function alt_from_resource($source, $target, $name = '', $delete = false)
{
// Copy a resource as an alt file of another resource
// alt is the source resource, $ref is the target resource that will get the new alternate
global $view_title_field;
$srcdata = get_resource_data($source);
$srcext = $srcdata['file_extension'];
$srcpath = get_resource_path($source, true, "", false, $srcext);
if ($name == '') {
$name = sql_value("select value from resource_data where resource_type_field = '{$view_title_field}' and resource = '{$source}'", 'Untitled');
}
$description = '';
if (!file_exists($srcpath)) {
echo "ERROR: File not found.";
return false;
} else {
$file_size = filesize_unlimited($srcpath);
$altid = add_alternative_file($target, $name, $description = "", $file_name = "", $file_extension = "", $file_size, $alt_type = '');
$newpath = get_resource_path($target, true, "", true, $srcext, -1, 1, false, '', $altid);
copy($srcpath, $newpath);
# Preview creation for alternative files (enabled via config)
global $alternative_file_previews;
if ($alternative_file_previews) {
create_previews($target, false, $srcext, false, false, $altid);
}
if ($delete) {
// we are supposed to delete the original resource when we're done
# Not allowed to edit this resource? They shouldn't have been able to get here.
if (!get_edit_access($source, $srcdata["archive"], false, $srcdata) || checkperm('D')) {
exit("Permission denied.");
} else {
delete_resource($source);
}
}
return true;
}
}
<div class="clearerleft"> </div>
<?php if ($errors!="") { ?><div class="FormError">!! <?php echo $errors?> !!</div><?php } ?>
</div>
<?php } ?>
<?php if ($list_recipients){?>
<div class="Question">
<label for="list_recipients"><?php echo $lang["list-recipients-label"]; ?></label><input type=checkbox id="list_recipients" name="list_recipients">
<div class="clearerleft"> </div>
</div>
<?php } ?>
<?php if($useraccess==0)
{
$resourcedata=get_resource_data($ref,true);
if(get_edit_access($ref,$resource['archive'],false,$resource))
{?>
<div class="Question">
<label for="grant_internal_access"><?php echo $lang["internal_share_grant_access"] ?></label>
<input type=checkbox id="grant_internal_access" name="grant_internal_access" onClick="if(this.checked){jQuery('#question_internal_access').slideDown();}else{jQuery('#question_internal_access').slideUp()};">
<div class="clearerleft"> </div>
</div>
<?php
}
}?>
<?php if(!hook("replaceemailaccessselector")){?>
<div class="Question" id="question_access">
<label for="access"><?php echo $lang["externalselectresourceaccess"]?></label>
<select class="stdwidth" name="access" id="access">
function allow_multi_edit($collection)
{
global $resource;
# Returns true or false, can all resources in this collection be edited by the user?
# also applies edit filter, since it uses get_resource_access
if (!is_array($collection)) {
// collection is an array of resource data
$collection = do_search("!collection" . $collection);
}
for ($n = 0; $n < count($collection); $n++) {
$resource = $collection[$n];
if (!get_edit_access($collection[$n]["ref"], $collection[$n]["archive"], false, $collection[$n])) {
return false;
}
}
if (hook('denyaftermultiedit', '', array($collection))) {
return false;
}
return true;
# Updated: 2008-01-21: Edit all now supports multiple types, so always return true.
/*
$types=sql_query("select distinct r.resource_type from collection_resource c left join resource r on c.resource=r.ref where c.collection='$collection'");
if (count($types)!=1) {return false;}
$status=sql_query("select distinct r.archive from collection_resource c left join resource r on c.resource=r.ref where c.collection='$collection'");
if (count($status)!=1) {return false;}
return true;
*/
}
$offset = getvalescaped("offset", "", true);
$order_by = getvalescaped("order_by", "");
$archive = getvalescaped("archive", "", true);
$restypes = getvalescaped("restypes", "");
if (strpos($search, "!") !== false) {
$restypes = "";
}
$default_sort = "DESC";
if (substr($order_by, 0, 5) == "field") {
$default_sort = "ASC";
}
$sort = getval("sort", $default_sort);
# Fetch resource data.
$resource = get_resource_data($ref);
# Not allowed to edit this resource?
if ((!get_edit_access($ref, $resource["archive"], false, $resource) || checkperm('A')) && $ref > 0) {
exit("Permission denied.");
}
hook("pageevaluation");
# Handle deleting a file
if (getval("filedelete", "") != "") {
delete_alternative_file($ref, getvalescaped("filedelete", ""));
}
include "../include/header.php";
?>
<div class="BasicsBox">
<p>
<a onClick="return CentralSpaceLoad(this,true);" href="<?php
echo $baseurl_short;
?>
pages/edit.php?ref=<?php
foreach ($fields as $field) {
if ($field["fref"] == $display_field_below_preview) {
$displaycondition = check_view_display_condition($fields, $df);
if ($displaycondition) {
$previewcaption = $fields[$df];
// Remove from the array so we don't display it twice
unset($fields[$df]);
//Reorder array
$fields = array_values($fields);
}
}
$df++;
}
}
# Load edit access level (checking edit permissions - e0,e-1 etc. and also the group 'edit filter')
$edit_access = get_edit_access($ref, $resource["archive"], $fields, $resource);
if ($k != "") {
$edit_access = 0;
}
function check_view_display_condition($fields, $n)
{
#Check if field has a display condition set
$displaycondition = true;
if ($fields[$n]["display_condition"] != "") {
//echo $fields[$n]["display_condition"] . "<br>";
$fieldstocheck = array();
#' Set up array to use in jQuery script function
$s = explode(";", $fields[$n]["display_condition"]);
$condref = 0;
foreach ($s as $condition) {
$displayconditioncheck = false;
function get_resource_access($resource)
{
# $resource may be a resource_data array from a search, in which case, many of the permissions checks are already done.
# Returns the access that the currently logged-in user has to $resource.
# Return values:
# 0 = Full Access (download all sizes)
# 1 = Restricted Access (download only those sizes that are set to allow restricted downloads)
# 2 = Confidential (no access)
# Load the 'global' access level set on the resource
# In the case of a search, resource type and global,group and user access are passed through to this point, to avoid multiple unnecessary get_resource_data queries.
# passthru signifies that this is the case, so that blank values in group or user access mean that there is no data to be found, so don't check again .
$passthru="no";
// get_resource_data doesn't contain permissions, so fix for the case that such an array could be passed into this function unintentionally.
if (is_array($resource) && !isset($resource['group_access']) && !isset($resource['user_access'])){$resource=$resource['ref'];}
if (!is_array($resource)){
$resourcedata=get_resource_data($resource,true);
}
else {
$resourcedata=$resource;
$passthru="yes";
}
$ref=$resourcedata['ref'];
$access=$resourcedata["access"];
$resource_type=$resourcedata['resource_type'];
global $k;
if ($k!="")
{
# External access - check how this was shared.
$extaccess=sql_value("select access value from external_access_keys where resource=".$ref." and access_key='" . escape_check($k) . "'",-1);
if ($extaccess!=-1) {return $extaccess;}
}
if (checkperm("v"))
{
# Permission to access all resources
# Always return 0
return 0;
}
if ($access==3)
{
# Load custom access level
if ($passthru=="no"){
global $usergroup;
$access=get_custom_access($resource,$usergroup);
//echo "checked group access: ".$access;
}
else {
$access=$resource['group_access'];
}
}
if ($access == 1 && get_edit_access($ref, $resourcedata['archive']))
{
# If access is restricted and user has edit access, grant open access.
$access = 0;
}
global $open_access_for_contributor, $userref;
if ($open_access_for_contributor && $access == 1 && $resourcedata['created_by'] == $userref)
{
# If access is restricted and user has contributed resource, grant open access.
$access = 0;
}
# Check for user-specific access (overrides any other restriction)
global $userref;
if ($passthru=="no"){
$userspecific=get_custom_access_user($resource,$userref);
//echo "checked user access: ".$userspecific;
}
else {
$userspecific=$resourcedata['user_access'];
}
if ($userspecific!="")
{
return $userspecific;
}
global $usersearchfilter, $search_filter_strict;
if ((trim($usersearchfilter)!="") && $search_filter_strict)
{
# A search filter has been set. Perform filter processing to establish if the user can view this resource.
# Always load metadata, because the provided metadata may be missing fields due to permissions.
$metadata=get_resource_field_data($ref,false,false);
for ($n=0;$n<count($metadata);$n++)
{
$name=$metadata[$n]["name"];
$value=$metadata[$n]["value"];
if ($name!="")
{
$match=filter_match($usersearchfilter,$name,$value);
if ($match==1) {return 2;} # The match for this field was incorrect, always show as confidential in this event.
}
}
# Also check resource type
# Disabled until also implented in do_search() - future feature - syntax supported in edit filter only for now.
/*
$match=filter_match($usersearchfilter,"resource_type",$resource_type);
if ($match==1) {return 2;} # The match for this field was incorrect, always show as confidential in this event.
*/
}
if ($access==0 && !checkperm("g"))
{
# User does not have the 'g' permission. Always return restricted for active resources.
return 1;
}
if (checkperm('X'.$resource_type)){
// this resource type is always restricted for this user group
return 1;
}
if (checkperm('T'.$resource_type)){
// this resource type is always confidential/hidden for this user group
return 2;
}
return $access;
}
$ref = $items[0];
} else {
$multiple = false;
}
# Fetch resource data.
$resource = get_resource_data($ref);
# Allow alternative configuration settings for this resource type.
resource_type_config_override($resource["resource_type"]);
# If upload template, check if the user has upload permission.
if ($ref < 0 && !(checkperm("c") || checkperm("d"))) {
$error = $lang['error-permissiondenied'];
error_alert($error);
exit;
}
# Check edit permission.
if (!get_edit_access($ref, $resource["archive"], false, $resource)) {
# The user is not allowed to edit this resource or the resource doesn't exist.
$error = $lang['error-permissiondenied'];
error_alert($error);
exit;
}
if (getval("regen", "") != "") {
sql_query("update resource set preview_attempts=0 WHERE ref='" . $ref . "'");
create_previews($ref, false, $resource["file_extension"]);
}
if (getval("regenexif", "") != "") {
extract_exif_comment($ref);
}
# Establish if this is a metadata template resource, so we can switch off certain unnecessary features
$is_template = isset($metadata_template_resource_type) && $resource["resource_type"] == $metadata_template_resource_type;
hook("editbeforeheader");
$multiple=false;
}
# Fetch resource data.
$resource=get_resource_data($ref);
# If upload template, check if the user has upload permission.
if ($ref<0 && !(checkperm("c") || checkperm("d")))
{
$error=$lang['error-permissiondenied'];
error_alert($error);
exit();
}
# Check edit permission.
if (!get_edit_access($ref,$resource["archive"]))
{
# The user is not allowed to edit this resource or the resource doesn't exist.
$error=$lang['error-permissiondenied'];
error_alert($error);
exit();
}
if (getval("regen","")!="")
{
create_previews($ref,false,$resource["file_extension"]);
}
if (getval("regenexif","")!="")
{
extract_exif_comment($ref);
include "../include/db.php";
include "../include/authenticate.php";
include "../include/general.php";
include "../include/resource_functions.php";
include "../include/header.php";
if ($disable_geocoding){exit("Geomapping disabled.");}
# Fetch resource data.
$ref = getvalescaped('ref','',true);
if ($ref=='') {die;}
$resource=get_resource_data($ref);
if ($resource==false) {die;}
# Not allowed to edit this resource?
if (!get_edit_access($ref,$resource["archive"])) {exit ("Permission denied.");}
?>
<?php
if (isset($_POST['submit']))
{
$s=explode(",",getvalescaped('geo-loc',''));
if (count($s)==2)
{
$mapzoom=getvalescaped('map-zoom','');
if ($mapzoom>=2 && $mapzoom<=21)
{
sql_query("update resource set geo_lat='" . escape_check($s[0]) . "',geo_long='" . escape_check($s[1]) . "',mapzoom='" . escape_check($mapzoom) . "' where ref='$ref'");
}
else
$restypes = "";
}
$default_sort = "DESC";
if (substr($order_by, 0, 5) == "field") {
$default_sort = "ASC";
}
$sort = getval("sort", $default_sort);
$archive = getvalescaped("archive", 0, true);
$errors = array();
# The results of the save operation (e.g. required field messages)
$editaccess = get_edit_access($ref);
if (!$propose_changes_always_allow) {
# Check user has permission.
$proposeallowed = sql_value("select r.ref value from resource r left join collection_resource cr on r.ref='{$ref}' and cr.resource=r.ref left join user_collection uc on uc.user='******' and uc.collection=cr.collection left join collection c on c.ref=uc.collection where c.propose_changes=1", "");
}
if (!$propose_changes_always_allow && $proposeallowed == "" && !get_edit_access($ref)) {
# The user is not allowed to edit this resource or the resource doesn't exist.
$error = $lang['error-permissiondenied'];
error_alert($error);
exit;
}
if ($editaccess) {
$userproposals = sql_query("select pc.user, u.username from propose_changes_data pc left join user u on u.ref=pc.user where resource='{$ref}' group by pc.user order by u.username asc");
$view_user = getvalescaped("proposeuser", count($userproposals) == 0 ? $userref : $userproposals[0]["user"]);
$proposed_changes = get_proposed_changes($ref, $view_user);
} else {
$proposed_changes = get_proposed_changes($ref, $userref);
}
# Fetch resource data.
$resource = get_resource_data($ref);
# Load resource data
<?php
include dirname(__FILE__) . '/../../include/db.php';
include dirname(__FILE__) . '/../../include/general.php';
include dirname(__FILE__) . '/../../include/authenticate.php';
include dirname(__FILE__) . '/../../include/resource_functions.php';
$resource = getvalescaped('resource', '');
$ref = getvalescaped('ref', '');
$type = getvalescaped('type', '');
$resource_data = get_resource_data($resource);
// User should have edit access to this resource!
if (!get_edit_access($resource, $resource_data['archive'], false, $resource_data)) {
exit('Permission denied.');
}
if ($type == 'user') {
// Delete the user record from the database
$query = sprintf('
DELETE FROM resource_custom_access
WHERE resource = "%s"
AND user = "******";
', $resource, $ref);
} elseif ($type == 'usergroup') {
// Delete the user record from the database
$query = sprintf('
DELETE FROM resource_custom_access
WHERE resource = "%s"
AND usergroup = "%s";
', $resource, $ref);
} else {
exit('No type');
}
<?php
include_once '../../include/db.php';
include_once '../../include/general.php';
include_once '../../include/authenticate.php';
include_once '../../include/resource_functions.php';
$ref = intval(getvalescaped('ref', '', true));
$related = intval(getvalescaped('related', '', true));
$add = getvalescaped('action', 'add') == "add";
if (!get_edit_access($ref) || !get_edit_access($related)) {
exit($lang["error-permissiondenied"]);
}
//echo $ref;
//echo $related;
//echo ($add)?"Adding":"removing";
$update = update_related_resource($ref, $related, $add);
if (!$update) {
exit("error");
}
exit("SUCCESS");
$restypes = getvalescaped("restypes", "");
if (strpos($search, "!") !== false) {
$restypes = "";
}
$default_sort = "DESC";
if (substr($order_by, 0, 5) == "field") {
$default_sort = "ASC";
}
$sort = getval("sort", $default_sort);
$resource = getvalescaped("resource", "", true);
# Fetch resource data.
$resourcedata = get_resource_data($resource);
# Load the configuration for the selected resource type. Allows for alternative notification addresses, etc.
resource_type_config_override($resourcedata["resource_type"]);
# Not allowed to edit this resource?
if ((!get_edit_access($resource, $resourcedata["archive"], false, $resourcedata) || checkperm('A')) && $resource > 0) {
exit("Permission denied.");
}
hook("pageevaluation");
# Fetch alternative file data
$file = get_alternative_file($resource, $ref);
if ($file === false) {
exit("Alternative file not found.");
}
if (getval("name", "") != "") {
hook("markmanualupload");
# Save file data
save_alternative_file($resource, $ref);
// Check to see if we need to notify users of this change
if ($notify_on_resource_change_days != 0) {
notify_resource_change($resource);
<?php
include_once "../../../include/db.php";
include_once "../../../include/authenticate.php";
include_once "../../../include/general.php";
include_once "../../../include/resource_functions.php";
include_once "../../../include/image_processing.php";
include_once "../include/transform_functions.php";
// verify that the requested ResourceID is numeric.
$ref = $_REQUEST['ref'];
if (!is_numeric($ref)) {
echo "Error: non numeric ref.";
exit;
}
# Load edit access level
$edit_access = get_edit_access($ref);
# Load download access level
$access = get_resource_access($ref);
$cropperestricted = in_array($usergroup, $cropper_restricteduse_groups);
// are they requesting to change the original?
if (isset($_REQUEST['mode']) && strtolower($_REQUEST['mode']) == 'original') {
$original = true;
} else {
$original = false;
}
// if they can't download this resource, they shouldn't be doing this
// also, if they are trying to modify the original but don't have edit access
// they should never get these errors, because the links shouldn't show up if no perms
if ($access != 0 || $original && !$edit_access) {
include "../../../include/header.php";
echo "Permission denied.";
function get_resource_access($resource)
{
# $resource may be a resource_data array from a search, in which case, many of the permissions checks are already done.
# Returns the access that the currently logged-in user has to $resource.
# Return values:
# 0 = Full Access (download all sizes)
# 1 = Restricted Access (download only those sizes that are set to allow restricted downloads)
# 2 = Confidential (no access)
# Load the 'global' access level set on the resource
# In the case of a search, resource type and global,group and user access are passed through to this point, to avoid multiple unnecessary get_resource_data queries.
# passthru signifies that this is the case, so that blank values in group or user access mean that there is no data to be found, so don't check again .
$passthru = "no";
// get_resource_data doesn't contain permissions, so fix for the case that such an array could be passed into this function unintentionally.
if (is_array($resource) && !isset($resource['group_access']) && !isset($resource['user_access'])) {
$resource = $resource['ref'];
}
if (!is_array($resource)) {
$resourcedata = get_resource_data($resource, true);
} else {
$resourcedata = $resource;
$passthru = "yes";
}
$ref = $resourcedata['ref'];
$access = $resourcedata["access"];
$resource_type = $resourcedata['resource_type'];
// Set a couple of flags now that we can check later on if we need to check whether sharing is permitted based on whether access has been specifically granted to user/group
global $customgroupaccess, $customuseraccess;
$customgroupaccess = false;
$customuseraccess = false;
global $k;
if ($k != "") {
# External access - check how this was shared.
$extaccess = sql_value("select access value from external_access_keys where resource=" . $ref . " and access_key='" . escape_check($k) . "' and (expires is null or expires>now())", -1);
if ($extaccess != -1) {
return $extaccess;
}
}
global $uploader_view_override, $userref;
if (checkperm("z" . $resourcedata['archive']) && !($uploader_view_override && $resourcedata['created_by'] == $userref)) {
// User has no access to this archive state
return 2;
}
if (checkperm("v")) {
# Permission to access all resources
# Always return 0
return 0;
}
if ($access == 3) {
$customgroupaccess = true;
# Load custom access level
if ($passthru == "no") {
global $usergroup;
$access = get_custom_access($resource, $usergroup);
} else {
$access = $resource['group_access'];
}
}
if ($access == 1 && get_edit_access($ref, $resourcedata['archive'], false, $resourcedata)) {
# If access is restricted and user has edit access, grant open access.
$access = 0;
}
global $open_access_for_contributor;
if ($open_access_for_contributor && $access == 1 && $resourcedata['created_by'] == $userref) {
# If access is restricted and user has contributed resource, grant open access.
$access = 0;
}
# Check for user-specific and group-specific access (overrides any other restriction)
global $userref, $usergroup;
if ($passthru == "no") {
$userspecific = get_custom_access_user($resource, $userref);
$groupspecific = get_custom_access($resource, $usergroup, false);
} else {
$userspecific = $resourcedata['user_access'];
$groupspecific = $resourcedata['group_access'];
}
if ($userspecific != "") {
$customuseraccess = true;
return $userspecific;
}
if ($groupspecific != "") {
$customgroupaccess = true;
return $groupspecific;
}
if (checkperm('T' . $resource_type)) {
// this resource type is always confidential/hidden for this user group
return 2;
}
global $usersearchfilter, $search_filter_strict;
if (trim($usersearchfilter) != "" && $search_filter_strict) {
# A search filter has been set. Perform filter processing to establish if the user can view this resource.
# Always load metadata, because the provided metadata may be missing fields due to permissions.
/*
# ***** OLD METHOD ***** - used filter_match() - required duplication and was very difficult to implement OR matching for the field name supporting OR across fields
$metadata=get_resource_field_data($ref,false,false);
for ($n=0;$n<count($metadata);$n++)
{
$name=$metadata[$n]["name"];
$value=$metadata[$n]["value"];
if ($name!="")
{
$match=filter_match($usersearchfilter,$name,$value);
echo "<br />$name/$value = $match";
if ($match==1) {return 2;} # The match for this field was incorrect, always show as confidential in this event.
}
}
# Also check resource type
# Disabled until also implented in do_search() - future feature - syntax supported in edit filter only for now.
/*
$match=filter_match($usersearchfilter,"resource_type",$resource_type);
if ($match==1) {return 2;} # The match for this field was incorrect, always show as confidential in this event.
*/
# ***** NEW METHOD ***** - search for the resource, utilising the existing filter matching in do_search to avoid duplication.
global $search_all_workflow_states;
$search_all_workflow_states_cache = $search_all_workflow_states;
$search_all_workflow_states = TRUE;
$results = do_search("!resource" . $ref);
$search_all_workflow_states = $search_all_workflow_states_cache;
if (count($results) == 0) {
return 2;
}
# Not found in results, so deny
}
if ($access == 0 && !checkperm("g") && !$customgroupaccess) {
# User does not have the 'g' permission. Return restricted for active resources unless group has been granted overide access.
$access = 1;
}
if ($access == 0 && checkperm('X' . $resource_type)) {
// this resource type is always restricted for this user group
$access = 1;
}
// Check derestrict filter
global $userderestrictfilter;
if ($access == 1 && trim($userderestrictfilter) != "") {
# A filter has been set to derestrict access when certain metadata criteria are met
if (!isset($metadata)) {
# load metadata if not already loaded
$metadata = get_resource_field_data($ref, false, false);
}
$matchedfilter = false;
for ($n = 0; $n < count($metadata); $n++) {
$name = $metadata[$n]["name"];
$value = $metadata[$n]["value"];
if ($name != "") {
$match = filter_match($userderestrictfilter, $name, $value);
if ($match == 1) {
$matchedfilter = false;
break;
}
if ($match == 2) {
$matchedfilter = true;
}
}
}
if ($matchedfilter) {
$access = 0;
}
}
return $access;
}
<?php
include "../../../include/db.php";
include "../../../include/authenticate.php";
if (!checkperm("r")) {
exit("Permission denied.");
}
include "../../../include/general.php";
include "../../../include/resource_functions.php";
$ref = getvalescaped("ref", "");
$resource = getvalescaped("resource", "");
# Check access
$edit_access = get_edit_access($resource);
if (!$edit_access) {
exit("Access denied");
}
# Should never arrive at this page without edit access
if (getval("submitted", "") != "") {
# Save license data
# Construct expiry date
$expires = getvalescaped("expires_year", "") . "-" . getvalescaped("expires_month", "") . "-" . getvalescaped("expires_day", "");
# Construct usage
$license_usage = "";
if (isset($_POST["license_usage"])) {
$license_usage = escape_check(join(", ", $_POST["license_usage"]));
}
if ($ref == "new") {
# New record
sql_query("insert into resource_license (resource,outbound,holder,license_usage,description,expires) values ('" . getvalescaped("resource", "") . "', '" . getvalescaped("outbound", "") . "', '" . getvalescaped("holder", "") . "', '{$license_usage}', '" . getvalescaped("description", "") . "', '{$expires}')");
$ref = sql_insert_id();
resource_log($resource, "", "", $lang["new_license"] . " " . $ref);
$default_sort = "DESC";
if (substr($order_by, 0, 5) == "field") {
$default_sort = "ASC";
}
$sort = getval("sort", $default_sort);
$allowed_extensions = "";
if ($resource_type != "") {
$allowed_extensions = get_allowed_extensions_by_type($resource_type);
}
$alternative = getvalescaped("alternative", "");
# Batch upload alternative files
$replace = getvalescaped("replace", "");
# Replace Resource Batch
$replace_resource = getvalescaped("replace_resource", "");
# Option to replace existing resource file
if ($replace_resource && !get_edit_access($replace_resource)) {
$replace_resource = false;
}
# Create a new collection?
if ($collection_add == -1) {
# The user has chosen Create New Collection from the dropdown.
if ($collectionname == "") {
$collectionname = "Upload " . date("YmdHis");
}
# Do not translate this string, the collection name is translated when displayed!
$collection_add = create_collection($userref, $collectionname);
if (getval("public", '0') == 1) {
collection_set_public($collection_add);
}
if (strlen(getval("themestring", '')) > 0) {
$themearr = explode('||', getval("themestring", ''));
