Altered method of rss authentication to be temporarily logged in

This commit is contained in:
Mark Pemberton 2011-02-07 00:11:33 -05:00
parent 2242a0da33
commit 8f64c0acb4
5 changed files with 89 additions and 34 deletions

View File

@ -303,10 +303,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
function editAllowed($bookmark)
{
if (!is_numeric($bookmark)
&& (!is_array($bookmark)
|| !isset($bookmark['bId'])
|| !is_numeric($bookmark['bId'])
)
&& (!is_array($bookmark) || !isset($bookmark['bId']) || !is_numeric($bookmark['bId']))
) {
return false;
}
@ -690,8 +687,6 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* SQL-DateTime value
* "YYYY-MM-DD hh:ii:ss'
* @param string $hash Filter by URL hash
* @param string $privatekey URL provided private key to
* return only private bookmarks
*
* @return array Array with two keys: 'bookmarks' and 'total'.
* First contains an array of bookmarks, 'total'
@ -700,8 +695,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
public function getBookmarks(
$start = 0, $perpage = null, $user = null, $tags = null,
$terms = null, $sortOrder = null, $watched = null,
$startdate = null, $enddate = null, $hash = null,
$privatekey = null
$startdate = null, $enddate = null, $hash = null
) {
$userservice = SemanticScuttle_Service_Factory::get('User');
$b2tservice = SemanticScuttle_Service_Factory::get('Bookmark2Tag');
@ -717,16 +711,10 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
$privacy .= ' OR (U.username = "'. $watchuser .'" AND B.bStatus = 1)';
}
$privacy .= ')';
} else {
$userinfo = $userservice->getObjectUser($user);
if ($privatekey == $userinfo->getPrivateKey() && !is_null($privatekey)) {
// Just private bookmarks
$privacy = ' AND B.bStatus = 2';
} else {
// Just public bookmarks
$privacy = ' AND B.bStatus = 0';
}
}
// Set up the tags, if need be.
if (!is_array($tags) && !is_null($tags)) {

View File

@ -42,7 +42,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
protected $fields = array(
'primary' => 'uId',
'username' => 'username',
'password' => 'password'
'password' => 'password',
'privatekey' => 'privatekey'
);
protected $profileurl;
@ -70,8 +71,6 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
* Construct of Class
*
* @param sql_db $db Database object
*
* @return void
*/
protected function __construct($db)
{
@ -118,11 +117,11 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
* Fetches the list of users from the database
* optionally limiting the results set
*
* @param integer $nb Max number of usrs
* @param integer $nb Max number of users to return
*
* @return array Array of users
* @return array Data array from database
*/
function & getUsers($nb = 0)
public function & getUsers($nb = 0)
{
$query = 'SELECT * FROM '. $this->getTableName() .' ORDER BY `uId` DESC';
if ($nb>0) {
@ -250,6 +249,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
return $this->_getuser($this->getFieldName('username'), $username);
}
/**
* Returns user row from database.
*
* @param string $privatekey Private Key
*
* @return array User array from database
*/
function getUserByPrivateKey($privatekey)
{
return $this->_getuser($this->getFieldName('privatekey'), $privatekey);
}
/**
* Returns user row from database.
*
@ -554,6 +565,46 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
}
}
/**
* Try to authenticate and login a user with
* username and privatekey.
*
* @param string $username Name of User
* @param string $privatekey Private Key
*
* @return boolean true if the user could be authenticated,
* false if not.
*/
public function loginPrivateKey($username, $privatekey)
{
$query = 'SELECT '. $this->getFieldName('primary') .' FROM '
. $this->getTableName() .' WHERE '
. $this->getFieldName('username') .' = "'
. $this->db->sql_escape($username) .'" AND '
. $this->getFieldName('privatekey') .' = "'
. $this->db->sql_escape($privatekey) .'"';
if (!($dbresult = $this->db->sql_query($query))) {
message_die(
GENERAL_ERROR,
'Could not get user',
'', __LINE__, __FILE__, $query, $this->db
);
return false;
}
$row = $this->db->sql_fetchrow($dbresult);
$this->db->sql_freeresult($dbresult);
if ($row) {
$id = $_SESSION[$this->getSessionKey()]
= $row[$this->getFieldName('primary')];
return true;
} else {
return false;
}
}
/**
* Logout current user
*
@ -788,15 +839,15 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
* @param string $uId User ID
* @param string $password User Password
* @param string $name User Name
* @param string $privateKey RSS Private Key
* @param string $email Email Address
* @param string $homepage Homepage URL
* @param string $uContent Content
* @param string $privateKey RSS Private Key
*
* @return boolean true if it successful, false if not
*/
function updateUser(
$uId, $password, $name, $privateKey, $email, $homepage, $uContent
$uId, $password, $name, $email, $homepage, $uContent, $privateKey = null
) {
if (!is_numeric($uId)) {
return false;
@ -966,7 +1017,7 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
// Generate a 32 char lowercase+numeric unique value
$newKey = md5(uniqid('SemanticScuttle', true));
// Check uniqueness in user table
while ($this->PrivateKeyExists($newKey)) {
while ($this->privateKeyExists($newKey)) {
$newKey = md5(uniqid('SemanticScuttle', true));
}
return $newKey;
@ -998,12 +1049,12 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
);
}
if ($this->db->sql_fetchfield(0, 0) > 0) {
$output = true;
$exists = true;
} else {
$output = false;
$exists = false;
}
$this->db->sql_freeresult($dbresult);
return $output;
return $exists;
}
/**

View File

@ -216,6 +216,9 @@ class UserTest extends TestBase
$this->assertFalse($this->us->privateKeyExists($randKey));
$uid = $this->addUser(null, null, $randKey);
$this->us->setCurrentUserId($uid);
$this->assertEquals($uid, $this->us->getCurrentUserId());
$this->assertTrue($this->us->privateKeyExists($randKey));
}
}

View File

@ -262,7 +262,7 @@ if ($templatename == 'editbookmark.tpl') {
array_push(
$tplVars['rsschannels'],
array(
filter($sitename .': (private) '. $pagetitle),
filter($sitename . sprintf(T_(': (private) ')) . $pagetitle),
createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder().'&privatekey='.$currentUser->getPrivateKey())
)
);

View File

@ -65,6 +65,7 @@ if (isset($_GET['privatekey'])) {
$watchlist = null;
$pagetitle = '';
$isTempLogin = false;
if ($user && $user != 'all') {
if ($user == 'watchlist') {
$user = $cat;
@ -76,6 +77,14 @@ if ($user && $user != 'all') {
} else {
if ($userinfo = $userservice->getUserByUsername($user)) {
$userid =& $userinfo[$userservice->getFieldName('primary')];
/* if user is not logged in and has valid privatekey */
if (!$userservice->isLoggedOn()) {
if ($privatekey != null) {
if ($userservice->loginPrivateKey($user, $privatekey)) {
$isTempLogin = true;
}
}
}
} else {
$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
$templateservice->loadTemplate('error.404.tpl', $tplVars);
@ -99,8 +108,7 @@ $tplVars['feeddescription'] = sprintf(T_('Recent bookmarks posted to %s'), $GLOB
$bookmarks = $bookmarkservice->getBookmarks(
0, $rssEntries, $userid, $cat,
null, getSortOrder(), $watchlist,
null, null, null,
$privatekey
null, null, null
);
$bookmarks_tmp = filter($bookmarks['bookmarks']);
@ -134,6 +142,11 @@ $tplVars['feedlastupdate'] = date('r', strtotime($latestdate));
$templateservice->loadTemplate('rss.tpl', $tplVars);
/* If temporary login, please log out */
if ($isTempLogin) {
$userservice->logout();
}
if ($usecache) {
// Cache output if existing copy has expired
$cacheservice->End($hash);