}
}
}
if (!isset($_POST['login'])) {
$_zp_loggedin = checkAuthorization(zp_getCookie('zenphoto_auth'));
if (!$_zp_loggedin) {
// Clear the cookie
zp_setcookie("zenphoto_auth", "", time() - 368000, $cookiepath);
}
} else {
// Handle the login form.
if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) {
$post_user = sanitize($_POST['user'], 3);
$post_pass = sanitize($_POST['pass'], 3);
$redirect = sanitize_path($_POST['redirect']);
if ($_zp_loggedin = checkLogon($post_user, $post_pass)) {
zp_setcookie("zenphoto_auth", passwordHash($post_user, $post_pass), time() + COOKIE_PESISTENCE, $cookiepath);
if (!empty($redirect)) {
header("Location: " . FULLWEBPATH . '/' . $redirect);
}
} else {
// Clear the cookie, just in case
zp_setcookie("zenphoto_auth", "", time() - 368000, $cookiepath);
// was it a request for a reset?
if ($_zp_captcha->checkCaptcha(trim($post_pass), sanitize($_POST['code_h'], 3))) {
if (empty($post_user)) {
$requestor = 'You are receiving this e-mail because of a password reset request on your Zenphoto gallery.';
} else {
$requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your Zenphoto gallery from a user who tried to log in as %s."), $post_user);
}
$admins = getAdministrators();
/**
*checks for album password posting
*/
function zp_handle_password()
{
global $_zp_loggedin, $_zp_login_error, $_zp_current_album;
if (zp_loggedin()) {
return;
}
// who cares, we don't need any authorization
$cookiepath = WEBPATH;
if (WEBPATH == '') {
$cookiepath = '/';
}
$check_auth = '';
if (in_context(ZP_SEARCH)) {
// search page
$authType = 'zp_search_auth';
$check_auth = getOption('search_password');
$check_user = getOption('search_user');
} else {
if (in_context(ZP_ALBUM)) {
// album page
$authType = "zp_album_auth_" . cookiecode($_zp_current_album->name);
$check_auth = $_zp_current_album->getPassword();
$check_user = $_zp_current_album->getUser();
if (empty($check_auth)) {
$parent = $_zp_current_album->getParent();
while (!is_null($parent)) {
$check_auth = $parent->getPassword();
$check_user = $parent->getUser();
$authType = "zp_album_auth_" . cookiecode($parent->name);
if (!empty($check_auth)) {
break;
}
$parent = $parent->getParent();
}
}
}
}
if (empty($check_auth)) {
// anything else is controlled by the gallery credentials
$authType = 'zp_gallery_auth';
$check_auth = getOption('gallery_password');
$check_user = getOption('gallery_user');
}
// Handle the login form.
if (isset($_POST['password']) && isset($_POST['pass'])) {
$post_user = $_POST['user'];
$post_pass = $_POST['pass'];
$auth = md5($post_user . $post_pass);
if ($_zp_loggedin = checkLogon($post_user, $post_pass)) {
// allow Admin user login
zp_setcookie("zenphoto_auth", $auth, time() + COOKIE_PESISTENCE, $cookiepath);
} else {
if ($auth == $check_auth && $post_user == $check_user) {
// Correct auth info. Set the cookie.
zp_setcookie($authType, $auth, time() + COOKIE_PESISTENCE, $cookiepath);
} else {
// Clear the cookie, just in case
zp_setcookie($authType, "", time() - 368000, $cookiepath);
$_zp_login_error = true;
}
}
return;
}
if (empty($check_auth)) {
//no password on record
return;
}
if (($saved_auth = zp_getCookie($authType)) != '') {
if ($saved_auth == $check_auth) {
return;
} else {
// Clear the cookie
zp_setcookie($authType, "", time() - 368000, $cookiepath);
}
}
}
