/**
* checks password posting
*
* @param string $authType override of athorization type
*/
function zp_handle_password($authType = NULL, $check_auth = NULL, $check_user = NULL)
{
global $_zp_loggedin, $_zp_login_error, $_zp_current_album, $_zp_current_zenpage_page, $_zp_gallery;
if (empty($authType)) {
// not supplied by caller
$check_auth = '';
if (isset($_GET['z']) && @$_GET['p'] == 'full-image' || isset($_GET['p']) && $_GET['p'] == '*full-image') {
$authType = 'zp_image_auth';
$check_auth = getOption('protected_image_password');
$check_user = getOption('protected_image_user');
} else {
if (in_context(ZP_SEARCH)) {
// search page
$authType = 'zp_search_auth';
$check_auth = getOption('search_password');
$check_user = getOption('search_user');
} else {
if (in_context(ZP_ALBUM)) {
// album page
$authType = "zp_album_auth_" . $_zp_current_album->getID();
$check_auth = $_zp_current_album->getPassword();
$check_user = $_zp_current_album->getUser();
if (empty($check_auth)) {
$parent = $_zp_current_album->getParent();
while (!is_null($parent)) {
$check_auth = $parent->getPassword();
$check_user = $parent->getUser();
$authType = "zp_album_auth_" . $parent->getID();
if (!empty($check_auth)) {
break;
}
$parent = $parent->getParent();
}
}
} else {
if (in_context(ZP_ZENPAGE_PAGE)) {
$authType = "zp_page_auth_" . $_zp_current_zenpage_page->getID();
$check_auth = $_zp_current_zenpage_page->getPassword();
$check_user = $_zp_current_zenpage_page->getUser();
if (empty($check_auth)) {
$pageobj = $_zp_current_zenpage_page;
while (empty($check_auth)) {
$parentID = $pageobj->getParentID();
if ($parentID == 0) {
break;
}
$sql = 'SELECT `titlelink` FROM ' . prefix('pages') . ' WHERE `id`=' . $parentID;
$result = query_single_row($sql);
$pageobj = new ZenpagePage($result['titlelink']);
$authType = "zp_page_auth_" . $pageobj->getID();
$check_auth = $pageobj->getPassword();
$check_user = $pageobj->getUser();
}
}
}
}
}
}
if (empty($check_auth)) {
// anything else is controlled by the gallery credentials
$authType = 'zp_gallery_auth';
$check_auth = $_zp_gallery->getPassword();
$check_user = $_zp_gallery->getUser();
}
}
// Handle the login form.
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: \$authType={$authType}; \$check_auth={$check_auth}; \$check_user={$check_user}; ");
}
if (isset($_POST['password']) && isset($_POST['pass'])) {
// process login form
if (isset($_POST['user'])) {
$post_user = sanitize($_POST['user']);
} else {
$post_user = '';
}
$post_pass = $_POST['pass'];
// We should not sanitize the password
foreach (Zenphoto_Authority::$hashList as $hash => $hi) {
$auth = Zenphoto_Authority::passwordHash($post_user, $post_pass, $hi);
$success = $auth == $check_auth && $post_user == $check_user;
if (DEBUG_LOGIN) {
debugLog("zp_handle_password({$success}): \$post_user={$post_user}; \$post_pass={$post_pass}; \$check_auth={$check_auth}; \$auth={$auth}; \$hash={$hash};");
}
if ($success) {
break;
}
}
$success = zp_apply_filter('guest_login_attempt', $success, $post_user, $post_pass, $authType);
if ($success) {
// Correct auth info. Set the cookie.
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: valid credentials");
}
zp_setCookie($authType, $auth);
if (isset($_POST['redirect'])) {
$redirect_to = sanitizeRedirect($_POST['redirect'], true);
if (!empty($redirect_to)) {
header("Location: " . $redirect_to);
exitZP();
}
}
} else {
// Clear the cookie, just in case
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: invalid credentials");
}
zp_clearCookie($authType);
$_zp_login_error = true;
}
return;
}
if (empty($check_auth)) {
//no password on record or admin logged in
return;
}
if (($saved_auth = zp_getCookie($authType)) != '') {
if ($saved_auth == $check_auth) {
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: valid cookie");
}
return;
} else {
// Clear the cookie
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: invalid cookie");
}
zp_clearCookie($authType);
}
}
}
<?php
/**
* Google accounts logon handler.
*
* This just supplies the Yahoo URL to OpenID_try.php. The rest is normal OpenID handling
*
* @author Stephen Billard (sbillard)
* @package plugins
* @subpackage users
*/
require_once 'OpenID_common.php';
session_start();
if (isset($_REQUEST['redirect'])) {
$redirect = sanitizeRedirect($_REQUEST['redirect']);
} else {
$redirect = '';
}
$_SESSION['OpenID_redirect'] = $redirect;
$_SESSION['OpenID_cleaner_pattern'] = '/(.*)\\.pip\\.verisignlabs\\.com/';
$_SESSION['provider'] = 'Verisign';
$_GET['openid_identifier'] = 'http://pip.verisignlabs.com';
if (isset($_GET['user']) && $_GET['user']) {
$_GET['openid_identifier'] = 'http://' . $_GET['user'] . '.pip.verisignlabs.com';
$_GET['action'] = 'verify';
unset($_GET['user']);
require 'OpenID_try_auth.php';
exit(0);
}
?>
<html>
// but we need to redirect to ssl to retrive the auth cookie (set as secure).
if (zp_getCookie('zenphoto_ssl') && !secureServer()) {
$redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI();
header("Location:{$redirect}");
exitZP();
}
if (isset($_POST['login'])) {
// Handle the login form.
if (secureServer()) {
// https: set the 'zenphoto_ssl' marker for redirection
zp_setCookie("zenphoto_ssl", "needed");
}
$_zp_loggedin = $_zp_authority->handleLogon();
if ($_zp_loggedin) {
if (isset($_POST['redirect'])) {
$redirect = sanitizeRedirect($_POST['redirect']);
if (!empty($redirect)) {
header("Location: " . $redirect);
exitZP();
}
}
}
} else {
// no login form, check the cookie
if (isset($_GET['ticket'])) {
// password reset query
$_zp_authority->validateTicket(sanitize($_GET['ticket']), sanitize(@$_GET['user']));
} else {
$_zp_loggedin = $_zp_authority->checkCookieCredentials();
$cloneid = bin2hex(FULLWEBPATH);
if (!$_zp_loggedin && isset($_SESSION['admin'][$cloneid])) {
