function perform() { // check if the password is correct $secretItems = new SecretItems(); // if not, show another error if (!$secretItems->authenticateItem($this->_articleId, $this->_password)) { $this->_view = new ErrorView($this->_blogInfo, "Sorry, better luck next time!"); $this->setCommonData(); return false; } // but if correct, put the information in the session and try again $session = HttpVars::getSession(); $sessionKey = "article_" . $this->_articleId; $session["{$sessionKey}"] = "OK"; HttpVars::setSession($session); BlogController::setForwardAction("ViewArticle"); return true; }
function filter() { // get some info $blogInfo = $this->_pipelineRequest->getBlogInfo(); $request = $this->_pipelineRequest->getHttpRequest(); $session = HttpVars::getSession(); // get the article id from the request, since if it is available, then we know // that we have to ask for the password before we can let users watch it $articleId = $request->getValue("articleId"); // If we use custom url mode, the article id is not available, we need to use // - articleName // - userId // - categoryId // - date // and $articles->getBlogArticleByTitle() to find the value if ($articleId == "") { $articleName = $request->getValue("articleName"); $categoryId = $request->getValue("postCategoryId", -1); $categoryName = $request->getValue("postCategoryName"); $userId = $request->getValue("userId", -1); $userName = $request->getValue("userName"); $date = $request->getValue("Date", -1); // If userName available, use it to find userId if ($userName) { $users =& new Users(); $user = $users->getUserInfoFromUsername($userName); if (!$user) { $result = new PipelineResult(true); return $result; } // if there was a user, use his/her id $userId = $user->getId(); } // If categoryName available, use it to find categoryId if ($categoryName) { $categories =& new ArticleCategories(); $category = $categories->getCategoryByName($categoryName, $blogInfo->getId()); if (!$category) { $result = new PipelineResult(true); return $result; } // if there was a user, use his/her id $categoryId = $category->getId(); } // fetch the article // the article identifier can be either its internal id number or its mangled topic $articles =& new Articles(); $article = $articles->getBlogArticleByTitle($articleName, $blogInfo->getId(), false, $date, $categoryId, $userId, POST_STATUS_PUBLISHED); if ($article) { $articleId = $article->getId(); } else { $result = new PipelineResult(true); return $result; } } // check if the article should be protected or not $secretItems = new SecretItems(); if ($secretItems->articleIsSecret($articleId)) { // if so, first check if the password does not already exist in the session $itemPassword = $request->getValue("itemPassword"); // do we already have this information in the session? $sessionKey = "article_" . $articleId . "_auth"; if ($session["{$sessionKey}"] != "") { // check if the information is correct if ($secretItems->authenticateItemHash($articleId, $session["{$sessionKey}"])) { // if all correct, go ahead! $result = new PipelineResult(true); return $result; } } // if not, check if we are authenticating now... if ($itemPassword != "") { // authenticate using the given password if (!$secretItems->authenticateItem($articleId, $itemPassword)) { $result = new PipelineResult(false, 500, "Better luck next time!"); } else { // if the user authenticated correctly, then put the information in the session _debug("authenticated correctly!"); $session = HttpVars::getSession(); $session["{$sessionKey}"] = md5($itemPassword); $result = new PipelineResult(true); HttpVars::setSession($session); } } else { $ts = new TemplateService(); $t = $ts->PluginTemplate("secret", "passwordform"); $t->assign("locale", $blogInfo->getLocale()); $t->assign("params", $request->getAsArray()); $t->assign("articleId", $articleId); $t->assign("url", RequestGenerator::getRequestGenerator($blogInfo)); $message = $t->fetch(); $result = new PipelineResult(false, 500, $message); } return $result; } // if everything went fine, we can say so by returning // a positive PipelineResult object $result = new PipelineResult(true); return $result; }