diff options
Diffstat (limited to 'modules/gallery/controllers')
| -rw-r--r-- | modules/gallery/controllers/admin.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/admin_identity.php | 57 | ||||
| -rw-r--r-- | modules/gallery/controllers/albums.php | 6 | ||||
| -rw-r--r-- | modules/gallery/controllers/l10n_client.php | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/login.php | 17 | ||||
| -rw-r--r-- | modules/gallery/controllers/logout.php | 13 | ||||
| -rw-r--r-- | modules/gallery/controllers/password.php | 6 | ||||
| -rw-r--r-- | modules/gallery/controllers/permissions.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/upgrader.php | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/welcome_message.php | 4 |
10 files changed, 91 insertions, 24 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index b92a32cd..24eebe7d 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -21,7 +21,7 @@ class Admin_Controller extends Controller { private $theme; public function __construct($theme=null) { - if (!(user::active()->admin)) { + if (!(Session::active_user()->admin)) { access::forbidden(); } diff --git a/modules/gallery/controllers/admin_identity.php b/modules/gallery/controllers/admin_identity.php new file mode 100644 index 00000000..dd1cfb4b --- /dev/null +++ b/modules/gallery/controllers/admin_identity.php @@ -0,0 +1,57 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Admin_Identity_Controller extends Admin_Controller { + public function index() { + $view = new Admin_View("admin.html"); + $view->content = new View("admin_identity.html"); + $view->content->available = Identity::active(); + $view->content->active = module::get_var("gallery", "identity_provider", "user"); + print $view; + } + + public function confirm() { + access::verify_csrf(); + + $v = new View("admin_identity_confirm.html"); + $v->new_provider = $this->input->post("provider"); + + print $v; + } + + public function change() { + access::verify_csrf(); + + $active_provider = module::get_var("gallery", "identity_provider", "user"); + $providers = Identity::active(); + + $new_provider = $this->input->post("provider"); + + if ($new_provider != $active_provider) { + module::event("identity_change", $new_provider); + + // @todo this type of collation is questionable from an i18n perspective + message::success(t("Changed to %description", + array("description" => $providers->$new_provider))); + } + + url::redirect("admin/identity"); + } +} + diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 9733d1cd..055ff22b 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -29,7 +29,7 @@ class Albums_Controller extends Items_Controller { $view = new Theme_View("page.html", "login"); $view->page_title = t("Log in to Gallery"); $view->content = new View("login_ajax.html"); - $view->content->form = user::get_login_form("login/auth_html"); + $view->content->form = login::get_login_form("login/auth_html"); print $view; return; } else { @@ -111,7 +111,7 @@ class Albums_Controller extends Items_Controller { $this->input->post("name"), $this->input->post("title", $this->input->post("name")), $this->input->post("description"), - user::active()->id, + Session::active_user()->id, $this->input->post("slug")); log::success("content", "Created an album", @@ -146,7 +146,7 @@ class Albums_Controller extends Items_Controller { $_FILES["file"]["name"], $this->input->post("title", $this->input->post("name")), $this->input->post("description"), - user::active()->id); + Session::active_user()->id); log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo")); message::success(t("Added photo %photo_title", diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php index 6fdbb3a1..2ab73102 100644 --- a/modules/gallery/controllers/l10n_client.php +++ b/modules/gallery/controllers/l10n_client.php @@ -20,7 +20,7 @@ class L10n_Client_Controller extends Controller { public function save() { access::verify_csrf(); - if (!user::active()->admin) { + if (!Session::active_user()->admin) { access::forbidden(); } @@ -85,7 +85,7 @@ class L10n_Client_Controller extends Controller { public function toggle_l10n_mode() { access::verify_csrf(); - if (!user::active()->admin) { + if (!Session::active_user()->admin) { access::forbidden(); } diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 2c4bd557..96a97a1d 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -21,7 +21,7 @@ class Login_Controller extends Controller { public function ajax() { $view = new View("login_ajax.html"); - $view->form = user::get_login_form("login/auth_ajax"); + $view->form = login::get_login_form("login/auth_ajax"); print $view; } @@ -40,7 +40,7 @@ class Login_Controller extends Controller { } public function html() { - print user::get_login_form("login/auth_html"); + print login::get_login_form("login/auth_html"); } public function auth_html() { @@ -54,11 +54,11 @@ class Login_Controller extends Controller { } } private function _auth($url) { - $form = user::get_login_form($url); + $form = login::get_login_form($url); $valid = $form->validate(); if ($valid) { - $user = user::lookup_by_name($form->login->inputs["name"]->value); - if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) { + $user = Identity::lookup_user_by_name($form->login->inputs["name"]->value); + if (empty($user) || !Identity::is_correct_password($user, $form->login->password->value)) { log::warning( "user", t("Failed login for %name", @@ -69,7 +69,12 @@ class Login_Controller extends Controller { } if ($valid) { - user::login($user); + if (Identity::is_writable()) { + $user->login_count += 1; + $user->last_login = time(); + $user->save(); + } + Session::set_active_user($user); log::info("user", t("User %name logged in", array("name" => $user->name))); } diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 45d397ad..058860fa 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -19,10 +19,15 @@ */ class Logout_Controller extends Controller { public function index() { - //access::verify_csrf(); - - $user = user::active(); - user::logout(); + $user = Session::active_user(); + if (!$user->guest) { + try { + Session::instance()->destroy(); + } catch (Exception $e) { + Kohana::log("error", $e); + } + module::event("user_logout", $user); + } log::info("user", t("User %name logged out", array("name" => $user->name)), html::anchor("user/$user->id", html::clean($user->name))); if ($continue_url = $this->input->get("continue")) { diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php index e8b08960..ce6d67b1 100644 --- a/modules/gallery/controllers/password.php +++ b/modules/gallery/controllers/password.php @@ -32,7 +32,7 @@ class Password_Controller extends Controller { if (request::method() == "post") { $this->_change_password(); } else { - $user = user::lookup_by_hash(Input::instance()->get("key")); + $user = Identity::lookup_user_by_hash(Input::instance()->get("key")); if (!empty($user)) { print $this->_new_password_form($user->hash); } else { @@ -46,7 +46,7 @@ class Password_Controller extends Controller { $valid = $form->validate(); if ($valid) { - $user = user::lockup_by_name($form->reset->inputs["name"]->value); + $user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value); if (!$user->loaded || empty($user->email)) { $form->reset->inputs["name"]->add_error("no_email", 1); $valid = false; @@ -116,7 +116,7 @@ class Password_Controller extends Controller { private function _change_password() { $view = $this->_new_password_form(); if ($view->content->validate()) { - $user = user::lookup_by_hash(Input::instance()->get("key")); + $user = Identity::lookup_user_by_hash(Input::instance()->get("key")); if (empty($user)) { throw new Exception("@todo FORBIDDEN", 503); } diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index 8d75862e..7a06c3d3 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -74,7 +74,7 @@ class Permissions_Controller extends Controller { // If the active user just took away their own edit permissions, give it back. if ($perm->name == "edit") { - if (!access::user_can(user::active(), "edit", $item)) { + if (!access::user_can(Session::active_user(), "edit", $item)) { access::allow($group, $perm->name, $item); } } diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 0f6cbc2c..e0c5d340 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -40,7 +40,7 @@ class Upgrader_Controller extends Controller { } $view = new View("upgrader.html"); - $view->can_upgrade = user::active()->admin || $session->get("can_upgrade"); + $view->can_upgrade = Session::active_user()->admin || $session->get("can_upgrade"); $view->upgrade_token = $upgrade_token; $view->available = module::available(); $view->done = ($available_upgrades == 0); @@ -52,7 +52,7 @@ class Upgrader_Controller extends Controller { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; - } else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) { + } else if (!Session::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } diff --git a/modules/gallery/controllers/welcome_message.php b/modules/gallery/controllers/welcome_message.php index 8fd1e0a0..cfdc3976 100644 --- a/modules/gallery/controllers/welcome_message.php +++ b/modules/gallery/controllers/welcome_message.php @@ -19,12 +19,12 @@ */ class Welcome_Message_Controller extends Controller { public function index() { - if (!user::active()->admin) { + if (!Session::active_user()->admin) { url::redirect(item::root()->abs_url()); } $v = new View("welcome_message.html"); - $v->user = user::active(); + $v->user = Session::active_user(); print $v; } } |