Partial update to Private Key update
This commit is contained in:
parent
5a8327be1d
commit
8d91bf83bc
@ -72,7 +72,9 @@ CREATE TABLE `sc_users` (
|
||||
`email` varchar(50) NOT NULL default '',
|
||||
`homepage` varchar(255) default NULL,
|
||||
`uContent` text,
|
||||
PRIMARY KEY (`uId`)
|
||||
`privateKey` varchar(32) NOT NULL,
|
||||
PRIMARY KEY (`uId`),
|
||||
UNIQUE KEY `privateKey` (`privateKey`)
|
||||
) CHARACTER SET utf8 COLLATE utf8_general_ci ;
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
@ -11,6 +11,7 @@ ChangeLog for SemantiScuttle
|
||||
- Implement patch #3059829: update FR_CA translation
|
||||
- Update php-gettext library to 1.0.10
|
||||
- api/posts/add respects the "replace" parameter now
|
||||
- Implement Feature Request #3164013 adding ability to log in vi private key
|
||||
|
||||
|
||||
0.97.1 - 2010-09-30
|
||||
|
@ -35,17 +35,20 @@ class SemanticScuttle_Model_User
|
||||
var $content;
|
||||
var $datetime;
|
||||
var $isAdmin;
|
||||
var $privateKey;
|
||||
|
||||
/**
|
||||
* Create a new user object
|
||||
*
|
||||
* @param integer $id User ID
|
||||
* @param string $username Username
|
||||
* @param integer $id User ID
|
||||
* @param string $username Username
|
||||
* @param string $privateKey PrivateKey
|
||||
*/
|
||||
public function __construct($id, $username)
|
||||
public function __construct($id, $username, $privateKey)
|
||||
{
|
||||
$this->id = $id;
|
||||
$this->username = $username;
|
||||
$this->privateKey = $privateKey;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -68,6 +71,16 @@ class SemanticScuttle_Model_User
|
||||
return $this->username;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns private key
|
||||
*
|
||||
* @return string private key
|
||||
*/
|
||||
public function getPrivateKey()
|
||||
{
|
||||
return $this->privateKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns full user name as specified in the profile.
|
||||
*
|
||||
|
@ -42,7 +42,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
protected $fields = array(
|
||||
'primary' => 'uId',
|
||||
'username' => 'username',
|
||||
'password' => 'password'
|
||||
'password' => 'password',
|
||||
'privatekey'=> 'privateKey'
|
||||
);
|
||||
|
||||
protected $profileurl;
|
||||
@ -456,6 +457,45 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to authenticate and login a user with
|
||||
* private key.
|
||||
*
|
||||
* @param string $privatekey Private Key
|
||||
*
|
||||
* @return boolean True if the user could be authenticated,
|
||||
* false if not.
|
||||
*/
|
||||
public function loginPK($privatekey)
|
||||
{
|
||||
$query = 'SELECT '. $this->getFieldName('primary') .' FROM '. $this->getTableName() .' WHERE '. $this->getFieldName('privatekey') .' = "'. $this->db->sql_escape($privatekey) .'"';
|
||||
|
||||
if (!($dbresult = $this->db->sql_query($query))) {
|
||||
message_die(
|
||||
GENERAL_ERROR,
|
||||
'Could not get user',
|
||||
'', __LINE__, __FILE__, $query, $this->db
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
$row = $this->db->sql_fetchrow($dbresult);
|
||||
$this->db->sql_freeresult($dbresult);
|
||||
|
||||
if ($row) {
|
||||
$id = $_SESSION[$this->getSessionKey()]
|
||||
= $row[$this->getFieldName('primary')];
|
||||
$cookie = $id .':'. md5($username.$password);
|
||||
setcookie(
|
||||
$this->cookiekey, $cookie,
|
||||
time() + $this->cookietime, '/'
|
||||
);
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function logout() {
|
||||
@setcookie($this->getCookiekey(), '', time() - 1, '/');
|
||||
unset($_COOKIE[$this->getCookiekey()]);
|
||||
|
@ -31,28 +31,37 @@ function authenticate()
|
||||
}
|
||||
|
||||
if (!$userservice->isLoggedOn()) {
|
||||
/* First check to see if a private key was sent */
|
||||
if (isset($_POST['privatekey']) {
|
||||
$login = $userservice->loginPK($_POST['privatekey']);
|
||||
if ($login) {
|
||||
$currentUser = $userservice->getCurrentObjectUser();
|
||||
return;
|
||||
} else {
|
||||
/* is someone hacking? */
|
||||
/* TODO: Track attempts */
|
||||
}
|
||||
}
|
||||
|
||||
/* Maybe we have caught authentication data in $_SERVER['REMOTE_USER']
|
||||
( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */
|
||||
if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
|
||||
&& isset($_SERVER['REMOTE_USER'])
|
||||
&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)
|
||||
) {
|
||||
list($name, $password) = explode(':', base64_decode($matches[1]));
|
||||
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
|
||||
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
|
||||
&& isset($_SERVER['REMOTE_USER'])
|
||||
&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
|
||||
list($name, $password) = explode(':', base64_decode($matches[1]));
|
||||
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
|
||||
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
|
||||
}
|
||||
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
authenticate();
|
||||
} else {
|
||||
$login = $userservice->login(
|
||||
$_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']
|
||||
);
|
||||
if ($login) {
|
||||
$currentUser = $userservice->getCurrentObjectUser();
|
||||
} else {
|
||||
authenticate();
|
||||
}
|
||||
}
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
authenticate();
|
||||
} else {
|
||||
$login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
|
||||
if ($login) {
|
||||
$currentUser = $userservice->getCurrentObjectUser();
|
||||
} else {
|
||||
authenticate();
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user