//Set pages/submenu $_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['title'] = _AT('pa_albums') . ' - ' . $info['name']; $_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['parent'] = AT_PA_BASENAME . 'index.php'; $_pages[AT_PA_BASENAME . 'albums.php?id=' . $aid]['children'] = array(AT_PA_BASENAME . 'photo.php'); $_pages[AT_PA_BASENAME . 'photo.php']['parent'] = AT_PA_BASENAME . 'albums.php?id=' . $aid; //TODO: Validate users, using permission and course album control. if ($info['member_id'] != $_SESSION['member_id'] && $info['type_id'] != AT_PA_TYPE_PERSONAL) { $visible_albums = $pa->getAlbums($_SESSION['member_id'], $info['type_id']); if (!isset($visible_albums[$aid]) && $info['permission'] == AT_PA_PRIVATE_ALBUM) { //TODO msg; $msg->addError("ACCESS_DENIED"); header('location: index.php'); exit; } } if ($pa->checkPhotoPriv($pid, $_SESSION['member_id']) || $pa->checkAlbumPriv($_SESSION['member_id'])) { $action_permission = true; } else { $action_permission = false; } //run a quick query to get the next and previous id if (sizeof($photos) > 1) { $sql = 'SELECT id, ordering FROM %spa_photos WHERE album_id=%d AND (ordering=%d OR ordering=%d) ORDER BY ordering'; $rows_next_prev = queryDB($sql, array(TABLE_PREFIX, $aid, $photo_info['ordering'] - 1, $photo_info['ordering'] + 1)); if (count($rows_next_prev) > 0) { $prev = $rows_next_prev[0]; $next = $rows_next_prev[1]; //then reassign prev and next if (empty($next)) { if ($prev['ordering'] > $photo_info['ordering']) { $next = $prev;
/***********************************************************************/ // $Id$ define('AT_INCLUDE_PATH', '../../../include/'); require AT_INCLUDE_PATH . 'vitals.inc.php'; include AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php'; //clr_dir() //include (AT_INCLUDE_PATH.'lib/filemanager.inc.php'); //clr_dir() include AT_PA_INCLUDE . 'lib.inc.php'; //album_filepath include AT_PA_INCLUDE . 'classes/PhotoAlbum.class.php'; //validates if this is me/have the privilege to delete. $pid = intval($_GET['pid']); $aid = intval($_GET['aid']); //init $pa = new PhotoAlbum($aid); if ($pid < 1 || $aid < 1) { $msg->addError('PA_PHOTO_NOT_FOUND'); //no such picture header('Location: index.php'); exit; } elseif (!$pa->checkPhotoPriv($pid, $_SESSION['member_id'])) { $msg->addError('ACCESS_DENIED'); header('Location: albums.php?id=' . $aid); exit; } if ($pa->deletePhoto($pid)) { header('HTTP/1.1 200 OK'); } else { header('HTTP/1.1 500 Internal Server Error'); } exit;