function cms_block_album()
{
global $db, $cache, $config, $template, $theme, $images, $user, $lang, $table_prefix, $block_id, $cms_config_vars, $cms_config_layouts, $cms_page, $album_config;
$cms_page_id_tmp = 'album';
$cms_auth_level_tmp = isset($cms_config_layouts[$cms_page_id_tmp]['view']) ? $cms_config_layouts[$cms_page_id_tmp]['view'] : AUTH_ALL;
$process_block = check_page_auth($cms_page_id_tmp, $cms_auth_level_tmp, true);
if (!$process_block) {
return;
}
if (!defined('IMG_THUMB')) {
define('IMG_THUMB', true);
}
$template->_tpldata['recent_pics.'] = array();
$template->_tpldata['recent_details.'] = array();
$template->_tpldata['no_pics'] = array();
/*
echo($cms_config_vars['md_pics_all'][$block_id] . '<br />');
echo($cms_config_vars[$block_id . '_' . 'md_pics_all']);
exit;
*/
include_once ALBUM_MOD_PATH . 'album_common.' . PHP_EXT;
global $album_config;
$sql = "SELECT c.*, COUNT(p.pic_id) AS count\n\t\t\t\tFROM " . ALBUM_CAT_TABLE . " AS c\n\t\t\t\t\tLEFT JOIN " . ALBUM_TABLE . " AS p ON c.cat_id = p.pic_cat_id\n\t\t\t\t" . ($cms_config_vars['md_pics_all'][$block_id] == '1' ? '' : 'WHERE cat_user_id = 0') . "\n\t\t\t\tGROUP BY cat_id\n\t\t\t\tORDER BY cat_order ASC";
$result = $db->sql_query($sql);
$catrows = array();
while ($row = $db->sql_fetchrow($result)) {
$album_user_access = album_user_access($row['cat_id'], $row, 1, 0, 0, 0, 0, 0);
// VIEW
if ($album_user_access['view'] == 1) {
$catrows[] = $row;
}
}
$db->sql_freeresult($result);
if ($cms_config_vars['md_pics_all'][$block_id] == '1') {
$allowed_cat = '0';
// For Recent Public Pics below
} else {
$allowed_cat = '';
}
// $catrows now stores all categories which this user can view. Dump them out!
for ($i = 0; $i < sizeof($catrows); $i++) {
// Build allowed category-list (for recent pics after here)
$allowed_cat .= $allowed_cat == '' ? $catrows[$i]['cat_id'] : ',' . $catrows[$i]['cat_id'];
// Get Last Pic of this Category
if ($catrows[$i]['count'] == 0) {
//
// Oh, this category is empty
//
$last_pic_info = $lang['No_Pics'];
$u_last_pic = '';
$last_pic_title = '';
} else {
// Check Pic Approval
if ($catrows[$i]['cat_approval'] == ALBUM_ADMIN || $catrows[$i]['cat_approval'] == ALBUM_MOD) {
$pic_approval_sql = 'AND p.pic_approval = 1';
// Pic Approval ON
} else {
$pic_approval_sql = '';
// Pic Approval OFF
}
}
}
if ($cms_config_vars['md_pics_all'][$block_id] == '1') {
$pics_allowed = '0';
} else {
$pics_allowed = '';
}
$no_pics = false;
if ($allowed_cat != $pics_allowed) {
$category_id = $cms_config_vars['md_cat_id'][$block_id];
if ($cms_config_vars['md_pics_sort'][$block_id] == '1') {
if ($category_id != 0) {
$sql = "SELECT p.*, u.user_id, u.username, u.user_active, u.user_color, r.rate_pic_id, AVG(r.rate_point) AS rating, COUNT(DISTINCT c.comment_id) AS comments\n\t\t\t\t\t\tFROM " . ALBUM_TABLE . " AS p\n\t\t\t\t\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON p.pic_user_id = u.user_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_CAT_TABLE . " AS ct ON p.pic_cat_id = ct.cat_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_RATE_TABLE . " AS r ON p.pic_id = r.rate_pic_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_COMMENT_TABLE . " AS c ON p.pic_id = c.comment_pic_id\n\t\t\t\t\t\tWHERE p.pic_cat_id IN ({$allowed_cat}) AND (p.pic_approval = 1 OR ct.cat_approval = 0) AND pic_cat_id IN ({$category_id})\n\t\t\t\t\t\tGROUP BY p.pic_id\n\t\t\t\t\t\tORDER BY RAND()\n\t\t\t\t\t\tLIMIT " . $cms_config_vars['md_pics_number'][$block_id];
} else {
$sql = "SELECT p.*, u.user_id, u.username, u.user_active, u.user_color, r.rate_pic_id, AVG(r.rate_point) AS rating, COUNT(DISTINCT c.comment_id) AS comments\n\t\t\t\t\t\tFROM " . ALBUM_TABLE . " AS p\n\t\t\t\t\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON p.pic_user_id = u.user_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_CAT_TABLE . " AS ct ON p.pic_cat_id = ct.cat_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_RATE_TABLE . " AS r ON p.pic_id = r.rate_pic_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_COMMENT_TABLE . " AS c ON p.pic_id = c.comment_pic_id\n\t\t\t\t\t\tWHERE p.pic_cat_id IN ({$allowed_cat}) AND (p.pic_approval = 1 OR ct.cat_approval = 0)\n\t\t\t\t\t\tGROUP BY p.pic_id\n\t\t\t\t\t\tORDER BY RAND()\n\t\t\t\t\t\tLIMIT " . $cms_config_vars['md_pics_number'][$block_id];
}
} elseif ($cms_config_vars['md_pics_sort'][$block_id] == '0') {
if ($category_id != 0) {
$sql = "SELECT p.*, u.user_id, u.username, u.user_active, u.user_color, r.rate_pic_id, AVG(r.rate_point) AS rating, COUNT(DISTINCT c.comment_id) AS comments\n\t\t\t\t\t\tFROM " . ALBUM_TABLE . " AS p\n\t\t\t\t\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON p.pic_user_id = u.user_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_CAT_TABLE . " AS ct ON p.pic_cat_id = ct.cat_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_RATE_TABLE . " AS r ON p.pic_id = r.rate_pic_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_COMMENT_TABLE . " AS c ON p.pic_id = c.comment_pic_id\n\t\t\t\t\t\tWHERE p.pic_cat_id IN ({$allowed_cat}) AND (p.pic_approval = 1 OR ct.cat_approval = 0) AND pic_cat_id IN ({$category_id})\n\t\t\t\t\t\tGROUP BY p.pic_id\n\t\t\t\t\t\tORDER BY pic_time DESC\n\t\t\t\t\t\tLIMIT " . $cms_config_vars['md_pics_number'][$block_id];
} else {
$sql = "SELECT p.*, u.user_id, u.username, u.user_active, u.user_color, r.rate_pic_id, AVG(r.rate_point) AS rating, COUNT(DISTINCT c.comment_id) AS comments\n\t\t\t\t\t\tFROM " . ALBUM_TABLE . " AS p\n\t\t\t\t\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON p.pic_user_id = u.user_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_CAT_TABLE . " AS ct ON p.pic_cat_id = ct.cat_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_RATE_TABLE . " AS r ON p.pic_id = r.rate_pic_id\n\t\t\t\t\t\t\tLEFT JOIN " . ALBUM_COMMENT_TABLE . " AS c ON p.pic_id = c.comment_pic_id\n\t\t\t\t\t\tWHERE p.pic_cat_id IN ({$allowed_cat}) AND (p.pic_approval = 1 OR ct.cat_approval = 0)\n\t\t\t\t\t\tGROUP BY p.pic_id\n\t\t\t\t\t\tORDER BY pic_time DESC\n\t\t\t\t\t\tLIMIT " . $cms_config_vars['md_pics_number'][$block_id];
}
}
$result = $db->sql_query($sql);
$recentrow = array();
while ($row = $db->sql_fetchrow($result)) {
$recentrow[] = $row;
}
$db->sql_freeresult($result);
$total_pics = sizeof($recentrow);
if ($total_pics > 0) {
$total_rows = ceil($total_pics / $cms_config_vars['md_pics_rows_number'][$block_id]);
$total_cols = ceil($total_pics / $cms_config_vars['md_pics_cols_number'][$block_id]);
$image_counter = 0;
while ($image_counter < $total_pics) {
for ($i = 0; $i < $cms_config_vars['md_pics_rows_number'][$block_id]; $i++) {
$template->assign_block_vars('recent_pics', array());
for ($j = 0; $j < $cms_config_vars['md_pics_cols_number'][$block_id]; $j++) {
if ($image_counter >= $total_pics) {
$template->assign_block_vars('recent_pics.recent_no_detail', array());
} else {
if (!$recentrow[$image_counter]['rating']) {
$recentrow[$image_counter]['rating'] = $lang['Not_rated'];
} else {
$recentrow[$image_counter]['rating'] = round($recentrow[$image_counter]['rating'], 2);
}
if ($recentrow[$image_counter]['user_id'] == ALBUM_GUEST || $recentrow[$image_counter]['username'] == '') {
$recent_poster = $recentrow[$image_counter]['pic_username'] == '' ? $lang['Guest'] : $recentrow[$image_counter]['pic_username'];
} else {
$recent_poster = colorize_username($recentrow[$image_counter]['user_id'], $recentrow[$image_counter]['username'], $recentrow[$image_counter]['user_color'], $recentrow[$image_counter]['user_active']);
}
$thumbnail_file = append_sid(album_append_uid('album_thumbnail.' . PHP_EXT . '?pic_id=' . $recentrow[$image_counter]['pic_id']));
if ($album_config['thumbnail_cache'] == true && $album_config['quick_thumbs'] == true) {
$thumbnail_file = picture_quick_thumb($recentrow[$image_counter]['pic_filename'], $recentrow[$image_counter]['pic_thumbnail'], $thumbnail_file);
}
$pic_sp_link = append_sid(album_append_uid('album_showpage.' . PHP_EXT . '?pic_id=' . $recentrow[$image_counter]['pic_id']));
$pic_dl_link = append_sid(album_append_uid('album_pic.' . PHP_EXT . '?pic_id=' . $recentrow[$image_counter]['pic_id']));
$template->assign_block_vars('recent_pics.recent_detail', array('U_PIC' => $album_config['fullpic_popup'] ? $pic_dl_link : $pic_sp_link, 'U_PIC_SP' => $pic_sp_link, 'U_PIC_DL' => $pic_dl_link, 'IS_FIRST_PIC' => $image_counter == 0 ? true : false, 'THUMBNAIL' => $thumbnail_file, 'DESC' => $recentrow[$image_counter]['pic_desc'], 'TITLE' => $recentrow[$image_counter]['pic_title'], 'POSTER' => $recent_poster, 'TIME' => create_date_ip($config['default_dateformat'], $recentrow[$image_counter]['pic_time'], $config['board_timezone']), 'VIEW' => $recentrow[$image_counter]['pic_view_count'], 'RATING' => $album_config['rate'] == 1 ? $lang['Rating'] . ': ' . $recentrow[$image_counter]['rating'] . '<br />' : '', 'COMMENTS' => $album_config['comment'] == 1 ? $lang['Comments'] . ': ' . $recentrow[$image_counter]['comments'] . '<br />' : ''));
if ($image_counter == 0) {
$template->assign_vars(array('HS_GALLERY_ID' => 'hs_gallery_id_' . $recentrow[$image_counter]['pic_id'], 'HS_PIC_ID' => 'hs_pic_id_' . $recentrow[$image_counter]['pic_id'], 'HS_PIC_TITLE' => $recentrow[$image_counter]['pic_title'], 'HS_PIC_FULL' => $pic_dl_link, 'HS_PIC_THUMB' => $thumbnail_file));
}
}
$image_counter++;
}
}
}
} else {
// No Pics Found
$template->assign_block_vars('no_pics', array());
$no_pics = true;
}
} else {
// No Cats Found
$template->assign_block_vars('no_pics', array());
$no_pics = true;
}
$template->assign_vars(array('S_COL_WIDTH' => 100 / ($cms_config_vars['md_pics_cols_number'][$block_id] == 0 ? 4 : $cms_config_vars['md_pics_cols_number'][$block_id]) . '%', 'S_THUMBNAIL_SIZE' => $album_config['thumbnail_size'], 'TARGET_BLANK' => $album_config['fullpic_popup'] ? 'target="_blank"' : '', 'S_HIGHSLIDE' => !empty($config['thumbnail_highslide']) ? true : false, 'S_HIGHSLIDER' => !empty($cms_config_vars['md_pics_slider'][$block_id]) ? true : false, 'S_JQ_NIVO_SLIDER' => !empty($cms_config_vars['md_pics_slider'][$block_id]) ? true : false, 'S_SLIDER_ID' => 'cms_slider_' . $block_id, 'S_NO_PICS' => !empty($no_pics) ? true : false, 'L_NO_PICS' => $lang['No_Pics'], 'L_PIC_TITLE' => $lang['Pic_Title'], 'L_VIEW' => $lang['View'], 'L_POSTER' => $lang['Poster'], 'L_POSTED' => $lang['Posted'], 'U_ALBUM' => append_sid('album.' . PHP_EXT), 'L_ALBUM' => $lang['Album']));
}
if (empty($thispic)) {
die($lang['Pic_not_exist']);
}
// Get the current Category Info
if ($cat_id != PERSONAL_GALLERY) {
$sql = "SELECT *\n\t\t\tFROM " . ALBUM_CAT_TABLE . "\n\t\t\tWHERE cat_id = '{$cat_id}'";
$result = $db->sql_query($sql);
$thiscat = $db->sql_fetchrow($result);
} else {
$thiscat = init_personal_gallery_cat($user_id);
}
if (empty($thiscat)) {
die($lang['Category_not_exist']);
}
// Check the permissions
$album_user_access = album_user_access($cat_id, $thiscat, 1, 0, 0, 0, 0, 0);
// VIEW
if ($album_user_access['view'] == 0) {
die($lang['Not_Authorized']);
}
// Check Pic Approval
if ($user->data['user_level'] != ADMIN) {
if ($thiscat['cat_approval'] == ADMIN or $thiscat['cat_approval'] == MOD and !$album_user_access['moderator']) {
if ($thispic['pic_approval'] != 1) {
die($lang['Not_Authorized']);
}
}
}
// Generate avatar filename
$avatar_filename = uniqid(rand()) . '.' . $pic_filetype;
// Get image size
$index_url = $fap_full_url . 'album_showpage.' . PHP_EXT;
$thumb_url = $fap_full_url . 'album_thumbnail.' . PHP_EXT;
// If not set, set the output count to 25
$count = request_var('np', 25);
$count = $count <= 0 ? 25 : $count;
// BEGIN Recent Photos
// Start check permissions
$sql_allowed_cat = '';
$check_sel = $admin_mode ? 0 : 1;
if ($user->data['user_level'] != ADMIN) {
$album_user_access = personal_gallery_access(true, false);
$not_allowed_cat = $album_user_access['view'] == 1 ? '' : '0';
$sql = "SELECT c.*\n\t\tFROM " . ALBUM_CAT_TABLE . " AS c\n\t\tWHERE cat_id <> 0";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$album_user_access = album_user_access($row['cat_id'], $row, 1, 0, 0, 0, 0, 0);
// VIEW
if ($admin_mode) {
if ($album_user_access['moderator'] != 1 || $row['cat_approval'] != MOD) {
$not_allowed_cat .= $not_allowed_cat == '' ? $row['cat_id'] : ',' . $row['cat_id'];
}
} else {
if ($album_user_access['view'] != 1) {
$not_allowed_cat .= $not_allowed_cat == '' ? $row['cat_id'] : ',' . $row['cat_id'];
}
}
}
$sql_not_allowed_cat = empty($not_allowed_cat) ? '' : "AND pic_cat_id NOT IN ({$not_allowed_cat})";
}
// End check permissions
$NotErrorFlag = false;
function album_permissions($user_id, $cat_id, $permission_checks, $catdata = 0)
{
global $db, $user, $lang, $album_config, $album_data;
$moderator_check = 1;
if (album_is_debug_enabled() == true) {
if (!defined('ALBUM_AUTH_VIEW') || !defined('ALBUM_AUTH_UPLOAD') || !defined('ALBUM_AUTH_DELETE')) {
album_debug("album_permissions : The defined authentication constants are NOT found !!!");
}
}
$view_check = (int) checkFlag($permission_checks, ALBUM_AUTH_VIEW);
$upload_check = (int) checkFlag($permission_checks, ALBUM_AUTH_UPLOAD);
$rate_check = (int) checkFlag($permission_checks, ALBUM_AUTH_RATE);
$comment_check = (int) checkFlag($permission_checks, ALBUM_AUTH_COMMENT);
$edit_check = (int) checkFlag($permission_checks, ALBUM_AUTH_EDIT);
$delete_check = (int) checkFlag($permission_checks, ALBUM_AUTH_DELETE);
// ------------------------------------------------------------------------
// if we are checkinfg the personal gallery category management permission
// we need to do these also : view and upload
// ------------------------------------------------------------------------
if (checkFlag($permission_checks, ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES) == true) {
$view_check = 1;
$upload_check = 1;
}
// ------------------------------------------------------------------------
// did we pass some category data or not ?
// ------------------------------------------------------------------------
if (!is_array($catdata)) {
$sql = "SELECT *\n\t\t\t\tFROM " . ALBUM_CAT_TABLE . "\n\t\t\t\tWHERE cat_id = '{$cat_id}'";
$result = $db->sql_query($sql);
// ------------------------------------------------------------------------
// did we find the category or not ?
// ------------------------------------------------------------------------
if ($db->sql_numrows($result) == 0) {
// ------------------------------------------------------------------------
// is it a personal gallery ?
// ------------------------------------------------------------------------
if ($user_id != ALBUM_PUBLIC_GALLERY) {
$AH_thiscat = init_personal_gallery_cat($user_id);
$album_permission = personal_gallery_access(1, 1);
//$view_check, $upload_check);
} else {
message_die(GENERAL_ERROR, $lang['Category_not_exist'], '', __LINE__, __FILE__, $sql);
}
} else {
$AH_thiscat = $db->sql_fetchrow($result);
}
} else {
$AH_thiscat = $catdata;
// ------------------------------------------------------------------------
// it is the root category of a non existing personal gallery
// ------------------------------------------------------------------------
if ($AH_thiscat['cat_user_id'] != 0 && $AH_thiscat['cat_id'] == 0) {
$album_permission = personal_gallery_access(1, 1);
//$view_check, $upload_check);
}
}
// ------------------------------------------------------------------------
// if we set our $AH_thiscat and not our permission array then we must
// authenticate it
// ------------------------------------------------------------------------
if (album_is_debug_enabled() == true) {
album_debug('album_permissions : before album_user_access : %s(id=%d), $album_permission = %s', $AH_thiscat['cat_title'], $AH_thiscat['cat_id'], $album_permission);
}
if (!empty($AH_thiscat) && !is_array($album_permission)) {
$album_permission = album_user_access($cat_id, $AH_thiscat, $view_check, $upload_check, $rate_check, $comment_check, $edit_check, $delete_check);
}
if (album_is_debug_enabled() == true) {
album_debug('album_permissions : after album_user_access : %s(id=%d), $album_permission = %s', $AH_thiscat['cat_title'], $AH_thiscat['cat_id'], $album_permission);
}
// ------------------------------------------------------------------------
// as default nobody can manage the galleries (personal galleries that is)
// check is done later, but only for personal galleries, so its not possible
// to manage the categories in the public galleries, only in the ACP
// ------------------------------------------------------------------------
$album_permission['manage'] = 0;
// ------------------------------------------------------------------------
// $album_permission should now hold our permission stuff for either a personal
// gallery or a public gallery.
// lets now do some more authentication for the personal galleries
// ------------------------------------------------------------------------
if ($AH_thiscat['cat_user_id'] != 0) {
if (album_is_debug_enabled() == true) {
album_Debug('$album_config[\'personal_gallery\'] = %d', $album_config['personal_gallery']);
}
switch ($album_config['personal_gallery']) {
case ALBUM_USER:
// ------------------------------------------------------------------------
// are we checking a non existing personal gallery ?
// ------------------------------------------------------------------------
if (empty($AH_thiscat) || $AH_thiscat['cat_id'] == 0 || $cat_id == ALBUM_ROOT_CATEGORY) {
// ------------------------------------------------------------------------
// if the admin has set the creation of personal galleries to 'registered users'
// then filter out all other users then the current logged in user (and NON ADMIN)
// ------------------------------------------------------------------------
if ($user->data['user_id'] != $AH_thiscat['cat_user_id'] && $user->data['user_level'] != ADMIN) {
$album_permission['upload'] = 0;
}
// ------------------------------------------------------------------------
// set the other permissions to the same value of the upload
// for this non exsting personal gallery,
// ------------------------------------------------------------------------
$album_permission['rate'] = $album_permission['upload'];
$album_permission['edit'] = $album_permission['upload'];
$album_permission['delete'] = $album_permission['upload'];
$album_permission['comment'] = $album_permission['upload'];
}
break;
case ALBUM_ADMIN:
// ------------------------------------------------------------------------
// Only admins can upload images to users personal gallery
// ------------------------------------------------------------------------
if ($user->data['user_level'] != ADMIN) {
$album_permission['upload'] = 0;
}
break;
default:
// NOTHING;
}
// ------------------------------------------------------------------------
// we need to check the upload permission again to full fill all the
// permission criterias
// ------------------------------------------------------------------------
switch ($AH_thiscat['cat_upload_level']) {
case ALBUM_PRIVATE:
// ------------------------------------------------------------------------
// make sure the owner of the personal gallery can upload to his personal gallery
// it the permission is set to private BUT only for existing personal galleries
// if ($AH_thiscat['cat_id'] != 0 && ($user_id == $user->data['user_id']) )
// ------------------------------------------------------------------------
if ($AH_thiscat['cat_id'] != 0 && $AH_thiscat['cat_user_id'] == $user->data['user_id']) {
if ($album_config['personal_gallery'] == ALBUM_ADMIN && $user->data['user_level'] != ADMIN) {
$album_permission['upload'] = 0;
} else {
$album_permission['upload'] = 1;
}
}
break;
default:
// NOTHING;
}
// ------------------------------------------------------------------------
// Check if we can moderate the personal gallery AND also check if we can
// manage the personal gallery categories
// ------------------------------------------------------------------------
if ($user->data['user_level'] == ADMIN || $album_permission['upload'] == 1 && $album_config['personal_allow_gallery_mod'] == 1 && $AH_thiscat['cat_user_id'] == $user->data['user_id']) {
$album_permission['moderator'] = 1;
}
if ($user->data['user_level'] == ADMIN || $album_config['personal_allow_sub_categories'] == 1 && $album_config['personal_sub_category_limit'] != 0 && $AH_thiscat['cat_user_id'] == $user->data['user_id'] && $album_permission['upload'] == 1) {
$album_permission['manage'] = 1;
}
// ------------------------------------------------------------------------
// If $moderator_check was called and this user is a MODERATOR the user
// will be authorized for all accesses which were not set to ADMIN
// except for the management of the categories in the personal gallery
// ------------------------------------------------------------------------
if ($album_permission['moderator'] == 1) {
$album_permission_keys = array_keys($album_permission);
for ($i = 0; $i < sizeof($album_permission); $i++) {
if ($AH_thiscat['cat_' . $album_permission_keys[$i] . '_level'] != ALBUM_ADMIN && $album_permission_keys[$i] != 'manage') {
$album_permission[$album_permission_keys[$i]] = 1;
}
}
}
}
if (album_is_debug_enabled() == true) {
album_debug('final : $album_permission = %s', $album_permission);
}
return $album_permission;
}
