function getPhoto($database, $type, $photoUrl, $isAdmin) { $retinaSuffix = '@2x'; $urlParts = explode('.', $photoUrl); $dbUrl = $photoUrl; # If the filename ends in $retinaSuffix, remove it for the database query if (substr_compare($urlParts[0], $retinaSuffix, strlen($urlParts[0]) - strlen($retinaSuffix), strlen($retinaSuffix)) === 0) { $dbUrl = substr($urlParts[0], 0, -strlen($retinaSuffix)) . '.' . $urlParts[1]; } # Get photo if ($type == 'thumb') { $query = Database::prepare($database, "SELECT * FROM ? WHERE thumbUrl = '?' LIMIT 1", array(LYCHEE_TABLE_PHOTOS, $dbUrl)); } else { $query = Database::prepare($database, "SELECT * FROM ? WHERE url = '?' LIMIT 1", array(LYCHEE_TABLE_PHOTOS, $dbUrl)); } $photos = Database::execute($database, $query, __METHOD__, __LINE__); $photo = $photos->fetch_object(); if ($photo === null) { http_response_code(404); exit('Photo not found'); } # Check if public if ($isAdmin === true || $photo->public === '1') { # Photo public return $photo; } else { # Check if album public $album = new Album($database, null, null, $photo->album); $agP = $album->getPublic(); if ($agP === true) { return $photo; } } # Photo private return false; }
private static function getAlbumArchiveAction() { Validator::required(isset($_GET['albumID'], $_GET['password']), __METHOD__); $album = new Album($_GET['albumID']); if ($album->getPublic() && $album->getDownloadable()) { // Album Public if ($album->checkPassword($_GET['password'])) { $album->getArchive(); } else { Response::warning('Wrong password!'); } } else { // Album Private Response::warning('Album private or not downloadable!'); } }
/** * Checks if photo or parent album is public. * @return integer 0 = Photo private and parent album private * 1 = Album public, but password incorrect * 2 = Photo public or album public and password correct */ public function getPublic($password) { // Check dependencies Validator::required(isset($this->photoIDs), __METHOD__); // Call plugins Plugins::get()->activate(__METHOD__, 0, func_get_args()); // Get photo $query = Database::prepare(Database::get(), "SELECT public, album FROM ? WHERE id = '?' LIMIT 1", array(LYCHEE_TABLE_PHOTOS, $this->photoIDs)); $photos = Database::execute(Database::get(), $query, __METHOD__, __LINE__); if ($photos === false) { return 0; } // Get photo object $photo = $photos->fetch_object(); // Photo not found? if ($photo === null) { Log::error(Database::get(), __METHOD__, __LINE__, 'Could not find specified photo'); return false; } // Check if public if ($photo->public === '1') { // Photo public return 2; } else { // Check if album public $album = new Album($photo->album); $agP = $album->getPublic(); $acP = $album->checkPassword($password); // Album public and password correct if ($agP === true && $acP === true) { return 2; } // Album public, but password incorrect if ($agP === true && $acP === false) { return 1; } } // Call plugins Plugins::get()->activate(__METHOD__, 1, func_get_args()); // Photo private return 0; }