if (admin_authenticate(AT_ADMIN_PRIV_PHOTO_ALBUM, true)) { //this is admin $_pages[AT_PA_BASENAME . 'albums.php']['parent'] = AT_PA_BASENAME . 'index_admin.php'; } //if this member has the permission to edit the album, show the edit/organize menu if ($action_permission) { $_pages[AT_PA_BASENAME . 'albums.php']['children'] = array(AT_PA_BASENAME . 'edit_photos.php?aid=' . $id, AT_PA_BASENAME . 'edit_photos.php?aid=' . $id . SEP . 'org=1'); $_pages[AT_PA_BASENAME . 'edit_photos.php?aid=' . $id]['title_var'] = 'pa_edit_photos'; $_pages[AT_PA_BASENAME . 'edit_photos.php?aid=' . $id]['parent'] = AT_PA_BASENAME . 'albums.php'; $_pages[AT_PA_BASENAME . 'edit_photos.php?aid=' . $id . SEP . 'org=1']['title_var'] = 'pa_organize_photos'; $_pages[AT_PA_BASENAME . 'edit_photos.php?aid=' . $id . SEP . 'org=1']['parent'] = AT_PA_BASENAME . 'albums.php'; } //TODO: handle add_photo if (isset($_POST['upload'])) { //check file size, filename, and extension $_FILES['photo'] = checkPhoto($_FILES['photo']); if ($_FILES['photo'] === false || !$action_permission && $info['type_id'] != AT_PA_TYPE_COURSE_ALBUM) { //owner and course members can upload pictures. Not edit though. header('Location: ../' . $_SESSION['redirect_to']['profile_pic']); exit; } //computer album folder name and photo filename, if exist, shift bits //goal: generate a random yet computable file structure to disallow // users to browse through others' photos through URLs. $album_file_path = getAlbumFilePath($id, $info['created_date']); $album_file_path_tn = $album_file_path . '_tn' . DIRECTORY_SEPARATOR; $album_file_path .= DIRECTORY_SEPARATOR; if (!is_dir(AT_PA_CONTENT_DIR . $album_file_path)) { mkdir(AT_PA_CONTENT_DIR . $album_file_path); } if (!is_dir(AT_PA_CONTENT_DIR . $album_file_path_tn)) {
public function checkAlbums($db, $albumRefId, $albumRefName, $albumId) { $firstChilds = $db->query('SELECT * FROM albums WHERE parentAlbumId="' . $albumId . ' "'); if (!empty($firstChilds)) { while ($childAlbum = mysql_fetch_array($firstChilds)) { $results = mysql_fetch_array($db->query('SELECT * FROM albums WHERE parentAlbumId="' . $albumRefId . '" AND name="' . $albumRefName . '" ORDER BY id DESC')); checkPhoto($db, $albumRefId, $results['id']); checkAlbums($db, $albumRefId, $results['id']); } } }