From ec345f7a1343769abdf3f5920a0732b24726b733 Mon Sep 17 00:00:00 2001 From: Mark Pemberton Date: Fri, 13 May 2011 14:26:51 -0400 Subject: new privatekey2 branch with privatekey changes --- src/SemanticScuttle/Model/User.php | 26 +++- src/SemanticScuttle/Service/Bookmark.php | 2 +- src/SemanticScuttle/Service/User.php | 211 ++++++++++++++++++++++++++----- 3 files changed, 205 insertions(+), 34 deletions(-) (limited to 'src') diff --git a/src/SemanticScuttle/Model/User.php b/src/SemanticScuttle/Model/User.php index 500f5b1..3aa617b 100644 --- a/src/SemanticScuttle/Model/User.php +++ b/src/SemanticScuttle/Model/User.php @@ -35,6 +35,7 @@ class SemanticScuttle_Model_User var $content; var $datetime; var $isAdmin; + var $privateKey; /** * Create a new user object @@ -68,6 +69,29 @@ class SemanticScuttle_Model_User return $this->username; } + /** + * Returns private key + * + * @param boolean return sanitized value which basically drops + * leading dash if exists + * + * @return string private key + */ + public function getPrivateKey($sanitized = false) + { + // Look for value only if not already set + if (!isset($this->privateKey)) { + $us = SemanticScuttle_Service_Factory::get('User'); + $user = $us->getUser($this->id); + $this->privateKey = $user['privateKey']; + } + if ($sanitized == true) { + return substr($this->privateKey, -32); + } else { + return $this->privateKey; + } + } + /** * Returns full user name as specified in the profile. * @@ -182,4 +206,4 @@ class SemanticScuttle_Model_User } } -?> \ No newline at end of file +?> diff --git a/src/SemanticScuttle/Service/Bookmark.php b/src/SemanticScuttle/Service/Bookmark.php index 919ca7a..e836cd8 100644 --- a/src/SemanticScuttle/Service/Bookmark.php +++ b/src/SemanticScuttle/Service/Bookmark.php @@ -717,7 +717,7 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService // All public bookmarks, user's own bookmarks // and any shared with user $privacy = ' AND ((B.bStatus = 0) OR (B.uId = '. $sId .')'; - $watchnames = $userservice->getWatchNames($sId, true); + $watchnames = $userservice->getWatchNames($sId); foreach ($watchnames as $watchuser) { $privacy .= ' OR (U.username = "'. $watchuser .'" AND B.bStatus = 1)'; } diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 09a2cb1..c3633de 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -48,9 +48,10 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService protected $currentuser = null; protected $fields = array( - 'primary' => 'uId', - 'username' => 'username', - 'password' => 'password' + 'primary' => 'uId', + 'username' => 'username', + 'password' => 'password', + 'privatekey' => 'privatekey' ); protected $profileurl; @@ -215,6 +216,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService return $this->_getuser($this->getFieldName('username'), $username); } + /** + * Returns user row from database. + * + * @param string $privatekey Private Key + * + * @return array User array from database, false if no user was found + */ + public function getUserByPrivateKey($privatekey) + { + return $this->_getuser($this->getFieldName('privatekey'), $privatekey); + } + function getObjectUserByUsername($username) { $user = $this->_getuser($this->getFieldName('username'), $username); if($user != false) { @@ -279,6 +292,22 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService return ($this->getCurrentUserId() !== false); } + /** + * Tells you if the private key is enabled and valid + * + * @param string $privateKey Private Key + * + * @return boolean True if enabled and valid + */ + public function isPrivateKeyValid($privateKey) + { + // check length of private key + if (strlen($privateKey) == 32) { + return true; + } + return false; + } + /** * Returns the current user object * @@ -293,7 +322,7 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService { if (!is_null($newval)) { //internal use only: reset currentuser - $currentuser = $newval; + $this->currentuser = $newval; } else if ($refresh || !isset($this->currentuser)) { if ($id = $this->getCurrentUserId()) { $this->currentuser = $this->getUser($id); @@ -509,6 +538,47 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } } + /** + * Try to authenticate via the privatekey + * + * @param string $privatekey Private Key + * + * @return boolean true if the user could be authenticated, + * false if not. + */ + public function loginPrivateKey($privatekey) + { + /* Check if private key valid and enabled */ + if (!$this->isPrivateKeyValid($privatekey)) { + return false; + } + + $query = 'SELECT '. $this->getFieldName('primary') .' FROM ' + . $this->getTableName() .' WHERE ' + . $this->getFieldName('privatekey') .' = "' + . $this->db->sql_escape($privatekey) .'"'; + + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, + 'Could not get user', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + $row = $this->db->sql_fetchrow($dbresult); + $this->db->sql_freeresult($dbresult); + + if ($row) { + $id = $_SESSION[$this->getSessionKey()] + = $row[$this->getFieldName('primary')]; + return true; + } else { + return false; + } + } + /** * Logs the user off * @@ -519,7 +589,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService @setcookie($this->getCookiekey(), '', time() - 1, '/'); unset($_COOKIE[$this->getCookiekey()]); session_unset(); - $this->getCurrentUser(TRUE, false); + $this->currentuserId = null; + $this->currentuser = null; } function getWatchlist($uId) { @@ -646,24 +717,26 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService * No checks are done in here - you ought to have checked * everything before calling this method! * - * @param string $username Username to use - * @param string $password Password to use - * @param string $email Email to use + * @param string $username Username to use + * @param string $password Password to use + * @param string $email Email to use + * @param string $privateKey Key for RSS auth * * @return mixed Integer user ID if all is well, * boolean false if an error occured */ - public function addUser($username, $password, $email) + public function addUser($username, $password, $email, $privateKey = null) { // Set up the SQL UPDATE statement. $datetime = gmdate('Y-m-d H:i:s', time()); $password = $this->sanitisePassword($password); $values = array( - 'username' => $username, - 'password' => $password, - 'email' => $email, - 'uDatetime' => $datetime, - 'uModified' => $datetime + 'username' => $username, + 'password' => $password, + 'email' => $email, + 'uDatetime' => $datetime, + 'uModified' => $datetime, + 'privateKey' => $privateKey ); $sql = 'INSERT INTO '. $this->getTableName() . ' '. $this->db->sql_build_array('INSERT', $values); @@ -687,40 +760,64 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService /** * Updates the given user * - * @param integer $uId ID of user to change - * @param string $password Password to use - * @param string $name Realname to use - * @param string $email Email to use - * @param string $homepage User's homepage - * @param string $uContent User note + * @param integer $uId ID of user to change + * @param string $password Password to use + * @param string $name Realname to use + * @param string $email Email to use + * @param string $homepage User's homepage + * @param string $uContent User note + * @param string $privateKey RSS Private Key + * @param boolean $enablePrivateKey RSS Private Key Flag * * @return boolean True when all is well, false if not */ public function updateUser( - $uId, $password, $name, $email, $homepage, $uContent + $uId, $password, $name, $email, $homepage, $uContent, + $privateKey = null, $enablePrivateKey = false ) { if (!is_numeric($uId)) { return false; } + // prepend '-' to privateKey if disabled + if ($privateKey != null && strlen($privateKey) == 32 + && $enablePrivateKey == false + ) { + $privateKey = '-' . $privateKey; + } + + // remove '-' from privateKey if enabling + if ($privateKey != null && strlen($privateKey) == 33 + && $enablePrivateKey == true + ) { + $privateKey = substr($privateKey, 1, 32); + } + + // if new user is enabling Private Key, create new key + if ($privateKey == null && $enablePrivateKey == true) { + $privateKey = $this->getNewPrivateKey(); + } + // Set up the SQL UPDATE statement. $moddatetime = gmdate('Y-m-d H:i:s', time()); if ($password == '') { $updates = array( - 'uModified' => $moddatetime, - 'name' => $name, - 'email' => $email, - 'homepage' => $homepage, - 'uContent' => $uContent + 'uModified' => $moddatetime, + 'name' => $name, + 'email' => $email, + 'homepage' => $homepage, + 'uContent' => $uContent, + 'privateKey' => $privateKey ); } else { $updates = array( - 'uModified' => $moddatetime, - 'password' => $this->sanitisePassword($password), - 'name' => $name, - 'email' => $email, - 'homepage' => $homepage, - 'uContent' => $uContent + 'uModified' => $moddatetime, + 'password' => $this->sanitisePassword($password), + 'name' => $name, + 'email' => $email, + 'homepage' => $homepage, + 'uContent' => $uContent, + 'privateKey' => $privateKey ); } $sql = 'UPDATE '. $this->getTableName() @@ -837,6 +934,56 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } } + /** + * Generates a new private key and confirms it isn't being used. + * Private key is 32 characters long, consisting of lowercase and + * numeric characters. + * + * @return string the new key value + */ + public function getNewPrivateKey() + { + do { + $newKey = md5(uniqid('SemanticScuttle', true)); + } while ($this->privateKeyExists($newKey)); + + return $newKey; + } + + /** + * Checks if a private key already exists + * + * @param string $privateKey key that has been generated + * + * @return boolean true when the private key exists, + * False if not. + */ + public function privateKeyExists($privateKey) + { + if (!$privateKey) { + return false; + } + $crit = array('privateKey' => $privateKey); + + $sql = 'SELECT COUNT(*) as "0" FROM ' + . $GLOBALS['tableprefix'] . 'users' + . ' WHERE '. $this->db->sql_build_array('SELECT', $crit); + + if (!($dbresult = $this->db->sql_query($sql))) { + message_die( + GENERAL_ERROR, 'Could not get vars', '', + __LINE__, __FILE__, $sql, $this->db + ); + } + if ($this->db->sql_fetchfield(0, 0) > 0) { + $exists = true; + } else { + $exists = false; + } + $this->db->sql_freeresult($dbresult); + return $exists; + } + function isReserved($username) { if (in_array($username, $GLOBALS['reservedusers'])) { return true; -- cgit v1.2.3