/**
* Checks to see access is allowed to an album
* Returns true if access is allowed.
* There is no password dialog--you must have already had authorization via a cookie.
*
* @param string $albumname the album
* @param string &$hint becomes populated with the password hint.
* @return bool
*/
function checkAlbumPassword($albumname, &$hint)
{
global $_zp_pre_authorization, $_zp_loggedin;
if (zp_loggedin(ADMIN_RIGHTS | VIEWALL_RIGHTS | ALL_ALBUMS_RIGHTS)) {
return true;
}
if ($_zp_loggedin) {
if (isMyAlbum($albumname, ALL_RIGHTS)) {
return true;
}
// he is allowed to see it.
}
if (isset($_zp_pre_authorization[$albumname])) {
return true;
}
$album = new album($_zp_gallery, $albumname);
$hash = $album->getPassword();
if (empty($hash)) {
$album = $album->getParent();
while (!is_null($album)) {
$hash = $album->getPassword();
$authType = "zp_album_auth_" . cookiecode($album->name);
$saved_auth = zp_getCookie($authType);
if (!empty($hash)) {
if ($saved_auth != $hash) {
$hint = $album->getPasswordHint();
return false;
}
}
$album = $album->getParent();
}
// revert all tlhe way to the gallery
$hash = getOption('gallery_password');
$authType = 'zp_gallery_auth';
$saved_auth = zp_getCookie($authType);
if (!empty($hash)) {
if ($saved_auth != $hash) {
$hint = get_language_string(getOption('gallery_hint'));
return false;
}
}
} else {
$authType = "zp_album_auth_" . cookiecode($album->name);
$saved_auth = zp_getCookie($authType);
if ($saved_auth != $hash) {
$hint = $album->getPasswordHint();
return false;
}
}
$_zp_pre_authorization[$albumname] = true;
return true;
}
/**
*checks for album password posting
*/
function zp_handle_password()
{
global $_zp_loggedin, $_zp_login_error, $_zp_current_album;
if (zp_loggedin()) {
return;
}
// who cares, we don't need any authorization
$cookiepath = WEBPATH;
if (WEBPATH == '') {
$cookiepath = '/';
}
$check_auth = '';
if (in_context(ZP_SEARCH)) {
// search page
$authType = 'zp_search_auth';
$check_auth = getOption('search_password');
$check_user = getOption('search_user');
} else {
if (in_context(ZP_ALBUM)) {
// album page
$authType = "zp_album_auth_" . cookiecode($_zp_current_album->name);
$check_auth = $_zp_current_album->getPassword();
$check_user = $_zp_current_album->getUser();
if (empty($check_auth)) {
$parent = $_zp_current_album->getParent();
while (!is_null($parent)) {
$check_auth = $parent->getPassword();
$check_user = $parent->getUser();
$authType = "zp_album_auth_" . cookiecode($parent->name);
if (!empty($check_auth)) {
break;
}
$parent = $parent->getParent();
}
}
}
}
if (empty($check_auth)) {
// anything else is controlled by the gallery credentials
$authType = 'zp_gallery_auth';
$check_auth = getOption('gallery_password');
$check_user = getOption('gallery_user');
}
// Handle the login form.
if (isset($_POST['password']) && isset($_POST['pass'])) {
$post_user = $_POST['user'];
$post_pass = $_POST['pass'];
$auth = md5($post_user . $post_pass);
if ($_zp_loggedin = checkLogon($post_user, $post_pass)) {
// allow Admin user login
zp_setcookie("zenphoto_auth", $auth, time() + COOKIE_PESISTENCE, $cookiepath);
} else {
if ($auth == $check_auth && $post_user == $check_user) {
// Correct auth info. Set the cookie.
zp_setcookie($authType, $auth, time() + COOKIE_PESISTENCE, $cookiepath);
} else {
// Clear the cookie, just in case
zp_setcookie($authType, "", time() - 368000, $cookiepath);
$_zp_login_error = true;
}
}
return;
}
if (empty($check_auth)) {
//no password on record
return;
}
if (($saved_auth = zp_getCookie($authType)) != '') {
if ($saved_auth == $check_auth) {
return;
} else {
// Clear the cookie
zp_setcookie($authType, "", time() - 368000, $cookiepath);
}
}
}
