Partial update to Private Key update

This commit is contained in:
root 2011-01-22 20:38:31 -05:00
parent 5a8327be1d
commit 8d91bf83bc
5 changed files with 90 additions and 25 deletions

View File

@ -72,7 +72,9 @@ CREATE TABLE `sc_users` (
`email` varchar(50) NOT NULL default '',
`homepage` varchar(255) default NULL,
`uContent` text,
PRIMARY KEY (`uId`)
`privateKey` varchar(32) NOT NULL,
PRIMARY KEY (`uId`),
UNIQUE KEY `privateKey` (`privateKey`)
) CHARACTER SET utf8 COLLATE utf8_general_ci ;
-- --------------------------------------------------------

View File

@ -11,6 +11,7 @@ ChangeLog for SemantiScuttle
- Implement patch #3059829: update FR_CA translation
- Update php-gettext library to 1.0.10
- api/posts/add respects the "replace" parameter now
- Implement Feature Request #3164013 adding ability to log in vi private key
0.97.1 - 2010-09-30

View File

@ -35,17 +35,20 @@ class SemanticScuttle_Model_User
var $content;
var $datetime;
var $isAdmin;
var $privateKey;
/**
* Create a new user object
*
* @param integer $id User ID
* @param string $username Username
* @param integer $id User ID
* @param string $username Username
* @param string $privateKey PrivateKey
*/
public function __construct($id, $username)
public function __construct($id, $username, $privateKey)
{
$this->id = $id;
$this->username = $username;
$this->privateKey = $privateKey;
}
/**
@ -68,6 +71,16 @@ class SemanticScuttle_Model_User
return $this->username;
}
/**
* Returns private key
*
* @return string private key
*/
public function getPrivateKey()
{
return $this->privateKey;
}
/**
* Returns full user name as specified in the profile.
*

View File

@ -42,7 +42,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
protected $fields = array(
'primary' => 'uId',
'username' => 'username',
'password' => 'password'
'password' => 'password',
'privatekey'=> 'privateKey'
);
protected $profileurl;
@ -456,6 +457,45 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
}
}
/**
* Try to authenticate and login a user with
* private key.
*
* @param string $privatekey Private Key
*
* @return boolean True if the user could be authenticated,
* false if not.
*/
public function loginPK($privatekey)
{
$query = 'SELECT '. $this->getFieldName('primary') .' FROM '. $this->getTableName() .' WHERE '. $this->getFieldName('privatekey') .' = "'. $this->db->sql_escape($privatekey) .'"';
if (!($dbresult = $this->db->sql_query($query))) {
message_die(
GENERAL_ERROR,
'Could not get user',
'', __LINE__, __FILE__, $query, $this->db
);
return false;
}
$row = $this->db->sql_fetchrow($dbresult);
$this->db->sql_freeresult($dbresult);
if ($row) {
$id = $_SESSION[$this->getSessionKey()]
= $row[$this->getFieldName('primary')];
$cookie = $id .':'. md5($username.$password);
setcookie(
$this->cookiekey, $cookie,
time() + $this->cookietime, '/'
);
return true;
} else {
return false;
}
}
function logout() {
@setcookie($this->getCookiekey(), '', time() - 1, '/');
unset($_COOKIE[$this->getCookiekey()]);

View File

@ -31,28 +31,37 @@ function authenticate()
}
if (!$userservice->isLoggedOn()) {
/* First check to see if a private key was sent */
if (isset($_POST['privatekey']) {
$login = $userservice->loginPK($_POST['privatekey']);
if ($login) {
$currentUser = $userservice->getCurrentObjectUser();
return;
} else {
/* is someone hacking? */
/* TODO: Track attempts */
}
}
/* Maybe we have caught authentication data in $_SERVER['REMOTE_USER']
( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */
if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
&& isset($_SERVER['REMOTE_USER'])
&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)
) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
&& isset($_SERVER['REMOTE_USER'])
&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
if (!isset($_SERVER['PHP_AUTH_USER'])) {
authenticate();
} else {
$login = $userservice->login(
$_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']
);
if ($login) {
$currentUser = $userservice->getCurrentObjectUser();
} else {
authenticate();
}
}
if (!isset($_SERVER['PHP_AUTH_USER'])) {
authenticate();
} else {
$login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if ($login) {
$currentUser = $userservice->getCurrentObjectUser();
} else {
authenticate();
}
}
}
?>