/** * Verifies permissions to attach content to albums * * @return boolean */ public function verify_permissions() { global $show; $this->values['albumid'] = intval($this->values['albumid']); if (!($this->albuminfo = fetch_albuminfo($this->values['albumid']))) { return false; } if ($this->albuminfo['userid'] != $this->registry->userinfo['userid']) { return false; } if ($this->registry->userinfo['permissions']['albummaxpics']) { // assume we are uploading 1 pic (at least) $this->totalpics_overage = fetch_count_overage($this->registry->userinfo['userid'], $this->registry->userinfo['permissions']['albummaxpics'], 0); if ($this->totalpics_overage >= 0) { standard_error(fetch_error('upload_total_album_pics_countfull', vb_number_format($this->totalpics_overage))); } } if ($this->registry->options['album_maxpicsperalbum']) { $this->albumpics_overage = ($this->albuminfo['visible'] + $this->albuminfo['moderation'] - $this->registry->options['album_maxpicsperalbum']); if ($this->albumpics_overage >= 0) { standard_error(fetch_error('upload_album_pics_countfull', vb_number_format($this->albumpics_overage))); } } if ($this->registry->userinfo['permissions']['albummaxsize']) { // we don't know the size of the image yet, so ignore it and error if we have 0 bytes (or less) remaining $size_overage = fetch_size_overage($this->registry->userinfo['userid'], $this->registry->userinfo['permissions']['albummaxsize'], 0); if ($size_overage >= 0) { standard_error(fetch_error('upload_album_sizefull', vb_number_format($size_overage, 0, true))); } } return true; }
// ######################### REQUIRE BACK-END ############################ require_once './global.php'; require_once DIR . '/includes/functions_album.php'; require_once DIR . '/includes/functions_user.php'; if (!($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums'] and $permissions['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canviewmembers'] and $permissions['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['canviewalbum'])) { print_no_permission(); } $vbulletin->input->clean_array_gpc('r', array('albumid' => TYPE_UINT, 'pictureid' => TYPE_UINT, 'userid' => TYPE_UINT)); $moderatedpictures = (($vbulletin->options['albums_pictures_moderation'] or !($vbulletin->userinfo['permissions']['albumpermissions'] & $vbulletin->bf_ugp_albumpermissions['picturefollowforummoderation'])) and !can_moderate(0, 'canmoderatepictures')); ($hook = vBulletinHook::fetch_hook('album_start_precheck')) ? eval($hook) : false; if (!$vbulletin->GPC['userid']) { $vbulletin->GPC['userid'] = $vbulletin->userinfo['userid']; } // if we specify an album, make sure our user context is sane if ($vbulletin->GPC['albumid']) { $albuminfo = fetch_albuminfo($vbulletin->GPC['albumid']); if (!$albuminfo) { standard_error(fetch_error('invalidid', $vbphrase['album'], $vbulletin->options['contactuslink'])); } $vbulletin->GPC['userid'] = $albuminfo['userid']; } if ($vbulletin->GPC['pictureid']) { $pictureinfo = fetch_pictureinfo($vbulletin->GPC['pictureid'], $albuminfo['albumid']); if (!$pictureinfo) { standard_error(fetch_error('invalidid', $vbphrase['picture'], $vbulletin->options['contactuslink'])); } } if (!$vbulletin->GPC['userid']) { print_no_permission(); } $userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1, FETCH_USERINFO_USERCSS);
} } if (!empty($approveids)) { require_once DIR . '/packages/vbattach/attach.php'; $attachmultiple = new vB_Attachment_Display_Multiple($vbulletin); $attachments = $attachmultiple->fetch_results("a.attachmentid IN (" . implode(",", $approveids) . ") AND a.state = 'moderation' AND a.contentid <> 0", false, 0, 0); $db->query_write("\n\t\t\tUPDATE " . TABLE_PREFIX . "attachment\n\t\t\tSET\tstate = 'visible'\n\t\t\tWHERE attachmentid IN (" . implode(",", array_keys($attachments)) . ")\n\t\t"); vB_Router::setRelativePath('../'); $contenttypeid = vB_Types::instance()->getContentTypeID('vBForum_Album'); $albums = array(); //Fetchs only contentid from attachments that are album pictures $pictures = $db->query_read_slave($sql = "\n\t\tSELECT attachmentid, contentid\n\t\tFROM " . TABLE_PREFIX . "attachment\n\t\tWHERE attachmentid IN (" . implode(',', array_keys($attachments)) . ")\n\t\t\tAND contenttypeid = {$contenttypeid}\n\t\t"); require_once DIR . '/includes/functions_album.php'; while ($picture = $db->fetch_array($pictures)) { // check if album has cover if not save the possible attachment for cover $album = fetch_albuminfo($picture['contentid']); if ($album['coverattachmentid'] == 0) { $albums[$album['albumid']][] = $picture['attachmentid']; } else { $albums[$album['albumid']] = ''; } } foreach ($albums as $albumid => $attachments) { $albumid = array('albumid' => $albumid); $albumdata =& datamanager_init('Album', $vbulletin, ERRTYPE_SILENT); $albumdata->set_existing($albumid); //look for possible covers if ($attachments[0]) { $albumdata->set('coverattachmentid', $attachments[0]); } //update albums