PHP PhotoAlbum::checkAlbumPriv примеры использования

Пример #1

Файл: photo.php Проект: genaromendezl/ATutor

//Set pages/submenu
$_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['title'] = _AT('pa_albums') . ' - ' . $info['name'];
$_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['parent'] = AT_PA_BASENAME . 'index.php';
$_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['children'] = array(AT_PA_BASENAME . 'photo.php');
$_pages[AT_PA_BASENAME . 'photo.php']['parent'] = AT_PA_BASENAME . 'albums.php?id=' . $aid;
//TODO: Validate users, using permission and course album control.
if ($info['member_id'] != $_SESSION['member_id'] && $info['type_id'] != AT_PA_TYPE_PERSONAL) {
    $visible_albums = $pa->getAlbums($_SESSION['member_id'], $info['type_id']);
    if (!isset($visible_albums[$aid]) && $info['permission'] == AT_PA_PRIVATE_ALBUM) {
        //TODO msg;
        $msg->addError("ACCESS_DENIED");
        header('location: index.php');
        exit;
    }
}
if ($pa->checkPhotoPriv($pid, $_SESSION['member_id']) || $pa->checkAlbumPriv($_SESSION['member_id'])) {
    $action_permission = true;
} else {
    $action_permission = false;
}
//run a quick query to get the next and previous id
if (sizeof($photos) > 1) {
    $sql = 'SELECT id, ordering FROM %spa_photos WHERE album_id=%d AND (ordering=%d OR ordering=%d) ORDER BY ordering';
    $rows_next_prev = queryDB($sql, array(TABLE_PREFIX, $aid, $photo_info['ordering'] - 1, $photo_info['ordering'] + 1));
    if (count($rows_next_prev) > 0) {
        $prev = $rows_next_prev[0];
        $next = $rows_next_prev[1];
        //then reassign prev and next
        if (empty($next)) {
            if ($prev['ordering'] > $photo_info['ordering']) {
                $next = $prev;

Пример #2

Файл: delete_album.php Проект: genaromendezl/ATutor

/***********************************************************************/
// $Id$
$_user_location = 'public';
define('AT_INCLUDE_PATH', '../../../include/');
require AT_INCLUDE_PATH . 'vitals.inc.php';
include AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
//clr_dir()
//include (AT_INCLUDE_PATH.'lib/filemanager.inc.php');	//clr_dir()
include AT_PA_INCLUDE . 'lib.inc.php';
//album_filepath
include AT_PA_INCLUDE . 'classes/PhotoAlbum.class.php';
//validates if this is me/have the privilege to delete.
$id = intval($_REQUEST['id']);
$pa = new PhotoAlbum($id);
$info = $pa->getAlbumInfo();
if (!$pa->checkAlbumPriv($_SESSION['member_id'])) {
    $msg->addError('ACCESS_DENIED');
    header('Location: index.php');
    exit;
}
if ($_POST['submit_no']) {
    $msg->addFeedback('CANCELLED');
    Header('Location: index.php');
    exit;
}
if ($_POST['submit_yes']) {
    //delete
    $pa->deleteAlbum();
    $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
    if ($info['type_id'] == AT_PA_TYPE_COURSE_ALBUM) {
        Header('Location: course_albums.php');

Пример #3

Файл: profile_album.inc.php Проект: radiocontrolled/ATutor

$page = intval($_GET['p']);
$photos_count = sizeof($pa->getAlbumPhotos());
$last_page = ceil($photos_count/AT_PA_PHOTOS_PER_PAGE);

if (!$page || $page < 0) {
	$page = 1;
} elseif ($page > $last_page){
	$page = $last_page;
}

$count  = (($page-1) * AT_PA_PHOTOS_PER_PAGE) + 1;
$offset = ($page-1) * AT_PA_PHOTOS_PER_PAGE;

//get details
$photos = $pa->getAlbumPhotos($offset);
$comments = $pa->getComments($id, false);
//TODO: Can improve performance by adding this to a session variable
$memory_usage = memoryUsage($_SESSION['member_id']);	

include (AT_INCLUDE_PATH.'header.inc.php');
$savant->assign('album_info', $info);
$savant->assign('photos', $photos);
$savant->assign('comments', $comments);
$savant->assign('page', $page);
$savant->assign('num_rows', $photos_count);
$savant->assign('memory_usage', $memory_usage/(1024*1024));	//mb
$savant->assign('allowable_memory_usage', $_config['pa_max_memory_per_member']);	//mb
$savant->assign('action_permission', $pa->checkAlbumPriv($_SESSION['member_id']));
$savant->display('photos/pa_profile_albums.tmpl.php');
include (AT_INCLUDE_PATH.'footer.inc.php'); 
?>

Пример #4

Файл: delete_comment.php Проект: genaromendezl/ATutor

$_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['parent'] = AT_PA_BASENAME . 'index.php';
//$_pages[AT_PA_BASENAME.'albums.php?id='.$aid]['children'] = array(AT_PA_BASENAME.'photo.php');
$_pages[AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid]['title'] = _AT('pa_photo');
$_pages[AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid]['parent'] = AT_PA_BASENAME . 'albums.php?id=' . $aid;
$_pages[AT_PA_BASENAME . 'delete_comment.php']['parent'] = AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid;
//init
$pa = new PhotoAlbum($aid);
if ($pid == 0) {
    //not a photo
    $isPhoto = false;
} else {
    $isPhoto = true;
}
//Check permission
//owner of comments and album owner can delete comments.
if (!$pa->checkCommentPriv($comment_id, $_SESSION['member_id'], $isPhoto) && !$pa->checkAlbumPriv($_SESSION['member_id'])) {
    $msg->addError('ACCESS_DENIED');
    header('Location: index.php');
    exit;
}
if ($_POST['submit_no']) {
    $msg->addFeedback('CANCELLED');
    if ($isPhoto) {
        header('Location: photo.php?pid=' . $pid . SEP . 'aid=' . $aid);
    } else {
        header('Location: albums.php?id=' . $aid);
    }
    exit;
}
if ($_POST['submit_yes']) {
    //delete

Пример #5

Файл: albums.php Проект: genaromendezl/ATutor

/* as published by the Free Software Foundation.					   */
/***********************************************************************/
// $Id$
$_user_location = 'public';
define('AT_INCLUDE_PATH', '../../../include/');
require AT_INCLUDE_PATH . 'vitals.inc.php';
include AT_PA_INCLUDE . 'classes/PhotoAlbum.class.php';
include AT_PA_INCLUDE . 'classes/SimpleImage.class.php';
include AT_PA_INCLUDE . 'lib.inc.php';
include AT_PA_INCLUDE . 'classes/AjaxMessage.class.php';
//$_custom_css = $_base_path . AT_PA_BASENAME . 'module.css'; // use a custom stylesheet
$_custom_head .= '<script src="' . $_base_path . AT_PA_BASENAME . 'include/ajaxupload.js" type="text/javascript"></script>';
$id = intval($_REQUEST['id']);
$pa = new PhotoAlbum($id);
$info = $pa->getAlbumInfo();
$action_permission = $pa->checkAlbumPriv($_SESSION['member_id']);
//TODO: Validate users, using permission and course album control.
if ($info['member_id'] != $_SESSION['member_id'] && $info['type_id'] != AT_PA_TYPE_PERSONAL) {
    $visible_albums = $pa->getAlbums($_SESSION['member_id'], $info['type_id']);
    if (!isset($visible_albums[$id]) && $info['permission'] == AT_PA_PRIVATE_ALBUM) {
        //TODO msg;
        $msg->addError("ACCESS_DENIED");
        header('location: index.php');
        exit;
    }
}
//Set pages/submenu
$_pages[AT_PA_BASENAME . 'index.php']['children'] = array(AT_PA_BASENAME . 'albums.php');
$_pages[AT_PA_BASENAME . 'albums.php']['title'] = _AT('pa_albums') . ' - ' . $info['name'];
if ($info['type_id'] == AT_PA_TYPE_MY_ALBUM) {
    $_pages[AT_PA_BASENAME . 'albums.php']['parent'] = AT_PA_BASENAME . 'index.php';

Пример #6

Файл: edit_comment.php Проект: genaromendezl/ATutor

/* modify it under the terms of the GNU General Public License		   */
/* as published by the Free Software Foundation.					   */
/***********************************************************************/
// $Id$
$_user_location = 'public';
define('AT_INCLUDE_PATH', '../../../include/');
require AT_INCLUDE_PATH . 'vitals.inc.php';
include AT_PA_INCLUDE . 'classes/PhotoAlbum.class.php';
//check what comment this is for. Album or Photo.
$pid = intval($_POST['pid']);
$aid = intval($_POST['aid']);
$cid = $_POST['cid'];
$comment = $_POST['comment'];
if (isset($_POST['pid']) && $pid > 0) {
    $isPhoto = true;
} else {
    $isPhoto = false;
}
$cid = intval(str_replace('cid_', '', $cid));
$pa = new PhotoAlbum($aid);
//validates
if ($pa->checkAlbumPriv($_SESSION['member_id']) || $pa->checkCommentPriv($cid, $_SESSION['member_id'], $isPhoto)) {
    $result = $pa->editComment($cid, $comment, $isPhoto);
}
if ($result === true) {
    //TODO: AJAX
    header('HTTP/1.0 200 OK');
} else {
    header('HTTP/1.0 404 Not Found');
}
exit;

Пример #7

Файл: delete_photo.php Проект: genaromendezl/ATutor

$aid = intval($_REQUEST['aid']);
//_pages
$_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['title'] = _AT('pa_albums');
$_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['parent'] = AT_PA_BASENAME . 'index.php';
//$_pages[AT_PA_BASENAME.'albums.php?id='.$aid]['children'] = array(AT_PA_BASENAME.'photo.php');
$_pages[AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid]['title'] = _AT('pa_photo');
$_pages[AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid]['parent'] = AT_PA_BASENAME . 'albums.php?id=' . $aid;
$_pages[AT_PA_BASENAME . 'delete_photo.php']['parent'] = AT_PA_BASENAME . 'photo.php?pid=' . $pid . SEP . 'aid=' . $aid;
//init
$pa = new PhotoAlbum($aid);
if ($pid < 1 || $aid < 1) {
    $msg->addError('PA_PHOTO_NOT_FOUND');
    //no such picture
    header('Location: index.php');
    exit;
} elseif (!$pa->checkPhotoPriv($pid, $_SESSION['member_id']) && !$pa->checkAlbumPriv($_SESSION['member_id'])) {
    $msg->addError('ACCESS_DENIED');
    header('Location: albums.php?id=' . $aid);
    exit;
}
if ($_POST['submit_no']) {
    $msg->addFeedback('CANCELLED');
    Header('Location: photo.php?aid=' . $aid . SEP . 'pid=' . $pid);
    exit;
}
if ($_POST['submit_yes']) {
    //delete
    $pa->deletePhoto($pid);
    $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
    header('Location: albums.php?id=' . $aid);
    exit;