From 8d3275bee488d058c6ff0efe6e81d20a584d3709 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@gmail.com>
Date: Tue, 6 Aug 2013 15:51:48 +0200
Subject: [PATCH 1/1] multi user

---
 inc/3rdparty/Session.class.php |  2 +-
 inc/poche/Poche.class.php      | 72 +++++++++++++++++++-------------
 inc/poche/User.class.php       | 33 +++++++++++----
 inc/poche/config.inc.php       |  2 +-
 inc/store/file.class.php       |  4 --
 inc/store/mysql.class.php      |  7 ----
 inc/store/sqlite.class.php     | 75 +++++++++++++++-------------------
 inc/store/store.class.php      |  4 --
 8 files changed, 105 insertions(+), 94 deletions(-)

diff --git a/inc/3rdparty/Session.class.php b/inc/3rdparty/Session.class.php
index eff924cc..3162f507 100644
--- a/inc/3rdparty/Session.class.php
+++ b/inc/3rdparty/Session.class.php
@@ -93,7 +93,7 @@ class Session
     // Force logout
     public static function logout()
     {
-        unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass']);
+        unset($_SESSION['uid'],$_SESSION['info'],$_SESSION['expires_on'],$_SESSION['tokens'], $_SESSION['login'], $_SESSION['pass'], $_SESSION['poche_user']);
     }
 
     // Make sure user is logged in.
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 2c0c73f9..ce5bb54a 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -33,10 +33,18 @@ class Poche
     {
         Tools::initPhp();
         Session::init();
-        $this->user = isset($_SESSION['poche_user']) ? $_SESSION['poche_user'] : array();
+
+        if (isset($_SESSION['poche_user'])) {
+            $this->user = $_SESSION['poche_user'];
+        }
+        else {
+            # fake user, just for install & login screens
+            $this->user = new User();
+            $this->user->setConfig($this->getDefaultConfig());
+        }
 
         # l10n
-        $language = ($this->user->getConfigValue('language')) ? $this->user->getConfigValue('language') : LANG;
+        $language = $this->user->getConfigValue('language');
         putenv('LC_ALL=' . $language);
         setlocale(LC_ALL, $language);
         bindtextdomain($language, LOCALE); 
@@ -53,8 +61,7 @@ class Poche
         $this->tpl->addFilter($filter);
 
         # Pagination
-        $pager = ($this->user->getConfigValue('pager')) ? $this->user->getConfigValue('pager') : PAGINATION;
-        $this->pagination = new Paginator($pager, 'p');
+        $this->pagination = new Paginator($this->user->getConfigValue('pager'), 'p');
     }
 
     private function install() 
@@ -80,6 +87,14 @@ class Poche
         exit();
     }
 
+    public function getDefaultConfig()
+    {
+        return array(
+            'pager' => PAGINATION,
+            'language' => LANG,
+            );
+    }
+
     /**
      * Call action (mark as fav, archive, delete, etc.)
      */
@@ -89,7 +104,7 @@ class Poche
         {
             case 'add':
                 if($parametres_url = $url->fetchContent()) {
-                    if ($this->store->add($url->getUrl(), $parametres_url['title'], $parametres_url['content'])) {
+                    if ($this->store->add($url->getUrl(), $parametres_url['title'], $parametres_url['content'], $this->user->getId())) {
                         Tools::logm('add link ' . $url->getUrl());
                         $last_id = $this->store->getLastId();
                         if (DOWNLOAD_PICTURES) {
@@ -109,7 +124,7 @@ class Poche
                 Tools::redirect();
                 break;
             case 'delete':
-                if ($this->store->deleteById($id)) {
+                if ($this->store->deleteById($id, $this->user->getId())) {
                     if (DOWNLOAD_PICTURES) {
                         remove_directory(ABS_PATH . $id);
                     }
@@ -123,12 +138,12 @@ class Poche
                 Tools::redirect();
                 break;
             case 'toggle_fav' :
-                $this->store->favoriteById($id);
+                $this->store->favoriteById($id, $this->user->getId());
                 Tools::logm('mark as favorite link #' . $id);
                 Tools::redirect();
                 break;
             case 'toggle_archive' :
-                $this->store->archiveById($id);
+                $this->store->archiveById($id, $this->user->getId());
                 Tools::logm('archive link #' . $id);
                 Tools::redirect();
                 break;
@@ -157,7 +172,7 @@ class Poche
                 Tools::logm('config view');
                 break;
             case 'view':
-                $entry = $this->store->retrieveOneById($id);
+                $entry = $this->store->retrieveOneById($id, $this->user->getId());
                 if ($entry != NULL) {
                     Tools::logm('view link #' . $id);
                     $content = $entry['content'];
@@ -176,10 +191,10 @@ class Poche
                 }
                 break;
             default: # home view
-                $entries = $this->store->getEntriesByView($view);
+                $entries = $this->store->getEntriesByView($view, $this->user->getId());
                 $this->pagination->set_total(count($entries));
                 $page_links = $this->pagination->page_links('?view=' . $view . '&sort=' . $_SESSION['sort'] . '&');
-                $datas = $this->store->getEntriesByView($view, $this->pagination->get_limit());
+                $datas = $this->store->getEntriesByView($view, $this->user->getId(), $this->pagination->get_limit());
                 $tpl_vars = array(
                     'entries' => $datas,
                     'page_links' => $page_links,
@@ -194,21 +209,21 @@ class Poche
     public function updatePassword()
     {
         if (MODE_DEMO) {
-            $this->messages->add('i', 'in demo mode, you can\'t update your password');
+            $this->messages->add('i', _('in demo mode, you can\'t update your password'));
             Tools::logm('in demo mode, you can\'t do this');
             Tools::redirect('?view=config');
         }
         else {
             if (isset($_POST['password']) && isset($_POST['password_repeat'])) {
                 if ($_POST['password'] == $_POST['password_repeat'] && $_POST['password'] != "") {
-                    Tools::logm('password updated');
-                    $this->messages->add('s', 'your password has been updated');
-                    $this->store->updatePassword(Tools::encodeString($_POST['password'] . $_SESSION['login']));
+                    $this->messages->add('s', _('your password has been updated'));
+                    $this->store->updatePassword($this->user->getId(), Tools::encodeString($_POST['password'] . $this->user->getUsername()));
                     Session::logout();
+                    Tools::logm('password updated');
                     Tools::redirect();
                 }
                 else {
-                    $this->messages->add('e', 'the two fields have to be filled & the password must be the same in the two fields');
+                    $this->messages->add('e', _('the two fields have to be filled & the password must be the same in the two fields'));
                     Tools::redirect('?view=config');
                 }
             }
@@ -223,8 +238,7 @@ class Poche
                 # Save login into Session
                 Session::login($user['username'], $user['password'], $_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']), array('poche_user' => new User($user)));
 
-                Tools::logm('login successful');
-                $this->messages->add('s', 'welcome to your poche');
+                $this->messages->add('s', _('welcome to your poche'));
                 if (!empty($_POST['longlastingsession'])) {
                     $_SESSION['longlastingsession'] = 31536000;
                     $_SESSION['expires_on'] = time() + $_SESSION['longlastingsession'];
@@ -233,13 +247,14 @@ class Poche
                     session_set_cookie_params(0);
                 }
                 session_regenerate_id(true);
+                Tools::logm('login successful');
                 Tools::redirect($referer);
             }
-            $this->messages->add('e', 'login failed: bad login or password');
+            $this->messages->add('e', _('login failed: bad login or password'));
             Tools::logm('login failed');
             Tools::redirect();
         } else {
-            $this->messages->add('e', 'login failed: you have to fill all fields');
+            $this->messages->add('e', _('login failed: you have to fill all fields'));
             Tools::logm('login failed');
             Tools::redirect();
         }
@@ -247,7 +262,7 @@ class Poche
 
     public function logout()
     {
-        $this->messages->add('s', 'see you soon!');
+        $this->messages->add('s', _('see you soon!'));
         Tools::logm('logout');
         $this->user = array();
         Session::logout();
@@ -271,14 +286,14 @@ class Poche
                 $this->action('add', $url);
                 if ($read == '1') {
                     $last_id = $this->store->getLastId();
-                    $this->store->archiveById($last_id);
+                    $this->action('toggle_archive', $url, $last_id);
                 }
             }
 
             # the second <ol> is for read links
             $read = 1;
         }
-        $this->messages->add('s', 'import from instapaper completed');
+        $this->messages->add('s', _('import from instapaper completed'));
         Tools::logm('import from instapaper completed');
         Tools::redirect();
     }
@@ -300,14 +315,14 @@ class Poche
                 $this->action('add', $url);
                 if ($read == '1') {
                     $last_id = $this->store->getLastId();
-                    $this->store->archiveById($last_id);
+                    $this->action('toggle_archive', $url, $last_id);
                 }
             }
             
             # the second <ul> is for read links
             $read = 1;
         }
-        $this->messages->add('s', 'import from pocket completed');
+        $this->messages->add('s', _('import from pocket completed'));
         Tools::logm('import from pocket completed');
         Tools::redirect();
     }
@@ -327,16 +342,17 @@ class Poche
                 // if ($attr_value == 'favorite' && $attr_value == 'true') {
                 //     $last_id = $this->store->getLastId();
                 //     $this->store->favoriteById($last_id);
+                //     $this->action('toogle_fav', $url, $last_id);
                 // }
                 // if ($attr_value == 'archive' && $attr_value == 'true') {
                 //     $last_id = $this->store->getLastId();
-                //     $this->store->archiveById($last_id);
+                //     $this->action('toggle_archive', $url, $last_id);
                 // }
             }
             if ($url->isCorrect())
                 $this->action('add', $url);
         }
-        $this->messages->add('s', 'import from Readability completed');
+        $this->messages->add('s', _('import from Readability completed'));
         Tools::logm('import from Readability completed');
         Tools::redirect();
     }
@@ -356,7 +372,7 @@ class Poche
 
     public function export()
     {
-        $entries = $this->store->retrieveAll();
+        $entries = $this->store->retrieveAll($this->user->getId());
         echo $this->tpl->render('export.twig', array(
             'export' => Tools::renderJson($entries),
         ));
diff --git a/inc/poche/User.class.php b/inc/poche/User.class.php
index ef47730f..6dac7839 100644
--- a/inc/poche/User.class.php
+++ b/inc/poche/User.class.php
@@ -17,17 +17,34 @@ class User
     public $email;
     public $config;
 
-    function __construct($user)
+    function __construct($user = array())
     {
-        $this->id = $user['id'];
-        $this->username = $user['username'];
-        $this->name = $user['name'];
-        $this->password = $user['password'];
-        $this->email = $user['email'];
-        $this->config = $user['config'];
+        if ($user != array()) {
+            $this->id = $user['id'];
+            $this->username = $user['username'];
+            $this->name = $user['name'];
+            $this->password = $user['password'];
+            $this->email = $user['email'];
+            $this->config = $user['config'];
+        }
     }
 
-    function getConfigValue($name) {
+    public function getId() 
+    {
+        return $this->id;
+    }
+
+    public function getUsername() 
+    {
+        return $this->username;
+    }
+
+    public function setConfig($config)
+    {
+        $this->config = $config;
+    }
+
+    public function getConfigValue($name) {
         return (isset($this->config[$name])) ? $this->config[$name] : FALSE;
     }
 }
\ No newline at end of file
diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php
index d0c686f0..a8a9c032 100644
--- a/inc/poche/config.inc.php
+++ b/inc/poche/config.inc.php
@@ -10,7 +10,7 @@
 
 define ('POCHE_VERSION', '1.0-beta');
 define ('MODE_DEMO', FALSE);
-define ('DEBUG_POCHE', FALSE);
+define ('DEBUG_POCHE', TRUE);
 define ('CONVERT_LINKS_FOOTNOTES', FALSE);
 define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
 define ('DOWNLOAD_PICTURES', FALSE);
diff --git a/inc/store/file.class.php b/inc/store/file.class.php
index ad20937d..c9d85dcc 100644
--- a/inc/store/file.class.php
+++ b/inc/store/file.class.php
@@ -44,8 +44,4 @@ class File extends Store {
     public function getLastId() {
 
     }
-
-    public function updateContentById($id) {
-
-    }
 }
diff --git a/inc/store/mysql.class.php b/inc/store/mysql.class.php
index 78254a5f..8b7f83da 100644
--- a/inc/store/mysql.class.php
+++ b/inc/store/mysql.class.php
@@ -192,11 +192,4 @@ class Mysql extends Store {
         parent::__construct();
         return $this->getHandle()->lastInsertId();
     }
-
-    public function updateContentById($id) {
-        parent::__construct();
-        $sql_update     = "UPDATE entries SET content=? WHERE id=?";
-        $params_update  = array($content, $id);
-        $query          = $this->executeQuery($sql_update, $params_update);
-    }
 }
diff --git a/inc/store/sqlite.class.php b/inc/store/sqlite.class.php
index 3cc5276d..4c628dc1 100644
--- a/inc/store/sqlite.class.php
+++ b/inc/store/sqlite.class.php
@@ -57,9 +57,9 @@ class Sqlite extends Store {
     }
 
     public function login($username, $password) {
-        $sql    = "SELECT * FROM users WHERE username=? AND password=?";
-        $query  = $this->executeQuery($sql, array($username, $password));
-        $login  = $query->fetchAll();
+        $sql = "SELECT * FROM users WHERE username=? AND password=?";
+        $query = $this->executeQuery($sql, array($username, $password));
+        $login = $query->fetchAll();
 
         $user = array();
         if (isset($login[0])) {
@@ -76,9 +76,9 @@ class Sqlite extends Store {
 
     public function updatePassword($id, $password)
     {
-        $sql_update     = "UPDATE users SET password=? WHERE id=?";
-        $params_update  = array($password, $id);
-        $query          = $this->executeQuery($sql_update, $params_update);
+        $sql_update = "UPDATE users SET password=? WHERE id=?";
+        $params_update = array($password, $id);
+        $query = $this->executeQuery($sql_update, $params_update);
     }
 
     private function executeQuery($sql, $params) {
@@ -94,27 +94,27 @@ class Sqlite extends Store {
         }
     }
 
-    public function retrieveAll() {
-        $sql        = "SELECT * FROM entries ORDER BY id";
-        $query      = $this->executeQuery($sql, array());
+    public function retrieveAll($user_id) {
+        $sql        = "SELECT * FROM entries WHERE user_id=? ORDER BY id";
+        $query      = $this->executeQuery($sql, array($user_id));
         $entries    = $query->fetchAll();
 
         return $entries;
     }
 
-    public function retrieveOneById($id) {
+    public function retrieveOneById($id, $user_id) {
         parent::__construct();
 
         $entry  = NULL;
-        $sql    = "SELECT * FROM entries WHERE id=?";
-        $params = array(intval($id));
+        $sql    = "SELECT * FROM entries WHERE id=? AND user_id=?";
+        $params = array(intval($id), $user_id);
         $query  = $this->executeQuery($sql, $params);
         $entry  = $query->fetchAll();
 
         return $entry[0];
     }
 
-    public function getEntriesByView($view, $limit = '') {
+    public function getEntriesByView($view, $user_id, $limit = '') {
         parent::__construct();
 
         switch ($_SESSION['sort'])
@@ -139,54 +139,54 @@ class Sqlite extends Store {
         switch ($view)
         {
             case 'archive':
-                $sql    = "SELECT * FROM entries WHERE is_read=? " . $order;
-                $params = array(-1);
+                $sql    = "SELECT * FROM entries WHERE user_id=? AND is_read=? " . $order;
+                $params = array($user_id, -1);
                 break;
             case 'fav' :
-                $sql    = "SELECT * FROM entries WHERE is_fav=? " . $order;
-                $params = array(-1);
+                $sql    = "SELECT * FROM entries WHERE user_id=? AND is_fav=? " . $order;
+                $params = array($user_id, -1);
                 break;
             default:
-                $sql    = "SELECT * FROM entries WHERE is_read=? " . $order;
-                $params = array(0);
+                $sql    = "SELECT * FROM entries WHERE user_id=? AND is_read=? " . $order;
+                $params = array($user_id, 0);
                 break;
         }
 
         $sql .= ' ' . $limit;
 
-        $query      = $this->executeQuery($sql, $params);
-        $entries    = $query->fetchAll();
+        $query = $this->executeQuery($sql, $params);
+        $entries = $query->fetchAll();
 
         return $entries;
     }
 
-    public function add($url, $title, $content) {
+    public function add($url, $title, $content, $user_id) {
         parent::__construct();
-        $sql_action     = 'INSERT INTO entries ( url, title, content ) VALUES (?, ?, ?)';
-        $params_action  = array($url, $title, $content);
-        $query          = $this->executeQuery($sql_action, $params_action);
+        $sql_action = 'INSERT INTO entries ( url, title, content, user_id ) VALUES (?, ?, ?, ?)';
+        $params_action = array($url, $title, $content, $user_id);
+        $query = $this->executeQuery($sql_action, $params_action);
         return $query;
     }
 
-    public function deleteById($id) {
+    public function deleteById($id, $user_id) {
         parent::__construct();
-        $sql_action     = "DELETE FROM entries WHERE id=?";
-        $params_action  = array($id);
+        $sql_action     = "DELETE FROM entries WHERE id=? AND user_id=?";
+        $params_action  = array($id, $user_id);
         $query          = $this->executeQuery($sql_action, $params_action);
         return $query;
     }
 
-    public function favoriteById($id) {
+    public function favoriteById($id, $user_id) {
         parent::__construct();
-        $sql_action     = "UPDATE entries SET is_fav=~is_fav WHERE id=?";
-        $params_action  = array($id);
+        $sql_action     = "UPDATE entries SET is_fav=~is_fav WHERE id=? AND user_id=?";
+        $params_action  = array($id, $user_id);
         $query          = $this->executeQuery($sql_action, $params_action);
     }
 
-    public function archiveById($id) {
+    public function archiveById($id, $user_id) {
         parent::__construct();
-        $sql_action     = "UPDATE entries SET is_read=~is_read WHERE id=?";
-        $params_action  = array($id);
+        $sql_action     = "UPDATE entries SET is_read=~is_read WHERE id=? AND user_id=?";
+        $params_action  = array($id, $user_id);
         $query          = $this->executeQuery($sql_action, $params_action);
     }
 
@@ -194,11 +194,4 @@ class Sqlite extends Store {
         parent::__construct();
         return $this->getHandle()->lastInsertId();
     }
-
-    public function updateContentById($id) {
-        parent::__construct();
-        $sql_update     = "UPDATE entries SET content=? WHERE id=?";
-        $params_update  = array($content, $id);
-        $query          = $this->executeQuery($sql_update, $params_update);
-    }
 }
diff --git a/inc/store/store.class.php b/inc/store/store.class.php
index 5f8939b9..d6e63014 100644
--- a/inc/store/store.class.php
+++ b/inc/store/store.class.php
@@ -52,8 +52,4 @@ class Store {
     public function getLastId() {
 
     }
-
-    public function updateContentById($id) {
-
-    }
 }
-- 
2.41.0