1 && $image_id == '') {//implies an illegal name in the URL which might be an injection attack include BASE_PATH.'includes/unavailable_404.inc.php'; die; } $image = db_get_image($image_id); $bike = new GalleryBike($db, $bike_id); if ($image->status != "approved" && USERID !=$image->user_id && !ISADMIN) { $smarty->assign("error","You can not view this non approved image."); $smarty->display(BASE_PATH . "templates/index.tpl.smrt"); die(); } if (ISADMIN || USERID == $image->user_id) { $bike->get_images('all'); } else { $bike->get_images('approved'); } $prev = false; $next = false; for ( $i = 0; $i < sizeof($bike->images); $i++) { if ($bike->images[$i]->image_id == $image_id) { if ($i - 1 >= 0) { $prev = "<< PREV"; } if ($i + 1 < sizeof($bike->images)) { $next = "NEXT >>"; } break; } } $smarty->assign("next", $next); $smarty->assign("prev", $prev); $smarty->assign("bike", $bike); $smarty->assign("image", $image); $smarty->assign("PAGETITLE","View Image for " . $bike->name . " bike"); $smarty->assign("page_tpl",TEMPLATE_DIR . "gallery/view_images.tpl.smrt"); $smarty->display("gallery_template.tpl.smrt");