Altered method of rss authentication to be temporarily logged in
This commit is contained in:
Mark Pemberton
parent
2242a0da33
commit
8f64c0acb4
@ -303,10 +303,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
|||||||
function editAllowed($bookmark)
|
function editAllowed($bookmark)
|
||||||
{
|
{
|
||||||
if (!is_numeric($bookmark)
|
if (!is_numeric($bookmark)
|
||||||
&& (!is_array($bookmark)
|
&& (!is_array($bookmark) || !isset($bookmark['bId']) || !is_numeric($bookmark['bId']))
|
||||||
|| !isset($bookmark['bId'])
|
|
||||||
|| !is_numeric($bookmark['bId'])
|
|
||||||
)
|
|
||||||
) {
|
) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -690,8 +687,6 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
|||||||
* SQL-DateTime value
|
* SQL-DateTime value
|
||||||
* "YYYY-MM-DD hh:ii:ss'
|
* "YYYY-MM-DD hh:ii:ss'
|
||||||
* @param string $hash Filter by URL hash
|
* @param string $hash Filter by URL hash
|
||||||
* @param string $privatekey URL provided private key to
|
|
||||||
* return only private bookmarks
|
|
||||||
*
|
*
|
||||||
* @return array Array with two keys: 'bookmarks' and 'total'.
|
* @return array Array with two keys: 'bookmarks' and 'total'.
|
||||||
* First contains an array of bookmarks, 'total'
|
* First contains an array of bookmarks, 'total'
|
||||||
@ -700,8 +695,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
|||||||
public function getBookmarks(
|
public function getBookmarks(
|
||||||
$start = 0, $perpage = null, $user = null, $tags = null,
|
$start = 0, $perpage = null, $user = null, $tags = null,
|
||||||
$terms = null, $sortOrder = null, $watched = null,
|
$terms = null, $sortOrder = null, $watched = null,
|
||||||
$startdate = null, $enddate = null, $hash = null,
|
$startdate = null, $enddate = null, $hash = null
|
||||||
$privatekey = null
|
|
||||||
) {
|
) {
|
||||||
$userservice = SemanticScuttle_Service_Factory::get('User');
|
$userservice = SemanticScuttle_Service_Factory::get('User');
|
||||||
$b2tservice = SemanticScuttle_Service_Factory::get('Bookmark2Tag');
|
$b2tservice = SemanticScuttle_Service_Factory::get('Bookmark2Tag');
|
||||||
@ -717,16 +711,10 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
|
|||||||
$privacy .= ' OR (U.username = "'. $watchuser .'" AND B.bStatus = 1)';
|
$privacy .= ' OR (U.username = "'. $watchuser .'" AND B.bStatus = 1)';
|
||||||
}
|
}
|
||||||
$privacy .= ')';
|
$privacy .= ')';
|
||||||
} else {
|
|
||||||
$userinfo = $userservice->getObjectUser($user);
|
|
||||||
if ($privatekey == $userinfo->getPrivateKey() && !is_null($privatekey)) {
|
|
||||||
// Just private bookmarks
|
|
||||||
$privacy = ' AND B.bStatus = 2';
|
|
||||||
} else {
|
} else {
|
||||||
// Just public bookmarks
|
// Just public bookmarks
|
||||||
$privacy = ' AND B.bStatus = 0';
|
$privacy = ' AND B.bStatus = 0';
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Set up the tags, if need be.
|
// Set up the tags, if need be.
|
||||||
if (!is_array($tags) && !is_null($tags)) {
|
if (!is_array($tags) && !is_null($tags)) {
|
||||||
|
|||||||
@ -42,7 +42,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||||||
protected $fields = array(
|
protected $fields = array(
|
||||||
'primary' => 'uId',
|
'primary' => 'uId',
|
||||||
'username' => 'username',
|
'username' => 'username',
|
||||||
'password' => 'password'
|
'password' => 'password',
|
||||||
|
'privatekey' => 'privatekey'
|
||||||
);
|
);
|
||||||
|
|
||||||
protected $profileurl;
|
protected $profileurl;
|
||||||
@ -70,8 +71,6 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||||||
* Construct of Class
|
* Construct of Class
|
||||||
*
|
*
|
||||||
* @param sql_db $db Database object
|
* @param sql_db $db Database object
|
||||||
*
|
|
||||||
* @return void
|
|
||||||
*/
|
*/
|
||||||
protected function __construct($db)
|
protected function __construct($db)
|
||||||
{
|
{
|
||||||
@ -118,11 +117,11 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||||||
* Fetches the list of users from the database
|
* Fetches the list of users from the database
|
||||||
* optionally limiting the results set
|
* optionally limiting the results set
|
||||||
*
|
*
|
||||||
* @param integer $nb Max number of usrs
|
* @param integer $nb Max number of users to return
|
||||||
*
|
*
|
||||||
* @return array Array of users
|
* @return array Data array from database
|
||||||
*/
|
*/
|
||||||
function & getUsers($nb = 0)
|
public function & getUsers($nb = 0)
|
||||||
{
|
{
|
||||||
$query = 'SELECT * FROM '. $this->getTableName() .' ORDER BY `uId` DESC';
|
$query = 'SELECT * FROM '. $this->getTableName() .' ORDER BY `uId` DESC';
|
||||||
if ($nb>0) {
|
if ($nb>0) {
|
||||||
@ -250,6 +249,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||||||
return $this->_getuser($this->getFieldName('username'), $username);
|
return $this->_getuser($this->getFieldName('username'), $username);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns user row from database.
|
||||||
|
*
|
||||||
|
* @param string $privatekey Private Key
|
||||||
|
*
|
||||||
|
* @return array User array from database
|
||||||
|
*/
|
||||||
|
function getUserByPrivateKey($privatekey)
|
||||||
|
{
|
||||||
|
return $this->_getuser($this->getFieldName('privatekey'), $privatekey);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns user row from database.
|
* Returns user row from database.
|
||||||
*
|
*
|
||||||
@ -554,6 +565,46 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Try to authenticate and login a user with
|
||||||
|
* username and privatekey.
|
||||||
|
*
|
||||||
|
* @param string $username Name of User
|
||||||
|
* @param string $privatekey Private Key
|
||||||
|
*
|
||||||
|
* @return boolean true if the user could be authenticated,
|
||||||
|
* false if not.
|
||||||
|
*/
|
||||||
|
public function loginPrivateKey($username, $privatekey)
|
||||||
|
{
|
||||||
|
$query = 'SELECT '. $this->getFieldName('primary') .' FROM '
|
||||||
|
. $this->getTableName() .' WHERE '
|
||||||
|
. $this->getFieldName('username') .' = "'
|
||||||
|
. $this->db->sql_escape($username) .'" AND '
|
||||||
|
. $this->getFieldName('privatekey') .' = "'
|
||||||
|
. $this->db->sql_escape($privatekey) .'"';
|
||||||
|
|
||||||
|
if (!($dbresult = $this->db->sql_query($query))) {
|
||||||
|
message_die(
|
||||||
|
GENERAL_ERROR,
|
||||||
|
'Could not get user',
|
||||||
|
'', __LINE__, __FILE__, $query, $this->db
|
||||||
|
);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$row = $this->db->sql_fetchrow($dbresult);
|
||||||
|
$this->db->sql_freeresult($dbresult);
|
||||||
|
|
||||||
|
if ($row) {
|
||||||
|
$id = $_SESSION[$this->getSessionKey()]
|
||||||
|
= $row[$this->getFieldName('primary')];
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Logout current user
|
* Logout current user
|
||||||
*
|
*
|
||||||
@ -788,15 +839,15 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||||||
* @param string $uId User ID
|
* @param string $uId User ID
|
||||||
* @param string $password User Password
|
* @param string $password User Password
|
||||||
* @param string $name User Name
|
* @param string $name User Name
|
||||||
* @param string $privateKey RSS Private Key
|
|
||||||
* @param string $email Email Address
|
* @param string $email Email Address
|
||||||
* @param string $homepage Homepage URL
|
* @param string $homepage Homepage URL
|
||||||
* @param string $uContent Content
|
* @param string $uContent Content
|
||||||
|
* @param string $privateKey RSS Private Key
|
||||||
*
|
*
|
||||||
* @return boolean true if it successful, false if not
|
* @return boolean true if it successful, false if not
|
||||||
*/
|
*/
|
||||||
function updateUser(
|
function updateUser(
|
||||||
$uId, $password, $name, $privateKey, $email, $homepage, $uContent
|
$uId, $password, $name, $email, $homepage, $uContent, $privateKey = null
|
||||||
) {
|
) {
|
||||||
if (!is_numeric($uId)) {
|
if (!is_numeric($uId)) {
|
||||||
return false;
|
return false;
|
||||||
@ -966,7 +1017,7 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||||||
// Generate a 32 char lowercase+numeric unique value
|
// Generate a 32 char lowercase+numeric unique value
|
||||||
$newKey = md5(uniqid('SemanticScuttle', true));
|
$newKey = md5(uniqid('SemanticScuttle', true));
|
||||||
// Check uniqueness in user table
|
// Check uniqueness in user table
|
||||||
while ($this->PrivateKeyExists($newKey)) {
|
while ($this->privateKeyExists($newKey)) {
|
||||||
$newKey = md5(uniqid('SemanticScuttle', true));
|
$newKey = md5(uniqid('SemanticScuttle', true));
|
||||||
}
|
}
|
||||||
return $newKey;
|
return $newKey;
|
||||||
@ -998,12 +1049,12 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($this->db->sql_fetchfield(0, 0) > 0) {
|
if ($this->db->sql_fetchfield(0, 0) > 0) {
|
||||||
$output = true;
|
$exists = true;
|
||||||
} else {
|
} else {
|
||||||
$output = false;
|
$exists = false;
|
||||||
}
|
}
|
||||||
$this->db->sql_freeresult($dbresult);
|
$this->db->sql_freeresult($dbresult);
|
||||||
return $output;
|
return $exists;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -216,6 +216,9 @@ class UserTest extends TestBase
|
|||||||
$this->assertFalse($this->us->privateKeyExists($randKey));
|
$this->assertFalse($this->us->privateKeyExists($randKey));
|
||||||
$uid = $this->addUser(null, null, $randKey);
|
$uid = $this->addUser(null, null, $randKey);
|
||||||
|
|
||||||
|
$this->us->setCurrentUserId($uid);
|
||||||
|
$this->assertEquals($uid, $this->us->getCurrentUserId());
|
||||||
|
|
||||||
$this->assertTrue($this->us->privateKeyExists($randKey));
|
$this->assertTrue($this->us->privateKeyExists($randKey));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -262,7 +262,7 @@ if ($templatename == 'editbookmark.tpl') {
|
|||||||
array_push(
|
array_push(
|
||||||
$tplVars['rsschannels'],
|
$tplVars['rsschannels'],
|
||||||
array(
|
array(
|
||||||
filter($sitename .': (private) '. $pagetitle),
|
filter($sitename . sprintf(T_(': (private) ')) . $pagetitle),
|
||||||
createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder().'&privatekey='.$currentUser->getPrivateKey())
|
createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder().'&privatekey='.$currentUser->getPrivateKey())
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|||||||
17
www/rss.php
17
www/rss.php
@ -65,6 +65,7 @@ if (isset($_GET['privatekey'])) {
|
|||||||
|
|
||||||
$watchlist = null;
|
$watchlist = null;
|
||||||
$pagetitle = '';
|
$pagetitle = '';
|
||||||
|
$isTempLogin = false;
|
||||||
if ($user && $user != 'all') {
|
if ($user && $user != 'all') {
|
||||||
if ($user == 'watchlist') {
|
if ($user == 'watchlist') {
|
||||||
$user = $cat;
|
$user = $cat;
|
||||||
@ -76,6 +77,14 @@ if ($user && $user != 'all') {
|
|||||||
} else {
|
} else {
|
||||||
if ($userinfo = $userservice->getUserByUsername($user)) {
|
if ($userinfo = $userservice->getUserByUsername($user)) {
|
||||||
$userid =& $userinfo[$userservice->getFieldName('primary')];
|
$userid =& $userinfo[$userservice->getFieldName('primary')];
|
||||||
|
/* if user is not logged in and has valid privatekey */
|
||||||
|
if (!$userservice->isLoggedOn()) {
|
||||||
|
if ($privatekey != null) {
|
||||||
|
if ($userservice->loginPrivateKey($user, $privatekey)) {
|
||||||
|
$isTempLogin = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
|
$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
|
||||||
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
$templateservice->loadTemplate('error.404.tpl', $tplVars);
|
||||||
@ -99,8 +108,7 @@ $tplVars['feeddescription'] = sprintf(T_('Recent bookmarks posted to %s'), $GLOB
|
|||||||
$bookmarks = $bookmarkservice->getBookmarks(
|
$bookmarks = $bookmarkservice->getBookmarks(
|
||||||
0, $rssEntries, $userid, $cat,
|
0, $rssEntries, $userid, $cat,
|
||||||
null, getSortOrder(), $watchlist,
|
null, getSortOrder(), $watchlist,
|
||||||
null, null, null,
|
null, null, null
|
||||||
$privatekey
|
|
||||||
);
|
);
|
||||||
|
|
||||||
$bookmarks_tmp = filter($bookmarks['bookmarks']);
|
$bookmarks_tmp = filter($bookmarks['bookmarks']);
|
||||||
@ -134,6 +142,11 @@ $tplVars['feedlastupdate'] = date('r', strtotime($latestdate));
|
|||||||
|
|
||||||
$templateservice->loadTemplate('rss.tpl', $tplVars);
|
$templateservice->loadTemplate('rss.tpl', $tplVars);
|
||||||
|
|
||||||
|
/* If temporary login, please log out */
|
||||||
|
if ($isTempLogin) {
|
||||||
|
$userservice->logout();
|
||||||
|
}
|
||||||
|
|
||||||
if ($usecache) {
|
if ($usecache) {
|
||||||
// Cache output if existing copy has expired
|
// Cache output if existing copy has expired
|
||||||
$cacheservice->End($hash);
|
$cacheservice->End($hash);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user