[pLog-svn] r3911 - in plog/trunk/class: action/admin daoview/admin

Mark Wu markplace at gmail.com
Sun Sep 3 17:15:21 GMT 2006 

In registerBlog, we only allow the user to create the blogs with
MAX_BLOGS_PER_USER limitation. But, the logic of original regsiterBlog is
wrong.

1. We count the blogs that owned by others in at getBlogs(). Therefore if a
user own 1 blog, but he has the permission to edit other 2 blogs, then the
registerBlog will not allow this user to create blogs. That's why a create a
new method getOwnBlogs() to get right number.
2. We did not save the session in previous implementation. So, if we call
getBlogs(), it always returns the original blogs array. Therefore the user
can create unlimit blogs in the same session.
3. Add validation to check the blogs is over limit or not, instead of
if-statement in smarty only. 

Mark


> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net 
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of 
> Oscar Renalias
> Sent: Sunday, September 03, 2006 1:44 AM
> To: plog-svn at devel.lifetype.net
> Cc: 3911 at devel.lifetype.net; /var/svn/plog at devel.lifetype.net
> Subject: Re: [pLog-svn] r3911 - in plog/trunk/class: 
> action/admin daoview/admin
> 
> I don't think I understand this change... What was the serious bug?
> 
> On 23 Aug 2006, at 20:55, mark at devel.lifetype.net wrote:
> 
> > Author: mark
> > Date: 2006-08-23 17:55:23 +0000 (Wed, 23 Aug 2006) New 
> Revision: 3911
> >
> > Modified:
> >    plog/trunk/class/action/admin/adminaction.class.php
> >    plog/trunk/class/action/admin/admindoregisterblogaction.class.php
> >    plog/trunk/class/dao/userinfo.class.php
> >    plog/trunk/class/view/admin/admindashboardview.class.php
> > Log:
> > Fixed a serious bug of registerBlog.
> > 1. We can not count the blog that owned by someone.
> > 2. We have to save the userInfo into session, or the 
> registerBlog will 
> > appear in the same session, no matter how many blogs that the user 
> > create.
> > 3. We have to validate the numberOfUserBlogs in 
> doRegisterAction, or 
> > user can cheating us.
> >
> > Modified: plog/trunk/class/action/admin/adminaction.class.php
> > ===================================================================
> > --- plog/trunk/class/action/admin/adminaction.class.php	
> 2006-08-23  
> > 17:22:38 UTC (rev 3910)
> > +++ plog/trunk/class/action/admin/adminaction.class.php	
> 2006-08-23  
> > 17:55:23 UTC (rev 3911)
> > @@ -167,8 +167,10 @@
> >           */
> >          function saveSession()
> >          {
> > -        	$this->_session->setValue( "blogId", $this->_blogInfo- 
> > >getId() );
> > -            $this->_session->setValue( "userInfo", $this- 
> > >_userInfo );
> > +        	if( !empty( $this->_blogInfo ) )
> > +        		$this->_session->setValue( "blogId", 
> $this->_blogInfo-
> > >getId() );
> > +        	if( !empty( $this->_userInfo ) )
> > +            	$this->_session->setValue( "userInfo", $this-
> > >_userInfo );
> >          	//$_SESSION["SessionInfo"] = $this->_session;
> >              $session = HttpVars::getSession();
> >              $session["SessionInfo"] = $this->_session;
> >
> > Modified: plog/trunk/class/action/admin/ 
> > admindoregisterblogaction.class.php
> > ===================================================================
> > --- plog/trunk/class/action/admin/ 
> > admindoregisterblogaction.class.php	2006-08-23 17:22:38 UTC 
> (rev 3910)
> > +++ plog/trunk/class/action/admin/
> > admindoregisterblogaction.class.php	2006-08-23 17:55:23 UTC 
> (rev 3911)
> > @@ -28,6 +28,27 @@
> >  			$this->registerFieldValidator( 
> "blogCategory", new 
> > IntegerValidator());
> >  			$this->setValidationErrorView( new 
> AdminRegisterBlogView( $this-
> > >_userInfo ));
> >  		}
> > +
> > +		function validate()
> > +		{
> > +			if( !parent::validate())
> > +				return false;
> > +
> > +			$maxBlogsPerUser = $this->_config->getValue
> > ( "num_blogs_per_user" );
> > +			if( !is_numeric( $maxBlogsPerUser ))
> > +				$maxBlogsPerUser = 
> DEFAULT_MAX_BLOGS_PER_USER;
> > +			$numOfUserBlogs = count( 
> $this->_userInfo->getOwnBlogs() );
> > +			
> > +			if( $numOfUserBlogs >= $maxBlogsPerUser ) {
> > +		        $this->_view = new AdminRegisterBlogView( $this-
> > >_blogInfo, $this->_userInfo );
> > +		        $this->_view->setErrorMessage( 
> $this->_locale->tr
> > ("error_already_over_blog_creation_limition") );
> > +		        $this->setCommonData();
> > +
> > +		        return false;
> > +			}
> > +			
> > +			return true;
> > +		}
> >  		
> >  		function perform()
> >  		{
> > @@ -110,9 +131,15 @@
> >              $article->setDateObject( $t );
> >              $articles = new Articles();
> >              $articles->addArticle( $article );	
> > +
> > +			// after we update everything, we need 
> to get the userInfo from
> > db and set to session again.
> > +			include_once( 
> PLOG_CLASS_PATH."class/dao/users.class.php" );
> > +			$users = new Users();
> > +			$this->_userInfo = 
> $users->getUserInfoFromId( $this->_userInfo-
> > >getId() );
> > +            $this->_session->setValue( "userInfo", $this-
> > >_userInfo );
> > +            $this->saveSession();
> >  						
> >  			// redirect process to the dashboard view
> > -			$users = new Users();
> >  			$usersBlogs = $users->getUsersBlogs( 
> $this->_userInfo->getId(), 
> > BLOG_STATUS_ACTIVE );
> >  			$this->_view = new AdminDashboardView( 
> $this->_userInfo, 
> > $usersBlogs );
> >  		}
> >
> > Modified: plog/trunk/class/dao/userinfo.class.php
> > ===================================================================
> > --- plog/trunk/class/dao/userinfo.class.php	2006-08-23 
> 17:22:38 UTC  
> > (rev 3910)
> > +++ plog/trunk/class/dao/userinfo.class.php	2006-08-23 
> 17:55:23 UTC  
> > (rev 3911)
> > @@ -132,6 +132,19 @@
> >  			
> >  			return( $this->_blogs );
> >  		}
> > +
> > +		function getOwnBlogs()
> > +		{
> > +			$this->getBlogs();
> > +
> > +			$blogs = array();
> > +			foreach($this->_blogs as $blog) {
> > +				if( $blog->getOwnerId() == 
> $this->getId() )
> > +					array_push( $blogs, $blog );
> > +			}
> > +			
> > +			return( $blogs );
> > +		}
> >  		
> >  		function getFullName()
> >  		{
> >
> > Modified: plog/trunk/class/view/admin/admindashboardview.class.php
> > ===================================================================
> > --- 
> plog/trunk/class/view/admin/admindashboardview.class.php	 
> > 2006-08-23 17:22:38 UTC (rev 3910)
> > +++ 
> plog/trunk/class/view/admin/admindashboardview.class.php	 
> > 2006-08-23 17:55:23 UTC (rev 3911)
> > @@ -101,12 +101,12 @@
> >  			$maxBlogsPerUser = 
> $this->_config->getValue ( "num_blogs_per_user" 
> > );
> >  			if( !is_numeric( $maxBlogsPerUser ))
> >  				$maxBlogsPerUser = 
> DEFAULT_MAX_BLOGS_PER_USER;
> > +			$numOfUserBlogs = count( 
> $this->_userInfo->getOwnBlogs() );
> >  				
> > -			if( $maxBlogsPerUser == 0 )
> > +			if( $numOfUserBlogs < $maxBlogsPerUser )
> >  				$userCanCreateBlog = true;
> > -			else {
> > -				$userCanCreateBlog = 
> ($numOwnedBlogs < $maxBlogsPerUser);
> > -			}
> > +			else
> > +				$userCanCreateBlog = false;
> >  			
> >  			$this->_params->setValue( 
> "userCanCreateBlog", $userCanCreateBlog 
> > );
> >  		}
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://devel.lifetype.net/mailman/listinfo/plog-svn
> >
> 
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn

More information about the pLog-svn mailing list