Alamantus
/
lexiconga-lite
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove hashing dictionary id 

Randomizing id should be enough security, plus it makes .htaccess easier
This commit is contained in:
Robbie Antenesse 2019-05-27 22:58:36 -06:00
parent 1bc75f2256
commit bed665f448
2 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/php/api/Dictionary.php
View File

@ -80,7 +80,7 @@ VALUES ($new_id, ?, ?, ?, ?)";
if ($results) { if ($results) {
return array_map(function($result) { return array_map(function($result) {
return array( return array(
'id' => $this->token->hash($result['id']), 'id' => $result['id'],
'name' => $result['name'] . ' ' . $result['specification'], 'name' => $result['name'] . ' ' . $result['specification'],
); );
}, $results); }, $results);
@ -88,9 +88,8 @@ VALUES ($new_id, ?, ?, ?, ?)";
return array(); return array();
} }
public function getPublicDictionaryDetails ($dictionary_hash) { public function getPublicDictionaryDetails ($dictionary) {
$dictionary = $this->token->unhash($dictionary_hash); if (is_numeric($dictionary)) {
if ($dictionary !== false) {
$query = "SELECT d.*, dl.*, u.public_name FROM dictionaries d JOIN dictionary_linguistics dl ON dl.dictionary = d.id JOIN users u ON u.id = d.user WHERE d.id=? AND d.is_public=1"; $query = "SELECT d.*, dl.*, u.public_name FROM dictionaries d JOIN dictionary_linguistics dl ON dl.dictionary = d.id JOIN users u ON u.id = d.user WHERE d.id=? AND d.is_public=1";
$result = $this->db->query($query, array($dictionary))->fetch(); $result = $this->db->query($query, array($dictionary))->fetch();
if ($result) { if ($result) {
@ -98,7 +97,7 @@ VALUES ($new_id, ?, ?, ?, ?)";
$partsOfSpeech = $result['parts_of_speech'] !== '' ? $result['parts_of_speech'] : $this->defaults['partsOfSpeech']; $partsOfSpeech = $result['parts_of_speech'] !== '' ? $result['parts_of_speech'] : $this->defaults['partsOfSpeech'];
return array( return array(
'externalID' => $this->token->hash($result['id']), 'externalID' => $result['id'],
'name' => $result['name'], 'name' => $result['name'],
'specification' => $result['specification'], 'specification' => $result['specification'],
'description' => $result['description'], 'description' => $result['description'],
@ -138,9 +137,8 @@ VALUES ($new_id, ?, ?, ?, ?)";
return false; return false;
} }
public function getPublicDictionaryWords ($dictionary_hash) { public function getPublicDictionaryWords ($dictionary) {
$dictionary = $this->token->unhash($dictionary_hash); if (is_numeric($dictionary)) {
if ($dictionary !== false) {
$query = "SELECT words.* FROM words JOIN dictionaries ON id = dictionary WHERE dictionary=? AND is_public=1"; $query = "SELECT words.* FROM words JOIN dictionaries ON id = dictionary WHERE dictionary=? AND is_public=1";
$results = $this->db->query($query, array($dictionary))->fetchAll(); $results = $this->db->query($query, array($dictionary))->fetchAll();
if ($results) { if ($results) {
@ -169,7 +167,7 @@ VALUES ($new_id, ?, ?, ?, ?)";
$partsOfSpeech = $result['parts_of_speech'] !== '' ? $result['parts_of_speech'] : $this->defaults['partsOfSpeech']; $partsOfSpeech = $result['parts_of_speech'] !== '' ? $result['parts_of_speech'] : $this->defaults['partsOfSpeech'];
return array( return array(
'externalID' => $this->token->hash($result['id']), 'externalID' => $result['id'],
'name' => $result['name'], 'name' => $result['name'],
'specification' => $result['specification'], 'specification' => $result['specification'],
'description' => $result['description'], 'description' => $result['description'],

7
src/php/api/User.php
View File

@ -146,12 +146,11 @@ VALUES (?, ?, ?, ?, ?)';
); );
} }
public function changeCurrentDictionary ($token, $dictionary_hash) { public function changeCurrentDictionary ($token, $dictionary_id) {
$user_data = $this->token->decode($token); $user_data = $this->token->decode($token);
if ($user_data !== false) { if ($user_data !== false) {
$id = $user_data->id; $id = $user_data->id;
$dictionary_id = $this->token->unhash($dictionary_hash); if (is_numeric($dictionary_id)) {
if ($dictionary_id !== false) {
$changed_dictionary = $this->dictionary->changeCurrent($id, $dictionary_id); $changed_dictionary = $this->dictionary->changeCurrent($id, $dictionary_id);
if ($changed_dictionary !== false) { if ($changed_dictionary !== false) {
$new_token = $this->generateUserToken($id, $changed_dictionary); $new_token = $this->generateUserToken($id, $changed_dictionary);
@ -196,7 +195,7 @@ VALUES (?, ?, ?, ?, ?)';
$details_updated = $this->dictionary->setDetails($user, $dictionary, $dictionary_data['details']); $details_updated = $this->dictionary->setDetails($user, $dictionary, $dictionary_data['details']);
$words_updated = $this->dictionary->setWords($user, $dictionary, $dictionary_data['words']); $words_updated = $this->dictionary->setWords($user, $dictionary, $dictionary_data['words']);
if ($details_updated === true && $words_updated === true) { if ($details_updated === true && $words_updated === true) {
return $this->token->hash($dictionary); return $dictionary;
} }
return array( return array(
'error' => ($details_updated !== true ? $details_updated . ' ' : '') . ($words_updated !== true ? $words_updated : ''), 'error' => ($details_updated !== true ? $details_updated . ' ' : '') . ($words_updated !== true ? $words_updated : ''),