aboutsummaryrefslogtreecommitdiffstats
path: root/picture.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--picture.php80
1 files changed, 76 insertions, 4 deletions
diff --git a/picture.php b/picture.php
index 84dd43c04..d4cde5ed7 100644
--- a/picture.php
+++ b/picture.php
@@ -41,10 +41,82 @@ $page['rank_of'] = array_flip($page['items']);
// displayed, and execution is stopped
if ( !isset($page['rank_of'][$page['image_id']]) )
{
- page_not_found(
- 'The requested image does not belong to this image set',
- duplicate_index_url()
- );
+ $query = '
+SELECT id, file, level
+ FROM '.IMAGES_TABLE.'
+ WHERE ';
+ if ($page['image_id']>0)
+ {
+ $query .= 'id = '.$page['image_id'];
+ }
+ else
+ {// url given by file name
+ assert( !empty($page['image_file']) );
+ $query .= 'file LIKE "' . $page['image_file'] . '.%" ESCAPE "|" LIMIT 1';
+ }
+ if ( ! ( $row = mysql_fetch_array(pwg_query($query)) ) )
+ {// element does not exist
+ page_not_found( 'The requested image does not exist',
+ duplicate_index_url()
+ );
+ }
+ if ($row['level']>$user['level'])
+ {
+ access_denied();
+ }
+ list($page['image_id'], $page['image_file']) = $row;
+ if ( !isset($page['rank_of'][$page['image_id']]) )
+ {// the image can still be non accessible (filter/cat perm) and/or not in the set
+ global $filter;
+ if ( !empty($filter['visible_images']) and
+ !in_array($page['image_id'], explode(',',$filter['visible_images']) ) )
+ {
+ page_not_found( 'The requested image is filtered',
+ duplicate_index_url()
+ );
+ }
+ if ('categories'==$page['section'] and !isset($page['category']) )
+ {// flat view - all items
+ access_denied();
+ }
+ else
+ {// try to see if we can access it differently
+ $query = '
+SELECT id
+ FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id
+ WHERE id='.$page['image_id']
+ . get_sql_condition_FandF(
+ array('forbidden_categories' => 'category_id'),
+ " AND"
+ ).'
+ LIMIT 1';
+ if ( mysql_num_rows( pwg_query($query) ) == 0 )
+ {
+ access_denied();
+ }
+ else
+ {
+ if ('best_rated'==$page['section'])
+ {
+ $page['rank_of'][$page['image_id']] = count($page['items']);
+ array_push($page['items'], $page['image_id'] );
+ }
+ else
+ {
+ $url = make_picture_url(
+ array(
+ 'image_id' => $page['image_id'],
+ 'image_file' => $page['image_file'],
+ 'section' => 'categories',
+ 'flat' => true,
+ )
+ );
+ set_status_header( 'recent_pics'==$page['section'] ? 301 : 302);
+ redirect_http( $url );
+ }
+ }
+ }
+ }
}
// There is cookie, so we must handle it at the beginning