[pLog-svn] r3911 - in plog/trunk/class: action/admin dao view/admin

mark at devel.lifetype.net mark at devel.lifetype.net
Wed Aug 23 17:55:24 GMT 2006


Author: mark
Date: 2006-08-23 17:55:23 +0000 (Wed, 23 Aug 2006)
New Revision: 3911

Modified:
   plog/trunk/class/action/admin/adminaction.class.php
   plog/trunk/class/action/admin/admindoregisterblogaction.class.php
   plog/trunk/class/dao/userinfo.class.php
   plog/trunk/class/view/admin/admindashboardview.class.php
Log:
Fixed a serious bug of registerBlog.
1. We can not count the blog that owned by someone.
2. We have to save the userInfo into session, or the registerBlog will appear in the same session, no matter how many blogs that the user create.
3. We have to validate the numberOfUserBlogs in doRegisterAction, or user can cheating us.

Modified: plog/trunk/class/action/admin/adminaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaction.class.php	2006-08-23 17:22:38 UTC (rev 3910)
+++ plog/trunk/class/action/admin/adminaction.class.php	2006-08-23 17:55:23 UTC (rev 3911)
@@ -167,8 +167,10 @@
          */
         function saveSession()
         {
-        	$this->_session->setValue( "blogId", $this->_blogInfo->getId() );
-            $this->_session->setValue( "userInfo", $this->_userInfo );
+        	if( !empty( $this->_blogInfo ) )
+        		$this->_session->setValue( "blogId", $this->_blogInfo->getId() );
+        	if( !empty( $this->_userInfo ) )
+            	$this->_session->setValue( "userInfo", $this->_userInfo );
         	//$_SESSION["SessionInfo"] = $this->_session;
             $session = HttpVars::getSession();
             $session["SessionInfo"] = $this->_session;

Modified: plog/trunk/class/action/admin/admindoregisterblogaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindoregisterblogaction.class.php	2006-08-23 17:22:38 UTC (rev 3910)
+++ plog/trunk/class/action/admin/admindoregisterblogaction.class.php	2006-08-23 17:55:23 UTC (rev 3911)
@@ -28,6 +28,27 @@
 			$this->registerFieldValidator( "blogCategory", new IntegerValidator());
 			$this->setValidationErrorView( new AdminRegisterBlogView( $this->_userInfo ));
 		}
+
+		function validate()
+		{
+			if( !parent::validate())
+				return false;
+
+			$maxBlogsPerUser = $this->_config->getValue( "num_blogs_per_user" );
+			if( !is_numeric( $maxBlogsPerUser ))
+				$maxBlogsPerUser = DEFAULT_MAX_BLOGS_PER_USER;
+			$numOfUserBlogs = count( $this->_userInfo->getOwnBlogs() );
+			
+			if( $numOfUserBlogs >= $maxBlogsPerUser ) {
+		        $this->_view = new AdminRegisterBlogView( $this->_blogInfo, $this->_userInfo );
+		        $this->_view->setErrorMessage( $this->_locale->tr("error_already_over_blog_creation_limition") );
+		        $this->setCommonData();
+
+		        return false;
+			}
+			
+			return true;
+		}
 		
 		function perform()
 		{
@@ -110,9 +131,15 @@
             $article->setDateObject( $t );
             $articles = new Articles();
             $articles->addArticle( $article );	           
+
+			// after we update everything, we need to get the userInfo from db and set to session again.
+			include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
+			$users = new Users();
+			$this->_userInfo = $users->getUserInfoFromId( $this->_userInfo->getId() );
+            $this->_session->setValue( "userInfo", $this->_userInfo );
+            $this->saveSession();
 						
 			// redirect process to the dashboard view
-			$users = new Users();
 			$usersBlogs = $users->getUsersBlogs( $this->_userInfo->getId(), BLOG_STATUS_ACTIVE );
 			$this->_view = new AdminDashboardView( $this->_userInfo, $usersBlogs ); 
 		}

Modified: plog/trunk/class/dao/userinfo.class.php
===================================================================
--- plog/trunk/class/dao/userinfo.class.php	2006-08-23 17:22:38 UTC (rev 3910)
+++ plog/trunk/class/dao/userinfo.class.php	2006-08-23 17:55:23 UTC (rev 3911)
@@ -132,6 +132,19 @@
 			
 			return( $this->_blogs );
 		}
+
+		function getOwnBlogs()
+		{
+			$this->getBlogs();
+
+			$blogs = array();
+			foreach($this->_blogs as $blog) {
+				if( $blog->getOwnerId() == $this->getId() )
+					array_push( $blogs, $blog );
+			}
+			
+			return( $blogs );
+		}
 		
 		function getFullName()
 		{

Modified: plog/trunk/class/view/admin/admindashboardview.class.php
===================================================================
--- plog/trunk/class/view/admin/admindashboardview.class.php	2006-08-23 17:22:38 UTC (rev 3910)
+++ plog/trunk/class/view/admin/admindashboardview.class.php	2006-08-23 17:55:23 UTC (rev 3911)
@@ -101,12 +101,12 @@
 			$maxBlogsPerUser = $this->_config->getValue( "num_blogs_per_user" );
 			if( !is_numeric( $maxBlogsPerUser ))
 				$maxBlogsPerUser = DEFAULT_MAX_BLOGS_PER_USER;
+			$numOfUserBlogs = count( $this->_userInfo->getOwnBlogs() );
 				
-			if( $maxBlogsPerUser == 0 )
+			if( $numOfUserBlogs < $maxBlogsPerUser )
 				$userCanCreateBlog = true;
-			else {
-				$userCanCreateBlog = ($numOwnedBlogs < $maxBlogsPerUser);
-			}
+			else
+				$userCanCreateBlog = false;
 			
 			$this->_params->setValue( "userCanCreateBlog", $userCanCreateBlog );
 		}



More information about the pLog-svn mailing list