aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/schema/6.sql4
-rw-r--r--data/tables.sql7
-rw-r--r--data/templates/default/bookmarks.tpl.php9
-rw-r--r--data/templates/default/editprofile.tpl.php8
-rw-r--r--data/templates/default/rss.tpl.php4
-rw-r--r--data/templates/testdummy/top.inc.php2
-rw-r--r--doc/UPGRADE.txt3
-rw-r--r--src/SemanticScuttle/Model/User.php26
-rw-r--r--src/SemanticScuttle/Service/Bookmark.php1
-rw-r--r--src/SemanticScuttle/Service/Bookmark2Tag.php4
-rw-r--r--src/SemanticScuttle/Service/Tag.php4
-rw-r--r--src/SemanticScuttle/Service/User.php218
-rw-r--r--tests/AllTests.php3
-rw-r--r--tests/Api/PostsAddTest.php4
-rw-r--r--tests/Bookmark2TagTest.php10
-rw-r--r--tests/BookmarkTest.php46
-rw-r--r--tests/Tag2TagTest.php1
-rw-r--r--tests/TestBase.php13
-rw-r--r--tests/TestBaseApi.php21
-rw-r--r--tests/UserTest.php333
-rwxr-xr-xtests/www/bookmarksTest.php27
-rw-r--r--www/ajaxGetNewPrivateKey.php35
-rw-r--r--www/bookmarks.php17
-rw-r--r--www/index.php15
-rw-r--r--www/jsScuttle.php18
-rw-r--r--www/profile.php33
-rw-r--r--www/rss.php33
-rw-r--r--www/tags.php15
28 files changed, 832 insertions, 82 deletions
diff --git a/data/schema/6.sql b/data/schema/6.sql
index 0c208ad..cf9dd37 100644
--- a/data/schema/6.sql
+++ b/data/schema/6.sql
@@ -13,3 +13,7 @@ CREATE TABLE `sc_users_sslclientcerts` (
PRIMARY KEY ( `id` ) ,
UNIQUE (`id`)
) CHARACTER SET utf8 COLLATE utf8_general_ci;
+
+ALTER TABLE `sc_users` ADD `privateKey` VARCHAR(33) NULL;
+CREATE UNIQUE INDEX `privateKey` ON `sc_users` (`privateKey`);
+
diff --git a/data/tables.sql b/data/tables.sql
index d53945e..68d5ba9 100644
--- a/data/tables.sql
+++ b/data/tables.sql
@@ -72,7 +72,9 @@ CREATE TABLE `sc_users` (
`email` varchar(50) NOT NULL default '',
`homepage` varchar(255) default NULL,
`uContent` text,
- PRIMARY KEY (`uId`)
+ `privateKey` varchar(33) default NULL,
+ PRIMARY KEY (`uId`),
+ UNIQUE KEY `privateKey` (`privateKey`)
) CHARACTER SET utf8 COLLATE utf8_general_ci ;
-- --------------------------------------------------------
@@ -84,8 +86,7 @@ CREATE TABLE `sc_users_sslclientcerts` (
`sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL ,
`sslName` VARCHAR( 64 ) NOT NULL ,
`sslEmail` VARCHAR( 64 ) NOT NULL ,
- PRIMARY KEY ( `id` ) ,
- UNIQUE (`id`)
+ PRIMARY KEY ( `id` )
) CHARACTER SET utf8 COLLATE utf8_general_ci;
--
diff --git a/data/templates/default/bookmarks.tpl.php b/data/templates/default/bookmarks.tpl.php
index 91d50bf..27118f5 100644
--- a/data/templates/default/bookmarks.tpl.php
+++ b/data/templates/default/bookmarks.tpl.php
@@ -221,12 +221,9 @@ if ($currenttag!= '') {
$brss = '';
$size = count($rsschannels);
for ($i = 0; $i < $size; $i++) {
- $brss = '<a style="background:#FFFFFF"'
- . ' href="'. htmlspecialchars($rsschannels[$i][1]) . '"'
- . ' title="' . htmlspecialchars($rsschannels[$i][0]) . '">'
- . '<img src="' . $theme->resource('images/rss.gif') . '"'
- . ' width="16" height="16"'
- . ' alt="' . htmlspecialchars($rsschannels[$i][0]) .'"/>'
+ $brss = '<a style="background:#FFFFFF" href="'. htmlspecialchars($rsschannels[$i][1]) . '"'
+ . ' title="' . $rsschannels[$i][0] . '">'
+ . '<img src="' . ROOT . 'images/rss.gif" width="16" height="16" alt="' . $rsschannels[$i][0] .'"/>'
. '</a>';
}
diff --git a/data/templates/default/editprofile.tpl.php b/data/templates/default/editprofile.tpl.php
index cc74f04..25dc3a4 100644
--- a/data/templates/default/editprofile.tpl.php
+++ b/data/templates/default/editprofile.tpl.php
@@ -28,6 +28,14 @@ $this->includeTemplate($GLOBALS['top_include']);
<td><input type="text" name="pMail" size="75" value="<?php echo filter($objectUser->getEmail(), 'xml'); ?>" /></td>
<td>← <?php echo T_('Required'); ?></td>
</tr>
+<tr>
+ <th align="left"><?php echo T_('Private RSS Feed'); ?></th>
+ <td><input type="checkbox" id="pEnablePrivateKey" name="pEnablePrivateKey" value="true" <?php echo $privateKeyIsEnabled;?> />
+ <label for="pEnablePrivateKey"><?php echo T_('Enable'); ?></label>&nbsp;&nbsp;&nbsp;
+ <input type="text" id="pPrivateKey" name="pPrivateKey" size="40" value="<?php echo $privateKey;?>" readonly="readonly" />
+ <a onclick="getNewPrivateKey(this); return false;"><button type="submit" name="submittedPK" value="1"><?php echo T_('Generate New Key'); ?></button></a>
+ </td>
+</tr>
</table>
<h3><?php echo T_('Personal Details'); ?></h3>
diff --git a/data/templates/default/rss.tpl.php b/data/templates/default/rss.tpl.php
index e6e66f7..6be5425 100644
--- a/data/templates/default/rss.tpl.php
+++ b/data/templates/default/rss.tpl.php
@@ -3,7 +3,7 @@ echo '<' . '?xml version="1.0" encoding="utf-8" ?' . ">\n";
?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
- <title><?php echo htmlspecialchars($feedtitle); ?></title>
+ <title><?php echo $feedtitle; ?></title>
<link><?php echo htmlspecialchars($feedlink); ?></link>
<description><?php echo htmlspecialchars($feeddescription); ?></description>
<pubDate><?php echo date('r'); ?></pubDate>
@@ -23,4 +23,4 @@ echo '<' . '?xml version="1.0" encoding="utf-8" ?' . ">\n";
</item>
<?php endforeach; ?>
</channel>
-</rss> \ No newline at end of file
+</rss>
diff --git a/data/templates/testdummy/top.inc.php b/data/templates/testdummy/top.inc.php
index 7b0874c..b85a1ae 100644
--- a/data/templates/testdummy/top.inc.php
+++ b/data/templates/testdummy/top.inc.php
@@ -12,7 +12,7 @@ if (isset($rsschannels)) {
$size = count($rsschannels);
for ($i = 0; $i < $size; $i++) {
echo ' <link rel="alternate" type="application/rss+xml" title="'
- . htmlspecialchars($rsschannels[$i][0]) . '"'
+ . $rsschannels[$i][0] . '"'
. ' href="'. $rsschannels[$i][1] .'" />';
}
}
diff --git a/doc/UPGRADE.txt b/doc/UPGRADE.txt
index 0e570e5..1a0b964 100644
--- a/doc/UPGRADE.txt
+++ b/doc/UPGRADE.txt
@@ -9,6 +9,9 @@ Database updates
----------------
Apply ``data/schema/6.sql``
+ ALTER TABLE `sc_users` ADD `privateKey` VARCHAR(33) NULL;
+ CREATE UNIQUE INDEX `privateKey` ON `sc_users` (`privateKey`);
+
From version 0.96 to 0.97
=========================
diff --git a/src/SemanticScuttle/Model/User.php b/src/SemanticScuttle/Model/User.php
index 500f5b1..3aa617b 100644
--- a/src/SemanticScuttle/Model/User.php
+++ b/src/SemanticScuttle/Model/User.php
@@ -35,6 +35,7 @@ class SemanticScuttle_Model_User
var $content;
var $datetime;
var $isAdmin;
+ var $privateKey;
/**
* Create a new user object
@@ -69,6 +70,29 @@ class SemanticScuttle_Model_User
}
/**
+ * Returns private key
+ *
+ * @param boolean return sanitized value which basically drops
+ * leading dash if exists
+ *
+ * @return string private key
+ */
+ public function getPrivateKey($sanitized = false)
+ {
+ // Look for value only if not already set
+ if (!isset($this->privateKey)) {
+ $us = SemanticScuttle_Service_Factory::get('User');
+ $user = $us->getUser($this->id);
+ $this->privateKey = $user['privateKey'];
+ }
+ if ($sanitized == true) {
+ return substr($this->privateKey, -32);
+ } else {
+ return $this->privateKey;
+ }
+ }
+
+ /**
* Returns full user name as specified in the profile.
*
* @return string Full name
@@ -182,4 +206,4 @@ class SemanticScuttle_Model_User
}
}
-?> \ No newline at end of file
+?>
diff --git a/src/SemanticScuttle/Service/Bookmark.php b/src/SemanticScuttle/Service/Bookmark.php
index 919ca7a..17ab7ba 100644
--- a/src/SemanticScuttle/Service/Bookmark.php
+++ b/src/SemanticScuttle/Service/Bookmark.php
@@ -427,6 +427,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
$existence[$hashes[$row['bHash']]] = $row['count'] > 0;
}
+ $this->db->sql_freeresult($dbresult);
return $existence;
}
diff --git a/src/SemanticScuttle/Service/Bookmark2Tag.php b/src/SemanticScuttle/Service/Bookmark2Tag.php
index a10cb61..04ee43d 100644
--- a/src/SemanticScuttle/Service/Bookmark2Tag.php
+++ b/src/SemanticScuttle/Service/Bookmark2Tag.php
@@ -99,7 +99,7 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService
$tags_count = is_array($tags)?count($tags):0;
for ($i = 0; $i < $tags_count; $i++) {
- $tags[$i] = trim(strtolower($tags[$i]));
+ $tags[$i] = trim(utf8_strtolower($tags[$i]));
if ($fromApi) {
include_once 'SemanticScuttle/functions.php';
$tags[$i] = convertTag($tags[$i], 'in');
@@ -584,7 +584,7 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService
if (is_int($days)) {
$query .= ' AND B.bDatetime > "'
- . date('Y-m-d H:i:s', time() - (86400 * $days))
+ . gmdate('Y-m-d H:i:s', time() - (86400 * $days))
. '"';
}
diff --git a/src/SemanticScuttle/Service/Tag.php b/src/SemanticScuttle/Service/Tag.php
index 25d3888..8325285 100644
--- a/src/SemanticScuttle/Service/Tag.php
+++ b/src/SemanticScuttle/Service/Tag.php
@@ -141,10 +141,10 @@ class SemanticScuttle_Service_Tag extends SemanticScuttle_DbService
//normalize
if(!is_array($tags)) {
- $tags = strtolower(trim($tags));
+ $tags = utf8_strtolower(trim($tags));
} else {
for($i=0; $i<count($tags); $i++) {
- $tags[$i] = strtolower(trim($tags[$i]));
+ $tags[$i] = utf8_strtolower(trim($tags[$i]));
}
}
return $tags;
diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php
index 0e437c2..a4870b7 100644
--- a/src/SemanticScuttle/Service/User.php
+++ b/src/SemanticScuttle/Service/User.php
@@ -48,9 +48,10 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
protected $currentuser = null;
protected $fields = array(
- 'primary' => 'uId',
- 'username' => 'username',
- 'password' => 'password'
+ 'primary' => 'uId',
+ 'username' => 'username',
+ 'password' => 'password',
+ 'privatekey' => 'privatekey'
);
protected $profileurl;
@@ -215,6 +216,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
return $this->_getuser($this->getFieldName('username'), $username);
}
+ /**
+ * Returns user row from database.
+ *
+ * @param string $privatekey Private Key
+ *
+ * @return array User array from database, false if no user was found
+ */
+ public function getUserByPrivateKey($privatekey)
+ {
+ return $this->_getuser($this->getFieldName('privatekey'), $privatekey);
+ }
+
function getObjectUserByUsername($username) {
$user = $this->_getuser($this->getFieldName('username'), $username);
if($user != false) {
@@ -280,6 +293,22 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
}
/**
+ * Tells you if the private key is enabled and valid
+ *
+ * @param string $privateKey Private Key
+ *
+ * @return boolean True if enabled and valid
+ */
+ public function isPrivateKeyValid($privateKey)
+ {
+ // check length of private key
+ if (strlen($privateKey) == 32) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
* Returns the current user object
*
* @param boolean $refresh Reload the user from database
@@ -293,7 +322,7 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
{
if (!is_null($newval)) {
//internal use only: reset currentuser
- $currentuser = $newval;
+ $this->currentuser = $newval;
} else if ($refresh || !isset($this->currentuser)) {
if ($id = $this->getCurrentUserId()) {
$this->currentuser = $this->getUser($id);
@@ -510,6 +539,45 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
}
/**
+ * Try to authenticate via the privatekey
+ *
+ * @param string $privatekey Private Key
+ *
+ * @return boolean true if the user could be authenticated,
+ * false if not.
+ */
+ public function loginPrivateKey($privatekey)
+ {
+ /* Check if private key valid and enabled */
+ if (!$this->isPrivateKeyValid($privatekey)) {
+ return false;
+ }
+
+ $query = 'SELECT '. $this->getFieldName('primary') .' FROM '
+ . $this->getTableName() .' WHERE '
+ . $this->getFieldName('privatekey') .' = "'
+ . $this->db->sql_escape($privatekey) .'"';
+
+ if (!($dbresult = $this->db->sql_query($query))) {
+ message_die(
+ GENERAL_ERROR,
+ 'Could not get user',
+ '', __LINE__, __FILE__, $query, $this->db
+ );
+ return false;
+ }
+
+ $row = $this->db->sql_fetchrow($dbresult);
+ $this->db->sql_freeresult($dbresult);
+
+ if ($row) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /**
* Logs the user off
*
* @return void
@@ -519,7 +587,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
@setcookie($this->getCookiekey(), '', time() - 1, '/');
unset($_COOKIE[$this->getCookiekey()]);
session_unset();
- $this->getCurrentUser(TRUE, false);
+ $this->currentuserId = null;
+ $this->currentuser = null;
}
function getWatchlist($uId) {
@@ -603,11 +672,12 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
return false;
}
- $arrWatch = array();
+ $retval = true;
if ($this->db->sql_numrows($dbresult) == 0)
- return false;
- else
- return true;
+ $retval = false;
+
+ $this->db->sql_freeresult($dbresult);
+ return $retval;
}
function setWatchStatus($subjectUserID) {
@@ -646,24 +716,26 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
* No checks are done in here - you ought to have checked
* everything before calling this method!
*
- * @param string $username Username to use
- * @param string $password Password to use
- * @param string $email Email to use
+ * @param string $username Username to use
+ * @param string $password Password to use
+ * @param string $email Email to use
+ * @param string $privateKey Key for RSS auth
*
* @return mixed Integer user ID if all is well,
* boolean false if an error occured
*/
- public function addUser($username, $password, $email)
+ public function addUser($username, $password, $email, $privateKey = null)
{
// Set up the SQL UPDATE statement.
$datetime = gmdate('Y-m-d H:i:s', time());
$password = $this->sanitisePassword($password);
$values = array(
- 'username' => $username,
- 'password' => $password,
- 'email' => $email,
- 'uDatetime' => $datetime,
- 'uModified' => $datetime
+ 'username' => $username,
+ 'password' => $password,
+ 'email' => $email,
+ 'uDatetime' => $datetime,
+ 'uModified' => $datetime,
+ 'privateKey' => $privateKey
);
$sql = 'INSERT INTO '. $this->getTableName()
. ' '. $this->db->sql_build_array('INSERT', $values);
@@ -687,40 +759,64 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
/**
* Updates the given user
*
- * @param integer $uId ID of user to change
- * @param string $password Password to use
- * @param string $name Realname to use
- * @param string $email Email to use
- * @param string $homepage User's homepage
- * @param string $uContent User note
+ * @param integer $uId ID of user to change
+ * @param string $password Password to use
+ * @param string $name Realname to use
+ * @param string $email Email to use
+ * @param string $homepage User's homepage
+ * @param string $uContent User note
+ * @param string $privateKey RSS Private Key
+ * @param boolean $enablePrivateKey RSS Private Key Flag
*
* @return boolean True when all is well, false if not
*/
public function updateUser(
- $uId, $password, $name, $email, $homepage, $uContent
+ $uId, $password, $name, $email, $homepage, $uContent,
+ $privateKey = null, $enablePrivateKey = false
) {
if (!is_numeric($uId)) {
return false;
}
+ // prepend '-' to privateKey if disabled
+ if ($privateKey != null && strlen($privateKey) == 32
+ && $enablePrivateKey == false
+ ) {
+ $privateKey = '-' . $privateKey;
+ }
+
+ // remove '-' from privateKey if enabling
+ if ($privateKey != null && strlen($privateKey) == 33
+ && $enablePrivateKey == true
+ ) {
+ $privateKey = substr($privateKey, 1, 32);
+ }
+
+ // if new user is enabling Private Key, create new key
+ if ($privateKey == null && $enablePrivateKey == true) {
+ $privateKey = $this->getNewPrivateKey();
+ }
+
// Set up the SQL UPDATE statement.
$moddatetime = gmdate('Y-m-d H:i:s', time());
if ($password == '') {
$updates = array(
- 'uModified' => $moddatetime,
- 'name' => $name,
- 'email' => $email,
- 'homepage' => $homepage,
- 'uContent' => $uContent
+ 'uModified' => $moddatetime,
+ 'name' => $name,
+ 'email' => $email,
+ 'homepage' => $homepage,
+ 'uContent' => $uContent,
+ 'privateKey' => $privateKey
);
} else {
$updates = array(
- 'uModified' => $moddatetime,
- 'password' => $this->sanitisePassword($password),
- 'name' => $name,
- 'email' => $email,
- 'homepage' => $homepage,
- 'uContent' => $uContent
+ 'uModified' => $moddatetime,
+ 'password' => $this->sanitisePassword($password),
+ 'name' => $name,
+ 'email' => $email,
+ 'homepage' => $homepage,
+ 'uContent' => $uContent,
+ 'privateKey' => $privateKey
);
}
$sql = 'UPDATE '. $this->getTableName()
@@ -837,6 +933,56 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
}
}
+ /**
+ * Generates a new private key and confirms it isn't being used.
+ * Private key is 32 characters long, consisting of lowercase and
+ * numeric characters.
+ *
+ * @return string the new key value
+ */
+ public function getNewPrivateKey()
+ {
+ do {
+ $newKey = md5(uniqid('SemanticScuttle', true));
+ } while ($this->privateKeyExists($newKey));
+
+ return $newKey;
+ }
+
+ /**
+ * Checks if a private key already exists
+ *
+ * @param string $privateKey key that has been generated
+ *
+ * @return boolean true when the private key exists,
+ * False if not.
+ */
+ public function privateKeyExists($privateKey)
+ {
+ if (!$privateKey) {
+ return false;
+ }
+ $crit = array('privateKey' => $privateKey);
+
+ $sql = 'SELECT COUNT(*) as "0" FROM '
+ . $GLOBALS['tableprefix'] . 'users'
+ . ' WHERE '. $this->db->sql_build_array('SELECT', $crit);
+
+ if (!($dbresult = $this->db->sql_query($sql))) {
+ message_die(
+ GENERAL_ERROR, 'Could not get vars', '',
+ __LINE__, __FILE__, $sql, $this->db
+ );
+ }
+ if ($this->db->sql_fetchfield(0, 0) > 0) {
+ $exists = true;
+ } else {
+ $exists = false;
+ }
+ $this->db->sql_freeresult($dbresult);
+ return $exists;
+ }
+
function isReserved($username) {
if (in_array($username, $GLOBALS['reservedusers'])) {
return true;
diff --git a/tests/AllTests.php b/tests/AllTests.php
index 9e825e8..92f8960 100644
--- a/tests/AllTests.php
+++ b/tests/AllTests.php
@@ -46,6 +46,7 @@ class AllTests extends PHPUnit_Framework_TestSuite
$suite->addTestFile($tdir . '/VoteTest.php');
$suite->addTestFile($tdir . '/UserTest.php');
$suite->addTestFile($tdir . '/Api/ExportCsvTest.php');
+ $suite->addTestFile($tdir . '/Api/OpenSearchTest.php');
$suite->addTestFile($tdir . '/Api/PostsAddTest.php');
$suite->addTestFile($tdir . '/Api/PostsDeleteTest.php');
$suite->addTestFile($tdir . '/Api/PostsUpdateTest.php');
@@ -58,4 +59,4 @@ class AllTests extends PHPUnit_Framework_TestSuite
{
}
}
-?> \ No newline at end of file
+?>
diff --git a/tests/Api/PostsAddTest.php b/tests/Api/PostsAddTest.php
index 02e2b38..e6d0531 100644
--- a/tests/Api/PostsAddTest.php
+++ b/tests/Api/PostsAddTest.php
@@ -108,7 +108,7 @@ TXT;
$this->assertEquals($bmUrl, $bm['bAddress']);
$this->assertEquals($bmTitle, $bm['bTitle']);
- $this->assertEquals($bmDescription, $bm['bDescription']);
+ $this->assertEquals($bmDescription, stripslashes($bm['bDescription']));
$this->assertEquals($bmTags, $bm['tags']);
$this->assertEquals(
gmdate('Y-m-d H:i:s', strtotime($bmDatetime)),
@@ -170,7 +170,7 @@ TXT;
$this->assertEquals($bmUrl, $bm['bAddress']);
$this->assertEquals($bmTitle, $bm['bTitle']);
- $this->assertEquals($bmDescription, $bm['bDescription']);
+ $this->assertEquals($bmDescription, stripslashes($bm['bDescription']));
$this->assertEquals($bmTags, $bm['tags']);
$this->assertEquals(
gmdate('Y-m-d H:i:s', strtotime($bmDatetime)),
diff --git a/tests/Bookmark2TagTest.php b/tests/Bookmark2TagTest.php
index 789540f..0236a5f 100644
--- a/tests/Bookmark2TagTest.php
+++ b/tests/Bookmark2TagTest.php
@@ -282,10 +282,10 @@ class Bookmark2TagTest extends TestBase
public function testGetPopularTagsDays()
{
$user = $this->addUser();
- $this->addTagBookmark($user, array('one', 'two'), 'today');
- $this->addTagBookmark($user, array('one', 'thr'), 'today');
- $this->addTagBookmark($user, array('one', 'two'), '-1 day 1 hour');
- $this->addTagBookmark($user, array('one', 'thr'), '-3 days 1 hour');
+ $this->addTagBookmark($user, array('one', 'two'), 'now');
+ $this->addTagBookmark($user, array('one', 'thr'), 'now');
+ $this->addTagBookmark($user, array('one', 'two'), '-1 day -1 hour');
+ $this->addTagBookmark($user, array('one', 'thr'), '-3 days -1 hour');
$arTags = $this->b2ts->getPopularTags(null, 10, null, 1);
$this->assertInternalType('array', $arTags);
@@ -608,4 +608,4 @@ class Bookmark2TagTest extends TestBase
$this->assertContains(array('tag' => 'usable', 'bCount' => '2'), $arTags);
}
}
-?> \ No newline at end of file
+?>
diff --git a/tests/BookmarkTest.php b/tests/BookmarkTest.php
index b50dab2..44a82d9 100644
--- a/tests/BookmarkTest.php
+++ b/tests/BookmarkTest.php
@@ -1330,5 +1330,51 @@ class BookmarkTest extends TestBase
+ /**
+ * Test private bookmarks
+ *
+ * @return void
+ */
+ public function testPrivateBookmarks()
+ {
+ $uid = $this->addUser();
+ /* create private bookmark */
+ $this->bs->addBookmark(
+ 'http://test', 'test', 'desc', 'note',
+ 2,//private
+ array(), null, null, false, false, $uid
+ );
+ /* create public bookmark */
+ $this->bs->addBookmark(
+ 'http://example.org', 'title', 'desc', 'priv',
+ 0,//public
+ array(), null, null, false, false, $uid
+ );
+
+ $this->assertEquals(1, $this->bs->countBookmarks($uid, 'public'));
+ $this->assertEquals(1, $this->bs->countBookmarks($uid, 'private'));
+ $this->assertEquals(0, $this->bs->countBookmarks($uid, 'shared'));
+ $this->assertEquals(2, $this->bs->countBookmarks($uid, 'all'));
+
+ $this->us->setCurrentUserId($uid);
+ $bookmarks = $this->bs->getBookmarks();
+ // first record should be private bookmark
+ $b0 = $bookmarks['bookmarks'][0];
+ $this->assertEquals('test', $b0['bTitle']);
+ // second record should be public bookmark
+ $b0 = $bookmarks['bookmarks'][1];
+ $this->assertEquals('title', $b0['bTitle']);
+
+ // test non authenticated query
+ $this->us->setCurrentUserId(null);
+ $bookmarks = $this->bs->getBookmarks();
+ // should only result in one link - public
+ $b2 = $bookmarks['bookmarks'][0];
+ $this->assertEquals('title', $b2['bTitle']);
+ // there should be no second record
+ $this->assertEquals(1,count($bookmarks['bookmarks']));
+
+ }
+
}
?>
diff --git a/tests/Tag2TagTest.php b/tests/Tag2TagTest.php
index 0b73864..58556f1 100644
--- a/tests/Tag2TagTest.php
+++ b/tests/Tag2TagTest.php
@@ -332,6 +332,7 @@ class Tag2TagTest extends TestBase
$this->assertSame('B3', $results['bookmarks'][0]['bTitle']);
$results = $bs->getBookmarks(0, NULL, 1, 'aa+ee');
+
$this->assertSame(1, intval($results['total']));
$this->assertSame('B2', $results['bookmarks'][0]['bTitle']);
diff --git a/tests/TestBase.php b/tests/TestBase.php
index 095f32d..1331ec6 100644
--- a/tests/TestBase.php
+++ b/tests/TestBase.php
@@ -78,14 +78,15 @@ class TestBase extends PHPUnit_Framework_TestCase
*
* @param string $username Username
* @param string $password Password
+ * @param string $pkey Private Key
*
* @return integer ID of user
*
* @uses addUserData()
*/
- protected function addUser($username = null, $password = null)
+ protected function addUser($username = null, $password = null, $pkey = null)
{
- return reset($this->addUserData($username, $password));
+ return reset($this->addUserData($username, $password, $pkey));
}
@@ -95,10 +96,11 @@ class TestBase extends PHPUnit_Framework_TestCase
*
* @param string $username Username
* @param string $password Password
+ * @param string $pkey Private Key
*
* @return array ID of user, Name of user, password of user
*/
- protected function addUserData($username = null, $password = null)
+ protected function addUserData($username = null, $password = null, $pkey = null)
{
$us = SemanticScuttle_Service_Factory::get('User');
$rand = rand();
@@ -113,7 +115,8 @@ class TestBase extends PHPUnit_Framework_TestCase
$uid = $us->addUser(
$username,
$password,
- 'unittest-' . $rand . '@example.org'
+ 'unittest-' . $rand . '@example.org',
+ $pkey
);
return array($uid, $username, $password);
}
@@ -148,4 +151,4 @@ class TestBase extends PHPUnit_Framework_TestCase
}
}
-?> \ No newline at end of file
+?>
diff --git a/tests/TestBaseApi.php b/tests/TestBaseApi.php
index 20574f3..d8917aa 100644
--- a/tests/TestBaseApi.php
+++ b/tests/TestBaseApi.php
@@ -164,15 +164,16 @@ class TestBaseApi extends TestBase
*
* Useful for testing HTML pages or ajax URLs.
*
- * @param string $urlSuffix Suffix for the URL
- * @param mixed $auth If user authentication is needed (true/false)
- * or array with username and password
+ * @param string $urlSuffix Suffix for the URL
+ * @param mixed $auth If user authentication is needed (true/false)
+ * or array with username and password
+ * @param boolean $privateKey True if to add user with private key
*
* @return array(HTTP_Request2, integer) HTTP request object and user id
*
* @uses getRequest()
*/
- protected function getLoggedInRequest($urlSuffix = null, $auth = true)
+ protected function getLoggedInRequest($urlSuffix = null, $auth = true, $privateKey = false)
{
if (is_array($auth)) {
list($username, $password) = $auth;
@@ -180,7 +181,13 @@ class TestBaseApi extends TestBase
$username = 'testuser';
$password = 'testpassword';
}
- $uid = $this->addUser($username, $password);
+ //include privatekey if requested
+ if ($privateKey) {
+ $pKey = $this->us->getNewPrivateKey();
+ } else {
+ $pKey = null;
+ }
+ $uid = $this->addUser($username, $password, $pKey);
$req = new HTTP_Request2(
$GLOBALS['unittestUrl'] . '/login.php?unittestMode=1',
@@ -234,7 +241,7 @@ class TestBaseApi extends TestBase
*/
protected function setUnittestConfig($arConfig)
{
- $str = '<' . "?php\r\n";
+ $str = '<' . "?php\n";
foreach ($arConfig as $name => $value) {
$str .= '$' . $name . ' = '
. var_export($value, true) . ";\n";
@@ -253,4 +260,4 @@ class TestBaseApi extends TestBase
);
}
}
-?> \ No newline at end of file
+?>
diff --git a/tests/UserTest.php b/tests/UserTest.php
index 2f57112..230167d 100644
--- a/tests/UserTest.php
+++ b/tests/UserTest.php
@@ -35,6 +35,157 @@ class UserTest extends TestBase
/**
+ * @covers SemanticScuttle_Service_User::addUser
+ */
+ public function testAddUserPrivateKey()
+ {
+ $name = substr(md5(uniqid()), 0, 6);
+ $pkey = 'my-privatekey';
+ $id = $this->us->addUser(
+ $name, uniqid(), 'foo@example.org', $pkey
+ );
+ $this->assertNotEquals(false, $id);
+ $this->assertInternalType('integer', $id);
+
+ $arUser = $this->us->getUserByPrivateKey($pkey);
+ $this->assertNotEquals(false, $arUser, 'user not found by private key');
+ $this->assertEquals($id, $arUser['uId'], 'wrong user loaded');
+ }
+
+
+ /**
+ * @covers SemanticScuttle_Service_User::updateUser
+ */
+ public function testUpdateUserFalseWhenIdNotNumeric()
+ {
+ $this->assertFalse(
+ $this->us->updateUser('foo', null, null, null, null, null)
+ );
+ }
+
+
+ /**
+ * @covers SemanticScuttle_Service_User::updateUser
+ */
+ public function testUpdateUserPrivateKeyNewKeyEnabled()
+ {
+ $pkey = 'testUpdateUserPrivateKeyNewKey12';
+ $uid = $this->addUser();
+
+ $this->assertTrue(
+ $this->us->updateUser(
+ $uid, 'password', 'name', 'test@example.org', '', '',
+ $pkey, true
+ )
+ );
+ $arUser = $this->us->getUser($uid);
+ $this->assertInternalType('array', $arUser);
+ $this->assertEquals($pkey, $arUser['privateKey']);
+ }
+
+
+ /**
+ * @covers SemanticScuttle_Service_User::updateUser
+ */
+ public function testUpdateUserPrivateKeyNewKeyDisabled()
+ {
+ $pkey = 'testUpdateUserPrivateKeyNewKeyDi';
+ $uid = $this->addUser();
+
+ $this->assertTrue(
+ $this->us->updateUser(
+ $uid, 'password', 'name', 'test@example.org', '', '',
+ $pkey, false
+ )
+ );
+ $arUser = $this->us->getUser($uid);
+ $this->assertInternalType('array', $arUser);
+ $this->assertEquals(
+ '-' . $pkey, $arUser['privateKey'],
+ 'private key did not get disabled'
+ );
+ }
+
+
+ /**
+ * Passing an empty string / NULL as key but enabling it
+ * should automatically create a new key.
+ *
+ * @covers SemanticScuttle_Service_User::updateUser
+ */
+ public function testUpdateUserPrivateKeyNoKeyEnabled()
+ {
+ $pkey = 'testUpdateUserPrivateKeyNoKeyEna';
+ $uid = $this->addUser();
+
+ $this->assertTrue(
+ $this->us->updateUser(
+ $uid, 'password', 'name', 'test@example.org', '', '',
+ null, true
+ )
+ );
+ $arUser = $this->us->getUser($uid);
+ $this->assertInternalType('array', $arUser);
+ $this->assertNotEquals(
+ '', $arUser['privateKey'], 'private key was not created'
+ );
+ }
+
+
+ /**
+ * Passing an empty string / NULL as key and disabling it
+ * should keep no key
+ *
+ * @covers SemanticScuttle_Service_User::updateUser
+ */
+ public function testUpdateUserPrivateKeyNoKeyDisabled()
+ {
+ $pkey = 'testUpdateUserPrivateKeyNoKeyDis';
+ $uid = $this->addUser();
+
+ $this->assertTrue(
+ $this->us->updateUser(
+ $uid, 'password', 'name', 'test@example.org', '', '',
+ null, false
+ )
+ );
+ $arUser = $this->us->getUser($uid);
+ $this->assertInternalType('array', $arUser);
+ $this->assertEquals(
+ '', $arUser['privateKey'], 'private key was set'
+ );
+ }
+
+
+ /**
+ * Passing an empty string / NULL as key and disabling it
+ * should keep no key
+ *
+ * @covers SemanticScuttle_Service_User::updateUser
+ */
+ public function testUpdateUserPrivateKeyExistingKeyEnabled()
+ {
+ $pkey = '12345678901234567890123456789012';
+ $uid = $this->addUser();
+
+ $this->assertTrue(
+ $this->us->updateUser(
+ $uid, 'password', 'name', 'test@example.org', '', '',
+ '-' . $pkey, true
+ )
+ );
+ $arUser = $this->us->getUser($uid);
+ $this->assertInternalType('array', $arUser);
+ $this->assertEquals(
+ $pkey, $arUser['privateKey'], 'private key was not enabled'
+ );
+ }
+
+ //FIXME: verify I cannot re-use private key of different user
+
+
+
+ /**
* Test that setting the current user ID is permanent.
* and that the current user array is the same ID
*
@@ -176,5 +327,185 @@ class UserTest extends TestBase
);
}
+
+ public function testGetUserByPrivateKeyEmptyKey()
+ {
+ $arUser = $this->us->getUserByPrivateKey(null);
+ $this->assertFalse($arUser);
+ }
+
+
+ public function testGetUserByPrivateKeyInvalid()
+ {
+ $arUser = $this->us->getUserByPrivateKey('foobar');
+ $this->assertFalse($arUser);
+
+ $arUser = $this->us->getUserByPrivateKey('%');
+ $this->assertFalse($arUser);
+ }
+
+
+ public function testGetUserByPrivateKeyValidKey()
+ {
+ $pkey = $this->us->getNewPrivateKey();
+ $uId = $this->addUser(null, null, $pkey);
+
+ $arUser = $this->us->getUserByPrivateKey($pkey);
+ $this->assertInternalType('array', $arUser);
+ $this->assertArrayHasKey('uId', $arUser);
+ $this->assertArrayHasKey('username', $arUser);
+
+ $this->assertEquals($uId, $arUser['uId']);
+ }
+
+
+ /**
+ * @covers SemanticScuttle_Service_User::privateKeyExists
+ */
+ public function testPrivateKeyExistsEmpty()
+ {
+ $this->assertFalse($this->us->privateKeyExists(null));
+ $this->assertFalse($this->us->privateKeyExists(''));
+ }
+
+
+ /**
+ * @covers SemanticScuttle_Service_User::privateKeyExists
+ */
+ public function testPrivateKeyExistsInvalid()
+ {
+ $this->assertFalse($this->us->privateKeyExists('-1'));
+ }
+
+
+ /**
+ * @covers SemanticScuttle_Service_User::privateKeyExists
+ */
+ public function testPrivateKeyExists()
+ {
+ $randKey = $this->us->getNewPrivateKey();
+ $this->assertFalse($this->us->privateKeyExists($randKey));
+ $uid = $this->addUser(null, null, $randKey);
+
+ $this->us->setCurrentUserId($uid);
+ $this->assertEquals($uid, $this->us->getCurrentUserId());
+
+ $this->assertTrue($this->us->privateKeyExists($randKey));
+ }
+
+
+ /**
+ * @covers SemanticScuttle_Service_User::isPrivateKeyValid
+ */
+ public function testIsPrivateKeyValid()
+ {
+ $this->assertFalse(
+ $this->us->isPrivateKeyValid(null),
+ 'NULL is an invalid private key'
+ );
+
+ $randKey = $this->us->getNewPrivateKey();
+ $this->assertTrue(
+ $this->us->isPrivateKeyValid($randKey),
+ 'generated key should be valid'
+ );
+
+ $randKey2 = '-'.$this->us->getNewPrivateKey();
+ $this->assertFalse(
+ $this->us->isPrivateKeyValid($randKey2),
+ 'disabled privatekey should return false'
+ );
+ }
+
+
+ public function testLoginPrivateKeyInvalid()
+ {
+ /* normal user with enabled privatekey */
+ $randKey = $this->us->getNewPrivateKey();
+ $uid1 = $this->addUser('testusername', 'passw0rd', $randKey);
+ /* user that has disabled privatekey */
+ $randKey2 = '-'.$this->us->getNewPrivateKey();
+ $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2);
+
+ /* test invalid private key */
+ $this->assertFalse(
+ $this->us->loginPrivateKey('02848248084082408240824802408248')
+ );
+ }
+
+
+ public function testLoginPrivateKeyValidEnabledKey()
+ {
+ /* normal user with enabled privatekey */
+ $randKey = $this->us->getNewPrivateKey();
+ $uid1 = $this->addUser('testusername', 'passw0rd', $randKey);
+ /* user that has disabled privatekey */
+ $randKey2 = '-'.$this->us->getNewPrivateKey();
+ $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2);
+
+
+ /* test valid credentials with private key enabled */
+ $this->assertTrue(
+ $this->us->loginPrivateKey($randKey)
+ );
+ }
+
+
+ public function testLoginPrivateKeyInvalidEnabledKey()
+ {
+ /* normal user with enabled privatekey */
+ $randKey = $this->us->getNewPrivateKey();
+ $uid1 = $this->addUser('testusername', 'passw0rd', $randKey);
+ /* user that has disabled privatekey */
+ $randKey2 = '-'.$this->us->getNewPrivateKey();
+ $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2);
+
+
+ /* test valid credentials with private key enabled but invalid key */
+ $this->assertFalse(
+ $this->us->loginPrivateKey('123')
+ );
+ }
+
+
+ public function testLoginPrivateKeyValidDisabledKey()
+ {
+ /* normal user with enabled privatekey */
+ $randKey = $this->us->getNewPrivateKey();
+ $uid1 = $this->addUser('testusername', 'passw0rd', $randKey);
+ /* user that has disabled privatekey */
+ $randKey2 = '-'.$this->us->getNewPrivateKey();
+ $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2);
+
+ /* confirm user exists so future fails should be due to randkey */
+ $this->assertTrue(
+ $this->us->login('seconduser', 'passw0RD', false)
+ );
+
+ /* test valid credentials with private key disabled */
+ $this->assertFalse(
+ $this->us->loginPrivateKey($randKey2)
+ );
+ }
+
+
+ public function testLoginPrivateKeyInvalidDisabled()
+ {
+ /* normal user with enabled privatekey */
+ $randKey = $this->us->getNewPrivateKey();
+ $uid1 = $this->addUser('testusername', 'passw0rd', $randKey);
+ /* user that has disabled privatekey */
+ $randKey2 = '-'.$this->us->getNewPrivateKey();
+ $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2);
+
+ /* test valid credentials with private key disabled and invalid key */
+ $this->assertFalse(
+ $this->us->loginPrivateKey('-1')
+ );
+ $this->assertFalse(
+ $this->us->loginPrivateKey(null)
+ );
+ }
+
}
-?> \ No newline at end of file
+?>
diff --git a/tests/www/bookmarksTest.php b/tests/www/bookmarksTest.php
index df360cc..eaf78bf 100755
--- a/tests/www/bookmarksTest.php
+++ b/tests/www/bookmarksTest.php
@@ -76,5 +76,32 @@ class www_bookmarksTest extends TestBaseApi
$this->assertEquals(1, (string)$elements[0]['value']);
}//end testDefaultPrivacyBookmarksAdd
+
+ /**
+ * Test that the private RSS link exists when a user
+ * has a private key and is enabled
+ */
+ public function testVerifyPrivateRSSLinkExists()
+ {
+ list($req, $uId) = $this->getLoggedInRequest('?unittestMode=1', true, true);
+
+ $user = $this->us->getUser($uId);
+ $reqUrl = $GLOBALS['unittestUrl'] . 'bookmarks.php/'
+ . $user['username'];
+ $req->setUrl($reqUrl);
+ $req->setMethod(HTTP_Request2::METHOD_GET);
+ $response = $req->send();
+ $response_body = $response->getBody();
+ $this->assertNotEquals('', $response_body, 'Response is empty');
+
+ $x = simplexml_load_string($response_body);
+ $ns = $x->getDocNamespaces();
+ $x->registerXPathNamespace('ns', reset($ns));
+
+ $elements = $x->xpath('//ns:link');
+ $this->assertEquals(5, count($elements), 'Number of Links in Head not correct');
+ $this->assertContains('privatekey=', (string)$elements[4]['href']);
+ }//end testVerifyPrivateRSSLinkExists
+
}//end class www_bookmarksTest
?>
diff --git a/www/ajaxGetNewPrivateKey.php b/www/ajaxGetNewPrivateKey.php
new file mode 100644
index 0000000..eacebd8
--- /dev/null
+++ b/www/ajaxGetNewPrivateKey.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * Ajax script to retrieve new Private Key
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @author Mark Pemberton <mpemberton5@gmail.com>
+ * @license AGPL http://www.gnu.org/licenses/agpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+
+header("Last-Modified: ". gmdate("D, d M Y H:i:s") ." GMT");
+header("Cache-Control: no-cache, must-revalidate");
+
+$httpContentType = 'text/xml';
+require_once 'www-header.php';
+
+$us = SemanticScuttle_Service_Factory::get('User');
+
+/* Managing all possible inputs */
+isset($_GET['url']) ? define('GET_URL', $_GET['url']): define('GET_URL', '');
+
+echo '<?xml version="1.0" encoding="utf-8"?>';
+?>
+<response>
+<method>
+getNewPrivateKey
+</method>
+<result>
+<?php echo $us->getNewPrivateKey(); ?>
+</result>
+</response>
diff --git a/www/bookmarks.php b/www/bookmarks.php
index efc1680..44119db 100644
--- a/www/bookmarks.php
+++ b/www/bookmarks.php
@@ -229,12 +229,14 @@ if ($templatename == 'editbookmark.tpl') {
$tplVars['sidebar_blocks'] = array('watchstatus');
if (!$cat) { //user page without tags
+ $rssTitle = ": My Bookmarks";
$cat = NULL;
$tplVars['currenttag'] = NULL;
//$tplVars['sidebar_blocks'][] = 'menu2';
$tplVars['sidebar_blocks'][] = 'linked';
$tplVars['sidebar_blocks'][] = 'popular';
} else { //pages with tags
+ $rssTitle = ": Tags" . $catTitle;
$rssCat = '/'. filter($cat, 'url');
$tplVars['currenttag'] = $cat;
$tplVars['sidebar_blocks'][] = 'tagactions';
@@ -264,9 +266,22 @@ if ($templatename == 'editbookmark.tpl') {
// Set template vars
$tplVars['rsschannels'] = array(
- array(filter($sitename .': '. $pagetitle), createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder()))
+ array(filter($sitename .$rssTitle), createURL('rss', filter($user, 'url') . $rssCat.'?sort='.getSortOrder()))
);
+ if ($userservice->isLoggedOn()) {
+ $currentUsername = $currentUser->getUsername();
+ if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
+ array_push(
+ $tplVars['rsschannels'],
+ array(
+ filter($sitename . $rssTitle. sprintf(T_(': (private) ')) . $currentUsername),
+ createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&amp;privatekey='.$currentUser->getPrivateKey())
+ )
+ );
+ }
+ }
+
$tplVars['page'] = $page;
$tplVars['start'] = $start;
$tplVars['bookmarkCount'] = $start + 1;
diff --git a/www/index.php b/www/index.php
index f6704ae..fab235f 100644
--- a/www/index.php
+++ b/www/index.php
@@ -42,9 +42,22 @@ if (GET_ACTION == "logout") {
// Header variables
$tplVars['loadjs'] = true;
$tplVars['rsschannels'] = array(
-array(sprintf(T_('%s: Recent bookmarks'), $sitename), createURL('rss').'?sort='.getSortOrder())
+array(sprintf(T_('%s: Recent bookmarks'), htmlspecialchars($sitename)), createURL('rss').'?sort='.getSortOrder())
);
+if ($userservice->isLoggedOn()) {
+ $currentUsername = $currentUser->getUsername();
+ if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
+ array_push(
+ $tplVars['rsschannels'],
+ array(
+ filter($sitename . sprintf(T_(': Recent bookmarks (private)')) . $currentUsername),
+ createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&amp;privatekey='.$currentUser->getPrivateKey())
+ )
+ );
+ }
+}
+
if ($usecache) {
// Generate hash for caching on
$hashtext = $_SERVER['REQUEST_URI'];
diff --git a/www/jsScuttle.php b/www/jsScuttle.php
index 5e5f31b..de97fd2 100644
--- a/www/jsScuttle.php
+++ b/www/jsScuttle.php
@@ -90,6 +90,24 @@ function useAddress(ele) {
}
}
+/**
+ * Makes an ajax call to PHP script to generate an new Private Key
+ *
+ * @param input Calling object
+ * @param response Response object that returned value is placed
+ *
+ * @return boolean Returns false to halt execution after call
+ */
+function getNewPrivateKey(input, response){
+ var pk = document.getElementById('pPrivateKey');
+ if (response != null) {
+ pk.value = response.trim();
+ } else {
+ loadXMLDocProc('<?php echo ROOT; ?>ajaxGetNewPrivateKey.php');
+ }
+ return false;
+}
+
function getTitle(input, response){
var title = document.getElementById('titleField');
if (title.value == '') {
diff --git a/www/profile.php b/www/profile.php
index ccdb7a8..63f4da8 100644
--- a/www/profile.php
+++ b/www/profile.php
@@ -23,12 +23,16 @@ require_once 'www-header.php';
/* Service creation: only useful services are created */
// No specific services
+$tplVars['loadjs'] = true;
/* Managing all possible inputs */
+isset($_POST['submittedPK']) ? define('POST_SUBMITTEDPK', $_POST['submittedPK']): define('POST_SUBMITTEDPK', '');
isset($_POST['submitted']) ? define('POST_SUBMITTED', $_POST['submitted']): define('POST_SUBMITTED', '');
isset($_POST['pPass']) ? define('POST_PASS', $_POST['pPass']): define('POST_PASS', '');
isset($_POST['pPassConf']) ? define('POST_PASSCONF', $_POST['pPassConf']): define('POST_PASSCONF', '');
isset($_POST['pName']) ? define('POST_NAME', $_POST['pName']): define('POST_NAME', '');
+isset($_POST['pPrivateKey']) ? define('POST_PRIVATEKEY', $_POST['pPrivateKey']): define('POST_PRIVATEKEY', '');
+isset($_POST['pEnablePrivateKey']) ? define('POST_ENABLEPRIVATEKEY', $_POST['pEnablePrivateKey']): define('POST_ENABLEPRIVATEKEY', '');
isset($_POST['pMail']) ? define('POST_MAIL', $_POST['pMail']): define('POST_MAIL', '');
isset($_POST['pPage']) ? define('POST_PAGE', $_POST['pPage']): define('POST_PAGE', '');
isset($_POST['pDesc']) ? define('POST_DESC', $_POST['pDesc']): define('POST_DESC', '');
@@ -61,10 +65,19 @@ if ($user) {
exit();
}
+$tplVars['privateKeyIsEnabled'] = '';
if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) {
- $title = T_('My Profile');
+ $title = T_('My Profile');
+ $tplVars['privateKey'] = $currentUser->getPrivateKey(true);
+
+ if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
+ $tplVars['privateKeyIsEnabled'] = 'checked="checked"';
+ } else {
+ $tplVars['privateKeyIsEnabled'] = '';
+ }
} else {
- $title = T_('Profile') .': '. $user;
+ $title = T_('Profile') .': '. $user;
+ $tplVars['privateKey'] = '';
}
$tplVars['pagetitle'] = $title;
$tplVars['subtitle'] = $title;
@@ -72,11 +85,19 @@ $tplVars['subtitle'] = $title;
$tplVars['user'] = $user;
$tplVars['userid'] = $userid;
+/* Update Private Key */
+if (POST_SUBMITTEDPK!='' && $currentUser->getId() == $userid) {
+ $userinfo = $userservice->getObjectUserByUsername($user);
+ $tplVars['privateKey'] = $userservice->getNewPrivateKey();
+}
+
if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) {
$error = false;
$detPass = trim(POST_PASS);
$detPassConf = trim(POST_PASSCONF);
$detName = trim(POST_NAME);
+ $detPrivateKey = trim(POST_PRIVATEKEY);
+ $detEnablePrivateKey = trim(POST_ENABLEPRIVATEKEY);
$detMail = trim(POST_MAIL);
$detPage = trim(POST_PAGE);
$detDesc = filter(POST_DESC);
@@ -102,13 +123,19 @@ if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) {
$tplVars['error'] = T_('E-mail address is not valid.');
}
if (!$error) {
- if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) {
+ if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc, $detPrivateKey, $detEnablePrivateKey)) {
$tplVars['error'] = T_('An error occurred while saving your changes.');
} else {
$tplVars['msg'] = T_('Changes saved.');
}
}
$userinfo = $userservice->getObjectUserByUsername($user);
+ $tplVars['privateKey'] = $userinfo->getPrivateKey(true);
+ if ($userservice->isPrivateKeyValid($userinfo->getPrivateKey())) {
+ $tplVars['privateKeyIsEnabled'] = 'checked="checked"';
+ } else {
+ $tplVars['privateKeyIsEnabled'] = '';
+ }
}
if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
diff --git a/www/rss.php b/www/rss.php
index 50240e5..2927534 100644
--- a/www/rss.php
+++ b/www/rss.php
@@ -64,6 +64,10 @@ if (!isset($rssEntries) || $rssEntries <= 0) {
$rssEntries = $maxRssEntries;
}
+$privatekey = null;
+if (isset($_GET['privatekey'])) {
+ $privatekey = $_GET['privatekey'];
+}
$watchlist = null;
$pagetitle = '';
@@ -78,8 +82,22 @@ if ($user && $user != 'all') {
} else {
if ($userinfo = $userservice->getUserByUsername($user)) {
$userid =& $userinfo[$userservice->getFieldName('primary')];
+ /* if user is not logged in and has valid privatekey */
+ if (!$userservice->isLoggedOn()) {
+ if ($privatekey != null) {
+ if (!$userservice->loginPrivateKey($privatekey)) {
+ $tplVars['error'] = sprintf(T_('Failed to Autenticate User with username %s using private key'), $user);
+ header('Content-type: text/html; charset=utf-8');
+ $templateservice->loadTemplate('error.404.tpl', $tplVars);
+ //throw a 404 error
+ exit();
+ }
+ }
+ }
+
} else {
$tplVars['error'] = sprintf(T_('User with username %s was not found'), $user);
+ header('Content-type: text/html; charset=utf-8');
$templateservice->loadTemplate('error.404.tpl', $tplVars);
//throw a 404 error
exit();
@@ -87,7 +105,17 @@ if ($user && $user != 'all') {
}
$pagetitle .= ": ". $user;
} else {
- $userid = null;
+ if ($privatekey != null) {
+ if (!$userservice->loginPrivateKey($privatekey)) {
+ $tplVars['error'] = sprintf(T_('Failed to Autenticate User with username %s using private key'), $user);
+ header('Content-type: text/html; charset=utf-8');
+ $templateservice->loadTemplate('error.404.tpl', $tplVars);
+ //throw a 404 error
+ exit();
+ }
+ } else {
+ $userid = null;
+ }
}
if ($cat) {
@@ -100,7 +128,8 @@ $tplVars['feeddescription'] = sprintf(T_('Recent bookmarks posted to %s'), $GLOB
$bookmarks = $bookmarkservice->getBookmarks(
0, $rssEntries, $userid, $cat,
- null, getSortOrder(), $watchlist
+ null, getSortOrder(), $watchlist,
+ null, null, null
);
$bookmarks_tmp = filter($bookmarks['bookmarks']);
diff --git a/www/tags.php b/www/tags.php
index a4e6555..09725e4 100644
--- a/www/tags.php
+++ b/www/tags.php
@@ -67,9 +67,22 @@ if ($usecache) {
$tplVars['pagetitle'] = T_('Tags') .': '. $cat;
$tplVars['loadjs'] = true;
$tplVars['rsschannels'] = array(
-array(filter($sitename .': '. $pagetitle), createURL('rss', 'all/'. filter($cat, 'url')).'?sort='.getSortOrder())
+array(filter($sitename .': Tags: '. $cat), createURL('rss', 'all/'. filter($cat, 'url')).'?sort='.getSortOrder())
);
+if ($userservice->isLoggedOn()) {
+ $currentUsername = $currentUser->getUsername();
+ if ($userservice->isPrivateKeyValid($currentUser->getPrivateKey())) {
+ array_push(
+ $tplVars['rsschannels'],
+ array(
+ filter($sitename .': Tags: '. $cat . sprintf(T_(': (private) ')) . $currentUsername),
+ createURL('rss', filter($currentUsername, 'url') . '?sort='.getSortOrder().'&amp;privatekey='.$currentUser->getPrivateKey())
+ )
+ );
+ }
+}
+
// Pagination
$perpage = getPerPageCount($currentUser);
if (intval(GET_PAGE) > 1) {