SetCurentSession($_COOKIE["linksilo_session"]); $sql="SELECT COUNT(*) as num FROM media_folders WHERE id='".quote_smart($_REQUEST["folder"])."' AND auid='".$userservice->getCurrentUser()."'"; $db->query($sql); $db->next_record(); if ($db->f("num")>0) { $_SESSION["passwort"]=$functionservice->getNewPassword(50); } else { unset($_SESSION["passwort"]); die("Ordner existiert nicht"); } } else { $sql="SELECT passwort FROM media_folders_album WHERE folder_id='".quote_smart($_REQUEST["folder"])."'"; $db->query($sql); $db->next_record(); if ($_SESSION["passwort"]!=$db->f("passwort")) unset($_SESSION["passwort"]); } if (isset($_SESSION["passwort"])) { $sql="SELECT id FROM media_files WHERE name_svr='".quote_smart($_GET["file"])."'"; $db->query($sql); if ($db->num_rows()==0) { die("Sie sind nicht eingeloggt!"); } readfile($_SERVER['DOCUMENT_ROOT'].$updir."/mediafiles/thumbsquare_".quote_smart($_GET["file"])); } ?>