- fixed explanation info text in aauth config

- added `pm_cleanup_max_age`-config_var - added 2 files (`pm_deleted_sender` & `pm_deleted_receiver`) in pm table - changed `list_pms()` to catch only not deleted pm's - changed `delete_pm()` now it need a user_id to delete a pm (like `get_pm()`) - changed `delete_pm()` sender's can now detete pm's from outbox - changed `count_unread_pms()` it counts now only not deleted pm's. - added `cleanup_pms()` removes pms older than X defined by `pm_cleanup_max_age`-config_var
9 years ago · fe89cdb861
4 changed files with 151 additions and 100 deletions
--- a/application/config/aauth.php
+++ b/application/config/aauth.php
@ -5,23 +5,19 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 | -------------------------------------------------------------------
 | Aauth Config
 | -------------------------------------------------------------------
-| A library Basic Authorization for CodeIgniter 2+
+| A library Basic Authorization for CodeIgniter 2.x and 3.x
 |
 | -------------------------------------------------------------------
 | EXPLANATION
 | -------------------------------------------------------------------
 |
-|	See http://codeigniter-aauth-test.readthedocs.org/en/latest/
-|	for more details and explainations
-|
-|
 |   ['no_permission']                   If user don't have permisssion to see the page he will be redirected the page spesificed.
 |
 |   ['admin_group']                     Name of admin group
 |   ['default_group']                   Name of default group, the new user is added in it
 |   ['public_group']                    Public group , people who not logged in
 |
-| 	['db_profile']                     	The configuration database profile (see config/database.php)
+|   ['db_profile']                      The configuration database profile (definied in config/database.php)
 |
 |   ['users']                           The table which contains users
 |   ['groups']                          The table which contains groups
@ -33,7 +29,11 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 |   ['user_variables']                  The table which contains users variables
 |   ['login_attempts']                  The table which contains login attempts
 |
-| 	['remember']                       	Remember time elapsed after connecting and automatic LogOut
+|   ['remember']                        Remember time (in relative format) elapsed after connecting and automatic LogOut for usage with Cookies
+|                                       Relative Format (e.g. '+ 1 week', '+ 1 month', '+ first day of next month') 
+|                                       for details see http://php.net/manual/de/datetime.formats.relative.php
+|                                       !!IMPORTANT!! If you use Session instead of Cookies, 
+|                                       remember time is definied by 'sess_expiration' in config/config.php
 |
 |   ['max']                             Maximum char long for Password
 |   ['min']                             Minimum char long for Password
@ -42,8 +42,8 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 |
 |   ['ddos_protection']                 If it is true, the user will be banned temporary when he exceed the login 'try'
 |
-| 	['recaptcha_active']               	Enable reCAPTCHA (see www.google.com/recaptcha/admin)
-| 	['recaptcha_login_attempts']       	:
+|   ['recaptcha_active']                Enable reCAPTCHA (for details see www.google.com/recaptcha/admin)
+|   ['recaptcha_login_attempts']        Login Attempts to display reCAPTCHA
 |   ['recaptcha_siteKey']               The reCAPTCHA siteKey
 |   ['recaptcha_secret']                The reCAPTCHA secretKey
 |
@ -71,8 +71,16 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 |   ['hash']                            Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..)
 |                                       Please, run hash_algos() for know your all supported algorithms
 |   ['use_password_hash']               True to use PHP's own password_hash() function with BCrypt, needs PHP5.5 or higher
-| 	['password_hash_algo']              password_hash algorithm (PASSWORD_DEFAULT, PASSWORD_BCRYPT) for details see http://php.net/manual/de/password.constants.php
-| 	['password_hash_options']           password_hash options array for details see http://php.net/manual/en/function.password-hash.php
+|   ['password_hash_algo']              password_hash algorithm (PASSWORD_DEFAULT, PASSWORD_BCRYPT) 
+|                                       for details see http://php.net/manual/de/password.constants.php
+|   ['password_hash_options']           password_hash options array 
+|                                       for details see http://php.net/manual/en/function.password-hash.php
+|
+|   ['pm_encryption']                   Enables/Disables PM Encryption, needs configured CI Encryption Class.
+|                                       for details see: http://www.codeigniter.com/userguide2/libraries/encryption.html
+|   ['pm_cleanup_max_age']              PM Cleanup max age (in relative format), PM's are older than max age get deleted with 'cleanup_pms()'
+|                                       Relative Format (e.g. '2 week', '1 month') 
+|                                       for details see http://php.net/manual/de/datetime.formats.relative.php
 |
 */
 $config_aauth = array();
@ -137,7 +145,8 @@ $config_aauth["default"] = array(
 'password_hash_algo'             => PASSWORD_DEFAULT,
 'password_hash_options'          => array(),

-	'pm_encryption'                  => false
+ 'pm_encryption'                  => false,
+ 'pm_cleanup_max_age'             => "6 months",
 );

 $config['aauth'] = $config_aauth['default'];
--- a/application/libraries/Aauth.php
+++ b/application/libraries/Aauth.php
@ -1963,14 +1963,14 @@ class Aauth {
 	 * @param int $receiver_id User id of private message receiver
 	 * @return object Array of private messages
 	 */
-	public function list_pms($limit=5, $offset=0, $receiver_id = FALSE, $sender_id=FALSE){
-
-		if ( $receiver_id != FALSE){
+	public function list_pms($limit=5, $offset=0, $receiver_id=NULL, $sender_id=NULL){
+		if (is_numeric($sender_id)){
 			$query = $this->aauth_db->where('receiver_id', $receiver_id);
+			$query = $this->aauth_db->where('pm_deleted_receiver', 0);
 		}
-
-		if( $sender_id != FALSE ){
+		if (is_numeric($sender_id)){
 			$query = $this->aauth_db->where('sender_id', $sender_id);
+			$query = $this->aauth_db->where('pm_deleted_sender', 0);
 		}

 		$query = $this->aauth_db->order_by('id','DESC');
@ -1991,7 +1991,7 @@ class Aauth {
 		if(!$user_id){
 			$user_id = $this->CI->session->userdata('id');
 		}
-		if( !is_numeric($user_id)){
+		if( !is_numeric($user_id) || !is_numeric($pm_id)){
 			$this->error( $this->CI->lang->line('aauth_error_no_pm') );
 			return FALSE;
 		}
@ -2028,11 +2028,48 @@ class Aauth {
 	 * @param int $pm_id Private message id to be deleted
 	 * @return bool Delete success/failure
 	 */
-	public function delete_pm($pm_id){
+	public function delete_pm($pm_id, $user_id = NULL){
+		if(!$user_id){
+			$user_id = $this->CI->session->userdata('id');
+		}
+		if( !is_numeric($user_id) || !is_numeric($pm_id)){
+			$this->error( $this->CI->lang->line('aauth_error_no_pm') );
+			return FALSE;
+		}
+
+		$query = $this->aauth_db->where('id', $pm_id);
+		$query = $this->aauth_db->where('receiver_id', $user_id);
+		$query = $this->aauth_db->or_where('sender_id', $user_id);
+		$query = $this->aauth_db->get( $this->config_vars['pms'] );
+		$result = $query->row();
+		if ($user_id == $result->sender_id){
+			if($result->pm_deleted_receiver == 1){
+				return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id));			
+			}
 			
+			return $this->aauth_db->update( $this->config_vars['pms'], array('pm_deleted_sender'=>1), array('id' => $pm_id));			
+		}else if ($user_id == $result->result->receiver_id){
+			if($result->pm_deleted_sender == 1){
 				return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id));			
 			}

+			return $this->aauth_db->update( $this->config_vars['pms'], array('pm_deleted_receiver'=>1), array('id' => $pm_id) );
+		}
+	}
+
+	/**
+	 * Cleanup PMs 
+	 * Removes PMs older than 'pm_cleanup_max_age' (definied in aauth config).
+	 * recommend for a cron job
+	 */
+	public function cleanup_pms(){
+		$pm_cleanup_max_age = $this->config_vars['pm_cleanup_max_age'];
+		$date_sent = date('Y-m-d H:i:s', strtotime("now -".$pm_cleanup_max_age));
+		$this->aauth_db->where('date_sent <', $date_sent);
+
+		return $this->aauth_db->delete($this->config_vars['pms']);			
+	}
+
 	//tested
 	/**
 	 * Count unread Private Message
@ -2047,6 +2084,7 @@ class Aauth {
 		}

 		$query = $this->aauth_db->where('receiver_id', $receiver_id);
+		$query = $this->aauth_db->where('pm_deleted_receiver', 0);
 		$query = $this->aauth_db->where('date_read', NULL);
 		$query = $this->aauth_db->get( $this->config_vars['pms'] );

--- a/sql/Aauth_v2.sql
+++ b/sql/Aauth_v2.sql
@ -77,6 +77,8 @@ CREATE TABLE `aauth_pms` (
  `message` text,
  `date_sent` datetime DEFAULT NULL,
  `date_read` datetime DEFAULT NULL,
+  `pm_deleted_sender` int(1) DEFAULT '0',
+  `pm_deleted_receiver` int(1) DEFAULT '0',
  PRIMARY KEY (`id`),
  KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--- a/sql/Aauth_v2_BCrypt.sql
+++ b/sql/Aauth_v2_BCrypt.sql
@ -77,6 +77,8 @@ CREATE TABLE `aauth_pms` (
  `message` text,
  `date_sent` datetime DEFAULT NULL,
  `date_read` datetime DEFAULT NULL,
+  `pm_deleted_sender` int(1) DEFAULT '0',
+  `pm_deleted_receiver` int(1) DEFAULT '0',
  PRIMARY KEY (`id`),
  KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;