get->keyExists('sort')) { $USER['sort'] = $superCage->get->getAlpha('sort'); } if ($superCage->get->testInt('cat')) { $cat = $superCage->get->getInt('cat'); } if ($superCage->get->keyExists('uid')) { $USER['uid'] = $superCage->get->getInt('uid'); } if ($superCage->get->keyExists('album')) { if ($superCage->get->testAlpha('album')) { $album = $superCage->get->getAlpha('album'); } else { $album = $superCage->get->getInt('album'); } } if ($superCage->get->keyExists('search')) { // find out if a parameter has been submitted at all $allowed = array('title', 'caption', 'keywords', 'filename', 'pic_raw_ip', 'pic_hdr_ip', 'user1', 'user2', 'user3', 'user4', 'type', 'owner_name', 'newer_than', 'older_than'); foreach ($allowed as $key) { if ($superCage->get->keyExists($key)) { $USER['search']['params'][$key] = $superCage->get->getEscaped($key); } else { unset($USER['search']['params'][$key]); } } //here again the use of getRaw, but it will be sanitized in search.inc.php $USER['search']['search'] = utf_replace($superCage->get->getRaw('search')); $USER['search']['search'] = str_replace('"', '\'', $USER['search']['search']); $album = 'search'; } $page = $superCage->get->testInt('page') ? max($superCage->get->getInt('page'), 1) : 1; $breadcrumb = ''; $breadcrumb_text = ''; $cat_data = array(); $lang_meta_album_names['lastupby'] = $lang_meta_album_names['lastup']; $lang_meta_album_names['lastcomby'] = $lang_meta_album_names['lastcom']; if (isset($album) && is_numeric($album)) { $result = cpg_db_query("SELECT category, title, aid, keyword, description, alb_password_hint FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = $album"); if ($result->numRows() > 0) { $CURRENT_ALBUM_DATA = $result->fetchAssoc(); $actual_cat = $CURRENT_ALBUM_DATA['category']; $CURRENT_ALBUM_KEYWORD = $CURRENT_ALBUM_DATA['keyword']; breadcrumb($actual_cat, $breadcrumb, $breadcrumb_text); $cat = - $album; } $result->free(); if ($CONFIG['custom_sortorder_thumbs']) { //show sort options only when not a meta album $js_sort_vars = array( 'aid' => $album, 'page' => $page, 'sort_name' => $lang_thumb_view['name'], 'sort_title' => $lang_common['title'], 'sort_date' => $lang_thumb_view['date'], 'sort_position' => $lang_thumb_view['position'], 'sort_ta' => $lang_thumb_view['sort_ta'], 'sort_td' => $lang_thumb_view['sort_td'], 'sort_na' => $lang_thumb_view['sort_na'], 'sort_nd' => $lang_thumb_view['sort_nd'], 'sort_da' => $lang_thumb_view['sort_da'], 'sort_dd' => $lang_thumb_view['sort_dd'], 'sort_pa' => $lang_thumb_view['sort_pa'], 'sort_pd' => $lang_thumb_view['sort_pd'] ); set_js_var('sort_vars', $js_sort_vars); js_include('js/thumbnails.js'); } // Meta albums, we need to restrict the albums to the current category // except lastupby and lastcomby as CPG currently restricts these to the user's albums } elseif (isset($cat) && $album != 'lastupby' && $album != 'lastcomby') { if ($cat < 0) { $result = cpg_db_query("SELECT category, title, aid, keyword, description, alb_password_hint FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = " . (- $cat)); if ($result->numRows() > 0) { $CURRENT_ALBUM_DATA = $result->fetchAssoc(); $actual_cat = $CURRENT_ALBUM_DATA['category']; $CURRENT_ALBUM_KEYWORD = $CURRENT_ALBUM_DATA['keyword']; } $result->free(); get_meta_album_set($cat); breadcrumb($actual_cat, $breadcrumb, $breadcrumb_text); $CURRENT_CAT_NAME = $CURRENT_ALBUM_DATA['title']; $CURRENT_ALBUM_KEYWORD = $CURRENT_ALBUM_DATA['keyword']; } elseif ($cat == 0) { get_meta_album_set(0); } else { if ($cat >= FIRST_USER_CAT) { $user_name = get_username($cat - FIRST_USER_CAT); $CURRENT_CAT_NAME = sprintf($lang_list_categories['xx_s_gallery'], $user_name); } else { $result = cpg_db_query("SELECT name FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = $cat"); if ($result->numRows() == 0) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_cat'], __FILE__, __LINE__); } $row = $result->fetchAssoc(true); $CURRENT_CAT_NAME = $row['name']; } get_meta_album_set($cat); breadcrumb($cat, $breadcrumb, $breadcrumb_text); } } else { get_meta_album_set(0); } if (isset($CURRENT_ALBUM_DATA)) { $section = $CURRENT_ALBUM_DATA['title']; } elseif (isset($album) && array_key_exists($album, $lang_meta_album_names)) { $section = $lang_meta_album_names[$album]; if ($album == 'search' && isset($USER['search']['search'])) { $section .= ' - "' . strip_tags($USER['search']['search']) . '"'; } } else { $section = ''; } $meta_keywords = ''; // keep the search engine spiders from indexing meta albums that are subject to constant changes $meta_albums_array = array( 'lastup', 'lastcom', 'topn', 'toprated', 'favpics', 'random', 'datebrowse' ); if (in_array($superCage->get->getAlpha('album'), $meta_albums_array)) { $meta_keywords .= ''; } pageheader($section, $meta_keywords); if ($breadcrumb) { if (strpos($CONFIG['main_page_layout'], 'breadcrumb') !== false) { theme_display_breadcrumb($breadcrumb, $cat_data); } theme_display_cat_list($breadcrumb, $cat_data, ''); } /** * Function to draw the password box if the album is password protected */ function form_albpw() { global $lang_thumb_view, $CURRENT_ALBUM_DATA; $superCage = Inspekt::makeSuperCage(); starttable('-1', $lang_thumb_view['enter_alb_pass'], 2); if ($superCage->post->keyExists('validate_album')) { $login_failed = " {$lang_thumb_view['invalid_pass']} "; } if (!empty($CURRENT_ALBUM_DATA['alb_password_hint'])) { echo << {$CURRENT_ALBUM_DATA['alb_password_hint']} EOT; } echo <<

{$lang_thumb_view['pass']}:

EOT; endtable(); } $valid = false; //flag to test whether the album is validated. if ($CONFIG['allow_private_albums'] == 0 || !in_array($album, $FORBIDDEN_SET_DATA)) { $valid = true; } elseif ($superCage->post->keyExists('validate_album')) { $password = md5($superCage->post->getEscaped('password')); $sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE alb_password = '$password' AND aid = $album"; $result = cpg_db_query($sql); if ($result->numRows()) { $albpw = $superCage->cookie->getEscaped($CONFIG['cookie_name'] . '_albpw'); if (!empty($albpw)) { $albpw = unserialize($albpw); } $albpw[$album] = $password; $alb_cookie_str = serialize($albpw); setcookie($CONFIG['cookie_name'] . "_albpw", $alb_cookie_str); get_private_album_set($album); $valid = true; } else { // Invalid password $valid = false; } } else { $sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = $album AND alb_password != ''"; $result = cpg_db_query($sql); if ($result->numRows()) { // This album has a password. // Check whether the cookie is set for the current albums password $albpw = $superCage->cookie->getEscaped($CONFIG['cookie_name'] . '_albpw'); if (!empty($albpw)) { $alb_pw = unserialize($albpw); // Check whether the alubm id in the cookie is same as that of the album id send by get if (isset($alb_pw[$album])) { $sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE alb_password = '{$alb_pw[$album]}' AND aid = $album"; $result = cpg_db_query($sql); if ($result->numRows()) { $valid = true; //The album password is correct. Show the album details. get_private_album_set(); } } } } else { // Album with no password. Might be a private or normal album. Just set valid as true. $valid = true; } } CPGPluginAPI::action('post_breadcrumb', null); if (!$valid) { form_albpw(); } else { display_thumbnails($album, (isset($cat) ? $cat : 0), $page, $CONFIG['thumbcols'], $CONFIG['thumbrows'], true); } pagefooter(); //EOF