// If the auth variable gets set somehow before this, get rid of it. $_zp_loggedin = false; // we have the ssl marker cookie, normally we are already logged in // but we need to redirect to ssl to retrive the auth cookie (set as secure). if (zp_getCookie('zenphoto_ssl') && !secureServer()) { $redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI(); header("Location:{$redirect}"); exitZP(); } if (isset($_POST['login'])) { // Handle the login form. if (secureServer()) { // https: set the 'zenphoto_ssl' marker for redirection zp_setCookie("zenphoto_ssl", "needed"); } $_zp_loggedin = $_zp_authority->handleLogon(); if ($_zp_loggedin) { if (isset($_POST['redirect'])) { $redirect = sanitizeRedirect($_POST['redirect']); if (!empty($redirect)) { header("Location: " . $redirect); exitZP(); } } } } else { // no login form, check the cookie if (isset($_GET['ticket'])) { // password reset query $_zp_authority->validateTicket(sanitize($_GET['ticket']), sanitize(@$_GET['user'])); } else {