Skip to content

Commit

Permalink
refs #1067 : modified - auth is rewritten.
Browse files Browse the repository at this point in the history
 refs #1753 : modified - database merge indicator is changed from flat
 to equal.
 -
  • Loading branch information
inureyes committed Jan 21, 2015
1 parent 6093f7c commit 3fb7239
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 21 deletions.
2 changes: 1 addition & 1 deletion framework/data/DBModel.php
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ public function getAlias($table) {

public function extend($table, $type, $relations = null) {
$this->_extended_objects[$table] = array();
if(!in_array(strtolower($type),array('left','inner','outer','flat'))) return false;
if(!in_array(strtolower($type),array('left','inner','outer','equal'))) return false;
$this->_extended_objects[$table]['type'] = $type;
$args = $relations;
$glues = array();
Expand Down
41 changes: 21 additions & 20 deletions library/auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ function logout() {
function requireLogin() {
$context = Model_Context::getInstance();
if(isset($_POST['refererURI'])) $_GET['refererURI'] = $_POST['refererURI'];
else if(isset($_SESSION['refererURI'])) {
else if(isset($_SESSION['refererURI'])) {
$_GET['refererURI'] = $_SESSION['refererURI'];
unset($_SESSION['refererURI']);
}
Expand Down Expand Up @@ -93,8 +93,8 @@ function requireStrictRoute() {
header('Content-Type: text/html');
header("Connection: close");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ko">
<!DOCTYPE html>
<html>
<head>
<title><?php echo _t('Precondition Failed');?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
Expand Down Expand Up @@ -139,17 +139,14 @@ function validateAPIKey($blogid, $loginid, $key) {
}

function isLoginId($blogid, $loginid) {
global $database;
$loginid = POD::escapeString($loginid);

// 팀블로그 :: 팀원 확인
$result = POD::queryCount("SELECT u.userid
FROM {$database['prefix']}Users u,
{$database['prefix']}Privileges t
WHERE t.blogid = $blogid
AND u.loginid = '$loginid'
AND t.userid = u.userid");
// End TeamBlog
$pool = DBModel::getInstance();
$pool->reset("Users");
$pool->setAlias("Users","u");
$pool->setAlias("Privileges","t");
$pool->extend("Privileges","left",array("t.userid","eq","u.userid"));
$pool->setQualifier("t.blogid","eq",$blogid);
$pool->setQualifier("u.loginid","eq",$loginid, true);
$result = $pool->getCount("u.userid");
if ($result && $result === 1)
return true;
return false;
Expand All @@ -159,24 +156,28 @@ function generatePassword() {
return strtolower(substr(base64_encode(rand(0x10000000, 0x70000000)), 3, 8));
}

function resetPassword($blogid, $loginid) {
function resetPassword($blogid, $loginid) {
$ctx = Model_Context::getInstance();

if (!isLoginId($blogid, $loginid))
return false;
$userid = User::getUserIdByEmail($loginid);
$password = POD::queryCell("SELECT password FROM {$database['prefix']}Users WHERE userid = $userid",'password',false);
$authtoken = md5(generatePassword());


$query = DBModel::getInstance();
$query->reset("Users");
$query->setQualifier("userid","eq",$userid);
$password = $query->getCell("password");

$authtoken = md5(generatePassword());

$query->reset('UserSettings');
$query->setAttribute('userid',$userid);
$query->setAttribute('name','Authtoken',true);
$query->setAttribute('value',$authtoken,true);
$query->setQualifier('userid',$userid);
$query->setQualifier('name','Authtoken',true);
$query->replace();

if(empty($result)) {
return false;
}
Expand Down

0 comments on commit 3fb7239

Please sign in to comment.