added `pm_encryption` config_var

added abilty to encrypt PM's in `send_pm()` & `get_pm()` added function `user_exist_by_id` used in `send_pm()` added a `user_id` check in `get_pm()`
9 years ago · 30239ed3a0
2 changed files with 36 additions and 21 deletions
--- a/application/config/aauth.php
+++ b/application/config/aauth.php
@ -135,7 +135,9 @@ $config_aauth["default"] = array(
 	'hash'                           => 'sha256',
 	'use_password_hash'              => false,
 	'password_hash_algo'             => PASSWORD_DEFAULT,
-	'password_hash_options'          => array()
+	'password_hash_options'          => array(),
 	'pm_encryption'                  => false
 );
 $config['aauth'] = $config_aauth['default'];
--- a/application/libraries/Aauth.php
+++ b/application/libraries/Aauth.php
@ -1107,6 +1107,24 @@ class Aauth {
 			return FALSE;
 	}
 	/**
 	 * user_exist_by_id
 	 * Check if user exist by user email
 	 * @param $user_email
 	 *
 	 * @return bool
 	 */
 	public function user_exist_by_id( $user_id ) {
 		$query = $this->aauth_db->where('id', $user_id);
 		$query = $this->aauth_db->get($this->config_vars['users']);
 		if ($query->num_rows() > 0)
 			return TRUE;
 		else
 			return FALSE;
 	}
 	/**
 	 * Get user id
 	 * Get user id from email address, if par. not given, return current user's id
@ -1865,30 +1883,17 @@ class Aauth {
 			$this->error($this->CI->lang->line('aauth_error_self_pm'));
 			return FALSE;
 		}
-
+		if (($this->is_banned($receiver_id) || !$this->user_exist_by_id($receiver_id)) || ($this->is_banned($sender_id) || !$this->user_exist_by_id($sender_id))){
 		$query = $this->aauth_db->where('id', $receiver_id);
 		$query = $this->aauth_db->where('banned', 0);
 		$query = $this->aauth_db->get( $this->config_vars['users'] );
 		// if user not exist or banned
 		if ( $query->num_rows() < 1 ){
 			$this->error($this->CI->lang->line('aauth_error_no_user'));
 			return FALSE;
 		}
-		$query = $this->aauth_db->where('id', $sender_id);
+		if ($this->config_vars['pm_encryption']){
-		$query = $this->aauth_db->where('banned', 0);
+			$this->CI->load->library('encrypt');
-
+			$title = $this->CI->encrypt->encode($title);
-		$query = $this->aauth_db->get( $this->config_vars['users'] );
+			$message = $this->CI->encrypt->encode($message);
 		// if user not exist or banned
 		if ( $query->num_rows() < 1 ){
 			$this->error($this->CI->lang->line('aauth_error_no_user'));
 			return FALSE;
 		}
 		$data = array(
 			'sender_id' => $sender_id,
 			'receiver_id' => $receiver_id,
@ -1912,8 +1917,6 @@ class Aauth {
 	 */
 	public function list_pms($limit=5, $offset=0, $receiver_id = FALSE, $sender_id=FALSE){
 		$query='';
 		if ( $receiver_id != FALSE){
 			$query = $this->aauth_db->where('receiver_id', $receiver_id);
 		}
@ -1940,6 +1943,10 @@ class Aauth {
 		if(!$user_id){
 			$user_id = $this->CI->session->userdata('id');
 		}
 		if( !is_numeric($user_id)){
 			$this->error( $this->CI->lang->line('aauth_error_no_pm') );
 			return FALSE;
 		}
 		$query = $this->aauth_db->where('id', $pm_id);
 		$query = $this->aauth_db->where('receiver_id', $user_id);
@ -1957,6 +1964,12 @@ class Aauth {
 			$this->set_as_read_pm($pm_id);
 		}
 		if ($this->config_vars['pm_encryption']){
 			$this->CI->load->library('encrypt');
 			$result->title = $this->CI->encrypt->decode($result->title);
 			$result->message = $this->CI->encrypt->decode($result->message);
 		}
 		return $result;
 	}