diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/SemanticScuttle/Config.php | 109 | ||||
| -rw-r--r-- | src/SemanticScuttle/Environment.php | 52 | ||||
| -rw-r--r-- | src/SemanticScuttle/Model/Bookmark.php | 17 | ||||
| -rw-r--r-- | src/SemanticScuttle/Model/User.php | 26 | ||||
| -rw-r--r-- | src/SemanticScuttle/Service/Bookmark.php | 1 | ||||
| -rw-r--r-- | src/SemanticScuttle/Service/Bookmark2Tag.php | 4 | ||||
| -rw-r--r-- | src/SemanticScuttle/Service/Tag.php | 4 | ||||
| -rw-r--r-- | src/SemanticScuttle/Service/User.php | 219 | ||||
| -rw-r--r-- | src/SemanticScuttle/constants.php | 14 | ||||
| -rw-r--r-- | src/SemanticScuttle/header.php | 18 |
10 files changed, 408 insertions, 56 deletions
diff --git a/src/SemanticScuttle/Config.php b/src/SemanticScuttle/Config.php new file mode 100644 index 0000000..0773310 --- /dev/null +++ b/src/SemanticScuttle/Config.php @@ -0,0 +1,109 @@ +<?php +/** + * SemanticScuttle - your social bookmark manager. + * + * PHP version 5. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske <cweiske@cweiske.de> + * @license AGPL http://www.gnu.org/licenses/agpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +/** + * Configuration handling + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske <cweiske@cweiske.de> + * @license AGPL http://www.gnu.org/licenses/agpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class SemanticScuttle_Config +{ + /** + * Prefix for configuration files. + * Used to inject stream wrapper protocol for unit testing + * + * @var string + */ + public $filePrefix = ''; + + + + /** + * Finds the correct data directory + * + * @return string Full path to the data directory with a trailing slash + */ + protected function getDataDir() + { + if ('@data_dir@' == '@' . 'data_dir@') { + //non pear-install + $datadir = dirname(__FILE__) . '/../../data/'; + } else { + //pear installation; files are in include path + $datadir = '@data_dir@/SemanticScuttle/'; + } + + return $datadir; + } + + + + /** + * Tries to find a configuration file by looking in different + * places: + * - pear data_dir/SemanticScuttle/config-$hostname.php + * - pear data_dir/SemanticScuttle/config.php + * - /etc/semanticscuttle/config-$hostname.php + * - /etc/semanticscuttle/config.php + * + * Paths with host name have priority. + * + * @return array Array with config file path as first value + * and default config file path as second value. + * Any may be NULL if not found + */ + public function findFiles() + { + //use basename to prevent path injection + $host = basename($_SERVER['HTTP_HOST']); + $datadir = $this->getDataDir(); + + $arFiles = array( + $datadir . 'config.' . $host . '.php', + '/etc/semanticscuttle/config.' . $host . '.php', + $datadir . 'config.php', + '/etc/semanticscuttle/config.php', + ); + + $configfile = null; + foreach ($arFiles as $file) { + if (file_exists($this->filePrefix . $file)) { + $configfile = $file; + break; + } + } + + //find default file + $arDefaultFiles = array_unique( + array( + substr($configfile, 0, -3) . 'default.php', + $datadir . 'config.default.php', + '/etc/semanticscuttle/config.default.php', + ) + ); + $defaultfile = null; + foreach ($arDefaultFiles as $file) { + if (file_exists($this->filePrefix . $file)) { + $defaultfile = $file; + break; + } + } + return array($configfile, $defaultfile); + } +} + +?>
\ No newline at end of file diff --git a/src/SemanticScuttle/Environment.php b/src/SemanticScuttle/Environment.php new file mode 100644 index 0000000..e5fe3de --- /dev/null +++ b/src/SemanticScuttle/Environment.php @@ -0,0 +1,52 @@ +<?php +/** + * SemanticScuttle - your social bookmark manager. + * + * PHP version 5. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske <cweiske@cweiske.de> + * @license AGPL http://www.gnu.org/licenses/agpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +/** + * Server environment handling methods + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske <cweiske@cweiske.de> + * @license AGPL http://www.gnu.org/licenses/agpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class SemanticScuttle_Environment +{ + /** + * Determines the correct $_SERVER['PATH_INFO'] value + * + * @return string New value + */ + public static function getServerPathInfo() + { + /* old code that does not work today. + if you find that this code helps you, tell us + and send us the output of var_export($_SERVER); + // Correct bugs with PATH_INFO (maybe for Apache 1 or CGI) -- for 1&1 host... + if (isset($_SERVER['PATH_INFO']) && isset($_SERVER['ORIG_PATH_INFO'])) { + if (strlen($_SERVER["PATH_INFO"])<strlen($_SERVER["ORIG_PATH_INFO"])) { + $_SERVER["PATH_INFO"] = $_SERVER["ORIG_PATH_INFO"]; + } + if (strcasecmp($_SERVER["PATH_INFO"], $_SERVER["SCRIPT_NAME"]) == 0) { + unset($_SERVER["PATH_INFO"]); + } + if (strpos($_SERVER["PATH_INFO"], '.php') !== false) { + unset($_SERVER["PATH_INFO"]); + } + } + */ + + return $_SERVER['PATH_INFO']; + } +} +?>
\ No newline at end of file diff --git a/src/SemanticScuttle/Model/Bookmark.php b/src/SemanticScuttle/Model/Bookmark.php index 8bda0b3..1330642 100644 --- a/src/SemanticScuttle/Model/Bookmark.php +++ b/src/SemanticScuttle/Model/Bookmark.php @@ -24,6 +24,23 @@ class SemanticScuttle_Model_Bookmark { /** + * Status "public" / visible for all + */ + const SPUBLIC = 0; + + /** + * Status "shared" / visible for people on your watchlist + */ + const SWATCHLIST = 1; + + /** + * Status "private" / visible for yourself only + */ + const SPRIVATE = 2; + + + + /** * Checks if the given URL is valid and may be used with this * SemanticScuttle installation. * diff --git a/src/SemanticScuttle/Model/User.php b/src/SemanticScuttle/Model/User.php index 500f5b1..3aa617b 100644 --- a/src/SemanticScuttle/Model/User.php +++ b/src/SemanticScuttle/Model/User.php @@ -35,6 +35,7 @@ class SemanticScuttle_Model_User var $content; var $datetime; var $isAdmin; + var $privateKey; /** * Create a new user object @@ -69,6 +70,29 @@ class SemanticScuttle_Model_User } /** + * Returns private key + * + * @param boolean return sanitized value which basically drops + * leading dash if exists + * + * @return string private key + */ + public function getPrivateKey($sanitized = false) + { + // Look for value only if not already set + if (!isset($this->privateKey)) { + $us = SemanticScuttle_Service_Factory::get('User'); + $user = $us->getUser($this->id); + $this->privateKey = $user['privateKey']; + } + if ($sanitized == true) { + return substr($this->privateKey, -32); + } else { + return $this->privateKey; + } + } + + /** * Returns full user name as specified in the profile. * * @return string Full name @@ -182,4 +206,4 @@ class SemanticScuttle_Model_User } } -?>
\ No newline at end of file +?> diff --git a/src/SemanticScuttle/Service/Bookmark.php b/src/SemanticScuttle/Service/Bookmark.php index 919ca7a..17ab7ba 100644 --- a/src/SemanticScuttle/Service/Bookmark.php +++ b/src/SemanticScuttle/Service/Bookmark.php @@ -427,6 +427,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService $existence[$hashes[$row['bHash']]] = $row['count'] > 0; } + $this->db->sql_freeresult($dbresult); return $existence; } diff --git a/src/SemanticScuttle/Service/Bookmark2Tag.php b/src/SemanticScuttle/Service/Bookmark2Tag.php index a10cb61..04ee43d 100644 --- a/src/SemanticScuttle/Service/Bookmark2Tag.php +++ b/src/SemanticScuttle/Service/Bookmark2Tag.php @@ -99,7 +99,7 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService $tags_count = is_array($tags)?count($tags):0; for ($i = 0; $i < $tags_count; $i++) { - $tags[$i] = trim(strtolower($tags[$i])); + $tags[$i] = trim(utf8_strtolower($tags[$i])); if ($fromApi) { include_once 'SemanticScuttle/functions.php'; $tags[$i] = convertTag($tags[$i], 'in'); @@ -584,7 +584,7 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService if (is_int($days)) { $query .= ' AND B.bDatetime > "' - . date('Y-m-d H:i:s', time() - (86400 * $days)) + . gmdate('Y-m-d H:i:s', time() - (86400 * $days)) . '"'; } diff --git a/src/SemanticScuttle/Service/Tag.php b/src/SemanticScuttle/Service/Tag.php index 25d3888..8325285 100644 --- a/src/SemanticScuttle/Service/Tag.php +++ b/src/SemanticScuttle/Service/Tag.php @@ -141,10 +141,10 @@ class SemanticScuttle_Service_Tag extends SemanticScuttle_DbService //normalize if(!is_array($tags)) { - $tags = strtolower(trim($tags)); + $tags = utf8_strtolower(trim($tags)); } else { for($i=0; $i<count($tags); $i++) { - $tags[$i] = strtolower(trim($tags[$i])); + $tags[$i] = utf8_strtolower(trim($tags[$i])); } } return $tags; diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 0e437c2..7550ed2 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -48,9 +48,10 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService protected $currentuser = null; protected $fields = array( - 'primary' => 'uId', - 'username' => 'username', - 'password' => 'password' + 'primary' => 'uId', + 'username' => 'username', + 'password' => 'password', + 'privateKey' => 'privateKey' ); protected $profileurl; @@ -215,6 +216,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService return $this->_getuser($this->getFieldName('username'), $username); } + /** + * Returns user row from database. + * + * @param string $privateKey Private Key + * + * @return array User array from database, false if no user was found + */ + public function getUserByPrivateKey($privateKey) + { + return $this->_getuser($this->getFieldName('privateKey'), $privateKey); + } + function getObjectUserByUsername($username) { $user = $this->_getuser($this->getFieldName('username'), $username); if($user != false) { @@ -280,6 +293,22 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } /** + * Tells you if the private key is enabled and valid + * + * @param string $privateKey Private Key + * + * @return boolean True if enabled and valid + */ + public function isPrivateKeyValid($privateKey) + { + // check length of private key + if (strlen($privateKey) == 32) { + return true; + } + return false; + } + + /** * Returns the current user object * * @param boolean $refresh Reload the user from database @@ -293,7 +322,7 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService { if (!is_null($newval)) { //internal use only: reset currentuser - $currentuser = $newval; + $this->currentuser = $newval; } else if ($refresh || !isset($this->currentuser)) { if ($id = $this->getCurrentUserId()) { $this->currentuser = $this->getUser($id); @@ -510,6 +539,46 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } /** + * Try to authenticate via the privateKey + * + * @param string $privateKey Private Key + * + * @return boolean true if the user could be authenticated, + * false if not. + */ + public function loginPrivateKey($privateKey) + { + /* Check if private key valid and enabled */ + if (!$this->isPrivateKeyValid($privateKey)) { + return false; + } + + $query = 'SELECT '. $this->getFieldName('primary') .' FROM ' + . $this->getTableName() .' WHERE ' + . $this->getFieldName('privateKey') .' = "' + . $this->db->sql_escape($privateKey) .'"'; + + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, + 'Could not get user', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + $row = $this->db->sql_fetchrow($dbresult); + $this->db->sql_freeresult($dbresult); + + if ($row) { + $this->setCurrentUserId($row[$this->getFieldName('primary')], false); + return true; + } else { + return false; + } + } + + /** * Logs the user off * * @return void @@ -519,7 +588,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService @setcookie($this->getCookiekey(), '', time() - 1, '/'); unset($_COOKIE[$this->getCookiekey()]); session_unset(); - $this->getCurrentUser(TRUE, false); + $this->currentuserId = null; + $this->currentuser = null; } function getWatchlist($uId) { @@ -603,11 +673,12 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService return false; } - $arrWatch = array(); + $retval = true; if ($this->db->sql_numrows($dbresult) == 0) - return false; - else - return true; + $retval = false; + + $this->db->sql_freeresult($dbresult); + return $retval; } function setWatchStatus($subjectUserID) { @@ -646,24 +717,26 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService * No checks are done in here - you ought to have checked * everything before calling this method! * - * @param string $username Username to use - * @param string $password Password to use - * @param string $email Email to use + * @param string $username Username to use + * @param string $password Password to use + * @param string $email Email to use + * @param string $privateKey Key for RSS auth * * @return mixed Integer user ID if all is well, * boolean false if an error occured */ - public function addUser($username, $password, $email) + public function addUser($username, $password, $email, $privateKey = null) { // Set up the SQL UPDATE statement. $datetime = gmdate('Y-m-d H:i:s', time()); $password = $this->sanitisePassword($password); $values = array( - 'username' => $username, - 'password' => $password, - 'email' => $email, - 'uDatetime' => $datetime, - 'uModified' => $datetime + 'username' => $username, + 'password' => $password, + 'email' => $email, + 'uDatetime' => $datetime, + 'uModified' => $datetime, + 'privateKey' => $privateKey ); $sql = 'INSERT INTO '. $this->getTableName() . ' '. $this->db->sql_build_array('INSERT', $values); @@ -687,40 +760,64 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService /** * Updates the given user * - * @param integer $uId ID of user to change - * @param string $password Password to use - * @param string $name Realname to use - * @param string $email Email to use - * @param string $homepage User's homepage - * @param string $uContent User note + * @param integer $uId ID of user to change + * @param string $password Password to use + * @param string $name Realname to use + * @param string $email Email to use + * @param string $homepage User's homepage + * @param string $uContent User note + * @param string $privateKey RSS Private Key + * @param boolean $enablePrivateKey RSS Private Key Flag * * @return boolean True when all is well, false if not */ public function updateUser( - $uId, $password, $name, $email, $homepage, $uContent + $uId, $password, $name, $email, $homepage, $uContent, + $privateKey = null, $enablePrivateKey = false ) { if (!is_numeric($uId)) { return false; } + // prepend '-' to privateKey if disabled + if ($privateKey != null && strlen($privateKey) == 32 + && $enablePrivateKey == false + ) { + $privateKey = '-' . $privateKey; + } + + // remove '-' from privateKey if enabling + if ($privateKey != null && strlen($privateKey) == 33 + && $enablePrivateKey == true + ) { + $privateKey = substr($privateKey, 1, 32); + } + + // if new user is enabling Private Key, create new key + if ($privateKey == null && $enablePrivateKey == true) { + $privateKey = $this->getNewPrivateKey(); + } + // Set up the SQL UPDATE statement. $moddatetime = gmdate('Y-m-d H:i:s', time()); if ($password == '') { $updates = array( - 'uModified' => $moddatetime, - 'name' => $name, - 'email' => $email, - 'homepage' => $homepage, - 'uContent' => $uContent + 'uModified' => $moddatetime, + 'name' => $name, + 'email' => $email, + 'homepage' => $homepage, + 'uContent' => $uContent, + 'privateKey' => $privateKey ); } else { $updates = array( - 'uModified' => $moddatetime, - 'password' => $this->sanitisePassword($password), - 'name' => $name, - 'email' => $email, - 'homepage' => $homepage, - 'uContent' => $uContent + 'uModified' => $moddatetime, + 'password' => $this->sanitisePassword($password), + 'name' => $name, + 'email' => $email, + 'homepage' => $homepage, + 'uContent' => $uContent, + 'privateKey' => $privateKey ); } $sql = 'UPDATE '. $this->getTableName() @@ -837,6 +934,56 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } } + /** + * Generates a new private key and confirms it isn't being used. + * Private key is 32 characters long, consisting of lowercase and + * numeric characters. + * + * @return string the new key value + */ + public function getNewPrivateKey() + { + do { + $newKey = md5(uniqid('SemanticScuttle', true)); + } while ($this->privateKeyExists($newKey)); + + return $newKey; + } + + /** + * Checks if a private key already exists + * + * @param string $privateKey key that has been generated + * + * @return boolean true when the private key exists, + * False if not. + */ + public function privateKeyExists($privateKey) + { + if (!$privateKey) { + return false; + } + $crit = array('privateKey' => $privateKey); + + $sql = 'SELECT COUNT(*) as "0" FROM ' + . $GLOBALS['tableprefix'] . 'users' + . ' WHERE '. $this->db->sql_build_array('SELECT', $crit); + + if (!($dbresult = $this->db->sql_query($sql))) { + message_die( + GENERAL_ERROR, 'Could not get vars', '', + __LINE__, __FILE__, $sql, $this->db + ); + } + if ($this->db->sql_fetchfield(0, 0) > 0) { + $exists = true; + } else { + $exists = false; + } + $this->db->sql_freeresult($dbresult); + return $exists; + } + function isReserved($username) { if (in_array($username, $GLOBALS['reservedusers'])) { return true; diff --git a/src/SemanticScuttle/constants.php b/src/SemanticScuttle/constants.php index f8567d9..fcb2d90 100644 --- a/src/SemanticScuttle/constants.php +++ b/src/SemanticScuttle/constants.php @@ -69,16 +69,6 @@ define('PAGE_WATCHLIST', "watchlist"); // installations on the same host server define('INSTALLATION_ID', md5($GLOBALS['dbname'].$GLOBALS['tableprefix'])); -// Correct bugs with PATH_INFO (maybe for Apache 1 or CGI) -- for 1&1 host... -if (isset($_SERVER['PATH_INFO']) && isset($_SERVER['ORIG_PATH_INFO'])) { - if (strlen($_SERVER["PATH_INFO"])<strlen($_SERVER["ORIG_PATH_INFO"])) { - $_SERVER["PATH_INFO"] = $_SERVER["ORIG_PATH_INFO"]; - } - if (strcasecmp($_SERVER["PATH_INFO"], $_SERVER["SCRIPT_NAME "]) == 0) { - unset($_SERVER["PATH_INFO"]); - } - if (strpos($_SERVER["PATH_INFO"], '.php') !== false) { - unset($_SERVER["PATH_INFO"]); - } -} +//currently not needed +//$_SERVER['PATH_INFO'] = SemanticScuttle_Environment::getServerPathInfo(); ?> diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php index 6c0d4df..694df54 100644 --- a/src/SemanticScuttle/header.php +++ b/src/SemanticScuttle/header.php @@ -25,8 +25,20 @@ if ('@data_dir@' == '@' . 'data_dir@') { //FIXME: when you have multiple installations, the www_dir will be wrong $wwwdir = '@www_dir@/SemanticScuttle/'; } +require_once dirname(__FILE__) . '/Environment.php'; +require_once dirname(__FILE__) . '/Config.php'; -if (!file_exists($datadir . '/config.php')) { +$cfg = new SemanticScuttle_Config(); +list($configfile, $defaultfile) = $cfg->findFiles(); +if ($defaultfile === null) { + header('HTTP/1.0 500 Internal Server Error'); + die( + 'No default configuration file config.default.php found.' + . ' This is really, really strange' + . "\n" + ); +} +if ($configfile === null) { header('HTTP/1.0 500 Internal Server Error'); die( 'Please copy "config.php.dist" to "config.php" in data/ folder.' @@ -39,8 +51,8 @@ set_include_path( ); // 1 // First requirements part (before debug management) -require_once $datadir . '/config.default.php'; -require_once $datadir . '/config.php'; +require_once $defaultfile; +require_once $configfile; if (isset($_GET['unittestMode']) && $_GET['unittestMode'] == 1 ) { |