diff -ru cpg149-ORIG/albmgr.php cpg149/albmgr.php
--- cpg149-ORIG/albmgr.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/albmgr.php	2006-10-02 14:19:38.000000000 -0400
@@ -51,11 +51,11 @@
 {
     global $CONFIG, $CAT_LIST;
 
-    $result = cpg_db_query("SELECT cid, name, description FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos");
+    $result = cpg_db_query("SELECT cid, name, description, owner_id FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos");
     if (mysql_num_rows($result) > 0) {
         $rowset = cpg_db_fetch_rowset($result);
         foreach ($rowset as $subcat) {
-            $CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name']);
+            $CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name'], $subcat['owner_id']);
             alb_get_subcat_data($subcat['cid'], $ident . '&nbsp;&nbsp;&nbsp;');
         }
     }
@@ -337,13 +337,13 @@
 ?>
 <tr>
 <?php
-$cat = isset($_GET['cat']) ? ($_GET['cat']) : 0;
+$cat = isset($_GET['cat']) ? ($_GET['cat']) : (USER_ID + FIRST_USER_CAT);
 if ($cat == 1) $cat = 0;
 
 if (GALLERY_ADMIN_MODE) {
     $result = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = $cat ORDER BY pos ASC");
 } elseif (USER_ADMIN_MODE) {
-    $result = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (USER_ID + FIRST_USER_CAT) . " ORDER BY pos ASC");
+    $result = cpg_db_query("SELECT DISTINCT t1.aid, t1.title FROM {$CONFIG['TABLE_ALBUMS']} t1, {$CONFIG['TABLE_CATEGORIES']} t2 WHERE ($cat> " . FIRST_USER_CAT . " AND t1.category = " . (USER_ID + FIRST_USER_CAT) . ") OR (t1.category=$cat AND t1.category=t2.cid AND t2.owner_id=" . USER_ID . ") ORDER BY t1.pos ASC");
 } else cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
 $rowset = cpg_db_fetch_rowset($result);
 $i = 100;
@@ -360,29 +360,34 @@
                 <br />
                 <table width="300" border="0" cellspacing="0" cellpadding="0">
 <?php
+
+$CAT_LIST = array();
+$CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_albmgr_php['my_gallery']);
 if (GALLERY_ADMIN_MODE) {
-    $CAT_LIST = array();
-    $CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_albmgr_php['my_gallery']);
     $CAT_LIST[] = array(0, $lang_albmgr_php['no_category']);
-    alb_get_subcat_data(0, '');
+}
+alb_get_subcat_data(0, '');
 
-    echo <<<EOT
+echo <<<EOT
                 <tr>
                         <td>
                                 <b>{$lang_albmgr_php['select_category']}</b>
                                 <select onChange="if(this.options[this.selectedIndex].value) window.location.href='{$_SERVER['PHP_SELF']}?cat='+this.options[this.selectedIndex].value;"  name="cat" class="listbox">
 EOT;
-    foreach($CAT_LIST as $category) {
+foreach($CAT_LIST as $category) {
+    if (GALLERY_ADMIN_MODE || $category[2] == USER_ID || $category[0] == FIRST_USER_CAT + USER_ID) {
         echo '                                <option value="' . $category[0] . '"' . ($cat == $category[0] ? ' selected': '') . ">" . $category[1] . "</option>\n";
+    } else {
+        echo '                                <optgroup label="' . $category[1] . '"></optgroup>\n"';
     }
-    echo <<<EOT
+}
+echo <<<EOT
                                 </select>
                                 <br /><br />
                         </td>
                 </tr>
 
 EOT;
-}
 
 ?>
                 <tr>
diff -ru cpg149-ORIG/catmgr.php cpg149/catmgr.php
--- cpg149-ORIG/catmgr.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/catmgr.php	2006-10-02 15:08:15.000000000 -0400
@@ -26,7 +26,7 @@
 
 //ob_end_flush(); //commented out, as it doesn't seem to do anything particularly helpful
 
-if (!GALLERY_ADMIN_MODE) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
+if (!(GALLERY_ADMIN_MODE || USER_ADMIN_MODE)) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
 // Fix categories that have an invalid parent
 function fix_cat_table()
 {
@@ -51,7 +51,7 @@
     $sort_query = 'pos';
     }
 
-    $sql = "SELECT cid, name, description " . "FROM {$CONFIG['TABLE_CATEGORIES']} " . "WHERE parent = '$parent' " . "ORDER BY $sort_query";
+    $sql = "SELECT cid, name, description, owner_id " . "FROM {$CONFIG['TABLE_CATEGORIES']} " . "WHERE parent = '$parent' " . "ORDER BY $sort_query";
     $result = cpg_db_query($sql);
 
     if (($cat_count = mysql_num_rows($result)) > 0) {
@@ -64,14 +64,16 @@
                     'pos' => $pos++,
                     'prev' => $prev_cid,
                     'cat_count' => $cat_count,
-                    'name' => $ident . $subcat['name']);
+                    'name' => $ident . $subcat['name'],
+                    'owner_id' => $subcat['owner_id']);
                 $CAT_LIST[$last_index]['next'] = $subcat['cid'];
             } else {
                 $CAT_LIST[] = array('cid' => $subcat['cid'],
                     'parent' => $parent,
                     'pos' => $pos++,
                     'cat_count' => $cat_count,
-                    'name' => $ident . $subcat['name']);
+                    'name' => $ident . $subcat['name'],
+                    'owner_id' => $subcat['owner_id']);
             }
             $prev_cid = $subcat['cid'];
             $last_index = count($CAT_LIST) -1;
@@ -103,11 +105,21 @@
 
 EOT;
     }
-    $lb .= '                        <option value="0"' . ($highlight == 0 ? ' selected': '') . '>' . $lang_albmgr_php['no_category'] . "</option>\n";
-    foreach($CAT_LIST as $category) if ($category['cid'] != 1 && $category['cid'] != $curr_cat) {
-        $lb .= '                        <option value="' . $category['cid'] . '"' . ($highlight == $category['cid'] ? ' selected': '') . ">" . $category['name'] . "</option>\n";
-    } elseif ($category['cid'] != 1 && $category['cid'] == $curr_cat) {
-        $lb .= '                        <option value="' . $category['parent'] . '"' . ($highlight == $category['cid'] ? ' selected': '') . ">" . $category['name'] . "</option>\n";
+    
+    if (GALLERY_ADMIN_MODE) {
+        $lb .= '                        <option value="0"' . ($highlight == 0 ? ' selected': '') . '>' . $lang_albmgr_php['no_category'] . "</option>\n";
+    } else {
+        $lb .= '                        <option value="0"' . ($highlight == 0 ? ' selected': '') . '>' . $lang_albmgr_php['no_user_category'] . "</option>\n";
+    }
+
+    foreach($CAT_LIST as $category) {
+        if (!(GALLERY_ADMIN_MODE || $category['owner_id'] == USER_ID)) {
+            $lb .= '                        <optgroup label="' . $category['name'] .'"></optgroup>\n"';
+        } elseif ($category['cid'] != 1 && $category['cid'] != $curr_cat) {
+            $lb .= '                        <option value="' . $category['cid'] . '"' . ($highlight == $category['cid'] ? ' selected': '') . ">" . $category['name'] . "</option>\n";
+        } elseif ($category['cid'] != 1 && $category['cid'] == $curr_cat) {
+            $lb .= '                        <option value="' . $category['parent'] . '"' . ($highlight == $category['cid'] ? ' selected': '') . ">" . $category['name'] . "</option>\n";
+        }
     }
 
     $lb .= <<<EOT
@@ -197,6 +209,9 @@
     $CAT_LIST3 = $CAT_LIST;
 
     foreach ($CAT_LIST3 as $key => $category) {
+        if (!(GALLERY_ADMIN_MODE || $category['owner_id'] == USER_ID))
+            continue;
+
         echo "        <tr>\n";
         echo '                <td class="tableb" width="80%"><b>' . $category['name'] . '</b></td>' . "\n";
 
@@ -218,7 +233,7 @@
             echo '                <td class="tableb" width="4%">' . '&nbsp;' . '</td>' . "\n";
         }
 
-        echo '                <td class="tableb" width="4%">' . '<a href="' . $_SERVER['PHP_SELF'] . '?op=editcat&amp;cid=' . $category['cid'] . '">' . '<img src="images/edit.gif" border="0" alt="" />' . '</a></td>' . "\n";
+        echo '                <td class="tableb" width="4%">' . '<a href="' . $_SERVER['PHP_SELF'] . '?op=editcat&amp;cid=' . $category['cid'] . '&amp;owner_id=' . $category['owner_id'] . '">' . '<img src="images/edit.gif" border="0" alt="" />' . '</a></td>' . "\n";
         echo '                <td class="tableb" width="4%">' . "\n" . cat_list_box($category['parent'], $category['cid']) . "\n" . '</td>' . "\n";
         echo "        </tr>\n";
     }
@@ -242,6 +257,26 @@
         return false;
 }
 
+function cat_owner_box($curr_owner)
+{
+    global $CONFIG;
+
+    $result = cpg_db_query("SELECT user_name, user_id FROM {$CONFIG['TABLE_USERS']} ORDER BY user_name");
+    $rowset = cpg_db_fetch_rowset($result);
+    $html = '    <select name="owner_id" class="listbox">' . "\n";
+    $html .= '                    <option value="0">Administrator</option>' . "\n"; 
+
+    foreach ($rowset as $user) {
+        $html .= '                    <option value="' . $user['user_id'] . '"'; 
+        if ($user['user_id']==$curr_owner)
+            $html .= ' selected';
+
+        $html .= '>' . $user['user_name'] . "</option>\n";
+    }
+
+    $html .= "                    </select>";
+    return $html;
+}
 
 if (isset($_POST['update_config'])) {
     $value = $_POST['categories_alpha_sort'];
@@ -271,6 +306,12 @@
         $pos1 = (int)$_GET['pos1'];
         $pos2 = (int)$_GET['pos2'];
 
+
+        if (!(GALLERY_ADMIN_MODE || verify_cat_owner($cid1, $cid2))) {
+            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+            break;
+        }
+
         cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET pos='$pos1' WHERE cid = '$cid1' LIMIT 1");
         cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET pos='$pos2' WHERE cid = '$cid2' LIMIT 1");
         break;
@@ -280,19 +321,30 @@
 
         $cid = (int)$_GET['cid'];
         $parent = (int)$_GET['parent'];
-                $children=array();
-                verify_children($cid, $cid);
-                if (!in_array($parent, $children)){
-                cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET parent='$parent', pos='-1' WHERE cid = '$cid' LIMIT 1");
-                }else{
-                        cpg_die(ERROR, "You cannot move a category into its own child", __FILE__, __LINE__);
-                }
-                break;
+        
+        if (!(GALLERY_ADMIN_MODE || verify_cat_owner($cid, $parent))) {
+            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+            break;
+        }
+
+        $children=array();
+        verify_children($cid, $cid);
+        if (!in_array($parent, $children)){
+            cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET parent='$parent', pos='-1' WHERE cid = '$cid' LIMIT 1");
+        }else{
+            cpg_die(ERROR, "You cannot move a category into its own child", __FILE__, __LINE__);
+        }
+        break;
 
     case 'editcat':
         if (!isset($_GET['cid'])) cpg_die(CRITICAL_ERROR, sprintf($lang_catmgr_php['miss_param'], 'editcat'), __FILE__, __LINE__);
 
         $cid = (int)$_GET['cid'];
+
+        if (!(GALLERY_ADMIN_MODE || verify_cat_owner($cid))) {
+            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+            break;
+        }
         $result = cpg_db_query("SELECT cid, name, parent, description, thumb FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '$cid' LIMIT 1");
 
         if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_catmgr_php['unknown_cat'], __FILE__, __LINE__);
@@ -309,17 +361,32 @@
 
 
         $cid = (int)$_POST['cid'];
+        
+        if (!(GALLERY_ADMIN_MODE || verify_cat_owner($cid))) {
+            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+            break;
+        }
+
         $parent = (int)$_POST['parent'];
         $thumb = (int)$_POST['thumb'];
         $name = trim($_POST['name']) ? addslashes($_POST['name']) : '&lt;???&gt;';
         $description = addslashes($_POST['description']);
-                $children=array();
-                verify_children($cid, $cid);
-                if (!in_array($parent, $children)){
+        $children=array();
+        verify_children($cid, $cid);
+        if (GALLERY_ADMIN_MODE && isset($_POST['owner_id'])){
+            $owner_id=$_POST['owner_id'];
+            if (!in_array($parent, $children)){
+                cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET parent='$parent', name='$name', description='$description', thumb='$thumb', owner_id='$owner_id' WHERE cid = '$cid' LIMIT 1");
+            }else{
+                cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET name='$name', description='$description', thumb='$thumb', owner_id='$owner_id' WHERE cid = '$cid' LIMIT 1");
+            }
+        } else {
+            if (!in_array($parent, $children)){
                 cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET parent='$parent', name='$name', description='$description', thumb='$thumb' WHERE cid = '$cid' LIMIT 1");
-                }else{
-                        cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET name='$name', description='$description', thumb='$thumb' WHERE cid = '$cid' LIMIT 1");
-                }
+            }else{
+                cpg_db_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET name='$name', description='$description', thumb='$thumb' WHERE cid = '$cid' LIMIT 1");
+            }
+        }
         break;
 
     case 'createcat':
@@ -333,10 +400,20 @@
 
 
                 $parent = (int)$_POST['parent'];
+        
+        if (!(GALLERY_ADMIN_MODE || verify_cat_owner($parent))) {
+            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+            break;
+        }
+
         $name = trim($_POST['name']) ? addslashes($_POST['name']) : '&lt;???&gt;';
         $description = addslashes($_POST['description']);
 
-        cpg_db_query("INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, name, description) VALUES ('10000', '$parent', '$name', '$description')");
+        $query = "INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, name, description, owner_id) VALUES ('10000', '$parent', '$name', '$description', "; 
+        if (GALLERY_ADMIN_MODE && isset($_POST['owner_id'])) 
+            cpg_db_query($query . "{$_POST['owner_id']})");
+        else
+            cpg_db_query($query . USER_ID . ")");
         break;
 
     case 'deletecat':
@@ -344,6 +421,17 @@
 
         $cid = (int)$_GET['cid'];
 
+        if (!(GALLERY_ADMIN_MODE || verify_cat_owner($cid))) {
+            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+            break;
+        }
+
+        $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='$cid'");
+        if (mysql_num_rows($result)) {
+            cpg_die(ERROR, $lang_catmgr_php['cat_not_empty'], __FILE__, __LINE__);
+            break;
+        }
+
         $result = cpg_db_query("SELECT parent FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '$cid' LIMIT 1");
         if ($cid == 1) cpg_die(ERROR, $lang_catmgr_php['usergal_cat_ro'], __FILE__, __LINE__);
         if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_catmgr_php['unknown_cat'], __FILE__, __LINE__);
@@ -429,6 +517,8 @@
 
 starttable('100%', $lang_catmgr_php['update_create'], 2);
 $lb = cat_list_box($current_category['parent'], $current_category['cid'], false);
+$owner_id = isset($_GET['owner_id']) ? $_GET['owner_id'] : -1;
+$owner_box=cat_owner_box($owner_id);
 $op = $current_category['cid'] ? 'updatecat' : 'createcat';
 if ($CONFIG['show_bbcode_help']) {$description_help .= '&nbsp;'. cpg_display_help('f=index.html&amp;base=64&amp;h='.urlencode(base64_encode(serialize($lang_bbcode_help_title))).'&amp;t='.urlencode(base64_encode(serialize($lang_bbcode_help))),470,245);}
 echo <<<EOT
@@ -442,6 +532,22 @@
                 $lb
                 </td>
         </tr>
+EOT;
+if (GALLERY_ADMIN_MODE) {
+    echo <<<EOT
+        <input type="hidden" name="owner_id" />
+        <tr>
+            <td width="40%" class="tableb">
+                        {$lang_catmgr_php['cat_owner']}
+        </td>
+        <td width="60%" class="tableb" valign="top">
+                $owner_box
+                </td>
+        </tr>
+EOT;
+}
+       
+echo <<<EOT
         <tr>
             <td width="40%" class="tableb">
                         {$lang_catmgr_php['cat_title']}
@@ -476,4 +582,4 @@
 pagefooter();
 ob_end_flush();
 
-?>
\ No newline at end of file
+?>
diff -ru cpg149-ORIG/db_input.php cpg149/db_input.php
--- cpg149-ORIG/db_input.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/db_input.php	2006-10-01 04:32:11.000000000 -0400
@@ -197,9 +197,10 @@
 
         if (GALLERY_ADMIN_MODE) {
             $query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', category='$category', thumb='$thumb', uploads='$uploads', comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', alb_password_hint='$password_hint', keyword='$keyword' WHERE aid='$aid' LIMIT 1";
+        } else if (verify_cat_owner($category) || $category == FIRST_USER_CAT + USER_ID) {
+            $query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', category='$category', thumb='$thumb',  comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', alb_password_hint='$password_hint',keyword='$keyword' WHERE aid='$aid' LIMIT 1";
         } else {
-            $category = FIRST_USER_CAT + USER_ID;
-            $query = "UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='$title', description='$description', thumb='$thumb',  comments='$comments', votes='$votes', visibility='$visibility', alb_password='$password', alb_password_hint='$password_hint',keyword='$keyword' WHERE aid='$aid' AND category='$category' LIMIT 1";
+            cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
         }
 
         $update = cpg_db_query($query);
diff -ru cpg149-ORIG/delete.php cpg149/delete.php
--- cpg149-ORIG/delete.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/delete.php	2006-10-02 14:48:25.000000000 -0400
@@ -148,7 +148,8 @@
     $album_data = mysql_fetch_array($result);
 
     if (!GALLERY_ADMIN_MODE) {
-        if ($album_data['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+        $category=$album_data['category'];
+        if (!(verify_cat_owner($category) || $category == FIRST_USER_CAT + USER_ID)) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
     }
 
     $query = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='$aid'";
@@ -281,18 +282,27 @@
                 case '0':
                     break;
                 case '1':
-                    if (GALLERY_ADMIN_MODE) {
-                        $category = (int)$_POST['cat'];
-                    } else {
-                        $category = FIRST_USER_CAT + USER_ID;
+                    $category = (int)$_POST['cat'];
+                    if (!(GALLERY_ADMIN_MODE 
+                          || verify_cat_owner($category) 
+                          || ($category == FIRST_USER_CAT + USER_ID))) {
+                        cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+                        break;
                     }
                     echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['create_alb'], $op['album_nm']) . "</td></tr>\n";
                     $query = "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('$category', '" . addslashes($op['album_nm']) . "', 'NO',  '{$op['album_sort']}')";
                     cpg_db_query($query);
                     break;
                 case '2':
+                    $category = (int)$_POST['cat'];
+                    if (!(GALLERY_ADMIN_MODE 
+                          || verify_cat_owner($category) 
+                          || ($category == FIRST_USER_CAT + USER_ID))) {
+                        cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
+                        break;
+                    }
                     echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf($lang_delete_php['update_alb'], $op['album_no'], $op['album_nm'], $op['album_sort']) . "</td></tr>\n";
-                    $query = "UPDATE $CONFIG[TABLE_ALBUMS] SET title='" . addslashes($op['album_nm']) . "', pos='{$op['album_sort']}' WHERE aid='{$op['album_no']}' $restrict LIMIT 1";
+                    $query = "UPDATE $CONFIG[TABLE_ALBUMS] SET title='" . addslashes($op['album_nm']) . "', pos='{$op['album_sort']}' WHERE aid='{$op['album_no']}' LIMIT 1";
                     cpg_db_query($query);
                     break;
                 default:
diff -ru cpg149-ORIG/include/functions.inc.php cpg149/include/functions.inc.php
--- cpg149-ORIG/include/functions.inc.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/include/functions.inc.php	2006-10-02 15:00:21.000000000 -0400
@@ -2995,4 +2995,27 @@
   $query = "DELETE FROM {$CONFIG['TABLE_VOTE_STATS']} WHERE $clause";
   cpg_db_query($query);
 }
-?>
\ No newline at end of file
+
+function verify_cat_owner($cid1, $cid2=-99)
+{
+    global $CONFIG;
+
+    $result = cpg_db_query("SELECT owner_id FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '$cid1' || cid = '$cid2'");
+    $count=mysql_num_rows($result);
+    
+    if(!$count) {
+        return false;
+    } else if (($cid2 >= 0) && ($count != 2)) {
+        return false;
+    }
+    
+    while($row=cpg_db_fetch_row($result)) {
+        if ($row["owner_id"]!=USER_ID) {
+            return false;
+        }
+    }
+
+    return true;
+}
+
+?>
diff -ru cpg149-ORIG/index.php cpg149/index.php
--- cpg149-ORIG/index.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/index.php	2006-10-02 13:40:54.000000000 -0400
@@ -536,7 +536,7 @@
             $alb_list[$alb_idx]['last_upl'] = $last_upload_date;
             $alb_list[$alb_idx]['link_pic_count'] = $link_pic_count;
             $alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 ) ? sprintf(", {$lang_list_albums['n_link_pictures']},  {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
-            $alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT)) ? html_albummenu($alb_thumb['aid']) : ' ';
+            $alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT) || verify_cat_owner($cat)) ? html_albummenu($alb_thumb['aid']) : ' ';
         } elseif ($CONFIG['show_private']) { // uncomment this else block to show private album description
             $last_upload_date = $count ? localised_date($alb_stat['last_upload'], $lastup_date_fmt) : '';
             $link_pic_count = !empty($alb_stat['link_pic_count']) ? $alb_stat['link_pic_count'] : 0;
@@ -547,7 +547,7 @@
             $alb_list[$alb_idx]['last_upl'] = $last_upload_date;
             $alb_list[$alb_idx]['link_pic_count'] = $link_pic_count;
             $alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 ) ? sprintf(", {$lang_list_albums['n_link_pictures']},   {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
-            $alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT)) ? html_albummenu($alb_thumb['aid']) : ' ';
+            $alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT) || verify_cat_owner($cat)) ? html_albummenu($alb_thumb['aid']) : ' ';
         }
     }
 
@@ -695,7 +695,7 @@
             $alb_list[$alb_idx]['pic_count'] = $count;
             $alb_list[$alb_idx]['last_upl'] = $last_upload_date;
             $alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0)  ? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
-            $alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT)) ? html_albummenu($alb_thumb['aid']) : '';
+            $alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT) || verify_cat_owner($cat)) ? html_albummenu($alb_thumb['aid']) : '';
         } elseif ($CONFIG['show_private']) { // uncomment this else block to show private album description
             $last_upload_date = $count ? localised_date($alb_stat['last_upload'], $lastup_date_fmt) : '';
             $link_pic_count = !empty($alb_stat['link_pic_count']) ? $alb_stat['link_pic_count'] : 0;
@@ -705,7 +705,7 @@
             $alb_list[$alb_idx]['pic_count'] = $count;
             $alb_list[$alb_idx]['last_upl'] = $last_upload_date;
             $alb_list[$alb_idx]['album_info'] = sprintf($lang_list_albums['n_pictures'], $count) . ($count ? sprintf($lang_list_albums['last_added'], $last_upload_date) : "") . (($CONFIG['link_pic_count'] && $link_pic_count > 0 )? sprintf(", {$lang_list_albums['n_link_pictures']}, {$lang_list_albums['total_pictures']}", $link_pic_count, $count + $link_pic_count) : "");
-            $alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT)) ? html_albummenu($alb_thumb['aid']) : '';
+            $alb_list[$alb_idx]['album_adm_menu'] = (GALLERY_ADMIN_MODE || (USER_ADMIN_MODE && $cat == USER_ID + FIRST_USER_CAT) || verify_cat_owner($cat)) ? html_albummenu($alb_thumb['aid']) : '';
         }
     }
     ob_start();
@@ -862,4 +862,4 @@
     $result = cpg_db_query("UPDATE {$CONFIG['TABLE_CONFIG']} SET value = '" . time() . "' WHERE name = 'randpos_interval'");
 }
 */
-?>
\ No newline at end of file
+?>
diff -ru cpg149-ORIG/lang/english.php cpg149/lang/english.php
--- cpg149-ORIG/lang/english.php	2006-09-26 19:34:26.000000000 -0400
+++ cpg149/lang/english.php	2006-10-01 06:08:25.000000000 -0400
@@ -398,6 +398,7 @@
   'alb_mrg' => 'Album Manager',
   'my_gallery' => '* My gallery *',
   'no_category' => '* No category *',
+  'no_user_category' => '* Click to Choose *',
   'delete' => 'Delete',
   'new' => 'New',
   'apply_modifs' => 'Apply modifications',
@@ -564,6 +565,7 @@
   'miss_param' => 'Parameters required for \'%s\'operation not supplied !',
   'unknown_cat' => 'Selected category does not exist in database',
   'usergal_cat_ro' => 'User galleries category can\'t be deleted !',
+  'cat_not_empty' => 'Category not empty (still contains albums)',
   'manage_cat' => 'Manage categories',
   'confirm_delete' => 'Are you sure you want to DELETE this category', //js-alert
   'category' => 'Category',
@@ -574,6 +576,7 @@
   'cat_title' => 'Category title',
   'cat_thumb' => 'Category thumbnail',
   'cat_desc' => 'Category description',
+  'cat_owner' => 'Category owner',
   'categories_alpha_sort' => 'Sort categories alphabetically (instead of custom sort order)', //cpg1.4
   'save_cfg' => 'Save configuration', //cpg1.4
 );
@@ -1375,6 +1378,7 @@
   'can_post_comments' => 'Visitors can post comments',
   'can_rate' => 'Visitors can rate files',
   'user_gal' => 'User Gallery',
+  'my_gallery' => '* My gallery *',
   'no_cat' => '* No category *',
   'alb_empty' => 'Album is empty',
   'last_uploaded' => 'Last uploaded',
@@ -2106,4 +2110,4 @@
   'link' => 'this link', //cpg1.4
 );
 }
-?>
\ No newline at end of file
+?>
diff -ru cpg149-ORIG/modifyalb.php cpg149/modifyalb.php
--- cpg149-ORIG/modifyalb.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/modifyalb.php	2006-10-02 14:53:01.000000000 -0400
@@ -58,11 +58,11 @@
 {
     global $CONFIG, $CAT_LIST;
 
-    $result = cpg_db_query("SELECT cid, name, description FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos");
+    $result = cpg_db_query("SELECT cid, name, description, owner_id FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos");
     if (mysql_num_rows($result) > 0) {
         $rowset = cpg_db_fetch_rowset($result);
         foreach ($rowset as $subcat) {
-            $CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name']);
+            $CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name'], $subcat['owner_id']);
             get_subcat_data($subcat['cid'], $ident . '&nbsp;&nbsp;&nbsp;');
         }
     }
@@ -131,23 +131,12 @@
 {
     global $ALBUM_DATA, $CAT_LIST, $USER_DATA, $lang_modifyalb_php;
 
-    if (!GALLERY_ADMIN_MODE || $ALBUM_DATA['category'] > FIRST_USER_CAT) {
-        echo <<<EOT
-        <tr>
-            <td class="tableb">
-                        $text
-        </td>
-        <td class="tableb" valign="top">
-                        <i>{$lang_modifyalb_php['user_gal']}</i>
-                        <input type="hidden" name="$name" value="{$ALBUM_DATA['category']}" />
-                </td>
-
-EOT;
-        return;
-    }
-
     $CAT_LIST = array();
-    $CAT_LIST[] = array(0, $lang_modifyalb_php['no_cat']);
+    if (GALLERY_ADMIN_MODE)
+        $CAT_LIST[] = array(0, $lang_modifyalb_php['no_cat']);
+    
+    $CAT_LIST[] = array(FIRST_USER_CAT + USER_ID, $lang_modifyalb_php['my_gallery']);
+    
     get_subcat_data(0, '');
 
     echo <<<EOT
@@ -159,7 +148,11 @@
                         <select name="$name" class="listbox">
 EOT;
     foreach($CAT_LIST as $category) {
-        echo '                                <option value="' . $category[0] . '"' . ($ALBUM_DATA['category'] == $category[0] ? ' selected': '') . ">" . $category[1] . "</option>\n";
+        if (GALLERY_ADMIN_MODE || $category[2] == USER_ID || $category[0] == FIRST_USER_CAT + USER_ID) {
+            echo '                                <option value="' . $category[0] . '"' . ($ALBUM_DATA['category'] == $category[0] ? ' selected': '') . ">" . $category[1] . "</option>\n";
+        } else {
+            echo '                                <optgroup label="' . $category[1] . '"></optgroup>\n"';
+        }
     }
     echo <<<EOT
                         </select>
@@ -435,7 +428,7 @@
         while ($row = mysql_fetch_array($result)) $rowset[] = $row;
         mysql_free_result($result);
     } else {
-        $result = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = '" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
+        $result = cpg_db_query("SELECT DISTINCT t1.aid, t1.title FROM {$CONFIG['TABLE_ALBUMS']} t1, {$CONFIG['TABLE_CATEGORIES']} t2 WHERE t1.category = " . (USER_ID + FIRST_USER_CAT) . " OR (t1.category=t2.cid AND t2.owner_id=" . USER_ID . ") ORDER BY t1.title ASC");
         $rowset = cpg_db_fetch_rowset($result);
         mysql_free_result($result);
     }
@@ -455,7 +448,7 @@
     if (GALLERY_ADMIN_MODE) {
         $results = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_ALBUMS']} WHERE 1 LIMIT 1");
     } else {
-        $results = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " LIMIT 1");
+        $results = cpg_db_query("SELECT DISTINCT t1.* FROM {$CONFIG['TABLE_ALBUMS']} t1, {$CONFIG['TABLE_CATEGORIES']} t2 WHERE t1.category = " . (USER_ID + FIRST_USER_CAT) . " OR (t1.category=t2.cid AND t2.owner_id=" . USER_ID . ") ORDER BY t1.title ASC");
     }
     if (mysql_num_rows($results) == 0) cpg_die(ERROR, $lang_modifyalb_php['err_no_alb_to_modify'], __FILE__, __LINE__);
     $ALBUM_DATA = mysql_fetch_array($results);
@@ -470,7 +463,7 @@
 $cat = $ALBUM_DATA['category'];
 $actual_cat = $cat;
 
-if (!GALLERY_ADMIN_MODE && $ALBUM_DATA['category'] != FIRST_USER_CAT + USER_ID) {
+if (!(GALLERY_ADMIN_MODE || $ALBUM_DATA['category'] == FIRST_USER_CAT + USER_ID || verify_cat_owner($ALBUM_DATA['category']))) {
     cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
 }
 
diff -ru cpg149-ORIG/picmgr.php cpg149/picmgr.php
--- cpg149-ORIG/picmgr.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/picmgr.php	2006-10-01 04:56:03.000000000 -0400
@@ -85,7 +85,7 @@
 //                $sql = "SELECT aid, CONCAT('(', user_name, ') ', title) AS title " . "FROM {$CONFIG['TABLE_ALBUMS']} AS a " . "INNER JOIN {$CONFIG['TABLE_USERS']} AS u ON category = (" . FIRST_USER_CAT . " + user_id)";
                 $sql = $cpg_udb->get_admin_album_list();  //it's always bridged so we no longer need to check.
             } else {
-                $sql = "SELECT aid, title AS title FROM {$CONFIG['TABLE_ALBUMS']}  WHERE category = " . (FIRST_USER_CAT + USER_ID);
+                $sql = "SELECT DISTINCT t1.aid, t1.title FROM {$CONFIG['TABLE_ALBUMS']} t1, {$CONFIG['TABLE_CATEGORIES']} t2 WHERE t1.category = " . (USER_ID + FIRST_USER_CAT) . " OR (t1.category=t2.cid AND t2.owner_id=" . USER_ID . ")";
             }
 //       }
         $result = cpg_db_query($sql);
diff -ru cpg149-ORIG/upload.php cpg149/upload.php
--- cpg149-ORIG/upload.php	2006-09-26 19:34:26.000000000 -0400
+++ cpg149/upload.php	2006-10-01 03:18:23.000000000 -0400
@@ -839,27 +839,30 @@
 // Get public and private albums, and set maximum individual file size.
 
 if (GALLERY_ADMIN_MODE) {
-    $public_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title");
+    $public_albums_q1 = "SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT;
 } else {
-	$public_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND uploads='YES' AND (visibility = '0' OR visibility IN ".USER_GROUP_SET.") ORDER BY title");
-}
-if (mysql_num_rows($public_albums)) {
-    $public_albums_list = cpg_db_fetch_rowset($public_albums);
-} else {
-    $public_albums_list = array();
+    $public_albums_q1 = "SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND uploads='YES' AND (visibility = '0' OR visibility IN ".USER_GROUP_SET.") ";
 }
 
 if (USER_ID) {
     $user_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
+    $public_albums = cpg_db_query($public_albums_q1 . " UNION SELECT t1.aid, t1.title FROM {$CONFIG['TABLE_ALBUMS']} t1, {$CONFIG['TABLE_CATEGORIES']} t2 WHERE (t1.category=t2.cid AND t2.owner_id=" . USER_ID . ") ORDER BY title");
     if (mysql_num_rows($user_albums)) {
         $user_albums_list = cpg_db_fetch_rowset($user_albums);
     } else {
         $user_albums_list = array();
     }
 } else {
+    $public_albums = cpg_db_query($public_albums_q1 . " ORDER BY title");
     $user_albums_list = array();
 }
 
+if (mysql_num_rows($public_albums)) {
+    $public_albums_list = cpg_db_fetch_rowset($public_albums);
+} else {
+    $public_albums_list = array();
+}
+
 if (!count($public_albums_list) && !count($user_albums_list)) {
     cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'], __FILE__, __LINE__);
 }
@@ -2206,7 +2209,7 @@
 
         // Check if the album id provided is valid
         if (!GALLERY_ADMIN_MODE) {
-            $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and (uploads = 'YES' OR category = '" . (USER_ID + FIRST_USER_CAT) . "')");
+            $result = cpg_db_query("SELECT DISTINCT t1.category FROM {$CONFIG['TABLE_ALBUMS']} t1, {$CONFIG['TABLE_CATEGORIES']} t2 WHERE t1.aid='$album' AND (t1.uploads = 'YES' OR t1.category = " . (USER_ID + FIRST_USER_CAT) . " OR (t1.category=t2.cid AND t2.owner_id=" . USER_ID . "))");
             if (mysql_num_rows($result) == 0)cpg_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
             $row = mysql_fetch_array($result);
             mysql_free_result($result);
diff -ru cpg149-ORIG/xp_publish.php cpg149/xp_publish.php
--- cpg149-ORIG/xp_publish.php	2006-09-26 19:34:27.000000000 -0400
+++ cpg149/xp_publish.php	2006-10-02 14:57:06.000000000 -0400
@@ -173,11 +173,11 @@
 {
     global $CONFIG, $CAT_LIST;
 
-    $result = cpg_db_query("SELECT cid, name, description FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos");
+    $result = cpg_db_query("SELECT cid, name, description, owner_id FROM {$CONFIG['TABLE_CATEGORIES']} WHERE parent = '$parent' AND cid != 1 ORDER BY pos");
     if (mysql_num_rows($result) > 0) {
         $rowset = cpg_db_fetch_rowset($result);
         foreach ($rowset as $subcat) {
-            $CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name']);
+            $CAT_LIST[] = array($subcat['cid'], $ident . $subcat['name'], $subcat['owner_id']);
             get_subcat_data($subcat['cid'], $ident . '&nbsp;&nbsp;&nbsp;');
         }
     }
@@ -200,7 +200,7 @@
     }
 
     if (USER_ID) {
-        $user_albums = cpg_db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
+        $user_albums = cpg_db_query("SELECT DISTINCT t1.aid, t1.title FROM {$CONFIG['TABLE_ALBUMS']} t1, {$CONFIG['TABLE_CATEGORIES']} t2 WHERE t1.category = " . (USER_ID + FIRST_USER_CAT) . " OR (t1.category=t2.cid AND t2.owner_id=" . USER_ID . ") ORDER BY t1.pos ASC");
         if (mysql_num_rows($user_albums)) {
             $user_albums_list = cpg_db_fetch_rowset($user_albums);
         } else {
@@ -236,7 +236,11 @@
 
     $html = "\n";
     foreach($CAT_LIST as $category) {
-        $html .= '                        <option value="' . $category[0] . '">' . $category[1] . "</option>\n";
+        if (GALLERY_ADMIN_MODE || $category[2] == USER_ID || $category[0] == FIRST_USER_CAT + USER_ID) {
+            $html .= '                        <option value="' . $category[0] . '">' . $category[1] . "</option>\n";
+        } else {
+            $html .= '                        <optgroup label="' . $category[1] . '"></optgroup>\n"';
+        }
     }
 
     return $html;
@@ -623,7 +627,6 @@
         template_extract_block($template_select_album, 'no_album');
         template_extract_block($template_select_album, 'existing_albums');
 
-        if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category');
 
         $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME),
             '{CREATE_NEW}' => $lang_xp_publish_php['create_new'],
@@ -641,7 +644,6 @@
     } else {
         template_extract_block($template_select_album, 'no_album');
 
-        if (!USER_IS_ADMIN) template_extract_block($template_select_album, 'select_category');
 
         $params = array('{WELCOME}' => sprintf($lang_xp_publish_php['welcome'], USER_NAME),
             '{UPLOAD}' => $lang_xp_publish_php['upload'],
@@ -671,8 +673,11 @@
 
     if (!(USER_CAN_CREATE_ALBUMS || USER_IS_ADMIN)) simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
 
+    $cat = (int)$_POST['cat'];
     if (USER_IS_ADMIN) {
-        $category = (int)$_POST['cat'];
+        $category = $cat;
+    } else if (verify_cat_owner($cat)) {
+        $category = $cat;
     } else {
         $category = FIRST_USER_CAT + USER_ID;
     }
@@ -713,7 +718,7 @@
     $position = 0;
     // Check if the album id provided is valid
     if (!USER_IS_ADMIN) {
-        $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='$album' and category = '" . (USER_ID + FIRST_USER_CAT) . "'");
+        $result = cpg_db_query("SELECT DISTINCT t1.category FROM {$CONFIG['TABLE_ALBUMS']} t1, {$CONFIG['TABLE_CATEGORIES']} t2 WHERE t1.category = " . (USER_ID + FIRST_USER_CAT) . " OR (t1.category=t2.cid AND t2.owner_id=" . USER_ID . ") ORDER BY t1.pos ASC");
         if (mysql_num_rows($result) == 0) simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__);
         $row = mysql_fetch_array($result);
         mysql_free_result($result);
