Remove hashing dictionary id
Randomizing id should be enough security, plus it makes .htaccess easier
This commit is contained in:
parent
1bc75f2256
commit
bed665f448
|
@ -80,7 +80,7 @@ VALUES ($new_id, ?, ?, ?, ?)";
|
||||||
if ($results) {
|
if ($results) {
|
||||||
return array_map(function($result) {
|
return array_map(function($result) {
|
||||||
return array(
|
return array(
|
||||||
'id' => $this->token->hash($result['id']),
|
'id' => $result['id'],
|
||||||
'name' => $result['name'] . ' ' . $result['specification'],
|
'name' => $result['name'] . ' ' . $result['specification'],
|
||||||
);
|
);
|
||||||
}, $results);
|
}, $results);
|
||||||
|
@ -88,9 +88,8 @@ VALUES ($new_id, ?, ?, ?, ?)";
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getPublicDictionaryDetails ($dictionary_hash) {
|
public function getPublicDictionaryDetails ($dictionary) {
|
||||||
$dictionary = $this->token->unhash($dictionary_hash);
|
if (is_numeric($dictionary)) {
|
||||||
if ($dictionary !== false) {
|
|
||||||
$query = "SELECT d.*, dl.*, u.public_name FROM dictionaries d JOIN dictionary_linguistics dl ON dl.dictionary = d.id JOIN users u ON u.id = d.user WHERE d.id=? AND d.is_public=1";
|
$query = "SELECT d.*, dl.*, u.public_name FROM dictionaries d JOIN dictionary_linguistics dl ON dl.dictionary = d.id JOIN users u ON u.id = d.user WHERE d.id=? AND d.is_public=1";
|
||||||
$result = $this->db->query($query, array($dictionary))->fetch();
|
$result = $this->db->query($query, array($dictionary))->fetch();
|
||||||
if ($result) {
|
if ($result) {
|
||||||
|
@ -98,7 +97,7 @@ VALUES ($new_id, ?, ?, ?, ?)";
|
||||||
$partsOfSpeech = $result['parts_of_speech'] !== '' ? $result['parts_of_speech'] : $this->defaults['partsOfSpeech'];
|
$partsOfSpeech = $result['parts_of_speech'] !== '' ? $result['parts_of_speech'] : $this->defaults['partsOfSpeech'];
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'externalID' => $this->token->hash($result['id']),
|
'externalID' => $result['id'],
|
||||||
'name' => $result['name'],
|
'name' => $result['name'],
|
||||||
'specification' => $result['specification'],
|
'specification' => $result['specification'],
|
||||||
'description' => $result['description'],
|
'description' => $result['description'],
|
||||||
|
@ -138,9 +137,8 @@ VALUES ($new_id, ?, ?, ?, ?)";
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getPublicDictionaryWords ($dictionary_hash) {
|
public function getPublicDictionaryWords ($dictionary) {
|
||||||
$dictionary = $this->token->unhash($dictionary_hash);
|
if (is_numeric($dictionary)) {
|
||||||
if ($dictionary !== false) {
|
|
||||||
$query = "SELECT words.* FROM words JOIN dictionaries ON id = dictionary WHERE dictionary=? AND is_public=1";
|
$query = "SELECT words.* FROM words JOIN dictionaries ON id = dictionary WHERE dictionary=? AND is_public=1";
|
||||||
$results = $this->db->query($query, array($dictionary))->fetchAll();
|
$results = $this->db->query($query, array($dictionary))->fetchAll();
|
||||||
if ($results) {
|
if ($results) {
|
||||||
|
@ -169,7 +167,7 @@ VALUES ($new_id, ?, ?, ?, ?)";
|
||||||
$partsOfSpeech = $result['parts_of_speech'] !== '' ? $result['parts_of_speech'] : $this->defaults['partsOfSpeech'];
|
$partsOfSpeech = $result['parts_of_speech'] !== '' ? $result['parts_of_speech'] : $this->defaults['partsOfSpeech'];
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'externalID' => $this->token->hash($result['id']),
|
'externalID' => $result['id'],
|
||||||
'name' => $result['name'],
|
'name' => $result['name'],
|
||||||
'specification' => $result['specification'],
|
'specification' => $result['specification'],
|
||||||
'description' => $result['description'],
|
'description' => $result['description'],
|
||||||
|
|
|
@ -146,12 +146,11 @@ VALUES (?, ?, ?, ?, ?)';
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function changeCurrentDictionary ($token, $dictionary_hash) {
|
public function changeCurrentDictionary ($token, $dictionary_id) {
|
||||||
$user_data = $this->token->decode($token);
|
$user_data = $this->token->decode($token);
|
||||||
if ($user_data !== false) {
|
if ($user_data !== false) {
|
||||||
$id = $user_data->id;
|
$id = $user_data->id;
|
||||||
$dictionary_id = $this->token->unhash($dictionary_hash);
|
if (is_numeric($dictionary_id)) {
|
||||||
if ($dictionary_id !== false) {
|
|
||||||
$changed_dictionary = $this->dictionary->changeCurrent($id, $dictionary_id);
|
$changed_dictionary = $this->dictionary->changeCurrent($id, $dictionary_id);
|
||||||
if ($changed_dictionary !== false) {
|
if ($changed_dictionary !== false) {
|
||||||
$new_token = $this->generateUserToken($id, $changed_dictionary);
|
$new_token = $this->generateUserToken($id, $changed_dictionary);
|
||||||
|
@ -196,7 +195,7 @@ VALUES (?, ?, ?, ?, ?)';
|
||||||
$details_updated = $this->dictionary->setDetails($user, $dictionary, $dictionary_data['details']);
|
$details_updated = $this->dictionary->setDetails($user, $dictionary, $dictionary_data['details']);
|
||||||
$words_updated = $this->dictionary->setWords($user, $dictionary, $dictionary_data['words']);
|
$words_updated = $this->dictionary->setWords($user, $dictionary, $dictionary_data['words']);
|
||||||
if ($details_updated === true && $words_updated === true) {
|
if ($details_updated === true && $words_updated === true) {
|
||||||
return $this->token->hash($dictionary);
|
return $dictionary;
|
||||||
}
|
}
|
||||||
return array(
|
return array(
|
||||||
'error' => ($details_updated !== true ? $details_updated . ' ' : '') . ($words_updated !== true ? $words_updated : ''),
|
'error' => ($details_updated !== true ? $details_updated . ' ' : '') . ($words_updated !== true ? $words_updated : ''),
|
||||||
|
|
Loading…
Reference in New Issue