Multiple user accounts hack for zenPhoto
Multiple user accounts hack for zenPhoto
I needed support for several users, not really for any fancy reason, just so there was no password sharing, so here's a quick hack I made that shouldn't be hard to extend to be a bit more useful if you desire.
Hopefully I have used this forum's tags correctly. If I haven't perhaps a mod can lend a hand in rectifying them. :)
I recommend also changing the password info in the config file to something uninteresting.
Also, as always, I recommend doing a full backup before proceeding with these directions. YMMV. These directions are provided as-is with no warranty express or implied. You use this at your own risk.
I needed support for several users, not really for any fancy reason, just so there was no password sharing, so here's a quick hack I made that shouldn't be hard to extend to be a bit more useful if you desire.
Hopefully I have used this forum's tags correctly. If I haven't perhaps a mod can lend a hand in rectifying them. :)
In admin-functions.php: After: echo "\n <script type=\"text/javascript\" src=\"admin.js\"></script>"; Add: echo "\n <script type=\"text/javascript\" src=\"scriptaculous/prototype.js\"></script>"; Before: echo "\n </ul>"; Add: echo "\n <li". ($page == "users" ? " class=\"current\"" : "") . "> <a href=\"admin.php?page=users\">users</a></li>"; In admin.php After: } else if ($action == 'settheme') { if (isset($_GET['theme'])) { $gallery->setCurrentTheme($_GET['theme']); } Add: /** USERS ******************************************************************/ /*****************************************************************************/ } else if ($action == 'updateUsers') { $uid = explode("_",$_REQUEST['userid']); $uid = $uid[1]; $name = $_REQUEST['username']; $pass = $_REQUEST['userpass']; $email = $_REQUEST['usermail']; $query = "SELECT * FROM users WHERE name='$name' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result)<1){ //create new user $query = "INSERT INTO users (`name`,`pass`,`email`) VALUES ('$name',MD5('$pass'),'$email')"; $result = mysql_query($query) or die(mysql_error()); $r = mysql_insert_id(); die("$r"); }else{ //update old user $query = "UPDATE users SET "; $query .= "name='$name'"; if (!empty($pass) && ($pass!="")){ $query .= ",pass=MD5('$name')"; } $query .= ",email='$email'"; $query .= " WHERE id='$uid'"; $result = mysql_query($query) or die(mysql_error()); die("Save successful!"); } } else if ($action == 'removeUsers') { $uid = explode("_",$_REQUEST['userid']); $uid = $uid[1]; $query = "DELETE FROM users WHERE id='$uid' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); } Before: <?php /*** HOME ***************************************************************************/ /************************************************************************************/ ?> Add: <?php /*** USERS *******************************************************/ /************************************************************************************/ ?> <?php } else if ($page == "users") { ?> <script> addRow = function(e){ while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; } newAdd = "<tr><td></td><td><a href='#' onClick='addRow(event.target);'>Add User</a></td><td></td><td></td></tr>"; cells = e.getElementsByTagName('td'); cells[0].update("<input type='button' id='newCancel' value='Cancel' onClick='cancelRow(event.target);'><input type='button' id='newSave' value='Save' onClick='saveRow(event.target);'>"); cells[1].update("<input type='test' id='newName'>"); cells[2].update("<input type='password' id='newPass'>"); cells[3].update("<input type='test' id='newEmail'>"); new Insertion.Before(e,newAdd); }; cancelRow = function(e){ while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; } e.remove(); } saveRow = function(e){ while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; } cells = e.getElementsByTagName('td'); //ajax save call1 cells[0].update("<em>Saving...</em>"); //build url daUrl = "admin.php?page=users"; daUrl += "&action=updateUsers"; daUrl += "&userid="+(e.id); daUrl += "&username="+(cells[1].getElementsByTagName("input")[0].value); daUrl += "&userpass="+(cells[2].getElementsByTagName("input")[0].value); daUrl += "&usermail="+(cells[3].getElementsByTagName("input")[0].value); new Ajax.Request(daUrl,{ method:'get', onSuccess:function(r){ uid = r.responseText; e.id = "uid_"+uid; cells = e.getElementsByTagName('td'); cells[0].update("<a href='#' onClick='remRow(event.target);'>Delete</a> | <a href='#' onClick='editRow(event.target);'>Edit</a>"); cells[1].update(cells[1].getElementsByTagName("input")[0].value); cells[2].update("<em>Saved</em>"); cells[3].update(cells[3].getElementsByTagName("input")[0].value); }, onFailure:function(r){ alert("Save function failed!"); } }); } remRow = function(e){ while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; } daUrl = "admin.php?page=users"; daUrl += "&action=removeUsers"; daUrl += "&userid="+(e.id); new Ajax.Request(daUrl,{ method:'get', onSuccess:function(r){ e.remove(); }, onFailure:function(r){ alert("Delete function failed!"); } }); } editRow = function(e){ while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; } cells = e.getElementsByTagName('td'); cells[0].update("<input type='button' id='newCancel' value='Cancel' onClick='cancelEdit(event.target);'><input type='button' id='newSave' value='Save' onClick='saveRow(event.target);'>"); cells[1].update("<input o="+cells[1].innerHTML+" type='test' id='newName' value='"+cells[1].innerHTML+"'>"); cells[2].update("<input type='password' id='newPass'>"); cells[3].update("<input o="+cells[3].innerHTML+" type='test' id='newEmail' value='"+cells[3].innerHTML+"'>"); } cancelEdit = function(e){ while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; } cells = e.getElementsByTagName('td'); cells[0].update("<a href='#' onClick='remRow(event.target);'>Delete</a> | <a href='#' onClick='editRow(event.target);'>Edit</a>"); cells[1].update(cells[1].getElementsByTagName("input")[0].getAttribute('o')); cells[2].update("<em>Saved</em>"); cells[3].update(cells[3].getElementsByTagName("input")[0].getAttribute('o')); } </script> <h1>User Management</h1> <table class="bordered"> <tr> <th></th> <th>Name</th> <th>Password</th> <th>Email</th> </tr> <tr> <td></td> <td><a href="#" onClick="addRow(event.target);">Add User</a></td> <td></td> <td></td> </tr> <?php $query = "SELECT * FROM users"; $result = mysql_query($query) or die(mysql_error()); while($r=mysql_fetch_assoc($result)){ echo "<tr id='uid_".$r['id']."'>"; echo " <td><a href='#' onClick='remRow(event.target);'>Delete</a> | <a href='#' onClick='editRow(event.target);'>Edit</a></td>"; echo " <td>".$r['name']."</td>"; echo " <td><em>Saved</em></td>"; echo " <td>".$r['email']."</td>"; echo "</tr>"; } ?> </table> Replace auth_zp.php with: <?php require_once("functions-db.php"); // If the auth variable gets set somehow before this, get rid of it. if (isset($_zp_loggedin)) unset($_zp_loggedin); $_zp_loggedin = false; // Fix the cookie's path for root installs. $cookiepath = WEBPATH; if (WEBPATH == '') { $cookiepath = '/'; } if (isset($_COOKIE['zenphoto_auth'])) { $saved_auth = $_COOKIE['zenphoto_auth']; $saved_user = $_COOKIE['zenphoto_user']; $query = "SELECT * FROM users WHERE name='$saved_user' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); $rows = mysql_num_rows($result); if ($rows>0){ $r = mysql_fetch_assoc($result); $check_auth = md5($r['name'].$r['pass']); } if ($rows>0 && $saved_auth==$check_auth) { $_zp_loggedin = true; } else { // Clear the cookie setcookie("zenphoto_auth", "", time()-368000, $cookiepath); setcookie("zenphoto_user", "", time()-368000, $cookiepath); } } else { // Handle the login form. if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) { $user = $_POST['user']; $pass = MD5($_POST['pass']); $redirect = $_POST['redirect']; $query = "SELECT * FROM users WHERE name='$user' AND pass='$pass' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); if (mysql_num_rows($result)>0) { // Correct auth info. Set the cookie. setcookie("zenphoto_auth", md5($user.$pass), time()+5184000, $cookiepath); setcookie("zenphoto_user", $user, time()+5184000, $cookiepath); $_zp_loggedin = true; //// FIXME: Breaks IIS if (!empty($redirect)) { header("Location: " . FULLWEBPATH . $redirect); } //// } else { // Clear the cookie, just in case setcookie("zenphoto_auth", "", time()-368000, $cookiepath); setcookie("zenphoto_user", "", time()-368000, $cookiepath); $error = true; } } } unset($saved_auth, $check_auth, $user, $pass); // Handle a logout action. if (isset($_POST['logout']) || isset($_GET['logout'])) { setcookie("zenphoto_auth", "", time()-368000, $cookiepath); setcookie("zenphoto_user", "", time()-368000, $cookiepath); header("Location: " . FULLWEBPATH . "/"); } function zp_loggedin() { $_zp_loggedin = false; if (isset($_COOKIE['zenphoto_auth'])) { $saved_auth = $_COOKIE['zenphoto_auth']; $saved_user = $_COOKIE['zenphoto_user']; $query = "SELECT * FROM users WHERE name='$saved_user' LIMIT 1"; $result = mysql_query($query) or die(mysql_error()); $rows = mysql_num_rows($result); if ($rows>0){ $r = mysql_fetch_assoc($result); $check_auth = md5($r['name'].$r['pass']); if ($saved_auth==$check_auth){ $_zp_loggedin = true; } } } return $_zp_loggedin; } ?> Execute this SQL on your zenphoto table: CREATE TABLE users ( `id` INT( 255 ) NOT NULL AUTO_INCREMENT PRIMARY KEY , `name` VARCHAR( 255 ) NOT NULL , `pass` VARCHAR( 255 ) NOT NULL , `email` VARCHAR( 255 ) NOT NULL ); INSERT INTO users (`name`,`pass`,`email`) VALUES ('admin',MD5('password'),'you@yourdomain.com');
I recommend also changing the password info in the config file to something uninteresting.
Also, as always, I recommend doing a full backup before proceeding with these directions. YMMV. These directions are provided as-is with no warranty express or implied. You use this at your own risk.
