summaryrefslogtreecommitdiff
path: root/modules/gallery/helpers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/helpers')
-rw-r--r--modules/gallery/helpers/auth.php81
-rw-r--r--modules/gallery/helpers/gallery_block.php2
-rw-r--r--modules/gallery/helpers/gallery_event.php16
-rw-r--r--modules/gallery/helpers/gallery_installer.php18
-rw-r--r--modules/gallery/helpers/gallery_theme.php11
-rw-r--r--modules/gallery/helpers/item.php51
-rw-r--r--modules/gallery/helpers/locales.php92
-rw-r--r--modules/gallery/helpers/movie.php14
8 files changed, 201 insertions, 84 deletions
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index 717cf40a..f5454f85 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -20,7 +20,7 @@
class auth_Core {
static function get_login_form($url) {
$form = new Forge($url, "", "post", array("id" => "g-login-form"));
- $form->set_attr('class', "g-narrow");
+ $form->set_attr("class", "g-narrow");
$group = $form->group("login")->label(t("Login"));
$group->input("name")->label(t("Username"))->id("g-username")->class(null)
->callback("auth::validate_too_many_failed_logins")
@@ -60,52 +60,87 @@ class auth_Core {
}
/**
- * After there have been 5 failed login attempts, any failure leads to getting locked out for a
+ * After there have been 5 failed auth attempts, any failure leads to getting locked out for a
* minute.
*/
- static function too_many_failed_logins($name) {
- $failed_login = ORM::factory("failed_login")
+ static function too_many_failures($name) {
+ $failed = ORM::factory("failed_auth")
->where("name", "=", $name)
->find();
- return ($failed_login->loaded() &&
- $failed_login->count > 5 &&
- (time() - $failed_login->time < 60));
+ return ($failed->loaded() &&
+ $failed->count > 5 &&
+ (time() - $failed->time < 60));
}
static function validate_too_many_failed_logins($name_input) {
- if (self::too_many_failed_logins($name_input->value)) {
+ if (self::too_many_failures($name_input->value)) {
$name_input->add_error("too_many_failed_logins", 1);
}
}
- static function validate_too_many_failed_password_changes($password_input) {
- if (self::too_many_failed_logins(identity::active_user()->name)) {
- $password_input->add_error("too_many_failed_password_changes", 1);
+ static function validate_too_many_failed_auth_attempts($form_input) {
+ if (self::too_many_failures(identity::active_user()->name)) {
+ $form_input->add_error("too_many_failed_auth_attempts", 1);
}
}
/**
- * Record a failed login for this user
+ * Record a failed authentication for this user
*/
- static function record_failed_auth_attempts($name) {
- $failed_login = ORM::factory("failed_login")
+ static function record_failed_attempt($name) {
+ $failed = ORM::factory("failed_auth")
->where("name", "=", $name)
->find();
- if (!$failed_login->loaded()) {
- $failed_login->name = $name;
+ if (!$failed->loaded()) {
+ $failed->name = $name;
}
- $failed_login->time = time();
- $failed_login->count++;
- $failed_login->save();
+ $failed->time = time();
+ $failed->count++;
+ $failed->save();
}
/**
* Clear any failed logins for this user
*/
- static function clear_failed_logins($user) {
- db::build()
- ->delete("failed_logins")
+ static function clear_failed_attempts($user) {
+ ORM::factory("failed_auth")
->where("name", "=", $user->name)
- ->execute();
+ ->delete_all();
+ }
+
+ /**
+ * Checks whether the current user (= admin) must
+ * actively re-authenticate before access is given
+ * to the admin area.
+ */
+ static function must_reauth_for_admin_area() {
+ if (!identity::active_user()->admin) {
+ access::forbidden();
+ }
+
+ $session = Session::instance();
+ $last_active_auth = $session->get("active_auth_timestamp", 0);
+ $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0);
+ $admin_area_timeout = module::get_var("gallery", "admin_area_timeout");
+
+ if (max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout < time()) {
+ return true;
+ }
+
+ $session->set("admin_area_activity_timestamp", time());
+ return false;
+ }
+
+ /**
+ * Redirect to the login page.
+ */
+ static function require_login() {
+ $view = new Theme_View("page.html", "other", "login");
+ $view->page_title = t("Log in to Gallery");
+ $view->content = new View("login_ajax.html");
+ $view->content->form = auth::get_login_form("login/auth_html");
+ // Avoid anti-phishing protection by passing the url as session variable.
+ Session::instance()->set("continue_url", url::current(true));
+ return $view;
}
} \ No newline at end of file
diff --git a/modules/gallery/helpers/gallery_block.php b/modules/gallery/helpers/gallery_block.php
index be0f11b8..46742743 100644
--- a/modules/gallery/helpers/gallery_block.php
+++ b/modules/gallery/helpers/gallery_block.php
@@ -70,7 +70,7 @@ class gallery_block_Core {
$block->css_id = "g-platform";
$block->title = t("Platform information");
$block->content = new View("admin_block_platform.html");
- if (is_readable("/proc/loadavg")) {
+ if (@is_readable("/proc/loadavg")) {
$block->content->load_average =
join(" ", array_slice(explode(" ", current(file("/proc/loadavg"))), 0, 3));
} else {
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 7b538c49..63f33c12 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -110,19 +110,17 @@ class gallery_event_Core {
graphics::choose_default_toolkit();
module::clear_var("gallery", "choose_default_tookit");
}
- auth::clear_failed_auth_attempts($user);
+ Session::instance()->set("active_auth_timestamp", time());
+ auth::clear_failed_attempts($user);
}
- static function user_login_failed($name) {
- auth::record_failed_auth_attempts($name);
+ static function user_auth_failed($name) {
+ auth::record_failed_attempt($name);
}
- static function user_password_changed($user) {
- auth::clear_failed_auth_attempts($user);
- }
-
- static function user_password_change_failed($name) {
- auth::record_failed_auth_attempts($name);
+ static function user_auth($user) {
+ auth::clear_failed_attempts($user);
+ Session::instance()->set("active_auth_timestamp", time());
}
static function item_index_data($item, $data) {
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index 761843b0..dd53cf43 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -42,7 +42,7 @@ class gallery_installer {
KEY (`tags`))
DEFAULT CHARSET=utf8;");
- $db->query("CREATE TABLE {failed_logins} (
+ $db->query("CREATE TABLE {failed_auths} (
`id` int(9) NOT NULL auto_increment,
`count` int(9) NOT NULL,
`name` varchar(255) NOT NULL,
@@ -287,7 +287,8 @@ class gallery_installer {
// @todo this string needs to be picked up by l10n_scanner
module::set_var("gallery", "credits", "Powered by <a href=\"%url\">Gallery %version</a>");
module::set_var("gallery", "simultaneous_upload_limit", 5);
- module::set_version("gallery", 26);
+ module::set_var("gallery", "admin_area_timeout", 90 * 60);
+ module::set_version("gallery", 28);
}
static function upgrade($version) {
@@ -526,6 +527,17 @@ class gallery_installer {
->execute();
module::set_version("gallery", $version = 26);
}
+
+ if ($version == 26) {
+ $db->query("RENAME TABLE {failed_logins} TO {failed_auths}");
+ module::set_version("gallery", $version = 27);
+ }
+
+ if ($version == 27) {
+ // Set the admin area timeout to 90 minutes
+ module::set_var("gallery", "admin_area_timeout", 90 * 60);
+ module::set_version("gallery", $version = 28);
+ }
}
static function uninstall() {
@@ -534,7 +546,7 @@ class gallery_installer {
$db->query("DROP TABLE IF EXISTS {access_intents}");
$db->query("DROP TABLE IF EXISTS {graphics_rules}");
$db->query("DROP TABLE IF EXISTS {incoming_translations}");
- $db->query("DROP TABLE IF EXISTS {failed_logins}");
+ $db->query("DROP TABLE IF EXISTS {failed_auths}");
$db->query("DROP TABLE IF EXISTS {items}");
$db->query("DROP TABLE IF EXISTS {logs}");
$db->query("DROP TABLE IF EXISTS {modules}");
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index 0018fd9a..9ffeb911 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -90,6 +90,17 @@ class gallery_theme_Core {
$profiler = new Profiler();
$profiler->render();
}
+
+ // Redirect to the root album when the admin session expires.
+ $redirect_url = url::abs_site("");
+ $admin_area_timeout = 1000 * module::get_var("gallery", "admin_area_timeout");
+ $admin_session_redirect_check = '<script type="text/javascript">
+ var page_loaded_timestamp = new Date();
+ setInterval("if (new Date() - page_loaded_timestamp > ' . $admin_area_timeout .
+ ') document.location = \'' . $redirect_url . '\';", 60 * 1000);
+ </script>';
+ print $admin_session_redirect_check;
+
if ($session->get("l10n_mode", false)) {
return L10n_Client_Controller::l10n_form();
}
diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php
index 41d49ce9..36193071 100644
--- a/modules/gallery/helpers/item.php
+++ b/modules/gallery/helpers/item.php
@@ -40,7 +40,56 @@ class item_Core {
}
$source->parent_id = $target->id;
- $source->save();
+
+ // Moving may result in name or slug conflicts. If that happens, try up to 5 times to pick a
+ // random name (or slug) to avoid the conflict.
+ $orig_name = $source->name;
+ $orig_name_filename = pathinfo($source->name, PATHINFO_FILENAME);
+ $orig_name_extension = pathinfo($source->name, PATHINFO_EXTENSION);
+ $orig_slug = $source->slug;
+ for ($i = 0; $i < 5; $i++) {
+ try {
+ $source->save();
+ if ($orig_name != $source->name) {
+ switch ($source->type) {
+ case "album":
+ message::info(
+ t("Album <b>%old_name</b> renamed to <b>%new_name</b> to avoid a conflict",
+ array("old_name" => $orig_name, "new_name" => $source->name)));
+ break;
+
+ case "photo":
+ message::info(
+ t("Photo <b>%old_name</b> renamed to <b>%new_name</b> to avoid a conflict",
+ array("old_name" => $orig_name, "new_name" => $source->name)));
+ break;
+
+ case "movie":
+ message::info(
+ t("Movie <b>%old_name</b> renamed to <b>%new_name</b> to avoid a conflict",
+ array("old_name" => $orig_name, "new_name" => $source->name)));
+ break;
+ }
+ }
+ break;
+ } catch (ORM_Validation_Exception $e) {
+ $rand = rand(10, 99);
+ $errors = $e->validation->errors();
+ if (isset($errors["name"])) {
+ $source->name = $orig_name_filename . "-{$rand}." . $orig_name_extension;
+ unset($errors["name"]);
+ }
+ if (isset($errors["slug"])) {
+ $source->slug = $orig_slug . "-{$rand}";
+ unset($errors["slug"]);
+ }
+
+ if ($errors) {
+ // There were other validation issues-- we don't know how to handle those
+ throw $e;
+ }
+ }
+ }
// If the target has no cover item, make this it.
if ($target->album_cover_item_id == null) {
diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index dc32b12f..e72d7ed9 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -63,50 +63,50 @@ class locales_Core {
// @todo Might want to add a localizable language name as well.
private static function _init_language_data() {
- $l["af_ZA"] = "Afrikaans"; // Afrikaans
- $l["ar_SA"] = "&#1575;&#1604;&#1593;&#1585;&#1576;&#1610;&#1577;"; // Arabic
- $l["be_BY"] = "&#1041;&#1077;&#1083;&#1072;&#1088;&#1091;&#1089;&#1082;&#1110;"; // Belarusian
- $l["bg_BG"] = "&#x0411;&#x044a;&#x043b;&#x0433;&#x0430;&#x0440;&#x0441;&#x043a;&#x0438;"; // Bulgarian
- $l["ca_ES"] = "Catalan"; // Catalan
- $l["cs_CZ"] = "&#x010c;esky"; // Czech
- $l["da_DK"] = "Dansk"; // Danish
- $l["de_DE"] = "Deutsch"; // German
- $l["el_GR"] = "Greek"; // Greek
- $l["en_GB"] = "English (UK)"; // English (UK)
- $l["en_US"] = "English (US)"; // English (US)
- $l["es_AR"] = "Espa&#241;ol (AR)"; // Spanish (AR)
- $l["es_ES"] = "Espa&#241;ol"; // Spanish (ES)
- $l["es_MX"] = "Espa&#241;ol (MX)"; // Spanish (MX)
- $l["et_EE"] = "Eesti"; // Estonian
- $l["eu_ES"] = "Euskara"; // Basque
- $l["fa_IR"] = "&#1601;&#1575;&#1585;&#1587;&#1610;"; // Farsi
- $l["fi_FI"] = "Suomi"; // Finnish
- $l["fr_FR"] = "Fran&#231;ais"; // French
- $l["ga_IE"] = "Gaeilge"; // Irish
- $l["he_IL"] = "&#1506;&#1489;&#1512;&#1497;&#1514;"; // Hebrew
- $l["hu_HU"] = "Magyar"; // Hungarian
- $l["is_IS"] = "Icelandic"; // Icelandic
- $l["it_IT"] = "Italiano"; // Italian
- $l["ja_JP"] = "&#x65e5;&#x672c;&#x8a9e;"; // Japanese
- $l["ko_KR"] = "&#xd55c;&#xad6d;&#xb9d0;"; // Korean
- $l["lt_LT"] = "Lietuvi&#371;"; // Lithuanian
- $l["lv_LV"] = "Latvie&#353;u"; // Latvian
- $l["nl_NL"] = "Nederlands"; // Dutch
- $l["no_NO"] = "Norsk bokm&#229;l"; // Norwegian
- $l["pl_PL"] = "Polski"; // Polish
- $l["pt_BR"] = "Portugu&#234;s Brasileiro"; // Portuguese (BR)
- $l["pt_PT"] = "Portugu&#234;s"; // Portuguese (PT)
- $l["ro_RO"] = "Rom&#226;n&#259;"; // Romanian
- $l["ru_RU"] = "&#1056;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081;"; // Russian
- $l["sk_SK"] = "Sloven&#269;ina"; // Slovak
- $l["sl_SI"] = "Sloven&#353;&#269;ina"; // Slovenian
- $l["sr_CS"] = "Srpski"; // Serbian
- $l["sv_SE"] = "Svenska"; // Swedish
- $l["tr_TR"] = "T&#252;rk&#231;e"; // Turkish
- $l["uk_UA"] = "Українська"; // Ukrainian
- $l["vi_VN"] = "Ti&#7871;ng Vi&#7879;t"; // Vietnamese
- $l["zh_CN"] = "&#31616;&#20307;&#20013;&#25991;"; // Chinese (CN)
- $l["zh_TW"] = "&#32321;&#39636;&#20013;&#25991;"; // Chinese (TW)
+ $l["af_ZA"] = "Afrikaans"; // Afrikaans
+ $l["ar_SA"] = "العربية"; // Arabic
+ $l["be_BY"] = "Беларускі"; // Belarusian
+ $l["bg_BG"] = "български"; // Bulgarian
+ $l["ca_ES"] = "Catalan"; // Catalan
+ $l["cs_CZ"] = "čeština"; // Czech
+ $l["da_DK"] = "Dansk"; // Danish
+ $l["de_DE"] = "Deutsch"; // German
+ $l["el_GR"] = "Greek"; // Greek
+ $l["en_GB"] = "English (UK)"; // English (UK)
+ $l["en_US"] = "English (US)"; // English (US)
+ $l["es_AR"] = "Español (AR)"; // Spanish (AR)
+ $l["es_ES"] = "Español"; // Spanish (ES)
+ $l["es_MX"] = "Español (MX)"; // Spanish (MX)
+ $l["et_EE"] = "Eesti"; // Estonian
+ $l["eu_ES"] = "Euskara"; // Basque
+ $l["fa_IR"] = "فارس"; // Farsi
+ $l["fi_FI"] = "Suomi"; // Finnish
+ $l["fr_FR"] = "Français"; // French
+ $l["ga_IE"] = "Gaeilge"; // Irish
+ $l["he_IL"] = "עברית"; // Hebrew
+ $l["hu_HU"] = "Magyar"; // Hungarian
+ $l["is_IS"] = "Icelandic"; // Icelandic
+ $l["it_IT"] = "Italiano"; // Italian
+ $l["ja_JP"] = "日本語"; // Japanese
+ $l["ko_KR"] = "한국어"; // Korean
+ $l["lt_LT"] = "Lietuvių"; // Lithuanian
+ $l["lv_LV"] = "Latviešu"; // Latvian
+ $l["nl_NL"] = "Nederlands"; // Dutch
+ $l["no_NO"] = "Norsk bokmål"; // Norwegian
+ $l["pl_PL"] = "Polski"; // Polish
+ $l["pt_BR"] = "Português do Brasil"; // Portuguese (BR)
+ $l["pt_PT"] = "Português ibérico"; // Portuguese (PT)
+ $l["ro_RO"] = "Română"; // Romanian
+ $l["ru_RU"] = "Русский"; // Russian
+ $l["sk_SK"] = "Slovenčina"; // Slovak
+ $l["sl_SI"] = "Slovenščina"; // Slovenian
+ $l["sr_CS"] = "Srpski"; // Serbian
+ $l["sv_SE"] = "Svenska"; // Swedish
+ $l["tr_TR"] = "Türkçe"; // Turkish
+ $l["uk_UA"] = "українська"; // Ukrainian
+ $l["vi_VN"] = "Tiếng Việt"; // Vietnamese
+ $l["zh_CN"] = "简体中文"; // Chinese (CN)
+ $l["zh_TW"] = "繁體中文"; // Chinese (TW)
asort($l, SORT_LOCALE_STRING);
self::$locales = $l;
@@ -131,9 +131,7 @@ class locales_Core {
}
static function is_rtl($locale=null) {
- $locale or $locale = Gallery_I18n::instance()->locale();
- list ($language, $territory) = explode('_', $locale . "_");
- return in_array($language, array("he", "fa", "ar"));
+ return Gallery_I18n::instance()->is_rtl($locale);
}
/**
diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php
index 7033b7da..3c494e96 100644
--- a/modules/gallery/helpers/movie.php
+++ b/modules/gallery/helpers/movie.php
@@ -84,6 +84,20 @@ class movie_Core {
" -an -ss 00:00:03 -an -r 1 -vframes 1" .
" -y -f mjpeg " . escapeshellarg($output_file) . " 2>&1";
exec($cmd);
+
+ clearstatcache(); // use $filename parameter when PHP_version is 5.3+
+ if (filesize($output_file) == 0) {
+ // Maybe the movie is shorter, fall back to the first frame.
+ $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($input_file) .
+ " -an -an -r 1 -vframes 1" .
+ " -y -f mjpeg " . escapeshellarg($output_file) . " 2>&1";
+ exec($cmd);
+
+ clearstatcache();
+ if (filesize($output_file) == 0) {
+ throw new Exception("@todo FFMPEG_FAILED");
+ }
+ }
}
static function find_ffmpeg() {
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-15 13:30:28 +0000