Business
/
NewsPen
2
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Add full support for password protected publications (close #1)

Browse Source
master
Skylar Ittner 7 years ago
parent eb959cba9b
commit 77210505c1
7 changed files with 111 additions and 13 deletions
Show Stats Download Patch File Download Diff File

16
action.php
Unescape Escape View File

@ -58,13 +58,25 @@ switch ($VARS['action']) {
if (!is_numeric($VARS['landscape']) || ((int) $VARS['landscape'] !== 0 && (int) $VARS['landscape'] !== 1)) {
returnToSender('invalid_parameters');
}
if ($VARS['password_protect'] == 1) {
if (!is_empty($VARS['password'])) {
$password = password_hash($VARS['password'], PASSWORD_BCRYPT);
} else if (!$insert) {
$password = $database->get("publications", 'pwd', ['pubid' => $VARS['pubid']]);
}
$permission = 3;
} else {
$password = null;
$permission = $VARS['perm'];
}
$data = [
'pubname' => $VARS['name'],
'pubdate' => date("Y-m-d H:i:s"),
'styleid' => $VARS['style'],
'columns' => $VARS['columns'],
'permid' => $VARS['perm'],
'permid' => $permission,
'pwd' => $password,
'page_size' => $VARS['size'],
'landscape' => $VARS['landscape']
];
@ -141,7 +153,7 @@ switch ($VARS['action']) {
}
$pubid = $database->get("tiles", "pubid", ['tileid' => $VARS['tileid']]);
if ($database->get("publications", 'uid', ['pubid' => $pubid]) != $_SESSION['uid']) {
die(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)]));
}

BIN
database.mwb
View File

Binary file not shown.

5
lang/en_us.php
Unescape Escape View File

@ -66,4 +66,9 @@ define("STRINGS", [
"visibility loggedin" => "People with accounts",
"visibility link" => "Anyone with the link",
"visibility password" => "Anyone with the link and password",
"password protect" => "Password protect",
"anyone with link and password can view" => "When a password is set, anyone with the link and password can view the publication.",
"enter password to view file" => "Enter password to view file",
"view file" => "View File",
"password incorrect" => "Password incorrect."
]);

63
lib/gencontent.php
Unescape Escape View File

@ -5,7 +5,7 @@ if (!defined("IN_NEWSPEN")) {
if (is_numeric($VARS['pubid'])) {
if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
$pub = $VARS['pubid'];
$pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname"], ["pubid" => $pub]);
$pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname", "pwd"], ["pubid" => $pub]);
if ($pubdata["permname"] != "LINK") {
dieifnotloggedin();
}
@ -14,6 +14,55 @@ if (!defined("IN_NEWSPEN")) {
die(lang("no permission"));
}
}
if ($pubdata['permname'] == "LINK" && !is_empty($pubdata['pwd']) && $_SESSION['loggedin'] != true) {
$passok = false;
$passfail = false;
if (isset($VARS['password'])) {
$passok = password_verify($VARS['password'], $pubdata['pwd']);
$passfail = !$passok;
}
if (!$passok) {
?>
<!DOCTYPE html>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?php echo htmlspecialchars($pubdata["pubname"] . " | " . date("Y-m-d", strtotime($pubdata["pubdate"]))); ?></title>
<link href="../static/css/bootstrap.min.css" rel="stylesheet">
<link href="../static/css/font-awesome.min.css" rel="stylesheet">
<style nonce="<?php echo $SECURE_NONCE; ?>">
#heading {
background-color: #673ab7;
}
</style>
<br />
<div class="row">
<div class="col-xs-12 col-sm-4 col-sm-offset-4">
<form action="gencontent.php" method="POST" class="panel panel-info">
<div class="panel-heading" id="heading">
<label class="panel-title" for="password"><i class="fa fa-lock"></i> <?php lang("enter password to view file"); ?></label>
</div>
<div class="panel-body">
<?php if ($passfail) {
?>
<div class="alert alert-danger">
<i class="fa fa-times"></i> <?php lang("password incorrect"); ?>
</div>
<?php
}
?>
<input type="password" name="password" class="form-control" placeholder="<?php lang("password"); ?>" />
<input type="hidden" name="pubid" value="<?php echo $pub; ?>" />
</div>
<div class="panel-footer">
<button type="submit" class="btn btn-success"><i class="fa fa-sign-in"></i> <?php lang("view file"); ?></button>
</div>
</form>
</div>
</div>
<?php
die();
}
}
} else {
die(lang("invalid parameters", false));
}
@ -36,12 +85,12 @@ if (defined("EDIT_MODE") && EDIT_MODE == true) {
<style nonce="<?php echo $SECURE_NONCE; ?>">
<?php $pubcss = $database->get("pub_styles", ["css", "cssvars", "cssextra", "background"], ["styleid" => $pubdata["styleid"]]); ?>
.pub-content {
<?php
$pubvars = json_decode($pubcss["cssvars"], TRUE);
foreach ($pubvars as $name => $val) {
echo "--$name: $val;\n";
}
?>
<?php
$pubvars = json_decode($pubcss["cssvars"], TRUE);
foreach ($pubvars as $name => $val) {
echo "--$name: $val;\n";
}
?>
}
.pub-content {

4
lib/getpubtable.php
Unescape Escape View File

@ -82,6 +82,7 @@ $pubs = $database->select('publications', [
'stylename',
'columns',
'permname',
'pwd',
'publications.permid',
"page_size",
"sizename",
@ -121,6 +122,9 @@ for ($i = 0; $i < count($pubs); $i++) {
"size" => $pubs[$i]["sizename"],
"orientation" => ( $pubs[$i]["landscape"] == 0 ? lang("portrait", false) : lang("landscape", false) )
], false);
if (!is_empty($pubs[$i]["pwd"])) {
$pubs[$i]["permname"] = "password";
}
$pubs[$i]["visibility"] = lang("visibility " . strtolower($pubs[$i]["permname"]), false);
}
$out['pubs'] = $pubs;

24
pages/editpub.php
Unescape Escape View File

@ -30,7 +30,8 @@ if (!is_empty($VARS['id'])) {
'columns',
'permid',
'page_size',
'landscape'
'landscape',
'pwd'
], [
'pubid' => $VARS['id']
])[0];
@ -131,6 +132,9 @@ if (!is_empty($VARS['id'])) {
<?php
$perms = $database->select("pub_permissions", ['permid', 'permname']);
foreach ($perms as $p) {
if ($p['permname'] == "PASSWORD") {
continue;
}
$pi = $p['permid'];
$pn = lang("visibility " . strtolower($p['permname']), false);
$ps = $pubdata["permid"] == $pi ? " selected" : "";
@ -138,6 +142,22 @@ if (!is_empty($VARS['id'])) {
}
?>
</select>
<div class="checkbox">
<label>
<input type="checkbox" id="password_protect" name="password_protect" value="1" <?php echo is_empty($pubdata['pwd']) ? "" : "checked" ?>> <?php lang("password protect"); ?>
</label>
</div>
<?php if (is_empty($pubdata['pwd'])) { ?>
<style nonce="<?php echo $SECURE_NONCE; ?>">
#password {
display: none;
}
</style>
<?php } ?>
<div id="password">
<input type="password" name="password" value="" placeholder="<?php lang("password"); ?>" class="form-control" />
<i class="fa fa-info-circle"></i> <?php lang("anyone with link and password can view"); ?>
</div>
</div>
</div>
</div>
@ -160,7 +180,7 @@ if (!is_empty($VARS['id'])) {
<?php
if ($editing && !$cloning) {
?>
&nbsp; <button type="submit" name="gotocontent" value="1" class="btn btn-primary"><i class="fa fa-pencil"></i> <?php lang('edit content'); ?></button>
&nbsp; <button type="submit" name="gotocontent" value="1" class="btn btn-primary"><i class="fa fa-pencil"></i> <?php lang('edit content'); ?></button>
<a href="action.php?action=deletepub&source=home&pubid=<?php echo htmlspecialchars($VARS['id']); ?>" class="btn btn-danger btn-xs pull-right mgn-top-8px"><i class="fa fa-times"></i> <?php lang('delete'); ?></a>
<?php
}

12
static/js/editpub.js
Unescape Escape View File

@ -1,3 +1,11 @@
$('#name').on('input propertychange paste', function() {
$('#name').on('input propertychange paste', function () {
$('#name_title').text($('#name').val());
});
});
$('#password_protect').change(function () {
if ($(this).prop('checked')) {
$("#password").css('display', 'block');
} else {
$("#password").css('display', 'none');
}
})
Write Preview
Loading…
Cancel
Save