From 3e6ba7acc3291f2268cbe9c9bef0a492b557babb Mon Sep 17 00:00:00 2001
From: Chad Kieffer <ckieffer@gmail.com>
Date: Sun, 4 Oct 2009 00:27:22 -0600
Subject: Renamed most, if not all css selectors from gName to g-name. Moved a
 few shared images from wind to lib. Deleted unused images in the admin_wind.
 This will likely break a few ajax features.

---
 modules/user/controllers/password.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 92608dcd..4629bbf2 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -85,9 +85,9 @@ class Password_Controller extends Controller {
   }
 
   private function _reset_form() {
-    $form = new Forge(url::current(true), "", "post", array("id" => "gResetForm"));
+    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
     $group = $form->group("reset")->label(t("Reset Password"));
-    $group->input("name")->label(t("Username"))->id("gName")->class(null)->rules("required");
+    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
     $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
     $group->submit("")->value(t("Reset"));
 
@@ -97,15 +97,15 @@ class Password_Controller extends Controller {
   private function _new_password_form($hash=null) {
     $template = new Theme_View("page.html", "reset");
 
-    $form = new Forge("password/do_reset", "", "post", array("id" => "gChangePasswordForm"));
+    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
     $group = $form->group("reset")->label(t("Change Password"));
     $hidden = $group->hidden("hash");
     if (!empty($hash)) {
       $hidden->value($hash);
     }
-    $group->password("password")->label(t("Password"))->id("gPassword")
+    $group->password("password")->label(t("Password"))->id("g-password")
       ->rules("required|length[1,40]");
-    $group->password("password2")->label(t("Confirm Password"))->id("gPassword2")
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
       ->matches($group->password);
     $group->inputs["password2"]->error_messages(
       "mistyped", t("The password and the confirm password must match"));
-- 
cgit v1.2.3


From 194cc3b27a73afe5119da9f09407c1e068dc6fa3 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 5 Oct 2009 14:04:27 -0700
Subject: First pass on converting calls to the Identity interface. Will worry
 about writes and saves later. Convert the Admin_User controller Convert the
 login and password change controller Change the item model to call
 user::lookup to get the owner. On the log model, delete the relationship
 between the log and user table, and replace with a call to user::lookup

---
 modules/gallery/models/item.php          |  2 +-
 modules/gallery/models/log.php           | 17 ++++++++-
 modules/user/controllers/admin_users.php | 65 +++++++++++++++-----------------
 modules/user/controllers/login.php       |  5 +--
 modules/user/controllers/password.php    | 15 +++-----
 5 files changed, 55 insertions(+), 49 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 246d5fcd..5d356841 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -332,7 +332,7 @@ class Item_Model extends ORM_MPTT {
       // This relationship depends on an outside module, which may not be present so handle
       // failures gracefully.
       try {
-        return model_cache::get("user", $this->owner_id);
+        return user::lookup($this->owner_id);
       } catch (Exception $e) {
         return null;
       }
diff --git a/modules/gallery/models/log.php b/modules/gallery/models/log.php
index 6734afb8..d143d7bd 100644
--- a/modules/gallery/models/log.php
+++ b/modules/gallery/models/log.php
@@ -18,5 +18,20 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Log_Model extends ORM {
-  protected $has_one = array("user");
+  /**
+   * @see ORM::__get()
+   */
+  public function __get($column) {
+    if ($column == "user") {
+      // This relationship depends on an outside module, which may not be present so handle
+      // failures gracefully.
+      try {
+        return user::lookup($this->user_id);
+      } catch (Exception $e) {
+        return null;
+      }
+    } else {
+      return parent::__get($column);
+    }
+  }
 }
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 0b748955..c405c5e7 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -21,8 +21,8 @@ class Admin_Users_Controller extends Admin_Controller {
   public function index() {
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_users.html");
-    $view->content->users = ORM::factory("user")->orderby("name")->find_all();
-    $view->content->groups = ORM::factory("group")->orderby("name")->find_all();
+    $view->content->users = user::users(array("orderby" => array("name")));
+    $view->content->groups = group::groups(array("orderby" => array("name")));
     print $view;
   }
 
@@ -32,8 +32,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $form = user::get_add_form_admin();
     $valid = $form->validate();
     $name = $form->add_user->inputs["name"]->value;
-    $user = ORM::factory("user")->where("name", $name)->find();
-    if ($user->loaded) {
+    if ($user = user::lookup_by_name($name)) {
       $form->add_user->inputs["name"]->add_error("in_use", 1);
       $valid = false;
     }
@@ -70,8 +69,8 @@ class Admin_Users_Controller extends Admin_Controller {
       access::forbidden();
     }
 
-    $user = ORM::factory("user", $id);
-    if (!$user->loaded) {
+    $user = user::lookup($id);
+    if (empty($user)) {
       kohana::show_404();
     }
 
@@ -91,8 +90,8 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function delete_user_form($id) {
-    $user = ORM::factory("user", $id);
-    if (!$user->loaded) {
+    $user = user::lookup($id);
+    if (empty($user)) {
       kohana::show_404();
     }
     print user::get_delete_form_admin($user);
@@ -101,8 +100,8 @@ class Admin_Users_Controller extends Admin_Controller {
   public function edit_user($id) {
     access::verify_csrf();
 
-    $user = ORM::factory("user", $id);
-    if (!$user->loaded) {
+    $user = user::lookup($id);
+    if (empty($user)) {
       kohana::show_404();
     }
 
@@ -110,12 +109,9 @@ class Admin_Users_Controller extends Admin_Controller {
     $valid = $form->validate();
     if ($valid) {
       $new_name = $form->edit_user->inputs["name"]->value;
+      $temp_user = user::lookup_by_name($new_name);
       if ($new_name != $user->name &&
-          ORM::factory("user")
-          ->where("name", $new_name)
-          ->where("id !=", $user->id)
-          ->find()
-          ->loaded) {
+          ($temp_user && $temp_user->id != $user->id)) {
         $form->edit_user->inputs["name"]->add_error("in_use", 1);
         $valid = false;
       } else {
@@ -151,8 +147,8 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function edit_user_form($id) {
-    $user = ORM::factory("user", $id);
-    if (!$user->loaded) {
+    $user = user::lookup($id);
+    if (empty($user)) {
       kohana::show_404();
     }
 
@@ -166,23 +162,23 @@ class Admin_Users_Controller extends Admin_Controller {
 
   public function add_user_to_group($user_id, $group_id) {
     access::verify_csrf();
-    $group = ORM::factory("group", $group_id);
-    $user = ORM::factory("user", $user_id);
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
     $group->add($user);
     $group->save();
   }
 
   public function remove_user_from_group($user_id, $group_id) {
     access::verify_csrf();
-    $group = ORM::factory("group", $group_id);
-    $user = ORM::factory("user", $user_id);
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
     $group->remove($user);
     $group->save();
   }
 
   public function group($group_id) {
     $view = new View("admin_users_group.html");
-    $view->group = ORM::factory("group", $group_id);
+    $view->group = group::lookup($group_id);
     print $view;
   }
 
@@ -193,8 +189,8 @@ class Admin_Users_Controller extends Admin_Controller {
     $valid = $form->validate();
     if ($valid) {
       $new_name = $form->add_group->inputs["name"]->value;
-      $group = ORM::factory("group")->where("name", $new_name)->find();
-      if ($group->loaded) {
+      $group = group::lookup_by_name($new_name);
+      if (!empty($group)) {
         $form->add_group->inputs["name"]->add_error("in_use", 1);
         $valid = false;
       }
@@ -219,8 +215,8 @@ class Admin_Users_Controller extends Admin_Controller {
   public function delete_group($id) {
     access::verify_csrf();
 
-    $group = ORM::factory("group", $id);
-    if (!$group->loaded) {
+    $group = group::lookup($id);
+    if (empty($group)) {
       kohana::show_404();
     }
 
@@ -240,19 +236,20 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function delete_group_form($id) {
-    $group = ORM::factory("group", $id);
-    if (!$group->loaded) {
+    $group = group::lookup($id);
+    if (empty($group)) {
       kohana::show_404();
     }
+
     print group::get_delete_form_admin($group);
   }
 
   public function edit_group($id) {
     access::verify_csrf();
 
-    $group = ORM::factory("group", $id);
-    if (!$group->loaded) {
-      kohana::show_404();
+    $group = group::lookup($id);
+    if (empty($group)) {
+       kohana::show_404();
     }
 
     $form = group::get_edit_form_admin($group);
@@ -260,7 +257,7 @@ class Admin_Users_Controller extends Admin_Controller {
 
     if ($valid) {
       $new_name = $form->edit_group->inputs["name"]->value;
-      $group = ORM::factory("group")->where("name", $new_name)->find();
+      $group = group::lookup_by_name($name);
       if ($group->loaded) {
         $form->edit_group->inputs["name"]->add_error("in_use", 1);
         $valid = false;
@@ -282,8 +279,8 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function edit_group_form($id) {
-    $group = ORM::factory("group", $id);
-    if (!$group->loaded) {
+    $group = group::lookup($id);
+    if (empty($group)) {
       kohana::show_404();
     }
 
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 8bee7db5..2c4bd557 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -53,13 +53,12 @@ class Login_Controller extends Controller {
       print $form;
     }
   }
-
   private function _auth($url) {
     $form = user::get_login_form($url);
     $valid = $form->validate();
     if ($valid) {
-      $user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find();
-      if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) {
+      $user = user::lookup_by_name($form->login->inputs["name"]->value);
+      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
         log::warning(
           "user",
           t("Failed login for %name",
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 4629bbf2..817ff01c 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -32,10 +32,8 @@ class Password_Controller extends Controller {
     if (request::method() == "post") {
       $this->_change_password();
     } else {
-      $user = ORM::factory("user")
-        ->where("hash", Input::instance()->get("key"))
-        ->find();
-      if ($user->loaded) {
+      $user = user::lookyp_by_hash(Input::instance()->get("key"));
+      if (!empty($user)) {
         print $this->_new_password_form($user->hash);
       } else {
         throw new Exception("@todo FORBIDDEN", 503);
@@ -48,7 +46,7 @@ class Password_Controller extends Controller {
 
     $valid = $form->validate();
     if ($valid) {
-      $user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find();
+      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
       if (!$user->loaded || empty($user->email)) {
         $form->reset->inputs["name"]->add_error("no_email", 1);
         $valid = false;
@@ -118,11 +116,8 @@ class Password_Controller extends Controller {
   private function _change_password() {
     $view = $this->_new_password_form();
     if ($view->content->validate()) {
-      $user = ORM::factory("user")
-        ->where("hash", $view->content->reset->hash->value)
-        ->find();
-
-      if (!$user->loaded) {
+      $user = user::lookyp_by_hash(Input::instance()->get("key"));
+      if (empty($user)) {
         throw new Exception("@todo FORBIDDEN", 503);
       }
 
-- 
cgit v1.2.3


From 8285cd58e27dfdc2f013f44c1e69aa82f87b7c83 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 5 Oct 2009 18:10:39 -0700
Subject: Handle the filters on Identity/Gallery::list_users and
 Identity/Gallery::list_groups

---
 modules/gallery/libraries/drivers/Identity.php      |  2 ++
 modules/user/controllers/admin_users.php            |  4 ++--
 modules/user/libraries/drivers/Identity/Gallery.php | 14 ++++++++++++--
 3 files changed, 16 insertions(+), 4 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php
index 65a3891c..31bcfe39 100644
--- a/modules/gallery/libraries/drivers/Identity.php
+++ b/modules/gallery/libraries/drivers/Identity.php
@@ -106,6 +106,7 @@ interface Identity_Driver {
   /**
    * List the users
    * @param mixed      options to apply to the selection of the user
+   *                   @todo Do a longer write up on format of filters (@see Database.php)
    * @return array     the group list.
    */
   public function list_users($filter=array());
@@ -113,6 +114,7 @@ interface Identity_Driver {
   /**
    * List the groups
    * @param mixed      options to apply to the selection of the user
+   *                   @todo Do a longer write up on format of filters (@see Database.php)
    * @return array     the group list.
    */
   public function list_groups($filter=array());
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index c405c5e7..6c72440a 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -21,8 +21,8 @@ class Admin_Users_Controller extends Admin_Controller {
   public function index() {
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_users.html");
-    $view->content->users = user::users(array("orderby" => array("name")));
-    $view->content->groups = group::groups(array("orderby" => array("name")));
+    $view->content->users = user::users(array("orderby" => array("name" => "ASC")));
+    $view->content->groups = group::groups(array("orderby" => array("name" => "ASC")));
     print $view;
   }
 
diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php
index ab162a4c..774ef77c 100644
--- a/modules/user/libraries/drivers/Identity/Gallery.php
+++ b/modules/user/libraries/drivers/Identity/Gallery.php
@@ -211,7 +211,12 @@ class Identity_Gallery_Driver implements Identity_Driver {
    * @return array     the group list.
    */
   public function list_users($filter=array()) {
-    return ORM::factory("user")->orderby("name")->find_all();
+    $user = ORM::factory("user");
+    foreach($filter as $method => $args) {
+      $user->$method($args);
+    }
+
+    return $user->find_all();
   }
 
 
@@ -221,7 +226,12 @@ class Identity_Gallery_Driver implements Identity_Driver {
    * @return array     the group list.
    */
   public function list_groups($filter=array()) {
-    return ORM::factory("group")->orderby("name")->find_all();
+    $user = ORM::factory("group");
+    foreach($filter as $method => $args) {
+      $user->$method($args);
+    }
+
+    return $user->find_all();
   }
 
   /**
-- 
cgit v1.2.3


From 7f38d6ff29e3554031496c3f98e357f7a87a2671 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 6 Oct 2009 18:30:11 -0700
Subject: Change the focus of the user module from providing user/group
 management to providing the default Identity implementation. * Remove the
 user_event callbacks and move them to the gallery_event callbacks. This will
 insure that the active user is always loaded (because the gallery callbacks
 are always called first) to its available to other gallery_ready handlers. 
 Moved the method set_request_locale to the locales helper as it is more
 related to locales. * Move the user controllers and views into the gallery
 module. * Move the theme and block processing out of the user module and into
 core.

---
 modules/gallery/controllers/admin_users.php        | 290 +++++++++++++++++++++
 modules/gallery/controllers/login.php              |  81 ++++++
 modules/gallery/controllers/logout.php             |  38 +++
 modules/gallery/controllers/password.php           | 133 ++++++++++
 modules/gallery/controllers/users.php              |  67 +++++
 modules/gallery/helpers/gallery_block.php          |  23 ++
 modules/gallery/helpers/gallery_event.php          |  12 +
 modules/gallery/helpers/gallery_theme.php          |  13 +
 modules/gallery/helpers/locales.php                |  17 ++
 modules/gallery/views/admin_users.html.php         | 128 +++++++++
 modules/gallery/views/admin_users_group.html.php   |  38 +++
 modules/gallery/views/login.html.php               |  22 ++
 modules/gallery/views/login_ajax.html.php          |  43 +++
 modules/gallery/views/reset_password.html.php      |  17 ++
 .../gallery/views/user_languages_block.html.php    |  19 ++
 modules/user/controllers/admin_users.php           | 290 ---------------------
 modules/user/controllers/login.php                 |  81 ------
 modules/user/controllers/logout.php                |  38 ---
 modules/user/controllers/password.php              | 133 ----------
 modules/user/controllers/users.php                 |  67 -----
 modules/user/helpers/user_block.php                |  46 ----
 modules/user/helpers/user_event.php                |  53 ----
 modules/user/helpers/user_theme.php                |  36 ---
 modules/user/views/admin_users.html.php            | 128 ---------
 modules/user/views/admin_users_group.html.php      |  38 ---
 modules/user/views/login.html.php                  |  22 --
 modules/user/views/login_ajax.html.php             |  43 ---
 modules/user/views/reset_password.html.php         |  17 --
 modules/user/views/user_languages_block.html.php   |  19 --
 29 files changed, 941 insertions(+), 1011 deletions(-)
 create mode 100644 modules/gallery/controllers/admin_users.php
 create mode 100644 modules/gallery/controllers/login.php
 create mode 100644 modules/gallery/controllers/logout.php
 create mode 100644 modules/gallery/controllers/password.php
 create mode 100644 modules/gallery/controllers/users.php
 create mode 100644 modules/gallery/views/admin_users.html.php
 create mode 100644 modules/gallery/views/admin_users_group.html.php
 create mode 100644 modules/gallery/views/login.html.php
 create mode 100644 modules/gallery/views/login_ajax.html.php
 create mode 100644 modules/gallery/views/reset_password.html.php
 create mode 100644 modules/gallery/views/user_languages_block.html.php
 delete mode 100644 modules/user/controllers/admin_users.php
 delete mode 100644 modules/user/controllers/login.php
 delete mode 100644 modules/user/controllers/logout.php
 delete mode 100644 modules/user/controllers/password.php
 delete mode 100644 modules/user/controllers/users.php
 delete mode 100644 modules/user/helpers/user_block.php
 delete mode 100644 modules/user/helpers/user_event.php
 delete mode 100644 modules/user/helpers/user_theme.php
 delete mode 100644 modules/user/views/admin_users.html.php
 delete mode 100644 modules/user/views/admin_users_group.html.php
 delete mode 100644 modules/user/views/login.html.php
 delete mode 100644 modules/user/views/login_ajax.html.php
 delete mode 100644 modules/user/views/reset_password.html.php
 delete mode 100644 modules/user/views/user_languages_block.html.php

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/controllers/admin_users.php b/modules/gallery/controllers/admin_users.php
new file mode 100644
index 00000000..6c72440a
--- /dev/null
+++ b/modules/gallery/controllers/admin_users.php
@@ -0,0 +1,290 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Admin_Users_Controller extends Admin_Controller {
+  public function index() {
+    $view = new Admin_View("admin.html");
+    $view->content = new View("admin_users.html");
+    $view->content->users = user::users(array("orderby" => array("name" => "ASC")));
+    $view->content->groups = group::groups(array("orderby" => array("name" => "ASC")));
+    print $view;
+  }
+
+  public function add_user() {
+    access::verify_csrf();
+
+    $form = user::get_add_form_admin();
+    $valid = $form->validate();
+    $name = $form->add_user->inputs["name"]->value;
+    if ($user = user::lookup_by_name($name)) {
+      $form->add_user->inputs["name"]->add_error("in_use", 1);
+      $valid = false;
+    }
+
+    if ($valid) {
+      $user = user::create(
+        $name, $form->add_user->full_name->value, $form->add_user->password->value);
+      $user->email = $form->add_user->email->value;
+      $user->admin = $form->add_user->admin->checked;
+
+      if ($form->add_user->locale) {
+        $desired_locale = $form->add_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+      $user->save();
+      module::event("user_add_form_admin_completed", $user, $form);
+
+      message::success(t("Created user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_user_form() {
+    print user::get_add_form_admin();
+  }
+
+  public function delete_user($id) {
+    access::verify_csrf();
+
+    if ($id == user::active()->id || $id == user::guest()->id) {
+      access::forbidden();
+    }
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_delete_form_admin($user);
+    if($form->validate()) {
+      $name = $user->name;
+      $user->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted user %user_name", array("user_name" => $name));
+    log::success("user", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+    print user::get_delete_form_admin($user);
+  }
+
+  public function edit_user($id) {
+    access::verify_csrf();
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->edit_user->inputs["name"]->value;
+      $temp_user = user::lookup_by_name($new_name);
+      if ($new_name != $user->name &&
+          ($temp_user && $temp_user->id != $user->id)) {
+        $form->edit_user->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      } else {
+        $user->name = $new_name;
+      }
+    }
+
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+
+      // An admin can change the admin status for any user but themselves
+      if ($user->id != user::active()->id) {
+        $user->admin = $form->edit_user->admin->checked;
+      }
+      $user->save();
+      module::event("user_edit_form_admin_completed", $user, $form);
+
+      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    // Don't allow the user to control their own admin bit, else you can lock yourself out
+    if ($user->id == user::active()->id) {
+      $form->edit_user->admin->disabled(1);
+    }
+    print $form;
+  }
+
+  public function add_user_to_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->add($user);
+    $group->save();
+  }
+
+  public function remove_user_from_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->remove($user);
+    $group->save();
+  }
+
+  public function group($group_id) {
+    $view = new View("admin_users_group.html");
+    $view->group = group::lookup($group_id);
+    print $view;
+  }
+
+  public function add_group() {
+    access::verify_csrf();
+
+    $form = group::get_add_form_admin();
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->add_group->inputs["name"]->value;
+      $group = group::lookup_by_name($new_name);
+      if (!empty($group)) {
+        $form->add_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group = group::create($new_name);
+      $group->save();
+      message::success(
+        t("Created group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_group_form() {
+    print group::get_add_form_admin();
+  }
+
+  public function delete_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    $form = group::get_delete_form_admin($group);
+    if ($form->validate()) {
+      $name = $group->name;
+      $group->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted group %group_name", array("group_name" => $name));
+    log::success("group", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_delete_form_admin($group);
+  }
+
+  public function edit_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+       kohana::show_404();
+    }
+
+    $form = group::get_edit_form_admin($group);
+    $valid = $form->validate();
+
+    if ($valid) {
+      $new_name = $form->edit_group->inputs["name"]->value;
+      $group = group::lookup_by_name($name);
+      if ($group->loaded) {
+        $form->edit_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group->name = $form->edit_group->inputs["name"]->value;
+      $group->save();
+      message::success(
+        t("Changed group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      message::error(
+        t("Failed to change group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_edit_form_admin($group);
+  }
+
+}
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
new file mode 100644
index 00000000..2c4bd557
--- /dev/null
+++ b/modules/gallery/controllers/login.php
@@ -0,0 +1,81 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Login_Controller extends Controller {
+
+  public function ajax() {
+    $view = new View("login_ajax.html");
+    $view->form = user::get_login_form("login/auth_ajax");
+    print $view;
+  }
+
+  public function auth_ajax() {
+    access::verify_csrf();
+
+    list ($valid, $form) = $this->_auth("login/auth_ajax");
+    if ($valid) {
+      print json_encode(
+        array("result" => "success"));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  public function html() {
+    print user::get_login_form("login/auth_html");
+  }
+
+  public function auth_html() {
+    access::verify_csrf();
+
+    list ($valid, $form) = $this->_auth("login/auth_html");
+    if ($valid) {
+      url::redirect(item::root()->abs_url());
+    } else {
+      print $form;
+    }
+  }
+  private function _auth($url) {
+    $form = user::get_login_form($url);
+    $valid = $form->validate();
+    if ($valid) {
+      $user = user::lookup_by_name($form->login->inputs["name"]->value);
+      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
+        log::warning(
+          "user",
+          t("Failed login for %name",
+            array("name" => $form->login->inputs["name"]->value)));
+        $form->login->inputs["name"]->add_error("invalid_login", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      user::login($user);
+      log::info("user", t("User %name logged in", array("name" => $user->name)));
+    }
+
+    // Either way, regenerate the session id to avoid session trapping
+    Session::instance()->regenerate();
+
+    return array($valid, $form);
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
new file mode 100644
index 00000000..45d397ad
--- /dev/null
+++ b/modules/gallery/controllers/logout.php
@@ -0,0 +1,38 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Logout_Controller extends Controller {
+  public function index() {
+    //access::verify_csrf();
+
+    $user = user::active();
+    user::logout();
+    log::info("user", t("User %name logged out", array("name" => $user->name)),
+              html::anchor("user/$user->id", html::clean($user->name)));
+    if ($continue_url = $this->input->get("continue")) {
+      $item = url::get_item_from_uri($continue_url);
+      if (access::can("view", $item)) {
+        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
+        header("Location: $continue_url");
+      } else {
+        url::redirect(item::root()->abs_url());
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php
new file mode 100644
index 00000000..817ff01c
--- /dev/null
+++ b/modules/gallery/controllers/password.php
@@ -0,0 +1,133 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Password_Controller extends Controller {
+  public function reset() {
+    if (request::method() == "post") {
+      // @todo separate the post from get parts of this function
+      access::verify_csrf();
+      $this->_send_reset();
+    } else {
+      print $this->_reset_form();
+    }
+  }
+
+  public function do_reset() {
+    if (request::method() == "post") {
+      $this->_change_password();
+    } else {
+      $user = user::lookyp_by_hash(Input::instance()->get("key"));
+      if (!empty($user)) {
+        print $this->_new_password_form($user->hash);
+      } else {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+    }
+  }
+
+  private function _send_reset() {
+    $form = $this->_reset_form();
+
+    $valid = $form->validate();
+    if ($valid) {
+      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
+      if (!$user->loaded || empty($user->email)) {
+        $form->reset->inputs["name"]->add_error("no_email", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $user->hash = md5(rand());
+      $user->save();
+      $message = new View("reset_password.html");
+      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
+      $message->user = $user;
+
+      Sendmail::factory()
+        ->to($user->email)
+        ->subject(t("Password Reset Request"))
+        ->header("Mime-Version", "1.0")
+        ->header("Content-type", "text/html; charset=iso-8859-1")
+        ->message($message->render())
+        ->send();
+
+      log::success(
+        "user",
+        t("Password reset email sent for user %name", array("name" => $user->name)));
+    } else {
+      // Don't include the username here until you're sure that it's XSS safe
+      log::warning(
+        "user", "Password reset email requested for bogus user");
+    }
+
+    message::success(t("Password reset email sent"));
+    print json_encode(
+      array("result" => "success"));
+  }
+
+  private function _reset_form() {
+    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
+    $group = $form->group("reset")->label(t("Reset Password"));
+    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
+    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
+    $group->submit("")->value(t("Reset"));
+
+    return $form;
+  }
+
+  private function _new_password_form($hash=null) {
+    $template = new Theme_View("page.html", "reset");
+
+    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
+    $group = $form->group("reset")->label(t("Change Password"));
+    $hidden = $group->hidden("hash");
+    if (!empty($hash)) {
+      $hidden->value($hash);
+    }
+    $group->password("password")->label(t("Password"))->id("g-password")
+      ->rules("required|length[1,40]");
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+      ->matches($group->password);
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
+    $group->submit("")->value(t("Update"));
+
+    $template->content = $form;
+    return $template;
+  }
+
+  private function _change_password() {
+    $view = $this->_new_password_form();
+    if ($view->content->validate()) {
+      $user = user::lookyp_by_hash(Input::instance()->get("key"));
+      if (empty($user)) {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+
+      $user->password = $view->content->reset->password->value;
+      $user->hash = null;
+      $user->save();
+      message::success(t("Password reset successfully"));
+      url::redirect(item::root()->abs_url());
+    } else {
+      print $view;
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/users.php b/modules/gallery/controllers/users.php
new file mode 100644
index 00000000..4ad704f0
--- /dev/null
+++ b/modules/gallery/controllers/users.php
@@ -0,0 +1,67 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Users_Controller extends REST_Controller {
+  protected $resource_type = "user";
+
+  public function _update($user) {
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
+    $form = user::get_edit_form($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $new_locale = $desired_locale == "none" ? null : $desired_locale;
+        if ($new_locale != $user->locale) {
+          // Delete the session based locale preference
+          setcookie("g_locale", "", time() - 24 * 3600, "/");
+        }
+        $user->locale = $new_locale;
+      }
+      $user->save();
+      module::event("user_edit_form_completed", $user, $form);
+
+      message::success(t("User information updated."));
+      print json_encode(
+        array("result" => "success",
+              "resource" => url::site("users/{$user->id}")));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  public function _form_edit($user) {
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
+    print user::get_edit_form($user);
+  }
+}
diff --git a/modules/gallery/helpers/gallery_block.php b/modules/gallery/helpers/gallery_block.php
index 5d49a9de..f43d82c9 100644
--- a/modules/gallery/helpers/gallery_block.php
+++ b/modules/gallery/helpers/gallery_block.php
@@ -28,6 +28,10 @@ class gallery_block_Core {
       "project_news" => t("Gallery Project News"));
   }
 
+  static function get_site_list() {
+    return array("language" => t("Language Preference"));
+  }
+
   static function get($block_id) {
     $block = new Block();
     switch($block_id) {
@@ -85,6 +89,25 @@ class gallery_block_Core {
       $block->css_id = "g-block-adder";
       $block->title = t("Dashboard Content");
       $block->content = self::get_add_block_form();
+      break;
+
+    case "language":
+      $locales = locales::installed();
+      if (count($locales)) {
+        foreach ($locales as $locale => $display_name) {
+          $locales[$locale] = SafeString::of_safe_html($display_name);
+        }
+        $block = new Block();
+        $block->css_id = "g-user-language-block";
+        $block->title = t("Language Preference");
+        $block->content = new View("user_languages_block.html");
+        $block->content->installed_locales =
+          array_merge(array("" => t("« none »")), $locales);
+        $block->content->selected = (string) user::cookie_locale();
+      } else {
+        $block = "";
+      }
+      break;
     }
 
     return $block;
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 290d7d12..e0de2152 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -19,6 +19,14 @@
  */
 
 class gallery_event_Core {
+  /**
+   * Initialization.
+   */
+  static function gallery_ready() {
+    user::load_user();
+    locales::set_request_locale();
+  }
+
   static function group_created($group) {
     access::add_group($group);
   }
@@ -179,6 +187,10 @@ class gallery_event_Core {
                         ->id("sidebar")
                         ->label(t("Manage Sidebar"))
                         ->url(url::site("admin/sidebar"))))
+      ->append(Menu::factory("link")
+               ->id("users_groups")
+               ->label(t("Users/Groups"))
+               ->url(url::site("admin/users")))
       ->append(Menu::factory("submenu")
                ->id("statistics_menu")
                ->label(t("Statistics")))
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index 20dfeb04..a342b4bd 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -37,6 +37,11 @@ class gallery_theme_Core {
       }
     }
 
+    if (count(locales::installed())) {
+      // Needed by the languages block
+      $theme->script("jquery.cookie.js");
+    }
+
     if ($session->get("l10n_mode", false)) {
       $theme->css("l10n_client.css");
       $theme->script("jquery.cookie.js");
@@ -46,6 +51,14 @@ class gallery_theme_Core {
     return $buf;
   }
 
+  static function header_top($theme) {
+    if ($theme->page_type != "login") {
+      $view = new View("login.html");
+      $view->user = user::active();
+      return $view->render();
+    }
+  }
+
   static function admin_head($theme) {
     $theme->script("gallery.panel.js");
     $session = Session::instance();
diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index ab7f7526..faec7816 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -136,6 +136,23 @@ class locales_Core {
     return in_array($language, array("he", "fa", "ar"));
   }
 
+  static function set_request_locale() {
+    // 1. Check the session specific preference (cookie)
+    $locale = user::cookie_locale();
+    // 2. Check the user's preference
+    if (!$locale) {
+      $locale = user::active()->locale;
+    }
+    // 3. Check the browser's / OS' preference
+    if (!$locale) {
+      $locale = self::locale_from_http_request();
+    }
+    // If we have any preference, override the site's default locale
+    if ($locale) {
+      I18n::instance()->locale($locale);
+    }
+  }
+
   /**
    * Returns the best match comparing the HTTP accept-language header
    * with the installed locales.
diff --git a/modules/gallery/views/admin_users.html.php b/modules/gallery/views/admin_users.html.php
new file mode 100644
index 00000000..28daff29
--- /dev/null
+++ b/modules/gallery/views/admin_users.html.php
@@ -0,0 +1,128 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+  $(document).ready(function(){
+    $("#g-user-admin-list .core-info").draggable({
+      helper: "clone"
+    });
+    $("#g-group-admin .g-group").droppable({
+      accept: ".core-info",
+      hoverClass: "g-selected",
+      drop: function(ev, ui) {
+        var user_id = $(ui.draggable).attr("id").replace("user-", "");
+        var group_id = $(this).attr("id").replace("group-", "");
+        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+              {},
+              function() {
+                reload_group(group_id);
+              });
+      }
+    });
+    $("#group-1").droppable("destroy");
+    $("#group-2").droppable("destroy");
+  });
+
+  var reload_group = function(group_id) {
+    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
+    $.get(reload_group_url.replace("__GROUPID__", group_id),
+          {},
+          function(data) {
+            $("#group-" + group_id).html(data);
+            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
+          });
+  }
+
+  var remove_user = function(user_id, group_id) {
+    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+          {},
+          function() {
+            reload_group(group_id);
+          });
+  }
+</script>
+<div class="g-block">
+  <a href="<?= url::site("admin/users/add_user_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new user")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new user") ?>
+  </a>
+
+  <h2>
+    <?= t("User Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <table id="g-user-admin-list">
+      <tr>
+        <th><?= t("Username") ?></th>
+        <th><?= t("Full name") ?></th>
+        <th><?= t("Email") ?></th>
+        <th><?= t("Last login") ?></th>
+        <th><?= t("Actions") ?></th>
+      </tr>
+
+      <? foreach ($users as $i => $user): ?>
+      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
+        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
+          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
+               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
+               alt="<?= html::clean_attribute($user->name) ?>"
+               width="20"
+               height="20" />
+          <?= html::clean($user->name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->full_name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->email) ?>
+        </td>
+        <td>
+          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
+        </td>
+        <td class="g-actions">
+          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
+              open_text="<?= t("close") ?>"
+              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
+          <? if (user::active()->id != $user->id && !$user->guest): ?>
+          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
+              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
+          <? else: ?>
+          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
+              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
+          <? endif ?>
+        </td>
+      </tr>
+      <? endforeach ?>
+    </table>
+  </div>
+</div>
+
+<div id="g-group-admin" class="g-block">
+  <a href="<?= url::site("admin/users/add_group_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new group")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new group") ?>
+  </a>
+
+  <h2>
+    <?= t("Group Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <ul>
+      <? foreach ($groups as $i => $group): ?>
+      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
+        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
+        <?= $v ?>
+      </li>
+      <? endforeach ?>
+    </ul>
+  </div>
+</div>
diff --git a/modules/gallery/views/admin_users_group.html.php b/modules/gallery/views/admin_users_group.html.php
new file mode 100644
index 00000000..db3645a0
--- /dev/null
+++ b/modules/gallery/views/admin_users_group.html.php
@@ -0,0 +1,38 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<h4>
+  <?= html::clean($group->name) ?>
+  <? if (!$group->special): ?>
+  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
+    class="g-dialog-link g-button ui-state-default ui-corner-all">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? else: ?>
+  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
+     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? endif ?>
+</h4>
+
+<? if ($group->users->count() > 0): ?>
+<ul>
+  <? foreach ($group->users as $i => $user): ?>
+  <li class="g-user">
+    <?= html::clean($user->name) ?>
+    <? if (!$group->special): ?>
+    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
+       class="g-button ui-state-default ui-corner-all ui-icon-left"
+       title="<?= t("Remove %user from %group group",
+              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
+      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
+    </a>
+    <? endif ?>
+  </li>
+  <? endforeach ?>
+</ul>
+<? else: ?>
+<div>
+  <p>
+    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
+  </p>
+</div>
+<? endif ?>
diff --git a/modules/gallery/views/login.html.php b/modules/gallery/views/login.html.php
new file mode 100644
index 00000000..049ba043
--- /dev/null
+++ b/modules/gallery/views/login.html.php
@@ -0,0 +1,22 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<ul id="g-login-menu">
+  <? if ($user->guest): ?>
+  <li class="first">
+    <a href="<?= url::site("login/ajax") ?>"
+       title="<?= t("Login to Gallery")->for_html_attr() ?>"
+       id="g-login-link"><?= t("Login") ?></a>
+  </li>
+  <? else: ?>
+  <li class="first">
+    <?= t('Logged in as %name', array('name' => html::mark_clean(
+      '<a href="' . url::site("form/edit/users/{$user->id}") .
+      '" title="' . t("Edit Your Profile")->for_html_attr() .
+      '" id="g-user-profile-link" class="g-dialog-link">' .
+      html::clean($user->display_name()) . '</a>'))) ?>
+  </li>
+  <li>
+    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
+       id="g-logout-link"><?= t("Logout") ?></a>
+  </li>
+  <? endif ?>
+</ul>
diff --git a/modules/gallery/views/login_ajax.html.php b/modules/gallery/views/login_ajax.html.php
new file mode 100644
index 00000000..d3364b46
--- /dev/null
+++ b/modules/gallery/views/login_ajax.html.php
@@ -0,0 +1,43 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  $("#g-login-form").ready(function() {
+    $("#g-password-reset").click(function() {
+      $.ajax({
+        url: "<?= url::site("password/reset") ?>",
+        success: function(data) {
+          $("#g-login").html(data);
+          $("#ui-dialog-title-g-dialog").html(<?= t("Reset Password")->for_js() ?>);
+          $(".submit").addClass("g-button ui-state-default ui-corner-all");
+          $(".submit").gallery_hover_init();
+          ajaxify_login_reset_form();
+        }
+      });
+    });
+  });
+
+  function ajaxify_login_reset_form() {
+    $("#g-login form").ajaxForm({
+      dataType: "json",
+      success: function(data) {
+        if (data.form) {
+          $("#g-login form").replaceWith(data.form);
+          ajaxify_login_reset_form();
+        }
+        if (data.result == "success") {
+          $("#g-dialog").dialog("close");
+          window.location.reload();
+        }
+      }
+    });
+  };
+</script>
+<div id="g-login">
+  <ul>
+    <li id="g-login-form">
+      <?= $form ?>
+    </li>
+    <li>
+      <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
+    </li>
+  </ul>
+</div>
diff --git a/modules/gallery/views/reset_password.html.php b/modules/gallery/views/reset_password.html.php
new file mode 100644
index 00000000..92ca4917
--- /dev/null
+++ b/modules/gallery/views/reset_password.html.php
@@ -0,0 +1,17 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<html>
+  <head>
+    <title><?= t("Password Reset Request") ?> </title>
+  </head>
+  <body>
+    <h2><?= t("Password Reset Request") ?> </h2>
+    <p>
+      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
+    </p>
+    <p>
+  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
+        array("site_url" => html::mark_clean(url::base(false, "http")),
+              "confirm_url" => $confirm_url)) ?>
+    </p>
+  </body>
+</html>
diff --git a/modules/gallery/views/user_languages_block.html.php b/modules/gallery/views/user_languages_block.html.php
new file mode 100644
index 00000000..89185967
--- /dev/null
+++ b/modules/gallery/views/user_languages_block.html.php
@@ -0,0 +1,19 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<?= form::dropdown("g-select-session-locale", $installed_locales, $selected) ?>
+<script type="text/javascript">
+  $("#g-select-session-locale").change(function() {
+    var old_locale_preference = <?= html::js_string($selected) ?>;
+    var locale = $(this).val();
+    if (old_locale_preference == locale) {
+      return;
+    }
+
+    var expires = -1;
+    if (locale) {
+      expires = 365;
+    }
+    $.cookie("g_locale", locale, {"expires": expires, "path": "/"});
+    window.location.reload(true);
+  });
+</script>
+
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
deleted file mode 100644
index 6c72440a..00000000
--- a/modules/user/controllers/admin_users.php
+++ /dev/null
@@ -1,290 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Admin_Users_Controller extends Admin_Controller {
-  public function index() {
-    $view = new Admin_View("admin.html");
-    $view->content = new View("admin_users.html");
-    $view->content->users = user::users(array("orderby" => array("name" => "ASC")));
-    $view->content->groups = group::groups(array("orderby" => array("name" => "ASC")));
-    print $view;
-  }
-
-  public function add_user() {
-    access::verify_csrf();
-
-    $form = user::get_add_form_admin();
-    $valid = $form->validate();
-    $name = $form->add_user->inputs["name"]->value;
-    if ($user = user::lookup_by_name($name)) {
-      $form->add_user->inputs["name"]->add_error("in_use", 1);
-      $valid = false;
-    }
-
-    if ($valid) {
-      $user = user::create(
-        $name, $form->add_user->full_name->value, $form->add_user->password->value);
-      $user->email = $form->add_user->email->value;
-      $user->admin = $form->add_user->admin->checked;
-
-      if ($form->add_user->locale) {
-        $desired_locale = $form->add_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-      $user->save();
-      module::event("user_add_form_admin_completed", $user, $form);
-
-      message::success(t("Created user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_user_form() {
-    print user::get_add_form_admin();
-  }
-
-  public function delete_user($id) {
-    access::verify_csrf();
-
-    if ($id == user::active()->id || $id == user::guest()->id) {
-      access::forbidden();
-    }
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_delete_form_admin($user);
-    if($form->validate()) {
-      $name = $user->name;
-      $user->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted user %user_name", array("user_name" => $name));
-    log::success("user", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-    print user::get_delete_form_admin($user);
-  }
-
-  public function edit_user($id) {
-    access::verify_csrf();
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->edit_user->inputs["name"]->value;
-      $temp_user = user::lookup_by_name($new_name);
-      if ($new_name != $user->name &&
-          ($temp_user && $temp_user->id != $user->id)) {
-        $form->edit_user->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      } else {
-        $user->name = $new_name;
-      }
-    }
-
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-
-      // An admin can change the admin status for any user but themselves
-      if ($user->id != user::active()->id) {
-        $user->admin = $form->edit_user->admin->checked;
-      }
-      $user->save();
-      module::event("user_edit_form_admin_completed", $user, $form);
-
-      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == user::active()->id) {
-      $form->edit_user->admin->disabled(1);
-    }
-    print $form;
-  }
-
-  public function add_user_to_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->add($user);
-    $group->save();
-  }
-
-  public function remove_user_from_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->remove($user);
-    $group->save();
-  }
-
-  public function group($group_id) {
-    $view = new View("admin_users_group.html");
-    $view->group = group::lookup($group_id);
-    print $view;
-  }
-
-  public function add_group() {
-    access::verify_csrf();
-
-    $form = group::get_add_form_admin();
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->add_group->inputs["name"]->value;
-      $group = group::lookup_by_name($new_name);
-      if (!empty($group)) {
-        $form->add_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group = group::create($new_name);
-      $group->save();
-      message::success(
-        t("Created group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_group_form() {
-    print group::get_add_form_admin();
-  }
-
-  public function delete_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    $form = group::get_delete_form_admin($group);
-    if ($form->validate()) {
-      $name = $group->name;
-      $group->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted group %group_name", array("group_name" => $name));
-    log::success("group", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_delete_form_admin($group);
-  }
-
-  public function edit_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-       kohana::show_404();
-    }
-
-    $form = group::get_edit_form_admin($group);
-    $valid = $form->validate();
-
-    if ($valid) {
-      $new_name = $form->edit_group->inputs["name"]->value;
-      $group = group::lookup_by_name($name);
-      if ($group->loaded) {
-        $form->edit_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group->name = $form->edit_group->inputs["name"]->value;
-      $group->save();
-      message::success(
-        t("Changed group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      message::error(
-        t("Failed to change group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_edit_form_admin($group);
-  }
-
-}
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
deleted file mode 100644
index 2c4bd557..00000000
--- a/modules/user/controllers/login.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Login_Controller extends Controller {
-
-  public function ajax() {
-    $view = new View("login_ajax.html");
-    $view->form = user::get_login_form("login/auth_ajax");
-    print $view;
-  }
-
-  public function auth_ajax() {
-    access::verify_csrf();
-
-    list ($valid, $form) = $this->_auth("login/auth_ajax");
-    if ($valid) {
-      print json_encode(
-        array("result" => "success"));
-    } else {
-      print json_encode(
-        array("result" => "error",
-              "form" => $form->__toString()));
-    }
-  }
-
-  public function html() {
-    print user::get_login_form("login/auth_html");
-  }
-
-  public function auth_html() {
-    access::verify_csrf();
-
-    list ($valid, $form) = $this->_auth("login/auth_html");
-    if ($valid) {
-      url::redirect(item::root()->abs_url());
-    } else {
-      print $form;
-    }
-  }
-  private function _auth($url) {
-    $form = user::get_login_form($url);
-    $valid = $form->validate();
-    if ($valid) {
-      $user = user::lookup_by_name($form->login->inputs["name"]->value);
-      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
-        log::warning(
-          "user",
-          t("Failed login for %name",
-            array("name" => $form->login->inputs["name"]->value)));
-        $form->login->inputs["name"]->add_error("invalid_login", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      user::login($user);
-      log::info("user", t("User %name logged in", array("name" => $user->name)));
-    }
-
-    // Either way, regenerate the session id to avoid session trapping
-    Session::instance()->regenerate();
-
-    return array($valid, $form);
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
deleted file mode 100644
index 45d397ad..00000000
--- a/modules/user/controllers/logout.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Logout_Controller extends Controller {
-  public function index() {
-    //access::verify_csrf();
-
-    $user = user::active();
-    user::logout();
-    log::info("user", t("User %name logged out", array("name" => $user->name)),
-              html::anchor("user/$user->id", html::clean($user->name)));
-    if ($continue_url = $this->input->get("continue")) {
-      $item = url::get_item_from_uri($continue_url);
-      if (access::can("view", $item)) {
-        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
-        header("Location: $continue_url");
-      } else {
-        url::redirect(item::root()->abs_url());
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
deleted file mode 100644
index 817ff01c..00000000
--- a/modules/user/controllers/password.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Password_Controller extends Controller {
-  public function reset() {
-    if (request::method() == "post") {
-      // @todo separate the post from get parts of this function
-      access::verify_csrf();
-      $this->_send_reset();
-    } else {
-      print $this->_reset_form();
-    }
-  }
-
-  public function do_reset() {
-    if (request::method() == "post") {
-      $this->_change_password();
-    } else {
-      $user = user::lookyp_by_hash(Input::instance()->get("key"));
-      if (!empty($user)) {
-        print $this->_new_password_form($user->hash);
-      } else {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-    }
-  }
-
-  private function _send_reset() {
-    $form = $this->_reset_form();
-
-    $valid = $form->validate();
-    if ($valid) {
-      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
-      if (!$user->loaded || empty($user->email)) {
-        $form->reset->inputs["name"]->add_error("no_email", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $user->hash = md5(rand());
-      $user->save();
-      $message = new View("reset_password.html");
-      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
-      $message->user = $user;
-
-      Sendmail::factory()
-        ->to($user->email)
-        ->subject(t("Password Reset Request"))
-        ->header("Mime-Version", "1.0")
-        ->header("Content-type", "text/html; charset=iso-8859-1")
-        ->message($message->render())
-        ->send();
-
-      log::success(
-        "user",
-        t("Password reset email sent for user %name", array("name" => $user->name)));
-    } else {
-      // Don't include the username here until you're sure that it's XSS safe
-      log::warning(
-        "user", "Password reset email requested for bogus user");
-    }
-
-    message::success(t("Password reset email sent"));
-    print json_encode(
-      array("result" => "success"));
-  }
-
-  private function _reset_form() {
-    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
-    $group = $form->group("reset")->label(t("Reset Password"));
-    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
-    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
-    $group->submit("")->value(t("Reset"));
-
-    return $form;
-  }
-
-  private function _new_password_form($hash=null) {
-    $template = new Theme_View("page.html", "reset");
-
-    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
-    $group = $form->group("reset")->label(t("Change Password"));
-    $hidden = $group->hidden("hash");
-    if (!empty($hash)) {
-      $hidden->value($hash);
-    }
-    $group->password("password")->label(t("Password"))->id("g-password")
-      ->rules("required|length[1,40]");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password);
-    $group->inputs["password2"]->error_messages(
-      "mistyped", t("The password and the confirm password must match"));
-    $group->submit("")->value(t("Update"));
-
-    $template->content = $form;
-    return $template;
-  }
-
-  private function _change_password() {
-    $view = $this->_new_password_form();
-    if ($view->content->validate()) {
-      $user = user::lookyp_by_hash(Input::instance()->get("key"));
-      if (empty($user)) {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-
-      $user->password = $view->content->reset->password->value;
-      $user->hash = null;
-      $user->save();
-      message::success(t("Password reset successfully"));
-      url::redirect(item::root()->abs_url());
-    } else {
-      print $view;
-    }
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
deleted file mode 100644
index 4ad704f0..00000000
--- a/modules/user/controllers/users.php
+++ /dev/null
@@ -1,67 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Users_Controller extends REST_Controller {
-  protected $resource_type = "user";
-
-  public function _update($user) {
-    if ($user->guest || $user->id != user::active()->id) {
-      access::forbidden();
-    }
-
-    $form = user::get_edit_form($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $new_locale = $desired_locale == "none" ? null : $desired_locale;
-        if ($new_locale != $user->locale) {
-          // Delete the session based locale preference
-          setcookie("g_locale", "", time() - 24 * 3600, "/");
-        }
-        $user->locale = $new_locale;
-      }
-      $user->save();
-      module::event("user_edit_form_completed", $user, $form);
-
-      message::success(t("User information updated."));
-      print json_encode(
-        array("result" => "success",
-              "resource" => url::site("users/{$user->id}")));
-    } else {
-      print json_encode(
-        array("result" => "error",
-              "form" => $form->__toString()));
-    }
-  }
-
-  public function _form_edit($user) {
-    if ($user->guest || $user->id != user::active()->id) {
-      access::forbidden();
-    }
-
-    print user::get_edit_form($user);
-  }
-}
diff --git a/modules/user/helpers/user_block.php b/modules/user/helpers/user_block.php
deleted file mode 100644
index f920b4c5..00000000
--- a/modules/user/helpers/user_block.php
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class user_block_Core {
-  static function get_site_list() {
-    return array("language" => t("Language Preference"));
-  }
-
-  static function get($block_id, $theme) {
-    $block = "";
-    switch ($block_id) {
-    case "language":
-      $locales = locales::installed();
-      foreach ($locales as $locale => $display_name) {
-        $locales[$locale] = SafeString::of_safe_html($display_name);
-      }
-      if (count($locales) > 1) {
-        $block = new Block();
-        $block->css_id = "g-user-language-block";
-        $block->title = t("Language Preference");
-        $block->content = new View("user_languages_block.html");
-        $block->content->installed_locales =
-          array_merge(array("" => t("« none »")), $locales);
-        $block->content->selected = (string) user::cookie_locale();
-      }
-      break;
-    }
-    return $block;
-  }
-}
\ No newline at end of file
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
deleted file mode 100644
index ede4e515..00000000
--- a/modules/user/helpers/user_event.php
+++ /dev/null
@@ -1,53 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class user_event_Core {
-  /**
-   * Initialization.
-   */
-  static function gallery_ready() {
-    user::load_user();
-    self::set_request_locale();
-  }
-
-  static function admin_menu($menu, $theme) {
-    $menu->add_after("appearance_menu",
-                     Menu::factory("link")
-                     ->id("users_groups")
-                     ->label(t("Users/Groups"))
-                     ->url(url::site("admin/users")));
-  }
-
-  static function set_request_locale() {
-    // 1. Check the session specific preference (cookie)
-    $locale = user::cookie_locale();
-    // 2. Check the user's preference
-    if (!$locale) {
-      $locale = user::active()->locale;
-    }
-    // 3. Check the browser's / OS' preference
-    if (!$locale) {
-      $locale = locales::locale_from_http_request();
-    }
-    // If we have any preference, override the site's default locale
-    if ($locale) {
-      I18n::instance()->locale($locale);
-    }
-  }
-}
diff --git a/modules/user/helpers/user_theme.php b/modules/user/helpers/user_theme.php
deleted file mode 100644
index 69d63eaf..00000000
--- a/modules/user/helpers/user_theme.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class user_theme_Core {
-  static function head($theme) {
-    if (count(locales::installed())) {
-      // Needed by the languages block
-      $theme->script("jquery.cookie.js");
-    }
-    return "";
-  }
-
-  static function header_top($theme) {
-    if ($theme->page_type != "login") {
-      $view = new View("login.html");
-      $view->user = user::active();
-      return $view->render();
-    }
-  }
-}
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
deleted file mode 100644
index 28daff29..00000000
--- a/modules/user/views/admin_users.html.php
+++ /dev/null
@@ -1,128 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-  $(document).ready(function(){
-    $("#g-user-admin-list .core-info").draggable({
-      helper: "clone"
-    });
-    $("#g-group-admin .g-group").droppable({
-      accept: ".core-info",
-      hoverClass: "g-selected",
-      drop: function(ev, ui) {
-        var user_id = $(ui.draggable).attr("id").replace("user-", "");
-        var group_id = $(this).attr("id").replace("group-", "");
-        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-              {},
-              function() {
-                reload_group(group_id);
-              });
-      }
-    });
-    $("#group-1").droppable("destroy");
-    $("#group-2").droppable("destroy");
-  });
-
-  var reload_group = function(group_id) {
-    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
-    $.get(reload_group_url.replace("__GROUPID__", group_id),
-          {},
-          function(data) {
-            $("#group-" + group_id).html(data);
-            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
-          });
-  }
-
-  var remove_user = function(user_id, group_id) {
-    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-          {},
-          function() {
-            reload_group(group_id);
-          });
-  }
-</script>
-<div class="g-block">
-  <a href="<?= url::site("admin/users/add_user_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new user")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new user") ?>
-  </a>
-
-  <h2>
-    <?= t("User Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <table id="g-user-admin-list">
-      <tr>
-        <th><?= t("Username") ?></th>
-        <th><?= t("Full name") ?></th>
-        <th><?= t("Email") ?></th>
-        <th><?= t("Last login") ?></th>
-        <th><?= t("Actions") ?></th>
-      </tr>
-
-      <? foreach ($users as $i => $user): ?>
-      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
-        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
-          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
-               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
-               alt="<?= html::clean_attribute($user->name) ?>"
-               width="20"
-               height="20" />
-          <?= html::clean($user->name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->full_name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->email) ?>
-        </td>
-        <td>
-          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
-        </td>
-        <td class="g-actions">
-          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
-              open_text="<?= t("close") ?>"
-              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
-          <? if (user::active()->id != $user->id && !$user->guest): ?>
-          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
-              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-          <? else: ?>
-          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
-              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
-          <? endif ?>
-        </td>
-      </tr>
-      <? endforeach ?>
-    </table>
-  </div>
-</div>
-
-<div id="g-group-admin" class="g-block">
-  <a href="<?= url::site("admin/users/add_group_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new group")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new group") ?>
-  </a>
-
-  <h2>
-    <?= t("Group Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <ul>
-      <? foreach ($groups as $i => $group): ?>
-      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
-        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
-        <?= $v ?>
-      </li>
-      <? endforeach ?>
-    </ul>
-  </div>
-</div>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
deleted file mode 100644
index db3645a0..00000000
--- a/modules/user/views/admin_users_group.html.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<h4>
-  <?= html::clean($group->name) ?>
-  <? if (!$group->special): ?>
-  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
-    class="g-dialog-link g-button ui-state-default ui-corner-all">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? else: ?>
-  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
-     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? endif ?>
-</h4>
-
-<? if ($group->users->count() > 0): ?>
-<ul>
-  <? foreach ($group->users as $i => $user): ?>
-  <li class="g-user">
-    <?= html::clean($user->name) ?>
-    <? if (!$group->special): ?>
-    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
-       class="g-button ui-state-default ui-corner-all ui-icon-left"
-       title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
-      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
-    </a>
-    <? endif ?>
-  </li>
-  <? endforeach ?>
-</ul>
-<? else: ?>
-<div>
-  <p>
-    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
-  </p>
-</div>
-<? endif ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
deleted file mode 100644
index 049ba043..00000000
--- a/modules/user/views/login.html.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<ul id="g-login-menu">
-  <? if ($user->guest): ?>
-  <li class="first">
-    <a href="<?= url::site("login/ajax") ?>"
-       title="<?= t("Login to Gallery")->for_html_attr() ?>"
-       id="g-login-link"><?= t("Login") ?></a>
-  </li>
-  <? else: ?>
-  <li class="first">
-    <?= t('Logged in as %name', array('name' => html::mark_clean(
-      '<a href="' . url::site("form/edit/users/{$user->id}") .
-      '" title="' . t("Edit Your Profile")->for_html_attr() .
-      '" id="g-user-profile-link" class="g-dialog-link">' .
-      html::clean($user->display_name()) . '</a>'))) ?>
-  </li>
-  <li>
-    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
-       id="g-logout-link"><?= t("Logout") ?></a>
-  </li>
-  <? endif ?>
-</ul>
diff --git a/modules/user/views/login_ajax.html.php b/modules/user/views/login_ajax.html.php
deleted file mode 100644
index d3364b46..00000000
--- a/modules/user/views/login_ajax.html.php
+++ /dev/null
@@ -1,43 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  $("#g-login-form").ready(function() {
-    $("#g-password-reset").click(function() {
-      $.ajax({
-        url: "<?= url::site("password/reset") ?>",
-        success: function(data) {
-          $("#g-login").html(data);
-          $("#ui-dialog-title-g-dialog").html(<?= t("Reset Password")->for_js() ?>);
-          $(".submit").addClass("g-button ui-state-default ui-corner-all");
-          $(".submit").gallery_hover_init();
-          ajaxify_login_reset_form();
-        }
-      });
-    });
-  });
-
-  function ajaxify_login_reset_form() {
-    $("#g-login form").ajaxForm({
-      dataType: "json",
-      success: function(data) {
-        if (data.form) {
-          $("#g-login form").replaceWith(data.form);
-          ajaxify_login_reset_form();
-        }
-        if (data.result == "success") {
-          $("#g-dialog").dialog("close");
-          window.location.reload();
-        }
-      }
-    });
-  };
-</script>
-<div id="g-login">
-  <ul>
-    <li id="g-login-form">
-      <?= $form ?>
-    </li>
-    <li>
-      <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
-    </li>
-  </ul>
-</div>
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
deleted file mode 100644
index 92ca4917..00000000
--- a/modules/user/views/reset_password.html.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<html>
-  <head>
-    <title><?= t("Password Reset Request") ?> </title>
-  </head>
-  <body>
-    <h2><?= t("Password Reset Request") ?> </h2>
-    <p>
-      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
-    </p>
-    <p>
-  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
-        array("site_url" => html::mark_clean(url::base(false, "http")),
-              "confirm_url" => $confirm_url)) ?>
-    </p>
-  </body>
-</html>
diff --git a/modules/user/views/user_languages_block.html.php b/modules/user/views/user_languages_block.html.php
deleted file mode 100644
index 89185967..00000000
--- a/modules/user/views/user_languages_block.html.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<?= form::dropdown("g-select-session-locale", $installed_locales, $selected) ?>
-<script type="text/javascript">
-  $("#g-select-session-locale").change(function() {
-    var old_locale_preference = <?= html::js_string($selected) ?>;
-    var locale = $(this).val();
-    if (old_locale_preference == locale) {
-      return;
-    }
-
-    var expires = -1;
-    if (locale) {
-      expires = 365;
-    }
-    $.cookie("g_locale", locale, {"expires": expires, "path": "/"});
-    window.location.reload(true);
-  });
-</script>
-
-- 
cgit v1.2.3


From f67bfd099296602f60d48914ae4b09d65b0ad8d3 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 7 Oct 2009 20:26:26 -0700
Subject: Change the users.php controller so its no longer restful.  The
 problem with our approach to restfulness is that it assumes that the resource
 will be found in the gallery database.  It may well be there, but in the case
 of using plugable drivers for users management, there are no guarantees that
 it is in our database or it could be in a ldap directory.  So it was just
 easier to remove the restfulness and just call user::lookup instead. (cherry
 picked from commit b3211cb2a8282556d410c91771baeb764d47ed10)

---
 modules/user/controllers/users.php | 9 +++++----
 modules/user/helpers/user.php      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 4ad704f0..07c5a457 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -17,10 +17,10 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
-class Users_Controller extends REST_Controller {
-  protected $resource_type = "user";
+class Users_Controller extends Controller {
+  public function update($id) {
+    $user = user::lookup($id);
 
-  public function _update($user) {
     if ($user->guest || $user->id != user::active()->id) {
       access::forbidden();
     }
@@ -57,7 +57,8 @@ class Users_Controller extends REST_Controller {
     }
   }
 
-  public function _form_edit($user) {
+  public function form_edit($id) {
+    $user = user::lookup($id);
     if ($user->guest || $user->id != user::active()->id) {
       access::forbidden();
     }
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index 6ae9203d..432994d6 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -25,7 +25,7 @@
  */
 class user_Core {
   static function get_edit_form($user) {
-    $form = new Forge("users/$user->id?_method=put", "", "post", array("id" => "g-edit-user-form"));
+    $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form"));
     $form->set_attr("class", "g-narrow");
     $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name)));
     $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
-- 
cgit v1.2.3


From 00ee91837faf4807fb17dde3272ca8248a9dcd94 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 5 Oct 2009 14:04:27 -0700
Subject: Convert direct lookups for the user table using ORM to using the
 user::lookup_by_name and user_lookup API methods. Convert the Admin_User
 controller Convert the login and password change controller Change the item
 model to call user::lookup to get the owner. On the log model, delete the
 relationship between the log and user table, and replace with a call to
 user::lookup (cherry picked from commit
 194cc3b27a73afe5119da9f09407c1e068dc6fa3) Create the get_user_list,
 lookup_by_name, lookup_by_hash and get_group_list api functions

---
 modules/gallery/models/item.php          |  2 +-
 modules/gallery/models/log.php           | 17 ++++++++-
 modules/user/controllers/admin_users.php | 65 +++++++++++++++-----------------
 modules/user/controllers/login.php       |  5 +--
 modules/user/controllers/password.php    | 15 +++-----
 modules/user/helpers/group.php           | 14 +++++++
 modules/user/helpers/user.php            | 55 ++++++++++++++++++++++-----
 7 files changed, 114 insertions(+), 59 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 6499fd2d..6f0e3525 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -333,7 +333,7 @@ class Item_Model extends ORM_MPTT {
       // This relationship depends on an outside module, which may not be present so handle
       // failures gracefully.
       try {
-        return model_cache::get("user", $this->owner_id);
+        return user::lookup($this->owner_id);
       } catch (Exception $e) {
         return null;
       }
diff --git a/modules/gallery/models/log.php b/modules/gallery/models/log.php
index 6734afb8..d143d7bd 100644
--- a/modules/gallery/models/log.php
+++ b/modules/gallery/models/log.php
@@ -18,5 +18,20 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Log_Model extends ORM {
-  protected $has_one = array("user");
+  /**
+   * @see ORM::__get()
+   */
+  public function __get($column) {
+    if ($column == "user") {
+      // This relationship depends on an outside module, which may not be present so handle
+      // failures gracefully.
+      try {
+        return user::lookup($this->user_id);
+      } catch (Exception $e) {
+        return null;
+      }
+    } else {
+      return parent::__get($column);
+    }
+  }
 }
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 0b748955..a8a8cd95 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -21,8 +21,8 @@ class Admin_Users_Controller extends Admin_Controller {
   public function index() {
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_users.html");
-    $view->content->users = ORM::factory("user")->orderby("name")->find_all();
-    $view->content->groups = ORM::factory("group")->orderby("name")->find_all();
+    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
+    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
     print $view;
   }
 
@@ -32,8 +32,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $form = user::get_add_form_admin();
     $valid = $form->validate();
     $name = $form->add_user->inputs["name"]->value;
-    $user = ORM::factory("user")->where("name", $name)->find();
-    if ($user->loaded) {
+    if ($user = user::lookup_by_name($name)) {
       $form->add_user->inputs["name"]->add_error("in_use", 1);
       $valid = false;
     }
@@ -70,8 +69,8 @@ class Admin_Users_Controller extends Admin_Controller {
       access::forbidden();
     }
 
-    $user = ORM::factory("user", $id);
-    if (!$user->loaded) {
+    $user = user::lookup($id);
+    if (empty($user)) {
       kohana::show_404();
     }
 
@@ -91,8 +90,8 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function delete_user_form($id) {
-    $user = ORM::factory("user", $id);
-    if (!$user->loaded) {
+    $user = user::lookup($id);
+    if (empty($user)) {
       kohana::show_404();
     }
     print user::get_delete_form_admin($user);
@@ -101,8 +100,8 @@ class Admin_Users_Controller extends Admin_Controller {
   public function edit_user($id) {
     access::verify_csrf();
 
-    $user = ORM::factory("user", $id);
-    if (!$user->loaded) {
+    $user = user::lookup($id);
+    if (empty($user)) {
       kohana::show_404();
     }
 
@@ -110,12 +109,9 @@ class Admin_Users_Controller extends Admin_Controller {
     $valid = $form->validate();
     if ($valid) {
       $new_name = $form->edit_user->inputs["name"]->value;
+      $temp_user = user::lookup_by_name($new_name);
       if ($new_name != $user->name &&
-          ORM::factory("user")
-          ->where("name", $new_name)
-          ->where("id !=", $user->id)
-          ->find()
-          ->loaded) {
+          ($temp_user && $temp_user->id != $user->id)) {
         $form->edit_user->inputs["name"]->add_error("in_use", 1);
         $valid = false;
       } else {
@@ -151,8 +147,8 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function edit_user_form($id) {
-    $user = ORM::factory("user", $id);
-    if (!$user->loaded) {
+    $user = user::lookup($id);
+    if (empty($user)) {
       kohana::show_404();
     }
 
@@ -166,23 +162,23 @@ class Admin_Users_Controller extends Admin_Controller {
 
   public function add_user_to_group($user_id, $group_id) {
     access::verify_csrf();
-    $group = ORM::factory("group", $group_id);
-    $user = ORM::factory("user", $user_id);
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
     $group->add($user);
     $group->save();
   }
 
   public function remove_user_from_group($user_id, $group_id) {
     access::verify_csrf();
-    $group = ORM::factory("group", $group_id);
-    $user = ORM::factory("user", $user_id);
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
     $group->remove($user);
     $group->save();
   }
 
   public function group($group_id) {
     $view = new View("admin_users_group.html");
-    $view->group = ORM::factory("group", $group_id);
+    $view->group = group::lookup($group_id);
     print $view;
   }
 
@@ -193,8 +189,8 @@ class Admin_Users_Controller extends Admin_Controller {
     $valid = $form->validate();
     if ($valid) {
       $new_name = $form->add_group->inputs["name"]->value;
-      $group = ORM::factory("group")->where("name", $new_name)->find();
-      if ($group->loaded) {
+      $group = group::lookup_by_name($new_name);
+      if (!empty($group)) {
         $form->add_group->inputs["name"]->add_error("in_use", 1);
         $valid = false;
       }
@@ -219,8 +215,8 @@ class Admin_Users_Controller extends Admin_Controller {
   public function delete_group($id) {
     access::verify_csrf();
 
-    $group = ORM::factory("group", $id);
-    if (!$group->loaded) {
+    $group = group::lookup($id);
+    if (empty($group)) {
       kohana::show_404();
     }
 
@@ -240,19 +236,20 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function delete_group_form($id) {
-    $group = ORM::factory("group", $id);
-    if (!$group->loaded) {
+    $group = group::lookup($id);
+    if (empty($group)) {
       kohana::show_404();
     }
+
     print group::get_delete_form_admin($group);
   }
 
   public function edit_group($id) {
     access::verify_csrf();
 
-    $group = ORM::factory("group", $id);
-    if (!$group->loaded) {
-      kohana::show_404();
+    $group = group::lookup($id);
+    if (empty($group)) {
+       kohana::show_404();
     }
 
     $form = group::get_edit_form_admin($group);
@@ -260,7 +257,7 @@ class Admin_Users_Controller extends Admin_Controller {
 
     if ($valid) {
       $new_name = $form->edit_group->inputs["name"]->value;
-      $group = ORM::factory("group")->where("name", $new_name)->find();
+      $group = group::lookup_by_name($name);
       if ($group->loaded) {
         $form->edit_group->inputs["name"]->add_error("in_use", 1);
         $valid = false;
@@ -282,8 +279,8 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function edit_group_form($id) {
-    $group = ORM::factory("group", $id);
-    if (!$group->loaded) {
+    $group = group::lookup($id);
+    if (empty($group)) {
       kohana::show_404();
     }
 
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 8bee7db5..2c4bd557 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -53,13 +53,12 @@ class Login_Controller extends Controller {
       print $form;
     }
   }
-
   private function _auth($url) {
     $form = user::get_login_form($url);
     $valid = $form->validate();
     if ($valid) {
-      $user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find();
-      if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) {
+      $user = user::lookup_by_name($form->login->inputs["name"]->value);
+      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
         log::warning(
           "user",
           t("Failed login for %name",
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 4629bbf2..e8b08960 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -32,10 +32,8 @@ class Password_Controller extends Controller {
     if (request::method() == "post") {
       $this->_change_password();
     } else {
-      $user = ORM::factory("user")
-        ->where("hash", Input::instance()->get("key"))
-        ->find();
-      if ($user->loaded) {
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      if (!empty($user)) {
         print $this->_new_password_form($user->hash);
       } else {
         throw new Exception("@todo FORBIDDEN", 503);
@@ -48,7 +46,7 @@ class Password_Controller extends Controller {
 
     $valid = $form->validate();
     if ($valid) {
-      $user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find();
+      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
       if (!$user->loaded || empty($user->email)) {
         $form->reset->inputs["name"]->add_error("no_email", 1);
         $valid = false;
@@ -118,11 +116,8 @@ class Password_Controller extends Controller {
   private function _change_password() {
     $view = $this->_new_password_form();
     if ($view->content->validate()) {
-      $user = ORM::factory("user")
-        ->where("hash", $view->content->reset->hash->value)
-        ->find();
-
-      if (!$user->loaded) {
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      if (empty($user)) {
         throw new Exception("@todo FORBIDDEN", 503);
       }
 
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
index b13895bc..2590c7d1 100644
--- a/modules/user/helpers/group.php
+++ b/modules/user/helpers/group.php
@@ -73,6 +73,20 @@ class group_Core {
     return null;
   }
 
+  /**
+   * List the users
+   * @param mixed      filters (@see Database.php
+   * @return array     the group list.
+   */
+  static function get_group_list($filter=array()) {
+    $group = ORM::factory("group");
+
+    foreach($filter as $method => $args) {
+      $group->$method($args);
+    }
+    return $group->find_all();
+  }
+
   static function get_edit_form_admin($group) {
     $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form"));
     $form_group = $form->group("edit_group")->label(t("Edit Group"));
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index 432994d6..6a155768 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -304,27 +304,62 @@ class user_Core {
    * @return User_Model  the user object, or null if the id was invalid.
    */
   static function lookup($id) {
-    $user = model_cache::get("user", $id);
-    if ($user->loaded) {
-      return $user;
-    }
-    return null;
+    return self::_lookup_user_by_field("id", $id);
   }
 
   /**
    * Look up a user by name.
-   * @param integer      $id the user name
+   * @param integer      $name the user name
    * @return User_Model  the user object, or null if the name was invalid.
    */
   static function lookup_by_name($name) {
-    $user = model_cache::get("user", $name, "name");
-    if ($user->loaded) {
-      return $user;
+    return self::_lookup_user_by_field("name", $name);
+  }
+
+  /**
+   * Look up a user by hash.
+   * @param integer      $hash the user hash value
+   * @return User_Model  the user object, or null if the name was invalid.
+   */
+  static function lookup_by_hash($hash) {
+    return self::_lookup_user_by_field("hash", $hash);
+  }
+
+  /**
+   * List the users
+   * @param mixed      filters (@see Database.php
+   * @return array     the user list.
+   */
+  static function get_user_list($filter=array()) {
+    $user = ORM::factory("user");
+
+    foreach($filter as $method => $args) {
+      $user->$method($args);
     }
-    return null;
+    return $user->find_all();
   }
 
   /**
+   * Look up a user by field value.
+   * @param string      search field
+   * @param string      search value
+   * @return User_Core  the user object, or null if the name was invalid.
+   */
+ private static function _lookup_user_by_field($field_name, $value) {
+    try {
+      $user = model_cache::get("user", $value, $field_name);
+      if ($user->loaded) {
+        return $user;
+      }
+    } catch (Exception $e) {
+      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
+       throw $e;
+      }
+    }
+    return null;
+  }
+
+ /**
    * Create a hashed password using md5 plus salt.
    * @param string $password plaintext password
    * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
-- 
cgit v1.2.3


From 2af48060117bdf30fb48929dd8c9d22800a70843 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 13 Oct 2009 13:19:17 -0700
Subject: Refactor the ui component of the user module into the gallery core
 module.

---
 modules/gallery/controllers/admin_users.php        | 290 +++++++++++++++++++++
 modules/gallery/controllers/login.php              |  81 ++++++
 modules/gallery/controllers/logout.php             |  38 +++
 modules/gallery/controllers/password.php           | 133 ++++++++++
 modules/gallery/controllers/users.php              |  68 +++++
 modules/gallery/helpers/gallery_event.php          |   4 +
 modules/gallery/views/admin_users.html.php         | 128 +++++++++
 modules/gallery/views/admin_users_group.html.php   |  38 +++
 modules/gallery/views/login.html.php               |  22 ++
 modules/gallery/views/login_ajax.html.php          |  43 +++
 modules/gallery/views/reset_password.html.php      |  17 ++
 .../gallery/views/user_languages_block.html.php    |  19 ++
 modules/user/controllers/admin_users.php           | 290 ---------------------
 modules/user/controllers/login.php                 |  81 ------
 modules/user/controllers/logout.php                |  38 ---
 modules/user/controllers/password.php              | 133 ----------
 modules/user/controllers/users.php                 |  68 -----
 modules/user/helpers/user_event.php                |  28 --
 modules/user/views/admin_users.html.php            | 128 ---------
 modules/user/views/admin_users_group.html.php      |  38 ---
 modules/user/views/login.html.php                  |  22 --
 modules/user/views/login_ajax.html.php             |  43 ---
 modules/user/views/reset_password.html.php         |  17 --
 modules/user/views/user_languages_block.html.php   |  19 --
 24 files changed, 881 insertions(+), 905 deletions(-)
 create mode 100644 modules/gallery/controllers/admin_users.php
 create mode 100644 modules/gallery/controllers/login.php
 create mode 100644 modules/gallery/controllers/logout.php
 create mode 100644 modules/gallery/controllers/password.php
 create mode 100644 modules/gallery/controllers/users.php
 create mode 100644 modules/gallery/views/admin_users.html.php
 create mode 100644 modules/gallery/views/admin_users_group.html.php
 create mode 100644 modules/gallery/views/login.html.php
 create mode 100644 modules/gallery/views/login_ajax.html.php
 create mode 100644 modules/gallery/views/reset_password.html.php
 create mode 100644 modules/gallery/views/user_languages_block.html.php
 delete mode 100644 modules/user/controllers/admin_users.php
 delete mode 100644 modules/user/controllers/login.php
 delete mode 100644 modules/user/controllers/logout.php
 delete mode 100644 modules/user/controllers/password.php
 delete mode 100644 modules/user/controllers/users.php
 delete mode 100644 modules/user/helpers/user_event.php
 delete mode 100644 modules/user/views/admin_users.html.php
 delete mode 100644 modules/user/views/admin_users_group.html.php
 delete mode 100644 modules/user/views/login.html.php
 delete mode 100644 modules/user/views/login_ajax.html.php
 delete mode 100644 modules/user/views/reset_password.html.php
 delete mode 100644 modules/user/views/user_languages_block.html.php

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/controllers/admin_users.php b/modules/gallery/controllers/admin_users.php
new file mode 100644
index 00000000..a8a8cd95
--- /dev/null
+++ b/modules/gallery/controllers/admin_users.php
@@ -0,0 +1,290 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Admin_Users_Controller extends Admin_Controller {
+  public function index() {
+    $view = new Admin_View("admin.html");
+    $view->content = new View("admin_users.html");
+    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
+    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
+    print $view;
+  }
+
+  public function add_user() {
+    access::verify_csrf();
+
+    $form = user::get_add_form_admin();
+    $valid = $form->validate();
+    $name = $form->add_user->inputs["name"]->value;
+    if ($user = user::lookup_by_name($name)) {
+      $form->add_user->inputs["name"]->add_error("in_use", 1);
+      $valid = false;
+    }
+
+    if ($valid) {
+      $user = user::create(
+        $name, $form->add_user->full_name->value, $form->add_user->password->value);
+      $user->email = $form->add_user->email->value;
+      $user->admin = $form->add_user->admin->checked;
+
+      if ($form->add_user->locale) {
+        $desired_locale = $form->add_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+      $user->save();
+      module::event("user_add_form_admin_completed", $user, $form);
+
+      message::success(t("Created user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_user_form() {
+    print user::get_add_form_admin();
+  }
+
+  public function delete_user($id) {
+    access::verify_csrf();
+
+    if ($id == user::active()->id || $id == user::guest()->id) {
+      access::forbidden();
+    }
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_delete_form_admin($user);
+    if($form->validate()) {
+      $name = $user->name;
+      $user->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted user %user_name", array("user_name" => $name));
+    log::success("user", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+    print user::get_delete_form_admin($user);
+  }
+
+  public function edit_user($id) {
+    access::verify_csrf();
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->edit_user->inputs["name"]->value;
+      $temp_user = user::lookup_by_name($new_name);
+      if ($new_name != $user->name &&
+          ($temp_user && $temp_user->id != $user->id)) {
+        $form->edit_user->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      } else {
+        $user->name = $new_name;
+      }
+    }
+
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+
+      // An admin can change the admin status for any user but themselves
+      if ($user->id != user::active()->id) {
+        $user->admin = $form->edit_user->admin->checked;
+      }
+      $user->save();
+      module::event("user_edit_form_admin_completed", $user, $form);
+
+      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    // Don't allow the user to control their own admin bit, else you can lock yourself out
+    if ($user->id == user::active()->id) {
+      $form->edit_user->admin->disabled(1);
+    }
+    print $form;
+  }
+
+  public function add_user_to_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->add($user);
+    $group->save();
+  }
+
+  public function remove_user_from_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->remove($user);
+    $group->save();
+  }
+
+  public function group($group_id) {
+    $view = new View("admin_users_group.html");
+    $view->group = group::lookup($group_id);
+    print $view;
+  }
+
+  public function add_group() {
+    access::verify_csrf();
+
+    $form = group::get_add_form_admin();
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->add_group->inputs["name"]->value;
+      $group = group::lookup_by_name($new_name);
+      if (!empty($group)) {
+        $form->add_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group = group::create($new_name);
+      $group->save();
+      message::success(
+        t("Created group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_group_form() {
+    print group::get_add_form_admin();
+  }
+
+  public function delete_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    $form = group::get_delete_form_admin($group);
+    if ($form->validate()) {
+      $name = $group->name;
+      $group->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted group %group_name", array("group_name" => $name));
+    log::success("group", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_delete_form_admin($group);
+  }
+
+  public function edit_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+       kohana::show_404();
+    }
+
+    $form = group::get_edit_form_admin($group);
+    $valid = $form->validate();
+
+    if ($valid) {
+      $new_name = $form->edit_group->inputs["name"]->value;
+      $group = group::lookup_by_name($name);
+      if ($group->loaded) {
+        $form->edit_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group->name = $form->edit_group->inputs["name"]->value;
+      $group->save();
+      message::success(
+        t("Changed group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      message::error(
+        t("Failed to change group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_edit_form_admin($group);
+  }
+
+}
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
new file mode 100644
index 00000000..2c4bd557
--- /dev/null
+++ b/modules/gallery/controllers/login.php
@@ -0,0 +1,81 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Login_Controller extends Controller {
+
+  public function ajax() {
+    $view = new View("login_ajax.html");
+    $view->form = user::get_login_form("login/auth_ajax");
+    print $view;
+  }
+
+  public function auth_ajax() {
+    access::verify_csrf();
+
+    list ($valid, $form) = $this->_auth("login/auth_ajax");
+    if ($valid) {
+      print json_encode(
+        array("result" => "success"));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  public function html() {
+    print user::get_login_form("login/auth_html");
+  }
+
+  public function auth_html() {
+    access::verify_csrf();
+
+    list ($valid, $form) = $this->_auth("login/auth_html");
+    if ($valid) {
+      url::redirect(item::root()->abs_url());
+    } else {
+      print $form;
+    }
+  }
+  private function _auth($url) {
+    $form = user::get_login_form($url);
+    $valid = $form->validate();
+    if ($valid) {
+      $user = user::lookup_by_name($form->login->inputs["name"]->value);
+      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
+        log::warning(
+          "user",
+          t("Failed login for %name",
+            array("name" => $form->login->inputs["name"]->value)));
+        $form->login->inputs["name"]->add_error("invalid_login", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      user::login($user);
+      log::info("user", t("User %name logged in", array("name" => $user->name)));
+    }
+
+    // Either way, regenerate the session id to avoid session trapping
+    Session::instance()->regenerate();
+
+    return array($valid, $form);
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
new file mode 100644
index 00000000..45d397ad
--- /dev/null
+++ b/modules/gallery/controllers/logout.php
@@ -0,0 +1,38 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Logout_Controller extends Controller {
+  public function index() {
+    //access::verify_csrf();
+
+    $user = user::active();
+    user::logout();
+    log::info("user", t("User %name logged out", array("name" => $user->name)),
+              html::anchor("user/$user->id", html::clean($user->name)));
+    if ($continue_url = $this->input->get("continue")) {
+      $item = url::get_item_from_uri($continue_url);
+      if (access::can("view", $item)) {
+        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
+        header("Location: $continue_url");
+      } else {
+        url::redirect(item::root()->abs_url());
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php
new file mode 100644
index 00000000..e8b08960
--- /dev/null
+++ b/modules/gallery/controllers/password.php
@@ -0,0 +1,133 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Password_Controller extends Controller {
+  public function reset() {
+    if (request::method() == "post") {
+      // @todo separate the post from get parts of this function
+      access::verify_csrf();
+      $this->_send_reset();
+    } else {
+      print $this->_reset_form();
+    }
+  }
+
+  public function do_reset() {
+    if (request::method() == "post") {
+      $this->_change_password();
+    } else {
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      if (!empty($user)) {
+        print $this->_new_password_form($user->hash);
+      } else {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+    }
+  }
+
+  private function _send_reset() {
+    $form = $this->_reset_form();
+
+    $valid = $form->validate();
+    if ($valid) {
+      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
+      if (!$user->loaded || empty($user->email)) {
+        $form->reset->inputs["name"]->add_error("no_email", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $user->hash = md5(rand());
+      $user->save();
+      $message = new View("reset_password.html");
+      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
+      $message->user = $user;
+
+      Sendmail::factory()
+        ->to($user->email)
+        ->subject(t("Password Reset Request"))
+        ->header("Mime-Version", "1.0")
+        ->header("Content-type", "text/html; charset=iso-8859-1")
+        ->message($message->render())
+        ->send();
+
+      log::success(
+        "user",
+        t("Password reset email sent for user %name", array("name" => $user->name)));
+    } else {
+      // Don't include the username here until you're sure that it's XSS safe
+      log::warning(
+        "user", "Password reset email requested for bogus user");
+    }
+
+    message::success(t("Password reset email sent"));
+    print json_encode(
+      array("result" => "success"));
+  }
+
+  private function _reset_form() {
+    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
+    $group = $form->group("reset")->label(t("Reset Password"));
+    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
+    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
+    $group->submit("")->value(t("Reset"));
+
+    return $form;
+  }
+
+  private function _new_password_form($hash=null) {
+    $template = new Theme_View("page.html", "reset");
+
+    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
+    $group = $form->group("reset")->label(t("Change Password"));
+    $hidden = $group->hidden("hash");
+    if (!empty($hash)) {
+      $hidden->value($hash);
+    }
+    $group->password("password")->label(t("Password"))->id("g-password")
+      ->rules("required|length[1,40]");
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+      ->matches($group->password);
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
+    $group->submit("")->value(t("Update"));
+
+    $template->content = $form;
+    return $template;
+  }
+
+  private function _change_password() {
+    $view = $this->_new_password_form();
+    if ($view->content->validate()) {
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      if (empty($user)) {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+
+      $user->password = $view->content->reset->password->value;
+      $user->hash = null;
+      $user->save();
+      message::success(t("Password reset successfully"));
+      url::redirect(item::root()->abs_url());
+    } else {
+      print $view;
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/users.php b/modules/gallery/controllers/users.php
new file mode 100644
index 00000000..07c5a457
--- /dev/null
+++ b/modules/gallery/controllers/users.php
@@ -0,0 +1,68 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Users_Controller extends Controller {
+  public function update($id) {
+    $user = user::lookup($id);
+
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
+    $form = user::get_edit_form($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $new_locale = $desired_locale == "none" ? null : $desired_locale;
+        if ($new_locale != $user->locale) {
+          // Delete the session based locale preference
+          setcookie("g_locale", "", time() - 24 * 3600, "/");
+        }
+        $user->locale = $new_locale;
+      }
+      $user->save();
+      module::event("user_edit_form_completed", $user, $form);
+
+      message::success(t("User information updated."));
+      print json_encode(
+        array("result" => "success",
+              "resource" => url::site("users/{$user->id}")));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  public function form_edit($id) {
+    $user = user::lookup($id);
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
+    print user::get_edit_form($user);
+  }
+}
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 106aa202..e0de2152 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -187,6 +187,10 @@ class gallery_event_Core {
                         ->id("sidebar")
                         ->label(t("Manage Sidebar"))
                         ->url(url::site("admin/sidebar"))))
+      ->append(Menu::factory("link")
+               ->id("users_groups")
+               ->label(t("Users/Groups"))
+               ->url(url::site("admin/users")))
       ->append(Menu::factory("submenu")
                ->id("statistics_menu")
                ->label(t("Statistics")))
diff --git a/modules/gallery/views/admin_users.html.php b/modules/gallery/views/admin_users.html.php
new file mode 100644
index 00000000..a127bc15
--- /dev/null
+++ b/modules/gallery/views/admin_users.html.php
@@ -0,0 +1,128 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+  $(document).ready(function(){
+    $("#g-user-admin-list .core-info").draggable({
+      helper: "clone"
+    });
+    $("#g-group-admin .g-group").droppable({
+      accept: ".core-info",
+      hoverClass: "g-selected",
+      drop: function(ev, ui) {
+        var user_id = $(ui.draggable).attr("id").replace("user-", "");
+        var group_id = $(this).attr("id").replace("group-", "");
+        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+              {},
+              function() {
+                reload_group(group_id);
+              });
+      }
+    });
+    $("#group-1").droppable("destroy");
+    $("#group-2").droppable("destroy");
+  });
+
+  var reload_group = function(group_id) {
+    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
+    $.get(reload_group_url.replace("__GROUPID__", group_id),
+          {},
+          function(data) {
+            $("#group-" + group_id).html(data);
+            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
+          });
+  }
+
+  var remove_user = function(user_id, group_id) {
+    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+          {},
+          function() {
+            reload_group(group_id);
+          });
+  }
+</script>
+<div class="g-block">
+  <a href="<?= url::site("admin/users/add_user_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new user")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new user") ?>
+  </a>
+
+  <h2>
+    <?= t("User Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <table id="g-user-admin-list">
+      <tr>
+        <th><?= t("Username") ?></th>
+        <th><?= t("Full name") ?></th>
+        <th><?= t("Email") ?></th>
+        <th><?= t("Last login") ?></th>
+        <th><?= t("Actions") ?></th>
+      </tr>
+
+      <? foreach ($users as $i => $user): ?>
+      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
+        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
+          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
+               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
+               alt="<?= html::clean_attribute($user->name) ?>"
+               width="20"
+               height="20" />
+          <?= html::clean($user->name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->full_name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->email) ?>
+        </td>
+        <td>
+          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
+        </td>
+        <td class="g-actions">
+          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
+              open_text="<?= t("close") ?>"
+              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
+          <? if (user::active()->id != $user->id && !$user->guest): ?>
+          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
+              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
+          <? else: ?>
+          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
+              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
+          <? endif ?>
+        </td>
+      </tr>
+      <? endforeach ?>
+    </table>
+  </div>
+</div>
+
+<div id="g-group-admin" class="g-block g-clearfix">
+  <a href="<?= url::site("admin/users/add_group_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new group")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new group") ?>
+  </a>
+
+  <h2>
+    <?= t("Group Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <ul>
+      <? foreach ($groups as $i => $group): ?>
+      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
+        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
+        <?= $v ?>
+      </li>
+      <? endforeach ?>
+    </ul>
+  </div>
+</div>
diff --git a/modules/gallery/views/admin_users_group.html.php b/modules/gallery/views/admin_users_group.html.php
new file mode 100644
index 00000000..db3645a0
--- /dev/null
+++ b/modules/gallery/views/admin_users_group.html.php
@@ -0,0 +1,38 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<h4>
+  <?= html::clean($group->name) ?>
+  <? if (!$group->special): ?>
+  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
+    class="g-dialog-link g-button ui-state-default ui-corner-all">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? else: ?>
+  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
+     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? endif ?>
+</h4>
+
+<? if ($group->users->count() > 0): ?>
+<ul>
+  <? foreach ($group->users as $i => $user): ?>
+  <li class="g-user">
+    <?= html::clean($user->name) ?>
+    <? if (!$group->special): ?>
+    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
+       class="g-button ui-state-default ui-corner-all ui-icon-left"
+       title="<?= t("Remove %user from %group group",
+              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
+      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
+    </a>
+    <? endif ?>
+  </li>
+  <? endforeach ?>
+</ul>
+<? else: ?>
+<div>
+  <p>
+    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
+  </p>
+</div>
+<? endif ?>
diff --git a/modules/gallery/views/login.html.php b/modules/gallery/views/login.html.php
new file mode 100644
index 00000000..049ba043
--- /dev/null
+++ b/modules/gallery/views/login.html.php
@@ -0,0 +1,22 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<ul id="g-login-menu">
+  <? if ($user->guest): ?>
+  <li class="first">
+    <a href="<?= url::site("login/ajax") ?>"
+       title="<?= t("Login to Gallery")->for_html_attr() ?>"
+       id="g-login-link"><?= t("Login") ?></a>
+  </li>
+  <? else: ?>
+  <li class="first">
+    <?= t('Logged in as %name', array('name' => html::mark_clean(
+      '<a href="' . url::site("form/edit/users/{$user->id}") .
+      '" title="' . t("Edit Your Profile")->for_html_attr() .
+      '" id="g-user-profile-link" class="g-dialog-link">' .
+      html::clean($user->display_name()) . '</a>'))) ?>
+  </li>
+  <li>
+    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
+       id="g-logout-link"><?= t("Logout") ?></a>
+  </li>
+  <? endif ?>
+</ul>
diff --git a/modules/gallery/views/login_ajax.html.php b/modules/gallery/views/login_ajax.html.php
new file mode 100644
index 00000000..d3364b46
--- /dev/null
+++ b/modules/gallery/views/login_ajax.html.php
@@ -0,0 +1,43 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  $("#g-login-form").ready(function() {
+    $("#g-password-reset").click(function() {
+      $.ajax({
+        url: "<?= url::site("password/reset") ?>",
+        success: function(data) {
+          $("#g-login").html(data);
+          $("#ui-dialog-title-g-dialog").html(<?= t("Reset Password")->for_js() ?>);
+          $(".submit").addClass("g-button ui-state-default ui-corner-all");
+          $(".submit").gallery_hover_init();
+          ajaxify_login_reset_form();
+        }
+      });
+    });
+  });
+
+  function ajaxify_login_reset_form() {
+    $("#g-login form").ajaxForm({
+      dataType: "json",
+      success: function(data) {
+        if (data.form) {
+          $("#g-login form").replaceWith(data.form);
+          ajaxify_login_reset_form();
+        }
+        if (data.result == "success") {
+          $("#g-dialog").dialog("close");
+          window.location.reload();
+        }
+      }
+    });
+  };
+</script>
+<div id="g-login">
+  <ul>
+    <li id="g-login-form">
+      <?= $form ?>
+    </li>
+    <li>
+      <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
+    </li>
+  </ul>
+</div>
diff --git a/modules/gallery/views/reset_password.html.php b/modules/gallery/views/reset_password.html.php
new file mode 100644
index 00000000..92ca4917
--- /dev/null
+++ b/modules/gallery/views/reset_password.html.php
@@ -0,0 +1,17 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<html>
+  <head>
+    <title><?= t("Password Reset Request") ?> </title>
+  </head>
+  <body>
+    <h2><?= t("Password Reset Request") ?> </h2>
+    <p>
+      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
+    </p>
+    <p>
+  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
+        array("site_url" => html::mark_clean(url::base(false, "http")),
+              "confirm_url" => $confirm_url)) ?>
+    </p>
+  </body>
+</html>
diff --git a/modules/gallery/views/user_languages_block.html.php b/modules/gallery/views/user_languages_block.html.php
new file mode 100644
index 00000000..89185967
--- /dev/null
+++ b/modules/gallery/views/user_languages_block.html.php
@@ -0,0 +1,19 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<?= form::dropdown("g-select-session-locale", $installed_locales, $selected) ?>
+<script type="text/javascript">
+  $("#g-select-session-locale").change(function() {
+    var old_locale_preference = <?= html::js_string($selected) ?>;
+    var locale = $(this).val();
+    if (old_locale_preference == locale) {
+      return;
+    }
+
+    var expires = -1;
+    if (locale) {
+      expires = 365;
+    }
+    $.cookie("g_locale", locale, {"expires": expires, "path": "/"});
+    window.location.reload(true);
+  });
+</script>
+
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
deleted file mode 100644
index a8a8cd95..00000000
--- a/modules/user/controllers/admin_users.php
+++ /dev/null
@@ -1,290 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Admin_Users_Controller extends Admin_Controller {
-  public function index() {
-    $view = new Admin_View("admin.html");
-    $view->content = new View("admin_users.html");
-    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
-    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
-    print $view;
-  }
-
-  public function add_user() {
-    access::verify_csrf();
-
-    $form = user::get_add_form_admin();
-    $valid = $form->validate();
-    $name = $form->add_user->inputs["name"]->value;
-    if ($user = user::lookup_by_name($name)) {
-      $form->add_user->inputs["name"]->add_error("in_use", 1);
-      $valid = false;
-    }
-
-    if ($valid) {
-      $user = user::create(
-        $name, $form->add_user->full_name->value, $form->add_user->password->value);
-      $user->email = $form->add_user->email->value;
-      $user->admin = $form->add_user->admin->checked;
-
-      if ($form->add_user->locale) {
-        $desired_locale = $form->add_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-      $user->save();
-      module::event("user_add_form_admin_completed", $user, $form);
-
-      message::success(t("Created user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_user_form() {
-    print user::get_add_form_admin();
-  }
-
-  public function delete_user($id) {
-    access::verify_csrf();
-
-    if ($id == user::active()->id || $id == user::guest()->id) {
-      access::forbidden();
-    }
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_delete_form_admin($user);
-    if($form->validate()) {
-      $name = $user->name;
-      $user->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted user %user_name", array("user_name" => $name));
-    log::success("user", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-    print user::get_delete_form_admin($user);
-  }
-
-  public function edit_user($id) {
-    access::verify_csrf();
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->edit_user->inputs["name"]->value;
-      $temp_user = user::lookup_by_name($new_name);
-      if ($new_name != $user->name &&
-          ($temp_user && $temp_user->id != $user->id)) {
-        $form->edit_user->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      } else {
-        $user->name = $new_name;
-      }
-    }
-
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-
-      // An admin can change the admin status for any user but themselves
-      if ($user->id != user::active()->id) {
-        $user->admin = $form->edit_user->admin->checked;
-      }
-      $user->save();
-      module::event("user_edit_form_admin_completed", $user, $form);
-
-      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == user::active()->id) {
-      $form->edit_user->admin->disabled(1);
-    }
-    print $form;
-  }
-
-  public function add_user_to_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->add($user);
-    $group->save();
-  }
-
-  public function remove_user_from_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->remove($user);
-    $group->save();
-  }
-
-  public function group($group_id) {
-    $view = new View("admin_users_group.html");
-    $view->group = group::lookup($group_id);
-    print $view;
-  }
-
-  public function add_group() {
-    access::verify_csrf();
-
-    $form = group::get_add_form_admin();
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->add_group->inputs["name"]->value;
-      $group = group::lookup_by_name($new_name);
-      if (!empty($group)) {
-        $form->add_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group = group::create($new_name);
-      $group->save();
-      message::success(
-        t("Created group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_group_form() {
-    print group::get_add_form_admin();
-  }
-
-  public function delete_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    $form = group::get_delete_form_admin($group);
-    if ($form->validate()) {
-      $name = $group->name;
-      $group->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted group %group_name", array("group_name" => $name));
-    log::success("group", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_delete_form_admin($group);
-  }
-
-  public function edit_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-       kohana::show_404();
-    }
-
-    $form = group::get_edit_form_admin($group);
-    $valid = $form->validate();
-
-    if ($valid) {
-      $new_name = $form->edit_group->inputs["name"]->value;
-      $group = group::lookup_by_name($name);
-      if ($group->loaded) {
-        $form->edit_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group->name = $form->edit_group->inputs["name"]->value;
-      $group->save();
-      message::success(
-        t("Changed group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      message::error(
-        t("Failed to change group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_edit_form_admin($group);
-  }
-
-}
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
deleted file mode 100644
index 2c4bd557..00000000
--- a/modules/user/controllers/login.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Login_Controller extends Controller {
-
-  public function ajax() {
-    $view = new View("login_ajax.html");
-    $view->form = user::get_login_form("login/auth_ajax");
-    print $view;
-  }
-
-  public function auth_ajax() {
-    access::verify_csrf();
-
-    list ($valid, $form) = $this->_auth("login/auth_ajax");
-    if ($valid) {
-      print json_encode(
-        array("result" => "success"));
-    } else {
-      print json_encode(
-        array("result" => "error",
-              "form" => $form->__toString()));
-    }
-  }
-
-  public function html() {
-    print user::get_login_form("login/auth_html");
-  }
-
-  public function auth_html() {
-    access::verify_csrf();
-
-    list ($valid, $form) = $this->_auth("login/auth_html");
-    if ($valid) {
-      url::redirect(item::root()->abs_url());
-    } else {
-      print $form;
-    }
-  }
-  private function _auth($url) {
-    $form = user::get_login_form($url);
-    $valid = $form->validate();
-    if ($valid) {
-      $user = user::lookup_by_name($form->login->inputs["name"]->value);
-      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
-        log::warning(
-          "user",
-          t("Failed login for %name",
-            array("name" => $form->login->inputs["name"]->value)));
-        $form->login->inputs["name"]->add_error("invalid_login", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      user::login($user);
-      log::info("user", t("User %name logged in", array("name" => $user->name)));
-    }
-
-    // Either way, regenerate the session id to avoid session trapping
-    Session::instance()->regenerate();
-
-    return array($valid, $form);
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
deleted file mode 100644
index 45d397ad..00000000
--- a/modules/user/controllers/logout.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Logout_Controller extends Controller {
-  public function index() {
-    //access::verify_csrf();
-
-    $user = user::active();
-    user::logout();
-    log::info("user", t("User %name logged out", array("name" => $user->name)),
-              html::anchor("user/$user->id", html::clean($user->name)));
-    if ($continue_url = $this->input->get("continue")) {
-      $item = url::get_item_from_uri($continue_url);
-      if (access::can("view", $item)) {
-        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
-        header("Location: $continue_url");
-      } else {
-        url::redirect(item::root()->abs_url());
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
deleted file mode 100644
index e8b08960..00000000
--- a/modules/user/controllers/password.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Password_Controller extends Controller {
-  public function reset() {
-    if (request::method() == "post") {
-      // @todo separate the post from get parts of this function
-      access::verify_csrf();
-      $this->_send_reset();
-    } else {
-      print $this->_reset_form();
-    }
-  }
-
-  public function do_reset() {
-    if (request::method() == "post") {
-      $this->_change_password();
-    } else {
-      $user = user::lookup_by_hash(Input::instance()->get("key"));
-      if (!empty($user)) {
-        print $this->_new_password_form($user->hash);
-      } else {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-    }
-  }
-
-  private function _send_reset() {
-    $form = $this->_reset_form();
-
-    $valid = $form->validate();
-    if ($valid) {
-      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
-      if (!$user->loaded || empty($user->email)) {
-        $form->reset->inputs["name"]->add_error("no_email", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $user->hash = md5(rand());
-      $user->save();
-      $message = new View("reset_password.html");
-      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
-      $message->user = $user;
-
-      Sendmail::factory()
-        ->to($user->email)
-        ->subject(t("Password Reset Request"))
-        ->header("Mime-Version", "1.0")
-        ->header("Content-type", "text/html; charset=iso-8859-1")
-        ->message($message->render())
-        ->send();
-
-      log::success(
-        "user",
-        t("Password reset email sent for user %name", array("name" => $user->name)));
-    } else {
-      // Don't include the username here until you're sure that it's XSS safe
-      log::warning(
-        "user", "Password reset email requested for bogus user");
-    }
-
-    message::success(t("Password reset email sent"));
-    print json_encode(
-      array("result" => "success"));
-  }
-
-  private function _reset_form() {
-    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
-    $group = $form->group("reset")->label(t("Reset Password"));
-    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
-    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
-    $group->submit("")->value(t("Reset"));
-
-    return $form;
-  }
-
-  private function _new_password_form($hash=null) {
-    $template = new Theme_View("page.html", "reset");
-
-    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
-    $group = $form->group("reset")->label(t("Change Password"));
-    $hidden = $group->hidden("hash");
-    if (!empty($hash)) {
-      $hidden->value($hash);
-    }
-    $group->password("password")->label(t("Password"))->id("g-password")
-      ->rules("required|length[1,40]");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password);
-    $group->inputs["password2"]->error_messages(
-      "mistyped", t("The password and the confirm password must match"));
-    $group->submit("")->value(t("Update"));
-
-    $template->content = $form;
-    return $template;
-  }
-
-  private function _change_password() {
-    $view = $this->_new_password_form();
-    if ($view->content->validate()) {
-      $user = user::lookup_by_hash(Input::instance()->get("key"));
-      if (empty($user)) {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-
-      $user->password = $view->content->reset->password->value;
-      $user->hash = null;
-      $user->save();
-      message::success(t("Password reset successfully"));
-      url::redirect(item::root()->abs_url());
-    } else {
-      print $view;
-    }
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
deleted file mode 100644
index 07c5a457..00000000
--- a/modules/user/controllers/users.php
+++ /dev/null
@@ -1,68 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Users_Controller extends Controller {
-  public function update($id) {
-    $user = user::lookup($id);
-
-    if ($user->guest || $user->id != user::active()->id) {
-      access::forbidden();
-    }
-
-    $form = user::get_edit_form($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $new_locale = $desired_locale == "none" ? null : $desired_locale;
-        if ($new_locale != $user->locale) {
-          // Delete the session based locale preference
-          setcookie("g_locale", "", time() - 24 * 3600, "/");
-        }
-        $user->locale = $new_locale;
-      }
-      $user->save();
-      module::event("user_edit_form_completed", $user, $form);
-
-      message::success(t("User information updated."));
-      print json_encode(
-        array("result" => "success",
-              "resource" => url::site("users/{$user->id}")));
-    } else {
-      print json_encode(
-        array("result" => "error",
-              "form" => $form->__toString()));
-    }
-  }
-
-  public function form_edit($id) {
-    $user = user::lookup($id);
-    if ($user->guest || $user->id != user::active()->id) {
-      access::forbidden();
-    }
-
-    print user::get_edit_form($user);
-  }
-}
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
deleted file mode 100644
index 93a92589..00000000
--- a/modules/user/helpers/user_event.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class user_event_Core {
-  static function admin_menu($menu, $theme) {
-    $menu->add_after("appearance_menu",
-                     Menu::factory("link")
-                     ->id("users_groups")
-                     ->label(t("Users/Groups"))
-                     ->url(url::site("admin/users")));
-  }
-}
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
deleted file mode 100644
index a127bc15..00000000
--- a/modules/user/views/admin_users.html.php
+++ /dev/null
@@ -1,128 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-  $(document).ready(function(){
-    $("#g-user-admin-list .core-info").draggable({
-      helper: "clone"
-    });
-    $("#g-group-admin .g-group").droppable({
-      accept: ".core-info",
-      hoverClass: "g-selected",
-      drop: function(ev, ui) {
-        var user_id = $(ui.draggable).attr("id").replace("user-", "");
-        var group_id = $(this).attr("id").replace("group-", "");
-        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-              {},
-              function() {
-                reload_group(group_id);
-              });
-      }
-    });
-    $("#group-1").droppable("destroy");
-    $("#group-2").droppable("destroy");
-  });
-
-  var reload_group = function(group_id) {
-    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
-    $.get(reload_group_url.replace("__GROUPID__", group_id),
-          {},
-          function(data) {
-            $("#group-" + group_id).html(data);
-            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
-          });
-  }
-
-  var remove_user = function(user_id, group_id) {
-    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-          {},
-          function() {
-            reload_group(group_id);
-          });
-  }
-</script>
-<div class="g-block">
-  <a href="<?= url::site("admin/users/add_user_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new user")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new user") ?>
-  </a>
-
-  <h2>
-    <?= t("User Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <table id="g-user-admin-list">
-      <tr>
-        <th><?= t("Username") ?></th>
-        <th><?= t("Full name") ?></th>
-        <th><?= t("Email") ?></th>
-        <th><?= t("Last login") ?></th>
-        <th><?= t("Actions") ?></th>
-      </tr>
-
-      <? foreach ($users as $i => $user): ?>
-      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
-        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
-          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
-               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
-               alt="<?= html::clean_attribute($user->name) ?>"
-               width="20"
-               height="20" />
-          <?= html::clean($user->name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->full_name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->email) ?>
-        </td>
-        <td>
-          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
-        </td>
-        <td class="g-actions">
-          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
-              open_text="<?= t("close") ?>"
-              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
-          <? if (user::active()->id != $user->id && !$user->guest): ?>
-          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
-              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-          <? else: ?>
-          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
-              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
-          <? endif ?>
-        </td>
-      </tr>
-      <? endforeach ?>
-    </table>
-  </div>
-</div>
-
-<div id="g-group-admin" class="g-block g-clearfix">
-  <a href="<?= url::site("admin/users/add_group_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new group")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new group") ?>
-  </a>
-
-  <h2>
-    <?= t("Group Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <ul>
-      <? foreach ($groups as $i => $group): ?>
-      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
-        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
-        <?= $v ?>
-      </li>
-      <? endforeach ?>
-    </ul>
-  </div>
-</div>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
deleted file mode 100644
index db3645a0..00000000
--- a/modules/user/views/admin_users_group.html.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<h4>
-  <?= html::clean($group->name) ?>
-  <? if (!$group->special): ?>
-  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
-    class="g-dialog-link g-button ui-state-default ui-corner-all">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? else: ?>
-  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
-     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? endif ?>
-</h4>
-
-<? if ($group->users->count() > 0): ?>
-<ul>
-  <? foreach ($group->users as $i => $user): ?>
-  <li class="g-user">
-    <?= html::clean($user->name) ?>
-    <? if (!$group->special): ?>
-    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
-       class="g-button ui-state-default ui-corner-all ui-icon-left"
-       title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
-      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
-    </a>
-    <? endif ?>
-  </li>
-  <? endforeach ?>
-</ul>
-<? else: ?>
-<div>
-  <p>
-    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
-  </p>
-</div>
-<? endif ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
deleted file mode 100644
index 049ba043..00000000
--- a/modules/user/views/login.html.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<ul id="g-login-menu">
-  <? if ($user->guest): ?>
-  <li class="first">
-    <a href="<?= url::site("login/ajax") ?>"
-       title="<?= t("Login to Gallery")->for_html_attr() ?>"
-       id="g-login-link"><?= t("Login") ?></a>
-  </li>
-  <? else: ?>
-  <li class="first">
-    <?= t('Logged in as %name', array('name' => html::mark_clean(
-      '<a href="' . url::site("form/edit/users/{$user->id}") .
-      '" title="' . t("Edit Your Profile")->for_html_attr() .
-      '" id="g-user-profile-link" class="g-dialog-link">' .
-      html::clean($user->display_name()) . '</a>'))) ?>
-  </li>
-  <li>
-    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
-       id="g-logout-link"><?= t("Logout") ?></a>
-  </li>
-  <? endif ?>
-</ul>
diff --git a/modules/user/views/login_ajax.html.php b/modules/user/views/login_ajax.html.php
deleted file mode 100644
index d3364b46..00000000
--- a/modules/user/views/login_ajax.html.php
+++ /dev/null
@@ -1,43 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  $("#g-login-form").ready(function() {
-    $("#g-password-reset").click(function() {
-      $.ajax({
-        url: "<?= url::site("password/reset") ?>",
-        success: function(data) {
-          $("#g-login").html(data);
-          $("#ui-dialog-title-g-dialog").html(<?= t("Reset Password")->for_js() ?>);
-          $(".submit").addClass("g-button ui-state-default ui-corner-all");
-          $(".submit").gallery_hover_init();
-          ajaxify_login_reset_form();
-        }
-      });
-    });
-  });
-
-  function ajaxify_login_reset_form() {
-    $("#g-login form").ajaxForm({
-      dataType: "json",
-      success: function(data) {
-        if (data.form) {
-          $("#g-login form").replaceWith(data.form);
-          ajaxify_login_reset_form();
-        }
-        if (data.result == "success") {
-          $("#g-dialog").dialog("close");
-          window.location.reload();
-        }
-      }
-    });
-  };
-</script>
-<div id="g-login">
-  <ul>
-    <li id="g-login-form">
-      <?= $form ?>
-    </li>
-    <li>
-      <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
-    </li>
-  </ul>
-</div>
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
deleted file mode 100644
index 92ca4917..00000000
--- a/modules/user/views/reset_password.html.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<html>
-  <head>
-    <title><?= t("Password Reset Request") ?> </title>
-  </head>
-  <body>
-    <h2><?= t("Password Reset Request") ?> </h2>
-    <p>
-      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
-    </p>
-    <p>
-  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
-        array("site_url" => html::mark_clean(url::base(false, "http")),
-              "confirm_url" => $confirm_url)) ?>
-    </p>
-  </body>
-</html>
diff --git a/modules/user/views/user_languages_block.html.php b/modules/user/views/user_languages_block.html.php
deleted file mode 100644
index 89185967..00000000
--- a/modules/user/views/user_languages_block.html.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<?= form::dropdown("g-select-session-locale", $installed_locales, $selected) ?>
-<script type="text/javascript">
-  $("#g-select-session-locale").change(function() {
-    var old_locale_preference = <?= html::js_string($selected) ?>;
-    var locale = $(this).val();
-    if (old_locale_preference == locale) {
-      return;
-    }
-
-    var expires = -1;
-    if (locale) {
-      expires = 365;
-    }
-    $.cookie("g_locale", locale, {"expires": expires, "path": "/"});
-    window.location.reload(true);
-  });
-</script>
-
-- 
cgit v1.2.3


From 0d5d4c81bcca44f037deb847a4c837752f774e49 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 14 Oct 2009 21:20:30 -0700
Subject: Move the ui for user adminsitration back to the user module.

---
 modules/gallery/controllers/admin_users.php      | 290 -----------------------
 modules/gallery/views/admin_users.html.php       | 128 ----------
 modules/gallery/views/admin_users_group.html.php |  38 ---
 modules/user/controllers/admin_users.php         | 290 +++++++++++++++++++++++
 modules/user/helpers/user_event.php              |  30 +++
 modules/user/views/admin_users.html.php          | 128 ++++++++++
 modules/user/views/admin_users_group.html.php    |  38 +++
 7 files changed, 486 insertions(+), 456 deletions(-)
 delete mode 100644 modules/gallery/controllers/admin_users.php
 delete mode 100644 modules/gallery/views/admin_users.html.php
 delete mode 100644 modules/gallery/views/admin_users_group.html.php
 create mode 100644 modules/user/controllers/admin_users.php
 create mode 100644 modules/user/helpers/user_event.php
 create mode 100644 modules/user/views/admin_users.html.php
 create mode 100644 modules/user/views/admin_users_group.html.php

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/controllers/admin_users.php b/modules/gallery/controllers/admin_users.php
deleted file mode 100644
index a8a8cd95..00000000
--- a/modules/gallery/controllers/admin_users.php
+++ /dev/null
@@ -1,290 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Admin_Users_Controller extends Admin_Controller {
-  public function index() {
-    $view = new Admin_View("admin.html");
-    $view->content = new View("admin_users.html");
-    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
-    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
-    print $view;
-  }
-
-  public function add_user() {
-    access::verify_csrf();
-
-    $form = user::get_add_form_admin();
-    $valid = $form->validate();
-    $name = $form->add_user->inputs["name"]->value;
-    if ($user = user::lookup_by_name($name)) {
-      $form->add_user->inputs["name"]->add_error("in_use", 1);
-      $valid = false;
-    }
-
-    if ($valid) {
-      $user = user::create(
-        $name, $form->add_user->full_name->value, $form->add_user->password->value);
-      $user->email = $form->add_user->email->value;
-      $user->admin = $form->add_user->admin->checked;
-
-      if ($form->add_user->locale) {
-        $desired_locale = $form->add_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-      $user->save();
-      module::event("user_add_form_admin_completed", $user, $form);
-
-      message::success(t("Created user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_user_form() {
-    print user::get_add_form_admin();
-  }
-
-  public function delete_user($id) {
-    access::verify_csrf();
-
-    if ($id == user::active()->id || $id == user::guest()->id) {
-      access::forbidden();
-    }
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_delete_form_admin($user);
-    if($form->validate()) {
-      $name = $user->name;
-      $user->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted user %user_name", array("user_name" => $name));
-    log::success("user", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-    print user::get_delete_form_admin($user);
-  }
-
-  public function edit_user($id) {
-    access::verify_csrf();
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->edit_user->inputs["name"]->value;
-      $temp_user = user::lookup_by_name($new_name);
-      if ($new_name != $user->name &&
-          ($temp_user && $temp_user->id != $user->id)) {
-        $form->edit_user->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      } else {
-        $user->name = $new_name;
-      }
-    }
-
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-
-      // An admin can change the admin status for any user but themselves
-      if ($user->id != user::active()->id) {
-        $user->admin = $form->edit_user->admin->checked;
-      }
-      $user->save();
-      module::event("user_edit_form_admin_completed", $user, $form);
-
-      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == user::active()->id) {
-      $form->edit_user->admin->disabled(1);
-    }
-    print $form;
-  }
-
-  public function add_user_to_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->add($user);
-    $group->save();
-  }
-
-  public function remove_user_from_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->remove($user);
-    $group->save();
-  }
-
-  public function group($group_id) {
-    $view = new View("admin_users_group.html");
-    $view->group = group::lookup($group_id);
-    print $view;
-  }
-
-  public function add_group() {
-    access::verify_csrf();
-
-    $form = group::get_add_form_admin();
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->add_group->inputs["name"]->value;
-      $group = group::lookup_by_name($new_name);
-      if (!empty($group)) {
-        $form->add_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group = group::create($new_name);
-      $group->save();
-      message::success(
-        t("Created group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_group_form() {
-    print group::get_add_form_admin();
-  }
-
-  public function delete_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    $form = group::get_delete_form_admin($group);
-    if ($form->validate()) {
-      $name = $group->name;
-      $group->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted group %group_name", array("group_name" => $name));
-    log::success("group", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_delete_form_admin($group);
-  }
-
-  public function edit_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-       kohana::show_404();
-    }
-
-    $form = group::get_edit_form_admin($group);
-    $valid = $form->validate();
-
-    if ($valid) {
-      $new_name = $form->edit_group->inputs["name"]->value;
-      $group = group::lookup_by_name($name);
-      if ($group->loaded) {
-        $form->edit_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group->name = $form->edit_group->inputs["name"]->value;
-      $group->save();
-      message::success(
-        t("Changed group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      message::error(
-        t("Failed to change group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_edit_form_admin($group);
-  }
-
-}
diff --git a/modules/gallery/views/admin_users.html.php b/modules/gallery/views/admin_users.html.php
deleted file mode 100644
index a127bc15..00000000
--- a/modules/gallery/views/admin_users.html.php
+++ /dev/null
@@ -1,128 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-  $(document).ready(function(){
-    $("#g-user-admin-list .core-info").draggable({
-      helper: "clone"
-    });
-    $("#g-group-admin .g-group").droppable({
-      accept: ".core-info",
-      hoverClass: "g-selected",
-      drop: function(ev, ui) {
-        var user_id = $(ui.draggable).attr("id").replace("user-", "");
-        var group_id = $(this).attr("id").replace("group-", "");
-        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-              {},
-              function() {
-                reload_group(group_id);
-              });
-      }
-    });
-    $("#group-1").droppable("destroy");
-    $("#group-2").droppable("destroy");
-  });
-
-  var reload_group = function(group_id) {
-    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
-    $.get(reload_group_url.replace("__GROUPID__", group_id),
-          {},
-          function(data) {
-            $("#group-" + group_id).html(data);
-            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
-          });
-  }
-
-  var remove_user = function(user_id, group_id) {
-    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-          {},
-          function() {
-            reload_group(group_id);
-          });
-  }
-</script>
-<div class="g-block">
-  <a href="<?= url::site("admin/users/add_user_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new user")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new user") ?>
-  </a>
-
-  <h2>
-    <?= t("User Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <table id="g-user-admin-list">
-      <tr>
-        <th><?= t("Username") ?></th>
-        <th><?= t("Full name") ?></th>
-        <th><?= t("Email") ?></th>
-        <th><?= t("Last login") ?></th>
-        <th><?= t("Actions") ?></th>
-      </tr>
-
-      <? foreach ($users as $i => $user): ?>
-      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
-        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
-          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
-               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
-               alt="<?= html::clean_attribute($user->name) ?>"
-               width="20"
-               height="20" />
-          <?= html::clean($user->name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->full_name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->email) ?>
-        </td>
-        <td>
-          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
-        </td>
-        <td class="g-actions">
-          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
-              open_text="<?= t("close") ?>"
-              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
-          <? if (user::active()->id != $user->id && !$user->guest): ?>
-          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
-              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-          <? else: ?>
-          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
-              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
-          <? endif ?>
-        </td>
-      </tr>
-      <? endforeach ?>
-    </table>
-  </div>
-</div>
-
-<div id="g-group-admin" class="g-block g-clearfix">
-  <a href="<?= url::site("admin/users/add_group_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new group")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new group") ?>
-  </a>
-
-  <h2>
-    <?= t("Group Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <ul>
-      <? foreach ($groups as $i => $group): ?>
-      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
-        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
-        <?= $v ?>
-      </li>
-      <? endforeach ?>
-    </ul>
-  </div>
-</div>
diff --git a/modules/gallery/views/admin_users_group.html.php b/modules/gallery/views/admin_users_group.html.php
deleted file mode 100644
index db3645a0..00000000
--- a/modules/gallery/views/admin_users_group.html.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<h4>
-  <?= html::clean($group->name) ?>
-  <? if (!$group->special): ?>
-  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
-    class="g-dialog-link g-button ui-state-default ui-corner-all">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? else: ?>
-  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
-     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? endif ?>
-</h4>
-
-<? if ($group->users->count() > 0): ?>
-<ul>
-  <? foreach ($group->users as $i => $user): ?>
-  <li class="g-user">
-    <?= html::clean($user->name) ?>
-    <? if (!$group->special): ?>
-    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
-       class="g-button ui-state-default ui-corner-all ui-icon-left"
-       title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
-      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
-    </a>
-    <? endif ?>
-  </li>
-  <? endforeach ?>
-</ul>
-<? else: ?>
-<div>
-  <p>
-    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
-  </p>
-</div>
-<? endif ?>
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
new file mode 100644
index 00000000..a8a8cd95
--- /dev/null
+++ b/modules/user/controllers/admin_users.php
@@ -0,0 +1,290 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Admin_Users_Controller extends Admin_Controller {
+  public function index() {
+    $view = new Admin_View("admin.html");
+    $view->content = new View("admin_users.html");
+    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
+    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
+    print $view;
+  }
+
+  public function add_user() {
+    access::verify_csrf();
+
+    $form = user::get_add_form_admin();
+    $valid = $form->validate();
+    $name = $form->add_user->inputs["name"]->value;
+    if ($user = user::lookup_by_name($name)) {
+      $form->add_user->inputs["name"]->add_error("in_use", 1);
+      $valid = false;
+    }
+
+    if ($valid) {
+      $user = user::create(
+        $name, $form->add_user->full_name->value, $form->add_user->password->value);
+      $user->email = $form->add_user->email->value;
+      $user->admin = $form->add_user->admin->checked;
+
+      if ($form->add_user->locale) {
+        $desired_locale = $form->add_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+      $user->save();
+      module::event("user_add_form_admin_completed", $user, $form);
+
+      message::success(t("Created user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_user_form() {
+    print user::get_add_form_admin();
+  }
+
+  public function delete_user($id) {
+    access::verify_csrf();
+
+    if ($id == user::active()->id || $id == user::guest()->id) {
+      access::forbidden();
+    }
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_delete_form_admin($user);
+    if($form->validate()) {
+      $name = $user->name;
+      $user->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted user %user_name", array("user_name" => $name));
+    log::success("user", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+    print user::get_delete_form_admin($user);
+  }
+
+  public function edit_user($id) {
+    access::verify_csrf();
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->edit_user->inputs["name"]->value;
+      $temp_user = user::lookup_by_name($new_name);
+      if ($new_name != $user->name &&
+          ($temp_user && $temp_user->id != $user->id)) {
+        $form->edit_user->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      } else {
+        $user->name = $new_name;
+      }
+    }
+
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+
+      // An admin can change the admin status for any user but themselves
+      if ($user->id != user::active()->id) {
+        $user->admin = $form->edit_user->admin->checked;
+      }
+      $user->save();
+      module::event("user_edit_form_admin_completed", $user, $form);
+
+      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    // Don't allow the user to control their own admin bit, else you can lock yourself out
+    if ($user->id == user::active()->id) {
+      $form->edit_user->admin->disabled(1);
+    }
+    print $form;
+  }
+
+  public function add_user_to_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->add($user);
+    $group->save();
+  }
+
+  public function remove_user_from_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->remove($user);
+    $group->save();
+  }
+
+  public function group($group_id) {
+    $view = new View("admin_users_group.html");
+    $view->group = group::lookup($group_id);
+    print $view;
+  }
+
+  public function add_group() {
+    access::verify_csrf();
+
+    $form = group::get_add_form_admin();
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->add_group->inputs["name"]->value;
+      $group = group::lookup_by_name($new_name);
+      if (!empty($group)) {
+        $form->add_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group = group::create($new_name);
+      $group->save();
+      message::success(
+        t("Created group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_group_form() {
+    print group::get_add_form_admin();
+  }
+
+  public function delete_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    $form = group::get_delete_form_admin($group);
+    if ($form->validate()) {
+      $name = $group->name;
+      $group->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted group %group_name", array("group_name" => $name));
+    log::success("group", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_delete_form_admin($group);
+  }
+
+  public function edit_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+       kohana::show_404();
+    }
+
+    $form = group::get_edit_form_admin($group);
+    $valid = $form->validate();
+
+    if ($valid) {
+      $new_name = $form->edit_group->inputs["name"]->value;
+      $group = group::lookup_by_name($name);
+      if ($group->loaded) {
+        $form->edit_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group->name = $form->edit_group->inputs["name"]->value;
+      $group->save();
+      message::success(
+        t("Changed group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      message::error(
+        t("Failed to change group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_edit_form_admin($group);
+  }
+
+}
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
new file mode 100644
index 00000000..78b009eb
--- /dev/null
+++ b/modules/user/helpers/user_event.php
@@ -0,0 +1,30 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+class user_event_Core {
+  static function admin_menu($menu, $theme) {
+    $menu->add_after("appearance_menu",
+                     Menu::factory("link")
+                     ->id("users_groups")
+                     ->label(t("Users/Groups"))
+                     ->url(url::site("admin/users")));
+    return $menu;
+  }
+}
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
new file mode 100644
index 00000000..a127bc15
--- /dev/null
+++ b/modules/user/views/admin_users.html.php
@@ -0,0 +1,128 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+  $(document).ready(function(){
+    $("#g-user-admin-list .core-info").draggable({
+      helper: "clone"
+    });
+    $("#g-group-admin .g-group").droppable({
+      accept: ".core-info",
+      hoverClass: "g-selected",
+      drop: function(ev, ui) {
+        var user_id = $(ui.draggable).attr("id").replace("user-", "");
+        var group_id = $(this).attr("id").replace("group-", "");
+        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+              {},
+              function() {
+                reload_group(group_id);
+              });
+      }
+    });
+    $("#group-1").droppable("destroy");
+    $("#group-2").droppable("destroy");
+  });
+
+  var reload_group = function(group_id) {
+    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
+    $.get(reload_group_url.replace("__GROUPID__", group_id),
+          {},
+          function(data) {
+            $("#group-" + group_id).html(data);
+            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
+          });
+  }
+
+  var remove_user = function(user_id, group_id) {
+    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+          {},
+          function() {
+            reload_group(group_id);
+          });
+  }
+</script>
+<div class="g-block">
+  <a href="<?= url::site("admin/users/add_user_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new user")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new user") ?>
+  </a>
+
+  <h2>
+    <?= t("User Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <table id="g-user-admin-list">
+      <tr>
+        <th><?= t("Username") ?></th>
+        <th><?= t("Full name") ?></th>
+        <th><?= t("Email") ?></th>
+        <th><?= t("Last login") ?></th>
+        <th><?= t("Actions") ?></th>
+      </tr>
+
+      <? foreach ($users as $i => $user): ?>
+      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
+        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
+          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
+               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
+               alt="<?= html::clean_attribute($user->name) ?>"
+               width="20"
+               height="20" />
+          <?= html::clean($user->name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->full_name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->email) ?>
+        </td>
+        <td>
+          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
+        </td>
+        <td class="g-actions">
+          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
+              open_text="<?= t("close") ?>"
+              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
+          <? if (user::active()->id != $user->id && !$user->guest): ?>
+          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
+              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
+          <? else: ?>
+          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
+              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
+          <? endif ?>
+        </td>
+      </tr>
+      <? endforeach ?>
+    </table>
+  </div>
+</div>
+
+<div id="g-group-admin" class="g-block g-clearfix">
+  <a href="<?= url::site("admin/users/add_group_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new group")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new group") ?>
+  </a>
+
+  <h2>
+    <?= t("Group Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <ul>
+      <? foreach ($groups as $i => $group): ?>
+      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
+        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
+        <?= $v ?>
+      </li>
+      <? endforeach ?>
+    </ul>
+  </div>
+</div>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
new file mode 100644
index 00000000..db3645a0
--- /dev/null
+++ b/modules/user/views/admin_users_group.html.php
@@ -0,0 +1,38 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<h4>
+  <?= html::clean($group->name) ?>
+  <? if (!$group->special): ?>
+  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
+    class="g-dialog-link g-button ui-state-default ui-corner-all">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? else: ?>
+  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
+     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? endif ?>
+</h4>
+
+<? if ($group->users->count() > 0): ?>
+<ul>
+  <? foreach ($group->users as $i => $user): ?>
+  <li class="g-user">
+    <?= html::clean($user->name) ?>
+    <? if (!$group->special): ?>
+    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
+       class="g-button ui-state-default ui-corner-all ui-icon-left"
+       title="<?= t("Remove %user from %group group",
+              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
+      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
+    </a>
+    <? endif ?>
+  </li>
+  <? endforeach ?>
+</ul>
+<? else: ?>
+<div>
+  <p>
+    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
+  </p>
+</div>
+<? endif ?>
-- 
cgit v1.2.3


From f5dd8d487eefe9aa0b4e1f38db79d3ee952b783a Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 15 Oct 2009 08:56:31 -0700
Subject: Move all the edit/update forms for users and groups back to the user
 module.

---
 modules/gallery/controllers/users.php    |  68 ----------------
 modules/gallery/helpers/group.php        |  33 --------
 modules/gallery/helpers/user.php         |  88 ---------------------
 modules/user/controllers/admin_users.php | 128 ++++++++++++++++++++++++++++---
 modules/user/controllers/users.php       | 103 +++++++++++++++++++++++++
 5 files changed, 219 insertions(+), 201 deletions(-)
 delete mode 100644 modules/gallery/controllers/users.php
 create mode 100644 modules/user/controllers/users.php

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/controllers/users.php b/modules/gallery/controllers/users.php
deleted file mode 100644
index 07c5a457..00000000
--- a/modules/gallery/controllers/users.php
+++ /dev/null
@@ -1,68 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Users_Controller extends Controller {
-  public function update($id) {
-    $user = user::lookup($id);
-
-    if ($user->guest || $user->id != user::active()->id) {
-      access::forbidden();
-    }
-
-    $form = user::get_edit_form($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $new_locale = $desired_locale == "none" ? null : $desired_locale;
-        if ($new_locale != $user->locale) {
-          // Delete the session based locale preference
-          setcookie("g_locale", "", time() - 24 * 3600, "/");
-        }
-        $user->locale = $new_locale;
-      }
-      $user->save();
-      module::event("user_edit_form_completed", $user, $form);
-
-      message::success(t("User information updated."));
-      print json_encode(
-        array("result" => "success",
-              "resource" => url::site("users/{$user->id}")));
-    } else {
-      print json_encode(
-        array("result" => "error",
-              "form" => $form->__toString()));
-    }
-  }
-
-  public function form_edit($id) {
-    $user = user::lookup($id);
-    if ($user->guest || $user->id != user::active()->id) {
-      access::forbidden();
-    }
-
-    print user::get_edit_form($user);
-  }
-}
diff --git a/modules/gallery/helpers/group.php b/modules/gallery/helpers/group.php
index dbfa03fe..1702fb87 100644
--- a/modules/gallery/helpers/group.php
+++ b/modules/gallery/helpers/group.php
@@ -117,37 +117,4 @@ class group_Core {
     }
     return $group->find_all();
   }
-
-  static function get_edit_form_admin($group) {
-    $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form"));
-    $form_group = $form->group("edit_group")->label(t("Edit Group"));
-    $form_group->input("name")->label(t("Name"))->id("g-name")->value($group->name);
-    $form_group->inputs["name"]->error_messages(
-      "in_use", t("There is already a group with that name"));
-    $form_group->submit("")->value(t("Save"));
-    $form->add_rules_from($group);
-    return $form;
-  }
-
-  static function get_add_form_admin() {
-    $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form"));
-    $form->set_attr('class', "g-narrow");
-    $form_group = $form->group("add_group")->label(t("Add Group"));
-    $form_group->input("name")->label(t("Name"))->id("g-name");
-    $form_group->inputs["name"]->error_messages(
-      "in_use", t("There is already a group with that name"));
-    $form_group->submit("")->value(t("Add Group"));
-    $group = ORM::factory("group");
-    $form->add_rules_from($group);
-    return $form;
-  }
-
-  static function get_delete_form_admin($group) {
-    $form = new Forge("admin/users/delete_group/$group->id", "", "post",
-                      array("id" => "g-delete-group-form"));
-    $form_group = $form->group("delete_group")->label(
-      t("Are you sure you want to delete group %group_name?", array("group_name" => $group->name)));
-    $form_group->submit("")->value(t("Delete"));
-    return $form;
-  }
 }
diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php
index cb205170..e7e75d64 100644
--- a/modules/gallery/helpers/user.php
+++ b/modules/gallery/helpers/user.php
@@ -24,94 +24,6 @@
  * Note: by design, this class does not do any permission checking.
  */
 class user_Core {
-  static function get_edit_form($user) {
-    $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form"));
-    $form->set_attr("class", "g-narrow");
-    $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name)));
-    $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
-    self::_add_locale_dropdown($group, $user);
-    $group->password("password")->label(t("Password"))->id("g-password");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password);
-    $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
-    $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
-    $form->add_rules_from($user);
-
-    module::event("user_edit_form", $user, $form);
-    $group->submit("")->value(t("Save"));
-    return $form;
-  }
-
-  static function get_edit_form_admin($user) {
-    $form = new Forge(
-      "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form"));
-    $group = $form->group("edit_user")->label(t("Edit User"));
-    $group->input("name")->label(t("Username"))->id("g-username")->value($user->name);
-    $group->inputs["name"]->error_messages(
-      "in_use", t("There is already a user with that username"));
-    $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
-    self::_add_locale_dropdown($group, $user);
-    $group->password("password")->label(t("Password"))->id("g-password");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password);
-    $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
-    $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
-    $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
-    $form->add_rules_from($user);
-    $form->edit_user->password->rules("-required");
-
-    module::event("user_edit_form_admin", $user, $form);
-    $group->submit("")->value(t("Modify User"));
-    return $form;
-  }
-
-  static function get_add_form_admin() {
-    $form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form"));
-    $form->set_attr('class', "g-narrow");
-    $group = $form->group("add_user")->label(t("Add User"));
-    $group->input("name")->label(t("Username"))->id("g-username")
-      ->error_messages("in_use", t("There is already a user with that username"));
-    $group->input("full_name")->label(t("Full Name"))->id("g-fullname");
-    $group->password("password")->label(t("Password"))->id("g-password");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password);
-    $group->input("email")->label(t("Email"))->id("g-email");
-    $group->input("url")->label(t("URL"))->id("g-url");
-    self::_add_locale_dropdown($group);
-    $group->checkbox("admin")->label(t("Admin"))->id("g-admin");
-    $user = ORM::factory("user");
-    $form->add_rules_from($user);
-
-    module::event("user_add_form_admin", $user, $form);
-    $group->submit("")->value(t("Add User"));
-    return $form;
-  }
-
-  private static function _add_locale_dropdown(&$form, $user=null) {
-    $locales = locales::installed();
-    foreach ($locales as $locale => $display_name) {
-      $locales[$locale] = SafeString::of_safe_html($display_name);
-    }
-    if (count($locales) > 1) {
-      // Put "none" at the first position in the array
-      $locales = array_merge(array("" => t("« none »")), $locales);
-      $selected_locale = ($user && $user->locale) ? $user->locale : "";
-      $form->dropdown("locale")
-        ->label(t("Language Preference"))
-        ->options($locales)
-        ->selected($selected_locale);
-    }
-  }
-
-  static function get_delete_form_admin($user) {
-    $form = new Forge("admin/users/delete_user/$user->id", "", "post",
-                      array("id" => "g-delete-user-form"));
-    $group = $form->group("delete_user")->label(
-      t("Are you sure you want to delete user %name?", array("name" => $user->name)));
-    $group->submit("")->value(t("Delete user %name", array("name" => $user->name)));
-    return $form;
-  }
-
   static function get_login_form($url) {
     $form = new Forge($url, "", "post", array("id" => "g-login-form"));
     $form->set_attr('class', "g-narrow");
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index a8a8cd95..5950c358 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -29,7 +29,7 @@ class Admin_Users_Controller extends Admin_Controller {
   public function add_user() {
     access::verify_csrf();
 
-    $form = user::get_add_form_admin();
+    $form = $this->_get_user_add_form_admin();
     $valid = $form->validate();
     $name = $form->add_user->inputs["name"]->value;
     if ($user = user::lookup_by_name($name)) {
@@ -59,7 +59,7 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function add_user_form() {
-    print user::get_add_form_admin();
+    print $this->_get_user_add_form_admin();
   }
 
   public function delete_user($id) {
@@ -74,7 +74,7 @@ class Admin_Users_Controller extends Admin_Controller {
       kohana::show_404();
     }
 
-    $form = user::get_delete_form_admin($user);
+    $form = $this->_get_user_delete_form_admin($user);
     if($form->validate()) {
       $name = $user->name;
       $user->delete();
@@ -94,7 +94,7 @@ class Admin_Users_Controller extends Admin_Controller {
     if (empty($user)) {
       kohana::show_404();
     }
-    print user::get_delete_form_admin($user);
+    print $this->_get_user_delete_form_admin($user);
   }
 
   public function edit_user($id) {
@@ -105,7 +105,7 @@ class Admin_Users_Controller extends Admin_Controller {
       kohana::show_404();
     }
 
-    $form = user::get_edit_form_admin($user);
+    $form = $this->_get_user_edit_form_admin($user);
     $valid = $form->validate();
     if ($valid) {
       $new_name = $form->edit_user->inputs["name"]->value;
@@ -152,7 +152,7 @@ class Admin_Users_Controller extends Admin_Controller {
       kohana::show_404();
     }
 
-    $form = user::get_edit_form_admin($user);
+    $form = $this->_get_user_edit_form_admin($user);
     // Don't allow the user to control their own admin bit, else you can lock yourself out
     if ($user->id == user::active()->id) {
       $form->edit_user->admin->disabled(1);
@@ -185,7 +185,7 @@ class Admin_Users_Controller extends Admin_Controller {
   public function add_group() {
     access::verify_csrf();
 
-    $form = group::get_add_form_admin();
+    $form = $this->_get_group_add_form_admin();
     $valid = $form->validate();
     if ($valid) {
       $new_name = $form->add_group->inputs["name"]->value;
@@ -209,7 +209,7 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function add_group_form() {
-    print group::get_add_form_admin();
+    print $this->_get_group_add_form_admin();
   }
 
   public function delete_group($id) {
@@ -220,7 +220,7 @@ class Admin_Users_Controller extends Admin_Controller {
       kohana::show_404();
     }
 
-    $form = group::get_delete_form_admin($group);
+    $form = $this->_get_group_delete_form_admin($group);
     if ($form->validate()) {
       $name = $group->name;
       $group->delete();
@@ -241,7 +241,7 @@ class Admin_Users_Controller extends Admin_Controller {
       kohana::show_404();
     }
 
-    print group::get_delete_form_admin($group);
+    print $this->_get_group_delete_form_admin($group);
   }
 
   public function edit_group($id) {
@@ -252,7 +252,7 @@ class Admin_Users_Controller extends Admin_Controller {
        kohana::show_404();
     }
 
-    $form = group::get_edit_form_admin($group);
+    $form = $this->_get_group_edit_form_admin($group);
     $valid = $form->validate();
 
     if ($valid) {
@@ -284,7 +284,111 @@ class Admin_Users_Controller extends Admin_Controller {
       kohana::show_404();
     }
 
-    print group::get_edit_form_admin($group);
+    print $this->_get_group_edit_form_admin($group);
   }
 
+  /* User Form Definitions */
+  static function _get_user_edit_form_admin($user) {
+    $form = new Forge(
+      "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form"));
+    $group = $form->group("edit_user")->label(t("Edit User"));
+    $group->input("name")->label(t("Username"))->id("g-username")->value($user->name);
+    $group->inputs["name"]->error_messages(
+      "in_use", t("There is already a user with that username"));
+    $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
+    self::_add_locale_dropdown($group, $user);
+    $group->password("password")->label(t("Password"))->id("g-password");
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+      ->matches($group->password);
+    $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
+    $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
+    $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
+    $form->add_rules_from($user);
+    $form->edit_user->password->rules("-required");
+
+    module::event("user_edit_form_admin", $user, $form);
+    $group->submit("")->value(t("Modify User"));
+    return $form;
+  }
+
+  static function _get_user_add_form_admin() {
+    $form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form"));
+    $form->set_attr('class', "g-narrow");
+    $group = $form->group("add_user")->label(t("Add User"));
+    $group->input("name")->label(t("Username"))->id("g-username")
+      ->error_messages("in_use", t("There is already a user with that username"));
+    $group->input("full_name")->label(t("Full Name"))->id("g-fullname");
+    $group->password("password")->label(t("Password"))->id("g-password");
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+      ->matches($group->password);
+    $group->input("email")->label(t("Email"))->id("g-email");
+    $group->input("url")->label(t("URL"))->id("g-url");
+    self::_add_locale_dropdown($group);
+    $group->checkbox("admin")->label(t("Admin"))->id("g-admin");
+    $user = ORM::factory("user");
+    $form->add_rules_from($user);
+
+    module::event("user_add_form_admin", $user, $form);
+    $group->submit("")->value(t("Add User"));
+    return $form;
+  }
+
+  private function _add_locale_dropdown(&$form, $user=null) {
+    $locales = locales::installed();
+    foreach ($locales as $locale => $display_name) {
+      $locales[$locale] = SafeString::of_safe_html($display_name);
+    }
+    if (count($locales) > 1) {
+      // Put "none" at the first position in the array
+      $locales = array_merge(array("" => t("« none »")), $locales);
+      $selected_locale = ($user && $user->locale) ? $user->locale : "";
+      $form->dropdown("locale")
+        ->label(t("Language Preference"))
+        ->options($locales)
+        ->selected($selected_locale);
+    }
+  }
+
+  private function _get_user_delete_form_admin($user) {
+    $form = new Forge("admin/users/delete_user/$user->id", "", "post",
+                      array("id" => "g-delete-user-form"));
+    $group = $form->group("delete_user")->label(
+      t("Are you sure you want to delete user %name?", array("name" => $user->name)));
+    $group->submit("")->value(t("Delete user %name", array("name" => $user->name)));
+    return $form;
+  }
+
+  /* Group Form Definitions */
+  private function _get_group_edit_form_admin($group) {
+    $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form"));
+    $form_group = $form->group("edit_group")->label(t("Edit Group"));
+    $form_group->input("name")->label(t("Name"))->id("g-name")->value($group->name);
+    $form_group->inputs["name"]->error_messages(
+      "in_use", t("There is already a group with that name"));
+    $form_group->submit("")->value(t("Save"));
+    $form->add_rules_from($group);
+    return $form;
+  }
+
+  private function _get_group_add_form_admin() {
+    $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form"));
+    $form->set_attr('class', "g-narrow");
+    $form_group = $form->group("add_group")->label(t("Add Group"));
+    $form_group->input("name")->label(t("Name"))->id("g-name");
+    $form_group->inputs["name"]->error_messages(
+      "in_use", t("There is already a group with that name"));
+    $form_group->submit("")->value(t("Add Group"));
+    $group = ORM::factory("group");
+    $form->add_rules_from($group);
+    return $form;
+  }
+
+  private function _get_group_delete_form_admin($group) {
+    $form = new Forge("admin/users/delete_group/$group->id", "", "post",
+                      array("id" => "g-delete-group-form"));
+    $form_group = $form->group("delete_group")->label(
+      t("Are you sure you want to delete group %group_name?", array("group_name" => $group->name)));
+    $form_group->submit("")->value(t("Delete"));
+    return $form;
+  }
 }
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
new file mode 100644
index 00000000..b03a47cc
--- /dev/null
+++ b/modules/user/controllers/users.php
@@ -0,0 +1,103 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Users_Controller extends Controller {
+  public function update($id) {
+    $user = user::lookup($id);
+
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
+    $form = $this->_get_edit_form($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $new_locale = $desired_locale == "none" ? null : $desired_locale;
+        if ($new_locale != $user->locale) {
+          // Delete the session based locale preference
+          setcookie("g_locale", "", time() - 24 * 3600, "/");
+        }
+        $user->locale = $new_locale;
+      }
+      $user->save();
+      module::event("user_edit_form_completed", $user, $form);
+
+      message::success(t("User information updated."));
+      print json_encode(
+        array("result" => "success",
+              "resource" => url::site("users/{$user->id}")));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  public function form_edit($id) {
+    $user = user::lookup($id);
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
+    print $this->_get_edit_form($user);
+  }
+
+  private function _get_edit_form($user) {
+    $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form"));
+    $form->set_attr("class", "g-narrow");
+    $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name)));
+    $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
+    self::_add_locale_dropdown($group, $user);
+    $group->password("password")->label(t("Password"))->id("g-password");
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+      ->matches($group->password);
+    $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
+    $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
+    $form->add_rules_from($user);
+
+    module::event("user_edit_form", $user, $form);
+    $group->submit("")->value(t("Save"));
+    return $form;
+  }
+
+  /** @todo combine with Admin_Users_Controller::_add_locale_dropdown */
+  private function _add_locale_dropdown(&$form, $user=null) {
+    $locales = locales::installed();
+    foreach ($locales as $locale => $display_name) {
+      $locales[$locale] = SafeString::of_safe_html($display_name);
+    }
+    if (count($locales) > 1) {
+      // Put "none" at the first position in the array
+      $locales = array_merge(array("" => t("« none »")), $locales);
+      $selected_locale = ($user && $user->locale) ? $user->locale : "";
+      $form->dropdown("locale")
+        ->label(t("Language Preference"))
+        ->options($locales)
+        ->selected($selected_locale);
+    }
+  }
+}
-- 
cgit v1.2.3


From be6765336eb894535d62055fab577dfc951b6b6a Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 15 Oct 2009 10:44:25 -0700
Subject: Finish integrating the move of the user edit/update functions into
 the user module.  The premise is that the plugable user module will provide
 the update screens if the user backend supports updates.

---
 modules/gallery/controllers/albums.php        |  1 -
 modules/gallery/controllers/login.php         |  1 -
 modules/gallery/helpers/gallery_event.php     |  4 ++++
 modules/gallery/helpers/gallery_theme.php     |  1 -
 modules/gallery/helpers/user.php              |  1 -
 modules/gallery/libraries/Identity.php        |  1 -
 modules/gallery/views/login.html.php          |  6 +++++-
 modules/gallery/views/login_ajax.html.php     |  2 +-
 modules/user/controllers/admin_users.php      |  9 ++++----
 modules/user/controllers/users.php            |  2 +-
 modules/user/views/admin_users.html.php       | 31 +++++++++++----------------
 modules/user/views/admin_users_group.html.php |  4 ++--
 12 files changed, 29 insertions(+), 34 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index 95d63308..9733d1cd 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -29,7 +29,6 @@ class Albums_Controller extends Items_Controller {
         $view = new Theme_View("page.html", "login");
         $view->page_title = t("Log in to Gallery");
         $view->content = new View("login_ajax.html");
-        $view->content->writable = user::is_writable();
         $view->content->form = user::get_login_form("login/auth_html");
         print $view;
         return;
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 85f6db5d..2c4bd557 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -21,7 +21,6 @@ class Login_Controller extends Controller {
 
   public function ajax() {
     $view = new View("login_ajax.html");
-    $view->writable = user::is_writable();
     $view->form = user::get_login_form("login/auth_ajax");
     print $view;
   }
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index e0de2152..4a6b14b6 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -23,6 +23,10 @@ class gallery_event_Core {
    * Initialization.
    */
   static function gallery_ready() {
+    // Call Identity::instance() now to force the load of the user interface classes.
+    // user::load_user will attempt to load the active user from the session and needs
+    // the user definition class, which can't be reached by Kohana's heiracrchical lookup.
+    Identity::instance();
     user::load_user();
     locales::set_request_locale();
   }
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index 54b35fb7..a342b4bd 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -55,7 +55,6 @@ class gallery_theme_Core {
     if ($theme->page_type != "login") {
       $view = new View("login.html");
       $view->user = user::active();
-      $view->writable = user::is_writable();
       return $view->render();
     }
   }
diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php
index efe08830..c51a4a9c 100644
--- a/modules/gallery/helpers/user.php
+++ b/modules/gallery/helpers/user.php
@@ -78,7 +78,6 @@ class user_Core {
    * driver classes.
    */
   static function load_user() {
-    Identity::instance();
     $session = Session::instance();
     if (!($user = $session->get("user"))) {
       $session->set("user", $user = self::guest());
diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php
index 88865913..86b15935 100644
--- a/modules/gallery/libraries/Identity.php
+++ b/modules/gallery/libraries/Identity.php
@@ -102,7 +102,6 @@ class Identity_Core {
     return !empty($this->config["allow_updates"]);
   }
 
-
   /**
    * @see Identity_Driver::guest.
    */
diff --git a/modules/gallery/views/login.html.php b/modules/gallery/views/login.html.php
index 5256f1ac..2d8119d0 100644
--- a/modules/gallery/views/login.html.php
+++ b/modules/gallery/views/login.html.php
@@ -8,11 +8,15 @@
   </li>
   <? else: ?>
   <li class="first">
+    <? if (user::is_writable()): ?>
     <?= t('Logged in as %name', array('name' => html::mark_clean(
       '<a href="' . url::site("form/edit/users/{$user->id}") .
-      '" title="' . ($writable ? t("Edit Your Profile")->for_html_attr() : t("Display Your Profile")->for_html_attr()) .
+      '" title="' . t("Edit Your Profile")->for_html_attr() .
       '" id="g-user-profile-link" class="g-dialog-link">' .
       html::clean($user->display_name()) . '</a>'))) ?>
+    <? else: ?>
+    <?= t('Logged in as %name', array('name' => html::clean($user->display_name()))) ?>
+    <? endif ?>
   </li>
   <li>
     <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
diff --git a/modules/gallery/views/login_ajax.html.php b/modules/gallery/views/login_ajax.html.php
index 332a5365..d71ca719 100644
--- a/modules/gallery/views/login_ajax.html.php
+++ b/modules/gallery/views/login_ajax.html.php
@@ -36,7 +36,7 @@
     <li id="g-login-form">
       <?= $form ?>
     </li>
-    <? if (!empty($writable)): ?>
+    <? if (user::is_writable()): ?>
     <li>
       <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
     </li>
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 70348a69..64f19ecd 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -21,7 +21,6 @@ class Admin_Users_Controller extends Admin_Controller {
   public function index() {
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_users.html");
-    $view->content->writable = user::is_writable();
     $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
     $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
     print $view;
@@ -304,7 +303,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
-    $form->add_rules_from($user);
+    $form->add_rules_from(user::get_edit_rules());
     $form->edit_user->password->rules("-required");
 
     module::event("user_edit_form_admin", $user, $form);
@@ -327,7 +326,7 @@ class Admin_Users_Controller extends Admin_Controller {
     self::_add_locale_dropdown($group);
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin");
     $user = ORM::factory("user");
-    $form->add_rules_from($user);
+    $form->add_rules_from(user::get_edit_rules());
 
     module::event("user_add_form_admin", $user, $form);
     $group->submit("")->value(t("Add User"));
@@ -367,7 +366,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $form_group->inputs["name"]->error_messages(
       "in_use", t("There is already a group with that name"));
     $form_group->submit("")->value(t("Save"));
-    $form->add_rules_from($group);
+    $form->add_rules_from(group::get_edit_rules());
     return $form;
   }
 
@@ -380,7 +379,7 @@ class Admin_Users_Controller extends Admin_Controller {
       "in_use", t("There is already a group with that name"));
     $form_group->submit("")->value(t("Add Group"));
     $group = ORM::factory("group");
-    $form->add_rules_from($group);
+    $form->add_rules_from(group::get_edit_rules());
     return $form;
   }
 
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index b03a47cc..7c2e7833 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -77,7 +77,7 @@ class Users_Controller extends Controller {
       ->matches($group->password);
     $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
-    $form->add_rules_from($user);
+    $form->add_rules_from(user::get_edit_rules());
 
     module::event("user_edit_form", $user, $form);
     $group->submit("")->value(t("Save"));
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 82d0926c..a29f24b1 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -43,14 +43,12 @@
   }
 </script>
 <div class="g-block">
-  <? if (!empty($writable)): ?>
   <a href="<?= url::site("admin/users/add_user_form") ?>"
       class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
       title="<?= t("Create a new user")->for_html_attr() ?>">
     <span class="ui-icon ui-icon-circle-plus"></span>
     <?= t("Add a new user") ?>
   </a>
-  <? endif ?>
 
   <h2>
     <?= t("User Admin") ?>
@@ -68,7 +66,7 @@
 
       <? foreach ($users as $i => $user): ?>
       <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
-        <td id="user-<?= $user->id ?>" class="core-info <?= !empty($writable) ? "g-draggable" : "" ?> ">
+        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
           <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
                title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
                alt="<?= html::clean_attribute($user->name) ?>"
@@ -90,18 +88,16 @@
               open_text="<?= t("close") ?>"
               class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
             <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text">
-              <?= (!empty($writable)) ? t("edit") : t("display") ?>
+              <?= t("edit") ?>
             </span></a>
-          <? if (!empty($writable)): ?>
-            <? if (user::active()->id != $user->id && !$user->guest): ?>
-            <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
-                class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
-              <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-            <? else: ?>
-            <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
-                class="g-button ui-state-disabled ui-corner-all ui-icon-left">
-              <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
-            <? endif ?>
+          <? if (user::active()->id != $user->id && !$user->guest): ?>
+          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
+             class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
+          <? else: ?>
+          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
+              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
           <? endif ?>
         </td>
       </tr>
@@ -111,14 +107,12 @@
 </div>
 
 <div id="g-group-admin" class="g-block g-clearfix">
-  <? if (!empty($writable)): ?>
   <a href="<?= url::site("admin/users/add_group_form") ?>"
       class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
       title="<?= t("Create a new group")->for_html_attr() ?>">
     <span class="ui-icon ui-icon-circle-plus"></span>
     <?= t("Add a new group") ?>
   </a>
-  <? endif ?>
 
   <h2>
     <?= t("Group Admin") ?>
@@ -127,9 +121,8 @@
   <div class="g-block-content">
     <ul>
       <? foreach ($groups as $i => $group): ?>
-      <? $class = !empty($writable) ? "" : "g-group-disable" ?>
-      <li id="group-<?= $group->id ?>" class="g-group <?= $class ?> <?= ($group->special ? "g-default-group" : "") ?>" />
-        <? $v = new View("admin_users_group.html"); $v->group = $group; $v->writable = !empty($writable) ?>
+      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
+        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
         <?= $v ?>
       </li>
       <? endforeach ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index 539f69b7..db3645a0 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -4,7 +4,7 @@
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
     title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
-    class="g-dialog-link g-button ui-state-default ui-corner-all <?= !empty($writable) ? "" : "ui-state-disabled"  ?>">
+    class="g-dialog-link g-button ui-state-default ui-corner-all">
     <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
   <? else: ?>
   <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
@@ -20,7 +20,7 @@
     <?= html::clean($user->name) ?>
     <? if (!$group->special): ?>
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
-       class="g-button ui-state-default ui-corner-all ui-icon-left <?= !empty($writable) ? "" : "ui-state-disabled"  ?>"
+       class="g-button ui-state-default ui-corner-all ui-icon-left"
        title="<?= t("Remove %user from %group group",
               array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
       <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
-- 
cgit v1.2.3


From 00eacd659f27df9c13246c510057c4f42c8866a2 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 15 Oct 2009 14:37:57 -0700
Subject: Start simplifying the interface by moving the static methods from
 user.php and group.php.  Tried creating a identity helper, but the helper
 identity.php was confused with the library Identity.php.  So got around this
 by making the methods on Identity static and calling the instance within the
 static methods.  Also temporarily moved the user.php and group.php back into
 the user module.

---
 modules/akismet/tests/Akismet_Helper_Test.php      |   2 +-
 modules/comment/controllers/comments.php           |   8 +-
 modules/comment/helpers/comment.php                |   2 +-
 modules/comment/models/comment.php                 |   2 +-
 modules/comment/tests/Comment_Event_Test.php       |   2 +-
 modules/comment/tests/Comment_Helper_Test.php      |   4 +-
 modules/comment/tests/Comment_Model_Test.php       |   8 +-
 modules/digibug/controllers/digibug.php            |   2 +-
 modules/digibug/tests/Digibug_Controller_Test.php  |   4 +-
 modules/g2_import/helpers/g2_import.php            |  15 +-
 modules/gallery/controllers/admin.php              |   2 +-
 modules/gallery/controllers/albums.php             |   6 +-
 modules/gallery/controllers/l10n_client.php        |   4 +-
 modules/gallery/controllers/login.php              |  12 +-
 modules/gallery/controllers/logout.php             |   4 +-
 modules/gallery/controllers/password.php           |   6 +-
 modules/gallery/controllers/permissions.php        |   2 +-
 modules/gallery/controllers/upgrader.php           |   4 +-
 modules/gallery/controllers/welcome_message.php    |   4 +-
 modules/gallery/helpers/access.php                 |   2 +-
 modules/gallery/helpers/gallery.php                |   2 +-
 modules/gallery/helpers/gallery_event.php          |   6 +-
 modules/gallery/helpers/gallery_theme.php          |   2 +-
 modules/gallery/helpers/group.php                  |  79 --------
 modules/gallery/helpers/item.php                   |   4 +-
 modules/gallery/helpers/locales.php                |   2 +-
 modules/gallery/helpers/log.php                    |   2 +-
 modules/gallery/helpers/movie.php                  |   2 +-
 modules/gallery/helpers/photo.php                  |   2 +-
 modules/gallery/helpers/site_status.php            |   2 +-
 modules/gallery/helpers/task.php                   |   2 +-
 modules/gallery/helpers/user.php                   | 223 ---------------------
 modules/gallery/libraries/Admin_View.php           |   4 +-
 modules/gallery/libraries/Identity.php             | 196 +++++++++++++++---
 modules/gallery/libraries/Theme_View.php           |   6 +-
 modules/gallery/models/item.php                    |   2 +-
 modules/gallery/models/log.php                     |   2 +-
 modules/gallery/models/task.php                    |   2 +-
 modules/gallery/tests/Access_Helper_Test.php       | 142 ++++++-------
 modules/gallery/tests/Albums_Controller_Test.php   |   4 +-
 modules/gallery/tests/Item_Helper_Test.php         |   6 +-
 modules/gallery/tests/Photos_Controller_Test.php   |   6 +-
 modules/gallery/views/kohana_error_page.php        |   2 +-
 modules/gallery/views/login.html.php               |   2 +-
 modules/gallery/views/login_ajax.html.php          |   2 +-
 modules/gallery/views/maintenance.html.php         |   2 +-
 modules/notification/helpers/notification.php      |  10 +-
 .../notification/helpers/notification_event.php    |   2 +-
 modules/search/helpers/search.php                  |   4 +-
 modules/server_add/controllers/server_add.php      |   4 +-
 modules/server_add/helpers/server_add_event.php    |   2 +-
 modules/server_add/helpers/server_add_theme.php    |   2 +-
 modules/user/controllers/admin_users.php           |   6 +-
 modules/user/controllers/users.php                 |   4 +-
 modules/user/helpers/group.php                     |  79 ++++++++
 modules/user/helpers/user.php                      | 109 ++++++++++
 modules/user/views/admin_users.html.php            |   2 +-
 57 files changed, 520 insertions(+), 505 deletions(-)
 delete mode 100644 modules/gallery/helpers/group.php
 delete mode 100644 modules/gallery/helpers/user.php
 create mode 100644 modules/user/helpers/group.php
 create mode 100644 modules/user/helpers/user.php

(limited to 'modules/user/controllers')

diff --git a/modules/akismet/tests/Akismet_Helper_Test.php b/modules/akismet/tests/Akismet_Helper_Test.php
index d001d3ad..6788e7a3 100644
--- a/modules/akismet/tests/Akismet_Helper_Test.php
+++ b/modules/akismet/tests/Akismet_Helper_Test.php
@@ -26,7 +26,7 @@ class Akismet_Helper_Test extends Unit_Test_Case {
 
     $root = ORM::factory("item", 1);
     $this->_comment = comment::create(
-      $root, user::guest(), "This is a comment",
+      $root, Identity::guest(), "This is a comment",
       "John Doe", "john@gallery2.org", "http://gallery2.org");
     foreach ($this->_comment->list_fields("comments") as $name => $field) {
       if (strpos($name, "server_") === 0) {
diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 82b12893..84d6ca47 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -65,7 +65,7 @@ class Comments_Controller extends REST_Controller {
     $form = comment::get_add_form($item);
     $valid = $form->validate();
     if ($valid) {
-      if (user::active()->guest && !$form->add_comment->inputs["name"]->value) {
+      if (Identity::active()->guest && !$form->add_comment->inputs["name"]->value) {
         $form->add_comment->inputs["name"]->add_error("missing", 1);
         $valid = false;
       }
@@ -78,13 +78,13 @@ class Comments_Controller extends REST_Controller {
 
     if ($valid) {
       $comment = comment::create(
-        $item, user::active(),
+        $item, Identity::active(),
         $form->add_comment->text->value,
         $form->add_comment->inputs["name"]->value,
         $form->add_comment->email->value,
         $form->add_comment->url->value);
 
-      $active = user::active();
+      $active = Identity::active();
       if ($active->guest) {
         $form->add_comment->inputs["name"]->value("");
         $form->add_comment->email->value("");
@@ -192,7 +192,7 @@ class Comments_Controller extends REST_Controller {
    *  @see REST_Controller::form_edit($resource)
    */
   public function _form_edit($comment) {
-    if (!user::active()->admin) {
+    if (!Identity::active()->admin) {
       access::forbidden();
     }
     print comment::get_edit_form($comment);
diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php
index 7b2332a8..38d65db6 100644
--- a/modules/comment/helpers/comment.php
+++ b/modules/comment/helpers/comment.php
@@ -75,7 +75,7 @@ class comment_Core {
     module::event("comment_add_form", $form);
     $group->submit("")->value(t("Add"));
 
-    $active = user::active();
+    $active = Identity::active();
     if (!$active->guest) {
       $group->inputs["name"]->value($active->full_name)->disabled("disabled");
       $group->email->value($active->email)->disabled("disabled");
diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php
index de9b0cd6..5e29e778 100644
--- a/modules/comment/models/comment.php
+++ b/modules/comment/models/comment.php
@@ -23,7 +23,7 @@ class Comment_Model extends ORM {
   }
 
   function author() {
-    return user::lookup($this->author_id);
+    return Identity::lookup_user($this->author_id);
   }
 
   function author_name() {
diff --git a/modules/comment/tests/Comment_Event_Test.php b/modules/comment/tests/Comment_Event_Test.php
index c51c65c9..eb301893 100644
--- a/modules/comment/tests/Comment_Event_Test.php
+++ b/modules/comment/tests/Comment_Event_Test.php
@@ -22,7 +22,7 @@ class Comment_Event_Test extends Unit_Test_Case {
     $rand = rand();
     $album = album::create(ORM::factory("item", 1), "test_$rand", "test_$rand");
     $comment = comment::create(
-      $album, user::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
+      $album, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
 
     $album->delete();
 
diff --git a/modules/comment/tests/Comment_Helper_Test.php b/modules/comment/tests/Comment_Helper_Test.php
index f84fe0f9..e8ab7c79 100644
--- a/modules/comment/tests/Comment_Helper_Test.php
+++ b/modules/comment/tests/Comment_Helper_Test.php
@@ -48,7 +48,7 @@ class Comment_Helper_Test extends Unit_Test_Case {
     $rand = rand();
     $root = ORM::factory("item", 1);
     $comment = comment::create(
-      $root, user::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
+      $root, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
 
     $this->assert_equal("name_$rand", $comment->author_name());
     $this->assert_equal("email_$rand", $comment->author_email());
@@ -77,7 +77,7 @@ class Comment_Helper_Test extends Unit_Test_Case {
   public function create_comment_for_user_test() {
     $rand = rand();
     $root = ORM::factory("item", 1);
-    $admin = user::lookup(2);
+    $admin = Identity::lookup_user(2);
     $comment = comment::create(
       $root, $admin, "text_$rand", "name_$rand", "email_$rand", "url_$rand");
 
diff --git a/modules/comment/tests/Comment_Model_Test.php b/modules/comment/tests/Comment_Model_Test.php
index f4c68b15..76de2a34 100644
--- a/modules/comment/tests/Comment_Model_Test.php
+++ b/modules/comment/tests/Comment_Model_Test.php
@@ -22,17 +22,17 @@ class Comment_Model_Test extends Unit_Test_Case {
   public function cant_view_comments_for_unviewable_items_test() {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
-    $comment = comment::create($album, user::guest(), "text", "name", "email", "url");
-    user::set_active(user::guest());
+    $comment = comment::create($album, Identity::guest(), "text", "name", "email", "url");
+    Identity::set_active(Identity::guest());
 
     // We can see the comment when permissions are granted on the album
-    access::allow(group::everybody(), "view", $album);
+    access::allow(Identity::everybody(), "view", $album);
     $this->assert_equal(
       1,
       ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
 
     // We can't see the comment when permissions are denied on the album
-    access::deny(group::everybody(), "view", $album);
+    access::deny(Identity::everybody(), "view", $album);
     $this->assert_equal(
       0,
       ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php
index 0939704b..8ea83601 100644
--- a/modules/digibug/controllers/digibug.php
+++ b/modules/digibug/controllers/digibug.php
@@ -23,7 +23,7 @@ class Digibug_Controller extends Controller {
     $item = ORM::factory("item", $id);
     access::required("view", $item);
 
-    if (access::group_can(group::everybody(), "view_full", $item)) {
+    if (access::group_can(Identity::everybody(), "view_full", $item)) {
       $full_url = $item->file_url(true);
       $thumb_url = $item->thumb_url(true);
     } else {
diff --git a/modules/digibug/tests/Digibug_Controller_Test.php b/modules/digibug/tests/Digibug_Controller_Test.php
index 859ff637..19f57972 100644
--- a/modules/digibug/tests/Digibug_Controller_Test.php
+++ b/modules/digibug/tests/Digibug_Controller_Test.php
@@ -35,8 +35,8 @@ class Digibug_Controller_Test extends Unit_Test_Case {
 
     $root = ORM::factory("item", 1);
     $this->_album = album::create($root,  rand(), "test album");
-    access::deny(group::everybody(), "view_full", $this->_album);
-    access::deny(group::registered_users(), "view_full", $this->_album);
+    access::deny(Identity::everybody(), "view_full", $this->_album);
+    access::deny(Identity::registered_users(), "view_full", $this->_album);
 
     $rand = rand();
     $this->_item = photo::create($this->_album, MODPATH . "gallery/tests/test.jpg", "$rand.jpg",
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php
index 7e5c6f75..8b48f727 100644
--- a/modules/g2_import/helpers/g2_import.php
+++ b/modules/g2_import/helpers/g2_import.php
@@ -230,16 +230,16 @@ class g2_import_Core {
     switch ($g2_group->getGroupType()) {
     case GROUP_NORMAL:
       try {
-        $group = group::create($g2_group->getGroupName());
+        $group = Identity::create_group($g2_group->getGroupName());
       } catch (Exception $e) {
         // @todo For now we assume this is a "duplicate group" exception
-        $group = group::lookup_by_name($g2_group->getGroupname());
+        $group = Identity::lookup_user_by_name($g2_group->getGroupname());
       }
       $message = t("Group '%name' was imported", array("name" => $g2_group->getGroupname()));
       break;
 
     case GROUP_ALL_USERS:
-      $group = group::registered_users();
+      $group = Identity::registered_users();
       $message = t("Group 'Registered' was converted to '%name'", array("name" => $group->name));
       break;
 
@@ -248,7 +248,7 @@ class g2_import_Core {
       break;  // This is not a group in G3
 
     case GROUP_EVERYBODY:
-      $group = group::everybody();
+      $group = Identity::everybody();
       $message = t("Group 'Everybody' was converted to '%name'", array("name" => $group->name));
       break;
     }
@@ -270,7 +270,7 @@ class g2_import_Core {
     }
 
     if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
-      self::set_map($g2_user_id, user::guest()->id);
+      self::set_map($g2_user_id, Identity::guest()->id);
       return t("Skipping Anonymous User");
     }
 
@@ -285,11 +285,11 @@ class g2_import_Core {
     $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
 
     try {
-      $user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
+      $user = Identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), "");
       $message = t("Created user: '%name'.", array("name" => $user->name));
     } catch (Exception $e) {
       // @todo For now we assume this is a "duplicate user" exception
-      $user = user::lookup_by_name($g2_user->getUsername());
+      $user = Identity::lookup_user_by_name($g2_user->getUsername());
       $message = t("Loaded existing user: '%name'.", array("name" => $user->name));
     }
 
@@ -313,7 +313,6 @@ class g2_import_Core {
     return $message;
   }
 
-
   /**
    * Import a single album.
    */
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index b92a32cd..8a4181a6 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -21,7 +21,7 @@ class Admin_Controller extends Controller {
   private $theme;
 
   public function __construct($theme=null) {
-    if (!(user::active()->admin)) {
+    if (!(Identity::active()->admin)) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index 9733d1cd..fdf06ec0 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -29,7 +29,7 @@ class Albums_Controller extends Items_Controller {
         $view = new Theme_View("page.html", "login");
         $view->page_title = t("Log in to Gallery");
         $view->content = new View("login_ajax.html");
-        $view->content->form = user::get_login_form("login/auth_html");
+        $view->content->form = Identity::get_login_form("login/auth_html");
         print $view;
         return;
       } else {
@@ -111,7 +111,7 @@ class Albums_Controller extends Items_Controller {
         $this->input->post("name"),
         $this->input->post("title", $this->input->post("name")),
         $this->input->post("description"),
-        user::active()->id,
+        Identity::active()->id,
         $this->input->post("slug"));
 
       log::success("content", "Created an album",
@@ -146,7 +146,7 @@ class Albums_Controller extends Items_Controller {
         $_FILES["file"]["name"],
         $this->input->post("title", $this->input->post("name")),
         $this->input->post("description"),
-        user::active()->id);
+        Identity::active()->id);
 
       log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
       message::success(t("Added photo %photo_title",
diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php
index 6fdbb3a1..b3929c5d 100644
--- a/modules/gallery/controllers/l10n_client.php
+++ b/modules/gallery/controllers/l10n_client.php
@@ -20,7 +20,7 @@
 class L10n_Client_Controller extends Controller {
   public function save() {
     access::verify_csrf();
-    if (!user::active()->admin) {
+    if (!Identity::active()->admin) {
       access::forbidden();
     }
 
@@ -85,7 +85,7 @@ class L10n_Client_Controller extends Controller {
 
   public function toggle_l10n_mode() {
     access::verify_csrf();
-    if (!user::active()->admin) {
+    if (!Identity::active()->admin) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 2c4bd557..c8b771ca 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -21,7 +21,7 @@ class Login_Controller extends Controller {
 
   public function ajax() {
     $view = new View("login_ajax.html");
-    $view->form = user::get_login_form("login/auth_ajax");
+    $view->form = Identity::get_login_form("login/auth_ajax");
     print $view;
   }
 
@@ -40,7 +40,7 @@ class Login_Controller extends Controller {
   }
 
   public function html() {
-    print user::get_login_form("login/auth_html");
+    print Identity::get_login_form("login/auth_html");
   }
 
   public function auth_html() {
@@ -54,11 +54,11 @@ class Login_Controller extends Controller {
     }
   }
   private function _auth($url) {
-    $form = user::get_login_form($url);
+    $form = Identity::get_login_form($url);
     $valid = $form->validate();
     if ($valid) {
-      $user = user::lookup_by_name($form->login->inputs["name"]->value);
-      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
+      $user = Identity::lookup_user_by_name($form->login->inputs["name"]->value);
+      if (empty($user) || !Identity::is_correct_password($user, $form->login->password->value)) {
         log::warning(
           "user",
           t("Failed login for %name",
@@ -69,7 +69,7 @@ class Login_Controller extends Controller {
     }
 
     if ($valid) {
-      user::login($user);
+      Identity::login($user);
       log::info("user", t("User %name logged in", array("name" => $user->name)));
     }
 
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
index 45d397ad..6841b870 100644
--- a/modules/gallery/controllers/logout.php
+++ b/modules/gallery/controllers/logout.php
@@ -21,8 +21,8 @@ class Logout_Controller extends Controller {
   public function index() {
     //access::verify_csrf();
 
-    $user = user::active();
-    user::logout();
+    $user = Identity::active();
+    Identity::logout();
     log::info("user", t("User %name logged out", array("name" => $user->name)),
               html::anchor("user/$user->id", html::clean($user->name)));
     if ($continue_url = $this->input->get("continue")) {
diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php
index e8b08960..ce6d67b1 100644
--- a/modules/gallery/controllers/password.php
+++ b/modules/gallery/controllers/password.php
@@ -32,7 +32,7 @@ class Password_Controller extends Controller {
     if (request::method() == "post") {
       $this->_change_password();
     } else {
-      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      $user = Identity::lookup_user_by_hash(Input::instance()->get("key"));
       if (!empty($user)) {
         print $this->_new_password_form($user->hash);
       } else {
@@ -46,7 +46,7 @@ class Password_Controller extends Controller {
 
     $valid = $form->validate();
     if ($valid) {
-      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
+      $user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value);
       if (!$user->loaded || empty($user->email)) {
         $form->reset->inputs["name"]->add_error("no_email", 1);
         $valid = false;
@@ -116,7 +116,7 @@ class Password_Controller extends Controller {
   private function _change_password() {
     $view = $this->_new_password_form();
     if ($view->content->validate()) {
-      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      $user = Identity::lookup_user_by_hash(Input::instance()->get("key"));
       if (empty($user)) {
         throw new Exception("@todo FORBIDDEN", 503);
       }
diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php
index 8d75862e..6b1e926f 100644
--- a/modules/gallery/controllers/permissions.php
+++ b/modules/gallery/controllers/permissions.php
@@ -74,7 +74,7 @@ class Permissions_Controller extends Controller {
 
       // If the active user just took away their own edit permissions, give it back.
       if ($perm->name == "edit") {
-        if (!access::user_can(user::active(), "edit", $item)) {
+        if (!access::user_can(Identity::active(), "edit", $item)) {
           access::allow($group, $perm->name, $item);
         }
       }
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index 0f6cbc2c..f6ca4c8a 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -40,7 +40,7 @@ class Upgrader_Controller extends Controller {
     }
 
     $view = new View("upgrader.html");
-    $view->can_upgrade = user::active()->admin || $session->get("can_upgrade");
+    $view->can_upgrade = Identity::active()->admin || $session->get("can_upgrade");
     $view->upgrade_token = $upgrade_token;
     $view->available = module::available();
     $view->done = ($available_upgrades == 0);
@@ -52,7 +52,7 @@ class Upgrader_Controller extends Controller {
       // @todo this may screw up some module installers, but we don't have a better answer at
       // this time.
       $_SERVER["HTTP_HOST"] = "example.com";
-    } else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) {
+    } else if (!Identity::active()->admin && !Session::instance()->get("can_upgrade", false)) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/welcome_message.php b/modules/gallery/controllers/welcome_message.php
index 8fd1e0a0..c093b67d 100644
--- a/modules/gallery/controllers/welcome_message.php
+++ b/modules/gallery/controllers/welcome_message.php
@@ -19,12 +19,12 @@
  */
 class Welcome_Message_Controller extends Controller {
   public function index() {
-    if (!user::active()->admin) {
+    if (!Identity::active()->admin) {
       url::redirect(item::root()->abs_url());
     }
 
     $v = new View("welcome_message.html");
-    $v->user = user::active();
+    $v->user = Identity::active();
     print $v;
   }
 }
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 949aea84..0e0e749e 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -79,7 +79,7 @@ class access_Core {
    * @return boolean
    */
   static function can($perm_name, $item) {
-    return self::user_can(user::active(), $perm_name, $item);
+    return self::user_can(Identity::active(), $perm_name, $item);
   }
 
   /**
diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php
index 50e2c43b..e1fa2a7c 100644
--- a/modules/gallery/helpers/gallery.php
+++ b/modules/gallery/helpers/gallery.php
@@ -27,7 +27,7 @@ class gallery_Core {
   static function maintenance_mode() {
     $maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
 
-    if (Router::$controller != "login" && !empty($maintenance_mode) && !user::active()->admin) {
+    if (Router::$controller != "login" && !empty($maintenance_mode) && !Identity::active()->admin) {
       Router::$controller = "maintenance";
       Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php";
       Router::$method = "index";
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 4a6b14b6..abead9e3 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -24,10 +24,10 @@ class gallery_event_Core {
    */
   static function gallery_ready() {
     // Call Identity::instance() now to force the load of the user interface classes.
-    // user::load_user will attempt to load the active user from the session and needs
+    // Identity::load_user will attempt to load the active user from the session and needs
     // the user definition class, which can't be reached by Kohana's heiracrchical lookup.
     Identity::instance();
-    user::load_user();
+    Identity::load_user();
     locales::set_request_locale();
   }
 
@@ -139,7 +139,7 @@ class gallery_event_Core {
         }
       }
 
-      if (user::active()->admin) {
+      if (Identity::active()->admin) {
         $menu->append($admin_menu = Menu::factory("submenu")
                 ->id("admin_menu")
                 ->label(t("Admin")));
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index a342b4bd..cc46a88a 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -54,7 +54,7 @@ class gallery_theme_Core {
   static function header_top($theme) {
     if ($theme->page_type != "login") {
       $view = new View("login.html");
-      $view->user = user::active();
+      $view->user = Identity::active();
       return $view->render();
     }
   }
diff --git a/modules/gallery/helpers/group.php b/modules/gallery/helpers/group.php
deleted file mode 100644
index 295e5f50..00000000
--- a/modules/gallery/helpers/group.php
+++ /dev/null
@@ -1,79 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-/**
- * This is the API for handling groups.
- *
- * Note: by design, this class does not do any permission checking.
- */
-class group_Core {
-  /**
-   * @see Identity_Driver::create.
-   */
-  static function create($name) {
-    return Identity::instance()->create_group($name);
-  }
-
-  /**
-   * @see Identity_Driver::everbody.
-   */
-  static function everybody() {
-    return Identity::instance()->everybody();
-  }
-
-  /**
-   * @see Identity_Driver::registered_users.
-   */
-  static function registered_users() {
-    return Identity::instance()->everybody();
-  }
-
-  /**
-   * Look up a group by id.
-   * @param integer      $id the user id
-   * @return Group_Definition  the group object, or null if the id was invalid.
-   */
-  static function lookup($id) {
-    return Identity::instance()->lookup_group_by_field("id", $id);
-  }
-
-  /**
-   * Look up a group by name.
-   * @param integer      $id the group name
-   * @return Group_Definition  the group object, or null if the name was invalid.
-   */
-  static function lookup_by_name($name) {
-    return Identity::instance()->lookup_group_by_field("name", $name);
-  }
-
-  /**
-   * @see Identity_Driver::get_group_list.
-   */
-  static function get_group_list($filter=array()) {
-    return Identity::instance()->get_group_list($filter);
-  }
-
-  /**
-   * @see Identity_Driver::get_edit_rules.
-   */
-  static function get_edit_rules() {
-    return Identity::instance()->get_edit_rules("group");
-  }
-}
diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php
index 084bbc15..bce83bb3 100644
--- a/modules/gallery/helpers/item.php
+++ b/modules/gallery/helpers/item.php
@@ -158,8 +158,8 @@ class item_Core {
    */
   static function viewable($model) {
     $view_restrictions = array();
-    if (!user::active()->admin) {
-      foreach (user::group_ids() as $id) {
+    if (!Identity::active()->admin) {
+      foreach (Identity::group_ids_for_active_user() as $id) {
         // Separate the first restriction from the rest to make it easier for us to formulate
         // our where clause below
         if (empty($view_restrictions)) {
diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index 2cd8b0c2..2dfc7f21 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -141,7 +141,7 @@ class locales_Core {
     $locale = self::cookie_locale();
     // 2. Check the user's preference
     if (!$locale) {
-      $locale = user::active()->locale;
+      $locale = Identity::active()->locale;
     }
     // 3. Check the browser's / OS' preference
     if (!$locale) {
diff --git a/modules/gallery/helpers/log.php b/modules/gallery/helpers/log.php
index c8e94b45..512723dd 100644
--- a/modules/gallery/helpers/log.php
+++ b/modules/gallery/helpers/log.php
@@ -80,7 +80,7 @@ class log_Core {
     $log->url = substr(url::abs_current(true), 0, 255);
     $log->referer = request::referrer(null);
     $log->timestamp = time();
-    $log->user_id = user::active()->id;
+    $log->user_id = Identity::active()->id;
     $log->save();
   }
 
diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php
index 9ca28fe6..32a27646 100644
--- a/modules/gallery/helpers/movie.php
+++ b/modules/gallery/helpers/movie.php
@@ -77,7 +77,7 @@ class movie_Core {
     $movie->title = $title;
     $movie->description = $description;
     $movie->name = $name;
-    $movie->owner_id = $owner_id ? $owner_id : user::active();
+    $movie->owner_id = $owner_id ? $owner_id : Identity::active();
     $movie->width = $movie_info[0];
     $movie->height = $movie_info[1];
     $movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv";
diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php
index 6677ddc9..cf316819 100644
--- a/modules/gallery/helpers/photo.php
+++ b/modules/gallery/helpers/photo.php
@@ -76,7 +76,7 @@ class photo_Core {
     $photo->title = $title;
     $photo->description = $description;
     $photo->name = $name;
-    $photo->owner_id = $owner_id ? $owner_id : user::active();
+    $photo->owner_id = $owner_id ? $owner_id : Identity::active();
     $photo->width = $image_info[0];
     $photo->height = $image_info[1];
     $photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime'];
diff --git a/modules/gallery/helpers/site_status.php b/modules/gallery/helpers/site_status.php
index b7c6de9a..3f7ff19d 100644
--- a/modules/gallery/helpers/site_status.php
+++ b/modules/gallery/helpers/site_status.php
@@ -95,7 +95,7 @@ class site_status_Core {
    * @return html text
    */
   static function get() {
-    if (!user::active()->admin) {
+    if (!Identity::active()->admin) {
       return;
     }
     $buf = array();
diff --git a/modules/gallery/helpers/task.php b/modules/gallery/helpers/task.php
index 9fa04305..4735c36c 100644
--- a/modules/gallery/helpers/task.php
+++ b/modules/gallery/helpers/task.php
@@ -42,7 +42,7 @@ class task_Core {
     $task->percent_complete = 0;
     $task->status = "";
     $task->state = "started";
-    $task->owner_id = user::active()->id;
+    $task->owner_id = Identity::active()->id;
     $task->context = serialize($context);
     $task->save();
 
diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php
deleted file mode 100644
index c51a4a9c..00000000
--- a/modules/gallery/helpers/user.php
+++ /dev/null
@@ -1,223 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-/**
- * This is the API for handling users.
- *
- * Note: by design, this class does not do any permission checking.
- */
-class user_Core {
-  static function get_login_form($url) {
-    $form = new Forge($url, "", "post", array("id" => "g-login-form"));
-    $form->set_attr('class', "g-narrow");
-    $group = $form->group("login")->label(t("Login"));
-    $group->input("name")->label(t("Username"))->id("g-username")->class(null);
-    $group->password("password")->label(t("Password"))->id("g-password")->class(null);
-    $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
-    $group->submit("")->value(t("Login"));
-    return $form;
-  }
-
-  /**
-   * Return the active user.  If there's no active user, return the guest user.
-   *
-   * @return User_Model
-   */
-  static function active() {
-    // @todo (maybe) cache this object so we're not always doing session lookups.
-    $user = Session::instance()->get("user", null);
-    if (!isset($user)) {
-      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
-      // work.
-      $user = self::guest();
-    }
-    return $user;
-  }
-
-  /**
-   * Change the active user.
-   *
-   * @return User_Model
-   */
-  static function set_active($user) {
-    $session = Session::instance();
-    $session->set("user", $user);
-    $session->delete("group_ids");
-    self::load_user();
-  }
-
-  /**
-   * Return the array of group ids this user belongs to
-   *
-   * @return array
-   */
-  static function group_ids() {
-    return Session::instance()->get("group_ids", array(1));
-  }
-
-  /**
-   * Make sure that we have a session and group_ids cached in the session.  This is one
-   * of the first calls to reference the user so call the Identity::instance to load the
-   * driver classes.
-   */
-  static function load_user() {
-    $session = Session::instance();
-    if (!($user = $session->get("user"))) {
-      $session->set("user", $user = self::guest());
-    }
-
-    // The installer cannot set a user into the session, so it just sets an id which we should
-    // upconvert into a user.
-    // @todo what is user id===2
-    if ($user === 2) {
-      $user = model_cache::get("user", 2);
-      self::login($user);
-      $session->set("user", $user);
-    }
-
-    if (!$session->get("group_ids")) {
-      $ids = array();
-      foreach ($user->groups as $group) {
-        $ids[] = $group->id;
-      }
-      $session->set("group_ids", $ids);
-    }
-  }
-
-  /**
-   * Log in as a given user.
-   * @param object $user the user object.
-   */
-  static function login($user) {
-    // @todo make this an interface call
-    $user->login_count += 1;
-    $user->last_login = time();
-    $user->save();
-
-    self::set_active($user);
-    module::event("user_login", $user);
-  }
-
-  /**
-   * Log out the active user and destroy the session.
-   * @param object $user the user object.
-   */
-  static function logout() {
-    $user = self::active();
-    if (!$user->guest) {
-      try {
-        Session::instance()->destroy();
-      } catch (Exception $e) {
-        Kohana::log("error", $e);
-      }
-      module::event("user_logout", $user);
-    }
-  }
-
-  /**
-   * @see Identity_Core::is_writable.
-   */
-  static function is_writable() {
-    return Identity::instance()->is_writable();
-  }
-
-  /**
-   * @see Identity_Driver::guest.
-   */
-  static function guest() {
-    return Identity::instance()->guest();
-  }
-
-  /**
-   * @see Identity_Driver::create_user.
-   */
-  static function create($name, $full_name, $password) {
-    return Identity::instance()->create_user($name, $full_name, $password);
-  }
-
-  /**
-   * @see Identity_Driver::is_correct_password.
-   */
-  static function is_correct_password($user, $password) {
-    return Identity::instance()->is_correct_password($user, $password);
-  }
-
-  /**
-   * @see Identity_Driver::hash_password.
-   */
-  static function hash_password($password) {
-    return Identity::instance()->hash_password($password);
-  }
-
-  /**
-   * Look up a user by id.
-   * @param integer      $id the user id
-   * @return User_Definition  the user object, or null if the id was invalid.
-   */
-  static function lookup($id) {
-    return Identity::instance()->lookup_user_by_field("id", $id);
-  }
-
-  /**
-   * Look up a user by name.
-   * @param integer      $name the user name
-   * @return User_Definition  the user object, or null if the name was invalid.
-   */
-  static function lookup_by_name($name) {
-    return Identity::instance()->lookup_user_by_field("name", $name);
-  }
-
-  /**
-   * Look up a user by hash.
-   * @param string       $name the user name
-   * @return User_Definition  the user object, or null if the name was invalid.
-   */
-  static function lookup_by_hash($hash) {
-    return Identity::instance()->lookup_user_by_field("hash", $hash);
-  }
-
-  /**
-   * @see Identity_Driver::get_user_list.
-   */
-  static function get_user_list($filter=array()) {
-    return Identity::instance()->get_user_list($filter);
-  }
-
-  /**
-   * @see Identity_Driver::get_edit_rules.
-   */
-  static function get_edit_rules() {
-    return Identity::instance()->get_edit_rules("user");
-  }
-
-  private static function _lookup_user_by_field($field_name, $value) {
-    try {
-      $user = model_cache::get("user", $value, $field_name);
-      if ($user->loaded) {
-        return $user;
-      }
-    } catch (Exception $e) {
-      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
-       throw $e;
-      }
-    }
-    return null;
-  }
-}
\ No newline at end of file
diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php
index fa6d1dd3..b1bb4ada 100644
--- a/modules/gallery/libraries/Admin_View.php
+++ b/modules/gallery/libraries/Admin_View.php
@@ -36,12 +36,12 @@ class Admin_View_Core extends Gallery_View {
     parent::__construct($name);
 
     $this->theme_name = module::get_var("gallery", "active_admin_theme");
-    if (user::active()->admin) {
+    if (Identity::active()->admin) {
       $this->theme_name = Input::instance()->get("theme", $this->theme_name);
     }
     $this->sidebar = "";
     $this->set_global("theme", $this);
-    $this->set_global("user", user::active());
+    $this->set_global("user", Identity::active());
   }
 
   public function admin_menu() {
diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php
index 86b15935..229d0da9 100644
--- a/modules/gallery/libraries/Identity.php
+++ b/modules/gallery/libraries/Identity.php
@@ -22,7 +22,7 @@
  * Provides a driver-based interface for managing users and groups.
  */
 class Identity_Core {
-  protected static $instances;
+  protected static $instance;
 
   // Configuration
   protected $config;
@@ -38,12 +38,12 @@ class Identity_Core {
    * @return  Identity_Core
    */
   static function & instance($config="default") {
-   if (!isset(Identity::$instances)) {
+   if (!isset(Identity::$instance)) {
       // Create a new instance
-      Identity::$instances = new Identity($config);
+      Identity::$instance = new Identity($config);
     }
 
-    return Identity::$instances;
+    return Identity::$instance;
   }
 
   /**
@@ -85,9 +85,10 @@ class Identity_Core {
       $this->driver = new $driver($this->config["params"]);
 
       // Validate the driver
-      if ( !($this->driver instanceof Identity_Driver))
+      if ( !($this->driver instanceof Identity_Driver)) {
         throw new Kohana_Exception("core.driver_implements", $this->config["driver"],
                                    get_class($this), "Identity_Driver");
+      }
 
       Kohana::log("debug", "Identity Library initialized");
     }
@@ -98,91 +99,220 @@ class Identity_Core {
    *
    * @return boolean true if the driver supports updates; false if read only
    */
-  public function is_writable() {
-    return !empty($this->config["allow_updates"]);
+  static function is_writable() {
+    return !empty(self::instance()->config["allow_updates"]);
   }
 
   /**
    * @see Identity_Driver::guest.
    */
-  public function guest() {
-    return $this->driver->guest();
+  static function guest() {
+    return self::instance()->driver->guest();
   }
 
   /**
    * @see Identity_Driver::create_user.
    */
-  public function create_user($name, $full_name, $password) {
-    return $this->driver->create_user($name, $full_name, $password);
+  static function create_user($name, $full_name, $password) {
+    return self::instance()->driver->create_user($name, $full_name, $password);
   }
 
   /**
    * @see Identity_Driver::is_correct_password.
    */
-  public function is_correct_password($user, $password) {
-    return $this->driver->is_correct_password($user, $password);
+  static function is_correct_password($user, $password) {
+    return self::instance()->driver->is_correct_password($user, $password);
   }
 
   /**
    * @see Identity_Driver::hash_password.
    */
-  public function hash_password($password) {
-    return $this->driver->hash_password($password);
+  static function hash_password($password) {
+    return self::instance()->driver->hash_password($password);
+  }
+
+  /**
+   * Look up a user by id.
+   * @param integer      $id the user id
+   * @return User_Definition  the user object, or null if the id was invalid.
+   */
+  static function lookup_user($id) {
+    return self::instance()->driver->lookup_user_by_field("id", $id);
+  }
+
+  /**
+   * Look up a user by name.
+   * @param integer      $name the user name
+   * @return User_Definition  the user object, or null if the name was invalid.
+   */
+  static function lookup_user_by_name($name) {
+    return self::instance()->driver->lookup_user_by_field("name", $name);
   }
 
   /**
-   * @see Identity_Driver::lookup_user_by_field.
+   * Look up a user by hash.
+   * @param string       $name the user name
+   * @return User_Definition  the user object, or null if the name was invalid.
    */
-  public function lookup_user_by_field($field_name, $value) {
-    return $this->driver->lookup_user_by_field($field_name, $value);
+  static function lookup_user_by_hash($hash) {
+    return self::instance()->driver->lookup_user_by_field("hash", $hash);
   }
 
   /**
    * @see Identity_Driver::create_group.
    */
-  public function create_group($name) {
-    return $this->driver->create_group($name);
+  static function create_group($name) {
+    return self::instance()->driver->create_group($name);
   }
 
   /**
    * @see Identity_Driver::everybody.
    */
-  public function everybody() {
-    return $this->driver->everybody();
+  static function everybody() {
+    return self::instance()->driver->everybody();
   }
 
   /**
    * @see Identity_Driver::registered_users.
    */
-  public function registered_users() {
-    return $this->driver->everybody();
+  static function registered_users() {
+    return self::instance()->driver->everybody();
   }
 
   /**
-   * @see Identity_Driver::lookup_group_by_field.
+   * Look up a group by name.
+   * @param integer      $id the group name
+   * @return Group_Definition  the group object, or null if the name was invalid.
    */
-  public function lookup_group_by_field($field_name, $value) {
-    return $this->driver->lookup_group_by_field($field_name, $value);
+  static function lookup_group_by_name($name) {
+    return self::instance()->driver->lookup_group_by_field("name", $name);
   }
 
   /**
    * @see Identity_Driver::get_user_list.
    */
-  public function get_user_list($filter=array()) {
-    return $this->driver->get_user_list($filter);
+  static function get_user_list($filter=array()) {
+    return self::instance()->driver->get_user_list($filter);
   }
 
   /**
    * @see Identity_Driver::get_group_list.
    */
-  public function get_group_list($filter=array()) {
-    return $this->driver->get_group_list($filter);
+  static function get_group_list($filter=array()) {
+    return self::instance()->driver->get_group_list($filter);
   }
 
   /**
    * @see Identity_Driver::get_edit_rules.
    */
-  public function get_edit_rules($object_type) {
-    return $this->driver->get_edit_rules($object_type);
+  static function get_edit_rules($object_type) {
+    return self::instance()->driver->get_edit_rules($object_type);
+  }
+
+  static function get_login_form($url) {
+    $form = new Forge($url, "", "post", array("id" => "g-login-form"));
+    $form->set_attr('class', "g-narrow");
+    $group = $form->group("login")->label(t("Login"));
+    $group->input("name")->label(t("Username"))->id("g-username")->class(null);
+    $group->password("password")->label(t("Password"))->id("g-password")->class(null);
+    $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
+    $group->submit("")->value(t("Login"));
+    return $form;
+  }
+
+  /**
+   * Return the active user.  If there's no active user, return the guest user.
+   *
+   * @return User_Model
+   */
+  static function active() {
+    // @todo (maybe) cache this object so we're not always doing session lookups.
+    $user = Session::instance()->get("user", null);
+    if (!isset($user)) {
+      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
+      // work.
+      $user = self::guest();
+    }
+    return $user;
+  }
+
+  /**
+   * Change the active user.
+   *
+   * @return User_Model
+   */
+  static function set_active($user) {
+    $session = Session::instance();
+    $session->set("user", $user);
+    $session->delete("group_ids");
+    self::load_user();
+  }
+
+  /**
+   * Return the array of group ids this user belongs to
+   *
+   * @return array
+   */
+  static function group_ids_for_active_user() {
+    return Session::instance()->get("group_ids", array(1));
+  }
+
+  /**
+   * Make sure that we have a session and group_ids cached in the session.  This is one
+   * of the first calls to reference the user so call the Identity::instance to load the
+   * driver classes.
+   */
+  static function load_user() {
+    $session = Session::instance();
+    if (!($user = $session->get("user"))) {
+      $session->set("user", $user = self::guest());
+    }
+
+    // The installer cannot set a user into the session, so it just sets an id which we should
+    // upconvert into a user.
+    // @todo set the user name into the session instead of 2 and then use it to get the user object
+    if ($user === 2) {
+      $user = self::lookup_user_by_name("admin");
+      self::login($user);
+      $session->set("user", $user);
+    }
+
+    if (!$session->get("group_ids")) {
+      $ids = array();
+      foreach ($user->groups as $group) {
+        $ids[] = $group->id;
+      }
+      $session->set("group_ids", $ids);
+    }
+  }
+
+  /**
+   * Log in as a given user.
+   * @param object $user the user object.
+   */
+  static function login($user) {
+    // @todo make this an interface call
+    $user->login_count += 1;
+    $user->last_login = time();
+    $user->save();
+
+    self::set_active($user);
+    module::event("user_login", $user);
+  }
+
+  /**
+   * Log out the active user and destroy the session.
+   * @param object $user the user object.
+   */
+  static function logout() {
+    $user = self::active();
+    if (!$user->guest) {
+      try {
+        Session::instance()->destroy();
+      } catch (Exception $e) {
+        Kohana::log("error", $e);
+      }
+      module::event("user_logout", $user);
+    }
   }
 } // End Identity
diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php
index cba436e8..4e87f4fb 100644
--- a/modules/gallery/libraries/Theme_View.php
+++ b/modules/gallery/libraries/Theme_View.php
@@ -37,13 +37,13 @@ class Theme_View_Core extends Gallery_View {
     parent::__construct($name);
 
     $this->theme_name = module::get_var("gallery", "active_site_theme");
-    if (user::active()->admin) {
+    if (Identity::active()->admin) {
       $this->theme_name = Input::instance()->get("theme", $this->theme_name);
     }
     $this->item = null;
     $this->tag = null;
     $this->set_global("theme", $this);
-    $this->set_global("user", user::active());
+    $this->set_global("user", Identity::active());
     $this->set_global("page_type", $page_type);
     $this->set_global("page_title", null);
     if ($page_type == "album") {
@@ -158,7 +158,7 @@ class Theme_View_Core extends Gallery_View {
    */
   public function sidebar_blocks() {
     $sidebar = block_manager::get_html("site.sidebar", $this);
-    if (empty($sidebar) && user::active()->admin) {
+    if (empty($sidebar) && Identity::active()->admin) {
       $sidebar = new View("no_sidebar.html");
     }
     return $sidebar;
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 6f0e3525..ba44709f 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -333,7 +333,7 @@ class Item_Model extends ORM_MPTT {
       // This relationship depends on an outside module, which may not be present so handle
       // failures gracefully.
       try {
-        return user::lookup($this->owner_id);
+        return Identity::lookup_user($this->owner_id);
       } catch (Exception $e) {
         return null;
       }
diff --git a/modules/gallery/models/log.php b/modules/gallery/models/log.php
index d143d7bd..1d639857 100644
--- a/modules/gallery/models/log.php
+++ b/modules/gallery/models/log.php
@@ -26,7 +26,7 @@ class Log_Model extends ORM {
       // This relationship depends on an outside module, which may not be present so handle
       // failures gracefully.
       try {
-        return user::lookup($this->user_id);
+        return Identity::lookup_user($this->user_id);
       } catch (Exception $e) {
         return null;
       }
diff --git a/modules/gallery/models/task.php b/modules/gallery/models/task.php
index b7e255a2..548e5f9c 100644
--- a/modules/gallery/models/task.php
+++ b/modules/gallery/models/task.php
@@ -46,7 +46,7 @@ class Task_Model extends ORM {
   }
 
   public function owner() {
-    return user::lookup($this->owner_id);
+    return Identity::lookup_user($this->owner_id);
   }
 
   /**
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index 72d7e04c..4904887a 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -33,7 +33,7 @@ class Access_Helper_Test extends Unit_Test_Case {
     } catch (Exception $e) { }
 
     try {
-      $user = user::lookup_by_name("access_test");
+      $user = Identity::lookup_user_by_name("access_test");
       if ($user->loaded) {
         $user->delete();
       }
@@ -41,16 +41,16 @@ class Access_Helper_Test extends Unit_Test_Case {
 
     // Reset some permissions that we mangle below
     $root = ORM::factory("item", 1);
-    access::allow(group::everybody(), "view", $root);
+    access::allow(Identity::everybody(), "view", $root);
   }
 
   public function setup() {
-    user::set_active(user::guest());
+    Identity::set_active(Identity::guest());
   }
 
   public function groups_and_permissions_are_bound_to_columns_test() {
     access::register_permission("access_test", "Access Test");
-    $group = group::create("access_test");
+    $group = Identity::create_group("access_test");
 
     // We have a new column for this perm / group combo
     $fields = Database::instance()->list_fields("access_caches");
@@ -65,17 +65,17 @@ class Access_Helper_Test extends Unit_Test_Case {
   }
 
   public function user_can_access_test() {
-    $access_test = group::create("access_test");
+    $access_test = Identity::create_group("access_test");
 
     $root = ORM::factory("item", 1);
     access::allow($access_test, "view", $root);
 
     $item = album::create($root,  rand(), "test album");
 
-    access::deny(group::everybody(), "view", $item);
-    access::deny(group::registered_users(), "view", $item);
+    access::deny(Identity::everybody(), "view", $item);
+    access::deny(Identity::registered_users(), "view", $item);
 
-    $user = user::create("access_test", "Access Test", "");
+    $user = Identity::create_user("access_test", "Access Test", "");
     foreach ($user->groups as $group) {
       $user->remove($group);
     }
@@ -89,10 +89,10 @@ class Access_Helper_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $item = album::create($root,  rand(), "test album");
 
-    access::deny(group::everybody(), "view", $item);
-    access::deny(group::registered_users(), "view", $item);
+    access::deny(Identity::everybody(), "view", $item);
+    access::deny(Identity::registered_users(), "view", $item);
 
-    $user = user::create("access_test", "Access Test", "");
+    $user = Identity::create_user("access_test", "Access Test", "");
     foreach ($user->groups as $group) {
       $user->remove($group);
     }
@@ -121,14 +121,14 @@ class Access_Helper_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
 
     $album = album::create($root, rand(), "test album");
-    access::allow(group::everybody(), "view", $album);
+    access::allow(Identity::everybody(), "view", $album);
 
     $photo = ORM::factory("item");
     $photo->type = "photo";
     $photo->add_to_parent($album);
     access::add_item($photo);
 
-    $this->assert_true($photo->__get("view_" . group::everybody()->id));
+    $this->assert_true($photo->__get("view_" . Identity::everybody()->id));
   }
 
   public function can_allow_deny_and_reset_intent_test() {
@@ -137,23 +137,23 @@ class Access_Helper_Test extends Unit_Test_Case {
     $intent = ORM::factory("access_intent")->where("item_id", $album)->find();
 
     // Allow
-    access::allow(group::everybody(), "view", $album);
+    access::allow(Identity::everybody(), "view", $album);
     $this->assert_same(access::ALLOW, $intent->reload()->view_1);
 
     // Deny
-    access::deny(group::everybody(), "view", $album);
+    access::deny(Identity::everybody(), "view", $album);
     $this->assert_same(
       access::DENY,
       ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
 
     // Allow again.  If the initial value was allow, then the first Allow clause above may not
     // have actually changed any values.
-    access::allow(group::everybody(), "view", $album);
+    access::allow(Identity::everybody(), "view", $album);
     $this->assert_same(
       access::ALLOW,
       ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
 
-    access::reset(group::everybody(), "view", $album);
+    access::reset(Identity::everybody(), "view", $album);
     $this->assert_same(
       null,
       ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
@@ -161,7 +161,7 @@ class Access_Helper_Test extends Unit_Test_Case {
 
   public function cant_reset_root_item_test() {
     try {
-      access::reset(group::everybody(), "view", ORM::factory("item", 1));
+      access::reset(Identity::everybody(), "view", ORM::factory("item", 1));
     } catch (Exception $e) {
       return;
     }
@@ -170,17 +170,17 @@ class Access_Helper_Test extends Unit_Test_Case {
 
   public function can_view_item_test() {
     $root = ORM::factory("item", 1);
-    access::allow(group::everybody(), "view", $root);
-    $this->assert_true(access::group_can(group::everybody(), "view", $root));
+    access::allow(Identity::everybody(), "view", $root);
+    $this->assert_true(access::group_can(Identity::everybody(), "view", $root));
   }
 
   public function can_always_fails_on_unloaded_items_test() {
     $root = ORM::factory("item", 1);
-    access::allow(group::everybody(), "view", $root);
-    $this->assert_true(access::group_can(group::everybody(), "view", $root));
+    access::allow(Identity::everybody(), "view", $root);
+    $this->assert_true(access::group_can(Identity::everybody(), "view", $root));
 
     $bogus = ORM::factory("item", -1);
-    $this->assert_false(access::group_can(group::everybody(), "view", $bogus));
+    $this->assert_false(access::group_can(Identity::everybody(), "view", $bogus));
   }
 
   public function cant_view_child_of_hidden_parent_test() {
@@ -188,21 +188,21 @@ class Access_Helper_Test extends Unit_Test_Case {
     $album = album::create($root, rand(), "test album");
 
     $root->reload();
-    access::deny(group::everybody(), "view", $root);
-    access::reset(group::everybody(), "view", $album);
+    access::deny(Identity::everybody(), "view", $root);
+    access::reset(Identity::everybody(), "view", $album);
 
     $album->reload();
-    $this->assert_false(access::group_can(group::everybody(), "view", $album));
+    $this->assert_false(access::group_can(Identity::everybody(), "view", $album));
   }
 
   public function view_permissions_propagate_down_test() {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), "test album");
 
-    access::allow(group::everybody(), "view", $root);
-    access::reset(group::everybody(), "view", $album);
+    access::allow(Identity::everybody(), "view", $root);
+    access::reset(Identity::everybody(), "view", $album);
     $album->reload();
-    $this->assert_true(access::group_can(group::everybody(), "view", $album));
+    $this->assert_true(access::group_can(Identity::everybody(), "view", $album));
   }
 
   public function can_toggle_view_permissions_propagate_down_test() {
@@ -217,18 +217,18 @@ class Access_Helper_Test extends Unit_Test_Case {
     $album3->reload();
     $album4->reload();
 
-    access::allow(group::everybody(), "view", $root);
-    access::deny(group::everybody(), "view", $album1);
-    access::reset(group::everybody(), "view", $album2);
-    access::reset(group::everybody(), "view", $album3);
-    access::reset(group::everybody(), "view", $album4);
+    access::allow(Identity::everybody(), "view", $root);
+    access::deny(Identity::everybody(), "view", $album1);
+    access::reset(Identity::everybody(), "view", $album2);
+    access::reset(Identity::everybody(), "view", $album3);
+    access::reset(Identity::everybody(), "view", $album4);
 
     $album4->reload();
-    $this->assert_false(access::group_can(group::everybody(), "view", $album4));
+    $this->assert_false(access::group_can(Identity::everybody(), "view", $album4));
 
-    access::allow(group::everybody(), "view", $album1);
+    access::allow(Identity::everybody(), "view", $album1);
     $album4->reload();
-    $this->assert_true(access::group_can(group::everybody(), "view", $album4));
+    $this->assert_true(access::group_can(Identity::everybody(), "view", $album4));
   }
 
   public function revoked_view_permissions_cant_be_allowed_lower_down_test() {
@@ -237,29 +237,29 @@ class Access_Helper_Test extends Unit_Test_Case {
     $album2 = album::create($album1, rand(), "test album");
 
     $root->reload();
-    access::deny(group::everybody(), "view", $root);
-    access::allow(group::everybody(), "view", $album2);
+    access::deny(Identity::everybody(), "view", $root);
+    access::allow(Identity::everybody(), "view", $album2);
 
     $album1->reload();
-    $this->assert_false(access::group_can(group::everybody(), "view", $album1));
+    $this->assert_false(access::group_can(Identity::everybody(), "view", $album1));
 
     $album2->reload();
-    $this->assert_false(access::group_can(group::everybody(), "view", $album2));
+    $this->assert_false(access::group_can(Identity::everybody(), "view", $album2));
   }
 
   public function can_edit_item_test() {
     $root = ORM::factory("item", 1);
-    access::allow(group::everybody(), "edit", $root);
-    $this->assert_true(access::group_can(group::everybody(), "edit", $root));
+    access::allow(Identity::everybody(), "edit", $root);
+    $this->assert_true(access::group_can(Identity::everybody(), "edit", $root));
   }
 
   public function non_view_permissions_propagate_down_test() {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), "test album");
 
-    access::allow(group::everybody(), "edit", $root);
-    access::reset(group::everybody(), "edit", $album);
-    $this->assert_true(access::group_can(group::everybody(), "edit", $album));
+    access::allow(Identity::everybody(), "edit", $root);
+    access::reset(Identity::everybody(), "edit", $album);
+    $this->assert_true(access::group_can(Identity::everybody(), "edit", $album));
   }
 
   public function non_view_permissions_can_be_revoked_lower_down_test() {
@@ -279,36 +279,36 @@ class Access_Helper_Test extends Unit_Test_Case {
     $outer->reload();
     $inner->reload();
 
-    access::allow(group::everybody(), "edit", $root);
-    access::deny(group::everybody(), "edit", $outer);
-    access::allow(group::everybody(), "edit", $inner);
+    access::allow(Identity::everybody(), "edit", $root);
+    access::deny(Identity::everybody(), "edit", $outer);
+    access::allow(Identity::everybody(), "edit", $inner);
 
     // Outer album is not editable, inner one is.
-    $this->assert_false(access::group_can(group::everybody(), "edit", $outer_photo));
-    $this->assert_true(access::group_can(group::everybody(), "edit", $inner_photo));
+    $this->assert_false(access::group_can(Identity::everybody(), "edit", $outer_photo));
+    $this->assert_true(access::group_can(Identity::everybody(), "edit", $inner_photo));
   }
 
   public function i_can_edit_test() {
     // Create a new user that belongs to no groups
-    $user = user::create("access_test", "Access Test", "");
+    $user = Identity::create_user("access_test", "Access Test", "");
     foreach ($user->groups as $group) {
       $user->remove($group);
     }
     $user->save();
-    user::set_active($user);
+    Identity::set_active($user);
 
     // This user can't edit anything
     $root = ORM::factory("item", 1);
     $this->assert_false(access::can("edit", $root));
 
     // Now add them to a group that has edit permission
-    $group = group::create("access_test");
+    $group = Identity::create_group("access_test");
     $group->add($user);
     $group->save();
     access::allow($group, "edit", $root);
 
-    $user = user::lookup($user->id);  // reload() does not flush related columns
-    user::set_active($user);
+    $user = Identity::lookup_user($user->id);  // reload() does not flush related columns
+    Identity::set_active($user);
 
     // And verify that the user can edit.
     $this->assert_true(access::can("edit", $root));
@@ -320,16 +320,16 @@ class Access_Helper_Test extends Unit_Test_Case {
 
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
 
-    access::deny(group::everybody(), "view", $album);
+    access::deny(Identity::everybody(), "view", $album);
     $this->assert_true(file_exists($album->file_path() . "/.htaccess"));
 
-    access::allow(group::everybody(), "view", $album);
+    access::allow(Identity::everybody(), "view", $album);
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
 
-    access::deny(group::everybody(), "view", $album);
+    access::deny(Identity::everybody(), "view", $album);
     $this->assert_true(file_exists($album->file_path() . "/.htaccess"));
 
-    access::reset(group::everybody(), "view", $album);
+    access::reset(Identity::everybody(), "view", $album);
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
   }
 
@@ -341,44 +341,44 @@ class Access_Helper_Test extends Unit_Test_Case {
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
 
-    access::deny(group::everybody(), "view_full", $album);
+    access::deny(Identity::everybody(), "view_full", $album);
     $this->assert_true(file_exists($album->file_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
 
-    access::allow(group::everybody(), "view_full", $album);
+    access::allow(Identity::everybody(), "view_full", $album);
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
 
-    access::deny(group::everybody(), "view_full", $album);
+    access::deny(Identity::everybody(), "view_full", $album);
     $this->assert_true(file_exists($album->file_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
 
-    access::reset(group::everybody(), "view_full", $album);
+    access::reset(Identity::everybody(), "view_full", $album);
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
   }
 
   public function moved_items_inherit_new_permissions_test() {
-    user::set_active(user::lookup_by_name("admin"));
+    Identity::set_active(Identity::lookup_user_by_name("admin"));
 
     $root = ORM::factory("item", 1);
     $public_album = album::create($root, rand(), "public album");
     $public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
-    access::allow(group::everybody(), "view", $public_album);
+    access::allow(Identity::everybody(), "view", $public_album);
 
     $root->reload();  // Account for MPTT changes
 
     $private_album = album::create($root, rand(), "private album");
-    access::deny(group::everybody(), "view", $private_album);
+    access::deny(Identity::everybody(), "view", $private_album);
     $private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
 
     // Make sure that we now have a public photo and private photo.
-    $this->assert_true(access::group_can(group::everybody(), "view", $public_photo));
-    $this->assert_false(access::group_can(group::everybody(), "view", $private_photo));
+    $this->assert_true(access::group_can(Identity::everybody(), "view", $public_photo));
+    $this->assert_false(access::group_can(Identity::everybody(), "view", $private_photo));
 
     // Swap the photos
     item::move($public_photo, $private_album);
@@ -394,7 +394,7 @@ class Access_Helper_Test extends Unit_Test_Case {
     $public_photo->reload();
 
     // Make sure that the public_photo is now private, and the private_photo is now public.
-    $this->assert_false(access::group_can(group::everybody(), "view", $public_photo));
-    $this->assert_true(access::group_can(group::everybody(), "view", $private_photo));
+    $this->assert_false(access::group_can(Identity::everybody(), "view", $public_photo));
+    $this->assert_true(access::group_can(Identity::everybody(), "view", $private_photo));
   }
 }
diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php
index d65946c7..046cb5ad 100644
--- a/modules/gallery/tests/Albums_Controller_Test.php
+++ b/modules/gallery/tests/Albums_Controller_Test.php
@@ -44,7 +44,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
     $_POST["direction"] = "ASC";
     $_POST["csrf"] = access::csrf_token();
     $_POST["_method"] = "put";
-    access::allow(group::everybody(), "edit", $root);
+    access::allow(Identity::everybody(), "edit", $root);
 
     ob_start();
     $controller->_update($this->_album);
@@ -68,7 +68,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
     $_POST["name"] = "new name";
     $_POST["title"] = "new title";
     $_POST["description"] = "new description";
-    access::allow(group::everybody(), "edit", $root);
+    access::allow(Identity::everybody(), "edit", $root);
 
     try {
       $controller->_update($this->_album);
diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php
index 33fcdb73..d4cfebba 100644
--- a/modules/gallery/tests/Item_Helper_Test.php
+++ b/modules/gallery/tests/Item_Helper_Test.php
@@ -23,16 +23,16 @@ class Item_Helper_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
     $item = self::_create_random_item($album);
-    user::set_active(user::guest());
+    Identity::set_active(Identity::guest());
 
     // We can see the item when permissions are granted
-    access::allow(group::everybody(), "view", $album);
+    access::allow(Identity::everybody(), "view", $album);
     $this->assert_equal(
       1,
       ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
 
     // We can't see the item when permissions are denied
-    access::deny(group::everybody(), "view", $album);
+    access::deny(Identity::everybody(), "view", $album);
     $this->assert_equal(
       0,
       ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php
index 0159b420..3f99e037 100644
--- a/modules/gallery/tests/Photos_Controller_Test.php
+++ b/modules/gallery/tests/Photos_Controller_Test.php
@@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $photo = photo::create(
       $root, MODPATH . "gallery/tests/test.jpg", "test.jpeg",
-      "test", "test", user::active(), "slug");
+      "test", "test", Identity::active(), "slug");
     $orig_name = $photo->name;
 
     $_POST["filename"] = "test.jpeg";
@@ -40,7 +40,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
     $_POST["description"] = "new description";
     $_POST["slug"] = "new-slug";
     $_POST["csrf"] = access::csrf_token();
-    access::allow(group::everybody(), "edit", $root);
+    access::allow(Identity::everybody(), "edit", $root);
 
     ob_start();
     $controller->_update($photo);
@@ -64,7 +64,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
     $_POST["name"] = "new name";
     $_POST["title"] = "new title";
     $_POST["description"] = "new description";
-    access::allow(group::everybody(), "edit", $root);
+    access::allow(Identity::everybody(), "edit", $root);
 
     try {
       $controller->_update($photo);
diff --git a/modules/gallery/views/kohana_error_page.php b/modules/gallery/views/kohana_error_page.php
index 314a9923..bca29298 100644
--- a/modules/gallery/views/kohana_error_page.php
+++ b/modules/gallery/views/kohana_error_page.php
@@ -57,7 +57,7 @@
     <title><?= t("Something went wrong!") ?></title>
   </head>
   <body>
-    <? try { $user = user::active(); } catch (Exception $e) { } ?>
+    <? try { $user = Identity::active(); } catch (Exception $e) { } ?>
     <? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
     <div class="big_box" id="framework_error">
       <h1>
diff --git a/modules/gallery/views/login.html.php b/modules/gallery/views/login.html.php
index 2d8119d0..6695d564 100644
--- a/modules/gallery/views/login.html.php
+++ b/modules/gallery/views/login.html.php
@@ -8,7 +8,7 @@
   </li>
   <? else: ?>
   <li class="first">
-    <? if (user::is_writable()): ?>
+    <? if (Identity::is_writable()): ?>
     <?= t('Logged in as %name', array('name' => html::mark_clean(
       '<a href="' . url::site("form/edit/users/{$user->id}") .
       '" title="' . t("Edit Your Profile")->for_html_attr() .
diff --git a/modules/gallery/views/login_ajax.html.php b/modules/gallery/views/login_ajax.html.php
index d71ca719..6ed40571 100644
--- a/modules/gallery/views/login_ajax.html.php
+++ b/modules/gallery/views/login_ajax.html.php
@@ -36,7 +36,7 @@
     <li id="g-login-form">
       <?= $form ?>
     </li>
-    <? if (user::is_writable()): ?>
+    <? if (Identity::is_writable()): ?>
     <li>
       <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
     </li>
diff --git a/modules/gallery/views/maintenance.html.php b/modules/gallery/views/maintenance.html.php
index f80b6e7a..dc8925b4 100644
--- a/modules/gallery/views/maintenance.html.php
+++ b/modules/gallery/views/maintenance.html.php
@@ -43,7 +43,7 @@
     <p>
       <?= t("This site is currently only accessible by site administrators.") ?>
     </p>
-    <?= user::get_login_form("login/auth_html") ?>
+    <?= Identity::get_login_form("login/auth_html") ?>
   </body>
 </html>
 
diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php
index 150616ab..4c58bc29 100644
--- a/modules/notification/helpers/notification.php
+++ b/modules/notification/helpers/notification.php
@@ -20,7 +20,7 @@
 class notification {
   static function get_subscription($item_id, $user=null) {
     if (empty($user)) {
-      $user = user::active();
+      $user = Identity::active();
     }
 
     return ORM::factory("subscription")
@@ -31,7 +31,7 @@ class notification {
 
   static function is_watching($item, $user=null) {
     if (empty($user)) {
-      $user = user::active();
+      $user = Identity::active();
     }
 
     return ORM::factory("subscription")
@@ -44,7 +44,7 @@ class notification {
   static function add_watch($item, $user=null) {
     if ($item->is_album()) {
       if (empty($user)) {
-        $user = user::active();
+        $user = Identity::active();
       }
       $subscription = ORM::factory("subscription");
       $subscription->item_id = $item->id;
@@ -56,7 +56,7 @@ class notification {
   static function remove_watch($item, $user=null) {
     if ($item->is_album()) {
       if (empty($user)) {
-        $user = user::active();
+        $user = Identity::active();
       }
 
       $subscription = ORM::factory("subscription")
@@ -79,7 +79,7 @@ class notification {
       $subscriber_ids[] = $subscriber->user_id;
     }
 
-    $users = user::get_user_list(array("in" => array("id", $subscriber_ids),
+    $users = Identity::get_user_list(array("in" => array("id", $subscriber_ids),
                                        "where" => array("email IS NOT" => null)));
 
     $subscribers = array();
diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php
index 06c5bc44..d519bdc4 100644
--- a/modules/notification/helpers/notification_event.php
+++ b/modules/notification/helpers/notification_event.php
@@ -95,7 +95,7 @@ class notification_event_Core {
   }
 
   static function site_menu($menu, $theme) {
-    if (!user::active()->guest) {
+    if (!Identity::active()->guest) {
       $item = $theme->item();
 
       if ($item && $item->is_album() && access::can("view", $item)) {
diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php
index 069b5b77..86107714 100644
--- a/modules/search/helpers/search.php
+++ b/modules/search/helpers/search.php
@@ -22,8 +22,8 @@ class search_Core {
     $db = Database::instance();
     $q = $db->escape_str($q);
 
-    if (!user::active()->admin) {
-      foreach (user::group_ids() as $id) {
+    if (!Identity::active()->admin) {
+      foreach (Identity::group_ids_for_active_user() as $id) {
         $fields[] = "`view_$id` = TRUE"; // access::ALLOW
       }
       $access_sql = "AND (" . join(" AND ", $fields) . ")";
diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php
index 9769cd6f..701c89fd 100644
--- a/modules/server_add/controllers/server_add.php
+++ b/modules/server_add/controllers/server_add.php
@@ -103,7 +103,7 @@ class Server_Add_Controller extends Admin_Controller {
     access::verify_csrf();
 
     $task = ORM::factory("task", $task_id);
-    if (!$task->loaded || $task->owner_id != user::active()->id) {
+    if (!$task->loaded || $task->owner_id != Identity::active()->id) {
       access::forbidden();
     }
 
@@ -207,7 +207,7 @@ class Server_Add_Controller extends Admin_Controller {
         $task->set("mode", "done");
       }
 
-      $owner_id = user::active()->id;
+      $owner_id = Identity::active()->id;
       foreach ($entries as $entry) {
         if (microtime(true) - $start > 0.5) {
           break;
diff --git a/modules/server_add/helpers/server_add_event.php b/modules/server_add/helpers/server_add_event.php
index 4db83f74..76357871 100644
--- a/modules/server_add/helpers/server_add_event.php
+++ b/modules/server_add/helpers/server_add_event.php
@@ -30,7 +30,7 @@ class server_add_event_Core {
     $item = $theme->item();
     $paths = unserialize(module::get_var("server_add", "authorized_paths"));
 
-    if ($item && user::active()->admin && $item->is_album() && !empty($paths) &&
+    if ($item && Identity::active()->admin && $item->is_album() && !empty($paths) &&
         is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) {
       $menu->get("add_menu")
         ->append(Menu::factory("dialog")
diff --git a/modules/server_add/helpers/server_add_theme.php b/modules/server_add/helpers/server_add_theme.php
index 2ba2e167..cecb90b4 100644
--- a/modules/server_add/helpers/server_add_theme.php
+++ b/modules/server_add/helpers/server_add_theme.php
@@ -19,7 +19,7 @@
  */
 class server_add_theme_Core {
   static function head($theme) {
-    if (user::active()->admin) {
+    if (Identity::active()->admin) {
       $theme->script("server_add.js");
     }
   }
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 64f19ecd..3465c4b1 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -65,7 +65,7 @@ class Admin_Users_Controller extends Admin_Controller {
   public function delete_user($id) {
     access::verify_csrf();
 
-    if ($id == user::active()->id || $id == user::guest()->id) {
+    if ($id == Identity::active()->id || $id == user::guest()->id) {
       access::forbidden();
     }
 
@@ -132,7 +132,7 @@ class Admin_Users_Controller extends Admin_Controller {
       }
 
       // An admin can change the admin status for any user but themselves
-      if ($user->id != user::active()->id) {
+      if ($user->id != Identity::active()->id) {
         $user->admin = $form->edit_user->admin->checked;
       }
       $user->save();
@@ -154,7 +154,7 @@ class Admin_Users_Controller extends Admin_Controller {
 
     $form = $this->_get_user_edit_form_admin($user);
     // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == user::active()->id) {
+    if ($user->id == Identity::active()->id) {
       $form->edit_user->admin->disabled(1);
     }
     print $form;
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 7c2e7833..6e666ba3 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -21,7 +21,7 @@ class Users_Controller extends Controller {
   public function update($id) {
     $user = user::lookup($id);
 
-    if ($user->guest || $user->id != user::active()->id) {
+    if ($user->guest || $user->id != Identity::active()->id) {
       access::forbidden();
     }
 
@@ -59,7 +59,7 @@ class Users_Controller extends Controller {
 
   public function form_edit($id) {
     $user = user::lookup($id);
-    if ($user->guest || $user->id != user::active()->id) {
+    if ($user->guest || $user->id != Identity::active()->id) {
       access::forbidden();
     }
 
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
new file mode 100644
index 00000000..295e5f50
--- /dev/null
+++ b/modules/user/helpers/group.php
@@ -0,0 +1,79 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+/**
+ * This is the API for handling groups.
+ *
+ * Note: by design, this class does not do any permission checking.
+ */
+class group_Core {
+  /**
+   * @see Identity_Driver::create.
+   */
+  static function create($name) {
+    return Identity::instance()->create_group($name);
+  }
+
+  /**
+   * @see Identity_Driver::everbody.
+   */
+  static function everybody() {
+    return Identity::instance()->everybody();
+  }
+
+  /**
+   * @see Identity_Driver::registered_users.
+   */
+  static function registered_users() {
+    return Identity::instance()->everybody();
+  }
+
+  /**
+   * Look up a group by id.
+   * @param integer      $id the user id
+   * @return Group_Definition  the group object, or null if the id was invalid.
+   */
+  static function lookup($id) {
+    return Identity::instance()->lookup_group_by_field("id", $id);
+  }
+
+  /**
+   * Look up a group by name.
+   * @param integer      $id the group name
+   * @return Group_Definition  the group object, or null if the name was invalid.
+   */
+  static function lookup_by_name($name) {
+    return Identity::instance()->lookup_group_by_field("name", $name);
+  }
+
+  /**
+   * @see Identity_Driver::get_group_list.
+   */
+  static function get_group_list($filter=array()) {
+    return Identity::instance()->get_group_list($filter);
+  }
+
+  /**
+   * @see Identity_Driver::get_edit_rules.
+   */
+  static function get_edit_rules() {
+    return Identity::instance()->get_edit_rules("group");
+  }
+}
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
new file mode 100644
index 00000000..394f8185
--- /dev/null
+++ b/modules/user/helpers/user.php
@@ -0,0 +1,109 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+/**
+ * This is the API for handling users.
+ *
+ * Note: by design, this class does not do any permission checking.
+ */
+class user_Core {
+  /**
+   * @see Identity_Driver::guest.
+   */
+  static function guest() {
+    return Identity::guest();
+  }
+
+  /**
+   * @see Identity_Driver::create_user.
+   */
+  static function create($name, $full_name, $password) {
+    return Identity::create_user($name, $full_name, $password);
+  }
+
+  /**
+   * @see Identity_Driver::is_correct_password.
+   */
+  static function is_correct_password($user, $password) {
+    return Identity::is_correct_password($user, $password);
+  }
+
+  /**
+   * @see Identity_Driver::hash_password.
+   */
+  static function hash_password($password) {
+    return Identity::hash_password($password);
+  }
+
+  /**
+   * Look up a user by id.
+   * @param integer      $id the user id
+   * @return User_Definition  the user object, or null if the id was invalid.
+   */
+  static function lookup($id) {
+    return self::_lookup_user_by_field("id", $id);
+  }
+
+  /**
+   * Look up a user by name.
+   * @param integer      $name the user name
+   * @return User_Definition  the user object, or null if the name was invalid.
+   */
+  static function lookup_by_name($name) {
+    return self::_lookup_user_by_field("name", $name);
+  }
+
+  /**
+   * Look up a user by hash.
+   * @param string       $name the user name
+   * @return User_Definition  the user object, or null if the name was invalid.
+   */
+  static function lookup_by_hash($hash) {
+    return self::_lookup_user_by_field("hash", $hash);
+  }
+
+  /**
+   * @see Identity_Driver::get_user_list.
+   */
+  static function get_user_list($filter=array()) {
+    return Identity::get_user_list($filter);
+  }
+
+  /**
+   * @see Identity_Driver::get_edit_rules.
+   */
+  static function get_edit_rules() {
+    return Identity::get_edit_rules("user");
+  }
+
+  private static function _lookup_user_by_field($field_name, $value) {
+    try {
+      $user = model_cache::get("user", $value, $field_name);
+      if ($user->loaded) {
+        return $user;
+      }
+    } catch (Exception $e) {
+      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
+       throw $e;
+      }
+    }
+    return null;
+  }
+}
\ No newline at end of file
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index a29f24b1..400686cc 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -90,7 +90,7 @@
             <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text">
               <?= t("edit") ?>
             </span></a>
-          <? if (user::active()->id != $user->id && !$user->guest): ?>
+          <? if (Identity::active()->id != $user->id && !$user->guest): ?>
           <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
             <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-- 
cgit v1.2.3


From bc241e44c2e4d10ac19ccc32a40c90426672d963 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 16 Oct 2009 07:41:33 -0700
Subject: Cleanup merge of user/group helpers into Identity interface.  Reduce
 redundant code in the user module and remove references to the Identity
 helper from the user module as the user module should be able to access
 things directly. Simplify the get_user_list api method to just accept an
 array of ids to return user objects for.

---
 modules/gallery/helpers/movie.php                  |   2 +-
 modules/gallery/helpers/photo.php                  |   2 +-
 modules/gallery/libraries/Identity.php             |  18 +--
 modules/gallery/libraries/drivers/Identity.php     |  41 +------
 modules/notification/helpers/notification.php      |   8 +-
 modules/user/controllers/admin_users.php           |  18 +--
 modules/user/controllers/users.php                 |   2 +-
 modules/user/helpers/group.php                     |  34 ++++--
 modules/user/helpers/user.php                      |  56 ++++------
 .../user/libraries/drivers/Identity/Gallery.php    | 124 +++++----------------
 modules/user/models/user.php                       |  19 ++++
 11 files changed, 113 insertions(+), 211 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php
index 32a27646..bc0efa01 100644
--- a/modules/gallery/helpers/movie.php
+++ b/modules/gallery/helpers/movie.php
@@ -77,7 +77,7 @@ class movie_Core {
     $movie->title = $title;
     $movie->description = $description;
     $movie->name = $name;
-    $movie->owner_id = $owner_id ? $owner_id : Identity::active();
+    $movie->owner_id = $owner_id ? $owner_id : Identity::active()->id;
     $movie->width = $movie_info[0];
     $movie->height = $movie_info[1];
     $movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv";
diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php
index cf316819..ad23e322 100644
--- a/modules/gallery/helpers/photo.php
+++ b/modules/gallery/helpers/photo.php
@@ -76,7 +76,7 @@ class photo_Core {
     $photo->title = $title;
     $photo->description = $description;
     $photo->name = $name;
-    $photo->owner_id = $owner_id ? $owner_id : Identity::active();
+    $photo->owner_id = $owner_id ? $owner_id : Identity::active()->id;
     $photo->width = $image_info[0];
     $photo->height = $image_info[1];
     $photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime'];
diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php
index 229d0da9..fb553de6 100644
--- a/modules/gallery/libraries/Identity.php
+++ b/modules/gallery/libraries/Identity.php
@@ -191,22 +191,8 @@ class Identity_Core {
   /**
    * @see Identity_Driver::get_user_list.
    */
-  static function get_user_list($filter=array()) {
-    return self::instance()->driver->get_user_list($filter);
-  }
-
-  /**
-   * @see Identity_Driver::get_group_list.
-   */
-  static function get_group_list($filter=array()) {
-    return self::instance()->driver->get_group_list($filter);
-  }
-
-  /**
-   * @see Identity_Driver::get_edit_rules.
-   */
-  static function get_edit_rules($object_type) {
-    return self::instance()->driver->get_edit_rules($object_type);
+  static function get_user_list($ids) {
+    return self::instance()->driver->get_user_list($ids);
   }
 
   static function get_login_form($url) {
diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php
index 0b789908..a9e1a75b 100644
--- a/modules/gallery/libraries/drivers/Identity.php
+++ b/modules/gallery/libraries/drivers/Identity.php
@@ -83,37 +83,11 @@ interface Identity_Driver {
 
   /**
    * List the users
-   * @param mixed      options to apply to the selection of the user
-   *                   currently supported:
-   *                     "orderby" => array(<field name>, "ASC|DESC")
-   *                     "in" => array(<field name>, array(values, ...))
-   *                     "where" => array(<field name>, value)
-   *                        <field name> follows Kohana syntax where it could contain the first
-   *                                     half of a logical expression (i.e. "field IS NOT")
-   * @return array     the group list.
+   * @param array      array of ids to return the user objects for
+   * @return array     the user list.
    */
-  public function get_user_list($filter=array());
+  public function get_user_list($ids);
 
-  /**
-   * List the groups
-   * @param mixed      options to apply to the selection of the group
-   *                   currently supported:
-   *                     "orderby" => array(<field name>, "ASC|DESC")
-   *                     "in" => array(<field name>, array(values, ...))
-   *                     "where" => array(<field name>, value)
-   *                        <field name> follows Kohana syntax where it could contain the first
-   *                                     half of a logical expression (i.e. "field IS NOT")
-   * @return array     the group list.
-   */
-  public function get_group_list($filter=array());
-
-  /**
-   * Return the edit rules associated with an group.
-   *
-   * @param  string   $object_type to return rules for ("user"|"group")
-   * @return stdClass containing the rules
-   */
-  public function get_edit_rules($object_type);
 } // End Identity Driver Definition
 
 /**
@@ -205,19 +179,14 @@ abstract class User_Definition {
    * @param integer $size the target size of the image (default 80px)
    * @return string a url
    */
-  public function avatar_url($size=80, $default=null) {
-    return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s",
-                   md5($this->user->email), $size, $default ? "&d=" . urlencode($default) : "");
-  }
+  abstract public function avatar_url($size=80, $default=null);
 
   /**
    * Return the best version of the user's name.  Either their specified full name, or fall back
    * to the user name.
    * @return string
    */
-  public function display_name() {
-    return empty($this->user->full_name) ? $this->user->name : $this->user->full_name;
-  }
+  abstract public function display_name();
 
   /**
    * Return the internal user object without the wrapper.
diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php
index 4c58bc29..2e22eeae 100644
--- a/modules/notification/helpers/notification.php
+++ b/modules/notification/helpers/notification.php
@@ -67,8 +67,7 @@ class notification {
   }
 
   static function get_subscribers($item) {
-    // @todo only return distinct email addresses
-    $subscriber_ids = array();
+   $subscriber_ids = array();
     foreach (ORM::factory("subscription")
              ->select("user_id")
              ->join("items", "subscriptions.item_id", "items.id")
@@ -79,12 +78,11 @@ class notification {
       $subscriber_ids[] = $subscriber->user_id;
     }
 
-    $users = Identity::get_user_list(array("in" => array("id", $subscriber_ids),
-                                       "where" => array("email IS NOT" => null)));
+    $users = Identity::get_user_list($subscriber_ids);
 
     $subscribers = array();
     foreach ($users as $user) {
-      if (access::user_can($user, "view", $item)) {
+      if (access::user_can($user, "view", $item) && !empty($user->email)) {
         $subscribers[$user->email] = 1;
       }
     }
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 3465c4b1..fed872a5 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -21,8 +21,12 @@ class Admin_Users_Controller extends Admin_Controller {
   public function index() {
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_users.html");
-    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
-    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
+    $view->content->users = ORM::factory("user")
+      ->orderby("name", "ASC")
+      ->find_all();
+    $view->content->groups = ORM::factory("group")
+      ->orderby("name", "ASC")
+      ->find_all();
     print $view;
   }
 
@@ -303,7 +307,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
-    $form->add_rules_from(user::get_edit_rules());
+    $form->add_rules_from($user);
     $form->edit_user->password->rules("-required");
 
     module::event("user_edit_form_admin", $user, $form);
@@ -325,8 +329,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $group->input("url")->label(t("URL"))->id("g-url");
     self::_add_locale_dropdown($group);
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin");
-    $user = ORM::factory("user");
-    $form->add_rules_from(user::get_edit_rules());
+    $form->add_rules_from(ORM::factory("user"));
 
     module::event("user_add_form_admin", $user, $form);
     $group->submit("")->value(t("Add User"));
@@ -366,7 +369,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $form_group->inputs["name"]->error_messages(
       "in_use", t("There is already a group with that name"));
     $form_group->submit("")->value(t("Save"));
-    $form->add_rules_from(group::get_edit_rules());
+    $form->add_rules_from($group);
     return $form;
   }
 
@@ -378,8 +381,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $form_group->inputs["name"]->error_messages(
       "in_use", t("There is already a group with that name"));
     $form_group->submit("")->value(t("Add Group"));
-    $group = ORM::factory("group");
-    $form->add_rules_from(group::get_edit_rules());
+    $form->add_rules_from(ORM::factory("group"));
     return $form;
   }
 
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 6e666ba3..ebce1d8d 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -77,7 +77,7 @@ class Users_Controller extends Controller {
       ->matches($group->password);
     $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
-    $form->add_rules_from(user::get_edit_rules());
+    $form->add_rules_from($user);
 
     module::event("user_edit_form", $user, $form);
     $group->submit("")->value(t("Save"));
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
index 295e5f50..cf5c050f 100644
--- a/modules/user/helpers/group.php
+++ b/modules/user/helpers/group.php
@@ -28,7 +28,14 @@ class group_Core {
    * @see Identity_Driver::create.
    */
   static function create($name) {
-    return Identity::instance()->create_group($name);
+    $group = ORM::factory("group")->where("name", $name)->find();
+    if ($group->loaded) {
+      throw new Exception("@todo GROUP_ALREADY_EXISTS $name");
+    }
+
+    $group->name = $name;
+    $group->save();
+    return $group;
   }
 
   /**
@@ -51,7 +58,7 @@ class group_Core {
    * @return Group_Definition  the group object, or null if the id was invalid.
    */
   static function lookup($id) {
-    return Identity::instance()->lookup_group_by_field("id", $id);
+    return self::lookup_by_field("id", $id);
   }
 
   /**
@@ -60,20 +67,23 @@ class group_Core {
    * @return Group_Definition  the group object, or null if the name was invalid.
    */
   static function lookup_by_name($name) {
-    return Identity::instance()->lookup_group_by_field("name", $name);
+    return self::lookup_by_field("name", $name);
   }
 
   /**
    * @see Identity_Driver::get_group_list.
    */
-  static function get_group_list($filter=array()) {
-    return Identity::instance()->get_group_list($filter);
-  }
-
-  /**
-   * @see Identity_Driver::get_edit_rules.
-   */
-  static function get_edit_rules() {
-    return Identity::instance()->get_edit_rules("group");
+  static function lookup_by_field($field_name, $value) {
+    try {
+      $user = model_cache::get("group", $value, $field_name);
+      if ($user->loaded) {
+        return $user;
+      }
+    } catch (Exception $e) {
+      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
+       throw $e;
+      }
+    }
+    return null;
   }
 }
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index 394f8185..fa7b320f 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -28,28 +28,37 @@ class user_Core {
    * @see Identity_Driver::guest.
    */
   static function guest() {
-    return Identity::guest();
+    return model_cache::get("user", 1);
   }
 
   /**
    * @see Identity_Driver::create_user.
    */
   static function create($name, $full_name, $password) {
-    return Identity::create_user($name, $full_name, $password);
-  }
+    $user = ORM::factory("user")->where("name", $name)->find();
+    if ($user->loaded) {
+      throw new Exception("@todo USER_ALREADY_EXISTS $name");
+    }
 
-  /**
-   * @see Identity_Driver::is_correct_password.
-   */
-  static function is_correct_password($user, $password) {
-    return Identity::is_correct_password($user, $password);
+    $user->name = $name;
+    $user->full_name = $full_name;
+    $user->password = $password;
+
+    // Required groups
+    $user->add(group::everybody());
+    $user->add(group::registered_users());
+
+    $user->save();
+    return $user;
   }
 
   /**
    * @see Identity_Driver::hash_password.
    */
   static function hash_password($password) {
-    return Identity::hash_password($password);
+    require_once(MODPATH . "user/lib/PasswordHash.php");
+    $hashGenerator = new PasswordHash(10, true);
+    return $hashGenerator->HashPassword($password);
   }
 
   /**
@@ -58,7 +67,7 @@ class user_Core {
    * @return User_Definition  the user object, or null if the id was invalid.
    */
   static function lookup($id) {
-    return self::_lookup_user_by_field("id", $id);
+    return self::lookup_by_field("id", $id);
   }
 
   /**
@@ -67,33 +76,10 @@ class user_Core {
    * @return User_Definition  the user object, or null if the name was invalid.
    */
   static function lookup_by_name($name) {
-    return self::_lookup_user_by_field("name", $name);
-  }
-
-  /**
-   * Look up a user by hash.
-   * @param string       $name the user name
-   * @return User_Definition  the user object, or null if the name was invalid.
-   */
-  static function lookup_by_hash($hash) {
-    return self::_lookup_user_by_field("hash", $hash);
-  }
-
-  /**
-   * @see Identity_Driver::get_user_list.
-   */
-  static function get_user_list($filter=array()) {
-    return Identity::get_user_list($filter);
-  }
-
-  /**
-   * @see Identity_Driver::get_edit_rules.
-   */
-  static function get_edit_rules() {
-    return Identity::get_edit_rules("user");
+    return self::lookup_by_field("name", $name);
   }
 
-  private static function _lookup_user_by_field($field_name, $value) {
+  static function lookup_by_field($field_name, $value) {
     try {
       $user = model_cache::get("user", $value, $field_name);
       if ($user->loaded) {
diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php
index 013497b6..77db11a3 100644
--- a/modules/user/libraries/drivers/Identity/Gallery.php
+++ b/modules/user/libraries/drivers/Identity/Gallery.php
@@ -25,28 +25,14 @@ class Identity_Gallery_Driver implements Identity_Driver {
    * @see Identity_Driver::guest.
    */
   public function guest() {
-    return new Gallery_User(model_cache::get("user", 1));
+    return new Gallery_User(user::guest());
   }
 
   /**
    * @see Identity_Driver::create_user.
    */
   public function create_user($name, $full_name, $password) {
-    $user = ORM::factory("user")->where("name", $name)->find();
-    if ($user->loaded) {
-      throw new Exception("@todo USER_ALREADY_EXISTS $name");
-    }
-
-    $user->name = $name;
-    $user->full_name = $full_name;
-    $user->password = $password;
-
-    // Required groups
-    $user->add($this->everybody()->_uncloaked());
-    $user->add($this->registered_users()->_uncloaked());
-
-    $user->save();
-    return new Gallery_User($user);
+    return new Gallery_User(user::create($name, $full_name, $password));
   }
 
   /**
@@ -84,126 +70,58 @@ class Identity_Gallery_Driver implements Identity_Driver {
    * @see Identity_Driver::hash_password.
    */
   public function hash_password($password) {
-    require_once(MODPATH . "user/lib/PasswordHash.php");
-    $hashGenerator = new PasswordHash(10, true);
-    return $hashGenerator->HashPassword($password);
+    return user::hash_password($password);
   }
 
   /**
    * @see Identity_Driver::lookup_user_by_field.
    */
   public function lookup_user_by_field($field_name, $value) {
-    try {
-      $user = model_cache::get("user", $value, $field_name);
-      if ($user->loaded) {
-        return new Gallery_User($user);
-      }
-    } catch (Exception $e) {
-      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
-       throw $e;
-      }
-    }
-    return null;
+    return new Gallery_User(user::lookup_by_field($field_name, $value));
   }
 
   /**
    * @see Identity_Driver::create_group.
    */
   public function create_group($name) {
-    $group = ORM::factory("group")->where("name", $name)->find();
-    if ($group->loaded) {
-      throw new Exception("@todo GROUP_ALREADY_EXISTS $name");
-    }
-
-    $group->name = $name;
-    $group->save();
-
-    return new Gallery_Group($group);
+    return new Gallery_Group(group::create($name));
   }
 
   /**
    * @see Identity_Driver::everybody.
    */
   public function everybody() {
-    return new Gallery_Group(model_cache::get("group", 1));
+    return new Gallery_Group(group::everybody());
   }
 
   /**
    * @see Identity_Driver::registered_users.
    */
   public function registered_users() {
-    return new Gallery_Group(model_cache::get("group", 2));
+    return new Gallery_Group(group::registered_users());
   }
 
   /**
    * @see Identity_Driver::lookup_group_by_field.
    */
   public function lookup_group_by_field($field_name, $value) {
-    try {
-      $group = model_cache::get("group", $value, $field_name);
-      if ($group->loaded) {
-        return new Gallery_Group($group);
-      }
-    } catch (Exception $e) {
-      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
-       throw $e;
-      }
-    }
-    return null;
+    return new Gallery_Group(group::lookup_by_field($field_name, $value));
   }
 
   /**
    * @see Identity_Driver::get_user_list.
    */
-  public function get_user_list($filter=array()) {
-    $results = $this->_do_search("user", $filter);
+  public function get_user_list($ids) {
+    $results = ORM::factory("user")
+      ->in("id", ids)
+      ->find_all()
+      ->as_array();;
     $users = array();
-    foreach ($results->as_array() as $user) {
+    foreach ($results as $user) {
       $users[] = new Gallery_User($user);
     }
     return $users;
   }
-
-  /**
-   * @see Identity_Driver::get_group_list.
-   */
-  public function get_group_list($filter=array()) {
-    $results = $this->_do_search("group", $filter);
-    $groups = array();
-    foreach ($results->as_array() as $group) {
-      $groups[] = new Gallery_Group($group);
-    }
-    return $groups;
-  }
-
-  /**
-   * @see Identity_Driver::get_edit_rules.
-   */
-  public function get_edit_rules($object_type) {
-    return (object)ORM::factory($object_type)->rules;
-  }
-
-  /**
-   * Build the query based on the supplied filters for the specified model.
-   * @param  string   $object_type to return rules for ("user"|"group")
-   * @param  mixed    $filters options to apply to the selection.
-   */
-  private function _do_search($object_type, $filter) {
-    $object = ORM::factory($object_type);
-
-    foreach ($filter as $method => $args) {
-      switch ($method) {
-      case "in":
-        $object->in($args[0], $args[1]);
-        break;
-      default:
-        $object->$method($args);
-      }
-    }
-
-    return $object->find_all();
-  }
-
 } // End Identity Gallery Driver
 
 /**
@@ -217,6 +135,20 @@ class Gallery_User extends User_Definition {
     $this->user = $user;
   }
 
+  /**
+   * @see User_Definition::avatar_url
+   */
+  public function avatar_url($size=80, $default=null) {
+    return $this->user->avatar_url($size, $default);
+  }
+
+  /**
+   * @see User_Definition::display_name
+   */
+  public function display_name() {
+    return $this->user->display_name();
+  }
+
   public function save() {
     $this->user->save();
   }
diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index 1993bd05..d99603b2 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -51,6 +51,16 @@ class User_Model extends ORM {
     module::event("user_deleted", $old);
   }
 
+  /**
+   * Return a url to the user's avatar image.
+   * @param integer $size the target size of the image (default 80px)
+   * @return string a url
+   */
+  public function avatar_url($size=80, $default=null) {
+    return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s",
+                   md5($this->email), $size, $default ? "&d=" . urlencode($default) : "");
+  }
+
   public function save() {
     if (!$this->loaded) {
         $created = 1;
@@ -63,4 +73,13 @@ class User_Model extends ORM {
     }
     return $this;
   }
+
+  /**
+   * Return the best version of the user's name.  Either their specified full name, or fall back
+   * to the user name.
+   * @return string
+   */
+  public function display_name() {
+    return empty($this->full_name) ? $this->name : $this->full_name;
+  }
 }
-- 
cgit v1.2.3


From 78ee4193b70329c8e0929efd18c22324dd2ad8e0 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 16 Oct 2009 10:06:58 -0700
Subject: Remove all non Identity API methods from Identity.php.  Created an
 MY_Session class to provide the user state changes in the session and a
 login.php helper that has the login form.

---
 modules/comment/controllers/comments.php           |   8 +-
 modules/comment/helpers/comment.php                |   2 +-
 modules/comment/tests/Comment_Model_Test.php       |   2 +-
 modules/gallery/controllers/admin.php              |   2 +-
 modules/gallery/controllers/albums.php             |   6 +-
 modules/gallery/controllers/l10n_client.php        |   4 +-
 modules/gallery/controllers/login.php              |  13 ++-
 modules/gallery/controllers/logout.php             |  13 ++-
 modules/gallery/controllers/permissions.php        |   2 +-
 modules/gallery/controllers/upgrader.php           |   4 +-
 modules/gallery/controllers/welcome_message.php    |   4 +-
 modules/gallery/helpers/access.php                 |   2 +-
 modules/gallery/helpers/gallery.php                |   2 +-
 modules/gallery/helpers/gallery_event.php          |   6 +-
 modules/gallery/helpers/gallery_theme.php          |   2 +-
 modules/gallery/helpers/item.php                   |   4 +-
 modules/gallery/helpers/locales.php                |   2 +-
 modules/gallery/helpers/log.php                    |   2 +-
 modules/gallery/helpers/login.php                  |  31 ++++++
 modules/gallery/helpers/movie.php                  |   2 +-
 modules/gallery/helpers/photo.php                  |   2 +-
 modules/gallery/helpers/site_status.php            |   2 +-
 modules/gallery/helpers/task.php                   |   2 +-
 modules/gallery/libraries/Admin_View.php           |   4 +-
 modules/gallery/libraries/Identity.php             | 107 ---------------------
 modules/gallery/libraries/MY_Session.php           |  84 ++++++++++++++++
 modules/gallery/libraries/Theme_View.php           |   6 +-
 modules/gallery/tests/Access_Helper_Test.php       |   8 +-
 modules/gallery/tests/Item_Helper_Test.php         |   2 +-
 modules/gallery/tests/Photos_Controller_Test.php   |   2 +-
 modules/gallery/views/kohana_error_page.php        |   2 +-
 modules/gallery/views/maintenance.html.php         |   2 +-
 modules/notification/helpers/notification.php      |   8 +-
 .../notification/helpers/notification_event.php    |   2 +-
 modules/search/helpers/search.php                  |   4 +-
 modules/server_add/controllers/server_add.php      |   4 +-
 modules/server_add/helpers/server_add_event.php    |   2 +-
 modules/server_add/helpers/server_add_theme.php    |   2 +-
 modules/user/controllers/admin_users.php           |   6 +-
 modules/user/controllers/users.php                 |   4 +-
 modules/user/views/admin_users.html.php            |   2 +-
 41 files changed, 194 insertions(+), 176 deletions(-)
 create mode 100644 modules/gallery/helpers/login.php
 create mode 100644 modules/gallery/libraries/MY_Session.php

(limited to 'modules/user/controllers')

diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 84d6ca47..c0658cc1 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -65,7 +65,7 @@ class Comments_Controller extends REST_Controller {
     $form = comment::get_add_form($item);
     $valid = $form->validate();
     if ($valid) {
-      if (Identity::active()->guest && !$form->add_comment->inputs["name"]->value) {
+      if (Session::active_user()->guest && !$form->add_comment->inputs["name"]->value) {
         $form->add_comment->inputs["name"]->add_error("missing", 1);
         $valid = false;
       }
@@ -78,13 +78,13 @@ class Comments_Controller extends REST_Controller {
 
     if ($valid) {
       $comment = comment::create(
-        $item, Identity::active(),
+        $item, Session::active_user(),
         $form->add_comment->text->value,
         $form->add_comment->inputs["name"]->value,
         $form->add_comment->email->value,
         $form->add_comment->url->value);
 
-      $active = Identity::active();
+      $active = Session::active_user();
       if ($active->guest) {
         $form->add_comment->inputs["name"]->value("");
         $form->add_comment->email->value("");
@@ -192,7 +192,7 @@ class Comments_Controller extends REST_Controller {
    *  @see REST_Controller::form_edit($resource)
    */
   public function _form_edit($comment) {
-    if (!Identity::active()->admin) {
+    if (!Session::active_user()->admin) {
       access::forbidden();
     }
     print comment::get_edit_form($comment);
diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php
index 38d65db6..e741266d 100644
--- a/modules/comment/helpers/comment.php
+++ b/modules/comment/helpers/comment.php
@@ -75,7 +75,7 @@ class comment_Core {
     module::event("comment_add_form", $form);
     $group->submit("")->value(t("Add"));
 
-    $active = Identity::active();
+    $active = Session::active_user();
     if (!$active->guest) {
       $group->inputs["name"]->value($active->full_name)->disabled("disabled");
       $group->email->value($active->email)->disabled("disabled");
diff --git a/modules/comment/tests/Comment_Model_Test.php b/modules/comment/tests/Comment_Model_Test.php
index 76de2a34..84532a96 100644
--- a/modules/comment/tests/Comment_Model_Test.php
+++ b/modules/comment/tests/Comment_Model_Test.php
@@ -23,7 +23,7 @@ class Comment_Model_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
     $comment = comment::create($album, Identity::guest(), "text", "name", "email", "url");
-    Identity::set_active(Identity::guest());
+    Session::set_active_user(Identity::guest());
 
     // We can see the comment when permissions are granted on the album
     access::allow(Identity::everybody(), "view", $album);
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index 8a4181a6..24eebe7d 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -21,7 +21,7 @@ class Admin_Controller extends Controller {
   private $theme;
 
   public function __construct($theme=null) {
-    if (!(Identity::active()->admin)) {
+    if (!(Session::active_user()->admin)) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index fdf06ec0..055ff22b 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -29,7 +29,7 @@ class Albums_Controller extends Items_Controller {
         $view = new Theme_View("page.html", "login");
         $view->page_title = t("Log in to Gallery");
         $view->content = new View("login_ajax.html");
-        $view->content->form = Identity::get_login_form("login/auth_html");
+        $view->content->form = login::get_login_form("login/auth_html");
         print $view;
         return;
       } else {
@@ -111,7 +111,7 @@ class Albums_Controller extends Items_Controller {
         $this->input->post("name"),
         $this->input->post("title", $this->input->post("name")),
         $this->input->post("description"),
-        Identity::active()->id,
+        Session::active_user()->id,
         $this->input->post("slug"));
 
       log::success("content", "Created an album",
@@ -146,7 +146,7 @@ class Albums_Controller extends Items_Controller {
         $_FILES["file"]["name"],
         $this->input->post("title", $this->input->post("name")),
         $this->input->post("description"),
-        Identity::active()->id);
+        Session::active_user()->id);
 
       log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
       message::success(t("Added photo %photo_title",
diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php
index b3929c5d..2ab73102 100644
--- a/modules/gallery/controllers/l10n_client.php
+++ b/modules/gallery/controllers/l10n_client.php
@@ -20,7 +20,7 @@
 class L10n_Client_Controller extends Controller {
   public function save() {
     access::verify_csrf();
-    if (!Identity::active()->admin) {
+    if (!Session::active_user()->admin) {
       access::forbidden();
     }
 
@@ -85,7 +85,7 @@ class L10n_Client_Controller extends Controller {
 
   public function toggle_l10n_mode() {
     access::verify_csrf();
-    if (!Identity::active()->admin) {
+    if (!Session::active_user()->admin) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index c8b771ca..96a97a1d 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -21,7 +21,7 @@ class Login_Controller extends Controller {
 
   public function ajax() {
     $view = new View("login_ajax.html");
-    $view->form = Identity::get_login_form("login/auth_ajax");
+    $view->form = login::get_login_form("login/auth_ajax");
     print $view;
   }
 
@@ -40,7 +40,7 @@ class Login_Controller extends Controller {
   }
 
   public function html() {
-    print Identity::get_login_form("login/auth_html");
+    print login::get_login_form("login/auth_html");
   }
 
   public function auth_html() {
@@ -54,7 +54,7 @@ class Login_Controller extends Controller {
     }
   }
   private function _auth($url) {
-    $form = Identity::get_login_form($url);
+    $form = login::get_login_form($url);
     $valid = $form->validate();
     if ($valid) {
       $user = Identity::lookup_user_by_name($form->login->inputs["name"]->value);
@@ -69,7 +69,12 @@ class Login_Controller extends Controller {
     }
 
     if ($valid) {
-      Identity::login($user);
+      if (Identity::is_writable()) {
+        $user->login_count += 1;
+        $user->last_login = time();
+        $user->save();
+      }
+      Session::set_active_user($user);
       log::info("user", t("User %name logged in", array("name" => $user->name)));
     }
 
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
index 6841b870..058860fa 100644
--- a/modules/gallery/controllers/logout.php
+++ b/modules/gallery/controllers/logout.php
@@ -19,10 +19,15 @@
  */
 class Logout_Controller extends Controller {
   public function index() {
-    //access::verify_csrf();
-
-    $user = Identity::active();
-    Identity::logout();
+    $user = Session::active_user();
+    if (!$user->guest) {
+      try {
+        Session::instance()->destroy();
+      } catch (Exception $e) {
+        Kohana::log("error", $e);
+      }
+      module::event("user_logout", $user);
+    }
     log::info("user", t("User %name logged out", array("name" => $user->name)),
               html::anchor("user/$user->id", html::clean($user->name)));
     if ($continue_url = $this->input->get("continue")) {
diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php
index 6b1e926f..7a06c3d3 100644
--- a/modules/gallery/controllers/permissions.php
+++ b/modules/gallery/controllers/permissions.php
@@ -74,7 +74,7 @@ class Permissions_Controller extends Controller {
 
       // If the active user just took away their own edit permissions, give it back.
       if ($perm->name == "edit") {
-        if (!access::user_can(Identity::active(), "edit", $item)) {
+        if (!access::user_can(Session::active_user(), "edit", $item)) {
           access::allow($group, $perm->name, $item);
         }
       }
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index f6ca4c8a..e0c5d340 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -40,7 +40,7 @@ class Upgrader_Controller extends Controller {
     }
 
     $view = new View("upgrader.html");
-    $view->can_upgrade = Identity::active()->admin || $session->get("can_upgrade");
+    $view->can_upgrade = Session::active_user()->admin || $session->get("can_upgrade");
     $view->upgrade_token = $upgrade_token;
     $view->available = module::available();
     $view->done = ($available_upgrades == 0);
@@ -52,7 +52,7 @@ class Upgrader_Controller extends Controller {
       // @todo this may screw up some module installers, but we don't have a better answer at
       // this time.
       $_SERVER["HTTP_HOST"] = "example.com";
-    } else if (!Identity::active()->admin && !Session::instance()->get("can_upgrade", false)) {
+    } else if (!Session::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/welcome_message.php b/modules/gallery/controllers/welcome_message.php
index c093b67d..cfdc3976 100644
--- a/modules/gallery/controllers/welcome_message.php
+++ b/modules/gallery/controllers/welcome_message.php
@@ -19,12 +19,12 @@
  */
 class Welcome_Message_Controller extends Controller {
   public function index() {
-    if (!Identity::active()->admin) {
+    if (!Session::active_user()->admin) {
       url::redirect(item::root()->abs_url());
     }
 
     $v = new View("welcome_message.html");
-    $v->user = Identity::active();
+    $v->user = Session::active_user();
     print $v;
   }
 }
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 0e0e749e..21f4de81 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -79,7 +79,7 @@ class access_Core {
    * @return boolean
    */
   static function can($perm_name, $item) {
-    return self::user_can(Identity::active(), $perm_name, $item);
+    return self::user_can(Session::active_user(), $perm_name, $item);
   }
 
   /**
diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php
index e1fa2a7c..18bb2609 100644
--- a/modules/gallery/helpers/gallery.php
+++ b/modules/gallery/helpers/gallery.php
@@ -27,7 +27,7 @@ class gallery_Core {
   static function maintenance_mode() {
     $maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
 
-    if (Router::$controller != "login" && !empty($maintenance_mode) && !Identity::active()->admin) {
+    if (Router::$controller != "login" && !empty($maintenance_mode) && !Session::active_user()->admin) {
       Router::$controller = "maintenance";
       Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php";
       Router::$method = "index";
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index abead9e3..a6aa0657 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -24,10 +24,10 @@ class gallery_event_Core {
    */
   static function gallery_ready() {
     // Call Identity::instance() now to force the load of the user interface classes.
-    // Identity::load_user will attempt to load the active user from the session and needs
+    // Session::load_user will attempt to load the active user from the session and needs
     // the user definition class, which can't be reached by Kohana's heiracrchical lookup.
     Identity::instance();
-    Identity::load_user();
+    Session::load_user();
     locales::set_request_locale();
   }
 
@@ -139,7 +139,7 @@ class gallery_event_Core {
         }
       }
 
-      if (Identity::active()->admin) {
+      if (Session::active_user()->admin) {
         $menu->append($admin_menu = Menu::factory("submenu")
                 ->id("admin_menu")
                 ->label(t("Admin")));
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index cc46a88a..d21cb124 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -54,7 +54,7 @@ class gallery_theme_Core {
   static function header_top($theme) {
     if ($theme->page_type != "login") {
       $view = new View("login.html");
-      $view->user = Identity::active();
+      $view->user = Session::active_user();
       return $view->render();
     }
   }
diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php
index bce83bb3..3d36a324 100644
--- a/modules/gallery/helpers/item.php
+++ b/modules/gallery/helpers/item.php
@@ -158,8 +158,8 @@ class item_Core {
    */
   static function viewable($model) {
     $view_restrictions = array();
-    if (!Identity::active()->admin) {
-      foreach (Identity::group_ids_for_active_user() as $id) {
+    if (!Session::active_user()->admin) {
+      foreach (Session::group_ids_for_active_user() as $id) {
         // Separate the first restriction from the rest to make it easier for us to formulate
         // our where clause below
         if (empty($view_restrictions)) {
diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index 2dfc7f21..f80fce03 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -141,7 +141,7 @@ class locales_Core {
     $locale = self::cookie_locale();
     // 2. Check the user's preference
     if (!$locale) {
-      $locale = Identity::active()->locale;
+      $locale = Session::active_user()->locale;
     }
     // 3. Check the browser's / OS' preference
     if (!$locale) {
diff --git a/modules/gallery/helpers/log.php b/modules/gallery/helpers/log.php
index 512723dd..d1b34e3a 100644
--- a/modules/gallery/helpers/log.php
+++ b/modules/gallery/helpers/log.php
@@ -80,7 +80,7 @@ class log_Core {
     $log->url = substr(url::abs_current(true), 0, 255);
     $log->referer = request::referrer(null);
     $log->timestamp = time();
-    $log->user_id = Identity::active()->id;
+    $log->user_id = Session::active_user()->id;
     $log->save();
   }
 
diff --git a/modules/gallery/helpers/login.php b/modules/gallery/helpers/login.php
new file mode 100644
index 00000000..d44153ad
--- /dev/null
+++ b/modules/gallery/helpers/login.php
@@ -0,0 +1,31 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class login_Core {
+  static function get_login_form($url) {
+    $form = new Forge($url, "", "post", array("id" => "g-login-form"));
+    $form->set_attr('class', "g-narrow");
+    $group = $form->group("login")->label(t("Login"));
+    $group->input("name")->label(t("Username"))->id("g-username")->class(null);
+    $group->password("password")->label(t("Password"))->id("g-password")->class(null);
+    $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
+    $group->submit("")->value(t("Login"));
+    return $form;
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php
index bc0efa01..9541f20e 100644
--- a/modules/gallery/helpers/movie.php
+++ b/modules/gallery/helpers/movie.php
@@ -77,7 +77,7 @@ class movie_Core {
     $movie->title = $title;
     $movie->description = $description;
     $movie->name = $name;
-    $movie->owner_id = $owner_id ? $owner_id : Identity::active()->id;
+    $movie->owner_id = $owner_id ? $owner_id : Session::active_user()->id;
     $movie->width = $movie_info[0];
     $movie->height = $movie_info[1];
     $movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv";
diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php
index ad23e322..203862cd 100644
--- a/modules/gallery/helpers/photo.php
+++ b/modules/gallery/helpers/photo.php
@@ -76,7 +76,7 @@ class photo_Core {
     $photo->title = $title;
     $photo->description = $description;
     $photo->name = $name;
-    $photo->owner_id = $owner_id ? $owner_id : Identity::active()->id;
+    $photo->owner_id = $owner_id ? $owner_id : Session::active_user()->id;
     $photo->width = $image_info[0];
     $photo->height = $image_info[1];
     $photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime'];
diff --git a/modules/gallery/helpers/site_status.php b/modules/gallery/helpers/site_status.php
index 3f7ff19d..06b29fda 100644
--- a/modules/gallery/helpers/site_status.php
+++ b/modules/gallery/helpers/site_status.php
@@ -95,7 +95,7 @@ class site_status_Core {
    * @return html text
    */
   static function get() {
-    if (!Identity::active()->admin) {
+    if (!Session::active_user()->admin) {
       return;
     }
     $buf = array();
diff --git a/modules/gallery/helpers/task.php b/modules/gallery/helpers/task.php
index 4735c36c..f84fd10e 100644
--- a/modules/gallery/helpers/task.php
+++ b/modules/gallery/helpers/task.php
@@ -42,7 +42,7 @@ class task_Core {
     $task->percent_complete = 0;
     $task->status = "";
     $task->state = "started";
-    $task->owner_id = Identity::active()->id;
+    $task->owner_id = Session::active_user()->id;
     $task->context = serialize($context);
     $task->save();
 
diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php
index b1bb4ada..74a08c77 100644
--- a/modules/gallery/libraries/Admin_View.php
+++ b/modules/gallery/libraries/Admin_View.php
@@ -36,12 +36,12 @@ class Admin_View_Core extends Gallery_View {
     parent::__construct($name);
 
     $this->theme_name = module::get_var("gallery", "active_admin_theme");
-    if (Identity::active()->admin) {
+    if (Session::active_user()->admin) {
       $this->theme_name = Input::instance()->get("theme", $this->theme_name);
     }
     $this->sidebar = "";
     $this->set_global("theme", $this);
-    $this->set_global("user", Identity::active());
+    $this->set_global("user", Session::active_user());
   }
 
   public function admin_menu() {
diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php
index fb553de6..f844cf8f 100644
--- a/modules/gallery/libraries/Identity.php
+++ b/modules/gallery/libraries/Identity.php
@@ -194,111 +194,4 @@ class Identity_Core {
   static function get_user_list($ids) {
     return self::instance()->driver->get_user_list($ids);
   }
-
-  static function get_login_form($url) {
-    $form = new Forge($url, "", "post", array("id" => "g-login-form"));
-    $form->set_attr('class', "g-narrow");
-    $group = $form->group("login")->label(t("Login"));
-    $group->input("name")->label(t("Username"))->id("g-username")->class(null);
-    $group->password("password")->label(t("Password"))->id("g-password")->class(null);
-    $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
-    $group->submit("")->value(t("Login"));
-    return $form;
-  }
-
-  /**
-   * Return the active user.  If there's no active user, return the guest user.
-   *
-   * @return User_Model
-   */
-  static function active() {
-    // @todo (maybe) cache this object so we're not always doing session lookups.
-    $user = Session::instance()->get("user", null);
-    if (!isset($user)) {
-      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
-      // work.
-      $user = self::guest();
-    }
-    return $user;
-  }
-
-  /**
-   * Change the active user.
-   *
-   * @return User_Model
-   */
-  static function set_active($user) {
-    $session = Session::instance();
-    $session->set("user", $user);
-    $session->delete("group_ids");
-    self::load_user();
-  }
-
-  /**
-   * Return the array of group ids this user belongs to
-   *
-   * @return array
-   */
-  static function group_ids_for_active_user() {
-    return Session::instance()->get("group_ids", array(1));
-  }
-
-  /**
-   * Make sure that we have a session and group_ids cached in the session.  This is one
-   * of the first calls to reference the user so call the Identity::instance to load the
-   * driver classes.
-   */
-  static function load_user() {
-    $session = Session::instance();
-    if (!($user = $session->get("user"))) {
-      $session->set("user", $user = self::guest());
-    }
-
-    // The installer cannot set a user into the session, so it just sets an id which we should
-    // upconvert into a user.
-    // @todo set the user name into the session instead of 2 and then use it to get the user object
-    if ($user === 2) {
-      $user = self::lookup_user_by_name("admin");
-      self::login($user);
-      $session->set("user", $user);
-    }
-
-    if (!$session->get("group_ids")) {
-      $ids = array();
-      foreach ($user->groups as $group) {
-        $ids[] = $group->id;
-      }
-      $session->set("group_ids", $ids);
-    }
-  }
-
-  /**
-   * Log in as a given user.
-   * @param object $user the user object.
-   */
-  static function login($user) {
-    // @todo make this an interface call
-    $user->login_count += 1;
-    $user->last_login = time();
-    $user->save();
-
-    self::set_active($user);
-    module::event("user_login", $user);
-  }
-
-  /**
-   * Log out the active user and destroy the session.
-   * @param object $user the user object.
-   */
-  static function logout() {
-    $user = self::active();
-    if (!$user->guest) {
-      try {
-        Session::instance()->destroy();
-      } catch (Exception $e) {
-        Kohana::log("error", $e);
-      }
-      module::event("user_logout", $user);
-    }
-  }
 } // End Identity
diff --git a/modules/gallery/libraries/MY_Session.php b/modules/gallery/libraries/MY_Session.php
new file mode 100644
index 00000000..6394c0fb
--- /dev/null
+++ b/modules/gallery/libraries/MY_Session.php
@@ -0,0 +1,84 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+class Session extends Session_Core {
+  /**
+   * Make sure that we have a session and group_ids cached in the session.
+   */
+  static function load_user() {
+    $session = Session::instance();
+    if (!($user = $session->get("user"))) {
+      $session->set("user", $user = Identity::guest());
+    }
+
+    // The installer cannot set a user into the session, so it just sets an id which we should
+    // upconvert into a user.
+    // @todo set the user name into the session instead of 2 and then use it to get the user object
+    if ($user === 2) {
+      $user = Instance::lookup_user_by_name("admin");
+      self::set_active_user($user);
+      $session->set("user", $user);
+    }
+
+    if (!$session->get("group_ids")) {
+      $ids = array();
+      foreach ($user->groups as $group) {
+        $ids[] = $group->id;
+      }
+      $session->set("group_ids", $ids);
+    }
+  }
+
+  /**
+   * Return the array of group ids this user belongs to
+   *
+   * @return array
+   */
+  static function group_ids_for_active_user() {
+    return self::instance()->get("group_ids", array(1));
+  }
+
+  /**
+   * Return the active user.  If there's no active user, return the guest user.
+   *
+   * @return User_Definition
+   */
+  static function active_user() {
+    // @todo (maybe) cache this object so we're not always doing session lookups.
+    $user = self::instance()->get("user", null);
+    if (!isset($user)) {
+      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
+      // work.
+      $user = Identity::guest();
+    }
+    return $user;
+  }
+
+  /**
+   * Change the active user.
+   * @param User_Definition $user
+   */
+  static function set_active_user($user) {
+    $session = Session::instance();
+    $session->set("user", $user);
+    $session->delete("group_ids");
+    self::load_user();
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php
index 4e87f4fb..2fdc7531 100644
--- a/modules/gallery/libraries/Theme_View.php
+++ b/modules/gallery/libraries/Theme_View.php
@@ -37,13 +37,13 @@ class Theme_View_Core extends Gallery_View {
     parent::__construct($name);
 
     $this->theme_name = module::get_var("gallery", "active_site_theme");
-    if (Identity::active()->admin) {
+    if (Session::active_user()->admin) {
       $this->theme_name = Input::instance()->get("theme", $this->theme_name);
     }
     $this->item = null;
     $this->tag = null;
     $this->set_global("theme", $this);
-    $this->set_global("user", Identity::active());
+    $this->set_global("user", Session::active_user());
     $this->set_global("page_type", $page_type);
     $this->set_global("page_title", null);
     if ($page_type == "album") {
@@ -158,7 +158,7 @@ class Theme_View_Core extends Gallery_View {
    */
   public function sidebar_blocks() {
     $sidebar = block_manager::get_html("site.sidebar", $this);
-    if (empty($sidebar) && Identity::active()->admin) {
+    if (empty($sidebar) && Session::active_user()->admin) {
       $sidebar = new View("no_sidebar.html");
     }
     return $sidebar;
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index 4904887a..b3b5ed30 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -45,7 +45,7 @@ class Access_Helper_Test extends Unit_Test_Case {
   }
 
   public function setup() {
-    Identity::set_active(Identity::guest());
+    Session::set_active_user(Identity::guest());
   }
 
   public function groups_and_permissions_are_bound_to_columns_test() {
@@ -295,7 +295,7 @@ class Access_Helper_Test extends Unit_Test_Case {
       $user->remove($group);
     }
     $user->save();
-    Identity::set_active($user);
+    Session::set_active_user($user);
 
     // This user can't edit anything
     $root = ORM::factory("item", 1);
@@ -308,7 +308,7 @@ class Access_Helper_Test extends Unit_Test_Case {
     access::allow($group, "edit", $root);
 
     $user = Identity::lookup_user($user->id);  // reload() does not flush related columns
-    Identity::set_active($user);
+    Session::set_active_user($user);
 
     // And verify that the user can edit.
     $this->assert_true(access::can("edit", $root));
@@ -363,7 +363,7 @@ class Access_Helper_Test extends Unit_Test_Case {
   }
 
   public function moved_items_inherit_new_permissions_test() {
-    Identity::set_active(Identity::lookup_user_by_name("admin"));
+    Session::set_active_user(Identity::lookup_user_by_name("admin"));
 
     $root = ORM::factory("item", 1);
     $public_album = album::create($root, rand(), "public album");
diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php
index d4cfebba..fc01db91 100644
--- a/modules/gallery/tests/Item_Helper_Test.php
+++ b/modules/gallery/tests/Item_Helper_Test.php
@@ -23,7 +23,7 @@ class Item_Helper_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
     $item = self::_create_random_item($album);
-    Identity::set_active(Identity::guest());
+    Session::set_active_user(Identity::guest());
 
     // We can see the item when permissions are granted
     access::allow(Identity::everybody(), "view", $album);
diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php
index 3f99e037..cdb4ae4f 100644
--- a/modules/gallery/tests/Photos_Controller_Test.php
+++ b/modules/gallery/tests/Photos_Controller_Test.php
@@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $photo = photo::create(
       $root, MODPATH . "gallery/tests/test.jpg", "test.jpeg",
-      "test", "test", Identity::active(), "slug");
+      "test", "test", Session::active_user(), "slug");
     $orig_name = $photo->name;
 
     $_POST["filename"] = "test.jpeg";
diff --git a/modules/gallery/views/kohana_error_page.php b/modules/gallery/views/kohana_error_page.php
index bca29298..0256fabb 100644
--- a/modules/gallery/views/kohana_error_page.php
+++ b/modules/gallery/views/kohana_error_page.php
@@ -57,7 +57,7 @@
     <title><?= t("Something went wrong!") ?></title>
   </head>
   <body>
-    <? try { $user = Identity::active(); } catch (Exception $e) { } ?>
+    <? try { $user = Session::active_user(); } catch (Exception $e) { } ?>
     <? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
     <div class="big_box" id="framework_error">
       <h1>
diff --git a/modules/gallery/views/maintenance.html.php b/modules/gallery/views/maintenance.html.php
index dc8925b4..0aeaaec2 100644
--- a/modules/gallery/views/maintenance.html.php
+++ b/modules/gallery/views/maintenance.html.php
@@ -43,7 +43,7 @@
     <p>
       <?= t("This site is currently only accessible by site administrators.") ?>
     </p>
-    <?= Identity::get_login_form("login/auth_html") ?>
+    <?= login::get_login_form("login/auth_html") ?>
   </body>
 </html>
 
diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php
index 2e22eeae..64eed8dc 100644
--- a/modules/notification/helpers/notification.php
+++ b/modules/notification/helpers/notification.php
@@ -20,7 +20,7 @@
 class notification {
   static function get_subscription($item_id, $user=null) {
     if (empty($user)) {
-      $user = Identity::active();
+      $user = Session::active_user();
     }
 
     return ORM::factory("subscription")
@@ -31,7 +31,7 @@ class notification {
 
   static function is_watching($item, $user=null) {
     if (empty($user)) {
-      $user = Identity::active();
+      $user = Session::active_user();
     }
 
     return ORM::factory("subscription")
@@ -44,7 +44,7 @@ class notification {
   static function add_watch($item, $user=null) {
     if ($item->is_album()) {
       if (empty($user)) {
-        $user = Identity::active();
+        $user = Session::active_user();
       }
       $subscription = ORM::factory("subscription");
       $subscription->item_id = $item->id;
@@ -56,7 +56,7 @@ class notification {
   static function remove_watch($item, $user=null) {
     if ($item->is_album()) {
       if (empty($user)) {
-        $user = Identity::active();
+        $user = Session::active_user();
       }
 
       $subscription = ORM::factory("subscription")
diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php
index d519bdc4..f0530cd9 100644
--- a/modules/notification/helpers/notification_event.php
+++ b/modules/notification/helpers/notification_event.php
@@ -95,7 +95,7 @@ class notification_event_Core {
   }
 
   static function site_menu($menu, $theme) {
-    if (!Identity::active()->guest) {
+    if (!Session::active_user()->guest) {
       $item = $theme->item();
 
       if ($item && $item->is_album() && access::can("view", $item)) {
diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php
index 86107714..8b14cfa9 100644
--- a/modules/search/helpers/search.php
+++ b/modules/search/helpers/search.php
@@ -22,8 +22,8 @@ class search_Core {
     $db = Database::instance();
     $q = $db->escape_str($q);
 
-    if (!Identity::active()->admin) {
-      foreach (Identity::group_ids_for_active_user() as $id) {
+    if (!Session::active_user()->admin) {
+      foreach (Session::group_ids_for_active_user() as $id) {
         $fields[] = "`view_$id` = TRUE"; // access::ALLOW
       }
       $access_sql = "AND (" . join(" AND ", $fields) . ")";
diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php
index 701c89fd..428065f6 100644
--- a/modules/server_add/controllers/server_add.php
+++ b/modules/server_add/controllers/server_add.php
@@ -103,7 +103,7 @@ class Server_Add_Controller extends Admin_Controller {
     access::verify_csrf();
 
     $task = ORM::factory("task", $task_id);
-    if (!$task->loaded || $task->owner_id != Identity::active()->id) {
+    if (!$task->loaded || $task->owner_id != Session::active_user()->id) {
       access::forbidden();
     }
 
@@ -207,7 +207,7 @@ class Server_Add_Controller extends Admin_Controller {
         $task->set("mode", "done");
       }
 
-      $owner_id = Identity::active()->id;
+      $owner_id = Session::active_user()->id;
       foreach ($entries as $entry) {
         if (microtime(true) - $start > 0.5) {
           break;
diff --git a/modules/server_add/helpers/server_add_event.php b/modules/server_add/helpers/server_add_event.php
index 76357871..8f8b0016 100644
--- a/modules/server_add/helpers/server_add_event.php
+++ b/modules/server_add/helpers/server_add_event.php
@@ -30,7 +30,7 @@ class server_add_event_Core {
     $item = $theme->item();
     $paths = unserialize(module::get_var("server_add", "authorized_paths"));
 
-    if ($item && Identity::active()->admin && $item->is_album() && !empty($paths) &&
+    if ($item && Session::active_user()->admin && $item->is_album() && !empty($paths) &&
         is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) {
       $menu->get("add_menu")
         ->append(Menu::factory("dialog")
diff --git a/modules/server_add/helpers/server_add_theme.php b/modules/server_add/helpers/server_add_theme.php
index cecb90b4..44681d36 100644
--- a/modules/server_add/helpers/server_add_theme.php
+++ b/modules/server_add/helpers/server_add_theme.php
@@ -19,7 +19,7 @@
  */
 class server_add_theme_Core {
   static function head($theme) {
-    if (Identity::active()->admin) {
+    if (Session::active_user()->admin) {
       $theme->script("server_add.js");
     }
   }
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index fed872a5..258de843 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -69,7 +69,7 @@ class Admin_Users_Controller extends Admin_Controller {
   public function delete_user($id) {
     access::verify_csrf();
 
-    if ($id == Identity::active()->id || $id == user::guest()->id) {
+    if ($id == Session::active_user()->id || $id == user::guest()->id) {
       access::forbidden();
     }
 
@@ -136,7 +136,7 @@ class Admin_Users_Controller extends Admin_Controller {
       }
 
       // An admin can change the admin status for any user but themselves
-      if ($user->id != Identity::active()->id) {
+      if ($user->id != Session::active_user()->id) {
         $user->admin = $form->edit_user->admin->checked;
       }
       $user->save();
@@ -158,7 +158,7 @@ class Admin_Users_Controller extends Admin_Controller {
 
     $form = $this->_get_user_edit_form_admin($user);
     // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == Identity::active()->id) {
+    if ($user->id == Session::active_user()->id) {
       $form->edit_user->admin->disabled(1);
     }
     print $form;
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index ebce1d8d..0ccf3e2a 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -21,7 +21,7 @@ class Users_Controller extends Controller {
   public function update($id) {
     $user = user::lookup($id);
 
-    if ($user->guest || $user->id != Identity::active()->id) {
+    if ($user->guest || $user->id != Session::active_user()->id) {
       access::forbidden();
     }
 
@@ -59,7 +59,7 @@ class Users_Controller extends Controller {
 
   public function form_edit($id) {
     $user = user::lookup($id);
-    if ($user->guest || $user->id != Identity::active()->id) {
+    if ($user->guest || $user->id != Session::active_user()->id) {
       access::forbidden();
     }
 
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 400686cc..899e0b68 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -90,7 +90,7 @@
             <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text">
               <?= t("edit") ?>
             </span></a>
-          <? if (Identity::active()->id != $user->id && !$user->guest): ?>
+          <? if (Session::active_user()->id != $user->id && !$user->guest): ?>
           <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
             <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-- 
cgit v1.2.3


From 098b57bf18112d0a3173dbe28b5ed76782431ff7 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 19 Oct 2009 12:53:44 -0700
Subject: Simplify the user interface by moving the password reset
 functionality into the user module Bagging the User_Definition and
 Group_Definition abstract classes and replacing them with interfaces with the
 same names. Make sure all the unit tests work.

---
 modules/gallery/controllers/password.php           | 133 --------------
 modules/gallery/helpers/access.php                 |   4 +-
 modules/gallery/libraries/Identity.php             |  34 +---
 modules/gallery/libraries/drivers/Identity.php     | 196 ++-------------------
 modules/gallery/tests/Albums_Controller_Test.php   |   1 +
 modules/gallery/tests/Photos_Controller_Test.php   |   2 +-
 modules/gallery/views/admin_identity.html.php      |   6 +-
 modules/gallery/views/reset_password.html.php      |  17 --
 modules/user/controllers/password.php              | 133 ++++++++++++++
 modules/user/helpers/group.php                     |   4 +-
 modules/user/helpers/user.php                      |  15 +-
 .../user/libraries/drivers/Identity/Gallery.php    |  99 ++---------
 modules/user/models/group.php                      |   2 +-
 modules/user/models/user.php                       |   2 +-
 modules/user/views/admin_users.html.php            |   2 +-
 modules/user/views/reset_password.html.php         |  17 ++
 16 files changed, 206 insertions(+), 461 deletions(-)
 delete mode 100644 modules/gallery/controllers/password.php
 delete mode 100644 modules/gallery/views/reset_password.html.php
 create mode 100644 modules/user/controllers/password.php
 create mode 100644 modules/user/views/reset_password.html.php

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php
deleted file mode 100644
index ce6d67b1..00000000
--- a/modules/gallery/controllers/password.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Password_Controller extends Controller {
-  public function reset() {
-    if (request::method() == "post") {
-      // @todo separate the post from get parts of this function
-      access::verify_csrf();
-      $this->_send_reset();
-    } else {
-      print $this->_reset_form();
-    }
-  }
-
-  public function do_reset() {
-    if (request::method() == "post") {
-      $this->_change_password();
-    } else {
-      $user = Identity::lookup_user_by_hash(Input::instance()->get("key"));
-      if (!empty($user)) {
-        print $this->_new_password_form($user->hash);
-      } else {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-    }
-  }
-
-  private function _send_reset() {
-    $form = $this->_reset_form();
-
-    $valid = $form->validate();
-    if ($valid) {
-      $user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value);
-      if (!$user->loaded || empty($user->email)) {
-        $form->reset->inputs["name"]->add_error("no_email", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $user->hash = md5(rand());
-      $user->save();
-      $message = new View("reset_password.html");
-      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
-      $message->user = $user;
-
-      Sendmail::factory()
-        ->to($user->email)
-        ->subject(t("Password Reset Request"))
-        ->header("Mime-Version", "1.0")
-        ->header("Content-type", "text/html; charset=iso-8859-1")
-        ->message($message->render())
-        ->send();
-
-      log::success(
-        "user",
-        t("Password reset email sent for user %name", array("name" => $user->name)));
-    } else {
-      // Don't include the username here until you're sure that it's XSS safe
-      log::warning(
-        "user", "Password reset email requested for bogus user");
-    }
-
-    message::success(t("Password reset email sent"));
-    print json_encode(
-      array("result" => "success"));
-  }
-
-  private function _reset_form() {
-    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
-    $group = $form->group("reset")->label(t("Reset Password"));
-    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
-    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
-    $group->submit("")->value(t("Reset"));
-
-    return $form;
-  }
-
-  private function _new_password_form($hash=null) {
-    $template = new Theme_View("page.html", "reset");
-
-    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
-    $group = $form->group("reset")->label(t("Change Password"));
-    $hidden = $group->hidden("hash");
-    if (!empty($hash)) {
-      $hidden->value($hash);
-    }
-    $group->password("password")->label(t("Password"))->id("g-password")
-      ->rules("required|length[1,40]");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password);
-    $group->inputs["password2"]->error_messages(
-      "mistyped", t("The password and the confirm password must match"));
-    $group->submit("")->value(t("Update"));
-
-    $template->content = $form;
-    return $template;
-  }
-
-  private function _change_password() {
-    $view = $this->_new_password_form();
-    if ($view->content->validate()) {
-      $user = Identity::lookup_user_by_hash(Input::instance()->get("key"));
-      if (empty($user)) {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-
-      $user->password = $view->content->reset->password->value;
-      $user->hash = null;
-      $user->save();
-      message::success(t("Password reset successfully"));
-      url::redirect(item::root()->abs_url());
-    } else {
-      print $view;
-    }
-  }
-}
\ No newline at end of file
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 21f4de81..fba161e3 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -197,8 +197,8 @@ class access_Core {
    * @param  Item_Model  $item
    * @param  boolean     $value
    */
-  private static function _set(Group_Model $group, $perm_name, $album, $value) {
-    if (get_class($group) != "Group_Model") {
+  private static function _set(Group_Definition $group, $perm_name, $album, $value) {
+    if (!($group instanceof Group_Definition)) {
       throw new Exception("@todo PERMISSIONS_ONLY_WORK_ON_GROUPS");
     }
     if (!$album->loaded) {
diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php
index 9e5f0bb5..e77fd2d2 100644
--- a/modules/gallery/libraries/Identity.php
+++ b/modules/gallery/libraries/Identity.php
@@ -133,37 +133,17 @@ class Identity_Core {
   }
 
   /**
-   * @see Identity_Driver::hash_password.
-   */
-  static function hash_password($password) {
-    return self::instance()->driver->hash_password($password);
-  }
-
-  /**
-   * Look up a user by id.
-   * @param integer      $id the user id
-   * @return User_Definition  the user object, or null if the id was invalid.
+   * @see Identity_Driver::lookup_user.
    */
   static function lookup_user($id) {
-    return self::instance()->driver->lookup_user_by_field("id", $id);
+    return self::instance()->driver->lookup_user($id);
   }
 
   /**
-   * Look up a user by name.
-   * @param integer      $name the user name
-   * @return User_Definition  the user object, or null if the name was invalid.
+   * @see Identity_Driver::lookup_user_by_name.
    */
   static function lookup_user_by_name($name) {
-    return self::instance()->driver->lookup_user_by_field("name", $name);
-  }
-
-  /**
-   * Look up a user by hash.
-   * @param string       $name the user name
-   * @return User_Definition  the user object, or null if the name was invalid.
-   */
-  static function lookup_user_by_hash($hash) {
-    return self::instance()->driver->lookup_user_by_field("hash", $hash);
+    return self::instance()->driver->lookup_user_by_name($name);
   }
 
   /**
@@ -188,12 +168,10 @@ class Identity_Core {
   }
 
   /**
-   * Look up a group by name.
-   * @param integer      $id the group name
-   * @return Group_Definition  the group object, or null if the name was invalid.
+   * @see Identity_Driver::lookup_group_by_name.
    */
   static function lookup_group_by_name($name) {
-    return self::instance()->driver->lookup_group_by_field("name", $name);
+    return self::instance()->driver->lookup_group_by_name($name);
   }
 
   /**
diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php
index a9e1a75b..6ab001cb 100644
--- a/modules/gallery/libraries/drivers/Identity.php
+++ b/modules/gallery/libraries/drivers/Identity.php
@@ -45,19 +45,18 @@ interface Identity_Driver {
   public function is_correct_password($user, $password);
 
   /**
-   * Create the hashed passwords.
-   * @param string $password a plaintext password
-   * @return string hashed password
+   * Look up a user by id.
+   * @param integer     id
+   * @return User_Definition the user object, or null if the name was invalid.
    */
-  public function hash_password($password);
+  public function lookup_user($id);
 
   /**
-   * Look up a user by by search the specified field.
-   * @param string      search field
-   * @param string      search value
-   * @return User_Definition the user object, or null if the name was invalid.
+   * Look up a user by name.
+   * @param string      name
+  * @return User_Definition the user object, or null if the name was invalid.
    */
-  public function lookup_user_by_field($field, $value);
+  public function lookup_user_by_name($name);
 
   /**
    * Create a new group.
@@ -90,181 +89,6 @@ interface Identity_Driver {
 
 } // End Identity Driver Definition
 
-/**
- * User Data wrapper
- */
-abstract class User_Definition {
-  protected $user;
-  public function __get($column) {
-    switch ($column) {
-    case "id":
-    case "name":
-    case "full_name":
-    case "password":
-    case "login_count":
-    case "last_login":
-    case "email":
-    case "admin":
-    case "guest":
-    case "hash":
-    case "url":
-    case "locale":
-    case "groups":
-    case "hashed_password":
-      return $this->user->$column;
-    default:
-      throw new Exception("@todo UNSUPPORTED FIELD: $column");
-      break;
-    }
-  }
-
-  public function __set($column, $value) {
-    switch ($column) {
-    case "id":
-    case "groups":
-      throw new Exception("@todo READ ONLY FIELD: $column");
-      break;
-    case "name":
-    case "full_name":
-    case "hashed_password":
-    case "password":
-    case "login_count":
-    case "last_login":
-    case "email":
-    case "admin":
-    case "guest":
-    case "hash":
-    case "url":
-    case "locale":
-      $this->user->$column = $value;
-      break;
-    default:
-      throw new Exception("@todo UNSUPPORTED FIELD: $column");
-      break;
-    }
-  }
-
-  public function __isset($column) {
-    return isset($this->user->$column);
-  }
-
-  public function __unset($column) {
-    switch ($column) {
-    case "id":
-    case "groups":
-      throw new Exception("@todo READ ONLY FIELD: $column");
-      break;
-    case "name":
-    case "full_name":
-    case "password":
-    case "login_count":
-    case "last_login":
-    case "email":
-    case "admin":
-    case "guest":
-    case "hash":
-    case "url":
-    case "locale":
-    case "hashed_password":
-      unset($this->user->$column);
-      break;
-    default:
-      throw new Exception("@todo UNSUPPORTED FIELD: $column");
-      break;
-    }
-  }
-
-  /**
-   * Return a url to the user's avatar image.
-   * @param integer $size the target size of the image (default 80px)
-   * @return string a url
-   */
-  abstract public function avatar_url($size=80, $default=null);
-
-  /**
-   * Return the best version of the user's name.  Either their specified full name, or fall back
-   * to the user name.
-   * @return string
-   */
-  abstract public function display_name();
-
-  /**
-   * Return the internal user object without the wrapper.
-   * This method is used by implementing classes to access the internal user object.
-   * Consider it pseudo private and only declared public as PHP as not internal or friend modifier
-   */
-  public function _uncloaked() {
-    return $this->user;
-  }
-
-  abstract public function save();
-  abstract public function delete();
-}
-
-/**
- * Group Data wrapper
- */
-abstract class Group_Definition {
-  protected $group;
-
-  public function __get($column) {
-    switch ($column) {
-    case "id":
-    case "name":
-    case "special":
-    case "users":
-      return $this->group->$column;
-    default:
-      throw new Exception("@todo UNSUPPORTED FIELD: $column");
-      break;
-    }
-  }
-
-  public function __set($column, $value) {
-    switch ($column) {
-    case "id":
-    case "users":
-      throw new Exception("@todo READ ONLY FIELD: $column");
-      break;
-    case "name":
-    case "special":
-      $this->group->$column = $value;
-    default:
-      throw new Exception("@todo UNSUPPORTED FIELD: $column");
-      break;
-    }
-  }
-
-  public function __isset($column) {
-    return isset($this->group->$column);
-  }
-
-  public function __unset($column) {
-    switch ($column) {
-    case "id":
-    case "users":
-      throw new Exception("@todo READ ONLY FIELD: $column");
-      break;
-    case "name":
-    case "special":
-      unset($this->group->$column);
-    default:
-      throw new Exception("@todo UNSUPPORTED FIELD: $column");
-      break;
-    }
-  }
-
-  /**
-   * Return the internal group object without the wrapper.
-   * This method is used by implementing classes to access the internal group object.
-   * Consider it pseudo private and only declared public as PHP as not internal or friend modifier
-   */
-  public function _uncloaked() {
-    return $this->group;
-  }
+interface Group_Definition {}
 
-  abstract public function save();
-  abstract public function delete();
-  abstract public function add($user);
-  abstract public function remove($user);
-}
+interface User_Definition {}
diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php
index 046cb5ad..fa46d924 100644
--- a/modules/gallery/tests/Albums_Controller_Test.php
+++ b/modules/gallery/tests/Albums_Controller_Test.php
@@ -43,6 +43,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
     $_POST["column"] = "weight";
     $_POST["direction"] = "ASC";
     $_POST["csrf"] = access::csrf_token();
+    $_POST["slug"] = "new_name";
     $_POST["_method"] = "put";
     access::allow(Identity::everybody(), "edit", $root);
 
diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php
index cdb4ae4f..59c3f78a 100644
--- a/modules/gallery/tests/Photos_Controller_Test.php
+++ b/modules/gallery/tests/Photos_Controller_Test.php
@@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $photo = photo::create(
       $root, MODPATH . "gallery/tests/test.jpg", "test.jpeg",
-      "test", "test", Session::active_user(), "slug");
+      "test", "test", Session::active_user()->id, "slug");
     $orig_name = $photo->name;
 
     $_POST["filename"] = "test.jpeg";
diff --git a/modules/gallery/views/admin_identity.html.php b/modules/gallery/views/admin_identity.html.php
index dcf1dbc1..1405cacb 100644
--- a/modules/gallery/views/admin_identity.html.php
+++ b/modules/gallery/views/admin_identity.html.php
@@ -15,11 +15,11 @@
           height:165,
           modal: true,
           overlay: {
-	    backgroundColor: '#000',
-	    opacity: 0.5
+            backgroundColor: '#000',
+            opacity: 0.5
           },
           buttons: {
-	    "Continue": function() {
+            "Continue": function() {
               $("##g-dialog form").submit();
             },
             Cancel: function() {
diff --git a/modules/gallery/views/reset_password.html.php b/modules/gallery/views/reset_password.html.php
deleted file mode 100644
index 92ca4917..00000000
--- a/modules/gallery/views/reset_password.html.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<html>
-  <head>
-    <title><?= t("Password Reset Request") ?> </title>
-  </head>
-  <body>
-    <h2><?= t("Password Reset Request") ?> </h2>
-    <p>
-      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
-    </p>
-    <p>
-  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
-        array("site_url" => html::mark_clean(url::base(false, "http")),
-              "confirm_url" => $confirm_url)) ?>
-    </p>
-  </body>
-</html>
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
new file mode 100644
index 00000000..a8f1c5ca
--- /dev/null
+++ b/modules/user/controllers/password.php
@@ -0,0 +1,133 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Password_Controller extends Controller {
+  public function reset() {
+    if (request::method() == "post") {
+      // @todo separate the post from get parts of this function
+      access::verify_csrf();
+      $this->_send_reset();
+    } else {
+      print $this->_reset_form();
+    }
+  }
+
+  public function do_reset() {
+    if (request::method() == "post") {
+      $this->_change_password();
+    } else {
+      $user = user::lookup_user_by_field("hash", Input::instance()->get("key"));
+      if (!empty($user)) {
+        print $this->_new_password_form($user->hash);
+      } else {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+    }
+  }
+
+  private function _send_reset() {
+    $form = $this->_reset_form();
+
+    $valid = $form->validate();
+    if ($valid) {
+      $user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value);
+      if (!$user->loaded || empty($user->email)) {
+        $form->reset->inputs["name"]->add_error("no_email", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $user->hash = md5(rand());
+      $user->save();
+      $message = new View("reset_password.html");
+      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
+      $message->user = $user;
+
+      Sendmail::factory()
+        ->to($user->email)
+        ->subject(t("Password Reset Request"))
+        ->header("Mime-Version", "1.0")
+        ->header("Content-type", "text/html; charset=iso-8859-1")
+        ->message($message->render())
+        ->send();
+
+      log::success(
+        "user",
+        t("Password reset email sent for user %name", array("name" => $user->name)));
+    } else {
+      // Don't include the username here until you're sure that it's XSS safe
+      log::warning(
+        "user", "Password reset email requested for bogus user");
+    }
+
+    message::success(t("Password reset email sent"));
+    print json_encode(
+      array("result" => "success"));
+  }
+
+  private function _reset_form() {
+    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
+    $group = $form->group("reset")->label(t("Reset Password"));
+    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
+    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
+    $group->submit("")->value(t("Reset"));
+
+    return $form;
+  }
+
+  private function _new_password_form($hash=null) {
+    $template = new Theme_View("page.html", "reset");
+
+    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
+    $group = $form->group("reset")->label(t("Change Password"));
+    $hidden = $group->hidden("hash");
+    if (!empty($hash)) {
+      $hidden->value($hash);
+    }
+    $group->password("password")->label(t("Password"))->id("g-password")
+      ->rules("required|length[1,40]");
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+      ->matches($group->password);
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
+    $group->submit("")->value(t("Update"));
+
+    $template->content = $form;
+    return $template;
+  }
+
+  private function _change_password() {
+    $view = $this->_new_password_form();
+    if ($view->content->validate()) {
+      $user = user::lookup_user_by_field("hash", Input::instance()->get("key"));
+      if (empty($user)) {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+
+      $user->password = $view->content->reset->password->value;
+      $user->hash = null;
+      $user->save();
+      message::success(t("Password reset successfully"));
+      url::redirect(item::root()->abs_url());
+    } else {
+      print $view;
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
index cf5c050f..8ad52564 100644
--- a/modules/user/helpers/group.php
+++ b/modules/user/helpers/group.php
@@ -42,14 +42,14 @@ class group_Core {
    * @see Identity_Driver::everbody.
    */
   static function everybody() {
-    return Identity::instance()->everybody();
+    return model_cache::get("group", 1);
   }
 
   /**
    * @see Identity_Driver::registered_users.
    */
   static function registered_users() {
-    return Identity::instance()->everybody();
+    return model_cache::get("group", 2);
   }
 
   /**
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index fa7b320f..5ef2b726 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -25,14 +25,21 @@
  */
 class user_Core {
   /**
-   * @see Identity_Driver::guest.
+   * Return the guest user.
+   *
+   * @return User_Model the user object
    */
   static function guest() {
     return model_cache::get("user", 1);
   }
 
   /**
-   * @see Identity_Driver::create_user.
+   * Create a new user.
+   *
+   * @param string  $name
+   * @param string  $full_name
+   * @param string  $password
+   * @return User_Definition the user object
    */
   static function create($name, $full_name, $password) {
     $user = ORM::factory("user")->where("name", $name)->find();
@@ -53,7 +60,9 @@ class user_Core {
   }
 
   /**
-   * @see Identity_Driver::hash_password.
+   * Hash the password to the internal value
+   * @param string   $password the user password
+   * @param string   The hashed equivalent
    */
   static function hash_password($password) {
     require_once(MODPATH . "user/lib/PasswordHash.php");
diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php
index 77db11a3..f405b710 100644
--- a/modules/user/libraries/drivers/Identity/Gallery.php
+++ b/modules/user/libraries/drivers/Identity/Gallery.php
@@ -25,14 +25,14 @@ class Identity_Gallery_Driver implements Identity_Driver {
    * @see Identity_Driver::guest.
    */
   public function guest() {
-    return new Gallery_User(user::guest());
+    return user::guest();
   }
 
   /**
    * @see Identity_Driver::create_user.
    */
   public function create_user($name, $full_name, $password) {
-    return new Gallery_User(user::create($name, $full_name, $password));
+    return user::create($name, $full_name, $password);
   }
 
   /**
@@ -67,122 +67,55 @@ class Identity_Gallery_Driver implements Identity_Driver {
   }
 
   /**
-   * @see Identity_Driver::hash_password.
+   * @see Identity_Driver::lookup_user.
    */
-  public function hash_password($password) {
-    return user::hash_password($password);
+  public function lookup_user($id) {
+    return user::lookup_by_field("id", $id);
   }
 
   /**
-   * @see Identity_Driver::lookup_user_by_field.
+   * @see Identity_Driver::lookup_user_by_name.
    */
-  public function lookup_user_by_field($field_name, $value) {
-    return new Gallery_User(user::lookup_by_field($field_name, $value));
+  public function lookup_user_by_name($name) {
+    return user::lookup_by_field("name", $name);
   }
 
   /**
    * @see Identity_Driver::create_group.
    */
   public function create_group($name) {
-    return new Gallery_Group(group::create($name));
+    return group::create($name);
   }
 
   /**
    * @see Identity_Driver::everybody.
    */
   public function everybody() {
-    return new Gallery_Group(group::everybody());
+    return group::everybody();
   }
 
   /**
    * @see Identity_Driver::registered_users.
    */
   public function registered_users() {
-    return new Gallery_Group(group::registered_users());
+    return group::registered_users();
   }
 
   /**
-   * @see Identity_Driver::lookup_group_by_field.
+   * @see Identity_Driver::lookup_group_by_name.
    */
-  public function lookup_group_by_field($field_name, $value) {
-    return new Gallery_Group(group::lookup_by_field($field_name, $value));
+  static function lookup_group_by_name($name) {
+    return group::lookup_by_field("name", $name);
   }
 
   /**
    * @see Identity_Driver::get_user_list.
    */
   public function get_user_list($ids) {
-    $results = ORM::factory("user")
+    return ORM::factory("user")
       ->in("id", ids)
       ->find_all()
-      ->as_array();;
-    $users = array();
-    foreach ($results as $user) {
-      $users[] = new Gallery_User($user);
-    }
-    return $users;
+      ->as_array();
   }
 } // End Identity Gallery Driver
 
-/**
- * User Data wrapper
- */
-class Gallery_User extends User_Definition {
-  /*
-   *  Not for general user, allows the back-end to easily create the interface object
-   */
-  function __construct($user) {
-    $this->user = $user;
-  }
-
-  /**
-   * @see User_Definition::avatar_url
-   */
-  public function avatar_url($size=80, $default=null) {
-    return $this->user->avatar_url($size, $default);
-  }
-
-  /**
-   * @see User_Definition::display_name
-   */
-  public function display_name() {
-    return $this->user->display_name();
-  }
-
-  public function save() {
-    $this->user->save();
-  }
-
-  public function delete() {
-    $this->user->delete();
-  }
-
-}
-
-/**
- * Group Data wrapper
- */
-class Gallery_Group extends Group_Definition {
-  /*
-   *  Not for general user, allows the back-end to easily create the interface object
-   */
-  function __construct($group) {
-    $this->group = $group;
-  }
-
-  public function save() {
-    $this->group->save();
-  }
-
-  public function delete() {
-    $this->group->delete();
-  }
-
-  public function add($user) {
-    $this->group->add($user->_uncloaked());
-  }
-
-  public function remove($user) {
-    $this->group->remove($user->_uncloaked());
-  }
-}
diff --git a/modules/user/models/group.php b/modules/user/models/group.php
index 8af78012..4432fc69 100644
--- a/modules/user/models/group.php
+++ b/modules/user/models/group.php
@@ -17,7 +17,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
-class Group_Model extends ORM {
+class Group_Model extends ORM implements Group_Definition {
   protected $has_and_belongs_to_many = array("users");
 
   var $rules = array(
diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index d99603b2..c51fc720 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -17,7 +17,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
-class User_Model extends ORM {
+class User_Model extends ORM implements User_Definition {
   protected $has_and_belongs_to_many = array("groups");
 
   var $rules = array(
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 7c54d93d..ee8d413c 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -91,7 +91,7 @@
                   open_text="<?= t("close") ?>"
                   class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
                 <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
-              <? if (user::active()->id != $user->id && !$user->guest): ?>
+              <? if (Session::active_user()->id != $user->id && !$user->guest): ?>
               <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
                   class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
                 <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
new file mode 100644
index 00000000..92ca4917
--- /dev/null
+++ b/modules/user/views/reset_password.html.php
@@ -0,0 +1,17 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<html>
+  <head>
+    <title><?= t("Password Reset Request") ?> </title>
+  </head>
+  <body>
+    <h2><?= t("Password Reset Request") ?> </h2>
+    <p>
+      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
+    </p>
+    <p>
+  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
+        array("site_url" => html::mark_clean(url::base(false, "http")),
+              "confirm_url" => $confirm_url)) ?>
+    </p>
+  </body>
+</html>
-- 
cgit v1.2.3


From 3c936d661a088fb43b47eb5b208958180e8f65eb Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 22 Oct 2009 13:09:20 -0700
Subject: Change the name of identity library from Identity to
 IdentityProvider. Create a helper class called identity to simplify call the
 Identity Provider. Move the contents of MY_Session.php to the new helper
 class and remove the MY_Session class

---
 modules/akismet/tests/Akismet_Helper_Test.php      |   2 +-
 modules/comment/controllers/comments.php           |   8 +-
 modules/comment/helpers/comment.php                |   2 +-
 modules/comment/models/comment.php                 |   2 +-
 modules/comment/tests/Comment_Event_Test.php       |   2 +-
 modules/comment/tests/Comment_Helper_Test.php      |   4 +-
 modules/comment/tests/Comment_Model_Test.php       |   8 +-
 modules/digibug/controllers/digibug.php            |   2 +-
 modules/digibug/tests/Digibug_Controller_Test.php  |   4 +-
 modules/g2_import/helpers/g2_import.php            |  16 +-
 modules/gallery/controllers/admin.php              |   2 +-
 modules/gallery/controllers/admin_identity.php     |  10 +-
 modules/gallery/controllers/albums.php             |   4 +-
 modules/gallery/controllers/l10n_client.php        |   4 +-
 modules/gallery/controllers/login.php              |   8 +-
 modules/gallery/controllers/logout.php             |   2 +-
 modules/gallery/controllers/permissions.php        |   6 +-
 modules/gallery/controllers/upgrader.php           |   4 +-
 modules/gallery/controllers/welcome_message.php    |   4 +-
 modules/gallery/helpers/access.php                 |   4 +-
 modules/gallery/helpers/gallery.php                |   2 +-
 modules/gallery/helpers/gallery_event.php          |  10 +-
 modules/gallery/helpers/gallery_installer.php      |   2 +-
 modules/gallery/helpers/gallery_theme.php          |   2 +-
 modules/gallery/helpers/identity.php               | 225 +++++++++++++++++++++
 modules/gallery/helpers/item.php                   |   4 +-
 modules/gallery/helpers/locales.php                |   2 +-
 modules/gallery/helpers/log.php                    |   2 +-
 modules/gallery/helpers/movie.php                  |   2 +-
 modules/gallery/helpers/photo.php                  |   2 +-
 modules/gallery/helpers/site_status.php            |   2 +-
 modules/gallery/helpers/task.php                   |   2 +-
 modules/gallery/libraries/Admin_View.php           |   4 +-
 modules/gallery/libraries/Identity.php             | 222 --------------------
 modules/gallery/libraries/IdentityProvider.php     | 200 ++++++++++++++++++
 modules/gallery/libraries/MY_Session.php           |  93 ---------
 modules/gallery/libraries/Theme_View.php           |   6 +-
 modules/gallery/libraries/drivers/Identity.php     | 123 -----------
 .../gallery/libraries/drivers/IdentityProvider.php | 123 +++++++++++
 modules/gallery/models/item.php                    |   2 +-
 modules/gallery/models/log.php                     |   2 +-
 modules/gallery/models/task.php                    |   2 +-
 modules/gallery/tests/Access_Helper_Test.php       | 144 ++++++-------
 modules/gallery/tests/Albums_Controller_Test.php   |   4 +-
 modules/gallery/tests/Item_Helper_Test.php         |   6 +-
 modules/gallery/tests/Photos_Controller_Test.php   |   6 +-
 modules/gallery/views/kohana_error_page.php        |   2 +-
 modules/gallery/views/login.html.php               |   2 +-
 modules/gallery/views/login_ajax.html.php          |   2 +-
 modules/notification/helpers/notification.php      |  10 +-
 .../notification/helpers/notification_event.php    |   2 +-
 modules/search/helpers/search.php                  |   4 +-
 modules/server_add/controllers/server_add.php      |   4 +-
 modules/server_add/helpers/server_add_event.php    |   2 +-
 modules/server_add/helpers/server_add_theme.php    |   2 +-
 modules/user/controllers/admin_users.php           |   6 +-
 modules/user/controllers/password.php              |   2 +-
 modules/user/controllers/users.php                 |   4 +-
 modules/user/helpers/group.php                     |  18 +-
 .../user/libraries/drivers/Identity/Gallery.php    | 150 --------------
 .../libraries/drivers/IdentityProvider/Gallery.php | 150 ++++++++++++++
 modules/user/views/admin_users.html.php            |   2 +-
 62 files changed, 885 insertions(+), 769 deletions(-)
 create mode 100644 modules/gallery/helpers/identity.php
 delete mode 100644 modules/gallery/libraries/Identity.php
 create mode 100644 modules/gallery/libraries/IdentityProvider.php
 delete mode 100644 modules/gallery/libraries/MY_Session.php
 delete mode 100644 modules/gallery/libraries/drivers/Identity.php
 create mode 100644 modules/gallery/libraries/drivers/IdentityProvider.php
 delete mode 100644 modules/user/libraries/drivers/Identity/Gallery.php
 create mode 100644 modules/user/libraries/drivers/IdentityProvider/Gallery.php

(limited to 'modules/user/controllers')

diff --git a/modules/akismet/tests/Akismet_Helper_Test.php b/modules/akismet/tests/Akismet_Helper_Test.php
index 6788e7a3..745b455c 100644
--- a/modules/akismet/tests/Akismet_Helper_Test.php
+++ b/modules/akismet/tests/Akismet_Helper_Test.php
@@ -26,7 +26,7 @@ class Akismet_Helper_Test extends Unit_Test_Case {
 
     $root = ORM::factory("item", 1);
     $this->_comment = comment::create(
-      $root, Identity::guest(), "This is a comment",
+      $root, identity::guest(), "This is a comment",
       "John Doe", "john@gallery2.org", "http://gallery2.org");
     foreach ($this->_comment->list_fields("comments") as $name => $field) {
       if (strpos($name, "server_") === 0) {
diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index c0658cc1..09b9c607 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -65,7 +65,7 @@ class Comments_Controller extends REST_Controller {
     $form = comment::get_add_form($item);
     $valid = $form->validate();
     if ($valid) {
-      if (Session::active_user()->guest && !$form->add_comment->inputs["name"]->value) {
+      if (identity::active_user()->guest && !$form->add_comment->inputs["name"]->value) {
         $form->add_comment->inputs["name"]->add_error("missing", 1);
         $valid = false;
       }
@@ -78,13 +78,13 @@ class Comments_Controller extends REST_Controller {
 
     if ($valid) {
       $comment = comment::create(
-        $item, Session::active_user(),
+        $item, identity::active_user(),
         $form->add_comment->text->value,
         $form->add_comment->inputs["name"]->value,
         $form->add_comment->email->value,
         $form->add_comment->url->value);
 
-      $active = Session::active_user();
+      $active = identity::active_user();
       if ($active->guest) {
         $form->add_comment->inputs["name"]->value("");
         $form->add_comment->email->value("");
@@ -192,7 +192,7 @@ class Comments_Controller extends REST_Controller {
    *  @see REST_Controller::form_edit($resource)
    */
   public function _form_edit($comment) {
-    if (!Session::active_user()->admin) {
+    if (!identity::active_user()->admin) {
       access::forbidden();
     }
     print comment::get_edit_form($comment);
diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php
index e741266d..53d58afa 100644
--- a/modules/comment/helpers/comment.php
+++ b/modules/comment/helpers/comment.php
@@ -75,7 +75,7 @@ class comment_Core {
     module::event("comment_add_form", $form);
     $group->submit("")->value(t("Add"));
 
-    $active = Session::active_user();
+    $active = identity::active_user();
     if (!$active->guest) {
       $group->inputs["name"]->value($active->full_name)->disabled("disabled");
       $group->email->value($active->email)->disabled("disabled");
diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php
index 5e29e778..bb9b8833 100644
--- a/modules/comment/models/comment.php
+++ b/modules/comment/models/comment.php
@@ -23,7 +23,7 @@ class Comment_Model extends ORM {
   }
 
   function author() {
-    return Identity::lookup_user($this->author_id);
+    return identity::lookup_user($this->author_id);
   }
 
   function author_name() {
diff --git a/modules/comment/tests/Comment_Event_Test.php b/modules/comment/tests/Comment_Event_Test.php
index eb301893..f650cabf 100644
--- a/modules/comment/tests/Comment_Event_Test.php
+++ b/modules/comment/tests/Comment_Event_Test.php
@@ -22,7 +22,7 @@ class Comment_Event_Test extends Unit_Test_Case {
     $rand = rand();
     $album = album::create(ORM::factory("item", 1), "test_$rand", "test_$rand");
     $comment = comment::create(
-      $album, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
+      $album, identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
 
     $album->delete();
 
diff --git a/modules/comment/tests/Comment_Helper_Test.php b/modules/comment/tests/Comment_Helper_Test.php
index e8ab7c79..c635c3b7 100644
--- a/modules/comment/tests/Comment_Helper_Test.php
+++ b/modules/comment/tests/Comment_Helper_Test.php
@@ -48,7 +48,7 @@ class Comment_Helper_Test extends Unit_Test_Case {
     $rand = rand();
     $root = ORM::factory("item", 1);
     $comment = comment::create(
-      $root, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
+      $root, identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
 
     $this->assert_equal("name_$rand", $comment->author_name());
     $this->assert_equal("email_$rand", $comment->author_email());
@@ -77,7 +77,7 @@ class Comment_Helper_Test extends Unit_Test_Case {
   public function create_comment_for_user_test() {
     $rand = rand();
     $root = ORM::factory("item", 1);
-    $admin = Identity::lookup_user(2);
+    $admin = identity::lookup_user(2);
     $comment = comment::create(
       $root, $admin, "text_$rand", "name_$rand", "email_$rand", "url_$rand");
 
diff --git a/modules/comment/tests/Comment_Model_Test.php b/modules/comment/tests/Comment_Model_Test.php
index 84532a96..de19648d 100644
--- a/modules/comment/tests/Comment_Model_Test.php
+++ b/modules/comment/tests/Comment_Model_Test.php
@@ -22,17 +22,17 @@ class Comment_Model_Test extends Unit_Test_Case {
   public function cant_view_comments_for_unviewable_items_test() {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
-    $comment = comment::create($album, Identity::guest(), "text", "name", "email", "url");
-    Session::set_active_user(Identity::guest());
+    $comment = comment::create($album, identity::guest(), "text", "name", "email", "url");
+    identity::set_active_user(identity::guest());
 
     // We can see the comment when permissions are granted on the album
-    access::allow(Identity::everybody(), "view", $album);
+    access::allow(identity::everybody(), "view", $album);
     $this->assert_equal(
       1,
       ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
 
     // We can't see the comment when permissions are denied on the album
-    access::deny(Identity::everybody(), "view", $album);
+    access::deny(identity::everybody(), "view", $album);
     $this->assert_equal(
       0,
       ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php
index 8ea83601..1bb2691b 100644
--- a/modules/digibug/controllers/digibug.php
+++ b/modules/digibug/controllers/digibug.php
@@ -23,7 +23,7 @@ class Digibug_Controller extends Controller {
     $item = ORM::factory("item", $id);
     access::required("view", $item);
 
-    if (access::group_can(Identity::everybody(), "view_full", $item)) {
+    if (access::group_can(identity::everybody(), "view_full", $item)) {
       $full_url = $item->file_url(true);
       $thumb_url = $item->thumb_url(true);
     } else {
diff --git a/modules/digibug/tests/Digibug_Controller_Test.php b/modules/digibug/tests/Digibug_Controller_Test.php
index 19f57972..a56d58bb 100644
--- a/modules/digibug/tests/Digibug_Controller_Test.php
+++ b/modules/digibug/tests/Digibug_Controller_Test.php
@@ -35,8 +35,8 @@ class Digibug_Controller_Test extends Unit_Test_Case {
 
     $root = ORM::factory("item", 1);
     $this->_album = album::create($root,  rand(), "test album");
-    access::deny(Identity::everybody(), "view_full", $this->_album);
-    access::deny(Identity::registered_users(), "view_full", $this->_album);
+    access::deny(identity::everybody(), "view_full", $this->_album);
+    access::deny(identity::registered_users(), "view_full", $this->_album);
 
     $rand = rand();
     $this->_item = photo::create($this->_album, MODPATH . "gallery/tests/test.jpg", "$rand.jpg",
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php
index d24aab93..f55e7f32 100644
--- a/modules/g2_import/helpers/g2_import.php
+++ b/modules/g2_import/helpers/g2_import.php
@@ -230,16 +230,16 @@ class g2_import_Core {
     switch ($g2_group->getGroupType()) {
     case GROUP_NORMAL:
       try {
-        $group = Identity::create_group($g2_group->getGroupName());
+        $group = identity::create_group($g2_group->getGroupName());
       } catch (Exception $e) {
         // @todo For now we assume this is a "duplicate group" exception
-        $group = Identity::lookup_user_by_name($g2_group->getGroupname());
+        $group = identity::lookup_user_by_name($g2_group->getGroupname());
       }
       $message = t("Group '%name' was imported", array("name" => $g2_group->getGroupname()));
       break;
 
     case GROUP_ALL_USERS:
-      $group = Identity::registered_users();
+      $group = identity::registered_users();
       $message = t("Group 'Registered' was converted to '%name'", array("name" => $group->name));
       break;
 
@@ -248,7 +248,7 @@ class g2_import_Core {
       break;  // This is not a group in G3
 
     case GROUP_EVERYBODY:
-      $group = Identity::everybody();
+      $group = identity::everybody();
       $message = t("Group 'Everybody' was converted to '%name'", array("name" => $group->name));
       break;
     }
@@ -270,7 +270,7 @@ class g2_import_Core {
     }
 
     if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
-      self::set_map($g2_user_id, Identity::guest()->id);
+      self::set_map($g2_user_id, identity::guest()->id);
       return t("Skipping Anonymous User");
     }
 
@@ -285,11 +285,11 @@ class g2_import_Core {
     $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
 
     try {
-      $user = Identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), "");
+      $user = identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), "");
       $message = t("Created user: '%name'.", array("name" => $user->name));
     } catch (Exception $e) {
       // @todo For now we assume this is a "duplicate user" exception
-      $user = Identity::lookup_user_by_name($g2_user->getUsername());
+      $user = identity::lookup_user_by_name($g2_user->getUsername());
       $message = t("Loaded existing user: '%name'.", array("name" => $user->name));
     }
 
@@ -301,7 +301,7 @@ class g2_import_Core {
         $user->admin = true;
         $message .= t("\n\tAdded 'admin' flag to user");
       } else {
-        $group = Identity::lookup_group(self::map($g2_group_id));
+        $group = identity::lookup_group(self::map($g2_group_id));
         $user->add($group);
         $message .= t("\n\tAdded user to group '%group'.", array("group" => $group->name));
       }
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index 24eebe7d..98cac557 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -21,7 +21,7 @@ class Admin_Controller extends Controller {
   private $theme;
 
   public function __construct($theme=null) {
-    if (!(Session::active_user()->admin)) {
+    if (!(identity::active_user()->admin)) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/admin_identity.php b/modules/gallery/controllers/admin_identity.php
index 9d756a5c..d06132ff 100644
--- a/modules/gallery/controllers/admin_identity.php
+++ b/modules/gallery/controllers/admin_identity.php
@@ -21,7 +21,7 @@ class Admin_Identity_Controller extends Admin_Controller {
   public function index() {
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_identity.html");
-    $view->content->available = Identity::providers();
+    $view->content->available = identity::providers();
     $view->content->active = module::get_var("gallery", "identity_provider", "user");
     print $view;
   }
@@ -39,7 +39,7 @@ class Admin_Identity_Controller extends Admin_Controller {
     access::verify_csrf();
 
     $active_provider = module::get_var("gallery", "identity_provider", "user");
-    $providers = Identity::providers();
+    $providers = identity::providers();
 
     $new_provider = $this->input->post("provider");
 
@@ -47,13 +47,13 @@ class Admin_Identity_Controller extends Admin_Controller {
 
       module::event("pre_identity_change", $active_provider, $new_provider);
 
-      Identity::deactivate();
+      identity::deactivate();
 
       // Switch authentication
       module::set_var("gallery", "identity_provider", $new_provider);
-      Identity::reset();
+      identity::reset();
 
-      Identity::activate();
+      identity::activate();
 
       // @todo this type of collation is questionable from an i18n perspective
       message::success(t("Changed to %description",
diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index fabf67ce..24ceb0c9 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -111,7 +111,7 @@ class Albums_Controller extends Items_Controller {
         $this->input->post("name"),
         $this->input->post("title", $this->input->post("name")),
         $this->input->post("description"),
-        Session::active_user()->id,
+        identity::active_user()->id,
         $this->input->post("slug"));
 
       log::success("content", "Created an album",
@@ -146,7 +146,7 @@ class Albums_Controller extends Items_Controller {
         $_FILES["file"]["name"],
         $this->input->post("title", $this->input->post("name")),
         $this->input->post("description"),
-        Session::active_user()->id);
+        identity::active_user()->id);
 
       log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
       message::success(t("Added photo %photo_title",
diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php
index 2ab73102..6db67d3b 100644
--- a/modules/gallery/controllers/l10n_client.php
+++ b/modules/gallery/controllers/l10n_client.php
@@ -20,7 +20,7 @@
 class L10n_Client_Controller extends Controller {
   public function save() {
     access::verify_csrf();
-    if (!Session::active_user()->admin) {
+    if (!identity::active_user()->admin) {
       access::forbidden();
     }
 
@@ -85,7 +85,7 @@ class L10n_Client_Controller extends Controller {
 
   public function toggle_l10n_mode() {
     access::verify_csrf();
-    if (!Session::active_user()->admin) {
+    if (!identity::active_user()->admin) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 4c83d647..86e2b0a4 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -58,8 +58,8 @@ class Login_Controller extends Controller {
     $form = login::get_login_form($url);
     $valid = $form->validate();
     if ($valid) {
-      $user = Identity::lookup_user_by_name($form->login->inputs["name"]->value);
-      if (empty($user) || !Identity::is_correct_password($user, $form->login->password->value)) {
+      $user = identity::lookup_user_by_name($form->login->inputs["name"]->value);
+      if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) {
         log::warning(
           "user",
           t("Failed login for %name",
@@ -70,12 +70,12 @@ class Login_Controller extends Controller {
     }
 
     if ($valid) {
-      if (Identity::is_writable()) {
+      if (identity::is_writable()) {
         $user->login_count += 1;
         $user->last_login = time();
         $user->save();
       }
-      Session::set_active_user($user);
+      identity::set_active_user($user);
       log::info("user", t("User %name logged in", array("name" => $user->name)));
     }
 
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
index 058860fa..1b0364fd 100644
--- a/modules/gallery/controllers/logout.php
+++ b/modules/gallery/controllers/logout.php
@@ -19,7 +19,7 @@
  */
 class Logout_Controller extends Controller {
   public function index() {
-    $user = Session::active_user();
+    $user = identity::active_user();
     if (!$user->guest) {
       try {
         Session::instance()->destroy();
diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php
index 58c5b816..99943fbb 100644
--- a/modules/gallery/controllers/permissions.php
+++ b/modules/gallery/controllers/permissions.php
@@ -51,7 +51,7 @@ class Permissions_Controller extends Controller {
   function change($command, $group_id, $perm_id, $item_id) {
     access::verify_csrf();
 
-    $group = Identity::lookup_group($group_id);
+    $group = identity::lookup_group($group_id);
     $perm = ORM::factory("permission", $perm_id);
     $item = ORM::factory("item", $item_id);
     access::required("view", $item);
@@ -74,7 +74,7 @@ class Permissions_Controller extends Controller {
 
       // If the active user just took away their own edit permissions, give it back.
       if ($perm->name == "edit") {
-        if (!access::user_can(Session::active_user(), "edit", $item)) {
+        if (!access::user_can(identity::active_user(), "edit", $item)) {
           access::allow($group, $perm->name, $item);
         }
       }
@@ -84,7 +84,7 @@ class Permissions_Controller extends Controller {
   private function _get_form($item) {
     $view = new View("permissions_form.html");
     $view->item = $item;
-    $view->groups = Identity::groups();
+    $view->groups = identity::groups();
     $view->permissions = ORM::factory("permission")->find_all();
     return $view;
   }
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index e0c5d340..1aa607ef 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -40,7 +40,7 @@ class Upgrader_Controller extends Controller {
     }
 
     $view = new View("upgrader.html");
-    $view->can_upgrade = Session::active_user()->admin || $session->get("can_upgrade");
+    $view->can_upgrade = identity::active_user()->admin || $session->get("can_upgrade");
     $view->upgrade_token = $upgrade_token;
     $view->available = module::available();
     $view->done = ($available_upgrades == 0);
@@ -52,7 +52,7 @@ class Upgrader_Controller extends Controller {
       // @todo this may screw up some module installers, but we don't have a better answer at
       // this time.
       $_SERVER["HTTP_HOST"] = "example.com";
-    } else if (!Session::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
+    } else if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) {
       access::forbidden();
     }
 
diff --git a/modules/gallery/controllers/welcome_message.php b/modules/gallery/controllers/welcome_message.php
index cfdc3976..af0d6997 100644
--- a/modules/gallery/controllers/welcome_message.php
+++ b/modules/gallery/controllers/welcome_message.php
@@ -19,12 +19,12 @@
  */
 class Welcome_Message_Controller extends Controller {
   public function index() {
-    if (!Session::active_user()->admin) {
+    if (!identity::active_user()->admin) {
       url::redirect(item::root()->abs_url());
     }
 
     $v = new View("welcome_message.html");
-    $v->user = Session::active_user();
+    $v->user = identity::active_user();
     print $v;
   }
 }
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 4e7491e3..a3abbe2e 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -79,7 +79,7 @@ class access_Core {
    * @return boolean
    */
   static function can($perm_name, $item) {
-    return self::user_can(Session::active_user(), $perm_name, $item);
+    return self::user_can(identity::active_user(), $perm_name, $item);
   }
 
   /**
@@ -423,7 +423,7 @@ class access_Core {
     // This is ok at packaging time, so work around it.
     $config = module::get_var("gallery", "identity_provider");
     if (!empty($config)) {
-      return Identity::groups();
+      return identity::groups();
     } else {
       return array();
     }
diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php
index 18bb2609..84f8a7fb 100644
--- a/modules/gallery/helpers/gallery.php
+++ b/modules/gallery/helpers/gallery.php
@@ -27,7 +27,7 @@ class gallery_Core {
   static function maintenance_mode() {
     $maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
 
-    if (Router::$controller != "login" && !empty($maintenance_mode) && !Session::active_user()->admin) {
+    if (Router::$controller != "login" && !empty($maintenance_mode) && !identity::active_user()->admin) {
       Router::$controller = "maintenance";
       Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php";
       Router::$method = "index";
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 95be4813..b6afa2c8 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -23,11 +23,7 @@ class gallery_event_Core {
    * Initialization.
    */
   static function gallery_ready() {
-    // Call Identity::instance() now to force the load of the user interface classes.
-    // Session::load_user will attempt to load the active user from the session and needs
-    // the user definition class, which can't be reached by Kohana's heiracrchical lookup.
-    Identity::instance();
-    Session::load_user();
+    identity::load_user();
     locales::set_request_locale();
   }
 
@@ -139,7 +135,7 @@ class gallery_event_Core {
         }
       }
 
-      if (Session::active_user()->admin) {
+      if (identity::active_user()->admin) {
         $menu->append($admin_menu = Menu::factory("submenu")
                 ->id("admin_menu")
                 ->label(t("Admin")));
@@ -191,7 +187,7 @@ class gallery_event_Core {
                         ->id("sidebar")
                         ->label(t("Manage Sidebar"))
                         ->url(url::site("admin/sidebar"))));
-    if (count(Identity::providers()) > 1) {
+    if (count(identity::providers()) > 1) {
       $menu
         ->append(Menu::factory("submenu")
                  ->id("identity_menu")
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php
index 10e796fd..9c19eaed 100644
--- a/modules/gallery/helpers/gallery_installer.php
+++ b/modules/gallery/helpers/gallery_installer.php
@@ -317,7 +317,7 @@ class gallery_installer {
     }
 
     if ($version == 7) {
-      $groups = Identity::groups();
+      $groups = identity::groups();
       $permissions = ORM::factory("permission")->find_all();
       foreach($groups as $group) {
         foreach($permissions as $permission) {
diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index d21cb124..5f3eb2a9 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -54,7 +54,7 @@ class gallery_theme_Core {
   static function header_top($theme) {
     if ($theme->page_type != "login") {
       $view = new View("login.html");
-      $view->user = Session::active_user();
+      $view->user = identity::active_user();
       return $view->render();
     }
   }
diff --git a/modules/gallery/helpers/identity.php b/modules/gallery/helpers/identity.php
new file mode 100644
index 00000000..cf84c8a9
--- /dev/null
+++ b/modules/gallery/helpers/identity.php
@@ -0,0 +1,225 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+class identity_Core {
+  protected static $available;
+
+  /**
+   * Return a list of installed Identity Drivers.
+   *
+   * @return boolean true if the driver supports updates; false if read only
+   */
+  static function providers() {
+    if (empty(self::$available)) {
+      $drivers = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS);
+      foreach (module::available() as $module_name => $module) {
+        if (file_exists(MODPATH . "{$module_name}/config/identity.php")) {
+          $drivers->$module_name = $module->description;
+        }
+      }
+      self::$available = $drivers;
+    }
+    return self::$available;
+  }
+
+  /**
+   * Make sure that we have a session and group_ids cached in the session.
+   */
+  static function load_user() {
+    //try {
+      // Call IdentityProvider::instance() now to force the load of the user interface classes.
+      // We are about to load the active user from the session and which needs the user definition
+      // class, which can't be reached by Kohana's heiracrchical lookup.
+      IdentityProvider::instance();
+
+      $session = Session::instance();
+      if (!($user = $session->get("user"))) {
+        self::set_active_user($user = self::guest());
+      }
+
+      // The installer cannot set a user into the session, so it just sets an id which we should
+      // upconvert into a user.
+      // @todo set the user name into the session instead of 2 and then use it to get the user object
+      if ($user === 2) {
+        $user = IdentityProvider::instance()->lookup_user_by_name("admin");
+        self::set_active_user($user);
+        $session->set("user", $user);
+      }
+
+      if (!$session->get("group_ids")) {
+        $ids = array();
+        foreach ($user->groups as $group) {
+          $ids[] = $group->id;
+        }
+        $session->set("group_ids", $ids);
+      }
+      //} catch (Exception $e) {
+      //try {
+      //Session::instance()->destroy();
+      //} catch (Exception $e) {
+        // We don't care if there was a problem destroying the session.
+      //}
+      //url::redirect(item::root()->abs_url());
+      //}
+  }
+
+  /**
+   * Return the array of group ids this user belongs to
+   *
+   * @return array
+   */
+  static function group_ids_for_active_user() {
+    return Session::instance()->get("group_ids", array(1));
+  }
+
+  /**
+   * Return the active user.  If there's no active user, return the guest user.
+   *
+   * @return User_Definition
+   */
+  static function active_user() {
+    // @todo (maybe) cache this object so we're not always doing session lookups.
+    $user = Session::instance()->get("user", null);
+    if (!isset($user)) {
+      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
+      // work.
+      $user = identity::guest();
+    }
+    return $user;
+  }
+
+  /**
+   * Change the active user.
+   * @param User_Definition $user
+   */
+  static function set_active_user($user) {
+    $session = Session::instance();
+    $session->set("user", $user);
+    $session->delete("group_ids");
+    self::load_user();
+  }
+
+  /**
+   * Determine if if the current driver supports updates.
+   *
+   * @return boolean true if the driver supports updates; false if read only
+   */
+  static function is_writable() {
+    return IdentityProvider::instance()->is_writable();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::activate.
+   */
+  static function activate() {
+    IdentityProvider::instance()->activate();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::deactivate.
+   */
+  static function deactivate() {
+    IdentityProvider::instance()->deactivate();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::guest.
+   */
+  static function guest() {
+    return IdentityProvider::instance()->guest();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::create_user.
+   */
+  static function create_user($name, $full_name, $password) {
+    return IdentityProvider::instance()->create_user($name, $full_name, $password);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::is_correct_password.
+   */
+  static function is_correct_password($user, $password) {
+    return IdentityProvider::instance()->is_correct_password($user, $password);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_user.
+   */
+  static function lookup_user($id) {
+    return IdentityProvider::instance()->lookup_user($id);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_user_by_name.
+   */
+  static function lookup_user_by_name($name) {
+    return IdentityProvider::instance()->lookup_user_by_name($name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::create_group.
+   */
+  static function create_group($name) {
+    return IdentityProvider::instance()->create_group($name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::everybody.
+   */
+  static function everybody() {
+    return IdentityProvider::instance()->everybody();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::registered_users.
+   */
+  static function registered_users() {
+    return IdentityProvider::instance()->everybody();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_group.
+   */
+  static function lookup_group($id) {
+    return IdentityProvider::instance()->lookup_group($id);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_group_by_name.
+   */
+  static function lookup_group_by_name($name) {
+    return IdentityProvider::instance()->lookup_group_by_name($name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::get_user_list.
+   */
+  static function get_user_list($ids) {
+    return IdentityProvider::instance()->get_user_list($ids);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::groups.
+   */
+  static function groups() {
+    return IdentityProvider::instance()->groups();
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php
index 3d36a324..b3b6d0bb 100644
--- a/modules/gallery/helpers/item.php
+++ b/modules/gallery/helpers/item.php
@@ -158,8 +158,8 @@ class item_Core {
    */
   static function viewable($model) {
     $view_restrictions = array();
-    if (!Session::active_user()->admin) {
-      foreach (Session::group_ids_for_active_user() as $id) {
+    if (!identity::active_user()->admin) {
+      foreach (identity::group_ids_for_active_user() as $id) {
         // Separate the first restriction from the rest to make it easier for us to formulate
         // our where clause below
         if (empty($view_restrictions)) {
diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index f80fce03..c2a606cd 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -141,7 +141,7 @@ class locales_Core {
     $locale = self::cookie_locale();
     // 2. Check the user's preference
     if (!$locale) {
-      $locale = Session::active_user()->locale;
+      $locale = identity::active_user()->locale;
     }
     // 3. Check the browser's / OS' preference
     if (!$locale) {
diff --git a/modules/gallery/helpers/log.php b/modules/gallery/helpers/log.php
index d1b34e3a..184b0b97 100644
--- a/modules/gallery/helpers/log.php
+++ b/modules/gallery/helpers/log.php
@@ -80,7 +80,7 @@ class log_Core {
     $log->url = substr(url::abs_current(true), 0, 255);
     $log->referer = request::referrer(null);
     $log->timestamp = time();
-    $log->user_id = Session::active_user()->id;
+    $log->user_id = identity::active_user()->id;
     $log->save();
   }
 
diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php
index 9541f20e..6dac0803 100644
--- a/modules/gallery/helpers/movie.php
+++ b/modules/gallery/helpers/movie.php
@@ -77,7 +77,7 @@ class movie_Core {
     $movie->title = $title;
     $movie->description = $description;
     $movie->name = $name;
-    $movie->owner_id = $owner_id ? $owner_id : Session::active_user()->id;
+    $movie->owner_id = $owner_id ? $owner_id : identity::active_user()->id;
     $movie->width = $movie_info[0];
     $movie->height = $movie_info[1];
     $movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv";
diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php
index 193293e8..01cf5278 100644
--- a/modules/gallery/helpers/photo.php
+++ b/modules/gallery/helpers/photo.php
@@ -76,7 +76,7 @@ class photo_Core {
     $photo->title = $title;
     $photo->description = $description;
     $photo->name = $name;
-    $photo->owner_id = $owner_id ? $owner_id : Session::active_user()->id;
+    $photo->owner_id = $owner_id ? $owner_id : identity::active_user()->id;
     $photo->width = $image_info[0];
     $photo->height = $image_info[1];
     $photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime'];
diff --git a/modules/gallery/helpers/site_status.php b/modules/gallery/helpers/site_status.php
index 06b29fda..2b090776 100644
--- a/modules/gallery/helpers/site_status.php
+++ b/modules/gallery/helpers/site_status.php
@@ -95,7 +95,7 @@ class site_status_Core {
    * @return html text
    */
   static function get() {
-    if (!Session::active_user()->admin) {
+    if (!identity::active_user()->admin) {
       return;
     }
     $buf = array();
diff --git a/modules/gallery/helpers/task.php b/modules/gallery/helpers/task.php
index f84fd10e..dac5f9d3 100644
--- a/modules/gallery/helpers/task.php
+++ b/modules/gallery/helpers/task.php
@@ -42,7 +42,7 @@ class task_Core {
     $task->percent_complete = 0;
     $task->status = "";
     $task->state = "started";
-    $task->owner_id = Session::active_user()->id;
+    $task->owner_id = identity::active_user()->id;
     $task->context = serialize($context);
     $task->save();
 
diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php
index 74a08c77..6eedec0d 100644
--- a/modules/gallery/libraries/Admin_View.php
+++ b/modules/gallery/libraries/Admin_View.php
@@ -36,12 +36,12 @@ class Admin_View_Core extends Gallery_View {
     parent::__construct($name);
 
     $this->theme_name = module::get_var("gallery", "active_admin_theme");
-    if (Session::active_user()->admin) {
+    if (identity::active_user()->admin) {
       $this->theme_name = Input::instance()->get("theme", $this->theme_name);
     }
     $this->sidebar = "";
     $this->set_global("theme", $this);
-    $this->set_global("user", Session::active_user());
+    $this->set_global("user", identity::active_user());
   }
 
   public function admin_menu() {
diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php
deleted file mode 100644
index 1dd5d23b..00000000
--- a/modules/gallery/libraries/Identity.php
+++ /dev/null
@@ -1,222 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-/**
- * Provides a driver-based interface for managing users and groups.
- */
-class Identity_Core {
-  protected static $instance;
-
-  protected static $active;
-
-  // Configuration
-  protected $config;
-
-  // Driver object
-  protected $driver;
-
-  /**
-   * Returns a singleton instance of Identity.
-   * There can only be one Identity driver configured at a given point
-   *
-   * @param   string  configuration
-   * @return  Identity_Core
-   */
-  static function & instance() {
-   if (!isset(self::$instance)) {
-      // Create a new instance
-      self::$instance = new Identity();
-    }
-
-    return self::$instance;
-  }
-
-  /**
-   * Returns a singleton instance of Identity.
-   * There can only be one Identity driver configured at a given point
-   *
-   * @param   string  configuration
-   * @return  Identity_Core
-   */
-  static function reset() {
-    self::$instance = new Identity();
-  }
-
-  /**
-   * Loads the configured driver and validates it.
-   *
-   * @return  void
-   */
-  public function __construct() {
-    $config = module::get_var("gallery", "identity_provider", "user");
-
-    // Test the config group name
-    if (($this->config = Kohana::config("identity.".$config)) === NULL) {
-      throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $config");
-    }
-
-    // Set driver name
-    $driver = "Identity_".ucfirst($this->config["driver"])."_Driver";
-
-    // Load the driver
-    if ( ! Kohana::auto_load($driver)) {
-      throw new Kohana_Exception("core.driver_not_found", $this->config["driver"],
-                                 get_class($this));
-    }
-
-    // Initialize the driver
-    $this->driver = new $driver($this->config["params"]);
-
-    // Validate the driver
-    if ( !($this->driver instanceof Identity_Driver)) {
-      throw new Kohana_Exception("core.driver_implements", $this->config["driver"],
-                                 get_class($this), "Identity_Driver");
-    }
-
-    Kohana::log("debug", "Identity Library initialized");
-  }
-
-  /**
-   * Return a list of installed Identity Drivers.
-   *
-   * @return boolean true if the driver supports updates; false if read only
-   */
-  static function providers() {
-    if (empty(self::$active)) {
-      $drivers = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS);
-      foreach (module::active() as $module) {
-        $module_name = $module->name;
-        if (file_exists(MODPATH . "{$module->name}/config/identity.php") &&
-            ($info = module::info($module_name))) {
-          $drivers->$module_name = $info->description;
-        }
-      }
-      self::$active = $drivers;
-    }
-    return self::$active;
-  }
-
-  /**
-   * @see Identity_Driver::activate.
-   */
-  static function activate() {
-    self::instance()->driver->activate();
-  }
-
-  /**
-   * @see Identity_Driver::deactivate.
-   */
-  static function deactivate() {
-    self::instance()->driver->deactivate();
-  }
-
-  /**
-   * Determine if if the current driver supports updates.
-   *
-   * @return boolean true if the driver supports updates; false if read only
-   */
-  static function is_writable() {
-    return !empty(self::instance()->config["allow_updates"]);
-  }
-
-  /**
-   * @see Identity_Driver::guest.
-   */
-  static function guest() {
-    return self::instance()->driver->guest();
-  }
-
-  /**
-   * @see Identity_Driver::create_user.
-   */
-  static function create_user($name, $full_name, $password) {
-    return self::instance()->driver->create_user($name, $full_name, $password);
-  }
-
-  /**
-   * @see Identity_Driver::is_correct_password.
-   */
-  static function is_correct_password($user, $password) {
-    return self::instance()->driver->is_correct_password($user, $password);
-  }
-
-  /**
-   * @see Identity_Driver::lookup_user.
-   */
-  static function lookup_user($id) {
-    return self::instance()->driver->lookup_user($id);
-  }
-
-  /**
-   * @see Identity_Driver::lookup_user_by_name.
-   */
-  static function lookup_user_by_name($name) {
-    return self::instance()->driver->lookup_user_by_name($name);
-  }
-
-  /**
-   * @see Identity_Driver::create_group.
-   */
-  static function create_group($name) {
-    return self::instance()->driver->create_group($name);
-  }
-
-  /**
-   * @see Identity_Driver::everybody.
-   */
-  static function everybody() {
-    return self::instance()->driver->everybody();
-  }
-
-  /**
-   * @see Identity_Driver::registered_users.
-   */
-  static function registered_users() {
-    return self::instance()->driver->everybody();
-  }
-
-  /**
-   * @see Identity_Driver::lookup_group.
-   */
-  static function lookup_group($id) {
-    return self::instance()->driver->lookup_group($id);
-  }
-
-  /**
-   * @see Identity_Driver::lookup_group_by_name.
-   */
-  static function lookup_group_by_name($name) {
-    return self::instance()->driver->lookup_group_by_name($name);
-  }
-
-  /**
-   * @see Identity_Driver::get_user_list.
-   */
-  static function get_user_list($ids) {
-    return self::instance()->driver->get_user_list($ids);
-  }
-
-  /**
-   * @see Identity_Driver::groups.
-   */
-  static function groups() {
-    return self::instance()->driver->groups();
-  }
-} // End Identity
diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php
new file mode 100644
index 00000000..512f28eb
--- /dev/null
+++ b/modules/gallery/libraries/IdentityProvider.php
@@ -0,0 +1,200 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+/**
+ * Provides a driver-based interface for managing users and groups.
+ */
+class IdentityProvider_Core {
+  protected static $instance;
+
+  // Configuration
+  protected $config;
+
+  // Driver object
+  protected $driver;
+
+  /**
+   * Returns a singleton instance of Identity.
+   * There can only be one Identity driver configured at a given point
+   *
+   * @param   string  configuration
+   * @return  Identity_Core
+   */
+  static function & instance() {
+   if (!isset(self::$instance)) {
+      // Create a new instance
+      self::$instance = new IdentityProvider();
+    }
+
+    return self::$instance;
+  }
+
+  /**
+   * Returns a singleton instance of Identity.
+   * There can only be one Identity driver configured at a given point
+   *
+   * @param   string  configuration
+   * @return  Identity_Core
+   */
+  static function reset() {
+    self::$instance = new IdentityProvider();
+  }
+
+  /**
+   * Loads the configured driver and validates it.
+   *
+   * @return  void
+   */
+  public function __construct() {
+    $config = module::get_var("gallery", "identity_provider", "user");
+
+    // Test the config group name
+    if (($this->config = Kohana::config("identity.".$config)) === NULL) {
+      throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $config");
+    }
+
+    // Set driver name
+    $driver = "IdentityProvider_".ucfirst($this->config["driver"])."_Driver";
+
+    // Load the driver
+    if ( ! Kohana::auto_load($driver)) {
+      throw new Kohana_Exception("core.driver_not_found", $this->config["driver"],
+                                 get_class($this));
+    }
+
+    // Initialize the driver
+    $this->driver = new $driver($this->config["params"]);
+
+    // Validate the driver
+    if ( !($this->driver instanceof IdentityProvider_Driver)) {
+      throw new Kohana_Exception("core.driver_implements", $this->config["driver"],
+                                 get_class($this), "IdentityProvider_Driver");
+    }
+
+    Kohana::log("debug", "Identity Library initialized");
+  }
+
+  /**
+   * Determine if if the current driver supports updates.
+   *
+   * @return boolean true if the driver supports updates; false if read only
+   */
+  public function is_writable() {
+    return !empty($this->config["allow_updates"]);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::activate.
+   */
+  public function activate() {
+    $this->driver->activate();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::deactivate.
+   */
+  public function deactivate() {
+    $this->driver->deactivate();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::guest.
+   */
+  public function guest() {
+    return $this->driver->guest();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::create_user.
+   */
+  public function create_user($name, $full_name, $password) {
+    return $this->driver->create_user($name, $full_name, $password);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::is_correct_password.
+   */
+  public function is_correct_password($user, $password) {
+    return $this->driver->is_correct_password($user, $password);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_user.
+   */
+  public function lookup_user($id) {
+    return $this->driver->lookup_user($id);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_user_by_name.
+   */
+  public function lookup_user_by_name($name) {
+    return $this->driver->lookup_user_by_name($name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::create_group.
+   */
+  public function create_group($name) {
+    return $this->driver->create_group($name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::everybody.
+   */
+  public function everybody() {
+    return $this->driver->everybody();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::registered_users.
+   */
+  public function registered_users() {
+    return $this->driver->everybody();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_group.
+   */
+  public function lookup_group($id) {
+    return $this->driver->lookup_group($id);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_group_by_name.
+   */
+  public function lookup_group_by_name($name) {
+    return $this->driver->lookup_group_by_name($name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::get_user_list.
+   */
+  public function get_user_list($ids) {
+    return $this->driver->get_user_list($ids);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::groups.
+   */
+  public function groups() {
+    return $this->driver->groups();
+  }
+} // End Identity
diff --git a/modules/gallery/libraries/MY_Session.php b/modules/gallery/libraries/MY_Session.php
deleted file mode 100644
index 1a3ae801..00000000
--- a/modules/gallery/libraries/MY_Session.php
+++ /dev/null
@@ -1,93 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-class Session extends Session_Core {
-  /**
-   * Make sure that we have a session and group_ids cached in the session.
-   */
-  static function load_user() {
-    try {
-      $session = Session::instance();
-      if (!($user = $session->get("user"))) {
-        $session->set("user", $user = Identity::guest());
-      }
-
-      // The installer cannot set a user into the session, so it just sets an id which we should
-      // upconvert into a user.
-      // @todo set the user name into the session instead of 2 and then use it to get the user object
-      if ($user === 2) {
-        $user = Instance::lookup_user_by_name("admin");
-        self::set_active_user($user);
-        $session->set("user", $user);
-      }
-
-      if (!$session->get("group_ids")) {
-        $ids = array();
-        foreach ($user->groups as $group) {
-          $ids[] = $group->id;
-        }
-        $session->set("group_ids", $ids);
-      }
-    } catch (Exception $e) {
-      try {
-        Session::instance()->destroy();
-      } catch (Exception $e) {
-        // We don't care if there was a problem destroying the session.
-      }
-      url::redirect(item::root()->abs_url());
-    }
-  }
-
-  /**
-   * Return the array of group ids this user belongs to
-   *
-   * @return array
-   */
-  static function group_ids_for_active_user() {
-    return self::instance()->get("group_ids", array(1));
-  }
-
-  /**
-   * Return the active user.  If there's no active user, return the guest user.
-   *
-   * @return User_Definition
-   */
-  static function active_user() {
-    // @todo (maybe) cache this object so we're not always doing session lookups.
-    $user = self::instance()->get("user", null);
-    if (!isset($user)) {
-      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
-      // work.
-      $user = Identity::guest();
-    }
-    return $user;
-  }
-
-  /**
-   * Change the active user.
-   * @param User_Definition $user
-   */
-  static function set_active_user($user) {
-    $session = Session::instance();
-    $session->set("user", $user);
-    $session->delete("group_ids");
-    self::load_user();
-  }
-}
\ No newline at end of file
diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php
index 2fdc7531..68ec325f 100644
--- a/modules/gallery/libraries/Theme_View.php
+++ b/modules/gallery/libraries/Theme_View.php
@@ -37,13 +37,13 @@ class Theme_View_Core extends Gallery_View {
     parent::__construct($name);
 
     $this->theme_name = module::get_var("gallery", "active_site_theme");
-    if (Session::active_user()->admin) {
+    if (identity::active_user()->admin) {
       $this->theme_name = Input::instance()->get("theme", $this->theme_name);
     }
     $this->item = null;
     $this->tag = null;
     $this->set_global("theme", $this);
-    $this->set_global("user", Session::active_user());
+    $this->set_global("user", identity::active_user());
     $this->set_global("page_type", $page_type);
     $this->set_global("page_title", null);
     if ($page_type == "album") {
@@ -158,7 +158,7 @@ class Theme_View_Core extends Gallery_View {
    */
   public function sidebar_blocks() {
     $sidebar = block_manager::get_html("site.sidebar", $this);
-    if (empty($sidebar) && Session::active_user()->admin) {
+    if (empty($sidebar) && identity::active_user()->admin) {
       $sidebar = new View("no_sidebar.html");
     }
     return $sidebar;
diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php
deleted file mode 100644
index 39b2a9c7..00000000
--- a/modules/gallery/libraries/drivers/Identity.php
+++ /dev/null
@@ -1,123 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-interface Identity_Driver {
-  /**
-   * Initialize the provider so it is ready to use
-   */
-  public function activate();
-
-  /**
-   * Cleanup up this provider so it is unavailable for use and won't conflict with the current driver
-   */
-  public function deactivate();
-
-  /**
-   * Return the guest user.
-   *
-   * @return User_Definition the user object
-   */
-  public function guest();
-
-  /**
-   * Create a new user.
-   *
-   * @param string  $name
-   * @param string  $full_name
-   * @param string  $password
-   * @return User_Definition the user object
-   */
-  public function create_user($name, $full_name, $password);
-
-  /**
-   * Is the password provided correct?
-   *
-   * @param user User_Definition the user object
-   * @param string $password a plaintext password
-   * @return boolean true if the password is correct
-   */
-  public function is_correct_password($user, $password);
-
-  /**
-   * Look up a user by id.
-   * @param integer     id
-   * @return User_Definition the user object, or null if the name was invalid.
-   */
-  public function lookup_user($id);
-
-  /**
-   * Look up a user by name.
-   * @param string      name
-  * @return User_Definition the user object, or null if the name was invalid.
-   */
-  public function lookup_user_by_name($name);
-
-  /**
-   * Create a new group.
-   *
-   * @param string  $name
-   * @return Group_Definition the group object
-   */
-  public function create_group($name);
-
-  /**
-   * The group of all possible visitors.  This includes the guest user.
-   *
-   * @return Group_Definition the group object
-   */
-  public function everybody();
-
-  /**
-   * The group of all logged-in visitors.  This does not include guest users.
-   *
-   * @return Group_Definition the group object
-   */
-  public function registered_users();
-
-  /**
-   * List the users
-   * @param array      array of ids to return the user objects for
-   * @return array     the user list.
-   */
-  public function get_user_list($ids);
-
-  /**
-   * Look up a group by id.
-   * @param integer     id
-   * @return Group_Definition the user object, or null if the name was invalid.
-   */
-  public function lookup_group($id);
-
-  /**
-   * Look up the group by name.
-   * @param string     $name the name of the group to locate
-   * @return Group_Definition
-   */
-  public function lookup_group_by_name($name);
-
-  /**
-   * List the groups defined in the Identity Provider
-   */
-  public function groups();
-
-} // End Identity Driver Definition
-
-interface Group_Definition {}
-
-interface User_Definition {}
diff --git a/modules/gallery/libraries/drivers/IdentityProvider.php b/modules/gallery/libraries/drivers/IdentityProvider.php
new file mode 100644
index 00000000..8a578d1b
--- /dev/null
+++ b/modules/gallery/libraries/drivers/IdentityProvider.php
@@ -0,0 +1,123 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+interface IdentityProvider_Driver {
+  /**
+   * Initialize the provider so it is ready to use
+   */
+  public function activate();
+
+  /**
+   * Cleanup up this provider so it is unavailable for use and won't conflict with the current driver
+   */
+  public function deactivate();
+
+  /**
+   * Return the guest user.
+   *
+   * @return User_Definition the user object
+   */
+  public function guest();
+
+  /**
+   * Create a new user.
+   *
+   * @param string  $name
+   * @param string  $full_name
+   * @param string  $password
+   * @return User_Definition the user object
+   */
+  public function create_user($name, $full_name, $password);
+
+  /**
+   * Is the password provided correct?
+   *
+   * @param user User_Definition the user object
+   * @param string $password a plaintext password
+   * @return boolean true if the password is correct
+   */
+  public function is_correct_password($user, $password);
+
+  /**
+   * Look up a user by id.
+   * @param integer     id
+   * @return User_Definition the user object, or null if the name was invalid.
+   */
+  public function lookup_user($id);
+
+  /**
+   * Look up a user by name.
+   * @param string      name
+  * @return User_Definition the user object, or null if the name was invalid.
+   */
+  public function lookup_user_by_name($name);
+
+  /**
+   * Create a new group.
+   *
+   * @param string  $name
+   * @return Group_Definition the group object
+   */
+  public function create_group($name);
+
+  /**
+   * The group of all possible visitors.  This includes the guest user.
+   *
+   * @return Group_Definition the group object
+   */
+  public function everybody();
+
+  /**
+   * The group of all logged-in visitors.  This does not include guest users.
+   *
+   * @return Group_Definition the group object
+   */
+  public function registered_users();
+
+  /**
+   * List the users
+   * @param array      array of ids to return the user objects for
+   * @return array     the user list.
+   */
+  public function get_user_list($ids);
+
+  /**
+   * Look up a group by id.
+   * @param integer     id
+   * @return Group_Definition the user object, or null if the name was invalid.
+   */
+  public function lookup_group($id);
+
+  /**
+   * Look up the group by name.
+   * @param string     $name the name of the group to locate
+   * @return Group_Definition
+   */
+  public function lookup_group_by_name($name);
+
+  /**
+   * List the groups defined in the Identity Provider
+   */
+  public function groups();
+
+} // End Identity Driver Definition
+
+interface Group_Definition {}
+
+interface User_Definition {}
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index ba44709f..db89c6df 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -333,7 +333,7 @@ class Item_Model extends ORM_MPTT {
       // This relationship depends on an outside module, which may not be present so handle
       // failures gracefully.
       try {
-        return Identity::lookup_user($this->owner_id);
+        return identity::lookup_user($this->owner_id);
       } catch (Exception $e) {
         return null;
       }
diff --git a/modules/gallery/models/log.php b/modules/gallery/models/log.php
index 1d639857..4f6b8c4b 100644
--- a/modules/gallery/models/log.php
+++ b/modules/gallery/models/log.php
@@ -26,7 +26,7 @@ class Log_Model extends ORM {
       // This relationship depends on an outside module, which may not be present so handle
       // failures gracefully.
       try {
-        return Identity::lookup_user($this->user_id);
+        return identity::lookup_user($this->user_id);
       } catch (Exception $e) {
         return null;
       }
diff --git a/modules/gallery/models/task.php b/modules/gallery/models/task.php
index 548e5f9c..f40be492 100644
--- a/modules/gallery/models/task.php
+++ b/modules/gallery/models/task.php
@@ -46,7 +46,7 @@ class Task_Model extends ORM {
   }
 
   public function owner() {
-    return Identity::lookup_user($this->owner_id);
+    return identity::lookup_user($this->owner_id);
   }
 
   /**
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index dac431a7..e9e5cb26 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -22,7 +22,7 @@ class Access_Helper_Test extends Unit_Test_Case {
 
   public function teardown() {
     try {
-      $group = Identity::lookup_group_by_name("access_test");
+      $group = identity::lookup_group_by_name("access_test");
       if (!empty($group)) {
         $group->delete();
       }
@@ -33,7 +33,7 @@ class Access_Helper_Test extends Unit_Test_Case {
     } catch (Exception $e) { }
 
     try {
-      $user = Identity::lookup_user_by_name("access_test");
+      $user = identity::lookup_user_by_name("access_test");
       if (!empty($user)) {
         $user->delete();
       }
@@ -41,16 +41,16 @@ class Access_Helper_Test extends Unit_Test_Case {
 
     // Reset some permissions that we mangle below
     $root = ORM::factory("item", 1);
-    access::allow(Identity::everybody(), "view", $root);
+    access::allow(identity::everybody(), "view", $root);
   }
 
   public function setup() {
-    Session::set_active_user(Identity::guest());
+    identity::set_active_user(identity::guest());
   }
 
   public function groups_and_permissions_are_bound_to_columns_test() {
     access::register_permission("access_test", "Access Test");
-    $group = Identity::create_group("access_test");
+    $group = identity::create_group("access_test");
 
     // We have a new column for this perm / group combo
     $fields = Database::instance()->list_fields("access_caches");
@@ -65,17 +65,17 @@ class Access_Helper_Test extends Unit_Test_Case {
   }
 
   public function user_can_access_test() {
-    $access_test = Identity::create_group("access_test");
+    $access_test = identity::create_group("access_test");
 
     $root = ORM::factory("item", 1);
     access::allow($access_test, "view", $root);
 
     $item = album::create($root,  rand(), "test album");
 
-    access::deny(Identity::everybody(), "view", $item);
-    access::deny(Identity::registered_users(), "view", $item);
+    access::deny(identity::everybody(), "view", $item);
+    access::deny(identity::registered_users(), "view", $item);
 
-    $user = Identity::create_user("access_test", "Access Test", "");
+    $user = identity::create_user("access_test", "Access Test", "");
     foreach ($user->groups as $group) {
       $user->remove($group);
     }
@@ -89,10 +89,10 @@ class Access_Helper_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $item = album::create($root,  rand(), "test album");
 
-    access::deny(Identity::everybody(), "view", $item);
-    access::deny(Identity::registered_users(), "view", $item);
+    access::deny(identity::everybody(), "view", $item);
+    access::deny(identity::registered_users(), "view", $item);
 
-    $user = Identity::create_user("access_test", "Access Test", "");
+    $user = identity::create_user("access_test", "Access Test", "");
     foreach ($user->groups as $group) {
       $user->remove($group);
     }
@@ -121,11 +121,11 @@ class Access_Helper_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
 
     $album = album::create($root, rand(), "test album");
-    access::allow(Identity::everybody(), "view", $album);
+    access::allow(identity::everybody(), "view", $album);
 
     $photo = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "");
 
-    $this->assert_true($photo->__get("view_" . Identity::everybody()->id));
+    $this->assert_true($photo->__get("view_" . identity::everybody()->id));
   }
 
   public function can_allow_deny_and_reset_intent_test() {
@@ -134,23 +134,23 @@ class Access_Helper_Test extends Unit_Test_Case {
     $intent = ORM::factory("access_intent")->where("item_id", $album)->find();
 
     // Allow
-    access::allow(Identity::everybody(), "view", $album);
+    access::allow(identity::everybody(), "view", $album);
     $this->assert_same(access::ALLOW, $intent->reload()->view_1);
 
     // Deny
-    access::deny(Identity::everybody(), "view", $album);
+    access::deny(identity::everybody(), "view", $album);
     $this->assert_same(
       access::DENY,
       ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
 
     // Allow again.  If the initial value was allow, then the first Allow clause above may not
     // have actually changed any values.
-    access::allow(Identity::everybody(), "view", $album);
+    access::allow(identity::everybody(), "view", $album);
     $this->assert_same(
       access::ALLOW,
       ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
 
-    access::reset(Identity::everybody(), "view", $album);
+    access::reset(identity::everybody(), "view", $album);
     $this->assert_same(
       null,
       ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
@@ -158,7 +158,7 @@ class Access_Helper_Test extends Unit_Test_Case {
 
   public function cant_reset_root_item_test() {
     try {
-      access::reset(Identity::everybody(), "view", ORM::factory("item", 1));
+      access::reset(identity::everybody(), "view", ORM::factory("item", 1));
     } catch (Exception $e) {
       return;
     }
@@ -167,17 +167,17 @@ class Access_Helper_Test extends Unit_Test_Case {
 
   public function can_view_item_test() {
     $root = ORM::factory("item", 1);
-    access::allow(Identity::everybody(), "view", $root);
-    $this->assert_true(access::group_can(Identity::everybody(), "view", $root));
+    access::allow(identity::everybody(), "view", $root);
+    $this->assert_true(access::group_can(identity::everybody(), "view", $root));
   }
 
   public function can_always_fails_on_unloaded_items_test() {
     $root = ORM::factory("item", 1);
-    access::allow(Identity::everybody(), "view", $root);
-    $this->assert_true(access::group_can(Identity::everybody(), "view", $root));
+    access::allow(identity::everybody(), "view", $root);
+    $this->assert_true(access::group_can(identity::everybody(), "view", $root));
 
     $bogus = ORM::factory("item", -1);
-    $this->assert_false(access::group_can(Identity::everybody(), "view", $bogus));
+    $this->assert_false(access::group_can(identity::everybody(), "view", $bogus));
   }
 
   public function cant_view_child_of_hidden_parent_test() {
@@ -185,21 +185,21 @@ class Access_Helper_Test extends Unit_Test_Case {
     $album = album::create($root, rand(), "test album");
 
     $root->reload();
-    access::deny(Identity::everybody(), "view", $root);
-    access::reset(Identity::everybody(), "view", $album);
+    access::deny(identity::everybody(), "view", $root);
+    access::reset(identity::everybody(), "view", $album);
 
     $album->reload();
-    $this->assert_false(access::group_can(Identity::everybody(), "view", $album));
+    $this->assert_false(access::group_can(identity::everybody(), "view", $album));
   }
 
   public function view_permissions_propagate_down_test() {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), "test album");
 
-    access::allow(Identity::everybody(), "view", $root);
-    access::reset(Identity::everybody(), "view", $album);
+    access::allow(identity::everybody(), "view", $root);
+    access::reset(identity::everybody(), "view", $album);
     $album->reload();
-    $this->assert_true(access::group_can(Identity::everybody(), "view", $album));
+    $this->assert_true(access::group_can(identity::everybody(), "view", $album));
   }
 
   public function can_toggle_view_permissions_propagate_down_test() {
@@ -214,18 +214,18 @@ class Access_Helper_Test extends Unit_Test_Case {
     $album3->reload();
     $album4->reload();
 
-    access::allow(Identity::everybody(), "view", $root);
-    access::deny(Identity::everybody(), "view", $album1);
-    access::reset(Identity::everybody(), "view", $album2);
-    access::reset(Identity::everybody(), "view", $album3);
-    access::reset(Identity::everybody(), "view", $album4);
+    access::allow(identity::everybody(), "view", $root);
+    access::deny(identity::everybody(), "view", $album1);
+    access::reset(identity::everybody(), "view", $album2);
+    access::reset(identity::everybody(), "view", $album3);
+    access::reset(identity::everybody(), "view", $album4);
 
     $album4->reload();
-    $this->assert_false(access::group_can(Identity::everybody(), "view", $album4));
+    $this->assert_false(access::group_can(identity::everybody(), "view", $album4));
 
-    access::allow(Identity::everybody(), "view", $album1);
+    access::allow(identity::everybody(), "view", $album1);
     $album4->reload();
-    $this->assert_true(access::group_can(Identity::everybody(), "view", $album4));
+    $this->assert_true(access::group_can(identity::everybody(), "view", $album4));
   }
 
   public function revoked_view_permissions_cant_be_allowed_lower_down_test() {
@@ -234,29 +234,29 @@ class Access_Helper_Test extends Unit_Test_Case {
     $album2 = album::create($album1, rand(), "test album");
 
     $root->reload();
-    access::deny(Identity::everybody(), "view", $root);
-    access::allow(Identity::everybody(), "view", $album2);
+    access::deny(identity::everybody(), "view", $root);
+    access::allow(identity::everybody(), "view", $album2);
 
     $album1->reload();
-    $this->assert_false(access::group_can(Identity::everybody(), "view", $album1));
+    $this->assert_false(access::group_can(identity::everybody(), "view", $album1));
 
     $album2->reload();
-    $this->assert_false(access::group_can(Identity::everybody(), "view", $album2));
+    $this->assert_false(access::group_can(identity::everybody(), "view", $album2));
   }
 
   public function can_edit_item_test() {
     $root = ORM::factory("item", 1);
-    access::allow(Identity::everybody(), "edit", $root);
-    $this->assert_true(access::group_can(Identity::everybody(), "edit", $root));
+    access::allow(identity::everybody(), "edit", $root);
+    $this->assert_true(access::group_can(identity::everybody(), "edit", $root));
   }
 
   public function non_view_permissions_propagate_down_test() {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), "test album");
 
-    access::allow(Identity::everybody(), "edit", $root);
-    access::reset(Identity::everybody(), "edit", $album);
-    $this->assert_true(access::group_can(Identity::everybody(), "edit", $album));
+    access::allow(identity::everybody(), "edit", $root);
+    access::reset(identity::everybody(), "edit", $album);
+    $this->assert_true(access::group_can(identity::everybody(), "edit", $album));
   }
 
   public function non_view_permissions_can_be_revoked_lower_down_test() {
@@ -276,36 +276,36 @@ class Access_Helper_Test extends Unit_Test_Case {
     $outer->reload();
     $inner->reload();
 
-    access::allow(Identity::everybody(), "edit", $root);
-    access::deny(Identity::everybody(), "edit", $outer);
-    access::allow(Identity::everybody(), "edit", $inner);
+    access::allow(identity::everybody(), "edit", $root);
+    access::deny(identity::everybody(), "edit", $outer);
+    access::allow(identity::everybody(), "edit", $inner);
 
     // Outer album is not editable, inner one is.
-    $this->assert_false(access::group_can(Identity::everybody(), "edit", $outer_photo));
-    $this->assert_true(access::group_can(Identity::everybody(), "edit", $inner_photo));
+    $this->assert_false(access::group_can(identity::everybody(), "edit", $outer_photo));
+    $this->assert_true(access::group_can(identity::everybody(), "edit", $inner_photo));
   }
 
   public function i_can_edit_test() {
     // Create a new user that belongs to no groups
-    $user = Identity::create_user("access_test", "Access Test", "");
+    $user = identity::create_user("access_test", "Access Test", "");
     foreach ($user->groups as $group) {
       $user->remove($group);
     }
     $user->save();
-    Session::set_active_user($user);
+    identity::set_active_user($user);
 
     // This user can't edit anything
     $root = ORM::factory("item", 1);
     $this->assert_false(access::can("edit", $root));
 
     // Now add them to a group that has edit permission
-    $group = Identity::create_group("access_test");
+    $group = identity::create_group("access_test");
     $group->add($user);
     $group->save();
     access::allow($group, "edit", $root);
 
-    $user = Identity::lookup_user($user->id);  // reload() does not flush related columns
-    Session::set_active_user($user);
+    $user = identity::lookup_user($user->id);  // reload() does not flush related columns
+    identity::set_active_user($user);
 
     // And verify that the user can edit.
     $this->assert_true(access::can("edit", $root));
@@ -317,16 +317,16 @@ class Access_Helper_Test extends Unit_Test_Case {
 
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
 
-    access::deny(Identity::everybody(), "view", $album);
+    access::deny(identity::everybody(), "view", $album);
     $this->assert_true(file_exists($album->file_path() . "/.htaccess"));
 
-    access::allow(Identity::everybody(), "view", $album);
+    access::allow(identity::everybody(), "view", $album);
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
 
-    access::deny(Identity::everybody(), "view", $album);
+    access::deny(identity::everybody(), "view", $album);
     $this->assert_true(file_exists($album->file_path() . "/.htaccess"));
 
-    access::reset(Identity::everybody(), "view", $album);
+    access::reset(identity::everybody(), "view", $album);
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
   }
 
@@ -338,44 +338,44 @@ class Access_Helper_Test extends Unit_Test_Case {
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
 
-    access::deny(Identity::everybody(), "view_full", $album);
+    access::deny(identity::everybody(), "view_full", $album);
     $this->assert_true(file_exists($album->file_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
 
-    access::allow(Identity::everybody(), "view_full", $album);
+    access::allow(identity::everybody(), "view_full", $album);
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
 
-    access::deny(Identity::everybody(), "view_full", $album);
+    access::deny(identity::everybody(), "view_full", $album);
     $this->assert_true(file_exists($album->file_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
 
-    access::reset(Identity::everybody(), "view_full", $album);
+    access::reset(identity::everybody(), "view_full", $album);
     $this->assert_false(file_exists($album->file_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
   }
 
   public function moved_items_inherit_new_permissions_test() {
-    Session::set_active_user(Identity::lookup_user_by_name("admin"));
+    identity::set_active_user(identity::lookup_user_by_name("admin"));
 
     $root = ORM::factory("item", 1);
     $public_album = album::create($root, rand(), "public album");
     $public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
-    access::allow(Identity::everybody(), "view", $public_album);
+    access::allow(identity::everybody(), "view", $public_album);
 
     $root->reload();  // Account for MPTT changes
 
     $private_album = album::create($root, rand(), "private album");
-    access::deny(Identity::everybody(), "view", $private_album);
+    access::deny(identity::everybody(), "view", $private_album);
     $private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
 
     // Make sure that we now have a public photo and private photo.
-    $this->assert_true(access::group_can(Identity::everybody(), "view", $public_photo));
-    $this->assert_false(access::group_can(Identity::everybody(), "view", $private_photo));
+    $this->assert_true(access::group_can(identity::everybody(), "view", $public_photo));
+    $this->assert_false(access::group_can(identity::everybody(), "view", $private_photo));
 
     // Swap the photos
     item::move($public_photo, $private_album);
@@ -391,7 +391,7 @@ class Access_Helper_Test extends Unit_Test_Case {
     $public_photo->reload();
 
     // Make sure that the public_photo is now private, and the private_photo is now public.
-    $this->assert_false(access::group_can(Identity::everybody(), "view", $public_photo));
-    $this->assert_true(access::group_can(Identity::everybody(), "view", $private_photo));
+    $this->assert_false(access::group_can(identity::everybody(), "view", $public_photo));
+    $this->assert_true(access::group_can(identity::everybody(), "view", $private_photo));
   }
 }
diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php
index fa46d924..b85b5258 100644
--- a/modules/gallery/tests/Albums_Controller_Test.php
+++ b/modules/gallery/tests/Albums_Controller_Test.php
@@ -45,7 +45,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
     $_POST["csrf"] = access::csrf_token();
     $_POST["slug"] = "new_name";
     $_POST["_method"] = "put";
-    access::allow(Identity::everybody(), "edit", $root);
+    access::allow(identity::everybody(), "edit", $root);
 
     ob_start();
     $controller->_update($this->_album);
@@ -69,7 +69,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
     $_POST["name"] = "new name";
     $_POST["title"] = "new title";
     $_POST["description"] = "new description";
-    access::allow(Identity::everybody(), "edit", $root);
+    access::allow(identity::everybody(), "edit", $root);
 
     try {
       $controller->_update($this->_album);
diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php
index fc01db91..a364423a 100644
--- a/modules/gallery/tests/Item_Helper_Test.php
+++ b/modules/gallery/tests/Item_Helper_Test.php
@@ -23,16 +23,16 @@ class Item_Helper_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $album = album::create($root, rand(), rand(), rand());
     $item = self::_create_random_item($album);
-    Session::set_active_user(Identity::guest());
+    identity::set_active_user(identity::guest());
 
     // We can see the item when permissions are granted
-    access::allow(Identity::everybody(), "view", $album);
+    access::allow(identity::everybody(), "view", $album);
     $this->assert_equal(
       1,
       ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
 
     // We can't see the item when permissions are denied
-    access::deny(Identity::everybody(), "view", $album);
+    access::deny(identity::everybody(), "view", $album);
     $this->assert_equal(
       0,
       ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php
index 59c3f78a..2e5d7fe3 100644
--- a/modules/gallery/tests/Photos_Controller_Test.php
+++ b/modules/gallery/tests/Photos_Controller_Test.php
@@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
     $root = ORM::factory("item", 1);
     $photo = photo::create(
       $root, MODPATH . "gallery/tests/test.jpg", "test.jpeg",
-      "test", "test", Session::active_user()->id, "slug");
+      "test", "test", identity::active_user()->id, "slug");
     $orig_name = $photo->name;
 
     $_POST["filename"] = "test.jpeg";
@@ -40,7 +40,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
     $_POST["description"] = "new description";
     $_POST["slug"] = "new-slug";
     $_POST["csrf"] = access::csrf_token();
-    access::allow(Identity::everybody(), "edit", $root);
+    access::allow(identity::everybody(), "edit", $root);
 
     ob_start();
     $controller->_update($photo);
@@ -64,7 +64,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
     $_POST["name"] = "new name";
     $_POST["title"] = "new title";
     $_POST["description"] = "new description";
-    access::allow(Identity::everybody(), "edit", $root);
+    access::allow(identity::everybody(), "edit", $root);
 
     try {
       $controller->_update($photo);
diff --git a/modules/gallery/views/kohana_error_page.php b/modules/gallery/views/kohana_error_page.php
index 0256fabb..0d8801e5 100644
--- a/modules/gallery/views/kohana_error_page.php
+++ b/modules/gallery/views/kohana_error_page.php
@@ -57,7 +57,7 @@
     <title><?= t("Something went wrong!") ?></title>
   </head>
   <body>
-    <? try { $user = Session::active_user(); } catch (Exception $e) { } ?>
+    <? try { $user = identity::active_user(); } catch (Exception $e) { } ?>
     <? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
     <div class="big_box" id="framework_error">
       <h1>
diff --git a/modules/gallery/views/login.html.php b/modules/gallery/views/login.html.php
index 6695d564..961f44fa 100644
--- a/modules/gallery/views/login.html.php
+++ b/modules/gallery/views/login.html.php
@@ -8,7 +8,7 @@
   </li>
   <? else: ?>
   <li class="first">
-    <? if (Identity::is_writable()): ?>
+    <? if (identity::is_writable()): ?>
     <?= t('Logged in as %name', array('name' => html::mark_clean(
       '<a href="' . url::site("form/edit/users/{$user->id}") .
       '" title="' . t("Edit Your Profile")->for_html_attr() .
diff --git a/modules/gallery/views/login_ajax.html.php b/modules/gallery/views/login_ajax.html.php
index 6ed40571..a9a9ef11 100644
--- a/modules/gallery/views/login_ajax.html.php
+++ b/modules/gallery/views/login_ajax.html.php
@@ -36,7 +36,7 @@
     <li id="g-login-form">
       <?= $form ?>
     </li>
-    <? if (Identity::is_writable()): ?>
+    <? if (identity::is_writable()): ?>
     <li>
       <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
     </li>
diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php
index 080f154b..9a40b0b9 100644
--- a/modules/notification/helpers/notification.php
+++ b/modules/notification/helpers/notification.php
@@ -20,7 +20,7 @@
 class notification {
   static function get_subscription($item_id, $user=null) {
     if (empty($user)) {
-      $user = Session::active_user();
+      $user = identity::active_user();
     }
 
     return ORM::factory("subscription")
@@ -31,7 +31,7 @@ class notification {
 
   static function is_watching($item, $user=null) {
     if (empty($user)) {
-      $user = Session::active_user();
+      $user = identity::active_user();
     }
 
     return ORM::factory("subscription")
@@ -44,7 +44,7 @@ class notification {
   static function add_watch($item, $user=null) {
     if ($item->is_album()) {
       if (empty($user)) {
-        $user = Session::active_user();
+        $user = identity::active_user();
       }
       $subscription = ORM::factory("subscription");
       $subscription->item_id = $item->id;
@@ -56,7 +56,7 @@ class notification {
   static function remove_watch($item, $user=null) {
     if ($item->is_album()) {
       if (empty($user)) {
-        $user = Session::active_user();
+        $user = identity::active_user();
       }
 
       $subscription = ORM::factory("subscription")
@@ -81,7 +81,7 @@ class notification {
     if (empty($subscriber_ids)) {
       return array();
     }
-    $users = Identity::get_user_list($subscriber_ids);
+    $users = identity::get_user_list($subscriber_ids);
 
     $subscribers = array();
     foreach ($users as $user) {
diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php
index f0530cd9..3a369155 100644
--- a/modules/notification/helpers/notification_event.php
+++ b/modules/notification/helpers/notification_event.php
@@ -95,7 +95,7 @@ class notification_event_Core {
   }
 
   static function site_menu($menu, $theme) {
-    if (!Session::active_user()->guest) {
+    if (!identity::active_user()->guest) {
       $item = $theme->item();
 
       if ($item && $item->is_album() && access::can("view", $item)) {
diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php
index 8b14cfa9..f9da9a16 100644
--- a/modules/search/helpers/search.php
+++ b/modules/search/helpers/search.php
@@ -22,8 +22,8 @@ class search_Core {
     $db = Database::instance();
     $q = $db->escape_str($q);
 
-    if (!Session::active_user()->admin) {
-      foreach (Session::group_ids_for_active_user() as $id) {
+    if (!identity::active_user()->admin) {
+      foreach (identity::group_ids_for_active_user() as $id) {
         $fields[] = "`view_$id` = TRUE"; // access::ALLOW
       }
       $access_sql = "AND (" . join(" AND ", $fields) . ")";
diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php
index 428065f6..53a3d091 100644
--- a/modules/server_add/controllers/server_add.php
+++ b/modules/server_add/controllers/server_add.php
@@ -103,7 +103,7 @@ class Server_Add_Controller extends Admin_Controller {
     access::verify_csrf();
 
     $task = ORM::factory("task", $task_id);
-    if (!$task->loaded || $task->owner_id != Session::active_user()->id) {
+    if (!$task->loaded || $task->owner_id != identity::active_user()->id) {
       access::forbidden();
     }
 
@@ -207,7 +207,7 @@ class Server_Add_Controller extends Admin_Controller {
         $task->set("mode", "done");
       }
 
-      $owner_id = Session::active_user()->id;
+      $owner_id = identity::active_user()->id;
       foreach ($entries as $entry) {
         if (microtime(true) - $start > 0.5) {
           break;
diff --git a/modules/server_add/helpers/server_add_event.php b/modules/server_add/helpers/server_add_event.php
index 8f8b0016..1d883a71 100644
--- a/modules/server_add/helpers/server_add_event.php
+++ b/modules/server_add/helpers/server_add_event.php
@@ -30,7 +30,7 @@ class server_add_event_Core {
     $item = $theme->item();
     $paths = unserialize(module::get_var("server_add", "authorized_paths"));
 
-    if ($item && Session::active_user()->admin && $item->is_album() && !empty($paths) &&
+    if ($item && identity::active_user()->admin && $item->is_album() && !empty($paths) &&
         is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) {
       $menu->get("add_menu")
         ->append(Menu::factory("dialog")
diff --git a/modules/server_add/helpers/server_add_theme.php b/modules/server_add/helpers/server_add_theme.php
index 44681d36..9da8969a 100644
--- a/modules/server_add/helpers/server_add_theme.php
+++ b/modules/server_add/helpers/server_add_theme.php
@@ -19,7 +19,7 @@
  */
 class server_add_theme_Core {
   static function head($theme) {
-    if (Session::active_user()->admin) {
+    if (identity::active_user()->admin) {
       $theme->script("server_add.js");
     }
   }
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 258de843..8b96ebd2 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -69,7 +69,7 @@ class Admin_Users_Controller extends Admin_Controller {
   public function delete_user($id) {
     access::verify_csrf();
 
-    if ($id == Session::active_user()->id || $id == user::guest()->id) {
+    if ($id == identity::active_user()->id || $id == user::guest()->id) {
       access::forbidden();
     }
 
@@ -136,7 +136,7 @@ class Admin_Users_Controller extends Admin_Controller {
       }
 
       // An admin can change the admin status for any user but themselves
-      if ($user->id != Session::active_user()->id) {
+      if ($user->id != identity::active_user()->id) {
         $user->admin = $form->edit_user->admin->checked;
       }
       $user->save();
@@ -158,7 +158,7 @@ class Admin_Users_Controller extends Admin_Controller {
 
     $form = $this->_get_user_edit_form_admin($user);
     // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == Session::active_user()->id) {
+    if ($user->id == identity::active_user()->id) {
       $form->edit_user->admin->disabled(1);
     }
     print $form;
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index a8f1c5ca..6bef1a17 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -46,7 +46,7 @@ class Password_Controller extends Controller {
 
     $valid = $form->validate();
     if ($valid) {
-      $user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value);
+      $user = identity::lookup_user_by_name($form->reset->inputs["name"]->value);
       if (!$user->loaded || empty($user->email)) {
         $form->reset->inputs["name"]->add_error("no_email", 1);
         $valid = false;
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 0ccf3e2a..dee54f63 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -21,7 +21,7 @@ class Users_Controller extends Controller {
   public function update($id) {
     $user = user::lookup($id);
 
-    if ($user->guest || $user->id != Session::active_user()->id) {
+    if ($user->guest || $user->id != identity::active_user()->id) {
       access::forbidden();
     }
 
@@ -59,7 +59,7 @@ class Users_Controller extends Controller {
 
   public function form_edit($id) {
     $user = user::lookup($id);
-    if ($user->guest || $user->id != Session::active_user()->id) {
+    if ($user->guest || $user->id != identity::active_user()->id) {
       access::forbidden();
     }
 
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
index 8ad52564..567b2ee4 100644
--- a/modules/user/helpers/group.php
+++ b/modules/user/helpers/group.php
@@ -25,7 +25,10 @@
  */
 class group_Core {
   /**
-   * @see Identity_Driver::create.
+   * Create a new group.
+   *
+   * @param string  $name
+   * @return Group_Definition the group object
    */
   static function create($name) {
     $group = ORM::factory("group")->where("name", $name)->find();
@@ -39,14 +42,18 @@ class group_Core {
   }
 
   /**
-   * @see Identity_Driver::everbody.
+   * The group of all possible visitors.  This includes the guest user.
+   *
+   * @return Group_Definition the group object
    */
   static function everybody() {
     return model_cache::get("group", 1);
   }
 
   /**
-   * @see Identity_Driver::registered_users.
+   * The group of all logged-in visitors.  This does not include guest users.
+   *
+   * @return Group_Definition the group object
    */
   static function registered_users() {
     return model_cache::get("group", 2);
@@ -71,7 +78,10 @@ class group_Core {
   }
 
   /**
-   * @see Identity_Driver::get_group_list.
+   * Search the groups by the field and value.
+   * @param string      $field_name column to look up the user by
+   * @param string      $value value to match
+   * @return Group_Definition  the group object, or null if the name was invalid.
    */
   static function lookup_by_field($field_name, $value) {
     try {
diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php
deleted file mode 100644
index 36f37543..00000000
--- a/modules/user/libraries/drivers/Identity/Gallery.php
+++ /dev/null
@@ -1,150 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-/*
- * Based on the Cache_Sqlite_Driver developed by the Kohana Team
- */
-class Identity_Gallery_Driver implements Identity_Driver {
-  /**
-   * @see Identity_Driver::activate.
-   */
-  public function activate() {
-    user::activate();
-  }
-
-  /**
-   * @see Identity_Driver::deactivate.
-   */
-  public function deactivate() {
-    user::deactivate();
-  }
-
-  /**
-   * @see Identity_Driver::guest.
-   */
-  public function guest() {
-    return user::guest();
-  }
-
-  /**
-   * @see Identity_Driver::create_user.
-   */
-  public function create_user($name, $full_name, $password) {
-    return user::create($name, $full_name, $password);
-  }
-
-  /**
-   * @see Identity_Driver::is_correct_password.
-   */
-  public function is_correct_password($user, $password) {
-    $valid = $user->password;
-
-    // Try phpass first, since that's what we generate.
-    if (strlen($valid) == 34) {
-      require_once(MODPATH . "user/lib/PasswordHash.php");
-      $hashGenerator = new PasswordHash(10, true);
-      return $hashGenerator->CheckPassword($password, $valid);
-    }
-
-    $salt = substr($valid, 0, 4);
-    // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes:
-    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
-    if (!strcmp($guess, $valid)) {
-      return true;
-    }
-
-    // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities
-    $sanitizedPassword = html::specialchars($password, false);
-    $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
-          : ($salt . md5($salt . $sanitizedPassword));
-    if (!strcmp($guess, $valid)) {
-      return true;
-    }
-
-    return false;
-  }
-
-  /**
-   * @see Identity_Driver::lookup_user.
-   */
-  public function lookup_user($id) {
-    return user::lookup_by_field("id", $id);
-  }
-
-  /**
-   * @see Identity_Driver::lookup_user_by_name.
-   */
-  public function lookup_user_by_name($name) {
-    return user::lookup_by_field("name", $name);
-  }
-
-  /**
-   * @see Identity_Driver::create_group.
-   */
-  public function create_group($name) {
-    return group::create($name);
-  }
-
-  /**
-   * @see Identity_Driver::everybody.
-   */
-  public function everybody() {
-    return group::everybody();
-  }
-
-  /**
-   * @see Identity_Driver::registered_users.
-   */
-  public function registered_users() {
-    return group::registered_users();
-  }
-
-  /**
-   * @see Identity_Driver::lookup_group.
-   */
-  public function lookup_group($id) {
-    return group::lookup_by_field("id", $id);
-  }
-
-  /**
-   * @see Identity_Driver::lookup_group_by_name.
-   */
-  public function lookup_group_by_name($name) {
-    return group::lookup_by_field("name", $name);
-  }
-
-  /**
-   * @see Identity_Driver::get_user_list.
-   */
-  public function get_user_list($ids) {
-    return ORM::factory("user")
-      ->in("id", $ids)
-      ->find_all()
-      ->as_array();
-  }
-
-  /**
-   * @see Identity_Driver::groups.
-   */
-  public function groups() {
-    return ORM::factory("group")->find_all();
-  }
-
-} // End Identity Gallery Driver
-
diff --git a/modules/user/libraries/drivers/IdentityProvider/Gallery.php b/modules/user/libraries/drivers/IdentityProvider/Gallery.php
new file mode 100644
index 00000000..5941abb7
--- /dev/null
+++ b/modules/user/libraries/drivers/IdentityProvider/Gallery.php
@@ -0,0 +1,150 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+/*
+ * Based on the Cache_Sqlite_Driver developed by the Kohana Team
+ */
+class Identity_Gallery_Driver implements IdentityProvider_Driver {
+  /**
+   * @see IdentityProvider_Driver::activate.
+   */
+  public function activate() {
+    user::activate();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::deactivate.
+   */
+  public function deactivate() {
+    user::deactivate();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::guest.
+   */
+  public function guest() {
+    return user::guest();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::create_user.
+   */
+  public function create_user($name, $full_name, $password) {
+    return user::create($name, $full_name, $password);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::is_correct_password.
+   */
+  public function is_correct_password($user, $password) {
+    $valid = $user->password;
+
+    // Try phpass first, since that's what we generate.
+    if (strlen($valid) == 34) {
+      require_once(MODPATH . "user/lib/PasswordHash.php");
+      $hashGenerator = new PasswordHash(10, true);
+      return $hashGenerator->CheckPassword($password, $valid);
+    }
+
+    $salt = substr($valid, 0, 4);
+    // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes:
+    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
+    if (!strcmp($guess, $valid)) {
+      return true;
+    }
+
+    // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities
+    $sanitizedPassword = html::specialchars($password, false);
+    $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
+          : ($salt . md5($salt . $sanitizedPassword));
+    if (!strcmp($guess, $valid)) {
+      return true;
+    }
+
+    return false;
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_user.
+   */
+  public function lookup_user($id) {
+    return user::lookup_by_field("id", $id);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_user_by_name.
+   */
+  public function lookup_user_by_name($name) {
+    return user::lookup_by_field("name", $name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::create_group.
+   */
+  public function create_group($name) {
+    return group::create($name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::everybody.
+   */
+  public function everybody() {
+    return group::everybody();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::registered_users.
+   */
+  public function registered_users() {
+    return group::registered_users();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_group.
+   */
+  public function lookup_group($id) {
+    return group::lookup_by_field("id", $id);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::lookup_group_by_name.
+   */
+  public function lookup_group_by_name($name) {
+    return group::lookup_by_field("name", $name);
+  }
+
+  /**
+   * @see IdentityProvider_Driver::get_user_list.
+   */
+  public function get_user_list($ids) {
+    return ORM::factory("user")
+      ->in("id", $ids)
+      ->find_all()
+      ->as_array();
+  }
+
+  /**
+   * @see IdentityProvider_Driver::groups.
+   */
+  public function groups() {
+    return ORM::factory("group")->find_all();
+  }
+
+} // End Identity Gallery Driver
+
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index ee8d413c..fed92c5e 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -91,7 +91,7 @@
                   open_text="<?= t("close") ?>"
                   class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
                 <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
-              <? if (Session::active_user()->id != $user->id && !$user->guest): ?>
+              <? if (identity::active_user()->id != $user->id && !$user->guest): ?>
               <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
                   class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
                 <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-- 
cgit v1.2.3


From 2e998664d57bcaf38e8d1dc19606768bd6f557a3 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 23 Oct 2009 09:23:02 -0700
Subject: move controllers and views to the user module to make the Identity
 Provider refactor smaller

---
 modules/gallery/controllers/password.php      | 133 ------------
 modules/gallery/helpers/group.php             | 120 -----------
 modules/gallery/helpers/user.php              | 279 --------------------------
 modules/gallery/views/reset_password.html.php |  17 --
 modules/user/controllers/password.php         | 133 ++++++++++++
 modules/user/helpers/group.php                | 120 +++++++++++
 modules/user/helpers/user.php                 | 279 ++++++++++++++++++++++++++
 modules/user/views/reset_password.html.php    |  17 ++
 8 files changed, 549 insertions(+), 549 deletions(-)
 delete mode 100644 modules/gallery/controllers/password.php
 delete mode 100644 modules/gallery/helpers/group.php
 delete mode 100644 modules/gallery/helpers/user.php
 delete mode 100644 modules/gallery/views/reset_password.html.php
 create mode 100644 modules/user/controllers/password.php
 create mode 100644 modules/user/helpers/group.php
 create mode 100644 modules/user/helpers/user.php
 create mode 100644 modules/user/views/reset_password.html.php

(limited to 'modules/user/controllers')

diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php
deleted file mode 100644
index e8b08960..00000000
--- a/modules/gallery/controllers/password.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Password_Controller extends Controller {
-  public function reset() {
-    if (request::method() == "post") {
-      // @todo separate the post from get parts of this function
-      access::verify_csrf();
-      $this->_send_reset();
-    } else {
-      print $this->_reset_form();
-    }
-  }
-
-  public function do_reset() {
-    if (request::method() == "post") {
-      $this->_change_password();
-    } else {
-      $user = user::lookup_by_hash(Input::instance()->get("key"));
-      if (!empty($user)) {
-        print $this->_new_password_form($user->hash);
-      } else {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-    }
-  }
-
-  private function _send_reset() {
-    $form = $this->_reset_form();
-
-    $valid = $form->validate();
-    if ($valid) {
-      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
-      if (!$user->loaded || empty($user->email)) {
-        $form->reset->inputs["name"]->add_error("no_email", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $user->hash = md5(rand());
-      $user->save();
-      $message = new View("reset_password.html");
-      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
-      $message->user = $user;
-
-      Sendmail::factory()
-        ->to($user->email)
-        ->subject(t("Password Reset Request"))
-        ->header("Mime-Version", "1.0")
-        ->header("Content-type", "text/html; charset=iso-8859-1")
-        ->message($message->render())
-        ->send();
-
-      log::success(
-        "user",
-        t("Password reset email sent for user %name", array("name" => $user->name)));
-    } else {
-      // Don't include the username here until you're sure that it's XSS safe
-      log::warning(
-        "user", "Password reset email requested for bogus user");
-    }
-
-    message::success(t("Password reset email sent"));
-    print json_encode(
-      array("result" => "success"));
-  }
-
-  private function _reset_form() {
-    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
-    $group = $form->group("reset")->label(t("Reset Password"));
-    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
-    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
-    $group->submit("")->value(t("Reset"));
-
-    return $form;
-  }
-
-  private function _new_password_form($hash=null) {
-    $template = new Theme_View("page.html", "reset");
-
-    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
-    $group = $form->group("reset")->label(t("Change Password"));
-    $hidden = $group->hidden("hash");
-    if (!empty($hash)) {
-      $hidden->value($hash);
-    }
-    $group->password("password")->label(t("Password"))->id("g-password")
-      ->rules("required|length[1,40]");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password);
-    $group->inputs["password2"]->error_messages(
-      "mistyped", t("The password and the confirm password must match"));
-    $group->submit("")->value(t("Update"));
-
-    $template->content = $form;
-    return $template;
-  }
-
-  private function _change_password() {
-    $view = $this->_new_password_form();
-    if ($view->content->validate()) {
-      $user = user::lookup_by_hash(Input::instance()->get("key"));
-      if (empty($user)) {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-
-      $user->password = $view->content->reset->password->value;
-      $user->hash = null;
-      $user->save();
-      message::success(t("Password reset successfully"));
-      url::redirect(item::root()->abs_url());
-    } else {
-      print $view;
-    }
-  }
-}
\ No newline at end of file
diff --git a/modules/gallery/helpers/group.php b/modules/gallery/helpers/group.php
deleted file mode 100644
index 1702fb87..00000000
--- a/modules/gallery/helpers/group.php
+++ /dev/null
@@ -1,120 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-/**
- * This is the API for handling groups.
- *
- * Note: by design, this class does not do any permission checking.
- */
-class group_Core {
-  /**
-   * Create a new group.
-   *
-   * @param string  $name
-   * @return Group_Model
-   */
-  static function create($name) {
-    $group = ORM::factory("group")->where("name", $name)->find();
-    if ($group->loaded) {
-      throw new Exception("@todo GROUP_ALREADY_EXISTS $name");
-    }
-
-    $group->name = $name;
-    $group->save();
-
-    return $group;
-  }
-
-  /**
-   * The group of all possible visitors.  This includes the guest user.
-   *
-   * @return Group_Model
-   */
-  static function everybody() {
-    return model_cache::get("group", 1);
-  }
-
-  /**
-   * The group of all logged-in visitors.  This does not include guest users.
-   *
-   * @return Group_Model
-   */
-  static function registered_users() {
-    return model_cache::get("group", 2);
-  }
-
-  /**
-   * Look up a user by id.
-   * @param integer      $id the user id
-   * @return User_Model  the user object, or null if the id was invalid.
-   */
-  static function lookup($id) {
-    return self::_lookup_group_by_field("id", $id);
-  }
-
-  /**
-   * Look up a group by name.
-   * @param integer      $id the group name
-   * @return Group_Model  the group object, or null if the name was invalid.
-   */
-  static function lookup_by_name($name) {
-    return self::_lookup_group_by_field("name", $name);
-  }
-
-  /**
-   * Look up a user by field value.
-   * @param string      search field
-   * @param string      search value
-   * @return Group_Model  the user object, or null if the name was invalid.
-   */
-  private static function _lookup_group_by_field($field_name, $value) {
-    try {
-      $user = model_cache::get("group", $value, $field_name);
-      if ($user->loaded) {
-        return $user;
-      }
-    } catch (Exception $e) {
-      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
-       throw $e;
-      }
-    }
-    return null;
-  }
-
-  /**
-   * List the users
-   * @param mixed      filters (@see Database.php
-   * @return array     the group list.
-   */
-  static function get_group_list($filter=array()) {
-    $group = ORM::factory("group");
-
-    foreach($filter as $method => $args) {
-      switch ($method) {
-      case "in":
-        $group->in($args[0], $args[1]);
-        break;
-      default:
-        $group->$method($args);
-      }
-    }
-    return $group->find_all();
-  }
-}
diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php
deleted file mode 100644
index e7e75d64..00000000
--- a/modules/gallery/helpers/user.php
+++ /dev/null
@@ -1,279 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-/**
- * This is the API for handling users.
- *
- * Note: by design, this class does not do any permission checking.
- */
-class user_Core {
-  static function get_login_form($url) {
-    $form = new Forge($url, "", "post", array("id" => "g-login-form"));
-    $form->set_attr('class', "g-narrow");
-    $group = $form->group("login")->label(t("Login"));
-    $group->input("name")->label(t("Username"))->id("g-username")->class(null);
-    $group->password("password")->label(t("Password"))->id("g-password")->class(null);
-    $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
-    $group->submit("")->value(t("Login"));
-    return $form;
-  }
-
-  /**
-   * Make sure that we have a session and group_ids cached in the session.
-   */
-  static function load_user() {
-    $session = Session::instance();
-    if (!($user = $session->get("user"))) {
-      $session->set("user", $user = user::guest());
-    }
-
-    // The installer cannot set a user into the session, so it just sets an id which we should
-    // upconvert into a user.
-    if ($user === 2) {
-      $user = model_cache::get("user", 2);
-      user::login($user);
-      $session->set("user", $user);
-    }
-
-    if (!$session->get("group_ids")) {
-      $ids = array();
-      foreach ($user->groups as $group) {
-        $ids[] = $group->id;
-      }
-      $session->set("group_ids", $ids);
-    }
-  }
-
-  /**
-   * Return the array of group ids this user belongs to
-   *
-   * @return array
-   */
-  static function group_ids() {
-    return Session::instance()->get("group_ids", array(1));
-  }
-
-  /**
-   * Return the active user.  If there's no active user, return the guest user.
-   *
-   * @return User_Model
-   */
-  static function active() {
-    // @todo (maybe) cache this object so we're not always doing session lookups.
-    $user = Session::instance()->get("user", null);
-    if (!isset($user)) {
-      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
-      // work.
-      $user = user::guest();
-    }
-    return $user;
-  }
-
-  /**
-   * Return the guest user.
-   *
-   * @todo consider caching
-   *
-   * @return User_Model
-   */
-  static function guest() {
-    return model_cache::get("user", 1);
-  }
-
-  /**
-   * Change the active user.
-   *
-   * @return User_Model
-   */
-  static function set_active($user) {
-    $session = Session::instance();
-    $session->set("user", $user);
-    $session->delete("group_ids");
-    self::load_user();
-  }
-
-  /**
-   * Create a new user.
-   *
-   * @param string  $name
-   * @param string  $full_name
-   * @param string  $password
-   * @return User_Model
-   */
-  static function create($name, $full_name, $password) {
-    $user = ORM::factory("user")->where("name", $name)->find();
-    if ($user->loaded) {
-      throw new Exception("@todo USER_ALREADY_EXISTS $name");
-    }
-
-    $user->name = $name;
-    $user->full_name = $full_name;
-    $user->password = $password;
-
-    // Required groups
-    $user->add(group::everybody());
-    $user->add(group::registered_users());
-
-    $user->save();
-    return $user;
-  }
-
-  /**
-   * Is the password provided correct?
-   *
-   * @param user User Model
-   * @param string $password a plaintext password
-   * @return boolean true if the password is correct
-   */
-  static function is_correct_password($user, $password) {
-    $valid = $user->password;
-
-    // Try phpass first, since that's what we generate.
-    if (strlen($valid) == 34) {
-      require_once(MODPATH . "user/lib/PasswordHash.php");
-      $hashGenerator = new PasswordHash(10, true);
-      return $hashGenerator->CheckPassword($password, $valid);
-    }
-
-    $salt = substr($valid, 0, 4);
-    // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes:
-    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
-    if (!strcmp($guess, $valid)) {
-      return true;
-    }
-
-    // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities
-    $sanitizedPassword = html::specialchars($password, false);
-    $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
-          : ($salt . md5($salt . $sanitizedPassword));
-    if (!strcmp($guess, $valid)) {
-      return true;
-    }
-
-    return false;
-  }
-
-  /**
-   * Create the hashed passwords.
-   * @param string $password a plaintext password
-   * @return string hashed password
-   */
-  static function hash_password($password) {
-    require_once(MODPATH . "user/lib/PasswordHash.php");
-    $hashGenerator = new PasswordHash(10, true);
-    return $hashGenerator->HashPassword($password);
-  }
-
-  /**
-   * Log in as a given user.
-   * @param object $user the user object.
-   */
-  static function login($user) {
-    $user->login_count += 1;
-    $user->last_login = time();
-    $user->save();
-
-    user::set_active($user);
-    module::event("user_login", $user);
-  }
-
-  /**
-   * Log out the active user and destroy the session.
-   * @param object $user the user object.
-   */
-  static function logout() {
-    $user = user::active();
-    if (!$user->guest) {
-      try {
-        Session::instance()->destroy();
-      } catch (Exception $e) {
-        Kohana::log("error", $e);
-      }
-      module::event("user_logout", $user);
-    }
-  }
-
-  /**
-   * Look up a user by id.
-   * @param integer      $id the user id
-   * @return User_Model  the user object, or null if the id was invalid.
-   */
-  static function lookup($id) {
-    return self::_lookup_user_by_field("id", $id);
-  }
-
-  /**
-   * Look up a user by name.
-   * @param integer      $name the user name
-   * @return User_Model  the user object, or null if the name was invalid.
-   */
-  static function lookup_by_name($name) {
-    return self::_lookup_user_by_field("name", $name);
-  }
-
-  /**
-   * Look up a user by hash.
-   * @param integer      $hash the user hash value
-   * @return User_Model  the user object, or null if the name was invalid.
-   */
-  static function lookup_by_hash($hash) {
-    return self::_lookup_user_by_field("hash", $hash);
-  }
-
-  /**
-   * List the users
-   * @param mixed      filters (@see Database.php
-   * @return array     the user list.
-   */
-  static function get_user_list($filter=array()) {
-    $user = ORM::factory("user");
-
-    foreach($filter as $method => $args) {
-      switch ($method) {
-      case "in":
-        $user->in($args[0], $args[1]);
-        break;
-      default:
-        $user->$method($args);
-      }
-    }
-    return $user->find_all();
-  }
-
-  /**
-   * Look up a user by field value.
-   * @param string      search field
-   * @param string      search value
-   * @return User_Core  the user object, or null if the name was invalid.
-   */
-  private static function _lookup_user_by_field($field_name, $value) {
-    try {
-      $user = model_cache::get("user", $value, $field_name);
-      if ($user->loaded) {
-        return $user;
-      }
-    } catch (Exception $e) {
-      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
-       throw $e;
-      }
-    }
-    return null;
-  }
-}
\ No newline at end of file
diff --git a/modules/gallery/views/reset_password.html.php b/modules/gallery/views/reset_password.html.php
deleted file mode 100644
index 92ca4917..00000000
--- a/modules/gallery/views/reset_password.html.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<html>
-  <head>
-    <title><?= t("Password Reset Request") ?> </title>
-  </head>
-  <body>
-    <h2><?= t("Password Reset Request") ?> </h2>
-    <p>
-      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
-    </p>
-    <p>
-  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
-        array("site_url" => html::mark_clean(url::base(false, "http")),
-              "confirm_url" => $confirm_url)) ?>
-    </p>
-  </body>
-</html>
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
new file mode 100644
index 00000000..e8b08960
--- /dev/null
+++ b/modules/user/controllers/password.php
@@ -0,0 +1,133 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Password_Controller extends Controller {
+  public function reset() {
+    if (request::method() == "post") {
+      // @todo separate the post from get parts of this function
+      access::verify_csrf();
+      $this->_send_reset();
+    } else {
+      print $this->_reset_form();
+    }
+  }
+
+  public function do_reset() {
+    if (request::method() == "post") {
+      $this->_change_password();
+    } else {
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      if (!empty($user)) {
+        print $this->_new_password_form($user->hash);
+      } else {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+    }
+  }
+
+  private function _send_reset() {
+    $form = $this->_reset_form();
+
+    $valid = $form->validate();
+    if ($valid) {
+      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
+      if (!$user->loaded || empty($user->email)) {
+        $form->reset->inputs["name"]->add_error("no_email", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $user->hash = md5(rand());
+      $user->save();
+      $message = new View("reset_password.html");
+      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
+      $message->user = $user;
+
+      Sendmail::factory()
+        ->to($user->email)
+        ->subject(t("Password Reset Request"))
+        ->header("Mime-Version", "1.0")
+        ->header("Content-type", "text/html; charset=iso-8859-1")
+        ->message($message->render())
+        ->send();
+
+      log::success(
+        "user",
+        t("Password reset email sent for user %name", array("name" => $user->name)));
+    } else {
+      // Don't include the username here until you're sure that it's XSS safe
+      log::warning(
+        "user", "Password reset email requested for bogus user");
+    }
+
+    message::success(t("Password reset email sent"));
+    print json_encode(
+      array("result" => "success"));
+  }
+
+  private function _reset_form() {
+    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
+    $group = $form->group("reset")->label(t("Reset Password"));
+    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
+    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
+    $group->submit("")->value(t("Reset"));
+
+    return $form;
+  }
+
+  private function _new_password_form($hash=null) {
+    $template = new Theme_View("page.html", "reset");
+
+    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
+    $group = $form->group("reset")->label(t("Change Password"));
+    $hidden = $group->hidden("hash");
+    if (!empty($hash)) {
+      $hidden->value($hash);
+    }
+    $group->password("password")->label(t("Password"))->id("g-password")
+      ->rules("required|length[1,40]");
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+      ->matches($group->password);
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
+    $group->submit("")->value(t("Update"));
+
+    $template->content = $form;
+    return $template;
+  }
+
+  private function _change_password() {
+    $view = $this->_new_password_form();
+    if ($view->content->validate()) {
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      if (empty($user)) {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+
+      $user->password = $view->content->reset->password->value;
+      $user->hash = null;
+      $user->save();
+      message::success(t("Password reset successfully"));
+      url::redirect(item::root()->abs_url());
+    } else {
+      print $view;
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
new file mode 100644
index 00000000..1702fb87
--- /dev/null
+++ b/modules/user/helpers/group.php
@@ -0,0 +1,120 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+/**
+ * This is the API for handling groups.
+ *
+ * Note: by design, this class does not do any permission checking.
+ */
+class group_Core {
+  /**
+   * Create a new group.
+   *
+   * @param string  $name
+   * @return Group_Model
+   */
+  static function create($name) {
+    $group = ORM::factory("group")->where("name", $name)->find();
+    if ($group->loaded) {
+      throw new Exception("@todo GROUP_ALREADY_EXISTS $name");
+    }
+
+    $group->name = $name;
+    $group->save();
+
+    return $group;
+  }
+
+  /**
+   * The group of all possible visitors.  This includes the guest user.
+   *
+   * @return Group_Model
+   */
+  static function everybody() {
+    return model_cache::get("group", 1);
+  }
+
+  /**
+   * The group of all logged-in visitors.  This does not include guest users.
+   *
+   * @return Group_Model
+   */
+  static function registered_users() {
+    return model_cache::get("group", 2);
+  }
+
+  /**
+   * Look up a user by id.
+   * @param integer      $id the user id
+   * @return User_Model  the user object, or null if the id was invalid.
+   */
+  static function lookup($id) {
+    return self::_lookup_group_by_field("id", $id);
+  }
+
+  /**
+   * Look up a group by name.
+   * @param integer      $id the group name
+   * @return Group_Model  the group object, or null if the name was invalid.
+   */
+  static function lookup_by_name($name) {
+    return self::_lookup_group_by_field("name", $name);
+  }
+
+  /**
+   * Look up a user by field value.
+   * @param string      search field
+   * @param string      search value
+   * @return Group_Model  the user object, or null if the name was invalid.
+   */
+  private static function _lookup_group_by_field($field_name, $value) {
+    try {
+      $user = model_cache::get("group", $value, $field_name);
+      if ($user->loaded) {
+        return $user;
+      }
+    } catch (Exception $e) {
+      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
+       throw $e;
+      }
+    }
+    return null;
+  }
+
+  /**
+   * List the users
+   * @param mixed      filters (@see Database.php
+   * @return array     the group list.
+   */
+  static function get_group_list($filter=array()) {
+    $group = ORM::factory("group");
+
+    foreach($filter as $method => $args) {
+      switch ($method) {
+      case "in":
+        $group->in($args[0], $args[1]);
+        break;
+      default:
+        $group->$method($args);
+      }
+    }
+    return $group->find_all();
+  }
+}
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
new file mode 100644
index 00000000..e7e75d64
--- /dev/null
+++ b/modules/user/helpers/user.php
@@ -0,0 +1,279 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+/**
+ * This is the API for handling users.
+ *
+ * Note: by design, this class does not do any permission checking.
+ */
+class user_Core {
+  static function get_login_form($url) {
+    $form = new Forge($url, "", "post", array("id" => "g-login-form"));
+    $form->set_attr('class', "g-narrow");
+    $group = $form->group("login")->label(t("Login"));
+    $group->input("name")->label(t("Username"))->id("g-username")->class(null);
+    $group->password("password")->label(t("Password"))->id("g-password")->class(null);
+    $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
+    $group->submit("")->value(t("Login"));
+    return $form;
+  }
+
+  /**
+   * Make sure that we have a session and group_ids cached in the session.
+   */
+  static function load_user() {
+    $session = Session::instance();
+    if (!($user = $session->get("user"))) {
+      $session->set("user", $user = user::guest());
+    }
+
+    // The installer cannot set a user into the session, so it just sets an id which we should
+    // upconvert into a user.
+    if ($user === 2) {
+      $user = model_cache::get("user", 2);
+      user::login($user);
+      $session->set("user", $user);
+    }
+
+    if (!$session->get("group_ids")) {
+      $ids = array();
+      foreach ($user->groups as $group) {
+        $ids[] = $group->id;
+      }
+      $session->set("group_ids", $ids);
+    }
+  }
+
+  /**
+   * Return the array of group ids this user belongs to
+   *
+   * @return array
+   */
+  static function group_ids() {
+    return Session::instance()->get("group_ids", array(1));
+  }
+
+  /**
+   * Return the active user.  If there's no active user, return the guest user.
+   *
+   * @return User_Model
+   */
+  static function active() {
+    // @todo (maybe) cache this object so we're not always doing session lookups.
+    $user = Session::instance()->get("user", null);
+    if (!isset($user)) {
+      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
+      // work.
+      $user = user::guest();
+    }
+    return $user;
+  }
+
+  /**
+   * Return the guest user.
+   *
+   * @todo consider caching
+   *
+   * @return User_Model
+   */
+  static function guest() {
+    return model_cache::get("user", 1);
+  }
+
+  /**
+   * Change the active user.
+   *
+   * @return User_Model
+   */
+  static function set_active($user) {
+    $session = Session::instance();
+    $session->set("user", $user);
+    $session->delete("group_ids");
+    self::load_user();
+  }
+
+  /**
+   * Create a new user.
+   *
+   * @param string  $name
+   * @param string  $full_name
+   * @param string  $password
+   * @return User_Model
+   */
+  static function create($name, $full_name, $password) {
+    $user = ORM::factory("user")->where("name", $name)->find();
+    if ($user->loaded) {
+      throw new Exception("@todo USER_ALREADY_EXISTS $name");
+    }
+
+    $user->name = $name;
+    $user->full_name = $full_name;
+    $user->password = $password;
+
+    // Required groups
+    $user->add(group::everybody());
+    $user->add(group::registered_users());
+
+    $user->save();
+    return $user;
+  }
+
+  /**
+   * Is the password provided correct?
+   *
+   * @param user User Model
+   * @param string $password a plaintext password
+   * @return boolean true if the password is correct
+   */
+  static function is_correct_password($user, $password) {
+    $valid = $user->password;
+
+    // Try phpass first, since that's what we generate.
+    if (strlen($valid) == 34) {
+      require_once(MODPATH . "user/lib/PasswordHash.php");
+      $hashGenerator = new PasswordHash(10, true);
+      return $hashGenerator->CheckPassword($password, $valid);
+    }
+
+    $salt = substr($valid, 0, 4);
+    // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes:
+    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
+    if (!strcmp($guess, $valid)) {
+      return true;
+    }
+
+    // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities
+    $sanitizedPassword = html::specialchars($password, false);
+    $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
+          : ($salt . md5($salt . $sanitizedPassword));
+    if (!strcmp($guess, $valid)) {
+      return true;
+    }
+
+    return false;
+  }
+
+  /**
+   * Create the hashed passwords.
+   * @param string $password a plaintext password
+   * @return string hashed password
+   */
+  static function hash_password($password) {
+    require_once(MODPATH . "user/lib/PasswordHash.php");
+    $hashGenerator = new PasswordHash(10, true);
+    return $hashGenerator->HashPassword($password);
+  }
+
+  /**
+   * Log in as a given user.
+   * @param object $user the user object.
+   */
+  static function login($user) {
+    $user->login_count += 1;
+    $user->last_login = time();
+    $user->save();
+
+    user::set_active($user);
+    module::event("user_login", $user);
+  }
+
+  /**
+   * Log out the active user and destroy the session.
+   * @param object $user the user object.
+   */
+  static function logout() {
+    $user = user::active();
+    if (!$user->guest) {
+      try {
+        Session::instance()->destroy();
+      } catch (Exception $e) {
+        Kohana::log("error", $e);
+      }
+      module::event("user_logout", $user);
+    }
+  }
+
+  /**
+   * Look up a user by id.
+   * @param integer      $id the user id
+   * @return User_Model  the user object, or null if the id was invalid.
+   */
+  static function lookup($id) {
+    return self::_lookup_user_by_field("id", $id);
+  }
+
+  /**
+   * Look up a user by name.
+   * @param integer      $name the user name
+   * @return User_Model  the user object, or null if the name was invalid.
+   */
+  static function lookup_by_name($name) {
+    return self::_lookup_user_by_field("name", $name);
+  }
+
+  /**
+   * Look up a user by hash.
+   * @param integer      $hash the user hash value
+   * @return User_Model  the user object, or null if the name was invalid.
+   */
+  static function lookup_by_hash($hash) {
+    return self::_lookup_user_by_field("hash", $hash);
+  }
+
+  /**
+   * List the users
+   * @param mixed      filters (@see Database.php
+   * @return array     the user list.
+   */
+  static function get_user_list($filter=array()) {
+    $user = ORM::factory("user");
+
+    foreach($filter as $method => $args) {
+      switch ($method) {
+      case "in":
+        $user->in($args[0], $args[1]);
+        break;
+      default:
+        $user->$method($args);
+      }
+    }
+    return $user->find_all();
+  }
+
+  /**
+   * Look up a user by field value.
+   * @param string      search field
+   * @param string      search value
+   * @return User_Core  the user object, or null if the name was invalid.
+   */
+  private static function _lookup_user_by_field($field_name, $value) {
+    try {
+      $user = model_cache::get("user", $value, $field_name);
+      if ($user->loaded) {
+        return $user;
+      }
+    } catch (Exception $e) {
+      if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
+       throw $e;
+      }
+    }
+    return null;
+  }
+}
\ No newline at end of file
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
new file mode 100644
index 00000000..92ca4917
--- /dev/null
+++ b/modules/user/views/reset_password.html.php
@@ -0,0 +1,17 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<html>
+  <head>
+    <title><?= t("Password Reset Request") ?> </title>
+  </head>
+  <body>
+    <h2><?= t("Password Reset Request") ?> </h2>
+    <p>
+      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
+    </p>
+    <p>
+  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
+        array("site_url" => html::mark_clean(url::base(false, "http")),
+              "confirm_url" => $confirm_url)) ?>
+    </p>
+  </body>
+</html>
-- 
cgit v1.2.3


From 38141865926730506f55b62a499cb548b94d4bfe Mon Sep 17 00:00:00 2001
From: Chad Kieffer <ckieffer@gmail.com>
Date: Fri, 23 Oct 2009 22:25:36 -0600
Subject: Created user.css. Moved user-related form css to the new sheet.

---
 modules/user/controllers/admin_users.php |  3 +--
 modules/user/controllers/users.php       |  1 -
 modules/user/css/user.css                |  7 +++++++
 modules/user/helpers/user.php            |  2 +-
 modules/user/helpers/user_theme.php      | 28 ++++++++++++++++++++++++++++
 5 files changed, 37 insertions(+), 4 deletions(-)
 create mode 100644 modules/user/css/user.css
 create mode 100644 modules/user/helpers/user_theme.php

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 5950c358..a34d152a 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -313,7 +313,6 @@ class Admin_Users_Controller extends Admin_Controller {
 
   static function _get_user_add_form_admin() {
     $form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form"));
-    $form->set_attr('class', "g-narrow");
     $group = $form->group("add_user")->label(t("Add User"));
     $group->input("name")->label(t("Username"))->id("g-username")
       ->error_messages("in_use", t("There is already a user with that username"));
@@ -372,7 +371,7 @@ class Admin_Users_Controller extends Admin_Controller {
 
   private function _get_group_add_form_admin() {
     $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form"));
-    $form->set_attr('class', "g-narrow");
+    $form->set_attr('class', "g-one-quarter");
     $form_group = $form->group("add_group")->label(t("Add Group"));
     $form_group->input("name")->label(t("Name"))->id("g-name");
     $form_group->inputs["name"]->error_messages(
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index b03a47cc..2be49065 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -68,7 +68,6 @@ class Users_Controller extends Controller {
 
   private function _get_edit_form($user) {
     $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form"));
-    $form->set_attr("class", "g-narrow");
     $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name)));
     $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
     self::_add_locale_dropdown($group, $user);
diff --git a/modules/user/css/user.css b/modules/user/css/user.css
new file mode 100644
index 00000000..aa21f9c3
--- /dev/null
+++ b/modules/user/css/user.css
@@ -0,0 +1,7 @@
+#g-login-form,
+#g-add-user-form
+#g-edit-user-form,
+#g-delete-user-form,
+#g-user-admin {
+  width: 270px;
+}
\ No newline at end of file
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index e7e75d64..47f57d3d 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -26,7 +26,7 @@
 class user_Core {
   static function get_login_form($url) {
     $form = new Forge($url, "", "post", array("id" => "g-login-form"));
-    $form->set_attr('class', "g-narrow");
+    $form->set_attr('class', "g-one-quarter");
     $group = $form->group("login")->label(t("Login"));
     $group->input("name")->label(t("Username"))->id("g-username")->class(null);
     $group->password("password")->label(t("Password"))->id("g-password")->class(null);
diff --git a/modules/user/helpers/user_theme.php b/modules/user/helpers/user_theme.php
new file mode 100644
index 00000000..191fd15a
--- /dev/null
+++ b/modules/user/helpers/user_theme.php
@@ -0,0 +1,28 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class user_theme_Core {
+  static function head($theme) {
+    $theme->css("user.css");
+  }
+
+  static function admin_head($theme) {
+    $theme->css("user.css");
+  }
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 2dcd8f8a25fc698f2279a09752cc7bb9dfe1d7ec Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 26 Oct 2009 11:37:03 -0700
Subject: When we are changing the password using the change password from as
 part of the password reset, the input value is in the post[hash] variable as
 opposed to the get(key) value.  This should fix ticket #850.

---
 modules/user/controllers/password.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 6bef1a17..b76a5e92 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -116,7 +116,7 @@ class Password_Controller extends Controller {
   private function _change_password() {
     $view = $this->_new_password_form();
     if ($view->content->validate()) {
-      $user = user::lookup_user_by_field("hash", Input::instance()->get("key"));
+      $user = user::lookup_by_hash(Input::instance()->post("hash"));
       if (empty($user)) {
         throw new Exception("@todo FORBIDDEN", 503);
       }
-- 
cgit v1.2.3


From 156a99beef968a22167502bb6389b4df7526feb0 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 27 Oct 2009 10:13:40 -0700
Subject: Set the minimum password length to 5.  The gallery owner can change
 this in the advance settings.

---
 modules/user/controllers/admin_users.php |  5 ++++-
 modules/user/controllers/password.php    |  5 +++--
 modules/user/controllers/users.php       |  5 +++++
 modules/user/helpers/user_installer.php  | 12 +++++++++++-
 modules/user/module.info                 |  2 +-
 5 files changed, 24 insertions(+), 5 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 4d80521e..55a525ba 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -308,7 +308,6 @@ class Admin_Users_Controller extends Admin_Controller {
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
     $form->add_rules_from($user);
-    $form->edit_user->password->rules("-required");
 
     module::event("user_edit_form_admin", $user, $form);
     $group->submit("")->value(t("Modify User"));
@@ -330,6 +329,10 @@ class Admin_Users_Controller extends Admin_Controller {
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin");
     $form->add_rules_from(ORM::factory("user"));
 
+    $minimum_length = module::get_var("user", "mininum_password_length", 5);
+    $form->edit_user->password
+      ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]");
+
     module::event("user_add_form_admin", $user, $form);
     $group->submit("")->value(t("Add User"));
     return $form;
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index b76a5e92..888fb37d 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -101,8 +101,9 @@ class Password_Controller extends Controller {
     if (!empty($hash)) {
       $hidden->value($hash);
     }
-    $group->password("password")->label(t("Password"))->id("g-password")
-      ->rules("required|length[1,40]");
+    $minimum_length = module::get_var("user", "mininum_password_length", 5);
+    $input_password = $group->password("password")->label(t("Password"))->id("g-password")
+      ->rules($minimum_length ? "required|length[$minimum_length, 40]" : "length[40]");
     $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
       ->matches($group->password);
     $group->inputs["password2"]->error_messages(
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 28164e9c..3507ec6d 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -78,6 +78,11 @@ class Users_Controller extends Controller {
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
     $form->add_rules_from($user);
 
+    $minimum_length = module::get_var("user", "mininum_password_length", 5);
+    $form->edit_user->password
+      ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]");
+
+
     module::event("user_edit_form", $user, $form);
     $group->submit("")->value(t("Save"));
     return $form;
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index cc8e71ea..9aad4130 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -80,7 +80,17 @@ class user_installer {
     access::allow($registered, "view", $root);
     access::allow($registered, "view_full", $root);
 
-    module::set_version("user", 1);
+    module::set_var("user", "mininum_password_length", 5);
+
+    module::set_version("user", 2);
+  }
+
+  static function upgrade($version) {
+    if ($version == 1) {
+      module::set_var("user", "mininum_password_length", 5);
+
+      module::set_version("user", $version = 2);
+    }
   }
 
   static function uninstall() {
diff --git a/modules/user/module.info b/modules/user/module.info
index 36a2179a..7178f108 100644
--- a/modules/user/module.info
+++ b/modules/user/module.info
@@ -1,6 +1,6 @@
 name = "Users and Groups"
 description = "Gallery 3 user and group management"
-version = 1
+version = 2
 
 ; Don't show this module on the module administration screen
 no_module_admin = 1
-- 
cgit v1.2.3


From 1347a300509b2ab3083bb88193987c18b33187ad Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 27 Oct 2009 12:23:48 -0700
Subject: Add a password strength meter.

---
 modules/user/controllers/admin_users.php |  13 +++++++----
 modules/user/controllers/password.php    |  11 +++++----
 modules/user/controllers/users.php       |   4 +++-
 modules/user/css/progressImg1.png        | Bin 0 -> 390 bytes
 modules/user/css/user.css                |  36 ++++++++++++++++++++++++++++
 modules/user/helpers/user_theme.php      |   2 ++
 modules/user/js/password_strength.js     |  39 +++++++++++++++++++++++++++++++
 modules/user/views/user_form.html.php    |   7 ++++++
 8 files changed, 101 insertions(+), 11 deletions(-)
 create mode 100644 modules/user/css/progressImg1.png
 create mode 100644 modules/user/js/password_strength.js
 create mode 100644 modules/user/views/user_form.html.php

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 55a525ba..ac5dc33c 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -63,7 +63,9 @@ class Admin_Users_Controller extends Admin_Controller {
   }
 
   public function add_user_form() {
-    print $this->_get_user_add_form_admin();
+    $v = new View("user_form.html");
+    $v->form = $this->_get_user_add_form_admin();
+    print $v;
   }
 
   public function delete_user($id) {
@@ -156,12 +158,13 @@ class Admin_Users_Controller extends Admin_Controller {
       kohana::show_404();
     }
 
-    $form = $this->_get_user_edit_form_admin($user);
+    $v = new View("user_form.html");
+    $v->form = $this->_get_user_edit_form_admin($user);
     // Don't allow the user to control their own admin bit, else you can lock yourself out
     if ($user->id == identity::active_user()->id) {
-      $form->edit_user->admin->disabled(1);
+      $v->form->edit_user->admin->disabled(1);
     }
-    print $form;
+    print $v;
   }
 
   public function add_user_to_group($user_id, $group_id) {
@@ -330,7 +333,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $form->add_rules_from(ORM::factory("user"));
 
     $minimum_length = module::get_var("user", "mininum_password_length", 5);
-    $form->edit_user->password
+    $form->add_user->password
       ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]");
 
     module::event("user_add_form_admin", $user, $form);
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 888fb37d..5f36b554 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -32,7 +32,7 @@ class Password_Controller extends Controller {
     if (request::method() == "post") {
       $this->_change_password();
     } else {
-      $user = user::lookup_user_by_field("hash", Input::instance()->get("key"));
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
       if (!empty($user)) {
         print $this->_new_password_form($user->hash);
       } else {
@@ -46,7 +46,7 @@ class Password_Controller extends Controller {
 
     $valid = $form->validate();
     if ($valid) {
-      $user = identity::lookup_user_by_name($form->reset->inputs["name"]->value);
+      $user = user::lookup_by_name($form->reset->inputs["name"]->value);
       if (!$user->loaded || empty($user->email)) {
         $form->reset->inputs["name"]->add_error("no_email", 1);
         $valid = false;
@@ -110,19 +110,20 @@ class Password_Controller extends Controller {
       "mistyped", t("The password and the confirm password must match"));
     $group->submit("")->value(t("Update"));
 
-    $template->content = $form;
+    $template->content = new View("user_form.html");
+    $template->content->form = $form;
     return $template;
   }
 
   private function _change_password() {
     $view = $this->_new_password_form();
-    if ($view->content->validate()) {
+    if ($view->content->form->validate()) {
       $user = user::lookup_by_hash(Input::instance()->post("hash"));
       if (empty($user)) {
         throw new Exception("@todo FORBIDDEN", 503);
       }
 
-      $user->password = $view->content->reset->password->value;
+      $user->password = $view->content->form->reset->password->value;
       $user->hash = null;
       $user->save();
       message::success(t("Password reset successfully"));
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 3507ec6d..7bcc74d7 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -63,7 +63,9 @@ class Users_Controller extends Controller {
       access::forbidden();
     }
 
-    print $this->_get_edit_form($user);
+    $v = new View("user_form.html");
+    $v->form = $this->_get_edit_form($user);
+    print $v;
   }
 
   private function _get_edit_form($user) {
diff --git a/modules/user/css/progressImg1.png b/modules/user/css/progressImg1.png
new file mode 100644
index 00000000..a9093647
Binary files /dev/null and b/modules/user/css/progressImg1.png differ
diff --git a/modules/user/css/user.css b/modules/user/css/user.css
index 3b5e7ac2..67d4f196 100644
--- a/modules/user/css/user.css
+++ b/modules/user/css/user.css
@@ -54,3 +54,39 @@ li.g-group .g-user .g-button {
 li.g-default-group h4, li.g-default-group .g-user {
   color: gray;
 }
+
+.g-password-strength0 {
+  background: url(progressImg1.png) no-repeat 0 0;
+  width: 138px;
+  height: 7px;
+}
+.g-password-strength10 {
+  background-position:0 -7px;
+}
+.g-password-strength20 {
+  background-position:0 -14px;
+}
+.g-password-strength30 {
+  background-position:0 -21px;
+}
+.g-password-strength40 {
+  background-position:0 -28px;
+}
+.g-password-strength50 {
+  background-position:0 -35px;
+}
+.g-password-strength60 {
+  background-position:0 -42px;
+}
+.g-password-strength70 {
+  background-position:0 -49px;
+}
+.g-password-strength80 {
+  background-position:0 -56px;
+}
+.g-password-strength90 {
+  background-position:0 -63px;
+}
+.g-password-strength100 {
+  background-position:0 -70px;
+}
diff --git a/modules/user/helpers/user_theme.php b/modules/user/helpers/user_theme.php
index 191fd15a..31e2e8c0 100644
--- a/modules/user/helpers/user_theme.php
+++ b/modules/user/helpers/user_theme.php
@@ -20,9 +20,11 @@
 class user_theme_Core {
   static function head($theme) {
     $theme->css("user.css");
+    $theme->script("password_strength.js");
   }
 
   static function admin_head($theme) {
     $theme->css("user.css");
+    $theme->script("password_strength.js");
   }
 }
\ No newline at end of file
diff --git a/modules/user/js/password_strength.js b/modules/user/js/password_strength.js
new file mode 100644
index 00000000..2442b8de
--- /dev/null
+++ b/modules/user/js/password_strength.js
@@ -0,0 +1,39 @@
+(function($) {
+   // Based on the Password Strength Indictor By Benjamin Sterling
+   // http://benjaminsterling.com/password-strength-indicator-and-generator/
+   $.widget("ui.user_password_strength",  {
+     _init: function() {
+       var self = this;
+       $(this.element).keyup(function() {
+	 var strength = self.calculateStrength (this.value);
+	 var index = Math.min(Math.floor( strength / 10 ), 10);
+         $("#g-password-gauge")
+           .removeAttr('class')
+	   .addClass( "g-password-strength0" )
+	   .addClass( self.options.classes[ index ] );
+       }).after("<div id='g-password-gauge' class='g-password-strength0'></div>");
+     },
+
+     calculateStrength: function(value) {
+       // Factor in the length of the password
+       var strength = Math.min(5, value.length) * 10 - 20;
+       // Factor in the number of numbers
+       strength += Math.min(3, value.length - value.replace(/[0-9]/g,"").length) * 10;
+       // Factor in the number of non word characters
+       strength += Math.min(3, value.length - value.replace(/\W/g,"").length) * 15;
+       // Factor in the number of Upper case letters
+       strength += Math.min(3, value.length - value.replace(/[A-Z]/g,"").length) * 10;
+
+       // Normalizxe between 0 and 100
+       return Math.max(0, Math.min(100, strength));
+     }
+   });
+   $.extend($.ui.user_password_strength,  {
+     defaults: {
+	classes : ['g-password-strength10', 'g-password-strength20', 'g-password-strength30',
+                   'g-password-strength40', 'g-password-strength50', 'g-password-strength60',
+                   'g-password-strength70',' g-password-strength80',' g-password-strength90',
+                   'g-password-strength100']
+     }
+   });
+ })(jQuery);
diff --git a/modules/user/views/user_form.html.php b/modules/user/views/user_form.html.php
new file mode 100644
index 00000000..039ae8a5
--- /dev/null
+++ b/modules/user/views/user_form.html.php
@@ -0,0 +1,7 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script  type="text/javascript">
+  $("form").ready(function(){
+    $('input[name="password"]').user_password_strength();
+  });
+</script>
+<?= $form ?>
-- 
cgit v1.2.3


From 3b4a64c698a06a696708afb45e6c4503c2b69b13 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 27 Oct 2009 14:21:59 -0700
Subject: Check the minimum length when adding or modifying users via the admin
 screen.

---
 modules/user/controllers/admin_users.php | 5 ++++-
 modules/user/controllers/users.php       | 1 -
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index ac5dc33c..269e3dc8 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -311,6 +311,9 @@ class Admin_Users_Controller extends Admin_Controller {
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
     $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin);
     $form->add_rules_from($user);
+    $minimum_length = module::get_var("user", "mininum_password_length", 5);
+    $form->edit_user->password
+      ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]");
 
     module::event("user_edit_form_admin", $user, $form);
     $group->submit("")->value(t("Modify User"));
@@ -334,7 +337,7 @@ class Admin_Users_Controller extends Admin_Controller {
 
     $minimum_length = module::get_var("user", "mininum_password_length", 5);
     $form->add_user->password
-      ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]");
+      ->rules($minimum_length ? "required|length[$minimum_length, 40]" : "length[40]");
 
     module::event("user_add_form_admin", $user, $form);
     $group->submit("")->value(t("Add User"));
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 7bcc74d7..ca218393 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -84,7 +84,6 @@ class Users_Controller extends Controller {
     $form->edit_user->password
       ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]");
 
-
     module::event("user_edit_form", $user, $form);
     $group->submit("")->value(t("Save"));
     return $form;
-- 
cgit v1.2.3


From 04bf50bfb4241f7c814782c516732d927ff1f457 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 29 Oct 2009 17:09:01 -0700
Subject: Use an event 'check_user_name_exists' to validate the input name is
 already in use. The parameter is a standard class with the name and an exists
 flag.  Any event handler should or their result with the exists flag.

---
 modules/user/controllers/admin_users.php | 4 +++-
 modules/user/helpers/user_event.php      | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 269e3dc8..a7db6179 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -36,7 +36,9 @@ class Admin_Users_Controller extends Admin_Controller {
     $form = $this->_get_user_add_form_admin();
     $valid = $form->validate();
     $name = $form->add_user->inputs["name"]->value;
-    if ($user = user::lookup_by_name($name)) {
+    $user_exists_data = (object)array("name" => $name);
+    module::event("check_username_exists", $user_exists_data);
+    if ($user_exists_data->exists) {
       $form->add_user->inputs["name"]->add_error("in_use", 1);
       $valid = false;
     }
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index 1ac7f333..e3dbacb7 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -28,4 +28,9 @@ class user_event_Core {
 
     return $menu;
   }
+
+  static function check_username_exists($data) {
+    $user = user::lookup_by_name($data->name);
+    $data->exists |= $user ? true : false;
+  }
 }
-- 
cgit v1.2.3


From ddf8734a414e4d426232e6dec9137eac8dcf0bb7 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 30 Oct 2009 08:33:31 -0700
Subject: Caught a few more incorrect capitalizations.

---
 modules/user/controllers/admin_users.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index a7db6179..209ce8ae 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -300,14 +300,14 @@ class Admin_Users_Controller extends Admin_Controller {
   static function _get_user_edit_form_admin($user) {
     $form = new Forge(
       "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form"));
-    $group = $form->group("edit_user")->label(t("Edit User"));
+    $group = $form->group("edit_user")->label(t("Edit user"));
     $group->input("name")->label(t("Username"))->id("g-username")->value($user->name);
     $group->inputs["name"]->error_messages(
       "in_use", t("There is already a user with that username"));
-    $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name);
+    $group->input("full_name")->label(t("Full name"))->id("g-fullname")->value($user->full_name);
     self::_add_locale_dropdown($group, $user);
     $group->password("password")->label(t("Password"))->id("g-password");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+    $group->password("password2")->label(t("Confirm password"))->id("g-password2")
       ->matches($group->password);
     $group->input("email")->label(t("Email"))->id("g-email")->value($user->email);
     $group->input("url")->label(t("URL"))->id("g-url")->value($user->url);
@@ -324,12 +324,12 @@ class Admin_Users_Controller extends Admin_Controller {
 
   static function _get_user_add_form_admin() {
     $form = new Forge("admin/users/add_user", "", "post", array("id" => "g-add-user-form"));
-    $group = $form->group("add_user")->label(t("Add User"));
+    $group = $form->group("add_user")->label(t("Add user"));
     $group->input("name")->label(t("Username"))->id("g-username")
       ->error_messages("in_use", t("There is already a user with that username"));
-    $group->input("full_name")->label(t("Full Name"))->id("g-fullname");
+    $group->input("full_name")->label(t("Full name"))->id("g-fullname");
     $group->password("password")->label(t("Password"))->id("g-password");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+    $group->password("password2")->label(t("Confirm password"))->id("g-password2")
       ->matches($group->password);
     $group->input("email")->label(t("Email"))->id("g-email");
     $group->input("url")->label(t("URL"))->id("g-url");
@@ -374,7 +374,7 @@ class Admin_Users_Controller extends Admin_Controller {
   /* Group Form Definitions */
   private function _get_group_edit_form_admin($group) {
     $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form"));
-    $form_group = $form->group("edit_group")->label(t("Edit Group"));
+    $form_group = $form->group("edit_group")->label(t("Edit group"));
     $form_group->input("name")->label(t("Name"))->id("g-name")->value($group->name);
     $form_group->inputs["name"]->error_messages(
       "in_use", t("There is already a group with that name"));
@@ -386,11 +386,11 @@ class Admin_Users_Controller extends Admin_Controller {
   private function _get_group_add_form_admin() {
     $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form"));
     $form->set_attr('class', "g-one-quarter");
-    $form_group = $form->group("add_group")->label(t("Add Group"));
+    $form_group = $form->group("add_group")->label(t("Add group"));
     $form_group->input("name")->label(t("Name"))->id("g-name");
     $form_group->inputs["name"]->error_messages(
       "in_use", t("There is already a group with that name"));
-    $form_group->submit("")->value(t("Add Group"));
+    $form_group->submit("")->value(t("Add group"));
     $form->add_rules_from(ORM::factory("group"));
     return $form;
   }
-- 
cgit v1.2.3


From 1c428df9e090b8e7e9dfa3ec5d924b8169190b42 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 31 Oct 2009 16:16:47 -0700
Subject: Revert "Use an event 'check_user_name_exists' to validate the input
 name is already in use. The parameter is a standard class with the name and
 an exists flag.  Any event handler should or their result with the exists
 flag."

This reverts commit 04bf50bfb4241f7c814782c516732d927ff1f457.
---
 modules/user/controllers/admin_users.php | 4 +---
 modules/user/helpers/user_event.php      | 5 -----
 2 files changed, 1 insertion(+), 8 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 209ce8ae..54541e90 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -36,9 +36,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $form = $this->_get_user_add_form_admin();
     $valid = $form->validate();
     $name = $form->add_user->inputs["name"]->value;
-    $user_exists_data = (object)array("name" => $name);
-    module::event("check_username_exists", $user_exists_data);
-    if ($user_exists_data->exists) {
+    if ($user = user::lookup_by_name($name)) {
       $form->add_user->inputs["name"]->add_error("in_use", 1);
       $valid = false;
     }
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index 11b9c56c..cf91812e 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -27,9 +27,4 @@ class user_event_Core {
 
     return $menu;
   }
-
-  static function check_username_exists($data) {
-    $user = user::lookup_by_name($data->name);
-    $data->exists |= $user ? true : false;
-  }
 }
-- 
cgit v1.2.3


From dbe64762550c1920f93f8b1da8fe563d028262a6 Mon Sep 17 00:00:00 2001
From: Chad Kieffer <ckieffer@gmail.com>
Date: Fri, 6 Nov 2009 20:26:09 -0700
Subject: Remove width class from add group form, it sizes the form's elements,
 not the form itself.

---
 modules/user/controllers/admin_users.php | 1 -
 1 file changed, 1 deletion(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 54541e90..cc2d881e 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -383,7 +383,6 @@ class Admin_Users_Controller extends Admin_Controller {
 
   private function _get_group_add_form_admin() {
     $form = new Forge("admin/users/add_group", "", "post", array("id" => "g-add-group-form"));
-    $form->set_attr('class', "g-one-quarter");
     $form_group = $form->group("add_group")->label(t("Add group"));
     $form_group->input("name")->label(t("Name"))->id("g-name");
     $form_group->inputs["name"]->error_messages(
-- 
cgit v1.2.3