/** * Sets up user backend. * * @author Ben Dodson * @version 11/20/04 * @since 11/20/04 */ function install_users() { global $backend; $datapath = $this->data_dir; // USERS: $filename = $datapath . "/users"; if (!isset($password)) { $password = ""; } if (!file_exists($filename)) { $users = array(); $users['NOBODY']['password'] = jz_password($password); $users['NOBODY']['id'] = uniqid("USR"); if (!($handle = @fopen($filename, "w"))) { touch($filename); if (!($handle = @fopen($filename, "w"))) { echo "Could not open the data file in " . $this->data_dir . "."; return -1; } } fwrite($handle, serialize($users)); fclose($handle); } // USER SETTINGS: $filename = $datapath . "/user_settings"; if (!file_exists($filename)) { $usersettings = array(); if (!($handle = @fopen($filename, "w"))) { touch($filename); if (!($handle = @fopen($filename, "w"))) { echo "Could not open the data file in " . $this->data_dir . "."; return -1; } } fwrite($handle, serialize($usersettings)); fclose($handle); } // GROUPS: $filename = $datapath . "/groups"; if (!file_exists($filename)) { $groups = array(); $groups[ALL_MEDIA_GROUP] = ALL_MEDIA_GID; if (!($handle = @fopen($filename, "w"))) { touch($filename); if (!($handle = @fopen($filename, "w"))) { echo "Could not open the data file in " . $this->data_dir . "."; return -1; } } fwrite($handle, serialize($groups)); fclose($handle); } }
function login($user, $password, $remember = false, $prehashed = false) { global $cms_mode, $cms_type; if ($cms_mode != "false") { $cms = true; } else { $cms = false; } if (!$prehashed) { $password = jz_password($password); } $dp = $this->data_dir . "/" . "users"; $users = unserialize(file_get_contents($dp)); // Clear their data cache. if ($cms === false) { /* foreach ($_SESSION as $var=>$val) { unset($_SESSION[$var]); } */ //Stupid PHP!! $_SESSION = array(); } $this->initUser(); if ($cms !== false) { // The login is coming from CMS. // This means we can assume they are authenticated; // Just make sure they have an entry in our users file. if (!isset($users[$user])) { // first timer: $this->addUser($user, "cms-user"); // TODO: LOAD PERMISSIONS FOR CMS-DEFAULTS HERE! // now just re-login. return $this->login($user, $password, $remember, true); } else { if ($users[$user]['password'] != jz_password("cms-user")) { // double user. bad move. // Actually let's let this fly and see how it works out for CMS users. // To disallow this again, be sure to edit install/step6.php so the // admin user is created w. password 'cms-user' during a CMS install. $this->id = $users[$user]['id']; $_SESSION['jzUserID'] = jz_cookie_encode($this->id); $this->loadSettings(); writeLogData("access", "cms-user '" . $user . "' logged in successfully."); return true; } else { $this->id = $users[$user]['id']; $_SESSION['jzUserID'] = jz_cookie_encode($this->id); $this->loadSettings(); writeLogData("access", "cms-user '" . $user . "' logged in successfully."); return true; } } return false; } // NO CMS; standard way. // Passwords are hashes. if (isset($users[$user]) && 0 == strcasecmp($users[$user]['password'], $password)) { $this->id = $users[$user]['id']; if ($remember) { setcookie('jzUserID', jz_cookie_encode($this->id), time() + 60 * 60 * 24 * 30); } $_SESSION['jzUserID'] = jz_cookie_encode($this->id); $this->loadSettings(); writeLogData("access", "user '" . $user . "' logged in successfully."); return true; } else { unset($_SESSION['jzUserID']); writeLogData("access", "failed login for user '" . $user . "'."); return false; } }