[pLog-svn] r3911 - in plog/trunk/class: action/admin dao view/admin

Oscar Renalias oscar at renalias.net
Sat Sep 2 17:44:25 GMT 2006 

I don't think I understand this change... What was the serious bug?

On 23 Aug 2006, at 20:55, mark at devel.lifetype.net wrote:

> Author: mark
> Date: 2006-08-23 17:55:23 +0000 (Wed, 23 Aug 2006)
> New Revision: 3911
>
> Modified:
>    plog/trunk/class/action/admin/adminaction.class.php
>    plog/trunk/class/action/admin/admindoregisterblogaction.class.php
>    plog/trunk/class/dao/userinfo.class.php
>    plog/trunk/class/view/admin/admindashboardview.class.php
> Log:
> Fixed a serious bug of registerBlog.
> 1. We can not count the blog that owned by someone.
> 2. We have to save the userInfo into session, or the registerBlog  
> will appear in the same session, no matter how many blogs that the  
> user create.
> 3. We have to validate the numberOfUserBlogs in doRegisterAction,  
> or user can cheating us.
>
> Modified: plog/trunk/class/action/admin/adminaction.class.php
> ===================================================================
> --- plog/trunk/class/action/admin/adminaction.class.php	2006-08-23  
> 17:22:38 UTC (rev 3910)
> +++ plog/trunk/class/action/admin/adminaction.class.php	2006-08-23  
> 17:55:23 UTC (rev 3911)
> @@ -167,8 +167,10 @@
>           */
>          function saveSession()
>          {
> -        	$this->_session->setValue( "blogId", $this->_blogInfo- 
> >getId() );
> -            $this->_session->setValue( "userInfo", $this- 
> >_userInfo );
> +        	if( !empty( $this->_blogInfo ) )
> +        		$this->_session->setValue( "blogId", $this->_blogInfo- 
> >getId() );
> +        	if( !empty( $this->_userInfo ) )
> +            	$this->_session->setValue( "userInfo", $this- 
> >_userInfo );
>          	//$_SESSION["SessionInfo"] = $this->_session;
>              $session = HttpVars::getSession();
>              $session["SessionInfo"] = $this->_session;
>
> Modified: plog/trunk/class/action/admin/ 
> admindoregisterblogaction.class.php
> ===================================================================
> --- plog/trunk/class/action/admin/ 
> admindoregisterblogaction.class.php	2006-08-23 17:22:38 UTC (rev 3910)
> +++ plog/trunk/class/action/admin/ 
> admindoregisterblogaction.class.php	2006-08-23 17:55:23 UTC (rev 3911)
> @@ -28,6 +28,27 @@
>  			$this->registerFieldValidator( "blogCategory", new  
> IntegerValidator());
>  			$this->setValidationErrorView( new AdminRegisterBlogView( $this- 
> >_userInfo ));
>  		}
> +
> +		function validate()
> +		{
> +			if( !parent::validate())
> +				return false;
> +
> +			$maxBlogsPerUser = $this->_config->getValue 
> ( "num_blogs_per_user" );
> +			if( !is_numeric( $maxBlogsPerUser ))
> +				$maxBlogsPerUser = DEFAULT_MAX_BLOGS_PER_USER;
> +			$numOfUserBlogs = count( $this->_userInfo->getOwnBlogs() );
> +			
> +			if( $numOfUserBlogs >= $maxBlogsPerUser ) {
> +		        $this->_view = new AdminRegisterBlogView( $this- 
> >_blogInfo, $this->_userInfo );
> +		        $this->_view->setErrorMessage( $this->_locale->tr 
> ("error_already_over_blog_creation_limition") );
> +		        $this->setCommonData();
> +
> +		        return false;
> +			}
> +			
> +			return true;
> +		}
>  		
>  		function perform()
>  		{
> @@ -110,9 +131,15 @@
>              $article->setDateObject( $t );
>              $articles = new Articles();
>              $articles->addArticle( $article );	
> +
> +			// after we update everything, we need to get the userInfo from  
> db and set to session again.
> +			include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
> +			$users = new Users();
> +			$this->_userInfo = $users->getUserInfoFromId( $this->_userInfo- 
> >getId() );
> +            $this->_session->setValue( "userInfo", $this- 
> >_userInfo );
> +            $this->saveSession();
>  						
>  			// redirect process to the dashboard view
> -			$users = new Users();
>  			$usersBlogs = $users->getUsersBlogs( $this->_userInfo->getId(),  
> BLOG_STATUS_ACTIVE );
>  			$this->_view = new AdminDashboardView( $this->_userInfo,  
> $usersBlogs );
>  		}
>
> Modified: plog/trunk/class/dao/userinfo.class.php
> ===================================================================
> --- plog/trunk/class/dao/userinfo.class.php	2006-08-23 17:22:38 UTC  
> (rev 3910)
> +++ plog/trunk/class/dao/userinfo.class.php	2006-08-23 17:55:23 UTC  
> (rev 3911)
> @@ -132,6 +132,19 @@
>  			
>  			return( $this->_blogs );
>  		}
> +
> +		function getOwnBlogs()
> +		{
> +			$this->getBlogs();
> +
> +			$blogs = array();
> +			foreach($this->_blogs as $blog) {
> +				if( $blog->getOwnerId() == $this->getId() )
> +					array_push( $blogs, $blog );
> +			}
> +			
> +			return( $blogs );
> +		}
>  		
>  		function getFullName()
>  		{
>
> Modified: plog/trunk/class/view/admin/admindashboardview.class.php
> ===================================================================
> --- plog/trunk/class/view/admin/admindashboardview.class.php	 
> 2006-08-23 17:22:38 UTC (rev 3910)
> +++ plog/trunk/class/view/admin/admindashboardview.class.php	 
> 2006-08-23 17:55:23 UTC (rev 3911)
> @@ -101,12 +101,12 @@
>  			$maxBlogsPerUser = $this->_config->getValue 
> ( "num_blogs_per_user" );
>  			if( !is_numeric( $maxBlogsPerUser ))
>  				$maxBlogsPerUser = DEFAULT_MAX_BLOGS_PER_USER;
> +			$numOfUserBlogs = count( $this->_userInfo->getOwnBlogs() );
>  				
> -			if( $maxBlogsPerUser == 0 )
> +			if( $numOfUserBlogs < $maxBlogsPerUser )
>  				$userCanCreateBlog = true;
> -			else {
> -				$userCanCreateBlog = ($numOwnedBlogs < $maxBlogsPerUser);
> -			}
> +			else
> +				$userCanCreateBlog = false;
>  			
>  			$this->_params->setValue( "userCanCreateBlog",  
> $userCanCreateBlog );
>  		}
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>

More information about the pLog-svn mailing list