class.prvcat.permmgr.php @ 2210

Revision 2210, 9.2 KB checked in by arno, 14 years ago (diff)
import version 2.1 to svn repository

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ----------------------------------
3	#
4	# Copyright (c) 2010 Arnaud Renevier
5	# published under the modified BSD license.
6	# -- END LICENSE BLOCK ------------------------------------
7	if (!defined('DC_RC_PATH')) { return; }
8
9
10	class prvCatPermMgr {
11	const dbname = 'prvcat';
12	const oldpwd_dbname = 'prvcat_oldpwd';
13
14	const STATUS_UNKNOWN = 0;
15	const STATUS_ALLOWED = 1;
16	const STATUS_DENIED = 2;
17
18	protected $connection = null;
19	protected $prefix = '';
20	protected $table = '';
21	protected $oldpwd_table = '';
22
23	private static $status = STATUS_UNKNOWN;
24	private static $password;
25
26	public function __construct(dbLayer $connection, $prefix) {
27	$this->connection =& $connection;
28	$this->prefix = $prefix;
29	$this->table = $prefix.self::dbname;
30
31	# oldpwd_table is used to store post_password of posts before being
32	# managed by prvcat. If user has set a password to a specific post, and
33	# then sets a category private, and unsets that category, we want the
34	# first password to be restored.
35	$this->oldpwd_table = $prefix.self::oldpwd_dbname;
36	}
37
38	public function install() {
39	$s = new dbStruct($this->connection,$this->prefix);
40	$table = $s->table(self::dbname);
41
42	$table->field('cat_id','bigint',0,false)->
43	field('private', 'smallint', 0, true, 0)->
44	field('uuid', 'varchar', 22, true, NULL)->
45	primary('pk_prvcat_cat_id', 'cat_id')->
46	reference('fk_prvcat_cat_id','cat_id','category','cat_id','cascade','cascade');
47
48	$oldpwd_table = $s->table(self::oldpwd_dbname);
49	$oldpwd_table->field('post_id','bigint',0,false)->
50	field('post_password', 'varchar', 32, true, 0)->
51	primary('pk_prvcat_oldpwd_post_id', 'post_id')->
52	reference('fk_prvcat_oldpwd_post_id','post_id','post','post_id','cascade','cascade');
53
54	$si = new dbStruct($this->connection,$this->prefix);
55	$changes = $si->synchronize($s);
56	}
57
58	public function isprivate($cat_id) {
59	$query = 'SELECT private FROM '.$this->table.
60	' WHERE cat_id = \''.
61	$this->connection->escape($cat_id).
62	'\'';
63	return $this->connection->select($query)->private;
64	}
65
66	public function setoldpwd($post_id, $post_password) {
67	if (is_null($post_password)) {
68	$query = ('DELETE FROM '.$this->oldpwd_table.
69	' WHERE post_id=\''.
70	$this->connection->escape($post_id).
71	'\'');
72	$this->connection->execute($query);
73	return;
74	}
75
76	$cur = $this->connection->openCursor($this->oldpwd_table);
77	$cur->post_id = $post_id;
78	$cur->post_password = $post_password;
79	if (is_null($this->getoldpwd($post_id))) {
80	$cur->insert();
81	} else {
82	$cur->update();
83	}
84	}
85
86	public function getoldpwd($post_id) {
87	$query = 'SELECT post_password FROM '.$this->oldpwd_table.
88	' WHERE post_id = \''.
89	$this->connection->escape($post_id).
90	'\'';
91	return $this->connection->select($query)->post_password;
92	}
93
94	public function setpassword($password) {
95	global $core;
96	$dc_version = $core->getVersion('core');
97	if (version_compare ($dc_version, "2.2-alpha1-r1") >= 1) {
98	$core->blog->settings->addNamespace('prvcat');
99	$core->blog->settings->prvcat->put('password',$password,'string','prvcat password',true,false);
100	} else {
101	$core->blog->settings->setNamespace('prvcat');
102	$core->blog->settings->put('prvcat_password', $password, 'string', '', true, true);
103	}
104	self::$password = $password;
105	}
106
107	public function getcatidforuuid($uuid) {
108	$query = 'SELECT cat_id FROM '.$this->table.
109	' WHERE uuid = \''.
110	$this->connection->escape($uuid).
111	'\'';
112	return $this->connection->select($query)->cat_id;
113	}
114
115	public function getuuid($cat_id) {
116	$query = 'SELECT uuid FROM '.$this->table.
117	' WHERE cat_id = \''.
118	$this->connection->escape($cat_id).
119	'\'';
120	return $this->connection->select($query)->uuid;
121	}
122
123	public function setprivate($cat_id, $private) {
124	global $core;
125	$old = $this->isprivate($cat_id);
126	if ($old == $private) {
127	return;
128	}
129	$prvcat_cur = $this->connection->openCursor($this->table);
130	$prvcat_cur->private = $private ? 1 : 0;
131
132	if (isset($old)) {
133	$prvcat_cur->update('WHERE cat_id=\''.
134	$this->connection->escape($cat_id).
135	'\'');
136	} else {
137	$prvcat_cur->cat_id = $cat_id;
138	$uuid = uniqid('', true);
139	# as we want to use this identifier in an url, removes dot it contains
140	$uuid = substr($uuid, 0, 14).substr($uuid, 15);
141	$prvcat_cur->uuid = $uuid;
142	$prvcat_cur->insert();
143	}
144
145	$posts = $core->blog->getPosts(array('cat_id' => (integer) $cat_id));
146
147	$cur = $this->connection->openCursor($this->prefix.'post');
148
149	if ($private) {
150	# set oldpassword
151	while ($posts->fetch()) {
152	if ($posts->post_password and (is_null ($this->getoldpwd($posts->post_id))) and ($posts->post_password != self::$password)) {
153	$this->setoldpwd($posts->post_id, $posts->post_password);
154	}
155	}
156
157	# store password in dc_post
158	$cur->post_password = $this->getpassword();
159	$cur->update('WHERE cat_id=\''.
160	$this->connection->escape($cat_id).
161	'\'');
162	} else {
163	# restore old password in dc_post
164	while ($posts->fetch()) {
165	$cur->post_password = $this->getoldpwd($posts->post_id);
166	$cur->update('WHERE post_id=\''.
167	$this->connection->escape($posts->post_id).
168	'\'');
169	}
170
171	$query = ('DELETE FROM '.$this->oldpwd_table.
172	' WHERE post_id IN (SELECT post_id from '.
173	$this->prefix.'post '.
174	'WHERE cat_id=\''.
175	$this->connection->escape($cat_id).
176	'\')');
177
178	$this->connection->execute($query);
179	}
180	}
181
182	public function getpassword() {
183	if (isset (self::$password)) {
184	return self::$password;
185	}
186	global $core;
187	$dc_version = $core->getVersion('core');
188	if (version_compare ($dc_version, "2.2-alpha1-r1") >= 1) {
189	self::$password = $core->blog->settings->prvcat->password;
190	} else {
191	self::$password = $core->blog->settings->prvcat_password;
192	}
193	return self::$password;
194	}
195
196	public function checkpwd($password) {
197	$res = $this->getpassword();
198	if ($res === null) {
199	return false;
200	}
201	return ($res == $password);
202	}
203
204	public function isallowed($cat_id) {
205	$this->statusinit();
206	return (!$this->isprivate($cat_id)) or (self::$status == self::STATUS_ALLOWED);
207	}
208
209	private function statusinit() {
210	if (self::$status != self::STATUS_UNKNOWN) {
211	# already initialized
212	return;
213	}
214
215
216	if (isset($_COOKIE['dc_passwd'])) {
217	$pwd_cookie = unserialize ($_COOKIE['dc_passwd']);
218	}
219
220	global $core;
221	$without_password = $core->blog->without_password;
222	$core->blog->without_password = false;
223	$posts = $core->blog->getPosts(array('sql' => ' AND post_password IS NOT NULL'));
224	$core->blog->without_password = $without_password;
225
226	if (isset($_POST['password_prvcat'])) {
227	$post_password = $_POST['password_prvcat'];
228	if (!$this->checkpwd($post_password)) {
229	# wrong password: status becomes denied
230	self::$status = self::STATUS_DENIED;
231	return;
232	}
233
234	# correct password: status becomes allowed, and password is stored
235	# in dc_passwd for all posts in private categories
236	while ($posts->fetch()) {
237	if ($posts->cat_id and $this->isprivate($posts->cat_id)) {
238	$pwd_cookie[$posts->post_id] = $post_password;
239	}
240	}
241	setcookie('dc_passwd',serialize($pwd_cookie),0,'/');
242	self::$status = self::STATUS_ALLOWED;
243	} else {
244	# password is not send in post request. Try to get it from cookies
245	while ($posts->fetch()) {
246	if ($posts->cat_id and $this->isprivate($posts->cat_id)) {
247	if (!isset($pwd_cookie[$posts->post_id]) or !$this->checkpwd($pwd_cookie[$posts->post_id])) {
248	# at least one missing or wrong password in cookies
249	self::$status = self::STATUS_DENIED;
250	return;
251	}
252	}
253	}
254	self::$status = self::STATUS_ALLOWED;
255	}
256
257	}
258
259	}
260	?>

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: plugins/prvcat/inc/class.prvcat.permmgr.php @ 2210

Download in other formats:

Sites map