/**
* Checks to see access is allowed to an album
* Returns true if access is allowed.
* There is no password dialog--you must have already had authorization via a cookie.
*
* @param string $albumname the album
* @param string &$hint becomes populated with the password hint.
* @return bool
*/
function checkAlbumPassword($albumname, &$hint)
{
global $_zp_pre_authorization, $_zp_loggedin;
if (zp_loggedin(ADMIN_RIGHTS | VIEWALL_RIGHTS | ALL_ALBUMS_RIGHTS)) {
return true;
}
if ($_zp_loggedin) {
if (isMyAlbum($albumname, ALL_RIGHTS)) {
return true;
}
// he is allowed to see it.
}
if (isset($_zp_pre_authorization[$albumname])) {
return true;
}
$album = new album($_zp_gallery, $albumname);
$hash = $album->getPassword();
if (empty($hash)) {
$album = $album->getParent();
while (!is_null($album)) {
$hash = $album->getPassword();
$authType = "zp_album_auth_" . cookiecode($album->name);
$saved_auth = zp_getCookie($authType);
if (!empty($hash)) {
if ($saved_auth != $hash) {
$hint = $album->getPasswordHint();
return false;
}
}
$album = $album->getParent();
}
// revert all tlhe way to the gallery
$hash = getOption('gallery_password');
$authType = 'zp_gallery_auth';
$saved_auth = zp_getCookie($authType);
if (!empty($hash)) {
if ($saved_auth != $hash) {
$hint = get_language_string(getOption('gallery_hint'));
return false;
}
}
} else {
$authType = "zp_album_auth_" . cookiecode($album->name);
$saved_auth = zp_getCookie($authType);
if ($saved_auth != $hash) {
$hint = $album->getPasswordHint();
return false;
}
}
$_zp_pre_authorization[$albumname] = true;
return true;
}
