From fe89cdb861d6864dc200db4089561669a3fd4353 Mon Sep 17 00:00:00 2001 From: REJack Date: Mon, 30 May 2016 19:58:08 +0200 Subject: [PATCH] - fixed explanation info text in aauth config - added `pm_cleanup_max_age`-config_var - added 2 files (`pm_deleted_sender` & `pm_deleted_receiver`) in pm table - changed `list_pms()` to catch only not deleted pm's - changed `delete_pm()` now it need a user_id to delete a pm (like `get_pm()`) - changed `delete_pm()` sender's can now detete pm's from outbox - changed `count_unread_pms()` it counts now only not deleted pm's. - added `cleanup_pms()` removes pms older than X defined by `pm_cleanup_max_age`-config_var --- application/config/aauth.php | 191 +++++++++++++++++--------------- application/libraries/Aauth.php | 56 ++++++++-- sql/Aauth_v2.sql | 2 + sql/Aauth_v2_BCrypt.sql | 2 + 4 files changed, 151 insertions(+), 100 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 1c547fc..3f330e7 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -5,139 +5,148 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | ------------------------------------------------------------------- | Aauth Config | ------------------------------------------------------------------- -| A library Basic Authorization for CodeIgniter 2+ +| A library Basic Authorization for CodeIgniter 2.x and 3.x | | ------------------------------------------------------------------- | EXPLANATION | ------------------------------------------------------------------- | -| See http://codeigniter-aauth-test.readthedocs.org/en/latest/ -| for more details and explainations +| ['no_permission'] If user don't have permisssion to see the page he will be redirected the page spesificed. | +| ['admin_group'] Name of admin group +| ['default_group'] Name of default group, the new user is added in it +| ['public_group'] Public group , people who not logged in | -| ['no_permission'] If user don't have permisssion to see the page he will be redirected the page spesificed. +| ['db_profile'] The configuration database profile (definied in config/database.php) | -| ['admin_group'] Name of admin group -| ['default_group'] Name of default group, the new user is added in it -| ['public_group'] Public group , people who not logged in +| ['users'] The table which contains users +| ['groups'] The table which contains groups +| ['user_to_group'] The table which contains join of users and groups +| ['perms'] The table which contains permissions +| ['perm_to_group'] The table which contains permissions for groups +| ['perm_to_user'] The table which contains permissions for users +| ['pms'] The table which contains private messages +| ['user_variables'] The table which contains users variables +| ['login_attempts'] The table which contains login attempts | -| ['db_profile'] The configuration database profile (see config/database.php) +| ['remember'] Remember time (in relative format) elapsed after connecting and automatic LogOut for usage with Cookies +| Relative Format (e.g. '+ 1 week', '+ 1 month', '+ first day of next month') +| for details see http://php.net/manual/de/datetime.formats.relative.php +| !!IMPORTANT!! If you use Session instead of Cookies, +| remember time is definied by 'sess_expiration' in config/config.php | -| ['users'] The table which contains users -| ['groups'] The table which contains groups -| ['user_to_group'] The table which contains join of users and groups -| ['perms'] The table which contains permissions -| ['perm_to_group'] The table which contains permissions for groups -| ['perm_to_user'] The table which contains permissions for users -| ['pms'] The table which contains private messages -| ['user_variables'] The table which contains users variables -| ['login_attempts'] The table which contains login attempts +| ['max'] Maximum char long for Password +| ['min'] Minimum char long for Password | -| ['remember'] Remember time elapsed after connecting and automatic LogOut +| ['additional_valid_chars'] Additional valid chars for username. Non alphanumeric characters that are allowed by default | -| ['max'] Maximum char long for Password -| ['min'] Minimum char long for Password +| ['ddos_protection'] If it is true, the user will be banned temporary when he exceed the login 'try' | -| ['additional_valid_chars'] Additional valid chars for username. Non alphanumeric characters that are allowed by default +| ['recaptcha_active'] Enable reCAPTCHA (for details see www.google.com/recaptcha/admin) +| ['recaptcha_login_attempts'] Login Attempts to display reCAPTCHA +| ['recaptcha_siteKey'] The reCAPTCHA siteKey +| ['recaptcha_secret'] The reCAPTCHA secretKey | -| ['ddos_protection'] If it is true, the user will be banned temporary when he exceed the login 'try' +| ['totp_active'] The Time-based One-time Password Algorithm +| ['totp_only_on_ip_change'] TOTP only on IP Change +| ['totp_reset_over_reset_password'] TOTP reset over reset Password +| ['totp_two_step_login'] Enables/Disables TOTP two step login +| ['totp_two_step_login_redirect'] Redirect path to TOTP Verification page used by control() & is_allowed() | -| ['recaptcha_active'] Enable reCAPTCHA (see www.google.com/recaptcha/admin) -| ['recaptcha_login_attempts'] : -| ['recaptcha_siteKey'] The reCAPTCHA siteKey -| ['recaptcha_secret'] The reCAPTCHA secretKey +| ['max_login_attempt'] Login attempts time interval (default 10 times in one hour) +| ['max_login_attempt_time_period'] Period of time for max login attempts (default "5 minutes") +| ['remove_successful_attempts'] Enables/Disables removing login attempt after successful login | -| ['totp_active'] The Time-based One-time Password Algorithm -| ['totp_only_on_ip_change'] TOTP only on IP Change -| ['totp_reset_over_reset_password'] TOTP reset over reset Password -| ['totp_two_step_login'] Enables/Disables TOTP two step login -| ['totp_two_step_login_redirect'] Redirect path to TOTP Verification page used by control() & is_allowed() +| ['login_with_name'] Login Identificator, if TRUE username needed to login else email address. | -| ['max_login_attempt'] Login attempts time interval (default 10 times in one hour) -| ['max_login_attempt_time_period'] Period of time for max login attempts (default "5 minutes") -| ['remove_successful_attempts'] Enables/Disables removing login attempt after successful login +| ['use_cookies'] FALSE only on CI3 | -| ['login_with_name'] Login Identificator, if TRUE username needed to login else email address. +| ['email'] Sender email address, used for remind_password, send_verification and reset_password +| ['name'] Sender name, used for remind_password, send_verification and reset_password | -| ['use_cookies'] FALSE only on CI3 +| ['verification'] User Verification, if TRUE sends a verification email on account creation. +| ['verification_link'] Link for verification without site_url or base_url +| ['reset_password_link'] Link for reset_password without site_url or base_url | -| ['email'] Sender email address, used for remind_password, send_verification and reset_password -| ['name'] Sender name, used for remind_password, send_verification and reset_password -| -| ['verification'] User Verification, if TRUE sends a verification email on account creation. -| ['verification_link'] Link for verification without site_url or base_url -| ['reset_password_link'] Link for reset_password without site_url or base_url -| -| ['hash'] Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..) +| ['hash'] Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..) | Please, run hash_algos() for know your all supported algorithms -| ['use_password_hash'] True to use PHP's own password_hash() function with BCrypt, needs PHP5.5 or higher -| ['password_hash_algo'] password_hash algorithm (PASSWORD_DEFAULT, PASSWORD_BCRYPT) for details see http://php.net/manual/de/password.constants.php -| ['password_hash_options'] password_hash options array for details see http://php.net/manual/en/function.password-hash.php +| ['use_password_hash'] True to use PHP's own password_hash() function with BCrypt, needs PHP5.5 or higher +| ['password_hash_algo'] password_hash algorithm (PASSWORD_DEFAULT, PASSWORD_BCRYPT) +| for details see http://php.net/manual/de/password.constants.php +| ['password_hash_options'] password_hash options array +| for details see http://php.net/manual/en/function.password-hash.php +| +| ['pm_encryption'] Enables/Disables PM Encryption, needs configured CI Encryption Class. +| for details see: http://www.codeigniter.com/userguide2/libraries/encryption.html +| ['pm_cleanup_max_age'] PM Cleanup max age (in relative format), PM's are older than max age get deleted with 'cleanup_pms()' +| Relative Format (e.g. '2 week', '1 month') +| for details see http://php.net/manual/de/datetime.formats.relative.php | */ $config_aauth = array(); $config_aauth["default"] = array( - 'no_permission' => FALSE, + 'no_permission' => FALSE, - 'admin_group' => 'admin', - 'default_group' => 'default', - 'public_group' => 'public', + 'admin_group' => 'admin', + 'default_group' => 'default', + 'public_group' => 'public', - 'db_profile' => 'default', + 'db_profile' => 'default', - 'users' => 'aauth_users', - 'groups' => 'aauth_groups', - 'group_to_group' => 'aauth_group_to_group', - 'user_to_group' => 'aauth_user_to_group', - 'perms' => 'aauth_perms', - 'perm_to_group' => 'aauth_perm_to_group', - 'perm_to_user' => 'aauth_perm_to_user', - 'pms' => 'aauth_pms', - 'user_variables' => 'aauth_user_variables', - 'login_attempts' => 'aauth_login_attempts', + 'users' => 'aauth_users', + 'groups' => 'aauth_groups', + 'group_to_group' => 'aauth_group_to_group', + 'user_to_group' => 'aauth_user_to_group', + 'perms' => 'aauth_perms', + 'perm_to_group' => 'aauth_perm_to_group', + 'perm_to_user' => 'aauth_perm_to_user', + 'pms' => 'aauth_pms', + 'user_variables' => 'aauth_user_variables', + 'login_attempts' => 'aauth_login_attempts', - 'remember' => ' +3 days', + 'remember' => ' +3 days', - 'max' => 13, - 'min' => 5, + 'max' => 13, + 'min' => 5, - 'additional_valid_chars' => array(), + 'additional_valid_chars' => array(), - 'ddos_protection' => true, + 'ddos_protection' => true, - 'recaptcha_active' => false, - 'recaptcha_login_attempts' => 4, - 'recaptcha_siteKey' => '', - 'recaptcha_secret' => '', + 'recaptcha_active' => false, + 'recaptcha_login_attempts' => 4, + 'recaptcha_siteKey' => '', + 'recaptcha_secret' => '', - 'totp_active' => false, - 'totp_only_on_ip_change' => false, - 'totp_reset_over_reset_password' => false, - 'totp_two_step_login_active' => false, - 'totp_two_step_login_redirect' => '/account/twofactor_verification/', + 'totp_active' => false, + 'totp_only_on_ip_change' => false, + 'totp_reset_over_reset_password' => false, + 'totp_two_step_login_active' => false, + 'totp_two_step_login_redirect' => '/account/twofactor_verification/', - 'max_login_attempt' => 10, - 'max_login_attempt_time_period' => "5 minutes", - 'remove_successful_attempts' => true, + 'max_login_attempt' => 10, + 'max_login_attempt_time_period' => "5 minutes", + 'remove_successful_attempts' => true, - 'login_with_name' => false, + 'login_with_name' => false, - 'use_cookies' => true, + 'use_cookies' => true, - 'email' => 'admin@admin.com', - 'name' => 'Emre Akay', + 'email' => 'admin@admin.com', + 'name' => 'Emre Akay', - 'verification' => false, - 'verification_link' => '/account/verification/', - 'reset_password_link' => '/account/reset_password/', + 'verification' => false, + 'verification_link' => '/account/verification/', + 'reset_password_link' => '/account/reset_password/', - 'hash' => 'sha256', - 'use_password_hash' => false, - 'password_hash_algo' => PASSWORD_DEFAULT, - 'password_hash_options' => array(), + 'hash' => 'sha256', + 'use_password_hash' => false, + 'password_hash_algo' => PASSWORD_DEFAULT, + 'password_hash_options' => array(), - 'pm_encryption' => false + 'pm_encryption' => false, + 'pm_cleanup_max_age' => "6 months", ); $config['aauth'] = $config_aauth['default']; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 4cee57e..7528c2c 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1963,14 +1963,14 @@ class Aauth { * @param int $receiver_id User id of private message receiver * @return object Array of private messages */ - public function list_pms($limit=5, $offset=0, $receiver_id = FALSE, $sender_id=FALSE){ - - if ( $receiver_id != FALSE){ + public function list_pms($limit=5, $offset=0, $receiver_id=NULL, $sender_id=NULL){ + if (is_numeric($sender_id)){ $query = $this->aauth_db->where('receiver_id', $receiver_id); + $query = $this->aauth_db->where('pm_deleted_receiver', 0); } - - if( $sender_id != FALSE ){ + if (is_numeric($sender_id)){ $query = $this->aauth_db->where('sender_id', $sender_id); + $query = $this->aauth_db->where('pm_deleted_sender', 0); } $query = $this->aauth_db->order_by('id','DESC'); @@ -1991,7 +1991,7 @@ class Aauth { if(!$user_id){ $user_id = $this->CI->session->userdata('id'); } - if( !is_numeric($user_id)){ + if( !is_numeric($user_id) || !is_numeric($pm_id)){ $this->error( $this->CI->lang->line('aauth_error_no_pm') ); return FALSE; } @@ -2028,9 +2028,46 @@ class Aauth { * @param int $pm_id Private message id to be deleted * @return bool Delete success/failure */ - public function delete_pm($pm_id){ - - return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id) ); + public function delete_pm($pm_id, $user_id = NULL){ + if(!$user_id){ + $user_id = $this->CI->session->userdata('id'); + } + if( !is_numeric($user_id) || !is_numeric($pm_id)){ + $this->error( $this->CI->lang->line('aauth_error_no_pm') ); + return FALSE; + } + + $query = $this->aauth_db->where('id', $pm_id); + $query = $this->aauth_db->where('receiver_id', $user_id); + $query = $this->aauth_db->or_where('sender_id', $user_id); + $query = $this->aauth_db->get( $this->config_vars['pms'] ); + $result = $query->row(); + if ($user_id == $result->sender_id){ + if($result->pm_deleted_receiver == 1){ + return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id)); + } + + return $this->aauth_db->update( $this->config_vars['pms'], array('pm_deleted_sender'=>1), array('id' => $pm_id)); + }else if ($user_id == $result->result->receiver_id){ + if($result->pm_deleted_sender == 1){ + return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id)); + } + + return $this->aauth_db->update( $this->config_vars['pms'], array('pm_deleted_receiver'=>1), array('id' => $pm_id) ); + } + } + + /** + * Cleanup PMs + * Removes PMs older than 'pm_cleanup_max_age' (definied in aauth config). + * recommend for a cron job + */ + public function cleanup_pms(){ + $pm_cleanup_max_age = $this->config_vars['pm_cleanup_max_age']; + $date_sent = date('Y-m-d H:i:s', strtotime("now -".$pm_cleanup_max_age)); + $this->aauth_db->where('date_sent <', $date_sent); + + return $this->aauth_db->delete($this->config_vars['pms']); } //tested @@ -2047,6 +2084,7 @@ class Aauth { } $query = $this->aauth_db->where('receiver_id', $receiver_id); + $query = $this->aauth_db->where('pm_deleted_receiver', 0); $query = $this->aauth_db->where('date_read', NULL); $query = $this->aauth_db->get( $this->config_vars['pms'] ); diff --git a/sql/Aauth_v2.sql b/sql/Aauth_v2.sql index 1d465b4..aa50c89 100644 --- a/sql/Aauth_v2.sql +++ b/sql/Aauth_v2.sql @@ -77,6 +77,8 @@ CREATE TABLE `aauth_pms` ( `message` text, `date_sent` datetime DEFAULT NULL, `date_read` datetime DEFAULT NULL, + `pm_deleted_sender` int(1) DEFAULT '0', + `pm_deleted_receiver` int(1) DEFAULT '0', PRIMARY KEY (`id`), KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/sql/Aauth_v2_BCrypt.sql b/sql/Aauth_v2_BCrypt.sql index 572504d..f295d04 100644 --- a/sql/Aauth_v2_BCrypt.sql +++ b/sql/Aauth_v2_BCrypt.sql @@ -77,6 +77,8 @@ CREATE TABLE `aauth_pms` ( `message` text, `date_sent` datetime DEFAULT NULL, `date_read` datetime DEFAULT NULL, + `pm_deleted_sender` int(1) DEFAULT '0', + `pm_deleted_receiver` int(1) DEFAULT '0', PRIMARY KEY (`id`), KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;