/**
* get_subcat_data()
*
* function get the list of all the subcategories for the given category
*/
function get_subcat_data($parent, $ident = '')
{
global $CONFIG, $catStr, $parentAlubm;
if ($parentAlubm != 1) {
$parentAlubm = 1;
if ($parent == 0) {
$catStr .= "\n{$ident}<cat>\n {$ident}<id>{$parent}</id>\n {$ident}<name>Parent</name>";
} else {
$sql = "SELECT cid, name, description " . "FROM {$CONFIG['TABLE_CATEGORIES']} " . "WHERE cid = '{$parent}' " . "ORDER BY pos";
$result = cpg_db_query($sql);
$row = cpg_db_fetch_row($result);
mysql_free_result($results);
$catStr .= "\n{$ident}<cat>\n {$ident}<id>{$row['cid']}</id>\n {$ident}<name>{$row['name']}</name>";
}
get_album_data($parent, " ");
}
if ($parent == 1) {
/**
* This is a user category and the categories inside this are not listed in categories table
* So, we need to loop in the users table and create category id's and get the albums in it
*/
if (USER_IS_ADMIN) {
//Get all user albums
$sql = "SELECT user_name, user_id FROM {$CONFIG['TABLE_USERS']}";
$result = cpg_db_query($sql);
if (($cat_count = mysql_num_rows($result)) > 0) {
$rowset = cpg_db_fetch_rowset($result);
foreach ($rowset as $cat) {
$catStr .= "\n {$ident}<cat>\n {$ident}<id>" . (FIRST_USER_CAT + $cat['user_id']) . "</id>\n {$ident}<name>{$cat['user_name']}</name>";
get_album_data(FIRST_USER_CAT + $cat['user_id'], $ident . " ");
$catStr .= "\n {$ident}</cat>";
}
}
} elseif (USER_ID) {
//Get only current users albums
$catStr .= "\n {$ident}<cat>\n {$ident}<id>" . (FIRST_USER_CAT + USER_ID) . "</id>\n {$ident}<name>" . USER_NAME . "</name>";
get_album_data(FIRST_USER_CAT + USER_ID, $ident . " ");
$catStr .= "\n {$ident}</cat>";
}
} else {
$sql = "SELECT cid, name, description " . "FROM {$CONFIG['TABLE_CATEGORIES']} " . "WHERE parent = '{$parent}' " . "ORDER BY pos";
$result = cpg_db_query($sql);
if (($cat_count = mysql_num_rows($result)) > 0) {
$rowset = cpg_db_fetch_rowset($result);
$pos = 0;
foreach ($rowset as $subcat) {
$catStr .= "\n {$ident}<cat>\n {$ident}<id>{$subcat['cid']}</id>\n {$ident}<name>{$subcat['name']}</name>";
get_album_data($subcat['cid'], $ident . " ");
get_subcat_data($subcat['cid'], $ident . " ");
$catStr .= "\n {$ident}</cat>";
}
}
}
}
function session_extraction()
{
$superCage = Inspekt::makeSuperCage();
if ($superCage->cookie->keyExists('session_id')) {
$session_id = $superCage->cookie->getEscaped('session_id');
$sql = "SELECT member_id, member_login_key FROM {$this->sessionstable} AS s INNER JOIN {$this->usertable} AS u ON s.member_id = u.id WHERE s.id = '{$session_id}'";
$result = $this->query($sql);
if (cpg_db_num_rows($result)) {
$row = cpg_db_fetch_row($result);
$result->free();
return $row;
}
} else {
return false;
}
}
function session_extraction()
{
$superCage = Inspekt::makeSuperCage();
if (!$superCage->cookie->keyExists('sid')) {
return false;
}
$this->sid = $superCage->cookie->getEscaped('sid');
if (!$this->sid) {
return false;
}
$result = $this->query("SELECT u.{$this->field['user_id']}, u.{$this->field['password']}, additionalgroups\n FROM {$this->sessionstable} AS s\n INNER JOIN {$this->usertable} AS u ON u.uid = s.uid\n WHERE sid = '" . $this->sid . "'");
if (!cpg_db_num_rows($result)) {
return false;
}
$row = cpg_db_fetch_row($result);
$result->free();
$this->additionalgroups = array_pop($row);
$this->logoutkey = md5($row[1]);
return $row;
}
function get_groups($row)
{
$id = $row['id'];
$sql = "SELECT id FROM {$this->groupstable}, {$this->usertable} WHERE {$this->field['usertbl_group_id']} = {$this->field['grouptbl_group_id']} AND {$this->field['user_id']}='{$id}'";
$result = $this->query($sql);
if (cpg_db_num_rows($result)) {
$row = cpg_db_fetch_row($result);
if ($this->use_post_based_groups) {
$row = array($row[0] + 100);
} else {
if (in_array($row[0], $this->admingroups)) {
$row = array(1);
} else {
$row = array(2);
}
}
$result->free();
return $row;
} else {
return false;
}
}
/**
* user_is_allowed()
*
* Check if a user is allowed to edit pictures/albums
*
* @return boolean $check_approve
*/
function user_is_allowed($include_upload_permissions = true)
{
if (GALLERY_ADMIN_MODE) {
return true;
}
$check_approve = false;
global $USER_DATA, $CONFIG;
$superCage = Inspekt::makeSuperCage();
//get albums this user can edit
if ($superCage->get->keyExists('album')) {
$album_id = $superCage->get->getInt('album');
} elseif ($superCage->post->keyExists('aid')) {
$album_id = $superCage->post->getInt('aid');
} else {
//workaround when going straight to modifyalb.php and no album is set in superglobals
if (defined('MODIFYALB_PHP')) {
//check if the user has any album available
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE owner = " . $USER_DATA['user_id'] . " LIMIT 1");
$temp_album_id = cpg_db_fetch_row($result);
$album_id = $temp_album_id['aid'];
} else {
$album_id = 0;
}
}
$result = cpg_db_query("SELECT DISTINCT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE owner = '" . $USER_DATA['user_id'] . "' AND aid='{$album_id}'");
$allowed_albums = cpg_db_fetch_rowset($result);
$cat = $allowed_albums ? $allowed_albums[0]['category'] : '';
if ($cat != '') {
$check_approve = true;
}
// We should also whether user has upload permission to the current album. but do this only if album id is set
if ($album_id && $include_upload_permissions) {
$public_albums = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND ((uploads='YES' AND (visibility = '0' OR visibility IN " . USER_GROUP_SET . " OR alb_password != '')) OR (owner=" . USER_ID . ")) AND aid={$album_id}");
if (count(cpg_db_fetch_rowset($public_albums))) {
$check_approve = true;
define('USER_UPLOAD_ALLOWED', 1);
}
mysql_free_result($public_albums);
}
//check if admin allows editing after closing category
if ($CONFIG['allow_user_edit_after_cat_close'] == 0) {
//Disallowed -> Check if album is in such a category
$result = cpg_db_query("SELECT DISTINCT aid FROM {$CONFIG['TABLE_ALBUMS']} AS alb INNER JOIN {$CONFIG['TABLE_CATMAP']} AS catm ON alb.category=catm.cid WHERE alb.owner = '" . $USER_DATA['user_id'] . "' AND alb.aid='{$album_id}' AND catm.group_id='" . $USER_DATA['group_id'] . "'");
$allowed_albums = cpg_db_fetch_rowset($result);
if ($allowed_albums && $allowed_albums[0]['aid'] == '' && $cat != FIRST_USER_CAT + USER_ID) {
$check_approve = false;
} elseif ($cat == FIRST_USER_CAT + USER_ID) {
$check_approve = true;
}
}
return $check_approve;
}
function buildForm($val, $what)
{
global $CONFIG, $catPerPage, $picPerPage, $albPerPage, $start;
$langArr = explode(',', $CONFIG['mod_active_lang']);
$langCount = count($langArr);
if ($what == 'getAlb' && $val == 'none') {
return;
}
if ($what == 'getCat' && !$val) {
return;
}
if ($what == 'picAlbum' && !$val) {
return;
}
if ($what == 'getCat') {
$lowerLimit = $start * $catPerPage * $langCount;
$higherLimit = $catPerPage * $langCount;
$hiddenFields = '<input type="hidden" name="category" value="' . $val . '">';
$queryString = "&category={$val}";
$query = "SELECT * FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE original != '' AND (type = 'catName' OR type = 'catDesc') ORDER BY origId, type LIMIT {$lowerLimit}, {$higherLimit}";
$countQuery = "SELECT count(id) FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE original != '' AND (type = 'catName' OR type = 'catDesc')";
} elseif ($what == 'getAlb') {
// Get the albums for the selected category..
if ($val == 1) {
$whereClause = " WHERE category > '" . FIRST_USER_CAT . "'";
} else {
$whereClause = " WHERE category = '{$val}'";
}
$query = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} {$whereClause}";
$result = cpg_db_query($query);
$aidArr = array();
while ($row = cpg_db_fetch_row($result)) {
$aidArr[] = $row['aid'];
}
if (!count($aidArr)) {
cpg_die(ERROR, 'No albums in this category', __FILE__, __LINE__);
}
$aidStr = implode(',', $aidArr);
$lowerLimit = $start * $albPerPage * $langCount;
$higherLimit = $albPerPage * $langCount;
$hiddenFields = '<input type="hidden" name="category" value="' . $val . '">';
$queryString = "&category={$val}";
$query = "SELECT * FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE origId IN ({$aidStr}) AND original != '' AND (type = 'albName' OR type = 'albDesc') ORDER BY origId, type LIMIT {$lowerLimit}, {$higherLimit}";
$countQuery = "SELECT count(id) FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE origId IN ({$aidStr}) AND original != '' AND (type = 'albName' OR type = 'albDesc')";
} elseif ($what == 'getPic') {
$query = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE aid = '{$val}'";
$result = cpg_db_query($query);
$pidArr = array();
while ($row = cpg_db_fetch_row($result)) {
$pidArr[] = $row['pid'];
}
if (!count($pidArr)) {
cpg_die(ERROR, 'No pictures in this album', __FILE__, __LINE__);
}
$pidStr = implode(',', $pidArr);
$lowerLimit = $start * $picPerPage * $langCount;
$higherLimit = $picPerPage * $langCount;
$hiddenFields = '<input type="hidden" name="picAlbum" value="' . $val . '">';
$queryString = "&picAlbum={$val}";
$query = "SELECT * FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE origId IN ({$pidStr}) AND original != '' AND (type = 'picTitle' OR type = 'picDesc') ORDER BY origId, type LIMIT {$lowerLimit}, {$higherLimit}";
$countQuery = "SELECT count(id) FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE origId IN ({$pidStr}) AND original != '' AND (type = 'picTitle' OR type = 'picDesc')";
}
$result = cpg_db_query($query);
$countResult = cpg_db_query($countQuery);
while ($row1 = cpg_db_fetch_row($result)) {
$rowset[$row1['origId']][$row1['type']]['lang'][$row1['lang']] = array($row1['id'], $row1['translated']);
$rowset[$row1['origId']][$row1['type']]['original'] = $row1['original'];
}
$nr = cpg_db_fetch_row($countResult);
$totalCount = $nr[0];
$totalPages = ceil($totalCount / $higherLimit);
echo "<br />\n <form method=\"post\" action=\"mod_lang.php\">\n";
starttable('100%', 'Manage multiple language strings', 2);
foreach ($rowset as $origId => $typeArr) {
foreach ($typeArr as $typeKey => $type) {
switch ($typeKey) {
case 'catName':
$elementName = 'category name';
$elementType = 'text';
break;
case 'catDesc':
$elementName = 'category description';
$elementType = 'textarea';
break;
case 'albName':
$elementName = 'album name';
$elementType = 'text';
break;
case 'albDesc':
$elementName = 'album description';
$elementType = 'textarea';
break;
case 'picTitle':
$elementName = 'picture title';
$elementType = 'text';
break;
case 'picDesc':
$elementName = 'picture description';
$elementType = 'textarea';
break;
}
echo "<tr>\n <td class=\"tableh2\">\n Original {$elementName}\n </td>\n <td class=\"tableh2\">\n " . nl2br($type['original']) . "\n </td>\n </tr>";
foreach ($type['lang'] as $lang => $val) {
echo "<tr>\n <td class=\"tableb\" valign=\"top\">\n Translation In {$lang}\n </td>\n <td class=\"tableb\">\n ";
if ($elementType == 'textarea') {
echo "<textarea name=\"{$val[0]}\" rows=\"2\" cols=\"40\">{$val[1]}</textarea>";
} else {
echo "<input type=\"{$elementType}\" name=\"{$val[0]}\" value=\"{$val[1]}\" size=\"50\">";
}
echo "</td>\n </tr>";
}
echo "<tr>\n <td class=\"tableh1\" colspan=\"2\" align=\"right\">\n \n </td>\n </tr>";
}
}
echo "<tr>\n <td class=\"tablehb_compact\" colspan=\"2\" align=\"right\">\n Page ";
for ($i = 1; $i <= $totalPages; $i++) {
//print "I:$i|";
if ($i - 1 == $start) {
echo " {$i}";
} else {
echo " <a href=\"mod_lang.php?what={$what}&start=" . ($i - 1) . "{$queryString}\">{$i}</a>";
}
}
echo "</td>\n </tr>";
echo "<tr>\n <td align=\"center\" colspan=\"2\">\n <input type=\"submit\" value=\"Submit\">\n </td>\n </tr>";
endtable();
echo <<<EOT
<input type="hidden" name="what" value="{$what}">
<input type="hidden" name="update" value="update">
<input type="hidden" name="start" value="{$start}">
{$hiddenFields}
</form>
EOT;
}
$public_albums_list_no_cat = cpg_db_fetch_rowset($public_albums_no_cat);
} else {
$public_albums_list_no_cat = array();
}
//merge the 2 album arrays
$public_albums_list = array_merge($public_albums_list, $public_albums_list_no_cat);
if (USER_ID) {
$user_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY aid DESC");
if (mysql_num_rows($user_albums)) {
$user_albums_list = cpg_db_fetch_rowset($user_albums);
} else {
$user_albums_list = array();
}
$user_albums_last_pos = cpg_db_query("SELECT pos FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY pos DESC LIMIT 1");
if (mysql_num_rows($user_albums_last_pos)) {
$last_pos = cpg_db_fetch_row($user_albums_last_pos)['pos'] + 1;
} else {
$last_pos = 100;
}
} else {
$user_albums_list = array();
}
echo "OK\r\n";
if (USER_CAN_CREATE_ALBUMS) {
echo "cancreate\r\n";
} else {
echo "cantcreate\r\n";
}
if (USER_ID) {
echo FIRST_USER_CAT + USER_ID . "\r\n";
echo $last_pos . "\r\n";
function codebase_uninstall()
{
global $CONFIG;
$superCage = Inspekt::makeSuperCage();
if (!$superCage->post->keyExists('drop')) {
return 1;
}
@unlink('forum.php');
if ($superCage->post->getInt('drop') == 0) {
return true;
} else {
$plugin_id = $superCage->get->getInt('p');
$result = cpg_db_query("SELECT path FROM `{$CONFIG['TABLE_PREFIX']}plugins` WHERE plugin_id='{$plugin_id}';");
$row = cpg_db_fetch_row($result);
$plugin_name = $row['path'];
$uninstall_sql_file = 'plugins' . DS . $plugin_name . DS . 'sql' . DS . 'uninstall.sql';
codebase_query('Drop the database', $uninstall_sql_file);
return true;
}
}
function make_rss_icon($query)
{
global $CONFIG;
$feed_info = $CONFIG['feed_info'];
if ($data = cpg_db_fetch_row(cpg_db_query($query))) {
list($fid, $mode, $file) = $data;
} else {
return FALSE;
//no feed found, nothing to show
}
switch ($mode) {
case "Batch":
$xmlurl = $file[0] == '.' ? substr($file, 2) : $file;
$xmlurl = $file[0] == '/' ? substr($file, 1) : $file;
break;
case "Realtime":
$xmlurl = "rss.php?fid=" . $fid;
break;
}
$url = $CONFIG['ecards_more_pic_target'] . $xmlurl;
return '<a href="' . $url . '" title="' . $feed_info['rsstext'] . '"><img src="images/rss.gif" alt="RSS"></a>';
}
function getMiniCMS($pid)
{
global $CONFIG;
$cmsquery = "SELECT content FROM " . $CONFIG['TABLE_CMS'] . " WHERE type = 2 and conid= " . $pid;
if ($result = cpg_db_query($cmsquery)) {
$txt = cpg_db_fetch_row($result);
$txt = html_entity_decode($txt['content']);
} else {
$txt = " ";
}
return $txt;
}
function get_user_pass($user_id)
{
$sql = "SELECT {$this->field['user_id']} AS user_id, {$this->field['password']} AS pass_hash " . "FROM {$this->usertable} " . "WHERE {$this->field['user_id']} = '{$user_id}'";
$result = cpg_db_query($sql, $this->link_id);
if (mysql_num_rows($result)) {
$row = cpg_db_fetch_row($result);
return array('user_id' => $row['user_id'], 'pass_hash' => $row['pass_hash']);
} else {
return array();
}
}
// language
if (!file_exists("plugins/avmaker/lang/{$CONFIG['lang']}.php")) {
$CONFIG['lang'] = 'english';
}
require "plugins/avmaker/lang/{$CONFIG['lang']}.php";
// get action
$action = isset($_GET['action']) ? $_GET['action'] : '';
// get pid
$pid = isset($_GET['pid']) ? (int) $_GET['pid'] : '';
// error if no pid define
if (!$pid) {
cpg_die(ERROR, $lang_avmaker_php['er1'], __FILE__, __LINE__);
}
// get file information
$result = cpg_db_query("SELECT filepath, filename, pwidth, pheight FROM `{$CONFIG['TABLE_PICTURES']}` WHERE pid = '{$pid}' LIMIT 1;");
$pic_data = cpg_db_fetch_row($result);
if (!isset($pic_data['filepath'])) {
cpg_die(ERROR, $lang_avmaker_php['er2'], __FILE__, __LINE__);
}
// main action
switch ($action) {
case 'crop':
pageheader($lang_avmaker_php[2]);
starttable('100%', $lang_avmaker_php[3], 2);
// get post/get vars
if (isset($_POST['av_width'])) {
$av_width = (int) $_POST['av_width'];
} elseif (isset($_GET['av_width'])) {
$av_width = (int) $_GET['av_width'];
} else {
$av_width = 100;
}
$lang = isset($USER['lang']) ? $USER['lang'] : $CONFIG['lang'];
if (!file_exists("plugins/photo_shop/lang/{$lang}.php")) {
$lang = 'english';
}
require "plugins/photo_shop/lang/{$lang}.php";
if (isset($_GET['download']) && isset($_GET['oid']) && isset($_GET['uid'])) {
switch ($_GET['download']) {
case "copy_files":
//check again if paid
if (!verify_paid($_GET['oid'])) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$sql = "SELECT order_md5_id FROM {$CONFIG['TABLE_SHOP']} WHERE oid='{$_GET['oid']}' AND cd='1'";
$result = cpg_db_query($sql);
$row = cpg_db_fetch_row($result);
mysql_free_result($result);
$hash = $row['order_md5_id'];
header('Location: ' . str_replace('&', '&', "index.php?file=photo_shop/photo_shop_download_order&order={$hash}"));
die;
break;
case "create_dir":
if (!verify_paid($_GET['oid'])) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
$CONFIG['photo_shop_download_passwd_mail'] == '1' ? $send_admin_mail = true : ($send_admin_mail = false);
pageheader($lang_photoshop_admin['o_board_title']);
if (photo_shop_ipn_download(USER_ID, $_GET['oid'], $send_admin_mail, false)) {
msg_box("{$lang_photoshop_ipn['ipn_created_folder']} {$_GET['oid']}", "{$lang_photoshop_ipn['ipn_created_folder']} {$_GET['oid']}", $lang_photoshop_ipn['ipn_continue'], "index.php?file=photo_shop/photo_shop_myorders", '100%');
} else {
msg_box("{$lang_photoshop_ipn['ipn_created_folder_error']} {$_GET['oid']}", "{$lang_photoshop_ipn['ipn_created_folder_error']} {$_GET['oid']}", $lang_photoshop_ipn['ipn_continue'], "index.php?file=photo_shop/photo_shop_myorders", '100%');
function topupdate()
{
global $CONFIG;
if (!($knas = cpg_db_fetch_row(cpg_db_query("SELECT * FROM {$CONFIG[TABLE_brainfeeder]} WHERE fid =" . $_POST['cpg_brainfeeder_main']))) && $_POST['cpg_brainfeeder_main'] > 0) {
cpg_die(ERROR, "There is no feed with the id " . $_POST['cpg_brainfeeder_main'], __FILE__, __LINE__);
}
if ($_POST['cpg_brainfeeder_icons'] == "") {
$_POST['cpg_brainfeeder_icons'] = "No";
}
//have observed instances where radio buttons are blank in Google Chrome
cpg_db_query("DELETE FROM {$CONFIG['TABLE_CONFIG']} WHERE name LIKE 'cpg_brainfeeder_%'");
$query = "INSERT INTO {$CONFIG['TABLE_CONFIG']} (name, value) values \n ('cpg_brainfeeder_icons', '" . $_POST['cpg_brainfeeder_icons'] . "'),\n ('cpg_brainfeeder_main', " . $_POST['cpg_brainfeeder_main'] . "), \n ('cpg_brainfeeder_rsstext', '" . $_POST['cpg_brainfeeder_rsstext'] . "')";
// print_r($_POST);
// die ($query);
cpg_db_query($query);
return;
}
function form_alb_list_box($text, $name)
{
// Pull the $CONFIG array and the GET array into the function
global $CONFIG, $lang_upload_php;
// Also pull the album lists into the function
global $user_albums_list, $public_albums_list;
// Check to see if an album has been preselected by URL addition or the last selected album. If so, make $sel_album the album number. Otherwise, make $sel_album 0.
if (isset($_GET['album'])) {
$sel_album = $_GET['album'];
} elseif (isset($_POST['album'])) {
$sel_album = $_POST['album'];
} else {
$sel_album = 0;
}
// Create the opening of the drop down box
echo <<<EOT
<tr>
<td class="tableb">
{$text}
</td>
<td class="tableb" valign="top">
<select name="{$name}" class="listbox">
EOT;
// Get the ancestry of the categories
$vQuery = "SELECT cid, parent, name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE 1";
$vResult = cpg_db_query($vQuery);
$vRes = cpg_db_fetch_rowset($vResult);
mysql_free_result($vResult);
foreach ($vRes as $vResI => $vResV) {
$vResRow = $vRes[$vResI];
$catParent[$vResRow['cid']] = $vResRow['parent'];
$catName[$vResRow['cid']] = $vResRow['name'];
}
$catAnces = array();
foreach ($catParent as $cid => $cid_parent) {
$catAnces[$cid] = '';
while ($cid_parent != 0) {
$catAnces[$cid] = $catName[$cid_parent] . ($catAnces[$cid] ? ' - ' . $catAnces[$cid] : '');
$cid_parent = $catParent[$cid_parent];
}
}
// Reset counter
$list_count = 0;
// Cycle through the User albums
foreach ($user_albums_list as $album) {
// Add to multi-dim array for later sorting
$listArray[$list_count]['cat'] = $lang_upload_php['personal_albums'];
$listArray[$list_count]['aid'] = $album['aid'];
$listArray[$list_count]['title'] = $album['title'];
$list_count++;
}
// Cycle through the public albums
foreach ($public_albums_list as $album) {
// Set $album_id to the actual album ID
$album_id = $album['aid'];
// Get the category name
$vQuery = "SELECT cat.name, cat.cid FROM " . $CONFIG['TABLE_CATEGORIES'] . " cat, " . $CONFIG['TABLE_ALBUMS'] . " alb WHERE alb.aid='" . $album_id . "' AND cat.cid=alb.category";
$vResult = cpg_db_query($vQuery);
$vRes = cpg_db_fetch_row($vResult);
mysql_free_result($vResult);
// Add to multi-dim array for sorting later
if ($vRes['name']) {
$listArray[$list_count]['cat'] = $catAnces[$vRes['cid']] . ($catAnces[$vRes['cid']] ? ' - ' : '') . $vRes['name'];
$listArray[$list_count]['cid'] = $vRes['cid'];
} else {
$listArray[$list_count]['cat'] = $lang_upload_php['albums_no_category'];
$listArray[$list_count]['cid'] = 0;
}
$listArray[$list_count]['aid'] = $album['aid'];
$listArray[$list_count]['title'] = $album['title'];
$list_count++;
}
// Sort the pulldown options by category and album name
$listArray = array_csort($listArray, 'cat', 'title');
// alphabetically by category name
// $listArray = array_csort($listArray,'cid','title'); // numerically by category ID
// print_r($listArray);exit;
// Finally, print out the nicely sorted and formatted drop down list
$alb_cat = '';
echo ' <option value="">' . $lang_upload_php['select_album'] . "</option>\n";
foreach ($listArray as $val) {
//if ($val['cat'] != $alb_cat) { // old method compared names which might not be unique
if ($val['cid'] != $alb_cat) {
if ($alb_cat) {
echo " </optgroup>\n";
}
echo ' <optgroup label="' . $val['cat'] . '">' . "\n";
$alb_cat = $val['cid'];
}
echo ' <option value="' . $val['aid'] . '"' . ($val['aid'] == $sel_album ? ' selected' : '') . '> ' . $val['title'] . "</option>\n";
}
if ($alb_cat) {
echo " </optgroup>\n";
}
// Close the drop down
echo <<<EOT
</select>
</td>
</tr>
EOT;
}
/**
* user_is_allowed()
*
* Check if a user is allowed to edit pictures/albums
*
* @return boolean $check_approve
*/
function user_is_allowed()
{
if (GALLERY_ADMIN_MODE) {
return true;
}
$check_approve = false;
global $USER_DATA, $CONFIG;
$superCage = Inspekt::makeSuperCage();
//get albums this user can edit
if ($superCage->get->keyExists('album')) {
$album_id = $superCage->get->getInt('album');
} elseif ($superCage->post->keyExists('aid')) {
$album_id = $superCage->post->getInt('aid');
} else {
//workaround when going straight to modifyalb.php and no album is set in superglobals
if (defined('MODIFYALB_PHP')) {
//check if the user has any album available
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE owner = " . $USER_DATA['user_id'] . " LIMIT 1");
$temp_album_id = cpg_db_fetch_row($result);
$album_id = $temp_album_id['aid'];
} else {
$album_id = 0;
}
}
$result = cpg_db_query("SELECT DISTINCT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE owner = '" . $USER_DATA['user_id'] . "' AND aid='{$album_id}'");
$allowed_albums = cpg_db_fetch_rowset($result);
$cat = $allowed_albums[0]['category'];
if ($cat != '') {
$check_approve = true;
}
//check if admin allows editing after closing category
if ($CONFIG['allow_user_edit_after_cat_close'] == 0) {
//Disallowed -> Check if album is in such a category
$result = cpg_db_query("SELECT DISTINCT aid FROM {$CONFIG['TABLE_ALBUMS']} AS alb INNER JOIN {$CONFIG['TABLE_CATMAP']} AS catm ON alb.category=catm.cid WHERE alb.owner = '" . $USER_DATA['user_id'] . "' AND alb.aid='{$album_id}' AND catm.group_id='" . $USER_DATA['group_id'] . "'");
$allowed_albums = cpg_db_fetch_rowset($result);
if ($allowed_albums[0]['aid'] == '' && $cat != FIRST_USER_CAT + USER_ID) {
$check_approve = false;
} elseif ($cat == FIRST_USER_CAT + USER_ID) {
$check_approve = true;
}
}
return $check_approve;
}
function _session_load()
{
$superCage = Inspekt::makeSuperCage();
if ($superCage->cookie->keyExists('PHPSESSID')) {
$session_id = $superCage->cookie->getEscaped('PHPSESSID');
$sql = "SELECT data FROM {$this->sessionstable} WHERE session_id = '{$session_id}'";
$result = $this->query($sql);
if (cpg_db_num_rows($result)) {
list($data) = cpg_db_fetch_row($result);
session_name('CPG');
session_start();
session_decode($data);
$session = $_SESSION;
return $session;
}
$result->free();
}
return false;
}
function util_filloptions()
{
global $lang_util_php, $CONFIG, $lang_upload_php;
// Reset counter
$list_count = 0;
if ($this->can_join_tables) {
$user_albums = cpg_db_query("SELECT {$this->field['username']} AS user_name, aid, a.title\n FROM {$CONFIG['TABLE_ALBUMS']} AS a\n LEFT JOIN {$this->usertable} AS u\n ON (category - " . FIRST_USER_CAT . ") = {$this->field['user_id']}\n WHERE category > " . FIRST_USER_CAT);
$user_albums_list = cpg_db_fetch_rowset($user_albums);
mysql_free_result($user_albums);
// Cycle through the User albums
foreach ($user_albums_list as $album) {
// Add to multi-dim array for later sorting
$listArray[$list_count]['cat'] = $lang_upload_php['personal_albums'];
$listArray[$list_count]['aid'] = $album['aid'];
$username = is_null($album['user_name']) ? 'Mr. X' : $album['user_name'];
$listArray[$list_count]['title'] = '(' . $username . ') ' . $album['title'];
$list_count++;
}
} else {
$user_albums = cpg_db_query("SELECT aid, title, category FROM {$CONFIG['TABLE_ALBUMS']} WHERE category > " . FIRST_USER_CAT);
$user_albums_list = $user_ids = array();
if (mysql_num_rows($user_albums)) {
while ($row = cpg_db_fetch_row($user_albums)) {
$user_albums_list[] = $row;
$user_ids[] = $row['category'] - FIRST_USER_CAT;
}
mysql_free_result($user_albums);
$user_id_list = implode(', ', array_unique($user_ids));
$user_names = cpg_db_query("SELECT {$this->field['username']} AS user_name, {$this->field['user_id']} AS user_id FROM {$this->usertable} WHERE {$this->field['user_id']} IN ({$user_id_list})", $this->link_id);
while ($row = cpg_db_fetch_row($user_names)) {
$user_names_list[$row['user_id']] = $row['user_name'];
}
mysql_free_result($user_names);
// Cycle through the User albums
foreach ($user_albums_list as $album) {
// Add to multi-dim array for later sorting
$listArray[$list_count]['cat'] = $lang_upload_php['personal_albums'];
$listArray[$list_count]['aid'] = $album['aid'];
$username = isset($user_names_list[$album['category'] - FIRST_USER_CAT]) ? $user_names_list[$album['category'] - FIRST_USER_CAT] : 'Mr. X';
$listArray[$list_count]['title'] = '(' . $username . ') ' . $album['title'];
$list_count++;
}
} else {
mysql_free_result($user_albums);
}
}
$public_albums = cpg_db_query("SELECT aid, title, name FROM {$CONFIG['TABLE_ALBUMS']} LEFT JOIN {$CONFIG['TABLE_CATEGORIES']} ON cid = category WHERE category < " . FIRST_USER_CAT . " ORDER BY title");
$public_albums_list = cpg_db_fetch_rowset($public_albums);
mysql_free_result($public_albums);
// Cycle through the public albums
foreach ($public_albums_list as $album) {
// Set $album_id to the actual album ID
$album_id = $album['aid'];
// Add to multi-dim array for sorting later
$vRes['name'] = $album['name'];
if ($vRes['name']) {
$listArray[$list_count]['cat'] = $vRes['name'];
} else {
$listArray[$list_count]['cat'] = $lang_upload_php['albums_no_category'];
}
$listArray[$list_count]['aid'] = $album['aid'];
$listArray[$list_count]['title'] = $album['title'];
$list_count++;
}
// Sort the pulldown options by category and album name
$listArray = array_csort($listArray, 'cat', 'title');
// Finally, print out the nicely sorted and formatted drop down list
$alb_cat = '';
echo ' <select size="1" name="albumid" class="listbox"><option value="0">All Albums</option>';
foreach ($listArray as $val) {
if ($val['cat'] != $alb_cat) {
if ($alb_cat) {
echo " </optgroup>\n";
}
echo ' <optgroup label="' . $val['cat'] . '">' . "\n";
$alb_cat = $val['cat'];
}
echo ' <option value="' . $val['aid'] . '"> ' . $val['title'] . "</option>\n";
}
if ($alb_cat) {
echo " </optgroup>\n";
}
print '</select> (3)';
print ' <input type="submit" value="' . $lang_util_php['submit_form'] . '" class="button" /> (4)';
print '</form>';
}
function form_category($text, $name)
{
global $ALBUM_DATA, $CAT_LIST, $USER_DATA, $lang_modifyalb_php, $CONFIG;
//check if users are allowed to move their albums
if ($CONFIG['allow_user_move_album'] == 0) {
//get category name
$cat_name = $lang_modifyalb_php['user_gal'];
if ($ALBUM_DATA['category'] != FIRST_USER_CAT + USER_ID) {
$result = cpg_db_query("SELECT name FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '" . $ALBUM_DATA['category'] . "' LIMIT 1");
$cat_name = cpg_db_fetch_row($result);
$cat_name = $cat_name['name'];
}
echo <<<EOT
<tr>
<td class="tableb">
{$text}
</td>
<td class="tableb" valign="top">
<i>{$cat_name}</i>
<input type="hidden" name="{$name}" value="{$ALBUM_DATA['category']}" />
</td>
EOT;
return;
}
$CAT_LIST = array();
//only add 'no category' when user is admin
if (GALLERY_ADMIN_MODE) {
$CAT_LIST[] = array(0, $lang_modifyalb_php['no_cat']);
}
//add user catergorie
$CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_modifyalb_php['my_gal']);
get_subcat_data(0, '');
echo <<<EOT
<tr>
<td class="tableb">
{$text}
</td>
<td class="tableb" valign="top">
<select name="{$name}" class="listbox">
EOT;
foreach ($CAT_LIST as $category) {
echo ' <option value="' . $category[0] . '"' . ($ALBUM_DATA['category'] == $category[0] ? ' selected' : '') . ">" . $category[1] . "</option>\n";
}
echo <<<EOT
</select>
</td>
</tr>
EOT;
}
case 'createcat':
if (!isset($_POST['parent']) || !isset($_POST['name']) || !isset($_POST['description'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'createcat'), __FILE__, __LINE__);
}
$name = trim($_POST['name']);
if (empty($name)) {
break;
}
$parent = (int) $_POST['parent'];
$name = trim($_POST['name']) ? addslashes($_POST['name']) : '<???>';
$description = addslashes($_POST['description']);
cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, name, description) VALUES ('10000', '{$parent}', '{$name}', '{$description}')");
//insert in categorymap
if (isset($_POST['user_groups']) && !empty($_POST['user_groups'])) {
foreach ($_POST['user_groups'] as $key) {
$arr = cpg_db_fetch_row(cpg_db_query("SELECT LAST_INSERT_ID()"));
$cid = $arr[0];
cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATMAP']} (cid, group_id) VALUES('{$cid}', '{$key}')");
}
}
break;
case 'deletecat':
if (!isset($_GET['cid'])) {
cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'deletecat'), __FILE__, __LINE__);
}
$cid = (int) $_GET['cid'];
$result = cpg_db_query("SELECT parent FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '{$cid}' LIMIT 1");
if ($cid == 1) {
cpg_die(ERROR, $lang_catmgr_php['usergal_cat_ro'], __FILE__, __LINE__);
}
if (!mysql_num_rows($result)) {
