'T'){ require_once("includes/markdown.php"); }
 
/**
 * Added token support for use in forms (only if it is set to on)
 *
 */
if($cfgrow['token'] == 'T')
{
  if(!isset($_SESSION['token']))
  {
    $_SESSION['token'] = md5($_SERVER["HTTP_USER_AGENT"].$_SERVER["HTTP_ACCEPT_LANGUAGE"].$_SERVER["HTTP_ACCEPT_ENCODING"].$_SERVER["HTTP_ACCEPT_CHARSET"].$_SERVER["HTTP_ACCEPT"].$_SERVER["SERVER_SOFTWARE"].session_id().uniqid(rand(), TRUE));
  }
  if(!isset($_GET['x'])&&$_GET['x'] !== "save_comment")
  {
    $_SESSION['token_time'] = time();
  }
}
 
// book visitors
if(strtolower($cfgrow['visitorbooking']) != 'no') { book_visitor($pixelpost_db_prefix.'visitors'); }
 
// mod rewrite
if(isset($mod_rewrite) AND $mod_rewrite == '1'){ $showprefix = ''; }else{ $showprefix = './'.PHP_SELF.'?showimage='; }
 
// refresh the addons table
//refresh_addons_table(ADDON_DIR);
 
/**
 * Timezone variables
 *
 */
$tz       = $cfgrow['timezone'];
$datetime = gmdate("Y-m-d H:i:s",time()+(3600 * $tz)); // current date+time
$cdate    = $datetime; // for future posting, current date+time
 
 
/**
 * LANGUAGE SELECTION
 *
 * This is an array of all supported languages in PP. It contains the country abbreviation
 * and the native word for the language spoken in that country. This is used to get all
 * variables.
 *
 */          
 
/**
 * Query the database and pullout the language array(s).
 *
 */
$query = mysql_query("SELECT * FROM `".$pixelpost_db_prefix."localization`");
$row   = mysql_fetch_array($query,MYSQL_ASSOC);
 
/**
 * Unserialize the defualt language array using the UTF8 safe unserialize function, mb_unserialize.
 *
 */
$PP_supp_lang = mb_unserialize(stripslashes($row['pp_supp_lang']));
 
/**
 * If a user supplied language array exists,
 * Unserialize the user language array using the UTF8 safe unserialize function, mb_unserialize,
 * and merge with the default pixelpost array.
 *
 */
if(!empty($row['user_supp_lang']))
{
  $user_supp_lang = mb_unserialize(stripslashes($row['user_supp_lang']));
  $PP_supp_lang   = array_merge($PP_supp_lang, $user_supp_lang);
}
 
/**
 * The default language is the language the user has set in the adminpanel
 * We have to find the abbreviation
 *
 */
$default_language_abr = strtolower($PP_supp_lang[$cfgrow['langfile']][0]);
 
/**
 * Try to find if another language was selected or not (different ways)
 * Set a cookie to the GET arg 'lang' if it exists.
 *
 */
if(isset($_GET['lang']))
{
  // cookie is saved for 30 days now
  setcookie ('lang', substr($_GET['lang'],0,2), time() +60*60*24*30, '/', false, 0);
  $language_abr = substr($_GET['lang'],0,2);
}
 
/**
 * Set the language variable to session 'lang' - this variable is the one used below
 *
 */
$language_abr = "";
if(isset($_COOKIE['lang'])) { $language_abr = $_COOKIE['lang']; }
 
/**
 * Use the default language if none of the previous steps captured a language preference
 *
 */
if(empty($language_abr)){ $language_abr = $default_language_abr; }
 
/**
 * Override the language if $_GET['lang'] is set.
 *
 */
if(isset($_GET['lang'])){ $language_abr = substr($_GET['lang'],0,2); }
 
/**
 * Convert the two letter $language variable to full name of language file
 * (used in language file switch but not template switch (template uses abbreviation))
 *
 */
foreach($PP_supp_lang as $key => $row)
{
  foreach($row as $cell)
  {
    if($cell == strtoupper($language_abr)) { $language_full = $key; }
  }
}
 
/**
 * Get the language file based on the language selection
 *
 *
 * Always include the default language file (English) if it exists.
 * That way if we forget to update the variables in the alternative language files the English ones are shown.
 *
 */
if(file_exists("language/lang-english.php"))
{
  if(!isset($_GET['x']) OR ($_GET['x'] != "rss" AND $_GET['x'] != "atom"))
  {
    require_once("language/lang-english.php");
  }
}
// now replace the contents of the variables with the selected language.
if(!empty($language_full))
{
  if(file_exists("language/lang-".$language_full.".php"))
  {
    if(!isset($_GET['x']) OR ($_GET['x'] != "rss" AND $_GET['x'] != "atom"))
    {
      require_once("language/lang-".$language_full.".php");
    }
  }
  else
  {
    echo '<b>Error:</b><br />No <b>language</b> folder exists or the file <b>"lang-'.$language_full.'.php"</b> is missing in that folder.<br />Make sure that you have uploaded all necessary files with the exact same names as mentioned here.';
    exit;
  }
}
else
{
  echo '<b>Error:</b><br />Pixelpost has problem selecting a default language.<br />Make sure that you have chosen a default language in the adminpanel.';
  exit;
}
 
 
// Double Quotes in <SITE_TITLE> break HTML Code
$pixelpost_site_title = htmlspecialchars(pullout($cfgrow['sitetitle']),ENT_NOQUOTES);
 
// Double Quotes in <SUB_TITLE> break HTML Code
$pixelpost_sub_title = htmlspecialchars(pullout($cfgrow['subtitle']),ENT_NOQUOTES);
 
 
/**
 * Added ability to use header and footers for templates.  They are not needed but used if included in the template
 * Don't show header or footer if viewing comments in a popup
 *
 */
if(isset($_GET['popup']) && $_GET['popup'] != "comment" || !isset($_GET['popup']))
{
  if(file_exists("templates/".$cfgrow['template']."/header.html"))
  {
    $header = compile("templates/".$cfgrow['template']."/header.html");
  }
  if(file_exists("templates/".$cfgrow['template']."/footer.html"))
  {
    $footer = compile("templates/".$cfgrow['template']."/footer.html");
  }
}
 
/**
 * You can now add any template you want by just adding the template and a link to it.  For example,
 * ?x=about will load the template about_template.html
 *
 */
if(isset($_GET['x'])&& $_GET['x'] == "ref") { $_GET['x'] = "referer"; } // Maintain backwards compatibility with the referer template
 
// Refererlog
if(isset($_GET['x'])&&$_GET['x'] == "referer")
{
  header("HTTP/1.0 404 Not Found");
  header("Status: 404 File Not Found!");
  echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nThe requested URL /index.php was not found on this server.<P>\n<P>Additionally, a 404 Not Found\nerror was encountered while trying to use an ErrorDocument to handle the request.\n</BODY></HTML>";
    exit;
}
 
/**
 * Get the template file based on the language selection
 *
 */
if($language_full==$cfgrow['langfile'])
{   // we have our default language from the PP installation, so we use our default templates
    if(isset($_GET['x']) && file_exists("templates/".$cfgrow['template']."/".$_GET['x']."_template.html"))
    {
      if(eregi("[.]",$_GET['x'])) { die("Come on! forget about it..."); }
 
      $tpl = compile("templates/".$cfgrow['template']."/".$_GET['x']."_template.html");
 
    }
    else
    {
      if(!file_exists("templates/".$cfgrow['template']."/image_template.html"))
      {
        echo '<b>Error:</b><br />No template folder exists by the name of <b>"' .$cfgrow['template'] .'"</b> or the file <b>image_template.html</b> is missing in that folder.<br />Make sure that you have uploaded all necessary files with the exact same names as mentioned here.';
        exit;
      }
      
      if(isset($_GET['x']) && $_GET['x'] != 'atom' && $_GET['x'] != 'comment_atom' && $_GET['x'] != 'rss' && $_GET['x'] != 'comment_rss' && $_GET['x'] != 'save_comment') // if the x=foo does not exist, error 404
      {
      header("HTTP/1.0 404 Not Found");
      header("Status: 404 File Not Found!");
      echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nThe requested URL /index.php was not found on this server.<P>\n<P>Additionally, a 404 Not Found\nerror was encountered while trying to use an ErrorDocument to handle the request.\n</BODY></HTML>";
      exit;
    }
 
      $tpl = compile("templates/".$cfgrow['template']."/image_template.html");
    }
 
}
else
{
  if(isset($_GET['x']) && file_exists("templates/".$cfgrow['template']."/".$_GET['x']."_".$language_abr."_template.html")) // we use our special designed language templates.
  {
    if (eregi("[.]",$_GET['x'])) { die("Come on! forget about it..."); }
 
    $tpl = compile("templates/".$cfgrow['template']."/".$_GET['x']."_".$language_abr."_template.html");
 
  }
  else
  {
    if(!file_exists("templates/".$cfgrow['template']."/image_".$language_abr."_template.html"))
    {
      echo '<b>Error:</b><br />No template folder exists by the name of <b>"' .$cfgrow['template'] .'"</b> or the file <b>image_'.$language_abr .'_template.html</b> is missing in that folder.<br />Make sure that you have uploaded all necessary files with the exact same names as mentioned here.<br /><br /><a href="'.PHP_SELF.'?lang='.$default_language_abr.'" alt="return to default language">Click here to return to the default language.</a>';
      exit;
    }
    
    if(isset($_GET['x']) && $_GET['x'] != 'atom' && $_GET['x'] != 'comment_atom' && $_GET['x'] != 'rss' && $_GET['x'] != 'comment_rss' && $_GET['x'] != 'save_comment') // if the x=foo does not exist, error 404
    {
            header("HTTP/1.0 404 Not Found");
            header("Status: 404 File Not Found!");
            echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nThe requested URL /index.php was not found on this server.<P>\n<P>Additionally, a 404 Not Found\nerror was encountered while trying to use an ErrorDocument to handle the request.\n</BODY></HTML>";
            exit;
    }
 
      $tpl = compile("templates/".$cfgrow['template']."/image_".$language_abr."_template.html");
  }
 
  if($cfgrow['display_sort_by'] == 'headline') { $cfgrow['display_sort_by'] = 'alt_headline'; }
  if($cfgrow['display_sort_by'] == 'body') {     $cfgrow['display_sort_by'] = 'alt_body'; }
}
 
if(isset($_GET['popup'])&&$_GET['popup'] == "comment")
{   // additional language file for comment template
  if(file_exists("templates/".$cfgrow['template']."/comment_".$language_abr."_template.html"))
  {
    $tpl = compile("templates/".$cfgrow['template']."/comment_".$language_abr."_template.html");
  }
  else
  {   // if not existing or no additional language chosen, default template file is called without error
    $tpl = compile("templates/".$cfgrow['template']."/comment_template.html");
  }
}
 
// if showimage=badstuff or email, hijack!
if(isset($_GET['showimage']) && !is_numeric($_GET['showimage']))
{
  header("HTTP/1.0 404 Not Found");
  header("Status: 404 File Not Found!");
  echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><HTML><HEAD>\n<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\nDon't do that! go back to index.php! \n</BODY></HTML>";
  exit;
}
 
// Added ability to use header and footers for templates.  They are not needed but used if included in the template
if(isset($header)) { $tpl = $header . $tpl; }
if(isset($footer)) { $tpl = $tpl. $footer;  }
 
// Get visitor count
$visitors = sql_array("SELECT count(*) as `count` FROM `".$pixelpost_db_prefix."visitors`");
$pixelpost_visitors = $visitors['count'];
 
// Get number of photos in database
$photonumb = sql_array("SELECT count(*) as `count` FROM `".$pixelpost_db_prefix."pixelpost` WHERE `datetime` <= '$datetime'");
$pixelpost_photonumb = $photonumb['count'];
 
// Get the display order
if($cfgrow['display_order'] == 'default') { $display_order = 'DESC'; }else{ $display_order = 'ASC'; }
 
/**
 * Images / Main site
 *
 */
if(!isset($_GET['x']))
{
  // Get Current Image.
  if(!isset($_SESSION["pixelpost_admin"]))
  {
    if(!isset($_GET['showimage']) || $_GET['showimage'] == "")
    {
      $row = sql_array("SELECT * FROM `".$pixelpost_db_prefix."pixelpost` WHERE `datetime` <= '$cdate' ORDER BY ".$cfgrow['display_sort_by']." ".$display_order." LIMIT 0,1");
    }
    else
    {
      $row = sql_array("SELECT * FROM `".$pixelpost_db_prefix."pixelpost` WHERE (`id` = '".$_GET['showimage']."') AND `datetime` <= '$cdate'");
    }
  }
  else
  {
    if(!isset($_GET['showimage']) || $_GET['showimage'] == "")
    {
      $row = sql_array("SELECT * FROM `".$pixelpost_db_prefix."pixelpost` ORDER BY ".$cfgrow['display_sort_by']." ".$display_order." LIMIT 0,1");
    }
    else
    {
      $row = sql_array("SELECT * FROM `".$pixelpost_db_prefix."pixelpost` WHERE (`id` = '".$_GET['showimage']."')");
    }
  }
 
  if(!$row['image']){ echo "$lang_nothing_to_show"; exit; }
 
  $image_name = $row['image'];
 
  if($language_abr == $default_language_abr)
  {
    $image_title  = pullout($row['headline']);
    $image_notes  =