[pLog-svn] r3911 - in plog/trunk/class: action/admin dao
view/admin
Oscar Renalias
oscar at renalias.net
Sat Sep 2 17:44:25 GMT 2006
I don't think I understand this change... What was the serious bug?
On 23 Aug 2006, at 20:55, mark at devel.lifetype.net wrote:
> Author: mark
> Date: 2006-08-23 17:55:23 +0000 (Wed, 23 Aug 2006)
> New Revision: 3911
>
> Modified:
> plog/trunk/class/action/admin/adminaction.class.php
> plog/trunk/class/action/admin/admindoregisterblogaction.class.php
> plog/trunk/class/dao/userinfo.class.php
> plog/trunk/class/view/admin/admindashboardview.class.php
> Log:
> Fixed a serious bug of registerBlog.
> 1. We can not count the blog that owned by someone.
> 2. We have to save the userInfo into session, or the registerBlog
> will appear in the same session, no matter how many blogs that the
> user create.
> 3. We have to validate the numberOfUserBlogs in doRegisterAction,
> or user can cheating us.
>
> Modified: plog/trunk/class/action/admin/adminaction.class.php
> ===================================================================
> --- plog/trunk/class/action/admin/adminaction.class.php 2006-08-23
> 17:22:38 UTC (rev 3910)
> +++ plog/trunk/class/action/admin/adminaction.class.php 2006-08-23
> 17:55:23 UTC (rev 3911)
> @@ -167,8 +167,10 @@
> */
> function saveSession()
> {
> - $this->_session->setValue( "blogId", $this->_blogInfo-
> >getId() );
> - $this->_session->setValue( "userInfo", $this-
> >_userInfo );
> + if( !empty( $this->_blogInfo ) )
> + $this->_session->setValue( "blogId", $this->_blogInfo-
> >getId() );
> + if( !empty( $this->_userInfo ) )
> + $this->_session->setValue( "userInfo", $this-
> >_userInfo );
> //$_SESSION["SessionInfo"] = $this->_session;
> $session = HttpVars::getSession();
> $session["SessionInfo"] = $this->_session;
>
> Modified: plog/trunk/class/action/admin/
> admindoregisterblogaction.class.php
> ===================================================================
> --- plog/trunk/class/action/admin/
> admindoregisterblogaction.class.php 2006-08-23 17:22:38 UTC (rev 3910)
> +++ plog/trunk/class/action/admin/
> admindoregisterblogaction.class.php 2006-08-23 17:55:23 UTC (rev 3911)
> @@ -28,6 +28,27 @@
> $this->registerFieldValidator( "blogCategory", new
> IntegerValidator());
> $this->setValidationErrorView( new AdminRegisterBlogView( $this-
> >_userInfo ));
> }
> +
> + function validate()
> + {
> + if( !parent::validate())
> + return false;
> +
> + $maxBlogsPerUser = $this->_config->getValue
> ( "num_blogs_per_user" );
> + if( !is_numeric( $maxBlogsPerUser ))
> + $maxBlogsPerUser = DEFAULT_MAX_BLOGS_PER_USER;
> + $numOfUserBlogs = count( $this->_userInfo->getOwnBlogs() );
> +
> + if( $numOfUserBlogs >= $maxBlogsPerUser ) {
> + $this->_view = new AdminRegisterBlogView( $this-
> >_blogInfo, $this->_userInfo );
> + $this->_view->setErrorMessage( $this->_locale->tr
> ("error_already_over_blog_creation_limition") );
> + $this->setCommonData();
> +
> + return false;
> + }
> +
> + return true;
> + }
>
> function perform()
> {
> @@ -110,9 +131,15 @@
> $article->setDateObject( $t );
> $articles = new Articles();
> $articles->addArticle( $article );
> +
> + // after we update everything, we need to get the userInfo from
> db and set to session again.
> + include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
> + $users = new Users();
> + $this->_userInfo = $users->getUserInfoFromId( $this->_userInfo-
> >getId() );
> + $this->_session->setValue( "userInfo", $this-
> >_userInfo );
> + $this->saveSession();
>
> // redirect process to the dashboard view
> - $users = new Users();
> $usersBlogs = $users->getUsersBlogs( $this->_userInfo->getId(),
> BLOG_STATUS_ACTIVE );
> $this->_view = new AdminDashboardView( $this->_userInfo,
> $usersBlogs );
> }
>
> Modified: plog/trunk/class/dao/userinfo.class.php
> ===================================================================
> --- plog/trunk/class/dao/userinfo.class.php 2006-08-23 17:22:38 UTC
> (rev 3910)
> +++ plog/trunk/class/dao/userinfo.class.php 2006-08-23 17:55:23 UTC
> (rev 3911)
> @@ -132,6 +132,19 @@
>
> return( $this->_blogs );
> }
> +
> + function getOwnBlogs()
> + {
> + $this->getBlogs();
> +
> + $blogs = array();
> + foreach($this->_blogs as $blog) {
> + if( $blog->getOwnerId() == $this->getId() )
> + array_push( $blogs, $blog );
> + }
> +
> + return( $blogs );
> + }
>
> function getFullName()
> {
>
> Modified: plog/trunk/class/view/admin/admindashboardview.class.php
> ===================================================================
> --- plog/trunk/class/view/admin/admindashboardview.class.php
> 2006-08-23 17:22:38 UTC (rev 3910)
> +++ plog/trunk/class/view/admin/admindashboardview.class.php
> 2006-08-23 17:55:23 UTC (rev 3911)
> @@ -101,12 +101,12 @@
> $maxBlogsPerUser = $this->_config->getValue
> ( "num_blogs_per_user" );
> if( !is_numeric( $maxBlogsPerUser ))
> $maxBlogsPerUser = DEFAULT_MAX_BLOGS_PER_USER;
> + $numOfUserBlogs = count( $this->_userInfo->getOwnBlogs() );
>
> - if( $maxBlogsPerUser == 0 )
> + if( $numOfUserBlogs < $maxBlogsPerUser )
> $userCanCreateBlog = true;
> - else {
> - $userCanCreateBlog = ($numOwnedBlogs < $maxBlogsPerUser);
> - }
> + else
> + $userCanCreateBlog = false;
>
> $this->_params->setValue( "userCanCreateBlog",
> $userCanCreateBlog );
> }
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list