From bcd7920b817b60df9b1b266118419e44c39900db Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Tue, 3 Feb 2015 13:59:59 +0100
Subject: generalize authentication handling

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/muser.php | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

(limited to 'application/models')

diff --git a/application/models/muser.php b/application/models/muser.php
index ffcc5f6b3..fb8abad8b 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -160,14 +160,14 @@ class Muser extends CI_Model {
 		$have = array_search($session_level, $this->access_levels);
 
 		if ($wanted === false || $have === false) {
-			show_error("Failed to determine access level");
+			throw new \exceptions\PublicApiException("api/invalid-accesslevel", "Failed to determine access level");
 		}
 
 		if ($have >= $wanted) {
-			return true;
+			return;
 		}
 
-		show_error("Access denied: Access level too low", 403);
+		throw new \exceptions\InsufficientPermissionsException("api/insufficient-permissions", "Access denied: Access level too low");
 	}
 
 	function require_access($wanted_level = "full")
@@ -184,17 +184,15 @@ class Muser extends CI_Model {
 			return $this->check_access_level($wanted_level);
 		}
 
-		if (!stateful_client()) {
-			show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401);
+		if (stateful_client()) {
+			// desktop clients get redirected to the login form
+			$this->require_session();
+			if (!$this->session->userdata("flash:new:uri")) {
+				$this->session->set_flashdata("uri", $this->uri->uri_string());
+			}
 		}
 
-		// desktop clients get redirected to the login form
-		$this->require_session();
-		if (!$this->session->userdata("flash:new:uri")) {
-			$this->session->set_flashdata("uri", $this->uri->uri_string());
-		}
-		redirect('user/login');
-		exit();
+		throw new \exceptions\NotAuthenticatedException("api/not-authenticated", "Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.");
 	}
 
 	function username_exists($username)
-- 
cgit v1.2.3-24-g4f1b


From 08dbb3590d64a5c1bf8981f275e47aef84acb4e0 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Tue, 3 Feb 2015 14:00:56 +0100
Subject: use function instead of variable

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/muser.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'application/models')

diff --git a/application/models/muser.php b/application/models/muser.php
index fb8abad8b..398253c6a 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -156,8 +156,8 @@ class Muser extends CI_Model {
 	{
 		$session_level = $this->session->userdata("access_level");
 
-		$wanted = array_search($wanted_level, $this->access_levels);
-		$have = array_search($session_level, $this->access_levels);
+		$wanted = array_search($wanted_level, $this->get_access_levels());
+		$have = array_search($session_level, $this->get_access_levels());
 
 		if ($wanted === false || $have === false) {
 			throw new \exceptions\PublicApiException("api/invalid-accesslevel", "Failed to determine access level");
-- 
cgit v1.2.3-24-g4f1b


From a842392c30e9ef1d1d2bd9b4eb271c3fd23b853f Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Tue, 3 Feb 2015 17:17:27 +0100
Subject: Use exceptions instead of show_error

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/mfile.php       | 2 +-
 application/models/mmultipaste.php | 2 +-
 application/models/muser.php       | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'application/models')

diff --git a/application/models/mfile.php b/application/models/mfile.php
index eee2c4e5b..0ec27a817 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -40,7 +40,7 @@ class Mfile extends CI_Model {
 			return $id;
 		}
 
-		show_error("Failed to find unused ID after $max_tries tries.");
+		throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after $max_tries tries");
 	}
 
 	function id_exists($id)
diff --git a/application/models/mmultipaste.php b/application/models/mmultipaste.php
index 6cbf6518b..2b0196531 100644
--- a/application/models/mmultipaste.php
+++ b/application/models/mmultipaste.php
@@ -54,7 +54,7 @@ class Mmultipaste extends CI_Model {
 			return $id;
 		}
 
-		show_error("Failed to find unused ID after $max_tries tries.");
+		throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after $max_tries tries");
 	}
 
 	public function id_exists($id)
diff --git a/application/models/muser.php b/application/models/muser.php
index 398253c6a..6f6129ca2 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -83,7 +83,7 @@ class Muser extends CI_Model {
 			if ($this->login($username, $password)) {
 				return true;
 			} else {
-				show_error("Login failed", 401);
+				throw new \exceptions\NotAuthenticatedException("user/login-failed", "Login failed");
 			}
 		}
 
@@ -112,7 +112,7 @@ class Muser extends CI_Model {
 			return true;
 		}
 
-		show_error("API key login failed", 401);
+		throw new \exceptions\NotAuthenticatedException("user/api-login-failed", "API key login failed");
 	}
 
 	function logout()
@@ -208,7 +208,7 @@ class Muser extends CI_Model {
 			->get()->row_array();
 
 		if (!isset($query["key"]) || $key != $query["key"]) {
-			show_error("Invalid action key");
+			throw new \exceptions\ApiException("user/get_action/invalid-action", "Invalid action key");
 		}
 
 		return $query;
-- 
cgit v1.2.3-24-g4f1b


From db8a70bbcb941fde96a0ac98919702c49814d0c5 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Thu, 5 Feb 2015 21:48:16 +0100
Subject: fixup! Support database table prefixes

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/mmultipaste.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'application/models')

diff --git a/application/models/mmultipaste.php b/application/models/mmultipaste.php
index 2b0196531..9be4dc416 100644
--- a/application/models/mmultipaste.php
+++ b/application/models/mmultipaste.php
@@ -65,7 +65,7 @@ class Mmultipaste extends CI_Model {
 
 		$sql = '
 			SELECT multipaste.url_id
-			FROM multipaste
+			FROM '.$this->db->dbprefix.'multipaste
 			WHERE multipaste.url_id = ?
 			LIMIT 1';
 		$query = $this->db->query($sql, array($id));
@@ -113,7 +113,7 @@ class Mmultipaste extends CI_Model {
 	{
 		return $this->db->query("
 			SELECT user_id
-			FROM multipaste
+			FROM ".$this->db->dbprefix."multipaste
 			WHERE url_id = ?
 			", array($id))->row_array()["user_id"];
 	}
@@ -122,7 +122,7 @@ class Mmultipaste extends CI_Model {
 	{
 		return $this->db->query("
 			SELECT url_id, user_id, date
-			FROM multipaste
+			FROM ".$this->db->dbprefix."multipaste
 			WHERE url_id = ?
 			", array($id))->row_array();
 	}
@@ -133,8 +133,8 @@ class Mmultipaste extends CI_Model {
 
 		$query = $this->db->query("
 			SELECT mfm.file_url_id
-			FROM multipaste_file_map mfm
-			JOIN multipaste m ON m.multipaste_id = mfm.multipaste_id
+			FROM ".$this->db->dbprefix."multipaste_file_map mfm
+			JOIN ".$this->db->dbprefix."multipaste m ON m.multipaste_id = mfm.multipaste_id
 			WHERE m.url_id = ?
 			ORDER BY mfm.sort_order
 			", array($url_id))->result_array();
@@ -151,7 +151,7 @@ class Mmultipaste extends CI_Model {
 	{
 		$query = $this->db->query("
 			SELECT multipaste_id
-			FROM multipaste
+			FROM ".$this->db->dbprefix."multipaste
 			WHERE url_id = ?
 			", array($url_id));
 
-- 
cgit v1.2.3-24-g4f1b


From 67ed287e97daa9965521c9d133714bde72145711 Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Fri, 6 Feb 2015 12:40:28 +0100
Subject: fixup! Support database table prefixes

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/models/mmultipaste.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'application/models')

diff --git a/application/models/mmultipaste.php b/application/models/mmultipaste.php
index 9be4dc416..ed3b8e3a7 100644
--- a/application/models/mmultipaste.php
+++ b/application/models/mmultipaste.php
@@ -64,9 +64,9 @@ class Mmultipaste extends CI_Model {
 		}
 
 		$sql = '
-			SELECT multipaste.url_id
-			FROM '.$this->db->dbprefix.'multipaste
-			WHERE multipaste.url_id = ?
+			SELECT url_id
+			FROM `'.$this->db->dbprefix.'multipaste`
+			WHERE url_id = ?
 			LIMIT 1';
 		$query = $this->db->query($sql, array($id));
 
@@ -113,7 +113,7 @@ class Mmultipaste extends CI_Model {
 	{
 		return $this->db->query("
 			SELECT user_id
-			FROM ".$this->db->dbprefix."multipaste
+			FROM `".$this->db->dbprefix."multipaste`
 			WHERE url_id = ?
 			", array($id))->row_array()["user_id"];
 	}
@@ -122,7 +122,7 @@ class Mmultipaste extends CI_Model {
 	{
 		return $this->db->query("
 			SELECT url_id, user_id, date
-			FROM ".$this->db->dbprefix."multipaste
+			FROM `".$this->db->dbprefix."multipaste`
 			WHERE url_id = ?
 			", array($id))->row_array();
 	}
@@ -133,8 +133,8 @@ class Mmultipaste extends CI_Model {
 
 		$query = $this->db->query("
 			SELECT mfm.file_url_id
-			FROM ".$this->db->dbprefix."multipaste_file_map mfm
-			JOIN ".$this->db->dbprefix."multipaste m ON m.multipaste_id = mfm.multipaste_id
+			FROM `".$this->db->dbprefix."multipaste_file_map` mfm
+			JOIN `".$this->db->dbprefix."multipaste` m ON m.multipaste_id = mfm.multipaste_id
 			WHERE m.url_id = ?
 			ORDER BY mfm.sort_order
 			", array($url_id))->result_array();
@@ -151,7 +151,7 @@ class Mmultipaste extends CI_Model {
 	{
 		$query = $this->db->query("
 			SELECT multipaste_id
-			FROM ".$this->db->dbprefix."multipaste
+			FROM `".$this->db->dbprefix."multipaste`
 			WHERE url_id = ?
 			", array($url_id));
 
-- 
cgit v1.2.3-24-g4f1b