1<?php
2/*
3 * Gallery - a web based photo album viewer and editor
4 * Copyright (C) 2000-2008 Bharat Mediratta
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or (at
9 * your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
19 */
20
21/**
22 * Verify password entry
23 * @package Password
24 * @subpackage UserInterface
25 * @author Alan Harder <alan.harder@sun.com>
26 * @author Jess Martin <jmartin@cs.unc.edu>
27 * @version $Revision: 17588 $
28 */
29class PasswordEntryController extends GalleryController {
30    /**
31     * ValidationPlugin instances to use when handling this request.  Only used by test code.
32     * @var array $_plugins (array of GalleryValidationPlugin)
33     * @access private
34     */
35    var $_pluginInstances;
36
37    /**
38     * @see GalleryController::handleRequest
39     */
40    function handleRequest($form) {
41	$status = $error = array();
42
43	if (isset($form['action']['password'])
44		&& isset($form['itemId']) && isset($form['password'])) {
45	    $itemId = $form['itemId'];
46	    list ($ret, $canSee) = GalleryCoreApi::hasItemPermission($itemId, 'core.view');
47	    if ($ret) {
48		return array($ret, null);
49	    }
50	    if (!$canSee) {
51		/* Allow access without core.view if this item is also hidden */
52		list ($ret, $hiddenInterface) =
53		    GalleryCoreApi::newFactoryInstance('HiddenInterface_1_0');
54		if ($ret) {
55		    return array($ret, null);
56		}
57		if (isset($hiddenInterface)) {
58		    list ($ret, $item) = GalleryCoreApi::loadEntitiesById($itemId, 'GalleryItem');
59		    if (!$ret) {
60			list ($ret, $canSee) = $hiddenInterface->isHidden($item);
61			if ($ret) {
62			    return array($ret, null);
63			}
64		    }
65		}
66	    }
67
68	    /* Check the password entered against the actual password */
69	    list ($ret, $hashedPassword) = GalleryCoreApi::getPluginParameter(
70		    'module', 'password', 'password', $itemId);
71	    if ($ret) {
72		return array($ret, null);
73	    }
74	    GalleryUtilities::unsanitizeInputValues($form['password'], false);
75	    $isCorrect = $canSee && $hashedPassword
76		&& GalleryUtilities::isCorrectPassword($form['password'], $hashedPassword);
77
78	    /* Prepare for validation */
79	    $options = array('pass' => $isCorrect);
80	    list ($ret, $options['level']) =
81		GalleryCoreApi::getPluginParameter('module', 'password', 'validation.level');
82	    if ($ret) {
83		return array($ret, null);
84	    }
85	    if ($options['level'] == 'MEDIUM') {
86		$options['key'] = 'password.PasswordEntry.' . $itemId;
87	    }
88	    if ($options['level'] == 'OFF') {
89		$plugins = array();
90	    } else if (isset($this->_pluginInstances)) {
91		$plugins = $this->_pluginInstances;
92	    } else {
93		list ($ret, $plugins) =
94		    GalleryCoreApi::getAllFactoryImplementationIds('GalleryValidationPlugin');
95		if ($ret) {
96		    return array($ret, null);
97		}
98		foreach (array_keys($plugins) as $pluginId) {
99		    list ($ret, $plugins[$pluginId]) = GalleryCoreApi::newFactoryInstanceById(
100						       'GalleryValidationPlugin', $pluginId);
101		    if ($ret) {
102			return array($ret, null);
103		    }
104		}
105	    }
106
107	    /* Let each plugin do its verification */
108	    foreach ($plugins as $plugin) {
109		list ($ret, $pluginErrors, $continue) =
110		    $plugin->performValidation($form, $options);
111		if ($ret) {
112		    return array($ret, null);
113		}
114		$error = array_merge($error, $pluginErrors);
115		if (!$continue) {
116		    break;
117		}
118	    }
119
120	    if (empty($error) && $isCorrect) {
121		GalleryCoreApi::addPermissionToSession($itemId);
122
123		$results['redirect']['view'] = 'core.ShowItem';
124		$results['redirect']['itemId'] = $itemId;
125	    } else if (empty($error)) {
126		$error[] = 'form[error][incorrectPassword]';
127	    }
128	}
129	if (!isset($results['redirect'])) {
130	    $results['delegate']['view'] = 'password.PasswordEntry';
131	}
132	$results['status'] = $status;
133	$results['error'] = $error;
134
135	return array(null, $results);
136    }
137}
138
139/**
140 * View that shows user a password entry box, allowing them to the enter the password for an item.
141 */
142class PasswordEntryView extends GalleryView {
143    /**
144     * @see GalleryView::loadTemplate
145     */
146    function loadTemplate(&$template, &$form) {
147	if ($form['formName'] != 'PasswordEntry') {
148	    $form['formName'] = 'PasswordEntry';
149	    $form['itemId'] = GalleryUtilities::getRequestVariables('itemId');
150	}
151
152	list ($ret, $form['validationLevel']) =
153	    GalleryCoreApi::getPluginParameter('module', 'password', 'validation.level');
154	if ($ret) {
155	    return array($ret, null);
156	}
157
158	$template->setVariable('controller', 'password.PasswordEntry');
159	return array(null, array('body' => 'modules/password/templates/PasswordEntry.tpl'));
160    }
161
162    /**
163     * @see GalleryView::getViewDescription
164     */
165    function getViewDescription() {
166	list ($ret, $core) = GalleryCoreApi::loadPlugin('module', 'password');
167	if ($ret) {
168	    return array($ret, null);
169	}
170	return array(null, $core->translate('Password Entry'));
171    }
172}
173?>
174