/**
* Sets up user backend.
*
* @author Ben Dodson
* @version 11/20/04
* @since 11/20/04
*/
function install_users()
{
global $backend;
$datapath = $this->data_dir;
// USERS:
$filename = $datapath . "/users";
if (!isset($password)) {
$password = "";
}
if (!file_exists($filename)) {
$users = array();
$users['NOBODY']['password'] = jz_password($password);
$users['NOBODY']['id'] = uniqid("USR");
if (!($handle = @fopen($filename, "w"))) {
touch($filename);
if (!($handle = @fopen($filename, "w"))) {
echo "Could not open the data file in " . $this->data_dir . ".";
return -1;
}
}
fwrite($handle, serialize($users));
fclose($handle);
}
// USER SETTINGS:
$filename = $datapath . "/user_settings";
if (!file_exists($filename)) {
$usersettings = array();
if (!($handle = @fopen($filename, "w"))) {
touch($filename);
if (!($handle = @fopen($filename, "w"))) {
echo "Could not open the data file in " . $this->data_dir . ".";
return -1;
}
}
fwrite($handle, serialize($usersettings));
fclose($handle);
}
// GROUPS:
$filename = $datapath . "/groups";
if (!file_exists($filename)) {
$groups = array();
$groups[ALL_MEDIA_GROUP] = ALL_MEDIA_GID;
if (!($handle = @fopen($filename, "w"))) {
touch($filename);
if (!($handle = @fopen($filename, "w"))) {
echo "Could not open the data file in " . $this->data_dir . ".";
return -1;
}
}
fwrite($handle, serialize($groups));
fclose($handle);
}
}
function login($user, $password, $remember = false, $prehashed = false)
{
global $cms_mode, $cms_type;
if ($cms_mode != "false") {
$cms = true;
} else {
$cms = false;
}
if (!$prehashed) {
$password = jz_password($password);
}
$dp = $this->data_dir . "/" . "users";
$users = unserialize(file_get_contents($dp));
// Clear their data cache.
if ($cms === false) {
/*
foreach ($_SESSION as $var=>$val) {
unset($_SESSION[$var]);
}
*/
//Stupid PHP!!
$_SESSION = array();
}
$this->initUser();
if ($cms !== false) {
// The login is coming from CMS.
// This means we can assume they are authenticated;
// Just make sure they have an entry in our users file.
if (!isset($users[$user])) {
// first timer:
$this->addUser($user, "cms-user");
// TODO: LOAD PERMISSIONS FOR CMS-DEFAULTS HERE!
// now just re-login.
return $this->login($user, $password, $remember, true);
} else {
if ($users[$user]['password'] != jz_password("cms-user")) {
// double user. bad move.
// Actually let's let this fly and see how it works out for CMS users.
// To disallow this again, be sure to edit install/step6.php so the
// admin user is created w. password 'cms-user' during a CMS install.
$this->id = $users[$user]['id'];
$_SESSION['jzUserID'] = jz_cookie_encode($this->id);
$this->loadSettings();
writeLogData("access", "cms-user '" . $user . "' logged in successfully.");
return true;
} else {
$this->id = $users[$user]['id'];
$_SESSION['jzUserID'] = jz_cookie_encode($this->id);
$this->loadSettings();
writeLogData("access", "cms-user '" . $user . "' logged in successfully.");
return true;
}
}
return false;
}
// NO CMS; standard way.
// Passwords are hashes.
if (isset($users[$user]) && 0 == strcasecmp($users[$user]['password'], $password)) {
$this->id = $users[$user]['id'];
if ($remember) {
setcookie('jzUserID', jz_cookie_encode($this->id), time() + 60 * 60 * 24 * 30);
}
$_SESSION['jzUserID'] = jz_cookie_encode($this->id);
$this->loadSettings();
writeLogData("access", "user '" . $user . "' logged in successfully.");
return true;
} else {
unset($_SESSION['jzUserID']);
writeLogData("access", "failed login for user '" . $user . "'.");
return false;
}
}
