/** * Merges rights for multiple group memebership or templates * @param object $userobj * @param array $groups */ static function merge_rights($userobj, $groups, $primeObjects) { global $_zp_authority; $templates = false; $objects = $primeObjects; $custom = array(); $oldgroups = $userobj->getGroup(); $oldrights = $userobj->getRights(); $oldobjects = $userobj->getObjects(); $rights = 0; foreach ($groups as $key => $groupname) { if (empty($groupname)) { // force the first template to happen $group = new Zenphoto_Administrator('', 0); $group->setName('template'); } else { $group = Zenphoto_Authority::newAdministrator($groupname, 0, false); } if ($group->loaded) { if ($group->getName() == 'template') { unset($groups[$key]); if ($userobj->getID() > 0 && !$templates) { // fetch the existing rights and objects $templates = true; // but only once! $rights = $userobj->getRights(); $objects = $userobj->getObjects(); } } $rights = $group->getRights() | $rights; $objects = array_merge($group->getObjects(), $objects); $custom[] = $group->getCustomData(); } else { unset($groups[$key]); } } $userobj->setCustomData(array_shift($custom)); // for now it is first come, first served. // unique objects $newobjects = array(); foreach ($objects as $object) { $key = serialize(array('type' => $object['type'], 'data' => $object['data'])); if (array_key_exists($key, $newobjects)) { if (array_key_exists('edit', $object)) { $newobjects[$key]['edit'] = @$newobjects[$key]['edit'] | $object['edit']; } } else { $newobjects[$key] = $object; } } $objects = array(); foreach ($newobjects as $object) { $objects[] = $object; } $userobj->setGroup($newgroups = implode(',', $groups)); $userobj->setRights($rights); $userobj->setObjects($objects); $updated = $newgroups != $oldgroups || $oldobjects != $objects || empty($newgroups) && $rights != $oldrights; return $updated; }
/** * Common logon handler. * Will log the user on if he exists. Otherwise it will create a user accoung and log * on that account. * * Redirects into Zenphoto on success presuming there is a redirect link. * * @param $user * @param $email * @param $name * @param $redirect */ static function credentials($user, $email, $name, $redirect) { $userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`=' => 1)); $more = false; if ($userobj) { // update if changed $save = false; if (!empty($email) && $email != $userobj->getEmail()) { $save = true; $userobj->setEmail($email); } if (!empty($name) && $name != $userobj->getName()) { $save = true; $userobj->setName($name); } if ($save) { $userobj->save(); } } else { // User does not exist, create him $groupname = getOption('federated_login_group'); $groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $groupname, '`valid`=' => 0)); if ($groupobj) { $group = NULL; if ($groupobj->getName() != 'template') { $group = $groupname; } $userobj = Zenphoto_Authority::newAdministrator(''); $userobj->transient = false; $userobj->setUser($user); $credentials = array('federated', 'user', 'email'); if ($name) { $credentials[] = 'name'; } $userobj->setCredentials($credentials); $userobj->setName($name); $userobj->setPass($user . HASH_SEED . gmdate('d M Y H:i:s')); $userobj->setObjects(NULL); $userobj->setCustomData(''); $userobj->setLanguage(getUserLocale()); $userobj->setObjects($groupobj->getObjects()); if (is_valid_email_zp($email)) { $userobj->setEmail($email); if (getOption('register_user_create_album')) { $userobj->createPrimealbum(); } } else { $groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => 'federated_verify', '`valid`=' => 0)); if (empty($groupobj)) { $groupobj = Zenphoto_Authority::newAdministrator('federated_verify', 0); $groupobj->setName('group'); $groupobj->setRights(NO_RIGHTS); $groupobj->save(); } $group = 'federated_verify'; $redirect = WEBPATH . '/' . ZENFOLDER . '/admin.php'; } $userobj->setRights($groupobj->getRights()); $userobj->setGroup($group); $userobj->save(); } else { $more = sprintf(gettext('Group %s does not exist.'), $groupname); } } if (!$more) { zp_apply_filter('federated_login_attempt', true, $user); Zenphoto_Authority::logUser($userobj); if ($redirect) { header("Location: " . $redirect); exitZP(); } } return $more; }
$groupobj->set('other_credentials', gettext('Managers of one or more albums')); $groupobj->setValid(0); $groupobj->save(); $groupsdefined[] = 'album managers'; } if (!in_array('default', $groupsdefined)) { $groupobj = Zenphoto_Authority::newAdministrator('default', 0); $groupobj->setName('template'); $groupobj->setRights(DEFAULT_RIGHTS); $groupobj->set('other_credentials', gettext('Default user settings')); $groupobj->setValid(0); $groupobj->save(); $groupsdefined[] = 'default'; } if (!in_array('newuser', $groupsdefined)) { $groupobj = Zenphoto_Authority::newAdministrator('newuser', 0); $groupobj->setName('template'); $groupobj->setRights(NO_RIGHTS); $groupobj->set('other_credentials', gettext('Newly registered and verified users')); $groupobj->setValid(0); $groupobj->save(); $groupsdefined[] = 'newuser'; } setOption('defined_groups', serialize($groupsdefined)); // record that these have been set once (and never again) setOptionDefault('RSS_album_image', 1); setOptionDefault('RSS_comments', 1); setOptionDefault('RSS_articles', 1); setOptionDefault('RSS_pages', 1); setOptionDefault('RSS_article_comments', 1); setOptionDefault('AlbumThumbSelect', 1);
$albumlist[$name] = $folder; } $background = ''; $showlist = array(); if (!empty($newuser)) { $userlist[-1] = $newuser; } foreach ($userlist as $key => $user) { $ismaster = false; $local_alterrights = $alterrights; $userid = $user['user']; $current = in_array($userid, $showset); if ($userid == $_zp_current_admin_obj->getuser()) { $userobj = $_zp_current_admin_obj; } else { $userobj = Zenphoto_Authority::newAdministrator($userid); } if (empty($userid)) { $userobj->setGroup($user['group']); $userobj->setRights($user['rights']); $userobj->setValid(1); } $groupname = $userobj->getGroup(); if ($pending = $userobj->getRights() == 0) { $master = '(<em>' . gettext('pending verification') . '</em>)'; } else { $master = ' '; } if ($userobj->master && $_zp_current_admin_obj->getID()) { if (zp_loggedin(ADMIN_RIGHTS)) { $master = "(<em>" . gettext("Master") . "</em>)";
static function post_processor() { global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message; //Handle registration if (isset($_POST['username']) && !empty($_POST['username'])) { $_notify = 'honeypot'; // honey pot check } if (getOption('register_user_captcha')) { if (isset($_POST['code'])) { $code = sanitize($_POST['code'], 3); $code_ok = sanitize($_POST['code_h'], 3); } else { $code = ''; $code_ok = ''; } if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { $_notify = 'invalidcaptcha'; } } $admin_n = trim(sanitize($_POST['admin_name'])); if (empty($admin_n)) { $_notify = 'incomplete'; } if (isset($_POST['admin_email'])) { $admin_e = trim(sanitize($_POST['admin_email'])); } else { $admin_e = trim(sanitize($_POST['user'])); } if (!is_valid_email_zp($admin_e)) { $_notify = 'invalidemail'; } $pass = trim(sanitize($_POST['pass'])); $user = trim(sanitize($_POST['user'])); if (empty($pass)) { $_notify = 'empty'; } else { if (!empty($user) && !empty($admin_n) && !empty($admin_e)) { if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) { $currentadmin = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`>' => 0)); if (is_object($currentadmin)) { $_notify = 'exists'; } if (empty($_notify)) { $userobj = Zenphoto_Authority::newAdministrator(''); $userobj->transient = false; $userobj->setUser($user); $userobj->setPass($pass); $userobj->setName($admin_n); $userobj->setEmail($admin_e); $userobj->setRights(0); $userobj->setObjects(NULL); $userobj->setGroup(''); $userobj->setCustomData(''); $userobj->setLanguage(getUserLocale()); if (extensionEnabled('userAddressFields')) { $addresses = getOption('register_user_address_info'); $userinfo = register_user::getUserInfo(0); $_comment_form_save_post = serialize($userinfo); if ($addresses == 'required') { if (!isset($userinfo['street']) || empty($userinfo['street'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the street field.'); } if (!isset($userinfo['city']) || empty($userinfo['city'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the city field.'); } if (!isset($userinfo['state']) || empty($userinfo['state'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the state field.'); } if (!isset($userinfo['country']) || empty($userinfo['country'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the country field.'); } if (!isset($userinfo['postal']) || empty($userinfo['postal'])) { $userobj->transient = true; $userobj->msg .= ' ' . gettext('You must supply the postal code field.'); } } zp_setCookie('reister_user_form_addresses', $_comment_form_save_post); userAddressFields::setCustomData($userobj, $userinfo); } zp_apply_filter('register_user_registered', $userobj); if ($userobj->transient) { if (empty($_notify)) { $_notify = 'filter'; } } else { $userobj->save(); if (MOD_REWRITE) { $verify = '?verify='; } else { $verify = '&verify='; } $_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))); $_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass); $_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e)); if (empty($_notify)) { $_notify = 'accepted'; } } } } else { $_notify = 'mismatch'; } } else { $_notify = 'incomplete'; } } }
static function setupUser($ad, $userData) { global $_zp_authority; $user = $userData['uid'][0]; $id = $userData['uidnumber'][0] + LDAP_ID_OFFSET; $name = $userData['cn'][0]; $groups = self::getZPGroups($ad, $user); $adminObj = Zenphoto_Authority::newAdministrator(''); $adminObj->setID($id); $adminObj->transient = true; if (isset($userData['email'][0])) { $adminObj->setEmail($userData['email'][0]); } $adminObj->setUser($user); $adminObj->setName($name); $adminObj->setPass(serialize($userData)); if (class_exists('user_groups')) { user_groups::merge_rights($adminObj, $groups, array()); if (DEBUG_LOGIN) { debugLogVar("LDAsetupUser: groups:", $adminObj->getGroup()); } $rights = $adminObj->getRights() & ~USER_RIGHTS; $adminObj->setRights($rights); } else { $rights = DEFAULT_RIGHTS & ~USER_RIGHTS; $adminObj->setRights(DEFAULT_RIGHTS & ~USER_RIGHTS); } if ($rights) { $_zp_authority->addOtherUser($adminObj); return $adminObj; } return NULL; }
$group->setObjects(processManagedObjects($i, $rights)); $group->setRights(NO_RIGHTS | $rights); } $group->set('other_credentials', trim(sanitize($_POST[$i . '-desc'], 3))); $group->setName(trim(sanitize($_POST[$i . '-type'], 3))); $group->setValid(0); zp_apply_filter('save_admin_custom_data', true, $group, $i, true); $group->save(); if ($group->getName() == 'group') { //have to update any users who have this group designate. $groupname = $group->getUser(); foreach ($admins as $admin) { if ($admin['valid']) { $hisgroups = explode(',', $admin['group']); if (in_array($groupname, $hisgroups)) { $user = Zenphoto_Authority::newAdministrator($admin['user'], $admin['valid']); user_groups::merge_rights($user, $hisgroups); $user->save(); } } } //user assignments: first clear out existing ones Zenphoto_Authority::updateAdminField('group', NULL, array('`valid`>=' => '1', '`group`=' => $groupname)); //then add the ones marked $target = 'user_' . $i . '-'; foreach ($_POST as $item => $username) { $item = sanitize(postIndexDecode($item)); if (strpos($item, $target) !== false) { $username = substr($item, strlen($target)); $user = Zenphoto_Authority::getAnAdmin(array('`user`=' => $username, '`valid`>=' => 1)); $user->setRights($group->getRights());