From b55a8f1dce4e50ee9c46741cdcffabdc6e06aaf6 Mon Sep 17 00:00:00 2001 From: Marcin Kurczewski Date: Sun, 27 Oct 2013 20:39:32 +0100 Subject: [PATCH] Closed #52 - fixes for anonymous accounts - Anonymous account is no longer created when commenting/uploading - Anonymous users can now switch safety, if it's available - Anonymous users can delete their own posts - Refurbished session and logging in/out mechanism - Possible fixes for registration/activation/account deletion issues --- src/Bootstrap.php | 37 +----------------- src/Controllers/AuthController.php | 56 +++++++++++++++++++++++++-- src/Controllers/CommentController.php | 3 +- src/Controllers/PostController.php | 3 +- src/Controllers/UserController.php | 16 +++++--- src/Helpers/PrivilegesHelper.php | 2 +- src/Models/Model_User.php | 13 +------ src/Views/comment-small.phtml | 6 +-- src/Views/layout-normal.phtml | 2 +- src/Views/post-view.phtml | 4 +- 10 files changed, 75 insertions(+), 67 deletions(-) diff --git a/src/Bootstrap.php b/src/Bootstrap.php index 04a26175..324dc1b3 100644 --- a/src/Bootstrap.php +++ b/src/Bootstrap.php @@ -1,41 +1,6 @@ context->loggedIn = false; - if (isset($_SESSION['user-id'])) - { - if (!isset($_SESSION['user'])) - { - $dbUser = R::findOne('user', 'id = ?', [$_SESSION['user-id']]); - $_SESSION['user'] = serialize($dbUser); - } - $this->context->user = unserialize($_SESSION['user']); - if (!empty($this->context->user)) - { - $this->context->loggedIn = true; - } - } - if (!$this->context->loggedIn) - { - try - { - AuthController::tryAutoLogin(); - } - catch (Exception $e) - { - } - } - if (empty($this->context->user)) - { - $dummy = R::dispense('user'); - $dummy->name = 'Anonymous'; - $dummy->access_rank = AccessRank::Anonymous; - $this->context->user = $dummy; - } - } - public function workWrapper($workCallback) { $this->config->chibi->baseUrl = 'http://' . rtrim($_SERVER['HTTP_HOST'], '/') . '/'; @@ -62,7 +27,7 @@ class Bootstrap $this->context->transport = new StdClass; $this->context->transport->success = null; - $this->attachUser(); + AuthController::doLogIn(); if (empty($this->context->route)) { diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php index d07b60b4..50b8e96e 100644 --- a/src/Controllers/AuthController.php +++ b/src/Controllers/AuthController.php @@ -4,6 +4,7 @@ class AuthController public static function tryLogin($name, $password) { $config = \Chibi\Registry::getConfig(); + $context = \Chibi\Registry::getContext(); $dbUser = R::findOne('user', 'name = ?', [$name]); if ($dbUser === null) @@ -22,8 +23,8 @@ class AuthController if ($config->registration->needEmailForRegistering) PrivilegesHelper::confirmEmail($dbUser); - $_SESSION['user-id'] = $dbUser->id; - $_SESSION['user'] = serialize($dbUser); + $context->user = $dbUser; + self::doReLog(); \Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index')); return $dbUser; } @@ -75,9 +76,56 @@ class AuthController public function logoutAction() { $this->context->viewName = null; - $this->context->viewName = null; - unset($_SESSION['user-id']); + $this->context->layoutName = null; + self::doLogOut(); setcookie('auth', false, 0, '/'); \Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index')); } + + public static function doLogOut() + { + unset($_SESSION['user']); + } + + public static function doLogIn() + { + $context = \Chibi\Registry::getContext(); + if (!isset($_SESSION['user'])) + { + if (!empty($context->user) and $context->user->id) + { + $dbUser = R::findOne('user', 'id = ?', [$context->user->id]); + $_SESSION['user'] = serialize($dbUser); + } + else + { + $dummy = R::dispense('user'); + $dummy->name = 'Anonymous'; + $dummy->access_rank = AccessRank::Anonymous; + $dummy->anonymous = true; + $_SESSION['user'] = serialize($dummy); + } + } + $context->user = unserialize($_SESSION['user']); + #throw new SimpleException($context->user->anonymous ? '1' : '0'); + $context->loggedIn = $context->user->anonymous ? false : true; + if (!$context->loggedIn) + { + try + { + self::tryAutoLogin(); + } + catch (Exception $e) + { + } + } + } + + public static function doReLog() + { + $context = \Chibi\Registry::getContext(); + if ($context->user !== null) + $_SESSION['user'] = serialize($context->user); + self::doLogIn(); + } } diff --git a/src/Controllers/CommentController.php b/src/Controllers/CommentController.php index 567cde12..ae0f4cde 100644 --- a/src/Controllers/CommentController.php +++ b/src/Controllers/CommentController.php @@ -72,7 +72,8 @@ class CommentController $text = Model_Comment::validateText($text); $comment = R::dispense('comment'); $comment->post = $post; - $comment->commenter = $this->context->user; + if ($this->context->loggedIn) + $comment->commenter = $this->context->user; $comment->comment_date = time(); $comment->text = $text; if (InputHelper::get('sender') != 'preview') diff --git a/src/Controllers/PostController.php b/src/Controllers/PostController.php index a62848d3..29c80a90 100644 --- a/src/Controllers/PostController.php +++ b/src/Controllers/PostController.php @@ -341,7 +341,8 @@ class PostController $dbPost->upload_date = time(); $dbPost->image_width = $imageWidth; $dbPost->image_height = $imageHeight; - $dbPost->uploader = $this->context->user; + if ($this->context->loggedIn) + $dbPost->uploader = $this->context->user; $dbPost->ownFavoritee = []; $dbPost->sharedTag = $dbTags; diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php index 53336d41..693d18da 100644 --- a/src/Controllers/UserController.php +++ b/src/Controllers/UserController.php @@ -209,6 +209,8 @@ class UserController R::store($post); } $user->ownFavoritee = []; + if ($user->id == $this->context->user->id) + AuthController::doLogOut(); R::store($user); R::trash($user); \Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index')); @@ -247,7 +249,7 @@ class UserController $user->enableEndlessScrolling(InputHelper::get('endless-scrolling')); R::store($user); - $this->context->transport->user = $user; + AuthController::doReLog(); $this->context->transport->success = true; } } @@ -453,7 +455,9 @@ class UserController $this->context->user->enableSafety($safety, !$this->context->user->hasEnabledSafety($safety)); - R::store($this->context->user); + AuthController::doReLog(); + if (!$this->context->user->anonymous) + R::store($this->context->user); $this->context->transport->success = true; } @@ -535,8 +539,8 @@ class UserController if (!$this->config->registration->needEmailForRegistering and !$this->config->registration->staffActivation) { - $_SESSION['user-id'] = $dbUser->id; - \Chibi\Registry::getBootstrap()->attachUser(); + $this->context->user = $dbUser; + AuthController::doReLog(); } } } @@ -567,8 +571,8 @@ class UserController if (!$this->config->registration->staffActivation) { - $_SESSION['user-id'] = $dbUser->id; - \Chibi\Registry::getBootstrap()->attachUser(); + $this->context->user = $dbUser; + AuthController::doReLog(); } } } diff --git a/src/Helpers/PrivilegesHelper.php b/src/Helpers/PrivilegesHelper.php index 33e15cf0..0c71d902 100644 --- a/src/Helpers/PrivilegesHelper.php +++ b/src/Helpers/PrivilegesHelper.php @@ -53,7 +53,7 @@ class PrivilegesHelper public static function getIdentitySubPrivilege($user) { if (!$user) - return false; + return 'all'; $userFromContext = \Chibi\Registry::getContext()->user; return $user->id == $userFromContext->id ? 'own' : 'all'; } diff --git a/src/Models/Model_User.php b/src/Models/Model_User.php index 2a810152..03dcc5e2 100644 --- a/src/Models/Model_User.php +++ b/src/Models/Model_User.php @@ -41,17 +41,6 @@ class Model_User extends RedBean_SimpleModel $this->settings = $settings; } - public function update() - { - $context = \Chibi\Registry::getContext(); - if ($context->user->id == $this->id) - { - $context->user = $this; - unset($_SESSION['user']); - } - } - - const SETTING_SAFETY = 1; const SETTING_ENDLESS_SCROLLING = 2; @@ -60,7 +49,7 @@ class Model_User extends RedBean_SimpleModel { $all = $this->getSetting(self::SETTING_SAFETY); if (!$all) - return true; + return $safety == PostSafety::toFlag(PostSafety::Safe); return $all & PostSafety::toFlag($safety); } diff --git a/src/Views/comment-small.phtml b/src/Views/comment-small.phtml index db42fbb1..bd10f1c8 100644 --- a/src/Views/comment-small.phtml +++ b/src/Views/comment-small.phtml @@ -2,10 +2,10 @@
context->comment->commenter): ?> - <?php echo $this->context->comment->commenter->name ?: '[deleted user]' ?> + <?php echo $this->context->comment->commenter->name ?: '[unknown user]' ?> - [deleted user] + [unknown user]
@@ -17,7 +17,7 @@ context->comment->commenter->name ?> - [deleted user] + [unknown user] diff --git a/src/Views/layout-normal.phtml b/src/Views/layout-normal.phtml index 2f0b3dd3..6f8fcc39 100644 --- a/src/Views/layout-normal.phtml +++ b/src/Views/layout-normal.phtml @@ -67,7 +67,7 @@ } ?> - context->loggedIn): ?> + context->user))): ?>