diff options
28 files changed, 832 insertions, 82 deletions
diff --git a/data/schema/6.sql b/data/schema/6.sql index 0c208ad..cf9dd37 100644 --- a/data/schema/6.sql +++ b/data/schema/6.sql @@ -13,3 +13,7 @@ CREATE TABLE `sc_users_sslclientcerts` ( PRIMARY KEY ( `id` ) , UNIQUE (`id`) ) CHARACTER SET utf8 COLLATE utf8_general_ci; + +ALTER TABLE `sc_users` ADD `privateKey` VARCHAR(33) NULL; +CREATE UNIQUE INDEX `privateKey` ON `sc_users` (`privateKey`); + diff --git a/data/tables.sql b/data/tables.sql index d53945e..68d5ba9 100644 --- a/data/tables.sql +++ b/data/tables.sql @@ -72,7 +72,9 @@ CREATE TABLE `sc_users` ( `email` varchar(50) NOT NULL default '', `homepage` varchar(255) default NULL, `uContent` text, - PRIMARY KEY (`uId`) + `privateKey` varchar(33) default NULL, + PRIMARY KEY (`uId`), + UNIQUE KEY `privateKey` (`privateKey`) ) CHARACTER SET utf8 COLLATE utf8_general_ci ; -- -------------------------------------------------------- @@ -84,8 +86,7 @@ CREATE TABLE `sc_users_sslclientcerts` ( `sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL , `sslName` VARCHAR( 64 ) NOT NULL , `sslEmail` VARCHAR( 64 ) NOT NULL , - PRIMARY KEY ( `id` ) , - UNIQUE (`id`) + PRIMARY KEY ( `id` ) ) CHARACTER SET utf8 COLLATE utf8_general_ci; -- diff --git a/data/templates/default/bookmarks.tpl.php b/data/templates/default/bookmarks.tpl.php index 91d50bf..27118f5 100644 --- a/data/templates/default/bookmarks.tpl.php +++ b/data/templates/default/bookmarks.tpl.php @@ -221,12 +221,9 @@ if ($currenttag!= '') { $brss = ''; $size = count($rsschannels); for ($i = 0; $i < $size; $i++) { - $brss = '<a style="background:#FFFFFF"' - . ' href="'. htmlspecialchars($rsschannels[$i][1]) . '"' - . ' title="' . htmlspecialchars($rsschannels[$i][0]) . '">' - . '<img src="' . $theme->resource('images/rss.gif') . '"' - . ' width="16" height="16"' - . ' alt="' . htmlspecialchars($rsschannels[$i][0]) .'"/>' + $brss = '<a style="background:#FFFFFF" href="'. htmlspecialchars($rsschannels[$i][1]) . '"' + . ' title="' . $rsschannels[$i][0] . '">' + . '<img src="' . ROOT . 'images/rss.gif" width="16" height="16" alt="' . $rsschannels[$i][0] .'"/>' . '</a>'; } diff --git a/data/templates/default/editprofile.tpl.php b/data/templates/default/editprofile.tpl.php index cc74f04..25dc3a4 100644 --- a/data/templates/default/editprofile.tpl.php +++ b/data/templates/default/editprofile.tpl.php @@ -28,6 +28,14 @@ $this->includeTemplate($GLOBALS['top_include']); <td><input type="text" name="pMail" size="75" value="<?php echo filter($objectUser->getEmail(), 'xml'); ?>" /></td> <td>← <?php echo T_('Required'); ?></td> </tr> +<tr> + <th align="left"><?php echo T_('Private RSS Feed'); ?></th> + <td><input type="checkbox" id="pEnablePrivateKey" name="pEnablePrivateKey" value="true" <?php echo $privateKeyIsEnabled;?> /> + <label for="pEnablePrivateKey"><?php echo T_('Enable'); ?></label> + <input type="text" id="pPrivateKey" name="pPrivateKey" size="40" value="<?php echo $privateKey;?>" readonly="readonly" /> + <a onclick="getNewPrivateKey(this); return false;"><button type="submit" name="submittedPK" value="1"><?php echo T_('Generate New Key'); ?></button></a> + </td> +</tr> </table> <h3><?php echo T_('Personal Details'); ?></h3> diff --git a/data/templates/default/rss.tpl.php b/data/templates/default/rss.tpl.php index e6e66f7..6be5425 100644 --- a/data/templates/default/rss.tpl.php +++ b/data/templates/default/rss.tpl.php @@ -3,7 +3,7 @@ echo '<' . '?xml version="1.0" encoding="utf-8" ?' . ">\n"; ?> <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"> <channel> - <title><?php echo htmlspecialchars($feedtitle); ?></title> + <title><?php echo $feedtitle; ?></title> <link><?php echo htmlspecialchars($feedlink); ?></link> <description><?php echo htmlspecialchars($feeddescription); ?></description> <pubDate><?php echo date('r'); ?></pubDate> @@ -23,4 +23,4 @@ echo '<' . '?xml version="1.0" encoding="utf-8" ?' . ">\n"; </item> <?php endforeach; ?> </channel> -</rss>
\ No newline at end of file +</rss> diff --git a/data/templates/testdummy/top.inc.php b/data/templates/testdummy/top.inc.php index 7b0874c..b85a1ae 100644 --- a/data/templates/testdummy/top.inc.php +++ b/data/templates/testdummy/top.inc.php @@ -12,7 +12,7 @@ if (isset($rsschannels)) { $size = count($rsschannels); for ($i = 0; $i < $size; $i++) { echo ' <link rel="alternate" type="application/rss+xml" title="' - . htmlspecialchars($rsschannels[$i][0]) . '"' + . $rsschannels[$i][0] . '"' . ' href="'. $rsschannels[$i][1] .'" />'; } } diff --git a/doc/UPGRADE.txt b/doc/UPGRADE.txt index 0e570e5..1a0b964 100644 --- a/doc/UPGRADE.txt +++ b/doc/UPGRADE.txt @@ -9,6 +9,9 @@ Database updates ---------------- Apply ``data/schema/6.sql`` + ALTER TABLE `sc_users` ADD `privateKey` VARCHAR(33) NULL; + CREATE UNIQUE INDEX `privateKey` ON `sc_users` (`privateKey`); + From version 0.96 to 0.97 ========================= diff --git a/src/SemanticScuttle/Model/User.php b/src/SemanticScuttle/Model/User.php index 500f5b1..3aa617b 100644 --- a/src/SemanticScuttle/Model/User.php +++ b/src/SemanticScuttle/Model/User.php @@ -35,6 +35,7 @@ class SemanticScuttle_Model_User var $content; var $datetime; var $isAdmin; + var $privateKey; /** * Create a new user object @@ -69,6 +70,29 @@ class SemanticScuttle_Model_User } /** + * Returns private key + * + * @param boolean return sanitized value which basically drops + * leading dash if exists + * + * @return string private key + */ + public function getPrivateKey($sanitized = false) + { + // Look for value only if not already set + if (!isset($this->privateKey)) { + $us = SemanticScuttle_Service_Factory::get('User'); + $user = $us->getUser($this->id); + $this->privateKey = $user['privateKey']; + } + if ($sanitized == true) { + return substr($this->privateKey, -32); + } else { + return $this->privateKey; + } + } + + /** * Returns full user name as specified in the profile. * * @return string Full name @@ -182,4 +206,4 @@ class SemanticScuttle_Model_User } } -?>
\ No newline at end of file +?> diff --git a/src/SemanticScuttle/Service/Bookmark.php b/src/SemanticScuttle/Service/Bookmark.php index 919ca7a..17ab7ba 100644 --- a/src/SemanticScuttle/Service/Bookmark.php +++ b/src/SemanticScuttle/Service/Bookmark.php @@ -427,6 +427,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService $existence[$hashes[$row['bHash']]] = $row['count'] > 0; } + $this->db->sql_freeresult($dbresult); return $existence; } diff --git a/src/SemanticScuttle/Service/Bookmark2Tag.php b/src/SemanticScuttle/Service/Bookmark2Tag.php index a10cb61..04ee43d 100644 --- a/src/SemanticScuttle/Service/Bookmark2Tag.php +++ b/src/SemanticScuttle/Service/Bookmark2Tag.php @@ -99,7 +99,7 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService $tags_count = is_array($tags)?count($tags):0; for ($i = 0; $i < $tags_count; $i++) { - $tags[$i] = trim(strtolower($tags[$i])); + $tags[$i] = trim(utf8_strtolower($tags[$i])); if ($fromApi) { include_once 'SemanticScuttle/functions.php'; $tags[$i] = convertTag($tags[$i], 'in'); @@ -584,7 +584,7 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService if (is_int($days)) { $query .= ' AND B.bDatetime > "' - . date('Y-m-d H:i:s', time() - (86400 * $days)) + . gmdate('Y-m-d H:i:s', time() - (86400 * $days)) . '"'; } diff --git a/src/SemanticScuttle/Service/Tag.php b/src/SemanticScuttle/Service/Tag.php index 25d3888..8325285 100644 --- a/src/SemanticScuttle/Service/Tag.php +++ b/src/SemanticScuttle/Service/Tag.php @@ -141,10 +141,10 @@ class SemanticScuttle_Service_Tag extends SemanticScuttle_DbService //normalize if(!is_array($tags)) { - $tags = strtolower(trim($tags)); + $tags = utf8_strtolower(trim($tags)); } else { for($i=0; $i<count($tags); $i++) { - $tags[$i] = strtolower(trim($tags[$i])); + $tags[$i] = utf8_strtolower(trim($tags[$i])); } } return $tags; diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 0e437c2..a4870b7 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -48,9 +48,10 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService protected $currentuser = null; protected $fields = array( - 'primary' => 'uId', - 'username' => 'username', - 'password' => 'password' + 'primary' => 'uId', + 'username' => 'username', + 'password' => 'password', + 'privatekey' => 'privatekey' ); protected $profileurl; @@ -215,6 +216,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService return $this->_getuser($this->getFieldName('username'), $username); } + /** + * Returns user row from database. + * + * @param string $privatekey Private Key + * + * @return array User array from database, false if no user was found + */ + public function getUserByPrivateKey($privatekey) + { + return $this->_getuser($this->getFieldName('privatekey'), $privatekey); + } + function getObjectUserByUsername($username) { $user = $this->_getuser($this->getFieldName('username'), $username); if($user != false) { @@ -280,6 +293,22 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } /** + * Tells you if the private key is enabled and valid + * + * @param string $privateKey Private Key + * + * @return boolean True if enabled and valid + */ + public function isPrivateKeyValid($privateKey) + { + // check length of private key + if (strlen($privateKey) == 32) { + return true; + } + return false; + } + + /** * Returns the current user object * * @param boolean $refresh Reload the user from database @@ -293,7 +322,7 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService { if (!is_null($newval)) { //internal use only: reset currentuser - $currentuser = $newval; + $this->currentuser = $newval; } else if ($refresh || !isset($this->currentuser)) { if ($id = $this->getCurrentUserId()) { $this->currentuser = $this->getUser($id); @@ -510,6 +539,45 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } /** + * Try to authenticate via the privatekey + * + * @param string $privatekey Private Key + * + * @return boolean true if the user could be authenticated, + * false if not. + */ + public function loginPrivateKey($privatekey) + { + /* Check if private key valid and enabled */ + if (!$this->isPrivateKeyValid($privatekey)) { + return false; + } + + $query = 'SELECT '. $this->getFieldName('primary') .' FROM ' + . $this->getTableName() .' WHERE ' + . $this->getFieldName('privatekey') .' = "' + . $this->db->sql_escape($privatekey) .'"'; + + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, + 'Could not get user', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + $row = $this->db->sql_fetchrow($dbresult); + $this->db->sql_freeresult($dbresult); + + if ($row) { + return true; + } else { + return false; + } + } + + /** * Logs the user off * * @return void @@ -519,7 +587,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService @setcookie($this->getCookiekey(), '', time() - 1, '/'); unset($_COOKIE[$this->getCookiekey()]); session_unset(); - $this->getCurrentUser(TRUE, false); + $this->currentuserId = null; + $this->currentuser = null; } function getWatchlist($uId) { @@ -603,11 +672,12 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService return false; } - $arrWatch = array(); + $retval = true; if ($this->db->sql_numrows($dbresult) == 0) - return false; - else - return true; + $retval = false; + + $this->db->sql_freeresult($dbresult); + return $retval; } function setWatchStatus($subjectUserID) { @@ -646,24 +716,26 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService * No checks are done in here - you ought to have checked * everything before calling this method! * - * @param string $username Username to use - * @param string $password Password to use - * @param string $email Email to use + * @param string $username Username to use + * @param string $password Password to use + * @param string $email Email to use + * @param string $privateKey Key for RSS auth * * @return mixed Integer user ID if all is well, * boolean false if an error occured */ - public function addUser($username, $password, $email) + public function addUser($username, $password, $email, $privateKey = null) { // Set up the SQL UPDATE statement. $datetime = gmdate('Y-m-d H:i:s', time()); $password = $this->sanitisePassword($password); $values = array( - 'username' => $username, - 'password' => $password, - 'email' => $email, - 'uDatetime' => $datetime, - 'uModified' => $datetime + 'username' => $username, + 'password' => $password, + 'email' => $email, + 'uDatetime' => $datetime, + 'uModified' => $datetime, + 'privateKey' => $privateKey ); $sql = 'INSERT INTO '. $this->getTableName() . ' '. $this->db->sql_build_array('INSERT', $values); @@ -687,40 +759,64 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService /** * Updates the given user * - * @param integer $uId ID of user to change - * @param string $password Password to use - * @param string $name Realname to use - * @param string $email Email to use - * @param string $homepage User's homepage - * @param string $uContent User note + * @param integer $uId ID of user to change + * @param string $password Password to use + * @param string $name Realname to use + * @param string $email Email to use + * @param string $homepage User's homepage + * @param string $uContent User note + * @param string $privateKey RSS Private Key + * @param boolean $enablePrivateKey RSS Private Key Flag * * @return boolean True when all is well, false if not */ public function updateUser( - $uId, $password, $name, $email, $homepage, $uContent + $uId, $password, $name, $email, $homepage, $uContent, + $privateKey = null, $enablePrivateKey = false ) { if (!is_numeric($uId)) { return false; } + // prepend '-' to privateKey if disabled + if ($privateKey != null && strlen($privateKey) == 32 + && $enablePrivateKey == false + ) { + $privateKey = '-' . $privateKey; + } + + // remove '-' from privateKey if enabling + if ($privateKey != null && strlen($privateKey) == 33 + && $enablePrivateKey == true + ) { + $privateKey = substr($privateKey, 1, 32); + } + + // if new user is enabling Private Key, create new key + if ($privateKey == null && $enablePrivateKey == true) { + $privateKey = $this->getNewPrivateKey(); + } + // Set up the SQL UPDATE statement. $moddatetime = gmdate('Y-m-d H:i:s', time()); if ($password == '') { $updates = array( - 'uModified' => $moddatetime, - 'name' => $name, - 'email' => $email, - 'homepage' => $homepage, - 'uContent' => $uContent + 'uModified' => $moddatetime, + 'name' => $name, + 'email' => $email, + 'homepage' => $homepage, + 'uContent' => $uContent, + 'privateKey' => $privateKey ); } else { $updates = array( - 'uModified' => $moddatetime, - 'password' => $this->sanitisePassword($password), - 'name' => $name, - 'email' => $email, - 'homepage' => $homepage, - 'uContent' => $uContent + 'uModified' => $moddatetime, + 'password' => $this->sanitisePassword($password), + 'name' => $name, + 'email' => $email, + 'homepage' => $homepage, + 'uContent' => $uContent, + 'privateKey' => $privateKey ); } $sql = 'UPDATE '. $this->getTableName() @@ -837,6 +933,56 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } } + /** + * Generates a new private key and confirms it isn't being used. + * Private key is 32 characters long, consisting of lowercase and + * numeric characters. + * + * @return string the new key value + */ + public function getNewPrivateKey() + { + do { + $newKey = md5(uniqid('SemanticScuttle', true)); + } while ($this->privateKeyExists($newKey)); + + return $newKey; + } + + /** + * Checks if a private key already exists + * + * @param string $privateKey key that has been generated + * + * @return boolean true when the private key exists, + * False if not. + */ + public function privateKeyExists($privateKey) + { + if (!$privateKey) { + return false; + } + $crit = array('privateKey' => $privateKey); + + $sql = 'SELECT COUNT(*) as "0" FROM ' + . $GLOBALS['tableprefix'] . 'users' + . ' WHERE '. $this->db->sql_build_array('SELECT', $crit); + + if (!($dbresult = $this->db->sql_query($sql))) { + message_die( + GENERAL_ERROR, 'Could not get vars', '', + __LINE__, __FILE__, $sql, $this->db + ); + } + if ($this->db->sql_fetchfield(0, 0) > 0) { + $exists = true; + } else { + $exists = false; + } + $this->db->sql_freeresult($dbresult); + return $exists; + } + function isReserved($username) { if (in_array($username, $GLOBALS['reservedusers'])) { return true; diff --git a/tests/AllTests.php b/tests/AllTests.php index 9e825e8..92f8960 100644 --- a/tests/AllTests.php +++ b/tests/AllTests.php @@ -46,6 +46,7 @@ class AllTests extends PHPUnit_Framework_TestSuite $suite->addTestFile($tdir . '/VoteTest.php'); $suite->addTestFile($tdir . '/UserTest.php'); $suite->addTestFile($tdir . '/Api/ExportCsvTest.php'); + $suite->addTestFile($tdir . '/Api/OpenSearchTest.php'); $suite->addTestFile($tdir . '/Api/PostsAddTest.php'); $suite->addTestFile($tdir . '/Api/PostsDeleteTest.php'); $suite->addTestFile($tdir . '/Api/PostsUpdateTest.php'); @@ -58,4 +59,4 @@ class AllTests extends PHPUnit_Framework_TestSuite { } } -?>
\ No newline at end of file +?> diff --git a/tests/Api/PostsAddTest.php b/tests/Api/PostsAddTest.php index 02e2b38..e6d0531 100644 --- a/tests/Api/PostsAddTest.php +++ b/tests/Api/PostsAddTest.php @@ -108,7 +108,7 @@ TXT; $this->assertEquals($bmUrl, $bm['bAddress']); $this->assertEquals($bmTitle, $bm['bTitle']); - $this->assertEquals($bmDescription, $bm['bDescription']); + $this->assertEquals($bmDescription, stripslashes($bm['bDescription'])); $this->assertEquals($bmTags, $bm['tags']); $this->assertEquals( gmdate('Y-m-d H:i:s', strtotime($bmDatetime)), @@ -170,7 +170,7 @@ TXT; $this->assertEquals($bmUrl, $bm['bAddress']); $this->assertEquals($bmTitle, $bm['bTitle']); - $this->assertEquals($bmDescription, $bm['bDescription']); + $this->assertEquals($bmDescription, stripslashes($bm['bDescription'])); $this->assertEquals($bmTags, $bm['tags']); $this->assertEquals( gmdate('Y-m-d H:i:s', strtotime($bmDatetime)), diff --git a/tests/Bookmark2TagTest.php b/tests/Bookmark2TagTest.php index 789540f..0236a5f 100644 --- a/tests/Bookmark2TagTest.php +++ b/tests/Bookmark2TagTest.php @@ -282,10 +282,10 @@ class Bookmark2TagTest extends TestBase public function testGetPopularTagsDays() { $user = $this->addUser(); - $this->addTagBookmark($user, array('one', 'two'), 'today'); - $this->addTagBookmark($user, array('one', 'thr'), 'today'); - $this->addTagBookmark($user, array('one', 'two'), '-1 day 1 hour'); - $this->addTagBookmark($user, array('one', 'thr'), '-3 days 1 hour'); + $this->addTagBookmark($user, array('one', 'two'), 'now'); + $this->addTagBookmark($user, array('one', 'thr'), 'now'); + $this->addTagBookmark($user, array('one', 'two'), '-1 day -1 hour'); + $this->addTagBookmark($user, array('one', 'thr'), '-3 days -1 hour'); $arTags = $this->b2ts->getPopularTags(null, 10, null, 1); $this->assertInternalType('array', $arTags); @@ -608,4 +608,4 @@ class Bookmark2TagTest extends TestBase $this->assertContains(array('tag' => 'usable', 'bCount' => '2'), $arTags); } } -?>
\ No newline at end of file +?> diff --git a/tests/BookmarkTest.php b/tests/BookmarkTest.php index b50dab2..44a82d9 100644 --- a/tests/BookmarkTest.php +++ b/tests/BookmarkTest.php @@ -1330,5 +1330,51 @@ class BookmarkTest extends TestBase + /** + * Test private bookmarks + * + * @return void + */ + public function testPrivateBookmarks() + { + $uid = $this->addUser(); + /* create private bookmark */ + $this->bs->addBookmark( + 'http://test', 'test', 'desc', 'note', + 2,//private + array(), null, null, false, false, $uid + ); + /* create public bookmark */ + $this->bs->addBookmark( + 'http://example.org', 'title', 'desc', 'priv', + 0,//public + array(), null, null, false, false, $uid + ); + + $this->assertEquals(1, $this->bs->countBookmarks($uid, 'public')); + $this->assertEquals(1, $this->bs->countBookmarks($uid, 'private')); + $this->assertEquals(0, $this->bs->countBookmarks($uid, 'shared')); + $this->assertEquals(2, $this->bs->countBookmarks($uid, 'all')); + + $this->us->setCurrentUserId($uid); + $bookmarks = $this->bs->getBookmarks(); + // first record should be private bookmark + $b0 = $bookmarks['bookmarks'][0]; + $this->assertEquals('test', $b0['bTitle']); + // second record should be public bookmark + $b0 = $bookmarks['bookmarks'][1]; + $this->assertEquals('title', $b0['bTitle']); + + // test non authenticated query + $this->us->setCurrentUserId(null); + $bookmarks = $this->bs->getBookmarks(); + // should only result in one link - public + $b2 = $bookmarks['bookmarks'][0]; + $this->assertEquals('title', $b2['bTitle']); + // there should be no second record + $this->assertEquals(1,count($bookmarks['bookmarks'])); + + } + } ?> diff --git a/tests/Tag2TagTest.php b/tests/Tag2TagTest.php index 0b73864..58556f1 100644 --- a/tests/Tag2TagTest.php +++ b/tests/Tag2TagTest.php @@ -332,6 +332,7 @@ class Tag2TagTest extends TestBase $this->assertSame('B3', $results['bookmarks'][0]['bTitle']); $results = $bs->getBookmarks(0, NULL, 1, 'aa+ee'); + $this->assertSame(1, intval($results['total'])); $this->assertSame('B2', $results['bookmarks'][0]['bTitle']); diff --git a/tests/TestBase.php b/tests/TestBase.php index 095f32d..1331ec6 100644 --- a/tests/TestBase.php +++ b/tests/TestBase.php @@ -78,14 +78,15 @@ class TestBase extends PHPUnit_Framework_TestCase * * @param string $username Username * @param string $password Password + * @param string $pkey Private Key * * @return integer ID of user * * @uses addUserData() */ - protected function addUser($username = null, $password = null) + protected function addUser($username = null, $password = null, $pkey = null) { - return reset($this->addUserData($username, $password)); + return reset($this->addUserData($username, $password, $pkey)); } @@ -95,10 +96,11 @@ class TestBase extends PHPUnit_Framework_TestCase * * @param string $username Username * @param string $password Password + * @param string $pkey Private Key * * @return array ID of user, Name of user, password of user */ - protected function addUserData($username = null, $password = null) + protected function addUserData($username = null, $password = null, $pkey = null) { $us = SemanticScuttle_Service_Factory::get('User'); $rand = rand(); @@ -113,7 +115,8 @@ class TestBase extends PHPUnit_Framework_TestCase $uid = $us->addUser( $username, $password, - 'unittest-' . $rand . '@example.org' + 'unittest-' . $rand . '@example.org', + $pkey ); return array($uid, $username, $password); } @@ -148,4 +151,4 @@ class TestBase extends PHPUnit_Framework_TestCase } } -?>
\ No newline at end of file +?> diff --git a/tests/TestBaseApi.php b/tests/TestBaseApi.php index 20574f3..d8917aa 100644 --- a/tests/TestBaseApi.php +++ b/tests/TestBaseApi.php @@ -164,15 +164,16 @@ class TestBaseApi extends TestBase * * Useful for testing HTML pages or ajax URLs. * - * @param string $urlSuffix Suffix for the URL - * @param mixed $auth If user authentication is needed (true/false) - * or array with username and password + * @param string $urlSuffix Suffix for the URL + * @param mixed $auth If user authentication is needed (true/false) + * or array with username and password + * @param boolean $privateKey True if to add user with private key * * @return array(HTTP_Request2, integer) HTTP request object and user id * * @uses getRequest() */ - protected function getLoggedInRequest($urlSuffix = null, $auth = true) + protected function getLoggedInRequest($urlSuffix = null, $auth = true, $privateKey = false) { if (is_array($auth)) { list($username, $password) = $auth; @@ -180,7 +181,13 @@ class TestBaseApi extends TestBase $username = 'testuser'; $password = 'testpassword'; } - $uid = $this->addUser($username, $password); + //include privatekey if requested + if ($privateKey) { + $pKey = $this->us->getNewPrivateKey(); + } else { + $pKey = null; + } + $uid = $this->addUser($username, $password, $pKey); $req = new HTTP_Request2( $GLOBALS['unittestUrl'] . '/login.php?unittestMode=1', @@ -234,7 +241,7 @@ class TestBaseApi extends TestBase */ protected function setUnittestConfig($arConfig) { - $str = '<' . "?php\r\n"; + $str = '<' . "?php\n"; foreach ($arConfig as $name => $value) { $str .= '$' . $name . ' = ' . var_export($value, true) . ";\n"; @@ -253,4 +260,4 @@ class TestBaseApi extends TestBase ); } } -?>
\ No newline at end of file +?> diff --git a/tests/UserTest.php b/tests/UserTest.php index 2f57112..230167d 100644 --- a/tests/UserTest.php +++ b/tests/UserTest.php @@ -35,6 +35,157 @@ class UserTest extends TestBase /** + * @covers SemanticScuttle_Service_User::addUser + */ + public function testAddUserPrivateKey() + { + $name = substr(md5(uniqid()), 0, 6); + $pkey = 'my-privatekey'; + $id = $this->us->addUser( + $name, uniqid(), 'foo@example.org', $pkey + ); + $this->assertNotEquals(false, $id); + $this->assertInternalType('integer', $id); + + $arUser = $this->us->getUserByPrivateKey($pkey); + $this->assertNotEquals(false, $arUser, 'user not found by private key'); + $this->assertEquals($id, $arUser['uId'], 'wrong user loaded'); + } + + + /** + * @covers SemanticScuttle_Service_User::updateUser + */ + public function testUpdateUserFalseWhenIdNotNumeric() + { + $this->assertFalse( + $this->us->updateUser('foo', null, null, null, null, null) + ); + } + + + /** + * @covers SemanticScuttle_Service_User::updateUser + */ + public function testUpdateUserPrivateKeyNewKeyEnabled() + { + $pkey = 'testUpdateUserPrivateKeyNewKey12'; + $uid = $this->addUser(); + + $this->assertTrue( + $this->us->updateUser( + $uid, 'password', 'name', 'test@example.org', '', '', + $pkey, true + ) + ); + $arUser = $this->us->getUser($uid); + $this->assertInternalType('array', $arUser); + $this->assertEquals($pkey, $arUser['privateKey']); + } + + + /** + * @covers SemanticScuttle_Service_User::updateUser + */ + public function testUpdateUserPrivateKeyNewKeyDisabled() + { + $pkey = 'testUpdateUserPrivateKeyNewKeyDi'; + $uid = $this->addUser(); + + $this->assertTrue( + $this->us->updateUser( + $uid, 'password', 'name', 'test@example.org', '', '', + $pkey, false + ) + ); + $arUser = $this->us->getUser($uid); + $this->assertInternalType('array', $arUser); + $this->assertEquals( + '-' . $pkey, $arUser['privateKey'], + 'private key did not get disabled' + ); + } + + + /** + * Passing an empty string / NULL as key but enabling it + * should automatically create a new key. + * + * @covers SemanticScuttle_Service_User::updateUser + */ + public function testUpdateUserPrivateKeyNoKeyEnabled() + { + $pkey = 'testUpdateUserPrivateKeyNoKeyEna'; + $uid = $this->addUser(); + + $this->assertTrue( + $this->us->updateUser( + $uid, 'password', 'name', 'test@example.org', '', '', + null, true + ) + ); + $arUser = $this->us->getUser($uid); + $this->assertInternalType('array', $arUser); + $this->assertNotEquals( + '', $arUser['privateKey'], 'private key was not created' + ); + } + + + /** + * Passing an empty string / NULL as key and disabling it + * should keep no key + * + * @covers SemanticScuttle_Service_User::updateUser + */ + public function testUpdateUserPrivateKeyNoKeyDisabled() + { + $pkey = 'testUpdateUserPrivateKeyNoKeyDis'; + $uid = $this->addUser(); + + $this->assertTrue( + $this->us->updateUser( + $uid, 'password', 'name', 'test@example.org', '', '', + null, false + ) + ); + $arUser = $this->us->getUser($uid); + $this->assertInternalType('array', $arUser); + $this->assertEquals( + '', $arUser['privateKey'], 'private key was set' + ); + } + + + /** + * Passing an empty string / NULL as key and disabling it + * should keep no key + * + * @covers SemanticScuttle_Service_User::updateUser + */ + public function testUpdateUserPrivateKeyExistingKeyEnabled() + { + $pkey = '12345678901234567890123456789012'; + $uid = $this->addUser(); + + $this->assertTrue( + $this->us->updateUser( + $uid, 'password', 'name', 'test@example.org', '', '', + '-' . $pkey, true + ) + ); + $arUser = $this->us->getUser($uid); + $this->assertInternalType('array', $arUser); + $this->assertEquals( + $pkey, $arUser['privateKey'], 'private key was not enabled' + ); + } + + //FIXME: verify I cannot re-use private key of different user + + + + /** * Test that setting the current user ID is permanent. * and that the current user array is the same ID * @@ -176,5 +327,185 @@ class UserTest extends TestBase ); } + + public function testGetUserByPrivateKeyEmptyKey() + { + $arUser = $this->us->getUserByPrivateKey(null); + $this->assertFalse($arUser); + } + + + public function testGetUserByPrivateKeyInvalid() + { + $arUser = $this->us->getUserByPrivateKey('foobar'); + $this->assertFalse($arUser); + + $arUser = $this->us->getUserByPrivateKey('%'); + $this->assertFalse($arUser); + } + + + public function testGetUserByPrivateKeyValidKey() + { + $pkey = $this->us->getNewPrivateKey(); + $uId = $this->addUser(null, null, $pkey); + + $arUser = $this->us->getUserByPrivateKey($pkey); + $this->assertInternalType('array', $arUser); + $this->assertArrayHasKey('uId', $arUser); + $this->assertArrayHasKey('username', $arUser); + + $this->assertEquals($uId, $arUser['uId']); + } + + + /** + * @covers SemanticScuttle_Service_User::privateKeyExists + */ + public function testPrivateKeyExistsEmpty() + { + $this->assertFalse($this->us->privateKeyExists(null)); + $this->assertFalse($this->us->privateKeyExists('')); + } + + + /** + * @covers SemanticScuttle_Service_User::privateKeyExists + */ + public function testPrivateKeyExistsInvalid() + { + $this->assertFalse($this->us->privateKeyExists('-1')); + } + + + /** + * @covers SemanticScuttle_Service_User::privateKeyExists + */ + public function testPrivateKeyExists() + { + $randKey = $this->us->getNewPrivateKey(); + $this->assertFalse($this->us->privateKeyExists($randKey)); + $uid = $this->addUser(null, null, $randKey); + + $this->us->setCurrentUserId($uid); + $this->assertEquals($uid, $this->us->getCurrentUserId()); + + $this->assertTrue($this->us->privateKeyExists($randKey)); + } + + + /** + * @covers SemanticScuttle_Service_User::isPrivateKeyValid + */ + public function testIsPrivateKeyValid() + { + $this->assertFalse( + $this->us->isPrivateKeyValid(null), + 'NULL is an invalid private key' + ); + + $randKey = $this->us->getNewPrivateKey(); + $this->assertTrue( + $this->us->isPrivateKeyValid($randKey), + 'generated key should be valid' + ); + + $randKey2 = '-'.$this->us->getNewPrivateKey(); + $this->assertFalse( + $this->us->isPrivateKeyValid($randKey2), + 'disabled privatekey should return false' + ); + } + + + public function testLoginPrivateKeyInvalid() + { + /* normal user with enabled privatekey */ + $randKey = $this->us->getNewPrivateKey(); + $uid1 = $this->addUser('testusername', 'passw0rd', $randKey); + /* user that has disabled privatekey */ + $randKey2 = '-'.$this->us->getNewPrivateKey(); + $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2); + + /* test invalid private key */ + $this->assertFalse( + $this->us->loginPrivateKey('02848248084082408240824802408248') + ); + } + + + public function testLoginPrivateKeyValidEnabledKey() + { + /* normal user with enabled privatekey */ + $randKey = $this->us->getNewPrivateKey(); + $uid1 = $this->addUser('testusername', 'passw0rd', $randKey); + /* user that has disabled privatekey */ + $randKey2 = '-'.$this->us->getNewPrivateKey(); + $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2); + + + /* test valid credentials with private key enabled */ + $this->assertTrue( + $this->us->loginPrivateKey($randKey) + ); + } + + + public function testLoginPrivateKeyInvalidEnabledKey() + { + /* normal user with enabled privatekey */ + $randKey = $this->us->getNewPrivateKey(); + $uid1 = $this->addUser('testusername', 'passw0rd', $randKey); + /* user that has disabled privatekey */ + $randKey2 = '-'.$this->us->getNewPrivateKey(); + $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2); + + + /* test valid credentials with private key enabled but invalid key */ + $this->assertFalse( + $this->us->loginPrivateKey('123') + ); + } + + + public function testLoginPrivateKeyValidDisabledKey() + { + /* normal user with enabled privatekey */ + $randKey = $this->us->getNewPrivateKey(); + $uid1 = $this->addUser('testusername', 'passw0rd', $randKey); + /* user that has disabled privatekey */ + $randKey2 = '-'.$this->us->getNewPrivateKey(); + $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2); + + /* confirm user exists so future fails should be due to randkey */ + $this->assertTrue( + $this->us->login('seconduser', 'passw0RD', false) + ); + + /* test valid credentials with private key disabled */ + $this->assertFalse( + $this->us->loginPrivateKey($randKey2) + ); + } + + + public function testLoginPrivateKeyInvalidDisabled() + { + /* normal user with enabled privatekey */ + $randKey = $this->us->getNewPrivateKey(); + $uid1 = $this->addUser('testusername', 'passw0rd', $randKey); + /* user that has disabled privatekey */ + $randKey2 = '-'.$this->us->getNewPrivateKey(); + $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2); + + /* test valid credentials with private key disabled and invalid key */ + $this->assertFalse( + $this->us->loginPrivateKey('-1') + ); + $this->assertFalse( + $this->us->loginPrivateKey(null) + ); + } + } -?>
\ No newline at end of file +?> diff --git a/tests/www/bookmarksTest.php b/tests/www/bookmarksTest.php index df360cc..eaf78bf 100755 --- a/tests/www/bookmarksTest.php +++ b/tests/www/bookmarksTest.php @@ -76,5 +76,32 @@ class www_bookmarksTest extends TestBaseApi $this->assertEquals(1, (string)$elements[0]['value']); }//end testDefaultPrivacyBookmarksAdd + + /** + * Test that the private RSS link exists when a user + * has a private key and is enabled + */ + public function testVerifyPrivateRSSLinkExists() + { + list($req, $uId) = $this->getLoggedInRequest('?unittestMode=1', true, true); + + $user = $this->us->getUser($uId); + $reqUrl = $GLOBALS['unittestUrl'] . 'bookmarks.php/' + . $user['username']; + $req->setUrl($reqUrl); + $req->setMethod(HTTP_Request2::METHOD_GET); + $response = $req->send(); + $response_body = $response->getBody(); + $this->assertNotEquals('', $response_body, 'Response is empty'); + + $x = simplexml_load_string($response_body); + $ns = $x->getDocNamespaces(); + $x->registerXPathNamespace('ns', reset($ns)); + + $elements = $x->xpath('//ns:link'); + $this->assertEquals(5, count($elements), 'Number of Links in Head not correct'); + $this->assertContains('privatekey=', (string)$elements[4]['href']); + }//end testVerifyPrivateRSSLinkExists + }//end class www_bookmarksTest ?> diff --git a/www/ajaxGetNewPrivateKey.php b/www/ajaxGetNewPrivateKey.php new file mode 100644 index 0000000..eacebd8 --- /dev/null +++ b/www/ajaxGetNewPrivateKey.php @@ -0,0 +1,35 @@ +<?php +/** + * Ajax script to retrieve new Private Key + * + * PHP version 5. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske <cweiske@cweiske.de> + * @author Mark Pemberton <mpemberton5@gmail.com> + * @license AGPL http://www.gnu.org/licenses/agpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +header("Last-Modified: ". gmdate("D, d M Y H:i:s") ." GMT"); +header("Cache-Control: no-cache, must-revalidate"); + +$httpContentType = 'text/xml'; +require_once 'www-header.php'; + +$us = SemanticScuttle_Service_Factory::get('User'); + +/* Managing all possible inputs */ +isset($_GET['url']) ? define('GET_URL', $_GET['url']): define('GET_URL', ''); + +echo '<?xml version="1.0" encoding="utf-8"?>'; +?> +<response> +<method> +getNewPrivateKey +</method> +<result> +<?php echo $us->getNewPrivateKey(); ?> +</result> +</response> diff --git a/www/bookmarks.php b/www/bookmarks.php index efc1680..44119db 100644 --- a/www/bookmarks.php +++ b/www/bookmarks.php @@ -229,12 +229,14 @@ if ($templatename == 'editbookmark.tpl') { $tplVars['sidebar_blocks'] = array('watchstatus'); if (!$cat) { //user page without tags + $rssTitle = ": My Bookmarks"; $cat = NULL; $tplVars['currenttag'] = NULL; //$tplVars['sidebar_blocks'][] = 'menu2'; $tplVars['sidebar_blocks'][] = 'linked'; $tplVars['sidebar_blocks'][] = 'popular'; } else { //pages with tags + $rssTitle = ": Tags" . $catTitle; $rssCat = '/'. filter($cat, 'url'); $tplVars['currenttag'] = $cat; $tplVars['sidebar_blocks'][] = 'tagactions'; @@ -264,9 +266,22 @@ if ($templatename == 'editbookmark.tpl') { // Set template vars $tplVars['rsschannels'] = array( - array(filter($sitename .': '. $pagetitle), createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder())) + array(filter($sitename .$rssTitle), createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder())) ); + if ($userservice->isLoggedOn()) { + $currentUsername = $currentUser->getUsername(); + if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) { + array_push( + $tplVars['rsschannels'], + array( + filter($sitename . $rssTitle. sprintf(T_(': (private) ')) . $currentUsername), + createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&privatekey='.$currentUser->getPrivateKey()) + ) + ); + } + } + $tplVars['page'] = $page; $tplVars['start'] = $start; $tplVars['bookmarkCount'] = $start + 1; diff --git a/www/index.php b/www/index.php index f6704ae..fab235f 100644 --- a/www/index.php +++ b/www/index.php @@ -42,9 +42,22 @@ if (GET_ACTION == "logout") { // Header variables $tplVars['loadjs'] = true; $tplVars['rsschannels'] = array( -array(sprintf(T_('%s: Recent bookmarks'), $sitename), createURL('rss').'?sort='.getSortOrder()) +array(sprintf(T_('%s: Recent bookmarks'), htmlspecialchars($sitename)), createURL('rss').'?sort='.getSortOrder()) ); +if ($userservice->isLoggedOn()) { + $currentUsername = $currentUser->getUsername(); + if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) { + array_push( + $tplVars['rsschannels'], + array( + filter($sitename . sprintf(T_(': Recent bookmarks (private)')) . $currentUsername), + createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&privatekey='.$currentUser->getPrivateKey()) + ) + ); + } +} + if ($usecache) { // Generate hash for caching on $hashtext = $_SERVER['REQUEST_URI']; diff --git a/www/jsScuttle.php b/www/jsScuttle.php index 5e5f31b..de97fd2 100644 --- a/www/jsScuttle.php +++ b/www/jsScuttle.php @@ -90,6 +90,24 @@ function useAddress(ele) { } } +/** + * Makes an ajax call to PHP script to generate an new Private Key + * + * @param input Calling object + * @param response Response object that returned value is placed + * + * @return boolean Returns false to halt execution after call + */ +function getNewPrivateKey(input, response){ + var pk = document.getElementById('pPrivateKey'); + if (response != null) { + pk.value = response.trim(); + } else { + loadXMLDocProc('<?php echo ROOT; ?>ajaxGetNewPrivateKey.php'); + } + return false; +} + function getTitle(input, response){ var title = document.getElementById('titleField'); if (title.value == '') { diff --git a/www/profile.php b/www/profile.php index ccdb7a8..63f4da8 100644 --- a/www/profile.php +++ b/www/profile.php @@ -23,12 +23,16 @@ require_once 'www-header.php'; /* Service creation: only useful services are created */ // No specific services +$tplVars['loadjs'] = true; /* Managing all possible inputs */ +isset($_POST['submittedPK']) ? define('POST_SUBMITTEDPK', $_POST['submittedPK']): define('POST_SUBMITTEDPK', ''); isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', ''); isset($_POST['pPass']) ? define('POST_PASS', $_POST['pPass']): define('POST_PASS', ''); isset($_POST['pPassConf']) ? define('POST_PASSCONF', $_POST['pPassConf']): define('POST_PASSCONF', ''); isset($_POST['pName']) ? define('POST_NAME', $_POST['pName']): define('POST_NAME', ''); +isset($_POST['pPrivateKey']) ? define('POST_PRIVATEKEY', $_POST['pPrivateKey']): define('POST_PRIVATEKEY', ''); +isset($_POST['pEnablePrivateKey']) ? define('POST_ENABLEPRIVATEKEY', $_POST['pEnablePrivateKey']): define('POST_ENABLEPRIVATEKEY', ''); isset($_POST['pMail']) ? define('POST_MAIL', $_POST['pMail']): define('POST_MAIL', ''); isset($_POST['pPage']) ? define('POST_PAGE', $_POST['pPage']): define('POST_PAGE', ''); isset($_POST['pDesc']) ? define('POST_DESC', $_POST['pDesc']): define('POST_DESC', ''); @@ -61,10 +65,19 @@ if ($user) { exit(); } +$tplVars['privateKeyIsEnabled'] = ''; if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) { - $title = T_('My Profile'); + $title = T_('My Profile'); + $tplVars['privateKey'] = $currentUser->getPrivateKey(true); + + if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) { + $tplVars['privateKeyIsEnabled'] = 'checked="checked"'; + } else { + $tplVars['privateKeyIsEnabled'] = ''; + } } else { - $title = T_('Profile') .': '. $user; + $title = T_('Profile') .': '. $user; + $tplVars['privateKey'] = ''; } $tplVars['pagetitle'] = $title; $tplVars['subtitle'] = $title; @@ -72,11 +85,19 @@ $tplVars['subtitle'] = $title; $tplVars['user'] = $user; $tplVars['userid'] = $userid; +/* Update Private Key */ +if (POST_SUBMITTEDPK!='' && $currentUser->getId() == $userid) { + $userinfo = $userservice->getObjectUserByUsername($user); + $tplVars['privateKey'] = $userservice->getNewPrivateKey(); +} + if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) { $error = false; $detPass = trim(POST_PASS); $detPassConf = trim(POST_PASSCONF); $detName = trim(POST_NAME); + $detPrivateKey = trim(POST_PRIVATEKEY); + $detEnablePrivateKey = trim(POST_ENABLEPRIVATEKEY); $detMail = trim(POST_MAIL); $detPage = trim(POST_PAGE); $detDesc = filter(POST_DESC); @@ -102,13 +123,19 @@ if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) { $tplVars['error'] = T_('E-mail address is not valid.'); } if (!$error) { - if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) { + if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc, $detPrivateKey, $detEnablePrivateKey)) { $tplVars['error'] = T_('An error occurred while saving your changes.'); } else { $tplVars['msg'] = T_('Changes saved.'); } } $userinfo = $userservice->getObjectUserByUsername($user); + $tplVars['privateKey'] = $userinfo->getPrivateKey(true); + if ($userservice->isPrivateKeyValid($userinfo->getPrivateKey())) { + $tplVars['privateKeyIsEnabled'] = 'checked="checked"'; + } else { + $tplVars['privateKeyIsEnabled'] = ''; + } } if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) { diff --git a/www/rss.php b/www/rss.php index 50240e5..2927534 100644 --- a/www/rss.php +++ b/www/rss.php @@ -64,6 +64,10 @@ if (!isset($rssEntries) || $rssEntries <= 0) { $rssEntries = $maxRssEntries; } +$privatekey = null; +if (isset($_GET['privatekey'])) { + $privatekey = $_GET['privatekey']; +} $watchlist = null; $pagetitle = ''; @@ -78,8 +82,22 @@ if ($user && $user != 'all') { } else { if ($userinfo = $userservice->getUserByUsername($user)) { $userid =& $userinfo[$userservice->getFieldName('primary')]; + /* if user is not logged in and has valid privatekey */ + if (!$userservice->isLoggedOn()) { + if ($privatekey != null) { + if (!$userservice->loginPrivateKey($privatekey)) { + $tplVars['error'] = sprintf(T_('Failed to Autenticate User with username %s using private key'), $user); + header('Content-type: text/html; charset=utf-8'); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + //throw a 404 error + exit(); + } + } + } + } else { $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); + header('Content-type: text/html; charset=utf-8'); $templateservice->loadTemplate('error.404.tpl', $tplVars); //throw a 404 error exit(); @@ -87,7 +105,17 @@ if ($user && $user != 'all') { } $pagetitle .= ": ". $user; } else { - $userid = null; + if ($privatekey != null) { + if (!$userservice->loginPrivateKey($privatekey)) { + $tplVars['error'] = sprintf(T_('Failed to Autenticate User with username %s using private key'), $user); + header('Content-type: text/html; charset=utf-8'); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + //throw a 404 error + exit(); + } + } else { + $userid = null; + } } if ($cat) { @@ -100,7 +128,8 @@ $tplVars['feeddescription'] = sprintf(T_('Recent bookmarks posted to %s'), $GLOB $bookmarks = $bookmarkservice->getBookmarks( 0, $rssEntries, $userid, $cat, - null, getSortOrder(), $watchlist + null, getSortOrder(), $watchlist, + null, null, null ); $bookmarks_tmp = filter($bookmarks['bookmarks']); diff --git a/www/tags.php b/www/tags.php index a4e6555..09725e4 100644 --- a/www/tags.php +++ b/www/tags.php @@ -67,9 +67,22 @@ if ($usecache) { $tplVars['pagetitle'] = T_('Tags') .': '. $cat; $tplVars['loadjs'] = true; $tplVars['rsschannels'] = array( -array(filter($sitename .': '. $pagetitle), createURL('rss', 'all/'. filter($cat, 'url')).'?sort='.getSortOrder()) +array(filter($sitename .': Tags: '. $cat), createURL('rss', 'all/'. filter($cat, 'url')).'?sort='.getSortOrder()) ); +if ($userservice->isLoggedOn()) { + $currentUsername = $currentUser->getUsername(); + if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) { + array_push( + $tplVars['rsschannels'], + array( + filter($sitename .': Tags: '. $cat . sprintf(T_(': (private) ')) . $currentUsername), + createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&privatekey='.$currentUser->getPrivateKey()) + ) + ); + } +} + // Pagination $perpage = getPerPageCount($currentUser); if (intval(GET_PAGE) > 1) { |