/** * returns the mitigated album rights. * returns NULL if not a managed album */ function albumSubRights() { if (!is_null($this->subrights)) { return $this->subrights; } global $_zp_admin_album_list; if (zp_loggedin(MANAGE_ALL_ALBUM_RIGHTS)) { $this->subrights = MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_RIGHTS_UPLOAD | MANAGED_OBJECT_RIGHTS_VIEW; return $this->subrights; } if (zp_loggedin(VIEW_UNPUBLISHED_RIGHTS)) { $base = MANAGED_OBJECT_RIGHTS_VIEW; } else { $base = NULL; } getManagedAlbumList(); if (count($_zp_admin_album_list) > 0) { $desired_folders = explode('/', $this->name); foreach ($_zp_admin_album_list as $adminalbum => $rights) { // see if it is one of the managed folders or a subfolder there of $admin_folders = explode('/', $adminalbum); $level = 0; $ok = true; foreach ($admin_folders as $folder) { if ($level >= count($desired_folders) || $folder != $desired_folders[$level]) { $ok = false; break; } $level++; } if ($ok) { $this->subrights = $rights | $base; return $this->subrights; } } } $this->subrights = $base; return $this->subrights; }
/** * Gets an array of comments for the current admin * * @param int $number how many comments desired * @return array */ function fetchComments($number) { if ($number) { $limit = " LIMIT {$number}"; } else { $limit = ''; } $comments = array(); if (zp_loggedin(ADMIN_RIGHTS | COMMENT_RIGHTS)) { if (zp_loggedin(ADMIN_RIGHTS | MANAGE_ALL_ALBUM_RIGHTS)) { $sql = "SELECT *, (date + 0) AS date FROM " . prefix('comments') . " ORDER BY id DESC{$limit}"; $comments = query_full_array($sql); } else { $albumlist = getManagedAlbumList(); $albumIDs = array(); foreach ($albumlist as $albumname) { $subalbums = getAllSubAlbumIDs($albumname); foreach ($subalbums as $ID) { $albumIDs[] = $ID['id']; } } if (count($albumIDs) > 0) { $sql = "SELECT *, (`date` + 0) AS date FROM " . prefix('comments') . " WHERE "; $sql .= " (`type`='albums' AND ("; $i = 0; foreach ($albumIDs as $ID) { if ($i > 0) { $sql .= " OR "; } $sql .= "(" . prefix('comments') . ".ownerid={$ID})"; $i++; } $sql .= ")) "; $sql .= " ORDER BY id DESC{$limit}"; $albumcomments = query($sql); if ($albumcomments) { while ($comment = db_fetch_assoc($albumcomments)) { $comments[$comment['id']] = $comment; } db_free_result($albumcomments); } $sql = "SELECT *, " . prefix('comments') . ".id as id, " . prefix('comments') . ".name as name, (" . prefix('comments') . ".date + 0) AS date, " . prefix('images') . ".`albumid` as albumid," . prefix('images') . ".`id` as imageid" . " FROM " . prefix('comments') . "," . prefix('images') . " WHERE "; $sql .= "(`type` IN (" . zp_image_types("'") . ") AND ("; $i = 0; foreach ($albumIDs as $ID) { if ($i > 0) { $sql .= " OR "; } $sql .= "(" . prefix('comments') . ".ownerid=" . prefix('images') . ".id AND " . prefix('images') . ".albumid={$ID})"; $i++; } $sql .= "))"; $sql .= " ORDER BY " . prefix('images') . ".`id` DESC{$limit}"; $imagecomments = query($sql); if ($imagecomments) { while ($comment = db_fetch_assoc($imagecomments)) { $comments[$comment['id']] = $comment; } db_free_result($imagecomments); } krsort($comments); if ($number) { if ($number < count($comments)) { $comments = array_slice($comments, 0, $number); } } } } } return $comments; }
?> </h1> <?php $albpublish = $_zp_gallery->getAlbumPublish(); $imgpublish = $_zp_gallery->getImagePublish(); if (isset($_POST['publish_date'])) { $requestdate = dateTimeConvert(sanitize($_POST['publish_date'])); } else { $requestdate = date('Y-m-d H:i:s'); } $albumidlist = ''; $albumids = ''; if (zp_loggedin(ADMIN_RIGHTS)) { $albumlist = $_zp_gallery->getAlbums(); } else { $albumlist = getManagedAlbumList(); $albumIDs = array(); foreach ($albumlist as $albumname) { $subalbums = getAllSubAlbumIDs($albumname); foreach ($subalbums as $ID) { $albumIDs[] = $ID['id']; } } $i = 0; foreach ($albumIDs as $ID) { if ($i > 0) { $albumidlist .= ' OR '; $albumids .= ' OR '; } $albumidlist .= prefix('images') . '.albumid=' . $ID; $albumids .= '`id`=' . $ID;
* exit(); * ?> * * Where <zenphoto install root> is the URL of your zenphoto root folder, e.g. http://myhost.com/zenphoto * * Of course, modify the style of this script to fit your needs. */ require_once dirname(__FILE__) . '/zp-core/global-definitions.php'; define('OFFSET_PATH', 0); require_once ZENFOLDER . "/template-functions.php"; checkInstall(); if (!is_null($_zp_current_admin_obj)) { if ($_zp_loggedin & ADMIN_RIGHTS) { header("Location: " . WEBPATH . "/"); } else { $albums = getManagedAlbumList(); $album = array_shift($albums); header("Location: " . WEBPATH . "/" . $album . '/'); } } header('Content-Type: text/html; charset=' . getOption('charset')); ?> <html> <head> <title>Zenphoto Single_login</title> </head> <body> <?php printPasswordForm('', true, false, "#"); ?> </body>
/** * Checks to see if the loggedin Admin has rights to the album * * @param string $albumfolder the album to be checked * @param int $action what the user wishes to do */ function isMyAlbum($albumfolder, $action) { global $_zp_loggedin, $_zp_admin_album_list; if ($_zp_loggedin & (ADMIN_RIGHTS | ALL_ALBUMS_RIGHTS)) { return true; } if (empty($albumfolder)) { return false; } if ($_zp_loggedin & $action) { if (is_null($_zp_admin_album_list)) { getManagedAlbumList(); } if (count($_zp_admin_album_list) == 0) { return false; } foreach ($_zp_admin_album_list as $key => $adminalbum) { // see if it is one of the managed folders or a subfolder there of if (substr($albumfolder, 0, strlen($adminalbum)) == $adminalbum) { return true; } } return false; } else { return false; } }
if ($rights & THEMES_RIGHTS) { $zplist = array(); foreach ($_zp_gallery->getThemes() as $theme => $data) { if (protectedTheme($theme)) { $zplist[] = preg_quote($theme); } } $opts['roots'][1] = array('driver' => 'LocalFileSystem', 'startPath' => SERVERPATH . '/' . THEMEFOLDER . '/' . $themeRequest, 'path' => SERVERPATH . '/' . THEMEFOLDER . '/' . $themeRequest, 'URL' => WEBPATH . '/' . THEMEFOLDER . '/' . $themeRequest, 'alias' => $themeAlias, 'mimeDetect' => 'internal', 'tmbPath' => '.tmb', 'utf8fix' => true, 'tmbCrop' => false, 'tmbBgColor' => 'transparent', 'accessControl' => 'access', 'acceptedName' => '/^[^\\.].*$/', 'attributes' => $attr = array(array('pattern' => '/.(' . implode('$|', $zplist) . '$)/', 'read' => true, 'write' => false, 'locked' => true), array('pattern' => '/.(' . implode('\\/|', $zplist) . '\\/)/', 'read' => true, 'write' => false, 'locked' => true))); } if ($rights & UPLOAD_RIGHTS) { $opts['roots'][2] = array('driver' => 'LocalFileSystem', 'startPath' => getAlbumFolder(SERVERPATH), 'path' => getAlbumFolder(SERVERPATH), 'URL' => getAlbumFolder(WEBPATH), 'alias' => sprintf(gettext('Albums folder (%s)'), basename(getAlbumFolder())), 'mimeDetect' => 'internal', 'tmbPath' => '.tmb', 'utf8fix' => true, 'tmbCrop' => false, 'tmbBgColor' => 'transparent', 'uploadAllow' => array('image'), 'acceptedName' => '/^[^\\.].*$/'); if ($rights & ADMIN_RIGHTS) { $opts['roots'][2]['accessControl'] = 'access'; } else { $opts['roots'][2]['accessControl'] = 'accessAlbums'; $_managed_folders = getManagedAlbumList(); $excluded_folders = $_zp_gallery->getAlbums(0); $excluded_folders = array_diff($excluded_folders, $_managed_folders); foreach ($excluded_folders as $key => $folder) { $excluded_folders[$key] = preg_quote($folder); } $maxupload = ini_get('upload_max_filesize'); $maxuploadint = parse_size($maxupload); $uploadlimit = zp_apply_filter('get_upload_limit', $maxuploadint); $all_actions = $_not_upload = $_not_edit = array(); foreach ($_managed_folders as $key => $folder) { $rightsalbum = newAlbum($folder); $modified_rights = $rightsalbum->subRights(); if ($uploadlimit <= 0) { $modified_rights = $modified_rights & ~MANAGED_OBJECT_RIGHTS_UPLOAD; }
/** * returns the mitigated album rights. * returns NULL if not a managed album */ function subRights() { global $_zp_admin_album_list; if (!is_null($this->subrights)) { return $this->subrights; } $this->subrights = 0; if (zp_loggedin()) { if (zp_loggedin(MANAGE_ALL_ALBUM_RIGHTS)) { $this->subrights = MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_RIGHTS_UPLOAD | MANAGED_OBJECT_RIGHTS_VIEW; return $this->subrights; } getManagedAlbumList(); if (count($_zp_admin_album_list) > 0) { $uralbum = getUrAlbum($this); if ($uralbum->name == $this->name) { if (isset($_zp_admin_album_list[$uralbum->name])) { $this->subrights = $_zp_admin_album_list[$uralbum->name] | MANAGED_OBJECT_MEMBER; if (zp_loggedin(VIEW_UNPUBLISHED_RIGHTS)) { $this->subrights = $this->subrights | MANAGED_OBJECT_RIGHTS_VIEW; } } } else { $this->subrights = $uralbum->subRights(); } } } return $this->subrights; }
/** * Gets an array of comments for the current admin * * @param int $number how many comments desired * @return array */ function fetchComments($number) { if ($number) { $limit = " LIMIT {$number}"; } else { $limit = ''; } global $_zp_loggedin; $comments = array(); if ($_zp_loggedin & ADMIN_RIGHTS) { $sql = "SELECT `id`, `name`, `website`, `type`, `ownerid`," . " (date + 0) AS date, `comment`, `email`, `inmoderation`, `ip`, `private`, `anon` FROM " . prefix('comments') . " ORDER BY id DESC{$limit}"; $comments = query_full_array($sql); } else { if ($_zp_loggedin & COMMENT_RIGHTS) { $albumlist = getManagedAlbumList(); $albumIDs = array(); foreach ($albumlist as $albumname) { $subalbums = getAllSubAlbumIDs($albumname); foreach ($subalbums as $ID) { $albumIDs[] = $ID['id']; } } if (count($albumIDs) > 0) { $sql = "SELECT `id`, `name`, `website`, `type`, `ownerid`," . " (`date` + 0) AS date, `comment`, `email`, `inmoderation`, `ip` " . " FROM " . prefix('comments') . " WHERE "; $sql .= " (`type`='albums' AND ("; $i = 0; foreach ($albumIDs as $ID) { if ($i > 0) { $sql .= " OR "; } $sql .= "(" . prefix('comments') . ".ownerid={$ID})"; $i++; } $sql .= ")) "; $sql .= " ORDER BY id DESC{$limit}"; $albumcomments = query_full_array($sql); foreach ($albumcomments as $comment) { $comments[$comment['id']] = $comment; } $sql = "SELECT ." . prefix('comments') . ".id as id, " . prefix('comments') . ".name as name, `website`, `type`, `ownerid`," . " (" . prefix('comments') . ".date + 0) AS date, `comment`, `email`, `inmoderation`, `ip`, " . prefix('images') . ".`albumid` as albumid" . " FROM " . prefix('comments') . "," . prefix('images') . " WHERE "; $sql .= "(`type` IN (" . zp_image_types("'") . ") AND ("; $i = 0; foreach ($albumIDs as $ID) { if ($i > 0) { $sql .= " OR "; } $sql .= "(" . prefix('comments') . ".ownerid=" . prefix('images') . ".id AND " . prefix('images') . ".albumid={$ID})"; $i++; } $sql .= "))"; $sql .= " ORDER BY id DESC{$limit}"; $imagecomments = query_full_array($sql); foreach ($imagecomments as $comment) { $comments[$comment['id']] = $comment; } krsort($comments); if ($number) { if ($number < count($comments)) { $comments = array_slice($comments, 0, $number); } } } } } return $comments; }