$count_sql = "SELECT COUNT(pic_id) AS count\n\t\t\t\t\t\t\t\tFROM " . ALBUM_TABLE . ' AS p,' . ALBUM_CAT_TABLE . " AS c\n\t\t\t\t\t\t\t\tWHERE p.pic_approval = 1\n\t\t\t\t\t\t\t\tAND p.pic_cat_id = c.cat_id\n\t\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t\t\t" . $search_pg; $result = $db->sql_query($count_sql); $row = $db->sql_fetchrow($result); $total_pics = $row['count']; $sql = "SELECT p.pic_id, p.pic_title, p.pic_desc, p.pic_user_id, p.pic_username, p.pic_time, p.pic_cat_id, p.pic_approval, c.cat_id, c.cat_title, c.cat_user_id\n\t\t\t\t\tFROM " . ALBUM_TABLE . ' AS p,' . ALBUM_CAT_TABLE . " AS c\n\t\t\t\t\tWHERE p.pic_approval = 1\n\t\t\t\t\t\tAND p.pic_cat_id = c.cat_id\n\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t" . $search_pg . "\n\t\t\t\t\tORDER BY p.pic_time DESC LIMIT " . $limit_sql . ""; $result = $db->sql_query($sql); $numres = 0; if ($row = $db->sql_fetchrow($result)) { $in = array(); do { if (!in_array($row['pic_id'], $in)) { $album_user_id = $row['cat_user_id']; $cat_id = $row['cat_id']; //$cat_id = album_get_personal_root_id($album_user_id); $check_permissions = ALBUM_AUTH_VIEW | ALBUM_AUTH_RATE | ALBUM_AUTH_COMMENT | ALBUM_AUTH_EDIT | ALBUM_AUTH_DELETE; $auth_data = album_permissions($album_user_id, $cat_id, $check_permissions, $row); //$auth_data = album_get_auth_data($cat_id); $pic_preview = ''; $pic_preview_hs = ''; if ($album_config['lb_preview']) { $slideshow_cat = ''; $slideshow = !empty($slideshow_cat) ? ', { slideshowGroup: \'' . $slideshow_cat . '\' } ' : ''; $pic_preview_hs = ' class="highslide" onclick="return hs.expand(this' . $slideshow . ');"'; $pic_preview = 'onmouseover="showtrail(\'' . append_sid(album_append_uid('album_picm.' . PHP_EXT . '?pic_id=' . $row['pic_id'])) . '\',\'' . addslashes($row[$j]['pic_title']) . '\', ' . $album_config['midthumb_width'] . ', ' . $album_config['midthumb_height'] . ')" onmouseout="hidetrail()"'; } //if(!$auth_data['view']) if ($auth_data['view'] >= 0) { $template_vars = array('L_USERNAME' => $row['pic_username'], 'U_PROFILE' => append_sid(CMS_PAGE_PROFILE . '?mode=viewprofile&u=' . $row['pic_user_id']), 'PIC_PREVIEW_HS' => $pic_preview_hs, 'PIC_PREVIEW' => $pic_preview, 'CATEGORY' => $row['cat_user_id'] != ALBUM_PUBLIC_GALLERY ? $lang['Users_Personal_Galleries'] : $row['cat_title'], 'U_PIC_CAT' => $row['cat_id'] == $cat_id ? append_sid(album_append_uid('album_cat.' . PHP_EXT . '?cat_id=' . $row['cat_id'])) : append_sid(album_append_uid('album.' . PHP_EXT)), 'GROUP_NAME' => 'all'); album_build_detail_vars($template_vars, $row); $template->assign_block_vars('switch_search_results.search_results', $template_vars); $in[$numres] = $row['pic_id'];
$result = $db->sql_query($sql); $thispic = $db->sql_fetchrow($result); $cat_id = $thispic['pic_cat_id']; $album_user_id = $thispic['cat_user_id']; $pic_base_path = ALBUM_UPLOAD_PATH; $pic_extra_path = ''; $pic_new_filename = $pic_extra_path . $pic_filename; $pic_fullpath = $pic_base_path . $pic_new_filename; if (empty($thispic) || !file_exists($pic_fullpath)) { message_die(GENERAL_ERROR, $lang['Pic_not_exist']); } // ------------------------------------ // Check the permissions // ------------------------------------ if ($album_config['hon_rate_users'] == 0) { $album_user_access = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_VIEW, $thispic); if ($album_user_access['view'] == 0) { if (!$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_hotornot.' . PHP_EXT)); } else { message_die(GENERAL_ERROR, $lang['Not_Authorized']); } } } // ------------------------------------ // Check Pic Approval // ------------------------------------ if ($user->data['user_level'] != ADMIN) { if ($thiscat['cat_approval'] == ADMIN || $thiscat['cat_approval'] == MOD && !$album_user_access['moderator']) { if ($thispic['pic_approval'] != 1) { message_die(GENERAL_ERROR, $lang['Not_Authorized']);
// ------------------------------------ $sql = "SELECT p.*, ac.*, u.user_id, u.username, u.user_active, u.user_color, u.user_rank, u.user_level, u.user_avatar, u.user_avatar_type, u.user_allowavatar, r.rate_pic_id, AVG(r.rate_point) AS rating, COUNT(DISTINCT c.comment_id) AS comments_count\n\t\tFROM " . ALBUM_CAT_TABLE . " AS ac, " . ALBUM_TABLE . " AS p\n\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON p.pic_user_id = u.user_id\n\t\t\tLEFT JOIN " . ALBUM_COMMENT_TABLE . " AS c ON p.pic_id = c.comment_pic_id\n\t\t\tLEFT JOIN " . ALBUM_RATE_TABLE . " AS r ON p.pic_id = r.rate_pic_id\n\t\tWHERE pic_id = '{$pic_id}'\n\t\t\tAND ac.cat_id = p.pic_cat_id\n\t\tGROUP BY p.pic_id\n\t\tLIMIT 1"; $result = $db->sql_query($sql); $thispic = $db->sql_fetchrow($result); $cat_id = $thispic['pic_cat_id'] != 0 ? $thispic['pic_cat_id'] : $thispic['cat_id']; $album_user_id = $thispic['cat_user_id']; $total_comments = $thispic['comments_count']; $comments_per_page = $config['posts_per_page']; if (empty($thispic)) { message_die(GENERAL_ERROR, $lang['Pic_not_exist'] . $lang['Nav_Separator'] . $pic_id); } // ------------------------------------ // Check the permissions // ------------------------------------ $check_permissions = ALBUM_AUTH_VIEW | ALBUM_AUTH_RATE | ALBUM_AUTH_COMMENT | ALBUM_AUTH_EDIT | ALBUM_AUTH_DELETE; $auth_data = album_permissions($album_user_id, $cat_id, $check_permissions, $thispic); if ($auth_data['view'] == 0) { if (!$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_showpage.' . PHP_EXT . '&pic_id=' . $pic_id)); exit; } else { message_die(GENERAL_ERROR, $lang['Not_Authorized']); } } // ------------------------------------ //RATING: Additional Check: if this user already rated // ------------------------------------ $own_pic_rate = false; if ($user->data['session_logged_in']) { $sql = "SELECT *\n\t\t\tFROM " . ALBUM_RATE_TABLE . "\n\t\t\tWHERE rate_pic_id = '{$pic_id}'\n\t\t\t\tAND rate_user_id = '" . $user->data['user_id'] . "'\n\t\t\tLIMIT 1"; $result = $db->sql_query($sql);
$sql = "SELECT p.*, cat.*, u.user_id, u.username, COUNT(c.comment_id) as comments_count\n\t\tFROM " . ALBUM_CAT_TABLE . " AS cat, " . ALBUM_TABLE . " AS p\n\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON p.pic_user_id = u.user_id\n\t\t\tLEFT JOIN " . ALBUM_COMMENT_TABLE . " AS c ON p.pic_id = c.comment_pic_id\n\t\tWHERE pic_id = '{$pic_id}'\n\t\t\tAND cat.cat_id = p.pic_cat_id\n\t\tGROUP BY p.pic_id\n\t\tLIMIT 1"; $result = $db->sql_query($sql); $thispic = $db->sql_fetchrow($result); $cat_id = $thispic['pic_cat_id']; $album_user_id = $thispic['cat_user_id']; $total_comments = $thispic['comments_count']; $comments_per_page = $config['posts_per_page']; $pic_filename = $thispic['pic_filename']; $pic_thumbnail = $thispic['pic_thumbnail']; if (empty($thispic)) { message_die(GENERAL_ERROR, $lang['Pic_not_exist']); } // ------------------------------------ // Check the permissions // ------------------------------------ $album_user_access = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_COMMENT | ALBUM_AUTH_DELETE, $thispic); if ($album_user_access['comment'] == 0 || $album_user_access['delete'] == 0) { if (!$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_comment_delete.' . PHP_EXT . '?comment_id=' . $comment_id)); } else { message_die(GENERAL_ERROR, $lang['Not_Authorized']); } } else { if (!$album_user_access['moderator'] && $user->data['user_level'] != ADMIN) { if ($thiscomment['comment_user_id'] != $user->data['user_id']) { message_die(GENERAL_ERROR, $lang['Not_Authorized']); } } } /* +----------------------------------------------------------
function album_get_auth_data($cat_id) { global $album_data; if ($cat_id != ALBUM_ROOT_CATEGORY && (!isset($album_data) || !is_array($album_data) || sizeof($album_data) == 0)) { //$auth_data = //album_user_access($cat_id, 0, 1, 1, 1, 1, 1, 1); $auth_data = album_permissions(0, $cat_id, 0, ALBUM_AUTH_ALL); return $auth_data; } if (album_is_debug_enabled() == true) { if (!array_key_exists($cat_id, $album_data['auth'])) { return false; } } else { if (@(!array_key_exists($cat_id, $album_data['auth']))) { return false; } } return $album_data['auth'][$cat_id]; }
} elseif (isset($_POST['delete'])) { $mode = 'delete'; } elseif (isset($_POST['approval'])) { $mode = 'approval'; } elseif (isset($_POST['unapproval'])) { $mode = 'unapproval'; } elseif (isset($_POST['copy'])) { $mode = 'copy'; } // END $mode (select action) //album_read_tree($album_user_id); album_read_tree(ALBUM_ROOT_CATEGORY); // ------------------------------------ // Check the permissions // ------------------------------------ $auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_VIEW_AND_UPLOAD | ALBUM_AUTH_MODERATOR, $thiscat); if (!album_check_permission($auth_data, ALBUM_AUTH_MODERATOR)) { if (!$user->data['session_logged_in']) { redirect(append_sid(album_append_uid(CMS_PAGE_LOGIN . '?redirect=album_modcp.' . PHP_EXT . '&cat_id=' . $cat_id))); } else { message_die(GENERAL_ERROR, $lang['Not_Authorized']); } } // END permissions /* +---------------------------------------------------------- | Main work here... +---------------------------------------------------------- */ if (empty($mode)) { // --------------------------------
$auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_UPLOAD); if (!album_check_permission($auth_data, ALBUM_AUTH_UPLOAD)) { if ($album_user_id != $user->data['user_id'] && $user->data['user_level'] != ADMIN) { if ($album_user_id <= 0 && !$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_cat.' . PHP_EXT)); } $album_user_id = isset($_GET['user_id']) && intval($_GET['user_id']) > 1 ? intval($_GET['user_id']) : $user->data['user_id']; //$album_user_id = $user->data['user_id']; } else { $message = $lang['No_Personal_Category_admin']; $message .= '<br /><br />' . sprintf($lang['Click_return_album_index'], '<a href="' . append_sid(album_append_uid('album.' . PHP_EXT)) . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } } } else { $auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES); if (!album_check_permission($auth_data, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES)) { if ($album_user_id != $user->data['user_id'] && $user->data['user_level'] != ADMIN) { if ($album_user_id <= 0 && !$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_cat.' . PHP_EXT)); } if (!isset($_GET['action'])) { redirect(append_sid('album.' . PHP_EXT)); } $album_user_id = $user->data['user_id']; } else { $message = $lang['No_Personal_Category_admin']; $message .= '<br /><br />' . sprintf($lang['Click_return_album_index'], '<a href="' . append_sid('album.' . PHP_EXT) . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } }
} message_die(GENERAL_ERROR, 'NO_USER'); } } if (empty($thiscat)) { message_die(GENERAL_ERROR, $lang['Category_not_exist']); } // ------------------------------------ // now get the category information // ------------------------------------ $cat_id = $thiscat['cat_id']; $current_pics = $thiscat['count']; // ------------------------------------ // Check the permissions // ------------------------------------ $album_user_access = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_VIEW_AND_UPLOAD, $thiscat); if ($album_user_access['upload'] == 0) { if (!$user->data['session_logged_in']) { redirect(append_sid(album_append_uid(CMS_PAGE_LOGIN . '?redirect=album_upload.' . PHP_EXT . '?cat_id=' . $cat_id), true)); } else { message_die(GENERAL_ERROR, $lang['Not_Authorized']); } } /* +---------------------------------------------------------- | Upload Quota Check +---------------------------------------------------------- */ // if we are in a public category if ($album_user_id == ALBUM_PUBLIC_GALLERY) { // ------------------------------------
$upload_img = $images['upload_pic']; $upload_link = append_sid(album_append_uid('album_upload.' . PHP_EXT . '?cat_id=' . intval($cat_id))); $upload_full_link = '<a href="' . $upload_link . '"><img src="' . $upload_img . '" alt="' . $lang['Upload_Pic'] . '" title="' . $lang['Upload_Pic'] . '" align="middle" border="0" /></a>'; $download_img = $images['download_pic']; $download_link = append_sid(album_append_uid('album_download.' . PHP_EXT . '?cat_id=' . intval($cat_id) . ($sort_method != '' ? '&sort_method=' . $sort_method : '') . ($sort_order != '' ? '&sort_order=' . $sort_order : '') . ($start != '' ? '&start=' . $start : ''))); $download_full_link = '<a href="' . $download_link . '"><img src="' . $download_img . '" alt="' . $lang['Download_page'] . '" title="' . $lang['Download_page'] . '" align="middle" border="0" /></a>'; if (album_check_permission($auth_data, ALBUM_AUTH_UPLOAD) == true && $enable_picture_upload_switch == false || ($no_personal_gallery = false)) { $template->assign_block_vars('enable_picture_upload_pg', array()); } // Enable download only for own personal galleries //if (($total_pics > 0) && ($enable_picture_download_switch == false) && ($thiscat['cat_user_id'] == $user->data['user_id'])) if ($total_pics > 0 && $enable_picture_download_switch == false) { $template->assign_block_vars('enable_picture_download_pg', array()); } if ($no_personal_gallery == false) { $auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_ALL, $thiscat); $auth_list = album_build_auth_list($album_user_id, $cat_id); //if((album_check_permission($auth_data, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES) == true) && ($is_root_cat) && (!$has_sub_cats && !$has_parent_cats)) if (album_check_permission($auth_data, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES) == true && ($is_root_cat && $row['count'] >= 0 || !$is_root_cat)) { $template->assign_block_vars('manage_personal_gal_folders', array()); } } // ------------------------------------------------------------------------ // Check if we should show the view toggle button // ------------------------------------------------------------------------ if ($album_config['show_all_in_personal_gallery'] == 1) { $template->assign_block_vars('enable_view_toggle', array()); } if ($thiscat['cat_user_id'] == $user->data['user_id']) { $template->assign_block_vars('switch_own_gallery', array()); }