diff --git a/alltags.php b/alltags.php index dc84cf3..45b13ab 100644 --- a/alltags.php +++ b/alltags.php @@ -1,23 +1,23 @@ isLoggedOn()) { - $hashtext .= $userservice->getCurrentUserID(); - } - $hash = md5($hashtext); + // Generate hash for caching on + $hashtext = $_SERVER['REQUEST_URI']; + if ($userservice->isLoggedOn()) { + $hashtext .= $userservice->getCurrentUserID(); + } + $hash = md5($hashtext); - // Cache for an hour - $cacheservice->Start($hash, 3600); + // Cache for an hour + $cacheservice->Start($hash, 3600); } // Header variables $pagetitle = T_('All Tags'); if (isset($user) && $user != '') { - if (is_int($user)) { - $userid = intval($user); - } else { - if ($userinfo = $userservice->getObjectUserByUsername($user)) { - $userid = $userinfo->getId(); - } else { - $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); - $templateservice->loadTemplate('error.404.tpl', $tplVars); - //throw a 404 error - exit(); - } - } - $pagetitle .= ': '. ucfirst($user); + + $userid = $userservice->getIdFromUser($user); + if($userid == NULL) { + $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); + } + + $pagetitle .= ': '. ucfirst($user); } else { - $userid = NULL; + $userid = NULL; } $tags =& $b2tservice->getTags($userid); -$tplVars['tags'] =& $b2tservice->tagCloud($tags, 5, 90, 225, getSortOrder()); +$tplVars['tags'] =& $b2tservice->tagCloud($tags, 5, 90, 225, getSortOrder()); $tplVars['user'] = $user; if (isset($userid)) { - $tplVars['cat_url'] = createURL('bookmarks', '%s/%s'); + $tplVars['cat_url'] = createURL('bookmarks', '%s/%s'); } else { - $tplVars['cat_url'] = createURL('tags', '%2$s'); + $tplVars['cat_url'] = createURL('tags', '%2$s'); } $tplVars['sidebar_blocks'] = array('linked'); @@ -84,7 +80,7 @@ $tplVars['subtitle'] = $pagetitle; $templateservice->loadTemplate('tags.tpl', $tplVars); if ($usecache) { - // Cache output if existing copy has expired - $cacheservice->End($hash); + // Cache output if existing copy has expired + $cacheservice->End($hash); } ?> diff --git a/password.php b/password.php index 430a355..b173978 100644 --- a/password.php +++ b/password.php @@ -44,7 +44,7 @@ if (POST_SUBMITTED != '') { // NO MATCH $userinfo = $userservice->getObjectUserByUsername(POST_USERNAME); - if ($userinfo == '') { + if ($userinfo == NULL) { $tplVars['error'] = T_('No matches found for that username.'); } elseif (POST_EMAIL != $userinfo->getEmail()) { diff --git a/populartags.php b/populartags.php index c20cabc..7938027 100644 --- a/populartags.php +++ b/populartags.php @@ -1,23 +1,23 @@ isLoggedOn()) { - $hashtext .= $currentUser->getId(); - if ($currentUser->getUsername() == $user) { - $hashtext .= $user; - } - } - $hash = md5($hashtext); + // Generate hash for caching on + $hashtext = $_SERVER['REQUEST_URI']; + if ($userservice->isLoggedOn()) { + $hashtext .= $currentUser->getId(); + if ($currentUser->getUsername() == $user) { + $hashtext .= $user; + } + } + $hash = md5($hashtext); - // Cache for an hour - $cacheservice->Start($hash, 3600); + // Cache for an hour + $cacheservice->Start($hash, 3600); } // Header variables $pagetitle = T_('Popular Tags'); if (isset($user) && $user != '') { - if (is_int($user)) { - $userid = intval($user); - } else { - $userinfo = $userservice->getObjectUserByUsername($user); - if ($userinfo != '') { - $userid = $userinfo->getId(); - } else { - $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); - $templateservice->loadTemplate('error.404.tpl', $tplVars); - //throw a 404 error - exit(); - } - } - $pagetitle .= ': '. ucfirst($user); + + $userid = $userservice->getIdFromUser($user); + if($userid == NULL) { + $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + //throw a 404 error + exit(); + } + + $pagetitle .= ': '. ucfirst($user); } else { - $userid = NULL; + $userid = NULL; } $tags = $b2tservice->getPopularTags($userid, 150); -$tplVars['tags'] =& $b2tservice->tagCloud($tags, 5, 90, 225, getSortOrder('alphabet_asc')); +$tplVars['tags'] =& $b2tservice->tagCloud($tags, 5, 90, 225, getSortOrder('alphabet_asc')); $tplVars['user'] = $user; if (isset($userid)) { - $tplVars['cat_url'] = createURL('bookmarks', '%s/%s'); + $tplVars['cat_url'] = createURL('bookmarks', '%s/%s'); } else { - $tplVars['cat_url'] = createURL('tags', '%2$s'); + $tplVars['cat_url'] = createURL('tags', '%2$s'); } $tplVars['sidebar_blocks'] = array('linked'); @@ -81,8 +77,8 @@ $tplVars['loadjs'] = true; $templateservice->loadTemplate('tags.tpl', $tplVars); -if ($usecache) { - // Cache output if existing copy has expired - $cacheservice->End($hash); +if ($usecache) { + // Cache output if existing copy has expired + $cacheservice->End($hash); } ?> diff --git a/profile.php b/profile.php index 56d6515..2d00101 100644 --- a/profile.php +++ b/profile.php @@ -1,23 +1,23 @@ getObjectUserByUsername($user); - if ($userinfo == '') { - $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); - $templateservice->loadTemplate('error.404.tpl', $tplVars); - exit(); - } else { - $userid =& $userinfo->getId(); - } - } + + if (is_int($user)) { + $userid = intval($user); + } else { + $user = urldecode($user); + $userinfo = $userservice->getObjectUserByUsername($user); + if ($userinfo == NULL) { + $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); + } else { + $userid =& $userinfo->getId(); + } + } } else { - $tplVars['error'] = T_('Username was not specified'); - $templateservice->loadTemplate('error.404.tpl', $tplVars); - exit(); + $tplVars['error'] = T_('Username was not specified'); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); } if ($userservice->isLoggedOn() && $user == $currentUser->getUsername()) { - $title = T_('My Profile'); + $title = T_('My Profile'); } else { - $title = T_('Profile') .': '. $user; + $title = T_('Profile') .': '. $user; } $tplVars['pagetitle'] = $title; $tplVars['subtitle'] = $title; @@ -72,55 +73,55 @@ $tplVars['user'] = $user; $tplVars['userid'] = $userid; if (POST_SUBMITTED!='' && $currentUser->getId() == $userid) { - $error = false; - $detPass = trim(POST_PASS); - $detPassConf = trim(POST_PASSCONF); - $detName = trim(POST_NAME); - $detMail = trim(POST_MAIL); - $detPage = trim(POST_PAGE); - $detDesc = filter(POST_DESC); - - // manage token preventing from CSRF vulnaribilities - if ( SESSION_TOKEN == '' - || time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal - || SESSION_TOKEN != POST_TOKEN) { - $error = true; - $tplVars['error'] = T_('Invalid Token'); - } - - if ($detPass != $detPassConf) { - $error = true; - $tplVars['error'] = T_('Password and confirmation do not match.'); - } - if ($detPass != "" && strlen($detPass) < 6) { - $error = true; - $tplVars['error'] = T_('Password must be at least 6 characters long.'); - } - if (!$userservice->isValidEmail($detMail)) { - $error = true; - $tplVars['error'] = T_('E-mail address is not valid.'); - } - if (!$error) { - if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) { - $tplvars['error'] = T_('An error occurred while saving your changes.'); - } else { - $tplVars['msg'] = T_('Changes saved.'); - } - } - $userinfo = $userservice->getObjectUserByUsername($user); + $error = false; + $detPass = trim(POST_PASS); + $detPassConf = trim(POST_PASSCONF); + $detName = trim(POST_NAME); + $detMail = trim(POST_MAIL); + $detPage = trim(POST_PAGE); + $detDesc = filter(POST_DESC); + + // manage token preventing from CSRF vulnaribilities + if ( SESSION_TOKEN == '' + || time() - SESSION_TOKENSTAMP > 600 //limit token lifetime, optionnal + || SESSION_TOKEN != POST_TOKEN) { + $error = true; + $tplVars['error'] = T_('Invalid Token'); + } + + if ($detPass != $detPassConf) { + $error = true; + $tplVars['error'] = T_('Password and confirmation do not match.'); + } + if ($detPass != "" && strlen($detPass) < 6) { + $error = true; + $tplVars['error'] = T_('Password must be at least 6 characters long.'); + } + if (!$userservice->isValidEmail($detMail)) { + $error = true; + $tplVars['error'] = T_('E-mail address is not valid.'); + } + if (!$error) { + if (!$userservice->updateUser($userid, $detPass, $detName, $detMail, $detPage, $detDesc)) { + $tplvars['error'] = T_('An error occurred while saving your changes.'); + } else { + $tplVars['msg'] = T_('Changes saved.'); + } + } + $userinfo = $userservice->getObjectUserByUsername($user); } if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) { - $templatename = 'profile.tpl.php'; + $templatename = 'profile.tpl.php'; } else { //Token Init $_SESSION['token'] = md5(uniqid(rand(), true)); $_SESSION['token_stamp'] = time(); - - $templatename = 'editprofile.tpl.php'; - $tplVars['formaction'] = createURL('profile', $user); - $tplVars['token'] = $_SESSION['token']; - + + $templatename = 'editprofile.tpl.php'; + $tplVars['formaction'] = createURL('profile', $user); + $tplVars['token'] = $_SESSION['token']; + } $tplVars['objectUser'] = $userinfo; diff --git a/search.php b/search.php index 56a910f..122e1e2 100644 --- a/search.php +++ b/search.php @@ -95,18 +95,14 @@ if (POST_TERMS != '') { } if (isset($s_user)) { - if (is_numeric($s_user)) { - $s_user = intval($s_user); - } else { - $userinfo = $userservice->getObjectUserByUsername($s_user); - if ($userinfo == '' ) { - $tplVars['error'] = sprintf(T_('User with username %s was not found'), $s_user); - $templateservice->loadTemplate('error.404.tpl', $tplVars); - exit(); - } else { - $s_user =& $userinfo->getId(); - } + + $s_user = $userservice->getIdFromUser($s_user); + if($s_user == NULL) { + $tplVars['error'] = sprintf(T_('User with username %s was not found'), $s_user); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); } + } } $bookmarks =& $bookmarkservice->getBookmarks($start, $perpage, $s_user, NULL, $terms, getSortOrder(), $s_watchlist, $s_start, $s_end); diff --git a/services/userservice.php b/services/userservice.php index fa0d5c9..21b9136 100644 --- a/services/userservice.php +++ b/services/userservice.php @@ -127,7 +127,25 @@ class UserService { function getObjectUserByUsername($username) { $user = $this->_getuser($this->getFieldName('username'), $username); - return new User($user[$this->getFieldName('primary')], $username); + if($user != false) { + return new User($user[$this->getFieldName('primary')], $username); + } else { + return NULL; + } + } + + /* Takes an numerical "id" or a string "username" + and returns the numerical "id" if the user exists else returns NULL */ + function getIdFromUser($user) { + if (is_int($user)) { + return intval($user); + } else { + $objectUser = $this->getObjectUserByUsername($user); + if($objectUser != NULL) { + return $objectUser->getId(); + } + } + return NULL; } function getUser($id) { @@ -465,7 +483,7 @@ class UserService { // Check if the email domain has a DNS record //if ($this->_checkdns($emailDomain)) { - return true; + return true; //} } return false; @@ -520,7 +538,7 @@ class User { } return $this->name; } - + function getEmail() { // Look for value only if not already set if(!isset($this->email)) { @@ -540,7 +558,7 @@ class User { } return $this->homepage; } - + function getContent() { // Look for value only if not already set if(!isset($this->content)) { @@ -549,7 +567,7 @@ class User { $this->content = $user['uContent']; } return $this->content; - } + } function getDatetime() { // Look for value only if not already set diff --git a/watch.php b/watch.php index 9fc480b..841317d 100644 --- a/watch.php +++ b/watch.php @@ -34,17 +34,12 @@ $currentUser = $userservice->getCurrentObjectUser(); if ($userservice->isLoggedOn() && $user) { $pagetitle = ''; - if (is_int($user)) { - $userid = intval($user); - } else { - $userinfo = $userservice->getObjectUserByUsername($user); - if ($userinfo == '') { - $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); - $templateservice->loadTemplate('error.404.tpl', $tplVars); - exit(); - } else { - $userid =& $userinfo->getId(); - } + $userid = $userservice->getIdFromUser($user); + + if($userid == NULL) { + $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); + $templateservice->loadTemplate('error.404.tpl', $tplVars); + exit(); } $watched = $userservice->getWatchStatus($userid, $currentUser->getId()); diff --git a/watchlist.php b/watchlist.php index d824937..2cdb5ff 100644 --- a/watchlist.php +++ b/watchlist.php @@ -56,7 +56,7 @@ if ($user) { $userid = intval($user); } else { $userinfo = $userservice->getObjectUserByUsername($user); - if ($userinfo == '' ) { + if ($userinfo == NULL ) { // Throw a 404 error $tplVars['error'] = sprintf(T_('User with username %s was not found'), $user); $templateservice->loadTemplate('error.404.tpl', $tplVars);