Closed #52 - fixes for anonymous accounts

- Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues
2013-10-27 20:39:32 +01:00 · 2013-10-27 20:39:32 +01:00 · b55a8f1dce
commit b55a8f1dce
parent f726690ea3
10 changed files with 75 additions and 67 deletions
--- a/src/Bootstrap.php
+++ b/src/Bootstrap.php
@ -1,41 +1,6 @@
 <?php
 class Bootstrap
 {
-	public function attachUser()
-	{
-		$this->context->loggedIn = false;
-		if (isset($_SESSION['user-id']))
-		{
-			if (!isset($_SESSION['user']))
-			{
-				$dbUser = R::findOne('user', 'id = ?', [$_SESSION['user-id']]);
-				$_SESSION['user'] = serialize($dbUser);
-			}
-			$this->context->user = unserialize($_SESSION['user']);
-			if (!empty($this->context->user))
-			{
-				$this->context->loggedIn = true;
-			}
-		}
-		if (!$this->context->loggedIn)
-		{
-			try
-			{
-				AuthController::tryAutoLogin();
-			}
-			catch (Exception $e)
-			{
-			}
-		}
-		if (empty($this->context->user))
-		{
-			$dummy = R::dispense('user');
-			$dummy->name = 'Anonymous';
-			$dummy->access_rank = AccessRank::Anonymous;
-			$this->context->user = $dummy;
-		}
-	}
-
 	public function workWrapper($workCallback)
 	{
 		$this->config->chibi->baseUrl = 'http://' . rtrim($_SERVER['HTTP_HOST'], '/') . '/';
@ -62,7 +27,7 @@ class Bootstrap
 		$this->context->transport = new StdClass;
 		$this->context->transport->success = null;

-		$this->attachUser();
+		AuthController::doLogIn();

 		if (empty($this->context->route))
 		{
--- a/src/Controllers/AuthController.php
+++ b/src/Controllers/AuthController.php
@ -4,6 +4,7 @@ class AuthController
 	public static function tryLogin($name, $password)
 	{
 		$config = \Chibi\Registry::getConfig();
+		$context = \Chibi\Registry::getContext();

 		$dbUser = R::findOne('user', 'name = ?', [$name]);
 		if ($dbUser === null)
@ -22,8 +23,8 @@ class AuthController
 		if ($config->registration->needEmailForRegistering)
 			PrivilegesHelper::confirmEmail($dbUser);

-		$_SESSION['user-id'] = $dbUser->id;
-		$_SESSION['user'] = serialize($dbUser);
+		$context->user = $dbUser;
+		self::doReLog();
 		\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
 		return $dbUser;
 	}
@ -75,9 +76,56 @@ class AuthController
 	public function logoutAction()
 	{
 		$this->context->viewName = null;
-		$this->context->viewName = null;
-		unset($_SESSION['user-id']);
+		$this->context->layoutName = null;
+		self::doLogOut();
 		setcookie('auth', false, 0, '/');
 		\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
 	}
+
+	public static function doLogOut()
+	{
+		unset($_SESSION['user']);
+	}
+
+	public static function doLogIn()
+	{
+		$context = \Chibi\Registry::getContext();
+		if (!isset($_SESSION['user']))
+		{
+			if (!empty($context->user) and $context->user->id)
+			{
+				$dbUser = R::findOne('user', 'id = ?', [$context->user->id]);
+				$_SESSION['user'] = serialize($dbUser);
+			}
+			else
+			{
+				$dummy = R::dispense('user');
+				$dummy->name = 'Anonymous';
+				$dummy->access_rank = AccessRank::Anonymous;
+				$dummy->anonymous = true;
+				$_SESSION['user'] = serialize($dummy);
+			}
+		}
+		$context->user = unserialize($_SESSION['user']);
+		#throw new SimpleException($context->user->anonymous ? '1' : '0');
+		$context->loggedIn = $context->user->anonymous ? false : true;
+		if (!$context->loggedIn)
+		{
+			try
+			{
+				self::tryAutoLogin();
+			}
+			catch (Exception $e)
+			{
+			}
+		}
+	}
+
+	public static function doReLog()
+	{
+		$context = \Chibi\Registry::getContext();
+		if ($context->user !== null)
+			$_SESSION['user'] = serialize($context->user);
+		self::doLogIn();
+	}
 }
--- a/src/Controllers/CommentController.php
+++ b/src/Controllers/CommentController.php
@ -72,7 +72,8 @@ class CommentController
 			$text = Model_Comment::validateText($text);
 			$comment = R::dispense('comment');
 			$comment->post = $post;
-			$comment->commenter = $this->context->user;
+			if ($this->context->loggedIn)
+				$comment->commenter = $this->context->user;
 			$comment->comment_date = time();
 			$comment->text = $text;
 			if (InputHelper::get('sender') != 'preview')
--- a/src/Controllers/PostController.php
+++ b/src/Controllers/PostController.php
@ -341,7 +341,8 @@ class PostController
 			$dbPost->upload_date = time();
 			$dbPost->image_width = $imageWidth;
 			$dbPost->image_height = $imageHeight;
-			$dbPost->uploader = $this->context->user;
+			if ($this->context->loggedIn)
+				$dbPost->uploader = $this->context->user;
 			$dbPost->ownFavoritee = [];
 			$dbPost->sharedTag = $dbTags;

--- a/src/Controllers/UserController.php
+++ b/src/Controllers/UserController.php
@ -209,6 +209,8 @@ class UserController
 				R::store($post);
 			}
 			$user->ownFavoritee = [];
+			if ($user->id == $this->context->user->id)
+				AuthController::doLogOut();
 			R::store($user);
 			R::trash($user);
 			\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
@ -247,7 +249,7 @@ class UserController
 			$user->enableEndlessScrolling(InputHelper::get('endless-scrolling'));

 			R::store($user);
-			$this->context->transport->user = $user;
+			AuthController::doReLog();
 			$this->context->transport->success = true;
 		}
 	}
@ -453,7 +455,9 @@ class UserController
 		$this->context->user->enableSafety($safety,
 			!$this->context->user->hasEnabledSafety($safety));

-		R::store($this->context->user);
+		AuthController::doReLog();
+		if (!$this->context->user->anonymous)
+			R::store($this->context->user);

 		$this->context->transport->success = true;
 	}
@ -535,8 +539,8 @@ class UserController

 			if (!$this->config->registration->needEmailForRegistering and !$this->config->registration->staffActivation)
 			{
-				$_SESSION['user-id'] = $dbUser->id;
-				\Chibi\Registry::getBootstrap()->attachUser();
+				$this->context->user = $dbUser;
+				AuthController::doReLog();
 			}
 		}
 	}
@ -567,8 +571,8 @@ class UserController

 		if (!$this->config->registration->staffActivation)
 		{
-			$_SESSION['user-id'] = $dbUser->id;
-			\Chibi\Registry::getBootstrap()->attachUser();
+			$this->context->user = $dbUser;
+			AuthController::doReLog();
 		}
 	}
 }
--- a/src/Helpers/PrivilegesHelper.php
+++ b/src/Helpers/PrivilegesHelper.php
@ -53,7 +53,7 @@ class PrivilegesHelper
 	public static function getIdentitySubPrivilege($user)
 	{
 		if (!$user)
-			return false;
+			return 'all';
 		$userFromContext = \Chibi\Registry::getContext()->user;
 		return $user->id == $userFromContext->id ? 'own' : 'all';
 	}
--- a/src/Models/Model_User.php
+++ b/src/Models/Model_User.php
@ -41,17 +41,6 @@ class Model_User extends RedBean_SimpleModel
 		$this->settings = $settings;
 	}

-	public function update()
-	{
-		$context = \Chibi\Registry::getContext();
-		if ($context->user->id == $this->id)
-		{
-			$context->user = $this;
-			unset($_SESSION['user']);
-		}
-	}
-
-

 	const SETTING_SAFETY = 1;
 	const SETTING_ENDLESS_SCROLLING = 2;
@ -60,7 +49,7 @@ class Model_User extends RedBean_SimpleModel
 	{
 		$all = $this->getSetting(self::SETTING_SAFETY);
 		if (!$all)
-			return true;
+			return $safety == PostSafety::toFlag(PostSafety::Safe);
 		return $all & PostSafety::toFlag($safety);
 	}

--- a/src/Views/comment-small.phtml
+++ b/src/Views/comment-small.phtml
@ -2,10 +2,10 @@
 	<div class="avatar">
 		<?php if ($this->context->comment->commenter): ?>
 			<a href="<?php echo \Chibi\UrlHelper::route('user', 'view', ['name' => $this->context->comment->commenter->name]) ?>">
-				<img src="<?php echo htmlspecialchars($this->context->comment->commenter->getAvatarUrl(40)) ?>" alt="<?php echo $this->context->comment->commenter->name ?: '[deleted user]' ?>"/>
+				<img src="<?php echo htmlspecialchars($this->context->comment->commenter->getAvatarUrl(40)) ?>" alt="<?php echo $this->context->comment->commenter->name ?: '[unknown user]' ?>"/>
 			</a>
 		<?php else: ?>
-			<img src="<?php echo \Chibi\UrlHelper::absoluteUrl('/media/img/pixel.gif') ?>" alt="[deleted user]">
+			<img src="<?php echo \Chibi\UrlHelper::absoluteUrl('/media/img/pixel.gif') ?>" alt="[unknown user]">
 		<?php endif ?>
 	</div>

@ -17,7 +17,7 @@
 						<?php echo $this->context->comment->commenter->name ?>
 					</a>
 				<?php else: ?>
-					[deleted user]
+					[unknown user]
 				<?php endif ?>
 			</span>

--- a/src/Views/layout-normal.phtml
+++ b/src/Views/layout-normal.phtml
@ -67,7 +67,7 @@
 						}
 					?>

-					<?php if ($this->context->loggedIn): ?>
+					<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserSettings, PrivilegesHelper::getIdentitySubPrivilege($this->context->user))): ?>
 						<li class="safety">
 							<ul>
 								<?php foreach (PostSafety::getAll() as $safety): ?>
--- a/src/Views/post-view.phtml
+++ b/src/Views/post-view.phtml
@ -54,8 +54,8 @@
 					</a>
 				</span>
 			<?php else: ?>
-				<span class="value" title="[deleted user]">
-					[deleted user]
+				<span class="value" title="[unknown user]">
+					[unknown user]
 				</span>
 			<?php endif ?>
 		</div>