// If the auth variable gets set somehow before this, get rid of it.
$_zp_loggedin = false;
// we have the ssl marker cookie, normally we are already logged in
// but we need to redirect to ssl to retrive the auth cookie (set as secure).
if (zp_getCookie('zenphoto_ssl') && !secureServer()) {
$redirect = "https://" . $_SERVER['HTTP_HOST'] . getRequestURI();
header("Location:{$redirect}");
exitZP();
}
if (isset($_POST['login'])) {
// Handle the login form.
if (secureServer()) {
// https: set the 'zenphoto_ssl' marker for redirection
zp_setCookie("zenphoto_ssl", "needed");
}
$_zp_loggedin = $_zp_authority->handleLogon();
if ($_zp_loggedin) {
if (isset($_POST['redirect'])) {
$redirect = sanitizeRedirect($_POST['redirect']);
if (!empty($redirect)) {
header("Location: " . $redirect);
exitZP();
}
}
}
} else {
// no login form, check the cookie
if (isset($_GET['ticket'])) {
// password reset query
$_zp_authority->validateTicket(sanitize($_GET['ticket']), sanitize(@$_GET['user']));
} else {
