1 | <?php |
---|
2 | // +-----------------------------------------------------------------------+ |
---|
3 | // | Piwigo - a PHP based photo gallery | |
---|
4 | // +-----------------------------------------------------------------------+ |
---|
5 | // | Copyright(C) 2008-2011 Piwigo Team http://piwigo.org | |
---|
6 | // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | |
---|
7 | // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | |
---|
8 | // +-----------------------------------------------------------------------+ |
---|
9 | // | This program is free software; you can redistribute it and/or modify | |
---|
10 | // | it under the terms of the GNU General Public License as published by | |
---|
11 | // | the Free Software Foundation | |
---|
12 | // | | |
---|
13 | // | This program is distributed in the hope that it will be useful, but | |
---|
14 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
15 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
16 | // | General Public License for more details. | |
---|
17 | // | | |
---|
18 | // | You should have received a copy of the GNU General Public License | |
---|
19 | // | along with this program; if not, write to the Free Software | |
---|
20 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
21 | // | USA. | |
---|
22 | // +-----------------------------------------------------------------------+ |
---|
23 | |
---|
24 | /* |
---|
25 | * Check if the current image is editable by the current user. The input |
---|
26 | * data $image_id and $user_id must be validated befored being used here. |
---|
27 | * @return bool |
---|
28 | * @author icy |
---|
29 | * |
---|
30 | */ |
---|
31 | function icy_check_image_owner($image_id, $user_id = 0) |
---|
32 | { |
---|
33 | if (!preg_match(PATTERN_ID, $image_id)) |
---|
34 | { |
---|
35 | fatal_error('[Hacking attempt] the input parameter "'.$image_id.'" is not valid'); |
---|
36 | } |
---|
37 | if (!preg_match(PATTERN_ID, $user_id)) |
---|
38 | { |
---|
39 | fatal_error('[Hacking attempt] the input parameter "'.$user_id.'" is not valid'); |
---|
40 | } |
---|
41 | |
---|
42 | $query = ' |
---|
43 | SELECT COUNT(id) |
---|
44 | FROM '.IMAGES_TABLE.' |
---|
45 | WHERE id = '.$image_id.' |
---|
46 | AND added_by = '.$user_id.' |
---|
47 | ;'; |
---|
48 | |
---|
49 | list($count) = pwg_db_fetch_row(pwg_query($query)); |
---|
50 | |
---|
51 | return ($count > 0 ? true: false); |
---|
52 | } |
---|
53 | ?> |
---|