summaryrefslogtreecommitdiffstats
path: root/application/models
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2012-04-08 23:13:15 +0200
committerFlorian Pritz <bluewind@xinu.at>2012-04-09 20:47:36 +0200
commit3f01ddce9dff69a49493541882de85854cbcebe5 (patch)
tree13c23f0a6893970ca71fbbfe763c3c696c8a0a4b /application/models
parentb18f4e453ecdf3404a107f9fc72d7bd9249401d0 (diff)
start working on users
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/models')
-rw-r--r--application/models/file_mod.php38
-rw-r--r--application/models/muser.php70
2 files changed, 81 insertions, 27 deletions
diff --git a/application/models/file_mod.php b/application/models/file_mod.php
index 51557396a..08f43853c 100644
--- a/application/models/file_mod.php
+++ b/application/models/file_mod.php
@@ -20,7 +20,7 @@ class File_mod extends CI_Model {
{
$id = $this->random_id(3,6);
- if ($this->id_exists($id) || $id == 'file') {
+ if ($this->id_exists($id) || $id == 'file' || $id == 'user') {
return $this->new_id();
} else {
return $id;
@@ -74,32 +74,19 @@ class File_mod extends CI_Model {
return $this->folder($hash).'/'.$hash;
}
- function hash_password($password)
- {
- return sha1($this->config->item('passwordsalt').$password);
- }
-
- // Returns the password submitted by the user
- function get_password()
- {
- $password = $this->input->post('password');
- if ($password !== false && $password !== "") {
- return $this->hash_password($password);
- } elseif (isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] !== '') {
- return $this->hash_password($_SERVER['PHP_AUTH_PW']);
- }
- return 'NULL';
- }
-
// Add a hash to the DB
// TODO: Should only update not insert; see new_id()
function add_file($hash, $id, $filename)
{
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+
$mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash)));
$query = $this->db->query('
- INSERT INTO `files` (`hash`, `id`, `filename`, `password`, `date`, `mimetype`)
+ INSERT INTO `files` (`hash`, `id`, `filename`, `user`, `date`, `mimetype`)
VALUES (?, ?, ?, ?, ?, ?)',
- array($hash, $id, $filename, $this->get_password(), time(), $mimetype));
+ array($hash, $id, $filename, $userid, time(), $mimetype));
}
function show_url($id, $mode)
@@ -338,12 +325,9 @@ class File_mod extends CI_Model {
function delete_id($id)
{
+ $this->muser->require_access();
$filedata = $this->get_filedata($id);
- $password = $this->get_password();
-
- if ($password == "NULL") {
- return false;
- }
+ $userid = $this->muser->get_userid();
if(!$this->id_exists($id)) {
return false;
@@ -353,9 +337,9 @@ class File_mod extends CI_Model {
DELETE
FROM `files`
WHERE `id` = ?
- AND password = ?
+ AND user = ?
LIMIT 1';
- $this->db->query($sql, array($id, $password));
+ $this->db->query($sql, array($id, $userid));
if($this->id_exists($id)) {
return false;
diff --git a/application/models/muser.php b/application/models/muser.php
new file mode 100644
index 000000000..0b3d26be7
--- /dev/null
+++ b/application/models/muser.php
@@ -0,0 +1,70 @@
+<?php
+
+class Muser extends CI_Model {
+ function __construct()
+ {
+ parent::__construct();
+ $this->load->library("session");
+ }
+
+ function logged_in()
+ {
+ return $this->session->userdata('logged_in') == true;
+ }
+
+ function login($username, $password)
+ {
+ $query = $this->db->query('
+ SELECT *
+ FROM `users`
+ WHERE `username` = ?
+ ', array($username))->row_array();
+
+ if (crypt($password, $query["password"] == $password)) {
+ $this->session->set_userdata('logged_in', true);
+ $this->session->set_userdata('username', $username);
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ function logout()
+ {
+ $this->session->unset_userdata('logged_in');
+ $this->session->unset_userdata('username');
+ }
+
+ function get_username()
+ {
+ return $this->session->userdata('username');
+ }
+
+ function get_userid()
+ {
+ $query = $this->db->query("
+ SELECT id
+ FROM users
+ WHERE username = ?
+ ", array($this->get_username()))->row_array();
+ return $query["id"];
+ }
+
+ function require_access()
+ {
+ if ($this->logged_in()) {
+ return true;
+ } else {
+ $this->session->set_flashdata("uri", $this->uri->uri_string());
+ redirect('user/login');
+ }
+ }
+
+ function hash_password($password)
+ {
+ $salt = random_alphanum(22);
+ return crypt($password, "$2a$10$$salt$");
+ }
+
+}
+