diff options
author | tcit <tcit@tcit.fr> | 2014-04-23 10:29:53 +0200 |
---|---|---|
committer | tcit <tcit@tcit.fr> | 2014-04-23 10:29:53 +0200 |
commit | 4d99bae893eb47505f8ff6976917ef3af363ff5b (patch) | |
tree | 79542323f751ce4562867b421a05aa6715c7efc8 | |
parent | 847f57686e3e129b63c40bd2b49404b74ec85b27 (diff) | |
download | wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.tar.gz wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.tar.zst wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.zip |
Fixed Multi-user system
-rwxr-xr-x | inc/poche/Database.class.php | 39 | ||||
-rwxr-xr-x | inc/poche/Poche.class.php | 54 | ||||
-rwxr-xr-x | index.php | 4 | ||||
-rwxr-xr-x | themes/baggy/config.twig | 32 |
4 files changed, 128 insertions, 1 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 036c9d1b..ba2d1d94 100755 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
@@ -229,12 +229,49 @@ class Database { | |||
229 | return FALSE; | 229 | return FALSE; |
230 | } | 230 | } |
231 | } | 231 | } |
232 | |||
233 | public function listUsers($username=null) { | ||
234 | $sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : ''); | ||
235 | $query = $this->executeQuery($sql, ( $username ? array($username) : array())); | ||
236 | list($count) = $query->fetch(); | ||
237 | return $count; | ||
238 | } | ||
239 | |||
240 | public function getUserPassword($userID) { | ||
241 | $sql = "SELECT * FROM users WHERE id=?"; | ||
242 | $query = $this->executeQuery($sql, array($userID)); | ||
243 | $password = $query->fetchAll(); | ||
244 | return isset($password[0]['password']) ? $password[0]['password'] : null; | ||
245 | } | ||
246 | |||
247 | public function deleteUserConfig($userID) { | ||
248 | $sql_action = 'DELETE from users_config WHERE user_id=?'; | ||
249 | $params_action = array($userID); | ||
250 | $query = $this->executeQuery($sql_action, $params_action); | ||
251 | return $query; | ||
252 | } | ||
253 | |||
254 | public function deleteTagsEntriesAndEntries($userID) { | ||
255 | $entries = $this->retrieveAll($userID); | ||
256 | foreach($entries as $entryid) { | ||
257 | $tags = $this->retrieveTagsByEntry($entryid); | ||
258 | foreach($tags as $tag) { | ||
259 | $this->removeTagForEntry($entryid,$tags); | ||
260 | } | ||
261 | $this->deleteById($entryid,$userID); | ||
262 | } | ||
263 | } | ||
264 | |||
265 | public function deleteUser($userID) { | ||
266 | $sql_action = 'DELETE from users WHERE id=?'; | ||
267 | $params_action = array($userID); | ||
268 | $query = $this->executeQuery($sql_action, $params_action); | ||
269 | } | ||
232 | 270 | ||
233 | public function updateContentAndTitle($id, $title, $body, $user_id) { | 271 | public function updateContentAndTitle($id, $title, $body, $user_id) { |
234 | $sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?'; | 272 | $sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?'; |
235 | $params_action = array($body, $title, $id, $user_id); | 273 | $params_action = array($body, $title, $id, $user_id); |
236 | $query = $this->executeQuery($sql_action, $params_action); | 274 | $query = $this->executeQuery($sql_action, $params_action); |
237 | |||
238 | return $query; | 275 | return $query; |
239 | } | 276 | } |
240 | 277 | ||
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 811895dc..aa313c25 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
@@ -241,6 +241,58 @@ class Poche | |||
241 | $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime'); | 241 | $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime'); |
242 | $this->tpl->addFilter($filter); | 242 | $this->tpl->addFilter($filter); |
243 | } | 243 | } |
244 | |||
245 | public function createNewUser() { | ||
246 | if (isset($_GET['newuser'])){ | ||
247 | if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){ | ||
248 | $newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING); | ||
249 | if (!$this->store->userExists($newusername)){ | ||
250 | if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) { | ||
251 | Tools::logm('The new user '.$newusername.' has been installed'); | ||
252 | $this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'),$newusername)); | ||
253 | Tools::redirect(); | ||
254 | } | ||
255 | else { | ||
256 | Tools::logm('error during adding new user'); | ||
257 | Tools::redirect(); | ||
258 | } | ||
259 | } | ||
260 | else { | ||
261 | $this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername)); | ||
262 | Tools::logm('An user with the name '.$newusername.' already exists !'); | ||
263 | Tools::redirect(); | ||
264 | } | ||
265 | } | ||
266 | } | ||
267 | } | ||
268 | |||
269 | public function deleteUser(){ | ||
270 | if (isset($_GET['deluser'])){ | ||
271 | if ($this->store->listUsers() > 1) { | ||
272 | if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) { | ||
273 | $username = $this->user->getUsername(); | ||
274 | $this->store->deleteUserConfig($this->user->getId()); | ||
275 | Tools::logm('The configuration for user '. $username .' has been deleted !'); | ||
276 | $this->store->deleteTagsEntriesAndEntries($this->user->getId()); | ||
277 | Tools::logm('The entries for user '. $username .' has been deleted !'); | ||
278 | $this->store->deleteUser($this->user->getId()); | ||
279 | Tools::logm('User '. $username .' has been completely deleted !'); | ||
280 | Session::logout(); | ||
281 | Tools::logm('logout'); | ||
282 | Tools::redirect(); | ||
283 | $this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername)); | ||
284 | } | ||
285 | else { | ||
286 | Tools::logm('Bad password !'); | ||
287 | $this->messages->add('e', _('Error : The password is wrong !')); | ||
288 | } | ||
289 | } | ||
290 | else { | ||
291 | Tools::logm('Only user !'); | ||
292 | $this->messages->add('e', _('Error : You are the only user, you cannot delete your account !')); | ||
293 | } | ||
294 | } | ||
295 | } | ||
244 | 296 | ||
245 | private function install() | 297 | private function install() |
246 | { | 298 | { |
@@ -520,6 +572,7 @@ class Poche | |||
520 | $languages = $this->getInstalledLanguages(); | 572 | $languages = $this->getInstalledLanguages(); |
521 | $token = $this->user->getConfigValue('token'); | 573 | $token = $this->user->getConfigValue('token'); |
522 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false; | 574 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false; |
575 | $only_user = ($this->store->listUsers() > 1) ? false : true; | ||
523 | $tpl_vars = array( | 576 | $tpl_vars = array( |
524 | 'themes' => $themes, | 577 | 'themes' => $themes, |
525 | 'languages' => $languages, | 578 | 'languages' => $languages, |
@@ -532,6 +585,7 @@ class Poche | |||
532 | 'token' => $token, | 585 | 'token' => $token, |
533 | 'user_id' => $this->user->getId(), | 586 | 'user_id' => $this->user->getId(), |
534 | 'http_auth' => $http_auth, | 587 | 'http_auth' => $http_auth, |
588 | 'only_user' => $only_user | ||
535 | ); | 589 | ); |
536 | Tools::logm('config view'); | 590 | Tools::logm('config view'); |
537 | break; | 591 | break; |
@@ -66,6 +66,10 @@ if (isset($_GET['login'])) { | |||
66 | } elseif (isset($_GET['config'])) { | 66 | } elseif (isset($_GET['config'])) { |
67 | # Update password | 67 | # Update password |
68 | $poche->updatePassword(); | 68 | $poche->updatePassword(); |
69 | } elseif (isset($_GET['newuser'])) { | ||
70 | $poche->createNewUser(); | ||
71 | } elseif (isset($_GET['deluser'])) { | ||
72 | $poche->deleteUser(); | ||
69 | } elseif (isset($_GET['import'])) { | 73 | } elseif (isset($_GET['import'])) { |
70 | $import = $poche->import(); | 74 | $import = $poche->import(); |
71 | $tpl_vars = array_merge($tpl_vars, $import); | 75 | $tpl_vars = array_merge($tpl_vars, $import); |
diff --git a/themes/baggy/config.twig b/themes/baggy/config.twig index d441de7c..29d9e048 100755 --- a/themes/baggy/config.twig +++ b/themes/baggy/config.twig | |||
@@ -128,4 +128,36 @@ | |||
128 | <h2>{% trans "Cache" %}</h2> | 128 | <h2>{% trans "Cache" %}</h2> |
129 | <p><a href="?empty-cache">{% trans "Click here" %}</a> {% trans "to delete cache." %}</p> | 129 | <p><a href="?empty-cache">{% trans "Click here" %}</a> {% trans "to delete cache." %}</p> |
130 | 130 | ||
131 | <h2>{% trans 'Add user' %}</h2> | ||
132 | <p>{% trans 'Add a new user :' %}</p> | ||
133 | <form method="post" action="?newuser"> | ||
134 | <fieldset class="w500p"> | ||
135 | <div class="row"> | ||
136 | <label class="col w150p" for="newusername">{% trans 'Login for new user' %}</label> | ||
137 | <input class="col" type="text" id="newusername" name="newusername" placeholder="{% trans 'Login' %}"> | ||
138 | </div> | ||
139 | <div class="row"> | ||
140 | <label class="col w150p" for="password4newuser">{% trans "Password for new user" %}</label> | ||
141 | <input class="col" type="password" id="password4newuser" name="password4newuser" placeholder="{% trans "Password" %}"> | ||
142 | </div> | ||
143 | <div class="row mts txtcenter"> | ||
144 | <button type="submit">{% trans "Send" %}</button> | ||
145 | </div> | ||
146 | </fieldset> | ||
147 | </form> | ||
148 | |||
149 | <h2>{% trans "Delete account" %}</h2> | ||
150 | {% if not only_user %}<form method="post" action="?deluser"> | ||
151 | <p>{% trans "You can delete your account by entering your password and validating." %}<br /><b>{% trans "Be careful, data will be erased forever (that is a very long time)." %}</b></p> | ||
152 | <fieldset class="w500p"> | ||
153 | <div class="row"> | ||
154 | <label class="col w150p" for="password4deletinguser">{% trans "Type here your password" %}</label> | ||
155 | <input class="col" type="password" id="password4deletinguser" name="password4deletinguser" placeholder="{% trans "Password" %}"> | ||
156 | </div> | ||
157 | <div class="row mts txtcenter"> | ||
158 | <button type="submit">{% trans "Send" %}</button> | ||
159 | </div> | ||
160 | </form> | ||
161 | {% else %}<p>{% trans "You are the only user, you cannot delete your own account." %}<br /> | ||
162 | {% trans "To completely remove wallabag, delete the wallabag folder on your web server." %}</p>{% endif %} | ||
131 | {% endblock %} | 163 | {% endblock %} |