1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325: 326: 327: 328: 329: 330: 331: 332: 333: 334: 335: 336: 337: 338: 339: 340: 341: 342: 343: 344: 345: 346: 347: 348: 349: 350: 351: 352: 353: 354: 355: 356: 357: 358: 359: 360: 361: 362: 363: 364: 365: 366: 367: 368: 369: 370: 371: 372: 373: 374: 375: 376: 377: 378: 379: 380: 381: 382: 383: 384: 385: 386: 387: 388: 389: 390: 391: 392: 393: 394: 395: 396: 397: 398: 399: 400: 401: 402: 403: 404: 405: 406: 407: 408: 409: 410: 411: 412: 413: 414: 415: 416: 417: 418: 419: 420: 421: 422: 423: 424: 425: 426: 427: 428: 429: 430: 431: 432: 433: 434: 435: 436: 437: 438: 439: 440: 441: 442: 443: 444: 445: 446: 447: 448: 449: 450: 451: 452: 453: 454: 455: 456: 457: 458: 459: 460: 461: 462: 463: 464: 465: 466: 467: 468: 469: 470: 471: 472: 473: 474: 475: 476: 477: 478: 479: 480: 481: 482: 483: 484: 485: 486: 487: 488: 489: 490: 491: 492: 493: 494: 495: 496: 497: 498: 499: 500: 501: 502: 503: 504: 505: 506: 507: 508: 509: 510: 511: 512: 513: 514: 515: 516: 517: 518: 519: 520: 521: 522: 523: 524: 525: 526: 527: 528: 529: 530: 531: 532: 533: 534: 535: 536: 537: 538: 539: 540: 541: 542: 543: 544: 545: 546: 547: 548: 549: 550: 551: 552: 553: 554: 555: 556: 557: 558: 559: 560: 561: 562: 563: 564: 565: 566: 567: 568: 569: 570: 571: 572: 573: 574: 575: 576: 577: 578: 579: 580: 581: 582: 583: 584: 585: 586: 587: 588: 589: 590: 591: 592: 593: 594: 595: 596: 597: 598: 599: 600: 601: 602: 603: 604: 605: 606: 607: 608: 609: 610: 611: 612: 613: 614: 615: 616: 617: 618: 619: 620: 621: 622: 623: 624: 625: 626: 627: 628: 629: 630: 631: 632: 633: 634: 635: 636: 637: 638: 639: 640: 641: 642: 643: 644: 645: 646: 647: 648: 649: 650: 651: 652: 653: 654: 655: 656: 657: 658: 659: 660: 661: 662: 663: 664: 665: 666: 667: 668: 669: 670: 671: 672: 673: 674: 675: 676: 677: 678: 679: 680: 681: 682: 683: 684: 685: 686: 687: 688: 689: 690: 691: 692: 693: 694: 695: 696: 697: 698: 699: 700: 701: 702: 703: 704: 705: 706: 707: 708: 709: 710: 711: 712: 713: 714: 715: 716: 717: 718: 719: 720: 721: 722: 723: 724: 725: 726: 727: 728: 729: 730: 731: 732: 733: 734: 735: 736: 737: 738: 739: 740: 741: 742: 743: 744: 745: 746: 747: 748: 749: 750: 751: 752: 753: 754: 755: 756: 757: 758: 759: 760: 761: 762: 763: 764: 765: 766: 767: 768: 769: 770: 771: 772: 773: 774: 775: 776: 777: 778: 779: 780: 781: 782: 783: 784: 785: 786: 787: 788: 789: 790: 791: 792: 793: 794: 795: 796: 797: 798: 799: 800: 801: 802: 803: 804: 805: 806: 807: 808: 809: 810: 811: 812: 813: 814: 815: 816: 817: 818: 819: 820: 821: 822: 823: 824: 825: 826: 827: 828: 829: 830: 831: 832: 833: 834: 835: 836: 837: 838: 839: 840: 841: 842: 843: 844: 845: 846: 847: 848: 849: 850: 851: 852: 853: 854: 855: 856: 857: 858: 859: 860: 861: 862: 863: 864: 865: 866: 867: 868: 869: 870: 871: 872: 873: 874: 875: 876: 877: 878: 879: 880: 881: 882: 883: 884: 885: 886: 887: 888: 889: 890: 891: 892: 893: 894: 895: 896: 897: 898: 899: 900: 901: 902: 903: 904: 905: 906: 907: 908: 909: 910: 911: 912: 913: 914: 915: 916: 917: 918: 919: 920: 921: 922: 923: 924: 925: 926: 927: 928: 929: 930: 931: 932: 933: 934: 935: 936: 937: 938: 939: 940: 941: 942: 943: 944: 945: 946: 947: 948: 949: 950: 951: 952: 953: 954: 955: 956: 957: 958: 959: 960: 961: 962: 963: 964: 965: 966: 967: 968: 969: 970: 971: 972: 973: 974: 975: 976: 977: 978: 979: 980: 981: 982: 983: 984: 985: 986: 987: 988: 989: 990: 991: 992: 993: 994: 995: 996: 997: 998: 999: 1000: 1001: 1002: 1003: 1004: 1005: 1006: 1007: 1008: 1009: 1010: 1011: 1012: 1013: 1014: 1015: 1016: 1017: 1018: 1019: 1020: 1021: 1022: 1023: 1024: 1025: 1026: 1027: 1028: 1029: 1030: 1031: 1032: 1033: 1034: 1035: 1036: 1037: 1038: 1039: 1040: 1041: 1042: 1043: 1044: 1045: 1046: 1047: 1048: 1049: 1050: 1051: 1052: 1053: 1054: 1055: 1056: 1057: 1058: 1059: 1060: 1061: 1062: 1063: 1064: 1065: 1066: 1067: 1068: 1069: 1070: 1071: 1072: 1073: 1074: 1075: 1076: 1077: 1078: 1079: 1080: 1081: 1082: 1083: 1084: 1085: 1086: 1087: 1088: 1089: 1090: 1091: 1092: 1093: 1094: 1095: 1096: 1097: 1098: 1099: 1100: 1101: 1102: 1103: 1104: 1105: 1106: 1107: 1108: 1109: 1110: 1111: 1112: 1113: 1114: 1115: 1116: 1117: 1118: 1119: 1120: 1121: 1122: 1123: 1124: 1125: 1126: 1127: 1128: 1129: 1130: 1131: 1132: 1133: 1134: 1135: 1136: 1137: 1138: 1139: 1140: 1141: 1142: 1143: 1144: 1145: 1146: 1147: 1148: 1149: 1150: 1151: 1152: 1153: 1154: 1155: 1156: 1157: 1158: 1159: 1160: 1161: 1162: 1163: 1164: 1165: 1166: 1167: 1168: 1169: 1170: 1171: 1172: 1173: 1174: 1175: 1176: 1177: 1178: 1179: 1180: 1181: 1182: 1183: 1184: 1185: 1186: 1187: 1188: 1189: 1190: 1191: 1192: 1193: 1194: 1195: 1196: 1197: 1198: 1199: 1200: 1201: 1202: 1203: 1204: 1205: 1206: 1207: 1208: 1209: 1210: 1211: 1212: 1213: 1214: 1215: 1216: 1217: 1218: 1219: 1220: 1221: 1222: 1223: 1224: 1225: 1226: 1227: 1228: 1229: 1230: 1231: 1232: 1233: 1234: 1235: 1236: 1237: 1238: 1239: 1240: 1241: 1242: 1243: 1244: 1245: 1246: 1247: 1248: 1249: 1250: 1251: 1252: 1253: 1254: 1255: 1256: 1257: 1258: 1259: 1260: 1261: 1262: 1263: 1264: 1265: 1266: 1267: 1268: 1269: 1270: 1271: 1272: 1273: 1274: 1275: 1276: 1277: 1278: 1279: 1280: 1281: 1282: 1283: 1284: 1285: 1286: 1287: 1288: 1289: 1290: 1291: 1292: 1293: 1294: 1295: 1296: 1297: 1298: 1299: 1300: 1301: 1302: 1303: 1304: 1305: 1306: 1307: 1308: 1309: 1310: 1311: 1312: 1313: 1314: 1315: 1316: 1317: 1318: 1319: 1320: 1321: 1322: 1323: 1324: 1325: 1326: 1327: 1328: 1329: 1330: 1331: 1332: 1333: 1334: 1335: 1336: 1337: 1338: 1339: 1340: 1341: 1342: 1343: 1344: 1345: 1346: 1347: 1348: 1349: 1350: 1351: 1352: 1353: 1354: 1355: 1356: 1357: 1358: 1359: 1360: 1361: 1362: 1363: 1364: 1365: 1366: 1367: 1368: 1369: 1370: 1371: 1372: 1373: 1374: 1375: 1376: 1377: 1378: 1379: 1380: 1381: 1382: 1383: 1384: 1385: 1386: 1387: 1388: 1389: 1390: 1391: 1392: 1393: 1394: 1395: 1396: 1397: 1398: 1399: 1400: 1401: 1402: 1403: 1404: 1405: 1406: 1407: 1408: 1409: 1410: 1411: 1412: 1413: 1414: 1415: 1416: 1417: 1418: 1419: 1420: 1421: 1422: 1423: 1424: 1425: 1426: 1427: 1428: 1429: 1430: 1431: 1432: 1433: 1434: 1435: 1436: 1437: 1438: 1439: 1440: 1441: 1442: 1443: 1444: 1445: 1446: 1447: 1448: 1449: 1450: 1451: 1452: 1453: 1454: 1455: 1456: 1457: 1458: 1459: 1460: 1461: 1462: 1463: 1464: 1465: 1466: 1467: 1468: 1469: 1470: 1471: 1472: 1473: 1474: 1475: 1476: 1477: 1478: 1479: 1480: 1481: 1482: 1483: 1484: 1485: 1486: 1487: 1488: 1489: 1490: 1491: 1492: 1493: 1494: 1495: 1496: 1497: 1498: 1499: 1500: 1501: 1502: 1503: 1504: 1505: 1506: 1507: 1508: 1509: 1510: 1511: 1512: 1513: 1514: 1515: 1516: 1517: 1518: 1519: 1520: 1521: 1522: 1523: 1524: 1525: 1526: 1527: 1528: 1529: 1530: 1531: 1532: 1533: 1534: 1535: 1536: 1537: 1538: 1539: 1540: 1541: 1542: 1543: 1544: 1545: 1546: 1547: 1548: 1549: 1550: 1551: 1552: 1553: 1554: 1555: 1556: 1557: 1558: 1559: 1560: 1561: 1562: 1563: 1564: 1565: 1566: 1567: 1568: 1569: 1570: 1571: 1572: 1573: 1574: 1575: 1576: 1577: 1578: 1579: 1580: 1581: 1582: 1583: 1584: 1585: 1586: 1587: 1588: 1589: 1590: 1591: 1592: 1593: 1594: 1595: 1596: 1597: 1598: 1599: 1600: 1601: 1602: 1603: 1604: 1605: 1606: 1607: 1608: 1609: 1610: 1611: 1612: 1613: 1614: 1615: 1616: 1617: 1618: 1619: 1620: 1621: 1622: 1623: 1624: 1625: 1626: 1627: 1628: 1629: 1630: 1631: 1632: 1633: 1634: 1635: 1636: 1637: 1638: 1639: 1640: 1641: 1642: 1643: 1644: 1645: 1646: 1647: 1648: 1649: 1650: 1651: 1652: 1653: 1654: 1655: 1656: 1657: 1658: 1659: 1660: 1661: 1662: 1663: 1664: 1665: 1666: 1667: 1668: 1669: 1670: 1671: 1672: 1673: 1674: 1675: 1676: 1677: 1678: 1679: 1680: 1681: 1682: 1683: 1684: 1685: 1686: 1687: 1688: 1689: 1690: 1691: 1692: 1693: 1694: 1695: 1696: 1697: 1698: 1699: 1700: 1701: 1702: 1703: 1704: 1705: 1706: 1707: 1708: 1709: 1710: 1711: 1712: 1713: 1714: 1715: 1716: 1717: 1718: 1719: 1720: 1721: 1722: 1723: 1724: 1725: 1726: 1727: 1728: 1729: 1730: 1731: 1732: 1733: 1734: 1735: 1736: 1737: 1738: 1739: 1740: 1741: 1742: 1743: 1744: 1745: 1746: 1747: 1748: 1749: 1750: 1751: 1752: 1753: 1754: 1755: 1756: 1757: 1758: 1759: 1760: 1761: 1762: 1763: 1764: 1765: 1766: 1767: 1768: 1769: 1770: 1771: 1772: 1773: 1774: 1775: 1776: 1777: 1778: 1779: 1780: 1781: 1782: 1783: 1784: 1785: 1786: 1787: 1788: 1789: 1790: 1791: 1792: 1793: 1794: 1795: 1796: 1797: 1798: 1799: 1800: 1801: 1802: 1803: 1804: 1805: 1806: 1807: 1808: 1809: 1810: 1811: 1812: 1813: 1814: 1815: 1816: 1817: 1818: 1819: 1820: 1821: 1822: 1823: 1824: 1825: 1826: 1827: 1828: 1829: 1830: 1831: 1832: 1833: 1834: 1835: 1836: 1837: 1838: 1839: 1840: 1841: 1842: 1843: 1844: 1845: 1846: 1847: 1848: 1849: 1850: 1851: 1852: 1853: 1854: 1855: 1856: 1857: 1858: 1859: 1860: 1861: 1862: 1863: 1864: 1865: 1866: 1867: 1868: 1869: 1870: 1871: 1872: 1873: 1874: 1875: 1876: 1877: 1878: 1879: 1880: 1881: 1882: 1883: 1884: 1885:
<?php
require_once(dirname(__FILE__) . '/classes.php');
class Zenphoto_Authority {
public $admin_users = NULL;
public $admin_groups = NULL;
public $admin_other = NULL;
public $admin_all = NULL;
public $rightsset = NULL;
protected $master_user = NULL;
static $preferred_version = 4;
static $supports_version = 4;
static $hashList = array('pbkdf2' => 3, 'pbkdf2*' => 2, 'sha1' => 1, 'md5' => 0);
function __construct() {
setOptionDefault('admin_lastvisit_timeframe', 600);
setOptionDefault('admin_lastvisit', true);
$this->admin_all = $this->admin_groups = $this->admin_users = $this->admin_other = array();
$sql = 'SELECT * FROM ' . prefix('administrators') . ' ORDER BY `rights` DESC, `id`';
$admins = query($sql, false);
if ($admins) {
while ($user = db_fetch_assoc($admins)) {
$this->admin_all[$user['id']] = $user;
switch ($user['valid']) {
case 1:
$this->admin_users[$user['id']] = $user;
if (empty($this->master_user))
$this->master_user = $user['user'];
break;
case 0:
$this->admin_groups[$user['id']] = $user;
break;
default:
$this->admin_other[$user['id']] = $user;
break;
}
}
db_free_result($admins);
}
}
function getMasterUser() {
return new Zenphoto_Administrator($this->master_user, 1);
}
function isMasterUser($user) {
return $user == $this->master_user;
}
function getOptionsSupported() {
$encodings = self::$hashList;
unset($encodings['pbkdf2*']);
if (!function_exists('hash')) {
unset($encodings['pbkdf2']);
}
return array(gettext('Primary album edit') =>
array('key' => 'user_album_edit_default',
'type' => OPTION_TYPE_CHECKBOX,
'desc' => gettext('Check if you want <em>edit rights</em> automatically assigned when a user <em>primary album</em> is created.')),
gettext('Minimum password strength') => array(
'key' => 'password_strength',
'type' => OPTION_TYPE_CUSTOM,
'desc' => sprintf(gettext('Users must provide passwords a strength of at least %s. The repeat password field will be disabled until this floor is met.'), '<span id="password_strength_display">' . getOption('password_strength') . '</span>')),
gettext('Password hash algorithm') => array(
'key' => 'strong_hash',
'type' => OPTION_TYPE_SELECTOR,
'selections' => $encodings,
'desc' => sprintf(gettext('The hashing algorithm used by Zenphoto. In order of robustness the choices are %s'), '<code>' . implode('</code> > <code>', array_flip($encodings)) . '</code>')),
gettext('User last visit - store') => array(
'key' => 'admin_lastvisit',
'type' => OPTION_TYPE_CHECKBOX,
'desc' => gettext('Enable if you like to store visits of logged-in users in the database.')),
gettext('User last visit - time frame') => array(
'key' => 'admin_lastvisit_timeframe',
'type' => OPTION_TYPE_TEXTBOX,
'desc' => gettext('Time in seconds before the last visit of logged-in users is updated in the database. Default is 600 seconds (10 minutes)'))
);
}
function handleOption($option, $currentValue) {
global $_zp_current_admin_obj;
switch ($option) {
case 'password_strength':
?>
<input type="hidden" size="3" id="password_strength" name="password_strength" value="<?php echo getOption('password_strength'); ?>" />
<script type="text/javascript">
function sliderColor(strength) {
var url = 'url(<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/strengths/strength' + strength + '.png)';
$('#slider-password_strength').css('background-image', url);
}
$(function() {
$("#slider-password_strength").slider({
<?php $v = getOption('password_strength'); ?>
startValue: <?php echo $v; ?>,
value: <?php echo $v; ?>,
min: 1,
max: 30,
slide: function(event, ui) {
$("#password_strength").val(ui.value);
$('#password_strength_display').html(ui.value);
sliderColor(ui.value);
}
});
var strength = $("#slider-password_strength").slider("value");
$("#password_strength").val(strength);
$('#password_strength_display').html(strength);
sliderColor(strength);
});
</script>
<div id="slider-password_strength"></div>
<?php
break;
}
}
static function getVersion() {
$v = getOption('libauth_version');
if (empty($v)) {
return self::$preferred_version;
} else {
return $v;
}
}
static function passwordHash($user, $pass, $hash_type = NULL) {
if (is_null($hash_type)) {
$hash_type = getOption('strong_hash');
}
switch ($hash_type) {
case 1:
$hash = sha1($user . $pass . HASH_SEED);
break;
case 2:
$hash = base64_encode(self::pbkdf2($pass, $user . HASH_SEED));
break;
case 3:
$hash = str_replace('+', '-', base64_encode(self::pbkdf2($pass, $user . HASH_SEED)));
break;
default:
$hash = md5($user . $pass . HASH_SEED);
break;
}
if (DEBUG_LOGIN) {
debugLog("passwordHash($user, $pass, $hash_type)[ " . HASH_SEED . " ]:$hash");
}
return $hash;
}
function getAdministrators($what = 'users') {
switch ($what) {
case 'users':
return $this->admin_users;
case 'groups':
return $this->admin_groups;
case 'allusers':
return array_merge($this->admin_users, $this->admin_other);
default:
return $this->admin_all;
}
}
static function getAnAdmin($criteria) {
$selector = array();
foreach ($criteria as $match => $value) {
if (is_numeric($value)) {
$selector[] = $match . $value;
} else {
$selector[] = $match . db_quote($value);
}
}
$sql = 'SELECT * FROM ' . prefix('administrators') . ' WHERE ' . implode(' AND ', $selector) . ' LIMIT 1';
$admin = query_single_row($sql, false);
if ($admin) {
return self::newAdministrator($admin['user'], $admin['valid']);
} else {
return NULL;
}
}
function checkAuthorization($authCode, $id) {
global $_zp_current_admin_obj;
if (DEBUG_LOGIN) {
debugLogBacktrace("checkAuthorization($authCode, $id)");
}
$admins = $this->getAdministrators();
if (count($admins) == 0) {
if (DEBUG_LOGIN) {
debugLog("checkAuthorization: no admins");
}
$_zp_current_admin_obj = new Zenphoto_Administrator('', 1);
$_zp_current_admin_obj->set('id', 0);
$_zp_current_admin_obj->reset = true;
return ADMIN_RIGHTS;
}
if (is_object($_zp_current_admin_obj) && $_zp_current_admin_obj->reset) {
if (DEBUG_LOGIN) {
debugLog("checkAuthorization: reset request");
}
return $_zp_current_admin_obj->getRights();
}
$_zp_current_admin_obj = NULL;
if (empty($authCode))
return 0;
if (DEBUG_LOGIN) {
debugLogVar("checkAuthorization: admins", $admins);
}
$rights = 0;
$criteria = array('`pass`=' => $authCode, '`valid`=' => 1);
if (!empty($id)) {
$criteria['`id`='] = $id;
}
$user = self::getAnAdmin($criteria);
if (is_object($user)) {
$_zp_current_admin_obj = $user;
$rights = $user->getRights();
if (DEBUG_LOGIN) {
debugLog(sprintf('checkAuthorization: from %1$s->%2$X', $authCode, $rights));
}
return $rights;
}
$_zp_current_admin_obj = NULL;
if (DEBUG_LOGIN) {
debugLog("checkAuthorization: no match");
}
return 0;
}
function checkLogon($user, $pass) {
$userobj = self::getAnAdmin(array('`user`=' => $user, '`valid`=' => 1));
if ($userobj) {
$hash = self::passwordHash($user, $pass, $userobj->get('passhash'));
if ($hash != $userobj->getPass()) {
foreach (self::$hashList as $hashv) {
$hash = self::passwordHash($user, $pass, $hashv);
if ($hash == $userobj->getPass()) {
break;
} else {
$hash = -1;
}
}
if ($hash === -1) {
$userobj = NULL;
}
}
} else {
$hash = -1;
}
if (DEBUG_LOGIN) {
if ($userobj) {
$rights = sprintf('%X', $userobj->getRights());
} else {
$rights = false;
}
debugLog(sprintf('checkLogon(%1$s, %2$s)->%3$s', $user, $hash, $rights));
}
return $userobj;
}
function getAdminEmail($rights = NULL) {
if (is_null($rights)) {
$rights = ADMIN_RIGHTS;
}
$emails = array();
$admins = $this->getAdministrators();
foreach ($admins as $user) {
if (($user['rights'] & $rights) && isValidEmail($user['email'])) {
$name = $user['name'];
if (empty($name)) {
$name = $user['user'];
}
$emails[$name] = $user['email'];
}
}
return $emails;
}
function migrateAuth($to) {
if ($to > self::$supports_version || $to < self::$preferred_version - 1) {
trigger_error(sprintf(gettext('Cannot migrate rights to version %1$s (Zenphoto_Authority supports only %2$s and %3$s.)'), $to, self::$supports_version, self::$preferred_version), E_USER_NOTICE);
return false;
}
$success = true;
$oldversion = self::getVersion();
setOption('libauth_version', $to);
$this->admin_users = array();
$sql = "SELECT * FROM " . prefix('administrators') . "ORDER BY `rights` DESC, `id`";
$admins = query($sql, false);
if ($admins) {
$oldrights = array();
foreach (self::getRights($oldversion) as $key => $right) {
$oldrights[$key] = $right['value'];
}
$currentrights = self::getRights($to);
while ($user = db_fetch_assoc($admins)) {
$update = false;
$rights = $user['rights'];
$newrights = $currentrights['NO_RIGHTS']['value'];
foreach ($currentrights as $key => $right) {
if ($right['display']) {
if (array_key_exists($key, $oldrights) && $rights & $oldrights[$key]) {
$newrights = $newrights | $right['value'];
}
}
}
if ($oldversion < 4) {
$newrights = $newrights | $currentrights['USER_RIGHTS']['value'];
}
if ($to >= 3 && $oldversion < 3) {
if ($rights & $oldrights['VIEW_ALL_RIGHTS']) {
$updaterights = $currentrights['ALL_ALBUMS_RIGHTS']['value'] | $currentrights['ALL_PAGES_RIGHTS']['value'] |
$currentrights['ALL_NEWS_RIGHTS']['value'] | $currentrights['VIEW_SEARCH_RIGHTS']['value'] |
$currentrights['VIEW_GALLERY_RIGHTS']['value'] | $currentrights['VIEW_FULLIMAGE_RIGHTS']['value'];
$newrights = $newrights | $updaterights;
}
}
if ($oldversion >= 3 && $to < 3) {
if ($oldrights['ALL_ALBUMS_RIGHTS'] || $oldrights['ALL_PAGES_RIGHTS'] || $oldrights['ALL_NEWS_RIGHTS']) {
$newrights = $newrights | $currentrights['VIEW_ALL_RIGHTS']['value'];
}
}
if ($oldversion == 1) {
if ($rights & $oldrights['ZENPAGE_RIGHTS']) {
$newrights = $newrights | $currentrights['ZENPAGE_PAGES_RIGHTS'] | $currentrights['ZENPAGE_NEWS_RIGHTS'] | $currentrights['FILES_RIGHTS'];
}
}
if ($to >= 3) {
if ($newrights & $currentrights['ADMIN_RIGHTS']['value']) {
$newrights = $currentrights['ALL_RIGHTS']['value'];
} else {
if ($newrights & $currentrights['MANAGE_ALL_ALBUM_RIGHTS']['value']) {
$newrights = $newrights | $currentrights['ALBUM_RIGHTS']['value'];
}
if ($newrights & $currentrights['MANAGE_ALL_NEWS_RIGHTS']['value']) {
$newrights = $newrights | $currentrights['ZENPAGE_NEWS_RIGHTS']['value'];
}
if ($newrights & $currentrights['MANAGE_ALL_PAGES_RIGHTS']['value']) {
$newrights = $newrights | $currentrights['ZENPAGE_PAGES_RIGHTS']['value'];
}
}
}
$sql = 'UPDATE ' . prefix('administrators') . ' SET `rights`=' . $newrights . ' WHERE `id`=' . $user['id'];
$success = $success && query($sql);
}
db_free_result($admins);
}
return $success;
}
static function updateAdminField($update, $value, $constraints) {
$where = '';
foreach ($constraints as $field => $clause) {
if (!empty($where))
$where .= ' AND ';
if (is_numeric($clause)) {
$where .= $field . $clause;
} else {
$where .= $field . db_quote($clause);
}
}
if (is_null($value)) {
$value = 'NULL';
} else {
$value = db_quote($value);
}
$sql = 'UPDATE ' . prefix('administrators') . ' SET `' . $update . '`=' . $value . ' WHERE ' . $where;
$result = query($sql);
return $result;
}
static function newAdministrator($name, $valid = 1) {
$user = new Zenphoto_Administrator($name, $valid);
return $user;
}
static function getRights($version = NULL) {
if (empty($version)) {
$v = self::getVersion();
} else {
$v = $version;
}
switch ($v) {
case 1:
$rightsset = array('NO_RIGHTS' => array('value' => 2, 'name' => gettext('No rights'), 'set' => '', 'display' => false, 'hint' => ''),
'OVERVIEW_RIGHTS' => array('value' => 4, 'name' => gettext('Overview'), 'set' => '', 'display' => true, 'hint' => ''),
'VIEW_ALL_RIGHTS' => array('value' => 8, 'name' => gettext('View all'), 'set' => '', 'display' => true, 'hint' => ''),
'UPLOAD_RIGHTS' => array('value' => 16, 'name' => gettext('Upload'), 'set' => '', 'display' => true, 'hint' => ''),
'POST_COMMENT_RIGHTS' => array('value' => 32, 'name' => gettext('Post comments'), 'set' => '', 'display' => true, 'hint' => ''),
'COMMENT_RIGHTS' => array('value' => 64, 'name' => gettext('Comments'), 'set' => '', 'display' => true, 'hint' => ''),
'ALBUM_RIGHTS' => array('value' => 256, 'name' => gettext('Album'), 'set' => '', 'display' => true, 'hint' => ''),
'MANAGE_ALL_ALBUM_RIGHTS' => array('value' => 512, 'name' => gettext('Manage all albums'), 'set' => '', 'display' => true, 'hint' => ''),
'THEMES_RIGHTS' => array('value' => 1024, 'name' => gettext('Themes'), 'set' => '', 'display' => true, 'hint' => ''),
'ZENPAGE_RIGHTS' => array('value' => 2049, 'name' => gettext('Zenpage'), 'set' => '', 'display' => true, 'hint' => ''),
'TAGS_RIGHTS' => array('value' => 4096, 'name' => gettext('Tags'), 'set' => '', 'display' => true, 'hint' => ''),
'OPTIONS_RIGHTS' => array('value' => 8192, 'name' => gettext('Options'), 'set' => '', 'display' => true, 'hint' => ''),
'ADMIN_RIGHTS' => array('value' => 65536, 'name' => gettext('Full admin rights'), 'set' => '', 'display' => true, 'hint' => ''));
break;
case 2:
$rightsset = array('NO_RIGHTS' => array('value' => 1, 'name' => gettext('No rights'), 'set' => '', 'display' => false, 'hint' => ''),
'OVERVIEW_RIGHTS' => array('value' => pow(2, 2), 'name' => gettext('Overview'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may view the admin overview page.')),
'VIEW_ALL_RIGHTS' => array('value' => pow(2, 4), 'name' => gettext('View all'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may view all of the gallery regardless of protection of the page. Without this right, the user can view only public ones and those checked in his managed object lists or as granted by View Search or View Gallery.')),
'UPLOAD_RIGHTS' => array('value' => pow(2, 6), 'name' => gettext('Upload'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may upload to the albums for which they have management rights.')),
'POST_COMMENT_RIGHTS' => array('value' => pow(2, 8), 'name' => gettext('Post comments'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('When the comment_form plugin is used for comments and its "Only members can comment" option is set, only users with this right may post comments.')),
'COMMENT_RIGHTS' => array('value' => pow(2, 10), 'name' => gettext('Comments'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may make comments tab changes.')),
'ALBUM_RIGHTS' => array('value' => pow(2, 12), 'name' => gettext('Albums'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right may access the “albums” tab to make changes.')),
'ZENPAGE_PAGES_RIGHTS' => array('value' => pow(2, 14), 'name' => gettext('Pages'), 'set' => gettext('Pages'), 'display' => true, 'hint' => gettext('Users with this right may edit and manage Zenpage pages.')),
'ZENPAGE_NEWS_RIGHTS' => array('value' => pow(2, 16), 'name' => gettext('News'), 'set' => gettext('News'), 'display' => true, 'hint' => gettext('Users with this right may edit and manage Zenpage articles and categories.')),
'FILES_RIGHTS' => array('value' => pow(2, 18), 'name' => gettext('Files'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Allows the user access to the “filemanager” located on the upload: files sub-tab.')),
'MANAGE_ALL_PAGES_RIGHTS' => array('value' => pow(2, 20), 'name' => gettext('Manage all pages'), 'set' => gettext('Pages'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any Zenpage page.')),
'MANAGE_ALL_NEWS_RIGHTS' => array('value' => pow(2, 22), 'name' => gettext('Manage all news'), 'set' => gettext('News'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any Zenpage news article or category.')),
'MANAGE_ALL_ALBUM_RIGHTS' => array('value' => pow(2, 24), 'name' => gettext('Manage all albums'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any album in the gallery.')),
'THEMES_RIGHTS' => array('value' => pow(2, 26), 'name' => gettext('Themes'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may make themes related changes. These are limited to the themes associated with albums checked in their managed albums list.')),
'TAGS_RIGHTS' => array('value' => pow(2, 28), 'name' => gettext('Tags'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('Users with this right may make additions and changes to the set of tags.')),
'OPTIONS_RIGHTS' => array('value' => pow(2, 29), 'name' => gettext('Options'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('Users with this right may make changes on the options tabs.')),
'ADMIN_RIGHTS' => array('value' => pow(2, 30), 'name' => gettext('Full admin rights'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('The master privilege. A user with "Admin" can do anything. (No matter what his other rights might indicate!)')));
break;
case 3:
$rightsset = array('NO_RIGHTS' => array('value' => 1, 'name' => gettext('No rights'), 'set' => '', 'display' => false, 'hint' => ''),
'OVERVIEW_RIGHTS' => array('value' => pow(2, 2), 'name' => gettext('Overview'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('Users with this right may view the admin overview page.')),
'VIEW_GALLERY_RIGHTS' => array('value' => pow(2, 4), 'name' => gettext('View gallery'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may view otherwise protected generic gallery pages.')),
'VIEW_SEARCH_RIGHTS' => array('value' => pow(2, 5), 'name' => gettext('View search'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may view search pages even if password protected.')),
'VIEW_FULLIMAGE_RIGHTS' => array('value' => pow(2, 6), 'name' => gettext('View fullimage'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right may view all full sized (raw) images.')),
'ALL_NEWS_RIGHTS' => array('value' => pow(2, 7), 'name' => gettext('Access all'), 'set' => gettext('News'), 'display' => true, 'hint' => gettext('Users with this right have access to all zenpage news articles.')),
'ALL_PAGES_RIGHTS' => array('value' => pow(2, 8), 'name' => gettext('Access all'), 'set' => gettext('Pages'), 'display' => true, 'hint' => gettext('Users with this right have access to all zenpage pages.')),
'ALL_ALBUMS_RIGHTS' => array('value' => pow(2, 9), 'name' => gettext('Access all'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right have access to all albums.')),
'VIEW_UNPUBLISHED_RIGHTS' => array('value' => pow(2, 10), 'name' => gettext('View unpublished'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right will see all unpublished items.')),
'POST_COMMENT_RIGHTS' => array('value' => pow(2, 11), 'name' => gettext('Post comments'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('When the comment_form plugin is used for comments and its "Only members can comment" option is set, only users with this right may post comments.')),
'COMMENT_RIGHTS' => array('value' => pow(2, 12), 'name' => gettext('Comments'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may make comments tab changes.')),
'UPLOAD_RIGHTS' => array('value' => pow(2, 13), 'name' => gettext('Upload'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right may upload to the albums for which they have management rights.')),
'ZENPAGE_NEWS_RIGHTS' => array('value' => pow(2, 15), 'name' => gettext('News'), 'set' => gettext('News'), 'display' => false, 'hint' => gettext('Users with this right may edit and manage Zenpage articles and categories.')),
'ZENPAGE_PAGES_RIGHTS' => array('value' => pow(2, 16), 'name' => gettext('Pages'), 'set' => gettext('Pages'), 'display' => false, 'hint' => gettext('Users with this right may edit and manage Zenpage pages.')),
'FILES_RIGHTS' => array('value' => pow(2, 17), 'name' => gettext('Files'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Allows the user access to the “filemanager” located on the upload: files sub-tab.')),
'ALBUM_RIGHTS' => array('value' => pow(2, 18), 'name' => gettext('Albums'), 'set' => gettext('Albums'), 'display' => false, 'hint' => gettext('Users with this right may access the “albums” tab to make changes.')),
'MANAGE_ALL_NEWS_RIGHTS' => array('value' => pow(2, 21), 'name' => gettext('Manage all'), 'set' => gettext('News'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any Zenpage news article or category.')),
'MANAGE_ALL_PAGES_RIGHTS' => array('value' => pow(2, 22), 'name' => gettext('Manage all'), 'set' => gettext('Pages'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any Zenpage page.')),
'MANAGE_ALL_ALBUM_RIGHTS' => array('value' => pow(2, 23), 'name' => gettext('Manage all'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any album in the gallery.')),
'THEMES_RIGHTS' => array('value' => pow(2, 26), 'name' => gettext('Themes'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may make themes related changes. These are limited to the themes associated with albums checked in their managed albums list.')),
'TAGS_RIGHTS' => array('value' => pow(2, 28), 'name' => gettext('Tags'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may make additions and changes to the set of tags.')),
'OPTIONS_RIGHTS' => array('value' => pow(2, 29), 'name' => gettext('Options'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('Users with this right may make changes on the options tabs.')),
'ADMIN_RIGHTS' => array('value' => pow(2, 30), 'name' => gettext('Full admin rights'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('The master privilege. A user with "Admin" can do anything. (No matter what his other rights might indicate!)')));
break;
case 4:
$rightsset = array('NO_RIGHTS' => array('value' => 1, 'name' => gettext('No rights'), 'set' => '', 'display' => false, 'hint' => ''),
'OVERVIEW_RIGHTS' => array('value' => pow(2, 2), 'name' => gettext('Overview'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('Users with this right may view the admin overview page.')),
'USER_RIGHTS' => array('value' => pow(2, 3), 'name' => gettext('User'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('Users must have this right to change their credentials.')),
'VIEW_GALLERY_RIGHTS' => array('value' => pow(2, 5), 'name' => gettext('View gallery'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may view otherwise protected generic gallery pages.')),
'VIEW_SEARCH_RIGHTS' => array('value' => pow(2, 6), 'name' => gettext('View search'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may view search pages even if password protected.')),
'VIEW_FULLIMAGE_RIGHTS' => array('value' => pow(2, 7), 'name' => gettext('View fullimage'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right may view all full sized (raw) images.')),
'ALL_NEWS_RIGHTS' => array('value' => pow(2, 8), 'name' => gettext('Access all'), 'set' => gettext('News'), 'display' => true, 'hint' => gettext('Users with this right have access to all zenpage news articles.')),
'ALL_PAGES_RIGHTS' => array('value' => pow(2, 9), 'name' => gettext('Access all'), 'set' => gettext('Pages'), 'display' => true, 'hint' => gettext('Users with this right have access to all zenpage pages.')),
'ALL_ALBUMS_RIGHTS' => array('value' => pow(2, 10), 'name' => gettext('Access all'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right have access to all albums.')),
'VIEW_UNPUBLISHED_RIGHTS' => array('value' => pow(2, 11), 'name' => gettext('View unpublished'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right will see all unpublished items.')),
'POST_COMMENT_RIGHTS' => array('value' => pow(2, 13), 'name' => gettext('Post comments'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('When the comment_form plugin is used for comments and its "Only members can comment" option is set, only users with this right may post comments.')),
'COMMENT_RIGHTS' => array('value' => pow(2, 14), 'name' => gettext('Comments'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may make comments tab changes.')),
'UPLOAD_RIGHTS' => array('value' => pow(2, 15), 'name' => gettext('Upload'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users with this right may upload to the albums for which they have management rights.')),
'ZENPAGE_NEWS_RIGHTS' => array('value' => pow(2, 17), 'name' => gettext('News'), 'set' => gettext('News'), 'display' => false, 'hint' => gettext('Users with this right may edit and manage Zenpage articles and categories.')),
'ZENPAGE_PAGES_RIGHTS' => array('value' => pow(2, 18), 'name' => gettext('Pages'), 'set' => gettext('Pages'), 'display' => false, 'hint' => gettext('Users with this right may edit and manage Zenpage pages.')),
'FILES_RIGHTS' => array('value' => pow(2, 19), 'name' => gettext('Files'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Allows the user access to the “filemanager” located on the upload: files sub-tab.')),
'ALBUM_RIGHTS' => array('value' => pow(2, 20), 'name' => gettext('Albums'), 'set' => gettext('Albums'), 'display' => false, 'hint' => gettext('Users with this right may access the “albums” tab to make changes.')),
'MANAGE_ALL_NEWS_RIGHTS' => array('value' => pow(2, 21), 'name' => gettext('Manage all'), 'set' => gettext('News'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any Zenpage news article or category.')),
'MANAGE_ALL_PAGES_RIGHTS' => array('value' => pow(2, 22), 'name' => gettext('Manage all'), 'set' => gettext('Pages'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any Zenpage page.')),
'MANAGE_ALL_ALBUM_RIGHTS' => array('value' => pow(2, 23), 'name' => gettext('Manage all'), 'set' => gettext('Albums'), 'display' => true, 'hint' => gettext('Users who do not have “Admin” rights normally are restricted to manage only objects to which they have been assigned. This right allows them to manage any album in the gallery.')),
'CODEBLOCK_RIGHTS' => array('value' => pow(2, 25), 'name' => gettext('Codeblock'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('Users with this right may edit Codeblocks.')),
'THEMES_RIGHTS' => array('value' => pow(2, 26), 'name' => gettext('Themes'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may make themes related changes. These are limited to the themes associated with albums checked in their managed albums list.')),
'TAGS_RIGHTS' => array('value' => pow(2, 28), 'name' => gettext('Tags'), 'set' => gettext('Gallery'), 'display' => true, 'hint' => gettext('Users with this right may make additions and changes to the set of tags.')),
'OPTIONS_RIGHTS' => array('value' => pow(2, 29), 'name' => gettext('Options'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('Users with this right may make changes on the options tabs.')),
'ADMIN_RIGHTS' => array('value' => pow(2, 30), 'name' => gettext('Full admin rights'), 'set' => gettext('General'), 'display' => true, 'hint' => gettext('The master privilege. A user with "Admin" can do anything. (No matter what his other rights might indicate!)')));
break;
}
$allrights = 0;
foreach ($rightsset as $key => $right) {
$allrights = $allrights | $right['value'];
}
$rightsset['ALL_RIGHTS'] = array('value' => $allrights, 'name' => gettext('All rights'), 'display' => false);
$rightsset['DEFAULT_RIGHTS'] = array('value' => $rightsset['OVERVIEW_RIGHTS']['value'] + $rightsset['POST_COMMENT_RIGHTS']['value'], 'name' => gettext('Default rights'), 'display' => false);
if (isset($rightsset['VIEW_ALL_RIGHTS']['value'])) {
$rightsset['DEFAULT_RIGHTS']['value'] = $rightsset['DEFAULT_RIGHTS']['value'] | $rightsset['VIEW_ALL_RIGHTS']['value'];
} else {
$rightsset['DEFAULT_RIGHTS']['value'] = $rightsset['DEFAULT_RIGHTS']['value'] | $rightsset['ALL_ALBUMS_RIGHTS']['value'] |
$rightsset['ALL_PAGES_RIGHTS']['value'] | $rightsset['ALL_NEWS_RIGHTS']['value'] |
$rightsset['VIEW_SEARCH_RIGHTS']['value'] | $rightsset['VIEW_GALLERY_RIGHTS']['value'];
}
$rightsset = sortMultiArray($rightsset, 'value', true, false, false);
return $rightsset;
}
static function getResetTicket($user, $pass) {
$req = time();
$ref = sha1($req . $user . $pass);
$time = bin2hex(rc4('ticket' . HASH_SEED, $req));
return $time . $ref;
}
function validateTicket($ticket, $user) {
global $_zp_current_admin_obj;
$admins = $this->getAdministrators();
foreach ($admins as $tuser) {
if ($tuser['user'] == $user) {
if ($tuser['rights'] & USER_RIGHTS) {
$request_date = rc4('ticket' . HASH_SEED, pack("H*", $time = substr($ticket, 0, 20)));
$ticket = substr($ticket, 20);
$ref = sha1($request_date . $user . $tuser['pass']);
if ($ref === $ticket) {
if (time() <= ($request_date + (3 * 24 * 60 * 60))) {
$_zp_current_admin_obj = new Zenphoto_Administrator($user, 1);
$_zp_current_admin_obj->reset = true;
}
}
break;
}
}
}
}
static function logUser($user) {
$user->set('lastloggedin', $user->get('loggedin'));
$user->set('loggedin', date('Y-m-d H:i:s'));
$user->save();
zp_setCookie('zpcms_auth_user', $user->getPass() . '.' . $user->getID(), NULL, NULL, secureServer(), true);
}
function handleLogon() {
global $_zp_current_admin_obj, $_zp_login_error, $_zp_captcha, $_zp_loggedin;
if (isset($_POST['login'])) {
$post_user = sanitize(@$_POST['user']);
$post_pass = sanitize(@$_POST['pass'], 0);
$_zp_loggedin = false;
switch (@$_POST['password']) {
default:
$user = self::checkLogon($post_user, $post_pass);
if ($user) {
$_zp_loggedin = $user->getRights();
}
$_zp_loggedin = zp_apply_filter('admin_login_attempt', $_zp_loggedin, $post_user, $post_pass);
if ($_zp_loggedin) {
self::logUser($user);
$_zp_current_admin_obj = $user;
} else {
zp_clearCookie('zpcms_auth_user', null, secureServer(), true );
$_zp_login_error = 1;
}
break;
case 'challenge':
$user = self::getAnAdmin(array('`user`=' => $post_user, '`valid`=' => 1));
if (is_object($user)) {
$info = $user->getChallengePhraseInfo();
if ($post_pass && $info['response'] == $post_pass) {
$ref = self::getResetTicket($post_user, $user->getPass());
redirectURL(FULLWEBPATH . '/' . ZENFOLDER . '/admin-users.php?ticket=' . $ref . '&user=' . $post_user);
}
}
if ( !empty($info['challenge']) && !empty($_POST['pass'])) { $_zp_login_error = gettext('Sorry, that is not the answer.'); }
$_REQUEST['logon_step'] = 'challenge';
break;
case 'captcha':
if ($_zp_captcha->checkCaptcha(trim(@$_POST['code']), sanitize(@$_POST['code_h'], 3))) {
require_once(dirname(__FILE__) . '/load_objectClasses.php');
if (empty($post_user)) {
$requestor = gettext('You are receiving this e-mail because of a password reset request on your Zenphoto gallery.');
} else {
$requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your Zenphoto gallery from a user who tried to log in as %s."), $post_user);
}
$admins = $this->getAdministrators();
$mails = array();
$user = NULL;
foreach ($admins as $key => $tuser) {
if (!empty($tuser['email'])) {
if (!empty($post_user) && ($tuser['user'] == $post_user || $tuser['email'] == $post_user)) {
$name = $tuser['name'];
if (empty($name)) {
$name = $tuser['user'];
}
$mails[$name] = $tuser['email'];
$user = $tuser;
unset($admins[$key]);
} else {
if (!($tuser['rights'] & ADMIN_RIGHTS)) {
unset($admins[$key]);
}
}
} else {
unset($admins[$key]);
}
}
$cclist = array();
foreach ($admins as $tuser) {
$name = $tuser['name'];
if (empty($name)) {
$name = $tuser['user'];
}
if (is_null($user)) {
$user = $tuser;
$mails[$name] = $tuser['email'];
} else {
$cclist[$name] = $tuser['email'];
}
}
if (is_null($user)) {
$_zp_login_error = gettext('There was no one to which to send the reset request.');
} else {
$ref = self::getResetTicket($user['user'], $user['pass']);
$msg = "\n" . $requestor .
"\n" . sprintf(gettext("To reset your Zenphoto Admin passwords visit: %s"), FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?ticket=$ref&user=" . $user['user']) .
"\n" . gettext("If you do not wish to reset your passwords just ignore this message. This ticket will automatically expire in 3 days.");
$err_msg = zp_mail(gettext("The Zenphoto information you requested"), $msg, $mails, $cclist);
if (empty($err_msg)) {
$_zp_login_error = 2;
} else {
$_zp_login_error = $err_msg;
}
}
} else {
$_zp_login_error = gettext('Your input did not match the captcha');
$_REQUEST['logon_step'] = 'captcha';
}
break;
}
}
return $_zp_loggedin;
}
static function getAuthCookies() {
$candidates = array();
if (isset($_COOKIE)) {
$candidates = $_COOKIE;
}
if (isset($_SESSION)) {
$candidates = array_merge($candidates, $_SESSION);
}
foreach ($candidates as $key => $candidate) {
if (strpos($key, '_auth') === false) {
unset($candidates[$key]);
}
}
return $candidates;
}
static function handleLogout() {
global $_zp_loggedin, $_zp_pre_authorization, $_zp_current_admin_obj;
foreach (self::getAuthCookies() as $cookie => $value) {
zp_clearCookie($cookie, null, secureServer(), true);
}
$_zp_loggedin = false;
$_zp_pre_authorization = array();
zp_session_destroy();
header('Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"');
return zp_apply_filter('zp_logout', NULL, $_zp_current_admin_obj);
}
function checkCookieCredentials() {
list($auth, $id) = explode('.', zp_getCookie('zpcms_auth_user') . '.');
$loggedin = $this->checkAuthorization($auth, $id);
$loggedin = zp_apply_filter('authorization_cookie', $loggedin, $auth, $id);
if ($loggedin) {
return $loggedin;
} else {
zp_clearCookie('zpcms_auth_user', null, secureServer(), true);
return NULL;
}
}
function printLoginForm($redirect = null, $logo = true, $showUserField = true, $showCaptcha = true, $hint = '') {
global $_zp_login_error, $_zp_captcha, $_zp_gallery;
if (is_null($redirect)) {
$redirect = getRequestURI();
}
$redirect = sanitizeRedirect($redirect);
if (isset($_POST['user'])) {
$requestor = sanitize($_POST['user'], 3);
} else {
$requestor = '';
}
if (empty($requestor)) {
if (isset($_GET['ref'])) {
$requestor = sanitize($_GET['ref']);
}
}
$alt_handlers = zp_apply_filter('alt_login_handler', array());
$star = false;
$mails = array();
$info = array('challenge' => '', 'response' => '');
$username_is_valid = false;
if (!empty($requestor)) {
$admin = self::getAnAdmin(array('`user`=' => $requestor, '`valid`=' => 1));
if (is_object($admin)) {
if ($admin->getEmail()) {
$star = $showCaptcha;
}
$info = $admin->getChallengePhraseInfo();
$username_is_valid = true;
}
}
if (!$star) {
$admins = $this->getAdministrators();
while (count($admins) > 0) {
$user = array_shift($admins);
if ($user['email']) {
$star = $showCaptcha;
}
}
}
$whichForm = sanitize(@$_REQUEST['logon_step']);
?>
<div id="loginform">
<?php
if ($logo) {
?>
<p>
<img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/zen-logo.png" title="ZenPhoto" alt="ZenPhoto" />
</p>
<?php
}
switch ($_zp_login_error) {
case 1:
?>
<div class="errorbox" id="message"><h2><?php echo gettext("There was an error logging in."); ?></h2>
<?php
if ($showUserField) {
echo gettext("Check your username and password and try again.");
} else {
echo gettext("Check password and try again.");
}
?>
</div>
<?php
break;
case 2:
?>
<div class="messagebox fade-message">
<h2><?php echo gettext("A reset request has been sent."); ?></h2>
</div>
<?php
break;
default:
if (!empty($_zp_login_error)) {
?>
<div class="errorbox fade-message">
<h2><?php echo $_zp_login_error; ?></h2>
</div>
<?php
}
break;
}
switch ($whichForm) {
case 'challenge':
?>
<form name="login" action="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/admin.php" method="post">
<fieldset id="logon_box">
<input type="hidden" name="login" value="1" />
<input type="hidden" name="password" value="challenge" />
<input type="hidden" name="redirect" value="<?php echo html_encode(pathurlencode($redirect)); ?>" />
<fieldset>
<legend><?php echo gettext('User') ?></legend>
<input class="textfield" name="user" id="user" type="text" size="35" value="<?php echo html_encode($requestor); ?>" />
</fieldset>
<?php
if ($requestor && $admin) {
if (!empty($info['challenge'])) {
?>
<p class="logon_form_text"><?php echo gettext('Supply the correct response to the question below and you will be directed to a page where you can change your password.'); ?>
<?php if ( $admin->getEmail() ) { echo gettext('<br />You may also use the link below to request a reset by e-mail.'); } ?>
</p>
<fieldset><legend><?php echo gettext('Challenge question:') ?></legend>
<?php
echo html_encode($info['challenge']);
?>
</fieldset>
<fieldset><legend><?php echo gettext('Your response') ?></legend>
<input class="textfield" name="pass" id="pass" type="text" size="35" />
</fieldset>
<br />
<?php } else {
if ( $username_is_valid && !$admin->getEmail() ) { ?>
<fieldset><p class="logon_form_text errorbox"><?php echo gettext('A password reset is not possible.'); ?></p></fieldset>
<?php } else { ?>
<p class="logon_form_text"><?php echo gettext('Please request a reset by e-mail by clicking the link below.'); ?></p>
<?php
}
}
} else {
?>
<p class="logon_form_text">
<?php
echo gettext('Enter your User ID and press <code>Refresh</code> to get your challenge question and/or get a link to request a reset by e-mail.');
?>
</p>
<?php
}
?>
<div class="buttons">
<button type="submit" value="<?php echo gettext("Submit"); ?>"<?php if (!$info['challenge']) echo ' disabled="disabled"'; ?> >
<img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/pass.png" alt="" /><?php echo gettext("Submit"); ?>
</button>
<a id="logonstep_challenge_js" class="button" title="<?php echo gettext("Refresh"); ?>" href="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/admin.php?logon_step=challenge&ref=">
<img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/refresh.png" alt="" /><?php echo gettext("Refresh"); ?>
</a>
<a id="logonstep_return_js" class="button" title="<?php echo gettext("Return"); ?>" href="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/admin.php?logon_step=&ref=">
<img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/refresh.png" alt="" /><?php echo gettext("Return"); ?>
</a>
</div>
<br class="clearall" />
</fieldset>
<br />
<?php
if ( $star && (!empty($requestor) && $username_is_valid && $admin->getEmail()) ) {
?>
<p class="logon_link">
<a id="logonstep_captcha_js" class="button" href="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/admin.php?logon_step=captcha&ref=">
<?php echo gettext('Request reset by e-mail'); ?>
</a>
</p>
<?php
}
?>
</form>
<?php
break;
case 'captcha':
$captcha = $_zp_captcha->getCaptcha(NULL);
?>
<form name="login" action="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/admin.php" method="post">
<?php if (isset($captcha['hidden'])) echo $captcha['hidden']; ?>
<input type="hidden" name="login" value="1" />
<input type="hidden" name="password" value="captcha" />
<input type="hidden" name="redirect" value="<?php echo html_encode(pathurlencode($redirect)); ?>" />
<fieldset id="logon_box">
<fieldset><legend><?php echo gettext('User'); ?></legend>
<input class="textfield" name="user" id="user" type="text" value="<?php echo html_encode($requestor); ?>" />
</fieldset>
<?php if (isset($captcha['html'])) echo $captcha['html']; ?>
<?php
if (isset($captcha['input'])) {
?>
<fieldset><legend><?php echo gettext("Enter CAPTCHA"); ?></legend>
<?php echo $captcha['input']; ?>
</fieldset>
<?php
}
?>
<br />
<div class="buttons">
<button type="submit" value="<?php echo gettext("Request"); ?>" ><img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/pass.png" alt="" />
<?php echo gettext("Request password reset"); ?>
</button>
<a id="logonstep_return_js" class="button" title="<?php echo gettext("Return"); ?>" href="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/admin.php?logon_step=&ref=">
<img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/refresh.png" alt="" /><?php echo gettext("Return"); ?>
</a>
</div>
<br class="clearall" />
</fieldset>
</form>
<?php
break;
default:
if (empty($alt_handlers)) {
$legend = gettext('Login');
} else {
?>
<script type="text/javascript">
var handlers = [];
<?php
$list = '<select id="logon_choices" onchange="changeHandler(handlers[$(this).val()]);">' .
'<option value="0">' . html_encode(get_language_string($_zp_gallery->getTitle())) . '</option>';
$c = 0;
foreach ($alt_handlers as $handler => $details) {
$c++;
$details['params'][] = 'redirect=' . $redirect;
if (!empty($requestor)) {
$details['params'][] = 'requestor=' . $requestor;
}
echo "handlers[" . $c . "]=['" . $details['script'] . "','" . implode("','", $details['params']) . "'];";
$list .= '<option value="' . $c . '">' . $handler . '</option>';
}
$list .= '</select>';
$legend = sprintf(gettext('Logon using:%s'), $list);
?>
function changeHandler(handler) {
handler.push('user=' + $('#user').val());
var script = handler.shift();
window.location = script+'?'+handler.join('&');
}
</script>
<?php
}
$redirect = zp_apply_filter('login_redirect_link', $redirect);
?>
<form name="login" action="<?php echo html_encode(pathurlencode($redirect)); ?>" method="post">
<input type="hidden" name="login" value="1" />
<input type="hidden" name="password" value="1" />
<input type="hidden" name="redirect" value="<?php echo html_encode(pathurlencode($redirect)); ?>" />
<fieldset id="logon_box"><legend><?php echo $legend; ?></legend>
<?php
if ($showUserField) {
?>
<fieldset><legend><?php echo gettext("User"); ?></legend>
<input class="textfield" name="user" id="user" type="text" size="35" value="<?php echo html_encode($requestor); ?>" />
</fieldset>
<?php
}
?>
<fieldset><legend><?php echo gettext("Password"); ?></legend>
<input class="textfield" name="pass" id="pass" type="password" size="35" /><br />
<label><input type="checkbox" name="disclose_password" id="disclose_password" onclick="togglePassword('');" /><?php echo gettext('Show password') ?></label>
</fieldset>
<br />
<div class="buttons">
<button type="submit" value="<?php echo gettext("Log in"); ?>" ><img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/pass.png" alt="" /><?php echo gettext("Log in"); ?></button>
<button type="reset" value="<?php echo gettext("Reset"); ?>" ><img src="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/reset.png" alt="" /><?php echo gettext("Reset"); ?></button>
</div>
<br class="clearall" />
</fieldset>
</form>
<?php
if ($hint) {
echo '<p>' . $hint . '</p>';
}
if ($showUserField && OFFSET_PATH != 2) {
?>
<p class="logon_link">
<a id="logonstep_challenge_js" class="button" href="<?php echo WEBPATH . '/' . ZENFOLDER; ?>/admin.php?logon_step=challenge&ref=">
<?php echo gettext('I forgot my <strong>User ID</strong>/<strong>Password</strong>'); ?>
</a>
</p>
<?php
}
break;
}
Zenphoto_Authority::printPasswordFormJS()
?>
</div>
<?php
}
static function printPasswordFormJS() {
?>
<script type="text/javascript">
function passwordStrength(id) {
var inputa = '#pass' + id;
var inputb = '#pass_r' + id;
var displaym = '#match' + id;
var displays = '#strength' + id;
var numeric = 0;
var special = 0;
var upper = 0;
var lower = 0;
var str = $(inputa).val();
var len = str.length;
var strength = 0;
for (c = 0; c < len; c++) {
if (str[c].match(/[0-9]/)) {
numeric++;
} else if (str[c].match(/[^A-Za-z0-9]/)) {
special++;
} else if (str[c].toUpperCase() == str[c]) {
upper++;
} else {
lower++;
}
}
if (upper != len) {
upper = upper * 2;
}
if (lower == len) {
lower = lower * 0.75;
}
if (numeric != len) {
numeric = numeric * 4;
}
if (special != len) {
special = special * 5;
}
len = Math.max(0, (len - 6) * .35);
strength = Math.min(30, Math.round(upper + lower + numeric + special + len));
if (str.length == 0) {
$(displays).css('color', 'black');
$(displays).html('<?php echo gettext('Password'); ?>');
$(inputa).css('background-image', 'none');
} else {
if (strength < 15) {
$(displays).css('color', '#ff0000');
$(displays).html('<?php echo gettext('password strength weak'); ?>');
} else if (strength < 25) {
$(displays).css('color', '#ff0000');
$(displays).html('<?php echo gettext('password strength good'); ?>');
} else {
$(displays).css('color', '#008000');
$(displays).html('<?php echo gettext('password strength strong'); ?>');
}
if (strength < <?php echo (int) getOption('password_strength'); ?>) {
$(inputb).prop('disabled',true);
$(displays).css('color', '#ff0000');
$(displays).html('<?php echo gettext('password strength too weak'); ?>');
} else {
$(inputb).parent().removeClass('ui-state-disabled');
$(inputb).prop('disabled',false);
passwordMatch(id);
}
var url = 'url(<?php echo WEBPATH . '/' . ZENFOLDER; ?>/images/strengths/strength' + strength + '.png)';
$(inputa).css('background-image', url);
$(inputa).css('background-size', '100%');
}
}
function passwordMatch(id) {
var inputa = '#pass' + id;
var inputb = '#pass_r' + id;
var display = '#match' + id;
if ($('#disclose_password' + id).prop('checked')) {
if ($(inputa).val() === $(inputb).val()) {
if ($(inputa).val().trim() !== '') {
$(display).css('color', '#008000');
$(display).html('<?php echo gettext('passwords match'); ?>');
}
} else {
$(display).css('color', '#ff0000');
$(display).html('<?php echo gettext('passwords do not match'); ?>');
}
}
}
function passwordClear(id) {
var inputa = '#pass' + id;
var inputb = '#pass_r' + id;
if ($(inputa).val().trim() === '') {
$(inputa).val('');
}
if ($(inputb).val().trim() === '') {
$(inputb).val('');
}
}
function togglePassword(id) {
if ($('#pass' + id).attr('type') == 'password') {
var oldp = $('#pass' + id);
var newp = oldp.clone();
newp.attr('type', 'text');
newp.insertAfter(oldp);
oldp.remove();
$('.password_field_' + id).hide();
} else {
var oldp = $('#pass' + id);
var newp = oldp.clone();
newp.attr('type', 'password');
newp.insertAfter(oldp);
oldp.remove();
$('.password_field_' + id).show();
}
}
var logonsteps = {
'logonstep_challenge_js' : $('#logonstep_challenge_js').attr('href'),
'logonstep_captcha_js' : $('#logonstep_captcha_js').attr('href'),
'logonstep_return_js' : $('#logonstep_return_js').attr('href')
};
setLogonStepURL(logonsteps)
$( "#user" ).keyup(function() {
setLogonStepURL(logonsteps);
});
function setLogonStepURL(logonsteps) {
var user = $('#user').val();
$.each( logonsteps, function( key, value ) {
if($('#'+key).length) {
$('#'+key).attr('href', value + user);
}
});
}
</script>
<?php
}
static function printPasswordForm($id = '', $pad = false, $disable = NULL, $required = false, $flag = '') {
if ($pad) {
$x = ' ';
} else {
$x = '';
}
?>
<input type="hidden" name="passrequired<?php echo $id; ?>" id="passrequired-<?php echo $id; ?>" value="<?php echo (int) $required; ?>" />
<p>
<label for="pass<?php echo $id; ?>" id="strength<?php echo $id; ?>"><?php echo gettext("Password") . $flag; ?></label>
<input type="password" size="<?php echo TEXT_INPUT_SIZE; ?>"
name="pass<?php echo $id ?>" value="<?php echo $x; ?>"
id="pass<?php echo $id; ?>"
onchange="$('#passrequired-<?php echo $id; ?>').val(1);"
onclick="passwordClear('<?php echo $id; ?>');"
onkeyup="passwordStrength('<?php echo $id; ?>');"
<?php echo $disable; ?> />
</p>
<p>
<label for="disclose_password<?php echo $id; ?>"><?php echo gettext('Show password'); ?></label>
<input type="checkbox" name="disclose_password<?php echo $id; ?>" id="disclose_password<?php echo $id; ?>" onclick="passwordClear('<?php echo $id; ?>');
togglePassword('<?php echo $id; ?>');">
</p>
<p class="password_field_<?php echo $id; ?>">
<label for="pass_r<?php echo $id; ?>" id="match<?php echo $id; ?>"><?php echo gettext("Repeat password") . $flag; ?></label>
<input type="password" size="<?php echo TEXT_INPUT_SIZE; ?>"
name="pass_r<?php echo $id ?>" value="<?php echo $x; ?>"
id="pass_r<?php echo $id; ?>" disabled="disabled"
onchange="$('#passrequired-<?php echo $id; ?>').val(1);"
onkeydown="passwordClear('<?php echo $id; ?>');"
onkeyup="passwordMatch('<?php echo $id; ?>');" />
</p>
<?php
}
static function pbkdf2($p, $s, $c = 1000, $kl = 32, $a = 'sha256') {
$hl = strlen(hash($a, null, true));
$kb = ceil($kl / $hl);
$dk = '';
for ($block = 1; $block <= $kb; $block++) {
$ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);
for ($i = 1; $i < $c; $i++)
$ib ^= ($b = hash_hmac($a, $b, $p, true));
$dk .= $ib;
}
return substr($dk, 0, $kl);
}
function checkUniqueMailaddress($email_to_check, $current_user) {
if (!empty($email_to_check) && isValidEmail($email_to_check)) {
$all_users = $this->getAdministrators('users');
foreach ($all_users as $user) {
if ($user['user'] != $current_user && !empty($user['email']) && $user['email'] == $email_to_check) {
return false;
}
}
return true;
} else {
return false;
}
}
}
class Zenphoto_Administrator extends PersistentObject {
public $objects = NULL;
public $master = false;
public $msg = NULL;
public $logout_link = true;
public $reset = false;
public $passhash;
function __construct($user, $valid) {
global $_zp_authority;
$this->passhash = (int) getOption('strong_hash');
$this->instantiate('administrators', array('user' => $user, 'valid' => $valid), NULL, false, empty($user));
if (empty($user)) {
$this->set('id', -1);
}
if ($valid) {
$rights = $this->getRights();
$new_rights = 0;
if ($_zp_authority->isMasterUser($user)) {
$new_rights = ALL_RIGHTS;
$this->master = true;
} else {
if ($rights & MANAGE_ALL_ALBUM_RIGHTS) {
$new_rights = $new_rights | ALBUM_RIGHTS;
}
if ($rights & MANAGE_ALL_NEWS_RIGHTS) {
$new_rights = $new_rights | ZENPAGE_PAGES_RIGHTS;
}
if ($rights & MANAGE_ALL_PAGES_RIGHTS) {
$new_rights = $new_rights | ZENPAGE_NEWS_RIGHTS;
}
$this->getObjects();
foreach ($this->objects as $object) {
switch ($object['type']) {
case 'album':
if ($object['edit'] && MANAGED_OBJECT_RIGHTS_EDIT) {
$new_rights = $new_rights | ALBUM_RIGHTS;
}
break;
case 'pages':
$new_rights = $new_rights | ZENPAGE_PAGES_RIGHTS;
break;
case 'news':
$new_rights = $new_rights | ZENPAGE_NEWS_RIGHTS;
break;
}
}
}
if($this->getGroup()) {
$this->preservePrimeAlbum();
}
if ($new_rights) {
$this->setRights($rights | $new_rights);
}
}
}
function getDateTime() {
return $this->get('date');
}
function setDateTime($datetime) {
$this->set('date', $datetime);
}
function getID() {
return $this->get('id');
}
function setPass($pwd) {
$hash_type = getOption('strong_hash');
$pwd = Zenphoto_Authority::passwordHash($this->getUser(), $pwd, $hash_type);
$this->set('pass', $pwd);
$this->set('passupdate', date('Y-m-d H:i:s'));
$this->set('passhash', $hash_type);
return $this->get('pass');
}
function getPass() {
return $this->get('pass');
}
function setName($admin_n) {
$this->set('name', $admin_n);
}
function getName() {
return $this->get('name');
}
static function getNameByUser($user) {
$admin = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`=' => 1));
if (is_object($admin) && $admin->getName()) {
return $admin->getName();
}
return $user;
}
function setEmail($admin_e) {
$this->set('email', $admin_e);
}
function getEmail() {
return $this->get('email');
}
function setRights($rights) {
$this->set('rights', $rights);
}
function getRights() {
return $this->get('rights');
}
function setObjects($objects) {
$this->objects = $objects;
}
function getObjects($what = NULL) {
if (is_null($this->objects)) {
if ($this->transient) {
$this->objects = array();
} else {
$this->objects = populateManagedObjectsList(NULL, $this->getID());
}
}
if (empty($what)) {
return $this->objects;
}
$result = array();
foreach ($this->objects as $object) {
if ($object['type'] == $what) {
$result[get_language_string($object['name'])] = $object['data'];
}
}
return $result;
}
function setCustomData($custom_data) {
$this->set('custom_data', $custom_data);
}
function getCustomData() {
return $this->get('custom_data');
}
function setValid($valid) {
$this->set('valid', $valid);
}
function getValid() {
return $this->get('valid');
}
function setGroup($group) {
$this->set('group', $group);
}
function getGroup() {
return $this->get('group');
}
function setUser($user) {
$this->set('user', $user);
}
function getUser() {
return $this->get('user');
}
function setQuota($v) {
$this->set('quota', $v);
}
function getQuota() {
return $this->get('quota');
}
function getLanguage() {
return $this->get('language');
}
function setLanguage($locale) {
$this->set('language', $locale);
}
function save($checkupdates = false) {
global $_zp_gallery;
if (DEBUG_LOGIN) {
debugLogVar("Zenphoto_Administrator->save()", $this);
}
$objects = $this->getObjects();
if (is_null($this->get('date'))) {
$this->set('date', date('Y-m-d H:i:s'));
}
parent::save($checkupdates);
$id = $this->getID();
if (is_array($objects)) {
$sql = "DELETE FROM " . prefix('admin_to_object') . ' WHERE `adminid`=' . $id;
$result = query($sql, false);
foreach ($objects as $object) {
if (array_key_exists('edit', $object)) {
$edit = $object['edit'] | 32767 & ~(MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_RIGHTS_UPLOAD | MANAGED_OBJECT_RIGHTS_VIEW);
} else {
$edit = 32767;
}
switch ($object['type']) {
case 'album':
$album = newAlbum($object['data']);
$albumid = $album->getID();
$sql = "INSERT INTO " . prefix('admin_to_object') . " (adminid, objectid, type, edit) VALUES ($id, $albumid, 'albums', $edit)";
$result = query($sql);
break;
case 'pages':
$sql = 'SELECT * FROM ' . prefix('pages') . ' WHERE `titlelink`=' . db_quote($object['data']);
$result = query_single_row($sql);
if (is_array($result)) {
$objectid = $result['id'];
$sql = "INSERT INTO " . prefix('admin_to_object') . " (adminid, objectid, type, edit) VALUES ($id, $objectid, 'pages', $edit)";
$result = query($sql);
}
break;
case 'news':
$sql = 'SELECT * FROM ' . prefix('news_categories') . ' WHERE `titlelink`=' . db_quote($object['data']);
$result = query_single_row($sql);
if (is_array($result)) {
$objectid = $result['id'];
$sql = "INSERT INTO " . prefix('admin_to_object') . " (adminid, objectid, type, edit) VALUES ($id, $objectid, 'news', $edit)";
$result = query($sql);
}
break;
}
}
}
}
function remove() {
zp_apply_filter('remove_user', $this);
$album = $this->getAlbum();
$id = $this->getID();
if (parent::remove()) {
if (!empty($album)) {
$album->remove();
}
$sql = "DELETE FROM " . prefix('admin_to_object') . " WHERE `adminid`=$id";
$result = query($sql);
} else {
return false;
}
return $result;
}
function getAlbum() {
$id = $this->get('prime_album');
if (!empty($id)) {
$sql = 'SELECT `folder` FROM ' . prefix('albums') . ' WHERE `id`=' . $id;
$result = query_single_row($sql);
if ($result) {
$album = newAlbum($result['folder']);
return $album;
}
}
return false;
}
function setAlbum($album) {
if ($album) {
$this->set('prime_album', $album->getID());
} else {
$this->set('prime_album', NULL);
}
}
function getCredentials() {
return getSerializedArray($this->get('other_credentials'));
}
function setCredentials($cred) {
$this->set('other_credentials', serialize($cred));
}
function createPrimealbum($new = true, $name = NULL) {
$t = 0;
$ext = '';
if (is_null($name)) {
$filename = internalToFilesystem(str_replace(array('<', '>', ':', '"' . '/' . '\\', '|', '?', '*'), '_', seoFriendly($this->getUser())));
} else {
$filename = internalToFilesystem(str_replace(array('<', '>', ':', '"' . '/' . '\\', '|', '?', '*'), '_', $name));
}
while ($new && file_exists(ALBUM_FOLDER_SERVERPATH . $filename . $ext)) {
$t++;
$ext = '-' . $t;
}
$path = ALBUM_FOLDER_SERVERPATH . $filename . $ext;
$albumname = filesystemToInternal($filename . $ext);
if (@mkdir_recursive($path, FOLDER_MOD)) {
$album = newAlbum($albumname);
if ($title = $this->getName()) {
$album->setTitle($title);
}
$album->setOwner($this->getUser());
$album->save();
$this->setAlbum($album);
$this->setRights($this->getRights() | ALBUM_RIGHTS);
if (getOption('user_album_edit_default')) {
$subrights = MANAGED_OBJECT_RIGHTS_EDIT;
} else {
$subrights = 0;
}
if ($this->getRights() & UPLOAD_RIGHTS) {
$subrights = $subrights | MANAGED_OBJECT_RIGHTS_UPLOAD;
}
$objects = $this->getObjects();
$objects[] = array('data' => $albumname, 'name' => $albumname, 'type' => 'album', 'edit' => $subrights);
$this->setObjects($objects);
}
}
function getChallengePhraseInfo() {
$info = $this->get('challenge_phrase');
if ($info) {
return getSerializedArray($info);
} else {
return array('challenge' => '', 'response' => '');
}
}
function setChallengePhraseInfo($challenge, $response) {
$this->set('challenge_phrase', serialize(array('challenge' => $challenge, 'response' => $response)));
}
function getLastLogon() {
return $this->get('lastloggedin');
}
function getLastVisit() {
return $this->get('lastvisit');
}
function setLastVisit($datetime = '') {
if(empty($datetime)) {
$datetime = date('Y-m-d H:i:s');
}
$this->set('lastvisit', $datetime);
}
function updateLastVisit() {
if (getOption('admin_lastvisit')) {
$lastvisit = strtotime($this->getLastVisit());
$lastvisit_timeframe = getOption('admin_lastvisit_timeframe');
if (empty($lastvisit_timeframe)) {
$lastvisit_timeframe = 600;
}
if (empty($lastvisit) || (time() - $lastvisit) > $lastvisit_timeframe) {
$this->setLastVisit();
$this->save();
}
}
}
function preservePrimeAlbum() {
$primeAlbum = $this->getAlbum();
if (is_object($primeAlbum)) {
$primealbum_name = $primeAlbum->name;
$objects = $this->getObjects();
$primealbum_managed = false;
foreach ($objects as $key => $val) {
if ($val['type'] == 'album' && $val['name'] == $primealbum_name) {
$primealbum_managed = true;
break;
}
}
if (!$primealbum_managed) {
$objects[] = array(
'data' => $primealbum_name,
'name' => $primealbum_name,
'type' => 'album',
'edit' => 32765
);
}
$this->setObjects($objects);
}
}
}
?>