// all plugin options are handled by the custom option code.
if (isset($_GET['single'])) {
$returntab = "&tab=plugin&single=" . sanitize($_GET['single']);
} else {
$returntab = "&tab=plugin&subpage={$subpage}";
}
} else {
$notify = '?post_error';
}
}
/* * * Security Options ** */
if (isset($_POST['savesecurityoptions'])) {
$protocol = sanitize($_POST['server_protocol'], 3);
if ($protocol != SERVER_PROTOCOL) {
// force https if required to be sure it works, otherwise the "save" will be the last thing we do
httpsRedirect();
}
if (getOption('server_protocol') != $protocol) {
setOption('server_protocol', $protocol);
$_configMutex->lock();
$zp_cfg = @file_get_contents(SERVERPATH . '/' . DATA_FOLDER . '/' . CONFIGFILE);
$zp_cfg = updateConfigItem('server_protocol', $protocol, $zp_cfg);
storeConfig($zp_cfg);
$_configMutex->unlock();
}
$_zp_gallery->setUserLogonField(isset($_POST['login_user_field']));
if ($protocol == 'http') {
zp_clearCookie("zenphoto_ssl");
}
setOption('IP_tied_cookies', (int) isset($_POST['IP_tied_cookies']));
setOption('obfuscate_cache', (int) isset($_POST['obfuscate_cache']));
/**
* Standard admin pages checks
* @param bit $rights
* @param string $return--where to go after login
*/
function admin_securityChecks($rights, $return)
{
global $_zp_current_admin_obj, $_zp_loggedin;
checkInstall();
httpsRedirect();
if ($_zp_current_admin_obj) {
if ($_zp_current_admin_obj->reset) {
$_zp_loggedin = USER_RIGHTS;
}
}
if (!zp_loggedin($rights)) {
// prevent nefarious access to this page.
$returnurl = urldecode($return);
if (!zp_apply_filter('admin_allow_access', false, $returnurl)) {
$uri = explode('?', $returnurl);
header("HTTP/1.0 302 Found");
header("Status: 302 Found");
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php?from=' . $uri[0]);
exitZP();
}
}
}