/** * get_subcat_data() * * function get the list of all the subcategories for the given category */ function get_subcat_data($parent, $ident = '') { global $CONFIG, $catStr, $parentAlubm; if ($parentAlubm != 1) { $parentAlubm = 1; if ($parent == 0) { $catStr .= "\n{$ident}<cat>\n {$ident}<id>{$parent}</id>\n {$ident}<name>Parent</name>"; } else { $sql = "SELECT cid, name, description " . "FROM {$CONFIG['TABLE_CATEGORIES']} " . "WHERE cid = '{$parent}' " . "ORDER BY pos"; $result = cpg_db_query($sql); $row = cpg_db_fetch_row($result); mysql_free_result($results); $catStr .= "\n{$ident}<cat>\n {$ident}<id>{$row['cid']}</id>\n {$ident}<name>{$row['name']}</name>"; } get_album_data($parent, " "); } if ($parent == 1) { /** * This is a user category and the categories inside this are not listed in categories table * So, we need to loop in the users table and create category id's and get the albums in it */ if (USER_IS_ADMIN) { //Get all user albums $sql = "SELECT user_name, user_id FROM {$CONFIG['TABLE_USERS']}"; $result = cpg_db_query($sql); if (($cat_count = mysql_num_rows($result)) > 0) { $rowset = cpg_db_fetch_rowset($result); foreach ($rowset as $cat) { $catStr .= "\n {$ident}<cat>\n {$ident}<id>" . (FIRST_USER_CAT + $cat['user_id']) . "</id>\n {$ident}<name>{$cat['user_name']}</name>"; get_album_data(FIRST_USER_CAT + $cat['user_id'], $ident . " "); $catStr .= "\n {$ident}</cat>"; } } } elseif (USER_ID) { //Get only current users albums $catStr .= "\n {$ident}<cat>\n {$ident}<id>" . (FIRST_USER_CAT + USER_ID) . "</id>\n {$ident}<name>" . USER_NAME . "</name>"; get_album_data(FIRST_USER_CAT + USER_ID, $ident . " "); $catStr .= "\n {$ident}</cat>"; } } else { $sql = "SELECT cid, name, description " . "FROM {$CONFIG['TABLE_CATEGORIES']} " . "WHERE parent = '{$parent}' " . "ORDER BY pos"; $result = cpg_db_query($sql); if (($cat_count = mysql_num_rows($result)) > 0) { $rowset = cpg_db_fetch_rowset($result); $pos = 0; foreach ($rowset as $subcat) { $catStr .= "\n {$ident}<cat>\n {$ident}<id>{$subcat['cid']}</id>\n {$ident}<name>{$subcat['name']}</name>"; get_album_data($subcat['cid'], $ident . " "); get_subcat_data($subcat['cid'], $ident . " "); $catStr .= "\n {$ident}</cat>"; } } } }
function session_extraction() { $superCage = Inspekt::makeSuperCage(); if ($superCage->cookie->keyExists('session_id')) { $session_id = $superCage->cookie->getEscaped('session_id'); $sql = "SELECT member_id, member_login_key FROM {$this->sessionstable} AS s INNER JOIN {$this->usertable} AS u ON s.member_id = u.id WHERE s.id = '{$session_id}'"; $result = $this->query($sql); if (cpg_db_num_rows($result)) { $row = cpg_db_fetch_row($result); $result->free(); return $row; } } else { return false; } }
function session_extraction() { $superCage = Inspekt::makeSuperCage(); if (!$superCage->cookie->keyExists('sid')) { return false; } $this->sid = $superCage->cookie->getEscaped('sid'); if (!$this->sid) { return false; } $result = $this->query("SELECT u.{$this->field['user_id']}, u.{$this->field['password']}, additionalgroups\n FROM {$this->sessionstable} AS s\n INNER JOIN {$this->usertable} AS u ON u.uid = s.uid\n WHERE sid = '" . $this->sid . "'"); if (!cpg_db_num_rows($result)) { return false; } $row = cpg_db_fetch_row($result); $result->free(); $this->additionalgroups = array_pop($row); $this->logoutkey = md5($row[1]); return $row; }
function get_groups($row) { $id = $row['id']; $sql = "SELECT id FROM {$this->groupstable}, {$this->usertable} WHERE {$this->field['usertbl_group_id']} = {$this->field['grouptbl_group_id']} AND {$this->field['user_id']}='{$id}'"; $result = $this->query($sql); if (cpg_db_num_rows($result)) { $row = cpg_db_fetch_row($result); if ($this->use_post_based_groups) { $row = array($row[0] + 100); } else { if (in_array($row[0], $this->admingroups)) { $row = array(1); } else { $row = array(2); } } $result->free(); return $row; } else { return false; } }
/** * user_is_allowed() * * Check if a user is allowed to edit pictures/albums * * @return boolean $check_approve */ function user_is_allowed($include_upload_permissions = true) { if (GALLERY_ADMIN_MODE) { return true; } $check_approve = false; global $USER_DATA, $CONFIG; $superCage = Inspekt::makeSuperCage(); //get albums this user can edit if ($superCage->get->keyExists('album')) { $album_id = $superCage->get->getInt('album'); } elseif ($superCage->post->keyExists('aid')) { $album_id = $superCage->post->getInt('aid'); } else { //workaround when going straight to modifyalb.php and no album is set in superglobals if (defined('MODIFYALB_PHP')) { //check if the user has any album available $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE owner = " . $USER_DATA['user_id'] . " LIMIT 1"); $temp_album_id = cpg_db_fetch_row($result); $album_id = $temp_album_id['aid']; } else { $album_id = 0; } } $result = cpg_db_query("SELECT DISTINCT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE owner = '" . $USER_DATA['user_id'] . "' AND aid='{$album_id}'"); $allowed_albums = cpg_db_fetch_rowset($result); $cat = $allowed_albums ? $allowed_albums[0]['category'] : ''; if ($cat != '') { $check_approve = true; } // We should also whether user has upload permission to the current album. but do this only if album id is set if ($album_id && $include_upload_permissions) { $public_albums = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND ((uploads='YES' AND (visibility = '0' OR visibility IN " . USER_GROUP_SET . " OR alb_password != '')) OR (owner=" . USER_ID . ")) AND aid={$album_id}"); if (count(cpg_db_fetch_rowset($public_albums))) { $check_approve = true; define('USER_UPLOAD_ALLOWED', 1); } mysql_free_result($public_albums); } //check if admin allows editing after closing category if ($CONFIG['allow_user_edit_after_cat_close'] == 0) { //Disallowed -> Check if album is in such a category $result = cpg_db_query("SELECT DISTINCT aid FROM {$CONFIG['TABLE_ALBUMS']} AS alb INNER JOIN {$CONFIG['TABLE_CATMAP']} AS catm ON alb.category=catm.cid WHERE alb.owner = '" . $USER_DATA['user_id'] . "' AND alb.aid='{$album_id}' AND catm.group_id='" . $USER_DATA['group_id'] . "'"); $allowed_albums = cpg_db_fetch_rowset($result); if ($allowed_albums && $allowed_albums[0]['aid'] == '' && $cat != FIRST_USER_CAT + USER_ID) { $check_approve = false; } elseif ($cat == FIRST_USER_CAT + USER_ID) { $check_approve = true; } } return $check_approve; }
function buildForm($val, $what) { global $CONFIG, $catPerPage, $picPerPage, $albPerPage, $start; $langArr = explode(',', $CONFIG['mod_active_lang']); $langCount = count($langArr); if ($what == 'getAlb' && $val == 'none') { return; } if ($what == 'getCat' && !$val) { return; } if ($what == 'picAlbum' && !$val) { return; } if ($what == 'getCat') { $lowerLimit = $start * $catPerPage * $langCount; $higherLimit = $catPerPage * $langCount; $hiddenFields = '<input type="hidden" name="category" value="' . $val . '">'; $queryString = "&category={$val}"; $query = "SELECT * FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE original != '' AND (type = 'catName' OR type = 'catDesc') ORDER BY origId, type LIMIT {$lowerLimit}, {$higherLimit}"; $countQuery = "SELECT count(id) FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE original != '' AND (type = 'catName' OR type = 'catDesc')"; } elseif ($what == 'getAlb') { // Get the albums for the selected category.. if ($val == 1) { $whereClause = " WHERE category > '" . FIRST_USER_CAT . "'"; } else { $whereClause = " WHERE category = '{$val}'"; } $query = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} {$whereClause}"; $result = cpg_db_query($query); $aidArr = array(); while ($row = cpg_db_fetch_row($result)) { $aidArr[] = $row['aid']; } if (!count($aidArr)) { cpg_die(ERROR, 'No albums in this category', __FILE__, __LINE__); } $aidStr = implode(',', $aidArr); $lowerLimit = $start * $albPerPage * $langCount; $higherLimit = $albPerPage * $langCount; $hiddenFields = '<input type="hidden" name="category" value="' . $val . '">'; $queryString = "&category={$val}"; $query = "SELECT * FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE origId IN ({$aidStr}) AND original != '' AND (type = 'albName' OR type = 'albDesc') ORDER BY origId, type LIMIT {$lowerLimit}, {$higherLimit}"; $countQuery = "SELECT count(id) FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE origId IN ({$aidStr}) AND original != '' AND (type = 'albName' OR type = 'albDesc')"; } elseif ($what == 'getPic') { $query = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE aid = '{$val}'"; $result = cpg_db_query($query); $pidArr = array(); while ($row = cpg_db_fetch_row($result)) { $pidArr[] = $row['pid']; } if (!count($pidArr)) { cpg_die(ERROR, 'No pictures in this album', __FILE__, __LINE__); } $pidStr = implode(',', $pidArr); $lowerLimit = $start * $picPerPage * $langCount; $higherLimit = $picPerPage * $langCount; $hiddenFields = '<input type="hidden" name="picAlbum" value="' . $val . '">'; $queryString = "&picAlbum={$val}"; $query = "SELECT * FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE origId IN ({$pidStr}) AND original != '' AND (type = 'picTitle' OR type = 'picDesc') ORDER BY origId, type LIMIT {$lowerLimit}, {$higherLimit}"; $countQuery = "SELECT count(id) FROM {$CONFIG['TABLE_LANG_STRINGS']} WHERE origId IN ({$pidStr}) AND original != '' AND (type = 'picTitle' OR type = 'picDesc')"; } $result = cpg_db_query($query); $countResult = cpg_db_query($countQuery); while ($row1 = cpg_db_fetch_row($result)) { $rowset[$row1['origId']][$row1['type']]['lang'][$row1['lang']] = array($row1['id'], $row1['translated']); $rowset[$row1['origId']][$row1['type']]['original'] = $row1['original']; } $nr = cpg_db_fetch_row($countResult); $totalCount = $nr[0]; $totalPages = ceil($totalCount / $higherLimit); echo "<br />\n <form method=\"post\" action=\"mod_lang.php\">\n"; starttable('100%', 'Manage multiple language strings', 2); foreach ($rowset as $origId => $typeArr) { foreach ($typeArr as $typeKey => $type) { switch ($typeKey) { case 'catName': $elementName = 'category name'; $elementType = 'text'; break; case 'catDesc': $elementName = 'category description'; $elementType = 'textarea'; break; case 'albName': $elementName = 'album name'; $elementType = 'text'; break; case 'albDesc': $elementName = 'album description'; $elementType = 'textarea'; break; case 'picTitle': $elementName = 'picture title'; $elementType = 'text'; break; case 'picDesc': $elementName = 'picture description'; $elementType = 'textarea'; break; } echo "<tr>\n <td class=\"tableh2\">\n Original {$elementName}\n </td>\n <td class=\"tableh2\">\n " . nl2br($type['original']) . "\n </td>\n </tr>"; foreach ($type['lang'] as $lang => $val) { echo "<tr>\n <td class=\"tableb\" valign=\"top\">\n Translation In {$lang}\n </td>\n <td class=\"tableb\">\n "; if ($elementType == 'textarea') { echo "<textarea name=\"{$val[0]}\" rows=\"2\" cols=\"40\">{$val[1]}</textarea>"; } else { echo "<input type=\"{$elementType}\" name=\"{$val[0]}\" value=\"{$val[1]}\" size=\"50\">"; } echo "</td>\n </tr>"; } echo "<tr>\n <td class=\"tableh1\" colspan=\"2\" align=\"right\">\n \n </td>\n </tr>"; } } echo "<tr>\n <td class=\"tablehb_compact\" colspan=\"2\" align=\"right\">\n Page "; for ($i = 1; $i <= $totalPages; $i++) { //print "I:$i|"; if ($i - 1 == $start) { echo " {$i}"; } else { echo " <a href=\"mod_lang.php?what={$what}&start=" . ($i - 1) . "{$queryString}\">{$i}</a>"; } } echo "</td>\n </tr>"; echo "<tr>\n <td align=\"center\" colspan=\"2\">\n <input type=\"submit\" value=\"Submit\">\n </td>\n </tr>"; endtable(); echo <<<EOT <input type="hidden" name="what" value="{$what}"> <input type="hidden" name="update" value="update"> <input type="hidden" name="start" value="{$start}"> {$hiddenFields} </form> EOT; }
$public_albums_list_no_cat = cpg_db_fetch_rowset($public_albums_no_cat); } else { $public_albums_list_no_cat = array(); } //merge the 2 album arrays $public_albums_list = array_merge($public_albums_list, $public_albums_list_no_cat); if (USER_ID) { $user_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY aid DESC"); if (mysql_num_rows($user_albums)) { $user_albums_list = cpg_db_fetch_rowset($user_albums); } else { $user_albums_list = array(); } $user_albums_last_pos = cpg_db_query("SELECT pos FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY pos DESC LIMIT 1"); if (mysql_num_rows($user_albums_last_pos)) { $last_pos = cpg_db_fetch_row($user_albums_last_pos)['pos'] + 1; } else { $last_pos = 100; } } else { $user_albums_list = array(); } echo "OK\r\n"; if (USER_CAN_CREATE_ALBUMS) { echo "cancreate\r\n"; } else { echo "cantcreate\r\n"; } if (USER_ID) { echo FIRST_USER_CAT + USER_ID . "\r\n"; echo $last_pos . "\r\n";
function codebase_uninstall() { global $CONFIG; $superCage = Inspekt::makeSuperCage(); if (!$superCage->post->keyExists('drop')) { return 1; } @unlink('forum.php'); if ($superCage->post->getInt('drop') == 0) { return true; } else { $plugin_id = $superCage->get->getInt('p'); $result = cpg_db_query("SELECT path FROM `{$CONFIG['TABLE_PREFIX']}plugins` WHERE plugin_id='{$plugin_id}';"); $row = cpg_db_fetch_row($result); $plugin_name = $row['path']; $uninstall_sql_file = 'plugins' . DS . $plugin_name . DS . 'sql' . DS . 'uninstall.sql'; codebase_query('Drop the database', $uninstall_sql_file); return true; } }
function make_rss_icon($query) { global $CONFIG; $feed_info = $CONFIG['feed_info']; if ($data = cpg_db_fetch_row(cpg_db_query($query))) { list($fid, $mode, $file) = $data; } else { return FALSE; //no feed found, nothing to show } switch ($mode) { case "Batch": $xmlurl = $file[0] == '.' ? substr($file, 2) : $file; $xmlurl = $file[0] == '/' ? substr($file, 1) : $file; break; case "Realtime": $xmlurl = "rss.php?fid=" . $fid; break; } $url = $CONFIG['ecards_more_pic_target'] . $xmlurl; return '<a href="' . $url . '" title="' . $feed_info['rsstext'] . '"><img src="images/rss.gif" alt="RSS"></a>'; }
function getMiniCMS($pid) { global $CONFIG; $cmsquery = "SELECT content FROM " . $CONFIG['TABLE_CMS'] . " WHERE type = 2 and conid= " . $pid; if ($result = cpg_db_query($cmsquery)) { $txt = cpg_db_fetch_row($result); $txt = html_entity_decode($txt['content']); } else { $txt = " "; } return $txt; }
function get_user_pass($user_id) { $sql = "SELECT {$this->field['user_id']} AS user_id, {$this->field['password']} AS pass_hash " . "FROM {$this->usertable} " . "WHERE {$this->field['user_id']} = '{$user_id}'"; $result = cpg_db_query($sql, $this->link_id); if (mysql_num_rows($result)) { $row = cpg_db_fetch_row($result); return array('user_id' => $row['user_id'], 'pass_hash' => $row['pass_hash']); } else { return array(); } }
// language if (!file_exists("plugins/avmaker/lang/{$CONFIG['lang']}.php")) { $CONFIG['lang'] = 'english'; } require "plugins/avmaker/lang/{$CONFIG['lang']}.php"; // get action $action = isset($_GET['action']) ? $_GET['action'] : ''; // get pid $pid = isset($_GET['pid']) ? (int) $_GET['pid'] : ''; // error if no pid define if (!$pid) { cpg_die(ERROR, $lang_avmaker_php['er1'], __FILE__, __LINE__); } // get file information $result = cpg_db_query("SELECT filepath, filename, pwidth, pheight FROM `{$CONFIG['TABLE_PICTURES']}` WHERE pid = '{$pid}' LIMIT 1;"); $pic_data = cpg_db_fetch_row($result); if (!isset($pic_data['filepath'])) { cpg_die(ERROR, $lang_avmaker_php['er2'], __FILE__, __LINE__); } // main action switch ($action) { case 'crop': pageheader($lang_avmaker_php[2]); starttable('100%', $lang_avmaker_php[3], 2); // get post/get vars if (isset($_POST['av_width'])) { $av_width = (int) $_POST['av_width']; } elseif (isset($_GET['av_width'])) { $av_width = (int) $_GET['av_width']; } else { $av_width = 100;
} $lang = isset($USER['lang']) ? $USER['lang'] : $CONFIG['lang']; if (!file_exists("plugins/photo_shop/lang/{$lang}.php")) { $lang = 'english'; } require "plugins/photo_shop/lang/{$lang}.php"; if (isset($_GET['download']) && isset($_GET['oid']) && isset($_GET['uid'])) { switch ($_GET['download']) { case "copy_files": //check again if paid if (!verify_paid($_GET['oid'])) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $sql = "SELECT order_md5_id FROM {$CONFIG['TABLE_SHOP']} WHERE oid='{$_GET['oid']}' AND cd='1'"; $result = cpg_db_query($sql); $row = cpg_db_fetch_row($result); mysql_free_result($result); $hash = $row['order_md5_id']; header('Location: ' . str_replace('&', '&', "index.php?file=photo_shop/photo_shop_download_order&order={$hash}")); die; break; case "create_dir": if (!verify_paid($_GET['oid'])) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $CONFIG['photo_shop_download_passwd_mail'] == '1' ? $send_admin_mail = true : ($send_admin_mail = false); pageheader($lang_photoshop_admin['o_board_title']); if (photo_shop_ipn_download(USER_ID, $_GET['oid'], $send_admin_mail, false)) { msg_box("{$lang_photoshop_ipn['ipn_created_folder']} {$_GET['oid']}", "{$lang_photoshop_ipn['ipn_created_folder']} {$_GET['oid']}", $lang_photoshop_ipn['ipn_continue'], "index.php?file=photo_shop/photo_shop_myorders", '100%'); } else { msg_box("{$lang_photoshop_ipn['ipn_created_folder_error']} {$_GET['oid']}", "{$lang_photoshop_ipn['ipn_created_folder_error']} {$_GET['oid']}", $lang_photoshop_ipn['ipn_continue'], "index.php?file=photo_shop/photo_shop_myorders", '100%');
function topupdate() { global $CONFIG; if (!($knas = cpg_db_fetch_row(cpg_db_query("SELECT * FROM {$CONFIG[TABLE_brainfeeder]} WHERE fid =" . $_POST['cpg_brainfeeder_main']))) && $_POST['cpg_brainfeeder_main'] > 0) { cpg_die(ERROR, "There is no feed with the id " . $_POST['cpg_brainfeeder_main'], __FILE__, __LINE__); } if ($_POST['cpg_brainfeeder_icons'] == "") { $_POST['cpg_brainfeeder_icons'] = "No"; } //have observed instances where radio buttons are blank in Google Chrome cpg_db_query("DELETE FROM {$CONFIG['TABLE_CONFIG']} WHERE name LIKE 'cpg_brainfeeder_%'"); $query = "INSERT INTO {$CONFIG['TABLE_CONFIG']} (name, value) values \n ('cpg_brainfeeder_icons', '" . $_POST['cpg_brainfeeder_icons'] . "'),\n ('cpg_brainfeeder_main', " . $_POST['cpg_brainfeeder_main'] . "), \n ('cpg_brainfeeder_rsstext', '" . $_POST['cpg_brainfeeder_rsstext'] . "')"; // print_r($_POST); // die ($query); cpg_db_query($query); return; }
function form_alb_list_box($text, $name) { // Pull the $CONFIG array and the GET array into the function global $CONFIG, $lang_upload_php; // Also pull the album lists into the function global $user_albums_list, $public_albums_list; // Check to see if an album has been preselected by URL addition or the last selected album. If so, make $sel_album the album number. Otherwise, make $sel_album 0. if (isset($_GET['album'])) { $sel_album = $_GET['album']; } elseif (isset($_POST['album'])) { $sel_album = $_POST['album']; } else { $sel_album = 0; } // Create the opening of the drop down box echo <<<EOT <tr> <td class="tableb"> {$text} </td> <td class="tableb" valign="top"> <select name="{$name}" class="listbox"> EOT; // Get the ancestry of the categories $vQuery = "SELECT cid, parent, name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE 1"; $vResult = cpg_db_query($vQuery); $vRes = cpg_db_fetch_rowset($vResult); mysql_free_result($vResult); foreach ($vRes as $vResI => $vResV) { $vResRow = $vRes[$vResI]; $catParent[$vResRow['cid']] = $vResRow['parent']; $catName[$vResRow['cid']] = $vResRow['name']; } $catAnces = array(); foreach ($catParent as $cid => $cid_parent) { $catAnces[$cid] = ''; while ($cid_parent != 0) { $catAnces[$cid] = $catName[$cid_parent] . ($catAnces[$cid] ? ' - ' . $catAnces[$cid] : ''); $cid_parent = $catParent[$cid_parent]; } } // Reset counter $list_count = 0; // Cycle through the User albums foreach ($user_albums_list as $album) { // Add to multi-dim array for later sorting $listArray[$list_count]['cat'] = $lang_upload_php['personal_albums']; $listArray[$list_count]['aid'] = $album['aid']; $listArray[$list_count]['title'] = $album['title']; $list_count++; } // Cycle through the public albums foreach ($public_albums_list as $album) { // Set $album_id to the actual album ID $album_id = $album['aid']; // Get the category name $vQuery = "SELECT cat.name, cat.cid FROM " . $CONFIG['TABLE_CATEGORIES'] . " cat, " . $CONFIG['TABLE_ALBUMS'] . " alb WHERE alb.aid='" . $album_id . "' AND cat.cid=alb.category"; $vResult = cpg_db_query($vQuery); $vRes = cpg_db_fetch_row($vResult); mysql_free_result($vResult); // Add to multi-dim array for sorting later if ($vRes['name']) { $listArray[$list_count]['cat'] = $catAnces[$vRes['cid']] . ($catAnces[$vRes['cid']] ? ' - ' : '') . $vRes['name']; $listArray[$list_count]['cid'] = $vRes['cid']; } else { $listArray[$list_count]['cat'] = $lang_upload_php['albums_no_category']; $listArray[$list_count]['cid'] = 0; } $listArray[$list_count]['aid'] = $album['aid']; $listArray[$list_count]['title'] = $album['title']; $list_count++; } // Sort the pulldown options by category and album name $listArray = array_csort($listArray, 'cat', 'title'); // alphabetically by category name // $listArray = array_csort($listArray,'cid','title'); // numerically by category ID // print_r($listArray);exit; // Finally, print out the nicely sorted and formatted drop down list $alb_cat = ''; echo ' <option value="">' . $lang_upload_php['select_album'] . "</option>\n"; foreach ($listArray as $val) { //if ($val['cat'] != $alb_cat) { // old method compared names which might not be unique if ($val['cid'] != $alb_cat) { if ($alb_cat) { echo " </optgroup>\n"; } echo ' <optgroup label="' . $val['cat'] . '">' . "\n"; $alb_cat = $val['cid']; } echo ' <option value="' . $val['aid'] . '"' . ($val['aid'] == $sel_album ? ' selected' : '') . '> ' . $val['title'] . "</option>\n"; } if ($alb_cat) { echo " </optgroup>\n"; } // Close the drop down echo <<<EOT </select> </td> </tr> EOT; }
/** * user_is_allowed() * * Check if a user is allowed to edit pictures/albums * * @return boolean $check_approve */ function user_is_allowed() { if (GALLERY_ADMIN_MODE) { return true; } $check_approve = false; global $USER_DATA, $CONFIG; $superCage = Inspekt::makeSuperCage(); //get albums this user can edit if ($superCage->get->keyExists('album')) { $album_id = $superCage->get->getInt('album'); } elseif ($superCage->post->keyExists('aid')) { $album_id = $superCage->post->getInt('aid'); } else { //workaround when going straight to modifyalb.php and no album is set in superglobals if (defined('MODIFYALB_PHP')) { //check if the user has any album available $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE owner = " . $USER_DATA['user_id'] . " LIMIT 1"); $temp_album_id = cpg_db_fetch_row($result); $album_id = $temp_album_id['aid']; } else { $album_id = 0; } } $result = cpg_db_query("SELECT DISTINCT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE owner = '" . $USER_DATA['user_id'] . "' AND aid='{$album_id}'"); $allowed_albums = cpg_db_fetch_rowset($result); $cat = $allowed_albums[0]['category']; if ($cat != '') { $check_approve = true; } //check if admin allows editing after closing category if ($CONFIG['allow_user_edit_after_cat_close'] == 0) { //Disallowed -> Check if album is in such a category $result = cpg_db_query("SELECT DISTINCT aid FROM {$CONFIG['TABLE_ALBUMS']} AS alb INNER JOIN {$CONFIG['TABLE_CATMAP']} AS catm ON alb.category=catm.cid WHERE alb.owner = '" . $USER_DATA['user_id'] . "' AND alb.aid='{$album_id}' AND catm.group_id='" . $USER_DATA['group_id'] . "'"); $allowed_albums = cpg_db_fetch_rowset($result); if ($allowed_albums[0]['aid'] == '' && $cat != FIRST_USER_CAT + USER_ID) { $check_approve = false; } elseif ($cat == FIRST_USER_CAT + USER_ID) { $check_approve = true; } } return $check_approve; }
function _session_load() { $superCage = Inspekt::makeSuperCage(); if ($superCage->cookie->keyExists('PHPSESSID')) { $session_id = $superCage->cookie->getEscaped('PHPSESSID'); $sql = "SELECT data FROM {$this->sessionstable} WHERE session_id = '{$session_id}'"; $result = $this->query($sql); if (cpg_db_num_rows($result)) { list($data) = cpg_db_fetch_row($result); session_name('CPG'); session_start(); session_decode($data); $session = $_SESSION; return $session; } $result->free(); } return false; }
function util_filloptions() { global $lang_util_php, $CONFIG, $lang_upload_php; // Reset counter $list_count = 0; if ($this->can_join_tables) { $user_albums = cpg_db_query("SELECT {$this->field['username']} AS user_name, aid, a.title\n FROM {$CONFIG['TABLE_ALBUMS']} AS a\n LEFT JOIN {$this->usertable} AS u\n ON (category - " . FIRST_USER_CAT . ") = {$this->field['user_id']}\n WHERE category > " . FIRST_USER_CAT); $user_albums_list = cpg_db_fetch_rowset($user_albums); mysql_free_result($user_albums); // Cycle through the User albums foreach ($user_albums_list as $album) { // Add to multi-dim array for later sorting $listArray[$list_count]['cat'] = $lang_upload_php['personal_albums']; $listArray[$list_count]['aid'] = $album['aid']; $username = is_null($album['user_name']) ? 'Mr. X' : $album['user_name']; $listArray[$list_count]['title'] = '(' . $username . ') ' . $album['title']; $list_count++; } } else { $user_albums = cpg_db_query("SELECT aid, title, category FROM {$CONFIG['TABLE_ALBUMS']} WHERE category > " . FIRST_USER_CAT); $user_albums_list = $user_ids = array(); if (mysql_num_rows($user_albums)) { while ($row = cpg_db_fetch_row($user_albums)) { $user_albums_list[] = $row; $user_ids[] = $row['category'] - FIRST_USER_CAT; } mysql_free_result($user_albums); $user_id_list = implode(', ', array_unique($user_ids)); $user_names = cpg_db_query("SELECT {$this->field['username']} AS user_name, {$this->field['user_id']} AS user_id FROM {$this->usertable} WHERE {$this->field['user_id']} IN ({$user_id_list})", $this->link_id); while ($row = cpg_db_fetch_row($user_names)) { $user_names_list[$row['user_id']] = $row['user_name']; } mysql_free_result($user_names); // Cycle through the User albums foreach ($user_albums_list as $album) { // Add to multi-dim array for later sorting $listArray[$list_count]['cat'] = $lang_upload_php['personal_albums']; $listArray[$list_count]['aid'] = $album['aid']; $username = isset($user_names_list[$album['category'] - FIRST_USER_CAT]) ? $user_names_list[$album['category'] - FIRST_USER_CAT] : 'Mr. X'; $listArray[$list_count]['title'] = '(' . $username . ') ' . $album['title']; $list_count++; } } else { mysql_free_result($user_albums); } } $public_albums = cpg_db_query("SELECT aid, title, name FROM {$CONFIG['TABLE_ALBUMS']} LEFT JOIN {$CONFIG['TABLE_CATEGORIES']} ON cid = category WHERE category < " . FIRST_USER_CAT . " ORDER BY title"); $public_albums_list = cpg_db_fetch_rowset($public_albums); mysql_free_result($public_albums); // Cycle through the public albums foreach ($public_albums_list as $album) { // Set $album_id to the actual album ID $album_id = $album['aid']; // Add to multi-dim array for sorting later $vRes['name'] = $album['name']; if ($vRes['name']) { $listArray[$list_count]['cat'] = $vRes['name']; } else { $listArray[$list_count]['cat'] = $lang_upload_php['albums_no_category']; } $listArray[$list_count]['aid'] = $album['aid']; $listArray[$list_count]['title'] = $album['title']; $list_count++; } // Sort the pulldown options by category and album name $listArray = array_csort($listArray, 'cat', 'title'); // Finally, print out the nicely sorted and formatted drop down list $alb_cat = ''; echo ' <select size="1" name="albumid" class="listbox"><option value="0">All Albums</option>'; foreach ($listArray as $val) { if ($val['cat'] != $alb_cat) { if ($alb_cat) { echo " </optgroup>\n"; } echo ' <optgroup label="' . $val['cat'] . '">' . "\n"; $alb_cat = $val['cat']; } echo ' <option value="' . $val['aid'] . '"> ' . $val['title'] . "</option>\n"; } if ($alb_cat) { echo " </optgroup>\n"; } print '</select> (3)'; print ' <input type="submit" value="' . $lang_util_php['submit_form'] . '" class="button" /> (4)'; print '</form>'; }
function form_category($text, $name) { global $ALBUM_DATA, $CAT_LIST, $USER_DATA, $lang_modifyalb_php, $CONFIG; //check if users are allowed to move their albums if ($CONFIG['allow_user_move_album'] == 0) { //get category name $cat_name = $lang_modifyalb_php['user_gal']; if ($ALBUM_DATA['category'] != FIRST_USER_CAT + USER_ID) { $result = cpg_db_query("SELECT name FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '" . $ALBUM_DATA['category'] . "' LIMIT 1"); $cat_name = cpg_db_fetch_row($result); $cat_name = $cat_name['name']; } echo <<<EOT <tr> <td class="tableb"> {$text} </td> <td class="tableb" valign="top"> <i>{$cat_name}</i> <input type="hidden" name="{$name}" value="{$ALBUM_DATA['category']}" /> </td> EOT; return; } $CAT_LIST = array(); //only add 'no category' when user is admin if (GALLERY_ADMIN_MODE) { $CAT_LIST[] = array(0, $lang_modifyalb_php['no_cat']); } //add user catergorie $CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_modifyalb_php['my_gal']); get_subcat_data(0, ''); echo <<<EOT <tr> <td class="tableb"> {$text} </td> <td class="tableb" valign="top"> <select name="{$name}" class="listbox"> EOT; foreach ($CAT_LIST as $category) { echo ' <option value="' . $category[0] . '"' . ($ALBUM_DATA['category'] == $category[0] ? ' selected' : '') . ">" . $category[1] . "</option>\n"; } echo <<<EOT </select> </td> </tr> EOT; }
case 'createcat': if (!isset($_POST['parent']) || !isset($_POST['name']) || !isset($_POST['description'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'createcat'), __FILE__, __LINE__); } $name = trim($_POST['name']); if (empty($name)) { break; } $parent = (int) $_POST['parent']; $name = trim($_POST['name']) ? addslashes($_POST['name']) : '<???>'; $description = addslashes($_POST['description']); cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, name, description) VALUES ('10000', '{$parent}', '{$name}', '{$description}')"); //insert in categorymap if (isset($_POST['user_groups']) && !empty($_POST['user_groups'])) { foreach ($_POST['user_groups'] as $key) { $arr = cpg_db_fetch_row(cpg_db_query("SELECT LAST_INSERT_ID()")); $cid = $arr[0]; cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATMAP']} (cid, group_id) VALUES('{$cid}', '{$key}')"); } } break; case 'deletecat': if (!isset($_GET['cid'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'deletecat'), __FILE__, __LINE__); } $cid = (int) $_GET['cid']; $result = cpg_db_query("SELECT parent FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '{$cid}' LIMIT 1"); if ($cid == 1) { cpg_die(ERROR, $lang_catmgr_php['usergal_cat_ro'], __FILE__, __LINE__); } if (!mysql_num_rows($result)) {