Our gallery needed multiple administrators, and we each didn't want to share each others credentials (it's very insecure).
So I modified a few files, the mods are below.
zp-config.php
[Add the following lines after old admin data]
------------------
$conf['admins'][] = array( 'username' => 'YOUR_USER', 'password' => 'YOUR_PASSWORD' );
$conf['admins'][] = array( 'username' => 'YOUR_USER2', 'password' => 'YOUR_PASSWORD2' );
[Repeat until you are satisfied]
------------------
auth_zp.php
[Add to top of file (after $_zp_loggedin = false;))]
------------------
$security_key = "1337-trisweb-r0x|";
// (Replace the security key with a personal random phrase)
------------------
2)
[Replace]
------------------
if ($user == zp_conf("adminuser") && $pass == zp_conf("adminpass")) {
// Correct auth info. Set the cookie.
setcookie("zenphoto_auth", md5($user.$pass), time()+5184000, $cookiepath);
$_zp_loggedin = true;
//// FIXME: Breaks IIS
if (!empty($redirect)) { header("Location: " . FULLWEBPATH . $redirect); }
////
} else {
// Clear the cookie, just in case
setcookie("zenphoto_auth", "", time()-368000, $cookiepath);
$error = true;
}
------------------
[With this]
------------------
$found = 0;
for( $i = 0; $i < count( $conf['admins'] ); $i++ )
{
if( $conf['admins'][$i]['username'] == $user && $conf['admins'][$i]['password'] == $pass )
{
// Correct auth info. Set the cookie.
setcookie("zenphoto_auth", md5($security_key), time()+5184000, $cookiepath);
$_zp_loggedin = true;
//// FIXME: Breaks IIS
if (!empty($redirect)) { header("Location: " . FULLWEBPATH . $redirect); }
////
$found = 1;
}
}
if($found == 0)
{
// Clear the cookie, just in case
setcookie("zenphoto_auth", "", time()-368000, $cookiepath);
$error = true;
}
------------------
2)
[Replace]
------------------
$check_auth = md5(zp_conf("adminuser").zp_conf("adminpass"));
------------------
[With this]
------------------
$check_auth = md5($security_key);
-------------------
Zenphoto
Comments