From da50e51b98ba0901d6251b7f36e138ac6f63518d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Mon, 8 Oct 2012 17:27:14 +0000 Subject: [PATCH] Sub id tracking continued: - destroyMemberSession() does now accept optional $destroy parameter which will call session_destroy() instead of deleting member session entries - Added sub modules for sub id tracking (with extra checks) - Introduced isUserSubIdAssignedCurrentMember() - TODOs.txt updated --- .gitattributes | 2 ++ DOCS/TODOs.txt | 1 + inc/language/user_de.php | 6 ++++ inc/libs/user_functions.php | 12 ++++++++ inc/modules/member/subid- | 48 ++++++++++++++++++++++++++++++ inc/modules/member/subid-stats.php | 48 ++++++++++++++++++++++++++++++ inc/modules/member/what-logout.php | 4 ++- inc/modules/member/what-subids.php | 18 +++++++++++ inc/session-functions.php | 9 ++++-- 9 files changed, 145 insertions(+), 3 deletions(-) create mode 100644 inc/modules/member/subid- create mode 100644 inc/modules/member/subid-stats.php diff --git a/.gitattributes b/.gitattributes index 483585893d..a1cfd2f845 100644 --- a/.gitattributes +++ b/.gitattributes @@ -687,6 +687,8 @@ inc/modules/member/action-rals.php svneol=native#text/plain inc/modules/member/action-stats.php svneol=native#text/plain inc/modules/member/action-surfbar.php svneol=native#text/plain inc/modules/member/action-themes.php svneol=native#text/plain +inc/modules/member/subid- svneol=native#text/plain +inc/modules/member/subid-stats.php svneol=native#text/plain inc/modules/member/what- svneol=native#text/plain inc/modules/member/what-bank_create.php svneol=native#text/plain inc/modules/member/what-bank_deposit.php svneol=native#text/plain diff --git a/DOCS/TODOs.txt b/DOCS/TODOs.txt index c48e27b405..f2be12a997 100644 --- a/DOCS/TODOs.txt +++ b/DOCS/TODOs.txt @@ -156,6 +156,7 @@ ./inc/modules/member/what-beg.php:54:// @TODO Can't this be moved into EL? ./inc/modules/member/what-beg.php:63:// @TODO No more needed? define('__BEG_USERID_TIMEOUT', createFancyTime(getBegUseridTimeout())); ./inc/modules/member/what-logout.php:17: * @TODO Rewrite the code to a filter * +./inc/modules/member/what-logout.php:52: // @TODO Move this in a filter, e.g. member_logout ./inc/modules/member/what-order.php:471: // @TODO Rewrite this to a filter ./inc/modules/member/what-order.php:84: // @TODO Rewrite this to SQL_FETCHARRAY() ./inc/modules/member/what-payout.php:194: // @TODO Rewrite this to a filter diff --git a/inc/language/user_de.php b/inc/language/user_de.php index 2a4e3943ad..c027a56d6c 100644 --- a/inc/language/user_de.php +++ b/inc/language/user_de.php @@ -126,8 +126,14 @@ addMessages(array( 'MEMBER_USER_SUBID_STATS_LINK' => "Aufrufstatistiken", 'MEMBER_USER_SUBID_ADDED' => "Sub-Id hinzugefügt", 'MEMBER_CHANGE_USER_SUBID' => "Geben Sie eine neue ein:", + 'MEMBER_INVALID_DO_USER_SUBID' => "Ungültiges Sub-Modul aufgerufen! Sollten Sie der Meinung sein, dies ist ein Fehler, so teilen Sie bitte dem Support mit, wie es zu dieser Meldung gekommen ist.", + 'MEMBER_USER_SUBID_NOT_ASSIGNED_404' => "Die angegebene Sub-Id-Kennung ist Ihrem Mitgliedsaccount nicht zugewiesen oder existiert nicht.", + + // Member - sub ids - submit buttons 'MEMBER_USER_SUBIDS_CHANGE_SUBMIT' => "Sub-Ids ändern", 'MEMBER_USER_SUBIDS_REMOVE_SUBMIT' => "Sub-Ids löschen", + + // Member - sub ids - notices 'MEMBER_EDIT_USER_SUBIDS_NOTICE' => "Wenn Sie doch nichts ändern wollen, klicken Sie einfach auf {--MEMBER_USER_SUBIDS_CHANGE_SUBMIT--} oder in der Navigation {--YOU_ARE_HERE--} auf Sub-Id Tracking.", 'MEMBER_DELETE_USER_SUBIDS_NOTICE' => "Wollen Sie die oben aufgeführte(n) Sub-Id(s) wirklich löschen? Dieses ist nicht umkehrbar! Die Statistik dazu bleibt noch eine Weile gespeichert, ist aber nicht mehr aus der Auswahl aufrufbar (Sie können sich ja den Link notieren?).", diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php index 06d621c0a8..e31d35a016 100644 --- a/inc/libs/user_functions.php +++ b/inc/libs/user_functions.php @@ -823,6 +823,18 @@ function prepareSubId ($subId) { return $subId; } +// Check whether given sub *id* is assigned to current member +function isUserSubIdAssignedToMember ($subId) { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__][$subId])) { + // Determine it + $GLOBALS[__FUNCTION__][$subId] = ((isMember()) && (countSumTotalData(getMemberId(), 'user_subids', 'id', 'userid', true, sprintf(" AND `id`=%s", bigintval($subId))) == 1)); + } // END - if + + // Return cache + return $GLOBALS[__FUNCTION__][$subId]; +} + //----------------------------------------------------------------------------- // EL code functions //----------------------------------------------------------------------------- diff --git a/inc/modules/member/subid- b/inc/modules/member/subid- new file mode 100644 index 0000000000..cae88124a2 --- /dev/null +++ b/inc/modules/member/subid- @@ -0,0 +1,48 @@ + diff --git a/inc/modules/member/subid-stats.php b/inc/modules/member/subid-stats.php new file mode 100644 index 0000000000..d9d3649e0e --- /dev/null +++ b/inc/modules/member/subid-stats.php @@ -0,0 +1,48 @@ + diff --git a/inc/modules/member/what-logout.php b/inc/modules/member/what-logout.php index 7bc1b6cd85..444063102b 100644 --- a/inc/modules/member/what-logout.php +++ b/inc/modules/member/what-logout.php @@ -46,8 +46,10 @@ if (!defined('__SECURITY')) { // Base URL for redirection (both cases) $url = 'modules.php?module=index&code='; -if (destroyMemberSession()) { +// Do the logout but keep session if current user is also admin +if (destroyMemberSession(!isAdmin())) { // Remove theme cookie as well + // @TODO Move this in a filter, e.g. member_logout if (isExtensionActive('theme')) { setMailerTheme(''); } // END - if diff --git a/inc/modules/member/what-subids.php b/inc/modules/member/what-subids.php index 335e90d457..61f295ae03 100644 --- a/inc/modules/member/what-subids.php +++ b/inc/modules/member/what-subids.php @@ -89,6 +89,24 @@ if (isFormSent('add_subid')) { } elseif (isFormSent('do_delete')) { // Remove entries from database showEntriesByXmlCallback('member_delete_do_user_subid'); +} elseif ((isGetRequestElementSet('do')) && (isGetRequestElementSet('id'))) { + // Construct module name + $incFile = sprintf("inc/modules/member/subid-%s.php", SQL_ESCAPE(getRequestElement('do'))); + + // Is the include readable and is the sub id assigned to current member? + if (!isUserSubIdAssignedToMember(getRequestElement('id'))) { + // Sub id is not assigned to current member or doesn't exist + displayMessage('{--MEMBER_USER_SUBID_NOT_ASSIGNED_404--}'); + } elseif (isIncludeReadable($incFile)) { + // Then include it + loadIncludeOnce($incFile); + + // Do not show the list of URLs after this template + $show = false; + } else { + // Display error message + displayMessage('{--MEMBER_INVALID_DO_USER_SUBID--}'); + } } // Show entries? diff --git a/inc/session-functions.php b/inc/session-functions.php index 706a483c1c..dc6c3ff872 100644 --- a/inc/session-functions.php +++ b/inc/session-functions.php @@ -115,12 +115,17 @@ function getSessionArray () { } // Destroy user session -function destroyMemberSession () { +function destroyMemberSession ($destroy = false) { // Reset userid initMemberId(); // Remove all user data from session - return ((setSession('userid', '')) && (setSession('u_hash', ''))); + if ($destroy === true) { + // Destroy whole session + return session_destroy(); + } else { + return ((setSession('userid', '')) && (setSession('u_hash', ''))); + } } // Destroys the admin session -- 2.39.5