} } } if (!isset($_POST['login'])) { $_zp_loggedin = checkAuthorization(zp_getCookie('zenphoto_auth')); if (!$_zp_loggedin) { // Clear the cookie zp_setcookie("zenphoto_auth", "", time() - 368000, $cookiepath); } } else { // Handle the login form. if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) { $post_user = sanitize($_POST['user'], 3); $post_pass = sanitize($_POST['pass'], 3); $redirect = sanitize_path($_POST['redirect']); if ($_zp_loggedin = checkLogon($post_user, $post_pass)) { zp_setcookie("zenphoto_auth", passwordHash($post_user, $post_pass), time() + COOKIE_PESISTENCE, $cookiepath); if (!empty($redirect)) { header("Location: " . FULLWEBPATH . '/' . $redirect); } } else { // Clear the cookie, just in case zp_setcookie("zenphoto_auth", "", time() - 368000, $cookiepath); // was it a request for a reset? if ($_zp_captcha->checkCaptcha(trim($post_pass), sanitize($_POST['code_h'], 3))) { if (empty($post_user)) { $requestor = 'You are receiving this e-mail because of a password reset request on your Zenphoto gallery.'; } else { $requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your Zenphoto gallery from a user who tried to log in as %s."), $post_user); } $admins = getAdministrators();
/** *checks for album password posting */ function zp_handle_password() { global $_zp_loggedin, $_zp_login_error, $_zp_current_album; if (zp_loggedin()) { return; } // who cares, we don't need any authorization $cookiepath = WEBPATH; if (WEBPATH == '') { $cookiepath = '/'; } $check_auth = ''; if (in_context(ZP_SEARCH)) { // search page $authType = 'zp_search_auth'; $check_auth = getOption('search_password'); $check_user = getOption('search_user'); } else { if (in_context(ZP_ALBUM)) { // album page $authType = "zp_album_auth_" . cookiecode($_zp_current_album->name); $check_auth = $_zp_current_album->getPassword(); $check_user = $_zp_current_album->getUser(); if (empty($check_auth)) { $parent = $_zp_current_album->getParent(); while (!is_null($parent)) { $check_auth = $parent->getPassword(); $check_user = $parent->getUser(); $authType = "zp_album_auth_" . cookiecode($parent->name); if (!empty($check_auth)) { break; } $parent = $parent->getParent(); } } } } if (empty($check_auth)) { // anything else is controlled by the gallery credentials $authType = 'zp_gallery_auth'; $check_auth = getOption('gallery_password'); $check_user = getOption('gallery_user'); } // Handle the login form. if (isset($_POST['password']) && isset($_POST['pass'])) { $post_user = $_POST['user']; $post_pass = $_POST['pass']; $auth = md5($post_user . $post_pass); if ($_zp_loggedin = checkLogon($post_user, $post_pass)) { // allow Admin user login zp_setcookie("zenphoto_auth", $auth, time() + COOKIE_PESISTENCE, $cookiepath); } else { if ($auth == $check_auth && $post_user == $check_user) { // Correct auth info. Set the cookie. zp_setcookie($authType, $auth, time() + COOKIE_PESISTENCE, $cookiepath); } else { // Clear the cookie, just in case zp_setcookie($authType, "", time() - 368000, $cookiepath); $_zp_login_error = true; } } return; } if (empty($check_auth)) { //no password on record return; } if (($saved_auth = zp_getCookie($authType)) != '') { if ($saved_auth == $check_auth) { return; } else { // Clear the cookie zp_setcookie($authType, "", time() - 368000, $cookiepath); } } }