From 77210505c17d3d3abfba88da439c4d936c30ad04 Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Sun, 3 Dec 2017 23:21:40 -0700 Subject: [PATCH] Add full support for password protected publications (close #1) --- action.php | 16 +++++++++-- database.mwb | Bin 13070 -> 13061 bytes lang/en_us.php | 5 ++++ lib/gencontent.php | 63 ++++++++++++++++++++++++++++++++++++++----- lib/getpubtable.php | 4 +++ pages/editpub.php | 24 +++++++++++++++-- static/js/editpub.js | 12 +++++++-- 7 files changed, 111 insertions(+), 13 deletions(-) diff --git a/action.php b/action.php index b53e41d..0eba00e 100644 --- a/action.php +++ b/action.php @@ -58,13 +58,25 @@ switch ($VARS['action']) { if (!is_numeric($VARS['landscape']) || ((int) $VARS['landscape'] !== 0 && (int) $VARS['landscape'] !== 1)) { returnToSender('invalid_parameters'); } + if ($VARS['password_protect'] == 1) { + if (!is_empty($VARS['password'])) { + $password = password_hash($VARS['password'], PASSWORD_BCRYPT); + } else if (!$insert) { + $password = $database->get("publications", 'pwd', ['pubid' => $VARS['pubid']]); + } + $permission = 3; + } else { + $password = null; + $permission = $VARS['perm']; + } $data = [ 'pubname' => $VARS['name'], 'pubdate' => date("Y-m-d H:i:s"), 'styleid' => $VARS['style'], 'columns' => $VARS['columns'], - 'permid' => $VARS['perm'], + 'permid' => $permission, + 'pwd' => $password, 'page_size' => $VARS['size'], 'landscape' => $VARS['landscape'] ]; @@ -141,7 +153,7 @@ switch ($VARS['action']) { } $pubid = $database->get("tiles", "pubid", ['tileid' => $VARS['tileid']]); - + if ($database->get("publications", 'uid', ['pubid' => $pubid]) != $_SESSION['uid']) { die(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)])); } diff --git a/database.mwb b/database.mwb index 79547840207839f58672df57091b755567335131..d8d6a15bd9438724d5e1281a127422348f3c6ff0 100644 GIT binary patch delta 1968 zcmV;h2T%BpW`$-OP)h>@6aWAK2mmp*gG>AuyQ*X>0079o0{{?{K{6AuE?X*pVf^0m z)u)_&HThcWpPD6cnF*77^G9)bl-={A>PKlJKZG6?uSF;F_O`U8 zUxmdG_9uF?&EAza&_Lh6k`ce*SymXRWqnuA?{gV-UEg&Vv$0Hhr3jZhm5IGrH2oN7 zSs9pbSm#QaL z%dPk~PYSd6zLa6`5S$dh=d@0U^~(2M*I$m3qJ;a2(!f?bM0;Pl^*lZgef;$oVS35w zpZ-5kO9KRxS~41wuqzV@F}8zCdJP^*E0fGC7=O)g97Ptdp0+(?VDLtfHAGRMIKajz zK=RJiPui86jms%-*mUTs(!EBRn@QRy?VX&#!_=&pzZeBVgOSx2BHYO1R(%m z&VQXJ!98T|9NU+Uz=JUd>fe7o?rz58f92_u@z3#3@%Qm}!(>1}!2bt-IN>f&mffY2 zD`Yu#mx)p}SLFB~z#Rbr0gnXEMdj0A!QHe)e_(oj(=uuRUx2pPZNvUMEw|)v42vp- z{{INv5fBh?98if*M?>|G^7Vhjst*VVIDa+>`X3N*jP*bM1(ZsCQ0m8j122GQLyrXf z#<+7eD%Z}Oi9Q-12-z~%E^S;|U0K-uQ(9PEoL^sr>+>%!EyCSQSgq9SaDA)UhlL1K zJtGE2LwOsn^iAhVvp*1PH}Z{aoFu$pFYHpZyUxOd%pg3I7eYj4X=4^;)ylbQ1%DQ} z*)+E{I-+gz#QNg3_49ir+oC7h8!cD={UtkVZ!Ez*jFf0&Hww7}CEe}8AtkEYZkx{F zztnbV_2TREt8c>B7T<*bdEkAIyq7gytxVTT6Ses>5omU_+1YjT#f?F?NN?m6j^q(&^^9I3<-o2Z@yp>5taJ# z6UtH|k;wVjgKv;h#LCQtbgNYhz%9bbs6L2(0)F?c)yCSRP&QrYck z)0>58dk6Nrt){ayT0*@&x76&IdAQvY&CW0f4w*BZQW;FXUp~EtWp}6E-x9ie%UK;x zyq?#A@;mCz-gPO?CFhIZOn*kF=bVM1b+dDQ7N*-fb8Cg*V$0lgRtvn{z0q@)L1&O# z2Dh4nEhyly>KXU2IInc2w6Ot*$d>fuB#i&ZPFP|X85cMB8qBS9!`tvQ48DXg} zKU0k)p`7~ic`A^w#DDw6Fa+~d3GM4&B!nl}WKJ6x-t`wa*XS_&-)U(a-v#jx@jv6c z@i$@W3hj`hi2nry9A5cw=qiE?Nj5!Ogf+9M%Hc<>@uGkbD3vr zQ{?g*Tr$^1i_g$z2a#synLI){U8|+8F;$HsNaDx0RuGa}Up}UsHk8cm5%J*o#Rn57h8;VMUsz@lRT)3(pZRdA zqaEuba&Wy>MoOA6--aj1=u~9NtKm6caNDpV^W~#NQDHFk<`a}AG}C?qQN;gCUjTOm z1pIy{;z`Q>iCCmsN@np<-_ZGRCP(KBACUv|g~%k9LK5Ha`Gj^q%ZxYQ%G4SzeEE_| zB?a~4PyY%~O928D0~7!N00;mvwu4Lj7rUyHDl%vZF}8zCdJP^*E0dctGyx5h&@w*R C>)68p delta 1964 zcmV;d2UGZkW{zeOP)h>@6aWAK2mnx@gG<8%BAKxgcPf7&|Gn+0Q7O#A6BYCh`?>RP zDNw1&*INJ7EQ!lZnB1E`io>Jqo*z{|N)!1Z^r(0(I+3@xr7is`EQYW@(VK1duDpQ; z`u>%S_zlmp!ayzSyLx_~%c$%6uDh6xWy&i>xZJ5s?8Tz#$2iN%z|q~agbja;O~bNHEB|KrrfaV#-c$doPgQjbL1X!Uj%B&nb4-ko?~6Yft|5LhUC(iz z-()Dg>AFl=+QqAGbHv)hi(cq@zL%UXvKwY`k|iX{R29BdJ+WGD#lLw{n8o*{41OHTjv{{c`-0|b*%G8&Vx zD-#I6c+ z7~9xR3>WPBj7Q9ecV?0}2P6ovD=ysjH*niMvi|`gae`lfIItHab}w+Cy2svl@Y*S) zfEHZObhqo{dCOf@{Z_wky}ka*Qfp|S?e#li2vaZtq6j<-Apl_Bf1PK+ePr&OIFygT zgE0^4U;lH`B_`u9^ZeQP+xS26*YUqb*?@q6p9hbgahKnf-KCN%WI1-1sZupp{B|2g-H2r~T8#RPaL)-6l;NZ_~_sZWIRaFZ8|2J?)KtRB0KqWpO zjnqHN-~VG)eLz6Kf2l#x|A2r~tpD+Mpi~-w(jfi>JPn=e~<`9?NQ5?-(u_9@z3=V3zT5T45`AtLj%F^{rp>*vdb`78YE-Y&G2P++Xl-@v+RM$g*WgQw zufhM`@S$5iD4MNSX6vP?TJu5#T3v1S_T7AOYuGFDTl<5#h4vHq2H-@o{}*k7XtVSo zcq%-c4+-!6e?BhPu3wMd|6}pMGRBgIz^bk(M|FfuR_8)C>XtB_5MdHdsSjsjOgpxH zM7H6j?X7KiTlCeA=wF80h6+KEWhV>W=Uc>(KsfQ{3nmd!sV_gFEF}_&oR2;D1}R0X z%zXKXYK#%HIY0H_r^Zs;kclr}H&lZQ?ago43}wnXe}0D8h%bWwQ)t*&Xp-L`0TMg#VEXOy`E@LNd-cJN(7ij(>Tu%qybYA6s5|>NrMQ$_ zE`D&24A3z`MO$eP_B*xc_q)J=F4ff?TYB)oTc=HA3oRZXwKl|?U6UD&(wO0&mnlOpA;wK6Fa3;qG z)<@*Xz@|({rWo_>c&ZemD%HMxf(%2{f8vPNglOu|w@7A$rM~=3HIjsK>dWV;K*AF5 ze+R=5%u^+_uYZvco?w$XZD4rcU*KG$C(#8tBcQFTdtP!EM9G{uWzobJy(fbwuV+VmlxMU{4XHj^djhgK)~tN z|5Efgh#rs2(ci;(jN=_URk+!I8HMo_f95vTR-NR!`EbsRyV*V>N8D`18mT4L+s#%w zlU!%sZm`A;teH)``P^bck@DW}&hAPI`5bL^5ovXw$Rm`qwOZi@jDM}2J`PQvC?$Z_@&Tq$G3qB%8KjUd6l4Gq- z7COY2n5sq*B=O^0D+o!gFCSA*8%pN(h "People with accounts", "visibility link" => "Anyone with the link", "visibility password" => "Anyone with the link and password", + "password protect" => "Password protect", + "anyone with link and password can view" => "When a password is set, anyone with the link and password can view the publication.", + "enter password to view file" => "Enter password to view file", + "view file" => "View File", + "password incorrect" => "Password incorrect." ]); \ No newline at end of file diff --git a/lib/gencontent.php b/lib/gencontent.php index 2603096..65de7e7 100644 --- a/lib/gencontent.php +++ b/lib/gencontent.php @@ -5,7 +5,7 @@ if (!defined("IN_NEWSPEN")) { if (is_numeric($VARS['pubid'])) { if ($database->has('publications', ['pubid' => $VARS['pubid']])) { $pub = $VARS['pubid']; - $pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname"], ["pubid" => $pub]); + $pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname", "pwd"], ["pubid" => $pub]); if ($pubdata["permname"] != "LINK") { dieifnotloggedin(); } @@ -14,6 +14,55 @@ if (!defined("IN_NEWSPEN")) { die(lang("no permission")); } } + if ($pubdata['permname'] == "LINK" && !is_empty($pubdata['pwd']) && $_SESSION['loggedin'] != true) { + $passok = false; + $passfail = false; + if (isset($VARS['password'])) { + $passok = password_verify($VARS['password'], $pubdata['pwd']); + $passfail = !$passok; + } + if (!$passok) { + ?> + + + + <?php echo htmlspecialchars($pubdata["pubname"] . " | " . date("Y-m-d", strtotime($pubdata["pubdate"]))); ?> + + + +
+
+
+
+
+ +
+
+ +
+ +
+ + " /> + +
+
+ +
+
+
+
+ "> get("pub_styles", ["css", "cssvars", "cssextra", "background"], ["styleid" => $pubdata["styleid"]]); ?> .pub-content { - $val) { - echo "--$name: $val;\n"; - } - ?> + $val) { + echo "--$name: $val;\n"; +} +?> } .pub-content { diff --git a/lib/getpubtable.php b/lib/getpubtable.php index c8237e6..08a521a 100644 --- a/lib/getpubtable.php +++ b/lib/getpubtable.php @@ -82,6 +82,7 @@ $pubs = $database->select('publications', [ 'stylename', 'columns', 'permname', + 'pwd', 'publications.permid', "page_size", "sizename", @@ -121,6 +122,9 @@ for ($i = 0; $i < count($pubs); $i++) { "size" => $pubs[$i]["sizename"], "orientation" => ( $pubs[$i]["landscape"] == 0 ? lang("portrait", false) : lang("landscape", false) ) ], false); + if (!is_empty($pubs[$i]["pwd"])) { + $pubs[$i]["permname"] = "password"; + } $pubs[$i]["visibility"] = lang("visibility " . strtolower($pubs[$i]["permname"]), false); } $out['pubs'] = $pubs; diff --git a/pages/editpub.php b/pages/editpub.php index caeaae2..d6b272a 100644 --- a/pages/editpub.php +++ b/pages/editpub.php @@ -30,7 +30,8 @@ if (!is_empty($VARS['id'])) { 'columns', 'permid', 'page_size', - 'landscape' + 'landscape', + 'pwd' ], [ 'pubid' => $VARS['id'] ])[0]; @@ -131,6 +132,9 @@ if (!is_empty($VARS['id'])) { select("pub_permissions", ['permid', 'permname']); foreach ($perms as $p) { + if ($p['permname'] == "PASSWORD") { + continue; + } $pi = $p['permid']; $pn = lang("visibility " . strtolower($p['permname']), false); $ps = $pubdata["permid"] == $pi ? " selected" : ""; @@ -138,6 +142,22 @@ if (!is_empty($VARS['id'])) { } ?> +
+ +
+ + + +
+ " class="form-control" /> + +
@@ -160,7 +180,7 @@ if (!is_empty($VARS['id'])) { -   +