From 4d99bae893eb47505f8ff6976917ef3af363ff5b Mon Sep 17 00:00:00 2001 From: tcit Date: Wed, 23 Apr 2014 10:29:53 +0200 Subject: [PATCH] Fixed Multi-user system --- inc/poche/Database.class.php | 39 +++++++++++++++++++++++++- inc/poche/Poche.class.php | 54 ++++++++++++++++++++++++++++++++++++ index.php | 4 +++ themes/baggy/config.twig | 32 +++++++++++++++++++++ 4 files changed, 128 insertions(+), 1 deletion(-) diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php index 036c9d1b2..ba2d1d943 100755 --- a/inc/poche/Database.class.php +++ b/inc/poche/Database.class.php @@ -229,12 +229,49 @@ class Database { return FALSE; } } + + public function listUsers($username=null) { + $sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : ''); + $query = $this->executeQuery($sql, ( $username ? array($username) : array())); + list($count) = $query->fetch(); + return $count; + } + + public function getUserPassword($userID) { + $sql = "SELECT * FROM users WHERE id=?"; + $query = $this->executeQuery($sql, array($userID)); + $password = $query->fetchAll(); + return isset($password[0]['password']) ? $password[0]['password'] : null; + } + + public function deleteUserConfig($userID) { + $sql_action = 'DELETE from users_config WHERE user_id=?'; + $params_action = array($userID); + $query = $this->executeQuery($sql_action, $params_action); + return $query; + } + + public function deleteTagsEntriesAndEntries($userID) { + $entries = $this->retrieveAll($userID); + foreach($entries as $entryid) { + $tags = $this->retrieveTagsByEntry($entryid); + foreach($tags as $tag) { + $this->removeTagForEntry($entryid,$tags); + } + $this->deleteById($entryid,$userID); + } + } + + public function deleteUser($userID) { + $sql_action = 'DELETE from users WHERE id=?'; + $params_action = array($userID); + $query = $this->executeQuery($sql_action, $params_action); + } public function updateContentAndTitle($id, $title, $body, $user_id) { $sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?'; $params_action = array($body, $title, $id, $user_id); $query = $this->executeQuery($sql_action, $params_action); - return $query; } diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 811895dca..aa313c253 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -241,6 +241,58 @@ class Poche $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime'); $this->tpl->addFilter($filter); } + + public function createNewUser() { + if (isset($_GET['newuser'])){ + if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){ + $newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING); + if (!$this->store->userExists($newusername)){ + if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) { + Tools::logm('The new user '.$newusername.' has been installed'); + $this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to logout ?'),$newusername)); + Tools::redirect(); + } + else { + Tools::logm('error during adding new user'); + Tools::redirect(); + } + } + else { + $this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername)); + Tools::logm('An user with the name '.$newusername.' already exists !'); + Tools::redirect(); + } + } + } + } + + public function deleteUser(){ + if (isset($_GET['deluser'])){ + if ($this->store->listUsers() > 1) { + if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) { + $username = $this->user->getUsername(); + $this->store->deleteUserConfig($this->user->getId()); + Tools::logm('The configuration for user '. $username .' has been deleted !'); + $this->store->deleteTagsEntriesAndEntries($this->user->getId()); + Tools::logm('The entries for user '. $username .' has been deleted !'); + $this->store->deleteUser($this->user->getId()); + Tools::logm('User '. $username .' has been completely deleted !'); + Session::logout(); + Tools::logm('logout'); + Tools::redirect(); + $this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername)); + } + else { + Tools::logm('Bad password !'); + $this->messages->add('e', _('Error : The password is wrong !')); + } + } + else { + Tools::logm('Only user !'); + $this->messages->add('e', _('Error : You are the only user, you cannot delete your account !')); + } + } + } private function install() { @@ -520,6 +572,7 @@ class Poche $languages = $this->getInstalledLanguages(); $token = $this->user->getConfigValue('token'); $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false; + $only_user = ($this->store->listUsers() > 1) ? false : true; $tpl_vars = array( 'themes' => $themes, 'languages' => $languages, @@ -532,6 +585,7 @@ class Poche 'token' => $token, 'user_id' => $this->user->getId(), 'http_auth' => $http_auth, + 'only_user' => $only_user ); Tools::logm('config view'); break; diff --git a/index.php b/index.php index deb13d7aa..9c943b1dc 100755 --- a/index.php +++ b/index.php @@ -66,6 +66,10 @@ if (isset($_GET['login'])) { } elseif (isset($_GET['config'])) { # Update password $poche->updatePassword(); +} elseif (isset($_GET['newuser'])) { + $poche->createNewUser(); +} elseif (isset($_GET['deluser'])) { + $poche->deleteUser(); } elseif (isset($_GET['import'])) { $import = $poche->import(); $tpl_vars = array_merge($tpl_vars, $import); diff --git a/themes/baggy/config.twig b/themes/baggy/config.twig index d441de7c7..29d9e0483 100755 --- a/themes/baggy/config.twig +++ b/themes/baggy/config.twig @@ -128,4 +128,36 @@

{% trans "Cache" %}

{% trans "Click here" %} {% trans "to delete cache." %}

+

{% trans 'Add user' %}

+

{% trans 'Add a new user :' %}

+
+
+
+ + +
+
+ + +
+
+ +
+
+
+ +

{% trans "Delete account" %}

+ {% if not only_user %}
+

{% trans "You can delete your account by entering your password and validating." %}
{% trans "Be careful, data will be erased forever (that is a very long time)." %}

+
+
+ + +
+
+ +
+ + {% else %}

{% trans "You are the only user, you cannot delete your own account." %}
+ {% trans "To completely remove wallabag, delete the wallabag folder on your web server." %}

{% endif %} {% endblock %}