[solved] can visitor upload in a user private album ?

[neodragon]

Hello,

I've got 2 groups : "utilisateur" and "visiteur"
One member of "utilisateur" had created an album in his user gallery. I want members of "visiteur" have the rights to view that album and to upload photos to it.

I set the rights of "visiteur" to "upload image" in the group settings, and in the album settings, i set "visitor can upload images" and this album can be viewed by "visiteur".

The problem is when a member of "visiteur" clic on the "upload image" link, there's an error saying "there's no album you're the right to upload images to" or something like that.

Have you got an idea on what's going wrong ?

Thanks.

[neodragon]

In upload.php
I found this line

Code Select Expand

$public_albums = mysql_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND uploads='YES' ORDER BY title");


By reading category < FIRST_USER_CAT, i think it is not possible for a user of group A to upload in the perso album of a user of group B.

the line means category < 10000, means all the categories except the users galleries, calculated with 10000 + id of the user.

So a user can only upload in the public album (id < 10000) and in his own albums (the sql request is bellow the line i quoted in upload.php).

Please, tell me i am wrong !!! This rights management is so frustrating !

[neodragon]

Hello,

I've got news.

I modified the file upload.php to let a user A upload photos to the albmu of a user B. Of course, user B had to let the group of user A view his album and the administrator had to "let visitor upload photos" to user B's album. In the code, i had a "other_album_list".

These are the three modifications in the file upload.php :

before

Code Select Expand

    // Also pull the album lists into the function.
    global $user_albums_list, $public_albums_list;

after

Code Select Expand

    // Also pull the album lists into the function.
    global $user_albums_list, $public_albums_list, $other_albums_list;

right below
before

Code Select Expand

//Cylce through the User albums.
    foreach($user_albums_list as $album) {

        // Set $album_id to the actual album ID.
        $album_id = $album['aid'];

        //Query the database to determine the category the album belongs to.
        $vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Query the database to get the category name.
        $vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Create the option for the drop down list.
        echo '                <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
    }

    //Cycle through the public albums.
    foreach($public_albums_list as $album) {

        // Set $album_id to the actual album ID.
        $album_id = $album['aid'];

        //Query the database to determine the category the album belongs to.
        $vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Query the database to get the category name.
        $vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Create the option for the drop down list.
        echo '                <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
    }

after

Code Select Expand

//Cylce through the User albums.
    foreach($user_albums_list as $album) {

        // Set $album_id to the actual album ID.
        $album_id = $album['aid'];

        //Query the database to determine the category the album belongs to.
        $vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Query the database to get the category name.
        $vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Create the option for the drop down list.
        echo '                <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
    }

    //Cycle through the public albums.
    foreach($public_albums_list as $album) {

        // Set $album_id to the actual album ID.
        $album_id = $album['aid'];

        //Query the database to determine the category the album belongs to.
        $vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Query the database to get the category name.
        $vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Create the option for the drop down list.
        echo '                <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
    }

    //Cycle through the other albums.
    foreach($other_albums_list as $album) {

        // Set $album_id to the actual album ID.
        $album_id = $album['aid'];

        //Query the database to determine the category the album belongs to.
        $vQuery = "SELECT category FROM " . $CONFIG['TABLE_ALBUMS'] . " WHERE aid='" . $album_id . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Query the database to get the category name.
        $vQuery = "SELECT name FROM " . $CONFIG['TABLE_CATEGORIES'] . " WHERE cid='" . $vRes['category'] . "'";
        $vRes = mysql_query($vQuery);
        $vRes = mysql_fetch_array($vRes);

        // Create the option for the drop down list.
        echo '                <option value="' . $album['aid'] . '"' . ($album['aid'] == $sel_album ? ' selected' : '') . '>' . (($vRes['name']) ? '(' . $vRes['name'] . ') ' : '') . $album['title'] . "</option>\n";
    }

further in the file
before

Code Select Expand

// Get public and private albums, and set maximum individual file size.

if (GALLERY_ADMIN_MODE) {
    $public_albums = mysql_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title");
} else {
    $public_albums = mysql_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND uploads='YES' ORDER BY title");
}
if (mysql_num_rows($public_albums)) {
    $public_albums_list = db_fetch_rowset($public_albums);
} else {
    $public_albums_list = array();
}

if (USER_ID) {
    $user_albums = mysql_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
    if (mysql_num_rows($user_albums)) {
        $user_albums_list = db_fetch_rowset($user_albums);
    } else {
        $user_albums_list = array();
    }
} else {
    $user_albums_list = array();
}

if (!count($public_albums_list) && !count($user_albums_list)) {
    cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'], __FILE__, __LINE__);
}

after

Code Select Expand

// Get public and private albums, and set maximum individual file size. Ajout de other albums, album visible et upload possible

if (GALLERY_ADMIN_MODE) {
    $public_albums = mysql_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " ORDER BY title");
} else {
    $public_albums = mysql_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category < " . FIRST_USER_CAT . " AND uploads='YES' ORDER BY title");
}
if (mysql_num_rows($public_albums)) {
    $public_albums_list = db_fetch_rowset($public_albums);
} else {
    $public_albums_list = array();
}

if (USER_ID) {
    $user_albums = mysql_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='" . (FIRST_USER_CAT + USER_ID) . "' ORDER BY title");
    if (mysql_num_rows($user_albums)) {
        $user_albums_list = db_fetch_rowset($user_albums);
    } else {
        $user_albums_list = array();
    }
} else {
    $user_albums_list = array();
}

$other_albums = mysql_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE uploads='YES' AND visibility IN ".USER_GROUP_SET." ORDER BY title");
if (mysql_num_rows($other_albums)) {
    $other_albums_list = db_fetch_rowset($other_albums);
} else {
    $other_albums_list = array();
}

if (!count($public_albums_list) && !count($user_albums_list) && !count($other_albums_list)) {
    cpg_die (ERROR, $lang_upload_php['err_no_alb_uploadables'], __FILE__, __LINE__);
}

WARNING, if you use the admin approval for public album for the group of user A, you have to modify the files  editOnePic.php and editpics.php. If you use XP publishing you have to modify the file xp_publish.php.

That's it. If it helps someone ... Anyway it helps me.