start working on users

Signed-off-by: Florian Pritz <bluewind@xinu.at>

2 files changed, 81 insertions, 27 deletions

diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index 51557396a..08f43853c 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -20,7 +20,7 @@ class File_mod extends CI_Model {
 	{
 		$id = $this->random_id(3,6);
 
-		if ($this->id_exists($id) || $id == 'file') {
+		if ($this->id_exists($id) || $id == 'file' || $id == 'user') {
 			return $this->new_id();
 		} else {
 			return $id;
@@ -74,32 +74,19 @@ class File_mod extends CI_Model {
 		return $this->folder($hash).'/'.$hash;
 	}
 
-	function hash_password($password)
-	{
-		return sha1($this->config->item('passwordsalt').$password);
-	}
-
-	// Returns the password submitted by the user
-	function get_password()
-	{
-		$password = $this->input->post('password');
-		if ($password !== false && $password !== "") {
-			return $this->hash_password($password);
-		} elseif (isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] !== '') {
-			return $this->hash_password($_SERVER['PHP_AUTH_PW']);
-		}
-		return 'NULL';
-	}
-
 	// Add a hash to the DB
 	// TODO: Should only update not insert; see new_id()
 	function add_file($hash, $id, $filename)
 	{
+		$this->muser->require_access();
+
+		$userid = $this->muser->get_userid();
+
 		$mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash)));
 		$query = $this->db->query('
-			INSERT INTO `files` (`hash`, `id`, `filename`, `password`, `date`, `mimetype`)
+			INSERT INTO `files` (`hash`, `id`, `filename`, `user`, `date`, `mimetype`)
 			VALUES (?, ?, ?, ?, ?, ?)',
-			array($hash, $id, $filename, $this->get_password(), time(), $mimetype));
+			array($hash, $id, $filename, $userid, time(), $mimetype));
 	}
 
 	function show_url($id, $mode)
@@ -338,12 +325,9 @@ class File_mod extends CI_Model {
 
 	function delete_id($id)
 	{
+		$this->muser->require_access();
 		$filedata = $this->get_filedata($id);
-		$password = $this->get_password();
-
-		if ($password == "NULL") {
-			return false;
-		}
+		$userid = $this->muser->get_userid();
 
 		if(!$this->id_exists($id)) {
 			return false;
@@ -353,9 +337,9 @@ class File_mod extends CI_Model {
 			DELETE
 			FROM `files`
 			WHERE `id` = ?
-			AND password = ?
+			AND user = ?
 			LIMIT 1';
-		$this->db->query($sql, array($id, $password));
+		$this->db->query($sql, array($id, $userid));
 
 		if($this->id_exists($id))  {
 			return false;
diff --git a/application/models/muser.php b/application/models/muser.php
new file mode 100644
index 000000000..0b3d26be7
--- /dev/null
+++ b/application/models/muser.php
@@ -0,0 +1,70 @@
+<?php
+
+class Muser extends CI_Model {
+	function __construct()
+	{
+		parent::__construct();
+		$this->load->library("session");
+	}
+
+	function logged_in()
+	{
+		return $this->session->userdata('logged_in') == true;
+	}
+
+	function login($username, $password) 
+	{
+		$query = $this->db->query('
+			SELECT *
+			FROM `users`
+			WHERE `username` = ?
+			', array($username))->row_array();
+
+		if (crypt($password, $query["password"] == $password)) {
+			$this->session->set_userdata('logged_in', true);
+			$this->session->set_userdata('username', $username);
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	function logout()
+	{
+		$this->session->unset_userdata('logged_in');
+		$this->session->unset_userdata('username');
+	}
+
+	function get_username()
+	{
+		return $this->session->userdata('username');
+	}
+
+	function get_userid()
+	{
+		$query = $this->db->query("
+			SELECT id
+			FROM users
+			WHERE username = ?
+			", array($this->get_username()))->row_array();
+		return $query["id"];
+	}
+
+	function require_access()
+	{
+		if ($this->logged_in()) {
+			return true;
+		} else {
+			$this->session->set_flashdata("uri", $this->uri->uri_string());
+			redirect('user/login');
+		}
+	}
+
+	function hash_password($password)
+	{
+		$salt = random_alphanum(22);
+		return crypt($password, "$2a$10$$salt$");
+	}
+
+}
+