function get_content_object_from_id($id)
{
// returns an object for the content with id == $id
global $db, $config_vars, $userdata, $filetypes;
// get content
$uncontent = new album_content();
if ($uncontent->generate_from_id($id) == OP_SUCCESSFUL) {
// check if user has view perms to that content
if (check_content_action_allowed($uncontent->get_contentgroup_id(), $userdata['user_id'], 'view')) {
$objtyp = $filetypes[getext($uncontent->file)];
if (isset($objtyp)) {
$incontent = new $objtyp();
//this sucks (additional sql query) but its ok for now
$incontent->generate_from_id($id);
} else {
// unsupported filetype
}
return $incontent;
} else {
return OP_MISSING_VIEW;
}
} else {
return OP_FAILED;
}
}
function delete()
{
global $db, $config_vars, $userdata;
// remove from content table
// check is user is allowed
$content = new album_content();
$content->generate_from_id($this->owner_id);
if ($userdata['user_id'] == $this->user_id or check_content_action_allowed($content->get_contentgroup_id(), $userdata['user_id'], 'content_edit')) {
// check wether the comment has child comments
if (is_array($this->get_childs())) {
// comment has childs
$this->set_feedback('DELETED');
$this->commit();
} else {
// comment has no childs
$sql = "DELETE FROM " . $config_vars['table_prefix'] . "content_comments WHERE id = " . $this->id;
if (!($result = $db->sql_query($sql))) {
error_report(SQL_ERROR, 'delete', __LINE__, __FILE__, $sql);
}
$content->dec_comments_amount();
$content->commit();
unset($this->id);
}
}
}
function get_html()
{
album_content::get_html();
return "<embed src=" . linkencode($this->get_file()) . "></embed";
}
<?php
include_once ROOT_PATH . 'libs/pclzip/pclzip.lib.php';
if ($mode == 'download') {
$cookie = $_COOKIE[$config_vars['cookie_name'] . 'basket'];
$download_array = explode(':', $cookie);
for ($i = 0; $i < sizeof($download_array) - 1; $i++) {
$content_obj = new album_content();
$content_obj->generate_from_id($download_array[$i]);
$files[] = $content_obj->get_file();
}
$filename = $config_vars['content_path_prefix'] . "/content_{$userdata['username']}.zip";
// create zip
$zip = new PclZip($filename);
$zip->create($files);
//delete zip
$HTTP_SESSION_VARS['delete_files'][] = $filename;
// send zip to browser
$header_location = @preg_match("/Microsoft|WebSTAR|Xitami/", getenv("SERVER_SOFTWARE")) ? "Refresh: 0; URL=" : "Location: ";
header($header_location . append_sid($filename, true));
}
if (is_array($contents)) {
//editing the contents
if (isset($submit) and $HTTP_POST_VARS['mode'] == 'edited') {
$add_to_cats_unparsed = get_cats_data_where_perm('id,name', 'content_add');
$add_to_cats = get_cats_string($add_to_cats_unparsed);
// loop through all content
for ($i = 0; $i < sizeof($contents); $i++) {
// set everything for edit
if ($contents[$i]->check_perm('edit')) {
$vals['name'] = $HTTP_POST_VARS['name'][$i];
