In thumbnails.php, find
if ($breadcrumb) {
if (strpos($CONFIG['main_page_layout'], 'breadcrumb') !== false) {
theme_display_breadcrumb($breadcrumb, $cat_data);
}
theme_display_cat_list($breadcrumb, $cat_data, '');
}
/**
* Function to draw the password box if the album is password protected
*/
function form_albpw()
{
global $lang_thumb_view, $CURRENT_ALBUM_DATA;
$superCage = Inspekt::makeSuperCage();
starttable('-1', $lang_thumb_view['enter_alb_pass'], 2);
if ($superCage->post->keyExists('validate_album')) {
$login_failed = "<tr><td class='tableh2' colspan='2' align='center'>
<span style='color:red'>{$lang_thumb_view['invalid_pass']}</span></td></tr>
";
}
if (!empty($CURRENT_ALBUM_DATA['alb_password_hint'])) {
echo <<<EOT
<tr>
<td colspan="2" align="center" class="tableb">{$CURRENT_ALBUM_DATA['alb_password_hint']}</td>
</tr>
EOT;
}
echo <<<EOT
$login_failed
<tr>
<form name="cpgform" id="cpgform" method="post" action="">
<input type="hidden" name="validate_album" value="validate_album"/>
<td class="tableb" width="40%">{$lang_thumb_view['pass']}: </td>
<td class="tableb" width="60%"><input type="password" class="textinput" name="password" /></td>
</tr>
<tr>
<td class="tablef" colspan="2" align="center"><input type="submit" class="button" name="submit" value={$lang_thumb_view['submit']} />
</form>
</tr>
EOT;
endtable();
}
$valid = false; //flag to test whether the album is validated.
if ($CONFIG['allow_private_albums'] == 0 || !in_array($album, $FORBIDDEN_SET_DATA)) {
$valid = true;
} elseif ($superCage->post->keyExists('validate_album')) {
$password = md5($superCage->post->getEscaped('password'));
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE alb_password = '$password' AND aid = $album";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$albpw = $superCage->cookie->getEscaped($CONFIG['cookie_name'] . '_albpw');
if (!empty($albpw)) {
$albpw = unserialize($albpw);
}
$albpw[$album] = $password;
$alb_cookie_str = serialize($albpw);
setcookie($CONFIG['cookie_name'] . "_albpw", $alb_cookie_str);
get_private_album_set($album);
$valid = true;
} else {
// Invalid password
$valid = false;
}
} else {
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = $album AND alb_password != ''";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
// This album has a password.
// Check whether the cookie is set for the current albums password
$albpw = $superCage->cookie->getEscaped($CONFIG['cookie_name'] . '_albpw');
if (!empty($albpw)) {
$alb_pw = unserialize($albpw);
// Check whether the alubm id in the cookie is same as that of the album id send by get
if (isset($alb_pw[$album])) {
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE alb_password = '{$alb_pw[$album]}' AND aid = $album";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$valid = true; //The album password is correct. Show the album details.
get_private_album_set();
}
}
}
} else {
// Album with no password. Might be a private or normal album. Just set valid as true.
$valid = true;
}
}
CPGPluginAPI::filter('post_breadcrumb', null);
if (!$valid) {
form_albpw();
} else {
display_thumbnails($album, (isset($cat) ? $cat : 0), $page, $CONFIG['thumbcols'], $CONFIG['thumbrows'], true);
}
and replace with
/**
* Function to draw the password box if the album is password protected
*/
function form_albpw()
{
global $lang_thumb_view, $CURRENT_ALBUM_DATA;
$superCage = Inspekt::makeSuperCage();
starttable('-1', $lang_thumb_view['enter_alb_pass'], 2);
if ($superCage->post->keyExists('validate_album')) {
$login_failed = "<tr><td class='tableh2' colspan='2' align='center'>
<span style='color:red'>{$lang_thumb_view['invalid_pass']}</span></td></tr>
";
}
if (!empty($CURRENT_ALBUM_DATA['alb_password_hint'])) {
echo <<<EOT
<tr>
<td colspan="2" align="center" class="tableb">{$CURRENT_ALBUM_DATA['alb_password_hint']}</td>
</tr>
EOT;
}
echo <<<EOT
$login_failed
<tr>
<form name="cpgform" id="cpgform" method="post" action="">
<input type="hidden" name="validate_album" value="validate_album"/>
<td class="tableb" width="40%">{$lang_thumb_view['pass']}: </td>
<td class="tableb" width="60%"><input type="password" class="textinput" name="password" /></td>
</tr>
<tr>
<td class="tablef" colspan="2" align="center"><input type="submit" class="button" name="submit" value={$lang_thumb_view['submit']} />
</form>
</tr>
EOT;
endtable();
}
$valid = false; //flag to test whether the album is validated.
if ($CONFIG['allow_private_albums'] == 0 || !in_array($album, $FORBIDDEN_SET_DATA)) {
$valid = true;
} elseif ($superCage->post->keyExists('validate_album')) {
$password = md5($superCage->post->getEscaped('password'));
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE alb_password = '$password' AND aid = $album";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$albpw = $superCage->cookie->getEscaped($CONFIG['cookie_name'] . '_albpw');
if (!empty($albpw)) {
$albpw = unserialize($albpw);
}
$albpw[$album] = $password;
$alb_cookie_str = serialize($albpw);
setcookie($CONFIG['cookie_name'] . "_albpw", $alb_cookie_str);
get_private_album_set($album);
$valid = true;
} else {
// Invalid password
$valid = false;
}
} else {
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = $album AND alb_password != ''";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
// This album has a password.
// Check whether the cookie is set for the current albums password
$albpw = $superCage->cookie->getEscaped($CONFIG['cookie_name'] . '_albpw');
if (!empty($albpw)) {
$alb_pw = unserialize($albpw);
// Check whether the alubm id in the cookie is same as that of the album id send by get
if (isset($alb_pw[$album])) {
$sql = "SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE alb_password = '{$alb_pw[$album]}' AND aid = $album";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$valid = true; //The album password is correct. Show the album details.
get_private_album_set();
}
}
}
} else {
// Album with no password. Might be a private or normal album. Just set valid as true.
$valid = true;
}
}
if ($breadcrumb) {
if (strpos($CONFIG['main_page_layout'], 'breadcrumb') !== false && $valid) {
theme_display_breadcrumb($breadcrumb, $cat_data);
}
theme_display_cat_list($breadcrumb, $cat_data, '');
}
CPGPluginAPI::filter('post_breadcrumb', null);
if (!$valid) {
form_albpw();
} else {
display_thumbnails($album, (isset($cat) ? $cat : 0), $page, $CONFIG['thumbcols'], $CONFIG['thumbrows'], true);
}