summaryrefslogtreecommitdiff
path: root/src/SemanticScuttle/Service
diff options
context:
space:
mode:
Diffstat (limited to 'src/SemanticScuttle/Service')
-rw-r--r--src/SemanticScuttle/Service/Bookmark.php10
-rw-r--r--src/SemanticScuttle/Service/User.php88
2 files changed, 77 insertions, 21 deletions
diff --git a/src/SemanticScuttle/Service/Bookmark.php b/src/SemanticScuttle/Service/Bookmark.php
index a30ad5f..919ca7a 100644
--- a/src/SemanticScuttle/Service/Bookmark.php
+++ b/src/SemanticScuttle/Service/Bookmark.php
@@ -435,6 +435,10 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
/**
* Adds a bookmark to the database.
*
+ * Security checks are being made here, but no error reasons will be
+ * returned. It is the responsibility of the code that calls
+ * addBookmark() to verify the data.
+ *
* @param string $address Full URL of the bookmark
* @param string $title Bookmark title
* @param string $description Long bookmark description
@@ -453,7 +457,8 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* @param boolean $fromImport True when the bookmark is from an import.
* @param integer $sId ID of user who creates the bookmark.
*
- * @return integer Bookmark ID
+ * @return mixed Integer bookmark ID if saving succeeded, false in
+ * case of an error. Error reasons are not returned.
*/
public function addBookmark(
$address, $title, $description, $privateNote, $status, $tags,
@@ -466,6 +471,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
}
$address = $this->normalize($address);
+ if (!SemanticScuttle_Model_Bookmark::isValidUrl($address)) {
+ return false;
+ }
/*
* Note that if date is NULL, then it's added with a date and
diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php
index 9ef8430..072ce85 100644
--- a/src/SemanticScuttle/Service/User.php
+++ b/src/SemanticScuttle/Service/User.php
@@ -29,6 +29,14 @@ require_once 'SemanticScuttle/Model/User.php';
class SemanticScuttle_Service_User extends SemanticScuttle_DbService
{
/**
+ * The ID of the currently logged on user.
+ * NULL when not logged in.
+ *
+ * @var integer
+ */
+ protected $currentuserId = null;
+
+ /**
* Currently logged on user from database
*
* @var array
@@ -363,10 +371,17 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
*/
public function getCurrentUserId()
{
+ if ($this->currentuserId !== null) {
+ return $this->currentuserId;
+ }
+
if (isset($_SESSION[$this->getSessionKey()])) {
- return (int)$_SESSION[$this->getSessionKey()];
+ $this->currentuserId = (int)$_SESSION[$this->getSessionKey()];
+ return $this->currentuserId;
+
+ }
- } else if (isset($_COOKIE[$this->getCookieKey()])) {
+ if (isset($_COOKIE[$this->getCookieKey()])) {
$cook = explode(':', $_COOKIE[$this->getCookieKey()]);
//cookie looks like this: 'id:md5(username+password)'
$query = 'SELECT * FROM '. $this->getTableName() .
@@ -385,10 +400,10 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
if ($row = $this->db->sql_fetchrow($dbresult)) {
$this->setCurrentUserId(
- (int)$row[$this->getFieldName('primary')]
+ (int)$row[$this->getFieldName('primary')], true
);
$this->db->sql_freeresult($dbresult);
- return (int)$_SESSION[$this->getSessionKey()];
+ return $this->currentuserId;
}
}
return false;
@@ -402,16 +417,23 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
* @internal
* No ID verification is being done.
*
- * @param integer $user User ID or null to unset the user
+ * @param integer $user User ID or null to unset the user
+ * @param boolean $storeInSession Store the user ID in the session
*
* @return void
*/
- public function setCurrentUserId($user)
+ public function setCurrentUserId($user, $storeInSession = false)
{
if ($user === null) {
- unset($_SESSION[$this->getSessionKey()]);
+ $this->currentuserId = null;
+ if ($storeInSession) {
+ unset($_SESSION[$this->getSessionKey()]);
+ }
} else {
- $_SESSION[$this->getSessionKey()] = (int)$user;
+ $this->currentuserId = (int)$user;
+ if ($storeInSession) {
+ $_SESSION[$this->getSessionKey()] = $this->currentuserId;
+ }
}
//reload user object
$this->getCurrentUser(true);
@@ -449,10 +471,9 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
$this->db->sql_freeresult($dbresult);
if ($row) {
- $id = $_SESSION[$this->getSessionKey()]
- = $row[$this->getFieldName('primary')];
+ $this->setCurrentUserId($row[$this->getFieldName('primary')], true);
if ($remember) {
- $cookie = $id .':'. md5($username.$password);
+ $cookie = $this->currentuserId . ':' . md5($username.$password);
setcookie(
$this->cookiekey, $cookie,
time() + $this->cookietime, '/'
@@ -464,7 +485,13 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
}
}
- function logout() {
+ /**
+ * Logs the user off
+ *
+ * @return void
+ */
+ public function logout()
+ {
@setcookie($this->getCookiekey(), '', time() - 1, '/');
unset($_COOKIE[$this->getCookiekey()]);
session_unset();
@@ -492,10 +519,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
return $arrWatch;
}
- function getWatchNames($uId, $watchedby = false) {
- // Gets the list of user names being watched by the given user.
- // - If $watchedby is false get the list of users that $uId watches
- // - If $watchedby is true get the list of users that watch $uId
+
+ /**
+ * Gets the list of user names being watched by the given user.
+ *
+ * @param integer $uId User ID
+ * @param boolean $watchedby if false: get the list of users that $uId watches
+ * if true: get the list of users that watch $uId
+ *
+ * @return array Array of user names
+ */
+ public function getWatchNames($uId, $watchedby = false)
+ {
if ($watchedby) {
$table1 = 'b';
$table2 = 'a';
@@ -503,10 +538,22 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
$table1 = 'a';
$table2 = 'b';
}
- $query = 'SELECT '. $table1 .'.'. $this->getFieldName('username') .' FROM '. $GLOBALS['tableprefix'] .'watched AS W, '. $this->getTableName() .' AS a, '. $this->getTableName() .' AS b WHERE W.watched = a.'. $this->getFieldName('primary') .' AND W.uId = b.'. $this->getFieldName('primary') .' AND '. $table2 .'.'. $this->getFieldName('primary') .' = '. intval($uId) .' ORDER BY '. $table1 .'.'. $this->getFieldName('username');
+ $primary = $this->getFieldName('primary');
+ $userfield = $this->getFieldName('username');
+ $query = 'SELECT '. $table1 .'.'. $userfield
+ . ' FROM '. $GLOBALS['tableprefix'] . 'watched AS W,'
+ . ' ' . $this->getTableName() .' AS a,'
+ . ' ' . $this->getTableName() .' AS b'
+ . ' WHERE W.watched = a.' . $primary
+ . ' AND W.uId = b.' . $primary
+ . ' AND ' . $table2 . '.' . $primary . ' = '. intval($uId)
+ . ' ORDER BY '. $table1 . '.' . $userfield;
- if (!($dbresult =& $this->db->sql_query($query))) {
- message_die(GENERAL_ERROR, 'Could not get watchlist', '', __LINE__, __FILE__, $query, $this->db);
+ if (!($dbresult = $this->db->sql_query($query))) {
+ message_die(
+ GENERAL_ERROR, 'Could not get watchlist',
+ '', __LINE__, __FILE__, $query, $this->db
+ );
return false;
}
@@ -515,13 +562,14 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
$this->db->sql_freeresult($dbresult);
return $arrWatch;
}
- while ($row =& $this->db->sql_fetchrow($dbresult)) {
+ while ($row = $this->db->sql_fetchrow($dbresult)) {
$arrWatch[] = $row[$this->getFieldName('username')];
}
$this->db->sql_freeresult($dbresult);
return $arrWatch;
}
+
function getWatchStatus($watcheduser, $currentuser) {
// Returns true if the current user is watching the given user, and false otherwise.
$query = 'SELECT watched FROM '. $GLOBALS['tableprefix'] .'watched AS W INNER JOIN '. $this->getTableName() .' AS U ON U.'. $this->getFieldName('primary') .' = W.watched WHERE U.'. $this->getFieldName('primary') .' = '. intval($watcheduser) .' AND W.uId = '. intval($currentuser);