diff options
author | tcit <tcit@tcit.fr> | 2014-04-23 10:29:53 +0200 |
---|---|---|
committer | tcit <tcit@tcit.fr> | 2014-04-23 10:29:53 +0200 |
commit | 4d99bae893eb47505f8ff6976917ef3af363ff5b (patch) | |
tree | 79542323f751ce4562867b421a05aa6715c7efc8 /inc/poche | |
parent | 847f57686e3e129b63c40bd2b49404b74ec85b27 (diff) | |
download | wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.tar.gz wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.tar.zst wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.zip |
Fixed Multi-user system
Diffstat (limited to 'inc/poche')
-rwxr-xr-x | inc/poche/Database.class.php | 39 | ||||
-rwxr-xr-x | inc/poche/Poche.class.php | 54 |
2 files changed, 92 insertions, 1 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 036c9d1b..ba2d1d94 100755 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php | |||
@@ -229,12 +229,49 @@ class Database { | |||
229 | return FALSE; | 229 | return FALSE; |
230 | } | 230 | } |
231 | } | 231 | } |
232 | |||
233 | public function listUsers($username=null) { | ||
234 | $sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : ''); | ||
235 | $query = $this->executeQuery($sql, ( $username ? array($username) : array())); | ||
236 | list($count) = $query->fetch(); | ||
237 | return $count; | ||
238 | } | ||
239 | |||
240 | public function getUserPassword($userID) { | ||
241 | $sql = "SELECT * FROM users WHERE id=?"; | ||
242 | $query = $this->executeQuery($sql, array($userID)); | ||
243 | $password = $query->fetchAll(); | ||
244 | return isset($password[0]['password']) ? $password[0]['password'] : null; | ||
245 | } | ||
246 | |||
247 | public function deleteUserConfig($userID) { | ||
248 | $sql_action = 'DELETE from users_config WHERE user_id=?'; | ||
249 | $params_action = array($userID); | ||
250 | $query = $this->executeQuery($sql_action, $params_action); | ||
251 | return $query; | ||
252 | } | ||
253 | |||
254 | public function deleteTagsEntriesAndEntries($userID) { | ||
255 | $entries = $this->retrieveAll($userID); | ||
256 | foreach($entries as $entryid) { | ||
257 | $tags = $this->retrieveTagsByEntry($entryid); | ||
258 | foreach($tags as $tag) { | ||
259 | $this->removeTagForEntry($entryid,$tags); | ||
260 | } | ||
261 | $this->deleteById($entryid,$userID); | ||
262 | } | ||
263 | } | ||
264 | |||
265 | public function deleteUser($userID) { | ||
266 | $sql_action = 'DELETE from users WHERE id=?'; | ||
267 | $params_action = array($userID); | ||
268 | $query = $this->executeQuery($sql_action, $params_action); | ||
269 | } | ||
232 | 270 | ||
233 | public function updateContentAndTitle($id, $title, $body, $user_id) { | 271 | public function updateContentAndTitle($id, $title, $body, $user_id) { |
234 | $sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?'; | 272 | $sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?'; |
235 | $params_action = array($body, $title, $id, $user_id); | 273 | $params_action = array($body, $title, $id, $user_id); |
236 | $query = $this->executeQuery($sql_action, $params_action); | 274 | $query = $this->executeQuery($sql_action, $params_action); |
237 | |||
238 | return $query; | 275 | return $query; |
239 | } | 276 | } |
240 | 277 | ||
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 811895dc..aa313c25 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
@@ -241,6 +241,58 @@ class Poche | |||
241 | $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime'); | 241 | $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime'); |
242 | $this->tpl->addFilter($filter); | 242 | $this->tpl->addFilter($filter); |
243 | } | 243 | } |
244 | |||
245 | public function createNewUser() { | ||
246 | if (isset($_GET['newuser'])){ | ||
247 | if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){ | ||
248 | $newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING); | ||
249 | if (!$this->store->userExists($newusername)){ | ||
250 | if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) { | ||
251 | Tools::logm('The new user '.$newusername.' has been installed'); | ||
252 | $this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'),$newusername)); | ||
253 | Tools::redirect(); | ||
254 | } | ||
255 | else { | ||
256 | Tools::logm('error during adding new user'); | ||
257 | Tools::redirect(); | ||
258 | } | ||
259 | } | ||
260 | else { | ||
261 | $this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername)); | ||
262 | Tools::logm('An user with the name '.$newusername.' already exists !'); | ||
263 | Tools::redirect(); | ||
264 | } | ||
265 | } | ||
266 | } | ||
267 | } | ||
268 | |||
269 | public function deleteUser(){ | ||
270 | if (isset($_GET['deluser'])){ | ||
271 | if ($this->store->listUsers() > 1) { | ||
272 | if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) { | ||
273 | $username = $this->user->getUsername(); | ||
274 | $this->store->deleteUserConfig($this->user->getId()); | ||
275 | Tools::logm('The configuration for user '. $username .' has been deleted !'); | ||
276 | $this->store->deleteTagsEntriesAndEntries($this->user->getId()); | ||
277 | Tools::logm('The entries for user '. $username .' has been deleted !'); | ||
278 | $this->store->deleteUser($this->user->getId()); | ||
279 | Tools::logm('User '. $username .' has been completely deleted !'); | ||
280 | Session::logout(); | ||
281 | Tools::logm('logout'); | ||
282 | Tools::redirect(); | ||
283 | $this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername)); | ||
284 | } | ||
285 | else { | ||
286 | Tools::logm('Bad password !'); | ||
287 | $this->messages->add('e', _('Error : The password is wrong !')); | ||
288 | } | ||
289 | } | ||
290 | else { | ||
291 | Tools::logm('Only user !'); | ||
292 | $this->messages->add('e', _('Error : You are the only user, you cannot delete your account !')); | ||
293 | } | ||
294 | } | ||
295 | } | ||
244 | 296 | ||
245 | private function install() | 297 | private function install() |
246 | { | 298 | { |
@@ -520,6 +572,7 @@ class Poche | |||
520 | $languages = $this->getInstalledLanguages(); | 572 | $languages = $this->getInstalledLanguages(); |
521 | $token = $this->user->getConfigValue('token'); | 573 | $token = $this->user->getConfigValue('token'); |
522 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false; | 574 | $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false; |
575 | $only_user = ($this->store->listUsers() > 1) ? false : true; | ||
523 | $tpl_vars = array( | 576 | $tpl_vars = array( |
524 | 'themes' => $themes, | 577 | 'themes' => $themes, |
525 | 'languages' => $languages, | 578 | 'languages' => $languages, |
@@ -532,6 +585,7 @@ class Poche | |||
532 | 'token' => $token, | 585 | 'token' => $token, |
533 | 'user_id' => $this->user->getId(), | 586 | 'user_id' => $this->user->getId(), |
534 | 'http_auth' => $http_auth, | 587 | 'http_auth' => $http_auth, |
588 | 'only_user' => $only_user | ||
535 | ); | 589 | ); |
536 | Tools::logm('config view'); | 590 | Tools::logm('config view'); |
537 | break; | 591 | break; |