$hash = $albumobj->getPassword();
$authType = "zp_album_auth_" . $albumobj->get('id');
$hint = $albumobj->getPasswordHint();
$show = $albumobj->getUser();
if (!empty($hash)) {
break;
}
$albumobj = $albumobj->getParent();
}
}
}
if (empty($hash)) {
// check for gallery password
$hash = $_zp_gallery->getPassword();
$authType = 'zp_gallery_auth';
$hint = $_zp_gallery->getPasswordHint();
$show = $_zp_gallery->getUser();
}
if (empty($hash) && GALLERY_SECURITY == 'private' || !empty($hash) && zp_getCookie($authType) != $hash) {
require_once dirname(__FILE__) . "/template-functions.php";
$parms = '';
if (isset($_GET['wmk'])) {
$parms = '&wmk=' . $_GET['wmk'];
}
if (isset($_GET['q'])) {
$parms .= '&q=' . sanitize_numeric($_GET['q']);
}
if (isset($_GET['dsp'])) {
$parms .= '&dsp=' . sanitize_numeric($_GET['dsp']);
}
$action = WEBPATH . '/' . ZENFOLDER . '/full-image.php?userlog=1&a=' . pathurlencode($album8) . '&i=' . urlencode($image8) . $parms;
/**
* Checks to see access is allowed to an album
* Returns true if access is allowed.
* There is no password dialog--you must have already had authorization via a cookie.
*
* @param string $album album object or name of the album
* @param string &$hint becomes populated with the password hint.
* @return bool
*/
function checkAlbumPassword($album, &$hint = NULL)
{
global $_zp_pre_authorization, $_zp_gallery;
if (is_object($album)) {
$albumname = $album->name;
} else {
if (!is_object($_zp_gallery)) {
$_zp_gallery = new Gallery();
}
$album = new Album($_zp_gallery, $albumname = $album);
}
if (isset($_zp_pre_authorization[$albumname])) {
return $_zp_pre_authorization[$albumname];
}
$hash = $album->getPassword();
if (empty($hash)) {
$album = $album->getParent();
while (!is_null($album)) {
$hash = $album->getPassword();
$authType = "zp_album_auth_" . $album->get('id');
$saved_auth = zp_getCookie($authType);
if (!empty($hash)) {
if ($saved_auth == $hash) {
$_zp_pre_authorization[$albumname] = $authType;
return $authType;
} else {
$hint = $album->getPasswordHint();
return false;
}
}
$album = $album->getParent();
}
// revert all tlhe way to the gallery
$hash = $_zp_gallery->getPassword();
$authType = 'zp_gallery_auth';
$saved_auth = zp_getCookie($authType);
if (empty($hash)) {
$authType = 'zp_public_access';
} else {
if ($saved_auth != $hash) {
$hint = $_zp_gallery->getPasswordHint();
return false;
}
}
} else {
$authType = "zp_album_auth_" . $album->get('id');
$saved_auth = zp_getCookie($authType);
if ($saved_auth != $hash) {
$hint = $album->getPasswordHint();
return false;
}
}
$_zp_pre_authorization[$albumname] = $authType;
return $authType;
}
