mirror of
https://github.com/moparisthebest/wallabag
synced 2024-11-27 11:22:17 -05:00
Fixed Multi-user system
This commit is contained in:
parent
847f57686e
commit
4d99bae893
@ -230,11 +230,48 @@ class Database {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function listUsers($username=null) {
|
||||||
|
$sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : '');
|
||||||
|
$query = $this->executeQuery($sql, ( $username ? array($username) : array()));
|
||||||
|
list($count) = $query->fetch();
|
||||||
|
return $count;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getUserPassword($userID) {
|
||||||
|
$sql = "SELECT * FROM users WHERE id=?";
|
||||||
|
$query = $this->executeQuery($sql, array($userID));
|
||||||
|
$password = $query->fetchAll();
|
||||||
|
return isset($password[0]['password']) ? $password[0]['password'] : null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function deleteUserConfig($userID) {
|
||||||
|
$sql_action = 'DELETE from users_config WHERE user_id=?';
|
||||||
|
$params_action = array($userID);
|
||||||
|
$query = $this->executeQuery($sql_action, $params_action);
|
||||||
|
return $query;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function deleteTagsEntriesAndEntries($userID) {
|
||||||
|
$entries = $this->retrieveAll($userID);
|
||||||
|
foreach($entries as $entryid) {
|
||||||
|
$tags = $this->retrieveTagsByEntry($entryid);
|
||||||
|
foreach($tags as $tag) {
|
||||||
|
$this->removeTagForEntry($entryid,$tags);
|
||||||
|
}
|
||||||
|
$this->deleteById($entryid,$userID);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function deleteUser($userID) {
|
||||||
|
$sql_action = 'DELETE from users WHERE id=?';
|
||||||
|
$params_action = array($userID);
|
||||||
|
$query = $this->executeQuery($sql_action, $params_action);
|
||||||
|
}
|
||||||
|
|
||||||
public function updateContentAndTitle($id, $title, $body, $user_id) {
|
public function updateContentAndTitle($id, $title, $body, $user_id) {
|
||||||
$sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';
|
$sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';
|
||||||
$params_action = array($body, $title, $id, $user_id);
|
$params_action = array($body, $title, $id, $user_id);
|
||||||
$query = $this->executeQuery($sql_action, $params_action);
|
$query = $this->executeQuery($sql_action, $params_action);
|
||||||
|
|
||||||
return $query;
|
return $query;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -242,6 +242,58 @@ class Poche
|
|||||||
$this->tpl->addFilter($filter);
|
$this->tpl->addFilter($filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function createNewUser() {
|
||||||
|
if (isset($_GET['newuser'])){
|
||||||
|
if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){
|
||||||
|
$newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING);
|
||||||
|
if (!$this->store->userExists($newusername)){
|
||||||
|
if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) {
|
||||||
|
Tools::logm('The new user '.$newusername.' has been installed');
|
||||||
|
$this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'),$newusername));
|
||||||
|
Tools::redirect();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
Tools::logm('error during adding new user');
|
||||||
|
Tools::redirect();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername));
|
||||||
|
Tools::logm('An user with the name '.$newusername.' already exists !');
|
||||||
|
Tools::redirect();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function deleteUser(){
|
||||||
|
if (isset($_GET['deluser'])){
|
||||||
|
if ($this->store->listUsers() > 1) {
|
||||||
|
if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) {
|
||||||
|
$username = $this->user->getUsername();
|
||||||
|
$this->store->deleteUserConfig($this->user->getId());
|
||||||
|
Tools::logm('The configuration for user '. $username .' has been deleted !');
|
||||||
|
$this->store->deleteTagsEntriesAndEntries($this->user->getId());
|
||||||
|
Tools::logm('The entries for user '. $username .' has been deleted !');
|
||||||
|
$this->store->deleteUser($this->user->getId());
|
||||||
|
Tools::logm('User '. $username .' has been completely deleted !');
|
||||||
|
Session::logout();
|
||||||
|
Tools::logm('logout');
|
||||||
|
Tools::redirect();
|
||||||
|
$this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername));
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
Tools::logm('Bad password !');
|
||||||
|
$this->messages->add('e', _('Error : The password is wrong !'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
Tools::logm('Only user !');
|
||||||
|
$this->messages->add('e', _('Error : You are the only user, you cannot delete your account !'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private function install()
|
private function install()
|
||||||
{
|
{
|
||||||
Tools::logm('poche still not installed');
|
Tools::logm('poche still not installed');
|
||||||
@ -520,6 +572,7 @@ class Poche
|
|||||||
$languages = $this->getInstalledLanguages();
|
$languages = $this->getInstalledLanguages();
|
||||||
$token = $this->user->getConfigValue('token');
|
$token = $this->user->getConfigValue('token');
|
||||||
$http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false;
|
$http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false;
|
||||||
|
$only_user = ($this->store->listUsers() > 1) ? false : true;
|
||||||
$tpl_vars = array(
|
$tpl_vars = array(
|
||||||
'themes' => $themes,
|
'themes' => $themes,
|
||||||
'languages' => $languages,
|
'languages' => $languages,
|
||||||
@ -532,6 +585,7 @@ class Poche
|
|||||||
'token' => $token,
|
'token' => $token,
|
||||||
'user_id' => $this->user->getId(),
|
'user_id' => $this->user->getId(),
|
||||||
'http_auth' => $http_auth,
|
'http_auth' => $http_auth,
|
||||||
|
'only_user' => $only_user
|
||||||
);
|
);
|
||||||
Tools::logm('config view');
|
Tools::logm('config view');
|
||||||
break;
|
break;
|
||||||
|
@ -66,6 +66,10 @@ if (isset($_GET['login'])) {
|
|||||||
} elseif (isset($_GET['config'])) {
|
} elseif (isset($_GET['config'])) {
|
||||||
# Update password
|
# Update password
|
||||||
$poche->updatePassword();
|
$poche->updatePassword();
|
||||||
|
} elseif (isset($_GET['newuser'])) {
|
||||||
|
$poche->createNewUser();
|
||||||
|
} elseif (isset($_GET['deluser'])) {
|
||||||
|
$poche->deleteUser();
|
||||||
} elseif (isset($_GET['import'])) {
|
} elseif (isset($_GET['import'])) {
|
||||||
$import = $poche->import();
|
$import = $poche->import();
|
||||||
$tpl_vars = array_merge($tpl_vars, $import);
|
$tpl_vars = array_merge($tpl_vars, $import);
|
||||||
|
@ -128,4 +128,36 @@
|
|||||||
<h2>{% trans "Cache" %}</h2>
|
<h2>{% trans "Cache" %}</h2>
|
||||||
<p><a href="?empty-cache">{% trans "Click here" %}</a> {% trans "to delete cache." %}</p>
|
<p><a href="?empty-cache">{% trans "Click here" %}</a> {% trans "to delete cache." %}</p>
|
||||||
|
|
||||||
|
<h2>{% trans 'Add user' %}</h2>
|
||||||
|
<p>{% trans 'Add a new user :' %}</p>
|
||||||
|
<form method="post" action="?newuser">
|
||||||
|
<fieldset class="w500p">
|
||||||
|
<div class="row">
|
||||||
|
<label class="col w150p" for="newusername">{% trans 'Login for new user' %}</label>
|
||||||
|
<input class="col" type="text" id="newusername" name="newusername" placeholder="{% trans 'Login' %}">
|
||||||
|
</div>
|
||||||
|
<div class="row">
|
||||||
|
<label class="col w150p" for="password4newuser">{% trans "Password for new user" %}</label>
|
||||||
|
<input class="col" type="password" id="password4newuser" name="password4newuser" placeholder="{% trans "Password" %}">
|
||||||
|
</div>
|
||||||
|
<div class="row mts txtcenter">
|
||||||
|
<button type="submit">{% trans "Send" %}</button>
|
||||||
|
</div>
|
||||||
|
</fieldset>
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<h2>{% trans "Delete account" %}</h2>
|
||||||
|
{% if not only_user %}<form method="post" action="?deluser">
|
||||||
|
<p>{% trans "You can delete your account by entering your password and validating." %}<br /><b>{% trans "Be careful, data will be erased forever (that is a very long time)." %}</b></p>
|
||||||
|
<fieldset class="w500p">
|
||||||
|
<div class="row">
|
||||||
|
<label class="col w150p" for="password4deletinguser">{% trans "Type here your password" %}</label>
|
||||||
|
<input class="col" type="password" id="password4deletinguser" name="password4deletinguser" placeholder="{% trans "Password" %}">
|
||||||
|
</div>
|
||||||
|
<div class="row mts txtcenter">
|
||||||
|
<button type="submit">{% trans "Send" %}</button>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
{% else %}<p>{% trans "You are the only user, you cannot delete your own account." %}<br />
|
||||||
|
{% trans "To completely remove wallabag, delete the wallabag folder on your web server." %}</p>{% endif %}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
Loading…
Reference in New Issue
Block a user