Business/NewsPen
2
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Add full support for password protected publications (close #1)

Browse Source
This commit is contained in:
Skylar Ittner 2017-12-03 23:21:40 -07:00
parent eb959cba9b
commit 77210505c1
7 changed files with 111 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
action.php
View File

@ -58,13 +58,25 @@ switch ($VARS['action']) {
if (!is_numeric($VARS['landscape']) || ((int) $VARS['landscape'] !== 0 && (int) $VARS['landscape'] !== 1)) { if (!is_numeric($VARS['landscape']) || ((int) $VARS['landscape'] !== 0 && (int) $VARS['landscape'] !== 1)) {
returnToSender('invalid_parameters'); returnToSender('invalid_parameters');
} }
if ($VARS['password_protect'] == 1) {
if (!is_empty($VARS['password'])) {
$password = password_hash($VARS['password'], PASSWORD_BCRYPT);
} else if (!$insert) {
$password = $database->get("publications", 'pwd', ['pubid' => $VARS['pubid']]);
}
$permission = 3;
} else {
$password = null;
$permission = $VARS['perm'];
}
$data = [ $data = [
'pubname' => $VARS['name'], 'pubname' => $VARS['name'],
'pubdate' => date("Y-m-d H:i:s"), 'pubdate' => date("Y-m-d H:i:s"),
'styleid' => $VARS['style'], 'styleid' => $VARS['style'],
'columns' => $VARS['columns'], 'columns' => $VARS['columns'],
'permid' => $VARS['perm'], 'permid' => $permission,
'pwd' => $password,
'page_size' => $VARS['size'], 'page_size' => $VARS['size'],
'landscape' => $VARS['landscape'] 'landscape' => $VARS['landscape']
]; ];

BIN
database.mwb
View File

Binary file not shown.

5
lang/en_us.php
View File

@ -66,4 +66,9 @@ define("STRINGS", [
"visibility loggedin" => "People with accounts", "visibility loggedin" => "People with accounts",
"visibility link" => "Anyone with the link", "visibility link" => "Anyone with the link",
"visibility password" => "Anyone with the link and password", "visibility password" => "Anyone with the link and password",
"password protect" => "Password protect",
"anyone with link and password can view" => "When a password is set, anyone with the link and password can view the publication.",
"enter password to view file" => "Enter password to view file",
"view file" => "View File",
"password incorrect" => "Password incorrect."
]); ]);

51
lib/gencontent.php
View File

@ -5,7 +5,7 @@ if (!defined("IN_NEWSPEN")) {
if (is_numeric($VARS['pubid'])) { if (is_numeric($VARS['pubid'])) {
if ($database->has('publications', ['pubid' => $VARS['pubid']])) { if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
$pub = $VARS['pubid']; $pub = $VARS['pubid'];
$pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname"], ["pubid" => $pub]); $pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname", "pwd"], ["pubid" => $pub]);
if ($pubdata["permname"] != "LINK") { if ($pubdata["permname"] != "LINK") {
dieifnotloggedin(); dieifnotloggedin();
} }
@ -14,6 +14,55 @@ if (!defined("IN_NEWSPEN")) {
die(lang("no permission")); die(lang("no permission"));
} }
} }
if ($pubdata['permname'] == "LINK" && !is_empty($pubdata['pwd']) && $_SESSION['loggedin'] != true) {
$passok = false;
$passfail = false;
if (isset($VARS['password'])) {
$passok = password_verify($VARS['password'], $pubdata['pwd']);
$passfail = !$passok;
}
if (!$passok) {
?>
<!DOCTYPE html>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?php echo htmlspecialchars($pubdata["pubname"] . " | " . date("Y-m-d", strtotime($pubdata["pubdate"]))); ?></title>
<link href="../static/css/bootstrap.min.css" rel="stylesheet">
<link href="../static/css/font-awesome.min.css" rel="stylesheet">
<style nonce="<?php echo $SECURE_NONCE; ?>">
#heading {
background-color: #673ab7;
}
</style>
<br />
<div class="row">
<div class="col-xs-12 col-sm-4 col-sm-offset-4">
<form action="gencontent.php" method="POST" class="panel panel-info">
<div class="panel-heading" id="heading">
<label class="panel-title" for="password"><i class="fa fa-lock"></i> <?php lang("enter password to view file"); ?></label>
</div>
<div class="panel-body">
<?php if ($passfail) {
?>
<div class="alert alert-danger">
<i class="fa fa-times"></i> <?php lang("password incorrect"); ?>
</div>
<?php
}
?>
<input type="password" name="password" class="form-control" placeholder="<?php lang("password"); ?>" />
<input type="hidden" name="pubid" value="<?php echo $pub; ?>" />
</div>
<div class="panel-footer">
<button type="submit" class="btn btn-success"><i class="fa fa-sign-in"></i> <?php lang("view file"); ?></button>
</div>
</form>
</div>
</div>
<?php
die();
}
}
} else { } else {
die(lang("invalid parameters", false)); die(lang("invalid parameters", false));
} }

4
lib/getpubtable.php
View File

@ -82,6 +82,7 @@ $pubs = $database->select('publications', [
'stylename', 'stylename',
'columns', 'columns',
'permname', 'permname',
'pwd',
'publications.permid', 'publications.permid',
"page_size", "page_size",
"sizename", "sizename",
@ -121,6 +122,9 @@ for ($i = 0; $i < count($pubs); $i++) {
"size" => $pubs[$i]["sizename"], "size" => $pubs[$i]["sizename"],
"orientation" => ( $pubs[$i]["landscape"] == 0 ? lang("portrait", false) : lang("landscape", false) ) "orientation" => ( $pubs[$i]["landscape"] == 0 ? lang("portrait", false) : lang("landscape", false) )
], false); ], false);
if (!is_empty($pubs[$i]["pwd"])) {
$pubs[$i]["permname"] = "password";
}
$pubs[$i]["visibility"] = lang("visibility " . strtolower($pubs[$i]["permname"]), false); $pubs[$i]["visibility"] = lang("visibility " . strtolower($pubs[$i]["permname"]), false);
} }
$out['pubs'] = $pubs; $out['pubs'] = $pubs;

22
pages/editpub.php
View File

@ -30,7 +30,8 @@ if (!is_empty($VARS['id'])) {
'columns', 'columns',
'permid', 'permid',
'page_size', 'page_size',
'landscape' 'landscape',
'pwd'
], [ ], [
'pubid' => $VARS['id'] 'pubid' => $VARS['id']
])[0]; ])[0];
@ -131,6 +132,9 @@ if (!is_empty($VARS['id'])) {
<?php <?php
$perms = $database->select("pub_permissions", ['permid', 'permname']); $perms = $database->select("pub_permissions", ['permid', 'permname']);
foreach ($perms as $p) { foreach ($perms as $p) {
if ($p['permname'] == "PASSWORD") {
continue;
}
$pi = $p['permid']; $pi = $p['permid'];
$pn = lang("visibility " . strtolower($p['permname']), false); $pn = lang("visibility " . strtolower($p['permname']), false);
$ps = $pubdata["permid"] == $pi ? " selected" : ""; $ps = $pubdata["permid"] == $pi ? " selected" : "";
@ -138,6 +142,22 @@ if (!is_empty($VARS['id'])) {
} }
?> ?>
</select> </select>
<div class="checkbox">
<label>
<input type="checkbox" id="password_protect" name="password_protect" value="1" <?php echo is_empty($pubdata['pwd']) ? "" : "checked" ?>> <?php lang("password protect"); ?>
</label>
</div>
<?php if (is_empty($pubdata['pwd'])) { ?>
<style nonce="<?php echo $SECURE_NONCE; ?>">
#password {
display: none;
}
</style>
<?php } ?>
<div id="password">
<input type="password" name="password" value="" placeholder="<?php lang("password"); ?>" class="form-control" />
<i class="fa fa-info-circle"></i> <?php lang("anyone with link and password can view"); ?>
</div>
</div> </div>
</div> </div>
</div> </div>

8
static/js/editpub.js
View File

@ -1,3 +1,11 @@
$('#name').on('input propertychange paste', function () { $('#name').on('input propertychange paste', function () {
$('#name_title').text($('#name').val()); $('#name_title').text($('#name').val());
}); });
$('#password_protect').change(function () {
if ($(this).prop('checked')) {
$("#password").css('display', 'block');
} else {
$("#password").css('display', 'none');
}
})