summaryrefslogtreecommitdiff
path: root/modules/gallery/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/controllers')
-rw-r--r--modules/gallery/controllers/admin.php2
-rw-r--r--modules/gallery/controllers/admin_identity.php75
-rw-r--r--modules/gallery/controllers/albums.php6
-rw-r--r--modules/gallery/controllers/l10n_client.php4
-rw-r--r--modules/gallery/controllers/login.php18
-rw-r--r--modules/gallery/controllers/logout.php13
-rw-r--r--modules/gallery/controllers/password.php133
-rw-r--r--modules/gallery/controllers/permissions.php8
-rw-r--r--modules/gallery/controllers/upgrader.php4
-rw-r--r--modules/gallery/controllers/welcome_message.php4
10 files changed, 110 insertions, 157 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index b92a32cd..24eebe7d 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -21,7 +21,7 @@ class Admin_Controller extends Controller {
private $theme;
public function __construct($theme=null) {
- if (!(user::active()->admin)) {
+ if (!(Session::active_user()->admin)) {
access::forbidden();
}
diff --git a/modules/gallery/controllers/admin_identity.php b/modules/gallery/controllers/admin_identity.php
new file mode 100644
index 00000000..9d756a5c
--- /dev/null
+++ b/modules/gallery/controllers/admin_identity.php
@@ -0,0 +1,75 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class Admin_Identity_Controller extends Admin_Controller {
+ public function index() {
+ $view = new Admin_View("admin.html");
+ $view->content = new View("admin_identity.html");
+ $view->content->available = Identity::providers();
+ $view->content->active = module::get_var("gallery", "identity_provider", "user");
+ print $view;
+ }
+
+ public function confirm() {
+ access::verify_csrf();
+
+ $v = new View("admin_identity_confirm.html");
+ $v->new_provider = $this->input->post("provider");
+
+ print $v;
+ }
+
+ public function change() {
+ access::verify_csrf();
+
+ $active_provider = module::get_var("gallery", "identity_provider", "user");
+ $providers = Identity::providers();
+
+ $new_provider = $this->input->post("provider");
+
+ if ($new_provider != $active_provider) {
+
+ module::event("pre_identity_change", $active_provider, $new_provider);
+
+ Identity::deactivate();
+
+ // Switch authentication
+ module::set_var("gallery", "identity_provider", $new_provider);
+ Identity::reset();
+
+ Identity::activate();
+
+ // @todo this type of collation is questionable from an i18n perspective
+ message::success(t("Changed to %description",
+ array("description" => $providers->$new_provider)));
+
+ try {
+ Session::instance()->destroy();
+ } catch (Exception $e) {
+ // We don't care if there was a problem destroying the session.
+ }
+ url::redirect(item::root()->abs_url());
+ }
+
+ message::info(t("The selected provider \"%description\" is already active.",
+ array("description" => $providers->$new_provider)));
+ url::redirect("admin/identity");
+ }
+}
+
diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index ae4ad395..9480a037 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -29,7 +29,7 @@ class Albums_Controller extends Items_Controller {
$view = new Theme_View("page.html", "login");
$view->page_title = t("Log in to Gallery");
$view->content = new View("login_ajax.html");
- $view->content->form = user::get_login_form("login/auth_html");
+ $view->content->form = login::get_login_form("login/auth_html");
print $view;
return;
} else {
@@ -111,7 +111,7 @@ class Albums_Controller extends Items_Controller {
$this->input->post("name"),
$this->input->post("title", $this->input->post("name")),
$this->input->post("description"),
- user::active()->id,
+ Session::active_user()->id,
$this->input->post("slug"));
log::success("content", "Created an album",
@@ -146,7 +146,7 @@ class Albums_Controller extends Items_Controller {
$_FILES["file"]["name"],
$this->input->post("title", $this->input->post("name")),
$this->input->post("description"),
- user::active()->id);
+ Session::active_user()->id);
log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
message::success(t("Added photo %photo_title",
diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php
index 6fdbb3a1..2ab73102 100644
--- a/modules/gallery/controllers/l10n_client.php
+++ b/modules/gallery/controllers/l10n_client.php
@@ -20,7 +20,7 @@
class L10n_Client_Controller extends Controller {
public function save() {
access::verify_csrf();
- if (!user::active()->admin) {
+ if (!Session::active_user()->admin) {
access::forbidden();
}
@@ -85,7 +85,7 @@ class L10n_Client_Controller extends Controller {
public function toggle_l10n_mode() {
access::verify_csrf();
- if (!user::active()->admin) {
+ if (!Session::active_user()->admin) {
access::forbidden();
}
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 2c4bd557..4c83d647 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -21,7 +21,7 @@ class Login_Controller extends Controller {
public function ajax() {
$view = new View("login_ajax.html");
- $view->form = user::get_login_form("login/auth_ajax");
+ $view->form = login::get_login_form("login/auth_ajax");
print $view;
}
@@ -40,7 +40,7 @@ class Login_Controller extends Controller {
}
public function html() {
- print user::get_login_form("login/auth_html");
+ print login::get_login_form("login/auth_html");
}
public function auth_html() {
@@ -53,12 +53,13 @@ class Login_Controller extends Controller {
print $form;
}
}
+
private function _auth($url) {
- $form = user::get_login_form($url);
+ $form = login::get_login_form($url);
$valid = $form->validate();
if ($valid) {
- $user = user::lookup_by_name($form->login->inputs["name"]->value);
- if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
+ $user = Identity::lookup_user_by_name($form->login->inputs["name"]->value);
+ if (empty($user) || !Identity::is_correct_password($user, $form->login->password->value)) {
log::warning(
"user",
t("Failed login for %name",
@@ -69,7 +70,12 @@ class Login_Controller extends Controller {
}
if ($valid) {
- user::login($user);
+ if (Identity::is_writable()) {
+ $user->login_count += 1;
+ $user->last_login = time();
+ $user->save();
+ }
+ Session::set_active_user($user);
log::info("user", t("User %name logged in", array("name" => $user->name)));
}
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
index 45d397ad..058860fa 100644
--- a/modules/gallery/controllers/logout.php
+++ b/modules/gallery/controllers/logout.php
@@ -19,10 +19,15 @@
*/
class Logout_Controller extends Controller {
public function index() {
- //access::verify_csrf();
-
- $user = user::active();
- user::logout();
+ $user = Session::active_user();
+ if (!$user->guest) {
+ try {
+ Session::instance()->destroy();
+ } catch (Exception $e) {
+ Kohana::log("error", $e);
+ }
+ module::event("user_logout", $user);
+ }
log::info("user", t("User %name logged out", array("name" => $user->name)),
html::anchor("user/$user->id", html::clean($user->name)));
if ($continue_url = $this->input->get("continue")) {
diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php
deleted file mode 100644
index e8b08960..00000000
--- a/modules/gallery/controllers/password.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class Password_Controller extends Controller {
- public function reset() {
- if (request::method() == "post") {
- // @todo separate the post from get parts of this function
- access::verify_csrf();
- $this->_send_reset();
- } else {
- print $this->_reset_form();
- }
- }
-
- public function do_reset() {
- if (request::method() == "post") {
- $this->_change_password();
- } else {
- $user = user::lookup_by_hash(Input::instance()->get("key"));
- if (!empty($user)) {
- print $this->_new_password_form($user->hash);
- } else {
- throw new Exception("@todo FORBIDDEN", 503);
- }
- }
- }
-
- private function _send_reset() {
- $form = $this->_reset_form();
-
- $valid = $form->validate();
- if ($valid) {
- $user = user::lockup_by_name($form->reset->inputs["name"]->value);
- if (!$user->loaded || empty($user->email)) {
- $form->reset->inputs["name"]->add_error("no_email", 1);
- $valid = false;
- }
- }
-
- if ($valid) {
- $user->hash = md5(rand());
- $user->save();
- $message = new View("reset_password.html");
- $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
- $message->user = $user;
-
- Sendmail::factory()
- ->to($user->email)
- ->subject(t("Password Reset Request"))
- ->header("Mime-Version", "1.0")
- ->header("Content-type", "text/html; charset=iso-8859-1")
- ->message($message->render())
- ->send();
-
- log::success(
- "user",
- t("Password reset email sent for user %name", array("name" => $user->name)));
- } else {
- // Don't include the username here until you're sure that it's XSS safe
- log::warning(
- "user", "Password reset email requested for bogus user");
- }
-
- message::success(t("Password reset email sent"));
- print json_encode(
- array("result" => "success"));
- }
-
- private function _reset_form() {
- $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
- $group = $form->group("reset")->label(t("Reset Password"));
- $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
- $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
- $group->submit("")->value(t("Reset"));
-
- return $form;
- }
-
- private function _new_password_form($hash=null) {
- $template = new Theme_View("page.html", "reset");
-
- $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
- $group = $form->group("reset")->label(t("Change Password"));
- $hidden = $group->hidden("hash");
- if (!empty($hash)) {
- $hidden->value($hash);
- }
- $group->password("password")->label(t("Password"))->id("g-password")
- ->rules("required|length[1,40]");
- $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
- ->matches($group->password);
- $group->inputs["password2"]->error_messages(
- "mistyped", t("The password and the confirm password must match"));
- $group->submit("")->value(t("Update"));
-
- $template->content = $form;
- return $template;
- }
-
- private function _change_password() {
- $view = $this->_new_password_form();
- if ($view->content->validate()) {
- $user = user::lookup_by_hash(Input::instance()->get("key"));
- if (empty($user)) {
- throw new Exception("@todo FORBIDDEN", 503);
- }
-
- $user->password = $view->content->reset->password->value;
- $user->hash = null;
- $user->save();
- message::success(t("Password reset successfully"));
- url::redirect(item::root()->abs_url());
- } else {
- print $view;
- }
- }
-} \ No newline at end of file
diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php
index 8d75862e..58c5b816 100644
--- a/modules/gallery/controllers/permissions.php
+++ b/modules/gallery/controllers/permissions.php
@@ -51,13 +51,13 @@ class Permissions_Controller extends Controller {
function change($command, $group_id, $perm_id, $item_id) {
access::verify_csrf();
- $group = ORM::factory("group", $group_id);
+ $group = Identity::lookup_group($group_id);
$perm = ORM::factory("permission", $perm_id);
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
- if ($group->loaded && $perm->loaded && $item->loaded) {
+ if (!empty($group) && $perm->loaded && $item->loaded) {
switch($command) {
case "allow":
access::allow($group, $perm->name, $item);
@@ -74,7 +74,7 @@ class Permissions_Controller extends Controller {
// If the active user just took away their own edit permissions, give it back.
if ($perm->name == "edit") {
- if (!access::user_can(user::active(), "edit", $item)) {
+ if (!access::user_can(Session::active_user(), "edit", $item)) {
access::allow($group, $perm->name, $item);
}
}
@@ -84,7 +84,7 @@ class Permissions_Controller extends Controller {
private function _get_form($item) {
$view = new View("permissions_form.html");
$view->item = $item;
- $view->groups = ORM::factory("group")->find_all();
+ $view->groups = Identity::groups();
$view->permissions = ORM::factory("permission")->find_all();
return $view;
}
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index 0f6cbc2c..e0c5d340 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -40,7 +40,7 @@ class Upgrader_Controller extends Controller {
}
$view = new View("upgrader.html");
- $view->can_upgrade = user::active()->admin || $session->get("can_upgrade");
+ $view->can_upgrade = Session::active_user()->admin || $session->get("can_upgrade");
$view->upgrade_token = $upgrade_token;
$view->available = module::available();
$view->done = ($available_upgrades == 0);
@@ -52,7 +52,7 @@ class Upgrader_Controller extends Controller {
// @todo this may screw up some module installers, but we don't have a better answer at
// this time.
$_SERVER["HTTP_HOST"] = "example.com";
- } else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) {
+ } else if (!Session::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
access::forbidden();
}
diff --git a/modules/gallery/controllers/welcome_message.php b/modules/gallery/controllers/welcome_message.php
index 8fd1e0a0..cfdc3976 100644
--- a/modules/gallery/controllers/welcome_message.php
+++ b/modules/gallery/controllers/welcome_message.php
@@ -19,12 +19,12 @@
*/
class Welcome_Message_Controller extends Controller {
public function index() {
- if (!user::active()->admin) {
+ if (!Session::active_user()->admin) {
url::redirect(item::root()->abs_url());
}
$v = new View("welcome_message.html");
- $v->user = user::active();
+ $v->user = Session::active_user();
print $v;
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 15:21:13 +0000