function album_permissions($user_id, $cat_id, $permission_checks, $catdata = 0) { global $db, $user, $lang, $album_config, $album_data; $moderator_check = 1; if (album_is_debug_enabled() == true) { if (!defined('ALBUM_AUTH_VIEW') || !defined('ALBUM_AUTH_UPLOAD') || !defined('ALBUM_AUTH_DELETE')) { album_debug("album_permissions : The defined authentication constants are NOT found !!!"); } } $view_check = (int) checkFlag($permission_checks, ALBUM_AUTH_VIEW); $upload_check = (int) checkFlag($permission_checks, ALBUM_AUTH_UPLOAD); $rate_check = (int) checkFlag($permission_checks, ALBUM_AUTH_RATE); $comment_check = (int) checkFlag($permission_checks, ALBUM_AUTH_COMMENT); $edit_check = (int) checkFlag($permission_checks, ALBUM_AUTH_EDIT); $delete_check = (int) checkFlag($permission_checks, ALBUM_AUTH_DELETE); // ------------------------------------------------------------------------ // if we are checkinfg the personal gallery category management permission // we need to do these also : view and upload // ------------------------------------------------------------------------ if (checkFlag($permission_checks, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES) == true) { $view_check = 1; $upload_check = 1; } // ------------------------------------------------------------------------ // did we pass some category data or not ? // ------------------------------------------------------------------------ if (!is_array($catdata)) { $sql = "SELECT *\n\t\t\t\tFROM " . ALBUM_CAT_TABLE . "\n\t\t\t\tWHERE cat_id = '{$cat_id}'"; $result = $db->sql_query($sql); // ------------------------------------------------------------------------ // did we find the category or not ? // ------------------------------------------------------------------------ if ($db->sql_numrows($result) == 0) { // ------------------------------------------------------------------------ // is it a personal gallery ? // ------------------------------------------------------------------------ if ($user_id != ALBUM_PUBLIC_GALLERY) { $AH_thiscat = init_personal_gallery_cat($user_id); $album_permission = personal_gallery_access(1, 1); //$view_check, $upload_check); } else { message_die(GENERAL_ERROR, $lang['Category_not_exist'], '', __LINE__, __FILE__, $sql); } } else { $AH_thiscat = $db->sql_fetchrow($result); } } else { $AH_thiscat = $catdata; // ------------------------------------------------------------------------ // it is the root category of a non existing personal gallery // ------------------------------------------------------------------------ if ($AH_thiscat['cat_user_id'] != 0 && $AH_thiscat['cat_id'] == 0) { $album_permission = personal_gallery_access(1, 1); //$view_check, $upload_check); } } // ------------------------------------------------------------------------ // if we set our $AH_thiscat and not our permission array then we must // authenticate it // ------------------------------------------------------------------------ if (album_is_debug_enabled() == true) { album_debug('album_permissions : before album_user_access : %s(id=%d), $album_permission = %s', $AH_thiscat['cat_title'], $AH_thiscat['cat_id'], $album_permission); } if (!empty($AH_thiscat) && !is_array($album_permission)) { $album_permission = album_user_access($cat_id, $AH_thiscat, $view_check, $upload_check, $rate_check, $comment_check, $edit_check, $delete_check); } if (album_is_debug_enabled() == true) { album_debug('album_permissions : after album_user_access : %s(id=%d), $album_permission = %s', $AH_thiscat['cat_title'], $AH_thiscat['cat_id'], $album_permission); } // ------------------------------------------------------------------------ // as default nobody can manage the galleries (personal galleries that is) // check is done later, but only for personal galleries, so its not possible // to manage the categories in the public galleries, only in the ACP // ------------------------------------------------------------------------ $album_permission['manage'] = 0; // ------------------------------------------------------------------------ // $album_permission should now hold our permission stuff for either a personal // gallery or a public gallery. // lets now do some more authentication for the personal galleries // ------------------------------------------------------------------------ if ($AH_thiscat['cat_user_id'] != 0) { if (album_is_debug_enabled() == true) { album_Debug('$album_config[\'personal_gallery\'] = %d', $album_config['personal_gallery']); } switch ($album_config['personal_gallery']) { case ALBUM_USER: // ------------------------------------------------------------------------ // are we checking a non existing personal gallery ? // ------------------------------------------------------------------------ if (empty($AH_thiscat) || $AH_thiscat['cat_id'] == 0 || $cat_id == ALBUM_ROOT_CATEGORY) { // ------------------------------------------------------------------------ // if the admin has set the creation of personal galleries to 'registered users' // then filter out all other users then the current logged in user (and NON ADMIN) // ------------------------------------------------------------------------ if ($user->data['user_id'] != $AH_thiscat['cat_user_id'] && $user->data['user_level'] != ADMIN) { $album_permission['upload'] = 0; } // ------------------------------------------------------------------------ // set the other permissions to the same value of the upload // for this non exsting personal gallery, // ------------------------------------------------------------------------ $album_permission['rate'] = $album_permission['upload']; $album_permission['edit'] = $album_permission['upload']; $album_permission['delete'] = $album_permission['upload']; $album_permission['comment'] = $album_permission['upload']; } break; case ALBUM_ADMIN: // ------------------------------------------------------------------------ // Only admins can upload images to users personal gallery // ------------------------------------------------------------------------ if ($user->data['user_level'] != ADMIN) { $album_permission['upload'] = 0; } break; default: // NOTHING; } // ------------------------------------------------------------------------ // we need to check the upload permission again to full fill all the // permission criterias // ------------------------------------------------------------------------ switch ($AH_thiscat['cat_upload_level']) { case ALBUM_PRIVATE: // ------------------------------------------------------------------------ // make sure the owner of the personal gallery can upload to his personal gallery // it the permission is set to private BUT only for existing personal galleries // if ($AH_thiscat['cat_id'] != 0 && ($user_id == $user->data['user_id']) ) // ------------------------------------------------------------------------ if ($AH_thiscat['cat_id'] != 0 && $AH_thiscat['cat_user_id'] == $user->data['user_id']) { if ($album_config['personal_gallery'] == ALBUM_ADMIN && $user->data['user_level'] != ADMIN) { $album_permission['upload'] = 0; } else { $album_permission['upload'] = 1; } } break; default: // NOTHING; } // ------------------------------------------------------------------------ // Check if we can moderate the personal gallery AND also check if we can // manage the personal gallery categories // ------------------------------------------------------------------------ if ($user->data['user_level'] == ADMIN || $album_permission['upload'] == 1 && $album_config['personal_allow_gallery_mod'] == 1 && $AH_thiscat['cat_user_id'] == $user->data['user_id']) { $album_permission['moderator'] = 1; } if ($user->data['user_level'] == ADMIN || $album_config['personal_allow_sub_categories'] == 1 && $album_config['personal_sub_category_limit'] != 0 && $AH_thiscat['cat_user_id'] == $user->data['user_id'] && $album_permission['upload'] == 1) { $album_permission['manage'] = 1; } // ------------------------------------------------------------------------ // If $moderator_check was called and this user is a MODERATOR the user // will be authorized for all accesses which were not set to ADMIN // except for the management of the categories in the personal gallery // ------------------------------------------------------------------------ if ($album_permission['moderator'] == 1) { $album_permission_keys = array_keys($album_permission); for ($i = 0; $i < sizeof($album_permission); $i++) { if ($AH_thiscat['cat_' . $album_permission_keys[$i] . '_level'] != ALBUM_ADMIN && $album_permission_keys[$i] != 'manage') { $album_permission[$album_permission_keys[$i]] = 1; } } } } if (album_is_debug_enabled() == true) { album_debug('final : $album_permission = %s', $album_permission); } return $album_permission; }
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Content-Type: text/xml'); // Create main site url $fap_full_url = create_server_url(); $index_site = $fap_full_url . 'album.' . PHP_EXT; $index_url = $fap_full_url . 'album_showpage.' . PHP_EXT; $thumb_url = $fap_full_url . 'album_thumbnail.' . PHP_EXT; // If not set, set the output count to 25 $count = request_var('np', 25); $count = $count <= 0 ? 25 : $count; // BEGIN Recent Photos // Start check permissions $sql_allowed_cat = ''; $check_sel = $admin_mode ? 0 : 1; if ($user->data['user_level'] != ADMIN) { $album_user_access = personal_gallery_access(true, false); $not_allowed_cat = $album_user_access['view'] == 1 ? '' : '0'; $sql = "SELECT c.*\n\t\tFROM " . ALBUM_CAT_TABLE . " AS c\n\t\tWHERE cat_id <> 0"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $album_user_access = album_user_access($row['cat_id'], $row, 1, 0, 0, 0, 0, 0); // VIEW if ($admin_mode) { if ($album_user_access['moderator'] != 1 || $row['cat_approval'] != MOD) { $not_allowed_cat .= $not_allowed_cat == '' ? $row['cat_id'] : ',' . $row['cat_id']; } } else { if ($album_user_access['view'] != 1) { $not_allowed_cat .= $not_allowed_cat == '' ? $row['cat_id'] : ',' . $row['cat_id']; } }
$cat_id = request_var('cat_id', 0); $user_id = request_var('user_id', 0); $sort_method = request_var('sort_method', $album_config['sort_method']); $sort_method = check_var_value($sort_method, array('pic_title', 'pic_view_count', 'rating', 'comments', 'new_comment')); $sort_order = request_var('sort_order', $album_config['sort_order']); $sort_order = check_var_value($sort_order, array('DESC', 'ASC')); $pics_per_page = $album_config['rows_per_page'] * $album_config['cols_per_page']; $auth_view = 0; if (!empty($cat_id)) { $album_user_access = album_user_access($cat_id, $thiscat, 1, 0, 0, 0, 0, 0); // VIEW $auth_view = $album_user_access['view']; //$auth_view = ($user->data['user_level'] == ADMIN); } elseif (!empty($user_id)) { $cat_id = PERSONAL_GALLERY . " AND pic_user_id = {$user_id}"; $personal_gallery_access = personal_gallery_access(1, 0); $auth_view = $personal_gallery_access['view']; //$auth_view = (($user->data['user_id'] == $user_id) || ($user->data['user_level'] > 0)) ? 1 : 0; } // ------------------------------------ // Check authorization // ------------------------------------ if (!$auth_view || $album_config['show_download'] == 0 && $user->data['user_level'] != ADMIN) { message_die(GENERAL_ERROR, $lang['No_Download_auth']); } // // END check request // // ------------------------------------ // Count Pics // ------------------------------------