static function invalidate($cookies)
{
global $_zp_loggedin, $_zp_current_admin_obj;
if (zp_getCookie('cookieInvalidator') != ($newBase = getOption('cookieInvalidator_base'))) {
foreach ($cookies as $cookie => $value) {
zp_clearCookie($cookie);
}
zp_setCookie('cookieInvalidator', $newBase);
$_zp_current_admin_obj = $_zp_loggedin = NULL;
}
}
$protocol = sanitize($_POST['server_protocol'], 3);
if ($protocol != SERVER_PROTOCOL) {
// force https if required to be sure it works, otherwise the "save" will be the last thing we do
httpsRedirect();
}
if (getOption('server_protocol') != $protocol) {
setOption('server_protocol', $protocol);
$_configMutex->lock();
$zp_cfg = @file_get_contents(SERVERPATH . '/' . DATA_FOLDER . '/' . CONFIGFILE);
$zp_cfg = updateConfigItem('server_protocol', $protocol, $zp_cfg);
storeConfig($zp_cfg);
$_configMutex->unlock();
}
$_zp_gallery->setUserLogonField(isset($_POST['login_user_field']));
if ($protocol == 'http') {
zp_clearCookie("zenphoto_ssl");
}
setOption('IP_tied_cookies', (int) isset($_POST['IP_tied_cookies']));
setOption('obfuscate_cache', (int) isset($_POST['obfuscate_cache']));
setOption('image_processor_flooding_protection', (int) isset($_POST['image_processor_flooding_protection']));
$_zp_gallery->save();
$returntab = "&tab=security";
}
/* * * custom options ** */
if (!$themeswitch) {
// was really a save.
$returntab = processCustomOptionSave($returntab, $themename, $themealbum);
}
if (empty($notify)) {
$notify = '?saved';
}
/**
* checks password posting
*
* @param string $authType override of athorization type
*/
function zp_handle_password($authType = NULL, $check_auth = NULL, $check_user = NULL)
{
global $_zp_loggedin, $_zp_login_error, $_zp_current_album, $_zp_current_zenpage_page, $_zp_gallery;
if (empty($authType)) {
// not supplied by caller
$check_auth = '';
if (isset($_GET['z']) && @$_GET['p'] == 'full-image' || isset($_GET['p']) && $_GET['p'] == '*full-image') {
$authType = 'zp_image_auth';
$check_auth = getOption('protected_image_password');
$check_user = getOption('protected_image_user');
} else {
if (in_context(ZP_SEARCH)) {
// search page
$authType = 'zp_search_auth';
$check_auth = getOption('search_password');
$check_user = getOption('search_user');
} else {
if (in_context(ZP_ALBUM)) {
// album page
$authType = "zp_album_auth_" . $_zp_current_album->getID();
$check_auth = $_zp_current_album->getPassword();
$check_user = $_zp_current_album->getUser();
if (empty($check_auth)) {
$parent = $_zp_current_album->getParent();
while (!is_null($parent)) {
$check_auth = $parent->getPassword();
$check_user = $parent->getUser();
$authType = "zp_album_auth_" . $parent->getID();
if (!empty($check_auth)) {
break;
}
$parent = $parent->getParent();
}
}
} else {
if (in_context(ZP_ZENPAGE_PAGE)) {
$authType = "zp_page_auth_" . $_zp_current_zenpage_page->getID();
$check_auth = $_zp_current_zenpage_page->getPassword();
$check_user = $_zp_current_zenpage_page->getUser();
if (empty($check_auth)) {
$pageobj = $_zp_current_zenpage_page;
while (empty($check_auth)) {
$parentID = $pageobj->getParentID();
if ($parentID == 0) {
break;
}
$sql = 'SELECT `titlelink` FROM ' . prefix('pages') . ' WHERE `id`=' . $parentID;
$result = query_single_row($sql);
$pageobj = new ZenpagePage($result['titlelink']);
$authType = "zp_page_auth_" . $pageobj->getID();
$check_auth = $pageobj->getPassword();
$check_user = $pageobj->getUser();
}
}
}
}
}
}
if (empty($check_auth)) {
// anything else is controlled by the gallery credentials
$authType = 'zp_gallery_auth';
$check_auth = $_zp_gallery->getPassword();
$check_user = $_zp_gallery->getUser();
}
}
// Handle the login form.
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: \$authType={$authType}; \$check_auth={$check_auth}; \$check_user={$check_user}; ");
}
if (isset($_POST['password']) && isset($_POST['pass'])) {
// process login form
if (isset($_POST['user'])) {
$post_user = sanitize($_POST['user']);
} else {
$post_user = '';
}
$post_pass = $_POST['pass'];
// We should not sanitize the password
foreach (Zenphoto_Authority::$hashList as $hash => $hi) {
$auth = Zenphoto_Authority::passwordHash($post_user, $post_pass, $hi);
$success = $auth == $check_auth && $post_user == $check_user;
if (DEBUG_LOGIN) {
debugLog("zp_handle_password({$success}): \$post_user={$post_user}; \$post_pass={$post_pass}; \$check_auth={$check_auth}; \$auth={$auth}; \$hash={$hash};");
}
if ($success) {
break;
}
}
$success = zp_apply_filter('guest_login_attempt', $success, $post_user, $post_pass, $authType);
if ($success) {
// Correct auth info. Set the cookie.
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: valid credentials");
}
zp_setCookie($authType, $auth);
if (isset($_POST['redirect'])) {
$redirect_to = sanitizeRedirect($_POST['redirect'], true);
if (!empty($redirect_to)) {
header("Location: " . $redirect_to);
exitZP();
}
}
} else {
// Clear the cookie, just in case
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: invalid credentials");
}
zp_clearCookie($authType);
$_zp_login_error = true;
}
return;
}
if (empty($check_auth)) {
//no password on record or admin logged in
return;
}
if (($saved_auth = zp_getCookie($authType)) != '') {
if ($saved_auth == $check_auth) {
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: valid cookie");
}
return;
} else {
// Clear the cookie
if (DEBUG_LOGIN) {
debugLog("zp_handle_password: invalid cookie");
}
zp_clearCookie($authType);
}
}
}
/**
* Sets the locale, etc. to the zenphoto domain details.
* Returns the result of setupCurrentLocale()
*
*/
function setMainDomain()
{
global $_zp_current_admin_obj, $_zp_current_locale;
if (DEBUG_LOCALE) {
debugLogBackTrace("setMainDomain()");
}
if (isset($_REQUEST['locale'])) {
$_zp_current_locale = validateLocale(sanitize($_REQUEST['locale']), isset($_POST['locale']) ? 'POST' : 'URI string');
if ($_zp_current_locale) {
zp_setCookie('dynamic_locale', $_zp_current_locale);
} else {
zp_clearCookie('dynamic_locale');
}
if (DEBUG_LOCALE) {
debugLog("dynamic_locale from URL: " . sanitize($_REQUEST['locale']) . "=>{$_zp_current_locale}");
}
} else {
$matches = explode('.', @$_SERVER['HTTP_HOST']);
$_zp_current_locale = validateLocale($matches[0], 'HTTP_HOST');
if ($_zp_current_locale && zp_getCookie('dynamic_locale')) {
zp_clearCookie('dynamic_locale');
}
if (DEBUG_LOCALE) {
debugLog("dynamic_locale from HTTP_HOST: " . sanitize($matches[0]) . "=>{$_zp_current_locale}");
}
}
if (!$_zp_current_locale && is_object($_zp_current_admin_obj)) {
$_zp_current_locale = $_zp_current_admin_obj->getLanguage();
if (DEBUG_LOCALE) {
debugLog("locale from user: "******"locale from option: " . $localeOption . '; dynamic locale=' . $_zp_current_locale);
}
if (empty($localeOption) && empty($_zp_current_locale)) {
// if one is not set, see if there is a match from 'HTTP_ACCEPT_LANGUAGE'
$languageSupport = generateLanguageList();
$userLang = parseHttpAcceptLanguage();
foreach ($userLang as $lang) {
$l = strtoupper($lang['fullcode']);
$_zp_current_locale = validateLocale($l, 'HTTP Accept Language');
if ($_zp_current_locale) {
break;
}
}
} else {
if (empty($_zp_current_locale)) {
$_zp_current_locale = $localeOption;
}
}
}
if (empty($_zp_current_locale)) {
// return "default" language, English if allowed, otherwise whatever is the "first" allowed language
$languageSupport = generateLanguageList();
if (defined('BASE_LOCALE')) {
$loc = BASE_LOCALE;
} else {
$loc = 'en_US';
}
if (empty($languageSupport) || in_array($loc, $languageSupport)) {
$_zp_current_locale = $loc;
} else {
$_zp_current_locale = array_shift($languageSupport);
}
if (DEBUG_LOCALE) {
debugLog("locale from language list: " . $_zp_current_locale);
}
} else {
setOption('locale', $_zp_current_locale, false);
}
if (DEBUG_LOCALE) {
debugLog("getUserLocale Returning locale: " . $_zp_current_locale);
}
return setupCurrentLocale($_zp_current_locale);
}
/**
* Checks saved cookies to see if a user is logged in
*/
function checkCookieCredentials()
{
list($auth, $id) = explode('.', zp_getCookie('zp_user_auth') . '.');
$loggedin = $this->checkAuthorization($auth, (int) $id);
$loggedin = zp_apply_filter('authorization_cookie', $loggedin, $auth, $id);
if ($loggedin) {
return $loggedin;
}
zp_clearCookie("zp_user_auth");
return NULL;
}
/**
* Loads the search object.
*/
function zp_load_search()
{
global $_zp_current_search;
zp_clearCookie("zenphoto_search_params");
if (!is_object($_zp_current_search)) {
$_zp_current_search = new SearchEngine();
}
add_context(ZP_SEARCH);
$params = $_zp_current_search->getSearchParams();
zp_setCookie("zenphoto_search_params", $params, SEARCH_DURATION);
return $_zp_current_search;
}
/**
* This is the "tokens" upload tab
*
* @author Stephen Billard (sbillard)
*
* Copyright 2014 by Stephen L Billard for use in {@link https://github.com/ZenPhoto20/ZenPhoto20 ZenPhoto20}
*
* @package plugins
* @subpackage development
*/
require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php';
admin_securityChecks(DEBUG_RIGHTS, $return = currentRelativeURL());
if (isset($_POST['delete_cookie'])) {
foreach ($_POST['delete_cookie'] as $cookie => $v) {
zp_clearCookie(postIndexDecode($cookie));
}
header('location: ?page=develpment&tab=cookie');
exitZP();
}
$subtab = getSubtabs();
printAdminHeader('development', $subtab);
echo "\n</head>";
?>
<body>
<?php
printLogoAndLinks();
?>
<div id="main">
/**
*
* Handles the POSTing of a comment
* @return NULL|boolean
*/
function comment_form_handle_comment()
{
global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_article, $_zp_current_page, $_zp_HTML_cache;
$comment_error = 0;
$cookie = zp_getCookie('zenphoto_comment');
if (isset($_POST['comment']) && (!isset($_POST['username']) || empty($_POST['username']))) {
// 'username' is a honey-pot trap
/*
* do not save the post page in the cache
* Also the cache should be cleared so that a new page is saved at the first non-comment posting viewing.
* But this has to wait until processing is finished to avoid race conditions.
*/
$_zp_HTML_cache->disable();
if (in_context(ZP_IMAGE)) {
$commentobject = $_zp_current_image;
$redirectTo = $_zp_current_image->getLink();
} else {
if (in_context(ZP_ALBUM)) {
$commentobject = $_zp_current_album;
$redirectTo = $_zp_current_album->getLink();
} else {
if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
$commentobject = $_zp_current_article;
$redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_article->getTitlelink();
} else {
if (in_context(ZP_ZENPAGE_PAGE)) {
$commentobject = $_zp_current_page;
$redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_page->getTitlelink();
} else {
$commentobject = NULL;
$error = gettext('Comment posted on unknown page!');
}
}
}
}
if (is_object($commentobject)) {
if (isset($_POST['name'])) {
$p_name = sanitize($_POST['name'], 3);
} else {
$p_name = NULL;
}
if (isset($_POST['email'])) {
$p_email = sanitize($_POST['email'], 3);
if (!is_valid_email_zp($p_email)) {
$p_email = NULL;
}
} else {
$p_email = NULL;
}
if (isset($_POST['website'])) {
$p_website = sanitize($_POST['website'], 3);
if ($p_website && strpos($p_website, 'http') !== 0) {
$p_website = 'http://' . $p_website;
}
if (!isValidURL($p_website)) {
$p_website = NULL;
}
} else {
$p_website = NULL;
}
if (isset($_POST['comment'])) {
$p_comment = sanitize($_POST['comment'], 1);
} else {
$p_comment = '';
}
$p_server = getUserIP();
if (isset($_POST['code'])) {
$code1 = sanitize($_POST['code'], 3);
$code2 = sanitize($_POST['code_h'], 3);
} else {
$code1 = '';
$code2 = '';
}
$p_private = isset($_POST['private']);
$p_anon = isset($_POST['anon']);
$commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon, serialize(getCommentAddress(0)));
$comment_error = $commentadded->getInModeration();
$_zp_comment_stored = array('name' => $commentadded->getName(), 'email' => $commentadded->getEmail(), 'website' => $commentadded->getWebsite(), 'comment' => $commentadded->getComment(), 'saved' => isset($_POST['remember']), 'private' => $commentadded->getPrivate(), 'anon' => $commentadded->getAnon(), 'custom' => $commentadded->getCustomData());
if ($comment_error) {
$error = $commentadded->comment_error_text;
$comment_error++;
} else {
$_zp_HTML_cache->clearHtmlCache();
$error = NULL;
if (isset($_POST['remember'])) {
// Should always re-cookie to update info in case it's changed...
$_zp_comment_stored['comment'] = '';
// clear the comment itself
zp_setCookie('zenphoto_comment', serialize($_zp_comment_stored));
} else {
zp_clearCookie('zenphoto_comment');
}
//use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour)
if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) {
// but not for Microsoft IIS because that server fails if we redirect!
header('Location: ' . $redirectTo . '#zp_comment_id_' . $commentadded->getId());
exitZP();
}
}
}
return $error;
} else {
if (!empty($cookie)) {
$cookiedata = getSerializedArray($cookie);
if (count($cookiedata) > 1) {
$_zp_comment_stored = $cookiedata;
}
}
}
return false;
}
