$hash = $albumobj->getPassword(); $authType = "zp_album_auth_" . $albumobj->get('id'); $hint = $albumobj->getPasswordHint(); $show = $albumobj->getUser(); if (!empty($hash)) { break; } $albumobj = $albumobj->getParent(); } } } if (empty($hash)) { // check for gallery password $hash = $_zp_gallery->getPassword(); $authType = 'zp_gallery_auth'; $hint = $_zp_gallery->getPasswordHint(); $show = $_zp_gallery->getUser(); } if (empty($hash) && GALLERY_SECURITY == 'private' || !empty($hash) && zp_getCookie($authType) != $hash) { require_once dirname(__FILE__) . "/template-functions.php"; $parms = ''; if (isset($_GET['wmk'])) { $parms = '&wmk=' . $_GET['wmk']; } if (isset($_GET['q'])) { $parms .= '&q=' . sanitize_numeric($_GET['q']); } if (isset($_GET['dsp'])) { $parms .= '&dsp=' . sanitize_numeric($_GET['dsp']); } $action = WEBPATH . '/' . ZENFOLDER . '/full-image.php?userlog=1&a=' . pathurlencode($album8) . '&i=' . urlencode($image8) . $parms;
/** * Checks to see access is allowed to an album * Returns true if access is allowed. * There is no password dialog--you must have already had authorization via a cookie. * * @param string $album album object or name of the album * @param string &$hint becomes populated with the password hint. * @return bool */ function checkAlbumPassword($album, &$hint = NULL) { global $_zp_pre_authorization, $_zp_gallery; if (is_object($album)) { $albumname = $album->name; } else { if (!is_object($_zp_gallery)) { $_zp_gallery = new Gallery(); } $album = new Album($_zp_gallery, $albumname = $album); } if (isset($_zp_pre_authorization[$albumname])) { return $_zp_pre_authorization[$albumname]; } $hash = $album->getPassword(); if (empty($hash)) { $album = $album->getParent(); while (!is_null($album)) { $hash = $album->getPassword(); $authType = "zp_album_auth_" . $album->get('id'); $saved_auth = zp_getCookie($authType); if (!empty($hash)) { if ($saved_auth == $hash) { $_zp_pre_authorization[$albumname] = $authType; return $authType; } else { $hint = $album->getPasswordHint(); return false; } } $album = $album->getParent(); } // revert all tlhe way to the gallery $hash = $_zp_gallery->getPassword(); $authType = 'zp_gallery_auth'; $saved_auth = zp_getCookie($authType); if (empty($hash)) { $authType = 'zp_public_access'; } else { if ($saved_auth != $hash) { $hint = $_zp_gallery->getPasswordHint(); return false; } } } else { $authType = "zp_album_auth_" . $album->get('id'); $saved_auth = zp_getCookie($authType); if ($saved_auth != $hash) { $hint = $album->getPasswordHint(); return false; } } $_zp_pre_authorization[$albumname] = $authType; return $authType; }