$count_sql = "SELECT COUNT(pic_id) AS count\n\t\t\t\t\t\t\t\tFROM " . ALBUM_TABLE . ' AS p,' . ALBUM_CAT_TABLE . " AS c\n\t\t\t\t\t\t\t\tWHERE p.pic_approval = 1\n\t\t\t\t\t\t\t\tAND p.pic_cat_id = c.cat_id\n\t\t\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t\t\t" . $search_pg;
$result = $db->sql_query($count_sql);
$row = $db->sql_fetchrow($result);
$total_pics = $row['count'];
$sql = "SELECT p.pic_id, p.pic_title, p.pic_desc, p.pic_user_id, p.pic_username, p.pic_time, p.pic_cat_id, p.pic_approval, c.cat_id, c.cat_title, c.cat_user_id\n\t\t\t\t\tFROM " . ALBUM_TABLE . ' AS p,' . ALBUM_CAT_TABLE . " AS c\n\t\t\t\t\tWHERE p.pic_approval = 1\n\t\t\t\t\t\tAND p.pic_cat_id = c.cat_id\n\t\t\t\t\t\t" . $where . "\n\t\t\t\t\t\t" . $search_pg . "\n\t\t\t\t\tORDER BY p.pic_time DESC LIMIT " . $limit_sql . "";
$result = $db->sql_query($sql);
$numres = 0;
if ($row = $db->sql_fetchrow($result)) {
$in = array();
do {
if (!in_array($row['pic_id'], $in)) {
$album_user_id = $row['cat_user_id'];
$cat_id = $row['cat_id'];
//$cat_id = album_get_personal_root_id($album_user_id);
$check_permissions = ALBUM_AUTH_VIEW | ALBUM_AUTH_RATE | ALBUM_AUTH_COMMENT | ALBUM_AUTH_EDIT | ALBUM_AUTH_DELETE;
$auth_data = album_permissions($album_user_id, $cat_id, $check_permissions, $row);
//$auth_data = album_get_auth_data($cat_id);
$pic_preview = '';
$pic_preview_hs = '';
if ($album_config['lb_preview']) {
$slideshow_cat = '';
$slideshow = !empty($slideshow_cat) ? ', { slideshowGroup: \'' . $slideshow_cat . '\' } ' : '';
$pic_preview_hs = ' class="highslide" onclick="return hs.expand(this' . $slideshow . ');"';
$pic_preview = 'onmouseover="showtrail(\'' . append_sid(album_append_uid('album_picm.' . PHP_EXT . '?pic_id=' . $row['pic_id'])) . '\',\'' . addslashes($row[$j]['pic_title']) . '\', ' . $album_config['midthumb_width'] . ', ' . $album_config['midthumb_height'] . ')" onmouseout="hidetrail()"';
}
//if(!$auth_data['view'])
if ($auth_data['view'] >= 0) {
$template_vars = array('L_USERNAME' => $row['pic_username'], 'U_PROFILE' => append_sid(CMS_PAGE_PROFILE . '?mode=viewprofile&u=' . $row['pic_user_id']), 'PIC_PREVIEW_HS' => $pic_preview_hs, 'PIC_PREVIEW' => $pic_preview, 'CATEGORY' => $row['cat_user_id'] != ALBUM_PUBLIC_GALLERY ? $lang['Users_Personal_Galleries'] : $row['cat_title'], 'U_PIC_CAT' => $row['cat_id'] == $cat_id ? append_sid(album_append_uid('album_cat.' . PHP_EXT . '?cat_id=' . $row['cat_id'])) : append_sid(album_append_uid('album.' . PHP_EXT)), 'GROUP_NAME' => 'all');
album_build_detail_vars($template_vars, $row);
$template->assign_block_vars('switch_search_results.search_results', $template_vars);
$in[$numres] = $row['pic_id'];
$result = $db->sql_query($sql);
$thispic = $db->sql_fetchrow($result);
$cat_id = $thispic['pic_cat_id'];
$album_user_id = $thispic['cat_user_id'];
$pic_base_path = ALBUM_UPLOAD_PATH;
$pic_extra_path = '';
$pic_new_filename = $pic_extra_path . $pic_filename;
$pic_fullpath = $pic_base_path . $pic_new_filename;
if (empty($thispic) || !file_exists($pic_fullpath)) {
message_die(GENERAL_ERROR, $lang['Pic_not_exist']);
}
// ------------------------------------
// Check the permissions
// ------------------------------------
if ($album_config['hon_rate_users'] == 0) {
$album_user_access = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_VIEW, $thispic);
if ($album_user_access['view'] == 0) {
if (!$user->data['session_logged_in']) {
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_hotornot.' . PHP_EXT));
} else {
message_die(GENERAL_ERROR, $lang['Not_Authorized']);
}
}
}
// ------------------------------------
// Check Pic Approval
// ------------------------------------
if ($user->data['user_level'] != ADMIN) {
if ($thiscat['cat_approval'] == ADMIN || $thiscat['cat_approval'] == MOD && !$album_user_access['moderator']) {
if ($thispic['pic_approval'] != 1) {
message_die(GENERAL_ERROR, $lang['Not_Authorized']);
// ------------------------------------
$sql = "SELECT p.*, ac.*, u.user_id, u.username, u.user_active, u.user_color, u.user_rank, u.user_level, u.user_avatar, u.user_avatar_type, u.user_allowavatar, r.rate_pic_id, AVG(r.rate_point) AS rating, COUNT(DISTINCT c.comment_id) AS comments_count\n\t\tFROM " . ALBUM_CAT_TABLE . " AS ac, " . ALBUM_TABLE . " AS p\n\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON p.pic_user_id = u.user_id\n\t\t\tLEFT JOIN " . ALBUM_COMMENT_TABLE . " AS c ON p.pic_id = c.comment_pic_id\n\t\t\tLEFT JOIN " . ALBUM_RATE_TABLE . " AS r ON p.pic_id = r.rate_pic_id\n\t\tWHERE pic_id = '{$pic_id}'\n\t\t\tAND ac.cat_id = p.pic_cat_id\n\t\tGROUP BY p.pic_id\n\t\tLIMIT 1";
$result = $db->sql_query($sql);
$thispic = $db->sql_fetchrow($result);
$cat_id = $thispic['pic_cat_id'] != 0 ? $thispic['pic_cat_id'] : $thispic['cat_id'];
$album_user_id = $thispic['cat_user_id'];
$total_comments = $thispic['comments_count'];
$comments_per_page = $config['posts_per_page'];
if (empty($thispic)) {
message_die(GENERAL_ERROR, $lang['Pic_not_exist'] . $lang['Nav_Separator'] . $pic_id);
}
// ------------------------------------
// Check the permissions
// ------------------------------------
$check_permissions = ALBUM_AUTH_VIEW | ALBUM_AUTH_RATE | ALBUM_AUTH_COMMENT | ALBUM_AUTH_EDIT | ALBUM_AUTH_DELETE;
$auth_data = album_permissions($album_user_id, $cat_id, $check_permissions, $thispic);
if ($auth_data['view'] == 0) {
if (!$user->data['session_logged_in']) {
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_showpage.' . PHP_EXT . '&pic_id=' . $pic_id));
exit;
} else {
message_die(GENERAL_ERROR, $lang['Not_Authorized']);
}
}
// ------------------------------------
//RATING: Additional Check: if this user already rated
// ------------------------------------
$own_pic_rate = false;
if ($user->data['session_logged_in']) {
$sql = "SELECT *\n\t\t\tFROM " . ALBUM_RATE_TABLE . "\n\t\t\tWHERE rate_pic_id = '{$pic_id}'\n\t\t\t\tAND rate_user_id = '" . $user->data['user_id'] . "'\n\t\t\tLIMIT 1";
$result = $db->sql_query($sql);
$sql = "SELECT p.*, cat.*, u.user_id, u.username, COUNT(c.comment_id) as comments_count\n\t\tFROM " . ALBUM_CAT_TABLE . " AS cat, " . ALBUM_TABLE . " AS p\n\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON p.pic_user_id = u.user_id\n\t\t\tLEFT JOIN " . ALBUM_COMMENT_TABLE . " AS c ON p.pic_id = c.comment_pic_id\n\t\tWHERE pic_id = '{$pic_id}'\n\t\t\tAND cat.cat_id = p.pic_cat_id\n\t\tGROUP BY p.pic_id\n\t\tLIMIT 1";
$result = $db->sql_query($sql);
$thispic = $db->sql_fetchrow($result);
$cat_id = $thispic['pic_cat_id'];
$album_user_id = $thispic['cat_user_id'];
$total_comments = $thispic['comments_count'];
$comments_per_page = $config['posts_per_page'];
$pic_filename = $thispic['pic_filename'];
$pic_thumbnail = $thispic['pic_thumbnail'];
if (empty($thispic)) {
message_die(GENERAL_ERROR, $lang['Pic_not_exist']);
}
// ------------------------------------
// Check the permissions
// ------------------------------------
$album_user_access = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_COMMENT | ALBUM_AUTH_DELETE, $thispic);
if ($album_user_access['comment'] == 0 || $album_user_access['delete'] == 0) {
if (!$user->data['session_logged_in']) {
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_comment_delete.' . PHP_EXT . '?comment_id=' . $comment_id));
} else {
message_die(GENERAL_ERROR, $lang['Not_Authorized']);
}
} else {
if (!$album_user_access['moderator'] && $user->data['user_level'] != ADMIN) {
if ($thiscomment['comment_user_id'] != $user->data['user_id']) {
message_die(GENERAL_ERROR, $lang['Not_Authorized']);
}
}
}
/*
+----------------------------------------------------------
function album_get_auth_data($cat_id)
{
global $album_data;
if ($cat_id != ALBUM_ROOT_CATEGORY && (!isset($album_data) || !is_array($album_data) || sizeof($album_data) == 0)) {
//$auth_data = //album_user_access($cat_id, 0, 1, 1, 1, 1, 1, 1);
$auth_data = album_permissions(0, $cat_id, 0, ALBUM_AUTH_ALL);
return $auth_data;
}
if (album_is_debug_enabled() == true) {
if (!array_key_exists($cat_id, $album_data['auth'])) {
return false;
}
} else {
if (@(!array_key_exists($cat_id, $album_data['auth']))) {
return false;
}
}
return $album_data['auth'][$cat_id];
}
} elseif (isset($_POST['delete'])) {
$mode = 'delete';
} elseif (isset($_POST['approval'])) {
$mode = 'approval';
} elseif (isset($_POST['unapproval'])) {
$mode = 'unapproval';
} elseif (isset($_POST['copy'])) {
$mode = 'copy';
}
// END $mode (select action)
//album_read_tree($album_user_id);
album_read_tree(ALBUM_ROOT_CATEGORY);
// ------------------------------------
// Check the permissions
// ------------------------------------
$auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_VIEW_AND_UPLOAD | ALBUM_AUTH_MODERATOR, $thiscat);
if (!album_check_permission($auth_data, ALBUM_AUTH_MODERATOR)) {
if (!$user->data['session_logged_in']) {
redirect(append_sid(album_append_uid(CMS_PAGE_LOGIN . '?redirect=album_modcp.' . PHP_EXT . '&cat_id=' . $cat_id)));
} else {
message_die(GENERAL_ERROR, $lang['Not_Authorized']);
}
}
// END permissions
/*
+----------------------------------------------------------
| Main work here...
+----------------------------------------------------------
*/
if (empty($mode)) {
// --------------------------------
$auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_UPLOAD);
if (!album_check_permission($auth_data, ALBUM_AUTH_UPLOAD)) {
if ($album_user_id != $user->data['user_id'] && $user->data['user_level'] != ADMIN) {
if ($album_user_id <= 0 && !$user->data['session_logged_in']) {
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_cat.' . PHP_EXT));
}
$album_user_id = isset($_GET['user_id']) && intval($_GET['user_id']) > 1 ? intval($_GET['user_id']) : $user->data['user_id'];
//$album_user_id = $user->data['user_id'];
} else {
$message = $lang['No_Personal_Category_admin'];
$message .= '<br /><br />' . sprintf($lang['Click_return_album_index'], '<a href="' . append_sid(album_append_uid('album.' . PHP_EXT)) . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}
} else {
$auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES);
if (!album_check_permission($auth_data, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES)) {
if ($album_user_id != $user->data['user_id'] && $user->data['user_level'] != ADMIN) {
if ($album_user_id <= 0 && !$user->data['session_logged_in']) {
redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album_cat.' . PHP_EXT));
}
if (!isset($_GET['action'])) {
redirect(append_sid('album.' . PHP_EXT));
}
$album_user_id = $user->data['user_id'];
} else {
$message = $lang['No_Personal_Category_admin'];
$message .= '<br /><br />' . sprintf($lang['Click_return_album_index'], '<a href="' . append_sid('album.' . PHP_EXT) . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}
}
message_die(GENERAL_ERROR, 'NO_USER');
}
}
if (empty($thiscat)) {
message_die(GENERAL_ERROR, $lang['Category_not_exist']);
}
// ------------------------------------
// now get the category information
// ------------------------------------
$cat_id = $thiscat['cat_id'];
$current_pics = $thiscat['count'];
// ------------------------------------
// Check the permissions
// ------------------------------------
$album_user_access = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_VIEW_AND_UPLOAD, $thiscat);
if ($album_user_access['upload'] == 0) {
if (!$user->data['session_logged_in']) {
redirect(append_sid(album_append_uid(CMS_PAGE_LOGIN . '?redirect=album_upload.' . PHP_EXT . '?cat_id=' . $cat_id), true));
} else {
message_die(GENERAL_ERROR, $lang['Not_Authorized']);
}
}
/*
+----------------------------------------------------------
| Upload Quota Check
+----------------------------------------------------------
*/
// if we are in a public category
if ($album_user_id == ALBUM_PUBLIC_GALLERY) {
// ------------------------------------
$upload_img = $images['upload_pic'];
$upload_link = append_sid(album_append_uid('album_upload.' . PHP_EXT . '?cat_id=' . intval($cat_id)));
$upload_full_link = '<a href="' . $upload_link . '"><img src="' . $upload_img . '" alt="' . $lang['Upload_Pic'] . '" title="' . $lang['Upload_Pic'] . '" align="middle" border="0" /></a>';
$download_img = $images['download_pic'];
$download_link = append_sid(album_append_uid('album_download.' . PHP_EXT . '?cat_id=' . intval($cat_id) . ($sort_method != '' ? '&sort_method=' . $sort_method : '') . ($sort_order != '' ? '&sort_order=' . $sort_order : '') . ($start != '' ? '&start=' . $start : '')));
$download_full_link = '<a href="' . $download_link . '"><img src="' . $download_img . '" alt="' . $lang['Download_page'] . '" title="' . $lang['Download_page'] . '" align="middle" border="0" /></a>';
if (album_check_permission($auth_data, ALBUM_AUTH_UPLOAD) == true && $enable_picture_upload_switch == false || ($no_personal_gallery = false)) {
$template->assign_block_vars('enable_picture_upload_pg', array());
}
// Enable download only for own personal galleries
//if (($total_pics > 0) && ($enable_picture_download_switch == false) && ($thiscat['cat_user_id'] == $user->data['user_id']))
if ($total_pics > 0 && $enable_picture_download_switch == false) {
$template->assign_block_vars('enable_picture_download_pg', array());
}
if ($no_personal_gallery == false) {
$auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_ALL, $thiscat);
$auth_list = album_build_auth_list($album_user_id, $cat_id);
//if((album_check_permission($auth_data, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES) == true) && ($is_root_cat) && (!$has_sub_cats && !$has_parent_cats))
if (album_check_permission($auth_data, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES) == true && ($is_root_cat && $row['count'] >= 0 || !$is_root_cat)) {
$template->assign_block_vars('manage_personal_gal_folders', array());
}
}
// ------------------------------------------------------------------------
// Check if we should show the view toggle button
// ------------------------------------------------------------------------
if ($album_config['show_all_in_personal_gallery'] == 1) {
$template->assign_block_vars('enable_view_toggle', array());
}
if ($thiscat['cat_user_id'] == $user->data['user_id']) {
$template->assign_block_vars('switch_own_gallery', array());
}
