?> <?php if ($_POST['email'] == $user_info['email']) { $user_exists = 1; $client_access_query = $Controller->projects_list('0,1', '1'); $rowC = $client_access_query->fetch_assoc(); if ($rowC['customer_id'] == $user_info['customer_id'] || $user_info['is_staff'] == 1 || $user_info['user_id'] == '1') { $client_access = 1; } else { $client_access = 0; } //$Controller = new Controller(); $special_access_query = $Controller->special_access($user_info['user_id']); $row = $special_access_query->fetch_assoc(); if ($row['special_access'] != 'NULL' && $row['special_access'] != '') { $special_access_values = explode(',', $row['special_access']); if (in_array("{$project_id}", $special_access_values)) { $grant_access = 1; } else { $grant_access = 0; } } elseif ($client_access == 1) { $grant_access = 1; } else { $grant_access = 0; } } else { $grant_access = 0;
function display_project_images($img_class = 'thumbnail') { $Controller = new Controller(); $special_access_query = $Controller->special_access($_SESSION['user_id']); $row = $special_access_query->fetch_assoc(); if ($row['special_access'] != 'NULL' && $row['special_access'] != '') { $special_access = $row['special_access']; $access = "OR (job_id IN ({$special_access}))"; } else { $access = ""; } //$customer_id = $_SESSION['customer_id']; if ($_SESSION['is_staff'] == 1) { $where_customer_id = "WHERE"; } else { $where_customer_id = "WHERE ((customer_id = '" . $_SESSION['customer_id'] . "') {$access}) AND"; } $ucm_url = $_GET['ucm_url']; // Setup Database Connection $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // change character set to utf8 and check it if (!$this->db_connection->set_charset("utf8")) { $this->errors[] = $this->db_connection->error; } // if no connection errors (= working database connection) if (!$this->db_connection->connect_errno) { $query = " SELECT * \n FROM `" . _DB_PREFIX . "file` \n {$where_customer_id} \n job_id = '" . $_GET['project_id'] . "' \n ORDER BY file_id DESC \n LIMIT 1, 9;"; //execute the query $result = $this->db_connection->query($query); //get number of rows returned $num_results = $result->num_rows; //Check for entries if ($num_results > 0) { while ($row = $result->fetch_assoc()) { //Extract Row (This changes "$row['name']" to just "$name") extract($row); $img_size = '200'; if ($this->check_for_thumb($file_path)) { if ($this->check_for_thumb($file_path) == 'false') { $this->generate_thumb($ucm_url . $file_path, $img_size); } $source = $this->retrieve_thumb($file_path); list($width, $height) = getimagesize($source); if ($height > $width) { echo "<div class='thumbnail-div-tall'>"; } else { echo "<div class='thumbnail-div'>"; } } else { $source = $ucm_url . $file_path; echo "<div class='thumbnail-div'>"; } echo "<a href='{$ucm_url}{$file_path}' data-featherlight='image'><img class='{$img_class}' src='{$source}'></a>"; echo "</div>"; } } else { //if database table is empty echo "<div class='nothing_found'><strong>There are no other project files at this time.</strong><br>Previous revisions will be listed here if there are any.</div><BR><BR>"; } //disconnect from database $result->free(); $this->db_connection->close(); } }