[pLog-svn] r4528 -
plugins/branches/lifetype-1.1/secret/class/security
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Thu Jan 11 00:48:08 GMT 2007
Author: jondaley
Date: 2007-01-11 00:48:07 +0000 (Thu, 11 Jan 2007)
New Revision: 4528
Modified:
plugins/branches/lifetype-1.1/secret/class/security/secretitemfilter.class.php
Log:
cleaned up the code a little. Don't check anything if the plugin is disabled
Modified: plugins/branches/lifetype-1.1/secret/class/security/secretitemfilter.class.php
===================================================================
--- plugins/branches/lifetype-1.1/secret/class/security/secretitemfilter.class.php 2007-01-11 00:29:57 UTC (rev 4527)
+++ plugins/branches/lifetype-1.1/secret/class/security/secretitemfilter.class.php 2007-01-11 00:48:07 UTC (rev 4528)
@@ -10,12 +10,6 @@
include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
include_once( PLOG_CLASS_PATH.'class/template/template.class.php' );
- /**
- * Filters the text posted in a comment by a user, to prevent spam-bots. This
- * filter only works if the incoming request has the "op" parameter as
- * "AddComment", because then it means that we're posting a comment. If it's not
- * like that, then we'll quit. Otherwise, the process will continue as normally.
- */
class SecretItemFilter extends PipelineFilter
{
@@ -28,12 +22,19 @@
{
// get some info
$blogInfo = $this->_pipelineRequest->getBlogInfo();
+ $blogSettings = $blogInfo->getSettings();
$request = $this->_pipelineRequest->getHttpRequest();
$session = HttpVars::getSession();
- // if we're not loading an article, we can ignore this
- if( $request->getValue( "op" ) != "ViewArticle" )
- return new PipelineResult();
+ // is the plugin enabled? If not, we can quit right away
+ if( !$blogSettings->getValue( "plugin_secret_enabled" )) {
+ return new PipelineResult();
+ }
+
+
+ // if we're not loading an article, we can ignore this
+ if( $request->getValue( "op" ) != "ViewArticle" )
+ return new PipelineResult();
// if this is already rejected, there is no reason to do anything here
if ( $this->_pipelineRequest->getRejectedState() )
@@ -62,8 +63,7 @@
$users =& new Users();
$user = $users->getUserInfoFromUsername( $userName );
if( !$user ) {
- $result = new PipelineResult( true );
- return $result;
+ return new PipelineResult();
}
// if there was a user, use his/her id
$userId = $user->getId();
@@ -73,8 +73,7 @@
$categories =& new ArticleCategories();
$category = $categories->getCategoryByName( $categoryName, $blogInfo->getId());
if( !$category ) {
- $result = new PipelineResult( true );
- return $result;
+ return new PipelineResult();
}
// if there was a user, use his/her id
$categoryId = $category->getId();
@@ -89,65 +88,63 @@
if( $article ) {
$articleId = $article->getId();
} else {
- $result = new PipelineResult( true );
- return $result;
+ return new PipelineResult();
}
}
// check if the article should be protected or not
$secretItems = new SecretItems();
- if( $secretItems->articleIsSecret( $articleId )) {
- // if so, first check if the password does not already exist in the session
- $itemPassword = $request->getValue( "itemPassword" );
+
+ // not protected, exit now
+ if(!$secretItems->articleIsSecret($articleId))
+ return new PipelineResult();
+ // now check if the password does not already exist in the session
+ $itemPassword = $request->getValue( "itemPassword" );
+
// do we already have this information in the session?
- $sessionKey = "article_".$articleId."_auth";
- if( isset( $session[ "$sessionKey"] )) {
- if( $session[ "$sessionKey" ] != "" ) {
-
+ $sessionKey = "article_".$articleId."_auth";
+ if( isset( $session[ "$sessionKey"] )) {
+ if( $session[ "$sessionKey" ] != "" ) {
+
// check if the information is correct
- if( $secretItems->authenticateItemHash( $articleId, $session[ "$sessionKey" ] )) {
+ if( $secretItems->authenticateItemHash( $articleId,
+ $session[ "$sessionKey" ] ))
+ {
// if all correct, go ahead!
- $result = new PipelineResult( true );
- return $result;
- }
- }
- }
-
- // if not, check if we are authenticating now...
- if( $itemPassword != "" ) {
- // authenticate using the given password
- if( !$secretItems->authenticateItem( $articleId, $itemPassword )) {
- $result = new PipelineResult( false, 500, "Better luck next time!" );
- }
- else {
- // if the user authenticated correctly, then put the information in the session
- $session = HttpVars::getSession();
- $session[ "$sessionKey" ] = md5( $itemPassword );
$result = new PipelineResult( true );
- HttpVars::setSession( $session );
+ return $result;
}
}
+ }
+
+ // if not, check if we are authenticating now...
+ if( $itemPassword != "" ) {
+ // authenticate using the given password
+ if( !$secretItems->authenticateItem( $articleId, $itemPassword )) {
+ $result = new PipelineResult( false, 500, "Better luck next time!" );
+ }
else {
+ // if the user authenticated correctly, then put the information in the session
+ $session = HttpVars::getSession();
+ $session[ "$sessionKey" ] = md5( $itemPassword );
+ $result = new PipelineResult( true );
+ HttpVars::setSession( $session );
+ }
+ }
+ else {
// prepare the view we're going to show
- include_once( PLOG_CLASS_PATH."plugins/secret/class/view/secretpluginenterpasswordview.class.php" );
- $view = new SecretPluginEnterPasswordView( $blogInfo );
- $view->setValue( "locale", $blogInfo->getLocale() );
- $view->setValue( "params", $request->getAsArray());
- $view->setValue( "articleId", $articleId );
- $view->setValue( "url", $blogInfo->getBlogRequestGenerator());
+ include_once( PLOG_CLASS_PATH."plugins/secret/class/view/secretpluginenterpasswordview.class.php" );
+ $view = new SecretPluginEnterPasswordView( $blogInfo );
+ $view->setValue( "locale", $blogInfo->getLocale() );
+ $view->setValue( "params", $request->getAsArray());
+ $view->setValue( "articleId", $articleId );
+ $view->setValue( "url", $blogInfo->getBlogRequestGenerator());
// and give it to the pipeline for display
- $result = new PipelineResult( false, 500, "" );
- $result->setView( $view );
- }
-
- return $result;
+ $result = new PipelineResult( false, 500, "" );
+ $result->setView( $view );
}
-
- // if everything went fine, we can say so by returning
- // a positive PipelineResult object
- $result = new PipelineResult( true );
-
+
return $result;
}
}
More information about the pLog-svn
mailing list