Never been to DZone Snippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

About this user

Wedge Talon

« Newer Snippets
Older Snippets »
Showing 1-1 of 1 total  RSS 

Multiple user accounts hack for zenPhoto

Multiple user accounts hack for zenPhoto

I needed support for several users, not really for any fancy reason, just so there was no password sharing, so here's a quick hack I made that shouldn't be hard to extend to be a bit more useful if you desire.

Hopefully I have used this forum's tags correctly. If I haven't perhaps a mod can lend a hand in rectifying them. :)

   1  
   2  In admin-functions.php:
   3  After:
   4  	echo "\n  <script type=\"text/javascript\" src=\"admin.js\"></script>";
   5  Add:
   6  	echo "\n  <script type=\"text/javascript\" src=\"scriptaculous/prototype.js\"></script>";
   7  
   8  Before:
   9    echo "\n  </ul>";
  10  Add:
  11    echo "\n    <li". ($page == "users" ? " class=\"current\""  : "") . 
  12      "> <a href=\"admin.php?page=users\">users</a></li>";
  13  
  14  In admin.php
  15  After:
  16      } else if ($action == 'settheme') {
  17        if (isset($_GET['theme'])) {
  18          $gallery->setCurrentTheme($_GET['theme']);
  19        }
  20  Add:
  21  	  
  22  /** USERS ******************************************************************/
  23  /*****************************************************************************/
  24  
  25      } else if ($action == 'updateUsers') {
  26  		$uid = explode("_",$_REQUEST['userid']);
  27  		$uid = $uid[1];
  28  		$name = $_REQUEST['username'];
  29  		$pass = $_REQUEST['userpass'];
  30  		$email = $_REQUEST['usermail'];
  31  		$query = "SELECT * FROM users WHERE name='$name' LIMIT 1";
  32  		$result = mysql_query($query) or die(mysql_error());
  33  		if (mysql_num_rows($result)<1){
  34  			//create new user
  35  			$query = "INSERT INTO users (`name`,`pass`,`email`) VALUES ('$name',MD5('$pass'),'$email')";
  36  			$result = mysql_query($query) or die(mysql_error());
  37  			$r = mysql_insert_id();
  38  			die("$r");
  39  		}else{
  40  			//update old user
  41  			$query = "UPDATE users SET ";
  42  			$query .= "name='$name'";
  43  			if (!empty($pass) && ($pass!="")){ $query .= ",pass=MD5('$name')"; }
  44  			$query .= ",email='$email'";
  45  			$query .= " WHERE id='$uid'";
  46  			$result = mysql_query($query) or die(mysql_error());
  47  			die("Save successful!");
  48  		}
  49      } else if ($action == 'removeUsers') {
  50  		$uid = explode("_",$_REQUEST['userid']);
  51  		$uid = $uid[1];
  52  		$query = "DELETE FROM users WHERE id='$uid' LIMIT 1";
  53  		$result = mysql_query($query) or die(mysql_error());
  54  	}
  55  
  56  Before:
  57  <?php /*** HOME ***************************************************************************/ 
  58        /************************************************************************************/ ?> 
  59  Add:
  60  <?php /*** USERS *******************************************************/ 
  61        /************************************************************************************/ ?> 
  62        
  63      <?php } else if ($page == "users") { ?>
  64  	
  65  	<script>
  66  	addRow = function(e){
  67  		while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; }
  68  		newAdd = "<tr><td></td><td><a href='#' onClick='addRow(event.target);'>Add User</a></td><td></td><td></td></tr>";
  69  		cells = e.getElementsByTagName('td');
  70  		cells[0].update("<input type='button' id='newCancel' value='Cancel' onClick='cancelRow(event.target);'><input type='button' id='newSave' value='Save' onClick='saveRow(event.target);'>");
  71  		cells[1].update("<input type='test' id='newName'>");
  72  		cells[2].update("<input type='password' id='newPass'>");
  73  		cells[3].update("<input type='test' id='newEmail'>");
  74  		new Insertion.Before(e,newAdd);
  75  	};
  76  	cancelRow = function(e){
  77  		while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; }
  78  		e.remove();
  79  	}
  80  	saveRow = function(e){
  81  		while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; }
  82  		cells = e.getElementsByTagName('td');
  83  		//ajax save call1
  84  		cells[0].update("<em>Saving...</em>");
  85  		//build url
  86  		daUrl = "admin.php?page=users";
  87  		daUrl += "&action=updateUsers";
  88  		daUrl += "&userid="+(e.id);
  89  		daUrl += "&username="+(cells[1].getElementsByTagName("input")[0].value);
  90  		daUrl += "&userpass="+(cells[2].getElementsByTagName("input")[0].value);
  91  		daUrl += "&usermail="+(cells[3].getElementsByTagName("input")[0].value);
  92  		
  93  		new Ajax.Request(daUrl,{
  94  			method:'get',
  95  			onSuccess:function(r){
  96  				uid = r.responseText;
  97  				e.id = "uid_"+uid;
  98  				cells = e.getElementsByTagName('td');
  99  				cells[0].update("<a href='#' onClick='remRow(event.target);'>Delete</a> | <a href='#' onClick='editRow(event.target);'>Edit</a>");
 100  				cells[1].update(cells[1].getElementsByTagName("input")[0].value);
 101  				cells[2].update("<em>Saved</em>");
 102  				cells[3].update(cells[3].getElementsByTagName("input")[0].value);
 103  			},
 104  			onFailure:function(r){
 105  				alert("Save function failed!");
 106  			}
 107  		});
 108  		
 109  
 110  	}
 111  	remRow = function(e){
 112  		while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; }
 113  		daUrl = "admin.php?page=users";
 114  		daUrl += "&action=removeUsers";
 115  		daUrl += "&userid="+(e.id);
 116  		new Ajax.Request(daUrl,{
 117  			method:'get',
 118  			onSuccess:function(r){
 119  				e.remove();
 120  			},
 121  			onFailure:function(r){
 122  				alert("Delete function failed!");
 123  			}
 124  		});
 125  	}
 126  	editRow = function(e){
 127  		while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; }
 128  		cells = e.getElementsByTagName('td');
 129  		cells[0].update("<input type='button' id='newCancel' value='Cancel' onClick='cancelEdit(event.target);'><input type='button' id='newSave' value='Save' onClick='saveRow(event.target);'>");
 130  		cells[1].update("<input o="+cells[1].innerHTML+" type='test' id='newName' value='"+cells[1].innerHTML+"'>");
 131  		cells[2].update("<input type='password' id='newPass'>");
 132  		cells[3].update("<input o="+cells[3].innerHTML+" type='test' id='newEmail' value='"+cells[3].innerHTML+"'>");
 133  	}
 134  	cancelEdit = function(e){
 135  		while(e.nodeName.toLowerCase() != "tr"){ e = e.parentNode; }
 136  		cells = e.getElementsByTagName('td');
 137  		cells[0].update("<a href='#' onClick='remRow(event.target);'>Delete</a> | <a href='#' onClick='editRow(event.target);'>Edit</a>");
 138  		cells[1].update(cells[1].getElementsByTagName("input")[0].getAttribute('o'));
 139  		cells[2].update("<em>Saved</em>");
 140  		cells[3].update(cells[3].getElementsByTagName("input")[0].getAttribute('o'));
 141  	}
 142  
 143  	</script>
 144  	
 145  	<h1>User Management</h1>
 146  	<table class="bordered">
 147  		<tr>
 148  			<th></th>
 149  			<th>Name</th>
 150  			<th>Password</th>
 151  			<th>Email</th>
 152  		</tr>
 153  		<tr>
 154  			<td></td>
 155  			<td><a href="#" onClick="addRow(event.target);">Add User</a></td>
 156  			<td></td>
 157  			<td></td>
 158  		</tr>
 159  		<?php
 160  		$query = "SELECT * FROM users";
 161  		$result = mysql_query($query) or die(mysql_error());
 162  		while($r=mysql_fetch_assoc($result)){
 163  			echo "<tr id='uid_".$r['id']."'>";
 164  			echo "	<td><a href='#' onClick='remRow(event.target);'>Delete</a> | <a href='#' onClick='editRow(event.target);'>Edit</a></td>";
 165  			echo "	<td>".$r['name']."</td>";
 166  			echo "	<td><em>Saved</em></td>";
 167  			echo "	<td>".$r['email']."</td>";
 168  			echo "</tr>";
 169  		}
 170  		?>
 171  	</table>
 172  	 
 173  Replace auth_zp.php with:
 174  <?php
 175  
 176  require_once("functions-db.php");
 177  
 178  // If the auth variable gets set somehow before this, get rid of it.
 179  if (isset($_zp_loggedin)) unset($_zp_loggedin);
 180  $_zp_loggedin = false;
 181  
 182  // Fix the cookie's path for root installs.
 183  $cookiepath = WEBPATH;
 184  if (WEBPATH == '') { $cookiepath = '/'; }
 185  
 186  if (isset($_COOKIE['zenphoto_auth'])) {
 187    $saved_auth = $_COOKIE['zenphoto_auth'];
 188    $saved_user = $_COOKIE['zenphoto_user'];
 189    $query = "SELECT * FROM users WHERE name='$saved_user' LIMIT 1";
 190    $result = mysql_query($query) or die(mysql_error());
 191    $rows = mysql_num_rows($result);
 192    if ($rows>0){
 193  	$r = mysql_fetch_assoc($result);
 194  	$check_auth = md5($r['name'].$r['pass']);
 195    }
 196    if ($rows>0 && $saved_auth==$check_auth) {
 197      $_zp_loggedin = true;
 198    } else {
 199      // Clear the cookie
 200      setcookie("zenphoto_auth", "", time()-368000, $cookiepath);
 201      setcookie("zenphoto_user", "", time()-368000, $cookiepath);
 202    }
 203  } else {
 204    // Handle the login form.
 205    if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) {
 206      $user = $_POST['user'];
 207      $pass = MD5($_POST['pass']);
 208      $redirect = $_POST['redirect'];
 209  	$query = "SELECT * FROM users WHERE name='$user' AND pass='$pass' LIMIT 1";
 210  	$result = mysql_query($query) or die(mysql_error());
 211      if (mysql_num_rows($result)>0) {
 212        // Correct auth info. Set the cookie.
 213        setcookie("zenphoto_auth", md5($user.$pass), time()+5184000, $cookiepath);
 214        setcookie("zenphoto_user", $user, time()+5184000, $cookiepath);
 215        $_zp_loggedin = true;
 216        //// FIXME: Breaks IIS
 217        if (!empty($redirect)) { header("Location: " . FULLWEBPATH . $redirect); }
 218        //// 
 219      } else {
 220        // Clear the cookie, just in case
 221        setcookie("zenphoto_auth", "", time()-368000, $cookiepath);
 222        setcookie("zenphoto_user", "", time()-368000, $cookiepath);
 223        $error = true;
 224      }
 225    }
 226  }
 227  unset($saved_auth, $check_auth, $user, $pass);
 228  // Handle a logout action.
 229  if (isset($_POST['logout']) || isset($_GET['logout'])) {
 230    setcookie("zenphoto_auth", "", time()-368000, $cookiepath);
 231    setcookie("zenphoto_user", "", time()-368000, $cookiepath);
 232    header("Location: " . FULLWEBPATH . "/");
 233  }
 234  
 235  function zp_loggedin() {
 236  	$_zp_loggedin = false;
 237  	if (isset($_COOKIE['zenphoto_auth'])) {
 238  	  $saved_auth = $_COOKIE['zenphoto_auth'];
 239  	  $saved_user = $_COOKIE['zenphoto_user'];
 240  	  $query = "SELECT * FROM users WHERE name='$saved_user' LIMIT 1";
 241  	  $result = mysql_query($query) or die(mysql_error());
 242  	  $rows = mysql_num_rows($result);
 243  	  if ($rows>0){
 244  		$r = mysql_fetch_assoc($result);
 245  		$check_auth = md5($r['name'].$r['pass']);
 246  		if ($saved_auth==$check_auth){ $_zp_loggedin = true; }
 247  	  }
 248  	}
 249    return $_zp_loggedin;
 250  }
 251  
 252  
 253  ?>
 254  
 255  
 256  Execute this SQL on your zenphoto table:
 257  CREATE TABLE users (
 258  `id` INT( 255 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
 259  `name` VARCHAR( 255 ) NOT NULL ,
 260  `pass` VARCHAR( 255 ) NOT NULL ,
 261  `email` VARCHAR( 255 ) NOT NULL
 262  );
 263  
 264  INSERT INTO users (`name`,`pass`,`email`) VALUES ('admin',MD5('password'),'you@yourdomain.com');


I recommend also changing the password info in the config file to something uninteresting.

Also, as always, I recommend doing a full backup before proceeding with these directions. YMMV. These directions are provided as-is with no warranty express or implied. You use this at your own risk.
to php hack zenphoto by WedgeTalon on Jul 07, 2007
« Newer Snippets
Older Snippets »
Showing 1-1 of 1 total  RSS