/** * Re-validates user's e-mail via ticket. * @param string $path the script (which we ignore) * @return string */ static function reverify($path) { //process any verifications posted if (isset($_GET['user_expiry_reverify'])) { $params = unserialize(pack("H*", trim(sanitize($_GET['user_expiry_reverify']), '.'))); if (time() - $params['date'] < 2592000) { $userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $params['user'], '`email`=' => $params['email'], '`valid`>' => 0)); if ($userobj) { $credentials = $userobj->getCredentials(); $credentials[] = 'expiry'; $credentials[] = 'email'; $credentials = array_unique($credentials); } $userobj->setCredentials($credentials); $userobj->setValid(1); $userobj->set('loggedin', date('Y-m-d H:i:s')); $userobj->save(); Zenphoto_Authority::logUser($userobj); header("Location: " . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php'); exitZP(); } } if (user_expiry::checkPasswordRenew()) { header("Location: " . FULLWEBPATH . '/' . ZENFOLDER . '/admin-users.php?page=users&tab=users'); exitZP(); } return $path; }
/** * Processes the verification POST tickets * @param string $script (we do not use this) * @return string */ static function verify($script) { //process any verifications posted if (isset($_GET['verify_federated_user'])) { $params = unserialize(pack("H*", trim(sanitize($_GET['verify_federated_user']), '.'))); if (time() - $params['date'] < 2592000) { $userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $params['user'], '`email`=' => $params['email'], '`valid`>' => 0)); if ($userobj) { $groupname = getOption('federated_login_group'); $groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $groupname, '`valid`=' => 0)); if ($groupobj) { $userobj->setRights($groupobj->getRights()); $userobj->setGroup($groupname); $userobj->setObjects($groupobj->getObjects()); if (getOption('register_user_create_album')) { $userobj->createPrimealbum(); } $userobj->save(); } zp_apply_filter('register_user_verified', $userobj); if (getOption('register_logon_user_notify')) { zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail())); } Zenphoto_Authority::logUser($userobj); header("Location: " . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php'); exitZP(); } } } return $script; }
} } } else { // no login form, check the cookie if (isset($_GET['ticket'])) { // password reset query $_zp_authority->validateTicket(sanitize($_GET['ticket']), sanitize(@$_GET['user'])); } else { $_zp_loggedin = $_zp_authority->checkCookieCredentials(); $cloneid = bin2hex(FULLWEBPATH); if (!$_zp_loggedin && isset($_SESSION['admin'][$cloneid])) { // "passed" login $user = unserialize($_SESSION['admin'][$cloneid]); $user2 = $_zp_authority->getAnAdmin(array('`user`=' => $user->getUser(), '`valid`=' => 1)); if ($user2 && $user->getPass() == $user2->getPass()) { Zenphoto_Authority::logUser($user2); $_zp_current_admin_obj = $user2; $_zp_loggedin = $_zp_current_admin_obj->getRights(); } } unset($cloneid); } if ($_zp_loggedin) { $locale = $_zp_current_admin_obj->getLanguage(); if (!empty($locale)) { // set his prefered language setupCurrentLocale($locale); } } } if (!$_zp_loggedin) {