Fixed Multi-user system

author: tcit <tcit@tcit.fr> 2014-04-23 10:29:53 +0200
committer: tcit <tcit@tcit.fr> 2014-04-23 10:29:53 +0200
commit: 4d99bae893eb47505f8ff6976917ef3af363ff5b (patch)
tree: 79542323f751ce4562867b421a05aa6715c7efc8 /inc
parent: 847f57686e3e129b63c40bd2b49404b74ec85b27 (diff)
download: wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.tar.gz
wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.tar.zst
wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.zip
2 files changed, 92 insertions, 1 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 036c9d1b..ba2d1d94 100755
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -229,12 +229,49 @@ class Database {
            return FALSE;
        }
    }
+    
+    public function listUsers($username=null) {
+        $sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : '');
+        $query = $this->executeQuery($sql, ( $username ? array($username) : array()));
+        list($count) = $query->fetch();
+        return $count;
+    }
+    
+    public function getUserPassword($userID) {
+        $sql = "SELECT * FROM users WHERE id=?";
+        $query = $this->executeQuery($sql, array($userID));
+        $password = $query->fetchAll();
+        return isset($password[0]['password']) ? $password[0]['password'] : null;
+    }
+    
+    public function deleteUserConfig($userID) {
+        $sql_action = 'DELETE from users_config WHERE user_id=?';
+        $params_action = array($userID);
+        $query = $this->executeQuery($sql_action, $params_action);
+        return $query;
+    }
+    
+    public function deleteTagsEntriesAndEntries($userID) {
+        $entries = $this->retrieveAll($userID);
+        foreach($entries as $entryid) {
+            $tags = $this->retrieveTagsByEntry($entryid);
+            foreach($tags as $tag) {
+                $this->removeTagForEntry($entryid,$tags);
+            }
+            $this->deleteById($entryid,$userID);
+        }
+    }
+    
+    public function deleteUser($userID) {
+        $sql_action = 'DELETE from users WHERE id=?';
+        $params_action = array($userID);
+        $query = $this->executeQuery($sql_action, $params_action);
+    }
    public function updateContentAndTitle($id, $title, $body, $user_id) {
        $sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';
        $params_action = array($body, $title, $id, $user_id);
        $query = $this->executeQuery($sql_action, $params_action);
        return $query;
    }
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 811895dc..aa313c25 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -241,6 +241,58 @@ class Poche
        $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime');
        $this->tpl->addFilter($filter);
    }
+    
+    public function createNewUser() {
+        if (isset($_GET['newuser'])){
+            if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){
+                $newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING);
+                if (!$this->store->userExists($newusername)){   
+                    if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) {
+                        Tools::logm('The new user '.$newusername.' has been installed');
+                        $this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'),$newusername));
+                        Tools::redirect();
+                    }
+                    else {
+                        Tools::logm('error during adding new user');
+                        Tools::redirect();
+                    }
+                }
+                else {
+                    $this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername));
+                    Tools::logm('An user with the name '.$newusername.' already exists !');
+                    Tools::redirect();
+                }
+            }
+        }
+    }
+   
+    public function deleteUser(){
+        if (isset($_GET['deluser'])){
+            if ($this->store->listUsers() > 1) {
+                if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) {
+                    $username = $this->user->getUsername();
+                    $this->store->deleteUserConfig($this->user->getId());
+                    Tools::logm('The configuration for user '. $username .' has been deleted !');
+                    $this->store->deleteTagsEntriesAndEntries($this->user->getId());
+                    Tools::logm('The entries for user '. $username .' has been deleted !');
+                    $this->store->deleteUser($this->user->getId());
+                    Tools::logm('User '. $username .' has been completely deleted !');
+                    Session::logout();
+                    Tools::logm('logout');
+                    Tools::redirect();
+                    $this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername));
+                }
+                else {
+                    Tools::logm('Bad password !');
+                    $this->messages->add('e', _('Error : The password is wrong !'));
+                }
+            }
+            else {
+                Tools::logm('Only user !');
+                $this->messages->add('e', _('Error : You are the only user, you cannot delete your account !'));
+            }
+        }
+    }
    private function install()
    {
@@ -520,6 +572,7 @@ class Poche
                $languages = $this->getInstalledLanguages();
                $token = $this->user->getConfigValue('token');
                $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false;
+                $only_user = ($this->store->listUsers() > 1) ? false : true;
                $tpl_vars = array(
                    'themes' => $themes,
                    'languages' => $languages,
@@ -532,6 +585,7 @@ class Poche
                    'token' => $token,
                    'user_id' => $this->user->getId(),
                    'http_auth' => $http_auth,
+                    'only_user' => $only_user
                );
                Tools::logm('config view');
                break;
author	tcit <tcit@tcit.fr>	2014-04-23 10:29:53 +0200
committer	tcit <tcit@tcit.fr>	2014-04-23 10:29:53 +0200
commit	4d99bae893eb47505f8ff6976917ef3af363ff5b (patch)
tree	79542323f751ce4562867b421a05aa6715c7efc8 /inc
parent	847f57686e3e129b63c40bd2b49404b74ec85b27 (diff)
download	wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.tar.gz wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.tar.zst wallabag-4d99bae893eb47505f8ff6976917ef3af363ff5b.zip

diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 036c9d1b..ba2d1d94 100755 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php
@@ -229,12 +229,49 @@ class Database {
229	return FALSE;	229	return FALSE;
230	}	230	}
231	}	231	}
		232
		233	public function listUsers($username=null) {
		234	$sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : '');
		235	$query = $this->executeQuery($sql, ( $username ? array($username) : array()));
		236	list($count) = $query->fetch();
		237	return $count;
		238	}
		239
		240	public function getUserPassword($userID) {
		241	$sql = "SELECT * FROM users WHERE id=?";
		242	$query = $this->executeQuery($sql, array($userID));
		243	$password = $query->fetchAll();
		244	return isset($password[0]['password']) ? $password[0]['password'] : null;
		245	}
		246
		247	public function deleteUserConfig($userID) {
		248	$sql_action = 'DELETE from users_config WHERE user_id=?';
		249	$params_action = array($userID);
		250	$query = $this->executeQuery($sql_action, $params_action);
		251	return $query;
		252	}
		253
		254	public function deleteTagsEntriesAndEntries($userID) {
		255	$entries = $this->retrieveAll($userID);
		256	foreach($entries as $entryid) {
		257	$tags = $this->retrieveTagsByEntry($entryid);
		258	foreach($tags as $tag) {
		259	$this->removeTagForEntry($entryid,$tags);
		260	}
		261	$this->deleteById($entryid,$userID);
		262	}
		263	}
		264
		265	public function deleteUser($userID) {
		266	$sql_action = 'DELETE from users WHERE id=?';
		267	$params_action = array($userID);
		268	$query = $this->executeQuery($sql_action, $params_action);
		269	}
232		270
233	public function updateContentAndTitle($id, $title, $body, $user_id) {	271	public function updateContentAndTitle($id, $title, $body, $user_id) {
234	$sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';	272	$sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';
235	$params_action = array($body, $title, $id, $user_id);	273	$params_action = array($body, $title, $id, $user_id);
236	$query = $this->executeQuery($sql_action, $params_action);	274	$query = $this->executeQuery($sql_action, $params_action);
237
238	return $query;	275	return $query;
239	}	276	}
240		277


diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 811895dc..aa313c25 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php
@@ -241,6 +241,58 @@ class Poche
241	$filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime');	241	$filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime');
242	$this->tpl->addFilter($filter);	242	$this->tpl->addFilter($filter);
243	}	243	}
		244
		245	public function createNewUser() {
		246	if (isset($_GET['newuser'])){
		247	if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){
		248	$newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING);
		249	if (!$this->store->userExists($newusername)){
		250	if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) {
		251	Tools::logm('The new user '.$newusername.' has been installed');
		252	$this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'),$newusername));
		253	Tools::redirect();
		254	}
		255	else {
		256	Tools::logm('error during adding new user');
		257	Tools::redirect();
		258	}
		259	}
		260	else {
		261	$this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername));
		262	Tools::logm('An user with the name '.$newusername.' already exists !');
		263	Tools::redirect();
		264	}
		265	}
		266	}
		267	}
		268
		269	public function deleteUser(){
		270	if (isset($_GET['deluser'])){
		271	if ($this->store->listUsers() > 1) {
		272	if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) {
		273	$username = $this->user->getUsername();
		274	$this->store->deleteUserConfig($this->user->getId());
		275	Tools::logm('The configuration for user '. $username .' has been deleted !');
		276	$this->store->deleteTagsEntriesAndEntries($this->user->getId());
		277	Tools::logm('The entries for user '. $username .' has been deleted !');
		278	$this->store->deleteUser($this->user->getId());
		279	Tools::logm('User '. $username .' has been completely deleted !');
		280	Session::logout();
		281	Tools::logm('logout');
		282	Tools::redirect();
		283	$this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername));
		284	}
		285	else {
		286	Tools::logm('Bad password !');
		287	$this->messages->add('e', _('Error : The password is wrong !'));
		288	}
		289	}
		290	else {
		291	Tools::logm('Only user !');
		292	$this->messages->add('e', _('Error : You are the only user, you cannot delete your account !'));
		293	}
		294	}
		295	}
244		296
245	private function install()	297	private function install()
246	{	298	{
@@ -520,6 +572,7 @@ class Poche
520	$languages = $this->getInstalledLanguages();	572	$languages = $this->getInstalledLanguages();
521	$token = $this->user->getConfigValue('token');	573	$token = $this->user->getConfigValue('token');
522	$http_auth = (isset($_SERVER['PHP_AUTH_USER']) \|\| isset($_SERVER['REMOTE_USER'])) ? true : false;	574	$http_auth = (isset($_SERVER['PHP_AUTH_USER']) \|\| isset($_SERVER['REMOTE_USER'])) ? true : false;
		575	$only_user = ($this->store->listUsers() > 1) ? false : true;
523	$tpl_vars = array(	576	$tpl_vars = array(
524	'themes' => $themes,	577	'themes' => $themes,
525	'languages' => $languages,	578	'languages' => $languages,
@@ -532,6 +585,7 @@ class Poche
532	'token' => $token,	585	'token' => $token,
533	'user_id' => $this->user->getId(),	586	'user_id' => $this->user->getId(),
534	'http_auth' => $http_auth,	587	'http_auth' => $http_auth,
		588	'only_user' => $only_user
535	);	589	);
536	Tools::logm('config view');	590	Tools::logm('config view');
537	break;	591	break;