Altered method of rss authentication to be temporarily logged in
This commit is contained in:
Mark Pemberton
parent
2242a0da33
commit
8f64c0acb4
@ -303,16 +303,13 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
||||
function editAllowed($bookmark)
|
||||
{
|
||||
if (!is_numeric($bookmark)
|
||||
&& (!is_array($bookmark)
|
||||
|| !isset($bookmark['bId'])
|
||||
|| !is_numeric($bookmark['bId'])
|
||||
)
|
||||
&& (!is_array($bookmark) || !isset($bookmark['bId']) || !is_numeric($bookmark['bId']))
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!is_array($bookmark)
|
||||
&& !($bookmark = $this->getBookmark($bookmark))
|
||||
&& !($bookmark = $this->getBookmark($bookmark))
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
@ -690,8 +687,6 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
||||
* SQL-DateTime value
|
||||
* "YYYY-MM-DD hh:ii:ss'
|
||||
* @param string $hash Filter by URL hash
|
||||
* @param string $privatekey URL provided private key to
|
||||
* return only private bookmarks
|
||||
*
|
||||
* @return array Array with two keys: 'bookmarks' and 'total'.
|
||||
* First contains an array of bookmarks, 'total'
|
||||
@ -700,8 +695,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
||||
public function getBookmarks(
|
||||
$start = 0, $perpage = null, $user = null, $tags = null,
|
||||
$terms = null, $sortOrder = null, $watched = null,
|
||||
$startdate = null, $enddate = null, $hash = null,
|
||||
$privatekey = null
|
||||
$startdate = null, $enddate = null, $hash = null
|
||||
) {
|
||||
$userservice = SemanticScuttle_Service_Factory::get('User');
|
||||
$b2tservice = SemanticScuttle_Service_Factory::get('Bookmark2Tag');
|
||||
@ -718,14 +712,8 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
||||
}
|
||||
$privacy .= ')';
|
||||
} else {
|
||||
$userinfo = $userservice->getObjectUser($user);
|
||||
if ($privatekey == $userinfo->getPrivateKey() && !is_null($privatekey)) {
|
||||
// Just private bookmarks
|
||||
$privacy = ' AND B.bStatus = 2';
|
||||
} else {
|
||||
// Just public bookmarks
|
||||
$privacy = ' AND B.bStatus = 0';
|
||||
}
|
||||
// Just public bookmarks
|
||||
$privacy = ' AND B.bStatus = 0';
|
||||
}
|
||||
|
||||
// Set up the tags, if need be.
|
||||
|
||||
@ -40,9 +40,10 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
protected $currentuser = null;
|
||||
|
||||
protected $fields = array(
|
||||
'primary' => 'uId',
|
||||
'username' => 'username',
|
||||
'password' => 'password'
|
||||
'primary' => 'uId',
|
||||
'username' => 'username',
|
||||
'password' => 'password',
|
||||
'privatekey' => 'privatekey'
|
||||
);
|
||||
|
||||
protected $profileurl;
|
||||
@ -70,8 +71,6 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
* Construct of Class
|
||||
*
|
||||
* @param sql_db $db Database object
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
protected function __construct($db)
|
||||
{
|
||||
@ -118,11 +117,11 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
* Fetches the list of users from the database
|
||||
* optionally limiting the results set
|
||||
*
|
||||
* @param integer $nb Max number of usrs
|
||||
* @param integer $nb Max number of users to return
|
||||
*
|
||||
* @return array Array of users
|
||||
* @return array Data array from database
|
||||
*/
|
||||
function & getUsers($nb = 0)
|
||||
public function & getUsers($nb = 0)
|
||||
{
|
||||
$query = 'SELECT * FROM '. $this->getTableName() .' ORDER BY `uId` DESC';
|
||||
if ($nb>0) {
|
||||
@ -250,6 +249,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
return $this->_getuser($this->getFieldName('username'), $username);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns user row from database.
|
||||
*
|
||||
* @param string $privatekey Private Key
|
||||
*
|
||||
* @return array User array from database
|
||||
*/
|
||||
function getUserByPrivateKey($privatekey)
|
||||
{
|
||||
return $this->_getuser($this->getFieldName('privatekey'), $privatekey);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns user row from database.
|
||||
*
|
||||
@ -554,6 +565,46 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to authenticate and login a user with
|
||||
* username and privatekey.
|
||||
*
|
||||
* @param string $username Name of User
|
||||
* @param string $privatekey Private Key
|
||||
*
|
||||
* @return boolean true if the user could be authenticated,
|
||||
* false if not.
|
||||
*/
|
||||
public function loginPrivateKey($username, $privatekey)
|
||||
{
|
||||
$query = 'SELECT '. $this->getFieldName('primary') .' FROM '
|
||||
. $this->getTableName() .' WHERE '
|
||||
. $this->getFieldName('username') .' = "'
|
||||
. $this->db->sql_escape($username) .'" AND '
|
||||
. $this->getFieldName('privatekey') .' = "'
|
||||
. $this->db->sql_escape($privatekey) .'"';
|
||||
|
||||
if (!($dbresult = $this->db->sql_query($query))) {
|
||||
message_die(
|
||||
GENERAL_ERROR,
|
||||
'Could not get user',
|
||||
'', __LINE__, __FILE__, $query, $this->db
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
$row = $this->db->sql_fetchrow($dbresult);
|
||||
$this->db->sql_freeresult($dbresult);
|
||||
|
||||
if ($row) {
|
||||
$id = $_SESSION[$this->getSessionKey()]
|
||||
= $row[$this->getFieldName('primary')];
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout current user
|
||||
*
|
||||
@ -788,15 +839,15 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
* @param string $uId User ID
|
||||
* @param string $password User Password
|
||||
* @param string $name User Name
|
||||
* @param string $privateKey RSS Private Key
|
||||
* @param string $email Email Address
|
||||
* @param string $homepage Homepage URL
|
||||
* @param string $uContent Content
|
||||
* @param string $privateKey RSS Private Key
|
||||
*
|
||||
* @return boolean true if it successful, false if not
|
||||
*/
|
||||
function updateUser(
|
||||
$uId, $password, $name, $privateKey, $email, $homepage, $uContent
|
||||
$uId, $password, $name, $email, $homepage, $uContent, $privateKey = null
|
||||
) {
|
||||
if (!is_numeric($uId)) {
|
||||
return false;
|
||||
@ -966,7 +1017,7 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
// Generate a 32 char lowercase+numeric unique value
|
||||
$newKey = md5(uniqid('SemanticScuttle', true));
|
||||
// Check uniqueness in user table
|
||||
while ($this->PrivateKeyExists($newKey)) {
|
||||
while ($this->privateKeyExists($newKey)) {
|
||||
$newKey = md5(uniqid('SemanticScuttle', true));
|
||||
}
|
||||
return $newKey;
|
||||
@ -998,12 +1049,12 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
||||
);
|
||||
}
|
||||
if ($this->db->sql_fetchfield(0, 0) > 0) {
|
||||
$output = true;
|
||||
$exists = true;
|
||||
} else {
|
||||
$output = false;
|
||||
$exists = false;
|
||||
}
|
||||
$this->db->sql_freeresult($dbresult);
|
||||
return $output;
|
||||
return $exists;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -216,6 +216,9 @@ class UserTest extends TestBase
|
||||
$this->assertFalse($this->us->privateKeyExists($randKey));
|
||||
$uid = $this->addUser(null, null, $randKey);
|
||||
|
||||
$this->us->setCurrentUserId($uid);
|
||||
$this->assertEquals($uid, $this->us->getCurrentUserId());
|
||||
|
||||
$this->assertTrue($this->us->privateKeyExists($randKey));
|
||||
}
|
||||
}
|
||||
|
||||
@ -262,7 +262,7 @@ if ($templatename == 'editbookmark.tpl') {
|
||||
array_push(
|
||||
$tplVars['rsschannels'],
|
||||
array(
|
||||
filter($sitename .': (private) '. $pagetitle),
|
||||
filter($sitename . sprintf(T_(': (private) ')) . $pagetitle),
|
||||
createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder().'&privatekey='.$currentUser->getPrivateKey())
|
||||
)
|
||||
);
|
||||
|
||||
17
www/rss.php
17
www/rss.php
@ -65,6 +65,7 @@ if (isset($_GET['privatekey'])) {
|
||||
|
||||
$watchlist = null;
|
||||
$pagetitle = '';
|
||||
$isTempLogin = false;
|
||||
if ($user && $user != 'all') {
|
||||
if ($user == 'watchlist') {
|
||||
$user = $cat;
|
||||
@ -76,6 +77,14 @@ if ($user && $user != 'all') {
|
||||
} else {
|
||||
if ($userinfo = $userservice->getUserByUsername($user)) {
|
||||
$userid =& $userinfo[$userservice->getFieldName('primary')];
|
||||
/* if user is not logged in and has valid privatekey */
|
||||
if (!$userservice->isLoggedOn()) {
|
||||
if ($privatekey != null) {
|
||||
if ($userservice->loginPrivateKey($user, $privatekey)) {
|
||||
$isTempLogin = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
|
||||
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
||||
@ -99,8 +108,7 @@ $tplVars['feeddescription'] = sprintf(T_('Recent bookmarks posted to %s'), $GLOB
|
||||
$bookmarks = $bookmarkservice->getBookmarks(
|
||||
0, $rssEntries, $userid, $cat,
|
||||
null, getSortOrder(), $watchlist,
|
||||
null, null, null,
|
||||
$privatekey
|
||||
null, null, null
|
||||
);
|
||||
|
||||
$bookmarks_tmp = filter($bookmarks['bookmarks']);
|
||||
@ -134,6 +142,11 @@ $tplVars['feedlastupdate'] = date('r', strtotime($latestdate));
|
||||
|
||||
$templateservice->loadTemplate('rss.tpl', $tplVars);
|
||||
|
||||
/* If temporary login, please log out */
|
||||
if ($isTempLogin) {
|
||||
$userservice->logout();
|
||||
}
|
||||
|
||||
if ($usecache) {
|
||||
// Cache output if existing copy has expired
|
||||
$cacheservice->End($hash);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user