if ($NPG_CONF['add_album'] == 'guest' ) return true;\r
if ($NPG_CONF['add_album'] == 'member' && $this->isloggedin() ) return true;\r
if ($NPG_CONF['add_album'] == 'select') {\r
- $result = mysql_query('select addalbum from '.sql_table('plug_gallery_member').' where memberid='.$this->getID() );\r
+ $result = mysql_query('select addalbum from '.sql_table('plug_gallery_member').' where memberid='.intval($this->getID()) );\r
if(!$result) return false;\r
$row = mysql_fetch_assoc($result);\r
if($row['addalbum']) return true;\r
}\r
\r
//album owner or guest/public album\r
- $result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid='.$albumid);\r
+ $result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid='.intval($albumid));\r
if(!$result) return false;\r
$row = mysql_fetch_assoc($result);\r
if($row['ownerid'] == $this->getID() || $row['ownerid']==0) return true;\r
\r
//album team member\r
- $result = mysql_query('select tmemberid from '.sql_table('plug_gallery_album_team').' where talbumid='.$albumid);\r
+ $result = mysql_query('select tmemberid from '.sql_table('plug_gallery_album_team').' where talbumid='.intval($albumid));\r
if(!$result) return false;\r
while($row = mysql_fetch_assoc($result)) {\r
if($this->getID() == $row['tmemberid']) return true;\r
if ($this->isAdmin()) return true;\r
\r
//album owner except for public/guest albums -- only admin can modify those\r
- $result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid <> 0 and albumid='.$albumid);\r
+ $result = mysql_query('select ownerid from '.sql_table('plug_gallery_album').' where albumid <> 0 and albumid='.intval($albumid));\r
if(!$result) return false;\r
$row = mysql_fetch_assoc($result);\r
if($row['ownerid'] == $this->getID()) return true;\r
\r
//album admin (from team)\r
- $result = mysql_query('select tmemberid, tadmin from '.sql_table('plug_gallery_album_team').' where talbumid='.$albumid);\r
+ $result = mysql_query('select tmemberid, tadmin from '.sql_table('plug_gallery_album_team').' where talbumid='.intval($albumid));\r
if(!$result) return false;\r
while($row = mysql_fetch_assoc($result)) {\r
if($this->getID() == $row['tmemberid'] || $row['tadmin']) return true;\r
if ($this->isAdmin()) return true;\r
\r
//picture owner\r
- $result = mysql_query('select ownerid from '.sql_table('plug_gallery_picture').' where pictureid='.$pictureid);\r
+ $result = mysql_query('select ownerid from '.sql_table('plug_gallery_picture').' where pictureid='.intval($pictureid));\r
if(!$result) return false;\r
$row = mysql_fetch_assoc($result);\r
if($row['ownerid'] == $this->getID()) return true;\r
\r
//album owner, but not guest\r
- $result = mysql_query('select a.ownerid from '.sql_table('plug_gallery_album').' as a, '.sql_table('plug_gallery_picture').' as p where a.albumid=p.albumid and p.pictureid='.$pictureid);\r
+ $result = mysql_query('select a.ownerid from '.sql_table('plug_gallery_album').' as a, '.sql_table('plug_gallery_picture').' as p where a.albumid=p.albumid and p.pictureid='.intval($pictureid));\r
if(!$result) return false;\r
$row = mysql_fetch_assoc($result);\r
if($row['ownerid'] == $this->getID() && $this->getID() <> 0) return true;\r
\r
//super-admin\r
if ($this->isAdmin()) {\r
- $result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.$commentid);\r
+ $result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.intval($commentid));\r
if (mysql_num_rows($result)) return true; else return false;\r
}\r
\r
//comment ovnwer\r
- $result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.$commentid);\r
+ $result = sql_query('select cmemberid from '. sql_table('plug_gallery_comment'). ' where commentid = '.intval($commentid));\r
$row = mysql_fetch_assoc($result);\r
if($row['cmemberid'] == $this->getID()) return true;\r
\r
function getAllowedAlbums() {\r
$allowed_albums = array();\r
\r
- $memberid = $this->getID();\r
+ $memberid = intval($this->getID());\r
if(!$memberid) $memberid=0; //guest\r
\r
if($this->isadmin()) {\r
function getAllowedAlbumsids() {\r
$allowed_albums = array();\r
\r
- $memberid = $this->getID();\r
+ $memberid = intval($this->getID());\r
if(!$memberid) $memberid=0; //guest\r
\r
if($this->isadmin()) {\r