Find:
$parent = (int)$_POST['parent'];
$name = trim($_POST['name']) ? addslashes($_POST['name']) : '<???>';
$description = addslashes($_POST['description']);
cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, name, description) VALUES ('10000', '$parent', '$name', '$description')");
break;
case 'deletecat':
Change to:
$parent = (int)$_POST['parent'];
if (!(GALLERY_ADMIN_MODE || verify_cat_owner($parent))) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
break;
}
$name = trim($_POST['name']) ? addslashes($_POST['name']) : '<???>';
$description = addslashes($_POST['description']);
$query = "INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, name, description, owner_id) VALUES ('10000', '$parent', '$name', '$description', ";
if (GALLERY_ADMIN_MODE && isset($_POST['owner_id']))
cpg_db_query($query . "{$_POST['owner_id']})");
else
cpg_db_query($query . USER_ID . ")");
break;
case 'deletecat':
Find:
$cid = (int)$_GET['cid'];
$result = cpg_db_query("SELECT parent FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '$cid' LIMIT 1");
if ($cid == 1) cpg_die(ERROR, $lang_catmgr_php['usergal_cat_ro'], __FILE__, __LINE__);
if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_catmgr_php['unknown_cat'], __FILE__, __LINE__);
Change to:
$cid = (int)$_GET['cid'];
if (!(GALLERY_ADMIN_MODE || verify_cat_owner($cid))) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
break;
}
$result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='$cid'");
if (mysql_num_rows($result)) {
cpg_die(ERROR, $lang_catmgr_php['cat_not_empty'], __FILE__, __LINE__);
break;
}
$result = cpg_db_query("SELECT parent FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '$cid' LIMIT 1");
if ($cid == 1) cpg_die(ERROR, $lang_catmgr_php['usergal_cat_ro'], __FILE__, __LINE__);
if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_catmgr_php['unknown_cat'], __FILE__, __LINE__);
Find:
starttable('100%', $lang_catmgr_php['update_create'], 2);
$lb = cat_list_box($current_category['parent'], $current_category['cid'], false);
$op = $current_category['cid'] ? 'updatecat' : 'createcat';
if ($CONFIG['show_bbcode_help']) {$description_help .= ' '. cpg_display_help('f=index.html&base=64&h='.urlencode(base64_encode(serialize($lang_bbcode_help_title))).'&t='.urlencode(base64_encode(serialize($lang_bbcode_help))),470,245);}
echo <<<EOT
Change to:
starttable('100%', $lang_catmgr_php['update_create'], 2);
$lb = cat_list_box($current_category['parent'], $current_category['cid'], false);
$owner_box=cat_owner_box($owner_id);
$op = $current_category['cid'] ? 'updatecat' : 'createcat';
if ($CONFIG['show_bbcode_help']) {$description_help .= ' '. cpg_display_help('f=index.html&base=64&h='.urlencode(base64_encode(serialize($lang_bbcode_help_title))).'&t='.urlencode(base64_encode(serialize($lang_bbcode_help))),470,245);}
echo <<<EOT
Find:
$lb
</td>
</tr>
<tr>
<td width="40%" class="tableb">
{$lang_catmgr_php['cat_title']}
Change to:
$lb
</td>
</tr>
EOT;
if (GALLERY_ADMIN_MODE) {
echo <<<EOT
<input type="hidden" name="owner_id" />
<tr>
<td width="40%" class="tableb">
{$lang_catmgr_php['cat_owner']}
</td>
<td width="60%" class="tableb" valign="top">
$owner_box
</td>
</tr>
EOT;
}
echo <<<EOT
<tr>
<td width="40%" class="tableb">
{$lang_catmgr_php['cat_title']}
Edit file db_input.php
Find:
if (GALLERY_ADMIN_MODE) {
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', category='$category', thumb='$thumb', uploads='$uploads', comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', alb_password_hint='$password_hint', keyword='$keyword' WHERE aid='$aid' LIMIT 1";
} else {
$category = FIRST_USER_CAT + USER_ID;
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', thumb='$thumb', comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', alb_password_hint='$password_hint',keyword='$keyword' WHERE aid='$aid' AND category='$category' LIMIT 1";
}
$update = cpg_db_query($query);
Change to:
if (GALLERY_ADMIN_MODE) {
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', category='$category', thumb='$thumb', uploads='$uploads', comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', alb_password_hint='$password_hint', keyword='$keyword' WHERE aid='$aid' LIMIT 1";
} else if (verify_cat_owner($category) || $category == FIRST_USER_CAT + USER_ID) {
$query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', category='$category', thumb='$thumb', comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', alb_password_hint='$password_hint',keyword='$keyword' WHERE aid='$aid' LIMIT 1";
} else {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
$update = cpg_db_query($query);
Edit file delete.php
Find:
$album_data = mysql_fetch_array($result);
if (!GALLERY_ADMIN_MODE) {
if ($album_data['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
$query = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='$aid'";
Change to:
$album_data = mysql_fetch_array($result);
if (!GALLERY_ADMIN_MODE) {
$category=$album_data['category'];
if (!(verify_cat_owner($category) || $category == FIRST_USER_CAT + USER_ID)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
$query = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='$aid'";
Find:
case '0':
break;
case '1':
if (GALLERY_ADMIN_MODE) {
$category = (int)$_POST['cat'];
} else {
$category = FIRST_USER_CAT + USER_ID;
}
echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['create_alb'], $op['album_nm']) . "</td></tr>\n";
$query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($op['album_nm']) . "', 'NO', '{$op['album_sort']}')";
cpg_db_query($query);
break;
case '2':
echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['update_alb'], $op['album_no'], $op['album_nm'], $op['album_sort']) . "</td></tr>\n";
$query = "UPDATE $CONFIG[TABLE_ALBUMS] SET title='" . addslashes($op['album_nm']) . "', pos='{$op['album_sort']}' WHERE aid='{$op['album_no']}' $restrict LIMIT 1";
cpg_db_query($query);
break;
default:
Change to:
case '0':
break;
case '1':
$category = (int)$_POST['cat'];
if (!(GALLERY_ADMIN_MODE
|| verify_cat_owner($category)
|| ($category == FIRST_USER_CAT + USER_ID))) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
break;
}
echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['create_alb'], $op['album_nm']) . "</td></tr>\n";
$query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($op['album_nm']) . "', 'NO', '{$op['album_sort']}')";
cpg_db_query($query);
break;
case '2':
$category = (int)$_POST['cat'];
if (!(GALLERY_ADMIN_MODE
|| verify_cat_owner($category)
|| ($category == FIRST_USER_CAT + USER_ID))) {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
break;
}
echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['update_alb'], $op['album_no'], $op['album_nm'], $op['album_sort']) . "</td></tr>\n";
$query = "UPDATE $CONFIG[TABLE_ALBUMS] SET title='" . addslashes($op['album_nm']) . "', pos='{$op['album_sort']}' WHERE aid='{$op['album_no']}' LIMIT 1";
cpg_db_query($query);
break;
default:
Edit file include/functions.inc.php
Find:
$query = "DELETE FROM {$CONFIG['TABLE_VOTE_STATS']} WHERE $clause";
cpg_db_query($query);
}
?>
Change to:
$query = "DELETE FROM {$CONFIG['TABLE_VOTE_STATS']} WHERE $clause";
cpg_db_query($query);
}
function verify_cat_owner($cid1, $cid2=-99)
{
global $CONFIG;
$result = cpg_db_query("SELECT owner_id FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '$cid1' || cid = '$cid2'");
$count=mysql_num_rows($result);
if(!$count) {
return false;
} else if (($cid2 >= 0) && ($count != 2)) {
return false;
}
while($row=cpg_db_fetch_row($result)) {
if ($row["owner_id"]!=USER_ID) {
return false;
}
}
return true;
}
?>
Edit file index.php
Find:
$alb_list[$alb_idx]['last_upl'] = $last_upload_date;
$alb_list[$alb_idx]['link_pic_count'] = $link_pic_count;
$alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 ) ? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
$alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT)) ? html_albummenu($alb_thumb['aid']) : ' ';
} elseif ($CONFIG['show_private']) { // uncomment this else block to show private album description
$last_upload_date = $count ? localised_date($alb_stat['last_upload'], $lastup_date_fmt) : '';
$link_pic_count = !empty($alb_stat['link_pic_count']) ? $alb_stat['link_pic_count'] : 0;
Change to:
$alb_list[$alb_idx]['last_upl'] = $last_upload_date;
$alb_list[$alb_idx]['link_pic_count'] = $link_pic_count;
$alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 ) ? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
$alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT) || verify_cat_owner($cat)) ? html_albummenu($alb_thumb['aid']) : ' ';
} elseif ($CONFIG['show_private']) { // uncomment this else block to show private album description
$last_upload_date = $count ? localised_date($alb_stat['last_upload'], $lastup_date_fmt) : '';
$link_pic_count = !empty($alb_stat['link_pic_count']) ? $alb_stat['link_pic_count'] : 0;
Find:
$alb_list[$alb_idx]['last_upl'] = $last_upload_date;
$alb_list[$alb_idx]['link_pic_count'] = $link_pic_count;
$alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 ) ? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
$alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT)) ? html_albummenu($alb_thumb['aid']) : ' ';
}
}
Change to:
$alb_list[$alb_idx]['last_upl'] = $last_upload_date;
$alb_list[$alb_idx]['link_pic_count'] = $link_pic_count;
$alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 ) ? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
$alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT) || verify_cat_owner($cat)) ? html_albummenu($alb_thumb['aid']) : ' ';
}
}
Find:
$alb_list[$alb_idx]['pic_count'] = $count;
$alb_list[$alb_idx]['last_upl'] = $last_upload_date;
$alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0) ? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
$alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT)) ? html_albummenu($alb_thumb['aid']) : '';
} elseif ($CONFIG['show_private']) { // uncomment this else block to show private album description
$last_upload_date = $count ? localised_date($alb_stat['last_upload'], $lastup_date_fmt) : '';
$link_pic_count = !empty($alb_stat['link_pic_count']) ? $alb_stat['link_pic_count'] : 0;
Change to:
$alb_list[$alb_idx]['pic_count'] = $count;
$alb_list[$alb_idx]['last_upl'] = $last_upload_date;
$alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0) ? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
$alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT) || verify_cat_owner($cat)) ? html_albummenu($alb_thumb['aid']) : '';
} elseif ($CONFIG['show_private']) { // uncomment this else block to show private album description
$last_upload_date = $count ? localised_date($alb_stat['last_upload'], $lastup_date_fmt) : '';
$link_pic_count = !empty($alb_stat['link_pic_count']) ? $alb_stat['link_pic_count'] : 0;
Find:
$alb_list[$alb_idx]['pic_count'] = $count;
$alb_list[$alb_idx]['last_upl'] = $last_upload_date;
$alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 )? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
$alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT)) ? html_albummenu($alb_thumb['aid']) : '';
}
}
ob_start();
Change to:
$alb_list[$alb_idx]['pic_count'] = $count;
$alb_list[$alb_idx]['last_upl'] = $last_upload_date;
$alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 )? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
$alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT) || verify_cat_owner($cat)) ? html_albummenu($alb_thumb['aid']) : '';
}
}
ob_start();