Changeset 5194

Show
Ignore:
Timestamp:
02/02/08 16:38:05 (8 months ago)
Author:
inureyes
Message:

#819

  • 로그인 비밀번호로도 API를 사용할 수 있도록 함.
  • RSS 주소 변경 사항을 반영
Location:
trunk
Files:
8 modified

Legend:

Unmodified
Added
Removed

  • trunk/components/Textcube.Core.php

    r5159 r5194  
    148148     
    149149    /*@static@*/ 
    150     function confirmPassword($password) { 
    151         global $database; 
     150    function confirmPassword($userid = null, $password) { 
     151        global $database; 
     152        if(empty($userid)) $userid = getUserId();  
    152153        $password = md5($password); 
    153         return POD::queryExistence("SELECT userid FROM {$database['prefix']}Users WHERE userid = ".User::getBlogOwner(getBlogId())." AND password = '$password'"); 
     154        return POD::queryExistence("SELECT userid FROM {$database['prefix']}Users WHERE userid = $userid AND password = '$password'"); 
    154155    } 
    155156 

  • trunk/interface/owner/data/remove/index.php

    r5076 r5194  
    1212requireStrictRoute(); 
    1313requireComponent('Textcube.Data.DataMaintenance'); 
    14 if (empty($_POST['confirmativePassword']) || !User::confirmPassword($_POST['confirmativePassword'])) 
     14if (empty($_POST['confirmativePassword']) || !User::confirmPassword(User::getBlogOwner(getBlogId()), $_POST['confirmativePassword'])) 
    1515    respond::ResultPage(1); 
    1616DataMaintenance::removeAll(Validator::getBool(@$_POST['removeAttachments'])); 

  • trunk/lib/auth.php

    r4994 r5194  
    109109} 
    110110 
     111function validateAPIKey($blogid, $loginid, $key) { 
     112    requireComponent('Textcube.Function.Setting'); 
     113    global $service; 
     114    $loginid = POD::escapeString($loginid); 
     115    $key = POD::escapeString($key); 
     116    $userid = getUserIdByEmail($loginid); 
     117    if( $userid === false ) { return false; } 
     118    $currentAPIKey = setting::getUserSettingGlobal('APIKey',null,$userid); 
     119    if($currentAPIKey == null) { 
     120        if(!User::confirmPassword($userid, $key)) { 
     121            header('HTTP/1.1 403 Forbidden'); 
     122            exit; 
     123        } 
     124    } else if($currentAPIKey != $key) { 
     125        header('HTTP/1.1 403 Forbidden'); 
     126        exit; 
     127    } 
     128    return true; 
     129} 
     130 
    111131function isLoginId($blogid, $loginid) { 
    112132    global $database; 

  • trunk/lib/model/blog.blogSetting.php

    r5190 r5194  
    459459    $sql = "UPDATE `{$database['prefix']}Users` SET password = '$pwd' WHERE `userid` = $userid"; 
    460460    return POD::execute($sql); 
     461} 
     462 
     463function changeAPIKey($userid, $key) { 
     464    requireComponent('Textcube.Function.Setting'); 
     465    if($key) return setting::setUserSettingGlobal('APIKey',$key,$userid); 
     466    else return false; 
    461467} 
    462468 

  • trunk/lib/model/blog.rss.php

    r5171 r5194  
    315315} 
    316316 
     317function getCommentNotifiedRSSTotal($blogid) { 
     318    global $database, $serviceURL, $defaultURL, $blogURL, $blog, $service; 
     319 
     320    if(empty($blogid)) $blogid = getBlogId(); 
     321 
     322    $channel = array(); 
     323    $channel['title'] = $blog['title']. ': '._text('최근 댓글 알리미 목록'); 
     324    $channel['link'] = "$defaultURL/"; 
     325    $channel['description'] = $blog['description']; 
     326    $channel['language'] = $blog['language']; 
     327    $channel['pubDate'] = Timestamp::getRFC1123(); 
     328    $channel['generator'] = TEXTCUBE_NAME . ' ' . TEXTCUBE_VERSION; 
     329 
     330    if (!empty($blog['logo']) && file_exists(ROOT."/attach/$blogid/{$blog['logo']}")) { 
     331        $logoInfo = getimagesize(ROOT."/attach/$blogid/{$blog['logo']}"); 
     332        $channel['url'] = $serviceURL."/attach/".$blogid."/".$blog['logo']; 
     333        $channel['width'] = $logoInfo[0]; 
     334        $channel['height'] = $logoInfo[1]; 
     335    } 
     336    $mergedComments = array(); 
     337    list($comments, $paging) = getCommentsNotifiedWithPagingForOwner($blogid, '', '', '', '', 1, 20); 
     338    for ($i = 0; $i < count($comments); $i++) { 
     339        array_push($mergedComments, $comments[$i]); 
     340        $result = getCommentCommentsNotified($comments[$i]['id']); 
     341        for ($j = 0; $j < count($result); $j++) { 
     342            array_push($mergedComments, $result[$j]); 
     343        } 
     344    }    
     345     
     346    if (!$mergedComments) 
     347        $mergedComments = array(); 
     348 
     349    $channel['items'] = array(); 
     350    foreach($mergedComments as $row) { 
     351        $item = array( 
     352            'id' => $row['id'],  
     353            'title' => $row['entryTitle'],  
     354            'link' => $row['url'],  
     355            'categories' => array(),  
     356            'description' => htmlspecialchars($row['comment']),  
     357            'author' => '('.htmlspecialchars($row['name']).')',  
     358            'pubDate' => Timestamp::getRFC1123($row['written']), 
     359            'comments' => $row['entryUrl'], 
     360            'guid' => $row['url'] 
     361        ); 
     362        array_push($channel['items'], $item); 
     363    } 
     364    $rss = array('channel' => $channel); 
     365    return publishRSS($blogid, $rss); 
     366} 
     367 
    317368function publishRSS($blogid, $data) { 
    318369    global $blog; 

  • trunk/lib/piece/blog/end.php

    r5154 r5194  
    8282} 
    8383dress('rss_url', "$blogURL/rss", $view); 
    84 dress('comment_rss_url', "$blogURL/comment/rss", $view); 
    85 dress('trackback_rss_url', "$blogURL/trackback/rss", $view); 
     84dress('comment_rss_url', "$blogURL/rss/comment", $view); 
     85dress('trackback_rss_url', "$blogURL/rss/trackback", $view); 
    8686dress('owner_url', "$blogURL/owner", $view); 
    8787dress('textcube_name', TEXTCUBE_NAME, $view); 

  • trunk/lib/piece/blog/entries.php

    r5172 r5194  
    103103            dress('article_rep_id', $entry['id'], $entryView); 
    104104            dress('article_rep_link', $permalink, $entryView); 
    105             dress('article_rep_rp_rssurl', $defaultURL.'/comment/rss/'.$entry['id'], $entryView); 
    106             dress('article_rep_tb_rssurl', $defaultURL.'/trackback/rss/'.$entry['id'], $entryView); 
     105            dress('article_rep_rp_rssurl', $defaultURL.'/rss/comment/'.$entry['id'], $entryView); 
     106            dress('article_rep_tb_rssurl', $defaultURL.'/rss/trackback/'.$entry['id'], $entryView); 
    107107            dress('article_rep_title', htmlspecialchars(fireEvent('ViewPostTitle', $entry['title'], $entry['id'])), $entryView); 
    108108            // 사용자가 작성한 본문은 lib/piece/blog/end.php의 removeAllTags() 다음에 처리하기 위한 조치. 

  • trunk/rewrite.php

    r5124 r5194  
    3939    $interfacePath = null; 
    4040    if(in_array($pathPart, array('favicon.ico','index.gif'))) {require_once 'interface/'.$pathPart.'.php';exit;} 
    41     if(!empty($accessInfo['URLfragment']) && in_array($accessInfo['URLfragment'][0],array('api','archive','attachment','author','category','checkup','cover','entry','feeder','guestbook','keylog','location','logout','notice','page','plugin','pluginForOwner','rss','search','suggest','sync','tag'))) { 
     41    if(!empty($accessInfo['URLfragment']) && in_array($accessInfo['URLfragment'][0],array('api','archive','attachment','author','category','checkup','cover','entry','feeder','guestbook','keylog','location','logout','notice','page','plugin','pluginForOwner','search','suggest','sync','tag'))) { 
    4242        $pathPart = $accessInfo['URLfragment'][0]; 
    4343        $interfacePath = 'interface/blog/'.$pathPart.'.php';