I know the basics when it comes to php
this is what I changed the code to like you recommended and had the errors listed above
<?php
/*
*******************************************
plugin JUpload for Coppermine Photo Gallery
*******************************************
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
********************************************
$Revision: 185 $
$Author: etienne_sf $
$Date: 2008-03-12 20:26:16 +0100 (mer., 12 mars 2008) $
********************************************
*
* Allows easy upload to the gallery, through a java applet.
*
* Up to date version of this script can be retrieved with the full JUpload package, here:
*
* http://etienne.lesgauthier.fr/wiki
*
* Directly here:
* http://etienne.lesgauthier.fr/wiki/doku.php?id=jupload_coppermine_download_gb
*
* Support is available on this forum:
* http://coppermine-gallery.net/forum/index.php?topic=43432
*
* The applet is published on sourceforge:
* http://jupload.sourceforge.net
*
*/
/**
* <B>Brief description for this file:<B>
* <BR>
*
* It contains the necessary functions to allow JUpload internal session management.
*
* <U>JUpload internal session behaviour:</U>
* <BR>
* A unique JUpload Id is created. It's a random number, created from as set as big as possible. This Id is
* transmitted to the applet, in the postURL parameter. Thus the applet will use it for all upload.
* <BR>
* This Id has a limited duration, controled by the valid_until column in the jupload_session table.
* <BR>
* As an additional control, the plugin controls also:<BR>
* - The session id, if given.<BR>
* - The IP for the computer doing the upload<BR>
* <BR>
* <U>Main functions:</U><BR>
* <B>createJUploadSessionTable</B>: Creation or migration of the TablePrefixe || jupload_session table. It's
* used to store session data. This function is called from the jupload config page.
* <BR>
* <B>loadJuploadInternalSessionIfConfiguredTo</B>: load user's data from what is store in the jupload_session
* table. Caution: This function must be called before Coppermine internal session management functions. This is
* because these funtions creates constantes, and JUpload can't override them. The difficulty is then that
* JUpload must connect to the database, before including init.inc.php. To do that, connection data is copied
* from $CONFIG, and stored into $JUPLOAD_CONFIG area.
* <BR>
* <B>saveJuploadInternalSessionIfConfiguredTo</B>: save data for later use of
* loadJuploadInternalSessionIfConfiguredTo. The $USER_DATA is serialized there, for direct use.
*
*/
if (!defined('IN_COPPERMINE')) {
die('Not in Coppermine...');
}
/**
* Used to let the plugin manage its internal session. It's used only for upload through the applet. All
* 'standard' PHP page uses the Coppermine internal session management.
* The reason for this function is that, in bridge mode, upload through the applet can loose the user's
* session. It depends on system configuration, and probably on which bridge is used.
*/
function createJUploadSessionTable() {
global $CONFIG, $JUPLOAD_CONFIG;
//Let'create the JUpload tables, if they don't exist.
$query = "
CREATE TABLE IF NOT EXISTS ${JUPLOAD_CONFIG['TABLE_SESSION']} (
session_id varchar(40) NOT NULL,
jupload_session_id varchar(40) NOT NULL,
ip tinytext NOT NULL,
valid_until datetime NOT NULL,
user_name varchar(25) NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id, jupload_session_id)
) TYPE=MyISAM COMMENT='Used to store JUpload sessions " .
"(used only for upload through the plugin, " .
"when sessionManagement configuration parameter is JUpload)';
";
cpg_db_query($query);
}
function juploadConnectDB() {
global $jupload_toBeEchoed, $CONFIG, $JUPLOAD_CONFIG;
$config_filename = 'include/config.inc.php';
$return = file_exists($config_filename);
if ($return) {
$handle = fopen ($config_filename, "r");
$config = fread ($handle, filesize ($config_filename));
fclose ($handle);
if (!$config) {
$return = false;
}
}
if ($return) {
//We skeep the '<?php' at the beginning of the file.
$config = substr($config, 6);
ob_start();
eval ($config);
ob_clean();
$connect = @mysql_connect($CONFIG['dbserver'], $CONFIG['dbuser'], $CONFIG['dbpass']);
$return = $connect;
if (!$return) {
$jupload_toBeEchoed .= "ERROR: (mysql_connect) " . mysql_errno() . " : " . mysql_error() . "\n";
}
}
//Select of the configured database.
if ($return) {
$return = mysql_select_db($CONFIG['dbname']);
if (!$return) {
$jupload_toBeEchoed .= "ERROR: (mysql_select_db) " . mysql_errno() . " : " . mysql_error() . "\n";
}
}
// $JUPLOAD_CONFIG is probably not defined.
$JUPLOAD_CONFIG['TABLE_PREFIX'] = "${CONFIG['TABLE_PREFIX']}jupload_";
$JUPLOAD_CONFIG['TABLE_SESSION'] = "${JUPLOAD_CONFIG['TABLE_PREFIX']}session";
//Let's finish the work.
if (!$return) {
return false;
} else {
return $connect;
}
}
/**
* This function is called before Coppermine include file. It's used to override Coppermine session management.
* Thus: it has to define Coppermine user constants (like USER_ID or GALLERY_ADMIN_MODE) before them.
*/
function loadJuploadInternalSessionIfConfiguredTo() {
global $CONFIG, $JUPLOAD_CONFIG, $USER_DATA, $jupload_USER_DATA, $juploadInternalSessionId;
//$jupload_toBeEchoed contains string that should be sent to the client, despite the ob_clean that will
//occur here, and in the init.inc.php script.
global $jupload_toBeEchoed;
//Currently .. everything is fine !
$return = true;
$mustStopHere = false;
$jupload_toBeEchoed .= "Entering loadJuploadInternalSessionIfConfiguredTo\n";
if (isset($_GET['action']) && $_GET['action'] == 'upload_picture') {
// If the plugin is configure to use JUpload internal session management: we must not go to bridge
//includes now. We first load $USER_DATA and define constants from JUpload session management.
//Let's load HTTP session identifiers.
$sessionId = addslashes(isset($_GET['sessionId'] ) ? $_GET['sessionId'] : '');
$juploadInternalSessionId = addslashes(isset($_GET['JUploadSessionId'] ) ? $_GET['JUploadSessionId'] : '');
$ip = 'noip';
//First step: connect to the Coppermine database.
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: Before connection\n";
if($return){
$connect = juploadConnectDB();
if (!$connect) {
$return = false;
}
}
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: connection result=$return\n";
//Should we user JUpload internal session management, or not ???
if ($return) {
$query = "
SELECT 1
FROM ${CONFIG['TABLE_PREFIX']}config
WHERE name = 'jupload_sessionManagement'
AND value = 'JUpload'
";
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: before select from config\n";
$results = mysql_query($query, $connect);
if ($results) {
$bMustUseInternalSessionManagement = mysql_fetch_row($results);
if ($bMustUseInternalSessionManagement) {
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: Using JUpload internal session management\n";
} else {
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: Using standard session management\n";
}
} else {
$return = false;
$jupload_toBeEchoed .= "$query\n";
$jupload_toBeEchoed .= "ERROR: (SELECT JUPLOAD_CONFIG) " . mysql_errno() . " : " . mysql_error() . "\n";
}
}
//Select the JUpload session data.
if ($return && $bMustUseInternalSessionManagement) {
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: Looking for session IP: $ip, jupload_session_id: $juploadInternalSessionId, session_id: $sessionId\n";
$query =
"SELECT * " .
"FROM ${JUPLOAD_CONFIG['TABLE_SESSION']} " .
"WHERE session_id = '$sessionId' " .
"AND jupload_session_id = '$juploadInternalSessionId' " .
"AND ip = '$ip' " .
"AND valid_until > NOW()";
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: before select from ${JUPLOAD_CONFIG['TABLE_SESSION']}\n";
$results = mysql_query($query, $connect);
if (!$results) {
$return = false;
$jupload_toBeEchoed .= "$query\n";
$jupload_toBeEchoed .= "ERROR: (SELECT USER_DATA) " . mysql_errno() . " : " . mysql_error() . "\n";
}
}
// Initialize session data, especially the Coppermine user's constant.
if ($return && $bMustUseInternalSessionManagement) {
$row = mysql_fetch_array($results);
if (!$row) {
//No session found: we clear user's data.
//Useless, but if If remove the 'die', everything will still be protected.
$USER_DATA = array();
$error = 'No session found!';
$mustStopHere = true;
$jupload_toBeEchoed .= "ERROR: $error\n";
} else {
//Ok, we have a line. Let's get $USER_DATA from what we've just read.
//If there was no line, we let Coppermine core management works its own way ... by doing nothing !
$USER_DATA = $jupload_USER_DATA = unserialize($row['user_data']);
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: USER_DATA loaded\n";
}
define('USER_ID', $USER_DATA['user_id']);
define('USER_NAME', addslashes($USER_DATA['user_name']));
define('USER_GROUP', $USER_DATA['group_name']);
//Won't be defined: define('USER_GROUP_SET', $user_group_set);
define('USER_IS_ADMIN', $USER_DATA['has_admin_access']);
define('USER_CAN_SEND_ECARDS', (int)$USER_DATA['can_send_ecards']);
define('USER_CAN_RATE_PICTURES', (int)$USER_DATA['can_rate_pictures']);
define('USER_CAN_POST_COMMENTS', (int)$USER_DATA['can_post_comments']);
define('USER_CAN_UPLOAD_PICTURES', (int)$USER_DATA['can_upload_pictures']);
define('USER_CAN_CREATE_ALBUMS', (int)$USER_DATA['can_create_albums']);
define('USER_UPLOAD_FORM', (int)$USER_DATA['upload_form_config']);
define('CUSTOMIZE_UPLOAD_FORM', (int)$USER_DATA['custom_user_upload']);
define('NUM_FILE_BOXES', (int)$USER_DATA['num_file_upload']);
define('NUM_URI_BOXES', (int)$USER_DATA['num_URI_upload']);
}
//The session may not be used again: we delete it.
//We delete any line for this session: if someone is trying to hack it ... the first try is the only
//possible try.
//Here, we also delete any remaining old session.
//
//If a hacker attempt to guess the jupload_session_id, he has ... one try, unless he has the same IP.
//(should be enough protection)
//The session will be inserted again, after $USER_DATA has been checked. For instance: this check will
//fail, and no session will be inserted if the attacker has a different IP.
if ($return && $bMustUseInternalSessionManagement) {
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: Before DELETE\n";
//echo ("loadJuploadInternalSessionIfConfiguredTo: Before DELETE\n");
$return = mysql_query(
"DELETE FROM ${JUPLOAD_CONFIG['TABLE_SESSION']} " .
"WHERE (session_id = '$sessionId' AND jupload_session_id = '$juploadInternalSessionId')" .
"OR valid_until < NOW()",
$connect);
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: After DELETE\n";
if (!$return) {
$jupload_toBeEchoed .= "$query\n";
$jupload_toBeEchoed .= "ERROR: (DELETE) " . mysql_errno() . " : " . mysql_error() . "\n";
}
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: After DELETE\n";
}
//If we're connected, we now disconnect from the database.
if ($connect) {
mysql_close($connect);
}
//Should we die now (allows a simple text file to be sent to the applet)
if ($mustStopHere) {
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: Will die here :-(\n";
die($jupload_toBeEchoed);
}
}
$jupload_toBeEchoed .= "loadJuploadInternalSessionIfConfiguredTo: normal end of the function ($return)\n";
return $return;
}
/**
* Save the current JUpload session into the JUpload session management table.
*
* @param $sessionDurationMinute Duration of the internal JUpload session, in minutes.
* @param $usesCoppermineQueryFunctions true if cpg_db functions should be used. If true,
* the function let these function manage SQL errors. If false and an error orcurs, the function echoes
* the error itself (done for the upload_picture script, that returns a simple text output, no HTML).
* @return true if everything was Ok, or false if any problem occurs.
*/
function saveJuploadInternalSessionIfConfiguredTo(
$sessionDurationMinute = 10,
$usesCoppermineQueryFunctions = true) {
global $USER_DATA, $CONFIG, $JUPLOAD_CONFIG, $juploadInternalSessionId, $jupload_toBeEchoed;
$return = true;
//We do something here, only if JUpload is configured to
if ($JUPLOAD_CONFIG['sessionManagement'] == 'JUpload') {
$coppermineSessionId = session_id();
if ($coppermineSessionId == '') {
session_start();
$coppermineSessionId = session_id();
logDebug ("saveJuploadInternalSessionIfConfiguredTo: using newly created session id ($coppermineSessionId)");
} else {
logDebug ("saveJuploadInternalSessionIfConfiguredTo: using already created session id ($coppermineSessionId)");
}
if (!isset($juploadInternalSessionId)) {
$juploadInternalSessionId = mt_rand();
logDebug ("saveJuploadInternalSessionIfConfiguredTo: using generated jupload session id ($juploadInternalSessionId)");
}
//First step: we delete any line for this session in the table.
//One upload at a time, for a given session
$query =
"DELETE FROM ${JUPLOAD_CONFIG['TABLE_SESSION']} " .
"WHERE session_id = '$coppermineSessionId' " .
"AND jupload_session_id = '$juploadInternalSessionId'";
if ($usesCoppermineQueryFunctions) {
$return = cpg_db_query($query);
} else {
$return = mysql_query($query);
if (!$return) {
die ("ERROR: (saveJuploadInternalSessionIfConfiguredTo.DELETE) "
. mysql_errno() . " : " . mysql_error() . "\n");
}
}
if ($return && $JUPLOAD_CONFIG['sessionManagement']=='JUpload') {
//Then, we insert the new session. It's duration is defined with the $sessionDurationMinute, in minutes.
logDebug ("saveJuploadInternalSessionIfConfiguredTo: before insert of session IP ${_SERVER['REMOTE_ADDR']}', session_id $coppermineSessionId, " .
"jupload_session_id $juploadInternalSessionId");
$query = "
INSERT INTO ${JUPLOAD_CONFIG['TABLE_SESSION']}
(session_id, jupload_session_id, ip, valid_until, user_name, user_data)
VALUES (
'$coppermineSessionId',
'$juploadInternalSessionId',
'noip',
DATE_ADD(NOW(), INTERVAL $sessionDurationMinute MINUTE),
'${USER_DATA['user_name']}',
'" . serialize($USER_DATA) . "'
)";
if ($usesCoppermineQueryFunctions) {
$return = cpg_db_query($query);
} else {
$return = mysql_query($query, $CONFIG['LINK_ID']);
if (!$return) {
die ("ERROR: (saveJuploadInternalSessionIfConfiguredTo.INSERT) \n"
. mysql_errno() . " : " . mysql_error() . "\n");
}
}
}
}
logDebug ("saveJuploadInternalSessionIfConfiguredTo: end of function (return = $return)");
return $return;
}