/** * Checks to see access is allowed to an album * Returns true if access is allowed. * There is no password dialog--you must have already had authorization via a cookie. * * @param string $albumname the album * @param string &$hint becomes populated with the password hint. * @return bool */ function checkAlbumPassword($albumname, &$hint) { global $_zp_pre_authorization, $_zp_loggedin; if (zp_loggedin(ADMIN_RIGHTS | VIEWALL_RIGHTS | ALL_ALBUMS_RIGHTS)) { return true; } if ($_zp_loggedin) { if (isMyAlbum($albumname, ALL_RIGHTS)) { return true; } // he is allowed to see it. } if (isset($_zp_pre_authorization[$albumname])) { return true; } $album = new album($_zp_gallery, $albumname); $hash = $album->getPassword(); if (empty($hash)) { $album = $album->getParent(); while (!is_null($album)) { $hash = $album->getPassword(); $authType = "zp_album_auth_" . cookiecode($album->name); $saved_auth = zp_getCookie($authType); if (!empty($hash)) { if ($saved_auth != $hash) { $hint = $album->getPasswordHint(); return false; } } $album = $album->getParent(); } // revert all tlhe way to the gallery $hash = getOption('gallery_password'); $authType = 'zp_gallery_auth'; $saved_auth = zp_getCookie($authType); if (!empty($hash)) { if ($saved_auth != $hash) { $hint = get_language_string(getOption('gallery_hint')); return false; } } } else { $authType = "zp_album_auth_" . cookiecode($album->name); $saved_auth = zp_getCookie($authType); if ($saved_auth != $hash) { $hint = $album->getPasswordHint(); return false; } } $_zp_pre_authorization[$albumname] = true; return true; }