From aff5d1cef4cc2514fe6d714788fffcf418d8fc5b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 7 Feb 2010 08:45:10 -0800 Subject: Create the concept of a "failed authentication" as semantically separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts --- modules/gallery/controllers/login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 1426f0d8..fa175ac8 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -65,7 +65,7 @@ class Login_Controller extends Controller { $form->login->inputs["name"]->add_error("invalid_login", 1); $name = $form->login->inputs["name"]->value; log::warning("user", t("Failed login for %name", array("name" => $name))); - module::event("user_login_failed", $name); + module::event("user_authenticate_failed", $name); $valid = false; } } -- cgit v1.2.3 From eda6e3af06aa51281e614ae9a5e7b4ad4fbbae17 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 7 Feb 2010 08:49:37 -0800 Subject: Rename user_authenticate_xxx events to user_auth_xxx for brevity. --- modules/gallery/controllers/login.php | 2 +- modules/gallery/helpers/gallery_event.php | 4 ++-- modules/user/controllers/users.php | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index fa175ac8..5a08b693 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -65,7 +65,7 @@ class Login_Controller extends Controller { $form->login->inputs["name"]->add_error("invalid_login", 1); $name = $form->login->inputs["name"]->value; log::warning("user", t("Failed login for %name", array("name" => $name))); - module::event("user_authenticate_failed", $name); + module::event("user_auth_failed", $name); $valid = false; } } diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 9ce30929..5fa82160 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -113,11 +113,11 @@ class gallery_event_Core { auth::clear_failed_attempts($user); } - static function user_authenticate_failed($name) { + static function user_auth_failed($name) { auth::record_failed_attempt($name); } - static function user_authenticate($user) { + static function user_auth($user) { auth::clear_failed_attempts($user); } diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 2675d918..1130852b 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -84,7 +84,7 @@ class Users_Controller extends Controller { $user->save(); module::event("user_change_password_form_completed", $user, $form); message::success(t("Password changed")); - module::event("user_authenticate", $user); + module::event("user_auth", $user); module::event("user_password_change", $user); print json_encode( array("result" => "success", @@ -92,7 +92,7 @@ class Users_Controller extends Controller { } else { log::warning("user", t("Failed password change for %name", array("name" => $user->name))); $name = $user->name; - module::event("user_authenticate_failed", $name); + module::event("user_auth_failed", $name); print json_encode(array("result" => "error", "form" => (string) $form)); } } @@ -120,14 +120,14 @@ class Users_Controller extends Controller { $user->save(); module::event("user_change_email_form_completed", $user, $form); message::success(t("Email address changed")); - module::event("user_authenticate", $user); + module::event("user_auth", $user); print json_encode( array("result" => "success", "resource" => url::site("users/{$user->id}"))); } else { log::warning("user", t("Failed email change for %name", array("name" => $user->name))); $name = $user->name; - module::event("user_authenticate_failed", $name); + module::event("user_auth_failed", $name); print json_encode(array("result" => "error", "form" => (string) $form)); } } -- cgit v1.2.3 From f93528ffab19b7a733fc8fb21c22853d8ec0d2f5 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 7 Feb 2010 15:37:32 -0800 Subject: Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now. --- modules/gallery/controllers/admin.php | 6 ++- modules/gallery/controllers/reauthenticate.php | 72 ++++++++++++++++++++++++++ modules/gallery/helpers/auth.php | 27 +++++++++- modules/gallery/helpers/gallery_event.php | 2 + modules/gallery/views/reauthenticate.html.php | 10 ++++ modules/user/controllers/users.php | 8 +-- 6 files changed, 118 insertions(+), 7 deletions(-) create mode 100644 modules/gallery/controllers/reauthenticate.php create mode 100644 modules/gallery/views/reauthenticate.html.php (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index e4216991..b5f3db39 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -21,7 +21,7 @@ class Admin_Controller extends Controller { private $theme; public function __construct($theme=null) { - if (!(identity::active_user()->admin)) { + if (!identity::active_user()->admin) { access::forbidden(); } @@ -29,6 +29,10 @@ class Admin_Controller extends Controller { } public function __call($controller_name, $args) { + if (auth::must_reauth_for_admin_area()) { + return url::redirect("reauthenticate"); + } + if (request::method() == "post") { access::verify_csrf(); } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php new file mode 100644 index 00000000..4b88a9cc --- /dev/null +++ b/modules/gallery/controllers/reauthenticate.php @@ -0,0 +1,72 @@ +admin) { + access::forbidden(); + } + return self::_show_form(self::_form()); + } + + public function auth() { + if (!identity::active_user()->admin) { + access::forbidden(); + } + access::verify_csrf(); + + $form = self::_form(); + $valid = $form->validate(); + $user = identity::active_user(); + if ($valid) { + message::success(t("Successfully re-authenticated!")); + module::event("user_auth", $user); + url::redirect("admin"); + } else { + $name = $user->name; + log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); + module::event("user_auth_failed", $name); + return self::_show_form($form); + } + } + + private static function _show_form($form) { + $view = new Theme_View("page.html", "other", "reauthenticate"); + $view->page_title = t("Re-authenticate"); + $view->content = new View("reauthenticate.html"); + $view->content->form = $form; + $view->content->user_name = identity::active_user()->name; + print $view; + } + + private static function _form() { + $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); + $form->set_attr('class', "g-narrow"); + $group = $form->group("reauthenticate")->label(t("Re-authenticate")); + $group->password("password")->label(t("Password"))->id("g-password")->class(null) + ->callback("auth::validate_too_many_failed_auth_attempts") + ->callback("user::valid_password") + ->error_messages("invalid", t("Incorrect password")) + ->error_messages( + "too_many_failed_auth_attempts", + t("Too many incorrect passwords. Try again later")); + $group->submit("")->value(t("Submit")); + return $form; + } +} diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 2c1e3f67..c3e9e6e9 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -78,9 +78,9 @@ class auth_Core { } } - static function validate_too_many_failed_password_changes($password_input) { + static function validate_too_many_failed_auth_attempts($form_input) { if (self::too_many_failures(identity::active_user()->name)) { - $password_input->add_error("too_many_failed_password_changes", 1); + $form_input->add_error("too_many_failed_auth_attempts", 1); } } @@ -107,4 +107,27 @@ class auth_Core { ->where("name", "=", $user->name) ->delete_all(); } + + /** + * Checks whether the current user (= admin) must + * actively re-authenticate before access is given + * to the admin area. + */ + static function must_reauth_for_admin_area() { + if (!identity::active_user()->admin) { + access::forbidden(); + } + + $session = Session::instance(); + $last_active_auth = $session->get("active_auth_timestamp", 0); + $last_admin_area_activity = $session->get("admin_area_activity_timestamp", 0); + $admin_area_timeout = module::get_var("gallery", "admin_area_timeout"); + + if (max($last_active_auth, $last_admin_area_activity) + $admin_area_timeout < time()) { + return true; + } + + $session->set("admin_area_activity_timestamp", time()); + return false; + } } \ No newline at end of file diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 5fa82160..63f33c12 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -110,6 +110,7 @@ class gallery_event_Core { graphics::choose_default_toolkit(); module::clear_var("gallery", "choose_default_tookit"); } + Session::instance()->set("active_auth_timestamp", time()); auth::clear_failed_attempts($user); } @@ -119,6 +120,7 @@ class gallery_event_Core { static function user_auth($user) { auth::clear_failed_attempts($user); + Session::instance()->set("active_auth_timestamp", time()); } static function item_index_data($item, $data) { diff --git a/modules/gallery/views/reauthenticate.html.php b/modules/gallery/views/reauthenticate.html.php new file mode 100644 index 00000000..8611d0f7 --- /dev/null +++ b/modules/gallery/views/reauthenticate.html.php @@ -0,0 +1,10 @@ + +
+

+ +

+

+ $user_name)) ?> +

+ +
\ No newline at end of file diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 1130852b..0730f391 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -164,11 +164,11 @@ class Users_Controller extends Controller { "users/change_password/$user->id", "", "post", array("id" => "g-change-password-user-form")); $group = $form->group("change_password")->label(t("Change your password")); $group->password("old_password")->label(t("Old password"))->id("g-password") - ->callback("auth::validate_too_many_failed_password_changes") + ->callback("auth::validate_too_many_failed_auth_attempts") ->callback("user::valid_password") ->error_messages("invalid", t("Incorrect password")) ->error_messages( - "too_many_failed_password_changes", + "too_many_failed_auth_attempts", t("Too many incorrect passwords. Try again later")); $group->password("password")->label(t("New password"))->id("g-password") ->error_messages("min_length", t("Your new password is too short")); @@ -189,11 +189,11 @@ class Users_Controller extends Controller { "users/change_email/$user->id", "", "post", array("id" => "g-change-email-user-form")); $group = $form->group("change_email")->label(t("Change your email address")); $group->password("password")->label(t("Current password"))->id("g-password") - ->callback("auth::validate_too_many_failed_password_changes") + ->callback("auth::validate_too_many_failed_auth_attempts") ->callback("user::valid_password") ->error_messages("invalid", t("Incorrect password")) ->error_messages( - "too_many_failed_password_changes", + "too_many_failed_auth_attempts", t("Too many incorrect passwords. Try again later")); $group->input("email")->label(t("New email address"))->id("g-email")->value($user->email) ->error_messages("email", t("You must enter a valid email address")) -- cgit v1.2.3 From 316b0583b374a5754ea112c00464d118917cdbc1 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 7 Feb 2010 21:38:51 -0800 Subject: Revert "Refactor the admin maintenance screen so that events are used to populate the action buttons and other content such as the list of scheduled tasks." Leaving this api out of RC1. This reverts commit 19fee6b5e4ceb8a5f90cafe4ad770856ece108ef. Conflicts: modules/gallery/views/admin_maintenance.html.php --- modules/gallery/controllers/admin_maintenance.php | 11 ++--------- modules/gallery/views/admin_maintenance.html.php | 16 +++++++++------- 2 files changed, 11 insertions(+), 16 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 8e4845a9..487e77a6 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -44,17 +44,10 @@ class Admin_Maintenance_Controller extends Admin_Controller { $view->content->task_definitions = task::get_definitions(); $view->content->running_tasks = ORM::factory("task") ->where("done", "=", 0)->order_by("updated", "DESC")->find_all(); + $view->content->schedule_definitions = + module::is_active("scheduler") ? scheduler::get_definitions() : ""; $view->content->finished_tasks = ORM::factory("task") ->where("done", "=", 1)->order_by("updated", "DESC")->find_all(); - $task_buttons = - new ArrayObject(array((object)array("text" => t("run"), - "url" =>url::site("admin/maintenance/start")))); - module::event("admin_maintenance_task_buttons", $task_buttons); - $view->content->task_buttons = $task_buttons; - - $maintenance_content = new ArrayObject(); - module::event("admin_maintenance_content", $maintenance_content); - $view->content->task_maintenance_content = $maintenance_content; print $view; } diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index 19375670..15d04caa 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -29,21 +29,23 @@ description ?> - - url}/$task->callback?csrf=$csrf" ?>" + callback?csrf=$csrf") ?>" class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all"> - text) ?> + - + + callback?csrf=$csrf") ?>" + class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all"> + + + - - - + count()): ?>
-- cgit v1.2.3 From b8047db5393ddbe27d6ee391845802054b92bf79 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 7 Feb 2010 21:40:34 -0800 Subject: Revert "Add the scheduler component to the admin maintenance screen." This reverts commit 48cb5021c6bd7e65a13a0ff50a9e76f72da7d3a1. --- modules/gallery/controllers/admin_maintenance.php | 2 -- modules/gallery/views/admin_maintenance.html.php | 8 -------- 2 files changed, 10 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 487e77a6..d90fe0ea 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -44,8 +44,6 @@ class Admin_Maintenance_Controller extends Admin_Controller { $view->content->task_definitions = task::get_definitions(); $view->content->running_tasks = ORM::factory("task") ->where("done", "=", 0)->order_by("updated", "DESC")->find_all(); - $view->content->schedule_definitions = - module::is_active("scheduler") ? scheduler::get_definitions() : ""; $view->content->finished_tasks = ORM::factory("task") ->where("done", "=", 1)->order_by("updated", "DESC")->find_all(); print $view; diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index 15d04caa..ac597715 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -33,20 +33,12 @@ class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all"> - - callback?csrf=$csrf") ?>" - class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all"> - - -
- - count()): ?>

-- cgit v1.2.3 From f9d00aa7429599f46e09b23e8313932ac5e186c3 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Mon, 8 Feb 2010 00:30:36 -0800 Subject: Fix for ticket 1008: Redirect to destination after re-auth. --- modules/gallery/controllers/admin.php | 12 +++++++++++- modules/gallery/controllers/reauthenticate.php | 3 ++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index b5f3db39..5467e88a 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -30,7 +30,7 @@ class Admin_Controller extends Controller { public function __call($controller_name, $args) { if (auth::must_reauth_for_admin_area()) { - return url::redirect("reauthenticate"); + return self::_prompt_for_reauth($controller_name, $args); } if (request::method() == "post") { @@ -53,5 +53,15 @@ class Admin_Controller extends Controller { call_user_func_array(array(new $controller_name, $method), $args); } + + private static function _prompt_for_reauth($controller_name, $args) { + if (request::method() == "get" && !request::is_ajax()) { + $url_args = array("admin", $controller_name) + $args; + $continue_url = join("/", $url_args); + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", $continue_url); + } + url::redirect("reauthenticate"); + } } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 4b88a9cc..dbd1cd21 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -37,7 +37,8 @@ class Reauthenticate_Controller extends Controller { if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - url::redirect("admin"); + $continue_url = Session::instance()->get_once("continue_url", "admin"); + url::redirect($continue_url); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); -- cgit v1.2.3 From f6c615c379bb6950dacff34bfda73a616dce6e6b Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 10 Feb 2010 08:32:30 -0800 Subject: Use the helper ulr:current instead of manually creating the continue url. --- modules/gallery/controllers/admin.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 5467e88a..7706e9fc 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -56,10 +56,8 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get" && !request::is_ajax()) { - $url_args = array("admin", $controller_name) + $args; - $continue_url = join("/", $url_args); // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", $continue_url); + Session::instance()->set("continue_url", url::current(true)); } url::redirect("reauthenticate"); } -- cgit v1.2.3 From 17f0a1b10f3df250129188316c14b01f0e3b45f0 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 10 Feb 2010 08:45:14 -0800 Subject: If the user does not have permission to view the album, photo or movie, redirect to a logon page to allow the user to login. Pass the target url as a session variable to allow the user to be redirected where they want to go if the login was successful. Fixes ticket #1009. --- modules/gallery/controllers/albums.php | 21 ++++++++++----------- modules/gallery/controllers/login.php | 3 ++- modules/gallery/controllers/movies.php | 11 ++++++++++- modules/gallery/controllers/photos.php | 10 +++++++++- 4 files changed, 31 insertions(+), 14 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index a378f3ee..1d369b95 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -28,20 +28,19 @@ class Albums_Controller extends Items_Controller { // sure that we're actually receiving an object Kohana::show_404(); } - $page_size = module::get_var("gallery", "page_size", 9); + if (!access::can("view", $album)) { - if ($album->id == 1) { - $view = new Theme_View("page.html", "other", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = new View("login_ajax.html"); - $view->content->form = auth::get_login_form("login/auth_html"); - print $view; - return; - } else { - access::forbidden(); - } + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = new View("login_ajax.html"); + $view->content->form = auth::get_login_form("login/auth_html"); + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", url::current(true)); + print $view; + return; } + $page_size = module::get_var("gallery", "page_size", 9); $input = Input::instance(); $show = $input->get("show"); diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 5a08b693..093c15da 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -44,9 +44,10 @@ class Login_Controller extends Controller { public function auth_html() { access::verify_csrf(); + $continue_url = Session::instance()->get("continue_url", null); list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { - url::redirect(item::root()->abs_url()); + url::redirect($continue_url ? $continue_url : item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); $view->page_title = t("Log in to Gallery"); diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index b51282b3..9e882ef4 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -24,7 +24,16 @@ class Movies_Controller extends Items_Controller { // sure that we're actually receiving an object Kohana::show_404(); } - access::required("view", $movie); + + if (!access::can("view", $movie)) { + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = new View("login_ajax.html"); + $view->content->form = auth::get_login_form("login/auth_html"); + + print $view; + return; + } $where = array(array("type", "!=", "album")); $position = $movie->parent()->get_position($movie, $where); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index b5da3884..8beae207 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -24,7 +24,15 @@ class Photos_Controller extends Items_Controller { // sure that we're actually receiving an object Kohana::show_404(); } - access::required("view", $photo); + + if (!access::can("view", $photo)) { + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = new View("login_ajax.html"); + $view->content->form = auth::get_login_form("login/auth_html"); + print $view; + return; + } $where = array(array("type", "!=", "album")); $position = $photo->parent()->get_position($photo, $where); -- cgit v1.2.3 From 8ef08d20883d9b9aa0b7560ce3bf6da8a6632149 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 10 Feb 2010 08:53:39 -0800 Subject: Refactor the code to display the login page if the user does not have view permission into the common auth::require_login() method. --- modules/gallery/controllers/albums.php | 8 +------- modules/gallery/controllers/movies.php | 7 +------ modules/gallery/controllers/photos.php | 6 +----- modules/gallery/helpers/auth.php | 13 +++++++++++++ 4 files changed, 16 insertions(+), 18 deletions(-) (limited to 'modules/gallery/controllers') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 1d369b95..e1985cfb 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -30,13 +30,7 @@ class Albums_Controller extends Items_Controller { } if (!access::can("view", $album)) { - $view = new Theme_View("page.html", "other", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = new View("login_ajax.html"); - $view->content->form = auth::get_login_form("login/auth_html"); - // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); - print $view; + print auth::require_login(); return; } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 9e882ef4..8041066e 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -26,12 +26,7 @@ class Movies_Controller extends Items_Controller { } if (!access::can("view", $movie)) { - $view = new Theme_View("page.html", "other", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = new View("login_ajax.html"); - $view->content->form = auth::get_login_form("login/auth_html"); - - print $view; + print auth::require_login(); return; } diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 8beae207..778e9ae7 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -26,11 +26,7 @@ class Photos_Controller extends Items_Controller { } if (!access::can("view", $photo)) { - $view = new Theme_View("page.html", "other", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = new View("login_ajax.html"); - $view->content->form = auth::get_login_form("login/auth_html"); - print $view; + print auth::require_login(); return; } diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index c3e9e6e9..f5454f85 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -130,4 +130,17 @@ class auth_Core { $session->set("admin_area_activity_timestamp", time()); return false; } + + /** + * Redirect to the login page. + */ + static function require_login() { + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = new View("login_ajax.html"); + $view->content->form = auth::get_login_form("login/auth_html"); + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", url::current(true)); + return $view; + } } \ No newline at end of file -- cgit v1.2.3