Adding and removing participants from messaging

Right now anyone can add more people to thread. If there are more than 2 people on a thread user can remove themselves from the thread.
StorytellerCZ · Jun 22, 2014 · e2fc4cd · e2fc4cd
1 parent c4d32a9
commit e2fc4cd
Show file tree

Hide file tree

Showing 19 changed files with 175 additions and 73 deletions.
diff --git a/application/controllers/pm/Message.php b/application/controllers/pm/Message.php
@@ -101,6 +101,95 @@ function index($id = NULL)
         $data['content'] = $this->load->view('pm/message', isset($data) ? $data : NULL, TRUE);
         $this->load->view('template', $data);
     }
+
+    /**
+     * Add participant to a thread
+     * @param int $id Thread ID
+     */
+    public function add_participant($id)
+    {
+        $data = $this->authentication->initialize(TRUE, 'pm/message/add_participant/'.$id, NULL, 'msg_use');
+
+        //check that the user can do this
+        $participants = $this->mahana_messaging->get_participant_list($id)['retval'];
+        $allowed = FALSE;
+        foreach($participants AS $participant)
+        {
+            if($participant['user_id'] == $data['account']->id)
+            {
+                $allowed = TRUE;
+            }
+        }
+
+        if($allowed == FALSE)
+        {
+            $this->session->set_flashdata(array('message' => lang('pm_action_not_allowed'), 'message_type' => 'danger'));
+            redirect(base_url('pm/message/'.$id));
+        }
+
+        $this->form_validation->set_rules('msg-add-participants', 'lang:pm_participant_wrong', 'required|trim|alpha_dash|xss_clean');
+        if($this->form_validation->run())
+        {
+            $users = $this->input->post('msg-add-participants', TRUE);
+
+            //now separate users by ',' into array
+            $user_array = explode(',', trim($users));
+            $user_ids = $this->mahana_messaging->usernames_to_ids($user_array);
+            if($user_ids)
+            {
+                foreach($user_ids AS $user)
+                {
+                    $this->mahana_messaging->add_participant($id, $user);
+                }
+            }
+            else
+            {
+                $this->session->set_flashdata(array('message' => lang('pm_participant_wrong'), 'message_type' => 'danger'));
+            }
+        }
+        else
+        {
+            $this->session->set_flashdata(array('message' => lang('pm_participant_wrong'), 'message_type' => 'danger'));
+        }
+        redirect(base_url('pm/message/'.$id));
+    }
+
+    /**
+     * Remove a participant from a thread
+     * @param int $id Thread ID
+     * @param int $user User ID
+     */
+    public function remove_participant($id, $user)
+    {
+        $data = $this->authentication->initialize(TRUE, 'pm/message/remove_participant/'.$id.'/'.$user, NULL, 'msg_use');
+
+        //check that the user can do this
+        if($data['account']->id != $user)
+        {
+            $this->session->set_flashdata(array('message' => lang('pm_action_not_allowed'), 'message_type' => 'danger'));
+            redirect(base_url('pm/message/'.$id));
+        }
+
+        $error = $this->mahana_messaging->remove_participant($id, $user);
+        if($error['err'] == 1)
+        {
+            $this->session->set_flashdata(array('message' => $error['msg'], 'message_type' => 'danger'));
+        }
+        elseif($error['err'] == 0)
+        {
+            $this->session->set_flashdata(array('message' => $error['msg'], 'message_type' => 'success'));
+        }
+
+        if($data['account']->id == $user)
+        {
+            redirect(base_url('pm'));
+        }
+        else
+        {
+            redirect(base_url('pm/message/'.$id));
+        }
+
+    }
 }
 /* End of file Message.php */
 /* Location: ./application/controllers/pm/Message.php */
diff --git a/application/controllers/pm/Overview.php b/application/controllers/pm/Overview.php
@@ -72,7 +72,7 @@ function index()
                 $text = $this->input->post('msg-text', TRUE);
 
                 //convert usernames to ids
-                //@todo check for multiple recipients and convert to array if needed
+                $recipients = explode(',', $recipients);
                 $recipients = $this->mahana_messaging->usernames_to_ids($recipients);
 
                 //submit

diff --git a/application/language/english/pm/pm_lang.php b/application/language/english/pm/pm_lang.php
@@ -14,4 +14,10 @@
 $lang['pm_from_you'] = "You";
 $lang['pm_participants'] = "Participants";
 $lang['pm_participant_add'] = "Add participant";
-$lang['pm_reply'] = "Reply";
+$lang['pm_reply'] = "Reply";
+$lang['pm_participant_wrong'] = "This user does not exists.";
+$lang['pm_add_participants'] = "Add users to this converstaion";
+$lang['pm_add_users'] = "Add users";
+$lang['pm_remove_user'] = "Remove this user from this conversation";
+$lang['pm_remove_participant'] = "Remove from this conversation";
+$lang['pm_action_not_allowed'] = "You are not allowed to perform this action.";
diff --git a/application/libraries/pm/Mahana_messaging.php b/application/libraries/pm/Mahana_messaging.php
@@ -363,7 +363,7 @@ function get_participant_list($thread_id, $sender_id = 0)
             return $this->_invalid_id(MSG_ERR_INVALID_THREAD_ID);
         }
 
-        if ($participants = $this->ci->Mahana_model-> get_participant_list($thread_id, $sender_id))
+        if ($participants = $this->ci->Mahana_model->get_participant_list($thread_id, $sender_id))
         {
             return $this->_success($participants);
         }
@@ -416,7 +416,7 @@ function usernames_to_ids($usernames)
                 $user = $this->ci->Account_model->get_by_username($username);
                 if(isset($user->id))
                 {
-                    $return[$user->id];
+                    $return[$user->id] = $user->id;
                 }
             }
             return $return;

diff --git a/application/models/pm/Mahana_model.php b/application/models/pm/Mahana_model.php
@@ -558,8 +558,14 @@ private function _delete_statuses($thread_id, $user_id)
     {
         $this->db->join($this->db->dbprefix . 'msg_messages',
                         $this->db->dbprefix . 'msg_messages.id = '.$this->db->dbprefix . 'msg_status.message_id');
-        $this->db->delete($this->db->dbprefix . 'msg_status', array($this->db->dbprefix .'msg_messages.thread_id' => $thread_id, $this->db->dbprefix . 'msg_status.user_id' => $user_id));
-
+        $list = $this->db->get_where($this->db->dbprefix . 'msg_status', array($this->db->dbprefix . 'msg_messages.thread_id' => $thread_id, $this->db->dbprefix . 'msg_status.user_id' => $user_id))->result();
+
+        foreach($list AS $item)
+        {
+            $this->db->where(array('message_id' => $item->message_id, 'user_id' => $item->user_id));
+        }
+        $this->db->delete($this->db->dbprefix . 'msg_status');
+
         return TRUE;
     }
 }

diff --git a/application/views/forums/talk.php b/application/views/forums/talk.php
@@ -34,44 +34,6 @@
         <h1><?php echo $thread->title; ?></h1>
     </div>
 
-    <!--
-    <link rel="stylesheet" href="<?php echo base_url(); ?>resources/jquery/jwysiwyg/jquery.wysiwyg.css"/>
-    <script src="<?php echo base_url(); ?>resources/jquery/jwysiwyg/jquery.wysiwyg.js" charset="utf-8"></script>
-    <script src="<?php echo base_url(); ?>resources/jquery/jwysiwyg/controls/wysiwyg.link.js" charset="utf-8"></script>
-
-    <script>
-        controlValue = {
-                justifyLeft: { visible : false },
-                justifyCenter: { visible : false },
-                justifyRight: { visible : false },
-                justifyFull: { visible : false },
-                insertHorizontalRule: { visible: false },
-                insertTable: { visible: false },
-                insertImage: { visible: false },
-                h1: { visible: false },
-                h2: { visible: false },
-                h3: { visible: false }
-            };
-            cssValue = {
-                fontFamily: 'Verdana',
-                fontSize: '13px'
-            };
-        $(document).ready(function(){
-            $('#textpost').wysiwyg({
-                initialContent: '', html: '',
-                controls: controlValue,
-                css: cssValue,
-                autoGrow: true
-            });
-
-            $('.textpostreply').wysiwyg({
-                initialContent: '', html: '',
-                controls: controlValue,
-                css: cssValue
-            });
-        });
-    </script>
-    -->
     <?php foreach ($posts as $post): ?>
         <div class="well">
             <?php echo $post->post; ?><br/><br/>

diff --git a/application/views/pm/message.php b/application/views/pm/message.php
@@ -1,9 +1,9 @@
-<div class="col-lg-12">
+<div class="col-sm-12">
     <div class="page-header">
         <h1><?php echo $thread[0]['subject']; ?>
         <?php echo anchor('pm', '<span class="glyphicon glyphicon-arrow-left"></span> ' . lang('pm_back_to_overview'), array('class' => 'btn btn-default pull-right')) ?></h1>
     </div>
-    <div class="col-lg-10">
+    <div class="col-sm-9">
     <?php //print_r($thread);
     foreach($thread as $message)
     {
@@ -20,17 +20,17 @@
         <?php
     }
     echo "<h4>" . lang('pm_reply') . "</h4>";
-    echo form_open('', array('role' => 'form'), array('msg-subject' => $thread[0]['subject'], 'msg-reply-id' => $thread[0]['id']));
+    echo form_open(uri_string(), array('role' => 'form'), array('msg-subject' => $thread[0]['subject'], 'msg-reply-id' => $thread[0]['id']));
         echo form_label(lang('pm_text'), 'msg-text');
         echo form_error('msg-text', '<div class="error">', '</div>');
         echo form_textarea(array('name' => 'msg-text', 'id' => 'msg-text', 'class' => 'form-control'));
-        echo form_submit(array('name' => 'msg-reply', 'class' => "btn btn-success pull-right"), lang('pm_msg_send'));
+        echo form_submit(array('name' => 'msg-reply', 'class' => "btn btn-lg btn-success pull-right"), lang('pm_msg_send'));
     echo form_close();
     ?>
     </div>
 
     <!-- Management of participants -->
-    <div class="col-lg-2">
+    <div class="col-sm-3">
         <div class="panel panel-default">
             <div class="panel-heading">
                 <h3 class="panel-title"><?php echo lang('pm_participants'); ?></h3>
@@ -40,25 +40,36 @@
                 <?php
                 foreach($participants as $participant)
                 {
-                    //@todo add functionality to remove participants
-                    //first need to figure out who is going to have the priviledge to remove people from 3+ debates
-                    //also everyone should have the option to remove themselves from 3+ debates
-                    if($participant['user_id'] != $account->id)
+                    //@todo need to figure out who is going to have the priviledge to remove people from 3+ debates
+                    //everyone should have the option to remove themselves from 3+ debates
+                    if(count($participants) > 2)
                     {
-                        $badge = NULL;
+                        if($participant['user_id'] == $account->id)
+                        {
+                            $badge = anchor(base_url('pm/message/remove_participant/'.$thread[0]['thread_id'].'/'.$participant['user_id']), '<span class="glyphicon glyphicon-minus"></span>', array('class' => 'badge pull-right'));
+                        }
+                        else
+                        {
+                            $badge = NULL;
+                        }
                     }
                     else
                     {
-                        $badge = '<span class="badge glyphicon glyphicon-minus"></span>';
+                        $badge = NULL;
                     }
 
-                    echo '<li class="list-group-item" id="'.$participant['user_id'].'">'. $badge . $participant['username'].'</li>';
+                    echo '<li class="list-group-item" id="'.$participant['user_id'].'">' . $participant['username'] . ' ' . $badge .'</li>';
                 }
                 ?>
                 </ul>
             </div>
             <div class="panel-footer">
                 <?php
+                    echo form_open(base_url('pm/message/add_participant/'.$thread[0]['id']), array('role' => 'form')) . '<div class="form-group">';
+                    echo form_label(lang('pm_add_participants'), 'msg-add-participants');
+                    echo form_input(array('name' => 'msg-add-participants', 'id' => 'msg-add-participants', 'class' => 'form-control')) . '</div>';
+                    echo form_submit(array('class' => 'btn btn-success'), lang('pm_add_users'));
+                    echo form_close();
                     //@todo
                     //echo anchor('#', lang('pm_participant_add'), array('class' => 'btn btn-success'));
                 ?>

diff --git a/system/core/compat/password.php b/system/core/compat/password.php
@@ -145,7 +145,10 @@ function password_hash($password, $algo, array $options = array())
 		}
 
 		isset($options['cost']) OR $options['cost'] = 10;
-		return crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt']));
+
+		return (strlen($password = crypt($password, sprintf('$2y$%02d$%s', $options['cost'], $options['salt']))) === 60)
+			? $password
+			: FALSE;
 	}
 }
 

diff --git a/system/libraries/Encryption.php b/system/libraries/Encryption.php
@@ -309,6 +309,21 @@ protected function _openssl_initialize($params)
 
 	// --------------------------------------------------------------------
 
+	/**
+	 * Create a random key
+	 *
+	 * @param	int	$length	Output length
+	 * @return	string
+	 */
+	public function create_key($length)
+	{
+		return ($this->_driver === 'mcrypt')
+			? mcrypt_create_iv($length, MCRYPT_DEV_URANDOM)
+			: openssl_random_pseudo_bytes($length);
+	}
+
+	// --------------------------------------------------------------------
+
 	/**
 	 * Encrypt
 	 *

diff --git a/user_guide_src/build/doctrees/environment.pickle b/user_guide_src/build/doctrees/environment.pickle
diff --git a/user_guide_src/build/doctrees/libraries/encryption.doctree b/user_guide_src/build/doctrees/libraries/encryption.doctree
diff --git a/user_guide_src/build/html/genindex.html b/user_guide_src/build/html/genindex.html
@@ -29,7 +29,7 @@
 	<body>
 		<div id="table-contents">
 			<div class="toctree-wrapper compound">
-			<function <lambda> at 0x2b9e15dfe050>
+			<function <lambda> at 0x2b35255d5398>
 			</div>
 		</div>
 

diff --git a/user_guide_src/build/html/index.html b/user_guide_src/build/html/index.html
@@ -29,7 +29,7 @@
 	<body>
 		<div id="table-contents">
 			<div class="toctree-wrapper compound">
-			<function <lambda> at 0x2b9e15d98500>
+			<function <lambda> at 0x2b3526805500>
 			</div>
 		</div>
 

diff --git a/user_guide_src/build/html/libraries/encryption.html b/user_guide_src/build/html/libraries/encryption.html
@@ -31,7 +31,7 @@
 	<body>
 		<div id="table-contents">
 			<div class="toctree-wrapper compound">
-			<function <lambda> at 0x2b9e15e3a938>
+			<function <lambda> at 0x2b35264d51b8>
 			</div>
 		</div>
 
@@ -161,12 +161,17 @@ <h3><a class="toc-backref" href="#id5">Setting your encryption_key</a><a class="
 your server is not totally under your control it&#8217;s impossible to ensure
 key security so you may want to think carefully before using it for
 anything that requires high security, like storing credit card numbers.</p>
-<p>Your encryption key should be as long as the encyption algorithm in use
-allows. For AES-128, that&#8217;s 128 bits or 16 bytes (charcters) long. The
-key should be as random as possible and it should <strong>not</strong> be a simple
-text string.</p>
-<p>You will find a table below that shows the supported key lengths of
+<p>Your encryption key <strong>must</strong> be as long as the encyption algorithm in use
+allows. For AES-128, that&#8217;s 128 bits or 16 bytes (charcters) long.
+You will find a table below that shows the supported key lengths of
 different ciphers.</p>
+<p>The key should be as random as possible and it <strong>must not</strong> be a regular
+text string, nor the output of a hashing function, etc. In order to create
+a proper key, you must use the Encryption library&#8217;s <tt class="docutils literal"><span class="pre">create_key()</span></tt> method</p>
+<div class="highlight-ci"><div class="highlight"><pre><span class="c1">// $key will be assigned a 16-byte (128-bit) random key</span>
+<span class="nv">$key</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">encryption</span><span class="o">-&gt;</span><span class="na">create_key</span><span class="p">(</span><span class="mi">16</span><span class="p">);</span>
+</pre></div>
+</div>
 <p>The key can be either stored in your <em>application/config/config.php</em>, or
 you can design your own storage mechanism and pass the key dynamically
 when encrypting/decrypting.</p>

diff --git a/user_guide_src/build/html/libraries/index.html b/user_guide_src/build/html/libraries/index.html
@@ -30,7 +30,7 @@
 	<body>
 		<div id="table-contents">
 			<div class="toctree-wrapper compound">
-			<function <lambda> at 0x2b9e15dfede8>
+			<function <lambda> at 0x2b3526874b18>
 			</div>
 		</div>
 

diff --git a/user_guide_src/build/html/objects.inv b/user_guide_src/build/html/objects.inv
diff --git a/user_guide_src/build/html/search.html b/user_guide_src/build/html/search.html
@@ -36,7 +36,7 @@
 	<body>
 		<div id="table-contents">
 			<div class="toctree-wrapper compound">
-			<function <lambda> at 0x2b9e15dfe050>
+			<function <lambda> at 0x2b35255d5398>
 			</div>
 		</div>
 

diff --git a/user_guide_src/build/html/searchindex.js b/user_guide_src/build/html/searchindex.js