--- /dev/null
+<?php\r
+//gallery member class\r
+\r
+class GALLERY_MEMBER extends MEMBER {\r
+ \r
+ function makeguest() {\r
+ $this->id = 0;\r
+ $this->realname = 'guest';\r
+ $this->displayname = 'guest';\r
+ }\r
+ \r
+ function canAddAlbum() {\r
+ global $NPG_CONF;\r
+ \r
+ if ($this->isAdmin()) return true;\r
+ \r
+ //depends on setting of $NPG_CONF['add_album']\r
+ if ($NPG_CONF['add_album'] == 'guest' ) return true;\r
+ if ($NPG_CONF['add_album'] == 'member' && $this->isloggedin() ) return true;\r
+ if ($NPG_CONF['add_album'] == 'select') {\r
+ $result = mysql_query('select addalbum from '.sql_table('plug_gallery_member').' where memberid='.intval($this->getID()) );\r
+ if(!$result) return false;\r
+ $row = mysql_fetch_assoc($result);\r
+ if($row['addalbum']) return true;\r
+ }\r
+ \r
+ //the default:\r
+ return false;\r
+ \r
+ }\r
+ function canAddPicture($albumid=0) {\r
+ \r
+ //super-admin\r
+ if ($this->isAdmin()) return true;\r
+ \r
+ //if no album specified (ie albumid = 0), then look if user is member or owner of any albums\r
+ if(!$albumid) {\r
+ $aa = $this->getAllowedAlbums();\r
+ if($aa) return true; else return false;\r
+ }\r
+ \r
+ //album owner or guest/public album\r
+ $result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid='.intval($albumid));\r
+ if(!$result) return false;\r
+ $row = mysql_fetch_assoc($result);\r
+ if($row['ownerid'] == $this->getID() || $row['ownerid']==0) return true;\r
+ \r
+ //album team member\r
+ $result = mysql_query('select tmemberid from '.sql_table('plug_gallery_album_team').' where talbumid='.intval($albumid));\r
+ if(!$result) return false;\r
+ while($row = mysql_fetch_assoc($result)) {\r
+ if($this->getID() == $row['tmemberid']) return true;\r
+ }\r
+ \r
+ }\r
+ function canModifyAlbum($albumid) {\r
+ \r
+ //super-admin\r
+ if ($this->isAdmin()) return true;\r
+ \r
+ //album owner except for public/guest albums -- only admin can modify those\r
+ $result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid <> 0 and albumid='.intval($albumid));\r
+ if(!$result) return false;\r
+ $row = mysql_fetch_assoc($result);\r
+ if($row['ownerid'] == $this->getID()) return true;\r
+ \r
+ //album admin (from team)\r
+ $result = mysql_query('select tmemberid, tadmin from '.sql_table('plug_gallery_album_team').' where talbumid='.intval($albumid));\r
+ if(!$result) return false;\r
+ while($row = mysql_fetch_assoc($result)) {\r
+ if($this->getID() == $row['tmemberid'] || $row['tadmin']) return true;\r
+ }\r
+ \r
+ }\r
+ function canModifyPicture($pictureid) {\r
+ \r
+ //super-admin\r
+ if ($this->isAdmin()) return true;\r
+ \r
+ //picture owner\r
+ $result = mysql_query('select ownerid from '.sql_table('plug_gallery_picture').' where pictureid='.intval($pictureid));\r
+ if(!$result) return false;\r
+ $row = mysql_fetch_assoc($result);\r
+ if($row['ownerid'] == $this->getID()) return true;\r
+ \r
+ //album owner, but not guest\r
+ $result = mysql_query('select a.ownerid from '.sql_table('plug_gallery_album').' as a, '.sql_table('plug_gallery_picture').' as p where a.albumid=p.albumid and p.pictureid='.intval($pictureid));\r
+ if(!$result) return false;\r
+ $row = mysql_fetch_assoc($result);\r
+ if($row['ownerid'] == $this->getID() && $this->getID() <> 0) return true;\r
+ \r
+ //album admin (from team)\r
+ \r
+ }\r
+ \r
+ function canModifyComment($commentid) {\r
+ \r
+ //super-admin\r
+ if ($this->isAdmin()) {\r
+ $result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.intval($commentid));\r
+ if (mysql_num_rows($result)) return true; else return false;\r
+ }\r
+ \r
+ //comment ovnwer\r
+ $result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.intval($commentid));\r
+ $row = mysql_fetch_assoc($result);\r
+ if($row['cmemberid'] == $this->getID()) return true;\r
+ \r
+ }\r
+ \r
+ function getAllowedAlbums() {\r
+ $allowed_albums = array();\r
+\r
+ $memberid = intval($this->getID());\r
+ if(!$memberid) $memberid=0; //guest\r
+\r
+ if($this->isadmin()) {\r
+ $query = "select *, title as albumname from ".sql_table('plug_gallery_album')\r
+ .' left join '.sql_table('member').' on ownerid=mnumber';\r
+ } else {\r
+ $query = "select *, title as albumname from ".sql_table('plug_gallery_album')\r
+ .' left join '.sql_table('plug_gallery_album_team').' on albumid=talbumid'\r
+ .' left join '.sql_table('member').' on ownerid=mnumber'\r
+ ." where tmemberid=$memberid or ownerid=$memberid or ownerid=0";\r
+ }\r
+ \r
+ $result = mysql_query($query);\r
+ if(!$result) echo mysql_error().'<br/>';\r
+ if(@ !mysql_num_rows($result)) return false; \r
+ while ($row = mysql_fetch_object($result)) {\r
+ if($row->mnumber==0) $row->mname='guest';\r
+ array_push($allowed_albums, $row);\r
+ }\r
+ \r
+ return $allowed_albums;\r
+ }\r
+ function getAllowedAlbumsids() {\r
+ $allowed_albums = array();\r
+\r
+ $memberid = intval($this->getID());\r
+ if(!$memberid) $memberid=0; //guest\r
+\r
+ if($this->isadmin()) {\r
+ $query = "select *, title as albumname from ".sql_table('plug_gallery_album')\r
+ .' left join '.sql_table('member').' on ownerid=mnumber';\r
+ } else {\r
+ $query = "select *, title as albumname from ".sql_table('plug_gallery_album')\r
+ .' left join '.sql_table('plug_gallery_album_team').' on albumid=talbumid'\r
+ .' left join '.sql_table('member').' on ownerid=mnumber'\r
+ ." where tmemberid=$memberid or ownerid=$memberid or ownerid=0";\r
+ }\r
+ \r
+ $result = mysql_query($query);\r
+ if(!$result) echo mysql_error().'<br/>';\r
+ if(@ !mysql_num_rows($result)) return false; \r
+ while ($row = mysql_fetch_object($result)) {\r
+ if($row->mnumber==0) $row->mname='guest';\r
+ array_push($allowed_albums, $row->albumid);\r
+ \r
+ }\r
+ \r
+ return $allowed_albums;\r
+ }\r
+ \r
+}\r
+?>\r