/** * This function handles granular permissions levels (where as communities_module_access handles higer level permissions) * for the actual gallery comments. * * @param int $cgallery_id * @param string $section * @return bool */ function galleries_comment_module_access($cgcomment_id = 0, $section = "") { global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $ENTRADA_USER; $allow_to_load = false; if ((bool) $LOGGED_IN && (bool) $COMMUNITY_MEMBER && (bool) $COMMUNITY_ADMIN) { $allow_to_load = true; } else { if ($cgcomment_id = (int) $cgcomment_id) { $query = "SELECT * FROM `community_gallery_comments` WHERE `cgcomment_id` = " . $db->qstr($cgcomment_id) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID); $result = $db->CacheGetRow(CACHE_TIMEOUT, $query); if ($result) { if ($allow_to_load = galleries_module_access($result["cgallery_id"], $section)) { switch ($section) { case "delete-comment": case "edit-comment": if ($ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) { $allow_to_load = false; } break; default: continue; break; } } } } if ($allow_to_load) { if ((int) $result["comment_active"]) { /** * You're good to go, no further checks at this time. * If you need to add more checks, this is there they would go. */ } else { $NOTICE++; $NOTICESTR[] = "This comment was deactivated <strong>" . date(DEFAULT_DATE_FORMAT, $result["updated_date"]) . "</strong> by <strong>" . html_encode(get_account_data("firstlast", $result["updated_by"])) . "</strong>.<br /><br />If there has been a mistake or you have questions relating to this issue please contact the MEdTech Unit directly."; $allow_to_load = false; } } else { if (!$ERROR) { $ERROR++; $ERRORSTR[] = "You do not have access to this comment.<br /><br />If you believe there has been a mistake, please contact a community administrator for assistance."; } } } return $allow_to_load; }
if ($progress + 1 == $total_photos && $column != 3) { echo "<td colspan=\"" . (3 - $column) . "\"> </td>\n"; } elseif ($column == 3) { $column = 0; echo "</tr>\n"; echo "<tr>\n"; } } ?> </tr> </tbody> </table> <?php } else { $NOTICE++; $NOTICESTR[] = "<strong>No photos in this gallery.</strong><br /><br />" . (galleries_module_access($RECORD_ID, "add-photo") ? "If you would like to upload a new photo, <a href=\"" . COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-photo&id=" . $RECORD_ID . "\">click here</a>." : "Please check back later."); echo display_notice(); } ?> </div> <?php if ($LOGGED_IN) { add_statistic("community:" . $COMMUNITY_ID . ":galleries", "gallery_view", "cgallery_id", $RECORD_ID); } } else { if ($ERROR) { echo display_error(); } if ($NOTICE) { echo display_notice(); }
*/ if (!defined("COMMUNITY_INCLUDED") || !defined("IN_GALLERIES")) { exit; } elseif (!$COMMUNITY_LOAD) { exit; } $HEAD[] = "<link href=\"" . ENTRADA_URL . "/javascript/calendar/css/xc2_default.css?release=" . html_encode(APPLICATION_VERSION) . "\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/config/xc2_default.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/script/xc2_inpage.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/galleries.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; echo "<h1>Upload Photo</h1>\n"; if ($RECORD_ID) { $query = "SELECT * FROM `community_galleries` WHERE `cgallery_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID); $gallery_record = $db->GetRow($query); if ($gallery_record) { if (galleries_module_access($RECORD_ID, "add-photo")) { $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-gallery&id=" . $gallery_record["cgallery_id"], "title" => limit_chars($gallery_record["gallery_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-photo&id=" . $RECORD_ID, "title" => "Upload Photo"); $photo_uploads = array(); if (array_count_values($copyright_settings = (array) $translate->_("copyright")) > 1 && isset($copyright_settings["copyright-uploads"]) && strlen($copyright_settings["copyright-uploads"])) { $COPYRIGHT = true; } else { $COPYRIGHT = false; } // Error Checking switch ($STEP) { case 2: if (isset($_FILES["photo_files"]) && is_array($_FILES["photo_files"])) { if (!defined("COMMUNITY_STORAGE_GALLERIES") || !@is_dir(COMMUNITY_STORAGE_GALLERIES) || !@is_writable(COMMUNITY_STORAGE_GALLERIES)) { $error_current++; $ERROR++;
function community_module_permissions_check($proxy_id, $module, $module_section, $record_id) { global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $PAGE_ID; switch ($module) { case "discussions": require_once COMMUNITY_ABSOLUTE . "/modules/discussions.inc.php"; return discussion_module_access($record_id, "view-post"); break; case "galleries": require_once COMMUNITY_ABSOLUTE . "/modules/galleries.inc.php"; return galleries_module_access($record_id, "view-photo"); break; case "shares": require_once COMMUNITY_ABSOLUTE . "/modules/shares.inc.php"; return shares_module_access($record_id, "view-file"); break; case "polls": require_once COMMUNITY_ABSOLUTE . "/modules/polls.inc.php"; return polls_module_access($record_id, "view-poll"); break; default: return true; break; } }
*/ @ob_end_clean(); @ob_end_clean(); header("Cache-Control: max-age=2592000"); header("Content-Type: " . $photo_record["photo_mimetype"]); header("Content-Length: " . @filesize($display_file)); header("Content-Disposition: inline; filename=\"thumbnail-" . $photo_record["photo_filename"] . "\""); header("Content-Transfer-Encoding: binary\n"); echo @file_get_contents($display_file, FILE_BINARY); exit; break; default: if (galleries_photo_module_access($RECORD_ID, "view-photo")) { $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-gallery&id=" . $photo_record["cgallery_id"], "title" => limit_chars($photo_record["gallery_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-photo&id=" . $RECORD_ID, "title" => limit_chars($photo_record["photo_title"], 32)); $ADD_COMMENT = galleries_module_access($photo_record["cgallery_id"], "add-comment"); $NAVIGATION = galleries_photo_navigation($photo_record["cgallery_id"], $RECORD_ID); $community_galleries_select = community_galleries_in_select($photo_record["cgallery_id"]); ?> <script type="text/javascript"> function photoDelete(id) { Dialog.confirm('Do you really wish to remove the '+ $('photo-' + id + '-title').innerHTML +' photo?<br /><br />If you confirm this action, you will be deactivating this photo and any comments.', { id: 'requestDialog', width: 350, height: 125, title: 'Delete Confirmation', className: 'medtech', okLabel: 'Yes', cancelLabel: 'No', closable: 'true',
* @copyright Copyright 2010 Queen's University. All Rights Reserved. * */ if (!defined("COMMUNITY_INCLUDED") || !defined("IN_GALLERIES")) { exit; } elseif (!$COMMUNITY_LOAD) { exit; } $HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/galleries.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; echo "<h1>Add Photo Comment</h1>\n"; if ($RECORD_ID) { $query = "\tSELECT a.*, b.`gallery_title`, b.`admin_notifications`\n\t\t\t\tFROM `community_gallery_photos` AS a\n\t\t\t\tLEFT JOIN `community_galleries` AS b\n\t\t\t\tON a.`cgallery_id` = b.`cgallery_id`\n\t\t\t\tWHERE a.`community_id` = " . $db->qstr($COMMUNITY_ID) . "\n\t\t\t\tAND b.`cpage_id` = " . $db->qstr($PAGE_ID) . "\n\t\t\t\tAND a.`cgphoto_id` = " . $db->qstr($RECORD_ID) . "\n\t\t\t\tAND a.`photo_active` = '1'\n\t\t\t\tAND b.`gallery_active` = '1'"; $photo_record = $db->GetRow($query); if ($photo_record) { if ((int) $photo_record["photo_active"]) { if (galleries_module_access($photo_record["cgallery_id"], "add-comment")) { $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-gallery&id=" . $photo_record["cgallery_id"], "title" => limit_chars($photo_record["gallery_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-photo&id=" . $RECORD_ID, "title" => limit_chars($photo_record["photo_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-comment&id=" . $RECORD_ID, "title" => "Add Photo Comment"); communities_load_rte(); // Error Checking switch ($STEP) { case 2: /** * Required field "title" / Comment Title. */ if (isset($_POST["comment_title"]) && ($title = clean_input($_POST["comment_title"], array("notags", "trim")))) { $PROCESSED["comment_title"] = $title; } else { $PROCESSED["comment_title"] = ""; }