diff options
Diffstat (limited to 'web/lib')
| -rw-r--r-- | web/lib/acctfuncs.inc.php | 74 | ||||
| -rw-r--r-- | web/lib/aur.inc.php | 23 | ||||
| -rw-r--r-- | web/lib/routing.inc.php | 1 |
3 files changed, 98 insertions, 0 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 22b3ca8d..e45d735b 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -1325,3 +1325,77 @@ function notify($params) { return proc_close($p); } + +/* + * Obtain a list of terms a given user has not yet accepted. + * + * @param int $uid The ID of the user to obtain terms for. + * + * @return array A list of terms the user has not yet accepted. + */ +function fetch_updated_terms($uid) { + $dbh = DB::connect(); + + $q = "SELECT ID, Terms.Revision, Description, URL "; + $q .= "FROM Terms LEFT JOIN AcceptedTerms "; + $q .= "ON AcceptedTerms.TermsID = Terms.ID "; + $q .= "AND AcceptedTerms.UsersID = " . intval($uid) . " "; + $q .= "WHERE AcceptedTerms.Revision IS NULL OR "; + $q .= "AcceptedTerms.Revision < Terms.Revision"; + + $result = $dbh->query($q); + + if ($result) { + return $result->fetchAll(); + } else { + return array(); + } +} + +/* + * Accept a list of given terms. + * + * @param int $uid The ID of the user to accept the terms. + * @param array $termrev An array mapping each term to the accepted revision. + * + * @return void + */ +function accept_terms($uid, $termrev) { + $dbh = DB::connect(); + + $q = "SELECT TermsID, Revision FROM AcceptedTerms "; + $q .= "WHERE UsersID = " . intval($uid); + + $result = $dbh->query($q); + + if (!$result) { + return; + } + + $termrev_update = array(); + while ($row = $result->fetch(PDO::FETCH_ASSOC)) { + $id = $row['TermsID']; + if (!array_key_exists($id, $termrev)) { + continue; + } + if ($row['Revision'] < $termrev[$id]) { + $termrev_update[$id] = $termrev[$id]; + } + } + $termrev_add = array_diff_key($termrev, $termrev_update); + + foreach ($termrev_add as $id => $rev) { + $q = "INSERT INTO AcceptedTerms (TermsID, UsersID, Revision) "; + $q .= "VALUES (" . intval($id) . ", " . intval($uid) . ", "; + $q .= intval($rev) . ")"; + $dbh->exec($q); + } + + foreach ($termrev_update as $id => $rev) { + $q = "UPDATE AcceptedTerms "; + $q .= "SET Revision = " . intval($rev) . " "; + $q .= "WHERE TermsID = " . intval($id) . " AND "; + $q .= "UsersID = " . intval($uid); + $dbh->exec($q); + } +} diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 063de8fc..ce569ea7 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -22,6 +22,7 @@ include_once('timezone.inc.php'); set_tz(); check_sid(); +check_tos(); /** * Check if a visitor is logged in @@ -92,6 +93,28 @@ function check_sid() { } /** + * Redirect user to the Terms of Service agreement if there are updated terms. + * + * @return void + */ +function check_tos() { + if (!isset($_COOKIE["AURSID"])) { + return; + } + + $path = $_SERVER['PATH_INFO']; + $route = get_route($path); + if (!$route || $route == "tos.php") { + return; + } + + if (count(fetch_updated_terms(uid_from_sid($_COOKIE["AURSID"]))) > 0) { + header('Location: ' . get_uri('/tos')); + exit(); + } +} + +/** * Verify the supplied CSRF token matches expected token * * @return bool True if the CSRF token is the same as the cookie SID, otherwise false diff --git a/web/lib/routing.inc.php b/web/lib/routing.inc.php index 8c45c626..7d9750a0 100644 --- a/web/lib/routing.inc.php +++ b/web/lib/routing.inc.php @@ -16,6 +16,7 @@ $ROUTES = array( '/passreset' => 'passreset.php', '/rpc' => 'rpc.php', '/rss' => 'rss.php', + '/tos' => 'tos.php', '/tu' => 'tu.php', '/addvote' => 'addvote.php', ); |