The fix will manually check for member_id to verify. If no member_id, then permission denied.
I don't think this is the best way to fix it. Please check the mantis comment for more details.
require (AT_INCLUDE_PATH.'vitals.inc.php');
include (AT_PA_INCLUDE.'classes/PhotoAlbum.class.php');
+//quit if this is not a member
+if(!(isset($_SESSION['member_id']) && $_SESSION['member_id'] > 0)){
+ $msg->addError('ACCESS_DENIED');
+ header('Location: index.php');
+ exit;
+}
+
//check what comment this is for. Album or Photo.
$pid = intval($_POST['pid']);
$aid = intval($_POST['aid']);
include (AT_PA_INCLUDE.'classes/PhotoAlbum.class.php');
$_custom_css = $_base_path . AT_PA_BASENAME . 'module.css'; // use a custom stylesheet
+//quit if this is not a member
+if(!(isset($_SESSION['member_id']) && $_SESSION['member_id'] > 0)){
+ $msg->addError('ACCESS_DENIED');
+ header('Location: index.php');
+ exit;
+}
+
//instantiate obj
$pa = new PhotoAlbum();
$_user_location = 'public';
define('AT_INCLUDE_PATH', '../../../include/');
require (AT_INCLUDE_PATH.'vitals.inc.php');
+
+//quit if this is not a member
+if(!(isset($_SESSION['member_id']) && $_SESSION['member_id'] > 0)){
+ $msg->addError('ACCESS_DENIED');
+ header('Location: index.php');
+ exit;
+}
+
include (AT_PA_INCLUDE.'profile_album.inc.php');
exit;
?>