Here is a revised version which should only display images for which the user is allowed to view.
I've added a call to get_private_album_set() and then check to see if the required album is not in the FORBIDDEN_SET_DATA list.
<?php
//
// Coppermine xfeeds plugin
// displays latest photo via RSS 2.0 or Atom 1.0 feed.
// Compatible with : Coppermine 1.3.x
//
// Hacked at : 17 November 2005, 21:15 +0800
// Hacked at : 06 November 2005, 21:12 +0800
// Originally Hacked at : 22 October 2005, 0400 +0800
// Modified by P.J.Lawrence Jan 2009 to output a feed per an album
// To display a feed for a given album type xfeed.php?album=ID
// where ID is the album which the feed is required for.
//
// Copyright (C) 2005 Mohammad Hafiz bin Ismail (mypapit)
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
//
//
// Report problems and direct all questions to:
//
// <mypapit@gmail.com>
//
// For latest version of this software, please visit :
//
// http://mypapit.net/pproject
// http://blog.mypapit.net/
//
// authors email : mypapit@gmail.com, papit01@lycos.com
//
// This partly taken
//*** user tunable ***
$upperlimit = 10; //feed limit
// WARNING : No user servicable parts below here
define('INC_COMMENT_TIMES', false);
define('FILEDUMP', false);
define('GZ_COMPRESS', false);
// [0.0 <= priority <= 1.0]
define('P_DISPLAYIMAGE', 0.5);
define('P_ALBUM', 0.5);
define('P_CATEGORY', 0.5);
// [changefreq = always || hourly || daily || weekly || monthly || yearly || never]
define('CF_DISPLAYIMAGE', 'unspecified');
define('CF_ALBUM', 'unspecified');
define('CF_CATEGORY', 'unspecified');
define('IN_COPPERMINE', true);
require('include/init.inc.php');
// This should work as it is, but hardcode if necessary.
define('CPG14', version_compare(COPPERMINE_VERSION, "1.4.0", ">="));
define('PHP5', version_compare(phpversion(), "5", ">="));
$base = rtrim($CONFIG['ecards_more_pic_target'], '/');
$albumpath = "$base/" . $CONFIG['fullpath'];
$gallery_name=$CONFIG['gallery_name'];
$author_email=$CONFIG['gallery_admin_email'];
function getmime ($Filename) {
$mimetype="text/plain";
// make an array, each value seperated by a period (.)
$Extension = explode (".", $Filename);
// Count how many are in array, and -1 due to
// php starting an array with 0
$Extension_i = (count($Extension) - 1);
// Return it..
$ext = $Extension[$Extension_i];
if ($ext == "jpg") {
$mimetype="image/jpeg";
} else if ($ext == "png") {
$mimetype="image/png";
} else if ( $ext == "gif") {
$mimetype="image/gif";
}
return $mimetype;
}
function lmdate($timestamp)
{
if (PHP5){
return date('c', $timestamp);
} else {
return date('D, d M Y H:i:s +0800', $timestamp - date('Z'));
}
}
function rfc3339date ($timestamp)
{
//2002-10-02T15:00:00Z
return(date("Y-m-d", $timestamp - date('Z')) . "T" . date("H:i:s", $timestamp - date('Z') ) . "Z");
}
//cpg_db_connect(); // uncomment this line if you're having problem connecting to the database
get_private_album_set();
$TheAlbum=null;
if (isset($_GET['album']))
{
$TheAlbum = (int) $_GET['album'];
$resultAlbum = mysql_query("SELECT aid, title, description FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid=$TheAlbum");
$result=false;
if ($resultAlbum)
{
list($aaid, $atitle, $adescription) = mysql_fetch_row($resultAlbum);
if (!in_array($aaid,$FORBIDDEN_SET_DATA))
{
$result = mysql_query("SELECT pid, aid, caption, ctime, title, keywords, filepath, filename, owner_name, filesize, pwidth, pheight FROM {$CONFIG['TABLE_PICTURES']} WHERE aid=$aaid ORDER BY ctime ASC, pid ASC");
}
}
}
else
{
// set atitle and adescription
$atitle=$gallery_name;
$adescription=$CONFIG['gallery_description'];
// find the last $upperlimit uploaded images
if(count($FORBIDDEN_SET_DATA) > 0 )
{
$forbidden_set_string =" aid NOT IN (".implode(",", $FORBIDDEN_SET_DATA).")";
$result = mysql_query("SELECT pid, aid, caption, ctime, title, keywords, filepath, filename, owner_name, filesize, pwidth, pheight FROM {$CONFIG['TABLE_PICTURES']} WHERE ($forbidden_set_string) ORDER BY ctime DESC, pid DESC LIMIT 0,$upperlimit");
}
else
{
$result = mysql_query("SELECT pid, aid, caption, ctime, title, keywords, filepath, filename, owner_name, filesize, pwidth, pheight FROM {$CONFIG['TABLE_PICTURES']} ORDER BY ctime DESC, pid DESC LIMIT 0,$upperlimit");
}
}
if (isset($_GET['type']))
{
$feedtype = $_GET['type'];
}
if ($result)
{
header("Content-type: text/xml; charset=utf-8");
if ($feedtype == "atom")
{
atom10();
}
else
{
rss20();
}
}
function rss20() {
global $result,$base,$gallery_name,$author_email,$albumpath;
global $atitle,$adescription,$TheAlbum;
global $FORBIDDEN_SET_DATA;
print "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
print "<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\"";
print " xmlns:photo=\"http://www.pheed.com/pheed/\" xmlns:media=\"http://search.yahoo.com/mrss\" >";
print "<channel>\n";
print "<title>$atitle</title>\n";
if (isset($TheAlbum))
{
print "<link>$base/thumbnails.php?album=$TheAlbum</link>\n";
}
else
{
print "<link>$base</link>\n";
}
print "<description>".htmlspecialchars(bb_decode($adescription))."</description>";
print "<lastBuildDate>" . lmdate(time()) . "</lastBuildDate>\n";
print "<generator>Mypapit CPG RSS-Plugin 2.1 http://mypapit.net/</generator>\n";
while (list($pid, $aid,$caption, $ctime, $title, $keywords,$filepath,$filename, $owner, $fsize,$width, $height) = mysql_fetch_row($result)) {
print "\t<item>\n";
bb_decode($caption_text);
print "\t\t<title>".htmlspecialchars(bb_decode($title))."</title>\n";
print "\t\t<link>$base/displayimage.php?pos=-$pid</link>\n";
print "\t\t<guid>$base/displayimage.php?pos=-$pid</guid>\n";
print "\t\t<author>$author_email</author>\n";
print "\t\t<pubDate>" . lmdate($ctime) . "</pubDate>\n";
print "\t\t<description>\n";
echo "\t\t\t\t$caption - $keywords\n";
print "\t\t</description>\n";
print "\t\t<comments>$base/displayimage.php?pos=-$pid#respond</comments>\n";
print "\t\t<content:encoded>";
print "<![CDATA[" . "<p><img src=\"$albumpath$filepath" . "thumb_$filename\" alt=\"\" /> </p><p>$caption </p><p>$keywords</p>" . "]]>\n";
print "\t\t</content:encoded>\n";
print "\t\t<media:title> $title </media:title>\n";
print "\t\t<media:description type=\"plain\">\n";
echo "\t\t\t\t$caption - $keywords\n";
print "\t\t</media:description>\n";
print "\t\t<media:keywords>$keywords</media:keywords>\n";
print "\t\t<media:content url=\"$albumpath$filepath$filename\" width=\"$width\" height=\"$height\" type=\"". getmime($filename) ."\" />\n";
print "\t\t<media:thumbnail url=\"$albumpath$filepath" . "thumb_$filename\" />\n";
print "\t\t<photo:imgsrc>$albumpath$filepath$filename</photo:imgsrc>\n";
print "\t\t<photo:thumbnail>$albumpath$filepath" . "thumb_$filename</photo:thumbnail>\n";
print "\t\t<enclosure length=\"$fsize\" url=\"$albumpath$filepath" . "$filename\" type=\"". getmime($filename) ."\" />\n";
print "\t</item>\n";
}
print "</channel>";
print "</rss>";
}
function atom10() {
global $result,$base,$gallery_name,$author_email,$albumpath;
global $atitle;
global $FORBIDDEN_SET_DATA;
print "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n";
print "<feed xmlns=\"http://www.w3.org/2005/Atom\">\n";
print "<title>$atitle</title>\n";
print "<link href=\"$base\" />\n";
if (isset($TheAlbum))
{
print "<link href=\"$base/thumbnails.php?album=$TheAlbum\" />\n";
}
else
{
print "<link href=\"$base\" />\n";
}
print "<updated>" . rfc3339date(time()) . "</updated>\n";
print "<author><name>Mypapit CPG RSS-Plugin http://mypapit.net/</name></author>\n";
print "<id>$base/</id>\n";
print "<generator uri=\"http://mypapit.net/\" version=\"1.0\">Coppermine 1.3.x xfeed mod</generator>\n";
print "<link rel=\"self\" type=\"application/atom+xml\" href=\"$base" . $_SERVER["PHP_SELF"] . "?type=atom\" />";
while (list($pid, $aid,$caption, $ctime, $title, $keywords,$filepath,$filename, $owner, $fsize,$width, $height) = mysql_fetch_row($result)) {
print "\t<entry>\n";
print "\t\t<title>$title</title>\n";
print "\t\t<link href=\"$base/displayimage.php?pos=-$pid\" />\n";
print "\t\t<id>$base/displayimage.php?pos=-$pid</id>\n";
print "\t\t<updated>" . rfc3339date($ctime) . "</updated>\n";
print "\t\t<summary type=\"xhtml\">";
print "\t\t<div xmlns=\"http://www.w3.org/1999/xhtml\">\n";
echo htmlentities("<p><img src=\"$albumpath$filepath" . "thumb_$filename\" alt=\"\" /> </p><p>$caption </p><p>$keywords</p>");
print "\t\t</div></summary>\n";
print "\t</entry>\n";
}
print "</feed>";
}
?>