Changeset 24421 for extensions/UserCollections/include/UserCollection.class.php

Timestamp:

Sep 11, 2013, 6:44:54 PM (11 years ago)

Author:

mistic100

Message:

new system for shares : password protection, link timeout, management popup + for mails
handle lightbox conflicts
menublock is visible by AMM

File:

• extensions/UserCollections/include/UserCollection.class.php (modified) (15 diffs)

extensions/UserCollections/include/UserCollection.class.php

@@ -12 +12 @@
    * @param: array images
    */
-  function __construct($col_id, $name=null, $comment=null, $public=false, $user_id=null)
+  function __construct($col_id, $name=null, $comment=null, $user_id=null)
   {
     global $user;
     
-    if (empty($user_id)) {
+    if (empty($user_id))
+    {
       $user_id = $user['id'];
     }
@@ -27 +28 @@
       'comment' => null,
       'nb_images' => 0,
-      'public' => 0,
-      'public_id' => null,
       );
     $this->images = array();
-    
-    // access from public id (access permission is checked line 66)
-    if ( strlen($col_id) == 10 and strpos($col_id, 'uc') === 0 )
-    {
-      $query = '
-SELECT id
-  FROM '.COLLECTIONS_TABLE.'
-  WHERE public_id = "'.$col_id.'"
-;';
-      $result = pwg_query($query);
-      
-      if (!pwg_db_num_rows($result))
-      {
-        $col_id = 0;
-      }
-      else
-      {
-        list($col_id) = pwg_db_fetch_row($result);
-      }
-    }
     
     // load specific collection
@@ -58 +37 @@
 SELECT *
   FROM '.COLLECTIONS_TABLE.'
-  WHERE
-    id = '.$col_id.'
-    '.(!is_admin() ? 'AND (user_id = '.$this->data['user_id'].' OR public = 1)' : null).'
+  WHERE id = '.$col_id.'
 ;';
       $result = pwg_query($query);
@@ -92 +69 @@
       else
       {
-        throw new Exception(l10n('Invalid collection'));
+        throw new Exception(l10n('Invalid collection'), WS_ERR_INVALID_PARAM);
       }
     }
@@ -100 +77 @@
       $this->data['name'] = $name;
       $this->data['comment'] = $comment;
-      $this->data['public'] = (int)$public;
-      $this->data['public_id'] = 'uc'.hash('crc32', uniqid(serialize($this->data), true));
       
       $query = '
@@ -108 +83 @@
     name,
     date_creation,
-    comment,
-    public,
-    public_id
+    comment
   ) 
   VALUES(
@@ -116 +89 @@
     "'.$this->data['name'].'",
     NOW(),
-    "'.$this->data['comment'].'",
-    '.(int)$this->data['public'].',
-    "'.$this->data['public_id'].'"
+    "'.$this->data['comment'].'"
   )
 ;';
@@ -130 +101 @@
     {
       trigger_error('UserCollection::__construct, invalid input parameter', E_USER_ERROR);
+    }
+  }
+  
+  /**
+   * check if current user is owner of the collection or admin
+   */
+  function checkUser()
+  {
+    global $user;
+    
+    if (!is_admin() && $user['id'] != $this->data['user_id'])
+    {
+      throw new Exception('Forbidden', 403);
     }
   }
@@ -280 +264 @@
       'COMMENT' => $this->data['comment'],
       'NB_IMAGES' => $this->data['nb_images'],
-      'PUBLIC' => (bool)$this->data['public'],
       'DATE_CREATION' => $this->data['date_creation'],
-      'U_PUBLIC' => USER_COLLEC_PUBLIC . 'view/'.$this->data['public_id'],
       );
     
     return $set;
+  }
+  
+  /**
+   * get share links
+   */
+  function getShares()
+  {
+    $query = '
+SELECT * FROM '.COLLECTION_SHARES_TABLE.'
+  WHERE col_id = '.$this->data['id'].'
+  ORDER BY add_date DESC
+;';
+    $result = pwg_query($query);
+    
+    $shares = array();
+    while ($row = pwg_db_fetch_assoc($result))
+    {
+      $row['expired'] = false;
+      
+      $row['params'] = unserialize($row['params']);
+      if (!empty($row['params']['deadline']))
+      {
+        $row['expired'] = strtotime($row['params']['deadline']) < time();
+        $row['params']['deadline_readable'] = format_date($row['params']['deadline'], true, false);
+      }
+      
+      $row['url'] = USER_COLLEC_PUBLIC . 'view/' . $row['share_key'];
+      $row['u_delete'] = USER_COLLEC_PUBLIC . 'edit/' . $this->data['id'] . '&amp;delete_share=' . $row['id'];
+      $row['add_date_readable'] = format_date($row['add_date'], true, false);
+      
+      $shares[] = $row;
+    }
+    
+    return $shares;
+  }
+  
+  /**
+   * delete a share
+   */
+  function deleteShare($id)
+  {
+    $query = '
+DELETE FROM '.COLLECTION_SHARES_TABLE.'
+  WHERE id = "'.pwg_db_real_escape_string($id).'"
+  AND col_id = '.$this->data['id'].'
+;';
+    pwg_query($query);
+    
+    return pwg_db_changes() != 0;
+  }
+  
+  /**
+   * Add a share URL
+   * @param: array
+   *          - share_key
+   *          - password
+   *          - deadline
+   * @return: array errors
+   */
+  function addShare($share, $abord_on_duplicate=true)
+  {
+    global $conf, $page;
+    
+    $errors = array();
+    
+    $share = array_map('stripslashes', $share);
+    
+    // check key
+    if (empty($share['share_key']) || strlen($share['share_key']) < 8)
+    {
+      $errors[] = l10n('The key must be at least 8 characters long');
+    }
+    else
+    {
+      $share['share_key'] = $this->data['id'].'-'.str2url($share['share_key']);
+      
+      $query = '
+SELECT id FROM '.COLLECTION_SHARES_TABLE.'
+  WHERE col_id = '.$this->data['id'].'
+  AND share_key = "'.$share['share_key'].'"
+;';
+      $result = pwg_query($query);
+      if (pwg_db_num_rows($result))
+      {
+        if ($abord_on_duplicate)
+        {
+          $errors[] = l10n('This key is already used');
+        }
+        else
+        {
+          return USER_COLLEC_PUBLIC . 'view/' . $share['share_key'];
+        }
+      }
+    }
+    
+    // filter date
+    if (!empty($share['deadline']))
+    {
+      $date = DateTime::createFromFormat('Y-m-d H:i', $share['deadline']);
+      $share['deadline'] = $date->format('Y-m-d H:i');
+    }
+    
+    // hash password
+    if (!empty($share['password']))
+    {
+      $share['password'] = sha1($conf['secret_key'].$share['password'].$share['share_key']);
+    }
+    
+    if (empty($errors))
+    {
+      $params = serialize(array(
+        'password' => @$share['password'],
+        'deadline' => @$share['deadline'],
+        ));
+      
+      $query = '
+INSERT INTO '.COLLECTION_SHARES_TABLE.'(
+    col_id,
+    share_key,
+    params,
+    add_date
+  )
+  VALUES(
+    '.$this->data['id'].',
+    "'.$share['share_key'].'",
+    "'.pwg_db_real_escape_string($params).'",
+    "'.date('Y-m-d H:i:s').'"
+  )
+;';
+      pwg_query($query);
+      
+      return USER_COLLEC_PUBLIC . 'view/' . $share['share_key'];
+    }
+    
+    return $errors;
   }
   
@@ -299 +416 @@
    * @return: array errors
    */
-  function sendEmail($comm, $key)
-  {
-    global $conf, $page, $template;
+  function sendEmail($comm)
+  {
+    global $conf;
     
     $errors = array();
@@ -308 +425 @@
 
     $comment_action='validate';
-    
-    // check key
-    if (!verify_ephemeral_key(@$key))
-    {
-      array_push($errors, l10n('Invalid key'));
-      $comment_action='reject';
-    }
 
     // check author
@@ -393 +503 @@
       {
         array_push($errors, l10n('Error while sending e-mail'));
+      }
+      else
+      {
+        return true;
       }
     }
@@ -454 +568 @@
     $mail_css = file_get_contents(dirname(__FILE__).'/../template/mail.css');
     
+    $share_key = 'mail-' . substr(sha1($this->data['id'].$conf['secret_key']), 0, 11);
+    
     $template->assign(array(
       'GALLERY_URL' => get_gallery_home_url(),
@@ -459 +575 @@
       'UC_MAIL_CSS' => str_replace("\n", null, $mail_css),
       'MAIL_TITLE' => $this->getParam('name').' ('.sprintf(l10n('by %s'), $params['sender_name']).')',
-      'COL_URL' => USER_COLLEC_PUBLIC . 'view/'.$this->data['public_id'],
+      'COL_URL' => $this->addShare(array('share_key'=>$share_key), false),
       'PARAMS' => $params,
       'derivative_params' => ImageStdParams::get_by_type(IMG_SQUARE),
@@ -518 +634 @@
           {
           case 'name':
-            $element[] = render_element_name($row); break;
+            $element[] = render_element_name($row);
+            break;
           case 'url':
-            $element[] = make_picture_url(array('image_id'=>$row['id'], 'image_file'=>$row['file'])); break;
+            $element[] = make_picture_url(array('image_id'=>$row['id'], 'image_file'=>$row['file']));
+            break;
           case 'path':
-            $element[] = $root_url.ltrim($row['path'], './'); break;
+            $element[] = $root_url.ltrim($row['path'], './');
+            break;
           default:
-            $element[] = $row[$field]; break;
+            $element[] = $row[$field];
+            break;
           }
         }