Skip to content

Commit

Permalink
- fixed explanation info text in aauth config
Browse files Browse the repository at this point in the history 
 - added `pm_cleanup_max_age`-config_var
 - added 2 files (`pm_deleted_sender` & `pm_deleted_receiver`) in pm table
 - changed `list_pms()` to catch only not deleted pm's
 - changed `delete_pm()` now it need a user_id to delete a pm (like `get_pm()`)
 - changed `delete_pm()` sender's can now detete pm's from outbox
 - changed `count_unread_pms()` it counts now only not deleted pm's.
 - added `cleanup_pms()` removes pms older than X defined by `pm_cleanup_max_age`-config_var
  • Loading branch information
@REJack
REJack committed May 30, 2016
1 parent e6e770a commit fe89cdb
Show file tree
Hide file tree
Showing 4 changed files with 151 additions and 100 deletions.
191 changes: 100 additions & 91 deletions application/config/aauth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,139 +5,148 @@
| -------------------------------------------------------------------
| Aauth Config
| -------------------------------------------------------------------
| A library Basic Authorization for CodeIgniter 2+
| A library Basic Authorization for CodeIgniter 2.x and 3.x
|
| -------------------------------------------------------------------
| EXPLANATION
| -------------------------------------------------------------------
|
| See http://codeigniter-aauth-test.readthedocs.org/en/latest/
| for more details and explainations
| ['no_permission'] If user don't have permisssion to see the page he will be redirected the page spesificed.
|
| ['admin_group'] Name of admin group
| ['default_group'] Name of default group, the new user is added in it
| ['public_group'] Public group , people who not logged in
|
| ['no_permission'] If user don't have permisssion to see the page he will be redirected the page spesificed.
| ['db_profile'] The configuration database profile (definied in config/database.php)
|
| ['admin_group'] Name of admin group
| ['default_group'] Name of default group, the new user is added in it
| ['public_group'] Public group , people who not logged in
| ['users'] The table which contains users
| ['groups'] The table which contains groups
| ['user_to_group'] The table which contains join of users and groups
| ['perms'] The table which contains permissions
| ['perm_to_group'] The table which contains permissions for groups
| ['perm_to_user'] The table which contains permissions for users
| ['pms'] The table which contains private messages
| ['user_variables'] The table which contains users variables
| ['login_attempts'] The table which contains login attempts
|
| ['db_profile'] The configuration database profile (see config/database.php)
| ['remember'] Remember time (in relative format) elapsed after connecting and automatic LogOut for usage with Cookies
| Relative Format (e.g. '+ 1 week', '+ 1 month', '+ first day of next month')
| for details see http://php.net/manual/de/datetime.formats.relative.php
| !!IMPORTANT!! If you use Session instead of Cookies,
| remember time is definied by 'sess_expiration' in config/config.php
|
| ['users'] The table which contains users
| ['groups'] The table which contains groups
| ['user_to_group'] The table which contains join of users and groups
| ['perms'] The table which contains permissions
| ['perm_to_group'] The table which contains permissions for groups
| ['perm_to_user'] The table which contains permissions for users
| ['pms'] The table which contains private messages
| ['user_variables'] The table which contains users variables
| ['login_attempts'] The table which contains login attempts
| ['max'] Maximum char long for Password
| ['min'] Minimum char long for Password
|
| ['remember'] Remember time elapsed after connecting and automatic LogOut
| ['additional_valid_chars'] Additional valid chars for username. Non alphanumeric characters that are allowed by default
|
| ['max'] Maximum char long for Password
| ['min'] Minimum char long for Password
| ['ddos_protection'] If it is true, the user will be banned temporary when he exceed the login 'try'
|
| ['additional_valid_chars'] Additional valid chars for username. Non alphanumeric characters that are allowed by default
| ['recaptcha_active'] Enable reCAPTCHA (for details see www.google.com/recaptcha/admin)
| ['recaptcha_login_attempts'] Login Attempts to display reCAPTCHA
| ['recaptcha_siteKey'] The reCAPTCHA siteKey
| ['recaptcha_secret'] The reCAPTCHA secretKey
|
| ['ddos_protection'] If it is true, the user will be banned temporary when he exceed the login 'try'
| ['totp_active'] The Time-based One-time Password Algorithm
| ['totp_only_on_ip_change'] TOTP only on IP Change
| ['totp_reset_over_reset_password'] TOTP reset over reset Password
| ['totp_two_step_login'] Enables/Disables TOTP two step login
| ['totp_two_step_login_redirect'] Redirect path to TOTP Verification page used by control() & is_allowed()
|
| ['recaptcha_active'] Enable reCAPTCHA (see www.google.com/recaptcha/admin)
| ['recaptcha_login_attempts'] :
| ['recaptcha_siteKey'] The reCAPTCHA siteKey
| ['recaptcha_secret'] The reCAPTCHA secretKey
| ['max_login_attempt'] Login attempts time interval (default 10 times in one hour)
| ['max_login_attempt_time_period'] Period of time for max login attempts (default "5 minutes")
| ['remove_successful_attempts'] Enables/Disables removing login attempt after successful login
|
| ['totp_active'] The Time-based One-time Password Algorithm
| ['totp_only_on_ip_change'] TOTP only on IP Change
| ['totp_reset_over_reset_password'] TOTP reset over reset Password
| ['totp_two_step_login'] Enables/Disables TOTP two step login
| ['totp_two_step_login_redirect'] Redirect path to TOTP Verification page used by control() & is_allowed()
| ['login_with_name'] Login Identificator, if TRUE username needed to login else email address.
|
| ['max_login_attempt'] Login attempts time interval (default 10 times in one hour)
| ['max_login_attempt_time_period'] Period of time for max login attempts (default "5 minutes")
| ['remove_successful_attempts'] Enables/Disables removing login attempt after successful login
| ['use_cookies'] FALSE only on CI3
|
| ['login_with_name'] Login Identificator, if TRUE username needed to login else email address.
| ['email'] Sender email address, used for remind_password, send_verification and reset_password
| ['name'] Sender name, used for remind_password, send_verification and reset_password
|
| ['use_cookies'] FALSE only on CI3
| ['verification'] User Verification, if TRUE sends a verification email on account creation.
| ['verification_link'] Link for verification without site_url or base_url
| ['reset_password_link'] Link for reset_password without site_url or base_url
|
| ['email'] Sender email address, used for remind_password, send_verification and reset_password
| ['name'] Sender name, used for remind_password, send_verification and reset_password
|
| ['verification'] User Verification, if TRUE sends a verification email on account creation.
| ['verification_link'] Link for verification without site_url or base_url
| ['reset_password_link'] Link for reset_password without site_url or base_url
|
| ['hash'] Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..)
| ['hash'] Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..)
| Please, run hash_algos() for know your all supported algorithms
| ['use_password_hash'] True to use PHP's own password_hash() function with BCrypt, needs PHP5.5 or higher
| ['password_hash_algo'] password_hash algorithm (PASSWORD_DEFAULT, PASSWORD_BCRYPT) for details see http://php.net/manual/de/password.constants.php
| ['password_hash_options'] password_hash options array for details see http://php.net/manual/en/function.password-hash.php
| ['use_password_hash'] True to use PHP's own password_hash() function with BCrypt, needs PHP5.5 or higher
| ['password_hash_algo'] password_hash algorithm (PASSWORD_DEFAULT, PASSWORD_BCRYPT)
| for details see http://php.net/manual/de/password.constants.php
| ['password_hash_options'] password_hash options array
| for details see http://php.net/manual/en/function.password-hash.php
|
| ['pm_encryption'] Enables/Disables PM Encryption, needs configured CI Encryption Class.
| for details see: http://www.codeigniter.com/userguide2/libraries/encryption.html
| ['pm_cleanup_max_age'] PM Cleanup max age (in relative format), PM's are older than max age get deleted with 'cleanup_pms()'
| Relative Format (e.g. '2 week', '1 month')
| for details see http://php.net/manual/de/datetime.formats.relative.php
|
*/
$config_aauth = array();

$config_aauth["default"] = array(
'no_permission' => FALSE,
'no_permission' => FALSE,

'admin_group' => 'admin',
'default_group' => 'default',
'public_group' => 'public',
'admin_group' => 'admin',
'default_group' => 'default',
'public_group' => 'public',

'db_profile' => 'default',
'db_profile' => 'default',

'users' => 'aauth_users',
'groups' => 'aauth_groups',
'group_to_group' => 'aauth_group_to_group',
'user_to_group' => 'aauth_user_to_group',
'perms' => 'aauth_perms',
'perm_to_group' => 'aauth_perm_to_group',
'perm_to_user' => 'aauth_perm_to_user',
'pms' => 'aauth_pms',
'user_variables' => 'aauth_user_variables',
'login_attempts' => 'aauth_login_attempts',
'users' => 'aauth_users',
'groups' => 'aauth_groups',
'group_to_group' => 'aauth_group_to_group',
'user_to_group' => 'aauth_user_to_group',
'perms' => 'aauth_perms',
'perm_to_group' => 'aauth_perm_to_group',
'perm_to_user' => 'aauth_perm_to_user',
'pms' => 'aauth_pms',
'user_variables' => 'aauth_user_variables',
'login_attempts' => 'aauth_login_attempts',

'remember' => ' +3 days',
'remember' => ' +3 days',

'max' => 13,
'min' => 5,
'max' => 13,
'min' => 5,

'additional_valid_chars' => array(),
'additional_valid_chars' => array(),

'ddos_protection' => true,
'ddos_protection' => true,

'recaptcha_active' => false,
'recaptcha_login_attempts' => 4,
'recaptcha_siteKey' => '',
'recaptcha_secret' => '',
'recaptcha_active' => false,
'recaptcha_login_attempts' => 4,
'recaptcha_siteKey' => '',
'recaptcha_secret' => '',

'totp_active' => false,
'totp_only_on_ip_change' => false,
'totp_reset_over_reset_password' => false,
'totp_two_step_login_active' => false,
'totp_two_step_login_redirect' => '/account/twofactor_verification/',
'totp_active' => false,
'totp_only_on_ip_change' => false,
'totp_reset_over_reset_password' => false,
'totp_two_step_login_active' => false,
'totp_two_step_login_redirect' => '/account/twofactor_verification/',

'max_login_attempt' => 10,
'max_login_attempt_time_period' => "5 minutes",
'remove_successful_attempts' => true,
'max_login_attempt' => 10,
'max_login_attempt_time_period' => "5 minutes",
'remove_successful_attempts' => true,

'login_with_name' => false,
'login_with_name' => false,

'use_cookies' => true,
'use_cookies' => true,

'email' => 'admin@admin.com',
'name' => 'Emre Akay',
'email' => 'admin@admin.com',
'name' => 'Emre Akay',

'verification' => false,
'verification_link' => '/account/verification/',
'reset_password_link' => '/account/reset_password/',
'verification' => false,
'verification_link' => '/account/verification/',
'reset_password_link' => '/account/reset_password/',

'hash' => 'sha256',
'use_password_hash' => false,
'password_hash_algo' => PASSWORD_DEFAULT,
'password_hash_options' => array(),
'hash' => 'sha256',
'use_password_hash' => false,
'password_hash_algo' => PASSWORD_DEFAULT,
'password_hash_options' => array(),

'pm_encryption' => false
'pm_encryption' => false,
'pm_cleanup_max_age' => "6 months",
);

$config['aauth'] = $config_aauth['default'];
Expand Down
56 changes: 47 additions & 9 deletions application/libraries/Aauth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1963,14 +1963,14 @@ public function send_pms( $sender_id, $receiver_ids, $title, $message ){
* @param int $receiver_id User id of private message receiver
* @return object Array of private messages
*/
public function list_pms($limit=5, $offset=0, $receiver_id = FALSE, $sender_id=FALSE){

if ( $receiver_id != FALSE){
public function list_pms($limit=5, $offset=0, $receiver_id=NULL, $sender_id=NULL){
if (is_numeric($sender_id)){
$query = $this->aauth_db->where('receiver_id', $receiver_id);
$query = $this->aauth_db->where('pm_deleted_receiver', 0);
}

if( $sender_id != FALSE ){
if (is_numeric($sender_id)){
$query = $this->aauth_db->where('sender_id', $sender_id);
$query = $this->aauth_db->where('pm_deleted_sender', 0);
}

$query = $this->aauth_db->order_by('id','DESC');
Expand All @@ -1991,7 +1991,7 @@ public function get_pm($pm_id, $user_id = NULL, $set_as_read = TRUE){
if(!$user_id){
$user_id = $this->CI->session->userdata('id');
}
if( !is_numeric($user_id)){
if( !is_numeric($user_id) || !is_numeric($pm_id)){
$this->error( $this->CI->lang->line('aauth_error_no_pm') );
return FALSE;
}
Expand Down Expand Up @@ -2028,9 +2028,46 @@ public function get_pm($pm_id, $user_id = NULL, $set_as_read = TRUE){
* @param int $pm_id Private message id to be deleted
* @return bool Delete success/failure
*/
public function delete_pm($pm_id){

return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id) );
public function delete_pm($pm_id, $user_id = NULL){
if(!$user_id){
$user_id = $this->CI->session->userdata('id');
}
if( !is_numeric($user_id) || !is_numeric($pm_id)){
$this->error( $this->CI->lang->line('aauth_error_no_pm') );
return FALSE;
}

$query = $this->aauth_db->where('id', $pm_id);
$query = $this->aauth_db->where('receiver_id', $user_id);
$query = $this->aauth_db->or_where('sender_id', $user_id);
$query = $this->aauth_db->get( $this->config_vars['pms'] );
$result = $query->row();
if ($user_id == $result->sender_id){
if($result->pm_deleted_receiver == 1){
return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id));
}

return $this->aauth_db->update( $this->config_vars['pms'], array('pm_deleted_sender'=>1), array('id' => $pm_id));
}else if ($user_id == $result->result->receiver_id){
if($result->pm_deleted_sender == 1){
return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id));
}

return $this->aauth_db->update( $this->config_vars['pms'], array('pm_deleted_receiver'=>1), array('id' => $pm_id) );
}
}

/**
* Cleanup PMs
* Removes PMs older than 'pm_cleanup_max_age' (definied in aauth config).
* recommend for a cron job
*/
public function cleanup_pms(){
$pm_cleanup_max_age = $this->config_vars['pm_cleanup_max_age'];
$date_sent = date('Y-m-d H:i:s', strtotime("now -".$pm_cleanup_max_age));
$this->aauth_db->where('date_sent <', $date_sent);

return $this->aauth_db->delete($this->config_vars['pms']);
}

//tested
Expand All @@ -2047,6 +2084,7 @@ public function count_unread_pms($receiver_id=FALSE){
}

$query = $this->aauth_db->where('receiver_id', $receiver_id);
$query = $this->aauth_db->where('pm_deleted_receiver', 0);
$query = $this->aauth_db->where('date_read', NULL);
$query = $this->aauth_db->get( $this->config_vars['pms'] );

Expand Down
2 changes: 2 additions & 0 deletions sql/Aauth_v2.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ CREATE TABLE `aauth_pms` (
`message` text,
`date_sent` datetime DEFAULT NULL,
`date_read` datetime DEFAULT NULL,
`pm_deleted_sender` int(1) DEFAULT '0',
`pm_deleted_receiver` int(1) DEFAULT '0',
PRIMARY KEY (`id`),
KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Expand Down
2 changes: 2 additions & 0 deletions sql/Aauth_v2_BCrypt.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ CREATE TABLE `aauth_pms` (
`message` text,
`date_sent` datetime DEFAULT NULL,
`date_read` datetime DEFAULT NULL,
`pm_deleted_sender` int(1) DEFAULT '0',
`pm_deleted_receiver` int(1) DEFAULT '0',
PRIMARY KEY (`id`),
KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Expand Down

6 comments on commit fe89cdb

@paulcanning
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed count_unread_pms() it counts now only not deleted pm's

Why not just set the message to read if it is deleted without first being read? Stops you having to check for deleted messages in this method.

@REJack
Copy link
Collaborator Author

@REJack REJack commented on fe89cdb May 30, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah this is a good way too 👍

anything else is ok? 😄

@paulcanning
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For pm encryption you are referencing CodeIgniter 2. Any reason you're not using CI 3? I don't think 2 is supported anymore.

@REJack
Copy link
Collaborator Author

@REJack REJack commented on fe89cdb May 30, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I referenced CI2 because Aauth is still working with it, but i think its the last version with CI2 Support.

My plans for v2.6.0:

  • remove the cookie support
  • remove aauth's hash_password()
  • a proper documentation on GitBook
  • some code finetuning
  • replace config explanation with a docs link
  • overall Aauth would need PHP 5.5 or higher
  • and some other stuff 🎁
    • maybe i add my Aauth Init Class too 😃 (that i created already in secret my v3 repo 😏)
      • it allows to remove the SQL files
      • creates automatic all database
      • easy database updates in further releases

I personally would use models for all database functions, to make it MVC-like 😄

EDIT: i would personally say v3.0.0 because we drop CI2

@paulcanning
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could use CI migrations for the init stuff?

@REJack
Copy link
Collaborator Author

@REJack REJack commented on fe89cdb May 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my Aauth Init Class is a adaption of CI's Migration Class, but its based on the aauth's target version, i tested the CI Migration Class before but i had some upgrade errors after skip 2 versions or more.

Here you can see my Aauth_init.php on my GitLab

Please sign in to comment.