From 30239ed3a0945db05c10ce43e2ab9d2ef7641741 Mon Sep 17 00:00:00 2001 From: REJack Date: Sat, 28 May 2016 20:34:03 +0200 Subject: [PATCH] added `pm_encryption` config_var added abilty to encrypt PM's in `send_pm()` & `get_pm()` added function `user_exist_by_id` used in `send_pm()` added a `user_id` check in `get_pm()` --- application/config/aauth.php | 4 ++- application/libraries/Aauth.php | 53 ++++++++++++++++++++------------- 2 files changed, 36 insertions(+), 21 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 460add1..1c547fc 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -135,7 +135,9 @@ $config_aauth["default"] = array( 'hash' => 'sha256', 'use_password_hash' => false, 'password_hash_algo' => PASSWORD_DEFAULT, - 'password_hash_options' => array() + 'password_hash_options' => array(), + + 'pm_encryption' => false ); $config['aauth'] = $config_aauth['default']; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 054ceca..46cdb62 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1107,6 +1107,24 @@ class Aauth { return FALSE; } + /** + * user_exist_by_id + * Check if user exist by user email + * @param $user_email + * + * @return bool + */ + public function user_exist_by_id( $user_id ) { + $query = $this->aauth_db->where('id', $user_id); + + $query = $this->aauth_db->get($this->config_vars['users']); + + if ($query->num_rows() > 0) + return TRUE; + else + return FALSE; + } + /** * Get user id * Get user id from email address, if par. not given, return current user's id @@ -1865,30 +1883,17 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_self_pm')); return FALSE; } - - $query = $this->aauth_db->where('id', $receiver_id); - $query = $this->aauth_db->where('banned', 0); - - $query = $this->aauth_db->get( $this->config_vars['users'] ); - - // if user not exist or banned - if ( $query->num_rows() < 1 ){ + if (($this->is_banned($receiver_id) || !$this->user_exist_by_id($receiver_id)) || ($this->is_banned($sender_id) || !$this->user_exist_by_id($sender_id))){ $this->error($this->CI->lang->line('aauth_error_no_user')); return FALSE; } - $query = $this->aauth_db->where('id', $sender_id); - $query = $this->aauth_db->where('banned', 0); - - $query = $this->aauth_db->get( $this->config_vars['users'] ); - - // if user not exist or banned - if ( $query->num_rows() < 1 ){ - $this->error($this->CI->lang->line('aauth_error_no_user')); - return FALSE; + if ($this->config_vars['pm_encryption']){ + $this->CI->load->library('encrypt'); + $title = $this->CI->encrypt->encode($title); + $message = $this->CI->encrypt->encode($message); } - $data = array( 'sender_id' => $sender_id, 'receiver_id' => $receiver_id, @@ -1912,8 +1917,6 @@ class Aauth { */ public function list_pms($limit=5, $offset=0, $receiver_id = FALSE, $sender_id=FALSE){ - $query=''; - if ( $receiver_id != FALSE){ $query = $this->aauth_db->where('receiver_id', $receiver_id); } @@ -1940,6 +1943,10 @@ class Aauth { if(!$user_id){ $user_id = $this->CI->session->userdata('id'); } + if( !is_numeric($user_id)){ + $this->error( $this->CI->lang->line('aauth_error_no_pm') ); + return FALSE; + } $query = $this->aauth_db->where('id', $pm_id); $query = $this->aauth_db->where('receiver_id', $user_id); @@ -1957,6 +1964,12 @@ class Aauth { $this->set_as_read_pm($pm_id); } + if ($this->config_vars['pm_encryption']){ + $this->CI->load->library('encrypt'); + $result->title = $this->CI->encrypt->decode($result->title); + $result->message = $this->CI->encrypt->decode($result->message); + } + return $result; }