function album_build_auth_list($user_id, $cat_id = ALBUM_ROOT_CATEGORY, $auth_data = 0) { global $user, $lang, $album_config; $auth_list = ''; if (!is_array($auth_data)) { if ($cat_id == ALBUM_ROOT_CATEGORY) { message_die(GENERAL_ERROR, "Invalid combination of category id and authentication data"); } $auth_data = album_get_auth_data($cat_id); } $auth_key = array_keys($auth_data); for ($i = 0; $i < sizeof($auth_data) - 1; $i++) { // we should skip a loop if RATE and COMMENT is disabled if ($album_config['rate'] == 0 && $auth_key[$i] == 'rate' || $album_config['comment'] == 0 && $auth_key[$i] == 'comment') { continue; } $auth_list .= $auth_data[$auth_key[$i]] == 1 ? $lang['Album_' . $auth_key[$i] . '_can'] : $lang['Album_' . $auth_key[$i] . '_cannot']; $auth_list .= '<br />'; } // ------------------------------------------------------------------------ // add Moderator Control Panel here // ------------------------------------------------------------------------ if ($user->data['user_level'] == ADMIN || $auth_data['moderator'] == 1) { $auth_list .= sprintf($lang['Album_moderate_can'], '<a href="' . append_sid(album_append_uid('album_modcp.' . PHP_EXT . '?cat_id=' . $cat_id)) . '">', '</a>'); $auth_list .= '<br />'; } // ------------------------------------------------------------------------ // if admin has allowed user to manage his sub categories AND also have // allowed for more then one category then enable the personal gallery // category admin // ------------------------------------------------------------------------ if ($user_id != ALBUM_PUBLIC_GALLERY && $auth_data['manage'] == 1) { /* if ( ($user->data['user_level'] == ADMIN) || (($album_config['personal_allow_gallery_mod'] == 1) && ($album_config['personal_allow_sub_categories'] == 1) && ($album_config['personal_sub_category_limit'] != 0)) ) */ if ($user->data['user_level'] == ADMIN || $album_config['personal_allow_sub_categories'] == 1 && $album_config['personal_sub_category_limit'] != 0) { $auth_list .= sprintf($lang['Album_Can_Manage_Categories'], '<a href="' . append_sid(album_append_uid('album_personal_cat_admin.' . PHP_EXT . '?cat_id=' . $cat_id)) . '">', '</a>'); $auth_list .= '<br />'; } } return $auth_list; }
$catrows = array(); // all categories for jumpbox $auth_data = array(); // the authothentication data for current category for current user if ($album_user_id != ALBUM_PUBLIC_GALLERY && !album_check_user_exists($album_user_id)) { redirect(append_sid(album_append_uid('album.' . PHP_EXT))); } $read_options = $album_view_mode == ALBUM_VIEW_LIST ? ALBUM_READ_ALL_CATEGORIES | ALBUM_AUTH_VIEW : ALBUM_AUTH_VIEW; $catrows = album_read_tree($album_user_id, $read_options); // check if the category exists in the album_tree data if (@(!array_key_exists($cat_id, $album_data['keys']))) { message_die(GENERAL_MESSAGE, $lang['Category_not_exist']); } $thiscat = $album_data['data'][$album_data['keys'][$cat_id]]; $total_pics = $thiscat['count']; $auth_data = album_get_auth_data($cat_id); //$auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_ALL, $thiscat); // ------------------------------------ // Check permissions // ------------------------------------ if (!$auth_data['view']) { if (!$user->data['session_logged_in']) { redirect(append_sid(album_append_uid(CMS_PAGE_LOGIN . '?redirect=album_cat.' . PHP_EXT . '&cat_id=' . $cat_id))); } else { message_die(GENERAL_ERROR, $lang['Not_Authorized']); } } // END check permissions if (empty($thiscat)) { message_die(GENERAL_MESSAGE, $lang['Category_not_exist']); }
message_die(GENERAL_MESSAGE, 'NO_USER'); } $username = $album_user['username']; $moderators_list = empty($moderators_list) ? $username : '******' . $username; // check if personal gallery root category exists if (ALBUM_ROOT_CATEGORY == ($check_cat_id = album_get_personal_root_id($album_user_id))) { // if it doesn't then create the 'fake' category so we can authenticate it $thiscat = init_personal_gallery_cat($album_user_id); $cat_id = $check_cat_id; $auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_ALL, $thiscat); } else { if (empty($cat_id) || $cat_id == 0) { $cat_id = $check_cat_id; } $thiscat = $album_data['data'][$album_data['keys'][$cat_id]]; $auth_data = album_get_auth_data(album_get_personal_root_id($album_user_id)); } // ------------------------------------------------------------------------ // Check view permissions // ------------------------------------------------------------------------ // Old AUTH Check for PG //$auth_data = album_permissions($album_user_id, $cat_id, ALBUM_AUTH_ALL, $thiscat); // Used in album_cat.php //$auth_data = album_get_auth_data($cat_id); // New AUTH check for PG //$auth_data = album_get_auth_data(album_get_personal_root_id($album_user_id)); if (!album_check_permission($auth_data, ALBUM_AUTH_VIEW)) { if (!$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=album.' . PHP_EXT . '&user_id=' . $album_user_id)); } else { message_die(GENERAL_MESSAGE, $lang['Not_Authorized']);