/**
* Merges rights for multiple group memebership or templates
* @param object $userobj
* @param array $groups
*/
static function merge_rights($userobj, $groups, $primeObjects)
{
global $_zp_authority;
$templates = false;
$objects = $primeObjects;
$custom = array();
$oldgroups = $userobj->getGroup();
$oldrights = $userobj->getRights();
$oldobjects = $userobj->getObjects();
$rights = 0;
foreach ($groups as $key => $groupname) {
if (empty($groupname)) {
// force the first template to happen
$group = new Zenphoto_Administrator('', 0);
$group->setName('template');
} else {
$group = Zenphoto_Authority::newAdministrator($groupname, 0, false);
}
if ($group->loaded) {
if ($group->getName() == 'template') {
unset($groups[$key]);
if ($userobj->getID() > 0 && !$templates) {
// fetch the existing rights and objects
$templates = true;
// but only once!
$rights = $userobj->getRights();
$objects = $userobj->getObjects();
}
}
$rights = $group->getRights() | $rights;
$objects = array_merge($group->getObjects(), $objects);
$custom[] = $group->getCustomData();
} else {
unset($groups[$key]);
}
}
$userobj->setCustomData(array_shift($custom));
// for now it is first come, first served.
// unique objects
$newobjects = array();
foreach ($objects as $object) {
$key = serialize(array('type' => $object['type'], 'data' => $object['data']));
if (array_key_exists($key, $newobjects)) {
if (array_key_exists('edit', $object)) {
$newobjects[$key]['edit'] = @$newobjects[$key]['edit'] | $object['edit'];
}
} else {
$newobjects[$key] = $object;
}
}
$objects = array();
foreach ($newobjects as $object) {
$objects[] = $object;
}
$userobj->setGroup($newgroups = implode(',', $groups));
$userobj->setRights($rights);
$userobj->setObjects($objects);
$updated = $newgroups != $oldgroups || $oldobjects != $objects || empty($newgroups) && $rights != $oldrights;
return $updated;
}
/**
* Common logon handler.
* Will log the user on if he exists. Otherwise it will create a user accoung and log
* on that account.
*
* Redirects into Zenphoto on success presuming there is a redirect link.
*
* @param $user
* @param $email
* @param $name
* @param $redirect
*/
static function credentials($user, $email, $name, $redirect)
{
$userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`=' => 1));
$more = false;
if ($userobj) {
// update if changed
$save = false;
if (!empty($email) && $email != $userobj->getEmail()) {
$save = true;
$userobj->setEmail($email);
}
if (!empty($name) && $name != $userobj->getName()) {
$save = true;
$userobj->setName($name);
}
if ($save) {
$userobj->save();
}
} else {
// User does not exist, create him
$groupname = getOption('federated_login_group');
$groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $groupname, '`valid`=' => 0));
if ($groupobj) {
$group = NULL;
if ($groupobj->getName() != 'template') {
$group = $groupname;
}
$userobj = Zenphoto_Authority::newAdministrator('');
$userobj->transient = false;
$userobj->setUser($user);
$credentials = array('federated', 'user', 'email');
if ($name) {
$credentials[] = 'name';
}
$userobj->setCredentials($credentials);
$userobj->setName($name);
$userobj->setPass($user . HASH_SEED . gmdate('d M Y H:i:s'));
$userobj->setObjects(NULL);
$userobj->setCustomData('');
$userobj->setLanguage(getUserLocale());
$userobj->setObjects($groupobj->getObjects());
if (is_valid_email_zp($email)) {
$userobj->setEmail($email);
if (getOption('register_user_create_album')) {
$userobj->createPrimealbum();
}
} else {
$groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => 'federated_verify', '`valid`=' => 0));
if (empty($groupobj)) {
$groupobj = Zenphoto_Authority::newAdministrator('federated_verify', 0);
$groupobj->setName('group');
$groupobj->setRights(NO_RIGHTS);
$groupobj->save();
}
$group = 'federated_verify';
$redirect = WEBPATH . '/' . ZENFOLDER . '/admin.php';
}
$userobj->setRights($groupobj->getRights());
$userobj->setGroup($group);
$userobj->save();
} else {
$more = sprintf(gettext('Group %s does not exist.'), $groupname);
}
}
if (!$more) {
zp_apply_filter('federated_login_attempt', true, $user);
Zenphoto_Authority::logUser($userobj);
if ($redirect) {
header("Location: " . $redirect);
exitZP();
}
}
return $more;
}
$groupobj->set('other_credentials', gettext('Managers of one or more albums'));
$groupobj->setValid(0);
$groupobj->save();
$groupsdefined[] = 'album managers';
}
if (!in_array('default', $groupsdefined)) {
$groupobj = Zenphoto_Authority::newAdministrator('default', 0);
$groupobj->setName('template');
$groupobj->setRights(DEFAULT_RIGHTS);
$groupobj->set('other_credentials', gettext('Default user settings'));
$groupobj->setValid(0);
$groupobj->save();
$groupsdefined[] = 'default';
}
if (!in_array('newuser', $groupsdefined)) {
$groupobj = Zenphoto_Authority::newAdministrator('newuser', 0);
$groupobj->setName('template');
$groupobj->setRights(NO_RIGHTS);
$groupobj->set('other_credentials', gettext('Newly registered and verified users'));
$groupobj->setValid(0);
$groupobj->save();
$groupsdefined[] = 'newuser';
}
setOption('defined_groups', serialize($groupsdefined));
// record that these have been set once (and never again)
setOptionDefault('RSS_album_image', 1);
setOptionDefault('RSS_comments', 1);
setOptionDefault('RSS_articles', 1);
setOptionDefault('RSS_pages', 1);
setOptionDefault('RSS_article_comments', 1);
setOptionDefault('AlbumThumbSelect', 1);
$albumlist[$name] = $folder;
}
$background = '';
$showlist = array();
if (!empty($newuser)) {
$userlist[-1] = $newuser;
}
foreach ($userlist as $key => $user) {
$ismaster = false;
$local_alterrights = $alterrights;
$userid = $user['user'];
$current = in_array($userid, $showset);
if ($userid == $_zp_current_admin_obj->getuser()) {
$userobj = $_zp_current_admin_obj;
} else {
$userobj = Zenphoto_Authority::newAdministrator($userid);
}
if (empty($userid)) {
$userobj->setGroup($user['group']);
$userobj->setRights($user['rights']);
$userobj->setValid(1);
}
$groupname = $userobj->getGroup();
if ($pending = $userobj->getRights() == 0) {
$master = '(<em>' . gettext('pending verification') . '</em>)';
} else {
$master = ' ';
}
if ($userobj->master && $_zp_current_admin_obj->getID()) {
if (zp_loggedin(ADMIN_RIGHTS)) {
$master = "(<em>" . gettext("Master") . "</em>)";
static function post_processor()
{
global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message;
//Handle registration
if (isset($_POST['username']) && !empty($_POST['username'])) {
$_notify = 'honeypot';
// honey pot check
}
if (getOption('register_user_captcha')) {
if (isset($_POST['code'])) {
$code = sanitize($_POST['code'], 3);
$code_ok = sanitize($_POST['code_h'], 3);
} else {
$code = '';
$code_ok = '';
}
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$_notify = 'invalidcaptcha';
}
}
$admin_n = trim(sanitize($_POST['admin_name']));
if (empty($admin_n)) {
$_notify = 'incomplete';
}
if (isset($_POST['admin_email'])) {
$admin_e = trim(sanitize($_POST['admin_email']));
} else {
$admin_e = trim(sanitize($_POST['user']));
}
if (!is_valid_email_zp($admin_e)) {
$_notify = 'invalidemail';
}
$pass = trim(sanitize($_POST['pass']));
$user = trim(sanitize($_POST['user']));
if (empty($pass)) {
$_notify = 'empty';
} else {
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) {
$currentadmin = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
if (is_object($currentadmin)) {
$_notify = 'exists';
}
if (empty($_notify)) {
$userobj = Zenphoto_Authority::newAdministrator('');
$userobj->transient = false;
$userobj->setUser($user);
$userobj->setPass($pass);
$userobj->setName($admin_n);
$userobj->setEmail($admin_e);
$userobj->setRights(0);
$userobj->setObjects(NULL);
$userobj->setGroup('');
$userobj->setCustomData('');
$userobj->setLanguage(getUserLocale());
if (extensionEnabled('userAddressFields')) {
$addresses = getOption('register_user_address_info');
$userinfo = register_user::getUserInfo(0);
$_comment_form_save_post = serialize($userinfo);
if ($addresses == 'required') {
if (!isset($userinfo['street']) || empty($userinfo['street'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the street field.');
}
if (!isset($userinfo['city']) || empty($userinfo['city'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the city field.');
}
if (!isset($userinfo['state']) || empty($userinfo['state'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the state field.');
}
if (!isset($userinfo['country']) || empty($userinfo['country'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the country field.');
}
if (!isset($userinfo['postal']) || empty($userinfo['postal'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the postal code field.');
}
}
zp_setCookie('reister_user_form_addresses', $_comment_form_save_post);
userAddressFields::setCustomData($userobj, $userinfo);
}
zp_apply_filter('register_user_registered', $userobj);
if ($userobj->transient) {
if (empty($_notify)) {
$_notify = 'filter';
}
} else {
$userobj->save();
if (MOD_REWRITE) {
$verify = '?verify=';
} else {
$verify = '&verify=';
}
$_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
$_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass);
$_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e));
if (empty($_notify)) {
$_notify = 'accepted';
}
}
}
} else {
$_notify = 'mismatch';
}
} else {
$_notify = 'incomplete';
}
}
}
static function setupUser($ad, $userData)
{
global $_zp_authority;
$user = $userData['uid'][0];
$id = $userData['uidnumber'][0] + LDAP_ID_OFFSET;
$name = $userData['cn'][0];
$groups = self::getZPGroups($ad, $user);
$adminObj = Zenphoto_Authority::newAdministrator('');
$adminObj->setID($id);
$adminObj->transient = true;
if (isset($userData['email'][0])) {
$adminObj->setEmail($userData['email'][0]);
}
$adminObj->setUser($user);
$adminObj->setName($name);
$adminObj->setPass(serialize($userData));
if (class_exists('user_groups')) {
user_groups::merge_rights($adminObj, $groups, array());
if (DEBUG_LOGIN) {
debugLogVar("LDAsetupUser: groups:", $adminObj->getGroup());
}
$rights = $adminObj->getRights() & ~USER_RIGHTS;
$adminObj->setRights($rights);
} else {
$rights = DEFAULT_RIGHTS & ~USER_RIGHTS;
$adminObj->setRights(DEFAULT_RIGHTS & ~USER_RIGHTS);
}
if ($rights) {
$_zp_authority->addOtherUser($adminObj);
return $adminObj;
}
return NULL;
}
$group->setObjects(processManagedObjects($i, $rights));
$group->setRights(NO_RIGHTS | $rights);
}
$group->set('other_credentials', trim(sanitize($_POST[$i . '-desc'], 3)));
$group->setName(trim(sanitize($_POST[$i . '-type'], 3)));
$group->setValid(0);
zp_apply_filter('save_admin_custom_data', true, $group, $i, true);
$group->save();
if ($group->getName() == 'group') {
//have to update any users who have this group designate.
$groupname = $group->getUser();
foreach ($admins as $admin) {
if ($admin['valid']) {
$hisgroups = explode(',', $admin['group']);
if (in_array($groupname, $hisgroups)) {
$user = Zenphoto_Authority::newAdministrator($admin['user'], $admin['valid']);
user_groups::merge_rights($user, $hisgroups);
$user->save();
}
}
}
//user assignments: first clear out existing ones
Zenphoto_Authority::updateAdminField('group', NULL, array('`valid`>=' => '1', '`group`=' => $groupname));
//then add the ones marked
$target = 'user_' . $i . '-';
foreach ($_POST as $item => $username) {
$item = sanitize(postIndexDecode($item));
if (strpos($item, $target) !== false) {
$username = substr($item, strlen($target));
$user = Zenphoto_Authority::getAnAdmin(array('`user`=' => $username, '`valid`>=' => 1));
$user->setRights($group->getRights());
